4.4
中危
61 个模型检测该样本为恶意!
重新分析
更多

27f576bd27f707cd9c62164def16b57878fd6d1d1ae6bbf1f905d4668c298517

2e8502f4e8a4d7c1b230ee94edf86196.exe

分析耗时

180s

最近分析

文件大小

772.5KB
静态报毒 动态报毒 100% AGENTTESLA AI SCORE=80 AIDETECTVM AUTO AUTOG BSCOPE BUMFVR CEEINJECT CLASSIC CONFIDENCE DELPHI DELPHILESS ENDM ERIH FAREIT GENERICKD GENKRYPTIK HIGH CONFIDENCE HSVL HTKUCI IGENT KRYPTIK MALWARE1 MALWARE@#2U7SVRTAZZXZO RATNET S + TROJ SCORE SUSGEN SUSPICIOUS PE TASKUN UNSAFE USXVPHT20 WGW@ASYTSROI WKTZF X2094 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Injector.193 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201027 18.4.3895.0
Tencent Win32.Trojan.Inject.Auto 20201027 1.0.0.1
Kingsoft 20201027 2013.8.14.323
McAfee Fareit-FYT!2E8502F4E8A4 20201027 6.0.6.653
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619375698.792126
NtAllocateVirtualMemory
process_identifier: 3044
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003d0000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.567910642083482 section {'size_of_data': '0x0003c000', 'virtual_address': '0x0008b000', 'entropy': 7.567910642083482, 'name': '.rsrc', 'virtual_size': '0x0003bea0'} description A section with a high entropy has been found
entropy 0.31108230719377833 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 61 AntiVirus engines on VirusTotal as malicious (50 out of 61 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.34441443
FireEye Generic.mg.2e8502f4e8a4d7c1
ALYac Spyware.AgentTesla
Malwarebytes Trojan.MalPack.DLF
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Password-Stealer ( 004b92e81 )
Alibaba Trojan:Win32/Injector.193
K7GW Password-Stealer ( 004b92e81 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Generic.D20D88E3
Invincea Mal/Generic-S + Troj/AutoG-IX
Cyren W32/Trojan.HSVL-0459
Symantec Trojan Horse
APEX Malicious
Avast Win32:Trojan-gen
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
BitDefender Trojan.GenericKD.34441443
NANO-Antivirus Trojan.Win32.Kryptik.htkuci
Paloalto generic.ml
ViRobot Trojan.Win32.S.Agent.791040.AO
Tencent Win32.Trojan.Inject.Auto
Ad-Aware Trojan.GenericKD.34441443
Emsisoft Trojan.GenericKD.34441443 (B)
Comodo Malware@#2u7svrtazzxzo
DrWeb BackDoor.RatNET.2
Zillya Trojan.Agent.Win32.1389674
TrendMicro TrojanSpy.MSIL.TASKUN.USXVPHT20
McAfee-GW-Edition BehavesLike.Win32.Fareit.bc
MaxSecure Trojan.Malware.300983.susgen
Sophos Troj/AutoG-IX
Ikarus Trojan.Inject
Jiangmin Trojan.Kryptik.cei
Webroot W32.Trojan.Gen
Avira DR/Delphi.wktzf
MAX malware (ai score=80)
Antiy-AVL Trojan/Win32.Kryptik
Microsoft VirTool:Win32/CeeInject.JJ!rfn
AegisLab Trojan.Win32.Kryptik.4!c
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Trojan.GenericKD.34441443
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2094
Acronis suspicious
McAfee Fareit-FYT!2E8502F4E8A4
VBA32 BScope.Trojan.Kryptik
Cylance Unsafe
Zoner Trojan.Win32.93042
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 216.58.200.238:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x47e164 VirtualFree
0x47e168 VirtualAlloc
0x47e16c LocalFree
0x47e170 LocalAlloc
0x47e174 GetVersion
0x47e178 GetCurrentThreadId
0x47e184 VirtualQuery
0x47e188 WideCharToMultiByte
0x47e190 MultiByteToWideChar
0x47e194 lstrlenA
0x47e198 lstrcpynA
0x47e19c LoadLibraryExA
0x47e1a0 GetThreadLocale
0x47e1a4 GetStartupInfoA
0x47e1a8 GetProcAddress
0x47e1ac GetModuleHandleA
0x47e1b0 GetModuleFileNameA
0x47e1b4 GetLocaleInfoA
0x47e1b8 GetLastError
0x47e1c0 GetCommandLineA
0x47e1c4 FreeLibrary
0x47e1c8 FindFirstFileA
0x47e1cc FindClose
0x47e1d0 ExitProcess
0x47e1d4 WriteFile
0x47e1dc RtlUnwind
0x47e1e0 RaiseException
0x47e1e4 GetStdHandle
Library user32.dll:
0x47e1ec GetKeyboardType
0x47e1f0 LoadStringA
0x47e1f4 MessageBoxA
0x47e1f8 CharNextA
Library advapi32.dll:
0x47e200 RegQueryValueExA
0x47e204 RegOpenKeyExA
0x47e208 RegCloseKey
Library oleaut32.dll:
0x47e210 SysFreeString
0x47e214 SysReAllocStringLen
0x47e218 SysAllocStringLen
Library kernel32.dll:
0x47e220 TlsSetValue
0x47e224 TlsGetValue
0x47e228 LocalAlloc
0x47e22c GetModuleHandleA
Library advapi32.dll:
0x47e234 RegQueryValueExA
0x47e238 RegOpenKeyExA
0x47e23c RegCloseKey
Library kernel32.dll:
0x47e244 lstrcpyA
0x47e248 WriteFile
0x47e24c WinExec
0x47e250 WaitForSingleObject
0x47e254 VirtualQuery
0x47e258 VirtualProtect
0x47e25c VirtualAlloc
0x47e260 Sleep
0x47e264 SizeofResource
0x47e268 SetThreadLocale
0x47e26c SetFilePointer
0x47e270 SetEvent
0x47e274 SetErrorMode
0x47e278 SetEndOfFile
0x47e27c ResetEvent
0x47e280 ReadFile
0x47e284 MulDiv
0x47e288 LockResource
0x47e28c LoadResource
0x47e290 LoadLibraryA
0x47e29c GlobalUnlock
0x47e2a0 GlobalReAlloc
0x47e2a4 GlobalHandle
0x47e2a8 GlobalLock
0x47e2ac GlobalFree
0x47e2b0 GlobalFindAtomA
0x47e2b4 GlobalDeleteAtom
0x47e2b8 GlobalAlloc
0x47e2bc GlobalAddAtomA
0x47e2c4 GetVersionExA
0x47e2c8 GetVersion
0x47e2cc GetTickCount
0x47e2d0 GetThreadLocale
0x47e2d4 GetSystemInfo
0x47e2d8 GetStringTypeExA
0x47e2dc GetStdHandle
0x47e2e0 GetProcAddress
0x47e2e4 GetModuleHandleA
0x47e2e8 GetModuleFileNameA
0x47e2ec GetLocaleInfoA
0x47e2f0 GetLocalTime
0x47e2f4 GetLastError
0x47e2f8 GetFullPathNameA
0x47e2fc GetFileAttributesA
0x47e300 GetDiskFreeSpaceA
0x47e304 GetDateFormatA
0x47e308 GetCurrentThreadId
0x47e30c GetCurrentProcessId
0x47e310 GetCPInfo
0x47e314 GetACP
0x47e318 FreeResource
0x47e31c InterlockedExchange
0x47e320 FreeLibrary
0x47e324 FormatMessageA
0x47e328 FindResourceA
0x47e32c FindNextFileA
0x47e330 FindFirstFileA
0x47e334 FindClose
0x47e340 EnumCalendarInfoA
0x47e34c CreateThread
0x47e350 CreateFileA
0x47e354 CreateEventA
0x47e358 CompareStringA
0x47e35c CloseHandle
Library version.dll:
0x47e364 VerQueryValueA
0x47e36c GetFileVersionInfoA
Library gdi32.dll:
0x47e374 UnrealizeObject
0x47e378 StretchBlt
0x47e37c SetWindowOrgEx
0x47e380 SetViewportOrgEx
0x47e384 SetTextColor
0x47e388 SetStretchBltMode
0x47e38c SetROP2
0x47e390 SetPixel
0x47e394 SetDIBColorTable
0x47e398 SetBrushOrgEx
0x47e39c SetBkMode
0x47e3a0 SetBkColor
0x47e3a4 SelectPalette
0x47e3a8 SelectObject
0x47e3ac SelectClipRgn
0x47e3b0 SaveDC
0x47e3b4 RestoreDC
0x47e3b8 Rectangle
0x47e3bc RectVisible
0x47e3c0 RealizePalette
0x47e3c4 PatBlt
0x47e3c8 MoveToEx
0x47e3cc MaskBlt
0x47e3d0 LineTo
0x47e3d4 IntersectClipRect
0x47e3d8 GetWindowOrgEx
0x47e3dc GetTextMetricsA
0x47e3e8 GetStockObject
0x47e3ec GetPixel
0x47e3f0 GetPaletteEntries
0x47e3f4 GetObjectA
0x47e3f8 GetDeviceCaps
0x47e3fc GetDIBits
0x47e400 GetDIBColorTable
0x47e404 GetDCOrgEx
0x47e40c GetClipBox
0x47e410 GetBrushOrgEx
0x47e414 GetBitmapBits
0x47e418 ExtTextOutA
0x47e41c ExcludeClipRect
0x47e420 DeleteObject
0x47e424 DeleteDC
0x47e428 CreateSolidBrush
0x47e42c CreatePenIndirect
0x47e430 CreatePen
0x47e434 CreatePalette
0x47e43c CreateFontIndirectA
0x47e440 CreateDIBitmap
0x47e444 CreateDIBSection
0x47e448 CreateCompatibleDC
0x47e450 CreateBrushIndirect
0x47e454 CreateBitmap
0x47e458 BitBlt
Library user32.dll:
0x47e460 CreateWindowExA
0x47e464 WindowFromPoint
0x47e468 WinHelpA
0x47e46c WaitMessage
0x47e470 ValidateRect
0x47e474 UpdateWindow
0x47e478 UnregisterClassA
0x47e47c UnhookWindowsHookEx
0x47e480 TranslateMessage
0x47e488 TrackPopupMenu
0x47e490 ShowWindow
0x47e494 ShowScrollBar
0x47e498 ShowOwnedPopups
0x47e49c ShowCursor
0x47e4a0 SetWindowsHookExA
0x47e4a4 SetWindowTextA
0x47e4a8 SetWindowPos
0x47e4ac SetWindowPlacement
0x47e4b0 SetWindowLongA
0x47e4b4 SetTimer
0x47e4b8 SetScrollRange
0x47e4bc SetScrollPos
0x47e4c0 SetScrollInfo
0x47e4c4 SetRect
0x47e4c8 SetPropA
0x47e4cc SetParent
0x47e4d0 SetMenuItemInfoA
0x47e4d4 SetMenu
0x47e4d8 SetForegroundWindow
0x47e4dc SetFocus
0x47e4e0 SetCursor
0x47e4e4 SetClassLongA
0x47e4e8 SetCapture
0x47e4ec SetActiveWindow
0x47e4f0 SendMessageA
0x47e4f4 ScrollWindow
0x47e4f8 ScreenToClient
0x47e4fc RemovePropA
0x47e500 RemoveMenu
0x47e504 ReleaseDC
0x47e508 ReleaseCapture
0x47e514 RegisterClassA
0x47e518 RedrawWindow
0x47e51c PtInRect
0x47e520 PostQuitMessage
0x47e524 PostMessageA
0x47e528 PeekMessageA
0x47e52c OffsetRect
0x47e530 OemToCharA
0x47e534 MessageBoxA
0x47e538 MapWindowPoints
0x47e53c MapVirtualKeyA
0x47e540 LoadStringA
0x47e544 LoadKeyboardLayoutA
0x47e548 LoadIconA
0x47e54c LoadCursorA
0x47e550 LoadBitmapA
0x47e554 KillTimer
0x47e558 IsZoomed
0x47e55c IsWindowVisible
0x47e560 IsWindowEnabled
0x47e564 IsWindow
0x47e568 IsRectEmpty
0x47e56c IsIconic
0x47e570 IsDialogMessageA
0x47e574 IsChild
0x47e578 InvalidateRect
0x47e57c IntersectRect
0x47e580 InsertMenuItemA
0x47e584 InsertMenuA
0x47e588 InflateRect
0x47e590 GetWindowTextA
0x47e594 GetWindowRect
0x47e598 GetWindowPlacement
0x47e59c GetWindowLongA
0x47e5a0 GetWindowDC
0x47e5a4 GetTopWindow
0x47e5a8 GetSystemMetrics
0x47e5ac GetSystemMenu
0x47e5b0 GetSysColorBrush
0x47e5b4 GetSysColor
0x47e5b8 GetSubMenu
0x47e5bc GetScrollRange
0x47e5c0 GetScrollPos
0x47e5c4 GetScrollInfo
0x47e5c8 GetPropA
0x47e5cc GetParent
0x47e5d0 GetWindow
0x47e5d4 GetMenuStringA
0x47e5d8 GetMenuState
0x47e5dc GetMenuItemInfoA
0x47e5e0 GetMenuItemID
0x47e5e4 GetMenuItemCount
0x47e5e8 GetMenu
0x47e5ec GetLastActivePopup
0x47e5f0 GetKeyboardState
0x47e5f8 GetKeyboardLayout
0x47e5fc GetKeyState
0x47e600 GetKeyNameTextA
0x47e604 GetIconInfo
0x47e608 GetForegroundWindow
0x47e60c GetFocus
0x47e610 GetDlgItem
0x47e614 GetDesktopWindow
0x47e618 GetDCEx
0x47e61c GetDC
0x47e620 GetCursorPos
0x47e624 GetCursor
0x47e628 GetClientRect
0x47e62c GetClassNameA
0x47e630 GetClassInfoA
0x47e634 GetCapture
0x47e638 GetActiveWindow
0x47e63c FrameRect
0x47e640 FindWindowA
0x47e644 FillRect
0x47e648 EqualRect
0x47e64c EnumWindows
0x47e650 EnumThreadWindows
0x47e654 EndPaint
0x47e658 EnableWindow
0x47e65c EnableScrollBar
0x47e660 EnableMenuItem
0x47e664 DrawTextA
0x47e668 DrawMenuBar
0x47e66c DrawIconEx
0x47e670 DrawIcon
0x47e674 DrawFrameControl
0x47e678 DrawFocusRect
0x47e67c DrawEdge
0x47e680 DispatchMessageA
0x47e684 DestroyWindow
0x47e688 DestroyMenu
0x47e68c DestroyIcon
0x47e690 DestroyCursor
0x47e694 DeleteMenu
0x47e698 DefWindowProcA
0x47e69c DefMDIChildProcA
0x47e6a0 DefFrameProcA
0x47e6a4 CreatePopupMenu
0x47e6a8 CreateMenu
0x47e6ac CreateIcon
0x47e6b0 ClientToScreen
0x47e6b4 CheckMenuItem
0x47e6b8 CallWindowProcA
0x47e6bc CallNextHookEx
0x47e6c0 BeginPaint
0x47e6c4 CharNextA
0x47e6c8 CharLowerBuffA
0x47e6cc CharLowerA
0x47e6d0 CharToOemA
0x47e6d4 AdjustWindowRectEx
Library kernel32.dll:
0x47e6e0 Sleep
Library oleaut32.dll:
0x47e6e8 SafeArrayPtrOfIndex
0x47e6ec SafeArrayGetUBound
0x47e6f0 SafeArrayGetLBound
0x47e6f4 SafeArrayCreate
0x47e6f8 VariantChangeType
0x47e6fc VariantCopy
0x47e700 VariantClear
0x47e704 VariantInit
Library comctl32.dll:
0x47e714 ImageList_Write
0x47e718 ImageList_Read
0x47e728 ImageList_DragMove
0x47e72c ImageList_DragLeave
0x47e730 ImageList_DragEnter
0x47e734 ImageList_EndDrag
0x47e738 ImageList_BeginDrag
0x47e73c ImageList_Remove
0x47e740 ImageList_DrawEx
0x47e744 ImageList_Draw
0x47e754 ImageList_Add
0x47e75c ImageList_Destroy
0x47e760 ImageList_Create
0x47e764 InitCommonControls
Library comdlg32.dll:
0x47e76c GetOpenFileNameA
Library user32.dll:
0x47e774 DdeCmpStringHandles
0x47e778 DdeFreeStringHandle
0x47e77c DdeQueryStringA
0x47e784 DdeGetLastError
0x47e788 DdeFreeDataHandle
0x47e78c DdeUnaccessData
0x47e790 DdeAccessData
0x47e794 DdeCreateDataHandle
0x47e79c DdeNameService
0x47e7a0 DdePostAdvise
0x47e7a4 DdeSetUserHandle
0x47e7a8 DdeQueryConvInfo
0x47e7ac DdeDisconnect
0x47e7b0 DdeConnect
0x47e7b4 DdeUninitialize
0x47e7b8 DdeInitializeA
Library kernel32.dll:

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51379 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.