SmartHawk

1.4

低危

该样本未表现出任何异常！

6d1de9c4388ad5b899e4407ef37a0205981e6a25dd1358e802c3ef73ac7b59a8

815358b451e36881cf568ec9068a5fab.exe

分析耗时

34s

最近分析

文件大小

2.1MB

静态报毒动态报毒

未检测暂无鹰眼引擎检测结果

未检测暂无反病毒引擎检测结果

This executable is signed

This executable has a PDB path (1 个事件)

pdb_path

e:\project\sogouime\branch\PinyinDev_R_8_1_NK\Bin\SogouPdb\SogouInput\userNetSchedule.pdb

Foreign language identified in PE resource (10 个事件)

name

RT_ICON

language

LANG_CHINESE

offset

0x00216758

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000368

name

RT_ICON

language

LANG_CHINESE

offset

0x00216758

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000368

name

RT_ICON

language

LANG_CHINESE

offset

0x00216758

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000368

name

RT_ICON

language

LANG_CHINESE

offset

0x00216758

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000368

name

RT_ICON

language

LANG_CHINESE

offset

0x00216758

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000368

name

RT_ICON

language

LANG_CHINESE

offset

0x00216758

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000368

name

RT_ICON

language

LANG_CHINESE

offset

0x00216758

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000368

name

RT_ICON

language

LANG_CHINESE

offset

0x00216758

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000368

name

RT_GROUP_ICON

language

LANG_CHINESE

offset

0x00216ac0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000076

name

RT_VERSION

language

LANG_CHINESE

offset

0x00216b38

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000032c

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2016-11-14 18:22:26

Imports

Library WININET.dll:

• 0x560340 InternetCanonicalizeUrlW

• 0x560344 InternetGetConnectedState

• 0x560348 InternetQueryOptionW

• 0x56034c HttpSendRequestExW

• 0x560350 HttpAddRequestHeadersW

• 0x560354 InternetConnectW

• 0x560358 InternetWriteFile

• 0x56035c HttpSendRequestW

• 0x560360 HttpQueryInfoW

• 0x560364 HttpOpenRequestW

• 0x560368 HttpEndRequestW

• 0x56036c InternetOpenUrlW

• 0x560370 InternetSetOptionW

• 0x560374 InternetCloseHandle

• 0x560378 InternetReadFile

• 0x56037c InternetOpenW

Library KERNEL32.dll:

• 0x560088 SleepEx

• 0x56008c GetSystemDirectoryA

• 0x560090 FindNextFileW

• 0x560094 FindClose

• 0x560098 FindFirstFileW

• 0x56009c LoadLibraryW

• 0x5600a0 GetLastError

• 0x5600a4 GetFileSize

• 0x5600a8 SetFilePointer

• 0x5600ac WriteFile

• 0x5600b0 ReadFile

• 0x5600b4 CreateFileW

• 0x5600b8 FlushFileBuffers

• 0x5600bc SetLastError

• 0x5600c0 CloseHandle

• 0x5600c4 SetFileAttributesW

• 0x5600c8 GetTempFileNameW

• 0x5600cc CreateProcessW

• 0x5600d0 MoveFileExW

• 0x5600d4 CreateDirectoryW

• 0x5600d8 WaitForSingleObject

• 0x5600dc CopyFileW

• 0x5600e0 GetExitCodeProcess

• 0x5600e4 GetFileAttributesW

• 0x5600e8 FileTimeToSystemTime

• 0x5600ec GetProcessId

• 0x5600f0 GetCurrentThreadId

• 0x5600f4 GetCurrentProcess

• 0x5600f8 FormatMessageW

• 0x5600fc GetModuleFileNameW

• 0x560100 ExitThread

• 0x560104 CreateEventW

• 0x560108 DuplicateHandle

• 0x56010c LocalFree

• 0x560110 CreateThread

• 0x560114 CreateMutexW

• 0x560118 OpenMutexW

• 0x56011c ReleaseMutex

• 0x560120 MapViewOfFile

• 0x560124 UnmapViewOfFile

• 0x560128 CreateFileMappingW

• 0x56012c OpenFileMappingW

• 0x560130 FreeLibrary

• 0x560134 OpenProcess

• 0x560138 GetSystemDirectoryW

• 0x56013c GetTempPathW

• 0x560140 RemoveDirectoryW

• 0x560144 DeleteFileW

• 0x560148 InterlockedCompareExchange

• 0x56014c InterlockedExchange

• 0x560150 SetPriorityClass

• 0x560154 GetCommandLineW

• 0x560158 TlsGetValue

• 0x56015c TlsSetValue

• 0x560160 InterlockedIncrement

• 0x560164 OpenEventW

• 0x560168 InterlockedExchangeAdd

• 0x56016c InitializeCriticalSectionAndSpinCount

• 0x560170 LeaveCriticalSection

• 0x560174 EnterCriticalSection

• 0x560178 DeleteCriticalSection

• 0x56017c LocalAlloc

• 0x560180 GetVersionExW

• 0x560184 SetEvent

• 0x560188 QueryPerformanceCounter

• 0x56018c VirtualAlloc

• 0x560190 TlsAlloc

• 0x560194 TlsFree

• 0x560198 InterlockedDecrement

• 0x56019c VirtualQuery

• 0x5601a0 SetUnhandledExceptionFilter

• 0x5601a4 TerminateProcess

• 0x5601a8 lstrlenW

• 0x5601ac GetLocalTime

• 0x5601b0 lstrcatW

• 0x5601b4 IsDebuggerPresent

• 0x5601b8 lstrcpyW

• 0x5601bc LCMapStringW

• 0x5601c0 GetTickCount

• 0x5601c4 InitializeCriticalSection

• 0x5601c8 WaitForSingleObjectEx

• 0x5601cc GetQueuedCompletionStatus

• 0x5601d0 TransactNamedPipe

• 0x5601d4 CreateIoCompletionPort

• 0x5601d8 WaitNamedPipeW

• 0x5601dc SetNamedPipeHandleState

• 0x5601e0 GetSystemTimeAsFileTime

• 0x5601e4 HeapAlloc

• 0x5601e8 HeapFree

• 0x5601ec GetProcessHeap

• 0x5601f0 GetACP

• 0x5601f4 CreateFileA

• 0x5601f8 GetModuleHandleA

• 0x5601fc SwitchToThread

• 0x560200 HeapReAlloc

• 0x560204 UnhandledExceptionFilter

• 0x560208 GetTimeFormatA

• 0x56020c GetDateFormatA

• 0x560210 GetStartupInfoW

• 0x560214 RtlUnwind

• 0x560218 FileTimeToLocalFileTime

• 0x56021c ResumeThread

• 0x560220 GetTimeZoneInformation

• 0x560224 RaiseException

• 0x560228 GetDriveTypeA

• 0x56022c FindFirstFileA

• 0x560230 HeapCreate

• 0x560234 HeapDestroy

• 0x560238 VirtualFree

• 0x56023c ExitProcess

• 0x560240 GetStdHandle

• 0x560244 GetModuleFileNameA

• 0x560248 HeapSize

• 0x56024c GetCPInfo

• 0x560250 GetOEMCP

• 0x560254 IsValidCodePage

• 0x560258 FreeEnvironmentStringsW

• 0x56025c GetEnvironmentStringsW

• 0x560260 SetHandleCount

• 0x560264 GetFileType

• 0x560268 GetStartupInfoA

• 0x56026c GetFileInformationByHandle

• 0x560270 GetCurrentDirectoryA

• 0x560274 LCMapStringA

• 0x560278 GetConsoleCP

• 0x56027c GetConsoleMode

• 0x560280 GetFullPathNameA

• 0x560284 LoadLibraryA

• 0x560288 GetStringTypeA

• 0x56028c GetStringTypeW

• 0x560290 GetUserDefaultLCID

• 0x560294 GetLocaleInfoA

• 0x560298 EnumSystemLocalesA

• 0x56029c IsValidLocale

• 0x5602a0 SetStdHandle

• 0x5602a4 GetLocaleInfoW

• 0x5602a8 WriteConsoleA

• 0x5602ac GetConsoleOutputCP

• 0x5602b0 WriteConsoleW

• 0x5602b4 SetEndOfFile

• 0x5602b8 CompareStringA

• 0x5602bc CompareStringW

• 0x5602c0 SetEnvironmentVariableA

• 0x5602c4 GetCurrentProcessId

• 0x5602c8 MultiByteToWideChar

• 0x5602cc WideCharToMultiByte

• 0x5602d0 GetProcAddress

• 0x5602d4 Sleep

• 0x5602d8 GetModuleHandleW

• 0x5602dc PeekNamedPipe

• 0x5602e0 WaitForMultipleObjects

• 0x5602e4 FormatMessageA

Library USER32.dll:

• 0x56030c DestroyWindow

• 0x560310 CreateWindowExW

• 0x560314 wvsprintfW

• 0x560318 FindWindowW

• 0x56031c PostMessageW

• 0x560320 GetSystemMetrics

• 0x560324 LoadIconW

• 0x560328 SetRectEmpty

Library GDI32.dll:

• 0x56005c DeleteObject

• 0x560060 GetObjectW

• 0x560064 CreateCompatibleDC

• 0x560068 SelectObject

• 0x56006c CreateDIBSection

• 0x560070 DeleteDC

• 0x560074 CreateFontIndirectW

• 0x560078 GetFontData

Library ADVAPI32.dll:

• 0x560000 SetNamedSecurityInfoW

• 0x560004 OpenProcessToken

• 0x560008 GetTokenInformation

• 0x56000c LookupAccountSidW

• 0x560010 RegCreateKeyExW

• 0x560014 RegSetValueExW

• 0x560018 AddAccessAllowedAceEx

• 0x56001c InitializeSecurityDescriptor

• 0x560020 RegCloseKey

• 0x560024 RegOpenKeyExW

• 0x560028 RegQueryValueExW

• 0x56002c SetSecurityDescriptorDacl

• 0x560030 SetSecurityDescriptorSacl

• 0x560034 GetLengthSid

• 0x560038 BuildExplicitAccessWithNameW

• 0x56003c GetSecurityDescriptorSacl

• 0x560040 SetEntriesInAclW

• 0x560044 SetSecurityInfo

• 0x560048 ConvertStringSecurityDescriptorToSecurityDescriptorW

• 0x56004c InitializeAcl

• 0x560050 GetNamedSecurityInfoW

• 0x560054 RegOpenKeyW

Library SHELL32.dll:

• 0x5602f4 ShellExecuteExW

• 0x5602f8 SHFileOperationW

• 0x5602fc SHGetFolderPathW

• 0x560300 ShellExecuteW

• 0x560304 Shell_NotifyIconW

Library IMM32.dll:

• 0x560080 ImmDisableIME

Library VERSION.dll:

• 0x560330 GetFileVersionInfoSizeW

• 0x560334 VerQueryValueW

• 0x560338 GetFileVersionInfoW

Library PSAPI.DLL:

• 0x5602ec GetProcessMemoryInfo

Library WS2_32.dll:

• 0x5603c8 inet_ntoa

• 0x5603cc htonl

• 0x5603d0 getservbyname

• 0x5603d4 gethostbyaddr

• 0x5603d8 getservbyport

• 0x5603dc WSASetLastError

• 0x5603e0 gethostname

• 0x5603e4 sendto

• 0x5603e8 recvfrom

• 0x5603ec gethostbyname

• 0x5603f0 inet_addr

• 0x5603f4 socket

• 0x5603f8 connect

• 0x5603fc setsockopt

• 0x560400 getpeername

• 0x560404 getsockopt

• 0x560408 htons

• 0x56040c bind

• 0x560410 ntohs

• 0x560414 getsockname

• 0x560418 send

• 0x56041c recv

• 0x560420 WSAGetLastError

• 0x560424 closesocket

• 0x560428 accept

• 0x56042c listen

• 0x560430 __WSAFDIsSet

• 0x560434 select

• 0x560438 ioctlsocket

• 0x56043c WSAStartup

• 0x560440 WSACleanup

Library WLDAP32.dll:

• 0x560384

• 0x560388

• 0x56038c

• 0x560390

• 0x560394

• 0x560398

• 0x56039c

• 0x5603a0

• 0x5603a4

• 0x5603a8

• 0x5603ac

• 0x5603b0

• 0x5603b4

• 0x5603b8

• 0x5603bc

• 0x5603c0

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49713	114.114.114.114	53
192.168.56.101	50002	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	60384	114.114.114.114	53
192.168.56.101	62318	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57756	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	51813	239.255.255.250	1900
192.168.56.101	53658	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.