5.8
高危
60 个模型检测该样本为恶意!
重新分析
更多

a7a9a6804e8a5a9d0445420f7c1d474102c3edd217fc28cf4b0be81b3522cab9

d72881781be5233e807d261741b982af.exe

分析耗时

34s

最近分析

文件大小

1.8MB
静态报毒 动态报毒 100% 2NX@AKXJFVJ A + MAL AGEN AI SCORE=82 AIDETECTVM BSCOPE CLASSIC CONFIDENCE DRIDEX ELDORADO ENCPK GENCIRC GENETIC HBR@8QRQPO HFD6WP4KP0E HHHEAO HIGH CONFIDENCE INJECT3 INVALIDSIG JAPIK KRYPTIK MALICIOUS PE MALWARE2 PINKSBOT PREDATOR QAKBOT QBOT QVM20 R330294 SCORE SHADE STATIC AI TROJANBANKER ULISE UNSAFE ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanBanker:Win32/Predator.ab37b6f8 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201229 21.1.5827.0
Kingsoft 20201229 2017.9.26.565
McAfee W32/PinkSbot-GN!D72881781BE5 20201229 6.0.6.653
Tencent Malware.Win32.Gencirc.10b999c5 20201229 1.0.0.1
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619948411.946253
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619948420.680253
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619953673.115498
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Command line console output was observed (28 个事件)
Time & API Arguments Status Return Repeated
1619953682.74125
WriteConsoleA
buffer: ÕýÔÚ Ping 127.0.0.1
console_handle: 0x00000007
success 1 0
1619953682.75625
WriteConsoleA
buffer: ¾ßÓÐ 32 ×Ö½ÚµÄÊý¾Ý:
console_handle: 0x00000007
success 1 0
1619953682.77225
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619953682.77225
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619953682.77225
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619953682.77225
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619953683.77225
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619953683.77225
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619953683.77225
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619953683.77225
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619953684.78825
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619953684.78825
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619953684.78825
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619953684.78825
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619953685.78825
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619953685.78825
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619953685.78825
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619953685.78825
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619953686.78825
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619953686.78825
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619953686.78825
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619953686.80325
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619953687.80325
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619953687.80325
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619953687.80325
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619953687.80325
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619953687.81925
WriteConsoleA
buffer: 127.0.0.1 µÄ Ping ͳ¼ÆÐÅÏ¢: Êý¾Ý°ü: ÒÑ·¢ËÍ = 6£¬ÒѽÓÊÕ = 6£¬¶ªÊ§ = 0 (0% ¶ªÊ§)£¬
console_handle: 0x00000007
success 1 0
1619953687.81925
WriteConsoleA
buffer: Íù·µÐг̵ĹÀ¼Æʱ¼ä(ÒÔºÁÃëΪµ¥Î»): ×î¶Ì = 0ms£¬× = 0ms£¬Æ½¾ù = 0ms
console_handle: 0x00000007
success 1 0
This executable is signed
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619953682.69425
GlobalMemoryStatusEx
success 1 0
One or more processes crashed (4 个事件)
Time & API Arguments Status Return Repeated
1619948420.680253
__exception__
stacktrace: 
RtlConvertSidToUnicodeString+0x28 RtlFormatCurrentUserKeyPath-0x257 ntdll+0x3aeea @ 0x77d6aeea
ConvertSidToStringSidW+0x24 CopySid-0xe6 advapi32+0x14368 @ 0x76554368
d72881781be5233e807d261741b982af+0xa5b6 @ 0x40a5b6
d72881781be5233e807d261741b982af+0x8854 @ 0x408854
d72881781be5233e807d261741b982af+0x844f @ 0x40844f
d72881781be5233e807d261741b982af+0x8eca @ 0x408eca
d72881781be5233e807d261741b982af+0x17cf @ 0x4017cf
d72881781be5233e807d261741b982af+0x1c69 @ 0x401c69
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1632744
registers.edi: 0
registers.eax: 2832802809
registers.ebp: 1632784
registers.edx: 2
registers.ebx: 1
registers.esi: 2832802809
registers.ecx: 2832802809
exception.instruction_r: 8a 08 80 e1 0f 80 f9 01 75 24 8a 48 01 80 f9 0f
exception.symbol: RtlValidSid+0x17 RtlCopySid-0x3e ntdll+0x392a9
exception.instruction: mov cl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 234153
exception.address: 0x77d692a9
success 0 0
1619948420.711253
__exception__
stacktrace: 
EqualSid+0x19 EqualPrefixSid-0xc kernelbase+0x1bfe3 @ 0x778fbfe3
d72881781be5233e807d261741b982af+0x84c6 @ 0x4084c6
d72881781be5233e807d261741b982af+0xa27d @ 0x40a27d
d72881781be5233e807d261741b982af+0xa2b8 @ 0x40a2b8
d72881781be5233e807d261741b982af+0x8f67 @ 0x408f67
d72881781be5233e807d261741b982af+0x17cf @ 0x4017cf
d72881781be5233e807d261741b982af+0x1c69 @ 0x401c69
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634132
registers.edi: 2832802809
registers.eax: 1281
registers.ebp: 1634140
registers.edx: 0
registers.ebx: 39188744
registers.esi: 39188744
registers.ecx: 2130563072
exception.instruction_r: 66 3b 07 0f 85 e1 ef ff ff 0f b6 4e 01 33 c0 8d
exception.symbol: RtlEqualSid+0x10 RtlSetCriticalSectionSpinCount-0x26 ntdll+0x394c1
exception.instruction: cmp ax, word ptr [edi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 234689
exception.address: 0x77d694c1
success 0 0
1619953673.818498
__exception__
stacktrace: 
d72881781be5233e807d261741b982af+0x3dad @ 0x403dad
d72881781be5233e807d261741b982af+0x1b26 @ 0x401b26
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 2630952
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: d72881781be5233e807d261741b982af+0x33cf
exception.instruction: in eax, dx
exception.module: d72881781be5233e807d261741b982af.exe
exception.exception_code: 0xc0000096
exception.offset: 13263
exception.address: 0x4033cf
success 0 0
1619953673.818498
__exception__
stacktrace: 
d72881781be5233e807d261741b982af+0x3db6 @ 0x403db6
d72881781be5233e807d261741b982af+0x1b26 @ 0x401b26
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637628
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 2630952
registers.ecx: 20
exception.instruction_r: ed 89 45 e4 5a 59 5b 58 83 4d fc ff eb 11 33 c0
exception.symbol: d72881781be5233e807d261741b982af+0x3468
exception.instruction: in eax, dx
exception.module: d72881781be5233e807d261741b982af.exe
exception.exception_code: 0xc0000096
exception.offset: 13416
exception.address: 0x403468
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1619948411.774253
NtAllocateVirtualMemory
process_identifier: 2288
region_size: 233472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003b0000
success 0 0
1619948411.789253
NtAllocateVirtualMemory
process_identifier: 2288
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x005e0000
success 0 0
1619948411.789253
NtProtectVirtualMemory
process_identifier: 2288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 245760
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619953673.037498
NtAllocateVirtualMemory
process_identifier: 2616
region_size: 233472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00680000
success 0 0
1619953673.037498
NtAllocateVirtualMemory
process_identifier: 2616
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x006c0000
success 0 0
1619953673.037498
NtProtectVirtualMemory
process_identifier: 2616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 245760
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d72881781be5233e807d261741b982af.exe
Creates a suspicious process (2 个事件)
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d72881781be5233e807d261741b982af.exe"
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d72881781be5233e807d261741b982af.exe"
A process created a hidden window (2 个事件)
Time & API Arguments Status Return Repeated
1619948412.711253
CreateProcessInternalW
thread_identifier: 2732
thread_handle: 0x00000144
process_identifier: 2616
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d72881781be5233e807d261741b982af.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000148
inherit_handles: 0
success 1 0
1619948421.649253
ShellExecuteExW
parameters: /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d72881781be5233e807d261741b982af.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (2 个事件)
Uses Windows utilities for basic Windows functionality (3 个事件)
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d72881781be5233e807d261741b982af.exe"
cmdline ping.exe -n 6 127.0.0.1
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d72881781be5233e807d261741b982af.exe"
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Detects VMWare through the in instruction feature (1 个事件)
Time & API Arguments Status Return Repeated
1619953673.818498
__exception__
stacktrace: 
d72881781be5233e807d261741b982af+0x3dad @ 0x403dad
d72881781be5233e807d261741b982af+0x1b26 @ 0x401b26
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 2630952
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: d72881781be5233e807d261741b982af+0x33cf
exception.instruction: in eax, dx
exception.module: d72881781be5233e807d261741b982af.exe
exception.exception_code: 0xc0000096
exception.offset: 13263
exception.address: 0x4033cf
success 0 0
File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Heur.Japik.6
FireEye Generic.mg.d72881781be5233e
CAT-QuickHeal Trojan.Qbot
ALYac Gen:Heur.Japik.6
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 0056422d1 )
Alibaba TrojanBanker:Win32/Predator.ab37b6f8
K7GW Trojan ( 005637181 )
CrowdStrike win/malicious_confidence_100% (D)
Arcabit Trojan.Japik.6
BitDefenderTheta Gen:NN.ZexaF.34700.2nX@aKxJfVj
Cyren W32/S-f4182a58!Eldorado
Symantec Packed.Generic.459
APEX Malicious
Avast Win32:Trojan-gen
ClamAV Win.Dropper.Qakbot-7641289-0
Kaspersky HEUR:Trojan-Banker.Win32.Qbot.pef
BitDefender Gen:Heur.Japik.6
NANO-Antivirus Trojan.Win32.Inject3.hhheao
Paloalto generic.ml
Rising Trojan.Kryptik!1.C427 (CLASSIC)
Ad-Aware Gen:Heur.Japik.6
Sophos ML/PE-A + Mal/EncPk-APV
Comodo TrojWare.Win32.Kryptik.HBR@8qrqpo
F-Secure Heuristic.HEUR/AGEN.1133919
DrWeb Trojan.Inject3.36726
VIPRE Trojan.Win32.Generic!BT
TrendMicro Backdoor.Win32.QAKBOT.SME
McAfee-GW-Edition W32/PinkSbot-GN!D72881781BE5
Emsisoft Gen:Heur.Japik.6 (B)
SentinelOne Static AI - Malicious PE
Jiangmin Trojan.Banker.Qbot.lz
eGambit PE.Heur.InvalidSig
Avira HEUR/AGEN.1133919
MAX malware (ai score=82)
Antiy-AVL Trojan/Win32.Kryptik
Gridinsoft Trojan.Win32.Kryptik.ba!s3
Microsoft Trojan:Win32/Qakbot.CK!MTB
AegisLab Trojan.Win32.Ulise.4!c
ZoneAlarm HEUR:Trojan-Banker.Win32.Qbot.pef
GData Gen:Heur.Japik.6
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Kryptik.R330294
Acronis suspicious
McAfee W32/PinkSbot-GN!D72881781BE5
VBA32 BScope.TrojanRansom.Shade
Malwarebytes Backdoor.Qbot
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2002-01-22 16:31:44

Imports

Library KERNEL32.dll:
0x5d7bb0 VirtualAlloc
0x5d7bb4 GetModuleHandleW
0x5d7bb8 SetErrorMode
0x5d7bc0 FreeLibrary
0x5d7bc4 GetModuleFileNameW
0x5d7bc8 GetProcAddress
0x5d7bcc LoadLibraryW
0x5d7bd0 GetCommandLineA
0x5d7bd4 IsDebuggerPresent
0x5d7bdc GetLastError
0x5d7be0 SetLastError
0x5d7be4 GetCurrentThreadId
0x5d7be8 EncodePointer
0x5d7bec DecodePointer
0x5d7bf0 ExitProcess
0x5d7bf4 GetModuleHandleExW
0x5d7bf8 MultiByteToWideChar
0x5d7bfc WideCharToMultiByte
0x5d7c00 GetProcessHeap
0x5d7c04 GetStdHandle
0x5d7c08 GetFileType
0x5d7c10 GetStartupInfoW
0x5d7c14 GetModuleFileNameA
0x5d7c18 WriteFile
0x5d7c20 GetCurrentProcessId
0x5d7c3c Sleep
0x5d7c40 GetCurrentProcess
0x5d7c44 TerminateProcess
0x5d7c48 TlsGetValue
0x5d7c4c TlsSetValue
0x5d7c50 TlsFree
0x5d7c5c HeapFree
0x5d7c60 IsValidCodePage
0x5d7c64 GetACP
0x5d7c68 GetOEMCP
0x5d7c6c GetCPInfo
0x5d7c70 LoadLibraryExW
0x5d7c74 RtlUnwind
0x5d7c78 OutputDebugStringW
0x5d7c7c HeapAlloc
0x5d7c80 HeapReAlloc
0x5d7c84 GetStringTypeW
0x5d7c88 HeapSize
0x5d7c8c LCMapStringW
0x5d7c90 FlushFileBuffers
0x5d7c94 GetConsoleCP
0x5d7c98 GetConsoleMode
0x5d7c9c SetStdHandle
0x5d7ca0 SetFilePointerEx
0x5d7ca4 WriteConsoleW
0x5d7ca8 CloseHandle
0x5d7cac CreateFileW
0x5d7cb0 TlsAlloc
0x5d7cb8 SetLocaleInfoA
0x5d7cbc SetFileTime
0x5d7cc0 CompareFileTime
0x5d7cc4 SearchPathW
0x5d7cc8 GetShortPathNameW
0x5d7ccc GetFullPathNameW
0x5d7cd0 MoveFileW
0x5d7cd8 GetFileAttributesW
0x5d7cdc CreateDirectoryW
0x5d7ce0 SetFileAttributesW
0x5d7ce4 GetTickCount
0x5d7ce8 GetFileSize
0x5d7cec CopyFileW
0x5d7cf4 GetTempPathW
0x5d7cf8 GetCommandLineW
0x5d7cfc lstrcpynA
0x5d7d00 lstrcpynW
0x5d7d04 GetDiskFreeSpaceW
0x5d7d08 GlobalUnlock
0x5d7d0c GlobalLock
0x5d7d10 CreateThread
0x5d7d14 CreateProcessW
0x5d7d18 lstrcmpiA
0x5d7d1c GetTempFileNameW
0x5d7d20 lstrcatW
0x5d7d24 LoadLibraryA
0x5d7d28 GetModuleHandleA
0x5d7d2c OpenProcess
0x5d7d30 lstrcpyW
0x5d7d34 GetVersionExW
0x5d7d38 GetSystemDirectoryW
0x5d7d3c GetVersion
0x5d7d40 lstrcpyA
0x5d7d44 RemoveDirectoryW
0x5d7d48 lstrcmpA
0x5d7d4c lstrcmpiW
0x5d7d50 lstrcmpW
0x5d7d58 GlobalAlloc
0x5d7d5c WaitForSingleObject
0x5d7d60 GetExitCodeProcess
0x5d7d64 GlobalFree
0x5d7d70 lstrlenA
0x5d7d74 MulDiv
0x5d7d78 ReadFile
0x5d7d7c SetFilePointer
0x5d7d80 FindClose
0x5d7d84 FindNextFileW
0x5d7d88 FindFirstFileW
0x5d7d8c DeleteFileW
0x5d7d90 lstrlenW
Library USER32.dll:
0x5d7d98 LoadIconW
0x5d7d9c MessageBoxW
0x5d7da0 wsprintfW
0x5d7da4 SetClassWord
0x5d7da8 EnableScrollBar
0x5d7dac LoadCursorA
0x5d7db0 DrawTextA
0x5d7db4 ToUnicode
0x5d7db8 SendDlgItemMessageW
0x5d7dbc GetMessageTime
0x5d7dc0 SetWinEventHook
0x5d7dc4 GetAsyncKeyState
0x5d7dc8 IsDlgButtonChecked
0x5d7dcc ScreenToClient
0x5d7dd0 GetMessagePos
0x5d7dd4 CallWindowProcW
0x5d7dd8 IsWindowVisible
0x5d7ddc LoadBitmapW
0x5d7de0 CloseClipboard
0x5d7de4 SetClipboardData
0x5d7de8 EmptyClipboard
0x5d7dec OpenClipboard
0x5d7df0 TrackPopupMenu
0x5d7df4 GetWindowRect
0x5d7df8 AppendMenuW
0x5d7dfc CreatePopupMenu
0x5d7e00 GetSystemMetrics
0x5d7e04 EndDialog
0x5d7e08 EnableMenuItem
0x5d7e0c GetSystemMenu
0x5d7e10 SetClassLongW
0x5d7e14 IsWindowEnabled
0x5d7e18 SetWindowPos
0x5d7e1c DialogBoxParamW
0x5d7e20 CheckDlgButton
0x5d7e24 CreateWindowExW
0x5d7e2c RegisterClassW
0x5d7e30 SetDlgItemTextW
0x5d7e34 GetDlgItemTextW
0x5d7e38 MessageBoxIndirectW
0x5d7e3c CharNextA
0x5d7e40 CharUpperW
0x5d7e44 CharPrevW
0x5d7e48 wvsprintfW
0x5d7e4c DispatchMessageW
0x5d7e50 PeekMessageW
0x5d7e54 wsprintfA
0x5d7e58 DestroyWindow
0x5d7e5c CreateDialogParamW
0x5d7e60 SetTimer
0x5d7e64 SetWindowTextW
0x5d7e68 PostQuitMessage
0x5d7e6c SetForegroundWindow
0x5d7e70 ShowWindow
0x5d7e74 SendMessageTimeoutW
0x5d7e78 LoadCursorW
0x5d7e7c SetCursor
0x5d7e80 GetWindowLongW
0x5d7e84 GetSysColor
0x5d7e88 CharNextW
0x5d7e8c GetClassInfoW
0x5d7e90 ExitWindowsEx
0x5d7e94 IsWindow
0x5d7e98 GetDlgItem
0x5d7e9c SetWindowLongW
0x5d7ea0 LoadImageW
0x5d7ea4 GetDC
0x5d7ea8 EnableWindow
0x5d7eac InvalidateRect
0x5d7eb0 SendMessageW
0x5d7eb4 DefWindowProcW
0x5d7eb8 BeginPaint
0x5d7ebc GetClientRect
0x5d7ec0 FillRect
0x5d7ec4 DrawTextW
0x5d7ec8 EndPaint
0x5d7ecc FindWindowExW
Library GDI32.dll:
0x5d7ed4 GetStockObject
0x5d7ed8 GetStringBitmapA
0x5d7edc SetBoundsRect
0x5d7ee0 FONTOBJ_vGetInfo
0x5d7ee4 GetETM
0x5d7ee8 FONTOBJ_pfdg
0x5d7eec GdiEntry4
0x5d7ef0 FONTOBJ_pifi
0x5d7ef4 SetMetaFileBitsEx
0x5d7ef8 AnimatePalette
0x5d7efc ResetDCA
0x5d7f00 CLIPOBJ_cEnumStart
0x5d7f04 SetBkColor
0x5d7f08 GdiConvertRegion
0x5d7f0c GetDeviceCaps
0x5d7f10 DeleteObject
0x5d7f14 CreateBrushIndirect
0x5d7f18 CreateFontIndirectW
0x5d7f1c SetBkMode
0x5d7f20 SetTextColor
0x5d7f24 SelectObject
Library ADVAPI32.dll:
0x5d7f2c RegOpenKeyA
0x5d7f30 RegQueryValueExA
0x5d7f34 RegOpenKeyExW
0x5d7f38 RegQueryValueExW
0x5d7f3c RegEnumKeyW
0x5d7f40 RegCloseKey
0x5d7f44 RegDeleteKeyW
0x5d7f48 RegDeleteValueW
0x5d7f4c RegCreateKeyExW
0x5d7f50 RegSetValueExW
0x5d7f54 RegEnumValueW
Library SHELL32.dll:
0x5d7f5c SHGetFolderPathW
0x5d7f60 SHGetDiskFreeSpaceA
0x5d7f64 Shell_NotifyIconW
0x5d7f6c ShellExecuteEx
0x5d7f70 SHFormatDrive
0x5d7f74 SHBrowseForFolderW
0x5d7f7c SHGetFileInfoW
0x5d7f80 ShellExecuteW
0x5d7f84 SHFileOperationW
Library ole32.dll:
0x5d7f90 CoTaskMemFree
0x5d7f94 OleInitialize
0x5d7f98 OleUninitialize
0x5d7f9c CoCreateInstance
Library SHLWAPI.dll:
0x5d7fa4 PathAppendW
0x5d7fa8 PathRemoveFileSpecW
0x5d7fac StrCmpNA
0x5d7fb0 StrStrIA
Library COMCTL32.dll:
0x5d7fb8 ImageList_AddMasked
0x5d7fbc ImageList_Destroy
0x5d7fc0 ImageList_Create

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.