8.2
高危
57 个模型检测该样本为恶意!
重新分析
更多

6d077d0c8282500bd51a6591fa31ca927e748e06abaee17af752a0013b53fb8a

f35c0809df959001c83d9fb740320e50.exe

分析耗时

74s

最近分析

文件大小

507.9KB
静态报毒 动态报毒 100% AGENERIC AI SCORE=88 AIDETECTVM ATTRIBUTE CLASSIC CONFIDENCE DELF DIBIK DOWNLOADER33 EZUQC FG3@AACHNQCJ GEN@1QLOJK GENCIRC GENERICRXLT GENETIC HIGH CONFIDENCE HIGHCONFIDENCE HKYHNW JFPIL4D2VLE MALICIOUS PE MALWARE1 QVM05 R + MAL R115864 SCORE SPYAGENT STATIC AI SUSGEN TSCOPE UNSAFE XFNF YMACCO 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Ymacco.3a3e0709 20190527 0.3.0.5
Baidu Win32.Trojan.Delf.ae 20190318 1.0.0.2
Avast Win32:Malware-gen 20201210 21.1.5827.0
Kingsoft 20201211 2017.9.26.565
McAfee GenericRXLT-DC!F35C0809DF95 20201211 6.0.6.653
Tencent Malware.Win32.Gencirc.10b9c4c1 20201211 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Command line console output was observed (50 out of 175 个事件)
Time & API Arguments Status Return Repeated
1620013950.98325
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f35c0809df959001c83d9fb740320e50.exe
console_handle: 0x00000007
success 1 0
1620013950.99925
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620013951.06125
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f35c0809df959001c83d9fb740320e50.exe
console_handle: 0x00000007
success 1 0
1620013951.06125
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620013951.12425
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f35c0809df959001c83d9fb740320e50.exe
console_handle: 0x00000007
success 1 0
1620013951.13925
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620013951.18625
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f35c0809df959001c83d9fb740320e50.exe
console_handle: 0x00000007
success 1 0
1620013951.20225
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620013951.28025
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f35c0809df959001c83d9fb740320e50.exe
console_handle: 0x00000007
success 1 0
1620013951.29525
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620013951.37425
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f35c0809df959001c83d9fb740320e50.exe
console_handle: 0x00000007
success 1 0
1620013951.38925
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620013951.46725
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f35c0809df959001c83d9fb740320e50.exe
console_handle: 0x00000007
success 1 0
1620013951.46725
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620013951.53025
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f35c0809df959001c83d9fb740320e50.exe
console_handle: 0x00000007
success 1 0
1620013951.53025
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620013951.59225
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f35c0809df959001c83d9fb740320e50.exe
console_handle: 0x00000007
success 1 0
1620013951.60825
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620013951.70225
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f35c0809df959001c83d9fb740320e50.exe
console_handle: 0x00000007
success 1 0
1620013951.70225
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620013951.74925
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f35c0809df959001c83d9fb740320e50.exe
console_handle: 0x00000007
success 1 0
1620013951.76425
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620013951.81125
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f35c0809df959001c83d9fb740320e50.exe
console_handle: 0x00000007
success 1 0
1620013951.81125
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620013951.85825
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f35c0809df959001c83d9fb740320e50.exe
console_handle: 0x00000007
success 1 0
1620013951.87425
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620013951.90525
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f35c0809df959001c83d9fb740320e50.exe
console_handle: 0x00000007
success 1 0
1620013951.92025
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620013951.93625
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f35c0809df959001c83d9fb740320e50.exe
console_handle: 0x00000007
success 1 0
1620013951.96725
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620013952.04525
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f35c0809df959001c83d9fb740320e50.exe
console_handle: 0x00000007
success 1 0
1620013952.06125
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620013952.15525
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f35c0809df959001c83d9fb740320e50.exe
console_handle: 0x00000007
success 1 0
1620013952.17025
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620013952.26425
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f35c0809df959001c83d9fb740320e50.exe
console_handle: 0x00000007
success 1 0
1620013952.28025
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620013952.32725
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f35c0809df959001c83d9fb740320e50.exe
console_handle: 0x00000007
success 1 0
1620013952.32725
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620013952.37425
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f35c0809df959001c83d9fb740320e50.exe
console_handle: 0x00000007
success 1 0
1620013952.37425
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620013952.43625
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f35c0809df959001c83d9fb740320e50.exe
console_handle: 0x00000007
success 1 0
1620013952.43625
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620013952.49925
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f35c0809df959001c83d9fb740320e50.exe
console_handle: 0x00000007
success 1 0
1620013952.51425
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620013952.56125
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f35c0809df959001c83d9fb740320e50.exe
console_handle: 0x00000007
success 1 0
1620013952.57725
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620013952.60825
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f35c0809df959001c83d9fb740320e50.exe
console_handle: 0x00000007
success 1 0
1620013952.62425
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620013952.68625
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f35c0809df959001c83d9fb740320e50.exe
console_handle: 0x00000007
success 1 0
1620013952.68625
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
行为判定
动态指标
Resolves a suspicious Top Level Domain (TLD) (2 个事件)
domain love2024.vicp.cc description Cocos Islands domain TLD
domain ggteam2024.gnway.cc description Cocos Islands domain TLD
Foreign language identified in PE resource (1 个事件)
name RT_VERSION language LANG_CHINESE offset 0x00072594 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000314
Creates executable files on the filesystem (2 个事件)
file C:\Windows\DBSever0.EXE
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Temp0.bat
Drops a binary and executes it (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Temp0.bat
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f35c0809df959001c83d9fb740320e50.exe
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619999685.130279
ShellExecuteExW
parameters:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Temp0.bat
filepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\Temp0.bat
show_type: 0
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.040527985076463 section {'size_of_data': '0x00003800', 'virtual_address': '0x00059000', 'entropy': 7.040527985076463, 'name': 'DATA', 'virtual_size': '0x000036e0'} description A section with a high entropy has been found
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1620013950.138375
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Installs itself for autorun at Windows startup (3 个事件)
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\WDDBSever0.EXE reg_value "C:\Windows\DBSever0.EXE" /Auto
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\WDDBSever0.EXE reg_value "C:\Windows\DBSever0.EXE" /Auto
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\WDDBSever0.EXE reg_value "C:\Windows\DBSever0.EXE" /Auto
Creates known Dibik/Shark Backdoor files, registry keys and/or mutexes (2 个事件)
mutex $OKDBSsever0
mutex $AZDBSsever0
Creates and runs a batch file to remove the original binary (1 个事件)
file 520550d81bd4a314_Temp0.bat
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 47.88.148.135:8098
File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Trojan.Keylogger.FG3@aaCHNQcj
FireEye Generic.mg.f35c0809df959001
CAT-QuickHeal Trojan.Generic
ALYac Gen:Trojan.Keylogger.FG3@aaCHNQcj
Cylance Unsafe
Zillya Trojan.Delf.Win32.121059
Sangfor Malware
K7AntiVirus Trojan ( 7000000f1 )
Alibaba Trojan:Win32/Ymacco.3a3e0709
K7GW Trojan ( 7000000f1 )
Cybereason malicious.9df959
Arcabit Trojan.Keylogger.E0C930
Baidu Win32.Trojan.Delf.ae
Cyren W32/Delf.XFNF-6995
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
ClamAV Win.Keylogger.Delf-9629510-0
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Gen:Trojan.Keylogger.FG3@aaCHNQcj
NANO-Antivirus Trojan.Win32.Delf.hkyhnw
AegisLab Trojan.Win32.Generic.4!c
Avast Win32:Malware-gen
Rising Trojan.Delf!1.6515 (CLASSIC)
Ad-Aware Gen:Trojan.Keylogger.FG3@aaCHNQcj
Sophos Mal/Generic-R + Mal/SpyAgent-F
Comodo TrojWare.Win32.Spy.Banker.Gen@1qlojk
F-Secure Backdoor.BDS/Backdoor.Gen
DrWeb Trojan.DownLoader33.21631
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win32.Generic.hh
MaxSecure Trojan.Malware.7164915.susgen
Emsisoft Gen:Trojan.Keylogger.FG3@aaCHNQcj (B)
SentinelOne Static AI - Malicious PE
Jiangmin Trojan.Generic.ezuqc
Avira BDS/Backdoor.Gen
MAX malware (ai score=88)
Antiy-AVL Trojan/Win32.AGeneric
Microsoft Trojan:Win32/Ymacco.AA86
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Gen:Trojan.Keylogger.FG3@aaCHNQcj
Cynet Malicious (score: 100)
AhnLab-V3 Backdoor/Win32.Agent.R115864
McAfee GenericRXLT-DC!F35C0809DF95
VBA32 TScope.Trojan.Delf
ESET-NOD32 a variant of Win32/Delf.NWT
Tencent Malware.Win32.Gencirc.10b9c4c1
Yandex Trojan.Delf!JfpIl4D2VlE
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x100641f4 DeleteCriticalSection
0x100641f8 LeaveCriticalSection
0x100641fc EnterCriticalSection
0x10064204 VirtualFree
0x10064208 VirtualAlloc
0x1006420c LocalFree
0x10064210 LocalAlloc
0x10064214 GetTickCount
0x1006421c GetVersion
0x10064220 GetCurrentThreadId
0x10064224 InterlockedDecrement
0x10064228 InterlockedIncrement
0x1006422c VirtualQuery
0x10064230 WideCharToMultiByte
0x10064234 MultiByteToWideChar
0x10064238 lstrlenA
0x1006423c lstrcpynA
0x10064240 LoadLibraryExA
0x10064244 GetThreadLocale
0x10064248 GetStartupInfoA
0x1006424c GetProcAddress
0x10064250 GetModuleHandleA
0x10064254 GetModuleFileNameA
0x10064258 GetLocaleInfoA
0x1006425c GetLastError
0x10064260 GetCommandLineA
0x10064264 FreeLibrary
0x10064268 FindFirstFileA
0x1006426c FindClose
0x10064270 CreateDirectoryA
0x10064274 ExitProcess
0x10064278 CreateThread
0x1006427c WriteFile
0x10064284 RtlUnwind
0x10064288 RaiseException
0x1006428c GetStdHandle
Library user32.dll:
0x10064294 GetKeyboardType
0x10064298 LoadStringA
0x1006429c MessageBoxA
0x100642a0 CharNextA
Library advapi32.dll:
0x100642a8 RegQueryValueExA
0x100642ac RegOpenKeyExA
0x100642b0 RegCloseKey
Library oleaut32.dll:
0x100642b8 SysFreeString
0x100642bc SysReAllocStringLen
0x100642c0 SysAllocStringLen
Library kernel32.dll:
0x100642c8 TlsSetValue
0x100642cc TlsGetValue
0x100642d0 LocalAlloc
0x100642d4 GetModuleHandleA
Library advapi32.dll:
0x100642dc RegSetValueExA
0x100642e0 RegQueryValueExA
0x100642e4 RegOpenKeyExA
0x100642e8 RegOpenKeyA
0x100642ec RegEnumValueA
0x100642f0 RegEnumKeyA
0x100642f4 RegDeleteValueA
0x100642f8 RegDeleteKeyA
0x100642fc RegCreateKeyA
0x10064300 RegCloseKey
0x10064304 OpenProcessToken
0x10064308 LookupPrivilegeValueA
0x1006430c GetUserNameA
0x10064310 AdjustTokenPrivileges
Library kernel32.dll:
0x10064318 lstrlenW
0x1006431c lstrlenA
0x10064320 lstrcpyW
0x10064324 lstrcmpA
0x10064328 lstrcatW
0x1006432c WriteFile
0x10064330 WaitForSingleObject
0x10064334 VirtualQuery
0x10064338 VirtualFree
0x1006433c VirtualAlloc
0x10064340 UnmapViewOfFile
0x10064344 TerminateThread
0x10064348 TerminateProcess
0x1006434c Sleep
0x10064350 SetThreadPriority
0x10064354 SetPriorityClass
0x10064358 SetFilePointer
0x1006435c SetFileAttributesA
0x10064360 SetEvent
0x10064364 SetErrorMode
0x10064368 SetEndOfFile
0x1006436c ResetEvent
0x10064370 ReleaseMutex
0x10064374 ReadFile
0x10064378 QueryDosDeviceA
0x1006437c PeekNamedPipe
0x10064380 OutputDebugStringA
0x10064384 OpenMutexA
0x10064388 OpenFileMappingA
0x1006438c MultiByteToWideChar
0x10064390 MoveFileA
0x10064394 MapViewOfFile
0x10064398 LockResource
0x1006439c LoadResource
0x100643a0 LoadLibraryA
0x100643a4 LeaveCriticalSection
0x100643ac GlobalUnlock
0x100643b0 GlobalReAlloc
0x100643b4 GlobalMemoryStatus
0x100643b8 GlobalHandle
0x100643bc GlobalLock
0x100643c0 GlobalFree
0x100643c4 GlobalAlloc
0x100643c8 GetVersionExA
0x100643cc GetTickCount
0x100643d0 GetThreadPriority
0x100643d4 GetThreadLocale
0x100643dc GetStringTypeExA
0x100643e0 GetStdHandle
0x100643e4 GetProcessTimes
0x100643e8 GetProcAddress
0x100643ec GetPriorityClass
0x100643f0 GetModuleHandleA
0x100643f4 GetModuleFileNameA
0x100643fc GetLocaleInfoA
0x10064400 GetLocalTime
0x10064404 GetLastError
0x10064408 GetFullPathNameA
0x1006440c GetFileSize
0x10064410 GetExitCodeProcess
0x10064418 GetDriveTypeA
0x1006441c GetDiskFreeSpaceExA
0x10064420 GetDiskFreeSpaceA
0x10064424 GetDateFormatA
0x10064428 GetCurrentThreadId
0x1006442c GetCurrentThread
0x10064430 GetCurrentProcessId
0x10064434 GetCurrentProcess
0x10064438 GetComputerNameA
0x1006443c GetCPInfo
0x10064440 GetACP
0x10064444 FreeResource
0x10064448 InterlockedIncrement
0x1006444c InterlockedDecrement
0x10064450 FreeLibrary
0x10064454 FormatMessageA
0x10064458 FindResourceA
0x1006445c FindNextFileA
0x10064460 FindFirstFileA
0x10064464 FindClose
0x10064468 FileTimeToSystemTime
0x10064470 ExitProcess
0x10064474 EnumCalendarInfoA
0x10064478 EnterCriticalSection
0x1006447c DeleteFileA
0x10064480 DeleteCriticalSection
0x10064484 CreateThread
0x10064488 CreatePipe
0x1006448c CreateMutexA
0x10064490 CreateFileMappingA
0x10064494 CreateFileA
0x10064498 CreateEventA
0x1006449c CreateDirectoryA
0x100644a0 CompareStringA
0x100644a4 CloseHandle
Library gdi32.dll:
0x100644ac TextOutA
0x100644b0 SetTextColor
0x100644b4 SetBkMode
0x100644b8 SelectObject
0x100644bc GetDIBits
0x100644c0 DeleteObject
0x100644c4 DeleteDC
0x100644c8 CreateFontA
0x100644cc CreateCompatibleDC
0x100644d0 CreateCompatibleBitmap
0x100644d4 BitBlt
Library user32.dll:
0x100644dc mouse_event
0x100644e0 keybd_event
0x100644e4 TranslateMessage
0x100644e8 SwapMouseButton
0x100644ec ShowWindow
0x100644f0 SetWindowTextA
0x100644f4 SetThreadDesktop
0x100644f8 SetRect
0x100644fc SetCursorPos
0x10064500 SendMessageA
0x10064504 ReleaseDC
0x10064508 PostMessageA
0x1006450c OpenInputDesktop
0x10064510 OpenClipboard
0x10064514 MessageBoxA
0x10064518 LoadStringA
0x1006451c IsWindowVisible
0x10064524 GetWindowTextW
0x10064528 GetWindowTextA
0x10064530 GetThreadDesktop
0x10064534 GetSystemMetrics
0x10064538 GetSystemMenu
0x1006453c GetMessageA
0x10064540 GetForegroundWindow
0x10064544 GetDesktopWindow
0x10064548 GetDC
0x1006454c GetCursorPos
0x10064550 GetClipboardData
0x10064554 FindWindowExA
0x10064558 FindWindowA
0x1006455c ExitWindowsEx
0x10064560 EnumWindows
0x10064564 EnableWindow
0x10064568 EnableMenuItem
0x1006456c DispatchMessageA
0x10064570 DestroyWindow
0x10064574 CloseDesktop
0x10064578 CloseClipboard
0x1006457c ClipCursor
0x10064580 CharNextA
0x10064584 CharToOemA
Library kernel32.dll:
0x1006458c Sleep
Library kernel32.dll:
0x10064594 GetNativeSystemInfo
Library oleaut32.dll:
0x1006459c SafeArrayPtrOfIndex
0x100645a0 SafeArrayGetUBound
0x100645a4 SafeArrayGetLBound
0x100645a8 SafeArrayCreate
0x100645ac VariantChangeType
0x100645b0 VariantCopyInd
0x100645b4 VariantCopy
0x100645b8 VariantClear
0x100645bc VariantInit
Library ole32.dll:
0x100645c4 CoCreateInstance
0x100645c8 CoUninitialize
0x100645cc CoInitialize
Library oleaut32.dll:
0x100645d4 CreateErrorInfo
0x100645d8 GetErrorInfo
0x100645dc SetErrorInfo
0x100645e0 SysFreeString
Library shlwapi.dll:
0x100645e8 PathIsDirectoryA
0x100645ec PathFileExistsA
0x100645f0 StrToIntA
0x100645f4 StrCmpNIA
Library shlwapi.dll:
0x100645fc PathFileExistsA
Library ws2_32.dll:
0x10064604 WSAIoctl
0x10064608 WSAGetLastError
0x1006460c WSACleanup
0x10064610 WSAStartup
0x10064614 gethostbyname
0x10064618 socket
0x1006461c shutdown
0x10064620 setsockopt
0x10064624 send
0x10064628 recv
0x1006462c htons
0x10064630 connect
0x10064634 closesocket
Library PsAPI.DLL:
Library kernel32.dll:
0x10064644 IsWow64Process
0x10064648 Module32First
0x1006464c Process32Next
Library wininet.dll:

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.