SmartHawk

2.2

中危

62 个模型检测该样本为恶意！

重新分析

下载样本

e11b9dc6e13c90468f5fe16d6eb46293fb5b9504249f4b2634415c8e4af87683

03573107867823d88f71693e1cc39a23.exe

分析耗时

15s

最近分析

文件大小

1.5MB

静态报毒动态报毒 100% A + TROJ AGARDCG AI SCORE=71 B@6TQIN0 BITCOIN BITCOINMINER BLACK BTCMINE CLASSIC COINBITMINER COINMINER CONFIDENCE CRYTES EBCPPL ELDORADO FAMVT GENASA GENCIRC GENETIC HIGH CONFIDENCE KWLMNKKLDOU MALICIOUS PE MALXMR MINER PHOTOMINER R230798 REMOH RISKTOOL SCORE STATIC AI TOOL UNSAFE XHW@AIBHXU ZEXAF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	Worm:Win32/Remoh.349ebe17	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:BitCoinMiner-IW [Trj]	20201115	20.10.5736.0
Tencent	Malware.Win32.Gencirc.10b0ce68	20201115	1.0.0.1
Kingsoft		20201115	2013.8.14.323
McAfee	Photominer!035731078678	20201115	6.0.6.653
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.918650837305163

section

{'size_of_data': '0x00169400', 'virtual_address': '0x00022000', 'entropy': 7.918650837305163, 'name': '.rsrc', 'virtual_size': '0x00169230'}

description

A section with a high entropy has been found

entropy

0.9380071405387861

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 62 AntiVirus engines on VirusTotal as malicious (50 out of 62 个事件)

Bkav	W32.FamVT.AgardCG.Trojan
Elastic	malicious (high confidence)
MicroWorld-eScan	Application.BitCoinMiner.OE
FireEye	Generic.mg.03573107867823d8
CAT-QuickHeal	Risktool.BitCoinMiner.DR9
Qihoo-360	Win32/Trojan.CoinMiner.P
Cylance	Unsafe
Zillya	Trojan.Black.Win32.46302
SUPERAntiSpyware	Hack.Tool/Gen-BitCoinMiner
Sangfor	Malware
K7AntiVirus	Trojan ( 004e1d801 )
Alibaba	Worm:Win32/Remoh.349ebe17
K7GW	Trojan ( 004e1d801 )
Cybereason	malicious.786782
Arcabit	Application.BitCoinMiner.OE
Invincea	ML/PE-A + Troj/Miner-JO
Cyren	W32/BitCoin.J.gen!Eldorado
Symantec	Trojan.Coinbitminer
APEX	Malicious
Avast	Win32:BitCoinMiner-IW [Trj]
ClamAV	Win.Coinminer.Generic-7150608-0
Kaspersky	Worm.Win32.Remoh.ah
BitDefender	Application.BitCoinMiner.OE
NANO-Antivirus	Trojan.Win32.DownLoad3.ebcppl
Paloalto	generic.ml
Tencent	Malware.Win32.Gencirc.10b0ce68
Ad-Aware	Application.BitCoinMiner.OE
Sophos	Troj/Miner-JO
Comodo	TrojWare.Win32.CoinMiner.B@6tqin0
DrWeb	Trojan.BtcMine.1214
TrendMicro	Coinminer_MALXMR.SM-WIN32
McAfee-GW-Edition	BehavesLike.Win32.Generic.tc
Emsisoft	Application.BitCoinMiner.OE (B)
SentinelOne	Static AI - Malicious PE
Jiangmin	RiskTool.BitCoinMiner.ab
Webroot	W32.Bitcoinminer
Antiy-AVL	RiskWare[RiskTool]/Win32.BitCoinMiner
Gridinsoft	Risk.Win32.CoinMiner.sd!s1
Microsoft	Trojan:Win32/CoinMiner.BB!bit
ViRobot	Trojan.Win32.Agent.1578496.A
ZoneAlarm	Worm.Win32.Remoh.ah
GData	Win32.Application.CoinMiner.AC
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.BitCoinMiner.R230798
Acronis	suspicious
McAfee	Photominer!035731078678
MAX	malware (ai score=71)
VBA32	Trojan.Miner
Malwarebytes	Trojan.BitCoinMiner
Zoner	Trojan.Win32.44850

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2016-02-07 05:24:54

Imports

Library WININET.DLL:

• 0x41f260 FtpFindFirstFileA

• 0x41f264 FtpGetFileA

• 0x41f268 FtpOpenFileA

• 0x41f26c FtpPutFileA

• 0x41f270 InternetCloseHandle

• 0x41f274 InternetConnectA

• 0x41f278 InternetFindNextFileA

• 0x41f27c InternetOpenA

• 0x41f280 InternetOpenUrlA

• 0x41f284 InternetReadFile

• 0x41f288 InternetSetOptionA

Library KERNEL32.dll:

• 0x41f290 AddAtomA

• 0x41f294 CloseHandle

• 0x41f298 CreateEventA

• 0x41f29c CreateFileA

• 0x41f2a0 CreateMutexA

• 0x41f2a4 CreateSemaphoreA

• 0x41f2a8 DeleteCriticalSection

• 0x41f2ac DeleteFileA

• 0x41f2b0 DuplicateHandle

• 0x41f2b4 EnterCriticalSection

• 0x41f2b8 ExitProcess

• 0x41f2bc ExpandEnvironmentStringsA

• 0x41f2c0 FindAtomA

• 0x41f2c4 FindResourceA

• 0x41f2c8 GetAtomNameA

• 0x41f2cc GetCommandLineA

• 0x41f2d0 GetCurrentProcess

• 0x41f2d4 GetCurrentThread

• 0x41f2d8 GetCurrentThreadId

• 0x41f2dc GetHandleInformation

• 0x41f2e0 GetLastError

• 0x41f2e4 GetModuleFileNameA

• 0x41f2e8 GetModuleHandleA

• 0x41f2ec GetProcAddress

• 0x41f2f0 GetProcessAffinityMask

• 0x41f2f4 GetStartupInfoA

• 0x41f2f8 GetThreadContext

• 0x41f2fc GetThreadPriority

• 0x41f300 GetTickCount

• 0x41f304 InitializeCriticalSection

• 0x41f308 InterlockedDecrement

• 0x41f30c InterlockedExchangeAdd

• 0x41f310 InterlockedIncrement

• 0x41f314 LeaveCriticalSection

• 0x41f318 LoadResource

• 0x41f31c LockResource

• 0x41f320 QueryPerformanceCounter

• 0x41f324 QueryPerformanceFrequency

• 0x41f328 ReleaseMutex

• 0x41f32c ReleaseSemaphore

• 0x41f330 ResetEvent

• 0x41f334 ResumeThread

• 0x41f338 SetEvent

• 0x41f33c SetLastError

• 0x41f340 SetProcessAffinityMask

• 0x41f344 SetThreadContext

• 0x41f348 SetThreadPriority

• 0x41f34c SetUnhandledExceptionFilter

• 0x41f350 SizeofResource

• 0x41f354 Sleep

• 0x41f358 SuspendThread

• 0x41f35c TlsAlloc

• 0x41f360 TlsGetValue

• 0x41f364 TlsSetValue

• 0x41f368 TryEnterCriticalSection

• 0x41f36c VirtualProtect

• 0x41f370 VirtualQuery

• 0x41f374 WaitForMultipleObjects

• 0x41f378 WaitForSingleObject

• 0x41f37c WriteFile

Library msvcrt.dll:

• 0x41f384 _write

Library msvcrt.dll:

• 0x41f38c __getmainargs

• 0x41f390 __p__environ

• 0x41f394 __p__fmode

• 0x41f398 __set_app_type

• 0x41f39c _beginthread

• 0x41f3a0 _beginthreadex

• 0x41f3a4 _cexit

• 0x41f3a8 _endthread

• 0x41f3ac _endthreadex

• 0x41f3b0 _ftime

• 0x41f3b4 _iob

• 0x41f3b8 _onexit

• 0x41f3bc _setjmp

• 0x41f3c0 _setmode

• 0x41f3c4 abort

• 0x41f3c8 atexit

• 0x41f3cc calloc

• 0x41f3d0 exit

• 0x41f3d4 fclose

• 0x41f3d8 fopen

• 0x41f3dc fprintf

• 0x41f3e0 fputc

• 0x41f3e4 fputs

• 0x41f3e8 free

• 0x41f3ec fscanf

• 0x41f3f0 fwrite

• 0x41f3f4 longjmp

• 0x41f3f8 malloc

• 0x41f3fc memcmp

• 0x41f400 memcpy

• 0x41f404 memmove

• 0x41f408 memset

• 0x41f40c printf

• 0x41f410 rand

• 0x41f414 realloc

• 0x41f418 signal

• 0x41f41c sprintf

• 0x41f420 srand

• 0x41f424 strcmp

• 0x41f428 strcpy

• 0x41f42c strlen

• 0x41f430 strncpy

• 0x41f434 strstr

• 0x41f438 vfprintf

Library SHELL32.DLL:

• 0x41f440 ShellExecuteA

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.