2.8
中危
58 个模型检测该样本为恶意!
重新分析
更多

a3714c4409ab0020bd29ac0ec2ab5600b1a14de23be9e15b9b7271b0044070da

394298eed78d455416e1e4cf0deb4802.exe

分析耗时

69s

最近分析

文件大小

614.0KB
静态报毒 动态报毒 100% AI SCORE=100 AIDETECTVM BOWYH BROWSEFOX BROWSER CONFIDENCE DAPATO EVHH FCQA GDSDA HIGH CONFIDENCE HQHGZE KCLOUD LJTY MALWARE2 MALWARE@#3K9FL6TOQQKJS MALWAREX MUW@A4DVSPOI OSZBTG7F9GW PURPLEWAVE PURQOS R002C0DH420 SCORE SUSGEN TRFC UNSAFE WZIXAULIZBN ZEXAF ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanDropper:Win32/Dapato.d6715c95 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:MalwareX-gen [Trj] 20201119 20.10.5736.0
Kingsoft Win32.Troj.Dapato.qh.(kcloud) 20201119 2017.9.26.565
McAfee PWS-FCQA!394298EED78D 20201119 6.0.6.653
Tencent Win32.Trojan-dropper.Dapato.Ljty 20201119 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
行为判定
动态指标
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619345035.539988
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619345038.117988
RegSetValueExA
key_handle: 0x0000034c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619345038.117988
RegSetValueExA
key_handle: 0x0000034c
value: `‹¦Jí9×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619345038.117988
RegSetValueExA
key_handle: 0x0000034c
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619345038.117988
RegSetValueExW
key_handle: 0x0000034c
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619345038.117988
RegSetValueExA
key_handle: 0x00000364
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619345038.117988
RegSetValueExA
key_handle: 0x00000364
value: `‹¦Jí9×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619345038.117988
RegSetValueExA
key_handle: 0x00000364
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619345038.148988
RegSetValueExW
key_handle: 0x00000348
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Zusy.310297
FireEye Generic.mg.394298eed78d4554
ALYac Spyware.PurpleWave
Cylance Unsafe
Sangfor Malware
K7AntiVirus Spyware ( 0056b3121 )
Alibaba TrojanDropper:Win32/Dapato.d6715c95
K7GW Spyware ( 0056b3121 )
Cybereason malicious.f838f4
Arcabit Trojan.Zusy.D4BC19
Invincea Mal/Generic-S
Cyren W32/Trojan.TRFC-3626
Symantec Trojan Horse
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan-PSW.Win32.Purqos.gen
BitDefender Gen:Variant.Zusy.310297
NANO-Antivirus Trojan.Win32.Dapato.hqhgze
Avast Win32:MalwareX-gen [Trj]
Rising Spyware.Agent!8.C6 (TFE:5:WZixAULIZbN)
Ad-Aware Gen:Variant.Zusy.310297
TACHYON Trojan-Spy/W32.PurpleWave.628736
Comodo Malware@#3k9fl6toqqkjs
F-Secure Trojan.TR/Spy.Agent.bowyh
DrWeb Trojan.PWS.Stealer.29214
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R002C0DH420
McAfee-GW-Edition BehavesLike.Win32.Browser.jh
Emsisoft Gen:Variant.Zusy.310297 (B)
Ikarus Trojan-Spy.PurpleWave
Jiangmin AdWare.BrowseFox.evhh
Avira TR/Spy.Agent.bowyh
eGambit Unsafe.AI_Score_99%
Antiy-AVL Trojan[Dropper]/Win32.Dapato
Kingsoft Win32.Troj.Dapato.qh.(kcloud)
Gridinsoft Spy.Win32.Keylogger.oa
Microsoft Trojan:Win32/PurpleWave.B!MTB
ZoneAlarm HEUR:Trojan-PSW.Win32.Purqos.gen
GData Gen:Variant.Zusy.310297
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.Generic.C4179708
McAfee PWS-FCQA!394298EED78D
MAX malware (ai score=100)
VBA32 TrojanDropper.Dapato
Malwarebytes Spyware.PurpleWave
ESET-NOD32 a variant of Win32/Spy.Agent.PZO
TrendMicro-HouseCall TROJ_GEN.R002C0DH420
Tencent Win32.Trojan-dropper.Dapato.Ljty
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-04 04:16:08

Imports

Library KERNEL32.dll:
0x476034 GetProcAddress
0x476038 WideCharToMultiByte
0x47603c WriteConsoleW
0x476040 HeapSize
0x476044 SetStdHandle
0x476048 GetProcessHeap
0x47604c LoadLibraryW
0x476054 GetCommandLineW
0x476058 GetCommandLineA
0x47605c GetOEMCP
0x476060 GetACP
0x476064 MultiByteToWideChar
0x476068 CloseHandle
0x47606c ReleaseMutex
0x476070 WaitForSingleObject
0x476074 CreateMutexW
0x47607c GlobalUnlock
0x476080 GetComputerNameW
0x476084 GlobalLock
0x476088 HeapReAlloc
0x47608c ReadConsoleW
0x476090 ReadFile
0x476094 GetConsoleMode
0x476098 GetConsoleCP
0x47609c FlushFileBuffers
0x4760a0 GetFileType
0x4760a4 GetFileSizeEx
0x4760a8 EnumSystemLocalesW
0x4760ac GetUserDefaultLCID
0x4760b0 IsValidLocale
0x4760b4 IsValidCodePage
0x4760b8 GetTimeFormatW
0x4760bc GetDateFormatW
0x4760c4 HeapFree
0x4760c8 HeapAlloc
0x4760cc WriteFile
0x4760d0 GetStdHandle
0x4760d4 ExitProcess
0x4760dc GetModuleHandleExW
0x4760e0 LocalFree
0x4760e4 FormatMessageA
0x4760e8 CreateFileW
0x4760ec FindClose
0x4760f0 FindFirstFileExW
0x4760f4 FindNextFileW
0x4760fc SetEndOfFile
0x476100 SetFilePointerEx
0x476104 AreFileApisANSI
0x476108 GetLastError
0x47611c GetCurrentThreadId
0x476124 Sleep
0x476128 SwitchToThread
0x47612c GetExitCodeThread
0x476138 GetStringTypeW
0x47613c SetLastError
0x476144 CreateEventW
0x476148 TlsAlloc
0x47614c TlsGetValue
0x476150 TlsSetValue
0x476154 TlsFree
0x47615c GetTickCount
0x476160 GetModuleHandleW
0x476164 EncodePointer
0x476168 DecodePointer
0x47616c CompareStringW
0x476170 LCMapStringW
0x476174 GetLocaleInfoW
0x476178 GetCPInfo
0x476184 GetCurrentProcess
0x476188 TerminateProcess
0x476190 SetEvent
0x476194 IsDebuggerPresent
0x476198 GetStartupInfoW
0x47619c GetCurrentProcessId
0x4761a0 InitializeSListHead
0x4761a4 CreateTimerQueue
0x4761a8 SignalObjectAndWait
0x4761ac CreateThread
0x4761b0 SetThreadPriority
0x4761b4 GetThreadPriority
0x4761d8 UnregisterWait
0x4761dc GetCurrentThread
0x4761e0 GetThreadTimes
0x4761e4 FreeLibrary
0x4761ec GetModuleFileNameW
0x4761f0 GetModuleHandleA
0x4761f4 LoadLibraryExW
0x4761f8 GetVersionExW
0x4761fc VirtualAlloc
0x476200 VirtualProtect
0x476204 VirtualFree
0x476208 DuplicateHandle
0x47620c ReleaseSemaphore
0x47621c QueryDepthSList
0x476220 UnregisterWaitEx
0x476224 RtlUnwind
0x476228 RaiseException
0x47622c ExitThread
Library USER32.dll:
0x476250 GetClientRect
0x476254 GetForegroundWindow
0x476258 GetDC
0x47625c GetDesktopWindow
0x476260 EnumDisplayDevicesW
0x476264 GetClipboardData
0x476268 CloseClipboard
0x47626c OpenClipboard
0x476270 MessageBoxW
Library GDI32.dll:
0x476024 SelectObject
0x476028 CreateCompatibleDC
0x47602c BitBlt
Library ADVAPI32.dll:
0x476004 RegCloseKey
0x476008 RegOpenKeyExW
0x47600c RegQueryValueExW
0x476010 GetUserNameW
Library SHELL32.dll:
0x476248 ShellExecuteW
Library ole32.dll:
0x4762b8 CoCreateInstance
0x4762bc CoInitializeEx
0x4762c8 CoUninitialize
Library OLEAUT32.dll:
0x476234 VariantClear
0x476238 SysStringLen
0x47623c SysAllocString
0x476240 SysFreeString
Library CRYPT32.dll:
0x476018 CryptUnprotectData
Library WININET.dll:
0x476278 InternetConnectW
0x476280 HttpSendRequestW
0x476284 InternetOpenW
0x476288 HttpOpenRequestW
0x47628c InternetCloseHandle
0x476290 InternetReadFile
Library gdiplus.dll:
0x47629c GdipDisposeImage
0x4762a0 GdipFree
0x4762a8 GdiplusStartup
0x4762ac GdipAlloc
0x4762b0 GdipCloneImage

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 53658 239.255.255.250 3702
192.168.56.101 53660 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.