SmartHawk

2.6

中危

该样本未表现出任何异常！

279ca284b5ad96e86ea7e6ee983be21d2a948357b2d9cac82633307975ea05d2

7f5d45905869075ce57a2ffd4c5bf18b.exe

分析耗时

85s

最近分析

文件大小

3.3MB

静态报毒动态报毒

未检测暂无鹰眼引擎检测结果

未检测暂无反病毒引擎检测结果

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

_RDATA

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.6459253319615375

section

{'size_of_data': '0x001c1600', 'virtual_address': '0x0017c000', 'entropy': 7.6459253319615375, 'name': '.rdata', 'virtual_size': '0x001c154e'}

description

A section with a high entropy has been found

entropy

0.5252776154295733

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)

dead_host	172.217.24.14:443
dead_host	172.217.160.78:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-05-02 02:03:06

Imports

Library WSOCK32.dll:

• 0x14017c898 WSAStartup

• 0x14017c8a0 bind

• 0x14017c8a8 WSAGetLastError

• 0x14017c8b0 WSACleanup

• 0x14017c8b8 __WSAFDIsSet

• 0x14017c8c0 socket

• 0x14017c8c8 setsockopt

• 0x14017c8d0 select

• 0x14017c8d8 ntohs

• 0x14017c8e0 ntohl

• 0x14017c8e8 htons

• 0x14017c8f0 htonl

• 0x14017c8f8 getsockname

• 0x14017c900 inet_ntoa

• 0x14017c908 closesocket

Library WS2_32.dll:

• 0x14017c880 WSASendTo

• 0x14017c888 WSARecvFrom

Library WINMM.dll:

• 0x14017c838 timeEndPeriod

• 0x14017c840 joyGetDevCapsW

• 0x14017c848 timeBeginPeriod

• 0x14017c850 joyGetPosEx

• 0x14017c858 timeGetDevCaps

• 0x14017c860 timeGetTime

Library GDI32.dll:

• 0x14017c058 GetDeviceCaps

• 0x14017c060 SwapBuffers

• 0x14017c068 SetPixelFormat

• 0x14017c070 GetPixelFormat

• 0x14017c078 DescribePixelFormat

• 0x14017c080 ChoosePixelFormat

Library OPENGL32.dll:

• 0x14017c5a8 glGetTexImage

• 0x14017c5b0 glLoadIdentity

• 0x14017c5b8 glLoadMatrixf

• 0x14017c5c0 glMatrixMode

• 0x14017c5c8 glTexImage2D

• 0x14017c5d0 glTexParameteri

• 0x14017c5d8 glBindTexture

• 0x14017c5e0 glDeleteTextures

• 0x14017c5e8 glGenTextures

• 0x14017c5f0 glTexSubImage2D

• 0x14017c5f8 glBlendFunc

• 0x14017c600 glClear

• 0x14017c608 glClearColor

• 0x14017c610 glDisable

• 0x14017c618 glEnable

• 0x14017c620 glGetIntegerv

• 0x14017c628 glViewport

• 0x14017c630 glColorPointer

• 0x14017c638 glDisableClientState

• 0x14017c640 glDrawArrays

• 0x14017c648 glEnableClientState

• 0x14017c650 glTexCoordPointer

• 0x14017c658 glVertexPointer

• 0x14017c660 glGetError

• 0x14017c668 glGetString

• 0x14017c670 glIsEnabled

• 0x14017c678 wglCreateContext

• 0x14017c680 wglDeleteContext

• 0x14017c688 wglGetProcAddress

• 0x14017c690 wglMakeCurrent

• 0x14017c698 wglShareLists

• 0x14017c6a0 glFlush

Library ADVAPI32.dll:

• 0x14017c000 RegQueryValueExW

• 0x14017c008 RegOpenKeyExW

• 0x14017c010 SystemFunction036

• 0x14017c018 RegSetKeyValueA

• 0x14017c020 RegOpenKeyA

• 0x14017c028 RegDeleteValueA

• 0x14017c030 RegCloseKey

• 0x14017c038 GetTokenInformation

• 0x14017c040 OpenProcessToken

• 0x14017c048 RegGetValueA

Library KERNEL32.dll:

• 0x14017c090 HeapFree

• 0x14017c098 GetCommandLineW

• 0x14017c0a0 GetCommandLineA

• 0x14017c0a8 ReadFile

• 0x14017c0b0 HeapAlloc

• 0x14017c0b8 SetStdHandle

• 0x14017c0c0 GetModuleHandleExW

• 0x14017c0c8 ExitProcess

• 0x14017c0d0 RtlUnwind

• 0x14017c0d8 RtlUnwindEx

• 0x14017c0e0 RaiseException

• 0x14017c0e8 RtlPcToFileHeader

• 0x14017c0f0 GetDateFormatW

• 0x14017c0f8 GetTimeFormatW

• 0x14017c100 IsValidLocale

• 0x14017c108 GetUserDefaultLCID

• 0x14017c110 EnumSystemLocalesW

• 0x14017c118 FlushFileBuffers

• 0x14017c120 GetConsoleCP

• 0x14017c128 GetFileSizeEx

• 0x14017c130 GetFileType

• 0x14017c138 ReadConsoleW

• 0x14017c140 ReleaseSemaphore

• 0x14017c148 DuplicateHandle

• 0x14017c150 GetTimeZoneInformation

• 0x14017c158 GetVersionExW

• 0x14017c160 LoadLibraryExW

• 0x14017c168 GetModuleFileNameW

• 0x14017c170 FreeLibraryAndExitThread

• 0x14017c178 GetThreadTimes

• 0x14017c180 GetCurrentThread

• 0x14017c188 UnregisterWait

• 0x14017c190 RegisterWaitForSingleObject

• 0x14017c198 SetThreadAffinityMask

• 0x14017c1a0 GetProcessAffinityMask

• 0x14017c1a8 GetNumaHighestNodeNumber

• 0x14017c1b0 DeleteTimerQueueTimer

• 0x14017c1b8 ChangeTimerQueueTimer

• 0x14017c1c0 CreateTimerQueueTimer

• 0x14017c1c8 GetLogicalProcessorInformation

• 0x14017c1d0 GetThreadPriority

• 0x14017c1d8 SetThreadPriority

• 0x14017c1e0 CreateThread

• 0x14017c1e8 SignalObjectAndWait

• 0x14017c1f0 CreateTimerQueue

• 0x14017c1f8 InitializeSListHead

• 0x14017c200 GetStartupInfoW

• 0x14017c208 IsDebuggerPresent

• 0x14017c210 IsProcessorFeaturePresent

• 0x14017c218 SetUnhandledExceptionFilter

• 0x14017c220 UnhandledExceptionFilter

• 0x14017c228 RtlVirtualUnwind

• 0x14017c230 RtlLookupFunctionEntry

• 0x14017c238 RtlCaptureContext

• 0x14017c240 ResetEvent

• 0x14017c248 SetEvent

• 0x14017c250 GetCPInfo

• 0x14017c258 GetLocaleInfoW

• 0x14017c260 LCMapStringW

• 0x14017c268 CompareStringW

• 0x14017c270 DecodePointer

• 0x14017c278 HeapReAlloc

• 0x14017c280 IsValidCodePage

• 0x14017c288 GetACP

• 0x14017c290 GetOEMCP

• 0x14017c298 GetEnvironmentStringsW

• 0x14017c2a0 FreeEnvironmentStringsW

• 0x14017c2a8 SetEnvironmentVariableW

• 0x14017c2b0 GetProcessHeap

• 0x14017c2b8 HeapSize

• 0x14017c2c0 ReadProcessMemory

• 0x14017c2c8 CloseHandle

• 0x14017c2d0 GetLastError

• 0x14017c2d8 Sleep

• 0x14017c2e0 CreateProcessA

• 0x14017c2e8 OpenProcess

• 0x14017c2f0 GetCurrentProcess

• 0x14017c2f8 GetExitCodeProcess

• 0x14017c300 MultiByteToWideChar

• 0x14017c308 WideCharToMultiByte

• 0x14017c310 WaitForSingleObject

• 0x14017c318 TerminateProcess

• 0x14017c320 CreateRemoteThread

• 0x14017c328 SuspendThread

• 0x14017c330 ResumeThread

• 0x14017c338 GetThreadContext

• 0x14017c340 VirtualAllocEx

• 0x14017c348 WriteProcessMemory

• 0x14017c350 AssignProcessToJobObject

• 0x14017c358 SetInformationJobObject

• 0x14017c360 GetModuleHandleA

• 0x14017c368 GetProcAddress

• 0x14017c370 LoadLibraryA

• 0x14017c378 FormatMessageA

• 0x14017c380 CreateJobObjectA

• 0x14017c388 K32GetProcessImageFileNameA

• 0x14017c390 QueryPerformanceCounter

• 0x14017c398 QueryPerformanceFrequency

• 0x14017c3a0 GetSystemTimeAsFileTime

• 0x14017c3a8 SystemTimeToFileTime

• 0x14017c3b0 GetModuleFileNameA

• 0x14017c3b8 GetFileAttributesA

• 0x14017c3c0 GetCurrentProcessId

• 0x14017c3c8 GetCurrentThreadId

• 0x14017c3d0 GetDynamicTimeZoneInformation

• 0x14017c3d8 GetStdHandle

• 0x14017c3e0 WriteFile

• 0x14017c3e8 GetConsoleMode

• 0x14017c3f0 WriteConsoleA

• 0x14017c3f8 GetConsoleScreenBufferInfo

• 0x14017c400 SetConsoleTextAttribute

• 0x14017c408 InitializeCriticalSection

• 0x14017c410 EnterCriticalSection

• 0x14017c418 LeaveCriticalSection

• 0x14017c420 GetSystemInfo

• 0x14017c428 VirtualAlloc

• 0x14017c430 VirtualProtect

• 0x14017c438 VirtualFree

• 0x14017c440 CreateFileA

• 0x14017c448 GetFileSize

• 0x14017c450 MapViewOfFile

• 0x14017c458 UnmapViewOfFile

• 0x14017c460 CreateFileMappingA

• 0x14017c468 WriteConsoleW

• 0x14017c470 GetModuleHandleW

• 0x14017c478 FormatMessageW

• 0x14017c480 FreeLibrary

• 0x14017c488 LoadLibraryW

• 0x14017c490 LocalFree

• 0x14017c498 DeleteCriticalSection

• 0x14017c4a0 GetVersion

• 0x14017c4a8 TlsAlloc

• 0x14017c4b0 TlsGetValue

• 0x14017c4b8 TlsSetValue

• 0x14017c4c0 TlsFree

• 0x14017c4c8 EncodePointer

• 0x14017c4d0 GetTickCount

• 0x14017c4d8 CreateEventW

• 0x14017c4e0 InitializeCriticalSectionAndSpinCount

• 0x14017c4e8 GetStringTypeW

• 0x14017c4f0 TryEnterCriticalSection

• 0x14017c4f8 GetExitCodeThread

• 0x14017c500 SwitchToThread

• 0x14017c508 WaitForSingleObjectEx

• 0x14017c510 SetLastError

• 0x14017c518 AreFileApisANSI

• 0x14017c520 SetFilePointerEx

• 0x14017c528 SetEndOfFile

• 0x14017c530 RemoveDirectoryW

• 0x14017c538 GetFileInformationByHandle

• 0x14017c540 GetFileAttributesExW

• 0x14017c548 FindNextFileW

• 0x14017c550 FindFirstFileExW

• 0x14017c558 FindClose

• 0x14017c560 DeleteFileW

• 0x14017c568 CreateFileW

• 0x14017c570 CreateDirectoryW

• 0x14017c578 InterlockedPushEntrySList

• 0x14017c580 InterlockedFlushSList

• 0x14017c588 QueryDepthSList

• 0x14017c590 UnregisterWaitEx

• 0x14017c598 InterlockedPopEntrySList

Library USER32.dll:

• 0x14017c6b0 ReleaseDC

• 0x14017c6b8 GetDC

• 0x14017c6c0 EnumDisplaySettingsW

• 0x14017c6c8 ScreenToClient

• 0x14017c6d0 GetCursorPos

• 0x14017c6d8 SetWindowLongA

• 0x14017c6e0 GetWindowLongA

• 0x14017c6e8 ShowWindow

• 0x14017c6f0 MessageBoxA

• 0x14017c6f8 LoadCursorW

• 0x14017c700 CreateWindowExA

• 0x14017c708 DestroyWindow

• 0x14017c710 TrackMouseEvent

• 0x14017c718 TranslateMessage

• 0x14017c720 DispatchMessageW

• 0x14017c728 PeekMessageW

• 0x14017c730 SendMessageW

• 0x14017c738 RegisterDeviceNotificationW

• 0x14017c740 DefWindowProcW

• 0x14017c748 CallWindowProcW

• 0x14017c750 RegisterClassW

• 0x14017c758 UnregisterClassW

• 0x14017c760 CreateWindowExW

• 0x14017c768 FlashWindowEx

• 0x14017c770 SetWindowPos

• 0x14017c778 GetKeyState

• 0x14017c780 MapVirtualKeyW

• 0x14017c788 GetCapture

• 0x14017c790 SetCapture

• 0x14017c798 ReleaseCapture

• 0x14017c7a0 GetForegroundWindow

• 0x14017c7a8 SetForegroundWindow

• 0x14017c7b0 ChangeDisplaySettingsW

• 0x14017c7b8 DestroyIcon

• 0x14017c7c0 CreateIcon

• 0x14017c7c8 GetWindowThreadProcessId

• 0x14017c7d0 SetWindowLongPtrW

• 0x14017c7d8 GetWindowLongPtrW

• 0x14017c7e0 SetWindowLongW

• 0x14017c7e8 GetWindowLongW

• 0x14017c7f0 ClipCursor

• 0x14017c7f8 MapWindowPoints

• 0x14017c800 SetCursor

• 0x14017c808 ShowCursor

• 0x14017c810 AdjustWindowRect

• 0x14017c818 GetWindowRect

• 0x14017c820 GetClientRect

• 0x14017c828 SetWindowTextW

Library WINTRUST.dll:

• 0x14017c870 WinVerifyTrust

Library dwmapi.dll:

• 0x14017c918 DwmExtendFrameIntoClientArea

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
clients2.google.com	A 172.217.160.78 CNAME clients.l.google.com	142.250.66.110
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50568	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	63429	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	50002	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57756	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	60384	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	62912	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.