1.6
低危

034eca579f68b44f8f41294d8c9dac96f032c57dee0877095da47913060dff84

77e556cdfdc5c592f5c46db4127c6f4c.exe

分析耗时

19s

最近分析

文件大小

283.0KB
静态报毒 动态报毒 MALICIOUS
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20210504 6.0.6.653
CrowdStrike 20210203 1.0
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20210512 21.1.5827.0
Tencent 20210512 1.0.0.1
Kingsoft 20210512 2017.9.26.565
静态指标
Command line console output was observed (4 个事件)
Time & API Arguments Status Return Repeated
1620946609.1183
WriteConsoleA
buffer: 7-Zip 18.05 (x86) : Copyright (c) 1999-2018 Igor Pavlov : 2018-04-30
console_handle: 0x00000007
success 1 0
1620946609.1183
WriteConsoleA
buffer: Usage: 7z <command> [<switches>...] <archive_name> [<file_names>...] <Commands> a : Add files to archive b : Benchmark d : Delete files from archive e : Extract files from archive (without using directory names) h : Calculate hash values for files i : Show information about supported formats l : List contents of archive rn : Rename files in archive t : Test integrity of archive u : Update files to archive x : eXtract files with full paths <Switches> -- : Stop switches parsing @listfile : set path to listfile that contains file names -ai[r[-|0]]{@listfile|!wildcard} : Include archives -ax[r[-|0]]{@listfile|!wildcard} : eXclude archives -ao{a|s|t|u} : set Overwrite mode -an : disable archive_name field -bb[0-3] : set output log level -bd : disable progress indicator -bs{o|e|p}{0|1|2} : set output stream for output/error/progress line -bt : show execution time statistics -i[r[-|0]]{@listfile|!wildcard} : Include filenames -m{Parameters} :
console_handle: 0x00000007
success 1 0
1620946609.1343
WriteConsoleA
buffer: set compression Method -mmt[N] : set number of CPU threads -mx[N] : set compression level: -mx1 (fastest) ... -mx9 (ultra) -o{Directory} : set Output directory -p{Password} : set Password -r[-|0] : Recurse subdirectories -sa{a|e|s} : set Archive name mode -scc{UTF-8|WIN|DOS} : set charset for for console input/output -scs{UTF-8|UTF-16LE|UTF-16BE|WIN|DOS|{id}} : set charset for list files -scrc[CRC32|CRC64|SHA1|SHA256|*] : set hash function for x, e, h commands -sdel : delete files after compression -seml[.] : send archive by email -sfx[{name}] : Create SFX archive -si[{name}] : read data from stdin -slp : set Large Pages mode -slt : show technical information for l (List) command -snh : store hard links as links -snl : store symbolic links as links -sni : store NT security information -sns[-] : store NTFS alternate streams -so : write data to stdout -spd : disable wildcard matching for file names -spe : eliminate duplication of root folder
console_handle: 0x00000007
success 1 0
1620946609.1653
WriteConsoleA
buffer: for extract command -spf : use fully qualified file paths -ssc[-] : set sensitive case mode -sse : stop archive creating, if it can't open some input file -ssw : compress shared files -stl : set archive timestamp from the most recently modified file -stm{HexMask} : set CPU thread affinity mask (hexadecimal number) -stx{Type} : exclude archive type -t{Type} : Set type of archive -u[-][p#][q#][r#][x#][y#][z#][!newArchiveName] : Update options -v{Size}[b|k|m|g] : Create volumes -w[{path}] : assign Work directory. Empty path means a temporary directory -x[r[-|0]]{@listfile|!wildcard} : eXclude filenames -y : assume Yes on all queries
console_handle: 0x00000007
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .sxdata
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2018-04-30 20:00:00

Imports

Library OLEAUT32.dll:
0x4381e8 VariantCopy
0x4381ec SysAllocStringLen
0x4381f0 SysFreeString
0x4381f4 SysStringByteLen
0x4381f8 SysStringLen
0x4381fc VariantClear
0x438200 SysAllocString
Library USER32.dll:
0x438208 CharUpperW
Library ADVAPI32.dll:
0x438000 OpenProcessToken
0x438004 GetFileSecurityW
0x438008 SetFileSecurityW
0x43800c RegQueryValueExW
0x438010 RegCloseKey
0x438014 RegOpenKeyExW
Library MSVCRT.dll:
0x438148 _controlfp
0x43814c __set_app_type
0x438150 __p__fmode
0x438154 __p__commode
0x438158 _adjust_fdiv
0x43815c __setusermatherr
0x438160 _initterm
0x438164 __getmainargs
0x438168 __p___initenv
0x43816c exit
0x438170 _XcptFilter
0x438174 _exit
0x438178 _onexit
0x43817c __dllonexit
0x438184 ?terminate@@YAXXZ
0x438188 _except_handler3
0x43818c _beginthreadex
0x438190 memcmp
0x438194 _purecall
0x438198 strlen
0x43819c memset
0x4381a0 wcscmp
0x4381a4 wcsstr
0x4381a8 strcmp
0x4381ac memmove
0x4381b0 fputs
0x4381b4 fputc
0x4381b8 fflush
0x4381bc fgetc
0x4381c0 fclose
0x4381c4 _iob
0x4381c8 free
0x4381cc _CxxThrowException
0x4381d0 malloc
0x4381d4 memcpy
0x4381d8 __CxxFrameHandler
0x4381dc _isatty
0x4381e0 _fileno
Library KERNEL32.dll:
0x438024 WaitForSingleObject
0x438028 SetEvent
0x438030 VirtualAlloc
0x438034 SetConsoleMode
0x438038 GetConsoleMode
0x43803c GetVersionExW
0x438040 SetFileApisToOEM
0x438044 GetCommandLineW
0x438060 GetProcessTimes
0x438064 OpenEventW
0x438068 OpenFileMappingW
0x43806c MapViewOfFile
0x438070 UnmapViewOfFile
0x438078 GetStdHandle
0x438084 GlobalMemoryStatus
0x438088 GetSystemInfo
0x438098 CompareFileTime
0x43809c GetCurrentProcess
0x4380a0 GetDiskFreeSpaceW
0x4380a8 SetEndOfFile
0x4380ac WriteFile
0x4380b0 ReadFile
0x4380b4 DeviceIoControl
0x4380b8 SetFilePointer
0x4380bc GetFileSize
0x4380c4 GetLastError
0x4380c8 MultiByteToWideChar
0x4380cc WideCharToMultiByte
0x4380d0 FreeLibrary
0x4380d4 LoadLibraryExW
0x4380d8 LoadLibraryW
0x4380dc GetModuleFileNameW
0x4380e0 LocalFree
0x4380e4 FormatMessageW
0x4380e8 GetFileAttributesW
0x4380ec CloseHandle
0x4380f0 SetFileTime
0x4380f4 CreateFileW
0x4380f8 SetFileAttributesW
0x4380fc RemoveDirectoryW
0x438100 MoveFileW
0x438104 GetProcAddress
0x438108 GetModuleHandleW
0x43810c CreateDirectoryW
0x438110 DeleteFileW
0x438114 SetLastError
0x438120 GetTempPathW
0x438124 GetCurrentProcessId
0x438128 GetTickCount
0x43812c GetCurrentThreadId
0x438130 FindClose
0x438134 FindFirstFileW
0x438138 FindNextFileW
0x43813c GetModuleHandleA
0x438140 VirtualFree

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49238 239.255.255.250 1900
192.168.56.101 50003 239.255.255.250 3702
192.168.56.101 50005 239.255.255.250 3702
192.168.56.101 50007 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.