2.6
中危
2 个模型检测该样本为恶意!
重新分析
更多

41ac00cdcdd9b3affc29b96246d4aee9354a16a10654fc0b7e1a5c83e8720e9d

d1046ee74238a93d9d0e9fbf37b91b3e.exe

分析耗时

78s

最近分析

文件大小

388.0KB
静态报毒 动态报毒 GENOME UNSAFE
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba 20180921 0.1.0.2
Baidu 20190122 1.0.0.2
Avast 20190123 18.4.3895.0
Kingsoft 20190123 2013.8.14.323
McAfee 20190123 6.0.6.653
Tencent 20190123 1.0.0.1
CrowdStrike 20181023 1.0
静态指标
This executable has a PDB path (1 个事件)
pdb_path f:\我的vc工程\hjjm_easy\1018\release\hjjm_easy.pdb
Tries to locate where the browsers are installed (1 个事件)
file C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619910850.780531
GlobalMemoryStatusEx
success 1 0
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Foreign language identified in PE resource (50 out of 72 个事件)
name RT_CURSOR language LANG_CHINESE offset 0x0006006c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0006006c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0006006c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0006006c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0006006c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0006006c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0006006c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0006006c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0006006c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0006006c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0006006c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0006006c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0006006c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0006006c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0006006c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_CURSOR language LANG_CHINESE offset 0x0006006c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000134
name RT_BITMAP language LANG_CHINESE offset 0x000604a0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000604a0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_BITMAP language LANG_CHINESE offset 0x000604a0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000144
name RT_ICON language LANG_CHINESE offset 0x00061d34 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000568
name RT_ICON language LANG_CHINESE offset 0x00061d34 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000568
name RT_ICON language LANG_CHINESE offset 0x00061d34 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000568
name RT_MENU language LANG_CHINESE offset 0x0006229c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000130
name RT_DIALOG language LANG_CHINESE offset 0x00062ba8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x00062ba8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x00062ba8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x00062ba8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x00062ba8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_DIALOG language LANG_CHINESE offset 0x00062ba8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000034
name RT_STRING language LANG_CHINESE offset 0x000646b4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x000646b4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x000646b4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x000646b4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x000646b4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x000646b4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x000646b4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x000646b4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x000646b4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x000646b4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x000646b4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x000646b4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x000646b4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x000646b4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x000646b4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x000646b4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x000646b4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x000646b4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x000646b4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x000646b4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
name RT_STRING language LANG_CHINESE offset 0x000646b4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000042
Creates a shortcut to an executable file (5 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
file C:\Users\Public\Desktop\Google Chrome.lnk
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
File has been identified by 2 AntiVirus engines on VirusTotal as malicious (2 个事件)
Cylance Unsafe
Zillya Trojan.Genome.Win32.228479
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2010-09-28 08:58:20

Imports

Library SHLWAPI.dll:
0x4463a0 PathFindFileNameW
0x4463a4 PathStripToRootW
0x4463a8 PathIsUNCW
0x4463ac PathIsDirectoryW
0x4463b0 PathFileExistsW
0x4463b4 PathFindExtensionW
Library KERNEL32.dll:
0x4460c4 TlsGetValue
0x4460cc GlobalReAlloc
0x4460d0 GlobalHandle
0x4460d8 TlsAlloc
0x4460dc TlsSetValue
0x4460e0 LocalReAlloc
0x4460e8 TlsFree
0x4460ec GlobalFlags
0x4460f4 lstrlenA
0x4460f8 SetErrorMode
0x446100 HeapFree
0x446104 HeapAlloc
0x446108 GetProcessHeap
0x44610c GetStartupInfoW
0x446114 RtlUnwind
0x446118 RaiseException
0x44611c ExitThread
0x446120 CreateThread
0x446124 HeapReAlloc
0x446128 SetStdHandle
0x44612c GetFileType
0x446130 ExitProcess
0x446134 HeapSize
0x446138 VirtualProtect
0x44613c VirtualAlloc
0x446140 GetSystemInfo
0x446144 VirtualQuery
0x446148 GetStdHandle
0x44614c GetModuleFileNameA
0x446150 LocalAlloc
0x446164 GetCommandLineA
0x446168 SetHandleCount
0x44616c GetStartupInfoA
0x446170 HeapDestroy
0x446174 HeapCreate
0x446178 VirtualFree
0x446180 TerminateProcess
0x446188 IsDebuggerPresent
0x446190 GetCPInfo
0x446194 GetACP
0x446198 GetOEMCP
0x44619c CreateFileA
0x4461a0 LCMapStringA
0x4461a4 LCMapStringW
0x4461a8 GetConsoleCP
0x4461ac GetConsoleMode
0x4461b0 GetStringTypeA
0x4461b4 GetStringTypeW
0x4461b8 GetLocaleInfoA
0x4461bc WriteConsoleA
0x4461c0 GetConsoleOutputCP
0x4461c4 WriteConsoleW
0x4461cc GetDriveTypeA
0x4461d4 GetFullPathNameW
0x4461dc GetCurrentProcess
0x4461e0 DuplicateHandle
0x4461e4 SetEndOfFile
0x4461e8 UnlockFile
0x4461ec LockFile
0x4461f0 FlushFileBuffers
0x4461f4 ReadFile
0x4461f8 GetThreadLocale
0x4461fc GetCurrentThread
0x446204 GetVersion
0x44620c lstrcmpA
0x446210 GetLocaleInfoW
0x446214 CompareStringA
0x446218 InterlockedExchange
0x44621c SetFileTime
0x446228 GlobalAlloc
0x44622c GetCurrentProcessId
0x446230 CreateEventW
0x446234 SuspendThread
0x446238 SetEvent
0x44623c ResumeThread
0x446240 SetThreadPriority
0x446248 GlobalFree
0x44624c GlobalLock
0x446250 GlobalUnlock
0x446254 MulDiv
0x446258 GetModuleHandleA
0x44625c FreeResource
0x446260 GetCurrentThreadId
0x446264 GlobalAddAtomW
0x446268 GlobalFindAtomW
0x44626c GlobalDeleteAtom
0x446270 CompareStringW
0x446274 LoadLibraryA
0x446278 SetLastError
0x44627c lstrcmpW
0x446280 GetModuleHandleW
0x446284 GetProcAddress
0x446288 GetVersionExA
0x44628c WriteFile
0x446290 SetFilePointer
0x446294 GetFileSize
0x446298 FindClose
0x44629c FindNextFileW
0x4462a0 FindFirstFileW
0x4462a4 GetTempPathW
0x4462a8 WinExec
0x4462ac lstrcatW
0x4462b0 lstrcpyW
0x4462bc GetFileTime
0x4462c0 DeleteFileW
0x4462c8 RemoveDirectoryW
0x4462cc WideCharToMultiByte
0x4462d0 lstrlenW
0x4462d4 FreeLibrary
0x4462d8 LoadLibraryW
0x4462dc GetLongPathNameW
0x4462e0 GetCommandLineW
0x4462e4 GetVersionExW
0x4462e8 CloseHandle
0x4462ec CreateFileW
0x4462f0 CreateDirectoryW
0x4462f4 MoveFileW
0x4462f8 GetModuleFileNameW
0x4462fc LocalFree
0x446300 GetLastError
0x446304 FormatMessageW
0x446308 Sleep
0x44630c WaitForSingleObject
0x446310 DefineDosDeviceW
0x446314 GetTickCount
0x446318 MultiByteToWideChar
0x44631c FindResourceW
0x446320 LoadResource
0x446324 LockResource
0x446328 SizeofResource
0x44632c SetFileAttributesW
0x446330 GetFileAttributesW
0x446334 GetSystemDirectoryW
0x44633c CopyFileW
0x446340 WriteProfileStringW
0x446344 GetProfileIntW
0x446348 GetProfileStringW
Library USER32.dll:
0x4463bc GetSysColorBrush
0x4463c0 UnregisterClassW
0x4463c4 PostThreadMessageW
0x4463c8 CharNextW
0x4463d0 SetRect
0x4463d4 InvalidateRgn
0x4463d8 GetNextDlgGroupItem
0x4463dc MessageBeep
0x4463e0 IsRectEmpty
0x4463e4 DestroyMenu
0x4463e8 InvalidateRect
0x4463ec CharUpperW
0x4463f0 WindowFromPoint
0x4463f8 MapDialogRect
0x446400 PostQuitMessage
0x446408 GetMessageW
0x44640c TranslateMessage
0x446410 GetCursorPos
0x446414 ValidateRect
0x446418 GetDesktopWindow
0x44641c GetActiveWindow
0x446424 GetNextDlgTabItem
0x446428 EndDialog
0x44642c IsWindowEnabled
0x446430 ShowWindow
0x446434 MoveWindow
0x446438 SetWindowTextW
0x44643c IsDialogMessageW
0x446440 SetDlgItemTextW
0x446444 SetMenuItemBitmaps
0x44644c LoadBitmapW
0x446450 ModifyMenuW
0x446454 GetMenuState
0x446458 EnableMenuItem
0x44645c CheckMenuItem
0x446460 EndPaint
0x446464 BeginPaint
0x446468 GetWindowDC
0x44646c ReleaseDC
0x446470 GetDC
0x446474 ClientToScreen
0x446478 GrayStringW
0x44647c DrawTextExW
0x446480 DrawTextW
0x446484 TabbedTextOutW
0x44648c SendDlgItemMessageW
0x446490 SendDlgItemMessageA
0x446494 WinHelpW
0x446498 IsChild
0x44649c GetCapture
0x4464a0 SetWindowsHookExW
0x4464a4 CallNextHookEx
0x4464a8 GetClassLongW
0x4464ac GetClassNameW
0x4464b0 SetPropW
0x4464b4 GetPropW
0x4464b8 RemovePropW
0x4464bc GetFocus
0x4464c4 GetForegroundWindow
0x4464c8 GetLastActivePopup
0x4464cc SetActiveWindow
0x4464d0 DispatchMessageW
0x4464d4 GetTopWindow
0x4464d8 DestroyWindow
0x4464dc UnhookWindowsHookEx
0x4464e0 GetMessageTime
0x4464e4 GetMessagePos
0x4464e8 PeekMessageW
0x4464ec MapWindowPoints
0x4464f0 GetKeyState
0x4464f4 SetForegroundWindow
0x4464f8 IsWindowVisible
0x4464fc UpdateWindow
0x446500 GetMenu
0x446504 PostMessageW
0x446508 GetSubMenu
0x44650c GetMenuItemID
0x446510 GetMenuItemCount
0x446514 MessageBoxW
0x446518 CreateWindowExW
0x44651c GetClassInfoExW
0x446520 GetClassInfoW
0x446524 RegisterClassW
0x446528 GetSysColor
0x44652c AdjustWindowRectEx
0x446530 GetParent
0x446534 ScreenToClient
0x446538 EqualRect
0x44653c CopyRect
0x446540 GetDlgCtrlID
0x446544 DefWindowProcW
0x446548 CallWindowProcW
0x44654c GetWindowLongW
0x446550 SetWindowPos
0x446554 OffsetRect
0x446558 IntersectRect
0x446560 IsIconic
0x446564 GetWindowPlacement
0x446568 GetWindowRect
0x44656c GetSystemMetrics
0x446570 GetWindow
0x446574 CopyIcon
0x446578 SetWindowLongW
0x44657c SetCapture
0x446580 RedrawWindow
0x446584 ReleaseCapture
0x446588 PtInRect
0x44658c GetClientRect
0x446590 SetCursor
0x446594 FindWindowW
0x446598 IsWindow
0x44659c SetTimer
0x4465a0 KillTimer
0x4465a4 SendMessageW
0x4465a8 SetFocus
0x4465ac GetDlgItem
0x4465b0 LoadIconW
0x4465b4 EnableWindow
0x4465b8 LoadCursorW
0x4465bc GetWindowTextW
0x4465c0 UnregisterClassA
Library GDI32.dll:
0x446034 GetMapMode
0x446038 ExtSelectClipRgn
0x44603c GetBkColor
0x446040 GetRgnBox
0x446044 ScaleWindowExtEx
0x446048 GetDeviceCaps
0x44604c CreateBitmap
0x446050 GetObjectW
0x446054 GetStockObject
0x446058 SetWindowExtEx
0x44605c ScaleViewportExtEx
0x446060 SetViewportExtEx
0x446064 OffsetViewportOrgEx
0x446068 SetViewportOrgEx
0x44606c SelectObject
0x446070 Escape
0x446074 ExtTextOutW
0x446078 GetTextColor
0x44607c CreateSolidBrush
0x446080 TextOutW
0x446084 RectVisible
0x446088 PtVisible
0x44608c GetWindowExtEx
0x446090 GetViewportExtEx
0x446094 DeleteObject
0x446098 SetMapMode
0x44609c SetBkMode
0x4460a0 RestoreDC
0x4460a4 SaveDC
0x4460a8 SetBkColor
0x4460ac SetTextColor
0x4460b0 GetClipBox
0x4460b4 CreateFontIndirectW
0x4460b8 DeleteDC
Library comdlg32.dll:
0x4465e8 GetFileTitleW
Library WINSPOOL.DRV:
0x4465d8 OpenPrinterW
0x4465dc DocumentPropertiesW
0x4465e0 ClosePrinter
Library ADVAPI32.dll:
0x446000 RegEnumKeyW
0x446004 RegDeleteKeyW
0x446008 RegOpenKeyW
0x44600c RegOpenKeyExW
0x446010 RegSetValueExW
0x446014 RegCreateKeyExW
0x446018 RegQueryValueExW
0x44601c RegCloseKey
0x446020 RegQueryValueW
Library SHELL32.dll:
0x44638c SHGetFileInfoW
0x446394 SHBrowseForFolderW
0x446398 ShellExecuteW
Library COMCTL32.dll:
Library oledlg.dll:
0x44663c OleUIBusyW
Library ole32.dll:
0x4465f0 CoGetClassObject
0x4465f4 CLSIDFromString
0x4465f8 CLSIDFromProgID
0x4465fc OleInitialize
0x446604 OleUninitialize
0x446608 CoRevokeClassObject
0x44660c CoTaskMemFree
0x446610 CoUninitialize
0x446614 CoCreateInstance
0x446618 CoInitialize
0x446620 OleFlushClipboard
0x446634 CoTaskMemAlloc
Library OLEAUT32.dll:
0x446354 SysAllocStringLen
0x446358 VariantChangeType
0x44635c VariantInit
0x446360 SysStringLen
0x446364 SysFreeString
0x446368 SysAllocString
0x446378 VariantClear
0x44637c SafeArrayDestroy
0x446380 VariantCopy
Library WININET.dll:

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.