2.0
低危
1 个模型检测该样本为恶意!
重新分析
更多

fc56c64c81fd4ddf728d2b67c8496b92652ed3e31761a9b6f7af65d7d1359fbe

a098fb16d0a9d26b29d367d79bbdf953.exe

分析耗时

77s

最近分析

文件大小

248.6KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba 20190527 0.3.0.5
CrowdStrike 20190702 1.0
Avast 20191115 18.4.3895.0
Tencent 20191115 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft 20191115 2013.8.14.323
McAfee 20191113 6.0.6.653
静态指标
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1620985563.740793
IsDebuggerPresent
failed 0 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620985563.849793
GlobalMemoryStatusEx
success 1 0
One or more processes crashed (34 个事件)
Time & API Arguments Status Return Repeated
1620985510.803793
__exception__
stacktrace: 
LSUnpack+0x287 lsb52ee+0x2617 @ 0x10002617
a098fb16d0a9d26b29d367d79bbdf953+0x1a1c @ 0xc31a1c

registers.esp: 3669584
registers.edi: 0
registers.eax: 12788825
registers.ebp: 3669632
registers.edx: 2130565971
registers.ebx: 0
registers.esi: 269057408
registers.ecx: 269057408
exception.instruction_r: 88 10 40 89 45 e4 41 89 4d e0 ff 4d 10 eb e6 39
exception.symbol: lstrcpyn+0x2d lstrlen-0x53 kernelbase+0xa2dd
exception.instruction: mov byte ptr [eax], dl
exception.module: KERNELBASE.dll
exception.exception_code: 0xc0000005
exception.offset: 41693
exception.address: 0x778ea2dd
success 0 0
1620985563.912793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2c9e lsb533d+0x21f62 @ 0x10021f62
RunInstaller+0x22e9 lsb533d+0x215ad @ 0x100215ad
RunInstaller+0xd7c lsb533d+0x20040 @ 0x10020040

registers.esp: 3701992
registers.edi: 1983200910
registers.eax: 3702016
registers.ebp: 3702032
registers.edx: 0
registers.ebx: 268690652
registers.esi: 268679816
registers.ecx: 12589112
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.053793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller+0x4d39 lsb533d+0x23ffd @ 0x10023ffd

registers.esp: 3596656
registers.edi: 1983200910
registers.eax: 3596592
registers.ebp: 3596696
registers.edx: 0
registers.ebx: 268682772
registers.esi: 268682772
registers.ecx: 12589192
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.053793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller+0x1923 lsb533d+0x20be7 @ 0x10020be7
RunInstaller+0x4e70 lsb533d+0x24134 @ 0x10024134

registers.esp: 3596384
registers.edi: 1983200910
registers.eax: 3596355
registers.ebp: 3596424
registers.edx: 0
registers.ebx: 268680548
registers.esi: 268680548
registers.ecx: 12588336
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.053793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller+0x1935 lsb533d+0x20bf9 @ 0x10020bf9
RunInstaller+0x4e70 lsb533d+0x24134 @ 0x10024134

registers.esp: 3596372
registers.edi: 1983200910
registers.eax: 3596355
registers.ebp: 3596412
registers.edx: 0
registers.ebx: 268680536
registers.esi: 268680536
registers.ecx: 12588368
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.053793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller+0x197c lsb533d+0x20c40 @ 0x10020c40
RunInstaller+0x4e70 lsb533d+0x24134 @ 0x10024134

registers.esp: 3596364
registers.edi: 1983200910
registers.eax: 3596355
registers.ebp: 3596404
registers.edx: 0
registers.ebx: 268680500
registers.esi: 268680500
registers.ecx: 12588752
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.053793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller+0x198e lsb533d+0x20c52 @ 0x10020c52
RunInstaller+0x4e70 lsb533d+0x24134 @ 0x10024134

registers.esp: 3596352
registers.edi: 1983200910
registers.eax: 3596355
registers.ebp: 3596392
registers.edx: 0
registers.ebx: 268680480
registers.esi: 268680480
registers.ecx: 12588784
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.053793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller+0x19a0 lsb533d+0x20c64 @ 0x10020c64
RunInstaller+0x4e70 lsb533d+0x24134 @ 0x10024134

registers.esp: 3596340
registers.edi: 1983200910
registers.eax: 3596355
registers.ebp: 3596380
registers.edx: 0
registers.ebx: 268680456
registers.esi: 268680456
registers.ecx: 12590568
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.053793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller+0x19dc lsb533d+0x20ca0 @ 0x10020ca0
RunInstaller+0x4e70 lsb533d+0x24134 @ 0x10024134

registers.esp: 3596364
registers.edi: 1983200910
registers.eax: 3596355
registers.ebp: 3596404
registers.edx: 0
registers.ebx: 268680420
registers.esi: 268680420
registers.ecx: 12588816
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.053793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller+0x19ee lsb533d+0x20cb2 @ 0x10020cb2
RunInstaller+0x4e70 lsb533d+0x24134 @ 0x10024134

registers.esp: 3596352
registers.edi: 1983200910
registers.eax: 3596355
registers.ebp: 3596392
registers.edx: 0
registers.ebx: 268680400
registers.esi: 268680400
registers.ecx: 12588864
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.053793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller+0x1a00 lsb533d+0x20cc4 @ 0x10020cc4
RunInstaller+0x4e70 lsb533d+0x24134 @ 0x10024134

registers.esp: 3596340
registers.edi: 1983200910
registers.eax: 3596355
registers.ebp: 3596380
registers.edx: 0
registers.ebx: 268680368
registers.esi: 268680368
registers.ecx: 12590600
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.068793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller+0x5e5e lsb533d+0x25122 @ 0x10025122

registers.esp: 3596668
registers.edi: 1983200910
registers.eax: 3596593
registers.ebp: 3596708
registers.edx: 0
registers.ebx: 270261312
registers.esi: 270261312
registers.ecx: 12585744
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.068793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller+0x5e5e lsb533d+0x25122 @ 0x10025122

registers.esp: 3596668
registers.edi: 1983200910
registers.eax: 3596593
registers.ebp: 3596708
registers.edx: 0
registers.ebx: 270261312
registers.esi: 270261312
registers.ecx: 12588224
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.068793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller+0x5e5e lsb533d+0x25122 @ 0x10025122

registers.esp: 3596668
registers.edi: 1983200910
registers.eax: 3596611
registers.ebp: 3596708
registers.edx: 0
registers.ebx: 270261312
registers.esi: 270261312
registers.ecx: 12589160
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.068793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller+0x5e5e lsb533d+0x25122 @ 0x10025122

registers.esp: 3596668
registers.edi: 1983200910
registers.eax: 3596611
registers.ebp: 3596708
registers.edx: 0
registers.ebx: 270261312
registers.esi: 270261312
registers.ecx: 12589048
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.068793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller+0x5e5e lsb533d+0x25122 @ 0x10025122

registers.esp: 3596668
registers.edi: 1983200910
registers.eax: 3596611
registers.ebp: 3596708
registers.edx: 0
registers.ebx: 270261312
registers.esi: 270261312
registers.ecx: 12588552
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.068793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller+0x5e5e lsb533d+0x25122 @ 0x10025122

registers.esp: 3596668
registers.edi: 1983200910
registers.eax: 3596611
registers.ebp: 3596708
registers.edx: 0
registers.ebx: 270261312
registers.esi: 270261312
registers.ecx: 12588264
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.068793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller+0x5e5e lsb533d+0x25122 @ 0x10025122

registers.esp: 3596668
registers.edi: 1983200910
registers.eax: 3596581
registers.ebp: 3596708
registers.edx: 0
registers.ebx: 270261312
registers.esi: 270261312
registers.ecx: 12588312
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.068793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller+0x5e5e lsb533d+0x25122 @ 0x10025122

registers.esp: 3596668
registers.edi: 1983200910
registers.eax: 3596611
registers.ebp: 3596708
registers.edx: 0
registers.ebx: 270261312
registers.esi: 270261312
registers.ecx: 12588784
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.068793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller+0x5e5e lsb533d+0x25122 @ 0x10025122

registers.esp: 3596668
registers.edi: 1983200910
registers.eax: 3596611
registers.ebp: 3596708
registers.edx: 0
registers.ebx: 270261312
registers.esi: 270261312
registers.ecx: 12588864
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.068793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller+0x5e5e lsb533d+0x25122 @ 0x10025122

registers.esp: 3596668
registers.edi: 1983200910
registers.eax: 3596609
registers.ebp: 3596708
registers.edx: 0
registers.ebx: 270261312
registers.esi: 270261312
registers.ecx: 12588928
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.068793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller+0x5e5e lsb533d+0x25122 @ 0x10025122

registers.esp: 3596668
registers.edi: 1983200910
registers.eax: 3596611
registers.ebp: 3596708
registers.edx: 0
registers.ebx: 270261312
registers.esi: 270261312
registers.ecx: 12588368
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.084793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller+0x5e5e lsb533d+0x25122 @ 0x10025122

registers.esp: 3596668
registers.edi: 1983200910
registers.eax: 3596544
registers.ebp: 3596708
registers.edx: 0
registers.ebx: 270261312
registers.esi: 270261312
registers.ecx: 12589128
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.084793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2c9e lsb533d+0x21f62 @ 0x10021f62
RunInstaller+0x5e5e lsb533d+0x25122 @ 0x10025122

registers.esp: 3596668
registers.edi: 1983200910
registers.eax: 3596544
registers.ebp: 3596708
registers.edx: 0
registers.ebx: 268690652
registers.esi: 268679816
registers.ecx: 12589112
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.084793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller+0x5e5e lsb533d+0x25122 @ 0x10025122

registers.esp: 3596668
registers.edi: 1983200910
registers.eax: 3596544
registers.ebp: 3596708
registers.edx: 0
registers.ebx: 270261312
registers.esi: 270261312
registers.ecx: 12589176
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.084793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller+0x5e5e lsb533d+0x25122 @ 0x10025122

registers.esp: 3596668
registers.edi: 1983200910
registers.eax: 3596611
registers.ebp: 3596708
registers.edx: 0
registers.ebx: 270261312
registers.esi: 270261312
registers.ecx: 12588696
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.084793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller-0xbb34 lsb533d+0x13790 @ 0x10013790
RunInstaller+0xc6ba lsb533d+0x2b97e @ 0x1002b97e

registers.esp: 3596588
registers.edi: 1983200910
registers.eax: 3596592
registers.ebp: 3596628
registers.edx: 0
registers.ebx: 268683184
registers.esi: 268683184
registers.ecx: 12585536
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.084793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller-0xbb34 lsb533d+0x13790 @ 0x10013790
RunInstaller+0xc6ba lsb533d+0x2b97e @ 0x1002b97e

registers.esp: 3596588
registers.edi: 1983200910
registers.eax: 3596593
registers.ebp: 3596628
registers.edx: 0
registers.ebx: 268683184
registers.esi: 268683184
registers.ecx: 12585536
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.084793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller-0xbb34 lsb533d+0x13790 @ 0x10013790
RunInstaller+0xc6ba lsb533d+0x2b97e @ 0x1002b97e

registers.esp: 3596588
registers.edi: 1983200910
registers.eax: 3596594
registers.ebp: 3596628
registers.edx: 0
registers.ebx: 268683184
registers.esi: 268683184
registers.ecx: 12585536
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.178793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller-0x150a lsb533d+0x1ddba @ 0x1001ddba

registers.esp: 3595468
registers.edi: 1983200910
registers.eax: 3595312
registers.ebp: 3595508
registers.edx: 0
registers.ebx: 268681652
registers.esi: 268681652
registers.ecx: 12585600
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.318793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller-0xf44 lsb533d+0x1e380 @ 0x1001e380

registers.esp: 3595548
registers.edi: 1983200910
registers.eax: 3595568
registers.ebp: 3595588
registers.edx: 0
registers.ebx: 268681564
registers.esi: 268681564
registers.ecx: 12585552
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.318793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller-0xb76a lsb533d+0x13b5a @ 0x10013b5a
RunInstaller-0xf00 lsb533d+0x1e3c4 @ 0x1001e3c4

registers.esp: 3595496
registers.edi: 1983200910
registers.eax: 3595568
registers.ebp: 3595536
registers.edx: 0
registers.ebx: 268683068
registers.esi: 268683068
registers.ecx: 12585504
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.318793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller-0xb701 lsb533d+0x13bc3 @ 0x10013bc3
RunInstaller-0xf00 lsb533d+0x1e3c4 @ 0x1001e3c4

registers.esp: 3595496
registers.edi: 1983200910
registers.eax: 3595568
registers.ebp: 3595536
registers.edx: 0
registers.ebx: 268683048
registers.esi: 268683048
registers.ecx: 12585520
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
1620985564.396793
__exception__
stacktrace: 
RunInstaller+0x2db8 lsb533d+0x2207c @ 0x1002207c
RunInstaller+0x2b5a lsb533d+0x21e1e @ 0x10021e1e
RunInstaller-0xcaa lsb533d+0x1e61a @ 0x1001e61a

registers.esp: 3595548
registers.edi: 1983200910
registers.eax: 3595568
registers.ebp: 3595588
registers.edx: 0
registers.ebx: 268682112
registers.esi: 268682112
registers.ecx: 12585584
exception.instruction_r: 88 02 41 42 84 c0 75 f6 c7 45 fc fe ff ff ff 8b
exception.symbol: lstrcpy+0x18 GetWindowsDirectoryA-0x55 kernel32+0x32ab5
exception.instruction: mov byte ptr [edx], al
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 207541
exception.address: 0x76372ab5
success 0 0
行为判定
动态指标
Drops an executable to the user AppData folder (5 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\LSB52EE.tmp
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\LSB533D.tmp
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\~SB5545.tmp
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\~SB5641.tmp
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\~SB232A.tmp
File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)
Cybereason malicious.6b6751
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-02-13 02:21:47

Imports

Library LZ32.dll:
0x4020d0 LZInit
0x4020d4 LZCopy
0x4020d8 LZClose
Library COMCTL32.dll:
0x402000
Library KERNEL32.dll:
0x402008 HeapAlloc
0x40200c GetProcessHeap
0x402010 GlobalFree
0x402014 lstrcpyA
0x402018 lstrlenA
0x40201c ResumeThread
0x402020 SetThreadContext
0x402028 WriteProcessMemory
0x40202c VirtualProtectEx
0x402030 GetThreadContext
0x402034 lstrcpynA
0x402038 GetModuleFileNameA
0x40203c DuplicateHandle
0x402040 GetCurrentProcess
0x402044 RemoveDirectoryA
0x402048 ExitProcess
0x40204c Sleep
0x402050 CloseHandle
0x402054 DeleteFileA
0x402058 WaitForSingleObject
0x40205c CreateProcessA
0x402060 lstrcatA
0x402064 CreateFileA
0x402068 GetTempFileNameA
0x40206c GetTempPathA
0x402070 MoveFileA
0x402074 GetCommandLineA
0x402078 GlobalUnlock
0x40207c WriteFile
0x402080 ReadFile
0x402084 SetFilePointer
0x402088 GlobalLock
0x40208c GlobalAlloc
0x402090 FreeLibrary
0x402094 GetProcAddress
0x402098 GetLastError
0x40209c LoadLibraryA
0x4020a0 SetErrorMode
0x4020a8 GetTickCount
0x4020ac GetCurrentThreadId
0x4020b0 GetCurrentProcessId
0x4020b8 TerminateProcess
0x4020c4 GetModuleHandleA
0x4020c8 GetStartupInfoA
Library USER32.dll:
0x4020e0 wsprintfA
0x4020e4 MessageBoxA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.