7.2
高危
56 个模型检测该样本为恶意!
重新分析
更多

40d8ba1b4ae578829ce958a356395307e27eda0512bc78021ccb93e4b26134f7

2b82739841a40727e109fbee94205962.exe

分析耗时

100s

最近分析

文件大小

232.5KB
静态报毒 动态报毒 AGEN AGENTTESLA AI SCORE=84 ALI2000008 ATTRIBUTE CLOUD CONFIDENCE DKUU ELDORADO FAREIT GDSDA GENERICKD HIGH CONFIDENCE HIGHCONFIDENCE HNZUMG HTCK KRYPTIK MALDOC MALICIOUS PE MALWARE@#BJP7HN00RCFF MALWAREX MODERATE NETWIREDRC OMW@ASNTUNN SCORE THGAGBO TSCOPE UNSAFE WACATAC ZEMSILF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FVK!2B82739841A4 20200725 6.0.6.653
Baidu 20190318 1.0.0.2
Alibaba Trojan:Win32/Maldoc.ali2000008 20190527 0.3.0.5
Tencent Msil.Backdoor.Netwiredrc.Htck 20200725 1.0.0.1
Kingsoft 20200725 2013.8.14.323
Avast Win32:MalwareX-gen [Trj] 20200725 18.4.3895.0
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
Checks if process is being debugged by a debugger (50 out of 71 个事件)
Time & API Arguments Status Return Repeated
1619340458.609875
IsDebuggerPresent
failed 0 0
1619340458.609875
IsDebuggerPresent
failed 0 0
1619357217.048374
IsDebuggerPresent
failed 0 0
1619357218.205374
IsDebuggerPresent
failed 0 0
1619357218.205374
IsDebuggerPresent
failed 0 0
1619357220.127249
IsDebuggerPresent
failed 0 0
1619357220.127249
IsDebuggerPresent
failed 0 0
1619357221.330626
IsDebuggerPresent
failed 0 0
1619357221.330626
IsDebuggerPresent
failed 0 0
1619357222.299126
IsDebuggerPresent
failed 0 0
1619357222.299126
IsDebuggerPresent
failed 0 0
1619357223.174126
IsDebuggerPresent
failed 0 0
1619357223.174126
IsDebuggerPresent
failed 0 0
1619357224.126501
IsDebuggerPresent
failed 0 0
1619357224.126501
IsDebuggerPresent
failed 0 0
1619357225.345626
IsDebuggerPresent
failed 0 0
1619357225.345626
IsDebuggerPresent
failed 0 0
1619357226.986626
IsDebuggerPresent
failed 0 0
1619357226.986626
IsDebuggerPresent
failed 0 0
1619357227.877249
IsDebuggerPresent
failed 0 0
1619357227.877249
IsDebuggerPresent
failed 0 0
1619357229.298751
IsDebuggerPresent
failed 0 0
1619357229.298751
IsDebuggerPresent
failed 0 0
1619357230.408501
IsDebuggerPresent
failed 0 0
1619357230.408501
IsDebuggerPresent
failed 0 0
1619357232.126626
IsDebuggerPresent
failed 0 0
1619357232.126626
IsDebuggerPresent
failed 0 0
1619357233.408501
IsDebuggerPresent
failed 0 0
1619357233.408501
IsDebuggerPresent
failed 0 0
1619357234.986626
IsDebuggerPresent
failed 0 0
1619357234.986626
IsDebuggerPresent
failed 0 0
1619357236.002001
IsDebuggerPresent
failed 0 0
1619357236.002001
IsDebuggerPresent
failed 0 0
1619357238.189751
IsDebuggerPresent
failed 0 0
1619357238.189751
IsDebuggerPresent
failed 0 0
1619357239.314374
IsDebuggerPresent
failed 0 0
1619357239.314374
IsDebuggerPresent
failed 0 0
1619357240.095626
IsDebuggerPresent
failed 0 0
1619357240.095626
IsDebuggerPresent
failed 0 0
1619357241.393249
IsDebuggerPresent
failed 0 0
1619357241.393249
IsDebuggerPresent
failed 0 0
1619357243.798499
IsDebuggerPresent
failed 0 0
1619357243.798499
IsDebuggerPresent
failed 0 0
1619357247.423751
IsDebuggerPresent
failed 0 0
1619357247.423751
IsDebuggerPresent
failed 0 0
1619357248.376501
IsDebuggerPresent
failed 0 0
1619357248.376501
IsDebuggerPresent
failed 0 0
1619357249.408501
IsDebuggerPresent
failed 0 0
1619357249.408501
IsDebuggerPresent
failed 0 0
1619357250.424126
IsDebuggerPresent
failed 0 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619340458.624875
GlobalMemoryStatusEx
success 1 0
行为判定
动态指标
Connects to a Dynamic DNS Domain (1 个事件)
domain alkaline.publicvm.com
Allocates read-write-execute memory (usually to unpack itself) (50 out of 945 个事件)
Time & API Arguments Status Return Repeated
1619340458.015875
NtAllocateVirtualMemory
process_identifier: 340
region_size: 1179648
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00650000
success 0 0
1619340458.015875
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00730000
success 0 0
1619340458.499875
NtAllocateVirtualMemory
process_identifier: 340
region_size: 1179648
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00c50000
success 0 0
1619340458.499875
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00d30000
success 0 0
1619340458.546875
NtProtectVirtualMemory
process_identifier: 340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b91000
success 0 0
1619340458.609875
NtAllocateVirtualMemory
process_identifier: 340
region_size: 1310720
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x022a0000
success 0 0
1619340458.609875
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x023a0000
success 0 0
1619340458.609875
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0029a000
success 0 0
1619340458.609875
NtProtectVirtualMemory
process_identifier: 340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b92000
success 0 0
1619340458.609875
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00292000
success 0 0
1619340458.874875
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002a2000
success 0 0
1619340458.921875
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002c5000
success 0 0
1619340458.937875
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002cb000
success 0 0
1619340458.937875
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002c7000
success 0 0
1619340459.124875
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002a3000
success 0 0
1619340459.171875
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002ac000
success 0 0
1619340459.265875
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004e0000
success 0 0
1619340459.281875
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002b6000
success 0 0
1619340459.296875
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002ba000
success 0 0
1619340459.296875
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002b7000
success 0 0
1619340459.328875
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002a4000
success 0 0
1619340459.687875
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002a5000
success 0 0
1619340460.156875
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004e1000
success 0 0
1619340460.874875
NtAllocateVirtualMemory
process_identifier: 340
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x007c0000
success 0 0
1619340462.156875
NtAllocateVirtualMemory
process_identifier: 340
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00810000
success 0 0
1619340463.343875
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004e2000
success 0 0
1619340463.515875
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002a6000
success 0 0
1619357218.173374
NtAllocateVirtualMemory
process_identifier: 1888
region_size: 720896
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x004a0000
success 0 0
1619357218.173374
NtAllocateVirtualMemory
process_identifier: 1888
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00510000
success 0 0
1619357218.205374
NtAllocateVirtualMemory
process_identifier: 1888
region_size: 458752
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x004a0000
success 0 0
1619357218.205374
NtAllocateVirtualMemory
process_identifier: 1888
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004d0000
success 0 0
1619357218.205374
NtProtectVirtualMemory
process_identifier: 1888
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b91000
success 0 0
1619357218.205374
NtAllocateVirtualMemory
process_identifier: 1888
region_size: 1179648
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00a40000
success 0 0
1619357218.205374
NtAllocateVirtualMemory
process_identifier: 1888
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00b20000
success 0 0
1619357218.205374
NtAllocateVirtualMemory
process_identifier: 1888
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003da000
success 0 0
1619357218.205374
NtProtectVirtualMemory
process_identifier: 1888
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b92000
success 0 0
1619357218.205374
NtAllocateVirtualMemory
process_identifier: 1888
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003d2000
success 0 0
1619357218.220374
NtAllocateVirtualMemory
process_identifier: 1888
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e2000
success 0 0
1619357218.220374
NtAllocateVirtualMemory
process_identifier: 1888
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004a5000
success 0 0
1619357218.220374
NtAllocateVirtualMemory
process_identifier: 1888
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004ab000
success 0 0
1619357218.220374
NtAllocateVirtualMemory
process_identifier: 1888
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004a7000
success 0 0
1619357218.220374
NtAllocateVirtualMemory
process_identifier: 1888
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e3000
success 0 0
1619357218.220374
NtAllocateVirtualMemory
process_identifier: 1888
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003ec000
success 0 0
1619357218.220374
NtAllocateVirtualMemory
process_identifier: 1888
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00b00000
success 0 0
1619357218.220374
NtAllocateVirtualMemory
process_identifier: 1888
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f6000
success 0 0
1619357218.236374
NtAllocateVirtualMemory
process_identifier: 1888
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003fa000
success 0 0
1619357218.236374
NtAllocateVirtualMemory
process_identifier: 1888
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f7000
success 0 0
1619357218.236374
NtAllocateVirtualMemory
process_identifier: 1888
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e4000
success 0 0
1619357218.251374
NtAllocateVirtualMemory
process_identifier: 1888
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e5000
success 0 0
1619357218.251374
NtAllocateVirtualMemory
process_identifier: 1888
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00b01000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.107373801568135 section {'size_of_data': '0x00039c00', 'virtual_address': '0x00002000', 'entropy': 7.107373801568135, 'name': '.text', 'virtual_size': '0x00039bc4'} description A section with a high entropy has been found
entropy 0.9956896551724138 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (35 个事件)
Time & API Arguments Status Return Repeated
1619340463.218875
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357219.330374
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357220.206249
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357221.408626
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357222.362126
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357223.237126
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357224.205501
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357225.845626
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357227.048626
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357228.112249
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357229.501751
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357230.626501
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357232.205626
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357234.173501
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357235.048626
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357237.252001
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357238.267751
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357239.408374
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357240.580626
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357242.206249
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357244.017499
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357247.501751
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357248.455501
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357249.517501
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357250.487126
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357251.346126
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357252.548876
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357253.595499
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357255.424126
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357256.315001
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357257.705626
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357258.720876
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357260.486876
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357261.440001
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619357262.267374
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
Terminates another process (50 out of 68 个事件)
Time & API Arguments Status Return Repeated
1619357219.376374
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000298
failed 0 0
1619357219.376374
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000298
success 0 0
1619357220.268249
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
failed 0 0
1619357220.268249
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
success 0 0
1619357221.455626
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000298
failed 0 0
1619357221.455626
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000298
success 0 0
1619357222.409126
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000290
failed 0 0
1619357222.409126
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000290
success 0 0
1619357223.268126
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000284
failed 0 0
1619357223.268126
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000284
success 0 0
1619357224.251501
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000294
failed 0 0
1619357224.251501
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000294
success 0 0
1619357225.892626
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x000002a4
failed 0 0
1619357225.892626
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x000002a4
success 0 0
1619357227.095626
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
failed 0 0
1619357227.095626
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
success 0 0
1619357228.159249
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x000002bc
failed 0 0
1619357228.159249
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x000002bc
success 0 0
1619357229.580751
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000290
failed 0 0
1619357229.580751
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000290
success 0 0
1619357230.751501
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
failed 0 0
1619357230.751501
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
success 0 0
1619357232.267626
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000294
failed 0 0
1619357232.267626
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000294
success 0 0
1619357234.205501
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000298
failed 0 0
1619357234.205501
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000298
success 0 0
1619357235.095626
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
failed 0 0
1619357235.095626
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
success 0 0
1619357237.315001
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x000002ac
failed 0 0
1619357237.315001
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x000002ac
success 0 0
1619357238.298751
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000284
failed 0 0
1619357238.298751
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000284
success 0 0
1619357239.439374
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000028c
failed 0 0
1619357239.439374
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000028c
success 0 0
1619357240.611626
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x000002a4
failed 0 0
1619357240.611626
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x000002a4
success 0 0
1619357242.252249
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000294
failed 0 0
1619357242.252249
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000294
success 0 0
1619357244.064499
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x000002a4
failed 0 0
1619357244.064499
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x000002a4
success 0 0
1619357247.548751
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000294
failed 0 0
1619357247.548751
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000294
success 0 0
1619357248.501501
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000294
failed 0 0
1619357248.501501
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000294
success 0 0
1619357249.548501
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x000002a0
failed 0 0
1619357249.548501
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x000002a0
success 0 0
1619357250.534126
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000028c
failed 0 0
1619357250.534126
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000028c
success 0 0
1619357251.377126
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
failed 0 0
1619357251.377126
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
success 0 0
网络通信
Manipulates memory of a non-child process indicative of process injection (50 out of 117 个事件)
Process injection Process 340 manipulating memory of non-child process 152
Process injection Process 1888 manipulating memory of non-child process 1376
Process injection Process 2520 manipulating memory of non-child process 2668
Process injection Process 3572 manipulating memory of non-child process 3632
Process injection Process 3760 manipulating memory of non-child process 3836
Process injection Process 3760 manipulating memory of non-child process 3872
Process injection Process 3152 manipulating memory of non-child process 3348
Process injection Process 3152 manipulating memory of non-child process 2120
Process injection Process 3152 manipulating memory of non-child process 3400
Process injection Process 3152 manipulating memory of non-child process 3384
Process injection Process 3648 manipulating memory of non-child process 3412
Process injection Process 3628 manipulating memory of non-child process 2632
Process injection Process 4028 manipulating memory of non-child process 472
Process injection Process 3956 manipulating memory of non-child process 1376
Process injection Process 3956 manipulating memory of non-child process 3644
Process injection Process 3956 manipulating memory of non-child process 3376
Process injection Process 3904 manipulating memory of non-child process 3724
Time & API Arguments Status Return Repeated
1619340462.781875
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000244
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619340462.781875
NtAllocateVirtualMemory
process_identifier: 152
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000244
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
1619357219.314374
NtAllocateVirtualMemory
process_identifier: 1376
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000244
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619357219.314374
NtAllocateVirtualMemory
process_identifier: 1376
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000244
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
1619357221.392626
NtAllocateVirtualMemory
process_identifier: 2668
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619357221.392626
NtAllocateVirtualMemory
process_identifier: 2668
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
1619357224.189501
NtAllocateVirtualMemory
process_identifier: 3632
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619357224.189501
NtAllocateVirtualMemory
process_identifier: 3632
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
1619357225.455626
NtAllocateVirtualMemory
process_identifier: 3836
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000e0000
success 0 0
1619357225.455626
NtAllocateVirtualMemory
process_identifier: 3836
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000f0000
success 0 0
1619357225.470626
NtAllocateVirtualMemory
process_identifier: 3872
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000254
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619357225.470626
NtAllocateVirtualMemory
process_identifier: 3872
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000254
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
1619357227.940249
NtAllocateVirtualMemory
process_identifier: 3348
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000244
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619357227.940249
NtAllocateVirtualMemory
process_identifier: 3348
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000244
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
1619357227.956249
NtAllocateVirtualMemory
process_identifier: 2120
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000258
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619357227.956249
NtAllocateVirtualMemory
process_identifier: 2120
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000258
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
1619357227.971249
NtAllocateVirtualMemory
process_identifier: 3400
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000264
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619357227.971249
NtAllocateVirtualMemory
process_identifier: 3400
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000264
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
1619357228.081249
NtAllocateVirtualMemory
process_identifier: 3384
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000270
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619357228.081249
NtAllocateVirtualMemory
process_identifier: 3384
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000270
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
1619357229.470751
NtAllocateVirtualMemory
process_identifier: 3412
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000023c
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619357229.470751
NtAllocateVirtualMemory
process_identifier: 3412
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000023c
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
1619357232.189626
NtAllocateVirtualMemory
process_identifier: 2632
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619357232.189626
NtAllocateVirtualMemory
process_identifier: 2632
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
1619357234.142501
NtAllocateVirtualMemory
process_identifier: 472
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619357234.142501
NtAllocateVirtualMemory
process_identifier: 472
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
1619357236.143001
NtAllocateVirtualMemory
process_identifier: 1376
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00070000
success 0 0
1619357236.143001
NtAllocateVirtualMemory
process_identifier: 1376
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00080000
success 0 0
1619357236.159001
NtAllocateVirtualMemory
process_identifier: 3644
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000254
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619357236.159001
NtAllocateVirtualMemory
process_identifier: 3644
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000254
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
1619357236.190001
NtAllocateVirtualMemory
process_identifier: 3376
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000260
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619357236.190001
NtAllocateVirtualMemory
process_identifier: 3376
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000260
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
1619357240.533626
NtAllocateVirtualMemory
process_identifier: 3724
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000244
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000e0000
success 0 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Users\Administrator.Oskar-PC\oh.exe:Zone.Identifier
Generates some ICMP traffic
File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)
MicroWorld-eScan Trojan.GenericKD.34183084
FireEye Generic.mg.2b82739841a40727
McAfee Fareit-FVK!2B82739841A4
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Trojan ( 0056081c1 )
BitDefender Trojan.GenericKD.34183084
K7GW Trojan ( 0056081c1 )
Cybereason malicious.8221e0
TrendMicro Trojan.MSIL.WACATAC.THGAGBO
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Backdoor.MSIL.NetWiredRC.gen
Alibaba Trojan:Win32/Maldoc.ali2000008
NANO-Antivirus Trojan.Win32.NetWiredRC.hnzumg
AegisLab Trojan.Win32.Malicious.4!c
Tencent Msil.Backdoor.Netwiredrc.Htck
Ad-Aware Trojan.GenericKD.34183084
Sophos Mal/Generic-S
Comodo Malware@#bjp7hn00rcff
F-Secure Heuristic.HEUR/AGEN.1102043
DrWeb Trojan.PWS.Stealer.27908
Zillya Trojan.Kryptik.Win32.2264455
Invincea heuristic
Fortinet MSIL/Kryptik.WOU!tr
Trapmine malicious.moderate.ml.score
Emsisoft Trojan.GenericKD.34183084 (B)
Ikarus Trojan.MSIL.Crypt
Cyren W32/MSIL_Kryptik.BDK.gen!Eldorado
Jiangmin Backdoor.MSIL.dkuu
Avira HEUR/AGEN.1102043
MAX malware (ai score=84)
Endgame malicious (high confidence)
Arcabit Trojan.Generic.D20997AC
ZoneAlarm HEUR:Backdoor.MSIL.NetWiredRC.gen
Microsoft Trojan:MSIL/AgentTesla.VN!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.RL_Generic.C4163071
Acronis suspicious
BitDefenderTheta Gen:NN.ZemsilF.34138.omW@aSntunn
ALYac Trojan.GenericKD.34183084
VBA32 TScope.Trojan.MSIL
Malwarebytes Trojan.MalPack
Panda Trj/GdSda.A
ESET-NOD32 a variant of MSIL/Kryptik.WOX
TrendMicro-HouseCall Trojan.MSIL.WACATAC.THGAGBO
Rising Backdoor.NetWiredRC!8.2AF (CLOUD)
SentinelOne DFI - Malicious PE
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.24.14:443
dead_host 191.96.25.26:1777
dead_host 142.250.204.142:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-16 21:35:29

Imports

Library mscoree.dll:
0x402000 _CorExeMain

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57236 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.