3.0
中危
1 个模型检测该样本为恶意!
重新分析
更多

75f1de8cf4fa5ff61ae890ecbeb231368dc5b6bbe7178136e3b53b8ea82a5aa9

94dfde8e33fcd9d20f442bd42a615336.exe

分析耗时

94s

最近分析

文件大小

17.9MB
静态报毒 动态报毒 KILLPROC
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20180929 6.0.6.653
Alibaba 20180921 0.1.0.2
Baidu 20180929 1.0.0.2
Avast 20180929 18.4.3895.0
Tencent 20180929 1.0.0.1
Kingsoft 20180929 2013.8.14.323
CrowdStrike 20180723 1.0
静态指标
This executable has a PDB path (1 个事件)
pdb_path d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (7 个事件)
Time & API Arguments Status Return Repeated
1620946605.046875
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x745e1000
success 0 0
1620946605.296875
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x747a1000
success 0 0
1620946605.874875
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77711000
success 0 0
1620946605.874875
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76241000
success 0 0
1620946605.874875
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76121000
success 0 0
1620946606.374875
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75331000
success 0 0
1620946606.374875
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76881000
success 0 0
File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)
TheHacker Trojan/KillProc.l
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2013-12-01 16:08:23

Imports

Library COMCTL32.dll:
Library SHLWAPI.dll:
0x427288 SHAutoComplete
Library KERNEL32.dll:
0x427064 ReadFile
0x427068 GetFileAttributesW
0x42706c SetFileAttributesW
0x427070 FindNextFileW
0x427074 GetFullPathNameW
0x427078 GetModuleFileNameW
0x42707c FindResourceW
0x427080 GetModuleHandleW
0x427084 FreeLibrary
0x427088 GetProcAddress
0x42708c LoadLibraryW
0x427090 GetCurrentProcessId
0x427094 GetLocaleInfoW
0x427098 GetNumberFormatW
0x4270a0 WaitForSingleObject
0x4270a8 GetDateFormatW
0x4270ac GetTimeFormatW
0x4270b8 GetExitCodeProcess
0x4270bc GetTempPathW
0x4270c0 MoveFileExW
0x4270c4 Sleep
0x4270c8 UnmapViewOfFile
0x4270cc MapViewOfFile
0x4270d0 GetCommandLineW
0x4270d4 CreateFileMappingW
0x4270d8 GetTickCount
0x4270e0 OpenFileMappingW
0x4270e4 CreateThread
0x4270f4 ReleaseSemaphore
0x4270f8 ResetEvent
0x427100 SetEvent
0x427104 SetThreadPriority
0x42710c CreateEventW
0x427110 CreateSemaphoreW
0x427118 GetSystemTime
0x427120 WideCharToMultiByte
0x427124 MultiByteToWideChar
0x427128 CompareStringW
0x42712c IsDBCSLeadByte
0x427130 FindFirstFileW
0x427134 GetFileType
0x42713c WriteConsoleW
0x427140 GetConsoleOutputCP
0x427144 WriteConsoleA
0x427148 SetStdHandle
0x42714c GetLocaleInfoA
0x427150 GetStringTypeW
0x427154 GetStringTypeA
0x427158 LoadLibraryA
0x42715c GetConsoleMode
0x427160 GetConsoleCP
0x42716c SetHandleCount
0x427180 LCMapStringW
0x427184 LCMapStringA
0x427188 IsValidCodePage
0x42718c GetOEMCP
0x427190 GetACP
0x427194 GetModuleFileNameA
0x427198 ExitProcess
0x42719c HeapSize
0x4271a0 IsDebuggerPresent
0x4271ac TerminateProcess
0x4271b0 VirtualAlloc
0x4271b4 VirtualFree
0x4271b8 HeapCreate
0x4271c0 GetCurrentThreadId
0x4271c8 TlsFree
0x4271cc TlsSetValue
0x4271d0 TlsAlloc
0x4271d4 TlsGetValue
0x4271d8 GetStartupInfoA
0x4271dc GetCommandLineA
0x4271e0 RaiseException
0x4271e8 SetEndOfFile
0x4271ec SetFilePointer
0x4271f0 GetStdHandle
0x4271f4 WriteFile
0x4271f8 FlushFileBuffers
0x4271fc GetLongPathNameW
0x427200 MoveFileW
0x427204 GetShortPathNameW
0x427208 CreateDirectoryW
0x42720c RemoveDirectoryW
0x427210 GlobalAlloc
0x427214 DeleteFileW
0x427218 FindClose
0x42721c CreateFileW
0x427220 DeviceIoControl
0x427224 SetFileTime
0x427228 GetCurrentProcess
0x42722c CloseHandle
0x427230 CreateHardLinkW
0x427234 SetLastError
0x427238 GetLastError
0x427240 CreateFileA
0x427244 GetCPInfo
0x427248 HeapAlloc
0x42724c HeapReAlloc
0x427250 HeapFree
0x427254 RtlUnwind
Library USER32.dll:
0x427290 EnableWindow
0x427294 ShowWindow
0x427298 GetDlgItem
0x42729c MessageBoxW
0x4272a0 FindWindowExW
0x4272a4 GetParent
0x4272a8 MapWindowPoints
0x4272ac CreateWindowExW
0x4272b0 UpdateWindow
0x4272b4 LoadCursorW
0x4272b8 RegisterClassExW
0x4272bc DefWindowProcW
0x4272c0 DestroyWindow
0x4272c4 CopyRect
0x4272c8 IsWindow
0x4272cc CharUpperW
0x4272d0 OemToCharBuffA
0x4272d4 LoadIconW
0x4272d8 PostMessageW
0x4272dc GetSysColor
0x4272e0 SetForegroundWindow
0x4272e4 WaitForInputIdle
0x4272e8 IsWindowVisible
0x4272ec DialogBoxParamW
0x4272f0 DestroyIcon
0x4272f4 SetFocus
0x4272f8 GetClassNameW
0x4272fc SendDlgItemMessageW
0x427300 EndDialog
0x427304 GetDlgItemTextW
0x427308 SetDlgItemTextW
0x42730c wvsprintfW
0x427310 SendMessageW
0x427314 GetDC
0x427318 ReleaseDC
0x42731c PeekMessageW
0x427320 GetMessageW
0x427324 TranslateMessage
0x427328 DispatchMessageW
0x42732c LoadStringW
0x427330 GetWindowRect
0x427334 GetClientRect
0x427338 SetWindowPos
0x42733c GetWindowTextW
0x427340 SetWindowTextW
0x427344 GetSystemMetrics
0x427348 GetWindow
0x42734c GetWindowLongW
0x427350 SetWindowLongW
0x427354 LoadBitmapW
Library GDI32.dll:
0x427040 GetDeviceCaps
0x427044 CreateCompatibleDC
0x427048 GetObjectW
0x427050 SelectObject
0x427054 StretchBlt
0x427058 DeleteDC
0x42705c DeleteObject
Library COMDLG32.dll:
0x427030 GetSaveFileNameW
0x427038 GetOpenFileNameW
Library ADVAPI32.dll:
0x427000 RegOpenKeyExW
0x427004 RegQueryValueExW
0x427008 RegCreateKeyExW
0x42700c RegSetValueExW
0x427010 RegCloseKey
0x427014 SetFileSecurityW
0x427018 OpenProcessToken
Library SHELL32.dll:
0x427264 SHChangeNotify
0x427268 SHGetFileInfoW
0x42726c SHGetMalloc
0x427278 SHBrowseForFolderW
0x42727c ShellExecuteExW
0x427280 SHFileOperationW
Library ole32.dll:
0x42735c CLSIDFromString
0x427360 CoCreateInstance
0x427364 OleInitialize
0x427368 OleUninitialize
Library OLEAUT32.dll:
0x42725c VariantInit

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.