5.2
中危
该样本未表现出任何异常!
重新分析
更多

0eb78e9ccd9ff40edb05222f434e159429993263c45fa345915087791a6acabb

8fdb36cdde749f95e045b0650c17fd91.exe

分析耗时

73s

最近分析

文件大小

2.0MB
静态报毒 动态报毒 CHINA
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
行为判定
动态指标
Checks for known Chinese AV sofware registry keys (1 个事件)
regkey .*360Safe
Foreign language identified in PE resource (5 个事件)
name CNO language LANG_CHINESE offset 0x000fd4f0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000060
name CNO language LANG_CHINESE offset 0x000fd4f0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000060
name CNO language LANG_CHINESE offset 0x000fd4f0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000060
name XLDL language LANG_CHINESE offset 0x000fd550 filetype Zip archive data, at least v2.0 to extract sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0012d3ef
name RT_VERSION language LANG_CHINESE offset 0x0023c138 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000300
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.959426514130024 section {'size_of_data': '0x0013f800', 'virtual_address': '0x000fd000', 'entropy': 7.959426514130024, 'name': '.rsrc', 'virtual_size': '0x0013f7e4'} description A section with a high entropy has been found
entropy 0.610752688172043 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Checks the version of Bios, possibly for anti-virtualization (1 个事件)
registry HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
Checks the CPU name from registry, possibly for anti-virtualization (1 个事件)
registry HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (4 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
dead_host 111.206.250.153:80
dead_host 36.110.213.203:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2016-06-06 21:04:30

Imports

Library KERNEL32.dll:
0x490044 DecodePointer
0x490050 GetProcAddress
0x490054 GetCurrentProcessId
0x490058 GetCurrentThreadId
0x49005c lstrcmpiW
0x490060 LoadLibraryExW
0x490064 GetModuleFileNameW
0x490068 GetModuleHandleW
0x49006c WideCharToMultiByte
0x490070 MultiByteToWideChar
0x490074 GetTempFileNameW
0x49007c GetTempPathW
0x490084 FindResourceExW
0x490088 FindResourceW
0x49008c FindResourceA
0x490090 GetCommandLineW
0x490094 GetStartupInfoW
0x490098 CreateProcessW
0x49009c CreateMutexA
0x4900a0 CloseHandle
0x4900a4 SizeofResource
0x4900a8 LoadResource
0x4900ac WaitForSingleObject
0x4900c4 ResumeThread
0x4900c8 GetLastError
0x4900cc SetThreadPriority
0x4900d0 RaiseException
0x4900d4 GetProcessHeap
0x4900d8 HeapSize
0x4900dc HeapFree
0x4900e0 HeapReAlloc
0x4900e4 HeapAlloc
0x4900e8 HeapDestroy
0x4900ec GlobalFree
0x4900f0 FreeLibrary
0x4900f4 LockResource
0x4900f8 LocalFree
0x4900fc lstrlenA
0x490100 lstrcmpiA
0x490104 lstrcmpA
0x490108 SetEndOfFile
0x49010c SetStdHandle
0x490120 ReadConsoleW
0x490124 SetFilePointerEx
0x490128 GetConsoleMode
0x49012c GetConsoleCP
0x490130 FlushFileBuffers
0x490134 GetOEMCP
0x490138 GetACP
0x49013c FreeResource
0x490140 IsValidCodePage
0x490144 ExitProcess
0x490148 WriteConsoleW
0x49014c GetModuleHandleExW
0x490150 EnumSystemLocalesW
0x490154 GetUserDefaultLCID
0x490158 IsValidLocale
0x49015c GetLocaleInfoW
0x490160 LCMapStringW
0x490164 CreateThread
0x490168 CreateFileW
0x49016c WriteFile
0x490170 DeleteFileW
0x490174 CreateEventW
0x490178 ResetEvent
0x49017c SetEvent
0x490180 GetSystemInfo
0x490188 Sleep
0x490190 lstrcpyW
0x490194 FindFirstFileW
0x490198 FindClose
0x49019c FindNextFileW
0x4901a0 LoadLibraryW
0x4901a4 ReadFile
0x4901a8 SetFilePointer
0x4901ac GetStdHandle
0x4901b0 GetModuleFileNameA
0x4901b4 GlobalAlloc
0x4901b8 CreateFileA
0x4901bc IsDebuggerPresent
0x4901c0 OutputDebugStringW
0x4901c4 GetStringTypeW
0x4901c8 EncodePointer
0x4901cc MoveFileExW
0x4901d0 CreateDirectoryW
0x4901d4 GetFileAttributesW
0x4901d8 SetLastError
0x4901dc MoveFileW
0x4901e0 RemoveDirectoryW
0x4901e4 SetFileAttributesW
0x4901e8 GetDriveTypeW
0x4901f0 DeviceIoControl
0x4901f4 GetDiskFreeSpaceExW
0x490204 UnmapViewOfFile
0x490208 GetCurrentProcess
0x49020c TerminateProcess
0x490214 VirtualAlloc
0x490218 VirtualProtect
0x49021c VirtualQuery
0x490220 ExitThread
0x490224 RtlUnwind
0x490228 AreFileApisANSI
0x490230 GetFileType
0x490238 GetCPInfo
0x490244 TlsAlloc
0x490248 TlsGetValue
0x49024c TlsSetValue
0x490250 TlsFree
0x490254 GetDateFormatW
0x490258 GetTimeFormatW
0x49025c CompareStringW
Library USER32.dll:
0x4902d0 DestroyWindow
0x4902d4 DefWindowProcW
0x4902d8 RemovePropA
0x4902dc DispatchMessageW
0x4902e0 TranslateMessage
0x4902e4 PeekMessageW
0x4902f0 CharNextW
0x4902f4 IsWindow
Library ADVAPI32.dll:
0x490000 RegCloseKey
0x490004 RegCreateKeyExW
0x490008 RegDeleteKeyW
0x49000c RegQueryValueExW
0x490010 RegDeleteValueW
0x490014 RegEnumKeyExW
0x490018 RegOpenKeyExA
0x49001c RegQueryValueExA
0x490020 RegEnumKeyExA
0x490024 RegOpenKeyExW
0x490028 RegSetValueExW
0x49002c RegQueryInfoKeyW
Library SHELL32.dll:
0x49027c SHFileOperationW
0x490288 CommandLineToArgvW
Library ole32.dll:
0x490364 CoInitialize
0x490368 CoCreateInstance
0x49036c CoTaskMemAlloc
0x490370 CoTaskMemRealloc
0x490374 CoTaskMemFree
0x490378 CreateBindCtx
0x49037c CoUninitialize
Library OLEAUT32.dll:
0x49026c VarUI4FromStr
Library SHLWAPI.dll:
0x490290 PathIsUNCW
0x490294 PathIsNetworkPathW
0x490298 PathIsDirectoryW
0x49029c PathFileExistsW
0x4902a0 StrCpyW
0x4902a4 PathIsRelativeW
0x4902a8 PathFindFileNameW
0x4902ac PathRemoveFileSpecW
0x4902b0 PathAddBackslashW
0x4902b4 PathIsRootW
0x4902b8 PathCombineW
0x4902bc SHGetValueA
0x4902c0 PathAppendW
0x4902c4 PathIsNetworkPathA
0x4902c8 SHSetValueA
Library COMCTL32.dll:
Library WS2_32.dll:
0x490318 freeaddrinfo
0x49031c getaddrinfo
0x490320 WSASocketW
0x490324 closesocket
0x490328 WSAStartup
0x49032c WSASetEvent
0x490330 WSACleanup
0x490334 WSASetLastError
0x490338 WSAGetLastError
0x49033c WSACloseEvent
0x490340 WSAConnect
0x490344 WSACreateEvent
0x49034c WSAEventSelect
0x490354 WSARecv
0x490358 WSAResetEvent
0x49035c WSASend
Library WINMM.dll:
0x49030c timeBeginPeriod
0x490310 timeEndPeriod
Library VERSION.dll:
0x4902fc GetFileVersionInfoW
0x490304 VerQueryValueW
Library IPHLPAPI.DLL:
0x49003c GetAdaptersInfo
Library urlmon.dll:
0x490388 CreateURLMoniker
Library NETAPI32.dll:
0x490264 Netbios

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.