5.4
中危
该样本未表现出任何异常!
重新分析
更多

d31dfcd09b88af6bcea18a9eef6b86a4b592dafe144ae0c552e019db1b47eab5

bd6d0104b4207fed373ac39519d871c8.exe

分析耗时

76s

最近分析

文件大小

272.0KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1620985536.158924
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (5 个事件)
Time & API Arguments Status Return Repeated
1620985521.315924
CryptGenKey
crypto_handle: 0x00645cd8
algorithm_identifier: 0x0000660e ()
provider_handle: 0x006454e0
flags: 1
key: f݀ájBúI‹ˆÒMž÷P)
success 1 0
1620985536.174924
CryptExportKey
crypto_handle: 0x00645cd8
crypto_export_handle: 0x00645c98
buffer: f¤ Zçÿ€}õ\Dÿ)é«Çf;Å»--”ËæÐk¨L³yNJˆ1hbž“Pž,\íˆæŸ¿qÎ-D}”Ü»ˆédÙ¦”sL}GiYÝ!™S7\ÔkJFyÀX¬â5mæ 
blob_type: 1
flags: 64
success 1 0
1620985570.721924
CryptExportKey
crypto_handle: 0x00645cd8
crypto_export_handle: 0x00645c98
buffer: f¤˜¿ÑŒÖŒü{»ÅÒ·ç^üº .ý}¢ÕäíG¯Ý@Ö|ÇõDÇ·Dä ñìdX¤ ;<zÁwWÏæÄÉ«º½‡öe!o¸ÆX÷aÙÕ;sן„!!Æ?;Öô@
blob_type: 1
flags: 64
success 1 0
1620985575.362924
CryptExportKey
crypto_handle: 0x00645cd8
crypto_export_handle: 0x00645c98
buffer: f¤âCŽ¬{7‹ÑiÕáìz?͒™_¼,£§­êüdŒo'O÷Õs³ýØñþvbP+O‘\Oømª4I÷3dó©K-Ð{>×Q}ÏDøÝÃlÇã‰@§Þ®NCL$ѨÚÉY‚z‚
blob_type: 1
flags: 64
success 1 0
1620985579.549924
CryptExportKey
crypto_handle: 0x00645cd8
crypto_export_handle: 0x00645c98
buffer: f¤Ç•«`x¿ï½£_St(›Uœu¢ääóÃE@ )=ÇI<ÉT ,¸)Œ)Š3„1å<ÈM"£ñÂÏÑ´‹©ŸÄÖ7ÕR|˜Ík‰á•E{i=‡" =Ž%è;D¬7r6½•ÈòF}º‘
blob_type: 1
flags: 64
success 1 0
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620985520.737924
NtAllocateVirtualMemory
process_identifier: 472
region_size: 45056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01d30000
success 0 0
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1620985520.737924
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 28672
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffff
base_address: 0x01d51000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620985536.690924
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process bd6d0104b4207fed373ac39519d871c8.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1620985536.346924
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (7 个事件)
host 151.139.128.14
host 142.44.137.67
host 162.241.242.173
host 172.217.24.14
host 192.158.216.73
host 85.214.28.226
host 52.218.28.228
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620985539.252924
RegSetValueExA
key_handle: 0x000003b8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620985539.252924
RegSetValueExA
key_handle: 0x000003b8
value: ÀO¤åH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620985539.252924
RegSetValueExA
key_handle: 0x000003b8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620985539.268924
RegSetValueExW
key_handle: 0x000003b8
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620985539.268924
RegSetValueExA
key_handle: 0x000003d0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620985539.268924
RegSetValueExA
key_handle: 0x000003d0
value: ÀO¤åH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620985539.268924
RegSetValueExA
key_handle: 0x000003d0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620985539.315924
RegSetValueExW
key_handle: 0x000003b4
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 85.214.28.226:8080
dead_host 192.158.216.73:80
dead_host 192.168.56.101:49184
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-09-05 01:00:53

Imports

Library KERNEL32.dll:
0x4260b4 RtlUnwind
0x4260b8 GetStartupInfoA
0x4260bc GetCommandLineA
0x4260c0 ExitProcess
0x4260c4 TerminateProcess
0x4260c8 HeapReAlloc
0x4260cc HeapSize
0x4260d0 HeapDestroy
0x4260d4 HeapCreate
0x4260d8 VirtualFree
0x4260dc IsBadWritePtr
0x4260e0 LCMapStringA
0x4260e4 LCMapStringW
0x4260e8 GetStdHandle
0x4260fc VirtualQuery
0x426100 SetHandleCount
0x426104 GetFileType
0x42610c GetCurrentProcessId
0x426118 GetStringTypeA
0x42611c GetStringTypeW
0x426124 IsBadReadPtr
0x426128 IsBadCodePtr
0x42612c SetStdHandle
0x426134 GetSystemInfo
0x426138 VirtualAlloc
0x42613c VirtualProtect
0x426140 HeapFree
0x426144 HeapAlloc
0x426148 GetTickCount
0x42614c GetFileTime
0x426150 GetFileAttributesA
0x426158 SetErrorMode
0x426160 GetOEMCP
0x426164 GetCPInfo
0x426168 CreateFileA
0x42616c GetFullPathNameA
0x426174 FindFirstFileA
0x426178 FindClose
0x42617c GetCurrentProcess
0x426180 DuplicateHandle
0x426184 GetFileSize
0x426188 SetEndOfFile
0x42618c UnlockFile
0x426190 LockFile
0x426194 FlushFileBuffers
0x426198 SetFilePointer
0x42619c WriteFile
0x4261a0 ReadFile
0x4261a4 GlobalFlags
0x4261a8 TlsFree
0x4261ac LocalReAlloc
0x4261b0 TlsSetValue
0x4261b4 TlsAlloc
0x4261b8 TlsGetValue
0x4261c0 GlobalHandle
0x4261c4 GlobalReAlloc
0x4261cc LocalAlloc
0x4261dc RaiseException
0x4261e0 GlobalGetAtomNameA
0x4261e4 GlobalFindAtomA
0x4261e8 lstrcatA
0x4261ec lstrcmpW
0x4261f8 FreeResource
0x4261fc CloseHandle
0x426200 GlobalAddAtomA
0x426204 GetCurrentThread
0x426208 GetCurrentThreadId
0x42620c FreeLibrary
0x426210 GlobalDeleteAtom
0x426214 lstrcmpA
0x426218 GetModuleFileNameA
0x42621c GetModuleHandleA
0x426228 lstrcpyA
0x42622c LoadLibraryA
0x426230 SetLastError
0x426234 GlobalFree
0x426238 MulDiv
0x42623c GlobalAlloc
0x426240 GlobalLock
0x426244 GlobalUnlock
0x426248 FormatMessageA
0x42624c lstrcpynA
0x426250 LocalFree
0x426254 LoadLibraryW
0x426258 GetProcAddress
0x42625c FindResourceA
0x426260 LoadResource
0x426264 LockResource
0x426268 SizeofResource
0x42626c CompareStringW
0x426270 CompareStringA
0x426274 lstrlenA
0x426278 lstrcmpiA
0x42627c GetVersion
0x426280 GetLastError
0x426284 WideCharToMultiByte
0x426288 MultiByteToWideChar
0x42628c GetVersionExA
0x426290 GetThreadLocale
0x426294 GetLocaleInfoA
0x426298 GetACP
0x4262a0 InterlockedExchange
Library USER32.dll:
0x4262f0 PostThreadMessageA
0x4262f4 MessageBeep
0x4262f8 GetNextDlgGroupItem
0x4262fc InvalidateRgn
0x426300 InvalidateRect
0x426308 SetRect
0x42630c IsRectEmpty
0x426310 CharNextA
0x426314 ReleaseCapture
0x426318 SetCapture
0x42631c LoadCursorA
0x426320 GetSysColorBrush
0x426324 EndPaint
0x426328 BeginPaint
0x42632c GetWindowDC
0x426330 ReleaseDC
0x426334 GetDC
0x426338 ClientToScreen
0x42633c GrayStringA
0x426340 DrawTextExA
0x426344 DrawTextA
0x426348 TabbedTextOutA
0x42634c ShowWindow
0x426350 MoveWindow
0x426354 SetWindowTextA
0x426358 IsDialogMessageA
0x426360 WinHelpA
0x426364 GetCapture
0x426368 CreateWindowExA
0x42636c GetClassLongA
0x426370 GetClassInfoExA
0x426374 GetClassNameA
0x426378 SetPropA
0x42637c GetPropA
0x426380 RemovePropA
0x426384 SendDlgItemMessageA
0x426388 SetFocus
0x42638c IsChild
0x426394 GetWindowTextA
0x426398 GetForegroundWindow
0x42639c GetTopWindow
0x4263a0 GetMessageTime
0x4263a4 MapWindowPoints
0x4263a8 SetForegroundWindow
0x4263ac UpdateWindow
0x4263b0 GetMenu
0x4263b4 AdjustWindowRectEx
0x4263b8 EqualRect
0x4263bc GetClassInfoA
0x4263c0 RegisterClassA
0x4263c4 UnregisterClassA
0x4263c8 GetDlgCtrlID
0x4263cc DefWindowProcA
0x4263d0 CallWindowProcA
0x4263d4 SetWindowLongA
0x4263d8 OffsetRect
0x4263dc IntersectRect
0x4263e0 GetWindowPlacement
0x4263e4 GetWindowRect
0x4263e8 PtInRect
0x4263ec CharUpperA
0x4263f0 DrawIcon
0x4263f4 AppendMenuA
0x4263f8 SendMessageA
0x4263fc GetSystemMenu
0x426400 IsIconic
0x426404 GetClientRect
0x426408 EnableWindow
0x42640c LoadIconA
0x426410 GetSystemMetrics
0x426414 GetSysColor
0x42641c DestroyMenu
0x426420 CopyRect
0x426424 UnhookWindowsHookEx
0x426428 GetWindow
0x426430 MapDialogRect
0x426434 SetWindowPos
0x426438 wsprintfA
0x42643c GetDesktopWindow
0x426440 SetActiveWindow
0x42644c DestroyWindow
0x426450 IsWindow
0x426454 GetDlgItem
0x426458 GetNextDlgTabItem
0x42645c EndDialog
0x426460 SetMenuItemBitmaps
0x426464 GetFocus
0x426468 ModifyMenuA
0x42646c EnableMenuItem
0x426470 CheckMenuItem
0x426478 LoadBitmapA
0x42647c GetMessagePos
0x426480 GetSubMenu
0x426484 GetMenuItemCount
0x426488 GetMenuItemID
0x42648c GetMenuState
0x426490 PostMessageA
0x426494 PostQuitMessage
0x426498 SetCursor
0x42649c IsWindowEnabled
0x4264a0 GetLastActivePopup
0x4264a4 GetWindowLongA
0x4264a8 GetParent
0x4264ac MessageBoxA
0x4264b0 ValidateRect
0x4264b4 GetCursorPos
0x4264b8 PeekMessageA
0x4264bc GetKeyState
0x4264c0 IsWindowVisible
0x4264c4 GetActiveWindow
0x4264c8 DispatchMessageA
0x4264cc TranslateMessage
0x4264d0 GetMessageA
0x4264d4 CallNextHookEx
0x4264d8 SetWindowsHookExA
Library GDI32.dll:
0x426030 GetBkColor
0x426034 GetTextColor
0x42603c GetRgnBox
0x426040 GetStockObject
0x426044 DeleteDC
0x426048 ExtSelectClipRgn
0x42604c ScaleWindowExtEx
0x426050 SetWindowExtEx
0x426054 ScaleViewportExtEx
0x426058 SetViewportExtEx
0x42605c OffsetViewportOrgEx
0x426060 SetViewportOrgEx
0x426064 SelectObject
0x426068 Escape
0x42606c TextOutA
0x426070 RectVisible
0x426074 GetMapMode
0x426078 GetDeviceCaps
0x42607c GetWindowExtEx
0x426080 GetViewportExtEx
0x426084 DeleteObject
0x426088 SetMapMode
0x42608c RestoreDC
0x426090 SaveDC
0x426094 SetBkColor
0x426098 SetTextColor
0x42609c GetClipBox
0x4260a0 ExtTextOutA
0x4260a4 GetObjectA
0x4260a8 CreateBitmap
0x4260ac PtVisible
Library comdlg32.dll:
0x4264f0 GetFileTitleA
Library WINSPOOL.DRV:
0x4264e0 OpenPrinterA
0x4264e4 DocumentPropertiesA
0x4264e8 ClosePrinter
Library ADVAPI32.dll:
0x426000 RegQueryValueExA
0x426004 RegCreateKeyExA
0x426008 RegSetValueExA
0x42600c RegOpenKeyA
0x426010 RegOpenKeyExA
0x426014 RegDeleteKeyA
0x426018 RegEnumKeyA
0x42601c RegQueryValueA
0x426020 RegCloseKey
Library COMCTL32.dll:
0x426028
Library SHLWAPI.dll:
0x4262dc PathFindFileNameA
0x4262e0 PathStripToRootA
0x4262e4 PathFindExtensionA
0x4262e8 PathIsUNCA
Library oledlg.dll:
0x426538
Library ole32.dll:
0x426504 CoGetClassObject
0x426508 CLSIDFromString
0x42650c CLSIDFromProgID
0x426510 CoTaskMemFree
0x426514 OleUninitialize
0x426520 OleFlushClipboard
0x426528 CoRevokeClassObject
0x42652c CoTaskMemAlloc
0x426530 OleInitialize
Library OLEAUT32.dll:
0x4262a8 SysAllocStringLen
0x4262ac VariantClear
0x4262b0 VariantChangeType
0x4262b4 VariantInit
0x4262b8 SysStringLen
0x4262c8 SafeArrayDestroy
0x4262cc SysAllocString
0x4262d0 VariantCopy
0x4262d4 SysFreeString

Exports

Ordinal Address Name
1 0x401545 UUACZDADWAJJJJJ

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49187 142.44.137.67 443
52.218.28.228 80 192.168.56.101 49187

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://142.44.137.67:443/lJPu0lZO1wgElr5/ShGgMCGCv9wR/ 
POST /lJPu0lZO1wgElr5/ShGgMCGCv9wR/ HTTP/1.1
Content-Type: multipart/form-data; boundary=-------------------QCYUQfMGzr1O0BD4qZF
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 142.44.137.67:443
Content-Length: 4500
Connection: Keep-Alive
Cache-Control: no-cache

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.