5.8
高危
53 个模型检测该样本为恶意!
重新分析
更多

6407a885f99633b2f5559e9f04b001a859367468dd7e761fb28d527995f3112d

df474cae010ab858b7d078d8e9ebd6e0.exe

分析耗时

22s

最近分析

文件大小

803.5KB
静态报毒 动态报毒 100% AGEN AI SCORE=88 ALI2000015 BTDIWB CLASSIC CONFIDENCE DELFINJECT DELPHILESS ELKP ELPY FAREIT GENERICKD GENETIC HIGH CONFIDENCE HJJXOZ IGENT KRYPTIK LOKIBOT MALWARE@#3GDGGQ9IOP0N2 QVM05 R + MAL R06EC0DI220 SCORE STATIC AI SUSPICIOUS PE UNSAFE WACATAC WTNJ X2084 XQKI YG0@AUT ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FSK!DF474CAE010A 20201229 6.0.6.653
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Tencent Win32.Trojan.Crypt.Wtnj 20201229 1.0.0.1
Kingsoft 20201229 2017.9.26.565
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619948417.098755
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 51773248
registers.edi: 0
registers.eax: 0
registers.ebp: 51773320
registers.edx: 2130553844
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 eb 62 e9 0e 42 f9
exception.symbol: df474cae010ab858b7d078d8e9ebd6e0+0x6f3cd
exception.instruction: div eax
exception.module: df474cae010ab858b7d078d8e9ebd6e0.exe
exception.exception_code: 0xc0000094
exception.offset: 455629
exception.address: 0x46f3cd
success 0 0
1619972676.553124
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7501e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7501ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7501b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7501b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7501ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7501aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7501559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75177f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75174de3
df474cae010ab858b7d078d8e9ebd6e0+0x58a4d @ 0x458a4d
df474cae010ab858b7d078d8e9ebd6e0+0x51254 @ 0x451254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfdae14ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1619948416.879755
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003d0000
success 0 0
1619948417.098755
NtAllocateVirtualMemory
process_identifier: 152
region_size: 61440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00550000
success 0 0
1619948417.113755
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02000000
success 0 0
1619972675.710124
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619972675.772124
NtAllocateVirtualMemory
process_identifier: 1108
region_size: 983040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01e30000
success 0 0
1619972675.772124
NtAllocateVirtualMemory
process_identifier: 1108
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01ee0000
success 0 0
1619972675.772124
NtAllocateVirtualMemory
process_identifier: 1108
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01d80000
success 0 0
1619972675.772124
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 299008
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01d82000
success 0 0
1619972676.069124
NtAllocateVirtualMemory
process_identifier: 1108
region_size: 786432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01f20000
success 0 0
1619972676.069124
NtAllocateVirtualMemory
process_identifier: 1108
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01fa0000
success 0 0
1619972676.522124
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00582000
success 0 0
1619972676.522124
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619972676.522124
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00582000
success 0 0
1619972676.522124
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619972676.522124
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00582000
success 0 0
1619972676.522124
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619972676.522124
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00582000
success 0 0
1619972676.522124
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619972676.522124
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00582000
success 0 0
1619972676.522124
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619972676.522124
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00582000
success 0 0
1619972676.522124
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619972676.522124
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00582000
success 0 0
1619972676.522124
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619972676.522124
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00582000
success 0 0
1619972676.522124
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619972676.522124
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00582000
success 0 0
1619972676.522124
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619972676.522124
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00582000
success 0 0
1619972676.522124
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (3 个事件)
entropy 7.606822577522066 section {'size_of_data': '0x0000fa00', 'virtual_address': '0x00070000', 'entropy': 7.606822577522066, 'name': 'DATA', 'virtual_size': '0x0000f8d4'} description A section with a high entropy has been found
entropy 7.4164716536479425 section {'size_of_data': '0x00040800', 'virtual_address': '0x0008e000', 'entropy': 7.4164716536479425, 'name': '.rsrc', 'virtual_size': '0x00040768'} description A section with a high entropy has been found
entropy 0.3993769470404984 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 152 called NtSetContextThread to modify thread in remote process 1108
Time & API Arguments Status Return Repeated
1619948417.223755
NtSetContextThread
thread_handle: 0x00000108
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4893792
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1108
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 152 resumed a thread in remote process 1108
Time & API Arguments Status Return Repeated
1619948417.598755
NtResumeThread
thread_handle: 0x00000108
suspend_count: 1
process_identifier: 1108
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619948417.192755
CreateProcessInternalW
thread_identifier: 2544
thread_handle: 0x00000108
process_identifier: 1108
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\df474cae010ab858b7d078d8e9ebd6e0.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x0000010c
inherit_handles: 0
success 1 0
1619948417.192755
NtUnmapViewOfSection
process_identifier: 1108
region_size: 4096
process_handle: 0x0000010c
base_address: 0x00400000
success 0 0
1619948417.192755
NtMapViewOfSection
section_handle: 0x00000114
process_identifier: 1108
commit_size: 704512
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x0000010c
allocation_type: 0 ()
section_offset: 0
view_size: 704512
base_address: 0x00400000
success 0 0
1619948417.223755
NtGetContextThread
thread_handle: 0x00000108
success 0 0
1619948417.223755
NtSetContextThread
thread_handle: 0x00000108
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4893792
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1108
success 0 0
1619948417.598755
NtResumeThread
thread_handle: 0x00000108
suspend_count: 1
process_identifier: 1108
success 0 0
File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 个事件)
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
McAfee Fareit-FSK!DF474CAE010A
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 0056583f1 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Trojan ( 0056583f1 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Generic.D202B6A6
BitDefenderTheta Gen:NN.ZelphiF.34700.YG0@aut!xqki
Symantec Trojan.Gen.2
ESET-NOD32 a variant of Win32/Injector.ELPY
APEX Malicious
Paloalto generic.ml
ClamAV Win.Dropper.LokiBot-7699946-0
BitDefender Trojan.GenericKD.33732262
NANO-Antivirus Trojan.Win32.Stealer.hjjxoz
MicroWorld-eScan Trojan.GenericKD.33732262
Tencent Win32.Trojan.Crypt.Wtnj
Ad-Aware Trojan.GenericKD.33732262
Emsisoft Trojan.Injector (A)
Comodo Malware@#3gdggq9iop0n2
F-Secure Heuristic.HEUR/AGEN.1133569
DrWeb Trojan.PWS.Stealer.23680
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R06EC0DI220
McAfee-GW-Edition BehavesLike.Win32.Fareit.cc
Sophos Mal/Generic-R + Mal/Fareit-AA
Ikarus Trojan.Inject
Jiangmin Trojan.Crypt.ddt
Webroot W32.Injector.Gen
Avira HEUR/AGEN.1133569
Antiy-AVL Trojan/Win32.Wacatac
Gridinsoft Trojan.Win32.Kryptik.ba!s1
Microsoft Trojan:Win32/InfoStealer.A!MTB
AegisLab Trojan.Multi.Generic.4!c
AhnLab-V3 Suspicious/Win.Delphiless.X2084
ZoneAlarm HEUR:Trojan.Win32.Crypt.gen
GData Trojan.GenericKD.33732262
ALYac Trojan.GenericKD.33732262
MAX malware (ai score=88)
Malwarebytes Trojan.MalPack.DLF.Generic
Zoner Trojan.Win32.90523
TrendMicro-HouseCall TROJ_GEN.R06EC0DI220
Rising Trojan.Kryptik!1.C57B (CLASSIC)
Yandex Trojan.Igent.bTDiWB.41
SentinelOne Static AI - Suspicious PE
Fortinet W32/Injector.ELKP!tr
AVG Win32:Trojan-gen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x481178 VirtualFree
0x48117c VirtualAlloc
0x481180 LocalFree
0x481184 LocalAlloc
0x481188 GetVersion
0x48118c GetCurrentThreadId
0x481198 VirtualQuery
0x48119c WideCharToMultiByte
0x4811a0 MultiByteToWideChar
0x4811a4 lstrlenA
0x4811a8 lstrcpynA
0x4811ac LoadLibraryExA
0x4811b0 GetThreadLocale
0x4811b4 GetStartupInfoA
0x4811b8 GetProcAddress
0x4811bc GetModuleHandleA
0x4811c0 GetModuleFileNameA
0x4811c4 GetLocaleInfoA
0x4811c8 GetCommandLineA
0x4811cc FreeLibrary
0x4811d0 FindFirstFileA
0x4811d4 FindClose
0x4811d8 ExitProcess
0x4811dc ExitThread
0x4811e0 CreateThread
0x4811e4 WriteFile
0x4811ec RtlUnwind
0x4811f0 RaiseException
0x4811f4 GetStdHandle
Library user32.dll:
0x4811fc GetKeyboardType
0x481200 LoadStringA
0x481204 MessageBoxA
0x481208 CharNextA
Library advapi32.dll:
0x481210 RegQueryValueExA
0x481214 RegOpenKeyExA
0x481218 RegCloseKey
Library oleaut32.dll:
0x481220 SysFreeString
0x481224 SysReAllocStringLen
0x481228 SysAllocStringLen
Library kernel32.dll:
0x481230 TlsSetValue
0x481234 TlsGetValue
0x481238 LocalAlloc
0x48123c GetModuleHandleA
Library advapi32.dll:
0x481244 RegQueryValueExA
0x481248 RegOpenKeyExA
0x48124c RegCloseKey
Library kernel32.dll:
0x481254 lstrlenA
0x481258 lstrcpyA
0x48125c lstrcmpA
0x481260 WriteFile
0x481268 WaitForSingleObject
0x481270 VirtualQuery
0x481274 VirtualAlloc
0x481278 Sleep
0x48127c SizeofResource
0x481280 SetThreadLocale
0x481284 SetFilePointer
0x481288 SetEvent
0x48128c SetErrorMode
0x481290 SetEndOfFile
0x481298 ResumeThread
0x48129c ResetEvent
0x4812a0 ReleaseMutex
0x4812a4 ReadFile
0x4812a8 MultiByteToWideChar
0x4812ac MulDiv
0x4812b0 LockResource
0x4812b4 LoadResource
0x4812b8 LoadLibraryA
0x4812c4 GlobalUnlock
0x4812c8 GlobalReAlloc
0x4812cc GlobalHandle
0x4812d0 GlobalLock
0x4812d4 GlobalFree
0x4812d8 GlobalFindAtomA
0x4812dc GlobalDeleteAtom
0x4812e0 GlobalAlloc
0x4812e4 GlobalAddAtomA
0x4812e8 GetVersionExA
0x4812ec GetVersion
0x4812f0 GetTickCount
0x4812f4 GetThreadLocale
0x4812fc GetSystemTime
0x481300 GetSystemInfo
0x481304 GetStringTypeExA
0x481308 GetStdHandle
0x48130c GetProcAddress
0x481310 GetModuleHandleA
0x481314 GetModuleFileNameA
0x481318 GetLocaleInfoA
0x48131c GetLocalTime
0x481320 GetLastError
0x481324 GetFullPathNameA
0x481328 GetExitCodeThread
0x48132c GetDiskFreeSpaceA
0x481330 GetDateFormatA
0x481334 GetCurrentThreadId
0x481338 GetCurrentProcessId
0x481340 GetCPInfo
0x481344 GetACP
0x481348 FreeResource
0x481350 InterlockedExchange
0x481358 FreeLibrary
0x48135c FormatMessageA
0x481360 FindResourceA
0x481368 FindFirstFileA
0x481374 FindClose
0x481384 ExitThread
0x481388 EnumCalendarInfoA
0x481394 CreateThread
0x481398 CreateMutexA
0x48139c CreateFileA
0x4813a0 CreateEventA
0x4813a4 CompareStringA
0x4813a8 CloseHandle
Library version.dll:
0x4813b0 VerQueryValueA
0x4813b8 GetFileVersionInfoA
Library gdi32.dll:
0x4813c0 UnrealizeObject
0x4813c4 StretchBlt
0x4813c8 SetWindowOrgEx
0x4813cc SetViewportOrgEx
0x4813d0 SetTextColor
0x4813d4 SetStretchBltMode
0x4813d8 SetROP2
0x4813dc SetPixel
0x4813e0 SetDIBColorTable
0x4813e4 SetBrushOrgEx
0x4813e8 SetBkMode
0x4813ec SetBkColor
0x4813f0 SelectPalette
0x4813f4 SelectObject
0x4813f8 SaveDC
0x4813fc RestoreDC
0x481400 Rectangle
0x481404 RectVisible
0x481408 RealizePalette
0x48140c PatBlt
0x481410 MoveToEx
0x481414 MaskBlt
0x481418 LineTo
0x48141c IntersectClipRect
0x481420 GetWindowOrgEx
0x481424 GetTextMetricsA
0x481430 GetStockObject
0x481434 GetPixel
0x481438 GetPaletteEntries
0x48143c GetObjectA
0x481440 GetDeviceCaps
0x481444 GetDIBits
0x481448 GetDIBColorTable
0x48144c GetDCOrgEx
0x481454 GetClipBox
0x481458 GetBrushOrgEx
0x48145c GetBitmapBits
0x481460 ExtTextOutA
0x481464 ExcludeClipRect
0x481468 DeleteObject
0x48146c DeleteDC
0x481470 CreateSolidBrush
0x481474 CreatePenIndirect
0x481478 CreatePalette
0x481480 CreateFontIndirectA
0x481484 CreateDIBitmap
0x481488 CreateDIBSection
0x48148c CreateCompatibleDC
0x481494 CreateBrushIndirect
0x481498 CreateBitmap
0x48149c BitBlt
Library user32.dll:
0x4814a4 CreateWindowExA
0x4814a8 WindowFromPoint
0x4814ac WinHelpA
0x4814b0 WaitMessage
0x4814b4 UpdateWindow
0x4814b8 UnregisterClassA
0x4814bc UnhookWindowsHookEx
0x4814c0 TranslateMessage
0x4814c8 TrackPopupMenu
0x4814d0 ShowWindow
0x4814d4 ShowScrollBar
0x4814d8 ShowOwnedPopups
0x4814dc ShowCursor
0x4814e0 SetWindowsHookExA
0x4814e4 SetWindowTextA
0x4814e8 SetWindowPos
0x4814ec SetWindowPlacement
0x4814f0 SetWindowLongA
0x4814f4 SetTimer
0x4814f8 SetScrollRange
0x4814fc SetScrollPos
0x481500 SetScrollInfo
0x481504 SetRect
0x481508 SetPropA
0x48150c SetParent
0x481510 SetMenuItemInfoA
0x481514 SetMenu
0x481518 SetForegroundWindow
0x48151c SetFocus
0x481520 SetCursor
0x481524 SetClassLongA
0x481528 SetCapture
0x48152c SetActiveWindow
0x481530 SendMessageA
0x481534 ScrollWindow
0x481538 ScreenToClient
0x48153c RemovePropA
0x481540 RemoveMenu
0x481544 ReleaseDC
0x481548 ReleaseCapture
0x481554 RegisterClassA
0x481558 RedrawWindow
0x48155c PtInRect
0x481560 PostQuitMessage
0x481564 PostMessageA
0x481568 PeekMessageA
0x48156c OffsetRect
0x481570 OemToCharA
0x481578 MessageBoxA
0x48157c MapWindowPoints
0x481580 MapVirtualKeyA
0x481584 LoadStringA
0x481588 LoadKeyboardLayoutA
0x48158c LoadIconA
0x481590 LoadCursorA
0x481594 LoadBitmapA
0x481598 KillTimer
0x48159c IsZoomed
0x4815a0 IsWindowVisible
0x4815a4 IsWindowEnabled
0x4815a8 IsWindow
0x4815ac IsRectEmpty
0x4815b0 IsIconic
0x4815b4 IsDialogMessageA
0x4815b8 IsChild
0x4815bc InvalidateRect
0x4815c0 IntersectRect
0x4815c4 InsertMenuItemA
0x4815c8 InsertMenuA
0x4815cc InflateRect
0x4815d4 GetWindowTextA
0x4815d8 GetWindowRect
0x4815dc GetWindowPlacement
0x4815e0 GetWindowLongA
0x4815e4 GetWindowDC
0x4815e8 GetTopWindow
0x4815ec GetSystemMetrics
0x4815f0 GetSystemMenu
0x4815f4 GetSysColorBrush
0x4815f8 GetSysColor
0x4815fc GetSubMenu
0x481600 GetScrollRange
0x481604 GetScrollPos
0x481608 GetScrollInfo
0x48160c GetPropA
0x481610 GetParent
0x481614 GetWindow
0x481618 GetMessagePos
0x48161c GetMenuStringA
0x481620 GetMenuState
0x481624 GetMenuItemInfoA
0x481628 GetMenuItemID
0x48162c GetMenuItemCount
0x481630 GetMenu
0x481634 GetLastActivePopup
0x481638 GetKeyboardState
0x481640 GetKeyboardLayout
0x481644 GetKeyState
0x481648 GetKeyNameTextA
0x48164c GetIconInfo
0x481650 GetForegroundWindow
0x481654 GetFocus
0x481658 GetDesktopWindow
0x48165c GetDCEx
0x481660 GetDC
0x481664 GetCursorPos
0x481668 GetCursor
0x48166c GetClientRect
0x481670 GetClassNameA
0x481674 GetClassInfoA
0x481678 GetCapture
0x48167c GetActiveWindow
0x481680 FrameRect
0x481684 FindWindowA
0x481688 FillRect
0x48168c EqualRect
0x481690 EnumWindows
0x481694 EnumThreadWindows
0x481698 EndPaint
0x48169c EnableWindow
0x4816a0 EnableScrollBar
0x4816a4 EnableMenuItem
0x4816a8 DrawTextA
0x4816ac DrawMenuBar
0x4816b0 DrawIconEx
0x4816b4 DrawIcon
0x4816b8 DrawFrameControl
0x4816bc DrawEdge
0x4816c0 DispatchMessageA
0x4816c4 DestroyWindow
0x4816c8 DestroyMenu
0x4816cc DestroyIcon
0x4816d0 DestroyCursor
0x4816d4 DeleteMenu
0x4816d8 DefWindowProcA
0x4816dc DefMDIChildProcA
0x4816e0 DefFrameProcA
0x4816e4 CreatePopupMenu
0x4816e8 CreateMenu
0x4816ec CreateIcon
0x4816f0 ClientToScreen
0x4816f8 CheckMenuItem
0x4816fc CallWindowProcA
0x481700 CallNextHookEx
0x481704 BeginPaint
0x481708 CharNextA
0x48170c CharLowerA
0x481710 CharUpperBuffA
0x481714 CharToOemA
0x481718 AdjustWindowRectEx
Library kernel32.dll:
0x481724 Sleep
Library oleaut32.dll:
0x48172c SafeArrayPtrOfIndex
0x481730 SafeArrayGetUBound
0x481734 SafeArrayGetLBound
0x481738 SafeArrayCreate
0x48173c VariantChangeType
0x481740 VariantCopy
0x481744 VariantClear
0x481748 VariantInit
Library ole32.dll:
0x481750 OleUninitialize
0x481754 OleInitialize
0x481758 CoTaskMemAlloc
0x48175c CoCreateInstance
0x481760 CoUninitialize
0x481764 CoInitialize
Library oleaut32.dll:
0x48176c GetErrorInfo
0x481770 SysFreeString
Library comctl32.dll:
0x481780 ImageList_Write
0x481784 ImageList_Read
0x481794 ImageList_DragMove
0x481798 ImageList_DragLeave
0x48179c ImageList_DragEnter
0x4817a0 ImageList_EndDrag
0x4817a4 ImageList_BeginDrag
0x4817a8 ImageList_Remove
0x4817ac ImageList_DrawEx
0x4817b0 ImageList_Draw
0x4817c0 ImageList_Add
0x4817c8 ImageList_Destroy
0x4817cc ImageList_Create
0x4817d0 InitCommonControls
Library shell32.dll:
0x4817d8 ShellExecuteExA
0x4817dc ShellExecuteA
0x4817e0 SHGetFileInfoA
Library shell32.dll:
0x4817ec SHGetMalloc
0x4817f0 SHGetDesktopFolder

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51809 239.255.255.250 3702
192.168.56.101 51811 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.