5.0
中危
该样本未表现出任何异常!
重新分析
更多

1236707401cc2634a57d154f7302c683edbc978b90772e9eb33ef819251e533a

d494ee7cbc8b1a0538bb8e1de0eab1d0.exe

分析耗时

77s

最近分析

文件大小

617.5KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619910870.581234
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1619910855.128234
CryptGenKey
crypto_handle: 0x00573860
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00575948
flags: 1
key: fŸŒ o¸€ ~¦á8kÂÓ&
success 1 0
1619910870.597234
CryptExportKey
crypto_handle: 0x00573860
crypto_export_handle: 0x005737e0
buffer: f¤(7³²}€l¯ûÙ¦hœ9VêB;‰z̀[þ£&Ԑ¸I=Qù¹Õ½é*˜bx¾hý(υ=ìHÐÀ·›&»åú Ûu4½¥á ýVü8¦­’i±‡×ÐýÝñ›Y%ƒ
blob_type: 1
flags: 64
success 1 0
1619910905.972234
CryptExportKey
crypto_handle: 0x00573860
crypto_export_handle: 0x005737e0
buffer: f¤3Ä‚¨,,‚2[öšÄÚívøM2†$.EZLøpÜ!͋(PXc¿M¹q¿)Ã4Âï]®­q„Äv¾E‡¤Tg ››èËà¦\WÔ4xGšÛèÇtÐÉÝY'H3yï–
blob_type: 1
flags: 64
success 1 0
1619910910.113234
CryptExportKey
crypto_handle: 0x00573860
crypto_export_handle: 0x005737e0
buffer: f¤  ªUI nјÊ-)u ÐÅy¸Ó3u58Äj! Xɪ´S„S#ð4ï‘M¸a³©ëÝ<´_â%›O¢àHXkã&n®Ä-·fÒÉC¼áÇñSó9Ÿò;hµ¢«
blob_type: 1
flags: 64
success 1 0
This executable has a PDB path (1 个事件)
pdb_path c:\Users\Mr.Anderson\Desktop\2008\13.8.20\cgridlistctrlex-master\vs2003\Release\CGridListCtrlEx.pdb
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619910854.691234
NtAllocateVirtualMemory
process_identifier: 784
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02410000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619910871.081234
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process d494ee7cbc8b1a0538bb8e1de0eab1d0.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619910870.785234
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 172.217.24.14
host 192.210.135.126
host 24.233.112.152
host 69.30.203.214
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619910873.660234
RegSetValueExA
key_handle: 0x000003c0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619910873.660234
RegSetValueExA
key_handle: 0x000003c0
value: `óÉ?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619910873.660234
RegSetValueExA
key_handle: 0x000003c0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619910873.660234
RegSetValueExW
key_handle: 0x000003c0
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619910873.660234
RegSetValueExA
key_handle: 0x000003d8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619910873.660234
RegSetValueExA
key_handle: 0x000003d8
value: `óÉ?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619910873.660234
RegSetValueExA
key_handle: 0x000003d8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619910873.691234
RegSetValueExW
key_handle: 0x000003bc
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 69.30.203.214:8080
dead_host 24.233.112.152:80
dead_host 192.168.56.101:49177
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-14 04:26:45

Imports

Library KERNEL32.dll:
0x4620e8 RtlUnwind
0x4620ec TerminateProcess
0x4620f8 IsDebuggerPresent
0x4620fc GetTimeFormatA
0x462100 GetDateFormatA
0x462104 HeapFree
0x462108 VirtualProtect
0x46210c VirtualAlloc
0x462110 GetSystemInfo
0x462114 VirtualQuery
0x462118 HeapAlloc
0x462120 GetCommandLineA
0x462124 GetStartupInfoA
0x462128 HeapReAlloc
0x46212c HeapSize
0x462130 GetACP
0x462134 IsValidCodePage
0x462138 LCMapStringW
0x462140 HeapCreate
0x462144 GetFileTime
0x462148 VirtualFree
0x46214c GetStdHandle
0x462150 LCMapStringA
0x462154 GetStringTypeA
0x462158 GetStringTypeW
0x46216c SetHandleCount
0x462170 GetFileType
0x46217c GetUserDefaultLCID
0x462180 EnumSystemLocalesA
0x462184 IsValidLocale
0x462188 GetConsoleCP
0x46218c GetConsoleMode
0x462190 GetLocaleInfoW
0x462194 SetStdHandle
0x462198 WriteConsoleA
0x46219c GetConsoleOutputCP
0x4621a0 WriteConsoleW
0x4621a4 CompareStringW
0x4621ac GetFileSizeEx
0x4621b0 GetFileAttributesA
0x4621b4 SetErrorMode
0x4621bc GetModuleHandleW
0x4621c0 GetOEMCP
0x4621c4 GetCPInfo
0x4621c8 CreateFileA
0x4621cc GetFullPathNameA
0x4621d4 FindFirstFileA
0x4621d8 FindClose
0x4621dc GetCurrentProcess
0x4621e0 DuplicateHandle
0x4621e4 GetFileSize
0x4621e8 SetEndOfFile
0x4621ec UnlockFile
0x4621f0 LockFile
0x4621f4 FlushFileBuffers
0x4621f8 SetFilePointer
0x4621fc WriteFile
0x462200 ReadFile
0x462204 GetThreadLocale
0x46220c TlsFree
0x462214 LocalReAlloc
0x462218 TlsSetValue
0x46221c TlsAlloc
0x462224 GlobalHandle
0x462228 GlobalReAlloc
0x462230 TlsGetValue
0x462238 LocalAlloc
0x46223c GlobalFlags
0x462240 GetProfileIntA
0x46224c GetModuleFileNameW
0x462250 CopyFileA
0x462254 GlobalSize
0x462258 FormatMessageA
0x46225c LocalFree
0x462260 lstrlenW
0x462264 MulDiv
0x462268 GlobalGetAtomNameA
0x46226c GlobalFindAtomA
0x462270 lstrcmpW
0x462274 GetVersionExA
0x462278 GetTickCount
0x462284 FreeResource
0x462288 GetCurrentProcessId
0x46228c GlobalAddAtomA
0x462290 CloseHandle
0x462294 GlobalDeleteAtom
0x462298 GetCurrentThread
0x46229c GetCurrentThreadId
0x4622a8 GetModuleFileNameA
0x4622ac GetLocaleInfoA
0x4622b0 CompareStringA
0x4622b4 InterlockedExchange
0x4622b8 lstrcmpA
0x4622bc Sleep
0x4622c0 GlobalAlloc
0x4622c4 GlobalLock
0x4622c8 GlobalUnlock
0x4622cc GlobalFree
0x4622d0 lstrcpynA
0x4622d4 FreeLibrary
0x4622d8 VerSetConditionMask
0x4622dc VerifyVersionInfoA
0x4622e0 MultiByteToWideChar
0x4622e4 lstrlenA
0x4622e8 RaiseException
0x4622ec DebugBreak
0x4622f0 WideCharToMultiByte
0x4622f4 LoadResource
0x4622f8 LockResource
0x4622fc SizeofResource
0x462300 FindResourceA
0x462304 GetModuleHandleA
0x462308 LoadLibraryA
0x46230c GetProcAddress
0x462310 GetLastError
0x462314 SetLastError
0x462318 ExitProcess
Library USER32.dll:
0x462380 LoadCursorA
0x462384 ReleaseCapture
0x462388 SetCapture
0x46238c SetRect
0x462390 IsRectEmpty
0x462394 WindowFromPoint
0x462398 DestroyMenu
0x46239c EndPaint
0x4623a0 BeginPaint
0x4623a4 GetWindowDC
0x4623a8 ClientToScreen
0x4623ac GrayStringA
0x4623b0 DrawTextExA
0x4623b4 TabbedTextOutA
0x4623b8 ShowWindow
0x4623bc MoveWindow
0x4623c0 SetWindowTextA
0x4623c4 IsDialogMessageA
0x4623cc SendDlgItemMessageA
0x4623d0 WinHelpA
0x4623d4 IsChild
0x4623d8 GetCapture
0x4623dc GetClassLongA
0x4623e0 GetClassNameA
0x4623e4 GetPropA
0x4623e8 RemovePropA
0x4623ec SetFocus
0x4623f4 GetWindowTextA
0x4623f8 GetForegroundWindow
0x4623fc GetTopWindow
0x462400 UnhookWindowsHookEx
0x462404 GetMessageTime
0x462408 TrackPopupMenu
0x46240c SetMenu
0x462410 GetScrollRange
0x462414 GetScrollPos
0x462418 SetForegroundWindow
0x46241c GetSubMenu
0x462420 GetMenuItemID
0x462424 CreateWindowExA
0x462428 GetClassInfoExA
0x46242c GetClassInfoA
0x462430 RegisterClassA
0x462434 AdjustWindowRectEx
0x462438 GetDlgCtrlID
0x46243c DefWindowProcA
0x462440 CallWindowProcA
0x462444 GetMenu
0x462448 SetWindowLongA
0x46244c IntersectRect
0x462454 GetWindowPlacement
0x46245c MapDialogRect
0x462460 SetWindowPos
0x462468 SetActiveWindow
0x462470 DestroyWindow
0x462474 IsWindow
0x462478 GetDlgItem
0x46247c GetNextDlgTabItem
0x462480 EndDialog
0x462488 GetWindowLongA
0x46248c GetSystemMetrics
0x462490 DrawIcon
0x462494 AppendMenuA
0x462498 SendMessageA
0x46249c GetLastActivePopup
0x4624a0 IsWindowEnabled
0x4624a4 MessageBoxA
0x4624a8 SetCursor
0x4624ac SetWindowsHookExA
0x4624b0 CallNextHookEx
0x4624b4 GetMessageA
0x4624b8 TranslateMessage
0x4624bc DispatchMessageA
0x4624c0 GetActiveWindow
0x4624c4 IsWindowVisible
0x4624c8 PeekMessageA
0x4624cc GetCursorPos
0x4624d0 ValidateRect
0x4624d4 UnregisterClassA
0x4624d8 MessageBeep
0x4624dc GetNextDlgGroupItem
0x4624e0 InvalidateRgn
0x4624e8 CharNextA
0x4624ec SetMenuItemBitmaps
0x4624f4 PostThreadMessageA
0x4624f8 CharUpperA
0x4624fc GetSysColorBrush
0x462500 MapWindowPoints
0x462504 GetSystemMenu
0x462508 IsIconic
0x46250c GetClientRect
0x462510 EnableWindow
0x462514 LoadIconA
0x462518 GetFocus
0x46251c PostMessageA
0x462520 GetDC
0x462524 ReleaseDC
0x462528 UpdateWindow
0x46252c InvalidateRect
0x462530 GetWindow
0x462534 GetParent
0x462538 PtInRect
0x46253c InflateRect
0x462540 OffsetRect
0x462544 FillRect
0x462548 GetWindowRect
0x46254c GetSysColor
0x462550 GetDesktopWindow
0x462554 GetKeyState
0x462558 GetMessagePos
0x46255c SetClipboardData
0x462560 CloseClipboard
0x462564 EmptyClipboard
0x462568 DrawTextA
0x46256c CreatePopupMenu
0x462570 GetMenuItemCount
0x462574 ScreenToClient
0x462578 OpenClipboard
0x46257c CopyRect
0x462580 EqualRect
0x462584 DrawFocusRect
0x462588 PostQuitMessage
0x46258c CheckMenuItem
0x462590 EnableMenuItem
0x462594 GetMenuState
0x462598 ModifyMenuA
0x46259c LoadBitmapA
0x4625a0 SetPropA
Library GDI32.dll:
0x46203c ExtSelectClipRgn
0x462040 DeleteDC
0x462044 GetStockObject
0x462048 GetDeviceCaps
0x46204c CreatePen
0x462050 CreateSolidBrush
0x462054 CopyMetaFileA
0x462058 GetMapMode
0x46205c GetBkColor
0x462060 GetTextColor
0x462064 GetRgnBox
0x462068 ScaleWindowExtEx
0x46206c SetWindowExtEx
0x462070 ScaleViewportExtEx
0x462074 SetViewportExtEx
0x462078 OffsetViewportOrgEx
0x46207c SetViewportOrgEx
0x462080 SelectObject
0x462084 Escape
0x462088 ExtTextOutA
0x46208c TextOutA
0x462090 RectVisible
0x462098 GetWindowExtEx
0x46209c GetViewportExtEx
0x4620a0 MoveToEx
0x4620a4 LineTo
0x4620a8 SetMapMode
0x4620ac RestoreDC
0x4620b0 SaveDC
0x4620b4 SetBkColor
0x4620b8 SetTextColor
0x4620bc GetClipBox
0x4620c4 CreateBitmap
0x4620c8 DeleteObject
0x4620cc CreateFontIndirectA
0x4620d0 CreateCompatibleDC
0x4620d8 GetCurrentObject
0x4620dc GetObjectA
0x4620e0 PtVisible
Library COMDLG32.dll:
0x462034 GetFileTitleA
Library WINSPOOL.DRV:
0x4625a8 DocumentPropertiesA
0x4625ac ClosePrinter
0x4625b0 OpenPrinterA
Library ADVAPI32.dll:
0x462000 RegCreateKeyExA
0x462004 RegDeleteValueA
0x462008 RegSetValueExA
0x46200c RegCloseKey
0x462010 RegQueryValueA
0x462014 RegOpenKeyA
0x462018 RegEnumKeyA
0x46201c RegDeleteKeyA
0x462020 RegOpenKeyExA
0x462024 RegQueryValueExA
Library SHELL32.dll:
0x462364 ShellExecuteA
Library COMCTL32.dll:
0x46202c
Library SHLWAPI.dll:
0x46236c PathFindFileNameA
0x462370 PathStripToRootA
0x462374 PathIsUNCA
0x462378 PathFindExtensionA
Library oledlg.dll:
0x462614
Library ole32.dll:
0x4625cc CoRevokeClassObject
0x4625d0 CoGetClassObject
0x4625d4 RevokeDragDrop
0x4625dc RegisterDragDrop
0x4625e0 OleFlushClipboard
0x4625e8 OleDuplicateData
0x4625ec CoTaskMemAlloc
0x4625f0 ReleaseStgMedium
0x4625f4 CoTaskMemFree
0x4625f8 CLSIDFromString
0x4625fc CLSIDFromProgID
0x462600 OleInitialize
0x462608 OleUninitialize
0x46260c DoDragDrop
Library OLEAUT32.dll:
0x462324 VarBstrFromDate
0x462328 SysFreeString
0x46232c VarUdateFromDate
0x462330 VarDateFromStr
0x462334 SysStringLen
0x462338 SysAllocStringLen
0x46233c VariantClear
0x462340 VariantChangeType
0x462344 VariantInit
0x462350 SafeArrayDestroy
0x462354 SysAllocString
0x462358 VariantCopy

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.