1.6
低危

4d59ab917930541c6c1e56dcf3f99c6bb77f2eb5dc59cde82f2f4ec356ea5294

c926b5dc77a50bd473563cb92bd04e78.exe

分析耗时

31s

最近分析

文件大小

264.3KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
This executable has a PDB path (1 个事件)
pdb_path d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (7 个事件)
Time & API Arguments Status Return Repeated
1621017946.506501
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75121000
success 0 0
1621017946.756501
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75101000
success 0 0
1621017947.428501
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77711000
success 0 0
1621017947.428501
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76241000
success 0 0
1621017947.428501
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76121000
success 0 0
1621017947.975501
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74fe1000
success 0 0
1621017947.975501
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76881000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1621017949.600501
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2010-03-15 14:27:50

Imports

Library COMCTL32.dll:
0x41202c
Library KERNEL32.dll:
0x412068 DeleteFileA
0x41206c DeleteFileW
0x412070 CreateDirectoryA
0x412074 CreateDirectoryW
0x412078 FindClose
0x41207c FindNextFileA
0x412080 FindFirstFileA
0x412084 FindNextFileW
0x412088 FindFirstFileW
0x41208c GetTickCount
0x412090 WideCharToMultiByte
0x412094 MultiByteToWideChar
0x412098 GetVersionExA
0x41209c GlobalAlloc
0x4120a0 lstrlenA
0x4120a4 GetModuleFileNameA
0x4120a8 FindResourceA
0x4120ac GetModuleHandleA
0x4120b0 HeapAlloc
0x4120b4 GetProcessHeap
0x4120b8 HeapFree
0x4120bc HeapReAlloc
0x4120c0 CompareStringA
0x4120c4 ExitProcess
0x4120c8 GetLocaleInfoA
0x4120cc GetNumberFormatA
0x4120d0 lstrcmpiA
0x4120d4 GetProcAddress
0x4120d8 GetDateFormatA
0x4120dc GetTimeFormatA
0x4120ec WaitForSingleObject
0x4120f4 Sleep
0x4120f8 GetTempPathA
0x4120fc MoveFileExA
0x412100 UnmapViewOfFile
0x412104 GetCommandLineA
0x412108 MapViewOfFile
0x41210c CreateFileMappingA
0x412110 GetModuleFileNameW
0x412118 OpenFileMappingA
0x412124 GetSystemTime
0x412128 IsDBCSLeadByte
0x41212c GetCPInfo
0x412130 FreeLibrary
0x412134 LoadLibraryA
0x41213c GetFullPathNameA
0x412140 SetFileAttributesW
0x412144 SetFileAttributesA
0x412148 GetFileAttributesW
0x41214c GetFileAttributesA
0x412150 WriteFile
0x412154 SetLastError
0x412158 GetStdHandle
0x41215c ReadFile
0x412160 CreateFileW
0x412164 CreateFileA
0x412168 GetFileType
0x41216c SetEndOfFile
0x412170 SetFilePointer
0x412174 MoveFileA
0x412178 SetFileTime
0x41217c GetCurrentProcess
0x412180 CloseHandle
0x412184 GetLastError
Library USER32.dll:
0x4121bc ReleaseDC
0x4121c0 GetDC
0x4121c4 SendMessageA
0x4121c8 wsprintfA
0x4121cc SetDlgItemTextA
0x4121d0 EndDialog
0x4121d4 DestroyIcon
0x4121d8 SendDlgItemMessageA
0x4121dc GetDlgItemTextA
0x4121e0 DialogBoxParamA
0x4121e4 IsWindowVisible
0x4121e8 WaitForInputIdle
0x4121ec GetSysColor
0x4121f0 PostMessageA
0x4121f4 SetMenu
0x4121f8 SetFocus
0x4121fc LoadBitmapA
0x412200 LoadIconA
0x412204 CharToOemA
0x412208 OemToCharA
0x41220c GetClassNameA
0x412210 CharUpperA
0x412214 GetWindowRect
0x412218 GetParent
0x41221c MapWindowPoints
0x412220 CreateWindowExA
0x412224 UpdateWindow
0x412228 SetWindowTextA
0x41222c LoadCursorA
0x412230 RegisterClassExA
0x412234 SetWindowLongA
0x412238 GetWindowLongA
0x41223c DefWindowProcA
0x412240 PeekMessageA
0x412244 GetMessageA
0x412248 TranslateMessage
0x41224c DispatchMessageA
0x412250 GetClientRect
0x412254 CopyRect
0x412258 IsWindow
0x41225c MessageBoxA
0x412260 ShowWindow
0x412264 GetDlgItem
0x412268 EnableWindow
0x41226c FindWindowExA
0x412270 wvsprintfA
0x412274 CharToOemBuffA
0x412278 LoadStringA
0x41227c SetWindowPos
0x412280 GetWindowTextA
0x412284 GetWindow
0x412288 GetSystemMetrics
0x41228c OemToCharBuffA
0x412290 DestroyWindow
Library GDI32.dll:
0x412044 GetDeviceCaps
0x412048 GetObjectA
0x412050 SelectObject
0x412054 StretchBlt
0x412058 CreateCompatibleDC
0x41205c DeleteObject
0x412060 DeleteDC
Library COMDLG32.dll:
0x412034 GetSaveFileNameA
0x41203c GetOpenFileNameA
Library ADVAPI32.dll:
0x412004 RegOpenKeyExA
0x412008 RegQueryValueExA
0x41200c RegCreateKeyExA
0x412010 RegSetValueExA
0x412014 RegCloseKey
0x412018 SetFileSecurityW
0x41201c SetFileSecurityA
0x412020 OpenProcessToken
Library SHELL32.dll:
0x412198 ShellExecuteExA
0x41219c SHFileOperationA
0x4121a0 SHGetFileInfoA
0x4121a8 SHGetMalloc
0x4121ac SHBrowseForFolderA
0x4121b4 SHChangeNotify
Library ole32.dll:
0x41229c OleInitialize
0x4122a0 CoCreateInstance
0x4122a4 OleUninitialize
0x4122a8 CLSIDFromString
Library OLEAUT32.dll:
0x412190 VariantInit

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.