SmartHawk

1.8

低危

该样本未表现出任何异常！

重新分析

下载样本

e5a881a192dcbc6434585a8a1fa4745488f092b9713945def86fe6c2a87de5fd

dd4546681a2dc4bd41b0529a5c9f930f.exe

分析耗时

20s

Time & API	Arguments	Status	Return	Repeated
1620985520.542343 NtAllocateVirtualMemory	process_identifier: 2288 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003e0000	success	0	0

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:

• 0x49f140 DeleteCriticalSection

• 0x49f144 LeaveCriticalSection

• 0x49f148 EnterCriticalSection

• 0x49f14c InitializeCriticalSection

• 0x49f150 VirtualFree

• 0x49f154 VirtualAlloc

• 0x49f158 LocalFree

• 0x49f15c LocalAlloc

• 0x49f160 GetVersion

• 0x49f164 GetCurrentThreadId

• 0x49f168 InterlockedDecrement

• 0x49f16c InterlockedIncrement

• 0x49f170 VirtualQuery

• 0x49f174 WideCharToMultiByte

• 0x49f178 MultiByteToWideChar

• 0x49f17c lstrlenA

• 0x49f180 lstrcpynA

• 0x49f184 LoadLibraryExA

• 0x49f188 GetThreadLocale

• 0x49f18c GetStartupInfoA

• 0x49f190 GetProcAddress

• 0x49f194 GetModuleHandleA

• 0x49f198 GetModuleFileNameA

• 0x49f19c GetLocaleInfoA

• 0x49f1a0 GetCommandLineA

• 0x49f1a4 FreeLibrary

• 0x49f1a8 FindFirstFileA

• 0x49f1ac FindClose

• 0x49f1b0 ExitProcess

• 0x49f1b4 ExitThread

• 0x49f1b8 CreateThread

• 0x49f1bc WriteFile

• 0x49f1c0 UnhandledExceptionFilter

• 0x49f1c4 RtlUnwind

• 0x49f1c8 RaiseException

• 0x49f1cc GetStdHandle

Library user32.dll:

• 0x49f1d4 GetKeyboardType

• 0x49f1d8 LoadStringA

• 0x49f1dc MessageBoxA

• 0x49f1e0 CharNextA

Library advapi32.dll:

• 0x49f1e8 RegQueryValueExA

• 0x49f1ec RegOpenKeyExA

• 0x49f1f0 RegCloseKey

Library oleaut32.dll:

• 0x49f1f8 SysFreeString

• 0x49f1fc SysReAllocStringLen

• 0x49f200 SysAllocStringLen

Library kernel32.dll:

• 0x49f208 TlsSetValue

• 0x49f20c TlsGetValue

• 0x49f210 LocalAlloc

• 0x49f214 GetModuleHandleA

Library advapi32.dll:

• 0x49f21c RegQueryValueExA

• 0x49f220 RegOpenKeyExA

• 0x49f224 RegCloseKey

Library kernel32.dll:

• 0x49f22c lstrcpyA

• 0x49f230 WriteFile

• 0x49f234 WaitForSingleObjectEx

• 0x49f238 WaitForSingleObject

• 0x49f23c VirtualQuery

• 0x49f240 VirtualProtectEx

• 0x49f244 VirtualProtect

• 0x49f248 VirtualAlloc

• 0x49f24c Sleep

• 0x49f250 SizeofResource

• 0x49f254 SetThreadLocale

• 0x49f258 SetFilePointer

• 0x49f25c SetEvent

• 0x49f260 SetErrorMode

• 0x49f264 SetEndOfFile

• 0x49f268 ResumeThread

• 0x49f26c ResetEvent

• 0x49f270 ReadFile

• 0x49f274 MulDiv

• 0x49f278 LockResource

• 0x49f27c LoadResource

• 0x49f280 LoadLibraryA

• 0x49f284 LeaveCriticalSection

• 0x49f288 InitializeCriticalSection

• 0x49f28c GlobalUnlock

• 0x49f290 GlobalReAlloc

• 0x49f294 GlobalHandle

• 0x49f298 GlobalLock

• 0x49f29c GlobalFree

• 0x49f2a0 GlobalFindAtomA

• 0x49f2a4 GlobalDeleteAtom

• 0x49f2a8 GlobalAlloc

• 0x49f2ac GlobalAddAtomA

• 0x49f2b0 GetVersionExA

• 0x49f2b4 GetVersion

• 0x49f2b8 GetTimeZoneInformation

• 0x49f2bc GetTickCount

• 0x49f2c0 GetThreadLocale

• 0x49f2c4 GetTempPathA

• 0x49f2c8 GetSystemTimeAsFileTime

• 0x49f2cc GetSystemTime

• 0x49f2d0 GetSystemInfo

• 0x49f2d4 GetStringTypeExA

• 0x49f2d8 GetStdHandle

• 0x49f2dc GetProcAddress

• 0x49f2e0 GetModuleHandleA

• 0x49f2e4 GetModuleFileNameA

• 0x49f2e8 GetLocaleInfoA

• 0x49f2ec GetLocalTime

• 0x49f2f0 GetLastError

• 0x49f2f4 GetFullPathNameA

• 0x49f2f8 GetFileSize

• 0x49f2fc GetFileAttributesA

• 0x49f300 GetExitCodeThread

• 0x49f304 GetDiskFreeSpaceA

• 0x49f308 GetDateFormatA

• 0x49f30c GetCurrentThreadId

• 0x49f310 GetCurrentProcessId

• 0x49f314 GetCPInfo

• 0x49f318 GetACP

• 0x49f31c FreeResource

• 0x49f320 InterlockedIncrement

• 0x49f324 InterlockedExchange

• 0x49f328 InterlockedDecrement

• 0x49f32c FreeLibrary

• 0x49f330 FormatMessageA

• 0x49f334 FindResourceA

• 0x49f338 FindFirstFileA

• 0x49f33c FindClose

• 0x49f340 FileTimeToSystemTime

• 0x49f344 FileTimeToLocalFileTime

• 0x49f348 FileTimeToDosDateTime

• 0x49f34c ExitProcess

• 0x49f350 EnumCalendarInfoA

• 0x49f354 EnterCriticalSection

• 0x49f358 DeleteCriticalSection

• 0x49f35c CreateThread

• 0x49f360 CreateFileA

• 0x49f364 CreateEventA

• 0x49f368 CompareStringA

• 0x49f36c CloseHandle

Library version.dll:

• 0x49f374 VerQueryValueA

• 0x49f378 GetFileVersionInfoSizeA

• 0x49f37c GetFileVersionInfoA

Library gdi32.dll:

• 0x49f384 UnrealizeObject

• 0x49f388 StretchBlt

• 0x49f38c SetWindowOrgEx

• 0x49f390 SetWinMetaFileBits

• 0x49f394 SetViewportOrgEx

• 0x49f398 SetTextColor

• 0x49f39c SetStretchBltMode

• 0x49f3a0 SetROP2

• 0x49f3a4 SetPixel

• 0x49f3a8 SetEnhMetaFileBits

• 0x49f3ac SetDIBColorTable

• 0x49f3b0 SetBrushOrgEx

• 0x49f3b4 SetBkMode

• 0x49f3b8 SetBkColor

• 0x49f3bc SelectPalette

• 0x49f3c0 SelectObject

• 0x49f3c4 SelectClipRgn

• 0x49f3c8 SaveDC

• 0x49f3cc RestoreDC

• 0x49f3d0 Rectangle

• 0x49f3d4 RectVisible

• 0x49f3d8 RealizePalette

• 0x49f3dc Polyline

• 0x49f3e0 PlayEnhMetaFile

• 0x49f3e4 PatBlt

• 0x49f3e8 MoveToEx

• 0x49f3ec MaskBlt

• 0x49f3f0 LineTo

• 0x49f3f4 IntersectClipRect

• 0x49f3f8 GetWindowOrgEx

• 0x49f3fc GetWinMetaFileBits

• 0x49f400 GetTextMetricsA

• 0x49f404 GetTextExtentPoint32A

• 0x49f408 GetSystemPaletteEntries

• 0x49f40c GetStockObject

• 0x49f410 GetPixel

• 0x49f414 GetPaletteEntries

• 0x49f418 GetObjectA

• 0x49f41c GetEnhMetaFilePaletteEntries

• 0x49f420 GetEnhMetaFileHeader

• 0x49f424 GetEnhMetaFileBits

• 0x49f428 GetDeviceCaps

• 0x49f42c GetDIBits

• 0x49f430 GetDIBColorTable

• 0x49f434 GetDCOrgEx

• 0x49f438 GetCurrentPositionEx

• 0x49f43c GetClipRgn

• 0x49f440 GetClipBox

• 0x49f444 GetBrushOrgEx

• 0x49f448 GetBitmapBits

• 0x49f44c ExtTextOutA

• 0x49f450 ExcludeClipRect

• 0x49f454 DeleteObject

• 0x49f458 DeleteEnhMetaFile

• 0x49f45c DeleteDC

• 0x49f460 CreateSolidBrush

• 0x49f464 CreateRectRgn

• 0x49f468 CreatePenIndirect

• 0x49f46c CreatePalette

• 0x49f470 CreateHalftonePalette

• 0x49f474 CreateFontIndirectA

• 0x49f478 CreateDIBitmap

• 0x49f47c CreateDIBSection

• 0x49f480 CreateCompatibleDC

• 0x49f484 CreateCompatibleBitmap

• 0x49f488 CreateBrushIndirect

• 0x49f48c CreateBitmap

• 0x49f490 CopyEnhMetaFileA

• 0x49f494 BitBlt

Library user32.dll:

• 0x49f49c CreateWindowExA

• 0x49f4a0 WindowFromPoint

• 0x49f4a4 WinHelpA

• 0x49f4a8 WaitMessage

• 0x49f4ac UpdateWindow

• 0x49f4b0 UnregisterClassA

• 0x49f4b4 UnhookWindowsHookEx

• 0x49f4b8 TranslateMessage

• 0x49f4bc TranslateMDISysAccel

• 0x49f4c0 TrackPopupMenu

• 0x49f4c4 SystemParametersInfoA

• 0x49f4c8 ShowWindow

• 0x49f4cc ShowScrollBar

• 0x49f4d0 ShowOwnedPopups

• 0x49f4d4 ShowCursor

• 0x49f4d8 SetWindowsHookExA

• 0x49f4dc SetWindowTextA

• 0x49f4e0 SetWindowPos

• 0x49f4e4 SetWindowPlacement

• 0x49f4e8 SetWindowLongA

• 0x49f4ec SetTimer

• 0x49f4f0 SetScrollRange

• 0x49f4f4 SetScrollPos

• 0x49f4f8 SetScrollInfo

• 0x49f4fc SetRect

• 0x49f500 SetPropA

• 0x49f504 SetParent

• 0x49f508 SetMenuItemInfoA

• 0x49f50c SetMenu

• 0x49f510 SetKeyboardState

• 0x49f514 SetForegroundWindow

• 0x49f518 SetFocus

• 0x49f51c SetCursor

• 0x49f520 SetClipboardData

• 0x49f524 SetClassLongA

• 0x49f528 SetCapture

• 0x49f52c SetActiveWindow

• 0x49f530 SendMessageA

• 0x49f534 ScrollWindow

• 0x49f538 ScreenToClient

• 0x49f53c RemovePropA

• 0x49f540 RemoveMenu

• 0x49f544 ReleaseDC

• 0x49f548 ReleaseCapture

• 0x49f54c RegisterWindowMessageA

• 0x49f550 RegisterClipboardFormatA

• 0x49f554 RegisterClassA

• 0x49f558 RedrawWindow

• 0x49f55c PtInRect

• 0x49f560 PostQuitMessage

• 0x49f564 PostMessageA

• 0x49f568 PeekMessageA

• 0x49f56c OpenClipboard

• 0x49f570 OffsetRect

• 0x49f574 OemToCharA

• 0x49f578 MsgWaitForMultipleObjects

• 0x49f57c MessageBoxA

• 0x49f580 MessageBeep

• 0x49f584 MapWindowPoints

• 0x49f588 MapVirtualKeyA

• 0x49f58c LoadStringA

• 0x49f590 LoadKeyboardLayoutA

• 0x49f594 LoadIconA

• 0x49f598 LoadCursorA

• 0x49f59c LoadBitmapA

• 0x49f5a0 KillTimer

• 0x49f5a4 IsZoomed

• 0x49f5a8 IsWindowVisible

• 0x49f5ac IsWindowEnabled

• 0x49f5b0 IsWindow

• 0x49f5b4 IsRectEmpty

• 0x49f5b8 IsIconic

• 0x49f5bc IsDialogMessageA

• 0x49f5c0 IsChild

• 0x49f5c4 IsCharAlphaNumericA

• 0x49f5c8 IsCharAlphaA

• 0x49f5cc InvalidateRect

• 0x49f5d0 IntersectRect

• 0x49f5d4 InsertMenuItemA

• 0x49f5d8 InsertMenuA

• 0x49f5dc InflateRect

• 0x49f5e0 GetWindowThreadProcessId

• 0x49f5e4 GetWindowTextA

• 0x49f5e8 GetWindowRect

• 0x49f5ec GetWindowPlacement

• 0x49f5f0 GetWindowLongA

• 0x49f5f4 GetWindowDC

• 0x49f5f8 GetTopWindow

• 0x49f5fc GetSystemMetrics

• 0x49f600 GetSystemMenu

• 0x49f604 GetSysColorBrush

• 0x49f608 GetSysColor

• 0x49f60c GetSubMenu

• 0x49f610 GetScrollRange

• 0x49f614 GetScrollPos

• 0x49f618 GetScrollInfo

• 0x49f61c GetPropA

• 0x49f620 GetParent

• 0x49f624 GetWindow

• 0x49f628 GetMenuStringA

• 0x49f62c GetMenuState

• 0x49f630 GetMenuItemInfoA

• 0x49f634 GetMenuItemID

• 0x49f638 GetMenuItemCount

• 0x49f63c GetMenu

• 0x49f640 GetLastActivePopup

• 0x49f644 GetKeyboardState

• 0x49f648 GetKeyboardLayoutList

• 0x49f64c GetKeyboardLayout

• 0x49f650 GetKeyState

• 0x49f654 GetKeyNameTextA

• 0x49f658 GetIconInfo

• 0x49f65c GetForegroundWindow

• 0x49f660 GetFocus

• 0x49f664 GetDlgItem

• 0x49f668 GetDesktopWindow

• 0x49f66c GetDCEx

• 0x49f670 GetDC

• 0x49f674 GetCursorPos

• 0x49f678 GetCursor

• 0x49f67c GetClipboardData

• 0x49f680 GetClientRect

• 0x49f684 GetClassNameA

• 0x49f688 GetClassInfoA

• 0x49f68c GetCapture

• 0x49f690 GetActiveWindow

• 0x49f694 FrameRect

• 0x49f698 FindWindowA

• 0x49f69c FillRect

• 0x49f6a0 EqualRect

• 0x49f6a4 EnumWindows

• 0x49f6a8 EnumThreadWindows

• 0x49f6ac EnumClipboardFormats

• 0x49f6b0 EndPaint

• 0x49f6b4 EnableWindow

• 0x49f6b8 EnableScrollBar

• 0x49f6bc EnableMenuItem

• 0x49f6c0 EmptyClipboard

• 0x49f6c4 DrawTextA

• 0x49f6c8 DrawMenuBar

• 0x49f6cc DrawIconEx

• 0x49f6d0 DrawIcon

• 0x49f6d4 DrawFrameControl

• 0x49f6d8 DrawFocusRect

• 0x49f6dc DrawEdge

• 0x49f6e0 DispatchMessageA

• 0x49f6e4 DestroyWindow

• 0x49f6e8 DestroyMenu

• 0x49f6ec DestroyIcon

• 0x49f6f0 DestroyCursor

• 0x49f6f4 DeleteMenu

• 0x49f6f8 DefWindowProcA

• 0x49f6fc DefMDIChildProcA

• 0x49f700 DefFrameProcA

• 0x49f704 CreatePopupMenu

• 0x49f708 CreateMenu

• 0x49f70c CreateIcon

• 0x49f710 CloseClipboard

• 0x49f714 ClientToScreen

• 0x49f718 CheckMenuItem

• 0x49f71c CallWindowProcA

• 0x49f720 CallNextHookEx

• 0x49f724 BeginPaint

• 0x49f728 CharNextA

• 0x49f72c CharLowerBuffA

• 0x49f730 CharLowerA

• 0x49f734 CharUpperBuffA

• 0x49f738 CharToOemA

• 0x49f73c AdjustWindowRectEx

• 0x49f740 ActivateKeyboardLayout

Library kernel32.dll:

• 0x49f748 Sleep

Library oleaut32.dll:

• 0x49f750 SafeArrayPtrOfIndex

• 0x49f754 SafeArrayGetUBound

• 0x49f758 SafeArrayGetLBound

• 0x49f75c SafeArrayCreate

• 0x49f760 VariantChangeType

• 0x49f764 VariantCopy

• 0x49f768 VariantClear

• 0x49f76c VariantInit

Library comctl32.dll:

• 0x49f774 ImageList_SetIconSize

• 0x49f778 ImageList_GetIconSize

• 0x49f77c ImageList_Write

• 0x49f780 ImageList_Read

• 0x49f784 ImageList_GetDragImage

• 0x49f788 ImageList_DragShowNolock

• 0x49f78c ImageList_SetDragCursorImage

• 0x49f790 ImageList_DragMove

• 0x49f794 ImageList_DragLeave

• 0x49f798 ImageList_DragEnter

• 0x49f79c ImageList_EndDrag

• 0x49f7a0 ImageList_BeginDrag

• 0x49f7a4 ImageList_Remove

• 0x49f7a8 ImageList_DrawEx

• 0x49f7ac ImageList_Replace

• 0x49f7b0 ImageList_Draw

• 0x49f7b4 ImageList_GetBkColor

• 0x49f7b8 ImageList_SetBkColor

• 0x49f7bc ImageList_ReplaceIcon

• 0x49f7c0 ImageList_Add

• 0x49f7c4 ImageList_GetImageCount

• 0x49f7c8 ImageList_Destroy

• 0x49f7cc ImageList_Create

Library comdlg32.dll:

• 0x49f7d4 ChooseColorA

• 0x49f7d8 GetOpenFileNameA

Library kernel32.dll:

• 0x49f7e0 AddVectoredExceptionHandler

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51808	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	60123	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	65004	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	51809	239.255.255.250	3702
192.168.56.101	51811	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702
192.168.56.101	60124	239.255.255.250	3702
192.168.56.101	62194	239.255.255.250	1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.

section	CODE
section	DATA
section	BSS