5.8
高危
59 个模型检测该样本为恶意!
重新分析
更多

2f2d933f707e9bc96ede04c30a9385170a94a4a876aed7b35b47da9804ff9830

ddefff1a84e3c058192007093359c831.exe

分析耗时

22s

最近分析

文件大小

871.0KB
静态报毒 动态报毒 2G0@A403PLAI AGEN AI SCORE=88 ATTRIBUTE BSCOPE CLOUD CONFIDENCE DELF DELPHILESS ELDORADO ELTL ELXR FAREIT HIGH CONFIDENCE HIGHCONFIDENCE HJZFYJ LOKIBOT MALWARE@#DFUC2KSL3N4N NANOCORE NOON QWZG SCORE SIMDA THEOIBO UNSAFE URSU WACATAC X2059 Y1JUVOROPVS ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanSpy:Win32/InfoStealer.471c19a5 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Kingsoft 20200515 2013.8.14.323
McAfee Fareit-FSK!DDEFFF1A84E3 20200514 6.0.6.653
Tencent 20200515 1.0.0.1
Avast Win32:Trojan-gen 20200514 18.4.3895.0
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619948416.823503
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 38600512
registers.edi: 0
registers.eax: 0
registers.ebp: 38600584
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 769
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 eb 55 e9 2f 37 fa
exception.symbol: ddefff1a84e3c058192007093359c831+0x5ffc4
exception.instruction: div eax
exception.module: ddefff1a84e3c058192007093359c831.exe
exception.exception_code: 0xc0000094
exception.offset: 393156
exception.address: 0x45ffc4
success 0 0
1619975176.573249
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7501e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7501ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7501b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7501b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7501ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7501aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7501559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75167f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75164de3
ddefff1a84e3c058192007093359c831+0x5aa4d @ 0x45aa4d
ddefff1a84e3c058192007093359c831+0x53254 @ 0x453254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfeb014ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (29 个事件)
Time & API Arguments Status Return Repeated
1619948416.682503
NtAllocateVirtualMemory
process_identifier: 1068
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005e0000
success 0 0
1619948416.823503
NtAllocateVirtualMemory
process_identifier: 1068
region_size: 40960
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02350000
success 0 0
1619948416.854503
NtAllocateVirtualMemory
process_identifier: 1068
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02f50000
success 0 0
1619975175.651249
NtAllocateVirtualMemory
process_identifier: 2216
region_size: 589824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00560000
success 0 0
1619975175.651249
NtAllocateVirtualMemory
process_identifier: 2216
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005b0000
success 0 0
1619975175.651249
NtAllocateVirtualMemory
process_identifier: 2216
region_size: 335872
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01e40000
success 0 0
1619975175.651249
NtProtectVirtualMemory
process_identifier: 2216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 307200
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e42000
success 0 0
1619975176.057249
NtAllocateVirtualMemory
process_identifier: 2216
region_size: 2293760
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x021a0000
success 0 0
1619975176.057249
NtAllocateVirtualMemory
process_identifier: 2216
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02390000
success 0 0
1619975176.557249
NtProtectVirtualMemory
process_identifier: 2216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ff2000
success 0 0
1619975176.557249
NtProtectVirtualMemory
process_identifier: 2216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619975176.557249
NtProtectVirtualMemory
process_identifier: 2216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ff2000
success 0 0
1619975176.557249
NtProtectVirtualMemory
process_identifier: 2216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619975176.557249
NtProtectVirtualMemory
process_identifier: 2216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ff2000
success 0 0
1619975176.557249
NtProtectVirtualMemory
process_identifier: 2216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619975176.557249
NtProtectVirtualMemory
process_identifier: 2216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ff2000
success 0 0
1619975176.557249
NtProtectVirtualMemory
process_identifier: 2216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619975176.557249
NtProtectVirtualMemory
process_identifier: 2216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ff2000
success 0 0
1619975176.557249
NtProtectVirtualMemory
process_identifier: 2216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619975176.557249
NtProtectVirtualMemory
process_identifier: 2216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ff2000
success 0 0
1619975176.557249
NtProtectVirtualMemory
process_identifier: 2216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619975176.557249
NtProtectVirtualMemory
process_identifier: 2216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ff2000
success 0 0
1619975176.557249
NtProtectVirtualMemory
process_identifier: 2216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619975176.557249
NtProtectVirtualMemory
process_identifier: 2216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ff2000
success 0 0
1619975176.557249
NtProtectVirtualMemory
process_identifier: 2216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619975176.557249
NtProtectVirtualMemory
process_identifier: 2216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ff2000
success 0 0
1619975176.557249
NtProtectVirtualMemory
process_identifier: 2216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619975176.557249
NtProtectVirtualMemory
process_identifier: 2216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01ff2000
success 0 0
1619975176.557249
NtProtectVirtualMemory
process_identifier: 2216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (3 个事件)
entropy 7.716038691329842 section {'size_of_data': '0x0000ac00', 'virtual_address': '0x00061000', 'entropy': 7.716038691329842, 'name': 'DATA', 'virtual_size': '0x0000aaf0'} description A section with a high entropy has been found
entropy 7.4613482695133335 section {'size_of_data': '0x00066200', 'virtual_address': '0x00079000', 'entropy': 7.4613482695133335, 'name': '.rsrc', 'virtual_size': '0x00066084'} description A section with a high entropy has been found
entropy 0.5189655172413793 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 1068 called NtSetContextThread to modify thread in remote process 2216
Time & API Arguments Status Return Repeated
1619948417.541503
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4534975
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2216
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 1068 resumed a thread in remote process 2216
Time & API Arguments Status Return Repeated
1619948417.807503
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 2216
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619948417.463503
CreateProcessInternalW
thread_identifier: 2504
thread_handle: 0x00000114
process_identifier: 2216
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\ddefff1a84e3c058192007093359c831.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000118
inherit_handles: 0
success 1 0
1619948417.463503
NtUnmapViewOfSection
process_identifier: 2216
region_size: 4096
process_handle: 0x00000118
base_address: 0x00400000
success 0 0
1619948417.463503
NtMapViewOfSection
section_handle: 0x00000120
process_identifier: 2216
commit_size: 708608
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000118
allocation_type: 0 ()
section_offset: 0
view_size: 708608
base_address: 0x00400000
success 0 0
1619948417.541503
NtGetContextThread
thread_handle: 0x00000114
success 0 0
1619948417.541503
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4534975
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2216
success 0 0
1619948417.807503
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 2216
success 0 0
File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)
MicroWorld-eScan Trojan.Delf.FareIt.Gen.6
FireEye Generic.mg.ddefff1a84e3c058
CAT-QuickHeal Trojanspy.Noon
ALYac Trojan.Delf.FareIt.Gen.6
Cylance Unsafe
Zillya Trojan.Injector.Win32.728771
Sangfor Malware
K7AntiVirus Trojan ( 005660d51 )
Alibaba TrojanSpy:Win32/InfoStealer.471c19a5
K7GW Trojan ( 005660d51 )
Cybereason malicious.c2edc8
Arcabit Trojan.Delf.FareIt.Gen.6
Invincea heuristic
F-Prot W32/Delf.KP.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
ClamAV Win.Dropper.LokiBot-7776681-0
Kaspersky HEUR:Trojan-Spy.Win32.Noon.gen
BitDefender Trojan.Delf.FareIt.Gen.6
NANO-Antivirus Trojan.Win32.Nanocore.hjzfyj
ViRobot Trojan.Win32.Z.Ursu.891904
Rising Trojan.Injector!8.C4 (CLOUD)
Ad-Aware Trojan.Delf.FareIt.Gen.6
Sophos Mal/Fareit-AA
Comodo Malware@#dfuc2ksl3n4n
F-Secure Heuristic.HEUR/AGEN.1133569
DrWeb Trojan.Nanocore.23
VIPRE Trojan.Win32.Simda.ba (v)
TrendMicro Trojan.Win32.WACATAC.THEOIBO
McAfee-GW-Edition BehavesLike.Win32.Fareit.cc
Trapmine suspicious.low.ml.score
Emsisoft Trojan.Delf.FareIt.Gen.6 (B)
Cyren W32/Trojan.QWZG-0888
Avira HEUR/AGEN.1133569
eGambit Unsafe.AI_Score_99%
Antiy-AVL Trojan/Win32.Wacatac
Microsoft Trojan:Win32/InfoStealer.C!MTB
Endgame malicious (high confidence)
AegisLab Trojan.Win32.Noon.l!c
ZoneAlarm HEUR:Trojan-Spy.Win32.Noon.gen
GData Trojan.Delf.FareIt.Gen.6
AhnLab-V3 Suspicious/Win.Delphiless.X2059
Acronis suspicious
McAfee Fareit-FSK!DDEFFF1A84E3
MAX malware (ai score=88)
VBA32 BScope.Trojan.Crypt
Malwarebytes Trojan.MalPack
Panda Trj/CI.A
ESET-NOD32 a variant of Win32/Injector.ELTL
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x46d164 VirtualFree
0x46d168 VirtualAlloc
0x46d16c LocalFree
0x46d170 LocalAlloc
0x46d174 GetVersion
0x46d178 GetCurrentThreadId
0x46d184 VirtualQuery
0x46d188 WideCharToMultiByte
0x46d190 MultiByteToWideChar
0x46d194 lstrlenA
0x46d198 lstrcpynA
0x46d19c LoadLibraryExA
0x46d1a0 GetThreadLocale
0x46d1a4 GetStartupInfoA
0x46d1a8 GetProcAddress
0x46d1ac GetModuleHandleA
0x46d1b0 GetModuleFileNameA
0x46d1b4 GetLocaleInfoA
0x46d1b8 GetLastError
0x46d1c0 GetCommandLineA
0x46d1c4 FreeLibrary
0x46d1c8 FindFirstFileA
0x46d1cc FindClose
0x46d1d0 ExitProcess
0x46d1d4 WriteFile
0x46d1dc RtlUnwind
0x46d1e0 RaiseException
0x46d1e4 GetStdHandle
Library user32.dll:
0x46d1ec GetKeyboardType
0x46d1f0 LoadStringA
0x46d1f4 MessageBoxA
0x46d1f8 CharNextA
Library advapi32.dll:
0x46d200 RegQueryValueExA
0x46d204 RegOpenKeyExA
0x46d208 RegCloseKey
Library oleaut32.dll:
0x46d210 SysFreeString
0x46d214 SysReAllocStringLen
0x46d218 SysAllocStringLen
Library kernel32.dll:
0x46d220 TlsSetValue
0x46d224 TlsGetValue
0x46d228 LocalAlloc
0x46d22c GetModuleHandleA
Library advapi32.dll:
0x46d234 RegQueryValueExA
0x46d238 RegOpenKeyExA
0x46d23c RegCloseKey
Library kernel32.dll:
0x46d244 lstrcpyA
0x46d248 lstrcmpA
0x46d24c WriteFile
0x46d254 WaitForSingleObject
0x46d258 VirtualQuery
0x46d25c VirtualAlloc
0x46d260 Sleep
0x46d264 SizeofResource
0x46d268 SetThreadLocale
0x46d26c SetFilePointer
0x46d270 SetEvent
0x46d274 SetErrorMode
0x46d278 SetEndOfFile
0x46d27c ResetEvent
0x46d280 ReadFile
0x46d284 MulDiv
0x46d288 LockResource
0x46d28c LoadResource
0x46d290 LoadLibraryA
0x46d29c GlobalUnlock
0x46d2a0 GlobalReAlloc
0x46d2a4 GlobalHandle
0x46d2a8 GlobalLock
0x46d2ac GlobalFree
0x46d2b0 GlobalFindAtomA
0x46d2b4 GlobalDeleteAtom
0x46d2b8 GlobalAlloc
0x46d2bc GlobalAddAtomA
0x46d2c4 GetVersionExA
0x46d2c8 GetVersion
0x46d2cc GetTickCount
0x46d2d0 GetThreadLocale
0x46d2d8 GetSystemTime
0x46d2dc GetSystemInfo
0x46d2e0 GetStringTypeExA
0x46d2e4 GetStdHandle
0x46d2e8 GetProcAddress
0x46d2ec GetModuleHandleA
0x46d2f0 GetModuleFileNameA
0x46d2f4 GetLogicalDrives
0x46d2f8 GetLocaleInfoA
0x46d2fc GetLocalTime
0x46d300 GetLastError
0x46d304 GetFullPathNameA
0x46d308 GetFileAttributesA
0x46d30c GetDriveTypeA
0x46d310 GetDiskFreeSpaceA
0x46d314 GetDateFormatA
0x46d318 GetCurrentThreadId
0x46d31c GetCurrentProcessId
0x46d320 GetCPInfo
0x46d324 GetACP
0x46d328 FreeResource
0x46d32c InterlockedExchange
0x46d330 FreeLibrary
0x46d334 FormatMessageA
0x46d338 FindResourceA
0x46d33c FindNextFileA
0x46d340 FindFirstFileA
0x46d344 FindClose
0x46d354 ExitThread
0x46d358 ExitProcess
0x46d35c EnumCalendarInfoA
0x46d368 CreateThread
0x46d36c CreateFileA
0x46d370 CreateEventA
0x46d374 CompareStringA
0x46d378 CloseHandle
Library mpr.dll:
0x46d380 WNetGetConnectionA
Library version.dll:
0x46d388 VerQueryValueA
0x46d390 GetFileVersionInfoA
Library gdi32.dll:
0x46d398 UnrealizeObject
0x46d39c StretchBlt
0x46d3a0 SetWindowOrgEx
0x46d3a4 SetViewportOrgEx
0x46d3a8 SetTextColor
0x46d3ac SetStretchBltMode
0x46d3b0 SetROP2
0x46d3b4 SetPixel
0x46d3b8 SetDIBColorTable
0x46d3bc SetBrushOrgEx
0x46d3c0 SetBkMode
0x46d3c4 SetBkColor
0x46d3c8 SelectPalette
0x46d3cc SelectObject
0x46d3d0 SaveDC
0x46d3d4 RestoreDC
0x46d3d8 Rectangle
0x46d3dc RectVisible
0x46d3e0 RealizePalette
0x46d3e4 PatBlt
0x46d3e8 MoveToEx
0x46d3ec MaskBlt
0x46d3f0 LineTo
0x46d3f4 IntersectClipRect
0x46d3f8 GetWindowOrgEx
0x46d3fc GetTextMetricsA
0x46d408 GetStockObject
0x46d40c GetPixel
0x46d410 GetPaletteEntries
0x46d414 GetObjectA
0x46d418 GetDeviceCaps
0x46d41c GetDIBits
0x46d420 GetDIBColorTable
0x46d424 GetDCOrgEx
0x46d42c GetClipBox
0x46d430 GetBrushOrgEx
0x46d434 GetBitmapBits
0x46d438 ExtTextOutA
0x46d43c ExcludeClipRect
0x46d440 DeleteObject
0x46d444 DeleteDC
0x46d448 CreateSolidBrush
0x46d44c CreatePenIndirect
0x46d450 CreatePalette
0x46d458 CreateFontIndirectA
0x46d45c CreateDIBitmap
0x46d460 CreateDIBSection
0x46d464 CreateCompatibleDC
0x46d46c CreateBrushIndirect
0x46d470 CreateBitmap
0x46d474 BitBlt
Library opengl32.dll:
0x46d47c wglCreateContext
Library user32.dll:
0x46d484 CreateWindowExA
0x46d488 WindowFromPoint
0x46d48c WinHelpA
0x46d490 WaitMessage
0x46d494 UpdateWindow
0x46d498 UnregisterClassA
0x46d49c UnhookWindowsHookEx
0x46d4a0 TranslateMessage
0x46d4a8 TrackPopupMenu
0x46d4b0 ShowWindow
0x46d4b4 ShowScrollBar
0x46d4b8 ShowOwnedPopups
0x46d4bc ShowCursor
0x46d4c0 SetWindowsHookExA
0x46d4c4 SetWindowTextA
0x46d4c8 SetWindowPos
0x46d4cc SetWindowPlacement
0x46d4d0 SetWindowLongA
0x46d4d4 SetTimer
0x46d4d8 SetScrollRange
0x46d4dc SetScrollPos
0x46d4e0 SetScrollInfo
0x46d4e4 SetRect
0x46d4e8 SetPropA
0x46d4ec SetParent
0x46d4f0 SetMenuItemInfoA
0x46d4f4 SetMenu
0x46d4f8 SetForegroundWindow
0x46d4fc SetFocus
0x46d500 SetCursor
0x46d504 SetClassLongA
0x46d508 SetCapture
0x46d50c SetActiveWindow
0x46d510 SendMessageA
0x46d514 ScrollWindow
0x46d518 ScreenToClient
0x46d51c RemovePropA
0x46d520 RemoveMenu
0x46d524 ReleaseDC
0x46d528 ReleaseCapture
0x46d534 RegisterClassA
0x46d538 RedrawWindow
0x46d53c PtInRect
0x46d540 PostQuitMessage
0x46d544 PostMessageA
0x46d548 PeekMessageA
0x46d54c OffsetRect
0x46d550 OemToCharA
0x46d554 MessageBoxA
0x46d558 MapWindowPoints
0x46d55c MapVirtualKeyA
0x46d560 LoadStringA
0x46d564 LoadKeyboardLayoutA
0x46d568 LoadIconA
0x46d56c LoadCursorA
0x46d570 LoadBitmapA
0x46d574 KillTimer
0x46d578 IsZoomed
0x46d57c IsWindowVisible
0x46d580 IsWindowEnabled
0x46d584 IsWindow
0x46d588 IsRectEmpty
0x46d58c IsIconic
0x46d590 IsDialogMessageA
0x46d594 IsChild
0x46d598 InvalidateRect
0x46d59c IntersectRect
0x46d5a0 InsertMenuItemA
0x46d5a4 InsertMenuA
0x46d5a8 InflateRect
0x46d5b0 GetWindowTextA
0x46d5b4 GetWindowRect
0x46d5b8 GetWindowPlacement
0x46d5bc GetWindowLongA
0x46d5c0 GetWindowDC
0x46d5c4 GetTopWindow
0x46d5c8 GetSystemMetrics
0x46d5cc GetSystemMenu
0x46d5d0 GetSysColorBrush
0x46d5d4 GetSysColor
0x46d5d8 GetSubMenu
0x46d5dc GetScrollRange
0x46d5e0 GetScrollPos
0x46d5e4 GetScrollInfo
0x46d5e8 GetPropA
0x46d5ec GetParent
0x46d5f0 GetWindow
0x46d5f4 GetMenuStringA
0x46d5f8 GetMenuState
0x46d5fc GetMenuItemInfoA
0x46d600 GetMenuItemID
0x46d604 GetMenuItemCount
0x46d608 GetMenu
0x46d60c GetLastActivePopup
0x46d610 GetKeyboardState
0x46d618 GetKeyboardLayout
0x46d61c GetKeyState
0x46d620 GetKeyNameTextA
0x46d624 GetIconInfo
0x46d628 GetForegroundWindow
0x46d62c GetFocus
0x46d630 GetDesktopWindow
0x46d634 GetDCEx
0x46d638 GetDC
0x46d63c GetCursorPos
0x46d640 GetCursor
0x46d644 GetClientRect
0x46d648 GetClassNameA
0x46d64c GetClassInfoA
0x46d650 GetCapture
0x46d654 GetActiveWindow
0x46d658 FrameRect
0x46d65c FindWindowA
0x46d660 FillRect
0x46d664 EqualRect
0x46d668 EnumWindows
0x46d66c EnumThreadWindows
0x46d670 EndPaint
0x46d674 EnableWindow
0x46d678 EnableScrollBar
0x46d67c EnableMenuItem
0x46d680 DrawTextA
0x46d684 DrawMenuBar
0x46d688 DrawIconEx
0x46d68c DrawIcon
0x46d690 DrawFrameControl
0x46d694 DrawFocusRect
0x46d698 DrawEdge
0x46d69c DispatchMessageA
0x46d6a0 DestroyWindow
0x46d6a4 DestroyMenu
0x46d6a8 DestroyIcon
0x46d6ac DestroyCursor
0x46d6b0 DeleteMenu
0x46d6b4 DefWindowProcA
0x46d6b8 DefMDIChildProcA
0x46d6bc DefFrameProcA
0x46d6c0 CreatePopupMenu
0x46d6c4 CreateMenu
0x46d6c8 CreateIcon
0x46d6cc ClientToScreen
0x46d6d0 CheckMenuItem
0x46d6d4 CallWindowProcA
0x46d6d8 CallNextHookEx
0x46d6dc BeginPaint
0x46d6e0 CharNextA
0x46d6e4 CharLowerBuffA
0x46d6e8 CharLowerA
0x46d6ec CharUpperBuffA
0x46d6f0 CharToOemA
0x46d6f4 AdjustWindowRectEx
Library kernel32.dll:
0x46d700 Sleep
Library oleaut32.dll:
0x46d708 SafeArrayPtrOfIndex
0x46d70c SafeArrayGetUBound
0x46d710 SafeArrayGetLBound
0x46d714 SafeArrayCreate
0x46d718 VariantChangeType
0x46d71c VariantCopy
0x46d720 VariantClear
0x46d724 VariantInit
Library ole32.dll:
0x46d72c CoTaskMemAlloc
0x46d730 CoCreateInstance
0x46d734 CoUninitialize
0x46d738 CoInitialize
Library comctl32.dll:
0x46d748 ImageList_Write
0x46d74c ImageList_Read
0x46d75c ImageList_DragMove
0x46d760 ImageList_DragLeave
0x46d764 ImageList_DragEnter
0x46d768 ImageList_EndDrag
0x46d76c ImageList_BeginDrag
0x46d770 ImageList_Remove
0x46d774 ImageList_DrawEx
0x46d778 ImageList_Draw
0x46d788 ImageList_Add
0x46d790 ImageList_Destroy
0x46d794 ImageList_Create
0x46d798 InitCommonControls

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.