3.8
中危
1 个模型检测该样本为恶意!
重新分析
更多

3ced158c0fb965552e42ebb109b8a497929a66973d131f4d95f3f957d27f0c04

d86a7f46cfeb6ec9efb49e9c69b583b3.exe

分析耗时

81s

最近分析

文件大小

3.5MB
静态报毒 动态报毒 DELF TSCOPE
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20201012 6.0.6.653
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20201012 18.4.3895.0
Kingsoft 20201013 2013.8.14.323
CrowdStrike 20190702 1.0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1620985511.99885
NtAllocateVirtualMemory
process_identifier: 3040
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x007b0000
success 0 0
1620985512.35785
NtAllocateVirtualMemory
process_identifier: 3040
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00880000
success 0 0
Foreign language identified in PE resource (11 个事件)
name MODULE language LANG_KOREAN offset 0x00120eac filetype zlib compressed data sublanguage SUBLANG_KOREAN size 0x0023ec87
name MODULE language LANG_KOREAN offset 0x00120eac filetype zlib compressed data sublanguage SUBLANG_KOREAN size 0x0023ec87
name RT_ICON language LANG_KOREAN offset 0x00378e20 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN size 0x00000468
name RT_ICON language LANG_KOREAN offset 0x00378e20 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN size 0x00000468
name RT_ICON language LANG_KOREAN offset 0x00378e20 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN size 0x00000468
name RT_ICON language LANG_KOREAN offset 0x00378e20 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN size 0x00000468
name RT_ICON language LANG_KOREAN offset 0x00378e20 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN size 0x00000468
name RT_ICON language LANG_KOREAN offset 0x00378e20 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN size 0x00000468
name RT_GROUP_ICON language LANG_KOREAN offset 0x0038bf28 filetype data sublanguage SUBLANG_KOREAN size 0x0000005a
name RT_VERSION language LANG_KOREAN offset 0x0038bf84 filetype data sublanguage SUBLANG_KOREAN size 0x0000036c
name RT_MANIFEST language LANG_KOREAN offset 0x0038c2f0 filetype XML 1.0 document, ASCII text, with CR line terminators sublanguage SUBLANG_KOREAN size 0x0000032f
File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)
VBA32 TScope.Trojan.Delf
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.972792596162394 section {'size_of_data': '0x0026e800', 'virtual_address': '0x0011e000', 'entropy': 7.972792596162394, 'name': '.rsrc', 'virtual_size': '0x0026e620'} description A section with a high entropy has been found
entropy 0.694560669456067 description Overall entropy of this PE file is high
Queries for potentially installed applications (6 个事件)
Time & API Arguments Status Return Repeated
1620985512.17085
RegOpenKeyExA
access: 0x00020219
base_handle: 0x80000002
key_handle: 0x000000ec
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
options: 0
success 0 0
1620985512.17085
RegOpenKeyExA
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x000000ec
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
options: 0
success 0 0
1620985512.17085
RegOpenKeyExA
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x000000ec
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}
options: 0
success 0 0
1620985512.18585
RegOpenKeyExA
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x000000ec
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5F504DF-2ED9-4A2D-A2F3-9D2750DD42D6}
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5F504DF-2ED9-4A2D-A2F3-9D2750DD42D6}
options: 0
success 0 0
1620985512.18585
RegOpenKeyExA
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x000000ec
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}
options: 0
success 0 0
1620985512.18585
RegOpenKeyExA
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x000000ec
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
options: 0
success 0 0
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 222.186.170.171
Collects information about installed applications (4 个事件)
Time & API Arguments Status Return Repeated
1620985512.17085
RegQueryValueExA
key_handle: 0x000000ec
value: Microsoft .NET Framework 4 Extended
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}\DisplayName
success 0 0
1620985512.18585
RegQueryValueExA
key_handle: 0x000000ec
value: Python 2.7.18 (64-bit)
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5F504DF-2ED9-4A2D-A2F3-9D2750DD42D6}\DisplayName
success 0 0
1620985512.18585
RegQueryValueExA
key_handle: 0x000000ec
value: Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}\DisplayName
success 0 0
1620985512.18585
RegQueryValueExA
key_handle: 0x000000ec
value: Microsoft .NET Framework 4 Client Profile
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}\DisplayName
success 0 0
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2018-11-26 21:21:58

Imports

Library oleaut32.dll:
0x5079cc SysFreeString
0x5079d0 SysReAllocStringLen
0x5079d4 SysAllocStringLen
Library advapi32.dll:
0x5079dc RegQueryValueExA
0x5079e0 RegOpenKeyExA
0x5079e4 RegCloseKey
Library user32.dll:
0x5079ec GetKeyboardType
0x5079f0 DestroyWindow
0x5079f4 LoadStringA
0x5079f8 MessageBoxA
0x5079fc CharNextA
Library kernel32.dll:
0x507a04 GetACP
0x507a08 Sleep
0x507a0c VirtualFree
0x507a10 VirtualAlloc
0x507a14 GetCurrentThreadId
0x507a20 VirtualQuery
0x507a24 WideCharToMultiByte
0x507a28 MultiByteToWideChar
0x507a2c lstrlenA
0x507a30 lstrcpynA
0x507a34 LoadLibraryExA
0x507a38 GetThreadLocale
0x507a3c GetStartupInfoA
0x507a40 GetProcAddress
0x507a44 GetModuleHandleA
0x507a48 GetModuleFileNameA
0x507a4c GetLocaleInfoA
0x507a50 GetLastError
0x507a54 GetCommandLineA
0x507a58 FreeLibrary
0x507a5c FindFirstFileA
0x507a60 FindClose
0x507a64 ExitProcess
0x507a68 ExitThread
0x507a6c CreateThread
0x507a70 CompareStringA
0x507a74 WriteFile
0x507a7c SetFilePointer
0x507a80 SetEndOfFile
0x507a84 RtlUnwind
0x507a88 ReadFile
0x507a8c RaiseException
0x507a90 GetStdHandle
0x507a94 GetFileSize
0x507a98 GetFileType
0x507a9c CreateFileA
0x507aa0 CloseHandle
Library kernel32.dll:
0x507aa8 TlsSetValue
0x507aac TlsGetValue
0x507ab0 LocalAlloc
0x507ab4 GetModuleHandleA
Library user32.dll:
0x507abc CreateWindowExA
0x507ac0 WindowFromPoint
0x507ac4 WaitMessage
0x507ac8 UpdateWindow
0x507acc UnregisterClassA
0x507ad0 UnhookWindowsHookEx
0x507ad4 TranslateMessage
0x507adc TrackPopupMenu
0x507ae4 ShowWindow
0x507ae8 ShowScrollBar
0x507aec ShowOwnedPopups
0x507af0 SetWindowsHookExA
0x507af4 SetWindowTextA
0x507af8 SetWindowPos
0x507afc SetWindowPlacement
0x507b00 SetWindowLongW
0x507b04 SetWindowLongA
0x507b08 SetTimer
0x507b0c SetScrollRange
0x507b10 SetScrollPos
0x507b14 SetScrollInfo
0x507b18 SetRect
0x507b1c SetPropA
0x507b20 SetParent
0x507b24 SetMenuItemInfoA
0x507b28 SetMenu
0x507b2c SetForegroundWindow
0x507b30 SetFocus
0x507b34 SetCursor
0x507b38 SetClipboardData
0x507b3c SetClassLongA
0x507b40 SetCapture
0x507b44 SetActiveWindow
0x507b48 SendMessageW
0x507b4c SendMessageA
0x507b50 ScrollWindow
0x507b54 ScreenToClient
0x507b58 RemovePropA
0x507b5c RemoveMenu
0x507b60 ReleaseDC
0x507b64 ReleaseCapture
0x507b70 RegisterClassA
0x507b74 RedrawWindow
0x507b78 PtInRect
0x507b7c PostQuitMessage
0x507b80 PostMessageA
0x507b84 PeekMessageW
0x507b88 PeekMessageA
0x507b8c OpenClipboard
0x507b90 OffsetRect
0x507b94 OemToCharA
0x507b9c MessageBoxA
0x507ba0 MessageBeep
0x507ba4 MapWindowPoints
0x507ba8 MapVirtualKeyA
0x507bac LoadStringA
0x507bb0 LoadKeyboardLayoutA
0x507bb4 LoadIconA
0x507bb8 LoadCursorA
0x507bbc LoadBitmapA
0x507bc0 KillTimer
0x507bc4 IsZoomed
0x507bc8 IsWindowVisible
0x507bcc IsWindowUnicode
0x507bd0 IsWindowEnabled
0x507bd4 IsWindow
0x507bd8 IsRectEmpty
0x507bdc IsIconic
0x507be0 IsDialogMessageW
0x507be4 IsDialogMessageA
0x507be8 IsChild
0x507bec InvalidateRect
0x507bf0 IntersectRect
0x507bf4 InsertMenuItemA
0x507bf8 InsertMenuA
0x507bfc InflateRect
0x507c04 GetWindowTextA
0x507c08 GetWindowRect
0x507c0c GetWindowPlacement
0x507c10 GetWindowLongW
0x507c14 GetWindowLongA
0x507c18 GetWindowDC
0x507c1c GetTopWindow
0x507c20 GetSystemMetrics
0x507c24 GetSystemMenu
0x507c28 GetSysColorBrush
0x507c2c GetSysColor
0x507c30 GetSubMenu
0x507c34 GetScrollRange
0x507c38 GetScrollPos
0x507c3c GetScrollInfo
0x507c40 GetPropA
0x507c44 GetParent
0x507c48 GetWindow
0x507c4c GetMessagePos
0x507c50 GetMenuStringA
0x507c54 GetMenuState
0x507c58 GetMenuItemInfoA
0x507c5c GetMenuItemID
0x507c60 GetMenuItemCount
0x507c64 GetMenu
0x507c68 GetLastActivePopup
0x507c6c GetKeyboardState
0x507c78 GetKeyboardLayout
0x507c7c GetKeyState
0x507c80 GetKeyNameTextA
0x507c84 GetIconInfo
0x507c88 GetForegroundWindow
0x507c8c GetFocus
0x507c90 GetDesktopWindow
0x507c94 GetDCEx
0x507c98 GetDC
0x507c9c GetCursorPos
0x507ca0 GetCursor
0x507ca4 GetClipboardData
0x507ca8 GetClientRect
0x507cac GetClassLongA
0x507cb0 GetClassInfoA
0x507cb4 GetCapture
0x507cb8 GetActiveWindow
0x507cbc FrameRect
0x507cc0 FindWindowA
0x507cc4 FillRect
0x507cc8 EqualRect
0x507ccc EnumWindows
0x507cd0 EnumThreadWindows
0x507cd4 EnumChildWindows
0x507cd8 EndPaint
0x507cdc EnableWindow
0x507ce0 EnableScrollBar
0x507ce4 EnableMenuItem
0x507ce8 EmptyClipboard
0x507cec DrawTextA
0x507cf0 DrawMenuBar
0x507cf4 DrawIconEx
0x507cf8 DrawIcon
0x507cfc DrawFrameControl
0x507d00 DrawFocusRect
0x507d04 DrawEdge
0x507d08 DispatchMessageW
0x507d0c DispatchMessageA
0x507d10 DestroyWindow
0x507d14 DestroyMenu
0x507d18 DestroyIcon
0x507d1c DestroyCursor
0x507d20 DeleteMenu
0x507d24 DefWindowProcA
0x507d28 DefMDIChildProcA
0x507d2c DefFrameProcA
0x507d30 CreatePopupMenu
0x507d34 CreateMenu
0x507d38 CreateIcon
0x507d3c CloseClipboard
0x507d40 ClientToScreen
0x507d44 CheckMenuItem
0x507d48 CharNextW
0x507d4c CallWindowProcA
0x507d50 CallNextHookEx
0x507d54 BeginPaint
0x507d58 CharNextA
0x507d5c CharLowerBuffA
0x507d60 CharLowerA
0x507d64 CharUpperBuffA
0x507d68 CharToOemA
0x507d6c AdjustWindowRectEx
Library gdi32.dll:
0x507d78 UnrealizeObject
0x507d7c StretchBlt
0x507d80 SetWindowOrgEx
0x507d84 SetWinMetaFileBits
0x507d88 SetViewportOrgEx
0x507d8c SetTextColor
0x507d90 SetStretchBltMode
0x507d94 SetROP2
0x507d98 SetPixel
0x507d9c SetEnhMetaFileBits
0x507da0 SetDIBColorTable
0x507da4 SetBrushOrgEx
0x507da8 SetBkMode
0x507dac SetBkColor
0x507db0 SelectPalette
0x507db4 SelectObject
0x507db8 SaveDC
0x507dbc RestoreDC
0x507dc0 Rectangle
0x507dc4 RectVisible
0x507dc8 RealizePalette
0x507dcc Polyline
0x507dd0 PlayEnhMetaFile
0x507dd4 PatBlt
0x507dd8 MoveToEx
0x507ddc MaskBlt
0x507de0 LineTo
0x507de4 IntersectClipRect
0x507de8 GetWindowOrgEx
0x507dec GetWinMetaFileBits
0x507df0 GetTextMetricsA
0x507df4 GetTextExtentPointA
0x507e00 GetStockObject
0x507e04 GetRgnBox
0x507e08 GetPixel
0x507e0c GetPaletteEntries
0x507e10 GetObjectA
0x507e1c GetEnhMetaFileBits
0x507e20 GetDeviceCaps
0x507e24 GetDIBits
0x507e28 GetDIBColorTable
0x507e2c GetDCOrgEx
0x507e34 GetClipBox
0x507e38 GetBrushOrgEx
0x507e3c GetBitmapBits
0x507e40 GdiFlush
0x507e44 ExcludeClipRect
0x507e48 DeleteObject
0x507e4c DeleteEnhMetaFile
0x507e50 DeleteDC
0x507e54 CreateSolidBrush
0x507e58 CreatePenIndirect
0x507e5c CreatePalette
0x507e64 CreateFontIndirectA
0x507e68 CreateDIBitmap
0x507e6c CreateDIBSection
0x507e70 CreateCompatibleDC
0x507e78 CreateBrushIndirect
0x507e7c CreateBitmap
0x507e80 CopyEnhMetaFileA
0x507e84 BitBlt
Library version.dll:
0x507e8c VerQueryValueA
0x507e94 GetFileVersionInfoA
Library kernel32.dll:
0x507e9c lstrcpyA
0x507ea4 WriteFile
0x507ea8 WinExec
0x507eac WideCharToMultiByte
0x507eb0 WaitForSingleObject
0x507eb4 VirtualQuery
0x507eb8 VirtualAlloc
0x507ebc TerminateProcess
0x507ec0 Sleep
0x507ec4 SizeofResource
0x507ec8 SetThreadLocale
0x507ecc SetLastError
0x507ed0 SetFileTime
0x507ed4 SetFilePointer
0x507ed8 SetFileAttributesA
0x507edc SetEvent
0x507ee0 SetErrorMode
0x507ee4 SetEndOfFile
0x507ee8 ResumeThread
0x507eec ResetEvent
0x507ef0 RemoveDirectoryA
0x507ef4 ReleaseMutex
0x507ef8 ReadFile
0x507efc RaiseException
0x507f08 OpenProcess
0x507f0c MultiByteToWideChar
0x507f10 MulDiv
0x507f14 MoveFileA
0x507f18 LockResource
0x507f20 LoadResource
0x507f24 LoadLibraryA
0x507f30 GlobalUnlock
0x507f34 GlobalLock
0x507f38 GlobalFree
0x507f3c GlobalFindAtomA
0x507f40 GlobalDeleteAtom
0x507f44 GlobalAlloc
0x507f48 GlobalAddAtomA
0x507f4c GetVersionExA
0x507f50 GetVersion
0x507f54 GetTickCount
0x507f58 GetThreadLocale
0x507f5c GetTempPathA
0x507f60 GetStdHandle
0x507f64 GetProcAddress
0x507f6c GetModuleHandleA
0x507f70 GetModuleFileNameA
0x507f74 GetLocaleInfoA
0x507f78 GetLocalTime
0x507f7c GetLastError
0x507f80 GetFullPathNameA
0x507f84 GetFileTime
0x507f88 GetFileSize
0x507f8c GetFileAttributesA
0x507f90 GetExitCodeThread
0x507f94 GetExitCodeProcess
0x507f98 GetDiskFreeSpaceA
0x507f9c GetDateFormatA
0x507fa0 GetCurrentThreadId
0x507fa4 GetCurrentProcessId
0x507fa8 GetCurrentProcess
0x507fac GetCPInfo
0x507fb0 GetACP
0x507fb4 FreeResource
0x507fbc InterlockedExchange
0x507fc4 FreeLibrary
0x507fc8 FormatMessageA
0x507fcc FindResourceA
0x507fd0 FindNextFileA
0x507fd4 FindFirstFileA
0x507fd8 FindClose
0x507fe4 EnumCalendarInfoA
0x507ff0 DeleteFileA
0x507ff8 CreateThread
0x507ffc CreateProcessA
0x508000 CreateMutexA
0x508004 CreateFileA
0x508008 CreateEventA
0x50800c CreateDirectoryA
0x508010 CompareStringW
0x508014 CompareStringA
0x508018 CloseHandle
Library advapi32.dll:
0x508020 RegSetValueExA
0x508024 RegQueryValueExA
0x508028 RegQueryInfoKeyA
0x50802c RegOpenKeyExA
0x508030 RegFlushKey
0x508034 RegEnumKeyExA
0x508038 RegCreateKeyExA
0x50803c RegCloseKey
Library oleaut32.dll:
0x508044 GetErrorInfo
0x508048 SysFreeString
Library ole32.dll:
0x508050 CoTaskMemFree
0x508054 CoTaskMemAlloc
0x508058 CoUninitialize
0x50805c CoInitialize
Library IMAGEHLP.DLL:
0x508064 CheckSumMappedFile
Library kernel32.dll:
0x50806c Sleep
Library ole32.dll:
0x508074 CLSIDFromString
0x508078 CoTaskMemFree
0x50807c StringFromCLSID
Library oleaut32.dll:
0x508084 SafeArrayPtrOfIndex
0x508088 SafeArrayPutElement
0x50808c SafeArrayGetElement
0x508094 SafeArrayAccessData
0x508098 SafeArrayGetUBound
0x50809c SafeArrayGetLBound
0x5080a0 SafeArrayCreate
0x5080a4 VariantChangeType
0x5080a8 VariantCopyInd
0x5080ac VariantCopy
0x5080b0 VariantClear
0x5080b4 VariantInit
Library comctl32.dll:
0x5080bc _TrackMouseEvent
0x5080c8 ImageList_Write
0x5080cc ImageList_Read
0x5080d8 ImageList_DragMove
0x5080dc ImageList_DragLeave
0x5080e0 ImageList_DragEnter
0x5080e4 ImageList_EndDrag
0x5080e8 ImageList_BeginDrag
0x5080ec ImageList_Remove
0x5080f0 ImageList_DrawEx
0x5080f4 ImageList_Replace
0x5080f8 ImageList_Draw
0x508104 ImageList_Add
0x508110 ImageList_Destroy
0x508114 ImageList_Create
0x508118 InitCommonControls
Library shell32.dll:
0x508120 ShellExecuteA
Library ODBC32.DLL:
0x508128 SQLTables
0x50812c SQLStatistics
0x508130 SQLSpecialColumns
0x508134 SQLSetStmtAttr
0x508138 SQLSetPos
0x50813c SQLSetEnvAttr
0x508140 SQLSetDescField
0x508144 SQLSetConnectAttr
0x508148 SQLRowCount
0x50814c SQLPutData
0x508150 SQLProcedures
0x508154 SQLProcedureColumns
0x508158 SQLPrimaryKeys
0x50815c SQLPrepare
0x508160 SQLParamData
0x508164 SQLNumResultCols
0x508168 SQLGetStmtAttr
0x50816c SQLGetInfo
0x508170 SQLGetFunctions
0x508174 SQLGetEnvAttr
0x508178 SQLGetDiagRec
0x50817c SQLGetDiagField
0x508180 SQLGetData
0x508184 SQLGetCursorName
0x508188 SQLGetConnectAttr
0x50818c SQLFreeStmt
0x508190 SQLFreeHandle
0x508194 SQLForeignKeys
0x508198 SQLFetchScroll
0x50819c SQLFetch
0x5081a0 SQLExecute
0x5081a4 SQLExecDirect
0x5081a8 SQLEndTran
0x5081ac SQLDriverConnect
0x5081b0 SQLDisconnect
0x5081b4 SQLDescribeParam
0x5081b8 SQLDescribeCol
0x5081bc SQLConnect
0x5081c0 SQLColumns
0x5081c4 SQLColAttribute
0x5081c8 SQLBulkOperations
0x5081cc SQLBindParameter
0x5081d0 SQLBindCol
0x5081d4 SQLAllocHandle
Library wsock32.dll:
0x5081dc WSACleanup
0x5081e0 WSAStartup
0x5081e4 gethostname
0x5081e8 gethostbyname
0x5081ec inet_ntoa

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
222.186.170.171 80 192.168.56.101 49175

UDP

Source Source Port Destination Destination Port
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 53658 239.255.255.250 3702
192.168.56.101 57875 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 63432 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.