3.2
中危
该样本未表现出任何异常!
重新分析
更多

17f05ec09027e70bfdc7007507955bf0fb8ee0dcc52b02e4902fbb700d70b896

57153ffda8a898e9c2e095cf05a72190.exe

分析耗时

90s

最近分析

文件大小

856.5KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620798096.5325
NtAllocateVirtualMemory
process_identifier: 2256
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e0000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.53713811915827 section {'size_of_data': '0x0003a000', 'virtual_address': '0x000a2000', 'entropy': 7.53713811915827, 'name': '.rsrc', 'virtual_size': '0x00039f88'} description A section with a high entropy has been found
entropy 0.27134502923976606 description Overall entropy of this PE file is high
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x494178 VirtualFree
0x49417c VirtualAlloc
0x494180 LocalFree
0x494184 LocalAlloc
0x494188 GetVersion
0x49418c GetCurrentThreadId
0x494198 VirtualQuery
0x49419c WideCharToMultiByte
0x4941a4 MultiByteToWideChar
0x4941a8 lstrlenA
0x4941ac lstrcpynA
0x4941b0 LoadLibraryExA
0x4941b4 GetThreadLocale
0x4941b8 GetStartupInfoA
0x4941bc GetProcAddress
0x4941c0 GetModuleHandleA
0x4941c4 GetModuleFileNameA
0x4941c8 GetLocaleInfoA
0x4941cc GetLastError
0x4941d4 GetCommandLineA
0x4941d8 FreeLibrary
0x4941dc FindFirstFileA
0x4941e0 FindClose
0x4941e4 ExitProcess
0x4941e8 WriteFile
0x4941f0 RtlUnwind
0x4941f4 RaiseException
0x4941f8 GetStdHandle
Library user32.dll:
0x494200 GetKeyboardType
0x494204 LoadStringA
0x494208 MessageBoxA
0x49420c CharNextA
Library advapi32.dll:
0x494214 RegQueryValueExA
0x494218 RegOpenKeyExA
0x49421c RegCloseKey
Library oleaut32.dll:
0x494224 SysFreeString
0x494228 SysReAllocStringLen
0x49422c SysAllocStringLen
Library kernel32.dll:
0x494234 TlsSetValue
0x494238 TlsGetValue
0x49423c LocalAlloc
0x494240 GetModuleHandleA
Library advapi32.dll:
0x494248 RegQueryValueExA
0x49424c RegOpenKeyExA
0x494250 RegCloseKey
Library kernel32.dll:
0x494258 lstrcpyA
0x49425c WriteFile
0x494260 WinExec
0x494264 WaitForSingleObject
0x494268 VirtualQuery
0x49426c VirtualProtect
0x494270 VirtualAlloc
0x494274 Sleep
0x494278 SizeofResource
0x49427c SetThreadLocale
0x494280 SetFilePointer
0x494284 SetEvent
0x494288 SetErrorMode
0x49428c SetEndOfFile
0x494290 ResetEvent
0x494294 ReadFile
0x494298 MulDiv
0x49429c LockResource
0x4942a0 LoadResource
0x4942a4 LoadLibraryA
0x4942b0 GlobalUnlock
0x4942b4 GlobalReAlloc
0x4942b8 GlobalHandle
0x4942bc GlobalLock
0x4942c0 GlobalFree
0x4942c4 GlobalFindAtomA
0x4942c8 GlobalDeleteAtom
0x4942cc GlobalAlloc
0x4942d0 GlobalAddAtomA
0x4942d4 GetVersionExA
0x4942d8 GetVersion
0x4942dc GetTickCount
0x4942e0 GetThreadLocale
0x4942e4 GetSystemTime
0x4942e8 GetSystemInfo
0x4942ec GetStringTypeExA
0x4942f0 GetStdHandle
0x4942f4 GetProcAddress
0x4942f8 GetModuleHandleA
0x4942fc GetModuleFileNameA
0x494300 GetLocaleInfoA
0x494304 GetLocalTime
0x494308 GetLastError
0x49430c GetFullPathNameA
0x494310 GetFileAttributesA
0x494314 GetDiskFreeSpaceA
0x494318 GetDateFormatA
0x49431c GetCurrentThreadId
0x494320 GetCurrentProcessId
0x494324 GetCPInfo
0x494328 GetACP
0x49432c FreeResource
0x494330 InterlockedExchange
0x494334 FreeLibrary
0x494338 FormatMessageA
0x49433c FindResourceA
0x494340 FindNextFileA
0x494344 FindFirstFileA
0x494348 FindClose
0x494354 EnumCalendarInfoA
0x494360 CreateThread
0x494364 CreateFileA
0x494368 CreateEventA
0x49436c CompareStringA
0x494370 CloseHandle
Library version.dll:
0x494378 VerQueryValueA
0x494380 GetFileVersionInfoA
Library gdi32.dll:
0x494388 UnrealizeObject
0x49438c StretchBlt
0x494390 SetWindowOrgEx
0x494394 SetWindowExtEx
0x494398 SetWinMetaFileBits
0x49439c SetViewportOrgEx
0x4943a0 SetViewportExtEx
0x4943a4 SetTextColor
0x4943a8 SetStretchBltMode
0x4943ac SetROP2
0x4943b0 SetPixel
0x4943b4 SetMapMode
0x4943b8 SetEnhMetaFileBits
0x4943bc SetDIBColorTable
0x4943c0 SetBrushOrgEx
0x4943c4 SetBkMode
0x4943c8 SetBkColor
0x4943cc SelectPalette
0x4943d0 SelectObject
0x4943d4 SaveDC
0x4943d8 RestoreDC
0x4943dc Rectangle
0x4943e0 RectVisible
0x4943e4 RealizePalette
0x4943e8 Polyline
0x4943ec PolyPolyline
0x4943f0 PlayEnhMetaFile
0x4943f4 PatBlt
0x4943f8 MoveToEx
0x4943fc MaskBlt
0x494400 LineTo
0x494404 IntersectClipRect
0x494408 GetWindowOrgEx
0x49440c GetWinMetaFileBits
0x494410 GetTextMetricsA
0x49441c GetStockObject
0x494420 GetPixel
0x494424 GetPaletteEntries
0x494428 GetObjectA
0x494434 GetEnhMetaFileBits
0x494438 GetDeviceCaps
0x49443c GetDIBits
0x494440 GetDIBColorTable
0x494444 GetDCOrgEx
0x49444c GetClipBox
0x494450 GetBrushOrgEx
0x494454 GetBitmapBits
0x494458 ExtTextOutA
0x49445c ExtCreatePen
0x494460 ExcludeClipRect
0x494464 DeleteObject
0x494468 DeleteEnhMetaFile
0x49446c DeleteDC
0x494470 CreateSolidBrush
0x494474 CreatePenIndirect
0x494478 CreatePalette
0x494480 CreateFontIndirectA
0x494484 CreateDIBitmap
0x494488 CreateDIBSection
0x49448c CreateCompatibleDC
0x494494 CreateBrushIndirect
0x494498 CreateBitmap
0x49449c CopyEnhMetaFileA
0x4944a0 BitBlt
Library user32.dll:
0x4944a8 CreateWindowExA
0x4944ac WindowFromPoint
0x4944b0 WinHelpA
0x4944b4 WaitMessage
0x4944b8 ValidateRect
0x4944bc UpdateWindow
0x4944c0 UnregisterClassA
0x4944c4 UnionRect
0x4944c8 UnhookWindowsHookEx
0x4944cc TranslateMessage
0x4944d4 TrackPopupMenu
0x4944dc ShowWindow
0x4944e0 ShowScrollBar
0x4944e4 ShowOwnedPopups
0x4944e8 ShowCursor
0x4944ec SetWindowsHookExA
0x4944f0 SetWindowTextA
0x4944f4 SetWindowPos
0x4944f8 SetWindowPlacement
0x4944fc SetWindowLongA
0x494500 SetTimer
0x494504 SetScrollRange
0x494508 SetScrollPos
0x49450c SetScrollInfo
0x494510 SetRect
0x494514 SetPropA
0x494518 SetParent
0x49451c SetMenuItemInfoA
0x494520 SetMenu
0x494524 SetKeyboardState
0x494528 SetForegroundWindow
0x49452c SetFocus
0x494530 SetCursor
0x494534 SetClipboardData
0x494538 SetClassLongA
0x49453c SetCapture
0x494540 SetActiveWindow
0x494544 SendMessageA
0x494548 ScrollWindowEx
0x49454c ScrollWindow
0x494550 ScreenToClient
0x494554 RemovePropA
0x494558 RemoveMenu
0x49455c ReleaseDC
0x494560 ReleaseCapture
0x49456c RegisterClassA
0x494570 RedrawWindow
0x494574 PtInRect
0x494578 PostQuitMessage
0x49457c PostMessageA
0x494580 PeekMessageA
0x494584 OpenClipboard
0x494588 OffsetRect
0x49458c OemToCharA
0x494590 MessageBoxA
0x494594 MessageBeep
0x494598 MapWindowPoints
0x49459c MapVirtualKeyA
0x4945a0 LoadStringA
0x4945a4 LoadKeyboardLayoutA
0x4945a8 LoadIconA
0x4945ac LoadCursorA
0x4945b0 LoadBitmapA
0x4945b4 KillTimer
0x4945b8 IsZoomed
0x4945bc IsWindowVisible
0x4945c0 IsWindowEnabled
0x4945c4 IsWindow
0x4945c8 IsRectEmpty
0x4945cc IsIconic
0x4945d0 IsDialogMessageA
0x4945d4 IsChild
0x4945d8 IsCharAlphaNumericA
0x4945dc IsCharAlphaA
0x4945e0 InvalidateRect
0x4945e4 IntersectRect
0x4945e8 InsertMenuItemA
0x4945ec InsertMenuA
0x4945f0 InflateRect
0x4945f8 GetWindowTextA
0x4945fc GetWindowRect
0x494600 GetWindowPlacement
0x494604 GetWindowLongA
0x494608 GetWindowDC
0x49460c GetTopWindow
0x494610 GetSystemMetrics
0x494614 GetSystemMenu
0x494618 GetSysColorBrush
0x49461c GetSysColor
0x494620 GetSubMenu
0x494624 GetScrollRange
0x494628 GetScrollPos
0x49462c GetScrollInfo
0x494630 GetPropA
0x494634 GetParent
0x494638 GetWindow
0x49463c GetMessageTime
0x494640 GetMenuStringA
0x494644 GetMenuState
0x494648 GetMenuItemInfoA
0x49464c GetMenuItemID
0x494650 GetMenuItemCount
0x494654 GetMenu
0x494658 GetLastActivePopup
0x49465c GetKeyboardState
0x494664 GetKeyboardLayout
0x494668 GetKeyState
0x49466c GetKeyNameTextA
0x494670 GetInputState
0x494674 GetIconInfo
0x494678 GetForegroundWindow
0x49467c GetFocus
0x494680 GetDoubleClickTime
0x494684 GetDlgItem
0x494688 GetDesktopWindow
0x49468c GetDCEx
0x494690 GetDC
0x494694 GetCursorPos
0x494698 GetCursor
0x49469c GetClipboardData
0x4946a0 GetClientRect
0x4946a4 GetClassNameA
0x4946a8 GetClassInfoA
0x4946ac GetCaretPos
0x4946b0 GetCapture
0x4946b4 GetActiveWindow
0x4946b8 FrameRect
0x4946bc FindWindowA
0x4946c0 FillRect
0x4946c4 EqualRect
0x4946c8 EnumWindows
0x4946cc EnumThreadWindows
0x4946d4 EndPaint
0x4946d8 EnableWindow
0x4946dc EnableScrollBar
0x4946e0 EnableMenuItem
0x4946e4 EmptyClipboard
0x4946e8 DrawTextA
0x4946ec DrawMenuBar
0x4946f0 DrawIconEx
0x4946f4 DrawIcon
0x4946f8 DrawFrameControl
0x4946fc DrawFocusRect
0x494700 DrawEdge
0x494704 DispatchMessageA
0x494708 DestroyWindow
0x49470c DestroyMenu
0x494710 DestroyIcon
0x494714 DestroyCursor
0x494718 DeleteMenu
0x49471c DefWindowProcA
0x494720 DefMDIChildProcA
0x494724 DefFrameProcA
0x494728 CreatePopupMenu
0x49472c CreateMenu
0x494730 CreateIcon
0x494734 CloseClipboard
0x494738 ClientToScreen
0x49473c CheckMenuItem
0x494740 CallWindowProcA
0x494744 CallNextHookEx
0x494748 BeginPaint
0x49474c CharNextA
0x494750 CharLowerBuffA
0x494754 CharLowerA
0x494758 CharUpperBuffA
0x49475c CharToOemA
0x494760 AdjustWindowRectEx
Library kernel32.dll:
0x49476c Sleep
Library oleaut32.dll:
0x494774 SafeArrayPtrOfIndex
0x494778 SafeArrayGetUBound
0x49477c SafeArrayGetLBound
0x494780 SafeArrayCreate
0x494784 VariantChangeType
0x494788 VariantCopy
0x49478c VariantClear
0x494790 VariantInit
Library comctl32.dll:
0x4947a0 ImageList_Write
0x4947a4 ImageList_Read
0x4947b4 ImageList_DragMove
0x4947b8 ImageList_DragLeave
0x4947bc ImageList_DragEnter
0x4947c0 ImageList_EndDrag
0x4947c4 ImageList_BeginDrag
0x4947c8 ImageList_Remove
0x4947cc ImageList_DrawEx
0x4947d0 ImageList_Replace
0x4947d4 ImageList_Draw
0x4947e4 ImageList_Add
0x4947ec ImageList_Destroy
0x4947f0 ImageList_Create
0x4947f4 InitCommonControls
Library comdlg32.dll:
0x4947fc GetOpenFileNameA
Library user32.dll:
0x494804 DdeCmpStringHandles
0x494808 DdeFreeStringHandle
0x49480c DdeQueryStringA
0x494814 DdeGetLastError
0x494818 DdeFreeDataHandle
0x49481c DdeUnaccessData
0x494820 DdeAccessData
0x494824 DdeCreateDataHandle
0x49482c DdeNameService
0x494830 DdePostAdvise
0x494834 DdeSetUserHandle
0x494838 DdeQueryConvInfo
0x49483c DdeDisconnect
0x494840 DdeConnect
0x494844 DdeUninitialize
0x494848 DdeInitializeA
Library kernel32.dll:
0x494850 MulDiv
Library kernel32.dll:

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51379 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.