SmartHawk

1.8

低危

3 个模型检测该样本为恶意！

重新分析

下载样本

ce7b3a8a13187c0832ac61d1236f07e71a0954bc6327a295382476de4f100e14

1a1c35baea6abf15e90b2c8df78e9764.exe

分析耗时

77s

查杀引擎	查杀时间	查杀版本
Alibaba	20190527	0.3.0.5
Baidu	20190318	1.0.0.2
Tencent	20200630	1.0.0.1
Kingsoft	20200630	2013.8.14.323
McAfee	20200630	6.0.6.653
Avast	20200630	18.4.3895.0
CrowdStrike	20190702	1.0

Time & API	Arguments	Status	Return	Repeated
1620119620.172205 NtAllocateVirtualMemory	process_identifier: 2064 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00390000	success	0	0

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:

• 0x55f190 DeleteCriticalSection

• 0x55f194 LeaveCriticalSection

• 0x55f198 EnterCriticalSection

• 0x55f19c InitializeCriticalSection

• 0x55f1a0 VirtualFree

• 0x55f1a4 VirtualAlloc

• 0x55f1a8 LocalFree

• 0x55f1ac LocalAlloc

• 0x55f1b0 GetVersion

• 0x55f1b4 GetCurrentThreadId

• 0x55f1b8 InterlockedDecrement

• 0x55f1bc InterlockedIncrement

• 0x55f1c0 VirtualQuery

• 0x55f1c4 WideCharToMultiByte

• 0x55f1c8 MultiByteToWideChar

• 0x55f1cc lstrlenA

• 0x55f1d0 lstrcpynA

• 0x55f1d4 LoadLibraryExA

• 0x55f1d8 GetThreadLocale

• 0x55f1dc GetStartupInfoA

• 0x55f1e0 GetProcAddress

• 0x55f1e4 GetModuleHandleA

• 0x55f1e8 GetModuleFileNameA

• 0x55f1ec GetLocaleInfoA

• 0x55f1f0 GetCommandLineA

• 0x55f1f4 FreeLibrary

• 0x55f1f8 FindFirstFileA

• 0x55f1fc FindClose

• 0x55f200 ExitProcess

• 0x55f204 ExitThread

• 0x55f208 CreateThread

• 0x55f20c WriteFile

• 0x55f210 UnhandledExceptionFilter

• 0x55f214 RtlUnwind

• 0x55f218 RaiseException

• 0x55f21c GetStdHandle

Library user32.dll:

• 0x55f224 GetKeyboardType

• 0x55f228 LoadStringA

• 0x55f22c MessageBoxA

• 0x55f230 CharNextA

Library advapi32.dll:

• 0x55f238 RegQueryValueExA

• 0x55f23c RegOpenKeyExA

• 0x55f240 RegCloseKey

Library oleaut32.dll:

• 0x55f248 SysFreeString

• 0x55f24c SysReAllocStringLen

• 0x55f250 SysAllocStringLen

Library kernel32.dll:

• 0x55f258 TlsSetValue

• 0x55f25c TlsGetValue

• 0x55f260 LocalAlloc

• 0x55f264 GetModuleHandleA

Library advapi32.dll:

• 0x55f26c RegSetValueExA

• 0x55f270 RegQueryValueExA

• 0x55f274 RegOpenKeyExA

• 0x55f278 RegFlushKey

• 0x55f27c RegCreateKeyExA

• 0x55f280 RegCloseKey

Library kernel32.dll:

• 0x55f288 lstrlenA

• 0x55f28c lstrcpyA

• 0x55f290 lstrcmpA

• 0x55f294 lstrcatA

• 0x55f298 _lwrite

• 0x55f29c _lread

• 0x55f2a0 _lclose

• 0x55f2a4 _hread

• 0x55f2a8 WriteFile

• 0x55f2ac WinExec

• 0x55f2b0 WaitForSingleObject

• 0x55f2b4 VirtualQuery

• 0x55f2b8 VirtualAlloc

• 0x55f2bc TerminateProcess

• 0x55f2c0 Sleep

• 0x55f2c4 SizeofResource

• 0x55f2c8 SetThreadPriority

• 0x55f2cc SetThreadLocale

• 0x55f2d0 SetFileTime

• 0x55f2d4 SetFilePointer

• 0x55f2d8 SetEvent

• 0x55f2dc SetErrorMode

• 0x55f2e0 SetEndOfFile

• 0x55f2e4 ResumeThread

• 0x55f2e8 ResetEvent

• 0x55f2ec ReadFile

• 0x55f2f0 OpenProcess

• 0x55f2f4 OpenFile

• 0x55f2f8 MultiByteToWideChar

• 0x55f2fc MulDiv

• 0x55f300 LockResource

• 0x55f304 LocalFree

• 0x55f308 LocalFileTimeToFileTime

• 0x55f30c LocalAlloc

• 0x55f310 LoadResource

• 0x55f314 LoadLibraryA

• 0x55f318 LeaveCriticalSection

• 0x55f31c InitializeCriticalSection

• 0x55f320 GlobalUnlock

• 0x55f324 GlobalReAlloc

• 0x55f328 GlobalHandle

• 0x55f32c GlobalLock

• 0x55f330 GlobalFree

• 0x55f334 GlobalFindAtomA

• 0x55f338 GlobalDeleteAtom

• 0x55f33c GlobalAlloc

• 0x55f340 GlobalAddAtomA

• 0x55f344 GetWindowsDirectoryA

• 0x55f348 GetVersionExA

• 0x55f34c GetVersion

• 0x55f350 GetTickCount

• 0x55f354 GetThreadLocale

• 0x55f358 GetTempPathA

• 0x55f35c GetTempFileNameA

• 0x55f360 GetSystemInfo

• 0x55f364 GetSystemDefaultLangID

• 0x55f368 GetStringTypeExA

• 0x55f36c GetStdHandle

• 0x55f370 GetProfileIntA

• 0x55f374 GetProcAddress

• 0x55f378 GetModuleHandleA

• 0x55f37c GetModuleFileNameA

• 0x55f380 GetLocaleInfoA

• 0x55f384 GetLocalTime

• 0x55f388 GetLastError

• 0x55f38c GetFullPathNameA

• 0x55f390 GetFileTime

• 0x55f394 GetFileSize

• 0x55f398 GetFileAttributesA

• 0x55f39c GetExitCodeThread

• 0x55f3a0 GetDiskFreeSpaceA

• 0x55f3a4 GetDateFormatA

• 0x55f3a8 GetCurrentThreadId

• 0x55f3ac GetCurrentProcessId

• 0x55f3b0 GetCPInfo

• 0x55f3b4 GetACP

• 0x55f3b8 FreeResource

• 0x55f3bc InterlockedIncrement

• 0x55f3c0 InterlockedExchange

• 0x55f3c4 InterlockedDecrement

• 0x55f3c8 FreeLibrary

• 0x55f3cc FormatMessageA

• 0x55f3d0 FindResourceA

• 0x55f3d4 FindNextFileA

• 0x55f3d8 FindFirstFileA

• 0x55f3dc FindClose

• 0x55f3e0 FileTimeToSystemTime

• 0x55f3e4 FileTimeToLocalFileTime

• 0x55f3e8 FileTimeToDosDateTime

• 0x55f3ec EnumCalendarInfoA

• 0x55f3f0 EnterCriticalSection

• 0x55f3f4 DosDateTimeToFileTime

• 0x55f3f8 DeleteFileA

• 0x55f3fc DeleteCriticalSection

• 0x55f400 CreateThread

• 0x55f404 CreateFileA

• 0x55f408 CreateEventA

• 0x55f40c CreateDirectoryA

• 0x55f410 CompareStringA

• 0x55f414 CloseHandle

Library version.dll:

• 0x55f41c VerQueryValueA

• 0x55f420 GetFileVersionInfoSizeA

• 0x55f424 GetFileVersionInfoA

Library gdi32.dll:

• 0x55f42c UnrealizeObject

• 0x55f430 StretchBlt

• 0x55f434 SetWindowOrgEx

• 0x55f438 SetWinMetaFileBits

• 0x55f43c SetViewportOrgEx

• 0x55f440 SetTextColor

• 0x55f444 SetStretchBltMode

• 0x55f448 SetRectRgn

• 0x55f44c SetROP2

• 0x55f450 SetPixelV

• 0x55f454 SetPixel

• 0x55f458 SetEnhMetaFileBits

• 0x55f45c SetDIBits

• 0x55f460 SetDIBColorTable

• 0x55f464 SetBrushOrgEx

• 0x55f468 SetBkMode

• 0x55f46c SetBkColor

• 0x55f470 SelectPalette

• 0x55f474 SelectObject

• 0x55f478 SelectClipRgn

• 0x55f47c SaveDC

• 0x55f480 RoundRect

• 0x55f484 RestoreDC

• 0x55f488 Rectangle

• 0x55f48c RectVisible

• 0x55f490 RealizePalette

• 0x55f494 Polyline

• 0x55f498 Polygon

• 0x55f49c PlayEnhMetaFile

• 0x55f4a0 PatBlt

• 0x55f4a4 PaintRgn

• 0x55f4a8 OffsetClipRgn

• 0x55f4ac MoveToEx

• 0x55f4b0 MaskBlt

• 0x55f4b4 LineTo

• 0x55f4b8 IntersectClipRect

• 0x55f4bc GetWindowOrgEx

• 0x55f4c0 GetWinMetaFileBits

• 0x55f4c4 GetTextMetricsA

• 0x55f4c8 GetTextExtentPointA

• 0x55f4cc GetTextExtentPoint32A

• 0x55f4d0 GetSystemPaletteEntries

• 0x55f4d4 GetStockObject

• 0x55f4d8 GetRgnBox

• 0x55f4dc GetPixel

• 0x55f4e0 GetPaletteEntries

• 0x55f4e4 GetObjectA

• 0x55f4e8 GetNearestColor

• 0x55f4ec GetEnhMetaFilePaletteEntries

• 0x55f4f0 GetEnhMetaFileHeader

• 0x55f4f4 GetEnhMetaFileBits

• 0x55f4f8 GetDeviceCaps

• 0x55f4fc GetDIBits

• 0x55f500 GetDIBColorTable

• 0x55f504 GetDCOrgEx

• 0x55f508 GetCurrentPositionEx

• 0x55f50c GetClipBox

• 0x55f510 GetBrushOrgEx

• 0x55f514 GetBkColor

• 0x55f518 GetBitmapBits

• 0x55f51c GdiFlush

• 0x55f520 ExtTextOutA

• 0x55f524 ExcludeClipRect

• 0x55f528 Ellipse

• 0x55f52c DeleteObject

• 0x55f530 DeleteEnhMetaFile

• 0x55f534 DeleteDC

• 0x55f538 CreateSolidBrush

• 0x55f53c CreateRectRgnIndirect

• 0x55f540 CreateRectRgn

• 0x55f544 CreatePenIndirect

• 0x55f548 CreatePen

• 0x55f54c CreatePatternBrush

• 0x55f550 CreatePalette

• 0x55f554 CreateHalftonePalette

• 0x55f558 CreateFontIndirectA

• 0x55f55c CreateFontA

• 0x55f560 CreateDIBitmap

• 0x55f564 CreateDIBSection

• 0x55f568 CreateCompatibleDC

• 0x55f56c CreateCompatibleBitmap

• 0x55f570 CreateBrushIndirect

• 0x55f574 CreateBitmap

• 0x55f578 CopyEnhMetaFileA

• 0x55f57c CombineRgn

• 0x55f580 BitBlt

• 0x55f584 Arc

Library user32.dll:

• 0x55f58c CreateWindowExA

• 0x55f590 wsprintfA

• 0x55f594 keybd_event

• 0x55f598 WindowFromPoint

• 0x55f59c WindowFromDC

• 0x55f5a0 WinHelpA

• 0x55f5a4 WaitMessage

• 0x55f5a8 UpdateWindow

• 0x55f5ac UnregisterClassA

• 0x55f5b0 UnhookWindowsHookEx

• 0x55f5b4 TranslateMessage

• 0x55f5b8 TranslateMDISysAccel

• 0x55f5bc TrackPopupMenu

• 0x55f5c0 SystemParametersInfoA

• 0x55f5c4 ShowWindow

• 0x55f5c8 ShowScrollBar

• 0x55f5cc ShowOwnedPopups

• 0x55f5d0 ShowCursor

• 0x55f5d4 SetWindowRgn

• 0x55f5d8 SetWindowsHookExA

• 0x55f5dc SetWindowTextA

• 0x55f5e0 SetWindowPos

• 0x55f5e4 SetWindowPlacement

• 0x55f5e8 SetWindowLongA

• 0x55f5ec SetTimer

• 0x55f5f0 SetScrollRange

• 0x55f5f4 SetScrollPos

• 0x55f5f8 SetScrollInfo

• 0x55f5fc SetRectEmpty

• 0x55f600 SetRect

• 0x55f604 SetPropA

• 0x55f608 SetParent

• 0x55f60c SetMenuItemInfoA

• 0x55f610 SetMenu

• 0x55f614 SetForegroundWindow

• 0x55f618 SetFocus

• 0x55f61c SetCursor

• 0x55f620 SetClipboardData

• 0x55f624 SetClassLongA

• 0x55f628 SetCapture

• 0x55f62c SetActiveWindow

• 0x55f630 SendMessageA

• 0x55f634 SendDlgItemMessageA

• 0x55f638 ScrollWindow

• 0x55f63c ScreenToClient

• 0x55f640 RemovePropA

• 0x55f644 RemoveMenu

• 0x55f648 ReleaseDC

• 0x55f64c ReleaseCapture

• 0x55f650 RegisterWindowMessageA

• 0x55f654 RegisterClipboardFormatA

• 0x55f658 RegisterClassA

• 0x55f65c RedrawWindow

• 0x55f660 PtInRect

• 0x55f664 PostQuitMessage

• 0x55f668 PostMessageA

• 0x55f66c PeekMessageA

• 0x55f670 OpenIcon

• 0x55f674 OpenClipboard

• 0x55f678 OffsetRect

• 0x55f67c OemToCharA

• 0x55f680 MsgWaitForMultipleObjects

• 0x55f684 MoveWindow

• 0x55f688 MessageBoxA

• 0x55f68c MapWindowPoints

• 0x55f690 MapVirtualKeyA

• 0x55f694 LockWindowUpdate

• 0x55f698 LoadStringA

• 0x55f69c LoadKeyboardLayoutA

• 0x55f6a0 LoadIconA

• 0x55f6a4 LoadCursorA

• 0x55f6a8 LoadBitmapA

• 0x55f6ac KillTimer

• 0x55f6b0 IsZoomed

• 0x55f6b4 IsWindowVisible

• 0x55f6b8 IsWindowEnabled

• 0x55f6bc IsWindow

• 0x55f6c0 IsRectEmpty

• 0x55f6c4 IsIconic

• 0x55f6c8 IsDialogMessageA

• 0x55f6cc IsClipboardFormatAvailable

• 0x55f6d0 IsChild

• 0x55f6d4 InvalidateRect

• 0x55f6d8 IntersectRect

• 0x55f6dc InsertMenuItemA

• 0x55f6e0 InsertMenuA

• 0x55f6e4 InflateRect

• 0x55f6e8 GetWindowThreadProcessId

• 0x55f6ec GetWindowTextA

• 0x55f6f0 GetWindowRgn

• 0x55f6f4 GetWindowRect

• 0x55f6f8 GetWindowPlacement

• 0x55f6fc GetWindowLongA

• 0x55f700 GetWindowDC

• 0x55f704 GetUpdateRect

• 0x55f708 GetTopWindow

• 0x55f70c GetSystemMetrics

• 0x55f710 GetSystemMenu

• 0x55f714 GetSysColorBrush

• 0x55f718 GetSysColor

• 0x55f71c GetSubMenu

• 0x55f720 GetScrollRange

• 0x55f724 GetScrollPos

• 0x55f728 GetScrollInfo

• 0x55f72c GetPropA

• 0x55f730 GetParent

• 0x55f734 GetWindow

• 0x55f738 GetMessagePos

• 0x55f73c GetMessageA

• 0x55f740 GetMenuStringA

• 0x55f744 GetMenuState

• 0x55f748 GetMenuItemRect

• 0x55f74c GetMenuItemInfoA

• 0x55f750 GetMenuItemID

• 0x55f754 GetMenuItemCount

• 0x55f758 GetMenu

• 0x55f75c GetLastActivePopup

• 0x55f760 GetKeyboardState

• 0x55f764 GetKeyboardLayoutList

• 0x55f768 GetKeyboardLayout

• 0x55f76c GetKeyState

• 0x55f770 GetKeyNameTextA

• 0x55f774 GetIconInfo

• 0x55f778 GetForegroundWindow

• 0x55f77c GetFocus

• 0x55f780 GetDlgItem

• 0x55f784 GetDesktopWindow

• 0x55f788 GetDCEx

• 0x55f78c GetDC

• 0x55f790 GetCursorPos

• 0x55f794 GetCursor

• 0x55f798 GetClipboardData

• 0x55f79c GetClientRect

• 0x55f7a0 GetClassNameA

• 0x55f7a4 GetClassInfoA

• 0x55f7a8 GetCapture

• 0x55f7ac GetActiveWindow

• 0x55f7b0 FrameRect

• 0x55f7b4 FindWindowExA

• 0x55f7b8 FindWindowA

• 0x55f7bc FillRect

• 0x55f7c0 EqualRect

• 0x55f7c4 EnumWindows

• 0x55f7c8 EnumThreadWindows

• 0x55f7cc EnumClipboardFormats

• 0x55f7d0 EnumChildWindows

• 0x55f7d4 EndPaint

• 0x55f7d8 EnableWindow

• 0x55f7dc EnableScrollBar

• 0x55f7e0 EnableMenuItem

• 0x55f7e4 EmptyClipboard

• 0x55f7e8 DrawTextExA

• 0x55f7ec DrawTextA

• 0x55f7f0 DrawMenuBar

• 0x55f7f4 DrawIconEx

• 0x55f7f8 DrawIcon

• 0x55f7fc DrawFrameControl

• 0x55f800 DrawFocusRect

• 0x55f804 DrawEdge

• 0x55f808 DispatchMessageA

• 0x55f80c DestroyWindow

• 0x55f810 DestroyMenu

• 0x55f814 DestroyIcon

• 0x55f818 DestroyCursor

• 0x55f81c DeleteMenu

• 0x55f820 DefWindowProcA

• 0x55f824 DefMDIChildProcA

• 0x55f828 DefFrameProcA

• 0x55f82c DefDlgProcA

• 0x55f830 CreatePopupMenu

• 0x55f834 CreateMenu

• 0x55f838 CreateIcon

• 0x55f83c CloseClipboard

• 0x55f840 ClipCursor

• 0x55f844 ClientToScreen

• 0x55f848 ChildWindowFromPoint

• 0x55f84c CheckMenuItem

• 0x55f850 CallWindowProcA

• 0x55f854 CallNextHookEx

• 0x55f858 BringWindowToTop

• 0x55f85c BeginPaint

• 0x55f860 CharNextA

• 0x55f864 CharLowerBuffA

• 0x55f868 CharLowerA

• 0x55f86c CharToOemA

• 0x55f870 AdjustWindowRectEx

• 0x55f874 AdjustWindowRect

• 0x55f878 ActivateKeyboardLayout

Library kernel32.dll:

• 0x55f880 Sleep

Library oleaut32.dll:

• 0x55f888 SafeArrayPtrOfIndex

• 0x55f88c SafeArrayGetUBound

• 0x55f890 SafeArrayGetLBound

• 0x55f894 SafeArrayCreate

• 0x55f898 VariantChangeType

• 0x55f89c VariantCopyInd

• 0x55f8a0 VariantCopy

• 0x55f8a4 VariantClear

• 0x55f8a8 VariantInit

Library ole32.dll:

• 0x55f8b0 ReleaseStgMedium

• 0x55f8b4 RevokeDragDrop

• 0x55f8b8 RegisterDragDrop

• 0x55f8bc OleUninitialize

• 0x55f8c0 OleInitialize

• 0x55f8c4 CoTaskMemFree

• 0x55f8c8 CoTaskMemAlloc

• 0x55f8cc CoCreateInstance

• 0x55f8d0 CoUninitialize

• 0x55f8d4 CoInitialize

Library oleaut32.dll:

• 0x55f8dc GetErrorInfo

• 0x55f8e0 SysFreeString

Library comctl32.dll:

• 0x55f8e8 ImageList_SetIconSize

• 0x55f8ec ImageList_GetIconSize

• 0x55f8f0 ImageList_Write

• 0x55f8f4 ImageList_Read

• 0x55f8f8 ImageList_GetDragImage

• 0x55f8fc ImageList_DragShowNolock

• 0x55f900 ImageList_SetDragCursorImage

• 0x55f904 ImageList_DragMove

• 0x55f908 ImageList_DragLeave

• 0x55f90c ImageList_DragEnter

• 0x55f910 ImageList_EndDrag

• 0x55f914 ImageList_BeginDrag

• 0x55f918 ImageList_Remove

• 0x55f91c ImageList_DrawEx

• 0x55f920 ImageList_Replace

• 0x55f924 ImageList_Draw

• 0x55f928 ImageList_GetBkColor

• 0x55f92c ImageList_SetBkColor

• 0x55f930 ImageList_ReplaceIcon

• 0x55f934 ImageList_Add

• 0x55f938 ImageList_GetImageCount

• 0x55f93c ImageList_Destroy

• 0x55f940 ImageList_Create

• 0x55f944 InitCommonControls

Library shell32.dll:

• 0x55f94c ShellExecuteA

• 0x55f950 SHGetFileInfoA

Library wininet.dll:

• 0x55f958 GetUrlCacheEntryInfoA

Library shell32.dll:

• 0x55f960 SHGetSpecialFolderLocation

• 0x55f964 SHGetPathFromIDListA

• 0x55f968 SHGetMalloc

• 0x55f96c SHGetDesktopFolder

• 0x55f970 SHBrowseForFolderA

Library comdlg32.dll:

• 0x55f978 GetSaveFileNameA

• 0x55f97c GetOpenFileNameA

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58368	239.255.255.250	3702
192.168.56.101	58370	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702
192.168.56.101	62192	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.

section	CODE
section	DATA
section	BSS

APEX	Malicious
Trapmine	suspicious.low.ml.score
SentinelOne	DFI - Suspicious PE