5.6
高危
66 个模型检测该样本为恶意!
重新分析
更多

602f06c78c71e4d210fb0bf04b77f04996fbf1df6aa9ec607e28f2475f8e10d4

f6f8dd1b5d1428b0b29c68aabeec2e4e.exe

分析耗时

78s

最近分析

文件大小

914.0KB
静态报毒 动态报毒 100% A@1XQ65P AI SCORE=100 CLASSIC CONFIDENCE COSMU ESLALB FILEINFECTOR HIGH CONFIDENCE LUDX MALICIOUS PE MODERATE NIMNUL RAMMITNNA RAMNIT RMNDRP RMNET SCORE UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Alibaba Virus:Win32/Ramnit.a9bec9af 20190527 0.3.0.5
Baidu Win32.Virus.Nimnul.a 20190318 1.0.0.2
Avast Win32:RmnDrp 20200626 18.4.3895.0
Tencent Virus.Win32.Nimnul.d 20200626 1.0.0.1
Kingsoft Win32.Ramnit.la.30720 20200626 2013.8.14.323
McAfee W32/Ramnit.q 20200626 6.0.6.653
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .rmnet
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1620833275.729024
__exception__
stacktrace: 
CheckElevationEnabled+0x4a7 BaseGenerateAppCompatData-0x152 kernel32+0x23605 @ 0x76363605
CheckElevationEnabled+0x2a3 BaseGenerateAppCompatData-0x356 kernel32+0x23401 @ 0x76363401
CheckElevationEnabled+0x190 BaseGenerateAppCompatData-0x469 kernel32+0x232ee @ 0x763632ee
CreateProcessInternalW+0xc65 BasepFreeAppCompatData-0x4d9 kernel32+0x24858 @ 0x76364858
New_kernel32_CreateProcessInternalW@48+0x185 New_kernel32_CreateRemoteThread@28-0x16b @ 0x75157747
CreateProcessInternalA+0x123 SetConsoleMode-0x1a3 kernel32+0x2a5da @ 0x7636a5da
CreateProcessA+0x2c Sleep-0x61 kernel32+0x1109e @ 0x7635109e
desktoplayer+0x13c0 @ 0x4013c0
desktoplayer+0x2cda @ 0x402cda
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634936
registers.edi: 1635572
registers.eax: 1635008
registers.ebp: 1634968
registers.edx: 83
registers.ebx: 1636324
registers.esi: 2010447364
registers.ecx: 1701494485
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfd793d52
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (14 个事件)
Time & API Arguments Status Return Repeated
1620833274.494374
NtAllocateVirtualMemory
process_identifier: 784
region_size: 61440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01c10000
success 0 0
1620833274.494374
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 188416
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1620833274.494374
NtAllocateVirtualMemory
process_identifier: 784
region_size: 28672
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01c20000
success 0 0
1620833274.494374
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 24576
protection: 3758096448 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0040c000
failed 3221225541 0
1620833274.494374
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 3221225536 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00412000
failed 3221225541 0
1620833274.510374
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1620833275.635024
NtAllocateVirtualMemory
process_identifier: 3076
region_size: 61440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00340000
success 0 0
1620833275.635024
NtProtectVirtualMemory
process_identifier: 3076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 188416
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1620833275.635024
NtAllocateVirtualMemory
process_identifier: 3076
region_size: 28672
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00350000
success 0 0
1620833275.635024
NtProtectVirtualMemory
process_identifier: 3076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 24576
protection: 3758096448 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0040c000
failed 3221225541 0
1620833275.635024
NtProtectVirtualMemory
process_identifier: 3076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 3221225536 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00412000
failed 3221225541 0
1620833275.635024
NtProtectVirtualMemory
process_identifier: 3076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1620833275.698024
NtProtectVirtualMemory
process_identifier: 3076
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1620833275.698024
NtAllocateVirtualMemory
process_identifier: 3076
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00380000
success 0 0
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f6f8dd1b5d1428b0b29c68aabeec2e4eSrv.exe
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f6f8dd1b5d1428b0b29c68aabeec2e4eSrv.exe
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.970398530300267 section {'size_of_data': '0x0000e200', 'virtual_address': '0x000df000', 'entropy': 7.970398530300267, 'name': '.rmnet', 'virtual_size': '0x0000f000'} description A section with a high entropy has been found
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Installs an hook procedure to monitor for mouse events (1 个事件)
Time & API Arguments Status Return Repeated
1620833274.807751
SetWindowsHookExA
thread_identifier: 0
callback_function: 0x004049c0
module_address: 0x00400000
hook_identifier: 14 (WH_MOUSE_LL)
success 65999 0
Creates a windows hook that monitors keyboard input (keylogger) (1 个事件)
Time & API Arguments Status Return Repeated
1620833274.807751
SetWindowsHookExA
thread_identifier: 0
callback_function: 0x00404850
module_address: 0x00400000
hook_identifier: 13 (WH_KEYBOARD_LL)
success 65997 0
Ramnit malware indicators found (1 个事件)
mutex KyUffThOkYwRRtgPP
File has been identified by 66 AntiVirus engines on VirusTotal as malicious (50 out of 66 个事件)
Bkav W32.RammitNNA.PE
MicroWorld-eScan Win32.Ramnit
FireEye Generic.mg.f6f8dd1b5d1428b0
CAT-QuickHeal W32.Ramnit.A
ALYac Win32.Ramnit
Cylance Unsafe
Zillya Virus.Nimnul.Win32.1
Sangfor Malware
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Virus:Win32/Ramnit.a9bec9af
K7GW Virus ( 002fe95d1 )
K7AntiVirus Virus ( 002fe95d1 )
Arcabit Win32.Ramnit
Invincea heuristic
BitDefenderTheta AI:FileInfector.EAEEA7850C
F-Prot W32/Ramnit.B!Generic
Symantec W32.Ramnit!inf
TotalDefense Win32/Ramnit.A
Baidu Win32.Virus.Nimnul.a
APEX Malicious
Avast Win32:RmnDrp
ClamAV Win.Trojan.Ramnit-1847
GData Win32.Virus.Ramnit.C
Kaspersky Virus.Win32.Nimnul.a
BitDefender Win32.Ramnit
NANO-Antivirus Virus.Win32.Ramnit.eslalb
Paloalto generic.ml
ViRobot Win32.Ramnit.E
Tencent Virus.Win32.Nimnul.d
Ad-Aware Win32.Ramnit
Sophos W32/Patched-I
Comodo Virus.Win32.Ramnit.A@1xq65p
F-Secure Malware.W32/Ramnit.CD
DrWeb Win32.Rmnet
VIPRE Virus.Win32.Ramnit.a (v)
TrendMicro PE_RAMNIT.H
Trapmine malicious.moderate.ml.score
Emsisoft Win32.Ramnit (B)
SentinelOne DFI - Malicious PE
Cyren W32/Ramnit.B!Generic
Jiangmin Win32/PatchFile.et
Avira W32/Ramnit.CD
MAX malware (ai score=100)
Antiy-AVL Virus/Win32.Nimnul.a
Kingsoft Win32.Ramnit.la.30720
Microsoft Virus:Win32/Ramnit.A
Endgame malicious (high confidence)
AegisLab Virus.Win32.Nimnul.luDx
ZoneAlarm Virus.Win32.Nimnul.a
Cynet Malicious (score: 100)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2017-06-10 19:04:44

Imports

Library WSOCK32.dll:
0x4966d8 WSACleanup
0x4966dc inet_addr
0x4966e0 gethostbyname
0x4966e4 gethostname
0x4966e8 WSAStartup
Library WINMM.dll:
0x4966a8 waveOutGetVolume
0x4966ac joyGetPosEx
0x4966b4 mixerOpen
0x4966b8 mixerGetDevCapsA
0x4966c0 waveOutSetVolume
0x4966c4 mixerClose
0x4966c8 mciSendStringA
0x4966cc joyGetDevCapsA
0x4966d0 mixerGetLineInfoA
Library VERSION.dll:
0x496694 VerQueryValueA
0x496698 GetFileVersionInfoA
Library COMCTL32.dll:
0x496050 ImageList_Create
0x496054
0x496064 ImageList_Destroy
0x496068 ImageList_AddMasked
Library PSAPI.DLL:
0x4963b8 GetModuleBaseNameA
Library KERNEL32.dll:
0x49610c FindNextFileA
0x496110 FindClose
0x49611c Beep
0x496120 MoveFileA
0x496124 OutputDebugStringA
0x496128 CreateProcessA
0x49612c GetFileAttributesA
0x496130 MultiByteToWideChar
0x496134 GetExitCodeProcess
0x496138 WriteProcessMemory
0x49613c ReadProcessMemory
0x496140 GetCurrentProcessId
0x496144 OpenProcess
0x496148 TerminateProcess
0x49614c SetPriorityClass
0x496150 SetLastError
0x496158 GetLocalTime
0x49615c GetDateFormatA
0x496160 GetTimeFormatA
0x496164 GetDiskFreeSpaceA
0x496168 SetVolumeLabelA
0x49616c CreateFileA
0x496170 DeviceIoControl
0x496174 GetDriveTypeA
0x49617c CreateDirectoryA
0x496180 ReadFile
0x496184 GetACP
0x496188 WriteFile
0x49618c DeleteFileA
0x496190 SetFileAttributesA
0x496198 SetFileTime
0x49619c GetFileSizeEx
0x4961a0 GetSystemTime
0x4961a8 GetComputerNameA
0x4961b0 GetTempPathA
0x4961b4 GetFullPathNameA
0x4961b8 GetShortPathNameA
0x4961bc LoadLibraryA
0x4961c0 FreeLibrary
0x4961c4 FindFirstFileA
0x4961cc VirtualProtect
0x4961d0 QueryDosDeviceA
0x4961d4 CompareStringA
0x4961d8 GetFullPathNameW
0x4961dc RemoveDirectoryA
0x4961e0 CopyFileA
0x4961e4 GetCurrentProcess
0x4961e8 FormatMessageA
0x496200 SetEndOfFile
0x496204 GetFileType
0x496208 GetStdHandle
0x49620c SetFilePointerEx
0x496218 GetFileSize
0x49621c VirtualAllocEx
0x496220 VirtualFreeEx
0x496224 EnumResourceNamesA
0x496228 LoadLibraryExA
0x49622c GlobalSize
0x496230 TlsGetValue
0x496234 TlsAlloc
0x496238 IsValidCodePage
0x49623c GetOEMCP
0x496248 GetStartupInfoW
0x49624c HeapSetInformation
0x496250 GetCommandLineA
0x496258 HeapSize
0x49625c HeapReAlloc
0x496260 ExitProcess
0x496264 GetModuleHandleW
0x496268 HeapAlloc
0x49626c HeapFree
0x496278 IsDebuggerPresent
0x49627c HeapCreate
0x496280 GetModuleFileNameW
0x496288 LockResource
0x49628c LoadResource
0x496290 SizeofResource
0x496294 FindResourceA
0x49629c GetModuleFileNameA
0x4962a4 GetCPInfo
0x4962a8 GetVersionExW
0x4962ac GetModuleHandleA
0x4962b0 GetProcAddress
0x4962b4 GetLastError
0x4962b8 CreateMutexA
0x4962bc CloseHandle
0x4962c0 GetExitCodeThread
0x4962c4 SetThreadPriority
0x4962c8 CreateThread
0x4962cc GetStringTypeExA
0x4962d0 lstrcmpiA
0x4962d4 WideCharToMultiByte
0x4962d8 GetCurrentThreadId
0x4962dc GlobalUnlock
0x4962e0 GlobalFree
0x4962e4 GlobalAlloc
0x4962e8 GlobalLock
0x4962f0 SetErrorMode
0x4962fc Sleep
0x496300 GetTickCount
0x496304 MulDiv
0x496308 TlsSetValue
0x49630c TlsFree
0x496310 LoadLibraryW
0x496314 SetHandleCount
0x49631c GetStringTypeW
0x496320 RaiseException
0x496324 RtlUnwind
0x496328 GetConsoleCP
0x49632c GetConsoleMode
0x49633c SetFilePointer
0x496340 LCMapStringW
0x496344 FlushFileBuffers
0x496348 WriteConsoleW
0x49634c SetStdHandle
0x496350 GetProcessHeap
0x496354 CreateFileW
0x49635c VirtualQuery
Library USER32.dll:
0x4963fc FlashWindow
0x496400 GetPropA
0x496404 SetPropA
0x496408 RemovePropA
0x49640c MapWindowPoints
0x496410 RedrawWindow
0x496414 SetParent
0x496418 SendMessageW
0x49641c GetClassInfoExA
0x496420 GetAncestor
0x496424 UpdateWindow
0x496428 GetMessagePos
0x49642c GetClassLongA
0x496430 DefDlgProcA
0x496434 CallWindowProcA
0x496438 CheckRadioButton
0x49643c IntersectRect
0x496440 PtInRect
0x496450 InsertMenuItemA
0x496454 SetMenuDefaultItem
0x496458 RemoveMenu
0x49645c SetMenuItemInfoA
0x496460 IsMenu
0x496464 GetMenuItemInfoA
0x496468 CreateMenu
0x49646c CreatePopupMenu
0x496470 SetMenuInfo
0x496474 AppendMenuA
0x496478 DestroyMenu
0x49647c TrackPopupMenuEx
0x496480 CreateIconIndirect
0x496484 GetDesktopWindow
0x496488 CopyImage
0x496494 GetWindow
0x496498 BringWindowToTop
0x49649c GetTopWindow
0x4964a4 AdjustWindowRectEx
0x4964a8 DrawTextA
0x4964ac SetRect
0x4964b0 GetIconInfo
0x4964b4 SetWindowTextA
0x4964b8 IsWindowVisible
0x4964bc CheckMenuItem
0x4964c0 SetMenu
0x4964c4 LoadImageA
0x4964cc LoadAcceleratorsA
0x4964d0 EnableMenuItem
0x4964d4 GetMenu
0x4964d8 CreateWindowExA
0x4964dc RegisterClassExA
0x4964e0 LoadCursorA
0x4964e4 DestroyIcon
0x4964e8 DestroyWindow
0x4964ec IsCharAlphaA
0x4964f0 MapVirtualKeyA
0x4964f4 SetForegroundWindow
0x4964f8 VkKeyScanExA
0x4964fc GetWindowTextA
0x496500 mouse_event
0x496504 WindowFromPoint
0x496508 GetSystemMetrics
0x49650c keybd_event
0x496510 SetKeyboardState
0x496514 GetKeyboardState
0x496518 GetCursorPos
0x49651c PostMessageW
0x496520 GetAsyncKeyState
0x496524 AttachThreadInput
0x496528 SendInput
0x49652c UnregisterHotKey
0x496530 RegisterHotKey
0x496534 PostQuitMessage
0x496538 SendMessageTimeoutA
0x49653c UnhookWindowsHookEx
0x496540 SetWindowsHookExA
0x496544 PostThreadMessageA
0x496548 IsCharAlphaNumericA
0x49654c IsCharUpperA
0x496550 IsCharLowerA
0x496554 ToAsciiEx
0x496558 GetKeyboardLayout
0x49655c CallNextHookEx
0x496560 CharLowerA
0x496564 ReleaseDC
0x496568 GetDC
0x49656c OpenClipboard
0x496570 GetClipboardData
0x496578 CloseClipboard
0x49657c SetClipboardData
0x496580 EmptyClipboard
0x496584 PostMessageA
0x496588 FindWindowA
0x49658c ExitWindowsEx
0x496590 GetMenuStringA
0x496594 GetSubMenu
0x496598 GetMenuItemID
0x49659c GetMenuItemCount
0x4965a0 GetLastInputInfo
0x4965a4 GetCursor
0x4965a8 ClientToScreen
0x4965ac MessageBeep
0x4965b0 SetDlgItemTextA
0x4965b4 GetDlgItem
0x4965b8 SendDlgItemMessageA
0x4965bc MessageBoxA
0x4965c0 DialogBoxParamA
0x4965c4 EndDialog
0x4965c8 IsWindow
0x4965cc DispatchMessageA
0x4965d0 TranslateMessage
0x4965d4 ShowWindow
0x4965dc SetWindowLongA
0x4965e0 ScreenToClient
0x4965e4 IsDialogMessageA
0x4965e8 SendMessageA
0x4965ec DefWindowProcA
0x4965f0 FillRect
0x4965f4 DrawIconEx
0x4965f8 GetSysColorBrush
0x4965fc GetSysColor
0x496604 IsIconic
0x496608 IsZoomed
0x49660c EnumWindows
0x496614 EnableWindow
0x496618 InvalidateRect
0x496620 SetWindowPos
0x496624 SetWindowRgn
0x496628 SetFocus
0x49662c GetGUIThreadInfo
0x496630 SetActiveWindow
0x496634 EnumChildWindows
0x496638 MoveWindow
0x49663c GetQueueStatus
0x496640 IsWindowEnabled
0x496644 GetWindowLongA
0x496648 GetKeyState
0x496650 KillTimer
0x496654 PeekMessageA
0x496658 GetFocus
0x49665c GetClassNameA
0x496664 GetForegroundWindow
0x496668 GetMessageA
0x49666c SetTimer
0x496670 GetParent
0x496674 GetDlgCtrlID
0x496678 CharUpperA
0x496680 GetWindowRect
0x496684 MapVirtualKeyExA
0x496688 GetClientRect
0x49668c SetClipboardViewer
Library GDI32.dll:
0x496080 GetPixel
0x496084 GetClipRgn
0x496088 GetCharABCWidthsA
0x49608c SetBkMode
0x496090 CreatePatternBrush
0x496094 SetBrushOrgEx
0x496098 EnumFontFamiliesExA
0x49609c CreateDIBSection
0x4960a0 GdiFlush
0x4960a4 SetBkColor
0x4960a8 ExcludeClipRect
0x4960ac SetTextColor
0x4960b0 GetClipBox
0x4960b4 BitBlt
0x4960c0 GetDIBits
0x4960c4 CreateCompatibleDC
0x4960c8 CreatePolygonRgn
0x4960cc CreateRectRgn
0x4960d0 CreateRoundRectRgn
0x4960d4 CreateEllipticRgn
0x4960d8 DeleteDC
0x4960dc GetObjectA
0x4960e0 GetTextMetricsA
0x4960e4 GetTextFaceA
0x4960e8 SelectObject
0x4960ec GetStockObject
0x4960f0 CreateDCA
0x4960f4 CreateSolidBrush
0x4960f8 CreateFontA
0x4960fc FillRgn
0x496100 GetDeviceCaps
0x496104 DeleteObject
Library COMDLG32.dll:
0x496074 GetSaveFileNameA
0x496078 GetOpenFileNameA
Library ADVAPI32.dll:
0x496000 RegDeleteKeyA
0x496004 RegSetValueExA
0x496008 RegCreateKeyExA
0x49600c RegQueryValueExA
0x496018 OpenProcessToken
0x49601c CloseServiceHandle
0x496024 LockServiceDatabase
0x496028 OpenSCManagerA
0x49602c GetUserNameA
0x496030 RegEnumKeyExA
0x496034 RegEnumValueA
0x496038 RegQueryInfoKeyA
0x49603c RegOpenKeyExA
0x496040 RegCloseKey
0x496044 RegConnectRegistryA
0x496048 RegDeleteValueA
Library SHELL32.dll:
0x4963c4 DragQueryPoint
0x4963c8 SHEmptyRecycleBinA
0x4963cc SHFileOperationA
0x4963d4 SHBrowseForFolderA
0x4963d8 SHGetDesktopFolder
0x4963dc SHGetMalloc
0x4963e0 SHGetFolderPathA
0x4963e4 ShellExecuteExA
0x4963e8 Shell_NotifyIconA
0x4963ec DragFinish
0x4963f0 DragQueryFileA
0x4963f4 ExtractIconA
Library ole32.dll:
0x4966f0 OleInitialize
0x4966f4 OleUninitialize
0x4966f8 CoCreateInstance
0x4966fc CoInitialize
0x496700 CoUninitialize
0x496704 CLSIDFromString
0x496708 CoGetObject
0x49670c StringFromGUID2
Library OLEAUT32.dll:
0x496364 SafeArrayGetLBound
0x496368 GetActiveObject
0x49636c OleLoadPicture
0x496378 SafeArrayAccessData
0x49637c SafeArrayUnlock
0x496380 SafeArrayPtrOfIndex
0x496384 SafeArrayLock
0x496388 SafeArrayGetDim
0x49638c SafeArrayDestroy
0x496390 SafeArrayGetUBound
0x496394 VariantCopyInd
0x496398 SafeArrayCopy
0x49639c SysAllocString
0x4963a0 VariantChangeType
0x4963a4 VariantClear
0x4963a8 SafeArrayCreate
0x4963ac SysFreeString
0x4963b0 SysStringLen

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49238 239.255.255.250 1900
192.168.56.101 53658 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.