SmartHawk

2.6

中危

该样本未表现出任何异常！

重新分析

下载样本

79706b9b32df938bbd99b255e3098cbe31859b75aae9a49ad18ebd2a582aa923

74aa2a6679d3b43a88e01078eab24e1a.exe

分析耗时

51s

最近分析

文件大小

222.0KB

静态报毒动态报毒

未检测暂无鹰眼引擎检测结果

未检测暂无反病毒引擎检测结果

The file contains an unknown PE resource name possibly indicative of a packer (2 个事件)

resource name	AFX_DIALOG_LAYOUT
resource name	None

Allocates read-write-execute memory (usually to unpack itself) (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1620776315.35975 NtProtectVirtualMemory	process_identifier: 1404 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 73728 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x05e4c000	success	0	0
1620776315.37575 NtAllocateVirtualMemory	process_identifier: 1404 region_size: 122880 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003a0000	success	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.530012284117853

section

{'size_of_data': '0x00024200', 'virtual_address': '0x00001000', 'entropy': 7.530012284117853, 'name': '.text', 'virtual_size': '0x000240c4'}

description

A section with a high entropy has been found

entropy

0.6538461538461539

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (3 个事件)

host	172.217.24.14
host	203.208.40.34
host	203.208.41.65

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)

dead_host

172.217.24.14:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2019-06-15 18:01:41

Imports

Library KERNEL32.dll:

• 0x426000 GetPrivateProfileSectionNamesW

• 0x426004 SetDefaultCommConfigA

• 0x426008 CreateMutexW

• 0x42600c WritePrivateProfileStructA

• 0x426010 SetLocalTime

• 0x426014 _llseek

• 0x426018 BuildCommDCBAndTimeoutsA

• 0x42601c CallNamedPipeA

• 0x426020 DeleteVolumeMountPointA

• 0x426024 MoveFileExW

• 0x426028 CompareFileTime

• 0x42602c CreateJobObjectW

• 0x426030 WaitForSingleObject

• 0x426034 OpenSemaphoreA

• 0x426038 GetSystemDefaultLCID

• 0x42603c ConnectNamedPipe

• 0x426040 _lclose

• 0x426044 GetProcessPriorityBoost

• 0x426048 GetTickCount

• 0x42604c VirtualFree

• 0x426050 ReadConsoleW

• 0x426054 WriteFile

• 0x426058 SetCommTimeouts

• 0x42605c TzSpecificLocalTimeToSystemTime

• 0x426060 FindResourceExA

• 0x426064 GlobalAlloc

• 0x426068 GetConsoleMode

• 0x42606c TerminateThread

• 0x426070 GetPrivateProfileStructW

• 0x426074 SizeofResource

• 0x426078 GetConsoleWindow

• 0x42607c LeaveCriticalSection

• 0x426080 WriteConsoleW

• 0x426084 GetBinaryTypeA

• 0x426088 IsDBCSLeadByte

• 0x42608c lstrcatA

• 0x426090 lstrlenW

• 0x426094 SetThreadPriority

• 0x426098 GlobalUnlock

• 0x42609c InterlockedExchange

• 0x4260a0 ReleaseActCtx

• 0x4260a4 SetCurrentDirectoryA

• 0x4260a8 FillConsoleOutputCharacterW

• 0x4260ac GetLastError

• 0x4260b0 GetProcAddress

• 0x4260b4 CreateNamedPipeA

• 0x4260b8 SetVolumeLabelW

• 0x4260bc LocalLock

• 0x4260c0 WriteProfileSectionA

• 0x4260c4 SetStdHandle

• 0x4260c8 DisableThreadLibraryCalls

• 0x4260cc OpenWaitableTimerA

• 0x4260d0 OpenMutexA

• 0x4260d4 AddAtomW

• 0x4260d8 SetFileApisToANSI

• 0x4260dc BeginUpdateResourceA

• 0x4260e0 VirtualLock

• 0x4260e4 GlobalHandle

• 0x4260e8 GlobalUnWire

• 0x4260ec CreateIoCompletionPort

• 0x4260f0 GetModuleHandleA

• 0x4260f4 LoadLibraryExA

• 0x4260f8 EnumResourceNamesA

• 0x4260fc BuildCommDCBA

• 0x426100 VirtualProtect

• 0x426104 EnumDateFormatsW

• 0x426108 CompareStringA

• 0x42610c ScrollConsoleScreenBufferA

• 0x426110 SetCalendarInfoA

• 0x426114 GetVersionExA

• 0x426118 DebugBreak

• 0x42611c FindActCtxSectionStringW

• 0x426120 GetSystemTime

• 0x426124 TlsFree

• 0x426128 SuspendThread

• 0x42612c AreFileApisANSI

• 0x426130 CreateFileA

• 0x426134 InterlockedIncrement

• 0x426138 InterlockedDecrement

• 0x42613c Sleep

• 0x426140 InitializeCriticalSection

• 0x426144 DeleteCriticalSection

• 0x426148 EnterCriticalSection

• 0x42614c HeapFree

• 0x426150 TerminateProcess

• 0x426154 GetCurrentProcess

• 0x426158 UnhandledExceptionFilter

• 0x42615c SetUnhandledExceptionFilter

• 0x426160 IsDebuggerPresent

• 0x426164 GetStartupInfoW

• 0x426168 RtlUnwind

• 0x42616c RaiseException

• 0x426170 LCMapStringA

• 0x426174 WideCharToMultiByte

• 0x426178 MultiByteToWideChar

• 0x42617c LCMapStringW

• 0x426180 GetCPInfo

• 0x426184 SetHandleCount

• 0x426188 GetStdHandle

• 0x42618c GetFileType

• 0x426190 GetStartupInfoA

• 0x426194 HeapAlloc

• 0x426198 HeapCreate

• 0x42619c VirtualAlloc

• 0x4261a0 HeapReAlloc

• 0x4261a4 GetModuleHandleW

• 0x4261a8 TlsGetValue

• 0x4261ac TlsAlloc

• 0x4261b0 TlsSetValue

• 0x4261b4 SetLastError

• 0x4261b8 GetCurrentThreadId

• 0x4261bc ExitProcess

• 0x4261c0 GetModuleFileNameA

• 0x4261c4 GetModuleFileNameW

• 0x4261c8 FreeEnvironmentStringsW

• 0x4261cc GetEnvironmentStringsW

• 0x4261d0 GetCommandLineW

• 0x4261d4 QueryPerformanceCounter

• 0x4261d8 GetCurrentProcessId

• 0x4261dc GetSystemTimeAsFileTime

• 0x4261e0 HeapSize

• 0x4261e4 GetACP

• 0x4261e8 GetOEMCP

• 0x4261ec IsValidCodePage

• 0x4261f0 GetUserDefaultLCID

• 0x4261f4 GetLocaleInfoA

• 0x4261f8 EnumSystemLocalesA

• 0x4261fc IsValidLocale

• 0x426200 GetStringTypeA

• 0x426204 GetStringTypeW

• 0x426208 InitializeCriticalSectionAndSpinCount

• 0x42620c SetFilePointer

• 0x426210 GetConsoleCP

• 0x426214 LoadLibraryA

• 0x426218 GetLocaleInfoW

• 0x42621c FlushFileBuffers

• 0x426220 ReadFile

• 0x426224 WriteConsoleA

• 0x426228 GetConsoleOutputCP

• 0x42622c CloseHandle

Library USER32.dll:

• 0x426234 GetCursorPos

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 51.105.208.173 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	60123	114.114.114.114	53
192.168.56.101	60215	114.114.114.114	53
192.168.56.101	62191	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50002	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57756	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	53658	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702
192.168.56.101	60216	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.