7.8
高危
该样本未表现出任何异常!
重新分析
更多

7859f84daf243f7a0746a101b9feb65a00a86749328fa66714d0ad55dd38f867

2bebdcd64330c42864c2718c3ec9caec.exe

分析耗时

109s

最近分析

文件大小

388.0KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619380733.001
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1619380720.907
CryptGenKey
crypto_handle: 0x00532c70
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00535a90
flags: 1
key: f*úö•?CU¢ÃШ€ ۘ
success 1 0
1619380733.126
CryptExportKey
crypto_handle: 0x00532c70
crypto_export_handle: 0x00532bb0
buffer: f¤™Î«ù溨?6”?•bv`~Ž­¬‹†c}~Z µH ùa®Ž/>„'Gð¢KEîñÀ>S͘N rŒÜ•”Ïå3Ì£ZìÔ'ôpúܵÃrANÓÛímŸØN
blob_type: 1
flags: 64
success 1 0
1619380759.923
CryptExportKey
crypto_handle: 0x00532c70
crypto_export_handle: 0x00532bb0
buffer: f¤‡Ò~dƒSª^¨•\ï;24­ý+‚d›nêШ Œ‘¤AÆÚëG̽©¬5ËÚg‘´jCEèJ5zÍ/ãß±ȅÓڇؙ¦Þ<Ûa›2¢ÿæ+‘ǤøgÀ›Ú¾
blob_type: 1
flags: 64
success 1 0
1619380764.814
CryptExportKey
crypto_handle: 0x00532c70
crypto_export_handle: 0x00532bb0
buffer: f¤è¸Y‘ÏŠÀ n9܈Âöö”¤„¸Ïù˜éôgïC=&îŸg"»‰Cad -/ðq÷¡æ):‘­\—‚„®ã;|ØlÆ6_Ó땁:Áê1׸,zÿV$ÙOV,·ëe
blob_type: 1
flags: 64
success 1 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619380705.78275
NtAllocateVirtualMemory
process_identifier: 1880
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x005a0000
success 0 0
1619380765.267625
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000004150000
success 0 0
1619380718.204
NtAllocateVirtualMemory
process_identifier: 2988
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004d0000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1619380714.97075
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2bebdcd64330c42864c2718c3ec9caec.exe
newfilepath: C:\Windows\SysWOW64\kbdgeoer\iepeers.exe
newfilepath_r: C:\Windows\SysWOW64\kbdgeoer\iepeers.exe
flags: 3
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2bebdcd64330c42864c2718c3ec9caec.exe
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619380733.626
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.303836167420012 section {'size_of_data': '0x0000c000', 'virtual_address': '0x00050000', 'entropy': 7.303836167420012, 'name': '.data', 'virtual_size': '0x0000f15c'} description A section with a high entropy has been found
Expresses interest in specific running processes (1 个事件)
process iepeers.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619380733.298
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 185.155.20.82
host 58.171.38.26
host 82.223.70.24
Installs itself for autorun at Windows startup (1 个事件)
service_name iepeers service_path C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\kbdgeoer\iepeers.exe"
Created a service where a service was also not started (1 个事件)
Time & API Arguments Status Return Repeated
1619380716.90775
CreateServiceW
service_start_name:
start_type: 2
service_handle: 0x02e3aa80
display_name: iepeers
error_control: 0
service_name: iepeers
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\kbdgeoer\iepeers.exe"
filepath_r: "C:\Windows\SysWOW64\kbdgeoer\iepeers.exe"
service_manager_handle: 0x02e3abe8
desired_access: 2
service_type: 16
password:
success 48474752 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619380736.22
RegSetValueExA
key_handle: 0x000003c8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619380736.22
RegSetValueExA
key_handle: 0x000003c8
value: À!Ö:×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619380736.22
RegSetValueExA
key_handle: 0x000003c8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619380736.22
RegSetValueExW
key_handle: 0x000003c8
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619380736.22
RegSetValueExA
key_handle: 0x000003e0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619380736.22
RegSetValueExA
key_handle: 0x000003e0
value: À!Ö:×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619380736.22
RegSetValueExA
key_handle: 0x000003e0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619380736.22
RegSetValueExW
key_handle: 0x000003c4
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Windows\SysWOW64\kbdgeoer\iepeers.exe:Zone.Identifier
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (5 个事件)
dead_host 172.217.24.14:443
dead_host 58.171.38.26:80
dead_host 192.168.56.101:49183
dead_host 185.155.20.82:80
dead_host 82.223.70.24:8080
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-04-29 04:46:38

Imports

Library KERNEL32.dll:
0x4410ac GetFileAttributesA
0x4410b0 GetFileTime
0x4410b4 GetTickCount
0x4410b8 RtlUnwind
0x4410bc RaiseException
0x4410c0 HeapAlloc
0x4410c4 HeapFree
0x4410c8 HeapReAlloc
0x4410cc VirtualProtect
0x4410d0 VirtualAlloc
0x4410d4 GetSystemInfo
0x4410d8 VirtualQuery
0x4410dc GetCommandLineA
0x4410e0 GetProcessHeap
0x4410e4 GetStartupInfoA
0x4410e8 ExitProcess
0x4410ec HeapSize
0x4410f0 TerminateProcess
0x4410fc IsDebuggerPresent
0x441100 Sleep
0x441104 GetACP
0x441108 GetStringTypeA
0x44110c GetStringTypeW
0x441114 VirtualFree
0x441118 HeapDestroy
0x44111c HeapCreate
0x441120 GetStdHandle
0x441134 SetHandleCount
0x441138 GetFileType
0x441144 LCMapStringA
0x441148 LCMapStringW
0x441150 GetConsoleCP
0x441154 GetConsoleMode
0x441158 SetStdHandle
0x44115c WriteConsoleA
0x441160 GetConsoleOutputCP
0x441164 WriteConsoleW
0x44116c SetErrorMode
0x441174 GetOEMCP
0x441178 GetCPInfo
0x44117c CreateFileA
0x441180 GetFullPathNameA
0x441188 FindFirstFileA
0x44118c FindClose
0x441190 GetCurrentProcess
0x441194 DuplicateHandle
0x441198 GetThreadLocale
0x44119c GetFileSize
0x4411a0 SetEndOfFile
0x4411a4 UnlockFile
0x4411a8 LockFile
0x4411ac FlushFileBuffers
0x4411b0 SetFilePointer
0x4411b4 WriteFile
0x4411b8 ReadFile
0x4411c0 TlsFree
0x4411c8 LocalReAlloc
0x4411cc TlsSetValue
0x4411d0 TlsAlloc
0x4411d8 GlobalHandle
0x4411e0 TlsGetValue
0x4411e8 LocalAlloc
0x4411ec GlobalFlags
0x4411f4 GlobalReAlloc
0x4411fc GetModuleFileNameW
0x441200 FormatMessageA
0x441204 LocalFree
0x441208 MulDiv
0x44120c GlobalGetAtomNameA
0x441210 GlobalFindAtomA
0x441214 lstrcmpW
0x441218 GetVersionExA
0x44121c GlobalUnlock
0x441220 GlobalFree
0x441224 FreeResource
0x441228 GetCurrentProcessId
0x44122c SetLastError
0x441230 GlobalAddAtomA
0x441234 CloseHandle
0x441238 GetCurrentThread
0x44123c GetCurrentThreadId
0x441244 GetModuleFileNameA
0x44124c GetLocaleInfoA
0x441250 LoadLibraryA
0x441254 GlobalLock
0x441258 lstrcmpA
0x44125c GlobalAlloc
0x441260 FreeLibrary
0x441264 GlobalDeleteAtom
0x441268 GetModuleHandleA
0x44126c GetProcAddress
0x441270 lstrlenA
0x441274 CompareStringW
0x441278 CompareStringA
0x44127c GetVersion
0x441280 GetLastError
0x441284 MultiByteToWideChar
0x441288 InterlockedExchange
0x44128c LoadLibraryExW
0x441290 WideCharToMultiByte
0x441294 FindResourceA
0x441298 LoadResource
0x44129c LockResource
0x4412a0 SizeofResource
Library USER32.dll:
0x441368 ShowWindow
0x44136c SetWindowTextA
0x441370 IsDialogMessageA
0x441378 SendDlgItemMessageA
0x44137c WinHelpA
0x441380 IsChild
0x441384 GetCapture
0x441388 GetClassLongA
0x44138c GetClassNameA
0x441390 SetPropA
0x441394 GetPropA
0x441398 RemovePropA
0x44139c SetFocus
0x4413a4 GetWindowTextA
0x4413a8 GetForegroundWindow
0x4413ac GetTopWindow
0x4413b0 UnhookWindowsHookEx
0x4413b4 GetMessageTime
0x4413b8 GetMessagePos
0x4413bc MapWindowPoints
0x4413c0 SetForegroundWindow
0x4413c4 UpdateWindow
0x4413c8 GetMenu
0x4413cc GetSubMenu
0x4413d0 GetMenuItemID
0x4413d4 GetMenuItemCount
0x4413d8 CreateWindowExA
0x4413dc GetClassInfoA
0x4413e0 RegisterClassA
0x4413e4 GetSysColor
0x4413e8 AdjustWindowRectEx
0x4413ec EqualRect
0x4413f0 CopyRect
0x4413f4 PtInRect
0x4413f8 DefWindowProcA
0x4413fc CallWindowProcA
0x441400 SetWindowLongA
0x441404 OffsetRect
0x441408 IntersectRect
0x441410 GetWindowPlacement
0x441414 GetWindowRect
0x441418 GetWindow
0x441420 MapDialogRect
0x441424 SetWindowPos
0x441428 GetDesktopWindow
0x44142c SetActiveWindow
0x441434 DestroyWindow
0x441438 GetDlgItem
0x44143c GetNextDlgTabItem
0x441440 SendMessageA
0x441444 DrawIcon
0x441448 AppendMenuA
0x44144c MoveWindow
0x441450 GetSystemMenu
0x441454 IsIconic
0x441458 EndDialog
0x441460 GetWindowLongA
0x441464 GetLastActivePopup
0x441468 IsWindowEnabled
0x44146c MessageBoxA
0x441470 SetCursor
0x441474 SetWindowsHookExA
0x441478 CallNextHookEx
0x44147c GetMessageA
0x441480 TranslateMessage
0x441484 DispatchMessageA
0x441488 DestroyMenu
0x44148c TabbedTextOutA
0x441490 DrawTextA
0x441494 DrawTextExA
0x441498 GrayStringA
0x44149c ClientToScreen
0x4414a0 GetClassInfoExA
0x4414a4 GetClientRect
0x4414a8 EnableWindow
0x4414ac LoadIconA
0x4414b0 GetSystemMetrics
0x4414b4 InvalidateRect
0x4414b8 IsWindow
0x4414bc CharUpperA
0x4414c0 PostQuitMessage
0x4414c4 PostMessageA
0x4414c8 CheckMenuItem
0x4414cc EnableMenuItem
0x4414d0 GetMenuState
0x4414d4 ModifyMenuA
0x4414d8 GetParent
0x4414dc GetFocus
0x4414e0 LoadBitmapA
0x4414e8 SetMenuItemBitmaps
0x4414ec ValidateRect
0x4414f0 GetCursorPos
0x4414f4 PeekMessageA
0x4414f8 GetKeyState
0x4414fc IsWindowVisible
0x441500 GetActiveWindow
0x441504 PostThreadMessageA
0x44150c UnregisterClassA
0x441510 MessageBeep
0x441514 GetNextDlgGroupItem
0x441518 InvalidateRgn
0x44151c SetRect
0x441520 IsRectEmpty
0x441528 CharNextA
0x44152c GetSysColorBrush
0x441530 ReleaseCapture
0x441534 LoadCursorA
0x441538 SetCapture
0x44153c EndPaint
0x441540 BeginPaint
0x441544 GetWindowDC
0x441548 ReleaseDC
0x44154c GetDlgCtrlID
0x441550 GetDC
Library GDI32.dll:
0x441028 TextOutA
0x44102c Escape
0x441030 SelectObject
0x441034 SetViewportOrgEx
0x441038 OffsetViewportOrgEx
0x44103c SetViewportExtEx
0x441040 ScaleViewportExtEx
0x441044 SetWindowExtEx
0x441048 ScaleWindowExtEx
0x44104c ExtSelectClipRgn
0x441050 DeleteDC
0x441054 GetStockObject
0x441058 RectVisible
0x441060 GetBkColor
0x441064 GetTextColor
0x441068 GetRgnBox
0x44106c GetMapMode
0x441070 PtVisible
0x441074 GetWindowExtEx
0x441078 GetViewportExtEx
0x44107c DeleteObject
0x441080 CreateBitmap
0x441084 SetMapMode
0x441088 RestoreDC
0x44108c SaveDC
0x441090 ExtTextOutA
0x441094 GetDeviceCaps
0x441098 GetObjectA
0x44109c SetBkColor
0x4410a0 SetTextColor
0x4410a4 GetClipBox
Library comdlg32.dll:
0x441568 GetFileTitleA
Library WINSPOOL.DRV:
0x441558 DocumentPropertiesA
0x44155c OpenPrinterA
0x441560 ClosePrinter
Library ADVAPI32.dll:
0x441000 RegSetValueExA
0x441004 RegCreateKeyExA
0x441008 RegQueryValueA
0x44100c RegOpenKeyA
0x441010 RegEnumKeyA
0x441014 RegDeleteKeyA
0x441018 RegOpenKeyExA
0x44101c RegQueryValueExA
0x441020 RegCloseKey
Library SHLWAPI.dll:
0x441354 PathFindFileNameA
0x441358 PathStripToRootA
0x44135c PathFindExtensionA
0x441360 PathIsUNCA
Library oledlg.dll:
0x4415b0
Library ole32.dll:
0x441570 CoRevokeClassObject
0x441574 OleInitialize
0x44157c OleUninitialize
0x44158c CoGetClassObject
0x441590 CoTaskMemAlloc
0x441594 CoTaskMemFree
0x441598 CLSIDFromString
0x44159c CLSIDFromProgID
0x4415a0 OleFlushClipboard
Library OLEAUT32.dll:
0x44131c VariantCopy
0x441320 SysAllocString
0x441324 SafeArrayDestroy
0x441338 SysStringLen
0x44133c VariantInit
0x441340 VariantChangeType
0x441344 VariantClear
0x441348 SysAllocStringLen
0x44134c SysFreeString
Library ODBC32.dll:
0x4412a8
0x4412ac
0x4412b0
0x4412b4
0x4412b8
0x4412bc
0x4412c0
0x4412c4
0x4412c8
0x4412cc
0x4412d0
0x4412d4
0x4412d8
0x4412dc
0x4412e0
0x4412e4
0x4412e8
0x4412ec
0x4412f0
0x4412f4
0x4412f8
0x4412fc
0x441300
0x441304
0x441308
0x44130c
0x441310
0x441314

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57236 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 58970 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.