2.0
低危
1 个模型检测该样本为恶意!
重新分析
更多

4d50b2f3cd58521314bc859595efbbee10abc33bf693965f5968886df02df905

cd8951aa505db6be51ddf48d7730d5fc.exe

分析耗时

86s

最近分析

文件大小

9.4MB
静态报毒 动态报毒 INVALIDSIG
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20210124 6.0.6.653
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20210124 21.1.5827.0
Tencent 20210124 1.0.0.1
Kingsoft 20210124 2017.9.26.565
CrowdStrike 20190702 1.0
静态指标
This executable is signed
This executable has a PDB path (1 个事件)
pdb_path c:\Monk\main\obj\Release\Audition\Audition.pdb
The file contains an unknown PE resource name possibly indicative of a packer (4 个事件)
resource name INFO
resource name PNG
resource name WAVE
resource name XML
行为判定
动态指标
File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)
eGambit PE.Heur.InvalidSig
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 6.846678393787788 section {'size_of_data': '0x00430000', 'virtual_address': '0x00513000', 'entropy': 6.846678393787788, 'name': '.rsrc', 'virtual_size': '0x0042fe88'} description A section with a high entropy has been found
entropy 0.4474590420536366 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 124.225.105.97
host 13.227.228.18
host 172.217.24.14
host 52.44.44.47
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2007-10-11 11:12:24

Imports

Library MSVCR71.dll:
0x4842c6b4 fprintf
0x4842c6b8 fflush
0x4842c6bc _vsnprintf
0x4842c6c0 _CxxThrowException
0x4842c6c4 swprintf
0x4842c6c8 _ultoa
0x4842c6cc _controlfp
0x4842c6d0 __set_app_type
0x4842c6d4 __p__fmode
0x4842c6d8 __p__commode
0x4842c6dc _adjust_fdiv
0x4842c6e0 __setusermatherr
0x4842c6e4 _initterm
0x4842c6e8 __getmainargs
0x4842c6ec _amsg_exit
0x4842c6f0 _acmdln
0x4842c6f4 exit
0x4842c6f8 _cexit
0x4842c6fc _ismbblead
0x4842c700 _XcptFilter
0x4842c704 _exit
0x4842c708 _c_exit
0x4842c70c __CxxFrameHandler
0x4842c710 _except_handler3
0x4842c714 _onexit
0x4842c718 __dllonexit
0x4842c71c ??1type_info@@UAE@XZ
0x4842c720 ispunct
0x4842c724 isspace
0x4842c728 wcsncpy
0x4842c72c _wstat64
0x4842c730 _strcmpi
0x4842c734 sscanf
0x4842c738 _wtof
0x4842c73c _wmakepath
0x4842c740 wcscat
0x4842c744 wcscmp
0x4842c748 _wctime
0x4842c74c sprintf
0x4842c750 ceil
0x4842c754 _vsnwprintf
0x4842c758 fclose
0x4842c75c fwrite
0x4842c760 _wremove
0x4842c764 _wfopen
0x4842c768 atoi
0x4842c76c wcstombs
0x4842c770 _finite
0x4842c774 floor
0x4842c778 _i64tow
0x4842c77c qsort
0x4842c780 _hypot
0x4842c784 rand
0x4842c788 _wfullpath
0x4842c78c strrchr
0x4842c790 strstr
0x4842c794 wcscspn
0x4842c798 atof
0x4842c79c memmove
0x4842c7a0 _i64toa
0x4842c7a4 wcscpy
0x4842c7a8 wcsncmp
0x4842c7ac time
0x4842c7b0 _wasctime
0x4842c7b4 ?terminate@@YAXXZ
0x4842c7b8 _wrename
0x4842c7bc _fpreset
0x4842c7c0 _wtoi64
0x4842c7c4 srand
0x4842c7c8 localtime
0x4842c7cc _waccess
0x4842c7d0 wcslen
0x4842c7d4 wcstol
0x4842c7d8 _beginthread
0x4842c7dc strchr
0x4842c7e0 _wgetenv
0x4842c7e4 malloc
0x4842c7e8 free
0x4842c7ec _ltow
0x4842c7f0 _wtol
0x4842c7f4 sin
0x4842c7f8 _endthread
0x4842c7fc _itow
0x4842c800 _beginthreadex
0x4842c804 fmod
0x4842c808 tolower
0x4842c80c _ultow
0x4842c810 _wsplitpath
0x4842c814 atan
0x4842c818 _isnan
0x4842c81c acos
0x4842c820 _chdir
0x4842c824 wcsrchr
0x4842c828 wcstod
0x4842c82c atan2
0x4842c830 wcsstr
0x4842c834 _wtoi
0x4842c838 swscanf
0x4842c83c exp
0x4842c840 log
0x4842c844 fabs
0x4842c848 tan
0x4842c84c pow
0x4842c850 cos
0x4842c854 sqrt
0x4842c858 log10
0x4842c85c wcschr
0x4842c860 _iob
0x4842c86c __RTDynamicCast
0x4842c870 _purecall
0x4842c874 ??_V@YAXPAX@Z
0x4842c87c ??2@YAPAXI@Z
0x4842c884 ??0exception@@QAE@XZ
0x4842c888 ??1exception@@UAE@XZ
0x4842c88c ??3@YAXPAX@Z
0x4842c894 ??0bad_cast@@QAE@PBD@Z
0x4842c898 ??1bad_cast@@UAE@XZ
0x4842c89c ??_U@YAPAXI@Z
0x4842c8a0 clock
Library MSVCP71.dll:
0x4842c528 ??1_Lockit@std@@QAE@XZ
0x4842c5c8 ?_Fpz@std@@3_JA
0x4842c630 ??1locale@std@@QAE@XZ
Library SharedControls.dll:
0x4842ca70 ??1CGroupBox@@UAE@XZ
0x4842ca74 ??0CGroupBox@@QAE@XZ
0x4842cb34 ??1CRadioGroup@@UAE@XZ
0x4842cb38 ??0CRadioGroup@@QAE@XZ
0x4842cc9c RegisterSharedControls
0x4842cde0 ??0CGDIPool@@QAE@HH@Z
0x4842cde4 ??1CGDIPool@@QAE@XZ
Library SHLWAPI.dll:
0x4842c9c4 StrRetToStrW
0x4842c9c8 PathRemoveArgsW
0x4842c9cc StrDupW
0x4842c9d0 PathGetArgsW
0x4842c9d4 PathFindExtensionW
0x4842c9d8 PathUnquoteSpacesW
0x4842c9dc PathRemoveBackslashW
0x4842c9e0 PathIsUNCW
0x4842c9e4 PathFileExistsA
0x4842c9e8 StrChrW
0x4842c9ec PathFindFileNameW
0x4842c9f0 PathFileExistsW
0x4842c9f4 StrCmpNIW
Library COMCTL32.dll:
0x4842c0fc ImageList_Add
0x4842c100 ImageList_Draw
0x4842c104 _TrackMouseEvent
0x4842c108 InitCommonControlsEx
0x4842c10c ImageList_Create
0x4842c110 ImageList_EndDrag
0x4842c114 ImageList_DragMove
0x4842c118 ImageList_BeginDrag
0x4842c11c ImageList_DragLeave
0x4842c120 ImageList_AddMasked
0x4842c124 ImageList_DragEnter
0x4842c128 ImageList_Merge
0x4842c12c ImageList_Destroy
Library MSIMG32.dll:
0x4842c450 AlphaBlend
Library IMM32.dll:
0x4842c1e4 ImmGetVirtualKey
Library AuditionUtil.dll:
0x4842c0a4 ?InitParallel@@YAKXZ
0x4842c0c8 ??1CParallel@@QAE@XZ
0x4842c0cc ??0CParallel@@QAE@XZ
Library UIToolsShell.dll:
0x4842ce0c ftos
0x4842ce10 barsandbeats2samples
0x4842ce14 ftosfix
0x4842ce1c QuantizeTempo
Library dva.dll:
Library gdiplus.dll:
0x4842d750 GdipDrawRectangleI
0x4842d754 GdipMeasureString
0x4842d758 GdipDrawString
0x4842d75c GdipCreateFromHWND
0x4842d760 GdipAddPathArc
0x4842d764 GdipDrawPath
0x4842d768 GdipSetSmoothingMode
0x4842d76c GdipClosePathFigure
0x4842d770 GdipAddPathLineI
0x4842d774 GdipDeletePath
0x4842d778 GdipFillPath
0x4842d780 GdipDrawLineI
0x4842d784 GdipCreatePath
0x4842d788 GdiplusShutdown
0x4842d78c GdiplusStartup
0x4842d794 GdipDrawImageRectI
0x4842d798 GdipBitmapUnlockBits
0x4842d79c GdipBitmapLockBits
0x4842d7a0 GdipFillEllipse
0x4842d7a4 GdipDeleteCachedBitmap
0x4842d7a8 GdipDrawImageRectRect
0x4842d7ac GdipCloneBitmapAreaI
0x4842d7b4 GdipGetImageHeight
0x4842d7b8 GdipDrawEllipse
0x4842d7c0 GdipDeleteFont
0x4842d7c4 GdipSetClipRectI
0x4842d7c8 GdipGraphicsClear
0x4842d7cc GdipDrawEllipseI
0x4842d7d0 GdipDeleteFontFamily
0x4842d7d4 GdipCreateFont
0x4842d7e0 GdipGetDC
0x4842d7e4 GdipFillRectangle
0x4842d7ec GdipResetClip
0x4842d7f0 GdipCreatePen1
0x4842d7f8 GdipDrawArc
0x4842d7fc GdipCreateLineBrushI
0x4842d800 GdipCreateCachedBitmap
0x4842d804 GdipDrawCachedBitmap
0x4842d808 GdipGetImageWidth
0x4842d80c GdipReleaseDC
0x4842d810 GdipCreateFontFromDC
0x4842d814 GdipDrawImageI
0x4842d818 GdipSetClipRegion
0x4842d81c GdipCombineRegionRectI
0x4842d820 GdipGetClip
0x4842d824 GdipCreateRegionRectI
0x4842d828 GdipDeleteRegion
0x4842d82c GdipCreateRegion
0x4842d830 GdipSetPenDashArray
0x4842d838 GdipSetPenDashOffset
0x4842d83c GdipResetPath
0x4842d840 GdipFillRegion
0x4842d844 GdipSetPathFillMode
0x4842d848 GdipIsEmptyRegion
0x4842d850 GdipCreatePen2
0x4842d854 GdipCreateRegionPath
0x4842d858 GdipAddPathPolygon
0x4842d85c GdipDrawCurve
0x4842d860 GdipDrawImagePointRect
0x4842d864 GdipBitmapGetPixel
0x4842d868 GdipSetCompositingMode
0x4842d86c GdipDrawLine
0x4842d870 GdipCombineRegionPath
0x4842d874 GdipSetPenLineJoin
0x4842d87c GdipCreateLineBrush
0x4842d880 GdipCreateHatchBrush
0x4842d884 GdipDrawImageRect
0x4842d888 GdipCreateStringFormat
0x4842d88c GdipDeleteStringFormat
0x4842d890 GdipAddPathPolygonI
0x4842d898 GdipCloneImage
0x4842d89c GdipFillRectangleI
0x4842d8a0 GdipDisposeImage
0x4842d8a4 GdipCreateFromHDC
0x4842d8a8 GdipAlloc
0x4842d8ac GdipCreateSolidFill
0x4842d8b4 GdipDeleteGraphics
0x4842d8bc GdipCloneBrush
0x4842d8c4 GdipDeletePen
0x4842d8c8 GdipFree
0x4842d8d0 GdipDeleteBrush
Library audipp.dll:
0x4842d0f0 ippsFFTInv_CToC_64f
0x4842d0f8 ippsFFTInitAlloc_C_64f
0x4842d0fc ippsFFTInv_CToC_32fc
0x4842d100 ippsFFTFree_C_32fc
0x4842d10c ippsFFTFwd_CToC_64f
0x4842d110 ippsFFTFree_C_32f
0x4842d114 ippsFFTFree_R_32f
0x4842d118 ippsFFTInitAlloc_R_32f
0x4842d11c ippsPhase_32fc
0x4842d120 ippsFFTFwd_RToCCS_32f
0x4842d124 ippsMul_32f_I
0x4842d128 ippsFFTInitAlloc_C_32f
0x4842d12c ippsMalloc_8u
0x4842d134 ippsSub_32f_I
0x4842d138 ippsConvert_32f16u_Sfs
0x4842d13c ippsGetLibVersion
0x4842d140 ippsMinMax_32f
0x4842d144 ippsMulC_32f_I
0x4842d148 ippsMulC_32f
0x4842d14c ippsCopy_32f
0x4842d150 ippsMalloc_32f
0x4842d154 ippsFlip_32f_I
0x4842d158 ippsAdd_32f_I
0x4842d15c ippsInterleave_32f
0x4842d160 ippsDeinterleave_32f
0x4842d164 ippsZero_32f
0x4842d168 ippsFree
0x4842d16c ippsFFTFwd_CToC_32fc
0x4842d170 ippsFFTFree_C_64f
0x4842d178 ippsFFTFree_C_64fc
0x4842d180 ippsCopy_8u
0x4842d184 ippsConvert_16s32f_Sfs
0x4842d188 ippsCopy_16s
0x4842d18c ippsMagnitude_32fc
Library PremiereShell.dll:
Library xerces-c_2_1_0.dll:
Library UxTheme.dll:
0x4842d0c4 SetWindowTheme
Library ahclient.dll:
Library epic_regs.dll:
0x4842d740 epicRegsInit
0x4842d748 epicRegsDeInit
Library epic_pers.dll:
0x4842d728 epicPersInit
0x4842d730 epicPersDeInit
0x4842d734 epicPersSetElement
0x4842d738 epicPersGetElement
Library epic_eula.dll:
0x4842d714 epicEulaDeInit
0x4842d718 epicEulaInit
Library KERNEL32.dll:
0x4842c1ec IsBadWritePtr
0x4842c1f0 CopyFileW
0x4842c1f4 CreateMutexW
0x4842c1f8 ReleaseMutex
0x4842c200 SizeofResource
0x4842c208 GetCommandLineW
0x4842c20c GlobalMemoryStatus
0x4842c210 GetDriveTypeW
0x4842c214 CreateDirectoryW
0x4842c218 GetLogicalDrives
0x4842c21c GetModuleHandleW
0x4842c220 GetCurrentThread
0x4842c224 OutputDebugStringW
0x4842c228 FileTimeToSystemTime
0x4842c22c GetModuleFileNameW
0x4842c230 MultiByteToWideChar
0x4842c234 GetTempPathW
0x4842c238 GetLocalTime
0x4842c23c RemoveDirectoryW
0x4842c240 GetVersionExA
0x4842c244 GetWindowsDirectoryW
0x4842c24c GetVolumeInformationW
0x4842c250 MapViewOfFile
0x4842c254 UnmapViewOfFile
0x4842c258 GetFileAttributesW
0x4842c25c CreateFileMappingW
0x4842c260 GetSystemInfo
0x4842c26c SetEndOfFile
0x4842c270 GetComputerNameW
0x4842c274 GetDiskFreeSpaceExW
0x4842c278 lstrcpynA
0x4842c27c CompareStringA
0x4842c280 GlobalReAlloc
0x4842c284 OutputDebugStringA
0x4842c288 CompareFileTime
0x4842c28c GetFileTime
0x4842c290 GetUserDefaultLCID
0x4842c294 IsDebuggerPresent
0x4842c298 CreateFileA
0x4842c29c GetModuleFileNameA
0x4842c2a0 _llseek
0x4842c2a4 _lclose
0x4842c2a8 GetLocaleInfoW
0x4842c2ac GetNumberFormatW
0x4842c2b0 _lread
0x4842c2b4 _lopen
0x4842c2b8 FlushFileBuffers
0x4842c2bc GetDiskFreeSpaceW
0x4842c2c0 GetVersion
0x4842c2c4 GetPrivateProfileIntW
0x4842c2c8 GetTimeZoneInformation
0x4842c2d0 GetCurrentDirectoryW
0x4842c2d4 GetLongPathNameW
0x4842c2d8 GetShortPathNameW
0x4842c2dc LocalFree
0x4842c2e4 WinExec
0x4842c2e8 GlobalSize
0x4842c2ec _lwrite
0x4842c2f0 _lcreat
0x4842c2f8 FindResourceW
0x4842c2fc VirtualQuery
0x4842c300 VirtualFree
0x4842c304 VirtualAlloc
0x4842c30c GlobalHandle
0x4842c310 CreateProcessW
0x4842c314 FormatMessageW
0x4842c318 GetACP
0x4842c31c SetThreadLocale
0x4842c320 SetErrorMode
0x4842c328 GetModuleHandleA
0x4842c32c GetStartupInfoA
0x4842c330 SetThreadAffinityMask
0x4842c334 GetCurrentProcessId
0x4842c338 IsDBCSLeadByteEx
0x4842c33c GetCurrentThreadId
0x4842c344 lstrcmpA
0x4842c348 FindNextFileW
0x4842c34c FindClose
0x4842c350 LoadLibraryW
0x4842c354 LoadLibraryExW
0x4842c358 FreeLibrary
0x4842c35c FindFirstFileW
0x4842c360 DeleteFileW
0x4842c364 GetFileAttributesExW
0x4842c368 lstrcatW
0x4842c36c LoadLibraryA
0x4842c370 GetProcessHeap
0x4842c374 HeapFree
0x4842c378 HeapAlloc
0x4842c37c lstrlenA
0x4842c380 HeapReAlloc
0x4842c384 WaitForMultipleObjects
0x4842c388 lstrcmpiW
0x4842c38c GetLastError
0x4842c390 LockResource
0x4842c394 GlobalFree
0x4842c398 GlobalUnlock
0x4842c39c CreateFileW
0x4842c3a0 GlobalAlloc
0x4842c3a4 GlobalLock
0x4842c3a8 LoadResource
0x4842c3ac FreeResource
0x4842c3b0 GetFileSize
0x4842c3b4 GetProcAddress
0x4842c3b8 WideCharToMultiByte
0x4842c3bc CompareStringW
0x4842c3c0 GetTickCount
0x4842c3c4 CreateThread
0x4842c3c8 GetProcessAffinityMask
0x4842c3cc SetThreadPriority
0x4842c3d0 GetCurrentProcess
0x4842c3d8 CloseHandle
0x4842c3dc CreateEventW
0x4842c3e0 ResetEvent
0x4842c3e4 SetEvent
0x4842c3ec WaitForSingleObject
0x4842c3f0 lstrcpyA
0x4842c3f4 lstrcatA
0x4842c3f8 ReadFile
0x4842c3fc WriteFile
0x4842c400 InterlockedDecrement
0x4842c404 InterlockedIncrement
0x4842c408 SetFilePointer
0x4842c40c DeleteCriticalSection
0x4842c410 EnterCriticalSection
0x4842c414 LeaveCriticalSection
0x4842c41c FindResourceA
0x4842c420 lstrcpyW
0x4842c424 InterlockedExchange
0x4842c428 Sleep
0x4842c42c lstrlenW
0x4842c430 lstrcmpW
0x4842c434 ExitThread
0x4842c438 lstrcpynW
0x4842c43c GetVersionExW
0x4842c440 ExitProcess
0x4842c444 LocalAlloc
0x4842c448 RaiseException

Exports

Ordinal Address Name
1 0x481ff810 ??0CWriter@@QAE@XZ
2 0x481ff840 ??1CWriter@@QAE@XZ
3 0x481ff8a0 ??4CReader@@QAEAAV0@ABV0@@Z
4 0x481ff860 ??4CWriter@@QAEAAV0@ABV0@@Z
5 0x481ff890 ?GetVBRQuality@CReader@@QBEEXZ
6 0x481ff880 ?IsProtected@CReader@@QBEHXZ

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
13.227.228.18 443 192.168.56.101 49194

UDP

Source Source Port Destination Destination Port
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51966 239.255.255.250 1900
192.168.56.101 53238 239.255.255.250 3702
192.168.56.101 53240 239.255.255.250 3702
192.168.56.101 53658 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.