SmartHawk

1.2

低危

8 个模型检测该样本为恶意！

重新分析

下载样本

eda161d1d7d1174790442fa22006dc6fbe3bde246cfeab24c793d32ed8985f13

9e33929daa9e8d3eb3230fffe5a4e0bb.exe

分析耗时

80s

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Artemis!9E33929DAA9E	20201028	6.0.6.653
Alibaba		20190527	0.3.0.5
Avast		20201028	18.4.3895.0
Baidu		20190318	1.0.0.2
Kingsoft		20201028	2013.8.14.323
CrowdStrike	win/malicious_confidence_60% (W)	20190702	1.0

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2016-02-04 03:38:25

Imports

Library KERNEL32.dll:

• 0x42b000 GetLastError

• 0x42b004 SetLastError

• 0x42b008 CloseHandle

• 0x42b00c GetCurrentProcess

• 0x42b010 CreateHardLinkW

• 0x42b014 DeleteFileW

• 0x42b018 RemoveDirectoryW

• 0x42b01c DeviceIoControl

• 0x42b020 CreateDirectoryW

• 0x42b024 CreateFileW

• 0x42b028 SetFileTime

• 0x42b02c MoveFileW

• 0x42b030 GetShortPathNameW

• 0x42b034 GetLongPathNameW

• 0x42b038 WriteFile

• 0x42b03c GetStdHandle

• 0x42b040 SetFilePointer

• 0x42b044 SetEndOfFile

• 0x42b048 FlushFileBuffers

• 0x42b04c GetFileType

• 0x42b050 ReadFile

• 0x42b054 GetFileAttributesW

• 0x42b058 SetFileAttributesW

• 0x42b05c FindClose

• 0x42b060 FindNextFileW

• 0x42b064 FindFirstFileW

• 0x42b068 GetVersionExW

• 0x42b06c GetCurrentDirectoryW

• 0x42b070 FoldStringW

• 0x42b074 GetFullPathNameW

• 0x42b078 GetModuleFileNameW

• 0x42b07c FindResourceW

• 0x42b080 GetModuleHandleW

• 0x42b084 FreeLibrary

• 0x42b088 GetProcAddress

• 0x42b08c GetCurrentProcessId

• 0x42b090 GetLocaleInfoW

• 0x42b094 GetNumberFormatW

• 0x42b098 SetEnvironmentVariableW

• 0x42b09c ExpandEnvironmentStringsW

• 0x42b0a0 WaitForSingleObject

• 0x42b0a4 GetDateFormatW

• 0x42b0a8 GetTimeFormatW

• 0x42b0ac FileTimeToSystemTime

• 0x42b0b0 FileTimeToLocalFileTime

• 0x42b0b4 GetExitCodeProcess

• 0x42b0b8 GetTempPathW

• 0x42b0bc MoveFileExW

• 0x42b0c0 UnmapViewOfFile

• 0x42b0c4 Sleep

• 0x42b0c8 MapViewOfFile

• 0x42b0cc GetCommandLineW

• 0x42b0d0 CreateFileMappingW

• 0x42b0d4 GetTickCount

• 0x42b0d8 GetLocalTime

• 0x42b0dc OpenFileMappingW

• 0x42b0e0 SetThreadExecutionState

• 0x42b0e4 LoadLibraryW

• 0x42b0e8 GetSystemDirectoryW

• 0x42b0ec ExitProcess

• 0x42b0f0 FreeConsole

• 0x42b0f4 WriteConsoleW

• 0x42b0f8 AttachConsole

• 0x42b0fc AllocConsole

• 0x42b100 CompareStringW

• 0x42b104 InitializeCriticalSection

• 0x42b108 DeleteCriticalSection

• 0x42b10c EnterCriticalSection

• 0x42b110 LeaveCriticalSection

• 0x42b114 CreateThread

• 0x42b118 GetProcessAffinityMask

• 0x42b11c CreateEventW

• 0x42b120 CreateSemaphoreW

• 0x42b124 ReleaseSemaphore

• 0x42b128 ResetEvent

• 0x42b12c SetEvent

• 0x42b130 SetThreadPriority

• 0x42b134 SystemTimeToFileTime

• 0x42b138 GetSystemTime

• 0x42b13c SystemTimeToTzSpecificLocalTime

• 0x42b140 TzSpecificLocalTimeToSystemTime

• 0x42b144 LocalFileTimeToFileTime

• 0x42b148 WideCharToMultiByte

• 0x42b14c MultiByteToWideChar

• 0x42b150 IsDBCSLeadByte

• 0x42b154 GetCPInfo

• 0x42b158 GlobalAlloc

• 0x42b15c SetCurrentDirectoryW

• 0x42b160 LocalAlloc

• 0x42b164 InterlockedExchange

• 0x42b168 LoadLibraryA

• 0x42b16c RaiseException

• 0x42b170 RtlUnwind

• 0x42b174 HeapFree

• 0x42b178 HeapReAlloc

• 0x42b17c HeapAlloc

• 0x42b180 GetSystemTimeAsFileTime

• 0x42b184 GetCommandLineA

• 0x42b188 GetStartupInfoA

• 0x42b18c TlsGetValue

• 0x42b190 TlsAlloc

• 0x42b194 TlsSetValue

• 0x42b198 TlsFree

• 0x42b19c InterlockedIncrement

• 0x42b1a0 GetCurrentThreadId

• 0x42b1a4 InterlockedDecrement

• 0x42b1a8 HeapCreate

• 0x42b1ac VirtualFree

• 0x42b1b0 VirtualAlloc

• 0x42b1b4 TerminateProcess

• 0x42b1b8 UnhandledExceptionFilter

• 0x42b1bc SetUnhandledExceptionFilter

• 0x42b1c0 IsDebuggerPresent

• 0x42b1c4 HeapSize

• 0x42b1c8 GetModuleFileNameA

• 0x42b1cc GetACP

• 0x42b1d0 GetOEMCP

• 0x42b1d4 IsValidCodePage

• 0x42b1d8 LCMapStringA

• 0x42b1dc LCMapStringW

• 0x42b1e0 GetModuleHandleA

• 0x42b1e4 FreeEnvironmentStringsA

• 0x42b1e8 GetEnvironmentStrings

• 0x42b1ec FreeEnvironmentStringsW

• 0x42b1f0 GetEnvironmentStringsW

• 0x42b1f4 SetHandleCount

• 0x42b1f8 QueryPerformanceCounter

• 0x42b1fc InitializeCriticalSectionAndSpinCount

• 0x42b200 GetConsoleCP

• 0x42b204 GetConsoleMode

• 0x42b208 GetStringTypeA

• 0x42b20c GetStringTypeW

• 0x42b210 GetLocaleInfoA

• 0x42b214 SetStdHandle

• 0x42b218 WriteConsoleA

• 0x42b21c GetConsoleOutputCP

• 0x42b220 CreateFileA

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58368	239.255.255.250	3702
192.168.56.101	58370	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.

McAfee	Artemis!9E33929DAA9E
Cylance	Unsafe
Cybereason	malicious.734c0b
APEX	Malicious
McAfee-GW-Edition	BehavesLike.Win32.AdwareLinkury.vc
Microsoft	Trojan:Win32/Zpevdo.A
Fortinet	Riskware/XYNTService
CrowdStrike	win/malicious_confidence_60% (W)