0.6
低危
该样本未表现出任何异常!
重新分析
更多

04279387a62c8c8cf6ce15de744c5d87bfe771c326606433bb3944f90926059e

04279387a62c8c8cf6ce15de744c5d87bfe771c326606433bb3944f90926059e.exe

分析耗时

151s

最近分析

388天前

文件大小

60.0KB
静态报毒 动态报毒 UNKNOWN
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.53
MFGraph 0.00
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
行为判定
动态指标
在 PE 资源中识别到外语 (1 个事件)
name DLL language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00005060 size 0x00009c00
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2010-07-31 19:55:58

PE Imphash

ba23a556ac1d6444f7f76feafd6c8867

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000189a 0x00002000 5.131358637328581
.rdata 0x00003000 0x00000a98 0x00001000 4.126459626685768
.data 0x00004000 0x00000520 0x00001000 1.0715771578017714
.rsrc 0x00005000 0x00009c60 0x0000a000 0.6491924191732593

Resources

Name Offset Size Language Sub-language File type
DLL 0x00005060 0x00009c00 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None

Imports

Library KERNEL32.dll:
0x403040 lstrcatA
0x403044 lstrcpyA
0x40304c GetShortPathNameA
0x403050 GetModuleFileNameA
0x403054 GetLastError
0x403058 SetFileAttributesA
0x40305c CopyFileA
0x403060 CloseHandle
0x403064 GetCurrentProcess
0x403068 CreateFileA
0x40306c GlobalFree
0x403070 LockResource
0x403074 GlobalAlloc
0x403078 LoadResource
0x40307c SizeofResource
0x403080 FindResourceA
0x403084 SetPriorityClass
0x403088 GetCurrentThread
0x40308c SetThreadPriority
0x403090 ResumeThread
0x403094 Sleep
0x403098 GetStartupInfoA
0x40309c CreateProcessA
0x4030a0 lstrlenA
0x4030a4 VirtualAllocEx
0x4030a8 WriteProcessMemory
0x4030ac GetModuleHandleA
0x4030b0 GetProcAddress
0x4030b4 CreateRemoteThread
0x4030bc GetSystemDirectoryA
0x4030c0 WriteFile
Library USER32.dll:
0x403164 MessageBoxA
Library comdlg32.dll:
0x40316c GetFileTitleA
Library ADVAPI32.dll:
0x403000 CloseServiceHandle
0x403004 RegOpenKeyExA
0x403008 RegQueryValueExA
0x403010 RegCreateKeyA
0x403018 SetServiceStatus
0x40301c RegOpenKeyA
0x403020 RegDeleteValueA
0x403024 RegSetValueExA
0x403028 RegCloseKey
0x40302c OpenServiceA
0x403030 CreateServiceA
0x403034 OpenSCManagerA
0x403038 StartServiceA
Library ole32.dll:
0x403174 CoUninitialize
0x403178 CoCreateGuid
0x40317c CoInitialize
Library MFC42.DLL:
0x4030c8 None
0x4030cc None
0x4030d0 None
0x4030d4 None
0x4030d8 None
Library MSVCRT.dll:
0x4030f4 _controlfp
0x4030f8 __set_app_type
0x4030fc __CxxFrameHandler
0x403100 _snprintf
0x403104 free
0x403108 fwrite
0x40310c fclose
0x403110 fread
0x403114 malloc
0x403118 ftell
0x40311c fseek
0x403120 fopen
0x403124 exit
0x403128 strstr
0x40312c strncmp
0x403130 _except_handler3
0x403134 __dllonexit
0x403138 _onexit
0x40313c _exit
0x403140 _XcptFilter
0x403144 _acmdln
0x403148 __getmainargs
0x40314c _initterm
0x403150 __setusermatherr
0x403154 _adjust_fdiv
0x403158 __p__commode
0x40315c __p__fmode
Library MSVCP60.dll:
L!This program cannot be run in DOS mode.
`.rdata
@.data
SVD$\WP]
VWh|C@
D$TSUVWh
3|$$\$
L$ D$$D
D$ RPj
P_^]3[`
QR; @@
jeQD$(
d$ P$<
PQRhC@
L$lPQ\$
PD$pPj
r 3+t$L|$LhC@
3RQPPPPP$
PRPD$@D
D$HD$DD$L|$lfD$rD$tf|$p
PQB @@
jeQD$$
UV5d1@
3|$1D$0
T$0QL$ D$
t<L$ D$ (A@
QR3IQPQ
uChlD@
tBT$ D$
SUVWL$$D$(
YHUjh1@
hSVWe3
EPEPEP
0u>"u:Fu
<"u>"u
> vFuj
YY3%0@
vwxw9}wwS
wwwkwwqpww82w
|jH||W|1
{2292FB62-CF58-4657-B8F5-9353064C1833}
"|)|(|&
|(|cL|
's=IsCs:Cs
/w|Sw'wvw
w~w`|wPzw\wQNwMww-w
wwgwuw#www
AOwBOw
GetSystemDirectoryA
GetSystemWindowsDirectoryA
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
lstrlenA
CreateProcessA
GetStartupInfoA
ResumeThread
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
GetLastError
SetFileAttributesA
CopyFileA
CloseHandle
WriteFile
CreateFileA
GlobalFree
LockResource
GlobalAlloc
LoadResource
SizeofResource
FindResourceA
KERNEL32.dll
MessageBoxA
USER32.dll
GetFileTitleA
comdlg32.dll
RegCloseKey
RegSetValueExA
RegDeleteValueA
RegOpenKeyA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegCreateKeyA
StartServiceCtrlDispatcherA
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
StartServiceA
OpenServiceA
CreateServiceA
OpenSCManagerA
ADVAPI32.dll
CoUninitialize
CoCreateGuid
CoInitialize
ole32.dll
MFC42.DLL
__CxxFrameHandler
_snprintf
fwrite
fclose
malloc
strstr
strncmp
_except_handler3
MSVCRT.dll
__dllonexit
_onexit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
MSVCP60.dll
StormServer.dll
Storm ddos Server
Welcome to use storm ddos
Thank you
Program Files\Internet Explorer
calc.exe
notepad.exe
iexplore.exe
Kernel32
LoadLibraryA
ServiceDLL
SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
%SystemRoot%\System32\
> nul
/c del
COMSPEC
{%08X-%04X-%04x-%02X%02X-%02X%02X%02X%02X%02X%02X}
stubpath
SOFTWARE\Microsoft\Active Setup\Installed Components\
Description
SYSTEM\CurrentControlSet\Services\
L!This program cannot be run in DOS mode.
N\;&J\
N\Rich
@.reloc
192.168.1.2
Storm ddos DNS
Welcome to use storm ddos
Thank you
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
STORM:%d|%s|%s|%s|%s
GlobalMemoryStatusEx
kernel32.dll
~%u MHz
HARDWARE\DESCRIPTION\System\CentralProcessor\0
WinVista
Win2K3
%%%c%c%%%c%c
setsockopt Error!
%d.%d.%d.%d
i..c5.Ffp.36U
192.168.1.244
HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Connection: Keep-Alive
HTTP/1.1
Content-Type: text/html
Host:
Accept: text/html, */*
User-Agent:Mozilla/4.0 (compatible; MSIE 6.00; Windows NT 5.0; MyIE 3.01)
Referer: http://
:80/http://
Connection: Close
Cache-Control: no-cache
User-Agent:Mozilla/5.0 (X11; U; Linux i686; en-US; re:1.4.0) Gecko/20080808 Firefox/8.0
>CLICK OPEN PAGE
Connection: Keep-Alive
Cookie:
expires
HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
Host:
User-Agent:Mozilla/4.0 (compatible; MSIE 7.00; Windows NT 5.1; MyIE 3.01)
xq1986
Cache-Control: no-cache
Referer: http://www.google.com
iexplore.exe
SeShutdownPrivilege
log off
ServiceDLL
SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
%SystemRoot%\System32\srvsvc.dll
stubpath
Software\Microsoft\Active Setup\Installed Components\
URLDownloadToFileA
wininet.dll
urlmon.dll
gethostbyname
WSOCK32.DLL
Strom attack

Process Tree

04279387a62c8c8cf6ce15de744c5d87bfe771c326606433bb3944f90926059e.exe, PID: 3028, Parent PID: 2600

default registry file network process services synchronisation iexplore office pdf

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.