1.8
低危
该样本未表现出任何异常!
重新分析
更多

a2da5d750582181c1991926e9db1c570838a549bc0d46e165f93ce401cc96558

d9ead4e23593376d8ac6dce434729e05.exe

分析耗时

92s

最近分析

文件大小

7.7MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
行为判定
动态指标
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.301200531928034 section {'size_of_data': '0x003e6e00', 'virtual_address': '0x00402000', 'entropy': 7.301200531928034, 'name': '.rsrc', 'virtual_size': '0x003e6cae'} description A section with a high entropy has been found
entropy 0.5074295148590298 description Overall entropy of this PE file is high
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-20 17:37:01

Imports

Library rtl120.bpl:
0x7e336c @System@@New$qqripv
0x7e34c4 @System@@Halt0$qqrv
0x7e3580 @System@@SetEq$qqrv
0x7e35ac @System@@TRUNC$qqrv
0x7e35b0 @System@@ROUND$qqrv
0x7e35b4 @System@Sqrt$qqrxg
0x7e35b8 @System@Ln$qqrxg
0x7e35bc @System@Sin$qqrxg
0x7e35c0 @System@Cos$qqrxg
0x7e35c4 @System@Exp$qqrxg
0x7e35c8 @System@Int$qqrxg
0x7e35d4 @System@UpCase$qqrb
0x7e3614 @System@DebugHook
0x7e361c @System@CPUCount
0x7e3634 @$xp$9IDispatch
0x7e3640 @System@TObject@
0x7e3658 @$xp$8LongBool
0x7e366c @$xp$11System@Comp
0x7e3670 @$xp$4Real
0x7e3674 @$xp$6Double
0x7e367c @$xp$6Single
0x7e3680 @$xp$6UInt64
0x7e3684 @$xp$5Int64
0x7e3688 @$xp$8Cardinal
0x7e368c @$xp$11System@Word
0x7e3690 @$xp$11System@Byte
0x7e3694 @$xp$7Integer
0x7e3698 @$xp$8SmallInt
0x7e36a0 @$xp$11System@Char
0x7e36a4 @$xp$8AnsiChar
0x7e36a8 @$xp$7Boolean
Library kernel32.dll:
0x7e36b0 TlsSetValue
0x7e36b4 TlsGetValue
0x7e36b8 LocalAlloc
0x7e36bc GetModuleHandleW
Library madExcept_.bpl:
Library wintrust.dll:
0x7e371c WinVerifyTrust
Library user32.dll:
0x7e3724 CreateWindowExW
0x7e3728 UpdateLayeredWindow
0x7e372c UpdateWindow
0x7e3734 UnregisterClassW
0x7e3738 UnionRect
0x7e373c UnhookWindowsHookEx
0x7e3740 TranslateMessage
0x7e3748 SubtractRect
0x7e374c ShowWindow
0x7e3750 ShowCaret
0x7e3754 SetWindowRgn
0x7e3758 SetWindowsHookExW
0x7e375c SetWindowPos
0x7e3760 SetWindowLongW
0x7e3764 SetTimer
0x7e3768 SetScrollInfo
0x7e376c SetRect
0x7e3770 SetPropW
0x7e3774 SetForegroundWindow
0x7e3778 SetCursor
0x7e377c SetClassLongW
0x7e3780 SetActiveWindow
0x7e3784 SendMessageTimeoutW
0x7e3788 SendMessageW
0x7e378c ScreenToClient
0x7e3790 RemovePropW
0x7e3794 ReleaseDC
0x7e3798 ReleaseCapture
0x7e37a8 RegisterClassW
0x7e37ac RedrawWindow
0x7e37b0 PtInRect
0x7e37b4 PostMessageW
0x7e37b8 PeekMessageW
0x7e37bc OpenClipboard
0x7e37c0 OffsetRect
0x7e37c8 MessageBoxA
0x7e37cc MessageBoxW
0x7e37d0 MessageBeep
0x7e37d4 MapWindowPoints
0x7e37d8 LockWindowUpdate
0x7e37dc LoadCursorW
0x7e37e0 KillTimer
0x7e37e4 IsWindowVisible
0x7e37e8 IsWindowEnabled
0x7e37ec IsWindow
0x7e37f0 IsRectEmpty
0x7e37f4 IsIconic
0x7e37f8 InvalidateRect
0x7e37fc IntersectRect
0x7e3800 InflateRect
0x7e3804 HideCaret
0x7e380c GetWindowRect
0x7e3810 GetWindowPlacement
0x7e3814 GetWindowLongW
0x7e3818 GetWindowDC
0x7e381c GetSystemMetrics
0x7e3820 GetSysColor
0x7e3824 GetScrollRange
0x7e3828 GetScrollPos
0x7e382c GetScrollInfo
0x7e3830 GetScrollBarInfo
0x7e3834 GetMessageW
0x7e3838 GetKeyState
0x7e383c GetIconInfo
0x7e3840 GetForegroundWindow
0x7e3844 GetDesktopWindow
0x7e3848 GetDC
0x7e384c GetCursorPos
0x7e3850 GetCursor
0x7e3854 GetClipboardData
0x7e3858 GetClientRect
0x7e385c GetClassNameW
0x7e3860 GetClassLongW
0x7e3864 GetClassInfoW
0x7e3868 GetCapture
0x7e386c GetActiveWindow
0x7e3870 FrameRect
0x7e3874 FindWindowW
0x7e3878 FillRect
0x7e387c ExitWindowsEx
0x7e3880 EqualRect
0x7e3884 EnumThreadWindows
0x7e3888 EnumDisplayDevicesW
0x7e3890 EndPaint
0x7e3894 DrawTextExW
0x7e3898 DrawTextW
0x7e389c DrawFrameControl
0x7e38a0 DispatchMessageW
0x7e38a4 DestroyWindow
0x7e38a8 DefWindowProcW
0x7e38ac CloseClipboard
0x7e38b0 ClientToScreen
0x7e38b8 CallWindowProcW
0x7e38bc CallNextHookEx
0x7e38c4 BringWindowToTop
0x7e38c8 BeginPaint
0x7e38cc AttachThreadInput
Library msimg32.dll:
0x7e38d4 TransparentBlt
0x7e38d8 AlphaBlend
Library gdi32.dll:
0x7e38e0 StretchDIBits
0x7e38e4 StretchBlt
0x7e38e8 SetViewportOrgEx
0x7e38ec SetTextColor
0x7e38f0 SetStretchBltMode
0x7e38f4 SetBkMode
0x7e38f8 SetBkColor
0x7e38fc SetBitmapBits
0x7e3900 SelectPalette
0x7e3904 SelectObject
0x7e3908 SelectClipRgn
0x7e390c SaveDC
0x7e3910 RestoreDC
0x7e3914 ResizePalette
0x7e3918 RealizePalette
0x7e391c PtInRegion
0x7e3920 PlgBlt
0x7e3924 MaskBlt
0x7e3928 IntersectClipRect
0x7e392c GetViewportOrgEx
0x7e3930 GetTextMetricsW
0x7e393c GetStockObject
0x7e3940 GetPaletteEntries
0x7e3944 GetObjectType
0x7e3948 GetObjectA
0x7e394c GetObjectW
0x7e3954 GetDeviceCaps
0x7e3958 GetDIBits
0x7e395c GetDIBColorTable
0x7e3960 GetCurrentObject
0x7e3964 GetClipBox
0x7e3968 GetBitmapBits
0x7e396c GdiFlush
0x7e3970 ExcludeClipRect
0x7e3974 DeleteObject
0x7e3978 DeleteDC
0x7e397c CreateSolidBrush
0x7e3980 CreateRoundRectRgn
0x7e3984 CreateRectRgn
0x7e3988 CreatePalette
0x7e3990 CreateFontIndirectW
0x7e3994 CreateDIBitmap
0x7e3998 CreateDIBSection
0x7e399c CreateCompatibleDC
0x7e39a4 CreateBitmap
0x7e39a8 CombineRgn
0x7e39ac BitBlt
Library version.dll:
0x7e39b4 VerQueryValueW
0x7e39bc GetFileVersionInfoW
Library kernel32.dll:
0x7e39c4 lstrlenW
0x7e39c8 lstrcpynA
0x7e39cc lstrcmpiA
0x7e39d0 lstrcmpiW
0x7e39d4 lstrcmpW
0x7e39d8 WriteProcessMemory
0x7e39e0 WriteFile
0x7e39e4 WinExec
0x7e39e8 WideCharToMultiByte
0x7e39ec WaitForSingleObject
0x7e39f4 VirtualProtect
0x7e39f8 VirtualFree
0x7e39fc VirtualAlloc
0x7e3a00 UnmapViewOfFile
0x7e3a0c TerminateThread
0x7e3a10 TerminateProcess
0x7e3a1c Sleep
0x7e3a20 SetWaitableTimer
0x7e3a28 SetLocalTime
0x7e3a2c SetLastError
0x7e3a30 SetFilePointer
0x7e3a34 SetFileAttributesW
0x7e3a38 SetEvent
0x7e3a40 SearchPathW
0x7e3a44 ResetEvent
0x7e3a48 ReadProcessMemory
0x7e3a4c ReadFile
0x7e3a50 RaiseException
0x7e3a5c QueryDosDeviceW
0x7e3a60 OutputDebugStringW
0x7e3a64 OpenProcess
0x7e3a68 OpenMutexW
0x7e3a6c MultiByteToWideChar
0x7e3a70 MulDiv
0x7e3a74 MapViewOfFile
0x7e3a78 LocalFree
0x7e3a7c LocalAlloc
0x7e3a80 LoadLibraryA
0x7e3a84 LoadLibraryW
0x7e3a8c LCMapStringW
0x7e3a90 IsBadWritePtr
0x7e3a94 IsBadReadPtr
0x7e3a9c HeapFree
0x7e3aa0 HeapDestroy
0x7e3aa4 HeapCreate
0x7e3aa8 HeapAlloc
0x7e3aac GlobalUnlock
0x7e3ab0 GlobalSize
0x7e3ab4 GlobalMemoryStatus
0x7e3ab8 GlobalHandle
0x7e3abc GlobalLock
0x7e3ac0 GlobalFree
0x7e3ac4 GlobalFindAtomW
0x7e3ac8 GlobalAlloc
0x7e3ad4 GetVersionExW
0x7e3ad8 GetVersion
0x7e3ae0 GetTickCount
0x7e3ae4 GetThreadLocale
0x7e3ae8 GetTempPathW
0x7e3af0 GetSystemInfo
0x7e3af4 GetSystemDirectoryW
0x7e3b00 GetStdHandle
0x7e3b04 GetProcAddress
0x7e3b0c GetPriorityClass
0x7e3b10 GetModuleHandleA
0x7e3b14 GetModuleHandleW
0x7e3b18 GetModuleFileNameA
0x7e3b1c GetModuleFileNameW
0x7e3b24 GetLocaleInfoW
0x7e3b28 GetLocalTime
0x7e3b2c GetLastError
0x7e3b30 GetFileSize
0x7e3b3c GetFileAttributesW
0x7e3b40 GetExitCodeProcess
0x7e3b44 GetDriveTypeW
0x7e3b48 GetDiskFreeSpaceExA
0x7e3b4c GetCurrentThreadId
0x7e3b50 GetCurrentProcessId
0x7e3b54 GetCurrentProcess
0x7e3b58 GetComputerNameW
0x7e3b5c GetCommandLineW
0x7e3b60 GetCPInfo
0x7e3b6c InterlockedExchange
0x7e3b78 FreeLibrary
0x7e3b7c FormatMessageW
0x7e3b84 FindResourceW
0x7e3b88 FindNextFileW
0x7e3b8c FindFirstFileW
0x7e3b90 FindClose
0x7e3ba4 ExitProcess
0x7e3bac DeviceIoControl
0x7e3bb0 DeleteFileW
0x7e3bbc CreateThread
0x7e3bc0 CreateProcessW
0x7e3bc4 CreateMutexW
0x7e3bc8 CreateFileMappingW
0x7e3bcc CreateFileA
0x7e3bd0 CreateFileW
0x7e3bd4 CreateEventW
0x7e3bd8 CopyFileW
0x7e3bdc CompareStringW
0x7e3be0 CloseHandle
0x7e3be4 CancelWaitableTimer
Library advapi32.dll:
0x7e3bec RegSetValueExW
0x7e3bf0 RegQueryValueExW
0x7e3bf4 RegQueryInfoKeyW
0x7e3bf8 RegOpenKeyExW
0x7e3bfc RegFlushKey
0x7e3c00 RegEnumKeyExW
0x7e3c04 RegDeleteValueW
0x7e3c08 RegCreateKeyExW
0x7e3c0c RegCloseKey
0x7e3c10 OpenProcessToken
0x7e3c18 LookupAccountSidW
0x7e3c1c LookupAccountNameW
0x7e3c20 GetUserNameW
0x7e3c24 GetTokenInformation
0x7e3c2c GetSidSubAuthority
0x7e3c30 DuplicateTokenEx
Library rtl120.bpl:
0x7e3c54 @Types@Point$qqrii
0x7e3c60 @Types@Rect$qqriiii
Library madBasic_.bpl:
Library madBasic_.bpl:
Library madExcept_.bpl:
Library madDisAsm_.bpl:
Library madExcept_.bpl:
Library wsock32.dll:
0x7e3cdc WSACleanup
0x7e3ce0 WSAStartup
0x7e3ce4 gethostname
0x7e3ce8 gethostbyname
0x7e3cec send
Library rtl120.bpl:
Library shell32.dll:
0x7e3cfc Shell_NotifyIconW
0x7e3d00 ShellExecuteExW
0x7e3d04 ShellExecuteW
0x7e3d08 SHGetFileInfoW
0x7e3d0c SHFileOperationW
0x7e3d10 SHAppBarMessage
0x7e3d14 ExtractIconExW
0x7e3d18 ExtractIconW
0x7e3d1c DragQueryFileW
Library shell32.dll:
0x7e3d30 SHBrowseForFolderW

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 57757 239.255.255.250 3702
192.168.56.101 57759 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.