2.4
中危
2 个模型检测该样本为恶意!
重新分析
更多

37e325b6fca74e37c9a4fbb6f9447e66bf2688beeb0e60b4c7ba637baae0de58

2cc4fa2c5a389791d572bb5d8846688e.exe

分析耗时

80s

最近分析

文件大小

3.8MB
静态报毒 动态报毒 SUSGEN
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20201211 6.0.6.653
CrowdStrike 20190702 1.0
Baidu 20190318 1.0.0.2
Alibaba 20190527 0.3.0.5
Avast 20201211 21.1.5827.0
Kingsoft 20201211 2017.9.26.565
Tencent 20201211 1.0.0.1
行为判定
动态指标
Foreign language identified in PE resource (7 个事件)
name HTML language LANG_CHINESE offset 0x00202a00 filetype HTML document, ISO-8859 text, with very long lines, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00001133
name RT_ICON language LANG_CHINESE offset 0x00260514 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x00260514 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x00260514 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x00260514 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x00260514 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_GROUP_ICON language LANG_CHINESE offset 0x003cca04 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000004c
File has been identified by 2 AntiVirus engines on VirusTotal as malicious (2 个事件)
VBA32 suspected of Trojan.Downloader.gen.h
MaxSecure Trojan.Malware.121218.susgen
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.476304325175752 section {'size_of_data': '0x001cf000', 'virtual_address': '0x001fe000', 'entropy': 7.476304325175752, 'name': '.rsrc', 'virtual_size': '0x001cf000'} description A section with a high entropy has been found
entropy 0.48122645186436275 description Overall entropy of this PE file is high
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2018-11-15 11:41:27

Imports

Library kernel32.dll:
0x5de2a4 VirtualFree
0x5de2a8 VirtualAlloc
0x5de2ac LocalFree
0x5de2b0 LocalAlloc
0x5de2b4 GetTickCount
0x5de2bc GetVersion
0x5de2c0 GetCurrentThreadId
0x5de2cc VirtualQuery
0x5de2d0 WideCharToMultiByte
0x5de2d4 MultiByteToWideChar
0x5de2d8 lstrlenA
0x5de2dc lstrcpynA
0x5de2e0 LoadLibraryExA
0x5de2e4 GetThreadLocale
0x5de2e8 GetStartupInfoA
0x5de2ec GetProcAddress
0x5de2f0 GetModuleHandleA
0x5de2f4 GetModuleFileNameA
0x5de2f8 GetLocaleInfoA
0x5de2fc GetCommandLineA
0x5de300 FreeLibrary
0x5de304 FindFirstFileA
0x5de308 FindClose
0x5de30c ExitProcess
0x5de310 ExitThread
0x5de314 CreateThread
0x5de318 WriteFile
0x5de320 RtlUnwind
0x5de324 RaiseException
0x5de328 GetStdHandle
Library user32.dll:
0x5de330 GetKeyboardType
0x5de334 LoadStringA
0x5de338 MessageBoxA
0x5de33c CharNextA
Library advapi32.dll:
0x5de344 RegQueryValueExA
0x5de348 RegOpenKeyExA
0x5de34c RegCloseKey
Library oleaut32.dll:
0x5de354 SysFreeString
0x5de358 SysReAllocStringLen
0x5de35c SysAllocStringLen
Library kernel32.dll:
0x5de364 TlsSetValue
0x5de368 TlsGetValue
0x5de36c LocalAlloc
0x5de370 GetModuleHandleA
Library advapi32.dll:
0x5de378 RegSetValueExA
0x5de37c RegQueryValueExA
0x5de380 RegQueryInfoKeyA
0x5de384 RegOpenKeyExA
0x5de388 RegFlushKey
0x5de38c RegEnumValueA
0x5de390 RegEnumKeyExA
0x5de394 RegDeleteValueA
0x5de398 RegDeleteKeyA
0x5de39c RegCreateKeyExA
0x5de3a0 RegCloseKey
0x5de3a4 OpenProcessToken
0x5de3ac GetLengthSid
0x5de3b0 DuplicateTokenEx
Library kernel32.dll:
0x5de3c0 lstrlenW
0x5de3c4 lstrcpyA
0x5de3cc WriteFile
0x5de3d0 WaitForSingleObject
0x5de3d4 VirtualQuery
0x5de3d8 VirtualFree
0x5de3dc VirtualAlloc
0x5de3e0 UnmapViewOfFile
0x5de3e4 TerminateProcess
0x5de3ec SuspendThread
0x5de3f0 Sleep
0x5de3f4 SizeofResource
0x5de3f8 SetThreadPriority
0x5de3fc SetThreadLocale
0x5de404 SetLastError
0x5de408 SetFilePointer
0x5de40c SetEvent
0x5de410 SetErrorMode
0x5de414 SetEndOfFile
0x5de418 ResumeThread
0x5de41c ResetEvent
0x5de420 ReleaseMutex
0x5de424 ReadFile
0x5de428 PeekNamedPipe
0x5de42c OutputDebugStringA
0x5de430 OpenProcess
0x5de434 OpenEventA
0x5de438 MultiByteToWideChar
0x5de43c MulDiv
0x5de440 MoveFileA
0x5de444 MapViewOfFile
0x5de448 LockResource
0x5de44c LocalFree
0x5de450 LoadResource
0x5de454 LoadLibraryA
0x5de460 GlobalUnlock
0x5de464 GlobalSize
0x5de468 GlobalReAlloc
0x5de46c GlobalHandle
0x5de470 GlobalLock
0x5de474 GlobalFree
0x5de478 GlobalFindAtomA
0x5de47c GlobalDeleteAtom
0x5de480 GlobalAlloc
0x5de484 GlobalAddAtomA
0x5de48c GetVersionExA
0x5de490 GetVersion
0x5de494 GetUserDefaultLCID
0x5de49c GetTickCount
0x5de4a0 GetThreadLocale
0x5de4a4 GetSystemInfo
0x5de4a8 GetSystemDirectoryA
0x5de4b0 GetStringTypeExA
0x5de4b4 GetStdHandle
0x5de4b8 GetProcAddress
0x5de4c0 GetModuleHandleA
0x5de4c4 GetModuleFileNameA
0x5de4c8 GetLogicalDrives
0x5de4d0 GetLocaleInfoA
0x5de4d4 GetLocalTime
0x5de4d8 GetLastError
0x5de4dc GetFullPathNameA
0x5de4e0 GetFileSize
0x5de4e4 GetFileAttributesA
0x5de4e8 GetExitCodeThread
0x5de4ec GetExitCodeProcess
0x5de4f0 GetDriveTypeA
0x5de4f4 GetDiskFreeSpaceA
0x5de4f8 GetDateFormatA
0x5de4fc GetCurrentThreadId
0x5de500 GetCurrentProcessId
0x5de504 GetCurrentProcess
0x5de508 GetComputerNameA
0x5de50c GetCommandLineA
0x5de510 GetCPInfo
0x5de514 GetACP
0x5de518 FreeResource
0x5de520 InterlockedExchange
0x5de528 FreeLibrary
0x5de52c FormatMessageA
0x5de530 FindResourceA
0x5de534 FindNextFileA
0x5de538 FindFirstFileA
0x5de53c FindClose
0x5de54c EnumCalendarInfoA
0x5de554 DeviceIoControl
0x5de558 DeleteFileA
0x5de560 CreateThread
0x5de564 CreateProcessA
0x5de568 CreatePipe
0x5de56c CreateMutexA
0x5de570 CreateFileMappingA
0x5de574 CreateFileA
0x5de578 CreateEventA
0x5de57c CreateDirectoryA
0x5de580 CopyFileA
0x5de584 CompareStringA
0x5de588 CloseHandle
Library version.dll:
0x5de590 VerQueryValueA
0x5de598 GetFileVersionInfoA
Library gdi32.dll:
0x5de5a0 UnrealizeObject
0x5de5a4 StretchDIBits
0x5de5a8 StretchBlt
0x5de5ac SetWindowOrgEx
0x5de5b0 SetWinMetaFileBits
0x5de5b4 SetViewportOrgEx
0x5de5b8 SetTextColor
0x5de5bc SetTextAlign
0x5de5c0 SetStretchBltMode
0x5de5c4 SetROP2
0x5de5c8 SetPixel
0x5de5cc SetPaletteEntries
0x5de5d0 SetMapMode
0x5de5d4 SetEnhMetaFileBits
0x5de5d8 SetDIBColorTable
0x5de5dc SetBrushOrgEx
0x5de5e0 SetBkMode
0x5de5e4 SetBkColor
0x5de5e8 SelectPalette
0x5de5ec SelectObject
0x5de5f0 SelectClipRgn
0x5de5f4 SaveDC
0x5de5f8 RoundRect
0x5de5fc RestoreDC
0x5de600 ResizePalette
0x5de604 Rectangle
0x5de608 RectVisible
0x5de60c RealizePalette
0x5de610 Polyline
0x5de614 Polygon
0x5de618 PlayEnhMetaFile
0x5de61c PatBlt
0x5de620 OffsetRgn
0x5de624 MoveToEx
0x5de628 MaskBlt
0x5de62c LineTo
0x5de630 LPtoDP
0x5de634 IntersectClipRect
0x5de638 GetWindowOrgEx
0x5de63c GetWinMetaFileBits
0x5de640 GetViewportOrgEx
0x5de644 GetTextMetricsA
0x5de650 GetTextColor
0x5de654 GetTextAlign
0x5de65c GetStockObject
0x5de660 GetPixel
0x5de664 GetPaletteEntries
0x5de668 GetObjectType
0x5de66c GetObjectA
0x5de674 GetMapMode
0x5de684 GetEnhMetaFileBits
0x5de688 GetDeviceCaps
0x5de68c GetDIBits
0x5de690 GetDIBColorTable
0x5de694 GetDCOrgEx
0x5de69c GetCurrentObject
0x5de6a0 GetClipBox
0x5de6a4 GetBrushOrgEx
0x5de6a8 GetBkColor
0x5de6ac GetBitmapBits
0x5de6b0 GdiFlush
0x5de6b4 FillRgn
0x5de6b8 ExtTextOutW
0x5de6bc ExtTextOutA
0x5de6c0 ExcludeClipRect
0x5de6c4 EnumFontFamiliesExA
0x5de6c8 DeleteObject
0x5de6cc DeleteEnhMetaFile
0x5de6d0 DeleteDC
0x5de6d4 CreateSolidBrush
0x5de6d8 CreateRoundRectRgn
0x5de6e0 CreateRectRgn
0x5de6e4 CreatePenIndirect
0x5de6e8 CreatePen
0x5de6ec CreatePatternBrush
0x5de6f0 CreatePalette
0x5de6f8 CreateFontIndirectA
0x5de6fc CreateEnhMetaFileA
0x5de700 CreateDIBitmap
0x5de704 CreateDIBSection
0x5de708 CreateCompatibleDC
0x5de710 CreateBrushIndirect
0x5de714 CreateBitmap
0x5de718 CopyEnhMetaFileA
0x5de71c CombineRgn
0x5de720 CloseEnhMetaFile
0x5de724 BitBlt
Library user32.dll:
0x5de72c CreateWindowExA
0x5de730 WindowFromPoint
0x5de734 WinHelpA
0x5de738 WaitMessage
0x5de73c ValidateRect
0x5de740 UpdateLayeredWindow
0x5de744 UpdateWindow
0x5de74c UnregisterClassA
0x5de750 UnionRect
0x5de754 UnhookWindowsHookEx
0x5de758 TranslateMessage
0x5de760 TrackPopupMenuEx
0x5de764 TrackPopupMenu
0x5de768 ToAscii
0x5de770 SubtractRect
0x5de774 ShowWindow
0x5de778 ShowScrollBar
0x5de77c ShowOwnedPopups
0x5de780 ShowCursor
0x5de784 SetWindowRgn
0x5de788 SetWindowsHookExA
0x5de78c SetWindowTextW
0x5de790 SetWindowTextA
0x5de794 SetWindowPos
0x5de798 SetWindowPlacement
0x5de79c SetWindowLongA
0x5de7a0 SetTimer
0x5de7a4 SetScrollRange
0x5de7a8 SetScrollPos
0x5de7ac SetScrollInfo
0x5de7b0 SetRect
0x5de7b4 SetPropA
0x5de7b8 SetParent
0x5de7bc SetMenuItemInfoW
0x5de7c0 SetMenuItemInfoA
0x5de7c4 SetMenu
0x5de7c8 SetForegroundWindow
0x5de7cc SetFocus
0x5de7d0 SetDlgItemTextA
0x5de7d4 SetCursor
0x5de7d8 SetClipboardData
0x5de7dc SetClassLongA
0x5de7e0 SetCapture
0x5de7e4 SetActiveWindow
0x5de7e8 SendNotifyMessageA
0x5de7ec SendMessageTimeoutA
0x5de7f0 SendMessageA
0x5de7f4 SendDlgItemMessageA
0x5de7f8 ScrollWindow
0x5de7fc ScrollDC
0x5de800 ScreenToClient
0x5de804 RemovePropA
0x5de808 RemoveMenu
0x5de80c ReleaseDC
0x5de810 ReleaseCapture
0x5de820 RegisterClassA
0x5de824 RedrawWindow
0x5de828 PtInRect
0x5de82c PostQuitMessage
0x5de830 PostMessageA
0x5de834 PeekMessageA
0x5de838 OpenClipboard
0x5de83c OffsetRect
0x5de840 OemToCharA
0x5de848 MoveWindow
0x5de84c MessageBoxA
0x5de850 MessageBeep
0x5de854 MapWindowPoints
0x5de858 MapVirtualKeyA
0x5de85c LockWindowUpdate
0x5de860 LoadStringA
0x5de864 LoadMenuA
0x5de868 LoadKeyboardLayoutA
0x5de86c LoadIconA
0x5de870 LoadCursorA
0x5de874 LoadBitmapA
0x5de878 KillTimer
0x5de87c IsZoomed
0x5de880 IsWindowVisible
0x5de884 IsWindowEnabled
0x5de888 IsWindow
0x5de88c IsRectEmpty
0x5de890 IsIconic
0x5de894 IsDialogMessageA
0x5de898 IsChild
0x5de89c InvalidateRect
0x5de8a0 IntersectRect
0x5de8a4 InsertMenuItemA
0x5de8a8 InsertMenuA
0x5de8ac InflateRect
0x5de8b8 GetWindowTextA
0x5de8bc GetWindowRect
0x5de8c0 GetWindowPlacement
0x5de8c4 GetWindowLongA
0x5de8c8 GetWindowDC
0x5de8cc GetUpdateRect
0x5de8d0 GetTopWindow
0x5de8d4 GetSystemMetrics
0x5de8d8 GetSystemMenu
0x5de8dc GetSysColorBrush
0x5de8e0 GetSysColor
0x5de8e4 GetSubMenu
0x5de8e8 GetScrollRange
0x5de8ec GetScrollPos
0x5de8f0 GetScrollInfo
0x5de8f4 GetPropA
0x5de8f8 GetParent
0x5de8fc GetWindow
0x5de900 GetMessageTime
0x5de904 GetMessagePos
0x5de908 GetMenuStringA
0x5de90c GetMenuState
0x5de910 GetMenuItemInfoA
0x5de914 GetMenuItemID
0x5de918 GetMenuItemCount
0x5de91c GetMenu
0x5de920 GetLastActivePopup
0x5de924 GetKeyboardState
0x5de92c GetKeyboardLayout
0x5de930 GetKeyState
0x5de934 GetKeyNameTextA
0x5de938 GetIconInfo
0x5de93c GetForegroundWindow
0x5de940 GetFocus
0x5de944 GetDlgItem
0x5de948 GetDesktopWindow
0x5de94c GetDCEx
0x5de950 GetDC
0x5de954 GetCursorPos
0x5de958 GetCursor
0x5de960 GetClipboardData
0x5de964 GetClientRect
0x5de968 GetClassNameW
0x5de96c GetClassNameA
0x5de970 GetClassInfoA
0x5de974 GetCapture
0x5de978 GetActiveWindow
0x5de97c FrameRect
0x5de980 FindWindowExA
0x5de984 FindWindowA
0x5de988 FillRect
0x5de98c EqualRect
0x5de990 EnumWindows
0x5de994 EnumThreadWindows
0x5de99c EndPaint
0x5de9a0 EndDeferWindowPos
0x5de9a4 EnableWindow
0x5de9a8 EnableScrollBar
0x5de9ac EnableMenuItem
0x5de9b0 EmptyClipboard
0x5de9b4 DrawTextW
0x5de9b8 DrawTextA
0x5de9bc DrawMenuBar
0x5de9c0 DrawIconEx
0x5de9c4 DrawIcon
0x5de9c8 DrawFrameControl
0x5de9cc DrawFocusRect
0x5de9d0 DrawEdge
0x5de9d4 DispatchMessageA
0x5de9d8 DestroyWindow
0x5de9dc DestroyMenu
0x5de9e0 DestroyIcon
0x5de9e4 DestroyCursor
0x5de9e8 DeleteMenu
0x5de9ec DeferWindowPos
0x5de9f0 DefWindowProcA
0x5de9f4 DefMDIChildProcA
0x5de9f8 DefFrameProcA
0x5de9fc CreatePopupMenu
0x5dea00 CreateMenu
0x5dea04 CreateIcon
0x5dea08 CopyImage
0x5dea0c CopyIcon
0x5dea10 CloseClipboard
0x5dea14 ClientToScreen
0x5dea18 CheckMenuItem
0x5dea1c CallWindowProcW
0x5dea20 CallWindowProcA
0x5dea24 CallNextHookEx
0x5dea28 BeginPaint
0x5dea2c BeginDeferWindowPos
0x5dea30 AttachThreadInput
0x5dea34 CharNextA
0x5dea38 CharLowerBuffA
0x5dea3c CharLowerA
0x5dea40 CharUpperBuffA
0x5dea44 CharUpperA
0x5dea48 CharToOemA
0x5dea4c AdjustWindowRectEx
Library ole32.dll:
0x5dea58 IsEqualGUID
0x5dea5c CLSIDFromString
0x5dea60 CoTaskMemFree
0x5dea64 StringFromCLSID
Library kernel32.dll:
0x5dea6c Sleep
Library oleaut32.dll:
0x5dea74 SafeArrayPtrOfIndex
0x5dea78 SafeArrayGetUBound
0x5dea7c SafeArrayGetLBound
0x5dea80 SafeArrayCreate
0x5dea84 VariantChangeType
0x5dea88 VariantCopy
0x5dea8c VariantClear
0x5dea90 VariantInit
Library ole32.dll:
0x5dea9c IsAccelerator
0x5deaa0 ReleaseStgMedium
0x5deaa4 OleDraw
0x5deaac OleGetClipboard
0x5deab0 OleSetClipboard
0x5deab4 DoDragDrop
0x5deab8 RevokeDragDrop
0x5deabc RegisterDragDrop
0x5deac0 OleUninitialize
0x5deac4 OleInitialize
0x5deacc CoTaskMemFree
0x5dead0 CoTaskMemAlloc
0x5dead4 ProgIDFromCLSID
0x5dead8 StringFromCLSID
0x5deadc CoCreateInstance
0x5deae0 CoGetClassObject
0x5deae4 CoUninitialize
0x5deae8 CoInitialize
0x5deaec IsEqualGUID
Library oleaut32.dll:
0x5deaf4 CreateErrorInfo
0x5deaf8 GetErrorInfo
0x5deafc SetErrorInfo
0x5deb00 GetActiveObject
0x5deb04 SafeArrayGetElement
0x5deb08 SafeArrayGetLBound
0x5deb0c SafeArrayGetUBound
0x5deb10 SysFreeString
Library comctl32.dll:
0x5deb20 ImageList_Write
0x5deb24 ImageList_Read
0x5deb34 ImageList_DragMove
0x5deb38 ImageList_DragLeave
0x5deb3c ImageList_DragEnter
0x5deb40 ImageList_EndDrag
0x5deb44 ImageList_BeginDrag
0x5deb48 ImageList_Remove
0x5deb4c ImageList_DrawEx
0x5deb50 ImageList_Draw
0x5deb60 ImageList_Add
0x5deb68 ImageList_Destroy
0x5deb6c ImageList_Create
Library shell32.dll:
0x5deb74 ShellExecuteExA
0x5deb78 ShellExecuteA
Library wininet.dll:
0x5deb80 InternetSetOptionA
0x5deb84 InternetOpenA
0x5deb88 InternetConnectA
0x5deb8c InternetCombineUrlA
0x5deb90 InternetCloseHandle
Library URLMON.DLL:
Library shell32.dll:

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.