1.8
低危
1 个模型检测该样本为恶意!
重新分析
更多

2e814aa08682936113aa9403ecc989798bd451d0270614cbafed7ab269924b24

310adeeb91752eb28a03191ba8be44bd.exe

分析耗时

77s

最近分析

文件大小

9.9MB
静态报毒 动态报毒 SECUREAGE
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20190523 6.0.6.653
Alibaba 20190513 0.3.0.4
Baidu 20190318 1.0.0.2
Avast 20190524 18.4.3895.0
Tencent 20190524 1.0.0.1
Kingsoft 20190524 2013.8.14.323
CrowdStrike 20190212 1.0
静态指标
This executable is signed
This executable has a PDB path (1 个事件)
pdb_path D:\Projects\AppControl\QT\src\UAVScanResult\Win32\Release\UAVScanResult.pdb
行为判定
动态指标
File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)
ESET-NOD32 a variant of Win32/SecureAge.A potentially unwanted
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.208738178073331 section {'size_of_data': '0x0092a400', 'virtual_address': '0x0008d000', 'entropy': 7.208738178073331, 'name': '.rdata', 'virtual_size': '0x0092a353'} description A section with a high entropy has been found
entropy 0.9304054723902052 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 34.227.55.118
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2018-11-13 14:59:20

Imports

Library WINHTTP.dll:
0xdced6c WinHttpCloseHandle
0xdced70 WinHttpConnect
0xdced74 WinHttpReadData
0xdced78 WinHttpWriteData
0xdced80 WinHttpSetOption
0xdced84 WinHttpOpenRequest
0xdced8c WinHttpSendRequest
0xdced94 WinHttpOpen
0xdced98 WinHttpQueryHeaders
Library WININET.dll:
0xdcedd8 InternetCloseHandle
0xdceddc InternetOpenUrlA
0xdcede0 HttpQueryInfoW
0xdcede4 HttpSendRequestA
0xdcede8 InternetOpenA
0xdcedec InternetConnectA
0xdcedf0 InternetReadFile
0xdcedf4 InternetSetOptionW
0xdcedf8 HttpOpenRequestA
Library VERSION.dll:
0xdced24 VerQueryValueW
0xdced28 VerQueryValueA
0xdced2c GetFileVersionInfoW
0xdced30 GetFileVersionInfoA
Library Qt5Core.dll:
0xdcde18 ?qBadAlloc@@YAXXZ
0xdcde20 ??1QString@@QAE@XZ
0xdcde58 ??1QVariant@@QAE@XZ
0xdcde78 ??0QString@@QAE@XZ
0xdcdeb8 ??1QRegExp@@QAE@XZ
0xdcdf20 ??1QFile@@UAE@XZ
0xdcdf2c ??1QThread@@UAE@XZ
0xdcdf54 ??1QObject@@UAE@XZ
0xdcdf60 ??1QTimer@@UAE@XZ
Library Qt5Gui.dll:
0xdce06c ??1QBrush@@QAE@XZ
0xdce070 ??0QFont@@QAE@XZ
0xdce074 ??1QFont@@QAE@XZ
0xdce088 ??1QPen@@QAE@XZ
0xdce09c ??1QPainter@@QAE@XZ
0xdce0d0 ??1QMovie@@UAE@XZ
0xdce0e4 ??_FQMovie@@QAEXXZ
0xdce0f8 ??1QPalette@@QAE@XZ
0xdce124 ??1QDrag@@UAE@XZ
0xdce140 ??1QCursor@@QAE@XZ
0xdce144 ??0QIcon@@QAE@XZ
0xdce148 ??1QIcon@@QAE@XZ
0xdce150 ??0QPainter@@QAE@XZ
0xdce168 ??1QPixmap@@UAE@XZ
Library Qt5Svg.dll:
Library Qt5Widgets.dll:
0xdce310 ??1QWidget@@UAE@XZ
0xdce45c ??1QFrame@@UAE@XZ
0xdce618 ??1QDialog@@UAE@XZ
0xdce9b0 ??1QLabel@@UAE@XZ
0xdce9f4 ?y@QWidget@@QBEHXZ
0xdce9f8 ?x@QWidget@@QBEHXZ
Library KERNEL32.dll:
0xdcd984 CreateFileW
0xdcd988 GetLongPathNameA
0xdcd98c GetLongPathNameW
0xdcd990 FindClose
0xdcd99c FindFirstFileA
0xdcd9a0 FindFirstFileW
0xdcd9a4 GetProcAddress
0xdcd9a8 GetShortPathNameW
0xdcd9ac GetFileSize
0xdcd9b0 GetFileSizeEx
0xdcd9b4 WriteFile
0xdcd9b8 SetFilePointer
0xdcd9bc SetFilePointerEx
0xdcd9c0 GetFileTime
0xdcd9c4 SetFileTime
0xdcd9d0 GetModuleHandleW
0xdcd9dc RemoveDirectoryW
0xdcd9e0 CreateFileA
0xdcd9e4 SetFileAttributesW
0xdcd9e8 GetFileAttributesA
0xdcd9ec GetFileAttributesW
0xdcd9f0 FindNextFileW
0xdcd9f4 MoveFileExW
0xdcd9f8 GetVersionExW
0xdcd9fc MultiByteToWideChar
0xdcda00 ReadFile
0xdcda04 CreateProcessW
0xdcda0c SetEvent
0xdcda10 ResetEvent
0xdcda14 CreateEventW
0xdcda18 DeleteFileA
0xdcda1c WideCharToMultiByte
0xdcda20 PeekNamedPipe
0xdcda24 GetTimeFormatW
0xdcda28 GetDateFormatA
0xdcda2c GetDateFormatW
0xdcda34 WaitNamedPipeW
0xdcda38 ReleaseMutex
0xdcda3c CreateMutexW
0xdcda40 GetModuleHandleA
0xdcda44 GetTempPathW
0xdcda48 CreateDirectoryW
0xdcda4c GetSystemDirectoryW
0xdcda50 LockResource
0xdcda54 LoadResource
0xdcda58 SizeofResource
0xdcda5c FindResourceW
0xdcda60 FindResourceExW
0xdcda64 CreateThread
0xdcda68 GetExitCodeThread
0xdcda6c GetLocalTime
0xdcda70 GlobalFree
0xdcda74 SetErrorMode
0xdcda78 GetModuleFileNameA
0xdcda80 GetCommandLineW
0xdcda88 CreateProcessA
0xdcda90 GetExitCodeProcess
0xdcda94 TerminateProcess
0xdcda98 GetCurrentProcess
0xdcda9c GetModuleFileNameW
0xdcdaa0 Sleep
0xdcdaac LoadLibraryW
0xdcdab0 LoadLibraryA
0xdcdab4 FormatMessageW
0xdcdab8 FormatMessageA
0xdcdabc FreeLibrary
0xdcdac4 LocalFree
0xdcdac8 CreatePipe
0xdcdacc GetTimeFormatA
0xdcdad0 DuplicateHandle
0xdcdad4 LocalAlloc
0xdcdad8 GetLastError
0xdcdadc DeleteFileW
0xdcdae0 CloseHandle
0xdcdae4 WaitForSingleObject
0xdcdaec SetLastError
0xdcdaf0 RaiseException
0xdcdaf8 HeapDestroy
0xdcdafc HeapAlloc
0xdcdb00 HeapReAlloc
0xdcdb04 HeapFree
0xdcdb08 HeapSize
0xdcdb0c GetProcessHeap
0xdcdb10 IsDebuggerPresent
0xdcdb18 EncodePointer
0xdcdb1c DecodePointer
0xdcdb24 GetCurrentProcessId
0xdcdb28 GetCurrentThreadId
Library USER32.dll:
0xdcecc0 GetActiveWindow
0xdcecc4 SetForegroundWindow
0xdcecc8 SetActiveWindow
0xdceccc SetWindowPos
0xdcecd0 ReleaseDC
0xdcecd4 GetDC
0xdcecd8 FindWindowW
0xdcecdc GetDesktopWindow
0xdcece0 GetWindowRect
0xdcece4 ExitWindowsEx
0xdcece8 MessageBoxA
0xdcecec MessageBoxW
Library GDI32.dll:
0xdcd954 GetDeviceCaps
Library ADVAPI32.dll:
0xdcd834 RegQueryValueExA
0xdcd838 FreeSid
0xdcd83c GetUserNameW
0xdcd844 OpenProcessToken
0xdcd850 RegCreateKeyExA
0xdcd854 RegCreateKeyExW
0xdcd858 RegDeleteKeyA
0xdcd85c RegDeleteKeyW
0xdcd860 RegDeleteValueA
0xdcd864 RegDeleteValueW
0xdcd868 RegEnumKeyA
0xdcd86c RegEnumKeyW
0xdcd870 RegEnumKeyExW
0xdcd874 RegEnumValueA
0xdcd878 RegEnumValueW
0xdcd880 RegOpenKeyExA
0xdcd884 RegQueryInfoKeyW
0xdcd888 RegRestoreKeyW
0xdcd88c RegSetValueExA
0xdcd890 RegSetValueExW
0xdcd894 RegSaveKeyExW
0xdcd898 GetTokenInformation
0xdcd89c CloseServiceHandle
0xdcd8a0 ControlService
0xdcd8a4 CreateServiceA
0xdcd8a8 CreateServiceW
0xdcd8ac DeleteService
0xdcd8b0 OpenSCManagerW
0xdcd8b4 OpenServiceA
0xdcd8b8 OpenServiceW
0xdcd8bc QueryServiceStatus
0xdcd8c0 StartServiceW
0xdcd8c4 RegQueryValueExW
0xdcd8c8 RegOpenKeyExW
0xdcd8cc RegCloseKey
Library SHELL32.dll:
0xdcec48 CommandLineToArgvW
0xdcec4c ShellExecuteExW
0xdcec54 SHGetFolderPathW
0xdcec58 ShellExecuteW
Library SHLWAPI.dll:
0xdcec8c PathAddBackslashA
0xdcec90 PathAddBackslashW
Library MSVCR110.dll:
0xdcdbf4 _XcptFilter
0xdcdbfc _amsg_exit
0xdcdc00 __getmainargs
0xdcdc04 __set_app_type
0xdcdc08 exit
0xdcdc0c _exit
0xdcdc10 _cexit
0xdcdc14 _ismbblead
0xdcdc18 _configthreadlocale
0xdcdc1c __setusermatherr
0xdcdc20 _initterm_e
0xdcdc34 ??3@YAXPAX@Z
0xdcdc38 wcscpy_s
0xdcdc3c free
0xdcdc40 malloc
0xdcdc44 swprintf_s
0xdcdc48 vswprintf_s
0xdcdc4c memset
0xdcdc50 memcpy
0xdcdc54 _wcsdup
0xdcdc58 wcscat_s
0xdcdc5c wcstok_s
0xdcdc60 _strdup
0xdcdc64 _stricmp
0xdcdc68 realloc
0xdcdc6c tolower
0xdcdc70 strcpy_s
0xdcdc74 strchr
0xdcdc78 strncmp
0xdcdc7c sprintf_s
0xdcdc80 sscanf_s
0xdcdc88 floor
0xdcdc8c strcat_s
0xdcdc90 _vscwprintf
0xdcdc94 vsprintf_s
0xdcdc98 _wtoi
0xdcdc9c __CxxFrameHandler3
0xdcdca0 strstr
0xdcdca4 wcsstr
0xdcdca8 _wcsicmp
0xdcdcac _wcsnicmp
0xdcdcb0 calloc
0xdcdcb4 ?terminate@@YAXXZ
0xdcdcb8 _wsplitpath_s
0xdcdcbc wcsncmp
0xdcdcc0 strtok_s
0xdcdcc4 _wmkdir
0xdcdcc8 _waccess
0xdcdccc _wfindfirst64i32
0xdcdcd0 _wfindnext64i32
0xdcdcd4 wprintf
0xdcdcd8 _access
0xdcdcdc _findclose
0xdcdce0 _mkdir
0xdcdce4 strftime
0xdcdce8 _local_unwind4
0xdcdcec strncpy_s
0xdcdcf0 wcsncpy_s
0xdcdcf4 swscanf_s
0xdcdcf8 _vscprintf
0xdcdcfc _wcslwr_s
0xdcdd00 rand
0xdcdd04 srand
0xdcdd08 _time64
0xdcdd0c towlower
0xdcdd10 _strnicmp
0xdcdd14 _wcsupr_s
0xdcdd18 memcpy_s
0xdcdd1c strnlen
0xdcdd20 memmove_s
0xdcdd24 wmemcpy_s
0xdcdd28 _mbscmp
0xdcdd2c _CxxThrowException
0xdcdd30 _purecall
0xdcdd34 ??2@YAPAXI@Z
0xdcdd38 memmove
0xdcdd3c atoi
0xdcdd40 printf
0xdcdd44 isalpha
0xdcdd48 isdigit
0xdcdd4c ??_U@YAPAXI@Z
0xdcdd50 __argc
0xdcdd54 __argv
0xdcdd58 _recalloc
0xdcdd5c _initterm
0xdcdd60 _acmdln
0xdcdd64 _fmode
0xdcdd68 _commode
0xdcdd70 _invoke_watson
0xdcdd74 _controlfp_s
0xdcdd78 _lock
0xdcdd7c _unlock
0xdcdd80 _calloc_crt
0xdcdd84 __dllonexit
0xdcdd88 _splitpath_s
0xdcdd8c _onexit
0xdcdd90 ??_V@YAXPAX@Z
0xdcdd94 _crt_debugger_hook
Library CRYPT32.dll:
0xdcd924 CertGetNameStringW
Library WINTRUST.dll:
0xdcee40 WinVerifyTrust
Library WS2_32.dll:
0xdcee70 send
0xdcee74 WSACreateEvent
0xdcee78 inet_addr
0xdcee7c socket
0xdcee80 WSASetLastError
0xdcee84 setsockopt
0xdcee88 recv
0xdcee8c closesocket
0xdcee90 WSAStartup
0xdcee94 WSACloseEvent
0xdcee9c WSAGetLastError
0xdceea0 htons
0xdceea4 connect
0xdceea8 WSAEventSelect
0xdceeb0 ioctlsocket
Library MSVCP110.dll:

Exports

Ordinal Address Name
1 0x402eff ?AESDecrypt@@YAXPAE0H0H@Z
2 0x401d2f ?AESEncrypt@@YAXPAE0H0H@Z
3 0x401474 _get_error_message_s@8

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49714 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 1900
192.168.56.101 53658 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.