6.2
高危
56 个模型检测该样本为恶意!
重新分析
更多

54a1d0d3ab8dce1f5048ea147a87151360422f8d63018522b7779b558f5069ba

d1e7bd6890ca2f6dfc6b25f2d0afaa3f.exe

分析耗时

76s

最近分析

文件大小

324.0KB
静态报毒 动态报毒 100% AI SCORE=80 AIDETECTVM ATTRIBUTE CONFIDENCE DOWNLOADER34 EJVW ELDORADO EMOTET EUWW GENCIRC GENETIC GENKRYPTIK HCEJ HIGH CONFIDENCE HIGHCONFIDENCE HRSLQQ KRYPTIK MALWARE2 MALWARE@#2NSQ8C2YS3Q59 OQRQF PROABVNGENL R + TROJ R347789 SCORE SUSGEN THIBOBO UNSAFE WNYN6OALXTK 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRV!D1E7BD6890CA 20201209 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Alibaba Trojan:Win32/Emotet.32afc00a 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201208 20.10.5736.0
Tencent Malware.Win32.Gencirc.10cde8e9 20201209 1.0.0.1
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619910870.535755
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1619910854.738755
CryptGenKey
crypto_handle: 0x006eea88
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00647490
flags: 1
key: fƒg$rLbÁT+[x<Õù
success 1 0
1619910870.551755
CryptExportKey
crypto_handle: 0x006eea88
crypto_export_handle: 0x00646c50
buffer: f¤ù‚XPªÜntÍÑFÅ vŸ[‡Bã$óÒhç±t£­©‹ßhÖW؝Þe€š¶sÜê£EE- 6¢ÿGÆukü _¶Äp>Ká íÀ¾V.¦u†²üòÇ6*
blob_type: 1
flags: 64
success 1 0
1619910906.770755
CryptExportKey
crypto_handle: 0x006eea88
crypto_export_handle: 0x00646c50
buffer: f¤¼U_x.Ã}Óï»t¡½žVÞËͅ˜à»ºn.Ç8yåû׬jYAD…r¢"ÅÕy¶(^±®M¹‘ÌÌ»NîÐ À$ðèýQðòîƒOB­o“󷁀GZâ>
blob_type: 1
flags: 64
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619910854.192755
NtAllocateVirtualMemory
process_identifier: 2760
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01e60000
success 0 0
Foreign language identified in PE resource (41 个事件)
name RT_ICON language LANG_CHINESE offset 0x000439e0 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x000439e0 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x000439e0 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x000439e0 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x000439e0 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x000439e0 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x000439e0 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x000439e0 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x000439e0 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x000439e0 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x000439e0 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x000439e0 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x000439e0 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x000439e0 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x000439e0 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x000439e0 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x000439e0 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x000439e0 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x000439e0 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x000439e0 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x000439e0 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x000439e0 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x000439e0 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x000439e0 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x000002e8
name RT_RCDATA language LANG_CHINESE offset 0x00043ce0 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00008544
name RT_GROUP_ICON language LANG_CHINESE offset 0x00043cc8 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00043cc8 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00043cc8 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00043cc8 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00043cc8 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00043cc8 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00043cc8 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00043cc8 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00043cc8 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00043cc8 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00043cc8 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00043cc8 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00043cc8 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00043cc8 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00043cc8 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x00043cc8 filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL size 0x00000014
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619910871.035755
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process d1e7bd6890ca2f6dfc6b25f2d0afaa3f.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619910870.692755
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 159.203.232.29
host 172.217.24.14
host 176.216.226.44
host 58.63.233.69
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619910873.613755
RegSetValueExA
key_handle: 0x000003c0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619910873.613755
RegSetValueExA
key_handle: 0x000003c0
value: æzEù>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619910873.613755
RegSetValueExA
key_handle: 0x000003c0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619910873.613755
RegSetValueExW
key_handle: 0x000003c0
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619910873.613755
RegSetValueExA
key_handle: 0x000003d8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619910873.613755
RegSetValueExA
key_handle: 0x000003d8
value: æzEù>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619910873.629755
RegSetValueExA
key_handle: 0x000003d8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619910873.660755
RegSetValueExW
key_handle: 0x000003bc
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 176.216.226.44:80
File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Agent.EUWW
McAfee Emotet-FRV!D1E7BD6890CA
Cylance Unsafe
Zillya Backdoor.Emotet.Win32.1036
Sangfor Malware
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Trojan:Win32/Emotet.32afc00a
K7GW Trojan ( 0056c66f1 )
K7AntiVirus Trojan ( 0056c66f1 )
Cyren W32/Emotet.APP.gen!Eldorado
Symantec ML.Attribute.HighConfidence
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THIBOBO
ClamAV Win.Malware.Emotet-9371536-0
Kaspersky HEUR:Backdoor.Win32.Emotet.vho
BitDefender Trojan.Agent.EUWW
NANO-Antivirus Trojan.Win32.Emotet.hrslqq
Avast Win32:Trojan-gen
Tencent Malware.Win32.Gencirc.10cde8e9
Ad-Aware Trojan.Agent.EUWW
TACHYON Trojan/W32.Agent.331776.AGW
Sophos Mal/Generic-R + Troj/Emotet-CKZ
Comodo Malware@#2nsq8c2ys3q59
F-Secure Trojan.TR/Kryptik.oqrqf
DrWeb Trojan.DownLoader34.22436
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.EMOTET.THIBOBO
McAfee-GW-Edition Emotet-FRV!D1E7BD6890CA
FireEye Trojan.Agent.EUWW
Emsisoft Trojan.Emotet (A)
APEX Malicious
GData Trojan.Agent.EUWW
Jiangmin Backdoor.Emotet.qr
Avira TR/Kryptik.oqrqf
Antiy-AVL Trojan/Win32.GenKryptik
Gridinsoft Trojan.Win32.Kryptik.oa
Arcabit Trojan.Agent.EUWW
AegisLab Trojan.Win32.Emotet.L!c
ZoneAlarm HEUR:Backdoor.Win32.Emotet.vho
Microsoft Trojan:Win32/Emotet.GGG!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Emotet.R347789
VBA32 Trojan.Downloader
ALYac Trojan.Agent.Emotet
MAX malware (ai score=80)
Malwarebytes Trojan.Emotet
ESET-NOD32 a variant of Win32/GenKryptik.EJVW
Rising Trojan.GenKryptik!8.AA55 (TFE:5:PRoAbVNgeNL)
Yandex Trojan.GenKryptik!WnyN6OaLXtk
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-13 04:41:44

Imports

Library KERNEL32.dll:
0x4396d8 HeapFree
0x4396dc TerminateProcess
0x4396e0 HeapSize
0x4396e4 HeapReAlloc
0x4396e8 GetACP
0x4396f0 LCMapStringA
0x4396f4 LCMapStringW
0x4396f8 Sleep
0x439710 SetHandleCount
0x439714 GetStdHandle
0x439718 GetFileType
0x43971c HeapDestroy
0x439720 HeapAlloc
0x439724 VirtualFree
0x43972c VirtualAlloc
0x439730 IsBadWritePtr
0x439734 GetStringTypeA
0x439738 GetStringTypeW
0x43973c IsBadReadPtr
0x439740 IsBadCodePtr
0x439744 SetStdHandle
0x439748 CompareStringA
0x43974c CompareStringW
0x439754 RaiseException
0x439758 GetCommandLineA
0x43975c GetStartupInfoA
0x439760 GetProfileStringA
0x439764 InterlockedExchange
0x439768 RtlUnwind
0x43976c GetFileTime
0x439770 GetFileSize
0x439774 GetFileAttributesA
0x439778 GetTickCount
0x439784 GetFullPathNameA
0x43978c FindFirstFileA
0x439790 FindClose
0x439794 SetEndOfFile
0x439798 UnlockFile
0x43979c LockFile
0x4397a0 FlushFileBuffers
0x4397a4 SetFilePointer
0x4397a8 WriteFile
0x4397ac ReadFile
0x4397b0 CreateFileA
0x4397b4 GetCurrentProcess
0x4397b8 DuplicateHandle
0x4397bc SetErrorMode
0x4397c0 GetThreadLocale
0x4397c4 SizeofResource
0x4397cc GetOEMCP
0x4397d0 GetCPInfo
0x4397d4 GetProcessVersion
0x4397d8 GlobalFlags
0x4397dc TlsGetValue
0x4397e0 LocalReAlloc
0x4397e4 TlsSetValue
0x4397ec GlobalReAlloc
0x4397f4 TlsFree
0x4397f8 GlobalHandle
0x439800 TlsAlloc
0x439808 LocalAlloc
0x43980c GetLastError
0x439810 FormatMessageA
0x439814 LocalFree
0x439818 MultiByteToWideChar
0x43981c WideCharToMultiByte
0x439828 GlobalFree
0x43982c CloseHandle
0x439830 GetModuleFileNameA
0x439834 GlobalAlloc
0x439838 lstrcmpA
0x43983c GetCurrentThread
0x439840 lstrcpynA
0x439844 GlobalLock
0x439848 GlobalUnlock
0x43984c MulDiv
0x439850 SetLastError
0x439854 LoadLibraryA
0x439858 FreeLibrary
0x43985c FindResourceA
0x439860 LoadResource
0x439864 LockResource
0x439868 GetVersion
0x43986c lstrcatA
0x439870 GetCurrentThreadId
0x439874 GlobalGetAtomNameA
0x439878 lstrcmpiA
0x43987c GlobalAddAtomA
0x439880 GlobalFindAtomA
0x439884 GlobalDeleteAtom
0x439888 GetModuleHandleA
0x43988c GetProcAddress
0x439890 ExitProcess
0x439894 lstrlenA
0x439898 HeapCreate
0x43989c lstrcpyA
Library USER32.dll:
0x4398d8 SetRect
0x4398dc GetNextDlgGroupItem
0x4398e0 MessageBeep
0x4398e4 CharUpperA
0x4398ec PostThreadMessageA
0x4398f0 CheckMenuItem
0x4398f4 EnableMenuItem
0x4398f8 GetNextDlgTabItem
0x4398fc IsWindowEnabled
0x439900 ShowWindow
0x439904 MoveWindow
0x439908 SetWindowTextA
0x43990c IsDialogMessageA
0x439910 SetDlgItemTextA
0x439914 PostMessageA
0x439918 UpdateWindow
0x43991c SendDlgItemMessageA
0x439920 MapWindowPoints
0x439924 GetSysColor
0x439928 PeekMessageA
0x43992c DispatchMessageA
0x439930 GetFocus
0x439934 SetActiveWindow
0x439938 IsWindow
0x43993c SetFocus
0x439940 AdjustWindowRectEx
0x439944 ScreenToClient
0x439948 IsWindowVisible
0x43994c CharNextA
0x439950 GetTopWindow
0x439954 MessageBoxA
0x439958 GetParent
0x43995c GetCapture
0x439960 WinHelpA
0x439964 wsprintfA
0x439968 GetClassInfoA
0x43996c RegisterClassA
0x439970 GetMenu
0x439974 GetMenuItemCount
0x439978 GetSubMenu
0x43997c GetMenuItemID
0x439980 GetDlgItem
0x439988 GetWindowTextA
0x43998c GetKeyState
0x439990 DefWindowProcA
0x439994 DestroyWindow
0x439998 CreateWindowExA
0x43999c SetWindowsHookExA
0x4399a0 CallNextHookEx
0x4399a4 GetClassLongA
0x4399a8 SetPropA
0x4399ac UnhookWindowsHookEx
0x4399b0 GetPropA
0x4399b4 CallWindowProcA
0x4399b8 RemovePropA
0x4399bc GetMessageTime
0x4399c0 GetMessagePos
0x4399c4 GetLastActivePopup
0x4399c8 GetForegroundWindow
0x4399cc SetForegroundWindow
0x4399d0 GetWindow
0x4399d4 GetWindowLongA
0x4399d8 SetWindowLongA
0x4399dc SetWindowPos
0x4399e0 CopyRect
0x4399e4 InflateRect
0x4399e8 OffsetRect
0x4399ec UnregisterClassA
0x4399f0 HideCaret
0x4399f4 ShowCaret
0x4399f8 ExcludeUpdateRgn
0x4399fc DrawFocusRect
0x439a04 IntersectRect
0x439a0c GetWindowPlacement
0x439a10 GetWindowRect
0x439a14 LoadIconA
0x439a18 GetClientRect
0x439a1c IsIconic
0x439a20 GetSystemMenu
0x439a24 AppendMenuA
0x439a28 GetSystemMetrics
0x439a2c SendMessageA
0x439a30 EnableWindow
0x439a34 InvalidateRect
0x439a38 DrawEdge
0x439a3c DefDlgProcA
0x439a40 IsWindowUnicode
0x439a44 FillRect
0x439a48 DrawIcon
0x439a4c GetSysColorBrush
0x439a50 LoadCursorA
0x439a54 GetDesktopWindow
0x439a58 PtInRect
0x439a5c GetClassNameA
0x439a60 DestroyMenu
0x439a64 LoadStringA
0x439a68 MapDialogRect
0x439a70 EndDialog
0x439a78 GetMessageA
0x439a7c TranslateMessage
0x439a80 GetActiveWindow
0x439a84 ValidateRect
0x439a88 GetCursorPos
0x439a8c SetCursor
0x439a90 PostQuitMessage
0x439a94 GrayStringA
0x439a98 DrawTextA
0x439a9c TabbedTextOutA
0x439aa0 EndPaint
0x439aa4 BeginPaint
0x439aa8 GetWindowDC
0x439aac ReleaseDC
0x439ab0 SetMenuItemBitmaps
0x439ab4 ClientToScreen
0x439ab8 GetDlgCtrlID
0x439ac0 LoadBitmapA
0x439ac4 GetMenuState
0x439ac8 IsChild
0x439acc ModifyMenuA
0x439ad0 GetDC
Library GDI32.dll:
0x439630 SetMapMode
0x439634 SetViewportOrgEx
0x439638 OffsetViewportOrgEx
0x43963c SetViewportExtEx
0x439640 ScaleViewportExtEx
0x439644 SetWindowExtEx
0x439648 ScaleWindowExtEx
0x43964c IntersectClipRect
0x439650 DeleteObject
0x439654 SetBkMode
0x439658 GetDeviceCaps
0x43965c GetViewportExtEx
0x439660 GetWindowExtEx
0x439664 CreatePen
0x439668 CreateSolidBrush
0x43966c PtVisible
0x439670 RectVisible
0x439674 TextOutA
0x439678 ExtTextOutA
0x43967c Escape
0x439680 GetMapMode
0x439684 PatBlt
0x439688 DPtoLP
0x43968c GetTextColor
0x439690 GetBkColor
0x439694 LPtoDP
0x439698 GetStockObject
0x43969c SelectObject
0x4396a0 RestoreDC
0x4396a4 SaveDC
0x4396a8 DeleteDC
0x4396ac CreateBitmap
0x4396b0 GetObjectA
0x4396b4 SetBkColor
0x4396b8 SetTextColor
0x4396bc GetClipBox
0x4396c0 CreateDIBitmap
0x4396c4 GetTextExtentPointA
0x4396c8 BitBlt
0x4396cc CreateCompatibleDC
0x4396d0 Rectangle
Library comdlg32.dll:
0x439ae8 GetFileTitleA
Library WINSPOOL.DRV:
0x439ad8 ClosePrinter
0x439adc DocumentPropertiesA
0x439ae0 OpenPrinterA
Library ADVAPI32.dll:
0x439614 RegCloseKey
0x439618 RegSetValueExA
0x43961c RegOpenKeyExA
0x439620 RegCreateKeyExA
Library COMCTL32.dll:
0x439628
Library oledlg.dll:
0x439b30
Library ole32.dll:
0x439af4 OleInitialize
0x439af8 CoTaskMemAlloc
0x439afc CoTaskMemFree
0x439b0c CoGetClassObject
0x439b10 CLSIDFromString
0x439b14 CLSIDFromProgID
0x439b1c CoRevokeClassObject
0x439b20 OleFlushClipboard
0x439b28 OleUninitialize
Library OLEPRO32.DLL:
0x4398cc
Library OLEAUT32.dll:
0x4398a4 VariantCopy
0x4398a8 VariantClear
0x4398ac SysAllocStringLen
0x4398b0 SysFreeString
0x4398b4 VariantChangeType
0x4398b8 SysAllocString
0x4398c0 SysStringLen

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.