5.2
中危
该样本未表现出任何异常!
重新分析
更多

d5e54c4002e03b7f968fd54f7f249a01c73c65601ed2a7ca34fd48fbbb236355

d3b7377d220dd965907e327553343a4a.exe

分析耗时

76s

最近分析

文件大小

336.0KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619910870.482167
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1619910855.217167
CryptGenKey
crypto_handle: 0x005c63c8
algorithm_identifier: 0x0000660e ()
provider_handle: 0x005c56e8
flags: 1
key: fP}ÿˆÁÍñ‹ŒP¸roz
success 1 0
1619910870.498167
CryptExportKey
crypto_handle: 0x005c63c8
crypto_export_handle: 0x005c56a8
buffer: f¤¹Ô‚Ç!S¿;µÆ³õeŒX ‘ë«#°x‘yÛ?p¹!) ev"I'@Ïc3ÜþTa­{Ùû›3 ìø¸¨XÄH—dAÒÕÅÐ3«áì=x€…wž‹û9 ã¯ó$_´Ç
blob_type: 1
flags: 64
success 1 0
1619910905.560167
CryptExportKey
crypto_handle: 0x005c63c8
crypto_export_handle: 0x005c56a8
buffer: f¤¿â:]Çðt‰ ø.ÿ¿ûàÍ7RÁ9äk—i؀s/½:Y*Ð8®f\=sëOëÒ÷VÕõ³òb©0àû:YØ6*ÁÀäšxhòš_™ÈƒŠÚU0}šwæ@P],)
blob_type: 1
flags: 64
success 1 0
This executable has a PDB path (1 个事件)
pdb_path c:\Users\User\Desktop\2003\5.8.20\MenuXP_src\Dlg\Release\DLG.pdb
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619910854.717167
NtAllocateVirtualMemory
process_identifier: 1476
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00560000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619910870.967167
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 6.806498714245357 section {'size_of_data': '0x00013000', 'virtual_address': '0x00044000', 'entropy': 6.806498714245357, 'name': '.rsrc', 'virtual_size': '0x00012078'} description A section with a high entropy has been found
entropy 0.2289156626506024 description Overall entropy of this PE file is high
Expresses interest in specific running processes (1 个事件)
process d3b7377d220dd965907e327553343a4a.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619910870.639167
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 204.197.146.48
host 212.51.142.238
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619910873.545167
RegSetValueExA
key_handle: 0x000003cc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619910873.545167
RegSetValueExA
key_handle: 0x000003cc
value: @.þNæ>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619910873.545167
RegSetValueExA
key_handle: 0x000003cc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619910873.545167
RegSetValueExW
key_handle: 0x000003cc
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619910873.545167
RegSetValueExA
key_handle: 0x000003e4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619910873.545167
RegSetValueExA
key_handle: 0x000003e4
value: @.þNæ>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619910873.545167
RegSetValueExA
key_handle: 0x000003e4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619910873.576167
RegSetValueExW
key_handle: 0x000003c8
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 212.51.142.238:8080
dead_host 204.197.146.48:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-06 03:54:52

Imports

Library KERNEL32.dll:
0x431110 HeapReAlloc
0x431114 HeapSize
0x43111c GetCurrentProcessId
0x431124 HeapDestroy
0x431128 HeapCreate
0x43112c VirtualFree
0x431130 IsBadWritePtr
0x431134 LCMapStringA
0x431138 LCMapStringW
0x43113c GetStdHandle
0x431150 TerminateProcess
0x431154 SetHandleCount
0x431158 GetFileType
0x431160 GetStringTypeA
0x431164 GetStringTypeW
0x43116c IsBadReadPtr
0x431170 IsBadCodePtr
0x431174 SetStdHandle
0x43117c GetCommandLineA
0x431180 InterlockedExchange
0x431184 GetStartupInfoA
0x431188 VirtualQuery
0x43118c GetSystemInfo
0x431190 VirtualAlloc
0x431194 VirtualProtect
0x431198 HeapFree
0x43119c HeapAlloc
0x4311a0 ExitProcess
0x4311a4 RtlUnwind
0x4311a8 GetTickCount
0x4311ac GetFileTime
0x4311b0 GetFileAttributesA
0x4311b8 SetErrorMode
0x4311c0 GetOEMCP
0x4311c4 GetCPInfo
0x4311c8 CreateFileA
0x4311cc GetFullPathNameA
0x4311d4 FindFirstFileA
0x4311d8 FindClose
0x4311dc GetCurrentProcess
0x4311e0 DuplicateHandle
0x4311e4 GetFileSize
0x4311e8 SetEndOfFile
0x4311ec UnlockFile
0x4311f0 LockFile
0x4311f4 FlushFileBuffers
0x4311f8 SetFilePointer
0x4311fc WriteFile
0x431200 ReadFile
0x431204 TlsFree
0x431208 LocalReAlloc
0x43120c TlsSetValue
0x431210 TlsAlloc
0x431214 TlsGetValue
0x43121c GlobalHandle
0x431220 GlobalReAlloc
0x431228 LocalAlloc
0x43122c GlobalFlags
0x431240 RaiseException
0x431248 SetLastError
0x43124c MulDiv
0x431250 FormatMessageA
0x431254 LocalFree
0x431258 GlobalGetAtomNameA
0x43125c GlobalFindAtomA
0x431260 lstrcatA
0x431264 lstrcmpW
0x431268 lstrcpynA
0x43126c GlobalUnlock
0x431270 GlobalFree
0x431274 FreeResource
0x431278 CloseHandle
0x43127c GlobalAddAtomA
0x431280 GetCurrentThread
0x431284 GlobalLock
0x431288 GlobalAlloc
0x43128c FreeLibrary
0x431290 GlobalDeleteAtom
0x431294 lstrcmpA
0x431298 GetModuleFileNameA
0x43129c GetModuleHandleA
0x4312a0 GetProcAddress
0x4312ac lstrcpyA
0x4312b0 LoadLibraryA
0x4312b4 GetCurrentThreadId
0x4312b8 CompareStringW
0x4312bc CompareStringA
0x4312c0 lstrlenA
0x4312c4 lstrcmpiA
0x4312c8 GetVersion
0x4312cc GetLastError
0x4312d0 MultiByteToWideChar
0x4312d4 LoadLibraryExA
0x4312d8 WideCharToMultiByte
0x4312dc FindResourceA
0x4312e0 LoadResource
0x4312e4 LockResource
0x4312e8 SizeofResource
0x4312ec GetVersionExA
0x4312f0 GetThreadLocale
0x4312f4 GetLocaleInfoA
0x4312f8 GetACP
Library USER32.dll:
0x431358 GetSysColorBrush
0x43135c CharNextA
0x431360 SetRect
0x431368 InvalidateRgn
0x43136c GetNextDlgGroupItem
0x431370 MessageBeep
0x431378 PostThreadMessageA
0x431384 BringWindowToTop
0x431388 DrawMenuBar
0x43138c DefMDIChildProcA
0x431390 DefFrameProcA
0x431394 EndPaint
0x431398 BeginPaint
0x43139c GetWindowDC
0x4313a0 FillRect
0x4313a4 wsprintfA
0x4313a8 DestroyMenu
0x4313ac ShowWindow
0x4313b0 MoveWindow
0x4313b4 SetWindowTextA
0x4313b8 IsDialogMessageA
0x4313c0 WinHelpA
0x4313c4 CreateWindowExA
0x4313c8 GetClassLongA
0x4313cc GetClassInfoExA
0x4313d0 SendDlgItemMessageA
0x4313d4 SetFocus
0x4313d8 IsChild
0x4313e0 BeginDeferWindowPos
0x4313e4 EndDeferWindowPos
0x4313e8 GetTopWindow
0x4313ec GetMessageTime
0x4313f0 GetMessagePos
0x4313f4 MapWindowPoints
0x4313f8 TrackPopupMenu
0x4313fc SetForegroundWindow
0x431400 UpdateWindow
0x431404 GetMenuItemID
0x431408 AdjustWindowRectEx
0x43140c DeferWindowPos
0x431410 GetClassInfoA
0x431414 RegisterClassA
0x431418 UnregisterClassA
0x43141c DefWindowProcA
0x431420 IntersectRect
0x431424 GetWindowPlacement
0x43142c MapDialogRect
0x431430 GetDesktopWindow
0x431434 SetActiveWindow
0x43143c DestroyWindow
0x431440 IsWindow
0x431444 GetDlgItem
0x431448 GetNextDlgTabItem
0x43144c EndDialog
0x431450 SetMenuItemBitmaps
0x431454 ModifyMenuA
0x431458 GetMenuState
0x43145c EnableMenuItem
0x431460 CheckMenuItem
0x431468 TranslateMessage
0x43146c GetActiveWindow
0x431470 PeekMessageA
0x431474 MessageBoxA
0x431478 GetLastActivePopup
0x43147c IsWindowEnabled
0x431480 ShowOwnedPopups
0x431484 SetCursor
0x431488 PostQuitMessage
0x43148c SetWindowPos
0x431490 TrackMouseEvent
0x431494 IsMenu
0x431498 SetMenuItemInfoA
0x43149c SetWindowsHookExA
0x4314a0 GetMenuItemCount
0x4314a4 DrawIcon
0x4314a8 AppendMenuA
0x4314ac GetWindowTextA
0x4314b0 GetSubMenu
0x4314b4 SendMessageA
0x4314b8 GetMenu
0x4314bc GetSystemMenu
0x4314c0 IsIconic
0x4314c4 GetClientRect
0x4314c8 EnableWindow
0x4314cc LoadIconA
0x4314d0 GetSystemMetrics
0x4314d4 GetMenuItemRect
0x4314dc DestroyIcon
0x4314e0 LoadBitmapA
0x4314e4 GetClassNameA
0x4314e8 GetWindowLongA
0x4314ec CallNextHookEx
0x4314f0 CallWindowProcA
0x4314f4 UnhookWindowsHookEx
0x4314f8 SetWindowLongA
0x4314fc IsWindowVisible
0x431500 GetPropA
0x431504 SetPropA
0x431508 RemovePropA
0x43150c GetForegroundWindow
0x431510 LoadCursorA
0x431514 LoadMenuA
0x431518 UnpackDDElParam
0x43151c ReuseDDElParam
0x431520 EqualRect
0x431524 OffsetRect
0x431528 SetRectEmpty
0x43152c GetMenuItemInfoA
0x431530 DrawStateA
0x431534 GetCursorPos
0x431538 ScreenToClient
0x43153c PostMessageA
0x431540 GetMessageA
0x431544 DispatchMessageA
0x431548 ReleaseCapture
0x43154c GrayStringA
0x431550 LoadAcceleratorsA
0x431554 InsertMenuItemA
0x431558 CreatePopupMenu
0x43155c SetMenu
0x431560 RedrawWindow
0x431564 CharUpperA
0x431568 CopyRect
0x43156c InflateRect
0x431570 DrawFocusRect
0x431574 GetParent
0x431578 GetSysColor
0x43157c InvalidateRect
0x431580 ValidateRect
0x431584 GetWindowRect
0x431588 GetWindow
0x43158c GetKeyState
0x431590 GetFocus
0x431594 ReleaseDC
0x431598 GetDC
0x43159c GetDlgCtrlID
0x4315a0 IsRectEmpty
0x4315a4 PtInRect
0x4315a8 DrawFrameControl
0x4315ac ClientToScreen
0x4315b0 GetCapture
0x4315b4 SetCapture
0x4315b8 TabbedTextOutA
0x4315bc DrawTextA
0x4315c0 DrawTextExA
Library GDI32.dll:
0x431044 ExtSelectClipRgn
0x431048 CreatePatternBrush
0x43104c GetMapMode
0x431050 GetBkColor
0x431054 GetRgnBox
0x431058 ScaleWindowExtEx
0x43105c SetWindowExtEx
0x431060 ScaleViewportExtEx
0x431064 SetViewportExtEx
0x431068 OffsetViewportOrgEx
0x43106c SetViewportOrgEx
0x431070 GetWindowExtEx
0x431074 GetViewportExtEx
0x431078 MoveToEx
0x43107c LineTo
0x431080 ExcludeClipRect
0x431084 Rectangle
0x431088 SetBkMode
0x43108c RestoreDC
0x431090 SaveDC
0x431094 GetDeviceCaps
0x431098 SetBkColor
0x4310a0 CreateBitmap
0x4310a8 GetTextMetricsA
0x4310ac Ellipse
0x4310b0 Escape
0x4310b4 ExtTextOutA
0x4310b8 TextOutA
0x4310bc RectVisible
0x4310c0 PtVisible
0x4310c4 GetClipBox
0x4310c8 SetPixel
0x4310cc GetPixel
0x4310d0 CreateSolidBrush
0x4310d4 CreatePen
0x4310d8 GetTextColor
0x4310dc GetCurrentObject
0x4310e0 GetObjectA
0x4310e4 CreateFontIndirectA
0x4310e8 DeleteObject
0x4310ec SetTextColor
0x4310f0 CreateCompatibleDC
0x4310f8 BitBlt
0x4310fc DeleteDC
0x431100 GetStockObject
0x431104 SelectObject
0x431108 SetMapMode
Library comdlg32.dll:
0x4315d8 GetFileTitleA
Library WINSPOOL.DRV:
0x4315c8 OpenPrinterA
0x4315cc DocumentPropertiesA
0x4315d0 ClosePrinter
Library ADVAPI32.dll:
0x431000 RegQueryValueExA
0x431004 RegOpenKeyExA
0x431008 RegDeleteKeyA
0x43100c RegEnumKeyA
0x431010 RegOpenKeyA
0x431014 RegQueryValueA
0x431018 RegCreateKeyExA
0x43101c RegSetValueExA
0x431020 RegCloseKey
Library SHELL32.dll:
0x431338 DragQueryFileA
0x43133c DragFinish
Library COMCTL32.dll:
0x431028
0x43102c ImageList_Draw
0x431030 ImageList_GetIcon
0x431034 ImageList_Destroy
Library SHLWAPI.dll:
0x431344 PathFindFileNameA
0x431348 PathStripToRootA
0x43134c PathFindExtensionA
0x431350 PathIsUNCA
Library oledlg.dll:
0x431620
Library ole32.dll:
0x4315ec CoGetClassObject
0x4315f0 CoTaskMemAlloc
0x4315f4 CoTaskMemFree
0x4315f8 CLSIDFromString
0x4315fc CLSIDFromProgID
0x431600 OleUninitialize
0x43160c OleFlushClipboard
0x431614 CoRevokeClassObject
0x431618 OleInitialize
Library OLEAUT32.dll:
0x431304 SysFreeString
0x431308 SysAllocStringLen
0x43130c VariantClear
0x431310 VariantChangeType
0x431314 VariantInit
0x431318 SysStringLen
0x431328 SafeArrayDestroy
0x43132c SysAllocString
0x431330 VariantCopy

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.