SmartHawk

4.8

中危

48 个模型检测该样本为恶意！

重新分析

下载样本

506c00ed7ae0a9186274ae0a9e9e2cacd7028a956863074592b8f8f7c0ea5e32

052c154a9921c3b73b0096dc384a1d06.exe

分析耗时

74s

最近分析

文件大小

2.2MB

静态报毒动态报毒 100% 4VHUFJJQNH97B5PFW04H7Q AI SCORE=100 AIDETECTVM ANDROM ARTEMIS ATTRIBUTE BSCOPE CONFIDENCE GENERIC@ML GENERICKD HIGH CONFIDENCE HIGHCONFIDENCE KCLOUD KRSWHE2YXYM KVMH008 MALWARE1 MAWAAU7U OCCAMY PACK RDML SCORE STATIC AI SUSPICIOUS PE UNSAFE ZEXAF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Artemis!052C154A9921	20210118	6.0.6.653
Alibaba	Backdoor:Win32/Androm.7daf9254	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:Malware-gen	20210118	21.1.5827.0
Tencent		20210118	1.0.0.1
Kingsoft	Win32.Heur.KVMH008.a.(kcloud)	20210118	2017.9.26.565
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (6 个事件)

section	\x00
section	.rsrc
section	.idata
section
section	yrlwvgah
section	oeqbvqgq

One or more processes crashed (50 out of 58 个事件)

Time & API	Arguments	Status
1620809364.495503 __exception__	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5 registers.esp: 3210984 registers.edi: 0 registers.eax: 1 registers.ebp: 3211000 registers.edx: 29347840 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 exception.instruction_r: fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x6c60b9 exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 7102649 exception.address: 0x1a360b9	success
1620809364.495503 __exception__	stacktrace: registers.esp: 3210952 registers.edi: 1983119592 registers.eax: 32558 registers.ebp: 4005584916 registers.edx: 20381696 registers.ebx: 24509795 registers.esi: 3 registers.ecx: 1983315968 exception.instruction_r: fb 51 89 1c 24 89 34 24 54 ff 34 24 5e 83 c4 04 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x3e83fc exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 4097020 exception.address: 0x17583fc	success
1620809364.495503 __exception__	stacktrace: registers.esp: 3210952 registers.edi: 0 registers.eax: 32558 registers.ebp: 4005584916 registers.edx: 20381696 registers.ebx: 24480183 registers.esi: 3 registers.ecx: 236777 exception.instruction_r: fb e9 78 05 00 00 be 90 1e fe 3a c1 ee 08 81 ce exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x3e7eb2 exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 4095666 exception.address: 0x1757eb2	success
1620809364.495503 __exception__	stacktrace: registers.esp: 3210948 registers.edi: 24481497 registers.eax: 27808 registers.ebp: 4005584916 registers.edx: 57468289 registers.ebx: 24480183 registers.esi: 3 registers.ecx: 719220465 exception.instruction_r: fb 68 03 e7 53 12 89 14 24 83 ec 04 89 2c 24 89 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x3e9a06 exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 4102662 exception.address: 0x1759a06	success
1620809364.495503 __exception__	stacktrace: registers.esp: 3210952 registers.edi: 24509305 registers.eax: 27808 registers.ebp: 4005584916 registers.edx: 57468289 registers.ebx: 24480183 registers.esi: 3 registers.ecx: 719220465 exception.instruction_r: fb 68 c5 35 d5 16 89 2c 24 c7 04 24 93 ff ff 3f exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x3e8ffd exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 4100093 exception.address: 0x1758ffd	success
1620809364.510503 __exception__	stacktrace: registers.esp: 3210952 registers.edi: 24484669 registers.eax: 27808 registers.ebp: 4005584916 registers.edx: 1259 registers.ebx: 0 registers.esi: 3 registers.ecx: 719220465 exception.instruction_r: fb e9 30 00 00 00 89 24 24 e9 84 00 00 00 5d e9 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x3e9522 exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 4101410 exception.address: 0x1759522	success
1620809364.510503 __exception__	stacktrace: registers.esp: 3210952 registers.edi: 26032233 registers.eax: 1407617366 registers.ebp: 4005584916 registers.edx: 24470893 registers.ebx: 4075520 registers.esi: 26028872 registers.ecx: 0 exception.instruction_r: fb 57 bf 9b 87 ff 7b 89 f9 5f 57 89 04 24 b8 7b exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x563029 exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5648425 exception.address: 0x18d3029	success
1620809364.542503 __exception__	stacktrace: registers.esp: 3210948 registers.edi: 26032233 registers.eax: 26938 registers.ebp: 4005584916 registers.edx: 2130566132 registers.ebx: 34341388 registers.esi: 26028872 registers.ecx: 26053795 exception.instruction_r: fb e9 71 ff ff ff 81 c6 f4 7f e0 b8 01 f7 5e 53 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x5690fa exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5673210 exception.address: 0x18d90fa	success
1620809364.542503 __exception__	stacktrace: registers.esp: 3210952 registers.edi: 26032233 registers.eax: 26938 registers.ebp: 4005584916 registers.edx: 2130566132 registers.ebx: 34341388 registers.esi: 26028872 registers.ecx: 26080733 exception.instruction_r: fb 31 d2 ff 34 11 ff 34 24 e9 3b 05 00 00 29 ca exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x568f94 exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5672852 exception.address: 0x18d8f94	success
1620809364.542503 __exception__	stacktrace: registers.esp: 3210952 registers.edi: 26032233 registers.eax: 26938 registers.ebp: 4005584916 registers.edx: 4294942788 registers.ebx: 34341388 registers.esi: 134889 registers.ecx: 26080733 exception.instruction_r: fb e9 44 00 00 00 81 ed cf 7a d2 52 01 e9 5d 83 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x56900f exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5672975 exception.address: 0x18d900f	success
1620809364.542503 __exception__	stacktrace: registers.esp: 3210952 registers.edi: 26074752 registers.eax: 202985 registers.ebp: 4005584916 registers.edx: 753821231 registers.ebx: 1545491767 registers.esi: 0 registers.ecx: 14288 exception.instruction_r: fb bb 66 c9 ff 1f e9 fb 04 00 00 87 1c 24 5c 89 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x56d3ad exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5690285 exception.address: 0x18dd3ad	success
1620809364.542503 __exception__	stacktrace: registers.esp: 3210944 registers.edi: 4796034 registers.eax: 1447909480 registers.ebp: 4005584916 registers.edx: 22104 registers.ebx: 1983254709 registers.esi: 26089609 registers.ecx: 20 exception.instruction_r: ed 64 8f 05 00 00 00 00 51 89 e1 68 ef 20 fe 27 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x576f9f exception.instruction: in eax, dx exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5730207 exception.address: 0x18e6f9f	success
1620809364.542503 __exception__	stacktrace: registers.esp: 3210944 registers.edi: 4796034 registers.eax: 1 registers.ebp: 4005584916 registers.edx: 22104 registers.ebx: 0 registers.esi: 26089609 registers.ecx: 20 exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x577261 exception.address: 0x18e7261 exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc000001d exception.offset: 5730913	success
1620809364.542503 __exception__	stacktrace: registers.esp: 3210944 registers.edi: 4796034 registers.eax: 1447909480 registers.ebp: 4005584916 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 26089609 registers.ecx: 10 exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 40 2a b5 12 01 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x577123 exception.instruction: in eax, dx exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5730595 exception.address: 0x18e7123	success
1620809364.745503 __exception__	stacktrace: registers.esp: 3210948 registers.edi: 4796034 registers.eax: 32739 registers.ebp: 4005584916 registers.edx: 26124546 registers.ebx: 50486906 registers.esi: 10 registers.ecx: 3233087488 exception.instruction_r: fb 55 89 e5 81 c5 04 00 00 00 83 ed 04 e9 00 00 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x57ac38 exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5745720 exception.address: 0x18eac38	success
1620809364.745503 __exception__	stacktrace: registers.esp: 3210952 registers.edi: 4796034 registers.eax: 32739 registers.ebp: 4005584916 registers.edx: 26157285 registers.ebx: 50486906 registers.esi: 10 registers.ecx: 3233087488 exception.instruction_r: fb e9 8d f6 ff ff bf be 9c be 5f 89 f9 5f 09 4c exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x57ad0a exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5745930 exception.address: 0x18ead0a	success
1620809364.745503 __exception__	stacktrace: registers.esp: 3210952 registers.edi: 6379 registers.eax: 32739 registers.ebp: 4005584916 registers.edx: 26157285 registers.ebx: 4294937660 registers.esi: 10 registers.ecx: 3233087488 exception.instruction_r: fb 52 89 e2 81 c2 04 00 00 00 83 ea 04 87 14 24 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x57a21c exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5743132 exception.address: 0x18ea21c	success
1620809364.745503 __exception__	stacktrace: registers.esp: 3210948 registers.edi: 6379 registers.eax: 29647 registers.ebp: 4005584916 registers.edx: 26156146 registers.ebx: 4294937660 registers.esi: 10 registers.ecx: 26127710 exception.instruction_r: fb 81 c2 d7 d7 bf 7d 50 e9 0a 00 00 00 5b 87 34 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x58238f exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5776271 exception.address: 0x18f238f	success
1620809364.745503 __exception__	stacktrace: registers.esp: 3210952 registers.edi: 6379 registers.eax: 605849937 registers.ebp: 4005584916 registers.edx: 26159441 registers.ebx: 4294937660 registers.esi: 0 registers.ecx: 26127710 exception.instruction_r: fb 50 e9 e8 f7 ff ff 81 eb ad 54 ff 2e e9 62 f9 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x5825f8 exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5776888 exception.address: 0x18f25f8	success
1620809364.917503 __exception__	stacktrace: registers.esp: 3210948 registers.edi: 26194455 registers.eax: 26733 registers.ebp: 4005584916 registers.edx: 6 registers.ebx: 50487128 registers.esi: 1983190032 registers.ecx: 0 exception.instruction_r: fb e9 00 00 00 00 81 ef 41 9e 75 7b 52 89 2c 24 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x58bbd5 exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5815253 exception.address: 0x18fbbd5	success
1620809364.917503 __exception__	stacktrace: registers.esp: 3210952 registers.edi: 26221188 registers.eax: 26733 registers.ebp: 4005584916 registers.edx: 262633 registers.ebx: 50487128 registers.esi: 1983190032 registers.ecx: 4294943104 exception.instruction_r: fb e9 75 f8 ff ff 52 ba 00 fd fe 6b e9 f6 fb ff exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x58ba12 exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5814802 exception.address: 0x18fba12	success
1620809364.917503 __exception__	stacktrace: registers.esp: 3210940 registers.edi: 26221188 registers.eax: 30743 registers.ebp: 4005584916 registers.edx: 262633 registers.ebx: 26216950 registers.esi: 1983190032 registers.ecx: 262633 exception.instruction_r: fb 56 52 68 eb c3 8d 7e 5a c1 e2 03 e9 f9 09 00 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x590a7b exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5835387 exception.address: 0x1900a7b	success
1620809364.917503 __exception__	stacktrace: registers.esp: 3210944 registers.edi: 26221188 registers.eax: 30743 registers.ebp: 4005584916 registers.edx: 84201 registers.ebx: 26247693 registers.esi: 4294939672 registers.ecx: 262633 exception.instruction_r: fb 51 83 ec 04 89 04 24 53 bb 84 e0 e6 5f 55 bd exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x590ce0 exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5836000 exception.address: 0x1900ce0	success
1620809364.917503 __exception__	stacktrace: registers.esp: 3210944 registers.edi: 26221188 registers.eax: 30460 registers.ebp: 4005584916 registers.edx: 84201 registers.ebx: 111736486 registers.esi: 4294939672 registers.ecx: 26252988 exception.instruction_r: fb e9 fb f7 ff ff 89 0c 24 e9 36 00 00 00 53 bb exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x5928f8 exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5843192 exception.address: 0x19028f8	success
1620809364.917503 __exception__	stacktrace: registers.esp: 3210944 registers.edi: 0 registers.eax: 30460 registers.ebp: 4005584916 registers.edx: 84201 registers.ebx: 111736486 registers.esi: 14827 registers.ecx: 26225356 exception.instruction_r: fb 83 ec 04 e9 90 01 00 00 87 2c 24 e9 d5 00 00 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x591fdc exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5840860 exception.address: 0x1901fdc	success
1620809364.932503 __exception__	stacktrace: registers.esp: 3210940 registers.edi: 0 registers.eax: 31007 registers.ebp: 4005584916 registers.edx: 2130566132 registers.ebx: 396340207 registers.esi: 1832232143 registers.ecx: 26267890 exception.instruction_r: fb 81 ec 04 00 00 00 89 14 24 53 bb 5e b6 fa 79 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x59d8e8 exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5888232 exception.address: 0x190d8e8	success
1620809364.932503 __exception__	stacktrace: registers.esp: 3210944 registers.edi: 0 registers.eax: 31007 registers.ebp: 4005584916 registers.edx: 2130566132 registers.ebx: 396340207 registers.esi: 1832232143 registers.ecx: 26298897 exception.instruction_r: fb e9 2a 07 00 00 c1 e1 06 e9 f2 fd ff ff 81 ea exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x59d315 exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5886741 exception.address: 0x190d315	success
1620809364.932503 __exception__	stacktrace: registers.esp: 3210944 registers.edi: 0 registers.eax: 31007 registers.ebp: 4005584916 registers.edx: 1358981728 registers.ebx: 396340207 registers.esi: 0 registers.ecx: 26270981 exception.instruction_r: fb e9 87 00 00 00 81 c1 6b 75 fe 3a 68 11 47 14 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x59d5ab exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5887403 exception.address: 0x190d5ab	success
1620809364.932503 __exception__	stacktrace: registers.esp: 3210908 registers.edi: 1985216512 registers.eax: 27710 registers.ebp: 4005584916 registers.edx: 2130566132 registers.ebx: 2010535050 registers.esi: 2035845489 registers.ecx: 26369098 exception.instruction_r: fb 53 52 68 81 ff df 5f 5a 81 e2 4a 53 d6 5f 51 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x5b5e33 exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5987891 exception.address: 0x1925e33	success
1620809364.948503 __exception__	stacktrace: registers.esp: 3210912 registers.edi: 4294942568 registers.eax: 27710 registers.ebp: 4005584916 registers.edx: 2130566132 registers.ebx: 3060218472 registers.esi: 2035845489 registers.ecx: 26396808 exception.instruction_r: fb 68 68 0a fa 32 e9 0b 00 00 00 81 c6 14 96 7e exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x5b5d35 exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5987637 exception.address: 0x1925d35	success
1620809364.948503 __exception__	stacktrace: registers.esp: 3210912 registers.edi: 4294942568 registers.eax: 26130 registers.ebp: 4005584916 registers.edx: 1748698140 registers.ebx: 26398642 registers.esi: 2035845489 registers.ecx: 1601790065 exception.instruction_r: fb 31 f6 ff 34 33 ff 34 24 e9 26 00 00 00 5a 81 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x5b69fe exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5990910 exception.address: 0x19269fe	success
1620809364.948503 __exception__	stacktrace: registers.esp: 3210912 registers.edi: 4294942568 registers.eax: 26130 registers.ebp: 4005584916 registers.edx: 82608469 registers.ebx: 26398642 registers.esi: 4294943532 registers.ecx: 1601790065 exception.instruction_r: fb 50 e9 95 00 00 00 5a 50 89 e0 e9 0c 00 00 00 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x5b69b5 exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5990837 exception.address: 0x19269b5	success
1620809364.948503 __exception__	stacktrace: registers.esp: 3210908 registers.edi: 4294942568 registers.eax: 30220 registers.ebp: 4005584916 registers.edx: 1380072240 registers.ebx: 26398642 registers.esi: 26375193 registers.ecx: 1777097430 exception.instruction_r: fb 50 b8 ca 74 f7 7a c1 e8 06 48 56 e9 14 00 00 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x5b7e66 exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5996134 exception.address: 0x1927e66	success
1620809364.948503 __exception__	stacktrace: registers.esp: 3210912 registers.edi: 4294939964 registers.eax: 30220 registers.ebp: 4005584916 registers.edx: 1380072240 registers.ebx: 26398642 registers.esi: 26405413 registers.ecx: 1776729686 exception.instruction_r: fb 55 53 bb eb 23 ff 7b 89 dd 8b 1c 24 81 c4 04 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x5b7786 exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5994374 exception.address: 0x1927786	success
1620809364.948503 __exception__	stacktrace: registers.esp: 3210908 registers.edi: 4294939964 registers.eax: 27110 registers.ebp: 4005584916 registers.edx: 767497853 registers.ebx: 26378536 registers.esi: 26405413 registers.ecx: 249401101 exception.instruction_r: fb 81 ec 04 00 00 00 89 1c 24 e9 d5 fd ff ff 54 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x5b856b exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5997931 exception.address: 0x192856b	success
1620809364.948503 __exception__	stacktrace: registers.esp: 3210912 registers.edi: 4294939964 registers.eax: 27110 registers.ebp: 4005584916 registers.edx: 767497853 registers.ebx: 26405646 registers.esi: 26405413 registers.ecx: 249401101 exception.instruction_r: fb 68 59 bf 9c 5d e9 54 02 00 00 5b 29 f7 81 c7 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x5b86a4 exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5998244 exception.address: 0x19286a4	success
1620809364.948503 __exception__	stacktrace: registers.esp: 3210912 registers.edi: 44777 registers.eax: 27110 registers.ebp: 4005584916 registers.edx: 767497853 registers.ebx: 26381430 registers.esi: 26405413 registers.ecx: 0 exception.instruction_r: fb 68 29 e3 e7 77 e9 f0 04 00 00 83 c7 04 87 3c exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x5b845c exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5997660 exception.address: 0x192845c	success
1620809364.948503 __exception__	stacktrace: registers.esp: 3210912 registers.edi: 4269813352 registers.eax: 32305 registers.ebp: 4005584916 registers.edx: 2042822263 registers.ebx: 4294937804 registers.esi: 26405413 registers.ecx: 26422016 exception.instruction_r: fb 68 5a 99 1f 00 89 04 24 b8 39 3b fe 5f 57 c7 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x5bb1ed exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 6009325 exception.address: 0x192b1ed	success
1620809364.948503 __exception__	stacktrace: registers.esp: 3210908 registers.edi: 4269813352 registers.eax: 32896 registers.ebp: 4005584916 registers.edx: 2042822263 registers.ebx: 26392939 registers.esi: 26405413 registers.ecx: 26422016 exception.instruction_r: fb e9 3e f7 ff ff b8 55 38 cb 72 29 c6 58 81 ee exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x5bc23f exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 6013503 exception.address: 0x192c23f	success
1620809364.948503 __exception__	stacktrace: registers.esp: 3210912 registers.edi: 4269813352 registers.eax: 32896 registers.ebp: 4005584916 registers.edx: 2042822263 registers.ebx: 26425835 registers.esi: 26405413 registers.ecx: 26422016 exception.instruction_r: fb e9 c7 05 00 00 81 c4 04 00 00 00 01 da e9 25 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x5bbdb1 exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 6012337 exception.address: 0x192bdb1	success
1620809364.964503 __exception__	stacktrace: registers.esp: 3210912 registers.edi: 4269813352 registers.eax: 32896 registers.ebp: 4005584916 registers.edx: 2042822263 registers.ebx: 26425835 registers.esi: 157417 registers.ecx: 4294937312 exception.instruction_r: fb 55 50 e9 57 fb ff ff 50 b8 35 e4 b6 7f 89 c1 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x5bc3b4 exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 6013876 exception.address: 0x192c3b4	success
1620809364.964503 __exception__	stacktrace: registers.esp: 3210908 registers.edi: 4269813352 registers.eax: 25758 registers.ebp: 4005584916 registers.edx: 106560028 registers.ebx: 1968657746 registers.esi: 26397043 registers.ecx: 1744472826 exception.instruction_r: fb 81 ee 81 09 d9 3f 81 ee 51 0e f7 6b 81 ee a1 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x5bcb25 exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 6015781 exception.address: 0x192cb25	success
1620809364.964503 __exception__	stacktrace: registers.esp: 3210912 registers.edi: 4269813352 registers.eax: 25758 registers.ebp: 4005584916 registers.edx: 106560028 registers.ebx: 1968657746 registers.esi: 26422801 registers.ecx: 1744472826 exception.instruction_r: fb 52 e9 ff fd ff ff 81 c3 52 d3 3f 5f e9 fa 01 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x5bd04a exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 6017098 exception.address: 0x192d04a	success
1620809364.964503 __exception__	stacktrace: registers.esp: 3210912 registers.edi: 1750288232 registers.eax: 25758 registers.ebp: 4005584916 registers.edx: 106560028 registers.ebx: 1968657746 registers.esi: 26399977 registers.ecx: 0 exception.instruction_r: fb 81 ec 04 00 00 00 89 04 24 68 de 97 6a 78 89 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x5bcf20 exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 6016800 exception.address: 0x192cf20	success
1620809364.964503 __exception__	stacktrace: registers.esp: 3210908 registers.edi: 1750288232 registers.eax: 32478 registers.ebp: 4005584916 registers.edx: 26421401 registers.ebx: 2147483650 registers.esi: 26401557 registers.ecx: 3233087488 exception.instruction_r: fb 57 bf 18 f0 6f 60 4f 47 e9 94 02 00 00 40 96 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x5c2e06 exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 6041094 exception.address: 0x1932e06	success
1620809364.964503 __exception__	stacktrace: registers.esp: 3210912 registers.edi: 1750288232 registers.eax: 0 registers.ebp: 4005584916 registers.edx: 26424675 registers.ebx: 2147483650 registers.esi: 26401557 registers.ecx: 604292944 exception.instruction_r: fb 55 bd ca 82 ef 37 68 31 ed 5b 0c 89 2c 24 51 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x5c332f exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 6042415 exception.address: 0x193332f	success
1620809364.964503 __exception__	stacktrace: registers.esp: 3210908 registers.edi: 1750288232 registers.eax: 30312 registers.ebp: 4005584916 registers.edx: 26424675 registers.ebx: 330963969 registers.esi: 26425010 registers.ecx: 604292944 exception.instruction_r: fb 50 89 0c 24 b9 f9 a0 93 3f e9 18 01 00 00 c1 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x5c377f exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 6043519 exception.address: 0x193377f	success
1620809364.979503 __exception__	stacktrace: registers.esp: 3210912 registers.edi: 1750288232 registers.eax: 30312 registers.ebp: 4005584916 registers.edx: 0 registers.ebx: 604292949 registers.esi: 26427642 registers.ecx: 604292944 exception.instruction_r: fb 50 51 b9 3f 1e ff 61 81 f1 b8 b1 02 06 e9 8a exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x5c3ab4 exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 6044340 exception.address: 0x1933ab4	success
1620809364.979503 __exception__	stacktrace: registers.esp: 3210908 registers.edi: 2257790844 registers.eax: 27176 registers.ebp: 4005584916 registers.edx: 90401760 registers.ebx: 2274588543 registers.esi: 1776715874 registers.ecx: 26434056 exception.instruction_r: fb e9 db fd ff ff 89 34 24 89 1c 24 57 50 b8 8a exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x5c62f0 exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 6054640 exception.address: 0x19362f0	success
1620809364.979503 __exception__	stacktrace: registers.esp: 3210912 registers.edi: 2257790844 registers.eax: 10873169 registers.ebp: 4005584916 registers.edx: 90401760 registers.ebx: 2274588543 registers.esi: 0 registers.ecx: 26437176 exception.instruction_r: fb 83 ec 04 e9 67 03 00 00 be 22 42 3f 3b 81 f6 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x5c5f86 exception.instruction: sti exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 6053766 exception.address: 0x1935f86	success

A process attempted to delay the analysis task. (1 个事件)

description

052c154a9921c3b73b0096dc384a1d06.exe tried to sleep 480 seconds, actually delayed analysis time by 480 seconds

The binary likely contains encrypted or compressed data indicative of a packer (4 个事件)

entropy

7.98441348530954

section

{'size_of_data': '0x0006aa00', 'virtual_address': '0x00001000', 'entropy': 7.98441348530954, 'name': ' \\x00 ', 'virtual_size': '0x003e3000'}

description

A section with a high entropy has been found

entropy

7.954464657320009

section

{'size_of_data': '0x001c6e00', 'virtual_address': '0x006c6000', 'entropy': 7.954464657320009, 'name': 'yrlwvgah', 'virtual_size': '0x001c7000'}

description

A section with a high entropy has been found

entropy

7.297429432241755

section

{'size_of_data': '0x00000200', 'virtual_address': '0x0088d000', 'entropy': 7.297429432241755, 'name': 'oeqbvqgq', 'virtual_size': '0x00001000'}

description

A section with a high entropy has been found

entropy

0.9995550611790879

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Checks for the presence of known windows from debuggers and forensic tools (9 个事件)

Time & API	Arguments	Status
1620809364.979503 FindWindowA	class_name: FilemonClass window_name:	failed
1620809364.979503 FindWindowA	class_name: FilemonClass window_name:	failed
1620809364.979503 FindWindowA	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com	failed
1620809364.979503 FindWindowA	class_name: PROCMON_WINDOW_CLASS window_name:	failed
1620809364.979503 FindWindowA	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com	failed
1620809364.995503 FindWindowA	class_name: RegmonClass window_name:	failed
1620809364.995503 FindWindowA	class_name: RegmonClass window_name:	failed
1620809364.995503 FindWindowA	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com	failed
1620809364.995503 FindWindowA	class_name: 18467-41 window_name:	failed

Checks the version of Bios, possibly for anti-virtualization (2 个事件)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Detects VMWare through the in instruction feature (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620809364.542503 __exception__	stacktrace: registers.esp: 3210944 registers.edi: 4796034 registers.eax: 1447909480 registers.ebp: 4005584916 registers.edx: 22104 registers.ebx: 1983254709 registers.esi: 26089609 registers.ecx: 20 exception.instruction_r: ed 64 8f 05 00 00 00 00 51 89 e1 68 ef 20 fe 27 exception.symbol: 052c154a9921c3b73b0096dc384a1d06+0x576f9f exception.instruction: in eax, dx exception.module: 052c154a9921c3b73b0096dc384a1d06.exe exception.exception_code: 0xc0000096 exception.offset: 5730207 exception.address: 0x18e6f9f	success	0	0

File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 个事件)

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.44689855
FireEye	Generic.mg.052c154a9921c3b7
McAfee	Artemis!052C154A9921
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Trojan ( 0040f4ef1 )
Alibaba	Backdoor:Win32/Androm.7daf9254
K7GW	Trojan ( 0040f4ef1 )
Cybereason	malicious.a9921c
Arcabit	Trojan.Generic.D2A9E9BF
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Trojan.GenericKD.44689855
Paloalto	generic.ml
AegisLab	Trojan.Win32.Androm.4!c
Ad-Aware	Trojan.GenericKD.44689855
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/Crypt.TPM.Gen
Zillya	Backdoor.Androm.Win32.62037
McAfee-GW-Edition	BehavesLike.Win32.Generic.vc
Emsisoft	Trojan.GenericKD.44689855 (B)
SentinelOne	Static AI - Suspicious PE
Avira	TR/Crypt.TPM.Gen
Antiy-AVL	Trojan[Backdoor]/Win32.Androm
Kingsoft	Win32.Heur.KVMH008.a.(kcloud)
Gridinsoft	Malware.Win32.Pack.40363!se
Microsoft	Trojan:Win32/Occamy.C50
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Trojan.GenericKD.44689855
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Gen.Generic.C3008922
BitDefenderTheta	Gen:NN.ZexaF.34760.mAWaau7U!qh
ALYac	Trojan.GenericKD.44689855
MAX	malware (ai score=100)
VBA32	BScope.Backdoor.Androm
Malwarebytes	Trojan.MalPack
Rising	Trojan.Generic@ML.100 (RDML:4vHufjJQNh97B5Pfw04H7Q)
Yandex	Trojan.TPM!KrsWHE2yxyM
Ikarus	Trojan.Crypt
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/Androm!tr.bdr
AVG	Win32:Malware-gen
CrowdStrike	win/malicious_confidence_100% (W)
Qihoo-360	Win32/Backdoor.650

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2019-03-01 21:24:07

Imports

Library kernel32.dll:

• 0x7e5046 lstrcpy

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	63429	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58368	239.255.255.250	3702
192.168.56.101	58370	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.