SmartHawk

0.8

低危

该样本未表现出任何异常！

重新分析

下载样本

d7c00a64b03ca6c408941524b54f452c1d4cd9ae346274436f11cc9a96cb2caf

5495cc16cac9d627c2fdd2d014f58ac1.exe

分析耗时

14s

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-08-28 00:23:48

Imports

Library MFC42.DLL:

• 0x418090

• 0x418094

• 0x418098

• 0x41809c

• 0x4180a0

• 0x4180a4

• 0x4180a8

• 0x4180ac

• 0x4180b0

• 0x4180b4

• 0x4180b8

• 0x4180bc

• 0x4180c0

• 0x4180c4

• 0x4180c8

• 0x4180cc

• 0x4180d0

• 0x4180d4

• 0x4180d8

• 0x4180dc

• 0x4180e0

• 0x4180e4

• 0x4180e8

• 0x4180ec

• 0x4180f0

• 0x4180f4

• 0x4180f8

• 0x4180fc

• 0x418100

• 0x418104

• 0x418108

• 0x41810c

• 0x418110

• 0x418114

• 0x418118

• 0x41811c

• 0x418120

• 0x418124

• 0x418128

• 0x41812c

• 0x418130

• 0x418134

• 0x418138

• 0x41813c

• 0x418140

• 0x418144

• 0x418148

• 0x41814c

• 0x418150

• 0x418154

• 0x418158

• 0x41815c

• 0x418160

• 0x418164

• 0x418168

• 0x41816c

• 0x418170

• 0x418174

• 0x418178

• 0x41817c

• 0x418180

• 0x418184

• 0x418188

• 0x41818c

• 0x418190

• 0x418194

• 0x418198

• 0x41819c

• 0x4181a0

• 0x4181a4

• 0x4181a8

• 0x4181ac

• 0x4181b0

• 0x4181b4

• 0x4181b8

• 0x4181bc

• 0x4181c0

• 0x4181c4

• 0x4181c8

• 0x4181cc

• 0x4181d0

• 0x4181d4

• 0x4181d8

• 0x4181dc

• 0x4181e0

• 0x4181e4

• 0x4181e8

• 0x4181ec

• 0x4181f0

• 0x4181f4

• 0x4181f8

• 0x4181fc

• 0x418200

• 0x418204

• 0x418208

• 0x41820c

• 0x418210

• 0x418214

• 0x418218

• 0x41821c

• 0x418220

• 0x418224

• 0x418228

• 0x41822c

• 0x418230

• 0x418234

• 0x418238

• 0x41823c

• 0x418240

• 0x418244

• 0x418248

• 0x41824c

• 0x418250

• 0x418254

• 0x418258

• 0x41825c

• 0x418260

• 0x418264

• 0x418268

• 0x41826c

• 0x418270

• 0x418274

• 0x418278

• 0x41827c

• 0x418280

• 0x418284

• 0x418288

• 0x41828c

• 0x418290

• 0x418294

• 0x418298

• 0x41829c

• 0x4182a0

• 0x4182a4

• 0x4182a8

• 0x4182ac

• 0x4182b0

• 0x4182b4

• 0x4182b8

• 0x4182bc

• 0x4182c0

• 0x4182c4

• 0x4182c8

• 0x4182cc

• 0x4182d0

Library MSVCRT.dll:

• 0x4182ec _except_handler3

• 0x4182f0 _setmbcp

• 0x4182f4 __CxxFrameHandler

• 0x4182f8 _EH_prolog

• 0x4182fc memset

• 0x418300 strlen

• 0x418304 _ftol

• 0x418308 _mbsnbcpy

• 0x41830c _wcslwr

• 0x418310 malloc

• 0x418314 _mbsstr

• 0x418318 __dllonexit

• 0x41831c _onexit

• 0x418320 _exit

• 0x418324 _XcptFilter

• 0x418328 exit

• 0x41832c _acmdln

• 0x418330 __getmainargs

• 0x418334 _initterm

• 0x418338 __setusermatherr

• 0x41833c _adjust_fdiv

• 0x418340 __p__commode

• 0x418344 __p__fmode

• 0x418348 __set_app_type

• 0x41834c _controlfp

Library KERNEL32.dll:

• 0x418058 GetStartupInfoA

• 0x41805c GetModuleHandleA

• 0x418060 ExitProcess

• 0x418064 GetLastError

• 0x418068 VirtualAlloc

• 0x41806c FreeLibrary

• 0x418070 LoadLibraryA

• 0x418074 GetWindowsDirectoryA

• 0x418078 lstrcpyA

• 0x41807c WinExec

• 0x418080 lstrlenA

• 0x418084 GetProcAddress

• 0x418088 lstrcatA

Library USER32.dll:

• 0x418360 LoadIconA

• 0x418364 InSendMessage

• 0x418368 CreateWindowExA

• 0x41836c ShowWindow

• 0x418370 KillTimer

• 0x418374 SetWindowLongA

• 0x418378 GetIconInfo

• 0x41837c SetTimer

• 0x418380 PtInRect

• 0x418384 ScreenToClient

• 0x418388 GetMessagePos

• 0x41838c IsWindow

• 0x418390 CopyIcon

• 0x418394 LoadCursorA

• 0x418398 GetDC

• 0x41839c CreateIconIndirect

• 0x4183a0 EnableWindow

• 0x4183a4 FillRect

• 0x4183a8 DrawStateA

• 0x4183ac GetClientRect

• 0x4183b0 CopyRect

• 0x4183b4 FrameRect

• 0x4183b8 InflateRect

• 0x4183bc GetSysColor

• 0x4183c0 OffsetRect

• 0x4183c4 DrawFocusRect

• 0x4183c8 GetWindowRect

• 0x4183cc GetSubMenu

• 0x4183d0 TrackPopupMenuEx

• 0x4183d4 PostMessageA

• 0x4183d8 ClientToScreen

• 0x4183dc WindowFromPoint

• 0x4183e0 GetActiveWindow

• 0x4183e4 InvalidateRect

• 0x4183e8 LoadMenuA

• 0x4183ec ReleaseDC

• 0x4183f0 LoadImageA

• 0x4183f4 SetCursor

• 0x4183f8 GetParent

• 0x4183fc GetNextDlgTabItem

• 0x418400 SendMessageA

• 0x418404 GetWindowLongA

• 0x418408 DestroyIcon

• 0x41840c DestroyCursor

• 0x418410 DestroyMenu

• 0x418414 MessageBeep

Library GDI32.dll:

• 0x418018 GetTextExtentPoint32A

• 0x41801c CreateFontIndirectA

• 0x418020 GetObjectA

• 0x418024 GetPixel

• 0x418028 SetPixel

• 0x41802c CreateBitmap

• 0x418030 DeleteObject

• 0x418034 GetStockObject

• 0x418038 SelectObject

• 0x41803c CreateCompatibleBitmap

• 0x418040 CreateCompatibleDC

• 0x418044 BitBlt

• 0x418048 DeleteDC

• 0x41804c SetTextColor

• 0x418050 SetBkColor

Library ADVAPI32.dll:

• 0x418000 RegQueryValueA

• 0x418004 RegOpenKeyExA

• 0x418008 RegCloseKey

Library SHELL32.dll:

• 0x418354 ShellExecuteExA

• 0x418358 ShellExecuteA

Library COMCTL32.dll:

• 0x418010 _TrackMouseEvent

Library MSVCP60.dll:

• 0x4182d8 ??1Init@ios_base@std@@QAE@XZ

• 0x4182dc ??0_Winit@std@@QAE@XZ

• 0x4182e0 ??1_Winit@std@@QAE@XZ

• 0x4182e4 ??0Init@ios_base@std@@QAE@XZ

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.