2.0
低危
2 个模型检测该样本为恶意!
重新分析
更多

2c172f96e64917d464fb3177e197788563cb07562b7375209fc9c2b7b5713f81

c616033cfa29b45caa2b14c3b8710fbf.exe

分析耗时

84s

最近分析

文件大小

219.4KB
静态报毒 动态报毒 BBRJ OUTBROWSE
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20201004 18.4.3895.0
Kingsoft 20201004 2013.8.14.323
McAfee 20201004 6.0.6.653
CrowdStrike 20190702 1.0
静态指标
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1620902180.943125
IsDebuggerPresent
failed 0 0
行为判定
动态指标
Foreign language identified in PE resource (34 个事件)
name RT_CURSOR language LANG_JAPANESE offset 0x0003ad98 filetype data sublanguage SUBLANG_DEFAULT size 0x00000134
name RT_BITMAP language LANG_JAPANESE offset 0x0003acd8 filetype data sublanguage SUBLANG_DEFAULT size 0x000000c0
name RT_BITMAP language LANG_JAPANESE offset 0x0003acd8 filetype data sublanguage SUBLANG_DEFAULT size 0x000000c0
name RT_BITMAP language LANG_JAPANESE offset 0x0003acd8 filetype data sublanguage SUBLANG_DEFAULT size 0x000000c0
name RT_ICON language LANG_JAPANESE offset 0x00036790 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_DEFAULT size 0x00000128
name RT_ICON language LANG_JAPANESE offset 0x00036790 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_DEFAULT size 0x00000128
name RT_ICON language LANG_JAPANESE offset 0x00036790 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_DEFAULT size 0x00000128
name RT_ICON language LANG_JAPANESE offset 0x00036790 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_DEFAULT size 0x00000128
name RT_DIALOG language LANG_JAPANESE offset 0x00035090 filetype data sublanguage SUBLANG_DEFAULT size 0x0000023c
name RT_DIALOG language LANG_JAPANESE offset 0x00035090 filetype data sublanguage SUBLANG_DEFAULT size 0x0000023c
name RT_DIALOG language LANG_JAPANESE offset 0x00035090 filetype data sublanguage SUBLANG_DEFAULT size 0x0000023c
name RT_DIALOG language LANG_JAPANESE offset 0x00035090 filetype data sublanguage SUBLANG_DEFAULT size 0x0000023c
name RT_DIALOG language LANG_JAPANESE offset 0x00035090 filetype data sublanguage SUBLANG_DEFAULT size 0x0000023c
name RT_DIALOG language LANG_JAPANESE offset 0x00035090 filetype data sublanguage SUBLANG_DEFAULT size 0x0000023c
name RT_DIALOG language LANG_JAPANESE offset 0x00035090 filetype data sublanguage SUBLANG_DEFAULT size 0x0000023c
name RT_DIALOG language LANG_JAPANESE offset 0x00035090 filetype data sublanguage SUBLANG_DEFAULT size 0x0000023c
name RT_DIALOG language LANG_JAPANESE offset 0x00035090 filetype data sublanguage SUBLANG_DEFAULT size 0x0000023c
name RT_DIALOG language LANG_JAPANESE offset 0x00035090 filetype data sublanguage SUBLANG_DEFAULT size 0x0000023c
name RT_DIALOG language LANG_JAPANESE offset 0x00035090 filetype data sublanguage SUBLANG_DEFAULT size 0x0000023c
name RT_DIALOG language LANG_JAPANESE offset 0x00035090 filetype data sublanguage SUBLANG_DEFAULT size 0x0000023c
name RT_DIALOG language LANG_JAPANESE offset 0x00035090 filetype data sublanguage SUBLANG_DEFAULT size 0x0000023c
name RT_DIALOG language LANG_JAPANESE offset 0x00035090 filetype data sublanguage SUBLANG_DEFAULT size 0x0000023c
name RT_DIALOG language LANG_JAPANESE offset 0x00035090 filetype data sublanguage SUBLANG_DEFAULT size 0x0000023c
name RT_DIALOG language LANG_JAPANESE offset 0x00035090 filetype data sublanguage SUBLANG_DEFAULT size 0x0000023c
name RT_STRING language LANG_JAPANESE offset 0x0003c780 filetype data sublanguage SUBLANG_DEFAULT size 0x00000466
name RT_STRING language LANG_JAPANESE offset 0x0003c780 filetype data sublanguage SUBLANG_DEFAULT size 0x00000466
name RT_STRING language LANG_JAPANESE offset 0x0003c780 filetype data sublanguage SUBLANG_DEFAULT size 0x00000466
name RT_STRING language LANG_JAPANESE offset 0x0003c780 filetype data sublanguage SUBLANG_DEFAULT size 0x00000466
name RT_STRING language LANG_JAPANESE offset 0x0003c780 filetype data sublanguage SUBLANG_DEFAULT size 0x00000466
name RT_STRING language LANG_JAPANESE offset 0x0003c780 filetype data sublanguage SUBLANG_DEFAULT size 0x00000466
name RT_GROUP_CURSOR language LANG_JAPANESE offset 0x0003aed0 filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_DEFAULT size 0x00000014
name RT_GROUP_ICON language LANG_JAPANESE offset 0x000368b8 filetype data sublanguage SUBLANG_DEFAULT size 0x0000003e
name RT_VERSION language LANG_JAPANESE offset 0x000352d0 filetype data sublanguage SUBLANG_DEFAULT size 0x000003c4
name RT_MANIFEST language LANG_JAPANESE offset 0x0003aee8 filetype XML 1.0 document, ASCII text, with CRLF line terminators sublanguage SUBLANG_DEFAULT size 0x00000186
File has been identified by 2 AntiVirus engines on VirusTotal as malicious (2 个事件)
Zillya Adware.OutBrowse.Win32.76572
Jiangmin Trojan.Agent.bbrj
Queries for potentially installed applications (1 个事件)
Time & API Arguments Status Return Repeated
1620902180.833125
RegOpenKeyExA
access: 0x00020006
base_handle: 0x80000002
key_handle: 0x00000124
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
options: 0
success 0 0
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2004-09-10 16:22:16

Imports

Library KERNEL32.dll:
0x41a0a4 ReleaseMutex
0x41a0a8 CreateMutexA
0x41a0ac OpenMutexA
0x41a0b0 MultiByteToWideChar
0x41a0b4 CreateProcessA
0x41a0b8 WideCharToMultiByte
0x41a0bc GetVersionExA
0x41a0c0 UnmapViewOfFile
0x41a0c4 MapViewOfFile
0x41a0c8 CreateFileMappingA
0x41a0cc GetFileSize
0x41a0d0 MoveFileExA
0x41a0dc GetShortPathNameA
0x41a0e0 GetLastError
0x41a0e8 GetCurrentProcessId
0x41a0f0 GetSystemInfo
0x41a0f4 VirtualProtect
0x41a0f8 GetLocaleInfoA
0x41a0fc GetStringTypeW
0x41a100 GetStringTypeA
0x41a104 LCMapStringW
0x41a108 LCMapStringA
0x41a10c VirtualQuery
0x41a110 InterlockedExchange
0x41a118 LocalAlloc
0x41a11c IsBadReadPtr
0x41a120 GetCurrentProcess
0x41a124 SetHandleCount
0x41a13c GetStdHandle
0x41a140 HeapSize
0x41a144 GetCPInfo
0x41a148 GetOEMCP
0x41a14c GetACP
0x41a154 IsBadWritePtr
0x41a158 VirtualAlloc
0x41a15c VirtualFree
0x41a160 HeapCreate
0x41a164 HeapDestroy
0x41a174 TlsGetValue
0x41a178 TlsSetValue
0x41a17c TlsFree
0x41a180 GetCurrentThreadId
0x41a184 TlsAlloc
0x41a188 HeapReAlloc
0x41a18c HeapFree
0x41a190 GetCommandLineA
0x41a194 GetStartupInfoA
0x41a198 RaiseException
0x41a19c HeapAlloc
0x41a1a0 RtlUnwind
0x41a1a4 SetLastError
0x41a1a8 IsDBCSLeadByte
0x41a1b4 ReadFile
0x41a1b8 SetFilePointer
0x41a1bc LocalFree
0x41a1c0 WriteFile
0x41a1c8 lstrcatA
0x41a1cc TerminateProcess
0x41a1d0 ExitProcess
0x41a1d4 GetTempFileNameA
0x41a1d8 LoadLibraryA
0x41a1dc GetProcAddress
0x41a1e0 FreeLibrary
0x41a1e4 GlobalReAlloc
0x41a1e8 lstrcmpA
0x41a1ec GetExitCodeProcess
0x41a1f0 GlobalUnlock
0x41a1f4 GetFileAttributesA
0x41a1f8 SetFileAttributesA
0x41a1fc SetFileTime
0x41a204 CreateDirectoryA
0x41a208 GlobalAlloc
0x41a20c LocalSize
0x41a210 CreateFileA
0x41a214 CloseHandle
0x41a218 GlobalLock
0x41a21c GlobalSize
0x41a224 RemoveDirectoryA
0x41a228 DeleteFileA
0x41a22c GetFileType
0x41a230 Sleep
0x41a234 GetSystemDirectoryA
0x41a238 GetTempPathA
0x41a23c GetModuleFileNameA
0x41a240 lstrcmpiA
0x41a244 lstrcpynA
0x41a248 GetModuleHandleA
0x41a24c lstrcpyA
0x41a250 GlobalFree
0x41a254 GetTickCount
0x41a258 IsBadCodePtr
0x41a25c lstrlenA
Library USER32.dll:
0x41a27c MessageBoxA
0x41a280 EndDialog
0x41a284 ScreenToClient
0x41a288 LoadStringA
0x41a28c ExitWindowsEx
0x41a290 OffsetRect
0x41a298 SetPropA
0x41a29c DialogBoxParamA
0x41a2a0 DrawEdge
0x41a2a4 SetFocus
0x41a2a8 GetWindowLongA
0x41a2ac SetTimer
0x41a2b0 SetWindowPos
0x41a2b4 GetCursorPos
0x41a2b8 DrawTextA
0x41a2bc GetWindowTextA
0x41a2c0 GetScrollInfo
0x41a2c4 KillTimer
0x41a2c8 LoadBitmapA
0x41a2cc SetRect
0x41a2d0 SetRectEmpty
0x41a2d4 GetSysColor
0x41a2d8 FillRect
0x41a2dc EnableWindow
0x41a2e0 SendDlgItemMessageA
0x41a2e4 DrawTextExA
0x41a2e8 CheckDlgButton
0x41a2ec GetParent
0x41a2f0 PostMessageA
0x41a2f4 IsDlgButtonChecked
0x41a2f8 CallWindowProcA
0x41a2fc PeekMessageA
0x41a300 TranslateMessage
0x41a304 DispatchMessageA
0x41a308 IsDialogMessageA
0x41a30c LoadIconA
0x41a310 LoadImageA
0x41a314 RegisterClassExA
0x41a318 CreateWindowExA
0x41a31c AdjustWindowRect
0x41a320 GetSystemMetrics
0x41a324 GetSystemMenu
0x41a328 EnableMenuItem
0x41a32c GetDC
0x41a330 GetClientRect
0x41a334 ReleaseDC
0x41a338 PostQuitMessage
0x41a33c BeginPaint
0x41a340 EndPaint
0x41a344 DefWindowProcA
0x41a348 SendMessageA
0x41a34c SetWindowLongA
0x41a350 UpdateWindow
0x41a354 InvalidateRect
0x41a358 GetDlgItem
0x41a35c GetWindowRect
0x41a360 MoveWindow
0x41a364 ShowWindow
0x41a368 wsprintfA
0x41a36c SetDlgItemTextA
0x41a370 SetClassLongA
0x41a374 SetWindowTextA
0x41a378 PtInRect
0x41a37c LoadCursorA
0x41a380 SetCursor
0x41a384 DestroyWindow
Library GDI32.dll:
0x41a03c CreateBrushIndirect
0x41a040 CreateRectRgn
0x41a044 SetTextAlign
0x41a048 SelectClipRgn
0x41a04c GetStockObject
0x41a050 CreateFontIndirectA
0x41a054 SetBkColor
0x41a058 SetStretchBltMode
0x41a05c StretchBlt
0x41a060 CreateDIBitmap
0x41a068 GetObjectA
0x41a06c CreateCompatibleDC
0x41a070 BitBlt
0x41a074 DeleteDC
0x41a078 CreatePen
0x41a07c SelectObject
0x41a080 CreateSolidBrush
0x41a084 Rectangle
0x41a088 DeleteObject
0x41a08c SetBkMode
0x41a090 SetTextColor
0x41a094 TextOutA
0x41a098 CreateFontA
0x41a09c GetTextFaceA
Library ADVAPI32.dll:
0x41a000 OpenProcessToken
0x41a00c RegCreateKeyExA
0x41a010 RegSetValueExA
0x41a014 RegQueryValueExA
0x41a018 RegOpenKeyExA
0x41a01c RegCloseKey
0x41a020 GetUserNameA
Library SHELL32.dll:
0x41a264 SHGetMalloc
0x41a270 SHBrowseForFolderA
0x41a274 ShellExecuteA
Library ole32.dll:
0x41a38c CoCreateInstance
0x41a390 CoUninitialize
0x41a394 CoInitialize
Library COMCTL32.dll:
0x41a028 PropertySheetA
0x41a030
0x41a034

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49177 216.58.200.78 clients2.google.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49238 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.