5.0
中危
44 个模型检测该样本为恶意!
重新分析
更多

cfc4fe3e53f835eff56cbff9f38d53b8651eb0bf908c513858a7377be880bdba

0ed89d0b9912156cf090c2a01810b0bb.exe

分析耗时

73s

最近分析

文件大小

676.0KB
静态报毒 动态报毒 100% AI SCORE=82 AIDETECTVM ARTEMIS BLUTEAL CONFIDENCE CROWTI GDSDA GENERICKD GIXTS HCGI HIGH CONFIDENCE HWCTKJ KRYPTIK KVN3TEHRSPY MALWARE1 MALWARE@#1M8FT22JKAVBK NETWIRE NETWIREDRC QU0@ASTGLQ QVM07 SUSPICIOUS PE WIRENET ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!0ED89D0B9912 20201022 6.0.6.653
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20201023 18.4.3895.0
Alibaba Trojan:Win32/NetWire.4e6e303c 20190527 0.3.0.5
Kingsoft 20201022 2013.8.14.323
Tencent Win32.Trojan.Netwire.Kge 20201022 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620119624.197979
NtProtectVirtualMemory
process_identifier: 732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00446000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (3 个事件)
entropy 7.348282740234765 section {'size_of_data': '0x00009000', 'virtual_address': '0x0005c000', 'entropy': 7.348282740234765, 'name': '.data', 'virtual_size': '0x0000cf88'} description A section with a high entropy has been found
entropy 7.9560979153114335 section {'size_of_data': '0x00029000', 'virtual_address': '0x00069000', 'entropy': 7.9560979153114335, 'name': '.sddata', 'virtual_size': '0x00028281'} description A section with a high entropy has been found
entropy 0.2976190476190476 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 111.119.27.78
host 172.217.24.14
Generates some ICMP traffic
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 46.8.8.100:4598
File has been identified by 44 AntiVirus engines on VirusTotal as malicious (44 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.43803533
FireEye Generic.mg.0ed89d0b9912156c
McAfee Artemis!0ED89D0B9912
K7AntiVirus Trojan ( 005637901 )
BitDefender Trojan.GenericKD.43803533
K7GW Trojan ( 005637901 )
Cybereason malicious.5b8f33
Arcabit Trojan.Generic.D29C638D
Symantec Packed.Generic.537
APEX Malicious
Avast Win32:Malware-gen
Kaspersky Trojan.Win32.NetWire.jrf
Alibaba Trojan:Win32/NetWire.4e6e303c
NANO-Antivirus Trojan.Win32.NetWire.hwctkj
Ad-Aware Trojan.GenericKD.43803533
Sophos Mal/Generic-S
Comodo Malware@#1m8ft22jkavbk
DrWeb BackDoor.Wirenet.557
VIPRE LooksLike.Win32.Crowti.b (v)
Invincea Mal/Generic-S
McAfee-GW-Edition BehavesLike.Win32.Worm.jh
Emsisoft Trojan.Crypt (A)
Jiangmin Trojan.NetWire.vm
Avira TR/AD.NetWiredRc.gixts
Microsoft Trojan:Win32/Bluteal!rfn
ZoneAlarm Trojan.Win32.NetWire.jrf
GData Trojan.GenericKD.43803533
Acronis suspicious
BitDefenderTheta Gen:NN.ZexaF.34570.Qu0@aStglq
ALYac Backdoor.RAT.Netwire
MAX malware (ai score=82)
Panda Trj/GdSda.A
ESET-NOD32 a variant of Win32/Kryptik.HCGI
Tencent Win32.Trojan.Netwire.Kge
Yandex Trojan.Kryptik!KVn3tehRspY
SentinelOne DFI - Suspicious PE
Fortinet W32/Kryptik.HCGI!tr
Webroot W32.Trojan.Gen
AVG Win32:Malware-gen
Paloalto generic.ml
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Generic/HEUR/QVM07.1.CFEE.Malware.Gen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2016-12-06 19:35:56

Imports

Library KERNEL32.dll:
0x4460c0 RtlUnwind
0x4460c4 GetStartupInfoA
0x4460c8 GetCommandLineA
0x4460cc ExitProcess
0x4460d0 TerminateProcess
0x4460d4 HeapFree
0x4460d8 HeapAlloc
0x4460dc RaiseException
0x4460e0 HeapReAlloc
0x4460e4 HeapSize
0x4460e8 GetACP
0x446104 SetHandleCount
0x446108 GetStdHandle
0x44610c GetFileType
0x446110 FormatMessageA
0x446114 HeapCreate
0x446118 VirtualFree
0x44611c VirtualAlloc
0x446120 IsBadWritePtr
0x446124 LCMapStringA
0x446128 LCMapStringW
0x446130 GetStringTypeA
0x446134 GetStringTypeW
0x446138 IsBadReadPtr
0x44613c IsBadCodePtr
0x446140 SetStdHandle
0x446144 CompareStringA
0x446148 CompareStringW
0x446150 GetProfileStringA
0x446154 GetFileTime
0x446158 GetFileSize
0x44615c GetFileAttributesA
0x446160 GetTickCount
0x44616c GetFullPathNameA
0x446174 FindFirstFileA
0x446178 FindClose
0x44617c SetEndOfFile
0x446180 UnlockFile
0x446184 LockFile
0x446188 FlushFileBuffers
0x44618c SetFilePointer
0x446190 WriteFile
0x446194 ReadFile
0x446198 CreateFileA
0x44619c GetCurrentProcess
0x4461a0 DuplicateHandle
0x4461a4 SetErrorMode
0x4461a8 GetOEMCP
0x4461ac GetCPInfo
0x4461b0 GetThreadLocale
0x4461b4 SizeofResource
0x4461b8 GetProcessVersion
0x4461c0 GlobalFlags
0x4461c4 lstrcpynA
0x4461c8 TlsGetValue
0x4461cc LocalReAlloc
0x4461d0 TlsSetValue
0x4461d8 GlobalReAlloc
0x4461e0 TlsFree
0x4461e4 GlobalHandle
0x4461ec TlsAlloc
0x4461f4 LocalFree
0x4461f8 LocalAlloc
0x4461fc MulDiv
0x446200 SetLastError
0x446204 LoadLibraryA
0x446208 FreeLibrary
0x44620c GetVersion
0x446210 lstrcatA
0x446214 GlobalGetAtomNameA
0x446218 GlobalAddAtomA
0x44621c GlobalFindAtomA
0x446220 GetModuleHandleA
0x446224 GetProcAddress
0x446228 ReleaseMutex
0x44622c CreateMutexA
0x446230 MultiByteToWideChar
0x446234 WideCharToMultiByte
0x446238 lstrlenA
0x446244 GlobalUnlock
0x446248 GlobalFree
0x44624c LockResource
0x446250 FindResourceA
0x446254 LoadResource
0x446258 WaitForSingleObject
0x44625c CloseHandle
0x446260 GetModuleFileNameA
0x446264 GlobalLock
0x446268 GlobalAlloc
0x44626c GlobalDeleteAtom
0x446270 lstrcmpA
0x446274 lstrcmpiA
0x446278 GetCurrentThread
0x44627c GetCurrentThreadId
0x446280 lstrcpyA
0x446284 CreateFileMappingA
0x446288 GetLastError
0x44628c MapViewOfFile
0x446290 HeapDestroy
0x446294 VirtualProtect
Library USER32.dll:
0x4462d0 SetRect
0x4462d4 GetNextDlgGroupItem
0x4462d8 MessageBeep
0x4462dc InvalidateRect
0x4462e0 CharUpperA
0x4462e4 InflateRect
0x4462ec PostThreadMessageA
0x4462f0 CopyRect
0x4462f4 GetTopWindow
0x4462f8 IsChild
0x4462fc GetCapture
0x446300 WinHelpA
0x446304 wsprintfA
0x446308 GetClassInfoA
0x44630c RegisterClassA
0x446310 GetMenu
0x446314 GetMenuItemCount
0x446318 GetSubMenu
0x44631c GetMenuItemID
0x446324 GetWindowTextA
0x446328 GetDlgCtrlID
0x44632c DefWindowProcA
0x446330 CreateWindowExA
0x446334 GetClassLongA
0x446338 SetPropA
0x44633c UnhookWindowsHookEx
0x446340 GetPropA
0x446344 CallWindowProcA
0x446348 RemovePropA
0x44634c GetMessageTime
0x446350 GetMessagePos
0x446354 GetForegroundWindow
0x446358 SetForegroundWindow
0x44635c CharNextA
0x446364 IntersectRect
0x44636c GetWindowPlacement
0x446370 GetWindowRect
0x446374 MapDialogRect
0x446378 SetWindowPos
0x44637c GetWindow
0x446384 EndDialog
0x446388 SetActiveWindow
0x44638c IsWindow
0x446394 PtInRect
0x446398 GetDlgItem
0x4463a0 LoadBitmapA
0x4463a4 GetMenuState
0x4463a8 ModifyMenuA
0x4463ac SetMenuItemBitmaps
0x4463b0 CheckMenuItem
0x4463b4 EnableMenuItem
0x4463b8 GetFocus
0x4463bc GetNextDlgTabItem
0x4463c0 GetMessageA
0x4463c4 TranslateMessage
0x4463c8 DispatchMessageA
0x4463cc GetActiveWindow
0x4463d0 GetKeyState
0x4463d4 CallNextHookEx
0x4463d8 ValidateRect
0x4463dc IsWindowVisible
0x4463e0 PeekMessageA
0x4463e4 GetCursorPos
0x4463e8 SetWindowsHookExA
0x4463ec GetParent
0x4463f0 GrayStringA
0x4463f4 SetClassWord
0x4463f8 GetSystemMetrics
0x4463fc UnregisterClassA
0x446400 HideCaret
0x446404 ShowCaret
0x446408 ExcludeUpdateRgn
0x44640c DrawFocusRect
0x446410 GetLastActivePopup
0x446414 IsWindowEnabled
0x446418 GetWindowLongA
0x44641c MessageBoxA
0x446420 SetCursor
0x446424 PostQuitMessage
0x446428 PostMessageA
0x44642c LoadIconA
0x446430 EnableWindow
0x446434 GetClientRect
0x446438 IsIconic
0x44643c GetSystemMenu
0x446440 GetSysColorBrush
0x446444 SetWindowLongA
0x446448 SendMessageA
0x44644c AppendMenuA
0x446450 DefDlgProcA
0x446454 IsWindowUnicode
0x446458 DrawIcon
0x44645c GetDesktopWindow
0x446460 LoadCursorA
0x446464 DestroyMenu
0x446468 DrawTextA
0x44646c TabbedTextOutA
0x446470 EndPaint
0x446474 BeginPaint
0x446478 GetWindowDC
0x44647c ReleaseDC
0x446480 GetDC
0x446484 ClientToScreen
0x446488 LoadStringA
0x44648c ShowWindow
0x446490 MoveWindow
0x446494 SetWindowTextA
0x446498 IsDialogMessageA
0x44649c UpdateWindow
0x4464a0 SendDlgItemMessageA
0x4464a4 MapWindowPoints
0x4464a8 DestroyWindow
0x4464ac GetClassNameA
0x4464b0 ScreenToClient
0x4464b4 SetFocus
0x4464b8 OffsetRect
0x4464bc AdjustWindowRectEx
0x4464c0 GetSysColor
Library GDI32.dll:
0x44601c SetMapMode
0x446020 SetViewportOrgEx
0x446024 OffsetViewportOrgEx
0x446028 SetViewportExtEx
0x44602c ScaleViewportExtEx
0x446030 SetWindowExtEx
0x446034 ScaleWindowExtEx
0x446038 IntersectClipRect
0x44603c DeleteObject
0x446040 SetBkMode
0x446044 GetDeviceCaps
0x446048 GetViewportExtEx
0x44604c GetWindowExtEx
0x446050 CreateSolidBrush
0x446054 PtVisible
0x446058 RectVisible
0x44605c TextOutA
0x446060 ExtTextOutA
0x446064 Escape
0x446068 GetTextColor
0x44606c GetBkColor
0x446070 DPtoLP
0x446074 LPtoDP
0x446078 GetMapMode
0x44607c PatBlt
0x446080 GetStockObject
0x446084 SelectObject
0x446088 RestoreDC
0x44608c SaveDC
0x446090 DeleteDC
0x446094 GetObjectA
0x446098 SetBkColor
0x44609c SetTextColor
0x4460a0 GetClipBox
0x4460a4 CreateBitmap
0x4460a8 CreateDIBitmap
0x4460ac GetTextExtentPointA
0x4460b0 BitBlt
0x4460b4 CreateCompatibleDC
0x4460b8 SetColorSpace
Library comdlg32.dll:
0x4464d8 GetFileTitleA
Library WINSPOOL.DRV:
0x4464c8 ClosePrinter
0x4464cc DocumentPropertiesA
0x4464d0 OpenPrinterA
Library ADVAPI32.dll:
0x446000 RegCloseKey
0x446004 RegSetValueExA
0x446008 RegOpenKeyExA
0x44600c RegCreateKeyExA
Library COMCTL32.dll:
0x446014
Library oledlg.dll:
0x446520
Library ole32.dll:
0x4464e4 OleInitialize
0x4464e8 CoTaskMemAlloc
0x4464ec CoTaskMemFree
0x4464fc CoGetClassObject
0x446500 CLSIDFromString
0x446504 CLSIDFromProgID
0x44650c CoRevokeClassObject
0x446510 OleFlushClipboard
0x446518 OleUninitialize
Library OLEPRO32.DLL:
0x4462c4
Library OLEAUT32.dll:
0x4462a0 SysAllocStringLen
0x4462a4 SysFreeString
0x4462a8 VariantCopy
0x4462ac VariantChangeType
0x4462b0 SysAllocString
0x4462b8 SysStringLen
0x4462bc VariantClear

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
111.119.27.78 80 192.168.56.101 49178
111.119.27.78 80 192.168.56.101 49189

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 51808 8.8.8.8 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.