4.6
中危
该样本未表现出任何异常!
重新分析
更多

a9bde7b444ccaa66a7caa034bfc040bbbeb1ac8707f7077e612fb996dc754e1f

f166e664efe0c7642a6fa116af90069f.exe

分析耗时

25s

最近分析

文件大小

744.5KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619999686.009148
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34668352
registers.edi: 0
registers.eax: 0
registers.ebp: 34668424
registers.edx: 2130553844
registers.ebx: 0
registers.esi: 0
registers.ecx: 3697213440
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 eb 5f e9 83 19 fa
exception.symbol: f166e664efe0c7642a6fa116af90069f+0x61c00
exception.instruction: div eax
exception.module: f166e664efe0c7642a6fa116af90069f.exe
exception.exception_code: 0xc0000094
exception.offset: 400384
exception.address: 0x461c00
success 0 0
1619999688.630377
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7501e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7501ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7501b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7501b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7501ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7501aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7501559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75137f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75134de3
f166e664efe0c7642a6fa116af90069f+0x58a4d @ 0x458a4d
f166e664efe0c7642a6fa116af90069f+0x51254 @ 0x451254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfd8614ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1619999685.602148
NtAllocateVirtualMemory
process_identifier: 2900
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e0000
success 0 0
1619999686.009148
NtAllocateVirtualMemory
process_identifier: 2900
region_size: 57344
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00550000
success 0 0
1619999686.009148
NtAllocateVirtualMemory
process_identifier: 2900
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01ec0000
success 0 0
1619999687.099377
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619999687.334377
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 1638400
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01df0000
success 0 0
1619999687.334377
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01f40000
success 0 0
1619999687.334377
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00640000
success 0 0
1619999687.334377
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 299008
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00642000
success 0 0
1619999688.130377
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 2162688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x02170000
success 0 0
1619999688.130377
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02340000
success 0 0
1619999688.599377
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00342000
success 0 0
1619999688.599377
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619999688.599377
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00342000
success 0 0
1619999688.599377
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619999688.599377
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00342000
success 0 0
1619999688.599377
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619999688.599377
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00342000
success 0 0
1619999688.599377
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619999688.599377
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00342000
success 0 0
1619999688.599377
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619999688.599377
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00342000
success 0 0
1619999688.599377
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619999688.599377
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00342000
success 0 0
1619999688.599377
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619999688.599377
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00342000
success 0 0
1619999688.599377
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619999688.599377
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00342000
success 0 0
1619999688.599377
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619999688.599377
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00342000
success 0 0
1619999688.599377
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (3 个事件)
entropy 7.594826898885268 section {'size_of_data': '0x0000e600', 'virtual_address': '0x00062000', 'entropy': 7.594826898885268, 'name': 'DATA', 'virtual_size': '0x0000e58c'} description A section with a high entropy has been found
entropy 7.473027044965356 section {'size_of_data': '0x00041200', 'virtual_address': '0x0007e000', 'entropy': 7.473027044965356, 'name': '.rsrc', 'virtual_size': '0x00041110'} description A section with a high entropy has been found
entropy 0.4277067921990585 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2900 called NtSetContextThread to modify thread in remote process 2116
Time & API Arguments Status Return Repeated
1619999686.196148
NtSetContextThread
thread_handle: 0x00000110
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4893696
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2116
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2900 resumed a thread in remote process 2116
Time & API Arguments Status Return Repeated
1619999687.056148
NtResumeThread
thread_handle: 0x00000110
suspend_count: 1
process_identifier: 2116
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619999686.134148
CreateProcessInternalW
thread_identifier: 368
thread_handle: 0x00000110
process_identifier: 2116
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f166e664efe0c7642a6fa116af90069f.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000114
inherit_handles: 0
success 1 0
1619999686.134148
NtUnmapViewOfSection
process_identifier: 2116
region_size: 4096
process_handle: 0x00000114
base_address: 0x00400000
success 0 0
1619999686.134148
NtMapViewOfSection
section_handle: 0x0000011c
process_identifier: 2116
commit_size: 704512
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000114
allocation_type: 0 ()
section_offset: 0
view_size: 704512
base_address: 0x00400000
success 0 0
1619999686.196148
NtGetContextThread
thread_handle: 0x00000110
success 0 0
1619999686.196148
NtSetContextThread
thread_handle: 0x00000110
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4893696
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2116
success 0 0
1619999687.056148
NtResumeThread
thread_handle: 0x00000110
suspend_count: 1
process_identifier: 2116
success 0 0
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x472178 VirtualFree
0x47217c VirtualAlloc
0x472180 LocalFree
0x472184 LocalAlloc
0x472188 GetVersion
0x47218c GetCurrentThreadId
0x472198 VirtualQuery
0x47219c WideCharToMultiByte
0x4721a0 MultiByteToWideChar
0x4721a4 lstrlenA
0x4721a8 lstrcpynA
0x4721ac LoadLibraryExA
0x4721b0 GetThreadLocale
0x4721b4 GetStartupInfoA
0x4721b8 GetProcAddress
0x4721bc GetModuleHandleA
0x4721c0 GetModuleFileNameA
0x4721c4 GetLocaleInfoA
0x4721c8 GetCommandLineA
0x4721cc FreeLibrary
0x4721d0 FindFirstFileA
0x4721d4 FindClose
0x4721d8 ExitProcess
0x4721dc ExitThread
0x4721e0 CreateThread
0x4721e4 WriteFile
0x4721ec RtlUnwind
0x4721f0 RaiseException
0x4721f4 GetStdHandle
Library user32.dll:
0x4721fc GetKeyboardType
0x472200 LoadStringA
0x472204 MessageBoxA
0x472208 CharNextA
Library advapi32.dll:
0x472210 RegQueryValueExA
0x472214 RegOpenKeyExA
0x472218 RegCloseKey
Library oleaut32.dll:
0x472220 SysFreeString
0x472224 SysReAllocStringLen
0x472228 SysAllocStringLen
Library kernel32.dll:
0x472230 TlsSetValue
0x472234 TlsGetValue
0x472238 LocalAlloc
0x47223c GetModuleHandleA
Library advapi32.dll:
0x472244 RegQueryValueExA
0x472248 RegOpenKeyExA
0x47224c RegCloseKey
Library kernel32.dll:
0x472254 lstrcpyA
0x472258 lstrcmpA
0x47225c WriteFile
0x472264 WaitForSingleObject
0x47226c VirtualQuery
0x472270 VirtualAlloc
0x472274 Sleep
0x472278 SizeofResource
0x47227c SetThreadLocale
0x472280 SetFilePointer
0x472284 SetEvent
0x472288 SetErrorMode
0x47228c SetEndOfFile
0x472290 ResumeThread
0x472294 ResetEvent
0x472298 ReleaseMutex
0x47229c ReadFile
0x4722a0 MultiByteToWideChar
0x4722a4 MulDiv
0x4722a8 LockResource
0x4722ac LoadResource
0x4722b0 LoadLibraryA
0x4722bc GlobalUnlock
0x4722c0 GlobalReAlloc
0x4722c4 GlobalHandle
0x4722c8 GlobalLock
0x4722cc GlobalFree
0x4722d0 GlobalFindAtomA
0x4722d4 GlobalDeleteAtom
0x4722d8 GlobalAlloc
0x4722dc GlobalAddAtomA
0x4722e0 GetVersionExA
0x4722e4 GetVersion
0x4722e8 GetTickCount
0x4722ec GetThreadLocale
0x4722f4 GetSystemTime
0x4722f8 GetSystemInfo
0x4722fc GetStringTypeExA
0x472300 GetStdHandle
0x472304 GetProcAddress
0x472308 GetModuleHandleA
0x47230c GetModuleFileNameA
0x472310 GetLocaleInfoA
0x472314 GetLocalTime
0x472318 GetLastError
0x47231c GetFullPathNameA
0x472320 GetFileType
0x472324 GetExitCodeThread
0x472328 GetDiskFreeSpaceA
0x47232c GetDateFormatA
0x472330 GetCurrentThreadId
0x472334 GetCurrentProcessId
0x472338 GetCPInfo
0x47233c GetACP
0x472340 FreeResource
0x472348 InterlockedExchange
0x472350 FreeLibrary
0x472354 FormatMessageA
0x472358 FindResourceA
0x47236c ExitThread
0x472370 EnumCalendarInfoA
0x47237c CreateThread
0x472380 CreateMutexA
0x472384 CreateFileA
0x472388 CreateEventA
0x47238c CompareStringA
0x472390 CloseHandle
Library version.dll:
0x472398 VerQueryValueA
0x4723a0 GetFileVersionInfoA
Library gdi32.dll:
0x4723a8 UnrealizeObject
0x4723ac StretchBlt
0x4723b0 SetWindowOrgEx
0x4723b4 SetViewportOrgEx
0x4723b8 SetTextColor
0x4723bc SetStretchBltMode
0x4723c0 SetROP2
0x4723c4 SetPixel
0x4723c8 SetDIBColorTable
0x4723cc SetBrushOrgEx
0x4723d0 SetBkMode
0x4723d4 SetBkColor
0x4723d8 SelectPalette
0x4723dc SelectObject
0x4723e0 SaveDC
0x4723e4 RestoreDC
0x4723e8 Rectangle
0x4723ec RectVisible
0x4723f0 RealizePalette
0x4723f4 PatBlt
0x4723f8 MoveToEx
0x4723fc MaskBlt
0x472400 LineTo
0x472404 IntersectClipRect
0x472408 GetWindowOrgEx
0x47240c GetTextMetricsA
0x472418 GetStockObject
0x47241c GetPixel
0x472420 GetPaletteEntries
0x472424 GetObjectA
0x472428 GetDeviceCaps
0x47242c GetDIBits
0x472430 GetDIBColorTable
0x472434 GetDCOrgEx
0x47243c GetClipBox
0x472440 GetBrushOrgEx
0x472444 GetBitmapBits
0x472448 ExcludeClipRect
0x47244c DeleteObject
0x472450 DeleteDC
0x472454 CreateSolidBrush
0x472458 CreatePenIndirect
0x47245c CreatePalette
0x472464 CreateFontIndirectA
0x472468 CreateDIBitmap
0x47246c CreateDIBSection
0x472470 CreateCompatibleDC
0x472478 CreateBrushIndirect
0x47247c CreateBitmap
0x472480 BitBlt
Library user32.dll:
0x472488 CreateWindowExA
0x47248c WindowFromPoint
0x472490 WinHelpA
0x472494 WaitMessage
0x472498 UpdateWindow
0x47249c UnregisterClassA
0x4724a0 UnhookWindowsHookEx
0x4724a4 TranslateMessage
0x4724ac TrackPopupMenu
0x4724b4 ShowWindow
0x4724b8 ShowScrollBar
0x4724bc ShowOwnedPopups
0x4724c0 ShowCursor
0x4724c4 SetWindowsHookExA
0x4724c8 SetWindowTextA
0x4724cc SetWindowPos
0x4724d0 SetWindowPlacement
0x4724d4 SetWindowLongA
0x4724d8 SetTimer
0x4724dc SetScrollRange
0x4724e0 SetScrollPos
0x4724e4 SetScrollInfo
0x4724e8 SetRect
0x4724ec SetPropA
0x4724f0 SetParent
0x4724f4 SetMenuItemInfoA
0x4724f8 SetMenu
0x4724fc SetForegroundWindow
0x472500 SetFocus
0x472504 SetCursor
0x472508 SetClassLongA
0x47250c SetCapture
0x472510 SetActiveWindow
0x472514 SendMessageA
0x472518 ScrollWindow
0x47251c ScreenToClient
0x472520 RemovePropA
0x472524 RemoveMenu
0x472528 ReleaseDC
0x47252c ReleaseCapture
0x472538 RegisterClassA
0x47253c RedrawWindow
0x472540 PtInRect
0x472544 PostQuitMessage
0x472548 PostMessageA
0x47254c PeekMessageA
0x472550 OffsetRect
0x472554 OemToCharA
0x47255c MessageBoxA
0x472560 MessageBeep
0x472564 MapWindowPoints
0x472568 MapVirtualKeyA
0x47256c LoadStringA
0x472570 LoadKeyboardLayoutA
0x472574 LoadIconA
0x472578 LoadCursorA
0x47257c LoadBitmapA
0x472580 KillTimer
0x472584 IsZoomed
0x472588 IsWindowVisible
0x47258c IsWindowEnabled
0x472590 IsWindow
0x472594 IsRectEmpty
0x472598 IsIconic
0x47259c IsDialogMessageA
0x4725a0 IsChild
0x4725a4 InvalidateRect
0x4725a8 IntersectRect
0x4725ac InsertMenuItemA
0x4725b0 InsertMenuA
0x4725b4 InflateRect
0x4725bc GetWindowTextA
0x4725c0 GetWindowRect
0x4725c4 GetWindowPlacement
0x4725c8 GetWindowLongA
0x4725cc GetWindowDC
0x4725d0 GetTopWindow
0x4725d4 GetSystemMetrics
0x4725d8 GetSystemMenu
0x4725dc GetSysColorBrush
0x4725e0 GetSysColor
0x4725e4 GetSubMenu
0x4725e8 GetScrollRange
0x4725ec GetScrollPos
0x4725f0 GetScrollInfo
0x4725f4 GetPropA
0x4725f8 GetParent
0x4725fc GetWindow
0x472600 GetMenuStringA
0x472604 GetMenuState
0x472608 GetMenuItemInfoA
0x47260c GetMenuItemID
0x472610 GetMenuItemCount
0x472614 GetMenu
0x472618 GetLastActivePopup
0x47261c GetKeyboardState
0x472624 GetKeyboardLayout
0x472628 GetKeyState
0x47262c GetKeyNameTextA
0x472630 GetIconInfo
0x472634 GetForegroundWindow
0x472638 GetFocus
0x47263c GetDesktopWindow
0x472640 GetDCEx
0x472644 GetDC
0x472648 GetCursorPos
0x47264c GetCursor
0x472650 GetClientRect
0x472654 GetClassNameA
0x472658 GetClassInfoA
0x47265c GetCapture
0x472660 GetActiveWindow
0x472664 FrameRect
0x472668 FindWindowA
0x47266c FillRect
0x472670 EqualRect
0x472674 EnumWindows
0x472678 EnumThreadWindows
0x47267c EndPaint
0x472680 EnableWindow
0x472684 EnableScrollBar
0x472688 EnableMenuItem
0x47268c DrawTextA
0x472690 DrawMenuBar
0x472694 DrawIconEx
0x472698 DrawIcon
0x47269c DrawFrameControl
0x4726a0 DrawFocusRect
0x4726a4 DrawEdge
0x4726a8 DispatchMessageA
0x4726ac DestroyWindow
0x4726b0 DestroyMenu
0x4726b4 DestroyIcon
0x4726b8 DestroyCursor
0x4726bc DeleteMenu
0x4726c0 DefWindowProcA
0x4726c4 DefMDIChildProcA
0x4726c8 DefFrameProcA
0x4726cc CreatePopupMenu
0x4726d0 CreateMenu
0x4726d4 CreateIcon
0x4726d8 ClientToScreen
0x4726dc CheckMenuItem
0x4726e0 CallWindowProcA
0x4726e4 CallNextHookEx
0x4726e8 BeginPaint
0x4726ec CharNextA
0x4726f0 CharLowerA
0x4726f4 CharToOemA
0x4726f8 AdjustWindowRectEx
Library kernel32.dll:
0x472704 Sleep
Library oleaut32.dll:
0x47270c SafeArrayPtrOfIndex
0x472710 SafeArrayGetUBound
0x472714 SafeArrayGetLBound
0x472718 SafeArrayCreate
0x47271c VariantChangeType
0x472720 VariantCopy
0x472724 VariantClear
0x472728 VariantInit
Library ole32.dll:
0x472730 OleUninitialize
0x472734 OleInitialize
0x472738 CoTaskMemAlloc
0x47273c CoCreateInstance
0x472740 CoUninitialize
0x472744 CoInitialize
Library oleaut32.dll:
0x47274c GetErrorInfo
0x472750 SysFreeString
Library comctl32.dll:
0x472760 ImageList_Write
0x472764 ImageList_Read
0x472774 ImageList_DragMove
0x472778 ImageList_DragLeave
0x47277c ImageList_DragEnter
0x472780 ImageList_EndDrag
0x472784 ImageList_BeginDrag
0x472788 ImageList_Remove
0x47278c ImageList_DrawEx
0x472790 ImageList_Replace
0x472794 ImageList_Draw
0x4727a4 ImageList_Add
0x4727ac ImageList_Destroy
0x4727b0 ImageList_Create
0x4727b4 InitCommonControls
Library shell32.dll:
0x4727c0 SHGetMalloc
0x4727c4 SHGetDesktopFolder
Library winmm.dll:
0x4727cc mciSendCommandA
0x4727d0 mciGetErrorStringA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702
192.168.56.101 65005 239.255.255.250 3702
192.168.56.101 65007 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.