3.2
中危
该样本未表现出任何异常!
重新分析
更多

ce5dd2a198662ab42807ac04f6896b2f7848b1cdb5015b8ab4744f0e1dd0f648

872201241f76304ee1b91dfd66c6eec8.exe

分析耗时

43s

最近分析

文件大小

911.8KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
This executable is signed
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
The file contains an unknown PE resource name possibly indicative of a packer (2 个事件)
resource name AVI
resource name JGZQWUHKGYD
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1620808826.593875
__exception__
stacktrace: 
0x1ee13fe
0x1da03da

registers.esp: 1633788
registers.edi: 1999
registers.eax: 32387080
registers.ebp: 1633832
registers.edx: 272
registers.ebx: 7126640
registers.esi: 0
registers.ecx: 1
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x0
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620808826.561875
NtAllocateVirtualMemory
process_identifier: 1208
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01da0000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 6.879653063627811 section {'size_of_data': '0x0007a000', 'virtual_address': '0x0006e000', 'entropy': 6.879653063627811, 'name': '.rsrc', 'virtual_size': '0x00079d3c'} description A section with a high entropy has been found
entropy 0.5398230088495575 description Overall entropy of this PE file is high
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-03-16 22:07:59

Imports

Library KERNEL32.dll:
0x44f1c0 GetCommandLineA
0x44f1c4 RaiseException
0x44f1c8 HeapAlloc
0x44f1cc HeapFree
0x44f1d0 GetACP
0x44f1d4 CreateThread
0x44f1d8 ExitThread
0x44f1dc HeapSize
0x44f1e0 HeapReAlloc
0x44f1e4 FatalAppExitA
0x44f1fc SetHandleCount
0x44f200 GetStdHandle
0x44f204 GetFileType
0x44f208 HeapDestroy
0x44f20c HeapCreate
0x44f210 VirtualFree
0x44f214 GetStartupInfoA
0x44f218 VirtualAlloc
0x44f21c IsBadWritePtr
0x44f220 LCMapStringA
0x44f224 LCMapStringW
0x44f228 GetStringTypeA
0x44f22c GetStringTypeW
0x44f230 IsBadReadPtr
0x44f234 IsBadCodePtr
0x44f238 SetStdHandle
0x44f23c IsValidLocale
0x44f240 IsValidCodePage
0x44f244 GetLocaleInfoA
0x44f248 EnumSystemLocalesA
0x44f24c GetUserDefaultLCID
0x44f250 GetVersionExA
0x44f258 CompareStringA
0x44f25c CompareStringW
0x44f260 GetLocaleInfoW
0x44f264 GetLocalTime
0x44f268 GetProfileStringA
0x44f26c GetSystemTime
0x44f274 RemoveDirectoryA
0x44f278 CreateDirectoryA
0x44f27c TerminateProcess
0x44f288 RtlUnwind
0x44f28c CopyFileA
0x44f290 GlobalSize
0x44f2a4 SetErrorMode
0x44f2a8 GetOEMCP
0x44f2ac GetCPInfo
0x44f2b0 GetProcessVersion
0x44f2b4 TlsGetValue
0x44f2b8 LocalReAlloc
0x44f2bc TlsSetValue
0x44f2c0 GlobalReAlloc
0x44f2c4 TlsFree
0x44f2c8 GlobalHandle
0x44f2cc TlsAlloc
0x44f2d0 LocalAlloc
0x44f2d4 SizeofResource
0x44f2e8 GlobalFlags
0x44f2ec lstrlenW
0x44f2f0 GlobalAlloc
0x44f2f4 lstrcmpA
0x44f2f8 GetCurrentThread
0x44f2fc CreateEventA
0x44f300 SuspendThread
0x44f304 SetThreadPriority
0x44f308 ResumeThread
0x44f30c SetEvent
0x44f310 WaitForSingleObject
0x44f314 SetFileAttributesA
0x44f318 SetFileTime
0x44f324 GetFileTime
0x44f328 GetFileSize
0x44f32c GetFileAttributesA
0x44f330 GetShortPathNameA
0x44f334 GetThreadLocale
0x44f338 GetStringTypeExA
0x44f33c GetFullPathNameA
0x44f340 lstrcpynA
0x44f348 DeleteFileA
0x44f34c MoveFileA
0x44f350 SetEndOfFile
0x44f354 UnlockFile
0x44f358 LockFile
0x44f35c CloseHandle
0x44f360 FlushFileBuffers
0x44f364 SetFilePointer
0x44f368 WriteFile
0x44f36c ReadFile
0x44f370 CreateFileA
0x44f374 DuplicateHandle
0x44f380 FindNextFileA
0x44f384 FindFirstFileA
0x44f388 GetLastError
0x44f38c FindClose
0x44f390 GetModuleFileNameA
0x44f394 GetCurrentThreadId
0x44f398 GlobalGetAtomNameA
0x44f39c lstrcmpiA
0x44f3a0 GlobalAddAtomA
0x44f3a4 GlobalFindAtomA
0x44f3a8 GlobalDeleteAtom
0x44f3ac GlobalFree
0x44f3b0 LockResource
0x44f3b4 FindResourceA
0x44f3b8 LoadResource
0x44f3bc FormatMessageA
0x44f3c0 LocalFree
0x44f3c4 MultiByteToWideChar
0x44f3c8 WideCharToMultiByte
0x44f3d4 GlobalLock
0x44f3d8 GlobalUnlock
0x44f3dc MulDiv
0x44f3e0 GetModuleHandleA
0x44f3e4 SetLastError
0x44f3e8 GetVersion
0x44f3ec GetTickCount
0x44f3f0 ExitProcess
0x44f3f4 GetCurrentProcess
0x44f3f8 LoadLibraryW
0x44f3fc GetProcAddress
0x44f400 lstrcatA
0x44f404 lstrlenA
0x44f408 lstrcpyA
0x44f410 LoadLibraryA
0x44f414 FreeLibrary
0x44f418 Sleep
0x44f41c WinExec
0x44f424 GetDriveTypeA
Library USER32.dll:
0x44f4e8 SetRect
0x44f4ec GetNextDlgGroupItem
0x44f4f0 RemoveMenu
0x44f4f4 SetRectEmpty
0x44f4f8 LoadAcceleratorsA
0x44f500 SetMenu
0x44f504 ReuseDDElParam
0x44f508 UnpackDDElParam
0x44f50c BringWindowToTop
0x44f514 PostThreadMessageA
0x44f518 DestroyIcon
0x44f51c AdjustWindowRectEx
0x44f520 DeferWindowPos
0x44f524 BeginDeferWindowPos
0x44f528 CopyRect
0x44f52c EndDeferWindowPos
0x44f530 IsWindowVisible
0x44f534 ScrollWindow
0x44f538 GetScrollInfo
0x44f53c SetScrollInfo
0x44f540 ShowScrollBar
0x44f544 GetScrollRange
0x44f548 SetScrollRange
0x44f54c GetScrollPos
0x44f550 SetScrollPos
0x44f554 GetTopWindow
0x44f558 MessageBoxA
0x44f55c IsChild
0x44f560 GetCapture
0x44f564 WinHelpA
0x44f568 wsprintfA
0x44f56c GetClassInfoA
0x44f570 RegisterClassA
0x44f574 GetMenu
0x44f578 GetMenuItemCount
0x44f57c SetWindowPlacement
0x44f584 GetWindowTextA
0x44f588 GetDlgCtrlID
0x44f58c GetKeyState
0x44f590 DefWindowProcA
0x44f594 CreateWindowExA
0x44f598 SetWindowsHookExA
0x44f59c CallNextHookEx
0x44f5a0 GetClassLongA
0x44f5a4 SetPropA
0x44f5a8 UnhookWindowsHookEx
0x44f5ac GetPropA
0x44f5b0 CallWindowProcA
0x44f5b4 RemovePropA
0x44f5b8 GetMessageTime
0x44f5bc GetLastActivePopup
0x44f5c0 GetForegroundWindow
0x44f5c4 GetWindow
0x44f5c8 SetWindowPos
0x44f5cc OffsetRect
0x44f5d0 IntersectRect
0x44f5d8 GetWindowPlacement
0x44f5dc GetNextDlgTabItem
0x44f5e0 EndDialog
0x44f5e4 GetActiveWindow
0x44f5e8 GetSystemMetrics
0x44f5ec GetDesktopWindow
0x44f5f0 DestroyWindow
0x44f5f4 GetWindowLongA
0x44f5f8 GetDlgItem
0x44f5fc IsWindowEnabled
0x44f600 OemToCharA
0x44f604 CharToOemA
0x44f608 GetWindowDC
0x44f60c ClientToScreen
0x44f610 RedrawWindow
0x44f614 SetActiveWindow
0x44f618 DrawAnimatedRects
0x44f61c SetParent
0x44f620 FindWindowA
0x44f624 EnumChildWindows
0x44f62c GetClassNameA
0x44f630 GetSysColorBrush
0x44f634 SetForegroundWindow
0x44f638 TrackPopupMenu
0x44f63c PostMessageA
0x44f640 GetMenuItemID
0x44f644 SetMenuDefaultItem
0x44f64c GrayStringA
0x44f650 DrawTextA
0x44f654 TabbedTextOutA
0x44f658 EqualRect
0x44f65c GetSystemMenu
0x44f660 AppendMenuA
0x44f664 LoadIconA
0x44f668 LoadCursorA
0x44f66c CopyIcon
0x44f670 GetWindowRect
0x44f674 KillTimer
0x44f678 UnregisterClassA
0x44f67c HideCaret
0x44f680 ShowCaret
0x44f684 ExcludeUpdateRgn
0x44f688 DrawFocusRect
0x44f68c DefDlgProcA
0x44f690 IsWindowUnicode
0x44f694 GetParent
0x44f698 GetDC
0x44f69c ReleaseDC
0x44f6a0 InflateRect
0x44f6a4 IsWindow
0x44f6a8 GetSysColor
0x44f6ac SetCursor
0x44f6b0 GetMessagePos
0x44f6b4 ScreenToClient
0x44f6b8 PtInRect
0x44f6bc MessageBeep
0x44f6c0 SetWindowLongA
0x44f6c4 LoadImageA
0x44f6c8 CharNextA
0x44f6cc GetMenuStringA
0x44f6d0 DeleteMenu
0x44f6d4 InsertMenuA
0x44f6dc WaitMessage
0x44f6e0 ReleaseCapture
0x44f6e4 IsIconic
0x44f6e8 SetCapture
0x44f6ec LoadMenuA
0x44f6f0 GetSubMenu
0x44f6f4 UpdateWindow
0x44f6f8 SendMessageA
0x44f6fc EnableWindow
0x44f700 BeginPaint
0x44f704 LoadBitmapA
0x44f708 FillRect
0x44f70c EndPaint
0x44f710 InvalidateRect
0x44f714 GetClientRect
0x44f718 SetTimer
0x44f71c MapDialogRect
0x44f724 ShowOwnedPopups
0x44f728 PostQuitMessage
0x44f72c LoadStringA
0x44f730 WindowFromPoint
0x44f734 GetMessageA
0x44f738 TranslateMessage
0x44f73c ValidateRect
0x44f740 DestroyMenu
0x44f744 CharUpperA
0x44f748 wvsprintfA
0x44f750 GetMenuState
0x44f754 ModifyMenuA
0x44f758 SetMenuItemBitmaps
0x44f75c CheckMenuItem
0x44f760 EnableMenuItem
0x44f764 ShowWindow
0x44f768 MoveWindow
0x44f76c SetWindowTextA
0x44f770 IsDialogMessageA
0x44f774 ScrollWindowEx
0x44f778 IsDlgButtonChecked
0x44f77c SetDlgItemTextA
0x44f780 SetDlgItemInt
0x44f784 GetDlgItemTextA
0x44f788 GetDlgItemInt
0x44f78c CheckRadioButton
0x44f790 CheckDlgButton
0x44f794 SendDlgItemMessageA
0x44f798 MapWindowPoints
0x44f79c SetFocus
0x44f7a0 DispatchMessageA
0x44f7a4 GetCursorPos
0x44f7a8 GetDialogBaseUnits
0x44f7b0 GetFocus
0x44f7b4 PeekMessageA
Library GDI32.dll:
0x44f060 SetROP2
0x44f064 SetStretchBltMode
0x44f068 SetTextColor
0x44f06c SetMapMode
0x44f070 SetViewportOrgEx
0x44f074 OffsetViewportOrgEx
0x44f078 SetViewportExtEx
0x44f07c ScaleViewportExtEx
0x44f080 SetWindowOrgEx
0x44f084 OffsetWindowOrgEx
0x44f088 SetWindowExtEx
0x44f08c ScaleWindowExtEx
0x44f090 GetClipBox
0x44f094 SelectClipRgn
0x44f098 ExcludeClipRect
0x44f09c IntersectClipRect
0x44f0a0 OffsetClipRgn
0x44f0a4 MoveToEx
0x44f0a8 LineTo
0x44f0ac SetTextAlign
0x44f0b8 SetMapperFlags
0x44f0c0 ArcTo
0x44f0c4 SetArcDirection
0x44f0c8 PolyDraw
0x44f0cc PolylineTo
0x44f0d0 SetColorAdjustment
0x44f0d4 PolyBezierTo
0x44f0d8 SetPolyFillMode
0x44f0dc GetClipRgn
0x44f0e0 CreateRectRgn
0x44f0e4 SelectClipPath
0x44f0e8 ExtSelectClipRgn
0x44f0ec PlayMetaFileRecord
0x44f0f0 GetObjectType
0x44f0f4 EnumMetaFile
0x44f0f8 PlayMetaFile
0x44f0fc GetDeviceCaps
0x44f100 GetViewportExtEx
0x44f104 GetWindowExtEx
0x44f108 CreatePen
0x44f10c ExtCreatePen
0x44f110 CreateSolidBrush
0x44f114 CreateHatchBrush
0x44f118 CreatePatternBrush
0x44f120 GetDCOrgEx
0x44f124 CreateBitmap
0x44f128 PatBlt
0x44f130 GetMapMode
0x44f134 SetRectRgn
0x44f138 CombineRgn
0x44f13c GetTextMetricsA
0x44f140 GetTextColor
0x44f144 GetBkColor
0x44f148 LPtoDP
0x44f14c CopyMetaFileA
0x44f150 CreateDCA
0x44f154 SetBkMode
0x44f158 SetBkColor
0x44f15c SelectPalette
0x44f160 SelectObject
0x44f164 RestoreDC
0x44f168 SaveDC
0x44f16c StartDocA
0x44f170 DeleteDC
0x44f174 Escape
0x44f178 ExtTextOutA
0x44f17c TextOutA
0x44f180 RectVisible
0x44f184 PtVisible
0x44f190 GetStockObject
0x44f194 BitBlt
0x44f198 CreateFontA
0x44f19c DPtoLP
0x44f1a0 StretchBlt
0x44f1a4 CreateCompatibleDC
0x44f1a8 GetObjectA
0x44f1ac DeleteObject
0x44f1b0 CreateDIBitmap
0x44f1b4 GetTextExtentPointA
0x44f1b8 CreateFontIndirectA
Library comdlg32.dll:
0x44f7cc GetSaveFileNameA
0x44f7d0 GetFileTitleA
0x44f7d4 GetOpenFileNameA
Library WINSPOOL.DRV:
0x44f7bc ClosePrinter
0x44f7c0 DocumentPropertiesA
0x44f7c4 OpenPrinterA
Library ADVAPI32.dll:
0x44f000 RegCreateKeyA
0x44f004 RegQueryValueA
0x44f008 RegOpenKeyExA
0x44f00c RegQueryValueExA
0x44f010 RegOpenKeyA
0x44f014 RegCreateKeyExA
0x44f018 RegSetValueExA
0x44f01c RegDeleteValueA
0x44f020 RegDeleteKeyA
0x44f024 RegSetValueA
0x44f028 RegCloseKey
0x44f02c RegEnumKeyA
Library SHELL32.dll:
0x44f4c4 DragQueryFileA
0x44f4c8 DragFinish
0x44f4cc SHGetFileInfoA
0x44f4d0 DragAcceptFiles
0x44f4d4 SHAppBarMessage
0x44f4d8 Shell_NotifyIconA
0x44f4dc ShellExecuteA
0x44f4e0 ExtractIconA
Library COMCTL32.dll:
0x44f034 _TrackMouseEvent
0x44f038
0x44f03c
0x44f040
0x44f044 ImageList_Destroy
0x44f048 ImageList_Create
0x44f050 ImageList_Merge
0x44f054 ImageList_Read
0x44f058 ImageList_Write
Library oledlg.dll:
0x44f860
Library ole32.dll:
0x44f7dc OleUninitialize
0x44f7e0 OleInitialize
0x44f7e4 CoDisconnectObject
0x44f7e8 OleRun
0x44f7ec ReleaseStgMedium
0x44f7f0 CoTreatAsClass
0x44f7f4 StringFromCLSID
0x44f7f8 ReadClassStg
0x44f7fc ReadFmtUserTypeStg
0x44f800 OleRegGetUserType
0x44f804 WriteClassStg
0x44f80c SetConvertStg
0x44f810 CreateBindCtx
0x44f814 OleDuplicateData
0x44f818 CoTaskMemAlloc
0x44f81c CoTaskMemFree
0x44f82c CoGetClassObject
0x44f830 CoCreateInstance
0x44f834 CLSIDFromString
0x44f838 CLSIDFromProgID
0x44f844 CoRevokeClassObject
0x44f848 OleSetClipboard
0x44f84c OleFlushClipboard
0x44f858 WriteFmtUserTypeStg
Library OLEPRO32.DLL:
0x44f4bc
Library OLEAUT32.dll:
0x44f42c SysAllocStringLen
0x44f434 SafeArrayAccessData
0x44f438 SafeArrayGetUBound
0x44f43c SafeArrayGetLBound
0x44f444 SafeArrayGetDim
0x44f448 SafeArrayCreate
0x44f44c VariantClear
0x44f450 SafeArrayRedim
0x44f454 VariantCopy
0x44f458 SysAllocString
0x44f460 VariantChangeType
0x44f464 SysStringByteLen
0x44f468 VarCyFromStr
0x44f46c VarBstrFromCy
0x44f470 VarDateFromStr
0x44f474 VarBstrFromDate
0x44f478 SafeArrayCopy
0x44f47c SafeArrayAllocData
0x44f484 SafeArrayGetElement
0x44f488 SafeArrayPtrOfIndex
0x44f48c SafeArrayPutElement
0x44f490 SafeArrayLock
0x44f494 SafeArrayUnlock
0x44f498 SafeArrayDestroy
0x44f4a8 SysReAllocStringLen
0x44f4ac SysStringLen
0x44f4b0 LoadTypeLib
0x44f4b4 SysFreeString

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49236 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.