4.6
中危
该样本未表现出任何异常!
重新分析
更多

fc5a80a7520dd47b9978e7a2fd7a2b38df62cc7ce751d605cff1767d377b08fd

b1b821f4d00f7bc3864266ef1e56a779.exe

分析耗时

76s

最近分析

文件大小

272.0KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1620985535.603979
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1620985519.869979
CryptGenKey
crypto_handle: 0x005e3b10
algorithm_identifier: 0x0000660e ()
provider_handle: 0x005e33b0
flags: 1
key: fK¥º >ž©,æ`ː~>
success 1 0
1620985535.619979
CryptExportKey
crypto_handle: 0x005e3b10
crypto_export_handle: 0x005e3478
buffer: f¤ 6{z&Ûxôq{œòd|.%ø ƒº0÷îϟm`z‰/!:Ø­è£ãŠ°TcՖAþ@±3§«O'€Q­®˜‡ê=€ÔÌ å­¼¹9FДK÷œu°ðP‰
blob_type: 1
flags: 64
success 1 0
1620985571.650979
CryptExportKey
crypto_handle: 0x005e3b10
crypto_export_handle: 0x005e3478
buffer: f¤^¢L!Øå¤Óӑùµý÷&¢­F_{›_ä1r’« "Õ#6f!ᙷåM³{âNOÆÀω—”¾*RïJ6µÒNj w8å…pTdуñF¿¥†&0-½Ü¹Ã:
blob_type: 1
flags: 64
success 1 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620985518.900979
NtAllocateVirtualMemory
process_identifier: 1432
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003c0000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620985536.150979
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process b1b821f4d00f7bc3864266ef1e56a779.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1620985535.759979
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 50.121.220.50
host 51.75.33.122
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620985538.728979
RegSetValueExA
key_handle: 0x000003a4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620985538.728979
RegSetValueExA
key_handle: 0x000003a4
value: `fPÆH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620985538.728979
RegSetValueExA
key_handle: 0x000003a4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620985538.728979
RegSetValueExW
key_handle: 0x000003a4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620985538.728979
RegSetValueExA
key_handle: 0x000003bc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620985538.728979
RegSetValueExA
key_handle: 0x000003bc
value: `fPÆH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620985538.728979
RegSetValueExA
key_handle: 0x000003bc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620985538.759979
RegSetValueExW
key_handle: 0x000003a0
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 50.121.220.50:80
dead_host 51.75.33.122:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-09-03 18:44:16

Imports

Library KERNEL32.dll:
0x4290b4 VirtualQuery
0x4290b8 GetStartupInfoA
0x4290bc GetCommandLineA
0x4290c0 HeapReAlloc
0x4290c4 TerminateProcess
0x4290c8 SetStdHandle
0x4290cc GetFileType
0x4290d0 HeapSize
0x4290d4 LCMapStringA
0x4290d8 LCMapStringW
0x4290dc HeapDestroy
0x4290e0 HeapCreate
0x4290e4 VirtualFree
0x4290e8 IsBadWritePtr
0x4290ec GetStdHandle
0x4290fc GetSystemInfo
0x429104 SetHandleCount
0x42910c GetCurrentProcessId
0x429118 GetStringTypeA
0x42911c GetStringTypeW
0x429124 IsBadReadPtr
0x429128 IsBadCodePtr
0x429130 VirtualAlloc
0x429134 VirtualProtect
0x429138 HeapFree
0x42913c HeapAlloc
0x429140 RtlUnwind
0x429144 GetTickCount
0x429148 SetErrorMode
0x42914c GetFileTime
0x429150 GetFileAttributesA
0x429158 CreateFileA
0x42915c GetFullPathNameA
0x429164 FindFirstFileA
0x429168 FindClose
0x42916c GetCurrentProcess
0x429170 DuplicateHandle
0x429174 GetFileSize
0x429178 SetEndOfFile
0x42917c UnlockFile
0x429180 LockFile
0x429184 FlushFileBuffers
0x429188 SetFilePointer
0x42918c WriteFile
0x429190 ReadFile
0x429198 GetOEMCP
0x42919c GetCPInfo
0x4291a0 GlobalFlags
0x4291a4 TlsFree
0x4291a8 LocalReAlloc
0x4291ac TlsSetValue
0x4291b0 TlsAlloc
0x4291b4 TlsGetValue
0x4291bc GlobalHandle
0x4291c0 GlobalReAlloc
0x4291c8 LocalAlloc
0x4291d4 RaiseException
0x4291e4 CloseHandle
0x4291e8 GetCurrentThread
0x4291ec lstrcmpA
0x4291f0 GetModuleFileNameA
0x4291fc lstrcpyA
0x429200 FreeResource
0x429204 GetCurrentThreadId
0x429208 GlobalGetAtomNameA
0x42920c GlobalAddAtomA
0x429210 GlobalFindAtomA
0x429214 GlobalDeleteAtom
0x429218 LoadLibraryA
0x42921c FreeLibrary
0x429220 lstrcatA
0x429224 lstrcmpW
0x429228 GetModuleHandleA
0x42922c GetProcAddress
0x429230 SetLastError
0x429234 GlobalFree
0x429238 MulDiv
0x42923c GlobalAlloc
0x429240 GlobalLock
0x429244 GlobalUnlock
0x429248 FormatMessageA
0x42924c lstrcpynA
0x429250 LocalFree
0x429254 CompareStringW
0x429258 CompareStringA
0x42925c lstrlenA
0x429260 lstrcmpiA
0x429264 GetVersion
0x429268 GetLastError
0x42926c MultiByteToWideChar
0x429270 WideCharToMultiByte
0x429274 FindResourceA
0x429278 LoadResource
0x42927c LockResource
0x429280 SizeofResource
0x429284 GetVersionExA
0x429288 GetThreadLocale
0x42928c GetLocaleInfoA
0x429290 GetACP
0x429294 InterlockedExchange
0x42929c ExitProcess
Library USER32.dll:
0x4292f0 PostThreadMessageA
0x4292f4 GetNextDlgGroupItem
0x4292f8 InvalidateRgn
0x4292fc InvalidateRect
0x429304 SetRect
0x429308 IsRectEmpty
0x42930c ReleaseCapture
0x429310 SetCapture
0x429314 CharNextA
0x429318 LoadCursorA
0x42931c GetSysColorBrush
0x429320 EndPaint
0x429324 BeginPaint
0x429328 GetWindowDC
0x42932c ReleaseDC
0x429330 GetDC
0x429334 ClientToScreen
0x429338 GrayStringA
0x42933c DrawTextExA
0x429340 DrawTextA
0x429344 TabbedTextOutA
0x429348 wsprintfA
0x42934c DestroyMenu
0x429354 MapDialogRect
0x429358 GetDesktopWindow
0x429360 GetNextDlgTabItem
0x429364 EndDialog
0x429368 GetMessageA
0x42936c TranslateMessage
0x429370 GetActiveWindow
0x429374 GetCursorPos
0x429378 ValidateRect
0x42937c SetCursor
0x429380 PostQuitMessage
0x429384 SetMenuItemBitmaps
0x429388 ModifyMenuA
0x42938c EnableMenuItem
0x429390 CheckMenuItem
0x429398 LoadBitmapA
0x42939c IsWindowEnabled
0x4293a0 MoveWindow
0x4293a4 SetWindowTextA
0x4293a8 IsDialogMessageA
0x4293b0 WinHelpA
0x4293b4 GetCapture
0x4293b8 CreateWindowExA
0x4293bc SetWindowsHookExA
0x4293c0 CallNextHookEx
0x4293c4 GetClassLongA
0x4293c8 GetClassInfoExA
0x4293cc GetClassNameA
0x4293d0 SetPropA
0x4293d4 GetPropA
0x4293d8 RemovePropA
0x4293dc SendDlgItemMessageA
0x4293e0 GetFocus
0x4293e4 IsWindow
0x4293e8 SetFocus
0x4293ec IsChild
0x4293f4 GetWindowTextA
0x4293f8 GetForegroundWindow
0x4293fc GetLastActivePopup
0x429400 SetActiveWindow
0x429404 DispatchMessageA
0x429408 GetDlgItem
0x42940c GetTopWindow
0x429410 DestroyWindow
0x429414 UnhookWindowsHookEx
0x429418 GetMessageTime
0x42941c GetMessagePos
0x429420 PeekMessageA
0x429424 MapWindowPoints
0x429428 MessageBoxA
0x42942c GetKeyState
0x429430 SetForegroundWindow
0x429434 IsWindowVisible
0x429438 UpdateWindow
0x42943c GetMenu
0x429440 PostMessageA
0x429444 GetSysColor
0x429448 AdjustWindowRectEx
0x42944c GetParent
0x429450 EqualRect
0x429454 GetClassInfoA
0x429458 RegisterClassA
0x42945c UnregisterClassA
0x429460 GetDlgCtrlID
0x429464 DefWindowProcA
0x429468 CallWindowProcA
0x42946c GetWindowLongA
0x429470 SetWindowLongA
0x429474 SetWindowPos
0x429478 OffsetRect
0x42947c IntersectRect
0x429484 MessageBeep
0x429488 GetWindowPlacement
0x42948c GetWindowRect
0x429490 CopyRect
0x429494 PtInRect
0x429498 GetWindow
0x42949c GetMenuState
0x4294a0 GetMenuItemID
0x4294a4 GetMenuItemCount
0x4294a8 GetSubMenu
0x4294ac CharUpperA
0x4294b0 GetSystemMetrics
0x4294b4 LoadIconA
0x4294b8 GetClientRect
0x4294bc IsIconic
0x4294c0 GetSystemMenu
0x4294c4 SendMessageA
0x4294c8 AppendMenuA
0x4294cc DrawIcon
0x4294d0 ShowWindow
0x4294d4 EnableWindow
Library GDI32.dll:
0x429030 GetBkColor
0x429034 GetTextColor
0x42903c GetRgnBox
0x429040 GetMapMode
0x429044 GetWindowExtEx
0x429048 GetViewportExtEx
0x42904c DeleteObject
0x429050 PtVisible
0x429054 GetStockObject
0x429058 DeleteDC
0x42905c ExtSelectClipRgn
0x429060 ScaleWindowExtEx
0x429064 SetWindowExtEx
0x429068 ScaleViewportExtEx
0x42906c SetViewportExtEx
0x429070 OffsetViewportOrgEx
0x429074 SetViewportOrgEx
0x429078 SelectObject
0x42907c Escape
0x429080 TextOutA
0x429084 GetDeviceCaps
0x429088 SetMapMode
0x42908c RestoreDC
0x429090 SaveDC
0x429094 ExtTextOutA
0x429098 CreateBitmap
0x42909c GetObjectA
0x4290a0 SetBkColor
0x4290a4 SetTextColor
0x4290a8 GetClipBox
0x4290ac RectVisible
Library comdlg32.dll:
0x429514 GetSaveFileNameA
0x429518 GetFileTitleA
0x42951c GetOpenFileNameA
Library WINSPOOL.DRV:
0x4294dc OpenPrinterA
0x4294e0 DocumentPropertiesA
0x4294e4 ClosePrinter
Library ADVAPI32.dll:
0x429000 RegOpenKeyA
0x429004 RegQueryValueExA
0x429008 RegOpenKeyExA
0x42900c RegDeleteKeyA
0x429010 RegEnumKeyA
0x429014 RegQueryValueA
0x429018 RegCreateKeyExA
0x42901c RegSetValueExA
0x429020 RegCloseKey
Library COMCTL32.dll:
0x429028
Library SHLWAPI.dll:
0x4292d8 PathFindFileNameA
0x4292dc PathStripToRootA
0x4292e0 PathFindExtensionA
0x4292e4 PathIsUNCA
Library oledlg.dll:
0x429564
Library ole32.dll:
0x429524 CoRevokeClassObject
0x429528 CLSIDFromProgID
0x42952c CLSIDFromString
0x429530 CoTaskMemFree
0x429534 CoTaskMemAlloc
0x429538 CoGetClassObject
0x429548 OleUninitialize
0x429554 OleFlushClipboard
0x42955c OleInitialize
Library OLEAUT32.dll:
0x4292ac SafeArrayDestroy
0x4292b0 VariantCopy
0x4292b4 SysAllocStringLen
0x4292b8 VariantInit
0x4292c0 SysStringLen
0x4292c4 SysAllocString
0x4292c8 VariantClear
0x4292cc SysFreeString
0x4292d0 VariantChangeType
Library WS2_32.dll:
0x4294ec WSAStartup
0x4294f0 send
0x4294f4 recv
0x4294f8 socket
0x4294fc inet_addr
0x429500 htons
0x429504 connect
0x429508 closesocket
0x42950c WSACleanup

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.