9.4
极危
该样本未表现出任何异常!
重新分析
更多

35a94d699b3b76654146147d5049a618067f3c2081f0b90d28f2b0cb4baf9df1

d150fab1d3923ca48b2d3730ee447279.exe

分析耗时

75s

最近分析

文件大小

757.5KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Command line console output was observed (22 个事件)
Time & API Arguments Status Return Repeated
1619938783.396374
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619938783.412374
WriteConsoleW
buffer: PING
console_handle: 0x00000007
success 1 0
1619938783.412374
WriteConsoleW
buffer: 127.0.0.1 -n 2
console_handle: 0x00000007
success 1 0
1619938786.350374
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619938786.381374
WriteConsoleW
buffer: start
console_handle: 0x00000007
success 1 0
1619938786.381374
WriteConsoleW
buffer: "" "C:\Users\Administrator.Oskar-PC\AppData\Roaming\remcos\remcos.exe"
console_handle: 0x00000007
success 1 0
1619938788.740374
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619938788.756374
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1619938788.756374
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\install.bat"
console_handle: 0x00000007
success 1 0
1619938789.287374
WriteConsoleW
buffer: 找不到批处理文件。
console_handle: 0x0000000b
success 1 0
1619938784.101249
WriteConsoleA
buffer: ÕýÔÚ Ping 127.0.0.1
console_handle: 0x00000007
success 1 0
1619938784.116249
WriteConsoleA
buffer: ¾ßÓÐ 32 ×Ö½ÚµÄÊý¾Ý:
console_handle: 0x00000007
success 1 0
1619938784.132249
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619938784.132249
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619938784.147249
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619938784.147249
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619938785.210249
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619938785.210249
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619938785.226249
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619938785.226249
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619938785.241249
WriteConsoleA
buffer: 127.0.0.1 µÄ Ping ͳ¼ÆÐÅÏ¢: Êý¾Ý°ü: ÒÑ·¢ËÍ = 2£¬ÒѽÓÊÕ = 2£¬¶ªÊ§ = 0 (0% ¶ªÊ§)£¬
console_handle: 0x00000007
success 1 0
1619938785.272249
WriteConsoleA
buffer: Íù·µÐг̵ĹÀ¼Æʱ¼ä(ÒÔºÁÃëΪµ¥Î»): ×î¶Ì = 0ms£¬× = 0ms£¬Æ½¾ù = 0ms
console_handle: 0x00000007
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619938783.944249
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1619910852.715017
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e0000
success 0 0
1619910852.887017
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 40960
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00488000
success 0 0
1619910852.887017
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00570000
success 0 0
1619938786.835249
NtAllocateVirtualMemory
process_identifier: 3092
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00350000
success 0 0
1619938786.976249
NtProtectVirtualMemory
process_identifier: 3092
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 40960
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00488000
success 0 0
1619938786.976249
NtAllocateVirtualMemory
process_identifier: 3092
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x008a0000
success 0 0
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\install.bat
Drops a binary and executes it (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\install.bat
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619938782.787751
ShellExecuteExW
parameters:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\install.bat
filepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\install.bat
show_type: 0
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.368262043503684 section {'size_of_data': '0x0001e400', 'virtual_address': '0x000a4000', 'entropy': 7.368262043503684, 'name': '.rsrc', 'virtual_size': '0x0001e2f8'} description A section with a high entropy has been found
Uses Windows utilities for basic Windows functionality (1 个事件)
cmdline PING 127.0.0.1 -n 2
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 185.244.30.56
Installs itself for autorun at Windows startup (2 个事件)
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\remcos reg_value "C:\Users\Administrator.Oskar-PC\AppData\Roaming\remcos\remcos.exe"
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\remcos reg_value "C:\Users\Administrator.Oskar-PC\AppData\Roaming\remcos\remcos.exe"
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (4 个事件)
Process injection Process 784 called NtSetContextThread to modify thread in remote process 192
Process injection Process 3092 called NtSetContextThread to modify thread in remote process 3168
Time & API Arguments Status Return Repeated
1619910853.028017
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4259208
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 192
success 0 0
1619938788.257249
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4259208
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3168
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (6 个事件)
Process injection Process 784 resumed a thread in remote process 192
Process injection Process 520 resumed a thread in remote process 3092
Process injection Process 3092 resumed a thread in remote process 3168
Time & API Arguments Status Return Repeated
1619910853.637017
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 192
success 0 0
1619938788.725374
NtResumeThread
thread_handle: 0x00000080
suspend_count: 0
process_identifier: 3092
success 0 0
1619938789.679249
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 3168
success 0 0
Generates some ICMP traffic
Executed a process and injected code into it, probably while unpacking (17 个事件)
Time & API Arguments Status Return Repeated
1619910853.028017
CreateProcessInternalW
thread_identifier: 200
thread_handle: 0x000000fc
process_identifier: 192
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d150fab1d3923ca48b2d3730ee447279.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000100
inherit_handles: 0
success 1 0
1619910853.028017
NtUnmapViewOfSection
process_identifier: 192
region_size: 4096
process_handle: 0x00000100
base_address: 0x00400000
success 0 0
1619910853.028017
NtMapViewOfSection
section_handle: 0x00000108
process_identifier: 192
commit_size: 94208
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000100
allocation_type: 0 ()
section_offset: 0
view_size: 94208
base_address: 0x00400000
success 0 0
1619910853.028017
NtGetContextThread
thread_handle: 0x000000fc
success 0 0
1619910853.028017
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4259208
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 192
success 0 0
1619910853.637017
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 192
success 0 0
1619938782.787751
CreateProcessInternalW
thread_identifier: 1060
thread_handle: 0x00000174
process_identifier: 520
current_directory: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp
filepath:
track: 1
command_line: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\install.bat"
filepath_r:
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
process_handle: 0x00000220
inherit_handles: 0
success 1 0
1619938783.646374
CreateProcessInternalW
thread_identifier: 2080
thread_handle: 0x00000084
process_identifier: 2260
current_directory: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp
filepath: C:\Windows\System32\PING.EXE
track: 1
command_line: PING 127.0.0.1 -n 2
filepath_r: C:\Windows\system32\PING.EXE
stack_pivoted: 0
creation_flags: 524288 (EXTENDED_STARTUPINFO_PRESENT)
process_handle: 0x00000080
inherit_handles: 1
success 1 0
1619938786.568374
CreateProcessInternalW
thread_identifier: 3096
thread_handle: 0x00000080
process_identifier: 3092
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\remcos\remcos.exe
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Roaming\remcos\remcos.exe"
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Roaming\remcos\remcos.exe
stack_pivoted: 0
creation_flags: 525328 (CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
process_handle: 0x00000084
inherit_handles: 1
success 1 0
1619938788.725374
NtResumeThread
thread_handle: 0x00000080
suspend_count: 0
process_identifier: 3092
success 0 0
1619938784.069249
NtResumeThread
thread_handle: 0x000000d8
suspend_count: 1
process_identifier: 2260
success 0 0
1619938788.147249
CreateProcessInternalW
thread_identifier: 3172
thread_handle: 0x000000fc
process_identifier: 3168
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Roaming\remcos\remcos.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000100
inherit_handles: 0
success 1 0
1619938788.147249
NtUnmapViewOfSection
process_identifier: 3168
region_size: 4096
process_handle: 0x00000100
base_address: 0x00400000
success 0 0
1619938788.194249
NtMapViewOfSection
section_handle: 0x00000108
process_identifier: 3168
commit_size: 94208
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000100
allocation_type: 0 ()
section_offset: 0
view_size: 94208
base_address: 0x00400000
success 0 0
1619938788.257249
NtGetContextThread
thread_handle: 0x000000fc
success 0 0
1619938788.257249
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4259208
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3168
success 0 0
1619938789.679249
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 3168
success 0 0
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (8 个事件)
dead_host 192.168.56.101:49194
dead_host 192.168.56.101:49193
dead_host 192.168.56.101:49190
dead_host 192.168.56.101:49199
dead_host 192.168.56.101:49196
dead_host 192.168.56.101:49187
dead_host 185.244.30.56:1900
dead_host 192.168.56.101:49195
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x495164 VirtualFree
0x495168 VirtualAlloc
0x49516c LocalFree
0x495170 LocalAlloc
0x495174 GetVersion
0x495178 GetCurrentThreadId
0x495184 VirtualQuery
0x495188 WideCharToMultiByte
0x495190 MultiByteToWideChar
0x495194 lstrlenA
0x495198 lstrcpynA
0x49519c LoadLibraryExA
0x4951a0 GetThreadLocale
0x4951a4 GetStartupInfoA
0x4951a8 GetProcAddress
0x4951ac GetModuleHandleA
0x4951b0 GetModuleFileNameA
0x4951b4 GetLocaleInfoA
0x4951b8 GetLastError
0x4951c0 GetCommandLineA
0x4951c4 FreeLibrary
0x4951c8 FindFirstFileA
0x4951cc FindClose
0x4951d0 ExitProcess
0x4951d4 WriteFile
0x4951dc RtlUnwind
0x4951e0 RaiseException
0x4951e4 GetStdHandle
Library user32.dll:
0x4951ec GetKeyboardType
0x4951f0 LoadStringA
0x4951f4 MessageBoxA
0x4951f8 CharNextA
Library advapi32.dll:
0x495200 RegQueryValueExA
0x495204 RegOpenKeyExA
0x495208 RegCloseKey
Library oleaut32.dll:
0x495210 SysFreeString
0x495214 SysReAllocStringLen
0x495218 SysAllocStringLen
Library kernel32.dll:
0x495220 TlsSetValue
0x495224 TlsGetValue
0x495228 LocalAlloc
0x49522c GetModuleHandleA
Library advapi32.dll:
0x495234 RegQueryValueExA
0x495238 RegOpenKeyExA
0x49523c RegCloseKey
Library kernel32.dll:
0x495244 lstrcpyA
0x495248 WriteFile
0x49524c WaitForSingleObject
0x495250 VirtualQuery
0x495254 VirtualProtect
0x495258 VirtualAlloc
0x49525c Sleep
0x495260 SizeofResource
0x495264 SetThreadLocale
0x495268 SetFilePointer
0x49526c SetEvent
0x495270 SetErrorMode
0x495274 SetEndOfFile
0x495278 ResetEvent
0x49527c ReadFile
0x495280 MultiByteToWideChar
0x495284 MulDiv
0x495288 LockResource
0x49528c LoadResource
0x495290 LoadLibraryA
0x49529c GlobalUnlock
0x4952a0 GlobalSize
0x4952a4 GlobalReAlloc
0x4952a8 GlobalHandle
0x4952ac GlobalLock
0x4952b0 GlobalFree
0x4952b4 GlobalFindAtomA
0x4952b8 GlobalDeleteAtom
0x4952bc GlobalAlloc
0x4952c0 GlobalAddAtomA
0x4952c4 GetVersionExA
0x4952c8 GetVersion
0x4952cc GetUserDefaultLCID
0x4952d0 GetTickCount
0x4952d4 GetThreadLocale
0x4952d8 GetSystemInfo
0x4952dc GetStringTypeExA
0x4952e0 GetStdHandle
0x4952e4 GetProcAddress
0x4952e8 GetModuleHandleA
0x4952ec GetModuleFileNameA
0x4952f0 GetLocaleInfoA
0x4952f4 GetLocalTime
0x4952f8 GetLastError
0x4952fc GetFullPathNameA
0x495300 GetFileAttributesA
0x495304 GetDiskFreeSpaceA
0x495308 GetDateFormatA
0x49530c GetCurrentThreadId
0x495310 GetCurrentProcessId
0x495314 GetComputerNameA
0x495318 GetCPInfo
0x49531c GetACP
0x495320 FreeResource
0x495328 InterlockedExchange
0x495330 FreeLibrary
0x495334 FormatMessageA
0x495338 FindResourceA
0x49533c FindNextFileA
0x495340 FindFirstFileA
0x495344 FindClose
0x495350 EnumCalendarInfoA
0x49535c CreateThread
0x495360 CreateFileA
0x495364 CreateEventA
0x495368 CompareStringA
0x49536c CloseHandle
Library version.dll:
0x495374 VerQueryValueA
0x49537c GetFileVersionInfoA
Library gdi32.dll:
0x495384 UnrealizeObject
0x495388 StretchBlt
0x49538c SetWindowOrgEx
0x495390 SetWinMetaFileBits
0x495394 SetViewportOrgEx
0x495398 SetTextColor
0x49539c SetStretchBltMode
0x4953a0 SetROP2
0x4953a4 SetPixel
0x4953a8 SetMapMode
0x4953ac SetEnhMetaFileBits
0x4953b0 SetDIBColorTable
0x4953b4 SetBrushOrgEx
0x4953b8 SetBkMode
0x4953bc SetBkColor
0x4953c0 SetArcDirection
0x4953c4 SelectPalette
0x4953c8 SelectObject
0x4953cc SelectClipRgn
0x4953d0 SaveDC
0x4953d4 RestoreDC
0x4953d8 Rectangle
0x4953dc RectVisible
0x4953e0 RealizePalette
0x4953e4 Polyline
0x4953e8 PlayEnhMetaFile
0x4953ec PatBlt
0x4953f0 MoveToEx
0x4953f4 MaskBlt
0x4953f8 LineTo
0x4953fc LPtoDP
0x495400 IntersectClipRect
0x495404 GetWindowOrgEx
0x495408 GetWinMetaFileBits
0x49540c GetTextMetricsA
0x495418 GetStockObject
0x49541c GetPixel
0x495420 GetPaletteEntries
0x495424 GetObjectA
0x495434 GetEnhMetaFileBits
0x495438 GetDeviceCaps
0x49543c GetDIBits
0x495440 GetDIBColorTable
0x495444 GetDCOrgEx
0x49544c GetClipBox
0x495450 GetBrushOrgEx
0x495454 GetBitmapBits
0x495458 ExtTextOutA
0x49545c ExcludeClipRect
0x495460 DeleteObject
0x495464 DeleteEnhMetaFile
0x495468 DeleteDC
0x49546c CreateSolidBrush
0x495470 CreatePenIndirect
0x495474 CreatePalette
0x49547c CreateFontIndirectA
0x495480 CreateEnhMetaFileA
0x495484 CreateDIBitmap
0x495488 CreateDIBSection
0x49548c CreateCompatibleDC
0x495494 CreateBrushIndirect
0x495498 CreateBitmap
0x49549c CopyEnhMetaFileA
0x4954a0 CloseEnhMetaFile
0x4954a4 BitBlt
Library user32.dll:
0x4954ac CreateWindowExA
0x4954b0 WindowFromPoint
0x4954b4 WinHelpA
0x4954b8 WaitMessage
0x4954bc UpdateWindow
0x4954c0 UnregisterClassA
0x4954c4 UnhookWindowsHookEx
0x4954c8 TranslateMessage
0x4954d0 TrackPopupMenu
0x4954d8 ShowWindow
0x4954dc ShowScrollBar
0x4954e0 ShowOwnedPopups
0x4954e4 ShowCursor
0x4954e8 SetWindowsHookExA
0x4954ec SetWindowTextA
0x4954f0 SetWindowPos
0x4954f4 SetWindowPlacement
0x4954f8 SetWindowLongA
0x4954fc SetTimer
0x495500 SetScrollRange
0x495504 SetScrollPos
0x495508 SetScrollInfo
0x49550c SetRect
0x495510 SetPropA
0x495514 SetParent
0x495518 SetMenuItemInfoA
0x49551c SetMenu
0x495520 SetForegroundWindow
0x495524 SetFocus
0x495528 SetCursor
0x49552c SetClassLongA
0x495530 SetCapture
0x495534 SetActiveWindow
0x495538 SendMessageA
0x49553c ScrollWindow
0x495540 ScreenToClient
0x495544 RemovePropA
0x495548 RemoveMenu
0x49554c ReleaseDC
0x495550 ReleaseCapture
0x49555c RegisterClassA
0x495560 RedrawWindow
0x495564 PtInRect
0x495568 PostQuitMessage
0x49556c PostMessageA
0x495570 PeekMessageA
0x495574 OffsetRect
0x495578 OemToCharA
0x49557c MessageBoxA
0x495580 MapWindowPoints
0x495584 MapVirtualKeyA
0x495588 LoadStringA
0x49558c LoadKeyboardLayoutA
0x495590 LoadIconA
0x495594 LoadCursorA
0x495598 LoadBitmapA
0x49559c KillTimer
0x4955a0 IsZoomed
0x4955a4 IsWindowVisible
0x4955a8 IsWindowEnabled
0x4955ac IsWindow
0x4955b0 IsRectEmpty
0x4955b4 IsIconic
0x4955b8 IsDialogMessageA
0x4955bc IsChild
0x4955c0 InvalidateRect
0x4955c4 IntersectRect
0x4955c8 InsertMenuItemA
0x4955cc InsertMenuA
0x4955d0 InflateRect
0x4955d8 GetWindowTextA
0x4955dc GetWindowRect
0x4955e0 GetWindowPlacement
0x4955e4 GetWindowLongA
0x4955e8 GetWindowDC
0x4955ec GetTopWindow
0x4955f0 GetSystemMetrics
0x4955f4 GetSystemMenu
0x4955f8 GetSysColorBrush
0x4955fc GetSysColor
0x495600 GetSubMenu
0x495604 GetScrollRange
0x495608 GetScrollPos
0x49560c GetScrollInfo
0x495610 GetPropA
0x495614 GetParent
0x495618 GetWindow
0x49561c GetMessageTime
0x495620 GetMenuStringA
0x495624 GetMenuState
0x495628 GetMenuItemInfoA
0x49562c GetMenuItemID
0x495630 GetMenuItemCount
0x495634 GetMenu
0x495638 GetLastActivePopup
0x49563c GetKeyboardState
0x495644 GetKeyboardLayout
0x495648 GetKeyState
0x49564c GetKeyNameTextA
0x495650 GetIconInfo
0x495654 GetForegroundWindow
0x495658 GetFocus
0x49565c GetDlgItem
0x495660 GetDesktopWindow
0x495664 GetDCEx
0x495668 GetDC
0x49566c GetCursorPos
0x495670 GetCursor
0x495674 GetClipboardData
0x495678 GetClientRect
0x49567c GetClassNameA
0x495680 GetClassInfoA
0x495684 GetCapture
0x495688 GetActiveWindow
0x49568c FrameRect
0x495690 FindWindowA
0x495694 FillRect
0x495698 EqualRect
0x49569c EnumWindows
0x4956a0 EnumThreadWindows
0x4956a4 EndPaint
0x4956a8 EnableWindow
0x4956ac EnableScrollBar
0x4956b0 EnableMenuItem
0x4956b4 DrawTextA
0x4956b8 DrawMenuBar
0x4956bc DrawIconEx
0x4956c0 DrawIcon
0x4956c4 DrawFrameControl
0x4956c8 DrawFocusRect
0x4956cc DrawEdge
0x4956d0 DispatchMessageA
0x4956d4 DestroyWindow
0x4956d8 DestroyMenu
0x4956dc DestroyIcon
0x4956e0 DestroyCursor
0x4956e4 DeleteMenu
0x4956e8 DefWindowProcA
0x4956ec DefMDIChildProcA
0x4956f0 DefFrameProcA
0x4956f4 CreatePopupMenu
0x4956f8 CreateMenu
0x4956fc CreateIcon
0x495700 ClientToScreen
0x495704 CheckMenuItem
0x495708 CallWindowProcA
0x49570c CallNextHookEx
0x495710 BeginPaint
0x495714 CharNextA
0x495718 CharLowerBuffA
0x49571c CharLowerA
0x495720 CharUpperBuffA
0x495724 CharToOemA
0x495728 AdjustWindowRectEx
Library kernel32.dll:
0x495734 Sleep
Library oleaut32.dll:
0x49573c SafeArrayPtrOfIndex
0x495740 SafeArrayPutElement
0x495744 SafeArrayGetElement
0x49574c SafeArrayAccessData
0x495750 SafeArrayGetUBound
0x495754 SafeArrayGetLBound
0x495758 SafeArrayCreate
0x49575c VariantChangeType
0x495760 VariantCopyInd
0x495764 VariantCopy
0x495768 VariantClear
0x49576c VariantInit
Library ole32.dll:
0x495778 IsAccelerator
0x49577c OleDraw
0x495784 CoTaskMemFree
0x495788 ProgIDFromCLSID
0x49578c StringFromCLSID
0x495790 CoCreateInstance
0x495794 CoGetClassObject
0x495798 CoUninitialize
0x49579c CoInitialize
0x4957a0 IsEqualGUID
Library oleaut32.dll:
0x4957a8 CreateErrorInfo
0x4957ac GetErrorInfo
0x4957b0 SetErrorInfo
0x4957b4 GetActiveObject
0x4957b8 SysFreeString
Library comctl32.dll:
0x4957c8 ImageList_Write
0x4957cc ImageList_Read
0x4957dc ImageList_DragMove
0x4957e0 ImageList_DragLeave
0x4957e4 ImageList_DragEnter
0x4957e8 ImageList_EndDrag
0x4957ec ImageList_BeginDrag
0x4957f0 ImageList_Remove
0x4957f4 ImageList_DrawEx
0x4957f8 ImageList_Replace
0x4957fc ImageList_Draw
0x49580c ImageList_Add
0x495814 ImageList_Destroy
0x495818 ImageList_Create
0x49581c InitCommonControls
Library comdlg32.dll:
0x495824 GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.