2.6
中危
1 个模型检测该样本为恶意!
重新分析
更多

2c107436c5adf75eb93eb51285db5fd56d4de7edf223668adf02247f0d7cd21d

ca51d235b2b9e3e23e2f6f1f2f3671f3.exe

分析耗时

17s

最近分析

文件大小

596.0KB
静态报毒 动态报毒 LG0@AMQ7TJOI ZEXAE
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20191113 6.0.6.653
Alibaba 20190527 0.3.0.5
CrowdStrike 20190702 1.0
Avast 20191114 18.4.3895.0
Tencent 20191115 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft 20191115 2013.8.14.323
行为判定
动态指标
File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)
BitDefenderTheta Gen:NN.ZexaE.32250.LG0@amQ7tJoi
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 6.802834234867775 section {'size_of_data': '0x00075c00', 'virtual_address': '0x00001000', 'entropy': 6.802834234867775, 'name': '.text', 'virtual_size': '0x00075b63'} description A section with a high entropy has been found
entropy 0.7915966386554621 description Overall entropy of this PE file is high
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-10-06 13:00:00

Imports

Library KERNEL32.dll:
0x48a744 CloseHandle
0x48a748 CompareStringW
0x48a74c CreateEventW
0x48a750 CreateFileW
0x48a754 CreateProcessW
0x48a758 DecodePointer
0x48a760 DeleteFileW
0x48a768 EncodePointer
0x48a770 EnumSystemLocalesW
0x48a774 ExitProcess
0x48a77c FindClose
0x48a780 FindFirstFileExW
0x48a784 FindNextFileW
0x48a788 FlushFileBuffers
0x48a78c FormatMessageA
0x48a794 FreeLibrary
0x48a798 GetACP
0x48a79c GetCPInfo
0x48a7a0 GetCommandLineA
0x48a7a4 GetCommandLineW
0x48a7a8 GetConsoleCP
0x48a7ac GetConsoleMode
0x48a7b4 GetCurrentProcess
0x48a7b8 GetCurrentProcessId
0x48a7bc GetCurrentThread
0x48a7c0 GetCurrentThreadId
0x48a7c4 GetDateFormatW
0x48a7c8 GetDriveTypeW
0x48a7d4 GetExitCodeProcess
0x48a7d8 GetFileAttributesW
0x48a7dc GetFileSizeEx
0x48a7e0 GetFileType
0x48a7e4 GetFullPathNameW
0x48a7e8 GetLastError
0x48a7ec GetLocalTime
0x48a7f0 GetLocaleInfoW
0x48a7f4 GetModuleFileNameW
0x48a7f8 GetModuleHandleExW
0x48a7fc GetModuleHandleW
0x48a800 GetNativeSystemInfo
0x48a804 GetOEMCP
0x48a808 GetProcAddress
0x48a80c GetProcessId
0x48a810 GetProcessTimes
0x48a814 GetProductInfo
0x48a818 GetStartupInfoW
0x48a81c GetStdHandle
0x48a820 GetStringTypeW
0x48a824 GetSystemDirectoryW
0x48a828 GetSystemInfo
0x48a830 GetTempPathW
0x48a834 GetThreadId
0x48a838 GetThreadPriority
0x48a83c GetTickCount
0x48a840 GetTimeFormatW
0x48a848 GetUserDefaultLCID
0x48a84c GetVersionExW
0x48a854 HeapAlloc
0x48a858 HeapCreate
0x48a85c HeapDestroy
0x48a860 HeapFree
0x48a864 HeapReAlloc
0x48a868 HeapSize
0x48a86c InitOnceExecuteOnce
0x48a878 InitializeSListHead
0x48a87c IsDebuggerPresent
0x48a884 IsValidCodePage
0x48a888 IsValidLocale
0x48a88c IsWow64Process
0x48a890 LCMapStringW
0x48a898 LoadLibraryExA
0x48a89c LoadLibraryExW
0x48a8a0 LocalFree
0x48a8a4 MultiByteToWideChar
0x48a8a8 OutputDebugStringA
0x48a8b8 RaiseException
0x48a8bc ReadConsoleW
0x48a8c0 ReadFile
0x48a8c8 ResetEvent
0x48a8d0 RtlUnwind
0x48a8d8 SetEvent
0x48a8dc SetFilePointerEx
0x48a8e4 SetLastError
0x48a8e8 SetStdHandle
0x48a8ec SetThreadPriority
0x48a8f4 Sleep
0x48a8fc TerminateProcess
0x48a900 TlsAlloc
0x48a904 TlsFree
0x48a908 TlsGetValue
0x48a90c TlsSetValue
0x48a91c VirtualProtect
0x48a920 VirtualQuery
0x48a924 WaitForSingleObject
0x48a930 WideCharToMultiByte
0x48a934 WriteConsoleW
0x48a938 WriteFile
Library SHELL32.dll:
0x48a940 CommandLineToArgvW
0x48a944 SHGetFolderPathW
Library USERENV.dll:
Library ADVAPI32.dll:
0x48a960 EventRegister
0x48a964 EventUnregister
0x48a968 EventWrite
0x48a96c RegCloseKey
0x48a970 RegOpenKeyExW
0x48a974 RegQueryValueExW
Library USER32.dll:
Library WINMM.dll:
0x48a984 timeGetTime
Library ole32.dll:
0x48a98c CoTaskMemFree
Library dbghelp.dll:
0x48a994 SymCleanup
0x48a998 SymFromAddr
0x48a9a0 SymGetSearchPathW
0x48a9a4 SymInitialize
0x48a9a8 SymSetOptions
0x48a9ac SymSetSearchPathW

Exports

Ordinal Address Name
1 0x4371e0 GetHandleVerifier

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62194 239.255.255.250 1900
192.168.56.101 62319 239.255.255.250 3702
192.168.56.101 58367 8.8.8.8 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.