2.2
中危
4 个模型检测该样本为恶意!
重新分析
更多

0a35dd649f65ddca6574b52e5d91827498763d447fb938ba44cc4019880854df

ab8d85e77c95faab04dff832cd3302be.exe

分析耗时

77s

最近分析

文件大小

1.1MB
静态报毒 动态报毒 CONFIDENCE DOWNLOADER23
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20201022 6.0.6.653
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20201022 18.4.3895.0
Tencent 20201022 1.0.0.1
Kingsoft 20201022 2013.8.14.323
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
行为判定
动态指标
File has been identified by 4 AntiVirus engines on VirusTotal as malicious (4 个事件)
DrWeb Trojan.DownLoader23.50380
Zillya Trojan.VB.Win32.175004
Jiangmin Trojan.VB.yuv
CrowdStrike win/malicious_confidence_60% (W)
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.407008134708944 section {'size_of_data': '0x00014a00', 'virtual_address': '0x00110000', 'entropy': 7.407008134708944, 'name': '.rsrc', 'virtual_size': '0x0001491c'} description A section with a high entropy has been found
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Creates a windows hook that monitors keyboard input (keylogger) (1 个事件)
Time & API Arguments Status Return Repeated
1620985080.423279
SetWindowsHookExW
thread_identifier: 0
callback_function: 0x00000001400054f0
module_address: 0x0000000140000000
hook_identifier: 13 (WH_KEYBOARD_LL)
success 65999 0
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2017-05-13 14:35:01

Imports

Library WSOCK32.dll:
0x1400c3dc0 WSACleanup
0x1400c3dc8 inet_addr
0x1400c3dd0 gethostbyname
0x1400c3dd8 gethostname
0x1400c3de0 WSAStartup
Library WINMM.dll:
0x1400c3d58 mixerSetControlDetails
0x1400c3d60 waveOutGetVolume
0x1400c3d68 joyGetPosEx
0x1400c3d70 mixerGetControlDetailsW
0x1400c3d78 mixerOpen
0x1400c3d80 mixerGetDevCapsW
0x1400c3d88 mixerGetLineControlsW
0x1400c3d90 waveOutSetVolume
0x1400c3d98 mixerClose
0x1400c3da0 mciSendStringW
0x1400c3da8 joyGetDevCapsW
0x1400c3db0 mixerGetLineInfoW
Library VERSION.dll:
0x1400c3d38 VerQueryValueW
0x1400c3d40 GetFileVersionInfoW
0x1400c3d48 GetFileVersionInfoSizeW
Library COMCTL32.dll:
0x1400c30a0 ImageList_Create
0x1400c30a8 CreateStatusWindowW
0x1400c30b0 ImageList_ReplaceIcon
0x1400c30b8 ImageList_GetIconSize
0x1400c30c0 ImageList_Destroy
0x1400c30c8 ImageList_AddMasked
Library PSAPI.DLL:
0x1400c3778 GetModuleFileNameExW
0x1400c3780 GetProcessImageFileNameW
0x1400c3788 GetModuleBaseNameW
Library KERNEL32.dll:
0x1400c3210 FindClose
0x1400c3218 FileTimeToLocalFileTime
0x1400c3220 SetEnvironmentVariableW
0x1400c3228 Beep
0x1400c3230 MoveFileW
0x1400c3238 OutputDebugStringW
0x1400c3240 CreateProcessW
0x1400c3248 GetFileAttributesW
0x1400c3250 WideCharToMultiByte
0x1400c3258 MultiByteToWideChar
0x1400c3260 GetExitCodeProcess
0x1400c3268 WriteProcessMemory
0x1400c3270 ReadProcessMemory
0x1400c3278 GetCurrentProcessId
0x1400c3280 OpenProcess
0x1400c3288 TerminateProcess
0x1400c3290 SetPriorityClass
0x1400c3298 SetLastError
0x1400c32a0 GetEnvironmentVariableW
0x1400c32a8 GetLocalTime
0x1400c32b0 GetDateFormatW
0x1400c32b8 GetTimeFormatW
0x1400c32c0 GetDiskFreeSpaceW
0x1400c32c8 SetVolumeLabelW
0x1400c32d0 CreateFileW
0x1400c32d8 DeviceIoControl
0x1400c32e0 GetDriveTypeW
0x1400c32e8 GetVolumeInformationW
0x1400c32f0 CreateDirectoryW
0x1400c32f8 ReadFile
0x1400c3300 WriteFile
0x1400c3308 DeleteFileW
0x1400c3310 SetFileAttributesW
0x1400c3318 LocalFileTimeToFileTime
0x1400c3320 SetFileTime
0x1400c3328 GetFileSizeEx
0x1400c3330 GetSystemTime
0x1400c3340 GetComputerNameW
0x1400c3348 GetWindowsDirectoryW
0x1400c3350 GetTempPathW
0x1400c3358 GetFullPathNameW
0x1400c3360 GetShortPathNameW
0x1400c3368 LoadLibraryW
0x1400c3370 FreeLibrary
0x1400c3378 EnterCriticalSection
0x1400c3380 LeaveCriticalSection
0x1400c3388 VirtualProtect
0x1400c3390 FindNextFileW
0x1400c3398 CompareStringW
0x1400c33a0 RemoveDirectoryW
0x1400c33a8 CopyFileW
0x1400c33b0 GetCurrentProcess
0x1400c33b8 FormatMessageW
0x1400c33c0 GetPrivateProfileStringW
0x1400c33e8 SetEndOfFile
0x1400c33f0 GetACP
0x1400c33f8 GetFileType
0x1400c3400 GetStdHandle
0x1400c3408 SetFilePointerEx
0x1400c3410 SystemTimeToFileTime
0x1400c3418 FileTimeToSystemTime
0x1400c3420 GetFileSize
0x1400c3428 IsWow64Process
0x1400c3430 VirtualAllocEx
0x1400c3438 VirtualFreeEx
0x1400c3440 EnumResourceNamesW
0x1400c3448 LoadLibraryExW
0x1400c3450 GlobalSize
0x1400c3458 TlsGetValue
0x1400c3460 TlsAlloc
0x1400c3470 RtlUnwindEx
0x1400c3478 RaiseException
0x1400c3480 EncodePointer
0x1400c3488 RtlPcToFileHeader
0x1400c3490 InitializeSListHead
0x1400c3498 QueryPerformanceCounter
0x1400c34a8 GetStartupInfoW
0x1400c34b8 UnhandledExceptionFilter
0x1400c34c0 IsDebuggerPresent
0x1400c34c8 RtlVirtualUnwind
0x1400c34d0 RtlLookupFunctionEntry
0x1400c34d8 RtlCaptureContext
0x1400c34e0 CreateEventW
0x1400c34e8 WaitForSingleObjectEx
0x1400c34f0 ResetEvent
0x1400c34f8 SetEvent
0x1400c3500 GetCommandLineW
0x1400c3508 ExitProcess
0x1400c3510 GetModuleHandleExW
0x1400c3518 HeapSize
0x1400c3520 HeapReAlloc
0x1400c3528 HeapQueryInformation
0x1400c3530 HeapFree
0x1400c3538 HeapAlloc
0x1400c3540 FindFirstFileW
0x1400c3548 LockResource
0x1400c3550 LoadResource
0x1400c3558 SizeofResource
0x1400c3560 FindResourceW
0x1400c3568 GetSystemTimeAsFileTime
0x1400c3570 GetModuleFileNameW
0x1400c3578 DeleteCriticalSection
0x1400c3580 GetCPInfo
0x1400c3588 GetVersionExW
0x1400c3590 GetModuleHandleW
0x1400c3598 GetProcAddress
0x1400c35a0 GetLastError
0x1400c35a8 CreateMutexW
0x1400c35b0 CloseHandle
0x1400c35b8 GetExitCodeThread
0x1400c35c0 SetThreadPriority
0x1400c35c8 CreateThread
0x1400c35d0 lstrcmpiW
0x1400c35d8 GetCurrentThreadId
0x1400c35e0 GlobalUnlock
0x1400c35e8 GlobalFree
0x1400c35f0 GlobalAlloc
0x1400c35f8 GlobalLock
0x1400c3600 GetCurrentDirectoryW
0x1400c3608 SetErrorMode
0x1400c3618 SetCurrentDirectoryW
0x1400c3620 Sleep
0x1400c3628 GetTickCount
0x1400c3630 MulDiv
0x1400c3638 TlsSetValue
0x1400c3640 TlsFree
0x1400c3648 LCMapStringW
0x1400c3650 GetStringTypeW
0x1400c3658 GetConsoleCP
0x1400c3660 GetConsoleMode
0x1400c3668 GetProcessHeap
0x1400c3670 FindFirstFileExW
0x1400c3678 GetCommandLineA
0x1400c3680 IsValidCodePage
0x1400c3688 GetOEMCP
0x1400c3690 GetEnvironmentStringsW
0x1400c3698 FreeEnvironmentStringsW
0x1400c36a0 SetStdHandle
0x1400c36a8 FlushFileBuffers
0x1400c36b0 WriteConsoleW
0x1400c36b8 QueryDosDeviceW
0x1400c36c0 ReadConsoleW
Library USER32.dll:
0x1400c3808 SetParent
0x1400c3810 GetClassInfoExW
0x1400c3818 GetAncestor
0x1400c3820 UpdateWindow
0x1400c3828 GetMessagePos
0x1400c3830 GetClassLongPtrW
0x1400c3838 DefDlgProcW
0x1400c3840 CallWindowProcW
0x1400c3848 CheckRadioButton
0x1400c3850 IntersectRect
0x1400c3858 PtInRect
0x1400c3868 GetWindowLongPtrW
0x1400c3870 CreateAcceleratorTableW
0x1400c3878 DestroyAcceleratorTable
0x1400c3880 InsertMenuItemW
0x1400c3888 SetMenuDefaultItem
0x1400c3890 RemoveMenu
0x1400c3898 SetMenuItemInfoW
0x1400c38a0 IsMenu
0x1400c38a8 GetMenuItemInfoW
0x1400c38b0 CreateMenu
0x1400c38b8 CreatePopupMenu
0x1400c38c0 SetMenuInfo
0x1400c38c8 AppendMenuW
0x1400c38d0 DestroyMenu
0x1400c38d8 TrackPopupMenuEx
0x1400c38e0 CreateIconIndirect
0x1400c38e8 GetDesktopWindow
0x1400c38f0 CopyImage
0x1400c38f8 CreateIconFromResourceEx
0x1400c3900 EnumClipboardFormats
0x1400c3908 GetWindow
0x1400c3910 BringWindowToTop
0x1400c3918 GetTopWindow
0x1400c3920 SetActiveWindow
0x1400c3928 EnumChildWindows
0x1400c3930 MoveWindow
0x1400c3938 GetQueueStatus
0x1400c3940 GetWindowRect
0x1400c3948 GetClientRect
0x1400c3950 SystemParametersInfoW
0x1400c3958 AdjustWindowRectEx
0x1400c3960 DrawTextW
0x1400c3968 SetRect
0x1400c3970 GetIconInfo
0x1400c3978 SetWindowLongPtrW
0x1400c3980 IsWindowVisible
0x1400c3988 MessageBoxW
0x1400c3990 LoadImageW
0x1400c3998 ChangeClipboardChain
0x1400c39a0 SetClipboardViewer
0x1400c39a8 LoadAcceleratorsW
0x1400c39b0 EnableMenuItem
0x1400c39b8 GetMenu
0x1400c39c0 CreateWindowExW
0x1400c39c8 RegisterClassExW
0x1400c39d0 LoadCursorW
0x1400c39d8 DestroyIcon
0x1400c39e0 DestroyWindow
0x1400c39e8 IsCharAlphaW
0x1400c39f0 GetCursor
0x1400c39f8 MapVirtualKeyExW
0x1400c3a00 VkKeyScanExW
0x1400c3a08 GetWindowTextW
0x1400c3a10 mouse_event
0x1400c3a18 WindowFromPoint
0x1400c3a20 GetSystemMetrics
0x1400c3a28 keybd_event
0x1400c3a30 SetKeyboardState
0x1400c3a38 GetKeyboardState
0x1400c3a40 GetCursorPos
0x1400c3a48 GetAsyncKeyState
0x1400c3a50 AttachThreadInput
0x1400c3a58 SendInput
0x1400c3a60 UnregisterHotKey
0x1400c3a68 RegisterHotKey
0x1400c3a70 PostQuitMessage
0x1400c3a78 SendMessageTimeoutW
0x1400c3a80 UnhookWindowsHookEx
0x1400c3a88 SetWindowsHookExW
0x1400c3a90 PostThreadMessageW
0x1400c3a98 IsCharUpperW
0x1400c3aa0 IsCharLowerW
0x1400c3aa8 IsCharAlphaNumericW
0x1400c3ab0 ToUnicodeEx
0x1400c3ab8 GetKeyboardLayout
0x1400c3ac0 CallNextHookEx
0x1400c3ac8 CharLowerW
0x1400c3ad0 ReleaseDC
0x1400c3ad8 GetDC
0x1400c3ae0 OpenClipboard
0x1400c3ae8 GetClipboardData
0x1400c3af0 GetClipboardFormatNameW
0x1400c3af8 RedrawWindow
0x1400c3b00 MapWindowPoints
0x1400c3b08 RemovePropW
0x1400c3b10 SetPropW
0x1400c3b18 GetPropW
0x1400c3b20 FlashWindow
0x1400c3b28 SetMenu
0x1400c3b30 ExitWindowsEx
0x1400c3b38 GetMenuStringW
0x1400c3b40 GetSubMenu
0x1400c3b48 GetMenuItemID
0x1400c3b50 GetMenuItemCount
0x1400c3b58 SetWindowTextW
0x1400c3b60 GetLastInputInfo
0x1400c3b68 CloseClipboard
0x1400c3b70 SetClipboardData
0x1400c3b78 EmptyClipboard
0x1400c3b80 PostMessageW
0x1400c3b88 FindWindowW
0x1400c3b90 EndDialog
0x1400c3b98 IsWindow
0x1400c3ba0 DispatchMessageW
0x1400c3ba8 TranslateMessage
0x1400c3bb0 ShowWindow
0x1400c3bb8 ClientToScreen
0x1400c3bc0 MessageBeep
0x1400c3bc8 SetDlgItemTextW
0x1400c3bd0 GetDlgItem
0x1400c3bd8 SendDlgItemMessageW
0x1400c3be0 DialogBoxParamW
0x1400c3be8 SetForegroundWindow
0x1400c3bf0 DefWindowProcW
0x1400c3bf8 FillRect
0x1400c3c00 DrawIconEx
0x1400c3c08 GetSysColorBrush
0x1400c3c10 GetSysColor
0x1400c3c18 RegisterWindowMessageW
0x1400c3c20 IsIconic
0x1400c3c28 IsZoomed
0x1400c3c30 EnumWindows
0x1400c3c38 GetWindowTextLengthW
0x1400c3c40 EnableWindow
0x1400c3c48 InvalidateRect
0x1400c3c58 SetWindowPos
0x1400c3c60 CountClipboardFormats
0x1400c3c68 SetWindowLongW
0x1400c3c70 ScreenToClient
0x1400c3c78 IsDialogMessageW
0x1400c3c80 SendMessageW
0x1400c3c88 IsWindowEnabled
0x1400c3c90 GetWindowLongW
0x1400c3c98 GetKeyState
0x1400c3ca0 TranslateAcceleratorW
0x1400c3ca8 KillTimer
0x1400c3cb0 PeekMessageW
0x1400c3cb8 GetFocus
0x1400c3cc0 GetClassNameW
0x1400c3cc8 GetWindowThreadProcessId
0x1400c3cd0 GetForegroundWindow
0x1400c3cd8 GetMessageW
0x1400c3ce0 SetTimer
0x1400c3ce8 GetParent
0x1400c3cf0 GetDlgCtrlID
0x1400c3cf8 CharUpperW
0x1400c3d08 SetWindowRgn
0x1400c3d10 SetFocus
0x1400c3d18 MapVirtualKeyW
0x1400c3d20 GetGUIThreadInfo
0x1400c3d28 CheckMenuItem
Library GDI32.dll:
0x1400c30f8 GetPixel
0x1400c3100 GetClipRgn
0x1400c3108 GetCharABCWidthsW
0x1400c3110 SetBkMode
0x1400c3118 CreatePatternBrush
0x1400c3120 SetBrushOrgEx
0x1400c3128 EnumFontFamiliesExW
0x1400c3130 CreateDIBSection
0x1400c3138 GdiFlush
0x1400c3140 SetBkColor
0x1400c3148 ExcludeClipRect
0x1400c3150 SetTextColor
0x1400c3158 GetClipBox
0x1400c3160 BitBlt
0x1400c3168 CreateCompatibleBitmap
0x1400c3170 GetSystemPaletteEntries
0x1400c3178 GetDIBits
0x1400c3180 CreateCompatibleDC
0x1400c3188 CreatePolygonRgn
0x1400c3190 CreateRectRgn
0x1400c3198 CreateRoundRectRgn
0x1400c31a0 CreateEllipticRgn
0x1400c31a8 DeleteDC
0x1400c31b0 GetObjectW
0x1400c31b8 GetTextMetricsW
0x1400c31c0 GetTextFaceW
0x1400c31c8 SelectObject
0x1400c31d0 GetStockObject
0x1400c31d8 CreateDCW
0x1400c31e0 CreateSolidBrush
0x1400c31e8 CreateFontW
0x1400c31f0 FillRgn
0x1400c31f8 GetDeviceCaps
0x1400c3200 DeleteObject
Library COMDLG32.dll:
0x1400c30d8 CommDlgExtendedError
0x1400c30e0 GetSaveFileNameW
0x1400c30e8 GetOpenFileNameW
Library ADVAPI32.dll:
0x1400c3000 RegDeleteKeyW
0x1400c3008 RegSetValueExW
0x1400c3010 RegCreateKeyExW
0x1400c3018 RegQueryValueExW
0x1400c3020 AdjustTokenPrivileges
0x1400c3028 LookupPrivilegeValueW
0x1400c3030 OpenProcessToken
0x1400c3038 CloseServiceHandle
0x1400c3040 UnlockServiceDatabase
0x1400c3048 LockServiceDatabase
0x1400c3050 OpenSCManagerW
0x1400c3058 GetUserNameW
0x1400c3060 RegEnumKeyExW
0x1400c3068 RegEnumValueW
0x1400c3070 RegQueryInfoKeyW
0x1400c3078 RegOpenKeyExW
0x1400c3080 RegCloseKey
0x1400c3088 RegConnectRegistryW
0x1400c3090 RegDeleteValueW
Library SHELL32.dll:
0x1400c3798 DragQueryPoint
0x1400c37a0 SHEmptyRecycleBinW
0x1400c37a8 SHFileOperationW
0x1400c37b0 SHGetPathFromIDListW
0x1400c37b8 SHBrowseForFolderW
0x1400c37c0 SHGetDesktopFolder
0x1400c37c8 SHGetMalloc
0x1400c37d0 SHGetFolderPathW
0x1400c37d8 ShellExecuteExW
0x1400c37e0 Shell_NotifyIconW
0x1400c37e8 DragFinish
0x1400c37f0 DragQueryFileW
0x1400c37f8 ExtractIconW
Library ole32.dll:
0x1400c3df0 OleInitialize
0x1400c3df8 OleUninitialize
0x1400c3e00 CoCreateInstance
0x1400c3e08 CoInitialize
0x1400c3e10 CoUninitialize
0x1400c3e18 CLSIDFromString
0x1400c3e20 CoGetObject
0x1400c3e28 StringFromGUID2
0x1400c3e30 CreateStreamOnHGlobal
Library OLEAUT32.dll:
0x1400c36d0 SafeArrayGetLBound
0x1400c36d8 GetActiveObject
0x1400c36e0 SysStringLen
0x1400c36e8 OleLoadPicture
0x1400c36f0 SafeArrayUnaccessData
0x1400c36f8 SafeArrayGetElemsize
0x1400c3700 SafeArrayAccessData
0x1400c3708 SafeArrayUnlock
0x1400c3710 SafeArrayPtrOfIndex
0x1400c3718 SafeArrayLock
0x1400c3720 SafeArrayGetDim
0x1400c3728 SafeArrayDestroy
0x1400c3730 SafeArrayGetUBound
0x1400c3738 VariantCopyInd
0x1400c3740 SafeArrayCopy
0x1400c3748 SysAllocString
0x1400c3750 VariantChangeType
0x1400c3758 VariantClear
0x1400c3760 SafeArrayCreate
0x1400c3768 SysFreeString

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.