4.6
中危
54 个模型检测该样本为恶意!
重新分析
更多

515c623a3ebb9077c84c198a23534f9d40c739689934ee29ed5dee02f0d603af

2f2a88beb7af28034e1f9c9a13dadaa1.exe

分析耗时

95s

最近分析

文件大小

685.0KB
静态报毒 动态报毒 100% AI SCORE=87 AIDETECTVM BSCOPE BUKOZ4 BULZ CLASSIC CONFIDENCE CRYPTIH CRYPTINJECT DELF DELPHILESS ENBV ENEZ FAREIT GYALN HIGH CONFIDENCE HSYNUD IGENT INJECT3 JWVM KRYPTIK MALICIOUS PE MALWARE2 MALWARE@#3APYQUFSE0TPL QGW@AYUVJFCI RULTAZO S15671545 SCORE SUSGEN UNSAFE X2094 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Baidu 20190318 1.0.0.2
Alibaba Trojan:Win32/CryptInject.3cd17f9e 20190527 0.3.0.5
Kingsoft 20201024 2013.8.14.323
McAfee Fareit-FYT!2F2A88BEB7AF 20201024 6.0.6.653
Avast Win32:Trojan-gen 20201024 18.4.3895.0
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619340431.87575
NtAllocateVirtualMemory
process_identifier: 2856
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e0000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.440701994430925 section {'size_of_data': '0x00025c00', 'virtual_address': '0x0008b000', 'entropy': 7.440701994430925, 'name': '.rsrc', 'virtual_size': '0x00025b48'} description A section with a high entropy has been found
entropy 0.22076023391812866 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Delf.FareIt.Gen.13
FireEye Generic.mg.2f2a88beb7af2803
CAT-QuickHeal Trojan.CryptIH.S15671545
ALYac Trojan.Delf.FareIt.Gen.13
Cylance Unsafe
AegisLab Trojan.Win32.Crypt.4!c
Sangfor Malware
K7AntiVirus Trojan ( 0056d3651 )
BitDefender Trojan.Delf.FareIt.Gen.13
K7GW Trojan ( 0056d3651 )
Cybereason malicious.7416ac
BitDefenderTheta Gen:NN.ZelphiF.34590.QGW@ayuvJfci
Cyren W32/Injector.JWVM-0825
Symantec Infostealer.Rultazo
ESET-NOD32 a variant of Win32/Injector.ENBV
APEX Malicious
Paloalto generic.ml
ClamAV Win.Malware.Bulz-9515341-0
Kaspersky HEUR:Trojan.Win32.Crypt.gen
Alibaba Trojan:Win32/CryptInject.3cd17f9e
NANO-Antivirus Trojan.Win32.Crypt.hsynud
Ad-Aware Trojan.Delf.FareIt.Gen.13
Comodo Malware@#3apyqufse0tpl
MaxSecure Trojan.Malware.300983.susgen
DrWeb Trojan.Inject3.53121
VIPRE Trojan.Win32.Generic!BT
Invincea Mal/Generic-S
McAfee-GW-Edition BehavesLike.Win32.Fareit.jc
Sophos Mal/Generic-S
Ikarus Trojan-Downloader.Win32.Delf
GData Trojan.Delf.FareIt.Gen.13
Jiangmin Trojan.Crypt.dyn
Avira TR/Injector.gyaln
MAX malware (ai score=87)
Arcabit Trojan.Delf.FareIt.Gen.13
AhnLab-V3 Suspicious/Win.Delphiless.X2094
ZoneAlarm HEUR:Trojan.Win32.Crypt.gen
Microsoft Trojan:Win32/CryptInject.AW!MTB
Acronis suspicious
McAfee Fareit-FYT!2F2A88BEB7AF
VBA32 BScope.Trojan.Kryptik
Panda Trj/CI.A
Zoner Trojan.Win32.92582
Rising Trojan.Injector!1.CB1A (CLASSIC)
Yandex Trojan.Igent.bUkOz4.11
SentinelOne DFI - Malicious PE
eGambit Unsafe.AI_Score_99%
Fortinet W32/Injector.ENEZ!tr
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x47e150 VirtualFree
0x47e154 VirtualAlloc
0x47e158 LocalFree
0x47e15c LocalAlloc
0x47e160 GetVersion
0x47e164 GetCurrentThreadId
0x47e170 VirtualQuery
0x47e174 WideCharToMultiByte
0x47e17c MultiByteToWideChar
0x47e180 lstrlenA
0x47e184 lstrcpynA
0x47e188 LoadLibraryExA
0x47e18c GetThreadLocale
0x47e190 GetStartupInfoA
0x47e194 GetProcAddress
0x47e198 GetModuleHandleA
0x47e19c GetModuleFileNameA
0x47e1a0 GetLocaleInfoA
0x47e1a4 GetLastError
0x47e1ac GetCommandLineA
0x47e1b0 FreeLibrary
0x47e1b4 FindFirstFileA
0x47e1b8 FindClose
0x47e1bc ExitProcess
0x47e1c0 WriteFile
0x47e1c8 RtlUnwind
0x47e1cc RaiseException
0x47e1d0 GetStdHandle
Library user32.dll:
0x47e1d8 GetKeyboardType
0x47e1dc LoadStringA
0x47e1e0 MessageBoxA
0x47e1e4 CharNextA
Library advapi32.dll:
0x47e1ec RegQueryValueExA
0x47e1f0 RegOpenKeyExA
0x47e1f4 RegCloseKey
Library oleaut32.dll:
0x47e1fc SysFreeString
0x47e200 SysReAllocStringLen
0x47e204 SysAllocStringLen
Library kernel32.dll:
0x47e20c TlsSetValue
0x47e210 TlsGetValue
0x47e214 LocalAlloc
0x47e218 GetModuleHandleA
Library advapi32.dll:
0x47e220 RegQueryValueExA
0x47e224 RegOpenKeyExA
0x47e228 RegCloseKey
Library kernel32.dll:
0x47e230 lstrcpyA
0x47e234 WriteFile
0x47e238 WaitForSingleObject
0x47e23c VirtualQuery
0x47e240 VirtualAlloc
0x47e244 Sleep
0x47e248 SizeofResource
0x47e250 SetThreadLocale
0x47e254 SetFilePointer
0x47e258 SetEvent
0x47e25c SetErrorMode
0x47e260 SetEndOfFile
0x47e264 ResetEvent
0x47e268 ReadFile
0x47e26c MultiByteToWideChar
0x47e270 MulDiv
0x47e274 LockResource
0x47e278 LoadResource
0x47e27c LoadLibraryA
0x47e288 GlobalUnlock
0x47e28c GlobalSize
0x47e290 GlobalReAlloc
0x47e294 GlobalHandle
0x47e298 GlobalLock
0x47e29c GlobalFree
0x47e2a0 GlobalFindAtomA
0x47e2a4 GlobalDeleteAtom
0x47e2a8 GlobalAlloc
0x47e2ac GlobalAddAtomA
0x47e2b0 GetVersionExA
0x47e2b4 GetVersion
0x47e2b8 GetUserDefaultLCID
0x47e2bc GetTickCount
0x47e2c0 GetThreadLocale
0x47e2c8 GetSystemTime
0x47e2cc GetSystemInfo
0x47e2d0 GetStringTypeExA
0x47e2d4 GetStdHandle
0x47e2d8 GetProcAddress
0x47e2dc GetModuleHandleA
0x47e2e0 GetModuleFileNameA
0x47e2e4 GetLocaleInfoA
0x47e2e8 GetLocalTime
0x47e2ec GetLastError
0x47e2f0 GetFullPathNameA
0x47e2f4 GetFileAttributesA
0x47e2f8 GetDiskFreeSpaceA
0x47e2fc GetDateFormatA
0x47e300 GetCurrentThreadId
0x47e304 GetCurrentProcessId
0x47e308 GetComputerNameA
0x47e30c GetCPInfo
0x47e310 GetACP
0x47e314 FreeResource
0x47e318 InterlockedExchange
0x47e31c FreeLibrary
0x47e320 FormatMessageA
0x47e324 FindResourceA
0x47e328 FindNextFileA
0x47e32c FindFirstFileA
0x47e330 FindClose
0x47e340 ExitThread
0x47e344 EnumCalendarInfoA
0x47e350 CreateThread
0x47e354 CreateFileA
0x47e358 CreateEventA
0x47e35c CompareStringA
0x47e360 CloseHandle
Library version.dll:
0x47e368 VerQueryValueA
0x47e370 GetFileVersionInfoA
Library gdi32.dll:
0x47e378 UnrealizeObject
0x47e37c StretchBlt
0x47e380 SetWindowOrgEx
0x47e384 SetWinMetaFileBits
0x47e388 SetViewportOrgEx
0x47e38c SetTextColor
0x47e390 SetStretchBltMode
0x47e394 SetROP2
0x47e398 SetPixel
0x47e39c SetMapMode
0x47e3a0 SetEnhMetaFileBits
0x47e3a4 SetDIBColorTable
0x47e3a8 SetBrushOrgEx
0x47e3ac SetBkMode
0x47e3b0 SetBkColor
0x47e3b4 SelectPalette
0x47e3b8 SelectObject
0x47e3bc SaveDC
0x47e3c0 RestoreDC
0x47e3c4 RectVisible
0x47e3c8 RealizePalette
0x47e3cc PlayEnhMetaFile
0x47e3d0 PatBlt
0x47e3d4 MoveToEx
0x47e3d8 MaskBlt
0x47e3dc LineTo
0x47e3e0 LPtoDP
0x47e3e4 IntersectClipRect
0x47e3e8 GetWindowOrgEx
0x47e3ec GetWinMetaFileBits
0x47e3f0 GetTextMetricsA
0x47e3fc GetStockObject
0x47e400 GetPixel
0x47e404 GetPaletteEntries
0x47e408 GetObjectA
0x47e418 GetEnhMetaFileBits
0x47e41c GetDeviceCaps
0x47e420 GetDIBits
0x47e424 GetDIBColorTable
0x47e428 GetDCOrgEx
0x47e430 GetClipBox
0x47e434 GetBrushOrgEx
0x47e438 GetBitmapBits
0x47e43c ExtTextOutA
0x47e440 ExcludeClipRect
0x47e444 DeleteObject
0x47e448 DeleteEnhMetaFile
0x47e44c DeleteDC
0x47e450 CreateSolidBrush
0x47e454 CreatePenIndirect
0x47e458 CreatePalette
0x47e460 CreateFontIndirectA
0x47e464 CreateEnhMetaFileA
0x47e468 CreateDIBitmap
0x47e46c CreateDIBSection
0x47e470 CreateCompatibleDC
0x47e478 CreateBrushIndirect
0x47e47c CreateBitmap
0x47e480 CopyEnhMetaFileA
0x47e484 CloseEnhMetaFile
0x47e488 BitBlt
Library user32.dll:
0x47e490 CreateWindowExA
0x47e494 WindowFromPoint
0x47e498 WinHelpA
0x47e49c WaitMessage
0x47e4a0 UpdateWindow
0x47e4a4 UnregisterClassA
0x47e4a8 UnhookWindowsHookEx
0x47e4ac TranslateMessage
0x47e4b4 TrackPopupMenu
0x47e4bc ShowWindow
0x47e4c0 ShowScrollBar
0x47e4c4 ShowOwnedPopups
0x47e4c8 ShowCursor
0x47e4cc SetWindowsHookExA
0x47e4d0 SetWindowTextA
0x47e4d4 SetWindowPos
0x47e4d8 SetWindowPlacement
0x47e4dc SetWindowLongA
0x47e4e0 SetTimer
0x47e4e4 SetScrollRange
0x47e4e8 SetScrollPos
0x47e4ec SetScrollInfo
0x47e4f0 SetRect
0x47e4f4 SetPropA
0x47e4f8 SetParent
0x47e4fc SetMenuItemInfoA
0x47e500 SetMenu
0x47e504 SetForegroundWindow
0x47e508 SetFocus
0x47e50c SetCursor
0x47e510 SetClassLongA
0x47e514 SetCapture
0x47e518 SetActiveWindow
0x47e51c SendMessageA
0x47e520 ScrollWindow
0x47e524 ScreenToClient
0x47e528 RemovePropA
0x47e52c RemoveMenu
0x47e530 ReleaseDC
0x47e534 ReleaseCapture
0x47e540 RegisterClassA
0x47e544 RedrawWindow
0x47e548 PtInRect
0x47e54c PostQuitMessage
0x47e550 PostMessageA
0x47e554 PeekMessageA
0x47e558 OffsetRect
0x47e55c OemToCharA
0x47e560 MessageBoxA
0x47e564 MapWindowPoints
0x47e568 MapVirtualKeyA
0x47e56c LoadStringA
0x47e570 LoadKeyboardLayoutA
0x47e574 LoadIconA
0x47e578 LoadCursorA
0x47e57c LoadBitmapA
0x47e580 KillTimer
0x47e584 IsZoomed
0x47e588 IsWindowVisible
0x47e58c IsWindowEnabled
0x47e590 IsWindow
0x47e594 IsRectEmpty
0x47e598 IsIconic
0x47e59c IsDialogMessageA
0x47e5a0 IsChild
0x47e5a4 InvalidateRect
0x47e5a8 IntersectRect
0x47e5ac InsertMenuItemA
0x47e5b0 InsertMenuA
0x47e5b4 InflateRect
0x47e5bc GetWindowTextA
0x47e5c0 GetWindowRect
0x47e5c4 GetWindowPlacement
0x47e5c8 GetWindowLongA
0x47e5cc GetWindowDC
0x47e5d0 GetTopWindow
0x47e5d4 GetSystemMetrics
0x47e5d8 GetSystemMenu
0x47e5dc GetSysColorBrush
0x47e5e0 GetSysColor
0x47e5e4 GetSubMenu
0x47e5e8 GetScrollRange
0x47e5ec GetScrollPos
0x47e5f0 GetScrollInfo
0x47e5f4 GetPropA
0x47e5f8 GetParent
0x47e5fc GetWindow
0x47e600 GetMessageTime
0x47e604 GetMenuStringA
0x47e608 GetMenuState
0x47e60c GetMenuItemInfoA
0x47e610 GetMenuItemID
0x47e614 GetMenuItemCount
0x47e618 GetMenu
0x47e61c GetLastActivePopup
0x47e620 GetKeyboardState
0x47e628 GetKeyboardLayout
0x47e62c GetKeyState
0x47e630 GetKeyNameTextA
0x47e634 GetIconInfo
0x47e638 GetForegroundWindow
0x47e63c GetFocus
0x47e640 GetDesktopWindow
0x47e644 GetDCEx
0x47e648 GetDC
0x47e64c GetCursorPos
0x47e650 GetCursor
0x47e654 GetClipboardData
0x47e658 GetClientRect
0x47e65c GetClassNameA
0x47e660 GetClassInfoA
0x47e664 GetCapture
0x47e668 GetActiveWindow
0x47e66c FrameRect
0x47e670 FindWindowA
0x47e674 FillRect
0x47e678 EqualRect
0x47e67c EnumWindows
0x47e680 EnumThreadWindows
0x47e684 EndPaint
0x47e688 EnableWindow
0x47e68c EnableScrollBar
0x47e690 EnableMenuItem
0x47e694 DrawTextA
0x47e698 DrawMenuBar
0x47e69c DrawIconEx
0x47e6a0 DrawIcon
0x47e6a4 DrawFrameControl
0x47e6a8 DrawFocusRect
0x47e6ac DrawEdge
0x47e6b0 DispatchMessageA
0x47e6b4 DestroyWindow
0x47e6b8 DestroyMenu
0x47e6bc DestroyIcon
0x47e6c0 DestroyCursor
0x47e6c4 DeleteMenu
0x47e6c8 DefWindowProcA
0x47e6cc DefMDIChildProcA
0x47e6d0 DefFrameProcA
0x47e6d4 CreatePopupMenu
0x47e6d8 CreateMenu
0x47e6dc CreateIcon
0x47e6e0 ClientToScreen
0x47e6e4 CheckMenuItem
0x47e6e8 CallWindowProcA
0x47e6ec CallNextHookEx
0x47e6f0 BeginPaint
0x47e6f4 CharNextA
0x47e6f8 CharLowerBuffA
0x47e6fc CharLowerA
0x47e700 CharToOemA
0x47e704 AdjustWindowRectEx
Library kernel32.dll:
0x47e710 Sleep
Library oleaut32.dll:
0x47e718 SafeArrayPtrOfIndex
0x47e71c SafeArrayGetUBound
0x47e720 SafeArrayGetLBound
0x47e724 SafeArrayCreate
0x47e728 VariantChangeType
0x47e72c VariantCopy
0x47e730 VariantClear
0x47e734 VariantInit
Library ole32.dll:
0x47e740 IsAccelerator
0x47e744 OleDraw
0x47e74c CoTaskMemFree
0x47e750 ProgIDFromCLSID
0x47e754 StringFromCLSID
0x47e758 CoCreateInstance
0x47e75c CoGetClassObject
0x47e760 CoUninitialize
0x47e764 CoInitialize
0x47e768 IsEqualGUID
Library oleaut32.dll:
0x47e770 GetErrorInfo
0x47e774 GetActiveObject
0x47e778 SysFreeString
Library comctl32.dll:
0x47e788 ImageList_Write
0x47e78c ImageList_Read
0x47e79c ImageList_DragMove
0x47e7a0 ImageList_DragLeave
0x47e7a4 ImageList_DragEnter
0x47e7a8 ImageList_EndDrag
0x47e7ac ImageList_BeginDrag
0x47e7b0 ImageList_Remove
0x47e7b4 ImageList_DrawEx
0x47e7b8 ImageList_Draw
0x47e7c8 ImageList_Add
0x47e7d0 ImageList_Destroy
0x47e7d4 ImageList_Create

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.