SmartHawk

2.8

中危

30 个模型检测该样本为恶意！

重新分析

下载样本

d0a7359188a8e73513ee99391e0784dd75b657b67bb2771ef96160d001636cee

2d49c964620a4c2dda488f823ae9fddb.exe

分析耗时

47s

最近分析

文件大小

186.0KB

静态报毒动态报毒 AI SCORE=83 AIDETECTVM ATTRIBUTE CONFIDENCE FUGRAFA GDSDA HIGHCONFIDENCE JYKL LQW@AQQ3LMK MALICIOUS MALWARE2 POSSIBLETHREAT R03BC0PFP20 SUSGEN UNSAFE WACATAC ZEXAF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	RDN/Generic.hbg	20200724	6.0.6.653
Alibaba		20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:Malware-gen	20200724	18.4.3895.0
Tencent		20200724	1.0.0.1
Kingsoft		20200724	2013.8.14.323
CrowdStrike	win/malicious_confidence_60% (W)	20190702	1.0

Command line console output was observed (50 out of 109 个事件)

Time & API	Arguments	Status	Return
1620809367.976784 WriteConsoleA	buffer: C console_handle: 0x0000000b	success	1
1620809367.976784 WriteConsoleA	buffer: o console_handle: 0x0000000b	success	1
1620809367.976784 WriteConsoleA	buffer: s console_handle: 0x0000000b	success	1
1620809367.976784 WriteConsoleA	buffer: m console_handle: 0x0000000b	success	1
1620809367.976784 WriteConsoleA	buffer: o console_handle: 0x0000000b	success	1
1620809367.976784 WriteConsoleA	buffer: s console_handle: 0x0000000b	success	1
1620809367.976784 WriteConsoleA	buffer: t console_handle: 0x0000000b	success	1
1620809367.992784 WriteConsoleA	buffer: r console_handle: 0x0000000b	success	1
1620809367.992784 WriteConsoleA	buffer: e console_handle: 0x0000000b	success	1
1620809367.992784 WriteConsoleA	buffer: a console_handle: 0x0000000b	success	1
1620809367.992784 WriteConsoleA	buffer: m console_handle: 0x0000000b	success	1
1620809367.992784 WriteConsoleA	buffer: e console_handle: 0x0000000b	success	1
1620809367.992784 WriteConsoleA	buffer: r console_handle: 0x0000000b	success	1
1620809367.992784 WriteConsoleA	buffer: f console_handle: 0x0000000b	success	1
1620809367.992784 WriteConsoleA	buffer: o console_handle: 0x0000000b	success	1
1620809367.992784 WriteConsoleA	buffer: r console_handle: 0x0000000b	success	1
1620809367.992784 WriteConsoleA	buffer: D console_handle: 0x0000000b	success	1
1620809367.992784 WriteConsoleA	buffer: J console_handle: 0x0000000b	success	1
1620809367.992784 WriteConsoleA	buffer: I console_handle: 0x0000000b	success	1
1620809367.992784 WriteConsoleA	buffer: O console_handle: 0x0000000b	success	1
1620809367.992784 WriteConsoleA	buffer: s console_handle: 0x0000000b	success	1
1620809367.992784 WriteConsoleA	buffer: m console_handle: 0x0000000b	success	1
1620809367.992784 WriteConsoleA	buffer: o console_handle: 0x0000000b	success	1
1620809367.992784 WriteConsoleA	buffer: I console_handle: 0x0000000b	success	1
1620809367.992784 WriteConsoleA	buffer: n console_handle: 0x0000000b	success	1
1620809367.992784 WriteConsoleA	buffer: i console_handle: 0x0000000b	success	1
1620809367.992784 WriteConsoleA	buffer: t console_handle: 0x0000000b	success	1
1620809368.008784 WriteConsoleA	buffer: c console_handle: 0x0000000b	success	1
1620809368.008784 WriteConsoleA	buffer: o console_handle: 0x0000000b	success	1
1620809368.008784 WriteConsoleA	buffer: n console_handle: 0x0000000b	success	1
1620809368.008784 WriteConsoleA	buffer: n console_handle: 0x0000000b	success	1
1620809368.008784 WriteConsoleA	buffer: e console_handle: 0x0000000b	success	1
1620809368.008784 WriteConsoleA	buffer: c console_handle: 0x0000000b	success	1
1620809368.008784 WriteConsoleA	buffer: t console_handle: 0x0000000b	success	1
1620809368.008784 WriteConsoleA	buffer: i console_handle: 0x0000000b	success	1
1620809368.008784 WriteConsoleA	buffer: o console_handle: 0x0000000b	success	1
1620809368.008784 WriteConsoleA	buffer: n console_handle: 0x0000000b	success	1
1620809368.023784 WriteConsoleA	buffer: t console_handle: 0x0000000b	success	1
1620809368.023784 WriteConsoleA	buffer: o console_handle: 0x0000000b	success	1
1620809368.023784 WriteConsoleA	buffer: c console_handle: 0x0000000b	success	1
1620809368.023784 WriteConsoleA	buffer: a console_handle: 0x0000000b	success	1
1620809368.023784 WriteConsoleA	buffer: m console_handle: 0x0000000b	success	1
1620809368.023784 WriteConsoleA	buffer: e console_handle: 0x0000000b	success	1
1620809368.023784 WriteConsoleA	buffer: r console_handle: 0x0000000b	success	1
1620809368.023784 WriteConsoleA	buffer: a console_handle: 0x0000000b	success	1
1620809368.023784 WriteConsoleA	buffer: c console_handle: 0x0000000b	success	1
1620809368.023784 WriteConsoleA	buffer: a console_handle: 0x0000000b	success	1
1620809368.023784 WriteConsoleA	buffer: m console_handle: 0x0000000b	success	1
1620809368.023784 WriteConsoleA	buffer: e console_handle: 0x0000000b	success	1
1620809368.023784 WriteConsoleA	buffer: r console_handle: 0x0000000b	success	1

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)

dead_host

192.168.1.2:5678

File has been identified by 30 AntiVirus engines on VirusTotal as malicious (30 个事件)

Bkav	W32.AIDetectVM.malware2
MicroWorld-eScan	Gen:Variant.Fugrafa.29238
FireEye	Generic.mg.2d49c964620a4c2d
McAfee	RDN/Generic.hbg
Cylance	Unsafe
Sangfor	Malware
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Malware-gen
BitDefender	Gen:Variant.Fugrafa.29238
AegisLab	Trojan.Win32.Fugrafa.4!c
TrendMicro	TROJ_GEN.R03BC0PFP20
MaxSecure	Trojan.Malware.101937302.susgen
Emsisoft	Gen:Variant.Fugrafa.29238 (B)
Cyren	W32/Trojan.JYKL-4330
Antiy-AVL	Trojan/Win32.Wacatac
Microsoft	Trojan:Win32/Wacatac.DD!ml
Arcabit	Trojan.Fugrafa.D7236
GData	Gen:Variant.Fugrafa.29238
AhnLab-V3	Malware/Win32.Generic.C4136711
ALYac	Gen:Variant.Fugrafa.29238
MAX	malware (ai score=83)
Ad-Aware	Gen:Variant.Fugrafa.29238
TrendMicro-HouseCall	TROJ_GEN.R03BC0PFP20
Fortinet	W32/PossibleThreat
BitDefenderTheta	Gen:NN.ZexaF.34138.lqW@aqQ3Lmk
AVG	Win32:Malware-gen
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_60% (W)
Qihoo-360	Generic/Trojan.675

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-04-24 19:38:57

Imports

Library KERNEL32.dll:

• 0x422000 Sleep

• 0x422004 CreateThread

• 0x422008 WriteConsoleW

• 0x42200c CreateFileW

• 0x422010 SetFilePointerEx

• 0x422014 CloseHandle

• 0x422018 HeapReAlloc

• 0x42201c HeapSize

• 0x422020 GetConsoleMode

• 0x422024 GetConsoleCP

• 0x422028 FlushFileBuffers

• 0x42202c GetProcessHeap

• 0x422030 GetStringTypeW

• 0x422034 SetStdHandle

• 0x422038 SetEnvironmentVariableW

• 0x42203c FreeEnvironmentStringsW

• 0x422040 GetEnvironmentStringsW

• 0x422044 WideCharToMultiByte

• 0x422048 UnhandledExceptionFilter

• 0x42204c SetUnhandledExceptionFilter

• 0x422050 GetCurrentProcess

• 0x422054 TerminateProcess

• 0x422058 IsProcessorFeaturePresent

• 0x42205c QueryPerformanceCounter

• 0x422060 GetCurrentProcessId

• 0x422064 GetCurrentThreadId

• 0x422068 GetSystemTimeAsFileTime

• 0x42206c InitializeSListHead

• 0x422070 IsDebuggerPresent

• 0x422074 GetStartupInfoW

• 0x422078 GetModuleHandleW

• 0x42207c RtlUnwind

• 0x422080 GetLastError

• 0x422084 SetLastError

• 0x422088 EncodePointer

• 0x42208c EnterCriticalSection

• 0x422090 LeaveCriticalSection

• 0x422094 DeleteCriticalSection

• 0x422098 InitializeCriticalSectionAndSpinCount

• 0x42209c TlsAlloc

• 0x4220a0 TlsGetValue

• 0x4220a4 TlsSetValue

• 0x4220a8 TlsFree

• 0x4220ac FreeLibrary

• 0x4220b0 GetProcAddress

• 0x4220b4 LoadLibraryExW

• 0x4220b8 RaiseException

• 0x4220bc ExitProcess

• 0x4220c0 GetModuleHandleExW

• 0x4220c4 QueryPerformanceFrequency

• 0x4220c8 GetStdHandle

• 0x4220cc WriteFile

• 0x4220d0 GetModuleFileNameW

• 0x4220d4 GetCommandLineA

• 0x4220d8 GetCommandLineW

• 0x4220dc HeapAlloc

• 0x4220e0 HeapFree

• 0x4220e4 CompareStringW

• 0x4220e8 LCMapStringW

• 0x4220ec GetFileType

• 0x4220f0 FindClose

• 0x4220f4 FindFirstFileExW

• 0x4220f8 FindNextFileW

• 0x4220fc IsValidCodePage

• 0x422100 GetACP

• 0x422104 GetOEMCP

• 0x422108 GetCPInfo

• 0x42210c MultiByteToWideChar

• 0x422110 DecodePointer

Library WS2_32.dll:

• 0x422118 inet_pton

• 0x42211c ntohs

• 0x422120 inet_ntoa

• 0x422124 recvfrom

• 0x422128 htonl

• 0x42212c sendto

• 0x422130 bind

• 0x422134 inet_addr

• 0x422138 send

• 0x42213c socket

• 0x422140 connect

• 0x422144 recv

• 0x422148 htons

• 0x42214c setsockopt

• 0x422150 WSAStartup

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	51378	114.114.114.114	53
192.168.56.101	53237	114.114.114.114	53
192.168.56.101	57756	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50539	239.255.255.250	1900
192.168.56.101	57757	239.255.255.250	3702
192.168.56.101	57759	239.255.255.250	3702
192.168.56.101	57761	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.