SmartHawk

2.2

中危

1 个模型检测该样本为恶意！

重新分析

下载样本

2e14089515bf1bb8770536c2752040742cf1de254054bc685fbedded4bcdd017

2d4a49ffcb3528eeb754d7b0cbcc71f6.exe

分析耗时

22s

最近分析

文件大小

1.0MB

静态报毒动态报毒 COINMINER

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀时间	查杀版本
McAfee	20200928	6.0.6.653
Alibaba	20190527	0.3.0.5
CrowdStrike	20190702	1.0
Baidu	20190318	1.0.0.2
Avast	20200929	18.4.3895.0
Tencent	20200929	1.0.0.1
Kingsoft	20200929	2013.8.14.323

This executable is signed

This executable has a PDB path (1 个事件)

pdb_path

C:\projects\kryptex-backend\backend\node_modules\start-process-proxy\build\Release\start-process-proxy.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.00cfg

The executable uses a known packer (1 个事件)

packer

Microsoft Visual C++ V8.0 (Debug)

A process created a hidden window (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620750099.811645 CreateProcessInternalW	thread_identifier: 0 thread_handle: 0x0000000000000000 process_identifier: 0 current_directory: filepath: track: 0 command_line: filepath_r: stack_pivoted: 0 creation_flags: 134217728 (CREATE_NO_WINDOW) process_handle: 0x0000000000000000 inherit_handles: 0	failed	0	0

File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)

Microsoft

PUA:Win32/CoinMiner

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2019-12-06 01:10:46

Imports

Library KERNEL32.dll:

• 0x140108000 GetCommandLineW

• 0x140108008 GetLastError

• 0x140108010 CreateProcessW

• 0x140108018 GetModuleHandleA

• 0x140108020 WriteConsoleW

• 0x140108028 CreateFileW

• 0x140108030 HeapSize

• 0x140108038 WideCharToMultiByte

• 0x140108040 FormatMessageW

• 0x140108048 EnterCriticalSection

• 0x140108050 LeaveCriticalSection

• 0x140108058 DeleteCriticalSection

• 0x140108060 MultiByteToWideChar

• 0x140108068 EncodePointer

• 0x140108070 DecodePointer

• 0x140108078 SetLastError

• 0x140108080 InitializeCriticalSectionAndSpinCount

• 0x140108088 CreateEventW

• 0x140108090 SwitchToThread

• 0x140108098 TlsAlloc

• 0x1401080a0 TlsGetValue

• 0x1401080a8 TlsSetValue

• 0x1401080b0 TlsFree

• 0x1401080b8 GetSystemTimeAsFileTime

• 0x1401080c0 GetTickCount

• 0x1401080c8 GetModuleHandleW

• 0x1401080d0 GetProcAddress

• 0x1401080d8 CompareStringW

• 0x1401080e0 LCMapStringW

• 0x1401080e8 GetLocaleInfoW

• 0x1401080f0 GetStringTypeW

• 0x1401080f8 GetCPInfo

• 0x140108100 RtlCaptureContext

• 0x140108108 RtlLookupFunctionEntry

• 0x140108110 RtlVirtualUnwind

• 0x140108118 UnhandledExceptionFilter

• 0x140108120 SetUnhandledExceptionFilter

• 0x140108128 GetCurrentProcess

• 0x140108130 TerminateProcess

• 0x140108138 IsProcessorFeaturePresent

• 0x140108140 QueryPerformanceCounter

• 0x140108148 GetCurrentProcessId

• 0x140108150 GetCurrentThreadId

• 0x140108158 InitializeSListHead

• 0x140108160 IsDebuggerPresent

• 0x140108168 GetStartupInfoW

• 0x140108170 RtlPcToFileHeader

• 0x140108178 RaiseException

• 0x140108180 RtlUnwindEx

• 0x140108188 InterlockedPushEntrySList

• 0x140108190 InterlockedFlushSList

• 0x140108198 FreeLibrary

• 0x1401081a0 LoadLibraryExW

• 0x1401081a8 GetStdHandle

• 0x1401081b0 WriteFile

• 0x1401081b8 GetModuleFileNameW

• 0x1401081c0 ExitProcess

• 0x1401081c8 GetModuleHandleExW

• 0x1401081d0 GetCommandLineA

• 0x1401081d8 GetCurrentThread

• 0x1401081e0 HeapAlloc

• 0x1401081e8 HeapFree

• 0x1401081f0 SetConsoleCtrlHandler

• 0x1401081f8 GetFileType

• 0x140108200 GetDateFormatW

• 0x140108208 GetTimeFormatW

• 0x140108210 IsValidLocale

• 0x140108218 GetUserDefaultLCID

• 0x140108220 EnumSystemLocalesW

• 0x140108228 CloseHandle

• 0x140108230 FlushFileBuffers

• 0x140108238 GetConsoleCP

• 0x140108240 GetConsoleMode

• 0x140108248 ReadFile

• 0x140108250 GetFileSizeEx

• 0x140108258 SetFilePointerEx

• 0x140108260 ReadConsoleW

• 0x140108268 HeapReAlloc

• 0x140108270 GetTimeZoneInformation

• 0x140108278 OutputDebugStringW

• 0x140108280 FindClose

• 0x140108288 FindFirstFileExW

• 0x140108290 FindNextFileW

• 0x140108298 IsValidCodePage

• 0x1401082a0 GetACP

• 0x1401082a8 GetOEMCP

• 0x1401082b0 GetEnvironmentStringsW

• 0x1401082b8 FreeEnvironmentStringsW

• 0x1401082c0 SetEnvironmentVariableW

• 0x1401082c8 SetStdHandle

• 0x1401082d0 GetProcessHeap

• 0x1401082d8 RtlUnwind

Library SHELL32.dll:

• 0x1401083c8 CommandLineToArgvW

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50002	114.114.114.114	53
192.168.56.101	53237	114.114.114.114	53
192.168.56.101	57756	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	62318	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50003	239.255.255.250	3702
192.168.56.101	50005	239.255.255.250	3702
192.168.56.101	50539	239.255.255.250	1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.