SmartHawk

1.4

低危

该样本未表现出任何异常！

重新分析

下载样本

30a0ed3a851ef3f7b72a85baccf7d621679722593b1113ce78c3a73bbe84942d

92cee4637985e3dfd7bf927bdef6a402.exe

分析耗时

17s

查杀引擎	查杀时间	查杀版本
McAfee	20201130	6.0.6.653
CrowdStrike	20190702	1.0
Baidu	20190318	1.0.0.2
Alibaba	20190527	0.3.0.5
Tencent	20201129	1.0.0.1
Kingsoft	20201129	2017.9.26.565
Avast	20201130	20.10.5736.0

Time & API	Arguments	Status	Return	Repeated
1620946612.432812 GlobalMemoryStatusEx		success	1	0

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2014-04-25 01:28:33

Imports

Library USER32.dll:

• 0x14002a4c8 EnumWindows

• 0x14002a4d0 IsIconic

• 0x14002a4d8 ShowWindow

• 0x14002a4e0 SetForegroundWindow

• 0x14002a4e8 GetLastActivePopup

• 0x14002a4f0 IsWindowVisible

• 0x14002a4f8 GetWindowThreadProcessId

• 0x14002a500 MessageBoxA

• 0x14002a508 MessageBoxW

Library ADVAPI32.dll:

• 0x14002a000 RegQueryValueExW

• 0x14002a008 StartServiceCtrlDispatcherA

• 0x14002a010 RegisterServiceCtrlHandlerA

• 0x14002a018 CreateServiceA

• 0x14002a020 DeleteService

• 0x14002a028 ControlService

• 0x14002a030 StartServiceA

• 0x14002a038 OpenSCManagerA

• 0x14002a040 OpenServiceA

• 0x14002a048 QueryServiceStatus

• 0x14002a050 QueryServiceConfigA

• 0x14002a058 CloseServiceHandle

• 0x14002a060 SetServiceStatus

• 0x14002a068 RegOpenKeyExA

• 0x14002a070 RegQueryValueExA

• 0x14002a078 RegCreateKeyExA

• 0x14002a080 RegCloseKey

• 0x14002a088 RegSetValueExW

• 0x14002a090 RegCreateKeyExW

• 0x14002a098 RegOpenKeyExW

• 0x14002a0a0 RegEnumKeyExW

• 0x14002a0a8 RegSetValueExA

Library KERNEL32.dll:

• 0x14002a0b8 FreeEnvironmentStringsA

• 0x14002a0c0 GetEnvironmentStrings

• 0x14002a0c8 QueryPerformanceCounter

• 0x14002a0d0 HeapReAlloc

• 0x14002a0d8 WriteConsoleA

• 0x14002a0e0 SetStdHandle

• 0x14002a0e8 LCMapStringA

• 0x14002a0f0 GetStringTypeA

• 0x14002a0f8 GetStringTypeW

• 0x14002a100 GetLocaleInfoA

• 0x14002a108 CompareStringA

• 0x14002a110 CompareStringW

• 0x14002a118 SetEndOfFile

• 0x14002a120 SearchPathW

• 0x14002a128 CreateFileW

• 0x14002a130 SetFilePointer

• 0x14002a138 GetLastError

• 0x14002a140 WriteFile

• 0x14002a148 ReadFile

• 0x14002a150 GetProcAddress

• 0x14002a158 LoadLibraryA

• 0x14002a160 GetUserDefaultLCID

• 0x14002a168 CloseHandle

• 0x14002a170 CreateDirectoryW

• 0x14002a178 GetLongPathNameW

• 0x14002a180 ExitProcess

• 0x14002a188 RemoveDirectoryW

• 0x14002a190 FindClose

• 0x14002a198 FindNextFileW

• 0x14002a1a0 DeleteFileW

• 0x14002a1a8 FindFirstFileW

• 0x14002a1b0 WideCharToMultiByte

• 0x14002a1b8 MultiByteToWideChar

• 0x14002a1c0 AreFileApisANSI

• 0x14002a1c8 FindFirstFileA

• 0x14002a1d0 CreateFileA

• 0x14002a1d8 GetShortPathNameA

• 0x14002a1e0 GetModuleFileNameA

• 0x14002a1e8 GetShortPathNameW

• 0x14002a1f0 GetModuleFileNameW

• 0x14002a1f8 GetWindowsDirectoryA

• 0x14002a200 GetLongPathNameA

• 0x14002a208 GetEnvironmentVariableA

• 0x14002a210 GetTempPathA

• 0x14002a218 GetWindowsDirectoryW

• 0x14002a220 GetEnvironmentVariableW

• 0x14002a228 GetTempPathW

• 0x14002a230 GetTempFileNameA

• 0x14002a238 GetTempFileNameW

• 0x14002a240 GetFullPathNameW

• 0x14002a248 GetFullPathNameA

• 0x14002a250 FreeEnvironmentStringsW

• 0x14002a258 GetEnvironmentStringsW

• 0x14002a260 GetConsoleOutputCP

• 0x14002a268 GetCurrentProcessId

• 0x14002a270 DuplicateHandle

• 0x14002a278 GetCurrentProcess

• 0x14002a280 TerminateProcess

• 0x14002a288 GetExitCodeProcess

• 0x14002a290 WaitForSingleObject

• 0x14002a298 CreateProcessW

• 0x14002a2a0 LoadLibraryW

• 0x14002a2a8 SetEnvironmentVariableW

• 0x14002a2b0 GetProcessHeap

• 0x14002a2b8 EnterCriticalSection

• 0x14002a2c0 InitializeCriticalSection

• 0x14002a2c8 LeaveCriticalSection

• 0x14002a2d0 ReleaseSemaphore

• 0x14002a2d8 CreateSemaphoreA

• 0x14002a2e0 DeleteFileA

• 0x14002a2e8 GetCommandLineW

• 0x14002a2f0 Sleep

• 0x14002a2f8 SizeofResource

• 0x14002a300 LockResource

• 0x14002a308 LoadResource

• 0x14002a310 FindResourceA

• 0x14002a318 GetTickCount

• 0x14002a320 GetModuleHandleA

• 0x14002a328 CreateDirectoryA

• 0x14002a330 SetCurrentDirectoryW

• 0x14002a338 SetConsoleCtrlHandler

• 0x14002a340 CreateThread

• 0x14002a348 SetHandleInformation

• 0x14002a350 CreatePipe

• 0x14002a358 UnhandledExceptionFilter

• 0x14002a360 SetUnhandledExceptionFilter

• 0x14002a368 IsDebuggerPresent

• 0x14002a370 RtlVirtualUnwind

• 0x14002a378 RtlLookupFunctionEntry

• 0x14002a380 RtlCaptureContext

• 0x14002a388 RaiseException

• 0x14002a390 RtlPcToFileHeader

• 0x14002a398 RtlUnwindEx

• 0x14002a3a0 GetSystemTimeAsFileTime

• 0x14002a3a8 RemoveDirectoryA

• 0x14002a3b0 HeapAlloc

• 0x14002a3b8 HeapFree

• 0x14002a3c0 WriteConsoleW

• 0x14002a3c8 GetFileType

• 0x14002a3d0 GetStdHandle

• 0x14002a3d8 DebugBreak

• 0x14002a3e0 GetModuleHandleW

• 0x14002a3e8 GetCommandLineA

• 0x14002a3f0 GetStartupInfoA

• 0x14002a3f8 EncodePointer

• 0x14002a400 DecodePointer

• 0x14002a408 FlsGetValue

• 0x14002a410 FlsSetValue

• 0x14002a418 FlsFree

• 0x14002a420 SetLastError

• 0x14002a428 GetCurrentThreadId

• 0x14002a430 FlsAlloc

• 0x14002a438 HeapSize

• 0x14002a440 GetConsoleCP

• 0x14002a448 GetConsoleMode

• 0x14002a450 FlushFileBuffers

• 0x14002a458 DeleteCriticalSection

• 0x14002a460 SetHandleCount

• 0x14002a468 HeapSetInformation

• 0x14002a470 HeapCreate

• 0x14002a478 GetCPInfo

• 0x14002a480 GetACP

• 0x14002a488 GetOEMCP

• 0x14002a490 IsValidCodePage

• 0x14002a498 LCMapStringW

• 0x14002a4a0 SetEnvironmentVariableA

• 0x14002a4a8 GetTimeZoneInformation

• 0x14002a4b0 GetFileAttributesW

• 0x14002a4b8 InitializeCriticalSectionAndSpinCount

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49713	114.114.114.114	53
192.168.56.101	50002	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	57874	114.114.114.114	53
192.168.56.101	60384	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	53237	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	62318	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	49238	239.255.255.250	1900
192.168.56.101	49714	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.