5.8
高危
该样本未表现出任何异常!
重新分析
更多

18191afa58109534b58c70e39be259e165a84f9bd02a14f0a183c521c5128cd2

ce92be44784322632a08556ac8f9f6e7.exe

分析耗时

77s

最近分析

文件大小

385.5KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619910869.273465
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1619910853.711465
CryptGenKey
crypto_handle: 0x00645948
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00645348
flags: 1
key: f›óÏÝZi?+x”Úñoêÿ
success 1 0
1619910869.289465
CryptExportKey
crypto_handle: 0x00645948
crypto_export_handle: 0x00644b08
buffer: f¤w˜y²ùÓÇjÌlÂÑ|´û‚ñ´Ú·>Jr…|®~‡“ššÍ6ãÌK%;ñån/‡`?ÃÆՆ^˜ÇßPðõ7¾ \bKږ5n±šª?ý— c(ÈÐ*{ýžk—s:Yp6
blob_type: 1
flags: 64
success 1 0
1619910904.929465
CryptExportKey
crypto_handle: 0x00645948
crypto_export_handle: 0x00644b08
buffer: f¤/aÛUS<”Bõ$‹h:´ŸÕ¡Q‘‹ž•„ÁûíàÓôà!"à+ě·ñí”_Žyìñp½é@cç)åÍìõöê¬HŠÊ´°ò™³glÔºðÇTÞdòÆyúM¸
blob_type: 1
flags: 64
success 1 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619910853.164465
NtAllocateVirtualMemory
process_identifier: 3000
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00580000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619910869.773465
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 6.917230928963582 section {'size_of_data': '0x00014400', 'virtual_address': '0x00052000', 'entropy': 6.917230928963582, 'name': '.rsrc', 'virtual_size': '0x00014238'} description A section with a high entropy has been found
entropy 0.2106631989596879 description Overall entropy of this PE file is high
Expresses interest in specific running processes (1 个事件)
process ce92be44784322632a08556ac8f9f6e7.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619910869.429465
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 201.171.150.41
host 94.76.247.61
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619910872.351465
RegSetValueExA
key_handle: 0x000003b8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619910872.351465
RegSetValueExA
key_handle: 0x000003b8
value: @nQå>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619910872.351465
RegSetValueExA
key_handle: 0x000003b8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619910872.351465
RegSetValueExW
key_handle: 0x000003b8
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619910872.351465
RegSetValueExA
key_handle: 0x000003d0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619910872.351465
RegSetValueExA
key_handle: 0x000003d0
value: @nQå>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619910872.351465
RegSetValueExA
key_handle: 0x000003d0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619910872.367465
RegSetValueExW
key_handle: 0x000003b4
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Generates some ICMP traffic
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 201.171.150.41:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-13 03:01:05

Imports

Library KERNEL32.dll:
0x43c0b4 GetCommandLineA
0x43c0b8 GetStartupInfoA
0x43c0bc HeapAlloc
0x43c0c0 HeapFree
0x43c0c4 VirtualProtect
0x43c0c8 VirtualAlloc
0x43c0cc GetSystemInfo
0x43c0d0 VirtualQuery
0x43c0d4 HeapReAlloc
0x43c0d8 Sleep
0x43c0dc HeapSize
0x43c0e0 TerminateProcess
0x43c0ec IsDebuggerPresent
0x43c0f0 GetACP
0x43c0f4 IsValidCodePage
0x43c0f8 LCMapStringW
0x43c0fc GetStdHandle
0x43c110 SetHandleCount
0x43c114 RaiseException
0x43c118 HeapCreate
0x43c11c VirtualFree
0x43c12c GetStringTypeA
0x43c130 GetStringTypeW
0x43c138 LCMapStringA
0x43c13c GetUserDefaultLCID
0x43c140 EnumSystemLocalesA
0x43c144 IsValidLocale
0x43c148 GetConsoleCP
0x43c14c GetConsoleMode
0x43c150 GetLocaleInfoW
0x43c154 SetStdHandle
0x43c158 WriteConsoleA
0x43c15c GetConsoleOutputCP
0x43c160 WriteConsoleW
0x43c164 CompareStringW
0x43c16c RtlUnwind
0x43c170 GetTickCount
0x43c174 GetFileTime
0x43c178 GetFileSizeEx
0x43c17c GetFileAttributesA
0x43c184 SetErrorMode
0x43c188 GetOEMCP
0x43c18c GetCPInfo
0x43c190 CreateFileA
0x43c194 GetFullPathNameA
0x43c19c FindFirstFileA
0x43c1a0 FindClose
0x43c1a4 GetCurrentProcess
0x43c1a8 DuplicateHandle
0x43c1ac GetFileSize
0x43c1b0 SetEndOfFile
0x43c1b4 UnlockFile
0x43c1b8 LockFile
0x43c1bc FlushFileBuffers
0x43c1c0 SetFilePointer
0x43c1c4 WriteFile
0x43c1c8 ReadFile
0x43c1cc GlobalFlags
0x43c1d8 GetThreadLocale
0x43c1dc TlsFree
0x43c1e4 LocalReAlloc
0x43c1e8 TlsSetValue
0x43c1ec TlsAlloc
0x43c1f4 GlobalHandle
0x43c1f8 GlobalReAlloc
0x43c200 TlsGetValue
0x43c208 LocalAlloc
0x43c210 GetModuleHandleW
0x43c218 GetModuleFileNameW
0x43c21c GlobalGetAtomNameA
0x43c220 GlobalFindAtomA
0x43c224 lstrcmpW
0x43c228 GetVersionExA
0x43c22c FreeResource
0x43c230 GetCurrentProcessId
0x43c234 GlobalAddAtomA
0x43c238 CloseHandle
0x43c23c GlobalDeleteAtom
0x43c240 GetCurrentThread
0x43c244 GetCurrentThreadId
0x43c250 GetModuleFileNameA
0x43c254 GetLocaleInfoA
0x43c258 LoadLibraryA
0x43c25c CompareStringA
0x43c260 InterlockedExchange
0x43c264 lstrcmpA
0x43c268 FreeLibrary
0x43c26c GetModuleHandleA
0x43c270 GetProcAddress
0x43c274 GetLastError
0x43c278 SetLastError
0x43c27c GlobalFree
0x43c280 GlobalAlloc
0x43c284 GlobalLock
0x43c288 GlobalUnlock
0x43c28c FormatMessageA
0x43c290 LocalFree
0x43c294 MultiByteToWideChar
0x43c298 MulDiv
0x43c29c lstrlenA
0x43c2a0 ExitProcess
0x43c2a4 WideCharToMultiByte
0x43c2a8 FindResourceA
0x43c2ac LoadResource
0x43c2b0 LockResource
0x43c2b4 GetFileType
0x43c2b8 SizeofResource
Library USER32.dll:
0x43c318 PostThreadMessageA
0x43c31c CharUpperA
0x43c320 ReleaseCapture
0x43c324 SetCapture
0x43c328 LoadCursorA
0x43c32c GetSysColorBrush
0x43c330 EndPaint
0x43c334 BeginPaint
0x43c338 GetWindowDC
0x43c33c ClientToScreen
0x43c340 GrayStringA
0x43c344 DrawTextExA
0x43c348 DrawTextA
0x43c34c TabbedTextOutA
0x43c350 DestroyMenu
0x43c354 ShowWindow
0x43c358 MoveWindow
0x43c35c SetWindowTextA
0x43c360 IsDialogMessageA
0x43c368 SendDlgItemMessageA
0x43c36c WinHelpA
0x43c370 IsChild
0x43c374 GetCapture
0x43c378 GetClassNameA
0x43c37c SetPropA
0x43c380 GetPropA
0x43c384 RemovePropA
0x43c388 SetFocus
0x43c390 GetWindowTextA
0x43c394 GetForegroundWindow
0x43c398 GetTopWindow
0x43c39c UnhookWindowsHookEx
0x43c3a0 GetMessageTime
0x43c3a4 GetMessagePos
0x43c3a8 MapWindowPoints
0x43c3ac SetMenu
0x43c3b0 SetForegroundWindow
0x43c3b4 UpdateWindow
0x43c3b8 CreateWindowExA
0x43c3bc GetClassInfoExA
0x43c3c0 GetClassInfoA
0x43c3c4 RegisterClassA
0x43c3c8 GetSysColor
0x43c3cc AdjustWindowRectEx
0x43c3d0 EqualRect
0x43c3d4 PtInRect
0x43c3d8 GetDlgCtrlID
0x43c3dc DefWindowProcA
0x43c3e0 CallWindowProcA
0x43c3e4 GetMenu
0x43c3e8 SetWindowLongA
0x43c3ec OffsetRect
0x43c3f0 IntersectRect
0x43c3f8 GetWindowPlacement
0x43c3fc GetWindowRect
0x43c400 GetWindow
0x43c408 MapDialogRect
0x43c40c SetWindowPos
0x43c410 DrawIcon
0x43c414 AppendMenuA
0x43c418 SendMessageA
0x43c41c GetSystemMenu
0x43c420 ReleaseDC
0x43c424 GetDC
0x43c428 CopyRect
0x43c42c GetDesktopWindow
0x43c430 SetActiveWindow
0x43c438 DestroyWindow
0x43c43c IsWindow
0x43c440 GetDlgItem
0x43c444 GetNextDlgTabItem
0x43c448 EndDialog
0x43c450 GetWindowLongA
0x43c454 UnregisterClassA
0x43c458 MessageBeep
0x43c45c GetNextDlgGroupItem
0x43c460 InvalidateRgn
0x43c464 InvalidateRect
0x43c468 SetRect
0x43c46c IsRectEmpty
0x43c474 CharNextA
0x43c478 IsIconic
0x43c47c GetClientRect
0x43c480 EnableWindow
0x43c484 LoadIconA
0x43c488 GetSystemMetrics
0x43c48c GetSubMenu
0x43c490 GetMenuItemCount
0x43c494 GetMenuItemID
0x43c498 GetMenuState
0x43c49c PostQuitMessage
0x43c4a0 PostMessageA
0x43c4a4 CheckMenuItem
0x43c4a8 EnableMenuItem
0x43c4ac ModifyMenuA
0x43c4b0 GetParent
0x43c4b4 GetFocus
0x43c4b8 LoadBitmapA
0x43c4c0 SetMenuItemBitmaps
0x43c4c4 ValidateRect
0x43c4c8 GetCursorPos
0x43c4cc PeekMessageA
0x43c4d0 GetKeyState
0x43c4d4 IsWindowVisible
0x43c4d8 GetActiveWindow
0x43c4dc DispatchMessageA
0x43c4e0 TranslateMessage
0x43c4e4 GetMessageA
0x43c4e8 CallNextHookEx
0x43c4ec SetWindowsHookExA
0x43c4f0 SetCursor
0x43c4f4 MessageBoxA
0x43c4f8 IsWindowEnabled
0x43c4fc GetLastActivePopup
0x43c500 GetClassLongA
Library GDI32.dll:
0x43c030 ScaleWindowExtEx
0x43c034 ExtSelectClipRgn
0x43c038 DeleteDC
0x43c03c GetStockObject
0x43c040 SetWindowExtEx
0x43c044 GetMapMode
0x43c048 GetBkColor
0x43c04c GetTextColor
0x43c050 GetRgnBox
0x43c054 ScaleViewportExtEx
0x43c058 SetViewportExtEx
0x43c05c OffsetViewportOrgEx
0x43c060 SetViewportOrgEx
0x43c064 SelectObject
0x43c068 Escape
0x43c06c TextOutA
0x43c070 RectVisible
0x43c074 PtVisible
0x43c078 GetDeviceCaps
0x43c07c GetViewportExtEx
0x43c080 DeleteObject
0x43c084 SetMapMode
0x43c088 RestoreDC
0x43c08c SaveDC
0x43c090 ExtTextOutA
0x43c094 GetObjectA
0x43c098 SetBkColor
0x43c09c SetTextColor
0x43c0a0 GetClipBox
0x43c0a8 CreateBitmap
0x43c0ac GetWindowExtEx
Library COMDLG32.dll:
0x43c028 GetFileTitleA
Library WINSPOOL.DRV:
0x43c508 DocumentPropertiesA
0x43c50c ClosePrinter
0x43c510 OpenPrinterA
Library ADVAPI32.dll:
0x43c000 RegSetValueExA
0x43c004 RegCreateKeyExA
0x43c008 RegQueryValueA
0x43c00c RegOpenKeyA
0x43c010 RegEnumKeyA
0x43c014 RegDeleteKeyA
0x43c018 RegOpenKeyExA
0x43c01c RegQueryValueExA
0x43c020 RegCloseKey
Library SHELL32.dll:
0x43c2f8 SHGetFileInfoA
Library SHLWAPI.dll:
0x43c300 PathFindFileNameA
0x43c304 PathStripToRootA
0x43c308 PathIsUNCA
0x43c30c PathFindExtensionA
Library oledlg.dll:
0x43c558
Library ole32.dll:
0x43c518 CoRevokeClassObject
0x43c51c OleInitialize
0x43c524 OleUninitialize
0x43c534 CoGetClassObject
0x43c53c CLSIDFromString
0x43c540 CLSIDFromProgID
0x43c544 CoTaskMemAlloc
0x43c548 CoTaskMemFree
0x43c54c OleFlushClipboard
Library OLEAUT32.dll:
0x43c2c0 SysFreeString
0x43c2c8 SysAllocStringLen
0x43c2cc VariantClear
0x43c2d0 VariantChangeType
0x43c2d4 VariantInit
0x43c2d8 VariantCopy
0x43c2dc SafeArrayDestroy
0x43c2ec SysAllocString
0x43c2f0 SysStringLen

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.