8.2
高危
44 个模型检测该样本为恶意!
重新分析
更多

a66d1021e54269963e9a54892869d569ffa1c74d9fb1b67f023ea5fdfd90c1a6

e8ac867e5f51bdcf5ab7b06a8bced131.exe

分析耗时

87s

最近分析

文件大小

3.3MB
静态报毒 动态报毒 AI SCORE=82 ARTEMIS ATTRIBUTE BTAP CONFIDENCE FARFLI GDSDA GENERIC@ML GENERICKD HIGH CONFIDENCE HIGHCONFIDENCE HTBWUY LZ+AXYVPIYC1C6A7V0FUZG MALWARE@#2YYYSG06W7QT2 MWDX R03BC0DH620 RDML TJ0@AOWELJEJ UNSAFE ZEGOST ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Backdoor:Win32/Farfli.f7186ecd 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201011 18.4.3895.0
Kingsoft 20201011 2013.8.14.323
McAfee Artemis!E8AC867E5F51 20201011 6.0.6.653
静态指标
This executable has a PDB path (1 个事件)
pdb_path E:\MY收藏源码\VC6.0封装\0_jieya - 下载 - 无启动\Debug\jieya.pdb
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619973483.934876
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 个事件)
section .textbss
section .didat
The executable uses a known packer (1 个事件)
packer Microsoft Visual C++ V8.0 (Debug)
行为判定
动态指标
Foreign language identified in PE resource (50 out of 54 个事件)
name RT_CURSOR language LANG_CHINESE offset 0x0041ed28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0041ed28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0041ed28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0041ed28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0041ed28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0041ed28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0041ed28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0041ed28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0041ed28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0041ed28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0041ed28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0041ed28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0041ed28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0041ed28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0041ed28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0041ed28 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_BITMAP language LANG_CHINESE offset 0x0041f050 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x0041f050 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x0041f050 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_ICON language LANG_CHINESE offset 0x0041c458 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000010a8
name RT_DIALOG language LANG_CHINESE offset 0x0041ef60 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x0041ef60 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x0041ef60 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x0041ef60 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_STRING language LANG_CHINESE offset 0x0041faf0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x0041faf0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x0041faf0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x0041faf0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x0041faf0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x0041faf0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x0041faf0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x0041faf0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x0041faf0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x0041faf0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x0041faf0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x0041faf0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_STRING language LANG_CHINESE offset 0x0041faf0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000030
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x0041ee60 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x0041ee60 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x0041ee60 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x0041ee60 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x0041ee60 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x0041ee60 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x0041ee60 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x0041ee60 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x0041ee60 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x0041ee60 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x0041ee60 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x0041ee60 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x0041ee60 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
Creates executable files on the filesystem (2 个事件)
file C:\Users\Public\Documents\djbsul\libceo.dll
file C:\Users\Public\Documents\djbsul\CefRender.exe
Creates hidden or system file (1 个事件)
Time & API Arguments Status Return Repeated
1619973483.371876
SetFileAttributesW
file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: C:\Users\Public\Documents\djbsul
filepath: C:\Users\Public\Documents\djbsul
success 1 0
Drops a binary and executes it (1 个事件)
file C:\Users\Public\Documents\djbsul\CefRender.exe
A process created a hidden window (2 个事件)
Time & API Arguments Status Return Repeated
1619973483.981876
ShellExecuteExW
parameters:
filepath: C:\Users\Public\Documents\djbsul\123.jpg
filepath_r: C:\Users\Public\Documents\djbsul\123.jpg
show_type: 0
failed 0 0
1619973484.418876
ShellExecuteExW
parameters:
filepath: C:\Users\Public\Documents\djbsul\CefRender.exe
filepath_r: C:\Users\Public\Documents\djbsul\CefRender.exe
show_type: 0
success 1 0
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1619973485.200001
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 659456
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffff
base_address: 0x00901000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.253235196575782 section {'size_of_data': '0x000eba00', 'virtual_address': '0x00323000', 'entropy': 7.253235196575782, 'name': '.data', 'virtual_size': '0x000f0834'} description A section with a high entropy has been found
entropy 0.27921789364538585 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1619973485.232001
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Generates some ICMP traffic
File has been identified by 44 AntiVirus engines on VirusTotal as malicious (44 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.43593210
FireEye Generic.mg.e8ac867e5f51bdcf
ALYac Trojan.GenericKD.43593210
Cylance Unsafe
Zillya Downloader.Agent.Win32.414408
Sangfor Malware
K7AntiVirus Trojan-Downloader ( 0056bffd1 )
Alibaba Backdoor:Win32/Farfli.f7186ecd
K7GW Trojan-Downloader ( 0056bffd1 )
CrowdStrike win/malicious_confidence_60% (W)
Arcabit Trojan.Generic.D2992DFA
Invincea Mal/Generic-S
BitDefenderTheta Gen:NN.ZexaF.34298.tJ0@aOweLjej
Cyren W32/Trojan.MWDX-4893
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Trojan-gen
Kaspersky Backdoor.Win32.Farfli.btap
BitDefender Trojan.GenericKD.43593210
NANO-Antivirus Trojan.Win32.Farfli.htbwuy
Ad-Aware Trojan.GenericKD.43593210
Emsisoft Trojan.GenericKD.43593210 (B)
Comodo Malware@#2yyysg06w7qt2
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R03BC0DH620
McAfee-GW-Edition BehavesLike.Win32.Dropper.wh
Sophos Mal/Generic-S
Ikarus Trojan-Downloader.Win32.Agent
Jiangmin Backdoor.Farfli.dxc
Microsoft Backdoor:Win32/Zegost.L
AegisLab Trojan.Win32.Farfli.m!c
ZoneAlarm Backdoor.Win32.Farfli.btap
GData Trojan.GenericKD.43593210
McAfee Artemis!E8AC867E5F51
MAX malware (ai score=82)
VBA32 Backdoor.Farfli
ESET-NOD32 a variant of Win32/TrojanDownloader.Agent.FFJ
TrendMicro-HouseCall TROJ_GEN.R03BC0DH620
Rising Trojan.Generic@ML.88 (RDML:LZ+axyvpiyc1c6A7v0fuZg)
Fortinet W32/Agent.FFJ!tr.dldr
AVG Win32:Trojan-gen
Panda Trj/GdSda.A
Qihoo-360 Win32/Backdoor.5c6
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.24.14:443
dead_host 142.250.66.110:443
dead_host 45.142.124.66:8888
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-03 21:50:34

Imports

Library KERNEL32.dll:
0x8156dc CloseHandle
0x8156e4 OpenFileMappingA
0x8156ec CompareStringW
0x8156f0 GetProcessHeap
0x8156f4 GetConsoleOutputCP
0x8156f8 WriteConsoleA
0x8156fc SetStdHandle
0x815708 GetConsoleMode
0x81570c GetConsoleCP
0x815710 GetUserDefaultLCID
0x815714 EnumSystemLocalesA
0x815718 IsValidLocale
0x81571c GetDateFormatA
0x815720 GetTimeFormatA
0x815724 GetLocaleInfoW
0x815728 GetStringTypeW
0x81572c GetStringTypeA
0x815730 GetDriveTypeA
0x815734 HeapReAlloc
0x815738 HeapSize
0x81573c HeapAlloc
0x815740 VirtualFree
0x815744 HeapFree
0x815748 HeapCreate
0x81574c HeapDestroy
0x815750 SetHandleCount
0x815768 LCMapStringW
0x81576c LCMapStringA
0x815774 IsValidCodePage
0x815778 GetACP
0x81577c LoadLibraryW
0x815784 FatalAppExitA
0x815788 OutputDebugStringW
0x81578c GetFileType
0x815790 WriteConsoleW
0x815794 OutputDebugStringA
0x815798 GetStdHandle
0x81579c DebugBreak
0x8157a0 VirtualQuery
0x8157a4 GetSystemInfo
0x8157a8 VirtualAlloc
0x8157ac ExitThread
0x8157b0 CreateThread
0x8157b4 IsBadReadPtr
0x8157b8 HeapValidate
0x8157bc GetStartupInfoA
0x8157c0 GetCommandLineA
0x8157c4 RaiseException
0x8157c8 IsDebuggerPresent
0x8157d4 TerminateProcess
0x8157dc ExitProcess
0x8157e0 RtlUnwind
0x8157e4 GetFileSizeEx
0x8157e8 FindResourceExA
0x8157ec GetDiskFreeSpaceA
0x8157f0 GetTempFileNameA
0x8157f4 GetFileTime
0x8157f8 GetModuleHandleW
0x8157fc GetOEMCP
0x815800 GetCPInfo
0x815804 GetShortPathNameA
0x815808 lstrcmpiA
0x81580c GetThreadLocale
0x815810 GetStringTypeExA
0x815814 GetFullPathNameA
0x81581c DeleteFileA
0x815820 MoveFileA
0x815824 SetEndOfFile
0x815828 UnlockFile
0x81582c LockFile
0x815830 FlushFileBuffers
0x815834 DuplicateHandle
0x81583c GetProfileIntA
0x815840 VirtualProtect
0x815844 GetAtomNameA
0x815848 TlsGetValue
0x81584c LocalReAlloc
0x815850 TlsSetValue
0x815858 GlobalReAlloc
0x815860 TlsFree
0x815864 GlobalHandle
0x81586c TlsAlloc
0x815874 LocalAlloc
0x815878 GlobalFlags
0x81587c SetErrorMode
0x815888 GetModuleFileNameW
0x81588c lstrlenW
0x815890 GlobalSize
0x815894 FormatMessageA
0x815898 LocalFree
0x81589c FindNextFileA
0x8158a0 MulDiv
0x8158a4 ResumeThread
0x8158a8 GetThreadPriority
0x8158ac SetThreadPriority
0x8158b0 lstrcmpW
0x8158b4 GlobalGetAtomNameA
0x8158b8 GlobalFindAtomA
0x8158bc GetVersionExA
0x8158cc GlobalUnlock
0x8158d0 GlobalFree
0x8158d4 FreeResource
0x8158d8 GetLastError
0x8158dc SetLastError
0x8158e0 GetCurrentProcessId
0x8158e4 GlobalAddAtomA
0x8158e8 CreateEventA
0x8158ec SuspendThread
0x8158f0 SetEvent
0x8158f4 WaitForSingleObject
0x8158f8 CompareStringA
0x8158fc InterlockedExchange
0x815900 GlobalLock
0x815904 GlobalAlloc
0x815908 FreeLibrary
0x81590c GlobalDeleteAtom
0x815910 lstrcmpA
0x815914 GetCurrentThread
0x815918 GetCurrentThreadId
0x81591c GetLocaleInfoA
0x815920 LoadLibraryA
0x815924 GetModuleHandleA
0x815928 GetProcAddress
0x815934 GetTickCount
0x815938 GetLocalTime
0x81593c UnmapViewOfFile
0x815940 CreateFileMappingA
0x815944 MapViewOfFile
0x81594c GetFileSize
0x815954 SetFileTime
0x815958 GetFileAttributesA
0x815968 ReadFile
0x81596c SetFilePointer
0x815970 WideCharToMultiByte
0x815974 LoadResource
0x815978 LockResource
0x81597c SizeofResource
0x815980 FindResourceA
0x815984 MultiByteToWideChar
0x815988 FindFirstFileA
0x81598c FindClose
0x815990 GetCurrentProcess
0x815994 GetModuleFileNameA
0x815998 lstrlenA
0x81599c CreateDirectoryA
0x8159a0 SetFileAttributesA
0x8159a4 CopyFileA
0x8159a8 Sleep
0x8159ac CreateFileA
0x8159b0 WriteFile
0x8159b4 OpenEventA
Library USER32.dll:
0x815c0c CharUpperA
0x815c10 UnpackDDElParam
0x815c18 SetRectEmpty
0x815c1c GetAsyncKeyState
0x815c20 WaitMessage
0x815c24 ReleaseCapture
0x815c28 DestroyMenu
0x815c2c LoadAcceleratorsA
0x815c30 CheckMenuRadioItem
0x815c3c LoadMenuIndirectA
0x815c40 LoadMenuA
0x815c44 RemoveMenu
0x815c48 ModifyMenuA
0x815c4c InsertMenuItemA
0x815c50 InsertMenuA
0x815c54 GetSubMenu
0x815c58 SetMenuItemInfoA
0x815c5c GetMenuItemInfoA
0x815c60 GetMenuStringA
0x815c64 GetMenuState
0x815c68 GetMenuItemID
0x815c6c GetMenuItemCount
0x815c70 GetMenuDefaultItem
0x815c74 SetMenuDefaultItem
0x815c78 EnableMenuItem
0x815c7c CheckMenuItem
0x815c80 AppendMenuA
0x815c84 DeleteMenu
0x815c88 IsMenu
0x815c8c CreatePopupMenu
0x815c90 CreateMenu
0x815c94 ScrollDC
0x815c98 GrayStringA
0x815ca0 DrawTextExA
0x815ca4 DrawTextA
0x815ca8 DrawFocusRect
0x815cac DrawFrameControl
0x815cb0 DrawEdge
0x815cb4 DrawStateA
0x815cb8 DrawIcon
0x815cbc InvertRect
0x815cc0 FrameRect
0x815cc4 FillRect
0x815cc8 ExcludeUpdateRgn
0x815ccc WindowFromDC
0x815cd0 GetSysColorBrush
0x815cd4 ShowWindow
0x815cd8 MoveWindow
0x815cdc SetWindowTextA
0x815ce0 IsDialogMessageA
0x815ce4 ScrollWindowEx
0x815ce8 IsDlgButtonChecked
0x815cec SetDlgItemTextA
0x815cf0 SetDlgItemInt
0x815cf4 GetDlgItemTextA
0x815cf8 GetDlgItemInt
0x815cfc CheckRadioButton
0x815d00 CheckDlgButton
0x815d04 OpenIcon
0x815d08 CloseWindow
0x815d0c LoadCursorA
0x815d10 PostThreadMessageA
0x815d18 SendNotifyMessageA
0x815d1c GetForegroundWindow
0x815d20 SetForegroundWindow
0x815d24 ShowCaret
0x815d28 HideCaret
0x815d2c SetCaretPos
0x815d30 GetCaretPos
0x815d34 CreateCaret
0x815d38 GetClipboardViewer
0x815d3c GetClipboardOwner
0x815d44 OpenClipboard
0x815d48 SetClipboardViewer
0x815d50 FlashWindow
0x815d54 WindowFromPoint
0x815d58 SetParent
0x815d5c FindWindowExA
0x815d60 FindWindowA
0x815d64 DestroyIcon
0x815d6c ShowScrollBar
0x815d70 GetNextDlgTabItem
0x815d74 GetNextDlgGroupItem
0x815d7c DlgDirSelectExA
0x815d80 DlgDirListComboBoxA
0x815d84 DlgDirListA
0x815d88 SetCapture
0x815d8c KillTimer
0x815d90 SetTimer
0x815d94 DrawCaption
0x815d98 DrawAnimatedRects
0x815d9c EnableScrollBar
0x815da0 RedrawWindow
0x815da4 LockWindowUpdate
0x815da8 GetDCEx
0x815dac ShowOwnedPopups
0x815db0 IsWindowVisible
0x815db4 ValidateRgn
0x815db8 InvalidateRgn
0x815dbc InvalidateRect
0x815dc0 GetUpdateRgn
0x815dc4 GetUpdateRect
0x815dc8 UpdateWindow
0x815dcc ReleaseDC
0x815dd0 GetWindowDC
0x815dd4 GetDC
0x815dd8 EndPaint
0x815ddc BeginPaint
0x815de0 ClientToScreen
0x815de4 BringWindowToTop
0x815de8 GetWindowRgn
0x815dec SetWindowRgn
0x815df4 IsZoomed
0x815df8 HiliteMenuItem
0x815dfc GetSystemMenu
0x815e00 DrawMenuBar
0x815e04 DragDetect
0x815e0c CreateWindowExA
0x815e10 GetClassInfoExA
0x815e14 GetClassInfoA
0x815e18 RegisterClassA
0x815e1c LoadIconA
0x815e20 SendDlgItemMessageA
0x815e24 GetClientRect
0x815e28 MapWindowPoints
0x815e2c GetSysColor
0x815e30 SetFocus
0x815e34 AdjustWindowRectEx
0x815e38 ScreenToClient
0x815e3c EqualRect
0x815e40 DeferWindowPos
0x815e44 BeginDeferWindowPos
0x815e48 CopyRect
0x815e4c EndDeferWindowPos
0x815e50 ScrollWindow
0x815e54 GetScrollInfo
0x815e58 SetScrollInfo
0x815e5c GetScrollRange
0x815e60 MessageBoxA
0x815e64 wsprintfA
0x815e68 GetSystemMetrics
0x815e6c GetDesktopWindow
0x815e70 PostQuitMessage
0x815e74 SetScrollRange
0x815e78 GetScrollPos
0x815e7c SetScrollPos
0x815e80 GetTopWindow
0x815e84 IsChild
0x815e88 GetCapture
0x815e8c WinHelpA
0x815e90 TrackPopupMenuEx
0x815e94 TrackPopupMenu
0x815e98 SetWindowPlacement
0x815ea0 GetWindowTextA
0x815ea4 GetDlgCtrlID
0x815ea8 GetClassLongA
0x815eac GetClassNameA
0x815eb0 SetPropA
0x815eb4 UnhookWindowsHookEx
0x815eb8 GetPropA
0x815ec0 ReuseDDElParam
0x815ec4 GetMenuBarInfo
0x815ec8 CharNextA
0x815ed0 MessageBeep
0x815ed4 GetKeyNameTextA
0x815ed8 MapVirtualKeyA
0x815edc CallWindowProcA
0x815ee0 RemovePropA
0x815ee4 UnregisterClassA
0x815eec InSendMessage
0x815ef4 IsRectEmpty
0x815efc MapDialogRect
0x815f00 IsWindow
0x815f08 IsWindowUnicode
0x815f0c GetMessageW
0x815f10 DispatchMessageW
0x815f14 SubtractRect
0x815f18 UnionRect
0x815f1c InflateRect
0x815f20 SetRect
0x815f24 PtInRect
0x815f28 SendMessageA
0x815f2c PostMessageA
0x815f30 TabbedTextOutA
0x815f34 GetFocus
0x815f38 SetMenuItemBitmaps
0x815f3c LoadBitmapA
0x815f44 DispatchMessageA
0x815f48 TranslateMessage
0x815f4c GetMessageA
0x815f50 ValidateRect
0x815f54 SetWindowsHookExA
0x815f58 GetCursorPos
0x815f5c PeekMessageA
0x815f60 CallNextHookEx
0x815f64 GetKeyState
0x815f68 SetCursor
0x815f70 EnableWindow
0x815f74 IsWindowEnabled
0x815f78 GetLastActivePopup
0x815f7c GetParent
0x815f80 GetWindowLongA
0x815f84 GetDlgItem
0x815f88 DestroyWindow
0x815f90 SetActiveWindow
0x815f94 GetActiveWindow
0x815f98 EndDialog
0x815fa0 GetWindow
0x815fa4 SetWindowPos
0x815fa8 GetWindowRect
0x815fac GetWindowPlacement
0x815fb0 IsIconic
0x815fb8 IntersectRect
0x815fbc OffsetRect
0x815fc0 SetWindowLongA
0x815fc4 GetMessagePos
0x815fc8 GetMessageTime
0x815fcc GetMenu
0x815fd0 SetMenu
0x815fd4 DefWindowProcA
0x815fd8 GetDialogBaseUnits
Library GDI32.dll:
0x8152e4 CreateFontA
0x8152ec SetBitmapBits
0x8152f0 GetBitmapBits
0x815304 CreatePalette
0x81530c GetPaletteEntries
0x815310 SetPaletteEntries
0x815314 AnimatePalette
0x81531c ResizePalette
0x815324 CreateEllipticRgn
0x81532c CreatePolygonRgn
0x815334 CreateRoundRectRgn
0x815338 PathToRegion
0x81533c ExtCreateRegion
0x815340 GetRegionData
0x815344 SetRectRgn
0x815348 CombineRgn
0x81534c EqualRgn
0x815350 OffsetRgn
0x815354 GetRgnBox
0x815358 PtInRegion
0x81535c RectInRegion
0x815360 CreateDCA
0x815364 CreateICA
0x815368 CreateCompatibleDC
0x81536c GetBrushOrgEx
0x815370 SetBrushOrgEx
0x815374 EnumObjects
0x815378 GetNearestColor
0x81537c RealizePalette
0x815380 UpdateColors
0x815384 GetBkColor
0x815388 GetBkMode
0x81538c GetPolyFillMode
0x815390 GetROP2
0x815394 GetStretchBltMode
0x815398 GetTextColor
0x81539c GetMapMode
0x8153a0 GetGraphicsMode
0x8153a4 GetWorldTransform
0x8153a8 GetViewportOrgEx
0x8153ac GetViewportExtEx
0x8153b0 GetWindowOrgEx
0x8153b4 GetWindowExtEx
0x8153b8 DPtoLP
0x8153bc LPtoDP
0x8153c0 FillRgn
0x8153c4 FrameRgn
0x8153c8 InvertRgn
0x8153cc PaintRgn
0x8153d0 PtVisible
0x8153d4 RectVisible
0x8153d8 Arc
0x8153dc Polyline
0x8153e0 Chord
0x8153e4 Ellipse
0x8153e8 Pie
0x8153ec CreateFontIndirectA
0x8153f0 PolyPolygon
0x8153f8 RoundRect
0x8153fc PatBlt
0x815400 BitBlt
0x815404 StretchBlt
0x815408 GetPixel
0x81540c SetPixel
0x815410 CreatePenIndirect
0x815414 ExtFloodFill
0x815418 TextOutA
0x815420 GetTextAlign
0x815424 GetTextFaceA
0x815428 GetTextMetricsA
0x815430 GetCharWidthA
0x815434 GetFontLanguageInfo
0x815440 Escape
0x815444 SetBoundsRect
0x815448 GetBoundsRect
0x81544c ResetDCA
0x815454 GetCharABCWidthsA
0x815458 GetFontData
0x81545c GetKerningPairsA
0x815460 GetGlyphOutlineA
0x815464 StartDocA
0x815468 StartPage
0x81546c EndPage
0x815470 SetAbortProc
0x815474 AbortDoc
0x815478 EndDoc
0x81547c MaskBlt
0x815480 PlgBlt
0x815484 SetPixelV
0x815488 AngleArc
0x81548c GetArcDirection
0x815490 PolyPolyline
0x815494 GetColorAdjustment
0x815498 GetCurrentObject
0x81549c PolyBezier
0x8154a0 DrawEscape
0x8154a4 ExtEscape
0x8154ac GetCharWidthFloatA
0x8154b0 AbortPath
0x8154b4 BeginPath
0x8154b8 CloseFigure
0x8154bc EndPath
0x8154c0 FillPath
0x8154c4 FlattenPath
0x8154c8 GetMiterLimit
0x8154cc GetPath
0x8154d0 SetMiterLimit
0x8154d4 StrokeAndFillPath
0x8154d8 StrokePath
0x8154dc WidenPath
0x8154e0 GdiComment
0x8154e4 PlayEnhMetaFile
0x8154e8 CopyMetaFileA
0x8154ec StretchDIBits
0x8154f0 EnumFontFamiliesExA
0x8154f4 DeleteMetaFile
0x8154f8 Polygon
0x8154fc CreateBrushIndirect
0x815500 CreatePatternBrush
0x815504 CreateHatchBrush
0x815508 CreateSolidBrush
0x81550c ExtCreatePen
0x815510 CreatePen
0x815514 GetDeviceCaps
0x815518 PlayMetaFile
0x81551c EnumMetaFile
0x815520 GetObjectType
0x815524 PlayMetaFileRecord
0x815528 ExtSelectClipRgn
0x81552c SelectClipPath
0x815530 SetArcDirection
0x815534 CreateRectRgn
0x815538 GetClipRgn
0x81553c DeleteObject
0x815540 PolyBezierTo
0x815544 SetColorAdjustment
0x815548 FloodFill
0x81554c UnrealizeObject
0x815554 SetTextAlign
0x815558 LineTo
0x81555c MoveToEx
0x815560 PolylineTo
0x815564 Rectangle
0x81556c ArcTo
0x815574 SetMapperFlags
0x815578 OffsetClipRgn
0x81557c IntersectClipRect
0x815580 ExcludeClipRect
0x815584 SelectClipRgn
0x815588 ScaleWindowExtEx
0x81558c SetWindowExtEx
0x815590 OffsetWindowOrgEx
0x815594 SetWindowOrgEx
0x815598 ScaleViewportExtEx
0x81559c SetViewportExtEx
0x8155a0 OffsetViewportOrgEx
0x8155a4 SetViewportOrgEx
0x8155a8 SetMapMode
0x8155b0 SetWorldTransform
0x8155b4 SetGraphicsMode
0x8155b8 SetStretchBltMode
0x8155bc SetROP2
0x8155c0 SetPolyFillMode
0x8155c4 SetBkMode
0x8155c8 SelectPalette
0x8155cc GetStockObject
0x8155d0 SelectObject
0x8155d4 RestoreDC
0x8155d8 SaveDC
0x8155dc DeleteDC
0x8155e0 GetObjectA
0x8155e4 SetBkColor
0x8155e8 SetTextColor
0x8155ec GetClipBox
0x8155f0 GetDCOrgEx
0x8155f4 CreateBitmap
0x8155f8 ExtTextOutA
0x8155fc CloseEnhMetaFile
0x815600 CreateEnhMetaFileA
0x815604 CloseMetaFile
0x815608 CreateMetaFileA
0x81560c PolyDraw
Library COMDLG32.dll:
0x8152b4 GetFileTitleA
Library WINSPOOL.DRV:
0x8160c8 GetJobA
0x8160cc OpenPrinterA
0x8160d0 DocumentPropertiesA
0x8160d4 ClosePrinter
Library ADVAPI32.dll:
0x8151f8 SetThreadToken
0x8151fc OpenThreadToken
0x815200 GetFileSecurityA
0x815204 SetFileSecurityA
0x815208 RegCreateKeyA
0x81520c RegSetValueA
0x815210 RegDeleteValueA
0x815214 RegSetValueExA
0x815218 RegCreateKeyExA
0x81521c RegDeleteKeyA
0x815220 RegOpenKeyA
0x815224 RegEnumKeyA
0x815228 RegQueryValueA
0x81522c RegOpenKeyExA
0x815230 RegQueryValueExA
0x815234 RegCloseKey
0x815238 OpenProcessToken
0x815244 RevertToSelf
Library SHELL32.dll:
0x815b78 DragQueryFileA
0x815b7c SHFileOperationA
0x815b80 DragAcceptFiles
0x815b84 SHGetFileInfoA
0x815b88 ExtractIconA
0x815b8c DragFinish
0x815b90 ShellExecuteA
Library COMCTL32.dll:
Library SHLWAPI.dll:
0x815bc8 PathFindFileNameA
0x815bcc PathRemoveFileSpecW
0x815bd0 PathIsUNCA
0x815bd4 PathFindExtensionA
0x815bd8 PathStripToRootA
Library oledlg.dll:
0x8162a0
0x8162a4
0x8162a8
0x8162ac
0x8162b0
0x8162b4
0x8162b8
Library ole32.dll:
0x81610c OleGetIconOfClass
0x816110 WriteClassStm
0x816114 OleSaveToStream
0x816118 OleIsRunning
0x816124 OleGetClipboard
0x81612c DoDragDrop
0x816130 OleRegEnumVerbs
0x816134 OleRegGetMiscStatus
0x81614c IsAccelerator
0x81615c OleCreateFromData
0x816164 OleLockRunning
0x816168 StgIsStorageFile
0x81616c StgOpenStorage
0x816170 StgCreateDocfile
0x816174 CoGetMalloc
0x81617c GetClassFile
0x816180 CreateFileMoniker
0x816188 CreateItemMoniker
0x81618c OleSave
0x816190 OleSetClipboard
0x8161a0 OleUninitialize
0x8161a4 OleInitialize
0x8161a8 OleRun
0x8161ac CoRevokeClassObject
0x8161b4 CoDisconnectObject
0x8161b8 StringFromGUID2
0x8161c8 CoGetClassObject
0x8161cc CoUninitialize
0x8161d0 CoInitializeEx
0x8161d4 CoCreateInstance
0x8161d8 ReleaseStgMedium
0x8161dc CoTaskMemAlloc
0x8161e0 CoTreatAsClass
0x8161e4 StringFromCLSID
0x8161e8 ReadClassStg
0x8161ec ReadFmtUserTypeStg
0x8161f0 OleRegGetUserType
0x8161f4 WriteClassStg
0x8161f8 WriteFmtUserTypeStg
0x8161fc SetConvertStg
0x816200 CreateBindCtx
0x816204 CoTaskMemFree
0x816208 OleDuplicateData
0x81620c CLSIDFromString
0x816210 CLSIDFromProgID
0x816214 OleLoad
0x816218 OleCreate
0x81621c OleCreateLinkToFile
0x816220 OleCreateFromFile
0x816228 CoMarshalInterface
0x816230 OleFlushClipboard
Library OLEAUT32.dll:
0x815a78 SysAllocStringLen
0x815a7c SysFreeString
0x815a80 VariantChangeType
0x815a84 VariantInit
0x815a88 SysStringLen
0x815a90 SysStringByteLen
0x815a98 SafeArrayDestroy
0x815a9c SysAllocString
0x815aa0 SafeArrayGetDim
0x815aa8 RegisterTypeLib
0x815aac LoadTypeLib
0x815ab0 LoadRegTypeLib
0x815ab8 SafeArrayAccessData
0x815abc SafeArrayGetUBound
0x815ac0 SafeArrayGetLBound
0x815ac4 SafeArrayRedim
0x815ac8 SafeArrayCreate
0x815acc VariantCopy
0x815ad0 SysReAllocStringLen
0x815ad4 VarCyFromStr
0x815ad8 VarBstrFromCy
0x815adc SafeArrayCopy
0x815ae0 SafeArrayAllocData
0x815ae8 SafeArrayGetElement
0x815aec SafeArrayPtrOfIndex
0x815af0 SafeArrayPutElement
0x815af4 SafeArrayLock
0x815af8 SafeArrayUnlock
0x815b04 VarBstrFromDec
0x815b08 VarDecFromStr
0x815b0c VarDateFromStr
0x815b10 VarBstrFromDate
0x815b1c VarUdateFromDate
0x815b20 VarDateFromUdate
0x815b24 VariantClear

Exports

Ordinal Address Name
1 0x4eeb53 dqDWQ

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62912 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 55369 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.