7.2
高危
53 个模型检测该样本为恶意!
重新分析
更多

0d8c9a1669bba156797b7f421e82f70206ce17ae2d3214c99138c52e98d87575

1ac44daa4b00471b77599eea95784438.exe

分析耗时

130s

最近分析

文件大小

89.5KB
静态报毒 动态报毒 100% AGEN AI SCORE=100 AIDETECTVM AWUF B3NKG7R5YIO CONFIDENCE DHEC DHEC@8OQ5NR DHKK DOFOIL DRMJOH ELDORADO FAAH FMW@A0DZQUD GENCIRC GENETIC HIGH CONFIDENCE KCLOUD KRYPTIK MALICIOUS PE MALWARE1 OBFUSCATED R + MAL SCORE STATIC AI TINBA ULISE UNSAFE YMACCO ZEXAF ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Ymacco.f356d5fb 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20201210 21.1.5827.0
Kingsoft Win32.Troj.Undef.(kcloud) 20201211 2017.9.26.565
McAfee Obfuscated-FAAH!1AC44DAA4B00 20201211 6.0.6.653
Tencent Malware.Win32.Gencirc.10b09ad9 20201211 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1620119619.03356
__exception__
stacktrace: 
LPSAFEARRAY_Marshal+0x222 LPSAFEARRAY_UserUnmarshal-0x29a oleaut32+0x21449 @ 0x760b1449
1ac44daa4b00471b77599eea95784438+0xcbc8 @ 0x40cbc8
1ac44daa4b00471b77599eea95784438+0x13579 @ 0x413579
1ac44daa4b00471b77599eea95784438+0x14022 @ 0x414022
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1635672
registers.edi: 4294967295
registers.eax: 1636180
registers.ebp: 1635684
registers.edx: 50087367
registers.ebx: 0
registers.esi: 50087367
registers.ecx: 0
exception.instruction_r: 83 7e 08 00 0f 87 f2 5b 01 00 33 c0 c7 45 fc 01
exception.symbol: LPSAFEARRAY_UserFree+0x1d LPSAFEARRAY_UserSize-0x8a oleaut32+0x2107a
exception.instruction: cmp dword ptr [esi + 8], 0
exception.module: OLEAUT32.dll
exception.exception_code: 0xc0000005
exception.offset: 135290
exception.address: 0x760b107a
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Resolves a suspicious Top Level Domain (TLD) (1 个事件)
domain insamertojertoq.cc description Cocos Islands domain TLD
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1620119619.04956
NtAllocateVirtualMemory
process_identifier: 2128
region_size: 10485760
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x025e0000
success 0 0
1620134080.734876
NtAllocateVirtualMemory
process_identifier: 2228
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x002b0000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Allocates execute permission to another process indicative of possible code injection (41 个事件)
Time & API Arguments Status Return Repeated
1620119620.03356
NtProtectVirtualMemory
process_identifier: 2228
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000bc
base_address: 0x003f1000
success 0 0
1620134080.749876
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000088
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x06c30000
success 0 0
1620134081.765876
NtAllocateVirtualMemory
process_identifier: 276
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00210000
success 0 0
1620134081.765876
NtAllocateVirtualMemory
process_identifier: 372
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00c00000
success 0 0
1620134081.765876
NtAllocateVirtualMemory
process_identifier: 424
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x0a210000
success 0 0
1620134081.765876
NtAllocateVirtualMemory
process_identifier: 432
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00110000
success 0 0
1620134081.765876
NtAllocateVirtualMemory
process_identifier: 476
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00110000
success 0 0
1620134081.765876
NtAllocateVirtualMemory
process_identifier: 508
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x001d0000
success 0 0
1620134081.781876
NtAllocateVirtualMemory
process_identifier: 536
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x009e0000
success 0 0
1620134081.781876
NtAllocateVirtualMemory
process_identifier: 544
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00190000
success 0 0
1620134081.781876
NtAllocateVirtualMemory
process_identifier: 656
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
1620134081.781876
NtAllocateVirtualMemory
process_identifier: 720
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000d0000
success 0 0
1620134081.781876
NtAllocateVirtualMemory
process_identifier: 788
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x001c0000
success 0 0
1620134081.781876
NtAllocateVirtualMemory
process_identifier: 868
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00e50000
success 0 0
1620134081.781876
NtAllocateVirtualMemory
process_identifier: 924
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00e50000
success 0 0
1620134081.781876
NtAllocateVirtualMemory
process_identifier: 956
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00f70000
success 0 0
1620134081.781876
NtAllocateVirtualMemory
process_identifier: 540
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00d00000
success 0 0
1620134081.796876
NtAllocateVirtualMemory
process_identifier: 1080
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x014f0000
success 0 0
1620134081.812876
NtAllocateVirtualMemory
process_identifier: 1260
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00190000
success 0 0
1620134081.812876
NtAllocateVirtualMemory
process_identifier: 1288
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00180000
success 0 0
1620134081.812876
NtAllocateVirtualMemory
process_identifier: 1336
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00350000
success 0 0
1620134081.828876
NtAllocateVirtualMemory
process_identifier: 1384
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00130000
success 0 0
1620134081.843876
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x06c40000
success 0 0
1620134081.859876
NtAllocateVirtualMemory
process_identifier: 1592
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004b0000
success 0 0
1620134081.859876
NtAllocateVirtualMemory
process_identifier: 1980
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00190000
success 0 0
1620134081.874876
NtAllocateVirtualMemory
process_identifier: 1240
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00370000
success 0 0
1620134081.874876
NtAllocateVirtualMemory
process_identifier: 2072
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00120000
success 0 0
1620134081.874876
NtAllocateVirtualMemory
process_identifier: 2380
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x04850000
success 0 0
1620134081.874876
NtAllocateVirtualMemory
process_identifier: 2460
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00bb0000
success 0 0
1620134081.874876
NtAllocateVirtualMemory
process_identifier: 2672
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003d0000
success 0 0
1620134081.874876
NtAllocateVirtualMemory
process_identifier: 2744
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00b60000
success 0 0
1620134081.890876
NtAllocateVirtualMemory
process_identifier: 2784
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x007a0000
success 0 0
1620134081.906876
NtAllocateVirtualMemory
process_identifier: 2884
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03e70000
success 0 0
1620134081.906876
NtAllocateVirtualMemory
process_identifier: 2940
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00140000
success 0 0
1620134081.921876
NtAllocateVirtualMemory
process_identifier: 2132
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000f0000
success 0 0
1620134081.937876
NtAllocateVirtualMemory
process_identifier: 1544
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003b0000
success 0 0
1620134081.953876
NtAllocateVirtualMemory
process_identifier: 2544
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00c30000
success 0 0
1620134081.953876
NtAllocateVirtualMemory
process_identifier: 2900
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00110000
success 0 0
1620134081.968876
NtAllocateVirtualMemory
process_identifier: 2636
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00470000
success 0 0
1620134081.968876
NtAllocateVirtualMemory
process_identifier: 2128
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000b0000
success 0 0
1620134081.984876
NtAllocateVirtualMemory
process_identifier: 2228
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00430000
success 0 0
Creates a thread using CreateRemoteThread in a non-child process indicative of process injection (2 个事件)
Process injection Process 2228 created a remote thread in non-child process 2128
Time & API Arguments Status Return Repeated
1620134081.984876
CreateRemoteThread
thread_identifier: 0
process_identifier: 2128
function_address: 0x000b094c
flags: 0
process_handle: 0x00000184
parameter: 0x00000000
stack_size: 0
failed 0 0
Manipulates memory of a non-child process indicative of process injection (50 out of 79 个事件)
Process injection Process 2228 manipulating memory of non-child process 1424
Process injection Process 2228 manipulating memory of non-child process 276
Process injection Process 2228 manipulating memory of non-child process 372
Process injection Process 2228 manipulating memory of non-child process 424
Process injection Process 2228 manipulating memory of non-child process 432
Process injection Process 2228 manipulating memory of non-child process 476
Process injection Process 2228 manipulating memory of non-child process 508
Process injection Process 2228 manipulating memory of non-child process 536
Process injection Process 2228 manipulating memory of non-child process 544
Process injection Process 2228 manipulating memory of non-child process 656
Process injection Process 2228 manipulating memory of non-child process 720
Process injection Process 2228 manipulating memory of non-child process 788
Process injection Process 2228 manipulating memory of non-child process 868
Process injection Process 2228 manipulating memory of non-child process 924
Process injection Process 2228 manipulating memory of non-child process 956
Process injection Process 2228 manipulating memory of non-child process 540
Process injection Process 2228 manipulating memory of non-child process 1080
Process injection Process 2228 manipulating memory of non-child process 1260
Process injection Process 2228 manipulating memory of non-child process 1288
Process injection Process 2228 manipulating memory of non-child process 1336
Process injection Process 2228 manipulating memory of non-child process 1384
Process injection Process 2228 manipulating memory of non-child process 1592
Process injection Process 2228 manipulating memory of non-child process 1980
Process injection Process 2228 manipulating memory of non-child process 1240
Process injection Process 2228 manipulating memory of non-child process 2072
Time & API Arguments Status Return Repeated
1620134080.749876
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000088
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x06c30000
success 0 0
1620134081.765876
NtAllocateVirtualMemory
process_identifier: 276
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00210000
success 0 0
1620134081.765876
NtAllocateVirtualMemory
process_identifier: 372
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00c00000
success 0 0
1620134081.765876
NtAllocateVirtualMemory
process_identifier: 424
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x0a210000
success 0 0
1620134081.765876
NtAllocateVirtualMemory
process_identifier: 432
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00110000
success 0 0
1620134081.765876
NtAllocateVirtualMemory
process_identifier: 476
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00110000
success 0 0
1620134081.765876
NtAllocateVirtualMemory
process_identifier: 508
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x001d0000
success 0 0
1620134081.781876
NtAllocateVirtualMemory
process_identifier: 536
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x009e0000
success 0 0
1620134081.781876
NtAllocateVirtualMemory
process_identifier: 544
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00190000
success 0 0
1620134081.781876
NtAllocateVirtualMemory
process_identifier: 656
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
1620134081.781876
NtAllocateVirtualMemory
process_identifier: 720
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000d0000
success 0 0
1620134081.781876
NtAllocateVirtualMemory
process_identifier: 788
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x001c0000
success 0 0
1620134081.781876
NtAllocateVirtualMemory
process_identifier: 868
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00e50000
success 0 0
1620134081.781876
NtAllocateVirtualMemory
process_identifier: 924
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00e50000
success 0 0
1620134081.781876
NtAllocateVirtualMemory
process_identifier: 956
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00f70000
success 0 0
1620134081.781876
NtAllocateVirtualMemory
process_identifier: 540
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00d00000
success 0 0
1620134081.796876
NtAllocateVirtualMemory
process_identifier: 1080
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x014f0000
success 0 0
1620134081.812876
NtAllocateVirtualMemory
process_identifier: 1260
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00190000
success 0 0
1620134081.812876
NtAllocateVirtualMemory
process_identifier: 1288
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00180000
success 0 0
1620134081.812876
NtAllocateVirtualMemory
process_identifier: 1336
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00350000
success 0 0
1620134081.828876
NtAllocateVirtualMemory
process_identifier: 1384
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00130000
success 0 0
1620134081.843876
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x06c40000
success 0 0
1620134081.859876
NtAllocateVirtualMemory
process_identifier: 1592
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004b0000
success 0 0
1620134081.859876
NtAllocateVirtualMemory
process_identifier: 1980
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00190000
success 0 0
1620134081.874876
NtAllocateVirtualMemory
process_identifier: 1240
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00370000
success 0 0
Potential code injection by writing to the memory of another process (1 个事件)
Time & API Arguments Status Return Repeated
1620119620.03356
WriteProcessMemory
process_identifier: 2228
buffer: 艉ÇW蟉ÃèReadProcessMemoryWÿӉÆè VirtualAllocWÿÓè[ë[@j@h0ÿ³˜@jÿЅÀt ‰Çƒ˜@jÿ0WÿpÿpÿօÀtÇ4 WÞ\$^d¡0‹@ ‹@‹‹H y 32uò‹@ÃU‰åW‹E‰ÂR<‹Rx‹r Æ1ÉAƒÆ‹>ǁocAduï‰Ær$·4N4°r_ÉÂ
process_handle: 0x000000bc
base_address: 0x003f16c1
success 1 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2128 resumed a thread in remote process 2228
Time & API Arguments Status Return Repeated
1620119620.50256
NtResumeThread
thread_handle: 0x00000054
suspend_count: 1
process_identifier: 2228
success 0 0
Executed a process and injected code into it, probably while unpacking (50 out of 84 个事件)
Time & API Arguments Status Return Repeated
1620119620.03356
CreateProcessInternalW
thread_identifier: 2244
thread_handle: 0x00000054
process_identifier: 2228
current_directory:
filepath:
track: 1
command_line: winver
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x000000bc
inherit_handles: 0
success 1 0
1620119620.03356
NtGetContextThread
thread_handle: 0x00000054
success 0 0
1620119620.03356
WriteProcessMemory
process_identifier: 2228
buffer: 艉ÇW蟉ÃèReadProcessMemoryWÿӉÆè VirtualAllocWÿÓè[ë[@j@h0ÿ³˜@jÿЅÀt ‰Çƒ˜@jÿ0WÿpÿpÿօÀtÇ4 WÞ\$^d¡0‹@ ‹@‹‹H y 32uò‹@ÃU‰åW‹E‰ÂR<‹Rx‹r Æ1ÉAƒÆ‹>ǁocAduï‰Ær$·4N4°r_ÉÂ
process_handle: 0x000000bc
base_address: 0x003f16c1
success 1 0
1620119620.50256
NtResumeThread
thread_handle: 0x00000054
suspend_count: 1
process_identifier: 2228
success 0 0
1620134080.749876
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000088
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x06c30000
success 0 0
1620134080.749876
WriteProcessMemory
process_identifier: 1424
buffer:
process_handle: 0x00000088
base_address: 0x06c30000
success 1 0
1620134081.765876
NtAllocateVirtualMemory
process_identifier: 276
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00210000
success 0 0
1620134081.765876
WriteProcessMemory
process_identifier: 276
buffer:
process_handle: 0x00000184
base_address: 0x00210000
success 1 0
1620134081.765876
NtAllocateVirtualMemory
process_identifier: 372
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00c00000
success 0 0
1620134081.765876
WriteProcessMemory
process_identifier: 372
buffer:
process_handle: 0x00000184
base_address: 0x00c00000
success 1 0
1620134081.765876
NtAllocateVirtualMemory
process_identifier: 424
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x0a210000
success 0 0
1620134081.765876
WriteProcessMemory
process_identifier: 424
buffer:
process_handle: 0x00000184
base_address: 0x0a210000
success 1 0
1620134081.765876
NtAllocateVirtualMemory
process_identifier: 432
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00110000
success 0 0
1620134081.765876
WriteProcessMemory
process_identifier: 432
buffer:
process_handle: 0x00000184
base_address: 0x00110000
success 1 0
1620134081.765876
NtAllocateVirtualMemory
process_identifier: 476
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00110000
success 0 0
1620134081.765876
WriteProcessMemory
process_identifier: 476
buffer:
process_handle: 0x00000184
base_address: 0x00110000
success 1 0
1620134081.765876
NtAllocateVirtualMemory
process_identifier: 508
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x001d0000
success 0 0
1620134081.765876
WriteProcessMemory
process_identifier: 508
buffer:
process_handle: 0x00000184
base_address: 0x001d0000
success 1 0
1620134081.781876
NtAllocateVirtualMemory
process_identifier: 536
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x009e0000
success 0 0
1620134081.781876
WriteProcessMemory
process_identifier: 536
buffer:
process_handle: 0x00000184
base_address: 0x009e0000
success 1 0
1620134081.781876
NtAllocateVirtualMemory
process_identifier: 544
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00190000
success 0 0
1620134081.781876
WriteProcessMemory
process_identifier: 544
buffer:
process_handle: 0x00000184
base_address: 0x00190000
success 1 0
1620134081.781876
NtAllocateVirtualMemory
process_identifier: 656
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
1620134081.781876
WriteProcessMemory
process_identifier: 656
buffer:
process_handle: 0x00000184
base_address: 0x00400000
success 1 0
1620134081.781876
NtAllocateVirtualMemory
process_identifier: 720
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000d0000
success 0 0
1620134081.781876
WriteProcessMemory
process_identifier: 720
buffer:
process_handle: 0x00000184
base_address: 0x000d0000
success 1 0
1620134081.781876
NtAllocateVirtualMemory
process_identifier: 788
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x001c0000
success 0 0
1620134081.781876
WriteProcessMemory
process_identifier: 788
buffer:
process_handle: 0x00000184
base_address: 0x001c0000
success 1 0
1620134081.781876
NtAllocateVirtualMemory
process_identifier: 868
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00e50000
success 0 0
1620134081.781876
WriteProcessMemory
process_identifier: 868
buffer:
process_handle: 0x00000184
base_address: 0x00e50000
success 1 0
1620134081.781876
NtAllocateVirtualMemory
process_identifier: 924
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00e50000
success 0 0
1620134081.781876
WriteProcessMemory
process_identifier: 924
buffer:
process_handle: 0x00000184
base_address: 0x00e50000
success 1 0
1620134081.781876
NtAllocateVirtualMemory
process_identifier: 956
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00f70000
success 0 0
1620134081.781876
WriteProcessMemory
process_identifier: 956
buffer:
process_handle: 0x00000184
base_address: 0x00f70000
success 1 0
1620134081.781876
NtAllocateVirtualMemory
process_identifier: 540
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00d00000
success 0 0
1620134081.781876
WriteProcessMemory
process_identifier: 540
buffer:
process_handle: 0x00000184
base_address: 0x00d00000
success 1 0
1620134081.796876
NtAllocateVirtualMemory
process_identifier: 1080
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x014f0000
success 0 0
1620134081.796876
WriteProcessMemory
process_identifier: 1080
buffer:
process_handle: 0x00000184
base_address: 0x014f0000
success 1 0
1620134081.812876
NtAllocateVirtualMemory
process_identifier: 1260
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00190000
success 0 0
1620134081.812876
WriteProcessMemory
process_identifier: 1260
buffer:
process_handle: 0x00000184
base_address: 0x00190000
success 1 0
1620134081.812876
NtAllocateVirtualMemory
process_identifier: 1288
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00180000
success 0 0
1620134081.812876
WriteProcessMemory
process_identifier: 1288
buffer:
process_handle: 0x00000184
base_address: 0x00180000
success 1 0
1620134081.812876
NtAllocateVirtualMemory
process_identifier: 1336
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00350000
success 0 0
1620134081.812876
WriteProcessMemory
process_identifier: 1336
buffer:
process_handle: 0x00000184
base_address: 0x00350000
success 1 0
1620134081.828876
NtAllocateVirtualMemory
process_identifier: 1384
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00130000
success 0 0
1620134081.828876
WriteProcessMemory
process_identifier: 1384
buffer:
process_handle: 0x00000184
base_address: 0x00130000
success 1 0
1620134081.843876
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x06c40000
success 0 0
1620134081.843876
WriteProcessMemory
process_identifier: 1424
buffer:
process_handle: 0x00000184
base_address: 0x06c40000
success 1 0
1620134081.859876
NtAllocateVirtualMemory
process_identifier: 1592
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000184
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004b0000
success 0 0
1620134081.859876
WriteProcessMemory
process_identifier: 1592
buffer:
process_handle: 0x00000184
base_address: 0x004b0000
success 1 0
File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Zusy.318892
FireEye Generic.mg.1ac44daa4b00471b
ALYac Gen:Variant.Zusy.318892
Cylance Unsafe
Zillya Dropper.Injector.Win32.67351
Sangfor Malware
K7AntiVirus Trojan ( 004c0aca1 )
Alibaba Trojan:Win32/Ymacco.f356d5fb
K7GW Trojan ( 004c0aca1 )
Cybereason malicious.a4b004
Arcabit Trojan.Zusy.D4DDAC
BitDefenderTheta Gen:NN.ZexaF.34670.fmW@a0dZqud
Cyren W32/Ulise.AD.gen!Eldorado
Symantec Trojan.Gen.MBT
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Gen:Variant.Zusy.318892
NANO-Antivirus Trojan.Win32.Inject.drmjoh
Avast Win32:Malware-gen
Rising Downloader.Dofoil!8.322 (TFE:1:B3nkG7r5YIO)
Ad-Aware Gen:Variant.Zusy.318892
Emsisoft Gen:Variant.Zusy.318892 (B)
Comodo TrojWare.Win32.Agent.DHEC@8oq5nr
F-Secure Heuristic.HEUR/AGEN.1118103
DrWeb Trojan.PWS.Tinba.148
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win32.Generic.mh
Sophos Mal/Generic-R + Mal/Tinba-I
Ikarus Trojan.Win32.Tinba
Jiangmin TrojanDropper.Injector.awuf
Avira HEUR/AGEN.1118103
MAX malware (ai score=100)
Antiy-AVL Trojan[Dropper]/Win32.Injector
Kingsoft Win32.Troj.Undef.(kcloud)
Microsoft Trojan:Win32/Tinba
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Gen:Variant.Zusy.318892
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.Generic.C1801536
Acronis suspicious
McAfee Obfuscated-FAAH!1AC44DAA4B00
VBA32 TrojanDropper.Injector
ESET-NOD32 a variant of Win32/Kryptik.DHEC
Tencent Malware.Win32.Gencirc.10b09ad9
SentinelOne Static AI - Malicious PE
Fortinet W32/Kryptik.DHKK!tr
AVG Win32:Malware-gen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2004-08-30 08:15:15

Imports

Library WSOCK32.dll:
0x401094 bind
0x401098 inet_ntoa
Library ADVAPI32.dll:
0x401000 RegGetKeySecurity
Library IMAGEHLP.dll:
0x40101c SplitSymbols
Library MPR.dll:
Library OLEAUT32.dll:
0x401038 VarDateFromR4
0x40103c VarUI4FromDisp
0x401040 VarI4FromI1
0x401044 VARIANT_UserFree
0x401048 SysStringByteLen
0x40104c VarCyFromDisp
Library USER32.dll:
0x401070 DdeQueryNextServer
0x401074 GetScrollInfo
Library WININET.dll:
Library WINSPOOL.DRV:
0x401088 AddJobA
0x40108c SetJobA
Library GDI32.dll:
0x401010 GetRasterizerCaps
Library SETUPAPI.dll:
Library ole32.dll:
0x4010e4 ReadClassStg
Library KERNEL32.dll:
0x401024 GetTickCount
0x401028 GetStartupInfoA
Library msvcrt.dll:
0x4010a0 _exit
0x4010a4 _XcptFilter
0x4010a8 _cexit
0x4010ac exit
0x4010b0 _c_exit
0x4010b4 __getmainargs
0x4010b8 _initterm
0x4010bc __setusermatherr
0x4010c0 _adjust_fdiv
0x4010c4 __p__commode
0x4010c8 __p__fmode
0x4010cc __set_app_type
0x4010d0 _except_handler3
0x4010d4 _controlfp
0x4010d8 _acmdln
Library RPCRT4.dll:
0x401058 RpcEpResolveBinding

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702
192.168.56.101 65005 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.