1.6
低危
2 个模型检测该样本为恶意!
重新分析
更多

76d2ad3dfa217321475a92b2f7ddf497d69e3c8537b216f83e512e4fa91c332f

e9022af4e5cf995c2f2a9d897af560e9.exe

分析耗时

22s

最近分析

文件大小

1.9MB
静态报毒 动态报毒 ASMALWS MALICIOUS
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20210504 6.0.6.653
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Tencent 20210509 1.0.0.1
Kingsoft 20210509 2017.9.26.565
Avast 20210509 21.1.5827.0
CrowdStrike 20210203 1.0
静态指标
This executable has a PDB path (1 个事件)
pdb_path T:\p4\Patcher\External\Libraries\sentry-native\0.3.1\_build\crashpad_build\handler\ReleaseStatic\crashpad_handler.pdb
The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 个事件)
section .00cfg
section CPADinfo
The executable uses a known packer (1 个事件)
packer Microsoft Visual C++ V8.0 (Debug)
行为判定
动态指标
File has been identified by 2 AntiVirus engines on VirusTotal as malicious (2 个事件)
APEX Malicious
Antiy-AVL Trojan/Generic.ASMalwS.31D86DF
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 52.218.20.234
host 93.184.221.240
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-06-14 11:57:24

Imports

Library POWRPROF.dll:
Library USER32.dll:
0x5d0384 RegisterClassW
0x5d0388 GetMessageW
0x5d038c TranslateMessage
0x5d0390 DispatchMessageW
0x5d0394 PostMessageW
0x5d0398 DefWindowProcW
0x5d039c GetWindowLongW
0x5d03a0 UnregisterClassW
0x5d03a4 CreateWindowExW
0x5d03a8 DestroyWindow
0x5d03ac SetWindowLongW
Library VERSION.dll:
0x5d03e8 VerQueryValueW
0x5d03ec GetFileVersionInfoW
Library WINHTTP.dll:
0x5d041c WinHttpWriteData
0x5d0420 WinHttpCrackUrl
0x5d0424 WinHttpOpen
0x5d0428 WinHttpCloseHandle
0x5d042c WinHttpConnect
0x5d0430 WinHttpReadData
0x5d0434 WinHttpQueryHeaders
0x5d0438 WinHttpSetTimeouts
0x5d043c WinHttpOpenRequest
0x5d0444 WinHttpSendRequest
Library ADVAPI32.dll:
0x5d000c RevertToSelf
0x5d0014 SystemFunction036
Library KERNEL32.dll:
0x5d0048 GetDriveTypeW
0x5d0050 MoveFileExW
0x5d0054 RemoveDirectoryW
0x5d0058 GetFileTime
0x5d005c WriteProcessMemory
0x5d0060 VirtualProtectEx
0x5d0064 VirtualAllocEx
0x5d006c CreateProcessW
0x5d0070 GetExitCodeThread
0x5d0078 SleepEx
0x5d007c GetFileAttributesW
0x5d0080 DeleteFileW
0x5d0084 CreateDirectoryW
0x5d0088 WriteConsoleW
0x5d008c ReadConsoleW
0x5d0090 GetProcessHeap
0x5d0094 SetStdHandle
0x5d00a4 GetOEMCP
0x5d00a8 PeekNamedPipe
0x5d00bc Sleep
0x5d00c0 SetFilePointerEx
0x5d00d0 GetProcessTimes
0x5d00d4 SuspendThread
0x5d00d8 ResumeThread
0x5d00dc GetProcessId
0x5d00e0 GetThreadContext
0x5d00e8 GetSystemInfo
0x5d00ec GetVersionExW
0x5d00f4 GetThreadLocale
0x5d00fc GetUserDefaultLCID
0x5d0100 GetModuleFileNameW
0x5d0104 DuplicateHandle
0x5d0108 GetLastError
0x5d010c ConnectNamedPipe
0x5d0110 DisconnectNamedPipe
0x5d0120 SetEvent
0x5d0124 WaitForSingleObject
0x5d0128 CreateEventW
0x5d012c GetCurrentProcess
0x5d0130 CreateThread
0x5d0134 OpenProcess
0x5d0138 UnregisterWaitEx
0x5d0144 SetLastError
0x5d0148 IsWow64Process
0x5d014c GetModuleHandleW
0x5d0150 FormatMessageA
0x5d0154 VirtualQueryEx
0x5d0158 ReadProcessMemory
0x5d0160 FindClose
0x5d0164 CloseHandle
0x5d0168 GetProcAddress
0x5d016c LoadLibraryW
0x5d0170 CreateFileW
0x5d0178 TransactNamedPipe
0x5d017c CreateNamedPipeW
0x5d0180 WaitNamedPipeW
0x5d0184 GetVersion
0x5d0188 TerminateProcess
0x5d018c ReleaseSemaphore
0x5d0190 CreateSemaphoreW
0x5d0194 GetStdHandle
0x5d0198 GetFileSizeEx
0x5d019c GetFileType
0x5d01a0 LockFileEx
0x5d01a4 ReadFile
0x5d01a8 SetEndOfFile
0x5d01ac GetFullPathNameW
0x5d01b0 UnlockFileEx
0x5d01b4 WriteFile
0x5d01b8 GetNamedPipeInfo
0x5d01bc LocalFree
0x5d01c0 OutputDebugStringW
0x5d01c4 GetCurrentProcessId
0x5d01c8 GetCurrentThreadId
0x5d01cc GetLocalTime
0x5d01d0 FormatMessageW
0x5d01e8 InitOnceExecuteOnce
0x5d01ec GetACP
0x5d01f0 WideCharToMultiByte
0x5d01f4 EncodePointer
0x5d01f8 DecodePointer
0x5d01fc MultiByteToWideChar
0x5d0200 SwitchToThread
0x5d0204 TlsAlloc
0x5d0208 TlsGetValue
0x5d020c TlsSetValue
0x5d0210 TlsFree
0x5d0214 GetTickCount
0x5d0218 CompareStringW
0x5d021c LCMapStringW
0x5d0220 GetLocaleInfoW
0x5d0224 GetStringTypeW
0x5d0228 GetCPInfo
0x5d022c ResetEvent
0x5d023c InitializeSListHead
0x5d0240 IsDebuggerPresent
0x5d0244 GetStartupInfoW
0x5d0248 RtlUnwind
0x5d024c RaiseException
0x5d0258 FreeLibrary
0x5d025c LoadLibraryExW
0x5d0260 GetCommandLineA
0x5d0264 GetCommandLineW
0x5d0268 ExitProcess
0x5d026c GetModuleHandleExW
0x5d0270 GetCurrentThread
0x5d0274 HeapAlloc
0x5d0278 HeapFree
0x5d027c GetDateFormatW
0x5d0280 GetTimeFormatW
0x5d0284 IsValidLocale
0x5d0288 EnumSystemLocalesW
0x5d028c HeapReAlloc
0x5d0290 HeapSize
0x5d0298 FlushFileBuffers
0x5d029c GetConsoleOutputCP
0x5d02a0 GetConsoleMode
0x5d02a4 FindFirstFileExW
0x5d02a8 FindNextFileW
0x5d02ac IsValidCodePage

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
52.218.20.234 80 192.168.56.101 49189
93.184.221.240 80 192.168.56.101 49177

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50003 239.255.255.250 3702
192.168.56.101 50005 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.