SmartHawk

1.8

低危

该样本未表现出任何异常！

0bb163ed553ca42768a768108476407c5bb76be7db1939109ce4263b11c5ba70

679aa0633e04fc9880714f2c30dc63f1.exe

分析耗时

80s

最近分析

文件大小

121.0KB

静态报毒动态报毒

未检测暂无鹰眼引擎检测结果

未检测暂无反病毒引擎检测结果

Checks if process is being debugged by a debugger (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620976732.5405 IsDebuggerPresent		failed	0	0

This executable has a PDB path (1 个事件)

pdb_path

C:\Users\the\Downloads\SP\Redir\Release\Redir.pdb

Communicates with host for which no DNS query was performed (3 个事件)

host	172.217.24.14
host	52.85.56.163
host	54.192.147.126

Generates some ICMP traffic

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2019-04-10 23:35:22

Imports

Library KERNEL32.dll:

• 0x416000 GetEnvironmentVariableA

• 0x416004 CreateFileA

• 0x416008 SetFilePointer

• 0x41600c WriteFile

• 0x416010 CloseHandle

• 0x416014 GlobalAlloc

• 0x416018 GlobalLock

• 0x41601c GlobalUnlock

• 0x416020 GlobalFree

• 0x416024 Sleep

• 0x416028 CreateThread

• 0x41602c CreateFileW

• 0x416030 DecodePointer

• 0x416034 GetConsoleMode

• 0x416038 GetConsoleCP

• 0x41603c FlushFileBuffers

• 0x416040 HeapReAlloc

• 0x416044 HeapSize

• 0x416048 SetFilePointerEx

• 0x41604c GetProcessHeap

• 0x416050 GetStringTypeW

• 0x416054 SetStdHandle

• 0x416058 SetEnvironmentVariableW

• 0x41605c FreeEnvironmentStringsW

• 0x416060 GetEnvironmentStringsW

• 0x416064 GetCommandLineW

• 0x416068 GetCommandLineA

• 0x41606c GetCPInfo

• 0x416070 GetOEMCP

• 0x416074 GetACP

• 0x416078 IsValidCodePage

• 0x41607c FindNextFileW

• 0x416080 FindFirstFileExW

• 0x416084 FindClose

• 0x416088 WideCharToMultiByte

• 0x41608c MultiByteToWideChar

• 0x416090 GetFileType

• 0x416094 HeapAlloc

• 0x416098 HeapFree

• 0x41609c GetTimeZoneInformation

• 0x4160a0 LCMapStringW

• 0x4160a4 CompareStringW

• 0x4160a8 GetTimeFormatW

• 0x4160ac GetDateFormatW

• 0x4160b0 UnhandledExceptionFilter

• 0x4160b4 SetUnhandledExceptionFilter

• 0x4160b8 GetCurrentProcess

• 0x4160bc TerminateProcess

• 0x4160c0 IsProcessorFeaturePresent

• 0x4160c4 QueryPerformanceCounter

• 0x4160c8 GetCurrentProcessId

• 0x4160cc GetCurrentThreadId

• 0x4160d0 GetSystemTimeAsFileTime

• 0x4160d4 InitializeSListHead

• 0x4160d8 IsDebuggerPresent

• 0x4160dc GetStartupInfoW

• 0x4160e0 GetModuleHandleW

• 0x4160e4 RaiseException

• 0x4160e8 RtlUnwind

• 0x4160ec GetLastError

• 0x4160f0 SetLastError

• 0x4160f4 EnterCriticalSection

• 0x4160f8 LeaveCriticalSection

• 0x4160fc DeleteCriticalSection

• 0x416100 InitializeCriticalSectionAndSpinCount

• 0x416104 TlsAlloc

• 0x416108 TlsGetValue

• 0x41610c TlsSetValue

• 0x416110 TlsFree

• 0x416114 FreeLibrary

• 0x416118 GetProcAddress

• 0x41611c LoadLibraryExW

• 0x416120 GetStdHandle

• 0x416124 GetModuleFileNameW

• 0x416128 ExitProcess

• 0x41612c GetModuleHandleExW

• 0x416130 WriteConsoleW

Library USER32.dll:

• 0x416140 GetMessageA

• 0x416144 TranslateAcceleratorA

• 0x416148 TranslateMessage

• 0x41614c LoadStringW

• 0x416150 LoadIconA

• 0x416154 LoadCursorA

• 0x416158 RegisterClassExW

• 0x41615c CreateWindowExW

• 0x416160 LoadAcceleratorsA

• 0x416164 DispatchMessageA

• 0x416168 SetTimer

• 0x41616c KillTimer

• 0x416170 GetDesktopWindow

• 0x416174 SendInput

• 0x416178 SetClipboardData

• 0x41617c CloseClipboard

• 0x416180 EmptyClipboard

• 0x416184 OpenClipboard

• 0x416188 GetWindowTextA

• 0x41618c GetForegroundWindow

• 0x416190 PostQuitMessage

• 0x416194 EndPaint

• 0x416198 BeginPaint

• 0x41619c DefWindowProcA

• 0x4161a0 DestroyWindow

• 0x4161a4 UpdateWindow

• 0x4161a8 ShowWindow

Library SHELL32.dll:

• 0x416138 ShellExecuteA

Library urlmon.dll:

• 0x4161d8 URLDownloadToFileA

Library WS2_32.dll:

• 0x4161b0 WSACleanup

• 0x4161b4 recv

• 0x4161b8 WSAStartup

• 0x4161bc getaddrinfo

• 0x4161c0 socket

• 0x4161c4 connect

• 0x4161c8 closesocket

• 0x4161cc freeaddrinfo

• 0x4161d0 send

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
russk1.icu
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com

TCP

Source	Source Port	Destination	Destination Port
54.192.147.126	443	192.168.56.101	49194

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49713	114.114.114.114	53
192.168.56.101	50002	114.114.114.114	53
192.168.56.101	53237	114.114.114.114	53
192.168.56.101	57756	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	62318	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	49238	239.255.255.250	1900
192.168.56.101	49714	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.