SmartHawk

2.8

中危

该样本未表现出任何异常！

重新分析

下载样本

7eb9b754ff98c9eb9223e79728c8b0162e005411a51f1dc0e952a9690950666d

e0c13404e780ce071ff62005bdf0315d.exe

分析耗时

30s

最近分析

文件大小

10.7MB

静态报毒动态报毒

未检测暂无鹰眼引擎检测结果

未检测暂无反病毒引擎检测结果

This executable has a PDB path (1 个事件)

pdb_path

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

Allocates read-write-execute memory (usually to unpack itself) (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1620843446.636249 NtProtectVirtualMemory	process_identifier: 2420 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x75121000	success	0	0
1620843446.746249 NtProtectVirtualMemory	process_identifier: 2420 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x75101000	success	0	0

Foreign language identified in PE resource (22 个事件)

name

RT_BITMAP

language

LANG_CHINESE

offset

0x0005154c

filetype

data

sublanguage

SUBLANG_CHINESE_TRADITIONAL

size

0x00000bb6

name

RT_ICON

language

LANG_CHINESE

offset

0x00052a7c

filetype

data

sublanguage

SUBLANG_CHINESE_TRADITIONAL

size

0x000008a8

name

RT_ICON

language

LANG_CHINESE

offset

0x00052a7c

filetype

data

sublanguage

SUBLANG_CHINESE_TRADITIONAL

size

0x000008a8

name

RT_ICON

language

LANG_CHINESE

offset

0x00052a7c

filetype

data

sublanguage

SUBLANG_CHINESE_TRADITIONAL

size

0x000008a8

name

RT_ICON

language

LANG_CHINESE

offset

0x00052a7c

filetype

data

sublanguage

SUBLANG_CHINESE_TRADITIONAL

size

0x000008a8

name

RT_DIALOG

language

LANG_CHINESE

offset

0x000539b4

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000001ce

name

RT_DIALOG

language

LANG_CHINESE

offset

0x000539b4

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000001ce

name

RT_DIALOG

language

LANG_CHINESE

offset

0x000539b4

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000001ce

name

RT_DIALOG

language

LANG_CHINESE

offset

0x000539b4

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000001ce

name

RT_DIALOG

language

LANG_CHINESE

offset

0x000539b4

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000001ce

name

RT_DIALOG

language

LANG_CHINESE

offset

0x000539b4

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000001ce

name

RT_STRING

language

LANG_CHINESE

offset

0x00054230

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000004a

name

RT_STRING

language

LANG_CHINESE

offset

0x00054230

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000004a

name

RT_STRING

language

LANG_CHINESE

offset

0x00054230

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000004a

name

RT_STRING

language

LANG_CHINESE

offset

0x00054230

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000004a

name

RT_STRING

language

LANG_CHINESE

offset

0x00054230

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000004a

name

RT_STRING

language

LANG_CHINESE

offset

0x00054230

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000004a

name

RT_STRING

language

LANG_CHINESE

offset

0x00054230

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000004a

name

RT_STRING

language

LANG_CHINESE

offset

0x00054230

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000004a

name

RT_STRING

language

LANG_CHINESE

offset

0x00054230

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x0000004a

name

RT_GROUP_ICON

language

LANG_CHINESE

offset

0x0005427c

filetype

data

sublanguage

SUBLANG_CHINESE_TRADITIONAL

size

0x0000003e

name

RT_MANIFEST

language

LANG_CHINESE

offset

0x000542bc

filetype

XML 1.0 document, ASCII text, with CRLF line terminators

sublanguage

SUBLANG_CHINESE_TRADITIONAL

size

0x00000640

Creates executable files on the filesystem (5 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\winstart\nvrtc64_80.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\winstart\nvrtc-builtins64_80.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\winstart\myminera.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\winstart\myminer.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\winstart\myminern.exe

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Generates some ICMP traffic

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2014-03-18 16:41:31

Imports

Library COMCTL32.dll:

• 0x42a028 InitCommonControlsEx

Library SHLWAPI.dll:

• 0x42a27c SHAutoComplete

Library KERNEL32.dll:

• 0x42a054 ReadFile

• 0x42a058 FlushFileBuffers

• 0x42a05c GetFileAttributesW

• 0x42a060 SetFileAttributesW

• 0x42a064 FindClose

• 0x42a068 FindNextFileW

• 0x42a06c FindFirstFileW

• 0x42a070 GetCurrentDirectoryW

• 0x42a074 GetFullPathNameW

• 0x42a078 GetModuleFileNameW

• 0x42a07c FindResourceW

• 0x42a080 GetModuleHandleW

• 0x42a084 FreeLibrary

• 0x42a088 GetProcAddress

• 0x42a08c LoadLibraryW

• 0x42a090 GetCurrentProcessId

• 0x42a094 GetLocaleInfoW

• 0x42a098 GetNumberFormatW

• 0x42a09c ExpandEnvironmentStringsW

• 0x42a0a0 WaitForSingleObject

• 0x42a0a4 GetDateFormatW

• 0x42a0a8 GetTimeFormatW

• 0x42a0ac FileTimeToSystemTime

• 0x42a0b0 FileTimeToLocalFileTime

• 0x42a0b4 GetExitCodeProcess

• 0x42a0b8 GetTempPathW

• 0x42a0bc MoveFileExW

• 0x42a0c0 Sleep

• 0x42a0c4 UnmapViewOfFile

• 0x42a0c8 MapViewOfFile

• 0x42a0cc GetCommandLineW

• 0x42a0d0 CreateFileMappingW

• 0x42a0d4 GetTickCount

• 0x42a0d8 SetEnvironmentVariableW

• 0x42a0dc OpenFileMappingW

• 0x42a0e0 InitializeCriticalSection

• 0x42a0e4 DeleteCriticalSection

• 0x42a0e8 EnterCriticalSection

• 0x42a0ec LeaveCriticalSection

• 0x42a0f0 CreateThread

• 0x42a0f4 GetProcessAffinityMask

• 0x42a0f8 ReleaseSemaphore

• 0x42a0fc ResetEvent

• 0x42a100 SetEvent

• 0x42a104 SetThreadPriority

• 0x42a108 CreateEventW

• 0x42a10c CreateSemaphoreW

• 0x42a110 SystemTimeToFileTime

• 0x42a114 GetSystemTime

• 0x42a118 SystemTimeToTzSpecificLocalTime

• 0x42a11c TzSpecificLocalTimeToSystemTime

• 0x42a120 WideCharToMultiByte

• 0x42a124 SetFileTime

• 0x42a128 GetFileType

• 0x42a12c IsDBCSLeadByte

• 0x42a130 GetCPInfo

• 0x42a134 GlobalAlloc

• 0x42a138 SetCurrentDirectoryW

• 0x42a13c WriteConsoleW

• 0x42a140 GetConsoleOutputCP

• 0x42a144 WriteConsoleA

• 0x42a148 SetStdHandle

• 0x42a14c GetLocaleInfoA

• 0x42a150 GetStringTypeW

• 0x42a154 GetStringTypeA

• 0x42a158 LoadLibraryA

• 0x42a15c GetConsoleMode

• 0x42a160 GetConsoleCP

• 0x42a164 InitializeCriticalSectionAndSpinCount

• 0x42a168 QueryPerformanceCounter

• 0x42a16c SetHandleCount

• 0x42a170 GetEnvironmentStringsW

• 0x42a174 FreeEnvironmentStringsW

• 0x42a178 GetEnvironmentStrings

• 0x42a17c FreeEnvironmentStringsA

• 0x42a180 GetModuleHandleA

• 0x42a184 LCMapStringW

• 0x42a188 LCMapStringA

• 0x42a18c IsValidCodePage

• 0x42a190 GetOEMCP

• 0x42a194 GetACP

• 0x42a198 GetModuleFileNameA

• 0x42a19c ExitProcess

• 0x42a1a0 HeapSize

• 0x42a1a4 IsDebuggerPresent

• 0x42a1a8 SetUnhandledExceptionFilter

• 0x42a1ac UnhandledExceptionFilter

• 0x42a1b0 TerminateProcess

• 0x42a1b4 VirtualAlloc

• 0x42a1b8 VirtualFree

• 0x42a1bc HeapCreate

• 0x42a1c0 InterlockedDecrement

• 0x42a1c4 GetCurrentThreadId

• 0x42a1c8 InterlockedIncrement

• 0x42a1cc TlsFree

• 0x42a1d0 TlsSetValue

• 0x42a1d4 TlsAlloc

• 0x42a1d8 TlsGetValue

• 0x42a1dc GetStartupInfoA

• 0x42a1e0 SetEndOfFile

• 0x42a1e4 SetFilePointer

• 0x42a1e8 WriteFile

• 0x42a1ec GetStdHandle

• 0x42a1f0 GetLongPathNameW

• 0x42a1f4 GetShortPathNameW

• 0x42a1f8 CompareStringW

• 0x42a1fc MoveFileW

• 0x42a200 CreateFileW

• 0x42a204 CreateDirectoryW

• 0x42a208 DeviceIoControl

• 0x42a20c RemoveDirectoryW

• 0x42a210 DeleteFileW

• 0x42a214 CreateHardLinkW

• 0x42a218 GetCurrentProcess

• 0x42a21c CloseHandle

• 0x42a220 SetLastError

• 0x42a224 GetLastError

• 0x42a228 CreateFileA

• 0x42a22c MultiByteToWideChar

• 0x42a230 GetCommandLineA

• 0x42a234 RaiseException

• 0x42a238 GetSystemTimeAsFileTime

• 0x42a23c HeapAlloc

• 0x42a240 HeapReAlloc

• 0x42a244 HeapFree

• 0x42a248 RtlUnwind

Library USER32.dll:

• 0x42a284 EnableWindow

• 0x42a288 GetDlgItem

• 0x42a28c ShowWindow

• 0x42a290 SetWindowLongW

• 0x42a294 FindWindowExW

• 0x42a298 GetParent

• 0x42a29c MapWindowPoints

• 0x42a2a0 CreateWindowExW

• 0x42a2a4 UpdateWindow

• 0x42a2a8 LoadCursorW

• 0x42a2ac RegisterClassExW

• 0x42a2b0 DefWindowProcW

• 0x42a2b4 DestroyWindow

• 0x42a2b8 CopyRect

• 0x42a2bc IsWindow

• 0x42a2c0 OemToCharBuffA

• 0x42a2c4 LoadIconW

• 0x42a2c8 LoadBitmapW

• 0x42a2cc PostMessageW

• 0x42a2d0 SetForegroundWindow

• 0x42a2d4 MessageBoxW

• 0x42a2d8 WaitForInputIdle

• 0x42a2dc IsWindowVisible

• 0x42a2e0 DialogBoxParamW

• 0x42a2e4 DestroyIcon

• 0x42a2e8 SetFocus

• 0x42a2ec GetClassNameW

• 0x42a2f0 SendDlgItemMessageW

• 0x42a2f4 EndDialog

• 0x42a2f8 GetDlgItemTextW

• 0x42a2fc SetDlgItemTextW

• 0x42a300 wvsprintfW

• 0x42a304 SendMessageW

• 0x42a308 GetDC

• 0x42a30c ReleaseDC

• 0x42a310 PeekMessageW

• 0x42a314 GetMessageW

• 0x42a318 TranslateMessage

• 0x42a31c DispatchMessageW

• 0x42a320 LoadStringW

• 0x42a324 GetWindowRect

• 0x42a328 GetClientRect

• 0x42a32c SetWindowPos

• 0x42a330 GetWindowTextW

• 0x42a334 SetWindowTextW

• 0x42a338 GetSystemMetrics

• 0x42a33c GetWindow

• 0x42a340 GetWindowLongW

• 0x42a344 GetSysColor

Library GDI32.dll:

• 0x42a040 GetObjectW

• 0x42a044 DeleteObject

• 0x42a048 GetDeviceCaps

• 0x42a04c CreateDIBSection

Library COMDLG32.dll:

• 0x42a030 GetSaveFileNameW

• 0x42a034 CommDlgExtendedError

• 0x42a038 GetOpenFileNameW

Library ADVAPI32.dll:

• 0x42a000 RegOpenKeyExW

• 0x42a004 RegQueryValueExW

• 0x42a008 RegCreateKeyExW

• 0x42a00c RegSetValueExW

• 0x42a010 RegCloseKey

• 0x42a014 SetFileSecurityW

• 0x42a018 OpenProcessToken

• 0x42a01c LookupPrivilegeValueW

• 0x42a020 AdjustTokenPrivileges

Library SHELL32.dll:

• 0x42a258 SHGetMalloc

• 0x42a25c SHGetSpecialFolderLocation

• 0x42a260 SHGetFileInfoW

• 0x42a264 ShellExecuteExW

• 0x42a268 SHChangeNotify

• 0x42a26c SHFileOperationW

• 0x42a270 SHBrowseForFolderW

• 0x42a274 SHGetPathFromIDListW

Library ole32.dll:

• 0x42a34c CLSIDFromString

• 0x42a350 CoCreateInstance

• 0x42a354 OleInitialize

• 0x42a358 OleUninitialize

• 0x42a35c CreateStreamOnHGlobal

Library OLEAUT32.dll:

• 0x42a250 VariantInit

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net A 51.105.208.173
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1
dns.msftncsi.com	A 131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50002	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	62318	114.114.114.114	53
192.168.56.101	62912	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57756	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	60384	224.0.0.252	5355
192.168.56.101	61680	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	49238	239.255.255.250	1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.