5.2
中危
该样本未表现出任何异常!
重新分析
更多

fa91bea0951bda1871ad640c0abe4171b4a35e30ae1519805499de82c83f35c0

b09b9ef56f8dbf559cda540e07d012ed.exe

分析耗时

77s

最近分析

文件大小

276.5KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1621013663.17525
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1621013653.66025
CryptGenKey
crypto_handle: 0x00578010
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00577af0
flags: 1
key: fë÷£JÈ 8©tõfƒm
success 1 0
1621013663.20625
CryptExportKey
crypto_handle: 0x00578010
crypto_export_handle: 0x00577fd0
buffer: f¤(œ$;üïñW$- Pý¤åt! Aï<#«·|ý NH8/É£CŸ Ýw#ú]ë761§õE,;+˜à~=ÔÔ (dGD”+Mª›Ã4À‡qð—°L™Ê#"\^²ë
blob_type: 1
flags: 64
success 1 0
1621013699.92525
CryptExportKey
crypto_handle: 0x00578010
crypto_export_handle: 0x00577fd0
buffer: f¤ÜÓBN™®´"o6P£‘*¹›‘YP û0_ÃLΧ삨 mV˜l¦AX½Ÿw*Þ¥#þ°&Vð}†¨2â ï×E;ϳrômŸ:L 1?ÙAb,V6!pƒLõ(L"­]ى
blob_type: 1
flags: 64
success 1 0
1621013704.41025
CryptExportKey
crypto_handle: 0x00578010
crypto_export_handle: 0x00577fd0
buffer: f¤?—é¾³X }€[BïtUFIç?g˜Ó9κ‘ß D#±R½ÇôHٟgÌ®ª¨pKcìP#FŠ™ô}¨®ø‰(Tâ7˜c81ô'š6¨XoYßñ_&Æ?.Þ )
blob_type: 1
flags: 64
success 1 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1621013652.39425
NtAllocateVirtualMemory
process_identifier: 648
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01e60000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1621013663.73825
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.099208301498691 section {'size_of_data': '0x0000d000', 'virtual_address': '0x0003b000', 'entropy': 7.099208301498691, 'name': '.rsrc', 'virtual_size': '0x0000cf10'} description A section with a high entropy has been found
Expresses interest in specific running processes (1 个事件)
process b09b9ef56f8dbf559cda540e07d012ed.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1621013663.37825
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (5 个事件)
host 157.7.164.178
host 172.217.24.14
host 177.144.130.105
host 198.27.69.201
host 52.218.60.12
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1621013666.67525
RegSetValueExA
key_handle: 0x000003a8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1621013666.67525
RegSetValueExA
key_handle: 0x000003a8
value: 0,rEÀH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1621013666.67525
RegSetValueExA
key_handle: 0x000003a8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1621013666.67525
RegSetValueExW
key_handle: 0x000003a8
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1621013666.67525
RegSetValueExA
key_handle: 0x000003c0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1621013666.67525
RegSetValueExA
key_handle: 0x000003c0
value: 0,rEÀH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1621013666.67525
RegSetValueExA
key_handle: 0x000003c0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1621013666.73825
RegSetValueExW
key_handle: 0x000003a4
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 198.27.69.201:8080
dead_host 177.144.130.105:443
dead_host 192.168.56.101:49178
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-17 23:40:59

Imports

Library KERNEL32.dll:
0x4290d0 RtlUnwind
0x4290d4 RaiseException
0x4290d8 HeapAlloc
0x4290dc HeapFree
0x4290e0 HeapReAlloc
0x4290e4 VirtualAlloc
0x4290e8 GetCommandLineA
0x4290ec GetProcessHeap
0x4290f0 GetStartupInfoA
0x4290f4 ExitProcess
0x4290f8 HeapSize
0x4290fc TerminateProcess
0x429108 IsDebuggerPresent
0x42910c Sleep
0x429110 VirtualFree
0x429114 HeapDestroy
0x429118 HeapCreate
0x42911c GetStdHandle
0x42912c SetHandleCount
0x429130 GetFileType
0x429138 GetTickCount
0x429140 GetACP
0x429144 GetConsoleCP
0x429148 GetConsoleMode
0x42914c LCMapStringA
0x429150 LCMapStringW
0x429154 GetStringTypeA
0x429158 GetStringTypeW
0x42915c SetStdHandle
0x429160 WriteConsoleA
0x429164 GetConsoleOutputCP
0x429168 WriteConsoleW
0x42916c SetErrorMode
0x429170 CreateFileA
0x429174 FlushFileBuffers
0x429178 SetFilePointer
0x42917c WriteFile
0x429180 ReadFile
0x429188 GetThreadLocale
0x42918c GetOEMCP
0x429190 GetCPInfo
0x429194 GlobalFlags
0x429198 TlsFree
0x4291a0 LocalReAlloc
0x4291a4 TlsSetValue
0x4291a8 TlsAlloc
0x4291b0 GlobalHandle
0x4291b4 GlobalReAlloc
0x4291bc TlsGetValue
0x4291c4 LocalAlloc
0x4291cc GetCurrentProcessId
0x4291d0 CloseHandle
0x4291d4 GetCurrentThread
0x4291dc GetModuleFileNameA
0x4291e4 GetLocaleInfoA
0x4291e8 lstrcmpA
0x4291f0 GetModuleFileNameW
0x4291f4 FreeResource
0x4291f8 GetCurrentThreadId
0x4291fc GlobalGetAtomNameA
0x429200 GlobalAddAtomA
0x429204 GlobalFindAtomA
0x429208 GlobalDeleteAtom
0x42920c FreeLibrary
0x429210 LoadLibraryA
0x429214 lstrcmpW
0x429218 GetVersionExA
0x42921c GetModuleHandleA
0x429220 SetLastError
0x429224 GlobalFree
0x429228 GlobalAlloc
0x42922c GlobalLock
0x429230 GlobalUnlock
0x429234 FormatMessageA
0x429238 LocalFree
0x42923c MulDiv
0x429240 lstrlenA
0x429244 CompareStringA
0x429248 GetVersion
0x42924c GetLastError
0x429250 MultiByteToWideChar
0x429254 InterlockedExchange
0x429258 LoadLibraryExA
0x42925c GetProcAddress
0x429260 GetCurrentProcess
0x429264 WideCharToMultiByte
0x429268 FindResourceA
0x42926c LoadResource
0x429270 LockResource
0x429278 SizeofResource
Library USER32.dll:
0x42929c GetMessageA
0x4292a0 TranslateMessage
0x4292a4 ValidateRect
0x4292a8 PostQuitMessage
0x4292ac GetCursorPos
0x4292b0 WindowFromPoint
0x4292b4 GetDesktopWindow
0x4292b8 GetActiveWindow
0x4292c0 GetNextDlgTabItem
0x4292c4 EndDialog
0x4292c8 IsWindowEnabled
0x4292cc ShowWindow
0x4292d0 MoveWindow
0x4292d4 SetWindowTextA
0x4292d8 IsDialogMessageA
0x4292dc SetMenuItemBitmaps
0x4292e4 LoadBitmapA
0x4292e8 ModifyMenuA
0x4292ec EnableMenuItem
0x4292f0 CheckMenuItem
0x4292f8 SendDlgItemMessageA
0x4292fc WinHelpA
0x429300 GetCapture
0x429304 SetWindowsHookExA
0x429308 CallNextHookEx
0x42930c GetClassLongA
0x429310 GetClassNameA
0x429314 SetPropA
0x429318 GetPropA
0x42931c RemovePropA
0x429320 GetFocus
0x429324 SetFocus
0x42932c GetWindowTextA
0x429330 GetLastActivePopup
0x429334 SetActiveWindow
0x429338 GetDlgItem
0x42933c GetTopWindow
0x429340 DestroyWindow
0x429344 UnhookWindowsHookEx
0x429348 GetMessageTime
0x42934c PeekMessageA
0x429350 MapWindowPoints
0x429354 GetKeyState
0x429358 SetForegroundWindow
0x42935c IsWindowVisible
0x429360 UpdateWindow
0x429364 GetMenu
0x429368 PostMessageA
0x42936c MessageBoxA
0x429370 CreateWindowExA
0x429374 GetClassInfoExA
0x429378 GetClassInfoA
0x42937c AdjustWindowRectEx
0x429380 GetDlgCtrlID
0x429384 CallWindowProcA
0x429388 GetWindowLongA
0x42938c SetWindowLongA
0x429390 SetWindowPos
0x429394 GetWindowPlacement
0x429398 GetWindow
0x42939c EndPaint
0x4293a0 BeginPaint
0x4293a4 ReleaseDC
0x4293a8 CopyRect
0x4293ac SetRect
0x4293b0 InflateRect
0x4293b4 OffsetRect
0x4293b8 DrawEdge
0x4293bc DrawFrameControl
0x4293c0 GetDC
0x4293c4 ClientToScreen
0x4293c8 ScreenToClient
0x4293cc GrayStringA
0x4293d0 DrawTextExA
0x4293d4 DrawTextA
0x4293d8 TabbedTextOutA
0x4293dc GetMenuState
0x4293e0 GetMenuItemID
0x4293e4 GetMenuItemCount
0x4293e8 UnregisterClassA
0x4293ec GetSysColorBrush
0x4293f0 DestroyMenu
0x4293f8 GetForegroundWindow
0x4293fc SetCursor
0x429400 DrawFocusRect
0x429404 SendMessageA
0x429408 GetWindowRect
0x42940c RedrawWindow
0x429410 GetParent
0x429414 EnableWindow
0x429418 IsWindow
0x42941c GetSystemMetrics
0x429420 GetSysColor
0x429424 PtInRect
0x429428 GetClientRect
0x42942c InvalidateRect
0x429430 SetCapture
0x429438 ReleaseCapture
0x42943c GetMessagePos
0x429440 RegisterClassA
0x429444 LoadCursorA
0x429448 GetSubMenu
0x42944c LoadIconA
0x429450 IsIconic
0x429454 GetSystemMenu
0x429458 AppendMenuA
0x42945c DrawIcon
0x429460 IsRectEmpty
0x429464 DefWindowProcA
0x429468 DispatchMessageA
Library GDI32.dll:
0x429028 PtVisible
0x42902c RectVisible
0x429030 TextOutA
0x429034 ExtTextOutA
0x429038 Escape
0x42903c SetViewportOrgEx
0x429040 OffsetViewportOrgEx
0x429044 SetViewportExtEx
0x429048 ScaleViewportExtEx
0x42904c SetWindowExtEx
0x429050 ScaleWindowExtEx
0x429054 DeleteDC
0x429058 CreateBitmap
0x42905c SelectPalette
0x429060 GetObjectA
0x429064 DeleteObject
0x429068 Rectangle
0x42906c MoveToEx
0x429070 LineTo
0x429074 GetClipBox
0x429078 SetMapMode
0x42907c SetTextColor
0x429080 SetBkMode
0x429084 SetBkColor
0x429088 RestoreDC
0x42908c SaveDC
0x429090 BitBlt
0x429094 Pie
0x429098 Ellipse
0x42909c SelectObject
0x4290a0 CreateCompatibleDC
0x4290a8 CreateFontA
0x4290ac CreateSolidBrush
0x4290b0 GetStockObject
0x4290b8 RealizePalette
0x4290bc GetDeviceCaps
0x4290c0 CreatePalette
0x4290c4 CreateFontIndirectA
0x4290c8 CreatePen
Library WINSPOOL.DRV:
0x429470 ClosePrinter
0x429474 DocumentPropertiesA
0x429478 OpenPrinterA
Library ADVAPI32.dll:
0x429000 RegSetValueExA
0x429004 RegCreateKeyExA
0x429008 RegQueryValueA
0x42900c RegEnumKeyA
0x429010 RegDeleteKeyA
0x429014 RegOpenKeyExA
0x429018 RegQueryValueExA
0x42901c RegOpenKeyA
0x429020 RegCloseKey
Library SHLWAPI.dll:
0x429290 PathFindFileNameA
0x429294 PathFindExtensionA
Library OLEAUT32.dll:
0x429280 VariantClear
0x429284 VariantChangeType
0x429288 VariantInit

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
52.218.60.12 80 192.168.56.101 49181

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.