SmartHawk

1.8

低危

1 个模型检测该样本为恶意！

重新分析

下载样本

ee89c72ef79b7e2a9785d549cf44cb438a0d85594ef6ead27b5cd7d5c87b0233

959932fa8a6a54d21b89534a6d1ae9e0.exe

分析耗时

29s

查杀引擎	查杀时间	查杀版本
Alibaba	20190527	0.3.0.5
Baidu	20190318	1.0.0.2
Avast	20200917	18.4.3895.0
Kingsoft	20200917	2013.8.14.323
McAfee	20200915	6.0.6.653
Tencent	20200917	1.0.0.1
CrowdStrike	20190702	1.0

Time & API	Arguments	Status	Return	Repeated
1619810063.527374 IsDebuggerPresent		failed	0	0

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2006-11-08 00:28:41

Imports

Library KERNEL32.dll:

• 0x415068 GetVersion

• 0x41506c lstrlenA

• 0x415070 CreateProcessA

• 0x415074 lstrcmpiA

• 0x415078 lstrcatA

• 0x41507c lstrcpyA

• 0x415080 WaitForSingleObject

• 0x415084 WinExec

• 0x415088 OpenFile

• 0x41508c _lclose

• 0x415090 GetFileAttributesA

• 0x415094 _lwrite

• 0x415098 GetTimeZoneInformation

• 0x41509c _lread

• 0x4150a0 LocalFileTimeToFileTime

• 0x4150a4 DosDateTimeToFileTime

• 0x4150a8 SetFileTime

• 0x4150ac GetFullPathNameA

• 0x4150b0 CreateDirectoryA

• 0x4150b4 GetLastError

• 0x4150b8 SetVolumeLabelA

• 0x4150bc GetFileSize

• 0x4150c0 GetVolumeInformationA

• 0x4150c4 SetFilePointer

• 0x4150c8 SetStdHandle

• 0x4150cc SetEnvironmentVariableA

• 0x4150d0 CompareStringW

• 0x4150d4 CompareStringA

• 0x4150d8 GetEnvironmentStringsW

• 0x4150dc GetEnvironmentStrings

• 0x4150e0 FreeEnvironmentStringsW

• 0x4150e4 FreeEnvironmentStringsA

• 0x4150e8 UnhandledExceptionFilter

• 0x4150ec GetFileType

• 0x4150f0 GetStdHandle

• 0x4150f4 SetHandleCount

• 0x4150f8 LoadLibraryA

• 0x4150fc FlushFileBuffers

• 0x415100 GetCurrentProcess

• 0x415104 TerminateProcess

• 0x415108 GetOEMCP

• 0x41510c GetCPInfo

• 0x415110 GetStringTypeW

• 0x415114 GetStringTypeA

• 0x415118 LCMapStringW

• 0x41511c LCMapStringA

• 0x415120 MultiByteToWideChar

• 0x415124 WideCharToMultiByte

• 0x415128 TlsGetValue

• 0x41512c SetLastError

• 0x415130 TlsAlloc

• 0x415134 TlsSetValue

• 0x415138 GetCurrentThreadId

• 0x41513c RtlUnwind

• 0x415140 DeleteCriticalSection

• 0x415144 InitializeCriticalSection

• 0x415148 HeapReAlloc

• 0x41514c HeapCreate

• 0x415150 HeapDestroy

• 0x415154 GetEnvironmentVariableA

• 0x415158 ExitProcess

• 0x41515c GetCommandLineA

• 0x415160 GetStartupInfoA

• 0x415164 GetModuleHandleA

• 0x415168 LeaveCriticalSection

• 0x41516c EnterCriticalSection

• 0x415170 FileTimeToLocalFileTime

• 0x415174 FileTimeToSystemTime

• 0x415178 GetCurrentDirectoryA

• 0x41517c InterlockedIncrement

• 0x415180 InterlockedDecrement

• 0x415184 GetLocalTime

• 0x415188 GetSystemTime

• 0x41518c HeapFree

• 0x415190 HeapAlloc

• 0x415194 GetProcAddress

• 0x415198 FreeLibrary

• 0x41519c CompareFileTime

• 0x4151a0 SetFileAttributesA

• 0x4151a4 CopyFileA

• 0x4151a8 GetTempPathA

• 0x4151ac DeleteFileA

• 0x4151b0 SetCurrentDirectoryA

• 0x4151b4 RemoveDirectoryA

• 0x4151b8 ReadFile

• 0x4151bc _llseek

• 0x4151c0 GetVersionExA

• 0x4151c4 GetACP

• 0x4151c8 GetDriveTypeA

• 0x4151cc FindFirstFileA

• 0x4151d0 FindNextFileA

• 0x4151d4 FindClose

• 0x4151d8 VirtualAlloc

• 0x4151dc VirtualFree

• 0x4151e0 Sleep

• 0x4151e4 GetModuleFileNameA

• 0x4151e8 CreateFileA

• 0x4151ec CloseHandle

• 0x4151f0 GetWindowsDirectoryA

• 0x4151f4 WriteFile

• 0x4151f8 GetSystemDirectoryA

Library USER32.dll:

• 0x41521c SetActiveWindow

• 0x415220 DestroyWindow

• 0x415224 EnableWindow

• 0x415228 SetWindowPos

• 0x41522c EnumWindows

• 0x415230 LoadBitmapA

• 0x415234 LoadCursorA

• 0x415238 OemToCharA

• 0x41523c ShowWindow

• 0x415240 GetMessageA

• 0x415244 IsDialogMessageA

• 0x415248 PostQuitMessage

• 0x41524c GetDlgCtrlID

• 0x415250 EnableMenuItem

• 0x415254 KillTimer

• 0x415258 SetTimer

• 0x41525c GetWindowTextA

• 0x415260 PostMessageA

• 0x415264 SetFocus

• 0x415268 CreateWindowExA

• 0x41526c SetCursor

• 0x415270 GetParent

• 0x415274 AdjustWindowRectEx

• 0x415278 DrawFocusRect

• 0x41527c DdeInitializeA

• 0x415280 DdeCreateStringHandleA

• 0x415284 DdeConnect

• 0x415288 wsprintfA

• 0x41528c DdeCreateDataHandle

• 0x415290 DdeClientTransaction

• 0x415294 DdeGetLastError

• 0x415298 DdeFreeStringHandle

• 0x41529c DdeDisconnect

• 0x4152a0 DdeUninitialize

• 0x4152a4 UnregisterClassA

• 0x4152a8 GetClassInfoA

• 0x4152ac RegisterClassA

• 0x4152b0 MessageBeep

• 0x4152b4 GetWindowLongA

• 0x4152b8 SetWindowLongA

• 0x4152bc DefWindowProcA

• 0x4152c0 SetWindowWord

• 0x4152c4 GetClientRect

• 0x4152c8 InvalidateRect

• 0x4152cc UpdateWindow

• 0x4152d0 BeginPaint

• 0x4152d4 FillRect

• 0x4152d8 EndPaint

• 0x4152dc CallWindowProcA

• 0x4152e0 GetDC

• 0x4152e4 ScreenToClient

• 0x4152e8 GetSysColor

• 0x4152ec FrameRect

• 0x4152f0 ReleaseDC

• 0x4152f4 MoveWindow

• 0x4152f8 GetWindowWord

• 0x4152fc SetWindowTextA

• 0x415300 SendMessageA

• 0x415304 PeekMessageA

• 0x415308 TranslateMessage

• 0x41530c DispatchMessageA

• 0x415310 MessageBoxA

• 0x415314 DestroyIcon

• 0x415318 DestroyCursor

• 0x41531c GetDesktopWindow

• 0x415320 GetWindowRect

• 0x415324 LoadIconA

• 0x415328 GetDlgItem

Library GDI32.dll:

• 0x41501c SelectObject

• 0x415020 CreateCompatibleDC

• 0x415024 SetTextColor

• 0x415028 SetBkColor

• 0x41502c BitBlt

• 0x415030 GetStockObject

• 0x415034 SetBkMode

• 0x415038 TextOutA

• 0x41503c CreateSolidBrush

• 0x415040 GetTextExtentPoint32A

• 0x415044 DeleteObject

• 0x415048 MoveToEx

• 0x41504c LineTo

• 0x415050 CreatePen

• 0x415054 GetTextMetricsA

• 0x415058 CreateFontIndirectA

• 0x41505c DeleteDC

• 0x415060 EnumFontFamiliesA

Library ADVAPI32.dll:

• 0x415000 RegSetValueExA

• 0x415004 RegOpenKeyExA

• 0x415008 RegQueryValueExA

• 0x41500c RegCloseKey

• 0x415010 RegSetValueA

• 0x415014 RegCreateKeyA

Library SHELL32.dll:

• 0x415208 SHBrowseForFolderA

• 0x41520c SHGetPathFromIDListA

• 0x415210 ShellExecuteA

• 0x415214 FindExecutableA

Library ole32.dll:

• 0x415330 CoTaskMemFree

Library MPR.dll:

• 0x415200 WNetGetConnectionA

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49713	114.114.114.114	53
192.168.56.101	50002	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	60384	114.114.114.114	53
192.168.56.101	62318	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57756	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	51811	239.255.255.250	1900
192.168.56.101	53658	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\CDD SHS.pdf
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\BMA.pdf