10.8
0-day
58 个模型检测该样本为恶意!
重新分析
更多

76b62ef8530770a98200250ce45c56647bab874f0bd1c2a5daa074e570a7d204

daf2b66d6a336a33451b7dd1a0ec4268.exe

分析耗时

76s

最近分析

文件大小

772.5KB
静态报毒 动态报毒 AI SCORE=85 AIDETECTVM ALI2000015 ATTRIBUTE CLASSIC CONFIDENCE DATASTEALER DELF DELFINJECT DELPHILESS EMTN EMVB FAREIT FPUNZ HIGH CONFIDENCE HIGHCONFIDENCE HPRCDN KCLOUD KRYPTIK MALWARE2 MALWARE@#2BPKJKSXUI1AU MVBWOZ8KTRC NANOCORE PUTTY SCORE SUSGEN TSCOPE UNSAFE WGW@AWDTZ8HI WHEL WVUG X2094 ZELPHIF ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20201210 21.1.5827.0
Tencent Win32.Trojan.Kryptik.Wvug 20201211 1.0.0.1
Kingsoft Win32.Troj.Undef.(kcloud) 20201211 2017.9.26.565
McAfee Fareit-FPQ!DAF2B66D6A33 20201211 6.0.6.653
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619973225.172874
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619973249.126874
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619973268.672874
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Tries to locate where the browsers are installed (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619973222.610874
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619973221.360124
NtAllocateVirtualMemory
process_identifier: 732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x023e0000
success 0 0
1619973221.407124
NtAllocateVirtualMemory
process_identifier: 732
region_size: 69632
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x023f0000
success 0 0
1619973221.407124
NtAllocateVirtualMemory
process_identifier: 732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02420000
success 0 0
Steals private information from local Internet browsers (19 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\LocalMapleStudio\ChromePlus\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\LocalMapleStudio\ChromePlus\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Nichrome\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Nichrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\RockMelt\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\RockMelt\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Data
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\SeaMonkey
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1619973268.657874
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\daf2b66d6a336a33451b7dd1a0ec4268.exe
newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\6ED2B0\0019EA.exe
newfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Roaming\6ED2B0\0019EA.exe
flags: 1
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\daf2b66d6a336a33451b7dd1a0ec4268.exe
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.3576365550517275 section {'size_of_data': '0x00025200', 'virtual_address': '0x000a2000', 'entropy': 7.3576365550517275, 'name': '.rsrc', 'virtual_size': '0x00025144'} description A section with a high entropy has been found
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1619973249.047874
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Harvests credentials from local FTP client softwares (22 个事件)
file C:\Program Files (x86)\FTPGetter\Profile\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FTPGetter\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Estsoft\ALFTP\ESTdb2.dat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\wcx_ftp.ini
file C:\Windows\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\GHISLER\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\wcx_ftp.ini
file C:\Windows\32BitFtp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\sitemanager.xml
file C:\Program Files (x86)\FileZilla\Filezilla.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\filezilla.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\recentservers.xml
registry HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
registry HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
registry HKEY_CURRENT_USER\Software\Ghisler\Total Commander
registry HKEY_CURRENT_USER\Software\VanDyke\SecureFX
registry HKEY_CURRENT_USER\Software\LinasFTP\Site Manager
registry HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings
registry HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions
registry HKEY_LOCAL_MACHINE\Software\SimonTatham\PuTTY\Sessions
registry HKEY_CURRENT_USER\Software\Martin Prikryl
registry HKEY_LOCAL_MACHINE\Software\Martin Prikryl
Harvests information related to installed instant messenger clients (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\.purple\accounts.xml
Harvests credentials from local email clients (3 个事件)
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird
registry HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 732 called NtSetContextThread to modify thread in remote process 2264
Time & API Arguments Status Return Repeated
1619973221.532124
NtSetContextThread
thread_handle: 0x00000110
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4274654
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2264
success 0 0
Putty Files, Registry Keys and/or Mutexes Detected
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 732 resumed a thread in remote process 2264
Time & API Arguments Status Return Repeated
1619973221.813124
NtResumeThread
thread_handle: 0x00000110
suspend_count: 1
process_identifier: 2264
success 0 0
Generates some ICMP traffic
Executed a process and injected code into it, probably while unpacking (7 个事件)
Time & API Arguments Status Return Repeated
1619973221.516124
CreateProcessInternalW
thread_identifier: 2292
thread_handle: 0x00000110
process_identifier: 2264
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\daf2b66d6a336a33451b7dd1a0ec4268.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000114
inherit_handles: 0
success 1 0
1619973221.516124
NtUnmapViewOfSection
process_identifier: 2264
region_size: 4096
process_handle: 0x00000114
base_address: 0x00400000
success 0 0
1619973221.516124
NtMapViewOfSection
section_handle: 0x0000011c
process_identifier: 2264
commit_size: 663552
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000114
allocation_type: 0 ()
section_offset: 0
view_size: 663552
base_address: 0x00400000
success 0 0
1619973221.532124
NtGetContextThread
thread_handle: 0x00000110
success 0 0
1619973221.532124
NtSetContextThread
thread_handle: 0x00000110
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4274654
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2264
success 0 0
1619973221.813124
NtResumeThread
thread_handle: 0x00000110
suspend_count: 1
process_identifier: 2264
success 0 0
1619973224.157874
NtResumeThread
thread_handle: 0x00000110
suspend_count: 1
process_identifier: 2264
success 0 0
File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Zusy.310200
FireEye Generic.mg.daf2b66d6a336a33
ALYac Gen:Variant.Zusy.310200
Cylance Unsafe
Zillya Trojan.Injector.Win32.755492
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Riskware ( 0040eff71 )
CrowdStrike win/malicious_confidence_90% (W)
Arcabit Trojan.Zusy.D4BBB8
Cyren W32/Injector.WHEL-0962
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
ClamAV Win.Dropper.Nanocore-9168858-0
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
BitDefender Gen:Variant.Zusy.310200
NANO-Antivirus Trojan.Win32.Kryptik.hprcdn
AegisLab Trojan.Win32.Kryptik.4!c
Avast Win32:Malware-gen
Tencent Win32.Trojan.Kryptik.Wvug
Ad-Aware Gen:Variant.Zusy.310200
Emsisoft Gen:Variant.Zusy.310200 (B)
Comodo Malware@#2bpkjksxui1au
F-Secure Trojan.TR/Injector.fpunz
DrWeb Trojan.PWS.Stealer.28996
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win32.Fareit.bh
Sophos Mal/Generic-S
Ikarus Trojan.Inject
Jiangmin Trojan.Kryptik.bzn
Avira TR/Injector.fpunz
Antiy-AVL Trojan/Win32.Kryptik
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Trojan.Win32.Kryptik.oa
Microsoft Trojan:Win32/DataStealer.VD!MTB
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Gen:Variant.Zusy.310200
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2094
Acronis suspicious
McAfee Fareit-FPQ!DAF2B66D6A33
MAX malware (ai score=85)
VBA32 TScope.Trojan.Delf
Malwarebytes Trojan.MalPack.DLF
ESET-NOD32 a variant of Win32/Injector.EMVB
Rising Trojan.Injector!1.C99D (CLASSIC)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x493178 VirtualFree
0x49317c VirtualAlloc
0x493180 LocalFree
0x493184 LocalAlloc
0x493188 GetVersion
0x49318c GetCurrentThreadId
0x493198 VirtualQuery
0x49319c WideCharToMultiByte
0x4931a0 MultiByteToWideChar
0x4931a4 lstrlenA
0x4931a8 lstrcpynA
0x4931ac LoadLibraryExA
0x4931b0 GetThreadLocale
0x4931b4 GetStartupInfoA
0x4931b8 GetProcAddress
0x4931bc GetModuleHandleA
0x4931c0 GetModuleFileNameA
0x4931c4 GetLocaleInfoA
0x4931c8 GetCommandLineA
0x4931cc FreeLibrary
0x4931d0 FindFirstFileA
0x4931d4 FindClose
0x4931d8 ExitProcess
0x4931dc WriteFile
0x4931e4 RtlUnwind
0x4931e8 RaiseException
0x4931ec GetStdHandle
Library user32.dll:
0x4931f4 GetKeyboardType
0x4931f8 LoadStringA
0x4931fc MessageBoxA
0x493200 CharNextA
Library advapi32.dll:
0x493208 RegQueryValueExA
0x49320c RegOpenKeyExA
0x493210 RegCloseKey
Library oleaut32.dll:
0x493218 SysFreeString
0x49321c SysReAllocStringLen
0x493220 SysAllocStringLen
Library kernel32.dll:
0x493228 TlsSetValue
0x49322c TlsGetValue
0x493230 LocalAlloc
0x493234 GetModuleHandleA
Library advapi32.dll:
0x49323c RegQueryValueExA
0x493240 RegOpenKeyExA
0x493244 RegCloseKey
Library kernel32.dll:
0x49324c lstrcpyA
0x493250 WriteFile
0x493254 WaitForSingleObject
0x493258 VirtualQuery
0x49325c VirtualAlloc
0x493260 Sleep
0x493264 SizeofResource
0x493268 SetThreadLocale
0x49326c SetFilePointer
0x493270 SetEvent
0x493274 SetErrorMode
0x493278 SetEndOfFile
0x49327c ResetEvent
0x493280 ReadFile
0x493284 MultiByteToWideChar
0x493288 MulDiv
0x49328c LockResource
0x493290 LoadResource
0x493294 LoadLibraryA
0x4932a0 GlobalUnlock
0x4932a4 GlobalSize
0x4932a8 GlobalReAlloc
0x4932ac GlobalHandle
0x4932b0 GlobalLock
0x4932b4 GlobalFree
0x4932b8 GlobalFindAtomA
0x4932bc GlobalDeleteAtom
0x4932c0 GlobalAlloc
0x4932c4 GlobalAddAtomA
0x4932c8 GetVersionExA
0x4932cc GetVersion
0x4932d0 GetUserDefaultLCID
0x4932d4 GetTickCount
0x4932d8 GetThreadLocale
0x4932dc GetSystemInfo
0x4932e0 GetStringTypeExA
0x4932e4 GetStdHandle
0x4932e8 GetProcAddress
0x4932ec GetModuleHandleA
0x4932f0 GetModuleFileNameA
0x4932f4 GetLocaleInfoA
0x4932f8 GetLocalTime
0x4932fc GetLastError
0x493300 GetFullPathNameA
0x493304 GetDiskFreeSpaceA
0x493308 GetDateFormatA
0x49330c GetCurrentThreadId
0x493310 GetCurrentProcessId
0x493314 GetComputerNameA
0x493318 GetCPInfo
0x49331c GetACP
0x493320 FreeResource
0x493324 InterlockedExchange
0x493328 FreeLibrary
0x49332c FormatMessageA
0x493330 FindResourceA
0x493334 EnumCalendarInfoA
0x493340 CreateThread
0x493344 CreateFileA
0x493348 CreateEventA
0x49334c CompareStringA
0x493350 CloseHandle
Library version.dll:
0x493358 VerQueryValueA
0x493360 GetFileVersionInfoA
Library gdi32.dll:
0x493368 UnrealizeObject
0x49336c StretchBlt
0x493370 SetWindowOrgEx
0x493374 SetWinMetaFileBits
0x493378 SetViewportOrgEx
0x49337c SetTextColor
0x493380 SetStretchBltMode
0x493384 SetROP2
0x493388 SetPixel
0x49338c SetMapMode
0x493390 SetEnhMetaFileBits
0x493394 SetDIBColorTable
0x493398 SetBrushOrgEx
0x49339c SetBkMode
0x4933a0 SetBkColor
0x4933a4 SelectPalette
0x4933a8 SelectObject
0x4933ac SelectClipRgn
0x4933b0 SaveDC
0x4933b4 RestoreDC
0x4933b8 Rectangle
0x4933bc RectVisible
0x4933c0 RealizePalette
0x4933c4 Polyline
0x4933c8 PlayEnhMetaFile
0x4933cc PatBlt
0x4933d0 MoveToEx
0x4933d4 MaskBlt
0x4933d8 LineTo
0x4933dc LPtoDP
0x4933e0 IntersectClipRect
0x4933e4 GetWindowOrgEx
0x4933e8 GetWinMetaFileBits
0x4933ec GetTextMetricsA
0x4933f8 GetStockObject
0x4933fc GetPixel
0x493400 GetPaletteEntries
0x493404 GetObjectA
0x493414 GetEnhMetaFileBits
0x493418 GetDeviceCaps
0x49341c GetDIBits
0x493420 GetDIBColorTable
0x493424 GetDCOrgEx
0x49342c GetClipRgn
0x493430 GetClipBox
0x493434 GetBrushOrgEx
0x493438 GetBitmapBits
0x49343c ExtTextOutA
0x493440 ExcludeClipRect
0x493444 DeleteObject
0x493448 DeleteEnhMetaFile
0x49344c DeleteDC
0x493450 CreateSolidBrush
0x493454 CreateRectRgn
0x493458 CreatePenIndirect
0x49345c CreatePen
0x493460 CreatePalette
0x493468 CreateFontIndirectA
0x49346c CreateEnhMetaFileA
0x493470 CreateDIBitmap
0x493474 CreateDIBSection
0x493478 CreateCompatibleDC
0x493480 CreateBrushIndirect
0x493484 CreateBitmap
0x493488 CopyEnhMetaFileA
0x49348c CloseEnhMetaFile
0x493490 BitBlt
Library opengl32.dll:
0x493498 wglDeleteContext
Library user32.dll:
0x4934a0 CreateWindowExA
0x4934a4 WindowFromPoint
0x4934a8 WinHelpA
0x4934ac WaitMessage
0x4934b0 ValidateRect
0x4934b4 UpdateWindow
0x4934b8 UnregisterClassA
0x4934bc UnhookWindowsHookEx
0x4934c0 TranslateMessage
0x4934c8 TrackPopupMenu
0x4934d0 ShowWindow
0x4934d4 ShowScrollBar
0x4934d8 ShowOwnedPopups
0x4934dc ShowCursor
0x4934e0 SetWindowsHookExA
0x4934e4 SetWindowTextA
0x4934e8 SetWindowPos
0x4934ec SetWindowPlacement
0x4934f0 SetWindowLongA
0x4934f4 SetTimer
0x4934f8 SetScrollRange
0x4934fc SetScrollPos
0x493500 SetScrollInfo
0x493504 SetRect
0x493508 SetPropA
0x49350c SetParent
0x493510 SetMenuItemInfoA
0x493514 SetMenu
0x493518 SetForegroundWindow
0x49351c SetFocus
0x493520 SetCursor
0x493524 SetClassLongA
0x493528 SetCapture
0x49352c SetActiveWindow
0x493530 SendMessageA
0x493534 ScrollWindow
0x493538 ScreenToClient
0x49353c RemovePropA
0x493540 RemoveMenu
0x493544 ReleaseDC
0x493548 ReleaseCapture
0x493554 RegisterClassA
0x493558 RedrawWindow
0x49355c PtInRect
0x493560 PostQuitMessage
0x493564 PostMessageA
0x493568 PeekMessageA
0x49356c OffsetRect
0x493570 OemToCharA
0x493574 MessageBoxA
0x493578 MapWindowPoints
0x49357c MapVirtualKeyA
0x493580 LoadStringA
0x493584 LoadKeyboardLayoutA
0x493588 LoadIconA
0x49358c LoadCursorA
0x493590 LoadBitmapA
0x493594 KillTimer
0x493598 IsZoomed
0x49359c IsWindowVisible
0x4935a0 IsWindowEnabled
0x4935a4 IsWindow
0x4935a8 IsRectEmpty
0x4935ac IsIconic
0x4935b0 IsDialogMessageA
0x4935b4 IsChild
0x4935b8 InvalidateRect
0x4935bc IntersectRect
0x4935c0 InsertMenuItemA
0x4935c4 InsertMenuA
0x4935c8 InflateRect
0x4935d0 GetWindowTextA
0x4935d4 GetWindowRect
0x4935d8 GetWindowPlacement
0x4935dc GetWindowLongA
0x4935e0 GetWindowDC
0x4935e4 GetTopWindow
0x4935e8 GetSystemMetrics
0x4935ec GetSystemMenu
0x4935f0 GetSysColorBrush
0x4935f4 GetSysColor
0x4935f8 GetSubMenu
0x4935fc GetScrollRange
0x493600 GetScrollPos
0x493604 GetScrollInfo
0x493608 GetPropA
0x49360c GetParent
0x493610 GetWindow
0x493614 GetMessageTime
0x493618 GetMenuStringA
0x49361c GetMenuState
0x493620 GetMenuItemInfoA
0x493624 GetMenuItemID
0x493628 GetMenuItemCount
0x49362c GetMenu
0x493630 GetLastActivePopup
0x493634 GetKeyboardState
0x49363c GetKeyboardLayout
0x493640 GetKeyState
0x493644 GetKeyNameTextA
0x493648 GetIconInfo
0x49364c GetForegroundWindow
0x493650 GetFocus
0x493654 GetDlgItem
0x493658 GetDesktopWindow
0x49365c GetDCEx
0x493660 GetDC
0x493664 GetCursorPos
0x493668 GetCursor
0x49366c GetClipboardData
0x493670 GetClientRect
0x493674 GetClassNameA
0x493678 GetClassInfoA
0x49367c GetCapture
0x493680 GetActiveWindow
0x493684 FrameRect
0x493688 FindWindowA
0x49368c FillRect
0x493690 EqualRect
0x493694 EnumWindows
0x493698 EnumThreadWindows
0x49369c EndPaint
0x4936a0 EnableWindow
0x4936a4 EnableScrollBar
0x4936a8 EnableMenuItem
0x4936ac DrawTextA
0x4936b0 DrawMenuBar
0x4936b4 DrawIconEx
0x4936b8 DrawIcon
0x4936bc DrawFrameControl
0x4936c0 DrawFocusRect
0x4936c4 DrawEdge
0x4936c8 DispatchMessageA
0x4936cc DestroyWindow
0x4936d0 DestroyMenu
0x4936d4 DestroyIcon
0x4936d8 DestroyCursor
0x4936dc DeleteMenu
0x4936e0 DefWindowProcA
0x4936e4 DefMDIChildProcA
0x4936e8 DefFrameProcA
0x4936ec CreatePopupMenu
0x4936f0 CreateMenu
0x4936f4 CreateIcon
0x4936f8 ClientToScreen
0x4936fc CheckMenuItem
0x493700 CallWindowProcA
0x493704 CallNextHookEx
0x493708 BeginPaint
0x49370c CharNextA
0x493710 CharLowerBuffA
0x493714 CharLowerA
0x493718 CharUpperBuffA
0x49371c CharToOemA
0x493720 AdjustWindowRectEx
Library kernel32.dll:
0x49372c Sleep
Library oleaut32.dll:
0x493734 SafeArrayPtrOfIndex
0x493738 SafeArrayPutElement
0x49373c SafeArrayGetElement
0x493744 SafeArrayAccessData
0x493748 SafeArrayGetUBound
0x49374c SafeArrayGetLBound
0x493750 SafeArrayCreate
0x493754 VariantChangeType
0x493758 VariantCopyInd
0x49375c VariantCopy
0x493760 VariantClear
0x493764 VariantInit
Library ole32.dll:
0x493770 IsAccelerator
0x493774 OleDraw
0x49377c CoTaskMemFree
0x493780 ProgIDFromCLSID
0x493784 StringFromCLSID
0x493788 CoCreateInstance
0x49378c CoGetClassObject
0x493790 CoUninitialize
0x493794 CoInitialize
0x493798 IsEqualGUID
Library oleaut32.dll:
0x4937a0 GetErrorInfo
0x4937a4 GetActiveObject
0x4937a8 SysFreeString
Library comctl32.dll:
0x4937b8 ImageList_Write
0x4937bc ImageList_Read
0x4937cc ImageList_DragMove
0x4937d0 ImageList_DragLeave
0x4937d4 ImageList_DragEnter
0x4937d8 ImageList_EndDrag
0x4937dc ImageList_BeginDrag
0x4937e0 ImageList_Remove
0x4937e4 ImageList_DrawEx
0x4937e8 ImageList_Replace
0x4937ec ImageList_Draw
0x4937fc ImageList_Add
0x493804 ImageList_Destroy
0x493808 ImageList_Create
0x49380c InitCommonControls
Library comdlg32.dll:
0x493814 GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60088 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.