5.6
高危
该样本未表现出任何异常!
重新分析
更多

a7d93e9c9bb80f0f8a271ae4a101f305bac535e197697b35f291794fa83ef538

6826edaad0e4967f7ada880147c1b16e.exe

分析耗时

120s

最近分析

文件大小

798.0KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .itext
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619610718.563125
__exception__
stacktrace: 
0x33441aa
0x36bfe6c

registers.esp: 57408536
registers.edi: 0
registers.eax: 0
registers.ebp: 57408564
registers.edx: 0
registers.ebx: 0
registers.esi: 57408580
registers.ecx: 4294967294
exception.instruction_r: 8b 40 3c 99 03 04 24 13 54 24 04 83 c4 08 89 44
exception.instruction: mov eax, dword ptr [eax + 0x3c]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x3348e01
success 0 0
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:1884346216&cup2hreq=cac71b8fa985af7b33b7c9ae304d920a7ef7bde0734e76bedba95c9191e6b5f2
Performs some HTTP requests (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:1884346216&cup2hreq=cac71b8fa985af7b33b7c9ae304d920a7ef7bde0734e76bedba95c9191e6b5f2
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:1884346216&cup2hreq=cac71b8fa985af7b33b7c9ae304d920a7ef7bde0734e76bedba95c9191e6b5f2
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619610667.047125
NtAllocateVirtualMemory
process_identifier: 2404
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01f40000
success 0 0
Downloads a file or document from Google Drive (1 个事件)
domain drive.google.com
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619610694.938125
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619610697.500125
RegSetValueExA
key_handle: 0x000003b8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619610697.500125
RegSetValueExA
key_handle: 0x000003b8
value: WCu<×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619610697.500125
RegSetValueExA
key_handle: 0x000003b8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619610697.500125
RegSetValueExW
key_handle: 0x000003b8
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619610697.516125
RegSetValueExA
key_handle: 0x000003d0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619610697.516125
RegSetValueExA
key_handle: 0x000003d0
value: WCu<×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619610697.516125
RegSetValueExA
key_handle: 0x000003d0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619610697.547125
RegSetValueExW
key_handle: 0x000003b4
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.24.14:443
dead_host 31.13.90.33:443
dead_host 172.217.27.142:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library oleaut32.dll:
0x47f750 SysFreeString
0x47f754 SysReAllocStringLen
0x47f758 SysAllocStringLen
Library advapi32.dll:
0x47f760 RegQueryValueExA
0x47f764 RegOpenKeyExA
0x47f768 RegCloseKey
Library user32.dll:
0x47f770 GetKeyboardType
0x47f774 DestroyWindow
0x47f778 LoadStringA
0x47f77c MessageBoxA
0x47f780 CharNextA
Library kernel32.dll:
0x47f788 GetACP
0x47f78c Sleep
0x47f790 VirtualFree
0x47f794 VirtualAlloc
0x47f798 GetTickCount
0x47f7a0 GetCurrentThreadId
0x47f7ac VirtualQuery
0x47f7b0 WideCharToMultiByte
0x47f7b4 MultiByteToWideChar
0x47f7b8 lstrlenA
0x47f7bc lstrcpynA
0x47f7c0 LoadLibraryExA
0x47f7c4 GetThreadLocale
0x47f7c8 GetStartupInfoA
0x47f7cc GetProcAddress
0x47f7d0 GetModuleHandleA
0x47f7d4 GetModuleFileNameA
0x47f7d8 GetLocaleInfoA
0x47f7dc GetCommandLineA
0x47f7e0 FreeLibrary
0x47f7e4 FindFirstFileA
0x47f7e8 FindClose
0x47f7ec ExitProcess
0x47f7f0 CompareStringA
0x47f7f4 WriteFile
0x47f7fc RtlUnwind
0x47f800 RaiseException
0x47f804 GetStdHandle
Library kernel32.dll:
0x47f80c TlsSetValue
0x47f810 TlsGetValue
0x47f814 LocalAlloc
0x47f818 GetModuleHandleA
Library user32.dll:
0x47f820 CreateWindowExA
0x47f824 WindowFromPoint
0x47f828 WaitMessage
0x47f82c UpdateWindow
0x47f830 UnregisterClassA
0x47f834 UnhookWindowsHookEx
0x47f838 TranslateMessage
0x47f840 TrackPopupMenu
0x47f848 ShowWindow
0x47f84c ShowScrollBar
0x47f850 ShowOwnedPopups
0x47f854 SetWindowsHookExA
0x47f858 SetWindowTextA
0x47f85c SetWindowPos
0x47f860 SetWindowPlacement
0x47f864 SetWindowLongW
0x47f868 SetWindowLongA
0x47f86c SetTimer
0x47f870 SetScrollRange
0x47f874 SetScrollPos
0x47f878 SetScrollInfo
0x47f87c SetRect
0x47f880 SetPropA
0x47f884 SetParent
0x47f888 SetMenuItemInfoA
0x47f88c SetMenu
0x47f890 SetForegroundWindow
0x47f894 SetFocus
0x47f898 SetCursor
0x47f89c SetClassLongA
0x47f8a0 SetCapture
0x47f8a4 SetActiveWindow
0x47f8a8 SendMessageW
0x47f8ac SendMessageA
0x47f8b0 ScrollWindow
0x47f8b4 ScreenToClient
0x47f8b8 RemovePropA
0x47f8bc RemoveMenu
0x47f8c0 ReleaseDC
0x47f8c4 ReleaseCapture
0x47f8d0 RegisterClassA
0x47f8d4 RedrawWindow
0x47f8d8 PtInRect
0x47f8dc PostQuitMessage
0x47f8e0 PostMessageA
0x47f8e4 PeekMessageW
0x47f8e8 PeekMessageA
0x47f8ec OffsetRect
0x47f8f0 OemToCharA
0x47f8f4 MessageBoxA
0x47f8f8 MapWindowPoints
0x47f8fc MapVirtualKeyA
0x47f900 LoadStringA
0x47f904 LoadKeyboardLayoutA
0x47f908 LoadIconA
0x47f90c LoadCursorA
0x47f910 LoadBitmapA
0x47f914 KillTimer
0x47f918 IsZoomed
0x47f91c IsWindowVisible
0x47f920 IsWindowUnicode
0x47f924 IsWindowEnabled
0x47f928 IsWindow
0x47f92c IsRectEmpty
0x47f930 IsIconic
0x47f934 IsDialogMessageW
0x47f938 IsDialogMessageA
0x47f93c IsChild
0x47f940 InvalidateRect
0x47f944 IntersectRect
0x47f948 InsertMenuItemA
0x47f94c InsertMenuA
0x47f950 InflateRect
0x47f958 GetWindowTextA
0x47f95c GetWindowRect
0x47f960 GetWindowPlacement
0x47f964 GetWindowLongW
0x47f968 GetWindowLongA
0x47f96c GetWindowDC
0x47f970 GetTopWindow
0x47f974 GetSystemMetrics
0x47f978 GetSystemMenu
0x47f97c GetSysColorBrush
0x47f980 GetSysColor
0x47f984 GetSubMenu
0x47f988 GetScrollRange
0x47f98c GetScrollPos
0x47f990 GetScrollInfo
0x47f994 GetPropA
0x47f998 GetParent
0x47f99c GetWindow
0x47f9a0 GetMessagePos
0x47f9a4 GetMenuStringA
0x47f9a8 GetMenuState
0x47f9ac GetMenuItemInfoA
0x47f9b0 GetMenuItemID
0x47f9b4 GetMenuItemCount
0x47f9b8 GetMenu
0x47f9bc GetLastActivePopup
0x47f9c0 GetKeyboardState
0x47f9cc GetKeyboardLayout
0x47f9d0 GetKeyState
0x47f9d4 GetKeyNameTextA
0x47f9d8 GetIconInfo
0x47f9dc GetForegroundWindow
0x47f9e0 GetFocus
0x47f9e4 GetDesktopWindow
0x47f9e8 GetDCEx
0x47f9ec GetDC
0x47f9f0 GetCursorPos
0x47f9f4 GetCursor
0x47f9f8 GetClipboardData
0x47f9fc GetClientRect
0x47fa00 GetClassLongA
0x47fa04 GetClassInfoA
0x47fa08 GetCapture
0x47fa0c GetActiveWindow
0x47fa10 FrameRect
0x47fa14 FindWindowA
0x47fa18 FillRect
0x47fa1c EqualRect
0x47fa20 EnumWindows
0x47fa24 EnumThreadWindows
0x47fa28 EnumChildWindows
0x47fa2c EndPaint
0x47fa30 EnableWindow
0x47fa34 EnableScrollBar
0x47fa38 EnableMenuItem
0x47fa3c DrawTextA
0x47fa40 DrawMenuBar
0x47fa44 DrawIconEx
0x47fa48 DrawIcon
0x47fa4c DrawFrameControl
0x47fa50 DrawEdge
0x47fa54 DispatchMessageW
0x47fa58 DispatchMessageA
0x47fa5c DestroyWindow
0x47fa60 DestroyMenu
0x47fa64 DestroyIcon
0x47fa68 DestroyCursor
0x47fa6c DeleteMenu
0x47fa70 DefWindowProcA
0x47fa74 DefMDIChildProcA
0x47fa78 DefFrameProcA
0x47fa7c CreatePopupMenu
0x47fa80 CreateMenu
0x47fa84 CreateIcon
0x47fa88 ClientToScreen
0x47fa8c CheckMenuItem
0x47fa90 CallWindowProcA
0x47fa94 CallNextHookEx
0x47fa98 BeginPaint
0x47fa9c CharNextA
0x47faa0 CharLowerBuffA
0x47faa4 CharLowerA
0x47faa8 CharToOemA
0x47faac AdjustWindowRectEx
Library gdi32.dll:
0x47fab8 UnrealizeObject
0x47fabc StretchBlt
0x47fac0 SetWindowOrgEx
0x47fac4 SetWinMetaFileBits
0x47fac8 SetViewportOrgEx
0x47facc SetTextColor
0x47fad0 SetStretchBltMode
0x47fad4 SetROP2
0x47fad8 SetPixel
0x47fadc SetEnhMetaFileBits
0x47fae0 SetDIBColorTable
0x47fae4 SetBrushOrgEx
0x47fae8 SetBkMode
0x47faec SetBkColor
0x47faf0 SelectPalette
0x47faf4 SelectObject
0x47faf8 SaveDC
0x47fafc RestoreDC
0x47fb00 Rectangle
0x47fb04 RectVisible
0x47fb08 RealizePalette
0x47fb0c PlayEnhMetaFile
0x47fb10 PatBlt
0x47fb14 MoveToEx
0x47fb18 MaskBlt
0x47fb1c LineTo
0x47fb20 IntersectClipRect
0x47fb24 GetWindowOrgEx
0x47fb28 GetWinMetaFileBits
0x47fb2c GetTextMetricsA
0x47fb38 GetStockObject
0x47fb3c GetRgnBox
0x47fb40 GetPixel
0x47fb44 GetPaletteEntries
0x47fb48 GetObjectA
0x47fb54 GetEnhMetaFileBits
0x47fb58 GetDeviceCaps
0x47fb5c GetDIBits
0x47fb60 GetDIBColorTable
0x47fb64 GetDCOrgEx
0x47fb6c GetClipBox
0x47fb70 GetBrushOrgEx
0x47fb74 GetBitmapBits
0x47fb78 GdiFlush
0x47fb7c ExtTextOutA
0x47fb80 ExcludeClipRect
0x47fb84 DeleteObject
0x47fb88 DeleteEnhMetaFile
0x47fb8c DeleteDC
0x47fb90 CreateSolidBrush
0x47fb94 CreatePenIndirect
0x47fb98 CreatePalette
0x47fba0 CreateFontIndirectA
0x47fba4 CreateDIBitmap
0x47fba8 CreateDIBSection
0x47fbac CreateCompatibleDC
0x47fbb4 CreateBrushIndirect
0x47fbb8 CreateBitmap
0x47fbbc CopyEnhMetaFileA
0x47fbc0 BitBlt
Library version.dll:
0x47fbc8 VerQueryValueA
0x47fbd0 GetFileVersionInfoA
Library kernel32.dll:
0x47fbd8 lstrcpyA
0x47fbdc WriteFile
0x47fbe0 WaitForSingleObject
0x47fbe4 VirtualQuery
0x47fbe8 VirtualProtect
0x47fbec VirtualAlloc
0x47fbf0 SizeofResource
0x47fbf4 SetThreadLocale
0x47fbf8 SetFilePointer
0x47fbfc SetEvent
0x47fc00 SetErrorMode
0x47fc04 SetEndOfFile
0x47fc08 ResetEvent
0x47fc0c ReadFile
0x47fc10 MulDiv
0x47fc14 LockResource
0x47fc18 LoadResource
0x47fc1c LoadLibraryA
0x47fc28 GlobalFindAtomA
0x47fc2c GlobalDeleteAtom
0x47fc30 GlobalAddAtomA
0x47fc34 GetVersionExA
0x47fc38 GetVersion
0x47fc3c GetTickCount
0x47fc40 GetThreadLocale
0x47fc44 GetStdHandle
0x47fc48 GetProcAddress
0x47fc4c GetModuleHandleA
0x47fc50 GetModuleFileNameA
0x47fc54 GetLocaleInfoA
0x47fc58 GetLocalTime
0x47fc5c GetLastError
0x47fc60 GetFullPathNameA
0x47fc64 GetDiskFreeSpaceA
0x47fc68 GetDateFormatA
0x47fc6c GetCurrentThreadId
0x47fc70 GetCurrentProcessId
0x47fc74 GetCPInfo
0x47fc78 FreeResource
0x47fc7c InterlockedExchange
0x47fc80 FreeLibrary
0x47fc84 FormatMessageA
0x47fc88 FindResourceA
0x47fc8c EnumCalendarInfoA
0x47fc98 CreateThread
0x47fc9c CreateFileA
0x47fca0 CreateEventA
0x47fca4 CompareStringA
0x47fca8 CloseHandle
Library advapi32.dll:
0x47fcb0 RegQueryValueExA
0x47fcb4 RegOpenKeyExA
0x47fcb8 RegFlushKey
0x47fcbc RegCloseKey
Library kernel32.dll:
0x47fcc4 Sleep
Library oleaut32.dll:
0x47fccc SafeArrayPtrOfIndex
0x47fcd0 SafeArrayGetUBound
0x47fcd4 SafeArrayGetLBound
0x47fcd8 SafeArrayCreate
0x47fcdc VariantChangeType
0x47fce0 VariantCopy
0x47fce4 VariantClear
0x47fce8 VariantInit
Library comctl32.dll:
0x47fcf0 _TrackMouseEvent
0x47fcfc ImageList_Write
0x47fd00 ImageList_Read
0x47fd08 ImageList_DragMove
0x47fd0c ImageList_DragLeave
0x47fd10 ImageList_DragEnter
0x47fd14 ImageList_EndDrag
0x47fd18 ImageList_BeginDrag
0x47fd1c ImageList_Remove
0x47fd20 ImageList_DrawEx
0x47fd24 ImageList_Draw
0x47fd30 ImageList_Add
0x47fd38 ImageList_Destroy
0x47fd3c ImageList_Create
Library URL.DLL:
0x47fd44 InetIsOffline
Library advapi32.dll:
0x47fd4c QueryServiceStatus
0x47fd50 OpenServiceA
0x47fd54 OpenSCManagerA
0x47fd58 CloseServiceHandle

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49181 203.208.41.66 update.googleapis.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 60088 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 54991 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 58970 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.