2.2
中危
该样本未表现出任何异常!
重新分析
更多

8e6f6a0ded825b8a0e0ac5fb40d9c8b6be6101382f5dcbc470c9a7b04c7872a9

44c017119f5e3116021e767133315644.exe

分析耗时

26s

最近分析

文件大小

4.3MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
行为判定
动态指标
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1620759697.508125
NtProtectVirtualMemory
process_identifier: 3060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 2301952
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffff
base_address: 0x0312c000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 6.806753746029816 section {'size_of_data': '0x00005e00', 'virtual_address': '0x00456000', 'entropy': 6.806753746029816, 'name': '.reloc', 'virtual_size': '0x00005ce8'} description A section with a high entropy has been found
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-05-01 19:48:26

Imports

Library KERNEL32.dll:
0x42e000 FreeLibrary
0x42e004 GetCurrentProcess
0x42e008 HeapFree
0x42e00c GetModuleHandleW
0x42e010 VirtualFree
0x42e014 GetProcessHeap
0x42e018 SetLastError
0x42e01c GetProcAddress
0x42e020 VirtualAlloc
0x42e024 LoadLibraryA
0x42e028 GetNativeSystemInfo
0x42e02c ReadFile
0x42e030 SetEndOfFile
0x42e034 EncodePointer
0x42e038 DecodePointer
0x42e03c GetLastError
0x42e040 HeapReAlloc
0x42e044 GetCommandLineW
0x42e048 RaiseException
0x42e04c RtlUnwind
0x42e050 IsDebuggerPresent
0x42e058 HeapAlloc
0x42e05c ExitProcess
0x42e060 GetModuleHandleExW
0x42e064 AreFileApisANSI
0x42e068 MultiByteToWideChar
0x42e06c WideCharToMultiByte
0x42e070 HeapSize
0x42e074 IsValidCodePage
0x42e078 GetACP
0x42e07c GetOEMCP
0x42e080 GetCPInfo
0x42e084 GetCurrentThreadId
0x42e090 GetStringTypeW
0x42e094 CloseHandle
0x42e098 WriteFile
0x42e09c GetConsoleCP
0x42e0a0 GetConsoleMode
0x42e0a4 GetStdHandle
0x42e0a8 GetFileType
0x42e0b0 GetStartupInfoW
0x42e0b4 GetModuleFileNameW
0x42e0bc GetCurrentProcessId
0x42e0d8 Sleep
0x42e0dc TerminateProcess
0x42e0e0 TlsAlloc
0x42e0e4 TlsGetValue
0x42e0e8 TlsSetValue
0x42e0ec TlsFree
0x42e0f0 LoadLibraryExW
0x42e0f4 LCMapStringW
0x42e0f8 CreateFileW
0x42e0fc SetStdHandle
0x42e100 FlushFileBuffers
0x42e104 SetFilePointerEx
0x42e108 WriteConsoleW
0x42e10c OutputDebugStringW
0x42e110 ReadConsoleW
Library SHELL32.dll:

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50003 239.255.255.250 3702
192.168.56.101 50005 239.255.255.250 3702
192.168.56.101 51966 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.