2.6
中危
45 个模型检测该样本为恶意!
重新分析
更多

174f27d99ea5d2f67f193c8df7696dbd83006b7e24524aa5381ff4627ce1e8cf

01d763d8492957c790203653fd3dac05.exe

分析耗时

76s

最近分析

文件大小

2.7MB
静态报毒 动态报毒 AGEN AI SCORE=86 AIDETECTVM ARTEMIS BADFILE CONFIDENCE GENERICKD GIMEMO KNYC MALWARE1 MALWARE@#2GLSZKK5NVCUG OCCAMY POSSIBLETHREAT QVM05 R066C0OIK20 SCORE STATIC AI SUSGEN SUSPICIOUS PE TRICK UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Occamy.17ad2f9f 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Kingsoft 20201228 2017.9.26.565
McAfee Artemis!01D763D84929 20201228 6.0.6.653
Avast Win32:Malware-gen 20201228 21.1.5827.0
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619134516.104139
NtAllocateVirtualMemory
process_identifier: 472
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00360000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 104.16.154.36
host 172.217.24.14
File has been identified by 45 AntiVirus engines on VirusTotal as malicious (45 个事件)
Bkav W32.AIDetectVM.malware1
MicroWorld-eScan Trojan.GenericKD.43463405
FireEye Generic.mg.01d763d8492957c7
ALYac Trojan.GenericKD.43463405
Cylance Unsafe
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/Occamy.17ad2f9f
K7GW Riskware ( 0040eff71 )
Cybereason malicious.849295
Arcabit Trojan.Generic.D29732ED
Cyren W32/Trojan.KNYC-0612
Symantec Trojan Horse
APEX Malicious
Paloalto generic.ml
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Trojan.GenericKD.43463405
AegisLab Trojan.Multi.Generic.4!c
Ad-Aware Trojan.GenericKD.43463405
Sophos Mal/Generic-S
Comodo Malware@#2glszkk5nvcug
F-Secure Heuristic.HEUR/AGEN.1136185
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R066C0OIK20
McAfee-GW-Edition BehavesLike.Win32.BadFile.vc
Emsisoft Trojan.GenericKD.43463405 (B)
SentinelOne Static AI - Suspicious PE
Avira HEUR/AGEN.1136185
eGambit Unsafe.AI_Score_99%
Gridinsoft Trojan.Win32.Gen.dg!s1
Microsoft Trojan:Win32/Occamy.C17
GData Trojan.GenericKD.43463405
Cynet Malicious (score: 100)
McAfee Artemis!01D763D84929
MAX malware (ai score=86)
VBA32 Trojan.Trick
Malwarebytes Trojan.MalPack
Panda Trj/CI.A
TrendMicro-HouseCall TROJ_GEN.R066C0OIK20
Ikarus Trojan-Ransom.Gimemo
MaxSecure Trojan.Malware.1728101.susgen
Fortinet W32/PossibleThreat
AVG Win32:Malware-gen
Avast Win32:Malware-gen
CrowdStrike win/malicious_confidence_90% (W)
Qihoo-360 Generic/HEUR/QVM05.1.0BF8.Malware.Gen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x455128 VirtualFree
0x45512c VirtualAlloc
0x455130 LocalFree
0x455134 LocalAlloc
0x455138 GetVersion
0x45513c GetCurrentThreadId
0x455148 VirtualQuery
0x45514c WideCharToMultiByte
0x455150 MultiByteToWideChar
0x455154 lstrlenA
0x455158 lstrcpynA
0x45515c LoadLibraryExA
0x455160 GetThreadLocale
0x455164 GetStartupInfoA
0x455168 GetProcAddress
0x45516c GetModuleHandleA
0x455170 GetModuleFileNameA
0x455174 GetLocaleInfoA
0x455178 GetCommandLineA
0x45517c FreeLibrary
0x455180 FindFirstFileA
0x455184 FindClose
0x455188 ExitProcess
0x45518c WriteFile
0x455194 RtlUnwind
0x455198 RaiseException
0x45519c GetStdHandle
Library user32.dll:
0x4551a4 GetKeyboardType
0x4551a8 LoadStringA
0x4551ac MessageBoxA
0x4551b0 CharNextA
Library advapi32.dll:
0x4551b8 RegQueryValueExA
0x4551bc RegOpenKeyExA
0x4551c0 RegCloseKey
Library oleaut32.dll:
0x4551c8 SysFreeString
0x4551cc SysReAllocStringLen
0x4551d0 SysAllocStringLen
Library kernel32.dll:
0x4551d8 TlsSetValue
0x4551dc TlsGetValue
0x4551e0 LocalAlloc
0x4551e4 GetModuleHandleA
Library advapi32.dll:
0x4551ec RegQueryValueExA
0x4551f0 RegOpenKeyExA
0x4551f4 RegCloseKey
Library kernel32.dll:
0x4551fc lstrcpyA
0x455200 WriteFile
0x455204 WinExec
0x455208 WaitForSingleObject
0x45520c VirtualQuery
0x455210 VirtualAlloc
0x455214 Sleep
0x455218 SizeofResource
0x45521c SetThreadLocale
0x455220 SetFilePointer
0x455224 SetEvent
0x455228 SetErrorMode
0x45522c SetEndOfFile
0x455230 ResetEvent
0x455234 ReadFile
0x455238 MulDiv
0x45523c LockResource
0x455240 LoadResource
0x455244 LoadLibraryA
0x455250 GlobalUnlock
0x455254 GlobalReAlloc
0x455258 GlobalHandle
0x45525c GlobalLock
0x455260 GlobalFree
0x455264 GlobalFindAtomA
0x455268 GlobalDeleteAtom
0x45526c GlobalAlloc
0x455270 GlobalAddAtomA
0x455274 GetVersionExA
0x455278 GetVersion
0x45527c GetTickCount
0x455280 GetThreadLocale
0x455284 GetSystemInfo
0x455288 GetStringTypeExA
0x45528c GetStdHandle
0x455290 GetProcAddress
0x455294 GetModuleHandleA
0x455298 GetModuleFileNameA
0x45529c GetLocaleInfoA
0x4552a0 GetLocalTime
0x4552a4 GetLastError
0x4552a8 GetFullPathNameA
0x4552ac GetDiskFreeSpaceA
0x4552b0 GetDateFormatA
0x4552b4 GetCurrentThreadId
0x4552b8 GetCurrentProcessId
0x4552bc GetCPInfo
0x4552c0 GetACP
0x4552c4 FreeResource
0x4552c8 InterlockedExchange
0x4552cc FreeLibrary
0x4552d0 FormatMessageA
0x4552d4 FindResourceA
0x4552d8 EnumCalendarInfoA
0x4552e4 CreateThread
0x4552e8 CreateFileA
0x4552ec CreateEventA
0x4552f0 CompareStringA
0x4552f4 CloseHandle
Library version.dll:
0x4552fc VerQueryValueA
0x455304 GetFileVersionInfoA
Library gdi32.dll:
0x45530c UnrealizeObject
0x455310 StretchBlt
0x455314 SetWindowOrgEx
0x455318 SetViewportOrgEx
0x45531c SetTextColor
0x455320 SetStretchBltMode
0x455324 SetROP2
0x455328 SetPixel
0x45532c SetDIBColorTable
0x455330 SetBrushOrgEx
0x455334 SetBkMode
0x455338 SetBkColor
0x45533c SelectPalette
0x455340 SelectObject
0x455344 SelectClipRgn
0x455348 SaveDC
0x45534c RestoreDC
0x455350 RectVisible
0x455354 RealizePalette
0x455358 PatBlt
0x45535c MoveToEx
0x455360 MaskBlt
0x455364 LineTo
0x455368 IntersectClipRect
0x45536c GetWindowOrgEx
0x455370 GetTextMetricsA
0x45537c GetStockObject
0x455380 GetPixel
0x455384 GetPaletteEntries
0x455388 GetObjectA
0x45538c GetDeviceCaps
0x455390 GetDIBits
0x455394 GetDIBColorTable
0x455398 GetDCOrgEx
0x4553a0 GetClipBox
0x4553a4 GetBrushOrgEx
0x4553a8 GetBitmapBits
0x4553ac ExcludeClipRect
0x4553b0 DeleteObject
0x4553b4 DeleteDC
0x4553b8 CreateSolidBrush
0x4553bc CreatePenIndirect
0x4553c0 CreatePalette
0x4553c8 CreateFontIndirectA
0x4553cc CreateDIBitmap
0x4553d0 CreateDIBSection
0x4553d4 CreateCompatibleDC
0x4553dc CreateBrushIndirect
0x4553e0 CreateBitmap
0x4553e4 BitBlt
Library user32.dll:
0x4553ec CreateWindowExA
0x4553f0 WindowFromPoint
0x4553f4 WinHelpA
0x4553f8 WaitMessage
0x4553fc UpdateWindow
0x455400 UnregisterClassA
0x455404 UnhookWindowsHookEx
0x455408 TranslateMessage
0x455410 TrackPopupMenu
0x455418 ShowWindow
0x45541c ShowScrollBar
0x455420 ShowOwnedPopups
0x455424 ShowCursor
0x455428 SetWindowsHookExA
0x45542c SetWindowTextA
0x455430 SetWindowPos
0x455434 SetWindowPlacement
0x455438 SetWindowLongA
0x45543c SetTimer
0x455440 SetScrollRange
0x455444 SetScrollPos
0x455448 SetScrollInfo
0x45544c SetRect
0x455450 SetPropA
0x455454 SetParent
0x455458 SetMenuItemInfoA
0x45545c SetMenu
0x455460 SetForegroundWindow
0x455464 SetFocus
0x455468 SetCursor
0x45546c SetClassLongA
0x455470 SetCapture
0x455474 SetActiveWindow
0x455478 SendMessageA
0x45547c ScrollWindow
0x455480 ScreenToClient
0x455484 RemovePropA
0x455488 RemoveMenu
0x45548c ReleaseDC
0x455490 ReleaseCapture
0x45549c RegisterClassA
0x4554a0 RedrawWindow
0x4554a4 PtInRect
0x4554a8 PostQuitMessage
0x4554ac PostMessageA
0x4554b0 PeekMessageA
0x4554b4 OffsetRect
0x4554b8 OemToCharA
0x4554bc MessageBoxA
0x4554c0 MapWindowPoints
0x4554c4 MapVirtualKeyA
0x4554c8 LoadStringA
0x4554cc LoadKeyboardLayoutA
0x4554d0 LoadIconA
0x4554d4 LoadCursorA
0x4554d8 LoadBitmapA
0x4554dc KillTimer
0x4554e0 IsZoomed
0x4554e4 IsWindowVisible
0x4554e8 IsWindowEnabled
0x4554ec IsWindow
0x4554f0 IsRectEmpty
0x4554f4 IsIconic
0x4554f8 IsDialogMessageA
0x4554fc IsChild
0x455500 InvalidateRect
0x455504 IntersectRect
0x455508 InsertMenuItemA
0x45550c InsertMenuA
0x455510 InflateRect
0x455518 GetWindowTextA
0x45551c GetWindowRect
0x455520 GetWindowPlacement
0x455524 GetWindowLongA
0x455528 GetWindowDC
0x45552c GetTopWindow
0x455530 GetSystemMetrics
0x455534 GetSystemMenu
0x455538 GetSysColorBrush
0x45553c GetSysColor
0x455540 GetSubMenu
0x455544 GetScrollRange
0x455548 GetScrollPos
0x45554c GetScrollInfo
0x455550 GetPropA
0x455554 GetParent
0x455558 GetWindow
0x45555c GetMenuStringA
0x455560 GetMenuState
0x455564 GetMenuItemInfoA
0x455568 GetMenuItemID
0x45556c GetMenuItemCount
0x455570 GetMenu
0x455574 GetLastActivePopup
0x455578 GetKeyboardState
0x455580 GetKeyboardLayout
0x455584 GetKeyState
0x455588 GetKeyNameTextA
0x45558c GetIconInfo
0x455590 GetForegroundWindow
0x455594 GetFocus
0x455598 GetDesktopWindow
0x45559c GetDCEx
0x4555a0 GetDC
0x4555a4 GetCursorPos
0x4555a8 GetCursor
0x4555ac GetClientRect
0x4555b0 GetClassNameA
0x4555b4 GetClassInfoA
0x4555b8 GetCapture
0x4555bc GetActiveWindow
0x4555c0 FrameRect
0x4555c4 FindWindowA
0x4555c8 FillRect
0x4555cc EqualRect
0x4555d0 EnumWindows
0x4555d4 EnumThreadWindows
0x4555d8 EndPaint
0x4555dc EnableWindow
0x4555e0 EnableScrollBar
0x4555e4 EnableMenuItem
0x4555e8 DrawTextA
0x4555ec DrawMenuBar
0x4555f0 DrawIconEx
0x4555f4 DrawIcon
0x4555f8 DrawFrameControl
0x4555fc DrawEdge
0x455600 DispatchMessageA
0x455604 DestroyWindow
0x455608 DestroyMenu
0x45560c DestroyIcon
0x455610 DestroyCursor
0x455614 DeleteMenu
0x455618 DefWindowProcA
0x45561c DefMDIChildProcA
0x455620 DefFrameProcA
0x455624 CreatePopupMenu
0x455628 CreateMenu
0x45562c CreateIcon
0x455630 ClientToScreen
0x455634 CheckMenuItem
0x455638 CallWindowProcA
0x45563c CallNextHookEx
0x455640 BeginPaint
0x455644 CharNextA
0x455648 CharLowerA
0x45564c CharToOemA
0x455650 AdjustWindowRectEx
Library kernel32.dll:
0x45565c Sleep
Library oleaut32.dll:
0x455664 SafeArrayPtrOfIndex
0x455668 SafeArrayGetUBound
0x45566c SafeArrayGetLBound
0x455670 SafeArrayCreate
0x455674 VariantChangeType
0x455678 VariantCopy
0x45567c VariantClear
0x455680 VariantInit
Library comctl32.dll:
0x455690 ImageList_Write
0x455694 ImageList_Read
0x4556a4 ImageList_DragMove
0x4556a8 ImageList_DragLeave
0x4556ac ImageList_DragEnter
0x4556b0 ImageList_EndDrag
0x4556b4 ImageList_BeginDrag
0x4556b8 ImageList_Remove
0x4556bc ImageList_DrawEx
0x4556c0 ImageList_Draw
0x4556d0 ImageList_Add
0x4556dc ImageList_Destroy
0x4556e0 ImageList_Create

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.