3.2
中危
2 个模型检测该样本为恶意!
重新分析
更多

8d3876daf16e4b8a593d82a173b4de124d06e90c6b06471b28dd4ee0eef7c38e

a0e924da2c39e0602dfb6ed20cfd19df.exe

分析耗时

87s

最近分析

文件大小

1.6MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba 20190306 0.2.0.3
Baidu 20190318 1.0.0.2
Avast 20190320 18.4.3895.0
Tencent 20190321 1.0.0.1
Kingsoft 20190321 2013.8.14.323
McAfee 20190321 6.0.6.653
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .itext
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1620829574.777249
__exception__
stacktrace: 
a0e924da2c39e0602dfb6ed20cfd19df+0x228bf @ 0x4228bf
a0e924da2c39e0602dfb6ed20cfd19df+0x2277d @ 0x42277d
a0e924da2c39e0602dfb6ed20cfd19df+0x2133b @ 0x42133b
a0e924da2c39e0602dfb6ed20cfd19df+0x145236 @ 0x545236
a0e924da2c39e0602dfb6ed20cfd19df+0x1456dc @ 0x5456dc
a0e924da2c39e0602dfb6ed20cfd19df+0x16e64c @ 0x56e64c
a0e924da2c39e0602dfb6ed20cfd19df+0x7160b @ 0x47160b
a0e924da2c39e0602dfb6ed20cfd19df+0x71263 @ 0x471263
a0e924da2c39e0602dfb6ed20cfd19df+0x71239 @ 0x471239
a0e924da2c39e0602dfb6ed20cfd19df+0x7a852 @ 0x47a852
a0e924da2c39e0602dfb6ed20cfd19df+0x172185 @ 0x572185
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637388
registers.edi: 32
registers.eax: 1637388
registers.ebp: 1637468
registers.edx: 0
registers.ebx: 33183296
registers.esi: 5525480
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620829574.824249
__exception__
stacktrace: 
a0e924da2c39e0602dfb6ed20cfd19df+0x228bf @ 0x4228bf
a0e924da2c39e0602dfb6ed20cfd19df+0x2277d @ 0x42277d
a0e924da2c39e0602dfb6ed20cfd19df+0x2133b @ 0x42133b
a0e924da2c39e0602dfb6ed20cfd19df+0x1662fe @ 0x5662fe
a0e924da2c39e0602dfb6ed20cfd19df+0x165cb3 @ 0x565cb3
a0e924da2c39e0602dfb6ed20cfd19df+0x71263 @ 0x471263
a0e924da2c39e0602dfb6ed20cfd19df+0x71239 @ 0x471239
a0e924da2c39e0602dfb6ed20cfd19df+0x7a852 @ 0x47a852
a0e924da2c39e0602dfb6ed20cfd19df+0x1721d1 @ 0x5721d1
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637164
registers.edi: 32
registers.eax: 1637164
registers.ebp: 1637244
registers.edx: 0
registers.ebx: 33185088
registers.esi: 5525452
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620829574.184249
NtAllocateVirtualMemory
process_identifier: 2856
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005f0000
success 0 0
File has been identified by 2 AntiVirus engines on VirusTotal as malicious (2 个事件)
K7GW Trojan ( 7000000f1 )
K7AntiVirus Trojan ( 7000000f1 )
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2014-08-16 21:03:51

Imports

Library oleaut32.dll:
0x580994 SysFreeString
0x580998 SysReAllocStringLen
0x58099c SysAllocStringLen
Library advapi32.dll:
0x5809a4 RegQueryValueExA
0x5809a8 RegOpenKeyExA
0x5809ac RegCloseKey
Library user32.dll:
0x5809b4 GetKeyboardType
0x5809b8 DestroyWindow
0x5809bc LoadStringA
0x5809c0 MessageBoxA
0x5809c4 CharNextA
Library kernel32.dll:
0x5809cc GetACP
0x5809d0 Sleep
0x5809d4 VirtualFree
0x5809d8 VirtualAlloc
0x5809dc GetCurrentThreadId
0x5809e8 VirtualQuery
0x5809ec WideCharToMultiByte
0x5809f0 MultiByteToWideChar
0x5809f4 lstrlenA
0x5809f8 lstrcpynA
0x5809fc LoadLibraryExA
0x580a00 GetThreadLocale
0x580a04 GetStartupInfoA
0x580a08 GetProcAddress
0x580a0c GetModuleHandleA
0x580a10 GetModuleFileNameA
0x580a14 GetLocaleInfoA
0x580a18 GetCommandLineA
0x580a1c FreeLibrary
0x580a20 FindFirstFileA
0x580a24 FindClose
0x580a28 ExitProcess
0x580a2c ExitThread
0x580a30 CreateThread
0x580a34 CompareStringA
0x580a38 WriteFile
0x580a40 RtlUnwind
0x580a44 RaiseException
0x580a48 GetStdHandle
Library kernel32.dll:
0x580a50 TlsSetValue
0x580a54 TlsGetValue
0x580a58 LocalAlloc
0x580a5c GetModuleHandleA
Library user32.dll:
0x580a64 CreateWindowExA
0x580a68 WindowFromPoint
0x580a6c WaitMessage
0x580a70 ValidateRect
0x580a74 UpdateWindow
0x580a78 UnregisterClassA
0x580a7c UnionRect
0x580a80 UnhookWindowsHookEx
0x580a84 TranslateMessage
0x580a8c TrackPopupMenu
0x580a94 ShowWindow
0x580a98 ShowScrollBar
0x580a9c ShowOwnedPopups
0x580aa0 SetWindowsHookExA
0x580aa4 SetWindowTextA
0x580aa8 SetWindowPos
0x580aac SetWindowPlacement
0x580ab0 SetWindowLongW
0x580ab4 SetWindowLongA
0x580ab8 SetTimer
0x580abc SetScrollRange
0x580ac0 SetScrollPos
0x580ac4 SetScrollInfo
0x580ac8 SetRect
0x580acc SetPropA
0x580ad0 SetParent
0x580ad4 SetMenuItemInfoA
0x580ad8 SetMenu
0x580adc SetKeyboardState
0x580ae0 SetForegroundWindow
0x580ae4 SetFocus
0x580ae8 SetCursor
0x580aec SetClipboardData
0x580af0 SetClassLongA
0x580af4 SetCaretPos
0x580af8 SetCapture
0x580afc SetActiveWindow
0x580b00 SendMessageW
0x580b04 SendMessageA
0x580b08 ScrollWindowEx
0x580b0c ScrollWindow
0x580b10 ScreenToClient
0x580b14 RemovePropA
0x580b18 RemoveMenu
0x580b1c ReleaseDC
0x580b20 ReleaseCapture
0x580b2c RegisterClassA
0x580b30 RedrawWindow
0x580b34 PtInRect
0x580b38 PostQuitMessage
0x580b3c PostMessageA
0x580b40 PeekMessageW
0x580b44 PeekMessageA
0x580b48 OpenClipboard
0x580b4c OffsetRect
0x580b50 OemToCharBuffA
0x580b54 OemToCharA
0x580b60 MessageBoxA
0x580b64 MessageBeep
0x580b68 MapWindowPoints
0x580b6c MapVirtualKeyA
0x580b70 LoadStringA
0x580b74 LoadKeyboardLayoutA
0x580b78 LoadIconA
0x580b7c LoadCursorA
0x580b80 LoadBitmapA
0x580b84 KillTimer
0x580b88 IsZoomed
0x580b8c IsWindowVisible
0x580b90 IsWindowUnicode
0x580b94 IsWindowEnabled
0x580b98 IsWindow
0x580b9c IsRectEmpty
0x580ba0 IsIconic
0x580ba4 IsDialogMessageW
0x580ba8 IsDialogMessageA
0x580bac IsChild
0x580bb0 IsCharAlphaNumericA
0x580bb4 IsCharAlphaA
0x580bb8 InvalidateRect
0x580bbc IntersectRect
0x580bc0 InsertMenuItemA
0x580bc4 InsertMenuA
0x580bc8 InflateRect
0x580bd0 GetWindowTextA
0x580bd4 GetWindowRect
0x580bd8 GetWindowPlacement
0x580bdc GetWindowLongW
0x580be0 GetWindowLongA
0x580be4 GetWindowDC
0x580be8 GetTopWindow
0x580bec GetSystemMetrics
0x580bf0 GetSystemMenu
0x580bf4 GetSysColorBrush
0x580bf8 GetSysColor
0x580bfc GetSubMenu
0x580c00 GetScrollRange
0x580c04 GetScrollPos
0x580c08 GetScrollInfo
0x580c0c GetPropA
0x580c10 GetParent
0x580c14 GetWindow
0x580c18 GetMessageTime
0x580c1c GetMessagePos
0x580c20 GetMenuStringA
0x580c24 GetMenuState
0x580c28 GetMenuItemInfoA
0x580c2c GetMenuItemID
0x580c30 GetMenuItemCount
0x580c34 GetMenu
0x580c38 GetLastActivePopup
0x580c3c GetKeyboardState
0x580c48 GetKeyboardLayout
0x580c4c GetKeyState
0x580c50 GetKeyNameTextA
0x580c54 GetIconInfo
0x580c58 GetForegroundWindow
0x580c5c GetFocus
0x580c60 GetDoubleClickTime
0x580c64 GetDlgItem
0x580c68 GetDesktopWindow
0x580c6c GetDCEx
0x580c70 GetDC
0x580c74 GetCursorPos
0x580c78 GetCursor
0x580c7c GetClipboardData
0x580c80 GetClientRect
0x580c84 GetClassNameA
0x580c88 GetClassLongA
0x580c8c GetClassInfoA
0x580c90 GetCaretPos
0x580c94 GetCapture
0x580c98 GetActiveWindow
0x580c9c FrameRect
0x580ca0 FindWindowExA
0x580ca4 FindWindowA
0x580ca8 FillRect
0x580cac EqualRect
0x580cb0 EnumWindows
0x580cb4 EnumThreadWindows
0x580cbc EnumChildWindows
0x580cc0 EndPaint
0x580cc4 EnableWindow
0x580cc8 EnableScrollBar
0x580ccc EnableMenuItem
0x580cd0 EmptyClipboard
0x580cd4 DrawTextA
0x580cd8 DrawMenuBar
0x580cdc DrawIconEx
0x580ce0 DrawIcon
0x580ce4 DrawFrameControl
0x580ce8 DrawFocusRect
0x580cec DrawEdge
0x580cf0 DispatchMessageW
0x580cf4 DispatchMessageA
0x580cf8 DestroyWindow
0x580cfc DestroyMenu
0x580d00 DestroyIcon
0x580d04 DestroyCursor
0x580d08 DestroyCaret
0x580d0c DeleteMenu
0x580d10 DefWindowProcA
0x580d14 DefMDIChildProcA
0x580d18 DefFrameProcA
0x580d1c CreatePopupMenu
0x580d20 CreateMenu
0x580d24 CreateIcon
0x580d28 CreateCaret
0x580d2c CloseClipboard
0x580d30 ClientToScreen
0x580d38 CheckMenuItem
0x580d3c CharUpperBuffW
0x580d40 CharNextW
0x580d44 CallWindowProcA
0x580d48 CallNextHookEx
0x580d4c BeginPaint
0x580d50 CharNextA
0x580d54 CharLowerBuffA
0x580d58 CharLowerA
0x580d5c CharUpperBuffA
0x580d60 CharToOemBuffA
0x580d64 CharToOemA
0x580d68 AdjustWindowRectEx
Library gdi32.dll:
0x580d74 UnrealizeObject
0x580d78 StretchBlt
0x580d7c SetWindowOrgEx
0x580d80 SetWindowExtEx
0x580d84 SetWinMetaFileBits
0x580d88 SetViewportOrgEx
0x580d8c SetViewportExtEx
0x580d90 SetTextColor
0x580d94 SetStretchBltMode
0x580d98 SetROP2
0x580d9c SetPixel
0x580da0 SetMapMode
0x580da4 SetEnhMetaFileBits
0x580da8 SetDIBColorTable
0x580dac SetBrushOrgEx
0x580db0 SetBkMode
0x580db4 SetBkColor
0x580db8 SelectPalette
0x580dbc SelectObject
0x580dc0 SelectClipRgn
0x580dc4 SaveDC
0x580dc8 RestoreDC
0x580dcc Rectangle
0x580dd0 RectVisible
0x580dd4 RealizePalette
0x580dd8 Polyline
0x580ddc PolyPolyline
0x580de0 PlayEnhMetaFile
0x580de4 PatBlt
0x580de8 MoveToEx
0x580dec MaskBlt
0x580df0 LineTo
0x580df4 IntersectClipRect
0x580df8 GetWindowOrgEx
0x580dfc GetWinMetaFileBits
0x580e00 GetTextMetricsA
0x580e04 GetTextExtentPointA
0x580e10 GetStockObject
0x580e14 GetRgnBox
0x580e18 GetPixel
0x580e1c GetPaletteEntries
0x580e20 GetObjectA
0x580e2c GetEnhMetaFileBits
0x580e30 GetDeviceCaps
0x580e34 GetDIBits
0x580e38 GetDIBColorTable
0x580e3c GetDCOrgEx
0x580e44 GetClipBox
0x580e48 GetBrushOrgEx
0x580e4c GetBitmapBits
0x580e50 ExtTextOutA
0x580e54 ExtCreatePen
0x580e58 ExcludeClipRect
0x580e5c DeleteObject
0x580e60 DeleteEnhMetaFile
0x580e64 DeleteDC
0x580e68 CreateSolidBrush
0x580e6c CreatePenIndirect
0x580e70 CreatePalette
0x580e78 CreateFontIndirectA
0x580e7c CreateDIBitmap
0x580e80 CreateDIBSection
0x580e84 CreateCompatibleDC
0x580e8c CreateBrushIndirect
0x580e90 CreateBitmap
0x580e94 CopyEnhMetaFileA
0x580e98 BitBlt
Library version.dll:
0x580ea0 VerQueryValueA
0x580ea8 GetFileVersionInfoA
Library kernel32.dll:
0x580eb0 lstrcpyA
0x580eb4 lstrcmpA
0x580ebc WriteFile
0x580ec0 WideCharToMultiByte
0x580ec4 WaitForSingleObject
0x580ecc VirtualQuery
0x580ed0 VirtualAlloc
0x580ed4 SizeofResource
0x580ed8 SetThreadPriority
0x580edc SetThreadLocale
0x580ee0 SetLastError
0x580ee4 SetFilePointer
0x580ee8 SetEvent
0x580eec SetErrorMode
0x580ef0 SetEndOfFile
0x580ef4 SearchPathA
0x580ef8 ResumeThread
0x580efc ResetEvent
0x580f00 ReleaseMutex
0x580f04 ReadFile
0x580f08 OpenFileMappingA
0x580f0c MultiByteToWideChar
0x580f10 MulDiv
0x580f14 LockResource
0x580f18 LocalFree
0x580f1c LoadResource
0x580f20 LoadLibraryA
0x580f28 IsDBCSLeadByte
0x580f30 GlobalUnlock
0x580f34 GlobalLock
0x580f38 GlobalFree
0x580f3c GlobalFindAtomA
0x580f40 GlobalDeleteAtom
0x580f44 GlobalAlloc
0x580f48 GlobalAddAtomA
0x580f4c GetVersionExA
0x580f50 GetVersion
0x580f54 GetTickCount
0x580f58 GetThreadLocale
0x580f5c GetStdHandle
0x580f60 GetProcAddress
0x580f68 GetModuleHandleA
0x580f6c GetModuleFileNameA
0x580f70 GetLocaleInfoA
0x580f74 GetLocalTime
0x580f78 GetLastError
0x580f7c GetFullPathNameA
0x580f80 GetFileAttributesA
0x580f84 GetExitCodeThread
0x580f88 GetDiskFreeSpaceA
0x580f8c GetDateFormatA
0x580f90 GetCurrentThreadId
0x580f94 GetCurrentProcessId
0x580f9c GetCPInfo
0x580fa0 FreeResource
0x580fa8 InterlockedExchange
0x580fb0 FreeLibrary
0x580fb4 FormatMessageA
0x580fb8 FindResourceA
0x580fbc FindFirstFileA
0x580fc0 FindClose
0x580fc4 FatalAppExitA
0x580fc8 EnumCalendarInfoA
0x580fd4 CreateThread
0x580fd8 CreateMutexA
0x580fdc CreateFileA
0x580fe0 CreateEventA
0x580fe4 CompareStringW
0x580fe8 CompareStringA
0x580fec CloseHandle
Library advapi32.dll:
0x580ff4 RegSetValueExA
0x580ff8 RegQueryValueExA
0x580ffc RegOpenKeyExA
0x581000 RegFlushKey
0x581004 RegCreateKeyExA
0x581008 RegCloseKey
Library oleaut32.dll:
0x581010 GetErrorInfo
0x581014 DispGetParam
0x581018 VariantClear
0x58101c VariantInit
0x581024 SafeArrayAccessData
0x581028 SafeArrayUnlock
0x58102c SafeArrayLock
0x581030 SafeArrayGetLBound
0x581034 SafeArrayGetUBound
0x581038 SafeArrayDestroy
0x58103c SysFreeString
Library ole32.dll:
0x581044 CoTaskMemFree
0x581048 CoTaskMemAlloc
0x58104c CLSIDFromString
0x581050 StringFromCLSID
0x581054 CoCreateInstance
0x581058 CoGetMalloc
0x58105c CoUninitialize
0x581060 CoInitializeEx
0x581064 CoInitialize
Library kernel32.dll:
0x58106c Sleep
Library ole32.dll:
0x581074 CLSIDFromString
Library oleaut32.dll:
0x58107c SafeArrayPtrOfIndex
0x581080 SafeArrayPutElement
0x581084 SafeArrayGetElement
0x58108c SafeArrayAccessData
0x581090 SafeArrayGetUBound
0x581094 SafeArrayGetLBound
0x581098 SafeArrayCreate
0x58109c VariantChangeType
0x5810a0 VariantCopyInd
0x5810a4 VariantCopy
0x5810a8 VariantClear
0x5810ac VariantInit
Library comctl32.dll:
0x5810b4 _TrackMouseEvent
0x5810c0 ImageList_Write
0x5810c4 ImageList_Read
0x5810d0 ImageList_DragMove
0x5810d4 ImageList_DragLeave
0x5810d8 ImageList_DragEnter
0x5810dc ImageList_EndDrag
0x5810e0 ImageList_BeginDrag
0x5810e4 ImageList_Remove
0x5810e8 ImageList_DrawEx
0x5810ec ImageList_Replace
0x5810f0 ImageList_Draw
0x5810fc ImageList_Add
0x581108 ImageList_Destroy
0x58110c ImageList_Create
0x581110 InitCommonControls
Library comdlg32.dll:
0x581118 GetSaveFileNameA
0x58111c GetOpenFileNameA
Library wsock32.dll:
0x581124 WSACleanup
0x581128 WSAStartup
0x58112c WSAGetLastError
0x58113c WSAAsyncSelect
0x581140 getservbyname
0x581144 gethostbyname
0x581148 socket
0x58114c setsockopt
0x581150 send
0x581154 select
0x581158 recv
0x58115c ntohs
0x581160 listen
0x581164 ioctlsocket
0x581168 inet_ntoa
0x58116c inet_addr
0x581170 htons
0x581174 getsockopt
0x581178 getpeername
0x58117c connect
0x581180 closesocket
0x581184 bind
0x581188 accept
Library kernel32.dll:
0x581190 MulDiv

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.