7.0
高危
58 个模型检测该样本为恶意!
重新分析
更多

2084e95f6624b243760b5ac8e5f486168a84a08cb0d71b285f01720ebd77ee8f

e04610a64e9b54254f73c3a5719a9781.exe

分析耗时

22s

最近分析

文件大小

934.5KB
静态报毒 动态报毒 100% AI SCORE=83 ALI2000015 ANDROM AWGP CLASSIC CONFIDENCE DELFINJECT DELPHILESS EDUW ELEK FAREIT FSSLHSAY99M GENASA GENCIRC GENERICKD GENETIC HFHJZD HIGH CONFIDENCE HSVYY KLVY LOKI LOKIBOT MALICIOUS PE MALWARE@#1BYFU00UHSO7Q PWSX R + MAL SCORE SIGGEN9 SMDF STATIC AI UNSAFE WACATAC X2059 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
Avast Win32:PWSX-gen [Trj] 20201228 21.1.5827.0
Tencent Malware.Win32.Gencirc.10cdd64e 20201228 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft 20201228 2017.9.26.565
McAfee Fareit-FRQ!E04610A64E9B 20201228 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619948412.470719
__exception__
stacktrace: 
e04610a64e9b54254f73c3a5719a9781+0x98ef2 @ 0x498ef2
e04610a64e9b54254f73c3a5719a9781+0x3e1b @ 0x403e1b
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637912
registers.edi: 4820772
registers.eax: 0
registers.ebp: 1638204
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 86
registers.ecx: 3245146112
exception.instruction_r: f7 f0 90 90 90 90 33 c0 5a 59 59 64 89 10 eb 15
exception.symbol: e04610a64e9b54254f73c3a5719a9781+0x98cd4
exception.instruction: div eax
exception.module: e04610a64e9b54254f73c3a5719a9781.exe
exception.exception_code: 0xc0000094
exception.offset: 625876
exception.address: 0x498cd4
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (4 个事件)
Time & API Arguments Status Return Repeated
1619948412.095719
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00500000
success 0 0
1619948412.502719
NtAllocateVirtualMemory
process_identifier: 368
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00510000
success 0 0
1619948412.564719
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00530000
success 0 0
1619960335.974374
NtAllocateVirtualMemory
process_identifier: 1316
region_size: 3158016
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00830000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.498620015918464 section {'size_of_data': '0x00036600', 'virtual_address': '0x000b9000', 'entropy': 7.498620015918464, 'name': '.rsrc', 'virtual_size': '0x000365dc'} description A section with a high entropy has been found
entropy 0.23311897106109325 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 368 called NtSetContextThread to modify thread in remote process 1316
Time & API Arguments Status Return Repeated
1619948412.845719
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4306592
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1316
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 368 resumed a thread in remote process 1316
Time & API Arguments Status Return Repeated
1619948413.220719
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 1316
success 0 0
Generates some ICMP traffic
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619948412.830719
CreateProcessInternalW
thread_identifier: 1476
thread_handle: 0x00000100
process_identifier: 1316
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\e04610a64e9b54254f73c3a5719a9781.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000104
inherit_handles: 0
success 1 0
1619948412.830719
NtUnmapViewOfSection
process_identifier: 1316
region_size: 4096
process_handle: 0x00000104
base_address: 0x00400000
success 0 0
1619948412.845719
NtMapViewOfSection
section_handle: 0x0000010c
process_identifier: 1316
commit_size: 172032
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000104
allocation_type: 0 ()
section_offset: 0
view_size: 172032
base_address: 0x00400000
success 0 0
1619948412.845719
NtGetContextThread
thread_handle: 0x00000100
success 0 0
1619948412.845719
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4306592
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1316
success 0 0
1619948413.220719
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 1316
success 0 0
File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 个事件)
Elastic malicious (high confidence)
DrWeb Trojan.Siggen9.22410
MicroWorld-eScan Trojan.GenericKD.42860913
FireEye Generic.mg.e04610a64e9b5425
ALYac Trojan.Agent.Wacatac
Cylance Unsafe
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Riskware ( 0040eff71 )
Cybereason malicious.64e9b5
Arcabit Trojan.Generic.D28E0171
BitDefenderTheta AI:Packer.B54A963321
Cyren W32/Trojan.KLVY-6700
Symantec Trojan.Gen.2
ESET-NOD32 a variant of Win32/Injector.ELEK
APEX Malicious
Avast Win32:PWSX-gen [Trj]
Kaspersky HEUR:Backdoor.Win32.Androm.gen
BitDefender Trojan.GenericKD.42860913
NANO-Antivirus Trojan.Win32.Androm.hfhjzd
Paloalto generic.ml
AegisLab Trojan.Multi.Generic.4!c
Tencent Malware.Win32.Gencirc.10cdd64e
Ad-Aware Trojan.GenericKD.42860913
Sophos Mal/Generic-R + Mal/Fareit-V
Comodo Malware@#1byfu00uhso7q
F-Secure Trojan.TR/Injector.hsvyy
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.LOKI.SMDF.hp
McAfee-GW-Edition BehavesLike.Win32.Fareit.dh
Emsisoft Trojan.GenericKD.42860913 (B)
SentinelOne Static AI - Malicious PE
Jiangmin Backdoor.Androm.awgp
Webroot W32.Trojan.Gen
Avira TR/Injector.hsvyy
Antiy-AVL Trojan[Backdoor]/Win32.Androm
Gridinsoft Trojan.Win32.LokiBot.oa!s1
Microsoft Trojan:Win32/Loki.XR!MTB
ZoneAlarm HEUR:Backdoor.Win32.Androm.gen
GData Trojan.GenericKD.42860913
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2059
McAfee Fareit-FRQ!E04610A64E9B
MAX malware (ai score=83)
VBA32 Backdoor.Androm
Malwarebytes Spyware.LokiBot
Zoner Trojan.Win32.89982
TrendMicro-HouseCall TrojanSpy.Win32.LOKI.SMDF.hp
Rising Trojan.Injector!1.AFE3 (CLASSIC)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-01-10 05:52:51

Imports

Library kernel32.dll:
0x4a7164 VirtualFree
0x4a7168 VirtualAlloc
0x4a716c LocalFree
0x4a7170 LocalAlloc
0x4a7174 GetVersion
0x4a7178 GetCurrentThreadId
0x4a7184 VirtualQuery
0x4a7188 WideCharToMultiByte
0x4a718c MultiByteToWideChar
0x4a7190 lstrlenA
0x4a7194 lstrcpynA
0x4a7198 LoadLibraryExA
0x4a719c GetThreadLocale
0x4a71a0 GetStartupInfoA
0x4a71a4 GetProcAddress
0x4a71a8 GetModuleHandleA
0x4a71ac GetModuleFileNameA
0x4a71b0 GetLocaleInfoA
0x4a71b4 GetCommandLineA
0x4a71b8 FreeLibrary
0x4a71bc FindFirstFileA
0x4a71c0 FindClose
0x4a71c4 ExitProcess
0x4a71c8 WriteFile
0x4a71d0 RtlUnwind
0x4a71d4 RaiseException
0x4a71d8 GetStdHandle
Library user32.dll:
0x4a71e0 GetKeyboardType
0x4a71e4 LoadStringA
0x4a71e8 MessageBoxA
0x4a71ec CharNextA
Library advapi32.dll:
0x4a71f4 RegQueryValueExA
0x4a71f8 RegOpenKeyExA
0x4a71fc RegCloseKey
Library oleaut32.dll:
0x4a7204 SysFreeString
0x4a7208 SysReAllocStringLen
0x4a720c SysAllocStringLen
Library kernel32.dll:
0x4a7214 TlsSetValue
0x4a7218 TlsGetValue
0x4a721c LocalAlloc
0x4a7220 GetModuleHandleA
Library advapi32.dll:
0x4a7228 RegQueryValueExA
0x4a722c RegOpenKeyExA
0x4a7230 RegCloseKey
Library kernel32.dll:
0x4a7238 lstrcpyA
0x4a723c WriteFile
0x4a7240 WaitForSingleObject
0x4a7244 VirtualQuery
0x4a7248 VirtualFree
0x4a724c VirtualAlloc
0x4a7250 Sleep
0x4a7254 SizeofResource
0x4a7258 SetThreadLocale
0x4a725c SetFilePointer
0x4a7260 SetEvent
0x4a7264 SetErrorMode
0x4a7268 SetEndOfFile
0x4a726c SearchPathA
0x4a7270 ResetEvent
0x4a7274 ReleaseMutex
0x4a7278 ReadFile
0x4a727c OpenFileMappingA
0x4a7280 MultiByteToWideChar
0x4a7284 MulDiv
0x4a7288 LockResource
0x4a728c LoadResource
0x4a7290 LoadLibraryA
0x4a7298 IsDBCSLeadByte
0x4a72a0 GlobalUnlock
0x4a72a4 GlobalSize
0x4a72a8 GlobalReAlloc
0x4a72ac GlobalHandle
0x4a72b0 GlobalLock
0x4a72b4 GlobalFree
0x4a72b8 GlobalFindAtomA
0x4a72bc GlobalDeleteAtom
0x4a72c0 GlobalAlloc
0x4a72c4 GlobalAddAtomA
0x4a72c8 GetVersionExA
0x4a72cc GetVersion
0x4a72d0 GetUserDefaultLCID
0x4a72d4 GetTickCount
0x4a72d8 GetThreadLocale
0x4a72dc GetSystemInfo
0x4a72e0 GetStringTypeExA
0x4a72e4 GetStdHandle
0x4a72e8 GetProcAddress
0x4a72ec GetModuleHandleA
0x4a72f0 GetModuleFileNameA
0x4a72f4 GetLocaleInfoA
0x4a72f8 GetLocalTime
0x4a72fc GetLastError
0x4a7300 GetFullPathNameA
0x4a7304 GetDiskFreeSpaceA
0x4a7308 GetDateFormatA
0x4a730c GetCurrentThreadId
0x4a7310 GetCurrentProcessId
0x4a7318 GetComputerNameA
0x4a731c GetCPInfo
0x4a7320 GetACP
0x4a7324 FreeResource
0x4a732c InterlockedExchange
0x4a7334 FreeLibrary
0x4a7338 FormatMessageA
0x4a733c FindResourceA
0x4a7340 FindFirstFileA
0x4a7344 FindClose
0x4a7348 FatalAppExitA
0x4a734c EnumCalendarInfoA
0x4a7358 CreateThread
0x4a735c CreateMutexA
0x4a7360 CreateFileA
0x4a7364 CreateEventA
0x4a7368 CompareStringA
0x4a736c CloseHandle
Library version.dll:
0x4a7374 VerQueryValueA
0x4a737c GetFileVersionInfoA
Library gdi32.dll:
0x4a7384 UnrealizeObject
0x4a7388 StretchBlt
0x4a738c SetWindowOrgEx
0x4a7390 SetWinMetaFileBits
0x4a7394 SetViewportOrgEx
0x4a7398 SetTextColor
0x4a739c SetStretchBltMode
0x4a73a0 SetROP2
0x4a73a4 SetPixel
0x4a73a8 SetMapMode
0x4a73ac SetEnhMetaFileBits
0x4a73b0 SetDIBColorTable
0x4a73b4 SetBrushOrgEx
0x4a73b8 SetBkMode
0x4a73bc SetBkColor
0x4a73c0 SelectPalette
0x4a73c4 SelectObject
0x4a73c8 SaveDC
0x4a73cc RestoreDC
0x4a73d0 Rectangle
0x4a73d4 RectVisible
0x4a73d8 RealizePalette
0x4a73dc PlayEnhMetaFile
0x4a73e0 PatBlt
0x4a73e4 MoveToEx
0x4a73e8 MaskBlt
0x4a73ec LineTo
0x4a73f0 LPtoDP
0x4a73f4 IntersectClipRect
0x4a73f8 GetWindowOrgEx
0x4a73fc GetWinMetaFileBits
0x4a7400 GetTextMetricsA
0x4a740c GetStockObject
0x4a7410 GetPixel
0x4a7414 GetPaletteEntries
0x4a7418 GetObjectA
0x4a7428 GetEnhMetaFileBits
0x4a742c GetDeviceCaps
0x4a7430 GetDIBits
0x4a7434 GetDIBColorTable
0x4a7438 GetDCOrgEx
0x4a7440 GetClipBox
0x4a7444 GetBrushOrgEx
0x4a7448 GetBitmapBits
0x4a744c ExcludeClipRect
0x4a7450 DeleteObject
0x4a7454 DeleteEnhMetaFile
0x4a7458 DeleteDC
0x4a745c CreateSolidBrush
0x4a7460 CreatePenIndirect
0x4a7464 CreatePen
0x4a7468 CreatePalette
0x4a7470 CreateFontIndirectA
0x4a7474 CreateEnhMetaFileA
0x4a7478 CreateDIBitmap
0x4a747c CreateDIBSection
0x4a7480 CreateCompatibleDC
0x4a7488 CreateBrushIndirect
0x4a748c CreateBitmap
0x4a7490 CopyEnhMetaFileA
0x4a7494 CloseEnhMetaFile
0x4a7498 BitBlt
Library opengl32.dll:
0x4a74a0 wglDeleteContext
Library user32.dll:
0x4a74a8 CreateWindowExA
0x4a74ac WindowFromPoint
0x4a74b0 WinHelpA
0x4a74b4 WaitMessage
0x4a74b8 ValidateRect
0x4a74bc UpdateWindow
0x4a74c0 UnregisterClassA
0x4a74c4 UnhookWindowsHookEx
0x4a74c8 TranslateMessage
0x4a74d0 TrackPopupMenu
0x4a74d8 ShowWindow
0x4a74dc ShowScrollBar
0x4a74e0 ShowOwnedPopups
0x4a74e4 ShowCursor
0x4a74e8 SetWindowsHookExA
0x4a74ec SetWindowPos
0x4a74f0 SetWindowPlacement
0x4a74f4 SetWindowLongA
0x4a74f8 SetTimer
0x4a74fc SetScrollRange
0x4a7500 SetScrollPos
0x4a7504 SetScrollInfo
0x4a7508 SetRect
0x4a750c SetPropA
0x4a7510 SetParent
0x4a7514 SetMenuItemInfoA
0x4a7518 SetMenu
0x4a751c SetForegroundWindow
0x4a7520 SetFocus
0x4a7524 SetCursor
0x4a7528 SetClassLongA
0x4a752c SetCapture
0x4a7530 SetActiveWindow
0x4a7534 SendMessageA
0x4a7538 ScrollWindow
0x4a753c ScreenToClient
0x4a7540 RemovePropA
0x4a7544 RemoveMenu
0x4a7548 ReleaseDC
0x4a754c ReleaseCapture
0x4a7558 RegisterClassA
0x4a755c RedrawWindow
0x4a7560 PtInRect
0x4a7564 PostQuitMessage
0x4a7568 PostMessageA
0x4a756c PeekMessageA
0x4a7570 OffsetRect
0x4a7574 OemToCharBuffA
0x4a7578 OemToCharA
0x4a757c MessageBoxA
0x4a7580 MapWindowPoints
0x4a7584 MapVirtualKeyA
0x4a7588 LoadStringA
0x4a758c LoadKeyboardLayoutA
0x4a7590 LoadIconA
0x4a7594 LoadCursorA
0x4a7598 LoadBitmapA
0x4a759c KillTimer
0x4a75a0 IsZoomed
0x4a75a4 IsWindowVisible
0x4a75a8 IsWindowEnabled
0x4a75ac IsWindow
0x4a75b0 IsRectEmpty
0x4a75b4 IsIconic
0x4a75b8 IsDialogMessageA
0x4a75bc IsChild
0x4a75c0 InvalidateRect
0x4a75c4 IntersectRect
0x4a75c8 InsertMenuItemA
0x4a75cc InsertMenuA
0x4a75d0 InflateRect
0x4a75d8 GetWindowTextA
0x4a75dc GetWindowRect
0x4a75e0 GetWindowPlacement
0x4a75e4 GetWindowLongA
0x4a75e8 GetWindowDC
0x4a75ec GetTopWindow
0x4a75f0 GetSystemMetrics
0x4a75f4 GetSystemMenu
0x4a75f8 GetSysColorBrush
0x4a75fc GetSysColor
0x4a7600 GetSubMenu
0x4a7604 GetScrollRange
0x4a7608 GetScrollPos
0x4a760c GetScrollInfo
0x4a7610 GetPropA
0x4a7614 GetParent
0x4a7618 GetWindow
0x4a761c GetMessageTime
0x4a7620 GetMenuStringA
0x4a7624 GetMenuState
0x4a7628 GetMenuItemInfoA
0x4a762c GetMenuItemID
0x4a7630 GetMenuItemCount
0x4a7634 GetMenu
0x4a7638 GetLastActivePopup
0x4a763c GetKeyboardState
0x4a7644 GetKeyboardLayout
0x4a7648 GetKeyState
0x4a764c GetKeyNameTextA
0x4a7650 GetIconInfo
0x4a7654 GetForegroundWindow
0x4a7658 GetFocus
0x4a765c GetDesktopWindow
0x4a7660 GetDCEx
0x4a7664 GetDC
0x4a7668 GetCursorPos
0x4a766c GetCursor
0x4a7670 GetClipboardData
0x4a7674 GetClientRect
0x4a7678 GetClassNameA
0x4a767c GetClassInfoA
0x4a7680 GetCapture
0x4a7684 GetActiveWindow
0x4a7688 FrameRect
0x4a768c FindWindowA
0x4a7690 FillRect
0x4a7694 EqualRect
0x4a7698 EnumWindows
0x4a769c EnumThreadWindows
0x4a76a0 EndPaint
0x4a76a4 EnableWindow
0x4a76a8 EnableScrollBar
0x4a76ac EnableMenuItem
0x4a76b0 DrawTextA
0x4a76b4 DrawMenuBar
0x4a76b8 DrawIconEx
0x4a76bc DrawIcon
0x4a76c0 DrawFrameControl
0x4a76c4 DrawEdge
0x4a76c8 DispatchMessageA
0x4a76cc DestroyWindow
0x4a76d0 DestroyMenu
0x4a76d4 DestroyIcon
0x4a76d8 DestroyCursor
0x4a76dc DeleteMenu
0x4a76e0 DefWindowProcA
0x4a76e4 DefMDIChildProcA
0x4a76e8 DefFrameProcA
0x4a76ec CreatePopupMenu
0x4a76f0 CreateMenu
0x4a76f4 CreateIcon
0x4a76f8 ClientToScreen
0x4a76fc CheckMenuItem
0x4a7700 CallWindowProcA
0x4a7704 CallNextHookEx
0x4a7708 BeginPaint
0x4a770c CharNextA
0x4a7710 CharLowerBuffA
0x4a7714 CharLowerA
0x4a7718 CharUpperBuffA
0x4a771c CharToOemBuffA
0x4a7720 CharToOemA
0x4a7724 AdjustWindowRectEx
Library kernel32.dll:
0x4a7730 Sleep
Library oleaut32.dll:
0x4a7738 SafeArrayPtrOfIndex
0x4a773c SafeArrayPutElement
0x4a7740 SafeArrayGetElement
0x4a7748 SafeArrayAccessData
0x4a774c SafeArrayGetUBound
0x4a7750 SafeArrayGetLBound
0x4a7754 SafeArrayCreate
0x4a7758 VariantChangeType
0x4a775c VariantCopyInd
0x4a7760 VariantCopy
0x4a7764 VariantClear
0x4a7768 VariantInit
Library ole32.dll:
0x4a7774 IsAccelerator
0x4a7778 OleDraw
0x4a7780 CoTaskMemFree
0x4a7784 ProgIDFromCLSID
0x4a7788 StringFromCLSID
0x4a778c CoCreateInstance
0x4a7790 CoGetClassObject
0x4a7794 CoUninitialize
0x4a7798 CoInitialize
0x4a779c IsEqualGUID
Library oleaut32.dll:
0x4a77a4 GetErrorInfo
0x4a77a8 GetActiveObject
0x4a77ac SysFreeString
Library comctl32.dll:
0x4a77bc ImageList_Write
0x4a77c0 ImageList_Read
0x4a77d0 ImageList_DragMove
0x4a77d4 ImageList_DragLeave
0x4a77d8 ImageList_DragEnter
0x4a77dc ImageList_EndDrag
0x4a77e0 ImageList_BeginDrag
0x4a77e4 ImageList_Remove
0x4a77e8 ImageList_DrawEx
0x4a77ec ImageList_Draw
0x4a77fc ImageList_Add
0x4a7804 ImageList_Destroy
0x4a7808 ImageList_Create
0x4a780c InitCommonControls

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.