SmartHawk

Time & API	Arguments	Status
1619384585.438125 RegSetValueExA	key_handle: 0x00000324 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1619384585.438125 RegSetValueExA	key_handle: 0x00000324 value: pãöA:× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1619384585.438125 RegSetValueExA	key_handle: 0x00000324 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1619384585.438125 RegSetValueExW	key_handle: 0x00000324 value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1619384585.453125 RegSetValueExA	key_handle: 0x0000033c value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1619384585.453125 RegSetValueExA	key_handle: 0x0000033c value: pãöA:× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1619384585.453125 RegSetValueExA	key_handle: 0x0000033c value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success
1619384585.469125 RegSetValueExW	key_handle: 0x00000320 value: {40112ABE-63B3-43C3-BE93-1440EE3AF106} regkey_r: WpadLastNetwork reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork	success

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (30 个事件)

dead_host	192.168.56.101:49191
dead_host	192.168.56.101:49192
dead_host	192.168.56.101:49202
dead_host	222.186.134.204:8080
dead_host	192.168.56.101:49196
dead_host	192.168.56.101:49176
dead_host	192.168.56.101:49180
dead_host	192.168.56.101:49193
dead_host	192.168.56.101:49203
dead_host	192.168.56.101:49188
dead_host	192.168.56.101:49197
dead_host	192.168.56.101:49189
dead_host	192.168.56.101:49207
dead_host	192.168.56.101:49177
dead_host	192.168.56.101:49208
dead_host	192.168.56.101:49185
dead_host	192.168.56.101:49194
dead_host	172.217.24.14:443
dead_host	192.168.56.101:49198
dead_host	192.168.56.101:49200
dead_host	192.168.56.101:49178
dead_host	192.168.56.101:49186
dead_host	192.168.56.101:49204
dead_host	192.168.56.101:49190
dead_host	192.168.56.101:49199
dead_host	192.168.56.101:49201
dead_host	192.168.56.101:49179
dead_host	192.168.56.101:49187
dead_host	192.168.56.101:49205
dead_host	192.168.56.101:49183

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2018-09-10 02:56:45

Imports

Library MSVCRT.dll:

• 0x40304c _except_handler3

• 0x403050 __set_app_type

• 0x403054 __p__fmode

• 0x403058 _stricmp

• 0x40305c __p__commode

• 0x403060 _adjust_fdiv

• 0x403064 __setusermatherr

• 0x403068 _initterm

• 0x40306c __getmainargs

• 0x403070 _acmdln

• 0x403074 exit

• 0x403078 _XcptFilter

• 0x40307c _exit

• 0x403080 ??2@YAPAXI@Z

• 0x403084 ??3@YAXPAX@Z

• 0x403088 malloc

• 0x40308c free

• 0x403090 _controlfp

• 0x403094 realloc

Library imagehlp.dll:

• 0x4030b0 MakeSureDirectoryPathExists

Library WININET.dll:

• 0x40309c InternetOpenA

• 0x4030a0 InternetOpenUrlA

• 0x4030a4 InternetReadFile

• 0x4030a8 InternetCloseHandle

Library KERNEL32.dll:

• 0x403000 CreateFileA

• 0x403004 CloseHandle

• 0x403008 FreeLibrary

• 0x40300c HeapFree

• 0x403010 IsBadReadPtr

• 0x403014 LoadLibraryA

• 0x403018 GetProcAddress

• 0x40301c VirtualFree

• 0x403020 VirtualProtect

• 0x403024 VirtualAlloc

• 0x403028 GetProcessHeap

• 0x40302c HeapAlloc

• 0x403030 Sleep

• 0x403034 ReadFile

• 0x403038 GetFileSize

• 0x40303c GetModuleHandleA

• 0x403040 GetStartupInfoA

• 0x403044 WriteFile

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
clients2.google.com	A 172.217.24.14 CNAME clients.l.google.com	172.217.24.14
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	57236	114.114.114.114	53
192.168.56.101	62912	114.114.114.114	53
192.168.56.101	63429	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	50002	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	53210	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57756	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	60384	224.0.0.252	5355
192.168.56.101	61680	224.0.0.252	5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.