2.8
中危
55 个模型检测该样本为恶意!
重新分析
更多

5823c7447f2b98179ff86e2492855d785581f99902fa0eb6d24703500ac5b123

1ea537bcf7884bc3e56f7b8ba445439b.exe

分析耗时

24s

最近分析

文件大小

1.2MB
静态报毒 动态报毒 100% AI SCORE=89 AIDETECTVM ATTRIBUTE CLASSIC CONFIDENCE FBADSCARD GDSDA GENERICRXKH HIGH CONFIDENCE HIGHCONFIDENCE KRYPT MALWARE1 MALWARE@#1ZOUUK404TIBH MRW@AI6WXDI OCCAMY PASSWORDSTEALER R06EC0PI220 RAZY SCORE STATIC AI SUSGEN SUSPICIOUS PE TROJANPSW UNSAFE UTCBW ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanPSW:Win32/Stealer.acd5b212 20190527 0.3.0.5
Avast Win32:Trojan-gen 20201228 21.1.5827.0
Tencent Win32.Trojan.Stealer.Ecbd 20201229 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft 20201229 2017.9.26.565
McAfee GenericRXKH-ET!1EA537BCF788 20201228 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
行为判定
动态指标
Steals private information from local Internet browsers (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Disables proxy possibly for traffic interception (1 个事件)
Time & API Arguments Status Return Repeated
1619269225.474952
RegSetValueExA
key_handle: 0x000002dc
value: 0
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
success 0 0
File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
DrWeb Trojan.PWS.Stealer.28413
MicroWorld-eScan Gen:Variant.Razy.639353
CAT-QuickHeal Trojan.Stealer
ALYac Gen:Variant.Razy.639353
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Password-Stealer ( 0055912f1 )
Alibaba TrojanPSW:Win32/Stealer.acd5b212
K7GW Password-Stealer ( 0055912f1 )
Cybereason malicious.cf7884
Arcabit Trojan.Razy.D9C179
BitDefenderTheta Gen:NN.ZexaF.34700.mrW@ai6Wxdi
Cyren W32/Trojan.DAAB-2733
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/PSW.Agent.OHG
APEX Malicious
Avast Win32:Trojan-gen
Kaspersky HEUR:Trojan.Win32.Stealer.gen
BitDefender Gen:Variant.Razy.639353
AegisLab Trojan.Win32.Stealer.4!c
Tencent Win32.Trojan.Stealer.Ecbd
Ad-Aware Gen:Variant.Razy.639353
Sophos Mal/Generic-S
Comodo Malware@#1zouuk404tibh
F-Secure Trojan.TR/PSW.Agent.utcbw
TrendMicro TROJ_GEN.R06EC0PI220
McAfee-GW-Edition GenericRXKH-ET!1EA537BCF788
FireEye Generic.mg.1ea537bcf7884bc3
Emsisoft Gen:Variant.Razy.639353 (B)
SentinelOne Static AI - Suspicious PE
Jiangmin Trojan.Stealer.bi
Webroot W32.Trojan.Gen
Avira TR/PSW.Agent.utcbw
MAX malware (ai score=89)
Antiy-AVL Trojan/Win32.Stealer
Microsoft Trojan:Win32/Occamy.C58
ZoneAlarm HEUR:Trojan.Win32.Stealer.gen
GData Gen:Variant.Razy.639353
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Stealer.C4058400
McAfee GenericRXKH-ET!1EA537BCF788
VBA32 suspected of Trojan.Downloader.gen.s
Malwarebytes Spyware.PasswordStealer
TrendMicro-HouseCall TROJ_GEN.R06EC0PI220
Rising Stealer.FBAdsCard!1.CE06 (CLASSIC)
Ikarus Trojan.Win32.Krypt
MaxSecure Trojan.Malware.74232662.susgen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-04-07 15:20:15

Imports

Library WS2_32.dll:
0x4fa324 WSAStartup
Library KERNEL32.dll:
0x4fa044 CreateFileW
0x4fa048 GetFileSize
0x4fa050 WriteFile
0x4fa054 CloseHandle
0x4fa058 WaitForSingleObject
0x4fa05c GetCurrentProcess
0x4fa060 GetCurrentProcessId
0x4fa064 CreateThread
0x4fa068 TerminateThread
0x4fa06c GetSystemDirectoryW
0x4fa070 VirtualQuery
0x4fa074 FindResourceExW
0x4fa078 GetModuleHandleW
0x4fa07c LoadResource
0x4fa080 LockResource
0x4fa084 SizeofResource
0x4fa088 FindResourceW
0x4fa08c CopyFileW
0x4fa090 Sleep
0x4fa094 GetExitCodeThread
0x4fa098 GetModuleFileNameW
0x4fa09c DeleteFileW
0x4fa0a0 ReadFile
0x4fa0a4 SetEndOfFile
0x4fa0a8 SetFilePointer
0x4fa0b4 GetTickCount
0x4fa0b8 FlushFileBuffers
0x4fa0c0 MapViewOfFile
0x4fa0c4 CreateFileMappingW
0x4fa0c8 FormatMessageA
0x4fa0cc GetSystemTime
0x4fa0d4 WideCharToMultiByte
0x4fa0d8 MultiByteToWideChar
0x4fa0e0 LockFileEx
0x4fa0e4 LocalFree
0x4fa0e8 UnlockFile
0x4fa0ec HeapCompact
0x4fa0f0 LoadLibraryW
0x4fa0f4 GetSystemInfo
0x4fa0f8 DeleteFileA
0x4fa100 CreateFileA
0x4fa104 FlushViewOfFile
0x4fa108 OutputDebugStringW
0x4fa110 GetFileAttributesA
0x4fa114 GetDiskFreeSpaceA
0x4fa118 FormatMessageW
0x4fa11c GetTempPathA
0x4fa120 HeapValidate
0x4fa124 UnmapViewOfFile
0x4fa128 GetFileAttributesW
0x4fa12c CreateMutexW
0x4fa130 GetTempPathW
0x4fa134 UnlockFileEx
0x4fa138 GetFullPathNameA
0x4fa13c LockFile
0x4fa140 OutputDebugStringA
0x4fa144 GetDiskFreeSpaceW
0x4fa148 GetFullPathNameW
0x4fa14c HeapCreate
0x4fa150 AreFileApisANSI
0x4fa15c GetCurrentThreadId
0x4fa160 VirtualFree
0x4fa164 VirtualProtect
0x4fa16c LoadLibraryA
0x4fa170 GetProcAddress
0x4fa17c GetProcessHeap
0x4fa180 HeapSize
0x4fa184 HeapFree
0x4fa188 HeapReAlloc
0x4fa18c HeapAlloc
0x4fa190 HeapDestroy
0x4fa194 GetLastError
0x4fa198 RaiseException
0x4fa19c DecodePointer
0x4fa1a0 FreeLibrary
0x4fa1a4 VirtualAlloc
0x4fa1a8 GetVersionExW
0x4fa1ac GetModuleHandleA
0x4fa1b0 UnregisterWait
0x4fa1d4 GetThreadPriority
0x4fa1d8 SetThreadPriority
0x4fa1dc SignalObjectAndWait
0x4fa1e0 CreateTimerQueue
0x4fa1e4 UnregisterWaitEx
0x4fa1e8 QueryDepthSList
0x4fa1f0 ReleaseSemaphore
0x4fa1f4 GetStringTypeW
0x4fa1f8 SetLastError
0x4fa200 CreateEventW
0x4fa204 SwitchToThread
0x4fa208 TlsAlloc
0x4fa20c TlsGetValue
0x4fa210 TlsSetValue
0x4fa214 TlsFree
0x4fa218 EncodePointer
0x4fa21c CompareStringW
0x4fa220 LCMapStringW
0x4fa224 GetLocaleInfoW
0x4fa228 GetCPInfo
0x4fa22c IsDebuggerPresent
0x4fa234 GetCurrentThread
0x4fa238 GetThreadTimes
0x4fa244 TerminateProcess
0x4fa24c SetEvent
0x4fa250 ResetEvent
0x4fa254 InitializeSListHead
0x4fa258 GetStartupInfoW
0x4fa25c RtlUnwind
0x4fa268 LoadLibraryExW
0x4fa26c ExitThread
0x4fa274 GetModuleHandleExW
0x4fa278 ExitProcess
0x4fa27c GetStdHandle
0x4fa280 GetFileType
0x4fa284 GetFileSizeEx
0x4fa288 SetFilePointerEx
0x4fa28c IsValidLocale
0x4fa290 GetUserDefaultLCID
0x4fa294 EnumSystemLocalesW
0x4fa298 GetConsoleCP
0x4fa29c GetConsoleMode
0x4fa2a0 ReadConsoleW
0x4fa2a8 FindClose
0x4fa2ac FindFirstFileExW
0x4fa2b0 FindNextFileW
0x4fa2b4 IsValidCodePage
0x4fa2b8 GetACP
0x4fa2bc GetOEMCP
0x4fa2c0 GetCommandLineA
0x4fa2c4 GetCommandLineW
0x4fa2d4 SetStdHandle
0x4fa2d8 WriteConsoleW
0x4fa2dc DuplicateHandle
Library ESENT.dll:
0x4fa000 JetMove
0x4fa004 JetDBUtilitiesW
0x4fa008 JetRetrieveColumn
0x4fa00c JetCloseTable
0x4fa010 JetOpenTableA
0x4fa014 JetCloseDatabase
0x4fa018 JetOpenDatabaseA
0x4fa01c JetGetColumnInfoA
0x4fa020 JetDetachDatabaseA
0x4fa024 JetAttachDatabaseA
0x4fa028 JetEndSession
0x4fa02c JetBeginSessionA
0x4fa034 JetTerm
0x4fa038 JetCreateInstanceA
0x4fa03c JetInit
Library WINHTTP.dll:
0x4fa2e4 WinHttpSendRequest
0x4fa2ec WinHttpOpenRequest
0x4fa2f0 WinHttpSetOption
0x4fa2f4 WinHttpWriteData
0x4fa2fc WinHttpConnect
0x4fa304 WinHttpCloseHandle
0x4fa308 WinHttpOpen
0x4fa30c WinHttpCrackUrl
0x4fa318 WinHttpReadData
0x4fa31c WinHttpQueryHeaders

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.