2.0
低危
11 个模型检测该样本为恶意!
重新分析
更多

232e0efeef1d4e808d2b3e8a94ea3e208f6162b1e614b69ee133cf72309cb258

da405ff5525c22ad8178235b44355819.exe

分析耗时

79s

最近分析

文件大小

15.4MB
静态报毒 动态报毒 BSCOPE FAKEALERT HUPIGON KHLF PRESENOKER SI8E2GBANRO SUSPICIOUS PE UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Baidu 20190318 1.0.0.2
Alibaba 20190425 0.4.0.5
Kingsoft 20190426 2013.8.14.323
McAfee 20190426 6.0.6.653
Tencent 20190426 1.0.0.1
Avast 20190426 18.4.3895.0
CrowdStrike 20190212 1.0
静态指标
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620991976.047875
NtAllocateVirtualMemory
process_identifier: 1060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00590000
success 0 0
Foreign language identified in PE resource (3 个事件)
name RT_ICON language LANG_CHINESE offset 0x0009c7ac filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000002e8
name RT_ICON language LANG_CHINESE offset 0x0009c7ac filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000002e8
name RT_GROUP_ICON language LANG_CHINESE offset 0x000a2318 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 11 AntiVirus engines on VirusTotal as malicious (11 个事件)
Cylance Unsafe
K7GW Riskware ( 0040eff71 )
K7AntiVirus Riskware ( 0040eff71 )
Invincea heuristic
ClamAV Win.Trojan.Hupigon-33978
ViRobot Backdoor.Win32.A.Hupigon.9149035
TheHacker Backdoor/Hupigon.khlf
VBA32 BScope.Adware.Presenoker
Yandex Trojan.Fakealert!sI8E2GBaNro
SentinelOne DFI - Suspicious PE
Cybereason malicious.62305f
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2009-09-22 23:30:02

Imports

Library ADVAPI32.DLL:
0x4960ec RegCloseKey
0x4960f0 RegOpenKeyExA
0x4960f4 RegQueryValueExA
Library KERNEL32.DLL:
0x496288 CloseHandle
0x49628c CompareStringA
0x496290 CreateEventA
0x496294 CreateFileA
0x496298 CreateThread
0x4962a0 DeleteFileA
0x4962a8 EnumCalendarInfoA
0x4962ac ExitProcess
0x4962b0 ExitThread
0x4962b4 FindClose
0x4962b8 FindFirstFileA
0x4962bc FindResourceA
0x4962c0 FormatMessageA
0x4962c4 FreeLibrary
0x4962c8 FreeResource
0x4962cc GetACP
0x4962d0 GetCPInfo
0x4962d4 GetCommandLineA
0x4962d8 GetCurrentProcessId
0x4962dc GetCurrentThread
0x4962e0 GetCurrentThreadId
0x4962e4 GetDiskFreeSpaceA
0x4962ec GetExitCodeThread
0x4962f0 GetFileAttributesA
0x4962f4 GetFileSize
0x4962f8 GetFileType
0x4962fc GetLastError
0x496300 GetLocalTime
0x496304 GetLocaleInfoA
0x496308 GetModuleFileNameA
0x49630c GetModuleHandleA
0x496310 GetOEMCP
0x496314 GetProcAddress
0x496318 GetProcessHeap
0x49631c GetStartupInfoA
0x496320 GetStdHandle
0x496324 GetStringTypeW
0x496328 GetSystemInfo
0x49632c GetThreadLocale
0x496330 GetTickCount
0x496334 GetVersion
0x496338 GetVersionExA
0x49633c GlobalAddAtomA
0x496340 GlobalAlloc
0x496344 GlobalDeleteAtom
0x496348 GlobalFree
0x49634c GlobalHandle
0x496350 GlobalLock
0x496354 GlobalReAlloc
0x496358 GlobalUnlock
0x49635c HeapAlloc
0x496360 HeapFree
0x496374 LoadLibraryA
0x496378 LoadLibraryExA
0x49637c LoadResource
0x496380 LocalAlloc
0x496384 LocalFree
0x496388 LockResource
0x49638c MulDiv
0x496390 MultiByteToWideChar
0x496394 OpenEventA
0x496398 RaiseException
0x49639c ReadFile
0x4963a0 ResetEvent
0x4963a4 RtlUnwind
0x4963ac SetEndOfFile
0x4963b0 SetErrorMode
0x4963b4 SetEvent
0x4963b8 SetFilePointer
0x4963bc SetHandleCount
0x4963c0 SetLastError
0x4963c4 SetThreadLocale
0x4963c8 SetThreadPriority
0x4963cc SizeofResource
0x4963d0 Sleep
0x4963d4 TlsAlloc
0x4963d8 TlsFree
0x4963dc TlsGetValue
0x4963e0 TlsSetValue
0x4963e8 VirtualAlloc
0x4963ec VirtualFree
0x4963f0 VirtualQuery
0x4963f4 WaitForSingleObject
0x4963f8 WideCharToMultiByte
0x4963fc WriteFile
0x496400 lstrcmpA
0x496404 lstrcpyA
0x496408 lstrcpynA
0x49640c lstrlenA
Library VERSION.DLL:
0x496424 GetFileVersionInfoA
0x49642c VerQueryValueA
Library COMCTL32.DLL:
0x496498 ImageList_Add
0x49649c ImageList_BeginDrag
0x4964a0 ImageList_Create
0x4964a4 ImageList_Destroy
0x4964a8 ImageList_DragEnter
0x4964ac ImageList_DragLeave
0x4964b0 ImageList_DragMove
0x4964b8 ImageList_Draw
0x4964bc ImageList_EndDrag
0x4964d0 ImageList_Read
0x4964d4 ImageList_Remove
0x4964d8 ImageList_Replace
0x4964ec ImageList_Write
0x4964f0
0x4964f4 ImageList_DrawEx
Library GDI32.DLL:
0x496624 BitBlt
0x496628 CombineRgn
0x49662c CopyEnhMetaFileA
0x496630 CreateBitmap
0x496634 CreateBrushIndirect
0x49663c CreateCompatibleDC
0x496640 CreateDIBSection
0x496644 CreateDIBitmap
0x496648 CreateFontIndirectA
0x496650 CreatePalette
0x496654 CreatePenIndirect
0x496658 CreateRectRgn
0x49665c CreateSolidBrush
0x496660 DeleteDC
0x496664 DeleteEnhMetaFile
0x496668 DeleteObject
0x49666c Ellipse
0x496670 ExcludeClipRect
0x496674 ExtTextOutA
0x496678 GdiFlush
0x49667c GetBitmapBits
0x496680 GetBrushOrgEx
0x496684 GetClipBox
0x49668c GetDCOrgEx
0x496690 GetDIBColorTable
0x496694 GetDIBits
0x496698 GetDeviceCaps
0x49669c GetEnhMetaFileBits
0x4966a8 GetObjectA
0x4966ac GetPaletteEntries
0x4966b0 GetPixel
0x4966b4 GetRgnBox
0x4966b8 GetStockObject
0x4966bc GetStretchBltMode
0x4966c8 GetTextExtentPointA
0x4966cc GetTextMetricsA
0x4966d0 GetWinMetaFileBits
0x4966d4 GetWindowOrgEx
0x4966d8 IntersectClipRect
0x4966dc LineTo
0x4966e0 MaskBlt
0x4966e4 MoveToEx
0x4966e8 PatBlt
0x4966ec PlayEnhMetaFile
0x4966f0 Polyline
0x4966f4 RealizePalette
0x4966f8 RectVisible
0x4966fc Rectangle
0x496700 RestoreDC
0x496704 SaveDC
0x496708 SelectObject
0x49670c SelectPalette
0x496710 SetBkColor
0x496714 SetBkMode
0x496718 SetBrushOrgEx
0x49671c SetDIBColorTable
0x496720 SetEnhMetaFileBits
0x496724 SetPixel
0x496728 SetROP2
0x49672c SetStretchBltMode
0x496730 SetTextColor
0x496734 SetViewportOrgEx
0x496738 SetWinMetaFileBits
0x49673c SetWindowOrgEx
0x496740 StretchBlt
0x496744 UnrealizeObject
Library MSACM32.DLL:
0x496788 acmDriverClose
0x49678c acmDriverDetailsA
0x496790 acmDriverEnum
0x496794 acmDriverOpen
0x496798 acmFormatDetailsA
0x49679c acmFormatEnumA
0x4967a4 acmMetrics
0x4967a8 acmStreamClose
0x4967ac acmStreamConvert
0x4967b0 acmStreamOpen
0x4967b8 acmStreamSize
Library USER32.DLL:
0x496a3c AdjustWindowRectEx
0x496a40 BeginPaint
0x496a44 CallNextHookEx
0x496a48 CallWindowProcA
0x496a4c CharLowerA
0x496a50 CharLowerBuffA
0x496a54 CharNextA
0x496a58 CheckMenuItem
0x496a5c ClientToScreen
0x496a60 CreateIcon
0x496a64 CreateMenu
0x496a68 CreatePopupMenu
0x496a6c CreateWindowExA
0x496a70 DefFrameProcA
0x496a74 DefMDIChildProcA
0x496a78 DefWindowProcA
0x496a7c DeleteMenu
0x496a80 DestroyCursor
0x496a84 DestroyIcon
0x496a88 DestroyMenu
0x496a8c DestroyWindow
0x496a90 DispatchMessageA
0x496a94 DrawEdge
0x496a98 DrawFrameControl
0x496a9c DrawIcon
0x496aa0 DrawIconEx
0x496aa4 DrawMenuBar
0x496aa8 DrawTextA
0x496aac EnableMenuItem
0x496ab0 EnableScrollBar
0x496ab4 EnableWindow
0x496ab8 EndPaint
0x496abc EnumThreadWindows
0x496ac0 EnumWindows
0x496ac4 EqualRect
0x496ac8 FillRect
0x496acc FindWindowA
0x496ad0 FrameRect
0x496ad4 GetActiveWindow
0x496ad8 GetCapture
0x496adc GetClassInfoA
0x496ae0 GetClientRect
0x496ae4 GetClipboardData
0x496ae8 GetCursor
0x496aec GetCursorPos
0x496af0 GetDC
0x496af4 GetDCEx
0x496af8 GetDesktopWindow
0x496afc GetFocus
0x496b00 GetForegroundWindow
0x496b04 GetIconInfo
0x496b08 GetKeyNameTextA
0x496b0c GetKeyState
0x496b10 GetKeyboardLayout
0x496b18 GetKeyboardState
0x496b1c GetKeyboardType
0x496b20 GetLastActivePopup
0x496b24 GetMenu
0x496b28 GetMenuItemCount
0x496b2c GetMenuItemID
0x496b30 GetMenuItemInfoA
0x496b34 GetMenuState
0x496b38 GetMenuStringA
0x496b3c GetParent
0x496b40 GetPropA
0x496b44 GetScrollInfo
0x496b48 GetScrollPos
0x496b4c GetScrollRange
0x496b50 GetSubMenu
0x496b54 GetSysColor
0x496b58 GetSystemMetrics
0x496b5c GetTopWindow
0x496b60 GetWindow
0x496b64 GetWindowDC
0x496b68 GetWindowLongA
0x496b6c GetWindowPlacement
0x496b70 GetWindowRect
0x496b74 GetWindowTextA
0x496b7c InflateRect
0x496b80 InsertMenuA
0x496b84 InsertMenuItemA
0x496b88 IntersectRect
0x496b8c InvalidateRect
0x496b90 IsChild
0x496b94 IsDialogMessageA
0x496b98 IsIconic
0x496b9c IsRectEmpty
0x496ba0 IsWindow
0x496ba4 IsWindowEnabled
0x496ba8 IsWindowVisible
0x496bac IsZoomed
0x496bb0 KillTimer
0x496bb4 LoadBitmapA
0x496bb8 LoadCursorA
0x496bbc LoadIconA
0x496bc0 LoadKeyboardLayoutA
0x496bc4 LoadStringA
0x496bc8 MapVirtualKeyA
0x496bcc MapWindowPoints
0x496bd0 MessageBoxA
0x496bd8 OemToCharA
0x496bdc OffsetRect
0x496be0 PeekMessageA
0x496be4 PostMessageA
0x496be8 PostQuitMessage
0x496bec PtInRect
0x496bf0 RedrawWindow
0x496bf4 RegisterClassA
0x496c00 ReleaseCapture
0x496c04 ReleaseDC
0x496c08 RemoveMenu
0x496c0c RemovePropA
0x496c10 ScreenToClient
0x496c14 ScrollWindow
0x496c18 SendMessageA
0x496c1c SetActiveWindow
0x496c20 SetCapture
0x496c24 SetClassLongA
0x496c28 SetCursor
0x496c2c SetFocus
0x496c30 SetForegroundWindow
0x496c34 SetMenu
0x496c38 SetMenuItemInfoA
0x496c3c SetPropA
0x496c40 SetRect
0x496c44 SetScrollInfo
0x496c48 SetScrollPos
0x496c4c SetScrollRange
0x496c50 SetTimer
0x496c54 SetWindowLongA
0x496c58 SetWindowPlacement
0x496c5c SetWindowPos
0x496c60 SetWindowTextA
0x496c64 SetWindowsHookExA
0x496c68 ShowCursor
0x496c6c ShowOwnedPopups
0x496c70 ShowScrollBar
0x496c74 ShowWindow
0x496c7c TrackPopupMenu
0x496c84 TranslateMessage
0x496c88 UnhookWindowsHookEx
0x496c8c UnregisterClassA
0x496c90 UpdateWindow
0x496c94 WaitMessage
0x496c98 WinHelpA
0x496c9c WindowFromPoint
0x496ca0 wsprintfA
0x496ca4 GetSystemMenu
Library WINMM.DLL:
0x496cdc timeBeginPeriod
0x496ce0 timeEndPeriod
0x496ce4 timeGetDevCaps
0x496ce8 timeKillEvent
0x496cec timeSetEvent
0x496cf0 waveOutClose
0x496cf4 waveOutOpen
0x496cfc waveOutReset
0x496d04 waveOutWrite
Library OLE32.DLL:
0x496d14 IsEqualGUID
Library OLEAUT32.DLL:
0x496d3c SysAllocStringLen
0x496d40 SysFreeString
0x496d44 SysReAllocStringLen
0x496d48 SysStringLen
0x496d4c VariantChangeTypeEx
0x496d50 VariantClear
0x496d54 VariantCopyInd

Exports

Ordinal Address Name
3 0x40cd54 @@Unit1@Finalize
2 0x40cd44 @@Unit1@Initialize
5 0x40d5ec @@Unit2@Finalize
4 0x40d5dc @@Unit2@Initialize
7 0x40d60c @@Unit3@Finalize
6 0x40d5fc @@Unit3@Initialize
9 0x40d9c0 @@Unit4@Finalize
8 0x40d9b0 @@Unit4@Initialize
11 0x4113f8 @@Unit5@Finalize
10 0x4113e8 @@Unit5@Initialize

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.