1.8
低危
该样本未表现出任何异常!
重新分析
更多

e17dd6e10b76f9d0987b3fbd91504a4a94c30712f6d1a677eb13886becbcceb0

776407ef671c10897da7093a079ff8be.exe

分析耗时

78s

最近分析

文件大小

109.3KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1620946615.367784
GetComputerNameW
computer_name:
failed 0 0
1620946615.367784
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
This executable is signed
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1620946614.179784
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 49152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004f0000
success 0 0
1620946614.961784
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 45056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00500000
success 0 0
1620946614.961784
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 61440
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 6.8626316848409825 section {'size_of_data': '0x0000e600', 'virtual_address': '0x00007000', 'entropy': 6.8626316848409825, 'name': '.rdata', 'virtual_size': '0x0000e4c8'} description A section with a high entropy has been found
entropy 0.5528846153846154 description Overall entropy of this PE file is high
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-04-06 02:19:38

Imports

Library KERNEL32.dll:
0x4175d4 IsValidCodePage
0x4175d8 GetLastError
0x4175dc LocalFree
0x4175e0 LocalAlloc
0x4175e8 MultiByteToWideChar
0x4175ec WideCharToMultiByte
0x4175f0 WriteConsoleW
0x4175f4 GetStdHandle
0x4175f8 CloseHandle
0x4175fc IsDBCSLeadByte
0x41760c CreateFileW
0x417610 GetTimeFormatW
0x417614 GetDateFormatW
0x417618 ReadFile
0x417630 GetDriveTypeA
0x417634 SetFilePointer
0x417638 CreateFileA
0x41763c GetModuleHandleA
0x417640 GetCommandLineA
0x417644 GetVersionExA
0x417648 ExitProcess
0x41764c GetProcAddress
0x417650 HeapFree
0x41765c HeapAlloc
0x417664 Beep
0x417668 ReadConsoleInputA
0x41766c SetConsoleMode
0x417670 GetConsoleMode
0x417674 PeekConsoleInputA
0x417680 GetFullPathNameA
0x417684 WriteFile
0x417688 GetModuleFileNameA
0x4176a0 SetHandleCount
0x4176a4 GetFileType
0x4176a8 GetStartupInfoA
0x4176ac HeapDestroy
0x4176b0 HeapCreate
0x4176b4 VirtualFree
0x4176b8 GetCPInfo
0x4176bc GetUserDefaultLCID
0x4176c0 GetLocaleInfoA
0x4176c4 EnumSystemLocalesA
0x4176c8 IsValidLocale
0x4176cc GetProcessHeap
0x4176d0 GetStringTypeA
0x4176d4 GetStringTypeW
0x4176d8 VirtualAlloc
0x4176dc HeapReAlloc
0x4176e0 VirtualProtect
0x4176e4 GetSystemInfo
0x4176e8 VirtualQuery
0x4176ec LCMapStringA
0x4176f0 LCMapStringW
0x4176f8 GetFileAttributesA
0x4176fc LoadLibraryA
0x417700 GetACP
0x417704 GetOEMCP
0x417708 SetStdHandle
0x41770c FlushFileBuffers
0x417710 CompareStringA
0x417714 CompareStringW
0x417718 GetExitCodeProcess
0x41771c WaitForSingleObject
0x417720 CreateProcessA
0x417724 RtlUnwind
0x417728 GetLocaleInfoW
0x41772c SetEndOfFile
Library USER32.dll:
0x417734 GetMessagePos
0x417738 GetCursorPos
0x41773c PostQuitMessage
0x417740 TranslateMessage
0x417744 DispatchMessageW
0x417748 MapVirtualKeyW
0x41774c VkKeyScanW
0x417750 GetAsyncKeyState
0x417754 GetFocus
0x417758 SetCapture
0x41775c GetScrollInfo
0x417760 SetScrollInfo
0x417764 EnableScrollBar
0x417768 ScrollWindow
0x41776c GetParent
0x417770 WindowFromPoint
0x417774 SetParent
0x417778 RedrawWindow
0x41777c ScreenToClient
0x417780 ClientToScreen
0x417784 IsDialogMessageW
0x417788 IsWindowEnabled
0x41778c GetMessageTime
0x417790 GetActiveWindow
0x417794 GetWindow
0x41779c GetCapture
0x4177a0 TrackPopupMenu
0x4177a4 DefWindowProcW
0x4177a8 CallWindowProcW
0x4177ac InvalidateRect
0x4177b0 FillRect
0x4177b4 IsWindow
0x4177b8 GetSysColor
0x4177bc GetClientRect
0x4177c0 SetFocus
0x4177c4 ReleaseCapture
0x4177c8 SetCursorPos
0x4177cc MoveWindow
0x4177d0 DeferWindowPos
0x4177d4 CreateWindowExW
0x4177d8 GetUpdateRgn
0x4177dc MapWindowPoints
0x4177e0 BeginDeferWindowPos
0x4177e4 EndDeferWindowPos
0x4177e8 GetMenuItemInfoW
0x4177ec GetMenuItemCount
0x4177f0 RegisterHotKey
0x4177f4 UnregisterHotKey
0x4177f8 PtInRect
0x4177fc InflateRect
0x417800 GetIconInfo
0x417804 CreateIconIndirect
0x417808 LoadIconW
0x41780c LoadBitmapW
0x417810 LoadImageW
0x417814 IsIconic
0x417818 IsZoomed
0x41781c FlashWindow
0x417824 GetWindowPlacement
0x417828 DrawMenuBar
0x41782c EnableMenuItem
0x417830 GetDesktopWindow
0x417834 CreateDialogParamW
0x417838 GetDlgItem
0x41783c SetWindowRgn
0x417840 DestroyIcon
0x417844 DrawTextW
0x417848 CopyRect
0x41784c DrawStateW
0x417850 OffsetRect
0x417854 SetRectEmpty
0x417858 DrawFocusRect
0x41785c DrawFrameControl
0x417860 DrawIconEx
0x417864 DestroyCursor
0x417868 GetMenuState
0x41786c GetMenuItemID
0x417870 GetSubMenu
0x417874 GetSysColorBrush
0x417878 CheckMenuItem
0x41787c CheckMenuRadioItem
0x417880 SetMenuItemInfoW
0x417884 SetRect
0x417888 DrawEdge
0x41788c DestroyMenu
0x417890 CreatePopupMenu
0x417894 InsertMenuW
0x417898 InsertMenuItemW
0x41789c RemoveMenu
0x4178a0 ModifyMenuW
0x4178a4 CreateMenu
0x4178b4 UnionRect
0x4178b8 GetDialogBaseUnits
0x4178bc GetDoubleClickTime
0x4178cc MessageBeep
0x4178d0 GetClassNameW
0x4178d4 GetWindowTextW
0x4178d8 GetMessageW
0x4178dc ValidateRect
0x4178e0 PostThreadMessageW
0x4178e4 BeginPaint
0x4178e8 EndPaint
0x4178ec GetWindowDC
0x4178f8 FindWindowExW
0x4178fc IsRectEmpty
0x417900 ValidateRgn
0x417908 ShowCursor
0x41790c AdjustWindowRectEx
0x417914 WaitForInputIdle
0x417918 ExitWindowsEx
0x41791c KillTimer
0x417920 SetTimer
0x417924 DdeFreeStringHandle
0x417928 DdeUninitialize
0x41792c DdeQueryStringW
0x417930 DdeFreeDataHandle
0x417934 DdeGetData
0x417938 DdeCreateDataHandle
0x41793c DdeGetLastError
0x417940 DdeInitializeW
0x417944 DdeDisconnect
0x417950 DdeNameService
0x417954 DdeConnect
0x417958 DdePostAdvise
0x41795c SetActiveWindow
0x417960 BringWindowToTop
0x417964 SetWindowPos
0x417968 EnableWindow
0x41796c UpdateWindow
0x417970 DestroyWindow
0x417974 AttachThreadInput
0x417978 ShowWindow
0x41797c SetForegroundWindow
0x417984 IsWindowVisible
0x417988 GetForegroundWindow
0x41798c ReleaseDC
0x417990 GetDC
0x417994 AppendMenuW
0x417998 GetSystemMenu
0x41799c wsprintfW
0x4179a0 IsProcessDPIAware
0x4179a8 GetKeyState
0x4179ac SetWindowsHookExW
0x4179b0 SetWindowLongW
0x4179b4 GetWindowLongW
0x4179b8 UnhookWindowsHookEx
0x4179c0 SetWindowTextW
0x4179c4 GetSystemMetrics
0x4179c8 SetCursor
0x4179cc HideCaret
0x4179d0 LoadCursorW
0x4179d4 RegisterClassW
0x4179d8 UnregisterClassW
0x4179dc PeekMessageW
0x4179e4 MessageBoxW
0x4179e8 CallNextHookEx
0x4179ec CloseClipboard
0x4179f0 EmptyClipboard
0x4179f4 GetClipboardData
0x4179f8 OpenClipboard
0x4179fc SetMenu
0x417a00 GetWindowRect
0x417a04 SendMessageW
0x417a08 PostMessageW
0x417a0c keybd_event
0x417a10 LoadIconA
0x417a18 IsCharAlphaW
0x417a1c OpenIcon
0x417a20 CharNextA
0x417a24 OemKeyScan
0x417a28 GetMenu
0x417a2c EndMenu
0x417a30 GetClipboardOwner
0x417a34 GetTopWindow
0x417a38 IsCharLowerW
0x417a3c GetKeyboardLayout
0x417a40 IsCharAlphaNumericA
0x417a44 IsWindowUnicode
0x417a48 InSendMessage
0x417a4c CharLowerW
0x417a50 GetKBCodePage
0x417a54 GetMessageExtraInfo
0x417a58 PaintDesktop
0x417a5c IsCharAlphaNumericW
0x417a60 GetDlgCtrlID
0x417a64 GetCaretBlinkTime
0x417a6c GetQueueStatus
0x417a70 CloseDesktop
0x417a74 GetListBoxInfo
0x417a78 CloseWindowStation
0x417a88 CharUpperW
0x417a8c GetClipboardViewer
0x417a90 GetThreadDesktop
0x417a94 IsCharAlphaA
0x417a98 LoadCursorFromFileA
0x417a9c IsMenu
0x417aa0 IsCharLowerA
0x417aa8 VkKeyScanA
0x417aac CloseWindow
0x417ab4 WindowFromDC
0x417ab8 AnyPopup
0x417ac0 IsGUIThread
0x417ac4 LoadCursorFromFileW
0x417ac8 CopyIcon
0x417acc GetLastActivePopup
0x417ad0 CharUpperA
0x417ad4 GetInputState
0x417ad8 CharLowerA
0x417adc GetCursor
0x417ae0 IsCharUpperW
0x417ae4 CharNextW
0x417ae8 ShowCaret
0x417af0 GetKeyboardType
0x417af4 GetShellWindow
0x417af8 IsCharUpperA
Library GDI32.dll:
0x417b00 GetStockObject
0x417b04 CreatePatternBrush
0x417b08 DeleteDC
0x417b0c DeleteColorSpace
0x417b10 GetROP2
0x417b14 GetMapMode
0x417b18 GetDCBrushColor
0x417b1c WidenPath
0x417b20 AddFontResourceW
0x417b24 GetBkMode
0x417b2c DeleteMetaFile
0x417b30 GetDCPenColor
0x417b34 EndPage
0x417b38 GdiFlush
0x417b3c CancelDC
0x417b40 SwapBuffers
0x417b44 GetSystemPaletteUse
0x417b48 CloseFigure
0x417b50 AddFontResourceA
0x417b54 UpdateColors
0x417b58 GetEnhMetaFileA
0x417b5c EndDoc
0x417b60 DeleteEnhMetaFile
0x417b64 CreateCompatibleDC
0x417b68 CloseEnhMetaFile
0x417b6c GdiGetBatchLimit
0x417b70 EndPath
0x417b74 PathToRegion
0x417b78 CreateMetaFileW
0x417b7c GetTextColor
0x417b80 GetColorSpace
0x417b84 GetEnhMetaFileW
0x417b88 GetBkColor
0x417b8c CreateMetaFileA
0x417b90 StrokePath
0x417b94 UnrealizeObject
0x417b98 SaveDC
0x417b9c CreateSolidBrush
0x417ba0 RealizePalette
0x417ba4 GetLayout
0x417ba8 GetGraphicsMode
0x417bac SetMetaRgn
0x417bb0 CloseMetaFile
0x417bb4 AbortPath
0x417bb8 GetObjectType
0x417bbc GetStretchBltMode
0x417bc0 DeleteObject
0x417bc4 GetTextCharset
0x417bc8 GetPixelFormat
0x417bcc GetPolyFillMode
0x417bd0 BeginPath
0x417bd4 GetFontLanguageInfo
0x417bd8 AbortDoc
0x417bdc FillPath
0x417be0 FlattenPath
0x417be4 GetTextAlign
Library ADVAPI32.dll:
0x417bec RegOpenKeyA
0x417bf0 GetUserNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49238 239.255.255.250 1900
192.168.56.101 49714 239.255.255.250 3702
192.168.56.101 53658 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.