SmartHawk

6.6

高危

该样本未表现出任何异常！

重新分析

下载样本

b9c037384eaa82706baf7c3cd5e1550fe9ad24083edeb00e55d9da8198ea6ee3

57afe7c6eae81f93e3e6a085b6bd7961.exe

分析耗时

22s

最近分析

文件大小

4.5MB

静态报毒动态报毒

未检测暂无鹰眼引擎检测结果

未检测暂无反病毒引擎检测结果

Checks if process is being debugged by a debugger (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1619426985.472915 IsDebuggerPresent		failed	0	0
1619426987.472915 IsDebuggerPresent		failed	0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (5 个事件)

section	\x00
section	.idata
section
section	bpmvbcxz
section	bjxrssjq

One or more processes crashed (50 out of 127 个事件)

Time & API	Arguments	Status
1619426984.909915 __exception__	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5 registers.esp: 4324780 registers.edi: 0 registers.eax: 1 registers.ebp: 4324796 registers.edx: 17289216 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 exception.instruction_r: fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x5870b9 exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 5796025 exception.address: 0xec70b9	success
1619426984.909915 __exception__	stacktrace: registers.esp: 4324744 registers.edi: 12734005 registers.eax: 28845 registers.ebp: 3914608660 registers.edx: 9699328 registers.ebx: 3 registers.esi: 3 registers.ecx: 1983315968 exception.instruction_r: fb e9 8c 04 00 00 68 91 64 9b 2c e9 4d 03 00 00 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x2e520e exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 3035662 exception.address: 0xc2520e	success
1619426984.909915 __exception__	stacktrace: registers.esp: 4324748 registers.edi: 12737458 registers.eax: 28845 registers.ebp: 3914608660 registers.edx: 0 registers.ebx: 3 registers.esi: 3 registers.ecx: 606898514 exception.instruction_r: fb 52 89 3c 24 e9 b7 02 00 00 50 68 1a e7 be 7f exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x2e509a exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 3035290 exception.address: 0xc2509a	success
1619426984.909915 __exception__	stacktrace: registers.esp: 4324748 registers.edi: 12737458 registers.eax: 29465 registers.ebp: 3914608660 registers.edx: 607740083 registers.ebx: 12767310 registers.esi: 3 registers.ecx: 606898514 exception.instruction_r: fb 50 57 e9 93 fe ff ff 55 bd ec dc ff 7f 81 c5 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x2e64eb exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 3040491 exception.address: 0xc264eb	success
1619426984.909915 __exception__	stacktrace: registers.esp: 4324748 registers.edi: 12737458 registers.eax: 29465 registers.ebp: 3914608660 registers.edx: 607740083 registers.ebx: 12767310 registers.esi: 4294940720 registers.ecx: 241897 exception.instruction_r: fb bb e2 fa 69 5f 81 e3 55 84 7a 79 56 e9 83 ff exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x2e5dbf exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 3038655 exception.address: 0xc25dbf	success
1619426984.909915 __exception__	stacktrace: registers.esp: 4324748 registers.edi: 4294944712 registers.eax: 25935 registers.ebp: 3914608660 registers.edx: 172009 registers.ebx: 58459004 registers.esi: 14280309 registers.ecx: 892 exception.instruction_r: fb e9 58 f6 ff ff 42 87 ca f7 d9 31 ca 31 d1 31 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x458d4e exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4558158 exception.address: 0xd98d4e	success
1619426984.925915 __exception__	stacktrace: registers.esp: 4324744 registers.edi: 4294944712 registers.eax: 14263244 registers.ebp: 3914608660 registers.edx: 172009 registers.ebx: 1251011116 registers.esi: 14280309 registers.ecx: 901076109 exception.instruction_r: fb e9 23 02 00 00 52 ba 70 18 f5 7f 81 ea 51 10 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x45a87f exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4565119 exception.address: 0xd9a87f	success
1619426984.925915 __exception__	stacktrace: registers.esp: 4324748 registers.edi: 4294944712 registers.eax: 14295746 registers.ebp: 3914608660 registers.edx: 1549541099 registers.ebx: 1251011116 registers.esi: 4294937860 registers.ecx: 901076109 exception.instruction_r: fb e9 33 01 00 00 01 f3 5e 83 eb 04 e9 b3 02 00 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x45a6fe exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4564734 exception.address: 0xd9a6fe	success
1619426984.925915 __exception__	stacktrace: registers.esp: 4324748 registers.edi: 4294938024 registers.eax: 14317756 registers.ebp: 3914608660 registers.edx: 2228600 registers.ebx: 1259 registers.esi: 56525 registers.ecx: 14288 exception.instruction_r: fb 50 54 58 57 e9 dd 03 00 00 59 01 c3 8b 04 24 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x460235 exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4588085 exception.address: 0xda0235	success
1619426984.925915 __exception__	stacktrace: registers.esp: 4324740 registers.edi: 4294938024 registers.eax: 1447909480 registers.ebp: 3914608660 registers.edx: 22104 registers.ebx: 1983254709 registers.esi: 14300900 registers.ecx: 20 exception.instruction_r: ed 64 8f 05 00 00 00 00 68 bf 49 1a 46 e9 5e 07 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x4682a8 exception.instruction: in eax, dx exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4620968 exception.address: 0xda82a8	success
1619426984.925915 __exception__	stacktrace: registers.esp: 4324740 registers.edi: 4294938024 registers.eax: 1 registers.ebp: 3914608660 registers.edx: 22104 registers.ebx: 0 registers.esi: 14300900 registers.ecx: 20 exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x464a32 exception.address: 0xda4a32 exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc000001d exception.offset: 4606514	success
1619426984.925915 __exception__	stacktrace: registers.esp: 4324740 registers.edi: 4294938024 registers.eax: 1447909480 registers.ebp: 3914608660 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 14300900 registers.ecx: 10 exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 37 39 6e 17 01 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x463c45 exception.instruction: in eax, dx exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4602949 exception.address: 0xda3c45	success
1619426985.144915 __exception__	stacktrace: registers.esp: 4324708 registers.edi: 0 registers.eax: 4324708 registers.ebp: 3914608660 registers.edx: 4294938024 registers.ebx: 14336316 registers.esi: 767504074 registers.ecx: 3287125449 exception.instruction_r: cd 01 eb 00 6a 00 50 e8 03 00 00 00 20 58 c3 58 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x46bf6d exception.instruction: int 1 exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000005 exception.offset: 4636525 exception.address: 0xdabf6d	success
1619426985.144915 __exception__	stacktrace: registers.esp: 4324748 registers.edi: 4294938024 registers.eax: 14369676 registers.ebp: 3914608660 registers.edx: 587593810 registers.ebx: 72087327 registers.esi: 69350398 registers.ecx: 56308 exception.instruction_r: fb 57 e9 ef 01 00 00 2d 68 0b 3f 7a 05 d6 38 fb exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x46c8e4 exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4638948 exception.address: 0xdac8e4	success
1619426985.144915 __exception__	stacktrace: registers.esp: 4324748 registers.edi: 4294938024 registers.eax: 14340408 registers.ebp: 3914608660 registers.edx: 6379 registers.ebx: 72087327 registers.esi: 0 registers.ecx: 56308 exception.instruction_r: fb e9 f2 02 00 00 31 d6 8b 14 24 68 a1 49 70 5e exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x46c89c exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4638876 exception.address: 0xdac89c	success
1619426985.144915 __exception__	stacktrace: registers.esp: 4324744 registers.edi: 14369368 registers.eax: 29141 registers.ebp: 3914608660 registers.edx: 654654 registers.ebx: 1975897221 registers.esi: 0 registers.ecx: 14340469 exception.instruction_r: fb 56 51 e9 84 fb ff ff 81 c6 06 71 44 f8 e9 11 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x4749e4 exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4671972 exception.address: 0xdb49e4	success
1619426985.144915 __exception__	stacktrace: registers.esp: 4324748 registers.edi: 14398509 registers.eax: 29141 registers.ebp: 3914608660 registers.edx: 4294941448 registers.ebx: 1975897221 registers.esi: 0 registers.ecx: 322689 exception.instruction_r: fb 56 be 00 d1 fb 77 55 bd 00 00 00 00 e9 e2 04 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x4749a4 exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4671908 exception.address: 0xdb49a4	success
1619426985.425915 __exception__	stacktrace: registers.esp: 4324744 registers.edi: 12731966 registers.eax: 25417 registers.ebp: 3914608660 registers.edx: 6 registers.ebx: 72087608 registers.esi: 1983190032 registers.ecx: 14406438 exception.instruction_r: fb 52 89 1c 24 52 57 bf 5b b4 bd 7f 81 ef e7 3d exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x47d5ba exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4707770 exception.address: 0xdbd5ba	success
1619426985.425915 __exception__	stacktrace: registers.esp: 4324748 registers.edi: 12731966 registers.eax: 25417 registers.ebp: 3914608660 registers.edx: 6 registers.ebx: 72087608 registers.esi: 1983190032 registers.ecx: 14431855 exception.instruction_r: fb 31 ff 51 e9 32 ff ff ff ba 04 00 00 00 e9 0c exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x47d8ff exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4708607 exception.address: 0xdbd8ff	success
1619426985.425915 __exception__	stacktrace: registers.esp: 4324748 registers.edi: 4294944600 registers.eax: 25417 registers.ebp: 3914608660 registers.edx: 6 registers.ebx: 72087608 registers.esi: 1179202795 registers.ecx: 14431855 exception.instruction_r: fb 52 57 68 dc f4 9f 5f 5f 81 c7 4b e8 bf 1f 81 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x47d34c exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4707148 exception.address: 0xdbd34c	success
1619426985.425915 __exception__	stacktrace: registers.esp: 4324744 registers.edi: 4294944600 registers.eax: 28549 registers.ebp: 3914608660 registers.edx: 1886309219 registers.ebx: 1491179776 registers.esi: 14411475 registers.ecx: 97454803 exception.instruction_r: fb e9 11 0a 00 00 89 e7 e9 57 09 00 00 81 ef 04 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x47e762 exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4712290 exception.address: 0xdbe762	success
1619426985.425915 __exception__	stacktrace: registers.esp: 4324748 registers.edi: 59731 registers.eax: 28549 registers.ebp: 3914608660 registers.edx: 0 registers.ebx: 1491179776 registers.esi: 14414320 registers.ecx: 97454803 exception.instruction_r: fb b8 ad 47 da 75 56 52 51 e9 aa fa ff ff 81 c2 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x47ed03 exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4713731 exception.address: 0xdbed03	success
1619426985.425915 __exception__	stacktrace: registers.esp: 4324736 registers.edi: 14454790 registers.eax: 27109 registers.ebp: 3914608660 registers.edx: 2130566132 registers.ebx: 14479187 registers.esi: 28874752 registers.ecx: 3287089152 exception.instruction_r: fb e9 de 07 00 00 ff 34 24 8b 04 24 81 c4 04 00 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x489056 exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4755542 exception.address: 0xdc9056	success
1619426985.425915 __exception__	stacktrace: registers.esp: 4324740 registers.edi: 14481899 registers.eax: 27109 registers.ebp: 3914608660 registers.edx: 2130566132 registers.ebx: 14479187 registers.esi: 28874752 registers.ecx: 3287089152 exception.instruction_r: fb 56 e9 c3 f8 ff ff 05 04 00 00 00 52 ba 04 00 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x48980c exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4757516 exception.address: 0xdc980c	success
1619426985.425915 __exception__	stacktrace: registers.esp: 4324740 registers.edi: 14457559 registers.eax: 2353723240 registers.ebp: 3914608660 registers.edx: 2130566132 registers.ebx: 14479187 registers.esi: 28874752 registers.ecx: 0 exception.instruction_r: fb 51 56 be 9b 59 e5 1a e9 b7 fb ff ff 81 2c 24 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x48997d exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4757885 exception.address: 0xdc997d	success
1619426985.425915 __exception__	stacktrace: registers.esp: 4324740 registers.edi: 12720366 registers.eax: 32258 registers.ebp: 3914608660 registers.edx: 2130566132 registers.ebx: 14510198 registers.esi: 14546475 registers.ecx: 3287089152 exception.instruction_r: fb e9 f6 00 00 00 57 e9 77 f9 ff ff 29 fe e9 50 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x4983bc exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4817852 exception.address: 0xdd83bc	success
1619426985.425915 __exception__	stacktrace: registers.esp: 4324740 registers.edi: 116969 registers.eax: 32258 registers.ebp: 3914608660 registers.edx: 2130566132 registers.ebx: 0 registers.esi: 14517471 registers.ecx: 3287089152 exception.instruction_r: fb 55 68 97 5b df 73 5d 52 ba 58 c9 73 7f b9 bd exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x497e11 exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4816401 exception.address: 0xdd7e11	success
1619426985.425915 __exception__	stacktrace: registers.esp: 4324708 registers.edi: 14261943 registers.eax: 28906 registers.ebp: 3914608660 registers.edx: 2130566132 registers.ebx: 14623107 registers.esi: 14588260 registers.ecx: 3287089152 exception.instruction_r: fb 51 c7 04 24 ba d2 5f 5f 81 04 24 6f 53 bb 67 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x4ab801 exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4896769 exception.address: 0xdeb801	success
1619426985.425915 __exception__	stacktrace: registers.esp: 4324708 registers.edi: 14261943 registers.eax: 0 registers.ebp: 3914608660 registers.edx: 2298801283 registers.ebx: 14597427 registers.esi: 14588260 registers.ecx: 3287089152 exception.instruction_r: fb e9 26 02 00 00 83 c4 04 81 c3 04 00 00 00 81 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x4ab88e exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4896910 exception.address: 0xdeb88e	success
1619426985.425915 __exception__	stacktrace: registers.esp: 4324708 registers.edi: 14261943 registers.eax: 32666 registers.ebp: 3914608660 registers.edx: 2298801283 registers.ebx: 507660032 registers.esi: 14588260 registers.ecx: 14630421 exception.instruction_r: fb 55 89 e5 81 c5 04 00 00 00 83 ed 04 87 2c 24 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x4abfbc exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4898748 exception.address: 0xdebfbc	success
1619426985.441915 __exception__	stacktrace: registers.esp: 4324708 registers.edi: 14261943 registers.eax: 32666 registers.ebp: 3914608660 registers.edx: 2298801283 registers.ebx: 4294937488 registers.esi: 602493522 registers.ecx: 14630421 exception.instruction_r: fb 56 89 04 24 51 e9 d6 fe ff ff 01 d7 81 ef 81 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x4ac444 exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4899908 exception.address: 0xdec444	success
1619426985.441915 __exception__	stacktrace: registers.esp: 4324704 registers.edi: 14261943 registers.eax: 26157 registers.ebp: 3914608660 registers.edx: 957151775 registers.ebx: 519977843 registers.esi: 14601015 registers.ecx: 14630421 exception.instruction_r: fb 50 b8 38 f0 db 7e c1 e0 04 0d f5 7f 67 7b 05 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x4ad2af exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4903599 exception.address: 0xded2af	success
1619426985.441915 __exception__	stacktrace: registers.esp: 4324708 registers.edi: 14261943 registers.eax: 26157 registers.ebp: 3914608660 registers.edx: 957151775 registers.ebx: 519977843 registers.esi: 14627172 registers.ecx: 14630421 exception.instruction_r: fb e9 7c fd ff ff 53 bb 34 af 7e 77 81 eb 30 af exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x4ad048 exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4902984 exception.address: 0xded048	success
1619426985.441915 __exception__	stacktrace: registers.esp: 4324708 registers.edi: 0 registers.eax: 51767637 registers.ebp: 3914608660 registers.edx: 957151775 registers.ebx: 519977843 registers.esi: 14604176 registers.ecx: 14630421 exception.instruction_r: fb 68 95 b2 65 64 89 1c 24 89 e3 56 e9 01 fc ff exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x4ad783 exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4904835 exception.address: 0xded783	success
1619426985.441915 __exception__	stacktrace: registers.esp: 4324708 registers.edi: 3918184939 registers.eax: 29077 registers.ebp: 3914608660 registers.edx: 14646560 registers.ebx: 3923756031 registers.esi: 14610943 registers.ecx: 1866306733 exception.instruction_r: fb 31 c0 ff 34 10 8b 1c 24 e9 44 00 00 00 81 c5 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x4b131c exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4920092 exception.address: 0xdf131c	success
1619426985.441915 __exception__	stacktrace: registers.esp: 4324708 registers.edi: 3918184939 registers.eax: 4294941140 registers.ebp: 3914608660 registers.edx: 14646560 registers.ebx: 2298801283 registers.esi: 14610943 registers.ecx: 1866306733 exception.instruction_r: fb 52 50 b8 50 43 b9 66 50 57 bf 12 45 fc 7e 31 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x4b0eb9 exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4918969 exception.address: 0xdf0eb9	success
1619426985.441915 __exception__	stacktrace: registers.esp: 4324704 registers.edi: 3918184939 registers.eax: 26647 registers.ebp: 3914608660 registers.edx: 2130378752 registers.ebx: 65802 registers.esi: 14635680 registers.ecx: 2002452622 exception.instruction_r: fb 81 c6 3e e0 7a 69 55 e9 47 fd ff ff 81 c4 04 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x4b5717 exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4937495 exception.address: 0xdf5717	success
1619426985.441915 __exception__	stacktrace: registers.esp: 4324708 registers.edi: 3918184939 registers.eax: 26647 registers.ebp: 3914608660 registers.edx: 2130378752 registers.ebx: 65802 registers.esi: 14662327 registers.ecx: 2002452622 exception.instruction_r: fb e9 85 00 00 00 55 89 14 24 ba 7c cf b7 75 29 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x4b56f8 exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4937464 exception.address: 0xdf56f8	success
1619426985.441915 __exception__	stacktrace: registers.esp: 4324708 registers.edi: 3918184939 registers.eax: 73193 registers.ebp: 3914608660 registers.edx: 2130378752 registers.ebx: 65802 registers.esi: 14638459 registers.ecx: 0 exception.instruction_r: fb 51 89 14 24 51 b9 fb a3 ef 7d c1 e9 07 e9 00 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x4b5d10 exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4939024 exception.address: 0xdf5d10	success
1619426985.441915 __exception__	stacktrace: registers.esp: 4324704 registers.edi: 3918184939 registers.eax: 30346 registers.ebp: 3914608660 registers.edx: 2130378752 registers.ebx: 14646657 registers.esi: 14638459 registers.ecx: 2132186343 exception.instruction_r: fb e9 10 00 00 00 89 04 24 89 2c 24 bd a4 1e ea exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x4b8003 exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4947971 exception.address: 0xdf8003	success
1619426985.441915 __exception__	stacktrace: registers.esp: 4324708 registers.edi: 3918184939 registers.eax: 30346 registers.ebp: 3914608660 registers.edx: 2130378752 registers.ebx: 14677003 registers.esi: 14638459 registers.ecx: 2132186343 exception.instruction_r: fb e9 57 03 00 00 87 04 24 5c e9 49 04 00 00 46 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x4b8062 exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4948066 exception.address: 0xdf8062	success
1619426985.441915 __exception__	stacktrace: registers.esp: 4324708 registers.edi: 3918184939 registers.eax: 30346 registers.ebp: 3914608660 registers.edx: 0 registers.ebx: 14649563 registers.esi: 14638459 registers.ecx: 157417 exception.instruction_r: fb 83 ec 04 e9 b7 f9 ff ff 4b f7 d3 43 4b 81 eb exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x4b8649 exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4949577 exception.address: 0xdf8649	success
1619426985.441915 __exception__	stacktrace: registers.esp: 4324704 registers.edi: 14651813 registers.eax: 31522 registers.ebp: 3914608660 registers.edx: 833107260 registers.ebx: 1473934442 registers.esi: 0 registers.ecx: 28827 exception.instruction_r: fb 57 89 e7 81 c7 04 00 00 00 81 ef 04 00 00 00 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x4b9689 exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4953737 exception.address: 0xdf9689	success
1619426985.441915 __exception__	stacktrace: registers.esp: 4324708 registers.edi: 14683335 registers.eax: 31522 registers.ebp: 3914608660 registers.edx: 833107260 registers.ebx: 1473934442 registers.esi: 0 registers.ecx: 28827 exception.instruction_r: fb 55 c7 04 24 94 57 ba 0c ff 34 24 ff 34 24 ff exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x4b971e exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4953886 exception.address: 0xdf971e	success
1619426985.441915 __exception__	stacktrace: registers.esp: 4324708 registers.edi: 14654615 registers.eax: 1045079144 registers.ebp: 3914608660 registers.edx: 833107260 registers.ebx: 1473934442 registers.esi: 0 registers.ecx: 28827 exception.instruction_r: fb 68 92 3f c7 3e 89 1c 24 c7 04 24 69 f0 57 6f exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x4b9c2e exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4955182 exception.address: 0xdf9c2e	success
1619426985.456915 __exception__	stacktrace: registers.esp: 4324708 registers.edi: 14684843 registers.eax: 26953 registers.ebp: 3914608660 registers.edx: 14736075 registers.ebx: 14684811 registers.esi: 14684807 registers.ecx: 3287089152 exception.instruction_r: fb 53 89 04 24 68 64 5a e6 6d e9 76 07 00 00 29 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x4c71fd exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 5009917 exception.address: 0xe071fd	success
1619426985.456915 __exception__	stacktrace: registers.esp: 4324708 registers.edi: 4294943324 registers.eax: 26953 registers.ebp: 3914608660 registers.edx: 14736075 registers.ebx: 14684811 registers.esi: 1189695568 registers.ecx: 3287089152 exception.instruction_r: fb e9 7d fe ff ff 46 81 ee 31 e9 b2 13 81 c2 1f exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x4c77bd exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 5011389 exception.address: 0xe077bd	success
1619426985.472915 __exception__	stacktrace: registers.esp: 4324704 registers.edi: 14476328 registers.eax: 30312 registers.ebp: 3914608660 registers.edx: 2130527975 registers.ebx: 14786853 registers.esi: 9673552 registers.ecx: 2913154208 exception.instruction_r: fb 55 53 bb 83 24 fa 5f bd 19 96 35 cb 29 dd e9 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x4da44c exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 5088332 exception.address: 0xe1a44c	success
1619426985.472915 __exception__	stacktrace: registers.esp: 4324708 registers.edi: 14476328 registers.eax: 30312 registers.ebp: 3914608660 registers.edx: 2130527975 registers.ebx: 14817165 registers.esi: 9673552 registers.ecx: 2913154208 exception.instruction_r: fb 53 89 2c 24 e9 24 fe ff ff 5f 52 ba ba 40 9f exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x4da3a1 exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 5088161 exception.address: 0xe1a3a1	success
1619426985.472915 __exception__	stacktrace: registers.esp: 4324708 registers.edi: 14476328 registers.eax: 30312 registers.ebp: 3914608660 registers.edx: 4294940212 registers.ebx: 14817165 registers.esi: 9673552 registers.ecx: 9451 exception.instruction_r: fb 83 ec 04 e9 96 f9 ff ff ff 34 24 e9 b6 02 00 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x4daa63 exception.instruction: sti exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 5089891 exception.address: 0xe1aa63	success

Allocates read-write-execute memory (usually to unpack itself) (19 个事件)

Time & API	Arguments	Status
1619426985.487915 NtProtectVirtualMemory	process_identifier: 2364 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x77dcf000	success
1619426985.487915 NtProtectVirtualMemory	process_identifier: 2364 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x77d40000	success
1619426985.691915 NtProtectVirtualMemory	process_identifier: 2364 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 2949120 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x00941000	success
1619426985.737915 NtAllocateVirtualMemory	process_identifier: 2364 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02640000	success
1619426985.737915 NtAllocateVirtualMemory	process_identifier: 2364 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02750000	success
1619426985.737915 NtAllocateVirtualMemory	process_identifier: 2364 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02760000	success
1619426985.737915 NtAllocateVirtualMemory	process_identifier: 2364 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02770000	success
1619426985.737915 NtAllocateVirtualMemory	process_identifier: 2364 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x028c0000	success
1619426985.737915 NtAllocateVirtualMemory	process_identifier: 2364 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x028d0000	success
1619426985.753915 NtAllocateVirtualMemory	process_identifier: 2364 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02920000	success
1619426985.753915 NtAllocateVirtualMemory	process_identifier: 2364 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02930000	success
1619426985.753915 NtAllocateVirtualMemory	process_identifier: 2364 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02980000	success
1619426985.753915 NtAllocateVirtualMemory	process_identifier: 2364 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02a90000	success
1619426985.753915 NtAllocateVirtualMemory	process_identifier: 2364 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02aa0000	success
1619426985.753915 NtAllocateVirtualMemory	process_identifier: 2364 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02ab0000	success
1619426985.769915 NtAllocateVirtualMemory	process_identifier: 2364 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x028c0000	success
1619426985.769915 NtAllocateVirtualMemory	process_identifier: 2364 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x028c0000	success
1619426985.769915 NtAllocateVirtualMemory	process_identifier: 2364 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x028c0000	success
1619426985.769915 NtAllocateVirtualMemory	process_identifier: 2364 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x028c0000	success

The binary likely contains encrypted or compressed data indicative of a packer (4 个事件)

entropy

7.99319075590353

section

{'size_of_data': '0x002d0000', 'virtual_address': '0x00001000', 'entropy': 7.99319075590353, 'name': ' \\x00 ', 'virtual_size': '0x002d0000'}

description

A section with a high entropy has been found

entropy

7.832238571056721

section

{'size_of_data': '0x00002400', 'virtual_address': '0x002d1000', 'entropy': 7.832238571056721, 'name': '.rsrc', 'virtual_size': '0x00010aad'}

description

A section with a high entropy has been found

entropy

7.914163339125102

section

{'size_of_data': '0x001b5200', 'virtual_address': '0x00587000', 'entropy': 7.914163339125102, 'name': 'bpmvbcxz', 'virtual_size': '0x001b6000'}

description

A section with a high entropy has been found

entropy

0.9996766544513904

description

Overall entropy of this PE file is high

Expresses interest in specific running processes (1 个事件)

process

system

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Attempts to identify installed AV products by installation directory (2 个事件)

file	C:\ProgramData\AVAST Software
file	C:\ProgramData\AVG

Checks for the presence of known devices from debuggers and forensic tools (3 个事件)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (20 个事件)

Time & API	Arguments	Status
1619426985.456915 FindWindowA	class_name: OLLYDBG window_name:	failed
1619426985.456915 FindWindowA	class_name: GBDYLLO window_name:	failed
1619426985.456915 FindWindowA	class_name: pediy06 window_name:	failed
1619426985.472915 FindWindowA	class_name: FilemonClass window_name:	failed
1619426985.472915 FindWindowA	class_name: FilemonClass window_name:	failed
1619426985.472915 FindWindowA	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com	failed
1619426985.472915 FindWindowA	class_name: PROCMON_WINDOW_CLASS window_name:	failed
1619426985.472915 FindWindowA	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com	failed
1619426985.472915 FindWindowA	class_name: RegmonClass window_name:	failed
1619426985.472915 FindWindowA	class_name: RegmonClass window_name:	failed
1619426985.472915 FindWindowA	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com	failed
1619426985.472915 FindWindowA	class_name: 18467-41 window_name:	failed
1619426985.675915 FindWindowA	class_name: FilemonClass window_name:	failed
1619426985.675915 FindWindowA	class_name: FilemonClass window_name:	failed
1619426985.675915 FindWindowA	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com	failed
1619426985.675915 FindWindowA	class_name: PROCMON_WINDOW_CLASS window_name:	failed
1619426985.675915 FindWindowA	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com	failed
1619426987.472915 FindWindowA	class_name: OLLYDBG window_name:	failed
1619426987.472915 FindWindowA	class_name: GBDYLLO window_name:	failed
1619426987.472915 FindWindowA	class_name: pediy06 window_name:	failed

Checks the version of Bios, possibly for anti-virtualization (2 个事件)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Detects VirtualBox through the presence of a registry key (1 个事件)

registry

HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Detects VMWare through the in instruction feature (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619426984.925915 __exception__	stacktrace: registers.esp: 4324740 registers.edi: 4294938024 registers.eax: 1447909480 registers.ebp: 3914608660 registers.edx: 22104 registers.ebx: 1983254709 registers.esi: 14300900 registers.ecx: 20 exception.instruction_r: ed 64 8f 05 00 00 00 00 68 bf 49 1a 46 e9 5e 07 exception.symbol: 57afe7c6eae81f93e3e6a085b6bd7961+0x4682a8 exception.instruction: in eax, dx exception.module: 57afe7c6eae81f93e3e6a085b6bd7961.exe exception.exception_code: 0xc0000096 exception.offset: 4620968 exception.address: 0xda82a8	success	0	0

Detects the presence of Wine emulator (1 个事件)

registry

HKEY_CURRENT_USER\Software\Wine

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-08-01 15:14:03

Imports

Library kernel32.dll:

• 0x6e2033 lstrcpy

Library comctl32.dll:

• 0x6e203b InitCommonControls

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	51378	114.114.114.114	53
192.168.56.101	53237	114.114.114.114	53
192.168.56.101	57874	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	58367	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	49236	239.255.255.250	3702
192.168.56.101	51966	239.255.255.250	1900
192.168.56.101	53238	239.255.255.250	3702
192.168.56.101	53240	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.