SmartHawk

2.2

中危

该样本未表现出任何异常！

重新分析

下载样本

ee5e9eb31ada3a11410538eee710d4b82391fee0fd1cce5c271f940024d766b1

3ed04758af7d663284b801cf5c286c4f.exe

分析耗时

85s

Time & API	Arguments	Status	Return	Repeated
1620757628.353999 NtProtectVirtualMemory	process_identifier: 2976 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffffffffffff base_address: 0x000007fefc481000	success	0	0

Time & API	Arguments	Status	Return	Repeated
1620757613.776249 GetDiskFreeSpaceExW	root_path: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\ free_bytes_available: 19605467136 total_number_of_free_bytes: 19605467136 total_number_of_bytes: 34252779520	success	1	0

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2010-01-14 03:04:57

Imports

Library VERSION.dll:

• 0x48b570 VerQueryValueA

• 0x48b574 GetFileVersionInfoSizeA

• 0x48b578 GetFileVersionInfoA

Library SHELL32.dll:

• 0x48b408 SHGetSpecialFolderLocation

• 0x48b40c ShellExecuteExA

• 0x48b410 SHGetMalloc

• 0x48b414 SHGetPathFromIDListA

• 0x48b418 ShellExecuteA

• 0x48b41c SHBrowseForFolderA

Library COMCTL32.dll:

• 0x48b064

Library KERNEL32.dll:

• 0x48b11c CompareStringA

• 0x48b120 CompareStringW

• 0x48b124 GetVersionExA

• 0x48b128 LoadLibraryA

• 0x48b12c FreeLibrary

• 0x48b130 GetProcAddress

• 0x48b134 GetSystemDefaultLangID

• 0x48b138 lstrcmpA

• 0x48b13c lstrcmpiA

• 0x48b140 VerLanguageNameA

• 0x48b144 MoveFileA

• 0x48b148 FindClose

• 0x48b14c FindNextFileA

• 0x48b150 CompareFileTime

• 0x48b154 FindFirstFileA

• 0x48b158 GetSystemTimeAsFileTime

• 0x48b15c SetFileAttributesA

• 0x48b160 GetPrivateProfileStringA

• 0x48b164 CreateDirectoryA

• 0x48b168 LocalFree

• 0x48b16c FormatMessageA

• 0x48b170 GetSystemInfo

• 0x48b174 MulDiv

• 0x48b178 IsValidLocale

• 0x48b17c GetVersion

• 0x48b180 GetModuleHandleA

• 0x48b184 GetFileAttributesA

• 0x48b188 IsBadReadPtr

• 0x48b18c VirtualQuery

• 0x48b190 FlushFileBuffers

• 0x48b194 SetEndOfFile

• 0x48b198 GetDiskFreeSpaceA

• 0x48b19c GetDriveTypeA

• 0x48b1a0 GetExitCodeProcess

• 0x48b1a4 GetCurrentThread

• 0x48b1a8 GetTempFileNameA

• 0x48b1ac lstrcatA

• 0x48b1b0 CreateEventA

• 0x48b1b4 QueryPerformanceFrequency

• 0x48b1b8 InterlockedDecrement

• 0x48b1bc InterlockedIncrement

• 0x48b1c0 CopyFileA

• 0x48b1c4 CreateThread

• 0x48b1c8 GetExitCodeThread

• 0x48b1cc GetTickCount

• 0x48b1d0 GlobalFree

• 0x48b1d4 FindResourceA

• 0x48b1d8 LoadResource

• 0x48b1dc SizeofResource

• 0x48b1e0 GlobalAlloc

• 0x48b1e4 LockResource

• 0x48b1e8 GlobalLock

• 0x48b1ec GlobalUnlock

• 0x48b1f0 ExpandEnvironmentStringsA

• 0x48b1f4 GetTempPathA

• 0x48b1f8 SetErrorMode

• 0x48b1fc GetWindowsDirectoryA

• 0x48b200 lstrcpyA

• 0x48b204 GetSystemDirectoryA

• 0x48b208 SetEnvironmentVariableA

• 0x48b20c GetLocaleInfoW

• 0x48b210 GetTimeZoneInformation

• 0x48b214 SetStdHandle

• 0x48b218 SetConsoleCtrlHandler

• 0x48b21c IsBadCodePtr

• 0x48b220 GetStringTypeW

• 0x48b224 GetStringTypeA

• 0x48b228 GetUserDefaultLCID

• 0x48b22c EnumSystemLocalesA

• 0x48b230 IsValidCodePage

• 0x48b234 GetFileType

• 0x48b238 GetStdHandle

• 0x48b23c SetHandleCount

• 0x48b240 GetEnvironmentStringsW

• 0x48b244 GetEnvironmentStrings

• 0x48b248 FreeEnvironmentStringsW

• 0x48b24c FreeEnvironmentStringsA

• 0x48b250 UnhandledExceptionFilter

• 0x48b254 IsBadWritePtr

• 0x48b258 VirtualAlloc

• 0x48b25c VirtualFree

• 0x48b260 HeapCreate

• 0x48b264 HeapDestroy

• 0x48b268 GetEnvironmentVariableA

• 0x48b26c GetOEMCP

• 0x48b270 GetACP

• 0x48b274 GetCPInfo

• 0x48b278 SetUnhandledExceptionFilter

• 0x48b27c LCMapStringW

• 0x48b280 LCMapStringA

• 0x48b284 FatalAppExitA

• 0x48b288 TlsGetValue

• 0x48b28c TlsFree

• 0x48b290 TlsAlloc

• 0x48b294 TlsSetValue

• 0x48b298 GetCurrentThreadId

• 0x48b29c HeapSize

• 0x48b2a0 HeapReAlloc

• 0x48b2a4 GetCommandLineA

• 0x48b2a8 GetStartupInfoA

• 0x48b2ac SetCurrentDirectoryA

• 0x48b2b0 CreateProcessA

• 0x48b2b4 WaitForSingleObject

• 0x48b2b8 ExitProcess

• 0x48b2bc GetCurrentProcess

• 0x48b2c0 DuplicateHandle

• 0x48b2c4 GetThreadContext

• 0x48b2c8 VirtualProtectEx

• 0x48b2cc WriteProcessMemory

• 0x48b2d0 FlushInstructionCache

• 0x48b2d4 GetShortPathNameA

• 0x48b2d8 SetThreadContext

• 0x48b2dc ResumeThread

• 0x48b2e0 DeleteFileA

• 0x48b2e4 Sleep

• 0x48b2e8 RemoveDirectoryA

• 0x48b2ec IsDBCSLeadByte

• 0x48b2f0 SetFilePointer

• 0x48b2f4 GetProcessHeap

• 0x48b2f8 HeapAlloc

• 0x48b2fc ReadFile

• 0x48b300 lstrlenW

• 0x48b304 HeapFree

• 0x48b308 WriteFile

• 0x48b30c lstrcpynA

• 0x48b310 GetModuleFileNameA

• 0x48b314 MultiByteToWideChar

• 0x48b318 WideCharToMultiByte

• 0x48b31c CreateFileA

• 0x48b320 GetFileSize

• 0x48b324 CreateFileMappingA

• 0x48b328 MapViewOfFile

• 0x48b32c UnmapViewOfFile

• 0x48b330 CloseHandle

• 0x48b334 lstrlenA

• 0x48b338 GetLastError

• 0x48b33c SetLastError

• 0x48b340 WritePrivateProfileSectionA

• 0x48b344 GetPrivateProfileSectionA

• 0x48b348 MoveFileExA

• 0x48b34c GetLocaleInfoA

• 0x48b350 RtlUnwind

• 0x48b354 FreeResource

• 0x48b358 GetPrivateProfileIntA

• 0x48b35c GetPrivateProfileSectionNamesA

• 0x48b360 SystemTimeToFileTime

• 0x48b364 QueryPerformanceCounter

• 0x48b368 SetEvent

• 0x48b36c ResetEvent

• 0x48b370 SearchPathA

• 0x48b374 VirtualProtect

• 0x48b378 GetCurrentProcessId

• 0x48b37c FindResourceExA

• 0x48b380 LoadLibraryExA

• 0x48b384 GetDateFormatA

• 0x48b388 GetTimeFormatA

• 0x48b38c GetLocalTime

• 0x48b390 TerminateProcess

• 0x48b394 GetProcessTimes

• 0x48b398 OpenProcess

• 0x48b39c GetCurrentDirectoryA

• 0x48b3a0 LeaveCriticalSection

• 0x48b3a4 DeleteCriticalSection

• 0x48b3a8 LocalAlloc

• 0x48b3ac InterlockedExchange

• 0x48b3b0 RaiseException

• 0x48b3b4 EnterCriticalSection

• 0x48b3b8 InitializeCriticalSection

Library USER32.dll:

• 0x48b424 wvsprintfA

• 0x48b428 MoveWindow

• 0x48b42c LoadImageA

• 0x48b430 CreateDialogParamA

• 0x48b434 SetCursor

• 0x48b438 GetWindow

• 0x48b43c GetDlgItemTextA

• 0x48b440 SetFocus

• 0x48b444 EnableWindow

• 0x48b448 SetDlgItemTextA

• 0x48b44c SetForegroundWindow

• 0x48b450 SetActiveWindow

• 0x48b454 GetDlgCtrlID

• 0x48b458 GetDC

• 0x48b45c FillRect

• 0x48b460 GetSysColor

• 0x48b464 GetSysColorBrush

• 0x48b468 IsDialogMessageA

• 0x48b46c SendMessageA

• 0x48b470 GetWindowRect

• 0x48b474 GetSystemMetrics

• 0x48b478 SetRect

• 0x48b47c FindWindowA

• 0x48b480 IntersectRect

• 0x48b484 SubtractRect

• 0x48b488 IsWindow

• 0x48b48c DestroyWindow

• 0x48b490 CreateDialogIndirectParamA

• 0x48b494 CharNextA

• 0x48b498 CharPrevA

• 0x48b49c WaitForInputIdle

• 0x48b4a0 GetWindowLongA

• 0x48b4a4 BeginPaint

• 0x48b4a8 EndPaint

• 0x48b4ac SetWindowLongA

• 0x48b4b0 GetClientRect

• 0x48b4b4 ClientToScreen

• 0x48b4b8 SetWindowPos

• 0x48b4bc ExitWindowsEx

• 0x48b4c0 CharUpperA

• 0x48b4c4 UpdateWindow

• 0x48b4c8 InvalidateRect

• 0x48b4cc SetPropA

• 0x48b4d0 DrawIcon

• 0x48b4d4 MapDialogRect

• 0x48b4d8 GetClassNameA

• 0x48b4dc CallWindowProcA

• 0x48b4e0 RemovePropA

• 0x48b4e4 GetPropA

• 0x48b4e8 DrawFocusRect

• 0x48b4ec InflateRect

• 0x48b4f0 DrawTextA

• 0x48b4f4 GetWindowTextA

• 0x48b4f8 CopyRect

• 0x48b4fc EnumChildWindows

• 0x48b500 MapWindowPoints

• 0x48b504 ScreenToClient

• 0x48b508 GetWindowDC

• 0x48b50c ReleaseDC

• 0x48b510 EndDialog

• 0x48b514 SetWindowTextA

• 0x48b518 GetDlgItem

• 0x48b51c ShowWindow

• 0x48b520 DialogBoxIndirectParamA

• 0x48b524 GetDesktopWindow

• 0x48b528 wsprintfA

• 0x48b52c MsgWaitForMultipleObjects

• 0x48b530 PeekMessageA

• 0x48b534 DefWindowProcA

• 0x48b538 PostMessageA

• 0x48b53c KillTimer

• 0x48b540 PostQuitMessage

• 0x48b544 SetTimer

• 0x48b548 LoadIconA

• 0x48b54c LoadCursorA

• 0x48b550 RegisterClassA

• 0x48b554 CreateWindowExA

• 0x48b558 GetMessageA

• 0x48b55c TranslateMessage

• 0x48b560 DispatchMessageA

• 0x48b564 SendDlgItemMessageA

• 0x48b568 MessageBoxA

Library GDI32.dll:

• 0x48b06c UnrealizeObject

• 0x48b070 SelectPalette

• 0x48b074 RealizePalette

• 0x48b078 TranslateCharsetInfo

• 0x48b07c GetSystemPaletteEntries

• 0x48b080 CreatePalette

• 0x48b084 CreateHalftonePalette

• 0x48b088 CreateFontA

• 0x48b08c GetDIBColorTable

• 0x48b090 SetTextColor

• 0x48b094 GetDeviceCaps

• 0x48b098 CreateFontIndirectA

• 0x48b09c CreateSolidBrush

• 0x48b0a0 CreateCompatibleDC

• 0x48b0a4 SelectObject

• 0x48b0a8 BitBlt

• 0x48b0ac DeleteDC

• 0x48b0b0 CreateDIBitmap

• 0x48b0b4 DeleteObject

• 0x48b0b8 GetStockObject

• 0x48b0bc CreateCompatibleBitmap

• 0x48b0c0 CreateDCA

• 0x48b0c4 RestoreDC

• 0x48b0c8 GetTextExtentPoint32A

• 0x48b0cc SaveDC

• 0x48b0d0 CreatePatternBrush

• 0x48b0d4 SetMetaFileBitsEx

• 0x48b0d8 SetStretchBltMode

• 0x48b0dc SelectClipRgn

• 0x48b0e0 CreateRectRgn

• 0x48b0e4 SetPixel

• 0x48b0e8 PatBlt

• 0x48b0ec PlayMetaFile

• 0x48b0f0 SetBkColor

• 0x48b0f4 StretchBlt

• 0x48b0f8 CreateBitmap

• 0x48b0fc SetViewportExtEx

• 0x48b100 SetViewportOrgEx

• 0x48b104 SetWindowExtEx

• 0x48b108 SetWindowOrgEx

• 0x48b10c SetMapMode

• 0x48b110 SetBkMode

• 0x48b114 GetObjectA

Library ADVAPI32.dll:

• 0x48b000 OpenThreadToken

• 0x48b004 OpenProcessToken

• 0x48b008 GetTokenInformation

• 0x48b00c LookupPrivilegeValueA

• 0x48b010 AdjustTokenPrivileges

• 0x48b014 RegCreateKeyA

• 0x48b018 RegOpenKeyA

• 0x48b01c RegEnumKeyA

• 0x48b020 RegDeleteKeyA

• 0x48b024 RegEnumKeyExA

• 0x48b028 AllocateAndInitializeSid

• 0x48b02c EqualSid

• 0x48b030 FreeSid

• 0x48b034 InitializeSecurityDescriptor

• 0x48b038 SetSecurityDescriptorOwner

• 0x48b03c SetSecurityDescriptorGroup

• 0x48b040 SetSecurityDescriptorDacl

• 0x48b044 RegEnumValueA

• 0x48b048 RegCreateKeyExA

• 0x48b04c RegSetValueExA

• 0x48b050 RegDeleteValueA

• 0x48b054 RegOpenKeyExA

• 0x48b058 RegQueryValueExA

• 0x48b05c RegCloseKey

Library ole32.dll:

• 0x48b580 StringFromCLSID

• 0x48b584 CoCreateInstance

• 0x48b588 CLSIDFromProgID

• 0x48b58c ProgIDFromCLSID

• 0x48b590 CoTaskMemFree

• 0x48b594 CoInitializeSecurity

• 0x48b598 CoUninitialize

• 0x48b59c CoInitialize

• 0x48b5a0 CoCreateGuid

• 0x48b5a4 CreateItemMoniker

• 0x48b5a8 StringFromGUID2

• 0x48b5ac GetRunningObjectTable

Library OLEAUT32.dll:

• 0x48b3c0 SysFreeString

• 0x48b3c4 LoadTypeLib

• 0x48b3c8 GetErrorInfo

• 0x48b3cc VariantChangeType

• 0x48b3d0 VariantClear

• 0x48b3d4 SysAllocString

• 0x48b3d8 SysStringLen

• 0x48b3dc SysReAllocStringLen

• 0x48b3e0 SysAllocStringLen

• 0x48b3e4 SetErrorInfo

• 0x48b3e8 CreateErrorInfo

• 0x48b3ec RegisterTypeLib

Library RPCRT4.dll:

• 0x48b3f4 UuidFromStringA

• 0x48b3f8 UuidCreate

• 0x48b3fc UuidToStringA

• 0x48b400 RpcStringFreeA

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
clients2.google.com	A 172.217.160.78 CNAME clients.l.google.com	172.217.160.78
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	63429	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	50537	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.