6.2
高危
48 个模型检测该样本为恶意!
重新分析
更多

b587d049e9fae11f4fe70d5f6c9007f99483f683ee55217110094206bd6a92f2

291e1ce9cd3ea77fb64937d3212e8ef6.exe

分析耗时

192s

最近分析

文件大小

148.0KB
静态报毒 动态报毒 AI SCORE=100 AIDETECT AUTO BSCOPE CCMW CLOUD CRYPTOLOCKER FILECODER HIGH CONFIDENCE HXQBQMUA MAILTO MALICIOUS PE MALWARE1 MALWARE@#1Z174MTAU3NEH NETW NETWALKER R + MAL RAAS SAVE SCORE STATIC AI SUSGEN TROJANPSW UNSAFE WALKER ZBZRPOXPGZO 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Ransom:Win32/NetWalker.4f10e3d6 20190527 0.3.0.5
Avast Win32:Malware-gen 20210404 21.1.5827.0
Baidu 20190318 1.0.0.2
Kingsoft 20210404 2017.9.26.565
McAfee Ransom-NetW!291E1CE9CD3E 20210404 6.0.6.653
Tencent Win32.Trojan.Raas.Auto 20210404 1.0.0.1
CrowdStrike 20210203 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619340443.7025
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Tries to locate where the browsers are installed (1 个事件)
file C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\pl.pak
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Creates (office) documents on the filesystem (6 个事件)
file C:\Users\Administrator.Oskar-PC\Documents\IAaahtkUlJ.doc
file C:\Users\Administrator.Oskar-PC\Documents\wtPdtKgUtXbU.pptx
file C:\Users\Administrator.Oskar-PC\Documents\nwaHtaKNNCMhY.docm
file C:\Users\Administrator.Oskar-PC\Documents\bIYnigwMTIJODPCno.doc
file C:\Users\Administrator.Oskar-PC\Documents\UJQMCzjvHUvcxiFKNRG.doc
file C:\Users\Administrator.Oskar-PC\Documents\IbXfORRltUPr.docx
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.80649476397923 section {'size_of_data': '0x00001200', 'virtual_address': '0x00012000', 'entropy': 7.80649476397923, 'name': '.rsrc', 'virtual_size': '0x00001060'} description A section with a high entropy has been found
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1619340443.0935
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Attempts to detect Cuckoo Sandbox through the presence of a file (2 个事件)
file C:\Python27\agent.pyw
file C:\tmpsij43m\analyzer.py
Detects VirtualBox through the presence of a file (3 个事件)
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxGuest.cat
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxMouse.inf
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxVideo.inf
File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 个事件)
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
DrWeb Trojan.Encoder.31690
MicroWorld-eScan Gen:Variant.Ransom.Netwalker.4
FireEye Generic.mg.291e1ce9cd3ea77f
ALYac Trojan.Ransom.Mailto
Cylance Unsafe
Zillya Trojan.Filecoder.Win32.14156
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0056346a1 )
Alibaba Ransom:Win32/NetWalker.4f10e3d6
K7GW Trojan ( 0056346a1 )
Cybereason malicious.9cd3ea
BitDefenderTheta AI:Packer.A13F547D1E
Symantec Ransom.Cryptolocker
ESET-NOD32 a variant of Win32/Filecoder.NetWalker.D
APEX Malicious
Avast Win32:Malware-gen
Kaspersky HEUR:Trojan-Ransom.Win32.Mailto.vho
BitDefender Gen:Variant.Ransom.Netwalker.4
NANO-Antivirus Virus.Win32.Gen.ccmw
Paloalto generic.ml
Rising Ransom.Agent!1.C0B5 (CLOUD)
Ad-Aware Gen:Variant.Ransom.Netwalker.4
Sophos Mal/Generic-R + Mal/Ransom-FW
Comodo Malware@#1z174mtau3neh
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win32.Generic.cz
Emsisoft Gen:Variant.Ransom.Netwalker.4 (B)
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.77154656.susgen
Avira TR/Dropper.Gen
MAX malware (ai score=100)
Microsoft Ransom:Win32/NetWalker!MTB
AegisLab Trojan.Win32.Mailto.j!c
GData Gen:Variant.Ransom.Netwalker.4
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.RansomCrypt.C4029970
McAfee Ransom-NetW!291E1CE9CD3E
VBA32 BScope.TrojanPSW.Spy
Malwarebytes Ransom.NetWalker
Tencent Win32.Trojan.Raas.Auto
Yandex Trojan.Filecoder!ZbzrpOXpGZo
Ikarus Trojan-Ransom.NetWalker
Fortinet W32/NetWalker.B!tr.ransom
AVG Win32:Malware-gen
Panda Trj/CI.A
Qihoo-360 Win32/Virus.Walker.HxQBQmUA
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 216.58.200.238:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-12-11 02:42:50

Imports

Library KERNEL32.dll:
0x410000 Sleep

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 62912 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.