5.6
高危
该样本未表现出任何异常!
重新分析
更多

09fba7f75c75434d48f8bcb00de3a019dfe73f90004faf8b86af747b37783bae

3ea7229fdf9e10687d9aff538f9ab1d1.exe

分析耗时

94s

最近分析

文件大小

156.0KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619406287.285374
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (5 个事件)
Time & API Arguments Status Return Repeated
1619406275.598374
CryptGenKey
crypto_handle: 0x009880f8
algorithm_identifier: 0x0000660e ()
provider_handle: 0x008c1188
flags: 1
key: fS¥XKVè×zų‡9c
success 1 0
1619406287.332374
CryptExportKey
crypto_handle: 0x009880f8
crypto_export_handle: 0x009880b8
buffer: f¤6 ñ '¤Ýpiô.ÀÛ6œ2*Eå•É^a7÷1¨úòÍz€hç?d[ê Ó³ ÞÖ掩Y¾¢ª‡S†A@⺒<ãÓÍ4Ìï8¤K¨KEÆm¦ô؅–Á
blob_type: 1
flags: 64
success 1 0
1619406315.535374
CryptExportKey
crypto_handle: 0x009880f8
crypto_export_handle: 0x009880b8
buffer: f¤]|l78]ÉÄ0ƕ‹¿oðœ¶^F†³èW¸ä`ÝýK­¹@•Ô7À…1qOÇp¬rAŸ5¤aÛo(8FïâPHÓ³û ¯£l]z¤vò:€¬ÖSêáL®`
blob_type: 1
flags: 64
success 1 0
1619406321.238374
CryptExportKey
crypto_handle: 0x009880f8
crypto_export_handle: 0x009880b8
buffer: f¤ û%ãMŽ®»°—j’Ô™Vë·9¤qN‘K²Â×ó¸8€µÄ˜"p ñœR¢@> i¼gžL„vVÌ^°“e7ãËKàpÝߏO½2D좌Š²@$ÄAq ܯC»´
blob_type: 1
flags: 64
success 1 0
1619406326.129374
CryptExportKey
crypto_handle: 0x009880f8
crypto_export_handle: 0x009880b8
buffer: f¤WóC:/‚fèX¹­š¡Öârv?ëtiÂìš2Ìýª*$~±ŸªbÌ Áf&F©I^.’6Yä²²ŽÑ‚“z(ÏM«¥«u¼L¡¤–X˜{Í”<Xè@ÕkÿÚ:›c!
blob_type: 1
flags: 64
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1619406274.707374
NtAllocateVirtualMemory
process_identifier: 3056
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003c0000
success 0 0
1619406274.832374
NtAllocateVirtualMemory
process_identifier: 3056
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x005c0000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619406287.988374
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 6.989050048202888 section {'size_of_data': '0x0000d000', 'virtual_address': '0x0001b000', 'entropy': 6.989050048202888, 'name': '.rsrc', 'virtual_size': '0x0000c9c0'} description A section with a high entropy has been found
entropy 0.34210526315789475 description Overall entropy of this PE file is high
Expresses interest in specific running processes (1 个事件)
process 3ea7229fdf9e10687d9aff538f9ab1d1.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619406287.676374
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (5 个事件)
host 118.110.236.121
host 149.202.5.139
host 153.92.4.96
host 172.217.24.14
host 51.75.163.68
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619406290.645374
RegSetValueExA
key_handle: 0x00000380
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619406290.645374
RegSetValueExA
key_handle: 0x00000380
value: Pèçl:×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619406290.645374
RegSetValueExA
key_handle: 0x00000380
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619406290.645374
RegSetValueExW
key_handle: 0x00000380
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619406290.645374
RegSetValueExA
key_handle: 0x00000398
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619406290.645374
RegSetValueExA
key_handle: 0x00000398
value: Pèçl:×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619406290.645374
RegSetValueExA
key_handle: 0x00000398
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619406290.660374
RegSetValueExW
key_handle: 0x0000037c
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (9 个事件)
dead_host 149.202.5.139:443
dead_host 172.217.160.110:443
dead_host 118.110.236.121:8080
dead_host 192.168.56.101:49189
dead_host 153.92.4.96:8080
dead_host 192.168.56.101:49188
dead_host 172.217.24.14:443
dead_host 216.58.200.238:443
dead_host 51.75.163.68:7080
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-09-01 21:54:15

Imports

Library MFC42.DLL:
0x415050
0x415054
0x415058
0x41505c
0x415060
0x415064
0x415068
0x41506c
0x415070
0x415074
0x415078
0x41507c
0x415080
0x415084
0x415088
0x41508c
0x415090
0x415094
0x415098
0x41509c
0x4150a0
0x4150a4
0x4150a8
0x4150ac
0x4150b0
0x4150b4
0x4150b8
0x4150bc
0x4150c0
0x4150c4
0x4150c8
0x4150cc
0x4150d0
0x4150d4
0x4150d8
0x4150dc
0x4150e0
0x4150e4
0x4150e8
0x4150ec
0x4150f0
0x4150f4
0x4150f8
0x4150fc
0x415100
0x415104
0x415108
0x41510c
0x415110
0x415114
0x415118
0x41511c
0x415120
0x415124
0x415128
0x41512c
0x415130
0x415134
0x415138
0x41513c
0x415140
0x415144
0x415148
0x41514c
0x415150
0x415154
0x415158
0x41515c
0x415160
0x415164
0x415168
0x41516c
0x415170
0x415174
0x415178
0x41517c
0x415180
0x415184
0x415188
0x41518c
0x415190
0x415194
0x415198
0x41519c
0x4151a0
0x4151a4
0x4151a8
0x4151ac
0x4151b0
0x4151b4
0x4151b8
0x4151bc
0x4151c0
0x4151c4
0x4151c8
0x4151cc
0x4151d0
0x4151d4
0x4151d8
0x4151dc
0x4151e0
0x4151e4
0x4151e8
0x4151ec
0x4151f0
0x4151f4
0x4151f8
0x4151fc
0x415200
0x415204
0x415208
0x41520c
0x415210
0x415214
0x415218
0x41521c
0x415220
0x415224
0x415228
0x41522c
0x415230
0x415234
0x415238
0x41523c
0x415240
0x415244
0x415248
0x41524c
0x415250
0x415254
0x415258
0x41525c
0x415260
0x415264
0x415268
0x41526c
0x415270
0x415274
0x415278
0x41527c
0x415280
0x415284
0x415288
0x41528c
0x415290
0x415294
0x415298
0x41529c
0x4152a0
0x4152a4
0x4152a8
0x4152ac
0x4152b0
0x4152b4
0x4152b8
0x4152bc
0x4152c0
0x4152c4
0x4152c8
0x4152cc
0x4152d0
0x4152d4
0x4152d8
0x4152dc
0x4152e0
0x4152e4
0x4152e8
0x4152ec
0x4152f0
0x4152f4
0x4152f8
0x4152fc
0x415300
0x415304
0x415308
0x41530c
0x415310
0x415314
0x415318
0x41531c
0x415320
0x415324
0x415328
0x41532c
0x415330
0x415334
0x415338
0x41533c
0x415340
0x415344
0x415348
0x41534c
0x415350
0x415354
0x415358
0x41535c
0x415360
0x415364
0x415368
0x41536c
0x415370
0x415374
0x415378
0x41537c
0x415380
0x415384
0x415388
0x41538c
0x415390
0x415394
0x415398
0x41539c
0x4153a0
0x4153a4
0x4153a8
0x4153ac
0x4153b0
0x4153b4
0x4153b8
0x4153bc
0x4153c0
0x4153c4
0x4153c8
0x4153cc
0x4153d0
0x4153d4
0x4153d8
0x4153dc
0x4153e0
0x4153e4
0x4153e8
0x4153ec
0x4153f0
0x4153f4
0x4153f8
0x4153fc
0x415400
0x415404
0x415408
0x41540c
0x415410
0x415414
0x415418
0x41541c
0x415420
0x415424
0x415428
0x41542c
0x415430
0x415434
0x415438
0x41543c
0x415440
0x415444
0x415448
0x41544c
0x415450
0x415454
0x415458
0x41545c
0x415460
0x415464
0x415468
0x41546c
0x415470
0x415474
0x415478
0x41547c
0x415480
0x415484
0x415488
0x41548c
0x415490
0x415494
0x415498
0x41549c
0x4154a0
0x4154a4
0x4154a8
0x4154ac
0x4154b0
0x4154b4
0x4154b8
0x4154bc
0x4154c0
0x4154c4
0x4154c8
0x4154cc
0x4154d0
0x4154d4
0x4154d8
0x4154dc
0x4154e0
0x4154e4
0x4154e8
0x4154ec
0x4154f0
0x4154f4
0x4154f8
0x4154fc
0x415500
0x415504
0x415508
0x41550c
0x415510
0x415514
0x415518
0x41551c
0x415520
0x415524
0x415528
0x41552c
0x415530
0x415534
0x415538
0x41553c
0x415540
0x415544
0x415548
0x41554c
0x415550
0x415554
0x415558
0x41555c
0x415560
0x415564
0x415568
0x41556c
0x415570
0x415574
0x415578
0x41557c
0x415580
0x415584
0x415588
0x41558c
0x415590
0x415594
0x415598
0x41559c
0x4155a0
0x4155a4
0x4155a8
0x4155ac
0x4155b0
0x4155b4
0x4155b8
0x4155bc
0x4155c0
0x4155c4
0x4155c8
0x4155cc
0x4155d0
0x4155d4
0x4155d8
0x4155dc
0x4155e0
0x4155e4
Library MSVCRT.dll:
0x41560c __getmainargs
0x415610 _acmdln
0x415614 exit
0x415618 _XcptFilter
0x41561c _exit
0x415620 _initterm
0x415624 __dllonexit
0x415628 div
0x41562c _mbscmp
0x415630 malloc
0x415634 _setmbcp
0x415638 __setusermatherr
0x41563c _adjust_fdiv
0x415640 __p__commode
0x415644 __p__fmode
0x415648 _controlfp
0x41564c _except_handler3
0x415650 _onexit
0x415654 __CxxFrameHandler
0x415658 _EH_prolog
0x41565c __set_app_type
0x415660 atoi
0x415664 memcpy
0x415668 memset
Library KERNEL32.dll:
0x415014 LoadLibraryW
0x415018 VirtualAlloc
0x41501c WideCharToMultiByte
0x415020 LockResource
0x415024 GetProcAddress
0x415028 FindResourceA
0x41502c GetModuleHandleA
0x415030 GetStartupInfoA
0x415034 GetLastError
0x415038 ExitProcess
0x41503c GlobalLock
0x415040 LoadResource
0x415044 GlobalFree
0x415048 GlobalUnlock
Library USER32.dll:
0x415670 UpdateWindow
0x415674 SetCapture
0x415678 GetCapture
0x41567c SetRectEmpty
0x415680 IsWindow
0x415684 GetClientRect
0x415688 InvalidateRect
0x41568c GetActiveWindow
0x415690 PostMessageA
0x415694 PtInRect
0x415698 IntersectRect
0x41569c GetDCEx
0x4156a0 GetDC
0x4156a4 GetMessageA
0x4156a8 EqualRect
0x4156ac ReleaseDC
0x4156b0 ReleaseCapture
0x4156b4 LoadCursorA
0x4156b8 SetCursor
0x4156c0 EnableWindow
0x4156c4 CopyRect
0x4156c8 SendMessageA
0x4156cc MapDialogRect
0x4156d0 GetWindowRect
0x4156d4 DispatchMessageA
Library GDI32.dll:
0x415000 GetStockObject
0x415004 GetObjectA
0x415008 CreateFontIndirectA
0x41500c SetPixel
Library MSVCP60.dll:

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57236 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.