2.0
低危
2 个模型检测该样本为恶意!
重新分析
更多

9441e317872ef1b524863bcd7cf8457c30e531a1f1cd47cd02b3e40470326287

02713ed4a424b421f6dc48243a630577.exe

分析耗时

73s

最近分析

文件大小

289.1KB
静态报毒 动态报毒 MOBOGENIECRTD YOUDAO
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20200722 6.0.6.653
Avast 20200722 18.4.3895.0
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Kingsoft 20200722 2013.8.14.323
Tencent 20200722 1.0.0.1
CrowdStrike 20190702 1.0
行为判定
动态指标
File has been identified by 2 AntiVirus engines on VirusTotal as malicious (2 个事件)
ESET-NOD32 a variant of Win32/Youdao.A potentially unwanted
Zillya Adware.MobogenieCRTD.Win32.11272
Expresses interest in specific running processes (1 个事件)
process 02713ed4a424b421f6dc48243a630577.exe
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2018-08-07 14:19:14

Imports

Library KERNEL32.dll:
0x433010 CreateFileMappingW
0x433014 MapViewOfFile
0x433018 QueryDosDeviceW
0x43301c OpenProcess
0x433024 CloseHandle
0x433028 MultiByteToWideChar
0x43302c Sleep
0x433030 Process32NextW
0x433034 Process32FirstW
0x433038 WideCharToMultiByte
0x43303c UnmapViewOfFile
0x433040 OpenFileMappingW
0x433048 CreateFileW
0x43304c HeapSize
0x433050 ReadConsoleW
0x433054 WriteConsoleW
0x433068 EncodePointer
0x43306c DecodePointer
0x433070 SetLastError
0x433078 CreateEventW
0x43307c TlsAlloc
0x433080 TlsGetValue
0x433084 TlsSetValue
0x433088 TlsFree
0x433090 GetModuleHandleW
0x433094 GetProcAddress
0x433098 CompareStringW
0x43309c LCMapStringW
0x4330a0 GetLocaleInfoW
0x4330a4 GetStringTypeW
0x4330a8 GetCPInfo
0x4330ac SetEvent
0x4330b0 ResetEvent
0x4330c0 GetCurrentProcess
0x4330c4 TerminateProcess
0x4330cc IsDebuggerPresent
0x4330d0 GetStartupInfoW
0x4330d8 GetCurrentProcessId
0x4330dc GetCurrentThreadId
0x4330e0 InitializeSListHead
0x4330e4 RaiseException
0x4330e8 RtlUnwind
0x4330ec GetLastError
0x4330f0 FreeLibrary
0x4330f4 LoadLibraryExW
0x4330f8 HeapAlloc
0x4330fc HeapReAlloc
0x433100 HeapFree
0x433104 ExitProcess
0x433108 GetModuleHandleExW
0x43310c GetModuleFileNameW
0x433110 GetStdHandle
0x433114 WriteFile
0x433118 GetCommandLineA
0x43311c GetCommandLineW
0x433120 GetACP
0x433124 GetFileType
0x433128 IsValidLocale
0x43312c GetUserDefaultLCID
0x433130 EnumSystemLocalesW
0x433134 FlushFileBuffers
0x433138 GetConsoleCP
0x43313c GetConsoleMode
0x433140 SetStdHandle
0x433144 ReadFile
0x433148 SetFilePointerEx
0x43314c GetProcessHeap
0x433150 FindClose
0x433154 FindFirstFileExW
0x433158 FindNextFileW
0x43315c IsValidCodePage
0x433160 GetOEMCP
0x43316c SetEndOfFile
Library ADVAPI32.dll:
0x433000 RegOpenKeyExW
0x433004 RegQueryValueExW
0x433008 RegCloseKey
Library SHELL32.dll:
Library PSAPI.DLL:
Library SHLWAPI.dll:
0x433188 PathFileExistsW
0x43318c PathFindFileNameW

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.