2.2
中危
4 个模型检测该样本为恶意!
重新分析
更多

2795d24326ea56e20da99e17975c02ceb5462feb8a901bebc5b242b76f4a5942

519b8fa151aa7038de34d1203379c188.exe

分析耗时

88s

最近分析

文件大小

2.6MB
静态报毒 动态报毒 GRAYWARE SUNNYDIGITS UWAMSON
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20201113 6.0.6.653
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20201113 20.10.5736.0
Tencent 20201113 1.0.0.1
Kingsoft 20201113 2013.8.14.323
CrowdStrike 20190702 1.0
行为判定
动态指标
Foreign language identified in PE resource (12 个事件)
name RT_ICON language LANG_CHINESE offset 0x0011a8d4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0011a8d4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0011a8d4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0011a8d4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0011a8d4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0011a8d4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0011a8d4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0011a8d4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0011a8d4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_GROUP_ICON language LANG_CHINESE offset 0x002a6c9c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000084
name RT_VERSION language LANG_CHINESE offset 0x002a6d20 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000274
name RT_MANIFEST language LANG_CHINESE offset 0x002a6f94 filetype XML 1.0 document, ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000352
File has been identified by 4 AntiVirus engines on VirusTotal as malicious (4 个事件)
Webroot W32.Trojan.Gen
Antiy-AVL GrayWare/Win32.Uwamson
Ikarus Trojan.Win32.Sunnydigits
ESET-NOD32 a variant of Win32/SunnyDigits.B
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.934187385728339 section {'size_of_data': '0x00195400', 'virtual_address': '0x00112000', 'entropy': 7.934187385728339, 'name': '.rsrc', 'virtual_size': '0x00195400'} description A section with a high entropy has been found
entropy 0.6071161048689139 description Overall entropy of this PE file is high
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2018-10-22 12:52:17

Imports

Library oleaut32.dll:
0x4fc97c SysFreeString
0x4fc980 SysReAllocStringLen
0x4fc984 SysAllocStringLen
Library advapi32.dll:
0x4fc98c RegQueryValueExW
0x4fc990 RegOpenKeyExW
0x4fc994 RegCloseKey
Library user32.dll:
0x4fc99c GetKeyboardType
0x4fc9a0 LoadStringW
0x4fc9a4 MessageBoxA
0x4fc9a8 CharNextW
Library kernel32.dll:
0x4fc9b0 GetACP
0x4fc9b4 Sleep
0x4fc9b8 VirtualFree
0x4fc9bc VirtualAlloc
0x4fc9c0 GetSystemInfo
0x4fc9c4 GetTickCount
0x4fc9cc GetVersion
0x4fc9d0 GetCurrentThreadId
0x4fc9d4 VirtualQuery
0x4fc9d8 WideCharToMultiByte
0x4fc9dc MultiByteToWideChar
0x4fc9e0 lstrlenW
0x4fc9e4 lstrcpynW
0x4fc9e8 LoadLibraryExW
0x4fc9ec GetThreadLocale
0x4fc9f0 GetStartupInfoA
0x4fc9f4 GetProcAddress
0x4fc9f8 GetModuleHandleW
0x4fc9fc GetModuleFileNameW
0x4fca00 GetLocaleInfoW
0x4fca04 GetCommandLineW
0x4fca08 FreeLibrary
0x4fca0c FindFirstFileW
0x4fca10 FindClose
0x4fca14 ExitProcess
0x4fca18 ExitThread
0x4fca1c CreateThread
0x4fca20 CompareStringW
0x4fca24 WriteFile
0x4fca2c RtlUnwind
0x4fca30 RaiseException
0x4fca34 GetStdHandle
0x4fca38 CloseHandle
Library kernel32.dll:
0x4fca40 TlsSetValue
0x4fca44 TlsGetValue
0x4fca48 LocalAlloc
0x4fca4c GetModuleHandleW
Library user32.dll:
0x4fca54 CreateWindowExW
0x4fca58 WindowFromPoint
0x4fca5c WaitMessage
0x4fca60 UpdateLayeredWindow
0x4fca64 UpdateWindow
0x4fca68 UnregisterClassW
0x4fca6c UnhookWindowsHookEx
0x4fca70 TranslateMessage
0x4fca78 TrackPopupMenu
0x4fca80 ShowWindow
0x4fca84 ShowScrollBar
0x4fca88 ShowOwnedPopups
0x4fca8c SetWindowRgn
0x4fca90 SetWindowsHookExW
0x4fca94 SetWindowTextW
0x4fca98 SetWindowPos
0x4fca9c SetWindowPlacement
0x4fcaa0 SetWindowLongW
0x4fcaa4 SetTimer
0x4fcaa8 SetScrollRange
0x4fcaac SetScrollPos
0x4fcab0 SetScrollInfo
0x4fcab4 SetRect
0x4fcab8 SetPropW
0x4fcabc SetParent
0x4fcac0 SetMenuItemInfoW
0x4fcac4 SetMenu
0x4fcac8 SetForegroundWindow
0x4fcacc SetFocus
0x4fcad0 SetCursor
0x4fcad4 SetClassLongW
0x4fcad8 SetCapture
0x4fcadc SetActiveWindow
0x4fcae0 SendMessageA
0x4fcae4 SendMessageW
0x4fcae8 ScrollWindow
0x4fcaec ScreenToClient
0x4fcaf0 RemovePropW
0x4fcaf4 RemoveMenu
0x4fcaf8 ReleaseDC
0x4fcafc ReleaseCapture
0x4fcb08 RegisterClassW
0x4fcb0c RedrawWindow
0x4fcb10 PostQuitMessage
0x4fcb14 PostMessageW
0x4fcb18 PeekMessageA
0x4fcb1c PeekMessageW
0x4fcb20 OffsetRect
0x4fcb2c MessageBoxW
0x4fcb30 MapWindowPoints
0x4fcb34 MapVirtualKeyW
0x4fcb38 LoadStringW
0x4fcb3c LoadKeyboardLayoutW
0x4fcb40 LoadIconW
0x4fcb44 LoadCursorW
0x4fcb48 LoadBitmapW
0x4fcb4c KillTimer
0x4fcb50 IsZoomed
0x4fcb54 IsWindowVisible
0x4fcb58 IsWindowUnicode
0x4fcb5c IsWindowEnabled
0x4fcb60 IsWindow
0x4fcb64 IsIconic
0x4fcb68 IsDialogMessageA
0x4fcb6c IsDialogMessageW
0x4fcb70 IsChild
0x4fcb74 InvalidateRect
0x4fcb78 IntersectRect
0x4fcb7c InsertMenuItemW
0x4fcb80 InsertMenuW
0x4fcb84 InflateRect
0x4fcb8c GetWindowTextW
0x4fcb90 GetWindowRect
0x4fcb94 GetWindowPlacement
0x4fcb98 GetWindowLongW
0x4fcb9c GetWindowDC
0x4fcba0 GetTopWindow
0x4fcba4 GetSystemMetrics
0x4fcba8 GetSystemMenu
0x4fcbac GetSysColorBrush
0x4fcbb0 GetSysColor
0x4fcbb4 GetSubMenu
0x4fcbb8 GetScrollRange
0x4fcbbc GetScrollPos
0x4fcbc0 GetScrollInfo
0x4fcbc4 GetPropW
0x4fcbc8 GetParent
0x4fcbcc GetWindow
0x4fcbd0 GetMessageTime
0x4fcbd4 GetMessagePos
0x4fcbd8 GetMenuStringW
0x4fcbdc GetMenuState
0x4fcbe0 GetMenuItemInfoW
0x4fcbe4 GetMenuItemID
0x4fcbe8 GetMenuItemCount
0x4fcbec GetMenu
0x4fcbf0 GetLastActivePopup
0x4fcbf4 GetKeyboardState
0x4fcc00 GetKeyboardLayout
0x4fcc04 GetKeyState
0x4fcc08 GetKeyNameTextW
0x4fcc0c GetIconInfo
0x4fcc10 GetForegroundWindow
0x4fcc14 GetFocus
0x4fcc18 GetDesktopWindow
0x4fcc1c GetDCEx
0x4fcc20 GetDC
0x4fcc24 GetCursorPos
0x4fcc28 GetCursor
0x4fcc2c GetClipboardData
0x4fcc30 GetClientRect
0x4fcc34 GetClassNameW
0x4fcc38 GetClassLongW
0x4fcc3c GetClassInfoW
0x4fcc40 GetCapture
0x4fcc44 GetActiveWindow
0x4fcc48 FrameRect
0x4fcc4c FindWindowExW
0x4fcc50 FindWindowW
0x4fcc54 FillRect
0x4fcc58 EnumWindows
0x4fcc5c EnumThreadWindows
0x4fcc60 EnumChildWindows
0x4fcc64 EndPaint
0x4fcc68 EnableWindow
0x4fcc6c EnableScrollBar
0x4fcc70 EnableMenuItem
0x4fcc74 DrawTextExW
0x4fcc78 DrawTextW
0x4fcc7c DrawMenuBar
0x4fcc80 DrawIconEx
0x4fcc84 DrawIcon
0x4fcc88 DrawFrameControl
0x4fcc8c DrawEdge
0x4fcc90 DispatchMessageA
0x4fcc94 DispatchMessageW
0x4fcc98 DestroyWindow
0x4fcc9c DestroyMenu
0x4fcca0 DestroyIcon
0x4fcca4 DestroyCursor
0x4fcca8 DeleteMenu
0x4fccac DefWindowProcW
0x4fccb0 DefMDIChildProcW
0x4fccb4 DefFrameProcW
0x4fccb8 CreatePopupMenu
0x4fccbc CreateMenu
0x4fccc0 CreateIcon
0x4fccc4 ClientToScreen
0x4fccc8 CheckMenuItem
0x4fcccc CharUpperBuffW
0x4fccd0 CharToOemW
0x4fccd4 CharNextW
0x4fccd8 CharLowerBuffW
0x4fccdc CharLowerW
0x4fcce0 CallWindowProcW
0x4fcce4 CallNextHookEx
0x4fcce8 BeginPaint
0x4fccec AdjustWindowRectEx
Library msimg32.dll:
0x4fccf8 AlphaBlend
Library gdi32.dll:
0x4fcd00 UnrealizeObject
0x4fcd04 StretchDIBits
0x4fcd08 StretchBlt
0x4fcd0c SetWindowOrgEx
0x4fcd10 SetWinMetaFileBits
0x4fcd14 SetViewportOrgEx
0x4fcd18 SetTextColor
0x4fcd1c SetStretchBltMode
0x4fcd20 SetROP2
0x4fcd24 SetPixel
0x4fcd28 SetPaletteEntries
0x4fcd2c SetMapMode
0x4fcd30 SetEnhMetaFileBits
0x4fcd34 SetDIBColorTable
0x4fcd38 SetBrushOrgEx
0x4fcd3c SetBkMode
0x4fcd40 SetBkColor
0x4fcd44 SelectPalette
0x4fcd48 SelectObject
0x4fcd4c SaveDC
0x4fcd50 RestoreDC
0x4fcd54 ResizePalette
0x4fcd58 Rectangle
0x4fcd5c RectVisible
0x4fcd60 RealizePalette
0x4fcd64 Polyline
0x4fcd68 PlayEnhMetaFile
0x4fcd6c PatBlt
0x4fcd70 MoveToEx
0x4fcd74 MaskBlt
0x4fcd78 LineTo
0x4fcd7c LPtoDP
0x4fcd80 IntersectClipRect
0x4fcd84 GetWindowOrgEx
0x4fcd88 GetWinMetaFileBits
0x4fcd8c GetViewportOrgEx
0x4fcd90 GetTextMetricsW
0x4fcd9c GetStockObject
0x4fcda0 GetRgnBox
0x4fcda4 GetPixel
0x4fcda8 GetPaletteEntries
0x4fcdac GetObjectW
0x4fcdc0 GetEnhMetaFileBits
0x4fcdc4 GetDeviceCaps
0x4fcdc8 GetDIBits
0x4fcdcc GetDIBColorTable
0x4fcdd0 GetDCOrgEx
0x4fcdd8 GetClipBox
0x4fcddc GetBrushOrgEx
0x4fcde0 GetBitmapBits
0x4fcde4 GdiFlush
0x4fcde8 FrameRgn
0x4fcdec ExtTextOutW
0x4fcdf0 ExcludeClipRect
0x4fcdf4 DeleteObject
0x4fcdf8 DeleteEnhMetaFile
0x4fcdfc DeleteDC
0x4fce00 CreateSolidBrush
0x4fce04 CreateRoundRectRgn
0x4fce08 CreateRectRgn
0x4fce0c CreatePenIndirect
0x4fce10 CreatePalette
0x4fce18 CreateFontIndirectW
0x4fce1c CreateEnhMetaFileW
0x4fce20 CreateDIBitmap
0x4fce24 CreateDIBSection
0x4fce28 CreateCompatibleDC
0x4fce30 CreateBrushIndirect
0x4fce34 CreateBitmap
0x4fce38 CopyEnhMetaFileW
0x4fce3c CloseEnhMetaFile
0x4fce40 BitBlt
Library version.dll:
0x4fce48 VerQueryValueW
0x4fce50 GetFileVersionInfoW
Library kernel32.dll:
0x4fce58 lstrlenW
0x4fce5c lstrcpyW
0x4fce64 WriteFile
0x4fce68 WideCharToMultiByte
0x4fce6c WaitForSingleObject
0x4fce74 VirtualQueryEx
0x4fce78 VirtualQuery
0x4fce7c VirtualFree
0x4fce80 VirtualAlloc
0x4fce84 UnmapViewOfFile
0x4fce88 SwitchToThread
0x4fce8c Sleep
0x4fce90 SizeofResource
0x4fce94 SignalObjectAndWait
0x4fce98 SetThreadLocale
0x4fce9c SetLastError
0x4fcea0 SetFilePointer
0x4fcea4 SetEvent
0x4fcea8 SetErrorMode
0x4fceac SetEndOfFile
0x4fceb0 ResumeThread
0x4fceb4 ResetEvent
0x4fceb8 ReadFile
0x4fcebc RaiseException
0x4fcec8 OutputDebugStringW
0x4fcecc OpenFileMappingW
0x4fced0 MultiByteToWideChar
0x4fced4 MulDiv
0x4fced8 MapViewOfFile
0x4fcedc LockResource
0x4fcee0 LoadResource
0x4fcee4 LoadLibraryW
0x4fcef0 GlobalUnlock
0x4fcef4 GlobalSize
0x4fcef8 GlobalLock
0x4fcefc GlobalFree
0x4fcf00 GlobalFindAtomW
0x4fcf04 GlobalDeleteAtom
0x4fcf08 GlobalAlloc
0x4fcf0c GlobalAddAtomW
0x4fcf10 GetVersionExW
0x4fcf14 GetVersion
0x4fcf18 GetUserDefaultLCID
0x4fcf1c GetTickCount
0x4fcf20 GetThreadLocale
0x4fcf24 GetTempPathW
0x4fcf28 GetStdHandle
0x4fcf2c GetProcAddress
0x4fcf34 GetModuleHandleW
0x4fcf38 GetModuleFileNameW
0x4fcf3c GetLocaleInfoW
0x4fcf40 GetLocalTime
0x4fcf44 GetLastError
0x4fcf48 GetFullPathNameW
0x4fcf4c GetFileSize
0x4fcf50 GetFileAttributesW
0x4fcf54 GetExitCodeThread
0x4fcf58 GetDiskFreeSpaceW
0x4fcf5c GetDateFormatW
0x4fcf60 GetCurrentThreadId
0x4fcf64 GetCurrentThread
0x4fcf68 GetCurrentProcessId
0x4fcf6c GetCurrentProcess
0x4fcf70 GetComputerNameW
0x4fcf74 GetCPInfo
0x4fcf78 FreeResource
0x4fcf84 InterlockedExchange
0x4fcf90 FreeLibrary
0x4fcf94 FormatMessageW
0x4fcf98 FindResourceW
0x4fcf9c FindFirstFileW
0x4fcfa0 FindClose
0x4fcfa4 EnumCalendarInfoA
0x4fcfb0 CreateThread
0x4fcfb4 CreateProcessW
0x4fcfb8 CreateFileMappingW
0x4fcfbc CreateFileW
0x4fcfc0 CreateEventW
0x4fcfc4 CompareStringW
0x4fcfc8 CloseHandle
Library advapi32.dll:
0x4fcfd0 RegSetValueExW
0x4fcfd4 RegQueryValueExW
0x4fcfd8 RegQueryInfoKeyW
0x4fcfdc RegOpenKeyExW
0x4fcfe0 RegFlushKey
0x4fcfe4 RegEnumValueW
0x4fcfe8 RegEnumKeyExW
0x4fcfec RegDeleteValueW
0x4fcff0 RegDeleteKeyW
0x4fcff4 RegCreateKeyExW
0x4fcff8 RegCloseKey
Library oleaut32.dll:
0x4fd000 GetErrorInfo
0x4fd004 GetActiveObject
0x4fd008 SysFreeString
Library ole32.dll:
0x4fd014 IsAccelerator
0x4fd018 OleDraw
0x4fd020 OleUninitialize
0x4fd024 OleInitialize
0x4fd028 CoTaskMemFree
0x4fd02c ProgIDFromCLSID
0x4fd030 StringFromCLSID
0x4fd034 CoCreateInstance
0x4fd038 CoGetClassObject
0x4fd03c CoUninitialize
0x4fd040 CoInitialize
0x4fd044 IsEqualGUID
Library kernel32.dll:
0x4fd04c Sleep
Library oleaut32.dll:
0x4fd054 SafeArrayPtrOfIndex
0x4fd058 SafeArrayGetUBound
0x4fd05c SafeArrayGetLBound
0x4fd060 SafeArrayCreate
0x4fd064 VariantChangeType
0x4fd068 VariantCopy
0x4fd06c VariantClear
0x4fd070 VariantInit
Library comctl32.dll:
0x4fd078 InitializeFlatSB
0x4fd080 FlatSB_SetScrollPos
0x4fd088 FlatSB_GetScrollPos
0x4fd090 _TrackMouseEvent
0x4fd09c ImageList_Write
0x4fd0a0 ImageList_Read
0x4fd0ac ImageList_DragMove
0x4fd0b0 ImageList_DragLeave
0x4fd0b4 ImageList_DragEnter
0x4fd0b8 ImageList_EndDrag
0x4fd0bc ImageList_BeginDrag
0x4fd0c0 ImageList_GetIcon
0x4fd0c4 ImageList_Remove
0x4fd0c8 ImageList_DrawEx
0x4fd0cc ImageList_Draw
0x4fd0d8 ImageList_Add
0x4fd0e4 ImageList_Destroy
0x4fd0e8 ImageList_Create
Library wininet.dll:
0x4fd0f0 InternetSetOptionW
0x4fd0f4 InternetOpenW
0x4fd0f8 InternetCloseHandle
Library shell32.dll:
0x4fd100 Shell_NotifyIconW
0x4fd104 ShellExecuteW
Library basefunc.dll:
0x4fd10c
0x4fd110
0x4fd114
0x4fd118
0x4fd11c
0x4fd120
0x4fd124
0x4fd128
Library commonbase.dll:
0x4fd130
0x4fd134
0x4fd138
0x4fd13c
0x4fd140
0x4fd144
0x4fd148
0x4fd14c

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50003 239.255.255.250 3702
192.168.56.101 50005 239.255.255.250 3702
192.168.56.101 51966 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.