2.8
中危
8 个模型检测该样本为恶意!
重新分析
更多

bd707d2a7c008ae252b882c0f24c8445a81715fcccbd630315ca2714da5354d7

3efa550ac7f0ceb0563951a8c9524408.exe

分析耗时

81s

最近分析

文件大小

866.8KB
静态报毒 动态报毒 BSCOPE CONFIDENCE SUSGEN SUSPICIOUS PE UPATRE
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Kingsoft 20201009 2013.8.14.323
McAfee 20201009 6.0.6.653
静态指标
This executable has a PDB path (1 个事件)
pdb_path c:\devel\Ark6\bin\bdzsfx.pdb
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620948139.978
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00280000
success 0 0
Foreign language identified in PE resource (2 个事件)
name RT_GROUP_ICON language LANG_KOREAN offset 0x00039840 filetype data sublanguage SUBLANG_KOREAN size 0x00000022
name RT_GROUP_ICON language LANG_KOREAN offset 0x00039840 filetype data sublanguage SUBLANG_KOREAN size 0x00000022
File has been identified by 8 AntiVirus engines on VirusTotal as malicious (8 个事件)
CrowdStrike win/malicious_confidence_60% (W)
APEX Malicious
Kaspersky UDS:DangerousObject.Multi.Generic
MaxSecure Trojan.Malware.1728101.susgen
SentinelOne DFI - Suspicious PE
AegisLab Trojan.Multi.Generic.4!c
ZoneAlarm UDS:DangerousObject.Multi.Generic
VBA32 BScope.TrojanDropper.Upatre
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2015-11-24 12:58:33

Imports

Library KERNEL32.dll:
0x426080 lstrcatW
0x426084 GetFileAttributesA
0x426088 GetFileAttributesW
0x42608c lstrlenA
0x426090 lstrcpyW
0x426094 WideCharToMultiByte
0x426098 SetFileAttributesW
0x42609c GetFileSize
0x4260a0 CreateFileW
0x4260a4 GetCurrentThread
0x4260a8 SetFileTime
0x4260b8 VirtualAlloc
0x4260bc VirtualFree
0x4260c0 WaitForSingleObject
0x4260c4 CreateEventW
0x4260c8 SetEvent
0x4260cc ResetEvent
0x4260d0 DeleteFileW
0x4260d4 Sleep
0x4260d8 WriteFile
0x4260dc CreateFileA
0x4260e0 ReadFile
0x4260e4 SetFilePointer
0x4260e8 GlobalAlloc
0x4260ec GlobalLock
0x4260f0 MulDiv
0x4260f4 LoadLibraryW
0x4260f8 GetSystemDirectoryW
0x4260fc GetVersion
0x426100 CompareStringA
0x426104 WriteConsoleW
0x426108 GetConsoleOutputCP
0x42610c WriteConsoleA
0x426110 FlushFileBuffers
0x426114 SetStdHandle
0x426118 GetTickCount
0x42611c GetStringTypeW
0x426120 GetStringTypeA
0x426124 LCMapStringW
0x426128 LCMapStringA
0x42612c GetConsoleMode
0x426130 GetConsoleCP
0x426134 GetLocaleInfoA
0x426140 CompareStringW
0x426148 GetCurrentProcessId
0x426150 GetCommandLineW
0x426154 GetStartupInfoA
0x426158 GetFileType
0x42615c SetHandleCount
0x426160 RtlUnwind
0x426164 IsValidCodePage
0x426168 GetOEMCP
0x42616c GetACP
0x426170 GetCPInfo
0x426178 GetModuleFileNameA
0x42617c GetStdHandle
0x426180 HeapCreate
0x42618c TlsFree
0x426190 TlsSetValue
0x426194 TlsAlloc
0x426198 TlsGetValue
0x42619c IsDebuggerPresent
0x4261a8 GetModuleHandleA
0x4261ac TerminateProcess
0x4261b0 GetStartupInfoW
0x4261b4 CreateThread
0x4261b8 ExitThread
0x4261bc ExitProcess
0x4261c4 LoadLibraryA
0x4261c8 CloseHandle
0x4261cc CreateProcessW
0x4261d8 GetCurrentThreadId
0x4261dc SetLastError
0x4261e4 GetCurrentProcess
0x4261f0 LoadLibraryExW
0x4261f4 MultiByteToWideChar
0x4261fc RaiseException
0x426204 GetModuleHandleW
0x426208 lstrcmpiW
0x42620c GetProcAddress
0x426210 FreeLibrary
0x426214 GetLastError
0x426220 GlobalFree
0x426224 lstrcpynW
0x426228 CreateDirectoryW
0x42622c FindResourceExW
0x426230 FindResourceW
0x426234 LoadResource
0x426238 LockResource
0x42623c SizeofResource
0x426240 GetModuleFileNameW
0x426244 lstrlenW
0x42624c GetProcessHeap
0x426250 HeapSize
0x426254 HeapReAlloc
0x426258 HeapFree
0x42625c HeapAlloc
0x426260 HeapDestroy
Library USER32.dll:
0x426280 SendMessageW
0x426284 CharNextW
0x426288 TranslateMessage
0x42628c PeekMessageW
0x426290 UnregisterClassA
0x426294 GetSystemMetrics
0x426298 DispatchMessageW
0x4262a0 InvalidateRect
0x4262a4 EndPaint
0x4262a8 BeginPaint
0x4262ac ShowWindow
0x4262b0 GetForegroundWindow
0x4262b4 DrawTextW
0x4262b8 GetSysColor
0x4262bc CreateWindowExW
0x4262c0 DestroyWindow
0x4262c4 IsDialogMessageW
0x4262c8 GetMessageW
0x4262cc GetCapture
0x4262d4 OffsetRect
0x4262d8 CopyRect
0x4262e0 MonitorFromRect
0x4262e4 SetFocus
0x4262e8 GetFocus
0x4262ec DrawIcon
0x4262f0 ReleaseDC
0x4262f4 GetDC
0x4262f8 EndDialog
0x4262fc KillTimer
0x426300 MoveWindow
0x426304 ScreenToClient
0x426308 EnableWindow
0x42630c SetTimer
0x426310 GetDlgItem
0x426314 SetDlgItemTextW
0x426318 SetWindowTextW
0x42631c PostMessageW
0x426320 GetWindow
0x426324 MonitorFromWindow
0x426328 GetMonitorInfoW
0x42632c GetWindowRect
0x426330 GetParent
0x426334 GetClientRect
0x426338 MapWindowPoints
0x42633c LoadIconW
0x426340 SetWindowPos
0x426344 GetWindowLongW
0x426348 GetWindowTextW
0x426350 SetWindowLongW
0x426354 DialogBoxParamW
0x426358 GetActiveWindow
Library GDI32.dll:
0x42603c GetStockObject
0x426040 SetBkMode
0x426044 SetTextColor
0x426048 GetDeviceCaps
0x42604c ExtTextOutW
0x426050 SetBkColor
0x426058 GetTextMetricsW
0x42605c GetObjectW
0x426060 DeleteDC
0x426064 SelectObject
0x426068 CreateCompatibleDC
0x42606c BitBlt
0x426070 CreateDIBSection
0x426074 DeleteObject
0x426078 CreateFontIndirectW
Library ADVAPI32.dll:
0x426000 AccessCheck
0x426004 OpenThreadToken
0x426008 RevertToSelf
0x42600c ImpersonateSelf
0x426010 GetFileSecurityW
0x426014 RegDeleteValueW
0x426018 RegCreateKeyExW
0x42601c RegSetValueExW
0x426020 RegEnumKeyExW
0x426024 RegQueryInfoKeyW
0x426028 RegDeleteKeyW
0x42602c RegCloseKey
0x426030 RegOpenKeyExW
Library SHELL32.dll:
0x426274 ShellExecuteW
0x426278 SHBrowseForFolderW
Library ole32.dll:
0x426360 CoTaskMemRealloc
0x426364 CoTaskMemAlloc
0x426368 CoUninitialize
0x42636c CoInitialize
0x426370 CoCreateInstance
0x426374 CoTaskMemFree
Library OLEAUT32.dll:
0x426268 VarUI4FromStr

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50003 239.255.255.250 3702
192.168.56.101 51966 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.