2.6
中危
62 个模型检测该样本为恶意!
重新分析
更多

dcee7332f062683247eeb635ffea3a09c742e19bb0ea0f717b43bc1663195fd7

363b1f1af6f481e6498a1195272abe79.exe

分析耗时

75s

最近分析

文件大小

758.5KB
静态报毒 动态报毒 0NA103EM20 100% AGEN AI SCORE=100 ASTF BWNN CJAZ CLOUD CONFIDENCE DOWNLOADER33 ELDORADO FSYSNA FYNLOSKI GENCIRC GENERICRXAA HIGH CONFIDENCE HW32 MALWARE@#FDERTAETRYM4 OUTBREAK SCORE SUSPICIOUS PE TRICKBOT TSCOPE UNSAFE VM3@AGZSJ0HG XTREME ZEVBAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXAA-AA!363B1F1AF6F4 20200602 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Alibaba Backdoor:Win32/Xtreme.02f832d3 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20200602 18.4.3895.0
Kingsoft 20200602 2013.8.14.323
Tencent Malware.Win32.Gencirc.113ab464 20200602 1.0.0.1
静态指标
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name CUSTOM
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619345036.330241
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636704
registers.edi: 8681104
registers.eax: 1636704
registers.ebp: 1636784
registers.edx: 0
registers.ebx: 8681104
registers.esi: 8681104
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619345036.393241
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636792
registers.edi: 1636980
registers.eax: 1636792
registers.ebp: 1636872
registers.edx: 0
registers.ebx: 8681104
registers.esi: 1636980
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1619345035.737241
NtProtectVirtualMemory
process_identifier: 2128
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 24576
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffff
base_address: 0x00360000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 62 AntiVirus engines on VirusTotal as malicious (50 out of 62 个事件)
Bkav HW32.Packed.
MicroWorld-eScan Trojan.Crypt.Gen.1
CAT-QuickHeal Backdoor.Xtreme
McAfee GenericRXAA-AA!363B1F1AF6F4
Malwarebytes Trojan.MalPack
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Backdoor:Win32/Xtreme.02f832d3
K7GW Trojan ( 0055e3991 )
K7AntiVirus Trojan ( 0055e3991 )
Arcabit Trojan.Crypt.Gen.1
Invincea heuristic
Cyren W32/Agent.AKA.gen!Eldorado
Symantec Trojan Horse
ESET-NOD32 Win32/Injector.BWNN
APEX Malicious
Paloalto generic.ml
ClamAV Win.Packed.Fsysna-7640003-0
GData Trojan.Crypt.Gen.1
Kaspersky Backdoor.Win32.Xtreme.astf
BitDefender Trojan.Crypt.Gen.1
ViRobot Trojan.Win32.Z.Fsysna.776721
Avast Win32:Malware-gen
Rising Backdoor.Fynloski!8.1FD (CLOUD)
Ad-Aware Trojan.Crypt.Gen.1
Sophos Mal/Trickbot-E
Comodo Malware@#fdertaetrym4
F-Secure Heuristic.HEUR/AGEN.1108719
DrWeb Trojan.DownLoader33.23792
Zillya Trojan.Fsysna.Win32.3427
TrendMicro TROJ_FRS.0NA103EM20
McAfee-GW-Edition BehavesLike.Win32.Generic.bc
Trapmine suspicious.low.ml.score
FireEye Generic.mg.363b1f1af6f481e6
Emsisoft Trojan.Crypt.Gen.1 (B)
SentinelOne DFI - Suspicious PE
F-Prot W32/Agent.AKA.gen!Eldorado
Jiangmin Trojan/Fsysna.aol
Avira HEUR/AGEN.1108719
eGambit Unsafe.AI_Score_99%
Antiy-AVL Trojan/Win32.Fsysna
Microsoft Trojan:Win32/Trickbot!MSR
Endgame malicious (high confidence)
AegisLab Trojan.Win32.Xtreme.m!c
ZoneAlarm Backdoor.Win32.Xtreme.astf
TACHYON Backdoor/W32.VB-Xtreme.776721
Acronis suspicious
ALYac Trojan.Crypt.Gen.1
MAX malware (ai score=100)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2014-05-04 01:35:40

Imports

Library *invalid*:
0x401004 __vbaVarSub
0x401008 __vbaR8ForNextCheck
0x40100c _CIcos
0x401010 _adj_fptan
0x401014 __vbaStrI4
0x401018 __vbaVarMove
0x40101c __vbaFreeVar
0x401020 __vbaAryMove
0x401024 __vbaStrVarMove
0x401028 __vbaLenBstr
0x40102c __vbaFreeVarList
0x401030 _adj_fdiv_m64
0x401034 EVENT_SINK_Invoke
0x401038 __vbaRaiseEvent
0x40103c __vbaFreeObjList
0x401040
0x401044 _adj_fprem1
0x401048 __vbaResume
0x40104c __vbaCopyBytes
0x401050 __vbaStrCat
0x401054 __vbaStrDate
0x401058 __vbaSetSystemError
0x401060 _adj_fdiv_m32
0x401064 __vbaAryVar
0x401068 Zombie_GetTypeInfo
0x40106c __vbaAryDestruct
0x401070 __vbaExitProc
0x401074
0x401078 __vbaObjSet
0x40107c __vbaOnError
0x401080 _adj_fdiv_m16i
0x401084
0x401088 __vbaObjSetAddref
0x40108c _adj_fdivr_m16i
0x401090
0x401094
0x401098 _CIsin
0x40109c
0x4010a0
0x4010a4
0x4010a8 __vbaChkstk
0x4010ac
0x4010b0 __vbaFileClose
0x4010b4 EVENT_SINK_AddRef
0x4010bc __vbaStrCmp
0x4010c0 __vbaGet3
0x4010c4 __vbaAryConstruct2
0x4010c8 __vbaI2I4
0x4010cc DllFunctionCall
0x4010d0 __vbaLbound
0x4010d4 __vbaRedimPreserve
0x4010d8 _adj_fpatan
0x4010e0 __vbaRedim
0x4010e4 __vbaUI1ErrVar
0x4010e8 EVENT_SINK_Release
0x4010ec __vbaUI1I2
0x4010f0 _CIsqrt
0x4010f4 __vbaObjIs
0x4010fc __vbaExceptHandler
0x401100
0x401104 __vbaStrToUnicode
0x401108
0x40110c _adj_fprem
0x401110 _adj_fdivr_m64
0x401114 __vbaFailedFriend
0x401118 __vbaI2Str
0x40111c
0x401120
0x401124 __vbaFPException
0x401128
0x40112c
0x401130 __vbaUbound
0x401134 __vbaStrVarVal
0x401138 __vbaVarCat
0x40113c __vbaDateVar
0x401140 __vbaI2Var
0x401144
0x401148
0x40114c
0x401150 _CIlog
0x401154
0x401158 __vbaErrorOverflow
0x40115c __vbaFileOpen
0x401160 __vbaNew2
0x401164 __vbaVar2Vec
0x401168 _adj_fdiv_m32i
0x40116c
0x401170 _adj_fdivr_m32i
0x401174 __vbaStrCopy
0x401178
0x40117c __vbaFreeStrList
0x401180 _adj_fdivr_m32
0x401184 _adj_fdiv_r
0x401188
0x40118c
0x401190
0x401194 __vbaI4Var
0x401198 __vbaVarAdd
0x40119c __vbaAryLock
0x4011a0
0x4011a4 __vbaStrComp
0x4011a8 __vbaStrToAnsi
0x4011ac __vbaVarDup
0x4011b0
0x4011b4 __vbaVarMod
0x4011b8
0x4011bc __vbaFpI4
0x4011c0 __vbaVarCopy
0x4011c4 _CIatan
0x4011c8
0x4011cc __vbaCastObj
0x4011d0 __vbaStrMove
0x4011d4 __vbaAryCopy
0x4011d8 __vbaR8IntI4
0x4011dc _allmul
0x4011e0 _CItan
0x4011e4 __vbaAryUnlock
0x4011e8 _CIexp
0x4011ec __vbaMidStmtBstr
0x4011f0 __vbaFreeStr
0x4011f4 __vbaFreeObj
0x4011f8

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 53658 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 60124 239.255.255.250 3702
192.168.56.101 62194 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.