3.8
中危
3 个模型检测该样本为恶意!
重新分析
更多

3b0dbf4ff34f56a6faf7738dc283014729a1f33d312b5b25bf0185ec1bc817d0

f673fddb0baff7ecdbdae4aeaca7ae2e.exe

分析耗时

84s

最近分析

文件大小

9.3MB
静态报毒 动态报毒 IGENERIC PORN TOOL
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20200319 6.0.6.653
Alibaba 20190527 0.3.0.5
CrowdStrike 20190702 1.0
Baidu 20190318 1.0.0.2
Avast 20200319 18.4.3895.0
Tencent 20200319 1.0.0.1
Kingsoft 20200319 2013.8.14.323
静态指标
Checks if process is being debugged by a debugger (2 个事件)
Time & API Arguments Status Return Repeated
1620823815.848125
IsDebuggerPresent
failed 0 0
1620823815.942125
IsDebuggerPresent
failed 0 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620823815.239125
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .itext
One or more processes crashed (7 个事件)
Time & API Arguments Status Return Repeated
1620823818.082125
__exception__
stacktrace: 
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f55 @ 0x403f55
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f9b @ 0x403f9b
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f9b @ 0x403f9b
f673fddb0baff7ecdbdae4aeaca7ae2e+0x9d45 @ 0x409d45
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f9b @ 0x403f9b
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f9b @ 0x403f9b
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f9b @ 0x403f9b
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f9b @ 0x403f9b
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f9b @ 0x403f9b
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1635800
registers.edi: 0
registers.eax: 1635800
registers.ebp: 1635880
registers.edx: 0
registers.ebx: 4210517
registers.esi: 4210517
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620823818.082125
__exception__
stacktrace: 
f673fddb0baff7ecdbdae4aeaca7ae2e+0x9d9e @ 0x409d9e
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f9b @ 0x403f9b
f673fddb0baff7ecdbdae4aeaca7ae2e+0x9d45 @ 0x409d45
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f9b @ 0x403f9b
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f9b @ 0x403f9b
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f9b @ 0x403f9b
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f9b @ 0x403f9b
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f9b @ 0x403f9b
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1633856
registers.edi: 1636272
registers.eax: 1633856
registers.ebp: 1633936
registers.edx: 0
registers.ebx: 4234580
registers.esi: 0
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620823818.082125
__exception__
stacktrace: 
f673fddb0baff7ecdbdae4aeaca7ae2e+0x9d9e @ 0x409d9e
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f9b @ 0x403f9b
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f9b @ 0x403f9b
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f9b @ 0x403f9b
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f9b @ 0x403f9b
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f9b @ 0x403f9b
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1631912
registers.edi: 1636620
registers.eax: 1631912
registers.ebp: 1631992
registers.edx: 0
registers.ebx: 4234580
registers.esi: 0
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620823818.082125
__exception__
stacktrace: 
f673fddb0baff7ecdbdae4aeaca7ae2e+0x9d9e @ 0x409d9e
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f9b @ 0x403f9b
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f9b @ 0x403f9b
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f9b @ 0x403f9b
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f9b @ 0x403f9b
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1629968
registers.edi: 1636944
registers.eax: 1629968
registers.ebp: 1630048
registers.edx: 0
registers.ebx: 4234580
registers.esi: 0
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620823818.082125
__exception__
stacktrace: 
f673fddb0baff7ecdbdae4aeaca7ae2e+0x9d9e @ 0x409d9e
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f9b @ 0x403f9b
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f9b @ 0x403f9b
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f9b @ 0x403f9b
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1628024
registers.edi: 1637268
registers.eax: 1628024
registers.ebp: 1628104
registers.edx: 0
registers.ebx: 4234580
registers.esi: 0
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620823818.082125
__exception__
stacktrace: 
f673fddb0baff7ecdbdae4aeaca7ae2e+0x9d9e @ 0x409d9e
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f9b @ 0x403f9b
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f9b @ 0x403f9b
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1626080
registers.edi: 1637592
registers.eax: 1626080
registers.ebp: 1626160
registers.edx: 0
registers.ebx: 4234580
registers.esi: 0
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620823818.098125
__exception__
stacktrace: 
f673fddb0baff7ecdbdae4aeaca7ae2e+0x9d9e @ 0x409d9e
f673fddb0baff7ecdbdae4aeaca7ae2e+0x3f9b @ 0x403f9b
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1624136
registers.edi: 1637916
registers.eax: 1624136
registers.ebp: 1624216
registers.edx: 0
registers.ebx: 4234580
registers.esi: 0
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (4 个事件)
Time & API Arguments Status Return Repeated
1620823815.379125
NtAllocateVirtualMemory
process_identifier: 2244
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02660000
success 0 0
1620823815.473125
NtAllocateVirtualMemory
process_identifier: 2244
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x026b0000
success 0 0
1620823815.926125
NtAllocateVirtualMemory
process_identifier: 2244
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x057c0000
success 0 0
1620823815.989125
NtAllocateVirtualMemory
process_identifier: 2244
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x057e0000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
File has been identified by 3 AntiVirus engines on VirusTotal as malicious (3 个事件)
CAT-QuickHeal Trojan.IGENERIC
Jiangmin Porn-Tool.Agent.lg
Ikarus not-a-virus:Porn-Tool.Win32.Agent
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.468230830334408 section {'size_of_data': '0x00010400', 'virtual_address': '0x002e9000', 'entropy': 7.468230830334408, 'name': '.rsrc', 'virtual_size': '0x00010400'} description A section with a high entropy has been found
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library oleaut32.dll:
0x6d586c SysFreeString
0x6d5870 SysReAllocStringLen
0x6d5874 SysAllocStringLen
Library advapi32.dll:
0x6d587c RegQueryValueExA
0x6d5880 RegOpenKeyExA
0x6d5884 RegCloseKey
Library user32.dll:
0x6d588c GetKeyboardType
0x6d5890 DestroyWindow
0x6d5894 LoadStringA
0x6d5898 MessageBoxA
0x6d589c CharNextA
Library kernel32.dll:
0x6d58a4 GetACP
0x6d58a8 Sleep
0x6d58ac VirtualFree
0x6d58b0 VirtualAlloc
0x6d58b4 GetTickCount
0x6d58bc GetCurrentThreadId
0x6d58c8 VirtualQuery
0x6d58cc WideCharToMultiByte
0x6d58d0 MultiByteToWideChar
0x6d58d4 lstrlenA
0x6d58d8 lstrcpynA
0x6d58dc LoadLibraryExA
0x6d58e0 GetThreadLocale
0x6d58e4 GetStartupInfoA
0x6d58e8 GetProcAddress
0x6d58ec GetModuleHandleA
0x6d58f0 GetModuleFileNameA
0x6d58f4 GetLocaleInfoA
0x6d58f8 GetCommandLineA
0x6d58fc FreeLibrary
0x6d5900 FindFirstFileA
0x6d5904 FindClose
0x6d5908 ExitProcess
0x6d590c CreateThread
0x6d5910 WriteFile
0x6d5918 RtlUnwind
0x6d591c RaiseException
0x6d5920 GetStdHandle
Library kernel32.dll:
0x6d5928 TlsSetValue
0x6d592c TlsGetValue
0x6d5930 LocalAlloc
0x6d5934 GetModuleHandleA
Library user32.dll:
0x6d593c MessageBoxA
Library kernel32.dll:
0x6d5944 VirtualFree
0x6d5948 VirtualAlloc
0x6d594c VirtualQuery
0x6d5950 GetModuleFileNameA
0x6d5954 Sleep
Library winmm.dll:
0x6d595c timeGetTime
Library kernel32.dll:
0x6d5964 WaitForSingleObject
0x6d5968 ReleaseMutex
0x6d596c CreateMutexA
0x6d5970 CloseHandle
0x6d5974 Sleep
Library ole32.dll:
0x6d597c CoUninitialize
0x6d5980 CoInitialize
Library kernel32.dll:
0x6d5988 GetProcAddress
0x6d598c GetModuleHandleA
Library ole32.dll:
0x6d5994 CoCreateGuid
Library user32.dll:
0x6d599c CreateWindowExW
0x6d59a0 wvsprintfA
0x6d59a4 WindowFromPoint
0x6d59a8 UpdateWindow
0x6d59ac UnregisterClassW
0x6d59b0 UnhookWindowsHookEx
0x6d59b4 TranslateMessage
0x6d59c0 ShowWindow
0x6d59c4 SetWindowsHookExA
0x6d59c8 SetWindowTextW
0x6d59cc SetWindowPos
0x6d59d0 SetWindowPlacement
0x6d59d4 SetWindowLongA
0x6d59d8 SetWindowLongW
0x6d59dc SetTimer
0x6d59e0 SetParent
0x6d59e4 SetForegroundWindow
0x6d59e8 SetFocus
0x6d59ec SetCursor
0x6d59f0 SetClipboardData
0x6d59f4 SetCapture
0x6d59f8 SetActiveWindow
0x6d59fc SendNotifyMessageW
0x6d5a00 SendMessageA
0x6d5a04 SendMessageW
0x6d5a08 ScreenToClient
0x6d5a0c ReleaseDC
0x6d5a10 ReleaseCapture
0x6d5a18 RegisterClassW
0x6d5a1c PostThreadMessageW
0x6d5a20 PostQuitMessage
0x6d5a24 PostMessageA
0x6d5a28 PostMessageW
0x6d5a2c PeekMessageW
0x6d5a30 OpenClipboard
0x6d5a34 MessageBoxA
0x6d5a38 MessageBoxW
0x6d5a3c MessageBeep
0x6d5a40 MapWindowPoints
0x6d5a44 LoadImageA
0x6d5a48 LoadImageW
0x6d5a4c LoadIconW
0x6d5a50 LoadCursorW
0x6d5a54 KillTimer
0x6d5a58 IsWindowVisible
0x6d5a5c IsWindowUnicode
0x6d5a60 IsWindow
0x6d5a64 IsIconic
0x6d5a68 InvalidateRgn
0x6d5a6c InvalidateRect
0x6d5a78 GetWindowTextW
0x6d5a7c GetWindowRect
0x6d5a80 GetWindowPlacement
0x6d5a84 GetWindowLongA
0x6d5a88 GetWindowLongW
0x6d5a8c GetSystemMetrics
0x6d5a90 GetSysColorBrush
0x6d5a94 GetSysColor
0x6d5a98 GetParent
0x6d5a9c GetMessageW
0x6d5aa0 GetKeyboardState
0x6d5aa4 GetKeyState
0x6d5aa8 GetForegroundWindow
0x6d5aac GetFocus
0x6d5ab0 GetDlgItem
0x6d5ab4 GetDesktopWindow
0x6d5ab8 GetDC
0x6d5abc GetCursorPos
0x6d5ac0 GetCursor
0x6d5ac4 GetClipboardData
0x6d5ac8 GetClientRect
0x6d5acc GetClassInfoW
0x6d5ad0 GetCaretBlinkTime
0x6d5ad4 GetCapture
0x6d5ad8 GetActiveWindow
0x6d5adc FindWindowExA
0x6d5ae0 FillRect
0x6d5ae4 EnumThreadWindows
0x6d5ae8 EndPaint
0x6d5aec EndDialog
0x6d5af0 EmptyClipboard
0x6d5af4 DispatchMessageW
0x6d5afc DestroyWindow
0x6d5b00 DestroyIcon
0x6d5b04 DefWindowProcW
0x6d5b08 CreateIconIndirect
0x6d5b0c CloseClipboard
0x6d5b10 ClientToScreen
0x6d5b14 CharUpperBuffW
0x6d5b18 CharLowerBuffW
0x6d5b1c CallWindowProcW
0x6d5b20 CallNextHookEx
0x6d5b24 BeginPaint
0x6d5b28 CharLowerBuffA
0x6d5b2c CharUpperBuffA
0x6d5b30 CharToOemA
Library gdi32.dll:
0x6d5b38 StretchDIBits
0x6d5b3c StretchBlt
0x6d5b40 StartPage
0x6d5b44 StartDocA
0x6d5b48 SetTextColor
0x6d5b4c SetPixel
0x6d5b50 SetDIBits
0x6d5b54 SetBkMode
0x6d5b58 SetBkColor
0x6d5b5c SetAbortProc
0x6d5b60 SelectObject
0x6d5b64 GetTextMetricsA
0x6d5b68 GetTextMetricsW
0x6d5b74 GetRegionData
0x6d5b78 GetPixel
0x6d5b7c GetPaletteEntries
0x6d5b84 GetGlyphOutlineW
0x6d5b88 GetGlyphIndicesW
0x6d5b8c GetDeviceCaps
0x6d5b90 GetDIBits
0x6d5b94 GetDCOrgEx
0x6d5b98 GetClipRgn
0x6d5b9c GetClipBox
0x6d5ba4 GetCharABCWidthsA
0x6d5ba8 GetCharABCWidthsW
0x6d5bac ExtTextOutW
0x6d5bb0 ExtCreateRegion
0x6d5bb4 EndPage
0x6d5bb8 EndDoc
0x6d5bbc DeleteObject
0x6d5bc0 DeleteDC
0x6d5bc4 CreateSolidBrush
0x6d5bcc CreatePalette
0x6d5bd0 CreateICA
0x6d5bd4 CreateFontIndirectW
0x6d5bd8 CreateDCA
0x6d5bdc CreateCompatibleDC
0x6d5be4 CreateBrushIndirect
0x6d5be8 BitBlt
0x6d5bec AbortDoc
Library version.dll:
0x6d5bf4 VerQueryValueW
0x6d5bfc GetFileVersionInfoW
Library kernel32.dll:
0x6d5c04 lstrcpyA
0x6d5c08 WriteFile
0x6d5c0c WaitForSingleObject
0x6d5c14 VirtualQuery
0x6d5c18 VirtualFree
0x6d5c1c VirtualAlloc
0x6d5c20 TerminateThread
0x6d5c24 Sleep
0x6d5c28 SetThreadPriority
0x6d5c2c SetPriorityClass
0x6d5c30 SetLastError
0x6d5c34 SetFilePointer
0x6d5c38 SetFileAttributesW
0x6d5c3c SetEvent
0x6d5c40 SetErrorMode
0x6d5c44 SetEndOfFile
0x6d5c4c ResumeThread
0x6d5c50 ResetEvent
0x6d5c54 RemoveDirectoryW
0x6d5c58 ReleaseMutex
0x6d5c5c ReadFile
0x6d5c60 OutputDebugStringA
0x6d5c64 OutputDebugStringW
0x6d5c68 OpenMutexA
0x6d5c6c MultiByteToWideChar
0x6d5c70 MoveFileExW
0x6d5c74 LocalFree
0x6d5c78 LocalAlloc
0x6d5c7c LoadLibraryW
0x6d5c80 LoadLibraryA
0x6d5c8c GlobalUnlock
0x6d5c90 GlobalSize
0x6d5c94 GlobalLock
0x6d5c98 GlobalFree
0x6d5c9c GlobalAlloc
0x6d5ca0 GetVersionExA
0x6d5ca4 GetVersionExW
0x6d5ca8 GetTickCount
0x6d5cac GetThreadPriority
0x6d5cb0 GetThreadLocale
0x6d5cb4 GetSystemInfo
0x6d5cb8 GetStdHandle
0x6d5cbc GetShortPathNameW
0x6d5cc0 GetProfileStringA
0x6d5cc4 GetProcAddress
0x6d5cc8 GetModuleHandleA
0x6d5ccc GetModuleFileNameA
0x6d5cd0 GetModuleFileNameW
0x6d5cd4 GetLocaleInfoA
0x6d5cd8 GetLocalTime
0x6d5cdc GetLastError
0x6d5ce0 GetFileSize
0x6d5ce4 GetFileAttributesW
0x6d5ce8 GetExitCodeProcess
0x6d5cec GetCurrentThreadId
0x6d5cf0 GetCurrentProcess
0x6d5cfc GetCommandLineW
0x6d5d00 GetCPInfo
0x6d5d04 GetACP
0x6d5d0c FreeLibrary
0x6d5d10 FormatMessageA
0x6d5d14 FindNextFileW
0x6d5d18 FindFirstFileW
0x6d5d1c FindClose
0x6d5d30 ExitThread
0x6d5d34 ExitProcess
0x6d5d3c DeleteFileW
0x6d5d44 CreateProcessA
0x6d5d48 CreateProcessW
0x6d5d4c CreateMutexA
0x6d5d50 CreateFileW
0x6d5d54 CreateEventA
0x6d5d58 CreateDirectoryW
0x6d5d5c CompareStringA
0x6d5d60 CompareStringW
0x6d5d64 CloseHandle
Library advapi32.dll:
0x6d5d6c RegSetValueExA
0x6d5d70 RegSetValueExW
0x6d5d74 RegSaveKeyW
0x6d5d78 RegQueryValueExA
0x6d5d7c RegQueryValueExW
0x6d5d80 RegOpenKeyExA
0x6d5d84 RegOpenKeyExW
0x6d5d88 RegEnumValueA
0x6d5d8c RegEnumValueW
0x6d5d90 RegEnumKeyExA
0x6d5d94 RegEnumKeyExW
0x6d5d98 RegDeleteValueA
0x6d5d9c RegDeleteValueW
0x6d5da0 RegDeleteKeyA
0x6d5da4 RegDeleteKeyW
0x6d5da8 RegCreateKeyExA
0x6d5dac RegCreateKeyExW
0x6d5db0 RegCloseKey
Library winmm.dll:
0x6d5db8 timeGetTime
0x6d5dbc timeEndPeriod
0x6d5dc0 timeBeginPeriod
Library kernel32.dll:
0x6d5dc8 GetCurrentThreadId
0x6d5dcc OutputDebugStringW
Library gdi32.dll:
0x6d5dd4 CreateDIBSection

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49238 239.255.255.250 1900
192.168.56.101 49714 239.255.255.250 3702
192.168.56.101 53658 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.