3.2
中危
44 个模型检测该样本为恶意!
重新分析
更多

d9faaf711e84539f4fda3ba01b529813dd259142be98592cf1ea5c25dd29c021

058f002017f989009d63380de260a6c6.exe

分析耗时

12s

最近分析

文件大小

482.5KB
静态报毒 动态报毒 100% AI SCORE=85 AIDETECTVM CONFIDENCE EBDG FRAUDROP GENERICKD GENERICRXAA HIGH CONFIDENCE MALICIOUS PE MALWARE1 MALWARE@#33AK59BD8DXJ0 PALLAS POSSIBLETHREAT R011C0DGK20 R305468 SCORE TPH3 UNSAFE YMACCO YZY0OHLVPXMACNMI 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXAA-AA!058F002017F9 20200728 6.0.6.653
Alibaba Trojan:Win32/Ymacco.fba02406 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20200728 18.4.3895.0
Kingsoft 20200728 2013.8.14.323
Tencent 20200728 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
行为判定
动态指标
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.824157735807592 section {'size_of_data': '0x000e9200', 'virtual_address': '0x00026000', 'entropy': 7.824157735807592, 'name': '.rsrc', 'virtual_size': '0x000e908c'} description A section with a high entropy has been found
entropy 0.8735362997658079 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Generates some ICMP traffic
File has been identified by 44 AntiVirus engines on VirusTotal as malicious (44 个事件)
Bkav W32.AIDetectVM.malware1
MicroWorld-eScan Trojan.GenericKD.33529297
FireEye Generic.mg.058f002017f98900
McAfee GenericRXAA-AA!058F002017F9
Cylance Unsafe
K7AntiVirus Trojan ( 0053b4521 )
Alibaba Trojan:Win32/Ymacco.fba02406
K7GW Trojan ( 0053b4521 )
Cybereason malicious.49acfa
Invincea heuristic
Symantec Trojan.Gen.MBT
TrendMicro-HouseCall TROJ_GEN.R011C0DGK20
Avast Win32:Malware-gen
ClamAV Win.Malware.Generic-7428307-0
GData Trojan.GenericKD.33529297
BitDefender Trojan.GenericKD.33529297
ViRobot Trojan.Win32.Z.Agent.494117.A
Rising Spyware.KeyLogger!8.12F (C64:YzY0OhlVPXmACNMI)
Endgame malicious (high confidence)
Emsisoft Trojan.GenericKD.33529297 (B)
Comodo Malware@#33ak59bd8dxj0
Zillya Trojan.Keylogger.Win32.60508
TrendMicro TROJ_GEN.R011C0DGK20
SentinelOne DFI - Malicious PE
Sophos Mal/Generic-S
APEX Malicious
Cyren W32/Trojan.EBDG-2004
Webroot W32.Malware.Gen
Antiy-AVL Trojan[Spy]/MSIL.KeyLogger
Arcabit Trojan.Generic.D1FF9DD1
AegisLab Trojan.Win32.FrauDrop.tpH3
Microsoft Trojan:Win32/Ymacco.AAD9
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.RL_Generic.R305468
Acronis suspicious
ALYac Trojan.GenericKD.33529297
MAX malware (ai score=85)
Ad-Aware Trojan.GenericKD.33529297
Ikarus Trojan.Win32.Ymacco
eGambit Unsafe.AI_Score_99%
Fortinet PossibleThreat.PALLAS.H
AVG Win32:Malware-gen
Panda Trj/CI.A
CrowdStrike win/malicious_confidence_100% (W)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2012-07-14 06:47:16

Imports

Library KERNEL32.dll:
0x41b000 RaiseException
0x41b004 GetLastError
0x41b008 MultiByteToWideChar
0x41b00c lstrlenA
0x41b014 GetProcAddress
0x41b018 LoadLibraryA
0x41b01c FreeResource
0x41b020 SizeofResource
0x41b024 LockResource
0x41b028 LoadResource
0x41b02c FindResourceA
0x41b030 GetModuleHandleA
0x41b034 Module32Next
0x41b038 CloseHandle
0x41b03c Module32First
0x41b044 GetCurrentProcessId
0x41b048 SetEndOfFile
0x41b04c GetStringTypeW
0x41b050 GetStringTypeA
0x41b054 LCMapStringW
0x41b058 LCMapStringA
0x41b05c GetLocaleInfoA
0x41b060 HeapFree
0x41b064 GetProcessHeap
0x41b068 HeapAlloc
0x41b06c GetCommandLineA
0x41b070 HeapCreate
0x41b074 VirtualFree
0x41b084 VirtualAlloc
0x41b088 HeapReAlloc
0x41b08c HeapSize
0x41b090 TerminateProcess
0x41b094 GetCurrentProcess
0x41b0a0 IsDebuggerPresent
0x41b0a4 GetModuleHandleW
0x41b0a8 Sleep
0x41b0ac ExitProcess
0x41b0b0 WriteFile
0x41b0b4 GetStdHandle
0x41b0b8 GetModuleFileNameA
0x41b0bc WideCharToMultiByte
0x41b0c0 GetConsoleCP
0x41b0c4 GetConsoleMode
0x41b0c8 ReadFile
0x41b0cc TlsGetValue
0x41b0d0 TlsAlloc
0x41b0d4 TlsSetValue
0x41b0d8 TlsFree
0x41b0e0 SetLastError
0x41b0e4 GetCurrentThreadId
0x41b0e8 FlushFileBuffers
0x41b0ec SetFilePointer
0x41b0f0 SetHandleCount
0x41b0f4 GetFileType
0x41b0f8 GetStartupInfoA
0x41b0fc RtlUnwind
0x41b114 GetTickCount
0x41b120 GetCPInfo
0x41b124 GetACP
0x41b128 GetOEMCP
0x41b12c IsValidCodePage
0x41b130 CompareStringA
0x41b134 CompareStringW
0x41b13c WriteConsoleA
0x41b140 GetConsoleOutputCP
0x41b144 WriteConsoleW
0x41b148 SetStdHandle
0x41b14c CreateFileA
Library ole32.dll:
0x41b17c OleInitialize
Library OLEAUT32.dll:
0x41b154 SafeArrayCreate
0x41b158 SafeArrayAccessData
0x41b160 SafeArrayDestroy
0x41b168 VariantClear
0x41b16c VariantInit
0x41b170 SysFreeString
0x41b174 SysAllocString

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.