4.0
中危
51 个模型检测该样本为恶意!
重新分析
更多

b1edf0682b7141bf0f7bc1f18a02e74d3b81e2d03aa7427d81761267eabb57d5

d5503ae6cae9c99841855e3b82e7bc56.exe

分析耗时

75s

最近分析

文件大小

2.1MB
静态报毒 动态报毒 09XO4LGGFGMSHVEXPGXG4Q 100% AI SCORE=83 ARTEMIS ATTRIBUTE BSCOPE CONFIDENCE DROPBACK GENERIC@ML GRAFTOR GS0@AQA6DEEI HCEM HGQLMR HIGH CONFIDENCE HIGHCONFIDENCE INJECT3 KRYPTIK MALICIOUS PE MALWARE@#2DYCKOTFOZK75 OCCAMY RDMK SCORE STATIC AI UNSAFE URSNIF VAEZ WACATAC WQCM YAKES ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!D5503AE6CAE9 20201229 6.0.6.653
Alibaba TrojanDropper:Win32/Dropback.f200889d 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201229 21.1.5827.0
Kingsoft 20201229 2017.9.26.565
Tencent Win32.Trojan-dropper.Dropback.Wqcm 20201229 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619910847.900608
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619910860.869608
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916488.481896
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619910846.885608
GlobalMemoryStatusEx
success 1 0
The file contains an unknown PE resource name possibly indicative of a packer (4 个事件)
resource name 20
resource name CUSTOM
resource name RCDATA
resource name SCID
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (50 out of 210 个事件)
Time & API Arguments Status Return Repeated
1619910849.978608
NtAllocateVirtualMemory
process_identifier: 152
region_size: 184320
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02310000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00401000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00402000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00403000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00404000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00405000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00406000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00407000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00408000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00409000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0040a000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0040b000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0040c000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0040d000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0040e000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0040f000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00410000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00411000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00412000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00413000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00414000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00415000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00416000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00417000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00418000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00419000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0041a000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0041b000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0041c000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0041d000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0041e000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0041f000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00420000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00421000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00422000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00423000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00424000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00425000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00426000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00427000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00428000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00429000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0042a000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0042b000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0042c000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0042d000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0042e000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0042f000
success 0 0
1619910858.010608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00430000
success 0 0
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1619910860.869608
NtProtectVirtualMemory
process_identifier: 152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 20480
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffff
base_address: 0x10001000
success 0 0
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1619910860.822608
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d5503ae6cae9c99841855e3b82e7bc56.exe
newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Credentials\1782798\1782798.exe
newfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Credentials\1782798\1782798.exe
flags: 2
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d5503ae6cae9c99841855e3b82e7bc56.exe
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.981070859547023 section {'size_of_data': '0x001e4e00', 'virtual_address': '0x00039000', 'entropy': 7.981070859547023, 'name': '.rsrc', 'virtual_size': '0x001e4c0c'} description A section with a high entropy has been found
entropy 0.9033535165346995 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Graftor.722379
FireEye Generic.mg.d5503ae6cae9c998
McAfee Artemis!D5503AE6CAE9
Cylance Unsafe
K7AntiVirus Trojan ( 0056345e1 )
Alibaba TrojanDropper:Win32/Dropback.f200889d
K7GW Trojan ( 0056345e1 )
Cybereason malicious.6cae9c
Arcabit Trojan.Graftor.DB05CB
Cyren W32/Trojan.VAEZ-8272
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Trojan-gen
Kaspersky Trojan-Dropper.Win32.Dropback.kp
BitDefender Gen:Variant.Graftor.722379
NANO-Antivirus Trojan.Win32.Dropback.hgqlmr
Paloalto generic.ml
Rising Trojan.Generic@ML.94 (RDMK:09xO4lGGfgmsHvExPGxg4Q)
Ad-Aware Gen:Variant.Graftor.722379
Emsisoft Gen:Variant.Graftor.722379 (B)
Comodo Malware@#2dyckotfozk75
DrWeb Trojan.Inject3.36596
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win32.Dropper.vc
Sophos Mal/Generic-S
Ikarus Trojan-Banker.UrSnif
Jiangmin TrojanDropper.Dropback.fa
Webroot W32.Trojan.Gen
MAX malware (ai score=83)
Antiy-AVL Trojan[Dropper]/Win32.Dropback
Gridinsoft Trojan.Win32.Kryptik.ba
Microsoft Trojan:Win32/Occamy.CB1
AegisLab Trojan.Win32.Dropback.b!c
ZoneAlarm Trojan-Dropper.Win32.Dropback.kp
GData Gen:Variant.Graftor.722379
Cynet Malicious (score: 100)
Acronis suspicious
BitDefenderTheta Gen:NN.ZexaF.34700.gs0@aqa6dEei
ALYac Trojan.Agent.Wacatac
TACHYON Trojan-Dropper/W32.Dropback.2199552
VBA32 BScope.Trojan.Yakes
ESET-NOD32 a variant of Win32/Kryptik.HCEM
Tencent Win32.Trojan-dropper.Dropback.Wqcm
SentinelOne Static AI - Malicious PE
eGambit Unsafe.AI_Score_99%
Fortinet W32/Kryptik.HCEM!tr
AVG Win32:Trojan-gen
Panda Trj/CI.A
CrowdStrike win/malicious_confidence_100% (W)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-03-23 02:08:56

Imports

Library KERNEL32.dll:
0x424090 GetStringTypeW
0x424094 GetConsoleMode
0x424098 GetConsoleCP
0x42409c FlushFileBuffers
0x4240a0 OutputDebugStringW
0x4240a4 CreateFileW
0x4240b4 GetCurrentProcessId
0x4240bc GetModuleFileNameA
0x4240c0 LoadLibraryExW
0x4240c4 GetModuleHandleW
0x4240c8 TlsFree
0x4240cc TlsSetValue
0x4240d0 TlsGetValue
0x4240d4 TlsAlloc
0x4240d8 TerminateProcess
0x4240dc GetCurrentProcess
0x4240e0 Sleep
0x4240f0 LCMapStringW
0x4240f4 lstrcpynA
0x4240f8 SetFilePointerEx
0x4240fc SetEndOfFile
0x424100 ReadFile
0x424104 ReadConsoleW
0x424108 lstrcpyA
0x42410c LocalFree
0x424110 CloseHandle
0x424114 CreateMutexA
0x424118 LocalAlloc
0x42411c OpenMutexA
0x424120 VirtualAlloc
0x424124 GlobalUnlock
0x424128 MultiByteToWideChar
0x42412c CreateEventA
0x424130 SetStdHandle
0x424134 GetStartupInfoW
0x424138 GetFileType
0x42413c GetCPInfo
0x424140 GetOEMCP
0x424144 GetACP
0x424148 IsValidCodePage
0x42414c HeapSize
0x424154 GetCurrentThreadId
0x424158 SetLastError
0x42415c GetModuleFileNameW
0x424160 WriteFile
0x424164 GetStdHandle
0x424168 GetProcessHeap
0x42416c RtlUnwind
0x424170 RaiseException
0x424174 GetCommandLineA
0x42417c lstrlenA
0x424180 ExitProcess
0x424184 GetTempPathA
0x424188 FindFirstFileExW
0x42418c FindNextFileW
0x424190 FindClose
0x424194 IsDebuggerPresent
0x424198 AreFileApisANSI
0x42419c GetProcAddress
0x4241a0 GetModuleHandleExW
0x4241a4 HeapReAlloc
0x4241a8 WideCharToMultiByte
0x4241ac DecodePointer
0x4241b0 FormatMessageA
0x4241b4 GetTickCount
0x4241b8 WaitForSingleObject
0x4241bc LocalSize
0x4241c0 CompareStringW
0x4241c4 EncodePointer
0x4241d0 HeapAlloc
0x4241d4 HeapFree
0x4241d8 GetLastError
0x4241e0 GlobalLock
0x4241e4 WriteConsoleW
Library USER32.dll:
0x424258 FindWindowA
0x424260 MapWindowPoints
0x424264 GetSystemMetrics
0x424268 AdjustWindowRectEx
0x42426c MoveWindow
0x424270 EnableWindow
0x424274 LoadCursorA
0x424278 LoadStringA
0x42427c DispatchMessageA
0x424280 IsDlgButtonChecked
0x424284 ShowWindow
0x424288 GetCursorPos
0x42428c GetSysColor
0x424290 GetDlgItem
0x424294 PeekMessageA
0x424298 SetScrollPos
0x42429c CreateWindowExA
0x4242a0 InvalidateRect
0x4242a4 SetWindowLongA
0x4242a8 ClientToScreen
0x4242ac ScreenToClient
0x4242b0 GetWindowRect
0x4242b4 SetActiveWindow
0x4242bc SetKeyboardState
0x4242c4 SetForegroundWindow
0x4242c8 InsertMenuItemA
0x4242cc GetParent
0x4242d0 LoadIconA
0x4242d4 GetClientRect
0x4242d8 SendMessageA
0x4242dc BeginPaint
0x4242e0 GetDC
0x4242e4 GetKeyboardState
0x4242e8 InflateRect
0x4242ec OffsetRect
0x4242f0 GetWindowTextA
Library GDI32.dll:
0x424030 EnumFontFamiliesA
0x424034 MoveToEx
0x424038 BitBlt
0x42403c LineTo
0x424040 SetTextColor
0x424044 CreateFontIndirectA
0x424048 SetBrushOrgEx
0x42404c SetBkColor
0x424050 CreateDCA
0x424054 DeleteObject
0x424058 SelectObject
0x42405c CreateCompatibleDC
0x424060 StartDocA
0x424064 Ellipse
0x424068 SetStretchBltMode
0x42406c GetObjectA
0x424070 CreatePen
0x424074 GetTextMetricsA
0x424078 SetTextAlign
0x42407c GetStockObject
0x424080 CreateSolidBrush
Library WINSPOOL.DRV:
0x424314 OpenPrinterA
0x424318 GetPrinterA
Library SHELL32.dll:
0x424224 SHGetFolderPathA
0x424228 DragQueryFileA
Library ole32.dll:
0x424338 CoInitialize
0x42433c CoUninitialize
0x424340 CoCreateInstance
0x424344 ReleaseStgMedium
Library OLEAUT32.dll:
Library ODBC32.dll:
0x4241f4
Library WS2_32.dll:
0x424320 WSAStringToAddressA
0x424324 WSAIoctl
0x424328 closesocket
0x42432c WSAStartup
0x424330 socket
Library AVIFIL32.dll:
0x424008 AVIStreamStart
0x424010 AVIStreamLength
Library AVICAP32.dll:
Library MSACM32.dll:
0x4241ec acmDriverOpen
Library WINMM.dll:
0x424304 waveOutMessage
0x424308 mixerGetDevCapsW
0x42430c mixerGetID
Library CRYPT32.dll:
0x424024 CertGetNameStringA
Library IPHLPAPI.DLL:
0x424088 GetAdaptersInfo
Library SHLWAPI.dll:
0x424230 PathIsDirectoryA
0x424234 PathFindExtensionA
0x424238 PathMatchSpecA
0x42423c StrChrA
0x424240 PathFindFileNameA
0x424244
Library COMCTL32.dll:
0x424018 ImageList_Create
0x42401c
Library RPCRT4.dll:
0x424204 UuidIsNil
0x42420c UuidHash
Library SETUPAPI.dll:
Library UxTheme.dll:
0x4242f8 OpenThemeData

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702
192.168.56.101 65005 239.255.255.250 3702
192.168.56.101 65007 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.