6.6
高危
60 个模型检测该样本为恶意!
重新分析
更多

6db8186bb85e3dd446d86408b81725e268f375a06c49fcece7ddfb67171bceca

d501590740a1cb65304a1ba0f58077ab.exe

分析耗时

38s

最近分析

文件大小

2.1MB
静态报毒 动态报毒 100% AGEN AI SCORE=84 AIDETECTVM BANKERX BSCOPE CLASSIC CONFIDENCE EKW@ASQ4TOO ELDORADO ENCPK GENCIRC GENETIC GENKRYPTIK HACKTOOL HBR@8QRQPO HCNX HIFIWJ HIGH CONFIDENCE INJECT3 KRAP KRYPTIK LKMC MALICIOUS PE MALWARE1 MINT PINKSBOT QAKBOT QBOT QVM20 R + MAL R331573 REGOTET SCORE STATIC AI SUSGEN TROJANBANKER UNSAFE WACATAC YO252R3FFBO ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanBanker:Win32/Qakbot.ebae0dec 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:BankerX-gen [Trj] 20201210 21.1.5827.0
McAfee W32/PinkSbot-GN!D501590740A1 20201211 6.0.6.653
Tencent Malware.Win32.Gencirc.10b9c13d 20201211 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619913399.250876
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619913409.093876
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619913400.375876
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Command line console output was observed (28 个事件)
Time & API Arguments Status Return Repeated
1619913411.000876
WriteConsoleA
buffer: ÕýÔÚ Ping 127.0.0.1
console_handle: 0x00000007
success 1 0
1619913411.031876
WriteConsoleA
buffer: ¾ßÓÐ 32 ×Ö½ÚµÄÊý¾Ý:
console_handle: 0x00000007
success 1 0
1619913411.078876
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619913411.078876
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619913411.093876
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619913411.093876
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619913412.109876
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619913412.140876
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619913412.156876
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619913412.171876
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619913413.265876
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619913413.265876
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619913413.265876
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619913413.265876
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619913414.265876
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619913414.265876
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619913414.265876
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619913414.265876
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619913415.265876
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619913415.265876
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619913415.265876
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619913415.265876
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619913416.265876
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619913416.265876
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619913416.265876
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619913416.265876
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619913416.281876
WriteConsoleA
buffer: 127.0.0.1 µÄ Ping ͳ¼ÆÐÅÏ¢: Êý¾Ý°ü: ÒÑ·¢ËÍ = 6£¬ÒѽÓÊÕ = 6£¬¶ªÊ§ = 0 (0% ¶ªÊ§)£¬
console_handle: 0x00000007
success 1 0
1619913416.296876
WriteConsoleA
buffer: Íù·µÐг̵ĹÀ¼Æʱ¼ä(ÒÔºÁÃëΪµ¥Î»): ×î¶Ì = 0ms£¬× = 0ms£¬Æ½¾ù = 0ms
console_handle: 0x00000007
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619913410.953876
GlobalMemoryStatusEx
success 1 0
One or more processes crashed (4 个事件)
Time & API Arguments Status Return Repeated
1619913409.093876
__exception__
stacktrace: 
RtlConvertSidToUnicodeString+0x28 RtlFormatCurrentUserKeyPath-0x257 ntdll+0x3aeea @ 0x77d6aeea
ConvertSidToStringSidW+0x24 CopySid-0xe6 advapi32+0x14368 @ 0x76554368
d501590740a1cb65304a1ba0f58077ab+0xa5b6 @ 0x40a5b6
d501590740a1cb65304a1ba0f58077ab+0x8853 @ 0x408853
d501590740a1cb65304a1ba0f58077ab+0x8451 @ 0x408451
d501590740a1cb65304a1ba0f58077ab+0x8ec9 @ 0x408ec9
d501590740a1cb65304a1ba0f58077ab+0x17cc @ 0x4017cc
d501590740a1cb65304a1ba0f58077ab+0x1c66 @ 0x401c66
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1632744
registers.edi: 0
registers.eax: 940842830
registers.ebp: 1632784
registers.edx: 8
registers.ebx: 1
registers.esi: 940842830
registers.ecx: 940842830
exception.instruction_r: 8a 08 80 e1 0f 80 f9 01 75 24 8a 48 01 80 f9 0f
exception.symbol: RtlValidSid+0x17 RtlCopySid-0x3e ntdll+0x392a9
exception.instruction: mov cl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 234153
exception.address: 0x77d692a9
success 0 0
1619913409.171876
__exception__
stacktrace: 
EqualSid+0x19 EqualPrefixSid-0xc kernelbase+0x1bfe3 @ 0x778fbfe3
d501590740a1cb65304a1ba0f58077ab+0x84c8 @ 0x4084c8
d501590740a1cb65304a1ba0f58077ab+0xa27c @ 0x40a27c
d501590740a1cb65304a1ba0f58077ab+0xa2b7 @ 0x40a2b7
d501590740a1cb65304a1ba0f58077ab+0x8f66 @ 0x408f66
d501590740a1cb65304a1ba0f58077ab+0x17cc @ 0x4017cc
d501590740a1cb65304a1ba0f58077ab+0x1c66 @ 0x401c66
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634132
registers.edi: 940842830
registers.eax: 1281
registers.ebp: 1634140
registers.edx: 0
registers.ebx: 39123208
registers.esi: 39123208
registers.ecx: 2130563072
exception.instruction_r: 66 3b 07 0f 85 e1 ef ff ff 0f b6 4e 01 33 c0 8d
exception.symbol: RtlEqualSid+0x10 RtlSetCriticalSectionSpinCount-0x26 ntdll+0x394c1
exception.instruction: cmp ax, word ptr [edi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 234689
exception.address: 0x77d694c1
success 0 0
1619913401.078876
__exception__
stacktrace: 
d501590740a1cb65304a1ba0f58077ab+0x3daa @ 0x403daa
d501590740a1cb65304a1ba0f58077ab+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 2639664
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: d501590740a1cb65304a1ba0f58077ab+0x33cc
exception.instruction: in eax, dx
exception.module: d501590740a1cb65304a1ba0f58077ab.exe
exception.exception_code: 0xc0000096
exception.offset: 13260
exception.address: 0x4033cc
success 0 0
1619913401.078876
__exception__
stacktrace: 
d501590740a1cb65304a1ba0f58077ab+0x3db3 @ 0x403db3
d501590740a1cb65304a1ba0f58077ab+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637628
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 2639664
registers.ecx: 20
exception.instruction_r: ed 89 45 e4 5a 59 5b 58 83 4d fc ff eb 11 33 c0
exception.symbol: d501590740a1cb65304a1ba0f58077ab+0x3465
exception.instruction: in eax, dx
exception.module: d501590740a1cb65304a1ba0f58077ab.exe
exception.exception_code: 0xc0000096
exception.offset: 13413
exception.address: 0x403465
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1619913399.062876
NtAllocateVirtualMemory
process_identifier: 392
region_size: 233472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00620000
success 0 0
1619913399.078876
NtAllocateVirtualMemory
process_identifier: 392
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00660000
success 0 0
1619913399.093876
NtProtectVirtualMemory
process_identifier: 392
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 245760
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619913400.312876
NtAllocateVirtualMemory
process_identifier: 200
region_size: 233472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01df0000
success 0 0
1619913400.312876
NtAllocateVirtualMemory
process_identifier: 200
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01e30000
success 0 0
1619913400.312876
NtProtectVirtualMemory
process_identifier: 200
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 245760
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d501590740a1cb65304a1ba0f58077ab.exe
Creates a suspicious process (2 个事件)
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d501590740a1cb65304a1ba0f58077ab.exe"
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d501590740a1cb65304a1ba0f58077ab.exe"
A process created a hidden window (2 个事件)
Time & API Arguments Status Return Repeated
1619913400.078876
CreateProcessInternalW
thread_identifier: 2368
thread_handle: 0x00000154
process_identifier: 200
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d501590740a1cb65304a1ba0f58077ab.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000158
inherit_handles: 0
success 1 0
1619913409.890876
ShellExecuteExW
parameters: /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d501590740a1cb65304a1ba0f58077ab.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (5 个事件)
Uses Windows utilities for basic Windows functionality (3 个事件)
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d501590740a1cb65304a1ba0f58077ab.exe"
cmdline ping.exe -n 6 127.0.0.1
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d501590740a1cb65304a1ba0f58077ab.exe"
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 58.63.233.69
Detects VMWare through the in instruction feature (1 个事件)
Time & API Arguments Status Return Repeated
1619913401.078876
__exception__
stacktrace: 
d501590740a1cb65304a1ba0f58077ab+0x3daa @ 0x403daa
d501590740a1cb65304a1ba0f58077ab+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 2639664
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: d501590740a1cb65304a1ba0f58077ab+0x33cc
exception.instruction: in eax, dx
exception.module: d501590740a1cb65304a1ba0f58077ab.exe
exception.exception_code: 0xc0000096
exception.offset: 13260
exception.address: 0x4033cc
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.27.142:443
File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Heur.Mint.Regotet.1
FireEye Generic.mg.d501590740a1cb65
Qihoo-360 Generic/HEUR/QVM20.1.66B3.Malware.Gen
ALYac Trojan.Agent.Wacatac
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
AegisLab Hacktool.Win32.Krap.lKMc
Sangfor Malware
K7AntiVirus Trojan ( 0056422d1 )
Alibaba TrojanBanker:Win32/Qakbot.ebae0dec
K7GW Trojan ( 0056422d1 )
Cybereason malicious.ad2043
Cyren W32/S-cf416176!Eldorado
Symantec Packed.Generic.459
APEX Malicious
Paloalto generic.ml
ClamAV Win.Dropper.Qakbot-7684636-0
Kaspersky HEUR:Trojan-Banker.Win32.Qbot.vho
BitDefender Gen:Heur.Mint.Regotet.1
NANO-Antivirus Trojan.Win32.Qbot.hifiwj
Avast Win32:BankerX-gen [Trj]
Rising Trojan.Kryptik!1.C427 (CLASSIC)
Ad-Aware Gen:Heur.Mint.Regotet.1
Emsisoft Gen:Heur.Mint.Regotet.1 (B)
Comodo TrojWare.Win32.Kryptik.HBR@8qrqpo
F-Secure Heuristic.HEUR/AGEN.1133868
DrWeb Trojan.Inject3.37922
Zillya Trojan.Qbot.Win32.8044
TrendMicro Backdoor.Win32.QAKBOT.SME
McAfee-GW-Edition W32/PinkSbot-GN!D501590740A1
Sophos Mal/Generic-R + Mal/EncPk-APV
SentinelOne Static AI - Malicious PE
Jiangmin Trojan.Banker.Qbot.mq
Avira HEUR/AGEN.1133868
Antiy-AVL Trojan/Win32.Wacatac
Gridinsoft Trojan.Win32.Kryptik.ba!s2
Microsoft Trojan:Win32/Qakbot.CK!MTB
ZoneAlarm HEUR:Trojan-Banker.Win32.Qbot.vho
GData Gen:Heur.Mint.Regotet.1
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Kryptik.R331573
Acronis suspicious
McAfee W32/PinkSbot-GN!D501590740A1
MAX malware (ai score=84)
VBA32 BScope.TrojanBanker.Qbot
Malwarebytes Trojan.MalPack.RND
ESET-NOD32 a variant of Win32/Kryptik.HCNX
TrendMicro-HouseCall Backdoor.Win32.QAKBOT.SME
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-04-06 21:48:06

Imports

Library KERNEL32.dll:
0x6102c8 VirtualAlloc
0x6102cc GetModuleHandleW
0x6102d0 OpenProcess
0x6102d4 GetModuleFileNameW
0x6102d8 GetModuleHandleA
0x6102dc LoadLibraryA
0x6102e0 LocalAlloc
0x6102e4 LocalFree
0x6102e8 GetModuleFileNameA
0x6102ec ExitProcess
0x6102f0 WriteConsoleInputW
0x6102f4 FreeConsole
0x6102f8 lstrcpynA
0x610304 SetCommBreak
0x610308 FlushViewOfFile
0x610314 DeviceIoControl
0x610318 Heap32ListNext
0x61031c VirtualProtect
0x610320 GetMailslotInfo
0x610324 GetProfileIntW
0x610328 VerLanguageNameA
0x61032c DebugActiveProcess
0x610330 SwitchToFiber
0x610334 GetLocaleInfoW
0x61033c CreateMailslotW
0x610340 ReadConsoleA
0x610344 HeapFree
0x610348 LocalCompact
0x61034c SetTapeParameters
0x610350 SetMailslotInfo
0x610354 CallNamedPipeW
0x610358 CreateJobObjectW
0x61035c SetFileAttributesA
0x610360 Process32FirstW
0x610368 CancelWaitableTimer
0x61036c FoldStringA
0x610374 CreateThread
0x610378 SetComputerNameExA
0x61037c EnumCalendarInfoA
0x610380 IsDebuggerPresent
0x610388 HeapAlloc
0x61038c RtlUnwind
0x610390 HeapReAlloc
0x610394 RaiseException
0x610398 HeapSize
0x61039c VirtualQuery
0x6103a0 GetStdHandle
0x6103ac SetHandleCount
0x6103b0 GetFileType
0x6103b4 GetStartupInfoA
0x6103b8 HeapCreate
0x6103bc VirtualFree
0x6103c4 GetCPInfo
0x6103c8 GetACP
0x6103d0 IsValidCodePage
0x6103d8 GetTimeFormatA
0x6103dc GetDateFormatA
0x6103e0 GetConsoleCP
0x6103e4 GetConsoleMode
0x6103ec LCMapStringA
0x6103f0 LCMapStringW
0x6103f4 GetStringTypeA
0x6103f8 GetStringTypeW
0x6103fc GetLocaleInfoA
0x610400 WriteConsoleA
0x610404 GetConsoleOutputCP
0x610408 WriteConsoleW
0x61040c SetStdHandle
0x610410 CreateFileA
0x61041c TerminateProcess
0x610420 GetStartupInfoW
0x610424 GetTickCount
0x610428 GetFileTime
0x61042c GetFileSizeEx
0x610430 GetFileAttributesW
0x610438 SetErrorMode
0x610440 lstrlenA
0x610448 TlsFree
0x610450 LocalReAlloc
0x610454 TlsSetValue
0x610458 TlsAlloc
0x610460 GlobalHandle
0x610464 GlobalReAlloc
0x61046c TlsGetValue
0x610474 GlobalFlags
0x610478 CreateFileW
0x61047c GetFullPathNameW
0x610484 FindFirstFileW
0x610488 FindClose
0x61048c GetCurrentProcess
0x610490 DuplicateHandle
0x610494 GetFileSize
0x610498 SetEndOfFile
0x61049c UnlockFile
0x6104a0 LockFile
0x6104a4 FlushFileBuffers
0x6104a8 SetFilePointer
0x6104ac WriteFile
0x6104b0 ReadFile
0x6104b4 GetThreadLocale
0x6104bc GlobalFindAtomW
0x6104c0 GetVersionExW
0x6104c4 CompareStringW
0x6104c8 GetVersionExA
0x6104cc MulDiv
0x6104d0 GetCurrentProcessId
0x6104d4 GlobalAddAtomW
0x6104d8 SetLastError
0x6104dc GlobalUnlock
0x6104e0 lstrlenW
0x6104e8 FreeResource
0x6104ec GlobalFree
0x6104f0 GlobalDeleteAtom
0x6104f4 GetCurrentThread
0x6104f8 GetCurrentThreadId
0x610504 lstrcmpA
0x610508 LoadLibraryW
0x61050c CompareStringA
0x610510 InterlockedExchange
0x610514 GlobalLock
0x610518 lstrcmpW
0x61051c GlobalAlloc
0x610520 FreeLibrary
0x610528 GetSystemInfo
0x61052c GetProcAddress
0x610530 FormatMessageW
0x610534 Sleep
0x610538 MultiByteToWideChar
0x61053c WideCharToMultiByte
0x610540 CloseHandle
0x610544 GetLastError
0x610548 DeleteFileW
0x61054c GetCommandLineW
0x610550 FindResourceW
0x610554 LoadResource
0x610558 LockResource
0x61055c GetOEMCP
0x610560 SizeofResource
Library USER32.dll:
0x610568 LoadIconA
0x61056c CharNextW
0x610570 GetForegroundWindow
0x610574 SetWindowsHookW
0x610578 IMPSetIMEW
0x61057c KillTimer
0x610580 DrawFocusRect
0x610584 InvertRect
0x610588 GetMenuStringW
0x610590 CheckDlgButton
0x610594 EndMenu
0x610598 CreateDialogParamA
0x61059c SetWindowLongA
0x6105a0 GetDesktopWindow
0x6105a4 CreateMDIWindowW
0x6105a8 MonitorFromRect
0x6105ac GetKBCodePage
0x6105b0 FindWindowW
0x6105b4 wvsprintfW
0x6105bc GetListBoxInfo
0x6105c0 IsCharLowerA
0x6105c4 ModifyMenuW
0x6105c8 CopyIcon
0x6105cc TrackPopupMenu
0x6105d0 CreateCursor
0x6105d4 DrawStateW
0x6105d8 CloseDesktop
0x6105dc DestroyWindow
0x6105e4 GetClipCursor
0x6105e8 IsDialogMessage
0x6105ec GetMenuItemRect
0x6105f0 ChangeMenuW
0x6105f4 GetLastInputInfo
0x6105f8 GetAltTabInfoA
0x610600 FindWindowExA
0x610604 GetNextDlgGroupItem
0x61060c SetMenuItemInfoA
0x610610 PostThreadMessageW
0x610614 MessageBeep
0x610618 InvalidateRgn
0x61061c InvalidateRect
0x610620 SetRect
0x610624 IsRectEmpty
0x610628 ReleaseCapture
0x61062c LoadCursorW
0x610630 SetCapture
0x610634 CharUpperW
0x610638 EndPaint
0x61063c BeginPaint
0x610640 GetWindowDC
0x610644 ClientToScreen
0x610648 GrayStringW
0x61064c DrawTextExW
0x610650 DrawTextW
0x610654 TabbedTextOutW
0x610658 DestroyMenu
0x61065c ShowWindow
0x610660 MoveWindow
0x610664 SetWindowTextW
0x610668 IsDialogMessageW
0x610670 SendDlgItemMessageW
0x610674 SendDlgItemMessageA
0x610678 WinHelpW
0x61067c IsChild
0x610680 GetCapture
0x610684 GetClassLongW
0x610688 GetClassNameW
0x61068c SetPropW
0x610690 GetPropW
0x610694 RemovePropW
0x610698 SetFocus
0x6106a0 GetWindowTextW
0x6106a4 GetTopWindow
0x6106a8 UnhookWindowsHookEx
0x6106ac GetMessageTime
0x6106b0 GetMessagePos
0x6106b4 SetMenu
0x6106b8 SetForegroundWindow
0x6106bc UpdateWindow
0x6106c0 CreateWindowExW
0x6106c4 GetClassInfoExW
0x6106c8 GetClassInfoW
0x6106cc RegisterClassW
0x6106d0 GetSysColor
0x6106d4 AdjustWindowRectEx
0x6106d8 EqualRect
0x6106dc PtInRect
0x6106e0 GetDlgCtrlID
0x6106e4 DefWindowProcW
0x6106e8 CallWindowProcW
0x6106ec GetMenu
0x6106f0 SetWindowLongW
0x6106f4 OffsetRect
0x6106f8 IntersectRect
0x610700 GetWindowPlacement
0x610704 GetWindowRect
0x610708 GetMenuItemID
0x61070c GetMenuItemCount
0x610710 GetSubMenu
0x610718 GetLastActivePopup
0x61071c SetCursor
0x610720 SetWindowsHookExW
0x610724 CallNextHookEx
0x610728 GetMessageW
0x61072c TranslateMessage
0x610730 IsWindowVisible
0x610734 GetKeyState
0x610738 GetCursorPos
0x61073c ValidateRect
0x610740 SetMenuItemBitmaps
0x610748 LoadBitmapW
0x610750 GetFocus
0x610754 UnregisterClassW
0x610758 GetSysColorBrush
0x61075c GetMenuState
0x610760 EnableMenuItem
0x610764 CheckMenuItem
0x610768 ReleaseDC
0x61076c GetDC
0x610770 CopyRect
0x610774 GetActiveWindow
0x610778 SetActiveWindow
0x610780 IsWindow
0x610784 GetWindowLongW
0x610788 GetDlgItem
0x61078c IsWindowEnabled
0x610790 GetNextDlgTabItem
0x610794 EndDialog
0x610798 GetWindow
0x6107a0 GetParent
0x6107a4 MapDialogRect
0x6107a8 SetWindowPos
0x6107ac PostQuitMessage
0x6107b0 PostMessageW
0x6107b4 MessageBoxW
0x6107b8 DispatchMessageW
0x6107bc PeekMessageW
0x6107c4 DrawIcon
0x6107c8 GetClientRect
0x6107cc GetSystemMetrics
0x6107d0 IsIconic
0x6107d4 SendMessageW
0x6107d8 AppendMenuW
0x6107dc GetSystemMenu
0x6107e0 LoadIconW
0x6107e4 EnableWindow
0x6107e8 MapWindowPoints
Library GDI32.dll:
0x6107f0 GetStockObject
0x6107f4 RealizePalette
0x6107fc EngAcquireSemaphore
0x610804 SetColorSpace
0x610808 ResetDCW
0x61080c bMakePathNameW
0x610810 CreateDCW
0x610814 GdiResetDCEMF
0x610818 GdiFlush
0x61081c GetKerningPairsW
0x610820 GetBkColor
0x610828 GetDeviceGammaRamp
0x61082c RoundRect
0x610830 FONTOBJ_cGetGlyphs
0x610834 DeleteObject
0x610838 PtVisible
0x61083c GetRegionData
0x610840 CreatePolygonRgn
0x610844 SelectPalette
0x610848 STROBJ_bEnum
0x61084c EngDeleteClip
0x610854 EngTextOut
0x610858 FillRgn
0x610860 SetMetaFileBitsEx
0x610868 DescribePixelFormat
0x61086c CreateEnhMetaFileA
0x610874 GetDCOrgEx
0x610878 LineTo
0x61087c GdiStartPageEMF
0x610880 SetTextAlign
0x610884 CreateRectRgn
0x610888 GdiPrinterThunk
0x61088c ExtSelectClipRgn
0x610890 GetMapMode
0x610894 DeleteDC
0x610898 GetTextColor
0x61089c GetWindowExtEx
0x6108a0 GetViewportExtEx
0x6108a4 ScaleWindowExtEx
0x6108a8 SetWindowExtEx
0x6108ac ScaleViewportExtEx
0x6108b0 SetViewportExtEx
0x6108b4 OffsetViewportOrgEx
0x6108b8 SetViewportOrgEx
0x6108bc SelectObject
0x6108c0 Escape
0x6108c4 TextOutW
0x6108c8 RectVisible
0x6108cc GetRgnBox
0x6108d4 SetMapMode
0x6108d8 RestoreDC
0x6108dc SaveDC
0x6108e0 ExtTextOutW
0x6108e4 GetObjectW
0x6108e8 SetBkColor
0x6108ec SetTextColor
0x6108f0 GetClipBox
0x6108f4 GetDeviceCaps
0x6108f8 CreateBitmap
Library COMDLG32.dll:
0x610900 GetFileTitleW
Library ADVAPI32.dll:
0x610908 RegOpenKeyA
0x61090c RegQueryValueExA
0x610910 GetTokenInformation
0x610914 RegCreateKeyExW
0x610918 RegQueryValueW
0x61091c RegOpenKeyW
0x610920 RegEnumKeyW
0x610924 RegDeleteKeyW
0x610928 RegSetValueExW
0x610930 RegOpenKeyExW
0x610934 RegQueryValueExW
0x610938 RegCloseKey
0x61093c CryptReleaseContext
0x610940 CryptDestroyHash
0x610944 CryptGetHashParam
0x610948 CryptHashData
0x61094c CryptCreateHash
Library SHELL32.dll:
0x610954 CommandLineToArgvW
0x61095c SHGetSettings
0x610960 ExtractIconEx
0x610964 DragQueryFile
0x610968 DragQueryFileA
0x610978 SHBrowseForFolder
0x61097c ExtractIconExA
0x610988 SHBindToParent
0x610990 ExtractIconW
0x610994 SHChangeNotify
0x610998 SHFileOperationW
0x6109a4 SHBrowseForFolderW
0x6109ac ShellExecuteW
Library ole32.dll:
0x6109b4 OleInitialize
0x6109bc OleUninitialize
0x6109cc CoGetClassObject
0x6109d0 OleFlushClipboard
0x6109d4 CoTaskMemAlloc
0x6109d8 CoTaskMemFree
0x6109dc CLSIDFromString
0x6109e0 CLSIDFromProgID
0x6109e8 CoRevokeClassObject
Library SHLWAPI.dll:
0x6109f4 StrRChrW
0x6109f8 StrChrW
0x6109fc StrChrA
0x610a00 PathFileExistsW
0x610a04 PathFindExtensionW
0x610a08 PathStripToRootW
0x610a0c PathIsUNCW
0x610a10 PathFindFileNameW
Library COMCTL32.dll:

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 63497 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 60215 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50003 239.255.255.250 3702
192.168.56.101 50005 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.