6.0
高危
该样本未表现出任何异常!
重新分析
更多

100a15eeb5d1d260d3554502500d647ecf0831820e18cfa5551aab663da7a72e

d68f211c10895d7ae53b67d72260b3fd.exe

分析耗时

77s

最近分析

文件大小

536.0KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619910863.611879
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1619910855.204879
CryptGenKey
crypto_handle: 0x0066c540
algorithm_identifier: 0x0000660e ()
provider_handle: 0x005a4180
flags: 1
key: f¨Ž*ƒñRY˜ÜK· ½ckã
success 1 0
1619910863.642879
CryptExportKey
crypto_handle: 0x0066c540
crypto_export_handle: 0x005a4248
buffer: f¤ñÌ߸íEþª# -Áõh&¢u﯇ï’ÿ’–ùª %(ãû=ǒéfDeîqvì=%¢¬á{¦f)bçOöø…ï{P±†CӎJ‹…e\ E(ü„n›OÈ¢>áÚ
blob_type: 1
flags: 64
success 1 0
1619910899.486879
CryptExportKey
crypto_handle: 0x0066c540
crypto_export_handle: 0x005a4248
buffer: f¤¿N‰*Úgµ¹*Ïn2©Í–<àÔò¾`Sã ôü5Šâü{­ëg½gNàÏ }>š noHòd?Y)J4Îó+l–O¨tŠ¾9É1ðCa@ƒûPܑ٢»ú²TTpâ@ð?
blob_type: 1
flags: 64
success 1 0
This executable has a PDB path (1 个事件)
pdb_path c:\Users\User\Desktop\2003\22.7.20\taskbarnotifier_demo\TaskBarNotifierDemo\Release\TaskBarNotifierDemo.pdb
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619910854.611879
NtAllocateVirtualMemory
process_identifier: 368
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00560000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619910864.314879
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.354433551880775 section {'size_of_data': '0x0000b000', 'virtual_address': '0x00021000', 'entropy': 7.354433551880775, 'name': '.data', 'virtual_size': '0x0000dab4'} description A section with a high entropy has been found
Expresses interest in specific running processes (1 个事件)
process d68f211c10895d7ae53b67d72260b3fd.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619910863.829879
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 144.139.91.187
host 157.7.199.53
host 172.217.24.14
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619910866.892879
RegSetValueExA
key_handle: 0x000003ac
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619910866.892879
RegSetValueExA
key_handle: 0x000003ac
value: ÀÎaü>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619910866.892879
RegSetValueExA
key_handle: 0x000003ac
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619910866.892879
RegSetValueExW
key_handle: 0x000003ac
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619910866.892879
RegSetValueExA
key_handle: 0x000003c4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619910866.907879
RegSetValueExA
key_handle: 0x000003c4
value: ÀÎaü>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619910866.907879
RegSetValueExA
key_handle: 0x000003c4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619910866.923879
RegSetValueExW
key_handle: 0x000003a8
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Generates some ICMP traffic
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 144.139.91.187:443
dead_host 157.7.199.53:8080
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-23 03:54:27

Imports

Library KERNEL32.dll:
0x41a0b8 VirtualQuery
0x41a0bc GetStartupInfoA
0x41a0c0 GetCommandLineA
0x41a0c4 TerminateProcess
0x41a0c8 HeapReAlloc
0x41a0cc HeapSize
0x41a0d4 GetTickCount
0x41a0d8 GetCurrentProcessId
0x41a0e4 HeapDestroy
0x41a0e8 HeapCreate
0x41a0ec VirtualFree
0x41a0f0 IsBadWritePtr
0x41a0f4 GetStdHandle
0x41a100 GetSystemInfo
0x41a10c SetHandleCount
0x41a110 GetFileType
0x41a114 LCMapStringA
0x41a118 LCMapStringW
0x41a11c GetStringTypeA
0x41a120 GetStringTypeW
0x41a124 IsBadReadPtr
0x41a128 IsBadCodePtr
0x41a12c SetStdHandle
0x41a130 VirtualAlloc
0x41a134 VirtualProtect
0x41a138 HeapFree
0x41a13c HeapAlloc
0x41a140 ExitProcess
0x41a144 RtlUnwind
0x41a148 SetErrorMode
0x41a14c GetOEMCP
0x41a150 GetCPInfo
0x41a154 FlushFileBuffers
0x41a158 SetFilePointer
0x41a15c WriteFile
0x41a160 ReadFile
0x41a164 TlsFree
0x41a168 LocalReAlloc
0x41a16c TlsSetValue
0x41a170 TlsAlloc
0x41a174 TlsGetValue
0x41a17c GlobalHandle
0x41a180 GlobalReAlloc
0x41a188 LocalAlloc
0x41a194 RaiseException
0x41a198 GlobalFlags
0x41a1a8 SetLastError
0x41a1ac MulDiv
0x41a1b0 FormatMessageA
0x41a1b4 LocalFree
0x41a1b8 GlobalGetAtomNameA
0x41a1bc GlobalFindAtomA
0x41a1c0 lstrcatA
0x41a1c4 lstrcmpW
0x41a1c8 lstrcpynA
0x41a1cc GlobalUnlock
0x41a1d0 GlobalFree
0x41a1d4 FreeResource
0x41a1d8 CloseHandle
0x41a1dc GlobalAddAtomA
0x41a1e0 GetCurrentThread
0x41a1e4 GetCurrentThreadId
0x41a1e8 GlobalLock
0x41a1ec GlobalAlloc
0x41a1f0 FreeLibrary
0x41a1f4 GlobalDeleteAtom
0x41a1f8 lstrcmpA
0x41a1fc GetModuleFileNameA
0x41a200 GetModuleHandleA
0x41a20c lstrcpyA
0x41a210 LoadLibraryA
0x41a214 lstrlenA
0x41a218 lstrcmpiA
0x41a21c GetVersion
0x41a220 GetLastError
0x41a224 MultiByteToWideChar
0x41a228 LoadLibraryExA
0x41a22c GetProcAddress
0x41a230 GetCurrentProcess
0x41a234 WideCharToMultiByte
0x41a238 FindResourceA
0x41a23c LoadResource
0x41a240 LockResource
0x41a244 SizeofResource
0x41a248 GetVersionExA
0x41a24c GetThreadLocale
0x41a250 GetLocaleInfoA
0x41a254 GetACP
0x41a25c InterlockedExchange
Library USER32.dll:
0x41a280 EndPaint
0x41a284 BeginPaint
0x41a288 GetDC
0x41a28c ClientToScreen
0x41a290 GrayStringA
0x41a294 DrawTextExA
0x41a298 TabbedTextOutA
0x41a29c wsprintfA
0x41a2a0 DestroyMenu
0x41a2a4 ShowWindow
0x41a2a8 MoveWindow
0x41a2ac SetWindowTextA
0x41a2b0 IsDialogMessageA
0x41a2b8 WinHelpA
0x41a2bc GetCapture
0x41a2c0 CreateWindowExA
0x41a2c4 GetClassLongA
0x41a2c8 GetClassInfoExA
0x41a2cc GetClassNameA
0x41a2d0 SetPropA
0x41a2d4 GetPropA
0x41a2d8 RemovePropA
0x41a2dc SendDlgItemMessageA
0x41a2e0 SetFocus
0x41a2e8 GetWindowTextA
0x41a2ec GetForegroundWindow
0x41a2f0 GetTopWindow
0x41a2f4 UnhookWindowsHookEx
0x41a2f8 GetMessageTime
0x41a2fc GetMessagePos
0x41a300 MapWindowPoints
0x41a304 SetForegroundWindow
0x41a308 UpdateWindow
0x41a30c GetMenu
0x41a310 GetSubMenu
0x41a314 GetMenuItemID
0x41a318 GetMenuItemCount
0x41a31c GetSysColor
0x41a320 AdjustWindowRectEx
0x41a324 GetClassInfoA
0x41a328 RegisterClassA
0x41a32c UnregisterClassA
0x41a330 GetDlgCtrlID
0x41a334 DefWindowProcA
0x41a338 CallWindowProcA
0x41a33c SetWindowLongA
0x41a340 SetWindowPos
0x41a344 DrawIcon
0x41a348 AppendMenuA
0x41a34c SendMessageA
0x41a350 GetSystemMenu
0x41a354 IsIconic
0x41a358 GetClientRect
0x41a35c EnableWindow
0x41a360 LoadIconA
0x41a364 GetSystemMetrics
0x41a368 ReleaseDC
0x41a36c GetWindowDC
0x41a370 SetRect
0x41a374 CopyRect
0x41a378 LoadBitmapA
0x41a37c GetWindowPlacement
0x41a380 GetWindowRect
0x41a384 PtInRect
0x41a388 GetWindow
0x41a38c GetDesktopWindow
0x41a390 SetActiveWindow
0x41a398 DestroyWindow
0x41a39c IsWindow
0x41a3a0 GetDlgItem
0x41a3a4 GetNextDlgTabItem
0x41a3a8 EndDialog
0x41a3ac SetMenuItemBitmaps
0x41a3b0 GetFocus
0x41a3b4 ModifyMenuA
0x41a3b8 GetMenuState
0x41a3bc EnableMenuItem
0x41a3c0 CheckMenuItem
0x41a3c8 SetWindowsHookExA
0x41a3cc CallNextHookEx
0x41a3d0 GetMessageA
0x41a3d4 TranslateMessage
0x41a3d8 DispatchMessageA
0x41a3dc GetActiveWindow
0x41a3e0 IsWindowVisible
0x41a3e4 GetKeyState
0x41a3e8 PeekMessageA
0x41a3ec DrawTextA
0x41a3f0 PostMessageA
0x41a3f4 SetWindowRgn
0x41a3f8 RedrawWindow
0x41a3fc SetTimer
0x41a400 KillTimer
0x41a404 LoadCursorA
0x41a408 SetCursor
0x41a410 GetSysColorBrush
0x41a414 PostQuitMessage
0x41a418 IsWindowEnabled
0x41a41c GetCursorPos
0x41a420 ValidateRect
0x41a424 MessageBoxA
0x41a428 GetParent
0x41a42c GetWindowLongA
0x41a430 GetLastActivePopup
Library GDI32.dll:
0x41a034 GetStockObject
0x41a038 DeleteDC
0x41a03c ScaleWindowExtEx
0x41a040 SetWindowExtEx
0x41a044 ScaleViewportExtEx
0x41a048 SetViewportExtEx
0x41a04c OffsetViewportOrgEx
0x41a050 SetViewportOrgEx
0x41a054 SelectObject
0x41a058 Escape
0x41a05c TextOutA
0x41a060 RectVisible
0x41a064 PtVisible
0x41a068 DPtoLP
0x41a06c GetDIBits
0x41a070 SetMapMode
0x41a074 SetBkMode
0x41a078 RestoreDC
0x41a07c SaveDC
0x41a080 ExtTextOutA
0x41a084 GetDeviceCaps
0x41a088 SetBkColor
0x41a08c SetTextColor
0x41a090 GetClipBox
0x41a094 CreateBitmap
0x41a098 CreateRectRgn
0x41a09c CombineRgn
0x41a0a0 DeleteObject
0x41a0a4 BitBlt
0x41a0a8 CreateCompatibleDC
0x41a0ac CreateFontIndirectA
0x41a0b0 GetObjectA
Library WINSPOOL.DRV:
0x41a438 OpenPrinterA
0x41a43c DocumentPropertiesA
0x41a440 ClosePrinter
Library ADVAPI32.dll:
0x41a000 RegQueryValueExA
0x41a004 RegOpenKeyExA
0x41a008 RegDeleteKeyA
0x41a00c RegEnumKeyA
0x41a010 RegOpenKeyA
0x41a014 RegQueryValueA
0x41a018 RegCreateKeyExA
0x41a01c RegSetValueExA
0x41a020 RegCloseKey
Library COMCTL32.dll:
0x41a028
0x41a02c _TrackMouseEvent
Library SHLWAPI.dll:
0x41a274 PathFindFileNameA
0x41a278 PathFindExtensionA
Library OLEAUT32.dll:
0x41a264 VariantClear
0x41a268 VariantChangeType
0x41a26c VariantInit

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.