3.6
中危
该样本未表现出任何异常!
重新分析
更多

3c0db9b222c66430abc435ed119d17751f1c7721d9f0a9a6aa7e17c5230eeeb9

3d76f2442599095288d3712fa2b5d529.exe

分析耗时

97s

最近分析

文件大小

1.1MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .itext
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619393771.400251
__exception__
stacktrace: 
0x344b4fe
0x344b531
0x344b44e
0x33ff7f0
0x344c363
0x344cc86
0x341df22
0x340ee62
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x775a7bca
0x34448ac
0x344d04b
3d76f2442599095288d3712fa2b5d529+0x6b8f2 @ 0x46b8f2

registers.esp: 1633592
registers.edi: 0
registers.eax: 1633592
registers.ebp: 1633672
registers.edx: 0
registers.ebx: 1635348
registers.esi: 55662244
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1619393720.197251
NtAllocateVirtualMemory
process_identifier: 884
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00680000
success 0 0
1619393732.978251
NtAllocateVirtualMemory
process_identifier: 884
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02300000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Disables proxy possibly for traffic interception (1 个事件)
Time & API Arguments Status Return Repeated
1619393749.181251
RegSetValueExA
key_handle: 0x000002dc
value: 0
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
success 0 0
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (4 个事件)
dead_host 172.217.24.14:443
dead_host 157.240.12.5:443
dead_host 172.217.160.78:443
dead_host 142.250.204.142:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library oleaut32.dll:
0x4f17e0 SysFreeString
0x4f17e4 SysReAllocStringLen
0x4f17e8 SysAllocStringLen
Library advapi32.dll:
0x4f17f0 RegQueryValueExA
0x4f17f4 RegOpenKeyExA
0x4f17f8 RegCloseKey
Library user32.dll:
0x4f1800 GetKeyboardType
0x4f1804 DestroyWindow
0x4f1808 LoadStringA
0x4f180c MessageBoxA
0x4f1810 CharNextA
Library kernel32.dll:
0x4f1818 GetACP
0x4f181c Sleep
0x4f1820 VirtualFree
0x4f1824 VirtualAlloc
0x4f1828 GetTickCount
0x4f1830 GetCurrentThreadId
0x4f183c VirtualQuery
0x4f1840 WideCharToMultiByte
0x4f1844 MultiByteToWideChar
0x4f1848 lstrlenA
0x4f184c lstrcpynA
0x4f1850 LoadLibraryExA
0x4f1854 GetThreadLocale
0x4f1858 GetStartupInfoA
0x4f185c GetProcAddress
0x4f1860 GetModuleHandleA
0x4f1864 GetModuleFileNameA
0x4f1868 GetLocaleInfoA
0x4f186c GetCommandLineA
0x4f1870 FreeLibrary
0x4f1874 FindFirstFileA
0x4f1878 FindClose
0x4f187c ExitProcess
0x4f1880 ExitThread
0x4f1884 CreateThread
0x4f1888 CompareStringA
0x4f188c WriteFile
0x4f1894 RtlUnwind
0x4f1898 RaiseException
0x4f189c GetStdHandle
Library kernel32.dll:
0x4f18a4 TlsSetValue
0x4f18a8 TlsGetValue
0x4f18ac LocalAlloc
0x4f18b0 GetModuleHandleA
Library user32.dll:
0x4f18b8 CreateWindowExA
0x4f18bc WindowFromPoint
0x4f18c0 WaitMessage
0x4f18c4 UpdateWindow
0x4f18c8 UnregisterClassA
0x4f18cc UnhookWindowsHookEx
0x4f18d0 TranslateMessage
0x4f18d8 TrackPopupMenu
0x4f18e0 ShowWindow
0x4f18e4 ShowScrollBar
0x4f18e8 ShowOwnedPopups
0x4f18ec SetWindowsHookExA
0x4f18f0 SetWindowTextA
0x4f18f4 SetWindowPos
0x4f18f8 SetWindowPlacement
0x4f18fc SetWindowLongW
0x4f1900 SetWindowLongA
0x4f1904 SetTimer
0x4f1908 SetScrollRange
0x4f190c SetScrollPos
0x4f1910 SetScrollInfo
0x4f1914 SetRect
0x4f1918 SetPropA
0x4f191c SetParent
0x4f1920 SetMenuItemInfoA
0x4f1924 SetMenu
0x4f1928 SetForegroundWindow
0x4f192c SetFocus
0x4f1930 SetCursor
0x4f1934 SetClipboardData
0x4f1938 SetClassLongA
0x4f193c SetCapture
0x4f1940 SetActiveWindow
0x4f1944 SendMessageW
0x4f1948 SendMessageA
0x4f194c SendDlgItemMessageA
0x4f1950 ScrollWindow
0x4f1954 ScreenToClient
0x4f1958 RemovePropA
0x4f195c RemoveMenu
0x4f1960 ReleaseDC
0x4f1964 ReleaseCapture
0x4f1970 RegisterClassA
0x4f1974 RedrawWindow
0x4f1978 PtInRect
0x4f197c PostQuitMessage
0x4f1980 PostMessageA
0x4f1984 PeekMessageW
0x4f1988 PeekMessageA
0x4f198c OpenClipboard
0x4f1990 OffsetRect
0x4f1994 OemToCharA
0x4f199c MessageBoxA
0x4f19a0 MapWindowPoints
0x4f19a4 MapVirtualKeyA
0x4f19a8 LoadStringA
0x4f19ac LoadKeyboardLayoutA
0x4f19b0 LoadIconA
0x4f19b4 LoadCursorA
0x4f19b8 LoadBitmapA
0x4f19bc KillTimer
0x4f19c0 IsZoomed
0x4f19c4 IsWindowVisible
0x4f19c8 IsWindowUnicode
0x4f19cc IsWindowEnabled
0x4f19d0 IsWindow
0x4f19d4 IsRectEmpty
0x4f19d8 IsIconic
0x4f19dc IsDialogMessageW
0x4f19e0 IsDialogMessageA
0x4f19e4 IsChild
0x4f19e8 InvalidateRect
0x4f19ec IntersectRect
0x4f19f0 InsertMenuItemA
0x4f19f4 InsertMenuA
0x4f19f8 InflateRect
0x4f1a00 GetWindowTextA
0x4f1a04 GetWindowRect
0x4f1a08 GetWindowPlacement
0x4f1a0c GetWindowLongW
0x4f1a10 GetWindowLongA
0x4f1a14 GetWindowDC
0x4f1a18 GetTopWindow
0x4f1a1c GetSystemMetrics
0x4f1a20 GetSystemMenu
0x4f1a24 GetSysColorBrush
0x4f1a28 GetSysColor
0x4f1a2c GetSubMenu
0x4f1a30 GetScrollRange
0x4f1a34 GetScrollPos
0x4f1a38 GetScrollInfo
0x4f1a3c GetPropA
0x4f1a40 GetParent
0x4f1a44 GetWindow
0x4f1a48 GetMessagePos
0x4f1a4c GetMenuStringA
0x4f1a50 GetMenuState
0x4f1a54 GetMenuItemInfoA
0x4f1a58 GetMenuItemID
0x4f1a5c GetMenuItemCount
0x4f1a60 GetMenu
0x4f1a64 GetLastActivePopup
0x4f1a68 GetKeyboardState
0x4f1a74 GetKeyboardLayout
0x4f1a78 GetKeyState
0x4f1a7c GetKeyNameTextA
0x4f1a80 GetIconInfo
0x4f1a84 GetForegroundWindow
0x4f1a88 GetFocus
0x4f1a8c GetDesktopWindow
0x4f1a90 GetDCEx
0x4f1a94 GetDC
0x4f1a98 GetCursorPos
0x4f1a9c GetCursor
0x4f1aa0 GetClipboardData
0x4f1aa4 GetClientRect
0x4f1aa8 GetClassLongA
0x4f1aac GetClassInfoA
0x4f1ab0 GetCapture
0x4f1ab4 GetActiveWindow
0x4f1ab8 FrameRect
0x4f1abc FindWindowA
0x4f1ac0 FillRect
0x4f1ac4 EqualRect
0x4f1ac8 EnumWindows
0x4f1acc EnumThreadWindows
0x4f1ad4 EnumChildWindows
0x4f1ad8 EndPaint
0x4f1adc EnableWindow
0x4f1ae0 EnableScrollBar
0x4f1ae4 EnableMenuItem
0x4f1ae8 EmptyClipboard
0x4f1aec DrawTextA
0x4f1af0 DrawMenuBar
0x4f1af4 DrawIconEx
0x4f1af8 DrawIcon
0x4f1afc DrawFrameControl
0x4f1b00 DrawFocusRect
0x4f1b04 DrawEdge
0x4f1b08 DispatchMessageW
0x4f1b0c DispatchMessageA
0x4f1b10 DestroyWindow
0x4f1b14 DestroyMenu
0x4f1b18 DestroyIcon
0x4f1b1c DestroyCursor
0x4f1b20 DeleteMenu
0x4f1b24 DefWindowProcA
0x4f1b28 DefMDIChildProcA
0x4f1b2c DefFrameProcA
0x4f1b30 CreatePopupMenu
0x4f1b34 CreateMenu
0x4f1b38 CreateIcon
0x4f1b3c CloseClipboard
0x4f1b40 ClientToScreen
0x4f1b44 CheckMenuItem
0x4f1b48 CallWindowProcA
0x4f1b4c CallNextHookEx
0x4f1b50 BeginPaint
0x4f1b54 CharNextA
0x4f1b58 CharLowerBuffA
0x4f1b5c CharLowerA
0x4f1b60 CharToOemA
0x4f1b64 AdjustWindowRectEx
Library gdi32.dll:
0x4f1b70 UnrealizeObject
0x4f1b74 StretchBlt
0x4f1b78 SetWindowOrgEx
0x4f1b7c SetWinMetaFileBits
0x4f1b80 SetViewportOrgEx
0x4f1b84 SetTextColor
0x4f1b88 SetStretchBltMode
0x4f1b8c SetROP2
0x4f1b90 SetPixel
0x4f1b94 SetEnhMetaFileBits
0x4f1b98 SetDIBColorTable
0x4f1b9c SetBrushOrgEx
0x4f1ba0 SetBkMode
0x4f1ba4 SetBkColor
0x4f1ba8 SelectPalette
0x4f1bac SelectObject
0x4f1bb0 SaveDC
0x4f1bb4 RestoreDC
0x4f1bb8 Rectangle
0x4f1bbc RectVisible
0x4f1bc0 RealizePalette
0x4f1bc4 Polygon
0x4f1bc8 PlayEnhMetaFile
0x4f1bcc PatBlt
0x4f1bd0 MoveToEx
0x4f1bd4 MaskBlt
0x4f1bd8 LineTo
0x4f1bdc IntersectClipRect
0x4f1be0 GetWindowOrgEx
0x4f1be4 GetWinMetaFileBits
0x4f1be8 GetTextMetricsA
0x4f1bf4 GetStockObject
0x4f1bf8 GetRgnBox
0x4f1bfc GetPixel
0x4f1c00 GetPaletteEntries
0x4f1c04 GetObjectA
0x4f1c10 GetEnhMetaFileBits
0x4f1c14 GetDeviceCaps
0x4f1c18 GetDIBits
0x4f1c1c GetDIBColorTable
0x4f1c20 GetDCOrgEx
0x4f1c28 GetClipBox
0x4f1c2c GetBrushOrgEx
0x4f1c30 GetBitmapBits
0x4f1c34 ExtTextOutA
0x4f1c38 ExcludeClipRect
0x4f1c3c EndPage
0x4f1c40 EndDoc
0x4f1c44 Ellipse
0x4f1c48 DeleteObject
0x4f1c4c DeleteEnhMetaFile
0x4f1c50 DeleteDC
0x4f1c54 CreateSolidBrush
0x4f1c58 CreatePenIndirect
0x4f1c5c CreatePalette
0x4f1c60 CreateICA
0x4f1c68 CreateFontIndirectA
0x4f1c6c CreateDIBitmap
0x4f1c70 CreateDIBSection
0x4f1c74 CreateDCA
0x4f1c78 CreateCompatibleDC
0x4f1c80 CreateBrushIndirect
0x4f1c84 CreateBitmap
0x4f1c88 CopyEnhMetaFileA
0x4f1c8c BitBlt
Library version.dll:
0x4f1c94 VerQueryValueA
0x4f1c9c GetFileVersionInfoA
Library kernel32.dll:
0x4f1ca4 lstrcpyA
0x4f1ca8 WriteFile
0x4f1cac WaitForSingleObject
0x4f1cb0 VirtualQuery
0x4f1cb4 VirtualProtect
0x4f1cb8 VirtualAlloc
0x4f1cbc SizeofResource
0x4f1cc0 SetThreadPriority
0x4f1cc4 SetThreadLocale
0x4f1cc8 SetFilePointer
0x4f1ccc SetEvent
0x4f1cd0 SetErrorMode
0x4f1cd4 SetEndOfFile
0x4f1cd8 ResumeThread
0x4f1cdc ResetEvent
0x4f1ce0 ReadFile
0x4f1ce4 MulDiv
0x4f1ce8 LockResource
0x4f1cec LoadResource
0x4f1cf0 LoadLibraryA
0x4f1cfc GlobalUnlock
0x4f1d00 GlobalLock
0x4f1d04 GlobalFree
0x4f1d08 GlobalFindAtomA
0x4f1d0c GlobalDeleteAtom
0x4f1d10 GlobalAlloc
0x4f1d14 GlobalAddAtomA
0x4f1d18 GetVersionExA
0x4f1d1c GetVersion
0x4f1d20 GetTickCount
0x4f1d24 GetThreadLocale
0x4f1d28 GetStdHandle
0x4f1d2c GetProfileStringA
0x4f1d30 GetProcAddress
0x4f1d34 GetModuleHandleA
0x4f1d38 GetModuleFileNameA
0x4f1d3c GetLocaleInfoA
0x4f1d40 GetLocalTime
0x4f1d44 GetLastError
0x4f1d48 GetFullPathNameA
0x4f1d4c GetExitCodeThread
0x4f1d50 GetDiskFreeSpaceA
0x4f1d54 GetDateFormatA
0x4f1d58 GetCurrentThreadId
0x4f1d5c GetCurrentProcessId
0x4f1d60 GetCPInfo
0x4f1d64 FreeResource
0x4f1d6c InterlockedExchange
0x4f1d74 FreeLibrary
0x4f1d78 FormatMessageA
0x4f1d7c FindResourceA
0x4f1d80 EnumCalendarInfoA
0x4f1d8c CreateThread
0x4f1d90 CreateFileA
0x4f1d94 CreateEventA
0x4f1d98 CompareStringA
0x4f1d9c CloseHandle
Library advapi32.dll:
0x4f1da4 RegQueryValueExA
0x4f1da8 RegOpenKeyExA
0x4f1dac RegFlushKey
0x4f1db0 RegCloseKey
Library kernel32.dll:
0x4f1db8 Sleep
Library oleaut32.dll:
0x4f1dc0 SafeArrayPtrOfIndex
0x4f1dc4 SafeArrayGetUBound
0x4f1dc8 SafeArrayGetLBound
0x4f1dcc SafeArrayCreate
0x4f1dd0 VariantChangeType
0x4f1dd4 VariantCopy
0x4f1dd8 VariantClear
0x4f1ddc VariantInit
Library comctl32.dll:
0x4f1de4 _TrackMouseEvent
0x4f1df0 ImageList_Write
0x4f1df4 ImageList_Read
0x4f1e00 ImageList_DragMove
0x4f1e04 ImageList_DragLeave
0x4f1e08 ImageList_DragEnter
0x4f1e0c ImageList_EndDrag
0x4f1e10 ImageList_BeginDrag
0x4f1e14 ImageList_Remove
0x4f1e18 ImageList_DrawEx
0x4f1e1c ImageList_Replace
0x4f1e20 ImageList_Draw
0x4f1e2c ImageList_Add
0x4f1e34 ImageList_Destroy
0x4f1e38 ImageList_Create
0x4f1e3c InitCommonControls
Library winspool.drv:
0x4f1e44 OpenPrinterA
0x4f1e48 EnumPrintersA
0x4f1e4c DocumentPropertiesA
0x4f1e50 ClosePrinter
Library comdlg32.dll:
0x4f1e58 ChooseFontA
0x4f1e5c ChooseColorA
Library UrL:
0x4f1e64 InetIsOffline

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57236 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.