5.8
高危
62 个模型检测该样本为恶意!
重新分析
更多

25c04ea89771e359b8692969c471a7167d53d006a5e90e93b9a245d2e9fe75eb

e34a9aa228c5379fa3432efa0b8a991b.exe

分析耗时

88s

最近分析

文件大小

1.2MB
静态报毒 动态报毒 AI SCORE=84 AIDETECTVM ANSERIN AVADDONCRYPT BSCOPE CLASSIC CONFIDENCE DANGEROUSSIG EHLS ELDORADO ENCPK ET3XQXALWLS GEN4 GENCIRC GENETIC GENKRYPTIK GRAYWARE HFIC HIDC HIGH CONFIDENCE HLMSWU INVALIDSIG KCLOUD KRYPTIK KV1@AMXHXXHK KVMH008 LOCKY MALICIOUS PE MALWARE1 MALWARE@#KN3UQ1TRQXRN PINKSBOT QAKBOT QBOT QVM20 R + MAL R339522 RANSOMWARE RAZY SCORE STATIC AI UNSAFE ZEXAF ZPACK 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee W32/PinkSbot-GU!E34A9AA228C5 20201211 6.0.6.653
Alibaba Ransom:Win32/AvaddonCrypt.18dbf70a 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:DangerousSig [Trj] 20201210 21.1.5827.0
Kingsoft Win32.Heur.KVMH008.a.(kcloud) 20201211 2017.9.26.565
Tencent Malware.Win32.Gencirc.10cdd26e 20201211 1.0.0.1
CrowdStrike win/malicious_confidence_80% (W) 20190702 1.0
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1619984803.247626
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619984814.184374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
This executable is signed
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section r2
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619984814.809374
__exception__
stacktrace: 
e34a9aa228c5379fa3432efa0b8a991b+0x3f07 @ 0x403f07
e34a9aa228c5379fa3432efa0b8a991b+0x1b25 @ 0x401b25
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 6327568
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: e34a9aa228c5379fa3432efa0b8a991b+0x3449
exception.instruction: in eax, dx
exception.module: e34a9aa228c5379fa3432efa0b8a991b.exe
exception.exception_code: 0xc0000096
exception.offset: 13385
exception.address: 0x403449
success 0 0
1619984814.809374
__exception__
stacktrace: 
e34a9aa228c5379fa3432efa0b8a991b+0x3f10 @ 0x403f10
e34a9aa228c5379fa3432efa0b8a991b+0x1b25 @ 0x401b25
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637628
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 6327568
registers.ecx: 20
exception.instruction_r: ed 89 45 e4 5a 59 5b 58 83 4d fc ff eb 11 33 c0
exception.symbol: e34a9aa228c5379fa3432efa0b8a991b+0x34e2
exception.instruction: in eax, dx
exception.module: e34a9aa228c5379fa3432efa0b8a991b.exe
exception.exception_code: 0xc0000096
exception.offset: 13538
exception.address: 0x4034e2
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1619984802.622626
NtAllocateVirtualMemory
process_identifier: 3064
region_size: 225280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02180000
success 0 0
1619984802.637626
NtAllocateVirtualMemory
process_identifier: 3064
region_size: 221184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x021c0000
success 0 0
1619984802.637626
NtProtectVirtualMemory
process_identifier: 3064
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 237568
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619984814.169374
NtAllocateVirtualMemory
process_identifier: 1164
region_size: 225280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00530000
success 0 0
1619984814.169374
NtAllocateVirtualMemory
process_identifier: 1164
region_size: 221184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00570000
success 0 0
1619984814.169374
NtProtectVirtualMemory
process_identifier: 1164
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 237568
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619984803.950626
CreateProcessInternalW
thread_identifier: 600
thread_handle: 0x00000158
process_identifier: 1164
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\e34a9aa228c5379fa3432efa0b8a991b.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x0000015c
inherit_handles: 0
success 1 0
Expresses interest in specific running processes (1 个事件)
process vboxservice.exe
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Detects VMWare through the in instruction feature (1 个事件)
Time & API Arguments Status Return Repeated
1619984814.809374
__exception__
stacktrace: 
e34a9aa228c5379fa3432efa0b8a991b+0x3f07 @ 0x403f07
e34a9aa228c5379fa3432efa0b8a991b+0x1b25 @ 0x401b25
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 6327568
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: e34a9aa228c5379fa3432efa0b8a991b+0x3449
exception.instruction: in eax, dx
exception.module: e34a9aa228c5379fa3432efa0b8a991b.exe
exception.exception_code: 0xc0000096
exception.offset: 13385
exception.address: 0x403449
success 0 0
File has been identified by 62 AntiVirus engines on VirusTotal as malicious (50 out of 62 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Razy.679239
FireEye Generic.mg.e34a9aa228c5379f
Qihoo-360 Generic/HEUR/QVM20.1.B6D0.Malware.Gen
McAfee W32/PinkSbot-GU!E34A9AA228C5
Cylance Unsafe
Zillya Trojan.Qbot.Win32.8246
Sangfor Malware
K7AntiVirus Trojan ( 0056827b1 )
Alibaba Ransom:Win32/AvaddonCrypt.18dbf70a
K7GW Trojan ( 0056827b1 )
Cybereason malicious.5b4431
Arcabit Trojan.Razy.DA5D47
Cyren W32/Trojan.DZW.gen!Eldorado
Symantec Trojan.Anserin
APEX Malicious
Avast Win32:DangerousSig [Trj]
ClamAV Win.Ransomware.Locky-9779179-0
Kaspersky HEUR:Trojan-Banker.Win32.Qbot.pef
BitDefender Gen:Variant.Razy.679239
NANO-Antivirus Trojan.Win32.QakBot.hlmswu
Paloalto generic.ml
Rising Trojan.Kryptik!1.C745 (CLASSIC)
Ad-Aware Gen:Variant.Razy.679239
Emsisoft Gen:Variant.Razy.679239 (B)
Comodo Malware@#kn3uq1trqxrn
F-Secure Trojan.TR/Crypt.ZPACK.Gen4
DrWeb Trojan.QakBot.10
VIPRE Trojan.Win32.Generic!BT
TrendMicro Backdoor.Win32.QAKBOT.SME
McAfee-GW-Edition W32/PinkSbot-GU!E34A9AA228C5
Sophos Mal/Generic-R + Mal/EncPk-APV
Ikarus Trojan-Banker.QakBot
Jiangmin Trojan.Banker.Qbot.qh
Webroot W32.Trojan.Qakbot
Avira TR/Crypt.ZPACK.Gen4
Antiy-AVL GrayWare/Win32.Kryptik.ehls
Kingsoft Win32.Heur.KVMH008.a.(kcloud)
Gridinsoft Trojan.Win32.Kryptik.dd!n
Microsoft Ransom:Win32/AvaddonCrypt.SO!MTB
ZoneAlarm HEUR:Trojan-Banker.Win32.Qbot.pef
GData Gen:Variant.Razy.679239
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.RL_Generic.R339522
Acronis suspicious
BitDefenderTheta Gen:NN.ZexaF.34670.kv1@amXHXxhk
ALYac Gen:Variant.Razy.679239
MAX malware (ai score=84)
VBA32 BScope.Trojan.Inject
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.110:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-06-05 17:24:58

Imports

Library KERNEL32.dll:
0x418a90 GetLastError
0x418a94 Sleep
0x418a98 LoadLibraryA
0x418a9c GetProcAddress
0x418aa0 GetModuleHandleW
0x418aa4 IsValidLocale
0x418aa8 GetOverlappedResult
0x418aac CommConfigDialogW
0x418ab0 lstrcmpiA
0x418ab4 WriteConsoleOutputA
0x418abc SetHandleCount
0x418ac4 GlobalGetAtomNameW
0x418ad0 CompareStringW
0x418ae0 GetProfileIntA
0x418ae4 Process32FirstW
0x418af0 GetVersion
0x418af4 GetModuleHandleA
0x418af8 MultiByteToWideChar
0x418afc GetVersionExW
0x418b00 CreateFileW
0x418b04 WriteFile
0x418b0c GetSystemTime
0x418b10 GetCurrentProcessId
0x418b14 FindNextFileW
0x418b18 FindClose
0x418b24 FindFirstFileW
0x418b28 GlobalMemoryStatus
0x418b2c GetCurrentThreadId
0x418b38 CloseHandle
0x418b3c CreateProcessW
0x418b40 WaitForSingleObject
0x418b44 CreateFileMappingA
0x418b48 MapViewOfFile
0x418b4c UnmapViewOfFile
0x418b54 GetStdHandle
0x418b58 GetFileType
0x418b60 PeekNamedPipe
0x418b64 ReadFile
0x418b68 GetTickCount
0x418b6c GetVersionExA
0x418b70 SleepEx
0x418b84 FormatMessageA
0x418b88 SetLastError
0x418b8c FormatMessageW
0x418b90 LocalFree
0x418b94 OutputDebugStringW
0x418b98 FreeLibrary
0x418b9c LoadLibraryW
0x418ba0 GetCurrentThread
0x418ba4 SuspendThread
0x418ba8 MulDiv
0x418bac MoveFileExW
0x418bb0 GetModuleFileNameW
0x418bb4 SetErrorMode
0x418bb8 WideCharToMultiByte
0x418bc4 CreateMutexW
0x418bc8 ReleaseMutex
0x418bcc CreateSemaphoreW
0x418bd0 ReleaseSemaphore
0x418bd4 TlsSetValue
0x418bd8 ExitProcess
0x418bdc SetThreadPriority
0x418be0 ResumeThread
0x418be4 TlsGetValue
0x418be8 TlsFree
0x418bec TlsAlloc
0x418bf0 FindResourceW
0x418bf4 GetCPInfo
0x418bf8 IsValidCodePage
0x418bfc TerminateProcess
0x418c00 SizeofResource
0x418c04 LockResource
0x418c08 LoadResource
0x418c0c GetFileAttributesW
0x418c10 GetTempPathW
0x418c14 GetFileTime
0x418c18 GetFileSize
0x418c1c GetTempFileNameW
0x418c20 CopyFileW
0x418c28 GetACP
0x418c2c GetUserDefaultLCID
0x418c30 GetLocaleInfoW
0x418c34 SetThreadLocale
0x418c38 RaiseException
0x418c3c SetEvent
0x418c40 CreateThread
0x418c44 IsBadReadPtr
0x418c48 IsBadStringPtrA
0x418c50 GetCommandLineW
0x418c54 FreeConsole
0x418c60 WriteConsoleA
0x418c64 WriteConsoleW
0x418c70 GlobalUnlock
0x418c74 GlobalAlloc
0x418c78 GlobalSize
0x418c7c GlobalLock
0x418c80 HeapSize
0x418c84 GetProcessHeap
0x418c88 GlobalFree
0x418c8c InterlockedExchange
0x418c90 EncodePointer
0x418c94 DecodePointer
0x418c98 HeapFree
0x418c9c HeapAlloc
0x418ca0 HeapReAlloc
0x418ca4 GetCommandLineA
0x418ca8 HeapSetInformation
0x418cac GetStartupInfoW
0x418cb0 RtlUnwind
0x418cb4 ExitThread
0x418cc4 SetFilePointer
0x418cc8 GetDriveTypeA
0x418ccc FindFirstFileExA
0x418cd4 CreateFileA
0x418cdc ReadConsoleInputA
0x418ce0 SetConsoleMode
0x418ce4 GetConsoleMode
0x418ce8 GetTimeFormatW
0x418cec GetDateFormatW
0x418cf0 DeleteFileW
0x418cf4 GetConsoleCP
0x418cf8 FlushFileBuffers
0x418cfc SetStdHandle
0x418d04 MoveFileW
0x418d08 RemoveDirectoryW
0x418d0c CreateDirectoryW
0x418d10 GetFullPathNameW
0x418d14 LCMapStringW
0x418d20 IsDebuggerPresent
0x418d24 HeapCreate
0x418d34 GetOEMCP
0x418d38 GetFullPathNameA
0x418d3c GetExitCodeProcess
0x418d40 SetEndOfFile
0x418d44 GetStringTypeW
0x418d50 GetDriveTypeW
0x418d54 GetLocaleInfoA
0x418d58 EnumSystemLocalesA
0x418d5c GetModuleFileNameA
0x418d60 GetCurrentProcess
0x418d68 GetSystemDirectoryW
0x418d6c lstrlenW
0x418d70 SetFileTime
0x418d7c SetFileAttributesW
0x418d80 LocalAlloc
0x418d84 lstrcmpW
0x418d88 WriteProcessMemory
0x418d90 VirtualProtect
0x418d94 VirtualFree
0x418d98 VirtualAlloc
0x418d9c TerminateThread
0x418da4 HeapDestroy
0x418da8 GlobalHandle
0x418dac GetSystemInfo
0x418db4 GetLocalTime
0x418db8 GetComputerNameW
0x418dc8 CreateFileMappingW
0x418dd0 VirtualQuery
0x418dd4 lstrcpynW
0x418dd8 LoadLibraryExW
0x418ddc GetThreadLocale
0x418de0 GetStartupInfoA
0x418de4 lstrcpyW
0x418dec VirtualQueryEx
0x418df0 SwitchToThread
0x418df4 SignalObjectAndWait
0x418df8 ResetEvent
0x418dfc GlobalFindAtomW
0x418e00 GlobalDeleteAtom
0x418e04 GlobalAddAtomW
0x418e0c GetShortPathNameW
0x418e10 GetExitCodeThread
0x418e14 GetDiskFreeSpaceW
0x418e18 FreeResource
0x418e1c EnumCalendarInfoA
0x418e20 CreateEventW
0x418e24 lstrcpynA
0x418e28 GetSystemDirectoryA
0x418e2c lstrlenA
0x418e30 GetShortPathNameA
0x418e38 IsDBCSLeadByte
0x418e3c CreateDirectoryA
0x418e40 DeleteFileA
0x418e44 SetFileAttributesA
0x418e48 GetFileAttributesA
0x418e4c lstrcmpA
0x418e54 CopyFileA
0x418e58 CreateDirectoryExA
0x418e5c CreateProcessA
0x418e60 FindNextFileA
0x418e64 FindFirstFileA
0x418e74 LCMapStringA
0x418e78 GetStringTypeA
0x418e84 OpenProcess
Library USER32.dll:
0x418e94 CreatePopupMenu
0x418e98 CloseClipboard
0x418e9c AnyPopup
0x418ea0 CreateMenu
0x418ea8 EndMenu
0x418eac LoadCursorFromFileW
0x418eb0 GetWindowDC
0x418eb8 IsCharLowerW
0x418ebc LoadCursorFromFileA
0x418ec0 LoadIconW
0x418ec4 MessageBoxW
0x418ec8 GetScrollInfo
0x418ecc SetScrollInfo
0x418ed0 EnableScrollBar
0x418ed4 ScrollWindow
0x418ed8 GetParent
0x418edc WindowFromPoint
0x418ee0 SetParent
0x418ee4 RedrawWindow
0x418ee8 ScreenToClient
0x418eec ClientToScreen
0x418ef0 IsWindowVisible
0x418ef4 IsWindowEnabled
0x418ef8 GetMessageTime
0x418efc GetActiveWindow
0x418f00 GetWindow
0x418f08 UnhookWindowsHookEx
0x418f0c CallNextHookEx
0x418f10 TrackPopupMenu
0x418f14 CallWindowProcW
0x418f18 IsDialogMessageW
0x418f1c InvalidateRect
0x418f20 FillRect
0x418f24 IsWindow
0x418f28 SetWindowTextW
0x418f2c GetSysColor
0x418f30 GetClientRect
0x418f34 SetFocus
0x418f38 ReleaseCapture
0x418f3c SetCursorPos
0x418f40 UpdateWindow
0x418f44 MoveWindow
0x418f48 DeferWindowPos
0x418f4c GetWindowRect
0x418f50 GetUpdateRgn
0x418f54 MapWindowPoints
0x418f58 BeginDeferWindowPos
0x418f5c EndDeferWindowPos
0x418f64 GetMenuItemInfoW
0x418f68 GetMenuItemCount
0x418f6c SetWindowsHookExW
0x418f70 RegisterHotKey
0x418f74 UnregisterHotKey
0x418f78 PtInRect
0x418f7c InflateRect
0x418f80 SetMenu
0x418f84 CreateIconIndirect
0x418f88 BringWindowToTop
0x418f8c IsIconic
0x418f90 SetForegroundWindow
0x418f94 IsZoomed
0x418f98 FlashWindow
0x418fa0 GetWindowPlacement
0x418fa4 DrawMenuBar
0x418fa8 EnableMenuItem
0x418fac GetSystemMenu
0x418fb0 CreateDialogParamW
0x418fb4 GetDlgItem
0x418fb8 SetWindowRgn
0x418fbc LoadImageW
0x418fc0 MessageBeep
0x418fc4 GetClassNameW
0x418fc8 GetWindowTextW
0x418fcc DestroyCursor
0x418fd0 BeginPaint
0x418fd4 EndPaint
0x418fe0 GetDoubleClickTime
0x418fe4 DrawFrameControl
0x418fe8 OffsetRect
0x418fec DrawIconEx
0x418ff0 SetCapture
0x418ff4 DrawTextW
0x418ff8 CopyRect
0x418ffc DrawStateW
0x419000 SetRectEmpty
0x419004 DrawFocusRect
0x419008 GetMenuState
0x41900c GetSysColorBrush
0x419010 CheckMenuItem
0x419014 CheckMenuRadioItem
0x419018 ShowWindow
0x41901c SetRect
0x419020 DrawEdge
0x41902c DestroyMenu
0x419030 GetSubMenu
0x419034 InsertMenuW
0x419038 InsertMenuItemW
0x41903c RemoveMenu
0x419040 ModifyMenuW
0x419044 AppendMenuW
0x419048 HideCaret
0x41904c keybd_event
0x419050 FindWindowExW
0x419060 UnionRect
0x419064 IsRectEmpty
0x419068 ValidateRgn
0x419074 GetDialogBaseUnits
0x419078 wsprintfW
0x41907c ShowCursor
0x419080 AdjustWindowRectEx
0x41908c DdeDisconnect
0x419090 DdeInitializeW
0x419094 DdeGetLastError
0x419098 DdeCreateDataHandle
0x41909c DdeGetData
0x4190a0 DdeFreeDataHandle
0x4190a4 DdeQueryStringW
0x4190a8 DdeUninitialize
0x4190ac DdeFreeStringHandle
0x4190b0 LoadCursorW
0x4190b4 SetCursor
0x4190bc GetMessageW
0x4190c0 DispatchMessageW
0x4190c4 SetTimer
0x4190c8 KillTimer
0x4190cc PeekMessageW
0x4190d0 DestroyWindow
0x4190d4 DefWindowProcW
0x4190d8 UnregisterClassW
0x4190dc RegisterClassW
0x4190e0 PostMessageW
0x4190e4 CreateWindowExW
0x4190e8 PostThreadMessageW
0x4190ec ValidateRect
0x4190f0 SetWindowPos
0x4190f4 GetFocus
0x4190f8 EnableWindow
0x4190fc SetWindowLongW
0x419100 GetWindowLongW
0x419104 GetAsyncKeyState
0x419108 SetActiveWindow
0x41910c VkKeyScanW
0x419110 MapVirtualKeyW
0x419114 TranslateMessage
0x419118 PostQuitMessage
0x41911c GetMessagePos
0x419120 GetIconInfo
0x419124 LoadBitmapW
0x419128 GetKeyState
0x41912c DestroyIcon
0x419130 DdePostAdvise
0x419134 MessageBoxA
0x419138 GetDesktopWindow
0x419144 GetCapture
0x419148 GetCursorPos
0x41914c SendMessageA
0x419150 FindWindowA
0x419154 GetSystemMetrics
0x419158 ReleaseDC
0x41915c GetDC
0x419164 SendMessageTimeoutW
0x419168 SendMessageW
0x41916c FindWindowW
0x419170 DdeConnect
0x419174 SetMenuItemInfoW
0x419178 DdeNameService
Library GDI32.dll:
0x419180 GetBkColor
0x419184 DeleteObject
0x419188 GetTextColor
0x41918c AbortPath
0x419190 CreateMetaFileA
0x419194 GetFontLanguageInfo
0x419198 GetBkMode
0x41919c CreateMetaFileW
0x4191a0 CancelDC
0x4191a4 GetEnhMetaFileA
0x4191a8 GetGraphicsMode
0x4191ac GetLayout
0x4191b0 RealizePalette
0x4191b4 CreateCompatibleDC
0x4191b8 GetObjectType
0x4191c0 CreatePatternBrush
0x4191c4 GetStockObject
0x4191c8 SaveDC
0x4191cc DeleteDC
0x4191d0 GetSystemPaletteUse
0x4191d4 GetDCPenColor
0x4191d8 GetEnhMetaFileW
0x4191dc BeginPath
0x4191e0 WidenPath
0x4191e4 GetStretchBltMode
0x4191e8 CloseMetaFile
0x4191ec EndPath
0x4191f0 FillPath
0x4191f4 GdiGetBatchLimit
0x4191f8 PathToRegion
0x4191fc SwapBuffers
0x419200 AddFontResourceW
0x419204 FlattenPath
0x419208 AddFontResourceA
0x41920c GetPixelFormat
0x419210 GetTextCharset
0x419214 GdiFlush
0x419218 AbortDoc
0x41921c GetTextAlign
0x419220 GetMapMode
0x419224 EndPage
0x419228 DeleteColorSpace
0x41922c EndDoc
0x419230 DeleteMetaFile
0x419234 CreateSolidBrush
0x419238 UpdateColors
0x41923c UnrealizeObject
0x419240 GetPolyFillMode
0x419244 DeleteEnhMetaFile
0x41924c CloseEnhMetaFile
0x419250 CloseFigure
0x419254 GetDCBrushColor
0x419258 GetColorSpace
0x41925c GetROP2
0x419260 SetMetaRgn
0x419264 StrokePath
0x41926c SetDIBColorTable
0x419270 GdiEntry8
0x419274 FontIsLinked
0x419278 EngCreateSemaphore
0x41927c OffsetViewportOrgEx
0x419280 SetTextColor
0x41928c EngStretchBltROP
0x419290 GdiEndPageEMF
0x419294 OffsetRgn
0x419298 EngLockSurface
0x41929c SetLayoutWidth
0x4192a0 GdiPlayScript
0x4192a4 Rectangle
0x4192b0 GetCharWidthA
0x4192b4 GdiSwapBuffers
0x4192b8 SetWorldTransform
0x4192bc GetPixel
0x4192c0 GdiCleanCacheDC
0x4192c4 ExtCreatePen
0x4192c8 GetWorldTransform
0x4192cc ResetDCW
0x4192d4 GetTextExtentPointI
0x4192d8 GdiEntry14
0x4192dc CreateEllipticRgn
0x4192e0 EngCheckAbort
0x4192e8 CreateICA
0x4192ec SetBitmapBits
0x4192f0 GdiQueryFonts
0x4192f8 CreateICW
0x4192fc SetTextAlign
0x419308 GetPaletteEntries
0x419310 CreatePalette
0x419314 CreatePen
0x419318 CreateHatchBrush
0x41931c EnumFontFamiliesExW
0x419320 Polyline
0x419324 SetROP2
0x419328 SetViewportOrgEx
0x41932c SetPixel
0x419330 PolyBezier
0x419334 SetWindowOrgEx
0x419338 PlayEnhMetaFile
0x41933c SetAbortProc
0x419340 StartDocW
0x419344 StartPage
0x419348 CreateDCW
0x419350 CreateEnhMetaFileW
0x419354 GetClipBox
0x419358 CreateFontIndirectW
0x41935c SetBkMode
0x419360 StretchBlt
0x419364 MoveToEx
0x419368 SetWindowExtEx
0x41936c SetViewportExtEx
0x419370 SetMapMode
0x419374 SelectClipRgn
0x419378 SetStretchBltMode
0x41937c ExtSelectClipRgn
0x419380 ExtFloodFill
0x419384 Arc
0x419388 Pie
0x41938c Polygon
0x419390 LineTo
0x419394 GetRegionData
0x419398 ExtCreateRegion
0x41939c SetBkColor
0x4193a0 CreateBitmap
0x4193a4 GetObjectW
0x4193a8 ExcludeClipRect
0x4193ac SetBrushOrgEx
0x4193b0 CreateRectRgn
0x4193b4 SelectPalette
0x4193b8 GetTextMetricsW
0x4193c0 GetCharABCWidthsW
0x4193c4 CombineRgn
0x4193c8 RectInRegion
0x4193cc PtInRegion
0x4193d0 EqualRgn
0x4193d4 GetRgnBox
0x4193d8 GetDIBColorTable
0x4193dc CreateDIBitmap
0x4193e0 GetDIBits
0x4193e4 CreateDIBSection
0x4193ec StretchDIBits
0x4193f0 ExtTextOutW
0x4193f4 MaskBlt
0x4193f8 Ellipse
0x4193fc RoundRect
0x419400 PolyPolygon
0x419404 SetPolyFillMode
0x419408 GetDeviceCaps
0x41940c BitBlt
0x419410 SelectObject
Library COMDLG32.dll:
0x41941c PageSetupDlgW
0x419420 PrintDlgW
0x419424 ChooseFontW
0x419428 GetSaveFileNameW
0x41942c GetOpenFileNameW
Library ADVAPI32.dll:
0x419438 GetUserNameA
0x41943c RegOpenKeyA
0x419440 RegQueryValueExA
0x419444 FreeSid
0x419448 RegOpenKeyExW
0x41944c RegCloseKey
0x419450 RegEnumValueW
0x419454 RegSetValueExW
0x419458 RegCreateKeyExW
0x41945c RegQueryValueExW
0x419460 RegDeleteValueW
0x419464 RegEnumKeyW
0x419468 RegDeleteKeyW
0x41946c GetUserNameW
0x419474 ReportEventA
Library SHELL32.dll:
0x419480 SHFileOperation
0x419484 SHGetDesktopFolder
0x419488 SHFileOperationW
0x419490 SHBrowseForFolderA
0x419494 WOWShellExecute
0x419498 FindExecutableW
0x41949c SHFormatDrive
0x4194a0 ShellAboutW
0x4194a8 ExtractIconW
0x4194ac SHGetFileInfoW
0x4194b0 DragFinish
0x4194b4 SHGetMalloc
0x4194b8 DragQueryFileW
0x4194bc ExtractIconExW
0x4194c0 ShellExecuteExW
0x4194c8 DragAcceptFiles
0x4194cc DragQueryPoint
Library ole32.dll:
0x4194d8 OleGetClipboard
0x4194dc OleFlushClipboard
0x4194e4 OleSetClipboard
0x4194ec RegisterDragDrop
0x4194f0 RevokeDragDrop
0x4194f4 CoTaskMemAlloc
0x4194f8 ReleaseStgMedium
0x4194fc OleInitialize
0x419500 OleUninitialize
0x419504 CoCreateInstance
0x419508 CoCreateGuid
0x41950c OleLockRunning
0x419510 OleRun
Library SHLWAPI.dll:
0x41951c StrChrIA
Library COMCTL32.dll:
0x41952c ImageList_Create
0x419530 ImageList_Add
0x419538 ImageList_Replace
0x41953c ImageList_Remove
0x419540 ImageList_Draw
0x41954c ImageList_BeginDrag
0x419550 ImageList_DragMove
0x419554 ImageList_DragEnter
0x419558 ImageList_DragLeave
0x41955c ImageList_EndDrag
0x419560 ImageList_Destroy

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 62912 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.