8.2
高危
61 个模型检测该样本为恶意!
重新分析
更多

835ed490cab71e191709d0290cdb462213bb6a968b50010fdd05ec5c5b106380

db500e82b23ef511817f01c127b0d03b.exe

分析耗时

96s

最近分析

文件大小

2.3MB
静态报毒 动态报毒 0VYAM4Z4JYK A + MAL AAAW AI SCORE=89 BANKERX BSCOPE CLASSIC CONFIDENCE ELDORADO EMOTET ENCPK GENCIRC GENETIC HACKTOOL HBR@8QRQPO HCSH HDMT HIGH CONFIDENCE HITBQW INJECT3 KRAP KRYPTIK LKMC MALICIOUS PE PINKSBOT QAKBOT QBOT R333050 RANAPAMA RS0@AACY SCORE STATIC AI SUSGEN TROJANBANKER UNSAFE URSNIF WACATAC ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee W32/PinkSbot-GN!DB500E82B23E 20201229 6.0.6.653
Alibaba TrojanBanker:Win32/Emotet.8d821527 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:BankerX-gen [Trj] 20201229 21.1.5827.0
Tencent Malware.Win32.Gencirc.10b9cc3a 20201229 1.0.0.1
Kingsoft 20201229 2017.9.26.565
静态指标
Queries for the computername (5 个事件)
Time & API Arguments Status Return Repeated
1619948410.989436
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619948417.286436
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619948417.380436
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619955094.356625
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619955107.950375
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Command line console output was observed (1 个事件)
Time & API Arguments Status Return Repeated
1619955108.747375
WriteConsoleW
buffer: 成功: 成功创建计划任务 "yreovrf"。
console_handle: 0x00000007
success 1 0
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619955095.013625
__exception__
stacktrace: 
db500e82b23ef511817f01c127b0d03b+0x3daa @ 0x403daa
db500e82b23ef511817f01c127b0d03b+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 7741856
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: db500e82b23ef511817f01c127b0d03b+0x33cc
exception.instruction: in eax, dx
exception.module: db500e82b23ef511817f01c127b0d03b.exe
exception.exception_code: 0xc0000096
exception.offset: 13260
exception.address: 0x4033cc
success 0 0
1619955095.013625
__exception__
stacktrace: 
db500e82b23ef511817f01c127b0d03b+0x3db3 @ 0x403db3
db500e82b23ef511817f01c127b0d03b+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637628
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 7741856
registers.ecx: 20
exception.instruction_r: ed 89 45 e4 5a 59 5b 58 83 4d fc ff eb 11 33 c0
exception.symbol: db500e82b23ef511817f01c127b0d03b+0x3465
exception.instruction: in eax, dx
exception.module: db500e82b23ef511817f01c127b0d03b.exe
exception.exception_code: 0xc0000096
exception.offset: 13413
exception.address: 0x403465
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (7 个事件)
Time & API Arguments Status Return Repeated
1619948410.708436
NtAllocateVirtualMemory
process_identifier: 2988
region_size: 233472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003a0000
success 0 0
1619948410.723436
NtAllocateVirtualMemory
process_identifier: 2988
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00650000
success 0 0
1619948410.723436
NtProtectVirtualMemory
process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 245760
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619955094.310625
NtAllocateVirtualMemory
process_identifier: 784
region_size: 233472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003a0000
success 0 0
1619955094.325625
NtAllocateVirtualMemory
process_identifier: 784
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00650000
success 0 0
1619955094.325625
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 245760
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619954737.064519
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000004120000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\naznovu.lnk
Creates a shortcut to an executable file (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\naznovu.lnk
Creates a suspicious process (1 个事件)
cmdline "C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn yreovrf /tr "\"C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\db500e82b23ef511817f01c127b0d03b.exe\" /I yreovrf" /SC ONCE /Z /ST 18:33 /ET 18:45
A process created a hidden window (2 个事件)
Time & API Arguments Status Return Repeated
1619948411.864436
CreateProcessInternalW
thread_identifier: 2240
thread_handle: 0x00000144
process_identifier: 784
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\db500e82b23ef511817f01c127b0d03b.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000148
inherit_handles: 0
success 1 0
1619948425.302436
CreateProcessInternalW
thread_identifier: 2440
thread_handle: 0x0000014c
process_identifier: 2984
current_directory:
filepath:
track: 1
command_line: "C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn yreovrf /tr "\"C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\db500e82b23ef511817f01c127b0d03b.exe\" /I yreovrf" /SC ONCE /Z /ST 18:33 /ET 18:45
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x000001f4
inherit_handles: 0
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.403007775940017 section {'size_of_data': '0x00015c00', 'virtual_address': '0x00233000', 'entropy': 7.403007775940017, 'name': '.rsrc', 'virtual_size': '0x00015a44'} description A section with a high entropy has been found
Uses Windows utilities for basic Windows functionality (1 个事件)
cmdline "C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn yreovrf /tr "\"C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\db500e82b23ef511817f01c127b0d03b.exe\" /I yreovrf" /SC ONCE /Z /ST 18:33 /ET 18:45
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Installs itself for autorun at Windows startup (2 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\naznovu.lnk
cmdline "C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn yreovrf /tr "\"C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\db500e82b23ef511817f01c127b0d03b.exe\" /I yreovrf" /SC ONCE /Z /ST 18:33 /ET 18:45
Uses Sysinternals tools in order to add additional command line functionality (1 个事件)
cmdline "C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn yreovrf /tr "\"C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\db500e82b23ef511817f01c127b0d03b.exe\" /I yreovrf" /SC ONCE /Z /ST 18:33 /ET 18:45
Detects VMWare through the in instruction feature (1 个事件)
Time & API Arguments Status Return Repeated
1619955095.013625
__exception__
stacktrace: 
db500e82b23ef511817f01c127b0d03b+0x3daa @ 0x403daa
db500e82b23ef511817f01c127b0d03b+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 7741856
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: db500e82b23ef511817f01c127b0d03b+0x33cc
exception.instruction: in eax, dx
exception.module: db500e82b23ef511817f01c127b0d03b.exe
exception.exception_code: 0xc0000096
exception.offset: 13260
exception.address: 0x4033cc
success 0 0
Generates some ICMP traffic
File has been identified by 61 AntiVirus engines on VirusTotal as malicious (50 out of 61 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Ranapama.AKC
FireEye Generic.mg.db500e82b23ef511
CAT-QuickHeal Trojan.Qbot
McAfee W32/PinkSbot-GN!DB500E82B23E
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 005652be1 )
Alibaba TrojanBanker:Win32/Emotet.8d821527
K7GW Trojan ( 005649351 )
CrowdStrike win/malicious_confidence_90% (W)
Arcabit Trojan.Ranapama.AKC
Cyren W32/Ursnif.CV.gen!Eldorado
Symantec Packed.Generic.459
APEX Malicious
Avast Win32:BankerX-gen [Trj]
ClamAV Win.Dropper.Qakbot-7665705-0
Kaspersky HEUR:Trojan-Banker.Win32.Qbot.vho
BitDefender Trojan.Ranapama.AKC
NANO-Antivirus Trojan.Win32.Inject3.hitbqw
Paloalto generic.ml
ViRobot Trojan.Win32.Z.Qbot.2384896.A
Tencent Malware.Win32.Gencirc.10b9cc3a
Ad-Aware Trojan.Ranapama.AKC
Sophos ML/PE-A + Mal/EncPk-APV
Comodo TrojWare.Win32.Kryptik.HBR@8qrqpo
F-Secure Trojan.TR/AD.Qbot.aaaw
DrWeb Trojan.Inject3.38597
VIPRE Trojan.Win32.Generic!BT
TrendMicro Backdoor.Win32.QAKBOT.SME
McAfee-GW-Edition BehavesLike.Win32.PinkSbot.vz
Emsisoft Trojan.Crypt (A)
Ikarus Trojan-Banker.QakBot
Jiangmin Trojan.Banker.Qbot.nk
Avira TR/AD.Qbot.aaaw
MAX malware (ai score=89)
Antiy-AVL Trojan/Win32.Wacatac
Gridinsoft Trojan.Win32.Kryptik.ba!s3
Microsoft Trojan:Win32/Qakbot.CK!MTB
AegisLab Hacktool.Win32.Krap.lKMc
ZoneAlarm HEUR:Trojan-Banker.Win32.Qbot.vho
GData Trojan.Ranapama.AKC
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.RL_Generic.R333050
Acronis suspicious
BitDefenderTheta Gen:NN.ZexaF.34700.rs0@aaCY!Ymi
ALYac Trojan.Ranapama.AKC
TACHYON Backdoor/W32.Qbot.2384896
VBA32 BScope.TrojanBanker.Qbot
Malwarebytes Trojan.Qbot
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-04-14 22:06:24

Imports

Library KERNEL32.dll:
0x62ef00 VirtualAlloc
0x62ef04 GetModuleHandleW
0x62ef08 FlushFileBuffers
0x62ef10 GetSystemInfo
0x62ef14 LocalFree
0x62ef18 GetCurrentProcess
0x62ef1c lstrcpyW
0x62ef24 LocalReAlloc
0x62ef28 LocalAlloc
0x62ef2c lstrlenW
0x62ef30 FindNextFileW
0x62ef34 CompareStringW
0x62ef38 FindClose
0x62ef3c lstrcmpiW
0x62ef40 GetLastError
0x62ef44 FindFirstFileW
0x62ef48 SetLastError
0x62ef54 ExitThread
0x62ef5c SetEvent
0x62ef64 Sleep
0x62ef70 CloseHandle
0x62ef74 CreateEventW
0x62ef7c ResumeThread
0x62ef80 SetThreadPriority
0x62ef84 CreateThread
0x62ef88 WaitForSingleObject
0x62ef94 OpenEventW
0x62ef9c GetTickCount
0x62efa0 GetCurrentThreadId
0x62efa4 GetCurrentProcessId
0x62efac TerminateProcess
0x62efb8 GetStartupInfoA
0x62efbc GetCommandLineA
0x62efc0 GetVersionExA
0x62efc4 ExitProcess
0x62efc8 GetProcAddress
0x62efcc GetModuleHandleA
0x62efd0 WriteFile
0x62efd4 GetStdHandle
0x62efd8 GetModuleFileNameA
0x62efe0 VirtualProtect
0x62efe8 WideCharToMultiByte
0x62eff0 SetHandleCount
0x62eff4 GetFileType
0x62eff8 HeapDestroy
0x62effc HeapCreate
0x62f000 VirtualFree
0x62f004 HeapFree
0x62f008 LoadLibraryA
0x62f00c GetACP
0x62f010 GetOEMCP
0x62f014 GetCPInfo
0x62f018 HeapAlloc
0x62f01c HeapReAlloc
0x62f020 RtlUnwind
0x62f024 InterlockedExchange
0x62f028 VirtualQuery
0x62f02c SetFilePointer
0x62f030 MultiByteToWideChar
0x62f034 LCMapStringA
0x62f038 LCMapStringW
0x62f03c GetStringTypeA
0x62f040 GetStringTypeW
0x62f044 SetStdHandle
0x62f048 GetLocaleInfoA
0x62f04c lstrcmp
0x62f054 RemoveDirectoryW
0x62f058 ReadFileEx
0x62f05c EscapeCommFunction
0x62f060 GetComputerNameW
0x62f064 GlobalUnfix
0x62f068 lstrcatA
0x62f06c LocalHandle
0x62f070 InitAtomTable
0x62f074 OpenFile
0x62f078 GetThreadLocale
0x62f07c GlobalAlloc
0x62f080 _lclose
0x62f084 CreateProcessA
0x62f088 GetExitCodeProcess
0x62f08c CallNamedPipeA
0x62f090 CreateMutexW
0x62f094 CopyFileExW
0x62f098 GetFileSizeEx
0x62f09c UnregisterWaitEx
0x62f0a0 GetStringTypeExA
0x62f0a4 GetConsoleFontSize
0x62f0a8 ReplaceFileA
0x62f0ac LocalCompact
0x62f0b4 EnumResourceTypesA
0x62f0c0 BuildCommDCBA
0x62f0c4 EnumCalendarInfoExW
0x62f0c8 ReadConsoleW
0x62f0cc RaiseException
0x62f0d0 IsBadReadPtr
0x62f0d4 lstrlenA
0x62f0d8 lstrcpyA
0x62f0dc MulDiv
0x62f0e0 OutputDebugStringA
0x62f0e4 lstrcmpiA
0x62f0e8 GlobalSize
0x62f0ec GlobalReAlloc
0x62f0f0 GlobalLock
0x62f0f4 GetLocalTime
0x62f0f8 MoveFileA
0x62f0fc SetErrorMode
0x62f100 GetSystemTime
0x62f108 WinExec
0x62f110 GetSystemDirectoryA
0x62f114 LockResource
0x62f118 SizeofResource
0x62f11c LoadResource
0x62f120 FreeResource
0x62f124 FindResourceA
0x62f128 _lread
0x62f12c SetEndOfFile
0x62f130 _lwrite
0x62f134 _llseek
0x62f13c GlobalFlags
0x62f140 FatalAppExitA
0x62f148 LocalLock
0x62f14c GlobalUnlock
0x62f150 LocalUnlock
0x62f154 GetVersion
0x62f158 FreeLibrary
0x62f15c GlobalHandle
0x62f160 GetProfileStringA
0x62f164 lstrcmpA
0x62f168 IsDBCSLeadByte
0x62f16c GlobalFree
0x62f170 ReadFile
0x62f174 CreateFileA
0x62f178 CompareStringA
Library USER32.dll:
0x62f180 LoadIconA
0x62f184 CharLowerA
0x62f188 CharNextA
0x62f18c LoadCursorFromFileW
0x62f190 GetParent
0x62f194 ReleaseCapture
0x62f198 GetKeyboardLayout
0x62f19c GetDC
0x62f1a4 EndMenu
0x62f1a8 GetMessageTime
0x62f1ac OpenIcon
0x62f1b0 WindowFromDC
0x62f1b4 CloseDesktop
0x62f1b8 CharUpperW
0x62f1bc IsWindowVisible
0x62f1c0 IsCharLowerW
0x62f1c4 IsMenu
0x62f1cc IsCharUpperA
0x62f1d0 GetCapture
0x62f1d8 SetMenuItemInfoA
0x62f1dc GetScrollPos
0x62f1e0 SetForegroundWindow
0x62f1e4 SetFocus
0x62f1ec SetWindowTextA
0x62f1f4 IsWindowEnabled
0x62f1f8 UnhookWinEvent
0x62f1fc TileChildWindows
0x62f200 GetClassInfoExA
0x62f204 IsDialogMessageW
0x62f208 SetClipboardData
0x62f20c PostMessageA
0x62f210 DrawCaption
0x62f218 IMPQueryIMEW
0x62f21c SetMenu
0x62f220 GetPropA
0x62f224 SetCapture
0x62f228 GetShellWindow
0x62f22c MapVirtualKeyA
0x62f230 FindWindowExA
0x62f234 IsWindowUnicode
0x62f238 WinHelpA
0x62f244 DefDlgProcA
0x62f248 DefFrameProcW
0x62f24c DragObject
0x62f250 GetClientRect
0x62f254 GetDlgCtrlID
0x62f258 DdeAccessData
0x62f25c SetWindowWord
0x62f260 MapVirtualKeyExA
0x62f264 RegisterHotKey
0x62f268 RegisterClassA
0x62f26c ToUnicodeEx
0x62f270 TrackPopupMenuEx
0x62f274 LoadAcceleratorsA
0x62f27c InvalidateRect
0x62f280 SendDlgItemMessageA
0x62f284 GetDialogBaseUnits
0x62f288 IsDlgButtonChecked
0x62f28c CheckDlgButton
0x62f290 GetNextDlgTabItem
0x62f294 SetScrollRange
0x62f298 SetDlgItemTextA
0x62f29c GetDlgItemTextA
0x62f2a0 MapWindowPoints
0x62f2a4 CheckRadioButton
0x62f2a8 GetDoubleClickTime
0x62f2ac RegisterClassW
0x62f2b0 GetWindowTextA
0x62f2b4 InvalidateRgn
0x62f2b8 ScrollDC
0x62f2bc IsZoomed
0x62f2c0 AppendMenuA
0x62f2c4 GetSystemMenu
0x62f2c8 GetClassLongA
0x62f2cc GetClassLongW
0x62f2d0 DispatchMessageA
0x62f2d4 DispatchMessageW
0x62f2d8 GetMessageW
0x62f2dc GetMessageA
0x62f2e0 DefWindowProcW
0x62f2e4 VkKeyScanA
0x62f2e8 LoadKeyboardLayoutA
0x62f2f4 InvertRect
0x62f300 CloseClipboard
0x62f304 EmptyClipboard
0x62f308 OpenClipboard
0x62f30c GetClipboardData
0x62f310 HiliteMenuItem
0x62f314 GetMenuState
0x62f318 GetMenuItemID
0x62f31c DeleteMenu
0x62f320 DrawMenuBar
0x62f324 EqualRect
0x62f328 UnionRect
0x62f32c GetDesktopWindow
0x62f330 GetMessagePos
0x62f334 SetParent
0x62f338 GetClassInfoA
0x62f33c SetWindowPos
0x62f340 MessageBoxA
0x62f344 DialogBoxParamA
0x62f348 BringWindowToTop
0x62f34c OffsetRect
0x62f350 GetCaretBlinkTime
0x62f354 SetTimer
0x62f358 MessageBeep
0x62f35c CreateDialogParamA
0x62f360 SendMessageA
0x62f364 GetAsyncKeyState
0x62f368 EnableWindow
0x62f36c GetScrollRange
0x62f370 SetScrollPos
0x62f374 SetCursor
0x62f378 PtInRect
0x62f37c ShowCursor
0x62f380 GetMenuItemCount
0x62f384 LoadStringA
0x62f388 UpdateWindow
0x62f38c GetMenu
0x62f390 FindWindowA
0x62f394 GetKeyState
0x62f398 PeekMessageA
0x62f39c KillTimer
0x62f3a0 DefWindowProcA
0x62f3a4 LoadCursorA
0x62f3a8 IsDialogMessageA
0x62f3ac GetFocus
0x62f3b0 BeginPaint
0x62f3b4 EndPaint
0x62f3b8 ScreenToClient
0x62f3bc SetRect
0x62f3c0 FillRect
0x62f3c4 IntersectRect
0x62f3c8 CopyRect
0x62f3cc SetWindowLongA
0x62f3d0 MoveWindow
0x62f3d4 DestroyWindow
0x62f3d8 CheckMenuItem
0x62f3dc SetRectEmpty
0x62f3e0 RemoveMenu
0x62f3e4 GetSubMenu
0x62f3e8 CreateMenu
0x62f3ec EnableMenuItem
0x62f3f0 GetMenuStringA
0x62f3f4 ModifyMenuA
0x62f3f8 InsertMenuA
0x62f3fc TranslateMessage
0x62f400 PostQuitMessage
0x62f404 CreateWindowExA
0x62f408 LoadMenuA
0x62f40c IsIconic
0x62f410 GetWindowLongA
0x62f414 ClientToScreen
0x62f418 GetWindowRect
0x62f41c GetClassNameA
0x62f420 DestroyMenu
0x62f424 IsRectEmpty
0x62f428 IsWindow
0x62f42c ShowWindow
0x62f430 LoadBitmapA
0x62f434 GetSysColor
0x62f438 GetDlgItem
0x62f43c DrawTextA
0x62f440 wsprintfA
0x62f444 GetSystemMetrics
0x62f448 GetWindowDC
0x62f44c ReleaseDC
0x62f450 EndDialog
0x62f454 InflateRect
0x62f458 GetCursorPos
0x62f45c GetActiveWindow
0x62f468 wsprintfW
0x62f470 EnumWindows
0x62f474 GetClassNameW
0x62f478 SetActiveWindow
0x62f47c CheckMenuRadioItem
0x62f480 GetWindowPlacement
0x62f484 MonitorFromRect
0x62f488 EnumThreadWindows
0x62f48c UnregisterClassA
0x62f490 SetMenuItemInfoW
0x62f494 GetMenuItemInfoW
0x62f498 IsChild
0x62f49c AdjustWindowRect
0x62f4a0 UnhookWindowsHookEx
0x62f4a4 SetWindowsHookExW
0x62f4a8 CallNextHookEx
0x62f4ac GetComboBoxInfo
0x62f4b0 EndDeferWindowPos
0x62f4b4 DeferWindowPos
0x62f4b8 BeginDeferWindowPos
0x62f4bc DrawEdge
0x62f4c0 DrawTextW
0x62f4c4 LoadAcceleratorsW
0x62f4cc MapDialogRect
0x62f4d0 CharLowerW
0x62f4d4 DialogBoxParamW
0x62f4d8 SetWindowLongW
0x62f4e0 PostMessageW
0x62f4e4 GetWindowLongW
0x62f4e8 CallWindowProcW
0x62f4ec CreateWindowExW
0x62f4f0 RegisterClassExW
0x62f4f4 GetClassInfoExW
0x62f4f8 LoadCursorW
0x62f4fc TrackPopupMenu
0x62f500 DrawIconEx
0x62f504 DestroyIcon
0x62f508 LoadImageW
0x62f50c GetScrollInfo
0x62f510 CreateDialogParamW
0x62f514 LoadIconW
0x62f518 MessageBoxW
0x62f51c SetWindowTextW
0x62f520 EnumChildWindows
0x62f524 UnregisterHotKey
0x62f528 SetDlgItemTextW
0x62f52c SendDlgItemMessageW
0x62f530 MapVirtualKeyW
0x62f534 CreatePopupMenu
0x62f538 AppendMenuW
0x62f53c MonitorFromPoint
0x62f540 GetMonitorInfoW
0x62f544 AdjustWindowRectEx
0x62f548 GetWindowTextW
0x62f54c WindowFromPoint
0x62f560 UnregisterClassW
0x62f564 PeekMessageW
0x62f568 RedrawWindow
0x62f56c IsCharAlphaW
0x62f570 SendMessageW
Library GDI32.dll:
0x62f578 GetStockObject
0x62f57c GetFontLanguageInfo
0x62f584 AbortDoc
0x62f588 GdiGetBatchLimit
0x62f58c EndPage
0x62f590 SaveDC
0x62f594 GetTextAlign
0x62f598 AddFontResourceW
0x62f59c AddFontResourceA
0x62f5a0 GetBkMode
0x62f5a4 GdiAddFontResourceW
0x62f5a8 GetGlyphOutline
0x62f5ac AngleArc
0x62f5b4 CreateMetaFileW
0x62f5b8 SetColorSpace
0x62f5bc GetWorldTransform
0x62f5c8 EngStretchBlt
0x62f5cc RoundRect
0x62f5d0 CreateEnhMetaFileA
0x62f5d4 SwapBuffers
0x62f5d8 GetMetaFileA
0x62f5dc GetCharWidthFloatA
0x62f5e0 SelectPalette
0x62f5e4 GdiConvertBitmapV5
0x62f5e8 CreateBrushIndirect
0x62f5ec GetTextExtentPointI
0x62f5f0 GetSystemPaletteUse
0x62f5f4 CombineTransform
0x62f5f8 SetMetaFileBitsEx
0x62f5fc SetSystemPaletteUse
0x62f604 CreateFontIndirectA
0x62f608 LineTo
0x62f60c SetBkMode
0x62f610 CreatePen
0x62f614 MoveToEx
0x62f618 BitBlt
0x62f61c DeleteMetaFile
0x62f620 GetObjectA
0x62f624 GetDeviceCaps
0x62f628 SetBkColor
0x62f62c CopyMetaFileA
0x62f630 PatBlt
0x62f634 CreatePatternBrush
0x62f638 SetTextColor
0x62f63c PtVisible
0x62f640 GetTextFaceA
0x62f644 CreateBitmap
0x62f648 ExtTextOutA
0x62f64c SetMapMode
0x62f650 CreateFontA
0x62f654 GetCharWidthA
0x62f658 GetCharWidth32A
0x62f65c GetMapMode
0x62f660 GetCharWidth32W
0x62f664 GetBitmapBits
0x62f668 GetCharWidthW
0x62f66c TextOutW
0x62f670 SetTextAlign
0x62f674 TextOutA
0x62f678 Escape
0x62f67c CreateICA
0x62f680 GetTextMetricsA
0x62f684 EnumFontFamiliesExA
0x62f688 CreateSolidBrush
0x62f68c EnumFontsA
0x62f690 SelectClipRgn
0x62f694 SetRectRgn
0x62f698 CreateRectRgn
0x62f69c GetClipBox
0x62f6a0 RectVisible
0x62f6a8 Ellipse
0x62f6ac Polygon
0x62f6b0 SetROP2
0x62f6b4 SetMapperFlags
0x62f6b8 ExtTextOutW
0x62f6bc Arc
0x62f6c0 SetWindowExtEx
0x62f6c4 SetWindowOrgEx
0x62f6cc CloseMetaFile
0x62f6d0 RestoreDC
0x62f6d4 CreateMetaFileA
0x62f6d8 StretchBlt
0x62f6dc EnumMetaFile
0x62f6e0 PlayMetaFile
0x62f6e4 SetViewportExtEx
0x62f6e8 SetStretchBltMode
0x62f6ec FillRgn
0x62f6f0 CombineRgn
0x62f6f4 GetMetaFileBitsEx
0x62f6f8 Rectangle
0x62f6fc DeleteDC
0x62f700 CreateCompatibleDC
0x62f704 DeleteObject
0x62f708 SelectObject
Library ADVAPI32.dll:
0x62f710 RegOpenKeyA
0x62f714 RegQueryValueExA
0x62f718 GetAce
0x62f720 RegOpenKeyExW
0x62f724 RegCloseKey
0x62f728 RegQueryValueExW
0x62f72c SetSecurityInfo
0x62f730 GetSecurityInfo
0x62f734 RegEnumKeyExA
0x62f738 RegEnumValueA
0x62f73c RegOpenKeyExA
0x62f740 RegCreateKeyExA
0x62f744 RegQueryInfoKeyA
0x62f748 RegSetValueExA
0x62f74c RegDeleteKeyA
Library SHELL32.dll:
0x62f758 SHGetSettings
0x62f75c ShellHookProc
0x62f768 SHEmptyRecycleBinW
0x62f76c DuplicateIcon
0x62f774 ShellExecuteA
0x62f778 SHGetMalloc
0x62f780 DragFinish
0x62f790 SHFileOperationW
0x62f79c Shell_NotifyIcon
0x62f7a0 DragQueryFileW
0x62f7a4 SHBrowseForFolderW
0x62f7a8 DragQueryFileA
0x62f7b0 SHGetPathFromIDList
0x62f7b8 SHBrowseForFolderA
0x62f7c0 SHEmptyRecycleBinA
0x62f7c4 SHGetDesktopFolder
0x62f7c8 SHQueryRecycleBinW
0x62f7cc SHGetFileInfoW
0x62f7d0 DragAcceptFiles
Library ole32.dll:
0x62f7e8 CoDisconnectObject
0x62f7f0 OleUninitialize
0x62f7f8 CoRevokeClassObject
0x62f800 OleInitialize
0x62f808 OleRegEnumFormatEtc
0x62f80c ReleaseStgMedium
0x62f810 WriteFmtUserTypeStg
0x62f824 CoGetMalloc
0x62f828 OleDuplicateData
0x62f82c OleGetClipboard
0x62f830 WriteClassStg
0x62f834 OleFlushClipboard
0x62f838 OleSetClipboard
Library SHLWAPI.dll:
0x62f840 StrStrA
0x62f844 StrStrW
0x62f848 StrRChrIW
0x62f84c StrRStrIA
0x62f850 StrRStrIW
0x62f854 StrChrW
0x62f858 StrRChrA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.