3.2
中危
55 个模型检测该样本为恶意!
重新分析
更多

40a340087cc07780bfd61eab92e40f1223a6de88ec191bdedea0b91b16eca2aa

0083da23232ec9e8040f46c0c2abc07f.exe

分析耗时

74s

最近分析

文件大小

3.8MB
静态报毒 动态报毒 1TW@AGKH98OG AGEN AI SCORE=83 BSCOPE CLASSIC COINMINERX CONFIDENCE GDSDA GENERICKDZ GENERICRXKE GENKRYPTIK GLUPTEBA HCRC HIGH CONFIDENCE KRYPTIK MALICIOUS PE MALPE QVM10 RANUMBOT RXKWLM8C6AC SCORE SPYBOT SSYF STATIC AI SUSGEN THDACBO UNSAFE VIDAR WACATAC X2062 ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXKE-JB!0083DA23232E 20201228 6.0.6.653
Alibaba Trojan:Win32/Glupteba.00f2bbf7 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:CoinminerX-gen [Trj] 20201228 21.1.5827.0
Kingsoft 20201228 2017.9.26.565
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
This executable has a PDB path (1 个事件)
pdb_path C:\fazawepob.pdb_server\runtime\crypt\tmp_716922615\bin\zufa.pdb°{P—{`—{l—{™{
行为判定
动态指标
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.999117787332168 section {'size_of_data': '0x003b5000', 'virtual_address': '0x00001000', 'entropy': 7.999117787332168, 'name': '.text', 'virtual_size': '0x003b4ffd'} description A section with a high entropy has been found
entropy 0.9679969399464491 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Generates some ICMP traffic
File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.66482
FireEye Generic.mg.0083da23232ec9e8
McAfee GenericRXKE-JB!0083DA23232E
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 005646d51 )
Alibaba Trojan:Win32/Glupteba.00f2bbf7
K7GW Trojan ( 005646d51 )
Cybereason malicious.3232ec
Arcabit Trojan.Generic.D103B2
Cyren W32/Trojan.SSYF-4521
Symantec Trojan.Glupteba
APEX Malicious
Avast Win32:CoinminerX-gen [Trj]
ClamAV Win.Dropper.Vidar-9001605-0
Kaspersky HEUR:Trojan.Win32.Agent.pef
BitDefender Trojan.GenericKDZ.66482
Paloalto generic.ml
AegisLab Trojan.Win32.Generic.4!c
Ad-Aware Trojan.GenericKDZ.66482
Sophos Mal/Generic-S
F-Secure Heuristic.HEUR/AGEN.1133736
DrWeb Trojan.SpyBot.754
VIPRE Trojan.Win32.Generic!BT
TrendMicro Trojan.Win32.GLUPTEBA.THDACBO
McAfee-GW-Edition BehavesLike.Win32.Generic.wc
Emsisoft Trojan.GenericKDZ.66482 (B)
SentinelOne Static AI - Malicious PE
Jiangmin Trojan.Eb.be
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1133736
Antiy-AVL Trojan/Win32.Eb
Gridinsoft Trojan.Win32.Kryptik.vb
Microsoft Trojan:Win32/Glupteba!MTB
ZoneAlarm HEUR:Trojan.Win32.Agent.pef
GData Trojan.GenericKDZ.66482
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.MalPe.X2062
BitDefenderTheta Gen:NN.ZexaF.34700.1tW@aGkH98oG
ALYac Trojan.Agent.Wacatac
MAX malware (ai score=83)
VBA32 BScope.Trojan.Wacatac
Malwarebytes Trojan.MalPack.GS
ESET-NOD32 Win32/RanumBot.J
TrendMicro-HouseCall Trojan.Win32.GLUPTEBA.THDACBO
Rising Trojan.Kryptik!1.C46C (CLASSIC)
Yandex Trojan.RanumBot!RXKwlm8C6Ac
Ikarus Trojan.Win32.Ranumbot
Fortinet W32/GenKryptik.HCRC!tr
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-03-19 17:14:35

Imports

Library KERNEL32.dll:
0x7b6000 GetModuleHandleW
0x7b6004 GetTickCount
0x7b6008 GetProcessTimes
0x7b600c lstrcatA
0x7b6014 GlobalUnlock
0x7b6018 SetComputerNameA
0x7b601c FindFirstFileExW
0x7b6020 CreateHardLinkW
0x7b602c SetConsoleTitleW
0x7b6030 VirtualProtect
0x7b6038 GetCurrentProcessId
0x7b603c GetTempPathA
0x7b6040 UnregisterWaitEx
0x7b6044 LCMapStringW
0x7b604c GetUserDefaultLCID
0x7b6050 HeapAlloc
0x7b6054 LoadResource
0x7b6058 GetLocaleInfoA
0x7b605c lstrlenA
0x7b6060 LocalAlloc
0x7b6064 IsBadStringPtrW
0x7b6068 GetCommandLineA
0x7b606c GetStartupInfoA
0x7b6070 RaiseException
0x7b6074 RtlUnwind
0x7b6078 TerminateProcess
0x7b607c GetCurrentProcess
0x7b6088 IsDebuggerPresent
0x7b608c GetLastError
0x7b6090 HeapFree
0x7b6094 Sleep
0x7b6098 GetProcAddress
0x7b609c ExitProcess
0x7b60a0 WriteFile
0x7b60a4 GetStdHandle
0x7b60a8 GetModuleFileNameA
0x7b60b8 WideCharToMultiByte
0x7b60c0 SetHandleCount
0x7b60c4 GetFileType
0x7b60cc TlsGetValue
0x7b60d0 TlsAlloc
0x7b60d4 TlsSetValue
0x7b60d8 TlsFree
0x7b60e0 SetLastError
0x7b60e4 GetCurrentThreadId
0x7b60ec HeapCreate
0x7b60f0 VirtualFree
0x7b60fc SetFilePointer
0x7b6100 GetConsoleCP
0x7b6104 GetConsoleMode
0x7b6110 GetCPInfo
0x7b6114 GetACP
0x7b6118 GetOEMCP
0x7b611c IsValidCodePage
0x7b6120 VirtualAlloc
0x7b6124 HeapReAlloc
0x7b6128 GetModuleHandleA
0x7b612c HeapSize
0x7b6130 LoadLibraryA
0x7b6138 SetStdHandle
0x7b613c WriteConsoleA
0x7b6140 GetConsoleOutputCP
0x7b6144 WriteConsoleW
0x7b6148 MultiByteToWideChar
0x7b614c LCMapStringA
0x7b6150 GetStringTypeA
0x7b6154 GetStringTypeW
0x7b6158 CreateFileA
0x7b615c CloseHandle
0x7b6160 FlushFileBuffers
Library MSIMG32.dll:
0x7b6168 TransparentBlt

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.