SmartHawk

2.8

中危

1 个模型检测该样本为恶意！

重新分析

下载样本

e1431938e9943ba086ca9d417a3d2c7a2a1531c3cbabc9788f1ebad69aa11cc6

f1e2d577aaf021f347039e0abecf5325.exe

分析耗时

19s

最近分析

文件大小

20.0KB

静态报毒动态报毒 MALICIOUS

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀时间	查杀版本
Alibaba	20190527	0.3.0.5
Baidu	20190318	1.0.0.2
Avast	20210108	21.1.5827.0
Tencent	20210109	1.0.0.1
Kingsoft	20210109	2017.9.26.565
McAfee	20210108	6.0.6.653
CrowdStrike	20190702	1.0

The executable uses a known packer (1 个事件)

packer

Armadillo v1.71

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)

suspicious_features

GET method with no useragent header

suspicious_request

GET http://www.pcwinsoft.comhttp://www.pcwinsoft.com/getdatemagazine.asp?o=F6FCFFC6-17E5-4D53-B768-C6F034D175B6&e=1

Performs some HTTP requests (1 个事件)

request

GET http://www.pcwinsoft.comhttp://www.pcwinsoft.com/getdatemagazine.asp?o=F6FCFFC6-17E5-4D53-B768-C6F034D175B6&e=1

File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)

APEX

Malicious

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Generates some ICMP traffic

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-08-21 20:48:19

Imports

Library MFC42.DLL:

• 0x402014

• 0x402018

• 0x40201c

• 0x402020

• 0x402024

• 0x402028

• 0x40202c

• 0x402030

• 0x402034

• 0x402038

• 0x40203c

• 0x402040

• 0x402044

• 0x402048

• 0x40204c

• 0x402050

• 0x402054

• 0x402058

• 0x40205c

• 0x402060

• 0x402064

• 0x402068

• 0x40206c

• 0x402070

• 0x402074

• 0x402078

• 0x40207c

• 0x402080

• 0x402084

• 0x402088

• 0x40208c

• 0x402090

• 0x402094

• 0x402098

• 0x40209c

• 0x4020a0

• 0x4020a4

• 0x4020a8

• 0x4020ac

• 0x4020b0

• 0x4020b4

• 0x4020b8

• 0x4020bc

• 0x4020c0

• 0x4020c4

• 0x4020c8

• 0x4020cc

• 0x4020d0

• 0x4020d4

• 0x4020d8

• 0x4020dc

• 0x4020e0

• 0x4020e4

• 0x4020e8

• 0x4020ec

• 0x4020f0

• 0x4020f4

• 0x4020f8

• 0x4020fc

• 0x402100

• 0x402104

• 0x402108

• 0x40210c

• 0x402110

• 0x402114

• 0x402118

• 0x40211c

• 0x402120

• 0x402124

• 0x402128

• 0x40212c

• 0x402130

• 0x402134

• 0x402138

• 0x40213c

• 0x402140

• 0x402144

• 0x402148

• 0x40214c

• 0x402150

• 0x402154

• 0x402158

• 0x40215c

• 0x402160

• 0x402164

• 0x402168

• 0x40216c

• 0x402170

• 0x402174

• 0x402178

• 0x40217c

• 0x402180

• 0x402184

• 0x402188

• 0x40218c

• 0x402190

• 0x402194

• 0x402198

• 0x40219c

• 0x4021a0

• 0x4021a4

• 0x4021a8

• 0x4021ac

• 0x4021b0

• 0x4021b4

• 0x4021b8

• 0x4021bc

• 0x4021c0

• 0x4021c4

• 0x4021c8

• 0x4021cc

Library MSVCRT.dll:

• 0x4021d4 _XcptFilter

• 0x4021d8 _acmdln

• 0x4021dc __getmainargs

• 0x4021e0 _initterm

• 0x4021e4 __setusermatherr

• 0x4021e8 _adjust_fdiv

• 0x4021ec __p__commode

• 0x4021f0 __p__fmode

• 0x4021f4 __set_app_type

• 0x4021f8 _except_handler3

• 0x4021fc _controlfp

• 0x402200 _onexit

• 0x402204 __dllonexit

• 0x402208 sprintf

• 0x40220c __CxxFrameHandler

• 0x402210 _mbscmp

• 0x402214 exit

• 0x402218 _setmbcp

• 0x40221c _exit

Library KERNEL32.dll:

• 0x402000 Sleep

• 0x402004 GetModuleHandleA

• 0x402008 GetStartupInfoA

• 0x40200c ResumeThread

Library USER32.dll:

• 0x402224 GetMessageA

• 0x402228 GetDesktopWindow

• 0x40222c DrawIcon

• 0x402230 GetClientRect

• 0x402234 GetSystemMetrics

• 0x402238 SendMessageA

• 0x40223c IsIconic

• 0x402240 KillTimer

• 0x402244 EnableWindow

• 0x402248 DispatchMessageA

• 0x40224c SetTimer

• 0x402250 TranslateMessage

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
pcwinsoft.com	A 162.209.11.5	162.209.11.5
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

Source	Source Port	Destination	Destination Port
192.168.56.101	49172	162.209.11.5 pcwinsoft.com	80

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51808	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	51809	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

URI	Data
http://www.pcwinsoft.com/http://www.pcwinsoft.com/getdatemagazine.asp?o=F6FCFFC6-17E5-4D53-B768-C6F034D175B6&e=1	GET http://www.pcwinsoft.com/getdatemagazine.asp?o=F6FCFFC6-17E5-4D53-B768-C6F034D175B6&e=1 HTTP/1.1 Host: www.pcwinsoft.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.