6.8
高危
55 个模型检测该样本为恶意!
重新分析
更多

e360ae48e290725d7dbb83b1a845a961314e873b1b7165ce8e4686f444300368

d08a9e8c0b92460623029ea3483462b5.exe

分析耗时

77s

最近分析

文件大小

926.5KB
静态报毒 动态报毒 100% 5Y0@A4J5QVPK 6BHZRX4LT5D AI SCORE=80 CONFIDENCE DOWNLOADER34 ELDORADO EMOTET GENCIRC GENETIC GENKRYPTIK HFWW HGFT HIGH CONFIDENCE HSCKJH KCLOUD KRYPTIK MALWARE@#240RZD18PU22I MALWAREX QVM41 R348049 SCORE SMTHC SUSGEN THHAEBO UNSAFE ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRV!D08A9E8C0B92 20201231 6.0.6.653
Alibaba Trojan:Win32/Emotet.dedfcf41 20190527 0.3.0.5
Avast Win32:MalwareX-gen [Trj] 20201231 21.1.5827.0
Tencent Malware.Win32.Gencirc.10cde863 20201231 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft Win32.Hack.Emotet.cf.(kcloud) 20201231 2017.9.26.565
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619910863.812363
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1619910848.234363
CryptGenKey
crypto_handle: 0x003cd030
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00305b90
flags: 1
key: fÇP(}@-`Uìí£Ç
success 1 0
1619910863.828363
CryptExportKey
crypto_handle: 0x003cd030
crypto_export_handle: 0x003ccff0
buffer: f¤,Þ¬zVÄløfÚi­Œk«Ð -ãCCQ½ÛbVÿ[Uhù–Ú ĉÏ%nÜËc ëÿжÁW.Ë+•Ó'‚‘¥)‰žÃ‹%HøÝ?åõ†o‡EXei?'ØgÍW@¥h
blob_type: 1
flags: 64
success 1 0
1619910899.515363
CryptExportKey
crypto_handle: 0x003cd030
crypto_export_handle: 0x003ccff0
buffer: f¤’Ï*3}}úÍïwÀ@KºKÛ5n͋W²H¾+AQ`.˜q–i:†•kyÆÑj4#¾khV(#àû¤¾O^!CŠý‘‚㟿\2ºú~ŒÕ^ÆJ!©–F
blob_type: 1
flags: 64
success 1 0
1619910904.562363
CryptExportKey
crypto_handle: 0x003cd030
crypto_export_handle: 0x003ccff0
buffer: f¤<ôôqþ©ƒ&ÉøØ/“Y9™¼0ŽGŒIQ>¯Ì‹Ä­åvčS,£CtÃu± Ôeãy&švjýôܘ=eo ûóË vU.÷Hþ¯ùnþOÜa JËuŸ~›Yp
blob_type: 1
flags: 64
success 1 0
This executable has a PDB path (1 个事件)
pdb_path c:\Users\Mr.Anderson\Desktop\2008\14.8.20\ExpandingCheck_demo\ExpCheckTest\Release\ExpCheckTest.pdb
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .didat
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619910847.515363
NtAllocateVirtualMemory
process_identifier: 472
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01f20000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (2 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619910864.265363
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process d08a9e8c0b92460623029ea3483462b5.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619910863.937363
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 172.217.24.14
host 67.205.85.243
host 69.30.203.214
host 75.139.38.211
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619910866.843363
RegSetValueExA
key_handle: 0x000003bc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619910866.843363
RegSetValueExA
key_handle: 0x000003bc
value: jJÙ¾>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619910866.843363
RegSetValueExA
key_handle: 0x000003bc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619910866.843363
RegSetValueExW
key_handle: 0x000003bc
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619910866.843363
RegSetValueExA
key_handle: 0x000003d4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619910866.843363
RegSetValueExA
key_handle: 0x000003d4
value: jJÙ¾>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619910866.843363
RegSetValueExA
key_handle: 0x000003d4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619910866.875363
RegSetValueExW
key_handle: 0x000003b8
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 个事件)
Elastic malicious (high confidence)
DrWeb Trojan.DownLoader34.24339
MicroWorld-eScan Trojan.Emotet.AKA
FireEye Trojan.Emotet.AKA
McAfee Emotet-FRV!D08A9E8C0B92
Malwarebytes Trojan.MalPack.TRE
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/Emotet.dedfcf41
K7GW Riskware ( 0040eff71 )
Cybereason malicious.c0b924
Arcabit Trojan.Emotet.AKA
BitDefenderTheta Gen:NN.ZexaF.34700.5y0@a4j5Qvpk
Cyren W32/Emotet.APV.gen!Eldorado
Symantec Trojan.Emotet
APEX Malicious
Avast Win32:MalwareX-gen [Trj]
ClamAV Win.Trojan.Emotet-9629277-0
Kaspersky HEUR:Backdoor.Win32.Emotet.vho
BitDefender Trojan.Emotet.AKA
NANO-Antivirus Trojan.Win32.Emotet.hsckjh
Paloalto generic.ml
Tencent Malware.Win32.Gencirc.10cde863
Ad-Aware Trojan.Emotet.AKA
Emsisoft Trojan.Emotet (A)
Comodo Malware@#240rzd18pu22i
F-Secure Trojan.TR/AD.Emotet.amv
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.EMOTET.THHAEBO
McAfee-GW-Edition BehavesLike.Win32.Emotet.dm
Sophos Mal/Generic-S
Jiangmin Trojan.Banker.Emotet.ods
MaxSecure Trojan.Malware.105305615.susgen
Avira TR/AD.Emotet.amv
MAX malware (ai score=80)
Antiy-AVL Trojan/Win32.Generic
Kingsoft Win32.Hack.Emotet.cf.(kcloud)
Gridinsoft Trojan.Win32.Emotet.oa
Microsoft Trojan:Win32/Emotet!rfn
AegisLab Trojan.Win32.Emotet.L!c
ZoneAlarm HEUR:Backdoor.Win32.Emotet.vho
GData Trojan.Emotet.AKA
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Emotet.R348049
ALYac Trojan.Emotet.AKA
Cylance Unsafe
ESET-NOD32 a variant of Win32/Kryptik.HGFT
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMTHC
Rising Trojan.Emotet!8.B95 (TFE:5:6bHZrx4lt5D)
Ikarus Trojan-Banker.Emotet
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 69.30.203.214:8080
dead_host 192.168.56.101:49178
dead_host 75.139.38.211:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-15 02:33:07

Imports

Library KERNEL32.dll:
0x4a7e50 GetCommandLineA
0x4a7e54 GetStartupInfoA
0x4a7e58 HeapAlloc
0x4a7e5c HeapFree
0x4a7e60 RaiseException
0x4a7e64 Sleep
0x4a7e68 ExitThread
0x4a7e6c CreateThread
0x4a7e70 VirtualProtect
0x4a7e74 VirtualAlloc
0x4a7e78 GetSystemInfo
0x4a7e7c VirtualQuery
0x4a7e80 HeapReAlloc
0x4a7e84 HeapSize
0x4a7e88 TerminateProcess
0x4a7e94 IsDebuggerPresent
0x4a7e98 GetACP
0x4a7e9c IsValidCodePage
0x4a7ea0 LCMapStringW
0x4a7ea4 GetStdHandle
0x4a7eb8 SetHandleCount
0x4a7ebc RtlUnwind
0x4a7ec0 HeapCreate
0x4a7ec4 HeapDestroy
0x4a7ec8 VirtualFree
0x4a7ed0 GetTickCount
0x4a7ed8 FatalAppExitA
0x4a7ee8 LCMapStringA
0x4a7eec GetStringTypeA
0x4a7ef0 GetStringTypeW
0x4a7ef4 GetTimeFormatA
0x4a7ef8 GetDateFormatA
0x4a7efc GetUserDefaultLCID
0x4a7f00 EnumSystemLocalesA
0x4a7f04 IsValidLocale
0x4a7f08 GetLocaleInfoW
0x4a7f0c GetConsoleCP
0x4a7f10 GetConsoleMode
0x4a7f14 SetStdHandle
0x4a7f18 WriteConsoleA
0x4a7f1c GetConsoleOutputCP
0x4a7f20 WriteConsoleW
0x4a7f24 CompareStringW
0x4a7f2c GetFileTime
0x4a7f30 GetFileSizeEx
0x4a7f34 GetFileAttributesA
0x4a7f38 SetFileAttributesA
0x4a7f3c SetFileTime
0x4a7f48 SetErrorMode
0x4a7f54 GetModuleHandleW
0x4a7f58 CreateFileA
0x4a7f5c GetShortPathNameA
0x4a7f60 GetFullPathNameA
0x4a7f68 FindFirstFileA
0x4a7f6c FindClose
0x4a7f70 GetCurrentProcess
0x4a7f74 DuplicateHandle
0x4a7f78 GetFileSize
0x4a7f7c SetEndOfFile
0x4a7f80 UnlockFile
0x4a7f84 LockFile
0x4a7f88 FlushFileBuffers
0x4a7f8c SetFilePointer
0x4a7f90 WriteFile
0x4a7f94 ReadFile
0x4a7f98 lstrcmpiA
0x4a7f9c GetThreadLocale
0x4a7fa0 GetStringTypeExA
0x4a7fa4 DeleteFileA
0x4a7fa8 MoveFileA
0x4a7fbc GetAtomNameA
0x4a7fc0 GetOEMCP
0x4a7fc4 GetCPInfo
0x4a7fcc GlobalFlags
0x4a7fd0 CopyFileA
0x4a7fd4 GlobalSize
0x4a7fd8 FormatMessageA
0x4a7fdc lstrlenW
0x4a7fe0 TlsFree
0x4a7fe8 LocalReAlloc
0x4a7fec TlsSetValue
0x4a7ff0 TlsAlloc
0x4a7ff8 GlobalHandle
0x4a7ffc GlobalReAlloc
0x4a8004 TlsGetValue
0x4a800c LocalFree
0x4a8010 LocalAlloc
0x4a8018 GetModuleFileNameW
0x4a801c GlobalFree
0x4a8020 GetCurrentProcessId
0x4a8024 CreateEventA
0x4a8028 SuspendThread
0x4a802c SetEvent
0x4a8030 WaitForSingleObject
0x4a8034 ResumeThread
0x4a8038 SetThreadPriority
0x4a803c CloseHandle
0x4a8040 GetCurrentThread
0x4a804c GetModuleFileNameA
0x4a8050 GetLocaleInfoA
0x4a8054 InterlockedExchange
0x4a8058 GlobalAlloc
0x4a805c GlobalLock
0x4a8060 GlobalUnlock
0x4a8064 MulDiv
0x4a8068 lstrcmpA
0x4a806c FreeResource
0x4a8070 GetCurrentThreadId
0x4a8074 GlobalGetAtomNameA
0x4a8078 GlobalAddAtomA
0x4a807c GlobalFindAtomA
0x4a8080 GlobalDeleteAtom
0x4a8084 FreeLibrary
0x4a8088 WideCharToMultiByte
0x4a808c CompareStringA
0x4a8090 LoadLibraryA
0x4a8094 MultiByteToWideChar
0x4a8098 lstrcmpW
0x4a809c GetModuleHandleA
0x4a80a0 GetProcAddress
0x4a80a4 GetVersionExA
0x4a80a8 FindResourceA
0x4a80ac LoadResource
0x4a80b0 LockResource
0x4a80b4 SizeofResource
0x4a80b8 lstrlenA
0x4a80bc GetLastError
0x4a80c0 SetLastError
0x4a80c4 GetFileType
0x4a80c8 ExitProcess
Library USER32.dll:
0x4a82e4 ReuseDDElParam
0x4a82e8 UnpackDDElParam
0x4a82ec SetRect
0x4a82f0 SetTimer
0x4a82f4 KillTimer
0x4a82f8 GetKeyNameTextA
0x4a82fc MapVirtualKeyA
0x4a8300 IsRectEmpty
0x4a8304 GetSystemMenu
0x4a8308 SetParent
0x4a830c UnionRect
0x4a8310 GetDCEx
0x4a8314 LockWindowUpdate
0x4a8318 DestroyIcon
0x4a831c WaitMessage
0x4a8320 ReleaseCapture
0x4a8324 WindowFromPoint
0x4a8328 SetCapture
0x4a832c DeleteMenu
0x4a8330 LoadCursorA
0x4a8334 GetSysColorBrush
0x4a8338 DestroyMenu
0x4a833c GetMenuItemInfoA
0x4a8340 InflateRect
0x4a8344 GetMenuStringA
0x4a8348 AppendMenuA
0x4a834c InsertMenuA
0x4a8350 RemoveMenu
0x4a8354 GetDesktopWindow
0x4a835c GetNextDlgTabItem
0x4a8360 EndDialog
0x4a8368 ShowOwnedPopups
0x4a836c SetCursor
0x4a8370 GetMessageA
0x4a8374 TranslateMessage
0x4a8378 GetActiveWindow
0x4a837c GetCursorPos
0x4a8380 ValidateRect
0x4a8384 PostQuitMessage
0x4a8388 EndPaint
0x4a838c BeginPaint
0x4a8390 GetWindowDC
0x4a8394 ReleaseDC
0x4a8398 GetDC
0x4a839c ClientToScreen
0x4a83a0 GrayStringA
0x4a83a4 DrawTextExA
0x4a83a8 DrawTextA
0x4a83ac TabbedTextOutA
0x4a83b0 FillRect
0x4a83b4 SetMenuItemBitmaps
0x4a83bc LoadBitmapA
0x4a83c0 ModifyMenuA
0x4a83c4 GetMenuState
0x4a83c8 EnableMenuItem
0x4a83cc CheckMenuItem
0x4a83d0 LoadMenuA
0x4a83d4 WinHelpA
0x4a83d8 GetCapture
0x4a83dc SetWindowsHookExA
0x4a83e0 CallNextHookEx
0x4a83e4 GetClassLongA
0x4a83e8 GetClassNameA
0x4a83ec SetPropA
0x4a83f0 GetPropA
0x4a83f4 RemovePropA
0x4a83f8 GetForegroundWindow
0x4a83fc GetLastActivePopup
0x4a8400 SetActiveWindow
0x4a8404 DispatchMessageA
0x4a8408 BeginDeferWindowPos
0x4a840c EndDeferWindowPos
0x4a8410 GetTopWindow
0x4a8414 DestroyWindow
0x4a8418 UnhookWindowsHookEx
0x4a841c GetMessageTime
0x4a8420 GetMessagePos
0x4a8424 PeekMessageA
0x4a8428 MapWindowPoints
0x4a842c ScrollWindow
0x4a8430 TrackPopupMenuEx
0x4a8434 TrackPopupMenu
0x4a8438 GetKeyState
0x4a843c SetMenu
0x4a8440 SetScrollRange
0x4a8444 GetScrollRange
0x4a8448 SetScrollPos
0x4a844c GetScrollPos
0x4a8450 SetForegroundWindow
0x4a8454 ShowScrollBar
0x4a8458 IsWindowVisible
0x4a845c UpdateWindow
0x4a8460 PostMessageA
0x4a8464 GetSubMenu
0x4a8468 GetMenuItemID
0x4a846c GetMenuItemCount
0x4a8470 MessageBoxA
0x4a8474 CreateWindowExA
0x4a8478 GetClassInfoExA
0x4a847c GetClassInfoA
0x4a8480 RegisterClassA
0x4a8484 GetWindowRect
0x4a8488 GetParent
0x4a848c EnableWindow
0x4a8490 SendMessageA
0x4a8494 GetSysColor
0x4a8498 AdjustWindowRectEx
0x4a849c ScreenToClient
0x4a84a0 EqualRect
0x4a84a4 DeferWindowPos
0x4a84a8 GetScrollInfo
0x4a84ac SetScrollInfo
0x4a84b0 CopyRect
0x4a84b4 PtInRect
0x4a84b8 SetWindowPlacement
0x4a84bc DefWindowProcA
0x4a84c0 CallWindowProcA
0x4a84c4 GetMenu
0x4a84c8 GetMenuBarInfo
0x4a84cc LoadAcceleratorsA
0x4a84d0 InsertMenuItemA
0x4a84d4 CreatePopupMenu
0x4a84d8 BringWindowToTop
0x4a84e0 InvalidateRect
0x4a84e4 SetRectEmpty
0x4a84e8 UnregisterClassA
0x4a84ec GetDialogBaseUnits
0x4a84f4 CharUpperA
0x4a84f8 MoveWindow
0x4a84fc ShowWindow
0x4a8500 RedrawWindow
0x4a8504 GetWindowLongA
0x4a8508 EnumChildWindows
0x4a850c IsWindow
0x4a8510 DrawIcon
0x4a8514 IsIconic
0x4a8518 GetClientRect
0x4a851c LoadIconA
0x4a8520 GetSystemMetrics
0x4a8524 GetWindow
0x4a8528 CheckDlgButton
0x4a852c CheckRadioButton
0x4a8530 GetDlgItem
0x4a8534 GetDlgItemInt
0x4a8538 GetDlgItemTextA
0x4a853c SendDlgItemMessageA
0x4a8540 SetDlgItemInt
0x4a8544 SetDlgItemTextA
0x4a8548 OffsetRect
0x4a854c IntersectRect
0x4a8554 GetWindowPlacement
0x4a855c GetWindowTextA
0x4a8560 GetFocus
0x4a8564 SetWindowPos
0x4a8568 ScrollWindowEx
0x4a856c SetFocus
0x4a8570 IsWindowEnabled
0x4a8574 SetWindowLongA
0x4a8578 GetDlgCtrlID
0x4a857c SetWindowTextA
0x4a8580 IsDialogMessageA
0x4a8584 IsDlgButtonChecked
0x4a8588 IsChild
Library GDI32.dll:
0x4a7c80 ExtSelectClipRgn
0x4a7c84 DeleteDC
0x4a7c8c CreatePatternBrush
0x4a7c90 CreateCompatibleDC
0x4a7c94 GetStockObject
0x4a7c98 SelectPalette
0x4a7c9c PlayMetaFileRecord
0x4a7ca0 GetObjectType
0x4a7ca4 EnumMetaFile
0x4a7ca8 PlayMetaFile
0x4a7cac GetDeviceCaps
0x4a7cb0 CreatePen
0x4a7cb4 ExtCreatePen
0x4a7cb8 CreateSolidBrush
0x4a7cbc CreateHatchBrush
0x4a7cc0 PolyBezierTo
0x4a7cc4 CreateDCA
0x4a7cc8 CreateFontIndirectA
0x4a7cd4 SetRectRgn
0x4a7cd8 CombineRgn
0x4a7cdc GetMapMode
0x4a7ce0 PatBlt
0x4a7ce4 DPtoLP
0x4a7ce8 GetTextMetricsA
0x4a7cec GetCharWidthA
0x4a7cf0 CreateFontA
0x4a7cf4 StretchDIBits
0x4a7cfc GetBkColor
0x4a7d00 PolyDraw
0x4a7d04 PolylineTo
0x4a7d08 ArcTo
0x4a7d10 ScaleWindowExtEx
0x4a7d14 SetWindowExtEx
0x4a7d18 OffsetWindowOrgEx
0x4a7d1c Escape
0x4a7d20 SetWindowOrgEx
0x4a7d24 ScaleViewportExtEx
0x4a7d28 SetViewportExtEx
0x4a7d2c OffsetViewportOrgEx
0x4a7d30 SetViewportOrgEx
0x4a7d34 CopyMetaFileA
0x4a7d38 GetDCOrgEx
0x4a7d3c ExtTextOutA
0x4a7d40 TextOutA
0x4a7d44 RectVisible
0x4a7d48 PtVisible
0x4a7d4c StartDocA
0x4a7d50 GetPixel
0x4a7d54 BitBlt
0x4a7d58 GetWindowExtEx
0x4a7d5c GetViewportExtEx
0x4a7d60 SelectClipPath
0x4a7d64 CreateRectRgn
0x4a7d68 GetClipRgn
0x4a7d6c SelectClipRgn
0x4a7d70 DeleteObject
0x4a7d74 SetColorAdjustment
0x4a7d78 SetArcDirection
0x4a7d7c SetMapperFlags
0x4a7d88 SetTextAlign
0x4a7d8c MoveToEx
0x4a7d90 LineTo
0x4a7d94 OffsetClipRgn
0x4a7d98 IntersectClipRect
0x4a7d9c ExcludeClipRect
0x4a7da0 SetMapMode
0x4a7da8 SetWorldTransform
0x4a7dac SetGraphicsMode
0x4a7db0 SetStretchBltMode
0x4a7db4 SetROP2
0x4a7db8 SetPolyFillMode
0x4a7dbc SetBkMode
0x4a7dc0 RestoreDC
0x4a7dc4 SaveDC
0x4a7dc8 CreateBitmap
0x4a7dcc GetObjectA
0x4a7dd0 SetBkColor
0x4a7dd4 SetTextColor
0x4a7dd8 GetClipBox
0x4a7ddc SelectObject
Library COMDLG32.dll:
0x4a7c50 GetFileTitleA
Library WINSPOOL.DRV:
0x4a8640 DocumentPropertiesA
0x4a8644 OpenPrinterA
0x4a8648 ClosePrinter
Library ADVAPI32.dll:
0x4a7bec RegDeleteValueA
0x4a7bf0 RegSetValueExA
0x4a7bf4 RegCreateKeyExA
0x4a7bf8 RegSetValueA
0x4a7bfc RegQueryValueA
0x4a7c00 RegOpenKeyA
0x4a7c04 RegEnumKeyA
0x4a7c08 RegDeleteKeyA
0x4a7c0c RegOpenKeyExA
0x4a7c10 RegQueryValueExA
0x4a7c14 RegCloseKey
0x4a7c18 RegCreateKeyA
Library SHELL32.dll:
0x4a8260 ExtractIconA
0x4a8264 DragFinish
0x4a8268 DragQueryFileA
0x4a826c SHGetFileInfoA
Library SHLWAPI.dll:
0x4a829c PathFindFileNameA
0x4a82a0 PathStripToRootA
0x4a82a4 PathIsUNCA
0x4a82a8 PathFindExtensionA
0x4a82b0 PathRemoveFileSpecW
Library ole32.dll:
0x4a8678 StringFromGUID2
0x4a867c CoDisconnectObject
0x4a8680 OleDuplicateData
0x4a8684 CoTaskMemAlloc
0x4a8688 ReleaseStgMedium
0x4a868c CreateBindCtx
0x4a8690 CoTreatAsClass
0x4a8694 CoCreateInstance
0x4a8698 ReadClassStg
0x4a869c ReadFmtUserTypeStg
0x4a86a0 OleRegGetUserType
0x4a86a4 WriteClassStg
0x4a86a8 WriteFmtUserTypeStg
0x4a86ac SetConvertStg
0x4a86b0 CoTaskMemFree
0x4a86b4 CLSIDFromString
0x4a86b8 CoUninitialize
0x4a86bc CoInitializeEx
0x4a86c0 StringFromCLSID
Library OLEAUT32.dll:
0x4a8174 VariantClear
0x4a8178 VariantChangeType
0x4a817c VariantInit
0x4a8180 SysAllocStringLen
0x4a8184 SysFreeString
0x4a8188 SysStringLen
0x4a8190 SysStringByteLen
0x4a8194 RegisterTypeLib
0x4a8198 LoadTypeLib
0x4a819c LoadRegTypeLib
0x4a81a4 SafeArrayAccessData
0x4a81a8 SafeArrayGetUBound
0x4a81ac SafeArrayGetLBound
0x4a81b4 SafeArrayGetDim
0x4a81b8 SafeArrayCreate
0x4a81bc SafeArrayRedim
0x4a81c0 VariantCopy
0x4a81c4 SafeArrayAllocData
0x4a81cc SafeArrayCopy
0x4a81d0 SafeArrayGetElement
0x4a81d4 SafeArrayPtrOfIndex
0x4a81d8 SafeArrayPutElement
0x4a81dc SafeArrayLock
0x4a81e0 SafeArrayUnlock
0x4a81e4 SafeArrayDestroy
0x4a81f8 SysReAllocStringLen
0x4a81fc VarDateFromStr
0x4a8200 VarBstrFromCy
0x4a8204 VarBstrFromDec
0x4a8208 VarDecFromStr
0x4a820c VarCyFromStr
0x4a8210 VarBstrFromDate

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.