SmartHawk

1.6

低危

1 个模型检测该样本为恶意！

重新分析

下载样本

3f41d15c6cceeb6b251beaf3ace198b5412e4b106393fb7d2fe22dd9d8ffcc9d

c993adbdce8b1c6eea76a29bf7d945f0.exe

分析耗时

19s

查杀引擎	查杀时间	查杀版本
McAfee	20200614	6.0.6.653
Alibaba	20190527	0.3.0.5
Avast	20200614	18.4.3895.0
Tencent	20200614	1.0.0.1
Baidu	20190318	1.0.0.2
Kingsoft	20200614	2013.8.14.323
CrowdStrike	20190702	1.0

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2009-07-14 07:49:14

Imports

Library ADVAPI32.dll:

• 0x100001000 CryptAcquireContextW

• 0x100001008 CryptSetKeyParam

• 0x100001010 CryptGetKeyParam

• 0x100001018 CryptReleaseContext

• 0x100001020 CryptAcquireContextA

• 0x100001028 CryptGetProvParam

• 0x100001030 CryptGenKey

• 0x100001038 CryptDestroyKey

• 0x100001040 CryptGetUserKey

Library KERNEL32.dll:

• 0x100001110 GetCurrentProcessId

• 0x100001118 GetTickCount

• 0x100001120 QueryPerformanceCounter

• 0x100001128 GetModuleHandleW

• 0x100001130 SetUnhandledExceptionFilter

• 0x100001138 RtlCaptureContext

• 0x100001140 RtlLookupFunctionEntry

• 0x100001148 RtlVirtualUnwind

• 0x100001150 TerminateProcess

• 0x100001158 GetCurrentProcess

• 0x100001160 UnhandledExceptionFilter

• 0x100001168 GetFileSize

• 0x100001170 MapViewOfFile

• 0x100001178 WriteFile

• 0x100001180 WideCharToMultiByte

• 0x100001188 CreateFileMappingA

• 0x100001190 MultiByteToWideChar

• 0x100001198 LocalAlloc

• 0x1000011a0 Sleep

• 0x1000011a8 LocalFileTimeToFileTime

• 0x1000011b0 LocalFree

• 0x1000011b8 DeleteFileW

• 0x1000011c0 FileTimeToLocalFileTime

• 0x1000011c8 CloseHandle

• 0x1000011d0 HeapSetInformation

• 0x1000011d8 GetModuleHandleA

• 0x1000011e0 LockResource

• 0x1000011e8 LoadLibraryA

• 0x1000011f0 GetProcAddress

• 0x1000011f8 SetLastError

• 0x100001200 GetLastError

• 0x100001208 CreateFileW

• 0x100001210 FileTimeToSystemTime

• 0x100001218 SizeofResource

• 0x100001220 GetSystemTimeAsFileTime

• 0x100001228 GetProcessHeap

• 0x100001230 CompareFileTime

• 0x100001238 SystemTimeToFileTime

• 0x100001240 LoadResource

• 0x100001248 FreeLibrary

• 0x100001250 UnmapViewOfFile

• 0x100001258 FreeResource

• 0x100001260 FindResourceA

• 0x100001268 GetCurrentThreadId

Library msvcrt.dll:

• 0x1000012f8 malloc

• 0x100001300 free

• 0x100001308 ?terminate@@YAXXZ

• 0x100001310 vwprintf

• 0x100001318 _vsnwprintf

• 0x100001320 wprintf

• 0x100001328 _wcsnicmp

• 0x100001330 memset

• 0x100001338 memcpy

• 0x100001340 __set_app_type

• 0x100001348 _fmode

• 0x100001350 _commode

• 0x100001358 __setusermatherr

• 0x100001360 _amsg_exit

• 0x100001368 _initterm

• 0x100001370 exit

• 0x100001378 _cexit

• 0x100001380 _exit

• 0x100001388 _XcptFilter

• 0x100001390 __C_specific_handler

• 0x100001398 __wgetmainargs

• 0x1000013a0 ??2@YAPEAX_K@Z

• 0x1000013a8 _wtol

• 0x1000013b0 ??3@YAXPEAX@Z

• 0x1000013b8 strtok

• 0x1000013c0 _wcsicmp

• 0x1000013c8 memcmp

Library MSSIGN32.dll:

• 0x100001278 FreeCryptProvFromCert

• 0x100001280 SignError

• 0x100001288 PvkPrivateKeyAcquireContextFromMemory

• 0x100001290 GetCryptProvFromCert

• 0x100001298 PvkGetCryptProv

• 0x1000012a0 PvkFreeCryptProv

• 0x1000012a8 PvkPrivateKeySave

Library CRYPT32.dll:

• 0x100001050 CertEnumCertificatesInStore

• 0x100001058 CertCreateCRLContext

• 0x100001060 CryptSignAndEncodeCertificate

• 0x100001068 CertDuplicateCertificateContext

• 0x100001070 CertComparePublicKeyInfo

• 0x100001078 CryptEncodeObject

• 0x100001080 CertSetCertificateContextProperty

• 0x100001088 CryptHashPublicKeyInfo

• 0x100001090 CertGetCertificateContextProperty

• 0x100001098 CertCloseStore

• 0x1000010a0 CertStrToNameW

• 0x1000010a8 CertFindCertificateInStore

• 0x1000010b0 CertFreeCertificateContext

• 0x1000010b8 CertGetPublicKeyLength

• 0x1000010c0 CertCompareIntegerBlob

• 0x1000010c8 CertOpenStore

• 0x1000010d0 CertAddEncodedCertificateToStore

• 0x1000010d8 CertFreeCRLContext

• 0x1000010e0 CryptQueryObject

• 0x1000010e8 CryptDecodeObject

• 0x1000010f0 CertCreateCertificateContext

• 0x1000010f8 CryptHashCertificate

• 0x100001100 CryptExportPublicKeyInfo

Library USER32.dll:

• 0x1000012e0 LoadStringW

• 0x1000012e8 LoadStringA

Library ole32.dll:

• 0x1000013d8 CoInitialize

• 0x1000013e0 CoUninitialize

• 0x1000013e8 CoCreateGuid

Library OLEAUT32.dll:

• 0x1000012b8 VarDateFromStr

Library RPCRT4.dll:

• 0x1000012c8 UuidCreate

• 0x1000012d0 UuidToStringW

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	49236	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702
192.168.56.101	65005	239.255.255.250	3702
192.168.56.101	65007	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.

resource name	CER
resource name	PVK