4.6
中危
该样本未表现出任何异常!
重新分析
更多

dafacf05b19728eabbfec62b925b2cf60d81a4eeb634836da058d81faed7ca74

41e6e8ff893c7c836b481dbc6763b80a.exe

分析耗时

93s

最近分析

文件大小

1.3MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619423679.473375
__exception__
stacktrace: 
0x54

registers.esp: 56753176
registers.edi: 0
registers.eax: 0
registers.ebp: 56753204
registers.edx: 0
registers.ebx: 0
registers.esi: 56753220
registers.ecx: 0
exception.instruction_r: 8b 40 3c 99 03 04 24 13 54 24 04 83 c4 08 89 44
exception.instruction: mov eax, dword ptr [eax + 0x3c]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x1fa8c4c
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619423628.505375
NtAllocateVirtualMemory
process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00560000
success 0 0
Downloads a file or document from Google Drive (1 个事件)
domain drive.google.com
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619423655.708375
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619423658.255375
RegSetValueExA
key_handle: 0x000003d8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619423658.255375
RegSetValueExA
key_handle: 0x000003d8
value: Ð;‡ä3:×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619423658.255375
RegSetValueExA
key_handle: 0x000003d8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619423658.255375
RegSetValueExW
key_handle: 0x000003d8
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619423658.255375
RegSetValueExA
key_handle: 0x000003f0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619423658.255375
RegSetValueExA
key_handle: 0x000003f0
value: Ð;‡ä3:×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619423658.255375
RegSetValueExA
key_handle: 0x000003f0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619423658.348375
RegSetValueExW
key_handle: 0x000003d4
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
dead_host 75.126.215.88:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x48c18c VirtualFree
0x48c190 VirtualAlloc
0x48c194 LocalFree
0x48c198 LocalAlloc
0x48c19c GetVersion
0x48c1a0 GetCurrentThreadId
0x48c1ac VirtualQuery
0x48c1b0 WideCharToMultiByte
0x48c1b4 MultiByteToWideChar
0x48c1b8 lstrlenA
0x48c1bc lstrcpynA
0x48c1c0 LoadLibraryExA
0x48c1c4 GetThreadLocale
0x48c1c8 GetStartupInfoA
0x48c1cc GetProcAddress
0x48c1d0 GetModuleHandleA
0x48c1d4 GetModuleFileNameA
0x48c1d8 GetLocaleInfoA
0x48c1dc GetCommandLineA
0x48c1e0 FreeLibrary
0x48c1e4 FindFirstFileA
0x48c1e8 FindClose
0x48c1ec ExitProcess
0x48c1f0 WriteFile
0x48c1f8 RtlUnwind
0x48c1fc RaiseException
0x48c200 GetStdHandle
Library user32.dll:
0x48c208 GetKeyboardType
0x48c20c LoadStringA
0x48c210 MessageBoxA
0x48c214 CharNextA
Library advapi32.dll:
0x48c21c RegQueryValueExA
0x48c220 RegOpenKeyExA
0x48c224 RegCloseKey
Library oleaut32.dll:
0x48c22c SysFreeString
0x48c230 SysReAllocStringLen
0x48c234 SysAllocStringLen
Library kernel32.dll:
0x48c23c TlsSetValue
0x48c240 TlsGetValue
0x48c244 LocalAlloc
0x48c248 GetModuleHandleA
Library advapi32.dll:
0x48c250 RegQueryValueExA
0x48c254 RegOpenKeyExA
0x48c258 RegCloseKey
Library kernel32.dll:
0x48c260 lstrcpyA
0x48c264 WriteFile
0x48c268 WaitForSingleObject
0x48c26c VirtualQuery
0x48c270 VirtualProtect
0x48c274 VirtualAlloc
0x48c278 SuspendThread
0x48c27c Sleep
0x48c280 SizeofResource
0x48c284 SetThreadLocale
0x48c288 SetFilePointer
0x48c28c SetEvent
0x48c290 SetErrorMode
0x48c294 SetEndOfFile
0x48c298 ResumeThread
0x48c29c ResetEvent
0x48c2a0 ReadFile
0x48c2a4 MultiByteToWideChar
0x48c2a8 MulDiv
0x48c2ac LockResource
0x48c2b0 LoadResource
0x48c2b4 LoadLibraryA
0x48c2c0 GlobalUnlock
0x48c2c4 GlobalSize
0x48c2c8 GlobalReAlloc
0x48c2cc GlobalHandle
0x48c2d0 GlobalLock
0x48c2d4 GlobalFree
0x48c2d8 GlobalFindAtomA
0x48c2dc GlobalDeleteAtom
0x48c2e0 GlobalAlloc
0x48c2e4 GlobalAddAtomA
0x48c2e8 GetVersionExA
0x48c2ec GetVersion
0x48c2f0 GetTickCount
0x48c2f4 GetThreadLocale
0x48c2f8 GetSystemInfo
0x48c2fc GetStringTypeExA
0x48c300 GetStdHandle
0x48c304 GetProfileStringA
0x48c308 GetProcAddress
0x48c30c GetModuleHandleA
0x48c310 GetModuleFileNameA
0x48c314 GetLocaleInfoA
0x48c318 GetLocalTime
0x48c31c GetLastError
0x48c320 GetFullPathNameA
0x48c324 GetDiskFreeSpaceA
0x48c328 GetDateFormatA
0x48c32c GetCurrentThreadId
0x48c330 GetCurrentProcessId
0x48c334 GetCPInfo
0x48c338 GetACP
0x48c33c FreeResource
0x48c340 InterlockedExchange
0x48c344 FreeLibrary
0x48c348 FormatMessageA
0x48c34c FindResourceA
0x48c350 EnumCalendarInfoA
0x48c35c CreateThread
0x48c360 CreateFileA
0x48c364 CreateEventA
0x48c368 CompareStringA
0x48c36c CloseHandle
Library version.dll:
0x48c374 VerQueryValueA
0x48c37c GetFileVersionInfoA
Library gdi32.dll:
0x48c384 UnrealizeObject
0x48c388 StretchBlt
0x48c38c StartPage
0x48c390 StartDocA
0x48c394 SetWindowOrgEx
0x48c398 SetWinMetaFileBits
0x48c39c SetViewportOrgEx
0x48c3a0 SetTextColor
0x48c3a4 SetStretchBltMode
0x48c3a8 SetROP2
0x48c3ac SetPixel
0x48c3b0 SetEnhMetaFileBits
0x48c3b4 SetDIBColorTable
0x48c3b8 SetBrushOrgEx
0x48c3bc SetBkMode
0x48c3c0 SetBkColor
0x48c3c4 SetAbortProc
0x48c3c8 SelectPalette
0x48c3cc SelectObject
0x48c3d0 SelectClipRgn
0x48c3d4 SaveDC
0x48c3d8 RestoreDC
0x48c3dc Rectangle
0x48c3e0 RectVisible
0x48c3e4 RealizePalette
0x48c3e8 Polyline
0x48c3ec Polygon
0x48c3f0 PlayEnhMetaFile
0x48c3f4 PatBlt
0x48c3f8 MoveToEx
0x48c3fc MaskBlt
0x48c400 LineTo
0x48c404 IntersectClipRect
0x48c408 GetWindowOrgEx
0x48c40c GetWinMetaFileBits
0x48c410 GetTextMetricsA
0x48c41c GetStockObject
0x48c420 GetRgnBox
0x48c424 GetPixel
0x48c428 GetPaletteEntries
0x48c42c GetObjectA
0x48c438 GetEnhMetaFileBits
0x48c43c GetDeviceCaps
0x48c440 GetDIBits
0x48c444 GetDIBColorTable
0x48c448 GetDCOrgEx
0x48c450 GetClipBox
0x48c454 GetBrushOrgEx
0x48c458 GetBitmapBits
0x48c45c ExcludeClipRect
0x48c460 EndPage
0x48c464 EndDoc
0x48c468 Ellipse
0x48c46c DeleteObject
0x48c470 DeleteEnhMetaFile
0x48c474 DeleteDC
0x48c478 CreateSolidBrush
0x48c47c CreateRectRgn
0x48c480 CreatePenIndirect
0x48c484 CreatePalette
0x48c488 CreateICA
0x48c490 CreateFontIndirectA
0x48c494 CreateDIBitmap
0x48c498 CreateDIBSection
0x48c49c CreateDCA
0x48c4a0 CreateCompatibleDC
0x48c4a8 CreateBrushIndirect
0x48c4ac CreateBitmap
0x48c4b0 CopyEnhMetaFileA
0x48c4b4 CombineRgn
0x48c4b8 BitBlt
Library user32.dll:
0x48c4c0 CreateWindowExA
0x48c4c4 WindowFromPoint
0x48c4c8 WinHelpA
0x48c4cc WaitMessage
0x48c4d0 UpdateWindow
0x48c4d4 UnregisterClassA
0x48c4d8 UnhookWindowsHookEx
0x48c4dc TranslateMessage
0x48c4e4 TrackPopupMenu
0x48c4ec ShowWindow
0x48c4f0 ShowScrollBar
0x48c4f4 ShowOwnedPopups
0x48c4f8 ShowCursor
0x48c4fc SetWindowsHookExA
0x48c500 SetWindowTextA
0x48c504 SetWindowPos
0x48c508 SetWindowPlacement
0x48c50c SetWindowLongA
0x48c510 SetTimer
0x48c514 SetScrollRange
0x48c518 SetScrollPos
0x48c51c SetScrollInfo
0x48c520 SetRect
0x48c524 SetPropA
0x48c528 SetParent
0x48c52c SetMenuItemInfoA
0x48c530 SetMenu
0x48c534 SetForegroundWindow
0x48c538 SetFocus
0x48c53c SetCursor
0x48c540 SetClassLongA
0x48c544 SetCapture
0x48c548 SetActiveWindow
0x48c54c SendMessageA
0x48c550 ScrollWindow
0x48c554 ScreenToClient
0x48c558 RemovePropA
0x48c55c RemoveMenu
0x48c560 ReleaseDC
0x48c564 ReleaseCapture
0x48c570 RegisterClassA
0x48c574 RedrawWindow
0x48c578 PtInRect
0x48c57c PostQuitMessage
0x48c580 PostMessageA
0x48c584 PeekMessageA
0x48c588 OffsetRect
0x48c58c OemToCharA
0x48c590 MessageBoxA
0x48c594 MessageBeep
0x48c598 MapWindowPoints
0x48c59c MapVirtualKeyA
0x48c5a0 LockWindowUpdate
0x48c5a4 LoadStringA
0x48c5a8 LoadKeyboardLayoutA
0x48c5ac LoadIconA
0x48c5b0 LoadCursorA
0x48c5b4 LoadBitmapA
0x48c5b8 KillTimer
0x48c5bc IsZoomed
0x48c5c0 IsWindowVisible
0x48c5c4 IsWindowEnabled
0x48c5c8 IsWindow
0x48c5cc IsRectEmpty
0x48c5d0 IsIconic
0x48c5d4 IsDialogMessageA
0x48c5d8 IsChild
0x48c5dc InvalidateRect
0x48c5e0 IntersectRect
0x48c5e4 InsertMenuItemA
0x48c5e8 InsertMenuA
0x48c5ec InflateRect
0x48c5f4 GetWindowTextA
0x48c5f8 GetWindowRect
0x48c5fc GetWindowPlacement
0x48c600 GetWindowLongA
0x48c604 GetWindowDC
0x48c608 GetTopWindow
0x48c60c GetSystemMetrics
0x48c610 GetSystemMenu
0x48c614 GetSysColorBrush
0x48c618 GetSysColor
0x48c61c GetSubMenu
0x48c620 GetScrollRange
0x48c624 GetScrollPos
0x48c628 GetScrollInfo
0x48c62c GetPropA
0x48c630 GetParent
0x48c634 GetWindow
0x48c638 GetMessagePos
0x48c63c GetMenuStringA
0x48c640 GetMenuState
0x48c644 GetMenuItemInfoA
0x48c648 GetMenuItemID
0x48c64c GetMenuItemCount
0x48c650 GetMenu
0x48c654 GetLastActivePopup
0x48c658 GetKeyboardState
0x48c660 GetKeyboardLayout
0x48c664 GetKeyState
0x48c668 GetKeyNameTextA
0x48c66c GetIconInfo
0x48c670 GetForegroundWindow
0x48c674 GetFocus
0x48c678 GetDlgItem
0x48c67c GetDesktopWindow
0x48c680 GetDCEx
0x48c684 GetDC
0x48c688 GetCursorPos
0x48c68c GetCursor
0x48c690 GetClipboardData
0x48c694 GetClientRect
0x48c698 GetClassNameA
0x48c69c GetClassInfoA
0x48c6a0 GetCapture
0x48c6a4 GetActiveWindow
0x48c6a8 FrameRect
0x48c6ac FindWindowA
0x48c6b0 FillRect
0x48c6b4 EqualRect
0x48c6b8 EnumWindows
0x48c6bc EnumThreadWindows
0x48c6c0 EndPaint
0x48c6c4 EnableWindow
0x48c6c8 EnableScrollBar
0x48c6cc EnableMenuItem
0x48c6d0 DrawTextA
0x48c6d4 DrawMenuBar
0x48c6d8 DrawIconEx
0x48c6dc DrawIcon
0x48c6e0 DrawFrameControl
0x48c6e4 DrawEdge
0x48c6e8 DispatchMessageA
0x48c6ec DestroyWindow
0x48c6f0 DestroyMenu
0x48c6f4 DestroyIcon
0x48c6f8 DestroyCursor
0x48c6fc DeleteMenu
0x48c700 DefWindowProcA
0x48c704 DefMDIChildProcA
0x48c708 DefFrameProcA
0x48c70c CreatePopupMenu
0x48c710 CreateMenu
0x48c714 CreateIcon
0x48c718 ClientToScreen
0x48c71c CheckMenuItem
0x48c720 CallWindowProcA
0x48c724 CallNextHookEx
0x48c728 BeginPaint
0x48c72c CharNextA
0x48c730 CharLowerBuffA
0x48c734 CharLowerA
0x48c738 CharToOemA
0x48c73c AdjustWindowRectEx
Library kernel32.dll:
0x48c748 Sleep
Library oleaut32.dll:
0x48c750 SafeArrayPtrOfIndex
0x48c754 SafeArrayGetUBound
0x48c758 SafeArrayGetLBound
0x48c75c SafeArrayCreate
0x48c760 VariantChangeType
0x48c764 VariantCopy
0x48c768 VariantClear
0x48c76c VariantInit
Library ole32.dll:
0x48c774 CoCreateInstance
0x48c778 CoUninitialize
0x48c77c CoInitialize
Library oleaut32.dll:
0x48c784 CreateErrorInfo
0x48c788 GetErrorInfo
0x48c78c SetErrorInfo
0x48c790 SysFreeString
Library comctl32.dll:
0x48c7a0 ImageList_Write
0x48c7a4 ImageList_Read
0x48c7b4 ImageList_DragMove
0x48c7b8 ImageList_DragLeave
0x48c7bc ImageList_DragEnter
0x48c7c0 ImageList_EndDrag
0x48c7c4 ImageList_BeginDrag
0x48c7c8 ImageList_Remove
0x48c7cc ImageList_DrawEx
0x48c7d0 ImageList_Draw
0x48c7e0 ImageList_Add
0x48c7ec ImageList_Destroy
0x48c7f0 ImageList_Create
0x48c7f4 InitCommonControls
Library winspool.drv:
0x48c7fc OpenPrinterA
0x48c800 EnumPrintersA
0x48c804 DocumentPropertiesA
0x48c808 ClosePrinter
Library comdlg32.dll:
0x48c810 PrintDlgA
0x48c814 GetSaveFileNameA
0x48c818 GetOpenFileNameA
Library url.dll:
0x48c820 InetIsOffline

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.