1.8
低危
该样本未表现出任何异常!
重新分析
更多

88e9bd057a72887609723959ee3e4cc6106fb44714ca8527d68a96de0f2d8507

c888add519903a684cfeb6651d857db8.exe

分析耗时

79s

最近分析

文件大小

720.0KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
行为判定
动态指标
A process attempted to delay the analysis task. (1 个事件)
description c888add519903a684cfeb6651d857db8.exe tried to sleep 135 seconds, actually delayed analysis time by 135 seconds
Foreign language identified in PE resource (50 out of 51 个事件)
name TEXTINCLUDE language LANG_CHINESE offset 0x000c1c20 filetype C source, ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000151
name TEXTINCLUDE language LANG_CHINESE offset 0x000c1c20 filetype C source, ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000151
name TEXTINCLUDE language LANG_CHINESE offset 0x000c1c20 filetype C source, ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000151
name RT_CURSOR language LANG_CHINESE offset 0x000c2110 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000b4
name RT_CURSOR language LANG_CHINESE offset 0x000c2110 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000b4
name RT_CURSOR language LANG_CHINESE offset 0x000c2110 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000b4
name RT_CURSOR language LANG_CHINESE offset 0x000c2110 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000b4
name RT_BITMAP language LANG_CHINESE offset 0x000c3818 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000c3818 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000c3818 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000c3818 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000c3818 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000c3818 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000c3818 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000c3818 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000c3818 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000c3818 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000c3818 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000c3818 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000c3818 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000c3818 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_MENU language LANG_CHINESE offset 0x000c47f0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000284
name RT_MENU language LANG_CHINESE offset 0x000c47f0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000284
name RT_DIALOG language LANG_CHINESE offset 0x000c5a38 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000018c
name RT_DIALOG language LANG_CHINESE offset 0x000c5a38 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000018c
name RT_DIALOG language LANG_CHINESE offset 0x000c5a38 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000018c
name RT_DIALOG language LANG_CHINESE offset 0x000c5a38 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000018c
name RT_DIALOG language LANG_CHINESE offset 0x000c5a38 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000018c
name RT_DIALOG language LANG_CHINESE offset 0x000c5a38 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000018c
name RT_DIALOG language LANG_CHINESE offset 0x000c5a38 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000018c
name RT_DIALOG language LANG_CHINESE offset 0x000c5a38 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000018c
name RT_DIALOG language LANG_CHINESE offset 0x000c5a38 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000018c
name RT_DIALOG language LANG_CHINESE offset 0x000c5a38 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000018c
name RT_STRING language LANG_CHINESE offset 0x000c6480 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000c6480 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000c6480 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000c6480 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000c6480 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000c6480 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000c6480 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000c6480 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000c6480 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000c6480 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_STRING language LANG_CHINESE offset 0x000c6480 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000024
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x000c64cc filetype Lotus unknown worksheet or configuration, revision 0x2 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000022
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x000c64cc filetype Lotus unknown worksheet or configuration, revision 0x2 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000022
name RT_GROUP_CURSOR language LANG_CHINESE offset 0x000c64cc filetype Lotus unknown worksheet or configuration, revision 0x2 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000022
name RT_GROUP_ICON language LANG_CHINESE offset 0x000c6534 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x000c6534 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_GROUP_ICON language LANG_CHINESE offset 0x000c6534 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 39.108.167.133
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-12-20 09:17:46

Imports

Library KERNEL32.dll:
0x488170 SetEndOfFile
0x488174 UnlockFile
0x488178 LockFile
0x48817c FlushFileBuffers
0x488180 SetFilePointer
0x488184 GetCurrentProcess
0x488188 DuplicateHandle
0x48818c lstrcpynA
0x488190 SetLastError
0x48819c LocalFree
0x4881a0 MultiByteToWideChar
0x4881a4 WideCharToMultiByte
0x4881ac TerminateThread
0x4881b0 CreateSemaphoreA
0x4881b4 SetStdHandle
0x4881b8 IsBadCodePtr
0x4881bc IsBadReadPtr
0x4881c0 CompareStringW
0x4881c4 CompareStringA
0x4881cc GetStringTypeW
0x4881d0 GetStringTypeA
0x4881d4 IsBadWritePtr
0x4881d8 VirtualAlloc
0x4881dc LCMapStringW
0x4881e0 LCMapStringA
0x4881e8 VirtualFree
0x4881ec HeapCreate
0x4881f0 HeapDestroy
0x4881f8 GetFileType
0x4881fc GetStdHandle
0x488200 SetHandleCount
0x488218 GetACP
0x48821c HeapSize
0x488220 ResumeThread
0x488224 ReleaseSemaphore
0x488230 GetProfileStringA
0x488234 WriteFile
0x488238 ReadFile
0x488240 CreateFileA
0x488244 SetEvent
0x488248 FindResourceA
0x48824c LoadResource
0x488250 LockResource
0x488254 GetModuleFileNameA
0x488258 GetCurrentThreadId
0x48825c ExitProcess
0x488260 GlobalSize
0x488264 GlobalFree
0x488270 lstrcatA
0x488274 lstrlenA
0x488278 WinExec
0x48827c lstrcpyA
0x488280 FindNextFileA
0x488284 GlobalReAlloc
0x488288 HeapFree
0x48828c HeapReAlloc
0x488290 GetProcessHeap
0x488294 HeapAlloc
0x488298 GetFullPathNameA
0x48829c FreeLibrary
0x4882a0 LoadLibraryA
0x4882a4 GetLastError
0x4882a8 GetVersionExA
0x4882b0 CreateThread
0x4882b4 CreateEventA
0x4882b8 Sleep
0x4882bc GlobalAlloc
0x4882c0 GlobalLock
0x4882c4 GlobalUnlock
0x4882c8 FindFirstFileA
0x4882cc FindClose
0x4882d0 TerminateProcess
0x4882d4 RaiseException
0x4882d8 GetLocalTime
0x4882dc GetSystemTime
0x4882e4 RtlUnwind
0x4882e8 GetStartupInfoA
0x4882ec GetOEMCP
0x4882f0 GetCPInfo
0x4882f4 GetProcessVersion
0x4882f8 SetErrorMode
0x4882fc GlobalFlags
0x488300 GetCurrentThread
0x488304 GetFileTime
0x488308 GetFileSize
0x48830c TlsGetValue
0x488310 LocalReAlloc
0x488314 TlsSetValue
0x488318 TlsFree
0x48831c GlobalHandle
0x488320 GetFileAttributesA
0x48832c TlsAlloc
0x488330 LocalAlloc
0x488334 lstrcmpA
0x488338 GetVersion
0x48833c GlobalGetAtomNameA
0x488340 GlobalAddAtomA
0x488344 GlobalFindAtomA
0x488348 GlobalDeleteAtom
0x48834c lstrcmpiA
0x488350 GetModuleHandleA
0x488354 GetProcAddress
0x488358 MulDiv
0x48835c GetCommandLineA
0x488360 GetTickCount
0x488364 WaitForSingleObject
0x488368 CloseHandle
Library USER32.dll:
0x488390 OpenClipboard
0x488394 SetClipboardData
0x488398 EmptyClipboard
0x48839c GetSystemMetrics
0x4883a0 GetCursorPos
0x4883a4 MessageBoxA
0x4883a8 SetWindowPos
0x4883ac SendMessageA
0x4883b0 DestroyCursor
0x4883b4 SetParent
0x4883b8 IsWindow
0x4883bc PostMessageA
0x4883c0 GetClipboardData
0x4883c4 GetParent
0x4883c8 GetFocus
0x4883cc GetClientRect
0x4883d0 InvalidateRect
0x4883d4 ValidateRect
0x4883d8 UpdateWindow
0x4883dc CloseClipboard
0x4883e0 wsprintfA
0x4883e4 EqualRect
0x4883e8 GetWindowRect
0x4883ec SetForegroundWindow
0x4883f0 DestroyMenu
0x4883f4 IsChild
0x4883f8 ReleaseDC
0x4883fc GetTopWindow
0x488400 IsRectEmpty
0x488404 FillRect
0x488408 GetDC
0x48840c SetCursor
0x488410 LoadCursorA
0x488414 SetCursorPos
0x488418 SetActiveWindow
0x48841c GetSysColor
0x488420 SetWindowLongA
0x488424 GetWindowLongA
0x488428 RedrawWindow
0x48842c EnableWindow
0x488430 IsWindowVisible
0x488434 OffsetRect
0x488438 PtInRect
0x48843c DestroyIcon
0x488440 IntersectRect
0x488444 InflateRect
0x488448 SetRect
0x48844c SetScrollPos
0x488450 SetScrollRange
0x488454 GetScrollRange
0x488458 SetCapture
0x48845c GetCapture
0x488460 ReleaseCapture
0x488464 SetTimer
0x488468 KillTimer
0x48846c TranslateMessage
0x488470 LoadIconA
0x488474 DrawFrameControl
0x488478 DrawEdge
0x48847c DrawFocusRect
0x488480 WindowFromPoint
0x488484 GetMessageA
0x488488 DispatchMessageA
0x48848c SetRectEmpty
0x48849c DrawIconEx
0x4884a0 CreatePopupMenu
0x4884a4 AppendMenuA
0x4884a8 ModifyMenuA
0x4884ac CreateMenu
0x4884b4 GetDlgCtrlID
0x4884b8 GetSubMenu
0x4884bc EnableMenuItem
0x4884c0 ClientToScreen
0x4884c8 LoadImageA
0x4884d0 ShowWindow
0x4884d4 IsWindowEnabled
0x4884dc GetKeyState
0x4884e4 PostQuitMessage
0x4884e8 IsZoomed
0x4884ec GetClassInfoA
0x4884f0 GetWindowTextA
0x4884f8 CharUpperA
0x4884fc GetWindowDC
0x488500 BeginPaint
0x488504 EndPaint
0x488508 TabbedTextOutA
0x48850c DrawTextA
0x488510 GrayStringA
0x488514 GetDlgItem
0x488518 DestroyWindow
0x488520 EndDialog
0x488524 GetNextDlgTabItem
0x488528 GetWindowPlacement
0x488530 GetForegroundWindow
0x488534 GetLastActivePopup
0x488538 GetMessageTime
0x48853c RemovePropA
0x488540 CallWindowProcA
0x488544 GetPropA
0x488548 UnhookWindowsHookEx
0x48854c SetPropA
0x488550 GetClassLongA
0x488554 CallNextHookEx
0x488558 SetWindowsHookExA
0x48855c CreateWindowExA
0x488560 GetMenuItemID
0x488564 GetMenuItemCount
0x488568 RegisterClassA
0x48856c GetScrollPos
0x488570 UnregisterClassA
0x488574 AdjustWindowRectEx
0x488578 MapWindowPoints
0x48857c SendDlgItemMessageA
0x488580 ScrollWindowEx
0x488584 IsDialogMessageA
0x488588 SetWindowTextA
0x48858c MoveWindow
0x488590 CheckMenuItem
0x488594 SetMenuItemBitmaps
0x488598 GetMenuState
0x4885a0 GetClassNameA
0x4885a4 GetDesktopWindow
0x4885a8 LoadStringA
0x4885ac GetSysColorBrush
0x4885b0 DefWindowProcA
0x4885b4 GetSystemMenu
0x4885b8 DeleteMenu
0x4885bc GetMenu
0x4885c0 SetMenu
0x4885c4 PeekMessageA
0x4885c8 IsIconic
0x4885cc SetFocus
0x4885d0 GetActiveWindow
0x4885d4 GetWindow
0x4885dc SetWindowRgn
0x4885e0 GetMessagePos
0x4885e4 ScreenToClient
0x4885ec CopyRect
0x4885f0 LoadBitmapA
0x4885f4 WinHelpA
Library GDI32.dll:
0x488024 SetStretchBltMode
0x488028 GetClipRgn
0x48802c CreatePolygonRgn
0x488030 SelectClipRgn
0x488034 DeleteObject
0x488038 CreateDIBitmap
0x488040 CreatePalette
0x488044 StretchBlt
0x488048 SelectPalette
0x48804c RealizePalette
0x488050 GetDIBits
0x488054 GetWindowExtEx
0x488058 GetViewportOrgEx
0x48805c GetWindowOrgEx
0x488060 BeginPath
0x488064 EndPath
0x488068 PathToRegion
0x48806c CreateEllipticRgn
0x488070 CreateRoundRectRgn
0x488074 GetTextColor
0x488078 GetBkMode
0x48807c GetBkColor
0x488080 GetROP2
0x488084 GetStretchBltMode
0x488088 GetPolyFillMode
0x488090 CreateDCA
0x488094 CreateBitmap
0x488098 SelectObject
0x48809c GetObjectA
0x4880a0 CreatePen
0x4880a4 CombineRgn
0x4880a8 CreateRectRgn
0x4880ac FillRgn
0x4880b0 CreateSolidBrush
0x4880b4 GetStockObject
0x4880b8 CreateFontIndirectA
0x4880bc EndPage
0x4880c0 EndDoc
0x4880c4 DeleteDC
0x4880c8 StartDocA
0x4880cc StartPage
0x4880d0 BitBlt
0x4880d4 CreateCompatibleDC
0x4880d8 Ellipse
0x4880dc Rectangle
0x4880e0 LPtoDP
0x4880e4 DPtoLP
0x4880e8 GetCurrentObject
0x4880ec RoundRect
0x4880f4 GetDeviceCaps
0x4880f8 SaveDC
0x4880fc RestoreDC
0x488100 SetBkMode
0x488104 SetPolyFillMode
0x488108 SetROP2
0x48810c SetTextColor
0x488110 SetMapMode
0x488114 SetViewportOrgEx
0x488118 OffsetViewportOrgEx
0x48811c SetViewportExtEx
0x488120 ScaleViewportExtEx
0x488124 SetWindowOrgEx
0x488128 SetWindowExtEx
0x48812c ScaleWindowExtEx
0x488130 GetClipBox
0x488134 ExcludeClipRect
0x488138 MoveToEx
0x48813c LineTo
0x488144 SetBkColor
0x488148 PatBlt
0x48814c GetTextMetricsA
0x488150 Escape
0x488154 ExtTextOutA
0x488158 TextOutA
0x48815c RectVisible
0x488160 PtVisible
0x488164 GetViewportExtEx
0x488168 ExtSelectClipRgn
Library WINMM.dll:
0x4885fc midiStreamRestart
0x488600 midiStreamClose
0x488604 midiOutReset
0x488608 midiStreamStop
0x48860c midiStreamOut
0x488614 midiStreamProperty
0x488618 midiStreamOpen
0x488620 waveOutOpen
0x488624 waveOutGetNumDevs
0x488628 waveOutClose
0x48862c waveOutReset
0x488630 waveOutPause
0x488634 waveOutWrite
Library WINSPOOL.DRV:
0x488644 ClosePrinter
0x488648 DocumentPropertiesA
0x48864c OpenPrinterA
Library ADVAPI32.dll:
0x488000 RegCloseKey
0x488004 RegOpenKeyExA
0x488008 RegSetValueExA
0x48800c RegQueryValueA
0x488010 RegCreateKeyExA
Library SHELL32.dll:
0x488384 ShellExecuteA
0x488388 Shell_NotifyIconA
Library ole32.dll:
0x4886c0 OleInitialize
0x4886c4 OleUninitialize
0x4886c8 CLSIDFromString
Library OLEAUT32.dll:
0x488374 UnRegisterTypeLib
0x488378 RegisterTypeLib
0x48837c LoadTypeLib
Library COMCTL32.dll:
0x488018 ImageList_Destroy
0x48801c
Library WS2_32.dll:
0x488654 recv
0x488658 getpeername
0x48865c accept
0x488660 shutdown
0x488664 WSAGetLastError
0x488668 __WSAFDIsSet
0x48866c ioctlsocket
0x488670 recvfrom
0x488674 socket
0x488678 connect
0x48867c htons
0x488680 WSAAsyncSelect
0x488684 closesocket
0x488688 send
0x48868c select
0x488690 WSACleanup
0x488694 WSAStartup
0x488698 gethostbyname
0x48869c inet_ntoa
0x4886a0 inet_addr
Library comdlg32.dll:
0x4886a8 GetFileTitleA
0x4886ac GetSaveFileNameA
0x4886b0 GetOpenFileNameA
0x4886b4 ChooseFontA
0x4886b8 ChooseColorA

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49171 39.108.167.133 9999

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.