1.6
低危
1 个模型检测该样本为恶意!
重新分析
更多

2a0337baa0bccaa1475a2d45c19c16b662686deddca48c2990025fe33703d9be

227ae641e0afb6adea3ff3bc2bbfc4c3.exe

分析耗时

72s

最近分析

文件大小

568.0KB
静态报毒 动态报毒 MALICIOUS
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20200901 6.0.6.653
Alibaba 20190527 0.3.0.5
CrowdStrike 20190702 1.0
Baidu 20190318 1.0.0.2
Avast 20200901 18.4.3895.0
Kingsoft 20200901 2013.8.14.323
Tencent 20200901 1.0.0.1
静态指标
This executable has a PDB path (1 个事件)
pdb_path d:\jk\workspace\searchdevice--win32-vs2005\bin\SearchDevice.pdb
行为判定
动态指标
Foreign language identified in PE resource (6 个事件)
name RT_ICON language LANG_CHINESE offset 0x0008cf78 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000568
name RT_ICON language LANG_CHINESE offset 0x0008cf78 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000568
name RT_ICON language LANG_CHINESE offset 0x0008cf78 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000568
name RT_ICON language LANG_CHINESE offset 0x0008cf78 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000568
name RT_GROUP_ICON language LANG_CHINESE offset 0x0008d4e0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000003e
name RT_VERSION language LANG_CHINESE offset 0x0008d520 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000328
File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)
APEX Malicious
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-02-27 18:49:29

Imports

Library Inframd.dll:
Library WS2_32.dll:
0x4762d0 sendto
0x4762d4 closesocket
0x4762d8 WSASocketA
0x4762dc setsockopt
0x4762e0 gethostbyname
0x4762e4 WSAGetLastError
0x4762e8 recvfrom
0x4762ec WSACleanup
0x4762f0 WSAStartup
0x4762f4 inet_ntoa
0x4762f8 inet_addr
0x4762fc htons
Library libdsl.dll:
0x476440 ??0DStr@dsl@@QAE@XZ
0x476448 ??1DStr@dsl@@QAE@XZ
Library dslalien.dll:
0x4763d4 _uncompress@16
Library dhnetsdk.dll:
0x476310
0x476314
0x476318
0x47631c
0x476320
0x476324
0x476328
0x47632c
0x476330
0x476334
0x476338
0x47633c
0x476340
0x476344
0x476348
0x47634c
0x476350
0x476354
0x476358
0x47635c
0x476360
0x476364
0x476368
0x47636c
0x476370
0x476374
0x476378
0x47637c
0x476380
0x476384
0x476388
0x47638c
0x476390
0x476394
0x476398
0x47639c
0x4763a0
0x4763a4
0x4763a8
0x4763ac
0x4763b0
0x4763b4
0x4763b8
0x4763bc
0x4763c0
0x4763c4
0x4763c8
0x4763cc
Library dhconfigsdk.dll:
0x476304
0x476308
Library HCNetSDK.dll:
0x476000 NET_DVR_Init
0x476008 NET_DVR_Login_V30
0x476014 NET_DVR_Logout_V30
0x476018 NET_DVR_Cleanup
Library ThirdDeviceInter.dll:
Library json.dll:
Library KERNEL32.dll:
0x476054 InterlockedExchange
0x47605c GetCurrentThreadId
0x476064 IsDebuggerPresent
0x476070 GetCurrentProcess
0x476074 TerminateProcess
0x47607c GetLastError
0x476080 GetCurrentProcessId
0x476084 GetTickCount
0x476088 GetProcAddress
0x47608c FreeLibrary
0x476090 LoadLibraryA
0x476094 Sleep
Library MSVCP80.dll:
Library MSVCR80.dll:
0x4761d4 ??3@YAXPAX@Z
0x4761e4 ??2@YAPAXI@Z
0x4761e8 atoi
0x4761ec memset
0x4761f0 strstr
0x4761f4 _access
0x4761f8 ??_V@YAXPAX@Z
0x4761fc memmove_s
0x476200 strcmp
0x476204 _time64
0x476208 system
0x47620c freopen
0x476210 __iob_func
0x476214 __RTDynamicCast
0x476218 printf
0x47621c getchar
0x476220 remove
0x476224 _errno
0x476228 _mktime64
0x47622c strcpy
0x476230 strlen
0x476234 tolower
0x476238 memcpy
0x47623c _gmtime64
0x476240 strftime
0x476244 memcmp
0x476248 ?terminate@@YAXXZ
0x47624c _unlock
0x476250 __dllonexit
0x476254 _encode_pointer
0x476258 _lock
0x47625c _onexit
0x476260 _decode_pointer
0x476264 __CxxFrameHandler3
0x476268 _amsg_exit
0x47626c __getmainargs
0x476270 _cexit
0x476274 _exit
0x476278 _XcptFilter
0x47627c exit
0x476280 __initenv
0x476284 _initterm
0x476288 _initterm_e
0x47628c _configthreadlocale
0x476290 __setusermatherr
0x476294 _adjust_fdiv
0x476298 __p__commode
0x47629c __p__fmode
0x4762a0 __set_app_type
0x4762a8 _crt_debugger_hook
0x4762b0 _invoke_watson
0x4762b4 _controlfp_s
0x4762b8 _getpid
0x4762c0 _CxxThrowException

Exports

Ordinal Address Name
1 0x42fec9 ??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 56539 8.8.8.8 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.