1.2
低危
该样本未表现出任何异常!
重新分析
更多

1d96495169c7795fcf3023bb1416e2a7601cf533b051c7f9d1446a748c3bb8cc

b1f841882a5cfc238c9f177d11d6546f.exe

分析耗时

73s

最近分析

文件大小

1.4MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20210202 6.0.6.653
CrowdStrike 20190702 1.0
Avast 20210202 21.1.5827.0
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Kingsoft 20210207 2017.9.26.565
Tencent 20210202 1.0.0.1
静态指标
This executable is signed
This executable has a PDB path (1 个事件)
pdb_path D:\TemporaryBuilds\main_app_builder_1\17\s\App\_bin\architect\Win32\Release\updater-ws.pdb
The file contains an unknown PE resource name possibly indicative of a packer (2 个事件)
resource name REGISTRY
resource name TYPELIB
行为判定
动态指标
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-10-08 02:25:56

Imports

Library encoding-conversion.dll:
Library USER32.dll:
0x4f369c PostThreadMessageW
0x4f36a0 DispatchMessageW
0x4f36a4 TranslateMessage
0x4f36a8 GetMessageW
0x4f36ac LoadCursorW
0x4f36b0 SetWindowLongW
0x4f36b4 DestroyWindow
0x4f36b8 CreateWindowExW
0x4f36bc GetClassInfoExW
0x4f36c0 RegisterClassExW
0x4f36c4 UnregisterClassW
0x4f36c8 CallWindowProcW
0x4f36cc DefWindowProcW
0x4f36d0 PostMessageW
0x4f36d4 MessageBoxW
0x4f36d8 GetWindowLongW
0x4f36dc CharUpperW
0x4f36e4 wsprintfW
0x4f36e8 LoadStringW
0x4f36ec CharNextW
Library WTSAPI32.dll:
0x4f3784 WTSQueryUserToken
Library KERNEL32.dll:
0x4f30d0 GetProcessHeap
0x4f30d4 LocalAlloc
0x4f30d8 WideCharToMultiByte
0x4f30dc DecodePointer
0x4f30e0 GetCommandLineW
0x4f30e4 WaitForSingleObject
0x4f30e8 CreateEventW
0x4f30ec CreateThread
0x4f30f0 OpenEventA
0x4f30f4 ResetEvent
0x4f30f8 GetCurrentProcessId
0x4f30fc HeapSize
0x4f3100 OpenProcess
0x4f3108 Process32FirstW
0x4f310c Process32NextW
0x4f3110 CreateProcessW
0x4f3114 CreateFileW
0x4f3118 FormatMessageA
0x4f311c GetCurrentProcess
0x4f3120 HeapReAlloc
0x4f3124 HeapAlloc
0x4f3128 HeapDestroy
0x4f312c SetLastError
0x4f3130 MultiByteToWideChar
0x4f3134 lstrcmpiW
0x4f3138 LoadLibraryW
0x4f313c FindResourceW
0x4f3140 SizeofResource
0x4f3144 LoadResource
0x4f3148 LoadLibraryExW
0x4f314c GetProcAddress
0x4f3150 GetModuleHandleW
0x4f3154 GetModuleFileNameW
0x4f3158 FreeLibrary
0x4f315c GetCurrentThreadId
0x4f3160 CreateEventA
0x4f3168 SetEvent
0x4f317c GetLastError
0x4f3180 RaiseException
0x4f3184 CloseHandle
0x4f3188 FormatMessageW
0x4f318c LocalFree
0x4f3190 Sleep
0x4f3194 DeviceIoControl
0x4f3198 AreFileApisANSI
0x4f31a4 TerminateProcess
0x4f31ac GetStartupInfoW
0x4f31b4 LoadLibraryA
0x4f31b8 GetStringTypeExW
0x4f31bc LCMapStringW
0x4f31c0 GetUserDefaultLCID
0x4f31c4 TlsFree
0x4f31c8 TlsSetValue
0x4f31cc TlsGetValue
0x4f31d0 TlsAlloc
0x4f31d4 ReleaseSemaphore
0x4f31dc LoadLibraryExA
0x4f31e0 VirtualFree
0x4f31e4 VirtualAlloc
0x4f31f8 InitializeSListHead
0x4f31fc EncodePointer
0x4f3200 OutputDebugStringW
0x4f3204 IsDebuggerPresent
0x4f3214 GetFileAttributesW
0x4f3218 SetFilePointer
0x4f321c SetFileTime
0x4f3220 WriteFile
0x4f3224 ReadFile
0x4f3228 CreateDirectoryW
0x4f3230 GetSystemTime
0x4f3234 IsWow64Process
0x4f3238 FindClose
0x4f3248 FindNextFileW
0x4f324c DeleteFileW
0x4f3254 FindFirstFileW
0x4f3258 RemoveDirectoryW
0x4f325c HeapFree
0x4f3260 GlobalFree
Library ADVAPI32.dll:
0x4f3000 AddAce
0x4f300c InitializeSid
0x4f3010 GetSidSubAuthority
0x4f3014 GetAclInformation
0x4f3018 GetAce
0x4f3020 RegCreateKeyExW
0x4f3024 RegDeleteKeyW
0x4f3028 IsValidSid
0x4f302c CopySid
0x4f3030 RevertToSelf
0x4f3038 CryptReleaseContext
0x4f303c CryptGenRandom
0x4f3044 InitializeAcl
0x4f3048 GetLengthSid
0x4f3050 LookupAccountSidW
0x4f3054 RegCloseKey
0x4f3064 GetTokenInformation
0x4f3068 DuplicateTokenEx
0x4f306c OpenProcessToken
0x4f3074 SetServiceStatus
0x4f307c OpenServiceW
0x4f3080 OpenSCManagerW
0x4f3084 DeleteService
0x4f3088 CreateServiceW
0x4f308c ControlService
0x4f3090 CloseServiceHandle
0x4f3094 RegQueryValueExW
0x4f3098 ReportEventW
0x4f30a8 RegSetValueExW
0x4f30ac RegQueryInfoKeyW
0x4f30b0 RegOpenKeyExW
0x4f30b4 RegEnumKeyExW
0x4f30b8 RegDeleteValueW
Library ole32.dll:
0x4f39b0 CoInitialize
0x4f39b4 CoSetProxyBlanket
0x4f39b8 StringFromGUID2
0x4f39cc CoRevokeClassObject
0x4f39d4 CoInitializeEx
0x4f39d8 CoUninitialize
0x4f39dc OleRun
0x4f39e0 CoCreateInstance
0x4f39e4 CoTaskMemFree
0x4f39e8 CoTaskMemRealloc
0x4f39ec CoTaskMemAlloc
0x4f39f0 ProgIDFromCLSID
Library OLEAUT32.dll:
0x4f364c GetErrorInfo
0x4f3650 VariantCopy
0x4f3654 SysAllocStringLen
0x4f3658 VariantClear
0x4f365c VariantInit
0x4f3660 UnRegisterTypeLib
0x4f3664 RegisterTypeLib
0x4f3668 SysAllocString
0x4f366c CreateErrorInfo
0x4f3670 SetErrorInfo
0x4f3674 LoadRegTypeLib
0x4f3678 LoadTypeLib
0x4f367c VarUI4FromStr
0x4f3684 SafeArrayAccessData
0x4f3688 SysStringLen
0x4f368c SysFreeString
Library atom.dll:
Library root-service-provider.dll:
Library SHLWAPI.dll:
0x4f3694 PathFileExistsW
Library MSVCP140.dll:
0x4f3308 ?_BADOFF@std@@3_JB
0x4f331c _Wcscoll
0x4f3320 _Wcsxfrm
0x4f3474 _Mbrtowc
0x4f348c _Thrd_start
0x4f3490 _Xtime_get_ticks
0x4f3494 _Thrd_join
0x4f3498 _Thrd_id
0x4f349c _Mtx_init
0x4f34a0 _Mtx_destroy
0x4f34a4 _Mtx_init_in_situ
0x4f34ac _Mtx_current_owns
0x4f34b0 _Mtx_lock
0x4f34b4 _Mtx_unlock
0x4f34b8 _Cnd_init
0x4f34bc _Cnd_destroy
0x4f34c0 _Cnd_init_in_situ
0x4f34c8 _Cnd_wait
0x4f34cc _Cnd_timedwait
0x4f34d0 _Cnd_broadcast
0x4f34d4 _Cnd_signal
Library USERENV.dll:
0x4f36f8 LoadUserProfileW
0x4f36fc UnloadUserProfile
Library VCRUNTIME140.dll:
0x4f370c wcschr
0x4f3714 _purecall
0x4f3718 __std_terminate
0x4f3728 _CxxThrowException
0x4f372c __CxxFrameHandler3
0x4f3730 memcpy
0x4f3734 memmove
0x4f3738 memset
0x4f373c wcsstr
0x4f3740 strchr
0x4f3744 memchr
Library api-ms-win-crt-runtime-l1-1-0.dll:
0x4f3808 _initterm_e
0x4f3818 _set_app_type
0x4f381c _seh_filter_exe
0x4f3820 _get_errno
0x4f3824 _set_errno
0x4f3830 _errno
0x4f3834 _cexit
0x4f3838 _resetstkoflw
0x4f383c strerror
0x4f3840 _crt_atexit
0x4f3844 _wassert
0x4f3848 _controlfp_s
0x4f3854 _c_exit
0x4f385c _exit
0x4f3860 abort
0x4f3864 exit
0x4f3868 terminate
0x4f386c _initterm
Library api-ms-win-crt-string-l1-1-0.dll:
0x4f38e0 wcscat_s
0x4f38e4 iswprint
0x4f38e8 _wcsnicmp
0x4f38ec iswspace
0x4f38f0 strnlen
0x4f38f4 ispunct
0x4f38f8 wcscpy_s
0x4f38fc wcsncpy_s
0x4f3900 strncpy
0x4f3904 wmemcpy_s
0x4f3908 wcsnlen
0x4f390c wcsncmp
0x4f3910 _wcsicmp
0x4f3914 strncmp
0x4f3918 tolower
0x4f391c isspace
0x4f3920 isdigit
0x4f3924 _strlwr_s
Library api-ms-win-crt-heap-l1-1-0.dll:
0x4f37c8 _recalloc
0x4f37cc malloc
0x4f37d0 realloc
0x4f37d4 _callnewh
0x4f37d8 _msize
0x4f37dc _set_new_mode
0x4f37e0 calloc
0x4f37e4 free
Library api-ms-win-crt-stdio-l1-1-0.dll:
0x4f3874 ungetwc
0x4f3878 _set_fmode
0x4f387c __p__commode
0x4f3884 fputwc
0x4f3888 ungetc
0x4f388c fflush
0x4f3890 setvbuf
0x4f3894 fclose
0x4f3898 fgetwc
0x4f389c fgetc
0x4f38b0 fwrite
0x4f38b4 fgetpos
0x4f38b8 _fseeki64
0x4f38bc _ftelli64
0x4f38c0 fread
0x4f38c8 _putws
0x4f38cc ferror
0x4f38d0 fsetpos
0x4f38d4 _wfopen
0x4f38d8 fputc
Library api-ms-win-crt-convert-l1-1-0.dll:
0x4f378c strtol
0x4f3790 strtoll
0x4f3794 _ui64toa_s
0x4f3798 _i64toa_s
0x4f379c wcstod
0x4f37a0 _itoa_s
0x4f37a4 _wcstoui64
0x4f37a8 _gcvt_s
0x4f37ac _wtoi
0x4f37b0 _wcstoi64
0x4f37b4 _ultoa_s
Library api-ms-win-crt-time-l1-1-0.dll:
0x4f392c _time64
0x4f3930 _gmtime64
0x4f3934 _difftime64
0x4f3938 _gmtime64_s
Library api-ms-win-crt-math-l1-1-0.dll:
0x4f37f4 __setusermatherr
0x4f37f8 _fpclass
0x4f3800 _except1

Exports

Ordinal Address Name
1 0x4581d0 ??0?$oserializer@Vxml_woarchive@archive@boost@@VPreviewerSwitcherContext@WS@@@detail@archive@boost@@QAE@XZ
2 0x458740 ??0?$oserializer@Vxml_woarchive@archive@boost@@VSessionIdContext@WS@@@detail@archive@boost@@QAE@XZ
3 0x409340 ??0?$singleton@V?$extended_type_info_typeid@VPreviewerSwitcherContext@WS@@@serialization@boost@@@serialization@boost@@IAE@XZ
4 0x409340 ??0?$singleton@V?$extended_type_info_typeid@VSessionIdContext@WS@@@serialization@boost@@@serialization@boost@@IAE@XZ
5 0x458200 ?get_const_instance@?$singleton@V?$extended_type_info_typeid@VPreviewerSwitcherContext@WS@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@VPreviewerSwitcherContext@WS@@@23@XZ
6 0x458770 ?get_const_instance@?$singleton@V?$extended_type_info_typeid@VSessionIdContext@WS@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@VSessionIdContext@WS@@@23@XZ
7 0x4d46b0 ?get_const_instance@?$singleton@V?$map@Vxml_woarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAABV?$map@Vxml_woarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
8 0x4d38c0 ?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
9 0x4d3410 ?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
10 0x458090 ?get_const_instance@?$singleton@V?$oserializer@Vxml_woarchive@archive@boost@@VPreviewerSwitcherContext@WS@@@detail@archive@boost@@@serialization@boost@@SAABV?$oserializer@Vxml_woarchive@archive@boost@@VPreviewerSwitcherContext@WS@@@detail@archive@3@XZ

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49238 239.255.255.250 1900
192.168.56.101 50003 239.255.255.250 3702
192.168.56.101 50005 239.255.255.250 3702
192.168.56.101 57757 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.