2.8
中危
1 个模型检测该样本为恶意!
重新分析
更多

cdb2682b127f317cb8f573645a6d8b10d31be13c6aa543dd255758dd11a5ff04

595045682f367494f9b40a827a20c5f8.exe

分析耗时

27s

最近分析

文件大小

531.1KB
静态报毒 动态报毒 2345CN
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20200304 6.0.6.653
CrowdStrike 20190702 1.0
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20200309 18.4.3895.0
Tencent 20200309 1.0.0.1
Kingsoft 20200309 2013.8.14.323
静态指标
This executable is signed
This executable has a PDB path (1 个事件)
pdb_path F:\branches\3.9\Rhino\Safe\Bin\Win32\release\pdb\2345ExtShell64.pdb
行为判定
动态指标
Foreign language identified in PE resource (1 个事件)
name RT_VERSION language LANG_CHINESE offset 0x000840a0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000310
File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)
Microsoft PUA:Win32/2345Cn
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-03-11 14:10:53

Imports

Library KERNEL32.dll:
0x14005c000 FreeLibrary
0x14005c008 LoadLibraryW
0x14005c010 GetProcAddress
0x14005c018 LoadLibraryExW
0x14005c020 GetModuleHandleW
0x14005c028 GetModuleFileNameW
0x14005c030 SearchPathW
0x14005c038 GetFileAttributesW
0x14005c040 LoadLibraryA
0x14005c050 FindFirstFileW
0x14005c058 CreateFileW
0x14005c060 GetLastError
0x14005c068 GetLongPathNameW
0x14005c070 GetFileAttributesExW
0x14005c078 GetShortPathNameW
0x14005c080 TryEnterCriticalSection
0x14005c090 LeaveCriticalSection
0x14005c098 EnterCriticalSection
0x14005c0a0 DeleteCriticalSection
0x14005c0a8 GetVersionExW
0x14005c0b0 lstrlenW
0x14005c0b8 lstrcmpiW
0x14005c0c0 lstrcatW
0x14005c0c8 lstrcpyW
0x14005c0d0 GetDriveTypeW
0x14005c0d8 GetFileSizeEx
0x14005c0e0 CloseHandle
0x14005c0e8 SetFilePointer
0x14005c0f0 SetEndOfFile
0x14005c0f8 WriteFile
0x14005c100 ReadFile
0x14005c108 DeleteFileW
0x14005c110 GetFullPathNameW
0x14005c118 GetTempFileNameW
0x14005c120 MoveFileExW
0x14005c128 CreateDirectoryW
0x14005c130 SetFileTime
0x14005c138 GetSystemDirectoryW
0x14005c140 CopyFileW
0x14005c148 GetTempPathW
0x14005c150 GetCurrentDirectoryW
0x14005c158 MoveFileW
0x14005c160 SetCurrentDirectoryW
0x14005c168 RemoveDirectoryW
0x14005c170 GetWindowsDirectoryW
0x14005c178 SetFileAttributesW
0x14005c180 FindClose
0x14005c188 FindNextFileW
0x14005c190 GetFileSize
0x14005c198 GetFileTime
0x14005c1a0 CreateMutexW
0x14005c1a8 WaitForSingleObject
0x14005c1b0 Sleep
0x14005c1b8 OpenMutexW
0x14005c1c0 ReleaseMutex
0x14005c1c8 FormatMessageW
0x14005c1d0 LocalFree
0x14005c1d8 HeapAlloc
0x14005c1e0 HeapFree
0x14005c1e8 GetProcessHeap
0x14005c1f0 OpenProcess
0x14005c1f8 GlobalAlloc
0x14005c200 GlobalFree
0x14005c208 GetCurrentThreadId
0x14005c210 FindResourceW
0x14005c218 LoadResource
0x14005c220 LockResource
0x14005c228 GetSystemInfo
0x14005c230 EncodePointer
0x14005c238 DecodePointer
0x14005c240 GetCommandLineW
0x14005c248 IsDebuggerPresent
0x14005c258 GetSystemTimeAsFileTime
0x14005c260 RtlPcToFileHeader
0x14005c268 RaiseException
0x14005c270 RtlLookupFunctionEntry
0x14005c278 RtlUnwindEx
0x14005c280 ExitProcess
0x14005c288 GetModuleHandleExW
0x14005c290 AreFileApisANSI
0x14005c298 MultiByteToWideChar
0x14005c2a0 WideCharToMultiByte
0x14005c2a8 HeapSize
0x14005c2b0 SetLastError
0x14005c2b8 GetCurrentThread
0x14005c2c0 GetStdHandle
0x14005c2c8 GetFileType
0x14005c2d0 GetStartupInfoW
0x14005c2d8 QueryPerformanceCounter
0x14005c2e0 GetCurrentProcessId
0x14005c2e8 GetEnvironmentStringsW
0x14005c2f0 FreeEnvironmentStringsW
0x14005c2f8 RtlCaptureContext
0x14005c300 RtlVirtualUnwind
0x14005c308 UnhandledExceptionFilter
0x14005c320 CreateEventW
0x14005c328 GetCurrentProcess
0x14005c330 TerminateProcess
0x14005c338 TlsAlloc
0x14005c340 TlsGetValue
0x14005c348 TlsSetValue
0x14005c350 TlsFree
0x14005c358 GetTickCount
0x14005c360 CreateSemaphoreW
0x14005c368 IsValidCodePage
0x14005c370 GetACP
0x14005c378 GetOEMCP
0x14005c380 GetCPInfo
0x14005c388 GetStringTypeW
0x14005c390 FatalAppExitA
0x14005c398 SetConsoleCtrlHandler
0x14005c3a0 HeapReAlloc
0x14005c3a8 GetDateFormatW
0x14005c3b0 GetTimeFormatW
0x14005c3b8 CompareStringW
0x14005c3c0 LCMapStringW
0x14005c3c8 GetLocaleInfoW
0x14005c3d0 IsValidLocale
0x14005c3d8 GetUserDefaultLCID
0x14005c3e0 EnumSystemLocalesW
0x14005c3e8 OutputDebugStringW
0x14005c3f0 GetConsoleCP
0x14005c3f8 GetConsoleMode
0x14005c400 SetFilePointerEx
0x14005c408 SetStdHandle
0x14005c410 WriteConsoleW
0x14005c418 FlushFileBuffers

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 55369 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62194 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.