2.6
中危
3 个模型检测该样本为恶意!
重新分析
更多

ee5b4433b145bcaa9ac7c1460844299dcf1a7b5272f44745d2e0dd9a9e2b8823

0d85b1139fc7606fe9f92d6cd902ea08.exe

分析耗时

84s

最近分析

文件大小

171.5KB
静态报毒 动态报毒 CONFIDENCE MALICIOUS SCORE
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20200522 6.0.6.653
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Kingsoft 20200522 2013.8.14.323
Tencent 20200522 1.0.0.1
Avast 20200521 18.4.3895.0
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1620119616.907046
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1620119615.938046
IsDebuggerPresent
failed 0 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .code
The executable uses a known packer (1 个事件)
packer PureBasic 4.x -> Neil Hodgson
行为判定
动态指标
File has been identified by 3 AntiVirus engines on VirusTotal as malicious (3 个事件)
APEX Malicious
Trapmine suspicious.low.ml.score
CrowdStrike win/malicious_confidence_60% (W)
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.040622335352176 section {'size_of_data': '0x0001ae00', 'virtual_address': '0x00013000', 'entropy': 7.040622335352176, 'name': '.rsrc', 'virtual_size': '0x0001ad3c'} description A section with a high entropy has been found
entropy 0.6304985337243402 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1620119616.126046
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2013-08-10 18:25:05

Imports

Library MSVCRT.dll:
0x411224 memset
0x411228 memcpy
0x41122c _isnan
0x411230 wcslen
0x411234 wcscpy
0x411238 wcsncpy
0x41123c wcscat
0x411240 memmove
0x411244 wcscmp
0x411248 _wcsicmp
0x41124c wcsncmp
0x411250 fabs
0x411254 ceil
0x411258 malloc
0x41125c floor
0x411260 free
0x411264 fclose
0x411268 _vsnwprintf
Library KERNEL32.dll:
0x411270 GetModuleHandleW
0x411274 HeapCreate
0x411278 HeapDestroy
0x41127c ExitProcess
0x411280 GetCurrentProcess
0x411284 CloseHandle
0x411288 SetPriorityClass
0x41128c Sleep
0x411294 Thread32First
0x411298 Thread32Next
0x41129c OpenThread
0x4112a0 ResumeThread
0x4112a4 SuspendThread
0x4112a8 GlobalAlloc
0x4112ac OpenProcess
0x4112b0 GlobalFree
0x4112b4 TerminateProcess
0x4112b8 GetPriorityClass
0x4112bc GetComputerNameW
0x4112c0 GlobalMemoryStatus
0x4112c4 GetSystemDirectoryW
0x4112c8 HeapAlloc
0x4112cc HeapFree
0x4112d0 WriteFile
0x4112d4 FreeLibrary
0x4112d8 LoadLibraryW
0x4112dc WideCharToMultiByte
0x4112e0 GetProcAddress
0x4112e4 LoadLibraryA
0x4112ec GetCurrentProcessId
0x4112f0 GetCurrentThreadId
0x411300 DuplicateHandle
0x411304 CreatePipe
0x411308 GetStdHandle
0x41130c CreateProcessW
0x411310 WaitForSingleObject
0x41131c GetVersionExA
0x411320 HeapReAlloc
0x411324 SetLastError
0x411328 GetVersionExW
0x41132c TlsAlloc
0x411330 MulDiv
0x411334 MoveFileW
0x411338 DeleteFileW
Library USER32.DLL:
0x411344 CharLowerW
0x411348 MessageBoxW
0x41134c GetForegroundWindow
0x411354 IsWindowVisible
0x411358 GetWindowLongA
0x41135c IsWindowEnabled
0x411360 EnableWindow
0x411364 EnumWindows
0x411368 SetWindowPos
0x41136c SetMenu
0x411370 DestroyMenu
0x411374 CreatePopupMenu
0x411378 AppendMenuW
0x41137c CreateMenu
0x411380 GetMenuItemInfoW
0x411384 SetMenuItemInfoW
0x411388 EnableMenuItem
0x41138c GetCursorPos
0x411390 SetForegroundWindow
0x411394 TrackPopupMenu
0x411398 DestroyWindow
0x41139c SendMessageW
0x4113a0 GetPropW
0x4113a4 SetPropW
0x4113a8 RedrawWindow
0x4113ac RemovePropW
0x4113b0 GetWindowLongW
0x4113b4 SetWindowLongW
0x4113b8 CallWindowProcW
0x4113bc GetSysColor
0x4113c0 CreateWindowExW
0x4113c4 SendMessageA
0x4113c8 GetSysColorBrush
0x4113cc SetFocus
0x4113d0 GetFocus
0x4113d4 GetParent
0x4113d8 GetClassNameW
0x4113dc FillRect
0x4113e0 GetSystemMetrics
0x4113e4 GetPropA
0x4113e8 SetPropA
0x4113ec GetClientRect
0x4113f0 GetWindowRect
0x4113f4 MapWindowPoints
0x4113f8 DrawFrameControl
0x4113fc DefWindowProcW
0x411400 EnumPropsExW
0x411404 GetWindow
0x411408 SetActiveWindow
0x41140c UnregisterClassW
0x411414 LoadIconW
0x411418 LoadCursorW
0x41141c RegisterClassW
0x411420 AdjustWindowRectEx
0x411424 GetActiveWindow
0x411428 ShowWindow
0x411430 ScreenToClient
0x411434 PeekMessageW
0x41143c GetMessageW
0x411444 TranslateMessage
0x411448 DispatchMessageW
0x41144c EnumChildWindows
0x411450 PostMessageW
0x411454 DefFrameProcW
0x411458 IsChild
0x41145c GetKeyState
0x411460 SetCursorPos
0x411464 LoadImageW
0x411468 SetCursor
0x41146c MoveWindow
0x411474 SetCapture
0x411478 ReleaseCapture
0x41147c DefWindowProcA
0x411480 RegisterClassA
0x411484 CreateWindowExA
0x41148c DestroyIcon
Library GDI32.DLL:
0x411494 GetStockObject
0x411498 SetBkColor
0x41149c SetTextColor
0x4114a4 SelectObject
0x4114a8 CreateDCW
0x4114ac CreateCompatibleDC
0x4114b0 DeleteDC
0x4114b4 GetObjectW
0x4114b8 StretchBlt
0x4114bc GetObjectType
0x4114c0 DeleteObject
0x4114c4 CreatePen
0x4114c8 MoveToEx
0x4114cc LineTo
0x4114d0 CreateDIBSection
0x4114d4 GetObjectA
0x4114d8 CreateSolidBrush
0x4114e0 GetClipRgn
0x4114e4 ExtSelectClipRgn
0x4114e8 SelectClipRgn
0x4114ec GetDIBits
0x4114f0 BitBlt
0x4114f4 CreateBitmap
0x4114f8 SetPixel
0x4114fc GetDeviceCaps
0x411500 CreateFontW
Library COMDLG32.DLL:
0x411508 GetSaveFileNameW
0x41150c GetOpenFileNameW
Library ADVAPI32.DLL:
0x411514 OpenProcessToken
Library COMCTL32.DLL:
0x411528 ImageList_Destroy
0x41152c ImageList_Remove
0x411530 ImageList_AddMasked
0x411534 ImageList_Create
0x411538 ImageList_Add
Library OLE32.DLL:
0x411548 CoInitialize
0x41154c RevokeDragDrop
Library SHELL32.DLL:
0x411554 ShellExecuteW
0x411558 ExtractIconW
0x41155c ShellExecuteExW
Library WSOCK32.DLL:
0x411564 closesocket
0x411568 WSACleanup
0x41156c WSAStartup
Library WINMM.DLL:
0x411574 timeBeginPeriod
0x411578 timeEndPeriod

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51809 239.255.255.250 3702
192.168.56.101 51811 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 63430 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.