3.8
中危
65 个模型检测该样本为恶意!
重新分析
更多

7685aab143941905ea25bf1cc8e1532f09a30c7f40cc13607add0a88d118d342

3a9fb6c1110a618b54e17f771819e0c3.exe

分析耗时

21s

最近分析

文件大小

2.8MB
静态报毒 动态报毒 100% ABZF AI SCORE=86 BOUEM CLOUD CONFIDENCE FLHACN GEN1 GENERICKD GOSYS HIGH HIGH CONFIDENCE HLLP HXGB MALICIOUS PE MOFKSYS P2PWORM PERSISTANCE PWYM QOTY@4QFD0G R1452 SCORE SHMFXW SWISB SWISYN TNEGA TNRH TROJAN2 TSCOPE UEJO UNSAFE VBGENERIC WATERMARKHQC WO3@A4ZR1TCI XJGJ ZEVBAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Baidu Win32.Worm.VB.b 20190318 1.0.0.2
Avast Win32:VB-OJQ [Wrm] 20200407 18.4.3895.0
Alibaba Trojan:Win32/Mofksys.cd0a506b 20190527 0.3.0.5
Kingsoft 20200408 2013.8.14.323
McAfee W32/Swisyn.b 20200408 6.0.6.653
Tencent Trojan.Win32.Agent.ade 20200408 1.0.0.1
静态指标
One or more processes crashed (50 out of 663 个事件)
Time & API Arguments Status Return Repeated
1620726220.686167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1635976
registers.edi: 4945560
registers.eax: 1635976
registers.ebp: 1636056
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.842167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636028
registers.edi: 4945560
registers.eax: 1636028
registers.ebp: 1636108
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.842167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636036
registers.edi: 4945560
registers.eax: 1636036
registers.ebp: 1636116
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.842167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636028
registers.edi: 4945560
registers.eax: 1636028
registers.ebp: 1636108
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.842167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.857167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.857167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.857167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.857167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.873167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.873167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.873167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.873167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.873167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.873167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.889167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.889167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.889167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.889167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.904167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.904167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.904167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.904167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.904167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.904167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.904167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.920167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.920167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.920167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.920167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.936167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.936167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.967167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.967167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.967167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.982167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.998167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.998167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.998167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.998167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726220.998167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726221.014167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726221.014167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726221.014167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726221.029167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726221.029167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726221.045167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726221.061167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726221.061167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620726221.076167
__exception__
stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

registers.esp: 1636244
registers.edi: 4945560
registers.eax: 1636244
registers.ebp: 1636324
registers.edx: 0
registers.ebx: 4945560
registers.esi: 4945560
registers.ecx: 2
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\.exe
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1620726219.217167
NtProtectVirtualMemory
process_identifier: 2536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 24576
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffff
base_address: 0x00440000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Creates an executable file in a user folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\.exe
File has been identified by 65 AntiVirus engines on VirusTotal as malicious (50 out of 65 个事件)
Bkav W32.WatermarkHQc.PE
MicroWorld-eScan Trojan.GenericKD.31991482
FireEye Generic.mg.3a9fb6c1110a618b
CAT-QuickHeal W32.Mofksys.A4
ALYac Trojan.GenericKD.31991482
Malwarebytes Trojan.Dropper
VIPRE Trojan.Win32.Agent.abzf (v)
AegisLab Trojan.Win32.Agent.tnrh
Sangfor Malware
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Trojan.GenericKD.31991482
K7GW P2PWorm ( 00526bf61 )
K7AntiVirus P2PWorm ( 00526bf61 )
TrendMicro PE_SWISB.A
BitDefenderTheta Gen:NN.ZevbaF.34106.Wo3@a4zr1tci
Cyren W32/Trojan.UEJO-9077
Symantec W32.Gosys!gen1
TotalDefense Win32/Tnega.SHMfXW
Baidu Win32.Worm.VB.b
TrendMicro-HouseCall PE_SWISB.A
Avast Win32:VB-OJQ [Wrm]
ClamAV Win.Trojan.VBGeneric-6735875-0
GData Trojan.GenericKD.31991482
Kaspersky Trojan.Win32.Agent.xjgj
Alibaba Trojan:Win32/Mofksys.cd0a506b
NANO-Antivirus Trojan.Win32.Swisyn.flhacn
Rising Trojan.Agent!1.6A70 (CLOUD)
Ad-Aware Trojan.GenericKD.31991482
Sophos Troj/Agent-ABZF
Comodo TrojWare.Win32.VB.QOTY@4qfd0g
F-Secure Worm.WORM/Mofksys.bouem
DrWeb Win32.HLLP.Swisyn
Zillya Virus.HLLP.Win32.1
Invincea heuristic
McAfee-GW-Edition BehavesLike.Win32.Swisyn.vh
Trapmine malicious.high.ml.score
CMC Trojan.Win32.Agent!O
Emsisoft Trojan.GenericKD.31991482 (B)
APEX Malicious
F-Prot W32/Trojan2.PWYM
Jiangmin Trojan/Agent.hxgb
Webroot W32.Malware.Gen
MAX malware (ai score=86)
Antiy-AVL Trojan/Win32.Agent
Endgame malicious (high confidence)
Arcabit Trojan.Generic.D1E826BA
ZoneAlarm Trojan.Win32.Agent.xjgj
Microsoft Worm:Win32/Mofksys.B
AhnLab-V3 Trojan/Win32.Swisyn.R1452
Acronis suspicious
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2013-04-01 15:08:22

Imports

Library MSVBVM60.DLL:
0x401004
0x401008 _CIcos
0x40100c _adj_fptan
0x401010 __vbaStrI4
0x401014 __vbaVarVargNofree
0x401018 __vbaFreeVar
0x40101c __vbaLenBstr
0x401020 __vbaLateIdCall
0x401024 __vbaPut3
0x401028 __vbaEnd
0x40102c __vbaFreeVarList
0x401030 _adj_fdiv_m64
0x401034 EVENT_SINK_Invoke
0x401038 __vbaRaiseEvent
0x40103c __vbaFreeObjList
0x401040
0x401044 __vbaStrErrVarCopy
0x401048
0x40104c _adj_fprem1
0x401050 __vbaRecAnsiToUni
0x401054
0x401058 __vbaCopyBytes
0x40105c __vbaStrCat
0x401060 __vbaLsetFixstr
0x401064 __vbaRecDestruct
0x401068 __vbaSetSystemError
0x40106c
0x401074 __vbaNameFile
0x401078 _adj_fdiv_m32
0x40107c Zombie_GetTypeInfo
0x401080 __vbaAryDestruct
0x401084
0x401088
0x40108c __vbaExitProc
0x401090
0x401094 __vbaOnError
0x401098 __vbaObjSet
0x40109c _adj_fdiv_m16i
0x4010a0 __vbaObjSetAddref
0x4010a4 _adj_fdivr_m16i
0x4010a8
0x4010ac __vbaFpR4
0x4010b0
0x4010b4 __vbaStrFixstr
0x4010b8 _CIsin
0x4010bc
0x4010c0
0x4010c4
0x4010c8 __vbaChkstk
0x4010cc __vbaFileClose
0x4010d0 EVENT_SINK_AddRef
0x4010d8 __vbaGet3
0x4010dc __vbaStrCmp
0x4010e0
0x4010e4 __vbaGet4
0x4010e8 __vbaPutOwner3
0x4010ec __vbaAryConstruct2
0x4010f0 __vbaVarTstEq
0x4010f4 __vbaI2I4
0x4010f8 DllFunctionCall
0x4010fc __vbaFpUI1
0x401100 __vbaRedimPreserve
0x401104 __vbaStrR4
0x401108 _adj_fpatan
0x40110c __vbaLateIdCallLd
0x401114 __vbaRedim
0x401118 __vbaRecUniToAnsi
0x40111c EVENT_SINK_Release
0x401120 __vbaNew
0x401124
0x401128 __vbaUI1I2
0x40112c _CIsqrt
0x401134 __vbaExceptHandler
0x401138
0x40113c __vbaStrToUnicode
0x401140
0x401144 _adj_fprem
0x401148 _adj_fdivr_m64
0x40114c
0x401150
0x401154 __vbaFPException
0x401158
0x40115c __vbaGetOwner3
0x401160 __vbaUbound
0x401164
0x401168 __vbaFileSeek
0x40116c
0x401170 _CIlog
0x401174 __vbaErrorOverflow
0x401178 __vbaFileOpen
0x40117c
0x401180
0x401184 __vbaNew2
0x401188 __vbaInStr
0x40118c _adj_fdiv_m32i
0x401190
0x401194 _adj_fdivr_m32i
0x401198 __vbaStrCopy
0x40119c __vbaI4Str
0x4011a0 __vbaFreeStrList
0x4011a4 _adj_fdivr_m32
0x4011a8 _adj_fdiv_r
0x4011ac
0x4011b0 __vbaI4Var
0x4011b4
0x4011b8 __vbaAryLock
0x4011bc __vbaVarAdd
0x4011c0
0x4011c4
0x4011c8 __vbaVarDup
0x4011cc __vbaStrToAnsi
0x4011d0
0x4011d4 __vbaFpI2
0x4011d8 __vbaFpI4
0x4011dc
0x4011e0 __vbaLateMemCallLd
0x4011e4 _CIatan
0x4011e8 __vbaStrMove
0x4011ec
0x4011f0 __vbaCastObj
0x4011f4 __vbaR8IntI4
0x4011f8
0x4011fc _allmul
0x401200 _CItan
0x401204 __vbaAryUnlock
0x401208 _CIexp
0x40120c __vbaFreeObj
0x401210 __vbaFreeStr
0x401214
0x401218

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49238 239.255.255.250 1900
192.168.56.101 53658 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.