3.4
中危
1 个模型检测该样本为恶意!
重新分析
更多

5cccc9c0850a19fea3a8b502561ceb50bb0fb6d5dd058ca5398a0a411290e0e3

c6a9da191389fc960d11aab4f1fd9539.exe

分析耗时

131s

最近分析

文件大小

537.3KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba 20190527 0.3.0.5
Kingsoft 20201118 2013.8.14.323
Tencent 20201118 1.0.0.1
CrowdStrike 20190702 1.0
静态指标
This executable is signed
This executable has a PDB path (1 个事件)
pdb_path B:\Jenkins\workspace\Logos-Desktop-Win-Beta-Ship\LogosDesktop\src\Logos4Setup\bin\ReleaseStatic\LogosSetup.pdb
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .gfids
One or more processes crashed (3 个事件)
Time & API Arguments Status Return Repeated
1620906196.890751
__exception__
stacktrace: 
RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x75c9374b
DllDebugObjectRPCHook+0x108 HACCEL_UserFree-0x5 ole32+0x13f777 @ 0x7682f777
NdrPointerFree+0x1b9 IUnknown_Release_Proxy-0xb rpcrt4+0x3419a @ 0x75ca419a
NdrClientCall2+0x118 RpcAsyncInitializeHandle-0xf1 rpcrt4+0xb011d @ 0x75d2011d
WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x7682c8e2
CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x767298ad
c6a9da191389fc960d11aab4f1fd9539+0x2360f @ 0x42360f
c6a9da191389fc960d11aab4f1fd9539+0x23af4 @ 0x423af4
c6a9da191389fc960d11aab4f1fd9539+0x23538 @ 0x423538
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetCursor+0x263 DrawStateW-0x301 user32+0x3f943 @ 0x775cf943
GetCursor+0xa4 DrawStateW-0x4c0 user32+0x3f784 @ 0x775cf784
GetCursor+0x1a9 DrawStateW-0x3bb user32+0x3f889 @ 0x775cf889
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x775a965e
SendMessageW+0x4c GetAncestor-0xc0 user32+0x196c5 @ 0x775a96c5
GetEffectiveClientRect+0x3409 DPA_Merge-0xa5a comctl32+0xa4601 @ 0x74954601
GetEffectiveClientRect+0x346b DPA_Merge-0x9f8 comctl32+0xa4663 @ 0x74954663
GetEffectiveClientRect+0x32f5 DPA_Merge-0xb6e comctl32+0xa44ed @ 0x749544ed
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x775a965e
SendMessageW+0x4c GetAncestor-0xc0 user32+0x196c5 @ 0x775a96c5
DestroyPropertySheetPage+0x69a DllGetVersion-0x1939 comctl32+0x44136 @ 0x748f4136
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
PeekMessageW+0x197 MsgWaitForMultipleObjectsEx-0x143 user32+0x20751 @ 0x775b0751
DialogBoxIndirectParamW+0xfb DialogBoxIndirectParamAorW-0x166 user32+0x3ccee @ 0x775cccee
DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x775ccf5c
DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x775cce8a
DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x775cd009
c6a9da191389fc960d11aab4f1fd9539+0x6e3b @ 0x406e3b
c6a9da191389fc960d11aab4f1fd9539+0x7a3e @ 0x407a3e
c6a9da191389fc960d11aab4f1fd9539+0x7411 @ 0x407411
c6a9da191389fc960d11aab4f1fd9539+0x128a5 @ 0x4128a5
c6a9da191389fc960d11aab4f1fd9539+0x1274b @ 0x41274b
c6a9da191389fc960d11aab4f1fd9539+0x1755c @ 0x41755c
c6a9da191389fc960d11aab4f1fd9539+0x22f6c @ 0x422f6c
c6a9da191389fc960d11aab4f1fd9539+0x31280 @ 0x431280
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1632156
registers.edi: 1963535368
registers.eax: 1632156
registers.ebp: 1632236
registers.edx: 1
registers.ebx: 2813980
registers.esi: 2147549453
registers.ecx: 1988324224
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0x8001010d
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620906203.124751
__exception__
stacktrace: 
RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x75c9374b
DllDebugObjectRPCHook+0x108 HACCEL_UserFree-0x5 ole32+0x13f777 @ 0x7682f777
NdrPointerFree+0x1b9 IUnknown_Release_Proxy-0xb rpcrt4+0x3419a @ 0x75ca419a
NdrClientCall2+0x118 RpcAsyncInitializeHandle-0xf1 rpcrt4+0xb011d @ 0x75d2011d
WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x7682c8e2
CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x767298ad
c6a9da191389fc960d11aab4f1fd9539+0x8606 @ 0x408606
NdrServerInitialize+0x240 NdrConformantArrayFree-0x342 rpcrt4+0x3586c @ 0x75ca586c
NdrStubCall2+0x256 NdrUnmarshallBasetypeInline-0x301 rpcrt4+0xb05f1 @ 0x75d205f1
WdtpInterfacePointer_UserUnmarshal+0x256f DllDebugObjectRPCHook-0x1e89 ole32+0x13d7e6 @ 0x7682d7e6
WdtpInterfacePointer_UserUnmarshal+0x25ff DllDebugObjectRPCHook-0x1df9 ole32+0x13d876 @ 0x7682d876
WdtpInterfacePointer_UserUnmarshal+0x2b59 DllDebugObjectRPCHook-0x189f ole32+0x13ddd0 @ 0x7682ddd0
CoTaskMemFree+0x1b02 DcomChannelSetHResult-0x1c8 ole32+0x58a43 @ 0x76748a43
CoTaskMemFree+0x19f7 DcomChannelSetHResult-0x2d3 ole32+0x58938 @ 0x76748938
DcomChannelSetHResult+0x8ff CoGetObject-0x2183 ole32+0x5950a @ 0x7674950a
WdtpInterfacePointer_UserUnmarshal+0x2a56 DllDebugObjectRPCHook-0x19a2 ole32+0x13dccd @ 0x7682dccd
WdtpInterfacePointer_UserUnmarshal+0x28ca DllDebugObjectRPCHook-0x1b2e ole32+0x13db41 @ 0x7682db41
WdtpInterfacePointer_UserUnmarshal+0x2f86 DllDebugObjectRPCHook-0x1472 ole32+0x13e1fd @ 0x7682e1fd
DcomChannelSetHResult+0x75c CoGetObject-0x2326 ole32+0x59367 @ 0x76749367
DcomChannelSetHResult+0x71b CoGetObject-0x2367 ole32+0x59326 @ 0x76749326
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x775a788a
DialogBoxIndirectParamW+0x20a DialogBoxIndirectParamAorW-0x57 user32+0x3cdfd @ 0x775ccdfd
DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x775ccf5c
SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x775ff73c
SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x775ffa18
MessageBoxIndirectW+0x2e MessageBoxExA-0xb user32+0x6fccb @ 0x775ffccb
c6a9da191389fc960d11aab4f1fd9539+0x14ee7 @ 0x414ee7
c6a9da191389fc960d11aab4f1fd9539+0x2366d @ 0x42366d
c6a9da191389fc960d11aab4f1fd9539+0x23af4 @ 0x423af4
c6a9da191389fc960d11aab4f1fd9539+0x23538 @ 0x423538
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetCursor+0x263 DrawStateW-0x301 user32+0x3f943 @ 0x775cf943
GetCursor+0xa4 DrawStateW-0x4c0 user32+0x3f784 @ 0x775cf784
GetCursor+0x1a9 DrawStateW-0x3bb user32+0x3f889 @ 0x775cf889
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x775a965e
SendMessageW+0x4c GetAncestor-0xc0 user32+0x196c5 @ 0x775a96c5
GetEffectiveClientRect+0x3409 DPA_Merge-0xa5a comctl32+0xa4601 @ 0x74954601
GetEffectiveClientRect+0x346b DPA_Merge-0x9f8 comctl32+0xa4663 @ 0x74954663
GetEffectiveClientRect+0x32f5 DPA_Merge-0xb6e comctl32+0xa44ed @ 0x749544ed
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x775a965e
SendMessageW+0x4c GetAncestor-0xc0 user32+0x196c5 @ 0x775a96c5
DestroyPropertySheetPage+0x69a DllGetVersion-0x1939 comctl32+0x44136 @ 0x748f4136
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
PeekMessageW+0x197 MsgWaitForMultipleObjectsEx-0x143 user32+0x20751 @ 0x775b0751
DialogBoxIndirectParamW+0xfb DialogBoxIndirectParamAorW-0x166 user32+0x3ccee @ 0x775cccee
DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x775ccf5c
DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x775cce8a
DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x775cd009
c6a9da191389fc960d11aab4f1fd9539+0x6e3b @ 0x406e3b
c6a9da191389fc960d11aab4f1fd9539+0x7a3e @ 0x407a3e
c6a9da191389fc960d11aab4f1fd9539+0x7411 @ 0x407411
c6a9da191389fc960d11aab4f1fd9539+0x128a5 @ 0x4128a5
c6a9da191389fc960d11aab4f1fd9539+0x1274b @ 0x41274b

registers.esp: 1628976
registers.edi: 1963535368
registers.eax: 1628976
registers.ebp: 1629056
registers.edx: 1
registers.ebx: 3012380
registers.esi: 2147549453
registers.ecx: 0
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0x8001010d
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620906203.124751
__exception__
stacktrace: 
RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x75c9374b
DllDebugObjectRPCHook+0x108 HACCEL_UserFree-0x5 ole32+0x13f777 @ 0x7682f777
NdrPointerFree+0x1b9 IUnknown_Release_Proxy-0xb rpcrt4+0x3419a @ 0x75ca419a
NdrClientCall2+0x118 RpcAsyncInitializeHandle-0xf1 rpcrt4+0xb011d @ 0x75d2011d
WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x7682c8e2
CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x767298ad
c6a9da191389fc960d11aab4f1fd9539+0x861d @ 0x40861d
NdrServerInitialize+0x240 NdrConformantArrayFree-0x342 rpcrt4+0x3586c @ 0x75ca586c
NdrStubCall2+0x256 NdrUnmarshallBasetypeInline-0x301 rpcrt4+0xb05f1 @ 0x75d205f1
WdtpInterfacePointer_UserUnmarshal+0x256f DllDebugObjectRPCHook-0x1e89 ole32+0x13d7e6 @ 0x7682d7e6
WdtpInterfacePointer_UserUnmarshal+0x25ff DllDebugObjectRPCHook-0x1df9 ole32+0x13d876 @ 0x7682d876
WdtpInterfacePointer_UserUnmarshal+0x2b59 DllDebugObjectRPCHook-0x189f ole32+0x13ddd0 @ 0x7682ddd0
CoTaskMemFree+0x1b02 DcomChannelSetHResult-0x1c8 ole32+0x58a43 @ 0x76748a43
CoTaskMemFree+0x19f7 DcomChannelSetHResult-0x2d3 ole32+0x58938 @ 0x76748938
DcomChannelSetHResult+0x8ff CoGetObject-0x2183 ole32+0x5950a @ 0x7674950a
WdtpInterfacePointer_UserUnmarshal+0x2a56 DllDebugObjectRPCHook-0x19a2 ole32+0x13dccd @ 0x7682dccd
WdtpInterfacePointer_UserUnmarshal+0x28ca DllDebugObjectRPCHook-0x1b2e ole32+0x13db41 @ 0x7682db41
WdtpInterfacePointer_UserUnmarshal+0x2f86 DllDebugObjectRPCHook-0x1472 ole32+0x13e1fd @ 0x7682e1fd
DcomChannelSetHResult+0x75c CoGetObject-0x2326 ole32+0x59367 @ 0x76749367
DcomChannelSetHResult+0x71b CoGetObject-0x2367 ole32+0x59326 @ 0x76749326
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x775a788a
DialogBoxIndirectParamW+0x20a DialogBoxIndirectParamAorW-0x57 user32+0x3cdfd @ 0x775ccdfd
DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x775ccf5c
SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x775ff73c
SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x775ffa18
MessageBoxIndirectW+0x2e MessageBoxExA-0xb user32+0x6fccb @ 0x775ffccb
c6a9da191389fc960d11aab4f1fd9539+0x14ee7 @ 0x414ee7
c6a9da191389fc960d11aab4f1fd9539+0x2366d @ 0x42366d
c6a9da191389fc960d11aab4f1fd9539+0x23af4 @ 0x423af4
c6a9da191389fc960d11aab4f1fd9539+0x23538 @ 0x423538
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetCursor+0x263 DrawStateW-0x301 user32+0x3f943 @ 0x775cf943
GetCursor+0xa4 DrawStateW-0x4c0 user32+0x3f784 @ 0x775cf784
GetCursor+0x1a9 DrawStateW-0x3bb user32+0x3f889 @ 0x775cf889
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x775a965e
SendMessageW+0x4c GetAncestor-0xc0 user32+0x196c5 @ 0x775a96c5
GetEffectiveClientRect+0x3409 DPA_Merge-0xa5a comctl32+0xa4601 @ 0x74954601
GetEffectiveClientRect+0x346b DPA_Merge-0x9f8 comctl32+0xa4663 @ 0x74954663
GetEffectiveClientRect+0x32f5 DPA_Merge-0xb6e comctl32+0xa44ed @ 0x749544ed
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x775a965e
SendMessageW+0x4c GetAncestor-0xc0 user32+0x196c5 @ 0x775a96c5
DestroyPropertySheetPage+0x69a DllGetVersion-0x1939 comctl32+0x44136 @ 0x748f4136
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
PeekMessageW+0x197 MsgWaitForMultipleObjectsEx-0x143 user32+0x20751 @ 0x775b0751
DialogBoxIndirectParamW+0xfb DialogBoxIndirectParamAorW-0x166 user32+0x3ccee @ 0x775cccee
DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x775ccf5c
DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x775cce8a
DialogBoxParamW+0x3f GetCursorFrameInfo-0xa2 user32+0x3d009 @ 0x775cd009
c6a9da191389fc960d11aab4f1fd9539+0x6e3b @ 0x406e3b
c6a9da191389fc960d11aab4f1fd9539+0x7a3e @ 0x407a3e
c6a9da191389fc960d11aab4f1fd9539+0x7411 @ 0x407411
c6a9da191389fc960d11aab4f1fd9539+0x128a5 @ 0x4128a5
c6a9da191389fc960d11aab4f1fd9539+0x1274b @ 0x41274b

registers.esp: 1628972
registers.edi: 1963535368
registers.eax: 1628972
registers.ebp: 1629052
registers.edx: 1
registers.ebx: 3012452
registers.esi: 2147549453
registers.ecx: 0
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0x8001010d
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620906194.577751
NtAllocateVirtualMemory
process_identifier: 912
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02000000
success 0 0
A process attempted to delay the analysis task. (1 个事件)
description c6a9da191389fc960d11aab4f1fd9539.exe tried to sleep 362 seconds, actually delayed analysis time by 0 seconds
File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)
Cybereason malicious.91389f
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-25 07:35:16

Imports

Library msi.dll:
0x4523b4
0x4523b8
0x4523bc
0x4523c0
0x4523c4
0x4523c8
0x4523cc
0x4523d0
Library CRYPT32.dll:
Library KERNEL32.dll:
0x4520e8 GetCurrentProcessId
0x4520ec TerminateProcess
0x4520f0 OpenProcess
0x4520f4 GetVersionExW
0x4520f8 CreateFileMappingW
0x4520fc MapViewOfFile
0x452100 UnmapViewOfFile
0x452104 IsWow64Process
0x452108 FreeLibrary
0x45210c GetModuleFileNameW
0x452110 GetModuleHandleW
0x452114 GetProcAddress
0x452118 LoadLibraryExW
0x45211c LoadResource
0x452120 SizeofResource
0x452124 lstrcmpW
0x452128 lstrcmpiW
0x45212c LoadLibraryW
0x452130 FindResourceW
0x452134 CopyFileW
0x452138 VerifyVersionInfoW
0x45213c MultiByteToWideChar
0x45214c lstrlenW
0x452150 SetFilePointer
0x452154 OutputDebugStringW
0x45215c GetProcessTimes
0x452160 GetSystemTime
0x452164 CreateMutexW
0x45216c Process32FirstW
0x452170 Process32NextW
0x452174 GetConsoleMode
0x452178 GetConsoleCP
0x45217c SetStdHandle
0x452188 GetCommandLineA
0x45218c GetOEMCP
0x452190 IsValidCodePage
0x452194 FindNextFileW
0x452198 FindFirstFileExW
0x45219c FindClose
0x4521a0 Sleep
0x4521a4 GetUserDefaultLCID
0x4521a8 IsValidLocale
0x4521ac GetFileType
0x4521b0 GetACP
0x4521b4 GetStdHandle
0x4521b8 GetModuleHandleExW
0x4521bc ExitProcess
0x4521c0 ReleaseMutex
0x4521c4 SetEvent
0x4521c8 DecodePointer
0x4521cc GetTempPathW
0x4521d0 WriteFile
0x4521d4 ReadFile
0x4521d8 GetFullPathNameW
0x4521dc GetFileSize
0x4521e4 FindFirstFileW
0x4521e8 CreateFileW
0x4521ec CreateDirectoryW
0x4521f4 GetCommandLineW
0x4521fc VerSetConditionMask
0x452200 LocalFree
0x452204 CreateProcessW
0x452208 GetCurrentThread
0x45220c GetExitCodeProcess
0x452210 GetCurrentProcess
0x452214 WaitForSingleObject
0x452218 GetProcessHeap
0x45221c HeapSize
0x452220 HeapFree
0x452224 HeapReAlloc
0x452228 HeapAlloc
0x45222c HeapDestroy
0x452230 CloseHandle
0x452234 GetVolumePathNameW
0x45223c GetThreadLocale
0x452240 FormatMessageW
0x452244 LocalAlloc
0x452248 GetCurrentThreadId
0x45225c SetLastError
0x452260 GetLastError
0x452264 RaiseException
0x452268 SetFileAttributesW
0x45226c GetFileAttributesW
0x452270 DeleteFileW
0x452274 EnumSystemLocalesW
0x452278 CreateEventW
0x45227c SetFilePointerEx
0x452280 FlushFileBuffers
0x452284 WriteConsoleW
0x452288 LCMapStringW
0x45228c GetLocaleInfoW
0x452290 GetStringTypeW
0x452294 GetTickCount
0x452298 VirtualQuery
0x45229c VirtualProtect
0x4522a0 GetSystemInfo
0x4522a4 RtlUnwind
0x4522a8 GetStartupInfoW
0x4522b8 ResetEvent
0x4522bc IsDebuggerPresent
0x4522c0 LoadLibraryExA
0x4522c4 VirtualFree
0x4522c8 TlsFree
0x4522cc TlsSetValue
0x4522d0 TlsGetValue
0x4522d4 TlsAlloc
0x4522dc EncodePointer
0x4522e0 WideCharToMultiByte
0x4522e4 VirtualAlloc
0x4522f8 InitializeSListHead
0x4522fc GetCPInfo
Library USER32.dll:
0x45232c DialogBoxParamW
0x452330 GetActiveWindow
0x452334 SetWindowLongW
0x452338 PostMessageW
0x45233c LoadStringW
0x452340 wsprintfW
0x452344 UnregisterClassW
0x452348 CharNextW
0x45234c MessageBoxIndirectW
0x452350 EnumWindows
0x452358 SendMessageW
0x45235c EndDialog
0x452360 SetDlgItemTextW
0x452364 GetWindowRect
0x452368 SetWindowPos
0x45236c ExitWindowsEx
0x452370 GetMonitorInfoW
0x452374 MonitorFromWindow
0x452378 GetWindow
0x45237c GetParent
0x452380 GetWindowLongW
0x452384 MapWindowPoints
0x452388 SetForegroundWindow
0x45238c GetClientRect
0x452390 SetWindowTextW
0x452394 GetDlgItem
Library ADVAPI32.dll:
0x452004 RegEnumValueW
0x452008 RegQueryValueW
0x45200c QueryServiceConfigW
0x452010 OpenServiceW
0x452014 SystemFunction036
0x452018 OpenSCManagerW
0x45201c CloseServiceHandle
0x452024 RegSetValueExW
0x452028 RegQueryValueExW
0x45202c RegQueryInfoKeyW
0x452030 RegOpenKeyExW
0x452034 RegEnumKeyExW
0x452038 RegDeleteValueW
0x45203c RegDeleteKeyW
0x452040 RegCreateKeyExW
0x452044 RegCloseKey
0x45205c FreeSid
0x452060 DuplicateToken
0x452068 AddAccessAllowedAce
0x45206c AccessCheck
0x452080 LookupAccountNameW
0x452084 LookupAccountSidW
0x452088 RevertToSelf
0x45208c MakeSelfRelativeSD
0x452090 IsValidSid
0x452094 InitializeAcl
0x452098 ImpersonateSelf
0x45209c GetTokenInformation
0x4520b4 GetLengthSid
0x4520b8 GetAclInformation
0x4520bc GetAce
0x4520c0 EqualSid
0x4520c4 CopySid
0x4520cc AddAce
0x4520d0 OpenThreadToken
0x4520d4 OpenProcessToken
0x4520d8 SetThreadToken
Library SHELL32.dll:
0x452320 SHGetFolderPathW
0x452324 ShellExecuteExW
Library ole32.dll:
0x4523d8 CoInitialize
0x4523dc CoTaskMemRealloc
0x4523e0 CoTaskMemAlloc
0x4523e4 CoCreateGuid
0x4523e8 CoUninitialize
0x4523ec CoTaskMemFree
0x4523f0 StringFromGUID2
0x4523f4 IIDFromString
0x4523f8 CoCreateInstance
Library OLEAUT32.dll:
0x452308 SysStringByteLen
0x45230c SysStringLen
0x452310 VarUI4FromStr
0x452314 GetErrorInfo
0x452318 SysFreeString
Library VERSION.dll:
0x4523a4 GetFileVersionInfoW
0x4523ac VerQueryValueW
Library USERENV.dll:
0x45239c UnloadUserProfile

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49177 151.101.54.133 downloads.logoscdn.com 443
192.168.56.101 49178 151.101.54.133 downloads.logoscdn.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49238 239.255.255.250 1900
192.168.56.101 49714 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.