6.2
高危
该样本未表现出任何异常!
重新分析
更多

b7472cd8d357f348055ffaefff5d7e18361d8028a941bb7ad8d446205fedf736

9ddf3a83095b00deb71265801941f30d.exe

分析耗时

86s

最近分析

文件大小

547.5KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
HTTP traffic contains suspicious features which may be indicative of malware related traffic (2 个事件)
suspicious_features POST method with no referer header suspicious_request POST http://dlg-configs.buzzrin.de/config-from-production
suspicious_features POST method with no referer header suspicious_request POST http://dlg-messages.buzzrin.de/1/dg/3
Performs some HTTP requests (5 个事件)
request HEAD http://dlg-configs.buzzrin.de/
request POST http://dlg-configs.buzzrin.de/config-from-production
request GET http://az687722.vo.msecnd.net/public-source/downloadguide/computerbild/1.0/default/campaigns/product+website/ui/computerbild-flow-5-text-en-us.zip
request GET http://az687722.vo.msecnd.net/public-source/downloadguide/computerbild/1.0/default/campaigns/product+website/ui/base.zip
request POST http://dlg-messages.buzzrin.de/1/dg/3
Sends data using the HTTP POST Method (2 个事件)
request POST http://dlg-configs.buzzrin.de/config-from-production
request POST http://dlg-messages.buzzrin.de/1/dg/3
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620985519.092689
NtAllocateVirtualMemory
process_identifier: 912
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00310000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620985521.342689
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.29363915702178 section {'size_of_data': '0x00021c00', 'virtual_address': '0x0005a000', 'entropy': 7.29363915702178, 'name': '.rdata', 'virtual_size': '0x00021a50'} description A section with a high entropy has been found
entropy 0.2504638218923933 description Overall entropy of this PE file is high
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1620985520.936689
InternetOpenA
proxy_bypass:
access_type: 0
proxy_name:
flags: 268435456
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Disables proxy possibly for traffic interception (1 个事件)
Time & API Arguments Status Return Repeated
1620985521.139689
RegSetValueExA
key_handle: 0x0000034c
value: 0
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
success 0 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1620985523.905689
RegSetValueExA
key_handle: 0x00000410
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620985523.905689
RegSetValueExA
key_handle: 0x00000410
value: rº²ÛH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620985523.920689
RegSetValueExA
key_handle: 0x00000410
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620985523.920689
RegSetValueExW
key_handle: 0x00000410
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620985523.920689
RegSetValueExA
key_handle: 0x00000424
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620985523.920689
RegSetValueExA
key_handle: 0x00000424
value: rº²ÛH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620985523.920689
RegSetValueExA
key_handle: 0x00000424
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620985523.951689
RegSetValueExW
key_handle: 0x0000040c
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1620985524.639689
RegSetValueExA
key_handle: 0x0000028c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620985524.639689
RegSetValueExA
key_handle: 0x0000028c
value: àq*³ÛH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620985524.639689
RegSetValueExA
key_handle: 0x0000028c
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620985524.639689
RegSetValueExW
key_handle: 0x0000028c
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620985524.655689
RegSetValueExA
key_handle: 0x00000288
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620985524.655689
RegSetValueExA
key_handle: 0x00000288
value: àq*³ÛH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620985524.655689
RegSetValueExA
key_handle: 0x00000288
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Generates some ICMP traffic
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2018-11-16 13:03:04

Imports

Library KERNEL32.dll:
0x45a05c LocalAlloc
0x45a060 LoadLibraryA
0x45a064 CreateEventW
0x45a068 WaitForSingleObject
0x45a06c SetFilePointer
0x45a070 SetFilePointerEx
0x45a074 SetEndOfFile
0x45a078 GetFileSize
0x45a07c ReadFile
0x45a084 GetCurrentProcessId
0x45a088 GetTempFileNameW
0x45a08c GetTickCount
0x45a094 MapViewOfFile
0x45a098 HeapFree
0x45a09c FindClose
0x45a0a0 GetFullPathNameW
0x45a0a4 FindFirstFileW
0x45a0a8 FindNextFileW
0x45a0ac DebugBreak
0x45a0b0 OutputDebugStringW
0x45a0b4 lstrlenA
0x45a0b8 LoadLibraryW
0x45a0bc MulDiv
0x45a0c0 lstrcmpW
0x45a0c4 GlobalUnlock
0x45a0c8 GlobalLock
0x45a0cc GlobalAlloc
0x45a0d0 FlushFileBuffers
0x45a0d4 CloseHandle
0x45a0d8 CreateFileW
0x45a0dc WriteConsoleW
0x45a0e0 SetStdHandle
0x45a0e4 LCMapStringW
0x45a0e8 GetConsoleMode
0x45a0ec GetConsoleCP
0x45a0f4 RtlUnwind
0x45a0fc GetFileType
0x45a100 SetHandleCount
0x45a10c GetStringTypeW
0x45a110 IsValidCodePage
0x45a114 GetOEMCP
0x45a118 GetACP
0x45a11c GetCPInfo
0x45a120 TlsFree
0x45a124 TlsSetValue
0x45a128 TlsGetValue
0x45a12c TlsAlloc
0x45a130 GetStdHandle
0x45a134 WriteFile
0x45a138 HeapReAlloc
0x45a13c HeapCreate
0x45a140 ExitProcess
0x45a144 HeapSize
0x45a148 Sleep
0x45a14c IsDebuggerPresent
0x45a158 TerminateProcess
0x45a15c GetStartupInfoW
0x45a160 HeapSetInformation
0x45a164 GetCommandLineW
0x45a168 DecodePointer
0x45a16c EncodePointer
0x45a174 VirtualAlloc
0x45a178 VirtualFree
0x45a180 HeapAlloc
0x45a184 GetProcessHeap
0x45a190 lstrlenW
0x45a194 GetModuleFileNameW
0x45a198 LoadLibraryExW
0x45a19c FindResourceW
0x45a1a0 LoadResource
0x45a1a4 SizeofResource
0x45a1a8 MultiByteToWideChar
0x45a1ac lstrcmpiW
0x45a1b0 FreeLibrary
0x45a1b4 SetLastError
0x45a1b8 GetLastError
0x45a1bc RaiseException
0x45a1c0 GetCurrentThreadId
0x45a1c8 GetCurrentProcess
0x45a1cc GetModuleHandleW
0x45a1d0 GetProcAddress
0x45a1dc WideCharToMultiByte
Library USER32.dll:
0x45a244 DestroyWindow
0x45a248 LoadCursorW
0x45a24c CreateWindowExW
0x45a250 RegisterClassExW
0x45a254 SetTimer
0x45a258 KillTimer
0x45a25c DefWindowProcW
0x45a260 GetWindowLongW
0x45a264 GetClassInfoExW
0x45a268 SetWindowLongW
0x45a26c CallWindowProcW
0x45a274 BeginPaint
0x45a278 FillRect
0x45a27c EndPaint
0x45a280 IsChild
0x45a284 SetFocus
0x45a288 GetDlgItem
0x45a28c GetClassNameW
0x45a290 GetSysColor
0x45a294 RedrawWindow
0x45a29c InvalidateRect
0x45a2a0 GetDesktopWindow
0x45a2a4 GetFocus
0x45a2a8 UpdateWindow
0x45a2ac SetWindowTextW
0x45a2b0 GetWindowTextW
0x45a2b8 ClientToScreen
0x45a2bc ReleaseDC
0x45a2c0 GetDC
0x45a2c4 PostMessageW
0x45a2c8 ShowWindow
0x45a2cc IsWindowVisible
0x45a2d0 GetWindow
0x45a2d4 MonitorFromWindow
0x45a2d8 GetMonitorInfoW
0x45a2dc GetParent
0x45a2e0 GetClientRect
0x45a2e4 MapWindowPoints
0x45a2e8 SetWindowPos
0x45a2ec MoveWindow
0x45a2f0 GetWindowRect
0x45a2f4 IsWindow
0x45a2f8 SendMessageW
0x45a2fc LoadImageW
0x45a300 LoadIconW
0x45a304 PeekMessageW
0x45a308 GetMessageW
0x45a30c TranslateMessage
0x45a310 DispatchMessageW
0x45a314 CharNextW
0x45a318 UnregisterClassA
Library GDI32.dll:
0x45a034 CreateSolidBrush
0x45a038 GetStockObject
0x45a03c GetDeviceCaps
0x45a040 GetObjectW
0x45a044 SelectObject
0x45a048 DeleteDC
0x45a04c DeleteObject
0x45a050 CreateCompatibleDC
Library COMDLG32.dll:
0x45a028 GetSaveFileNameW
0x45a02c GetOpenFileNameW
Library ADVAPI32.dll:
0x45a000 RegQueryInfoKeyW
0x45a004 RegDeleteKeyW
0x45a008 RegDeleteValueW
0x45a00c RegEnumKeyExW
0x45a010 RegSetValueExW
0x45a014 RegQueryValueExW
0x45a018 RegCreateKeyExW
0x45a01c RegOpenKeyExW
0x45a020 RegCloseKey
Library SHELL32.dll:
0x45a22c Shell_NotifyIconW
0x45a230 CommandLineToArgvW
0x45a234 DoEnvironmentSubstW
Library ole32.dll:
0x45a320 OleInitialize
0x45a328 OleLockRunning
0x45a32c OleUninitialize
0x45a330 CoTaskMemAlloc
0x45a334 CoTaskMemRealloc
0x45a338 CoTaskMemFree
0x45a33c CoCreateInstance
Library OLEAUT32.dll:
0x45a1ec SysAllocString
0x45a1f0 VariantChangeType
0x45a1f4 VariantClear
0x45a1fc DispCallFunc
0x45a200 VarBstrCat
0x45a204 SysStringByteLen
0x45a20c LoadTypeLib
0x45a210 LoadRegTypeLib
0x45a214 VarUI4FromStr
0x45a218 SysStringLen
0x45a21c SysFreeString
0x45a220 VariantInit
0x45a224 VariantCopy
Library SHLWAPI.dll:
0x45a23c PathFileExistsW

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49177 117.18.232.200 az687722.vo.msecnd.net 80
192.168.56.101 49178 117.18.232.200 az687722.vo.msecnd.net 80
192.168.56.101 49179 23.102.27.88 dlg-messages.buzzrin.de 80
192.168.56.101 49175 23.102.60.206 dlg-configs.buzzrin.de 80
192.168.56.101 49176 23.102.60.206 dlg-configs.buzzrin.de 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51379 239.255.255.250 3702
192.168.56.101 55369 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://az687722.vo.msecnd.net/public-source/downloadguide/computerbild/1.0/default/campaigns/product+website/ui/base.zip 
GET /public-source/downloadguide/computerbild/1.0/default/campaigns/product+website/ui/base.zip HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: az687722.vo.msecnd.net
Connection: Close
http://dlg-messages.buzzrin.de/1/dg/3 
POST /1/dg/3 HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: dlg-messages.buzzrin.de
Content-Length: 377
Connection: Close

{"BuildId":"17d12787-6f03-4de0-a5fc-833e4bda7cd6","Client":"freemium","DlgVersion":"3.1.0.201","Culture":"zh-CN","LocalTime":"2021-05-14T16:10:49+08:00","SessionId":"372b14dd-3ec4-4b37-8e71-91a001f69943","MessageName":"ApplicationStarted","Product":"computerbild","ProductVersion":"1.0","Region":"default","Campaign":"product+website","Offer":"","TrackBackUrl":"","SubId":null}
http://az687722.vo.msecnd.net/public-source/downloadguide/computerbild/1.0/default/campaigns/product+website/ui/computerbild-flow-5-text-en-us.zip 
GET /public-source/downloadguide/computerbild/1.0/default/campaigns/product+website/ui/computerbild-flow-5-text-en-us.zip HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: az687722.vo.msecnd.net
Connection: Close
http://dlg-configs.buzzrin.de/config-from-production 
POST /config-from-production HTTP/1.1
Cache-Control: no-cache
Content-Type: application/json
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: dlg-configs.buzzrin.de
Content-Length: 219
Connection: Close

{"os":"WinNT","osver":"6.1.7601 (Service Pack 1) SP: 1.0","lang":"zh-CN","uid":"f86f21bc-e5d8-4e58-9fce-2ae2b7f127ee","prod":"computerbild/1.0/campaigns/product+website/","expiresOn":"2119-08-15T11:36:31.6483847+00:00"}
http://dlg-configs.buzzrin.de/ 
HEAD / HTTP/1.1
Connection: Close
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: dlg-configs.buzzrin.de
Content-Length: 0
Cache-Control: no-cache

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.