3.6
中危
35 个模型检测该样本为恶意!
重新分析
更多

22f105861b8c373e94d70ac51cdbc0f03e784acee57727dae0d734587c6033a7

20a9c13a65525ededd29395428f3bc32.exe

分析耗时

81s

最近分析

文件大小

10.3MB
静态报毒 动态报毒 100% 51FF8T @XW@AKA9BTO AIDETECTVM ARTEMIS ATTRIBUTE COINMINER CONFIDENCE E+HIQI0E6ANH+4MIZKI3HG GENERIC@ML HIGHCONFIDENCE HTIFKV JJXU MALICIOUS PE MALWARE1 MALWARE@#8F895SNVBVGB NNJB POISON POSSIBLETHREAT QVM19 RDMK SCORE SHARPERSIST STATIC AI UNSAFE VMPROTECT ZEXAF ZPACK 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!20A9C13A6552 20201211 6.0.6.653
Alibaba Packed:Win32/VMProtect.c390450f 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201210 21.1.5827.0
Kingsoft 20201211 2017.9.26.565
Tencent 20201211 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1619293529.623499
IsDebuggerPresent
failed 0 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619293530.795499
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 个事件)
section Sy0
section Sy1
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619293529.873499
__exception__
stacktrace: 
CryptHashData+0x2f CryptHashSessionKey-0xb9 cryptsp+0x57e1 @ 0x750f57e1
New_advapi32_CryptHashData@16+0x91 New_advapi32_DeleteService@4-0x78 @ 0x751a188c
0x17e5874
0x17eb0d3
0x17eafb3
0x17eae27
0x17f9a6e
20a9c13a65525ededd29395428f3bc32+0x1a1f0 @ 0x41a1f0
20a9c13a65525ededd29395428f3bc32+0x19b75 @ 0x419b75
20a9c13a65525ededd29395428f3bc32+0x586d03 @ 0x986d03
20a9c13a65525ededd29395428f3bc32+0x8745fb @ 0xc745fb
20a9c13a65525ededd29395428f3bc32+0xafb53 @ 0x4afb53
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637252
registers.edi: 25617864
registers.eax: 0
registers.ebp: 1637292
registers.edx: 0
registers.ebx: 408
registers.esi: 0
registers.ecx: 3333423104
exception.instruction_r: 81 78 2c 33 33 33 33 75 2d 83 c0 30 50 ff 15 44
exception.instruction: cmp dword ptr [eax + 0x2c], 0x33333333
exception.exception_code: 0xc0000005
exception.symbol: CryptEnumProvidersA+0x2e0 CheckSignatureInFile-0x8f2 cryptsp+0x35b6
exception.address: 0x750f35b6
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (50 out of 127 个事件)
Time & API Arguments Status Return Repeated
1619293529.623499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x017d0000
success 0 0
1619293529.623499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x017e0000
success 0 0
1619293529.623499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x017f0000
success 0 0
1619293529.623499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x017e0000
success 0 0
1619293529.623499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x017d0000
success 0 0
1619293529.623499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x017e0000
success 0 0
1619293529.623499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x017f0000
success 0 0
1619293529.623499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x017e0000
success 0 0
1619293529.639499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x017d0000
success 0 0
1619293529.639499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x017e0000
success 0 0
1619293529.639499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x017f0000
success 0 0
1619293529.639499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x017e0000
success 0 0
1619293529.748499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x017d0000
success 0 0
1619293529.748499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 221184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x017e0000
success 0 0
1619293529.811499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x017d0000
success 0 0
1619293529.826499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x017d0000
success 0 0
1619293530.045499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01a60000
success 0 0
1619293530.045499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 77824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x031a0000
success 0 0
1619293530.045499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01a60000
success 0 0
1619293530.357499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03ac0000
success 0 0
1619293530.357499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03ac0000
success 0 0
1619293530.404499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03b60000
success 0 0
1619293530.420499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03b60000
success 0 0
1619293530.420499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03b60000
success 0 0
1619293530.420499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03bb0000
success 0 0
1619293530.420499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03bb0000
success 0 0
1619293530.498499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03c20000
success 0 0
1619293530.498499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03c20000
success 0 0
1619293530.498499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03c20000
success 0 0
1619293530.498499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03c20000
success 0 0
1619293530.498499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03c20000
success 0 0
1619293530.561499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03c40000
success 0 0
1619293530.561499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03c40000
success 0 0
1619293530.576499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03c30000
success 0 0
1619293530.592499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03c60000
success 0 0
1619293530.623499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03c90000
success 0 0
1619293530.623499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03c90000
success 0 0
1619293530.623499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03ca0000
success 0 0
1619293530.623499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03cb0000
success 0 0
1619293530.623499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03cc0000
success 0 0
1619293530.623499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03cd0000
success 0 0
1619293530.623499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x044b0000
success 0 0
1619293530.623499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x044c0000
success 0 0
1619293530.623499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x044d0000
success 0 0
1619293530.623499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x044e0000
success 0 0
1619293530.623499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x044f0000
success 0 0
1619293530.623499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x04500000
success 0 0
1619293530.623499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x04510000
success 0 0
1619293530.623499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x04520000
success 0 0
1619293530.623499
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x04530000
success 0 0
Creates hidden or system file (1 个事件)
Time & API Arguments Status Return Repeated
1619293530.779499
SetFileAttributesW
file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: C:\Sys.ini
filepath: C:\Sys.ini
failed 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.981613231857618 section {'size_of_data': '0x00a4e600', 'virtual_address': '0x0090d000', 'entropy': 7.981613231857618, 'name': 'Sy1', 'virtual_size': '0x00a4e5f0'} description A section with a high entropy has been found
entropy 1.0 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 35 AntiVirus engines on VirusTotal as malicious (35 个事件)
Bkav W32.AIDetectVM.malware1
McAfee Artemis!20A9C13A6552
Cylance Unsafe
Zillya Trojan.VMProtect.Win32.28014
Sangfor Malware
K7AntiVirus Trojan ( 005495971 )
Alibaba Packed:Win32/VMProtect.c390450f
K7GW Trojan ( 005495971 )
Cybereason malicious.a65525
Cyren W32/Trojan.NNJB-5266
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Trojan-gen
Kaspersky Backdoor.Win32.Poison.jjxu
NANO-Antivirus Trojan.Win32.Poison.htifkv
Rising Trojan.Generic@ML.88 (RDMK:E+hiQI0E6ANh+4mIzki3hg)
Comodo Malware@#8f895snvbvgb
F-Secure Trojan.TR/Crypt.ZPACK.Gen
McAfee-GW-Edition BehavesLike.Win32.Backdoor.vc
FireEye Generic.mg.20a9c13a65525ede
Sophos Mal/Generic-S
Ikarus Trojan.Win32.VMProtect
Avira TR/Crypt.ZPACK.Gen
Gridinsoft Trojan.Heur!.02212021
Microsoft VirTool:MSIL/SharPersist
ZoneAlarm Backdoor.Win32.Poison.jjxu
GData Win32.Malware.Coinminer.51FF8T
Cynet Malicious (score: 100)
BitDefenderTheta Gen:NN.ZexaF.34670.@xW@aKa9bTo
ESET-NOD32 a variant of Win32/Packed.VMProtect.GO
SentinelOne Static AI - Malicious PE
Fortinet W32/PossibleThreat
AVG Win32:Trojan-gen
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Generic/HEUR/QVM19.1.827D.Malware.Gen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-05-25 07:29:43

Imports

Library KERNEL32.dll:
0x160f000 GlobalFree
0x160f004 HeapFree
0x160f008 CreateWaitableTimerW
0x160f00c SetWaitableTimer
0x160f010 CloseHandle
0x160f014 GetCurrentProcessId
0x160f018 CreateWaitableTimerA
0x160f01c MapViewOfFile
0x160f020 UnmapViewOfFile
0x160f024 OpenFileMappingA
0x160f028 CreateFileMappingA
0x160f02c VirtualProtect
0x160f030 lstrlenW
0x160f034 GlobalSize
0x160f038 LocalSize
0x160f03c GetModuleHandleA
0x160f040 ExitProcess
0x160f044 HeapAlloc
0x160f048 HeapReAlloc
0x160f04c IsBadReadPtr
0x160f050 GetModuleFileNameA
0x160f054 ReadFile
0x160f058 GetFileSize
0x160f05c CreateFileA
0x160f060 GetTickCount
0x160f064 SetFilePointer
0x160f068 FindNextFileA
0x160f06c FindFirstFileA
0x160f070 FindClose
0x160f074 SetFileAttributesA
0x160f080 DeleteFileA
0x160f084 WriteFile
0x160f088 GetUserDefaultLCID
0x160f08c FormatMessageA
0x160f090 GetCommandLineA
0x160f094 GlobalUnlock
0x160f098 LoadLibraryA
0x160f09c LCMapStringA
0x160f0a0 EnterCriticalSection
0x160f0a8 LeaveCriticalSection
0x160f0ac WideCharToMultiByte
0x160f0b0 GetThreadContext
0x160f0b4 GetCurrentThread
0x160f0b8 RtlMoveMemory
0x160f0bc DeleteCriticalSection
0x160f0c0 CreateThread
0x160f0c4 GetWindowsDirectoryA
0x160f0c8 GetSystemDirectoryA
0x160f0cc GetTempPathA
0x160f0d0 GetModuleHandleW
0x160f0d4 GetProcAddress
0x160f0d8 GetNativeSystemInfo
0x160f0dc MultiByteToWideChar
0x160f0e0 FindResourceA
0x160f0e4 LoadResource
0x160f0e8 LockResource
0x160f0ec SizeofResource
0x160f0f0 FreeResource
0x160f0f4 IsDebuggerPresent
0x160f0f8 GlobalMemoryStatusEx
0x160f0fc GetLocalTime
0x160f100 VirtualAlloc
0x160f104 VirtualFree
0x160f108 Sleep
0x160f10c GlobalLock
0x160f110 FreeLibrary
0x160f114 GlobalAlloc
0x160f118 GetProcessHeap
Library USER32.dll:
0x160f120 CopyImage
0x160f124 GetClassNameW
0x160f128 SendMessageW
0x160f12c CreateWindowExW
0x160f134 IsWindow
0x160f138 GetMessageW
0x160f13c TranslateMessage
0x160f140 DispatchMessageW
0x160f144 DestroyWindow
0x160f148 CreateWindowStationA
0x160f14c EnableWindow
0x160f150 GetWindowRect
0x160f154 MoveWindow
0x160f158 SetActiveWindow
0x160f15c MessageBeep
0x160f160 GetPropA
0x160f164 SetForegroundWindow
0x160f168 RemovePropA
0x160f16c PostMessageW
0x160f170 ShowWindow
0x160f174 SetCursor
0x160f178 SendMessageA
0x160f17c KillTimer
0x160f180 GetAsyncKeyState
0x160f184 IntersectRect
0x160f18c UpdateLayeredWindow
0x160f190 ReleaseCapture
0x160f194 IsZoomed
0x160f198 IsIconic
0x160f19c LoadCursorFromFileW
0x160f1a0 SetTimer
0x160f1a4 PtInRect
0x160f1a8 ReleaseDC
0x160f1ac SetCaretPos
0x160f1b0 GetCursorPos
0x160f1b4 CallWindowProcW
0x160f1b8 TrackMouseEvent
0x160f1bc BeginPaint
0x160f1c0 EndPaint
0x160f1c4 SetCapture
0x160f1c8 GetFocus
0x160f1cc SetFocus
0x160f1d0 SetWindowLongW
0x160f1d4 SetWindowPos
0x160f1d8 SetPropA
0x160f1dc GetClassLongW
0x160f1e0 GetWindowTextW
0x160f1e4 GetParent
0x160f1e8 SetWindowRgn
0x160f1ec GetSystemMetrics
0x160f1f0 MessageBoxA
0x160f1f4 wsprintfA
0x160f1f8 DispatchMessageA
0x160f1fc GetMessageA
0x160f200 PeekMessageA
0x160f204 GetDesktopWindow
0x160f208 GetDC
0x160f20c LoadCursorW
0x160f218 SystemParametersInfoA
0x160f21c SetWindowLongA
0x160f220 GetClassNameA
0x160f224 GetWindowTextA
0x160f228 IsWindowVisible
0x160f22c GetWindowLongA
0x160f230 DefWindowProcW
0x160f234 RegisterClassExW
0x160f238 InvalidateRect
Library SHELL32.dll:
0x160f240 Shell_NotifyIconW
0x160f244 ShellExecuteA
Library ole32.dll:
0x160f250 CoUninitialize
0x160f254 CoInitialize
0x160f258 StringFromGUID2
0x160f25c CLSIDFromString
0x160f260 CreateStreamOnHGlobal
0x160f264 CoCreateInstance
0x160f268 CLSIDFromProgID
0x160f26c OleRun
Library gdiplus.dll:
0x160f278 GdipDrawPolygon
0x160f27c GdipFillPolygon
0x160f280 GdipCreatePen2
0x160f284 GdipCreateLineBrush
0x160f288 GdipFillPath
0x160f28c GdipClosePathFigure
0x160f290 GdipAddPathArc
0x160f294 GdipCreatePath
0x160f298 GdipDeletePath
0x160f29c GdipDrawPath
0x160f2a0 GdipCreateRegionHrgn
0x160f2a4 GdipDeleteRegion
0x160f2a8 GdipGetRegionBounds
0x160f2b0 GdipCreateRegion
0x160f2b8 GdipGetImageEncoders
0x160f2c0 GdipSaveImageToStream
0x160f2c8 GdipGetPropertyItem
0x160f300 GdipDrawString
0x160f304 GdipCreateSolidFill
0x160f308 GdipGetFontHeight
0x160f30c GdipDeleteBrush
0x160f310 GdipFillRectangle
0x160f324 GdipDrawImageRect
0x160f328 GdipBitmapUnlockBits
0x160f32c GdipBitmapLockBits
0x160f330 GdipGraphicsClear
0x160f334 GdipSetSmoothingMode
0x160f338 GdipGetSmoothingMode
0x160f33c GdipDeleteGraphics
0x160f348 GdipResetClip
0x160f34c GdipSetPenDashStyle
0x160f350 GdipDeletePen
0x160f354 GdipDrawRectangle
0x160f358 GdipSetClipRect
0x160f35c GdipSetClipRegion
0x160f360 GdipDisposeImage
0x160f364 GdipDrawImageRectRect
0x160f368 GdipGetImageHeight
0x160f36c GdipGetImageWidth
0x160f370 GdipCloneBitmapArea
0x160f378 GdipMeasureString
0x160f37c GdipGetFontStyle
0x160f380 GdipGetFontSize
0x160f384 GdipGetFamilyName
0x160f388 GdipDeleteFont
0x160f38c GdipCreateFont
0x160f390 GdipDeleteFontFamily
0x160f39c GdiplusStartup
0x160f3a8 GdipCreateFromHDC
Library OLEAUT32.dll:
0x160f3b0 SafeArrayDestroy
0x160f3b4 VariantClear
0x160f3b8 SysAllocString
0x160f3bc SafeArrayCreate
0x160f3c0 VariantCopy
0x160f3c4 RegisterTypeLib
0x160f3c8 LHashValOfNameSys
0x160f3cc LoadTypeLib
0x160f3d0 VarR8FromCy
0x160f3d4 VarR8FromBool
0x160f3d8 VariantChangeType
0x160f3dc OleLoadPicture
Library WININET.dll:
0x160f3e4 InternetCloseHandle
0x160f3e8 InternetReadFile
0x160f3ec HttpQueryInfoA
0x160f3f0 InternetOpenUrlA
0x160f3f4 InternetOpenA
Library WS2_32.dll:
0x160f3fc recv
0x160f400 inet_ntoa
0x160f404 WSAStartup
0x160f408 closesocket
0x160f40c socket
0x160f410 inet_addr
0x160f414 htons
0x160f418 connect
0x160f41c send
0x160f420 getsockname
0x160f424 ntohs
0x160f428 WSAAsyncSelect
0x160f42c select
0x160f430 WSACleanup
0x160f434 gethostbyname
Library GDI32.dll:
0x160f43c DeleteObject
0x160f440 DeleteDC
0x160f444 GetDeviceCaps
0x160f448 CreateRoundRectRgn
0x160f44c CreateRectRgn
0x160f450 GetDIBits
0x160f454 SelectObject
0x160f458 StretchBlt
0x160f45c SetStretchBltMode
0x160f464 CreateDIBSection
0x160f468 BitBlt
0x160f46c CreateCompatibleDC
0x160f470 GetObjectA
Library IMM32.dll:
0x160f478 ImmGetContext
0x160f47c ImmAssociateContext
Library MSVCRT.dll:
0x160f484 __CxxFrameHandler
0x160f488 strtod
0x160f48c _CIfmod
0x160f490 rand
0x160f494 srand
0x160f498 modf
0x160f49c ??2@YAPAXI@Z
0x160f4a0 strncmp
0x160f4a4 ??3@YAXPAX@Z
0x160f4a8 strncpy
0x160f4ac malloc
0x160f4b0 free
0x160f4b4 _CIpow
0x160f4b8 floor
0x160f4bc _ftol
0x160f4c0 atoi
0x160f4c4 sprintf
0x160f4c8 strrchr
0x160f4cc realloc
0x160f4d0 memmove
0x160f4d4 calloc
0x160f4d8 strchr
0x160f4dc _stricmp
Library SHLWAPI.dll:
0x160f4e4 PathFileExistsA
Library KERNEL32.dll:
0x160f4ec LocalAlloc
0x160f4f0 LocalFree
0x160f4f4 GetModuleFileNameW
0x160f500 SetThreadAffinityMask
0x160f504 Sleep
0x160f508 ExitProcess
0x160f50c FreeLibrary
0x160f510 LoadLibraryA
0x160f514 GetModuleHandleA
0x160f518 GetProcAddress
Library USER32.dll:

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.