2.6
中危
54 个模型检测该样本为恶意!
重新分析
更多

95a90fbde8c6cc25ac3ebbc1bc9602a8a656a6c6d29e47378cca197c7018df02

2684e7971b92bd1b19265cf328b64ca8.exe

分析耗时

73s

最近分析

文件大小

2.5MB
静态报毒 动态报毒 AI SCORE=80 AIDETECTVM ATTRIBUTE CLASSIC CRIDEX DANABOT DOCUMENTCRYPT ELQV GDSDA GENERICKDZ GENKRYPTIK HDQJ HIGH CONFIDENCE HIGHCONFIDENCE HRFG IBCQ KRYPT KRYPTIK MALPE MALWARE2 MALWARE@#3CYCXHI53WYY9 MUASL R06EC0DIA20 SCORE STATIC AI SUSPICIOUS PE TOFSEE TROJANBANKER TROJANX UNSAFE X2068 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Packed-GAY!2684E7971B92 20201211 6.0.6.653
Alibaba TrojanBanker:Win32/Danabot.e2e070ef 20190527 0.3.0.5
CrowdStrike 20180202 1.0
Baidu 20190318 1.0.0.2
Avast Win32:TrojanX-gen [Trj] 20201210 21.1.5827.0
Tencent Win32.Trojan-banker.Danabot.Hrfg 20201211 1.0.0.1
Kingsoft 20201211 2017.9.26.565
静态指标
This executable has a PDB path (1 个事件)
pdb_path C:\kesutazig-widobopejiwajebo83 wuxexohoh86.pdb18622\bin\carik.pdb0hؔg
The file contains an unknown PE resource name possibly indicative of a packer (2 个事件)
resource name AFX_DIALOG_LAYOUT
resource name VUDERAVAPAYIBERENISIL
行为判定
动态指标
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.997893317298469 section {'size_of_data': '0x00281a00', 'virtual_address': '0x00001000', 'entropy': 7.997893317298469, 'name': '.text', 'virtual_size': '0x00281866'} description A section with a high entropy has been found
entropy 0.9837102338060559 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
FireEye Generic.mg.2684e7971b92bd1b
McAfee Packed-GAY!2684E7971B92
Cylance Unsafe
Zillya Trojan.Kryptik.Win32.2037777
AegisLab Trojan.Multi.Generic.4!c
Sangfor Malware
K7AntiVirus Trojan ( 0056809d1 )
Alibaba TrojanBanker:Win32/Danabot.e2e070ef
K7GW Trojan ( 00564f5a1 )
Arcabit Trojan.Generic.D10763
Cyren W32/Trojan.IBCQ-9225
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky Trojan-Banker.Win32.Danabot.gvi
BitDefender Trojan.GenericKDZ.67427
MicroWorld-eScan Trojan.GenericKDZ.67427
Avast Win32:TrojanX-gen [Trj]
Tencent Win32.Trojan-banker.Danabot.Hrfg
Ad-Aware Trojan.GenericKDZ.67427
Sophos Mal/Generic-S
Comodo Malware@#3cycxhi53wyy9
F-Secure Trojan.TR/AD.DanaBot.muasl
DrWeb Trojan.PWS.DanaBot.303
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R06EC0DIA20
McAfee-GW-Edition BehavesLike.Win32.DocumentCrypt.vc
Emsisoft Trojan.GenericKDZ.67427 (B)
SentinelOne Static AI - Suspicious PE
Jiangmin Backdoor.Tofsee.cdq
Webroot W32.Trojan.Gen
Avira TR/AD.DanaBot.muasl
Antiy-AVL Trojan[Banker]/Win32.Danabot
Gridinsoft Trojan.Win32.Kryptik.ba
Microsoft Trojan:Win32/Cridex.CY!MTB
ZoneAlarm Trojan-Banker.Win32.Danabot.gvi
GData Trojan.GenericKDZ.67427
AhnLab-V3 Trojan/Win.MalPe.X2068
VBA32 TrojanBanker.Danabot
ALYac Trojan.GenericKDZ.67427
MAX malware (ai score=80)
Malwarebytes Trojan.MalPack.GS
ESET-NOD32 a variant of Win32/Kryptik.HDQJ
TrendMicro-HouseCall TROJ_GEN.R06EC0DIA20
Rising Trojan.Kryptik!1.C722 (CLASSIC)
Ikarus Trojan.Win32.Krypt
eGambit Unsafe.AI_Score_99%
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-02-01 18:44:54

Imports

Library KERNEL32.dll:
0x401000 GetTickCount
0x401004 WriteFile
0x401008 GetSystemTimes
0x40100c Sleep
0x401010 GetModuleHandleW
0x401014 GetProcAddress
0x401018 VirtualProtect
0x401020 GetCurrentProcessId
0x401028 GetDriveTypeW
0x40102c GetLocaleInfoA
0x401030 lstrlenA
0x401034 GetLastError
0x401038 GlobalFix
0x40103c GetCommandLineA
0x401040 HeapSetInformation
0x401044 GetStartupInfoW
0x401048 RaiseException
0x40104c TerminateProcess
0x401050 GetCurrentProcess
0x40105c IsDebuggerPresent
0x401060 HeapAlloc
0x401064 HeapFree
0x40106c EncodePointer
0x401070 DecodePointer
0x401074 ExitProcess
0x401078 GetStdHandle
0x40107c GetModuleFileNameW
0x401080 GetModuleFileNameA
0x401088 WideCharToMultiByte
0x401090 SetHandleCount
0x401098 GetFileType
0x4010a0 TlsAlloc
0x4010a4 TlsGetValue
0x4010a8 TlsSetValue
0x4010ac TlsFree
0x4010b4 SetLastError
0x4010b8 GetCurrentThreadId
0x4010c0 HeapCreate
0x4010cc GetCPInfo
0x4010d0 GetACP
0x4010d4 GetOEMCP
0x4010d8 IsValidCodePage
0x4010e4 RtlUnwind
0x4010e8 HeapSize
0x4010ec LoadLibraryW
0x4010f0 LCMapStringW
0x4010f4 MultiByteToWideChar
0x4010f8 GetStringTypeW
0x4010fc HeapReAlloc

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.