SmartHawk

2.2

中危

1 个模型检测该样本为恶意！

重新分析

下载样本

7041349e9ae2b88c04fb845d079f8889899150ed1326d86a7c0388e3148dac5d

1b04a1b375b2d15eabcf6cc48e5123bb.exe

分析耗时

82s

查杀引擎	查杀时间	查杀版本
McAfee	20190519	6.0.6.653
Alibaba	20190513	0.3.0.4
Baidu	20190318	1.0.0.2
Avast	20190519	18.4.3895.0
Tencent	20190519	1.0.0.1
Kingsoft	20190519	2013.8.14.323
CrowdStrike	20190212	1.0

Time & API	Arguments	Status	Return	Repeated
1620129230.271626 GlobalMemoryStatusEx		success	1	0

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2007-01-04 19:07:49

Imports

Library VERSION.dll:

• 0x421498 GetFileVersionInfoA

• 0x42149c VerQueryValueA

Library KERNEL32.dll:

• 0x4210a4 FileTimeToSystemTime

• 0x4210a8 FileTimeToLocalFileTime

• 0x4210ac RtlUnwind

• 0x4210b0 FindNextFileA

• 0x4210b4 GetTimeZoneInformation

• 0x4210b8 GetSystemTimeAsFileTime

• 0x4210bc GetStartupInfoA

• 0x4210c0 ExitProcess

• 0x4210c4 HeapAlloc

• 0x4210c8 HeapFree

• 0x4210cc RaiseException

• 0x4210d0 CreateThread

• 0x4210d4 ExitThread

• 0x4210d8 TerminateProcess

• 0x4210dc HeapReAlloc

• 0x4210e0 HeapSize

• 0x4210e4 GetACP

• 0x4210e8 LCMapStringA

• 0x4210ec LCMapStringW

• 0x4210f0 SetHandleCount

• 0x4210f4 GetStdHandle

• 0x4210f8 GetFileType

• 0x4210fc UnhandledExceptionFilter

• 0x421100 FreeEnvironmentStringsA

• 0x421104 FreeEnvironmentStringsW

• 0x421108 GetEnvironmentStrings

• 0x42110c GetEnvironmentStringsW

• 0x421110 GetEnvironmentVariableA

• 0x421114 GetVersionExA

• 0x421118 HeapDestroy

• 0x42111c HeapCreate

• 0x421120 VirtualFree

• 0x421124 IsBadWritePtr

• 0x421128 SetUnhandledExceptionFilter

• 0x42112c GetStringTypeA

• 0x421130 GetStringTypeW

• 0x421134 SetStdHandle

• 0x421138 IsBadReadPtr

• 0x42113c IsBadCodePtr

• 0x421140 CompareStringA

• 0x421144 CompareStringW

• 0x421148 SetEnvironmentVariableA

• 0x42114c Sleep

• 0x421150 FindClose

• 0x421154 FindFirstFileA

• 0x421158 CreateDirectoryA

• 0x42115c GetUserDefaultLangID

• 0x421160 RemoveDirectoryA

• 0x421164 DeleteFileA

• 0x421168 GetWindowsDirectoryA

• 0x42116c GetPrivateProfileStringA

• 0x421170 GetPrivateProfileIntA

• 0x421174 WritePrivateProfileStringA

• 0x421178 MultiByteToWideChar

• 0x42117c GlobalUnlock

• 0x421180 GlobalLock

• 0x421184 GlobalAlloc

• 0x421188 GetFileAttributesA

• 0x42118c SetEndOfFile

• 0x421190 FlushFileBuffers

• 0x421194 SetFilePointer

• 0x421198 WriteFile

• 0x42119c ReadFile

• 0x4211a0 CreateFileA

• 0x4211a4 GetCurrentProcess

• 0x4211a8 SetErrorMode

• 0x4211ac GetOEMCP

• 0x4211b0 GetCPInfo

• 0x4211b4 TlsGetValue

• 0x4211b8 LocalReAlloc

• 0x4211bc TlsSetValue

• 0x4211c0 EnterCriticalSection

• 0x4211c4 GlobalReAlloc

• 0x4211c8 LeaveCriticalSection

• 0x4211cc TlsFree

• 0x4211d0 GlobalHandle

• 0x4211d4 DeleteCriticalSection

• 0x4211d8 TlsAlloc

• 0x4211dc InitializeCriticalSection

• 0x4211e0 LocalFree

• 0x4211e4 GetCommandLineA

• 0x4211e8 LocalAlloc

• 0x4211ec GlobalFlags

• 0x4211f0 GetProcessVersion

• 0x4211f4 FindResourceExA

• 0x4211f8 WideCharToMultiByte

• 0x4211fc InterlockedIncrement

• 0x421200 GetLastError

• 0x421204 GetModuleFileNameA

• 0x421208 lstrcmpA

• 0x42120c GetTempPathA

• 0x421210 GetCurrentThread

• 0x421214 MulDiv

• 0x421218 SetLastError

• 0x42121c lstrcpynA

• 0x421220 InterlockedDecrement

• 0x421224 CreateEventA

• 0x421228 SuspendThread

• 0x42122c SetThreadPriority

• 0x421230 ResumeThread

• 0x421234 SetEvent

• 0x421238 WaitForSingleObject

• 0x42123c CloseHandle

• 0x421240 lstrlenA

• 0x421244 LoadLibraryA

• 0x421248 FreeLibrary

• 0x42124c GetVersion

• 0x421250 lstrcatA

• 0x421254 GetCurrentThreadId

• 0x421258 GlobalGetAtomNameA

• 0x42125c lstrcmpiA

• 0x421260 GlobalAddAtomA

• 0x421264 GlobalFindAtomA

• 0x421268 GlobalDeleteAtom

• 0x42126c lstrcpyA

• 0x421270 GetModuleHandleA

• 0x421274 GetProcAddress

• 0x421278 VirtualProtect

• 0x42127c FindResourceA

• 0x421280 LoadResource

• 0x421284 LockResource

• 0x421288 GlobalFree

• 0x42128c VirtualAlloc

• 0x421290 WinExec

Library USER32.dll:

• 0x4212bc EnableMenuItem

• 0x4212c0 CheckMenuItem

• 0x4212c4 SetMenuItemBitmaps

• 0x4212c8 ModifyMenuA

• 0x4212cc GetMenuState

• 0x4212d0 LoadBitmapA

• 0x4212d4 GetMenuCheckMarkDimensions

• 0x4212d8 GetCursorPos

• 0x4212dc ValidateRect

• 0x4212e0 TranslateMessage

• 0x4212e4 GetMessageA

• 0x4212e8 SetRectEmpty

• 0x4212ec LoadAcceleratorsA

• 0x4212f0 TranslateAcceleratorA

• 0x4212f4 ReleaseCapture

• 0x4212f8 GetDesktopWindow

• 0x4212fc DestroyMenu

• 0x421300 LoadMenuA

• 0x421304 SetMenu

• 0x421308 ReuseDDElParam

• 0x42130c UnpackDDElParam

• 0x421310 InvalidateRect

• 0x421314 ClientToScreen

• 0x421318 BeginPaint

• 0x42131c EndPaint

• 0x421320 TabbedTextOutA

• 0x421324 DrawTextA

• 0x421328 GrayStringA

• 0x42132c PostQuitMessage

• 0x421330 ShowOwnedPopups

• 0x421334 LoadStringA

• 0x421338 GetSysColorBrush

• 0x42133c GetClassNameA

• 0x421340 PtInRect

• 0x421344 ReleaseDC

• 0x421348 UpdateWindow

• 0x42134c SendDlgItemMessageA

• 0x421350 MapWindowPoints

• 0x421354 GetSysColor

• 0x421358 PeekMessageA

• 0x42135c DispatchMessageA

• 0x421360 AdjustWindowRectEx

• 0x421364 ScreenToClient

• 0x421368 EqualRect

• 0x42136c DeferWindowPos

• 0x421370 BeginDeferWindowPos

• 0x421374 CopyRect

• 0x421378 EndDeferWindowPos

• 0x42137c IsWindowVisible

• 0x421380 GetTopWindow

• 0x421384 SetWindowTextA

• 0x421388 WinHelpA

• 0x42138c wsprintfA

• 0x421390 GetClassInfoA

• 0x421394 RegisterClassA

• 0x421398 GetMenu

• 0x42139c GetMenuItemCount

• 0x4213a0 GetSubMenu

• 0x4213a4 GetMenuItemID

• 0x4213a8 GetDlgCtrlID

• 0x4213ac UnregisterClassA

• 0x4213b0 DefWindowProcA

• 0x4213b4 CreateWindowExA

• 0x4213b8 SetWindowsHookExA

• 0x4213bc CallNextHookEx

• 0x4213c0 GetClassLongA

• 0x4213c4 SetPropA

• 0x4213c8 GetPropA

• 0x4213cc CallWindowProcA

• 0x4213d0 RemovePropA

• 0x4213d4 GetMessageTime

• 0x4213d8 GetMessagePos

• 0x4213dc GetLastActivePopup

• 0x4213e0 GetForegroundWindow

• 0x4213e4 SetForegroundWindow

• 0x4213e8 GetWindow

• 0x4213ec SetWindowLongA

• 0x4213f0 RegisterWindowMessageA

• 0x4213f4 SystemParametersInfoA

• 0x4213f8 IsIconic

• 0x4213fc GetWindowPlacement

• 0x421400 GetNextDlgTabItem

• 0x421404 EndDialog

• 0x421408 IsWindow

• 0x42140c CreateDialogIndirectParamA

• 0x421410 DestroyWindow

• 0x421414 GetWindowRect

• 0x421418 MapDialogRect

• 0x42141c SetWindowPos

• 0x421420 ShowWindow

• 0x421424 GetCapture

• 0x421428 GetActiveWindow

• 0x42142c SetActiveWindow

• 0x421430 GetAsyncKeyState

• 0x421434 GetWindowLongA

• 0x421438 GetFocus

• 0x42143c SetFocus

• 0x421440 GetDlgItem

• 0x421444 IsWindowEnabled

• 0x421448 GetParent

• 0x42144c KillTimer

• 0x421450 SetCursor

• 0x421454 GetClientRect

• 0x421458 GetSystemMetrics

• 0x42145c LoadIconA

• 0x421460 LoadCursorA

• 0x421464 SetTimer

• 0x421468 EnumWindows

• 0x42146c GetWindowTextA

• 0x421470 SendMessageA

• 0x421474 PostMessageA

• 0x421478 EnableWindow

• 0x42147c IsDialogMessageA

• 0x421480 GetDC

• 0x421484 BringWindowToTop

• 0x421488 MessageBoxA

• 0x42148c UnhookWindowsHookEx

• 0x421490 GetKeyState

Library GDI32.dll:

• 0x42102c CreateFontA

• 0x421030 TextOutA

• 0x421034 Rectangle

• 0x421038 SelectObject

• 0x42103c GetClipBox

• 0x421040 SetTextColor

• 0x421044 SetBkColor

• 0x421048 GetObjectA

• 0x42104c CreateBitmap

• 0x421050 DeleteDC

• 0x421054 SaveDC

• 0x421058 RestoreDC

• 0x42105c GetStockObject

• 0x421060 SetBkMode

• 0x421064 SetMapMode

• 0x421068 SetViewportOrgEx

• 0x42106c OffsetViewportOrgEx

• 0x421070 SetViewportExtEx

• 0x421074 ScaleViewportExtEx

• 0x421078 SetWindowExtEx

• 0x42107c ScaleWindowExtEx

• 0x421080 GetDeviceCaps

• 0x421084 CreateSolidBrush

• 0x421088 PtVisible

• 0x42108c RectVisible

• 0x421090 ExtTextOutA

• 0x421094 Escape

• 0x421098 EnumFontFamiliesExA

• 0x42109c DeleteObject

Library WINSPOOL.DRV:

• 0x4214a4 ClosePrinter

• 0x4214a8 OpenPrinterA

• 0x4214ac DocumentPropertiesA

Library ADVAPI32.dll:

• 0x421000 RegCreateKeyExA

• 0x421004 RegOpenKeyExA

• 0x421008 RegCloseKey

• 0x42100c RegSetValueExA

Library SHELL32.dll:

• 0x421298 DragQueryFileA

• 0x42129c DragFinish

• 0x4212a0 ShellExecuteA

• 0x4212a4 SHGetMalloc

• 0x4212a8 SHGetDesktopFolder

• 0x4212ac SHBrowseForFolderA

• 0x4212b0 SHGetSpecialFolderLocation

• 0x4212b4 SHGetPathFromIDListA

Library COMCTL32.dll:

• 0x421014 DestroyPropertySheetPage

• 0x421018 CreatePropertySheetPageA

• 0x42101c PropertySheetA

• 0x421020 ImageList_Destroy

• 0x421024

Library ole32.dll:

• 0x4214b4 OleInitialize

• 0x4214b8 OleUninitialize

• 0x4214bc CoGetMalloc

• 0x4214c0 CoCreateInstance

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50002	114.114.114.114	53
192.168.56.101	53237	114.114.114.114	53
192.168.56.101	57756	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	62318	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50003	239.255.255.250	3702
192.168.56.101	50005	239.255.255.250	3702
192.168.56.101	50535	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.