SmartHawk

2.8

中危

2 个模型检测该样本为恶意！

重新分析

下载样本

bd455479517ba8615e850a49881a52450df3f4d227965ad13570878a6015797e

a90750de0668aea244e0301c337411d9.exe

分析耗时

35s

最近分析

文件大小

428.0KB

静态报毒动态报毒 CONFIDENCE MALICIOUS

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee		20200918	6.0.6.653
Alibaba		20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast		20200918	18.4.3895.0
Tencent		20200918	1.0.0.1
Kingsoft		20200918	2013.8.14.323
CrowdStrike	win/malicious_confidence_60% (W)	20190702	1.0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

_winzip_

The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)

resource name

WZ_MANIFEST

File has been identified by 2 AntiVirus engines on VirusTotal as malicious (2 个事件)

APEX	Malicious
CrowdStrike	win/malicious_confidence_60% (W)

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.997289576429965

section

{'size_of_data': '0x01d1d000', 'virtual_address': '0x0002d000', 'entropy': 7.997289576429965, 'name': '_winzip_', 'virtual_size': '0x01d1d000'}

description

A section with a high entropy has been found

entropy

0.9958578300374131

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)

dead_host

172.217.160.110:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2016-08-05 23:28:26

Imports

Library KERNEL32.dll:

• 0x416034 SetFileAttributesA

• 0x416038 RemoveDirectoryA

• 0x41603c SetEndOfFile

• 0x416040 SetFilePointer

• 0x416044 CloseHandle

• 0x416048 UnmapViewOfFile

• 0x41604c MapViewOfFile

• 0x416050 CreateFileMappingA

• 0x416054 GetFileSize

• 0x416058 CreateFileA

• 0x41605c GetWindowsDirectoryA

• 0x416060 MoveFileExA

• 0x416064 GlobalFree

• 0x416068 GlobalUnlock

• 0x41606c GlobalHandle

• 0x416070 _lclose

• 0x416074 _llseek

• 0x416078 _lread

• 0x41607c _lopen

• 0x416080 GlobalLock

• 0x416084 GlobalAlloc

• 0x416088 GlobalMemoryStatus

• 0x41608c GetVersion

• 0x416090 GetModuleFileNameA

• 0x416094 WriteFile

• 0x416098 GetSystemTime

• 0x41609c CreateProcessA

• 0x4160a0 LocalFree

• 0x4160a4 ExitProcess

• 0x4160a8 FormatMessageA

• 0x4160ac DeleteFileA

• 0x4160b0 GetModuleHandleA

• 0x4160b4 GetVolumeInformationA

• 0x4160b8 FindNextFileA

• 0x4160bc GetTickCount

• 0x4160c0 WideCharToMultiByte

• 0x4160c4 WaitForSingleObject

• 0x4160c8 GetLongPathNameA

• 0x4160cc GetTempPathA

• 0x4160d0 GetCommandLineA

• 0x4160d4 CopyFileA

• 0x4160d8 GetFileAttributesA

• 0x4160dc LoadLibraryExA

• 0x4160e0 GetSystemDirectoryA

• 0x4160e4 SetErrorMode

• 0x4160e8 MultiByteToWideChar

• 0x4160ec GetLocalTime

• 0x4160f0 lstrlenA

• 0x4160f4 CreateFileW

• 0x4160f8 ReadFile

• 0x4160fc GetEnvironmentVariableA

• 0x416100 GetDriveTypeA

• 0x416104 LocalAlloc

• 0x416108 DosDateTimeToFileTime

• 0x41610c LocalFileTimeToFileTime

• 0x416110 GetVersionExA

• 0x416114 SetFileTime

• 0x416118 CreateDirectoryA

• 0x41611c SetCurrentDirectoryA

• 0x416120 FindFirstFileA

• 0x416124 FindClose

• 0x416128 GetLastError

• 0x41612c GetProcAddress

• 0x416130 FreeLibrary

• 0x416134 InterlockedExchange

• 0x416138 LoadLibraryA

• 0x41613c RaiseException

• 0x416140 RtlUnwind

• 0x416144 TerminateProcess

• 0x416148 GetCurrentProcess

• 0x41614c UnhandledExceptionFilter

• 0x416150 SetUnhandledExceptionFilter

• 0x416154 IsDebuggerPresent

• 0x416158 HeapAlloc

• 0x41615c HeapFree

• 0x416160 HeapReAlloc

• 0x416164 GetProcessHeap

• 0x416168 GetStartupInfoA

• 0x41616c GetCPInfo

• 0x416170 InterlockedIncrement

• 0x416174 InterlockedDecrement

• 0x416178 GetACP

• 0x41617c GetOEMCP

• 0x416180 TlsGetValue

• 0x416184 TlsAlloc

• 0x416188 TlsSetValue

• 0x41618c TlsFree

• 0x416190 SetLastError

• 0x416194 GetCurrentThreadId

• 0x416198 Sleep

• 0x41619c HeapSize

• 0x4161a0 DeleteCriticalSection

• 0x4161a4 LeaveCriticalSection

• 0x4161a8 EnterCriticalSection

• 0x4161ac VirtualFree

• 0x4161b0 VirtualAlloc

• 0x4161b4 HeapDestroy

• 0x4161b8 HeapCreate

• 0x4161bc GetStdHandle

• 0x4161c0 LCMapStringA

• 0x4161c4 LCMapStringW

• 0x4161c8 FreeEnvironmentStringsA

• 0x4161cc GetEnvironmentStrings

• 0x4161d0 FreeEnvironmentStringsW

• 0x4161d4 GetEnvironmentStringsW

• 0x4161d8 SetHandleCount

• 0x4161dc GetFileType

• 0x4161e0 QueryPerformanceCounter

• 0x4161e4 GetCurrentProcessId

• 0x4161e8 GetSystemTimeAsFileTime

• 0x4161ec GetStringTypeA

• 0x4161f0 GetStringTypeW

• 0x4161f4 GetLocaleInfoA

• 0x4161f8 GetConsoleCP

• 0x4161fc GetConsoleMode

• 0x416200 InitializeCriticalSection

• 0x416204 SetStdHandle

• 0x416208 WriteConsoleA

• 0x41620c GetConsoleOutputCP

• 0x416210 WriteConsoleW

• 0x416214 FlushFileBuffers

Library GDI32.dll:

• 0x416000 CreateDCA

• 0x416004 SetBkColor

• 0x416008 SetTextColor

• 0x41600c SetTextAlign

• 0x416010 GetBkColor

• 0x416014 GetTextExtentPoint32A

• 0x416018 ExtTextOutA

• 0x41601c GetDeviceCaps

• 0x416020 CreateFontIndirectA

• 0x416024 DeleteDC

• 0x416028 SelectObject

• 0x41602c DeleteObject

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
clients2.google.com	A 172.217.160.110 CNAME clients.l.google.com	142.250.66.110
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	51378	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	60123	114.114.114.114	53
192.168.56.101	63429	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	58367	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702
192.168.56.101	63430	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.