1.8
低危
该样本未表现出任何异常!
重新分析
更多

fd3d14c7fda4aa2194e8ea827690c2fca9501336c4fd54d2195c8b2237a6bc46

ab653ee2d92670097b26c329f8a8b473.exe

分析耗时

87s

最近分析

文件大小

898.5KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1620985519.018241
IsDebuggerPresent
failed 0 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620985519.331241
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 个事件)
section .00cfg
section .gfids
行为判定
动态指标
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Harvests credentials from local FTP client softwares (3 个事件)
registry HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions
registry HKEY_LOCAL_MACHINE\Software\SimonTatham\PuTTY64\CHMPath
registry HKEY_LOCAL_MACHINE\Software\SimonTatham\PuTTY\CHMPath
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1970-01-01 08:00:00

Imports

Library GDI32.dll:
0x4e15e4 CreateBitmap
0x4e15ec CreateCompatibleDC
0x4e15f0 CreateFontA
0x4e15f4 CreateFontIndirectA
0x4e15f8 CreatePalette
0x4e15fc CreatePen
0x4e1600 CreateSolidBrush
0x4e1604 DeleteDC
0x4e1608 DeleteObject
0x4e160c ExcludeClipRect
0x4e1610 ExtTextOutA
0x4e1614 ExtTextOutW
0x4e1618 GetBkMode
0x4e1620 GetCharWidth32A
0x4e1624 GetCharWidth32W
0x4e1628 GetCharWidthA
0x4e162c GetCharWidthW
0x4e1634 GetDeviceCaps
0x4e1638 GetObjectA
0x4e163c GetPixel
0x4e1640 GetStockObject
0x4e164c GetTextMetricsA
0x4e1650 IntersectClipRect
0x4e1654 LineTo
0x4e1658 MoveToEx
0x4e165c Polyline
0x4e1660 RealizePalette
0x4e1664 Rectangle
0x4e1668 SelectObject
0x4e166c SelectPalette
0x4e1670 SetBkColor
0x4e1674 SetBkMode
0x4e1678 SetMapMode
0x4e167c SetPaletteEntries
0x4e1680 SetPixel
0x4e1684 SetTextAlign
0x4e1688 SetTextColor
0x4e168c TextOutA
0x4e1694 UnrealizeObject
0x4e1698 UpdateColors
Library SHELL32.dll:
0x4e16a0 ShellExecuteA
Library USER32.dll:
0x4e16a8 AppendMenuA
0x4e16ac BeginPaint
0x4e16b0 CheckDlgButton
0x4e16b4 CheckMenuItem
0x4e16b8 CheckRadioButton
0x4e16bc CloseClipboard
0x4e16c0 CreateCaret
0x4e16c4 CreateDialogParamA
0x4e16c8 CreateMenu
0x4e16cc CreatePopupMenu
0x4e16d0 CreateWindowExA
0x4e16d4 CreateWindowExW
0x4e16d8 DefDlgProcA
0x4e16dc DefWindowProcA
0x4e16e0 DefWindowProcW
0x4e16e4 DeleteMenu
0x4e16e8 DestroyCaret
0x4e16ec DestroyIcon
0x4e16f0 DestroyWindow
0x4e16f4 DialogBoxParamA
0x4e16f8 DispatchMessageA
0x4e16fc DispatchMessageW
0x4e1700 DrawEdge
0x4e1704 DrawIconEx
0x4e1708 EmptyClipboard
0x4e170c EnableMenuItem
0x4e1710 EnableWindow
0x4e1714 EndDialog
0x4e1718 EndPaint
0x4e171c FindWindowA
0x4e1720 FlashWindow
0x4e1724 GetAsyncKeyState
0x4e1728 GetCapture
0x4e172c GetCaretBlinkTime
0x4e1730 GetClientRect
0x4e1734 GetClipboardData
0x4e1738 GetClipboardOwner
0x4e173c GetCursorPos
0x4e1740 GetDC
0x4e1744 GetDesktopWindow
0x4e1748 GetDlgItem
0x4e174c GetDlgItemTextA
0x4e1750 GetDoubleClickTime
0x4e1754 GetForegroundWindow
0x4e1758 GetKeyboardLayout
0x4e175c GetKeyboardState
0x4e1760 GetMessageA
0x4e1764 GetMessageTime
0x4e1768 GetParent
0x4e176c GetQueueStatus
0x4e1770 GetScrollInfo
0x4e1774 GetSysColor
0x4e1778 GetSystemMenu
0x4e177c GetSystemMetrics
0x4e1780 GetWindowLongA
0x4e1784 GetWindowPlacement
0x4e1788 GetWindowRect
0x4e178c GetWindowTextA
0x4e1794 HideCaret
0x4e1798 InsertMenuA
0x4e179c InvalidateRect
0x4e17a0 IsDialogMessageA
0x4e17a4 IsDlgButtonChecked
0x4e17a8 IsIconic
0x4e17ac IsWindow
0x4e17b0 IsZoomed
0x4e17b4 KillTimer
0x4e17b8 LoadCursorA
0x4e17bc LoadIconA
0x4e17c0 LoadImageA
0x4e17c4 MapDialogRect
0x4e17c8 MessageBeep
0x4e17cc MessageBoxA
0x4e17d0 MessageBoxIndirectA
0x4e17d4 MoveWindow
0x4e17dc OpenClipboard
0x4e17e0 PeekMessageA
0x4e17e4 PeekMessageW
0x4e17e8 PostMessageA
0x4e17ec PostQuitMessage
0x4e17f0 RegisterClassA
0x4e17f4 RegisterClassW
0x4e1800 ReleaseCapture
0x4e1804 ReleaseDC
0x4e1808 ScreenToClient
0x4e180c SendDlgItemMessageA
0x4e1810 SendMessageA
0x4e1814 SetActiveWindow
0x4e1818 SetCapture
0x4e181c SetCaretPos
0x4e1820 SetClassLongA
0x4e1824 SetClipboardData
0x4e1828 SetCursor
0x4e182c SetDlgItemTextA
0x4e1830 SetFocus
0x4e1834 SetForegroundWindow
0x4e1838 SetKeyboardState
0x4e183c SetScrollInfo
0x4e1840 SetTimer
0x4e1844 SetWindowLongA
0x4e1848 SetWindowPlacement
0x4e184c SetWindowPos
0x4e1850 SetWindowTextA
0x4e1854 ShowCaret
0x4e1858 ShowCursor
0x4e185c ShowWindow
0x4e1864 ToAsciiEx
0x4e1868 TrackPopupMenu
0x4e186c TranslateMessage
0x4e1870 UpdateWindow
Library COMDLG32.dll:
0x4e1878 ChooseColorA
0x4e187c ChooseFontA
0x4e1880 GetOpenFileNameA
0x4e1884 GetSaveFileNameA
Library ole32.dll:
0x4e188c CoCreateInstance
0x4e1890 CoInitialize
0x4e1894 CoUninitialize
Library IMM32.dll:
0x4e18a0 ImmGetContext
0x4e18a4 ImmReleaseContext
Library ADVAPI32.dll:
0x4e18b8 CopySid
0x4e18bc EqualSid
0x4e18c0 GetLengthSid
0x4e18c4 GetUserNameA
0x4e18cc RegCloseKey
0x4e18d0 RegCreateKeyA
0x4e18d4 RegCreateKeyExA
0x4e18d8 RegDeleteKeyA
0x4e18dc RegDeleteValueA
0x4e18e0 RegEnumKeyA
0x4e18e4 RegOpenKeyA
0x4e18e8 RegQueryValueExA
0x4e18ec RegSetValueExA
Library KERNEL32.dll:
0x4e18fc Beep
0x4e1900 ClearCommBreak
0x4e1904 CloseHandle
0x4e1908 CompareStringW
0x4e190c ConnectNamedPipe
0x4e1910 CreateEventA
0x4e1914 CreateFileA
0x4e1918 CreateFileMappingA
0x4e191c CreateFileW
0x4e1920 CreateMutexA
0x4e1924 CreateNamedPipeA
0x4e1928 CreatePipe
0x4e192c CreateProcessA
0x4e1930 CreateThread
0x4e1934 DecodePointer
0x4e193c DeleteFileA
0x4e1944 ExitProcess
0x4e1948 FindClose
0x4e194c FindFirstFileA
0x4e1950 FindFirstFileExA
0x4e1954 FindNextFileA
0x4e1958 FindResourceA
0x4e195c FlushFileBuffers
0x4e1960 FormatMessageA
0x4e1968 FreeLibrary
0x4e196c GetACP
0x4e1970 GetCPInfo
0x4e1974 GetCommState
0x4e1978 GetCommandLineA
0x4e197c GetCommandLineW
0x4e1980 GetConsoleCP
0x4e1984 GetConsoleMode
0x4e198c GetCurrentProcess
0x4e1990 GetCurrentProcessId
0x4e1994 GetCurrentThread
0x4e1998 GetCurrentThreadId
0x4e199c GetDateFormatW
0x4e19ac GetFileType
0x4e19b0 GetLastError
0x4e19b4 GetLocalTime
0x4e19b8 GetLocaleInfoA
0x4e19bc GetModuleFileNameA
0x4e19c0 GetModuleFileNameW
0x4e19c4 GetModuleHandleA
0x4e19c8 GetModuleHandleExW
0x4e19cc GetModuleHandleW
0x4e19d0 GetOEMCP
0x4e19d4 GetOverlappedResult
0x4e19d8 GetProcAddress
0x4e19dc GetProcessHeap
0x4e19e0 GetProcessTimes
0x4e19e4 GetStartupInfoW
0x4e19e8 GetStdHandle
0x4e19ec GetStringTypeW
0x4e19f0 GetSystemDirectoryA
0x4e19f8 GetTempPathA
0x4e19fc GetThreadTimes
0x4e1a00 GetTickCount
0x4e1a04 GetTimeFormatW
0x4e1a0c GetVersionExA
0x4e1a14 GlobalAlloc
0x4e1a18 GlobalFree
0x4e1a1c GlobalLock
0x4e1a20 GlobalMemoryStatus
0x4e1a24 GlobalUnlock
0x4e1a28 HeapAlloc
0x4e1a2c HeapFree
0x4e1a30 HeapReAlloc
0x4e1a34 HeapSize
0x4e1a3c InitializeSListHead
0x4e1a40 IsDBCSLeadByteEx
0x4e1a44 IsDebuggerPresent
0x4e1a4c IsValidCodePage
0x4e1a50 LCMapStringW
0x4e1a58 LoadLibraryA
0x4e1a5c LoadLibraryExA
0x4e1a60 LoadLibraryExW
0x4e1a64 LoadResource
0x4e1a68 LocalAlloc
0x4e1a70 LocalFree
0x4e1a74 LockResource
0x4e1a78 MapViewOfFile
0x4e1a7c MulDiv
0x4e1a80 MultiByteToWideChar
0x4e1a84 OpenProcess
0x4e1a88 OutputDebugStringW
0x4e1a90 RaiseException
0x4e1a94 ReadConsoleW
0x4e1a98 ReadFile
0x4e1a9c ReleaseMutex
0x4e1aa0 RtlUnwind
0x4e1aa4 SetCommBreak
0x4e1aa8 SetCommState
0x4e1aac SetCommTimeouts
0x4e1ab4 SetEndOfFile
0x4e1abc SetEvent
0x4e1ac0 SetFilePointerEx
0x4e1ac8 SetLastError
0x4e1acc SetStdHandle
0x4e1ad4 SizeofResource
0x4e1ad8 TerminateProcess
0x4e1adc TlsAlloc
0x4e1ae0 TlsFree
0x4e1ae4 TlsGetValue
0x4e1ae8 TlsSetValue
0x4e1af0 UnmapViewOfFile
0x4e1af4 VerSetConditionMask
0x4e1af8 VerifyVersionInfoW
0x4e1afc WaitForSingleObject
0x4e1b00 WaitNamedPipeA
0x4e1b04 WideCharToMultiByte
0x4e1b08 WriteConsoleW
0x4e1b0c WriteFile

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.