SmartHawk

1.0

低危

该样本未表现出任何异常！

ba845608970008130c12cc7479ebce406a3064cff30431ae8433d935746674b8

1cfb0029f86572b8a3988a4b6a8d3355.exe

分析耗时

19s

最近分析

文件大小

565.0KB

静态报毒动态报毒

未检测暂无鹰眼引擎检测结果

未检测暂无反病毒引擎检测结果

This executable has a PDB path (1 个事件)

pdb_path

C:\agent\_work\66\s\build\ship\x86\burn.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.wixburn

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2019-09-17 13:33:38

Imports

Library ADVAPI32.dll:

• 0x44a000 RegCloseKey

• 0x44a004 RegOpenKeyExW

• 0x44a008 OpenProcessToken

• 0x44a00c AdjustTokenPrivileges

• 0x44a010 LookupPrivilegeValueW

• 0x44a014 InitiateSystemShutdownExW

• 0x44a018 GetUserNameW

• 0x44a01c RegQueryValueExW

• 0x44a020 RegDeleteValueW

• 0x44a024 CloseEventLog

• 0x44a028 OpenEventLogW

• 0x44a02c ReportEventW

• 0x44a030 ConvertStringSecurityDescriptorToSecurityDescriptorW

• 0x44a034 DecryptFileW

• 0x44a038 CreateWellKnownSid

• 0x44a03c InitializeAcl

• 0x44a040 SetEntriesInAclW

• 0x44a044 ChangeServiceConfigW

• 0x44a048 CloseServiceHandle

• 0x44a04c ControlService

• 0x44a050 OpenSCManagerW

• 0x44a054 OpenServiceW

• 0x44a058 QueryServiceStatus

• 0x44a05c SetNamedSecurityInfoW

• 0x44a060 CheckTokenMembership

• 0x44a064 AllocateAndInitializeSid

• 0x44a068 SetEntriesInAclA

• 0x44a06c SetSecurityDescriptorGroup

• 0x44a070 SetSecurityDescriptorOwner

• 0x44a074 SetSecurityDescriptorDacl

• 0x44a078 InitializeSecurityDescriptor

• 0x44a07c RegSetValueExW

• 0x44a080 RegQueryInfoKeyW

• 0x44a084 RegEnumValueW

• 0x44a088 RegEnumKeyExW

• 0x44a08c RegDeleteKeyW

• 0x44a090 RegCreateKeyExW

• 0x44a094 GetTokenInformation

• 0x44a098 CryptDestroyHash

• 0x44a09c CryptHashData

• 0x44a0a0 CryptCreateHash

• 0x44a0a4 CryptGetHashParam

• 0x44a0a8 CryptReleaseContext

• 0x44a0ac CryptAcquireContextW

• 0x44a0b0 QueryServiceConfigW

Library USER32.dll:

• 0x44a35c PeekMessageW

• 0x44a360 PostMessageW

• 0x44a364 IsWindow

• 0x44a368 WaitForInputIdle

• 0x44a36c PostQuitMessage

• 0x44a370 GetMessageW

• 0x44a374 TranslateMessage

• 0x44a378 MsgWaitForMultipleObjects

• 0x44a37c PostThreadMessageW

• 0x44a380 GetMonitorInfoW

• 0x44a384 MonitorFromPoint

• 0x44a388 IsDialogMessageW

• 0x44a38c LoadCursorW

• 0x44a390 LoadBitmapW

• 0x44a394 SetWindowLongW

• 0x44a398 GetWindowLongW

• 0x44a39c GetCursorPos

• 0x44a3a0 MessageBoxW

• 0x44a3a4 CreateWindowExW

• 0x44a3a8 UnregisterClassW

• 0x44a3ac RegisterClassW

• 0x44a3b0 DefWindowProcW

• 0x44a3b4 DispatchMessageW

Library OLEAUT32.dll:

• 0x44a330 VariantInit

• 0x44a334 SysAllocString

• 0x44a338 VariantClear

• 0x44a33c SysFreeString

Library GDI32.dll:

• 0x44a0b8 DeleteDC

• 0x44a0bc DeleteObject

• 0x44a0c0 SelectObject

• 0x44a0c4 StretchBlt

• 0x44a0c8 GetObjectW

• 0x44a0cc CreateCompatibleDC

Library SHELL32.dll:

• 0x44a34c CommandLineToArgvW

• 0x44a350 SHGetFolderPathW

• 0x44a354 ShellExecuteExW

Library ole32.dll:

• 0x44a3bc CoUninitialize

• 0x44a3c0 CoInitializeEx

• 0x44a3c4 CoInitialize

• 0x44a3c8 StringFromGUID2

• 0x44a3cc CoCreateInstance

• 0x44a3d0 CoTaskMemFree

• 0x44a3d4 CLSIDFromProgID

• 0x44a3d8 CoInitializeSecurity

Library KERNEL32.dll:

• 0x44a0d4 GetCPInfo

• 0x44a0d8 GetOEMCP

• 0x44a0dc IsValidCodePage

• 0x44a0e0 CloseHandle

• 0x44a0e4 CreateFileW

• 0x44a0e8 GetProcAddress

• 0x44a0ec LocalFree

• 0x44a0f0 HeapSetInformation

• 0x44a0f4 GetLastError

• 0x44a0f8 GetModuleHandleW

• 0x44a0fc FormatMessageW

• 0x44a100 lstrlenA

• 0x44a104 lstrlenW

• 0x44a108 MultiByteToWideChar

• 0x44a10c WideCharToMultiByte

• 0x44a110 LCMapStringW

• 0x44a114 Sleep

• 0x44a118 GetLocalTime

• 0x44a11c GetModuleFileNameW

• 0x44a120 ExpandEnvironmentStringsW

• 0x44a124 GetTempPathW

• 0x44a128 GetTempFileNameW

• 0x44a12c CreateDirectoryW

• 0x44a130 GetFullPathNameW

• 0x44a134 CompareStringW

• 0x44a138 GetCurrentProcessId

• 0x44a13c WriteFile

• 0x44a140 SetFilePointer

• 0x44a144 LoadLibraryW

• 0x44a148 GetSystemDirectoryW

• 0x44a14c CreateFileA

• 0x44a150 HeapAlloc

• 0x44a154 HeapReAlloc

• 0x44a158 HeapFree

• 0x44a15c HeapSize

• 0x44a160 GetProcessHeap

• 0x44a164 FindClose

• 0x44a168 GetCommandLineA

• 0x44a16c GetCurrentDirectoryW

• 0x44a170 RemoveDirectoryW

• 0x44a174 SetFileAttributesW

• 0x44a178 GetFileAttributesW

• 0x44a17c DeleteFileW

• 0x44a180 FindFirstFileW

• 0x44a184 FindNextFileW

• 0x44a188 MoveFileExW

• 0x44a18c GetCurrentProcess

• 0x44a190 GetCurrentThreadId

• 0x44a194 InitializeCriticalSection

• 0x44a198 DeleteCriticalSection

• 0x44a19c ReleaseMutex

• 0x44a1a0 TlsAlloc

• 0x44a1a4 TlsGetValue

• 0x44a1a8 TlsSetValue

• 0x44a1ac TlsFree

• 0x44a1b0 CreateProcessW

• 0x44a1b4 GetVersionExW

• 0x44a1b8 VerSetConditionMask

• 0x44a1bc FreeLibrary

• 0x44a1c0 EnterCriticalSection

• 0x44a1c4 LeaveCriticalSection

• 0x44a1c8 GetSystemTime

• 0x44a1cc GetNativeSystemInfo

• 0x44a1d0 GetModuleHandleExW

• 0x44a1d4 GetWindowsDirectoryW

• 0x44a1d8 GetSystemWow64DirectoryW

• 0x44a1dc GetCommandLineW

• 0x44a1e0 VerifyVersionInfoW

• 0x44a1e4 GetVolumePathNameW

• 0x44a1e8 GetDateFormatW

• 0x44a1ec GetUserDefaultUILanguage

• 0x44a1f0 GetSystemDefaultLangID

• 0x44a1f4 GetUserDefaultLangID

• 0x44a1f8 GetStringTypeW

• 0x44a1fc ReadFile

• 0x44a200 SetFilePointerEx

• 0x44a204 DuplicateHandle

• 0x44a208 InterlockedExchange

• 0x44a20c InterlockedCompareExchange

• 0x44a210 LoadLibraryExW

• 0x44a214 CreateEventW

• 0x44a218 ProcessIdToSessionId

• 0x44a21c OpenProcess

• 0x44a220 GetProcessId

• 0x44a224 WaitForSingleObject

• 0x44a228 ConnectNamedPipe

• 0x44a22c SetNamedPipeHandleState

• 0x44a230 CreateNamedPipeW

• 0x44a234 CreateThread

• 0x44a238 GetExitCodeThread

• 0x44a23c SetEvent

• 0x44a240 WaitForMultipleObjects

• 0x44a244 InterlockedIncrement

• 0x44a248 InterlockedDecrement

• 0x44a24c ResetEvent

• 0x44a250 SetEndOfFile

• 0x44a254 SetFileTime

• 0x44a258 LocalFileTimeToFileTime

• 0x44a25c DosDateTimeToFileTime

• 0x44a260 CompareStringA

• 0x44a264 GetExitCodeProcess

• 0x44a268 SetThreadExecutionState

• 0x44a26c CopyFileExW

• 0x44a270 MapViewOfFile

• 0x44a274 UnmapViewOfFile

• 0x44a278 CreateMutexW

• 0x44a27c CreateFileMappingW

• 0x44a280 GetThreadLocale

• 0x44a284 FindFirstFileExW

• 0x44a288 GetEnvironmentStringsW

• 0x44a28c FreeEnvironmentStringsW

• 0x44a290 SetStdHandle

• 0x44a294 GetConsoleCP

• 0x44a298 GetConsoleMode

• 0x44a29c FlushFileBuffers

• 0x44a2a0 DecodePointer

• 0x44a2a4 WriteConsoleW

• 0x44a2a8 GetModuleHandleA

• 0x44a2ac GlobalAlloc

• 0x44a2b0 GlobalFree

• 0x44a2b4 GetFileSizeEx

• 0x44a2b8 CopyFileW

• 0x44a2bc VirtualAlloc

• 0x44a2c0 VirtualFree

• 0x44a2c4 SystemTimeToTzSpecificLocalTime

• 0x44a2c8 GetTimeZoneInformation

• 0x44a2cc SystemTimeToFileTime

• 0x44a2d0 GetSystemInfo

• 0x44a2d4 VirtualProtect

• 0x44a2d8 VirtualQuery

• 0x44a2dc GetComputerNameW

• 0x44a2e0 SetCurrentDirectoryW

• 0x44a2e4 GetFileType

• 0x44a2e8 GetACP

• 0x44a2ec ExitProcess

• 0x44a2f0 GetStdHandle

• 0x44a2f4 InitializeCriticalSectionAndSpinCount

• 0x44a2f8 SetLastError

• 0x44a2fc RtlUnwind

• 0x44a300 UnhandledExceptionFilter

• 0x44a304 SetUnhandledExceptionFilter

• 0x44a308 TerminateProcess

• 0x44a30c IsProcessorFeaturePresent

• 0x44a310 QueryPerformanceCounter

• 0x44a314 GetSystemTimeAsFileTime

• 0x44a318 InitializeSListHead

• 0x44a31c IsDebuggerPresent

• 0x44a320 GetStartupInfoW

• 0x44a324 RaiseException

• 0x44a328 LoadLibraryExA

Library RPCRT4.dll:

• 0x44a344 UuidCreate

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	50537	239.255.255.250	3702
192.168.56.101	55369	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.