SmartHawk

1.4

低危

该样本未表现出任何异常！

78c5f6335ab5e6d34c212935ab7aa5b1d4ad8c12fdc0ff18aa7e899e59941aa3

ab7c34b988b943056383697ab7d4c5db.exe

分析耗时

12s

最近分析

文件大小

51.1KB

静态报毒动态报毒

未检测暂无鹰眼引擎检测结果

未检测暂无反病毒引擎检测结果

This executable is signed

The executable contains unknown PE section names indicative of a packer (could be a false positive) (5 个事件)

section	.W2l
section	.4jrzO
section	.11
section	.5KMo
section	.5

The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)

entropy

7.2936755438668035

section

{'size_of_data': '0x00001000', 'virtual_address': '0x0000c000', 'entropy': 7.2936755438668035, 'name': '.11', 'virtual_size': '0x00000e84'}

description

A section with a high entropy has been found

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2009-01-17 18:04:17

Imports

Library ntoskrnl.exe:

• 0x14000b000 strncpy

• 0x14000b008 strstr

• 0x14000b010 wcsncpy

• 0x14000b018 wcsstr

• 0x14000b020 RtlInitUnicodeString

• 0x14000b028 RtlEqualUnicodeString

• 0x14000b030 RtlCopyUnicodeString

• 0x14000b038 ExAllocatePool

• 0x14000b040 ExFreePoolWithTag

• 0x14000b048 ObRegisterCallbacks

• 0x14000b050 ObUnRegisterCallbacks

• 0x14000b058 ObGetFilterVersion

• 0x14000b060 MmIsAddressValid

• 0x14000b068 ObQueryNameString

• 0x14000b070 ZwQuerySystemInformation

• 0x14000b078 __C_specific_handler

• 0x14000b080 PsProcessType

• 0x14000b088 MmUserProbeAddress

• 0x14000b090 RtlInitAnsiString

• 0x14000b098 RtlAnsiStringToUnicodeString

• 0x14000b0a0 RtlFreeUnicodeString

• 0x14000b0a8 MmGetSystemRoutineAddress

• 0x14000b0b0 MmMapLockedPagesSpecifyCache

• 0x14000b0b8 MmAllocatePagesForMdlEx

• 0x14000b0c0 ZwClose

• 0x14000b0c8 ZwOpenKey

• 0x14000b0d0 ZwQueryValueKey

• 0x14000b0d8 __chkstk

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702
192.168.56.101	62192	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.