5.4
中危
该样本未表现出任何异常!
重新分析
更多

f3141eb0d06d4ddce695865bbd38b6d1c9fa564d3ab4a9f1a5d1c0bb9c9931cc

d3c15d95b011a76871d3e2a21e86962d.exe

分析耗时

21s

最近分析

文件大小

645.5KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619910853.573184
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34406212
registers.edi: 0
registers.eax: 0
registers.ebp: 34406280
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 6
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 4e 6e 00 00 e9
exception.symbol: d3c15d95b011a76871d3e2a21e86962d+0x54809
exception.instruction: div eax
exception.module: d3c15d95b011a76871d3e2a21e86962d.exe
exception.exception_code: 0xc0000094
exception.offset: 346121
exception.address: 0x454809
success 0 0
1619910855.43987
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7501e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7501ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7501b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7501b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7501ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7501aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7501559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75177f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75174de3
d3c15d95b011a76871d3e2a21e86962d+0x58a4d @ 0x458a4d
d3c15d95b011a76871d3e2a21e86962d+0x51254 @ 0x451254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xff4e14ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1619910853.417184
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00360000
success 0 0
1619910853.573184
NtProtectVirtualMemory
process_identifier: 2296
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 32768
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00454000
success 0 0
1619910853.589184
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00880000
success 0 0
1619910854.56487
NtProtectVirtualMemory
process_identifier: 3044
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619910854.62787
NtAllocateVirtualMemory
process_identifier: 3044
region_size: 458752
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01dd0000
success 0 0
1619910854.62787
NtAllocateVirtualMemory
process_identifier: 3044
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01e00000
success 0 0
1619910854.62787
NtAllocateVirtualMemory
process_identifier: 3044
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00510000
success 0 0
1619910854.64287
NtProtectVirtualMemory
process_identifier: 3044
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 299008
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00512000
success 0 0
1619910854.86187
NtAllocateVirtualMemory
process_identifier: 3044
region_size: 1441792
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01f90000
success 0 0
1619910854.86187
NtAllocateVirtualMemory
process_identifier: 3044
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x020b0000
success 0 0
1619910855.40887
NtProtectVirtualMemory
process_identifier: 3044
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f82000
success 0 0
1619910855.40887
NtProtectVirtualMemory
process_identifier: 3044
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619910855.40887
NtProtectVirtualMemory
process_identifier: 3044
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f82000
success 0 0
1619910855.40887
NtProtectVirtualMemory
process_identifier: 3044
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619910855.40887
NtProtectVirtualMemory
process_identifier: 3044
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f82000
success 0 0
1619910855.40887
NtProtectVirtualMemory
process_identifier: 3044
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619910855.40887
NtProtectVirtualMemory
process_identifier: 3044
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f82000
success 0 0
1619910855.40887
NtProtectVirtualMemory
process_identifier: 3044
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619910855.40887
NtProtectVirtualMemory
process_identifier: 3044
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f82000
success 0 0
1619910855.40887
NtProtectVirtualMemory
process_identifier: 3044
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619910855.40887
NtProtectVirtualMemory
process_identifier: 3044
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f82000
success 0 0
1619910855.40887
NtProtectVirtualMemory
process_identifier: 3044
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619910855.40887
NtProtectVirtualMemory
process_identifier: 3044
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f82000
success 0 0
1619910855.40887
NtProtectVirtualMemory
process_identifier: 3044
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619910855.40887
NtProtectVirtualMemory
process_identifier: 3044
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f82000
success 0 0
1619910855.40887
NtProtectVirtualMemory
process_identifier: 3044
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619910855.40887
NtProtectVirtualMemory
process_identifier: 3044
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f82000
success 0 0
1619910855.40887
NtProtectVirtualMemory
process_identifier: 3044
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619910855.40887
NtProtectVirtualMemory
process_identifier: 3044
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f82000
success 0 0
1619910855.40887
NtProtectVirtualMemory
process_identifier: 3044
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.630813015268905 section {'size_of_data': '0x0003d000', 'virtual_address': '0x0006b000', 'entropy': 7.630813015268905, 'name': '.rsrc', 'virtual_size': '0x0003ce54'} description A section with a high entropy has been found
entropy 0.3785880527540729 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2296 called NtSetContextThread to modify thread in remote process 3044
Time & API Arguments Status Return Repeated
1619910853.698184
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4893792
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3044
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2296 resumed a thread in remote process 3044
Time & API Arguments Status Return Repeated
1619910854.511184
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 3044
success 0 0
Generates some ICMP traffic
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619910853.667184
CreateProcessInternalW
thread_identifier: 2136
thread_handle: 0x000000fc
process_identifier: 3044
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d3c15d95b011a76871d3e2a21e86962d.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000100
inherit_handles: 0
success 1 0
1619910853.667184
NtUnmapViewOfSection
process_identifier: 3044
region_size: 4096
process_handle: 0x00000100
base_address: 0x00400000
success 0 0
1619910853.667184
NtMapViewOfSection
section_handle: 0x00000108
process_identifier: 3044
commit_size: 704512
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000100
allocation_type: 0 ()
section_offset: 0
view_size: 704512
base_address: 0x00400000
success 0 0
1619910853.698184
NtGetContextThread
thread_handle: 0x000000fc
success 0 0
1619910853.698184
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4893792
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3044
success 0 0
1619910854.511184
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 3044
success 0 0
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x45f150 VirtualFree
0x45f154 VirtualAlloc
0x45f158 LocalFree
0x45f15c LocalAlloc
0x45f160 GetVersion
0x45f164 GetCurrentThreadId
0x45f170 VirtualQuery
0x45f174 WideCharToMultiByte
0x45f178 MultiByteToWideChar
0x45f17c lstrlenA
0x45f180 lstrcpynA
0x45f184 LoadLibraryExA
0x45f188 GetThreadLocale
0x45f18c GetStartupInfoA
0x45f190 GetProcAddress
0x45f194 GetModuleHandleA
0x45f198 GetModuleFileNameA
0x45f19c GetLocaleInfoA
0x45f1a0 GetCommandLineA
0x45f1a4 FreeLibrary
0x45f1a8 FindFirstFileA
0x45f1ac FindClose
0x45f1b0 ExitProcess
0x45f1b4 WriteFile
0x45f1bc RtlUnwind
0x45f1c0 RaiseException
0x45f1c4 GetStdHandle
Library user32.dll:
0x45f1cc GetKeyboardType
0x45f1d0 LoadStringA
0x45f1d4 MessageBoxA
0x45f1d8 CharNextA
Library advapi32.dll:
0x45f1e0 RegQueryValueExA
0x45f1e4 RegOpenKeyExA
0x45f1e8 RegCloseKey
Library oleaut32.dll:
0x45f1f0 SysFreeString
0x45f1f4 SysReAllocStringLen
0x45f1f8 SysAllocStringLen
Library kernel32.dll:
0x45f200 TlsSetValue
0x45f204 TlsGetValue
0x45f208 LocalAlloc
0x45f20c GetModuleHandleA
Library advapi32.dll:
0x45f214 RegQueryValueExA
0x45f218 RegOpenKeyExA
0x45f21c RegCloseKey
Library kernel32.dll:
0x45f224 lstrcpyA
0x45f228 lstrcmpA
0x45f22c WriteFile
0x45f230 WaitForSingleObject
0x45f234 VirtualQuery
0x45f238 VirtualProtect
0x45f23c VirtualAlloc
0x45f240 Sleep
0x45f244 SizeofResource
0x45f248 SetThreadLocale
0x45f24c SetFilePointer
0x45f250 SetEvent
0x45f254 SetErrorMode
0x45f258 SetEndOfFile
0x45f25c ResetEvent
0x45f260 ReadFile
0x45f264 MulDiv
0x45f268 LockResource
0x45f26c LoadResource
0x45f270 LoadLibraryA
0x45f27c GlobalUnlock
0x45f280 GlobalReAlloc
0x45f284 GlobalHandle
0x45f288 GlobalLock
0x45f28c GlobalFree
0x45f290 GlobalFindAtomA
0x45f294 GlobalDeleteAtom
0x45f298 GlobalAlloc
0x45f29c GlobalAddAtomA
0x45f2a0 GetVersionExA
0x45f2a4 GetVersion
0x45f2a8 GetTickCount
0x45f2ac GetThreadLocale
0x45f2b4 GetSystemTime
0x45f2b8 GetSystemInfo
0x45f2bc GetStringTypeExA
0x45f2c0 GetStdHandle
0x45f2c4 GetProcAddress
0x45f2c8 GetModuleHandleA
0x45f2cc GetModuleFileNameA
0x45f2d0 GetLocaleInfoA
0x45f2d4 GetLocalTime
0x45f2d8 GetLastError
0x45f2dc GetFullPathNameA
0x45f2e0 GetDiskFreeSpaceA
0x45f2e4 GetDateFormatA
0x45f2e8 GetCurrentThreadId
0x45f2ec GetCurrentProcessId
0x45f2f0 GetCPInfo
0x45f2f4 GetACP
0x45f2f8 FreeResource
0x45f2fc InterlockedExchange
0x45f300 FreeLibrary
0x45f304 FormatMessageA
0x45f308 FindResourceA
0x45f310 ExitThread
0x45f314 ExitProcess
0x45f318 EnumCalendarInfoA
0x45f324 CreateThread
0x45f328 CreateFileA
0x45f32c CreateEventA
0x45f330 CompareStringA
0x45f334 CloseHandle
Library version.dll:
0x45f33c VerQueryValueA
0x45f344 GetFileVersionInfoA
Library gdi32.dll:
0x45f34c UnrealizeObject
0x45f350 StretchBlt
0x45f354 SetWindowOrgEx
0x45f358 SetViewportOrgEx
0x45f35c SetTextColor
0x45f360 SetStretchBltMode
0x45f364 SetROP2
0x45f368 SetPixel
0x45f36c SetDIBColorTable
0x45f370 SetBrushOrgEx
0x45f374 SetBkMode
0x45f378 SetBkColor
0x45f37c SelectPalette
0x45f380 SelectObject
0x45f384 SelectClipPath
0x45f388 SaveDC
0x45f38c RestoreDC
0x45f390 Rectangle
0x45f394 RectVisible
0x45f398 RealizePalette
0x45f39c PatBlt
0x45f3a0 MoveToEx
0x45f3a4 MaskBlt
0x45f3a8 LineTo
0x45f3ac IntersectClipRect
0x45f3b0 GetWindowOrgEx
0x45f3b4 GetTextMetricsA
0x45f3c0 GetStockObject
0x45f3c4 GetPixel
0x45f3c8 GetPaletteEntries
0x45f3cc GetObjectA
0x45f3d0 GetDeviceCaps
0x45f3d4 GetDIBits
0x45f3d8 GetDIBColorTable
0x45f3dc GetDCOrgEx
0x45f3e4 GetClipBox
0x45f3e8 GetBrushOrgEx
0x45f3ec GetBitmapBits
0x45f3f0 ExcludeClipRect
0x45f3f4 DeleteObject
0x45f3f8 DeleteDC
0x45f3fc CreateSolidBrush
0x45f400 CreatePenIndirect
0x45f404 CreatePalette
0x45f40c CreateFontIndirectA
0x45f410 CreateDIBitmap
0x45f414 CreateDIBSection
0x45f418 CreateCompatibleDC
0x45f420 CreateBrushIndirect
0x45f424 CreateBitmap
0x45f428 BitBlt
Library user32.dll:
0x45f430 CreateWindowExA
0x45f434 WindowFromPoint
0x45f438 WinHelpA
0x45f43c WaitMessage
0x45f440 UpdateWindow
0x45f444 UnregisterClassA
0x45f448 UnhookWindowsHookEx
0x45f44c TranslateMessage
0x45f454 TrackPopupMenu
0x45f45c ShowWindow
0x45f460 ShowScrollBar
0x45f464 ShowOwnedPopups
0x45f468 ShowCursor
0x45f46c SetWindowsHookExA
0x45f470 SetWindowTextA
0x45f474 SetWindowPos
0x45f478 SetWindowPlacement
0x45f47c SetWindowLongA
0x45f480 SetTimer
0x45f484 SetScrollRange
0x45f488 SetScrollPos
0x45f48c SetScrollInfo
0x45f490 SetRect
0x45f494 SetPropA
0x45f498 SetParent
0x45f49c SetMenuItemInfoA
0x45f4a0 SetMenu
0x45f4a4 SetForegroundWindow
0x45f4a8 SetFocus
0x45f4ac SetCursor
0x45f4b0 SetClassLongA
0x45f4b4 SetCapture
0x45f4b8 SetActiveWindow
0x45f4bc SendMessageA
0x45f4c0 ScrollWindow
0x45f4c4 ScreenToClient
0x45f4c8 RemovePropA
0x45f4cc RemoveMenu
0x45f4d0 ReleaseDC
0x45f4d4 ReleaseCapture
0x45f4e0 RegisterClassA
0x45f4e4 RedrawWindow
0x45f4e8 PtInRect
0x45f4ec PostQuitMessage
0x45f4f0 PostMessageA
0x45f4f4 PeekMessageA
0x45f4f8 OffsetRect
0x45f4fc OemToCharA
0x45f500 MessageBoxA
0x45f504 MapWindowPoints
0x45f508 MapVirtualKeyA
0x45f50c LoadStringA
0x45f510 LoadKeyboardLayoutA
0x45f514 LoadIconA
0x45f518 LoadCursorA
0x45f51c LoadBitmapA
0x45f520 KillTimer
0x45f524 IsZoomed
0x45f528 IsWindowVisible
0x45f52c IsWindowEnabled
0x45f530 IsWindow
0x45f534 IsRectEmpty
0x45f538 IsIconic
0x45f53c IsDialogMessageA
0x45f540 IsChild
0x45f544 InvalidateRect
0x45f548 IntersectRect
0x45f54c InsertMenuItemA
0x45f550 InsertMenuA
0x45f554 InflateRect
0x45f55c GetWindowTextA
0x45f560 GetWindowRect
0x45f564 GetWindowPlacement
0x45f568 GetWindowLongA
0x45f56c GetWindowDC
0x45f570 GetTopWindow
0x45f574 GetSystemMetrics
0x45f578 GetSystemMenu
0x45f57c GetSysColorBrush
0x45f580 GetSysColor
0x45f584 GetSubMenu
0x45f588 GetScrollRange
0x45f58c GetScrollPos
0x45f590 GetScrollInfo
0x45f594 GetPropA
0x45f598 GetParent
0x45f59c GetWindow
0x45f5a0 GetMenuStringA
0x45f5a4 GetMenuState
0x45f5a8 GetMenuItemInfoA
0x45f5ac GetMenuItemID
0x45f5b0 GetMenuItemCount
0x45f5b4 GetMenu
0x45f5b8 GetLastActivePopup
0x45f5bc GetKeyboardState
0x45f5c4 GetKeyboardLayout
0x45f5c8 GetKeyState
0x45f5cc GetKeyNameTextA
0x45f5d0 GetIconInfo
0x45f5d4 GetForegroundWindow
0x45f5d8 GetFocus
0x45f5dc GetDesktopWindow
0x45f5e0 GetDCEx
0x45f5e4 GetDC
0x45f5e8 GetCursorPos
0x45f5ec GetCursor
0x45f5f0 GetClientRect
0x45f5f4 GetClassNameA
0x45f5f8 GetClassInfoA
0x45f5fc GetCapture
0x45f600 GetActiveWindow
0x45f604 FrameRect
0x45f608 FindWindowA
0x45f60c FillRect
0x45f610 EqualRect
0x45f614 EnumWindows
0x45f618 EnumThreadWindows
0x45f61c EndPaint
0x45f620 EnableWindow
0x45f624 EnableScrollBar
0x45f628 EnableMenuItem
0x45f62c DrawTextA
0x45f630 DrawMenuBar
0x45f634 DrawIconEx
0x45f638 DrawIcon
0x45f63c DrawFrameControl
0x45f640 DrawEdge
0x45f644 DispatchMessageA
0x45f648 DestroyWindow
0x45f64c DestroyMenu
0x45f650 DestroyIcon
0x45f654 DestroyCursor
0x45f658 DeleteMenu
0x45f65c DefWindowProcA
0x45f660 DefMDIChildProcA
0x45f664 DefFrameProcA
0x45f668 CreatePopupMenu
0x45f66c CreateMenu
0x45f670 CreateIcon
0x45f674 ClientToScreen
0x45f678 CheckMenuItem
0x45f67c CallWindowProcA
0x45f680 CallNextHookEx
0x45f684 BeginPaint
0x45f688 CharNextA
0x45f68c CharLowerA
0x45f690 CharToOemA
0x45f694 AdjustWindowRectEx
Library kernel32.dll:
0x45f6a0 Sleep
Library oleaut32.dll:
0x45f6a8 SafeArrayPtrOfIndex
0x45f6ac SafeArrayGetUBound
0x45f6b0 SafeArrayGetLBound
0x45f6b4 SafeArrayCreate
0x45f6b8 VariantChangeType
0x45f6bc VariantCopy
0x45f6c0 VariantClear
0x45f6c4 VariantInit
Library ole32.dll:
0x45f6cc CoTaskMemAlloc
0x45f6d0 CoCreateInstance
0x45f6d4 CoUninitialize
0x45f6d8 CoInitialize
Library comctl32.dll:
0x45f6e8 ImageList_Write
0x45f6ec ImageList_Read
0x45f6fc ImageList_DragMove
0x45f700 ImageList_DragLeave
0x45f704 ImageList_DragEnter
0x45f708 ImageList_EndDrag
0x45f70c ImageList_BeginDrag
0x45f710 ImageList_Remove
0x45f714 ImageList_DrawEx
0x45f718 ImageList_Draw
0x45f728 ImageList_Add
0x45f730 ImageList_Destroy
0x45f734 ImageList_Create
0x45f738 InitCommonControls
Library comdlg32.dll:
0x45f740 ChooseColorA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.