1.8
低危
1 个模型检测该样本为恶意!
重新分析
更多

17052e21b58322adbde02598c720f5c8cac99b91f4dd8220e2313141cfa57109

24027f883b08dfa13831bc54276d127f.exe

分析耗时

76s

最近分析

文件大小

384.0KB
静态报毒 动态报毒 1456HJJM
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba 20190426 0.4.0.6
Baidu 20190318 1.0.0.2
Avast 20190428 18.4.3895.0
Kingsoft 20190429 2013.8.14.323
McAfee 20190428 6.0.6.653
Tencent 20190429 1.0.0.1
CrowdStrike 20190212 1.0
静态指标
This executable has a PDB path (1 个事件)
pdb_path f:\我的vc工程\hjjm_easy\1018\release\hjjm_easy.pdb
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Foreign language identified in PE resource (50 out of 70 个事件)
name RT_CURSOR language LANG_CHINESE offset 0x0005e00c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0005e00c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0005e00c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0005e00c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0005e00c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0005e00c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0005e00c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0005e00c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0005e00c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0005e00c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0005e00c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0005e00c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0005e00c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0005e00c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0005e00c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0005e00c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_BITMAP language LANG_CHINESE offset 0x0005e440 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x0005e440 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x0005e440 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_ICON language LANG_CHINESE offset 0x0005e584 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000025a8
name RT_MENU language LANG_CHINESE offset 0x00060b2c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000130
name RT_DIALOG language LANG_CHINESE offset 0x00061400 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x00061400 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x00061400 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x00061400 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x00061400 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x00061400 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_STRING language LANG_CHINESE offset 0x00062f14 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x00062f14 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x00062f14 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x00062f14 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x00062f14 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x00062f14 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x00062f14 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x00062f14 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x00062f14 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x00062f14 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x00062f14 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x00062f14 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x00062f14 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x00062f14 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x00062f14 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x00062f14 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x00062f14 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x00062f14 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x00062f14 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x00062f14 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x00062f14 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x00062f14 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x00062f14 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)
ESET-NOD32 a variant of Win32/Adware.1456hjjm.A
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2010-01-07 13:18:16

Imports

Library SHLWAPI.dll:
0x44437c PathFindFileNameW
0x444380 PathStripToRootW
0x444384 PathIsUNCW
0x444388 PathFileExistsW
0x44438c PathIsDirectoryW
0x444390 PathFindExtensionW
Library KERNEL32.dll:
0x4440c4 TlsGetValue
0x4440cc GlobalReAlloc
0x4440d0 GlobalHandle
0x4440d8 TlsAlloc
0x4440dc TlsSetValue
0x4440e0 LocalReAlloc
0x4440e8 TlsFree
0x4440ec GlobalFlags
0x4440f4 lstrlenA
0x4440f8 SetErrorMode
0x444100 HeapFree
0x444104 HeapAlloc
0x444108 GetProcessHeap
0x44410c GetStartupInfoW
0x444114 RtlUnwind
0x444118 RaiseException
0x44411c HeapReAlloc
0x444120 SetStdHandle
0x444124 GetFileType
0x444128 ExitProcess
0x44412c HeapSize
0x444130 VirtualProtect
0x444134 VirtualAlloc
0x444138 GetSystemInfo
0x44413c VirtualQuery
0x444140 GetStdHandle
0x444144 GetModuleFileNameA
0x444148 LocalAlloc
0x44415c GetCommandLineA
0x444160 SetHandleCount
0x444164 GetStartupInfoA
0x444168 HeapDestroy
0x44416c HeapCreate
0x444170 VirtualFree
0x444178 TerminateProcess
0x444180 IsDebuggerPresent
0x444184 GetCPInfo
0x444188 GetACP
0x44418c GetOEMCP
0x444190 CreateFileA
0x444198 LCMapStringA
0x44419c LCMapStringW
0x4441a0 GetConsoleCP
0x4441a4 GetConsoleMode
0x4441a8 GetStringTypeA
0x4441ac GetStringTypeW
0x4441b0 GetLocaleInfoA
0x4441b4 WriteConsoleA
0x4441b8 GetConsoleOutputCP
0x4441bc WriteConsoleW
0x4441c4 GetDriveTypeA
0x4441cc GetFullPathNameW
0x4441d4 GetCurrentProcess
0x4441d8 DuplicateHandle
0x4441dc SetEndOfFile
0x4441e0 UnlockFile
0x4441e4 LockFile
0x4441e8 FlushFileBuffers
0x4441ec ReadFile
0x4441f0 GetThreadLocale
0x4441f4 GetCurrentThread
0x4441fc GetVersion
0x444204 lstrcmpA
0x444208 GetLocaleInfoW
0x44420c CompareStringA
0x444210 InterlockedExchange
0x444214 SetFileTime
0x444220 GlobalAlloc
0x444224 GetCurrentProcessId
0x44422c GlobalFree
0x444230 GlobalLock
0x444234 GlobalUnlock
0x444238 MulDiv
0x44423c GetModuleHandleA
0x444240 FreeResource
0x444244 GetCurrentThreadId
0x444248 GlobalAddAtomW
0x44424c GlobalFindAtomW
0x444250 GlobalDeleteAtom
0x444254 CompareStringW
0x444258 LoadLibraryA
0x44425c SetLastError
0x444260 lstrcmpW
0x444264 GetModuleHandleW
0x444268 GetProcAddress
0x44426c GetVersionExA
0x444270 WriteFile
0x444274 SetFilePointer
0x444278 GetFileSize
0x44427c FindClose
0x444280 FindNextFileW
0x444284 FindFirstFileW
0x444288 GetTempPathW
0x44428c WinExec
0x444290 lstrcatW
0x444294 lstrcpyW
0x4442a0 GetFileTime
0x4442a4 DeleteFileW
0x4442ac RemoveDirectoryW
0x4442b0 WideCharToMultiByte
0x4442b4 lstrlenW
0x4442b8 FreeLibrary
0x4442bc LoadLibraryW
0x4442c0 GetLongPathNameW
0x4442c4 GetCommandLineW
0x4442c8 GetVersionExW
0x4442cc CloseHandle
0x4442d0 CreateFileW
0x4442d4 CreateDirectoryW
0x4442d8 GetFileAttributesW
0x4442dc MoveFileW
0x4442e0 SetFileAttributesW
0x4442e8 GetModuleFileNameW
0x4442ec LocalFree
0x4442f0 GetLastError
0x4442f4 FormatMessageW
0x4442f8 Sleep
0x4442fc DefineDosDeviceW
0x444300 GetTickCount
0x444304 MultiByteToWideChar
0x444308 FindResourceW
0x44430c LoadResource
0x444310 LockResource
0x444314 SizeofResource
0x444318 CopyFileW
0x44431c WriteProfileStringW
0x444320 GetProfileIntW
0x444324 GetProfileStringW
Library USER32.dll:
0x444398 GetSysColorBrush
0x44439c UnregisterClassW
0x4443a0 PostThreadMessageW
0x4443a4 CharNextW
0x4443ac SetRect
0x4443b0 InvalidateRgn
0x4443b4 GetNextDlgGroupItem
0x4443b8 MessageBeep
0x4443bc IsRectEmpty
0x4443c0 DestroyMenu
0x4443c4 InvalidateRect
0x4443c8 CharUpperW
0x4443cc WindowFromPoint
0x4443d0 GetMessageW
0x4443d4 TranslateMessage
0x4443d8 GetCursorPos
0x4443dc ValidateRect
0x4443e4 MapDialogRect
0x4443ec PostQuitMessage
0x4443f4 GetDesktopWindow
0x4443f8 GetActiveWindow
0x444400 GetNextDlgTabItem
0x444404 EndDialog
0x444408 IsWindowEnabled
0x44440c ShowWindow
0x444410 MoveWindow
0x444414 SetWindowTextW
0x444418 IsDialogMessageW
0x44441c SetDlgItemTextW
0x444420 SetMenuItemBitmaps
0x444428 LoadBitmapW
0x44442c ModifyMenuW
0x444430 GetMenuState
0x444434 EnableMenuItem
0x444438 CheckMenuItem
0x44443c EndPaint
0x444440 BeginPaint
0x444444 GetWindowDC
0x444448 ReleaseDC
0x44444c GetDC
0x444450 ClientToScreen
0x444454 GrayStringW
0x444458 DrawTextExW
0x44445c DrawTextW
0x444460 TabbedTextOutW
0x444468 SendDlgItemMessageW
0x44446c SendDlgItemMessageA
0x444470 WinHelpW
0x444474 IsChild
0x444478 GetCapture
0x44447c SetWindowsHookExW
0x444480 CallNextHookEx
0x444484 GetClassLongW
0x444488 GetClassNameW
0x44448c SetPropW
0x444490 GetPropW
0x444494 RemovePropW
0x444498 GetFocus
0x4444a0 GetForegroundWindow
0x4444a4 GetLastActivePopup
0x4444a8 SetActiveWindow
0x4444ac DispatchMessageW
0x4444b0 GetTopWindow
0x4444b4 DestroyWindow
0x4444b8 UnhookWindowsHookEx
0x4444bc GetMessageTime
0x4444c0 GetMessagePos
0x4444c4 PeekMessageW
0x4444c8 MapWindowPoints
0x4444cc GetKeyState
0x4444d0 SetForegroundWindow
0x4444d4 IsWindowVisible
0x4444d8 UpdateWindow
0x4444dc GetMenu
0x4444e0 PostMessageW
0x4444e4 GetSubMenu
0x4444e8 GetMenuItemID
0x4444ec GetMenuItemCount
0x4444f0 MessageBoxW
0x4444f4 CreateWindowExW
0x4444f8 GetClassInfoExW
0x4444fc GetClassInfoW
0x444500 RegisterClassW
0x444504 GetSysColor
0x444508 AdjustWindowRectEx
0x44450c GetParent
0x444510 ScreenToClient
0x444514 EqualRect
0x444518 CopyRect
0x44451c GetDlgCtrlID
0x444520 DefWindowProcW
0x444524 CallWindowProcW
0x444528 GetWindowLongW
0x44452c SetWindowPos
0x444530 OffsetRect
0x444534 IntersectRect
0x44453c IsIconic
0x444540 GetWindowPlacement
0x444544 GetWindowRect
0x444548 GetSystemMetrics
0x44454c GetWindow
0x444550 IsWindow
0x444554 CopyIcon
0x444558 SetWindowLongW
0x44455c SetCapture
0x444560 RedrawWindow
0x444564 ReleaseCapture
0x444568 PtInRect
0x44456c GetClientRect
0x444570 SetCursor
0x444574 FindWindowW
0x444578 SetTimer
0x44457c KillTimer
0x444580 SendMessageW
0x444584 SetFocus
0x444588 GetDlgItem
0x44458c LoadIconW
0x444590 EnableWindow
0x444594 LoadCursorW
0x444598 GetWindowTextW
0x44459c UnregisterClassA
Library GDI32.dll:
0x444034 GetMapMode
0x444038 ExtSelectClipRgn
0x44403c GetBkColor
0x444040 GetRgnBox
0x444044 ScaleWindowExtEx
0x444048 GetDeviceCaps
0x44404c CreateBitmap
0x444050 GetObjectW
0x444054 GetStockObject
0x444058 SetWindowExtEx
0x44405c ScaleViewportExtEx
0x444060 SetViewportExtEx
0x444064 OffsetViewportOrgEx
0x444068 SetViewportOrgEx
0x44406c SelectObject
0x444070 Escape
0x444074 ExtTextOutW
0x444078 GetTextColor
0x44407c CreateSolidBrush
0x444080 TextOutW
0x444084 RectVisible
0x444088 PtVisible
0x44408c GetWindowExtEx
0x444090 GetViewportExtEx
0x444094 DeleteObject
0x444098 SetMapMode
0x44409c SetBkMode
0x4440a0 RestoreDC
0x4440a4 SaveDC
0x4440a8 SetBkColor
0x4440ac SetTextColor
0x4440b0 GetClipBox
0x4440b4 CreateFontIndirectW
0x4440b8 DeleteDC
Library comdlg32.dll:
0x4445c4 GetFileTitleW
Library WINSPOOL.DRV:
0x4445b4 OpenPrinterW
0x4445b8 DocumentPropertiesW
0x4445bc ClosePrinter
Library ADVAPI32.dll:
0x444000 RegEnumKeyW
0x444004 RegDeleteKeyW
0x444008 RegOpenKeyW
0x44400c RegOpenKeyExW
0x444010 RegSetValueExW
0x444014 RegCreateKeyExW
0x444018 RegQueryValueExW
0x44401c RegCloseKey
0x444020 RegQueryValueW
Library SHELL32.dll:
0x444368 SHGetFileInfoW
0x444370 SHBrowseForFolderW
0x444374 ShellExecuteW
Library COMCTL32.dll:
Library oledlg.dll:
0x444618 OleUIBusyW
Library ole32.dll:
0x4445cc CoGetClassObject
0x4445d0 CLSIDFromString
0x4445d4 CLSIDFromProgID
0x4445d8 OleInitialize
0x4445e0 OleUninitialize
0x4445e4 CoRevokeClassObject
0x4445e8 CoTaskMemFree
0x4445ec CoUninitialize
0x4445f0 CoCreateInstance
0x4445f4 CoInitialize
0x4445fc OleFlushClipboard
0x444610 CoTaskMemAlloc
Library OLEAUT32.dll:
0x444330 SysAllocStringLen
0x444334 VariantChangeType
0x444338 VariantInit
0x44433c SysStringLen
0x444340 SysFreeString
0x444344 SysAllocString
0x444354 VariantClear
0x444358 SafeArrayDestroy
0x44435c VariantCopy
Library WININET.dll:

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.