3.8
中危
1 个模型检测该样本为恶意!
重新分析
更多

88807f0746705cf03ec08b18d8757948b2de06267a5436550229415fb09fcd57

5f7e6ae22ffdf3873e6e1a8f03d51c40.exe

分析耗时

85s

最近分析

文件大小

867.2KB
静态报毒 动态报毒 BBRZ
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20201028 6.0.6.653
CrowdStrike 20190702 1.0
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20201028 18.4.3895.0
Kingsoft 20201028 2013.8.14.323
Tencent 20201028 1.0.0.1
行为判定
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-18 01:10:48

Imports

Library KERNEL32.dll:
0x6f09c IsDebuggerPresent
0x6f0a0 FormatMessageA
0x6f0a4 FreeLibrary
0x6f0a8 UnmapViewOfFile
0x6f0ac DecodePointer
0x6f0b0 HeapSize
0x6f0b8 SetFilePointerEx
0x6f0bc ReadConsoleW
0x6f0c0 GetConsoleMode
0x6f0c4 GetConsoleCP
0x6f0c8 FlushFileBuffers
0x6f0e0 GetCPInfo
0x6f0e4 GetOEMCP
0x6f0e8 IsValidCodePage
0x6f0ec FindNextFileA
0x6f0f0 FindFirstFileExA
0x6f0f4 GetStringTypeW
0x6f0f8 MapViewOfFileEx
0x6f0fc LCMapStringW
0x6f100 CompareStringW
0x6f104 GetTimeFormatW
0x6f108 GetDateFormatW
0x6f110 SetStdHandle
0x6f114 WriteConsoleW
0x6f118 GetFileType
0x6f11c GetACP
0x6f120 GetStdHandle
0x6f12c RaiseException
0x6f130 SetLastError
0x6f134 OpenFileMappingW
0x6f138 GetVersionExA
0x6f13c SetThreadPriority
0x6f140 ExitProcess
0x6f148 SetErrorMode
0x6f14c GetLastError
0x6f150 CloseHandle
0x6f154 LoadLibraryW
0x6f158 LoadLibraryA
0x6f15c LoadLibraryExW
0x6f160 EncodePointer
0x6f164 RtlUnwind
0x6f168 LoadLibraryExA
0x6f16c GetProcAddress
0x6f170 GetModuleHandleExW
0x6f174 GetModuleHandleExA
0x6f178 GetModuleHandleW
0x6f17c GetModuleHandleA
0x6f180 GetModuleFileNameW
0x6f184 GetModuleFileNameA
0x6f188 VirtualQuery
0x6f18c CreateEventA
0x6f190 ResetEvent
0x6f194 SetEvent
0x6f198 AllocConsole
0x6f19c SetConsoleTitleA
0x6f1a0 VirtualFree
0x6f1a4 VirtualProtect
0x6f1a8 VirtualAlloc
0x6f1b0 ExitThread
0x6f1b4 GetCurrentThread
0x6f1b8 FreeConsole
0x6f1bc OutputDebugStringW
0x6f1c0 OpenMutexA
0x6f1cc GetComputerNameExA
0x6f1d4 Process32Next
0x6f1d8 Process32First
0x6f1dc VerifyVersionInfoW
0x6f1e4 GetProcessId
0x6f1e8 GetCurrentProcess
0x6f1ec Sleep
0x6f1f4 GetPriorityClass
0x6f1f8 SetPriorityClass
0x6f1fc CreateProcessW
0x6f208 GetStartupInfoW
0x6f210 GetCurrentThreadId
0x6f21c TerminateProcess
0x6f22c OpenThread
0x6f230 GetThreadPriority
0x6f234 SuspendThread
0x6f238 ResumeThread
0x6f23c GetThreadContext
0x6f240 GetSystemInfo
0x6f248 ReleaseMutex
0x6f250 CreateMutexA
0x6f254 HeapCreate
0x6f258 HeapDestroy
0x6f25c HeapAlloc
0x6f260 HeapReAlloc
0x6f264 GetCommandLineA
0x6f274 CreateFileA
0x6f278 GetFileSize
0x6f27c LockFile
0x6f280 ReadFile
0x6f284 SetFilePointer
0x6f288 UnlockFile
0x6f28c WriteFile
0x6f290 GetTempPathA
0x6f294 HeapFree
0x6f298 GetProcessHeap
0x6f29c CreateProcessA
0x6f2a0 ReadProcessMemory
0x6f2a4 GlobalAlloc
0x6f2a8 GlobalLock
0x6f2ac GlobalUnlock
0x6f2b0 GetComputerNameA
0x6f2b8 Thread32First
0x6f2bc Thread32Next
0x6f2c8 CreateDirectoryW
0x6f2cc CreateFileW
0x6f2d0 DeleteFileW
0x6f2d4 FindClose
0x6f2d8 FindFirstFileW
0x6f2dc FindNextFileW
0x6f2e0 GetFileAttributesW
0x6f2e4 GetFileTime
0x6f2e8 GetFullPathNameW
0x6f2ec GetFullPathNameA
0x6f2f0 RemoveDirectoryW
0x6f2f4 SetEndOfFile
0x6f2f8 SetFileAttributesW
0x6f2fc SetFileTime
0x6f300 GetTempPathW
0x6f304 QueryDosDeviceA
0x6f308 CopyFileW
0x6f30c MoveFileW
0x6f320 OpenProcess
0x6f328 DuplicateHandle
0x6f338 SwitchToThread
0x6f33c CreateThread
0x6f340 TerminateThread
0x6f344 GetExitCodeThread
0x6f348 TlsAlloc
0x6f34c TlsGetValue
0x6f350 TlsSetValue
0x6f354 TlsFree
0x6f358 GetThreadTimes
0x6f364 LocalAlloc
0x6f368 LocalFree
0x6f370 GetCommandLineW
0x6f378 CreatePipe
0x6f37c GetExitCodeProcess
Library USER32.dll:
0x6f3b0 TranslateMessage
0x6f3b4 PeekMessageW
0x6f3b8 PostQuitMessage
0x6f3bc GetSystemMetrics
0x6f3c0 MessageBoxA
0x6f3c4 MessageBoxW
0x6f3c8 PostMessageA
0x6f3cc FindWindowA
0x6f3d0 GetDC
0x6f3d4 GetMessageW
0x6f3d8 DispatchMessageW
0x6f3e8 GetRawInputData
0x6f3ec LoadIconA
0x6f3f0 LoadCursorA
0x6f3f8 SetParent
0x6f3fc SetWindowLongA
0x6f400 GetWindowLongA
0x6f404 ClientToScreen
0x6f408 GetCursor
0x6f40c GetClipCursor
0x6f410 ClipCursor
0x6f414 GetCursorPos
0x6f418 SetCursor
0x6f41c SetCursorPos
0x6f420 GetWindowRect
0x6f424 GetClientRect
0x6f428 SetWindowTextA
0x6f42c InvalidateRect
0x6f430 GetUpdateRect
0x6f434 EndPaint
0x6f438 BeginPaint
0x6f448 KillTimer
0x6f44c SetTimer
0x6f450 ReleaseCapture
0x6f454 SetCapture
0x6f458 keybd_event
0x6f45c GetKeyboardState
0x6f460 GetKeyState
0x6f464 SetWindowPos
0x6f468 ShowWindow
0x6f46c CreateWindowExW
0x6f470 GetClassInfoExW
0x6f474 RegisterClassExW
0x6f478 DefWindowProcW
0x6f47c PostMessageW
0x6f480 GetMessageA
0x6f484 DispatchMessageA
0x6f488 PeekMessageA
0x6f48c wsprintfA
0x6f490 OpenClipboard
0x6f494 CloseClipboard
0x6f498 SetClipboardData
0x6f49c EmptyClipboard
Library GDI32.dll:
0x6f024 Polyline
0x6f028 SetStretchBltMode
0x6f02c StretchBlt
0x6f030 GetDIBits
0x6f034 CreateCompatibleDC
0x6f03c CreateFontA
0x6f040 CreateSolidBrush
0x6f044 DeleteObject
0x6f048 GetObjectA
0x6f04c TextOutA
0x6f050 ExtCreatePen
0x6f054 SetTextColor
0x6f058 SetBkColor
0x6f05c SelectObject
0x6f060 Rectangle
Library SHELL32.dll:
0x6f3a4 ShellExecuteExW
Library IMM32.dll:
0x6f068 ImmCreateContext
0x6f06c ImmDestroyContext
0x6f070 ImmGetContext
0x6f074 ImmReleaseContext
Library WINMM.dll:
0x6f4a4 timeEndPeriod
0x6f4a8 timeBeginPeriod
Library WINTRUST.dll:
0x6f4b0 WinVerifyTrust
Library CRYPT32.dll:
0x6f00c CryptQueryObject
0x6f010 CertGetNameStringA
0x6f018 CertCloseStore
0x6f01c CryptMsgGetParam
Library globals.dll:
Library PSAPI.DLL:
0x6f390 GetModuleBaseNameA
0x6f398 EnumProcessModules
Library IPHLPAPI.DLL:
0x6f08c IcmpCreateFile
0x6f090 IcmpCloseHandle
0x6f094 IcmpSendEcho2
Library NETAPI32.dll:
0x6f384 NetApiBufferFree
0x6f388 NetWkstaGetInfo
Library ole32.dll:
0x6f56c CoTaskMemFree
Library ADVAPI32.dll:
0x6f000 RegOpenKeyExA
0x6f004 RegQueryValueExA
Library WS2_32.dll:
0x6f4b8 freeaddrinfo
0x6f4bc getaddrinfo
0x6f4c0 WSAIoctl
0x6f4c4 WSAGetLastError
0x6f4c8 WSACleanup
0x6f4cc WSAStartup
0x6f4d0 gethostname
0x6f4d4 gethostbyname
0x6f4d8 socket
0x6f4dc __WSAFDIsSet
0x6f4e0 accept
0x6f4e4 bind
0x6f4e8 closesocket
0x6f4ec connect
0x6f4f0 ioctlsocket
0x6f4f4 getpeername
0x6f4f8 getsockname
0x6f4fc getsockopt
0x6f500 htons
0x6f504 inet_addr
0x6f508 inet_ntoa
0x6f50c listen
0x6f510 ntohl
0x6f514 ntohs
0x6f518 recv
0x6f51c recvfrom
0x6f520 select
0x6f524 send
0x6f528 sendto
0x6f52c setsockopt
0x6f530 shutdown

Exports

Ordinal Address Name
1 0x81000 AmdPowerXpressRequestHighPerformance
4 0x14250 GetHngExeInitialPrintBuffer
5 0x15430 NotifyDataCorruption
2 0x81004 NvOptimusEnablement
3 0x9d514

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.