6.4
高危
46 个模型检测该样本为恶意!
重新分析
更多

1a572a49280507c73a95e6b80cefb8bff5e558085ea2b6069226ff080b7d6429

d2c912da672b40685a0e9a8327cc2ff4.exe

分析耗时

78s

最近分析

文件大小

772.0KB
静态报毒 动态报毒 100% AI SCORE=100 ATRAPS ATTRIBUTE CLASSIC CONFIDENCE ELDORADO EMOTET GENCIRC GENERICKD GENETIC GLCHR HIGH CONFIDENCE HIGHCONFIDENCE HSOXLG KRYPTIK MALWARE@#2K0SGNILT471A R + TROJ R348786 SUSGEN TROJANBANKER UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Emotet.c5e1ea06 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201024 18.4.3895.0
Tencent Malware.Win32.Gencirc.10cdeac8 20201024 1.0.0.1
Kingsoft 20201024 2013.8.14.323
McAfee Emotet-FRV!D2C912DA672B 20201024 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619927694.166625
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (5 个事件)
Time & API Arguments Status Return Repeated
1619927685.431625
CryptGenKey
crypto_handle: 0x0064f188
algorithm_identifier: 0x0000660e ()
provider_handle: 0x005a7490
flags: 1
key: fùt”óWüÚþݪg¹{õ
success 1 0
1619927694.197625
CryptExportKey
crypto_handle: 0x0064f188
crypto_export_handle: 0x0064f030
buffer: f¤–Õ¹ÄCÅÌ-»,³=Ëv6‡ÙÁlÀ4ҟË1&΢jîc‰ëÃë; $¢‹ç]ä·)cÑ#b¦ÿ!ðÞ ÁèœÛƒˆ›`!¯¡{@ ˜¬ÅU«ˆa u™Ÿw”
blob_type: 1
flags: 64
success 1 0
1619927730.212625
CryptExportKey
crypto_handle: 0x0064f188
crypto_export_handle: 0x0064f030
buffer: f¤TVïÄŽ ¢*®"ÆëÏ8}/¨öwÊÅÃ]“U]ց‘s܊Ó=ŽË èƒSûeü±ü kxŽº¢dñM„·zB›ÌykR1__€Ë-Õ­9»€œÎ<Üç5:
blob_type: 1
flags: 64
success 1 0
1619927735.931625
CryptExportKey
crypto_handle: 0x0064f188
crypto_export_handle: 0x0064f030
buffer: f¤e‹.¶R4¦´ÕF<ìáÕBŠ7L¢µ(†,!û!mց4º-ŸŒ·¸‡ KܕΠꆫGvÂ_|ªb-Û[EÚéìŒÌuÚ5=bºŸ}Ð[ͼPk®]Ò㰚ۏ
blob_type: 1
flags: 64
success 1 0
1619927741.056625
CryptExportKey
crypto_handle: 0x0064f188
crypto_export_handle: 0x0064f030
buffer: f¤Ë¹Øò Ì8’\5_J?Øksp«é6Öê 3‰´0êE~Àz7[F¸¶ø$`d;vO$Öü!Ü«FœpŒ+®ªB7R±€!Çm©”FsÅv’Ú9aí`n‹}ÞåòŒ«6i£×‰¨
blob_type: 1
flags: 64
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .didat
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619927684.978625
NtAllocateVirtualMemory
process_identifier: 2292
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00500000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619927694.759625
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process d2c912da672b40685a0e9a8327cc2ff4.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619927694.384625
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (7 个事件)
host 116.202.234.183
host 172.217.24.14
host 185.94.252.104
host 69.30.203.214
host 70.121.172.89
host 203.208.40.98
host 203.208.41.65
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619927697.337625
RegSetValueExA
key_handle: 0x000003c4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619927697.337625
RegSetValueExA
key_handle: 0x000003c4
value: Ò”òø>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619927697.337625
RegSetValueExA
key_handle: 0x000003c4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619927697.353625
RegSetValueExW
key_handle: 0x000003c4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619927697.353625
RegSetValueExA
key_handle: 0x000003dc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619927697.353625
RegSetValueExA
key_handle: 0x000003dc
value: Ò”òø>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619927697.353625
RegSetValueExA
key_handle: 0x000003dc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619927697.384625
RegSetValueExW
key_handle: 0x000003c0
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 46 AntiVirus engines on VirusTotal as malicious (46 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.43699485
FireEye Generic.mg.d2c912da672b4068
ALYac Trojan.Agent.Emotet
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 0056cee31 )
Alibaba Trojan:Win32/Emotet.c5e1ea06
K7GW Trojan ( 0056cee31 )
Arcabit Trojan.Generic.D29ACD1D
Cyren W32/Emotet.AQP.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Trojan-gen
ClamAV Win.Packed.Atraps-9427203-0
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.vho
BitDefender Trojan.GenericKD.43699485
NANO-Antivirus Trojan.Win32.Emotet.hsoxlg
Tencent Malware.Win32.Gencirc.10cdeac8
Ad-Aware Trojan.GenericKD.43699485
Comodo Malware@#2k0sgnilt471a
DrWeb Trojan.Emotet.1001
VIPRE Trojan.Win32.Generic!BT
Invincea Mal/Generic-R + Troj/Emotet-CLM
McAfee-GW-Edition BehavesLike.Win32.Emotet.bm
Sophos Troj/Emotet-CLM
Jiangmin Backdoor.Emotet.rv
Avira TR/Emotet.glchr
Microsoft Trojan:Win32/Emotet.ARJ!MTB
ViRobot Trojan.Win32.Emotet.790528
ZoneAlarm HEUR:Trojan-Banker.Win32.Emotet.vho
GData Trojan.GenericKD.43699485
TACHYON Backdoor/W32.Emotet.790528
AhnLab-V3 Trojan/Win32.Emotet.R348786
McAfee Emotet-FRV!D2C912DA672B
MAX malware (ai score=100)
VBA32 TrojanBanker.Emotet
ESET-NOD32 Win32/Emotet.CD
Rising Trojan.Kryptik!1.CAD8 (CLASSIC)
Ikarus Trojan-Banker.Emotet
MaxSecure Trojan.Malware.105705876.susgen
Fortinet W32/Emotet.E88D!tr
AVG Win32:Trojan-gen
Panda Trj/Genetic.gen
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Win32/Backdoor.0ec
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (5 个事件)
dead_host 192.168.56.101:49180
dead_host 69.30.203.214:8080
dead_host 70.121.172.89:80
dead_host 116.202.234.183:8080
dead_host 192.168.56.101:49177
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-20 15:24:58

Imports

Library KERNEL32.dll:
0x4a301c RtlUnwind
0x4a3020 GetStartupInfoA
0x4a3024 GetCommandLineA
0x4a3028 TerminateProcess
0x4a302c ExitThread
0x4a3030 CreateThread
0x4a3034 HeapReAlloc
0x4a3038 HeapSize
0x4a303c FatalAppExitA
0x4a3040 HeapDestroy
0x4a3044 HeapCreate
0x4a3048 VirtualFree
0x4a304c IsBadWritePtr
0x4a3050 LCMapStringA
0x4a3054 LCMapStringW
0x4a3058 GetStdHandle
0x4a3070 VirtualQuery
0x4a3074 GetFileType
0x4a307c GetCurrentProcessId
0x4a3088 GetStringTypeA
0x4a308c GetStringTypeW
0x4a3094 IsBadReadPtr
0x4a3098 IsBadCodePtr
0x4a309c GetTimeFormatA
0x4a30a0 GetDateFormatA
0x4a30a4 GetUserDefaultLCID
0x4a30a8 EnumSystemLocalesA
0x4a30ac IsValidLocale
0x4a30b0 IsValidCodePage
0x4a30b8 SetStdHandle
0x4a30bc GetLocaleInfoW
0x4a30c4 GetSystemInfo
0x4a30c8 VirtualAlloc
0x4a30cc VirtualProtect
0x4a30d0 HeapFree
0x4a30d4 HeapAlloc
0x4a30d8 GetDiskFreeSpaceA
0x4a30dc GetTempFileNameA
0x4a30e0 LocalLock
0x4a30e4 LocalUnlock
0x4a30e8 GetTickCount
0x4a30ec GetFileTime
0x4a30f0 GetFileAttributesA
0x4a30f4 SetFileAttributesA
0x4a30f8 SetFileTime
0x4a3104 SetErrorMode
0x4a3110 GetOEMCP
0x4a3114 GetCPInfo
0x4a3118 GetShortPathNameA
0x4a311c CreateFileA
0x4a3120 GetFullPathNameA
0x4a3128 FindFirstFileA
0x4a312c FindClose
0x4a3130 GetCurrentProcess
0x4a3134 DuplicateHandle
0x4a3138 GetFileSize
0x4a313c SetEndOfFile
0x4a3140 UnlockFile
0x4a3144 LockFile
0x4a3148 FlushFileBuffers
0x4a314c SetFilePointer
0x4a3150 WriteFile
0x4a3154 ReadFile
0x4a3158 DeleteFileA
0x4a315c MoveFileA
0x4a3160 GlobalFlags
0x4a3174 TlsFree
0x4a3178 LocalReAlloc
0x4a317c TlsSetValue
0x4a3180 TlsAlloc
0x4a3184 TlsGetValue
0x4a318c GlobalHandle
0x4a3190 GlobalReAlloc
0x4a3198 LocalAlloc
0x4a31a8 RaiseException
0x4a31b0 GlobalGetAtomNameA
0x4a31b4 GlobalFindAtomA
0x4a31b8 lstrcatA
0x4a31bc lstrcmpW
0x4a31c0 FreeResource
0x4a31c4 CreateEventA
0x4a31c8 SuspendThread
0x4a31cc SetEvent
0x4a31d0 WaitForSingleObject
0x4a31d4 ResumeThread
0x4a31d8 SetThreadPriority
0x4a31dc CloseHandle
0x4a31e0 GlobalAddAtomA
0x4a31e4 GetCurrentThread
0x4a31e8 GetCurrentThreadId
0x4a31ec FreeLibrary
0x4a31f0 GlobalDeleteAtom
0x4a31f4 lstrcmpA
0x4a31f8 GetModuleFileNameA
0x4a31fc GetModuleHandleA
0x4a3200 GetProcAddress
0x4a320c lstrcpyA
0x4a3210 LoadLibraryA
0x4a3214 GlobalFree
0x4a3218 CopyFileA
0x4a321c MulDiv
0x4a3220 GlobalSize
0x4a3224 GlobalAlloc
0x4a3228 GlobalLock
0x4a322c GlobalUnlock
0x4a3230 FormatMessageA
0x4a3234 lstrcpynA
0x4a3238 LocalFree
0x4a323c ExitProcess
0x4a3240 FindResourceA
0x4a3244 LoadResource
0x4a3248 LockResource
0x4a324c SizeofResource
0x4a3250 SetLastError
0x4a3254 GetStringTypeExW
0x4a3258 GetStringTypeExA
0x4a3264 CompareStringW
0x4a3268 CompareStringA
0x4a326c lstrlenA
0x4a3270 lstrcmpiW
0x4a3274 lstrlenW
0x4a3278 lstrcmpiA
0x4a327c GetVersion
0x4a3280 GetLastError
0x4a3284 WideCharToMultiByte
0x4a3288 MultiByteToWideChar
0x4a328c GetVersionExA
0x4a3290 GetThreadLocale
0x4a3294 GetLocaleInfoA
0x4a3298 GetACP
0x4a329c SetHandleCount
0x4a32a0 InterlockedExchange
Library USER32.dll:
0x4a34bc MapVirtualKeyA
0x4a34c0 UnionRect
0x4a34c4 PostThreadMessageA
0x4a34c8 SetTimer
0x4a34cc KillTimer
0x4a34d8 GetDCEx
0x4a34dc LockWindowUpdate
0x4a34e0 SetParent
0x4a34e8 MessageBeep
0x4a34ec GetNextDlgGroupItem
0x4a34f0 InvalidateRgn
0x4a34f4 InvalidateRect
0x4a34fc SetRect
0x4a3500 IsRectEmpty
0x4a3504 CharNextA
0x4a3508 GetDialogBaseUnits
0x4a350c DestroyIcon
0x4a3510 DeleteMenu
0x4a3514 WaitMessage
0x4a351c ReleaseCapture
0x4a3520 WindowFromPoint
0x4a3524 SetCapture
0x4a3528 LoadCursorA
0x4a352c GetSysColorBrush
0x4a3530 EndPaint
0x4a3534 BeginPaint
0x4a3538 GetWindowDC
0x4a353c ReleaseDC
0x4a3540 GetDC
0x4a3544 ClientToScreen
0x4a3548 GrayStringA
0x4a354c DrawTextExA
0x4a3550 DrawTextA
0x4a3554 TabbedTextOutA
0x4a3558 FillRect
0x4a355c wsprintfA
0x4a3560 DestroyMenu
0x4a3564 GetMenuItemInfoA
0x4a3568 InflateRect
0x4a356c ScrollWindowEx
0x4a3570 MoveWindow
0x4a3574 SetWindowTextA
0x4a3578 IsDialogMessageA
0x4a357c IsDlgButtonChecked
0x4a3580 SetDlgItemInt
0x4a3584 GetDlgItemTextA
0x4a3588 GetDlgItemInt
0x4a358c CheckRadioButton
0x4a3590 CheckDlgButton
0x4a3598 WinHelpA
0x4a359c GetCapture
0x4a35a0 CreateWindowExA
0x4a35a4 GetClassLongA
0x4a35a8 GetClassInfoExA
0x4a35ac GetClassNameA
0x4a35b0 SetPropA
0x4a35b4 GetPropA
0x4a35b8 RemovePropA
0x4a35bc SendDlgItemMessageA
0x4a35c0 SetFocus
0x4a35c4 IsChild
0x4a35cc GetWindowTextA
0x4a35d0 GetForegroundWindow
0x4a35d4 BeginDeferWindowPos
0x4a35d8 GetKeyNameTextA
0x4a35dc GetTopWindow
0x4a35e0 UnhookWindowsHookEx
0x4a35e4 GetMessageTime
0x4a35e8 GetMessagePos
0x4a35ec MapWindowPoints
0x4a35f0 ScrollWindow
0x4a35f4 TrackPopupMenuEx
0x4a35f8 TrackPopupMenu
0x4a35fc SetScrollRange
0x4a3600 GetScrollRange
0x4a3604 SetScrollPos
0x4a3608 GetScrollPos
0x4a360c SetForegroundWindow
0x4a3610 ShowScrollBar
0x4a3614 UpdateWindow
0x4a3618 GetMenu
0x4a361c GetSysColor
0x4a3620 AdjustWindowRectEx
0x4a3624 ScreenToClient
0x4a3628 EqualRect
0x4a362c DeferWindowPos
0x4a3630 GetScrollInfo
0x4a3634 SetScrollInfo
0x4a3638 GetClassInfoA
0x4a363c RegisterClassA
0x4a3640 UnregisterClassA
0x4a3644 SetWindowPlacement
0x4a3648 GetDlgCtrlID
0x4a364c DefWindowProcA
0x4a3650 CallWindowProcA
0x4a3654 SetWindowLongA
0x4a3658 CharLowerA
0x4a365c CharLowerW
0x4a3660 CharUpperA
0x4a3664 CharUpperW
0x4a3668 ShowWindow
0x4a366c DrawIcon
0x4a3670 AppendMenuA
0x4a3674 SetDlgItemTextA
0x4a3678 SendMessageA
0x4a367c GetSystemMenu
0x4a3680 IsIconic
0x4a3684 GetClientRect
0x4a3688 EnableWindow
0x4a368c LoadIconA
0x4a3690 OffsetRect
0x4a3694 IntersectRect
0x4a369c GetWindowPlacement
0x4a36a0 GetWindowRect
0x4a36a4 CopyRect
0x4a36a8 PtInRect
0x4a36ac GetWindow
0x4a36b4 MapDialogRect
0x4a36b8 SetWindowPos
0x4a36bc GetDesktopWindow
0x4a36c0 SetActiveWindow
0x4a36c8 DestroyWindow
0x4a36d0 LoadMenuA
0x4a36d4 UnpackDDElParam
0x4a36d8 ReuseDDElParam
0x4a36dc LoadAcceleratorsA
0x4a36e0 IsWindow
0x4a36e4 GetDlgItem
0x4a36e8 GetNextDlgTabItem
0x4a36ec EndDialog
0x4a36f0 SetMenuItemBitmaps
0x4a36f4 GetFocus
0x4a36f8 ModifyMenuA
0x4a36fc EnableMenuItem
0x4a3700 CheckMenuItem
0x4a3708 LoadBitmapA
0x4a370c SetWindowsHookExA
0x4a3710 InsertMenuItemA
0x4a3714 CreatePopupMenu
0x4a3718 SetRectEmpty
0x4a371c BringWindowToTop
0x4a3720 EndDeferWindowPos
0x4a3724 SetMenu
0x4a3728 GetSystemMetrics
0x4a372c RemoveMenu
0x4a3730 GetSubMenu
0x4a3734 GetMenuItemCount
0x4a3738 InsertMenuA
0x4a373c GetMenuItemID
0x4a3740 GetMenuStringA
0x4a3744 GetMenuState
0x4a3748 PostMessageA
0x4a374c PostQuitMessage
0x4a3750 SetCursor
0x4a3754 ShowOwnedPopups
0x4a3758 IsWindowEnabled
0x4a375c GetLastActivePopup
0x4a3760 GetWindowLongA
0x4a3764 GetParent
0x4a3768 MessageBoxA
0x4a376c ValidateRect
0x4a3770 GetCursorPos
0x4a3774 PeekMessageA
0x4a3778 GetKeyState
0x4a377c IsWindowVisible
0x4a3780 GetActiveWindow
0x4a3784 DispatchMessageA
0x4a3788 TranslateMessage
0x4a378c GetMessageA
0x4a3790 CallNextHookEx
Library GDI32.dll:
0x4a2e38 PlayMetaFile
0x4a2e3c CreatePen
0x4a2e40 ExtCreatePen
0x4a2e44 CreateSolidBrush
0x4a2e48 CreateHatchBrush
0x4a2e4c GetTextMetricsA
0x4a2e50 GetBkColor
0x4a2e54 GetTextColor
0x4a2e5c GetRgnBox
0x4a2e60 SetRectRgn
0x4a2e64 CombineRgn
0x4a2e68 EnumMetaFile
0x4a2e6c PatBlt
0x4a2e70 DPtoLP
0x4a2e78 StretchDIBits
0x4a2e7c GetCharWidthA
0x4a2e80 CreateFontA
0x4a2e84 StartPage
0x4a2e88 EndPage
0x4a2e8c SetAbortProc
0x4a2e90 AbortDoc
0x4a2e94 EndDoc
0x4a2e98 GetObjectType
0x4a2e9c PlayMetaFileRecord
0x4a2ea0 SelectPalette
0x4a2ea4 GetStockObject
0x4a2ea8 CreatePatternBrush
0x4a2eb0 DeleteDC
0x4a2eb4 ExtSelectClipRgn
0x4a2eb8 PolyBezierTo
0x4a2ebc PolylineTo
0x4a2ec0 PolyDraw
0x4a2ec4 ArcTo
0x4a2ecc ScaleWindowExtEx
0x4a2ed0 SetWindowExtEx
0x4a2ed4 OffsetWindowOrgEx
0x4a2ed8 SetWindowOrgEx
0x4a2edc ScaleViewportExtEx
0x4a2ee0 SetViewportExtEx
0x4a2ee4 OffsetViewportOrgEx
0x4a2ee8 SetViewportOrgEx
0x4a2eec SelectObject
0x4a2ef0 Escape
0x4a2ef4 TextOutA
0x4a2ef8 RectVisible
0x4a2efc GetMapMode
0x4a2f00 GetDeviceCaps
0x4a2f04 StartDocA
0x4a2f08 GetPixel
0x4a2f0c GetWindowExtEx
0x4a2f10 GetViewportExtEx
0x4a2f14 SelectClipPath
0x4a2f18 CreateRectRgn
0x4a2f1c GetClipRgn
0x4a2f20 SelectClipRgn
0x4a2f24 DeleteObject
0x4a2f28 SetColorAdjustment
0x4a2f2c SetArcDirection
0x4a2f30 SetMapperFlags
0x4a2f3c SetTextAlign
0x4a2f40 MoveToEx
0x4a2f44 LineTo
0x4a2f48 OffsetClipRgn
0x4a2f4c IntersectClipRect
0x4a2f50 ExcludeClipRect
0x4a2f54 SetMapMode
0x4a2f58 SetStretchBltMode
0x4a2f5c SetROP2
0x4a2f60 SetPolyFillMode
0x4a2f64 SetBkMode
0x4a2f68 RestoreDC
0x4a2f6c SaveDC
0x4a2f74 ExtTextOutA
0x4a2f78 BitBlt
0x4a2f7c CreateCompatibleDC
0x4a2f80 CreateFontIndirectA
0x4a2f84 GetObjectA
0x4a2f88 SetBkColor
0x4a2f8c SetTextColor
0x4a2f90 GetClipBox
0x4a2f94 GetDCOrgEx
0x4a2f98 CreateBitmap
0x4a2f9c CreateDCA
0x4a2fa0 CopyMetaFileA
0x4a2fa4 PtVisible
Library comdlg32.dll:
0x4a388c PageSetupDlgA
0x4a3890 FindTextA
0x4a3894 ReplaceTextA
0x4a3898 PrintDlgA
0x4a38a0 GetSaveFileNameA
0x4a38a4 GetFileTitleA
0x4a38a8 GetOpenFileNameA
Library WINSPOOL.DRV:
0x4a3850 OpenPrinterA
0x4a3854 DocumentPropertiesA
0x4a3858 ClosePrinter
0x4a385c GetJobA
Library ADVAPI32.dll:
0x4a2d6c SetFileSecurityA
0x4a2d70 RegSetValueA
0x4a2d74 RegOpenKeyA
0x4a2d78 RegQueryValueExA
0x4a2d7c RegOpenKeyExA
0x4a2d80 RegDeleteKeyA
0x4a2d84 RegEnumKeyA
0x4a2d88 RegQueryValueA
0x4a2d8c RegCreateKeyExA
0x4a2d90 RegSetValueExA
0x4a2d94 RegDeleteValueA
0x4a2d98 GetFileSecurityA
0x4a2d9c RegCloseKey
0x4a2da0 RegCreateKeyA
Library SHELL32.dll:
0x4a343c SHGetFileInfoA
0x4a3440 DragFinish
0x4a3444 DragQueryFileA
0x4a3448 ExtractIconA
Library COMCTL32.dll:
0x4a2dd8
0x4a2ddc ImageList_Draw
0x4a2de4
0x4a2de8 ImageList_Read
0x4a2dec ImageList_Write
0x4a2df0
0x4a2df4 ImageList_Destroy
0x4a2df8 ImageList_Create
0x4a2e00 ImageList_Merge
Library SHLWAPI.dll:
0x4a347c PathFindFileNameA
0x4a3480 PathStripToRootA
0x4a3484 PathFindExtensionA
0x4a3488 PathIsUNCA
Library oledlg.dll:
0x4a39a4
Library ole32.dll:
0x4a38e8 CoGetClassObject
0x4a38ec CoDisconnectObject
0x4a38f0 CLSIDFromString
0x4a38f4 CLSIDFromProgID
0x4a38f8 OleDuplicateData
0x4a38fc ReleaseStgMedium
0x4a3900 CoCreateInstance
0x4a3904 CreateBindCtx
0x4a3908 CoTreatAsClass
0x4a390c StringFromCLSID
0x4a3910 ReadClassStg
0x4a3914 ReadFmtUserTypeStg
0x4a3918 OleRegGetUserType
0x4a391c WriteClassStg
0x4a3920 WriteFmtUserTypeStg
0x4a3924 SetConvertStg
0x4a3928 CoTaskMemFree
0x4a392c StringFromGUID2
0x4a3930 OleRun
0x4a3934 OleUninitialize
0x4a3944 OleFlushClipboard
0x4a394c OleSetClipboard
0x4a3950 CoRevokeClassObject
0x4a3958 CoTaskMemAlloc
0x4a395c OleInitialize
Library OLEAUT32.dll:
0x4a3350 SysAllocStringLen
0x4a3354 VariantClear
0x4a3358 VariantChangeType
0x4a335c VariantInit
0x4a3360 SysStringLen
0x4a3368 SysStringByteLen
0x4a3374 SafeArrayDestroy
0x4a3378 SysAllocString
0x4a3380 SafeArrayAccessData
0x4a3384 SafeArrayGetUBound
0x4a3388 SafeArrayGetLBound
0x4a3390 SafeArrayGetDim
0x4a3394 SafeArrayCreate
0x4a3398 SafeArrayRedim
0x4a339c VariantCopy
0x4a33a0 SafeArrayAllocData
0x4a33a8 SafeArrayCopy
0x4a33ac SafeArrayGetElement
0x4a33b0 SafeArrayPtrOfIndex
0x4a33b4 SafeArrayPutElement
0x4a33b8 SafeArrayLock
0x4a33bc SafeArrayUnlock
0x4a33cc SysReAllocStringLen
0x4a33d0 VarDateFromStr
0x4a33d4 VarBstrFromDec
0x4a33d8 VarDecFromStr
0x4a33dc VarCyFromStr
0x4a33e0 VarBstrFromCy
0x4a33e4 VarBstrFromDate
0x4a33e8 LoadTypeLib
0x4a33ec SysFreeString

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.