10.2
0-day
56 个模型检测该样本为恶意!
重新分析
更多

b22bc9fc0b776a0bf7cff49eac730154e39eca0130e235f502bb295b1487bd3c

d5b77b1315a08d485a801960cc2a48c4.exe

分析耗时

74s

最近分析

文件大小

634.0KB
静态报毒 动态报毒 100% A3F9GRUYLGG AAUZ AI SCORE=81 AIDETECTVM ALI2000015 ANDROM AUNJ AUTO CLASSIC CONFIDENCE DELF DELFINJECT DELPHILESS EESQ ELHU ENWL FAREIT HHZHEJ HIGH CONFIDENCE INJECT3 LOKI LOKIBOT MALICIOUS PE MALWARE1 NGW@AIF2TDGI PUTTY R + MAL SCORE SMDF STATIC AI TSCOPE UNSAFE WACATAC X2059 ZELPHIF ZSUK 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FRQ!D5B77B1315A0 20201229 6.0.6.653
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201229 21.1.5827.0
Tencent Win32.Backdoor.Fareit.Auto 20201229 1.0.0.1
Kingsoft 20201229 2017.9.26.565
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619937609.02
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619937614.645
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619937619.895
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Tries to locate where the browsers are installed (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619937607.442
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619910853.257633
__exception__
stacktrace: 
d5b77b1315a08d485a801960cc2a48c4+0x6bb16 @ 0x46bb16
d5b77b1315a08d485a801960cc2a48c4+0x3dbb @ 0x403dbb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637912
registers.edi: 4635464
registers.eax: 0
registers.ebp: 1638204
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 71
registers.ecx: 3735093248
exception.instruction_r: f7 f0 90 90 90 90 90 33 c0 5a 59 59 64 89 10 eb
exception.symbol: d5b77b1315a08d485a801960cc2a48c4+0x6b8fb
exception.instruction: div eax
exception.module: d5b77b1315a08d485a801960cc2a48c4.exe
exception.exception_code: 0xc0000094
exception.offset: 440571
exception.address: 0x46b8fb
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619910852.491633
NtAllocateVirtualMemory
process_identifier: 1436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e0000
success 0 0
1619910853.413633
NtAllocateVirtualMemory
process_identifier: 1436
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004c0000
success 0 0
1619910853.429633
NtAllocateVirtualMemory
process_identifier: 1436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x007d0000
success 0 0
Steals private information from local Internet browsers (19 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\LocalMapleStudio\ChromePlus\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\LocalMapleStudio\ChromePlus\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Nichrome\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Nichrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\RockMelt\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\RockMelt\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Data
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\SeaMonkey
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1619937619.864
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d5b77b1315a08d485a801960cc2a48c4.exe
newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\6ED2B0\0019EA.exe
newfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Roaming\6ED2B0\0019EA.exe
flags: 1
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d5b77b1315a08d485a801960cc2a48c4.exe
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.632546081936095 section {'size_of_data': '0x0001e000', 'virtual_address': '0x00085000', 'entropy': 7.632546081936095, 'name': '.rsrc', 'virtual_size': '0x0001df48'} description A section with a high entropy has been found
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1619937614.567
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Harvests credentials from local FTP client softwares (22 个事件)
file C:\Program Files (x86)\FTPGetter\Profile\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FTPGetter\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Estsoft\ALFTP\ESTdb2.dat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\wcx_ftp.ini
file C:\Windows\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\GHISLER\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\wcx_ftp.ini
file C:\Windows\32BitFtp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\sitemanager.xml
file C:\Program Files (x86)\FileZilla\Filezilla.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\filezilla.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\recentservers.xml
registry HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
registry HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
registry HKEY_CURRENT_USER\Software\Ghisler\Total Commander
registry HKEY_CURRENT_USER\Software\VanDyke\SecureFX
registry HKEY_CURRENT_USER\Software\LinasFTP\Site Manager
registry HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings
registry HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions
registry HKEY_LOCAL_MACHINE\Software\SimonTatham\PuTTY\Sessions
registry HKEY_CURRENT_USER\Software\Martin Prikryl
registry HKEY_LOCAL_MACHINE\Software\Martin Prikryl
Harvests information related to installed instant messenger clients (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\.purple\accounts.xml
Harvests credentials from local email clients (3 个事件)
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird
registry HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 1436 called NtSetContextThread to modify thread in remote process 2900
Time & API Arguments Status Return Repeated
1619910853.726633
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4274654
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2900
success 0 0
Putty Files, Registry Keys and/or Mutexes Detected
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 1436 resumed a thread in remote process 2900
Time & API Arguments Status Return Repeated
1619910854.069633
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 2900
success 0 0
Executed a process and injected code into it, probably while unpacking (7 个事件)
Time & API Arguments Status Return Repeated
1619910853.679633
CreateProcessInternalW
thread_identifier: 2128
thread_handle: 0x00000100
process_identifier: 2900
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d5b77b1315a08d485a801960cc2a48c4.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000104
inherit_handles: 0
success 1 0
1619910853.679633
NtUnmapViewOfSection
process_identifier: 2900
region_size: 4096
process_handle: 0x00000104
base_address: 0x00400000
success 0 0
1619910853.694633
NtMapViewOfSection
section_handle: 0x0000010c
process_identifier: 2900
commit_size: 663552
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000104
allocation_type: 0 ()
section_offset: 0
view_size: 663552
base_address: 0x00400000
success 0 0
1619910853.726633
NtGetContextThread
thread_handle: 0x00000100
success 0 0
1619910853.726633
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4274654
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2900
success 0 0
1619910854.069633
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 2900
success 0 0
1619937607.957
NtResumeThread
thread_handle: 0x00000110
suspend_count: 1
process_identifier: 2900
success 0 0
File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Agent.ENWL
FireEye Generic.mg.d5b77b1315a08d48
McAfee Fareit-FRQ!D5B77B1315A0
Cylance Unsafe
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Riskware ( 0040eff71 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Agent.ENWL
Cyren W32/Delf.ZSUK-9376
Symantec Trojan Horse
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Backdoor.Win32.Androm.gen
BitDefender Trojan.Agent.ENWL
NANO-Antivirus Trojan.Win32.Androm.hhzhej
Avast Win32:Trojan-gen
Tencent Win32.Backdoor.Fareit.Auto
Ad-Aware Trojan.Agent.ENWL
Emsisoft Trojan.Agent.ENWL (B)
F-Secure Trojan.TR/AD.LokiBot.aauz
DrWeb Trojan.Inject3.37110
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.LOKI.SMDF.hp
McAfee-GW-Edition BehavesLike.Win32.Fareit.jh
Sophos Mal/Generic-R + Mal/Fareit-V
SentinelOne Static AI - Malicious PE
Jiangmin Backdoor.Androm.aunj
Avira TR/AD.LokiBot.aauz
Antiy-AVL Trojan/Win32.Wacatac
Gridinsoft Trojan.Win32.Agent.ba!s1
Microsoft TrojanSpy:Win32/Lokibot!MTB
AegisLab Trojan.Win32.Androm.m!c
ZoneAlarm HEUR:Backdoor.Win32.Androm.gen
GData Trojan.Agent.ENWL
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2059
BitDefenderTheta Gen:NN.ZelphiF.34700.NGW@aif2tdgi
ALYac Backdoor.Androm.gen
MAX malware (ai score=81)
VBA32 TScope.Trojan.Delf
Malwarebytes Trojan.MalPack.DLF
Zoner Trojan.Win32.90401
ESET-NOD32 a variant of Win32/Injector.ELHU
TrendMicro-HouseCall TrojanSpy.Win32.LOKI.SMDF.hp
Rising Trojan.Injector!1.AFE3 (CLASSIC)
Yandex Trojan.Injector!a3f9gRuyLGg
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-03 05:31:42

Imports

Library kernel32.dll:
0x47818c VirtualFree
0x478190 VirtualAlloc
0x478194 LocalFree
0x478198 LocalAlloc
0x47819c GetVersion
0x4781a0 GetCurrentThreadId
0x4781ac VirtualQuery
0x4781b0 WideCharToMultiByte
0x4781b4 MultiByteToWideChar
0x4781b8 lstrlenA
0x4781bc lstrcpynA
0x4781c0 LoadLibraryExA
0x4781c4 GetThreadLocale
0x4781c8 GetStartupInfoA
0x4781cc GetProcAddress
0x4781d0 GetModuleHandleA
0x4781d4 GetModuleFileNameA
0x4781d8 GetLocaleInfoA
0x4781dc GetCommandLineA
0x4781e0 FreeLibrary
0x4781e4 FindFirstFileA
0x4781e8 FindClose
0x4781ec ExitProcess
0x4781f0 WriteFile
0x4781f8 RtlUnwind
0x4781fc RaiseException
0x478200 GetStdHandle
Library user32.dll:
0x478208 GetKeyboardType
0x47820c LoadStringA
0x478210 MessageBoxA
0x478214 CharNextA
Library advapi32.dll:
0x47821c RegQueryValueExA
0x478220 RegOpenKeyExA
0x478224 RegCloseKey
Library oleaut32.dll:
0x47822c SysFreeString
0x478230 SysReAllocStringLen
0x478234 SysAllocStringLen
Library kernel32.dll:
0x47823c TlsSetValue
0x478240 TlsGetValue
0x478244 LocalAlloc
0x478248 GetModuleHandleA
Library advapi32.dll:
0x478250 RegQueryValueExA
0x478254 RegOpenKeyExA
0x478258 RegCloseKey
Library kernel32.dll:
0x478260 lstrcpyA
0x478264 WriteFile
0x478268 WinExec
0x47826c WaitForSingleObject
0x478270 VirtualQuery
0x478274 VirtualFree
0x478278 VirtualAllocEx
0x47827c VirtualAlloc
0x478280 Sleep
0x478284 SizeofResource
0x478288 SetThreadLocale
0x47828c SetFilePointer
0x478290 SetEvent
0x478294 SetErrorMode
0x478298 SetEndOfFile
0x47829c ResetEvent
0x4782a0 ReadFile
0x4782a4 MultiByteToWideChar
0x4782a8 MulDiv
0x4782ac LockResource
0x4782b0 LoadResource
0x4782b4 LoadLibraryA
0x4782c0 GlobalUnlock
0x4782c4 GlobalSize
0x4782c8 GlobalReAlloc
0x4782cc GlobalHandle
0x4782d0 GlobalLock
0x4782d4 GlobalFree
0x4782d8 GlobalFindAtomA
0x4782dc GlobalDeleteAtom
0x4782e0 GlobalAlloc
0x4782e4 GlobalAddAtomA
0x4782e8 GetVersionExA
0x4782ec GetVersion
0x4782f0 GetUserDefaultLCID
0x4782f4 GetTickCount
0x4782f8 GetThreadLocale
0x4782fc GetSystemInfo
0x478300 GetStringTypeExA
0x478304 GetStdHandle
0x478308 GetProcAddress
0x47830c GetModuleHandleA
0x478310 GetModuleFileNameA
0x478314 GetLocaleInfoA
0x478318 GetLocalTime
0x47831c GetLastError
0x478320 GetFullPathNameA
0x478324 GetFileAttributesA
0x478328 GetDiskFreeSpaceA
0x47832c GetDateFormatA
0x478330 GetCurrentThreadId
0x478334 GetCurrentProcessId
0x478338 GetCurrentProcess
0x47833c GetComputerNameA
0x478340 GetCPInfo
0x478344 GetACP
0x478348 FreeResource
0x47834c InterlockedExchange
0x478350 FreeLibrary
0x478354 FormatMessageA
0x478358 FindResourceA
0x47835c FindFirstFileA
0x478360 FindClose
0x47836c EnumCalendarInfoA
0x478378 CreateThread
0x47837c CreateFileA
0x478380 CreateEventA
0x478384 CompareStringA
0x478388 CloseHandle
Library version.dll:
0x478390 VerQueryValueA
0x478398 GetFileVersionInfoA
Library gdi32.dll:
0x4783a0 UnrealizeObject
0x4783a4 StretchBlt
0x4783a8 SetWindowOrgEx
0x4783ac SetWinMetaFileBits
0x4783b0 SetViewportOrgEx
0x4783b4 SetTextColor
0x4783b8 SetStretchBltMode
0x4783bc SetROP2
0x4783c0 SetPixel
0x4783c4 SetMapMode
0x4783c8 SetEnhMetaFileBits
0x4783cc SetDIBColorTable
0x4783d0 SetBrushOrgEx
0x4783d4 SetBkMode
0x4783d8 SetBkColor
0x4783dc SelectPalette
0x4783e0 SelectObject
0x4783e4 SelectClipRgn
0x4783e8 SaveDC
0x4783ec RestoreDC
0x4783f0 Rectangle
0x4783f4 RectVisible
0x4783f8 RealizePalette
0x4783fc Polyline
0x478400 PlayEnhMetaFile
0x478404 PatBlt
0x478408 MoveToEx
0x47840c MaskBlt
0x478410 LineTo
0x478414 LPtoDP
0x478418 IntersectClipRect
0x47841c GetWindowOrgEx
0x478420 GetWinMetaFileBits
0x478424 GetTextMetricsA
0x478430 GetStockObject
0x478434 GetPixel
0x478438 GetPaletteEntries
0x47843c GetObjectA
0x47844c GetEnhMetaFileBits
0x478450 GetDeviceCaps
0x478454 GetDIBits
0x478458 GetDIBColorTable
0x47845c GetDCOrgEx
0x478464 GetClipBox
0x478468 GetBrushOrgEx
0x47846c GetBitmapBits
0x478470 GdiFlush
0x478474 ExcludeClipRect
0x478478 DeleteObject
0x47847c DeleteEnhMetaFile
0x478480 DeleteDC
0x478484 CreateSolidBrush
0x478488 CreatePenIndirect
0x47848c CreatePalette
0x478494 CreateFontIndirectA
0x478498 CreateEnhMetaFileA
0x47849c CreateDIBitmap
0x4784a0 CreateDIBSection
0x4784a4 CreateCompatibleDC
0x4784ac CreateBrushIndirect
0x4784b0 CreateBitmap
0x4784b4 CopyEnhMetaFileA
0x4784b8 CloseEnhMetaFile
0x4784bc BitBlt
Library user32.dll:
0x4784c4 CreateWindowExA
0x4784c8 WindowFromPoint
0x4784cc WinHelpA
0x4784d0 WaitMessage
0x4784d4 UpdateWindow
0x4784d8 UnregisterClassA
0x4784dc UnhookWindowsHookEx
0x4784e0 TranslateMessage
0x4784e8 TrackPopupMenu
0x4784f0 ShowWindow
0x4784f4 ShowScrollBar
0x4784f8 ShowOwnedPopups
0x4784fc ShowCursor
0x478500 SetWindowsHookExA
0x478504 SetWindowPos
0x478508 SetWindowPlacement
0x47850c SetWindowLongA
0x478510 SetTimer
0x478514 SetScrollRange
0x478518 SetScrollPos
0x47851c SetScrollInfo
0x478520 SetRect
0x478524 SetPropA
0x478528 SetParent
0x47852c SetMenuItemInfoA
0x478530 SetMenu
0x478534 SetForegroundWindow
0x478538 SetFocus
0x47853c SetCursor
0x478540 SetClassLongA
0x478544 SetCapture
0x478548 SetActiveWindow
0x47854c SendMessageA
0x478550 ScrollWindow
0x478554 ScreenToClient
0x478558 RemovePropA
0x47855c RemoveMenu
0x478560 ReleaseDC
0x478564 ReleaseCapture
0x478570 RegisterClassA
0x478574 RedrawWindow
0x478578 PtInRect
0x47857c PostQuitMessage
0x478580 PostMessageA
0x478584 PeekMessageA
0x478588 OffsetRect
0x47858c OemToCharA
0x478590 MessageBoxA
0x478594 MapWindowPoints
0x478598 MapVirtualKeyA
0x47859c LoadStringA
0x4785a0 LoadKeyboardLayoutA
0x4785a4 LoadIconA
0x4785a8 LoadCursorA
0x4785ac LoadBitmapA
0x4785b0 KillTimer
0x4785b4 IsZoomed
0x4785b8 IsWindowVisible
0x4785bc IsWindowEnabled
0x4785c0 IsWindow
0x4785c4 IsRectEmpty
0x4785c8 IsIconic
0x4785cc IsDialogMessageA
0x4785d0 IsChild
0x4785d4 InvalidateRect
0x4785d8 IntersectRect
0x4785dc InsertMenuItemA
0x4785e0 InsertMenuA
0x4785e4 InflateRect
0x4785ec GetWindowTextA
0x4785f0 GetWindowRect
0x4785f4 GetWindowPlacement
0x4785f8 GetWindowLongA
0x4785fc GetWindowDC
0x478600 GetTopWindow
0x478604 GetSystemMetrics
0x478608 GetSystemMenu
0x47860c GetSysColorBrush
0x478610 GetSysColor
0x478614 GetSubMenu
0x478618 GetScrollRange
0x47861c GetScrollPos
0x478620 GetScrollInfo
0x478624 GetPropA
0x478628 GetParent
0x47862c GetWindow
0x478630 GetMessageTime
0x478634 GetMenuStringA
0x478638 GetMenuState
0x47863c GetMenuItemInfoA
0x478640 GetMenuItemID
0x478644 GetMenuItemCount
0x478648 GetMenu
0x47864c GetLastActivePopup
0x478650 GetKeyboardState
0x478658 GetKeyboardLayout
0x47865c GetKeyState
0x478660 GetKeyNameTextA
0x478664 GetIconInfo
0x478668 GetForegroundWindow
0x47866c GetFocus
0x478670 GetDlgItem
0x478674 GetDesktopWindow
0x478678 GetDCEx
0x47867c GetDC
0x478680 GetCursorPos
0x478684 GetCursor
0x478688 GetClipboardData
0x47868c GetClientRect
0x478690 GetClassNameA
0x478694 GetClassInfoA
0x478698 GetCapture
0x47869c GetActiveWindow
0x4786a0 FrameRect
0x4786a4 FindWindowA
0x4786a8 FillRect
0x4786ac EqualRect
0x4786b0 EnumWindows
0x4786b4 EnumThreadWindows
0x4786b8 EndPaint
0x4786bc EndDeferWindowPos
0x4786c0 EnableWindow
0x4786c4 EnableScrollBar
0x4786c8 EnableMenuItem
0x4786cc DrawTextA
0x4786d0 DrawMenuBar
0x4786d4 DrawIconEx
0x4786d8 DrawIcon
0x4786dc DrawFrameControl
0x4786e0 DrawFocusRect
0x4786e4 DrawEdge
0x4786e8 DispatchMessageA
0x4786ec DestroyWindow
0x4786f0 DestroyMenu
0x4786f4 DestroyIcon
0x4786f8 DestroyCursor
0x4786fc DeleteMenu
0x478700 DeferWindowPos
0x478704 DefWindowProcA
0x478708 DefMDIChildProcA
0x47870c DefFrameProcA
0x478710 CreatePopupMenu
0x478714 CreateMenu
0x478718 CreateIcon
0x47871c ClientToScreen
0x478720 CheckMenuItem
0x478724 CallWindowProcA
0x478728 CallNextHookEx
0x47872c BeginPaint
0x478730 BeginDeferWindowPos
0x478734 CharNextA
0x478738 CharLowerBuffA
0x47873c CharLowerA
0x478740 CharToOemA
0x478744 AdjustWindowRectEx
Library kernel32.dll:
0x478750 Sleep
Library oleaut32.dll:
0x478758 SafeArrayPtrOfIndex
0x47875c SafeArrayGetUBound
0x478760 SafeArrayGetLBound
0x478764 SafeArrayCreate
0x478768 VariantChangeType
0x47876c VariantCopy
0x478770 VariantClear
0x478774 VariantInit
Library ole32.dll:
0x478780 IsAccelerator
0x478784 OleDraw
0x47878c CoTaskMemFree
0x478790 ProgIDFromCLSID
0x478794 StringFromCLSID
0x478798 CoCreateInstance
0x47879c CoGetClassObject
0x4787a0 CoUninitialize
0x4787a4 CoInitialize
0x4787a8 IsEqualGUID
Library oleaut32.dll:
0x4787b0 GetErrorInfo
0x4787b4 GetActiveObject
0x4787b8 SysFreeString
Library comctl32.dll:
0x4787c8 ImageList_Write
0x4787cc ImageList_Read
0x4787dc ImageList_DragMove
0x4787e0 ImageList_DragLeave
0x4787e4 ImageList_DragEnter
0x4787e8 ImageList_EndDrag
0x4787ec ImageList_BeginDrag
0x4787f0 ImageList_Remove
0x4787f4 ImageList_DrawEx
0x4787f8 ImageList_Replace
0x4787fc ImageList_Draw
0x47880c ImageList_Add
0x478814 ImageList_Destroy
0x478818 ImageList_Create
0x47881c InitCommonControls
Library comdlg32.dll:
0x478824 GetSaveFileNameA
0x478828 GetOpenFileNameA
Library user32.dll:
0x478830 DdeCmpStringHandles
0x478834 DdeFreeStringHandle
0x478838 DdeQueryStringA
0x478840 DdeGetLastError
0x478844 DdeFreeDataHandle
0x478848 DdeUnaccessData
0x47884c DdeAccessData
0x478850 DdeCreateDataHandle
0x478858 DdeNameService
0x47885c DdePostAdvise
0x478860 DdeSetUserHandle
0x478864 DdeQueryConvInfo
0x478868 DdeDisconnect
0x47886c DdeConnect
0x478870 DdeUninitialize
0x478874 DdeInitializeA
Library winmm.dll:
0x47887c mciSendCommandA
0x478880 mciGetErrorStringA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 62912 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.