6.2
高危
58 个模型检测该样本为恶意!
重新分析
更多

8d5fb11ff3bf85e88bcfc54d8018b8433e4d84d4480b650696b2e16fce9866e0

eb2070f0b08257402c6672a2ec59f011.exe

分析耗时

82s

最近分析

文件大小

574.5KB
静态报毒 动态报毒 100% AI SCORE=82 AIDETECTVM AKEQ BANKERX BSCOPE CERT CLASSIC CONFIDENCE EHLS ENCPK FALSESIGN FTIE GDSDA GENERICKD GRAYWARE HFEL HGXH HIGH CONFIDENCE HPPDRP INVALIDSIG JG1@AQ@O89G KRYPTIK MALICIOUS PE MALWARE2 MALWARE@#161VZRTSXSW72 QAKBOT QBOT QVM19 R + MAL R346189 SCORE STATIC AI UNSAFE ZENPAK ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Packed-GCB!EB2070F0B082 20201211 6.0.6.653
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:BankerX-gen [Trj] 20201210 21.1.5827.0
Alibaba Backdoor:Win32/Qakbot.f5e036d1 20190527 0.3.0.5
Kingsoft 20201211 2017.9.26.565
Tencent Win32.Trojan.Falsesign.Akeq 20201211 1.0.0.1
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1619968030.230249
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619968042.683501
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
This executable is signed
The executable contains unknown PE section names indicative of a packer (could be a false positive) (4 个事件)
section .rdata4
section .rdata3
section .rdata2
section .rdata5
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619968043.324501
__exception__
stacktrace: 
eb2070f0b08257402c6672a2ec59f011+0x3f07 @ 0x403f07
eb2070f0b08257402c6672a2ec59f011+0x1b25 @ 0x401b25
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 9586472
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: eb2070f0b08257402c6672a2ec59f011+0x3449
exception.instruction: in eax, dx
exception.module: eb2070f0b08257402c6672a2ec59f011.exe
exception.exception_code: 0xc0000096
exception.offset: 13385
exception.address: 0x403449
success 0 0
1619968043.324501
__exception__
stacktrace: 
eb2070f0b08257402c6672a2ec59f011+0x3f10 @ 0x403f10
eb2070f0b08257402c6672a2ec59f011+0x1b25 @ 0x401b25
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637628
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 9586472
registers.ecx: 20
exception.instruction_r: ed 89 45 e4 5a 59 5b 58 83 4d fc ff eb 11 33 c0
exception.symbol: eb2070f0b08257402c6672a2ec59f011+0x34e2
exception.instruction: in eax, dx
exception.module: eb2070f0b08257402c6672a2ec59f011.exe
exception.exception_code: 0xc0000096
exception.offset: 13538
exception.address: 0x4034e2
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1619968027.652249
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004a0000
success 0 0
1619968029.808249
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 225280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004e0000
success 0 0
1619968029.808249
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 241664
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619968041.012501
NtAllocateVirtualMemory
process_identifier: 1888
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003c0000
success 0 0
1619968042.683501
NtAllocateVirtualMemory
process_identifier: 1888
region_size: 225280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00630000
success 0 0
1619968042.683501
NtProtectVirtualMemory
process_identifier: 1888
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 241664
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619968030.871249
CreateProcessInternalW
thread_identifier: 1916
thread_handle: 0x00000154
process_identifier: 1888
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\eb2070f0b08257402c6672a2ec59f011.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000158
inherit_handles: 0
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.262523367167165 section {'size_of_data': '0x00072400', 'virtual_address': '0x00001000', 'entropy': 7.262523367167165, 'name': '.text', 'virtual_size': '0x00072255'} description A section with a high entropy has been found
entropy 0.7982532751091703 description Overall entropy of this PE file is high
Expresses interest in specific running processes (1 个事件)
process vboxservice.exe
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Detects VMWare through the in instruction feature (1 个事件)
Time & API Arguments Status Return Repeated
1619968043.324501
__exception__
stacktrace: 
eb2070f0b08257402c6672a2ec59f011+0x3f07 @ 0x403f07
eb2070f0b08257402c6672a2ec59f011+0x1b25 @ 0x401b25
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 9586472
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: eb2070f0b08257402c6672a2ec59f011+0x3449
exception.instruction: in eax, dx
exception.module: eb2070f0b08257402c6672a2ec59f011.exe
exception.exception_code: 0xc0000096
exception.offset: 13385
exception.address: 0x403449
success 0 0
File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.43557767
FireEye Generic.mg.eb2070f0b0825740
McAfee Packed-GCB!EB2070F0B082
Cylance Unsafe
Zillya Trojan.Zenpak.Win32.2542
AegisLab Trojan.Win32.Zenpak.4!c
Sangfor Malware
K7AntiVirus Trojan ( 0056b6a11 )
BitDefender Trojan.GenericKD.43557767
K7GW Trojan ( 0056b6a11 )
CrowdStrike win/malicious_confidence_100% (D)
BitDefenderTheta Gen:NN.ZexaF.34670.JG1@aq@O89g
Cyren W32/Trojan.FTIE-1093
Symantec Packed.Generic.459
ESET-NOD32 a variant of Win32/Kryptik.HFEL
APEX Malicious
Avast Win32:BankerX-gen [Trj]
ClamAV Win.Packed.Zenpak-9762358-0
Kaspersky HEUR:Trojan-Banker.Win32.Qbot.pef
Alibaba Backdoor:Win32/Qakbot.f5e036d1
NANO-Antivirus Trojan.Win32.Zenpak.hppdrp
Rising Trojan.Kryptik!1.C9B1 (CLASSIC)
Ad-Aware Trojan.GenericKD.43557767
Emsisoft Adware.Generic (A)
Comodo Malware@#161vzrtsxsw72
F-Secure Trojan.TR/AD.Qbot.AD
DrWeb Trojan.QakBot.10
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition Packed-GCB!EB2070F0B082
Sophos Mal/Generic-R + Mal/EncPk-APV
SentinelOne Static AI - Malicious PE
Jiangmin Trojan.Zenpak.crf
Avira TR/AD.Qbot.AD
MAX malware (ai score=82)
Antiy-AVL GrayWare/Win32.Kryptik.ehls
Microsoft Trojan:Win32/Qakbot!cert
Gridinsoft Trojan.Heur!.01016031
Arcabit Trojan.Generic.D298A387
AhnLab-V3 Trojan/Win32.Agent.R346189
ZoneAlarm HEUR:Trojan-Banker.Win32.Qbot.pef
GData Trojan.GenericKD.43557767
Cynet Malicious (score: 100)
Acronis suspicious
VBA32 BScope.Trojan.Encoder
ALYac Trojan.GenericKD.43557767
Malwarebytes Trojan.MalPack.VAK
Panda Trj/GdSda.A
Tencent Win32.Trojan.Falsesign.Akeq
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2000-01-29 09:04:49

Imports

Library KERNEL32.dll:
0x4910e8 GlobalSize
0x4910ec HeapCreate
0x4910f0 IsBadCodePtr
0x4910f4 IsBadWritePtr
0x4910f8 GetTempPathW
0x4910fc SetFileTime
0x491100 GetExitCodeProcess
0x491104 GetCurrentThreadId
0x491108 CompareFileTime
0x49110c GetFileTime
0x491110 FindClose
0x491114 GetTickCount
0x49111c HeapFree
0x491120 HeapAlloc
0x491124 GetCommandLineW
0x491128 GetCommandLineA
0x49112c lstrcmpA
0x491130 GetProcessHeap
0x491134 GetVersionExA
0x491138 GetACP
0x49113c GetOEMCP
0x491144 GetLocaleInfoA
0x491148 GetStartupInfoA
0x49114c CreateEventA
0x491150 GetLastError
0x491154 WaitForSingleObject
0x491158 FreeLibrary
0x49115c MulDiv
0x491160 SetEvent
0x491164 CloseHandle
0x491168 GlobalLock
0x49116c GlobalUnlock
0x491170 Sleep
0x491174 ExitProcess
0x491178 GetTimeFormatA
0x49117c GetTimeFormatW
0x491180 GetDateFormatA
0x491184 GetDateFormatW
0x491188 CreateProcessA
0x49118c CreateProcessW
0x491198 SearchPathA
0x49119c SearchPathW
0x4911a0 GetFullPathNameA
0x4911a4 GetFullPathNameW
0x4911a8 GetModuleHandleW
0x4911ac LoadLibraryA
0x4911b0 LoadLibraryW
0x4911bc FindFirstFileA
0x4911c0 FindFirstFileW
0x4911c4 SetFileAttributesA
0x4911c8 SetFileAttributesW
0x4911cc GetFileAttributesW
0x4911d0 DeleteFileA
0x4911d4 DeleteFileW
0x4911d8 CreateFileA
0x4911dc CreateFileW
0x4911e0 GetModuleFileNameA
0x4911e4 GetModuleFileNameW
0x4911f0 FindNextFileA
0x4911f4 FindNextFileW
0x4911f8 WideCharToMultiByte
0x491200 GetModuleHandleA
0x491204 GetProcAddress
0x491208 GetFileAttributesA
0x49120c WriteFile
0x491210 ReadFile
0x491214 SetFilePointer
0x491218 GetFileSize
0x49121c lstrlenA
0x491220 lstrlenW
0x491224 MultiByteToWideChar
0x491228 GlobalFree
0x49122c HeapDestroy
0x491230 GlobalAlloc
0x49123c LocalFlags
0x491240 GetProfileSectionA
0x491244 SetConsoleOutputCP
0x491248 AllocConsole
0x49124c CreateRemoteThread
0x491250 GetLongPathNameW
0x491254 IsBadHugeReadPtr
0x491260 LCMapStringW
0x491264 Process32First
0x491268 CreateDirectoryExA
0x49126c VirtualQuery
0x491270 ClearCommError
0x491274 DisconnectNamedPipe
0x491278 GetProfileStringW
0x491280 GlobalAddAtomA
0x491290 TlsFree
0x49129c CreateDirectoryW
0x4912a0 FindNextVolumeA
0x4912a4 CreateThread
0x4912a8 RtlFillMemory
0x4912ac HeapCompact
0x4912b0 SetComputerNameW
0x4912b8 LocalAlloc
0x4912bc EnumCalendarInfoW
0x4912c4 VirtualAllocEx
Library USER32.dll:
0x4912cc CreatePopupMenu
0x4912d0 GetKeyState
0x4912d4 DefFrameProcW
0x4912d8 PostQuitMessage
0x4912dc ModifyMenuW
0x4912e0 DestroyIcon
0x4912e4 DestroyCursor
0x4912e8 SetTimer
0x4912ec GetWindow
0x4912f0 DefFrameProcA
0x4912f4 CheckMenuItem
0x4912f8 GetQueueStatus
0x4912fc GetKeyboardState
0x491300 CheckMenuRadioItem
0x491304 GetSystemMetrics
0x491308 DrawMenuBar
0x49130c DeleteMenu
0x491310 GetSubMenu
0x491314 LoadCursorA
0x491318 GetKeyboardLayout
0x49131c IsWindowVisible
0x491320 GetClassNameW
0x491324 GetClassNameA
0x491328 SetWindowPos
0x49132c SetScrollInfo
0x491330 GetScrollInfo
0x491334 ReleaseCapture
0x491338 CallNextHookEx
0x49133c MapVirtualKeyW
0x491340 MapVirtualKeyA
0x491344 UnhookWindowsHookEx
0x491348 GetDlgItem
0x49134c EndDialog
0x491350 IsChild
0x491354 RedrawWindow
0x491358 MoveWindow
0x49135c SetCapture
0x491364 SetForegroundWindow
0x491368 GetForegroundWindow
0x491370 LoadMenuA
0x491374 LoadMenuW
0x491378 LoadAcceleratorsA
0x49137c LoadAcceleratorsW
0x491380 LoadIconA
0x491384 LoadIconW
0x491388 LoadImageA
0x49138c LoadImageW
0x491390 CreateDialogParamW
0x491394 CreateDialogParamA
0x491398 DialogBoxParamW
0x49139c DialogBoxParamA
0x4913a0 EnumThreadWindows
0x4913a4 WaitForInputIdle
0x4913a8 BringWindowToTop
0x4913ac EnableWindow
0x4913b0 CloseClipboard
0x4913b4 GetClipboardData
0x4913b8 OpenClipboard
0x4913bc MessageBeep
0x4913c0 SetCursorPos
0x4913c4 DrawTextW
0x4913c8 DrawTextA
0x4913d0 EnumWindows
0x4913d4 SetActiveWindow
0x4913d8 GetActiveWindow
0x4913dc EndPaint
0x4913e0 DrawFrameControl
0x4913e4 BeginPaint
0x4913e8 GetCapture
0x4913ec FrameRect
0x4913f0 SetDlgItemInt
0x4913f4 GetDlgItemInt
0x4913f8 SetWindowsHookExA
0x4913fc CharUpperA
0x491404 HideCaret
0x491408 SetMenuDefaultItem
0x491410 SetCaretPos
0x491414 SetClipboardData
0x491418 EmptyClipboard
0x49141c UnregisterClassA
0x491420 UnregisterClassW
0x491424 CreateCaret
0x491428 DestroyCaret
0x49142c ScrollWindow
0x491430 ShowScrollBar
0x491434 GetDoubleClickTime
0x491438 GetMessageTime
0x49143c GetUpdateRect
0x491440 IntersectRect
0x491444 InsertMenuA
0x491448 InsertMenuW
0x49144c AppendMenuA
0x491450 AppendMenuW
0x491454 SetDlgItemTextA
0x491458 SetDlgItemTextW
0x49145c SetWindowTextA
0x491460 SetWindowTextW
0x491464 FindWindowExA
0x491468 FindWindowExW
0x49146c CreateMDIWindowA
0x491470 CreateMDIWindowW
0x491474 CreateWindowExA
0x491478 CreateWindowExW
0x49147c RegisterClassA
0x491480 RegisterClassW
0x491484 ScreenToClient
0x491488 TrackPopupMenu
0x49148c GetSystemMenu
0x491490 KillTimer
0x491494 SetCursor
0x491498 GetMenuStringA
0x49149c GetMenuStringW
0x4914a0 LoadStringA
0x4914a4 LoadStringW
0x4914a8 SendMessageW
0x4914ac IsDialogMessageA
0x4914b0 IsDialogMessageW
0x4914bc DispatchMessageA
0x4914c0 DispatchMessageW
0x4914c4 PeekMessageA
0x4914c8 PeekMessageW
0x4914cc GetMessageA
0x4914d0 GetMessageW
0x4914d4 GetDlgItemTextA
0x4914d8 GetDlgItemTextW
0x4914dc GetWindowTextA
0x4914e0 GetWindowTextW
0x4914ec SetWindowLongA
0x4914f0 SetWindowLongW
0x4914f4 GetWindowLongA
0x4914f8 GetWindowLongW
0x4914fc SetClassLongA
0x491500 SetClassLongW
0x491504 GetClassLongA
0x491508 GetClassLongW
0x49150c GetKeyNameTextA
0x491510 GetKeyNameTextW
0x491514 DefWindowProcA
0x491518 DefWindowProcW
0x49151c InvalidateRect
0x491520 UpdateWindow
0x491524 ValidateRect
0x491528 GetDC
0x49152c GetClientRect
0x491530 GetSysColorBrush
0x491534 FillRect
0x491538 DrawEdge
0x49153c GetFocus
0x491540 DrawFocusRect
0x491544 DestroyMenu
0x491548 DefMDIChildProcA
0x49154c DefMDIChildProcW
0x491550 SetFocus
0x491554 ClientToScreen
0x491558 EnableMenuItem
0x49155c ShowWindow
0x491560 TranslateMessage
0x491564 ShowCaret
0x491568 ModifyMenuA
0x49156c IsWindowEnabled
0x491570 GetSysColor
0x491574 DrawStateA
0x491578 ReleaseDC
0x49157c IsWindowUnicode
0x491580 CallWindowProcA
0x491584 CallWindowProcW
0x491588 GetDlgCtrlID
0x49158c GetParent
0x491590 PostMessageA
0x491594 GetCursorPos
0x491598 PtInRect
0x49159c GetWindowRect
0x4915a0 DestroyWindow
0x4915a4 SendMessageA
0x4915a8 MessageBoxW
0x4915b0 SetPropW
0x4915b8 EditWndProc
0x4915bc ChangeMenuA
0x4915c0 GetClipCursor
0x4915c8 RemovePropW
0x4915cc DlgDirSelectExA
0x4915d0 PaintDesktop
0x4915d4 GetWindowInfo
0x4915d8 CloseWindow
0x4915dc SetScrollPos
0x4915e0 EnumDesktopWindows
0x4915e4 CascadeWindows
0x4915e8 CharToOemBuffA
0x4915f0 RealGetWindowClassA
0x4915f4 VkKeyScanA
0x4915f8 SetPropA
0x4915fc GetMessageExtraInfo
0x491600 IMPGetIMEA
0x491608 GetWindowWord
0x49160c IsWindow
0x49161c GrayStringW
0x491620 DdeInitializeW
0x491624 SetRect
0x491628 IsHungAppWindow
0x49162c LoadCursorFromFileA
Library GDI32.dll:
0x491634 PlayEnhMetaFile
0x491638 CreateSolidBrush
0x491640 CreateCompatibleDC
0x491644 DeleteEnhMetaFile
0x491648 CloseEnhMetaFile
0x49164c CreateEnhMetaFileW
0x491650 CreateEnhMetaFileA
0x491654 CreateDIBSection
0x491658 GetBkMode
0x49165c BitBlt
0x491660 TextOutA
0x491664 TextOutW
0x491668 SetBkMode
0x49166c SetBkColor
0x491670 SetTextColor
0x491674 GetObjectA
0x491678 GetTextMetricsA
0x49167c GetObjectW
0x491680 GetTextMetricsW
0x491684 CreateRectRgn
0x491688 StartPage
0x49168c EndPage
0x491690 EndDoc
0x491698 GetTextAlign
0x49169c SetTextAlign
0x4916a0 ExtTextOutW
0x4916a4 CreateBitmap
0x4916a8 CreatePatternBrush
0x4916ac PatBlt
0x4916b0 DeleteDC
0x4916b4 CreateDCW
0x4916b8 CreateDCA
0x4916bc GetDeviceCaps
0x4916c0 GetStockObject
0x4916c4 StartDocA
0x4916c8 StartDocW
0x4916cc CreateFontIndirectA
0x4916d0 CreateFontIndirectW
0x4916d4 CreatePen
0x4916d8 SelectObject
0x4916dc MoveToEx
0x4916e0 LineTo
0x4916e4 ExtTextOutA
0x4916e8 DeleteObject
0x4916ec GdiEntry9
0x4916f0 PolyTextOutW
0x4916f4 EngQueryLocalTime
0x4916f8 GdiAlphaBlend
0x4916fc GdiQueryTable
0x491704 GdiGetSpoolMessage
0x49170c SetBrushOrgEx
0x491710 EngCopyBits
0x491714 CreateICA
0x491718 EnumEnhMetaFile
0x491724 UnrealizeObject
0x491728 EngGradientFill
0x49172c EngAlphaBlend
0x49173c GdiDllInitialize
0x491740 CLIPOBJ_ppoGetPath
0x491744 SetEnhMetaFileBits
0x491748 SetAbortProc
0x49174c GetPixel
0x491754 SaveDC
0x491758 GetKerningPairsW
0x491760 EnumFontFamiliesA
0x491764 ExtSelectClipRgn
0x491768 SetDeviceGammaRamp
0x491770 SelectPalette
0x491774 GdiEntry5
0x491778 GdiGetCodePage
0x491784 ColorCorrectPalette
0x491788 GdiEntry2
0x49178c GetEnhMetaFileA
Library COMDLG32.dll:
0x491794 PageSetupDlgW
0x491798 PageSetupDlgA
0x49179c GetSaveFileNameW
0x4917a0 ChooseColorW
0x4917a4 PrintDlgW
0x4917a8 PrintDlgA
0x4917ac ChooseFontA
0x4917b0 ChooseFontW
0x4917b4 GetOpenFileNameA
0x4917b8 GetSaveFileNameA
0x4917bc GetOpenFileNameW
0x4917c0 ChooseColorA
Library ADVAPI32.dll:
0x4917c8 RegSetValueExA
0x4917cc RegDeleteValueA
0x4917d0 RegEnumValueA
0x4917d4 RegOpenKeyExA
0x4917d8 RegEnumValueW
0x4917dc RegCreateKeyExW
0x4917e0 RegCreateKeyExA
0x4917e4 RegEnumKeyExW
0x4917e8 RegDeleteKeyA
0x4917ec RegDeleteKeyW
0x4917f0 RegDeleteValueW
0x4917f4 RegCloseKey
0x4917f8 RegSetValueExW
0x4917fc RegQueryValueExA
0x491800 RegQueryValueExW
0x491804 RegOpenKeyExW
0x491808 RegOpenKeyW
Library SHELL32.dll:
0x491810 ShellExecuteExW
0x491814 SHChangeNotify
0x491818 SHGetMalloc
0x49181c DragAcceptFiles
0x491820 ShellExecuteA
0x491824 ShellExecuteW
0x491828 DragQueryFileA
0x49182c DragQueryFileW
0x491830 DragFinish
0x491834 SHBindToParent
0x491840 DragQueryPoint
0x491844 CheckEscapesW
0x491848 ExtractIconW
0x49184c DoEnvironmentSubstW
0x491854 SHGetFileInfo
0x491858 SHGetFolderPathA
0x49185c DragQueryFileAorW
Library ole32.dll:
0x49186c ReleaseStgMedium
0x491870 RevokeDragDrop
0x491874 RegisterDragDrop
0x491878 OleInitialize
0x49187c OleUninitialize
0x491880 DoDragDrop
Library IMM32.dll:
0x491894 ImmEscapeW
0x49189c ImmGetContext
0x4918a4 ImmReleaseContext

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51379 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.