5.4
中危
61 个模型检测该样本为恶意!
重新分析
更多

a028ee49783ddfa7f902f0b959962e06c9b2111122e5cabea89c810afddc51d4

33bf1e584feaf5aa2713479856bf3490.exe

分析耗时

81s

最近分析

文件大小

569.5KB
静态报毒 动态报毒 100% AGENSLA AI SCORE=89 AIDETECTVM ATTRIBUTE BSCOPE BULZ BUMZFV CONFIDENCE DELF ELDORADO ENDV FAREIT GDSDA GENCIRC HIGH CONFIDENCE HIGHCONFIDENCE HTMAID IGENERIC IGENT INVALIDSIG KCLOUD KTSE MALWARE1 MALWARE@#1S09R8LP46ZVT R349910 REMCOS REMCOSCRYPT SCORE STATIC AI SUSPICIOUS PE UNSAFE USXVPI220 ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Backdoor:Win32/Remcos.52c6e39e 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20210127 21.1.5827.0
Tencent Malware.Win32.Gencirc.11ae48bc 20210127 1.0.0.1
Kingsoft Win32.Hack.Undef.(kcloud) 20210127 2017.9.26.565
McAfee Fareit-FZJ!33BF1E584FEA 20210127 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20210106 1.0
静态指标
This executable is signed
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619368635.037626
__exception__
stacktrace: 
33bf1e584feaf5aa2713479856bf3490+0x66a62 @ 0x466a62
33bf1e584feaf5aa2713479856bf3490+0x66a95 @ 0x466a95
33bf1e584feaf5aa2713479856bf3490+0x669b2 @ 0x4669b2
33bf1e584feaf5aa2713479856bf3490+0xf7b0 @ 0x40f7b0
33bf1e584feaf5aa2713479856bf3490+0x67e94 @ 0x467e94
33bf1e584feaf5aa2713479856bf3490+0x687f8 @ 0x4687f8
33bf1e584feaf5aa2713479856bf3490+0x1e4ba @ 0x41e4ba
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x775a7bca
33bf1e584feaf5aa2713479856bf3490+0x58714 @ 0x458714
33bf1e584feaf5aa2713479856bf3490+0x68ab3 @ 0x468ab3
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1635364
registers.edi: 0
registers.eax: 1635364
registers.ebp: 1635444
registers.edx: 0
registers.ebx: 1637120
registers.esi: 4803912
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619368588.021626
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00590000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Disables proxy possibly for traffic interception (1 个事件)
Time & API Arguments Status Return Repeated
1619368605.677626
RegSetValueExA
key_handle: 0x000002a0
value: 0
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
success 0 0
Generates some ICMP traffic
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 202.160.128.16:443
File has been identified by 61 AntiVirus engines on VirusTotal as malicious (50 out of 61 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Zusy.314676
FireEye Generic.mg.33bf1e584feaf5aa
CAT-QuickHeal Trojan.IGENERIC
Qihoo-360 Generic/Trojan.74e
ALYac Gen:Variant.Zusy.314676
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 0056d87f1 )
Alibaba Backdoor:Win32/Remcos.52c6e39e
K7GW Trojan ( 0056d87f1 )
Cybereason malicious.84feaf
Arcabit Trojan.Zusy.D4CD34
Cyren W32/Bulz.C.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Malware-gen
Kaspersky HEUR:Backdoor.Win32.Remcos.gen
BitDefender Gen:Variant.Zusy.314676
NANO-Antivirus Trojan.Win32.Remcos.htmaid
Paloalto generic.ml
AegisLab Trojan.Win32.Remcos.m!c
Tencent Malware.Win32.Gencirc.11ae48bc
Ad-Aware Gen:Variant.Zusy.314676
Sophos Mal/Generic-S
Comodo Malware@#1s09r8lp46zvt
F-Secure Trojan.TR/Agent.ash
DrWeb BackDoor.Remcos.295
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.MSIL.AGENSLA.USXVPI220
McAfee-GW-Edition Fareit-FZJ!33BF1E584FEA
Emsisoft Gen:Variant.Zusy.314676 (B)
SentinelOne Static AI - Suspicious PE
Jiangmin Backdoor.Remcos.cdu
Webroot W32.Trojan.Gen
Avira TR/Agent.ash
Antiy-AVL Trojan[Backdoor]/Win32.Remcos
Kingsoft Win32.Hack.Undef.(kcloud)
Gridinsoft Trojan.Win32.Agent.oa
Microsoft Trojan:Win32/RemcosCrypt.ACH!MTB
ZoneAlarm HEUR:Backdoor.Win32.Remcos.gen
GData Win32.Trojan-Downloader.Delf.W
Cynet Malicious (score: 100)
AhnLab-V3 Downloader/Win32.Agent.R349910
McAfee Fareit-FZJ!33BF1E584FEA
MAX malware (ai score=89)
VBA32 BScope.Backdoor.Remcos
Malwarebytes Trojan.Downloader
Zoner Trojan.Win32.92441
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x46c1a0 VirtualFree
0x46c1a4 VirtualAlloc
0x46c1a8 LocalFree
0x46c1ac LocalAlloc
0x46c1b0 GetTickCount
0x46c1b8 GetVersion
0x46c1bc GetCurrentThreadId
0x46c1c8 VirtualQuery
0x46c1cc WideCharToMultiByte
0x46c1d0 MultiByteToWideChar
0x46c1d4 lstrlenA
0x46c1d8 lstrcpynA
0x46c1dc LoadLibraryExA
0x46c1e0 GetThreadLocale
0x46c1e4 GetStartupInfoA
0x46c1e8 GetProcAddress
0x46c1ec GetModuleHandleA
0x46c1f0 GetModuleFileNameA
0x46c1f4 GetLocaleInfoA
0x46c1f8 GetCommandLineA
0x46c1fc FreeLibrary
0x46c200 FindFirstFileA
0x46c204 FindClose
0x46c208 ExitProcess
0x46c20c WriteFile
0x46c214 RtlUnwind
0x46c218 RaiseException
0x46c21c GetStdHandle
Library user32.dll:
0x46c224 GetKeyboardType
0x46c228 LoadStringA
0x46c22c MessageBoxA
0x46c230 CharNextA
Library advapi32.dll:
0x46c238 RegQueryValueExA
0x46c23c RegOpenKeyExA
0x46c240 RegCloseKey
Library oleaut32.dll:
0x46c248 SysFreeString
0x46c24c SysReAllocStringLen
0x46c250 SysAllocStringLen
Library kernel32.dll:
0x46c258 TlsSetValue
0x46c25c TlsGetValue
0x46c260 LocalAlloc
0x46c264 GetModuleHandleA
Library advapi32.dll:
0x46c26c RegQueryValueExA
0x46c270 RegOpenKeyExA
0x46c274 RegCloseKey
Library kernel32.dll:
0x46c27c lstrcpyA
0x46c280 lstrcmpiA
0x46c284 WriteFile
0x46c288 WaitForSingleObject
0x46c28c VirtualQuery
0x46c290 VirtualProtect
0x46c294 VirtualAlloc
0x46c298 Sleep
0x46c29c SizeofResource
0x46c2a0 SetThreadLocale
0x46c2a4 SetFilePointer
0x46c2a8 SetEvent
0x46c2ac SetErrorMode
0x46c2b0 SetEndOfFile
0x46c2b4 ResetEvent
0x46c2b8 ReadFile
0x46c2bc MultiByteToWideChar
0x46c2c0 MulDiv
0x46c2c4 LockResource
0x46c2c8 LoadResource
0x46c2cc LoadLibraryA
0x46c2d8 GlobalUnlock
0x46c2dc GlobalReAlloc
0x46c2e0 GlobalHandle
0x46c2e4 GlobalLock
0x46c2e8 GlobalFree
0x46c2ec GlobalFindAtomA
0x46c2f0 GlobalDeleteAtom
0x46c2f4 GlobalAlloc
0x46c2f8 GlobalAddAtomA
0x46c2fc GetVersionExA
0x46c300 GetVersion
0x46c304 GetTickCount
0x46c308 GetThreadLocale
0x46c30c GetSystemInfo
0x46c310 GetStringTypeExA
0x46c314 GetStdHandle
0x46c318 GetProcAddress
0x46c31c GetModuleHandleA
0x46c320 GetModuleFileNameA
0x46c324 GetLocaleInfoA
0x46c328 GetLocalTime
0x46c32c GetLastError
0x46c330 GetFullPathNameA
0x46c334 GetDiskFreeSpaceA
0x46c338 GetDateFormatA
0x46c33c GetCurrentThreadId
0x46c340 GetCurrentProcessId
0x46c344 GetCPInfo
0x46c348 GetACP
0x46c34c FreeResource
0x46c350 InterlockedExchange
0x46c354 FreeLibrary
0x46c358 FormatMessageA
0x46c35c FindResourceA
0x46c360 FindFirstFileA
0x46c364 FindClose
0x46c370 ExitProcess
0x46c374 EnumCalendarInfoA
0x46c380 CreateThread
0x46c384 CreateFileA
0x46c388 CreateEventA
0x46c38c CompareStringA
0x46c390 CloseHandle
Library version.dll:
0x46c398 VerQueryValueA
0x46c3a0 GetFileVersionInfoA
Library gdi32.dll:
0x46c3a8 UnrealizeObject
0x46c3ac StretchBlt
0x46c3b0 SetWindowOrgEx
0x46c3b4 SetWindowExtEx
0x46c3b8 SetWinMetaFileBits
0x46c3bc SetViewportOrgEx
0x46c3c0 SetViewportExtEx
0x46c3c4 SetTextColor
0x46c3c8 SetStretchBltMode
0x46c3cc SetROP2
0x46c3d0 SetPixel
0x46c3d4 SetMapMode
0x46c3d8 SetEnhMetaFileBits
0x46c3dc SetDIBColorTable
0x46c3e0 SetBrushOrgEx
0x46c3e4 SetBkMode
0x46c3e8 SetBkColor
0x46c3ec SelectPalette
0x46c3f0 SelectObject
0x46c3f4 SaveDC
0x46c3f8 RestoreDC
0x46c3fc Rectangle
0x46c400 RectVisible
0x46c404 RealizePalette
0x46c408 Polyline
0x46c40c PolyPolyline
0x46c410 PlayEnhMetaFile
0x46c414 PatBlt
0x46c418 MoveToEx
0x46c41c MaskBlt
0x46c420 LineTo
0x46c424 IntersectClipRect
0x46c428 GetWindowOrgEx
0x46c42c GetWinMetaFileBits
0x46c430 GetTextMetricsA
0x46c43c GetStockObject
0x46c440 GetPixel
0x46c444 GetPaletteEntries
0x46c448 GetObjectA
0x46c44c GetMapMode
0x46c450 GetGraphicsMode
0x46c45c GetEnhMetaFileBits
0x46c460 GetDeviceCaps
0x46c464 GetDIBits
0x46c468 GetDIBColorTable
0x46c46c GetDCOrgEx
0x46c474 GetClipBox
0x46c478 GetBrushOrgEx
0x46c47c GetBkMode
0x46c480 GetBitmapBits
0x46c484 ExtTextOutA
0x46c488 ExtCreatePen
0x46c48c ExcludeClipRect
0x46c490 DeleteObject
0x46c494 DeleteEnhMetaFile
0x46c498 DeleteDC
0x46c49c CreateSolidBrush
0x46c4a0 CreatePenIndirect
0x46c4a4 CreatePalette
0x46c4ac CreateFontIndirectA
0x46c4b0 CreateDIBitmap
0x46c4b4 CreateDIBSection
0x46c4b8 CreateCompatibleDC
0x46c4c0 CreateBrushIndirect
0x46c4c4 CreateBitmap
0x46c4c8 CopyEnhMetaFileA
0x46c4cc BitBlt
Library user32.dll:
0x46c4d4 CreateWindowExA
0x46c4d8 WindowFromPoint
0x46c4dc WinHelpA
0x46c4e0 WaitMessage
0x46c4e4 ValidateRect
0x46c4e8 UpdateWindow
0x46c4ec UnregisterClassA
0x46c4f0 UnionRect
0x46c4f4 UnhookWindowsHookEx
0x46c4f8 TranslateMessage
0x46c500 TrackPopupMenu
0x46c508 ShowWindow
0x46c50c ShowScrollBar
0x46c510 ShowOwnedPopups
0x46c514 ShowCursor
0x46c518 SetWindowsHookExA
0x46c51c SetWindowTextA
0x46c520 SetWindowPos
0x46c524 SetWindowPlacement
0x46c528 SetWindowLongA
0x46c52c SetTimer
0x46c530 SetScrollRange
0x46c534 SetScrollPos
0x46c538 SetScrollInfo
0x46c53c SetRect
0x46c540 SetPropA
0x46c544 SetParent
0x46c548 SetMenuItemInfoA
0x46c54c SetMenu
0x46c550 SetKeyboardState
0x46c554 SetForegroundWindow
0x46c558 SetFocus
0x46c55c SetCursor
0x46c560 SetClipboardData
0x46c564 SetClassLongA
0x46c568 SetCapture
0x46c56c SetActiveWindow
0x46c570 SendMessageA
0x46c574 ScrollWindowEx
0x46c578 ScrollWindow
0x46c57c ScreenToClient
0x46c580 RemovePropA
0x46c584 RemoveMenu
0x46c588 ReleaseDC
0x46c58c ReleaseCapture
0x46c598 RegisterClassA
0x46c59c RedrawWindow
0x46c5a0 PtInRect
0x46c5a4 PostQuitMessage
0x46c5a8 PostMessageA
0x46c5ac PeekMessageA
0x46c5b0 OpenClipboard
0x46c5b4 OffsetRect
0x46c5b8 OemToCharA
0x46c5bc MessageBoxA
0x46c5c0 MessageBeep
0x46c5c4 MapWindowPoints
0x46c5c8 MapVirtualKeyA
0x46c5cc LoadStringA
0x46c5d0 LoadKeyboardLayoutA
0x46c5d4 LoadIconA
0x46c5d8 LoadCursorA
0x46c5dc LoadBitmapA
0x46c5e0 KillTimer
0x46c5e4 IsZoomed
0x46c5e8 IsWindowVisible
0x46c5ec IsWindowEnabled
0x46c5f0 IsWindow
0x46c5f4 IsRectEmpty
0x46c5f8 IsIconic
0x46c5fc IsDialogMessageA
0x46c600 IsChild
0x46c604 IsCharAlphaNumericA
0x46c608 IsCharAlphaA
0x46c60c InvalidateRect
0x46c610 IntersectRect
0x46c614 InsertMenuItemA
0x46c618 InsertMenuA
0x46c61c InflateRect
0x46c624 GetWindowTextA
0x46c628 GetWindowRect
0x46c62c GetWindowPlacement
0x46c630 GetWindowLongA
0x46c634 GetWindowDC
0x46c638 GetTopWindow
0x46c63c GetSystemMetrics
0x46c640 GetSystemMenu
0x46c644 GetSysColorBrush
0x46c648 GetSysColor
0x46c64c GetSubMenu
0x46c650 GetScrollRange
0x46c654 GetScrollPos
0x46c658 GetScrollInfo
0x46c65c GetPropA
0x46c660 GetParent
0x46c664 GetWindow
0x46c668 GetMessageTime
0x46c66c GetMenuStringA
0x46c670 GetMenuState
0x46c674 GetMenuItemInfoA
0x46c678 GetMenuItemID
0x46c67c GetMenuItemCount
0x46c680 GetMenu
0x46c684 GetLastActivePopup
0x46c688 GetKeyboardState
0x46c690 GetKeyboardLayout
0x46c694 GetKeyState
0x46c698 GetKeyNameTextA
0x46c69c GetIconInfo
0x46c6a0 GetForegroundWindow
0x46c6a4 GetFocus
0x46c6a8 GetDoubleClickTime
0x46c6ac GetDlgItem
0x46c6b0 GetDesktopWindow
0x46c6b4 GetDCEx
0x46c6b8 GetDC
0x46c6bc GetCursorPos
0x46c6c0 GetCursor
0x46c6c4 GetClipboardData
0x46c6c8 GetClientRect
0x46c6cc GetClassNameA
0x46c6d0 GetClassInfoA
0x46c6d4 GetCaretPos
0x46c6d8 GetCapture
0x46c6dc GetActiveWindow
0x46c6e0 FrameRect
0x46c6e4 FindWindowA
0x46c6e8 FillRect
0x46c6ec EqualRect
0x46c6f0 EnumWindows
0x46c6f4 EnumThreadWindows
0x46c6fc EndPaint
0x46c700 EnableWindow
0x46c704 EnableScrollBar
0x46c708 EnableMenuItem
0x46c70c EmptyClipboard
0x46c710 DrawTextA
0x46c714 DrawMenuBar
0x46c718 DrawIconEx
0x46c71c DrawIcon
0x46c720 DrawFrameControl
0x46c724 DrawFocusRect
0x46c728 DrawEdge
0x46c72c DispatchMessageA
0x46c730 DestroyWindow
0x46c734 DestroyMenu
0x46c738 DestroyIcon
0x46c73c DestroyCursor
0x46c740 DeleteMenu
0x46c744 DefWindowProcA
0x46c748 DefMDIChildProcA
0x46c74c DefFrameProcA
0x46c750 CreatePopupMenu
0x46c754 CreateMenu
0x46c758 CreateIcon
0x46c75c CloseClipboard
0x46c760 ClientToScreen
0x46c764 CheckMenuItem
0x46c768 CallWindowProcA
0x46c76c CallNextHookEx
0x46c770 BeginPaint
0x46c774 CharNextA
0x46c778 CharLowerBuffA
0x46c77c CharLowerA
0x46c780 CharUpperBuffA
0x46c784 CharToOemA
0x46c788 AdjustWindowRectEx
Library kernel32.dll:
0x46c794 Sleep
Library oleaut32.dll:
0x46c79c SafeArrayPtrOfIndex
0x46c7a0 SafeArrayGetUBound
0x46c7a4 SafeArrayGetLBound
0x46c7a8 SafeArrayCreate
0x46c7ac VariantChangeType
0x46c7b0 VariantCopy
0x46c7b4 VariantClear
0x46c7b8 VariantInit
Library ole32.dll:
0x46c7c0 CLSIDFromProgID
0x46c7c4 CoCreateInstance
0x46c7c8 CoUninitialize
0x46c7cc CoInitialize
Library oleaut32.dll:
0x46c7d4 GetErrorInfo
0x46c7d8 SysFreeString
Library comctl32.dll:
0x46c7e8 ImageList_Write
0x46c7ec ImageList_Read
0x46c7fc ImageList_DragMove
0x46c800 ImageList_DragLeave
0x46c804 ImageList_DragEnter
0x46c808 ImageList_EndDrag
0x46c80c ImageList_BeginDrag
0x46c810 ImageList_Remove
0x46c814 ImageList_DrawEx
0x46c818 ImageList_Draw
0x46c828 ImageList_Add
0x46c834 ImageList_Destroy
0x46c838 ImageList_Create
Library wininet.dll:
Library comdlg32.dll:
0x46c848 GetSaveFileNameA
0x46c84c GetOpenFileNameA
Library kernel32.dll:
0x46c854 MulDiv
Library advapi32.dll:
0x46c85c QueryServiceStatus
0x46c860 OpenServiceA
0x46c864 OpenSCManagerA
0x46c868 CloseServiceHandle

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.