4.0
中危
56 个模型检测该样本为恶意!
重新分析
更多

6bd678bf71a6b8c33bd6b03d2559ee5e43fef7b6449d48962a2c4032ce7a8138

31b1ec9f1787e4e1ea11914da6375ce5.exe

分析耗时

91s

最近分析

文件大小

826.0KB
静态报毒 动态报毒 AI SCORE=82 AIDETECTVM ATTRIBUTE BSCOPE CLASSIC CONFIDENCE DECXX DELF DOWNLOADER33 EMPE FIHQ GDSDA GENCIRC GENERICRXKP HESV HIGH CONFIDENCE HIGHCONFIDENCE KRYPTIK MALWARE1 MALWARE@#32OP195VPO2DH MALWAREX R06EC0DIA20 R339534 REMCOSCRYPT S388YO8RDNE SCORE SONBOKLI STATIC AI SUSPICIOUS PE UNSAFE ZELPHIF ZGW@ASTCWQJI 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanDownloader:Win32/MalwareX.23fd1141 20190527 0.3.0.5
Avast Win32:MalwareX-gen [Trj] 20201210 21.1.5827.0
Baidu 20190318 1.0.0.2
Kingsoft 20201211 2017.9.26.565
McAfee GenericRXKP-SN!31B1EC9F1787 20201211 6.0.6.653
Tencent Malware.Win32.Gencirc.11786084 20201211 1.0.0.1
CrowdStrike win/malicious_confidence_80% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619358725.58425
__exception__
stacktrace: 
0x3541386
0x35413b9
0x35412d6
0x34ff2b8
0x35424ad
0x35429ce
0x3519352
0x350df1e
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x775a7bca
0x353efb0
0x3542c43
31b1ec9f1787e4e1ea11914da6375ce5+0x56cf3 @ 0x456cf3
0x34f0338

registers.esp: 1634384
registers.edi: 0
registers.eax: 1634384
registers.ebp: 1634464
registers.edx: 0
registers.ebx: 1636140
registers.esi: 55983252
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1619358678.83425
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005c0000
success 0 0
1619358684.28725
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x022d0000
success 0 0
Downloads a file or document from Google Drive (1 个事件)
domain drive.google.com
网络通信
File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
DrWeb Trojan.DownLoader33.42638
MicroWorld-eScan Trojan.Empe.1.Gen
FireEye Trojan.Empe.1.Gen
ALYac Trojan.Empe.1.Gen
Malwarebytes Trojan.MalPack.SMY
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
Alibaba TrojanDownloader:Win32/MalwareX.23fd1141
K7GW Riskware ( 0040eff71 )
Arcabit Trojan.Empe.1.Gen
BitDefenderTheta Gen:NN.ZelphiF.34670.ZGW@aStcwqji
Cyren W32/Delf.FIHQ-1080
Symantec ML.Attribute.HighConfidence
ESET-NOD32 Win32/TrojanDownloader.Delf.BZL
APEX Malicious
Avast Win32:MalwareX-gen [Trj]
Kaspersky HEUR:Trojan.Win32.Hesv.gen
BitDefender Trojan.Empe.1.Gen
Paloalto generic.ml
Rising Trojan.Kryptik!1.C56D (CLASSIC)
Ad-Aware Trojan.Empe.1.Gen
Sophos Mal/Generic-S
Comodo Malware@#32op195vpo2dh
F-Secure Trojan.TR/Dldr.Delf.decxx
Zillya Downloader.Delf.Win32.59164
TrendMicro TROJ_GEN.R06EC0DIA20
McAfee-GW-Edition GenericRXKP-SN!31B1EC9F1787
Emsisoft Trojan.Empe.1.Gen (B)
Ikarus Trojan-Dropper.Win32.Delf
Webroot W32.Malware.Gen
Avira TR/Dldr.Delf.decxx
MAX malware (ai score=82)
Antiy-AVL Trojan/Win32.Hesv
Microsoft Trojan:Win32/RemcosCrypt.ACH!MTB
AegisLab Trojan.Win32.Hesv.4!c
ZoneAlarm HEUR:Trojan.Win32.Hesv.gen
GData Trojan.Empe.1.Gen
Cynet Malicious (score: 85)
AhnLab-V3 Trojan/Win32.Sonbokli.R339534
McAfee GenericRXKP-SN!31B1EC9F1787
VBA32 BScope.TrojanDropper.Agent
Cylance Unsafe
Zoner Trojan.Win32.91132
TrendMicro-HouseCall TROJ_GEN.R06EC0DIA20
Tencent Malware.Win32.Gencirc.11786084
Yandex Trojan.DL.Delf!s388YO8rDNE
SentinelOne Static AI - Suspicious PE
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 162.125.82.7:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x4b6150 VirtualFree
0x4b6154 VirtualAlloc
0x4b6158 LocalFree
0x4b615c LocalAlloc
0x4b6160 GetVersion
0x4b6164 GetCurrentThreadId
0x4b6170 VirtualQuery
0x4b6174 WideCharToMultiByte
0x4b6178 MultiByteToWideChar
0x4b617c lstrlenA
0x4b6180 lstrcpynA
0x4b6184 LoadLibraryExA
0x4b6188 GetThreadLocale
0x4b618c GetStartupInfoA
0x4b6190 GetProcAddress
0x4b6194 GetModuleHandleA
0x4b6198 GetModuleFileNameA
0x4b619c GetLocaleInfoA
0x4b61a0 GetCommandLineA
0x4b61a4 FreeLibrary
0x4b61a8 FindFirstFileA
0x4b61ac FindClose
0x4b61b0 ExitProcess
0x4b61b4 WriteFile
0x4b61bc RtlUnwind
0x4b61c0 RaiseException
0x4b61c4 GetStdHandle
Library user32.dll:
0x4b61cc GetKeyboardType
0x4b61d0 LoadStringA
0x4b61d4 MessageBoxA
0x4b61d8 CharNextA
Library advapi32.dll:
0x4b61e0 RegQueryValueExA
0x4b61e4 RegOpenKeyExA
0x4b61e8 RegCloseKey
Library oleaut32.dll:
0x4b61f0 SysFreeString
0x4b61f4 SysReAllocStringLen
0x4b61f8 SysAllocStringLen
Library kernel32.dll:
0x4b6200 TlsSetValue
0x4b6204 TlsGetValue
0x4b6208 LocalAlloc
0x4b620c GetModuleHandleA
Library advapi32.dll:
0x4b6214 RegQueryValueExA
0x4b6218 RegOpenKeyExA
0x4b621c RegCloseKey
Library kernel32.dll:
0x4b6224 lstrcpyA
0x4b6228 WriteFile
0x4b622c WaitForSingleObject
0x4b6230 VirtualQuery
0x4b6234 VirtualProtect
0x4b6238 VirtualAlloc
0x4b623c Sleep
0x4b6240 SizeofResource
0x4b6244 SetThreadLocale
0x4b6248 SetFilePointer
0x4b624c SetEvent
0x4b6250 SetErrorMode
0x4b6254 SetEndOfFile
0x4b6258 ResetEvent
0x4b625c ReadFile
0x4b6260 MulDiv
0x4b6264 LockResource
0x4b6268 LoadResource
0x4b626c LoadLibraryA
0x4b6278 GlobalUnlock
0x4b627c GlobalReAlloc
0x4b6280 GlobalHandle
0x4b6284 GlobalLock
0x4b6288 GlobalFree
0x4b628c GlobalFindAtomA
0x4b6290 GlobalDeleteAtom
0x4b6294 GlobalAlloc
0x4b6298 GlobalAddAtomA
0x4b629c GetVersionExA
0x4b62a0 GetVersion
0x4b62a4 GetTickCount
0x4b62a8 GetThreadLocale
0x4b62ac GetSystemInfo
0x4b62b0 GetStringTypeExA
0x4b62b4 GetStdHandle
0x4b62b8 GetProcAddress
0x4b62bc GetModuleHandleA
0x4b62c0 GetModuleFileNameA
0x4b62c4 GetLocaleInfoA
0x4b62c8 GetLocalTime
0x4b62cc GetLastError
0x4b62d0 GetFullPathNameA
0x4b62d4 GetDiskFreeSpaceA
0x4b62d8 GetDateFormatA
0x4b62dc GetCurrentThreadId
0x4b62e0 GetCurrentProcessId
0x4b62e4 GetCPInfo
0x4b62e8 GetACP
0x4b62ec FreeResource
0x4b62f0 InterlockedExchange
0x4b62f4 FreeLibrary
0x4b62f8 FormatMessageA
0x4b62fc FindResourceA
0x4b6300 EnumCalendarInfoA
0x4b630c CreateThread
0x4b6310 CreateFileA
0x4b6314 CreateEventA
0x4b6318 CompareStringA
0x4b631c CloseHandle
Library version.dll:
0x4b6324 VerQueryValueA
0x4b632c GetFileVersionInfoA
Library gdi32.dll:
0x4b6334 UnrealizeObject
0x4b6338 StretchBlt
0x4b633c SetWindowOrgEx
0x4b6340 SetWinMetaFileBits
0x4b6344 SetViewportOrgEx
0x4b6348 SetTextColor
0x4b634c SetStretchBltMode
0x4b6350 SetROP2
0x4b6354 SetPixel
0x4b6358 SetEnhMetaFileBits
0x4b635c SetDIBColorTable
0x4b6360 SetBrushOrgEx
0x4b6364 SetBkMode
0x4b6368 SetBkColor
0x4b636c SelectPalette
0x4b6370 SelectObject
0x4b6374 SaveDC
0x4b6378 RestoreDC
0x4b637c Rectangle
0x4b6380 RectVisible
0x4b6384 RealizePalette
0x4b6388 PlayEnhMetaFile
0x4b638c PatBlt
0x4b6390 MoveToEx
0x4b6394 MaskBlt
0x4b6398 LineTo
0x4b639c IntersectClipRect
0x4b63a0 GetWindowOrgEx
0x4b63a4 GetWinMetaFileBits
0x4b63a8 GetTextMetricsA
0x4b63ac GetTextExtentPointA
0x4b63b8 GetStockObject
0x4b63bc GetPixel
0x4b63c0 GetPaletteEntries
0x4b63c4 GetObjectA
0x4b63d0 GetEnhMetaFileBits
0x4b63d4 GetDeviceCaps
0x4b63d8 GetDIBits
0x4b63dc GetDIBColorTable
0x4b63e0 GetDCOrgEx
0x4b63e8 GetClipBox
0x4b63ec GetBrushOrgEx
0x4b63f0 GetBitmapBits
0x4b63f4 ExcludeClipRect
0x4b63f8 DeleteObject
0x4b63fc DeleteEnhMetaFile
0x4b6400 DeleteDC
0x4b6404 CreateSolidBrush
0x4b6408 CreatePenIndirect
0x4b640c CreatePalette
0x4b6414 CreateFontIndirectA
0x4b6418 CreateDIBitmap
0x4b641c CreateDIBSection
0x4b6420 CreateCompatibleDC
0x4b6428 CreateBrushIndirect
0x4b642c CreateBitmap
0x4b6430 CopyEnhMetaFileA
0x4b6434 BitBlt
Library user32.dll:
0x4b643c CreateWindowExA
0x4b6440 WindowFromPoint
0x4b6444 WinHelpA
0x4b6448 WaitMessage
0x4b644c UpdateWindow
0x4b6450 UnregisterClassA
0x4b6454 UnhookWindowsHookEx
0x4b6458 TranslateMessage
0x4b6460 TrackPopupMenu
0x4b6468 ShowWindow
0x4b646c ShowScrollBar
0x4b6470 ShowOwnedPopups
0x4b6474 ShowCursor
0x4b6478 SetWindowsHookExA
0x4b647c SetWindowPos
0x4b6480 SetWindowPlacement
0x4b6484 SetWindowLongA
0x4b6488 SetTimer
0x4b648c SetScrollRange
0x4b6490 SetScrollPos
0x4b6494 SetScrollInfo
0x4b6498 SetRect
0x4b649c SetPropA
0x4b64a0 SetParent
0x4b64a4 SetMenuItemInfoA
0x4b64a8 SetMenu
0x4b64ac SetForegroundWindow
0x4b64b0 SetFocus
0x4b64b4 SetCursor
0x4b64b8 SetClipboardData
0x4b64bc SetClassLongA
0x4b64c0 SetCapture
0x4b64c4 SetActiveWindow
0x4b64c8 SendMessageA
0x4b64cc ScrollWindow
0x4b64d0 ScreenToClient
0x4b64d4 RemovePropA
0x4b64d8 RemoveMenu
0x4b64dc ReleaseDC
0x4b64e0 ReleaseCapture
0x4b64ec RegisterClassA
0x4b64f0 RedrawWindow
0x4b64f4 PtInRect
0x4b64f8 PostQuitMessage
0x4b64fc PostMessageA
0x4b6500 PeekMessageA
0x4b6504 OpenClipboard
0x4b6508 OffsetRect
0x4b650c OemToCharA
0x4b6510 MessageBoxA
0x4b6514 MessageBeep
0x4b6518 MapWindowPoints
0x4b651c MapVirtualKeyA
0x4b6520 LoadStringA
0x4b6524 LoadKeyboardLayoutA
0x4b6528 LoadIconA
0x4b652c LoadCursorA
0x4b6530 LoadBitmapA
0x4b6534 KillTimer
0x4b6538 IsZoomed
0x4b653c IsWindowVisible
0x4b6540 IsWindowEnabled
0x4b6544 IsWindow
0x4b6548 IsRectEmpty
0x4b654c IsIconic
0x4b6550 IsDialogMessageA
0x4b6554 IsChild
0x4b6558 InvalidateRect
0x4b655c IntersectRect
0x4b6560 InsertMenuItemA
0x4b6564 InsertMenuA
0x4b6568 InflateRect
0x4b6570 GetWindowTextA
0x4b6574 GetWindowRect
0x4b6578 GetWindowPlacement
0x4b657c GetWindowLongA
0x4b6580 GetWindowDC
0x4b6584 GetTopWindow
0x4b6588 GetSystemMetrics
0x4b658c GetSystemMenu
0x4b6590 GetSysColorBrush
0x4b6594 GetSysColor
0x4b6598 GetSubMenu
0x4b659c GetScrollRange
0x4b65a0 GetScrollPos
0x4b65a4 GetScrollInfo
0x4b65a8 GetPropA
0x4b65ac GetParent
0x4b65b0 GetWindow
0x4b65b4 GetMenuStringA
0x4b65b8 GetMenuState
0x4b65bc GetMenuItemInfoA
0x4b65c0 GetMenuItemID
0x4b65c4 GetMenuItemCount
0x4b65c8 GetMenu
0x4b65cc GetLastActivePopup
0x4b65d0 GetKeyboardState
0x4b65d8 GetKeyboardLayout
0x4b65dc GetKeyState
0x4b65e0 GetKeyNameTextA
0x4b65e4 GetIconInfo
0x4b65e8 GetForegroundWindow
0x4b65ec GetFocus
0x4b65f0 GetDlgItem
0x4b65f4 GetDesktopWindow
0x4b65f8 GetDCEx
0x4b65fc GetDC
0x4b6600 GetCursorPos
0x4b6604 GetCursor
0x4b6608 GetClipboardData
0x4b660c GetClientRect
0x4b6610 GetClassNameA
0x4b6614 GetClassInfoA
0x4b6618 GetCapture
0x4b661c GetActiveWindow
0x4b6620 FrameRect
0x4b6624 FindWindowA
0x4b6628 FillRect
0x4b662c EqualRect
0x4b6630 EnumWindows
0x4b6634 EnumThreadWindows
0x4b6638 EndPaint
0x4b663c EnableWindow
0x4b6640 EnableScrollBar
0x4b6644 EnableMenuItem
0x4b6648 EmptyClipboard
0x4b664c DrawTextA
0x4b6650 DrawMenuBar
0x4b6654 DrawIconEx
0x4b6658 DrawIcon
0x4b665c DrawFrameControl
0x4b6660 DrawEdge
0x4b6664 DispatchMessageA
0x4b6668 DestroyWindow
0x4b666c DestroyMenu
0x4b6670 DestroyIcon
0x4b6674 DestroyCursor
0x4b6678 DeleteMenu
0x4b667c DefWindowProcA
0x4b6680 DefMDIChildProcA
0x4b6684 DefFrameProcA
0x4b6688 CreatePopupMenu
0x4b668c CreateMenu
0x4b6690 CreateIcon
0x4b6694 CloseClipboard
0x4b6698 ClientToScreen
0x4b669c CheckMenuItem
0x4b66a0 CallWindowProcA
0x4b66a4 CallNextHookEx
0x4b66a8 BeginPaint
0x4b66ac CharNextA
0x4b66b0 CharLowerBuffA
0x4b66b4 CharLowerA
0x4b66b8 CharUpperBuffA
0x4b66bc CharToOemA
0x4b66c0 AdjustWindowRectEx
Library kernel32.dll:
0x4b66cc Sleep
Library oleaut32.dll:
0x4b66d4 SafeArrayPtrOfIndex
0x4b66d8 SafeArrayGetUBound
0x4b66dc SafeArrayGetLBound
0x4b66e0 SafeArrayCreate
0x4b66e4 VariantChangeType
0x4b66e8 VariantCopy
0x4b66ec VariantClear
0x4b66f0 VariantInit
Library comctl32.dll:
0x4b6700 ImageList_Write
0x4b6704 ImageList_Read
0x4b6714 ImageList_DragMove
0x4b6718 ImageList_DragLeave
0x4b671c ImageList_DragEnter
0x4b6720 ImageList_EndDrag
0x4b6724 ImageList_BeginDrag
0x4b6728 ImageList_Remove
0x4b672c ImageList_DrawEx
0x4b6730 ImageList_Replace
0x4b6734 ImageList_Draw
0x4b6744 ImageList_Add
0x4b6750 ImageList_Destroy
0x4b6754 ImageList_Create
Library comdlg32.dll:
0x4b675c GetOpenFileNameA
Library URL.DLL:
0x4b6764 InetIsOffline

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.