5.2
中危
2 个模型检测该样本为恶意!
重新分析
更多

87ed1f4d9be3d4c09d13b006c7c145162b52ba433c76ee9f5621a3f761924f33

a6df4618df13830091c43b38262e94dc.exe

分析耗时

96s

最近分析

文件大小

527.4KB
静态报毒 动态报毒 AIDETECTVM
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20200115 6.0.6.653
CrowdStrike 20190702 1.0
Alibaba 20190527 0.3.0.5
Avast 20200115 18.4.3895.0
Tencent 20200115 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft 20200115 2013.8.14.323
行为判定
动态指标
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1620836969.523249
CreateProcessInternalW
thread_identifier: 0
thread_handle: 0x00000000
process_identifier: 0
current_directory:
filepath:
track: 0
command_line: \gtfile77\Checkgtf.exe
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000000
inherit_handles: 0
failed 0 0
File has been identified by 2 AntiVirus engines on VirusTotal as malicious (2 个事件)
Bkav W32.AIDetectVM.malware
Ikarus Win32.Malware
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1620836969.320249
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Modifies security center warnings (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UacDisableNotify
Disables Windows Security features (1 个事件)
description disables user access control notifications registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UacDisableNotify
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.110:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-11-05 19:52:19

Imports

Library SHLWAPI.dll:
0x4653f4 SHDeleteKeyA
0x4653f8 PathSetDlgItemPathA
0x4653fc PathFindExtensionA
0x465400 PathIsDirectoryA
0x465404 PathFileExistsA
Library VERSION.dll:
0x4655b4 GetFileVersionInfoA
0x4655bc VerQueryValueA
Library WININET.dll:
0x4655c4 HttpSendRequestA
0x4655cc HttpQueryInfoA
0x4655d0 InternetReadFile
0x4655d4 InternetCloseHandle
0x4655d8 InternetConnectA
0x4655dc HttpOpenRequestA
0x4655e4 InternetOpenA
Library KERNEL32.dll:
0x465124 CreateFileW
0x465128 RaiseException
0x46512c InterlockedExchange
0x465130 LocalAlloc
0x465134 FormatMessageA
0x465138 SetLastError
0x46513c lstrlenA
0x465140 OpenEventA
0x465144 ExitThread
0x465148 SearchPathA
0x46514c GetLongPathNameA
0x465154 MultiByteToWideChar
0x46515c GetCurrentProcessId
0x465160 GetPriorityClass
0x465164 SetPriorityClass
0x465168 GetComputerNameA
0x46516c GetSystemInfo
0x465170 VirtualQueryEx
0x465174 ReadProcessMemory
0x465180 GetSystemTime
0x465184 GetFileTime
0x46518c GetExitCodeThread
0x465190 TerminateThread
0x465194 ResumeThread
0x465198 SuspendThread
0x46519c GetSystemDirectoryA
0x4651a0 RemoveDirectoryA
0x4651a4 QueryDosDeviceA
0x4651a8 Module32First
0x4651ac GetBinaryTypeA
0x4651b0 GetShortPathNameA
0x4651b8 CompareStringW
0x4651bc CompareStringA
0x4651c0 MoveFileA
0x4651c4 Module32Next
0x4651d0 CopyFileA
0x4651d4 CreateEventA
0x4651d8 GetLocalTime
0x4651dc CreateMutexA
0x4651e0 WinExec
0x4651e4 GetVersionExA
0x4651e8 MoveFileExA
0x4651f0 DeleteFileA
0x4651f8 GetModuleHandleA
0x4651fc FlushViewOfFile
0x465200 SetFilePointer
0x465204 GetCurrentProcess
0x465208 GetVersion
0x465210 Process32First
0x465214 OpenProcess
0x465218 TerminateProcess
0x46521c Process32Next
0x465220 GetTickCount
0x465224 CreateThread
0x465228 SetEvent
0x46522c CreateProcessA
0x465230 Sleep
0x465234 WaitForSingleObject
0x465238 CreateFileMappingA
0x46523c MapViewOfFile
0x465240 UnmapViewOfFile
0x465244 CreateFileA
0x465248 ReadFile
0x46524c CloseHandle
0x465250 GetFileSize
0x465254 GetLastError
0x46525c GetDriveTypeA
0x465260 FindFirstFileA
0x465264 FindNextFileA
0x465270 GetModuleFileNameA
0x465274 LoadLibraryA
0x465278 GetProcAddress
0x46527c FreeLibrary
0x465284 GetFileAttributesA
0x465288 LocalFree
0x46528c GetProcessHeap
0x465290 HeapAlloc
0x465294 HeapFree
0x465298 IsBadCodePtr
0x46529c GetStringTypeW
0x4652a0 GetStringTypeA
0x4652bc SetFileAttributesA
0x4652c0 GetTempPathA
0x4652c4 GetTempPathW
0x4652c8 FindFirstFileW
0x4652cc FindNextFileW
0x4652d0 FindClose
0x4652d4 CreateDirectoryA
0x4652d8 WideCharToMultiByte
0x4652e0 IsBadReadPtr
0x4652e4 PeekNamedPipe
0x4652ec LCMapStringW
0x4652f0 LCMapStringA
0x4652f4 SetStdHandle
0x465300 lstrcpyA
0x465304 GlobalDeleteAtom
0x465308 GlobalFindAtomA
0x46530c GlobalAddAtomA
0x465310 lstrcmpiA
0x465314 GlobalGetAtomNameA
0x465318 GetCurrentThreadId
0x46531c lstrcatA
0x465320 lstrcpynA
0x465324 GlobalUnlock
0x465328 GlobalLock
0x46532c lstrcmpA
0x465330 GlobalFree
0x465334 GlobalFlags
0x465340 TlsAlloc
0x465344 GlobalHandle
0x465348 GlobalReAlloc
0x46534c GlobalAlloc
0x465350 TlsSetValue
0x465354 LocalReAlloc
0x465358 TlsGetValue
0x46535c GetProcessVersion
0x465360 GetCPInfo
0x465364 GetOEMCP
0x465368 WriteFile
0x46536c FlushFileBuffers
0x465370 SetEndOfFile
0x465374 RtlUnwind
0x465378 ExitProcess
0x46537c HeapReAlloc
0x465380 GetFileType
0x46538c GetStartupInfoA
0x465390 GetCommandLineA
0x465394 GetACP
0x465398 HeapSize
0x46539c HeapDestroy
0x4653a0 HeapCreate
0x4653a4 VirtualFree
0x4653a8 VirtualAlloc
0x4653ac IsBadWritePtr
0x4653b0 SetHandleCount
0x4653b4 GetStdHandle
Library USER32.dll:
0x46540c ReleaseDC
0x465410 CopyRect
0x465414 GetWindowPlacement
0x465418 IsIconic
0x465424 SetWindowLongA
0x465428 GetWindowLongA
0x46542c GetWindow
0x465430 GetForegroundWindow
0x465434 GetLastActivePopup
0x465438 GetMessagePos
0x46543c GetMessageTime
0x465440 RemovePropA
0x465444 CallWindowProcA
0x465448 GetPropA
0x46544c UnhookWindowsHookEx
0x465450 SetPropA
0x465454 GetClassLongA
0x465458 CallNextHookEx
0x46545c SetWindowsHookExA
0x465460 DestroyWindow
0x465464 DefWindowProcA
0x465468 GetDlgCtrlID
0x46546c GetMenuItemID
0x465470 GetMenuItemCount
0x465474 GetMenu
0x465478 RegisterClassA
0x46547c GetClassInfoA
0x465480 WinHelpA
0x465484 GetCapture
0x465488 GetParent
0x46548c GetTopWindow
0x465490 AdjustWindowRectEx
0x465494 GetFocus
0x465498 DispatchMessageA
0x46549c PeekMessageA
0x4654a0 GetSysColor
0x4654a4 MapWindowPoints
0x4654a8 IsWindowEnabled
0x4654ac GetNextDlgTabItem
0x4654b0 EnableMenuItem
0x4654b4 CheckMenuItem
0x4654b8 SetMenuItemBitmaps
0x4654bc SetFocus
0x4654c0 GetMenuState
0x4654c8 ClientToScreen
0x4654cc TabbedTextOutA
0x4654d0 DrawTextA
0x4654d4 GrayStringA
0x4654d8 GetClassNameA
0x4654dc LoadStringA
0x4654e0 PostQuitMessage
0x4654e4 GetSysColorBrush
0x4654e8 GetDlgItemTextA
0x4654ec GetKeyboardState
0x4654f0 ToAscii
0x4654f4 GetKeyState
0x4654f8 PtInRect
0x4654fc LoadCursorA
0x465500 SetCursor
0x465504 MessageBeep
0x465508 KillTimer
0x46550c MoveWindow
0x465510 ScreenToClient
0x465514 SetWindowPos
0x465518 LoadMenuA
0x46551c GetSubMenu
0x465520 GetCursorPos
0x465524 SetMenuItemInfoA
0x465528 TrackPopupMenu
0x46552c GetWindowTextA
0x465530 SetForegroundWindow
0x465534 UpdateWindow
0x465538 wsprintfA
0x46553c BeginPaint
0x465540 FillRect
0x465544 EndPaint
0x465548 SetTimer
0x46554c EndDialog
0x465550 LoadBitmapA
0x465554 GetDC
0x465558 GetClientRect
0x46555c SetDlgItemTextA
0x465560 GetDlgItem
0x465564 InvalidateRect
0x465568 SetWindowTextA
0x46556c ExitWindowsEx
0x465570 DialogBoxParamA
0x465574 ShowWindow
0x465578 FindWindowA
0x46557c PostMessageA
0x465580 MessageBoxA
0x465584 GetWindowRect
0x465588 AppendMenuA
0x46558c CreatePopupMenu
0x465590 LoadIconA
0x465594 EnableWindow
0x465598 SendMessageA
0x46559c DestroyMenu
0x4655a0 CreateWindowExA
0x4655a4 GetSystemMetrics
0x4655a8 SetDlgItemInt
0x4655ac ModifyMenuA
Library GDI32.dll:
0x4650a8 OffsetViewportOrgEx
0x4650ac Escape
0x4650b0 ExtTextOutA
0x4650b4 RectVisible
0x4650b8 PtVisible
0x4650bc CreatePen
0x4650c0 TextOutA
0x4650c4 GetDeviceCaps
0x4650c8 CreateFontA
0x4650cc SetTextColor
0x4650d0 GetStockObject
0x4650d4 SetBkColor
0x4650d8 CreateSolidBrush
0x4650dc StretchBlt
0x4650e0 DeleteObject
0x4650e4 CreateCompatibleDC
0x4650e8 SelectObject
0x4650ec GetObjectA
0x4650f0 SetBkMode
0x4650f4 GetClipBox
0x4650f8 CreateBitmap
0x4650fc DeleteDC
0x465100 SaveDC
0x465104 RestoreDC
0x465108 SetMapMode
0x46510c SetViewportOrgEx
0x465110 SetViewportExtEx
0x465114 ScaleViewportExtEx
0x465118 SetWindowExtEx
0x46511c ScaleWindowExtEx
Library comdlg32.dll:
0x4655fc GetOpenFileNameA
Library ADVAPI32.dll:
0x465000 RegEnumValueA
0x465008 OpenProcessToken
0x46500c RegSetValueExA
0x465010 RegCloseKey
0x465014 RegQueryValueExA
0x465018 RegCreateKeyA
0x46501c SetFileSecurityA
0x465024 DeleteAce
0x465028 InitializeAcl
0x465030 IsValidSid
0x46503c GetSidSubAuthority
0x465040 GetTokenInformation
0x465044 LookupAccountSidA
0x465048 RegDeleteKeyA
0x46504c RegQueryInfoKeyA
0x465054 RegOpenKeyA
0x465058 RegDeleteValueA
0x46505c GetAce
0x465060 EqualSid
0x465064 AddAce
0x465068 AddAccessAllowedAce
0x465070 SetEntriesInAclA
0x465078 FreeSid
0x46507c GetUserNameA
0x465080 LookupAccountNameA
0x465084 GetFileSecurityA
0x465090 GetAclInformation
Library SHELL32.dll:
0x4653cc ExtractIconA
0x4653d0 DragQueryFileA
0x4653d4 DragFinish
0x4653d8 ShellExecuteExA
0x4653dc SHBrowseForFolderA
0x4653e4 SHGetMalloc
0x4653e8 Shell_NotifyIconA
0x4653ec ShellExecuteA
Library COMCTL32.dll:
0x465098
0x4650a0 ImageList_Destroy
Library NETAPI32.dll:
0x4653bc NetShareEnum
0x4653c0 NetShareGetInfo
0x4653c4 NetApiBufferFree
Library WINSPOOL.DRV:
0x4655ec OpenPrinterA
0x4655f0 DocumentPropertiesA
0x4655f4 ClosePrinter

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.