2.0
低危
4 个模型检测该样本为恶意!
重新分析
更多

5ecf92419486363bd8513fde8f51af0247da6b67498d5378e04ce2ee1a3def07

07d63134efb0dc409835b27c20eddd9f.exe

分析耗时

74s

最近分析

文件大小

1.5MB
静态报毒 动态报毒 IOBIT SUSGEN
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20200617 6.0.6.653
Alibaba 20190527 0.3.0.5
CrowdStrike 20190702 1.0
Baidu 20190318 1.0.0.2
Avast 20200617 18.4.3895.0
Kingsoft 20200617 2013.8.14.323
Tencent 20200617 1.0.0.1
行为判定
动态指标
File has been identified by 4 AntiVirus engines on VirusTotal as malicious (4 个事件)
GData Win32.Application.iObit.B
DrWeb Program.Unwanted.2520
MaxSecure Trojan.Malware.74717947.susgen
eGambit PUP.Optional.IObit
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 6.989265075077902 section {'size_of_data': '0x00054000', 'virtual_address': '0x00174000', 'entropy': 6.989265075077902, 'name': '.rsrc', 'virtual_size': '0x00053fc4'} description A section with a high entropy has been found
entropy 0.2178988326848249 description Overall entropy of this PE file is high
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-10-14 15:34:23

Imports

Library rtl120.bpl:
0x54e6ac @System@@New$qqripv
0x54e79c @System@@Halt0$qqrv
0x54e864 @System@@TRUNC$qqrv
0x54e868 @System@@ROUND$qqrv
0x54e86c @System@Sqrt$qqrxg
0x54e870 @System@Ln$qqrxg
0x54e874 @System@Sin$qqrxg
0x54e878 @System@Cos$qqrxg
0x54e87c @System@Exp$qqrxg
0x54e880 @System@Int$qqrxg
0x54e884 @System@UpCase$qqrb
0x54e8ac @System@DebugHook
0x54e8b4 @System@IsLibrary
0x54e8d0 @System@TObject@
0x54e8e0 @$xp$6Single
0x54e8e4 @$xp$8Cardinal
0x54e8e8 @$xp$11System@Byte
0x54e8ec @$xp$7Integer
0x54e8f0 @$xp$11System@Char
0x54e8f4 @$xp$7Boolean
Library kernel32.dll:
0x54e8fc TlsSetValue
0x54e900 TlsGetValue
0x54e904 LocalAlloc
0x54e908 GetModuleHandleW
Library madExcept_.bpl:
0x54e928 @Madexcept@Plugins
Library user32.dll:
0x54e930 UpdateLayeredWindow
0x54e934 UpdateWindow
0x54e938 UnhookWindowsHookEx
0x54e940 ShowWindow
0x54e944 SetWindowRgn
0x54e948 SetWindowsHookExW
0x54e94c SetWindowPos
0x54e950 SetWindowLongW
0x54e954 SetTimer
0x54e958 SetScrollInfo
0x54e95c SetRect
0x54e960 SetPropW
0x54e964 SetForegroundWindow
0x54e968 SetClassLongW
0x54e96c SetActiveWindow
0x54e970 SendMessageW
0x54e974 ScreenToClient
0x54e978 RemovePropW
0x54e97c ReleaseDC
0x54e980 ReleaseCapture
0x54e984 RedrawWindow
0x54e988 PostMessageW
0x54e98c MessageBoxW
0x54e990 MapWindowPoints
0x54e994 LoadCursorW
0x54e998 KillTimer
0x54e99c IsZoomed
0x54e9a0 IsWindowVisible
0x54e9a4 IsIconic
0x54e9a8 InvalidateRect
0x54e9ac InflateRect
0x54e9b8 GetWindowTextW
0x54e9bc GetWindowRgn
0x54e9c0 GetWindowRect
0x54e9c4 GetWindowPlacement
0x54e9c8 GetWindowLongW
0x54e9cc GetWindowDC
0x54e9d0 GetSystemMetrics
0x54e9d4 GetSysColorBrush
0x54e9d8 GetSysColor
0x54e9dc GetScrollRange
0x54e9e0 GetScrollPos
0x54e9e4 GetScrollInfo
0x54e9e8 GetScrollBarInfo
0x54e9ec GetParent
0x54e9f0 GetKeyState
0x54e9f4 GetIconInfo
0x54e9f8 GetForegroundWindow
0x54e9fc GetDesktopWindow
0x54ea00 GetDC
0x54ea04 GetCursorPos
0x54ea08 GetCursor
0x54ea10 GetClientRect
0x54ea14 GetClassNameW
0x54ea18 GetClassLongW
0x54ea1c GetCapture
0x54ea20 FrameRect
0x54ea24 FindWindowExW
0x54ea28 FindWindowW
0x54ea2c FillRect
0x54ea30 EndPaint
0x54ea34 DrawTextExW
0x54ea38 DrawTextW
0x54ea3c DrawIconEx
0x54ea40 DrawFrameControl
0x54ea44 ClientToScreen
0x54ea48 CallWindowProcW
0x54ea4c CallNextHookEx
0x54ea50 BringWindowToTop
0x54ea54 BeginPaint
0x54ea58 AttachThreadInput
Library msimg32.dll:
0x54ea60 TransparentBlt
0x54ea64 AlphaBlend
Library gdi32.dll:
0x54ea6c StretchDIBits
0x54ea70 StretchBlt
0x54ea74 SetWindowOrgEx
0x54ea78 SetViewportOrgEx
0x54ea7c SetTextColor
0x54ea80 SetStretchBltMode
0x54ea84 SetROP2
0x54ea88 SetPixelV
0x54ea8c SetDIBits
0x54ea90 SetBkMode
0x54ea94 SetBkColor
0x54ea98 SetBitmapBits
0x54ea9c SelectPalette
0x54eaa0 SelectObject
0x54eaa4 SelectClipRgn
0x54eaa8 SaveDC
0x54eaac RestoreDC
0x54eab0 ResizePalette
0x54eab4 RectVisible
0x54eab8 RealizePalette
0x54eabc OffsetViewportOrgEx
0x54eac0 MoveToEx
0x54eac4 IntersectClipRect
0x54eac8 GetViewportOrgEx
0x54eacc GetTextMetricsW
0x54ead8 GetTextColor
0x54eadc GetStockObject
0x54eae0 GetROP2
0x54eae4 GetPixel
0x54eae8 GetPaletteEntries
0x54eaec GetObjectType
0x54eaf0 GetObjectA
0x54eaf4 GetObjectW
0x54eafc GetDeviceCaps
0x54eb00 GetDIBits
0x54eb08 GetCurrentObject
0x54eb0c GetClipBox
0x54eb10 GetBkMode
0x54eb14 GetBkColor
0x54eb18 GetBitmapBits
0x54eb1c ExtSelectClipRgn
0x54eb20 ExcludeClipRect
0x54eb24 DeleteObject
0x54eb28 DeleteDC
0x54eb2c CreateSolidBrush
0x54eb30 CreateRoundRectRgn
0x54eb34 CreateRectRgn
0x54eb3c CreatePenIndirect
0x54eb40 CreatePalette
0x54eb48 CreateFontIndirectW
0x54eb4c CreateDIBSection
0x54eb50 CreateCompatibleDC
0x54eb58 CreateBrushIndirect
0x54eb5c BitBlt
Library version.dll:
0x54eb64 VerQueryValueW
0x54eb6c GetFileVersionInfoW
Library kernel32.dll:
0x54eb74 lstrcmpiW
0x54eb78 lstrcmpW
0x54eb7c WriteProcessMemory
0x54eb84 WriteFile
0x54eb88 WinExec
0x54eb8c WaitForSingleObject
0x54eb90 VirtualQuery
0x54eb94 VirtualProtect
0x54eb98 TerminateProcess
0x54eba0 Sleep
0x54eba4 ReadProcessMemory
0x54eba8 QueryDosDeviceW
0x54ebac OutputDebugStringW
0x54ebb0 OpenProcess
0x54ebb4 MulDiv
0x54ebb8 LocalFree
0x54ebbc LocalAlloc
0x54ebc0 LoadLibraryW
0x54ebc4 IsBadWritePtr
0x54ebc8 IsBadReadPtr
0x54ebcc IsBadCodePtr
0x54ebd0 HeapFree
0x54ebd4 HeapDestroy
0x54ebd8 HeapAlloc
0x54ebdc GlobalUnlock
0x54ebe0 GlobalMemoryStatus
0x54ebe4 GlobalHandle
0x54ebe8 GlobalLock
0x54ebec GlobalGetAtomNameW
0x54ebf0 GlobalFree
0x54ebf4 GlobalFindAtomW
0x54ebf8 GlobalAlloc
0x54ec00 GetVersionExW
0x54ec04 GetVersion
0x54ec08 GetTickCount
0x54ec0c GetTempPathW
0x54ec10 GetSystemTime
0x54ec14 GetSystemDirectoryW
0x54ec1c GetProcessTimes
0x54ec20 GetProcAddress
0x54ec28 GetPriorityClass
0x54ec2c GetModuleHandleW
0x54ec30 GetModuleFileNameW
0x54ec38 GetLastError
0x54ec40 GetDiskFreeSpaceExW
0x54ec44 GetCurrentThreadId
0x54ec48 GetCurrentProcessId
0x54ec4c GetCurrentProcess
0x54ec50 GetCommandLineW
0x54ec5c InterlockedExchange
0x54ec68 FreeLibrary
0x54ec78 CreateProcessW
0x54ec7c CreateMutexW
0x54ec80 CreateFileW
0x54ec84 CopyFileW
0x54ec88 CloseHandle
Library advapi32.dll:
0x54ec90 RegQueryValueExW
0x54ec94 RegQueryInfoKeyW
0x54ec98 RegOpenKeyExW
0x54ec9c RegFlushKey
0x54eca0 RegEnumKeyExW
0x54eca4 RegCloseKey
0x54eca8 OpenProcessToken
0x54ecb0 GetUserNameW
Library rtl120.bpl:
0x54ecd0 @Types@Point$qqrii
0x54ecdc @Types@Rect$qqriiii
Library madBasic_.bpl:
Library madBasic_.bpl:
Library madBasic_.bpl:
Library madExcept_.bpl:
Library madDisAsm_.bpl:
Library madExcept_.bpl:
Library shell32.dll:
0x54ed60 ShellExecuteW
0x54ed64 SHGetFileInfoW
0x54ed68 ExtractIconW
Library shell32.dll:
0x54ed74 SHGetDesktopFolder
Library ole32.dll:
0x54ed80 CoTaskMemFree
Library comctl32.dll:
0x54ed88 _TrackMouseEvent
0x54ed90 ImageList_Draw

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.