5.4
中危
该样本未表现出任何异常!
重新分析
更多

8f3b473de56c3597a49826f0ca2f762880c714938be2d1148fc6356c0b151c09

4c07d821556bd0e6c938e5cfb8199380.exe

分析耗时

78s

最近分析

文件大小

536.1KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1620726241.974429
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1620726226.099429
CryptGenKey
crypto_handle: 0x006fb6e0
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00644530
flags: 1
key: fÊ|I­‡ „T\nPÔ
success 1 0
1620726241.990429
CryptExportKey
crypto_handle: 0x006fb6e0
crypto_export_handle: 0x006445f8
buffer: f¤´Ú¨Ÿ(D¿ƒ¬löþ=a >3ӀX,ÃÝo^Ã*É‘º¼=GYøÑè¡Áž˜Í¨õpǾê8 éûã­ÓQUÛ¹VT¡[8¡Ú豯Oõ\Ùå/Ñ9ýљø¿ú#
blob_type: 1
flags: 64
success 1 0
1620726276.693429
CryptExportKey
crypto_handle: 0x006fb6e0
crypto_export_handle: 0x006445f8
buffer: f¤Ø7×f /èà[áyõ Ʀì,æÝ»±?Š­”|FâܳXj®œÜ±Ž)hܗŒ“+áõv|7ùjrCð@S·"®©œ¹ŒÇ:ÙÝ{¼í<êQ˜ :|ÍY¿8‡
blob_type: 1
flags: 64
success 1 0
1620726281.990429
CryptExportKey
crypto_handle: 0x006fb6e0
crypto_export_handle: 0x006445f8
buffer: f¤ïáàEãu Šm¶ª ÈÏáÕ¨-Íxó¯À®%±Çªn¢ru×ãžæO w갞bT¯×˜*y¢}ñ8çôÆf#¶Mºxēìâ€Ó oQp'^¸Á¦sÔÞ¬„
blob_type: 1
flags: 64
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
行为判定
动态指标
Performs some HTTP requests (3 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620730340&mv=m&mvi=1&pl=23&shardbypass=yes
request HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=e26a3da740970e37&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620730340&mv=m&mvi=3
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620726225.271429
NtAllocateVirtualMemory
process_identifier: 784
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01e30000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620726242.662429
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process 4c07d821556bd0e6c938e5cfb8199380.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1620726242.209429
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 172.217.24.14
host 209.236.123.42
host 91.121.54.71
host 98.13.75.196
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620726245.224429
RegSetValueExA
key_handle: 0x00000394
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620726245.224429
RegSetValueExA
key_handle: 0x00000394
value: ƺ°™F×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620726245.224429
RegSetValueExA
key_handle: 0x00000394
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620726245.224429
RegSetValueExW
key_handle: 0x00000394
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620726245.224429
RegSetValueExA
key_handle: 0x000003ac
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620726245.224429
RegSetValueExA
key_handle: 0x000003ac
value: ƺ°™F×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620726245.224429
RegSetValueExA
key_handle: 0x000003ac
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620726245.256429
RegSetValueExW
key_handle: 0x00000390
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 91.121.54.71:8080
dead_host 98.13.75.196:80
dead_host 192.168.56.101:49183
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-28 00:23:48

Imports

Library MFC42.DLL:
0x418090
0x418094
0x418098
0x41809c
0x4180a0
0x4180a4
0x4180a8
0x4180ac
0x4180b0
0x4180b4
0x4180b8
0x4180bc
0x4180c0
0x4180c4
0x4180c8
0x4180cc
0x4180d0
0x4180d4
0x4180d8
0x4180dc
0x4180e0
0x4180e4
0x4180e8
0x4180ec
0x4180f0
0x4180f4
0x4180f8
0x4180fc
0x418100
0x418104
0x418108
0x41810c
0x418110
0x418114
0x418118
0x41811c
0x418120
0x418124
0x418128
0x41812c
0x418130
0x418134
0x418138
0x41813c
0x418140
0x418144
0x418148
0x41814c
0x418150
0x418154
0x418158
0x41815c
0x418160
0x418164
0x418168
0x41816c
0x418170
0x418174
0x418178
0x41817c
0x418180
0x418184
0x418188
0x41818c
0x418190
0x418194
0x418198
0x41819c
0x4181a0
0x4181a4
0x4181a8
0x4181ac
0x4181b0
0x4181b4
0x4181b8
0x4181bc
0x4181c0
0x4181c4
0x4181c8
0x4181cc
0x4181d0
0x4181d4
0x4181d8
0x4181dc
0x4181e0
0x4181e4
0x4181e8
0x4181ec
0x4181f0
0x4181f4
0x4181f8
0x4181fc
0x418200
0x418204
0x418208
0x41820c
0x418210
0x418214
0x418218
0x41821c
0x418220
0x418224
0x418228
0x41822c
0x418230
0x418234
0x418238
0x41823c
0x418240
0x418244
0x418248
0x41824c
0x418250
0x418254
0x418258
0x41825c
0x418260
0x418264
0x418268
0x41826c
0x418270
0x418274
0x418278
0x41827c
0x418280
0x418284
0x418288
0x41828c
0x418290
0x418294
0x418298
0x41829c
0x4182a0
0x4182a4
0x4182a8
0x4182ac
0x4182b0
0x4182b4
0x4182b8
0x4182bc
0x4182c0
0x4182c4
0x4182c8
0x4182cc
0x4182d0
Library MSVCRT.dll:
0x4182ec _except_handler3
0x4182f0 _setmbcp
0x4182f4 __CxxFrameHandler
0x4182f8 _EH_prolog
0x4182fc memset
0x418300 strlen
0x418304 _ftol
0x418308 _mbsnbcpy
0x41830c _wcslwr
0x418310 malloc
0x418314 _mbsstr
0x418318 __dllonexit
0x41831c _onexit
0x418320 _exit
0x418324 _XcptFilter
0x418328 exit
0x41832c _acmdln
0x418330 __getmainargs
0x418334 _initterm
0x418338 __setusermatherr
0x41833c _adjust_fdiv
0x418340 __p__commode
0x418344 __p__fmode
0x418348 __set_app_type
0x41834c _controlfp
Library KERNEL32.dll:
0x418058 GetStartupInfoA
0x41805c GetModuleHandleA
0x418060 ExitProcess
0x418064 GetLastError
0x418068 VirtualAlloc
0x41806c FreeLibrary
0x418070 LoadLibraryA
0x418078 lstrcpyA
0x41807c WinExec
0x418080 lstrlenA
0x418084 GetProcAddress
0x418088 lstrcatA
Library USER32.dll:
0x418360 LoadIconA
0x418364 InSendMessage
0x418368 CreateWindowExA
0x41836c ShowWindow
0x418370 KillTimer
0x418374 SetWindowLongA
0x418378 GetIconInfo
0x41837c SetTimer
0x418380 PtInRect
0x418384 ScreenToClient
0x418388 GetMessagePos
0x41838c IsWindow
0x418390 CopyIcon
0x418394 LoadCursorA
0x418398 GetDC
0x41839c CreateIconIndirect
0x4183a0 EnableWindow
0x4183a4 FillRect
0x4183a8 DrawStateA
0x4183ac GetClientRect
0x4183b0 CopyRect
0x4183b4 FrameRect
0x4183b8 InflateRect
0x4183bc GetSysColor
0x4183c0 OffsetRect
0x4183c4 DrawFocusRect
0x4183c8 GetWindowRect
0x4183cc GetSubMenu
0x4183d0 TrackPopupMenuEx
0x4183d4 PostMessageA
0x4183d8 ClientToScreen
0x4183dc WindowFromPoint
0x4183e0 GetActiveWindow
0x4183e4 InvalidateRect
0x4183e8 LoadMenuA
0x4183ec ReleaseDC
0x4183f0 LoadImageA
0x4183f4 SetCursor
0x4183f8 GetParent
0x4183fc GetNextDlgTabItem
0x418400 SendMessageA
0x418404 GetWindowLongA
0x418408 DestroyIcon
0x41840c DestroyCursor
0x418410 DestroyMenu
0x418414 MessageBeep
Library GDI32.dll:
0x41801c CreateFontIndirectA
0x418020 GetObjectA
0x418024 GetPixel
0x418028 SetPixel
0x41802c CreateBitmap
0x418030 DeleteObject
0x418034 GetStockObject
0x418038 SelectObject
0x418040 CreateCompatibleDC
0x418044 BitBlt
0x418048 DeleteDC
0x41804c SetTextColor
0x418050 SetBkColor
Library ADVAPI32.dll:
0x418000 RegQueryValueA
0x418004 RegOpenKeyExA
0x418008 RegCloseKey
Library SHELL32.dll:
0x418354 ShellExecuteExA
0x418358 ShellExecuteA
Library COMCTL32.dll:
0x418010 _TrackMouseEvent
Library MSVCP60.dll:

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49187 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49188 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49186 203.208.41.33 redirector.gvt1.com 80
192.168.56.101 49184 203.208.41.98 update.googleapis.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 54178 114.114.114.114 53
192.168.56.101 58970 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57236 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=e26a3da740970e37&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620730340&mv=m&mvi=3 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=e26a3da740970e37&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620730340&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620730340&mv=m&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620730340&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.