4.4
中危
48 个模型检测该样本为恶意!
重新分析
更多

5d4b4d5adb2cd3fefd95b15725a77c4bf48e14e89a23b94733a9ec7b86e09ea2

d584d537e85791336b26dfd49b83599d.exe

分析耗时

18s

最近分析

文件大小

356.0KB
静态报毒 动态报毒 100% AI SCORE=100 AIDETECT CLOUD CONFIDENCE ELDORADO EMOTET EMOTETCRYPT EMOTETU FILECODER GCWR HFYO HIGH CONFIDENCE HTVYHL IOCP KCLOUD KRYPTIK MALWARE1 MALWARE@#H3M4MU63MZIN SCORE SUSGEN UNSAFE VCTZU WQ0@GQRM4RFI WRGE ZENPAK 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRZ!D584D537E857 20210429 6.0.6.653
Alibaba Backdoor:Win32/Emotet.eb5da7e9 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20210429 21.1.5827.0
Tencent Win32.Trojan.Zenpak.Wrge 20210429 1.0.0.1
Kingsoft Win32.Troj.Undef.(kcloud) 20210429 2017.9.26.565
CrowdStrike win/malicious_confidence_100% (W) 20210203 1.0
静态指标
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1620901753.844876
__exception__
stacktrace: 
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x778f1d2a
LoadLibraryExA+0x26 FreeLibrary-0x18 kernelbase+0x11d7a @ 0x778f1d7a
LoadLibraryA+0x31 HeapCreate-0x25 kernel32+0x14a08 @ 0x76354a08
d584d537e85791336b26dfd49b83599d+0x1189 @ 0x7f1189
d584d537e85791336b26dfd49b83599d+0x1cef @ 0x7f1cef
d584d537e85791336b26dfd49b83599d+0xe8d1 @ 0x7fe8d1
d584d537e85791336b26dfd49b83599d+0x13a4b @ 0x803a4b
0x501467
0x50105b
0x502a41
0x4d03da

registers.esp: 1633452
registers.edi: 0
registers.eax: 5749636
registers.ebp: 1633452
registers.edx: 5749734
registers.ebx: 0
registers.esi: 2010545523
registers.ecx: 1633516
exception.instruction_r: a1 ec f6 e9 7d 83 ec 0c 53 83 c8 01 56 8b 75 08
exception.symbol: LdrLoadDll+0x5 _strcmpi-0x37a ntdll+0x3c43f
exception.instruction: mov eax, dword ptr [0x7de9f6ec]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 246847
exception.address: 0x77d6c43f
success 0 0
1620901753.844876
__exception__
stacktrace: 
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x778f1d2a
LoadLibraryExA+0x26 FreeLibrary-0x18 kernelbase+0x11d7a @ 0x778f1d7a
IsValidPtrIn+0x77c CoCreateGuid-0x135 ole32+0x414a0 @ 0x767314a0
ObjectStublessClient5+0x325 PropVariantCopy-0x3e ole32+0x3b987 @ 0x7672b987
SetErrorInfo+0x75 CoRevokeInitializeSpy-0xe9c ole32+0x488e8 @ 0x767388e8
New_ole32_CoUninitialize@0+0x55 New_ole32_OleConvertOLESTREAMToIStorage@12-0x58 @ 0x75255180
0x402966

registers.esp: 1630072
registers.edi: 0
registers.eax: 5749636
registers.ebp: 1630072
registers.edx: 5749734
registers.ebx: 0
registers.esi: 2010545523
registers.ecx: 1630136
exception.instruction_r: a1 ec f6 e9 7d 83 ec 0c 53 83 c8 01 56 8b 75 08
exception.symbol: LdrLoadDll+0x5 _strcmpi-0x37a ntdll+0x3c43f
exception.instruction: mov eax, dword ptr [0x7de9f6ec]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 246847
exception.address: 0x77d6c43f
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (44 个事件)
Time & API Arguments Status Return Repeated
1620901753.406876
NtAllocateVirtualMemory
process_identifier: 2104
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00460000
success 0 0
1620901753.469876
NtAllocateVirtualMemory
process_identifier: 2104
region_size: 176128
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004d0000
success 0 0
1620901753.812876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d5f000
success 0 0
1620901753.812876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d60000
success 0 0
1620901753.812876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d6c000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d71000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d50000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d50000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d50000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d50000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d50000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d50000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d50000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d50000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d50000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d50000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d50000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d50000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d50000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d50000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d50000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d50000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d50000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d51000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d51000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d51000
success 0 0
1620901753.828876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d50000
success 0 0
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1620901753.500876
NtProtectVirtualMemory
process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 122880
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffff
base_address: 0x007f1000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.731288874776755 section {'size_of_data': '0x00032000', 'virtual_address': '0x0002b000', 'entropy': 7.731288874776755, 'name': '.rsrc', 'virtual_size': '0x00031778'} description A section with a high entropy has been found
entropy 0.5681818181818182 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Generates some ICMP traffic
File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 个事件)
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.EmotetU.Gen.wq0@gqrm4Rfi
FireEye Trojan.EmotetU.Gen.wq0@gqrm4Rfi
McAfee Emotet-FRZ!D584D537E857
Cylance Unsafe
Sangfor Trojan.Win32.EmotetCrypt.ARK
K7AntiVirus Trojan ( 005605291 )
Alibaba Backdoor:Win32/Emotet.eb5da7e9
K7GW Trojan ( 005605291 )
Cybereason malicious.7e8579
Cyren W32/Emotet.ASF.gen!Eldorado
Symantec Trojan.Emotet
ESET-NOD32 a variant of Win32/Kryptik.HFYO
APEX Malicious
Avast Win32:Malware-gen
ClamAV Win.Malware.Emotet-9739442-0
BitDefender Trojan.EmotetU.Gen.wq0@gqrm4Rfi
NANO-Antivirus Trojan.Win32.Zenpak.htvyhl
Paloalto generic.ml
Tencent Win32.Trojan.Zenpak.Wrge
Ad-Aware Trojan.EmotetU.Gen.wq0@gqrm4Rfi
TACHYON Ransom/W32.IOCP.364544
Sophos Mal/Generic-S
Comodo Malware@#h3m4mu63mzin
DrWeb Trojan.Encoder.32490
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition Emotet-FRZ!D584D537E857
Emsisoft Trojan.Emotet (A)
Ikarus Trojan-Banker.Emotet
Avira TR/AD.Emotet.vctzu
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Trojan.Win32.Emotet.oa
Microsoft Trojan:Win32/Emotet.CA!MTB
AegisLab Trojan.Win32.Zenpak.4!c
GData Trojan.EmotetU.Gen.wq0@gqrm4Rfi
Cynet Malicious (score: 99)
AhnLab-V3 Trojan/Win32.Emotet.C4194422
ALYac Trojan.Ransom.Filecoder
MAX malware (ai score=100)
VBA32 Trojan.Zenpak
Malwarebytes Trojan.MalPack.TRE
Rising Trojan.Emotet!1.CBD1 (CLOUD)
MaxSecure Trojan.Malware.73832973.susgen
Fortinet W32/Emotet.GCWR!tr
AVG Win32:Malware-gen
Panda Trj/CI.A
CrowdStrike win/malicious_confidence_100% (W)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-09-02 17:25:25

Imports

Library KERNEL32.dll:
0x41d0d4 RtlUnwind
0x41d0d8 GetDriveTypeA
0x41d0dc HeapAlloc
0x41d0e0 GetStartupInfoA
0x41d0e4 GetCommandLineA
0x41d0e8 ExitProcess
0x41d0ec RaiseException
0x41d0f0 HeapFree
0x41d0f4 TerminateProcess
0x41d0f8 HeapSize
0x41d0fc HeapReAlloc
0x41d100 GetACP
0x41d108 HeapDestroy
0x41d10c HeapCreate
0x41d110 VirtualFree
0x41d114 IsBadWritePtr
0x41d128 SetHandleCount
0x41d12c GetStdHandle
0x41d130 GetFileType
0x41d138 LCMapStringA
0x41d13c LCMapStringW
0x41d140 GetStringTypeA
0x41d144 GetStringTypeW
0x41d148 IsBadReadPtr
0x41d14c IsBadCodePtr
0x41d150 SetStdHandle
0x41d154 CompareStringA
0x41d158 CompareStringW
0x41d160 GetProfileStringA
0x41d164 GetFullPathNameA
0x41d168 FindFirstFileA
0x41d16c FindClose
0x41d170 FlushFileBuffers
0x41d174 SetFilePointer
0x41d178 WriteFile
0x41d17c GetCurrentProcess
0x41d180 SetErrorMode
0x41d184 SizeofResource
0x41d18c GetOEMCP
0x41d190 GetCPInfo
0x41d194 GetProcessVersion
0x41d198 GlobalFlags
0x41d19c TlsGetValue
0x41d1a0 LocalReAlloc
0x41d1a4 TlsSetValue
0x41d1ac GlobalReAlloc
0x41d1b4 TlsFree
0x41d1b8 GlobalHandle
0x41d1c0 TlsAlloc
0x41d1c8 GetLastError
0x41d1cc lstrcpynA
0x41d1dc GlobalFree
0x41d1e0 CloseHandle
0x41d1e4 GlobalAlloc
0x41d1e8 lstrcmpA
0x41d1ec GetCurrentThread
0x41d1f0 GetModuleFileNameA
0x41d1f4 WideCharToMultiByte
0x41d1fc GlobalLock
0x41d200 GlobalUnlock
0x41d204 MulDiv
0x41d208 SetLastError
0x41d210 FindResourceA
0x41d214 MultiByteToWideChar
0x41d218 LoadResource
0x41d21c LockResource
0x41d220 GetVersion
0x41d224 GetCurrentThreadId
0x41d228 GlobalGetAtomNameA
0x41d22c lstrcmpiA
0x41d230 GlobalAddAtomA
0x41d234 GlobalFindAtomA
0x41d238 GlobalDeleteAtom
0x41d23c GetModuleHandleA
0x41d240 VirtualAlloc
0x41d244 LoadLibraryW
0x41d248 GetProcAddress
0x41d24c lstrcatA
0x41d250 lstrlenA
0x41d254 WinExec
0x41d258 lstrcpyA
0x41d260 LoadLibraryA
0x41d264 FreeLibrary
0x41d268 LocalAlloc
0x41d26c LocalFree
Library USER32.dll:
0x41d29c UpdateWindow
0x41d2a0 PostMessageA
0x41d2a4 LoadIconA
0x41d2a8 SetDlgItemTextA
0x41d2ac IsDialogMessageA
0x41d2b0 MoveWindow
0x41d2b4 ShowWindow
0x41d2b8 IsWindowEnabled
0x41d2bc GetNextDlgTabItem
0x41d2c0 EnableMenuItem
0x41d2c4 CheckMenuItem
0x41d2c8 SetMenuItemBitmaps
0x41d2cc ModifyMenuA
0x41d2d0 GetMenuState
0x41d2d4 LoadBitmapA
0x41d2dc ClientToScreen
0x41d2e0 GetWindowDC
0x41d2e4 BeginPaint
0x41d2e8 EndPaint
0x41d2ec WindowFromPoint
0x41d2f0 GetCursorPos
0x41d2f4 PostQuitMessage
0x41d2f8 ValidateRect
0x41d2fc TranslateMessage
0x41d300 GetMessageA
0x41d308 EndDialog
0x41d30c GetClassNameA
0x41d310 GetSysColorBrush
0x41d314 DestroyMenu
0x41d318 LoadStringA
0x41d31c IsWindowVisible
0x41d320 GetTopWindow
0x41d324 MessageBoxA
0x41d328 SendDlgItemMessageA
0x41d32c wsprintfA
0x41d330 GetClassInfoA
0x41d334 RegisterClassA
0x41d338 GetMenu
0x41d33c GetMenuItemCount
0x41d340 GetSubMenu
0x41d344 GetMenuItemID
0x41d348 GetDlgItem
0x41d350 GetWindowTextA
0x41d354 GetDlgCtrlID
0x41d358 GetKeyState
0x41d35c DefWindowProcA
0x41d360 DestroyWindow
0x41d364 CreateWindowExA
0x41d368 SetWindowsHookExA
0x41d36c CallNextHookEx
0x41d370 GetClassLongA
0x41d374 SetPropA
0x41d378 UnhookWindowsHookEx
0x41d37c GetPropA
0x41d380 CallWindowProcA
0x41d384 RemovePropA
0x41d388 GetMessageTime
0x41d38c GetMessagePos
0x41d390 GetLastActivePopup
0x41d394 GetForegroundWindow
0x41d398 SetForegroundWindow
0x41d39c GetWindow
0x41d3a0 SetWindowPos
0x41d3a8 IntersectRect
0x41d3b0 IsIconic
0x41d3b4 GetWindowPlacement
0x41d3b8 FindWindowA
0x41d3bc LoadCursorA
0x41d3c0 CopyIcon
0x41d3c4 GetWindowRect
0x41d3c8 GetDC
0x41d3cc ReleaseDC
0x41d3d0 IsWindow
0x41d3d4 SetWindowLongA
0x41d3d8 SetCursor
0x41d3dc RedrawWindow
0x41d3e0 MessageBeep
0x41d3e4 GetSystemMetrics
0x41d3e8 SetWindowTextA
0x41d3ec EnableWindow
0x41d3f0 GrayStringA
0x41d3f4 DrawTextA
0x41d3f8 TabbedTextOutA
0x41d3fc GetWindowLongA
0x41d400 CopyRect
0x41d404 FrameRect
0x41d408 InflateRect
0x41d40c LoadImageA
0x41d410 InvalidateRect
0x41d414 UnregisterClassA
0x41d418 HideCaret
0x41d41c ShowCaret
0x41d420 ExcludeUpdateRgn
0x41d424 DefDlgProcA
0x41d428 CharNextA
0x41d42c FillRect
0x41d430 GetSysColor
0x41d434 DrawFocusRect
0x41d438 OffsetRect
0x41d43c SendMessageA
0x41d440 DrawStateA
0x41d444 GetActiveWindow
0x41d448 GetParent
0x41d44c GetCapture
0x41d450 SetCapture
0x41d454 MapWindowPoints
0x41d458 PeekMessageA
0x41d45c DispatchMessageA
0x41d460 GetFocus
0x41d464 SetActiveWindow
0x41d468 SetFocus
0x41d46c AdjustWindowRectEx
0x41d470 ScreenToClient
0x41d474 WinHelpA
0x41d478 GetClientRect
0x41d47c PtInRect
0x41d480 IsWindowUnicode
0x41d484 ReleaseCapture
Library GDI32.dll:
0x41d02c GetObjectA
0x41d030 GetClipBox
0x41d034 SetTextColor
0x41d038 SetBkColor
0x41d03c CreateBitmap
0x41d040 DeleteDC
0x41d044 SaveDC
0x41d048 RestoreDC
0x41d04c SetBkMode
0x41d050 SetMapMode
0x41d054 SetViewportOrgEx
0x41d058 OffsetViewportOrgEx
0x41d05c SetViewportExtEx
0x41d060 ScaleViewportExtEx
0x41d064 SetWindowOrgEx
0x41d068 SetWindowExtEx
0x41d06c ScaleWindowExtEx
0x41d070 IntersectClipRect
0x41d074 MoveToEx
0x41d078 LineTo
0x41d07c CreateFontIndirectA
0x41d080 DeleteObject
0x41d084 GetDeviceCaps
0x41d088 CreatePen
0x41d08c CreateSolidBrush
0x41d090 GetStockObject
0x41d098 Escape
0x41d09c ExtTextOutA
0x41d0a0 TextOutA
0x41d0a4 RectVisible
0x41d0a8 PtVisible
0x41d0b0 CreateCompatibleDC
0x41d0b4 SelectObject
0x41d0b8 CreateDIBitmap
0x41d0bc PatBlt
0x41d0c0 GetTextExtentPointA
0x41d0c4 BitBlt
Library comdlg32.dll:
0x41d49c GetOpenFileNameA
0x41d4a0 GetSaveFileNameA
Library WINSPOOL.DRV:
0x41d48c ClosePrinter
0x41d490 DocumentPropertiesA
0x41d494 OpenPrinterA
Library ADVAPI32.dll:
0x41d000 RegSetValueExA
0x41d004 RegDeleteKeyA
0x41d008 RegDeleteValueA
0x41d00c RegCloseKey
0x41d010 RegQueryValueExA
0x41d014 RegCreateKeyExA
0x41d018 RegOpenKeyExA
0x41d01c RegQueryValueA
Library SHELL32.dll:
0x41d278 DragAcceptFiles
0x41d27c ShellExecuteA
0x41d280 DragQueryFileA
0x41d284 DragFinish
0x41d288 SHGetMalloc
0x41d28c SHGetDesktopFolder
0x41d290 SHBrowseForFolderA
Library COMCTL32.dll:
0x41d024
Library ole32.dll:
0x41d4a8 OleUninitialize
0x41d4ac CoCreateInstance
0x41d4b0 OleInitialize

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50003 239.255.255.250 3702
192.168.56.101 50005 239.255.255.250 3702
192.168.56.101 50539 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.