SmartHawk

2.0

低危

1 个模型检测该样本为恶意！

重新分析

下载样本

280644d4fd6f893f470d7f772c0d1d095315b55ec91525538f4b98334d4e52f8

d8c4ff6334fe17f80278a1f61abbf8e6.exe

分析耗时

19s

查杀引擎	查杀时间	查杀版本
McAfee	20200822	6.0.6.653
Alibaba	20190527	0.3.0.5
Avast	20200822	18.4.3895.0
Tencent	20200822	1.0.0.1
Baidu	20190318	1.0.0.2
Kingsoft	20200822	2013.8.14.323
CrowdStrike	20190702	1.0

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2018-12-24 14:28:36

Imports

Library SHLWAPI.dll:

• 0x438314 PathFindExtensionA

• 0x438318 PathFindFileNameA

• 0x43831c PathStripToRootA

• 0x438320 PathIsUNCA

• 0x438324 PathFileExistsA

• 0x438328 SHGetValueA

Library KERNEL32.dll:

• 0x4380bc GetFileSizeEx

• 0x4380c0 GetFileTime

• 0x4380c4 GetTickCount

• 0x4380c8 RtlUnwind

• 0x4380cc HeapAlloc

• 0x4380d0 HeapFree

• 0x4380d4 Sleep

• 0x4380d8 ExitProcess

• 0x4380dc GetCommandLineA

• 0x4380e0 GetStartupInfoA

• 0x4380e4 RaiseException

• 0x4380e8 VirtualProtect

• 0x4380ec VirtualAlloc

• 0x4380f0 GetSystemInfo

• 0x4380f4 VirtualQuery

• 0x4380f8 HeapReAlloc

• 0x4380fc HeapSize

• 0x438100 TerminateProcess

• 0x438104 UnhandledExceptionFilter

• 0x438108 SetUnhandledExceptionFilter

• 0x43810c IsDebuggerPresent

• 0x438110 SetHandleCount

• 0x438114 GetStdHandle

• 0x438118 GetFileType

• 0x43811c VirtualFree

• 0x438120 HeapCreate

• 0x438124 GetFileAttributesA

• 0x438128 GetConsoleCP

• 0x43812c GetConsoleMode

• 0x438130 InitializeCriticalSectionAndSpinCount

• 0x438134 GetTimeZoneInformation

• 0x438138 FreeEnvironmentStringsA

• 0x43813c GetEnvironmentStrings

• 0x438140 FreeEnvironmentStringsW

• 0x438144 GetEnvironmentStringsW

• 0x438148 QueryPerformanceCounter

• 0x43814c GetSystemTimeAsFileTime

• 0x438150 GetACP

• 0x438154 IsValidCodePage

• 0x438158 GetStringTypeA

• 0x43815c GetStringTypeW

• 0x438160 SetStdHandle

• 0x438164 WriteConsoleA

• 0x438168 GetConsoleOutputCP

• 0x43816c WriteConsoleW

• 0x438170 LCMapStringA

• 0x438174 LCMapStringW

• 0x438178 GetProcessHeap

• 0x43817c CompareStringW

• 0x438180 SetEnvironmentVariableA

• 0x438184 FileTimeToLocalFileTime

• 0x438188 SetErrorMode

• 0x43818c FileTimeToSystemTime

• 0x438190 GetModuleHandleW

• 0x438194 GetOEMCP

• 0x438198 GetCPInfo

• 0x43819c GetFullPathNameA

• 0x4381a0 GetVolumeInformationA

• 0x4381a4 FindFirstFileA

• 0x4381a8 FindClose

• 0x4381ac GetCurrentProcess

• 0x4381b0 DuplicateHandle

• 0x4381b4 SetEndOfFile

• 0x4381b8 UnlockFile

• 0x4381bc LockFile

• 0x4381c0 FlushFileBuffers

• 0x4381c4 WriteFile

• 0x4381c8 GetThreadLocale

• 0x4381cc InterlockedIncrement

• 0x4381d0 TlsFree

• 0x4381d4 DeleteCriticalSection

• 0x4381d8 LocalReAlloc

• 0x4381dc TlsSetValue

• 0x4381e0 TlsAlloc

• 0x4381e4 InitializeCriticalSection

• 0x4381e8 GlobalHandle

• 0x4381ec GlobalReAlloc

• 0x4381f0 EnterCriticalSection

• 0x4381f4 TlsGetValue

• 0x4381f8 LeaveCriticalSection

• 0x4381fc LocalAlloc

• 0x438200 GlobalFlags

• 0x438204 InterlockedDecrement

• 0x438208 GetModuleFileNameW

• 0x43820c FormatMessageA

• 0x438210 LocalFree

• 0x438214 MulDiv

• 0x438218 lstrlenA

• 0x43821c GlobalGetAtomNameA

• 0x438220 GlobalFindAtomA

• 0x438224 MultiByteToWideChar

• 0x438228 lstrcmpW

• 0x43822c GetVersionExA

• 0x438230 GlobalUnlock

• 0x438234 GlobalFree

• 0x438238 FreeResource

• 0x43823c GetCurrentProcessId

• 0x438240 SetLastError

• 0x438244 GlobalAddAtomA

• 0x438248 GlobalDeleteAtom

• 0x43824c GetCurrentThread

• 0x438250 GetCurrentThreadId

• 0x438254 ConvertDefaultLocale

• 0x438258 EnumResourceLanguagesA

• 0x43825c GetModuleFileNameA

• 0x438260 GetLocaleInfoA

• 0x438264 LoadLibraryA

• 0x438268 CompareStringA

• 0x43826c InterlockedExchange

• 0x438270 GlobalLock

• 0x438274 lstrcmpA

• 0x438278 GlobalAlloc

• 0x43827c FreeLibrary

• 0x438280 GetModuleHandleA

• 0x438284 GetProcAddress

• 0x438288 CreateMutexA

• 0x43828c CreateDirectoryA

• 0x438290 WideCharToMultiByte

• 0x438294 FindResourceA

• 0x438298 LoadResource

• 0x43829c LockResource

• 0x4382a0 SizeofResource

• 0x4382a4 GetPrivateProfileIntA

• 0x4382a8 GetSystemTime

• 0x4382ac GetPrivateProfileStringA

• 0x4382b0 GetLocalTime

• 0x4382b4 WritePrivateProfileStringA

• 0x4382b8 MoveFileExA

• 0x4382bc DeleteFileA

• 0x4382c0 CreateFileA

• 0x4382c4 SetFilePointer

• 0x4382c8 GetLastError

• 0x4382cc CloseHandle

• 0x4382d0 ReadFile

• 0x4382d4 GetFileSize

Library USER32.dll:

• 0x438330 RegisterClipboardFormatA

• 0x438334 PostThreadMessageA

• 0x438338 UnregisterClassA

• 0x43833c MessageBeep

• 0x438340 GetNextDlgGroupItem

• 0x438344 InvalidateRgn

• 0x438348 InvalidateRect

• 0x43834c SetRect

• 0x438350 IsRectEmpty

• 0x438354 CopyAcceleratorTableA

• 0x438358 CharNextA

• 0x43835c CharUpperA

• 0x438360 GetSysColorBrush

• 0x438364 ReleaseCapture

• 0x438368 LoadCursorA

• 0x43836c SetCapture

• 0x438370 EndPaint

• 0x438374 BeginPaint

• 0x438378 GetWindowDC

• 0x43837c ReleaseDC

• 0x438380 GetDC

• 0x438384 ClientToScreen

• 0x438388 GrayStringA

• 0x43838c DrawTextExA

• 0x438390 DrawTextA

• 0x438394 TabbedTextOutA

• 0x438398 DestroyMenu

• 0x43839c ShowWindow

• 0x4383a0 MoveWindow

• 0x4383a4 SetWindowTextA

• 0x4383a8 IsDialogMessageA

• 0x4383ac RegisterWindowMessageA

• 0x4383b0 SendDlgItemMessageA

• 0x4383b4 IsChild

• 0x4383b8 GetCapture

• 0x4383bc GetClassLongA

• 0x4383c0 GetClassNameA

• 0x4383c4 SetPropA

• 0x4383c8 GetPropA

• 0x4383cc RemovePropA

• 0x4383d0 SetFocus

• 0x4383d4 GetWindowTextA

• 0x4383d8 GetForegroundWindow

• 0x4383dc GetTopWindow

• 0x4383e0 UnhookWindowsHookEx

• 0x4383e4 GetMessageTime

• 0x4383e8 GetMessagePos

• 0x4383ec MapWindowPoints

• 0x4383f0 SetMenu

• 0x4383f4 SetForegroundWindow

• 0x4383f8 UpdateWindow

• 0x4383fc GetSubMenu

• 0x438400 GetMenuItemID

• 0x438404 GetMenuItemCount

• 0x438408 CreateWindowExA

• 0x43840c GetClassInfoExA

• 0x438410 GetClassInfoA

• 0x438414 RegisterClassA

• 0x438418 GetSysColor

• 0x43841c AdjustWindowRectEx

• 0x438420 DrawIcon

• 0x438424 WinHelpA

• 0x438428 AppendMenuA

• 0x43842c SendMessageA

• 0x438430 EqualRect

• 0x438434 CopyRect

• 0x438438 PtInRect

• 0x43843c GetDlgCtrlID

• 0x438440 DefWindowProcA

• 0x438444 CallWindowProcA

• 0x438448 GetMenu

• 0x43844c SetWindowLongA

• 0x438450 OffsetRect

• 0x438454 IntersectRect

• 0x438458 SystemParametersInfoA

• 0x43845c GetWindowPlacement

• 0x438460 GetWindowRect

• 0x438464 GetWindow

• 0x438468 SetWindowContextHelpId

• 0x43846c GetSystemMenu

• 0x438470 IsIconic

• 0x438474 GetClientRect

• 0x438478 EnableWindow

• 0x43847c LoadIconA

• 0x438480 GetSystemMetrics

• 0x438484 PostQuitMessage

• 0x438488 PostMessageA

• 0x43848c CheckMenuItem

• 0x438490 EnableMenuItem

• 0x438494 GetMenuState

• 0x438498 ModifyMenuA

• 0x43849c GetParent

• 0x4384a0 GetFocus

• 0x4384a4 LoadBitmapA

• 0x4384a8 GetMenuCheckMarkDimensions

• 0x4384ac SetMenuItemBitmaps

• 0x4384b0 ValidateRect

• 0x4384b4 GetCursorPos

• 0x4384b8 PeekMessageA

• 0x4384bc GetKeyState

• 0x4384c0 IsWindowVisible

• 0x4384c4 GetActiveWindow

• 0x4384c8 DispatchMessageA

• 0x4384cc TranslateMessage

• 0x4384d0 GetMessageA

• 0x4384d4 CallNextHookEx

• 0x4384d8 SetWindowsHookExA

• 0x4384dc SetCursor

• 0x4384e0 MessageBoxA

• 0x4384e4 IsWindowEnabled

• 0x4384e8 GetLastActivePopup

• 0x4384ec GetWindowLongA

• 0x4384f0 GetWindowThreadProcessId

• 0x4384f4 EndDialog

• 0x4384f8 GetNextDlgTabItem

• 0x4384fc GetDlgItem

• 0x438500 MapDialogRect

• 0x438504 SetWindowPos

• 0x438508 GetDesktopWindow

• 0x43850c SetActiveWindow

• 0x438510 CreateDialogIndirectParamA

• 0x438514 DestroyWindow

• 0x438518 IsWindow

Library GDI32.dll:

• 0x438038 GetBkColor

• 0x43803c GetTextColor

• 0x438040 CreateRectRgnIndirect

• 0x438044 GetMapMode

• 0x438048 GetStockObject

• 0x43804c DeleteDC

• 0x438050 ExtSelectClipRgn

• 0x438054 GetClipBox

• 0x438058 GetRgnBox

• 0x43805c CreateBitmap

• 0x438060 SetWindowExtEx

• 0x438064 ScaleViewportExtEx

• 0x438068 SetViewportExtEx

• 0x43806c OffsetViewportOrgEx

• 0x438070 SetViewportOrgEx

• 0x438074 SelectObject

• 0x438078 Escape

• 0x43807c TextOutA

• 0x438080 RectVisible

• 0x438084 PtVisible

• 0x438088 GetWindowExtEx

• 0x43808c GetViewportExtEx

• 0x438090 DeleteObject

• 0x438094 SetMapMode

• 0x438098 RestoreDC

• 0x43809c SaveDC

• 0x4380a0 ExtTextOutA

• 0x4380a4 GetDeviceCaps

• 0x4380a8 GetObjectA

• 0x4380ac SetBkColor

• 0x4380b0 SetTextColor

• 0x4380b4 ScaleWindowExtEx

Library COMDLG32.dll:

• 0x438030 GetFileTitleA

Library WINSPOOL.DRV:

• 0x438520 DocumentPropertiesA

• 0x438524 OpenPrinterA

• 0x438528 ClosePrinter

Library ADVAPI32.dll:

• 0x438000 RegSetValueExA

• 0x438004 RegCreateKeyExA

• 0x438008 RegQueryValueA

• 0x43800c RegEnumKeyA

• 0x438010 RegDeleteKeyA

• 0x438014 RegOpenKeyExA

• 0x438018 InitializeSecurityDescriptor

• 0x43801c SetSecurityDescriptorDacl

• 0x438020 RegOpenKeyA

• 0x438024 RegQueryValueExA

• 0x438028 RegCloseKey

Library oledlg.dll:

• 0x438570

Library ole32.dll:

• 0x438530 OleIsCurrentClipboard

• 0x438534 CoRevokeClassObject

• 0x438538 OleInitialize

• 0x43853c CoFreeUnusedLibraries

• 0x438540 OleUninitialize

• 0x438544 CreateILockBytesOnHGlobal

• 0x438548 StgCreateDocfileOnILockBytes

• 0x43854c OleFlushClipboard

• 0x438550 CoGetClassObject

• 0x438554 CoTaskMemAlloc

• 0x438558 CoTaskMemFree

• 0x43855c CLSIDFromString

• 0x438560 CLSIDFromProgID

• 0x438564 CoRegisterMessageFilter

• 0x438568 StgOpenStorageOnILockBytes

Library OLEAUT32.dll:

• 0x4382dc SysFreeString

• 0x4382e0 SysAllocStringLen

• 0x4382e4 VariantClear

• 0x4382e8 VariantChangeType

• 0x4382ec VariantInit

• 0x4382f0 SysStringLen

• 0x4382f4 SysAllocStringByteLen

• 0x4382f8 OleCreateFontIndirect

• 0x4382fc VariantTimeToSystemTime

• 0x438300 SystemTimeToVariantTime

• 0x438304 SafeArrayDestroy

• 0x438308 SysAllocString

• 0x43830c VariantCopy

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
sieqwarteg.com
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	50537	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702
8.8.8.8	53	192.168.56.101	60088

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.

host	172.217.24.14
host	8.8.8.8