1.8
低危
1 个模型检测该样本为恶意!
重新分析
更多

3b02d28fb229dde148fd05884eeed5263a89574dd68c0767e4243894db17a602

07af303c7580bb5f54f050df812cbfda.exe

分析耗时

18s

最近分析

文件大小

407.6KB
静态报毒 动态报毒 SIGGEN8
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20200710 6.0.6.653
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20200710 18.4.3895.0
Tencent 20200710 1.0.0.1
Kingsoft 20200710 2013.8.14.323
CrowdStrike 20190702 1.0
静态指标
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1620119185.817838
IsDebuggerPresent
failed 0 0
行为判定
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Created a service where a service was also not started (1 个事件)
Time & API Arguments Status Return Repeated
1620119185.785838
CreateServiceA
service_start_name:
start_type: 3
service_handle: 0x000000000034b170
display_name: GENERICDRV
error_control: 1
service_name: GENERICDRV
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\amifldrv64.sys
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\amifldrv64.sys
service_manager_handle: 0x000000000034b140
desired_access: 983551
service_type: 1
password:
success 3453296 0
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2013-08-07 15:44:52

Imports

Library USER32.dll:
0x14003d368 CreateWindowExA
0x14003d370 GetMessageA
0x14003d378 TranslateMessage
0x14003d380 DispatchMessageA
0x14003d388 DefWindowProcA
0x14003d390 RegisterClassExA
0x14003d398 ExitWindowsEx
0x14003d3a0 BlockInput
0x14003d3a8 SystemParametersInfoA
0x14003d3b0 wsprintfA
0x14003d3b8 MessageBoxA
Library KERNEL32.dll:
0x14003d060 Sleep
0x14003d068 FreeLibrary
0x14003d070 GetProcAddress
0x14003d078 LoadLibraryA
0x14003d080 GetVersionExA
0x14003d088 SetThreadExecutionState
0x14003d090 GetLastError
0x14003d098 CreateMutexA
0x14003d0a0 SetConsoleCtrlHandler
0x14003d0a8 GetCurrentProcess
0x14003d0b0 DeleteFileA
0x14003d0b8 GetCurrentDirectoryA
0x14003d0c0 GetModuleFileNameA
0x14003d0c8 GetModuleHandleA
0x14003d0d0 CloseHandle
0x14003d0d8 DeviceIoControl
0x14003d0e0 GetWindowsDirectoryA
0x14003d0e8 GetSystemDirectoryA
0x14003d0f0 CreateThread
0x14003d0f8 LocalFree
0x14003d100 CreateNamedPipeA
0x14003d108 WriteFile
0x14003d110 ReadFile
0x14003d118 SetEndOfFile
0x14003d120 GetProcessHeap
0x14003d128 CompareStringA
0x14003d130 CompareStringW
0x14003d138 SetEnvironmentVariableA
0x14003d140 ReadConsoleInputA
0x14003d148 SetConsoleMode
0x14003d150 CreateFileA
0x14003d158 RtlVirtualUnwind
0x14003d160 GetLocaleInfoA
0x14003d168 EnterCriticalSection
0x14003d170 LeaveCriticalSection
0x14003d178 GetTimeZoneInformation
0x14003d180 GetSystemTimeAsFileTime
0x14003d188 GetModuleHandleW
0x14003d190 ExitProcess
0x14003d198 HeapFree
0x14003d1a0 HeapAlloc
0x14003d1a8 GetCommandLineA
0x14003d1b0 RaiseException
0x14003d1b8 RtlPcToFileHeader
0x14003d1c0 TerminateProcess
0x14003d1c8 UnhandledExceptionFilter
0x14003d1d8 IsDebuggerPresent
0x14003d1e0 RtlLookupFunctionEntry
0x14003d1e8 RtlCaptureContext
0x14003d1f0 WideCharToMultiByte
0x14003d1f8 GetConsoleCP
0x14003d200 GetConsoleMode
0x14003d208 FlushFileBuffers
0x14003d210 RtlUnwindEx
0x14003d218 DeleteCriticalSection
0x14003d220 SetHandleCount
0x14003d228 GetStdHandle
0x14003d230 GetFileType
0x14003d238 GetStartupInfoA
0x14003d240 EncodePointer
0x14003d248 DecodePointer
0x14003d250 FlsGetValue
0x14003d258 FlsSetValue
0x14003d260 FlsFree
0x14003d268 SetLastError
0x14003d270 GetCurrentThreadId
0x14003d278 FlsAlloc
0x14003d280 HeapSize
0x14003d288 GetCPInfo
0x14003d290 GetACP
0x14003d298 GetOEMCP
0x14003d2a0 IsValidCodePage
0x14003d2a8 LCMapStringA
0x14003d2b0 MultiByteToWideChar
0x14003d2b8 LCMapStringW
0x14003d2c8 HeapSetInformation
0x14003d2d0 HeapCreate
0x14003d2d8 SetFilePointer
0x14003d2e0 FreeEnvironmentStringsA
0x14003d2e8 GetEnvironmentStrings
0x14003d2f0 FreeEnvironmentStringsW
0x14003d2f8 GetEnvironmentStringsW
0x14003d300 QueryPerformanceCounter
0x14003d308 GetTickCount
0x14003d310 GetCurrentProcessId
0x14003d318 WriteConsoleA
0x14003d320 GetConsoleOutputCP
0x14003d328 WriteConsoleW
0x14003d330 SetStdHandle
0x14003d338 HeapReAlloc
0x14003d340 GetStringTypeA
0x14003d348 GetStringTypeW
Library ADVAPI32.dll:
0x14003d000 LookupPrivilegeValueA
0x14003d008 AdjustTokenPrivileges
0x14003d010 RegOpenKeyExA
0x14003d018 OpenSCManagerA
0x14003d020 DeleteService
0x14003d028 ControlService
0x14003d030 OpenServiceA
0x14003d038 StartServiceA
0x14003d040 CreateServiceA
0x14003d048 CloseServiceHandle
0x14003d050 OpenProcessToken
Library SHELL32.dll:
0x14003d358 ShellExecuteA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.