1.4
低危
该样本未表现出任何异常!
重新分析
更多

dc8823376f4df328edd62901c560d569ae386f9fb98d6531dac455eec8f065cc

b4b9621a855113141226c1cf90484b73.exe

分析耗时

19s

最近分析

文件大小

93.0KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
This executable is signed
One or more processes crashed (8 个事件)
Time & API Arguments Status Return Repeated
1620985521.49111
__exception__
stacktrace: 
b4b9621a855113141226c1cf90484b73+0xad5a @ 0x40ad5a
IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33
b4b9621a855113141226c1cf90484b73+0x44df @ 0x4044df
IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034
IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b
IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667
BASIC_CLASS_Release+0xdaf8 IID_IVbaHost-0x120ef msvbvm60+0x1c551 @ 0x7295c551
IID_IVbaHost+0x21a3e UserDllMain-0x43879 msvbvm60+0x5007e @ 0x7299007e
IID_IVbaHost+0x38a96 UserDllMain-0x2c821 msvbvm60+0x670d6 @ 0x729a70d6
DLLGetDocumentation+0x25b2 EbGetVBAObject-0xb8f msvbvm60+0xc88e0 @ 0x72a088e0
DLLGetDocumentation+0x262b EbGetVBAObject-0xb16 msvbvm60+0xc8959 @ 0x72a08959
IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33
b4b9621a855113141226c1cf90484b73+0x44d2 @ 0x4044d2
IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034
IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b
IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667
IID_IVbaHost+0x3b77 UserDllMain-0x61740 msvbvm60+0x321b7 @ 0x729721b7
IID_IVbaHost+0x386d UserDllMain-0x61a4a msvbvm60+0x31ead @ 0x72971ead
IID_IVbaHost+0x36291 UserDllMain-0x2f026 msvbvm60+0x648d1 @ 0x729a48d1
IID_IVbaHost+0x418d8 UserDllMain-0x239df msvbvm60+0x6ff18 @ 0x729aff18
BASIC_CLASS_Release+0xfcaa IID_IVbaHost-0xff3d msvbvm60+0x1e703 @ 0x7295e703
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
b4b9621a855113141226c1cf90484b73+0x1c9a @ 0x401c9a
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1635740
registers.edi: 0
registers.eax: 0
registers.ebp: 1635952
registers.edx: 4270260
registers.ebx: 1
registers.esi: 1923377201
registers.ecx: 0
exception.instruction_r: 8b 11 8b 45 a4 50 ff 52 2c db e2 89 45 a0 83 7d
exception.symbol: b4b9621a855113141226c1cf90484b73+0xeab5
exception.instruction: mov edx, dword ptr [ecx]
exception.module: b4b9621a855113141226c1cf90484b73.exe
exception.exception_code: 0xc0000005
exception.offset: 60085
exception.address: 0x40eab5
success 0 0
1620985521.49111
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1633780
registers.edi: 5535384
registers.eax: 1633780
registers.ebp: 1633860
registers.edx: 0
registers.ebx: 5535384
registers.esi: 5535384
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620985521.99111
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1635504
registers.edi: 1635692
registers.eax: 1635504
registers.ebp: 1635584
registers.edx: 0
registers.ebx: 5535384
registers.esi: 1635692
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620985521.99111
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1635504
registers.edi: 1635692
registers.eax: 1635504
registers.ebp: 1635584
registers.edx: 0
registers.ebx: 5535384
registers.esi: 1635692
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620985521.99111
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1635504
registers.edi: 1635692
registers.eax: 1635504
registers.ebp: 1635584
registers.edx: 0
registers.ebx: 5535384
registers.esi: 1635692
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620985521.99111
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1635504
registers.edi: 1635692
registers.eax: 1635504
registers.ebp: 1635584
registers.edx: 0
registers.ebx: 5535384
registers.esi: 1635692
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620985521.99111
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1635504
registers.edi: 1635692
registers.eax: 1635504
registers.ebp: 1635584
registers.edx: 0
registers.ebx: 5535384
registers.esi: 1635692
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620985521.99111
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1635504
registers.edi: 1635692
registers.eax: 1635504
registers.ebp: 1635584
registers.edx: 0
registers.ebx: 5535384
registers.esi: 1635692
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1620985519.94411
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 24576
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffff
base_address: 0x003d0000
success 0 0
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2014-02-27 08:02:10

Imports

Library MSVBVM60.DLL:
0x414230 __vbaVarSub
0x414234 __vbaStrI2
0x414238 _CIcos
0x41423c _adj_fptan
0x414240 __vbaStrI4
0x414244 __vbaAryMove
0x414248 __vbaFreeVar
0x41424c __vbaLenBstr
0x414250 __vbaStrVarMove
0x414254 __vbaFreeVarList
0x414258 _adj_fdiv_m64
0x41425c EVENT_SINK_Invoke
0x414260 __vbaRaiseEvent
0x414264 __vbaFreeObjList
0x414268
0x41426c _adj_fprem1
0x414270 __vbaRecAnsiToUni
0x414274
0x414278
0x41427c __vbaCopyBytes
0x414280 __vbaForEachCollAd
0x414284 __vbaStrCat
0x414288
0x41428c __vbaLsetFixstr
0x414290 __vbaRecDestruct
0x414294 __vbaSetSystemError
0x41429c __vbaLenVar
0x4142a0 _adj_fdiv_m32
0x4142a4
0x4142a8 Zombie_GetTypeInfo
0x4142ac __vbaAryDestruct
0x4142b0
0x4142b4
0x4142b8 __vbaForEachCollObj
0x4142bc
0x4142c0 __vbaOnError
0x4142c4 __vbaObjSet
0x4142c8 _adj_fdiv_m16i
0x4142cc __vbaObjSetAddref
0x4142d0 _adj_fdivr_m16i
0x4142d4
0x4142d8 __vbaVarIndexLoad
0x4142dc
0x4142e0 __vbaStrFixstr
0x4142e4
0x4142e8
0x4142ec _CIsin
0x4142f0
0x4142f4
0x4142fc __vbaChkstk
0x414300
0x414304 __vbaFileClose
0x414308 EVENT_SINK_AddRef
0x414310
0x414314 __vbaStrCmp
0x414318 __vbaI2I4
0x41431c __vbaObjVar
0x414320 DllFunctionCall
0x414324 _adj_fpatan
0x41432c __vbaRedim
0x414330 __vbaRecUniToAnsi
0x414334 EVENT_SINK_Release
0x414338 __vbaNew
0x41433c _CIsqrt
0x414344 __vbaExceptHandler
0x414348
0x41434c __vbaStrToUnicode
0x414350 __vbaPrintFile
0x414354
0x414358 _adj_fprem
0x41435c _adj_fdivr_m64
0x414360
0x414364 __vbaFPException
0x414368
0x41436c
0x414370 __vbaUbound
0x414374 __vbaVarCat
0x414378
0x41437c
0x414380 _CIlog
0x414384 __vbaErrorOverflow
0x414388 __vbaFileOpen
0x41438c __vbaInStr
0x414390 __vbaVar2Vec
0x414394 __vbaNew2
0x414398
0x41439c _adj_fdiv_m32i
0x4143a0
0x4143a4 _adj_fdivr_m32i
0x4143a8 __vbaStrCopy
0x4143ac
0x4143b0 __vbaFreeStrList
0x4143b4 _adj_fdivr_m32
0x4143b8 _adj_fdiv_r
0x4143bc
0x4143c0 __vbaI4Var
0x4143c4
0x4143c8 __vbaLateMemCall
0x4143cc __vbaAryLock
0x4143d0
0x4143d4
0x4143d8 __vbaStrToAnsi
0x4143dc __vbaVarDup
0x4143e0
0x4143e4 __vbaFpI4
0x4143e8
0x4143ec __vbaLateMemCallLd
0x4143f0
0x4143f4 _CIatan
0x4143f8
0x4143fc __vbaCastObj
0x414400 __vbaStrMove
0x414404
0x414408
0x41440c _allmul
0x414410 _CItan
0x414414 __vbaNextEachCollAd
0x414418 __vbaFPInt
0x41441c __vbaAryUnlock
0x414420 _CIexp
0x414424 __vbaFreeObj
0x414428 __vbaFreeStr

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.