SmartHawk

2.8

中危

该样本未表现出任何异常！

4fde532b0edf011309b4e4b07e6880afd25416c2582851b62edbb35eb13b1aa4

5b5839ac8fbd979f67dc84c33f00a17e.exe

分析耗时

124s

最近分析

文件大小

138.5KB

静态报毒动态报毒

未检测暂无鹰眼引擎检测结果

未检测暂无反病毒引擎检测结果

Checks if process is being debugged by a debugger (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620801807.814 IsDebuggerPresent		failed	0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)

section	CODE
section	DATA
section	BSS

The executable uses a known packer (1 个事件)

packer

BobSoft Mini Delphi -> BoB / BobSoft

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)

dead_host	172.217.24.14:443
dead_host	172.217.160.78:443
dead_host	216.58.200.46:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:

• 0x41c1cc DeleteCriticalSection

• 0x41c1d0 LeaveCriticalSection

• 0x41c1d4 EnterCriticalSection

• 0x41c1d8 InitializeCriticalSection

• 0x41c1dc VirtualFree

• 0x41c1e0 VirtualAlloc

• 0x41c1e4 LocalFree

• 0x41c1e8 LocalAlloc

• 0x41c1ec GetVersion

• 0x41c1f0 GetCurrentThreadId

• 0x41c1f4 WideCharToMultiByte

• 0x41c1f8 GetThreadLocale

• 0x41c1fc GetStartupInfoA

• 0x41c200 GetLocaleInfoA

• 0x41c204 GetCommandLineA

• 0x41c208 FreeLibrary

• 0x41c20c ExitProcess

• 0x41c210 WriteFile

• 0x41c214 UnhandledExceptionFilter

• 0x41c218 RtlUnwind

• 0x41c21c RaiseException

• 0x41c220 GetStdHandle

Library user32.dll:

• 0x41c228 GetKeyboardType

• 0x41c22c MessageBoxA

Library advapi32.dll:

• 0x41c234 RegQueryValueExA

• 0x41c238 RegOpenKeyExA

• 0x41c23c RegCloseKey

Library oleaut32.dll:

• 0x41c244 SysFreeString

• 0x41c248 SysReAllocStringLen

Library kernel32.dll:

• 0x41c250 TlsSetValue

• 0x41c254 TlsGetValue

• 0x41c258 LocalAlloc

• 0x41c25c GetModuleHandleA

Library advapi32.dll:

• 0x41c264 RegCloseKey

• 0x41c268 OpenThreadToken

• 0x41c26c OpenProcessToken

• 0x41c270 GetTokenInformation

• 0x41c274 FreeSid

• 0x41c278 EqualSid

• 0x41c27c AllocateAndInitializeSid

• 0x41c280 AdjustTokenPrivileges

Library kernel32.dll:

• 0x41c288 WriteFile

• 0x41c28c WinExec

• 0x41c290 WaitForSingleObject

• 0x41c294 TerminateProcess

• 0x41c298 Sleep

• 0x41c29c SetFileTime

• 0x41c2a0 SetFilePointer

• 0x41c2a4 SetErrorMode

• 0x41c2a8 SetEndOfFile

• 0x41c2ac ReadFile

• 0x41c2b0 OpenProcess

• 0x41c2b4 MultiByteToWideChar

• 0x41c2b8 LocalFileTimeToFileTime

• 0x41c2bc LoadLibraryA

• 0x41c2c0 GlobalFree

• 0x41c2c4 GlobalAlloc

• 0x41c2c8 GetVersion

• 0x41c2cc GetUserDefaultLangID

• 0x41c2d0 GetProcAddress

• 0x41c2d4 GetModuleHandleA

• 0x41c2d8 GetLastError

• 0x41c2dc GetFileTime

• 0x41c2e0 GetFileSize

• 0x41c2e4 GetExitCodeProcess

• 0x41c2e8 GetCurrentThread

• 0x41c2ec GetCurrentProcess

• 0x41c2f0 FreeLibrary

• 0x41c2f4 FindClose

• 0x41c2f8 FileTimeToSystemTime

• 0x41c2fc FileTimeToLocalFileTime

• 0x41c300 DosDateTimeToFileTime

• 0x41c304 CloseHandle

Library gdi32.dll:

• 0x41c30c StretchDIBits

• 0x41c310 StretchBlt

• 0x41c314 SetWindowOrgEx

• 0x41c318 SetTextColor

• 0x41c31c SetStretchBltMode

• 0x41c320 SetRectRgn

• 0x41c324 SetROP2

• 0x41c328 SetPixel

• 0x41c32c SetDIBits

• 0x41c330 SetBrushOrgEx

• 0x41c334 SetBkMode

• 0x41c338 SetBkColor

• 0x41c33c SelectObject

• 0x41c340 SaveDC

• 0x41c344 RestoreDC

• 0x41c348 OffsetRgn

• 0x41c34c MoveToEx

• 0x41c350 IntersectClipRect

• 0x41c354 GetTextExtentPoint32A

• 0x41c358 GetStockObject

• 0x41c35c GetPixel

• 0x41c360 GetDIBits

• 0x41c364 ExtSelectClipRgn

• 0x41c368 ExcludeClipRect

• 0x41c36c DeleteObject

• 0x41c370 DeleteDC

• 0x41c374 CreateSolidBrush

• 0x41c378 CreateRectRgn

• 0x41c37c CreateDIBSection

• 0x41c380 CreateCompatibleDC

• 0x41c384 CreateCompatibleBitmap

• 0x41c388 CreateBrushIndirect

• 0x41c38c CombineRgn

• 0x41c390 BitBlt

Library user32.dll:

• 0x41c398 WaitMessage

• 0x41c39c ValidateRect

• 0x41c3a0 TranslateMessage

• 0x41c3a4 ShowWindow

• 0x41c3a8 SetWindowPos

• 0x41c3ac SetTimer

• 0x41c3b0 SetParent

• 0x41c3b4 SetForegroundWindow

• 0x41c3b8 SetFocus

• 0x41c3bc SetCursor

• 0x41c3c0 SendMessageA

• 0x41c3c4 ScreenToClient

• 0x41c3c8 ReleaseDC

• 0x41c3cc PostQuitMessage

• 0x41c3d0 OffsetRect

• 0x41c3d4 KillTimer

• 0x41c3d8 IsZoomed

• 0x41c3dc IsWindowVisible

• 0x41c3e0 IsWindowEnabled

• 0x41c3e4 IsWindow

• 0x41c3e8 IsIconic

• 0x41c3ec InvalidateRect

• 0x41c3f0 GetWindowRgn

• 0x41c3f4 GetWindowRect

• 0x41c3f8 GetWindowDC

• 0x41c3fc GetUpdateRgn

• 0x41c400 GetSystemMetrics

• 0x41c404 GetSystemMenu

• 0x41c408 GetSysColor

• 0x41c40c GetParent

• 0x41c410 GetWindow

• 0x41c414 GetKeyState

• 0x41c418 GetFocus

• 0x41c41c GetDCEx

• 0x41c420 GetDC

• 0x41c424 GetCursorPos

• 0x41c428 GetClientRect

• 0x41c42c GetCapture

• 0x41c430 FillRect

• 0x41c434 ExitWindowsEx

• 0x41c438 EnumWindows

• 0x41c43c EndPaint

• 0x41c440 EnableWindow

• 0x41c444 EnableMenuItem

• 0x41c448 DrawIcon

• 0x41c44c DestroyWindow

• 0x41c450 DestroyIcon

• 0x41c454 DeleteMenu

• 0x41c458 CopyImage

• 0x41c45c ClientToScreen

• 0x41c460 CheckRadioButton

• 0x41c464 BeginPaint

• 0x41c468 CharLowerBuffA

Library winmm.dll:

• 0x41c470 timeKillEvent

• 0x41c474 timeSetEvent

Library oleaut32.dll:

• 0x41c47c SysAllocStringLen

Library ole32.dll:

• 0x41c484 OleInitialize

Library comctl32.dll:

• 0x41c48c ImageList_Draw

• 0x41c490 ImageList_SetBkColor

• 0x41c494 ImageList_Create

• 0x41c498 InitCommonControls

Library shell32.dll:

• 0x41c4a0 SHGetFileInfoA

Library user32.dll:

• 0x41c4a8 wvsprintfA

• 0x41c4ac SetWindowLongA

• 0x41c4b0 SetPropA

• 0x41c4b4 SendMessageA

• 0x41c4b8 RemovePropA

• 0x41c4bc RegisterClassA

• 0x41c4c0 PostMessageA

• 0x41c4c4 PeekMessageA

• 0x41c4c8 MessageBoxA

• 0x41c4cc LoadIconA

• 0x41c4d0 LoadCursorA

• 0x41c4d4 GetWindowTextLengthA

• 0x41c4d8 GetWindowTextA

• 0x41c4dc GetWindowLongA

• 0x41c4e0 GetPropA

• 0x41c4e4 GetClassLongA

• 0x41c4e8 GetClassInfoA

• 0x41c4ec FindWindowA

• 0x41c4f0 DrawTextA

• 0x41c4f4 DispatchMessageA

• 0x41c4f8 DefWindowProcA

• 0x41c4fc CreateWindowExA

• 0x41c500 CallWindowProcA

Library gdi32.dll:

• 0x41c508 GetObjectA

• 0x41c50c CreateFontIndirectA

• 0x41c510 AddFontResourceA

Library kernel32.dll:

• 0x41c518 WritePrivateProfileStringA

• 0x41c51c SetFileAttributesA

• 0x41c520 SetCurrentDirectoryA

• 0x41c524 RemoveDirectoryA

• 0x41c528 LoadLibraryA

• 0x41c52c GetWindowsDirectoryA

• 0x41c530 GetVersionExA

• 0x41c534 GetTimeFormatA

• 0x41c538 GetTempPathA

• 0x41c53c GetSystemDirectoryA

• 0x41c540 GetShortPathNameA

• 0x41c544 GetPrivateProfileStringA

• 0x41c548 GetModuleHandleA

• 0x41c54c GetModuleFileNameA

• 0x41c550 GetFullPathNameA

• 0x41c554 GetFileAttributesA

• 0x41c558 GetDiskFreeSpaceA

• 0x41c55c GetDateFormatA

• 0x41c560 GetComputerNameA

• 0x41c564 GetCommandLineA

• 0x41c568 FormatMessageA

• 0x41c56c FindNextFileA

• 0x41c570 FindFirstFileA

• 0x41c574 ExpandEnvironmentStringsA

• 0x41c578 DeleteFileA

• 0x41c57c CreateFileA

• 0x41c580 CreateDirectoryA

• 0x41c584 CompareStringA

Library advapi32.dll:

• 0x41c58c RegSetValueExA

• 0x41c590 RegQueryValueExA

• 0x41c594 RegQueryInfoKeyA

• 0x41c598 RegOpenKeyExA

• 0x41c59c RegEnumKeyExA

• 0x41c5a0 RegCreateKeyExA

• 0x41c5a4 LookupPrivilegeValueA

• 0x41c5a8 GetUserNameA

Library shell32.dll:

• 0x41c5b0 ShellExecuteExA

• 0x41c5b4 ShellExecuteA

Library cabinet.dll:

• 0x41c5bc FDIDestroy

• 0x41c5c0 FDICopy

• 0x41c5c4 FDICreate

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
clients2.google.com	A 216.58.200.46 CNAME clients.l.google.com A 172.217.160.78	216.58.200.78
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	53237	114.114.114.114	53
192.168.56.101	53380	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	60123	114.114.114.114	53
192.168.56.101	63429	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49713	224.0.0.252	5355
192.168.56.101	50568	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57236	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	58367	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	62318	224.0.0.252	5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.