3.4
中危
1 个模型检测该样本为恶意!
重新分析
更多

8f8aaf3679229e80eb4b043d93e9726d246c6a0088a9448998373eb8586cf74d

6b16710d7d033f3bfdd26965af1072f3.exe

分析耗时

90s

最近分析

文件大小

2.9MB
静态报毒 动态报毒 SCORE UNSAFE
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20190605 18.4.3895.0
Kingsoft 20190605 2013.8.14.323
McAfee 20190605 6.0.6.653
Tencent 20190605 1.0.0.1
CrowdStrike 20190212 1.0
静态指标
This executable is signed
This executable has a PDB path (1 个事件)
pdb_path D:\jenkins_Trunk\workspace\AOW_TGVoice_Market\qqpcmgr_proj\AndroidEmulator\Output\Binfinal\AppMarket\AppMarket.pdb
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section .gfids
section .QMGuid
section qmnet
行为判定
动态指标
Foreign language identified in PE resource (9 个事件)
name RT_ICON language LANG_CHINESE offset 0x002c9ab0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x002c9ab0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x002c9ab0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x002c9ab0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x002c9ab0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x002c9ab0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x002c9ab0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_GROUP_ICON language LANG_CHINESE offset 0x002c9f18 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000068
name RT_VERSION language LANG_CHINESE offset 0x00266250 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000002ec
File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)
eGambit Unsafe.AI_Score_65%
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-05-08 19:12:43

Imports

Library COMCTL32.dll:
Library Common.dll:
0x5ed108 ??0CTXBSTR@@QAE@XZ
0x5ed164 ??1CTXBSTR@@QAE@XZ
0x5ed178
0x5ed17c
0x5ed188
0x5ed18c
Library GF.dll:
Library xGraphic32.dll:
0x5edeb8 SetColor
0x5edebc FillSolidRectEx
0x5edec0 DrawEllipse
Library WS2_32.dll:
0x5edb20 gethostname
0x5edb24 listen
0x5edb28 WSAStartup
0x5edb2c getpeername
0x5edb30 socket
0x5edb34 connect
0x5edb38 recvfrom
0x5edb3c recv
0x5edb40 sendto
0x5edb44 ioctlsocket
0x5edb48 setsockopt
0x5edb4c htonl
0x5edb50 htons
0x5edb54 ntohl
0x5edb58 ntohs
0x5edb5c WSAGetLastError
0x5edb60 gethostbyname
0x5edb64 closesocket
0x5edb68 bind
0x5edb6c accept
0x5edb70 __WSAFDIsSet
0x5edb74 inet_ntoa
0x5edb78 inet_addr
0x5edb7c WSACleanup
0x5edb80 getsockopt
0x5edb84 getsockname
0x5edb88 WSASetLastError
0x5edb8c freeaddrinfo
0x5edb90 WSASend
0x5edb94 send
0x5edb98 select
0x5edb9c getaddrinfo
Library VERSION.dll:
0x5eda60 GetFileVersionInfoW
0x5eda64 VerQueryValueW
Library COMDLG32.dll:
0x5ed0c0 GetOpenFileNameW
Library SHLWAPI.dll:
0x5ed814 PathCombineW
0x5ed818 StrStrIW
0x5ed820 PathIsDirectoryW
0x5ed824 SHGetValueW
0x5ed828 StrRChrW
0x5ed82c StrFormatByteSizeA
0x5ed834 StrFormatKBSizeA
0x5ed83c PathRemoveFileSpecW
0x5ed840 StrStrIA
0x5ed844 PathAppendW
0x5ed848 PathFileExistsW
0x5ed84c PathAddBackslashW
0x5ed850 PathFindFileNameW
0x5ed854 StrFormatByteSizeW
0x5ed858 StrFormatKBSizeW
0x5ed860 wnsprintfW
Library xImage.dll:
0x5edec8 ??0CxImage@@QAE@K@Z
Library IMM32.dll:
0x5ed284 ImmAssociateContext
0x5ed288 ImmReleaseContext
0x5ed28c ImmGetContext
Library WININET.dll:
0x5edaa0 InternetOpenUrlA
0x5edaa4 InternetReadFile
0x5edaa8 InternetOpenW
0x5edab0 InternetSetOptionW
0x5edab4 InternetOpenA
0x5edab8 InternetConnectA
0x5edabc HttpOpenRequestA
0x5edac4 InternetOpenUrlW
0x5edac8 HttpSendRequestA
0x5edacc HttpQueryInfoW
0x5edad0 InternetGetCookieW
0x5edad4 InternetCloseHandle
Library WLDAP32.dll:
0x5edadc
0x5edae0
0x5edae4
0x5edae8
0x5edaec
0x5edaf0
0x5edaf4
0x5edaf8
0x5edafc
0x5edb00
0x5edb04
0x5edb08
0x5edb0c
0x5edb10
0x5edb14
0x5edb18
Library zlib.dll:
0x5edee0 zlibVersion
0x5edee4 inflateInit_
Library KERNEL32.dll:
0x5ed2a4 LoadLibraryExA
0x5ed2a8 VirtualFree
0x5ed2b8 InitializeSListHead
0x5ed2bc EncodePointer
0x5ed2c0 GetFileType
0x5ed2c4 PeekNamedPipe
0x5ed2c8 GetStdHandle
0x5ed2d0 SleepEx
0x5ed2d4 GetModuleFileNameA
0x5ed2d8 IsDebuggerPresent
0x5ed2e8 GetCPInfo
0x5ed2ec GetCurrencyFormatW
0x5ed2f0 GetNumberFormatW
0x5ed2f4 GetTimeFormatA
0x5ed2f8 GetDateFormatA
0x5ed300 GetCurrencyFormatA
0x5ed304 GetNumberFormatA
0x5ed308 GetStartupInfoW
0x5ed30c GetLocaleInfoA
0x5ed31c MapViewOfFileEx
0x5ed320 OpenFileMappingA
0x5ed324 CreateFileMappingA
0x5ed328 FormatMessageA
0x5ed32c DuplicateHandle
0x5ed330 CreatePipe
0x5ed33c CreateDirectoryA
0x5ed340 GetProcAddress
0x5ed344 VirtualProtect
0x5ed348 VirtualAllocEx
0x5ed34c HeapAlloc
0x5ed350 HeapFree
0x5ed354 GetProcessHeap
0x5ed358 OpenProcess
0x5ed35c GetCurrentProcess
0x5ed360 GetCurrentProcessId
0x5ed364 TerminateProcess
0x5ed36c GetCurrentThreadId
0x5ed370 SetErrorMode
0x5ed374 WriteProcessMemory
0x5ed388 CloseHandle
0x5ed38c lstrcpynW
0x5ed390 CreateEventW
0x5ed394 LoadLibraryW
0x5ed398 GetModuleFileNameW
0x5ed39c GetModuleHandleW
0x5ed3a0 CreateProcessW
0x5ed3a4 GetCommandLineW
0x5ed3a8 SearchPathW
0x5ed3ac InterlockedExchange
0x5ed3b4 LockResource
0x5ed3b8 HeapDestroy
0x5ed3bc HeapReAlloc
0x5ed3c0 HeapSize
0x5ed3c4 GetLastError
0x5ed3d0 Sleep
0x5ed3d4 LoadResource
0x5ed3d8 SizeofResource
0x5ed3dc FindResourceW
0x5ed3e0 FindResourceExW
0x5ed3e4 MultiByteToWideChar
0x5ed3e8 WideCharToMultiByte
0x5ed3f0 FreeLibrary
0x5ed3f4 LocalFree
0x5ed3f8 VirtualQuery
0x5ed3fc GetCurrentThread
0x5ed400 TerminateThread
0x5ed404 ReleaseMutex
0x5ed408 WaitForSingleObject
0x5ed40c IsDBCSLeadByte
0x5ed410 CreateMutexW
0x5ed414 OpenMutexW
0x5ed418 LoadLibraryExW
0x5ed424 GetDriveTypeW
0x5ed428 GetSystemDirectoryW
0x5ed42c GetTempPathW
0x5ed430 IsBadReadPtr
0x5ed434 IsBadWritePtr
0x5ed438 GetVersionExW
0x5ed448 SetEvent
0x5ed44c MapViewOfFile
0x5ed450 UnmapViewOfFile
0x5ed458 CreateFileMappingW
0x5ed45c GetFileSize
0x5ed460 ReadFile
0x5ed464 FindClose
0x5ed468 GetTickCount
0x5ed46c RemoveDirectoryW
0x5ed470 CreateFileW
0x5ed474 DeleteFileW
0x5ed478 FindFirstFileW
0x5ed47c FindNextFileW
0x5ed480 CopyFileW
0x5ed488 OutputDebugStringW
0x5ed48c WriteFile
0x5ed498 CreateThread
0x5ed49c GetSystemTime
0x5ed4a8 SetWaitableTimer
0x5ed4ac CancelWaitableTimer
0x5ed4b0 CreateProcessA
0x5ed4b4 GetTempPathA
0x5ed4b8 GetFileAttributesW
0x5ed4c0 SetFilePointer
0x5ed4c4 GlobalAlloc
0x5ed4c8 lstrcpyW
0x5ed4cc GetLogicalDrives
0x5ed4d0 GetLocalTime
0x5ed4dc GetDiskFreeSpaceExW
0x5ed4e0 QueryDosDeviceW
0x5ed4ec Process32FirstW
0x5ed4f0 Process32NextW
0x5ed4f8 MoveFileW
0x5ed508 GetLocaleInfoW
0x5ed510 SetFileTime
0x5ed51c CreateDirectoryW
0x5ed524 ResetEvent
0x5ed528 RaiseException
0x5ed52c OpenEventW
0x5ed538 GlobalSize
0x5ed53c GlobalLock
0x5ed540 GlobalUnlock
0x5ed544 SetFilePointerEx
0x5ed548 GlobalAddAtomW
0x5ed54c GetTempFileNameW
0x5ed550 CreateFileA
0x5ed554 CompareFileTime
0x5ed55c GetExitCodeProcess
0x5ed560 GetFileSizeEx
0x5ed56c FormatMessageW
0x5ed570 GetACP
0x5ed574 DecodePointer
0x5ed578 DeviceIoControl
0x5ed57c Thread32First
0x5ed580 Thread32Next
0x5ed584 lstrcmpW
0x5ed588 MulDiv
0x5ed58c SetLastError
0x5ed590 LocalAlloc
0x5ed598 TlsAlloc
0x5ed59c TlsSetValue
0x5ed5a0 TlsGetValue
0x5ed5a4 TlsFree
0x5ed5a8 VirtualProtectEx
0x5ed5b0 VirtualAlloc
0x5ed5b4 ResumeThread
0x5ed5b8 GetThreadContext
0x5ed5bc SetThreadContext
0x5ed5c0 SuspendThread
0x5ed5c4 lstrlenW
0x5ed5c8 LoadLibraryA
0x5ed5cc lstrcmpiW
0x5ed5d0 SetFileAttributesW
0x5ed5d4 GetFullPathNameW
0x5ed5dc GetDateFormatW
0x5ed5e0 GetTimeFormatW
0x5ed5e4 SetEndOfFile
0x5ed5e8 SwitchToThread
0x5ed5ec GetSystemInfo
Library USER32.dll:
0x5ed868 IsWindowVisible
0x5ed870 GetKeyState
0x5ed874 GetParent
0x5ed87c MonitorFromRect
0x5ed880 GetMonitorInfoW
0x5ed884 GetMessageW
0x5ed888 TranslateMessage
0x5ed88c PostThreadMessageW
0x5ed890 WaitMessage
0x5ed894 CopyRect
0x5ed898 EnumWindows
0x5ed89c LoadImageW
0x5ed8a0 PostMessageA
0x5ed8a4 CallWindowProcW
0x5ed8a8 SetFocus
0x5ed8ac GetKeyboardState
0x5ed8b0 SetParent
0x5ed8b4 GetClassInfoExW
0x5ed8b8 SetPropW
0x5ed8bc GetPropW
0x5ed8c0 IsIconic
0x5ed8c4 SetActiveWindow
0x5ed8c8 GetForegroundWindow
0x5ed8cc GetClientRect
0x5ed8d0 WindowFromPoint
0x5ed8d4 EqualRect
0x5ed8d8 EnumThreadWindows
0x5ed8dc GetClassNameW
0x5ed8e8 ClientToScreen
0x5ed8ec BeginPaint
0x5ed8f0 EndPaint
0x5ed8f4 InvalidateRgn
0x5ed8f8 RedrawWindow
0x5ed8fc SetCapture
0x5ed900 GetWindow
0x5ed904 IsChild
0x5ed908 GetDlgItem
0x5ed90c GetSysColor
0x5ed914 GetFocus
0x5ed918 FillRect
0x5ed920 ReleaseCapture
0x5ed928 FindWindowA
0x5ed92c CreateWindowExW
0x5ed930 RegisterClassExW
0x5ed934 UnregisterHotKey
0x5ed938 RegisterHotKey
0x5ed93c PeekMessageW
0x5ed940 DispatchMessageW
0x5ed944 SetForegroundWindow
0x5ed948 CharNextW
0x5ed94c CharUpperW
0x5ed950 PostMessageW
0x5ed954 SendMessageTimeoutW
0x5ed958 LoadIconW
0x5ed95c LoadCursorW
0x5ed960 FindWindowW
0x5ed964 PtInRect
0x5ed968 ScreenToClient
0x5ed96c SetCursor
0x5ed970 GetWindowRect
0x5ed974 GetSystemMetrics
0x5ed978 SetWindowPos
0x5ed97c MoveWindow
0x5ed980 ShowWindow
0x5ed984 UnregisterClassW
0x5ed988 GetDesktopWindow
0x5ed98c GetLastInputInfo
0x5ed990 ExitWindowsEx
0x5ed994 ReleaseDC
0x5ed998 GetDC
0x5ed99c DestroyWindow
0x5ed9a0 CreateWindowExA
0x5ed9a4 RegisterClassExA
0x5ed9a8 DefWindowProcW
0x5ed9ac EnumDisplayDevicesW
0x5ed9b4 wsprintfW
0x5ed9b8 FindWindowExW
0x5ed9bc SetWindowLongW
0x5ed9c0 GetWindowLongW
0x5ed9c4 GetCursorPos
0x5ed9c8 SetCursorPos
0x5ed9cc MessageBoxW
0x5ed9d0 GetWindowTextW
0x5ed9d4 SetWindowTextW
0x5ed9d8 EnableWindow
0x5ed9dc IsWindow
0x5ed9e0 SendMessageW
0x5ed9e4 RemovePropW
0x5ed9e8 PostQuitMessage
0x5ed9ec GetQueueStatus
0x5ed9f4 KillTimer
0x5ed9f8 SetTimer
0x5ed9fc UpdateWindow
0x5eda00 InvalidateRect
Library ADVAPI32.dll:
0x5ed000 RegCloseKey
0x5ed008 RegCreateKeyExW
0x5ed00c RegDeleteValueW
0x5ed010 RegEnumValueW
0x5ed014 RegOpenKeyExW
0x5ed018 RegQueryValueExW
0x5ed01c RegSetValueExW
0x5ed020 SetEntriesInAclW
0x5ed030 RegQueryInfoKeyW
0x5ed034 RegEnumKeyExW
0x5ed038 OpenProcessToken
0x5ed04c CloseServiceHandle
0x5ed050 CreateServiceW
0x5ed054 OpenSCManagerW
0x5ed058 OpenServiceW
0x5ed05c QueryServiceConfigW
0x5ed060 RegQueryValueExA
0x5ed064 RegDeleteKeyW
0x5ed068 RegFlushKey
0x5ed070 RegGetKeySecurity
0x5ed074 RegSetKeySecurity
0x5ed07c GetLengthSid
0x5ed080 InitializeAcl
0x5ed08c FreeSid
0x5ed090 SetFileSecurityW
0x5ed094 AddAccessAllowedAce
0x5ed098 RegOpenKeyExA
0x5ed09c RegOpenKeyW
0x5ed0a0 CryptReleaseContext
0x5ed0a4 CryptGetHashParam
0x5ed0a8 CryptDestroyHash
0x5ed0ac CryptHashData
0x5ed0b0 CryptCreateHash
Library ole32.dll:
0x5ede48 StgOpenStorage
0x5ede4c StgIsStorageFile
0x5ede50 CoLoadLibrary
0x5ede54 OleLockRunning
0x5ede58 CoGetClassObject
0x5ede5c CoInitializeEx
0x5ede60 CoInitialize
0x5ede64 CoUninitialize
0x5ede6c CLSIDFromString
0x5ede78 CoFreeLibrary
0x5ede7c CoTaskMemFree
0x5ede80 ReleaseStgMedium
0x5ede84 CLSIDFromProgID
0x5ede88 StringFromGUID2
0x5ede8c CoCreateGuid
0x5ede98 CoCreateInstance
0x5ede9c OleInitialize
0x5edea0 OleUninitialize
0x5edea4 CoTaskMemAlloc
Library SHELL32.dll:
0x5ed7c4 Shell_NotifyIconW
0x5ed7c8 DragQueryFileW
0x5ed7cc ShellExecuteW
0x5ed7d0
0x5ed7d8 SHFileOperationW
0x5ed7dc CommandLineToArgvW
0x5ed7e0 ShellExecuteExW
0x5ed7e4 SHGetFolderPathW
0x5ed7e8 SHGetDesktopFolder
0x5ed7ec SHBrowseForFolderW
0x5ed7fc SHGetFolderPathA
0x5ed800
0x5ed804
0x5ed808 SHGetMalloc
Library OLEAUT32.dll:
0x5ed758 LoadTypeLib
0x5ed75c LoadRegTypeLib
0x5ed760 SysAllocStringLen
0x5ed764 VarBstrCmp
0x5ed76c SysStringLen
0x5ed774 SysFreeString
0x5ed778 SysAllocString
0x5ed77c VariantClear
0x5ed780 VariantInit
Library MSVCP140.dll:
0x5ed5f4 ?_BADOFF@std@@3_JB
0x5ed630 _Query_perf_counter
0x5ed648 _Stat

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 62912 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.