4.8
中危
53 个模型检测该样本为恶意!
重新分析
更多

0efa7703690d3fe9df70c81d7dea974aa710c7c55a76fd50e6a050bc76698d89

23fa47d1c4f4ab3084b9bd6ea926bb16.exe

分析耗时

78s

最近分析

文件大小

1.1MB
静态报毒 动态报毒 100% ADWAREDEALPLY AI SCORE=82 AIDETECTVM BSCOPE BT47KP CLASSIC CONFIDENCE DELF DOWNLOADER33 EKLE ELDORADO ELX@AOBKJDCI GDSDA GENCIRC GENERICKD GENERICRXAA GENKD GENKRYPTIK HIGH CONFIDENCE HNSYNN IGENT KCLOUD MALWARE1 MALWARE@#GA81JI2X3TLX R + TROJ REMCOS SCORE STATIC AI STEALE SUSPICIOUS PE TNEGA UNSAFE WACATAC WLSBH ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXAA-FA!23FA47D1C4F4 20201211 6.0.6.653
Avast Win32:Malware-gen 20201210 21.1.5827.0
Alibaba TrojanDownloader:Win32/Tnega.df7a2cce 20190527 0.3.0.5
Tencent Malware.Win32.Gencirc.10cddeeb 20201211 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft Win32.Troj.Undef.(kcloud) 20201211 2017.9.26.565
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .itext
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619269267.937212
__exception__
stacktrace: 
0x2229696
0x22296c9
0x22295e6
0x21df720
0x222a025
0x222af2e
0x21ee3fa
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x775a7bca
0x22267ec
0x222b1f7
23fa47d1c4f4ab3084b9bd6ea926bb16+0x8a322 @ 0x48a322

registers.esp: 1634020
registers.edi: 0
registers.eax: 1634020
registers.ebp: 1634100
registers.edx: 0
registers.ebx: 1635776
registers.esi: 54216156
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1619269222.546212
NtAllocateVirtualMemory
process_identifier: 2404
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x006d0000
success 0 0
1619269223.312212
NtAllocateVirtualMemory
process_identifier: 2404
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02160000
success 0 0
Downloads a file or document from Google Drive (1 个事件)
domain drive.google.com
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Disables proxy possibly for traffic interception (1 个事件)
Time & API Arguments Status Return Repeated
1619269238.578212
RegSetValueExA
key_handle: 0x000002cc
value: 0
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 157.240.17.41:443
File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
DrWeb Trojan.DownLoader33.63862
MicroWorld-eScan Trojan.GenericKD.34164933
FireEye Trojan.GenericKD.34164933
Qihoo-360 Win32/Backdoor.a07
McAfee GenericRXAA-FA!23FA47D1C4F4
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Trojan-Downloader ( 0056a8b01 )
BitDefender Trojan.GenericKD.34164933
K7GW Trojan-Downloader ( 0056a8b01 )
BitDefenderTheta Gen:NN.ZelphiF.34670.eLX@aObkJDci
Cyren W32/Delf_Troj.T2.gen!Eldorado
Symantec Trojan Horse
APEX Malicious
Avast Win32:Malware-gen
Kaspersky HEUR:Backdoor.Win32.Remcos.gen
Alibaba TrojanDownloader:Win32/Tnega.df7a2cce
NANO-Antivirus Trojan.Win32.Remcos.hnsynn
Tencent Malware.Win32.Gencirc.10cddeeb
Ad-Aware Trojan.GenericKD.34164933
Emsisoft Trojan.GenericKD.34164933 (B)
Comodo Malware@#ga81ji2x3tlx
F-Secure Trojan.TR/Dldr.Delf.wlsbh
McAfee-GW-Edition BehavesLike.Win32.AdwareDealPly.th
Sophos Mal/Generic-R + Troj/Steale-AEN
SentinelOne Static AI - Suspicious PE
GData Trojan.GenericKD.34164933
Jiangmin Backdoor.Remcos.cay
Webroot W32.Trojan.GenKD
Avira TR/Dldr.Delf.wlsbh
Antiy-AVL Trojan[Backdoor]/Win32.Remcos
Kingsoft Win32.Troj.Undef.(kcloud)
Arcabit Trojan.Generic.D20950C5
ZoneAlarm HEUR:Backdoor.Win32.Remcos.gen
Microsoft Trojan:Win32/Tnega!MSR
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.Generic.C4159902
VBA32 BScope.Trojan.Wacatac
ALYac Trojan.GenericKD.34164933
MAX malware (ai score=82)
Malwarebytes Trojan.MalPack.SMY
Panda Trj/GdSda.A
Zoner Trojan.Win32.94764
ESET-NOD32 Win32/TrojanDownloader.Delf.CYK
Rising Trojan.Delf!1.C901 (CLASSIC)
Yandex Trojan.Igent.bT47KP.1
Fortinet W32/GenKryptik.EKLE!tr
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library oleaut32.dll:
0x506804 SysFreeString
0x506808 SysReAllocStringLen
0x50680c SysAllocStringLen
Library advapi32.dll:
0x506814 RegQueryValueExA
0x506818 RegOpenKeyExA
0x50681c RegCloseKey
Library user32.dll:
0x506824 GetKeyboardType
0x506828 DestroyWindow
0x50682c LoadStringA
0x506830 MessageBoxA
0x506834 CharNextA
Library kernel32.dll:
0x50683c GetACP
0x506840 Sleep
0x506844 VirtualFree
0x506848 VirtualAlloc
0x50684c GetTickCount
0x506854 GetCurrentThreadId
0x506860 VirtualQuery
0x506864 WideCharToMultiByte
0x506868 MultiByteToWideChar
0x50686c lstrlenA
0x506870 lstrcpynA
0x506874 LoadLibraryExA
0x506878 GetThreadLocale
0x50687c GetStartupInfoA
0x506880 GetProcAddress
0x506884 GetModuleHandleA
0x506888 GetModuleFileNameA
0x50688c GetLocaleInfoA
0x506890 GetCommandLineA
0x506894 FreeLibrary
0x506898 FindFirstFileA
0x50689c FindClose
0x5068a0 ExitProcess
0x5068a4 CompareStringA
0x5068a8 WriteFile
0x5068b0 RtlUnwind
0x5068b4 RaiseException
0x5068b8 GetStdHandle
Library kernel32.dll:
0x5068c0 TlsSetValue
0x5068c4 TlsGetValue
0x5068c8 LocalAlloc
0x5068cc GetModuleHandleA
Library user32.dll:
0x5068d4 CreateWindowExA
0x5068d8 WindowFromPoint
0x5068dc WaitMessage
0x5068e0 UpdateWindow
0x5068e4 UnregisterClassA
0x5068e8 UnhookWindowsHookEx
0x5068ec TranslateMessage
0x5068f4 TrackPopupMenu
0x5068fc ShowWindow
0x506900 ShowScrollBar
0x506904 ShowOwnedPopups
0x506908 SetWindowsHookExA
0x50690c SetWindowTextA
0x506910 SetWindowPos
0x506914 SetWindowPlacement
0x506918 SetWindowLongW
0x50691c SetWindowLongA
0x506920 SetTimer
0x506924 SetScrollRange
0x506928 SetScrollPos
0x50692c SetScrollInfo
0x506930 SetRect
0x506934 SetPropA
0x506938 SetParent
0x50693c SetMenuItemInfoA
0x506940 SetMenu
0x506944 SetForegroundWindow
0x506948 SetFocus
0x50694c SetCursor
0x506950 SetClipboardData
0x506954 SetClassLongA
0x506958 SetCapture
0x50695c SetActiveWindow
0x506960 SendMessageW
0x506964 SendMessageA
0x506968 ScrollWindow
0x50696c ScreenToClient
0x506970 RemovePropA
0x506974 RemoveMenu
0x506978 ReleaseDC
0x50697c ReleaseCapture
0x506988 RegisterClassA
0x50698c RedrawWindow
0x506990 PtInRect
0x506994 PostQuitMessage
0x506998 PostMessageA
0x50699c PeekMessageW
0x5069a0 PeekMessageA
0x5069a4 OpenClipboard
0x5069a8 OffsetRect
0x5069ac OemToCharA
0x5069b0 MessageBoxA
0x5069b4 MessageBeep
0x5069b8 MapWindowPoints
0x5069bc MapVirtualKeyA
0x5069c0 LoadStringA
0x5069c4 LoadKeyboardLayoutA
0x5069c8 LoadIconA
0x5069cc LoadCursorA
0x5069d0 LoadBitmapA
0x5069d4 KillTimer
0x5069d8 IsZoomed
0x5069dc IsWindowVisible
0x5069e0 IsWindowUnicode
0x5069e4 IsWindowEnabled
0x5069e8 IsWindow
0x5069ec IsRectEmpty
0x5069f0 IsIconic
0x5069f4 IsDialogMessageW
0x5069f8 IsDialogMessageA
0x5069fc IsChild
0x506a00 InvalidateRect
0x506a04 IntersectRect
0x506a08 InsertMenuItemA
0x506a0c InsertMenuA
0x506a10 InflateRect
0x506a18 GetWindowTextA
0x506a1c GetWindowRect
0x506a20 GetWindowPlacement
0x506a24 GetWindowLongW
0x506a28 GetWindowLongA
0x506a2c GetWindowDC
0x506a30 GetTopWindow
0x506a34 GetSystemMetrics
0x506a38 GetSystemMenu
0x506a3c GetSysColorBrush
0x506a40 GetSysColor
0x506a44 GetSubMenu
0x506a48 GetScrollRange
0x506a4c GetScrollPos
0x506a50 GetScrollInfo
0x506a54 GetPropA
0x506a58 GetParent
0x506a5c GetWindow
0x506a60 GetMessagePos
0x506a64 GetMenuStringA
0x506a68 GetMenuState
0x506a6c GetMenuItemInfoA
0x506a70 GetMenuItemID
0x506a74 GetMenuItemCount
0x506a78 GetMenu
0x506a7c GetLastActivePopup
0x506a80 GetKeyboardState
0x506a8c GetKeyboardLayout
0x506a90 GetKeyState
0x506a94 GetKeyNameTextA
0x506a98 GetIconInfo
0x506a9c GetForegroundWindow
0x506aa0 GetFocus
0x506aa4 GetDlgItem
0x506aa8 GetDesktopWindow
0x506aac GetDCEx
0x506ab0 GetDC
0x506ab4 GetCursorPos
0x506ab8 GetCursor
0x506abc GetClipboardData
0x506ac0 GetClientRect
0x506ac4 GetClassLongA
0x506ac8 GetClassInfoA
0x506acc GetCapture
0x506ad0 GetActiveWindow
0x506ad4 FrameRect
0x506ad8 FindWindowA
0x506adc FillRect
0x506ae0 EqualRect
0x506ae4 EnumWindows
0x506ae8 EnumThreadWindows
0x506aec EnumChildWindows
0x506af0 EndPaint
0x506af4 EnableWindow
0x506af8 EnableScrollBar
0x506afc EnableMenuItem
0x506b00 EmptyClipboard
0x506b04 DrawTextA
0x506b08 DrawMenuBar
0x506b0c DrawIconEx
0x506b10 DrawIcon
0x506b14 DrawFrameControl
0x506b18 DrawFocusRect
0x506b1c DrawEdge
0x506b20 DispatchMessageW
0x506b24 DispatchMessageA
0x506b28 DestroyWindow
0x506b2c DestroyMenu
0x506b30 DestroyIcon
0x506b34 DestroyCursor
0x506b38 DeleteMenu
0x506b3c DefWindowProcA
0x506b40 DefMDIChildProcA
0x506b44 DefFrameProcA
0x506b48 CreatePopupMenu
0x506b4c CreateMenu
0x506b50 CreateIcon
0x506b54 CloseClipboard
0x506b58 ClientToScreen
0x506b5c CheckMenuItem
0x506b60 CharNextW
0x506b64 CallWindowProcA
0x506b68 CallNextHookEx
0x506b6c BeginPaint
0x506b70 CharNextA
0x506b74 CharLowerBuffA
0x506b78 CharLowerA
0x506b7c CharUpperBuffA
0x506b80 CharToOemA
0x506b84 AdjustWindowRectEx
Library gdi32.dll:
0x506b90 UnrealizeObject
0x506b94 StretchBlt
0x506b98 SetWindowOrgEx
0x506b9c SetWinMetaFileBits
0x506ba0 SetViewportOrgEx
0x506ba4 SetTextColor
0x506ba8 SetStretchBltMode
0x506bac SetROP2
0x506bb0 SetPixel
0x506bb4 SetEnhMetaFileBits
0x506bb8 SetDIBColorTable
0x506bbc SetBrushOrgEx
0x506bc0 SetBkMode
0x506bc4 SetBkColor
0x506bc8 SelectPalette
0x506bcc SelectObject
0x506bd0 SelectClipRgn
0x506bd4 SaveDC
0x506bd8 RestoreDC
0x506bdc Rectangle
0x506be0 RectVisible
0x506be4 RealizePalette
0x506be8 Polyline
0x506bec PlayEnhMetaFile
0x506bf0 PatBlt
0x506bf4 MoveToEx
0x506bf8 MaskBlt
0x506bfc LineTo
0x506c00 IntersectClipRect
0x506c04 GetWindowOrgEx
0x506c08 GetWinMetaFileBits
0x506c0c GetTextMetricsA
0x506c10 GetTextExtentPointA
0x506c1c GetStockObject
0x506c20 GetRgnBox
0x506c24 GetPolyFillMode
0x506c28 GetPixel
0x506c2c GetPaletteEntries
0x506c30 GetObjectA
0x506c34 GetGraphicsMode
0x506c40 GetEnhMetaFileBits
0x506c44 GetDeviceCaps
0x506c48 GetDIBits
0x506c4c GetDIBColorTable
0x506c50 GetDCOrgEx
0x506c58 GetClipBox
0x506c5c GetBrushOrgEx
0x506c60 GetBitmapBits
0x506c64 GdiFlush
0x506c68 ExtTextOutA
0x506c6c ExcludeClipRect
0x506c70 DeleteObject
0x506c74 DeleteEnhMetaFile
0x506c78 DeleteDC
0x506c7c CreateSolidBrush
0x506c80 CreatePenIndirect
0x506c84 CreatePalette
0x506c8c CreateFontIndirectA
0x506c90 CreateDIBitmap
0x506c94 CreateDIBSection
0x506c98 CreateCompatibleDC
0x506ca0 CreateBrushIndirect
0x506ca4 CreateBitmap
0x506ca8 CopyEnhMetaFileA
0x506cac BitBlt
Library version.dll:
0x506cb4 VerQueryValueA
0x506cbc GetFileVersionInfoA
Library kernel32.dll:
0x506cc4 lstrcpyA
0x506cc8 WriteFile
0x506ccc WaitForSingleObject
0x506cd0 VirtualQuery
0x506cd4 VirtualProtect
0x506cd8 VirtualAlloc
0x506cdc SizeofResource
0x506ce0 SetThreadLocale
0x506ce4 SetFilePointer
0x506ce8 SetEvent
0x506cec SetErrorMode
0x506cf0 SetEndOfFile
0x506cf4 ResetEvent
0x506cf8 ReadFile
0x506cfc MultiByteToWideChar
0x506d00 MulDiv
0x506d04 LockResource
0x506d08 LoadResource
0x506d0c LoadLibraryA
0x506d18 GlobalUnlock
0x506d1c GlobalLock
0x506d20 GlobalFree
0x506d24 GlobalFindAtomA
0x506d28 GlobalDeleteAtom
0x506d2c GlobalAlloc
0x506d30 GlobalAddAtomA
0x506d34 GetVersionExA
0x506d38 GetVersion
0x506d3c GetTickCount
0x506d40 GetThreadLocale
0x506d44 GetStdHandle
0x506d48 GetProcAddress
0x506d4c GetModuleHandleA
0x506d50 GetModuleFileNameA
0x506d54 GetLocaleInfoA
0x506d58 GetLocalTime
0x506d5c GetLastError
0x506d60 GetFullPathNameA
0x506d64 GetFileAttributesA
0x506d68 GetDiskFreeSpaceA
0x506d6c GetDateFormatA
0x506d70 GetCurrentThreadId
0x506d74 GetCurrentProcessId
0x506d78 GetCPInfo
0x506d7c FreeResource
0x506d80 InterlockedExchange
0x506d84 FreeLibrary
0x506d88 FormatMessageA
0x506d8c FindResourceA
0x506d90 EnumCalendarInfoA
0x506d9c CreateThread
0x506da0 CreateFileA
0x506da4 CreateEventA
0x506da8 CompareStringA
0x506dac CloseHandle
Library advapi32.dll:
0x506db4 RegQueryValueExA
0x506db8 RegOpenKeyExA
0x506dbc RegFlushKey
0x506dc0 RegCloseKey
Library oleaut32.dll:
0x506dc8 GetErrorInfo
0x506dcc SysFreeString
Library ole32.dll:
0x506dd4 CoUninitialize
0x506dd8 CoInitialize
Library kernel32.dll:
0x506de0 Sleep
Library oleaut32.dll:
0x506de8 SafeArrayPtrOfIndex
0x506dec SafeArrayPutElement
0x506df0 SafeArrayGetElement
0x506df8 SafeArrayAccessData
0x506dfc SafeArrayGetUBound
0x506e00 SafeArrayGetLBound
0x506e04 SafeArrayCreate
0x506e08 VariantChangeType
0x506e0c VariantCopyInd
0x506e10 VariantCopy
0x506e14 VariantClear
0x506e18 VariantInit
Library comctl32.dll:
0x506e20 _TrackMouseEvent
0x506e2c ImageList_Write
0x506e30 ImageList_Read
0x506e3c ImageList_DragMove
0x506e40 ImageList_DragLeave
0x506e44 ImageList_DragEnter
0x506e48 ImageList_EndDrag
0x506e4c ImageList_BeginDrag
0x506e50 ImageList_Remove
0x506e54 ImageList_DrawEx
0x506e58 ImageList_Replace
0x506e5c ImageList_Draw
0x506e68 ImageList_Add
0x506e70 ImageList_Destroy
0x506e74 ImageList_Create
0x506e78 InitCommonControls
Library comdlg32.dll:
0x506e80 GetSaveFileNameA
0x506e84 GetOpenFileNameA
Library advapi32.dll:
0x506e8c QueryServiceStatus
0x506e90 OpenServiceA
0x506e94 OpenSCManagerA
0x506e98 CloseServiceHandle

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.