6.2
高危
50 个模型检测该样本为恶意!
重新分析
更多

d465f845b1b85e0b5dd1767875d8b7ba7a2a41843d029d540ff31b690e01979a

d23c6f55685edb0dfbf8e779a8dc7841.exe

分析耗时

79s

最近分析

文件大小

628.1KB
静态报毒 动态报毒 100% 8TNM5ARXA8W AI SCORE=82 AUTORUNS BANKERX BFFX CLASSIC CONFIDENCE CRIDEX CYLT EMOTET GENERICKD GENERICKDZ GENETIC GENKRYPTIK HIGH CONFIDENCE HOKNHE KCLOUD KRYPTIK NHTIK QVM07 R + TROJ SUSGEN UNSAFE ZENPAK 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRI!D23C6F55685E 20201211 6.0.6.653
Avast 20201211 21.1.5827.0
Alibaba Trojan:Win32/Emotet.9038caea 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Kingsoft Win32.Troj.Undef.(kcloud) 20201211 2017.9.26.565
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619910862.821093
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1619910854.524093
CryptGenKey
crypto_handle: 0x009c8568
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00910f00
flags: 1
key: fǾ~‚$¢‰Âp]·
success 1 0
1619910862.836093
CryptExportKey
crypto_handle: 0x009c8568
crypto_export_handle: 0x00910fc8
buffer: f¤§×œšhùzuŠ1r9öNXIëÿ5L­‚ÚWä~9¦úǑ¢+mt¯i aï¦8D€É°¤± @ö¬ßßåóÏ}k«øåЫ_¸bˆ%•@f \Þ –ÖݬŽž
blob_type: 1
flags: 64
success 1 0
1619910898.196093
CryptExportKey
crypto_handle: 0x009c8568
crypto_export_handle: 0x00910fc8
buffer: f¤â\¨ðŠÞ[TaÆTcˆ*ƒ?faÿÑâ I{¿;›>{\wU°2I™Óu#» ·ƒ’]‚@yþ·$Æð-H}ژ³Þ‡:…ÌÍꦋžRÖ®„˜Ù!›,§sO§­ EÇ
blob_type: 1
flags: 64
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
The file contains an unknown PE resource name possibly indicative of a packer (2 个事件)
resource name RGN
resource name None
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619910845.711093
NtAllocateVirtualMemory
process_identifier: 884
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003e0000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (3 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619910863.446093
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process d23c6f55685edb0dfbf8e779a8dc7841.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619910863.039093
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 212.51.142.238
host 94.49.254.194
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619910866.024093
RegSetValueExA
key_handle: 0x00000374
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619910866.024093
RegSetValueExA
key_handle: 0x00000374
value: àÀè>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619910866.024093
RegSetValueExA
key_handle: 0x00000374
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619910866.039093
RegSetValueExW
key_handle: 0x00000374
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619910866.039093
RegSetValueExA
key_handle: 0x0000038c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619910866.039093
RegSetValueExA
key_handle: 0x0000038c
value: àÀè>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619910866.039093
RegSetValueExA
key_handle: 0x0000038c
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619910866.071093
RegSetValueExW
key_handle: 0x00000370
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 94.49.254.194:80
File has been identified by 50 AntiVirus engines on VirusTotal as malicious (50 个事件)
Elastic malicious (high confidence)
DrWeb Trojan.Emotet.991
MicroWorld-eScan Trojan.Autoruns.GenericKD.43554083
FireEye Trojan.Autoruns.GenericKD.43554083
McAfee Emotet-FRI!D23C6F55685E
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
AegisLab Trojan.Win32.Emotet.L!c
Sangfor Malware
K7AntiVirus Trojan ( 0056e04f1 )
BitDefender Trojan.Autoruns.GenericKD.43554083
K7GW Trojan ( 0056e04f1 )
Cyren W32/Emotet.CYLT-6825
Symantec Trojan.Emotet
APEX Malicious
ClamAV Win.Malware.Emotet-9790690-0
Kaspersky HEUR:Trojan.Win32.Zenpak.pef
Alibaba Trojan:Win32/Emotet.9038caea
NANO-Antivirus Trojan.Win32.Zenpak.hoknhe
Ad-Aware Trojan.Autoruns.GenericKD.43554083
Emsisoft Trojan.Emotet (A)
F-Secure Trojan.TR/Kryptik.nhtik
Zillya Trojan.Zenpak.Win32.2406
McAfee-GW-Edition Emotet-FRI!D23C6F55685E
Sophos Mal/Generic-R + Troj/Agent-BFFX
Jiangmin Trojan.Zenpak.cqa
Avira TR/Kryptik.nhtik
Antiy-AVL Trojan[Banker]/Win32.Emotet
Kingsoft Win32.Troj.Undef.(kcloud)
Microsoft Trojan:Win32/Emotet.ARJ!MTB
Gridinsoft Trojan.Win32.Emotet.oa!s1
Arcabit Trojan.Autoruns.Generic.D2989523
ZoneAlarm HEUR:Trojan-Banker.Win32.Emotet.gen
GData Trojan.Autoruns.GenericKD.43554083
AhnLab-V3 Malware/Win32.Generic.C4165815
VBA32 Trojan.Downloader
ALYac Trojan.Autoruns.GenericKD.43554083
MAX malware (ai score=82)
Malwarebytes Trojan.Emotet
Panda Trj/Genetic.gen
ESET-NOD32 Win32/Emotet.CD
Rising Trojan.Kryptik!1.C89F (CLASSIC)
Yandex Trojan.GenKryptik!8tnM5ARXa8w
Ikarus Trojan.Win32.Cridex
Fortinet W32/GenericKDZ.6891!tr
MaxSecure Trojan.Malware.121218.susgen
AVG Win32:BankerX-gen [Trj]
Paloalto generic.ml
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Generic/HEUR/QVM07.1.BC9B.Malware.Gen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-22 02:34:06

Imports

Library MFC42.DLL:
0x4442ec
0x4442f0
0x4442f4
0x4442f8
0x4442fc
0x444300
0x444304
0x444308
0x44430c
0x444310
0x444314
0x444318
0x44431c
0x444320
0x444324
0x444328
0x44432c
0x444330
0x444334
0x444338
0x44433c
0x444340
0x444344
0x444348
0x44434c
0x444350
0x444354
0x444358
0x44435c
0x444360
0x444364
0x444368
0x44436c
0x444370
0x444374
0x444378
0x44437c
0x444380
0x444384
0x444388
0x44438c
0x444390
0x444394
0x444398
0x44439c
0x4443a0
0x4443a4
0x4443a8
0x4443ac
0x4443b0
0x4443b4
0x4443b8
0x4443bc
0x4443c0
0x4443c4
0x4443c8
0x4443cc
0x4443d0
0x4443d4
0x4443d8
0x4443dc
0x4443e0
0x4443e4
0x4443e8
0x4443ec
0x4443f0
0x4443f4
0x4443f8
0x4443fc
0x444400
0x444404
0x444408
0x44440c
0x444410
0x444414
0x444418
0x44441c
0x444420
0x444424
0x444428
0x44442c
0x444430
0x444434
0x444438
0x44443c
0x444440
0x444444
0x444448
0x44444c
0x444450
0x444454
0x444458
0x44445c
0x444460
0x444464
0x444468
0x44446c
0x444470
0x444474
0x444478
0x44447c
0x444480
0x444484
0x444488
0x44448c
0x444490
0x444494
0x444498
0x44449c
0x4444a0
0x4444a4
0x4444a8
0x4444ac
0x4444b0
0x4444b4
0x4444b8
0x4444bc
0x4444c0
0x4444c4
0x4444c8
0x4444cc
0x4444d0
0x4444d4
0x4444d8
0x4444dc
0x4444e0
0x4444e4
0x4444e8
0x4444ec
0x4444f0
0x4444f4
0x4444f8
0x4444fc
0x444500
0x444504
0x444508
0x44450c
0x444510
0x444514
0x444518
0x44451c
0x444520
0x444524
0x444528
0x44452c
0x444530
0x444534
0x444538
0x44453c
0x444540
0x444544
0x444548
0x44454c
0x444550
0x444554
0x444558
0x44455c
0x444560
0x444564
0x444568
0x44456c
0x444570
0x444574
0x444578
0x44457c
0x444580
0x444584
0x444588
0x44458c
0x444590
0x444594
0x444598
0x44459c
0x4445a0
0x4445a4
0x4445a8
0x4445ac
0x4445b0
0x4445b4
0x4445b8
0x4445bc
0x4445c0
0x4445c4
0x4445c8
0x4445cc
0x4445d0
0x4445d4
0x4445d8
0x4445dc
0x4445e0
0x4445e4
0x4445e8
0x4445ec
0x4445f0
0x4445f4
0x4445f8
0x4445fc
0x444600
0x444604
0x444608
0x44460c
0x444610
0x444614
0x444618
0x44461c
0x444620
0x444624
0x444628
0x44462c
0x444630
0x444634
0x444638
0x44463c
0x444640
0x444644
0x444648
0x44464c
0x444650
0x444654
0x444658
0x44465c
0x444660
0x444664
0x444668
0x44466c
0x444670
0x444674
0x444678
0x44467c
0x444680
0x444684
0x444688
0x44468c
0x444690
0x444694
0x444698
0x44469c
0x4446a0
0x4446a4
0x4446a8
0x4446ac
0x4446b0
0x4446b4
0x4446b8
0x4446bc
0x4446c0
0x4446c4
0x4446c8
0x4446cc
0x4446d0
0x4446d4
0x4446d8
0x4446dc
0x4446e0
0x4446e4
0x4446e8
0x4446ec
0x4446f0
0x4446f4
0x4446f8
0x4446fc
0x444700
0x444704
0x444708
0x44470c
0x444710
0x444714
0x444718
0x44471c
0x444720
0x444724
0x444728
0x44472c
0x444730
0x444734
0x444738
0x44473c
0x444740
0x444744
0x444748
0x44474c
0x444750
0x444754
0x444758
0x44475c
0x444760
0x444764
0x444768
0x44476c
0x444770
0x444774
0x444778
0x44477c
0x444780
0x444784
0x444788
0x44478c
0x444790
0x444794
0x444798
0x44479c
0x4447a0
0x4447a4
0x4447a8
0x4447ac
0x4447b0
0x4447b4
0x4447b8
0x4447bc
0x4447c0
0x4447c4
0x4447c8
0x4447cc
0x4447d0
0x4447d4
0x4447d8
0x4447dc
0x4447e0
0x4447e4
0x4447e8
0x4447ec
0x4447f0
0x4447f4
0x4447f8
0x4447fc
0x444800
0x444804
0x444808
0x44480c
0x444810
0x444814
0x444818
0x44481c
0x444820
0x444824
0x444828
0x44482c
0x444830
0x444834
0x444838
0x44483c
0x444840
0x444844
0x444848
0x44484c
0x444850
0x444854
0x444858
0x44485c
0x444860
0x444864
0x444868
0x44486c
0x444870
0x444874
0x444878
0x44487c
0x444880
0x444884
0x444888
0x44488c
0x444890
0x444894
0x444898
0x44489c
0x4448a0
0x4448a4
0x4448a8
0x4448ac
0x4448b0
0x4448b4
0x4448b8
0x4448bc
0x4448c0
0x4448c4
0x4448c8
0x4448cc
0x4448d0
0x4448d4
0x4448d8
0x4448dc
0x4448e0
0x4448e4
0x4448e8
0x4448ec
0x4448f0
0x4448f4
0x4448f8
0x4448fc
0x444900
0x444904
0x444908
0x44490c
0x444910
0x444914
0x444918
0x44491c
0x444920
0x444924
0x444928
0x44492c
0x444930
0x444934
0x444938
0x44493c
0x444940
0x444944
0x444948
0x44494c
0x444950
0x444954
0x444958
0x44495c
0x444960
0x444964
0x444968
0x44496c
0x444970
0x444974
0x444978
0x44497c
0x444980
0x444984
0x444988
0x44498c
0x444990
0x444994
0x444998
0x44499c
0x4449a0
0x4449a4
0x4449a8
0x4449ac
0x4449b0
0x4449b4
0x4449b8
0x4449bc
0x4449c0
0x4449c4
0x4449c8
0x4449cc
0x4449d0
0x4449d4
0x4449d8
0x4449dc
0x4449e0
0x4449e4
0x4449e8
0x4449ec
0x4449f0
0x4449f4
0x4449f8
0x4449fc
0x444a00
0x444a04
0x444a08
0x444a0c
0x444a10
0x444a14
0x444a18
0x444a1c
0x444a20
0x444a24
0x444a28
0x444a2c
0x444a30
0x444a34
0x444a38
0x444a3c
0x444a40
0x444a44
0x444a48
0x444a4c
0x444a50
0x444a54
0x444a58
0x444a5c
0x444a60
0x444a64
0x444a68
0x444a6c
0x444a70
0x444a74
0x444a78
0x444a7c
0x444a80
0x444a84
0x444a88
0x444a8c
0x444a90
0x444a94
0x444a98
0x444a9c
0x444aa0
0x444aa4
0x444aa8
0x444aac
0x444ab0
0x444ab4
0x444ab8
0x444abc
0x444ac0
0x444ac4
0x444ac8
0x444acc
0x444ad0
0x444ad4
0x444ad8
0x444adc
0x444ae0
0x444ae4
0x444ae8
0x444aec
0x444af0
0x444af4
0x444af8
0x444afc
0x444b00
0x444b04
0x444b08
0x444b0c
0x444b10
0x444b14
0x444b18
0x444b1c
0x444b20
0x444b24
0x444b28
0x444b2c
0x444b30
0x444b34
0x444b38
0x444b3c
0x444b40
0x444b44
0x444b48
0x444b4c
0x444b50
0x444b54
0x444b58
0x444b5c
0x444b60
0x444b64
0x444b68
0x444b6c
0x444b70
0x444b74
0x444b78
0x444b7c
0x444b80
0x444b84
0x444b88
0x444b8c
0x444b90
0x444b94
Library MSVCRT.dll:
0x444dd4 _setmbcp
0x444dd8 __CxxFrameHandler
0x444ddc _EH_prolog
0x444de0 atoi
0x444de4 _mbscmp
0x444de8 free
0x444dec malloc
0x444df0 wcscpy
0x444df4 wcslen
0x444df8 _ftol
0x444dfc wcscmp
0x444e00 memmove
0x444e04 __dllonexit
0x444e08 _onexit
0x444e10 _exit
0x444e14 _XcptFilter
0x444e18 exit
0x444e1c _acmdln
0x444e20 __getmainargs
0x444e24 _initterm
0x444e28 __setusermatherr
0x444e2c _adjust_fdiv
0x444e30 __p__commode
0x444e34 __p__fmode
0x444e38 __set_app_type
0x444e3c _except_handler3
0x444e40 _controlfp
0x444e44 printf
Library KERNEL32.dll:
0x44423c GetModuleHandleA
0x444240 SizeofResource
0x444244 OpenFileMappingA
0x444248 CreateFileMappingA
0x44424c MapViewOfFile
0x444250 UnmapViewOfFile
0x444254 CloseHandle
0x444258 MultiByteToWideChar
0x44425c lstrcmpiA
0x444260 FindResourceA
0x444264 LoadResource
0x444268 LockResource
0x44426c GetCPInfo
0x444270 lstrlenW
0x444274 lstrlenA
0x444278 GetVersion
0x44427c GetVersionExA
0x444280 MulDiv
0x444284 GetModuleFileNameA
0x444288 DeleteFileA
0x44428c GetTickCount
0x444290 LoadLibraryA
0x444294 FreeLibrary
0x444298 Sleep
0x44429c LoadLibraryExA
0x4442a0 GetProcAddress
0x4442a4 GetCurrentProcess
0x4442a8 GetStartupInfoA
Library USER32.dll:
0x444ec4 RemoveMenu
0x444ec8 TabbedTextOutA
0x444ecc GrayStringA
0x444ed0 LoadImageA
0x444ed4 DrawIcon
0x444ed8 SetRectEmpty
0x444edc IsMenu
0x444ee0 SetMenuDefaultItem
0x444ee4 SetForegroundWindow
0x444ee8 IsIconic
0x444eec GetLastActivePopup
0x444ef0 SetWindowRgn
0x444ef4 IsWindow
0x444ef8 FrameRect
0x444efc EnumChildWindows
0x444f00 GetAsyncKeyState
0x444f04 GetMenuItemID
0x444f08 KillTimer
0x444f0c GetWindowRect
0x444f10 SetTimer
0x444f14 ScreenToClient
0x444f18 PtInRect
0x444f1c EnableWindow
0x444f20 InvalidateRect
0x444f24 LoadIconA
0x444f28 GetDC
0x444f2c GetClientRect
0x444f30 LoadBitmapA
0x444f34 FillRect
0x444f38 ReleaseDC
0x444f3c UpdateWindow
0x444f40 GetSystemMenu
0x444f44 SendMessageA
0x444f48 ShowWindow
0x444f4c GetMenuState
0x444f50 ModifyMenuA
0x444f54 GetMenuItemCount
0x444f58 InsertMenuA
0x444f5c GetSystemMetrics
0x444f60 DrawTextA
0x444f64 DrawIconEx
0x444f68 DestroyIcon
0x444f6c DrawEdge
0x444f70 SetRect
0x444f74 GetMenuItemInfoA
0x444f78 PostMessageA
0x444f7c DeleteMenu
0x444f80 AppendMenuA
0x444f84 SetParent
0x444f88 wsprintfA
0x444f8c GetDCEx
0x444f90 ReleaseCapture
0x444f94 SetCapture
0x444f98 RedrawWindow
0x444f9c GetWindow
0x444fa0 GetClassLongA
0x444fa4 GetMenuStringA
0x444fa8 CreateMenu
0x444fac CreatePopupMenu
0x444fb0 GetSysColor
0x444fb4 GetSubMenu
0x444fb8 ClientToScreen
0x444fbc GetParent
0x444fc0 BeginDeferWindowPos
0x444fc4 EndDeferWindowPos
0x444fc8 IsRectEmpty
0x444fcc GetSysColorBrush
0x444fd0 GetCursorPos
0x444fd4 LoadCursorA
0x444fd8 GetKeyState
0x444fdc OffsetRect
0x444fe0 CopyRect
0x444fe4 InflateRect
0x444fec GetFocus
0x444ff0 IsChild
0x444ff4 IsWindowVisible
0x444ff8 GetDesktopWindow
0x444ffc SetMenu
0x445000 GetMenu
Library GDI32.dll:
0x444168 CreateSolidBrush
0x444174 Ellipse
0x444178 DeleteDC
0x44417c DeleteObject
0x444180 SelectObject
0x444184 CreateDIBSection
0x444188 SetPixel
0x44418c GetPixel
0x444190 PtVisible
0x444194 CreatePen
0x444198 TextOutA
0x44419c Escape
0x4441a0 Rectangle
0x4441a4 CreateHatchBrush
0x4441a8 RealizePalette
0x4441ac CreatePalette
0x4441b0 GetTextMetricsA
0x4441b4 GetCurrentObject
0x4441b8 ExtCreateRegion
0x4441bc GetDIBColorTable
0x4441c4 GetBkMode
0x4441c8 PatBlt
0x4441d0 BitBlt
0x4441d4 GetTextColor
0x4441d8 GetDeviceCaps
0x4441dc GetObjectA
0x4441e0 CreateFontIndirectA
0x4441e4 ExtTextOutA
0x4441e8 RectVisible
0x4441ec EnumFontFamiliesA
0x4441f0 CreateCompatibleDC
Library ADVAPI32.dll:
0x4440e8 RegCloseKey
0x4440ec RegOpenKeyExA
0x4440f0 RegQueryValueExA
Library SHELL32.dll:
0x444e88 Shell_NotifyIconA
0x444e94 SHGetMalloc
Library COMCTL32.dll:
0x444124 ImageList_GetIcon
0x444128 ImageList_AddMasked
0x44412c ImageList_Draw
Library ole32.dll:
0x4450a8 CoUninitialize
0x4450ac CoInitialize
0x4450b0 CoCreateInstance
Library WSOCK32.dll:
0x445070 inet_addr
0x445074 gethostname
0x445078 gethostbyname
Library MSVCP60.dll:

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49238 239.255.255.250 1900
192.168.56.101 49714 239.255.255.250 3702
192.168.56.101 53658 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.