1.2
低危
该样本未表现出任何异常!
重新分析
更多

7495809060bf341ff2a3ded13ae1cece1eaec7e2385d5d6e3ef35e0a09b625f4

c81862e7be2d0feb3955428df6b04ac3.exe

分析耗时

20s

最近分析

文件大小

2.6MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
This executable has a PDB path (1 个事件)
pdb_path C:\Builds\13810\Tools\procexp_master\bin\Win32\Release\procexp.pdb
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name BINRES
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1620985518.689198
__exception__
stacktrace: 
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638284
registers.edi: 0
registers.eax: 1983198136
registers.ebp: 1638292
registers.edx: 19446296
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: c81862e7be2d0feb3955428df6b04ac3+0xf056f
exception.instruction: add byte ptr [eax], al
exception.module: c81862e7be2d0feb3955428df6b04ac3.exe
exception.exception_code: 0xc0000005
exception.offset: 984431
exception.address: 0x12e056f
success 0 0
行为判定
动态指标
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2017-05-01 07:30:45

Imports

Library SHLWAPI.dll:
0x12ac56c ColorHLSToRGB
0x12ac570 ColorRGBToHLS
0x12ac574
0x12ac578 UrlUnescapeW
Library WS2_32.dll:
0x12ac820 ntohl
0x12ac824 htonl
0x12ac828 htons
0x12ac82c gethostbyaddr
0x12ac830 getservbyport
0x12ac834 WSAStartup
0x12ac838 ntohs
Library MPR.dll:
0x12ac4e8 WNetGetConnectionW
Library COMCTL32.dll:
0x12ac130 ImageList_Create
0x12ac134 CreateStatusWindowW
0x12ac13c
0x12ac140
0x12ac144
0x12ac148 ImageList_ReplaceIcon
0x12ac14c ImageList_Add
0x12ac150 InitCommonControlsEx
0x12ac154 ImageList_Destroy
0x12ac158 ImageList_DrawEx
0x12ac15c
0x12ac160 PropertySheetW
Library VERSION.dll:
0x12ac7dc VerQueryValueW
0x12ac7e0 GetFileVersionInfoW
Library credui.dll:
Library SETUPAPI.dll:
0x12ac534 SetupDiGetClassDevsW
Library CRYPT32.dll:
0x12ac188 CertGetNameStringW
Library KERNEL32.dll:
0x12ac22c VirtualQueryEx
0x12ac234 GetCurrentProcessId
0x12ac238 SetThreadAffinityMask
0x12ac23c SetFilePointer
0x12ac240 GetSystemDirectoryW
0x12ac244 DeleteFileW
0x12ac248 SearchPathW
0x12ac24c OpenThread
0x12ac250 GetThreadContext
0x12ac254 SuspendThread
0x12ac258 ResumeThread
0x12ac25c Thread32First
0x12ac260 Thread32Next
0x12ac264 ResetEvent
0x12ac270 IsBadReadPtr
0x12ac278 GlobalMemoryStatus
0x12ac280 TerminateProcess
0x12ac284 GetProcessId
0x12ac288 PulseEvent
0x12ac28c SetPriorityClass
0x12ac290 GetComputerNameW
0x12ac294 VirtualAlloc
0x12ac298 VirtualFree
0x12ac2a0 DeviceIoControl
0x12ac2a4 DuplicateHandle
0x12ac2a8 OutputDebugStringW
0x12ac2ac GetDriveTypeW
0x12ac2b0 GetCurrentDirectoryW
0x12ac2b4 WideCharToMultiByte
0x12ac2b8 DecodePointer
0x12ac2bc RaiseException
0x12ac2c4 GetSystemInfo
0x12ac2cc LoadLibraryA
0x12ac2d0 GetOEMCP
0x12ac2d4 GetACP
0x12ac2d8 IsValidCodePage
0x12ac2dc EnumSystemLocalesW
0x12ac2e0 GetUserDefaultLCID
0x12ac2e4 IsValidLocale
0x12ac2e8 LCMapStringW
0x12ac2ec CompareStringW
0x12ac2f0 GetStartupInfoW
0x12ac2f4 TlsFree
0x12ac300 GetCPInfo
0x12ac304 SetConsoleMode
0x12ac308 ReadConsoleInputA
0x12ac30c GetConsoleMode
0x12ac310 GetModuleHandleExW
0x12ac314 ExitProcess
0x12ac318 GetCurrentThreadId
0x12ac320 RtlUnwind
0x12ac324 IsDebuggerPresent
0x12ac328 EncodePointer
0x12ac32c GetStringTypeW
0x12ac330 lstrlenA
0x12ac334 lstrcmpiW
0x12ac338 lstrcmpW
0x12ac33c ReadProcessMemory
0x12ac340 OpenEventW
0x12ac344 SetLastError
0x12ac348 IsBadStringPtrW
0x12ac34c SystemTimeToFileTime
0x12ac354 GetSystemTime
0x12ac358 DeleteCriticalSection
0x12ac35c Module32NextW
0x12ac360 Module32FirstW
0x12ac364 TerminateThread
0x12ac368 GlobalUnlock
0x12ac36c GlobalLock
0x12ac370 GlobalReAlloc
0x12ac374 GlobalAlloc
0x12ac378 FindResourceExW
0x12ac37c FindResourceW
0x12ac380 SizeofResource
0x12ac384 LoadResource
0x12ac388 GetProcessHeap
0x12ac38c HeapSize
0x12ac390 HeapFree
0x12ac394 HeapReAlloc
0x12ac398 HeapAlloc
0x12ac39c HeapDestroy
0x12ac3a0 LockResource
0x12ac3a4 GetCommandLineW
0x12ac3a8 GetFileType
0x12ac3ac LocalAlloc
0x12ac3b0 FormatMessageW
0x12ac3b4 GlobalAddAtomW
0x12ac3b8 GetTickCount
0x12ac3bc MulDiv
0x12ac3c0 GetFileSizeEx
0x12ac3c4 GetExitCodeThread
0x12ac3c8 CreateThread
0x12ac3cc CreateEventW
0x12ac3d4 WaitForSingleObject
0x12ac3d8 SetEvent
0x12ac3dc EnterCriticalSection
0x12ac3e0 GetCurrentThread
0x12ac3e4 LeaveCriticalSection
0x12ac3e8 FindNextFileW
0x12ac3ec FindClose
0x12ac3f0 MultiByteToWideChar
0x12ac3f4 GetModuleHandleW
0x12ac3f8 ReadFile
0x12ac3fc LoadLibraryExW
0x12ac400 FreeLibrary
0x12ac408 FindFirstFileW
0x12ac40c GetFileAttributesW
0x12ac410 Process32NextW
0x12ac414 Process32FirstW
0x12ac41c GetNumberFormatW
0x12ac420 GetDateFormatW
0x12ac424 GetTimeFormatW
0x12ac428 GetLocaleInfoW
0x12ac42c CreateFileW
0x12ac430 GetFullPathNameW
0x12ac434 GetWindowsDirectoryW
0x12ac440 CreateProcessW
0x12ac444 GetModuleFileNameW
0x12ac448 LoadLibraryW
0x12ac44c CreateFileMappingW
0x12ac450 TlsSetValue
0x12ac454 TlsAlloc
0x12ac458 lstrlenW
0x12ac45c UnmapViewOfFile
0x12ac460 MapViewOfFile
0x12ac464 FormatMessageA
0x12ac468 FileTimeToSystemTime
0x12ac470 CloseHandle
0x12ac474 GetFileTime
0x12ac478 WriteFile
0x12ac47c GetStdHandle
0x12ac480 GetFileSize
0x12ac484 Sleep
0x12ac48c SetErrorMode
0x12ac490 GetLastError
0x12ac494 ExitThread
0x12ac498 GetCurrentProcess
0x12ac49c OpenProcess
0x12ac4a0 LocalFree
0x12ac4a4 GetVersion
0x12ac4a8 GetProcAddress
0x12ac4ac InterlockedDecrement
0x12ac4b0 InterlockedIncrement
0x12ac4b4 TlsGetValue
0x12ac4b8 FlushFileBuffers
0x12ac4bc GetConsoleCP
0x12ac4cc SetFilePointerEx
0x12ac4d0 SetStdHandle
0x12ac4d4 WriteConsoleW
0x12ac4d8 ReadConsoleW
0x12ac4dc SetEndOfFile
Library USER32.dll:
0x12ac580 CopyImage
0x12ac584 GetWindow
0x12ac588 GetDesktopWindow
0x12ac58c KillTimer
0x12ac594 GetDlgCtrlID
0x12ac598 CheckRadioButton
0x12ac59c SendMessageTimeoutW
0x12ac5a0 PeekMessageW
0x12ac5a4 GetUserObjectSecurity
0x12ac5a8 SetUserObjectSecurity
0x12ac5ac IsDialogMessageW
0x12ac5b0 DrawIconEx
0x12ac5b4 CheckMenuRadioItem
0x12ac5b8 WindowFromPoint
0x12ac5bc RedrawWindow
0x12ac5c0 TrackPopupMenu
0x12ac5c4 RemoveMenu
0x12ac5c8 CreateMenu
0x12ac5cc DrawMenuBar
0x12ac5d0 LoadMenuW
0x12ac5d4 TranslateAcceleratorW
0x12ac5d8 LoadAcceleratorsW
0x12ac5dc IsWindowEnabled
0x12ac5e0 GetDlgItemTextW
0x12ac5e4 CreateDialogParamW
0x12ac5e8 IsWindow
0x12ac5ec PostQuitMessage
0x12ac5f0 ExitWindowsEx
0x12ac5f4 DispatchMessageW
0x12ac5f8 TranslateMessage
0x12ac5fc GetMessageW
0x12ac600 DrawEdge
0x12ac608 GetWindowDC
0x12ac60c SetMenuItemInfoW
0x12ac610 IsIconic
0x12ac614 ShowWindowAsync
0x12ac618 SystemParametersInfoW
0x12ac61c EnumWindows
0x12ac620 SetClassLongW
0x12ac624 GetWindowTextW
0x12ac628 InvalidateRgn
0x12ac62c TrackPopupMenuEx
0x12ac630 ModifyMenuW
0x12ac634 AppendMenuW
0x12ac638 GetMenuItemCount
0x12ac63c GetMenuItemID
0x12ac640 EnableMenuItem
0x12ac644 CreatePopupMenu
0x12ac648 EnableWindow
0x12ac64c IsDlgButtonChecked
0x12ac650 CheckDlgButton
0x12ac654 GetWindowPlacement
0x12ac658 LoadIconW
0x12ac65c SetWindowPlacement
0x12ac660 DefMDIChildProcW
0x12ac664 DefFrameProcW
0x12ac668 DefDlgProcW
0x12ac66c CreateIconIndirect
0x12ac670 FrameRect
0x12ac674 ClientToScreen
0x12ac678 IsWindowVisible
0x12ac67c DestroyWindow
0x12ac680 GetClassNameW
0x12ac684 EnumChildWindows
0x12ac688 PtInRect
0x12ac68c UnionRect
0x12ac690 CopyRect
0x12ac694 ScreenToClient
0x12ac698 EmptyClipboard
0x12ac69c SetClipboardData
0x12ac6a0 CloseClipboard
0x12ac6a4 OpenClipboard
0x12ac6a8 IsZoomed
0x12ac6ac EndDeferWindowPos
0x12ac6b0 DeferWindowPos
0x12ac6b4 BeginDeferWindowPos
0x12ac6b8 DrawFrameControl
0x12ac6bc ChildWindowFromPoint
0x12ac6c0 SetDlgItemTextW
0x12ac6c4 DialogBoxParamW
0x12ac6c8 MoveWindow
0x12ac6cc SetWindowTextW
0x12ac6d0 GetDlgItem
0x12ac6d4 EndDialog
0x12ac6dc GetScrollInfo
0x12ac6e0 SetScrollInfo
0x12ac6e4 GetParent
0x12ac6e8 GetClassLongW
0x12ac6ec SetWindowLongW
0x12ac6f0 GetWindowLongW
0x12ac6f4 OffsetRect
0x12ac6f8 IntersectRect
0x12ac6fc InflateRect
0x12ac700 FillRect
0x12ac704 GetSysColorBrush
0x12ac708 GetSysColor
0x12ac70c MapWindowPoints
0x12ac710 GetCursorPos
0x12ac714 SendMessageW
0x12ac718 WaitForInputIdle
0x12ac71c ShowWindow
0x12ac720 SetFocus
0x12ac724 GetSystemMetrics
0x12ac728 GetMenu
0x12ac72c CheckMenuItem
0x12ac730 GetSubMenu
0x12ac734 InsertMenuW
0x12ac738 GetWindowRect
0x12ac73c GetClientRect
0x12ac740 GetPropW
0x12ac744 SetPropW
0x12ac748 ScrollWindowEx
0x12ac74c ValidateRect
0x12ac750 InvalidateRect
0x12ac754 GetUpdateRgn
0x12ac758 GetUpdateRect
0x12ac75c EndPaint
0x12ac760 BeginPaint
0x12ac764 UpdateWindow
0x12ac768 DrawTextW
0x12ac76c SetTimer
0x12ac770 ReleaseCapture
0x12ac774 SetCapture
0x12ac778 DeleteMenu
0x12ac77c SetForegroundWindow
0x12ac780 MessageBoxW
0x12ac784 SetCursor
0x12ac788 FindWindowW
0x12ac78c FindWindowExW
0x12ac794 LoadCursorW
0x12ac798 DestroyIcon
0x12ac79c LoadImageW
0x12ac7a0 EnumDisplaySettingsW
0x12ac7a4 GetDC
0x12ac7a8 ReleaseDC
0x12ac7ac GetCapture
0x12ac7b0 GetKeyState
0x12ac7b4 GetFocus
0x12ac7b8 SetWindowPos
0x12ac7bc CreateWindowExW
0x12ac7c0 RegisterClassExW
0x12ac7c4 CallWindowProcW
0x12ac7c8 DefWindowProcW
0x12ac7cc PostMessageW
0x12ac7d0 LoadStringW
0x12ac7d4 RegisterClassW
Library GDI32.dll:
0x12ac190 SetMapMode
0x12ac194 Polyline
0x12ac198 SelectObject
0x12ac19c SetBkColor
0x12ac1a0 SetBkMode
0x12ac1a4 SetTextColor
0x12ac1a8 StartDocW
0x12ac1ac EndDoc
0x12ac1b0 StartPage
0x12ac1b4 EndPage
0x12ac1b8 CreateFontIndirectW
0x12ac1bc GetTextExtentPoint32W
0x12ac1c0 GetTextMetricsW
0x12ac1c4 MoveToEx
0x12ac1c8 SetROP2
0x12ac1cc SaveDC
0x12ac1d0 RestoreDC
0x12ac1d4 Rectangle
0x12ac1d8 LineTo
0x12ac1dc ExtTextOutW
0x12ac1e0 CreateDIBSection
0x12ac1e4 GetObjectW
0x12ac1e8 DeleteObject
0x12ac1ec BitBlt
0x12ac1f4 CreateCompatibleDC
0x12ac1f8 CreatePen
0x12ac1fc CreateRectRgn
0x12ac200 CreateRectRgnIndirect
0x12ac204 CreateSolidBrush
0x12ac208 DeleteDC
0x12ac20c GetBkColor
0x12ac210 GetBkMode
0x12ac214 GetDeviceCaps
0x12ac218 GetStockObject
0x12ac21c RectInRegion
0x12ac220 SelectClipRgn
0x12ac224 SetTextAlign
Library COMDLG32.dll:
0x12ac168 FindTextW
0x12ac16c ChooseColorW
0x12ac170 GetSaveFileNameW
0x12ac174 GetOpenFileNameW
0x12ac178 PrintDlgW
0x12ac17c ChooseFontW
Library ADVAPI32.dll:
0x12ac000 RegOpenKeyExW
0x12ac004 RegOpenKeyExA
0x12ac008 RegQueryValueExA
0x12ac00c LookupPrivilegeNameW
0x12ac01c CreateProcessAsUserW
0x12ac020 RegConnectRegistryW
0x12ac024 FlushTraceW
0x12ac030 RegCloseKey
0x12ac034 LsaOpenPolicy
0x12ac038 LsaClose
0x12ac03c LsaFreeMemory
0x12ac040 SetSecurityInfo
0x12ac044 GetSecurityInfo
0x12ac048 AddAccessAllowedAce
0x12ac04c GetAce
0x12ac050 AddAce
0x12ac054 InitializeAcl
0x12ac05c GetSidSubAuthority
0x12ac064 IsValidSid
0x12ac068 SetTokenInformation
0x12ac06c QueryServiceConfigW
0x12ac070 CopySid
0x12ac074 RevertToSelf
0x12ac078 OpenProcessToken
0x12ac07c GetTokenInformation
0x12ac080 AdjustTokenPrivileges
0x12ac084 EqualSid
0x12ac08c GetLengthSid
0x12ac090 CloseTrace
0x12ac094 ProcessTrace
0x12ac098 OpenTraceW
0x12ac09c ControlTraceW
0x12ac0a0 StartTraceW
0x12ac0ac MapGenericMask
0x12ac0b0 RegCreateKeyW
0x12ac0b4 StartServiceW
0x12ac0b8 QueryServiceStatus
0x12ac0bc FreeSid
0x12ac0c0 LookupAccountSidW
0x12ac0c4 LookupAccountNameW
0x12ac0c8 LookupPrivilegeValueW
0x12ac0d0 DuplicateTokenEx
0x12ac0d4 RegCreateKeyExW
0x12ac0d8 RegDeleteKeyW
0x12ac0dc RegEnumKeyW
0x12ac0e0 RegEnumValueW
0x12ac0e4 RegLoadKeyW
0x12ac0e8 RegOpenKeyW
0x12ac0ec RegQueryInfoKeyW
0x12ac0f0 RegQueryValueExW
0x12ac0f4 RegSetValueExW
0x12ac0f8 RegUnLoadKeyW
0x12ac0fc RegQueryValueW
0x12ac100 CryptAcquireContextW
0x12ac104 CryptReleaseContext
0x12ac108 CryptGetHashParam
0x12ac10c CryptCreateHash
0x12ac110 CryptHashData
0x12ac114 CryptDestroyHash
0x12ac118 RegDeleteValueW
0x12ac11c CloseServiceHandle
0x12ac120 OpenSCManagerW
0x12ac124 OpenServiceW
0x12ac128 ControlService
Library SHELL32.dll:
0x12ac548 SHGetPathFromIDListW
0x12ac550 SHBrowseForFolderW
0x12ac554 SHGetMalloc
0x12ac558 Shell_NotifyIconW
0x12ac55c ShellExecuteExW
0x12ac560 SHGetFileInfoW
0x12ac564 ShellExecuteW
Library ole32.dll:
0x12ac84c CoInitialize
0x12ac850 CoInitializeEx
0x12ac854 CoCreateInstance
0x12ac858 CoUninitialize
0x12ac85c CoSetProxyBlanket
0x12ac864 CoTaskMemFree
Library OLEAUT32.dll:
0x12ac4f0 SafeArrayGetLBound
0x12ac4f4 SysAllocStringLen
0x12ac4f8 SafeArrayGetElement
0x12ac4fc SafeArrayUnaccessData
0x12ac500 SafeArrayAccessData
0x12ac504 SysAllocString
0x12ac508 SysFreeString
0x12ac50c SysStringLen
0x12ac510 SysAllocStringByteLen
0x12ac514 VariantInit
0x12ac518 VariantClear
0x12ac51c VariantChangeType
0x12ac520 SafeArrayDestroy
0x12ac524 SafeArrayGetUBound
Library WINHTTP.dll:
0x12ac7ec WinHttpOpenRequest
0x12ac7f0 WinHttpSetOption
0x12ac7f8 WinHttpSendRequest
0x12ac7fc WinHttpReadData
0x12ac800 WinHttpConnect
0x12ac804 WinHttpCloseHandle
0x12ac808 WinHttpOpen
0x12ac810 WinHttpQueryHeaders
0x12ac814 WinHttpGetProxyForUrl
0x12ac818 WinHttpWriteData
Library PSAPI.DLL:
0x12ac52c GetModuleFileNameExW

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51966 239.255.255.250 1900
192.168.56.101 53238 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 65005 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.