5.2
中危
62 个模型检测该样本为恶意!
重新分析
更多

f13afe8343381ec04ff08b231b0fd9ccd2a3e11264fb651d5ae43945cc1dcc8d

db8916ad4b0bd08a4acb74641e7baede.exe

分析耗时

30s

最近分析

文件大小

2.2MB
静态报毒 动态报毒 100% AI SCORE=81 BANKERX BSCOPE CLASSIC CMNQB COBRA CONFIDENCE EKVT ELDORADO EMOTET ENCPK FAMVT GENCIRC GENERICKDZ GENETIC GENKRYPTIK HBR@8QRQPO HCWQ HIGH CONFIDENCE HJBTJC INJECT3 KCLOUD KRYPTIK L0VMUIXIKOQ MALICIOUS PE MS0@AM9P0TEI PINKSBOT QAKBOT QBOT R + MAL R338387 SCORE SODINOTP STATIC AI SUSGEN TROJANBANKER UNSAFE ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanBanker:Win32/Qakbot.8e5fe94c 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:BankerX-gen [Trj] 20201229 21.1.5827.0
Tencent Malware.Win32.Gencirc.10b9cdfd 20201229 1.0.0.1
Kingsoft Win32.Troj.Banker.(kcloud) 20201229 2017.9.26.565
McAfee W32/PinkSbot-GN!DB8916AD4B0B 20201229 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619948415.20556
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619948422.39256
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619964788.150626
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Command line console output was observed (28 个事件)
Time & API Arguments Status Return Repeated
1619964795.634874
WriteConsoleA
buffer: ÕýÔÚ Ping 127.0.0.1
console_handle: 0x00000007
success 1 0
1619964795.650874
WriteConsoleA
buffer: ¾ßÓÐ 32 ×Ö½ÚµÄÊý¾Ý:
console_handle: 0x00000007
success 1 0
1619964795.665874
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619964795.665874
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619964795.665874
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619964795.665874
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619964796.681874
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619964796.712874
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619964796.712874
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619964796.712874
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619964797.712874
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619964797.712874
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619964797.712874
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619964797.712874
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619964798.712874
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619964798.712874
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619964798.712874
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619964798.712874
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619964799.712874
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619964799.712874
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619964799.712874
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619964799.712874
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619964800.712874
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619964800.712874
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619964800.712874
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619964800.712874
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619964800.728874
WriteConsoleA
buffer: 127.0.0.1 µÄ Ping ͳ¼ÆÐÅÏ¢: Êý¾Ý°ü: ÒÑ·¢ËÍ = 6£¬ÒѽÓÊÕ = 6£¬¶ªÊ§ = 0 (0% ¶ªÊ§)£¬
console_handle: 0x00000007
success 1 0
1619964800.744874
WriteConsoleA
buffer: Íù·µÐг̵ĹÀ¼Æʱ¼ä(ÒÔºÁÃëΪµ¥Î»): ×î¶Ì = 0ms£¬× = 0ms£¬Æ½¾ù = 0ms
console_handle: 0x00000007
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619964795.572874
GlobalMemoryStatusEx
success 1 0
One or more processes crashed (3 个事件)
Time & API Arguments Status Return Repeated
1619948422.39256
__exception__
stacktrace: 
db8916ad4b0bd08a4acb74641e7baede+0x8ec9 @ 0x408ec9
db8916ad4b0bd08a4acb74641e7baede+0x17cc @ 0x4017cc
db8916ad4b0bd08a4acb74641e7baede+0x1c66 @ 0x401c66
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634776
registers.edi: 0
registers.eax: 6619136
registers.ebp: 1635384
registers.edx: 2
registers.ebx: 1
registers.esi: 4269856
registers.ecx: 100
exception.instruction_r: ff 30 e8 97 03 00 00 83 c4 14 85 c0 75 38 8d 85
exception.symbol: db8916ad4b0bd08a4acb74641e7baede+0x844a
exception.instruction: push dword ptr [eax]
exception.module: db8916ad4b0bd08a4acb74641e7baede.exe
exception.exception_code: 0xc0000005
exception.offset: 33866
exception.address: 0x40844a
success 0 0
1619964788.947626
__exception__
stacktrace: 
db8916ad4b0bd08a4acb74641e7baede+0x3daa @ 0x403daa
db8916ad4b0bd08a4acb74641e7baede+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 10765672
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: db8916ad4b0bd08a4acb74641e7baede+0x33cc
exception.instruction: in eax, dx
exception.module: db8916ad4b0bd08a4acb74641e7baede.exe
exception.exception_code: 0xc0000096
exception.offset: 13260
exception.address: 0x4033cc
success 0 0
1619964788.947626
__exception__
stacktrace: 
db8916ad4b0bd08a4acb74641e7baede+0x3db3 @ 0x403db3
db8916ad4b0bd08a4acb74641e7baede+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637628
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 10765672
registers.ecx: 20
exception.instruction_r: ed 89 45 e4 5a 59 5b 58 83 4d fc ff eb 11 33 c0
exception.symbol: db8916ad4b0bd08a4acb74641e7baede+0x3465
exception.instruction: in eax, dx
exception.module: db8916ad4b0bd08a4acb74641e7baede.exe
exception.exception_code: 0xc0000096
exception.offset: 13413
exception.address: 0x403465
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1619948415.00256
NtAllocateVirtualMemory
process_identifier: 2240
region_size: 233472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x007d0000
success 0 0
1619948415.01756
NtAllocateVirtualMemory
process_identifier: 2240
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00a30000
success 0 0
1619948415.01756
NtProtectVirtualMemory
process_identifier: 2240
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 245760
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619964788.103626
NtAllocateVirtualMemory
process_identifier: 2340
region_size: 233472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00900000
success 0 0
1619964788.103626
NtAllocateVirtualMemory
process_identifier: 2340
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00980000
success 0 0
1619964788.103626
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 245760
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\db8916ad4b0bd08a4acb74641e7baede.exe
Creates a suspicious process (2 个事件)
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\db8916ad4b0bd08a4acb74641e7baede.exe"
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\db8916ad4b0bd08a4acb74641e7baede.exe"
A process created a hidden window (2 个事件)
Time & API Arguments Status Return Repeated
1619948416.03356
CreateProcessInternalW
thread_identifier: 2244
thread_handle: 0x0000014c
process_identifier: 2340
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\db8916ad4b0bd08a4acb74641e7baede.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000150
inherit_handles: 0
success 1 0
1619948422.97156
ShellExecuteExW
parameters: /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\db8916ad4b0bd08a4acb74641e7baede.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
Uses Windows utilities for basic Windows functionality (3 个事件)
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\db8916ad4b0bd08a4acb74641e7baede.exe"
cmdline ping.exe -n 6 127.0.0.1
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\db8916ad4b0bd08a4acb74641e7baede.exe"
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Detects VMWare through the in instruction feature (1 个事件)
Time & API Arguments Status Return Repeated
1619964788.947626
__exception__
stacktrace: 
db8916ad4b0bd08a4acb74641e7baede+0x3daa @ 0x403daa
db8916ad4b0bd08a4acb74641e7baede+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 10765672
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: db8916ad4b0bd08a4acb74641e7baede+0x33cc
exception.instruction: in eax, dx
exception.module: db8916ad4b0bd08a4acb74641e7baede.exe
exception.exception_code: 0xc0000096
exception.offset: 13260
exception.address: 0x4033cc
success 0 0
File has been identified by 62 AntiVirus engines on VirusTotal as malicious (50 out of 62 个事件)
Bkav W32.FamVT.SodinoTP.Trojan
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.66600
CAT-QuickHeal Trojan.Qbot
Qihoo-360 Win32/Trojan.BO.8ad
ALYac Trojan.Agent.QakBot
Cylance Unsafe
VIPRE Trojan.Win32.Generic.pak!cobra
Sangfor Malware
K7AntiVirus Trojan ( 005652be1 )
Alibaba TrojanBanker:Win32/Qakbot.8e5fe94c
K7GW Trojan ( 0056515f1 )
Cybereason malicious.d4b0bd
Arcabit Trojan.Generic.D10428
Cyren W32/Emotet.AJY.gen!Eldorado
Symantec Packed.Generic.459
APEX Malicious
Avast Win32:BankerX-gen [Trj]
ClamAV Win.Dropper.Qakbot-7678965-0
Kaspersky Trojan-Banker.Win32.Qbot.smd
BitDefender Trojan.GenericKDZ.66600
NANO-Antivirus Trojan.Win32.Inject3.hjbtjc
Paloalto generic.ml
AegisLab Trojan.Win32.Qbot.7!c
Tencent Malware.Win32.Gencirc.10b9cdfd
Ad-Aware Trojan.GenericKDZ.66600
Sophos Mal/Generic-R + Mal/EncPk-APV
Comodo TrojWare.Win32.Kryptik.HBR@8qrqpo
F-Secure Trojan.TR/Kryptik.cmnqb
DrWeb Trojan.Inject3.38775
TrendMicro Backdoor.Win32.QAKBOT.SME
McAfee-GW-Edition W32/PinkSbot-GN!DB8916AD4B0B
FireEye Generic.mg.db8916ad4b0bd08a
Emsisoft Trojan.GenericKDZ.66600 (B)
SentinelOne Static AI - Malicious PE
Jiangmin Trojan.Banker.Qbot.nq
Avira TR/Kryptik.cmnqb
MAX malware (ai score=81)
Antiy-AVL Trojan[Banker]/Win32.Qbot
Kingsoft Win32.Troj.Banker.(kcloud)
Gridinsoft Trojan.Win32.Kryptik.ba!s3
Microsoft Trojan:Win32/Qakbot.CK!MTB
ZoneAlarm Trojan-Banker.Win32.Qbot.smd
GData Trojan.GenericKDZ.66600
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.QBot.R338387
Acronis suspicious
McAfee W32/PinkSbot-GN!DB8916AD4B0B
TACHYON Backdoor/W32.Qbot.2295808
VBA32 BScope.TrojanBanker.Qbot
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-04-17 19:36:17

Imports

Library KERNEL32.dll:
0x62f988 VirtualAlloc
0x62f98c GetModuleHandleW
0x62f990 GetFullPathNameW
0x62f994 GetFileAttributesW
0x62f998 GetVersionExA
0x62f99c VerifyVersionInfoW
0x62f9a8 RemoveDirectoryW
0x62f9ac WriteConsoleW
0x62f9b0 SetStdHandle
0x62f9b4 LCMapStringW
0x62f9b8 CompareStringW
0x62f9bc VirtualQuery
0x62f9d0 GetStringTypeW
0x62f9d4 GetCPInfo
0x62f9d8 GetOEMCP
0x62f9dc GetACP
0x62f9e0 IsValidCodePage
0x62f9e4 ReadConsoleW
0x62f9e8 GetConsoleMode
0x62f9ec GetConsoleCP
0x62f9f4 GetStartupInfoW
0x62f9f8 GetFileType
0x62f9fc GetStdHandle
0x62fa08 HeapReAlloc
0x62fa0c GetModuleHandleExW
0x62fa10 ExitProcess
0x62fa14 RtlUnwind
0x62fa18 AreFileApisANSI
0x62fa1c GetModuleFileNameW
0x62fa20 FindClose
0x62fa24 WriteFile
0x62fa28 GetFileSize
0x62fa2c SetLastError
0x62fa30 GetExitCodeProcess
0x62fa34 GetCurrentProcess
0x62fa38 OpenProcess
0x62fa3c LocalFree
0x62fa40 GlobalUnlock
0x62fa44 GlobalLock
0x62fa48 GlobalAlloc
0x62fa54 VerSetConditionMask
0x62fa58 FreeLibrary
0x62fa5c LoadLibraryA
0x62fa60 Sleep
0x62fa68 InterlockedExchange
0x62fa6c MoveFileExW
0x62fa70 CopyFileA
0x62fa74 CreateFileA
0x62fa78 GetTickCount
0x62fa7c GetLastError
0x62fa84 CreateProcessA
0x62fa88 GetModuleHandleA
0x62fa8c OpenEventA
0x62fa90 CloseHandle
0x62fa94 SetEvent
0x62fa98 SetErrorMode
0x62fa9c GetCurrentProcessId
0x62faa8 GetVersion
0x62faac GlobalFree
0x62fab0 GetDateFormatA
0x62fab4 GetTimeFormatA
0x62fabc GetLocalTime
0x62fac8 FindFirstFileExW
0x62facc GetProcAddress
0x62fad0 WideCharToMultiByte
0x62fad4 MultiByteToWideChar
0x62fad8 DeviceIoControl
0x62fae0 SetConsoleMode
0x62fae4 ReadConsoleInputA
0x62fae8 GetProcessHeaps
0x62faec DebugBreak
0x62faf0 HeapValidate
0x62faf4 HeapSize
0x62faf8 HeapFree
0x62fafc HeapAlloc
0x62fb08 OutputDebugStringA
0x62fb14 GetCurrentThreadId
0x62fb18 GlobalMemoryStatus
0x62fb24 GetSystemInfo
0x62fb34 OutputDebugStringW
0x62fb38 GetModuleFileNameA
0x62fb3c CreateEventA
0x62fb40 TlsFree
0x62fb44 TlsSetValue
0x62fb48 TlsGetValue
0x62fb4c TlsAlloc
0x62fb50 WaitForSingleObject
0x62fb5c ResumeThread
0x62fb60 SuspendThread
0x62fb64 GetExitCodeThread
0x62fb68 TerminateThread
0x62fb6c GetThreadPriority
0x62fb70 GetFullPathNameA
0x62fb74 PeekNamedPipe
0x62fb78 SetThreadPriority
0x62fb7c OpenThread
0x62fb84 GetCurrentThread
0x62fb88 LoadLibraryW
0x62fb8c LoadLibraryExA
0x62fb90 LoadLibraryExW
0x62fb98 GetFileSizeEx
0x62fb9c ReadFile
0x62fba0 FlushFileBuffers
0x62fba4 SetEndOfFile
0x62fba8 SetFilePointer
0x62fbac SetFilePointerEx
0x62fbb0 GetFileTime
0x62fbb4 SetFileTime
0x62fbb8 SleepEx
0x62fbbc GetDriveTypeW
0x62fbc0 GetDiskFreeSpaceA
0x62fbc4 GetDiskFreeSpaceExW
0x62fbc8 CreateDirectoryW
0x62fbcc CreateFileW
0x62fbd0 SetFileAttributesW
0x62fbd8 DeleteFileW
0x62fbdc FindFirstFileW
0x62fbe0 FindNextFileW
0x62fbe4 GetTimeFormatW
0x62fbe8 GetDateFormatW
0x62fbfc GetProcessHeap
0x62fc00 HeapLock
0x62fc04 HeapUnlock
0x62fc08 HeapWalk
0x62fc0c HeapSetInformation
0x62fc14 TerminateProcess
0x62fc18 GetCommandLineA
0x62fc1c IsDebuggerPresent
0x62fc20 RaiseException
0x62fc24 SwitchToThread
0x62fc28 CreateThread
0x62fc30 PeekConsoleInputA
0x62fc34 FindFirstFileExA
0x62fc3c SetComputerNameW
0x62fc40 CreateFiber
0x62fc44 SetTapePosition
0x62fc48 SetThreadContext
0x62fc64 ConnectNamedPipe
0x62fc68 GetSystemDirectoryW
0x62fc6c VirtualUnlock
0x62fc70 GetLocaleInfoA
0x62fc74 GetProfileSectionW
0x62fc78 BuildCommDCBA
0x62fc7c WaitNamedPipeW
0x62fc80 SetVolumeLabelA
0x62fc84 OpenWaitableTimerA
0x62fc88 GetTempFileNameA
0x62fc8c lstrcmp
0x62fc90 VirtualProtectEx
0x62fc94 GetNamedPipeInfo
0x62fc98 OpenFileMappingA
0x62fca0 FreeConsole
0x62fca8 FindResourceA
0x62fcac MapViewOfFileEx
0x62fcb0 CreateFileMappingA
0x62fcb4 DeleteFileA
0x62fcb8 SetFileAttributesA
0x62fcbc LocalAlloc
0x62fcc0 GetFileAttributesA
0x62fcc4 GetComputerNameA
0x62fcc8 GetSystemDirectoryA
0x62fccc LoadResource
0x62fcd0 UnmapViewOfFile
0x62fcd4 GetStringTypeA
0x62fcd8 VirtualProtect
0x62fce4 SetHandleCount
0x62fce8 GetStartupInfoA
0x62fcec HeapDestroy
0x62fcf0 HeapCreate
0x62fcf4 VirtualFree
0x62fcf8 LCMapStringA
Library USER32.dll:
0x62fd00 LoadIconA
0x62fd04 LoadCursorFromFileW
0x62fd08 GetAsyncKeyState
0x62fd0c GetForegroundWindow
0x62fd10 GetKeyboardLayout
0x62fd14 GetDC
0x62fd18 GetSystemMetrics
0x62fd1c GetDlgCtrlID
0x62fd20 GetListBoxInfo
0x62fd24 GetThreadDesktop
0x62fd28 ShowCaret
0x62fd2c DestroyWindow
0x62fd30 GetClipboardViewer
0x62fd34 GetTopWindow
0x62fd38 CharLowerA
0x62fd3c IsWindow
0x62fd40 GetFocus
0x62fd48 CreateMenu
0x62fd4c GetCapture
0x62fd50 GetKBCodePage
0x62fd54 wsprintfA
0x62fd58 SetDlgItemInt
0x62fd5c GetMessageA
0x62fd60 TranslateMessage
0x62fd64 DispatchMessageA
0x62fd68 PeekMessageA
0x62fd6c SendMessageA
0x62fd70 PostMessageA
0x62fd74 DefWindowProcA
0x62fd78 RegisterClassExA
0x62fd7c CreateWindowExA
0x62fd80 SetWindowPos
0x62fd84 SetDlgItemTextA
0x62fd88 OpenClipboard
0x62fd8c CloseClipboard
0x62fd90 SetClipboardData
0x62fd94 EmptyClipboard
0x62fda4 ShowWindow
0x62fda8 GetWindowRect
0x62fdac MessageBoxA
0x62fdb0 GetDesktopWindow
0x62fdb4 DialogBoxParamA
0x62fdb8 EndDialog
0x62fdbc GetDlgItemInt
0x62fdc0 GetDlgItem
0x62fdc4 ReleaseDC
0x62fdcc EnumWindows
0x62fdd0 IsWindowVisible
0x62fdd4 GetMonitorInfoA
0x62fdd8 MonitorFromWindow
0x62fddc LoadCursorA
0x62fde0 SetClassLongA
0x62fde4 SetWindowLongA
0x62fde8 GetWindowLongA
0x62fdec MessageBoxW
0x62fdf0 SetWindowTextW
0x62fdf4 RedrawWindow
0x62fdf8 EndPaint
0x62fdfc BeginPaint
0x62fe00 UpdateWindow
0x62fe04 KillTimer
0x62fe08 SetTimer
0x62fe10 MoveWindow
0x62fe14 SetWindowRgn
0x62fe18 ExitWindowsEx
0x62fe20 DdeEnableCallback
0x62fe24 FindWindowW
0x62fe28 LoadCursorW
0x62fe2c PostMessageW
0x62fe30 MessageBeep
0x62fe38 MonitorFromPoint
0x62fe3c CharPrevW
0x62fe40 GetMenuDefaultItem
0x62fe44 GetLastInputInfo
0x62fe48 MessageBoxExW
0x62fe50 GetGUIThreadInfo
0x62fe54 ClipCursor
0x62fe5c GetWindowDC
0x62fe60 LoadMenuIndirectW
0x62fe64 CharToOemW
0x62fe68 EnumDisplayDevicesA
0x62fe70 GetSysColorBrush
0x62fe74 LoadImageW
0x62fe78 CharLowerBuffW
0x62fe7c WINNLSGetIMEHotkey
0x62fe80 EqualRect
0x62fe84 MapVirtualKeyExA
0x62fe88 LoadStringA
Library GDI32.dll:
0x62fe90 GetStockObject
0x62fe94 CreateMetaFileA
0x62fe98 CreatePatternBrush
0x62fe9c GetPolyFillMode
0x62fea0 DeleteDC
0x62fea4 FillPath
0x62fea8 UnrealizeObject
0x62feac AddFontResourceA
0x62feb0 GetFontLanguageInfo
0x62feb4 TextOutW
0x62feb8 CreateDIBSection
0x62febc SetTextColor
0x62fec0 SetBkMode
0x62fec4 SetBkColor
0x62fec8 SelectObject
0x62fed8 DeleteObject
0x62fedc CreateICA
0x62fee0 CreateFontA
0x62fee4 CreateCompatibleDC
0x62fee8 SwapBuffers
0x62feec SetPixelFormat
0x62fef0 ChoosePixelFormat
0x62fef4 GdiValidateHandle
0x62fefc SetTextAlign
0x62ff00 GdiEntry11
0x62ff04 SetMiterLimit
0x62ff08 EngCreateBitmap
0x62ff0c OffsetRgn
0x62ff10 GdiReleaseLocalDC
0x62ff14 SetDIBColorTable
0x62ff1c GetClipBox
0x62ff20 GetCharWidthInfo
0x62ff28 EngDeletePalette
0x62ff2c GdiPlayScript
0x62ff30 GdiGetLocalFont
0x62ff34 EngAlphaBlend
0x62ff38 PolylineTo
0x62ff40 FixBrushOrgEx
0x62ff48 GdiSetBatchLimit
0x62ff4c SetColorSpace
0x62ff54 SetDeviceGammaRamp
0x62ff5c CopyMetaFileW
0x62ff60 Rectangle
0x62ff64 GetTextCharset
0x62ff70 GetCharABCWidthsA
0x62ff74 GdiEntry13
0x62ff78 GetGlyphOutline
0x62ff7c GdiEntry12
0x62ff80 GdiIsMetaFileDC
0x62ff84 GdiTransparentBlt
0x62ff88 GetObjectA
Library ADVAPI32.dll:
0x62ff90 RegOpenKeyA
0x62ff94 RegQueryValueExA
0x62ff98 RegCloseKey
0x62ff9c RegSetValueExA
0x62ffa8 ReportEventA
0x62ffac RegQueryValueExW
0x62ffb0 RegOpenKeyExA
0x62ffb4 RegEnumKeyExA
Library SHELL32.dll:
0x62ffbc SHGetFileInfoW
0x62ffc0 SHQueryRecycleBinW
0x62ffc4 SHBindToParent
Library COMCTL32.dll:

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.