SmartHawk

2.8

中危

该样本未表现出任何异常！

037fdadb6b7379f6f89ef9ab42f252999c7773189be9de0911c01b3188e34d55

79ad4d6a8bac528d5a82b967045207be.exe

分析耗时

83s

最近分析

文件大小

2.0MB

静态报毒动态报毒

未检测暂无鹰眼引擎检测结果

未检测暂无反病毒引擎检测结果

This executable has a PDB path (1 个事件)

pdb_path

C:\Jenkins\jobs\miktex-2.9\workspace\build-x86\binlib\miktex-mpost.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)

section	.gfids
section	.00cfg
section	gu\xbc\xd8\xa3u\xa0

The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)

entropy

6.934501188985568

section

{'size_of_data': '0x00004200', 'virtual_address': '0x00201000', 'entropy': 6.934501188985568, 'name': 'gu\\xbc\\xd8\\xa3u\\xa0', 'virtual_size': '0x00005000'}

description

A section with a high entropy has been found

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)

dead_host	172.217.24.14:443
dead_host	172.217.160.110:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2016-08-09 03:08:44

Imports

Library MiKTeX209-utf8wrap.dll:

• 0x5f0328 miktex_utf8_remove

• 0x5f032c miktex_utf8_rename

• 0x5f0330 miktex_utf8_putc

• 0x5f0334 miktex_utf8__access

• 0x5f0338 miktex_utf8_system

• 0x5f033c miktex_utf8__stat64i32

• 0x5f0340 miktex_utf8_getenv

• 0x5f0344 miktex_utf8__getcwd

• 0x5f0348 miktex_utf8__spawnvp

• 0x5f034c miktex_utf8_fopen

Library MiKTeX209-kpathsea.dll:

• 0x5f021c miktex_kpathsea_var_value

• 0x5f0220 miktex_concatn

• 0x5f0224 miktex_kpathsea_in_name_ok

• 0x5f0228 miktex_kpathsea_find_file

• 0x5f022c miktex_kpathsea_set_program_enabled

• 0x5f0230 miktex_kpathsea_set_program_name

• 0x5f0234 miktex_kpathsea_absolute_p

• 0x5f0238 miktex_kpse_def

• 0x5f023c miktex_kpathsea_version_string

• 0x5f0240 miktex_kpse_def_inst

• 0x5f0244 miktex_xfopen

• 0x5f0248 miktex_xbasename

• 0x5f024c miktex_kpathsea_out_name_ok

Library MiKTeX209-app.dll:

• 0x5f00a0 ?Sorry@Application@App@MiKTeX@@SAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVMiKTeXException@Core@3@@Z

• 0x5f00a4 ?Finalize@Application@App@MiKTeX@@UAEXXZ

• 0x5f00a8 ?Init@Application@App@MiKTeX@@UAEXAAV?$vector@PADV?$allocator@PAD@std@@@std@@@Z

• 0x5f00ac ?Sorry@Application@App@MiKTeX@@SAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVexception@5@@Z

• 0x5f00b0 ??1Application@App@MiKTeX@@UAE@XZ

• 0x5f00b4 ??0Application@App@MiKTeX@@QAE@XZ

Library MiKTeX209-getopt.dll:

• 0x5f01e4 getopt_long_only

• 0x5f01e8 MIKTEX_GETOPT_optarg

• 0x5f01ec MIKTEX_GETOPT_optind

Library MiKTeX209-unxemu.dll:

• 0x5f02f0 closedir

• 0x5f02f4 opendir

• 0x5f02f8 readdir

Library MiKTeX209-core.dll:

• 0x5f01a8 miktex_pathcmp

• 0x5f01ac miktex_core_malloc

• 0x5f01b0 miktex_core_strdup

• 0x5f01b4 miktex_exit

Library MiKTeX209-util.dll:

• 0x5f0384 ?WideCharToUTF8@StringUtil@Util@MiKTeX@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PB_W@Z

Library MiKTeX209-cairo.dll:

• 0x5f00e8 cairo_image_surface_get_data

• 0x5f00ec cairo_image_surface_get_height

• 0x5f00f0 cairo_matrix_init

• 0x5f00f4 cairo_image_surface_get_width

• 0x5f00f8 cairo_image_surface_create

• 0x5f00fc cairo_transform

• 0x5f0100 cairo_surface_flush

• 0x5f0104 cairo_surface_destroy

• 0x5f0108 cairo_clip

• 0x5f010c cairo_fill

• 0x5f0110 cairo_stroke

• 0x5f0114 cairo_close_path

• 0x5f0118 cairo_rectangle

• 0x5f011c cairo_curve_to

• 0x5f0120 cairo_line_to

• 0x5f0124 cairo_move_to

• 0x5f0128 cairo_new_path

• 0x5f012c cairo_set_line_width

• 0x5f0130 cairo_scale

• 0x5f0134 cairo_translate

• 0x5f0138 cairo_set_miter_limit

• 0x5f013c cairo_version_string

• 0x5f0140 cairo_create

• 0x5f0144 cairo_destroy

• 0x5f0148 cairo_save

• 0x5f014c cairo_restore

• 0x5f0150 cairo_set_source_rgb

• 0x5f0154 cairo_set_antialias

• 0x5f0158 cairo_set_dash

• 0x5f015c cairo_set_line_cap

• 0x5f0160 cairo_set_line_join

Library MiKTeX209-zlib.dll:

• 0x5f03b4 zlibVersion

Library MiKTeX209-png.dll:

• 0x5f0284 png_write_png

• 0x5f0288 png_get_header_ver

• 0x5f028c png_create_write_struct

• 0x5f0290 png_create_info_struct

• 0x5f0294 png_destroy_write_struct

• 0x5f0298 png_set_filter

• 0x5f029c png_set_compression_level

• 0x5f02a0 png_set_write_fn

• 0x5f02a4 png_get_io_ptr

• 0x5f02a8 png_set_rows

• 0x5f02ac png_set_IHDR

• 0x5f02b0 png_set_pHYs

• 0x5f02b4 png_set_text

• 0x5f02b8 png_set_longjmp_fn

Library MSVCP140.dll:

• 0x5f0068 ?_Xout_of_range@std@@YAXPBD@Z

• 0x5f006c ?_Xlength_error@std@@YAXPBD@Z

• 0x5f0070 ?_Xbad_alloc@std@@YAXXZ

Library VCRUNTIME140.dll:

• 0x5f03e4 __CxxFrameHandler3

• 0x5f03e8 __std_type_info_destroy_list

• 0x5f03ec _except_handler4_common

• 0x5f03f0 __std_exception_destroy

• 0x5f03f4 __std_exception_copy

• 0x5f03f8 strchr

• 0x5f03fc strrchr

• 0x5f0400 strstr

• 0x5f0404 memset

• 0x5f0408 longjmp

• 0x5f040c _setjmp3

• 0x5f0410 memcpy

• 0x5f0414 memmove

• 0x5f0418 _CxxThrowException

Library api-ms-win-crt-stdio-l1-1-0.dll:

• 0x5f0684 _set_fmode

• 0x5f0688 getc

• 0x5f068c __stdio_common_vsscanf

• 0x5f0690 __p__commode

• 0x5f0694 ftell

• 0x5f0698 fseek

• 0x5f069c fputs

• 0x5f06a0 fopen

• 0x5f06a4 __acrt_iob_func

• 0x5f06a8 _fileno

• 0x5f06ac _close

• 0x5f06b0 fgetc

• 0x5f06b4 fflush

• 0x5f06b8 fclose

• 0x5f06bc fgets

• 0x5f06c0 puts

• 0x5f06c4 __stdio_common_vfprintf

• 0x5f06c8 ungetc

• 0x5f06cc __stdio_common_vfscanf

• 0x5f06d0 __stdio_common_vsprintf

• 0x5f06d4 _dup2

• 0x5f06d8 fwrite

• 0x5f06dc fread

• 0x5f06e0 feof

• 0x5f06e4 _dup

Library api-ms-win-crt-heap-l1-1-0.dll:

• 0x5f04ec malloc

• 0x5f04f0 free

• 0x5f04f4 _set_new_mode

• 0x5f04f8 calloc

• 0x5f04fc realloc

• 0x5f0500 _callnewh

Library api-ms-win-crt-convert-l1-1-0.dll:

• 0x5f0450 atoi

• 0x5f0454 strtol

• 0x5f0458 strtod

Library api-ms-win-crt-time-l1-1-0.dll:

• 0x5f0770 _time64

• 0x5f0774 _localtime64

Library api-ms-win-crt-string-l1-1-0.dll:

• 0x5f0728 _strdup

• 0x5f072c isspace

• 0x5f0730 isprint

• 0x5f0734 strncmp

• 0x5f0738 strncat

• 0x5f073c strncpy

Library api-ms-win-crt-math-l1-1-0.dll:

• 0x5f0564 _libm_sse2_atan_precise

• 0x5f0568 _libm_sse2_cos_precise

• 0x5f056c _libm_sse2_sin_precise

• 0x5f0570 _libm_sse2_sqrt_precise

• 0x5f0574 _except1

• 0x5f0578 _CIatan2

• 0x5f057c floor

• 0x5f0580 __setusermatherr

• 0x5f0584 _libm_sse2_log10_precise

• 0x5f0588 ceil

• 0x5f058c _libm_sse2_pow_precise

• 0x5f0590 modf

• 0x5f0594 _libm_sse2_exp_precise

• 0x5f0598 _libm_sse2_log_precise

Library api-ms-win-crt-runtime-l1-1-0.dll:

• 0x5f05d0 strerror

• 0x5f05d4 _errno

• 0x5f05d8 raise

• 0x5f05dc abort

• 0x5f05e0 terminate

• 0x5f05e4 _controlfp_s

• 0x5f05e8 _invalid_parameter_noinfo_noreturn

• 0x5f05ec _configure_narrow_argv

• 0x5f05f0 _initialize_narrow_environment

• 0x5f05f4 _initialize_onexit_table

• 0x5f05f8 _register_onexit_function

• 0x5f05fc _execute_onexit_table

• 0x5f0600 _crt_atexit

• 0x5f0604 _crt_at_quick_exit

• 0x5f0608 _cexit

• 0x5f060c _seh_filter_dll

• 0x5f0610 _set_app_type

• 0x5f0614 _seh_filter_exe

• 0x5f0618 _configure_wide_argv

• 0x5f061c _initialize_wide_environment

• 0x5f0620 _get_initial_wide_environment

• 0x5f0624 _initterm

• 0x5f0628 _initterm_e

• 0x5f062c exit

• 0x5f0630 _exit

• 0x5f0634 _register_thread_local_exe_atexit_callback

• 0x5f0638 __p___argc

• 0x5f063c __p___wargv

• 0x5f0640 _c_exit

Library api-ms-win-crt-environment-l1-1-0.dll:

• 0x5f0488 _putenv

• 0x5f048c getenv

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
clients2.google.com	A 172.217.160.110 CNAME clients.l.google.com	216.58.200.78
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	51808	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	60384	114.114.114.114	53
192.168.56.101	62912	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49713	224.0.0.252	5355
192.168.56.101	51378	224.0.0.252	5355
192.168.56.101	53237	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	58367	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	61680	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	62318	224.0.0.252	5355
192.168.56.101	65004	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.