SmartHawk

1.6

低危

2 个模型检测该样本为恶意！

c21bfc263890f02763f56b4e9f5cf9113656cf09d7864b53ec2fd2024bdadd60

e16dd9faeca97b4c185426e5672becba.exe

分析耗时

77s

最近分析

文件大小

341.4KB

静态报毒动态报毒 MALICIOUS

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba		20190527	0.3.0.5
Avast		20210508	21.1.5827.0
Baidu		20190318	1.0.0.2
Kingsoft		20210508	2017.9.26.565
McAfee		20210504	6.0.6.653
CrowdStrike		20210203	1.0

Checks if process is being debugged by a debugger (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1620809366.341327 IsDebuggerPresent		failed	0	0
1620809366.341327 IsDebuggerPresent		failed	0	0

This executable is signed

This executable has a PDB path (1 个事件)

pdb_path

g:\Acro_root_ns\BuildResults\bin\Release\AcroRd32Exe.pdb

File has been identified by 2 AntiVirus engines on VirusTotal as malicious (2 个事件)

APEX	Malicious
Sophos	ML/PE-A

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2008-06-12 17:47:15

Imports

Library KERNEL32.dll:

• 0x405020 CloseHandle

• 0x405024 UnmapViewOfFile

• 0x405028 CreateFileA

• 0x40502c VirtualQueryEx

• 0x405030 GetCurrentProcess

• 0x405034 MapViewOfFile

• 0x405038 CreateFileMappingW

• 0x40503c GetFileAttributesA

• 0x405040 FindClose

• 0x405044 FindNextFileA

• 0x405048 FindFirstFileA

• 0x40504c ReadFile

• 0x405050 SetFilePointer

• 0x405054 GetTempPathA

• 0x405058 GetWindowsDirectoryA

• 0x40505c GetSystemDirectoryA

• 0x405060 SizeofResource

• 0x405064 LockResource

• 0x405068 GetSystemInfo

• 0x40506c FindResourceW

• 0x405070 FindResourceExW

• 0x405074 MultiByteToWideChar

• 0x405078 LoadLibraryW

• 0x40507c FreeLibrary

• 0x405080 GetProcAddress

• 0x405084 GetSystemDirectoryW

• 0x405088 HeapReAlloc

• 0x40508c HeapFree

• 0x405090 HeapAlloc

• 0x405094 HeapDestroy

• 0x405098 DeleteCriticalSection

• 0x40509c InitializeCriticalSection

• 0x4050a0 LeaveCriticalSection

• 0x4050a4 EnterCriticalSection

• 0x4050a8 RaiseException

• 0x4050ac GetVersionExA

• 0x4050b0 IsDebuggerPresent

• 0x4050b4 OutputDebugStringA

• 0x4050b8 GetVersionExW

• 0x4050bc HeapSize

• 0x4050c0 GetProcessHeap

• 0x4050c4 GetCurrentThreadId

• 0x4050c8 LoadResource

• 0x4050cc GetCurrentProcessId

• 0x4050d0 GetThreadLocale

• 0x4050d4 GetLocaleInfoA

• 0x4050d8 GetACP

• 0x4050dc GetSystemTimeAsFileTime

• 0x4050e0 Sleep

• 0x4050e4 InterlockedCompareExchange

• 0x4050e8 GetStartupInfoW

• 0x4050ec TerminateProcess

• 0x4050f0 UnhandledExceptionFilter

• 0x4050f4 SetUnhandledExceptionFilter

• 0x4050f8 QueryPerformanceCounter

• 0x4050fc GetTickCount

• 0x405100 InterlockedExchange

Library USER32.dll:

• 0x405220 MessageBoxW

• 0x405224 SendMessageW

• 0x405228 FindWindowW

• 0x40522c UnregisterClassA

Library ADVAPI32.dll:

• 0x405000 RegQueryValueExA

• 0x405004 RegOpenKeyA

• 0x405008 RegQueryValueA

• 0x40500c RegOpenKeyW

• 0x405010 RegQueryValueExW

• 0x405014 RegCloseKey

• 0x405018 RegOpenKeyExA

Library SHELL32.dll:

• 0x405210 SHGetMalloc

• 0x405214 SHGetPathFromIDListA

• 0x405218 SHGetSpecialFolderLocation

Library MSVCP80.dll:

• 0x405108 ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z

• 0x40510c ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

• 0x405110 ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

• 0x405114 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z

• 0x405118 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z

• 0x40511c ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

• 0x405120 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

• 0x405124 ??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

• 0x405128 ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

• 0x40512c ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

• 0x405130 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

• 0x405134 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z

Library MSVCR80.dll:

• 0x40513c ??2@YAPAXI@Z

• 0x405140 _CxxThrowException

• 0x405144 ??0exception@std@@QAE@ABV01@@Z

• 0x405148 ??_V@YAXPAX@Z

• 0x40514c strchr

• 0x405150 strrchr

• 0x405154 free

• 0x405158 strcpy

• 0x40515c malloc

• 0x405160 strlen

• 0x405164 strcmp

• 0x405168 memcpy_s

• 0x40516c wcslen

• 0x405170 memset

• 0x405174 _stricmp

• 0x405178 wcscat_s

• 0x40517c ?terminate@@YAXXZ

• 0x405180 _unlock

• 0x405184 __dllonexit

• 0x405188 _encode_pointer

• 0x40518c _lock

• 0x405190 _onexit

• 0x405194 _decode_pointer

• 0x405198 _amsg_exit

• 0x40519c __wgetmainargs

• 0x4051a0 _cexit

• 0x4051a4 _exit

• 0x4051a8 _XcptFilter

• 0x4051ac exit

• 0x4051b0 _wcmdln

• 0x4051b4 _initterm

• 0x4051b8 _initterm_e

• 0x4051bc _configthreadlocale

• 0x4051c0 __setusermatherr

• 0x4051c4 _adjust_fdiv

• 0x4051c8 __p__commode

• 0x4051cc __p__fmode

• 0x4051d0 __set_app_type

• 0x4051d4 _crt_debugger_hook

• 0x4051d8 ?_type_info_dtor_internal_method@type_info@@QAEXXZ

• 0x4051dc _except_handler4_common

• 0x4051e0 _invoke_watson

• 0x4051e4 _controlfp_s

• 0x4051e8 _invalid_parameter_noinfo

• 0x4051ec ??0exception@std@@QAE@XZ

• 0x4051f0 ??1exception@std@@UAE@XZ

• 0x4051f4 ??0exception@std@@QAE@ABQBDH@Z

• 0x4051f8 ?what@exception@std@@UBEPBDXZ

• 0x4051fc ??0exception@std@@QAE@ABQBD@Z

• 0x405200 __CxxFrameHandler3

• 0x405204 _snprintf

• 0x405208 ??3@YAXPAX@Z

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	49236	239.255.255.250	3702
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	50537	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.