4.6
中危
该样本未表现出任何异常!
重新分析
更多

1df55177a6326406d491cd9b6d4951392e565dd13e597836684468de6fec52f1

43c100532467c5b634c1cd2f64683526.exe

分析耗时

92s

最近分析

文件大小

253.5KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619401203.809375
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (5 个事件)
Time & API Arguments Status Return Repeated
1619401201.825375
NtProtectVirtualMemory
process_identifier: 2120
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00401000
success 0 0
1619401201.825375
NtAllocateVirtualMemory
process_identifier: 2120
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00720000
success 0 0
1619401203.559375
NtAllocateVirtualMemory
process_identifier: 2120
region_size: 225280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x007a0000
success 0 0
1619401203.559375
NtAllocateVirtualMemory
process_identifier: 2120
region_size: 192512
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x007e0000
success 0 0
1619401203.575375
NtAllocateVirtualMemory
process_identifier: 2120
region_size: 217088
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00810000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619401204.887375
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 113.108.239.196
host 172.217.24.14
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619401207.497375
RegSetValueExA
key_handle: 0x0000037c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619401207.497375
RegSetValueExA
key_handle: 0x0000037c
value: ’-:×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619401207.497375
RegSetValueExA
key_handle: 0x0000037c
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619401207.497375
RegSetValueExW
key_handle: 0x0000037c
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619401207.497375
RegSetValueExA
key_handle: 0x00000394
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619401207.497375
RegSetValueExA
key_handle: 0x00000394
value: ’-:×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619401207.497375
RegSetValueExA
key_handle: 0x00000394
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619401207.512375
RegSetValueExW
key_handle: 0x00000378
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Generates some ICMP traffic
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.24.14:443
dead_host 216.58.200.238:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-05-29 09:03:13

Imports

Library advapi32.dll:
0x404000 EqualSid
0x404008 GetUserNameW
0x40400c CryptCreateHash
0x404010 CryptGetHashParam
0x404014 LookupAccountSidW
0x40401c SetEntriesInAclW
0x404020 RegCreateKeyExW
0x404024 CryptHashData
0x404028 RegSetValueExW
0x40402c RegEnumValueW
0x404030 CryptReleaseContext
0x404038 FreeSid
0x40403c PrivilegeCheck
0x404040 InitializeSid
0x404044 RegOpenKeyExW
0x404048 CryptDestroyHash
0x40404c RegQueryInfoKeyW
0x404054 GetSidSubAuthority
0x404058 RegDeleteValueW
0x404060 GetTokenInformation
0x404064 OpenProcessToken
0x40406c RegCloseKey
0x404070 RegEnumKeyExW
0x404074 RegQueryValueExW
Library comctl32.dll:
0x404084 ImageList_DrawEx
0x40408c _TrackMouseEvent
Library gdi32.dll:
0x404098 CreateRoundRectRgn
0x40409c ExtTextOutW
0x4040a0 Polygon
0x4040a4 CreateCompatibleDC
0x4040a8 MoveToEx
0x4040ac ExcludeClipRect
0x4040b0 SelectObject
0x4040b4 SetPixel
0x4040b8 CreatePen
0x4040bc GetPixel
0x4040c4 GetObjectW
0x4040c8 FrameRgn
0x4040cc LineTo
0x4040d0 GetTextFaceW
0x4040d4 DeleteObject
0x4040d8 CreateFontIndirectW
0x4040e0 CombineRgn
0x4040e4 Rectangle
0x4040e8 CreateSolidBrush
0x4040ec SetBkColor
0x4040f0 DeleteDC
0x4040f4 SetBkMode
0x4040f8 SetTextColor
0x4040fc GetTextMetricsW
0x404100 BitBlt
0x404104 FillRgn
0x40410c CreatePolygonRgn
0x404110 GetDeviceCaps
0x404114 GetStockObject
0x404118 GetCurrentObject
0x40411c CreateRectRgn
Library kernel32.dll:
0x404124 GlobalLock
0x404128 LocalFree
0x40412c FindClose
0x404130 GetProcessTimes
0x404134 GetProcAddress
0x404138 GetStartupInfoW
0x40413c FreeResource
0x404144 CreateThread
0x404148 CreateEventA
0x40414c CreateEventW
0x404150 CreateMutexW
0x404154 OpenFileMappingW
0x404158 DeviceIoControl
0x40415c GlobalMemoryStatus
0x404160 FindResourceW
0x404164 GetCommandLineW
0x40416c Process32FirstW
0x404170 ResumeThread
0x404174 DuplicateHandle
0x404178 TerminateProcess
0x40417c GetModuleFileNameW
0x404180 GetVersionExW
0x404184 GetModuleHandleW
0x404194 VerifyVersionInfoW
0x404198 SetLastError
0x4041a0 VirtualQuery
0x4041a4 GetCurrentProcess
0x4041a8 Process32NextW
0x4041ac GetSystemDirectoryW
0x4041b4 GetVersion
0x4041c0 LoadLibraryA
0x4041c4 IsDebuggerPresent
0x4041c8 LocalLock
0x4041cc ReadFile
0x4041d0 CreateFileMappingW
0x4041d4 GetLocalTime
0x4041d8 VerSetConditionMask
0x4041dc GetCurrentThread
0x4041e0 UnmapViewOfFile
0x4041e4 WideCharToMultiByte
0x4041e8 GlobalAlloc
0x4041ec SetFileAttributesW
0x4041f0 FindFirstFileW
0x4041f4 ReleaseMutex
0x4041f8 WriteFile
0x4041fc GetModuleHandleA
0x404200 GlobalFree
0x404208 VirtualProtectEx
0x40420c LocalUnlock
0x404210 FreeLibrary
0x404214 lstrcmpiW
0x404218 InterlockedExchange
0x40421c GetSystemInfo
0x404224 CreateFileW
0x404228 LoadLibraryW
0x40422c OpenProcess
0x404230 CreateDirectoryW
0x404234 FormatMessageA
0x404238 GetLongPathNameW
0x404240 MulDiv
0x404244 SetFilePointer
0x40424c GetModuleFileNameA
0x404250 LocalAlloc
0x404254 GetDriveTypeW
0x404260 DeleteFileA
0x404264 TerminateThread
0x404268 OpenEventW
0x40426c GetTickCount
0x404270 Sleep
0x404278 CreateProcessW
0x40427c GetLastError
0x404280 FindNextFileW
0x404284 GlobalUnlock
0x404288 LoadLibraryExW
0x40428c GetFileAttributesW
0x404290 OpenMutexW
0x404298 LoadResource
0x40429c GetCurrentProcessId
0x4042a0 GetCurrentThreadId
0x4042a4 LockResource
0x4042a8 MultiByteToWideChar
0x4042ac CloseHandle
0x4042b0 SuspendThread
0x4042b4 SetEvent
0x4042bc MapViewOfFile
0x4042c0 ResetEvent
0x4042c4 GetFileSize
0x4042c8 CopyFileW
0x4042d0 DeleteFileW
0x4042d8 WaitForSingleObject
Library msimg32.dll:
0x4042e0 GradientFill
Library ole32.dll:
0x4042e8 CoInitializeEx
0x4042f0 CoUninitialize
0x4042f4 CoCreateInstance
Library psapi.dll:
0x4042fc EnumProcessModules
0x404304 EnumProcesses
Library shell32.dll:
0x404314 ShellExecuteW
0x404318 SHGetFileInfoW
0x40431c SHGetFolderPathW
Library shlwapi.dll:
0x404324 PathFileExistsW
0x404328 PathAppendW
0x40432c PathFindFileNameW
0x404330 PathRemoveBlanksW
0x404334 PathRemoveFileSpecW
0x404338 SHRegGetPathW
0x40433c PathUnquoteSpacesW
0x404340 PathStripToRootW
Library user32.dll:
0x404348 LoadIconW
0x40434c DestroyCursor
0x404350 SetFocus
0x404354 GetSysColor
0x404358 LoadImageW
0x40435c IsChild
0x404360 IsIconic
0x404364 RemovePropW
0x404368 GetFocus
0x40436c KillTimer
0x404370 ExitWindowsEx
0x404374 DestroyIcon
0x404378 DrawFocusRect
0x40437c DefWindowProcW
0x404380 OpenClipboard
0x404384 OffsetRect
0x404388 SetWindowLongW
0x40438c IsWindow
0x404390 GetWindowPlacement
0x404394 SetPropW
0x404398 DestroyWindow
0x40439c GetClientRect
0x4043a0 GetKeyState
0x4043a4 FillRect
0x4043ac ClientToScreen
0x4043b0 GetWindowTextW
0x4043b4 IsWindowVisible
0x4043b8 CreateWindowExW
0x4043bc ShowScrollBar
0x4043c0 PostMessageW
0x4043c4 IntersectRect
0x4043c8 SetWindowPos
0x4043cc GetCursor
0x4043d0 GetAncestor
0x4043d4 SetRect
0x4043d8 ReleaseDC
0x4043dc PtInRect
0x4043e0 IsRectEmpty
0x4043e4 GetCursorPos
0x4043e8 LoadBitmapW
0x4043ec GetDesktopWindow
0x4043f0 EnableWindow
0x4043f4 GetParent
0x4043f8 GetNextDlgGroupItem
0x4043fc FrameRect
0x404400 LoadCursorW
0x404404 CloseClipboard
0x404408 GetSystemMetrics
0x40440c DrawIcon
0x404410 GetWindow
0x404414 InflateRect
0x40441c FindWindowW
0x404420 ScreenToClient
0x404424 EmptyClipboard
0x404428 RedrawWindow
0x40442c ShowWindow
0x404430 GetWindowLongW
0x404438 SetWindowTextW
0x40443c GetWindowRect
0x404440 SetClipboardData
0x404444 SetTimer
0x404448 DrawTextW
0x40444c GetIconInfo
0x404450 InvalidateRect
0x404454 FindWindowExW
0x404458 CopyRect
0x40445c MessageBeep
0x404460 GetPropW
0x404464 SendMessageW
0x404468 GetWindowDC
0x40446c SetWindowRgn
0x404470 GetDC
0x404474 SetCursor
0x404478 EnableScrollBar
Library version.dll:
0x404484 VerQueryValueW
0x404488 GetFileVersionInfoW

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 53500 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 54178 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 56743 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 58070 114.114.114.114 53
192.168.56.101 58970 114.114.114.114 53
192.168.56.101 60088 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.