3.4
中危
58 个模型检测该样本为恶意!
重新分析
更多

802e60791fb9b14fa29453088e7f2fa1285b03c2003cd44b216ca44f39501ca6

d817f565665fdf84accb8c5a57f63962.exe

分析耗时

130s

最近分析

文件大小

1.4MB
静态报毒 动态报毒 100% AI SCORE=81 AIDETECTVM ALI1001008 ATTRIBUTE BACKDOORX BERBEW CLASSIC CONFIDENCE CRYPTED DORKBOT ELDORADO FOUFLS GENASA GENERICKDZ GENETIC HANGUP HIGH CONFIDENCE HIGHCONFIDENCE K@565W5T MALICIOUS PE MALWARE1 P1FO5HHCX5A PADODOR PROXY QUKART QUKARTGEN R + TROJ SCORE STARTER STATIC AI UNSAFE WEBBER WPSX 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee BackDoor-AXJ.gen 20201211 6.0.6.653
Alibaba Trojan:Win32/Starter.ali1001008 20190527 0.3.0.5
Avast Win32:BackdoorX-gen [Trj] 20201210 21.1.5827.0
Tencent Win32.Backdoor.Padodor.Wpsx 20201211 1.0.0.1
Baidu 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
行为判定
动态指标
Creates executable files on the filesystem (50 out of 166 个事件)
file C:\Windows\System32\Jghefg32.exe
file C:\Windows\System32\Nbfkdi32.exe
file C:\Windows\System32\Omolif32.exe
file C:\Windows\System32\Oednoj32.exe
file C:\Windows\System32\Bgmjph32.dll
file C:\Windows\System32\Dgpagc32.exe
file C:\Windows\System32\Pcddcppf.dll
file C:\Windows\System32\Cpfkldmf.dll
file C:\Windows\System32\Nfhlapcd.dll
file C:\Windows\System32\Hpikgpbk.exe
file C:\Windows\System32\Bnkhfe32.dll
file C:\Windows\System32\Ihjoak32.exe
file C:\Windows\System32\Jgqoehmh.exe
file C:\Windows\System32\Chodjink.exe
file C:\Windows\System32\Pdndke32.exe
file C:\Windows\System32\Iaoahojm.dll
file C:\Windows\System32\Famhaf32.exe
file C:\Windows\System32\Ljlknfgg.exe
file C:\Windows\System32\Emdpkddk.dll
file C:\Windows\System32\Clookqdf.exe
file C:\Windows\System32\Mmaddi32.exe
file C:\Windows\System32\Faijlp32.dll
file C:\Windows\System32\Ngmmhkln.dll
file C:\Windows\System32\Fhpajbfa.dll
file C:\Windows\System32\Cpgfne32.exe
file C:\Windows\System32\Eoemnl32.dll
file C:\Windows\System32\Hahlmnkh.dll
file C:\Windows\System32\Hpaefahc.exe
file C:\Windows\System32\Qialie32.exe
file C:\Windows\System32\Cfgdof32.dll
file C:\Windows\System32\Flhdfc32.dll
file C:\Windows\System32\Epbdqp32.dll
file C:\Windows\System32\Bfnnggac.dll
file C:\Windows\System32\Cnfcbp32.dll
file C:\Windows\System32\Bhqhik32.exe
file C:\Windows\System32\Dcfolm32.dll
file C:\Windows\System32\Jlbmag32.dll
file C:\Windows\System32\Fqannd32.dll
file C:\Windows\System32\Khanihah.exe
file C:\Windows\System32\Ejakmn32.dll
file C:\Windows\System32\Pdmpbbkb.dll
file C:\Windows\System32\Qbiihdaq.exe
file C:\Windows\System32\Kgnhcp32.dll
file C:\Windows\System32\Lfhckp32.dll
file C:\Windows\System32\Gibldaap.exe
file C:\Windows\System32\Eblkek32.exe
file C:\Windows\System32\Pijfif32.exe
file C:\Windows\System32\Boajdi32.dll
file C:\Windows\System32\Lldpjeci.exe
file C:\Windows\System32\Nmfpmn32.exe
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.221777878873987 section {'size_of_data': '0x0000b7d0', 'virtual_address': '0x00001000', 'entropy': 7.221777878873987, 'name': '.text', 'virtual_size': '0x0000b7d0'} description A section with a high entropy has been found
entropy 0.7209658638230066 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Installs itself for autorun at Windows startup (50 out of 83 个事件)
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger reg_value {79ECA078-17FF-726B-E811-213280E5C831}
File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
DrWeb BackDoor.HangUp.5
MicroWorld-eScan Trojan.GenericKDZ.71201
FireEye Generic.mg.d817f565665fdf84
CAT-QuickHeal Worm.Dorkbot.A
McAfee BackDoor-AXJ.gen
Cylance Unsafe
VIPRE BehavesLike.Win32.Malware.ssc (mx-v)
Sangfor Malware
K7AntiVirus Proxy-Program ( 00557ea51 )
Alibaba Trojan:Win32/Starter.ali1001008
K7GW Proxy-Program ( 00557ea51 )
Cybereason malicious.5665fd
Arcabit Trojan.Generic.D11621
BitDefenderTheta AI:Packer.5B67B96B1E
Cyren W32/S-c46e6d2d!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 Win32/Padodor.NAM
APEX Malicious
TotalDefense Win32/Webber.W
Paloalto generic.ml
ClamAV Win.Trojan.Crypted-31
Kaspersky Backdoor.Win32.Padodor.gen
BitDefender Trojan.GenericKDZ.71201
NANO-Antivirus Trojan.Win32.Padodor.foufls
Avast Win32:BackdoorX-gen [Trj]
Tencent Win32.Backdoor.Padodor.Wpsx
Ad-Aware Trojan.GenericKDZ.71201
Emsisoft Trojan.GenericKDZ.71201 (B)
Comodo Worm.Win32.Qukart.K@565w5t
F-Secure Trojan.TR/Crypt.XDR.Gen
Zillya Trojan.QukartGen.Win32.1
McAfee-GW-Edition BehavesLike.Win32.Backdoor.tc
Sophos Mal/Generic-R + Troj/Padodor-M
SentinelOne Static AI - Malicious PE
Jiangmin Backdoor/Padodor.fh
Avira TR/Crypt.XDR.Gen
Gridinsoft Trojan.Heur!.03216021
Microsoft Backdoor:Win32/Berbew.AA!MTB
ViRobot Trojan.Win32.Padodor.Gen.A
ZoneAlarm Backdoor.Win32.Padodor.gen
GData Trojan.GenericKDZ.71201
Cynet Malicious (score: 100)
AhnLab-V3 Win-Trojan/Berbew.51712
Acronis suspicious
VBA32 Backdoor.Padodor
ALYac Trojan.GenericKDZ.71201
MAX malware (ai score=81)
Malwarebytes Backdoor.Padodor
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-11 11:39:59

Imports

Library wsock32.dll:
0x43039c WSAGetLastError
0x4303a0 WSAStartup
0x4303a4 __WSAFDIsSet
0x4303a8 accept
0x4303ac bind
0x4303b0 closesocket
0x4303b4 connect
0x4303b8 gethostbyname
0x4303bc htonl
0x4303c0 htons
0x4303c4 inet_addr
0x4303c8 ioctlsocket
0x4303cc listen
0x4303d0 recv
0x4303d4 select
0x4303d8 send
0x4303dc socket
Library ole32.DLL:
0x4303e8 CoCreateInstance
0x4303ec CLSIDFromString
0x4303f0 CoTaskMemFree
0x4303f4 CoInitialize
0x4303f8 CoUninitialize
Library OLEAUT32.DLL:
0x430404 SysAllocString
Library WININET.DLL:
0x430410 DeleteUrlCacheEntry
Library KERNEL32.DLL:
0x430424 ExitProcess
0x430428 ExitThread
0x430438 FindClose
0x43043c FindFirstFileA
0x430440 FindNextFileA
0x430444 FreeLibrary
0x430448 GetCommandLineA
0x43044c GetCurrentProcessId
0x430450 GetCurrentThreadId
0x430454 GetExitCodeProcess
0x430458 GetExitCodeThread
0x43045c GetFileAttributesA
0x430460 GetFileSize
0x430464 GetFileTime
0x430468 GetLocalTime
0x43046c GetModuleFileNameA
0x430470 GetModuleHandleA
0x430474 CloseHandle
0x430478 GetProcAddress
0x43047c GetSystemDirectoryA
0x430480 GetTempPathA
0x430484 GetTickCount
0x43048c GetVersion
0x430490 GetVersionExA
0x430498 GlobalMemoryStatus
0x43049c CopyFileA
0x4304a4 IsBadReadPtr
0x4304a8 IsBadWritePtr
0x4304ac LoadLibraryA
0x4304b0 CreateDirectoryA
0x4304b4 LocalAlloc
0x4304b8 LocalFree
0x4304bc OpenFile
0x4304c0 OpenMutexA
0x4304c4 OpenProcess
0x4304c8 PeekNamedPipe
0x4304cc CreateFileA
0x4304d0 ReadFile
0x4304d4 RemoveDirectoryA
0x4304d8 RtlUnwind
0x4304dc SetFileAttributesA
0x4304e0 SetFilePointer
0x4304e4 CreateMutexA
0x4304e8 Sleep
0x4304ec TerminateProcess
0x4304f0 TerminateThread
0x4304f4 CreatePipe
0x4304f8 VirtualQuery
0x4304fc CreateProcessA
0x430500 WaitForSingleObject
0x430504 WideCharToMultiByte
0x430508 WinExec
0x43050c WriteFile
0x430510 lstrlenA
0x430514 lstrlenW
0x430518 CreateThread
0x43051c DeleteFileA
Library USER32.DLL:
0x430528 GetWindowTextA
0x43052c GetWindowRect
0x430530 FindWindowA
0x430534 GetWindow
0x430538 IsWindowVisible
0x43053c GetClassNameA
0x430540 GetForegroundWindow
0x430544 LoadCursorA
0x430548 SetTimer
0x43054c KillTimer
0x430550 RegisterClassA
0x430554 GetMessageA
0x430558 CreateDesktopA
0x43055c SetThreadDesktop
0x430560 GetThreadDesktop
0x430564 TranslateMessage
0x430568 DispatchMessageA
0x43056c SendMessageA
0x430570 CharUpperBuffA
0x430574 OemToCharA
0x430578 PostQuitMessage
0x43057c ShowWindow
0x430580 CreateWindowExA
0x430584 DestroyWindow
0x430588 DefWindowProcA
Library GDI32.DLL:
0x430594 GetStockObject
0x430598 DeleteObject
Library ADVAPI32.DLL:
0x4305a4 RegCreateKeyExA
0x4305a8 RegCloseKey
0x4305ac RegOpenKeyExA
0x4305b0 RegQueryValueExA
0x4305b4 RegSetValueExA
0x4305b8 GetSecurityInfo
0x4305bc SetSecurityInfo
0x4305c0 SetEntriesInAclA
Library CRTDLL.DLL:
0x4305cc _itoa
0x4305d0 __GetMainArgs
0x4305d4 _sleep
0x4305d8 _strcmpi
0x4305dc _stricmp
0x4305e0 atoi
0x4305e4 exit
0x4305e8 memcpy
0x4305ec memset
0x4305f0 raise
0x4305f4 rand
0x4305f8 signal
0x4305fc sprintf
0x430600 srand
0x430604 sscanf
0x430608 strcat
0x43060c strchr
0x430610 strncmp

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.