1.0
低危
该样本未表现出任何异常!
重新分析
更多

2869a9ca0b408f1d965d4b2fdcb05608bba6527d1c4f694966865a0c685c059f

4e58383ef8d61eac0d8c1bf21a2e29d3.exe

分析耗时

83s

最近分析

文件大小

2.0MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20201027 6.0.6.653
Baidu 20190318 1.0.0.2
Alibaba 20190527 0.3.0.5
Kingsoft 20201027 2013.8.14.323
Tencent 20201027 1.0.0.1
Avast 20201027 18.4.3895.0
CrowdStrike 20190702 1.0
静态指标
This executable has a PDB path (1 个事件)
pdb_path C:\JobRelease\win\Release\stubs\x86\ExternalUi.pdb
The file contains an unknown PE resource name possibly indicative of a packer (2 个事件)
resource name IMAGE_FILE
resource name RTF_FILE
行为判定
动态指标
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-05-28 20:50:53

Imports

Library KERNEL32.dll:
0x578000 CreateFileW
0x578004 CloseHandle
0x578008 WriteFile
0x57800c DeleteFileW
0x578010 HeapDestroy
0x578014 HeapSize
0x578018 HeapReAlloc
0x57801c HeapFree
0x578020 HeapAlloc
0x578024 GetProcessHeap
0x578028 RemoveDirectoryW
0x57802c GetTempPathW
0x578030 GetTempFileNameW
0x578034 CreateDirectoryW
0x578038 MoveFileW
0x57803c GetLastError
0x578040 SizeofResource
0x578044 LockResource
0x578048 LoadResource
0x57804c FindResourceW
0x578050 FindResourceExW
0x57805c GetModuleFileNameW
0x578068 GetCurrentThreadId
0x57806c RaiseException
0x578070 SetLastError
0x578074 GlobalUnlock
0x578078 GlobalLock
0x57807c GlobalAlloc
0x578080 MulDiv
0x578084 lstrcmpW
0x578088 CreateEventW
0x57808c SetEvent
0x578094 lstrcpynW
0x578098 WaitForSingleObject
0x57809c CreateThread
0x5780a0 GetProcAddress
0x5780a4 LoadLibraryExW
0x5780a8 DecodePointer
0x5780ac Sleep
0x5780b0 GetDiskFreeSpaceExW
0x5780b4 GetExitCodeThread
0x5780b8 GetCurrentProcessId
0x5780bc FreeLibrary
0x5780c0 GetSystemDirectoryW
0x5780c4 lstrlenW
0x5780c8 VerifyVersionInfoW
0x5780cc VerSetConditionMask
0x5780d0 lstrcmpiW
0x5780d4 GetModuleHandleW
0x5780d8 LoadLibraryW
0x5780dc GetDriveTypeW
0x5780e0 CompareStringW
0x5780e4 FindFirstFileW
0x5780e8 FindNextFileW
0x5780f0 GetFileSize
0x5780f4 GetFileAttributesW
0x5780f8 GetShortPathNameW
0x5780fc SetFileAttributesW
0x578100 GetFileTime
0x578104 CopyFileW
0x578108 ReadFile
0x57810c SetFilePointer
0x578110 FindClose
0x578114 MultiByteToWideChar
0x578118 WideCharToMultiByte
0x57811c GetCurrentProcess
0x578120 GetSystemInfo
0x578128 ReadConsoleW
0x57812c VirtualProtect
0x578130 VirtualQuery
0x578134 LoadLibraryExA
0x578138 GetStringTypeW
0x578150 FormatMessageW
0x578154 LocalFree
0x578158 LoadLibraryA
0x57815c GetModuleFileNameA
0x578160 GetFullPathNameW
0x578164 GetCurrentThread
0x578168 FlushFileBuffers
0x578170 GetStdHandle
0x578178 OutputDebugStringW
0x57817c CreateProcessW
0x578180 GetExitCodeProcess
0x578184 GetTickCount
0x578188 GetCommandLineW
0x578190 SetEndOfFile
0x578198 GetLocaleInfoW
0x5781a8 GetSystemTime
0x5781b0 Process32FirstW
0x5781b4 Process32NextW
0x5781b8 ResetEvent
0x5781bc GlobalFree
0x5781cc GetLocalTime
0x5781d0 CreateNamedPipeW
0x5781d4 ConnectNamedPipe
0x5781d8 TerminateThread
0x5781dc LocalAlloc
0x5781e0 CompareFileTime
0x5781e4 CopyFileExW
0x5781e8 OpenEventW
0x5781ec PeekNamedPipe
0x5781f0 IsDebuggerPresent
0x5781f4 EncodePointer
0x5781f8 InitializeSListHead
0x57820c VirtualAlloc
0x578210 VirtualFree
0x57821c SwitchToThread
0x578220 TlsAlloc
0x578224 TlsGetValue
0x578228 TlsSetValue
0x57822c TlsFree
0x578234 GetCPInfo
0x578238 LCMapStringW
0x578244 TerminateProcess
0x578248 GetStartupInfoW
0x57824c RtlUnwind
0x578250 ExitProcess
0x578254 GetModuleHandleExW
0x578258 GetFileType
0x57825c IsValidLocale
0x578260 GetUserDefaultLCID
0x578264 EnumSystemLocalesW
0x578268 GetConsoleCP
0x57826c GetConsoleMode
0x578270 IsValidCodePage
0x578274 GetACP
0x578278 GetOEMCP
0x57827c GetFileSizeEx
0x578280 SetFilePointerEx
0x578284 FindFirstFileExW
0x578288 GetCommandLineA
0x578290 SetStdHandle
0x578294 WriteConsoleW

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51809 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 60124 239.255.255.250 3702
192.168.56.101 62194 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.