2.2
中危
1 个模型检测该样本为恶意!
重新分析
更多

3ecabbe17d9eb80eefb5d7f07e86f469060cccc52fd4ca15191f0279b821a88c

bcc1f8d934f91e539a799050ee3c7288.exe

分析耗时

91s

最近分析

文件大小

314.7KB
静态报毒 动态报毒 CONFIDENCE
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20190221 6.0.6.653
Alibaba 20180921 0.1.0.2
Baidu 20190215 1.0.0.2
Avast 20190221 18.4.3895.0
Tencent 20190221 1.0.0.1
Kingsoft 20190221 2013.8.14.323
CrowdStrike win/malicious_confidence_80% (D) 20190211 1.0
静态指标
This executable is signed
This executable has a PDB path (1 个事件)
pdb_path C:\buildbot\wireshark\wireshark-2.6-32\windows-2016-x86\build\cmbuild\run\RelWithDebInfo\captype.pdb
行为判定
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2018-05-23 02:21:17

Imports

Library libwiretap.dll:
0x404114 wtap_open_offline
0x404118 wtap_cleanup
0x40411c wtap_strerror
0x404120 wtap_close
0x404124 wtap_init
Library libwsutil.dll:
0x404130 arg_list_utf_16to8
0x404134 init_report_message
0x40413c free_progdirs
0x404140 init_progfile_dir
0x404148 ws_add_crash_info
0x40414c cmdarg_err_init
0x404150 getopt_long
0x404154 get_cpu_info
0x404158 get_copyright_info
0x40415c plugins_get_count
0x404164 cmdarg_err
0x404168 get_os_version_info
Library libglib-2.0-0.dll:
0x4040dc g_strdup
0x4040e0 g_strfreev
0x4040e4 g_strdup_printf
0x4040e8 g_strjoinv
0x4040ec g_strsplit
0x4040f4 g_string_append
0x4040f8 g_string_new
0x4040fc g_string_free
0x404100 g_free
Library libgmodule-2.0-0.dll:
0x404108 g_module_supported
Library KERNEL32.dll:
0x404000 GetModuleHandleW
0x404004 GetStartupInfoW
0x404008 IsDebuggerPresent
0x40400c InitializeSListHead
0x404014 GetCurrentThreadId
0x404018 GetCurrentProcessId
0x404024 TerminateProcess
0x404028 GetCurrentProcess
Library VCRUNTIME140.dll:
0x404040 strchr
0x404044 memset
Library api-ms-win-crt-stdio-l1-1-0.dll:
0x4040c8 __acrt_iob_func
0x4040cc __p__commode
0x4040d0 _set_fmode
Library api-ms-win-crt-runtime-l1-1-0.dll:
0x40406c _c_exit
0x404070 _cexit
0x404074 __p___argv
0x404078 __p___argc
0x40407c _exit
0x404080 _initterm_e
0x404094 _crt_atexit
0x404098 _crt_at_quick_exit
0x40409c _controlfp_s
0x4040a0 terminate
0x4040a4 _seh_filter_dll
0x4040b0 _initterm
0x4040b4 _set_app_type
0x4040b8 exit
0x4040c0 _seh_filter_exe
Library api-ms-win-crt-locale-l1-1-0.dll:
0x404058 _configthreadlocale
0x40405c setlocale
Library api-ms-win-crt-math-l1-1-0.dll:
0x404064 __setusermatherr
Library api-ms-win-crt-heap-l1-1-0.dll:
0x404050 _set_new_mode

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51809 239.255.255.250 3702
192.168.56.101 56809 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.