2.4
中危
2 个模型检测该样本为恶意!
重新分析
更多

d4fe6f544fdf7cd9cae5ab5082f4452a182680b6f6515a85936ff323c50180fd

7c9cb5604b755ed3d3f47c6f1198bbc8.exe

分析耗时

87s

最近分析

文件大小

175.0KB
静态报毒 动态报毒 CONFIDENCE
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20201029 6.0.6.653
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20201029 18.4.3895.0
Kingsoft 20201029 2013.8.14.323
Tencent 20201029 1.0.0.1
静态指标
行为判定
动态指标
File has been identified by 2 AntiVirus engines on VirusTotal as malicious (2 个事件)
CrowdStrike win/malicious_confidence_60% (W)
APEX Malicious
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-01-04 03:13:08

Imports

Library KERNEL32.dll:
0x40700c LoadLibraryA
0x407010 lstrcpyA
0x407014 lstrcatA
0x407018 lstrlenA
0x40701c GetSystemDirectoryA
0x407020 GetProcAddress
0x407024 GetModuleHandleA
0x407028 _lclose
0x40702c GetModuleFileNameA
0x407030 _lread
0x407034 _llseek
0x407038 _lopen
0x40703c _lwrite
0x407040 _lcreat
0x407044 CreateDirectoryA
0x40704c GetDiskFreeSpaceA
0x407050 GetFileAttributesA
0x407054 CompareStringA
0x407058 DeleteFileA
0x40705c GetTempPathA
0x407064 CloseHandle
0x407068 GetExitCodeProcess
0x40706c GetLastError
0x407070 LocalFree
0x407074 GetCurrentProcess
0x407078 MoveFileExA
0x40707c GetStringTypeW
0x407080 MultiByteToWideChar
0x407084 LCMapStringW
0x407088 HeapReAlloc
0x40708c RtlUnwind
0x407090 HeapSize
0x407094 Sleep
0x407098 RemoveDirectoryA
0x40709c FreeLibrary
0x4070a0 IsValidCodePage
0x4070a4 GetOEMCP
0x4070a8 GetModuleHandleW
0x4070ac ExitProcess
0x4070b0 DecodePointer
0x4070b4 HeapFree
0x4070b8 HeapAlloc
0x4070bc GetCommandLineA
0x4070c0 HeapSetInformation
0x4070c4 GetStartupInfoW
0x4070d8 EncodePointer
0x4070dc LoadLibraryW
0x4070e8 IsDebuggerPresent
0x4070ec TerminateProcess
0x4070f0 TlsAlloc
0x4070f4 TlsGetValue
0x4070f8 TlsSetValue
0x4070fc TlsFree
0x407104 SetLastError
0x407108 GetCurrentThreadId
0x407110 WriteFile
0x407114 GetStdHandle
0x407118 GetModuleFileNameW
0x407120 HeapCreate
0x407128 WideCharToMultiByte
0x407130 SetHandleCount
0x407134 GetFileType
0x40713c GetTickCount
0x407140 GetCurrentProcessId
0x407148 GetCPInfo
0x40714c GetACP
Library USER32.dll:
0x40715c TranslateMessage
0x407160 DispatchMessageA
0x407164 PeekMessageA
0x407168 wsprintfA
0x40716c LoadCursorA
0x407170 SetCursor
0x407174 MessageBoxA
Library ADVAPI32.dll:
0x407000 GetTokenInformation
0x407004 OpenProcessToken
Library SHELL32.dll:
0x407154 ShellExecuteExA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.