3.2
中危
2 个模型检测该样本为恶意!
重新分析
更多

fccffe55df57db636d1399bfd518aa1ab53abbd8a4a845d46689d38f09b6c563

853fd4057b5f6f449ac8aa7884e31c25.exe

分析耗时

78s

最近分析

文件大小

668.0KB
静态报毒 动态报毒 MALICIOUS WACATAC
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Baidu 20190318 1.0.0.2
Avast 20210501 21.1.5827.0
Alibaba 20190527 0.3.0.5
Kingsoft 20210501 2017.9.26.565
McAfee 20210501 6.0.6.653
Tencent 20210501 1.0.0.1
CrowdStrike 20210203 1.0
静态指标
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620946610.190553
GlobalMemoryStatusEx
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
The file contains an unknown PE resource name possibly indicative of a packer (5 个事件)
resource name AFX_DIALOG_LAYOUT
resource name AVI
resource name BINARY
resource name GIF
resource name None
行为判定
动态指标
File has been identified by 2 AntiVirus engines on VirusTotal as malicious (2 个事件)
CAT-QuickHeal Trojan.Wacatac
APEX Malicious
Uses Windows utilities for basic Windows functionality (4 个事件)
cmdline netsh int tcp show supplemental
cmdline netsh int ip show interfaces
cmdline netsh interface tcp show global
cmdline netsh interface tcp show heuristics
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-02-22 22:26:49

Imports

Library KERNEL32.dll:
0x456160 SetHandleCount
0x456164 GetFileType
0x456168 HeapDestroy
0x45616c HeapCreate
0x456170 VirtualFree
0x456174 VirtualAlloc
0x456178 IsBadWritePtr
0x45617c GetStringTypeA
0x456180 GetStringTypeW
0x456184 IsBadReadPtr
0x45618c SetStdHandle
0x456190 CompareStringA
0x456194 CompareStringW
0x4561a0 GetProfileStringA
0x4561a8 LCMapStringW
0x4561ac LCMapStringA
0x4561b0 HeapSize
0x4561b4 HeapReAlloc
0x4561b8 TerminateProcess
0x4561bc GetACP
0x4561c0 GetLocalTime
0x4561c4 GetSystemTime
0x4561cc ExitProcess
0x4561d0 GetStartupInfoA
0x4561d4 RaiseException
0x4561d8 ExitThread
0x4561dc RtlUnwind
0x4561e0 CopyFileA
0x4561e4 lstrlenW
0x4561e8 GlobalSize
0x4561ec SetErrorMode
0x4561f0 GetOEMCP
0x4561f4 GetCPInfo
0x4561f8 GlobalFlags
0x4561fc GetProcessVersion
0x456200 TlsGetValue
0x456204 LocalReAlloc
0x456208 TlsSetValue
0x456210 GlobalReAlloc
0x456218 TlsFree
0x45621c GlobalHandle
0x456224 TlsAlloc
0x45622c LocalAlloc
0x456230 GetCurrentThread
0x45623c GetFileTime
0x456240 GetFileSize
0x456244 GetFileAttributesA
0x456248 SuspendThread
0x45624c SetThreadPriority
0x456250 GetTickCount
0x456254 GetThreadLocale
0x456258 GetFullPathNameA
0x456260 FindFirstFileA
0x456264 FindClose
0x456268 SetEndOfFile
0x45626c UnlockFile
0x456270 LockFile
0x456274 FlushFileBuffers
0x456278 VirtualProtect
0x45627c lstrcmpA
0x456280 SetLastError
0x456284 GetVersion
0x456288 GetCurrentThreadId
0x45628c GlobalGetAtomNameA
0x456290 GlobalAddAtomA
0x456294 GlobalFindAtomA
0x456298 GlobalDeleteAtom
0x45629c MultiByteToWideChar
0x4562a4 FormatMessageA
0x4562a8 LocalFree
0x4562ac WideCharToMultiByte
0x4562b4 GetModuleFileNameA
0x4562b8 ReadFile
0x4562bc SetFilePointer
0x4562c0 CreatePipe
0x4562c4 DuplicateHandle
0x4562c8 GetStdHandle
0x4562cc CreateProcessA
0x4562d0 GetCommandLineA
0x4562d4 SetThreadLocale
0x4562d8 CreateThread
0x4562dc TerminateThread
0x4562e0 InterlockedExchange
0x4562e4 GetProcessHeap
0x4562e8 HeapAlloc
0x4562ec HeapFree
0x4562f0 SleepEx
0x4562f4 Sleep
0x4562f8 LoadLibraryA
0x4562fc FreeLibrary
0x456300 lstrcmpiA
0x456304 GetVersionExA
0x456308 GetModuleHandleA
0x45630c GetProcAddress
0x456310 GetSystemInfo
0x456314 VerSetConditionMask
0x456318 VerifyVersionInfoA
0x45631c SetEvent
0x456320 ResetEvent
0x456324 WaitForSingleObject
0x456328 FindResourceA
0x45632c LoadResource
0x456330 SizeofResource
0x456334 LockResource
0x456338 ResumeThread
0x45633c MulDiv
0x456340 GlobalFree
0x456344 CreateEventA
0x456350 GetCurrentProcess
0x456354 WriteFile
0x456358 GlobalAlloc
0x45635c GlobalLock
0x456360 GlobalUnlock
0x456364 CreateFileA
0x456368 CloseHandle
0x456370 lstrlenA
0x456374 WinExec
0x456378 lstrcpynA
0x45637c GetLastError
0x456380 lstrcpyA
0x456384 IsBadCodePtr
0x456388 lstrcatA
Library USER32.dll:
0x4563cc MessageBeep
0x4563d0 CharNextA
0x4563d8 DispatchMessageA
0x4563dc SetFocus
0x4563e0 AdjustWindowRectEx
0x4563e4 IsWindowVisible
0x4563e8 GetScrollInfo
0x4563ec SetScrollInfo
0x4563f0 GetScrollRange
0x4563f4 GetScrollPos
0x4563f8 SetScrollPos
0x4563fc GetTopWindow
0x456400 IsChild
0x456404 WinHelpA
0x456408 RegisterClassA
0x45640c GetMenu
0x456410 GetMenuItemCount
0x456414 GetMenuItemID
0x456418 TrackPopupMenu
0x45641c SetWindowPlacement
0x456424 GetWindowTextA
0x456428 GetDlgCtrlID
0x45642c CreateWindowExA
0x456430 SetWindowsHookExA
0x456434 CallNextHookEx
0x456438 GetClassLongA
0x45643c SetPropA
0x456440 GetPropA
0x456444 CallWindowProcA
0x456448 RemovePropA
0x45644c GetMessageTime
0x456450 GetMessagePos
0x456454 GetForegroundWindow
0x456458 GetWindow
0x45645c SetWindowPos
0x456464 IntersectRect
0x45646c GetWindowPlacement
0x456470 EndDialog
0x456474 GetActiveWindow
0x456478 SetActiveWindow
0x456480 DestroyWindow
0x456484 wsprintfA
0x45648c GetMenuState
0x456490 ModifyMenuA
0x456494 SetMenuItemBitmaps
0x456498 CheckMenuItem
0x45649c EnableMenuItem
0x4564a0 UnhookWindowsHookEx
0x4564a4 GetLastActivePopup
0x4564a8 IsWindowEnabled
0x4564ac ExitWindowsEx
0x4564b0 IsIconic
0x4564b4 DrawIcon
0x4564b8 GetSystemMenu
0x4564bc LoadIconA
0x4564c0 PostThreadMessageA
0x4564c4 SetMenuDefaultItem
0x4564c8 SetMenuItemInfoA
0x4564cc LoadMenuA
0x4564d0 GetSubMenu
0x4564d4 SetForegroundWindow
0x4564d8 TrackPopupMenuEx
0x4564dc CreatePopupMenu
0x4564e0 AppendMenuA
0x4564e4 GetNextDlgTabItem
0x4564e8 GetKeyState
0x4564ec KillTimer
0x4564f0 SetTimer
0x4564f4 DestroyCaret
0x4564f8 CreateCaret
0x4564fc SetCaretPos
0x456500 ShowCaret
0x456504 EnableScrollBar
0x456508 ShowScrollBar
0x45650c GetFocus
0x456510 GetClassInfoA
0x456514 DefWindowProcA
0x456518 IsWindow
0x456520 GetNextDlgGroupItem
0x456524 GetCapture
0x456528 SetCapture
0x45652c ReleaseCapture
0x456530 InflateRect
0x456534 DrawStateA
0x456538 ClientToScreen
0x45653c GetSysColorBrush
0x456540 FrameRect
0x456544 LoadStringA
0x456548 UnregisterClassA
0x45654c HideCaret
0x456550 ExcludeUpdateRgn
0x456554 DefDlgProcA
0x456558 IsWindowUnicode
0x45655c MessageBoxA
0x456560 PostQuitMessage
0x456564 GetMessageA
0x456568 TranslateMessage
0x45656c ValidateRect
0x456570 wvsprintfA
0x456574 DrawFocusRect
0x456578 DrawTextA
0x45657c OffsetRect
0x456580 LoadBitmapA
0x456584 SetCursor
0x456588 LoadCursorA
0x45658c CopyRect
0x456590 GetSysColor
0x456594 FillRect
0x456598 GetDC
0x45659c ReleaseDC
0x4565a0 SetRect
0x4565a4 GetParent
0x4565a8 PostMessageA
0x4565ac EnableWindow
0x4565b0 GetClassNameA
0x4565b4 GetWindowLongA
0x4565b8 SetWindowLongA
0x4565bc ScreenToClient
0x4565c0 PtInRect
0x4565c4 IsZoomed
0x4565cc GetDlgItem
0x4565d0 DrawFrameControl
0x4565d4 BeginDeferWindowPos
0x4565d8 DeferWindowPos
0x4565dc InvalidateRect
0x4565e0 EndDeferWindowPos
0x4565e4 EqualRect
0x4565e8 UpdateWindow
0x4565ec GetClientRect
0x4565f0 GetWindowRect
0x4565f4 GetSystemMetrics
0x4565f8 SendMessageA
0x4565fc OpenClipboard
0x456600 EmptyClipboard
0x456604 SetClipboardData
0x456608 CloseClipboard
0x456610 DestroyMenu
0x456614 GetDesktopWindow
0x456618 CharUpperA
0x45661c WindowFromPoint
0x456620 MapDialogRect
0x456624 GetAsyncKeyState
0x456628 GrayStringA
0x45662c TabbedTextOutA
0x456630 EndPaint
0x456634 BeginPaint
0x456638 GetWindowDC
0x45663c ShowWindow
0x456640 MoveWindow
0x456644 SetWindowTextA
0x456648 IsDialogMessageA
0x45664c PeekMessageA
0x456650 SendDlgItemMessageA
0x456654 GetCursorPos
0x456658 MapWindowPoints
Library GDI32.dll:
0x456068 SetViewportOrgEx
0x45606c OffsetViewportOrgEx
0x456070 SetViewportExtEx
0x456074 ScaleViewportExtEx
0x456078 SetWindowExtEx
0x45607c ScaleWindowExtEx
0x456080 SelectClipRgn
0x456084 IntersectClipRect
0x456088 GetViewportExtEx
0x45608c GetWindowExtEx
0x456090 PtVisible
0x456094 RectVisible
0x456098 TextOutA
0x45609c ExtTextOutA
0x4560a0 Escape
0x4560a4 PatBlt
0x4560a8 GetMapMode
0x4560ac DPtoLP
0x4560b0 CopyMetaFileA
0x4560b4 GetTextColor
0x4560b8 GetBkColor
0x4560bc LPtoDP
0x4560c0 SetBkMode
0x4560c4 RestoreDC
0x4560c8 SaveDC
0x4560cc SetBkColor
0x4560d0 GetClipBox
0x4560d4 CreateFontA
0x4560dc Polygon
0x4560e0 Polyline
0x4560e4 GetCharWidthA
0x4560e8 GetStockObject
0x4560ec RoundRect
0x4560f0 SetPixel
0x4560f4 MoveToEx
0x4560f8 LineTo
0x4560fc CreateBitmap
0x456100 CreatePen
0x456104 CreateFontIndirectA
0x456108 SetTextColor
0x45610c GetObjectA
0x456110 CreateSolidBrush
0x456114 BitBlt
0x456118 CreateCompatibleDC
0x456120 SelectObject
0x456124 DeleteObject
0x456128 GetDeviceCaps
0x45612c SetMapMode
0x456134 StartDocA
0x456138 StartPage
0x45613c EndPage
0x456140 EndDoc
0x456144 CreateDIBitmap
0x456148 GetTextExtentPointA
0x45614c DeleteDC
Library comdlg32.dll:
0x45668c GetFileTitleA
0x456690 GetOpenFileNameA
0x456694 PrintDlgA
0x456698 GetSaveFileNameA
Library WINSPOOL.DRV:
0x456660 OpenPrinterA
0x456664 DocumentPropertiesA
0x456668 ClosePrinter
Library ADVAPI32.dll:
0x456000 RegOpenKeyExA
0x456004 RegCloseKey
0x456008 RegQueryValueA
0x45600c RegQueryValueExA
0x456018 OpenProcessToken
0x45601c RegEnumValueA
0x456020 RegOpenKeyA
0x456024 RegDeleteValueA
0x456028 RegSetValueExA
0x45602c RegCreateKeyExA
0x456034 RegDeleteKeyA
0x456038 RegEnumKeyExA
Library SHELL32.dll:
0x4563c4 ShellExecuteA
Library COMCTL32.dll:
0x456040 _TrackMouseEvent
0x456044 ImageList_AddMasked
0x456048
0x45604c PropertySheetA
0x456058 ImageList_Destroy
0x45605c ImageList_Create
Library oledlg.dll:
0x4566fc
Library ole32.dll:
0x4566ac CoTaskMemFree
0x4566b0 ReleaseStgMedium
0x4566b4 OleGetClipboard
0x4566b8 OleSetClipboard
0x4566bc OleFlushClipboard
0x4566c4 OleInitialize
0x4566c8 OleUninitialize
0x4566d0 CLSIDFromProgID
0x4566d4 CLSIDFromString
0x4566d8 OleDuplicateData
0x4566dc CoTaskMemAlloc
0x4566e4 CoGetClassObject
0x4566e8 CoRevokeClassObject
Library OLEPRO32.DLL:
0x4563b8
0x4563bc
Library OLEAUT32.dll:
0x456390 SysFreeString
0x456394 SysAllocStringLen
0x456398 VariantClear
0x4563a0 SysStringLen
0x4563a8 VariantChangeType
0x4563ac SysAllocString
0x4563b0 VariantCopy
Library WSOCK32.dll:
0x456670 ioctlsocket
0x456674 WSACleanup
0x456678 WSAStartup
0x45667c inet_addr
0x456680 htonl
0x456684 gethostbyname
Library iphlpapi.dll:
0x4566a0 GetAdaptersInfo

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
111.123.48.219 443 192.168.56.101 49188
111.123.48.219 443 192.168.56.101 49195

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.