2.6
中危
该样本未表现出任何异常!
重新分析
更多

6562e2ac60afa314cd463f771fcfb8be70f947f6e2b314b0c48187eebb33dd82

a579d53a1d29684de6d2c0cbabd525c5.exe

分析耗时

103s

最近分析

文件大小

87.0KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
行为判定
动态指标
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.6690649913712114 section {'size_of_data': '0x00008c00', 'virtual_address': '0x0000d000', 'entropy': 7.6690649913712114, 'name': '.data', 'virtual_size': '0x0000c1e0'} description A section with a high entropy has been found
entropy 0.4069767441860465 description Overall entropy of this PE file is high
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2015-04-10 18:33:00

Imports

Library KERNEL32.dll:
0x409000 TerminateProcess
0x409004 ReadFile
0x409008 lstrlenW
0x40900c lstrcatW
0x409010 GetTempPathA
0x409014 lstrcpyW
0x409018 DeleteFileA
0x409020 HeapAlloc
0x409024 HeapFree
0x409028 GetProcessHeap
0x40902c Sleep
0x409030 GetLastError
0x409034 LoadLibraryW
0x409038 CreateFileW
0x40903c DeleteFileW
0x409040 FlushFileBuffers
0x409048 GetStringTypeW
0x40904c LCMapStringW
0x409050 WriteFile
0x409054 CreateFileA
0x409058 GetCurrentProcessId
0x40905c CloseHandle
0x409060 GetProcAddress
0x409064 GetModuleHandleW
0x409068 GetCurrentProcess
0x40906c WriteConsoleW
0x409070 SetStdHandle
0x409074 HeapReAlloc
0x409078 DecodePointer
0x40907c EncodePointer
0x409080 GetCommandLineA
0x409084 HeapSetInformation
0x409088 GetStartupInfoW
0x409094 IsDebuggerPresent
0x409098 RaiseException
0x40909c HeapCreate
0x4090a0 GetStdHandle
0x4090a4 GetModuleFileNameW
0x4090a8 ExitProcess
0x4090ac GetModuleFileNameA
0x4090b4 WideCharToMultiByte
0x4090bc SetHandleCount
0x4090c4 GetFileType
0x4090cc TlsAlloc
0x4090d0 TlsGetValue
0x4090d4 TlsSetValue
0x4090d8 TlsFree
0x4090e0 SetLastError
0x4090e4 GetCurrentThreadId
0x4090f0 GetTickCount
0x4090f8 HeapSize
0x409104 RtlUnwind
0x409108 SetFilePointer
0x40910c GetConsoleCP
0x409110 GetConsoleMode
0x409114 GetCPInfo
0x409118 GetACP
0x40911c GetOEMCP
0x409120 IsValidCodePage
0x409124 MultiByteToWideChar
Library SHELL32.dll:
0x40912c ShellExecuteW
0x409130 ShellExecuteExW

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.