2.4
中危
1 个模型检测该样本为恶意!
重新分析
更多

5f108f1130162d7dd724776852337db52366cf831c7a5cc1c4ce2c0641315a65

e5247c0cb155648fb1cd7f5ecc9550ce.exe

分析耗时

85s

最近分析

文件大小

702.0KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba 20190527 0.3.0.5
Tencent 20210206 1.0.0.1
Kingsoft 20210206 2017.9.26.565
CrowdStrike 20190702 1.0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620829974.370626
NtAllocateVirtualMemory
process_identifier: 2316
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00610000
success 0 0
File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)
Webroot W32.Malware.Gen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x4a01a0 VirtualFree
0x4a01a4 VirtualAlloc
0x4a01a8 LocalFree
0x4a01ac LocalAlloc
0x4a01b0 WideCharToMultiByte
0x4a01b4 TlsSetValue
0x4a01b8 TlsGetValue
0x4a01bc MultiByteToWideChar
0x4a01c0 GetModuleHandleA
0x4a01c4 GetLastError
0x4a01c8 GetCommandLineA
0x4a01cc WriteFile
0x4a01d0 SetFilePointer
0x4a01d4 SetEndOfFile
0x4a01d8 RtlUnwind
0x4a01dc ReadFile
0x4a01e0 RaiseException
0x4a01e4 GetStdHandle
0x4a01e8 GetFileSize
0x4a01ec GetSystemTime
0x4a01f0 GetFileType
0x4a01f4 ExitProcess
0x4a01f8 CreateFileA
0x4a01fc CloseHandle
Library user32.dll:
0x4a0204 MessageBoxA
Library oleaut32.dll:
0x4a020c SafeArrayPutElement
0x4a0210 SafeArrayCreate
0x4a0214 VariantChangeTypeEx
0x4a0218 VariantCopyInd
0x4a021c VariantClear
0x4a0220 SysStringLen
0x4a0224 SysAllocStringLen
Library advapi32.dll:
0x4a0230 RegSetValueExA
0x4a0234 RegQueryValueExA
0x4a0238 RegQueryInfoKeyA
0x4a023c RegOpenKeyExA
0x4a0240 RegEnumValueA
0x4a0244 RegEnumKeyExA
0x4a0248 RegDeleteValueA
0x4a024c RegDeleteKeyA
0x4a0250 RegCreateKeyExA
0x4a0254 RegCloseKey
0x4a0258 OpenThreadToken
0x4a025c OpenProcessToken
0x4a0268 GetUserNameA
0x4a026c GetTokenInformation
0x4a0270 FreeSid
0x4a0274 EqualSid
Library kernel32.dll:
0x4a0280 lstrcmpA
0x4a0284 WriteProfileStringA
0x4a028c WriteFile
0x4a0290 WaitForSingleObject
0x4a0294 VirtualFree
0x4a0298 VirtualAlloc
0x4a029c TransactNamedPipe
0x4a02a0 TerminateThread
0x4a02a4 TerminateProcess
0x4a02a8 Sleep
0x4a02ac SizeofResource
0x4a02b4 SetLastError
0x4a02b8 SetFileTime
0x4a02bc SetFilePointer
0x4a02c0 SetFileAttributesA
0x4a02c4 SetErrorMode
0x4a02c8 SetEndOfFile
0x4a02d0 RemoveDirectoryA
0x4a02d4 ReleaseMutex
0x4a02d8 ReadFile
0x4a02e0 OpenProcess
0x4a02e4 OpenMutexA
0x4a02e8 MultiByteToWideChar
0x4a02ec MulDiv
0x4a02f0 MoveFileExA
0x4a02f4 MoveFileA
0x4a02f8 LockResource
0x4a02fc LocalFree
0x4a0304 LoadResource
0x4a0308 LoadLibraryExA
0x4a030c LoadLibraryA
0x4a0310 IsDBCSLeadByte
0x4a0314 IsBadWritePtr
0x4a0318 GlobalUnlock
0x4a031c GlobalReAlloc
0x4a0320 GlobalHandle
0x4a0324 GlobalLock
0x4a0328 GlobalFree
0x4a032c GlobalDeleteAtom
0x4a0330 GlobalAlloc
0x4a0334 GlobalAddAtomA
0x4a033c GetVersionExA
0x4a0340 GetVersion
0x4a0348 GetTickCount
0x4a0350 GetSystemInfo
0x4a0354 GetSystemDirectoryA
0x4a035c GetShortPathNameA
0x4a0360 GetProfileStringA
0x4a0364 GetProcAddress
0x4a036c GetOverlappedResult
0x4a0370 GetModuleHandleA
0x4a0374 GetModuleFileNameA
0x4a0378 GetLogicalDrives
0x4a037c GetLocaleInfoA
0x4a0380 GetLocalTime
0x4a0384 GetLastError
0x4a0388 GetFullPathNameA
0x4a038c GetFileSize
0x4a0390 GetFileAttributesA
0x4a0394 GetExitCodeProcess
0x4a039c GetDriveTypeA
0x4a03a0 GetDiskFreeSpaceA
0x4a03a4 GetCurrentThreadId
0x4a03a8 GetCurrentThread
0x4a03ac GetCurrentProcessId
0x4a03b0 GetCurrentProcess
0x4a03b8 GetComputerNameA
0x4a03bc GetCommandLineA
0x4a03c0 GetACP
0x4a03c4 FreeResource
0x4a03c8 InterlockedExchange
0x4a03cc FreeLibrary
0x4a03d0 FormatMessageA
0x4a03d4 FlushFileBuffers
0x4a03d8 FindResourceA
0x4a03dc FindNextFileA
0x4a03e0 FindFirstFileA
0x4a03e4 FindClose
0x4a03f0 DeviceIoControl
0x4a03f4 DeleteFileA
0x4a03f8 CreateThread
0x4a03fc CreateProcessA
0x4a0400 CreateNamedPipeA
0x4a0404 CreateMutexA
0x4a0408 CreateFileA
0x4a040c CreateEventA
0x4a0410 CreateDirectoryA
0x4a0414 CopyFileA
0x4a0418 CompareStringA
0x4a041c CompareFileTime
0x4a0420 CloseHandle
Library mpr.dll:
0x4a0428 WNetOpenEnumA
0x4a0430 WNetGetConnectionA
0x4a0434 WNetEnumResourceA
0x4a0438 WNetCloseEnum
Library version.dll:
0x4a0440 VerQueryValueA
0x4a0448 GetFileVersionInfoA
Library gdi32.dll:
0x4a0450 UnrealizeObject
0x4a0454 TextOutA
0x4a0458 StretchDIBits
0x4a045c StretchBlt
0x4a0460 SetWindowOrgEx
0x4a0464 SetViewportOrgEx
0x4a0468 SetTextColor
0x4a046c SetStretchBltMode
0x4a0470 SetROP2
0x4a0474 SetPixel
0x4a0478 SetBkMode
0x4a047c SetBkColor
0x4a0480 SelectPalette
0x4a0484 SelectObject
0x4a0488 SaveDC
0x4a048c RoundRect
0x4a0490 RestoreDC
0x4a0494 RemoveFontResourceA
0x4a0498 Rectangle
0x4a049c RectVisible
0x4a04a0 RealizePalette
0x4a04a4 Polyline
0x4a04a8 Pie
0x4a04ac PatBlt
0x4a04b0 MoveToEx
0x4a04b4 LineTo
0x4a04b8 LineDDA
0x4a04bc IntersectClipRect
0x4a04c0 GetWindowOrgEx
0x4a04c4 GetTextMetricsA
0x4a04c8 GetTextExtentPointA
0x4a04d4 GetStockObject
0x4a04d8 GetPixel
0x4a04dc GetPaletteEntries
0x4a04e0 GetObjectA
0x4a04e4 GetDeviceCaps
0x4a04e8 GetDIBits
0x4a04f0 GetClipBox
0x4a04f4 GetBitmapBits
0x4a04f8 ExtFloodFill
0x4a04fc ExcludeClipRect
0x4a0500 EnumFontsA
0x4a0504 Ellipse
0x4a0508 DeleteObject
0x4a050c DeleteDC
0x4a0510 CreateSolidBrush
0x4a0514 CreateRectRgn
0x4a0518 CreatePenIndirect
0x4a051c CreatePalette
0x4a0520 CreateFontIndirectA
0x4a0524 CreateDIBitmap
0x4a0528 CreateDIBSection
0x4a052c CreateCompatibleDC
0x4a0534 CreateBrushIndirect
0x4a0538 CreateBitmap
0x4a053c Chord
0x4a0540 BitBlt
0x4a0544 Arc
0x4a0548 AddFontResourceA
Library user32.dll:
0x4a0550 WindowFromPoint
0x4a0554 WinHelpA
0x4a0558 WaitMessage
0x4a055c WaitForInputIdle
0x4a0560 UpdateWindow
0x4a0564 UnregisterClassA
0x4a0568 UnhookWindowsHookEx
0x4a056c TranslateMessage
0x4a0574 TrackPopupMenu
0x4a057c ShowWindow
0x4a0580 ShowOwnedPopups
0x4a0584 ShowCursor
0x4a0588 SetWindowRgn
0x4a058c SetWindowsHookExA
0x4a0590 SetWindowTextA
0x4a0594 SetWindowPos
0x4a0598 SetWindowPlacement
0x4a059c SetWindowLongW
0x4a05a0 SetWindowLongA
0x4a05a4 SetTimer
0x4a05a8 SetScrollPos
0x4a05ac SetScrollInfo
0x4a05b0 SetRectEmpty
0x4a05b4 SetRect
0x4a05b8 SetPropA
0x4a05bc SetMenu
0x4a05c0 SetForegroundWindow
0x4a05c4 SetFocus
0x4a05c8 SetCursor
0x4a05cc SetCapture
0x4a05d0 SetActiveWindow
0x4a05d4 SendNotifyMessageA
0x4a05d8 SendMessageTimeoutA
0x4a05dc SendMessageW
0x4a05e0 SendMessageA
0x4a05e4 ScrollWindowEx
0x4a05e8 ScrollWindow
0x4a05ec ScreenToClient
0x4a05f0 ReplyMessage
0x4a05f4 RemovePropA
0x4a05f8 RemoveMenu
0x4a05fc ReleaseDC
0x4a0600 ReleaseCapture
0x4a0608 RegisterClassA
0x4a060c PtInRect
0x4a0610 PostQuitMessage
0x4a0614 PostMessageA
0x4a0618 PeekMessageA
0x4a061c OffsetRect
0x4a0620 OemToCharBuffA
0x4a0624 OemToCharA
0x4a062c MessageBoxA
0x4a0630 MessageBeep
0x4a0634 MapWindowPoints
0x4a0638 MapVirtualKeyA
0x4a063c LoadStringA
0x4a0640 LoadIconA
0x4a0644 LoadCursorA
0x4a0648 LoadBitmapA
0x4a064c KillTimer
0x4a0650 IsZoomed
0x4a0654 IsWindowVisible
0x4a0658 IsWindowEnabled
0x4a065c IsWindow
0x4a0660 IsRectEmpty
0x4a0664 IsIconic
0x4a0668 IsDialogMessageA
0x4a066c InvalidateRect
0x4a0670 IntersectRect
0x4a0674 InsertMenuItemA
0x4a0678 InsertMenuA
0x4a067c InflateRect
0x4a0684 GetWindowTextA
0x4a0688 GetWindowRgn
0x4a068c GetWindowRect
0x4a0690 GetWindowPlacement
0x4a0694 GetWindowLongA
0x4a0698 GetSystemMetrics
0x4a069c GetSystemMenu
0x4a06a0 GetSysColor
0x4a06a4 GetSubMenu
0x4a06a8 GetScrollPos
0x4a06ac GetPropA
0x4a06b0 GetParent
0x4a06b4 GetWindow
0x4a06b8 GetMessagePos
0x4a06bc GetMessageA
0x4a06c0 GetMenuStringA
0x4a06c4 GetMenuState
0x4a06c8 GetMenuItemCount
0x4a06cc GetMenu
0x4a06d0 GetLastActivePopup
0x4a06d4 GetKeyState
0x4a06d8 GetKeyNameTextA
0x4a06dc GetIconInfo
0x4a06e0 GetForegroundWindow
0x4a06e4 GetFocus
0x4a06e8 GetDesktopWindow
0x4a06ec GetDCEx
0x4a06f0 GetDC
0x4a06f4 GetCursorPos
0x4a06f8 GetCursor
0x4a06fc GetClientRect
0x4a0700 GetClassInfoW
0x4a0704 GetClassInfoA
0x4a0708 GetCapture
0x4a070c GetActiveWindow
0x4a0710 FrameRect
0x4a0714 FindWindowA
0x4a0718 FillRect
0x4a071c ExitWindowsEx
0x4a0720 EqualRect
0x4a0724 EnumWindows
0x4a0728 EnumThreadWindows
0x4a072c EndPaint
0x4a0730 EnableWindow
0x4a0734 EnableMenuItem
0x4a0738 DrawTextW
0x4a073c DrawTextA
0x4a0740 DrawMenuBar
0x4a0744 DrawIconEx
0x4a0748 DrawIcon
0x4a074c DrawFrameControl
0x4a0750 DrawFocusRect
0x4a0754 DispatchMessageA
0x4a0758 DestroyWindow
0x4a075c DestroyMenu
0x4a0760 DestroyIcon
0x4a0764 DestroyCursor
0x4a0768 DeleteMenu
0x4a076c DefWindowProcA
0x4a0770 DefMDIChildProcA
0x4a0774 DefFrameProcA
0x4a0778 CreateWindowExA
0x4a077c CreatePopupMenu
0x4a0780 CreateMenu
0x4a0784 CreateIcon
0x4a0788 ClientToScreen
0x4a078c CheckMenuItem
0x4a0790 CallWindowProcW
0x4a0794 CallWindowProcA
0x4a0798 CallNextHookEx
0x4a079c BringWindowToTop
0x4a07a0 BeginPaint
0x4a07a4 AppendMenuA
0x4a07a8 CharPrevA
0x4a07ac CharNextA
0x4a07b0 CharLowerBuffA
0x4a07b4 CharLowerA
0x4a07b8 CharUpperBuffA
0x4a07bc CharToOemBuffA
0x4a07c0 AdjustWindowRectEx
Library comctl32.dll:
0x4a07c8 InitCommonControls
Library comctl32.dll:
0x4a07dc ImageList_DragMove
0x4a07e0 ImageList_DragLeave
0x4a07e4 ImageList_DragEnter
0x4a07e8 ImageList_EndDrag
0x4a07ec ImageList_BeginDrag
0x4a07f8 ImageList_Destroy
0x4a07fc ImageList_Create
0x4a0800 InitCommonControls
Library ole32.dll:
0x4a0808 CoTaskMemFree
0x4a080c CLSIDFromProgID
0x4a0810 CoCreateInstance
0x4a0818 CoUninitialize
0x4a081c CoInitialize
0x4a0820 IsEqualGUID
Library oleaut32.dll:
0x4a0828 GetActiveObject
0x4a082c RegisterTypeLib
0x4a0830 LoadTypeLib
0x4a0834 SysFreeString
Library shell32.dll:
0x4a083c ShellExecuteExA
0x4a0840 ShellExecuteA
0x4a0844 SHGetFileInfoA
0x4a0848 ExtractIconA
Library shell32.dll:
0x4a0850 SHChangeNotify
0x4a0854 SHBrowseForFolder
0x4a0858 SHGetPathFromIDList
0x4a085c SHGetMalloc
Library comdlg32.dll:
0x4a0864 GetSaveFileNameA
0x4a0868 GetOpenFileNameA
Library ole32.dll:
0x4a0870 CoDisconnectObject
Library advapi32.dll:
Library msimg32.dll:
0x4a0880 AlphaBlend

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50003 239.255.255.250 3702
192.168.56.101 50005 239.255.255.250 3702
192.168.56.101 50539 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.