3.4
中危
48 个模型检测该样本为恶意!
重新分析
更多

fd388d3fb167953118cbb5863aae1eb46b7cf45b1c7c75a978407a93a82a1992

0304afa828b9bc6b2739ab8a7123eeb6.exe

分析耗时

26s

最近分析

文件大小

27.0KB
静态报毒 动态报毒 100% A VARIANT OF GENERIK AI SCORE=80 ARTEMIS ATTRIBUTE BU1@AOZFZHM CCMW CONFIDENCE FFETYMO FILEREPMALWARE GENERIC@ML HIGH CONFIDENCE HIGHCONFIDENCE KAZY QWLJXIYGQF8 R002C0DJR19 RDMK ROZENA SCORE SWRORT UNSAFE UVXVHTHLRUPHCEF2ZJG WZWCK YUM@FL7J ZEMY ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Swrort.d3216752 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20191113 18.4.3895.0
Tencent 20191113 1.0.0.1
Kingsoft 20191113 2013.8.14.323
McAfee Artemis!0304AFA828B9 20191113 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
行为判定
动态指标
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 101.132.33.79
host 172.217.24.14
File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 个事件)
MicroWorld-eScan Trojan.Generic.23223472
FireEye Generic.mg.0304afa828b9bc6b
CAT-QuickHeal Trojan.Swrort
ALYac Trojan.Generic.23223472
Cylance Unsafe
SUPERAntiSpyware Trojan.Agent/Gen-Kazy
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/Swrort.d3216752
K7GW Riskware ( 0040eff71 )
Cybereason malicious.828b9b
Arcabit Trojan.Generic.D1625CB0
TrendMicro TROJ_GEN.R002C0DJR19
Symantec ML.Attribute.HighConfidence
Paloalto generic.ml
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Trojan.Generic.23223472
NANO-Antivirus Virus.Win32.Gen.ccmw
AegisLab Trojan.Win32.Generic.4!c
Ad-Aware Trojan.Generic.23223472
Emsisoft Trojan.Generic.23223472 (B)
Comodo TrojWare.Win32.Agent.YUM@fl7j
F-Secure Trojan.TR/Swrort.wzwck
McAfee-GW-Edition Artemis!Trojan
Trapmine suspicious.low.ml.score
Sophos Mal/Generic-S
Cyren W32/Trojan.ZEMY-3365
Webroot W32.Malware.gen
Avira TR/Swrort.wzwck
Antiy-AVL Trojan/Win32.Swrort
Microsoft Trojan:Win32/Swrort.A
Endgame malicious (high confidence)
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Trojan.Generic.23223472
AhnLab-V3 Trojan/Win32.Generic.C2937208
McAfee Artemis!0304AFA828B9
MAX malware (ai score=80)
VBA32 Trojan.Swrort
ESET-NOD32 a variant of Generik.FFETYMO
TrendMicro-HouseCall TROJ_GEN.R002C0DJR19
Rising Trojan.Generic@ML.93 (RDMK:dv/UvxvhTHLRuphcEF2zjg)
Yandex Trojan.Agent!QWlJxiYgqF8
Ikarus Trojan.Win32.Rozena
Fortinet W32/Generic!tr
BitDefenderTheta Gen:NN.ZexaF.32250.bu1@aOZFZhm
AVG FileRepMalware
Panda Trj/CI.A
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Win32/Backdoor.d55
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 192.168.56.101:49173
dead_host 101.132.33.79:6666
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1970-01-01 08:00:00

Imports

Library KERNEL32.dll:
0x401464 lstrlenA
0x401468 Sleep
0x40146c SetThreadPriority
0x401470 SetPriorityClass
0x401474 HeapFree
0x401478 HeapAlloc
0x40147c GetProcessHeap
0x401480 GetModuleHandleA
0x401484 GetCurrentThread
0x401488 GetCurrentProcess
0x40148c ExitProcess
Library USER32.dll:
0x401494 wsprintfA
0x401498 WaitMessage
0x40149c TranslateMessage
0x4014a0 ShowWindow
0x4014a4 ShowCursor
0x4014a8 ReleaseDC
0x4014ac RegisterClassA
0x4014b0 PostQuitMessage
0x4014b4 PeekMessageA
0x4014b8 MessageBoxA
0x4014bc LoadIconA
0x4014c0 LoadCursorA
0x4014c4 GetDC
0x4014c8 EndPaint
0x4014cc DrawTextA
0x4014d0 DispatchMessageA
0x4014d4 DefWindowProcA
0x4014d8 CreateWindowExA
0x4014dc BeginPaint
0x4014e0 AdjustWindowRectEx
Library WINMM.dll:
0x4014e8 timeGetTime
Library GDI32.dll:
0x4014f0 TextOutA
0x4014f4 SetTextColor
0x4014f8 SetDIBColorTable
0x4014fc SetBkMode
0x401500 SetBkColor
0x401504 SelectObject
0x401508 SaveDC
0x40150c RestoreDC
0x401510 PatBlt
0x401518 DeleteObject
0x40151c DeleteDC
0x401520 CreateFontIndirectA
0x401524 CreateDIBSection
0x401528 CreateCompatibleDC
0x401530 BitBlt

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.