2.6
中危
57 个模型检测该样本为恶意!
重新分析
更多

a618654d80abab200243945d1fb26204acb5bcc6e145656b8fb7152d8ab6a52e

04a8459de2d18f0c99018d97f3dd94fb.exe

分析耗时

76s

最近分析

文件大小

15.3MB
静态报毒 动态报毒 100% AI SCORE=80 ATBH BAKB BZKEM CLASSIC CONFIDENCE FILEINFECTOR HLLP KASHU KUKU MALICIOUS PE MALWARE@#33FN5513XNNXW POLY2 SALICODE SALITY SCORE SECTOR STATIC AI TUTU UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Virus:Win32/Sality.ab9fc526 20190527 0.3.0.5
Baidu Win32.Virus.Sality.gen 20190318 1.0.0.2
Avast Win32:SaliCode [Inf] 20201210 21.1.5827.0
McAfee W32/Sality.gen.z 20201211 6.0.6.653
Tencent Virus.Win32.TuTu.Gen.200004 20201211 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
行为判定
动态指标
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.487480244683949 section {'size_of_data': '0x000d7e00', 'virtual_address': '0x00c27000', 'entropy': 7.487480244683949, 'name': '.data', 'virtual_size': '0x001c90e8'} description A section with a high entropy has been found
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 个事件)
Bkav W32.Sality.PE
MicroWorld-eScan Win32.Sality.3
FireEye Generic.mg.04a8459de2d18f0c
CAT-QuickHeal W32.Sality.U
Zillya Virus.Sality.Win32.25
Sangfor Malware
K7AntiVirus Virus ( f10001071 )
Alibaba Virus:Win32/Sality.ab9fc526
K7GW Virus ( f10001071 )
Cybereason malicious.de2d18
Arcabit Win32.Sality.3
BitDefenderTheta AI:FileInfector.A5ECCBAB0E
Symantec W32.Sality.AE
TotalDefense Win32/Sality.AA
Baidu Win32.Virus.Sality.gen
TrendMicro-HouseCall PE_SALITY.ER
Avast Win32:SaliCode [Inf]
Kaspersky Virus.Win32.Sality.gen
BitDefender Win32.Sality.3
NANO-Antivirus Virus.Win32.Sality.bzkem
Paloalto generic.ml
ViRobot Win32.Sality.Gen.A
Rising Virus.Sality!1.A5BD (CLASSIC)
Ad-Aware Win32.Sality.3
Sophos Mal/Sality-D
Comodo Malware@#33fn5513xnnxw
F-Secure Malware.W32/Sality.AT
DrWeb Win32.Sector.30
VIPRE Virus.Win32.Sality.atbh (v)
TrendMicro PE_SALITY.ER
McAfee-GW-Edition W32/Sality.gen.z
SentinelOne Static AI - Malicious PE
Emsisoft Win32.Sality.3 (B)
APEX Malicious
Jiangmin Win32/HLLP.Kuku.poly2
Avira W32/Sality.AT
Antiy-AVL Virus/Win32.Sality.gen
Microsoft Virus:Win32/Sality.AT
AegisLab Virus.Win32.Sality.v!c
ZoneAlarm Virus.Win32.Sality.gen
GData Win32.Sality.3
Cynet Malicious (score: 85)
AhnLab-V3 Win32/Kashu.E
McAfee W32/Sality.gen.z
MAX malware (ai score=80)
VBA32 Virus.Win32.Sality.bakb
Cylance Unsafe
Zoner Trojan.Win32.Sality.22009
ESET-NOD32 Win32/Sality.NBA
Tencent Virus.Win32.TuTu.Gen.200004
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2017-03-01 06:15:48

Imports

Library KERNEL32.dll:
0xe1006c ReadFile
0xe10070 SetFilePointer
0xe10074 GetFileSize
0xe10078 CreateFileW
0xe1007c GetModuleFileNameA
0xe10080 GetCommandLineW
0xe10084 SetEndOfFile
0xe10088 WriteFile
0xe1008c CreateFileA
0xe10090 GetFileAttributesA
0xe10094 GetStartupInfoW
0xe10098 GetCommandLineA
0xe1009c ExitProcess
0xe100a0 RemoveDirectoryW
0xe100a4 CopyFileW
0xe100a8 GetModuleFileNameW
0xe100ac GetCPInfo
0xe100b0 GetACP
0xe100b4 IsDBCSLeadByte
0xe100b8 HeapSize
0xe100bc DeviceIoControl
0xe100c0 CreateProcessA
0xe100c4 GetTempPathA
0xe100c8 FindNextFileW
0xe100d4 WideCharToMultiByte
0xe100d8 MultiByteToWideChar
0xe100dc lstrlenW
0xe100e0 GetLongPathNameW
0xe100e4 CreateProcessW
0xe100e8 GetTempFileNameA
0xe100ec CreateDirectoryA
0xe100f0 DeleteFileA
0xe100f4 GetFileAttributesW
0xe100f8 CreateMutexA
0xe100fc SetFilePointerEx
0xe10100 GetFileSizeEx
0xe10110 MoveFileExW
0xe1011c GetFullPathNameW
0xe10124 OutputDebugStringA
0xe10128 LoadLibraryA
0xe1012c GetSystemDirectoryA
0xe10130 FreeLibrary
0xe10134 GetVersionExW
0xe10138 GetCurrentProcess
0xe1013c VirtualQuery
0xe10140 ExitThread
0xe1014c VerifyVersionInfoW
0xe10150 VerSetConditionMask
0xe10154 GlobalFree
0xe10158 CreateThread
0xe1015c LockResource
0xe10160 LoadResource
0xe10164 FindResourceExA
0xe10168 FindResourceExW
0xe1016c GlobalAlloc
0xe10170 GlobalUnlock
0xe10174 GlobalLock
0xe10180 GlobalSize
0xe10184 QueueUserAPC
0xe10188 OpenThread
0xe1018c SleepEx
0xe10194 GetCurrentProcessId
0xe10198 GetProcessTimes
0xe1019c RaiseException
0xe101a4 SetLastError
0xe101a8 TerminateThread
0xe101ac CreateEventW
0xe101b0 SetEvent
0xe101b4 ResetEvent
0xe101c0 GetTickCount
0xe101c4 SetThreadPriority
0xe101cc GetSystemTime
0xe101d4 DebugBreak
0xe101d8 GetModuleHandleW
0xe101dc LCMapStringW
0xe101e0 GetExitCodeThread
0xe101e4 DuplicateHandle
0xe101e8 GetCurrentThread
0xe101ec MapViewOfFile
0xe101f0 UnmapViewOfFile
0xe101f4 CompareFileTime
0xe101f8 ReleaseMutex
0xe101fc CreateFileMappingA
0xe10200 ReleaseSemaphore
0xe10204 CreateSemaphoreW
0xe1020c CreateEventA
0xe10214 SetWaitableTimer
0xe10218 CancelWaitableTimer
0xe10220 GetVersionExA
0xe10224 GetVersion
0xe10228 VirtualAlloc
0xe1022c VirtualFree
0xe10230 FlushFileBuffers
0xe10238 IsDebuggerPresent
0xe1023c SetSystemTime
0xe10244 TlsAlloc
0xe10248 TlsFree
0xe1024c ResumeThread
0xe10258 CreateSemaphoreA
0xe1025c HeapAlloc
0xe10260 HeapFree
0xe10264 HeapUnlock
0xe10268 HeapWalk
0xe1026c HeapLock
0xe10270 HeapCreate
0xe10274 HeapDestroy
0xe10278 VirtualProtect
0xe1027c GetNumberFormatW
0xe10280 GetCurrencyFormatW
0xe10284 CompareStringW
0xe10288 GetDateFormatW
0xe1028c GetTimeFormatW
0xe10290 GetUserDefaultLCID
0xe10294 EnumSystemLocalesW
0xe10298 GetProcessHeap
0xe102a4 GetStartupInfoA
0xe102a8 RtlUnwind
0xe102b4 HeapReAlloc
0xe102b8 GetStdHandle
0xe102bc TerminateProcess
0xe102d0 SetHandleCount
0xe102d4 GetFileType
0xe102d8 GetOEMCP
0xe102dc IsValidCodePage
0xe102e0 LCMapStringA
0xe102e4 GetConsoleCP
0xe102e8 GetConsoleMode
0xe102f4 SetStdHandle
0xe102f8 GetLocaleInfoA
0xe102fc GetStringTypeA
0xe10300 GetStringTypeW
0xe10304 WriteConsoleA
0xe10308 GetConsoleOutputCP
0xe1030c WriteConsoleW
0xe10310 CompareStringA
0xe10318 LocalAlloc
0xe1031c GlobalMemoryStatus
0xe10324 GetProcAddress
0xe10328 WaitForSingleObject
0xe1032c GetExitCodeProcess
0xe10330 CloseHandle
0xe10334 FindFirstFileW
0xe10338 FindClose
0xe1033c GetSystemDirectoryW
0xe10340 LoadLibraryW
0xe10344 GetModuleHandleA
0xe10348 GetTempPathW
0xe1034c GetTempFileNameW
0xe10350 GetLastError
0xe10354 DeleteFileW
0xe10358 CreateDirectoryW
0xe1035c GetSystemInfo
0xe10360 SwitchToThread
0xe10364 TlsGetValue
0xe10368 TlsSetValue
0xe1036c GetCurrentThreadId
0xe10374 ReadConsoleInputA
0xe10378 SetConsoleMode
0xe1037c FindFirstFileA
0xe10398 InterlockedExchange
0xe103a0 GetLocaleInfoW
0xe103a4 Sleep
0xe103ac GetDriveTypeA
0xe103b0 GetFullPathNameA
0xe103b4 PeekNamedPipe
Library ADVAPI32.dll:
0xe10000 CryptEncrypt
0xe10004 CryptDestroyKey
0xe10008 CryptImportKey
0xe1000c CryptSetKeyParam
0xe10010 CryptGetHashParam
0xe10014 CryptHashData
0xe10018 CryptDestroyHash
0xe10020 CryptCreateHash
0xe10028 ReportEventA
0xe10030 RegOpenKeyA
0xe10038 CryptGenRandom
0xe1003c CryptReleaseContext
0xe10040 RegOpenKeyExA
0xe10044 RegQueryValueExW
0xe10048 RegSetValueExW
0xe1004c RegCreateKeyExW
0xe10050 RegSetValueExA
0xe10054 RegQueryValueExA
0xe10058 RegCloseKey
0xe1005c RegCreateKeyExA
0xe10060 RegOpenKeyExW
0xe10064 CryptDecrypt

Exports

Ordinal Address Name
1 0x940ac0 IAEModule_AEModule_PutKernel
2 0x9421f0 IAEModule_IAEKernel_LoadModule
3 0x942260 IAEModule_IAEKernel_UnloadModule
4 0x41f5da _WinMainSandboxed@20

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.