SmartHawk

1.8

低危

4 个模型检测该样本为恶意！

798fdc7855e5605aafb7269ec7f5434cb4829ce52134ac9b1451f283a7079eb6

9d54dd00b324f20d8199366cab1159a2.exe

分析耗时

73s

最近分析

文件大小

164.5KB

静态报毒动态报毒 HFSADWARE OUTBROWSE

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee		20160521	6.0.6.653
Baidu		20160520	1.0.0.2
Avast		20160521	8.0.1489.320
Alibaba		20160520	1.0
Kingsoft		20160521	2013.8.14.323
Tencent		20160521	1.0.0.1

This executable is signed

This executable has a PDB path (1 个事件)

pdb_path

d:\cygwin\home\scmpf\compiler_src\gengxiandong_967073_win32\0\app\gensoft\media\statexe\build\release\bin\pdb\StatReport.pdb

Foreign language identified in PE resource (1 个事件)

name

RT_VERSION

language

LANG_CHINESE

offset

0x000280a0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000002b0

File has been identified by 4 AntiVirus engines on VirusTotal as malicious (4 个事件)

Bkav	W32.HfsAdware.9CF6
Zillya	Adware.OutBrowse.Win32.86493
AegisLab	Virus.Gen!c
AVG	Generic.7E6

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2013-09-12 18:05:58

Imports

Library clientstat.dll:

• 0x41d180 Uninit

• 0x41d184 EndReport

• 0x41d188 ReportStat

• 0x41d18c StartReport

• 0x41d190 Init

Library KERNEL32.dll:

• 0x41d014 CreateFileA

• 0x41d018 GetLastError

• 0x41d01c DeleteFileW

• 0x41d020 CreateFileW

• 0x41d024 MultiByteToWideChar

• 0x41d028 SetEndOfFile

• 0x41d02c WideCharToMultiByte

• 0x41d030 FlushFileBuffers

• 0x41d034 GetLocaleInfoW

• 0x41d038 SetStdHandle

• 0x41d03c WriteConsoleW

• 0x41d040 GetConsoleOutputCP

• 0x41d044 WriteConsoleA

• 0x41d048 LoadLibraryA

• 0x41d04c HeapSize

• 0x41d050 GetStringTypeW

• 0x41d054 InterlockedIncrement

• 0x41d058 InterlockedDecrement

• 0x41d05c Sleep

• 0x41d060 InitializeCriticalSection

• 0x41d064 DeleteCriticalSection

• 0x41d068 EnterCriticalSection

• 0x41d06c LeaveCriticalSection

• 0x41d070 HeapFree

• 0x41d074 TerminateProcess

• 0x41d078 GetCurrentProcess

• 0x41d07c UnhandledExceptionFilter

• 0x41d080 SetUnhandledExceptionFilter

• 0x41d084 IsDebuggerPresent

• 0x41d088 GetCommandLineA

• 0x41d08c GetVersionExA

• 0x41d090 HeapAlloc

• 0x41d094 GetProcessHeap

• 0x41d098 RtlUnwind

• 0x41d09c RaiseException

• 0x41d0a0 GetProcAddress

• 0x41d0a4 GetModuleHandleA

• 0x41d0a8 ExitProcess

• 0x41d0ac LCMapStringA

• 0x41d0b0 LCMapStringW

• 0x41d0b4 GetCPInfo

• 0x41d0b8 WriteFile

• 0x41d0bc GetConsoleCP

• 0x41d0c0 GetConsoleMode

• 0x41d0c4 CloseHandle

• 0x41d0c8 SetHandleCount

• 0x41d0cc GetStdHandle

• 0x41d0d0 GetFileType

• 0x41d0d4 GetStartupInfoA

• 0x41d0d8 HeapDestroy

• 0x41d0dc HeapCreate

• 0x41d0e0 VirtualFree

• 0x41d0e4 VirtualAlloc

• 0x41d0e8 HeapReAlloc

• 0x41d0ec TlsGetValue

• 0x41d0f0 TlsAlloc

• 0x41d0f4 TlsSetValue

• 0x41d0f8 TlsFree

• 0x41d0fc SetLastError

• 0x41d100 GetCurrentThreadId

• 0x41d104 GetModuleFileNameA

• 0x41d108 GetACP

• 0x41d10c GetOEMCP

• 0x41d110 IsValidCodePage

• 0x41d114 SetFilePointer

• 0x41d118 ReadFile

• 0x41d11c FreeEnvironmentStringsA

• 0x41d120 GetEnvironmentStrings

• 0x41d124 FreeEnvironmentStringsW

• 0x41d128 GetEnvironmentStringsW

• 0x41d12c QueryPerformanceCounter

• 0x41d130 GetTickCount

• 0x41d134 GetCurrentProcessId

• 0x41d138 GetSystemTimeAsFileTime

• 0x41d13c GetUserDefaultLCID

• 0x41d140 GetLocaleInfoA

• 0x41d144 EnumSystemLocalesA

• 0x41d148 IsValidLocale

• 0x41d14c GetStringTypeA

Library ADVAPI32.dll:

• 0x41d000 RegQueryValueExW

• 0x41d004 RegOpenKeyW

• 0x41d008 RegCloseKey

• 0x41d00c RegSetValueExW

Library WININET.dll:

• 0x41d154 HttpEndRequestW

• 0x41d158 InternetWriteFile

• 0x41d15c HttpSendRequestExW

• 0x41d160 HttpAddRequestHeadersA

• 0x41d164 HttpOpenRequestW

• 0x41d168 InternetConnectW

• 0x41d16c InternetOpenA

• 0x41d170 InternetCloseHandle

• 0x41d174 InternetOpenUrlW

• 0x41d178 InternetOpenW

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50002	114.114.114.114	53
192.168.56.101	53237	114.114.114.114	53
192.168.56.101	57756	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	62318	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50003	239.255.255.250	3702
192.168.56.101	58368	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.