4.4
中危
1 个模型检测该样本为恶意!
重新分析
更多

cd62251879fc841a241a6df6944ae1f350171bc60f44e67590fd72d4c6f6dbf5

af9b390208dd167a650a5be7654da1cc.exe

分析耗时

80s

最近分析

文件大小

928.2KB
静态报毒 动态报毒 BBRY
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20201029 18.4.3895.0
Kingsoft 20201029 2013.8.14.323
McAfee 20201029 6.0.6.653
Tencent 20201029 1.0.0.1
CrowdStrike 20190702 1.0
静态指标
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1620897717.934176
IsDebuggerPresent
failed 0 0
This executable is signed
This executable has a PDB path (1 个事件)
pdb_path C:\WinBuildbot64bit\code\out\bin\RelWithDebInfo\hngsync.pdb
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620897717.934176
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .gfids
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620897718.841176
NtAllocateVirtualMemory
process_identifier: 2120
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00ed0000
success 0 0
File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)
Jiangmin Backdoor.Generic.bbry
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 124.225.105.97
host 151.139.128.14
host 172.217.24.14
host 209.222.0.52
Creates an Alternate Data Stream (ADS) (1 个事件)
file C:\Users\Administrator.Oskar-PC:Heroes & Generals
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 124.225.105.97:80
dead_host 192.168.56.101:49198
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-18 01:11:08

Imports

Library KERNEL32.dll:
0x47d0cc GetOEMCP
0x47d0d0 IsValidCodePage
0x47d0d4 FindNextFileA
0x47d0d8 FindFirstFileExA
0x47d0dc GetCPInfo
0x47d0f0 SetFilePointerEx
0x47d0f4 ReadConsoleW
0x47d0f8 HeapSize
0x47d0fc DecodePointer
0x47d100 GetLocalTime
0x47d104 GetConsoleMode
0x47d108 GetConsoleCP
0x47d10c FlushFileBuffers
0x47d114 OpenProcess
0x47d118 ExitProcess
0x47d11c WaitForSingleObject
0x47d120 LoadLibraryW
0x47d124 LoadLibraryExA
0x47d128 GetModuleHandleW
0x47d12c GetModuleFileNameW
0x47d130 FreeLibrary
0x47d134 OutputDebugStringW
0x47d138 LocalFree
0x47d13c LocalAlloc
0x47d140 UnmapViewOfFile
0x47d144 MapViewOfFileEx
0x47d148 OpenFileMappingW
0x47d14c CreateFileMappingW
0x47d150 GetTickCount
0x47d154 SetPriorityClass
0x47d158 TerminateProcess
0x47d15c LCMapStringW
0x47d160 CompareStringW
0x47d164 GetTimeFormatW
0x47d168 GetDateFormatW
0x47d16c VirtualFree
0x47d170 VirtualProtect
0x47d174 WriteConsoleW
0x47d178 VirtualAlloc
0x47d17c GetACP
0x47d180 GetStdHandle
0x47d188 WideCharToMultiByte
0x47d18c MultiByteToWideChar
0x47d190 GetFileType
0x47d194 SetStdHandle
0x47d198 GetModuleHandleExW
0x47d19c LoadLibraryExW
0x47d1a0 VirtualQuery
0x47d1a4 RaiseException
0x47d1a8 SetLastError
0x47d1ac GetCurrentProcess
0x47d1b0 Sleep
0x47d1b4 GetLastError
0x47d1bc GetStringTypeW
0x47d1c0 CloseHandle
0x47d1c4 DuplicateHandle
0x47d1e0 GetCurrentProcessId
0x47d1e4 SwitchToThread
0x47d1e8 CreateThread
0x47d1ec GetCurrentThread
0x47d1f0 GetCurrentThreadId
0x47d1f4 OpenThread
0x47d1f8 SetThreadPriority
0x47d1fc GetThreadPriority
0x47d200 TerminateThread
0x47d204 GetExitCodeThread
0x47d208 SuspendThread
0x47d20c ResumeThread
0x47d210 TlsAlloc
0x47d214 TlsGetValue
0x47d218 TlsSetValue
0x47d21c TlsFree
0x47d220 GetThreadContext
0x47d224 GetThreadTimes
0x47d230 GetSystemInfo
0x47d234 ReadProcessMemory
0x47d238 GetModuleHandleA
0x47d23c GetProcAddress
0x47d244 Thread32First
0x47d248 Thread32Next
0x47d24c VerSetConditionMask
0x47d250 GetCommandLineW
0x47d254 ReadFile
0x47d25c CreatePipe
0x47d260 GetExitCodeProcess
0x47d264 CreateProcessA
0x47d268 CreateProcessW
0x47d26c GetPriorityClass
0x47d270 GetProcessId
0x47d274 GetVersionExA
0x47d278 GetNativeSystemInfo
0x47d27c VerifyVersionInfoW
0x47d280 Process32First
0x47d284 Process32Next
0x47d290 CreateDirectoryW
0x47d294 CreateFileA
0x47d298 CreateFileW
0x47d29c DeleteFileW
0x47d2a0 FindClose
0x47d2a4 FindFirstFileW
0x47d2a8 FindNextFileW
0x47d2ac GetFileAttributesW
0x47d2b0 GetFileTime
0x47d2b4 GetFullPathNameW
0x47d2b8 GetFullPathNameA
0x47d2bc RemoveDirectoryW
0x47d2c0 SetEndOfFile
0x47d2c4 SetFileAttributesW
0x47d2c8 SetFileTime
0x47d2cc GetTempPathW
0x47d2d0 LoadLibraryA
0x47d2d4 QueryDosDeviceA
0x47d2d8 CopyFileW
0x47d2dc MoveFileW
0x47d2f8 CreateMutexA
0x47d2fc OpenMutexA
0x47d300 SetEvent
0x47d304 ResetEvent
0x47d308 CreateEventA
0x47d30c GetComputerNameExA
0x47d310 FormatMessageA
0x47d31c IsDebuggerPresent
0x47d320 FreeConsole
0x47d324 SetConsoleTitleA
0x47d328 AllocConsole
0x47d32c GetCommandLineA
0x47d33c GetFileSize
0x47d340 LockFile
0x47d344 SetFilePointer
0x47d348 UnlockFile
0x47d34c WriteFile
0x47d350 GetTempPathA
0x47d354 HeapAlloc
0x47d358 HeapFree
0x47d35c GetProcessHeap
0x47d360 GetModuleFileNameA
0x47d364 GlobalAlloc
0x47d368 GlobalLock
0x47d36c GlobalUnlock
0x47d370 GetComputerNameA
0x47d374 HeapCreate
0x47d378 HeapDestroy
0x47d37c HeapReAlloc
0x47d388 GetStartupInfoW
0x47d38c InitializeSListHead
0x47d390 EncodePointer
0x47d394 RtlUnwind
0x47d398 CreateFileMappingA
Library USER32.dll:
0x47d3ec ShowWindow
0x47d3f0 DestroyWindow
0x47d3f4 CreateWindowExW
0x47d3f8 PostQuitMessage
0x47d3fc SendMessageW
0x47d400 GetWindowLongW
0x47d404 EnableWindow
0x47d408 SendDlgItemMessageW
0x47d40c SetDlgItemTextW
0x47d410 MessageBoxA
0x47d414 LoadIconW
0x47d418 FindWindowA
0x47d420 GetWindowTextW
0x47d424 SetPropW
0x47d428 SetMenuItemInfoW
0x47d42c GetMenuItemInfoA
0x47d430 GetMenuItemCount
0x47d434 IsMenu
0x47d438 PostMessageW
0x47d43c PeekMessageW
0x47d440 DispatchMessageW
0x47d444 TranslateMessage
0x47d448 GetSystemMetrics
0x47d450 wsprintfA
0x47d454 OpenClipboard
0x47d458 CloseClipboard
0x47d45c SetClipboardData
0x47d460 EmptyClipboard
0x47d464 GetDC
0x47d468 GetClientRect
0x47d46c GetMessageW
0x47d470 MapDialogRect
0x47d474 SetWindowLongW
0x47d478 ScreenToClient
0x47d47c MessageBoxW
0x47d480 GetWindowRect
0x47d484 SetWindowTextW
0x47d488 SetWindowPos
0x47d48c MoveWindow
0x47d490 GetPropW
0x47d494 UpdateWindow
0x47d498 GetMenu
0x47d49c GetDlgItem
0x47d4a0 CreateDialogParamW
Library GDI32.dll:
0x47d088 GetStockObject
0x47d090 CreateCompatibleDC
0x47d094 SetBkMode
0x47d098 GetObjectA
0x47d09c SetStretchBltMode
0x47d0a0 StretchBlt
0x47d0a4 SelectObject
0x47d0a8 GetDIBits
0x47d0ac CreateFontW
Library SHELL32.dll:
0x47d3d4 ShellExecuteW
0x47d3dc ShellExecuteExW
0x47d3e4 SHBindToParent
Library ole32.dll:
0x47d53c CoTaskMemAlloc
0x47d540 CoTaskMemFree
Library ADVAPI32.dll:
0x47d000 QueryServiceStatus
0x47d004 CryptHashData
0x47d008 CryptDestroyHash
0x47d010 CryptDestroyKey
0x47d014 CryptReleaseContext
0x47d01c RegSetValueA
0x47d020 RegQueryValueA
0x47d024 RegOpenKeyExA
0x47d028 RegOpenKeyA
0x47d02c RegEnumKeyA
0x47d030 RegDeleteKeyA
0x47d034 RegCreateKeyA
0x47d038 RegCloseKey
0x47d03c StartServiceW
0x47d040 CryptCreateHash
0x47d048 QueryServiceConfigW
0x47d04c OpenServiceW
0x47d050 OpenSCManagerA
0x47d054 ControlService
0x47d058 CloseServiceHandle
0x47d05c RegQueryValueExW
0x47d060 RegQueryValueExA
Library COMCTL32.dll:
Library PSAPI.DLL:
0x47d3b0 GetModuleBaseNameA
0x47d3b4 EnumProcessModules
0x47d3b8 EnumProcesses
Library IPHLPAPI.DLL:
0x47d0b4 IcmpCloseHandle
0x47d0b8 IcmpCreateFile
0x47d0bc IcmpSendEcho2
Library RPCRT4.dll:
0x47d3c0 UuidToStringA
0x47d3c4 RpcStringFreeA
0x47d3c8 UuidFromStringA
0x47d3cc UuidCreate
Library NETAPI32.dll:
0x47d3a0 NetApiBufferFree
0x47d3a4 NetWkstaGetInfo
Library WINTRUST.dll:
0x47d4b0 WinVerifyTrust
Library CRYPT32.dll:
0x47d070 CertCloseStore
0x47d07c CertGetNameStringA
0x47d080 CryptQueryObject
Library WS2_32.dll:
0x47d4bc accept
0x47d4c0 bind
0x47d4c4 closesocket
0x47d4c8 connect
0x47d4cc ioctlsocket
0x47d4d0 getpeername
0x47d4d4 getsockname
0x47d4d8 getsockopt
0x47d4dc htons
0x47d4e0 inet_addr
0x47d4e4 inet_ntoa
0x47d4e8 listen
0x47d4ec ntohl
0x47d4f0 __WSAFDIsSet
0x47d4f4 recv
0x47d4f8 recvfrom
0x47d4fc select
0x47d500 send
0x47d504 sendto
0x47d508 setsockopt
0x47d50c shutdown
0x47d510 socket
0x47d514 gethostbyname
0x47d518 gethostname
0x47d51c WSAStartup
0x47d520 WSACleanup
0x47d524 WSAGetLastError
0x47d528 WSAIoctl
0x47d52c getaddrinfo
0x47d530 freeaddrinfo
0x47d534 ntohs

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
209.222.0.52 443 192.168.56.101 49190

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49238 239.255.255.250 1900
192.168.56.101 49714 239.255.255.250 3702
192.168.56.101 49716 239.255.255.250 3702
192.168.56.101 53658 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.