1.8
低危
该样本未表现出任何异常!
重新分析
更多

0a056539785f34859694bf0e1c074ddaa5c89b1c8c89ea99f00b7ab4f84c9215

9711767c1bad4ca5cd17255eb8bcc11b.exe

分析耗时

22s

最近分析

文件大小

1.0MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1621014491.706375
NtAllocateVirtualMemory
process_identifier: 2268
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003d0000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.6808436970756935 section {'size_of_data': '0x00073400', 'virtual_address': '0x00094000', 'entropy': 7.6808436970756935, 'name': '.rsrc', 'virtual_size': '0x000732ac'} description A section with a high entropy has been found
entropy 0.44779018941233606 description Overall entropy of this PE file is high
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x486150 VirtualFree
0x486154 VirtualAlloc
0x486158 LocalFree
0x48615c LocalAlloc
0x486160 GetVersion
0x486164 GetCurrentThreadId
0x486170 VirtualQuery
0x486174 WideCharToMultiByte
0x486178 MultiByteToWideChar
0x48617c lstrlenA
0x486180 lstrcpynA
0x486184 LoadLibraryExA
0x486188 GetThreadLocale
0x48618c GetStartupInfoA
0x486190 GetProcAddress
0x486194 GetModuleHandleA
0x486198 GetModuleFileNameA
0x48619c GetLocaleInfoA
0x4861a0 GetCommandLineA
0x4861a4 FreeLibrary
0x4861a8 FindFirstFileA
0x4861ac FindClose
0x4861b0 ExitProcess
0x4861b4 WriteFile
0x4861bc RtlUnwind
0x4861c0 RaiseException
0x4861c4 GetStdHandle
Library user32.dll:
0x4861cc GetKeyboardType
0x4861d0 LoadStringA
0x4861d4 MessageBoxA
0x4861d8 CharNextA
Library advapi32.dll:
0x4861e0 RegQueryValueExA
0x4861e4 RegOpenKeyExA
0x4861e8 RegCloseKey
Library oleaut32.dll:
0x4861f0 SysFreeString
0x4861f4 SysReAllocStringLen
0x4861f8 SysAllocStringLen
Library kernel32.dll:
0x486200 TlsSetValue
0x486204 TlsGetValue
0x486208 LocalAlloc
0x48620c GetModuleHandleA
Library advapi32.dll:
0x486214 RegQueryValueExA
0x486218 RegOpenKeyExA
0x48621c RegCloseKey
Library kernel32.dll:
0x486224 lstrcpyA
0x486228 WriteFile
0x486230 WaitForSingleObject
0x486234 VirtualQuery
0x486238 VirtualProtect
0x48623c VirtualAlloc
0x486240 Sleep
0x486244 SizeofResource
0x486248 SetThreadLocale
0x48624c SetFilePointer
0x486250 SetEvent
0x486254 SetErrorMode
0x486258 SetEndOfFile
0x48625c ResetEvent
0x486260 ReadFile
0x486264 MulDiv
0x486268 LockResource
0x48626c LoadResource
0x486270 LoadLibraryA
0x48627c GlobalUnlock
0x486280 GlobalReAlloc
0x486284 GlobalHandle
0x486288 GlobalLock
0x48628c GlobalFree
0x486290 GlobalFindAtomA
0x486294 GlobalDeleteAtom
0x486298 GlobalAlloc
0x48629c GlobalAddAtomA
0x4862a0 GetVersionExA
0x4862a4 GetVersion
0x4862a8 GetTickCount
0x4862ac GetThreadLocale
0x4862b4 GetSystemTime
0x4862b8 GetSystemInfo
0x4862bc GetStringTypeExA
0x4862c0 GetStdHandle
0x4862c4 GetProcAddress
0x4862c8 GetModuleHandleA
0x4862cc GetModuleFileNameA
0x4862d0 GetLocaleInfoA
0x4862d4 GetLocalTime
0x4862d8 GetLastError
0x4862dc GetFullPathNameA
0x4862e0 GetDiskFreeSpaceA
0x4862e4 GetDateFormatA
0x4862e8 GetCurrentThreadId
0x4862ec GetCurrentProcessId
0x4862f0 GetCPInfo
0x4862f4 GetACP
0x4862f8 FreeResource
0x4862fc InterlockedExchange
0x486300 FreeLibrary
0x486304 FormatMessageA
0x486308 FindResourceA
0x486310 ExitProcess
0x486314 EnumCalendarInfoA
0x486320 CreateThread
0x486324 CreateFileA
0x486328 CreateEventA
0x48632c CompareStringA
0x486330 CloseHandle
Library version.dll:
0x486338 VerQueryValueA
0x486340 GetFileVersionInfoA
Library gdi32.dll:
0x486348 UnrealizeObject
0x48634c StretchBlt
0x486350 SetWindowOrgEx
0x486354 SetWinMetaFileBits
0x486358 SetViewportOrgEx
0x48635c SetTextColor
0x486360 SetStretchBltMode
0x486364 SetROP2
0x486368 SetPixel
0x48636c SetEnhMetaFileBits
0x486370 SetDIBColorTable
0x486374 SetBrushOrgEx
0x486378 SetBkMode
0x48637c SetBkColor
0x486380 SelectPalette
0x486384 SelectObject
0x486388 SaveDC
0x48638c RestoreDC
0x486390 Rectangle
0x486394 RectVisible
0x486398 RealizePalette
0x48639c Polyline
0x4863a0 PlayEnhMetaFile
0x4863a4 PatBlt
0x4863a8 MoveToEx
0x4863ac MaskBlt
0x4863b0 LineTo
0x4863b4 IntersectClipRect
0x4863b8 GetWindowOrgEx
0x4863bc GetWinMetaFileBits
0x4863c0 GetTextMetricsA
0x4863cc GetStockObject
0x4863d0 GetPixel
0x4863d4 GetPaletteEntries
0x4863d8 GetObjectA
0x4863e4 GetEnhMetaFileBits
0x4863e8 GetDeviceCaps
0x4863ec GetDIBits
0x4863f0 GetDIBColorTable
0x4863f4 GetDCOrgEx
0x4863fc GetClipBox
0x486400 GetBrushOrgEx
0x486404 GetBitmapBits
0x486408 GdiFlush
0x48640c ExtTextOutA
0x486410 ExcludeClipRect
0x486414 DeleteObject
0x486418 DeleteEnhMetaFile
0x48641c DeleteDC
0x486420 CreateSolidBrush
0x486424 CreatePenIndirect
0x486428 CreatePen
0x48642c CreatePalette
0x486434 CreateFontIndirectA
0x486438 CreateDIBitmap
0x48643c CreateDIBSection
0x486440 CreateCompatibleDC
0x486448 CreateBrushIndirect
0x48644c CreateBitmap
0x486450 CopyEnhMetaFileA
0x486454 BitBlt
Library user32.dll:
0x48645c CreateWindowExA
0x486460 WindowFromPoint
0x486464 WinHelpA
0x486468 WaitMessage
0x48646c ValidateRect
0x486470 UpdateWindow
0x486474 UnregisterClassA
0x486478 UnhookWindowsHookEx
0x48647c TranslateMessage
0x486484 TrackPopupMenu
0x48648c ShowWindow
0x486490 ShowScrollBar
0x486494 ShowOwnedPopups
0x486498 ShowCursor
0x48649c SetWindowsHookExA
0x4864a0 SetWindowTextA
0x4864a4 SetWindowPos
0x4864a8 SetWindowPlacement
0x4864ac SetWindowLongA
0x4864b0 SetTimer
0x4864b4 SetScrollRange
0x4864b8 SetScrollPos
0x4864bc SetScrollInfo
0x4864c0 SetRect
0x4864c4 SetPropA
0x4864c8 SetParent
0x4864cc SetMenuItemInfoA
0x4864d0 SetMenu
0x4864d4 SetKeyboardState
0x4864d8 SetForegroundWindow
0x4864dc SetFocus
0x4864e0 SetCursor
0x4864e4 SetClipboardData
0x4864e8 SetClassLongA
0x4864ec SetCapture
0x4864f0 SetActiveWindow
0x4864f4 SendMessageA
0x4864f8 ScrollWindow
0x4864fc ScreenToClient
0x486500 RemovePropA
0x486504 RemoveMenu
0x486508 ReleaseDC
0x48650c ReleaseCapture
0x486518 RegisterClassA
0x48651c RedrawWindow
0x486520 PtInRect
0x486524 PostQuitMessage
0x486528 PostMessageA
0x48652c PeekMessageA
0x486530 OpenClipboard
0x486534 OffsetRect
0x486538 OemToCharA
0x48653c MessageBoxA
0x486540 MessageBeep
0x486544 MapWindowPoints
0x486548 MapVirtualKeyA
0x48654c LoadStringA
0x486550 LoadKeyboardLayoutA
0x486554 LoadIconA
0x486558 LoadCursorA
0x48655c LoadBitmapA
0x486560 KillTimer
0x486564 IsZoomed
0x486568 IsWindowVisible
0x48656c IsWindowEnabled
0x486570 IsWindow
0x486574 IsRectEmpty
0x486578 IsIconic
0x48657c IsDialogMessageA
0x486580 IsChild
0x486584 IsCharAlphaNumericA
0x486588 IsCharAlphaA
0x48658c InvalidateRect
0x486590 IntersectRect
0x486594 InsertMenuItemA
0x486598 InsertMenuA
0x48659c InflateRect
0x4865a4 GetWindowTextA
0x4865a8 GetWindowRect
0x4865ac GetWindowPlacement
0x4865b0 GetWindowLongA
0x4865b4 GetWindowDC
0x4865b8 GetTopWindow
0x4865bc GetSystemMetrics
0x4865c0 GetSystemMenu
0x4865c4 GetSysColorBrush
0x4865c8 GetSysColor
0x4865cc GetSubMenu
0x4865d0 GetScrollRange
0x4865d4 GetScrollPos
0x4865d8 GetScrollInfo
0x4865dc GetPropA
0x4865e0 GetParent
0x4865e4 GetWindow
0x4865e8 GetMenuStringA
0x4865ec GetMenuState
0x4865f0 GetMenuItemInfoA
0x4865f4 GetMenuItemID
0x4865f8 GetMenuItemCount
0x4865fc GetMenu
0x486600 GetLastActivePopup
0x486604 GetKeyboardState
0x48660c GetKeyboardLayout
0x486610 GetKeyState
0x486614 GetKeyNameTextA
0x486618 GetIconInfo
0x48661c GetForegroundWindow
0x486620 GetFocus
0x486624 GetDesktopWindow
0x486628 GetDCEx
0x48662c GetDC
0x486630 GetCursorPos
0x486634 GetCursor
0x486638 GetClipboardData
0x48663c GetClientRect
0x486640 GetClassNameA
0x486644 GetClassInfoA
0x486648 GetCapture
0x48664c GetActiveWindow
0x486650 FrameRect
0x486654 FindWindowA
0x486658 FillRect
0x48665c EqualRect
0x486660 EnumWindows
0x486664 EnumThreadWindows
0x48666c EndPaint
0x486670 EnableWindow
0x486674 EnableScrollBar
0x486678 EnableMenuItem
0x48667c EmptyClipboard
0x486680 DrawTextA
0x486684 DrawMenuBar
0x486688 DrawIconEx
0x48668c DrawIcon
0x486690 DrawFrameControl
0x486694 DrawFocusRect
0x486698 DrawEdge
0x48669c DispatchMessageA
0x4866a0 DestroyWindow
0x4866a4 DestroyMenu
0x4866a8 DestroyIcon
0x4866ac DestroyCursor
0x4866b0 DeleteMenu
0x4866b4 DefWindowProcA
0x4866b8 DefMDIChildProcA
0x4866bc DefFrameProcA
0x4866c0 CreatePopupMenu
0x4866c4 CreateMenu
0x4866c8 CreateIcon
0x4866cc CloseClipboard
0x4866d0 ClientToScreen
0x4866d4 CheckMenuItem
0x4866d8 CallWindowProcA
0x4866dc CallNextHookEx
0x4866e0 BeginPaint
0x4866e4 CharNextA
0x4866e8 CharLowerBuffA
0x4866ec CharLowerA
0x4866f0 CharUpperBuffA
0x4866f4 CharToOemA
0x4866f8 AdjustWindowRectEx
Library kernel32.dll:
0x486704 Sleep
Library oleaut32.dll:
0x48670c SafeArrayPtrOfIndex
0x486710 SafeArrayGetUBound
0x486714 SafeArrayGetLBound
0x486718 SafeArrayCreate
0x48671c VariantChangeType
0x486720 VariantCopy
0x486724 VariantClear
0x486728 VariantInit
Library comctl32.dll:
0x486738 ImageList_Write
0x48673c ImageList_Read
0x48674c ImageList_DragMove
0x486750 ImageList_DragLeave
0x486754 ImageList_DragEnter
0x486758 ImageList_EndDrag
0x48675c ImageList_BeginDrag
0x486760 ImageList_Remove
0x486764 ImageList_DrawEx
0x486768 ImageList_Replace
0x48676c ImageList_Draw
0x48677c ImageList_Add
0x486784 ImageList_Destroy
0x486788 ImageList_Create
0x48678c InitCommonControls
Library comdlg32.dll:
0x486794 ChooseColorA
Library kernel32.dll:

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.