3.0
中危
该样本未表现出任何异常!
重新分析
更多

ac046bcd872b8d0ed97bed5dd4ac0318891248cdef925c655154d4bee0aaef6f

65df98844205ff957f278e353e95e549.exe

分析耗时

23s

最近分析

文件大小

2.1MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
This executable has a PDB path (1 个事件)
pdb_path D:\XiaZaiQi\ProjectCopy\Mixed\pdbmap\WanNeng\Install.pdb
行为判定
动态指标
Foreign language identified in PE resource (6 个事件)
name RT_ICON language LANG_CHINESE offset 0x0020fb38 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000008a8
name RT_ICON language LANG_CHINESE offset 0x0020fb38 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000008a8
name RT_ICON language LANG_CHINESE offset 0x0020fb38 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000008a8
name RT_ICON language LANG_CHINESE offset 0x0020fb38 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000008a8
name RT_GROUP_ICON language LANG_CHINESE offset 0x002103e0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000003e
name RT_VERSION language LANG_CHINESE offset 0x00210420 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000001d4
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.85036061053393 section {'size_of_data': '0x001a3e00', 'virtual_address': '0x00069000', 'entropy': 7.85036061053393, 'name': '.data', 'virtual_size': '0x001a4908'} description A section with a high entropy has been found
entropy 0.7965378230969884 description Overall entropy of this PE file is high
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-03-27 10:49:06

Imports

Library KERNEL32.dll:
0x45a008 GetTickCount
0x45a00c GetCurrentProcess
0x45a010 DecodePointer
0x45a014 SetEndOfFile
0x45a01c WriteConsoleW
0x45a020 HeapSize
0x45a024 GetFullPathNameW
0x45a02c FlushFileBuffers
0x45a030 GetConsoleCP
0x45a034 ReadConsoleW
0x45a038 GetConsoleMode
0x45a03c HeapReAlloc
0x45a040 GetProcessHeap
0x45a044 GetStringTypeW
0x45a048 SetStdHandle
0x45a058 GetCommandLineW
0x45a05c GetCommandLineA
0x45a060 GetCPInfo
0x45a064 GetOEMCP
0x45a068 IsValidCodePage
0x45a06c FindNextFileW
0x45a070 FindFirstFileExW
0x45a074 CloseHandle
0x45a084 SetEvent
0x45a088 ResetEvent
0x45a090 CreateEventW
0x45a094 GetModuleHandleW
0x45a098 GetProcAddress
0x45a0a4 TerminateProcess
0x45a0ac IsDebuggerPresent
0x45a0b0 GetStartupInfoW
0x45a0b8 GetCurrentProcessId
0x45a0bc GetCurrentThreadId
0x45a0c4 InitializeSListHead
0x45a0c8 GetLastError
0x45a0cc SetLastError
0x45a0d4 SleepEx
0x45a0d8 FreeLibrary
0x45a0dc LoadLibraryA
0x45a0e0 GetSystemDirectoryA
0x45a0e4 FormatMessageW
0x45a0e8 WaitForSingleObject
0x45a0ec Sleep
0x45a0f4 GetFileType
0x45a0f8 GetStdHandle
0x45a0fc ReadFile
0x45a100 PeekNamedPipe
0x45a104 LoadLibraryW
0x45a10c GetSystemInfo
0x45a110 GetVersionExW
0x45a114 RaiseException
0x45a118 RtlUnwind
0x45a120 TlsAlloc
0x45a124 TlsGetValue
0x45a128 TlsSetValue
0x45a12c TlsFree
0x45a130 LoadLibraryExW
0x45a134 GetModuleFileNameW
0x45a138 EncodePointer
0x45a13c WriteFile
0x45a140 MultiByteToWideChar
0x45a144 WideCharToMultiByte
0x45a148 ExitProcess
0x45a14c GetModuleHandleExW
0x45a150 GetACP
0x45a154 CreateThread
0x45a158 ExitThread
0x45a160 SetFilePointerEx
0x45a164 CreateFileW
0x45a168 GetDriveTypeW
0x45a174 HeapFree
0x45a178 HeapAlloc
0x45a17c CompareStringW
0x45a180 LCMapStringW
0x45a184 FindClose
0x45a188 VirtualAllocEx
Library WS2_32.dll:
0x45a190 gethostname
0x45a194 ioctlsocket
0x45a198 listen
0x45a19c accept
0x45a1a0 sendto
0x45a1a4 recvfrom
0x45a1a8 select
0x45a1ac __WSAFDIsSet
0x45a1b0 getservbyname
0x45a1b4 getservbyport
0x45a1b8 gethostbyname
0x45a1bc gethostbyaddr
0x45a1c0 inet_ntoa
0x45a1c4 inet_addr
0x45a1c8 htonl
0x45a1cc WSASetLastError
0x45a1d0 setsockopt
0x45a1d4 ntohs
0x45a1d8 htons
0x45a1dc getsockopt
0x45a1e0 getsockname
0x45a1e4 getpeername
0x45a1e8 connect
0x45a1ec bind
0x45a1f0 send
0x45a1f4 recv
0x45a1f8 WSAGetLastError
0x45a1fc socket
0x45a200 closesocket
0x45a204 WSACleanup
0x45a208 WSAStartup
Library ADVAPI32.dll:
0x45a000 SystemFunction036

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56809 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62319 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.