SmartHawk

4.0

中危

32 个模型检测该样本为恶意！

重新分析

下载样本

3a0f1c4fad881cbdcee2466e5759e69f00247624f3e03beb6b2b5c7b1759ef40

2eb713ede824a53bbe2079d48fd0e877.exe

分析耗时

92s

最近分析

文件大小

806.0KB

静态报毒动态报毒 ARTEMIS CLOUD FAKETC GENERIC PUA DC HGIASQ8A JOHNNIE MALWARE@#33APB8UPEA72A PRESENOKER SUSGEN UNSAFE 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Baidu		20190318	1.0.0.2
Avast		20210405	21.1.5827.0
Alibaba	Trojan:Win32/FakeTC.4c7e2ebd	20190527	0.3.0.5
Kingsoft		20210405	2017.9.26.565
McAfee	Artemis!2EB713EDE824	20210405	6.0.6.653
Tencent		20210405	1.0.0.1
CrowdStrike		20210203	1.0

This executable has a PDB path (1 个事件)

pdb_path

c:\Projects\svn\bit4crypt\truecrypt\Format\Release\Format.pdb

The file contains an unknown PE resource name possibly indicative of a packer (3 个事件)

resource name	HEADER
resource name	TEXT
resource name	XML

The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)

entropy

6.93888062249508

section

{'size_of_data': '0x0000da00', 'virtual_address': '0x00051000', 'entropy': 6.93888062249508, 'name': '.rdata', 'virtual_size': '0x0000d82e'}

description

A section with a high entropy has been found

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 32 AntiVirus engines on VirusTotal as malicious (32 个事件)

MicroWorld-eScan	Gen:Variant.Johnnie.198651
FireEye	Gen:Variant.Johnnie.198651
CAT-QuickHeal	Trojan.FakeTC
ALYac	Gen:Variant.Johnnie.198651
Cylance	Unsafe
Zillya	Trojan.FakeTC.Win32.31
AegisLab	Trojan.Win32.FakeTC.4!c
Sangfor	Trojan.Win32.FakeTC.dr
K7AntiVirus	Riskware ( 0040eff71 )
BitDefender	Gen:Variant.Johnnie.198651
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.de824a
APEX	Malicious
Kaspersky	Trojan.Win32.FakeTC.dr
Alibaba	Trojan:Win32/FakeTC.4c7e2ebd
Rising	Trojan.FakeTC!8.537D (CLOUD)
Ad-Aware	Gen:Variant.Johnnie.198651
Sophos	Generic PUA DC (PUA)
Comodo	Malware@#33apb8upea72a
McAfee-GW-Edition	BehavesLike.Win32.Dropper.cc
Emsisoft	Gen:Variant.Johnnie.198651 (B)
Jiangmin	Trojan.FakeTC.h
Microsoft	PUA:Win32/Presenoker
ZoneAlarm	Trojan.Win32.FakeTC.dr
GData	Gen:Variant.Johnnie.198651
McAfee	Artemis!2EB713EDE824
TACHYON	Trojan/W32.FakeTC.825344
VBA32	Trojan.FakeTC
Panda	Trj/CI.A
Fortinet	W32/FakeTC.DR!tr
MaxSecure	Trojan.Malware.74206645.susgen
Qihoo-360	Win32/Trojan.Generic.HgIASQ8A

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)

dead_host	172.217.24.14:443
dead_host	172.217.160.110:443
dead_host	172.217.160.78:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2007-02-12 20:03:47

Imports

Library COMCTL32.dll:

• 0x451060

Library KERNEL32.dll:

• 0x4510a0 WriteFile

• 0x4510a4 _lread

• 0x4510a8 _lwrite

• 0x4510ac _llseek

• 0x4510b0 GetWindowsDirectoryA

• 0x4510b4 GetSystemDirectoryA

• 0x4510b8 GetModuleFileNameW

• 0x4510bc GetFileSize

• 0x4510c0 CreateDirectoryA

• 0x4510c4 OutputDebugStringA

• 0x4510c8 GetProcAddress

• 0x4510cc GetModuleHandleA

• 0x4510d0 GetCurrentDirectoryA

• 0x4510d4 LockResource

• 0x4510d8 SizeofResource

• 0x4510dc LoadResource

• 0x4510e0 FindResourceA

• 0x4510e4 GetTickCount

• 0x4510e8 SetFilePointer

• 0x4510ec SetEndOfFile

• 0x4510f0 FreeLibrary

• 0x4510f4 LoadLibraryA

• 0x4510f8 CreateFileW

• 0x4510fc FindNextFileW

• 0x451100 FindFirstFileW

• 0x451104 FlushFileBuffers

• 0x451108 GetCurrentThreadId

• 0x45110c InitializeCriticalSection

• 0x451110 DeleteCriticalSection

• 0x451114 LeaveCriticalSection

• 0x451118 EnterCriticalSection

• 0x45111c GetStartupInfoA

• 0x451120 GetProcessWorkingSetSize

• 0x451124 GetProcessTimes

• 0x451128 GetThreadTimes

• 0x45112c GlobalMemoryStatus

• 0x451130 GetProcessHeap

• 0x451134 SystemTimeToFileTime

• 0x451138 GetLocalTime

• 0x45113c ExitProcess

• 0x451140 ExitThread

• 0x451144 ResumeThread

• 0x451148 CreateThread

• 0x45114c SetFileAttributesA

• 0x451150 GetFileAttributesA

• 0x451154 TerminateProcess

• 0x451158 HeapFree

• 0x45115c HeapAlloc

• 0x451160 GetCurrentThread

• 0x451164 GetFileType

• 0x451168 FileTimeToSystemTime

• 0x45116c FileTimeToLocalFileTime

• 0x451170 FindNextFileA

• 0x451174 GetCommandLineA

• 0x451178 TlsAlloc

• 0x45117c TlsFree

• 0x451180 TlsSetValue

• 0x451184 TlsGetValue

• 0x451188 HeapDestroy

• 0x45118c HeapCreate

• 0x451190 VirtualFree

• 0x451194 VirtualAlloc

• 0x451198 HeapReAlloc

• 0x45119c HeapSize

• 0x4511a0 LCMapStringA

• 0x4511a4 LCMapStringW

• 0x4511a8 SetHandleCount

• 0x4511ac GetStdHandle

• 0x4511b0 SetStdHandle

• 0x4511b4 GetFullPathNameA

• 0x4511b8 FreeEnvironmentStringsA

• 0x4511bc GetEnvironmentStrings

• 0x4511c0 FreeEnvironmentStringsW

• 0x4511c4 GetEnvironmentStringsW

• 0x4511c8 RtlUnwind

• 0x4511cc InterlockedExchange

• 0x4511d0 GetStringTypeA

• 0x4511d4 GetStringTypeW

• 0x4511d8 GetCPInfo

• 0x4511dc GetLocaleInfoA

• 0x4511e0 GetACP

• 0x4511e4 GetOEMCP

• 0x4511e8 VirtualProtect

• 0x4511ec GetSystemInfo

• 0x4511f0 GetTimeZoneInformation

• 0x4511f4 CompareStringA

• 0x4511f8 CompareStringW

• 0x4511fc SetEnvironmentVariableA

• 0x451200 GetCurrentProcess

• 0x451204 GetLogicalDrives

• 0x451208 QueryPerformanceFrequency

• 0x45120c QueryPerformanceCounter

• 0x451210 GetDriveTypeA

• 0x451214 SetCurrentDirectoryA

• 0x451218 FindFirstFileA

• 0x45121c FindClose

• 0x451220 QueryDosDeviceA

• 0x451224 GetModuleFileNameA

• 0x451228 GetVersionExA

• 0x45122c SetUnhandledExceptionFilter

• 0x451230 VirtualQuery

• 0x451234 UnhandledExceptionFilter

• 0x451238 MultiByteToWideChar

• 0x45123c WideCharToMultiByte

• 0x451240 FormatMessageW

• 0x451244 LocalFree

• 0x451248 GetCurrentProcessId

• 0x45124c DefineDosDeviceA

• 0x451250 VirtualUnlock

• 0x451254 VirtualLock

• 0x451258 DeleteFileA

• 0x45125c Sleep

• 0x451260 SetFilePointerEx

• 0x451264 ReadFile

• 0x451268 GetVolumeInformationA

• 0x45126c GetDiskFreeSpaceExA

• 0x451270 DeviceIoControl

• 0x451274 GetFileSizeEx

• 0x451278 CreateFileA

• 0x45127c GetFileTime

• 0x451280 GetFileInformationByHandle

• 0x451284 SetFileTime

• 0x451288 CloseHandle

• 0x45128c GetLastError

• 0x451290 SetLastError

• 0x451294 GetSystemTimeAsFileTime

Library USER32.dll:

• 0x4512c8 SetWindowLongA

• 0x4512cc GetClassNameA

• 0x4512d0 GetDlgCtrlID

• 0x4512d4 EnumWindows

• 0x4512d8 FindWindowExA

• 0x4512dc GetKeyState

• 0x4512e0 SendMessageTimeoutA

• 0x4512e4 wsprintfA

• 0x4512e8 SendDlgItemMessageA

• 0x4512ec MessageBoxA

• 0x4512f0 GetWindowLongA

• 0x4512f4 SendDlgItemMessageW

• 0x4512f8 GetWindowTextW

• 0x4512fc SetWindowsHookExA

• 0x451300 UnhookWindowsHookEx

• 0x451304 CallNextHookEx

• 0x451308 GetCursorPos

• 0x45130c GetCaretPos

• 0x451310 GetQueueStatus

• 0x451314 GetProcessWindowStation

• 0x451318 GetOpenClipboardWindow

• 0x45131c GetMessageTime

• 0x451320 GetMessagePos

• 0x451324 GetInputState

• 0x451328 GetFocus

• 0x45132c GetDesktopWindow

• 0x451330 GetClipboardViewer

• 0x451334 GetClipboardOwner

• 0x451338 GetCapture

• 0x45133c GetActiveWindow

• 0x451340 DefWindowProcA

• 0x451344 GetClientRect

• 0x451348 GetDialogBaseUnits

• 0x45134c EnumChildWindows

• 0x451350 LoadBitmapA

• 0x451354 ReleaseDC

• 0x451358 GetDC

• 0x45135c SystemParametersInfoW

• 0x451360 GetSystemMenu

• 0x451364 AppendMenuA

• 0x451368 AppendMenuW

• 0x45136c SetDlgItemTextA

• 0x451370 UnregisterClassA

• 0x451374 KillTimer

• 0x451378 GetSystemMetrics

• 0x45137c GetClassInfoA

• 0x451380 SendMessageW

• 0x451384 GetWindowTextLengthA

• 0x451388 InvalidateRect

• 0x45138c SetFocus

• 0x451390 DestroyWindow

• 0x451394 ShowWindow

• 0x451398 GetWindowRect

• 0x45139c CreateDialogParamW

• 0x4513a0 MapDialogRect

• 0x4513a4 MoveWindow

• 0x4513a8 MessageBoxW

• 0x4513ac DialogBoxParamW

• 0x4513b0 MessageBeep

• 0x4513b4 SetTimer

• 0x4513b8 PostMessageA

• 0x4513bc GetWindowTextA

• 0x4513c0 GetParent

• 0x4513c4 EnableWindow

• 0x4513c8 SendMessageA

• 0x4513cc SetWindowTextA

• 0x4513d0 SetWindowTextW

• 0x4513d4 wsprintfW

• 0x4513d8 IsWindow

• 0x4513dc EndDialog

• 0x4513e0 GetDlgItem

• 0x4513e4 LoadCursorA

• 0x4513e8 SetCursor

• 0x4513ec DefDlgProcA

• 0x4513f0 LoadIconA

• 0x4513f4 RegisterClassA

• 0x4513f8 GetUpdateRect

• 0x4513fc EndPaint

• 0x451400 BeginPaint

Library GDI32.dll:

• 0x451068 CreatePen

• 0x45106c MoveToEx

• 0x451070 LineTo

• 0x451074 GetCurrentObject

• 0x451078 GetObjectA

• 0x45107c GetStockObject

• 0x451080 CreateCompatibleDC

• 0x451084 SetMapMode

• 0x451088 SelectObject

• 0x45108c CreateFontIndirectW

• 0x451090 GetDeviceCaps

• 0x451094 BitBlt

• 0x451098 DeleteObject

Library comdlg32.dll:

• 0x451408 GetOpenFileNameW

• 0x45140c GetSaveFileNameW

Library ADVAPI32.dll:

• 0x451000 OpenSCManagerA

• 0x451004 RegDeleteValueA

• 0x451008 RegCreateKeyExA

• 0x45100c RegSetValueExA

• 0x451010 CryptGenRandom

• 0x451014 CryptReleaseContext

• 0x451018 CryptAcquireContextA

• 0x45101c RegOpenKeyExA

• 0x451020 RegQueryValueExA

• 0x451024 RegCloseKey

• 0x451028 OpenThreadToken

• 0x45102c OpenProcessToken

• 0x451030 GetTokenInformation

• 0x451034 AllocateAndInitializeSid

• 0x451038 EqualSid

• 0x45103c CloseServiceHandle

• 0x451040 ControlService

• 0x451044 QueryServiceStatus

• 0x451048 OpenServiceA

• 0x45104c DeleteService

• 0x451050 StartServiceA

• 0x451054 CreateServiceA

• 0x451058 FreeSid

Library SHELL32.dll:

• 0x45129c DragFinish

• 0x4512a0 SHGetFileInfoA

• 0x4512a4 SHGetMalloc

• 0x4512a8 SHBrowseForFolderW

• 0x4512ac SHGetPathFromIDListA

• 0x4512b0 SHGetFolderPathA

• 0x4512b4 ShellExecuteA

• 0x4512b8 DragQueryFileA

• 0x4512bc DragAcceptFiles

• 0x4512c0 SHChangeNotify

Library ole32.dll:

• 0x451414 CoInitialize

• 0x451418 CoUninitialize

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
clients2.google.com	A 172.217.160.78 CNAME clients.l.google.com A 172.217.160.110	172.217.160.78
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	51808	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	60123	114.114.114.114	53
192.168.56.101	60384	114.114.114.114	53
192.168.56.101	62912	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49713	224.0.0.252	5355
192.168.56.101	51378	224.0.0.252	5355
192.168.56.101	53237	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	58367	224.0.0.252	5355
192.168.56.101	61680	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	62318	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	65004	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.