SmartHawk

1.6

低危

该样本未表现出任何异常！

3ec6e86a35f4ee469b33a671d05cdb507cf848ce34993008d51693fa07f9cc0c

4fbcb9d49a4dff457de7a04bd39d033a.exe

分析耗时

67s

最近分析

文件大小

1.3MB

静态报毒动态报毒

未检测暂无鹰眼引擎检测结果

未检测暂无反病毒引擎检测结果

This executable has a PDB path (1 个事件)

pdb_path

D:\xwork_vs2015\FreeAppMod\Bin\upd.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.gfids

The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)

resource name

DATA

Foreign language identified in PE resource (10 个事件)

name

DATA

language

LANG_CHINESE

offset

0x00138500

filetype

Zip archive data, at least v2.0 to extract

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00002b7b

name

RT_ICON

language

LANG_CHINESE

offset

0x00127b50

filetype

dBase III DBT, version number 0, next free block index 40

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00010828

name

RT_ICON

language

LANG_CHINESE

offset

0x00127b50

filetype

dBase III DBT, version number 0, next free block index 40

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00010828

name

RT_MENU

language

LANG_CHINESE

offset

0x00138390

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000050

name

RT_DIALOG

language

LANG_CHINESE

offset

0x001383f0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000010c

name

RT_STRING

language

LANG_CHINESE

offset

0x0013b330

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000002c

name

RT_ACCELERATOR

language

LANG_CHINESE

offset

0x001383e0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000010

name

RT_GROUP_ICON

language

LANG_CHINESE

offset

0x00138378

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000014

name

RT_GROUP_ICON

language

LANG_CHINESE

offset

0x00138378

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000014

name

RT_VERSION

language

LANG_CHINESE

offset

0x0013b080

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000002b0

Communicates with host for which no DNS query was performed (2 个事件)

host	192.119.178.149
host	172.217.24.14

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2019-04-19 16:01:18

Imports

Library KERNEL32.dll:

• 0x4df118 GetPrivateProfileStringA

• 0x4df11c GetCurrentDirectoryW

• 0x4df120 FindClose

• 0x4df124 FreeResource

• 0x4df128 LocalFree

• 0x4df12c GetCommandLineW

• 0x4df130 SetCurrentDirectoryW

• 0x4df134 GetModuleFileNameW

• 0x4df138 FindNextFileW

• 0x4df13c FindFirstFileW

• 0x4df140 Process32NextW

• 0x4df144 Process32FirstW

• 0x4df148 CreateToolhelp32Snapshot

• 0x4df14c DeleteCriticalSection

• 0x4df150 DecodePointer

• 0x4df154 RaiseException

• 0x4df158 InitializeCriticalSectionAndSpinCount

• 0x4df15c SetFilePointer

• 0x4df160 CloseHandle

• 0x4df164 ReadFile

• 0x4df168 CreateFileA

• 0x4df16c MultiByteToWideChar

• 0x4df170 GetLastError

• 0x4df174 WideCharToMultiByte

• 0x4df178 WritePrivateProfileStringW

• 0x4df17c GetLocalTime

• 0x4df180 GetPrivateProfileStringW

• 0x4df184 GetComputerNameW

• 0x4df188 GetSystemDirectoryW

• 0x4df18c Sleep

• 0x4df190 CreateDirectoryW

• 0x4df194 FreeLibrary

• 0x4df198 GetProcAddress

• 0x4df19c LoadLibraryW

• 0x4df1a0 WaitForSingleObject

• 0x4df1a4 CreateProcessW

• 0x4df1a8 GetTempPathW

• 0x4df1ac FindResourceExW

• 0x4df1b0 FindResourceW

• 0x4df1b4 LoadResource

• 0x4df1b8 LockResource

• 0x4df1bc SizeofResource

• 0x4df1c0 GetProcessHeap

• 0x4df1c4 HeapAlloc

• 0x4df1c8 HeapFree

• 0x4df1cc HeapReAlloc

• 0x4df1d0 HeapSize

• 0x4df1d4 HeapDestroy

• 0x4df1d8 SetEndOfFile

• 0x4df1dc GetFileAttributesExW

• 0x4df1e0 WriteConsoleW

• 0x4df1e4 SetEnvironmentVariableA

• 0x4df1e8 FreeEnvironmentStringsW

• 0x4df1ec GetEnvironmentStringsW

• 0x4df1f0 GetCommandLineA

• 0x4df1f4 GetCPInfo

• 0x4df1f8 GetOEMCP

• 0x4df1fc IsValidCodePage

• 0x4df200 IsDebuggerPresent

• 0x4df204 OutputDebugStringW

• 0x4df208 EnterCriticalSection

• 0x4df20c LeaveCriticalSection

• 0x4df210 GetACP

• 0x4df214 GlobalLock

• 0x4df218 GlobalUnlock

• 0x4df21c GetTickCount

• 0x4df220 lstrlenW

• 0x4df224 GetModuleHandleW

• 0x4df228 ExitProcess

• 0x4df22c GetFileSize

• 0x4df230 CreateFileW

• 0x4df234 FormatMessageW

• 0x4df238 VerSetConditionMask

• 0x4df23c GetCurrentProcessId

• 0x4df240 MulDiv

• 0x4df244 GetCurrentProcess

• 0x4df248 GetFileType

• 0x4df24c WriteFile

• 0x4df250 SetFileTime

• 0x4df254 DuplicateHandle

• 0x4df258 SystemTimeToFileTime

• 0x4df25c DosDateTimeToFileTime

• 0x4df260 GlobalAlloc

• 0x4df264 InterlockedIncrement

• 0x4df268 InterlockedDecrement

• 0x4df26c lstrcpyW

• 0x4df270 InitializeCriticalSection

• 0x4df274 SleepEx

• 0x4df278 WaitForMultipleObjects

• 0x4df27c GetStdHandle

• 0x4df280 PeekNamedPipe

• 0x4df284 ExpandEnvironmentStringsA

• 0x4df288 SetLastError

• 0x4df28c FormatMessageA

• 0x4df290 LoadLibraryA

• 0x4df294 GetModuleHandleA

• 0x4df298 GetSystemDirectoryA

• 0x4df29c VerifyVersionInfoA

• 0x4df2a0 SetEvent

• 0x4df2a4 ResetEvent

• 0x4df2a8 WaitForSingleObjectEx

• 0x4df2ac CreateEventW

• 0x4df2b0 UnhandledExceptionFilter

• 0x4df2b4 SetUnhandledExceptionFilter

• 0x4df2b8 TerminateProcess

• 0x4df2bc IsProcessorFeaturePresent

• 0x4df2c0 GetStartupInfoW

• 0x4df2c4 QueryPerformanceCounter

• 0x4df2c8 GetCurrentThreadId

• 0x4df2cc GetSystemTimeAsFileTime

• 0x4df2d0 InitializeSListHead

• 0x4df2d4 EncodePointer

• 0x4df2d8 RtlUnwind

• 0x4df2dc TlsAlloc

• 0x4df2e0 TlsGetValue

• 0x4df2e4 TlsSetValue

• 0x4df2e8 TlsFree

• 0x4df2ec LoadLibraryExW

• 0x4df2f0 CreateThread

• 0x4df2f4 ExitThread

• 0x4df2f8 FreeLibraryAndExitThread

• 0x4df2fc GetModuleHandleExW

• 0x4df300 GetDriveTypeW

• 0x4df304 SystemTimeToTzSpecificLocalTime

• 0x4df308 FileTimeToSystemTime

• 0x4df30c SetFilePointerEx

• 0x4df310 GetConsoleMode

• 0x4df314 ReadConsoleW

• 0x4df318 GetConsoleCP

• 0x4df31c GetStringTypeW

• 0x4df320 CompareStringW

• 0x4df324 LCMapStringW

• 0x4df328 GetLocaleInfoW

• 0x4df32c IsValidLocale

• 0x4df330 GetUserDefaultLCID

• 0x4df334 EnumSystemLocalesW

• 0x4df338 GetTimeZoneInformation

• 0x4df33c GetFullPathNameW

• 0x4df340 SetStdHandle

• 0x4df344 FlushFileBuffers

• 0x4df348 FindFirstFileExW

Library USER32.dll:

• 0x4df388 GetMessageW

• 0x4df38c TranslateMessage

• 0x4df390 DispatchMessageW

• 0x4df394 SendMessageW

• 0x4df398 PostMessageW

• 0x4df39c CreateWindowExW

• 0x4df3a0 IsWindow

• 0x4df3a4 DestroyWindow

• 0x4df3a8 IsWindowVisible

• 0x4df3ac IsZoomed

• 0x4df3b0 CharNextW

• 0x4df3b4 SetFocus

• 0x4df3b8 GetActiveWindow

• 0x4df3bc GetFocus

• 0x4df3c0 GetKeyState

• 0x4df3c4 SetCapture

• 0x4df3c8 ReleaseCapture

• 0x4df3cc SetTimer

• 0x4df3d0 KillTimer

• 0x4df3d4 GetDC

• 0x4df3d8 ReleaseDC

• 0x4df3dc BeginPaint

• 0x4df3e0 EndPaint

• 0x4df3e4 GetUpdateRect

• 0x4df3e8 InvalidateRect

• 0x4df3ec GetClientRect

• 0x4df3f0 GetCursorPos

• 0x4df3f4 CreateCaret

• 0x4df3f8 GetCaretBlinkTime

• 0x4df3fc SetCaretPos

• 0x4df400 ScreenToClient

• 0x4df404 MapWindowPoints

• 0x4df408 GetSysColor

• 0x4df40c IntersectRect

• 0x4df410 IsRectEmpty

• 0x4df414 PtInRect

• 0x4df418 GetWindowLongW

• 0x4df41c SetWindowLongW

• 0x4df420 GetParent

• 0x4df424 GetWindow

• 0x4df428 LoadImageW

• 0x4df42c LoadCursorW

• 0x4df430 MessageBoxW

• 0x4df434 MonitorFromWindow

• 0x4df438 GetMonitorInfoW

• 0x4df43c DefWindowProcW

• 0x4df440 PostQuitMessage

• 0x4df444 CallWindowProcW

• 0x4df448 RegisterClassW

• 0x4df44c RegisterClassExW

• 0x4df450 GetClassInfoExW

• 0x4df454 EnableWindow

• 0x4df458 InflateRect

• 0x4df45c GetPropW

• 0x4df460 UpdateLayeredWindow

• 0x4df464 GetWindowRgn

• 0x4df468 CharPrevW

• 0x4df46c DrawTextW

• 0x4df470 FillRect

• 0x4df474 SetRect

• 0x4df478 CreatePopupMenu

• 0x4df47c DestroyMenu

• 0x4df480 EnableMenuItem

• 0x4df484 AppendMenuW

• 0x4df488 TrackPopupMenu

• 0x4df48c HideCaret

• 0x4df490 ShowCaret

• 0x4df494 GetCaretPos

• 0x4df498 ClientToScreen

• 0x4df49c IsWindowEnabled

• 0x4df4a0 GetWindowTextW

• 0x4df4a4 GetWindowTextLengthW

• 0x4df4a8 CreateAcceleratorTableW

• 0x4df4ac InvalidateRgn

• 0x4df4b0 GetGUIThreadInfo

• 0x4df4b4 SetForegroundWindow

• 0x4df4b8 GetKeyboardLayout

• 0x4df4bc GetKeyNameTextW

• 0x4df4c0 MapVirtualKeyExW

• 0x4df4c4 OffsetRect

• 0x4df4c8 SetWindowRgn

• 0x4df4cc UnionRect

• 0x4df4d0 SetCursor

• 0x4df4d4 GetWindowThreadProcessId

• 0x4df4d8 GetShellWindow

• 0x4df4dc wsprintfW

• 0x4df4e0 ShowWindow

• 0x4df4e4 GetSystemMetrics

• 0x4df4e8 FindWindowW

• 0x4df4ec GetWindowRect

• 0x4df4f0 SetWindowPos

• 0x4df4f4 GetDesktopWindow

• 0x4df4f8 SetWindowTextW

• 0x4df4fc WindowFromPoint

• 0x4df500 GetForegroundWindow

• 0x4df504 IsIconic

• 0x4df508 MoveWindow

• 0x4df50c GetClassNameW

• 0x4df510 SetPropW

Library ADVAPI32.dll:

• 0x4df000 CryptHashData

• 0x4df004 RegOpenKeyExW

• 0x4df008 RegOpenKeyW

• 0x4df00c CryptAcquireContextA

• 0x4df010 CryptReleaseContext

• 0x4df014 CryptGetHashParam

• 0x4df018 CryptCreateHash

• 0x4df01c CryptDestroyHash

• 0x4df020 CryptDestroyKey

• 0x4df024 CryptImportKey

• 0x4df028 CryptEncrypt

• 0x4df02c RegCloseKey

• 0x4df030 RegQueryValueExW

• 0x4df034 RegEnumValueW

Library SHELL32.dll:

• 0x4df364 SHGetSpecialFolderPathW

• 0x4df368 CommandLineToArgvW

• 0x4df36c ShellExecuteExW

• 0x4df370 DragQueryFileW

• 0x4df374 Shell_NotifyIconW

Library ole32.dll:

• 0x4df684 OleLockRunning

• 0x4df688 CLSIDFromProgID

• 0x4df68c CLSIDFromString

• 0x4df690 CreateStreamOnHGlobal

• 0x4df694 ReleaseStgMedium

• 0x4df698 OleDuplicateData

• 0x4df69c DoDragDrop

• 0x4df6a0 RevokeDragDrop

• 0x4df6a4 RegisterDragDrop

• 0x4df6a8 CoCreateInstance

• 0x4df6ac CoInitialize

• 0x4df6b0 CoUninitialize

Library SHLWAPI.dll:

• 0x4df37c PathIsDirectoryW

• 0x4df380 PathRemoveFileSpecW

Library urlmon.dll:

• 0x4df6b8 URLDownloadToFileW

Library WININET.dll:

• 0x4df518 DeleteUrlCacheEntryW

Library WS2_32.dll:

• 0x4df564 socket

• 0x4df568 ioctlsocket

• 0x4df56c sendto

• 0x4df570 listen

• 0x4df574 gethostbyname

• 0x4df578 gethostname

• 0x4df57c WSAStartup

• 0x4df580 WSACleanup

• 0x4df584 WSAGetLastError

• 0x4df588 __WSAFDIsSet

• 0x4df58c select

• 0x4df590 WSASetLastError

• 0x4df594 recv

• 0x4df598 send

• 0x4df59c bind

• 0x4df5a0 closesocket

• 0x4df5a4 accept

• 0x4df5a8 freeaddrinfo

• 0x4df5ac getaddrinfo

• 0x4df5b0 recvfrom

• 0x4df5b4 WSAIoctl

• 0x4df5b8 setsockopt

• 0x4df5bc ntohs

• 0x4df5c0 htons

• 0x4df5c4 getsockopt

• 0x4df5c8 getsockname

• 0x4df5cc connect

• 0x4df5d0 getpeername

Library WLDAP32.dll:

• 0x4df520

• 0x4df524

• 0x4df528

• 0x4df52c

• 0x4df530

• 0x4df534

• 0x4df538

• 0x4df53c

• 0x4df540

• 0x4df544

• 0x4df548

• 0x4df54c

• 0x4df550

• 0x4df554

• 0x4df558

• 0x4df55c

Library GDI32.dll:

• 0x4df04c CreateDIBSection

• 0x4df050 CombineRgn

• 0x4df054 CreatePenIndirect

• 0x4df058 CreateRectRgnIndirect

• 0x4df05c CreateSolidBrush

• 0x4df060 GetCharABCWidthsW

• 0x4df064 GetClipBox

• 0x4df068 GetTextExtentPoint32W

• 0x4df06c LineTo

• 0x4df070 RoundRect

• 0x4df074 SelectClipRgn

• 0x4df078 ExtSelectClipRgn

• 0x4df07c GetObjectW

• 0x4df080 PtInRegion

• 0x4df084 StretchBlt

• 0x4df088 SetStretchBltMode

• 0x4df08c SetTextColor

• 0x4df090 GetObjectA

• 0x4df094 MoveToEx

• 0x4df098 TextOutW

• 0x4df09c GdiFlush

• 0x4df0a0 GetBitmapBits

• 0x4df0a4 SetBitmapBits

• 0x4df0a8 GetTextMetricsW

• 0x4df0ac PlayEnhMetaFile

• 0x4df0b0 GetEnhMetaFileHeader

• 0x4df0b4 CreateRectRgn

• 0x4df0b8 CreateRoundRectRgn

• 0x4df0bc SetBkMode

• 0x4df0c0 SetWindowOrgEx

• 0x4df0c4 CreateEnhMetaFileW

• 0x4df0c8 CloseEnhMetaFile

• 0x4df0cc SelectObject

• 0x4df0d0 SaveDC

• 0x4df0d4 RestoreDC

• 0x4df0d8 GetStockObject

• 0x4df0dc GetDeviceCaps

• 0x4df0e0 DeleteObject

• 0x4df0e4 BitBlt

• 0x4df0e8 DeleteDC

• 0x4df0ec CreatePen

• 0x4df0f0 CreateFontIndirectW

• 0x4df0f4 CreateDIBitmap

• 0x4df0f8 CreateCompatibleDC

• 0x4df0fc CreateCompatibleBitmap

• 0x4df100 SetBkColor

Library OLEAUT32.dll:

• 0x4df350 VariantClear

• 0x4df354 VariantInit

• 0x4df358 SysAllocString

• 0x4df35c SysFreeString

Library IMM32.dll:

• 0x4df108 ImmReleaseContext

• 0x4df10c ImmSetCompositionWindow

• 0x4df110 ImmGetContext

Library COMCTL32.dll:

• 0x4df03c

• 0x4df040 InitCommonControlsEx

• 0x4df044 _TrackMouseEvent

Library gdiplus.dll:

• 0x4df5d8 GdipDisposeImage

• 0x4df5dc GdipGetImageWidth

• 0x4df5e0 GdipGetImageHeight

• 0x4df5e4 GdipImageGetFrameDimensionsCount

• 0x4df5e8 GdipImageGetFrameDimensionsList

• 0x4df5ec GdipImageGetFrameCount

• 0x4df5f0 GdipGetPropertyItemSize

• 0x4df5f4 GdipGetPropertyItem

• 0x4df5f8 GdipDrawImageRectI

• 0x4df5fc GdipImageSelectActiveFrame

• 0x4df600 GdiplusStartup

• 0x4df604 GdiplusShutdown

• 0x4df608 GdipAlloc

• 0x4df60c GdipFree

• 0x4df610 GdipCloneBrush

• 0x4df614 GdipDeleteBrush

• 0x4df618 GdipCreateSolidFill

• 0x4df61c GdipCreatePen1

• 0x4df620 GdipDeletePen

• 0x4df624 GdipSetPenMode

• 0x4df628 GdipCreateFromHDC

• 0x4df62c GdipDeleteGraphics

• 0x4df630 GdipSetSmoothingMode

• 0x4df634 GdipSetTextRenderingHint

• 0x4df638 GdipSetInterpolationMode

• 0x4df63c GdipDrawRectangleI

• 0x4df640 GdipFillRectangleI

• 0x4df644 GdipCreateFontFromDC

• 0x4df648 GdipCreateFontFromLogfontA

• 0x4df64c GdipDeleteFont

• 0x4df650 GdipDrawString

• 0x4df654 GdipMeasureString

• 0x4df658 GdipStringFormatGetGenericTypographic

• 0x4df65c GdipDeleteStringFormat

• 0x4df660 GdipCloneStringFormat

• 0x4df664 GdipSetStringFormatFlags

• 0x4df668 GdipSetStringFormatAlign

• 0x4df66c GdipSetStringFormatLineAlign

• 0x4df670 GdipSetStringFormatTrimming

• 0x4df674 GdipLoadImageFromStream

• 0x4df678 GdipLoadImageFromStreamICM

• 0x4df67c GdipCloneImage

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com

TCP

Source	Source Port	Destination	Destination Port
192.119.178.149	80	192.168.56.101	49179

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50002	114.114.114.114	53
192.168.56.101	53237	114.114.114.114	53
192.168.56.101	57756	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	62318	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	49240	239.255.255.250	1900
192.168.56.101	50003	239.255.255.250	3702
192.168.56.101	50005	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.