2.0
低危
15 个模型检测该样本为恶意!
重新分析
更多

e59d696992d0bab6f7312c7ee7ee37933454832df31fdc193a78c05ddcbf9e29

ce703531372a14a6eb5a87408e5aa1c5.exe

分析耗时

82s

最近分析

文件大小

10.5MB
静态报毒 动态报毒 APPLICUNWNT@#IVIILVML3MRD ARTEMIS ATTRIBUTE HIGHCONFIDENCE HLUX KCLOUD KVMH015 MALICIOUS MALICIOUS PE MULTIPLUG ONLINEGAME R002H05K620 STATIC AI 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
CrowdStrike 20210203 1.0
Alibaba Trojan:Application/Generic.0d79c5a5 20190527 0.3.0.5
Avast 20210504 21.1.5827.0
Tencent 20210504 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft Win32.Heur.KVMH015.a.(kcloud) 20210504 2017.9.26.565
McAfee Artemis!CE703531372A 20210504 6.0.6.653
静态指标
This executable has a PDB path (1 个事件)
pdb_path d:\ClientTeam\20. Release\2. 글로벌\[12.03.22] MU_ENG_1.04.05\tmp\Global Release\main.pdb
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .dlib
行为判定
动态指标
Foreign language identified in PE resource (7 个事件)
name RT_ICON language LANG_KOREAN offset 0x0947cc40 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN size 0x00000128
name RT_ICON language LANG_KOREAN offset 0x0947cc40 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN size 0x00000128
name RT_ICON language LANG_KOREAN offset 0x0947cc40 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN size 0x00000128
name RT_ICON language LANG_KOREAN offset 0x0947cc40 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN size 0x00000128
name RT_DIALOG language LANG_KOREAN offset 0x0947cd68 filetype data sublanguage SUBLANG_KOREAN size 0x0000007a
name RT_GROUP_ICON language LANG_KOREAN offset 0x0947cde4 filetype data sublanguage SUBLANG_KOREAN size 0x0000003e
name RT_VERSION language LANG_KOREAN offset 0x0947ce24 filetype data sublanguage SUBLANG_KOREAN size 0x000002a4
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 15 AntiVirus engines on VirusTotal as malicious (15 个事件)
Zillya Adware.MultiPlug.Win32.504594
Alibaba Trojan:Application/Generic.0d79c5a5
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
Comodo ApplicUnwnt@#iviilvml3mrd
McAfee-GW-Edition Artemis
SentinelOne Static AI - Malicious PE
Webroot W32.Trojan.Gen
Kingsoft Win32.Heur.KVMH015.a.(kcloud)
Gridinsoft Adware.Win32.MultiPlug.oa
McAfee Artemis!CE703531372A
VBA32 Heur.Trojan.Hlux
TrendMicro-HouseCall TROJ_GEN.R002H05K620
Panda PUP/OnlineGame
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2012-03-21 16:53:38

Imports

Library IMM32.dll:
0xd22160 ImmGetContext
0xd2216c ImmGetOpenStatus
0xd22170 ImmGetDefaultIMEWnd
0xd22174 ImmGetIMEFileNameA
0xd22178 ImmGetDescriptionA
0xd2217c ImmSetOpenStatus
0xd2218c ImmReleaseContext
Library DSOUND.dll:
0xd2210c
0xd22110
Library OPENGL32.dll:
0xd224d8 glColor4f
0xd224dc glDisable
0xd224e0 glEnd
0xd224e4 glVertex2f
0xd224e8 glTexCoord2f
0xd224ec glBegin
0xd224f0 glColor3f
0xd224f4 glTexImage2D
0xd224f8 glBindTexture
0xd224fc glFlush
0xd22500 glClear
0xd22504 glPopMatrix
0xd22508 glAlphaFunc
0xd2250c glDepthFunc
0xd22510 glTranslatef
0xd22514 glRotatef
0xd22518 glLoadIdentity
0xd2251c glPushMatrix
0xd22520 glMatrixMode
0xd22524 wglDeleteContext
0xd22528 wglMakeCurrent
0xd2252c glGetString
0xd22530 wglCreateContext
0xd22534 glClearColor
0xd22538 glVertex3f
0xd2253c glNormal3f
0xd22540 glVertex3fv
0xd22544 glColor3fv
0xd22548 glDeleteTextures
0xd2254c glTexParameteri
0xd22550 glGenTextures
0xd22554 glTexEnvf
0xd22558 glDepthMask
0xd2255c glPolygonMode
0xd22560 glFrontFace
0xd22564 glStencilFunc
0xd22568 glColorMask
0xd2256c glStencilOp
0xd22570 glScalef
0xd22574 glColor4ub
0xd22578 glEnable
0xd2257c glGetFloatv
0xd22580 glReadPixels
0xd22584 glBlendFunc
0xd22588 glViewport
0xd2258c glFogfv
0xd22590 glFogf
0xd22594 glFogi
0xd22598 glTexEnvi
0xd2259c glGetIntegerv
0xd225a0 glColor3ub
Library GLU32.dll:
0xd22154 gluPerspective
0xd22158 gluOrtho2D
Library WINMM.dll:
0xd22750 timeKillEvent
0xd22754 timeSetEvent
0xd22758 timeGetDevCaps
0xd2275c timeBeginPeriod
0xd22760 mmioWrite
0xd22764 mmioOpenA
0xd22768 mmioDescend
0xd2276c mmioRead
0xd22770 mmioAscend
0xd22774 mmioClose
0xd22778 timeGetTime
0xd2277c timeEndPeriod
Library WS2_32.dll:
0xd22784 getservbyport
0xd22788 gethostbyaddr
0xd2278c getservbyname
0xd22790 htonl
0xd22794 listen
0xd22798 WSASetLastError
0xd2279c connect
0xd227a0 gethostname
0xd227a4 setsockopt
0xd227a8 socket
0xd227ac shutdown
0xd227b0 recv
0xd227b4 closesocket
0xd227b8 WSAStartup
0xd227bc bind
0xd227c0 htons
0xd227c4 inet_addr
0xd227c8 __WSAFDIsSet
0xd227cc select
0xd227d0 getpeername
0xd227d4 getsockname
0xd227d8 inet_ntoa
0xd227dc ntohs
0xd227e0 ioctlsocket
0xd227e4 accept
0xd227e8 WSASend
0xd227ec WSAAsyncSelect
0xd227f0 sendto
0xd227f4 WSAGetLastError
0xd227f8 send
0xd227fc WSACleanup
0xd22800 gethostbyname
Library VERSION.dll:
0xd22700 GetFileVersionInfoA
0xd22704 VerQueryValueA
Library wzAudio.dll:
0xd22844 wzAudioCreate
0xd22848 wzAudioOption
0xd2284c wzAudioDestroy
0xd22854 wzAudioPlay
0xd22858 wzAudioStop
Library KERNEL32.dll:
0xd221a0 RtlUnwind
0xd221a8 IsDebuggerPresent
0xd221ac RaiseException
0xd221b0 GetTickCount
0xd221b4 IsBadReadPtr
0xd221b8 lstrlenA
0xd221bc GlobalUnlock
0xd221c0 GlobalLock
0xd221c4 CreateFileA
0xd221c8 GetCommandLineA
0xd221cc CloseHandle
0xd221d0 ExitProcess
0xd221d4 ReadFile
0xd221d8 GetFileSize
0xd221dc GetLastError
0xd221e8 DeleteFileA
0xd221ec CopyFileA
0xd221f0 SetFileAttributesA
0xd221f4 Process32Next
0xd221f8 TerminateProcess
0xd221fc OpenProcess
0xd22200 Process32First
0xd22208 WinExec
0xd2220c Sleep
0xd22210 FindClose
0xd22214 FindFirstFileA
0xd22218 GetLocalTime
0xd2221c GetCurrentThreadId
0xd22220 SetFilePointer
0xd2222c CreateDirectoryA
0xd22230 GetFileAttributesA
0xd22234 SetFileTime
0xd22238 WriteFile
0xd2223c MultiByteToWideChar
0xd22240 WideCharToMultiByte
0xd22250 GetSystemDirectoryA
0xd22254 lstrcmpiA
0xd22258 GetVersionExA
0xd22260 SetThreadPriority
0xd22264 SetPriorityClass
0xd2226c GetThreadPriority
0xd22270 GetPriorityClass
0xd22274 GetCurrentThread
0xd22278 GetCurrentProcess
0xd2227c FreeLibrary
0xd22280 GetProcAddress
0xd22284 LoadLibraryA
0xd22288 GlobalMemoryStatus
0xd2228c SetConsoleMode
0xd22290 GetStdHandle
0xd22294 AllocConsole
0xd22298 FreeConsole
0xd2229c SetConsoleTitleA
0xd222a0 GetConsoleTitleA
0xd222a4 SetLastError
0xd222bc ReadConsoleOutputA
0xd222c0 GetCurrentProcessId
0xd222c8 GetExitCodeThread
0xd222cc WaitForSingleObject
0xd222d0 CreateThread
0xd222e0 InterlockedExchange
0xd222e4 CompareStringA
0xd222e8 CompareStringW
0xd222ec GetThreadContext
0xd222f0 MapViewOfFile
0xd222f4 UnmapViewOfFile
0xd222f8 CreateFileMappingA
0xd222fc lstrcpynA
0xd22300 Module32Next
0xd22304 Module32First
0xd22308 GetModuleFileNameA
0xd2230c RemoveDirectoryA
0xd22310 FindNextFileA
0xd22314 GetFullPathNameA
0xd22320 IsBadStringPtrA
0xd22324 OpenFileMappingA
0xd22328 IsBadWritePtr
0xd2232c SetEvent
0xd22330 SetEndOfFile
0xd22334 GetModuleHandleA
0xd22338 CreateMutexA
0xd2233c ResumeThread
0xd22340 ResetEvent
0xd22344 GetExitCodeProcess
0xd2234c CreateProcessA
0xd22350 CreateEventA
0xd22354 OpenEventA
0xd22358 OpenMutexA
0xd2235c MoveFileExA
0xd22360 lstrcatA
0xd22364 TerminateThread
0xd22368 ReleaseMutex
0xd2236c GetComputerNameA
0xd22370 lstrcmpA
0xd22374 GetModuleFileNameW
0xd22378 VirtualProtect
0xd2237c VirtualQuery
0xd22380 VirtualAlloc
0xd22384 VirtualFree
0xd22388 LoadLibraryExA
0xd2238c GetTempFileNameA
0xd22390 GetTempPathA
0xd22394 HeapFree
0xd22398 GetProcessHeap
0xd2239c HeapAlloc
0xd223a4 DuplicateHandle
0xd223a8 SetStdHandle
0xd223ac CreatePipe
0xd223b0 PeekNamedPipe
0xd223b4 lstrcpyA
0xd223b8 GetFileAttributesW
0xd223bc CreateDirectoryW
0xd223c0 DeleteFileW
0xd223c4 lstrlenW
0xd223c8 CreateFileW
0xd223cc SetFileAttributesW
0xd223d0 GetFileSizeEx
0xd223d8 GetModuleHandleW
0xd223e0 GetStartupInfoA
0xd223e4 MoveFileA
0xd223e8 ExitThread
0xd223ec GetCPInfo
0xd223f0 LCMapStringA
0xd223f4 LCMapStringW
0xd223f8 TlsGetValue
0xd223fc TlsAlloc
0xd22400 TlsSetValue
0xd22404 TlsFree
0xd22408 HeapSize
0xd2240c HeapCreate
0xd22410 HeapDestroy
0xd22414 FatalAppExitA
0xd22418 HeapReAlloc
0xd2241c GetACP
0xd22420 GetOEMCP
0xd2242c IsValidCodePage
0xd22430 GetTimeFormatA
0xd22434 GetDateFormatA
0xd22438 GetUserDefaultLCID
0xd2243c GetLocaleInfoA
0xd22440 EnumSystemLocalesA
0xd22448 IsValidLocale
0xd2244c GetStringTypeA
0xd22450 GetStringTypeW
0xd22454 GetConsoleCP
0xd22458 GetConsoleMode
0xd2245c SetHandleCount
0xd22460 GetFileType
0xd2247c FlushFileBuffers
0xd22480 GetLocaleInfoW
0xd22484 WriteConsoleA
0xd22488 GetConsoleOutputCP
0xd2248c WriteConsoleW
0xd22494 LocalFree
0xd22498 CompareFileTime
0xd224a0 GetSystemTime
0xd224a4 FormatMessageA
0xd224a8 GetFullPathNameW
0xd224b0 GetTempPathW
0xd224b4 MoveFileW
0xd224b8 CopyFileW
0xd224c4 RemoveDirectoryW
0xd224c8 GetFileTime
0xd224cc FindFirstFileW
0xd224d0 FindNextFileW
Library USER32.dll:
0xd225b4 FindWindowA
0xd225bc DefWindowProcA
0xd225c0 ReleaseCapture
0xd225c4 ReleaseDC
0xd225c8 ShowCursor
0xd225cc KillTimer
0xd225d0 IntersectRect
0xd225d4 wsprintfA
0xd225d8 SetTimer
0xd225dc SetScrollPos
0xd225e0 GetScrollPos
0xd225e4 SetCapture
0xd225e8 SetFocus
0xd225ec PostMessageW
0xd225f0 CreateWindowExW
0xd225f4 ShowWindow
0xd225f8 GetDC
0xd225fc PostQuitMessage
0xd22600 SendMessageW
0xd22604 SetWindowTextW
0xd22608 GetWindowTextW
0xd2260c GetWindowTextA
0xd22610 GetCaretPos
0xd22614 GetWindowLongW
0xd22618 SendMessageA
0xd2261c CallWindowProcW
0xd22620 OpenClipboard
0xd22624 GetClipboardData
0xd22628 CloseClipboard
0xd2262c SetWindowLongW
0xd22630 DestroyWindow
0xd22634 SetRect
0xd22638 GetActiveWindow
0xd2263c GetCursorPos
0xd22640 ScreenToClient
0xd22644 GetDoubleClickTime
0xd22648 EndPaint
0xd2264c BeginPaint
0xd22650 CreateWindowExA
0xd22654 RegisterClassA
0xd22658 LoadCursorA
0xd2265c LoadIconA
0xd22660 SetForegroundWindow
0xd22664 GetSystemMetrics
0xd22668 AdjustWindowRect
0xd2266c IsIconic
0xd22670 DispatchMessageA
0xd22674 TranslateMessage
0xd22678 GetMessageA
0xd2267c PeekMessageA
0xd22680 UpdateWindow
0xd22688 GetDesktopWindow
0xd2268c SetWindowsHookExA
0xd22690 UnhookWindowsHookEx
0xd22694 CharUpperW
0xd22698 CharUpperA
0xd2269c CharLowerW
0xd226a0 CharLowerA
0xd226a8 GetClassNameA
0xd226ac GetSystemMenu
0xd226b0 DrawMenuBar
0xd226b4 RemoveMenu
0xd226b8 EnumChildWindows
0xd226bc SetWindowPos
0xd226c4 wvsprintfA
0xd226c8 GetAsyncKeyState
0xd226cc PtInRect
0xd226d0 OffsetRect
0xd226d4 MessageBoxA
0xd226d8 PostMessageA
0xd226dc SetCursorPos
0xd226e0 UnregisterHotKey
0xd226e4 RegisterHotKey
0xd226e8 GetWindowRect
0xd226ec IsWindowVisible
0xd226f0 CallNextHookEx
0xd226f4 GetFocus
0xd226f8 GetKeyboardLayout
Library GDI32.dll:
0xd22118 CreateCompatibleDC
0xd2211c SelectObject
0xd22120 DeleteObject
0xd22124 CreateDIBSection
0xd22128 DeleteDC
0xd2212c SetTextColor
0xd22130 SetBkColor
0xd22134 SwapBuffers
0xd22138 GetStockObject
0xd2213c SetPixelFormat
0xd22140 ChoosePixelFormat
0xd22148 TextOutW
0xd2214c CreateFontA
Library ADVAPI32.dll:
0xd22000 CryptGetUserKey
0xd22004 RegCloseKey
0xd22008 RegSetValueExA
0xd2200c RegCreateKeyExA
0xd22010 RegQueryValueExA
0xd22014 RegDeleteKeyA
0xd22018 RegOpenKeyExA
0xd22024 RegDeleteValueA
0xd22028 RegCreateKeyA
0xd2202c CryptReleaseContext
0xd22030 CryptDestroyKey
0xd22034 CryptEncrypt
0xd22038 CryptImportKey
0xd22040 CryptGenKey
0xd22044 CryptExportKey
0xd22048 CryptGetProvParam
0xd2204c CryptEnumProvidersA
0xd22054 RegSetValueExW
0xd22058 CryptGenRandom
0xd2205c RegEnumValueA
0xd22060 CryptDestroyHash
0xd22068 CryptHashData
0xd2206c CryptCreateHash
0xd22070 CryptDecrypt
0xd22074 CryptDeriveKey
0xd22078 CryptGetHashParam
0xd2207c GetUserNameA
Library SHELL32.dll:
0xd225a8 ShellExecuteA
Library ole32.dll:
0xd22828 CoUninitialize
0xd2282c CoCreateInstance
0xd22830 CoInitialize
Library dbghelp.dll:
0xd22808 SymCleanup
0xd22810 SymFromAddr
0xd22814 StackWalk64
0xd22818 SymInitialize
0xd2281c SymSetOptions
0xd22820 MiniDumpWriteDump
Library IPHLPAPI.DLL:
0xd22194 GetAdaptersInfo
Library WININET.dll:
0xd22710 InternetCloseHandle
0xd22714 FtpPutFileA
0xd22718 FtpCreateDirectoryA
0xd2271c InternetOpenUrlA
0xd22720 InternetConnectA
0xd22724 InternetOpenA
0xd22728 InternetReadFile
0xd2272c InternetOpenW
0xd22730 InternetConnectW
0xd22734 HttpQueryInfoW
0xd22738 HttpSendRequestA
0xd2273c HttpOpenRequestW
0xd22744 FtpOpenFileW
0xd22748 FtpFindFirstFileW
Library CRYPT32.dll:
0xd22084 CertNameToStrA
0xd22090 CertSaveStore
0xd220ac CertDuplicateStore
0xd220b0 CryptEncodeObject
0xd220b4 CryptSignMessage
0xd220b8 CertOpenStore
0xd220bc CryptDecryptMessage
0xd220c0 CertCloseStore
0xd220c8 CryptMsgUpdate
0xd220cc CryptMsgClose
0xd220d0 CryptMsgGetParam
0xd220e0 CryptMsgControl
0xd220e4 CryptDecodeObject
Library urlmon.dll:
0xd22838 URLDownloadToFileW
0xd2283c URLDownloadToFileA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.