4.2
中危
42 个模型检测该样本为恶意!
重新分析
更多

76e81bc1d1b788e53a79b21705ecaf5d808724241ec1e60df449535644adf618

0951dbf512797beff68957a5b62cbb24.exe

分析耗时

79s

最近分析

文件大小

1.0MB
静态报毒 动态报毒 AI SCORE=82 ARTEMIS ATTRIBUTE BIFROSE BSCOPE CONFIDENCE DELF DOWNLOADER33 GENERICKD GULOADER HACKTOOL HIGH CONFIDENCE HIGHCONFIDENCE KUQSB QSQM R002H09D420 REMCOS SCORE UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!0951DBF51279 20200406 6.0.6.653
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
Alibaba TrojanDownloader:Win32/Remcos.946eebee 20190527 0.3.0.5
Avast Win32:Trojan-gen 20200405 18.4.3895.0
Tencent Win32.Backdoor.Remcos.Fhx 20200406 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft 20200406 2013.8.14.323
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619134556.883307
__exception__
stacktrace: 
0951dbf512797beff68957a5b62cbb24+0x70eea @ 0x470eea
0951dbf512797beff68957a5b62cbb24+0x70f1d @ 0x470f1d
0951dbf512797beff68957a5b62cbb24+0x70e3a @ 0x470e3a
0951dbf512797beff68957a5b62cbb24+0x1047c @ 0x41047c
0951dbf512797beff68957a5b62cbb24+0xab9b9 @ 0x4ab9b9
0951dbf512797beff68957a5b62cbb24+0xabae6 @ 0x4abae6
0951dbf512797beff68957a5b62cbb24+0x97e0f @ 0x497e0f
0951dbf512797beff68957a5b62cbb24+0x259ce @ 0x4259ce
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x775a7bca
0951dbf512797beff68957a5b62cbb24+0x636ec @ 0x4636ec
0951dbf512797beff68957a5b62cbb24+0xabeeb @ 0x4abeeb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1635012
registers.edi: 0
registers.eax: 1635012
registers.ebp: 1635092
registers.edx: 0
registers.ebx: 1636768
registers.esi: 30697364
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619134512.914307
NtAllocateVirtualMemory
process_identifier: 428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f0000
success 0 0
Downloads a file or document from Google Drive (1 个事件)
domain drive.google.com
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 157.240.8.36:443
File has been identified by 42 AntiVirus engines on VirusTotal as malicious (42 个事件)
DrWeb Trojan.DownLoader33.27535
MicroWorld-eScan Trojan.GenericKD.42933965
Qihoo-360 Generic/Trojan.7e1
McAfee Artemis!0951DBF51279
Malwarebytes Trojan.GuLoader
VIPRE Trojan.Win32.Generic!BT
AegisLab Trojan.Win32.Remcos.m!c
CrowdStrike win/malicious_confidence_60% (W)
BitDefender Trojan.GenericKD.42933965
K7GW Trojan-Downloader ( 00563ece1 )
K7AntiVirus Trojan-Downloader ( 00563ece1 )
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/TrojanDownloader.Delf.CWK
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Backdoor.Win32.Remcos.gen
Alibaba TrojanDownloader:Win32/Remcos.946eebee
Avast Win32:Trojan-gen
Tencent Win32.Backdoor.Remcos.Fhx
Ad-Aware Trojan.GenericKD.42933965
Emsisoft Trojan.GenericKD.42933965 (B)
F-Secure Trojan.TR/Dldr.Delf.kuqsb
McAfee-GW-Edition BehavesLike.Win32.Worm.th
Trapmine suspicious.low.ml.score
Sophos Mal/Generic-S
Cyren W32/Trojan.QSQM-4439
Jiangmin HackTool/Crypt.et
Avira TR/Dldr.Delf.kuqsb
MAX malware (ai score=82)
Antiy-AVL Trojan[Backdoor]/Win32.Remcos
Endgame malicious (high confidence)
Arcabit Trojan.Generic.D28F1ECD
ZoneAlarm HEUR:Backdoor.Win32.Remcos.gen
GData Trojan.GenericKD.42933965
ALYac Backdoor.Remcos.A
VBA32 BScope.Backdoor.Remcos
Cylance Unsafe
TrendMicro-HouseCall TROJ_GEN.R002H09D420
Ikarus Backdoor.Win32.Bifrose
Fortinet W32/Agent.CP!tr
AVG Win32:Trojan-gen
Panda Trj/CI.A
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x4b0178 VirtualFree
0x4b017c VirtualAlloc
0x4b0180 LocalFree
0x4b0184 LocalAlloc
0x4b0188 GetVersion
0x4b018c GetCurrentThreadId
0x4b0198 VirtualQuery
0x4b019c WideCharToMultiByte
0x4b01a0 MultiByteToWideChar
0x4b01a4 lstrlenA
0x4b01a8 lstrcpynA
0x4b01ac LoadLibraryExA
0x4b01b0 GetThreadLocale
0x4b01b4 GetStartupInfoA
0x4b01b8 GetProcAddress
0x4b01bc GetModuleHandleA
0x4b01c0 GetModuleFileNameA
0x4b01c4 GetLocaleInfoA
0x4b01c8 GetCommandLineA
0x4b01cc FreeLibrary
0x4b01d0 FindFirstFileA
0x4b01d4 FindClose
0x4b01d8 ExitProcess
0x4b01dc WriteFile
0x4b01e4 RtlUnwind
0x4b01e8 RaiseException
0x4b01ec GetStdHandle
Library user32.dll:
0x4b01f4 GetKeyboardType
0x4b01f8 LoadStringA
0x4b01fc MessageBoxA
0x4b0200 CharNextA
Library advapi32.dll:
0x4b0208 RegQueryValueExA
0x4b020c RegOpenKeyExA
0x4b0210 RegCloseKey
Library oleaut32.dll:
0x4b0218 SysFreeString
0x4b021c SysReAllocStringLen
0x4b0220 SysAllocStringLen
Library kernel32.dll:
0x4b0228 TlsSetValue
0x4b022c TlsGetValue
0x4b0230 LocalAlloc
0x4b0234 GetModuleHandleA
Library advapi32.dll:
0x4b023c RegQueryValueExA
0x4b0240 RegOpenKeyExA
0x4b0244 RegCloseKey
Library kernel32.dll:
0x4b024c lstrcpyA
0x4b0250 WriteFile
0x4b0254 WaitForSingleObject
0x4b0258 VirtualQuery
0x4b025c VirtualProtect
0x4b0260 VirtualAlloc
0x4b0264 Sleep
0x4b0268 SizeofResource
0x4b026c SetThreadLocale
0x4b0270 SetFilePointer
0x4b0274 SetEvent
0x4b0278 SetErrorMode
0x4b027c SetEndOfFile
0x4b0280 ResetEvent
0x4b0284 ReadFile
0x4b0288 MultiByteToWideChar
0x4b028c MulDiv
0x4b0290 LockResource
0x4b0294 LoadResource
0x4b0298 LoadLibraryA
0x4b02a4 GlobalUnlock
0x4b02a8 GlobalReAlloc
0x4b02ac GlobalHandle
0x4b02b0 GlobalLock
0x4b02b4 GlobalFree
0x4b02b8 GlobalFindAtomA
0x4b02bc GlobalDeleteAtom
0x4b02c0 GlobalAlloc
0x4b02c4 GlobalAddAtomA
0x4b02c8 GetVersionExA
0x4b02cc GetVersion
0x4b02d0 GetTickCount
0x4b02d4 GetThreadLocale
0x4b02d8 GetSystemInfo
0x4b02dc GetStringTypeExA
0x4b02e0 GetStdHandle
0x4b02e4 GetProcAddress
0x4b02e8 GetModuleHandleA
0x4b02ec GetModuleFileNameA
0x4b02f0 GetLocaleInfoA
0x4b02f4 GetLocalTime
0x4b02f8 GetLastError
0x4b02fc GetFullPathNameA
0x4b0300 GetDiskFreeSpaceA
0x4b0304 GetDateFormatA
0x4b0308 GetCurrentThreadId
0x4b030c GetCurrentProcessId
0x4b0310 GetCPInfo
0x4b0314 GetACP
0x4b0318 FreeResource
0x4b031c InterlockedExchange
0x4b0320 FreeLibrary
0x4b0324 FormatMessageA
0x4b0328 FindResourceA
0x4b032c FindFirstFileA
0x4b0330 FindClose
0x4b033c EnumCalendarInfoA
0x4b0348 CreateThread
0x4b034c CreateFileA
0x4b0350 CreateEventA
0x4b0354 CompareStringA
0x4b0358 CloseHandle
Library version.dll:
0x4b0360 VerQueryValueA
0x4b0368 GetFileVersionInfoA
Library gdi32.dll:
0x4b0370 UnrealizeObject
0x4b0374 StretchBlt
0x4b0378 SetWindowOrgEx
0x4b037c SetWindowExtEx
0x4b0380 SetWinMetaFileBits
0x4b0384 SetViewportOrgEx
0x4b0388 SetViewportExtEx
0x4b038c SetTextColor
0x4b0390 SetStretchBltMode
0x4b0394 SetROP2
0x4b0398 SetPixel
0x4b039c SetMapMode
0x4b03a0 SetEnhMetaFileBits
0x4b03a4 SetDIBColorTable
0x4b03a8 SetBrushOrgEx
0x4b03ac SetBkMode
0x4b03b0 SetBkColor
0x4b03b4 SelectPalette
0x4b03b8 SelectObject
0x4b03bc SelectClipRgn
0x4b03c0 SaveDC
0x4b03c4 RestoreDC
0x4b03c8 Rectangle
0x4b03cc RectVisible
0x4b03d0 RealizePalette
0x4b03d4 Polyline
0x4b03d8 PolyPolyline
0x4b03dc PlayEnhMetaFile
0x4b03e0 PatBlt
0x4b03e4 MoveToEx
0x4b03e8 MaskBlt
0x4b03ec LineTo
0x4b03f0 IntersectClipRect
0x4b03f4 GetWindowOrgEx
0x4b03f8 GetWinMetaFileBits
0x4b03fc GetTextMetricsA
0x4b0400 GetTextExtentPointA
0x4b040c GetStockObject
0x4b0410 GetPixel
0x4b0414 GetPaletteEntries
0x4b0418 GetObjectA
0x4b041c GetNearestColor
0x4b0428 GetEnhMetaFileBits
0x4b042c GetDeviceCaps
0x4b0430 GetDIBits
0x4b0434 GetDIBColorTable
0x4b0438 GetDCOrgEx
0x4b0440 GetClipBox
0x4b0444 GetBrushOrgEx
0x4b0448 GetBitmapBits
0x4b044c GdiFlush
0x4b0450 ExtTextOutA
0x4b0454 ExtCreatePen
0x4b0458 ExcludeClipRect
0x4b045c DeleteObject
0x4b0460 DeleteEnhMetaFile
0x4b0464 DeleteDC
0x4b0468 CreateSolidBrush
0x4b046c CreatePenIndirect
0x4b0470 CreatePalette
0x4b0478 CreateFontIndirectA
0x4b047c CreateDIBitmap
0x4b0480 CreateDIBSection
0x4b0484 CreateCompatibleDC
0x4b048c CreateBrushIndirect
0x4b0490 CreateBitmap
0x4b0494 CopyEnhMetaFileA
0x4b0498 BitBlt
Library user32.dll:
0x4b04a0 CreateWindowExA
0x4b04a4 WindowFromPoint
0x4b04a8 WinHelpA
0x4b04ac WaitMessage
0x4b04b0 ValidateRect
0x4b04b4 UpdateWindow
0x4b04b8 UnregisterClassA
0x4b04bc UnionRect
0x4b04c0 UnhookWindowsHookEx
0x4b04c4 TranslateMessage
0x4b04cc TrackPopupMenu
0x4b04d4 ShowWindow
0x4b04d8 ShowScrollBar
0x4b04dc ShowOwnedPopups
0x4b04e0 ShowCursor
0x4b04e4 SetWindowsHookExA
0x4b04e8 SetWindowTextA
0x4b04ec SetWindowPos
0x4b04f0 SetWindowPlacement
0x4b04f4 SetWindowLongA
0x4b04f8 SetTimer
0x4b04fc SetScrollRange
0x4b0500 SetScrollPos
0x4b0504 SetScrollInfo
0x4b0508 SetRect
0x4b050c SetPropA
0x4b0510 SetParent
0x4b0514 SetMenuItemInfoA
0x4b0518 SetMenu
0x4b051c SetKeyboardState
0x4b0520 SetForegroundWindow
0x4b0524 SetFocus
0x4b0528 SetCursor
0x4b052c SetClipboardData
0x4b0530 SetClassLongA
0x4b0534 SetCapture
0x4b0538 SetActiveWindow
0x4b053c SendMessageA
0x4b0540 ScrollWindowEx
0x4b0544 ScrollWindow
0x4b0548 ScreenToClient
0x4b054c RemovePropA
0x4b0550 RemoveMenu
0x4b0554 ReleaseDC
0x4b0558 ReleaseCapture
0x4b0564 RegisterClassA
0x4b0568 RedrawWindow
0x4b056c PtInRect
0x4b0570 PostQuitMessage
0x4b0574 PostMessageA
0x4b0578 PeekMessageA
0x4b057c OpenClipboard
0x4b0580 OffsetRect
0x4b0584 OemToCharA
0x4b0588 MessageBoxA
0x4b058c MessageBeep
0x4b0590 MapWindowPoints
0x4b0594 MapVirtualKeyA
0x4b0598 LoadStringA
0x4b059c LoadKeyboardLayoutA
0x4b05a0 LoadIconA
0x4b05a4 LoadCursorA
0x4b05a8 LoadBitmapA
0x4b05ac KillTimer
0x4b05b0 IsZoomed
0x4b05b4 IsWindowVisible
0x4b05b8 IsWindowEnabled
0x4b05bc IsWindow
0x4b05c0 IsRectEmpty
0x4b05c4 IsIconic
0x4b05c8 IsDialogMessageA
0x4b05cc IsChild
0x4b05d0 IsCharAlphaNumericA
0x4b05d4 IsCharAlphaA
0x4b05d8 InvalidateRect
0x4b05dc IntersectRect
0x4b05e0 InsertMenuItemA
0x4b05e4 InsertMenuA
0x4b05e8 InflateRect
0x4b05f0 GetWindowTextA
0x4b05f4 GetWindowRect
0x4b05f8 GetWindowPlacement
0x4b05fc GetWindowLongA
0x4b0600 GetWindowDC
0x4b0604 GetTopWindow
0x4b0608 GetSystemMetrics
0x4b060c GetSystemMenu
0x4b0610 GetSysColorBrush
0x4b0614 GetSysColor
0x4b0618 GetSubMenu
0x4b061c GetScrollRange
0x4b0620 GetScrollPos
0x4b0624 GetScrollInfo
0x4b0628 GetPropA
0x4b062c GetParent
0x4b0630 GetWindow
0x4b0634 GetMessageTime
0x4b0638 GetMenuStringA
0x4b063c GetMenuState
0x4b0640 GetMenuItemInfoA
0x4b0644 GetMenuItemID
0x4b0648 GetMenuItemCount
0x4b064c GetMenu
0x4b0650 GetLastActivePopup
0x4b0654 GetKeyboardState
0x4b065c GetKeyboardLayout
0x4b0660 GetKeyState
0x4b0664 GetKeyNameTextA
0x4b0668 GetIconInfo
0x4b066c GetForegroundWindow
0x4b0670 GetFocus
0x4b0674 GetDoubleClickTime
0x4b0678 GetDesktopWindow
0x4b067c GetDCEx
0x4b0680 GetDC
0x4b0684 GetCursorPos
0x4b0688 GetCursor
0x4b068c GetClipboardData
0x4b0690 GetClientRect
0x4b0694 GetClassNameA
0x4b0698 GetClassInfoA
0x4b069c GetCaretPos
0x4b06a0 GetCapture
0x4b06a4 GetActiveWindow
0x4b06a8 FrameRect
0x4b06ac FindWindowA
0x4b06b0 FillRect
0x4b06b4 EqualRect
0x4b06b8 EnumWindows
0x4b06bc EnumThreadWindows
0x4b06c4 EndPaint
0x4b06c8 EnableWindow
0x4b06cc EnableScrollBar
0x4b06d0 EnableMenuItem
0x4b06d4 EmptyClipboard
0x4b06d8 DrawTextA
0x4b06dc DrawMenuBar
0x4b06e0 DrawIconEx
0x4b06e4 DrawIcon
0x4b06e8 DrawFrameControl
0x4b06ec DrawFocusRect
0x4b06f0 DrawEdge
0x4b06f4 DispatchMessageA
0x4b06f8 DestroyWindow
0x4b06fc DestroyMenu
0x4b0700 DestroyIcon
0x4b0704 DestroyCursor
0x4b0708 DeleteMenu
0x4b070c DefWindowProcA
0x4b0710 DefMDIChildProcA
0x4b0714 DefFrameProcA
0x4b0718 CreatePopupMenu
0x4b071c CreateMenu
0x4b0720 CreateIcon
0x4b0724 CloseClipboard
0x4b0728 ClientToScreen
0x4b072c CheckMenuItem
0x4b0730 CallWindowProcA
0x4b0734 CallNextHookEx
0x4b0738 BeginPaint
0x4b073c CharNextA
0x4b0740 CharLowerBuffA
0x4b0744 CharLowerA
0x4b0748 CharUpperBuffA
0x4b074c CharToOemA
0x4b0750 AdjustWindowRectEx
Library kernel32.dll:
0x4b075c Sleep
Library oleaut32.dll:
0x4b0764 SafeArrayPtrOfIndex
0x4b0768 SafeArrayPutElement
0x4b076c SafeArrayGetElement
0x4b0774 SafeArrayAccessData
0x4b0778 SafeArrayGetUBound
0x4b077c SafeArrayGetLBound
0x4b0780 SafeArrayCreate
0x4b0784 VariantChangeType
0x4b0788 VariantCopyInd
0x4b078c VariantCopy
0x4b0790 VariantClear
0x4b0794 VariantInit
Library ole32.dll:
0x4b079c CLSIDFromProgID
0x4b07a0 CoCreateInstance
0x4b07a4 CoUninitialize
0x4b07a8 CoInitialize
Library oleaut32.dll:
0x4b07b0 GetErrorInfo
0x4b07b4 SysFreeString
Library comctl32.dll:
0x4b07c4 ImageList_Write
0x4b07c8 ImageList_Read
0x4b07d8 ImageList_DragMove
0x4b07dc ImageList_DragLeave
0x4b07e0 ImageList_DragEnter
0x4b07e4 ImageList_EndDrag
0x4b07e8 ImageList_BeginDrag
0x4b07ec ImageList_Remove
0x4b07f0 ImageList_DrawEx
0x4b07f4 ImageList_Replace
0x4b07f8 ImageList_Draw
0x4b0808 ImageList_Add
0x4b0814 ImageList_Destroy
0x4b0818 ImageList_Create
Library wininet.dll:
Library kernel32.dll:
0x4b0828 MulDiv

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.