4.6
中危
1 个模型检测该样本为恶意!
重新分析
更多

0eb5250922170bc1a0c40ce8f2e4631586de1aa787211cb942556e0e3b9535a7

17055aeaf67f75412db30b41a9d096c4.exe

分析耗时

81s

最近分析

文件大小

10.2MB
静态报毒 动态报毒 BICE HLLW
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20190913 6.0.6.653
Alibaba 20190527 0.3.0.5
CrowdStrike 20190702 1.0
Baidu 20190318 1.0.0.2
Avast 20190913 18.4.3895.0
Kingsoft 20190913 2013.8.14.323
Tencent 20190913 1.0.0.1
静态指标
This executable is signed
This executable has a PDB path (1 个事件)
pdb_path d:\AutoBuild\QQTalk_AutoBuild\HummerPack\QT4084\AutoProject\QTalkSetup.pdb
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620124949.205501
GlobalMemoryStatusEx
success 1 0
The file contains an unknown PE resource name possibly indicative of a packer (4 个事件)
resource name CFG
resource name LICENSE
resource name MSI
resource name PNG
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1620124949.876501
__exception__
stacktrace: 
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetCursor+0x2ff DrawStateW-0x265 user32+0x3f9df @ 0x775cf9df
GetCursor+0xa4 DrawStateW-0x4c0 user32+0x3f784 @ 0x775cf784
GetCursor+0x1a9 DrawStateW-0x3bb user32+0x3f889 @ 0x775cf889
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x775a965e
SetKeyboardState+0xbbd CliImmSetHotKey-0x12c9e user32+0x4206f @ 0x775d206f
DialogBoxIndirectParamAorW+0xf7 SetDlgItemTextW-0x55 user32+0x3cf4b @ 0x775ccf4b
DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x775cce8a
DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x775cd009
17055aeaf67f75412db30b41a9d096c4+0x32e26 @ 0x432e26
17055aeaf67f75412db30b41a9d096c4+0x37e69 @ 0x437e69
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634408
registers.edi: 2
registers.eax: 4619920
registers.ebp: 1635040
registers.edx: 2130566132
registers.ebx: 4619920
registers.esi: 1983207793
registers.ecx: 3323199488
exception.instruction_r: 66 c7 04 78 00 00 83 c0 02 50 e8 4f 7a 00 00 83
exception.symbol: 17055aeaf67f75412db30b41a9d096c4+0x2eb6e
exception.instruction: mov word ptr [eax + edi*2], 0
exception.module: 17055aeaf67f75412db30b41a9d096c4.exe
exception.exception_code: 0xc0000005
exception.offset: 191342
exception.address: 0x42eb6e
success 0 0
1620124952.689501
__exception__
stacktrace: 
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetCursor+0x2ff DrawStateW-0x265 user32+0x3f9df @ 0x775cf9df
GetCursor+0xa4 DrawStateW-0x4c0 user32+0x3f784 @ 0x775cf784
GetCursor+0x1a9 DrawStateW-0x3bb user32+0x3f889 @ 0x775cf889
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x775a965e
SetKeyboardState+0xbbd CliImmSetHotKey-0x12c9e user32+0x4206f @ 0x775d206f
CreateDialogIndirectParamAorW+0x33 CreateDialogParamW-0x9 user32+0x410d3 @ 0x775d10d3
CreateDialogParamW+0x49 UnregisterHotKey-0x176 user32+0x41125 @ 0x775d1125
17055aeaf67f75412db30b41a9d096c4+0xdd56 @ 0x40dd56

registers.esp: 1632928
registers.edi: 2002579898
registers.eax: 4619924
registers.ebp: 1632952
registers.edx: 2130566132
registers.ebx: 2002425465
registers.esi: 65934
registers.ecx: 15430
exception.instruction_r: 66 c7 04 48 00 00 83 c0 02 50 68 fd 03 00 00 56
exception.symbol: 17055aeaf67f75412db30b41a9d096c4+0xdb69
exception.instruction: mov word ptr [eax + ecx*2], 0
exception.module: 17055aeaf67f75412db30b41a9d096c4.exe
exception.exception_code: 0xc0000005
exception.offset: 56169
exception.address: 0x40db69
success 0 0
行为判定
动态指标
Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (1 个事件)
Time & API Arguments Status Return Repeated
1620124953.064501
GetDiskFreeSpaceExW
root_path: C:\
free_bytes_available: 0
total_number_of_free_bytes: 19434270720
total_number_of_bytes: 0
success 1 0
Foreign language identified in PE resource (50 out of 69 个事件)
name CFG language LANG_CHINESE offset 0x00067e90 filetype Little-endian UTF-16 Unicode text, with no line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000004
name LICENSE language LANG_CHINESE offset 0x00067e94 filetype Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000788c
name MSI language LANG_CHINESE offset 0x009a005c filetype 7-zip archive data, version 0.3 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00002624
name MSI language LANG_CHINESE offset 0x009a005c filetype 7-zip archive data, version 0.3 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00002624
name MSI language LANG_CHINESE offset 0x009a005c filetype 7-zip archive data, version 0.3 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00002624
name PNG language LANG_CHINESE offset 0x009e1c7c filetype PNG image data, 277 x 2, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000b4d
name PNG language LANG_CHINESE offset 0x009e1c7c filetype PNG image data, 277 x 2, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000b4d
name PNG language LANG_CHINESE offset 0x009e1c7c filetype PNG image data, 277 x 2, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000b4d
name PNG language LANG_CHINESE offset 0x009e1c7c filetype PNG image data, 277 x 2, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000b4d
name PNG language LANG_CHINESE offset 0x009e1c7c filetype PNG image data, 277 x 2, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000b4d
name PNG language LANG_CHINESE offset 0x009e1c7c filetype PNG image data, 277 x 2, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000b4d
name PNG language LANG_CHINESE offset 0x009e1c7c filetype PNG image data, 277 x 2, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000b4d
name PNG language LANG_CHINESE offset 0x009e1c7c filetype PNG image data, 277 x 2, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000b4d
name PNG language LANG_CHINESE offset 0x009e1c7c filetype PNG image data, 277 x 2, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000b4d
name PNG language LANG_CHINESE offset 0x009e1c7c filetype PNG image data, 277 x 2, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000b4d
name PNG language LANG_CHINESE offset 0x009e1c7c filetype PNG image data, 277 x 2, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000b4d
name PNG language LANG_CHINESE offset 0x009e1c7c filetype PNG image data, 277 x 2, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000b4d
name PNG language LANG_CHINESE offset 0x009e1c7c filetype PNG image data, 277 x 2, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000b4d
name PNG language LANG_CHINESE offset 0x009e1c7c filetype PNG image data, 277 x 2, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000b4d
name PNG language LANG_CHINESE offset 0x009e1c7c filetype PNG image data, 277 x 2, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000b4d
name PNG language LANG_CHINESE offset 0x009e1c7c filetype PNG image data, 277 x 2, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000b4d
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
name RT_BITMAP language LANG_CHINESE offset 0x00a21ec0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00009dda
Creates executable files on the filesystem (50 out of 61 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\ChatFrame.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\libjpegturbo.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Misc\TXSSO\TXSSO\bin\SSOPlatform.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\SysDir\Microsoft.VC80.ATL\ATL80.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\bugreport.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\ProcessSession.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\CustomFace.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\TRAE_QT.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\arkGraphic.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\QMLDPatch.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\IMDllBuild.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\QTalkUninst.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\SysDir\ProcDll.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Misc\TXSSO\TXSSO\bin\SSOCommon.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\AuCommon.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\tinyxml.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\zlib.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\UpdateEx.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\QTFlash.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\AppView.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\libpng.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\TXSSO\InstTXSSO.exe
file C:\Windows\System32\QQVistaHelper.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\libexpat.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Misc\TXSSO\TXSSO\bin\SSOLUIControl.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\libexpatw.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\xImage.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\MainFrame.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\QTalk.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\ConfigCenter.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\SysDir\Microsoft.VC80.CRT\msvcp80.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\SysDir\Microsoft.VC80.CRT\msvcr80.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\jgImage.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\xGraphic32.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\RICHED20.DLL
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\QTDataReport.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Misc\TXSSO\InstTXSSO.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\jgIOStub.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\AppUtil.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\TXSSO\TXSSO\bin\SSOAxCtrlForPTLogin.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\SysDir\Microsoft.VC80.CRT\msvcm80.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\AudioEngine.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\UtilGif.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\AudioHook.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\SysDir\Microsoft.Windows.GdiPlus\GdiPlus.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\TXSSO\TXSSO\bin\SSOLUIControl.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\SysDir\InstAsm.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\TXSSO\TXSSO\bin\SSOPlatform.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\Common.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\GF.dll
Drops an executable to the user AppData folder (50 out of 56 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Misc\TXSSO\InstTXSSO.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\QTalk.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\TRAE_QT.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\Common.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\SysDir\Microsoft.Windows.GdiPlus\GdiPlus.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\AuCommon.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\UpdateEx.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\libjpegturbo.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\QTWeb.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\QTDataReport.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\libexpat.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\zlib.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\xGui.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\AudioEngine.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\RICHED20.DLL
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\GF.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\qtupd.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\AudioHook.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\arkGraphic.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\UtilGif.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\ConfigCenter.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\QTalkUninst.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\bugreport.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Misc\TXSSO\TXSSO\bin\SSOLUIControl.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\util.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\WebApi.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\MainFrame.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\tinyxml.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\AppUtil.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\IMDllBuild.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\libjpeg6.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\tssafeedit.dat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\QTFlash.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\libexpatw.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\SysDir\Microsoft.VC80.CRT\msvcm80.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Misc\TXSSO\TXSSO\bin\SSOAxCtrlForPTLogin.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\TXSSO\TXSSO\bin\SSOPlatform.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\SysDir\ProcDll.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\SysDir\Microsoft.VC80.CRT\msvcp80.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\QTSDK.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\libpng.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\jgIOStub.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\CustomFace.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\xGraphic32.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\ProcessSession.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\jgImage.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\SysDir\InstAsm.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\Bin\xImage.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\TXSSO\TXSSO\bin\SSOCommon.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\SysDir\Microsoft.VC80.ATL\ATL80.dll
File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)
DrWeb Win32.HLLW.Bice
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.988211032097047 section {'size_of_data': '0x009ce000', 'virtual_address': '0x00067000', 'entropy': 7.988211032097047, 'name': '.rsrc', 'virtual_size': '0x009cd584'} description A section with a high entropy has been found
entropy 0.9627924817798236 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Appends a known multi-family ransomware file extension to files that have been encrypted (2 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\I18N\2052\KernelUrlBundle.xml.enc
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Tencent\STemp\QTalk\QTalk~0\program files\Tencent\QTalk\I18N\2052\UrlBundle.xml.enc
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2012-06-15 20:14:06

Imports

Library MSIMG32.dll:
0x452264 TransparentBlt
Library SHELL32.dll:
0x452288 SHChangeNotify
0x452290 SHBrowseForFolderW
0x452294 SHFileOperationW
0x45229c Shell_NotifyIconW
0x4522a4 ShellExecuteW
Library ADVAPI32.dll:
0x452000 RegDeleteKeyW
0x452004 RegCreateKeyW
0x452008 RegOpenKeyExW
0x45200c RegDeleteValueW
0x452010 RegQueryValueExW
0x452014 RegCloseKey
0x452018 RegSetValueExW
Library SHLWAPI.dll:
0x4522ac PathFileExistsW
0x4522b0 PathStripToRootW
0x4522b4 PathAppendW
0x4522bc PathFindFileNameW
0x4522c0 PathRemoveFileSpecW
Library PSAPI.DLL:
Library KERNEL32.dll:
0x452064 GetStartupInfoA
0x452068 GetFileType
0x45206c VirtualAlloc
0x452070 VirtualFree
0x452074 LoadResource
0x452078 CreateDirectoryW
0x45207c WriteFile
0x452080 SizeofResource
0x452084 GetFileAttributesW
0x452088 ReadFile
0x45208c CreateFileW
0x452090 MultiByteToWideChar
0x452094 LockResource
0x452098 CloseHandle
0x45209c DeleteFileW
0x4520a0 FreeResource
0x4520a4 GetDriveTypeW
0x4520a8 FindResourceW
0x4520b0 WaitForSingleObject
0x4520b4 CreateThread
0x4520c0 Sleep
0x4520c8 FreeLibrary
0x4520cc GetLastError
0x4520d0 GetTickCount
0x4520d4 LoadLibraryExW
0x4520d8 GetProcAddress
0x4520dc FormatMessageW
0x4520e0 LocalFree
0x4520e4 FindResourceExW
0x4520e8 CreateProcessW
0x4520ec RemoveDirectoryW
0x4520f0 GetDiskFreeSpaceExW
0x4520fc FindFirstFileW
0x452104 SetFileAttributesW
0x452108 GetSystemDirectoryW
0x45210c GetVersionExW
0x452110 MoveFileExW
0x452114 MoveFileW
0x452118 lstrcmpW
0x45211c FindNextFileW
0x452120 GetModuleFileNameW
0x452124 CopyFileW
0x452128 WideCharToMultiByte
0x45212c lstrcmpiW
0x452130 GetLocalTime
0x452138 Process32FirstW
0x45213c OpenProcess
0x452140 TerminateProcess
0x452144 Process32NextW
0x452148 GlobalAlloc
0x45214c GlobalLock
0x452150 GlobalUnlock
0x452154 GetCurrentThreadId
0x452158 CreateMutexW
0x452160 LoadLibraryW
0x452164 RaiseException
0x45216c GetCurrentProcess
0x452170 SetLastError
0x452178 GetCommandLineW
0x45217c SetHandleCount
0x452180 LCMapStringW
0x452184 LCMapStringA
0x452188 GetConsoleMode
0x45218c GetConsoleCP
0x452190 RtlUnwind
0x452194 IsValidCodePage
0x452198 GetOEMCP
0x45219c GetACP
0x4521a0 GetCPInfo
0x4521a4 TlsFree
0x4521a8 TlsSetValue
0x4521ac TlsAlloc
0x4521b0 TlsGetValue
0x4521b4 GetModuleFileNameA
0x4521b8 GetStdHandle
0x4521bc ExitProcess
0x4521c0 GetModuleHandleA
0x4521c4 HeapCreate
0x4521c8 HeapDestroy
0x4521cc HeapSize
0x4521d0 HeapReAlloc
0x4521d4 GetStartupInfoW
0x4521d8 GetProcessHeap
0x4521dc GetVersionExA
0x4521e0 GetThreadLocale
0x4521e8 IsDebuggerPresent
0x4521f4 HeapAlloc
0x4521f8 HeapFree
0x4521fc LocalAlloc
0x452200 SetFilePointer
0x452214 IsValidLocale
0x452218 SetStdHandle
0x45221c FlushFileBuffers
0x452220 WriteConsoleA
0x452224 GetConsoleOutputCP
0x452228 WriteConsoleW
0x45222c CreateFileA
0x452230 GetLocaleInfoW
0x452234 SetEndOfFile
0x452238 GetCommandLineA
0x45223c GetCurrentProcessId
0x452240 GetStringTypeA
0x452244 GetStringTypeW
0x452248 InterlockedExchange
0x45224c LoadLibraryA
0x452250 GetUserDefaultLCID
0x452254 GetLocaleInfoA
0x452258 FindClose
0x45225c EnumSystemLocalesA
Library USER32.dll:
0x4522c8 GetActiveWindow
0x4522cc FindWindowExW
0x4522d0 DrawTextW
0x4522d4 GetClientRect
0x4522d8 PostQuitMessage
0x4522dc SetFocus
0x4522e0 GetDlgItemTextW
0x4522e4 CallNextHookEx
0x4522e8 UnhookWindowsHookEx
0x4522ec TrackMouseEvent
0x4522f0 GetParent
0x4522f4 GetClassNameW
0x4522f8 DestroyIcon
0x4522fc GetDC
0x452300 ReleaseCapture
0x452304 GetDlgCtrlID
0x452308 SetWindowRgn
0x45230c BringWindowToTop
0x452310 EnumWindows
0x452314 GetWindowLongW
0x452318 PtInRect
0x45231c DialogBoxParamW
0x452320 SetWindowLongW
0x452324 SetCursor
0x452328 MapVirtualKeyW
0x45232c LoadCursorW
0x452330 GetWindowDC
0x452334 MessageBoxW
0x452338 GetCursorPos
0x45233c CreateDialogParamW
0x452340 SetCursorPos
0x452344 OffsetRect
0x452348 InvalidateRect
0x45234c KillTimer
0x452350 UpdateWindow
0x452354 SetTimer
0x452358 wsprintfW
0x45235c DestroyWindow
0x452360 GetWindowRect
0x452364 SetWindowPos
0x452368 SetDlgItemTextW
0x45236c EndDialog
0x452370 EnableWindow
0x452374 ShowWindow
0x452378 SetWindowTextW
0x45237c GetWindowTextW
0x452380 GetDlgItem
0x452384 SendMessageW
0x452388 LoadImageW
0x45238c LoadBitmapW
0x452390 GetKeyState
0x452394 SetWindowsHookExW
0x452398 FindWindowW
0x45239c PostMessageW
0x4523a0 ReleaseDC
0x4523a4 GetWindow
0x4523a8 DrawIconEx
0x4523ac LoadAcceleratorsW
0x4523b0 TranslateMessage
0x4523b4 GetMessageW
0x4523bc DispatchMessageW
0x4523c0 CharNextW
0x4523c4 GetFocus
0x4523cc UnregisterClassA
Library GDI32.dll:
0x452020 DeleteDC
0x452024 CreateFontW
0x452028 BitBlt
0x45202c DeleteObject
0x452030 SetBkColor
0x452034 CreateRoundRectRgn
0x45203c GetObjectW
0x452040 GetStockObject
0x452044 CreateCompatibleDC
0x45204c TextOutW
0x452050 SelectObject
0x452054 GetTextColor
0x452058 SetTextColor
0x45205c SetBkMode
Library ole32.dll:
0x4523d4 CoTaskMemFree
0x4523d8 CoUninitialize
0x4523dc CoCreateInstance
0x4523e0 OleUninitialize
0x4523e4 OleInitialize
0x4523ec CoInitializeEx
0x4523f0 CoInitialize
Library OLEAUT32.dll:
0x45226c SysStringLen
0x452270 SysFreeString
0x452274 SysAllocString

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.