7.2
高危
52 个模型检测该样本为恶意!
重新分析
更多

518bd8ce58370b1a50f4cbc0fbad04be66dd9da1b7ba71b3f8c3d599fbffb814

d1670892527a0308f8fcd9c77dc0478a.exe

分析耗时

77s

最近分析

文件大小

604.1KB
静态报毒 动态报毒 AI SCORE=80 AIDETECTVM ATTRIBUTE CJPL CKGENERIC ELDORADO EMOTET GENCIRC GENERICKDZ HCEJ HFPN HIGH CONFIDENCE HIGHCONFIDENCE HSHRFI INDPI KRYPTIK L+VNUUO+RVI LQ1@AY LVMTJ LZTKVN MALWARE1 MOQAPMS5KUS NONAME@0 R + TROJ THIOFBO TROJANX UNSAFE ZEXTET 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRV!D1670892527A 20200910 6.0.6.653
Alibaba Trojan:Win32/Emotet.bad68805 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Tencent Malware.Win32.Gencirc.10cde9e0 20200911 1.0.0.1
Kingsoft 20200911 2013.8.14.323
CrowdStrike 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619916236.83675
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1619916228.75875
CryptGenKey
crypto_handle: 0x0037d708
algorithm_identifier: 0x0000660e ()
provider_handle: 0x0037c4d8
flags: 1
key: fÛ£¢0Óêz-Ý$Q±ù
success 1 0
1619916236.85275
CryptExportKey
crypto_handle: 0x0037d708
crypto_export_handle: 0x0037d5b0
buffer: f¤®‰ú³i…[ioòk-n4!˜ÙdpÅÔ{ `ÀX(Ò]Y50ÎçeJVùILø±m¾EŸ™•Îã3­#aô¦ú:—3h÷dO CŽÕOZý—I«rd¸O´r<
blob_type: 1
flags: 64
success 1 0
1619916271.88375
CryptExportKey
crypto_handle: 0x0037d708
crypto_export_handle: 0x0037d5b0
buffer: f¤Pª8¯g4 ]UeЛëDA\»”hwqïwa€Dܑµ™Ôª5' h–¢Ï"5r®¡¼zµýa!iªÝ‚”1FäË÷Sañ±BsãØC!ˆNŽÅ’=š}³²k°­3
blob_type: 1
flags: 64
success 1 0
1619916279.82175
CryptExportKey
crypto_handle: 0x0037d708
crypto_export_handle: 0x0037d5b0
buffer: f¤,wƒ§ “´Q‡¹¦ÚX³\J¨yí]Ùº¬µÕ,ōΆ¬9^h´žáoÕÂt²ö.ZÊ·m×?Dgò/ù#Ÿ€Lm¯|ÆTz>è²dÔ?»îwƒ#Ír„›ÊÄ
blob_type: 1
flags: 64
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619916228.33675
NtAllocateVirtualMemory
process_identifier: 648
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01d40000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (2 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619916237.39975
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process d1670892527a0308f8fcd9c77dc0478a.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619916237.05575
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 172.217.24.14
host 64.183.73.122
host 67.205.85.243
host 69.30.203.214
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619916239.97775
RegSetValueExA
key_handle: 0x000003c0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619916239.97775
RegSetValueExA
key_handle: 0x000003c0
value: /MÐ>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619916239.99275
RegSetValueExA
key_handle: 0x000003c0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619916239.99275
RegSetValueExW
key_handle: 0x000003c0
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619916239.99275
RegSetValueExA
key_handle: 0x000003d8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619916239.99275
RegSetValueExA
key_handle: 0x000003d8
value: /MÐ>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619916239.99275
RegSetValueExA
key_handle: 0x000003d8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619916240.02475
RegSetValueExW
key_handle: 0x000003bc
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Generates some ICMP traffic
File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.69563
FireEye Trojan.GenericKDZ.69563
CAT-QuickHeal Trojan.CKGENERIC
McAfee Emotet-FRV!D1670892527A
Cylance Unsafe
Zillya Backdoor.Emotet.Win32.1118
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/Emotet.bad68805
K7GW Riskware ( 0040eff71 )
Invincea Mal/Generic-R + Troj/Emotet-CLJ
Cyren W32/Emotet.AQI.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
ClamAV Win.Trojan.Emotet-9428016-0
Kaspersky Backdoor.Win32.Emotet.cjpl
BitDefender Trojan.GenericKDZ.69563
NANO-Antivirus Trojan.Win32.Emotet.hshrfi
AegisLab Trojan.Win32.Emotet.L!c
Tencent Malware.Win32.Gencirc.10cde9e0
Ad-Aware Trojan.GenericKDZ.69563
TACHYON Trojan/W32.Agent.618608
Comodo fls.noname@0
F-Secure Trojan.TR/AD.Emotet.lvmtj
DrWeb Trojan.Emotet.999
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.EMOTET.THIOFBO
Sophos Troj/Emotet-CLJ
Ikarus Trojan-Banker.Emotet
Jiangmin Backdoor.Emotet.ru
Avira TR/AD.Emotet.lvmtj
Antiy-AVL Trojan[Backdoor]/Win32.Emotet
Microsoft Trojan:Win32/Emotet.ARJ!MTB
ViRobot Trojan.Win32.Emotet.594032
ZoneAlarm Backdoor.Win32.Emotet.cjpl
GData Win32.Trojan.PSE.LZTKVN
AhnLab-V3 Malware/Win32.Generic.C4185741
BitDefenderTheta Gen:NN.Zextet.34216.Lq1@ay!INdpi
ALYac Trojan.Agent.Emotet
MAX malware (ai score=80)
VBA32 Backdoor.Emotet
Malwarebytes Trojan.Emotet
ESET-NOD32 a variant of Win32/Kryptik.HFPN
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THIOFBO
Rising Trojan.Kryptik!8.8 (TFE:5:mOqaPms5kuS)
Yandex Trojan.Kryptik!l+vNUuO+rvI
Fortinet W32/Kryptik.HCEJ!tr
AVG Win32:TrojanX-gen [Trj]
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 69.30.203.214:8080
dead_host 64.183.73.122:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-19 05:04:52

Imports

Library KERNEL32.dll:
0x445198 TerminateProcess
0x44519c CreateThread
0x4451a0 ExitThread
0x4451a4 HeapSize
0x4451a8 HeapReAlloc
0x4451ac GetACP
0x4451b4 GetSystemTime
0x4451b8 GetLocalTime
0x4451bc LCMapStringA
0x4451c0 LCMapStringW
0x4451c4 FatalAppExitA
0x4451c8 Sleep
0x4451cc HeapDestroy
0x4451d0 HeapCreate
0x4451d4 VirtualFree
0x4451d8 VirtualAlloc
0x4451dc IsBadWritePtr
0x4451f0 HeapFree
0x4451f4 SetHandleCount
0x4451f8 GetStdHandle
0x4451fc GetFileType
0x445204 GetStringTypeA
0x445208 GetStringTypeW
0x44520c IsBadReadPtr
0x445210 IsBadCodePtr
0x445214 IsValidLocale
0x445218 IsValidCodePage
0x44521c GetLocaleInfoA
0x445220 EnumSystemLocalesA
0x445224 GetUserDefaultLCID
0x445228 GetVersionExA
0x445230 SetStdHandle
0x445234 GetLocaleInfoW
0x445238 CompareStringA
0x44523c CompareStringW
0x445244 RaiseException
0x445248 GetProfileStringA
0x44524c InterlockedExchange
0x445250 GetCommandLineA
0x445254 GetStartupInfoA
0x445258 HeapAlloc
0x44525c RtlUnwind
0x445260 CopyFileA
0x445264 GlobalSize
0x445268 SetFileAttributesA
0x44526c SetFileTime
0x445278 GetFileTime
0x44527c GetFileSize
0x445280 GetFileAttributesA
0x445284 GetTickCount
0x445290 lstrlenW
0x445294 GetShortPathNameA
0x445298 GetStringTypeExA
0x44529c GetFullPathNameA
0x4452a4 FindFirstFileA
0x4452a8 FindClose
0x4452ac DeleteFileA
0x4452b0 MoveFileA
0x4452b4 SetEndOfFile
0x4452b8 UnlockFile
0x4452bc LockFile
0x4452c0 FlushFileBuffers
0x4452c4 SetFilePointer
0x4452c8 WriteFile
0x4452cc ReadFile
0x4452d0 CreateFileA
0x4452d4 GetCurrentProcess
0x4452d8 DuplicateHandle
0x4452dc SetErrorMode
0x4452e0 GetThreadLocale
0x4452e4 SizeofResource
0x4452f8 GetOEMCP
0x4452fc GetCPInfo
0x445300 GetProcessVersion
0x445304 GlobalFlags
0x445308 TlsGetValue
0x44530c LocalReAlloc
0x445310 TlsSetValue
0x445318 GlobalReAlloc
0x445320 TlsFree
0x445324 GlobalHandle
0x44532c TlsAlloc
0x445334 LocalAlloc
0x445338 GetLastError
0x44533c FormatMessageA
0x445340 LocalFree
0x445344 MultiByteToWideChar
0x445348 WideCharToMultiByte
0x44534c lstrlenA
0x445354 GlobalFree
0x445358 CreateEventA
0x44535c SuspendThread
0x445360 SetThreadPriority
0x445364 ResumeThread
0x445368 SetEvent
0x44536c WaitForSingleObject
0x445370 CloseHandle
0x445374 GetModuleFileNameA
0x445378 GlobalAlloc
0x44537c lstrcmpA
0x445380 GetCurrentThread
0x445388 lstrcpynA
0x44538c GlobalLock
0x445390 GlobalUnlock
0x445394 MulDiv
0x445398 SetLastError
0x44539c LoadLibraryA
0x4453a0 FreeLibrary
0x4453a4 FindResourceA
0x4453a8 LoadResource
0x4453ac LockResource
0x4453b0 GetVersion
0x4453b4 lstrcatA
0x4453b8 GetCurrentThreadId
0x4453bc GlobalGetAtomNameA
0x4453c0 lstrcmpiA
0x4453c4 GlobalAddAtomA
0x4453c8 GlobalFindAtomA
0x4453cc GlobalDeleteAtom
0x4453d0 lstrcpyA
0x4453d4 GetModuleHandleA
0x4453d8 GetProcAddress
0x4453e0 ExitProcess
Library USER32.dll:
0x445498 SetRect
0x44549c GetNextDlgGroupItem
0x4454a0 MessageBeep
0x4454a4 SetRectEmpty
0x4454a8 LoadAcceleratorsA
0x4454b0 LoadMenuA
0x4454b4 SetMenu
0x4454b8 ReuseDDElParam
0x4454bc UnpackDDElParam
0x4454c0 BringWindowToTop
0x4454c4 CharUpperA
0x4454cc RemoveMenu
0x4454d0 PostThreadMessageA
0x4454d4 DestroyIcon
0x4454d8 IsWindowEnabled
0x4454dc MoveWindow
0x4454e0 SetWindowTextA
0x4454e4 IsDialogMessageA
0x4454e8 ScrollWindowEx
0x4454ec IsDlgButtonChecked
0x4454f0 SetDlgItemTextA
0x4454f4 SetDlgItemInt
0x4454f8 GetDlgItemTextA
0x4454fc GetDlgItemInt
0x445500 CheckRadioButton
0x445504 CheckDlgButton
0x445508 UpdateWindow
0x44550c SendDlgItemMessageA
0x445510 MapWindowPoints
0x445514 GetSysColor
0x445518 PeekMessageA
0x44551c DispatchMessageA
0x445520 GetFocus
0x445524 SetActiveWindow
0x445528 IsWindow
0x44552c SetFocus
0x445530 AdjustWindowRectEx
0x445534 ScreenToClient
0x445538 EqualRect
0x44553c DeferWindowPos
0x445540 BeginDeferWindowPos
0x445544 CopyRect
0x445548 EndDeferWindowPos
0x44554c IsWindowVisible
0x445550 ScrollWindow
0x445554 GetScrollInfo
0x445558 SetScrollInfo
0x44555c ShowScrollBar
0x445560 GetScrollRange
0x445564 SetScrollRange
0x445568 GetScrollPos
0x44556c SetScrollPos
0x445570 GetTopWindow
0x445574 MessageBoxA
0x445578 IsChild
0x44557c GetCapture
0x445580 WinHelpA
0x445584 wsprintfA
0x44558c WaitMessage
0x445590 GetMenu
0x445594 GetMenuItemCount
0x445598 GetSubMenu
0x44559c GetMenuItemID
0x4455a0 TrackPopupMenu
0x4455a4 SetWindowPlacement
0x4455a8 GetDlgItem
0x4455b0 GetWindowTextA
0x4455b4 GetDlgCtrlID
0x4455b8 DefWindowProcA
0x4455bc DestroyWindow
0x4455c0 CreateWindowExA
0x4455c4 SetWindowsHookExA
0x4455c8 CallNextHookEx
0x4455cc GetClassLongA
0x4455d0 WindowFromPoint
0x4455d4 UnhookWindowsHookEx
0x4455d8 GetPropA
0x4455dc CallWindowProcA
0x4455e0 RemovePropA
0x4455e4 GetMessageTime
0x4455e8 GetMessagePos
0x4455ec GetLastActivePopup
0x4455f0 GetForegroundWindow
0x4455f4 SetForegroundWindow
0x4455f8 GetWindow
0x4455fc GetWindowLongA
0x445600 SetWindowLongA
0x445604 SetWindowPos
0x44560c OffsetRect
0x445610 IntersectRect
0x445618 GetWindowPlacement
0x44561c GetWindowRect
0x445620 IsIconic
0x445624 GetSystemMetrics
0x445628 DrawIcon
0x44562c DrawFocusRect
0x445630 UnregisterClassA
0x445634 HideCaret
0x445638 ShowCaret
0x44563c ExcludeUpdateRgn
0x445640 DefDlgProcA
0x445644 IsWindowUnicode
0x445648 InvalidateRect
0x44564c GetSystemMenu
0x445650 AppendMenuA
0x445654 SendMessageA
0x445658 ShowWindow
0x44565c LoadIconA
0x445660 EnableWindow
0x445664 GrayStringA
0x445668 DrawTextA
0x44566c TabbedTextOutA
0x445670 LoadBitmapA
0x445674 GetKeyState
0x445678 GetParent
0x44567c PostMessageA
0x445680 CharNextA
0x445684 GetDialogBaseUnits
0x445688 GetMenuStringA
0x44568c DeleteMenu
0x445690 GetClassInfoA
0x445694 InsertMenuA
0x445698 SetCapture
0x44569c GetClientRect
0x4456a0 ReleaseCapture
0x4456a4 GetSysColorBrush
0x4456a8 LoadCursorA
0x4456ac GetDesktopWindow
0x4456b0 PtInRect
0x4456b4 GetClassNameA
0x4456b8 DestroyMenu
0x4456bc LoadStringA
0x4456c0 OemToCharA
0x4456c4 CharToOemA
0x4456c8 wvsprintfA
0x4456cc MapDialogRect
0x4456d4 EndDialog
0x4456dc GetMessageA
0x4456e0 TranslateMessage
0x4456e4 GetActiveWindow
0x4456e8 ValidateRect
0x4456ec GetCursorPos
0x4456f0 SetCursor
0x4456f4 ShowOwnedPopups
0x4456f8 PostQuitMessage
0x4456fc InflateRect
0x445700 EndPaint
0x445704 BeginPaint
0x445708 GetWindowDC
0x44570c ReleaseDC
0x445710 GetDC
0x445714 ClientToScreen
0x44571c GetNextDlgTabItem
0x445720 ModifyMenuA
0x445724 SetMenuItemBitmaps
0x445728 CheckMenuItem
0x44572c SetPropA
0x445734 RegisterClassA
0x445738 EnableMenuItem
0x44573c GetMenuState
Library GDI32.dll:
0x44503c ExtTextOutA
0x445040 Escape
0x445044 GetDCOrgEx
0x445048 GetClipBox
0x44504c SetTextColor
0x445050 SetBkColor
0x445054 DeleteDC
0x445058 StartDocA
0x44505c SaveDC
0x445060 RestoreDC
0x445064 SelectObject
0x445068 GetStockObject
0x44506c SelectPalette
0x445070 SetBkMode
0x445074 SetPolyFillMode
0x445078 SetROP2
0x44507c SetStretchBltMode
0x445080 SetMapMode
0x445084 SetViewportOrgEx
0x445088 OffsetViewportOrgEx
0x44508c SetViewportExtEx
0x445090 ScaleViewportExtEx
0x445094 SetWindowOrgEx
0x445098 OffsetWindowOrgEx
0x44509c SetWindowExtEx
0x4450a0 ScaleWindowExtEx
0x4450a4 SelectClipRgn
0x4450a8 ExcludeClipRect
0x4450ac IntersectClipRect
0x4450b0 OffsetClipRgn
0x4450b4 MoveToEx
0x4450b8 LineTo
0x4450bc SetTextAlign
0x4450c4 TextOutA
0x4450c8 SetMapperFlags
0x4450d0 ArcTo
0x4450d4 SetArcDirection
0x4450d8 PolyDraw
0x4450dc PolylineTo
0x4450e0 SetColorAdjustment
0x4450e4 PolyBezierTo
0x4450e8 DeleteObject
0x4450ec GetClipRgn
0x4450f0 CreateRectRgn
0x4450f4 SelectClipPath
0x4450f8 ExtSelectClipRgn
0x4450fc PlayMetaFileRecord
0x445100 GetObjectType
0x445104 EnumMetaFile
0x445108 PlayMetaFile
0x44510c GetDeviceCaps
0x445110 CreatePen
0x445114 ExtCreatePen
0x445118 CreateSolidBrush
0x44511c CreateHatchBrush
0x445120 CreatePatternBrush
0x445128 PatBlt
0x44512c SetRectRgn
0x445130 CombineRgn
0x445138 CreateFontIndirectA
0x445140 GetTextMetricsA
0x445144 GetTextColor
0x445148 CopyMetaFileA
0x44514c CreateDCA
0x445150 RectVisible
0x445154 PtVisible
0x445158 CreateBitmap
0x44515c GetPixel
0x445160 GetObjectA
0x445164 LPtoDP
0x44516c GetMapMode
0x445170 GetWindowExtEx
0x445174 GetViewportExtEx
0x445178 DPtoLP
0x44517c BitBlt
0x445180 GetBkColor
0x445188 CreateDIBitmap
0x44518c GetTextExtentPointA
0x445190 CreateCompatibleDC
Library comdlg32.dll:
0x445754 GetSaveFileNameA
0x445758 GetFileTitleA
0x44575c GetOpenFileNameA
Library WINSPOOL.DRV:
0x445744 ClosePrinter
0x445748 DocumentPropertiesA
0x44574c OpenPrinterA
Library ADVAPI32.dll:
0x445000 RegDeleteKeyA
0x445004 RegCreateKeyA
0x445008 RegEnumKeyA
0x44500c RegQueryValueA
0x445010 RegSetValueA
0x445014 RegOpenKeyA
0x445018 RegCloseKey
0x44501c RegDeleteValueA
0x445020 RegSetValueExA
0x445024 RegQueryValueExA
0x445028 RegOpenKeyExA
0x44502c RegCreateKeyExA
Library SHELL32.dll:
0x445480 SHGetFileInfoA
0x445484 DragQueryFileA
0x445488 DragFinish
0x44548c DragAcceptFiles
0x445490 ExtractIconA
Library COMCTL32.dll:
0x445034
Library oledlg.dll:
0x4457e8
Library ole32.dll:
0x445764 CoTreatAsClass
0x445768 StringFromCLSID
0x44576c ReadClassStg
0x445770 ReadFmtUserTypeStg
0x445774 OleRegGetUserType
0x445778 WriteClassStg
0x44577c WriteFmtUserTypeStg
0x445780 SetConvertStg
0x445784 CreateBindCtx
0x445788 OleDuplicateData
0x445790 ReleaseStgMedium
0x445794 OleInitialize
0x445798 CoDisconnectObject
0x44579c OleRun
0x4457a0 CoCreateInstance
0x4457a4 CoTaskMemAlloc
0x4457a8 CoTaskMemFree
0x4457b8 CoGetClassObject
0x4457bc CLSIDFromString
0x4457c0 CLSIDFromProgID
0x4457cc CoRevokeClassObject
0x4457d0 OleSetClipboard
0x4457d4 OleFlushClipboard
0x4457e0 OleUninitialize
Library OLEPRO32.DLL:
0x445478
Library OLEAUT32.dll:
0x4453e8 SysAllocStringLen
0x4453ec VariantClear
0x4453f4 VariantCopy
0x4453f8 VariantChangeType
0x4453fc SysReAllocStringLen
0x445400 SysAllocString
0x445408 SafeArrayAccessData
0x44540c SafeArrayGetUBound
0x445410 SafeArrayGetLBound
0x445418 SafeArrayGetDim
0x44541c SafeArrayCreate
0x445420 SafeArrayRedim
0x445428 SysStringByteLen
0x44542c VarCyFromStr
0x445430 VarBstrFromCy
0x445434 VarDateFromStr
0x445438 VarBstrFromDate
0x44543c SafeArrayCopy
0x445440 SafeArrayAllocData
0x445448 SafeArrayGetElement
0x44544c SafeArrayPtrOfIndex
0x445450 SafeArrayPutElement
0x445454 SafeArrayLock
0x445458 SafeArrayUnlock
0x44545c SafeArrayDestroy
0x445468 SysStringLen
0x44546c LoadTypeLib
0x445470 SysFreeString

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.