4.6
中危
该样本未表现出任何异常!
重新分析
更多

3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330

834f2507d25bf040d2b4d87d94fad9e1.exe

分析耗时

270s

最近分析

文件大小

1.1MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619686035.6255
__exception__
stacktrace: 
0x35fb35a
0x35fb38d
0x35fb2aa
0x359f8a4
0x35fc651
0x35fc7ef
0x35ae556
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x775a7bca
0x35e55a8
0x35fca9f
834f2507d25bf040d2b4d87d94fad9e1+0x5a7c3 @ 0x45a7c3
0x3590338

registers.esp: 1633948
registers.edi: 0
registers.eax: 1633948
registers.ebp: 1634028
registers.edx: 0
registers.ebx: 1635704
registers.esi: 56698924
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:576954242&cup2hreq=040a80acc7dfb6707f8cb1ababbf777b374e7c525e47677a36322a500a9402ed
Performs some HTTP requests (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:576954242&cup2hreq=040a80acc7dfb6707f8cb1ababbf777b374e7c525e47677a36322a500a9402ed
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:576954242&cup2hreq=040a80acc7dfb6707f8cb1ababbf777b374e7c525e47677a36322a500a9402ed
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1619685992.2345
NtAllocateVirtualMemory
process_identifier: 2856
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x008b0000
success 0 0
1619685998.5165
NtAllocateVirtualMemory
process_identifier: 2856
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x034f0000
success 0 0
Downloads a file or document from Google Drive (1 个事件)
domain drive.google.com
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 203.208.41.33
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (5 个事件)
dead_host 69.171.233.24:443
dead_host 172.217.27.142:443
dead_host 192.168.56.101:49192
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x4d713c VirtualFree
0x4d7140 VirtualAlloc
0x4d7144 LocalFree
0x4d7148 LocalAlloc
0x4d714c GetTickCount
0x4d7154 GetVersion
0x4d7158 GetCurrentThreadId
0x4d7164 VirtualQuery
0x4d7168 WideCharToMultiByte
0x4d716c MultiByteToWideChar
0x4d7170 lstrlenA
0x4d7174 lstrcpynA
0x4d7178 LoadLibraryExA
0x4d717c GetThreadLocale
0x4d7180 GetStartupInfoA
0x4d7184 GetProcAddress
0x4d7188 GetModuleHandleA
0x4d718c GetModuleFileNameA
0x4d7190 GetLocaleInfoA
0x4d7194 GetCommandLineA
0x4d7198 FreeLibrary
0x4d719c FindFirstFileA
0x4d71a0 FindClose
0x4d71a4 ExitProcess
0x4d71a8 WriteFile
0x4d71b0 RtlUnwind
0x4d71b4 RaiseException
0x4d71b8 GetStdHandle
Library user32.dll:
0x4d71c0 GetKeyboardType
0x4d71c4 LoadStringA
0x4d71c8 MessageBoxA
0x4d71cc CharNextA
Library advapi32.dll:
0x4d71d4 RegQueryValueExA
0x4d71d8 RegOpenKeyExA
0x4d71dc RegCloseKey
Library oleaut32.dll:
0x4d71e4 SysFreeString
0x4d71e8 SysReAllocStringLen
0x4d71ec SysAllocStringLen
Library kernel32.dll:
0x4d71f4 TlsSetValue
0x4d71f8 TlsGetValue
0x4d71fc LocalAlloc
0x4d7200 GetModuleHandleA
Library advapi32.dll:
0x4d7208 RegSetValueExA
0x4d720c RegQueryValueExA
0x4d7210 RegOpenKeyExA
0x4d7214 RegFlushKey
0x4d7218 RegCreateKeyExA
0x4d721c RegCloseKey
Library kernel32.dll:
0x4d7224 lstrcpyA
0x4d7228 WriteFile
0x4d722c WaitForSingleObject
0x4d7230 VirtualQuery
0x4d7234 VirtualProtect
0x4d7238 VirtualAlloc
0x4d723c Sleep
0x4d7240 SizeofResource
0x4d7244 SetThreadLocale
0x4d7248 SetFilePointer
0x4d724c SetEvent
0x4d7250 SetErrorMode
0x4d7254 SetEndOfFile
0x4d7258 ResetEvent
0x4d725c ReadFile
0x4d7260 MulDiv
0x4d7264 LockResource
0x4d7268 LoadResource
0x4d726c LoadLibraryA
0x4d7278 GlobalUnlock
0x4d727c GlobalReAlloc
0x4d7280 GlobalHandle
0x4d7284 GlobalLock
0x4d7288 GlobalFree
0x4d728c GlobalFindAtomA
0x4d7290 GlobalDeleteAtom
0x4d7294 GlobalAlloc
0x4d7298 GlobalAddAtomA
0x4d729c GetVersionExA
0x4d72a0 GetVersion
0x4d72a4 GetTickCount
0x4d72a8 GetThreadLocale
0x4d72ac GetSystemInfo
0x4d72b0 GetStringTypeExA
0x4d72b4 GetStdHandle
0x4d72b8 GetProcAddress
0x4d72bc GetModuleHandleA
0x4d72c0 GetModuleFileNameA
0x4d72c4 GetLocaleInfoA
0x4d72c8 GetLocalTime
0x4d72cc GetLastError
0x4d72d0 GetFullPathNameA
0x4d72d4 GetDiskFreeSpaceA
0x4d72d8 GetDateFormatA
0x4d72dc GetCurrentThreadId
0x4d72e0 GetCurrentProcessId
0x4d72e4 GetCPInfo
0x4d72e8 GetACP
0x4d72ec FreeResource
0x4d72f0 InterlockedExchange
0x4d72f4 FreeLibrary
0x4d72f8 FormatMessageA
0x4d72fc FindResourceA
0x4d7300 EnumCalendarInfoA
0x4d730c CreateThread
0x4d7310 CreateFileA
0x4d7314 CreateEventA
0x4d7318 CompareStringA
0x4d731c CloseHandle
Library version.dll:
0x4d7324 VerQueryValueA
0x4d732c GetFileVersionInfoA
Library gdi32.dll:
0x4d7334 UnrealizeObject
0x4d7338 StretchBlt
0x4d733c SetWindowOrgEx
0x4d7340 SetWinMetaFileBits
0x4d7344 SetViewportOrgEx
0x4d7348 SetTextColor
0x4d734c SetStretchBltMode
0x4d7350 SetROP2
0x4d7354 SetPixel
0x4d7358 SetEnhMetaFileBits
0x4d735c SetDIBColorTable
0x4d7360 SetBrushOrgEx
0x4d7364 SetBkMode
0x4d7368 SetBkColor
0x4d736c SelectPalette
0x4d7370 SelectObject
0x4d7374 SaveDC
0x4d7378 RestoreDC
0x4d737c Rectangle
0x4d7380 RectVisible
0x4d7384 RealizePalette
0x4d7388 Polyline
0x4d738c PlayEnhMetaFile
0x4d7390 PatBlt
0x4d7394 MoveToEx
0x4d7398 MaskBlt
0x4d739c LineTo
0x4d73a0 IntersectClipRect
0x4d73a4 GetWindowOrgEx
0x4d73a8 GetWinMetaFileBits
0x4d73ac GetTextMetricsA
0x4d73b0 GetTextExtentPointA
0x4d73bc GetStockObject
0x4d73c0 GetPixel
0x4d73c4 GetPaletteEntries
0x4d73c8 GetObjectA
0x4d73d4 GetEnhMetaFileBits
0x4d73d8 GetDeviceCaps
0x4d73dc GetDIBits
0x4d73e0 GetDIBColorTable
0x4d73e4 GetDCOrgEx
0x4d73ec GetClipBox
0x4d73f0 GetBrushOrgEx
0x4d73f4 GetBitmapBits
0x4d73f8 ExcludeClipRect
0x4d73fc DeleteObject
0x4d7400 DeleteEnhMetaFile
0x4d7404 DeleteDC
0x4d7408 CreateSolidBrush
0x4d740c CreatePenIndirect
0x4d7410 CreatePalette
0x4d7418 CreateFontIndirectA
0x4d741c CreateDIBitmap
0x4d7420 CreateDIBSection
0x4d7424 CreateCompatibleDC
0x4d742c CreateBrushIndirect
0x4d7430 CreateBitmap
0x4d7434 CopyEnhMetaFileA
0x4d7438 BitBlt
Library user32.dll:
0x4d7440 CreateWindowExA
0x4d7444 WindowFromPoint
0x4d7448 WinHelpA
0x4d744c WaitMessage
0x4d7450 UpdateWindow
0x4d7454 UnregisterClassA
0x4d7458 UnhookWindowsHookEx
0x4d745c TranslateMessage
0x4d7464 TrackPopupMenu
0x4d746c ShowWindow
0x4d7470 ShowScrollBar
0x4d7474 ShowOwnedPopups
0x4d7478 ShowCursor
0x4d747c SetWindowsHookExA
0x4d7480 SetWindowTextA
0x4d7484 SetWindowPos
0x4d7488 SetWindowPlacement
0x4d748c SetWindowLongA
0x4d7490 SetTimer
0x4d7494 SetScrollRange
0x4d7498 SetScrollPos
0x4d749c SetScrollInfo
0x4d74a0 SetRect
0x4d74a4 SetPropA
0x4d74a8 SetParent
0x4d74ac SetMenuItemInfoA
0x4d74b0 SetMenu
0x4d74b4 SetForegroundWindow
0x4d74b8 SetFocus
0x4d74bc SetCursor
0x4d74c0 SetClipboardData
0x4d74c4 SetClassLongA
0x4d74c8 SetCapture
0x4d74cc SetActiveWindow
0x4d74d0 SendMessageA
0x4d74d4 ScrollWindow
0x4d74d8 ScreenToClient
0x4d74dc RemovePropA
0x4d74e0 RemoveMenu
0x4d74e4 ReleaseDC
0x4d74e8 ReleaseCapture
0x4d74f4 RegisterClassA
0x4d74f8 RedrawWindow
0x4d74fc PtInRect
0x4d7500 PostQuitMessage
0x4d7504 PostMessageA
0x4d7508 PeekMessageA
0x4d750c OpenClipboard
0x4d7510 OffsetRect
0x4d7514 OemToCharA
0x4d7518 MessageBoxA
0x4d751c MessageBeep
0x4d7520 MapWindowPoints
0x4d7524 MapVirtualKeyA
0x4d7528 LoadStringA
0x4d752c LoadKeyboardLayoutA
0x4d7530 LoadIconA
0x4d7534 LoadCursorA
0x4d7538 LoadBitmapA
0x4d753c KillTimer
0x4d7540 IsZoomed
0x4d7544 IsWindowVisible
0x4d7548 IsWindowEnabled
0x4d754c IsWindow
0x4d7550 IsRectEmpty
0x4d7554 IsIconic
0x4d7558 IsDialogMessageA
0x4d755c IsChild
0x4d7560 InvalidateRect
0x4d7564 IntersectRect
0x4d7568 InsertMenuItemA
0x4d756c InsertMenuA
0x4d7570 InflateRect
0x4d7578 GetWindowTextA
0x4d757c GetWindowRect
0x4d7580 GetWindowPlacement
0x4d7584 GetWindowLongA
0x4d7588 GetWindowDC
0x4d758c GetTopWindow
0x4d7590 GetSystemMetrics
0x4d7594 GetSystemMenu
0x4d7598 GetSysColorBrush
0x4d759c GetSysColor
0x4d75a0 GetSubMenu
0x4d75a4 GetScrollRange
0x4d75a8 GetScrollPos
0x4d75ac GetScrollInfo
0x4d75b0 GetPropA
0x4d75b4 GetParent
0x4d75b8 GetWindow
0x4d75bc GetMenuStringA
0x4d75c0 GetMenuState
0x4d75c4 GetMenuItemInfoA
0x4d75c8 GetMenuItemID
0x4d75cc GetMenuItemCount
0x4d75d0 GetMenu
0x4d75d4 GetLastActivePopup
0x4d75d8 GetKeyboardState
0x4d75e0 GetKeyboardLayout
0x4d75e4 GetKeyState
0x4d75e8 GetKeyNameTextA
0x4d75ec GetIconInfo
0x4d75f0 GetForegroundWindow
0x4d75f4 GetFocus
0x4d75f8 GetDesktopWindow
0x4d75fc GetDCEx
0x4d7600 GetDC
0x4d7604 GetCursorPos
0x4d7608 GetCursor
0x4d760c GetClipboardData
0x4d7610 GetClientRect
0x4d7614 GetClassNameA
0x4d7618 GetClassInfoA
0x4d761c GetCapture
0x4d7620 GetActiveWindow
0x4d7624 FrameRect
0x4d7628 FindWindowA
0x4d762c FillRect
0x4d7630 EqualRect
0x4d7634 EnumWindows
0x4d7638 EnumThreadWindows
0x4d763c EndPaint
0x4d7640 EnableWindow
0x4d7644 EnableScrollBar
0x4d7648 EnableMenuItem
0x4d764c EmptyClipboard
0x4d7650 DrawTextA
0x4d7654 DrawMenuBar
0x4d7658 DrawIconEx
0x4d765c DrawIcon
0x4d7660 DrawFrameControl
0x4d7664 DrawFocusRect
0x4d7668 DrawEdge
0x4d766c DispatchMessageA
0x4d7670 DestroyWindow
0x4d7674 DestroyMenu
0x4d7678 DestroyIcon
0x4d767c DestroyCursor
0x4d7680 DeleteMenu
0x4d7684 DefWindowProcA
0x4d7688 DefMDIChildProcA
0x4d768c DefFrameProcA
0x4d7690 CreatePopupMenu
0x4d7694 CreateMenu
0x4d7698 CreateIcon
0x4d769c CloseClipboard
0x4d76a0 ClientToScreen
0x4d76a4 CheckMenuItem
0x4d76a8 CallWindowProcA
0x4d76ac CallNextHookEx
0x4d76b0 BeginPaint
0x4d76b4 CharNextA
0x4d76b8 CharLowerBuffA
0x4d76bc CharLowerA
0x4d76c0 CharUpperBuffA
0x4d76c4 CharToOemA
0x4d76c8 AdjustWindowRectEx
Library kernel32.dll:
0x4d76d4 Sleep
Library oleaut32.dll:
0x4d76dc SafeArrayPtrOfIndex
0x4d76e0 SafeArrayGetUBound
0x4d76e4 SafeArrayGetLBound
0x4d76e8 SafeArrayCreate
0x4d76ec VariantChangeType
0x4d76f0 VariantCopy
0x4d76f4 VariantClear
0x4d76f8 VariantInit
Library comctl32.dll:
0x4d7708 ImageList_Write
0x4d770c ImageList_Read
0x4d771c ImageList_DragMove
0x4d7720 ImageList_DragLeave
0x4d7724 ImageList_DragEnter
0x4d7728 ImageList_EndDrag
0x4d772c ImageList_BeginDrag
0x4d7730 ImageList_GetIcon
0x4d7734 ImageList_Remove
0x4d7738 ImageList_DrawEx
0x4d773c ImageList_Replace
0x4d7740 ImageList_Draw
0x4d7750 ImageList_Add
0x4d775c ImageList_Destroy
0x4d7760 ImageList_Create
Library URL.DLL:
0x4d7768 InetIsOffline

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49186 203.208.41.98 update.googleapis.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 54991 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 62191 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 54260 224.0.0.252 5355
192.168.56.101 56743 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.