3.4
中危
34 个模型检测该样本为恶意!
重新分析
更多

462891fe34ddc3de375de51217a62df5947ae22d44712a30ac79e75be36cde09

258d0546f11f018cc43dd438bc51fb4d.exe

分析耗时

22s

最近分析

文件大小

769.0KB
静态报毒 动态报毒 A VARIANT OF GENERIK ATTRIBUTE CGPFQMT DOWNLOAD4 EPPJ6E FUGRAFA GENERIC@ML GSSA HIGH HIGHCONFIDENCE MALWARE@#35NC7GU1RO9ID MAYVX MODERATE CONFIDENCE MRFF NOJ9F+KEA1CECZZ1YZUC4A PLOCK POSSIBLETHREAT R002C0PJD19 RDML SCORE SUSGEN TIGGRE UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Application/Fugrafa.29fa75ec 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20200217 18.4.3895.0
Kingsoft 20200218 2013.8.14.323
McAfee RDN/Generic.gkq 20200217 6.0.6.653
Tencent 20200218 1.0.0.1
CrowdStrike 20190702 1.0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620119620.629436
NtAllocateVirtualMemory
process_identifier: 1464
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f0000
success 0 0
Foreign language identified in PE resource (1 个事件)
name ZIP language LANG_TURKISH offset 0x000515c8 filetype Zip archive data, at least v2.0 to extract sublanguage SUBLANG_DEFAULT size 0x00072da6
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.955471306448403 section {'size_of_data': '0x00075a00', 'virtual_address': '0x00051000', 'entropy': 7.955471306448403, 'name': '.rsrc', 'virtual_size': '0x00075a00'} description A section with a high entropy has been found
entropy 0.6126302083333334 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 34 AntiVirus engines on VirusTotal as malicious (34 个事件)
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 0055b6481 )
Alibaba Trojan:Application/Fugrafa.29fa75ec
K7GW Trojan ( 0055b6481 )
TrendMicro TROJ_GEN.R002C0PJD19
Cyren W32/Trojan.MRFF-8862
Symantec ML.Attribute.HighConfidence
Paloalto generic.ml
Avast Win32:Malware-gen
Rising Trojan.Generic@ML.91 (RDML:nOj9F+kEA1CECZZ1YzUc4A)
Comodo Malware@#35nc7gu1ro9id
F-Secure Trojan.TR/Fugrafa.mayvx
DrWeb Trojan.DownLoad4.6872
McAfee-GW-Edition BehavesLike.Win32.Dropper.bc
Trapmine malicious.high.ml.score
Sophos Mal/Generic-S
Jiangmin AdWare.Generic.gssa
Avira TR/Fugrafa.mayvx
Microsoft Trojan:Win32/Tiggre!plock
Endgame malicious (moderate confidence)
AegisLab Trojan.Win32.Fugrafa.4!c
GData Win32.Trojan.Agent.EPPJ6E
AhnLab-V3 Malware/Win32.Generic.C3532694
McAfee RDN/Generic.gkq
VBA32 Trojan.Download
ESET-NOD32 a variant of Generik.CGPFQMT
TrendMicro-HouseCall TROJ_GEN.R002C0PJD19
Yandex Trojan.DownLoad!
Ikarus Trojan.Fugrafa
Fortinet W32/PossibleThreat
MaxSecure Trojan.Malware.8326453.susgen
AVG Win32:Malware-gen
Qihoo-360 Win32/Trojan.922
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x448104 GetCurrentThreadId
0x448118 VirtualFree
0x44811c VirtualAlloc
0x448120 LocalFree
0x448124 LocalAlloc
0x448130 VirtualQuery
0x448134 WideCharToMultiByte
0x44813c MultiByteToWideChar
0x448140 lstrlenA
0x448144 lstrcpyA
0x448148 LoadLibraryExA
0x44814c GetThreadLocale
0x448150 GetStartupInfoA
0x448154 GetModuleFileNameA
0x448158 GetLocaleInfoA
0x44815c GetLastError
0x448160 GetCommandLineA
0x448164 FreeLibrary
0x448168 CreateDirectoryA
0x44816c ExitProcess
0x448170 WriteFile
0x448174 SetFilePointer
0x448178 SetEndOfFile
0x44817c RtlUnwind
0x448180 ReadFile
0x448184 RaiseException
0x448188 GetStdHandle
0x44818c GetFileSize
0x448190 GetFileType
0x448194 DeleteFileA
0x448198 CreateFileA
0x44819c CloseHandle
Library user32.dll:
0x4481a4 GetKeyboardType
0x4481a8 LoadStringA
0x4481ac MessageBoxA
Library advapi32.dll:
0x4481b4 RegQueryValueExA
0x4481b8 RegOpenKeyExA
0x4481bc RegCloseKey
Library oleaut32.dll:
0x4481c4 VariantChangeTypeEx
0x4481c8 VariantCopyInd
0x4481cc VariantClear
0x4481d0 SysStringLen
0x4481d4 SysFreeString
0x4481d8 SysReAllocStringLen
0x4481dc SysAllocStringLen
Library kernel32.dll:
0x4481e4 TlsSetValue
0x4481e8 TlsGetValue
0x4481ec LocalAlloc
0x4481f0 GetModuleHandleA
0x4481f4 GetModuleFileNameA
Library advapi32.dll:
0x4481fc RegQueryValueExA
0x448200 RegOpenKeyExA
0x448204 RegFlushKey
0x448208 RegCreateKeyExA
0x44820c RegCloseKey
Library kernel32.dll:
0x448214 lstrcpyA
0x44821c WriteFile
0x448220 WaitForSingleObject
0x448224 VirtualQuery
0x448228 VirtualAlloc
0x448230 Sleep
0x448234 SizeofResource
0x448238 SetThreadLocale
0x44823c SetFileTime
0x448240 SetFilePointer
0x448244 SetFileAttributesA
0x448248 SetEvent
0x44824c SetErrorMode
0x448250 SetEndOfFile
0x448254 ReadFile
0x448258 MulDiv
0x44825c LockResource
0x448264 LoadResource
0x448268 LoadLibraryA
0x448274 GlobalUnlock
0x448278 GlobalReAlloc
0x44827c GlobalHandle
0x448280 GlobalLock
0x448284 GlobalFree
0x448288 GlobalDeleteAtom
0x44828c GlobalAlloc
0x448290 GlobalAddAtomA
0x448294 GetVersionExA
0x448298 GetVersion
0x44829c GetTickCount
0x4482a0 GetThreadLocale
0x4482a4 GetSystemInfo
0x4482a8 GetProcAddress
0x4482b0 GetModuleHandleA
0x4482b4 GetModuleFileNameA
0x4482b8 GetLocaleInfoA
0x4482bc GetLocalTime
0x4482c0 GetLastError
0x4482c4 GetFileAttributesA
0x4482c8 GetDiskFreeSpaceA
0x4482cc GetDateFormatA
0x4482d0 GetCurrentThreadId
0x4482d4 GetCurrentProcessId
0x4482d8 GetCPInfo
0x4482dc FreeResource
0x4482e0 FreeLibrary
0x4482e4 FormatMessageA
0x4482e8 FindResourceA
0x4482ec FindFirstFileA
0x4482f0 FindClose
0x4482fc EnumCalendarInfoA
0x448304 DeleteFileA
0x44830c CreateThread
0x448310 CreateFileA
0x448314 CreateEventA
0x448318 CreateDirectoryA
0x44831c CopyFileA
0x448320 CompareStringA
0x448324 CloseHandle
Library gdi32.dll:
0x44832c UnrealizeObject
0x448330 StretchBlt
0x448334 SetWindowOrgEx
0x448338 SetViewportOrgEx
0x44833c SetTextColor
0x448340 SetStretchBltMode
0x448344 SetROP2
0x448348 SetPixel
0x44834c SetDIBColorTable
0x448350 SetBrushOrgEx
0x448354 SetBkMode
0x448358 SetBkColor
0x44835c SelectPalette
0x448360 SelectObject
0x448364 SaveDC
0x448368 RestoreDC
0x44836c RectVisible
0x448370 RealizePalette
0x448374 PatBlt
0x448378 MoveToEx
0x44837c MaskBlt
0x448380 LineTo
0x448384 IntersectClipRect
0x448388 GetWindowOrgEx
0x44838c GetTextMetricsA
0x448390 GetTextExtentPointA
0x448398 GetStockObject
0x44839c GetPixel
0x4483a0 GetPaletteEntries
0x4483a4 GetObjectA
0x4483a8 GetDeviceCaps
0x4483ac GetDIBits
0x4483b0 GetDIBColorTable
0x4483b4 GetDCOrgEx
0x4483bc GetClipBox
0x4483c0 GetBrushOrgEx
0x4483c4 GetBitmapBits
0x4483c8 ExcludeClipRect
0x4483cc EnumFontsA
0x4483d0 EnumFontFamiliesExA
0x4483d4 DeleteObject
0x4483d8 DeleteDC
0x4483dc CreateSolidBrush
0x4483e0 CreateRectRgn
0x4483e4 CreatePenIndirect
0x4483e8 CreatePalette
0x4483f0 CreateFontIndirectA
0x4483f4 CreateDIBitmap
0x4483f8 CreateDIBSection
0x4483fc CreateCompatibleDC
0x448404 CreateBrushIndirect
0x448408 CreateBitmap
0x44840c BitBlt
Library user32.dll:
0x448414 WindowFromPoint
0x448418 WinHelpA
0x44841c WaitMessage
0x448420 UpdateWindow
0x448424 UnregisterClassA
0x448428 UnhookWindowsHookEx
0x44842c TranslateMessage
0x448434 TrackPopupMenu
0x44843c ShowWindow
0x448440 ShowScrollBar
0x448444 ShowOwnedPopups
0x448448 ShowCursor
0x44844c SetWindowRgn
0x448450 SetWindowsHookExA
0x448454 SetWindowPos
0x448458 SetWindowPlacement
0x44845c SetWindowLongA
0x448460 SetTimer
0x448464 SetScrollRange
0x448468 SetScrollPos
0x44846c SetScrollInfo
0x448470 SetRect
0x448474 SetPropA
0x448478 SetMenuItemInfoA
0x44847c SetMenu
0x448480 SetForegroundWindow
0x448484 SetFocus
0x448488 SetCursor
0x44848c SetCapture
0x448490 SetActiveWindow
0x448494 SendMessageA
0x448498 ScrollWindow
0x44849c ScreenToClient
0x4484a0 RemovePropA
0x4484a4 RemoveMenu
0x4484a8 ReleaseDC
0x4484ac ReleaseCapture
0x4484b8 RegisterClassA
0x4484bc PtInRect
0x4484c0 PostQuitMessage
0x4484c4 PostMessageA
0x4484c8 PeekMessageA
0x4484cc OffsetRect
0x4484d0 OemToCharA
0x4484d4 MessageBoxA
0x4484d8 MapWindowPoints
0x4484dc MapVirtualKeyA
0x4484e0 LoadStringA
0x4484e4 LoadIconA
0x4484e8 LoadCursorA
0x4484ec LoadBitmapA
0x4484f0 KillTimer
0x4484f4 IsZoomed
0x4484f8 IsWindowVisible
0x4484fc IsWindowEnabled
0x448500 IsWindow
0x448504 IsIconic
0x448508 IsDialogMessageA
0x44850c IsChild
0x448510 InvalidateRect
0x448514 IntersectRect
0x448518 InsertMenuItemA
0x44851c InsertMenuA
0x448520 InflateRect
0x448528 GetWindowTextA
0x44852c GetWindowRgn
0x448530 GetWindowRect
0x448534 GetWindowPlacement
0x448538 GetWindowLongA
0x44853c GetWindowDC
0x448540 GetTopWindow
0x448544 GetSystemMetrics
0x448548 GetSystemMenu
0x44854c GetSysColor
0x448550 GetSubMenu
0x448554 GetScrollRange
0x448558 GetScrollPos
0x44855c GetScrollInfo
0x448560 GetPropA
0x448564 GetParent
0x448568 GetWindow
0x44856c GetMenuStringA
0x448570 GetMenuState
0x448574 GetMenuItemInfoA
0x448578 GetMenuItemID
0x44857c GetMenuItemCount
0x448580 GetMenu
0x448584 GetLastActivePopup
0x448588 GetKeyboardState
0x448590 GetKeyboardLayout
0x448594 GetKeyState
0x448598 GetKeyNameTextA
0x44859c GetIconInfo
0x4485a0 GetForegroundWindow
0x4485a4 GetFocus
0x4485a8 GetDesktopWindow
0x4485ac GetDCEx
0x4485b0 GetDC
0x4485b4 GetCursorPos
0x4485b8 GetCursor
0x4485bc GetClientRect
0x4485c0 GetClassInfoA
0x4485c4 GetCapture
0x4485c8 GetAsyncKeyState
0x4485cc GetActiveWindow
0x4485d0 FrameRect
0x4485d4 FindWindowA
0x4485d8 FillRect
0x4485dc EqualRect
0x4485e0 EnumWindows
0x4485e4 EnumThreadWindows
0x4485e8 EndPaint
0x4485ec EnableWindow
0x4485f0 EnableScrollBar
0x4485f4 EnableMenuItem
0x4485f8 DrawTextA
0x4485fc DrawMenuBar
0x448600 DrawIcon
0x448604 DrawFrameControl
0x448608 DrawEdge
0x44860c DispatchMessageA
0x448610 DestroyWindow
0x448614 DestroyMenu
0x448618 DestroyIcon
0x44861c DestroyCursor
0x448620 DeleteMenu
0x448624 DefWindowProcA
0x448628 DefMDIChildProcA
0x44862c DefFrameProcA
0x448630 CreateWindowExA
0x448634 CreatePopupMenu
0x448638 CreateMenu
0x44863c CreateIcon
0x448640 ClientToScreen
0x448644 CheckMenuItem
0x448648 CallWindowProcA
0x44864c CallNextHookEx
0x448650 BeginPaint
0x448654 CharLowerBuffA
0x448658 CharLowerA
0x44865c AdjustWindowRectEx
Library shell32.dll:
0x448668 ShellExecuteA
Library ole32.dll:
0x448670 IsEqualGUID
Library comctl32.dll:
0x448684 ImageList_Read
0x448694 ImageList_DragMove
0x448698 ImageList_DragLeave
0x44869c ImageList_DragEnter
0x4486a0 ImageList_EndDrag
0x4486a4 ImageList_BeginDrag
0x4486a8 ImageList_Remove
0x4486ac ImageList_DrawEx
0x4486b0 ImageList_Draw
0x4486c0 ImageList_Add
0x4486c8 ImageList_Destroy
0x4486cc ImageList_Create

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702
192.168.56.101 65005 239.255.255.250 3702
192.168.56.101 65007 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.