2.0
低危
该样本未表现出任何异常!
重新分析
更多

27973b7b2aa867b86dad2440a42efef72e661b73e96ae628dd265aa30a7d61fb

e697e4dc8d924bc1c066df5d601f08a4.exe

分析耗时

85s

最近分析

文件大小

18.9MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
行为判定
动态指标
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.9980909085395275 section {'size_of_data': '0x011aa000', 'virtual_address': '0x0013d000', 'entropy': 7.9980909085395275, 'name': '.setup', 'virtual_size': '0x011a9701'} description A section with a high entropy has been found
entropy 0.9355781415677451 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1620842847.200374
LookupPrivilegeValueW
system_name:
privilege_name: SeTakeOwnershipPrivilege
success 1 0
Queries for potentially installed applications (1 个事件)
Time & API Arguments Status Return Repeated
1620842847.950374
RegOpenKeyExW
access: 0x0002000f
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\FolderViewer
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\FolderViewer
options: 0
failed 2 0
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2017-01-29 05:56:32

Imports

Library WS2_32.dll:
0x479440 connect
0x479444 recvfrom
0x479448 sendto
0x47944c send
0x479450 getsockopt
0x479454 socket
0x479458 shutdown
0x47945c closesocket
0x479460 bind
0x479464 WSAStartup
0x479468 gethostname
0x47946c ioctlsocket
0x479470 setsockopt
0x479474 htons
0x479478 select
0x47947c __WSAFDIsSet
0x479480 WSACleanup
0x479484 gethostbyname
0x479488 WSAGetLastError
0x47948c WSASetLastError
0x479490 recv
Library VERSION.dll:
0x479434 VerQueryValueA
0x479438 GetFileVersionInfoW
Library KERNEL32.dll:
0x47908c GetLongPathNameW
0x479090 CreateDirectoryW
0x479094 FindNextFileW
0x479098 FindFirstFileW
0x47909c DeleteFileW
0x4790a0 MoveFileW
0x4790a4 RemoveDirectoryW
0x4790a8 GetTempFileNameW
0x4790ac DeleteFileA
0x4790b0 MoveFileA
0x4790b4 CreateFileW
0x4790bc IsBadReadPtr
0x4790c0 GetCommandLineA
0x4790d8 GlobalAlloc
0x4790dc GlobalLock
0x4790e0 GlobalUnlock
0x4790e4 HeapCreate
0x4790e8 HeapSize
0x4790ec GetExitCodeProcess
0x4790f0 GetCurrentProcess
0x4790f4 GetCurrentProcessId
0x4790f8 GetLastError
0x4790fc SetLastError
0x479104 GetTempPathW
0x479108 GetVersionExA
0x47910c GetShortPathNameW
0x479114 TerminateProcess
0x479118 LocalFree
0x47911c FormatMessageA
0x479124 GetTempPathA
0x479128 CreateProcessA
0x47912c GetLocaleInfoA
0x479130 GetUserDefaultLCID
0x479134 IsValidCodePage
0x479138 GetACP
0x47913c GetOEMCP
0x479140 LocalAlloc
0x479144 ExitThread
0x479148 GetCurrentThread
0x47914c SetThreadPriority
0x479150 OpenProcess
0x479154 TerminateThread
0x479158 ResumeThread
0x47916c ReleaseSemaphore
0x479170 ReleaseMutex
0x479174 CreateSemaphoreA
0x479178 CreateMutexA
0x47917c HeapFree
0x479180 RtlUnwind
0x479184 HeapReAlloc
0x479188 HeapAlloc
0x47918c CreateThread
0x479190 GetStartupInfoA
0x479198 GetFileType
0x4791a0 GetStdHandle
0x4791a4 TlsGetValue
0x4791a8 TlsAlloc
0x4791ac TlsSetValue
0x4791b0 TlsFree
0x4791bc GetCPInfo
0x4791c0 GetConsoleCP
0x4791c4 GetConsoleMode
0x4791c8 GetFileAttributesA
0x4791cc SetHandleCount
0x4791d4 SetStdHandle
0x4791d8 LCMapStringA
0x4791dc GetStringTypeA
0x4791e0 WriteConsoleA
0x4791e4 GetConsoleOutputCP
0x4791e8 WriteConsoleW
0x4791ec CompareStringA
0x4791f0 GetVersion
0x4791f4 GetFileSize
0x4791f8 lstrcmpA
0x4791fc lstrlenA
0x479200 GetDiskFreeSpaceA
0x479204 WriteFile
0x479208 ReadFile
0x479210 CopyFileW
0x479214 CopyFileA
0x479218 SetFileAttributesW
0x47921c GetFileAttributesW
0x479220 CreateFileA
0x47922c FindClose
0x479230 UnlockFile
0x479234 SetFilePointer
0x47923c FlushFileBuffers
0x479240 SetFileTime
0x479244 GetFileTime
0x479248 SetEndOfFile
0x47924c UnmapViewOfFile
0x479250 RaiseException
0x479258 GetDriveTypeA
0x47925c WaitForSingleObject
0x479260 GetSystemDirectoryW
0x479264 GetSystemDirectoryA
0x479268 SizeofResource
0x47926c LoadResource
0x479270 LockResource
0x479274 GetModuleHandleA
0x479278 GetModuleFileNameW
0x47927c GetModuleFileNameA
0x479280 FindResourceA
0x479284 GetSystemTime
0x479294 GetLocalTime
0x479298 VirtualAlloc
0x47929c VirtualFree
0x4792a0 LoadLibraryA
0x4792a4 GetProcAddress
0x4792a8 FreeLibrary
0x4792ac GetCurrentThreadId
0x4792b0 ExitProcess
0x4792b4 CreateProcessW
0x4792b8 CloseHandle
0x4792bc Sleep
0x4792c0 GetTickCount
Library USER32.dll:
0x4792ec GetSysColor
0x4792f0 FindWindowExA
0x4792f4 SetActiveWindow
0x4792f8 GetSystemMenu
0x4792fc DefWindowProcA
0x479300 DefWindowProcW
0x479304 GetWindowTextA
0x47930c GetWindowTextW
0x479314 SetWindowTextW
0x479318 ClientToScreen
0x47931c DestroyWindow
0x479320 EnableWindow
0x479324 IsWindow
0x479328 GetWindowLongA
0x47932c SetFocus
0x479330 SetForegroundWindow
0x479334 InvalidateRect
0x479338 IsIconic
0x47933c GetParent
0x479344 ShowWindow
0x479348 IsWindowUnicode
0x47934c GetClassNameA
0x479350 GetWindowPlacement
0x479354 SetWindowPlacement
0x479358 GetWindowRect
0x47935c MoveWindow
0x479360 CharUpperA
0x479364 CharLowerA
0x479368 FillRect
0x47936c LoadImageA
0x479370 LoadImageW
0x479374 DestroyIcon
0x479378 SendMessageW
0x47937c SetClipboardData
0x479380 EmptyClipboard
0x479384 OpenClipboard
0x479388 CloseClipboard
0x47938c MapDialogRect
0x479390 GetDialogBaseUnits
0x479394 SetDlgItemTextW
0x479398 GetDlgItem
0x47939c CreateDialogParamW
0x4793a0 CreateDialogParamA
0x4793a4 DialogBoxParamW
0x4793a8 ExitWindowsEx
0x4793ac GetSystemMetrics
0x4793b0 SendMessageA
0x4793b4 SetWindowPos
0x4793b8 RegisterClassExW
0x4793bc CreateWindowExW
0x4793c0 RegisterClassA
0x4793c4 CreateWindowExA
0x4793c8 BeginPaint
0x4793cc EndPaint
0x4793d0 GetClientRect
0x4793d4 MessageBoxA
0x4793d8 SetDlgItemTextA
0x4793dc SetWindowTextA
0x4793e0 DialogBoxParamA
0x4793e4 SetWindowLongA
0x4793e8 MessageBoxW
0x4793ec EnumWindows
0x4793f0 SetWindowsHookExA
0x4793f4 CallNextHookEx
0x4793f8 UnhookWindowsHookEx
0x4793fc SendDlgItemMessageA
0x479400 EndDialog
0x479404 PostMessageA
0x479408 ReleaseDC
0x47940c GetDC
0x479414 SetCursor
0x479418 LoadCursorA
0x47941c PeekMessageW
0x479420 TranslateMessage
0x479424 DispatchMessageW
0x479428 EnableMenuItem
Library GDI32.dll:
0x47903c GetStockObject
0x479040 TextOutW
0x479044 CreateDIBSection
0x479048 EnumFontFamiliesExA
0x47904c AddFontResourceW
0x479050 RemoveFontResourceW
0x479054 GetDeviceCaps
0x479058 CreateSolidBrush
0x47905c DeleteObject
0x479060 SelectObject
0x479068 SetTextColor
0x479070 CreateFontA
0x479074 SetBrushOrgEx
0x479078 SetStretchBltMode
0x47907c SetBkColor
0x479080 SetBkMode
0x479084 StretchDIBits
Library ADVAPI32.dll:
0x479000 RegCloseKey
0x479004 RegDeleteKeyA
0x479008 RegCreateKeyExW
0x47900c GetUserNameW
0x479010 RegDeleteValueA
0x479014 RegDeleteValueW
0x479018 RegQueryValueExW
0x47901c RegQueryInfoKeyA
0x479020 RegOpenKeyExW
0x479024 RegOpenKeyExA
0x479028 RegSetValueExA
0x47902c RegSetValueExW
0x479030 RegQueryValueExA
0x479034 RegEnumKeyA
Library SHELL32.dll:
0x4792c8 SHBrowseForFolderW
0x4792d4 SHGetMalloc
0x4792d8 SHFileOperationA
0x4792dc SHFileOperationW
0x4792e0 ShellExecuteW
0x4792e4 ShellExecuteA
Library ole32.dll:
0x479498 CoTaskMemFree
0x4794a0 CoCreateInstance
0x4794a4 OleInitialize
0x4794a8 OleUninitialize
0x4794ac CoInitialize

Exports

Ordinal Address Name
1 0x477280 _CharLowerW@4
2 0x477160 _CharUpperW@4
3 0x4776b0 _CoInitializeEx@8
4 0x4768e0 _CompareStringW@24
5 0x476e70 _GetFileAttributesExA@12
6 0x476fb0 _GetFileAttributesExW@12
7 0x476750 _GetFileSizeEx@8
8 0x4767f0 _GetLocaleInfoW@16
9 0x4770f0 _GetMenuBarInfo@16
10 0x476390 _GetModuleHandleW@4

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50539 239.255.255.250 1900
192.168.56.101 50541 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.