2.4
中危
该样本未表现出任何异常!
重新分析
更多

a5797c8c17c4a8532fc8b1a8f5d1c9f990db669cc856e5af6a0fbcb124427db3

ad26f40dc212defd4a2cf623be005361.exe

分析耗时

84s

最近分析

文件大小

1.3MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
This executable is signed
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .itext
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1620931964.006625
__exception__
stacktrace: 
ad26f40dc212defd4a2cf623be005361+0xaedaa @ 0x103edaa
ad26f40dc212defd4a2cf623be005361+0x103759 @ 0x1093759
ad26f40dc212defd4a2cf623be005361+0x1046e7 @ 0x10946e7
ad26f40dc212defd4a2cf623be005361+0x106661 @ 0x1096661
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3864132
registers.edi: 0
registers.eax: 3864132
registers.ebp: 3864212
registers.edx: 0
registers.ebx: 10271020
registers.esi: 0
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620931963.459625
NtAllocateVirtualMemory
process_identifier: 1176
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00440000
success 0 0
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2018-08-20 18:26:21

Imports

Library oleaut32.dll:
0x511a80 SysFreeString
0x511a84 SysReAllocStringLen
0x511a88 SysAllocStringLen
Library advapi32.dll:
0x511a90 RegQueryValueExW
0x511a94 RegOpenKeyExW
0x511a98 RegCloseKey
Library user32.dll:
0x511aa0 GetKeyboardType
0x511aa4 LoadStringW
0x511aa8 MessageBoxA
0x511aac CharNextW
Library kernel32.dll:
0x511ab4 GetACP
0x511ab8 Sleep
0x511abc VirtualFree
0x511ac0 VirtualAlloc
0x511ac4 GetSystemInfo
0x511ac8 GetTickCount
0x511ad0 GetVersion
0x511ad4 GetCurrentThreadId
0x511ad8 VirtualQuery
0x511adc WideCharToMultiByte
0x511ae4 MultiByteToWideChar
0x511ae8 lstrlenW
0x511aec lstrcpynW
0x511af0 LoadLibraryExW
0x511af4 GetThreadLocale
0x511af8 GetStartupInfoA
0x511afc GetProcAddress
0x511b00 GetModuleHandleW
0x511b04 GetModuleFileNameW
0x511b08 GetLocaleInfoW
0x511b10 GetCommandLineW
0x511b14 FreeLibrary
0x511b18 FindFirstFileW
0x511b1c FindClose
0x511b20 ExitProcess
0x511b24 ExitThread
0x511b28 CreateThread
0x511b2c CompareStringW
0x511b30 WriteFile
0x511b38 RtlUnwind
0x511b3c RaiseException
0x511b40 GetStdHandle
0x511b44 CloseHandle
Library kernel32.dll:
0x511b4c TlsSetValue
0x511b50 TlsGetValue
0x511b54 LocalAlloc
0x511b58 GetModuleHandleW
Library user32.dll:
0x511b60 CreateWindowExW
0x511b64 WindowFromPoint
0x511b68 WaitMessage
0x511b6c WaitForInputIdle
0x511b70 UpdateWindow
0x511b74 UnregisterClassW
0x511b78 UnhookWindowsHookEx
0x511b7c TranslateMessage
0x511b84 TrackPopupMenu
0x511b8c ShowWindow
0x511b90 ShowScrollBar
0x511b94 ShowOwnedPopups
0x511b98 SetWindowsHookExW
0x511b9c SetWindowTextW
0x511ba0 SetWindowPos
0x511ba4 SetWindowPlacement
0x511ba8 SetWindowLongW
0x511bac SetTimer
0x511bb0 SetScrollRange
0x511bb4 SetScrollPos
0x511bb8 SetScrollInfo
0x511bbc SetRectEmpty
0x511bc0 SetRect
0x511bc4 SetPropW
0x511bc8 SetParent
0x511bcc SetMenuItemInfoW
0x511bd0 SetMenu
0x511bd4 SetForegroundWindow
0x511bd8 SetFocus
0x511bdc SetCursor
0x511be0 SetClassLongW
0x511be4 SetCapture
0x511be8 SetActiveWindow
0x511bec SendNotifyMessageW
0x511bf0 SendMessageTimeoutW
0x511bf4 SendMessageA
0x511bf8 SendMessageW
0x511bfc ScrollWindowEx
0x511c00 ScrollWindow
0x511c04 ScreenToClient
0x511c08 ReplyMessage
0x511c0c RemovePropW
0x511c10 RemoveMenu
0x511c14 ReleaseDC
0x511c18 ReleaseCapture
0x511c24 RegisterClassW
0x511c28 RedrawWindow
0x511c2c PtInRect
0x511c30 PostQuitMessage
0x511c34 PostMessageW
0x511c38 PeekMessageA
0x511c3c PeekMessageW
0x511c40 OffsetRect
0x511c44 OemToCharBuffA
0x511c50 MessageBoxW
0x511c54 MessageBeep
0x511c58 MapWindowPoints
0x511c5c MapVirtualKeyW
0x511c60 LoadStringW
0x511c64 LoadKeyboardLayoutW
0x511c68 LoadIconW
0x511c6c LoadCursorW
0x511c70 LoadBitmapW
0x511c74 KillTimer
0x511c78 IsZoomed
0x511c7c IsWindowVisible
0x511c80 IsWindowUnicode
0x511c84 IsWindowEnabled
0x511c88 IsWindow
0x511c8c IsRectEmpty
0x511c90 IsIconic
0x511c94 IsDialogMessageA
0x511c98 IsDialogMessageW
0x511c9c IsChild
0x511ca0 InvalidateRect
0x511ca4 IntersectRect
0x511ca8 InsertMenuItemW
0x511cac InsertMenuW
0x511cb0 InflateRect
0x511cb8 GetWindowTextW
0x511cbc GetWindowRect
0x511cc0 GetWindowPlacement
0x511cc4 GetWindowLongW
0x511cc8 GetWindowDC
0x511ccc GetTopWindow
0x511cd0 GetSystemMetrics
0x511cd4 GetSystemMenu
0x511cd8 GetSysColorBrush
0x511cdc GetSysColor
0x511ce0 GetSubMenu
0x511ce4 GetScrollRange
0x511ce8 GetScrollPos
0x511cec GetScrollInfo
0x511cf0 GetPropW
0x511cf4 GetParent
0x511cf8 GetWindow
0x511cfc GetMessagePos
0x511d00 GetMessageW
0x511d04 GetMenuStringW
0x511d08 GetMenuState
0x511d0c GetMenuItemInfoW
0x511d10 GetMenuItemID
0x511d14 GetMenuItemCount
0x511d18 GetMenu
0x511d1c GetLastActivePopup
0x511d20 GetKeyboardState
0x511d2c GetKeyboardLayout
0x511d30 GetKeyState
0x511d34 GetKeyNameTextW
0x511d38 GetIconInfo
0x511d3c GetForegroundWindow
0x511d40 GetFocus
0x511d44 GetDesktopWindow
0x511d48 GetDCEx
0x511d4c GetDC
0x511d50 GetCursorPos
0x511d54 GetCursor
0x511d58 GetClientRect
0x511d5c GetClassLongW
0x511d60 GetClassInfoW
0x511d64 GetCapture
0x511d68 GetActiveWindow
0x511d6c FrameRect
0x511d70 FindWindowExW
0x511d74 FindWindowW
0x511d78 FillRect
0x511d7c ExitWindowsEx
0x511d80 EnumWindows
0x511d84 EnumThreadWindows
0x511d88 EnumChildWindows
0x511d8c EndPaint
0x511d90 EnableWindow
0x511d94 EnableScrollBar
0x511d98 EnableMenuItem
0x511d9c DrawTextExW
0x511da0 DrawTextW
0x511da4 DrawMenuBar
0x511da8 DrawIconEx
0x511dac DrawIcon
0x511db0 DrawFrameControl
0x511db4 DrawFocusRect
0x511db8 DrawEdge
0x511dbc DispatchMessageA
0x511dc0 DispatchMessageW
0x511dc4 DestroyWindow
0x511dc8 DestroyMenu
0x511dcc DestroyIcon
0x511dd0 DestroyCursor
0x511dd4 DeleteMenu
0x511dd8 DefWindowProcW
0x511ddc DefMDIChildProcW
0x511de0 DefFrameProcW
0x511de4 CreatePopupMenu
0x511de8 CreateMenu
0x511dec CreateIcon
0x511df0 ClientToScreen
0x511df4 CheckMenuItem
0x511df8 CharUpperBuffW
0x511dfc CharNextW
0x511e00 CharLowerBuffW
0x511e04 CharLowerW
0x511e08 CallWindowProcW
0x511e0c CallNextHookEx
0x511e10 BringWindowToTop
0x511e14 BeginPaint
0x511e18 AppendMenuW
0x511e1c CharToOemBuffA
0x511e20 AdjustWindowRectEx
Library msimg32.dll:
0x511e2c AlphaBlend
Library gdi32.dll:
0x511e34 UnrealizeObject
0x511e38 StretchBlt
0x511e3c SetWindowOrgEx
0x511e40 SetViewportOrgEx
0x511e44 SetTextColor
0x511e48 SetStretchBltMode
0x511e4c SetROP2
0x511e50 SetPixel
0x511e54 SetDIBColorTable
0x511e58 SetBrushOrgEx
0x511e5c SetBkMode
0x511e60 SetBkColor
0x511e64 SelectPalette
0x511e68 SelectObject
0x511e6c SaveDC
0x511e70 RoundRect
0x511e74 RestoreDC
0x511e78 RemoveFontResourceW
0x511e7c Rectangle
0x511e80 RectVisible
0x511e84 RealizePalette
0x511e88 Polyline
0x511e8c Pie
0x511e90 PatBlt
0x511e94 MoveToEx
0x511e98 MaskBlt
0x511e9c LineTo
0x511ea0 LineDDA
0x511ea4 IntersectClipRect
0x511ea8 GetWindowOrgEx
0x511eac GetTextMetricsW
0x511eb0 GetTextExtentPointW
0x511ebc GetStockObject
0x511ec0 GetRgnBox
0x511ec4 GetPixel
0x511ec8 GetPaletteEntries
0x511ecc GetObjectW
0x511ed0 GetDeviceCaps
0x511ed4 GetDIBits
0x511ed8 GetDIBColorTable
0x511edc GetDCOrgEx
0x511ee4 GetClipBox
0x511ee8 GetBrushOrgEx
0x511eec GetBitmapBits
0x511ef0 GdiFlush
0x511ef4 FrameRgn
0x511ef8 ExtTextOutW
0x511efc ExtFloodFill
0x511f00 ExcludeClipRect
0x511f04 EnumFontsW
0x511f08 Ellipse
0x511f0c DeleteObject
0x511f10 DeleteDC
0x511f14 CreateSolidBrush
0x511f18 CreateRectRgn
0x511f1c CreatePenIndirect
0x511f20 CreatePalette
0x511f28 CreateFontIndirectW
0x511f2c CreateDIBitmap
0x511f30 CreateDIBSection
0x511f34 CreateCompatibleDC
0x511f3c CreateBrushIndirect
0x511f40 CreateBitmap
0x511f44 Chord
0x511f48 BitBlt
0x511f4c Arc
0x511f50 AddFontResourceW
Library version.dll:
0x511f58 VerQueryValueW
0x511f60 GetFileVersionInfoW
Library mpr.dll:
0x511f68 WNetOpenEnumW
0x511f70 WNetGetConnectionW
0x511f74 WNetEnumResourceW
0x511f78 WNetCloseEnum
Library kernel32.dll:
0x511f80 lstrcpyW
0x511f84 lstrcmpW
0x511f88 WriteProfileStringW
0x511f90 WriteFile
0x511f94 WideCharToMultiByte
0x511f98 WaitForSingleObject
0x511fa0 VirtualQueryEx
0x511fa4 VirtualQuery
0x511fa8 VirtualFree
0x511fac VirtualAlloc
0x511fb0 TransactNamedPipe
0x511fb4 TerminateProcess
0x511fb8 SwitchToThread
0x511fbc SizeofResource
0x511fc0 SignalObjectAndWait
0x511fc4 SetThreadLocale
0x511fcc SetLastError
0x511fd0 SetFileTime
0x511fd4 SetFilePointer
0x511fd8 SetFileAttributesW
0x511fdc SetEvent
0x511fe0 SetErrorMode
0x511fe4 SetEndOfFile
0x511fec ResumeThread
0x511ff0 ResetEvent
0x511ff4 RemoveDirectoryW
0x511ff8 ReleaseMutex
0x511ffc ReadFile
0x512004 OpenProcess
0x512008 OpenMutexW
0x51200c MultiByteToWideChar
0x512010 MulDiv
0x512014 MoveFileExW
0x512018 MoveFileW
0x51201c LockResource
0x512020 LocalFree
0x512028 LoadResource
0x51202c LoadLibraryExW
0x512030 LoadLibraryW
0x512038 IsDBCSLeadByte
0x51203c IsBadWritePtr
0x512044 GlobalFindAtomW
0x512048 GlobalDeleteAtom
0x51204c GlobalAddAtomW
0x512054 GetVersionExW
0x512058 GetVersion
0x512060 GetTickCount
0x512064 GetThreadLocale
0x51206c GetSystemInfo
0x512070 GetSystemDirectoryW
0x512074 GetStdHandle
0x512078 GetShortPathNameW
0x51207c GetProfileStringW
0x512080 GetProcAddress
0x512088 GetOverlappedResult
0x51208c GetModuleHandleW
0x512090 GetModuleFileNameW
0x512094 GetLogicalDrives
0x512098 GetLocaleInfoW
0x51209c GetLocalTime
0x5120a0 GetLastError
0x5120a4 GetFullPathNameW
0x5120a8 GetFileSize
0x5120ac GetFileAttributesW
0x5120b0 GetExitCodeThread
0x5120b4 GetExitCodeProcess
0x5120bc GetDriveTypeW
0x5120c0 GetDiskFreeSpaceW
0x5120c4 GetDateFormatW
0x5120c8 GetCurrentThreadId
0x5120cc GetCurrentThread
0x5120d0 GetCurrentProcessId
0x5120d4 GetCurrentProcess
0x5120dc GetComputerNameW
0x5120e0 GetCommandLineW
0x5120e4 GetCPInfo
0x5120e8 FreeResource
0x5120f4 InterlockedExchange
0x512100 FreeLibrary
0x512104 FormatMessageW
0x512108 FlushFileBuffers
0x51210c FindResourceW
0x512110 FindNextFileW
0x512114 FindFirstFileW
0x512118 FindClose
0x512124 EnumCalendarInfoW
0x51212c DeviceIoControl
0x512130 DeleteFileW
0x512138 CreateThread
0x51213c CreateProcessW
0x512140 CreateNamedPipeW
0x512144 CreateMutexW
0x512148 CreateFileW
0x51214c CreateEventW
0x512150 CreateDirectoryW
0x512154 CopyFileW
0x512158 CompareStringW
0x51215c CompareFileTime
0x512160 CloseHandle
Library advapi32.dll:
0x51216c RegSetValueExW
0x512170 RegQueryValueExW
0x512174 RegQueryInfoKeyW
0x512178 RegOpenKeyExW
0x51217c RegFlushKey
0x512180 RegEnumValueW
0x512184 RegEnumKeyExW
0x512188 RegDeleteValueW
0x51218c RegDeleteKeyW
0x512190 RegCreateKeyExW
0x512194 RegCloseKey
0x512198 OpenThreadToken
0x51219c OpenProcessToken
0x5121a8 GetUserNameW
0x5121ac GetTokenInformation
0x5121b0 FreeSid
0x5121b4 EqualSid
Library comctl32.dll:
0x5121c0 InitCommonControls
Library kernel32.dll:
0x5121c8 Sleep
Library oleaut32.dll:
0x5121d0 GetErrorInfo
0x5121d4 GetActiveObject
0x5121d8 RegisterTypeLib
0x5121dc LoadTypeLib
0x5121e0 SysFreeString
Library ole32.dll:
0x5121e8 OleUninitialize
0x5121ec OleInitialize
0x5121f0 CoTaskMemFree
0x5121f4 CLSIDFromProgID
0x5121f8 CLSIDFromString
0x5121fc StringFromCLSID
0x512200 CoCreateInstance
0x512208 CoUninitialize
0x51220c CoInitialize
0x512210 IsEqualGUID
Library oleaut32.dll:
0x512218 SafeArrayPtrOfIndex
0x51221c SafeArrayPutElement
0x512220 SafeArrayGetElement
0x512224 SafeArrayGetUBound
0x512228 SafeArrayGetLBound
0x51222c SafeArrayCreate
0x512230 VariantChangeType
0x512234 VariantCopyInd
0x512238 VariantCopy
0x51223c VariantClear
0x512240 VariantInit
Library comctl32.dll:
0x512248 InitializeFlatSB
0x512250 FlatSB_SetScrollPos
0x512258 FlatSB_GetScrollPos
0x512260 _TrackMouseEvent
0x51226c ImageList_Write
0x512270 ImageList_Read
0x51227c ImageList_DragMove
0x512280 ImageList_DragLeave
0x512284 ImageList_DragEnter
0x512288 ImageList_EndDrag
0x51228c ImageList_BeginDrag
0x512290 ImageList_Remove
0x512294 ImageList_DrawEx
0x512298 ImageList_Draw
0x5122a4 ImageList_Add
0x5122b0 ImageList_Destroy
0x5122b4 ImageList_Create
0x5122b8 InitCommonControls
Library shell32.dll:
0x5122c0 ShellExecuteExW
0x5122c4 ShellExecuteW
0x5122c8 SHGetFileInfoW
0x5122cc ExtractIconW
Library shell32.dll:
0x5122d8 SHGetMalloc
0x5122dc SHChangeNotify
0x5122e0 SHBrowseForFolderW

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49238 239.255.255.250 1900
192.168.56.101 53658 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.