2.4
中危
1 个模型检测该样本为恶意!
重新分析
更多

b4a42dcd628b8cc2bc144750c595697baa9077b97349338a29faa394989980b2

d7c501e1f1fdc1bad6b842363e125951.exe

分析耗时

80s

最近分析

文件大小

1.3MB
静态报毒 动态报毒 AEAHD
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20201028 18.4.3895.0
Kingsoft 20201029 2013.8.14.323
McAfee 20201028 6.0.6.653
Tencent 20201029 1.0.0.1
CrowdStrike 20190702 1.0
静态指标
This executable is signed
This executable has a PDB path (1 个事件)
pdb_path D:\work\project\GTarcade\client\desktop\client\Gtarcade\Bin\release\gamServer.pdb
The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 个事件)
section .gfids
section LogShare
行为判定
动态指标
Foreign language identified in PE resource (26 个事件)
name RT_ICON language LANG_CHINESE offset 0x0014fa40 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0014fa40 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0014fa40 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0014fa40 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0014fa40 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0014fa40 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0014fa40 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0014fa40 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0014fa40 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0014fa40 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0014fa40 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0014fa40 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0014fa40 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0014fa40 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0014fa40 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0014fa40 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0014fa40 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0014fa40 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0014fa40 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0014fa40 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_MENU language LANG_CHINESE offset 0x0014ff40 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000050
name RT_DIALOG language LANG_CHINESE offset 0x0014ffa0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000011c
name RT_STRING language LANG_CHINESE offset 0x001500c0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000044
name RT_ACCELERATOR language LANG_CHINESE offset 0x0014ff90 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000010
name RT_GROUP_ICON language LANG_CHINESE offset 0x0014fea8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000092
name RT_GROUP_ICON language LANG_CHINESE offset 0x0014fea8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000092
File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)
Jiangmin Trojan.Generic.aeahd
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.4493432600728005 section {'size_of_data': '0x000ae400', 'virtual_address': '0x000a2000', 'entropy': 7.4493432600728005, 'name': '.rsrc', 'virtual_size': '0x000ae288'} description A section with a high entropy has been found
entropy 0.5197613721103654 description Overall entropy of this PE file is high
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-24 16:56:26

Imports

Library KERNEL32.dll:
0x477038 GetModuleFileNameW
0x47703c ReadFile
0x477040 HeapDestroy
0x477044 HeapAlloc
0x477048 HeapFree
0x47704c HeapReAlloc
0x477050 HeapSize
0x477054 GetProcessHeap
0x477058 WriteFile
0x47705c CreateDirectoryW
0x477060 FindClose
0x477064 FindNextFileW
0x477068 GetFileSizeEx
0x477070 GetDriveTypeW
0x477074 GetDiskFreeSpaceExW
0x477078 GetFileAttributesW
0x47707c GetNativeSystemInfo
0x477080 GetVersionExW
0x477084 lstrlenW
0x47708c Process32FirstW
0x477090 Process32NextW
0x477094 OpenProcess
0x477098 TerminateProcess
0x4770ac GetCurrentThreadId
0x4770b4 Sleep
0x4770b8 GetModuleFileNameA
0x4770bc CreateDirectoryA
0x4770cc OutputDebugStringA
0x4770d4 GetCurrentProcessId
0x4770d8 CreateThread
0x4770dc SetEvent
0x4770e0 CreateEventW
0x4770e8 ResetEvent
0x4770ec GetExitCodeThread
0x4770f0 WaitForSingleObject
0x4770f4 GetProcessId
0x4770f8 FindFirstFileW
0x4770fc SetFileAttributesW
0x477100 GetStringTypeW
0x477108 WriteConsoleW
0x47710c SetEndOfFile
0x47711c GetCommandLineW
0x477120 GetCommandLineA
0x477124 GetOEMCP
0x477128 GetACP
0x47712c IsValidCodePage
0x477130 FindFirstFileExW
0x477134 FlushFileBuffers
0x477138 GetConsoleCP
0x47713c SetFilePointerEx
0x477140 ReadConsoleW
0x477144 GetConsoleMode
0x477148 SetStdHandle
0x47714c EnumSystemLocalesW
0x477150 GetUserDefaultLCID
0x477154 IsValidLocale
0x477158 CreateFileW
0x47715c CloseHandle
0x477160 GetSystemDirectoryW
0x477164 DecodePointer
0x477168 FindResourceExW
0x47716c FindResourceW
0x477170 SizeofResource
0x477174 LockResource
0x477178 LoadResource
0x477180 EncodePointer
0x477184 GetStdHandle
0x477188 GetModuleHandleExW
0x47718c ExitProcess
0x477190 GetFileType
0x477194 SetLastError
0x477198 TlsAlloc
0x47719c TlsGetValue
0x4771a0 TlsSetValue
0x4771a4 LoadLibraryExW
0x4771a8 FreeLibrary
0x4771ac RtlUnwind
0x4771b0 LocalFree
0x4771b4 OutputDebugStringW
0x4771b8 InitializeSListHead
0x4771c0 GetStartupInfoW
0x4771c4 IsDebuggerPresent
0x4771cc GetCurrentProcess
0x4771dc GetLastError
0x4771e0 RaiseException
0x4771e4 WideCharToMultiByte
0x4771e8 TerminateThread
0x4771f0 GetCPInfo
0x4771f4 GetLocaleInfoW
0x4771f8 LCMapStringW
0x4771fc CompareStringW
0x477200 GetProcAddress
0x477204 GetModuleHandleW
0x477208 TlsFree
0x47720c MultiByteToWideChar
Library USER32.dll:
0x477234 LoadAcceleratorsW
0x47723c LoadIconW
0x477240 LoadCursorW
0x477244 RegisterClassExW
0x47724c TranslateMessage
0x477250 DispatchMessageW
0x477254 GetMessageW
0x477258 CreateWindowExW
0x47725c UpdateWindow
0x477260 PostQuitMessage
0x477264 DefWindowProcW
0x477268 PostMessageW
0x47726c LoadStringW
0x477270 ShowWindow
Library ADVAPI32.dll:
0x477000 RegOpenKeyExW
0x477004 RegCloseKey
0x477008 RegQueryValueExW
0x47700c SystemFunction036
0x477010 RegCreateKeyExW
Library SHELL32.dll:
0x47721c ShellExecuteExW
0x477220 SHGetFolderPathW
Library ole32.dll:
0x4772dc CoCreateGuid
Library OLEAUT32.dll:
0x477214 VariantClear
Library WS2_32.dll:
0x477278 setsockopt
0x47727c WSAGetLastError
0x477280 WSAStartup
0x477284 htons
0x477288 WSAIoctl
0x47728c socket
0x477290 ioctlsocket
0x477294 bind
0x477298 listen
0x47729c accept
0x4772a0 recv
0x4772a4 send
0x4772a8 inet_addr
Library IPC.dll:
Library SHLWAPI.dll:
0x47722c PathFileExistsW
Library log4cplus.dll:
Library IPHLPAPI.DLL:
0x47702c GetTcpTable
0x477030 GetAdaptersInfo

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50003 239.255.255.250 3702
192.168.56.101 51966 239.255.255.250 1900
192.168.56.101 53238 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.