6.8
高危
57 个模型检测该样本为恶意!
重新分析
更多

425b6f4931518861eddd73d943cf463db97247741677bf96cd6efa61a28400df

ed1a6affbb18c97fc60015c736da1386.exe

分析耗时

31s

最近分析

文件大小

1.6MB
静态报毒 动态报毒 100% AGEN AGENTTESLA AI SCORE=84 AJFK AKOW ANDROM ASTN ATTRIBUTE CONFIDENCE DELF DELPHILESS02 EJWM FAREIT GENASA GURHZV HIGH CONFIDENCE HIGHCONFIDENCE HPLOKI LOKIBOT MALWARE@#7M98Z5FAVVFB MH1@AMLDS@LI O+0QDOIKW9O R + MAL SCORE SCSE SMBD STATIC AI SUSPICIOUS PE TSCOPE TSPY UNSAFE VP5CKVMYKPP ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FRB!ED1A6AFFBB18 20201228 6.0.6.653
Alibaba Backdoor:Win32/Androm.197 20190527 0.3.0.5
Avast Win32:Trojan-gen 20201228 21.1.5827.0
Baidu 20190318 1.0.0.2
Kingsoft 20201228 2017.9.26.565
Tencent Win32.Backdoor.Androm.Akow 20201228 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619999682.809857
__exception__
stacktrace: 
ed1a6affbb18c97fc60015c736da1386+0x80f52 @ 0x480f52
ed1a6affbb18c97fc60015c736da1386+0x3c4b @ 0x403c4b
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637780
registers.edi: 4722564
registers.eax: 0
registers.ebp: 1638208
registers.edx: 7551376
registers.ebx: 85
registers.esi: 0
registers.ecx: 2010527866
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 eb 11 e9 0d 29 f8
exception.symbol: ed1a6affbb18c97fc60015c736da1386+0x80cf6
exception.instruction: div eax
exception.module: ed1a6affbb18c97fc60015c736da1386.exe
exception.exception_code: 0xc0000094
exception.offset: 527606
exception.address: 0x480cf6
success 0 0
1620013124.502875
__exception__
stacktrace: 
RtlFlsAlloc+0x421 EtwNotificationRegister-0x6ae ntdll+0x3ee84 @ 0x77d6ee84
RtlRunOnceComplete+0x3a4 LdrLoadDll-0xb1 ntdll+0x3c389 @ 0x77d6c389
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77d6c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7519d4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x778f1d2a
ed1a6affbb18c97fc60015c736da1386+0x1f63f8 @ 0x5f63f8
_CorValidateImage+0x83f _CorExeMain-0x2cc mscoree+0x4b0f @ 0x749b4b0f
_CorExeMain+0xf62 CreateConfigStream-0x209a mscoree+0x5d3d @ 0x749b5d3d
ed1a6affbb18c97fc60015c736da1386+0x17005c @ 0x57005c

registers.esp: 1633872
registers.edi: 0
registers.eax: 0
registers.ebp: 1633912
registers.edx: 582600
registers.ebx: 0
registers.esi: 1634116
registers.ecx: 176
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfdcf14ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (28 个事件)
Time & API Arguments Status Return Repeated
1619999682.606857
NtAllocateVirtualMemory
process_identifier: 2344
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01ee0000
success 0 0
1619999692.387857
NtProtectVirtualMemory
process_identifier: 2344
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 24576
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0047b000
success 0 0
1619999692.387857
NtAllocateVirtualMemory
process_identifier: 2344
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x020c0000
success 0 0
1620013124.064875
NtProtectVirtualMemory
process_identifier: 2476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1620013124.127875
NtAllocateVirtualMemory
process_identifier: 2476
region_size: 1572864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x02690000
success 0 0
1620013124.127875
NtAllocateVirtualMemory
process_identifier: 2476
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x027d0000
success 0 0
1620013124.127875
NtAllocateVirtualMemory
process_identifier: 2476
region_size: 2023424
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02810000
success 0 0
1620013124.127875
NtProtectVirtualMemory
process_identifier: 2476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 1982464
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02812000
success 0 0
1620013124.486875
NtProtectVirtualMemory
process_identifier: 2476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x008a2000
success 0 0
1620013124.486875
NtProtectVirtualMemory
process_identifier: 2476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1620013124.486875
NtProtectVirtualMemory
process_identifier: 2476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x008a2000
success 0 0
1620013124.486875
NtProtectVirtualMemory
process_identifier: 2476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1620013124.486875
NtProtectVirtualMemory
process_identifier: 2476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x008a2000
success 0 0
1620013124.486875
NtProtectVirtualMemory
process_identifier: 2476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1620013124.486875
NtProtectVirtualMemory
process_identifier: 2476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x008a2000
success 0 0
1620013124.486875
NtProtectVirtualMemory
process_identifier: 2476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1620013124.486875
NtProtectVirtualMemory
process_identifier: 2476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x008a2000
success 0 0
1620013124.486875
NtProtectVirtualMemory
process_identifier: 2476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1620013124.486875
NtProtectVirtualMemory
process_identifier: 2476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x008a2000
success 0 0
1620013124.486875
NtProtectVirtualMemory
process_identifier: 2476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1620013124.486875
NtProtectVirtualMemory
process_identifier: 2476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x008a2000
success 0 0
1620013124.486875
NtProtectVirtualMemory
process_identifier: 2476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1620013124.486875
NtProtectVirtualMemory
process_identifier: 2476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x008a2000
success 0 0
1620013124.486875
NtProtectVirtualMemory
process_identifier: 2476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1620013124.486875
NtProtectVirtualMemory
process_identifier: 2476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x008a2000
success 0 0
1620013124.486875
NtProtectVirtualMemory
process_identifier: 2476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1620013124.486875
NtProtectVirtualMemory
process_identifier: 2476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x008a2000
success 0 0
1620013124.486875
NtProtectVirtualMemory
process_identifier: 2476
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\30081904L0PR.vbs
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.659806815768122 section {'size_of_data': '0x0010c000', 'virtual_address': '0x00094000', 'entropy': 7.659806815768122, 'name': '.rsrc', 'virtual_size': '0x0010bf80'} description A section with a high entropy has been found
entropy 0.6542569423252975 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Installs itself for autorun at Windows startup (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\30081904L0PR.vbs
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2344 called NtSetContextThread to modify thread in remote process 2476
Time & API Arguments Status Return Repeated
1619999693.184857
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 2010382788
registers.esp: 1638384
registers.edi: 0
registers.eax: 8287136
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2476
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2344 resumed a thread in remote process 2476
Time & API Arguments Status Return Repeated
1619999693.621857
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 2476
success 0 0
Executed a process and injected code into it, probably while unpacking (7 个事件)
Time & API Arguments Status Return Repeated
1619999692.981857
CreateProcessInternalW
thread_identifier: 472
thread_handle: 0x00000114
process_identifier: 2476
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\ed1a6affbb18c97fc60015c736da1386.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x0000010c
inherit_handles: 0
success 1 0
1619999692.981857
NtGetContextThread
thread_handle: 0x00000114
success 0 0
1619999692.981857
NtUnmapViewOfSection
process_identifier: 2476
region_size: 4096
process_handle: 0x0000010c
base_address: 0x00400000
success 0 0
1619999692.981857
NtMapViewOfSection
section_handle: 0x0000011c
process_identifier: 2476
commit_size: 4104192
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x0000010c
allocation_type: 0 ()
section_offset: 0
view_size: 4104192
base_address: 0x00400000
success 0 0
1619999693.168857
NtMapViewOfSection
section_handle: 0x00000118
process_identifier: 2476
commit_size: 4096
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x0000010c
allocation_type: 0 ()
section_offset: 0
view_size: 4096
base_address: 0x001f0000
success 0 0
1619999693.184857
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 2010382788
registers.esp: 1638384
registers.edi: 0
registers.eax: 8287136
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2476
success 0 0
1619999693.621857
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 2476
success 0 0
File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 个事件)
Elastic malicious (high confidence)
DrWeb Trojan.PWS.Stealer.23680
MicroWorld-eScan Trojan.Delf.FareIt.Gen.7
FireEye Generic.mg.ed1a6affbb18c97f
Qihoo-360 Win32/Backdoor.650
McAfee Fareit-FRB!ED1A6AFFBB18
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 0055ebf91 )
Alibaba Backdoor:Win32/Androm.197
K7GW Trojan ( 0055ebf91 )
Cybereason malicious.fbb18c
Arcabit Trojan.Delf.FareIt.Gen.7
BitDefenderTheta Gen:NN.ZelphiF.34700.MH1@amldS@li
Cyren W32/Injector.SCSE-6735
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Trojan-gen
ClamAV Win.Trojan.LokiBot-7565160-1
Kaspersky HEUR:Backdoor.Win32.Androm.gen
BitDefender Trojan.Delf.FareIt.Gen.7
NANO-Antivirus Trojan.Win32.Stealer.gurhzv
Paloalto generic.ml
Rising Trojan.Injector!8.C4 (TFE:5:vp5CKVmyKPP)
Ad-Aware Trojan.Delf.FareIt.Gen.7
Sophos Mal/Generic-R + Mal/Fareit-V
Comodo Malware@#7m98z5favvfb
F-Secure Heuristic.HEUR/AGEN.1115465
VIPRE Trojan.Win32.Generic!BT
TrendMicro TSPY_HPLOKI.SMBD
McAfee-GW-Edition BehavesLike.Win32.Fareit.tc
Emsisoft Trojan.Delf.FareIt.Gen.7 (B)
SentinelOne Static AI - Suspicious PE
Jiangmin Backdoor.Androm.astn
Avira HEUR/AGEN.1115465
MAX malware (ai score=84)
Antiy-AVL Trojan[Backdoor]/Win32.Androm
Gridinsoft Trojan.Win32.Agent.ba!s1
Microsoft PWS:Win32/Fareit.ART!MTB
AegisLab Trojan.Multi.Generic.4!c
ZoneAlarm HEUR:Backdoor.Win32.Androm.gen
GData Trojan.Delf.FareIt.Gen.7
Cynet Malicious (score: 100)
AhnLab-V3 Win-Trojan/Delphiless02.Exp
VBA32 TScope.Trojan.Delf
ALYac Backdoor.Androm.gen
Malwarebytes Spyware.AgentTesla
ESET-NOD32 a variant of Win32/Injector.EJWM
TrendMicro-HouseCall TSPY_HPLOKI.SMBD
Tencent Win32.Backdoor.Androm.Akow
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1991-12-14 08:56:06

Imports

Library kernel32.dll:
0x485164 VirtualFree
0x485168 VirtualAlloc
0x48516c LocalFree
0x485170 LocalAlloc
0x485174 GetVersion
0x485178 GetCurrentThreadId
0x485184 VirtualQuery
0x485188 WideCharToMultiByte
0x48518c MultiByteToWideChar
0x485190 lstrlenA
0x485194 lstrcpynA
0x485198 LoadLibraryExA
0x48519c GetThreadLocale
0x4851a0 GetStartupInfoA
0x4851a4 GetProcAddress
0x4851a8 GetModuleHandleA
0x4851ac GetModuleFileNameA
0x4851b0 GetLocaleInfoA
0x4851b4 GetCommandLineA
0x4851b8 FreeLibrary
0x4851bc FindFirstFileA
0x4851c0 FindClose
0x4851c4 ExitProcess
0x4851c8 ExitThread
0x4851cc CreateThread
0x4851d0 WriteFile
0x4851d8 RtlUnwind
0x4851dc RaiseException
0x4851e0 GetStdHandle
Library user32.dll:
0x4851e8 GetKeyboardType
0x4851ec LoadStringA
0x4851f0 MessageBoxA
0x4851f4 CharNextA
Library advapi32.dll:
0x4851fc RegQueryValueExA
0x485200 RegOpenKeyExA
0x485204 RegCloseKey
Library oleaut32.dll:
0x48520c SysFreeString
0x485210 SysReAllocStringLen
0x485214 SysAllocStringLen
Library kernel32.dll:
0x48521c TlsSetValue
0x485220 TlsGetValue
0x485224 LocalAlloc
0x485228 GetModuleHandleA
Library advapi32.dll:
0x485230 RegQueryValueExA
0x485234 RegOpenKeyExA
0x485238 RegCloseKey
Library kernel32.dll:
0x485240 lstrcpyA
0x485244 lstrcmpA
0x485248 WriteFile
0x48524c WaitForSingleObject
0x485250 VirtualQuery
0x485254 VirtualProtect
0x485258 VirtualFree
0x48525c VirtualAlloc
0x485260 SuspendThread
0x485264 SleepEx
0x485268 Sleep
0x48526c SizeofResource
0x485270 SetThreadLocale
0x485274 SetFilePointer
0x485278 SetEvent
0x48527c SetErrorMode
0x485280 SetEndOfFile
0x485284 ResumeThread
0x485288 ResetEvent
0x48528c ReadFile
0x485290 MulDiv
0x485294 LockResource
0x485298 LoadResource
0x48529c LoadLibraryA
0x4852a8 GlobalUnlock
0x4852ac GlobalReAlloc
0x4852b0 GlobalHandle
0x4852b4 GlobalLock
0x4852b8 GlobalFree
0x4852bc GlobalFindAtomA
0x4852c0 GlobalDeleteAtom
0x4852c4 GlobalAlloc
0x4852c8 GlobalAddAtomA
0x4852cc GetVersionExA
0x4852d0 GetVersion
0x4852d4 GetTickCount
0x4852d8 GetThreadLocale
0x4852dc GetTempPathA
0x4852e0 GetSystemInfo
0x4852e4 GetStringTypeExA
0x4852e8 GetStdHandle
0x4852ec GetProcAddress
0x4852f0 GetPriorityClass
0x4852f4 GetModuleHandleA
0x4852f8 GetModuleFileNameA
0x4852fc GetLocaleInfoA
0x485300 GetLocalTime
0x485304 GetLastError
0x485308 GetFullPathNameA
0x48530c GetFileSize
0x485310 GetFileAttributesA
0x485314 GetExitCodeThread
0x485318 GetDiskFreeSpaceA
0x48531c GetDateFormatA
0x485320 GetCurrentThreadId
0x485324 GetCurrentProcessId
0x485328 GetCPInfo
0x48532c GetACP
0x485330 FreeResource
0x485338 InterlockedExchange
0x485340 FreeLibrary
0x485344 FormatMessageA
0x485348 FindResourceA
0x48534c FindFirstFileA
0x485350 FindClose
0x48535c EnumCalendarInfoA
0x485368 CreateThread
0x48536c CreateFileA
0x485370 CreateEventA
0x485374 CompareStringA
0x485378 CloseHandle
Library version.dll:
0x485380 VerQueryValueA
0x485388 GetFileVersionInfoA
Library gdi32.dll:
0x485390 UnrealizeObject
0x485394 StretchBlt
0x485398 SetWindowOrgEx
0x48539c SetWindowExtEx
0x4853a0 SetWinMetaFileBits
0x4853a4 SetViewportOrgEx
0x4853a8 SetViewportExtEx
0x4853ac SetTextColor
0x4853b0 SetStretchBltMode
0x4853b4 SetROP2
0x4853b8 SetPixel
0x4853bc SetMapMode
0x4853c0 SetEnhMetaFileBits
0x4853c4 SetDIBColorTable
0x4853c8 SetBrushOrgEx
0x4853cc SetBkMode
0x4853d0 SetBkColor
0x4853d4 SelectPalette
0x4853d8 SelectObject
0x4853dc SelectClipRgn
0x4853e0 SaveDC
0x4853e4 RestoreDC
0x4853e8 Rectangle
0x4853ec RectVisible
0x4853f0 RealizePalette
0x4853f4 Polyline
0x4853f8 PolyPolyline
0x4853fc PlayEnhMetaFile
0x485400 PatBlt
0x485404 MoveToEx
0x485408 MaskBlt
0x48540c LineTo
0x485410 IntersectClipRect
0x485414 GetWindowOrgEx
0x485418 GetWinMetaFileBits
0x48541c GetTextMetricsA
0x485428 GetStockObject
0x48542c GetPixel
0x485430 GetPaletteEntries
0x485434 GetObjectA
0x485440 GetEnhMetaFileBits
0x485444 GetDeviceCaps
0x485448 GetDIBits
0x48544c GetDIBColorTable
0x485450 GetDCOrgEx
0x485458 GetClipBox
0x48545c GetBrushOrgEx
0x485460 GetBitmapBits
0x485464 ExtCreatePen
0x485468 ExcludeClipRect
0x48546c DeleteObject
0x485470 DeleteEnhMetaFile
0x485474 DeleteDC
0x485478 CreateSolidBrush
0x48547c CreateRectRgn
0x485480 CreatePenIndirect
0x485484 CreatePen
0x485488 CreatePalette
0x485490 CreateFontIndirectA
0x485494 CreateDIBitmap
0x485498 CreateDIBSection
0x48549c CreateCompatibleDC
0x4854a4 CreateBrushIndirect
0x4854a8 CreateBitmap
0x4854ac CopyEnhMetaFileA
0x4854b0 BitBlt
Library user32.dll:
0x4854b8 CreateWindowExA
0x4854bc WindowFromPoint
0x4854c0 WinHelpA
0x4854c4 WaitMessage
0x4854c8 ValidateRect
0x4854cc UpdateWindow
0x4854d0 UnregisterClassA
0x4854d4 UnionRect
0x4854d8 UnhookWindowsHookEx
0x4854dc TranslateMessage
0x4854e4 TrackPopupMenu
0x4854ec ShowWindow
0x4854f0 ShowScrollBar
0x4854f4 ShowOwnedPopups
0x4854f8 ShowCursor
0x4854fc SetWindowsHookExA
0x485500 SetWindowTextA
0x485504 SetWindowPos
0x485508 SetWindowPlacement
0x48550c SetWindowLongA
0x485510 SetTimer
0x485514 SetScrollRange
0x485518 SetScrollPos
0x48551c SetScrollInfo
0x485520 SetRect
0x485524 SetPropA
0x485528 SetParent
0x48552c SetMenuItemInfoA
0x485530 SetMenu
0x485534 SetKeyboardState
0x485538 SetForegroundWindow
0x48553c SetFocus
0x485540 SetCursor
0x485544 SetClipboardData
0x485548 SetClassLongA
0x48554c SetCapture
0x485550 SetActiveWindow
0x485554 SendMessageA
0x485558 ScrollWindowEx
0x48555c ScrollWindow
0x485560 ScreenToClient
0x485564 RemovePropA
0x485568 RemoveMenu
0x48556c ReleaseDC
0x485570 ReleaseCapture
0x48557c RegisterClassA
0x485580 RedrawWindow
0x485584 PtInRect
0x485588 PostQuitMessage
0x48558c PostMessageA
0x485590 PeekMessageA
0x485594 OpenClipboard
0x485598 OffsetRect
0x48559c OemToCharA
0x4855a4 MessageBoxA
0x4855a8 MessageBeep
0x4855ac MapWindowPoints
0x4855b0 MapVirtualKeyA
0x4855b4 LoadStringA
0x4855b8 LoadKeyboardLayoutA
0x4855bc LoadIconA
0x4855c0 LoadCursorA
0x4855c4 LoadBitmapA
0x4855c8 KillTimer
0x4855cc IsZoomed
0x4855d0 IsWindowVisible
0x4855d4 IsWindowEnabled
0x4855d8 IsWindow
0x4855dc IsRectEmpty
0x4855e0 IsIconic
0x4855e4 IsDialogMessageA
0x4855e8 IsChild
0x4855ec IsCharAlphaNumericA
0x4855f0 IsCharAlphaA
0x4855f4 InvalidateRect
0x4855f8 IntersectRect
0x4855fc InsertMenuItemA
0x485600 InsertMenuA
0x485604 InflateRect
0x48560c GetWindowTextA
0x485610 GetWindowRect
0x485614 GetWindowPlacement
0x485618 GetWindowLongA
0x48561c GetWindowDC
0x485620 GetTopWindow
0x485624 GetSystemMetrics
0x485628 GetSystemMenu
0x48562c GetSysColorBrush
0x485630 GetSysColor
0x485634 GetSubMenu
0x485638 GetScrollRange
0x48563c GetScrollPos
0x485640 GetScrollInfo
0x485644 GetPropA
0x485648 GetParent
0x48564c GetWindow
0x485650 GetMessageTime
0x485654 GetMenuStringA
0x485658 GetMenuState
0x48565c GetMenuItemInfoA
0x485660 GetMenuItemID
0x485664 GetMenuItemCount
0x485668 GetMenu
0x48566c GetLastActivePopup
0x485670 GetKeyboardState
0x485678 GetKeyboardLayout
0x48567c GetKeyState
0x485680 GetKeyNameTextA
0x485684 GetIconInfo
0x485688 GetForegroundWindow
0x48568c GetFocus
0x485690 GetDoubleClickTime
0x485694 GetDlgItem
0x485698 GetDesktopWindow
0x48569c GetDCEx
0x4856a0 GetDC
0x4856a4 GetCursorPos
0x4856a8 GetCursor
0x4856ac GetClipboardData
0x4856b0 GetClientRect
0x4856b4 GetClassNameA
0x4856b8 GetClassInfoA
0x4856bc GetCaretPos
0x4856c0 GetCapture
0x4856c4 GetActiveWindow
0x4856c8 FrameRect
0x4856cc FindWindowA
0x4856d0 FillRect
0x4856d4 EqualRect
0x4856d8 EnumWindows
0x4856dc EnumThreadWindows
0x4856e4 EndPaint
0x4856e8 EnableWindow
0x4856ec EnableScrollBar
0x4856f0 EnableMenuItem
0x4856f4 EmptyClipboard
0x4856f8 DrawTextA
0x4856fc DrawMenuBar
0x485700 DrawIconEx
0x485704 DrawIcon
0x485708 DrawFrameControl
0x48570c DrawFocusRect
0x485710 DrawEdge
0x485714 DispatchMessageA
0x485718 DestroyWindow
0x48571c DestroyMenu
0x485720 DestroyIcon
0x485724 DestroyCursor
0x485728 DeleteMenu
0x48572c DefWindowProcA
0x485730 DefMDIChildProcA
0x485734 DefFrameProcA
0x485738 CreatePopupMenu
0x48573c CreateMenu
0x485740 CreateIcon
0x485744 CloseClipboard
0x485748 ClientToScreen
0x48574c CheckMenuItem
0x485750 CallWindowProcA
0x485754 CallNextHookEx
0x485758 BeginPaint
0x48575c CharNextA
0x485760 CharLowerBuffA
0x485764 CharLowerA
0x485768 CharUpperBuffA
0x48576c CharToOemA
0x485770 AdjustWindowRectEx
Library kernel32.dll:
0x48577c Sleep
Library oleaut32.dll:
0x485784 SafeArrayPtrOfIndex
0x485788 SafeArrayGetUBound
0x48578c SafeArrayGetLBound
0x485790 SafeArrayCreate
0x485794 VariantChangeType
0x485798 VariantCopy
0x48579c VariantClear
0x4857a0 VariantInit
Library ole32.dll:
0x4857a8 CoTaskMemAlloc
0x4857ac CoCreateInstance
0x4857b0 CoUninitialize
0x4857b4 CoInitialize
Library comctl32.dll:
0x4857c4 ImageList_Write
0x4857c8 ImageList_Read
0x4857d8 ImageList_DragMove
0x4857dc ImageList_DragLeave
0x4857e0 ImageList_DragEnter
0x4857e4 ImageList_EndDrag
0x4857e8 ImageList_BeginDrag
0x4857ec ImageList_Remove
0x4857f0 ImageList_DrawEx
0x4857f4 ImageList_Replace
0x4857f8 ImageList_Draw
0x485808 ImageList_Add
0x485810 ImageList_Destroy
0x485814 ImageList_Create
0x485818 InitCommonControls
Library comdlg32.dll:
0x485820 GetOpenFileNameA
Library kernel32.dll:
0x485828 MulDiv

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.