SmartHawk

3.0

中危

57 个模型检测该样本为恶意！

重新分析

下载样本

302d611d7e8b84b6c82aefdaa4d9412bf5678c3bd8595e8970d2170dff3c1be5

1f77bcdae811e1cd2162d8586e7fb14a.exe

分析耗时

130s

最近分析

文件大小

552.5KB

静态报毒动态报毒 AI SCORE=80 BANKERX BSCOPE CERT CLASSIC CONFIDENCE EBHN EHLS ELDORADO ENCPK FALSESIGN GDSDA GENERICKDZ GRAYWARE HACKTOOL HFMH HIGH CONFIDENCE HRYYHK INJECT3 INVALIDSIG IU1@AQCTK2P KRAP KRYPTIK LKMC MALICIOUS PE QAKBOT QBOT R + MAL R002C0DH720 R347665 SCORE UNCLASSIFIEDMALWARE@0 UNSAFE WMVSX ZENPAK ZEXAF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Packed-GCB!1F77BCDAE811	20200908	6.0.6.653
Alibaba	Trojan:Win32/Qakbot.e68114cf	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Kingsoft		20200908	2013.8.14.323
Tencent	Win32.Trojan.Falsesign.Ebhn	20200908	1.0.0.1
CrowdStrike	win/malicious_confidence_90% (W)	20190702	1.0

This executable is signed

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.rdata5

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619269228.110567 NtAllocateVirtualMemory	process_identifier: 580 region_size: 278528 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x004b0000	success	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.033582045397189

section

{'size_of_data': '0x00052400', 'virtual_address': '0x00001000', 'entropy': 7.033582045397189, 'name': '.text', 'virtual_size': '0x000522e5'}

description

A section with a high entropy has been found

entropy

0.59763851044505

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 个事件)

Elastic	malicious (high confidence)
DrWeb	Trojan.Inject3.48273
MicroWorld-eScan	Trojan.GenericKDZ.69283
FireEye	Generic.mg.1f77bcdae811e1cd
CAT-QuickHeal	Trojan.Qbot
McAfee	Packed-GCB!1F77BCDAE811
Cylance	Unsafe
Zillya	Trojan.QBot.Win32.4
Sangfor	Malware
K7AntiVirus	Riskware ( 0049f6ae1 )
Alibaba	Trojan:Win32/Qakbot.e68114cf
K7GW	Riskware ( 0049f6ae1 )
Cybereason	malicious.9459d6
Arcabit	Trojan.Generic.D10EA3
Invincea	Mal/Generic-R + Mal/EncPk-APV
BitDefenderTheta	Gen:NN.ZexaF.34216.Iu1@aqctK2p
Cyren	W32/Qbot.N.gen!Eldorado
Symantec	Packed.Generic.459
APEX	Malicious
ClamAV	Win.Dropper.Qakbot-9514980-0
Kaspersky	HEUR:Trojan.Win32.Zenpak.pef
BitDefender	Trojan.GenericKDZ.69283
NANO-Antivirus	Trojan.Win32.Zenpak.hryyhk
ViRobot	Trojan.Win32.Z.Qakbot.565776.D
Rising	Trojan.Kryptik!1.C9B1 (CLASSIC)
Ad-Aware	Trojan.GenericKDZ.69283
Comodo	.UnclassifiedMalware@0
F-Secure	Trojan.TR/Crypt.Agent.wmvsx
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_GEN.R002C0DH720
Sophos	Mal/EncPk-APV
SentinelOne	DFI - Malicious PE
Jiangmin	Trojan.Banker.Qbot.tk
eGambit	PE.Heur.InvalidSig
Avira	TR/Crypt.Agent.wmvsx
Antiy-AVL	GrayWare/Win32.Kryptik.ehls
Microsoft	Trojan:Win32/Qakbot.VD!Cert
AegisLab	Hacktool.Win32.Krap.lKMc
ZoneAlarm	HEUR:Trojan.Win32.Zenpak.pef
GData	Trojan.GenericKDZ.69283
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Qakbot.R347665
Acronis	suspicious
VBA32	BScope.Trojan.Qakbot
ALYac	Trojan.Agent.QakBot
MAX	malware (ai score=80)
Malwarebytes	Trojan.MalPack
ESET-NOD32	a variant of Win32/Kryptik.HFMH
TrendMicro-HouseCall	Backdoor.Win32.QAKBOT.SMF
Tencent	Win32.Trojan.Falsesign.Ebhn

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1983-02-03 23:56:47

Imports

Library KERNEL32.dll:

• 0x46dd2c GetLastError

• 0x46dd30 SetLastError

• 0x46dd34 GetTickCount

• 0x46dd38 ExitProcess

• 0x46dd3c GetStartupInfoA

• 0x46dd40 GetStdHandle

• 0x46dd44 GetCommandLineA

• 0x46dd48 GetCurrentProcessId

• 0x46dd4c GetCurrentThreadId

• 0x46dd50 GetCurrentProcess

• 0x46dd54 ReadProcessMemory

• 0x46dd58 GetModuleFileNameA

• 0x46dd5c GetModuleHandleA

• 0x46dd60 WriteFile

• 0x46dd64 ReadFile

• 0x46dd68 CloseHandle

• 0x46dd6c SetFilePointer

• 0x46dd70 SetEndOfFile

• 0x46dd74 FreeLibrary

• 0x46dd78 GetSystemInfo

• 0x46dd7c LoadLibraryA

• 0x46dd80 GetProcAddress

• 0x46dd84 DeleteFileW

• 0x46dd88 MoveFileW

• 0x46dd8c CreateFileW

• 0x46dd90 GetFileAttributesW

• 0x46dd94 CreateDirectoryW

• 0x46dd98 RemoveDirectoryW

• 0x46dd9c SetCurrentDirectoryW

• 0x46dda0 GetCurrentDirectoryW

• 0x46dda4 GetFullPathNameW

• 0x46dda8 SetEnvironmentVariableW

• 0x46ddac GetConsoleMode

• 0x46ddb0 GetConsoleOutputCP

• 0x46ddb4 GetOEMCP

• 0x46ddb8 GetProcessHeap

• 0x46ddbc HeapAlloc

• 0x46ddc0 HeapFree

• 0x46ddc4 TlsAlloc

• 0x46ddc8 TlsGetValue

• 0x46ddcc TlsSetValue

• 0x46ddd0 CreateThread

• 0x46ddd4 ExitThread

• 0x46ddd8 LocalAlloc

• 0x46dddc LocalFree

• 0x46dde0 Sleep

• 0x46dde4 SuspendThread

• 0x46dde8 ResumeThread

• 0x46ddec TerminateThread

• 0x46ddf0 WaitForSingleObject

• 0x46ddf4 SetThreadPriority

• 0x46ddf8 GetThreadPriority

• 0x46ddfc CreateEventA

• 0x46de00 ResetEvent

• 0x46de04 SetEvent

• 0x46de08 InitializeCriticalSection

• 0x46de0c DeleteCriticalSection

• 0x46de10 EnterCriticalSection

• 0x46de14 LeaveCriticalSection

• 0x46de18 TryEnterCriticalSection

• 0x46de1c MultiByteToWideChar

• 0x46de20 WideCharToMultiByte

• 0x46de24 GetACP

• 0x46de28 GetConsoleCP

• 0x46de2c SetUnhandledExceptionFilter

• 0x46de30 EnumResourceTypesA

• 0x46de34 EnumResourceNamesA

• 0x46de38 EnumResourceLanguagesA

• 0x46de3c FindResourceA

• 0x46de40 FindResourceExA

• 0x46de44 LoadResource

• 0x46de48 SizeofResource

• 0x46de4c LockResource

• 0x46de50 GetModuleHandleW

• 0x46de54 VirtualAllocEx

Library USER32.dll:

• 0x46de5c GetAsyncKeyState

• 0x46de60 IsWindow

• 0x46de64 CharUpperW

• 0x46de68 GetDoubleClickTime

• 0x46de6c GetParent

• 0x46de70 GetTopWindow

• 0x46de74 GetSysColorBrush

• 0x46de78 CharNextA

• 0x46de7c GetDesktopWindow

• 0x46de80 GetMenuContextHelpId

• 0x46de84 IsWindowUnicode

• 0x46de88 IsCharUpperW

• 0x46de8c CharLowerW

• 0x46de90 LoadIconA

Library GDI32.dll:

• 0x46de98 CreateFontIndirectA

• 0x46de9c EnumFontFamiliesExA

• 0x46dea0 EnumFontFamiliesA

• 0x46dea4 GetCharABCWidthsA

• 0x46dea8 GetTextExtentPointA

• 0x46deac GetTextExtentPoint32A

• 0x46deb0 GetTextExtentExPointA

• 0x46deb4 GetTextMetricsA

• 0x46deb8 GetObjectA

• 0x46debc ExtTextOutA

• 0x46dec0 CreateFontIndirectW

• 0x46dec4 EnumFontFamiliesExW

• 0x46dec8 GetCharABCWidthsW

• 0x46decc GetTextExtentPoint32W

• 0x46ded0 GetTextExtentExPointW

• 0x46ded4 GetObjectW

• 0x46ded8 TextOutW

• 0x46dedc ExtTextOutW

• 0x46dee0 GetRandomRgn

• 0x46dee4 Arc

• 0x46dee8 BitBlt

• 0x46deec Chord

• 0x46def0 CombineRgn

• 0x46def4 CreateBitmap

• 0x46def8 CreateBrushIndirect

• 0x46defc CreateCompatibleBitmap

• 0x46df00 CreateCompatibleDC

• 0x46df04 CreateDIBitmap

• 0x46df08 CreateEllipticRgn

• 0x46df0c CreatePen

• 0x46df10 CreatePenIndirect

• 0x46df14 CreatePatternBrush

• 0x46df18 CreateRectRgn

• 0x46df1c CreateRoundRectRgn

• 0x46df20 CreateSolidBrush

• 0x46df24 DeleteDC

• 0x46df28 DeleteObject

• 0x46df2c Ellipse

• 0x46df30 EqualRgn

• 0x46df34 ExcludeClipRect

• 0x46df38 ExtCreateRegion

• 0x46df3c ExtFloodFill

• 0x46df40 FillRgn

• 0x46df44 GetROP2

• 0x46df48 GetBkColor

• 0x46df4c GetBitmapBits

• 0x46df50 GetClipBox

• 0x46df54 GetClipRgn

• 0x46df58 GetCurrentObject

• 0x46df5c GetDeviceCaps

• 0x46df60 GetDIBits

• 0x46df64 GetMapMode

• 0x46df68 GetObjectType

• 0x46df6c GetPixel

• 0x46df70 GetRegionData

• 0x46df74 GetRgnBox

• 0x46df78 GetStockObject

• 0x46df7c GetTextAlign

• 0x46df80 GetTextColor

• 0x46df84 GetViewportExtEx

• 0x46df88 GetViewportOrgEx

• 0x46df8c GetWindowExtEx

• 0x46df90 GetWindowOrgEx

• 0x46df94 IntersectClipRect

• 0x46df98 LineTo

• 0x46df9c MaskBlt

• 0x46dfa0 OffsetRgn

• 0x46dfa4 PatBlt

• 0x46dfa8 Pie

• 0x46dfac PaintRgn

• 0x46dfb0 PtInRegion

• 0x46dfb4 RectInRegion

• 0x46dfb8 RectVisible

• 0x46dfbc Rectangle

• 0x46dfc0 RestoreDC

• 0x46dfc4 RealizePalette

• 0x46dfc8 RoundRect

• 0x46dfcc SaveDC

• 0x46dfd0 SelectClipRgn

• 0x46dfd4 ExtSelectClipRgn

• 0x46dfd8 SelectObject

• 0x46dfdc SelectPalette

• 0x46dfe0 SetBkColor

• 0x46dfe4 SetBkMode

• 0x46dfe8 SetMapMode

• 0x46dfec SetPixel

• 0x46dff0 SetPolyFillMode

• 0x46dff4 StretchBlt

• 0x46dff8 SetRectRgn

• 0x46dffc SetROP2

• 0x46e000 SetStretchBltMode

• 0x46e004 SetTextCharacterExtra

• 0x46e008 SetTextColor

• 0x46e00c SetTextAlign

• 0x46e010 CreateDIBSection

• 0x46e014 SetArcDirection

• 0x46e018 ExtCreatePen

• 0x46e01c MoveToEx

• 0x46e020 CreatePolygonRgn

• 0x46e024 DPtoLP

• 0x46e028 LPtoDP

• 0x46e02c Polygon

• 0x46e030 Polyline

• 0x46e034 PolyBezier

• 0x46e038 SetViewportExtEx

• 0x46e03c SetViewportOrgEx

• 0x46e040 SetWindowExtEx

• 0x46e044 SetWindowOrgEx

• 0x46e048 OffsetViewportOrgEx

• 0x46e04c SetBrushOrgEx

• 0x46e050 GetDCOrgEx

• 0x46e054 WidenPath

• 0x46e058 StrokePath

• 0x46e05c CloseEnhMetaFile

• 0x46e060 GetStretchBltMode

• 0x46e064 GetColorSpace

• 0x46e068 GetPixelFormat

• 0x46e06c SwapBuffers

• 0x46e070 FillPath

• 0x46e074 CloseFigure

• 0x46e078 GetDCBrushColor

• 0x46e07c PathToRegion

• 0x46e080 DeleteMetaFile

• 0x46e084 GetEnhMetaFileA

Library ADVAPI32.dll:

• 0x46e08c RegOpenKeyW

• 0x46e090 RegQueryValueExA

Library SHELL32.dll:

• 0x46e098 DragQueryFileA

• 0x46e09c DragQueryFileW

• 0x46e0a0 ShellExecuteW

• 0x46e0a4 DragFinish

• 0x46e0a8 DragAcceptFiles

• 0x46e0ac SHGetPathFromIDList

• 0x46e0b0 SHGetSpecialFolderLocation

• 0x46e0b4 SHGetPathFromIDListA

• 0x46e0b8 SHGetPathFromIDListW

• 0x46e0bc SHBrowseForFolderA

• 0x46e0c0 SHBrowseForFolderW

Library COMCTL32.dll:

• 0x46e0c8

• 0x46e0cc ImageList_Create

• 0x46e0d0 ImageList_Destroy

• 0x46e0d4 ImageList_GetImageCount

• 0x46e0d8 ImageList_SetImageCount

• 0x46e0dc ImageList_Add

• 0x46e0e0 ImageList_Replace

• 0x46e0e4 ImageList_AddMasked

• 0x46e0e8 ImageList_DrawEx

• 0x46e0ec ImageList_DrawIndirect

• 0x46e0f0 ImageList_Remove

• 0x46e0f4 ImageList_Copy

• 0x46e0f8 ImageList_BeginDrag

• 0x46e0fc ImageList_EndDrag

• 0x46e100 ImageList_DragEnter

• 0x46e104 ImageList_DragLeave

• 0x46e108 ImageList_DragMove

• 0x46e10c ImageList_DragShowNolock

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58368	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702
192.168.56.101	49235	8.8.8.8	53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.