11.0
0-day
53 个模型检测该样本为恶意!
重新分析
更多

9f2e04c5219e405500c6f234a31d032d5cb235ff5ea96955de2f291aa1192431

d17d2785b9e277d0a40dfac7bdd1f9b7.exe

分析耗时

74s

最近分析

文件大小

573.5KB
静态报毒 动态报毒 AI SCORE=84 AIDETECTVM ALI2000015 APGW AUTO CLOUD CONFIDENCE DELF DELFINJECT EMNU FAREIT JAJPE JGW@A8PV@UNI KJBK LOKIBOT MALWARE2 MODERATE NANOCORE NOON PUTTY QVM05 R342688 SCORE SUSGEN SUSPICIOUS PE THGOBBO TROJAN3 UNSAFE ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
Avast Win32:Malware-gen 20200703 18.4.3895.0
Baidu 20190318 1.0.0.2
Kingsoft 20200703 2013.8.14.323
McAfee Fareit-FTB!D17D2785B9E2 20200703 6.0.6.653
Tencent Win32.Backdoor.Fareit.Auto 20200703 1.0.0.1
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1620908556.885625
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620908565.807625
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620908571.073625
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Tries to locate where the browsers are installed (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620908554.635625
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1620897716.18956
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 48234308
registers.edi: 0
registers.eax: 0
registers.ebp: 48234376
registers.edx: 41
registers.ebx: 0
registers.esi: 0
registers.ecx: 138
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 16 7f 00 00 e9
exception.symbol: d17d2785b9e277d0a40dfac7bdd1f9b7+0x5a1d9
exception.instruction: div eax
exception.module: d17d2785b9e277d0a40dfac7bdd1f9b7.exe
exception.exception_code: 0xc0000094
exception.offset: 369113
exception.address: 0x45a1d9
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1620897716.00156
NtAllocateVirtualMemory
process_identifier: 2252
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00360000
success 0 0
1620897716.18956
NtProtectVirtualMemory
process_identifier: 2252
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 32768
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0045a000
success 0 0
1620897716.18956
NtAllocateVirtualMemory
process_identifier: 2252
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02e10000
success 0 0
Steals private information from local Internet browsers (19 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\LocalMapleStudio\ChromePlus\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\LocalMapleStudio\ChromePlus\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Nichrome\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Nichrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\RockMelt\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\RockMelt\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Data
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\SeaMonkey
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1620908571.026625
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d17d2785b9e277d0a40dfac7bdd1f9b7.exe
newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\6ED2B0\0019EA.exe
newfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Roaming\6ED2B0\0019EA.exe
flags: 1
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d17d2785b9e277d0a40dfac7bdd1f9b7.exe
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.3674911422446865 section {'size_of_data': '0x00024000', 'virtual_address': '0x00072000', 'entropy': 7.3674911422446865, 'name': '.rsrc', 'virtual_size': '0x00023e4c'} description A section with a high entropy has been found
entropy 0.251528384279476 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1620908565.698625
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Harvests credentials from local FTP client softwares (22 个事件)
file C:\Program Files (x86)\FTPGetter\Profile\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FTPGetter\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Estsoft\ALFTP\ESTdb2.dat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\wcx_ftp.ini
file C:\Windows\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\GHISLER\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\wcx_ftp.ini
file C:\Windows\32BitFtp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\sitemanager.xml
file C:\Program Files (x86)\FileZilla\Filezilla.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\filezilla.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\recentservers.xml
registry HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
registry HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
registry HKEY_CURRENT_USER\Software\Ghisler\Total Commander
registry HKEY_CURRENT_USER\Software\VanDyke\SecureFX
registry HKEY_CURRENT_USER\Software\LinasFTP\Site Manager
registry HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings
registry HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions
registry HKEY_LOCAL_MACHINE\Software\SimonTatham\PuTTY\Sessions
registry HKEY_CURRENT_USER\Software\Martin Prikryl
registry HKEY_LOCAL_MACHINE\Software\Martin Prikryl
Harvests information related to installed instant messenger clients (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\.purple\accounts.xml
Harvests credentials from local email clients (3 个事件)
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird
registry HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2252 called NtSetContextThread to modify thread in remote process 1316
Time & API Arguments Status Return Repeated
1620897716.75156
NtSetContextThread
thread_handle: 0x00000108
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4274654
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1316
success 0 0
Putty Files, Registry Keys and/or Mutexes Detected
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2252 resumed a thread in remote process 1316
Time & API Arguments Status Return Repeated
1620897717.20556
NtResumeThread
thread_handle: 0x00000108
suspend_count: 1
process_identifier: 1316
success 0 0
Generates some ICMP traffic
Executed a process and injected code into it, probably while unpacking (7 个事件)
Time & API Arguments Status Return Repeated
1620897716.42356
CreateProcessInternalW
thread_identifier: 2228
thread_handle: 0x00000108
process_identifier: 1316
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d17d2785b9e277d0a40dfac7bdd1f9b7.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x0000010c
inherit_handles: 0
success 1 0
1620897716.42356
NtUnmapViewOfSection
process_identifier: 1316
region_size: 4096
process_handle: 0x0000010c
base_address: 0x00400000
success 0 0
1620897716.43956
NtMapViewOfSection
section_handle: 0x00000114
process_identifier: 1316
commit_size: 663552
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x0000010c
allocation_type: 0 ()
section_offset: 0
view_size: 663552
base_address: 0x00400000
success 0 0
1620897716.75156
NtGetContextThread
thread_handle: 0x00000108
success 0 0
1620897716.75156
NtSetContextThread
thread_handle: 0x00000108
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4274654
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1316
success 0 0
1620897717.20556
NtResumeThread
thread_handle: 0x00000108
suspend_count: 1
process_identifier: 1316
success 0 0
1620908555.182625
NtResumeThread
thread_handle: 0x00000110
suspend_count: 1
process_identifier: 1316
success 0 0
File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 个事件)
Bkav W32.AIDetectVM.malware2
DrWeb Trojan.Nanocore.23
MicroWorld-eScan Trojan.Delf.FareIt.Gen.7
Qihoo-360 HEUR/QVM05.1.4FA1.Malware.Gen
ALYac Trojan.Delf.FareIt.Gen.7
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Riskware ( 0040eff71 )
Cybereason malicious.a85b45
TrendMicro TrojanSpy.Win32.NOON.THGOBBO
BitDefenderTheta Gen:NN.ZelphiF.34130.JGW@a8pV@uni
F-Prot W32/Trojan3.APGW
Symantec Infostealer.Lokibot!43
ESET-NOD32 a variant of Win32/Injector.EMNU
APEX Malicious
Paloalto generic.ml
ClamAV Win.Malware.Fareit-6863179-0
GData Trojan.Delf.FareIt.Gen.7
Kaspersky HEUR:Trojan-Spy.Win32.Noon.gen
BitDefender Trojan.Delf.FareIt.Gen.7
AegisLab Trojan.Win32.Noon.l!c
Avast Win32:Malware-gen
Rising Spyware.Noon!8.E7C9 (CLOUD)
Sophos Mal/Generic-S
F-Secure Trojan.TR/Injector.jajpe
Invincea heuristic
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.d17d2785b9e277d0
Emsisoft Trojan.Delf.FareIt.Gen.7 (B)
SentinelOne DFI - Suspicious PE
Cyren W32/Trojan.KJBK-7437
Webroot W32.Trojan.Gen
Avira TR/Injector.jajpe
Arcabit Trojan.Delf.FareIt.Gen.7
ZoneAlarm HEUR:Trojan-Spy.Win32.Noon.gen
Microsoft Trojan:Win32/Lokibot.SS!MTB
AhnLab-V3 Trojan/Win32.Fareit.R342688
Acronis suspicious
McAfee Fareit-FTB!D17D2785B9E2
MAX malware (ai score=84)
Malwarebytes Trojan.MalPack.DLF
TrendMicro-HouseCall TrojanSpy.Win32.NOON.THGOBBO
Tencent Win32.Backdoor.Fareit.Auto
Ikarus Trojan.Inject
eGambit Unsafe.AI_Score_98%
Fortinet W32/Injector.EMNU!tr
Ad-Aware Trojan.Delf.FareIt.Gen.7
AVG Win32:Malware-gen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x466150 VirtualFree
0x466154 VirtualAlloc
0x466158 LocalFree
0x46615c LocalAlloc
0x466160 GetVersion
0x466164 GetCurrentThreadId
0x466170 VirtualQuery
0x466174 WideCharToMultiByte
0x466178 MultiByteToWideChar
0x46617c lstrlenA
0x466180 lstrcpynA
0x466184 LoadLibraryExA
0x466188 GetThreadLocale
0x46618c GetStartupInfoA
0x466190 GetProcAddress
0x466194 GetModuleHandleA
0x466198 GetModuleFileNameA
0x46619c GetLocaleInfoA
0x4661a0 GetCommandLineA
0x4661a4 FreeLibrary
0x4661a8 FindFirstFileA
0x4661ac FindClose
0x4661b0 ExitProcess
0x4661b4 WriteFile
0x4661bc RtlUnwind
0x4661c0 RaiseException
0x4661c4 GetStdHandle
Library user32.dll:
0x4661cc GetKeyboardType
0x4661d0 LoadStringA
0x4661d4 MessageBoxA
0x4661d8 CharNextA
Library advapi32.dll:
0x4661e0 RegQueryValueExA
0x4661e4 RegOpenKeyExA
0x4661e8 RegCloseKey
Library oleaut32.dll:
0x4661f0 SysFreeString
0x4661f4 SysReAllocStringLen
0x4661f8 SysAllocStringLen
Library kernel32.dll:
0x466200 TlsSetValue
0x466204 TlsGetValue
0x466208 LocalAlloc
0x46620c GetModuleHandleA
Library advapi32.dll:
0x466214 RegQueryValueExA
0x466218 RegOpenKeyExA
0x46621c RegCloseKey
Library kernel32.dll:
0x466224 lstrcpyA
0x466228 WriteFile
0x466230 WaitForSingleObject
0x466234 VirtualQuery
0x466238 VirtualAlloc
0x46623c Sleep
0x466240 SizeofResource
0x466244 SetThreadLocale
0x466248 SetFilePointer
0x46624c SetEvent
0x466250 SetErrorMode
0x466254 SetEndOfFile
0x466258 ResetEvent
0x46625c ReadFile
0x466260 MulDiv
0x466264 LockResource
0x466268 LoadResource
0x46626c LoadLibraryA
0x466278 GlobalUnlock
0x46627c GlobalSize
0x466280 GlobalReAlloc
0x466284 GlobalHandle
0x466288 GlobalLock
0x46628c GlobalFree
0x466290 GlobalFindAtomA
0x466294 GlobalDeleteAtom
0x466298 GlobalAlloc
0x46629c GlobalAddAtomA
0x4662a0 GetVersionExA
0x4662a4 GetVersion
0x4662a8 GetTickCount
0x4662ac GetThreadLocale
0x4662b0 GetSystemInfo
0x4662b4 GetStringTypeExA
0x4662b8 GetStdHandle
0x4662bc GetProfileStringA
0x4662c0 GetProcAddress
0x4662c4 GetModuleHandleA
0x4662c8 GetModuleFileNameA
0x4662cc GetLocaleInfoA
0x4662d0 GetLocalTime
0x4662d4 GetLastError
0x4662d8 GetFullPathNameA
0x4662dc GetDiskFreeSpaceA
0x4662e0 GetDateFormatA
0x4662e4 GetCurrentThreadId
0x4662e8 GetCurrentProcessId
0x4662ec GetCPInfo
0x4662f0 GetACP
0x4662f4 FreeResource
0x4662f8 InterlockedExchange
0x4662fc FreeLibrary
0x466300 FormatMessageA
0x466304 FindResourceA
0x466308 ExitThread
0x46630c EnumCalendarInfoA
0x466318 CreateThread
0x46631c CreateFileA
0x466320 CreateEventA
0x466324 CompareStringA
0x466328 CloseHandle
Library version.dll:
0x466330 VerQueryValueA
0x466338 GetFileVersionInfoA
Library gdi32.dll:
0x466340 UnrealizeObject
0x466344 StretchBlt
0x466348 SetWindowOrgEx
0x46634c SetWinMetaFileBits
0x466350 SetViewportOrgEx
0x466354 SetTextColor
0x466358 SetStretchBltMode
0x46635c SetROP2
0x466360 SetPixel
0x466364 SetEnhMetaFileBits
0x466368 SetDIBColorTable
0x46636c SetBrushOrgEx
0x466370 SetBkMode
0x466374 SetBkColor
0x466378 SelectPalette
0x46637c SelectObject
0x466380 SaveDC
0x466384 RestoreDC
0x466388 RectVisible
0x46638c RealizePalette
0x466390 PlayEnhMetaFile
0x466394 PathToRegion
0x466398 PatBlt
0x46639c MoveToEx
0x4663a0 MaskBlt
0x4663a4 LineTo
0x4663a8 IntersectClipRect
0x4663ac GetWindowOrgEx
0x4663b0 GetWinMetaFileBits
0x4663b4 GetTextMetricsA
0x4663c0 GetStockObject
0x4663c4 GetPixel
0x4663c8 GetPaletteEntries
0x4663cc GetObjectA
0x4663d8 GetEnhMetaFileBits
0x4663dc GetDeviceCaps
0x4663e0 GetDIBits
0x4663e4 GetDIBColorTable
0x4663e8 GetDCOrgEx
0x4663f0 GetClipBox
0x4663f4 GetBrushOrgEx
0x4663f8 GetBitmapBits
0x4663fc ExtTextOutA
0x466400 ExcludeClipRect
0x466404 EndPage
0x466408 EndDoc
0x46640c DeleteObject
0x466410 DeleteEnhMetaFile
0x466414 DeleteDC
0x466418 CreateSolidBrush
0x46641c CreatePenIndirect
0x466420 CreatePalette
0x466424 CreateICA
0x46642c CreateFontIndirectA
0x466430 CreateDIBitmap
0x466434 CreateDIBSection
0x466438 CreateDCA
0x46643c CreateCompatibleDC
0x466444 CreateBrushIndirect
0x466448 CreateBitmap
0x46644c CopyEnhMetaFileA
0x466450 BitBlt
Library user32.dll:
0x466458 CreateWindowExA
0x46645c WindowFromPoint
0x466460 WinHelpA
0x466464 WaitMessage
0x466468 UpdateWindow
0x46646c UnregisterClassA
0x466470 UnhookWindowsHookEx
0x466474 TranslateMessage
0x46647c TrackPopupMenu
0x466484 ShowWindow
0x466488 ShowScrollBar
0x46648c ShowOwnedPopups
0x466490 ShowCursor
0x466494 SetWindowsHookExA
0x466498 SetWindowTextA
0x46649c SetWindowPos
0x4664a0 SetWindowPlacement
0x4664a4 SetWindowLongA
0x4664a8 SetTimer
0x4664ac SetScrollRange
0x4664b0 SetScrollPos
0x4664b4 SetScrollInfo
0x4664b8 SetRect
0x4664bc SetPropA
0x4664c0 SetParent
0x4664c4 SetMenuItemInfoA
0x4664c8 SetMenu
0x4664cc SetForegroundWindow
0x4664d0 SetFocus
0x4664d4 SetCursor
0x4664d8 SetClassLongA
0x4664dc SetCapture
0x4664e0 SetActiveWindow
0x4664e4 SendMessageA
0x4664e8 ScrollWindow
0x4664ec ScreenToClient
0x4664f0 RemovePropA
0x4664f4 RemoveMenu
0x4664f8 ReleaseDC
0x4664fc ReleaseCapture
0x466508 RegisterClassA
0x46650c RedrawWindow
0x466510 PtInRect
0x466514 PostQuitMessage
0x466518 PostMessageA
0x46651c PeekMessageA
0x466520 OffsetRect
0x466524 OemToCharA
0x466528 MessageBoxA
0x46652c MapWindowPoints
0x466530 MapVirtualKeyA
0x466534 LoadStringA
0x466538 LoadKeyboardLayoutA
0x46653c LoadIconA
0x466540 LoadCursorA
0x466544 LoadBitmapA
0x466548 KillTimer
0x46654c IsZoomed
0x466550 IsWindowVisible
0x466554 IsWindowEnabled
0x466558 IsWindow
0x46655c IsRectEmpty
0x466560 IsIconic
0x466564 IsDialogMessageA
0x466568 IsChild
0x46656c InvalidateRect
0x466570 IntersectRect
0x466574 InsertMenuItemA
0x466578 InsertMenuA
0x46657c InflateRect
0x466584 GetWindowTextA
0x466588 GetWindowRect
0x46658c GetWindowPlacement
0x466590 GetWindowLongA
0x466594 GetWindowDC
0x466598 GetTopWindow
0x46659c GetSystemMetrics
0x4665a0 GetSystemMenu
0x4665a4 GetSysColorBrush
0x4665a8 GetSysColor
0x4665ac GetSubMenu
0x4665b0 GetScrollRange
0x4665b4 GetScrollPos
0x4665b8 GetScrollInfo
0x4665bc GetPropA
0x4665c0 GetParent
0x4665c4 GetWindow
0x4665c8 GetMenuStringA
0x4665cc GetMenuState
0x4665d0 GetMenuItemInfoA
0x4665d4 GetMenuItemID
0x4665d8 GetMenuItemCount
0x4665dc GetMenu
0x4665e0 GetLastActivePopup
0x4665e4 GetKeyboardState
0x4665ec GetKeyboardLayout
0x4665f0 GetKeyState
0x4665f4 GetKeyNameTextA
0x4665f8 GetIconInfo
0x4665fc GetForegroundWindow
0x466600 GetFocus
0x466604 GetDesktopWindow
0x466608 GetDCEx
0x46660c GetDC
0x466610 GetCursorPos
0x466614 GetCursor
0x466618 GetClipboardData
0x46661c GetClientRect
0x466620 GetClassNameA
0x466624 GetClassInfoA
0x466628 GetCapture
0x46662c GetActiveWindow
0x466630 FrameRect
0x466634 FindWindowA
0x466638 FillRect
0x46663c EqualRect
0x466640 EnumWindows
0x466644 EnumThreadWindows
0x466648 EndPaint
0x46664c EnableWindow
0x466650 EnableScrollBar
0x466654 EnableMenuItem
0x466658 DrawTextA
0x46665c DrawMenuBar
0x466660 DrawIconEx
0x466664 DrawIcon
0x466668 DrawFrameControl
0x46666c DrawFocusRect
0x466670 DrawEdge
0x466674 DispatchMessageA
0x466678 DestroyWindow
0x46667c DestroyMenu
0x466680 DestroyIcon
0x466684 DestroyCursor
0x466688 DeleteMenu
0x46668c DefWindowProcA
0x466690 DefMDIChildProcA
0x466694 DefFrameProcA
0x466698 CreatePopupMenu
0x46669c CreateMenu
0x4666a0 CreateIcon
0x4666a4 ClientToScreen
0x4666a8 CheckMenuItem
0x4666ac CallWindowProcA
0x4666b0 CallNextHookEx
0x4666b4 BeginPaint
0x4666b8 CharNextA
0x4666bc CharLowerBuffA
0x4666c0 CharLowerA
0x4666c4 CharToOemA
0x4666c8 AdjustWindowRectEx
Library kernel32.dll:
0x4666d4 Sleep
Library oleaut32.dll:
0x4666dc SafeArrayPtrOfIndex
0x4666e0 SafeArrayGetUBound
0x4666e4 SafeArrayGetLBound
0x4666e8 SafeArrayCreate
0x4666ec VariantChangeType
0x4666f0 VariantCopy
0x4666f4 VariantClear
0x4666f8 VariantInit
Library comctl32.dll:
0x466708 ImageList_Write
0x46670c ImageList_Read
0x46671c ImageList_DragMove
0x466720 ImageList_DragLeave
0x466724 ImageList_DragEnter
0x466728 ImageList_EndDrag
0x46672c ImageList_BeginDrag
0x466730 ImageList_Remove
0x466734 ImageList_DrawEx
0x466738 ImageList_Draw
0x466748 ImageList_Add
0x466750 ImageList_Destroy
0x466754 ImageList_Create
Library winspool.drv:
0x46675c OpenPrinterA
0x466760 EnumPrintersA
0x466764 DocumentPropertiesA
0x466768 ClosePrinter
Library comdlg32.dll:
0x466770 PageSetupDlgA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 62912 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.