7.0
高危
56 个模型检测该样本为恶意!
重新分析
更多

e35d558a638632333c1c56f1546685732f84c4580611d2feed8c5ca7c9e77b67

d86e8d48a95430f30fbe05e98663a11b.exe

分析耗时

76s

最近分析

文件大小

360.1KB
静态报毒 动态报毒 100% AI SCORE=81 AIDETECTGBM AUSL BANKERX CLOUD CONFIDENCE ELDORADO EMOTET GENCIRC GENETIC HFSS HGIASOKA HIGH CONFIDENCE HSYKPJ INJUKE KCLOUD KRYPTIK LSJNJ MALWARE@#2ULWRP144FBAV R + TROJ R349205 RANAPAMA SCORE SUSGEN VLSBVXVM2JS ZENPAK 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Emotet.16b4ba0a 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:BankerX-gen [Trj] 20210223 21.1.5827.0
Tencent Malware.Win32.Gencirc.10cdee2e 20210223 1.0.0.1
Kingsoft Win32.Troj.Banker.(kcloud) 20210223 2017.9.26.565
McAfee Emotet-FRW!D86E8D48A954 20210223 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20210203 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619948428.903176
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1619948412.918176
CryptGenKey
crypto_handle: 0x005b6598
algorithm_identifier: 0x0000660e ()
provider_handle: 0x005b6078
flags: 1
key: fšD…C Ešñœr.
success 1 0
1619948428.918176
CryptExportKey
crypto_handle: 0x005b6598
crypto_export_handle: 0x005b6140
buffer: f¤­¡ æcRæ›tIÝ¿á¦ýO/ê˜J ü½®âz)bvÏ&=ì©ÝóŒ¡(*²ccYÌCbrÀwæ€M_o¤ï ž"`¬ªòöuf×Ã/ ©¾-Ú¬_‰óD]u3
blob_type: 1
flags: 64
success 1 0
1619948463.965176
CryptExportKey
crypto_handle: 0x005b6598
crypto_export_handle: 0x005b6140
buffer: f¤¶CÁ¶Ž»}ŸØÐ&©Œ?b"9¥-9ÍE'e S!F” äkÀ>—{üâ#wŒ8ëSÊۃ¹ö²ÖÓÄË Ûú¯/šŽ¶~ß3ÀÅ-KY¶þ€ Ý¿„VÄ‚jÔ…‘¦w¯Ù“
blob_type: 1
flags: 64
success 1 0
1619948468.559176
CryptExportKey
crypto_handle: 0x005b6598
crypto_export_handle: 0x005b6140
buffer: f¤*Ïr#_ÖXƒwš»LEDqÈKž¸<ºP,=y†ƒwOÑÄáwÿrš4”ŒîþÆ«‚Ùºæ0Ë̽vf{¸ó2´Œ2Y¾”ød(<¾ê@jºÝŒjªÌ½ÿXñ<¦d„
blob_type: 1
flags: 64
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619948412.465176
NtAllocateVirtualMemory
process_identifier: 472
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00470000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619948429.512176
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.173521633818507 section {'size_of_data': '0x0000c000', 'virtual_address': '0x00052000', 'entropy': 7.173521633818507, 'name': '.rsrc', 'virtual_size': '0x0000b7d0'} description A section with a high entropy has been found
Expresses interest in specific running processes (1 个事件)
process d86e8d48a95430f30fbe05e98663a11b.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619948429.137176
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 116.125.120.88
host 172.217.24.14
host 190.2.31.172
host 209.236.123.42
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619948432.106176
RegSetValueExA
key_handle: 0x000003b0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619948432.106176
RegSetValueExA
key_handle: 0x000003b0
value: À¡>T?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619948432.106176
RegSetValueExA
key_handle: 0x000003b0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619948432.106176
RegSetValueExW
key_handle: 0x000003b0
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619948432.121176
RegSetValueExA
key_handle: 0x000003c8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619948432.121176
RegSetValueExA
key_handle: 0x000003c8
value: À¡>T?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619948432.121176
RegSetValueExA
key_handle: 0x000003c8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619948432.137176
RegSetValueExW
key_handle: 0x000003ac
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)
Bkav W32.AIDetectGBM.malware.01
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Ranapama.ALN
FireEye Generic.mg.d86e8d48a95430f3
Qihoo-360 Win32/Backdoor.Emotet.HgIASOkA
ALYac Trojan.Agent.Emotet
Zillya Trojan.Emotet.Win32.24945
Sangfor Trojan.Win32.Emotet.PED
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/Emotet.16b4ba0a
K7GW Riskware ( 0040eff71 )
Cybereason malicious.8a9543
Arcabit Trojan.Ranapama.ALN
Cyren W32/Emotet.AQZ.gen!Eldorado
Symantec Trojan.Emotet
APEX Malicious
Avast Win32:BankerX-gen [Trj]
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.pef
BitDefender Trojan.Ranapama.ALN
NANO-Antivirus Trojan.Win32.Emotet.hsykpj
Paloalto generic.ml
ViRobot Trojan.Win32.Emotet.368640.B
Tencent Malware.Win32.Gencirc.10cdee2e
Ad-Aware Trojan.Ranapama.ALN
TACHYON Trojan/W32.Ranapama.368760
Sophos Mal/Generic-R + Troj/Emotet-CLR
Comodo Malware@#2ulwrp144fbav
F-Secure Trojan.TR/Crypt.Agent.lsjnj
DrWeb Trojan.Emotet.1005
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win32.Emotet.fh
Emsisoft Trojan.Emotet (A)
Ikarus Trojan-Banker.Emotet
Jiangmin Trojan.Banker.Emotet.off
Avira TR/Crypt.Agent.lsjnj
Antiy-AVL Trojan[Banker]/Win32.Emotet
Kingsoft Win32.Troj.Banker.(kcloud)
Gridinsoft Trojan.Win32.Emotet.oa
Microsoft Trojan:Win32/Emotet.PED!MTB
ZoneAlarm HEUR:Trojan-Banker.Win32.Emotet.pef
GData Trojan.Ranapama.ALN
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Emotet.R349205
McAfee Emotet-FRW!D86E8D48A954
MAX malware (ai score=81)
VBA32 Trojan.Injuke
Malwarebytes Trojan.MalPack.TRE
ESET-NOD32 a variant of Win32/Kryptik.HFSS
Rising Trojan.Kryptik!8.8 (CLOUD)
Yandex Trojan.Kryptik!vlsbVXVm2js
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 116.125.120.88:443
dead_host 190.2.31.172:80
dead_host 192.168.56.101:49179
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-25 14:29:38

Imports

Library KERNEL32.dll:
0x439174 FindClose
0x439178 FindFirstFileA
0x439180 GetFullPathNameA
0x439184 GetStringTypeExA
0x439188 GetThreadLocale
0x43918c GetShortPathNameA
0x439190 GetFileAttributesA
0x439194 GetFileTime
0x4391a0 SetFileTime
0x4391a4 SetFileAttributesA
0x4391b0 RtlUnwind
0x4391b4 HeapAlloc
0x4391bc GetStartupInfoA
0x4391c0 GetCommandLineA
0x4391c4 RaiseException
0x4391c8 HeapFree
0x4391cc TerminateProcess
0x4391d0 CreateThread
0x4391d4 ExitThread
0x4391d8 HeapReAlloc
0x4391dc HeapSize
0x4391e0 GetACP
0x4391e8 GetSystemTime
0x4391ec GetLocalTime
0x4391f0 FatalAppExitA
0x4391f4 DeleteFileA
0x4391f8 LCMapStringW
0x4391fc HeapDestroy
0x439200 HeapCreate
0x439204 VirtualFree
0x439208 VirtualAlloc
0x439220 SetHandleCount
0x439224 GetStdHandle
0x439228 GetFileType
0x439230 GetStringTypeA
0x439234 GetStringTypeW
0x439238 IsBadCodePtr
0x43923c IsValidLocale
0x439240 IsValidCodePage
0x439244 GetLocaleInfoA
0x439248 EnumSystemLocalesA
0x43924c GetUserDefaultLCID
0x439250 GetVersionExA
0x439258 SetStdHandle
0x43925c GetLocaleInfoW
0x439260 CompareStringA
0x439264 CompareStringW
0x43926c MoveFileA
0x439270 SetEndOfFile
0x439274 UnlockFile
0x439278 GetProfileStringA
0x43927c InterlockedExchange
0x439280 LockFile
0x439284 FlushFileBuffers
0x439288 SetFilePointer
0x43928c WriteFile
0x439290 ReadFile
0x439294 GetCurrentProcess
0x439298 DuplicateHandle
0x43929c SetErrorMode
0x4392b0 GetOEMCP
0x4392b4 GetCPInfo
0x4392b8 GetProcessVersion
0x4392bc TlsGetValue
0x4392c0 LocalReAlloc
0x4392c4 TlsSetValue
0x4392cc GlobalReAlloc
0x4392d4 TlsFree
0x4392d8 GlobalHandle
0x4392e0 TlsAlloc
0x4392e8 LocalAlloc
0x4392ec SizeofResource
0x4392f0 GetLastError
0x4392f4 GlobalFlags
0x4392f8 SuspendThread
0x4392fc SetThreadPriority
0x439300 ResumeThread
0x439304 GetModuleFileNameA
0x439308 lstrcmpA
0x43930c GetCurrentThread
0x439310 FormatMessageA
0x439314 LocalFree
0x439318 lstrcpynA
0x43931c MulDiv
0x439320 SetLastError
0x439324 MultiByteToWideChar
0x439328 WideCharToMultiByte
0x43932c lstrlenA
0x439338 GetVersion
0x43933c lstrcatA
0x439340 GlobalGetAtomNameA
0x439344 lstrcmpiA
0x439348 GlobalAddAtomA
0x43934c GlobalFindAtomA
0x439350 GlobalDeleteAtom
0x439354 lstrcpyA
0x439358 GetModuleHandleA
0x43935c GetProcAddress
0x439360 GlobalUnlock
0x439364 GlobalFree
0x439368 LockResource
0x43936c FindResourceA
0x439370 LoadResource
0x439374 ExitProcess
0x439378 OpenMutexA
0x43937c OpenEventA
0x439380 CreateMutexA
0x439384 CreateEventA
0x439388 ReleaseMutex
0x43938c WaitForSingleObject
0x439390 IsBadReadPtr
0x439394 IsBadWritePtr
0x439398 SetEvent
0x43939c GetCurrentThreadId
0x4393a0 UnmapViewOfFile
0x4393a4 CloseHandle
0x4393a8 FlushViewOfFile
0x4393ac CreateFileMappingA
0x4393b0 OpenFileMappingA
0x4393b4 MapViewOfFile
0x4393b8 CreateFileA
0x4393bc DeviceIoControl
0x4393c0 GetFileSize
0x4393c4 WinExec
0x4393cc LoadLibraryA
0x4393d0 FreeLibrary
0x4393d4 Sleep
0x4393d8 GlobalAlloc
0x4393dc GlobalSize
0x4393e0 GlobalLock
0x4393e4 LCMapStringA
Library USER32.dll:
0x439404 GetFocus
0x439408 DispatchMessageA
0x43940c PeekMessageA
0x439410 MapWindowPoints
0x439414 SendDlgItemMessageA
0x439418 UpdateWindow
0x43941c PostMessageA
0x439420 CheckDlgButton
0x439424 CheckRadioButton
0x439428 GetDlgItemInt
0x43942c GetDlgItemTextA
0x439430 SetDlgItemInt
0x439434 SetDlgItemTextA
0x439438 IsDlgButtonChecked
0x43943c ScrollWindowEx
0x439440 IsDialogMessageA
0x439444 SetWindowTextA
0x439448 MoveWindow
0x43944c EnableMenuItem
0x439450 CheckMenuItem
0x439454 SetMenuItemBitmaps
0x439458 ModifyMenuA
0x43945c GetMenuState
0x439460 LoadBitmapA
0x439468 wvsprintfA
0x43946c CharToOemA
0x439470 OemToCharA
0x439474 WindowFromPoint
0x439478 GetCursorPos
0x43947c ClientToScreen
0x439480 GetWindowDC
0x439484 BeginPaint
0x439488 EndPaint
0x43948c TabbedTextOutA
0x439490 DrawTextA
0x439494 GrayStringA
0x439498 LoadStringA
0x43949c DestroyMenu
0x4394a0 PostQuitMessage
0x4394a4 ShowOwnedPopups
0x4394a8 ValidateRect
0x4394ac TranslateMessage
0x4394b0 GetMessageA
0x4394b4 GetClassNameA
0x4394b8 GetDesktopWindow
0x4394bc GetDialogBaseUnits
0x4394c0 GetSysColorBrush
0x4394c4 SetCapture
0x4394c8 ReleaseCapture
0x4394cc WaitMessage
0x4394d4 InsertMenuA
0x4394d8 DeleteMenu
0x4394dc GetMenuStringA
0x4394e0 SetRectEmpty
0x4394e4 LoadAcceleratorsA
0x4394ec SetMenu
0x4394f0 ReuseDDElParam
0x4394f4 UnpackDDElParam
0x4394f8 BringWindowToTop
0x4394fc CharUpperA
0x439500 EndDeferWindowPos
0x439504 IsWindowVisible
0x439508 ScrollWindow
0x43950c GetScrollInfo
0x439510 SetScrollInfo
0x439514 ShowScrollBar
0x439518 GetScrollRange
0x43951c SetScrollRange
0x439520 GetScrollPos
0x439524 SetScrollPos
0x439528 GetTopWindow
0x43952c MessageBoxA
0x439530 IsChild
0x439534 GetCapture
0x439538 SetFocus
0x43953c wsprintfA
0x439540 GetClassInfoA
0x439544 RegisterClassA
0x439548 GetMenu
0x43954c GetMenuItemCount
0x439550 GetMenuItemID
0x439554 TrackPopupMenu
0x439558 SetWindowPlacement
0x439560 GetWindowTextA
0x439564 GetDlgCtrlID
0x439568 GetKeyState
0x43956c DefWindowProcA
0x439570 CreateWindowExA
0x439574 SetWindowsHookExA
0x439578 CallNextHookEx
0x43957c GetClassLongA
0x439580 SetPropA
0x439584 GetPropA
0x439588 CallWindowProcA
0x43958c RemovePropA
0x439590 GetMessageTime
0x439594 GetLastActivePopup
0x439598 GetForegroundWindow
0x43959c SetForegroundWindow
0x4395a0 GetWindow
0x4395a4 SetWindowPos
0x4395a8 OffsetRect
0x4395ac IntersectRect
0x4395b4 GetWindowPlacement
0x4395b8 GetNextDlgTabItem
0x4395bc EndDialog
0x4395c0 GetActiveWindow
0x4395c4 SetActiveWindow
0x4395cc DestroyWindow
0x4395d0 GetWindowLongA
0x4395d4 GetDlgItem
0x4395d8 IsWindowEnabled
0x4395dc LoadIconA
0x4395e0 IsIconic
0x4395e4 GetSystemMenu
0x4395e8 AppendMenuA
0x4395ec DrawIcon
0x4395f0 ShowWindow
0x4395f4 LoadMenuA
0x4395f8 GetSubMenu
0x4395fc DrawFocusRect
0x439600 GetSystemMetrics
0x439604 GetParent
0x439608 KillTimer
0x43960c SetTimer
0x439610 RedrawWindow
0x439614 InvalidateRect
0x439618 ReleaseDC
0x43961c GetDC
0x439620 ScreenToClient
0x439624 GetClientRect
0x439628 GetWindowRect
0x43962c SendMessageA
0x439630 InflateRect
0x439634 EnableWindow
0x439638 CloseClipboard
0x43963c GetClipboardData
0x439640 UnregisterClassA
0x439644 HideCaret
0x439648 ShowCaret
0x43964c PtInRect
0x439650 LoadCursorA
0x439654 CopyIcon
0x439658 IsWindow
0x43965c GetSysColor
0x439660 SetCursor
0x439664 GetMessagePos
0x439668 MessageBeep
0x43966c SetWindowLongA
0x439670 DestroyCursor
0x439674 AdjustWindowRectEx
0x439678 EqualRect
0x43967c DeferWindowPos
0x439680 BeginDeferWindowPos
0x439684 WinHelpA
0x439688 CopyRect
0x439690 EmptyClipboard
0x439694 SetClipboardData
0x439698 OpenClipboard
0x43969c IsWindowUnicode
0x4396a0 CharNextA
0x4396a4 DefDlgProcA
0x4396a8 ExcludeUpdateRgn
0x4396ac UnhookWindowsHookEx
Library GDI32.dll:
0x439030 DeleteDC
0x439034 StartDocA
0x439038 SaveDC
0x43903c RestoreDC
0x439040 SelectObject
0x439044 SelectPalette
0x439048 SetBkMode
0x43904c SetPolyFillMode
0x439050 SetROP2
0x439054 SetStretchBltMode
0x439058 SetMapMode
0x43905c SetViewportOrgEx
0x439060 OffsetViewportOrgEx
0x439064 SetViewportExtEx
0x439068 ScaleViewportExtEx
0x43906c SetWindowOrgEx
0x439070 OffsetWindowOrgEx
0x439074 SetWindowExtEx
0x439078 ScaleWindowExtEx
0x43907c SelectClipRgn
0x439080 ExcludeClipRect
0x439084 IntersectClipRect
0x439088 OffsetClipRgn
0x43908c MoveToEx
0x439090 LineTo
0x439094 SetTextAlign
0x4390a0 SetMapperFlags
0x4390a8 ArcTo
0x4390ac SetArcDirection
0x4390b0 CreateBitmap
0x4390b4 PolylineTo
0x4390b8 SetColorAdjustment
0x4390bc PolyBezierTo
0x4390c0 DeleteObject
0x4390c4 GetClipRgn
0x4390c8 CreateRectRgn
0x4390cc SelectClipPath
0x4390d0 ExtSelectClipRgn
0x4390d4 PlayMetaFileRecord
0x4390d8 GetObjectType
0x4390dc EnumMetaFile
0x4390e0 PlayMetaFile
0x4390e4 GetDeviceCaps
0x4390e8 GetViewportExtEx
0x4390ec GetWindowExtEx
0x4390f0 CreatePen
0x4390f4 ExtCreatePen
0x4390f8 CreateHatchBrush
0x4390fc CreatePatternBrush
0x439104 PtVisible
0x439108 RectVisible
0x43910c TextOutA
0x439110 ExtTextOutA
0x439114 Escape
0x439118 GetMapMode
0x43911c PatBlt
0x439120 SetRectRgn
0x439124 CombineRgn
0x43912c DPtoLP
0x439130 SetBkColor
0x439134 SetTextColor
0x439138 GetClipBox
0x43913c GetDCOrgEx
0x439140 GetCharWidthA
0x439144 GetTextMetricsA
0x43914c GetObjectA
0x439150 CreateFontIndirectA
0x439154 CreateSolidBrush
0x439158 PolyDraw
0x43915c CreateDIBitmap
0x439160 GetTextExtentPointA
0x439164 BitBlt
0x439168 CreateCompatibleDC
0x43916c GetStockObject
Library comdlg32.dll:
0x4396c4 GetFileTitleA
Library WINSPOOL.DRV:
0x4396b4 DocumentPropertiesA
0x4396b8 ClosePrinter
0x4396bc OpenPrinterA
Library ADVAPI32.dll:
0x439000 RegSetValueExA
0x439004 RegOpenKeyA
0x439008 RegDeleteKeyA
0x43900c RegDeleteValueA
0x439010 RegCloseKey
0x439014 RegQueryValueExA
0x439018 RegCreateKeyExA
0x43901c RegOpenKeyExA
0x439020 RegQueryValueA
Library SHELL32.dll:
0x4393ec DragQueryFileA
0x4393f0 DragFinish
0x4393f4 DragAcceptFiles
0x4393f8 ShellExecuteA
0x4393fc SHGetFileInfoA
Library COMCTL32.dll:
0x439028

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.