SmartHawk

2.6

中危

该样本未表现出任何异常！

d7d7cf11e3407d3e8a94a7cedaba0dbcee14462c0e148b98a8cd0520af69c582

a24c0fc5d73cb82c9780b16faa99d1c1.exe

分析耗时

97s

最近分析

文件大小

2.1MB

静态报毒动态报毒

未检测暂无鹰眼引擎检测结果

未检测暂无反病毒引擎检测结果

This executable has a PDB path (1 个事件)

pdb_path

C:\JobRelease\win\Release\stubs\x86\ExternalUi.pdb

The file contains an unknown PE resource name possibly indicative of a packer (2 个事件)

resource name	IMAGE_FILE
resource name	RTF_FILE

Communicates with host for which no DNS query was performed (2 个事件)

host	172.217.24.14
host	203.208.40.34

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)

dead_host	172.217.24.14:443
dead_host	172.217.160.110:443
dead_host	172.217.160.78:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2019-12-17 17:36:36

Imports

Library KERNEL32.dll:

• 0x56e000 GetModuleFileNameW

• 0x56e004 FormatMessageW

• 0x56e008 OutputDebugStringW

• 0x56e00c CreateFileW

• 0x56e010 CloseHandle

• 0x56e014 WriteFile

• 0x56e018 DeleteFileW

• 0x56e01c HeapDestroy

• 0x56e020 HeapSize

• 0x56e024 HeapReAlloc

• 0x56e028 HeapFree

• 0x56e02c HeapAlloc

• 0x56e030 GetProcessHeap

• 0x56e034 RemoveDirectoryW

• 0x56e038 GetTempPathW

• 0x56e03c GetTempFileNameW

• 0x56e040 CreateDirectoryW

• 0x56e044 MoveFileW

• 0x56e048 GetLastError

• 0x56e04c SizeofResource

• 0x56e050 LockResource

• 0x56e054 LoadResource

• 0x56e058 FindResourceW

• 0x56e05c FindResourceExW

• 0x56e060 EnterCriticalSection

• 0x56e064 LeaveCriticalSection

• 0x56e068 DeleteCriticalSection

• 0x56e06c InitializeCriticalSectionAndSpinCount

• 0x56e070 GetCurrentThreadId

• 0x56e074 RaiseException

• 0x56e078 SetLastError

• 0x56e07c GlobalUnlock

• 0x56e080 GlobalLock

• 0x56e084 GlobalAlloc

• 0x56e088 MulDiv

• 0x56e08c lstrcmpW

• 0x56e090 CreateEventW

• 0x56e094 SetEvent

• 0x56e098 InitializeCriticalSection

• 0x56e09c lstrcpynW

• 0x56e0a0 WaitForSingleObject

• 0x56e0a4 CreateThread

• 0x56e0a8 GetProcAddress

• 0x56e0ac LoadLibraryExW

• 0x56e0b0 DecodePointer

• 0x56e0b4 Sleep

• 0x56e0b8 GetDiskFreeSpaceExW

• 0x56e0bc GetExitCodeThread

• 0x56e0c0 GetCurrentProcessId

• 0x56e0c4 FreeLibrary

• 0x56e0c8 GetSystemDirectoryW

• 0x56e0cc lstrlenW

• 0x56e0d0 VerifyVersionInfoW

• 0x56e0d4 VerSetConditionMask

• 0x56e0d8 lstrcmpiW

• 0x56e0dc GetModuleHandleW

• 0x56e0e0 LoadLibraryW

• 0x56e0e4 GetDriveTypeW

• 0x56e0e8 CompareStringW

• 0x56e0ec FindFirstFileW

• 0x56e0f0 FindNextFileW

• 0x56e0f4 GetLogicalDriveStringsW

• 0x56e0f8 GetFileSize

• 0x56e0fc GetFileAttributesW

• 0x56e100 SetFileAttributesW

• 0x56e104 GetFileTime

• 0x56e108 CopyFileW

• 0x56e10c ReadFile

• 0x56e110 SetFilePointer

• 0x56e114 FindClose

• 0x56e118 MultiByteToWideChar

• 0x56e11c WideCharToMultiByte

• 0x56e120 GetCurrentProcess

• 0x56e124 GetSystemInfo

• 0x56e128 WaitForMultipleObjects

• 0x56e12c ReadConsoleW

• 0x56e130 VirtualProtect

• 0x56e134 VirtualQuery

• 0x56e138 LoadLibraryExA

• 0x56e13c GetStringTypeW

• 0x56e140 GetShortPathNameW

• 0x56e144 SetUnhandledExceptionFilter

• 0x56e148 GetEnvironmentVariableW

• 0x56e14c GetEnvironmentStringsW

• 0x56e150 LocalFree

• 0x56e154 LoadLibraryA

• 0x56e158 GetModuleFileNameA

• 0x56e15c GetFullPathNameW

• 0x56e160 GetCurrentThread

• 0x56e164 FlushFileBuffers

• 0x56e168 SetConsoleTextAttribute

• 0x56e16c GetStdHandle

• 0x56e170 GetConsoleScreenBufferInfo

• 0x56e174 CreateProcessW

• 0x56e178 GetExitCodeProcess

• 0x56e17c GetTickCount

• 0x56e180 GetCommandLineW

• 0x56e184 SetCurrentDirectoryW

• 0x56e188 SetEndOfFile

• 0x56e18c EnumResourceLanguagesW

• 0x56e190 GetLocaleInfoW

• 0x56e194 GetSystemDefaultLangID

• 0x56e198 GetUserDefaultLangID

• 0x56e19c GetWindowsDirectoryW

• 0x56e1a0 GetSystemTime

• 0x56e1a4 SystemTimeToFileTime

• 0x56e1a8 FileTimeToSystemTime

• 0x56e1ac CreateToolhelp32Snapshot

• 0x56e1b0 Process32FirstW

• 0x56e1b4 Process32NextW

• 0x56e1b8 ResetEvent

• 0x56e1bc GlobalFree

• 0x56e1c0 GetPrivateProfileStringW

• 0x56e1c4 GetPrivateProfileSectionNamesW

• 0x56e1c8 WritePrivateProfileStringW

• 0x56e1cc GetLocalTime

• 0x56e1d0 CreateNamedPipeW

• 0x56e1d4 ConnectNamedPipe

• 0x56e1d8 TerminateThread

• 0x56e1dc LocalAlloc

• 0x56e1e0 CompareFileTime

• 0x56e1e4 CopyFileExW

• 0x56e1e8 OpenEventW

• 0x56e1ec PeekNamedPipe

• 0x56e1f0 IsProcessorFeaturePresent

• 0x56e1f4 WaitForSingleObjectEx

• 0x56e1f8 UnhandledExceptionFilter

• 0x56e1fc TerminateProcess

• 0x56e200 IsDebuggerPresent

• 0x56e204 GetStartupInfoW

• 0x56e208 QueryPerformanceCounter

• 0x56e20c GetSystemTimeAsFileTime

• 0x56e210 InitializeSListHead

• 0x56e214 EncodePointer

• 0x56e218 InterlockedPopEntrySList

• 0x56e21c InterlockedPushEntrySList

• 0x56e220 FlushInstructionCache

• 0x56e224 VirtualAlloc

• 0x56e228 VirtualFree

• 0x56e22c QueryPerformanceFrequency

• 0x56e230 SwitchToThread

• 0x56e234 TlsAlloc

• 0x56e238 TlsGetValue

• 0x56e23c TlsSetValue

• 0x56e240 TlsFree

• 0x56e244 GetCPInfo

• 0x56e248 LCMapStringW

• 0x56e24c RtlUnwind

• 0x56e250 ExitProcess

• 0x56e254 GetModuleHandleExW

• 0x56e258 GetFileType

• 0x56e25c IsValidLocale

• 0x56e260 GetUserDefaultLCID

• 0x56e264 EnumSystemLocalesW

• 0x56e268 GetConsoleCP

• 0x56e26c GetConsoleMode

• 0x56e270 IsValidCodePage

• 0x56e274 GetACP

• 0x56e278 GetOEMCP

• 0x56e27c FindFirstFileExW

• 0x56e280 GetCommandLineA

• 0x56e284 FreeEnvironmentStringsW

• 0x56e288 SetStdHandle

• 0x56e28c GetFileSizeEx

• 0x56e290 SetFilePointerEx

• 0x56e294 WriteConsoleW

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
clients2.google.com	A 172.217.160.110 CNAME clients.l.google.com A 172.217.160.78	142.250.66.110
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	53210	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	60215	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	50002	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	53380	224.0.0.252	5355
192.168.56.101	56539	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57756	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	60221	224.0.0.252	5355
192.168.56.101	60384	224.0.0.252	5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.