4.6
中危
该样本未表现出任何异常!
重新分析
更多

bc243e58e5a3b9dd3531e88f249796817f1f500935c7466f4d632f7809419843

69464713270631d525074e4f3cd649a1.exe

分析耗时

96s

最近分析

文件大小

810.5KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619610705.8435
__exception__
stacktrace: 
0x54

registers.esp: 57080860
registers.edi: 0
registers.eax: 0
registers.ebp: 57080888
registers.edx: 0
registers.ebx: 0
registers.esi: 57080904
registers.ecx: 0
exception.instruction_r: 8b 40 3c 99 03 04 24 13 54 24 04 83 c4 08 89 44
exception.instruction: mov eax, dword ptr [eax + 0x3c]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x3358c7b
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619610653.9215
NtAllocateVirtualMemory
process_identifier: 1888
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005f0000
success 0 0
Downloads a file or document from Google Drive (1 个事件)
domain drive.google.com
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619610682.1405
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619610684.7025
RegSetValueExA
key_handle: 0x000003b4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619610684.7025
RegSetValueExA
key_handle: 0x000003b4
value: nfQ<×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619610684.7025
RegSetValueExA
key_handle: 0x000003b4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619610684.7025
RegSetValueExW
key_handle: 0x000003b4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619610684.7025
RegSetValueExA
key_handle: 0x000003cc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619610684.7025
RegSetValueExA
key_handle: 0x000003cc
value: nfQ<×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619610684.7025
RegSetValueExA
key_handle: 0x000003cc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619610684.7495
RegSetValueExW
key_handle: 0x000003b0
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.24.14:443
dead_host 74.86.142.55:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x482178 VirtualFree
0x48217c VirtualAlloc
0x482180 LocalFree
0x482184 LocalAlloc
0x482188 GetVersion
0x48218c GetCurrentThreadId
0x482198 VirtualQuery
0x48219c WideCharToMultiByte
0x4821a0 MultiByteToWideChar
0x4821a4 lstrlenA
0x4821a8 lstrcpynA
0x4821ac LoadLibraryExA
0x4821b0 GetThreadLocale
0x4821b4 GetStartupInfoA
0x4821b8 GetProcAddress
0x4821bc GetModuleHandleA
0x4821c0 GetModuleFileNameA
0x4821c4 GetLocaleInfoA
0x4821c8 GetCommandLineA
0x4821cc FreeLibrary
0x4821d0 FindFirstFileA
0x4821d4 FindClose
0x4821d8 ExitProcess
0x4821dc WriteFile
0x4821e4 RtlUnwind
0x4821e8 RaiseException
0x4821ec GetStdHandle
Library user32.dll:
0x4821f4 GetKeyboardType
0x4821f8 LoadStringA
0x4821fc MessageBoxA
0x482200 CharNextA
Library advapi32.dll:
0x482208 RegQueryValueExA
0x48220c RegOpenKeyExA
0x482210 RegCloseKey
Library oleaut32.dll:
0x482218 SysFreeString
0x48221c SysReAllocStringLen
0x482220 SysAllocStringLen
Library kernel32.dll:
0x482228 TlsSetValue
0x48222c TlsGetValue
0x482230 LocalAlloc
0x482234 GetModuleHandleA
Library advapi32.dll:
0x48223c RegQueryValueExA
0x482240 RegOpenKeyExA
0x482244 RegCloseKey
Library kernel32.dll:
0x48224c lstrcpyA
0x482250 WriteFile
0x482254 WaitForSingleObject
0x482258 VirtualQuery
0x48225c VirtualProtect
0x482260 VirtualAlloc
0x482264 Sleep
0x482268 SizeofResource
0x48226c SetThreadLocale
0x482270 SetFilePointer
0x482274 SetEvent
0x482278 SetErrorMode
0x48227c SetEndOfFile
0x482280 ResetEvent
0x482284 ReadFile
0x482288 MultiByteToWideChar
0x48228c MulDiv
0x482290 LockResource
0x482294 LoadResource
0x482298 LoadLibraryA
0x4822a4 GlobalUnlock
0x4822a8 GlobalReAlloc
0x4822ac GlobalHandle
0x4822b0 GlobalLock
0x4822b4 GlobalFree
0x4822b8 GlobalFindAtomA
0x4822bc GlobalDeleteAtom
0x4822c0 GlobalAlloc
0x4822c4 GlobalAddAtomA
0x4822c8 GetVersionExA
0x4822cc GetVersion
0x4822d0 GetTickCount
0x4822d4 GetThreadLocale
0x4822d8 GetSystemInfo
0x4822dc GetStringTypeExA
0x4822e0 GetStdHandle
0x4822e4 GetProcAddress
0x4822e8 GetModuleHandleA
0x4822ec GetModuleFileNameA
0x4822f0 GetLocaleInfoA
0x4822f4 GetLocalTime
0x4822f8 GetLastError
0x4822fc GetFullPathNameA
0x482300 GetDiskFreeSpaceA
0x482304 GetDateFormatA
0x482308 GetCurrentThreadId
0x48230c GetCurrentProcessId
0x482310 GetComputerNameA
0x482314 GetCPInfo
0x482318 GetACP
0x48231c FreeResource
0x482320 InterlockedExchange
0x482324 FreeLibrary
0x482328 FormatMessageA
0x48232c FindResourceA
0x482330 EnumCalendarInfoA
0x48233c CreateThread
0x482340 CreateFileA
0x482344 CreateEventA
0x482348 CompareStringA
0x48234c CloseHandle
Library version.dll:
0x482354 VerQueryValueA
0x48235c GetFileVersionInfoA
Library gdi32.dll:
0x482364 UnrealizeObject
0x482368 StretchBlt
0x48236c SetWindowOrgEx
0x482370 SetWinMetaFileBits
0x482374 SetViewportOrgEx
0x482378 SetTextColor
0x48237c SetStretchBltMode
0x482380 SetROP2
0x482384 SetPixel
0x482388 SetEnhMetaFileBits
0x48238c SetDIBColorTable
0x482390 SetBrushOrgEx
0x482394 SetBkMode
0x482398 SetBkColor
0x48239c SelectPalette
0x4823a0 SelectObject
0x4823a4 SaveDC
0x4823a8 RestoreDC
0x4823ac Rectangle
0x4823b0 RectVisible
0x4823b4 RealizePalette
0x4823b8 PlayEnhMetaFile
0x4823bc PatBlt
0x4823c0 MoveToEx
0x4823c4 MaskBlt
0x4823c8 LineTo
0x4823cc IntersectClipRect
0x4823d0 GetWindowOrgEx
0x4823d4 GetWinMetaFileBits
0x4823d8 GetTextMetricsA
0x4823e4 GetStockObject
0x4823e8 GetPixel
0x4823ec GetPaletteEntries
0x4823f0 GetObjectA
0x4823fc GetEnhMetaFileBits
0x482400 GetDeviceCaps
0x482404 GetDIBits
0x482408 GetDIBColorTable
0x48240c GetDCOrgEx
0x482414 GetClipBox
0x482418 GetBrushOrgEx
0x48241c GetBitmapBits
0x482420 GdiFlush
0x482424 ExcludeClipRect
0x482428 DeleteObject
0x48242c DeleteEnhMetaFile
0x482430 DeleteDC
0x482434 CreateSolidBrush
0x482438 CreatePenIndirect
0x48243c CreatePalette
0x482444 CreateFontIndirectA
0x482448 CreateDIBitmap
0x48244c CreateDIBSection
0x482450 CreateCompatibleDC
0x482458 CreateBrushIndirect
0x48245c CreateBitmap
0x482460 CopyEnhMetaFileA
0x482464 BitBlt
Library user32.dll:
0x48246c CreateWindowExA
0x482470 WindowFromPoint
0x482474 WinHelpA
0x482478 WaitMessage
0x48247c UpdateWindow
0x482480 UnregisterClassA
0x482484 UnhookWindowsHookEx
0x482488 TranslateMessage
0x482490 TrackPopupMenu
0x482498 ShowWindow
0x48249c ShowScrollBar
0x4824a0 ShowOwnedPopups
0x4824a4 ShowCursor
0x4824a8 SetWindowsHookExA
0x4824ac SetWindowPos
0x4824b0 SetWindowPlacement
0x4824b4 SetWindowLongA
0x4824b8 SetTimer
0x4824bc SetScrollRange
0x4824c0 SetScrollPos
0x4824c4 SetScrollInfo
0x4824c8 SetRect
0x4824cc SetPropA
0x4824d0 SetParent
0x4824d4 SetMenuItemInfoA
0x4824d8 SetMenu
0x4824dc SetForegroundWindow
0x4824e0 SetFocus
0x4824e4 SetCursor
0x4824e8 SetClassLongA
0x4824ec SetCapture
0x4824f0 SetActiveWindow
0x4824f4 SendMessageA
0x4824f8 ScrollWindow
0x4824fc ScreenToClient
0x482500 RemovePropA
0x482504 RemoveMenu
0x482508 ReleaseDC
0x48250c ReleaseCapture
0x482518 RegisterClassA
0x48251c RedrawWindow
0x482520 PtInRect
0x482524 PostQuitMessage
0x482528 PostMessageA
0x48252c PeekMessageA
0x482530 OffsetRect
0x482534 OemToCharA
0x482538 MessageBoxA
0x48253c MapWindowPoints
0x482540 MapVirtualKeyA
0x482544 LoadStringA
0x482548 LoadKeyboardLayoutA
0x48254c LoadIconA
0x482550 LoadCursorA
0x482554 LoadBitmapA
0x482558 KillTimer
0x48255c IsZoomed
0x482560 IsWindowVisible
0x482564 IsWindowEnabled
0x482568 IsWindow
0x48256c IsRectEmpty
0x482570 IsIconic
0x482574 IsDialogMessageA
0x482578 IsChild
0x48257c InvalidateRect
0x482580 IntersectRect
0x482584 InsertMenuItemA
0x482588 InsertMenuA
0x48258c InflateRect
0x482594 GetWindowTextA
0x482598 GetWindowRect
0x48259c GetWindowPlacement
0x4825a0 GetWindowLongA
0x4825a4 GetWindowDC
0x4825a8 GetTopWindow
0x4825ac GetSystemMetrics
0x4825b0 GetSystemMenu
0x4825b4 GetSysColorBrush
0x4825b8 GetSysColor
0x4825bc GetSubMenu
0x4825c0 GetScrollRange
0x4825c4 GetScrollPos
0x4825c8 GetScrollInfo
0x4825cc GetPropA
0x4825d0 GetParent
0x4825d4 GetWindow
0x4825d8 GetMenuStringA
0x4825dc GetMenuState
0x4825e0 GetMenuItemInfoA
0x4825e4 GetMenuItemID
0x4825e8 GetMenuItemCount
0x4825ec GetMenu
0x4825f0 GetLastActivePopup
0x4825f4 GetKeyboardState
0x4825fc GetKeyboardLayout
0x482600 GetKeyState
0x482604 GetKeyNameTextA
0x482608 GetIconInfo
0x48260c GetForegroundWindow
0x482610 GetFocus
0x482614 GetDesktopWindow
0x482618 GetDCEx
0x48261c GetDC
0x482620 GetCursorPos
0x482624 GetCursor
0x482628 GetClipboardData
0x48262c GetClientRect
0x482630 GetClassNameA
0x482634 GetClassInfoA
0x482638 GetCapture
0x48263c GetActiveWindow
0x482640 FrameRect
0x482644 FindWindowA
0x482648 FillRect
0x48264c EqualRect
0x482650 EnumWindows
0x482654 EnumThreadWindows
0x482658 EndPaint
0x48265c EnableWindow
0x482660 EnableScrollBar
0x482664 EnableMenuItem
0x482668 DrawTextA
0x48266c DrawMenuBar
0x482670 DrawIconEx
0x482674 DrawIcon
0x482678 DrawFrameControl
0x48267c DrawEdge
0x482680 DispatchMessageA
0x482684 DestroyWindow
0x482688 DestroyMenu
0x48268c DestroyIcon
0x482690 DestroyCursor
0x482694 DeleteMenu
0x482698 DefWindowProcA
0x48269c DefMDIChildProcA
0x4826a0 DefFrameProcA
0x4826a4 CreatePopupMenu
0x4826a8 CreateMenu
0x4826ac CreateIcon
0x4826b0 ClientToScreen
0x4826b4 CheckMenuItem
0x4826b8 CallWindowProcA
0x4826bc CallNextHookEx
0x4826c0 BeginPaint
0x4826c4 CharNextA
0x4826c8 CharLowerBuffA
0x4826cc CharLowerA
0x4826d0 CharUpperBuffA
0x4826d4 CharToOemA
0x4826d8 AdjustWindowRectEx
Library kernel32.dll:
0x4826e4 Sleep
Library oleaut32.dll:
0x4826ec SafeArrayPtrOfIndex
0x4826f0 SafeArrayPutElement
0x4826f4 SafeArrayGetElement
0x4826fc SafeArrayAccessData
0x482700 SafeArrayGetUBound
0x482704 SafeArrayGetLBound
0x482708 SafeArrayCreate
0x48270c VariantChangeType
0x482710 VariantCopyInd
0x482714 VariantCopy
0x482718 VariantClear
0x48271c VariantInit
Library ole32.dll:
0x482724 CoTaskMemFree
0x482728 ProgIDFromCLSID
0x48272c StringFromCLSID
0x482730 CoCreateInstance
0x482734 CoUninitialize
0x482738 CoInitialize
0x48273c IsEqualGUID
Library oleaut32.dll:
0x482744 GetErrorInfo
0x482748 GetActiveObject
0x48274c SysFreeString
Library comctl32.dll:
0x48275c ImageList_Write
0x482760 ImageList_Read
0x482770 ImageList_DragMove
0x482774 ImageList_DragLeave
0x482778 ImageList_DragEnter
0x48277c ImageList_EndDrag
0x482780 ImageList_BeginDrag
0x482784 ImageList_Remove
0x482788 ImageList_DrawEx
0x48278c ImageList_Draw
0x48279c ImageList_Add
0x4827a8 ImageList_Destroy
0x4827ac ImageList_Create
Library url.dll:
0x4827b4 InetIsOffline
Library advapi32.dll:
0x4827bc QueryServiceStatus
0x4827c0 OpenServiceA
0x4827c4 OpenSCManagerA
0x4827c8 CloseServiceHandle

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.