SmartHawk

1.4

低危

1 个模型检测该样本为恶意！

407043348df57c2ef4ce84f1246228874c77134b69803a4c788e47d541e2939e

586166c62b1d4cdab8e2416851dba61d.exe

分析耗时

75s

最近分析

文件大小

18.0KB

静态报毒动态报毒 UNSAFE

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee		20180820	6.0.6.653
Baidu		20180820	1.0.0.2
Avast		20180820	18.4.3895.0
Tencent		20180820	1.0.0.1
Kingsoft		20180820	2013.8.14.323
CrowdStrike		20180723	1.0

This executable has a PDB path (1 个事件)

pdb_path

e:\test\UXP\obj-pm32-i686-pc-mingw32\ipc\app\plugin-container.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.gfids

File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)

Cylance

Unsafe

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2018-07-21 08:07:31

Imports

Library mozglue.dll:

• 0x403100 ?moz_Xout_of_range@std@@YAXPBD@Z

• 0x403104 ?moz_Xlength_error@std@@YAXPBD@Z

• 0x403108 ?DllBlocklist_Initialize@@YAXXZ

• 0x40310c moz_xmalloc

• 0x403110 free

Library KERNEL32.dll:

• 0x403000 SetUnhandledExceptionFilter

• 0x403004 UnhandledExceptionFilter

• 0x403008 MultiByteToWideChar

• 0x40300c GetEnvironmentVariableW

• 0x403010 SetEnvironmentVariableW

• 0x403014 IsProcessorFeaturePresent

• 0x403018 SetDllDirectoryW

• 0x40301c GetLastError

• 0x403020 GetCurrentProcess

• 0x403024 ExpandEnvironmentStringsW

• 0x403028 TerminateProcess

• 0x40302c LoadLibraryExA

• 0x403030 GetProcAddress

• 0x403034 GetModuleHandleW

• 0x403038 FreeLibrary

• 0x40303c VirtualQuery

• 0x403040 VirtualProtect

• 0x403044 GetSystemInfo

• 0x403048 RaiseException

• 0x40304c GetCurrentProcessId

• 0x403050 GetCurrentThreadId

• 0x403054 IsDebuggerPresent

• 0x403058 GetSystemTimeAsFileTime

• 0x40305c InitializeSListHead

• 0x403060 QueryPerformanceCounter

Library MSVCP140.dll:

• 0x403068 ?_Xbad_alloc@std@@YAXXZ

Library VCRUNTIME140.dll:

• 0x403070 _purecall

• 0x403074 memset

• 0x403078 memmove

• 0x40307c _except_handler4_common

• 0x403080 memcpy

Library api-ms-win-crt-runtime-l1-1-0.dll:

• 0x4030a0 _seh_filter_exe

• 0x4030a4 __p___argc

• 0x4030a8 _register_thread_local_exe_atexit_callback

• 0x4030ac _crt_atexit

• 0x4030b0 _controlfp_s

• 0x4030b4 terminate

• 0x4030b8 _invalid_parameter_noinfo_noreturn

• 0x4030bc _c_exit

• 0x4030c0 _set_app_type

• 0x4030c4 _cexit

• 0x4030c8 _register_onexit_function

• 0x4030cc _exit

• 0x4030d0 exit

• 0x4030d4 _initterm_e

• 0x4030d8 __p___wargv

• 0x4030dc _initialize_wide_environment

• 0x4030e0 _get_initial_wide_environment

• 0x4030e4 _initialize_onexit_table

• 0x4030e8 _configure_wide_argv

• 0x4030ec _initterm

Library api-ms-win-crt-math-l1-1-0.dll:

• 0x403098 __setusermatherr

Library api-ms-win-crt-stdio-l1-1-0.dll:

• 0x4030f4 _set_fmode

• 0x4030f8 __p__commode

Library api-ms-win-crt-locale-l1-1-0.dll:

• 0x403090 _configthreadlocale

Library api-ms-win-crt-heap-l1-1-0.dll:

• 0x403088 _set_new_mode

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50002	114.114.114.114	53
192.168.56.101	53237	114.114.114.114	53
192.168.56.101	57756	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	62318	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50003	239.255.255.250	3702
192.168.56.101	51966	239.255.255.250	1900
192.168.56.101	58368	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.