0.9
低危
65 个模型检测该样本为恶意!
重新分析
更多

10bea4b54daa7b0e4981301d6e474b9da57c66f98570e2298f0a1286a0be0de6

10bea4b54daa7b0e4981301d6e474b9da57c66f98570e2298f0a1286a0be0de6.exe

分析耗时

193s

最近分析

370天前

文件大小

60.0KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN DROPPER STORMATTACK
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.54
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba DDoS:Win32/StormAttack.3c257cde 20190527 0.3.0.5
Avast Win32:Dropper-OYD [Drp] 20191230 18.4.3895.0
Baidu None 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Kingsoft None 20191230 2013.8.14.323
McAfee GenericRXHD-CI!0A6F83FEEC31 20191230 6.0.6.653
Tencent Malware.Win32.Gencirc.10b3b6d3 20191230 1.0.0.1
静态指标
行为判定
动态指标
网络通信
与未执行 DNS 查询的主机进行通信 (1 个事件)
host 114.114.114.114
文件已被 VirusTotal 上 65 个反病毒引擎识别为恶意 (50 out of 65 个事件)
ALYac Trojan.Rincux.AW
APEX Malicious
AVG Win32:Dropper-OYD [Drp]
Acronis suspicious
Ad-Aware Trojan.Rincux.AW
AhnLab-V3 Trojan/Win32.StormAttack.R266571
Alibaba DDoS:Win32/StormAttack.3c257cde
Antiy-AVL Trojan/Win32.TrojanDropper.Agent.PIH
Arcabit Trojan.Rincux.AW
Avast Win32:Dropper-OYD [Drp]
Avira TR/Dropper.Gen
BitDefender Trojan.Rincux.AW
BitDefenderTheta AI:Packer.C93B5A4B1E
Bkav W32.AIDetectVM.malware
CAT-QuickHeal Trojan.GenericPMF.S3094761
ClamAV Win.Malware.Stormattack-6968375-0
Comodo TrojWare.Win32.Magania.~AAC@f80ur
CrowdStrike win/malicious_confidence_100% (W)
Cybereason malicious.eec319
Cylance Unsafe
Cyren W32/StormAttack.A.gen!Eldorado
DrWeb DDoS.Storm.156
ESET-NOD32 a variant of Win32/TrojanDropper.Agent.PIH
Emsisoft Trojan.Rincux.AW (B)
Endgame malicious (high confidence)
F-Prot W32/StormAttack.A.gen!Eldorado
F-Secure Trojan.TR/Dropper.Gen
FireEye Generic.mg.0a6f83feec3192db
Fortinet W32/ServStart.AS!tr
GData Trojan.Rincux.AW
Ikarus Trojan-Downloader.Win32.Pangu
Invincea heuristic
Jiangmin TrojanDDoS.StormAttack.a
K7AntiVirus Trojan ( 00557fef1 )
K7GW Trojan ( 00557fef1 )
Kaspersky Trojan-DDoS.Win32.StormAttack.a
Lionic Trojan.Win32.StormAttack.tp87
MAX malware (ai score=83)
Malwarebytes DDoSTool.Agent
MaxSecure Trojan.DDoS.StormAttack.a
McAfee GenericRXHD-CI!0A6F83FEEC31
McAfee-GW-Edition BehavesLike.Win32.Injector.kz
MicroWorld-eScan Trojan.Rincux.AW
Microsoft DDoS:Win32/Stormser.A
NANO-Antivirus Trojan.Win32.StormAttack.fnqayj
Paloalto generic.ml
Panda Trj/Genetic.gen
Qihoo-360 Win32/Backdoor.Storm.A
Rising Dropper.Agent!1.BA3D (CLASSIC)
Sangfor Malware
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2010-07-31 19:55:58

PE Imphash

ba23a556ac1d6444f7f76feafd6c8867

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000189a 0x00002000 5.131358637328581
.rdata 0x00003000 0x00000a98 0x00001000 4.107902336016541
.data 0x00004000 0x00000520 0x00001000 1.0715771578017714
.rsrc 0x00005000 0x00009c60 0x0000a000 0.0

Imports

Library KERNEL32.dll:
0x403040 lstrcatA
0x403044 lstrcpyA
0x40304c GetShortPathNameA
0x403050 GetModuleFileNameA
0x403054 GetLastError
0x403058 SetFileAttributesA
0x40305c CopyFileA
0x403060 CloseHandle
0x403064 GetCurrentProcess
0x403068 CreateFileA
0x40306c GlobalFree
0x403070 LockResource
0x403074 GlobalAlloc
0x403078 LoadResource
0x40307c SizeofResource
0x403080 FindResourceA
0x403084 SetPriorityClass
0x403088 GetCurrentThread
0x40308c SetThreadPriority
0x403090 ResumeThread
0x403094 Sleep
0x403098 GetStartupInfoA
0x40309c CreateProcessA
0x4030a0 lstrlenA
0x4030a4 VirtualAllocEx
0x4030a8 WriteProcessMemory
0x4030ac GetModuleHandleA
0x4030b0 GetProcAddress
0x4030b4 CreateRemoteThread
0x4030bc GetSystemDirectoryA
0x4030c0 WriteFile
Library USER32.dll:
0x403164 MessageBoxA
Library comdlg32.dll:
0x40316c GetFileTitleA
Library ADVAPI32.dll:
0x403000 CloseServiceHandle
0x403004 RegOpenKeyExA
0x403008 RegQueryValueExA
0x403010 RegCreateKeyA
0x403018 SetServiceStatus
0x40301c RegOpenKeyA
0x403020 RegDeleteValueA
0x403024 RegSetValueExA
0x403028 RegCloseKey
0x40302c OpenServiceA
0x403030 CreateServiceA
0x403034 OpenSCManagerA
0x403038 StartServiceA
Library ole32.dll:
0x403174 CoUninitialize
0x403178 CoCreateGuid
0x40317c CoInitialize
Library MFC42.DLL:
0x4030c8 None
0x4030cc None
0x4030d0 None
0x4030d4 None
0x4030d8 None
Library MSVCRT.dll:
0x4030f4 _controlfp
0x4030f8 __set_app_type
0x4030fc __CxxFrameHandler
0x403100 _snprintf
0x403104 free
0x403108 fwrite
0x40310c fclose
0x403110 fread
0x403114 malloc
0x403118 ftell
0x40311c fseek
0x403120 fopen
0x403124 exit
0x403128 strstr
0x40312c strncmp
0x403130 _except_handler3
0x403134 __dllonexit
0x403138 _onexit
0x40313c _exit
0x403140 _XcptFilter
0x403144 _acmdln
0x403148 __getmainargs
0x40314c _initterm
0x403150 __setusermatherr
0x403154 _adjust_fdiv
0x403158 __p__commode
0x40315c __p__fmode
Library MSVCP60.dll:
L!This program cannot be run in DOS mode.
`.rdata
@.data
SVD$\WP]
VWh|C@
D$TSUVWh
3|$$\$
L$ D$$D
D$ RPj
P_^]3[`
QR; @@
jeQD$(
d$ P$<
PQRhC@
L$lPQ\$
PD$pPj
r 3+t$L|$LhC@
3RQPPPPP$
PRPD$@D
D$HD$DD$L|$lfD$rD$tf|$p
PQB @@
jeQD$$
UV5d1@
3|$1D$0
T$0QL$ D$
t<L$ D$ (A@
QR3IQPQ
uChlD@
tBT$ D$
SUVWL$$D$(
YHUjh1@
hSVWe3
EPEPEP
0u>"u:Fu
<"u>"u
> vFuj
YY3%0@
IwHwS5w
wFw+wX1w+wC5w
z+Rv*Rv3PvMYRv
{776028F1-30E1-433f-B7B5-1167434496B5}
vKZPvQvQvE
PvkAXvRvlQv
Xu:VuVup
PuPuPuPu
(v4v|vvvvy=vv
v+vQvwv2v'v'v
GetSystemDirectoryA
GetSystemWindowsDirectoryA
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
lstrlenA
CreateProcessA
GetStartupInfoA
ResumeThread
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
GetLastError
SetFileAttributesA
CopyFileA
CloseHandle
WriteFile
CreateFileA
GlobalFree
LockResource
GlobalAlloc
LoadResource
SizeofResource
FindResourceA
KERNEL32.dll
MessageBoxA
USER32.dll
GetFileTitleA
comdlg32.dll
RegCloseKey
RegSetValueExA
RegDeleteValueA
RegOpenKeyA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegCreateKeyA
StartServiceCtrlDispatcherA
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
StartServiceA
OpenServiceA
CreateServiceA
OpenSCManagerA
ADVAPI32.dll
CoUninitialize
CoCreateGuid
CoInitialize
ole32.dll
MFC42.DLL
__CxxFrameHandler
_snprintf
fwrite
fclose
malloc
strstr
strncmp
_except_handler3
MSVCRT.dll
__dllonexit
_onexit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
MSVCP60.dll
StormServer.dll
Storm ddos Server
Welcome to use storm ddos
Thank you
Program Files\Internet Explorer
calc.exe
notepad.exe
iexplore.exe
Kernel32
LoadLibraryA
ServiceDLL
SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
%SystemRoot%\System32\
> nul
/c del
COMSPEC
{%08X-%04X-%04x-%02X%02X-%02X%02X%02X%02X%02X%02X}
stubpath
SOFTWARE\Microsoft\Active Setup\Installed Components\
Description
SYSTEM\CurrentControlSet\Services\

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.