2.6
中危
1 个模型检测该样本为恶意!
重新分析
更多

fd173c08926470d23f1a91d5bc0c1a2efe978f076f1484535415c440be4d4a2f

523e68d88ac6d6a9457d4247f5f2d22c.exe

分析耗时

87s

最近分析

文件大小

7.6MB
静态报毒 动态报毒 SURVEYER
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20190427 6.0.6.653
Alibaba 20190426 0.4.0.6
Baidu 20190318 1.0.0.2
Avast 20190427 18.4.3895.0
Tencent 20190427 1.0.0.1
Kingsoft 20190427 2013.8.14.323
CrowdStrike 20190212 1.0
静态指标
Checks if process is being debugged by a debugger (2 个事件)
Time & API Arguments Status Return Repeated
1620975383.351874
IsDebuggerPresent
failed 0 0
1620975383.351874
IsDebuggerPresent
failed 0 0
This executable has a PDB path (1 个事件)
pdb_path F:\111 PPA INSTALL\Francja Insalll\Far Cry New Dawn\InterInstall\InterInstall\obj\x86\Release\Far Cry New Dawn InstallShiel.pdb
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620975383.398874
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .sdata
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (49 个事件)
Time & API Arguments Status Return Repeated
1620975382.539874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 2097152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x012d0000
success 0 0
1620975382.539874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01490000
success 0 0
1620975383.023874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 851968
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00c80000
success 0 0
1620975383.023874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00d10000
success 0 0
1620975383.148874
NtProtectVirtualMemory
process_identifier: 2296
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73e71000
success 0 0
1620975383.336874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 851968
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00e80000
success 0 0
1620975383.336874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00f10000
success 0 0
1620975383.351874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00a9a000
success 0 0
1620975383.367874
NtProtectVirtualMemory
process_identifier: 2296
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73e72000
success 0 0
1620975383.367874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00a92000
success 0 0
1620975383.836874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00aa2000
success 0 0
1620975384.117874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00ac5000
success 0 0
1620975384.117874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00acb000
success 0 0
1620975384.117874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00ac7000
success 0 0
1620975384.398874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00aa3000
success 0 0
1620975384.633874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00aa4000
success 0 0
1620975384.695874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00aa5000
success 0 0
1620975384.711874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00aac000
success 0 0
1620975385.164874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00aa6000
success 0 0
1620975385.180874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00aa8000
success 0 0
1620975385.273874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00cb0000
success 0 0
1620975385.492874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00aba000
success 0 0
1620975385.492874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00ab7000
success 0 0
1620975385.601874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00aa9000
success 0 0
1620975385.617874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00df0000
success 0 0
1620975385.726874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00ab6000
success 0 0
1620975385.789874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00df1000
success 0 0
1620975385.820874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00cb1000
success 0 0
1620975385.836874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00df2000
success 0 0
1620975385.851874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
base_address: 0x7ef40000
success 0 0
1620975385.867874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x7ef40000
success 0 0
1620975385.867874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x7ef40000
success 0 0
1620975385.867874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x7ef48000
success 0 0
1620975385.867874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
base_address: 0x7ef30000
success 0 0
1620975385.867874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x7ef30000
success 0 0
1620975385.930874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00cb2000
success 0 0
1620975386.180874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00d11000
success 0 0
1620975386.430874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00aaa000
success 0 0
1620975386.898874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00cb3000
success 0 0
1620975387.101874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00df3000
success 0 0
1620975388.883874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00cb4000
success 0 0
1620975388.914874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00d12000
success 0 0
1620975388.914874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 69632
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00d16000
success 0 0
1620975388.930874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00df4000
success 0 0
1620975398.055874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00cb5000
success 0 0
1620975444.211874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00df5000
success 0 0
1620975444.211874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00cb7000
success 0 0
1620975444.211874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00aad000
success 0 0
1620975444.211874
NtAllocateVirtualMemory
process_identifier: 2296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00cb8000
success 0 0
File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)
DrWeb Trojan.Surveyer.205
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.853131507311622 section {'size_of_data': '0x00751200', 'virtual_address': '0x00002000', 'entropy': 7.853131507311622, 'name': '.text', 'virtual_size': '0x007510f4'} description A section with a high entropy has been found
entropy 0.9655905664024744 description Overall entropy of this PE file is high
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-02-16 23:59:49

Imports

Library mscoree.dll:
0x402000 _CorExeMain

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49238 239.255.255.250 1900
192.168.56.101 53658 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.