SmartHawk

1.2

低危

1 个模型检测该样本为恶意！

重新分析

下载样本

2799ecbbae01896450caac99abc5842787129fece62f9f3c03308e2b3338fc1e

42a5d3a09b225f574fdf294f3c1553d0.exe

分析耗时

16s

查杀引擎	查杀时间	查杀版本
McAfee	20180114	6.0.6.653
Baidu	20180112	1.0.0.2
Avast	20180114	17.9.3761.0
Tencent	20180114	1.0.0.1
Kingsoft	20180114	2013.8.14.323
CrowdStrike	20171016	1.0

Time & API	Arguments	Status	Return
1620726215.217379 WriteConsoleA	buffer: Starting web server on port 8000 console_handle: 0x00000007	success	1
1620726215.217379 WriteConsoleA	buffer: Document root: . console_handle: 0x00000007	success	1
1620726215.217379 WriteConsoleA	buffer: Directory listing: yes console_handle: 0x00000007	success	1
1620726215.217379 WriteConsoleA	buffer: Failed to create listener console_handle: 0x00000007	success	1

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2017-12-14 01:20:06

Imports

Library ADVAPI32.dll:

• 0x4202bc RegCloseKey

• 0x4202c0 RegEnumKeyExW

• 0x4202c4 RegOpenKeyExW

• 0x4202c8 RegQueryValueExW

Library KERNEL32.dll:

• 0x4202d0 DeleteCriticalSection

• 0x4202d4 EnterCriticalSection

• 0x4202d8 FindClose

• 0x4202dc FindFirstFileW

• 0x4202e0 FindNextFileW

• 0x4202e4 FreeLibrary

• 0x4202e8 GetCurrentProcess

• 0x4202ec GetCurrentProcessId

• 0x4202f0 GetCurrentThreadId

• 0x4202f4 GetFileAttributesW

• 0x4202f8 GetLastError

• 0x4202fc GetLocalTime

• 0x420300 GetModuleFileNameW

• 0x420304 GetModuleHandleA

• 0x420308 GetProcAddress

• 0x42030c GetStartupInfoA

• 0x420310 GetSystemTimeAsFileTime

• 0x420314 GetTickCount

• 0x420318 InitializeCriticalSection

• 0x42031c LeaveCriticalSection

• 0x420320 LoadLibraryA

• 0x420324 MultiByteToWideChar

• 0x420328 QueryPerformanceCounter

• 0x42032c SetHandleInformation

• 0x420330 SetLastError

• 0x420334 SetUnhandledExceptionFilter

• 0x420338 Sleep

• 0x42033c SystemTimeToFileTime

• 0x420340 TerminateProcess

• 0x420344 TlsGetValue

• 0x420348 UnhandledExceptionFilter

• 0x42034c VirtualProtect

• 0x420350 VirtualQuery

• 0x420354 WideCharToMultiByte

Library msvcrt.dll:

• 0x42035c __dllonexit

• 0x420360 __getmainargs

• 0x420364 __initenv

• 0x420368 __lconv_init

• 0x42036c __set_app_type

• 0x420370 __setusermatherr

• 0x420374 _acmdln

• 0x420378 _amsg_exit

• 0x42037c _atoi64

• 0x420380 _cexit

• 0x420384 _errno

• 0x420388 _exit

• 0x42038c _fileno

• 0x420390 _fmode

• 0x420394 _initterm

• 0x420398 _iob

• 0x42039c _lock

• 0x4203a0 _onexit

• 0x4203a4 _snprintf

• 0x4203a8 _snwprintf

• 0x4203ac _strdup

• 0x4203b0 _unlock

• 0x4203b4 _vsnprintf

• 0x4203b8 _wfopen

• 0x4203bc _wopen

• 0x4203c0 _wstati64

• 0x4203c4 abort

• 0x4203c8 atoi

• 0x4203cc calloc

• 0x4203d0 exit

• 0x4203d4 fclose

• 0x4203d8 fflush

• 0x4203dc fgetc

• 0x4203e0 fgets

• 0x4203e4 fprintf

• 0x4203e8 fputc

• 0x4203ec fputs

• 0x4203f0 fread

• 0x4203f4 free

• 0x4203f8 fseek

• 0x4203fc fwprintf

• 0x420400 fwrite

• 0x420404 gmtime

• 0x420408 isalnum

• 0x42040c isprint

• 0x420410 isspace

• 0x420414 localtime

• 0x420418 isxdigit

• 0x42041c malloc

• 0x420420 memchr

• 0x420424 memcmp

• 0x420428 memmove

• 0x42042c memset

• 0x420430 memcpy

• 0x420434 printf

• 0x420438 puts

• 0x42043c raise

• 0x420440 rand

• 0x420444 realloc

• 0x420448 signal

• 0x42044c sprintf

• 0x420450 sscanf

• 0x420454 strchr

• 0x420458 strcmp

• 0x42045c strerror

• 0x420460 strftime

• 0x420464 strlen

• 0x420468 strncmp

• 0x42046c strncpy

• 0x420470 strrchr

• 0x420474 strtoul

• 0x420478 tolower

• 0x42047c vfprintf

• 0x420480 wcscat

• 0x420484 wcschr

• 0x420488 wcscpy

Library USER32.dll:

• 0x420490 MessageBoxW

• 0x420494 PeekMessageA

Library WS2_32.dll:

• 0x42049c WSAGetLastError

• 0x4204a0 WSAStartup

• 0x4204a4 __WSAFDIsSet

• 0x4204a8 accept

• 0x4204ac bind

• 0x4204b0 closesocket

• 0x4204b4 connect

• 0x4204b8 getpeername

• 0x4204bc getsockname

• 0x4204c0 getsockopt

• 0x4204c4 htonl

• 0x4204c8 htons

• 0x4204cc inet_ntoa

• 0x4204d0 ioctlsocket

• 0x4204d4 listen

• 0x4204d8 ntohl

• 0x4204dc ntohs

• 0x4204e0 recv

• 0x4204e4 recvfrom

• 0x4204e8 select

• 0x4204ec send

• 0x4204f0 sendto

• 0x4204f4 setsockopt

• 0x4204f8 socket

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	60123	114.114.114.114	53
192.168.56.101	63429	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	65004	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58370	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.