11.8
0-day
58 个模型检测该样本为恶意!
重新分析
更多

71e98704563087384ff32effbbed7a597dd5208913fe91d45ccf68da875e3643

e94c1f3d293f9ad45c8593423c33630f.exe

分析耗时

90s

最近分析

文件大小

962.0KB
静态报毒 动态报毒 100% 8GW@AUQFXBOI AGEN AI SCORE=88 AIDETECTVM AUTO BTSYE0 CLASSIC CONFIDENCE DELF DELPHILESS ELFW ELGZ FAREIT GENERICKD HIGH CONFIDENCE HKCZSI HXVQ IGENT KRYPTIK LOKI LOKIBOT MALICIOUS PE MALWARE1 MALWARE@#3FCU8YFMQC24Y PUTTY R + MAL SCORE SGENERIC SIGGEN2 SMDF STATIC AI SUSGEN TSCOPE UNSAFE WACATAC X2059 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Lokibot.d20f7bda 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201229 21.1.5827.0
Kingsoft 20201229 2017.9.26.565
McAfee Fareit-FRQ!E94C1F3D293F 20201229 6.0.6.653
Tencent Win32.Backdoor.Fareit.Auto 20201229 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619984897.203999
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619984900.937999
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619984901.671999
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Tries to locate where the browsers are installed (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619984893.046999
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619984891.360249
__exception__
stacktrace: 
e94c1f3d293f9ad45c8593423c33630f+0x608da @ 0x4608da
e94c1f3d293f9ad45c8593423c33630f+0x3daf @ 0x403daf
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637912
registers.edi: 4589836
registers.eax: 0
registers.ebp: 1638204
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 69
registers.ecx: 4024369152
exception.instruction_r: f7 f0 90 90 90 33 c0 5a 59 59 64 89 10 eb 17 e9
exception.symbol: e94c1f3d293f9ad45c8593423c33630f+0x606b8
exception.instruction: div eax
exception.module: e94c1f3d293f9ad45c8593423c33630f.exe
exception.exception_code: 0xc0000094
exception.offset: 394936
exception.address: 0x4606b8
success 0 0
1619984892.828999
__exception__
stacktrace: 
e94c1f3d293f9ad45c8593423c33630f+0x608da @ 0x4608da
e94c1f3d293f9ad45c8593423c33630f+0x3daf @ 0x403daf
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637912
registers.edi: 4589836
registers.eax: 0
registers.ebp: 1638204
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 69
registers.ecx: 400424960
exception.instruction_r: f7 f0 90 90 90 33 c0 5a 59 59 64 89 10 eb 17 e9
exception.symbol: e94c1f3d293f9ad45c8593423c33630f+0x606b8
exception.instruction: div eax
exception.module: e94c1f3d293f9ad45c8593423c33630f.exe
exception.exception_code: 0xc0000094
exception.offset: 394936
exception.address: 0x4606b8
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1619984891.079249
NtAllocateVirtualMemory
process_identifier: 1056
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e0000
success 0 0
1619984891.376249
NtAllocateVirtualMemory
process_identifier: 1056
region_size: 28672
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00610000
success 0 0
1619984891.407249
NtAllocateVirtualMemory
process_identifier: 1056
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00750000
success 0 0
1619984892.687999
NtAllocateVirtualMemory
process_identifier: 2288
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e0000
success 0 0
1619984892.859999
NtAllocateVirtualMemory
process_identifier: 2288
region_size: 28672
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00650000
success 0 0
1619984892.859999
NtAllocateVirtualMemory
process_identifier: 2288
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01f90000
success 0 0
Steals private information from local Internet browsers (19 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\LocalMapleStudio\ChromePlus\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\LocalMapleStudio\ChromePlus\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Nichrome\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Nichrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\RockMelt\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\RockMelt\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Data
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\SeaMonkey
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1619984901.640999
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\e94c1f3d293f9ad45c8593423c33630f.exe
newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\6ED2B0\0019EA.exe
newfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Roaming\6ED2B0\0019EA.exe
flags: 1
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\e94c1f3d293f9ad45c8593423c33630f.exe
success 1 0
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1619984900.687999
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
Expresses interest in specific running processes (1 个事件)
process e94c1f3d293f9ad45c8593423c33630f.exe
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Harvests credentials from local FTP client softwares (22 个事件)
file C:\Program Files (x86)\FTPGetter\Profile\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FTPGetter\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Estsoft\ALFTP\ESTdb2.dat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\wcx_ftp.ini
file C:\Windows\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\GHISLER\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\wcx_ftp.ini
file C:\Windows\32BitFtp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\sitemanager.xml
file C:\Program Files (x86)\FileZilla\Filezilla.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\filezilla.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\recentservers.xml
registry HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
registry HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
registry HKEY_CURRENT_USER\Software\Ghisler\Total Commander
registry HKEY_CURRENT_USER\Software\VanDyke\SecureFX
registry HKEY_CURRENT_USER\Software\LinasFTP\Site Manager
registry HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings
registry HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions
registry HKEY_LOCAL_MACHINE\Software\SimonTatham\PuTTY\Sessions
registry HKEY_CURRENT_USER\Software\Martin Prikryl
registry HKEY_LOCAL_MACHINE\Software\Martin Prikryl
Harvests information related to installed instant messenger clients (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\.purple\accounts.xml
Harvests credentials from local email clients (3 个事件)
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird
registry HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 1056 called NtSetContextThread to modify thread in remote process 1948
Time & API Arguments Status Return Repeated
1619984891.516249
NtSetContextThread
thread_handle: 0x000000e8
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4274654
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1948
success 0 0
Putty Files, Registry Keys and/or Mutexes Detected
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 1056 resumed a thread in remote process 1948
Time & API Arguments Status Return Repeated
1619984892.547249
NtResumeThread
thread_handle: 0x000000e8
suspend_count: 1
process_identifier: 1948
success 0 0
Executed a process and injected code into it, probably while unpacking (8 个事件)
Time & API Arguments Status Return Repeated
1619984891.422249
CreateProcessInternalW
thread_identifier: 1940
thread_handle: 0x000000e8
process_identifier: 1948
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\e94c1f3d293f9ad45c8593423c33630f.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x000000ec
inherit_handles: 0
success 1 0
1619984891.422249
NtUnmapViewOfSection
process_identifier: 1948
region_size: 4096
process_handle: 0x000000ec
base_address: 0x00400000
success 0 0
1619984891.422249
NtMapViewOfSection
section_handle: 0x000000f4
process_identifier: 1948
commit_size: 663552
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x000000ec
allocation_type: 0 ()
section_offset: 0
view_size: 663552
base_address: 0x00400000
success 0 0
1619984891.516249
NtGetContextThread
thread_handle: 0x000000e8
success 0 0
1619984891.516249
NtSetContextThread
thread_handle: 0x000000e8
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4274654
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1948
success 0 0
1619984892.547249
NtResumeThread
thread_handle: 0x000000e8
suspend_count: 1
process_identifier: 1948
success 0 0
1619984892.563249
CreateProcessInternalW
thread_identifier: 2196
thread_handle: 0x000000f0
process_identifier: 2288
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\e94c1f3d293f9ad45c8593423c33630f.exe" 2 1948 15700046
filepath_r:
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x000000f8
inherit_handles: 0
success 1 0
1619984894.078999
NtResumeThread
thread_handle: 0x00000110
suspend_count: 1
process_identifier: 1948
success 0 0
File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.33581781
FireEye Generic.mg.e94c1f3d293f9ad4
CAT-QuickHeal Trojan.Kryptik
Qihoo-360 Trojan.Generic
ALYac Trojan.Agent.Wacatac
Cylance Unsafe
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/Lokibot.d20f7bda
K7GW Riskware ( 0040eff71 )
Cybereason malicious.d293f9
Arcabit Trojan.Generic.D2006AD5
BitDefenderTheta Gen:NN.ZelphiF.34700.8GW@auQFXBoi
Cyren W32/Trojan.HXVQ-5664
Symantec Infostealer.Lokibot!43
TrendMicro-HouseCall TrojanSpy.Win32.LOKI.SMDF.hp
Avast Win32:Trojan-gen
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
BitDefender Trojan.GenericKD.33581781
NANO-Antivirus Trojan.Win32.Kryptik.hkczsi
Paloalto generic.ml
AegisLab Trojan.Win32.Kryptik.4!c
Rising Trojan.Injector!1.AFE3 (CLASSIC)
Ad-Aware Trojan.GenericKD.33581781
Emsisoft Trojan.GenericKD.33581781 (B)
Comodo Malware@#3fcu8yfmqc24y
F-Secure Heuristic.HEUR/AGEN.1111011
DrWeb Trojan.PWS.Siggen2.45932
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.LOKI.SMDF.hp
McAfee-GW-Edition BehavesLike.Win32.Fareit.dh
SentinelOne Static AI - Malicious PE
Sophos Mal/Generic-R + Mal/Fareit-V
APEX Malicious
Jiangmin Trojan.Kryptik.dar
Avira HEUR/AGEN.1111011
Antiy-AVL Trojan/Win32.SGeneric
Microsoft PWS:Win32/Fareit.VD!MTB
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Win32.Trojan-Spy.Loki.A
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2059
McAfee Fareit-FRQ!E94C1F3D293F
MAX malware (ai score=88)
VBA32 TScope.Trojan.Delf
Malwarebytes Trojan.MalPack.DLF
Zoner Trojan.Win32.90485
ESET-NOD32 a variant of Win32/Injector.ELGZ
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.110:443
dead_host 172.217.27.142:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-03-15 19:13:37

Imports

Library kernel32.dll:
0x46e164 VirtualFree
0x46e168 VirtualAlloc
0x46e16c LocalFree
0x46e170 LocalAlloc
0x46e174 GetVersion
0x46e178 GetCurrentThreadId
0x46e184 VirtualQuery
0x46e188 WideCharToMultiByte
0x46e18c MultiByteToWideChar
0x46e190 lstrlenA
0x46e194 lstrcpynA
0x46e198 LoadLibraryExA
0x46e19c GetThreadLocale
0x46e1a0 GetStartupInfoA
0x46e1a4 GetProcAddress
0x46e1a8 GetModuleHandleA
0x46e1ac GetModuleFileNameA
0x46e1b0 GetLocaleInfoA
0x46e1b4 GetCommandLineA
0x46e1b8 FreeLibrary
0x46e1bc FindFirstFileA
0x46e1c0 FindClose
0x46e1c4 ExitProcess
0x46e1c8 WriteFile
0x46e1d0 RtlUnwind
0x46e1d4 RaiseException
0x46e1d8 GetStdHandle
Library user32.dll:
0x46e1e0 GetKeyboardType
0x46e1e4 LoadStringA
0x46e1e8 MessageBoxA
0x46e1ec CharNextA
Library advapi32.dll:
0x46e1f4 RegQueryValueExA
0x46e1f8 RegOpenKeyExA
0x46e1fc RegCloseKey
Library oleaut32.dll:
0x46e204 SysFreeString
0x46e208 SysReAllocStringLen
0x46e20c SysAllocStringLen
Library kernel32.dll:
0x46e214 TlsSetValue
0x46e218 TlsGetValue
0x46e21c LocalAlloc
0x46e220 GetModuleHandleA
Library advapi32.dll:
0x46e228 RegQueryValueExA
0x46e22c RegOpenKeyExA
0x46e230 RegCloseKey
Library kernel32.dll:
0x46e238 lstrcpyA
0x46e23c WriteFile
0x46e240 WinExec
0x46e244 WaitForSingleObject
0x46e248 VirtualQuery
0x46e24c VirtualFree
0x46e250 VirtualAllocEx
0x46e254 VirtualAlloc
0x46e258 Sleep
0x46e25c SizeofResource
0x46e260 SetThreadLocale
0x46e264 SetFilePointer
0x46e268 SetEvent
0x46e26c SetErrorMode
0x46e270 SetEndOfFile
0x46e274 ResetEvent
0x46e278 ReadFile
0x46e27c MultiByteToWideChar
0x46e280 MulDiv
0x46e284 LockResource
0x46e288 LoadResource
0x46e28c LoadLibraryA
0x46e298 GlobalUnlock
0x46e29c GlobalSize
0x46e2a0 GlobalReAlloc
0x46e2a4 GlobalHandle
0x46e2a8 GlobalLock
0x46e2ac GlobalFree
0x46e2b0 GlobalFindAtomA
0x46e2b4 GlobalDeleteAtom
0x46e2b8 GlobalAlloc
0x46e2bc GlobalAddAtomA
0x46e2c0 GetVersionExA
0x46e2c4 GetVersion
0x46e2c8 GetUserDefaultLCID
0x46e2cc GetTickCount
0x46e2d0 GetThreadLocale
0x46e2d4 GetSystemInfo
0x46e2d8 GetStringTypeExA
0x46e2dc GetStdHandle
0x46e2e0 GetProcAddress
0x46e2e4 GetOEMCP
0x46e2e8 GetModuleHandleA
0x46e2ec GetModuleFileNameA
0x46e2f0 GetLocaleInfoA
0x46e2f4 GetLocalTime
0x46e2f8 GetLastError
0x46e2fc GetFullPathNameA
0x46e300 GetDiskFreeSpaceA
0x46e304 GetDateFormatA
0x46e308 GetCurrentThreadId
0x46e30c GetCurrentProcessId
0x46e310 GetCurrentProcess
0x46e314 GetComputerNameA
0x46e318 GetCPInfo
0x46e31c GetACP
0x46e320 FreeResource
0x46e324 InterlockedExchange
0x46e328 FreeLibrary
0x46e32c FormatMessageA
0x46e330 FindResourceA
0x46e334 EnumCalendarInfoA
0x46e340 CreateThread
0x46e344 CreateFileA
0x46e348 CreateEventA
0x46e34c CompareStringA
0x46e350 CloseHandle
Library version.dll:
0x46e358 VerQueryValueA
0x46e360 GetFileVersionInfoA
Library gdi32.dll:
0x46e368 UnrealizeObject
0x46e36c StretchBlt
0x46e370 SetWindowOrgEx
0x46e374 SetWinMetaFileBits
0x46e378 SetViewportOrgEx
0x46e37c SetTextColor
0x46e380 SetStretchBltMode
0x46e384 SetROP2
0x46e388 SetPixel
0x46e38c SetMapMode
0x46e390 SetEnhMetaFileBits
0x46e394 SetDIBColorTable
0x46e398 SetBrushOrgEx
0x46e39c SetBkMode
0x46e3a0 SetBkColor
0x46e3a4 SelectPalette
0x46e3a8 SelectObject
0x46e3ac SaveDC
0x46e3b0 RestoreDC
0x46e3b4 RectVisible
0x46e3b8 RealizePalette
0x46e3bc PlayEnhMetaFile
0x46e3c0 PatBlt
0x46e3c4 MoveToEx
0x46e3c8 MaskBlt
0x46e3cc LineTo
0x46e3d0 LPtoDP
0x46e3d4 IntersectClipRect
0x46e3d8 GetWindowOrgEx
0x46e3dc GetWinMetaFileBits
0x46e3e0 GetTextMetricsA
0x46e3ec GetStockObject
0x46e3f0 GetPixel
0x46e3f4 GetPaletteEntries
0x46e3f8 GetObjectA
0x46e408 GetEnhMetaFileBits
0x46e40c GetDeviceCaps
0x46e410 GetDIBits
0x46e414 GetDIBColorTable
0x46e418 GetDCOrgEx
0x46e420 GetClipBox
0x46e424 GetBrushOrgEx
0x46e428 GetBitmapBits
0x46e42c ExcludeClipRect
0x46e430 DeleteObject
0x46e434 DeleteEnhMetaFile
0x46e438 DeleteDC
0x46e43c CreateSolidBrush
0x46e440 CreatePenIndirect
0x46e444 CreatePalette
0x46e44c CreateFontIndirectA
0x46e450 CreateEnhMetaFileA
0x46e454 CreateDIBitmap
0x46e458 CreateDIBSection
0x46e45c CreateCompatibleDC
0x46e464 CreateBrushIndirect
0x46e468 CreateBitmap
0x46e46c CopyEnhMetaFileA
0x46e470 CloseEnhMetaFile
0x46e474 BitBlt
Library user32.dll:
0x46e47c CreateWindowExA
0x46e480 WindowFromPoint
0x46e484 WinHelpA
0x46e488 WaitMessage
0x46e48c UpdateWindow
0x46e490 UnregisterClassA
0x46e494 UnhookWindowsHookEx
0x46e498 TranslateMessage
0x46e4a0 TrackPopupMenu
0x46e4a8 ShowWindow
0x46e4ac ShowScrollBar
0x46e4b0 ShowOwnedPopups
0x46e4b4 ShowCursor
0x46e4b8 SetWindowsHookExA
0x46e4bc SetWindowPos
0x46e4c0 SetWindowPlacement
0x46e4c4 SetWindowLongA
0x46e4c8 SetTimer
0x46e4cc SetScrollRange
0x46e4d0 SetScrollPos
0x46e4d4 SetScrollInfo
0x46e4d8 SetRect
0x46e4dc SetPropA
0x46e4e0 SetParent
0x46e4e4 SetMenuItemInfoA
0x46e4e8 SetMenu
0x46e4ec SetForegroundWindow
0x46e4f0 SetFocus
0x46e4f4 SetCursor
0x46e4f8 SetClassLongA
0x46e4fc SetCapture
0x46e500 SetActiveWindow
0x46e504 SendMessageA
0x46e508 ScrollWindow
0x46e50c ScreenToClient
0x46e510 RemovePropA
0x46e514 RemoveMenu
0x46e518 ReleaseDC
0x46e51c ReleaseCapture
0x46e528 RegisterClassA
0x46e52c RedrawWindow
0x46e530 PtInRect
0x46e534 PostQuitMessage
0x46e538 PostMessageA
0x46e53c PeekMessageA
0x46e540 OffsetRect
0x46e544 OemToCharA
0x46e548 MessageBoxA
0x46e54c MapWindowPoints
0x46e550 MapVirtualKeyA
0x46e554 LoadStringA
0x46e558 LoadKeyboardLayoutA
0x46e55c LoadIconA
0x46e560 LoadCursorA
0x46e564 LoadBitmapA
0x46e568 KillTimer
0x46e56c IsZoomed
0x46e570 IsWindowVisible
0x46e574 IsWindowEnabled
0x46e578 IsWindow
0x46e57c IsRectEmpty
0x46e580 IsIconic
0x46e584 IsDialogMessageA
0x46e588 IsChild
0x46e58c InvalidateRect
0x46e590 IntersectRect
0x46e594 InsertMenuItemA
0x46e598 InsertMenuA
0x46e59c InflateRect
0x46e5a4 GetWindowTextA
0x46e5a8 GetWindowRect
0x46e5ac GetWindowPlacement
0x46e5b0 GetWindowLongA
0x46e5b4 GetWindowDC
0x46e5b8 GetTopWindow
0x46e5bc GetSystemMetrics
0x46e5c0 GetSystemMenu
0x46e5c4 GetSysColorBrush
0x46e5c8 GetSysColor
0x46e5cc GetSubMenu
0x46e5d0 GetScrollRange
0x46e5d4 GetScrollPos
0x46e5d8 GetScrollInfo
0x46e5dc GetPropA
0x46e5e0 GetParent
0x46e5e4 GetWindow
0x46e5e8 GetMessageTime
0x46e5ec GetMenuStringA
0x46e5f0 GetMenuState
0x46e5f4 GetMenuItemInfoA
0x46e5f8 GetMenuItemID
0x46e5fc GetMenuItemCount
0x46e600 GetMenu
0x46e604 GetLastActivePopup
0x46e608 GetKeyboardState
0x46e610 GetKeyboardLayout
0x46e614 GetKeyState
0x46e618 GetKeyNameTextA
0x46e61c GetIconInfo
0x46e620 GetForegroundWindow
0x46e624 GetFocus
0x46e628 GetDesktopWindow
0x46e62c GetDCEx
0x46e630 GetDC
0x46e634 GetCursorPos
0x46e638 GetCursor
0x46e63c GetClipboardData
0x46e640 GetClientRect
0x46e644 GetClassNameA
0x46e648 GetClassInfoA
0x46e64c GetCapture
0x46e650 GetActiveWindow
0x46e654 FrameRect
0x46e658 FindWindowA
0x46e65c FillRect
0x46e660 EqualRect
0x46e664 EnumWindows
0x46e668 EnumThreadWindows
0x46e66c EndPaint
0x46e670 EnableWindow
0x46e674 EnableScrollBar
0x46e678 EnableMenuItem
0x46e67c DrawTextA
0x46e680 DrawMenuBar
0x46e684 DrawIconEx
0x46e688 DrawIcon
0x46e68c DrawFrameControl
0x46e690 DrawEdge
0x46e694 DispatchMessageA
0x46e698 DestroyWindow
0x46e69c DestroyMenu
0x46e6a0 DestroyIcon
0x46e6a4 DestroyCursor
0x46e6a8 DeleteMenu
0x46e6ac DefWindowProcA
0x46e6b0 DefMDIChildProcA
0x46e6b4 DefFrameProcA
0x46e6b8 CreatePopupMenu
0x46e6bc CreateMenu
0x46e6c0 CreateIcon
0x46e6c4 ClientToScreen
0x46e6c8 CheckMenuItem
0x46e6cc CallWindowProcA
0x46e6d0 CallNextHookEx
0x46e6d4 BeginPaint
0x46e6d8 CharNextA
0x46e6dc CharLowerBuffA
0x46e6e0 CharLowerA
0x46e6e4 CharToOemA
0x46e6e8 AdjustWindowRectEx
Library kernel32.dll:
0x46e6f4 Sleep
Library oleaut32.dll:
0x46e6fc SafeArrayPtrOfIndex
0x46e700 SafeArrayGetUBound
0x46e704 SafeArrayGetLBound
0x46e708 SafeArrayCreate
0x46e70c VariantChangeType
0x46e710 VariantCopy
0x46e714 VariantClear
0x46e718 VariantInit
Library ole32.dll:
0x46e724 IsAccelerator
0x46e728 OleDraw
0x46e730 CoTaskMemFree
0x46e734 ProgIDFromCLSID
0x46e738 StringFromCLSID
0x46e73c CoCreateInstance
0x46e740 CoGetClassObject
0x46e744 CoUninitialize
0x46e748 CoInitialize
0x46e74c IsEqualGUID
Library oleaut32.dll:
0x46e754 GetErrorInfo
0x46e758 GetActiveObject
0x46e75c SysFreeString
Library comctl32.dll:
0x46e76c ImageList_Write
0x46e770 ImageList_Read
0x46e780 ImageList_DragMove
0x46e784 ImageList_DragLeave
0x46e788 ImageList_DragEnter
0x46e78c ImageList_EndDrag
0x46e790 ImageList_BeginDrag
0x46e794 ImageList_Remove
0x46e798 ImageList_DrawEx
0x46e79c ImageList_Draw
0x46e7ac ImageList_Add
0x46e7b4 ImageList_Destroy
0x46e7b8 ImageList_Create
0x46e7bc InitCommonControls
Library user32.dll:
0x46e7c4 DdeCmpStringHandles
0x46e7c8 DdeFreeStringHandle
0x46e7cc DdeQueryStringA
0x46e7d4 DdeGetLastError
0x46e7d8 DdeFreeDataHandle
0x46e7dc DdeUnaccessData
0x46e7e0 DdeAccessData
0x46e7e4 DdeCreateDataHandle
0x46e7ec DdeNameService
0x46e7f0 DdePostAdvise
0x46e7f4 DdeSetUserHandle
0x46e7f8 DdeQueryConvInfo
0x46e7fc DdeDisconnect
0x46e800 DdeConnect
0x46e804 DdeUninitialize
0x46e808 DdeInitializeA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 57367 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53500 224.0.0.252 5355
192.168.56.101 54260 224.0.0.252 5355
192.168.56.101 55169 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.