5.6
高危
该样本未表现出任何异常!
重新分析
更多

eda07876e9dc814166e5b84cc7b1b14b68dd026c798e97e75f93f83fba680c73

a364fd91f2bca0d70dedc7780f31fe60.exe

分析耗时

73s

最近分析

文件大小

262.3KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
HTTP traffic contains suspicious features which may be indicative of malware related traffic (2 个事件)
suspicious_features POST method with no referer header suspicious_request POST http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
suspicious_features POST method with no referer header suspicious_request POST http://www.google-analytics.com/collect
Performs some HTTP requests (3 个事件)
request GET http://iavs9x.avg.u.avcdn.net/avg/iavs9x/avg_antivirus_free_setup_x64.exe
request POST http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
request POST http://www.google-analytics.com/collect
Sends data using the HTTP POST Method (2 个事件)
request POST http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
request POST http://www.google-analytics.com/collect
Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (1 个事件)
Time & API Arguments Status Return Repeated
1620985519.687212
GetDiskFreeSpaceExW
root_path: C:\Windows\Temp\asw.c88f9dfdef5d26c4
free_bytes_available: 19608154112
total_number_of_free_bytes: 0
total_number_of_bytes: 0
success 1 0
Creates executable files on the filesystem (1 个事件)
file C:\Windows\Temp\asw.c88f9dfdef5d26c4\avg_antivirus_free_setup_x64.exe
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Attempts to identify installed AV products by installation directory (1 个事件)
file C:\Windows\Temp\asw.c88f9dfdef5d26c4\avg_antivirus_free_setup_x64.exe
Queries information on disks, possibly for anti-virtualization (2 个事件)
Time & API Arguments Status Return Repeated
1620985519.577212
NtCreateFile
create_disposition: 1 (FILE_OPEN)
file_handle: 0x0000007c
filepath: \??\PhysicalDrive0
desired_access: 0x00100080 (FILE_READ_ATTRIBUTES|SYNCHRONIZE)
file_attributes: 0 ()
filepath_r: \??\PhysicalDrive0
create_options: 96 (FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT)
status_info: 0 (FILE_SUPERSEDED)
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
success 0 0
1620985519.577212
DeviceIoControl
input_buffer:
device_handle: 0x0000007c
control_code: 2954240 ()
output_buffer: (§Lu~ $ VBOX HARDDISK 1.0VBOX HARDDISK 1.0 42566434623363626138662d3764623238312037
success 1 0
Detects Virtual Machines through their custom firmware (1 个事件)
Time & API Arguments Status Return Repeated
1620985519.593212
NtQuerySystemInformation
information_class: 76 (SystemFirmwareTableInformation)
failed 3221225507 0
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-03-12 20:34:28

Imports

Library KERNEL32.dll:
0x422058 LocalFree
0x42205c CreateFileMappingW
0x422060 MapViewOfFile
0x422064 UnmapViewOfFile
0x422068 CloseHandle
0x42206c FindResourceW
0x422070 LoadResource
0x422074 SizeofResource
0x422078 CreateFileW
0x42207c EnumResourceNamesW
0x422080 lstrlenA
0x422088 GetVersionExA
0x42208c GetNativeSystemInfo
0x422090 lstrcatA
0x422094 CreateThread
0x422098 GetCurrentProcess
0x42209c CreateMutexW
0x4220a0 lstrcpynW
0x4220a4 HeapFree
0x4220a8 GetDiskFreeSpaceExW
0x4220b4 CreateProcessW
0x4220b8 ResumeThread
0x4220bc CreateDirectoryW
0x4220c0 GetExitCodeProcess
0x4220c4 ReleaseMutex
0x4220c8 VirtualQuery
0x4220cc VirtualProtect
0x4220d0 GetSystemInfo
0x4220d8 WriteFile
0x4220dc SetEndOfFile
0x4220e0 SetFilePointerEx
0x4220e4 GetFileSizeEx
0x4220e8 GetLastError
0x4220ec InterlockedExchange
0x4220f0 ExitProcess
0x4220f8 HeapSetInformation
0x4220fc SetDllDirectoryW
0x422100 GetModuleHandleA
0x422104 WriteConsoleW
0x422108 GetConsoleMode
0x42210c GetConsoleCP
0x422110 FlushFileBuffers
0x422114 LCMapStringW
0x42211c Sleep
0x422120 WaitForSingleObject
0x422124 SetLastError
0x422128 GetProcAddress
0x42212c lstrcpyW
0x422130 GetSystemDirectoryW
0x422134 GetProcessHeap
0x422138 MoveFileExW
0x42213c HeapAlloc
0x422140 GetVersionExW
0x422144 DeviceIoControl
0x42214c GetVolumePathNameW
0x422150 HeapSize
0x422154 GetVersion
0x42215c MultiByteToWideChar
0x422160 HeapReAlloc
0x422164 RaiseException
0x422168 DecodePointer
0x42216c HeapDestroy
0x422174 GetModuleHandleW
0x422178 WideCharToMultiByte
0x422184 SetEvent
0x422188 ResetEvent
0x422190 CreateEventW
0x42219c TerminateProcess
0x4221a4 GetCurrentProcessId
0x4221a8 GetCurrentThreadId
0x4221ac InitializeSListHead
0x4221b0 IsDebuggerPresent
0x4221b4 GetStartupInfoW
0x4221b8 OutputDebugStringW
0x4221bc RtlUnwind
0x4221c0 EncodePointer
0x4221c4 TlsAlloc
0x4221c8 TlsGetValue
0x4221cc TlsSetValue
0x4221d0 TlsFree
0x4221d4 FreeLibrary
0x4221d8 LoadLibraryExW
0x4221dc GetCommandLineA
0x4221e0 GetCommandLineW
0x4221e4 GetStdHandle
0x4221e8 GetModuleFileNameW
0x4221ec GetModuleHandleExW
0x4221f0 GetFileType
0x4221f4 GetStringTypeW
0x4221f8 FindClose
0x4221fc FindFirstFileExW
0x422200 FindNextFileW
0x422204 IsValidCodePage
0x422208 GetACP
0x42220c GetOEMCP
0x422210 GetCPInfo
0x42221c SetStdHandle
0x422220 LoadLibraryExA
Library USER32.dll:
0x42222c wsprintfA
0x422230 MessageBoxExW
0x422234 LoadStringW
0x422238 wsprintfW
0x42223c SetForegroundWindow
0x422240 FindWindowW
0x422244 DispatchMessageW
0x422248 GetMessageW
0x42224c PostMessageW
0x422250 CreateWindowExW
0x422258 GetSystemMetrics
0x42225c LoadImageW
0x422260 DefWindowProcW
0x422264 KillTimer
0x422268 InvalidateRect
0x42226c SetTimer
0x422270 EndPaint
0x422274 FillRect
0x422278 BeginPaint
0x42227c RegisterClassExW
Library GDI32.dll:
0x422048 GetObjectW
0x42204c CreateSolidBrush
0x422050 CreatePatternBrush
Library ADVAPI32.dll:
0x422000 GetSidSubAuthority
0x422004 CryptHashData
0x422008 CryptCreateHash
0x42200c CryptDestroyHash
0x422014 OpenProcessToken
0x422018 GetTokenInformation
0x42201c IsValidSid
0x422020 CryptGetHashParam
0x422028 CryptReleaseContext
0x422030 CryptGenRandom
Library COMCTL32.dll:
0x422038
Library CRYPT32.dll:

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49174 184.28.98.99 iavs9x.avg.u.avcdn.net 80
192.168.56.101 49176 203.208.41.65 www.google-analytics.com 80
192.168.56.101 49175 5.62.53.225 v7event.stats.avast.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 53658 239.255.255.250 3702
192.168.56.101 53660 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi 
POST /cgi-bin/iavsevents.cgi HTTP/1.1
Connection: Keep-Alive
Content-Type: iavs4/stats
User-Agent: AVG Microstub/2.1
Content-Length: 268
Host: v7event.stats.avast.com
http://iavs9x.avg.u.avcdn.net/avg/iavs9x/avg_antivirus_free_setup_x64.exe 
GET /avg/iavs9x/avg_antivirus_free_setup_x64.exe HTTP/1.1
Connection: Keep-Alive
User-Agent: AVG Microstub/2.1
Host: iavs9x.avg.u.avcdn.net
http://www.google-analytics.com/collect 
POST /collect HTTP/1.1
Connection: Keep-Alive
User-Agent: AVG Microstub/2.1
Content-Length: 140
Host: www.google-analytics.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.