1.0
低危

0bb589a401fb1452a5e51660020a25bb2f114f168ff8d351ddc4a8169f759504

a765129ae70aac8882cced41d145b752.exe

分析耗时

77s

最近分析

文件大小

623.0KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
行为判定
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2018-12-28 18:04:04

Imports

Library gdiplus.dll:
0x43e2b8 GdipMeasureString
0x43e2c0 GdipCloneBrush
0x43e2c4 GdipDeletePen
0x43e2c8 GdipFree
0x43e2cc GdipDrawRectangleI
0x43e2d4 GdiplusStartup
0x43e2d8 GdiplusShutdown
0x43e2dc GdipCloneImage
0x43e2e0 GdipDisposeImage
0x43e2e8 GdipDeleteBrush
0x43e2f0 GdipCreatePen1
0x43e2f8 GdipDrawLineI
0x43e2fc GdipFillRectangleI
0x43e300 GdipCreateFromHDC
0x43e308 GdipDrawString
0x43e310 GdipCreateFont
0x43e314 GdipAlloc
0x43e318 GdipCreateSolidFill
0x43e324 GdipDeleteGraphics
0x43e328 GdipDeleteFont
Library WININET.dll:
0x43e290 HttpSendRequestA
0x43e294 InternetOpenUrlW
0x43e298 InternetReadFile
0x43e29c HttpQueryInfoW
0x43e2a0 InternetOpenA
0x43e2a4 InternetOpenUrlA
0x43e2a8 InternetConnectA
0x43e2ac InternetCloseHandle
0x43e2b0 HttpOpenRequestA
Library SHLWAPI.dll:
0x43e208 PathQuoteSpacesW
0x43e20c PathRemoveFileSpecW
Library KERNEL32.dll:
0x43e040 HeapReAlloc
0x43e044 IsValidLocale
0x43e048 EnumSystemLocalesA
0x43e04c GetLocaleInfoA
0x43e050 GetUserDefaultLCID
0x43e058 GetCurrentProcessId
0x43e05c GetTickCount
0x43e060 GetFileType
0x43e068 SetHandleCount
0x43e074 GetModuleFileNameA
0x43e078 GetCurrentProcess
0x43e07c TerminateProcess
0x43e080 IsDebuggerPresent
0x43e08c HeapSize
0x43e090 GetCurrentThreadId
0x43e094 SetLastError
0x43e098 ExitProcess
0x43e09c GetProcAddress
0x43e0a0 GetLastError
0x43e0a4 CreateMutexA
0x43e0a8 CloseHandle
0x43e0ac GetModuleFileNameW
0x43e0b0 WideCharToMultiByte
0x43e0b4 WriteFile
0x43e0b8 Sleep
0x43e0bc CreateFileW
0x43e0c0 GetTempFileNameW
0x43e0c4 SetFilePointer
0x43e0c8 CreateProcessW
0x43e0cc WaitForSingleObject
0x43e0d0 ReadFile
0x43e0d4 DeleteFileW
0x43e0d8 CreateThread
0x43e0dc SetEvent
0x43e0e0 GetModuleHandleW
0x43e0e4 ResetEvent
0x43e0e8 CreateEventW
0x43e0ec FindResourceW
0x43e0f0 GlobalLock
0x43e0f4 GlobalAlloc
0x43e0f8 SizeofResource
0x43e0fc GlobalUnlock
0x43e100 GlobalFree
0x43e104 LockResource
0x43e11c GetVersionExW
0x43e120 FindNextFileA
0x43e124 FindFirstFileA
0x43e128 FindNextFileW
0x43e12c FindFirstFileW
0x43e130 MoveFileExA
0x43e134 MoveFileExW
0x43e13c MultiByteToWideChar
0x43e140 HeapCreate
0x43e144 TlsSetValue
0x43e14c CompareStringW
0x43e150 GetDateFormatA
0x43e154 GetTimeFormatA
0x43e158 LCMapStringW
0x43e15c RaiseException
0x43e160 RtlUnwind
0x43e164 DeleteFileA
0x43e168 GetStartupInfoW
0x43e16c HeapSetInformation
0x43e170 GetCommandLineA
0x43e174 GetCPInfo
0x43e178 HeapAlloc
0x43e17c HeapFree
0x43e180 GetLocaleInfoW
0x43e194 DecodePointer
0x43e198 EncodePointer
0x43e19c GetStringTypeW
0x43e1a0 InterlockedExchange
0x43e1ac LoadLibraryW
0x43e1b0 GetConsoleCP
0x43e1b4 GetConsoleMode
0x43e1b8 TlsFree
0x43e1bc SetStdHandle
0x43e1c0 WriteConsoleW
0x43e1c4 FlushFileBuffers
0x43e1cc LocalFree
0x43e1d0 TlsAlloc
0x43e1d4 TlsGetValue
0x43e1d8 IsValidCodePage
0x43e1dc GetOEMCP
0x43e1e0 LoadResource
0x43e1e4 GetStdHandle
0x43e1e8 GetACP
Library USER32.dll:
0x43e214 DispatchMessageW
0x43e218 EndPaint
0x43e21c DestroyWindow
0x43e220 SetCursor
0x43e224 SetTimer
0x43e228 ScreenToClient
0x43e22c GetWindowRect
0x43e230 PostQuitMessage
0x43e234 SetCapture
0x43e238 PostMessageW
0x43e23c TrackMouseEvent
0x43e240 LoadCursorW
0x43e244 TranslateMessage
0x43e248 GetDC
0x43e24c RegisterClassExW
0x43e250 LoadIconW
0x43e254 InvalidateRect
0x43e258 ReleaseDC
0x43e25c SetWindowPos
0x43e260 GetCursorPos
0x43e264 ShowWindow
0x43e268 CreateWindowExW
0x43e26c MessageBoxW
0x43e270 ReleaseCapture
0x43e274 GetSystemMetrics
0x43e278 UpdateWindow
0x43e27c MoveWindow
0x43e280 GetMessageW
0x43e284 BeginPaint
0x43e288 DefWindowProcW
Library GDI32.dll:
0x43e01c DeleteObject
0x43e024 CreateSolidBrush
0x43e028 DeleteDC
0x43e02c CreateCompatibleDC
0x43e030 SelectObject
0x43e034 BitBlt
Library ADVAPI32.dll:
0x43e000 RegCreateKeyExA
0x43e004 RegSetValueExA
0x43e008 RegCloseKey
Library SHELL32.dll:
0x43e200 ShellExecuteW
Library ole32.dll:
0x43e330 CoUninitialize
0x43e334 CoInitializeEx
0x43e33c CoSetProxyBlanket
0x43e344 CoCreateInstance
Library OLEAUT32.dll:
0x43e1f0 SysFreeString
0x43e1f4 VariantClear
0x43e1f8 SysAllocString
Library COMCTL32.dll:
0x43e010
0x43e014

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.