SmartHawk

2.8

中危

10 个模型检测该样本为恶意！

重新分析

下载样本

5a98454a989411b3f3c4acdbdc348e29a46eec09d707f894837fab507363e50d

4f1de6dda75733682579aa3a0676fe8f.exe

分析耗时

78s

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee		20200727	6.0.6.653
Alibaba		20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:WrongInf-G [Susp]	20200727	18.4.3895.0
Kingsoft		20200728	2013.8.14.323
Tencent		20200728	1.0.0.1
CrowdStrike	win/malicious_confidence_60% (W)	20190702	1.0

Time & API	Arguments	Status	Return	Repeated
1620726215.706081 NtAllocateVirtualMemory	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003e0000	success	0	0

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:

• 0x49f17c DeleteCriticalSection

• 0x49f180 LeaveCriticalSection

• 0x49f184 EnterCriticalSection

• 0x49f188 InitializeCriticalSection

• 0x49f18c VirtualFree

• 0x49f190 VirtualAlloc

• 0x49f194 LocalFree

• 0x49f198 LocalAlloc

• 0x49f19c GetCurrentThreadId

• 0x49f1a0 InterlockedDecrement

• 0x49f1a4 InterlockedIncrement

• 0x49f1a8 VirtualQuery

• 0x49f1ac WideCharToMultiByte

• 0x49f1b0 MultiByteToWideChar

• 0x49f1b4 lstrlenA

• 0x49f1b8 lstrcpynA

• 0x49f1bc LoadLibraryExA

• 0x49f1c0 GetThreadLocale

• 0x49f1c4 GetStartupInfoA

• 0x49f1c8 GetProcAddress

• 0x49f1cc GetModuleHandleA

• 0x49f1d0 GetModuleFileNameA

• 0x49f1d4 GetLocaleInfoA

• 0x49f1d8 GetLastError

• 0x49f1dc GetCommandLineA

• 0x49f1e0 FreeLibrary

• 0x49f1e4 FindFirstFileA

• 0x49f1e8 FindClose

• 0x49f1ec ExitProcess

• 0x49f1f0 WriteFile

• 0x49f1f4 UnhandledExceptionFilter

• 0x49f1f8 SetFilePointer

• 0x49f1fc SetEndOfFile

• 0x49f200 RtlUnwind

• 0x49f204 ReadFile

• 0x49f208 RaiseException

• 0x49f20c GetStdHandle

• 0x49f210 GetFileSize

• 0x49f214 GetFileType

• 0x49f218 CreateFileA

• 0x49f21c CloseHandle

Library user32.dll:

• 0x49f224 GetKeyboardType

• 0x49f228 LoadStringA

• 0x49f22c MessageBoxA

• 0x49f230 CharNextA

Library advapi32.dll:

• 0x49f238 RegQueryValueExA

• 0x49f23c RegOpenKeyExA

• 0x49f240 RegCloseKey

Library oleaut32.dll:

• 0x49f248 SysFreeString

• 0x49f24c SysReAllocStringLen

• 0x49f250 SysAllocStringLen

Library kernel32.dll:

• 0x49f258 TlsSetValue

• 0x49f25c TlsGetValue

• 0x49f260 LocalAlloc

• 0x49f264 GetModuleHandleA

Library advapi32.dll:

• 0x49f26c RegSetValueExA

• 0x49f270 RegQueryValueExA

• 0x49f274 RegQueryInfoKeyA

• 0x49f278 RegOpenKeyExA

• 0x49f27c RegFlushKey

• 0x49f280 RegEnumKeyExA

• 0x49f284 RegDeleteValueA

• 0x49f288 RegDeleteKeyA

• 0x49f28c RegCreateKeyExA

• 0x49f290 RegCloseKey

Library kernel32.dll:

• 0x49f298 lstrlenA

• 0x49f29c lstrcpyA

• 0x49f2a0 lstrcmpA

• 0x49f2a4 WriteFile

• 0x49f2a8 WaitForSingleObject

• 0x49f2ac VirtualQuery

• 0x49f2b0 VirtualAlloc

• 0x49f2b4 Sleep

• 0x49f2b8 SizeofResource

• 0x49f2bc SetThreadLocale

• 0x49f2c0 SetFilePointer

• 0x49f2c4 SetFileAttributesA

• 0x49f2c8 SetEvent

• 0x49f2cc SetErrorMode

• 0x49f2d0 SetEndOfFile

• 0x49f2d4 ResetEvent

• 0x49f2d8 ReadFile

• 0x49f2dc MulDiv

• 0x49f2e0 MoveFileA

• 0x49f2e4 LockResource

• 0x49f2e8 LoadResource

• 0x49f2ec LoadLibraryA

• 0x49f2f0 LeaveCriticalSection

• 0x49f2f4 InitializeCriticalSection

• 0x49f2f8 GlobalUnlock

• 0x49f2fc GlobalReAlloc

• 0x49f300 GlobalHandle

• 0x49f304 GlobalLock

• 0x49f308 GlobalFree

• 0x49f30c GlobalFindAtomA

• 0x49f310 GlobalDeleteAtom

• 0x49f314 GlobalAlloc

• 0x49f318 GlobalAddAtomA

• 0x49f31c GetWindowsDirectoryA

• 0x49f320 GetVersionExA

• 0x49f324 GetVersion

• 0x49f328 GetTickCount

• 0x49f32c GetThreadLocale

• 0x49f330 GetTempPathA

• 0x49f334 GetSystemInfo

• 0x49f338 GetStringTypeExA

• 0x49f33c GetStdHandle

• 0x49f340 GetProfileStringA

• 0x49f344 GetProcAddress

• 0x49f348 GetModuleHandleA

• 0x49f34c GetModuleFileNameA

• 0x49f350 GetLocaleInfoA

• 0x49f354 GetLocalTime

• 0x49f358 GetLastError

• 0x49f35c GetFullPathNameA

• 0x49f360 GetFileSize

• 0x49f364 GetFileAttributesA

• 0x49f368 GetEnvironmentVariableA

• 0x49f36c GetDiskFreeSpaceA

• 0x49f370 GetDateFormatA

• 0x49f374 GetCurrentThreadId

• 0x49f378 GetCurrentProcessId

• 0x49f37c GetCommandLineA

• 0x49f380 GetCPInfo

• 0x49f384 GetACP

• 0x49f388 FreeResource

• 0x49f38c FreeLibrary

• 0x49f390 FormatMessageA

• 0x49f394 FindResourceA

• 0x49f398 FindNextFileA

• 0x49f39c FindFirstFileA

• 0x49f3a0 FindClose

• 0x49f3a4 FileTimeToLocalFileTime

• 0x49f3a8 FileTimeToDosDateTime

• 0x49f3ac EnumCalendarInfoA

• 0x49f3b0 EnterCriticalSection

• 0x49f3b4 DeleteFileA

• 0x49f3b8 DeleteCriticalSection

• 0x49f3bc CreateThread

• 0x49f3c0 CreateFileA

• 0x49f3c4 CreateEventA

• 0x49f3c8 CreateDirectoryA

• 0x49f3cc CompareStringA

• 0x49f3d0 CloseHandle

Library version.dll:

• 0x49f3d8 VerQueryValueA

• 0x49f3dc GetFileVersionInfoSizeA

• 0x49f3e0 GetFileVersionInfoA

Library gdi32.dll:

• 0x49f3e8 UnrealizeObject

• 0x49f3ec StretchBlt

• 0x49f3f0 StartPage

• 0x49f3f4 StartDocA

• 0x49f3f8 SetWindowOrgEx

• 0x49f3fc SetWinMetaFileBits

• 0x49f400 SetViewportOrgEx

• 0x49f404 SetTextColor

• 0x49f408 SetStretchBltMode

• 0x49f40c SetROP2

• 0x49f410 SetPixel

• 0x49f414 SetMapMode

• 0x49f418 SetEnhMetaFileBits

• 0x49f41c SetDIBColorTable

• 0x49f420 SetBrushOrgEx

• 0x49f424 SetBkMode

• 0x49f428 SetBkColor

• 0x49f42c SetAbortProc

• 0x49f430 SelectPalette

• 0x49f434 SelectObject

• 0x49f438 SelectClipRgn

• 0x49f43c SaveDC

• 0x49f440 RestoreDC

• 0x49f444 Rectangle

• 0x49f448 RectVisible

• 0x49f44c RealizePalette

• 0x49f450 Polyline

• 0x49f454 PlayEnhMetaFile

• 0x49f458 PatBlt

• 0x49f45c MoveToEx

• 0x49f460 MaskBlt

• 0x49f464 LineTo

• 0x49f468 IntersectClipRect

• 0x49f46c GetWindowOrgEx

• 0x49f470 GetWinMetaFileBits

• 0x49f474 GetTextMetricsA

• 0x49f478 GetTextExtentPointA

• 0x49f47c GetTextExtentPoint32A

• 0x49f480 GetSystemPaletteEntries

• 0x49f484 GetStockObject

• 0x49f488 GetPixel

• 0x49f48c GetPaletteEntries

• 0x49f490 GetObjectA

• 0x49f494 GetEnhMetaFilePaletteEntries

• 0x49f498 GetEnhMetaFileHeader

• 0x49f49c GetEnhMetaFileBits

• 0x49f4a0 GetDeviceCaps

• 0x49f4a4 GetDIBits

• 0x49f4a8 GetDIBColorTable

• 0x49f4ac GetDCOrgEx

• 0x49f4b0 GetCurrentPositionEx

• 0x49f4b4 GetClipRgn

• 0x49f4b8 GetClipBox

• 0x49f4bc GetBrushOrgEx

• 0x49f4c0 GetBitmapBits

• 0x49f4c4 GdiFlush

• 0x49f4c8 ExtTextOutA

• 0x49f4cc ExcludeClipRect

• 0x49f4d0 EndPage

• 0x49f4d4 EndDoc

• 0x49f4d8 DeleteObject

• 0x49f4dc DeleteEnhMetaFile

• 0x49f4e0 DeleteDC

• 0x49f4e4 CreateSolidBrush

• 0x49f4e8 CreateRectRgn

• 0x49f4ec CreatePenIndirect

• 0x49f4f0 CreatePen

• 0x49f4f4 CreatePalette

• 0x49f4f8 CreateICA

• 0x49f4fc CreateHalftonePalette

• 0x49f500 CreateFontIndirectA

• 0x49f504 CreateDIBitmap

• 0x49f508 CreateDIBSection

• 0x49f50c CreateDCA

• 0x49f510 CreateCompatibleDC

• 0x49f514 CreateCompatibleBitmap

• 0x49f518 CreateBrushIndirect

• 0x49f51c CreateBitmap

• 0x49f520 CopyEnhMetaFileA

• 0x49f524 BitBlt

Library user32.dll:

• 0x49f52c WindowFromPoint

• 0x49f530 WinHelpA

• 0x49f534 WaitMessage

• 0x49f538 ValidateRect

• 0x49f53c UpdateWindow

• 0x49f540 UnregisterClassA

• 0x49f544 UnhookWindowsHookEx

• 0x49f548 TranslateMessage

• 0x49f54c TranslateMDISysAccel

• 0x49f550 TrackPopupMenu

• 0x49f554 SystemParametersInfoA

• 0x49f558 ShowWindow

• 0x49f55c ShowScrollBar

• 0x49f560 ShowOwnedPopups

• 0x49f564 ShowCursor

• 0x49f568 SetWindowsHookExA

• 0x49f56c SetWindowTextA

• 0x49f570 SetWindowPos

• 0x49f574 SetWindowPlacement

• 0x49f578 SetWindowLongA

• 0x49f57c SetTimer

• 0x49f580 SetScrollRange

• 0x49f584 SetScrollPos

• 0x49f588 SetScrollInfo

• 0x49f58c SetRect

• 0x49f590 SetPropA

• 0x49f594 SetMenuItemInfoA

• 0x49f598 SetMenu

• 0x49f59c SetForegroundWindow

• 0x49f5a0 SetFocus

• 0x49f5a4 SetDlgItemTextA

• 0x49f5a8 SetCursor

• 0x49f5ac SetClipboardData

• 0x49f5b0 SetClassLongA

• 0x49f5b4 SetCapture

• 0x49f5b8 SetActiveWindow

• 0x49f5bc SendMessageA

• 0x49f5c0 SendDlgItemMessageA

• 0x49f5c4 ScrollWindow

• 0x49f5c8 ScreenToClient

• 0x49f5cc RemovePropA

• 0x49f5d0 RemoveMenu

• 0x49f5d4 ReleaseDC

• 0x49f5d8 ReleaseCapture

• 0x49f5dc RegisterWindowMessageA

• 0x49f5e0 RegisterClipboardFormatA

• 0x49f5e4 RegisterClassA

• 0x49f5e8 RedrawWindow

• 0x49f5ec PtInRect

• 0x49f5f0 PostQuitMessage

• 0x49f5f4 PostMessageA

• 0x49f5f8 PeekMessageA

• 0x49f5fc OpenClipboard

• 0x49f600 OffsetRect

• 0x49f604 OemToCharA

• 0x49f608 MessageBoxA

• 0x49f60c MessageBeep

• 0x49f610 MapWindowPoints

• 0x49f614 MapVirtualKeyA

• 0x49f618 LoadStringA

• 0x49f61c LoadKeyboardLayoutA

• 0x49f620 LoadIconA

• 0x49f624 LoadCursorA

• 0x49f628 LoadBitmapA

• 0x49f62c KillTimer

• 0x49f630 IsZoomed

• 0x49f634 IsWindowVisible

• 0x49f638 IsWindowEnabled

• 0x49f63c IsWindow

• 0x49f640 IsRectEmpty

• 0x49f644 IsIconic

• 0x49f648 IsDialogMessageA

• 0x49f64c IsChild

• 0x49f650 InvalidateRect

• 0x49f654 IntersectRect

• 0x49f658 InsertMenuItemA

• 0x49f65c InsertMenuA

• 0x49f660 InflateRect

• 0x49f664 GetWindowThreadProcessId

• 0x49f668 GetWindowTextA

• 0x49f66c GetWindowRect

• 0x49f670 GetWindowPlacement

• 0x49f674 GetWindowLongA

• 0x49f678 GetWindowDC

• 0x49f67c GetUpdateRect

• 0x49f680 GetTopWindow

• 0x49f684 GetSystemMetrics

• 0x49f688 GetSystemMenu

• 0x49f68c GetSysColor

• 0x49f690 GetSubMenu

• 0x49f694 GetScrollRange

• 0x49f698 GetScrollPos

• 0x49f69c GetScrollInfo

• 0x49f6a0 GetPropA

• 0x49f6a4 GetParent

• 0x49f6a8 GetWindow

• 0x49f6ac GetMessagePos

• 0x49f6b0 GetMenuStringA

• 0x49f6b4 GetMenuState

• 0x49f6b8 GetMenuItemInfoA

• 0x49f6bc GetMenuItemID

• 0x49f6c0 GetMenuItemCount

• 0x49f6c4 GetMenu

• 0x49f6c8 GetLastActivePopup

• 0x49f6cc GetKeyboardState

• 0x49f6d0 GetKeyboardLayoutList

• 0x49f6d4 GetKeyboardLayout

• 0x49f6d8 GetKeyState

• 0x49f6dc GetKeyNameTextA

• 0x49f6e0 GetIconInfo

• 0x49f6e4 GetForegroundWindow

• 0x49f6e8 GetFocus

• 0x49f6ec GetDlgItemTextA

• 0x49f6f0 GetDlgItem

• 0x49f6f4 GetDesktopWindow

• 0x49f6f8 GetDCEx

• 0x49f6fc GetDC

• 0x49f700 GetCursorPos

• 0x49f704 GetCursor

• 0x49f708 GetClipboardData

• 0x49f70c GetClientRect

• 0x49f710 GetClassNameA

• 0x49f714 GetClassInfoA

• 0x49f718 GetCapture

• 0x49f71c GetActiveWindow

• 0x49f720 FrameRect

• 0x49f724 FindWindowA

• 0x49f728 FillRect

• 0x49f72c EqualRect

• 0x49f730 EnumWindows

• 0x49f734 EnumThreadWindows

• 0x49f738 EnumClipboardFormats

• 0x49f73c EndPaint

• 0x49f740 EnableWindow

• 0x49f744 EnableScrollBar

• 0x49f748 EnableMenuItem

• 0x49f74c EmptyClipboard

• 0x49f750 DrawTextA

• 0x49f754 DrawMenuBar

• 0x49f758 DrawIconEx

• 0x49f75c DrawIcon

• 0x49f760 DrawFrameControl

• 0x49f764 DrawFocusRect

• 0x49f768 DrawEdge

• 0x49f76c DispatchMessageA

• 0x49f770 DestroyWindow

• 0x49f774 DestroyMenu

• 0x49f778 DestroyIcon

• 0x49f77c DestroyCursor

• 0x49f780 DeleteMenu

• 0x49f784 DefWindowProcA

• 0x49f788 DefMDIChildProcA

• 0x49f78c DefFrameProcA

• 0x49f790 CreateWindowExA

• 0x49f794 CreatePopupMenu

• 0x49f798 CreateMenu

• 0x49f79c CreateIcon

• 0x49f7a0 CloseClipboard

• 0x49f7a4 ClientToScreen

• 0x49f7a8 ChildWindowFromPoint

• 0x49f7ac CheckMenuItem

• 0x49f7b0 CallWindowProcA

• 0x49f7b4 CallNextHookEx

• 0x49f7b8 BeginPaint

• 0x49f7bc CharNextA

• 0x49f7c0 CharLowerBuffA

• 0x49f7c4 CharLowerA

• 0x49f7c8 CharUpperBuffA

• 0x49f7cc AdjustWindowRectEx

• 0x49f7d0 ActivateKeyboardLayout

Library kernel32.dll:

• 0x49f7d8 Sleep

Library oleaut32.dll:

• 0x49f7e0 SafeArrayPtrOfIndex

• 0x49f7e4 SafeArrayPutElement

• 0x49f7e8 SafeArrayGetElement

• 0x49f7ec SafeArrayGetUBound

• 0x49f7f0 SafeArrayGetLBound

• 0x49f7f4 SafeArrayRedim

• 0x49f7f8 SafeArrayCreate

• 0x49f7fc VariantChangeTypeEx

• 0x49f800 VariantCopyInd

• 0x49f804 VariantCopy

• 0x49f808 VariantClear

• 0x49f80c VariantInit

Library ole32.dll:

• 0x49f814 CoTaskMemFree

• 0x49f818 CoCreateInstance

• 0x49f81c CoUninitialize

• 0x49f820 CoInitialize

Library comctl32.dll:

• 0x49f828 ImageList_SetIconSize

• 0x49f82c ImageList_GetIconSize

• 0x49f830 ImageList_Write

• 0x49f834 ImageList_Read

• 0x49f838 ImageList_GetDragImage

• 0x49f83c ImageList_DragShowNolock

• 0x49f840 ImageList_SetDragCursorImage

• 0x49f844 ImageList_DragMove

• 0x49f848 ImageList_DragLeave

• 0x49f84c ImageList_DragEnter

• 0x49f850 ImageList_EndDrag

• 0x49f854 ImageList_BeginDrag

• 0x49f858 ImageList_Remove

• 0x49f85c ImageList_DrawEx

• 0x49f860 ImageList_Replace

• 0x49f864 ImageList_Draw

• 0x49f868 ImageList_GetBkColor

• 0x49f86c ImageList_SetBkColor

• 0x49f870 ImageList_ReplaceIcon

• 0x49f874 ImageList_Add

• 0x49f878 ImageList_GetImageCount

• 0x49f87c ImageList_Destroy

• 0x49f880 ImageList_Create

• 0x49f884 InitCommonControls

Library winspool.drv:

• 0x49f88c OpenPrinterA

• 0x49f890 EnumPrintersA

• 0x49f894 DocumentPropertiesA

• 0x49f898 ClosePrinter

Library shell32.dll:

• 0x49f8a0 ShellExecuteA

Library shell32.dll:

• 0x49f8a8 SHGetSpecialFolderLocation

• 0x49f8ac SHGetPathFromIDListA

• 0x49f8b0 SHGetMalloc

• 0x49f8b4 SHBrowseForFolderA

Library comdlg32.dll:

• 0x49f8bc GetSaveFileNameA

• 0x49f8c0 GetOpenFileNameA

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	65004	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58368	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.

section	CODE
section	DATA
section	BSS

Zillya	Worm.Mabezat.Win32.56241
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:WrongInf-G [Susp]
AegisLab	Riskware.Win32.Generic.1!c
SentinelOne	DFI - Suspicious PE
VBA32	BScope.Adware.InstallCore
eGambit	Unsafe.AI_Score_100%
AVG	Win32:WrongInf-G [Susp]
CrowdStrike	win/malicious_confidence_60% (W)