3.6
中危
该样本未表现出任何异常!
重新分析
更多

fb929804c48dd790ad47eccca999d459a268aebf1fc252cfe59701921b711954

b2d3633754abe0c13f963d19a2a31f32.exe

分析耗时

91s

最近分析

文件大小

4.8MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (8 个事件)
Time & API Arguments Status Return Repeated
1620916710.256124
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620916710.256124
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620916711.709124
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620916717.553124
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620916714.256124
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620916714.256124
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620916714.881249
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620916714.881249
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
This executable is signed
This executable has a PDB path (1 个事件)
pdb_path C:\jenkins-root\workspace\OD_1.0.x\label\win-ent\bld32\RelWithDebInfo\odserver.pdb
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name BUILTINRESOURCE
行为判定
动态指标
A process created a hidden window (2 个事件)
Time & API Arguments Status Return Repeated
1620916714.006124
ShellExecuteExW
parameters: -agent user RealVNC.Administrator.InstantSupportByRealVNC.vncagent.1517491887 -_hash a0e6619293e808b6fc737fefe97eb8d462494f49e4b746da64e219b20ac3ace8
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\b2d3633754abe0c13f963d19a2a31f32.exe
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\b2d3633754abe0c13f963d19a2a31f32.exe
show_type: 0
success 1 0
1620916714.584124
CreateProcessInternalW
thread_identifier: 732
thread_handle: 0x00000254
process_identifier: 2404
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\b2d3633754abe0c13f963d19a2a31f32.exe
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\b2d3633754abe0c13f963d19a2a31f32.exe -ui -hash 39a71726c864b737a015d1dcc6d5c44175319e9b1e82528cab5e6958a35ec4b4 RealVNC.Administrator.InstantSupportByRealVNC.vncpipehelper.660207837
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\b2d3633754abe0c13f963d19a2a31f32.exe
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000250
inherit_handles: 0
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620916714.943124
GetAdaptersAddresses
flags: 15
family: 0
failed 111 0
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 35.190.60.70
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\b2d3633754abe0c13f963d19a2a31f32.exe:Zone.Identifier
Generates some ICMP traffic
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-05-27 19:04:49

Imports

Library CRYPT32.dll:
0x783120 CertOpenStore
0x78312c CertCloseStore
Library WS2_32.dll:
0x78371c closesocket
0x783724 WSAEventSelect
0x783728 WSAIoctl
0x78372c getpeername
0x783730 getsockname
0x783734 htonl
0x783738 htons
0x78373c inet_addr
0x783740 inet_ntoa
0x783744 ntohl
0x783748 ntohs
0x78374c gethostbyaddr
0x783750 shutdown
0x783754 send
0x783758 select
0x78375c recv
0x783760 WSASocketW
0x783764 WSADuplicateSocketW
0x783768 WSAConnect
0x78376c WSAStartup
0x783770 socket
0x783774 getsockopt
0x783778 ioctlsocket
0x78377c gethostbyname
0x783780 bind
0x783784 accept
0x783788 WSASendTo
0x78378c WSASend
0x783790 recvfrom
0x783794 setsockopt
0x783798 WSASetLastError
0x78379c getservbyname
0x7837a0 getservbyport
0x7837a4 WSAGetLastError
Library COMCTL32.dll:
0x783104 _TrackMouseEvent
0x783110 ImageList_Add
0x783114 ImageList_Create
0x783118 ImageList_Destroy
Library KERNEL32.dll:
0x7831cc OpenProcess
0x7831d0 FormatMessageW
0x7831d4 DuplicateHandle
0x7831dc CreateProcessW
0x7831e0 LocalAlloc
0x7831e4 SetEndOfFile
0x7831e8 SetFilePointer
0x7831f4 CreateDirectoryW
0x7831f8 RemoveDirectoryW
0x7831fc GetFileAttributesW
0x783204 DeleteFileW
0x783208 MoveFileW
0x783218 GetComputerNameW
0x78321c FreeLibrary
0x783220 GetProcAddress
0x783224 LoadLibraryA
0x783228 GetSystemDirectoryA
0x78322c FindClose
0x783230 FindFirstFileW
0x783234 CreateNamedPipeW
0x783238 CompareStringW
0x78323c LCMapStringW
0x783240 GetVersionExW
0x783244 CreateThread
0x783248 GetCurrentThread
0x78324c GetThreadTimes
0x783250 TerminateThread
0x783254 ResumeThread
0x783258 GetExitCodeProcess
0x78325c VirtualAllocEx
0x783260 VirtualFreeEx
0x783264 ReadProcessMemory
0x783268 WriteProcessMemory
0x78326c ReleaseMutex
0x783270 CreateMutexW
0x783274 QueryDosDeviceW
0x783278 OutputDebugStringW
0x78327c GetLocaleInfoW
0x783280 GetUserDefaultLCID
0x783288 GetModuleHandleExW
0x78328c WriteFile
0x783290 FlushFileBuffers
0x7832a0 GetFileAttributesA
0x7832a4 FindFirstFileA
0x7832a8 GetNumberFormatW
0x7832ac GetSystemInfo
0x7832b0 MapViewOfFile
0x7832b4 UnmapViewOfFile
0x7832b8 CreateFileMappingW
0x7832bc GetTimeFormatW
0x7832c0 GetDateFormatW
0x7832c4 ConnectNamedPipe
0x7832cc WriteConsoleW
0x7832d0 ReadConsoleW
0x7832d4 FreeConsole
0x7832d8 AllocConsole
0x7832dc GetConsoleMode
0x7832e0 GetStdHandle
0x7832e4 GetFileType
0x7832e8 SetLastError
0x7832ec FindResourceW
0x7832f0 SizeofResource
0x7832f4 LoadResource
0x7832f8 LockResource
0x7832fc ExitProcess
0x783300 SearchPathW
0x783304 GetModuleFileNameW
0x783308 GetCurrentProcess
0x78330c SetStdHandle
0x783310 GetCommandLineW
0x783314 GlobalSize
0x783320 LoadLibraryW
0x783324 GlobalFree
0x783328 GlobalAlloc
0x78332c TlsFree
0x783330 TlsSetValue
0x783334 TlsGetValue
0x783338 TlsAlloc
0x78333c WideCharToMultiByte
0x783340 MultiByteToWideChar
0x783344 GlobalUnlock
0x783348 GlobalLock
0x78334c GetModuleHandleW
0x783350 WaitForSingleObject
0x783354 TerminateProcess
0x783358 GetCurrentProcessId
0x783360 CancelIo
0x783364 ReadFile
0x783368 GetOverlappedResult
0x78336c CreateFileW
0x783370 CreateEventW
0x783374 CloseHandle
0x783378 Sleep
0x78337c ResetEvent
0x783380 SetEvent
0x783384 GetCurrentThreadId
0x783388 SetFileAttributesW
0x7833a0 FindVolumeClose
0x7833a4 FindNextVolumeW
0x7833a8 FindFirstVolumeW
0x7833ac GetDiskFreeSpaceExW
0x7833b0 GetDriveTypeW
0x7833b4 SetErrorMode
0x7833b8 CopyFileW
0x7833bc LocalFree
0x7833c0 GetSystemDirectoryW
0x7833c4 GetLastError
0x7833cc EncodePointer
0x7833d0 DecodePointer
0x7833d4 RtlUnwind
0x7833d8 GetCommandLineA
0x7833dc RaiseException
0x7833e0 AreFileApisANSI
0x7833e4 GetConsoleCP
0x7833ec EnumSystemLocalesW
0x7833f0 HeapAlloc
0x7833f4 GetModuleFileNameA
0x7833f8 IsDebuggerPresent
0x7833fc HeapFree
0x783400 HeapReAlloc
0x783404 HeapSize
0x783408 GetProcessHeap
0x78340c GetStartupInfoW
0x783424 GetTickCount
0x783428 CreateSemaphoreW
0x78342c FatalAppExitA
0x783434 LoadLibraryExW
0x783438 IsValidCodePage
0x78343c GetACP
0x783440 GetOEMCP
0x783444 GetCPInfo
0x783448 SetFilePointerEx
0x78344c OutputDebugStringA
0x783458 GetStringTypeW
0x78345c IsValidLocale
0x783460 FindNextFileW
Library USER32.dll:
0x783490 OpenDesktopW
0x783494 EnumDesktopsW
0x783498 EnumDesktopWindows
0x78349c CloseDesktop
0x7834a4 PeekMessageW
0x7834ac FindWindowW
0x7834b0 OpenInputDesktop
0x7834b4 SetThreadDesktop
0x7834bc SetWinEventHook
0x7834c0 UnhookWinEvent
0x7834cc MonitorFromRect
0x7834d0 MonitorFromWindow
0x7834d4 GetMonitorInfoW
0x7834d8 EnumDisplayMonitors
0x7834e0 SetTimer
0x7834e4 AdjustWindowRect
0x7834e8 SetRect
0x7834ec GetTopWindow
0x7834f0 mouse_event
0x7834f4 SendInput
0x7834f8 ToUnicodeEx
0x783500 GetAsyncKeyState
0x783504 ToAsciiEx
0x783508 VkKeyScanExA
0x78350c VkKeyScanExW
0x783510 keybd_event
0x783514 MapVirtualKeyW
0x783518 CreateIconIndirect
0x78351c CallWindowProcW
0x783520 UnregisterClassW
0x783524 RegisterClassExW
0x783528 CreateWindowExW
0x78352c DestroyWindow
0x783530 DefDlgProcW
0x783534 RedrawWindow
0x783538 ScrollWindowEx
0x78353c PostQuitMessage
0x783540 DrawIconEx
0x783544 GetIconInfo
0x783548 GetParent
0x78354c DefWindowProcW
0x783550 SetClipboardData
0x783554 GetMessagePos
0x783558 OpenClipboard
0x78355c CreateMenu
0x783560 SetMenu
0x783564 SetMenuDefaultItem
0x783568 SetMenuItemInfoW
0x78356c InsertMenuItemW
0x783570 TrackPopupMenu
0x783574 DeleteMenu
0x783578 GetMenuItemCount
0x78357c CheckMenuItem
0x783580 DestroyMenu
0x783584 CreatePopupMenu
0x783588 GetMenuState
0x78358c IsDialogMessageW
0x783590 DestroyIcon
0x783594 EnumChildWindows
0x783598 SetWindowTextW
0x78359c EndDialog
0x7835a0 DialogBoxParamW
0x7835a4 CreateDialogParamW
0x7835a8 SetParent
0x7835ac CallNextHookEx
0x7835b0 UnhookWindowsHookEx
0x7835b4 SetWindowsHookExW
0x7835b8 MessageBoxW
0x7835bc GetDlgItem
0x7835c0 WindowFromPoint
0x7835c4 IsWindowEnabled
0x7835c8 PostMessageW
0x7835cc GetCursor
0x7835d0 GetScrollInfo
0x7835d4 SetScrollInfo
0x7835d8 OffsetRect
0x7835dc AdjustWindowRectEx
0x7835e0 ReleaseDC
0x7835e4 GetWindowDC
0x7835f0 SetClipboardViewer
0x7835f4 GetClipboardOwner
0x7835f8 ScreenToClient
0x7835fc CopyImage
0x783600 GetNextDlgTabItem
0x783604 GetThreadDesktop
0x78360c GetSystemMetrics
0x783610 GetCursorPos
0x783614 GetKeyboardLayout
0x783618 ExitWindowsEx
0x78361c SendMessageTimeoutW
0x783620 GetAncestor
0x783624 GetKeyState
0x783628 GetKeyboardState
0x78362c IsWindowUnicode
0x783630 GetForegroundWindow
0x783638 GetGUIThreadInfo
0x78363c GetDoubleClickTime
0x783640 CloseClipboard
0x783644 EmptyClipboard
0x783648 GetDC
0x78364c InvalidateRect
0x783654 GetWindowTextW
0x783658 GetClipboardData
0x78365c LoadIconW
0x783660 GetDesktopWindow
0x783664 SetWindowLongW
0x783668 MapWindowPoints
0x78366c ClientToScreen
0x783670 SetForegroundWindow
0x783674 EnableMenuItem
0x783678 GetSystemMenu
0x78367c EnableWindow
0x783680 ReleaseCapture
0x783684 SetCapture
0x783688 GetDlgCtrlID
0x78368c GetWindowPlacement
0x783690 SetWindowPos
0x783694 ShowWindow
0x783698 IsChild
0x78369c DispatchMessageW
0x7836a0 TranslateMessage
0x7836a4 GetMessageW
0x7836a8 GetComboBoxInfo
0x7836ac GetWindowLongW
0x7836b0 InflateRect
0x7836b4 FrameRect
0x7836b8 DrawFocusRect
0x7836bc GetSysColorBrush
0x7836c0 GetSysColor
0x7836c4 SetCursor
0x7836c8 GetClientRect
0x7836cc DrawTextW
0x7836d0 GetFocus
0x7836d4 SendMessageW
0x7836d8 DrawFrameControl
0x7836dc SetFocus
0x7836e0 LoadCursorW
0x7836e4 FillRect
0x7836e8 EndPaint
0x7836ec BeginPaint
0x7836f0 GetCursorInfo
0x7836f4 EnumDisplayDevicesA
0x7836f8 GetWindow
0x7836fc GetWindowRect
0x783700 IsWindowVisible
0x783704 GetClassNameW
0x783708 IsIconic
0x78370c IsWindow
Library GDI32.dll:
0x783134 GetBitmapBits
0x783138 GdiFlush
0x783140 SetDIBColorTable
0x783144 CreateDIBSection
0x783148 GdiAlphaBlend
0x78314c SetPixelV
0x783150 CreateBitmap
0x783154 StretchBlt
0x783158 GetClipBox
0x78315c CreateDCW
0x783160 CreateCompatibleDC
0x783164 CreateFontIndirectW
0x783168 GetDeviceCaps
0x78316c GetTextMetricsW
0x783170 GetObjectW
0x783174 SetBkColor
0x783178 ExcludeClipRect
0x78317c GetPixel
0x783184 MoveToEx
0x783188 PatBlt
0x78318c LineTo
0x783190 CreatePen
0x783194 SetBkMode
0x783198 GetStockObject
0x78319c DeleteObject
0x7831a0 CreateSolidBrush
0x7831a4 ExtEscape
0x7831a8 SetWindowOrgEx
0x7831ac SetTextColor
0x7831b0 SelectObject
0x7831b8 SetMapMode
0x7831bc GetDIBits
0x7831c0 BitBlt
0x7831c4 DeleteDC
Library SHELL32.dll:
0x783474 SHGetMalloc
0x783478 SHFileOperationW
0x78347c ShellExecuteW
0x783480
0x783484 SHGetFileInfoW
0x783488 SHGetDesktopFolder
Library ole32.dll:
0x7837ac CoCreateInstance
0x7837b0 CoTaskMemFree
0x7837b4 CoTaskMemAlloc
0x7837b8 OleInitialize
0x7837bc RegisterDragDrop
0x7837c0 DoDragDrop
0x7837c4 ReleaseStgMedium
0x7837c8 CoUninitialize
0x7837cc CoInitializeEx
0x7837d0 OleUninitialize
0x7837dc CoTaskMemRealloc
Library OLEAUT32.dll:
0x783468 SysAllocString
0x78346c SysFreeString
Library ADVAPI32.dll:
0x783000 IsValidSid
0x783010 LogonUserW
0x783014 CryptGenRandom
0x783018 CryptReleaseContext
0x783020 GetUserNameW
0x783024 MakeAbsoluteSD
0x783028 MakeSelfRelativeSD
0x783048 GetSecurityInfo
0x78304c RegSetValueExW
0x783050 RegQueryValueExW
0x783054 RegQueryInfoKeyW
0x783058 RegOpenKeyExW
0x783060 RegEnumValueW
0x783064 RegEnumKeyExW
0x783068 RegDeleteValueW
0x78306c RegDeleteKeyW
0x783070 RegCreateKeyExW
0x783074 RegCloseKey
0x783078 DuplicateTokenEx
0x78307c SetSecurityInfo
0x783088 SetEntriesInAclW
0x78308c GetAclInformation
0x783090 InitializeAcl
0x783098 StartServiceW
0x7830a0 QueryServiceStatus
0x7830a4 QueryServiceConfigW
0x7830a8 OpenServiceW
0x7830ac OpenSCManagerW
0x7830b0 DeleteService
0x7830b4 CreateServiceW
0x7830b8 ControlService
0x7830bc CloseServiceHandle
0x7830c4 SetTokenInformation
0x7830cc SetServiceStatus
0x7830d4 OpenProcessToken
0x7830d8 EqualSid
0x7830e0 GetTokenInformation
0x7830e8 FreeSid
0x7830f0 GetLengthSid
0x7830f4 CopySid
0x7830f8 LookupAccountSidW
0x7830fc LookupAccountNameW

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49178 165.254.191.229 hb-c.services.vnc.com 443
192.168.56.101 49181 165.254.191.231 dir-c.services.vnc.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.