3.0
中危
1 个模型检测该样本为恶意!
重新分析
更多

b683e8edb43379544fa615ae686fcfcefd85e7fdb3e087c868e7f37268c012bc

83d4b718948476b6cfcda059cc659bc3.exe

分析耗时

85s

最近分析

文件大小

1.9MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20181203 6.0.6.653
Alibaba 20180921 0.1.0.2
Baidu 20181203 1.0.0.2
Avast 20181203 18.4.3895.0
Tencent 20181203 1.0.0.1
Kingsoft 20181203 2013.8.14.323
CrowdStrike 20181022 1.0
静态指标
This executable is signed
This executable has a PDB path (1 个事件)
pdb_path D:\TemporaryBuilds\main_app_builder_1\3\s\App\_bin\soda\Win32\Release\ws.pdb
The file contains an unknown PE resource name possibly indicative of a packer (2 个事件)
resource name REGISTRY
resource name TYPELIB
行为判定
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2018-10-31 21:39:53

Imports

Library encoding-conversion.dll:
Library PSAPI.DLL:
Library USER32.dll:
0x5555e0 LoadCursorW
0x5555e4 SetWindowLongW
0x5555e8 GetWindowLongW
0x5555ec DestroyWindow
0x5555f0 CreateWindowExW
0x5555f4 GetClassInfoExW
0x5555f8 RegisterClassExW
0x5555fc UnregisterClassW
0x555600 CallWindowProcW
0x555604 DefWindowProcW
0x555608 PostMessageW
0x555610 CharNextW
0x555614 LoadStringW
0x555618 TranslateMessage
0x55561c GetMessageW
0x555620 DispatchMessageW
0x555624 PostThreadMessageW
0x555628 CharUpperW
0x55562c MessageBoxW
Library WTSAPI32.dll:
0x5556d4 WTSQueryUserToken
Library msi.dll:
0x5558b8
Library VERSION.dll:
0x555694 GetFileVersionInfoW
0x555698 VerQueryValueW
Library KERNEL32.dll:
0x5550b0 LoadLibraryExW
0x5550b4 LoadResource
0x5550b8 SizeofResource
0x5550bc FindResourceW
0x5550c0 LoadLibraryW
0x5550c4 lstrcmpiW
0x5550c8 MultiByteToWideChar
0x5550cc SetLastError
0x5550d0 GetCurrentThreadId
0x5550d4 CloseHandle
0x5550d8 DuplicateHandle
0x5550dc SetEvent
0x5550e0 ReleaseSemaphore
0x5550e8 CreateEventA
0x5550ec GetCurrentProcess
0x5550f0 GetCurrentProcessId
0x5550f8 OpenProcess
0x5550fc GetTickCount
0x555100 CreateFileMappingW
0x555104 GetModuleHandleA
0x555108 CreateSemaphoreA
0x55510c LocalFree
0x555110 FormatMessageW
0x555114 Sleep
0x555118 GetProcAddress
0x55511c HeapAlloc
0x555120 HeapReAlloc
0x555124 HeapFree
0x555128 HeapSize
0x55512c GetProcessHeap
0x555130 DecodePointer
0x555134 WaitForSingleObject
0x555138 TerminateProcess
0x55513c GetExitCodeProcess
0x555144 Process32FirstW
0x555148 Process32NextW
0x55514c GetCommandLineW
0x555150 CreateEventW
0x555154 CreateThread
0x555158 LocalAlloc
0x55515c OpenEventA
0x555160 ResetEvent
0x555168 FormatMessageA
0x55516c CreateFileW
0x555170 GetModuleFileNameW
0x555174 FreeLibrary
0x555188 GetLastError
0x55518c RaiseException
0x555194 GetModuleHandleW
0x5551a4 LCMapStringW
0x5551a8 AreFileApisANSI
0x5551ac LoadLibraryA
0x5551b0 GetStringTypeExW
0x5551bc TlsFree
0x5551c0 TlsSetValue
0x5551c4 TlsGetValue
0x5551c8 TlsAlloc
0x5551cc SetWaitableTimer
0x5551d4 LoadLibraryExA
0x5551d8 VirtualFree
0x5551dc VirtualAlloc
0x5551f0 InitializeSListHead
0x5551f4 EncodePointer
0x5551f8 OutputDebugStringW
0x5551fc IsDebuggerPresent
0x555200 GetComputerNameW
0x555204 WideCharToMultiByte
0x555210 HeapDestroy
0x555218 GetStartupInfoW
0x55521c GlobalFree
0x555220 GetUserDefaultLCID
0x555224 DeviceIoControl
0x555228 GetFileAttributesW
Library ADVAPI32.dll:
0x555008 RevertToSelf
0x55500c LookupAccountSidW
0x555018 CryptGenRandom
0x55501c CryptReleaseContext
0x555028 DuplicateTokenEx
0x555030 SetServiceStatus
0x555038 OpenServiceW
0x55503c OpenSCManagerW
0x555040 DeleteService
0x555044 CreateServiceW
0x555048 ControlService
0x55504c CloseServiceHandle
0x555050 ReportEventW
0x55505c RegQueryValueExW
0x555064 IsValidSid
0x555068 GetTokenInformation
0x55506c GetLengthSid
0x555070 CopySid
0x555074 OpenProcessToken
0x555084 RegSetValueExW
0x555088 RegQueryInfoKeyW
0x55508c RegOpenKeyExW
0x555090 RegEnumKeyExW
0x555094 RegDeleteValueW
0x555098 RegDeleteKeyW
0x55509c RegCreateKeyExW
0x5550a0 RegCloseKey
Library ole32.dll:
0x5558c0 StringFromGUID2
0x5558c4 ProgIDFromCLSID
0x5558c8 CoTaskMemRealloc
0x5558cc CoTaskMemFree
0x5558d0 CoCreateInstance
0x5558d8 CoUninitialize
0x5558dc CoSetProxyBlanket
0x5558e0 CoInitializeEx
0x5558e8 CoRevokeClassObject
0x5558f4 CoTaskMemAlloc
Library OLEAUT32.dll:
0x55559c SysFreeString
0x5555a0 SysAllocString
0x5555a4 VariantCopy
0x5555a8 SysStringLen
0x5555ac VariantInit
0x5555b0 VariantClear
0x5555b4 VarUI4FromStr
0x5555b8 LoadTypeLib
0x5555bc LoadRegTypeLib
0x5555c0 SetErrorInfo
0x5555c4 CreateErrorInfo
0x5555c8 RegisterTypeLib
0x5555cc UnRegisterTypeLib
0x5555d0 SysAllocStringLen
Library atom.dll:
Library root-service-provider.dll:
Library brand.dll:
Library IPHLPAPI.DLL:
0x5550a8 GetAdaptersInfo
Library MSVCP140.dll:
0x5552e8 ?_BADOFF@std@@3_JB
0x5553b0 _Mbrtowc
0x5554b4 _Mtx_lock
0x5554b8 _Mtx_unlock
0x5554bc _Mtx_init_in_situ
0x5554cc _Cnd_wait
0x5554d0 _Cnd_broadcast
0x5554d4 _Cnd_init_in_situ
0x555564 _Wcsxfrm
0x555568 _Wcscoll
Library USERENV.dll:
0x555638 LoadUserProfileW
0x55563c UnloadUserProfile
Library VCRUNTIME140.dll:
0x555648 _CxxThrowException
0x555654 memcpy
0x555658 __CxxFrameHandler3
0x55565c _purecall
0x555660 __std_terminate
0x555664 memmove
0x55566c __RTDynamicCast
0x555670 strchr
0x555674 wcschr
0x555678 memchr
0x555684 memset
0x555688 wcsstr
Library api-ms-win-crt-runtime-l1-1-0.dll:
0x55575c _crt_atexit
0x555760 strerror
0x555764 _cexit
0x555768 _wassert
0x55576c _seh_filter_exe
0x555770 abort
0x555774 _set_app_type
0x555778 _errno
0x555784 _get_errno
0x55578c _controlfp_s
0x555790 _set_errno
0x555794 _resetstkoflw
0x55579c _c_exit
0x5557a0 _exit
0x5557a4 exit
0x5557a8 _initterm_e
0x5557ac _initterm
0x5557b8 terminate
Library api-ms-win-crt-heap-l1-1-0.dll:
0x555710 free
0x555714 _aligned_free
0x555718 malloc
0x55571c _recalloc
0x555720 _aligned_malloc
0x555724 calloc
0x555728 _set_new_mode
0x55572c realloc
0x555730 _msize
0x555734 _callnewh
Library api-ms-win-crt-convert-l1-1-0.dll:
0x5556dc _wcstoui64
0x5556e0 atoi
0x5556e4 _ui64toa_s
0x5556e8 strtoll
0x5556ec _wcstoi64
0x5556f0 _gcvt_s
0x5556f4 _wtoi
0x5556f8 strtol
0x5556fc _i64toa_s
0x555700 _ultoa_s
0x555704 wcstod
0x555708 _itoa_s

Exports

Ordinal Address Name
1 0x4a7340 ??0?$oserializer@Vxml_woarchive@archive@boost@@UCreateProcessResponse@KernelBridgeProxy@@@detail@archive@boost@@QAE@XZ
2 0x4a7370 ??0?$singleton@V?$extended_type_info_typeid@UCreateProcessRequest@KernelBridgeProxy@@@serialization@boost@@@serialization@boost@@QAE@XZ
3 0x4a7380 ??0?$singleton@V?$extended_type_info_typeid@UCreateProcessResponse@KernelBridgeProxy@@@serialization@boost@@@serialization@boost@@QAE@XZ
4 0x4a7390 ??0?$singleton@V?$extended_type_info_typeid@VPreviewerSwitcherContext@WS@@@serialization@boost@@@serialization@boost@@QAE@XZ
5 0x4a73a0 ??0?$singleton@V?$extended_type_info_typeid@VSessionIdContext@WS@@@serialization@boost@@@serialization@boost@@QAE@XZ
6 0x4a7600 ??1?$singleton@V?$extended_type_info_typeid@UCreateProcessRequest@KernelBridgeProxy@@@serialization@boost@@@serialization@boost@@QAE@XZ
7 0x4a7660 ??1?$singleton@V?$extended_type_info_typeid@UCreateProcessResponse@KernelBridgeProxy@@@serialization@boost@@@serialization@boost@@QAE@XZ
8 0x4a76c0 ??1?$singleton@V?$extended_type_info_typeid@VPreviewerSwitcherContext@WS@@@serialization@boost@@@serialization@boost@@QAE@XZ
9 0x4a7720 ??1?$singleton@V?$extended_type_info_typeid@VSessionIdContext@WS@@@serialization@boost@@@serialization@boost@@QAE@XZ
10 0x4ac1e0 ?get_const_instance@?$singleton@V?$extended_type_info_typeid@UCreateProcessRequest@KernelBridgeProxy@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@UCreateProcessRequest@KernelBridgeProxy@@@23@XZ

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62912 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.