5.4
中危
该样本未表现出任何异常!
重新分析
更多

4f36a71d9195b8639ff47c95e8980ee7f0f5a22371e75e91042c4ad10de1b39c

305693594beccacab46324f34c577ce6.exe

分析耗时

81s

最近分析

文件大小

671.7KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
This executable is signed
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1620726284.401343
__exception__
stacktrace: 
0x218054b
0x21806b0
DriverCallback+0x4e waveOutOpen-0xa2e winmm+0x3af0 @ 0x751d3af0
timeEndPeriod+0x54a timeKillEvent-0x57 winmm+0xa535 @ 0x751da535
timeEndPeriod+0x449 timeKillEvent-0x158 winmm+0xa434 @ 0x751da434
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 54722032
registers.edi: 35128892
registers.eax: 0
registers.ebp: 54722112
registers.edx: 0
registers.ebx: 4294967294
registers.esi: 16
registers.ecx: 10289128
exception.instruction_r: 8b 40 3c 99 03 04 24 13 54 24 04 83 c4 08 89 45
exception.instruction: mov eax, dword ptr [eax + 0x3c]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x216d319
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620726223.464343
NtAllocateVirtualMemory
process_identifier: 2064
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003d0000
success 0 0
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1620726241.042343
NtProtectVirtualMemory
process_identifier: 2064
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 131072
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffff
base_address: 0x02161000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620726251.886343
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Disables proxy possibly for traffic interception (1 个事件)
Time & API Arguments Status Return Repeated
1620726251.448343
RegSetValueExA
key_handle: 0x000002bc
value: 0
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
success 0 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620726254.464343
RegSetValueExA
key_handle: 0x000003ac
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620726254.464343
RegSetValueExA
key_handle: 0x000003ac
value: €Æœ]F×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620726254.464343
RegSetValueExA
key_handle: 0x000003ac
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620726254.464343
RegSetValueExW
key_handle: 0x000003ac
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620726254.464343
RegSetValueExA
key_handle: 0x000003c8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620726254.464343
RegSetValueExA
key_handle: 0x000003c8
value: €Æœ]F×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620726254.464343
RegSetValueExA
key_handle: 0x000003c8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620726254.495343
RegSetValueExW
key_handle: 0x000003a8
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Network activity contains more than one unique useragent (2 个事件)
process 305693594beccacab46324f34c577ce6.exe useragent Internal
process 305693594beccacab46324f34c577ce6.exe useragent 305693594beccacab46324f34c577ce6.exe
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 199.16.156.40:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x483164 VirtualFree
0x483168 VirtualAlloc
0x48316c LocalFree
0x483170 LocalAlloc
0x483174 GetTickCount
0x48317c GetVersion
0x483180 GetCurrentThreadId
0x48318c VirtualQuery
0x483190 WideCharToMultiByte
0x483194 MultiByteToWideChar
0x483198 lstrlenA
0x48319c lstrcpynA
0x4831a0 LoadLibraryExA
0x4831a4 GetThreadLocale
0x4831a8 GetStartupInfoA
0x4831ac GetProcAddress
0x4831b0 GetModuleHandleA
0x4831b4 GetModuleFileNameA
0x4831b8 GetLocaleInfoA
0x4831bc GetCommandLineA
0x4831c0 FreeLibrary
0x4831c4 FindFirstFileA
0x4831c8 FindClose
0x4831cc ExitProcess
0x4831d0 WriteFile
0x4831d8 RtlUnwind
0x4831dc RaiseException
0x4831e0 GetStdHandle
Library user32.dll:
0x4831e8 GetKeyboardType
0x4831ec LoadStringA
0x4831f0 MessageBoxA
0x4831f4 CharNextA
Library advapi32.dll:
0x4831fc RegQueryValueExA
0x483200 RegOpenKeyExA
0x483204 RegCloseKey
Library oleaut32.dll:
0x48320c SysFreeString
0x483210 SysReAllocStringLen
0x483214 SysAllocStringLen
Library kernel32.dll:
0x48321c TlsSetValue
0x483220 TlsGetValue
0x483224 LocalAlloc
0x483228 GetModuleHandleA
Library advapi32.dll:
0x483230 RegQueryValueExA
0x483234 RegOpenKeyExA
0x483238 RegCloseKey
Library kernel32.dll:
0x483240 lstrcpyA
0x483244 lstrcmpiA
0x483248 WriteFile
0x48324c WaitForSingleObject
0x483250 VirtualQuery
0x483254 VirtualProtect
0x483258 VirtualAlloc
0x48325c Sleep
0x483260 SizeofResource
0x483264 SetThreadLocale
0x483268 SetFilePointer
0x48326c SetEvent
0x483270 SetErrorMode
0x483274 SetEndOfFile
0x483278 ResetEvent
0x48327c ReadFile
0x483280 MultiByteToWideChar
0x483284 MulDiv
0x483288 LockResource
0x48328c LoadResource
0x483290 LoadLibraryA
0x48329c GlobalUnlock
0x4832a0 GlobalReAlloc
0x4832a4 GlobalHandle
0x4832a8 GlobalLock
0x4832ac GlobalFree
0x4832b0 GlobalFindAtomA
0x4832b4 GlobalDeleteAtom
0x4832b8 GlobalAlloc
0x4832bc GlobalAddAtomA
0x4832c0 GetVersionExA
0x4832c4 GetVersion
0x4832c8 GetTickCount
0x4832cc GetThreadLocale
0x4832d0 GetSystemInfo
0x4832d4 GetStringTypeExA
0x4832d8 GetStdHandle
0x4832dc GetProcAddress
0x4832e0 GetModuleHandleA
0x4832e4 GetModuleFileNameA
0x4832e8 GetLocaleInfoA
0x4832ec GetLocalTime
0x4832f0 GetLastError
0x4832f4 GetFullPathNameA
0x4832f8 GetDiskFreeSpaceA
0x4832fc GetDateFormatA
0x483300 GetCurrentThreadId
0x483304 GetCurrentProcessId
0x483308 GetCPInfo
0x48330c GetACP
0x483310 FreeResource
0x483314 InterlockedExchange
0x483318 FreeLibrary
0x48331c FormatMessageA
0x483320 FindResourceA
0x483324 EnumCalendarInfoA
0x483330 CreateThread
0x483334 CreateFileA
0x483338 CreateEventA
0x48333c CompareStringA
0x483340 CloseHandle
Library version.dll:
0x483348 VerQueryValueA
0x483350 GetFileVersionInfoA
Library gdi32.dll:
0x483358 UnrealizeObject
0x48335c StretchBlt
0x483360 SetWindowOrgEx
0x483364 SetViewportOrgEx
0x483368 SetTextColor
0x48336c SetStretchBltMode
0x483370 SetROP2
0x483374 SetPixel
0x483378 SetDIBColorTable
0x48337c SetBrushOrgEx
0x483380 SetBkMode
0x483384 SetBkColor
0x483388 SelectPalette
0x48338c SelectObject
0x483390 SelectClipRgn
0x483394 SaveDC
0x483398 RestoreDC
0x48339c Rectangle
0x4833a0 RectVisible
0x4833a4 RealizePalette
0x4833a8 Polyline
0x4833ac PatBlt
0x4833b0 MoveToEx
0x4833b4 MaskBlt
0x4833b8 LineTo
0x4833bc IntersectClipRect
0x4833c0 GetWindowOrgEx
0x4833c4 GetTextMetricsA
0x4833d0 GetStockObject
0x4833d4 GetPixel
0x4833d8 GetPaletteEntries
0x4833dc GetObjectA
0x4833e0 GetDeviceCaps
0x4833e4 GetDIBits
0x4833e8 GetDIBColorTable
0x4833ec GetDCOrgEx
0x4833f4 GetClipBox
0x4833f8 GetBrushOrgEx
0x4833fc GetBkColor
0x483400 GetBitmapBits
0x483404 ExcludeClipRect
0x483408 DeleteObject
0x48340c DeleteDC
0x483410 CreateSolidBrush
0x483414 CreatePenIndirect
0x483418 CreatePalette
0x483420 CreateFontIndirectA
0x483424 CreateDIBitmap
0x483428 CreateDIBSection
0x48342c CreateCompatibleDC
0x483434 CreateBrushIndirect
0x483438 CreateBitmap
0x48343c BitBlt
Library user32.dll:
0x483444 CreateWindowExA
0x483448 WindowFromPoint
0x48344c WinHelpA
0x483450 WaitMessage
0x483454 UpdateWindow
0x483458 UnregisterClassA
0x48345c UnhookWindowsHookEx
0x483460 TranslateMessage
0x483468 TrackPopupMenu
0x483470 ShowWindow
0x483474 ShowScrollBar
0x483478 ShowOwnedPopups
0x48347c ShowCursor
0x483480 SetWindowsHookExA
0x483484 SetWindowTextA
0x483488 SetWindowPos
0x48348c SetWindowPlacement
0x483490 SetWindowLongA
0x483494 SetTimer
0x483498 SetScrollRange
0x48349c SetScrollPos
0x4834a0 SetScrollInfo
0x4834a4 SetRect
0x4834a8 SetPropA
0x4834ac SetParent
0x4834b0 SetMenuItemInfoA
0x4834b4 SetMenu
0x4834b8 SetForegroundWindow
0x4834bc SetFocus
0x4834c0 SetCursor
0x4834c4 SetClassLongA
0x4834c8 SetCapture
0x4834cc SetActiveWindow
0x4834d0 SendMessageA
0x4834d4 ScrollWindow
0x4834d8 ScreenToClient
0x4834dc RemovePropA
0x4834e0 RemoveMenu
0x4834e4 ReleaseDC
0x4834e8 ReleaseCapture
0x4834f4 RegisterClassA
0x4834f8 RedrawWindow
0x4834fc PtInRect
0x483500 PostQuitMessage
0x483504 PostMessageA
0x483508 PeekMessageA
0x48350c OffsetRect
0x483510 OemToCharA
0x483514 MessageBoxA
0x483518 MapWindowPoints
0x48351c MapVirtualKeyA
0x483520 LoadStringA
0x483524 LoadKeyboardLayoutA
0x483528 LoadIconA
0x48352c LoadCursorA
0x483530 LoadBitmapA
0x483534 KillTimer
0x483538 IsZoomed
0x48353c IsWindowVisible
0x483540 IsWindowEnabled
0x483544 IsWindow
0x483548 IsRectEmpty
0x48354c IsIconic
0x483550 IsDialogMessageA
0x483554 IsChild
0x483558 InvalidateRect
0x48355c IntersectRect
0x483560 InsertMenuItemA
0x483564 InsertMenuA
0x483568 InflateRect
0x483570 GetWindowTextA
0x483574 GetWindowRect
0x483578 GetWindowPlacement
0x48357c GetWindowLongA
0x483580 GetWindowDC
0x483584 GetTopWindow
0x483588 GetSystemMetrics
0x48358c GetSystemMenu
0x483590 GetSysColorBrush
0x483594 GetSysColor
0x483598 GetSubMenu
0x48359c GetScrollRange
0x4835a0 GetScrollPos
0x4835a4 GetScrollInfo
0x4835a8 GetPropA
0x4835ac GetParent
0x4835b0 GetWindow
0x4835b4 GetMenuStringA
0x4835b8 GetMenuState
0x4835bc GetMenuItemInfoA
0x4835c0 GetMenuItemID
0x4835c4 GetMenuItemCount
0x4835c8 GetMenu
0x4835cc GetLastActivePopup
0x4835d0 GetKeyboardState
0x4835d8 GetKeyboardLayout
0x4835dc GetKeyState
0x4835e0 GetKeyNameTextA
0x4835e4 GetIconInfo
0x4835e8 GetForegroundWindow
0x4835ec GetFocus
0x4835f0 GetDesktopWindow
0x4835f4 GetDCEx
0x4835f8 GetDC
0x4835fc GetCursorPos
0x483600 GetCursor
0x483604 GetClientRect
0x483608 GetClassNameA
0x48360c GetClassInfoA
0x483610 GetCapture
0x483614 GetActiveWindow
0x483618 FrameRect
0x48361c FindWindowA
0x483620 FillRect
0x483624 EqualRect
0x483628 EnumWindows
0x48362c EnumThreadWindows
0x483630 EndPaint
0x483634 EnableWindow
0x483638 EnableScrollBar
0x48363c EnableMenuItem
0x483640 DrawTextA
0x483644 DrawMenuBar
0x483648 DrawIconEx
0x48364c DrawIcon
0x483650 DrawFrameControl
0x483654 DrawFocusRect
0x483658 DrawEdge
0x48365c DispatchMessageA
0x483660 DestroyWindow
0x483664 DestroyMenu
0x483668 DestroyIcon
0x48366c DestroyCursor
0x483670 DeleteMenu
0x483674 DefWindowProcA
0x483678 DefMDIChildProcA
0x48367c DefFrameProcA
0x483680 CreatePopupMenu
0x483684 CreateMenu
0x483688 CreateIcon
0x48368c ClientToScreen
0x483690 CheckMenuItem
0x483694 CallWindowProcA
0x483698 CallNextHookEx
0x48369c BeginPaint
0x4836a0 CharNextA
0x4836a4 CharLowerA
0x4836a8 CharToOemA
0x4836ac AdjustWindowRectEx
Library kernel32.dll:
0x4836b8 Sleep
Library oleaut32.dll:
0x4836c0 SafeArrayPtrOfIndex
0x4836c4 SafeArrayGetUBound
0x4836c8 SafeArrayGetLBound
0x4836cc SafeArrayCreate
0x4836d0 VariantChangeType
0x4836d4 VariantCopy
0x4836d8 VariantClear
0x4836dc VariantInit
Library ole32.dll:
0x4836e4 CoUninitialize
0x4836e8 CoInitialize
Library oleaut32.dll:
0x4836f0 GetErrorInfo
0x4836f4 SysFreeString
Library comctl32.dll:
0x483704 ImageList_Write
0x483708 ImageList_Read
0x483718 ImageList_DragMove
0x48371c ImageList_DragLeave
0x483720 ImageList_DragEnter
0x483724 ImageList_EndDrag
0x483728 ImageList_BeginDrag
0x48372c ImageList_Remove
0x483730 ImageList_DrawEx
0x483734 ImageList_Replace
0x483738 ImageList_Draw
0x483748 ImageList_Add
0x483754 ImageList_Destroy
0x483758 ImageList_Create
Library advapi32.dll:
0x483760 QueryServiceStatus
0x483764 OpenServiceA
0x483768 OpenSCManagerA
0x48376c CloseServiceHandle

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.