1.4
低危
7 个模型检测该样本为恶意!
重新分析
更多

7ebf3d401db19ee41843ecbb7608faee98a390464a6ebce4894f1c8375b5909d

1ab007073fa0995039933ee6a4032fa6.exe

分析耗时

18s

最近分析

文件大小

1.1MB
静态报毒 动态报毒 BSCOPE KINGSOFT PRESENOKER SCORE UNSAFE
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20201012 6.0.6.653
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20201013 18.4.3895.0
Kingsoft 20201013 2013.8.14.323
CrowdStrike 20190702 1.0
静态指标
This executable is signed
This executable has a PDB path (1 个事件)
pdb_path S:\func_improvement_20160101_branch\Build\Release\WPSOffice\wtoolex\newupdate.pdb
行为判定
动态指标
File has been identified by 7 AntiVirus engines on VirusTotal as malicious (7 个事件)
K7AntiVirus Unwanted-Program ( 005117561 )
K7GW Unwanted-Program ( 005117561 )
eGambit Unsafe.AI_Score_99%
VBA32 BScope.Adware.Presenoker
Zoner Trojan.Win32.52228
ESET-NOD32 a variant of Win32/KingSoft.D potentially unwanted
Yandex Riskware.Agent!
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2016-01-27 04:33:16

Imports

Library KERNEL32.dll:
0x4be150 GlobalFree
0x4be154 GlobalHandle
0x4be160 GetOverlappedResult
0x4be164 CancelIo
0x4be168 WaitNamedPipeW
0x4be16c FindClose
0x4be170 RemoveDirectoryW
0x4be174 FindNextFileW
0x4be178 MoveFileExW
0x4be17c FindFirstFileW
0x4be180 GetExitCodeProcess
0x4be184 GetModuleHandleA
0x4be188 ReadProcessMemory
0x4be18c Process32NextW
0x4be190 Process32FirstW
0x4be19c GetTempPathW
0x4be1a0 GetCurrentThread
0x4be1a4 GetVersion
0x4be1a8 GetLocalTime
0x4be1ac ResetEvent
0x4be1b0 ResumeThread
0x4be1b4 InterlockedExchange
0x4be1b8 MoveFileW
0x4be1bc GetExitCodeThread
0x4be1c0 ExitProcess
0x4be1c8 CreateEventW
0x4be1cc SetEvent
0x4be1d0 GlobalLock
0x4be1d4 GlobalUnlock
0x4be1d8 lstrcmpW
0x4be1dc GlobalAlloc
0x4be1e0 SetEndOfFile
0x4be1e4 GetDriveTypeW
0x4be1ec CompareStringW
0x4be1f0 WriteConsoleW
0x4be1f4 IsValidLocale
0x4be1f8 EnumSystemLocalesA
0x4be1fc GetLocaleInfoA
0x4be200 GetUserDefaultLCID
0x4be204 GetFullPathNameA
0x4be208 FlushFileBuffers
0x4be20c SetStdHandle
0x4be210 GetConsoleMode
0x4be214 GetConsoleCP
0x4be218 GetStringTypeW
0x4be21c lstrcatW
0x4be220 IsValidCodePage
0x4be224 GetOEMCP
0x4be228 GetACP
0x4be230 IsDebuggerPresent
0x4be23c HeapCreate
0x4be240 TlsFree
0x4be244 TlsSetValue
0x4be248 TlsGetValue
0x4be24c TlsAlloc
0x4be250 SetHandleCount
0x4be25c GetCPInfo
0x4be260 LCMapStringW
0x4be264 GetDriveTypeA
0x4be26c ExitThread
0x4be270 VirtualQuery
0x4be274 GetSystemInfo
0x4be278 VirtualProtect
0x4be27c FindFirstFileExW
0x4be280 FindFirstFileExA
0x4be28c GetDateFormatW
0x4be290 GetTimeFormatW
0x4be298 RtlUnwind
0x4be29c GetStartupInfoW
0x4be2a0 HeapSetInformation
0x4be2a4 HeapSize
0x4be2a8 HeapReAlloc
0x4be2ac HeapDestroy
0x4be2b4 VirtualAlloc
0x4be2b8 VirtualFree
0x4be2c8 DecodePointer
0x4be2cc EncodePointer
0x4be2dc GetStdHandle
0x4be2e0 GetFileType
0x4be2e4 PeekNamedPipe
0x4be2e8 FormatMessageA
0x4be2ec VerSetConditionMask
0x4be2f0 VerifyVersionInfoA
0x4be2f4 SleepEx
0x4be2fc GetVersionExA
0x4be300 CreatePipe
0x4be304 GetStartupInfoA
0x4be308 CreateProcessA
0x4be30c WinExec
0x4be310 lstrcpyW
0x4be318 MulDiv
0x4be31c FindResourceExW
0x4be320 LockResource
0x4be324 SetFileTime
0x4be32c CreateDirectoryW
0x4be338 GetFileAttributesW
0x4be340 SetLastError
0x4be344 HeapAlloc
0x4be348 GetProcessHeap
0x4be34c HeapFree
0x4be354 Sleep
0x4be358 OpenMutexW
0x4be35c GetCommandLineW
0x4be360 OpenProcess
0x4be364 TerminateProcess
0x4be368 CopyFileW
0x4be370 GetDiskFreeSpaceExW
0x4be374 GetTempFileNameW
0x4be378 GetCurrentProcess
0x4be37c LocalFree
0x4be384 GetVersionExW
0x4be390 CreateFileA
0x4be394 DeviceIoControl
0x4be39c LoadLibraryA
0x4be3a0 LoadLibraryExW
0x4be3a4 FindResourceW
0x4be3a8 LoadResource
0x4be3ac SizeofResource
0x4be3b0 lstrcmpiW
0x4be3b4 GetModuleHandleW
0x4be3c4 RaiseException
0x4be3d4 CreateThread
0x4be3d8 GetLastError
0x4be3dc ReadFile
0x4be3e0 TerminateThread
0x4be3e4 GetProcAddress
0x4be3e8 CreateMutexW
0x4be3ec GetModuleFileNameW
0x4be3f0 GetTickCount
0x4be3f4 WaitForSingleObject
0x4be3f8 CreateFileW
0x4be3fc GetFileSize
0x4be400 WriteFile
0x4be404 GetCurrentThreadId
0x4be408 GetCurrentProcessId
0x4be40c OutputDebugStringW
0x4be410 SetFilePointer
0x4be414 CloseHandle
0x4be418 ReleaseMutex
0x4be420 DeleteFileW
0x4be424 lstrlenW
0x4be428 lstrlenA
0x4be42c WideCharToMultiByte
0x4be430 MultiByteToWideChar
0x4be434 FreeLibrary
0x4be438 LoadLibraryW
0x4be43c GetLocaleInfoW
Library USER32.dll:
0x4be4bc RegisterClassExW
0x4be4c0 CallWindowProcW
0x4be4c4 DispatchMessageW
0x4be4c8 TranslateMessage
0x4be4cc GetMessageW
0x4be4d0 DefWindowProcW
0x4be4d4 DestroyMenu
0x4be4d8 InsertMenuItemW
0x4be4dc RemoveMenu
0x4be4e0 EnableMenuItem
0x4be4e4 LoadImageW
0x4be4e8 LoadCursorW
0x4be4ec ExitWindowsEx
0x4be4f0 MessageBoxW
0x4be4f4 GetKeyState
0x4be4f8 LoadIconW
0x4be4fc IsIconic
0x4be500 SwitchToThisWindow
0x4be508 SetTimer
0x4be50c GetClassInfoExW
0x4be510 EnumWindows
0x4be518 GetWindowTextW
0x4be520 SetRect
0x4be528 SetFocus
0x4be534 CreateWindowExW
0x4be538 SendMessageW
0x4be53c PostMessageW
0x4be540 GetCursorPos
0x4be544 GetMenuItemID
0x4be548 SetMenuDefaultItem
0x4be54c LoadMenuW
0x4be550 GetMonitorInfoW
0x4be554 MonitorFromPoint
0x4be558 TrackPopupMenu
0x4be55c GetSubMenu
0x4be560 SetForegroundWindow
0x4be564 LoadStringW
0x4be568 SendMessageTimeoutW
0x4be56c GetActiveWindow
0x4be570 PeekMessageW
0x4be574 CharNextW
0x4be578 DestroyWindow
0x4be57c UnregisterClassA
0x4be580 wsprintfW
0x4be584 GetParent
0x4be588 KillTimer
0x4be58c IsWindow
0x4be590 EnumDisplayMonitors
0x4be594 GetWindow
0x4be598 GetClassNameW
0x4be59c RedrawWindow
0x4be5a0 InvalidateRgn
0x4be5a4 GetFocus
0x4be5a8 MapDialogRect
0x4be5ac IsDialogMessageW
0x4be5b4 IsChild
0x4be5b8 SendDlgItemMessageW
0x4be5bc DrawTextW
0x4be5c0 SetWindowTextW
0x4be5c4 GetSystemMetrics
0x4be5c8 PostQuitMessage
0x4be5cc SetWindowPos
0x4be5d0 GetWindowLongW
0x4be5d8 GetDC
0x4be5dc GetWindowRect
0x4be5e0 ShowWindow
0x4be5e4 SetCursor
0x4be5e8 DestroyIcon
0x4be5ec GetDesktopWindow
0x4be5f0 FindWindowW
0x4be5f4 LoadBitmapW
0x4be5f8 FillRect
0x4be5fc CreateIconIndirect
0x4be600 ReleaseDC
0x4be604 GetIconInfo
0x4be608 SetWindowRgn
0x4be60c GetDlgItem
0x4be610 IsWindowVisible
0x4be614 ScreenToClient
0x4be618 MoveWindow
0x4be61c CopyRect
0x4be620 DestroyCursor
0x4be624 GetSysColor
0x4be628 CopyIcon
0x4be62c EndPaint
0x4be630 BeginPaint
0x4be634 InflateRect
0x4be638 PtInRect
0x4be63c ReleaseCapture
0x4be640 DrawEdge
0x4be644 DrawFocusRect
0x4be648 GetCapture
0x4be650 AdjustWindowRectEx
0x4be654 GetDlgCtrlID
0x4be658 SetCapture
0x4be65c IsWindowEnabled
0x4be660 InvalidateRect
0x4be664 UpdateWindow
0x4be668 ClientToScreen
0x4be66c GetClientRect
0x4be670 GetMenu
0x4be674 DialogBoxParamW
0x4be678 CreateDialogParamW
0x4be67c EndDialog
0x4be680 SetWindowLongW
Library GDI32.dll:
0x4be0dc BitBlt
0x4be0e0 CreateDIBSection
0x4be0e4 SetBkColor
0x4be0e8 SetTextColor
0x4be0ec SetBkMode
0x4be0f0 CreateSolidBrush
0x4be0f4 CreateFontIndirectW
0x4be0f8 GetDeviceCaps
0x4be0fc CombineRgn
0x4be100 GetPixel
0x4be104 CreateRectRgn
0x4be10c CreateCompatibleDC
0x4be110 CreateBitmap
0x4be114 StretchBlt
0x4be118 CreatePen
0x4be11c SelectObject
0x4be120 DeleteDC
0x4be124 DeleteObject
0x4be128 LineTo
0x4be12c GetTextMetricsW
0x4be130 MoveToEx
0x4be134 GetStockObject
0x4be140 TextOutW
0x4be144 CreateRoundRectRgn
0x4be148 GetObjectW
Library SHELL32.dll:
0x4be48c Shell_NotifyIconW
0x4be490 ShellExecuteExW
0x4be494 SHChangeNotify
0x4be49c ShellExecuteW
0x4be4a0 CommandLineToArgvW
Library ole32.dll:
0x4be79c CoInitialize
0x4be7a0 CoCreateGuid
0x4be7a4 StringFromGUID2
0x4be7a8 CoTaskMemAlloc
0x4be7ac CoTaskMemRealloc
0x4be7b0 CoCreateInstance
0x4be7b4 CoTaskMemFree
0x4be7b8 CoUninitialize
0x4be7bc CoSetProxyBlanket
0x4be7c4 OleLockRunning
0x4be7c8 CoGetClassObject
0x4be7cc CLSIDFromProgID
0x4be7d0 CLSIDFromString
0x4be7d4 OleSetClipboard
0x4be7d8 OleFlushClipboard
0x4be7dc OleUninitialize
0x4be7e0 OleInitialize
Library OLEAUT32.dll:
0x4be444 VariantInit
0x4be448 VariantChangeType
0x4be44c LoadTypeLib
0x4be450 SysStringByteLen
0x4be458 SysFreeString
0x4be45c SysAllocString
0x4be460 VarUI4FromStr
0x4be464 VariantCopy
0x4be468 VariantClear
0x4be46c SysStringLen
0x4be470 SysAllocStringLen
0x4be474 DispCallFunc
0x4be47c LoadRegTypeLib
Library ADVAPI32.dll:
0x4be000 RegOpenKeyExW
0x4be004 RegCreateKeyExW
0x4be008 RegDeleteKeyW
0x4be00c RegDeleteValueW
0x4be010 RegCloseKey
0x4be014 RegSetValueExW
0x4be018 RegQueryInfoKeyW
0x4be01c RegEnumKeyExW
0x4be020 RegQueryValueExA
0x4be024 RegEnumKeyExA
0x4be028 RegOpenKeyExA
0x4be02c RevertToSelf
0x4be030 RegOpenCurrentUser
0x4be038 OpenProcessToken
0x4be03c RegQueryValueW
0x4be040 FreeSid
0x4be04c EqualSid
0x4be050 IsValidSid
0x4be054 CryptDestroyHash
0x4be058 CryptReleaseContext
0x4be05c CryptHashData
0x4be064 CryptCreateHash
0x4be068 GetUserNameW
0x4be070 GetAclInformation
0x4be074 GetAce
0x4be078 CopySid
0x4be080 OpenThreadToken
0x4be084 InitializeAcl
0x4be088 AddAce
0x4be08c RegQueryValueExW
0x4be098 DuplicateTokenEx
0x4be09c GetLengthSid
0x4be0a0 SetTokenInformation
0x4be0a4 CryptGetHashParam
0x4be0ac GetTokenInformation
Library WININET.dll:
0x4be6a8 InternetErrorDlg
0x4be6ac InternetReadFile
0x4be6b0 InternetCrackUrlW
0x4be6b8 InternetOpenW
0x4be6c0 InternetConnectW
0x4be6c4 HttpOpenRequestW
0x4be6c8 InternetSetOptionW
0x4be6d0 HttpSendRequestW
0x4be6d4 InternetCloseHandle
0x4be6d8 HttpQueryInfoW
Library WS2_32.dll:
0x4be724 WSAStartup
0x4be728 gethostbyname
0x4be72c inet_ntoa
0x4be730 WSACleanup
0x4be734 gethostname
0x4be738 ioctlsocket
0x4be73c listen
0x4be740 WSASetLastError
0x4be744 __WSAFDIsSet
0x4be748 WSAGetLastError
0x4be74c select
0x4be750 recv
0x4be754 send
0x4be758 WSAIoctl
0x4be75c setsockopt
0x4be760 getsockname
0x4be764 ntohs
0x4be768 bind
0x4be76c htons
0x4be770 getsockopt
0x4be774 getpeername
0x4be778 closesocket
0x4be77c socket
0x4be780 connect
0x4be784 freeaddrinfo
0x4be788 getaddrinfo
0x4be78c sendto
0x4be790 recvfrom
0x4be794 accept
Library SHLWAPI.dll:
0x4be4a8 PathRemoveFileSpecW
0x4be4ac PathFindFileNameW
0x4be4b0 PathFileExistsW
0x4be4b4 PathAppendW
Library COMCTL32.dll:
0x4be0b8 ImageList_GetIcon
0x4be0bc ImageList_AddMasked
0x4be0c0 ImageList_Create
0x4be0c4 _TrackMouseEvent
0x4be0c8 ImageList_Draw
0x4be0d0 ImageList_Destroy
0x4be0d4
Library VERSION.dll:
0x4be694 GetFileVersionInfoW
0x4be698 VerQueryValueW
Library PSAPI.DLL:
Library USERENV.dll:
0x4be688 UnloadUserProfile
Library WLDAP32.dll:
0x4be6e0
0x4be6e4
0x4be6e8
0x4be6ec
0x4be6f0
0x4be6f4
0x4be6f8
0x4be6fc
0x4be700
0x4be704
0x4be708
0x4be70c
0x4be710
0x4be714
0x4be718
0x4be71c

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.