SmartHawk

1.6

低危

该样本未表现出任何异常！

e59a05c89cc6dc7bcf7982478d33a761caef79c9e4343b4e7b7b846ab1c8847f

697be3d35167f8e52ed09a3bbbf7ee6c.exe

分析耗时

34s

最近分析

文件大小

2.2MB

静态报毒动态报毒

未检测暂无鹰眼引擎检测结果

未检测暂无反病毒引擎检测结果

This executable is signed

This executable has a PDB path (1 个事件)

pdb_path

AcroRd32Exe.pdb

The file contains an unknown PE resource name possibly indicative of a packer (3 个事件)

resource name	PNG
resource name	TYPELIB
resource name	None

Foreign language identified in PE resource (4 个事件)

name

TYPELIB

language

LANG_ENGLISH

offset

0x0018f8a0

filetype

data

sublanguage

SUBLANG_ARABIC_QATAR

size

0x000004d4

name

RT_BITMAP

language

LANG_ENGLISH

offset

0x0018f570

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_ARABIC_QATAR

size

0x0000032a

name

RT_BITMAP

language

LANG_ENGLISH

offset

0x0018f570

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_ARABIC_QATAR

size

0x0000032a

name

RT_BITMAP

language

LANG_ENGLISH

offset

0x0018f570

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_ARABIC_QATAR

size

0x0000032a

Communicates with host for which no DNS query was performed (3 个事件)

host	172.217.24.14
host	203.208.40.98
host	203.208.41.65

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2018-06-29 22:06:08

Imports

Library KERNEL32.dll:

• 0x52d138 LockResource

• 0x52d13c SetErrorMode

• 0x52d140 QueryPerformanceCounter

• 0x52d144 HeapSetInformation

• 0x52d148 ReleaseSemaphore

• 0x52d14c GetSystemTimeAsFileTime

• 0x52d150 CreateSemaphoreW

• 0x52d154 AddAtomW

• 0x52d158 GlobalAlloc

• 0x52d15c GlobalLock

• 0x52d160 GlobalUnlock

• 0x52d164 GlobalFree

• 0x52d168 MulDiv

• 0x52d16c OpenProcess

• 0x52d170 lstrcmpW

• 0x52d174 lstrcmpA

• 0x52d178 GetSystemDirectoryW

• 0x52d17c GetFileAttributesW

• 0x52d180 FindFirstFileW

• 0x52d184 FindClose

• 0x52d188 GetCurrentDirectoryW

• 0x52d18c MultiByteToWideChar

• 0x52d190 QueryInformationJobObject

• 0x52d194 SetDllDirectoryW

• 0x52d198 FindResourceW

• 0x52d19c LoadLibraryW

• 0x52d1a0 LoadLibraryA

• 0x52d1a4 lstrcmpiW

• 0x52d1a8 SizeofResource

• 0x52d1ac LoadResource

• 0x52d1b0 LoadLibraryExW

• 0x52d1b4 GetModuleHandleA

• 0x52d1b8 GetModuleFileNameW

• 0x52d1bc FreeLibrary

• 0x52d1c0 IsProcessInJob

• 0x52d1c4 ProcessIdToSessionId

• 0x52d1c8 GetExitCodeProcess

• 0x52d1cc InitializeCriticalSectionEx

• 0x52d1d0 GetProcessHeap

• 0x52d1d4 HeapSize

• 0x52d1d8 HeapFree

• 0x52d1dc HeapReAlloc

• 0x52d1e0 HeapAlloc

• 0x52d1e4 HeapDestroy

• 0x52d1e8 RaiseException

• 0x52d1ec DecodePointer

• 0x52d1f0 OutputDebugStringA

• 0x52d1f4 GetLongPathNameW

• 0x52d1f8 SetCurrentDirectoryW

• 0x52d1fc GetCommandLineW

• 0x52d200 GetTickCount

• 0x52d204 Sleep

• 0x52d208 OpenMutexW

• 0x52d20c GetVolumeInformationW

• 0x52d210 GetModuleHandleW

• 0x52d214 CreateThread

• 0x52d218 CreateEventW

• 0x52d21c InterlockedPushEntrySList

• 0x52d220 InterlockedPopEntrySList

• 0x52d224 InitializeSListHead

• 0x52d228 SetEnvironmentVariableA

• 0x52d22c SetEndOfFile

• 0x52d230 ReadConsoleW

• 0x52d234 OutputDebugStringW

• 0x52d238 GetTimeZoneInformation

• 0x52d23c WriteConsoleW

• 0x52d240 SetFilePointerEx

• 0x52d244 SetStdHandle

• 0x52d248 GetStdHandle

• 0x52d24c GetOEMCP

• 0x52d250 GetACP

• 0x52d254 IsValidCodePage

• 0x52d258 ExitProcess

• 0x52d25c EnumSystemLocalesW

• 0x52d260 GetUserDefaultLCID

• 0x52d264 IsValidLocale

• 0x52d268 LCMapStringW

• 0x52d26c CompareStringW

• 0x52d270 CreateMutexW

• 0x52d274 WaitForSingleObject

• 0x52d278 ResetEvent

• 0x52d27c SetEvent

• 0x52d280 DeleteCriticalSection

• 0x52d284 LeaveCriticalSection

• 0x52d288 EnterCriticalSection

• 0x52d28c InitializeCriticalSection

• 0x52d290 WaitNamedPipeW

• 0x52d294 CreateNamedPipeW

• 0x52d298 TransactNamedPipe

• 0x52d29c SetNamedPipeHandleState

• 0x52d2a0 DisconnectNamedPipe

• 0x52d2a4 ConnectNamedPipe

• 0x52d2a8 SetLastError

• 0x52d2ac WriteFile

• 0x52d2b0 ReadFile

• 0x52d2b4 GetFileType

• 0x52d2b8 CreateFileW

• 0x52d2bc GetStartupInfoW

• 0x52d2c0 lstrlenW

• 0x52d2c4 GetCurrentProcessId

• 0x52d2c8 GetCurrentProcess

• 0x52d2cc GetTempPathW

• 0x52d2d0 CreateDirectoryW

• 0x52d2d4 FreeEnvironmentStringsW

• 0x52d2d8 GetEnvironmentStringsW

• 0x52d2dc VerifyVersionInfoW

• 0x52d2e0 LocalFree

• 0x52d2e4 LocalAlloc

• 0x52d2e8 GetLastError

• 0x52d2ec CloseHandle

• 0x52d2f0 VerSetConditionMask

• 0x52d2f4 GetProcAddress

• 0x52d2f8 FindResourceExW

• 0x52d2fc TlsFree

• 0x52d300 TlsSetValue

• 0x52d304 TlsGetValue

• 0x52d308 TlsAlloc

• 0x52d30c SetUnhandledExceptionFilter

• 0x52d310 UnhandledExceptionFilter

• 0x52d314 GetCPInfo

• 0x52d318 VirtualAlloc

• 0x52d31c GetSystemInfo

• 0x52d320 GetFileAttributesExW

• 0x52d324 GetFullPathNameW

• 0x52d328 GetConsoleMode

• 0x52d32c GetConsoleCP

• 0x52d330 IsProcessorFeaturePresent

• 0x52d334 IsDebuggerPresent

• 0x52d338 RtlUnwind

• 0x52d33c EncodePointer

• 0x52d340 GetStringTypeW

• 0x52d344 QueryFullProcessImageNameW

• 0x52d348 GlobalHandle

• 0x52d34c FlushInstructionCache

• 0x52d350 FindNextFileW

• 0x52d354 LoadLibraryExA

• 0x52d358 DeleteFileW

• 0x52d35c SetFilePointer

• 0x52d360 ReleaseMutex

• 0x52d364 DuplicateHandle

• 0x52d368 TerminateProcess

• 0x52d36c ResumeThread

• 0x52d370 CreateProcessW

• 0x52d374 GetProcessId

• 0x52d378 AssignProcessToJobObject

• 0x52d37c SetInformationJobObject

• 0x52d380 ExpandEnvironmentStringsW

• 0x52d384 GetVersionExW

• 0x52d388 GetNativeSystemInfo

• 0x52d38c WideCharToMultiByte

• 0x52d390 GetCPInfoExW

• 0x52d394 InitializeCriticalSectionAndSpinCount

• 0x52d398 GetCurrentThreadId

• 0x52d39c GetLocaleInfoW

• 0x52d3a0 GetEnvironmentVariableW

• 0x52d3a4 FlushFileBuffers

• 0x52d3a8 GetDriveTypeW

• 0x52d3ac GetFileInformationByHandle

• 0x52d3b0 GetFileSize

• 0x52d3b4 GetVolumeInformationByHandleW

• 0x52d3b8 QueryDosDeviceW

• 0x52d3bc GetVolumeNameForVolumeMountPointW

• 0x52d3c0 GetVolumePathNamesForVolumeNameW

• 0x52d3c4 DeviceIoControl

• 0x52d3c8 GetCurrentThread

• 0x52d3cc TerminateThread

• 0x52d3d0 VirtualProtect

• 0x52d3d4 VirtualProtectEx

• 0x52d3d8 WriteProcessMemory

• 0x52d3dc CreateFileMappingW

• 0x52d3e0 MapViewOfFile

• 0x52d3e4 UnmapViewOfFile

• 0x52d3e8 GetProfileStringW

• 0x52d3ec CreateToolhelp32Snapshot

• 0x52d3f0 Process32FirstW

• 0x52d3f4 Process32NextW

• 0x52d3f8 CreateIoCompletionPort

• 0x52d3fc GetQueuedCompletionStatus

• 0x52d400 PostQueuedCompletionStatus

• 0x52d404 TerminateJobObject

• 0x52d408 VirtualAllocEx

• 0x52d40c VirtualQueryEx

• 0x52d410 VirtualQuery

• 0x52d414 DebugBreak

• 0x52d418 CreateJobObjectW

• 0x52d41c UnregisterWaitEx

• 0x52d420 RegisterWaitForSingleObject

• 0x52d424 GetThreadContext

• 0x52d428 VirtualFree

• 0x52d42c SignalObjectAndWait

• 0x52d430 VirtualFreeEx

• 0x52d434 SearchPathW

• 0x52d438 ReadProcessMemory

• 0x52d43c SuspendThread

• 0x52d440 WaitForMultipleObjects

• 0x52d444 ExitThread

• 0x52d448 GetTempFileNameW

• 0x52d44c GetProcessTimes

• 0x52d450 GetExitCodeThread

• 0x52d454 MoveFileExW

• 0x52d458 SetEnvironmentVariableW

• 0x52d45c CreateDirectoryExW

• 0x52d460 GlobalSize

• 0x52d464 GetModuleHandleExW

Library USER32.dll:

• 0x52d4c8 ReleaseDC

• 0x52d4cc GetDC

• 0x52d4d0 MsgWaitForMultipleObjects

• 0x52d4d4 RegisterClipboardFormatW

• 0x52d4d8 PeekMessageW

• 0x52d4dc DispatchMessageW

• 0x52d4e0 TranslateMessage

• 0x52d4e4 DdeDisconnect

• 0x52d4e8 DdeConnect

• 0x52d4ec DdeAddData

• 0x52d4f0 DdeCreateDataHandle

• 0x52d4f4 DdeGetData

• 0x52d4f8 EnumThreadWindows

• 0x52d4fc IsWindowVisible

• 0x52d500 DdeFreeStringHandle

• 0x52d504 DdeCreateStringHandleW

• 0x52d508 DdeNameService

• 0x52d50c DdeUninitialize

• 0x52d510 DdeInitializeW

• 0x52d514 FindWindowA

• 0x52d518 SetWindowLongW

• 0x52d51c ShowWindow

• 0x52d520 SystemParametersInfoW

• 0x52d524 AllowSetForegroundWindow

• 0x52d528 PostThreadMessageW

• 0x52d52c IsWindowEnabled

• 0x52d530 GetThreadDesktop

• 0x52d534 CloseWindowStation

• 0x52d538 GetActiveWindow

• 0x52d53c SetTimer

• 0x52d540 GetFocus

• 0x52d544 RegisterClassW

• 0x52d548 SetDlgItemTextW

• 0x52d54c GetAsyncKeyState

• 0x52d550 EnableWindow

• 0x52d554 SetActiveWindow

• 0x52d558 SetWindowTextW

• 0x52d55c GetWindowTextLengthW

• 0x52d560 GetParent

• 0x52d564 EnumChildWindows

• 0x52d568 FindWindowExW

• 0x52d56c SetWindowsHookExW

• 0x52d570 UnhookWindowsHookEx

• 0x52d574 CreateIconFromResourceEx

• 0x52d578 MonitorFromWindow

• 0x52d57c GetMonitorInfoW

• 0x52d580 GetWindowInfo

• 0x52d584 GetAncestor

• 0x52d588 GetRawInputDeviceInfoW

• 0x52d58c GetRawInputDeviceList

• 0x52d590 SendDlgItemMessageW

• 0x52d594 LoadIconW

• 0x52d598 LoadCursorW

• 0x52d59c OpenClipboard

• 0x52d5a0 CloseClipboard

• 0x52d5a4 GetClipboardSequenceNumber

• 0x52d5a8 GetClipboardOwner

• 0x52d5ac GetClipboardViewer

• 0x52d5b0 SetClipboardData

• 0x52d5b4 CountClipboardFormats

• 0x52d5b8 EnumClipboardFormats

• 0x52d5bc GetClipboardFormatNameA

• 0x52d5c0 GetClipboardFormatNameW

• 0x52d5c4 EmptyClipboard

• 0x52d5c8 IsClipboardFormatAvailable

• 0x52d5cc GetPriorityClipboardFormat

• 0x52d5d0 GetOpenClipboardWindow

• 0x52d5d4 CloseWindow

• 0x52d5d8 DdeClientTransaction

• 0x52d5dc GetMessageW

• 0x52d5e0 PostQuitMessage

• 0x52d5e4 GetWindowDC

• 0x52d5e8 BeginPaint

• 0x52d5ec EndPaint

• 0x52d5f0 SetFocus

• 0x52d5f4 CallWindowProcW

• 0x52d5f8 GetClassInfoExW

• 0x52d5fc IsChild

• 0x52d600 MoveWindow

• 0x52d604 CreateDialogIndirectParamW

• 0x52d608 SetCapture

• 0x52d60c ReleaseCapture

• 0x52d610 CreateAcceleratorTableW

• 0x52d614 DestroyAcceleratorTable

• 0x52d618 InvalidateRect

• 0x52d61c InvalidateRgn

• 0x52d620 RedrawWindow

• 0x52d624 GetClientRect

• 0x52d628 SetWindowContextHelpId

• 0x52d62c SetCursor

• 0x52d630 ClientToScreen

• 0x52d634 ScreenToClient

• 0x52d638 MapWindowPoints

• 0x52d63c GetSysColor

• 0x52d640 FillRect

• 0x52d644 LoadBitmapW

• 0x52d648 IsDialogMessageW

• 0x52d64c MapDialogRect

• 0x52d650 UpdateWindow

• 0x52d654 SetRect

• 0x52d658 IsRectEmpty

• 0x52d65c SendNotifyMessageW

• 0x52d660 RegisterWindowMessageA

• 0x52d664 CloseDesktop

• 0x52d668 SetThreadDesktop

• 0x52d66c OpenInputDesktop

• 0x52d670 MessageBoxW

• 0x52d674 DestroyWindow

• 0x52d678 CreateWindowExW

• 0x52d67c RegisterClassExW

• 0x52d680 DefWindowProcW

• 0x52d684 PostMessageW

• 0x52d688 RegisterWindowMessageW

• 0x52d68c UserHandleGrantAccess

• 0x52d690 GetWindow

• 0x52d694 EnumWindows

• 0x52d698 SetParent

• 0x52d69c GetWindowLongW

• 0x52d6a0 IsWindow

• 0x52d6a4 GetClassNameW

• 0x52d6a8 FindWindowW

• 0x52d6ac GetDesktopWindow

• 0x52d6b0 GetWindowRect

• 0x52d6b4 GetWindowTextW

• 0x52d6b8 SetForegroundWindow

• 0x52d6bc GetSystemMetrics

• 0x52d6c0 BringWindowToTop

• 0x52d6c4 SetWindowPos

• 0x52d6c8 EnumDesktopWindows

• 0x52d6cc GetGUIThreadInfo

• 0x52d6d0 GetWindowThreadProcessId

• 0x52d6d4 GetPropW

• 0x52d6d8 SetPropW

• 0x52d6dc GetForegroundWindow

• 0x52d6e0 CharNextW

• 0x52d6e4 GetDlgItem

• 0x52d6e8 EndDialog

• 0x52d6ec DialogBoxParamW

• 0x52d6f0 UnregisterClassW

• 0x52d6f4 SendMessageW

• 0x52d6f8 GetUserObjectInformationW

• 0x52d6fc GetProcessWindowStation

• 0x52d700 SetProcessWindowStation

• 0x52d704 CreateWindowStationW

• 0x52d708 CreateDesktopW

• 0x52d70c GetClipboardData

Library ADVAPI32.dll:

• 0x52d000 CryptGenKey

• 0x52d004 RegOpenKeyExA

• 0x52d008 RegQueryValueExA

• 0x52d00c EqualSid

• 0x52d010 AllocateAndInitializeSid

• 0x52d014 RegSetValueExW

• 0x52d018 RegQueryInfoKeyW

• 0x52d01c RegEnumKeyExW

• 0x52d020 RegDeleteValueW

• 0x52d024 RegDeleteKeyW

• 0x52d028 RegCreateKeyExW

• 0x52d02c RegCreateKeyW

• 0x52d030 ReportEventW

• 0x52d034 RegisterEventSourceW

• 0x52d038 CloseEventLog

• 0x52d03c ConvertSidToStringSidW

• 0x52d040 ConvertStringSecurityDescriptorToSecurityDescriptorW

• 0x52d044 ConvertStringSidToSidW

• 0x52d048 SetSecurityInfo

• 0x52d04c GetSecurityInfo

• 0x52d050 SetEntriesInAclW

• 0x52d054 SetTokenInformation

• 0x52d058 GetLengthSid

• 0x52d05c FreeSid

• 0x52d060 DuplicateTokenEx

• 0x52d064 CreateWellKnownSid

• 0x52d068 CopySid

• 0x52d06c GetTokenInformation

• 0x52d070 GetSidSubAuthorityCount

• 0x52d074 GetSidSubAuthority

• 0x52d078 OpenProcessToken

• 0x52d07c RegQueryValueExW

• 0x52d080 RegOpenKeyExW

• 0x52d084 RegCloseKey

• 0x52d088 CreateProcessAsUserW

• 0x52d08c OpenThreadToken

• 0x52d090 AccessCheck

• 0x52d094 InitializeAcl

• 0x52d098 InitializeSecurityDescriptor

• 0x52d09c MapGenericMask

• 0x52d0a0 SetSecurityDescriptorDacl

• 0x52d0a4 GetNamedSecurityInfoW

• 0x52d0a8 SetThreadToken

• 0x52d0ac GetAce

• 0x52d0b0 GetKernelObjectSecurity

• 0x52d0b4 GetSecurityDescriptorSacl

• 0x52d0b8 SetKernelObjectSecurity

• 0x52d0bc AddAce

• 0x52d0c0 GetAclInformation

• 0x52d0c4 RevertToSelf

• 0x52d0c8 RegDisablePredefinedCache

• 0x52d0cc CreateRestrictedToken

• 0x52d0d0 DuplicateToken

• 0x52d0d4 LookupPrivilegeValueW

• 0x52d0d8 CheckTokenMembership

• 0x52d0dc SaferiIsExecutableFileType

• 0x52d0e0 CryptAcquireContextA

• 0x52d0e4 CryptAcquireContextW

• 0x52d0e8 CryptReleaseContext

• 0x52d0ec CryptDestroyKey

• 0x52d0f0 CryptSetKeyParam

• 0x52d0f4 CryptSetHashParam

• 0x52d0f8 CryptGetHashParam

• 0x52d0fc CryptSetProvParam

• 0x52d100 CryptGetProvParam

• 0x52d104 CryptGenRandom

• 0x52d108 CryptGetUserKey

• 0x52d10c CryptImportKey

• 0x52d110 CryptDecrypt

• 0x52d114 CryptCreateHash

• 0x52d118 CryptHashData

• 0x52d11c CryptDestroyHash

• 0x52d120 CryptSignHashA

• 0x52d124 CryptSignHashW

• 0x52d128 CryptContextAddRef

• 0x52d12c ImpersonateAnonymousToken

• 0x52d130 GetUserNameW

Library SHLWAPI.dll:

• 0x52d46c UrlUnescapeW

• 0x52d470

• 0x52d474 PathIsUNCServerShareW

• 0x52d478 PathAddBackslashW

• 0x52d47c UrlCanonicalizeW

• 0x52d480 PathCreateFromUrlW

• 0x52d484 PathIsUNCW

• 0x52d488 PathFindFileNameW

• 0x52d48c PathFindExtensionW

• 0x52d490 AssocQueryStringW

• 0x52d494 UrlGetPartW

• 0x52d498 PathIsDirectoryW

• 0x52d49c PathIsRelativeW

• 0x52d4a0 PathCombineW

• 0x52d4a4 SHDeleteKeyW

• 0x52d4a8 PathRemoveFileSpecW

• 0x52d4ac PathFileExistsW

• 0x52d4b0 PathAppendW

• 0x52d4b4 PathRemoveBackslashW

• 0x52d4b8 PathCanonicalizeW

• 0x52d4bc UrlIsW

• 0x52d4c0 PathIsURLW

Exports

Ordinal	Address	Name
1	0x469f80	AcroRd32IsBrokerProcess
2	0x469f90	GetWinstaDesktopInfoForRdrCEF

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50002	114.114.114.114	53
192.168.56.101	51378	114.114.114.114	53
192.168.56.101	57756	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	62318	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	53237	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50003	239.255.255.250	3702
192.168.56.101	51966	239.255.255.250	1900
192.168.56.101	58368	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.