2.6
中危
6 个模型检测该样本为恶意!
重新分析
更多

76175575ba68c215de6ed4aa33d5ce128cd7767d766e0eff70e9479e16d59ab6

4554d5bf745f19621146ce4861528669.exe

分析耗时

84s

最近分析

文件大小

549.0KB
静态报毒 动态报毒 AGEN CONFIDENCE DELF MODERATE SCORE
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20190328 6.0.6.653
Alibaba 20190306 0.2.0.3
Baidu 20190318 1.0.0.2
Avast 20190328 18.4.3895.0
Tencent 20190328 1.0.0.1
Kingsoft 20190328 2013.8.14.323
CrowdStrike win/malicious_confidence_60% (W) 20190212 1.0
静态指标
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620979453.137125
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1620979453.622125
__exception__
stacktrace: 
4554d5bf745f19621146ce4861528669+0x1a21a @ 0x41a21a
4554d5bf745f19621146ce4861528669+0x1a0ed @ 0x41a0ed
4554d5bf745f19621146ce4861528669+0x18eb3 @ 0x418eb3
4554d5bf745f19621146ce4861528669+0x6e9df @ 0x46e9df
4554d5bf745f19621146ce4861528669+0x57cd3 @ 0x457cd3
4554d5bf745f19621146ce4861528669+0x579b3 @ 0x4579b3
4554d5bf745f19621146ce4861528669+0x5f00c @ 0x45f00c
4554d5bf745f19621146ce4861528669+0x72228 @ 0x472228
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637516
registers.edi: 30867488
registers.eax: 1637516
registers.ebp: 1637596
registers.edx: 0
registers.ebx: 30877960
registers.esi: 4648252
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620979452.481125
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x007b0000
success 0 0
Foreign language identified in PE resource (2 个事件)
name RT_ICON language LANG_TURKISH offset 0x00086768 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 49, next used block 48059 sublanguage SUBLANG_DEFAULT size 0x000002e8
name RT_GROUP_ICON language LANG_TURKISH offset 0x0008e65c filetype data sublanguage SUBLANG_DEFAULT size 0x00000014
File has been identified by 6 AntiVirus engines on VirusTotal as malicious (6 个事件)
F-Secure Heuristic.HEUR/AGEN.1004737
Trapmine malicious.moderate.ml.score
Avira HEUR/AGEN.1004737
Ikarus Trojan-Dropper.Delf
Cybereason malicious.8cb8ff
CrowdStrike win/malicious_confidence_60% (W)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x476150 VirtualFree
0x476154 VirtualAlloc
0x476158 LocalFree
0x47615c LocalAlloc
0x476160 GetTickCount
0x476168 GetVersion
0x47616c GetCurrentThreadId
0x476178 VirtualQuery
0x47617c WideCharToMultiByte
0x476180 MultiByteToWideChar
0x476184 lstrlenA
0x476188 lstrcpynA
0x47618c LoadLibraryExA
0x476190 GetThreadLocale
0x476194 GetStartupInfoA
0x476198 GetProcAddress
0x47619c GetModuleHandleA
0x4761a0 GetModuleFileNameA
0x4761a4 GetLocaleInfoA
0x4761a8 GetCommandLineA
0x4761ac FreeLibrary
0x4761b0 FindFirstFileA
0x4761b4 FindClose
0x4761b8 ExitProcess
0x4761bc WriteFile
0x4761c4 RtlUnwind
0x4761c8 RaiseException
0x4761cc GetStdHandle
Library user32.dll:
0x4761d4 GetKeyboardType
0x4761d8 LoadStringA
0x4761dc MessageBoxA
0x4761e0 CharNextA
Library advapi32.dll:
0x4761e8 RegQueryValueExA
0x4761ec RegOpenKeyExA
0x4761f0 RegCloseKey
Library oleaut32.dll:
0x4761f8 SysFreeString
0x4761fc SysReAllocStringLen
0x476200 SysAllocStringLen
Library kernel32.dll:
0x476208 TlsSetValue
0x47620c TlsGetValue
0x476210 LocalAlloc
0x476214 GetModuleHandleA
Library advapi32.dll:
0x47621c RegQueryValueExA
0x476220 RegOpenKeyExA
0x476224 RegCloseKey
Library kernel32.dll:
0x47622c lstrcpyA
0x476230 WriteFile
0x476234 WaitForSingleObject
0x476238 VirtualQuery
0x47623c VirtualAlloc
0x476240 Sleep
0x476244 SizeofResource
0x476248 SetThreadLocale
0x47624c SetFilePointer
0x476250 SetEvent
0x476254 SetErrorMode
0x476258 SetEndOfFile
0x47625c ResetEvent
0x476260 ReadFile
0x476264 MultiByteToWideChar
0x476268 MulDiv
0x47626c LockResource
0x476270 LoadResource
0x476274 LoadLibraryA
0x476280 GlobalUnlock
0x476284 GlobalSize
0x476288 GlobalReAlloc
0x47628c GlobalHandle
0x476290 GlobalLock
0x476294 GlobalFree
0x476298 GlobalFindAtomA
0x47629c GlobalDeleteAtom
0x4762a0 GlobalAlloc
0x4762a4 GlobalAddAtomA
0x4762a8 GetVersionExA
0x4762ac GetVersion
0x4762b0 GetUserDefaultLCID
0x4762b4 GetTickCount
0x4762b8 GetThreadLocale
0x4762bc GetTempPathA
0x4762c0 GetSystemInfo
0x4762c4 GetStringTypeExA
0x4762c8 GetStdHandle
0x4762cc GetProcAddress
0x4762d0 GetModuleHandleA
0x4762d4 GetModuleFileNameA
0x4762d8 GetLocaleInfoA
0x4762dc GetLocalTime
0x4762e0 GetLastError
0x4762e4 GetFullPathNameA
0x4762e8 GetFileSize
0x4762ec GetDiskFreeSpaceA
0x4762f0 GetDateFormatA
0x4762f4 GetCurrentThreadId
0x4762f8 GetCurrentProcessId
0x4762fc GetComputerNameA
0x476300 GetCPInfo
0x476304 GetACP
0x476308 FreeResource
0x47630c InterlockedExchange
0x476310 FreeLibrary
0x476314 FormatMessageA
0x476318 FindResourceA
0x47631c FindFirstFileA
0x476320 FindClose
0x47632c EnumCalendarInfoA
0x476338 CreateThread
0x47633c CreateFileA
0x476340 CreateEventA
0x476344 CompareStringA
0x476348 CloseHandle
Library version.dll:
0x476350 VerQueryValueA
0x476358 GetFileVersionInfoA
Library gdi32.dll:
0x476360 UnrealizeObject
0x476364 StretchBlt
0x476368 SetWindowOrgEx
0x47636c SetWinMetaFileBits
0x476370 SetViewportOrgEx
0x476374 SetTextColor
0x476378 SetStretchBltMode
0x47637c SetROP2
0x476380 SetPixel
0x476384 SetMapMode
0x476388 SetEnhMetaFileBits
0x47638c SetDIBColorTable
0x476390 SetBrushOrgEx
0x476394 SetBkMode
0x476398 SetBkColor
0x47639c SelectPalette
0x4763a0 SelectObject
0x4763a4 SelectClipRgn
0x4763a8 SaveDC
0x4763ac RestoreDC
0x4763b0 RectVisible
0x4763b4 RealizePalette
0x4763b8 PlayEnhMetaFile
0x4763bc PatBlt
0x4763c0 MoveToEx
0x4763c4 MaskBlt
0x4763c8 LineTo
0x4763cc LPtoDP
0x4763d0 IntersectClipRect
0x4763d4 GetWindowOrgEx
0x4763d8 GetWinMetaFileBits
0x4763dc GetTextMetricsA
0x4763e8 GetStockObject
0x4763ec GetPixel
0x4763f0 GetPaletteEntries
0x4763f4 GetObjectA
0x476404 GetEnhMetaFileBits
0x476408 GetDeviceCaps
0x47640c GetDIBits
0x476410 GetDIBColorTable
0x476414 GetDCOrgEx
0x47641c GetClipBox
0x476420 GetBrushOrgEx
0x476424 GetBitmapBits
0x476428 ExcludeClipRect
0x47642c DeleteObject
0x476430 DeleteEnhMetaFile
0x476434 DeleteDC
0x476438 CreateSolidBrush
0x47643c CreatePenIndirect
0x476440 CreatePalette
0x476448 CreateFontIndirectA
0x47644c CreateEnhMetaFileA
0x476450 CreateDIBitmap
0x476454 CreateDIBSection
0x476458 CreateCompatibleDC
0x476460 CreateBrushIndirect
0x476464 CreateBitmap
0x476468 CopyEnhMetaFileA
0x47646c CloseEnhMetaFile
0x476470 BitBlt
Library user32.dll:
0x476478 CreateWindowExA
0x47647c WindowFromPoint
0x476480 WinHelpA
0x476484 WaitMessage
0x476488 UpdateWindow
0x47648c UnregisterClassA
0x476490 UnhookWindowsHookEx
0x476494 TranslateMessage
0x47649c TrackPopupMenu
0x4764a4 ShowWindow
0x4764a8 ShowScrollBar
0x4764ac ShowOwnedPopups
0x4764b0 ShowCursor
0x4764b4 SetWindowsHookExA
0x4764b8 SetWindowTextA
0x4764bc SetWindowPos
0x4764c0 SetWindowPlacement
0x4764c4 SetWindowLongA
0x4764c8 SetTimer
0x4764cc SetScrollRange
0x4764d0 SetScrollPos
0x4764d4 SetScrollInfo
0x4764d8 SetRect
0x4764dc SetPropA
0x4764e0 SetParent
0x4764e4 SetMenuItemInfoA
0x4764e8 SetMenu
0x4764ec SetForegroundWindow
0x4764f0 SetFocus
0x4764f4 SetCursor
0x4764f8 SetClassLongA
0x4764fc SetCapture
0x476500 SetActiveWindow
0x476504 SendMessageA
0x476508 ScrollWindow
0x47650c ScreenToClient
0x476510 RemovePropA
0x476514 RemoveMenu
0x476518 ReleaseDC
0x47651c ReleaseCapture
0x476528 RegisterClassA
0x47652c RedrawWindow
0x476530 PtInRect
0x476534 PostQuitMessage
0x476538 PostMessageA
0x47653c PeekMessageA
0x476540 OffsetRect
0x476544 OemToCharA
0x476548 MessageBoxA
0x47654c MapWindowPoints
0x476550 MapVirtualKeyA
0x476554 LoadStringA
0x476558 LoadKeyboardLayoutA
0x47655c LoadIconA
0x476560 LoadCursorA
0x476564 LoadBitmapA
0x476568 KillTimer
0x47656c IsZoomed
0x476570 IsWindowVisible
0x476574 IsWindowEnabled
0x476578 IsWindow
0x47657c IsRectEmpty
0x476580 IsIconic
0x476584 IsDialogMessageA
0x476588 IsChild
0x47658c InvalidateRect
0x476590 IntersectRect
0x476594 InsertMenuItemA
0x476598 InsertMenuA
0x47659c InflateRect
0x4765a4 GetWindowTextA
0x4765a8 GetWindowRect
0x4765ac GetWindowPlacement
0x4765b0 GetWindowLongA
0x4765b4 GetWindowDC
0x4765b8 GetTopWindow
0x4765bc GetSystemMetrics
0x4765c0 GetSystemMenu
0x4765c4 GetSysColorBrush
0x4765c8 GetSysColor
0x4765cc GetSubMenu
0x4765d0 GetScrollRange
0x4765d4 GetScrollPos
0x4765d8 GetScrollInfo
0x4765dc GetPropA
0x4765e0 GetParent
0x4765e4 GetWindow
0x4765e8 GetMessageTime
0x4765ec GetMenuStringA
0x4765f0 GetMenuState
0x4765f4 GetMenuItemInfoA
0x4765f8 GetMenuItemID
0x4765fc GetMenuItemCount
0x476600 GetMenu
0x476604 GetLastActivePopup
0x476608 GetKeyboardState
0x476610 GetKeyboardLayout
0x476614 GetKeyState
0x476618 GetKeyNameTextA
0x47661c GetIconInfo
0x476620 GetForegroundWindow
0x476624 GetFocus
0x476628 GetDesktopWindow
0x47662c GetDCEx
0x476630 GetDC
0x476634 GetCursorPos
0x476638 GetCursor
0x47663c GetClipboardData
0x476640 GetClientRect
0x476644 GetClassNameA
0x476648 GetClassInfoA
0x47664c GetCapture
0x476650 GetActiveWindow
0x476654 FrameRect
0x476658 FindWindowA
0x47665c FillRect
0x476660 EqualRect
0x476664 EnumWindows
0x476668 EnumThreadWindows
0x47666c EndPaint
0x476670 EnableWindow
0x476674 EnableScrollBar
0x476678 EnableMenuItem
0x47667c DrawTextA
0x476680 DrawMenuBar
0x476684 DrawIconEx
0x476688 DrawIcon
0x47668c DrawFrameControl
0x476690 DrawFocusRect
0x476694 DrawEdge
0x476698 DispatchMessageA
0x47669c DestroyWindow
0x4766a0 DestroyMenu
0x4766a4 DestroyIcon
0x4766a8 DestroyCursor
0x4766ac DeleteMenu
0x4766b0 DefWindowProcA
0x4766b4 DefMDIChildProcA
0x4766b8 DefFrameProcA
0x4766bc CreatePopupMenu
0x4766c0 CreateMenu
0x4766c4 CreateIcon
0x4766c8 ClientToScreen
0x4766cc CheckMenuItem
0x4766d0 CallWindowProcA
0x4766d4 CallNextHookEx
0x4766d8 BeginPaint
0x4766dc CharNextA
0x4766e0 CharLowerBuffA
0x4766e4 CharLowerA
0x4766e8 CharUpperBuffA
0x4766ec CharToOemA
0x4766f0 AdjustWindowRectEx
Library kernel32.dll:
0x4766fc Sleep
Library oleaut32.dll:
0x476704 SafeArrayPtrOfIndex
0x476708 SafeArrayPutElement
0x47670c SafeArrayGetElement
0x476710 SafeArrayGetUBound
0x476714 SafeArrayGetLBound
0x476718 SafeArrayCreate
0x47671c VariantChangeType
0x476720 VariantCopy
0x476724 VariantClear
0x476728 VariantInit
Library ole32.dll:
0x476734 IsAccelerator
0x476738 OleDraw
0x476740 CoTaskMemFree
0x476744 ProgIDFromCLSID
0x476748 StringFromCLSID
0x47674c CoCreateInstance
0x476750 CoGetClassObject
0x476754 CoUninitialize
0x476758 CoInitialize
0x47675c IsEqualGUID
Library oleaut32.dll:
0x476764 GetErrorInfo
0x476768 GetActiveObject
0x47676c SysFreeString
Library comctl32.dll:
0x47677c ImageList_Write
0x476780 ImageList_Read
0x476790 ImageList_DragMove
0x476794 ImageList_DragLeave
0x476798 ImageList_DragEnter
0x47679c ImageList_EndDrag
0x4767a0 ImageList_BeginDrag
0x4767a4 ImageList_Remove
0x4767a8 ImageList_DrawEx
0x4767ac ImageList_Draw
0x4767bc ImageList_Add
0x4767c4 ImageList_Destroy
0x4767c8 ImageList_Create
0x4767cc InitCommonControls

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50003 239.255.255.250 3702
192.168.56.101 50539 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.