5.6
高危
该样本未表现出任何异常!
重新分析
更多

a405c8cf0c233bddd6849726247d1426589e3a709e0a0378be86d93868fac48c

3f4f53f1ab6fcb15e70eb577a45a2c46.exe

分析耗时

76s

最近分析

文件大小

649.5KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .itext
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619384592.734625
__exception__
stacktrace: 
0x3299562
DriverCallback+0x4e waveOutOpen-0xa2e winmm+0x3af0 @ 0x74693af0
timeEndPeriod+0x54a timeKillEvent-0x57 winmm+0xa535 @ 0x7469a535
timeEndPeriod+0x449 timeKillEvent-0x158 winmm+0xa434 @ 0x7469a434
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 56753180
registers.edi: 56753224
registers.eax: 0
registers.ebp: 56753776
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 4294967294
exception.instruction_r: 8b 40 3c 99 03 04 24 13 54 24 04 83 c4 08 89 44
exception.instruction: mov eax, dword ptr [eax + 0x3c]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x3298c2c
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619384552.468625
NtAllocateVirtualMemory
process_identifier: 1544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01ce0000
success 0 0
Downloads a file or document from Google Drive (1 个事件)
domain drive.google.com
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619384569.046625
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 203.208.41.34
Disables proxy possibly for traffic interception (1 个事件)
Time & API Arguments Status Return Repeated
1619384568.796625
RegSetValueExA
key_handle: 0x000002d4
value: 0
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
success 0 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619384571.593625
RegSetValueExA
key_handle: 0x000003c8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619384571.609625
RegSetValueExA
key_handle: 0x000003c8
value: ž›t:×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619384571.609625
RegSetValueExA
key_handle: 0x000003c8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619384571.609625
RegSetValueExW
key_handle: 0x000003c8
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619384571.609625
RegSetValueExA
key_handle: 0x000003e4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619384571.609625
RegSetValueExA
key_handle: 0x000003e4
value: ž›t:×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619384571.609625
RegSetValueExA
key_handle: 0x000003e4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619384571.640625
RegSetValueExW
key_handle: 0x000003c4
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Network activity contains more than one unique useragent (2 个事件)
process 3f4f53f1ab6fcb15e70eb577a45a2c46.exe useragent Internal
process 3f4f53f1ab6fcb15e70eb577a45a2c46.exe useragent CODE
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 199.96.59.19:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library oleaut32.dll:
0x47c790 SysFreeString
0x47c794 SysReAllocStringLen
0x47c798 SysAllocStringLen
Library advapi32.dll:
0x47c7a0 RegQueryValueExA
0x47c7a4 RegOpenKeyExA
0x47c7a8 RegCloseKey
Library user32.dll:
0x47c7b0 GetKeyboardType
0x47c7b4 DestroyWindow
0x47c7b8 LoadStringA
0x47c7bc MessageBoxA
0x47c7c0 CharNextA
Library kernel32.dll:
0x47c7c8 GetACP
0x47c7cc Sleep
0x47c7d0 VirtualFree
0x47c7d4 VirtualAlloc
0x47c7d8 GetTickCount
0x47c7e0 GetCurrentThreadId
0x47c7ec VirtualQuery
0x47c7f0 WideCharToMultiByte
0x47c7f4 MultiByteToWideChar
0x47c7f8 lstrlenA
0x47c7fc lstrcpynA
0x47c800 LoadLibraryExA
0x47c804 GetThreadLocale
0x47c808 GetStartupInfoA
0x47c80c GetProcAddress
0x47c810 GetModuleHandleA
0x47c814 GetModuleFileNameA
0x47c818 GetLocaleInfoA
0x47c81c GetCommandLineA
0x47c820 FreeLibrary
0x47c824 FindFirstFileA
0x47c828 FindClose
0x47c82c ExitProcess
0x47c830 CompareStringA
0x47c834 WriteFile
0x47c83c RtlUnwind
0x47c840 RaiseException
0x47c844 GetStdHandle
Library kernel32.dll:
0x47c84c TlsSetValue
0x47c850 TlsGetValue
0x47c854 LocalAlloc
0x47c858 GetModuleHandleA
Library user32.dll:
0x47c860 CreateWindowExA
0x47c864 WindowFromPoint
0x47c868 WaitMessage
0x47c86c UpdateWindow
0x47c870 UnregisterClassA
0x47c874 UnhookWindowsHookEx
0x47c878 TranslateMessage
0x47c880 TrackPopupMenu
0x47c888 ShowWindow
0x47c88c ShowScrollBar
0x47c890 ShowOwnedPopups
0x47c894 SetWindowsHookExA
0x47c898 SetWindowTextA
0x47c89c SetWindowPos
0x47c8a0 SetWindowPlacement
0x47c8a4 SetWindowLongW
0x47c8a8 SetWindowLongA
0x47c8ac SetTimer
0x47c8b0 SetScrollRange
0x47c8b4 SetScrollPos
0x47c8b8 SetScrollInfo
0x47c8bc SetRect
0x47c8c0 SetPropA
0x47c8c4 SetParent
0x47c8c8 SetMenuItemInfoA
0x47c8cc SetMenu
0x47c8d0 SetForegroundWindow
0x47c8d4 SetFocus
0x47c8d8 SetCursor
0x47c8dc SetClassLongA
0x47c8e0 SetCapture
0x47c8e4 SetActiveWindow
0x47c8e8 SendMessageW
0x47c8ec SendMessageA
0x47c8f0 ScrollWindow
0x47c8f4 ScreenToClient
0x47c8f8 RemovePropA
0x47c8fc RemoveMenu
0x47c900 ReleaseDC
0x47c904 ReleaseCapture
0x47c910 RegisterClassA
0x47c914 RedrawWindow
0x47c918 PtInRect
0x47c91c PostQuitMessage
0x47c920 PostMessageA
0x47c924 PeekMessageW
0x47c928 PeekMessageA
0x47c92c OffsetRect
0x47c930 OemToCharA
0x47c934 MessageBoxA
0x47c938 MapWindowPoints
0x47c93c MapVirtualKeyA
0x47c940 LoadStringA
0x47c944 LoadKeyboardLayoutA
0x47c948 LoadIconA
0x47c94c LoadCursorA
0x47c950 LoadBitmapA
0x47c954 KillTimer
0x47c958 IsZoomed
0x47c95c IsWindowVisible
0x47c960 IsWindowUnicode
0x47c964 IsWindowEnabled
0x47c968 IsWindow
0x47c96c IsRectEmpty
0x47c970 IsIconic
0x47c974 IsDialogMessageW
0x47c978 IsDialogMessageA
0x47c97c IsChild
0x47c980 InvalidateRect
0x47c984 IntersectRect
0x47c988 InsertMenuItemA
0x47c98c InsertMenuA
0x47c990 InflateRect
0x47c998 GetWindowTextA
0x47c99c GetWindowRect
0x47c9a0 GetWindowPlacement
0x47c9a4 GetWindowLongW
0x47c9a8 GetWindowLongA
0x47c9ac GetWindowDC
0x47c9b0 GetTopWindow
0x47c9b4 GetSystemMetrics
0x47c9b8 GetSystemMenu
0x47c9bc GetSysColorBrush
0x47c9c0 GetSysColor
0x47c9c4 GetSubMenu
0x47c9c8 GetScrollRange
0x47c9cc GetScrollPos
0x47c9d0 GetScrollInfo
0x47c9d4 GetPropA
0x47c9d8 GetParent
0x47c9dc GetWindow
0x47c9e0 GetMessagePos
0x47c9e4 GetMenuStringA
0x47c9e8 GetMenuState
0x47c9ec GetMenuItemInfoA
0x47c9f0 GetMenuItemID
0x47c9f4 GetMenuItemCount
0x47c9f8 GetMenu
0x47c9fc GetLastActivePopup
0x47ca00 GetKeyboardState
0x47ca0c GetKeyboardLayout
0x47ca10 GetKeyState
0x47ca14 GetKeyNameTextA
0x47ca18 GetIconInfo
0x47ca1c GetForegroundWindow
0x47ca20 GetFocus
0x47ca24 GetDesktopWindow
0x47ca28 GetDCEx
0x47ca2c GetDC
0x47ca30 GetCursorPos
0x47ca34 GetCursor
0x47ca38 GetClientRect
0x47ca3c GetClassLongA
0x47ca40 GetClassInfoA
0x47ca44 GetCapture
0x47ca48 GetActiveWindow
0x47ca4c FrameRect
0x47ca50 FindWindowA
0x47ca54 FillRect
0x47ca58 EqualRect
0x47ca5c EnumWindows
0x47ca60 EnumThreadWindows
0x47ca64 EnumChildWindows
0x47ca68 EndPaint
0x47ca6c EndDeferWindowPos
0x47ca70 EnableWindow
0x47ca74 EnableScrollBar
0x47ca78 EnableMenuItem
0x47ca7c DrawTextA
0x47ca80 DrawMenuBar
0x47ca84 DrawIconEx
0x47ca88 DrawIcon
0x47ca8c DrawFrameControl
0x47ca90 DrawEdge
0x47ca94 DispatchMessageW
0x47ca98 DispatchMessageA
0x47ca9c DestroyWindow
0x47caa0 DestroyMenu
0x47caa4 DestroyIcon
0x47caa8 DestroyCursor
0x47caac DeleteMenu
0x47cab0 DeferWindowPos
0x47cab4 DefWindowProcA
0x47cab8 DefMDIChildProcA
0x47cabc DefFrameProcA
0x47cac0 CreatePopupMenu
0x47cac4 CreateMenu
0x47cac8 CreateIcon
0x47cacc ClientToScreen
0x47cad0 CheckMenuItem
0x47cad4 CharNextW
0x47cad8 CallWindowProcA
0x47cadc CallNextHookEx
0x47cae0 BeginPaint
0x47cae4 BeginDeferWindowPos
0x47cae8 CharNextA
0x47caec CharLowerA
0x47caf0 CharUpperBuffA
0x47caf4 CharToOemA
0x47caf8 AdjustWindowRectEx
Library gdi32.dll:
0x47cb04 UnrealizeObject
0x47cb08 StretchBlt
0x47cb0c SetWindowOrgEx
0x47cb10 SetViewportOrgEx
0x47cb14 SetTextColor
0x47cb18 SetStretchBltMode
0x47cb1c SetROP2
0x47cb20 SetPixel
0x47cb24 SetDIBColorTable
0x47cb28 SetBrushOrgEx
0x47cb2c SetBkMode
0x47cb30 SetBkColor
0x47cb34 SelectPalette
0x47cb38 SelectObject
0x47cb3c SelectClipRgn
0x47cb40 SaveDC
0x47cb44 RestoreDC
0x47cb48 Rectangle
0x47cb4c RectVisible
0x47cb50 RealizePalette
0x47cb54 Polyline
0x47cb58 PatBlt
0x47cb5c MoveToEx
0x47cb60 MaskBlt
0x47cb64 LineTo
0x47cb68 IntersectClipRect
0x47cb6c GetWindowOrgEx
0x47cb70 GetTextMetricsA
0x47cb7c GetStockObject
0x47cb80 GetRgnBox
0x47cb84 GetPixel
0x47cb88 GetPaletteEntries
0x47cb8c GetObjectA
0x47cb90 GetDeviceCaps
0x47cb94 GetDIBits
0x47cb98 GetDIBColorTable
0x47cb9c GetDCOrgEx
0x47cba4 GetClipBox
0x47cba8 GetBrushOrgEx
0x47cbac GetBitmapBits
0x47cbb0 ExcludeClipRect
0x47cbb4 DeleteObject
0x47cbb8 DeleteDC
0x47cbbc CreateSolidBrush
0x47cbc0 CreatePenIndirect
0x47cbc4 CreatePalette
0x47cbcc CreateFontIndirectA
0x47cbd0 CreateDIBitmap
0x47cbd4 CreateDIBSection
0x47cbd8 CreateCompatibleDC
0x47cbe0 CreateBrushIndirect
0x47cbe4 CreateBitmap
0x47cbe8 BitBlt
Library version.dll:
0x47cbf0 VerQueryValueA
0x47cbf8 GetFileVersionInfoA
Library kernel32.dll:
0x47cc00 lstrcpyA
0x47cc04 WriteFile
0x47cc08 WaitForSingleObject
0x47cc0c VirtualQuery
0x47cc10 VirtualProtect
0x47cc14 VirtualAlloc
0x47cc18 SizeofResource
0x47cc1c SetThreadLocale
0x47cc20 SetFilePointer
0x47cc24 SetEvent
0x47cc28 SetErrorMode
0x47cc2c SetEndOfFile
0x47cc30 ResetEvent
0x47cc34 ReadFile
0x47cc38 MultiByteToWideChar
0x47cc3c MulDiv
0x47cc40 LockResource
0x47cc44 LoadResource
0x47cc48 LoadLibraryA
0x47cc54 GlobalFindAtomA
0x47cc58 GlobalDeleteAtom
0x47cc5c GlobalAddAtomA
0x47cc60 GetVersionExA
0x47cc64 GetVersion
0x47cc68 GetTickCount
0x47cc6c GetThreadLocale
0x47cc70 GetStdHandle
0x47cc74 GetProcAddress
0x47cc78 GetModuleHandleA
0x47cc7c GetModuleFileNameA
0x47cc80 GetLocaleInfoA
0x47cc84 GetLocalTime
0x47cc88 GetLastError
0x47cc8c GetFullPathNameA
0x47cc90 GetDiskFreeSpaceA
0x47cc94 GetDateFormatA
0x47cc98 GetCurrentThreadId
0x47cc9c GetCurrentProcessId
0x47cca0 GetCPInfo
0x47cca4 FreeResource
0x47cca8 InterlockedExchange
0x47ccac FreeLibrary
0x47ccb0 FormatMessageA
0x47ccb4 FindResourceA
0x47ccb8 EnumCalendarInfoA
0x47ccc4 CreateThread
0x47ccc8 CreateFileA
0x47cccc CreateEventA
0x47ccd0 CompareStringA
0x47ccd4 CloseHandle
Library advapi32.dll:
0x47ccdc RegQueryValueExA
0x47cce0 RegOpenKeyExA
0x47cce4 RegFlushKey
0x47cce8 RegCloseKey
Library oleaut32.dll:
0x47ccf0 GetErrorInfo
0x47ccf4 SysFreeString
Library ole32.dll:
0x47ccfc CoUninitialize
0x47cd00 CoInitialize
Library kernel32.dll:
0x47cd08 Sleep
Library oleaut32.dll:
0x47cd10 SafeArrayPtrOfIndex
0x47cd14 SafeArrayPutElement
0x47cd18 SafeArrayGetElement
0x47cd20 SafeArrayAccessData
0x47cd24 SafeArrayGetUBound
0x47cd28 SafeArrayGetLBound
0x47cd2c SafeArrayCreate
0x47cd30 VariantChangeType
0x47cd34 VariantCopyInd
0x47cd38 VariantCopy
0x47cd3c VariantClear
0x47cd40 VariantInit
Library comctl32.dll:
0x47cd48 _TrackMouseEvent
0x47cd54 ImageList_Write
0x47cd58 ImageList_Read
0x47cd60 ImageList_DragMove
0x47cd64 ImageList_DragLeave
0x47cd68 ImageList_DragEnter
0x47cd6c ImageList_EndDrag
0x47cd70 ImageList_BeginDrag
0x47cd74 ImageList_Remove
0x47cd78 ImageList_DrawEx
0x47cd7c ImageList_Draw
0x47cd88 ImageList_Add
0x47cd90 ImageList_Destroy
0x47cd94 ImageList_Create
Library advapi32.dll:
0x47cd9c QueryServiceStatus
0x47cda0 OpenServiceA
0x47cda4 OpenSCManagerA
0x47cda8 CloseServiceHandle
Library url.dll:
0x47cdb0 InetIsOffline

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 62912 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.