SmartHawk

2.4

中危

该样本未表现出任何异常！

7ebcf9fe4f4e41293d8808d2ad4b369577209dc64db04d79b1bce370e2c79b69

bca517c1ce593cf26037ef2f51faa853.exe

分析耗时

77s

最近分析

文件大小

2.4MB

静态报毒动态报毒

未检测暂无鹰眼引擎检测结果

未检测暂无反病毒引擎检测结果

This executable is signed

The executable uses a known packer (1 个事件)

packer

Armadillo v1.71

The file contains an unknown PE resource name possibly indicative of a packer (2 个事件)

resource name	TXT
resource name	ZIP

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.996354254283416

section

{'size_of_data': '0x0022e600', 'virtual_address': '0x00039000', 'entropy': 7.996354254283416, 'name': '.rsrc', 'virtual_size': '0x0022e5c0'}

description

A section with a high entropy has been found

entropy

0.9176253081347576

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Generates some ICMP traffic

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2019-05-15 14:31:14

Imports

Library KERNEL32.dll:

• 0x4260d8 GetStartupInfoW

• 0x4260dc ExitProcess

• 0x4260e0 RtlUnwind

• 0x4260e4 GetLocalTime

• 0x4260e8 CreateDirectoryW

• 0x4260ec SetEnvironmentVariableW

• 0x4260f0 SetCurrentDirectoryW

• 0x4260f4 HeapFree

• 0x4260f8 HeapAlloc

• 0x4260fc RaiseException

• 0x426100 TerminateProcess

• 0x426104 HeapSize

• 0x426108 HeapReAlloc

• 0x42610c UnhandledExceptionFilter

• 0x426110 FreeEnvironmentStringsA

• 0x426114 FreeEnvironmentStringsW

• 0x426118 GetEnvironmentStringsW

• 0x42611c GetEnvironmentStrings

• 0x426120 GetCommandLineA

• 0x426124 SetHandleCount

• 0x426128 GetStdHandle

• 0x42612c GetFileType

• 0x426130 GetStartupInfoA

• 0x426134 GetModuleFileNameA

• 0x426138 GetEnvironmentVariableA

• 0x42613c GetVersionExA

• 0x426140 HeapCreate

• 0x426144 VirtualFree

• 0x426148 GetDriveTypeA

• 0x42614c LCMapStringA

• 0x426150 LCMapStringW

• 0x426154 VirtualAlloc

• 0x426158 IsBadWritePtr

• 0x42615c SetUnhandledExceptionFilter

• 0x426160 IsBadReadPtr

• 0x426164 IsBadCodePtr

• 0x426168 GetCPInfo

• 0x42616c SetStdHandle

• 0x426170 GetStringTypeA

• 0x426174 GetStringTypeW

• 0x426178 GetACP

• 0x42617c GetOEMCP

• 0x426180 GetFullPathNameW

• 0x426184 FindResourceA

• 0x426188 GlobalAddAtomA

• 0x42618c GetProfileStringA

• 0x426190 InterlockedExchange

• 0x426194 DeleteFileW

• 0x426198 SetEndOfFile

• 0x42619c FlushFileBuffers

• 0x4261a0 GetCurrentProcess

• 0x4261a4 SetErrorMode

• 0x4261a8 FindResourceExW

• 0x4261ac GetCurrentDirectoryW

• 0x4261b0 GetProcessVersion

• 0x4261b4 GlobalFlags

• 0x4261b8 lstrcmpiW

• 0x4261bc TlsGetValue

• 0x4261c0 LocalReAlloc

• 0x4261c4 TlsSetValue

• 0x4261c8 EnterCriticalSection

• 0x4261cc GlobalReAlloc

• 0x4261d0 LeaveCriticalSection

• 0x4261d4 TlsFree

• 0x4261d8 GlobalHandle

• 0x4261dc DeleteCriticalSection

• 0x4261e0 TlsAlloc

• 0x4261e4 InitializeCriticalSection

• 0x4261e8 LocalFree

• 0x4261ec LocalAlloc

• 0x4261f0 GlobalFree

• 0x4261f4 lstrcmpW

• 0x4261f8 GlobalAlloc

• 0x4261fc lstrcmpA

• 0x426200 lstrcmpiA

• 0x426204 GetCurrentThread

• 0x426208 lstrcpynW

• 0x42620c FreeLibrary

• 0x426210 InterlockedDecrement

• 0x426214 InterlockedIncrement

• 0x426218 GlobalLock

• 0x42621c GlobalUnlock

• 0x426220 SetLastError

• 0x426224 GetModuleHandleA

• 0x426228 LoadLibraryA

• 0x42622c lstrlenA

• 0x426230 GetVersion

• 0x426234 GetCurrentThreadId

• 0x426238 GlobalAddAtomW

• 0x42623c GlobalFindAtomW

• 0x426240 GlobalDeleteAtom

• 0x426244 SetFilePointer

• 0x426248 WriteFile

• 0x42624c ReadFile

• 0x426250 GetLastError

• 0x426254 CreateFileW

• 0x426258 GetFileTime

• 0x42625c DosDateTimeToFileTime

• 0x426260 LocalFileTimeToFileTime

• 0x426264 SetFileTime

• 0x426268 CloseHandle

• 0x42626c Sleep

• 0x426270 GetEnvironmentVariableW

• 0x426274 WritePrivateProfileStringW

• 0x426278 GetPrivateProfileStringW

• 0x42627c MultiByteToWideChar

• 0x426280 MoveFileExW

• 0x426284 GetModuleFileNameW

• 0x426288 SizeofResource

• 0x42628c GetTempPathW

• 0x426290 GetDateFormatW

• 0x426294 FindResourceW

• 0x426298 LoadResource

• 0x42629c LockResource

• 0x4262a0 MulDiv

• 0x4262a4 GetCommandLineW

• 0x4262a8 GetSystemDirectoryW

• 0x4262ac GetModuleHandleW

• 0x4262b0 GetProcAddress

• 0x4262b4 GetVersionExW

• 0x4262b8 lstrcatW

• 0x4262bc lstrlenW

• 0x4262c0 WideCharToMultiByte

• 0x4262c4 WinExec

• 0x4262c8 lstrcpyW

• 0x4262cc GetWindowsDirectoryW

• 0x4262d0 LoadLibraryW

• 0x4262d4 HeapDestroy

Library USER32.dll:

• 0x4262dc GetDlgItemTextW

• 0x4262e0 SetDlgItemTextW

• 0x4262e4 IsDlgButtonChecked

• 0x4262e8 IsDialogMessageW

• 0x4262ec SetWindowTextW

• 0x4262f0 ShowWindow

• 0x4262f4 IsWindowEnabled

• 0x4262f8 GetNextDlgTabItem

• 0x4262fc EnableMenuItem

• 0x426300 CheckMenuItem

• 0x426304 SetMenuItemBitmaps

• 0x426308 ModifyMenuW

• 0x42630c GetMenuState

• 0x426310 LoadBitmapW

• 0x426314 GetMenuCheckMarkDimensions

• 0x426318 PostQuitMessage

• 0x42631c GetCursorPos

• 0x426320 ValidateRect

• 0x426324 TranslateMessage

• 0x426328 GetMessageW

• 0x42632c GetAsyncKeyState

• 0x426330 MapDialogRect

• 0x426334 CreateDialogIndirectParamW

• 0x426338 EndDialog

• 0x42633c GetClassNameW

• 0x426340 GetSysColorBrush

• 0x426344 DestroyMenu

• 0x426348 GrayStringW

• 0x42634c DrawTextW

• 0x426350 TabbedTextOutW

• 0x426354 EndPaint

• 0x426358 BeginPaint

• 0x42635c GetWindowDC

• 0x426360 ClientToScreen

• 0x426364 PostMessageW

• 0x426368 SendDlgItemMessageW

• 0x42636c SendDlgItemMessageA

• 0x426370 MapWindowPoints

• 0x426374 PeekMessageW

• 0x426378 DispatchMessageW

• 0x42637c GetFocus

• 0x426380 SetActiveWindow

• 0x426384 SetFocus

• 0x426388 AdjustWindowRectEx

• 0x42638c CopyRect

• 0x426390 IsWindowVisible

• 0x426394 GetTopWindow

• 0x426398 GetCapture

• 0x42639c WinHelpW

• 0x4263a0 wsprintfW

• 0x4263a4 GetClassInfoW

• 0x4263a8 RegisterClassW

• 0x4263ac GetMenu

• 0x4263b0 GetMenuItemCount

• 0x4263b4 GetSubMenu

• 0x4263b8 GetMenuItemID

• 0x4263bc GetDlgItem

• 0x4263c0 GetWindowTextLengthW

• 0x4263c4 GetWindowTextW

• 0x4263c8 GetDlgCtrlID

• 0x4263cc GetKeyState

• 0x4263d0 DefWindowProcW

• 0x4263d4 DestroyWindow

• 0x4263d8 SetWindowsHookExW

• 0x4263dc CallNextHookEx

• 0x4263e0 SetPropW

• 0x4263e4 UnhookWindowsHookEx

• 0x4263e8 GetPropW

• 0x4263ec CallWindowProcW

• 0x4263f0 RemovePropW

• 0x4263f4 GetMessageTime

• 0x4263f8 GetLastActivePopup

• 0x4263fc GetForegroundWindow

• 0x426400 GetWindow

• 0x426404 GetWindowLongW

• 0x426408 SetWindowPos

• 0x42640c RegisterWindowMessageW

• 0x426410 OffsetRect

• 0x426414 IntersectRect

• 0x426418 IsIconic

• 0x42641c GetWindowPlacement

• 0x426420 RedrawWindow

• 0x426424 FillRect

• 0x426428 DrawIcon

• 0x42642c FindWindowExW

• 0x426430 SetForegroundWindow

• 0x426434 MessageBoxW

• 0x426438 GetSystemMetrics

• 0x42643c SystemParametersInfoW

• 0x426440 GetActiveWindow

• 0x426444 LoadIconW

• 0x426448 UpdateWindow

• 0x42644c FindWindowW

• 0x426450 LoadStringW

• 0x426454 EnableWindow

• 0x426458 GetDesktopWindow

• 0x42645c LoadCursorW

• 0x426460 CopyIcon

• 0x426464 GetWindowRect

• 0x426468 GetParent

• 0x42646c GetDC

• 0x426470 ReleaseDC

• 0x426474 InflateRect

• 0x426478 IsWindow

• 0x42647c GetSysColor

• 0x426480 SetCursor

• 0x426484 GetMessagePos

• 0x426488 ScreenToClient

• 0x42648c GetClientRect

• 0x426490 PtInRect

• 0x426494 SendMessageW

• 0x426498 InvalidateRect

• 0x42649c GetPropA

• 0x4264a0 SetPropA

• 0x4264a4 SetWindowLongA

• 0x4264a8 GetClassNameA

• 0x4264ac IsWindowUnicode

• 0x4264b0 SendMessageA

• 0x4264b4 GetWindowLongA

• 0x4264b8 SetWindowsHookExA

• 0x4264bc RemovePropA

• 0x4264c0 CallWindowProcA

• 0x4264c4 CharNextA

• 0x4264c8 DefWindowProcA

• 0x4264cc DefDlgProcA

• 0x4264d0 GetClassInfoA

• 0x4264d4 DrawFocusRect

• 0x4264d8 DrawTextA

• 0x4264dc GetWindowTextA

• 0x4264e0 ExcludeUpdateRgn

• 0x4264e4 ShowCaret

• 0x4264e8 HideCaret

• 0x4264ec GetWindowTextLengthA

• 0x4264f0 UnregisterClassW

• 0x4264f4 SetTimer

• 0x4264f8 MessageBeep

• 0x4264fc SetWindowLongW

• 0x426500 KillTimer

• 0x426504 CreateWindowExW

Library GDI32.dll:

• 0x426040 SetMapMode

• 0x426044 SetViewportOrgEx

• 0x426048 OffsetViewportOrgEx

• 0x42604c SetViewportExtEx

• 0x426050 ScaleViewportExtEx

• 0x426054 SetWindowExtEx

• 0x426058 ScaleWindowExtEx

• 0x42605c IntersectClipRect

• 0x426060 DeleteObject

• 0x426064 CreateSolidBrush

• 0x426068 PtVisible

• 0x42606c RectVisible

• 0x426070 TextOutW

• 0x426074 ExtTextOutW

• 0x426078 Escape

• 0x42607c CreateBitmap

• 0x426080 PatBlt

• 0x426084 EnumFontFamiliesExW

• 0x426088 SetBkMode

• 0x42608c SelectObject

• 0x426090 RestoreDC

• 0x426094 SaveDC

• 0x426098 SetBkColor

• 0x42609c SetTextColor

• 0x4260a0 GetClipBox

• 0x4260a4 CreateDCW

• 0x4260a8 DeleteDC

• 0x4260ac GetDeviceCaps

• 0x4260b0 GetTextExtentPoint32W

• 0x4260b4 GetStockObject

• 0x4260b8 GetObjectW

• 0x4260bc CreateDIBitmap

• 0x4260c0 ExtTextOutA

• 0x4260c4 GetTextExtentPointA

• 0x4260c8 BitBlt

• 0x4260cc CreateCompatibleDC

• 0x4260d0 CreateFontIndirectW

Library ADVAPI32.dll:

• 0x426000 RegCreateKeyExW

• 0x426004 RegQueryValueW

• 0x426008 RegOpenKeyExW

• 0x42600c RegQueryValueExW

• 0x426010 RegCreateKeyW

• 0x426014 RegCloseKey

• 0x426018 RegSetValueW

• 0x42601c RegSetValueExW

• 0x426020 RegDeleteKeyW

Library COMCTL32.dll:

• 0x426028

• 0x42602c PropertySheetW

• 0x426030 DestroyPropertySheetPage

• 0x426034 InitCommonControlsEx

• 0x426038 CreatePropertySheetPageW

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49713	114.114.114.114	53
192.168.56.101	50002	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	62318	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57756	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	49714	239.255.255.250	3702
192.168.56.101	49716	239.255.255.250	3702
192.168.56.101	51966	239.255.255.250	1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.