3.8
中危
该样本未表现出任何异常!
重新分析
更多

a1b481a4431ce4325a7b47148665c5f7c7b33cd277415e001768790ef2487bd3

56b1a61ea666c835d249e92bcd11ebd7.exe

分析耗时

100s

最近分析

文件大小

48.5KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
This executable has a PDB path (1 个事件)
pdb_path C:\Users\cc\source\repos\Bad_Code_6\Debug\Bad_Code_6.pdb
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section .textbss
section .msvcjmc
section .00cfg
The executable uses a known packer (1 个事件)
packer Microsoft Visual C++ V8.0 (Debug)
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:1203976652&cup2hreq=137fcc56ddebcdcb1c1273eae951dbb91c34e53689a39a8ae2ec268ca85dd6da
Performs some HTTP requests (5 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620773305&mv=m&mvi=1&pl=23&shardbypass=yes
request HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=10dc386d2ff5d879&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620773305&mv=m&mvi=3
request GET http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=10dc386d2ff5d879&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620773305&mv=m&mvi=3
request POST https://update.googleapis.com/service/update2?cup2key=10:1203976652&cup2hreq=137fcc56ddebcdcb1c1273eae951dbb91c34e53689a39a8ae2ec268ca85dd6da
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:1203976652&cup2hreq=137fcc56ddebcdcb1c1273eae951dbb91c34e53689a39a8ae2ec268ca85dd6da
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-09-02 10:16:41

Imports

Library KERNEL32.dll:
0x41d000 OutputDebugStringA
0x41d004 GetLastError
0x41d008 HeapAlloc
0x41d00c HeapFree
0x41d010 GetProcessHeap
0x41d014 VirtualAlloc
0x41d018 VirtualProtect
0x41d01c VirtualFree
0x41d020 FreeLibrary
0x41d024 GetProcAddress
0x41d028 LoadLibraryA
0x41d02c LocalAlloc
0x41d030 LocalFree
0x41d034 FormatMessageA
0x41d038 IsBadReadPtr
0x41d03c CreateFileW
0x41d040 GetFileSize
0x41d044 WaitForSingleObject
0x41d048 CreateThread
0x41d04c GetModuleHandleW
0x41d050 GetStartupInfoW
0x41d054 InitializeSListHead
0x41d05c GetCurrentProcessId
0x41d068 TerminateProcess
0x41d06c GetCurrentProcess
0x41d078 WideCharToMultiByte
0x41d07c MultiByteToWideChar
0x41d080 RaiseException
0x41d084 IsDebuggerPresent
0x41d088 GetCurrentThreadId
0x41d08c VirtualQuery
Library WS2_32.dll:
0x41d134 inet_addr
0x41d138 htons
0x41d13c connect
0x41d140 recv
0x41d144 socket
0x41d148 WSAStartup
0x41d14c closesocket
Library VCRUNTIME140D.dll:
0x41d0d8 _CxxThrowException
0x41d0f4 memset
0x41d0f8 memcpy
Library ucrtbased.dll:
0x41d180 _exit
0x41d184 _set_fmode
0x41d188 __p___argc
0x41d18c __p___argv
0x41d190 _cexit
0x41d194 _c_exit
0x41d19c _configthreadlocale
0x41d1a0 _set_new_mode
0x41d1a4 __p__commode
0x41d1a8 strcpy_s
0x41d1ac strcat_s
0x41d1b0 _initterm_e
0x41d1b4 _callnewh
0x41d1b8 malloc
0x41d1bc _free_dbg
0x41d1c0 _seh_filter_dll
0x41d1d0 _crt_atexit
0x41d1d4 _crt_at_quick_exit
0x41d1d8 _controlfp_s
0x41d1dc terminate
0x41d1e0 _wmakepath_s
0x41d1e4 _wsplitpath_s
0x41d1e8 wcscpy_s
0x41d1ec _stricmp
0x41d1f0 _initterm
0x41d1fc __setusermatherr
0x41d200 _set_app_type
0x41d204 _seh_filter_exe
0x41d208 _CrtDbgReportW
0x41d20c _CrtDbgReport
0x41d210 exit
0x41d218 __acrt_iob_func
0x41d220 realloc
0x41d224 free
0x41d228 strlen

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49177 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49178 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49176 203.208.41.65 redirector.gvt1.com 80
192.168.56.101 49175 203.208.41.66 update.googleapis.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 54260 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 58970 114.114.114.114 53
192.168.56.101 60088 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 54178 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=10dc386d2ff5d879&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620773305&mv=m&mvi=3 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=10dc386d2ff5d879&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620773305&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620773305&mv=m&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620773305&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=10dc386d2ff5d879&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620773305&mv=m&mvi=3 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=10dc386d2ff5d879&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620773305&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=6923-18978
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=10dc386d2ff5d879&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620773305&mv=m&mvi=3 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=10dc386d2ff5d879&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620773305&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=0-6922
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.