4.4
中危

3b0b55014d4e000f4666a454075c155cb268dd8e25a8cc89fee9f1d8e4d58f13

5df5990318894933cf68678f1e028f80.exe

分析耗时

104s

最近分析

文件大小

2.0MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
行为判定
动态指标
Foreign language identified in PE resource (9 个事件)
name RT_MENU language LANG_CHINESE offset 0x0020c5d0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000036
name RT_MENU language LANG_CHINESE offset 0x0020c5d0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000036
name RT_MENU language LANG_CHINESE offset 0x0020c5d0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000036
name RT_MENU language LANG_CHINESE offset 0x0020c5d0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000036
name RT_MENU language LANG_CHINESE offset 0x0020c5d0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000036
name RT_MENU language LANG_CHINESE offset 0x0020c5d0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000036
name RT_MENU language LANG_CHINESE offset 0x0020c5d0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000036
name RT_MENU language LANG_CHINESE offset 0x0020c5d0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000036
name RT_MENU language LANG_CHINESE offset 0x0020c5d0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000036
The binary likely contains encrypted or compressed data indicative of a packer (3 个事件)
entropy 7.98030225818421 section {'size_of_data': '0x000f6000', 'virtual_address': '0x00001000', 'entropy': 7.98030225818421, 'name': ' \\x00 ', 'virtual_size': '0x00209000'} description A section with a high entropy has been found
entropy 7.907160799888821 section {'size_of_data': '0x000fd000', 'virtual_address': '0x00396000', 'entropy': 7.907160799888821, 'name': 'ipsvfnxo', 'virtual_size': '0x000fd000'} description A section with a high entropy has been found
entropy 0.9822834645669292 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Generates some ICMP traffic
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (8 个事件)
dead_host 192.168.56.101:49194
dead_host 74.86.17.48:443
dead_host 172.217.24.14:443
dead_host 103.42.176.244:443
dead_host 192.168.56.101:49208
dead_host 154.83.15.45:443
dead_host 192.168.56.101:49186
dead_host 192.168.56.101:49183
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2015-09-12 08:44:28

Imports

Library kernel32.dll:
0x61a033 lstrcpy
Library comctl32.dll:
0x61a03b InitCommonControls

Exports

Ordinal Address Name
1 0x40df60 _EXECryptor_GetHardwareID@0
2 0x40df40 _EXECryptor_IsAppProtected@0

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49183 172.217.161.174 clients2.google.com 443
192.168.56.101 49186 172.217.161.174 clients2.google.com 443
192.168.56.101 49194 172.217.161.174 clients2.google.com 443
192.168.56.101 49199 172.217.161.174 clients2.google.com 443
192.168.56.101 49208 172.217.161.174 clients2.google.com 443
192.168.56.101 49218 172.217.161.174 clients2.google.com 443
192.168.56.101 49184 31.13.83.4 s3-ap-southeast-1.amazonaws.com 443
192.168.56.101 49190 31.13.83.4 s3-ap-southeast-1.amazonaws.com 443
192.168.56.101 49189 52.217.64.222 s3.amazonaws.com 443
192.168.56.101 49213 52.217.64.222 s3.amazonaws.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 62913 103.43.164.244 53
192.168.56.101 60222 110.167.212.58 53
192.168.56.101 60222 112.14.182.120 53
192.168.56.101 62913 112.8.141.133 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 62913 123.129.212.212 53
192.168.56.101 62913 124.128.162.102 53
192.168.56.101 60222 175.43.126.202 53
192.168.56.101 60222 183.234.8.90 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 62913 202.120.47.22 53
192.168.56.101 62913 222.36.125.223 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.