SmartHawk

7.6

高危

该样本未表现出任何异常！

重新分析

下载样本

6e2cbc6512ffadca97e3562f2947114569f70b9620a69aa8662001b266e1b4ba

69ffab10cd1df0f914005491451b27fe.exe

分析耗时

86s

最近分析

文件大小

942.7KB

静态报毒动态报毒

未检测暂无鹰眼引擎检测结果

未检测暂无反病毒引擎检测结果

Checks if process is being debugged by a debugger (31 个事件)

Time & API	Arguments	Status	Return	Repeated
1619646391.583876 IsDebuggerPresent		failed	0	0
1619646392.927876 IsDebuggerPresent		failed	0	0
1619646394.943876 IsDebuggerPresent		failed	0	0
1619646396.958876 IsDebuggerPresent		failed	0	0
1619646398.974876 IsDebuggerPresent		failed	0	0
1619646400.990876 IsDebuggerPresent		failed	0	0
1619646403.005876 IsDebuggerPresent		failed	0	0
1619646405.021876 IsDebuggerPresent		failed	0	0
1619646407.037876 IsDebuggerPresent		failed	0	0
1619646409.052876 IsDebuggerPresent		failed	0	0
1619646411.068876 IsDebuggerPresent		failed	0	0
1619646413.083876 IsDebuggerPresent		failed	0	0
1619646415.099876 IsDebuggerPresent		failed	0	0
1619646417.115876 IsDebuggerPresent		failed	0	0
1619646419.130876 IsDebuggerPresent		failed	0	0
1619646421.146876 IsDebuggerPresent		failed	0	0
1619646423.162876 IsDebuggerPresent		failed	0	0
1619646425.177876 IsDebuggerPresent		failed	0	0
1619646427.193876 IsDebuggerPresent		failed	0	0
1619646429.208876 IsDebuggerPresent		failed	0	0
1619646431.224876 IsDebuggerPresent		failed	0	0
1619646433.240876 IsDebuggerPresent		failed	0	0
1619646435.255876 IsDebuggerPresent		failed	0	0
1619646437.271876 IsDebuggerPresent		failed	0	0
1619646439.287876 IsDebuggerPresent		failed	0	0
1619646441.302876 IsDebuggerPresent		failed	0	0
1619646443.318876 IsDebuggerPresent		failed	0	0
1619646445.333876 IsDebuggerPresent		failed	0	0
1619646447.349876 IsDebuggerPresent		failed	0	0
1619646449.365876 IsDebuggerPresent		failed	0	0
1619646451.380876 IsDebuggerPresent		failed	0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (5 个事件)

section	\x00
section	.idata
section
section	nhgxrnnn
section	zgwhklkc

One or more processes crashed (50 out of 119 个事件)

Time & API	Arguments	Status
1619646390.458876 __exception__	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5 registers.esp: 1638276 registers.edi: 0 registers.eax: 1 registers.ebp: 1638292 registers.edx: 6262784 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 exception.instruction_r: fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc exception.symbol: 69ffab10cd1df0f914005491451b27fe+0x12e0c9 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 1237193 exception.address: 0x52e0c9	success
1619646390.458876 __exception__	stacktrace: registers.esp: 1638244 registers.edi: 4445554 registers.eax: 25691 registers.ebp: 4117737492 registers.edx: 1910749778 registers.ebx: 0 registers.esi: 3 registers.ecx: 1983315968 exception.instruction_r: fb e9 d7 fe ff ff 81 c5 04 00 00 00 81 ed 04 00 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0x3ce6b exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 249451 exception.address: 0x43ce6b	success
1619646390.458876 __exception__	stacktrace: registers.esp: 1638244 registers.edi: 4445554 registers.eax: 26092 registers.ebp: 4117737492 registers.edx: 4472104 registers.ebx: 0 registers.esi: 3 registers.ecx: 1983315968 exception.instruction_r: fb 51 e9 5e ff ff ff 56 55 bd b4 03 6b 1e 89 ee exception.symbol: 69ffab10cd1df0f914005491451b27fe+0x3d840 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 251968 exception.address: 0x43d840	success
1619646390.474876 __exception__	stacktrace: registers.esp: 1638244 registers.edi: 4445554 registers.eax: 223465 registers.ebp: 4117737492 registers.edx: 4448476 registers.ebx: 0 registers.esi: 3 registers.ecx: 1983315968 exception.instruction_r: fb 83 ec 04 e9 42 fd ff ff 8b 04 24 81 c4 04 00 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0x3dd35 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 253237 exception.address: 0x43dd35	success
1619646390.474876 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4445554 registers.eax: 4708907 registers.ebp: 4117737492 registers.edx: 2130566132 registers.ebx: 31064538 registers.esi: 3 registers.ecx: 474 exception.instruction_r: fb 53 bb e3 50 b2 59 01 d8 5b 55 e9 c7 fc ff ff exception.symbol: 69ffab10cd1df0f914005491451b27fe+0x7e03d exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 516157 exception.address: 0x47e03d	success
1619646390.474876 __exception__	stacktrace: registers.esp: 1638244 registers.edi: 4445554 registers.eax: 4712227 registers.ebp: 4117737492 registers.edx: 2130566132 registers.ebx: 0 registers.esi: 3 registers.ecx: 432617 exception.instruction_r: fb 68 71 36 00 00 89 3c 24 68 cb 6f 2c 10 e9 00 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0x7dc84 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 515204 exception.address: 0x47dc84	success
1619646390.474876 __exception__	stacktrace: registers.esp: 1638244 registers.edi: 199913 registers.eax: 26616 registers.ebp: 4117737492 registers.edx: 4745815 registers.ebx: 4714675 registers.esi: 1164460653 registers.ecx: 4294943196 exception.instruction_r: fb e9 95 02 00 00 89 1c 24 54 5b 81 c3 04 00 00 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0x8058b exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 525707 exception.address: 0x48058b	success
1619646390.474876 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 3157514 registers.eax: 31313 registers.ebp: 4117737492 registers.edx: 4724160 registers.ebx: 4714675 registers.esi: 1164460653 registers.ecx: 0 exception.instruction_r: fb 57 bf 2b 2d ad 5a e9 c3 01 00 00 ba 00 00 00 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0x818fb exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 530683 exception.address: 0x4818fb	success
1619646390.474876 __exception__	stacktrace: registers.esp: 1638244 registers.edi: 3157514 registers.eax: 31313 registers.ebp: 4117737492 registers.edx: 4755473 registers.ebx: 4714675 registers.esi: 1164460653 registers.ecx: 0 exception.instruction_r: fb 52 50 68 cc 4b 03 0f 58 25 14 72 b5 1f 25 90 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0x81d97 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 531863 exception.address: 0x481d97	success
1619646390.490876 __exception__	stacktrace: registers.esp: 1638244 registers.edi: 3157514 registers.eax: 134889 registers.ebp: 4117737492 registers.edx: 4755473 registers.ebx: 4294939020 registers.esi: 1164460653 registers.ecx: 0 exception.instruction_r: fb e9 ab fb ff ff 89 e0 e9 b5 f8 ff ff 81 c4 04 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0x82118 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 532760 exception.address: 0x482118	success
1619646390.490876 __exception__	stacktrace: registers.esp: 1638236 registers.edi: 3157514 registers.eax: 1447909480 registers.ebp: 4117737492 registers.edx: 22104 registers.ebx: 1983254709 registers.esi: 4748130 registers.ecx: 20 exception.instruction_r: ed 64 8f 05 00 00 00 00 e9 ee 0f 00 00 52 ba 01 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0x8793f exception.instruction: in eax, dx exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 555327 exception.address: 0x48793f	success
1619646390.490876 __exception__	stacktrace: registers.esp: 1638236 registers.edi: 3157514 registers.eax: 1 registers.ebp: 4117737492 registers.edx: 22104 registers.ebx: 0 registers.esi: 4748130 registers.ecx: 20 exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: 69ffab10cd1df0f914005491451b27fe+0x8b189 exception.address: 0x48b189 exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc000001d exception.offset: 569737	success
1619646390.490876 __exception__	stacktrace: registers.esp: 1638236 registers.edi: 3157514 registers.eax: 1447909480 registers.ebp: 4117737492 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 4748130 registers.ecx: 10 exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 1d 31 d4 0a 01 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0x87c7b exception.instruction: in eax, dx exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 556155 exception.address: 0x487c7b	success
1619646390.724876 __exception__	stacktrace: registers.esp: 1638244 registers.edi: 4294939076 registers.eax: 31687 registers.ebp: 4117737492 registers.edx: 233396064 registers.ebx: 4807049 registers.esi: 10 registers.ecx: 3986489344 exception.instruction_r: fb 50 89 2c 24 e9 01 f9 ff ff 81 c7 04 00 00 00 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0x8e57a exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 583034 exception.address: 0x48e57a	success
1619646390.724876 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 0 registers.eax: 1638204 registers.ebp: 4117737492 registers.edx: 0 registers.ebx: 4779724 registers.esi: 4779063 registers.ecx: 4779063 exception.instruction_r: cd 01 eb 00 6a 00 57 e8 03 00 00 00 20 5f c3 5f exception.symbol: 69ffab10cd1df0f914005491451b27fe+0x8ed4f exception.instruction: int 1 exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000005 exception.offset: 585039 exception.address: 0x48ed4f	success
1619646390.896876 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4439822 registers.eax: 26899 registers.ebp: 4117737492 registers.edx: 6 registers.ebx: 43298409 registers.esi: 4820453 registers.ecx: 0 exception.instruction_r: fb e9 a5 09 00 00 29 f0 e9 51 ff ff ff 31 34 24 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0x98ea6 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 626342 exception.address: 0x498ea6	success
1619646390.896876 __exception__	stacktrace: registers.esp: 1638244 registers.edi: 4439822 registers.eax: 26899 registers.ebp: 4117737492 registers.edx: 6 registers.ebx: 43298409 registers.esi: 4847352 registers.ecx: 0 exception.instruction_r: fb 57 50 b8 97 21 6f 5e c1 e0 03 35 1f 7f 3d a9 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0x9966b exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 628331 exception.address: 0x49966b	success
1619646390.896876 __exception__	stacktrace: registers.esp: 1638244 registers.edi: 4439822 registers.eax: 26899 registers.ebp: 4117737492 registers.edx: 539625 registers.ebx: 43298409 registers.esi: 4823220 registers.ecx: 0 exception.instruction_r: fb 68 a2 23 00 00 e9 f1 f9 ff ff 81 f7 49 04 1d exception.symbol: 69ffab10cd1df0f914005491451b27fe+0x9957f exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 628095 exception.address: 0x49957f	success
1619646390.896876 __exception__	stacktrace: registers.esp: 1638236 registers.edi: 4439822 registers.eax: 31495 registers.ebp: 4117737492 registers.edx: 4871048 registers.ebx: 43298409 registers.esi: 4823220 registers.ecx: 539625 exception.instruction_r: fb 68 00 00 00 00 ff 34 24 ff 34 24 e9 50 00 00 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0x9e312 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 647954 exception.address: 0x49e312	success
1619646390.896876 __exception__	stacktrace: registers.esp: 1638236 registers.edi: 4122962 registers.eax: 31495 registers.ebp: 4117737492 registers.edx: 4871048 registers.ebx: 4294938776 registers.esi: 4823220 registers.ecx: 539625 exception.instruction_r: fb 68 cb 66 00 00 e9 6a fd ff ff be 04 00 00 00 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0x9e10e exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 647438 exception.address: 0x49e10e	success
1619646390.896876 __exception__	stacktrace: registers.esp: 1638232 registers.edi: 4122962 registers.eax: 28438 registers.ebp: 4117737492 registers.edx: 4842771 registers.ebx: 4294938776 registers.esi: 4823220 registers.ecx: 539625 exception.instruction_r: fb 50 51 b9 e0 70 6e 4c 89 c8 59 c1 e0 02 55 50 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0x9ed62 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 650594 exception.address: 0x49ed62	success
1619646390.896876 __exception__	stacktrace: registers.esp: 1638236 registers.edi: 4122962 registers.eax: 28438 registers.ebp: 4117737492 registers.edx: 4871209 registers.ebx: 4294938776 registers.esi: 4823220 registers.ecx: 539625 exception.instruction_r: fb 68 d7 18 00 00 ff 34 24 ff 34 24 8b 0c 24 51 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0x9e752 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 649042 exception.address: 0x49e752	success
1619646390.896876 __exception__	stacktrace: registers.esp: 1638236 registers.edi: 82608469 registers.eax: 28438 registers.ebp: 4117737492 registers.edx: 4845773 registers.ebx: 4294938776 registers.esi: 4823220 registers.ecx: 0 exception.instruction_r: fb 57 bf 97 50 77 57 55 68 57 78 88 40 8b 2c 24 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0x9edd7 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 650711 exception.address: 0x49edd7	success
1619646390.896876 __exception__	stacktrace: registers.esp: 1638232 registers.edi: 82608469 registers.eax: 4846251 registers.ebp: 4117737492 registers.edx: 4845773 registers.ebx: 123136138 registers.esi: 4823220 registers.ecx: 2011404426 exception.instruction_r: fb 2d 96 0d 93 13 05 3c 45 c3 19 2d 61 1a 03 49 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0x9f3be exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 652222 exception.address: 0x49f3be	success
1619646390.896876 __exception__	stacktrace: registers.esp: 1638236 registers.edi: 0 registers.eax: 4849060 registers.ebp: 4117737492 registers.edx: 4845773 registers.ebx: 123136138 registers.esi: 66281 registers.ecx: 2011404426 exception.instruction_r: fb 50 e9 a3 fc ff ff 81 c6 04 00 00 00 e9 76 fd exception.symbol: 69ffab10cd1df0f914005491451b27fe+0x9f9b4 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 653748 exception.address: 0x49f9b4	success
1619646390.912876 __exception__	stacktrace: registers.esp: 1638236 registers.edi: 1166475412 registers.eax: 30428 registers.ebp: 4117737492 registers.edx: 1723711319 registers.ebx: 4924131 registers.esi: 45225 registers.ecx: 3986489344 exception.instruction_r: fb 31 d2 e9 dd fd ff ff 5a 5a 68 9d 7d 00 00 89 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0xab357 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 701271 exception.address: 0x4ab357	success
1619646390.912876 __exception__	stacktrace: registers.esp: 1638236 registers.edi: 1166475412 registers.eax: 30428 registers.ebp: 4117737492 registers.edx: 4294939356 registers.ebx: 4924131 registers.esi: 45225 registers.ecx: 116969 exception.instruction_r: fb 68 72 4a 92 33 ff 34 24 e9 ad 03 00 00 55 52 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0xaad61 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 699745 exception.address: 0x4aad61	success
1619646390.912876 __exception__	stacktrace: registers.esp: 1638200 registers.edi: 4970631 registers.eax: 29209 registers.ebp: 4117737492 registers.edx: 2130566132 registers.ebx: 4096 registers.esi: 4974378 registers.ecx: 2135536034 exception.instruction_r: fb 81 ef ec 0f 12 56 81 ec 04 00 00 00 89 1c 24 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0xbe31f exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 779039 exception.address: 0x4be31f	success
1619646390.912876 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 4999840 registers.eax: 29209 registers.ebp: 4117737492 registers.edx: 2130566132 registers.ebx: 4096 registers.esi: 4974378 registers.ecx: 2135536034 exception.instruction_r: fb 68 1a 5e 00 00 89 14 24 e9 4e 03 00 00 5d e9 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0xbdb19 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 776985 exception.address: 0x4bdb19	success
1619646390.912876 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 4973944 registers.eax: 2041757270 registers.ebp: 4117737492 registers.edx: 2130566132 registers.ebx: 0 registers.esi: 4974378 registers.ecx: 2135536034 exception.instruction_r: fb 50 52 ba 46 61 8c 63 81 f2 a2 02 1c 7e 81 ca exception.symbol: 69ffab10cd1df0f914005491451b27fe+0xbe0d6 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 778454 exception.address: 0x4be0d6	success
1619646390.912876 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 4973944 registers.eax: 32055 registers.ebp: 4117737492 registers.edx: 2033719911 registers.ebx: 0 registers.esi: 5006283 registers.ecx: 322094082 exception.instruction_r: fb 29 c9 ff 34 31 e9 60 00 00 00 bf 14 1a f7 66 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0xbef2a exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 782122 exception.address: 0x4bef2a	success
1619646390.912876 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 4973944 registers.eax: 1133481357 registers.ebp: 4117737492 registers.edx: 2033719911 registers.ebx: 0 registers.esi: 5006283 registers.ecx: 4294938244 exception.instruction_r: fb 50 89 e0 56 e9 2e 01 00 00 51 b9 ab 03 af 38 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0xbe746 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 780102 exception.address: 0x4be746	success
1619646390.912876 __exception__	stacktrace: registers.esp: 1638200 registers.edi: 4979784 registers.eax: 25721 registers.ebp: 4117737492 registers.edx: 2130566132 registers.ebx: 35328 registers.esi: 5006283 registers.ecx: 2005871740 exception.instruction_r: fb 53 55 bd 51 72 50 0d bb 1a bd 0a 4d 29 eb 5d exception.symbol: 69ffab10cd1df0f914005491451b27fe+0xbfe47 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 785991 exception.address: 0x4bfe47	success
1619646390.912876 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 5005505 registers.eax: 25721 registers.ebp: 4117737492 registers.edx: 2130566132 registers.ebx: 4294943980 registers.esi: 5006283 registers.ecx: 1452182925 exception.instruction_r: fb e9 1b f8 ff ff 89 3c 24 89 14 24 89 e2 81 c2 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0xc050a exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 787722 exception.address: 0x4c050a	success
1619646390.912876 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 0 registers.eax: 4996279 registers.ebp: 4117737492 registers.edx: 2130378752 registers.ebx: 65802 registers.esi: 6650667 registers.ecx: 856006029 exception.instruction_r: fb 68 79 52 00 00 e9 96 fd ff ff 8b 14 24 51 54 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0xc3ab9 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 801465 exception.address: 0x4c3ab9	success
1619646390.912876 __exception__	stacktrace: registers.esp: 1638200 registers.edi: 0 registers.eax: 30472 registers.ebp: 4117737492 registers.edx: 2130378752 registers.ebx: 4449049 registers.esi: 5002169 registers.ecx: 856006029 exception.instruction_r: fb 81 ee 26 3c d4 76 52 ba b1 67 53 60 29 d6 8b exception.symbol: 69ffab10cd1df0f914005491451b27fe+0xc5acc exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 809676 exception.address: 0x4c5acc	success
1619646390.912876 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 0 registers.eax: 30472 registers.ebp: 4117737492 registers.edx: 2130378752 registers.ebx: 4449049 registers.esi: 5032641 registers.ecx: 856006029 exception.instruction_r: fb 31 c9 ff 34 31 8b 1c 24 68 88 41 00 00 89 34 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0xc5c5e exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 810078 exception.address: 0x4c5c5e	success
1619646390.912876 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 0 registers.eax: 30472 registers.ebp: 4117737492 registers.edx: 2130378752 registers.ebx: 71913 registers.esi: 5032641 registers.ecx: 4294939440 exception.instruction_r: fb 68 c4 d2 97 24 ff 34 24 5b 53 e9 1d 03 00 00 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0xc586b exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 809067 exception.address: 0x4c586b	success
1619646390.927876 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 5041433 registers.eax: 29096 registers.ebp: 4117737492 registers.edx: 4294940772 registers.ebx: 18938888 registers.esi: 3508629276 registers.ecx: 7849576 exception.instruction_r: fb e9 d8 fd ff ff 55 bd 0b 08 01 00 29 ef 5d 89 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0xc8146 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 819526 exception.address: 0x4c8146	success
1619646390.927876 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 5041433 registers.eax: 30662 registers.ebp: 4117737492 registers.edx: 122904761 registers.ebx: 113530218 registers.esi: 5045811 registers.ecx: 7849576 exception.instruction_r: fb 29 d2 ff 34 32 e9 18 f8 ff ff 5c 81 ec 04 00 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0xc8fc4 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 823236 exception.address: 0x4c8fc4	success
1619646390.927876 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 5041433 registers.eax: 30662 registers.ebp: 4117737492 registers.edx: 4294939312 registers.ebx: 3880522344 registers.esi: 5045811 registers.ecx: 7849576 exception.instruction_r: fb 68 4d df 03 7d ff 34 24 e9 e6 fc ff ff 29 d5 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0xc9071 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 823409 exception.address: 0x4c9071	success
1619646390.927876 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 5041433 registers.eax: 29083 registers.ebp: 4117737492 registers.edx: 58795849 registers.ebx: 1266390024 registers.esi: 5047126 registers.ecx: 7849576 exception.instruction_r: fb 31 c0 ff 34 06 e9 b3 ff ff ff 81 c4 04 00 00 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0xc9665 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 824933 exception.address: 0x4c9665	success
1619646390.927876 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 26857 registers.eax: 4294940548 registers.ebp: 4117737492 registers.edx: 58795849 registers.ebx: 1266390024 registers.esi: 5047126 registers.ecx: 7849576 exception.instruction_r: fb e9 bd fa ff ff 56 89 e6 e9 74 fb ff ff c1 e6 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0xc97d9 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 825305 exception.address: 0x4c97d9	success
1619646391.583876 __exception__	stacktrace: registers.esp: 1638200 registers.edi: 0 registers.eax: 5052046 registers.ebp: 4117737492 registers.edx: 106157268 registers.ebx: 5040800 registers.esi: 56400720 registers.ecx: 33024 exception.instruction_r: fb e9 f6 fc ff ff 2d 31 1f 77 67 01 f8 05 31 1f exception.symbol: 69ffab10cd1df0f914005491451b27fe+0xd1ad1 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 858833 exception.address: 0x4d1ad1	success
1619646391.583876 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 0 registers.eax: 5055375 registers.ebp: 4117737492 registers.edx: 0 registers.ebx: 5040800 registers.esi: 9193 registers.ecx: 33024 exception.instruction_r: fb 51 68 b1 15 ac 5c 59 81 e9 01 00 00 00 c1 e1 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0xd16d8 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 857816 exception.address: 0x4d16d8	success
1619646391.583876 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 5059026 registers.eax: 27169 registers.ebp: 4117737492 registers.edx: 582600 registers.ebx: 1 registers.esi: 5067039 registers.ecx: 5093862 exception.instruction_r: fb 29 db 52 89 da 81 c2 00 00 00 00 81 c2 72 74 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0xd509f exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 872607 exception.address: 0x4d509f	success
1619646391.583876 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 5059026 registers.eax: 2892074381 registers.ebp: 4117737492 registers.edx: 582600 registers.ebx: 4294943144 registers.esi: 5067039 registers.ecx: 5093862 exception.instruction_r: fb 68 c5 5e 00 00 89 3c 24 e9 94 01 00 00 8f 04 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0xd5344 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 873284 exception.address: 0x4d5344	success
1619646391.599876 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 4294939812 registers.eax: 5116650 registers.ebp: 4117737492 registers.edx: 322689 registers.ebx: 5077695 registers.esi: 56400720 registers.ecx: 33024 exception.instruction_r: fb 53 e9 71 04 00 00 81 ed 3f 2d 9b 69 01 cd 81 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0xd9ce1 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 892129 exception.address: 0x4d9ce1	success
1619646391.599876 __exception__	stacktrace: registers.esp: 1638200 registers.edi: 4294939812 registers.eax: 5089626 registers.ebp: 4117737492 registers.edx: 824085085 registers.ebx: 5077695 registers.esi: 56400720 registers.ecx: 1762159729 exception.instruction_r: fb 51 56 e9 b2 03 00 00 01 f1 5e 53 52 68 66 6b exception.symbol: 69ffab10cd1df0f914005491451b27fe+0xdae4d exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 896589 exception.address: 0x4dae4d	success
1619646391.599876 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 4294939812 registers.eax: 5119000 registers.ebp: 4117737492 registers.edx: 824085085 registers.ebx: 5077695 registers.esi: 56400720 registers.ecx: 1762159729 exception.instruction_r: fb 68 1f 1a 00 00 ff 34 24 5b 51 89 e1 e9 5f fc exception.symbol: 69ffab10cd1df0f914005491451b27fe+0xdaee9 exception.instruction: sti exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 896745 exception.address: 0x4daee9	success

Allocates read-write-execute memory (usually to unpack itself) (21 个事件)

Time & API	Arguments	Status
1619646391.662876 NtProtectVirtualMemory	process_identifier: 3004 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x77dcf000	success
1619646391.662876 NtProtectVirtualMemory	process_identifier: 3004 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x77d40000	success
1619646391.896876 NtProtectVirtualMemory	process_identifier: 3004 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 94208 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x00401000	success
1619646391.943876 NtAllocateVirtualMemory	process_identifier: 3004 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x044f0000	success
1619646391.943876 NtAllocateVirtualMemory	process_identifier: 3004 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x04500000	success
1619646391.943876 NtAllocateVirtualMemory	process_identifier: 3004 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x04510000	success
1619646391.943876 NtAllocateVirtualMemory	process_identifier: 3004 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x04520000	success
1619646391.943876 NtAllocateVirtualMemory	process_identifier: 3004 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x04530000	success
1619646391.943876 NtAllocateVirtualMemory	process_identifier: 3004 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x04540000	success
1619646391.943876 NtAllocateVirtualMemory	process_identifier: 3004 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x04550000	success
1619646391.943876 NtAllocateVirtualMemory	process_identifier: 3004 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x04560000	success
1619646391.958876 NtAllocateVirtualMemory	process_identifier: 3004 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x046b0000	success
1619646391.958876 NtAllocateVirtualMemory	process_identifier: 3004 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x046c0000	success
1619646391.958876 NtAllocateVirtualMemory	process_identifier: 3004 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x046d0000	success
1619646391.958876 NtAllocateVirtualMemory	process_identifier: 3004 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x046e0000	success
1619646391.958876 NtAllocateVirtualMemory	process_identifier: 3004 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x046f0000	success
1619646391.958876 NtAllocateVirtualMemory	process_identifier: 3004 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x04700000	success
1619646391.958876 NtAllocateVirtualMemory	process_identifier: 3004 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x04710000	success
1619646391.958876 NtAllocateVirtualMemory	process_identifier: 3004 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x04720000	success
1619646391.958876 NtAllocateVirtualMemory	process_identifier: 3004 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x04730000	success
1619646391.958876 NtAllocateVirtualMemory	process_identifier: 3004 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x04740000	success

A process attempted to delay the analysis task. (1 个事件)

description

69ffab10cd1df0f914005491451b27fe.exe tried to sleep 539 seconds, actually delayed analysis time by 539 seconds

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619646392.021876 NtProtectVirtualMemory	process_identifier: 3004 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 24576 protection: 32 (PAGE_EXECUTE_READ) process_handle: 0xffffffff base_address: 0x04040000	success	0	0

The binary likely contains encrypted or compressed data indicative of a packer (4 个事件)

entropy

7.959736850562741

section

{'size_of_data': '0x00017000', 'virtual_address': '0x00001000', 'entropy': 7.959736850562741, 'name': ' \\x00 ', 'virtual_size': '0x00032000'}

description

A section with a high entropy has been found

entropy

7.523454328130191

section

{'size_of_data': '0x00004000', 'virtual_address': '0x00033000', 'entropy': 7.523454328130191, 'name': '.rsrc', 'virtual_size': '0x00006d4c'}

description

A section with a high entropy has been found

entropy

7.86137014116231

section

{'size_of_data': '0x000cb000', 'virtual_address': '0x0012e000', 'entropy': 7.86137014116231, 'name': 'nhgxrnnn', 'virtual_size': '0x000cb000'}

description

A section with a high entropy has been found

entropy

0.9871244635193133

description

Overall entropy of this PE file is high

Expresses interest in specific running processes (1 个事件)

process

system

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Checks for the presence of known devices from debuggers and forensic tools (3 个事件)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (50 out of 181 个事件)

Time & API	Arguments	Status
1619646391.099876 FindWindowA	class_name: OLLYDBG window_name:	failed
1619646391.099876 FindWindowA	class_name: GBDYLLO window_name:	failed
1619646391.099876 FindWindowA	class_name: pediy06 window_name:	failed
1619646391.583876 FindWindowA	class_name: FilemonClass window_name:	failed
1619646391.583876 FindWindowA	class_name: FilemonClass window_name:	failed
1619646391.583876 FindWindowA	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com	failed
1619646391.583876 FindWindowA	class_name: PROCMON_WINDOW_CLASS window_name:	failed
1619646391.583876 FindWindowA	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com	failed
1619646391.599876 FindWindowA	class_name: RegmonClass window_name:	failed
1619646391.599876 FindWindowA	class_name: RegmonClass window_name:	failed
1619646391.599876 FindWindowA	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com	failed
1619646391.599876 FindWindowA	class_name: 18467-41 window_name:	failed
1619646391.896876 FindWindowA	class_name: FilemonClass window_name:	failed
1619646391.896876 FindWindowA	class_name: FilemonClass window_name:	failed
1619646391.896876 FindWindowA	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com	failed
1619646391.896876 FindWindowA	class_name: PROCMON_WINDOW_CLASS window_name:	failed
1619646391.896876 FindWindowA	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com	failed
1619646392.927876 FindWindowA	class_name: OLLYDBG window_name:	failed
1619646392.927876 FindWindowA	class_name: GBDYLLO window_name:	failed
1619646392.927876 FindWindowA	class_name: pediy06 window_name:	failed
1619646394.943876 FindWindowA	class_name: OLLYDBG window_name:	failed
1619646394.943876 FindWindowA	class_name: GBDYLLO window_name:	failed
1619646394.943876 FindWindowA	class_name: pediy06 window_name:	failed
1619646395.927876 FindWindowA	class_name: Regmonclass window_name:	failed
1619646395.927876 FindWindowA	class_name: Regmonclass window_name:	failed
1619646396.240876 FindWindowA	class_name: 18467-41 window_name:	failed
1619646396.552876 FindWindowA	class_name: Filemonclass window_name:	failed
1619646396.552876 FindWindowA	class_name: Filemonclass window_name:	failed
1619646396.552876 FindWindowA	class_name: PROCMON_WINDOW_CLASS window_name:	failed
1619646396.958876 FindWindowA	class_name: OLLYDBG window_name:	failed
1619646396.958876 FindWindowA	class_name: GBDYLLO window_name:	failed
1619646396.958876 FindWindowA	class_name: pediy06 window_name:	failed
1619646398.974876 FindWindowA	class_name: OLLYDBG window_name:	failed
1619646398.974876 FindWindowA	class_name: GBDYLLO window_name:	failed
1619646398.974876 FindWindowA	class_name: pediy06 window_name:	failed
1619646400.552876 FindWindowA	class_name: Regmonclass window_name:	failed
1619646400.552876 FindWindowA	class_name: Regmonclass window_name:	failed
1619646400.865876 FindWindowA	class_name: 18467-41 window_name:	failed
1619646400.990876 FindWindowA	class_name: OLLYDBG window_name:	failed
1619646400.990876 FindWindowA	class_name: GBDYLLO window_name:	failed
1619646400.990876 FindWindowA	class_name: pediy06 window_name:	failed
1619646401.177876 FindWindowA	class_name: Filemonclass window_name:	failed
1619646401.177876 FindWindowA	class_name: Filemonclass window_name:	failed
1619646401.177876 FindWindowA	class_name: PROCMON_WINDOW_CLASS window_name:	failed
1619646403.005876 FindWindowA	class_name: OLLYDBG window_name:	failed
1619646403.005876 FindWindowA	class_name: GBDYLLO window_name:	failed
1619646403.005876 FindWindowA	class_name: pediy06 window_name:	failed
1619646405.021876 FindWindowA	class_name: OLLYDBG window_name:	failed
1619646405.021876 FindWindowA	class_name: GBDYLLO window_name:	failed
1619646405.021876 FindWindowA	class_name: pediy06 window_name:	failed

Detects VirtualBox through the presence of a registry key (1 个事件)

registry

HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Detects VMWare through the in instruction feature (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619646390.490876 __exception__	stacktrace: registers.esp: 1638236 registers.edi: 3157514 registers.eax: 1447909480 registers.ebp: 4117737492 registers.edx: 22104 registers.ebx: 1983254709 registers.esi: 4748130 registers.ecx: 20 exception.instruction_r: ed 64 8f 05 00 00 00 00 e9 ee 0f 00 00 52 ba 01 exception.symbol: 69ffab10cd1df0f914005491451b27fe+0x8793f exception.instruction: in eax, dx exception.module: 69ffab10cd1df0f914005491451b27fe.exe exception.exception_code: 0xc0000096 exception.offset: 555327 exception.address: 0x48793f	success	0	0

Detects the presence of Wine emulator (1 个事件)

registry

HKEY_CURRENT_USER\Software\Wine

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)

dead_host	172.217.24.14:443
dead_host	216.58.200.238:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2017-09-03 09:10:44

Imports

Library kernel32.dll:

• 0x43a033 lstrcpy

Library comctl32.dll:

• 0x43a03b InitCommonControls

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
clients2.google.com	CNAME clients.l.google.com A 216.58.200.238	172.217.27.142
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	51808	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	60123	114.114.114.114	53
192.168.56.101	60384	114.114.114.114	53
192.168.56.101	63429	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49713	224.0.0.252	5355
192.168.56.101	51378	224.0.0.252	5355
192.168.56.101	53237	224.0.0.252	5355
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	58367	224.0.0.252	5355
192.168.56.101	61680	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	62318	224.0.0.252	5355
192.168.56.101	65004	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	51379	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.