SmartHawk

2.6

中危

该样本未表现出任何异常！

重新分析

下载样本

d323c8c35817f7c9d6691ba07433a71816e18bb2ed7a7e468bc7c4536cf4db18

84174a142d30afe6075d57a1aead4d18.exe

分析耗时

39s

最近分析

文件大小

681.0KB

静态报毒动态报毒

未检测暂无鹰眼引擎检测结果

未检测暂无反病毒引擎检测结果

The file contains an unknown PE resource name possibly indicative of a packer (5 个事件)

resource name	AFX_DIALOG_LAYOUT
resource name	BILUX
resource name	HOSAXIY
resource name	TUWUTAPUGAMOGIF
resource name	None

Allocates read-write-execute memory (usually to unpack itself) (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1620808827.079 NtProtectVirtualMemory	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 593920 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x05df0000	success	0	0
1620808827.094 NtAllocateVirtualMemory	process_identifier: 2136 region_size: 1155072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x07780000	success	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.9831721025252325

section

{'size_of_data': '0x0009c200', 'virtual_address': '0x00001000', 'entropy': 7.9831721025252325, 'name': '.text', 'virtual_size': '0x0009c130'}

description

A section with a high entropy has been found

entropy

0.9183823529411764

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)

dead_host

216.58.200.46:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-01-03 16:22:46

Imports

Library KERNEL32.dll:

• 0x49e000 FileTimeToDosDateTime

• 0x49e004 SetVolumeLabelA

• 0x49e008 CreateMutexW

• 0x49e00c lstrcmpA

• 0x49e010 OpenFile

• 0x49e014 CopyFileExW

• 0x49e018 SetLocalTime

• 0x49e01c _llseek

• 0x49e020 IsBadHugeReadPtr

• 0x49e024 GetNumberOfConsoleInputEvents

• 0x49e028 CallNamedPipeA

• 0x49e02c LoadResource

• 0x49e030 SystemTimeToTzSpecificLocalTime

• 0x49e034 DeleteVolumeMountPointA

• 0x49e038 LoadLibraryExW

• 0x49e03c GlobalAddAtomA

• 0x49e040 MoveFileExW

• 0x49e044 SetConsoleActiveScreenBuffer

• 0x49e048 SetDefaultCommConfigW

• 0x49e04c GlobalLock

• 0x49e050 WaitForSingleObject

• 0x49e054 OpenSemaphoreA

• 0x49e058 BackupSeek

• 0x49e05c FreeEnvironmentStringsA

• 0x49e060 _lclose

• 0x49e064 GetProcessPriorityBoost

• 0x49e068 GetTickCount

• 0x49e06c CreateNamedPipeW

• 0x49e070 VirtualFree

• 0x49e074 FindNextVolumeMountPointA

• 0x49e078 GetSystemTimeAsFileTime

• 0x49e07c ReadConsoleW

• 0x49e080 CancelDeviceWakeupRequest

• 0x49e084 GetUserDefaultLangID

• 0x49e088 GetCommandLineA

• 0x49e08c FindResourceExA

• 0x49e090 GetConsoleWindow

• 0x49e094 GetVersionExW

• 0x49e098 WritePrivateProfileStructW

• 0x49e09c WriteConsoleW

• 0x49e0a0 GetBinaryTypeA

• 0x49e0a4 SetSystemPowerState

• 0x49e0a8 lstrcatA

• 0x49e0ac lstrlenW

• 0x49e0b0 DisconnectNamedPipe

• 0x49e0b4 VirtualUnlock

• 0x49e0b8 CreateJobObjectA

• 0x49e0bc InterlockedExchange

• 0x49e0c0 ReleaseActCtx

• 0x49e0c4 GetStdHandle

• 0x49e0c8 FillConsoleOutputCharacterW

• 0x49e0cc OpenMutexW

• 0x49e0d0 IsDBCSLeadByteEx

• 0x49e0d4 GetProcAddress

• 0x49e0d8 BeginUpdateResourceW

• 0x49e0dc SetVolumeLabelW

• 0x49e0e0 LocalLock

• 0x49e0e4 ReadFileEx

• 0x49e0e8 SetStdHandle

• 0x49e0ec EnterCriticalSection

• 0x49e0f0 DisableThreadLibraryCalls

• 0x49e0f4 BuildCommDCBW

• 0x49e0f8 SetFileApisToOEM

• 0x49e0fc LoadLibraryA

• 0x49e100 OpenWaitableTimerW

• 0x49e104 LocalAlloc

• 0x49e108 SetCalendarInfoW

• 0x49e10c BuildCommDCBAndTimeoutsW

• 0x49e110 SetConsoleDisplayMode

• 0x49e114 GetExitCodeThread

• 0x49e118 TransmitCommChar

• 0x49e11c SetCurrentDirectoryW

• 0x49e120 WriteProfileSectionW

• 0x49e124 GlobalHandle

• 0x49e128 GetPrivateProfileStructA

• 0x49e12c GetTapeParameters

• 0x49e130 WaitForMultipleObjects

• 0x49e134 SetSystemTime

• 0x49e138 GlobalWire

• 0x49e13c GetPrivateProfileSectionNamesA

• 0x49e140 EnumDateFormatsA

• 0x49e144 SetConsoleCursorInfo

• 0x49e148 GetThreadPriority

• 0x49e14c CreateIoCompletionPort

• 0x49e150 EnumResourceNamesA

• 0x49e154 VirtualProtect

• 0x49e158 CompareStringA

• 0x49e15c WaitForDebugEvent

• 0x49e160 DeleteFileW

• 0x49e164 FindActCtxSectionStringW

• 0x49e168 TlsFree

• 0x49e16c ResumeThread

• 0x49e170 AreFileApisANSI

• 0x49e174 CreateFileA

• 0x49e178 GetStartupInfoW

• 0x49e17c LeaveCriticalSection

• 0x49e180 SetHandleCount

• 0x49e184 GetFileType

• 0x49e188 GetStartupInfoA

• 0x49e18c DeleteCriticalSection

• 0x49e190 TerminateProcess

• 0x49e194 GetCurrentProcess

• 0x49e198 UnhandledExceptionFilter

• 0x49e19c SetUnhandledExceptionFilter

• 0x49e1a0 IsDebuggerPresent

• 0x49e1a4 HeapAlloc

• 0x49e1a8 GetModuleHandleW

• 0x49e1ac Sleep

• 0x49e1b0 ExitProcess

• 0x49e1b4 WriteFile

• 0x49e1b8 GetModuleFileNameA

• 0x49e1bc GetModuleFileNameW

• 0x49e1c0 FreeEnvironmentStringsW

• 0x49e1c4 GetEnvironmentStringsW

• 0x49e1c8 GetCommandLineW

• 0x49e1cc TlsGetValue

• 0x49e1d0 TlsAlloc

• 0x49e1d4 TlsSetValue

• 0x49e1d8 InterlockedIncrement

• 0x49e1dc SetLastError

• 0x49e1e0 GetCurrentThreadId

• 0x49e1e4 GetLastError

• 0x49e1e8 InterlockedDecrement

• 0x49e1ec HeapCreate

• 0x49e1f0 HeapFree

• 0x49e1f4 QueryPerformanceCounter

• 0x49e1f8 GetCurrentProcessId

• 0x49e1fc InitializeCriticalSectionAndSpinCount

• 0x49e200 RtlUnwind

• 0x49e204 GetCPInfo

• 0x49e208 GetACP

• 0x49e20c GetOEMCP

• 0x49e210 IsValidCodePage

• 0x49e214 MultiByteToWideChar

• 0x49e218 VirtualAlloc

• 0x49e21c HeapReAlloc

• 0x49e220 SetFilePointer

• 0x49e224 WideCharToMultiByte

• 0x49e228 GetConsoleCP

• 0x49e22c GetConsoleMode

• 0x49e230 FlushFileBuffers

• 0x49e234 LCMapStringA

• 0x49e238 LCMapStringW

• 0x49e23c GetStringTypeA

• 0x49e240 GetStringTypeW

• 0x49e244 GetLocaleInfoA

• 0x49e248 ReadFile

• 0x49e24c WriteConsoleA

• 0x49e250 GetConsoleOutputCP

• 0x49e254 HeapSize

• 0x49e258 CloseHandle

Library USER32.dll:

• 0x49e260 GetCursorPos

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
clients2.google.com	A 216.58.200.46 CNAME clients.l.google.com	142.250.66.110
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	60215	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	50002	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	56539	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57756	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	60384	224.0.0.252	5355
192.168.56.101	61680	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	49236	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.