5.8
高危
51 个模型检测该样本为恶意!
重新分析
更多

1ca43657ade9aeaab28246ec2920bbb2938d52ed73c6655f8e03c0a588a419b6

d0434b0b7b9a0f93add634aec57512f2.exe

分析耗时

76s

最近分析

文件大小

970.5KB
静态报毒 动态报毒 BSCOPE CLASSIC DADAQ DOWNLOADER34 EMOTET EPAZ GENERICKD GENETIC GENKRYPTIK HFHN HIGH CONFIDENCE HPWJDE KRYPTIK MALWARE@#BPS0FIJOLZKZ PWXN R + TROJ R346629 SCORE THHODBO UNSAFE XMVURAZ6FBY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRI!D0434B0B7B9A 20201211 6.0.6.653
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20201210 21.1.5827.0
Alibaba Trojan:Win32/Emotet.08cd23df 20190527 0.3.0.5
Kingsoft 20201211 2017.9.26.565
CrowdStrike 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619910867.466689
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1619910851.560689
CryptGenKey
crypto_handle: 0x02630f90
algorithm_identifier: 0x0000660e ()
provider_handle: 0x02630b88
flags: 1
key: fǍšl®˜QÛ;~W 
success 1 0
1619910867.482689
CryptExportKey
crypto_handle: 0x02630f90
crypto_export_handle: 0x02630f50
buffer: f¤VZT븁Ðí\„ÍÊOúcÍ0X¾×p«7eY}0½Æ®™Ò ˆölÈàO‚®TĆnM(øð>žN´i‚X¿¨ß=@=‹æñ0Ì!¡Æ2ð]Lû{‚à¿°K­—ÐÚ)ƒÆ
blob_type: 1
flags: 64
success 1 0
1619910904.013689
CryptExportKey
crypto_handle: 0x02630f90
crypto_export_handle: 0x02630f50
buffer: f¤‹TçO«O0ä¨)Dí# ö~XNb՜ýYÐ\ñü“~ÉogÇa$ۆYÓ0ÎäD})]¢¡<†KõǬbuÿ€Õ„\ÄgëÔçK¬àäJFò͔ãÔ:×cřÏ
blob_type: 1
flags: 64
success 1 0
This executable has a PDB path (1 个事件)
pdb_path c:\Users\User\Desktop\2008\30.7.20\TabDrives\TabDrives\Release\TabDrives.pdb
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619910850.982689
NtAllocateVirtualMemory
process_identifier: 2344
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003f0000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619910867.982689
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process d0434b0b7b9a0f93add634aec57512f2.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619910867.669689
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 187.64.128.197
host 198.57.203.63
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619910870.576689
RegSetValueExA
key_handle: 0x000003ac
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619910870.576689
RegSetValueExA
key_handle: 0x000003ac
value: FWhâ>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619910870.576689
RegSetValueExA
key_handle: 0x000003ac
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619910870.576689
RegSetValueExW
key_handle: 0x000003ac
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619910870.576689
RegSetValueExA
key_handle: 0x000003c4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619910870.576689
RegSetValueExA
key_handle: 0x000003c4
value: FWhâ>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619910870.576689
RegSetValueExA
key_handle: 0x000003c4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619910870.591689
RegSetValueExW
key_handle: 0x000003a8
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 187.64.128.197:80
File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.43587152
FireEye Trojan.GenericKD.43587152
Qihoo-360 Generic/Trojan.50c
McAfee Emotet-FRI!D0434B0B7B9A
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Trojan ( 0056bee11 )
BitDefender Trojan.GenericKD.43587152
K7GW Trojan ( 0056bee11 )
Cyren W32/Trojan.PWXN-5522
Symantec Packed.Generic.554
APEX Malicious
Avast Win32:Malware-gen
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.pef
Alibaba Trojan:Win32/Emotet.08cd23df
NANO-Antivirus Trojan.Win32.Emotet.hpwjde
AegisLab Trojan.Multi.Generic.4!c
Ad-Aware Trojan.GenericKD.43587152
Emsisoft Trojan.Emotet (A)
Comodo Malware@#bps0fijolzkz
F-Secure Trojan.TR/AD.Emotet.dadaq
DrWeb Trojan.DownLoader34.14057
Zillya Backdoor.Emotet.Win32.842
TrendMicro TrojanSpy.Win32.EMOTET.THHODBO
McAfee-GW-Edition BehavesLike.Win32.Emotet.dh
Sophos Mal/Generic-R + Troj/Emotet-CKN
Ikarus Trojan-Banker.Emotet
Jiangmin Trojan.Banker.Emotet.oac
Avira TR/AD.Emotet.dadaq
Antiy-AVL Trojan[Banker]/Win32.Emotet
Microsoft Trojan:Win32/Emotet.ARJ!MTB
Gridinsoft Trojan.Win32.Emotet.oa
Arcabit Trojan.Generic.D2991650
ZoneAlarm HEUR:Trojan-Banker.Win32.Emotet.pef
GData Trojan.GenericKD.43587152
Cynet Malicious (score: 85)
AhnLab-V3 Trojan/Win32.Emotet.R346629
ALYac Trojan.GenericKD.43587152
TACHYON Trojan/W32.Agent.993792.AK
VBA32 BScope.Trojan.Emotet
Malwarebytes Trojan.Emotet
Panda Trj/Genetic.gen
ESET-NOD32 a variant of Win32/Kryptik.HFHN
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMV.hp
Rising Trojan.Kryptik!1.C71F (CLASSIC)
Yandex Trojan.Kryptik!xmvuRaz6fbY
Fortinet W32/GenKryptik.EPAZ!tr
AVG Win32:Malware-gen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-31 20:42:43

Imports

Library KERNEL32.dll:
0x49e208 TerminateProcess
0x49e214 IsDebuggerPresent
0x49e218 GetACP
0x49e21c IsValidCodePage
0x49e220 LCMapStringA
0x49e224 LCMapStringW
0x49e22c GetStdHandle
0x49e240 SetHandleCount
0x49e244 GetFileType
0x49e248 HeapCreate
0x49e24c HeapDestroy
0x49e250 VirtualFree
0x49e254 HeapSize
0x49e25c FatalAppExitA
0x49e268 GetStringTypeA
0x49e26c GetStringTypeW
0x49e270 GetUserDefaultLCID
0x49e274 EnumSystemLocalesA
0x49e278 IsValidLocale
0x49e27c GetConsoleCP
0x49e280 GetConsoleMode
0x49e284 GetLocaleInfoW
0x49e288 SetStdHandle
0x49e28c WriteConsoleA
0x49e290 GetConsoleOutputCP
0x49e294 WriteConsoleW
0x49e298 CompareStringW
0x49e2a0 CreateThread
0x49e2a4 ExitThread
0x49e2a8 SizeofResource
0x49e2ac Sleep
0x49e2b0 HeapReAlloc
0x49e2b4 VirtualQuery
0x49e2b8 GetSystemInfo
0x49e2bc VirtualAlloc
0x49e2c0 VirtualProtect
0x49e2c4 HeapFree
0x49e2c8 HeapAlloc
0x49e2cc GetStartupInfoA
0x49e2d0 GetCommandLineA
0x49e2d4 GetDateFormatA
0x49e2d8 GetTimeFormatA
0x49e2dc RaiseException
0x49e2e0 RtlUnwind
0x49e2e4 GetProfileIntA
0x49e2e8 GetTickCount
0x49e2ec SetErrorMode
0x49e2f0 GetFileSizeEx
0x49e2f4 SetFileAttributesA
0x49e2fc CreateFileA
0x49e300 GetShortPathNameA
0x49e308 DuplicateHandle
0x49e30c GetFileSize
0x49e310 SetEndOfFile
0x49e314 UnlockFile
0x49e318 LockFile
0x49e31c FlushFileBuffers
0x49e320 SetFilePointer
0x49e324 WriteFile
0x49e328 ReadFile
0x49e32c lstrcmpiA
0x49e330 GetStringTypeExA
0x49e334 DeleteFileA
0x49e338 MoveFileA
0x49e344 GetThreadLocale
0x49e348 GetModuleHandleW
0x49e34c GetAtomNameA
0x49e350 GetOEMCP
0x49e354 GetCPInfo
0x49e35c TlsFree
0x49e364 LocalReAlloc
0x49e368 TlsSetValue
0x49e36c TlsAlloc
0x49e374 GlobalHandle
0x49e378 GlobalReAlloc
0x49e380 TlsGetValue
0x49e388 LocalAlloc
0x49e38c GlobalFlags
0x49e390 GetDiskFreeSpaceA
0x49e394 GetFullPathNameA
0x49e398 GetTempFileNameA
0x49e39c GetFileTime
0x49e3a0 SetFileTime
0x49e3a4 GetFileAttributesA
0x49e3b8 GetModuleFileNameW
0x49e3bc CreateEventA
0x49e3c0 SuspendThread
0x49e3c4 SetEvent
0x49e3c8 WaitForSingleObject
0x49e3cc ResumeThread
0x49e3d0 SetThreadPriority
0x49e3d4 GetCurrentThread
0x49e3e0 GetModuleFileNameA
0x49e3e4 GetLocaleInfoA
0x49e3e8 InterlockedExchange
0x49e3ec lstrcmpA
0x49e3f0 GlobalFree
0x49e3f4 CopyFileA
0x49e3f8 GlobalSize
0x49e3fc GlobalAlloc
0x49e400 FormatMessageA
0x49e404 LocalFree
0x49e408 lstrlenW
0x49e40c MulDiv
0x49e410 GetCurrentThreadId
0x49e414 GlobalFindAtomA
0x49e418 GlobalDeleteAtom
0x49e41c FreeLibrary
0x49e420 CompareStringA
0x49e424 lstrcmpW
0x49e428 GetVersionExA
0x49e42c FreeResource
0x49e430 lstrlenA
0x49e434 GlobalLock
0x49e438 GlobalUnlock
0x49e43c GetCurrentProcessId
0x49e440 GlobalGetAtomNameA
0x49e444 GlobalAddAtomA
0x49e448 MultiByteToWideChar
0x49e44c GetLogicalDrives
0x49e450 FindNextFileA
0x49e454 FindClose
0x49e458 GetDriveTypeA
0x49e45c lstrcpyA
0x49e460 FindFirstFileA
0x49e464 CloseHandle
0x49e468 GetLastError
0x49e46c SetLastError
0x49e470 GetModuleHandleA
0x49e474 LoadLibraryA
0x49e480 ExitProcess
0x49e484 LoadLibraryExW
0x49e488 GetProcAddress
0x49e48c LoadLibraryExA
0x49e490 GetCurrentProcess
0x49e494 WideCharToMultiByte
0x49e498 FindResourceA
0x49e49c LoadResource
0x49e4a0 LockResource
Library USER32.dll:
0x49e58c MessageBeep
0x49e590 GetNextDlgGroupItem
0x49e594 SetCapture
0x49e598 InvalidateRgn
0x49e5a0 CharNextA
0x49e5a4 UnregisterClassA
0x49e5a8 GetDialogBaseUnits
0x49e5ac CharUpperA
0x49e5b0 DestroyIcon
0x49e5b4 WindowFromPoint
0x49e5b8 KillTimer
0x49e5bc SetTimer
0x49e5c0 UnionRect
0x49e5c4 SetParent
0x49e5c8 IsRectEmpty
0x49e5cc GetSysColorBrush
0x49e5d0 LoadCursorA
0x49e5d4 DestroyCursor
0x49e5d8 GetMenuItemInfoA
0x49e5dc InflateRect
0x49e5e0 EndPaint
0x49e5e4 BeginPaint
0x49e5e8 GetWindowDC
0x49e5ec ClientToScreen
0x49e5f0 GrayStringA
0x49e5f4 DrawTextExA
0x49e5f8 DrawTextA
0x49e5fc TabbedTextOutA
0x49e600 FillRect
0x49e608 MapDialogRect
0x49e610 GetNextDlgTabItem
0x49e614 EndDialog
0x49e618 ShowOwnedPopups
0x49e61c GetMessageA
0x49e620 TranslateMessage
0x49e624 GetCursorPos
0x49e628 ValidateRect
0x49e62c PostQuitMessage
0x49e630 GetMenuStringA
0x49e634 InsertMenuA
0x49e638 RemoveMenu
0x49e63c MapVirtualKeyA
0x49e640 GetKeyNameTextA
0x49e644 ScrollWindowEx
0x49e648 MoveWindow
0x49e64c SetWindowTextA
0x49e650 IsDialogMessageA
0x49e654 IsDlgButtonChecked
0x49e658 SetDlgItemTextA
0x49e65c SetDlgItemInt
0x49e660 GetDlgItemTextA
0x49e664 GetDlgItemInt
0x49e668 CheckRadioButton
0x49e66c CheckDlgButton
0x49e670 SetMenuItemBitmaps
0x49e678 LoadBitmapA
0x49e67c ModifyMenuA
0x49e680 GetMenuState
0x49e684 EnableMenuItem
0x49e68c SendDlgItemMessageA
0x49e690 IsChild
0x49e694 SendNotifyMessageA
0x49e698 CallNextHookEx
0x49e69c GetClassLongA
0x49e6a0 SetPropA
0x49e6a4 GetPropA
0x49e6a8 RemovePropA
0x49e6ac GetFocus
0x49e6b4 GetWindowTextA
0x49e6b8 GetForegroundWindow
0x49e6bc DispatchMessageA
0x49e6c0 BeginDeferWindowPos
0x49e6c4 EndDeferWindowPos
0x49e6c8 GetTopWindow
0x49e6cc DestroyWindow
0x49e6d0 UnhookWindowsHookEx
0x49e6d4 GetMessageTime
0x49e6d8 GetMessagePos
0x49e6dc MapWindowPoints
0x49e6e0 ScrollWindow
0x49e6e4 TrackPopupMenuEx
0x49e6e8 TrackPopupMenu
0x49e6ec SetScrollRange
0x49e6f0 GetScrollRange
0x49e6f4 SetScrollPos
0x49e6f8 GetScrollPos
0x49e6fc SetForegroundWindow
0x49e700 ShowScrollBar
0x49e704 MessageBoxA
0x49e708 CreateWindowExA
0x49e70c GetClassInfoExA
0x49e710 RegisterClassA
0x49e714 AdjustWindowRectEx
0x49e718 ScreenToClient
0x49e71c DeferWindowPos
0x49e720 GetScrollInfo
0x49e724 SetScrollInfo
0x49e728 SetWindowPlacement
0x49e72c DefWindowProcA
0x49e730 CallWindowProcA
0x49e738 GetWindowPlacement
0x49e73c PtInRect
0x49e740 GetDC
0x49e744 ReleaseDC
0x49e748 GetWindowRect
0x49e74c IsZoomed
0x49e750 GetSystemMetrics
0x49e754 GetClassNameA
0x49e758 EnableWindow
0x49e75c SendMessageA
0x49e760 UpdateWindow
0x49e764 LoadIconA
0x49e768 GetSystemMenu
0x49e76c GetSysColor
0x49e770 UnpackDDElParam
0x49e774 ReuseDDElParam
0x49e778 LoadMenuA
0x49e77c DestroyMenu
0x49e780 GetMenuBarInfo
0x49e784 WinHelpA
0x49e788 SetWindowPos
0x49e78c SetFocus
0x49e794 GetActiveWindow
0x49e798 IsWindowEnabled
0x49e79c EqualRect
0x49e7a0 GetDlgItem
0x49e7a4 SetWindowLongA
0x49e7a8 WaitMessage
0x49e7b4 LockWindowUpdate
0x49e7b8 GetDCEx
0x49e7c0 PostThreadMessageA
0x49e7c4 CreateMenu
0x49e7c8 WindowFromDC
0x49e7cc InSendMessage
0x49e7d0 SetWindowRgn
0x49e7d4 SetWindowsHookExA
0x49e7d8 DrawIcon
0x49e7dc DeleteMenu
0x49e7e0 AppendMenuA
0x49e7e4 CheckMenuItem
0x49e7e8 GetMenuItemCount
0x49e7ec GetMenuItemID
0x49e7f0 GetSubMenu
0x49e7f4 GetClientRect
0x49e7fc IsWindow
0x49e800 GetWindowLongA
0x49e804 ShowWindow
0x49e808 GetWindow
0x49e80c GetDesktopWindow
0x49e810 SetMenu
0x49e814 PostMessageA
0x49e818 BringWindowToTop
0x49e81c GetLastActivePopup
0x49e820 GetMenu
0x49e824 CopyRect
0x49e828 SetRectEmpty
0x49e82c OffsetRect
0x49e830 IntersectRect
0x49e834 GetClassInfoA
0x49e838 CreatePopupMenu
0x49e83c InsertMenuItemA
0x49e840 IsIconic
0x49e844 InvalidateRect
0x49e848 IsWindowVisible
0x49e84c SetActiveWindow
0x49e850 GetParent
0x49e854 LoadAcceleratorsA
0x49e858 ReleaseCapture
0x49e85c GetCapture
0x49e860 PeekMessageA
0x49e864 SetCursor
0x49e868 GetKeyState
0x49e86c GetDlgCtrlID
0x49e870 SetRect
Library GDI32.dll:
0x49e044 RectVisible
0x49e048 TextOutA
0x49e04c ExtTextOutA
0x49e050 Escape
0x49e054 SetViewportOrgEx
0x49e058 OffsetViewportOrgEx
0x49e05c SetViewportExtEx
0x49e060 ScaleViewportExtEx
0x49e064 SetWindowOrgEx
0x49e068 OffsetWindowOrgEx
0x49e06c SetWindowExtEx
0x49e070 ScaleWindowExtEx
0x49e078 ArcTo
0x49e07c PolyDraw
0x49e080 PolylineTo
0x49e084 PolyBezierTo
0x49e088 ExtSelectClipRgn
0x49e090 CreatePatternBrush
0x49e094 GetStockObject
0x49e098 SelectPalette
0x49e09c PlayMetaFileRecord
0x49e0a0 GetObjectType
0x49e0a4 EnumMetaFile
0x49e0a8 PlayMetaFile
0x49e0ac PtVisible
0x49e0b0 ExtCreatePen
0x49e0b4 CreateSolidBrush
0x49e0b8 CreateHatchBrush
0x49e0bc GetViewportOrgEx
0x49e0c0 Rectangle
0x49e0c4 SetRectRgn
0x49e0c8 CombineRgn
0x49e0cc GetMapMode
0x49e0d0 GetBkColor
0x49e0d4 GetTextColor
0x49e0d8 GetRgnBox
0x49e0dc CreateEllipticRgn
0x49e0e0 LPtoDP
0x49e0e4 Ellipse
0x49e0e8 GetNearestColor
0x49e0ec GetBkMode
0x49e0f0 GetPolyFillMode
0x49e0f4 GetROP2
0x49e0f8 GetStretchBltMode
0x49e0fc GetTextAlign
0x49e100 GetTextFaceA
0x49e104 GetTextExtentPointA
0x49e108 GetWindowOrgEx
0x49e10c CreateMetaFileA
0x49e110 CloseMetaFile
0x49e114 DeleteMetaFile
0x49e118 BitBlt
0x49e11c GetPixel
0x49e120 GetWindowExtEx
0x49e124 GetViewportExtEx
0x49e128 SelectClipPath
0x49e12c CreateRectRgn
0x49e130 GetClipRgn
0x49e134 SelectClipRgn
0x49e138 SetColorAdjustment
0x49e13c SetArcDirection
0x49e140 SetMapperFlags
0x49e14c SetTextAlign
0x49e150 MoveToEx
0x49e154 CreatePen
0x49e158 CreateFontIndirectA
0x49e15c OffsetClipRgn
0x49e160 IntersectClipRect
0x49e164 ExcludeClipRect
0x49e168 SetMapMode
0x49e170 SetWorldTransform
0x49e174 SetGraphicsMode
0x49e178 SetStretchBltMode
0x49e17c SetROP2
0x49e180 SetPolyFillMode
0x49e184 SetBkMode
0x49e188 RestoreDC
0x49e18c SaveDC
0x49e190 EndDoc
0x49e194 AbortDoc
0x49e198 SetAbortProc
0x49e19c EndPage
0x49e1a0 StartPage
0x49e1a4 StartDocA
0x49e1a8 DPtoLP
0x49e1ac CreateDCA
0x49e1b0 CopyMetaFileA
0x49e1b4 GetDeviceCaps
0x49e1b8 PatBlt
0x49e1c0 CreateBitmap
0x49e1c4 SetBkColor
0x49e1c8 SetTextColor
0x49e1cc GetClipBox
0x49e1d0 GetDCOrgEx
0x49e1d4 StretchDIBits
0x49e1d8 DeleteDC
0x49e1dc GetObjectA
0x49e1e0 CreateFontA
0x49e1e4 GetCharWidthA
0x49e1e8 DeleteObject
0x49e1f0 GetTextMetricsA
0x49e1f4 SelectObject
0x49e1f8 CreateCompatibleDC
0x49e200 LineTo
Library COMDLG32.dll:
0x49e03c GetFileTitleA
Library WINSPOOL.DRV:
0x49e878 GetJobA
0x49e87c DocumentPropertiesA
0x49e880 ClosePrinter
0x49e884 OpenPrinterA
Library ADVAPI32.dll:
0x49e000 GetFileSecurityA
0x49e004 SetFileSecurityA
0x49e008 RegDeleteValueA
0x49e00c RegSetValueExA
0x49e010 RegCreateKeyExA
0x49e014 RegQueryValueA
0x49e018 RegOpenKeyA
0x49e01c RegEnumKeyA
0x49e020 RegDeleteKeyA
0x49e024 RegOpenKeyExA
0x49e028 RegQueryValueExA
0x49e02c RegSetValueA
0x49e030 RegCloseKey
0x49e034 RegCreateKeyA
Library SHELL32.dll:
0x49e558 SHGetFileInfoA
0x49e55c DragFinish
0x49e560 DragQueryFileA
0x49e564 ExtractIconA
0x49e568 ShellAboutA
Library SHLWAPI.dll:
0x49e574 PathFindFileNameA
0x49e578 PathStripToRootA
0x49e57c PathIsUNCA
0x49e580 PathFindExtensionA
0x49e584 PathRemoveFileSpecW
Library oledlg.dll:
0x49e9b0
Library ole32.dll:
0x49e890 OleCreate
0x49e894 OleLoad
0x49e8a0 OleCreateFromFile
0x49e8a4 OleCreateLinkToFile
0x49e8a8 OleGetIconOfClass
0x49e8ac CreateItemMoniker
0x49e8b4 OleIsRunning
0x49e8c0 CreateFileMoniker
0x49e8c4 CoGetMalloc
0x49e8c8 StgCreateDocfile
0x49e8cc StgOpenStorage
0x49e8d0 StgIsStorageFile
0x49e8dc OleGetClipboard
0x49e8e4 CoRevokeClassObject
0x49e8e8 OleSetClipboard
0x49e8f0 OleFlushClipboard
0x49e904 DoDragDrop
0x49e908 OleSave
0x49e914 OleUninitialize
0x49e918 OleRun
0x49e924 IsAccelerator
0x49e92c OleRegGetMiscStatus
0x49e930 OleRegEnumVerbs
0x49e934 CoInitializeEx
0x49e938 CoUninitialize
0x49e948 CoGetClassObject
0x49e94c CoCreateInstance
0x49e950 StringFromGUID2
0x49e954 CoDisconnectObject
0x49e958 CLSIDFromString
0x49e95c CLSIDFromProgID
0x49e960 OleDuplicateData
0x49e964 CoTaskMemAlloc
0x49e968 ReleaseStgMedium
0x49e96c CreateBindCtx
0x49e970 CoTreatAsClass
0x49e974 StringFromCLSID
0x49e978 ReadClassStg
0x49e97c ReadFmtUserTypeStg
0x49e980 OleRegGetUserType
0x49e984 WriteClassStg
0x49e988 WriteFmtUserTypeStg
0x49e98c SetConvertStg
0x49e990 CoTaskMemFree
0x49e994 OleCreateFromData
0x49e998 OleLockRunning
0x49e9a0 OleSaveToStream
0x49e9a4 OleInitialize
0x49e9a8 WriteClassStm
Library OLEAUT32.dll:
0x49e4ac SysAllocStringLen
0x49e4b0 VariantClear
0x49e4b4 VariantChangeType
0x49e4b8 VariantInit
0x49e4bc SysStringLen
0x49e4c0 SysFreeString
0x49e4c8 SysStringByteLen
0x49e4cc RegisterTypeLib
0x49e4d0 LoadTypeLib
0x49e4d4 LoadRegTypeLib
0x49e4dc SafeArrayAccessData
0x49e4e0 SafeArrayGetUBound
0x49e4e4 SafeArrayGetLBound
0x49e4ec SafeArrayGetDim
0x49e4f0 SafeArrayCreate
0x49e4f4 SafeArrayRedim
0x49e4f8 VariantCopy
0x49e4fc SafeArrayAllocData
0x49e504 SafeArrayCopy
0x49e508 SafeArrayGetElement
0x49e50c SafeArrayPtrOfIndex
0x49e510 SafeArrayPutElement
0x49e514 SafeArrayLock
0x49e518 SafeArrayUnlock
0x49e51c SafeArrayDestroy
0x49e530 SysReAllocStringLen
0x49e534 VarDateFromStr
0x49e538 VarBstrFromCy
0x49e53c VarBstrFromDec
0x49e540 VarDecFromStr
0x49e544 VarCyFromStr
0x49e54c SysAllocString
0x49e550 VarBstrFromDate

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.