SmartHawk

1.4

低危

4 个模型检测该样本为恶意！

重新分析

下载样本

0bb3581a04b79251581c9ba795083b12abd8d11584ab6aa2fd755f53977057c9

5e6a6588b67694f3cb9791708e9c1fff.exe

分析耗时

84s

查杀引擎	查杀时间	查杀版本
McAfee	20191113	6.0.6.653
Alibaba	20190527	0.3.0.5
Baidu	20190318	1.0.0.2
Avast	20191113	18.4.3895.0
Tencent	20191113	1.0.0.1
Kingsoft	20191113	2013.8.14.323
CrowdStrike	20190702	1.0

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2018-12-28 18:04:04

Imports

Library gdiplus.dll:

• 0x43e2b8 GdipMeasureString

• 0x43e2bc GdipDrawImageRectRectI

• 0x43e2c0 GdipCloneBrush

• 0x43e2c4 GdipDeletePen

• 0x43e2c8 GdipFree

• 0x43e2cc GdipDrawRectangleI

• 0x43e2d0 GdipSetStringFormatLineAlign

• 0x43e2d4 GdiplusStartup

• 0x43e2d8 GdiplusShutdown

• 0x43e2dc GdipCloneImage

• 0x43e2e0 GdipDisposeImage

• 0x43e2e4 GdipCreateBitmapFromStream

• 0x43e2e8 GdipDeleteBrush

• 0x43e2ec GdipDeleteStringFormat

• 0x43e2f0 GdipCreatePen1

• 0x43e2f4 GdipCreateStringFormat

• 0x43e2f8 GdipDrawLineI

• 0x43e2fc GdipFillRectangleI

• 0x43e300 GdipCreateFromHDC

• 0x43e304 GdipCreateFontFamilyFromName

• 0x43e308 GdipDrawString

• 0x43e30c GdipGetGenericFontFamilySansSerif

• 0x43e310 GdipCreateFont

• 0x43e314 GdipAlloc

• 0x43e318 GdipCreateSolidFill

• 0x43e31c GdipDeleteFontFamily

• 0x43e320 GdipSetStringFormatAlign

• 0x43e324 GdipDeleteGraphics

• 0x43e328 GdipDeleteFont

Library WININET.dll:

• 0x43e290 HttpSendRequestA

• 0x43e294 InternetOpenUrlW

• 0x43e298 InternetReadFile

• 0x43e29c HttpQueryInfoW

• 0x43e2a0 InternetOpenA

• 0x43e2a4 InternetOpenUrlA

• 0x43e2a8 InternetConnectA

• 0x43e2ac InternetCloseHandle

• 0x43e2b0 HttpOpenRequestA

Library SHLWAPI.dll:

• 0x43e208 PathQuoteSpacesW

• 0x43e20c PathRemoveFileSpecW

Library KERNEL32.dll:

• 0x43e03c GetTimeZoneInformation

• 0x43e040 HeapReAlloc

• 0x43e044 IsValidLocale

• 0x43e048 EnumSystemLocalesA

• 0x43e04c GetLocaleInfoA

• 0x43e050 GetUserDefaultLCID

• 0x43e054 GetSystemTimeAsFileTime

• 0x43e058 GetCurrentProcessId

• 0x43e05c GetTickCount

• 0x43e060 GetFileType

• 0x43e064 InitializeCriticalSectionAndSpinCount

• 0x43e068 SetHandleCount

• 0x43e06c GetEnvironmentStringsW

• 0x43e070 FreeEnvironmentStringsW

• 0x43e074 GetModuleFileNameA

• 0x43e078 GetCurrentProcess

• 0x43e07c TerminateProcess

• 0x43e080 IsDebuggerPresent

• 0x43e084 SetUnhandledExceptionFilter

• 0x43e088 UnhandledExceptionFilter

• 0x43e08c HeapSize

• 0x43e090 GetCurrentThreadId

• 0x43e094 SetLastError

• 0x43e098 ExitProcess

• 0x43e09c GetProcAddress

• 0x43e0a0 GetLastError

• 0x43e0a4 CreateMutexA

• 0x43e0a8 CloseHandle

• 0x43e0ac GetModuleFileNameW

• 0x43e0b0 WideCharToMultiByte

• 0x43e0b4 WriteFile

• 0x43e0b8 Sleep

• 0x43e0bc CreateFileW

• 0x43e0c0 GetTempFileNameW

• 0x43e0c4 SetFilePointer

• 0x43e0c8 CreateProcessW

• 0x43e0cc WaitForSingleObject

• 0x43e0d0 ReadFile

• 0x43e0d4 DeleteFileW

• 0x43e0d8 CreateThread

• 0x43e0dc SetEvent

• 0x43e0e0 GetModuleHandleW

• 0x43e0e4 ResetEvent

• 0x43e0e8 CreateEventW

• 0x43e0ec FindResourceW

• 0x43e0f0 GlobalLock

• 0x43e0f4 GlobalAlloc

• 0x43e0f8 SizeofResource

• 0x43e0fc GlobalUnlock

• 0x43e100 GlobalFree

• 0x43e104 LockResource

• 0x43e108 QueryPerformanceCounter

• 0x43e10c QueryPerformanceFrequency

• 0x43e110 GetWindowsDirectoryW

• 0x43e114 GetVolumeInformationW

• 0x43e118 InterlockedDecrement

• 0x43e11c GetVersionExW

• 0x43e120 FindNextFileA

• 0x43e124 FindFirstFileA

• 0x43e128 FindNextFileW

• 0x43e12c FindFirstFileW

• 0x43e130 MoveFileExA

• 0x43e134 MoveFileExW

• 0x43e138 GetSystemWow64DirectoryA

• 0x43e13c MultiByteToWideChar

• 0x43e140 HeapCreate

• 0x43e144 TlsSetValue

• 0x43e148 IsProcessorFeaturePresent

• 0x43e14c CompareStringW

• 0x43e150 GetDateFormatA

• 0x43e154 GetTimeFormatA

• 0x43e158 LCMapStringW

• 0x43e15c RaiseException

• 0x43e160 RtlUnwind

• 0x43e164 DeleteFileA

• 0x43e168 GetStartupInfoW

• 0x43e16c HeapSetInformation

• 0x43e170 GetCommandLineA

• 0x43e174 GetCPInfo

• 0x43e178 HeapAlloc

• 0x43e17c HeapFree

• 0x43e180 GetLocaleInfoW

• 0x43e184 LeaveCriticalSection

• 0x43e188 EnterCriticalSection

• 0x43e18c DeleteCriticalSection

• 0x43e190 InitializeCriticalSection

• 0x43e194 DecodePointer

• 0x43e198 EncodePointer

• 0x43e19c GetStringTypeW

• 0x43e1a0 InterlockedExchange

• 0x43e1a4 InterlockedCompareExchange

• 0x43e1a8 InterlockedIncrement

• 0x43e1ac LoadLibraryW

• 0x43e1b0 GetConsoleCP

• 0x43e1b4 GetConsoleMode

• 0x43e1b8 TlsFree

• 0x43e1bc SetStdHandle

• 0x43e1c0 WriteConsoleW

• 0x43e1c4 FlushFileBuffers

• 0x43e1c8 SetEnvironmentVariableA

• 0x43e1cc LocalFree

• 0x43e1d0 TlsAlloc

• 0x43e1d4 TlsGetValue

• 0x43e1d8 IsValidCodePage

• 0x43e1dc GetOEMCP

• 0x43e1e0 LoadResource

• 0x43e1e4 GetStdHandle

• 0x43e1e8 GetACP

Library USER32.dll:

• 0x43e214 DispatchMessageW

• 0x43e218 EndPaint

• 0x43e21c DestroyWindow

• 0x43e220 SetCursor

• 0x43e224 SetTimer

• 0x43e228 ScreenToClient

• 0x43e22c GetWindowRect

• 0x43e230 PostQuitMessage

• 0x43e234 SetCapture

• 0x43e238 PostMessageW

• 0x43e23c TrackMouseEvent

• 0x43e240 LoadCursorW

• 0x43e244 TranslateMessage

• 0x43e248 GetDC

• 0x43e24c RegisterClassExW

• 0x43e250 LoadIconW

• 0x43e254 InvalidateRect

• 0x43e258 ReleaseDC

• 0x43e25c SetWindowPos

• 0x43e260 GetCursorPos

• 0x43e264 ShowWindow

• 0x43e268 CreateWindowExW

• 0x43e26c MessageBoxW

• 0x43e270 ReleaseCapture

• 0x43e274 GetSystemMetrics

• 0x43e278 UpdateWindow

• 0x43e27c MoveWindow

• 0x43e280 GetMessageW

• 0x43e284 BeginPaint

• 0x43e288 DefWindowProcW

Library GDI32.dll:

• 0x43e01c DeleteObject

• 0x43e020 CreateCompatibleBitmap

• 0x43e024 CreateSolidBrush

• 0x43e028 DeleteDC

• 0x43e02c CreateCompatibleDC

• 0x43e030 SelectObject

• 0x43e034 BitBlt

Library ADVAPI32.dll:

• 0x43e000 RegCreateKeyExA

• 0x43e004 RegSetValueExA

• 0x43e008 RegCloseKey

Library SHELL32.dll:

• 0x43e200 ShellExecuteW

Library ole32.dll:

• 0x43e330 CoUninitialize

• 0x43e334 CoInitializeEx

• 0x43e338 CreateStreamOnHGlobal

• 0x43e33c CoSetProxyBlanket

• 0x43e340 CoInitializeSecurity

• 0x43e344 CoCreateInstance

Library OLEAUT32.dll:

• 0x43e1f0 SysFreeString

• 0x43e1f4 VariantClear

• 0x43e1f8 SysAllocString

Library COMCTL32.dll:

• 0x43e010

• 0x43e014

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

Source	Source Port	Destination	Destination Port
54.192.147.121	443	192.168.56.101	49192

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49713	114.114.114.114	53
192.168.56.101	50002	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	62318	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57756	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	49238	239.255.255.250	1900
192.168.56.101	49714	239.255.255.250	3702
192.168.56.101	53658	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.

Comodo	Application.Win32.Syncopate.C@8f5pi2
McAfee-GW-Edition	BehavesLike.Win32.Downloader.jh
SentinelOne	DFI - Suspicious PE
Ikarus	PUA.Bundler.Agent

host	172.217.24.14
host	52.85.56.131
host	54.192.147.121