1.8
低危
33 个模型检测该样本为恶意!
重新分析
更多

d36020c470d71f91e5f9dd96ac7505878aa132208cf7e746a8d8bb169b9d95e1

3f98286c6c7d54aeac10a1e24c3ede28.exe

分析耗时

80s

最近分析

文件大小

615.5KB
静态报毒 动态报毒 AI SCORE=100 ARTEMIS ATTRIBUTE CONFIDENCE CSX POTENTIALLY UNSAFE GAMEHACK GDSDA GENERIC PUA BM HACKTOOL HIGH CONFIDENCE HIGHCONFIDENCE JOHNNIE MALICIOUS PE MALWARE@#UWQ5UFF2JNDC OCCAMY RAZY UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!3F98286C6C7D 20200928 6.0.6.653
Baidu 20190318 1.0.0.2
Avast 20200929 18.4.3895.0
Alibaba HackTool:Win32/Generic.1e630125 20190527 0.3.0.5
Tencent 20200929 1.0.0.1
Kingsoft 20200929 2013.8.14.323
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
This executable has a PDB path (1 个事件)
pdb_path E:\Копии\13.01.2019\client\Release\Loader.pdb
行为判定
动态指标
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 33 AntiVirus engines on VirusTotal as malicious (33 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Razy.708703
FireEye Generic.mg.3f98286c6c7d54ae
McAfee Artemis!3F98286C6C7D
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Unwanted-Program ( 005454b01 )
BitDefender Gen:Variant.Razy.708703
K7GW Unwanted-Program ( 005454b01 )
Cybereason malicious.c6c7d5
Symantec ML.Attribute.HighConfidence
APEX Malicious
Alibaba HackTool:Win32/Generic.1e630125
AegisLab Trojan.Win32.Johnnie.4!c
Ad-Aware Gen:Variant.Razy.708703
Sophos Generic PUA BM (PUA)
Comodo Malware@#uwq5uff2jndc
Invincea Generic PUA BM (PUA)
McAfee-GW-Edition BehavesLike.Win32.Generic.jh
Emsisoft Gen:Variant.Razy.708703 (B)
MAX malware (ai score=100)
Antiy-AVL Trojan/Win32.Occamy
Microsoft Trojan:Win32/Occamy.CD3
GData Gen:Variant.Razy.708703
AhnLab-V3 Trojan/Win32.Agent.C3112467
Cylance Unsafe
Panda Trj/GdSda.A
ESET-NOD32 a variant of Win32/GameHack.CSX potentially unsafe
Yandex Riskware.Agent!
SentinelOne DFI - Malicious PE
Fortinet Riskware/GameHack
Paloalto generic.ml
CrowdStrike win/malicious_confidence_90% (W)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-03-20 22:47:18

Imports

Library KERNEL32.dll:
0x45d050 ReadFile
0x45d054 PeekNamedPipe
0x45d058 GetStdHandle
0x45d05c FormatMessageA
0x45d060 VerifyVersionInfoA
0x45d064 GetSystemDirectoryA
0x45d068 SleepEx
0x45d070 SetLastError
0x45d074 GetTickCount64
0x45d078 FreeLibrary
0x45d07c WideCharToMultiByte
0x45d080 MultiByteToWideChar
0x45d084 GetLastError
0x45d090 GetCurrentProcess
0x45d094 GetProcAddress
0x45d098 GetModuleHandleA
0x45d09c VirtualFree
0x45d0a0 VirtualProtect
0x45d0a4 VirtualAlloc
0x45d0a8 GetFileType
0x45d0ac ExitProcess
0x45d0b0 CreateThread
0x45d0b4 Sleep
0x45d0c0 CreateFileA
0x45d0c4 LoadLibraryA
0x45d0d0 TerminateProcess
0x45d0dc GetCurrentProcessId
0x45d0e0 GetCurrentThreadId
0x45d0e8 InitializeSListHead
0x45d0ec IsDebuggerPresent
0x45d0f0 GetStartupInfoW
0x45d0f4 GetModuleHandleW
0x45d0f8 LocalFree
0x45d0fc CloseHandle
0x45d110 SetEvent
0x45d114 ResetEvent
0x45d11c CreateEventW
0x45d120 GlobalAlloc
0x45d124 GlobalLock
0x45d128 GlobalUnlock
0x45d130 OpenProcess
0x45d134 GetFullPathNameA
0x45d138 VirtualAllocEx
0x45d13c WriteProcessMemory
0x45d140 CreateRemoteThread
0x45d148 Process32First
0x45d14c Process32Next
0x45d150 GetSystemInfo
Library MSVCP140.dll:
Library VCRUNTIME140.dll:
0x45d230 strrchr
0x45d234 memcpy
0x45d238 __FrameUnwindFilter
0x45d240 __CxxDetectRethrow
0x45d248 _CxxThrowException
0x45d254 strstr
0x45d258 memmove
0x45d25c strchr
0x45d268 memchr
0x45d26c memset
0x45d270 __CxxFrameHandler3
Library api-ms-win-crt-stdio-l1-1-0.dll:
0x45d3f8 __p__commode
0x45d3fc _open
0x45d400 __acrt_iob_func
0x45d404 fputc
0x45d408 _wfopen
0x45d414 fwrite
0x45d418 _lseeki64
0x45d41c fseek
0x45d420 ftell
0x45d424 feof
0x45d428 ferror
0x45d42c _close
0x45d434 fread
0x45d438 fclose
0x45d43c _write
0x45d440 _read
0x45d444 fputs
0x45d448 fflush
0x45d44c fopen
0x45d450 fgets
0x45d454 _set_fmode
Library api-ms-win-crt-heap-l1-1-0.dll:
0x45d364 realloc
0x45d368 _set_new_mode
0x45d36c _callnewh
0x45d370 calloc
0x45d374 free
0x45d378 malloc
Library api-ms-win-crt-runtime-l1-1-0.dll:
0x45d394 _initterm_e
0x45d398 _set_app_type
0x45d39c _exit
0x45d3a8 _crt_atexit
0x45d3ac terminate
0x45d3b4 abort
0x45d3bc _controlfp_s
0x45d3c4 _c_exit
0x45d3c8 _cexit
0x45d3cc exit
0x45d3d0 _initterm
0x45d3d4 _errno
0x45d3d8 _getpid
0x45d3dc _beginthreadex
0x45d3e0 __sys_nerr
0x45d3e4 strerror
0x45d3ec _seh_filter_exe
Library api-ms-win-crt-math-l1-1-0.dll:
0x45d388 _except1
0x45d38c __setusermatherr
Library api-ms-win-crt-locale-l1-1-0.dll:
0x45d380 _configthreadlocale
Library USER32.dll:
0x45d1c8 RegisterClassA
0x45d1cc LoadCursorA
0x45d1d0 PostQuitMessage
0x45d1d4 DefWindowProcA
0x45d1d8 MessageBoxA
0x45d1dc DispatchMessageA
0x45d1e0 SetCursor
0x45d1e4 GetKeyState
0x45d1e8 CreateWindowExA
0x45d1ec ReleaseCapture
0x45d1f0 SetCapture
0x45d1f4 SetWindowPos
0x45d1f8 GetWindowRect
0x45d1fc GetClipboardData
0x45d200 SetClipboardData
0x45d204 EmptyClipboard
0x45d208 CloseClipboard
0x45d20c OpenClipboard
0x45d210 GetDesktopWindow
0x45d214 GetClientRect
0x45d218 UnregisterClassA
0x45d21c ShowWindow
0x45d220 TranslateMessage
0x45d224 UpdateWindow
0x45d228 PeekMessageA
Library ADVAPI32.dll:
0x45d000 CryptDestroyHash
0x45d004 RegOpenKeyExA
0x45d008 RegQueryValueExA
0x45d00c CryptGenRandom
0x45d010 CryptDestroyKey
0x45d014 CryptImportKey
0x45d018 CryptEncrypt
0x45d01c GetUserNameA
0x45d020 CryptGetHashParam
0x45d028 CryptHashData
0x45d02c CryptReleaseContext
0x45d030 CryptCreateHash
0x45d034 RegCloseKey
Library SHELL32.dll:
0x45d1c0 ShellExecuteA
Library OLEAUT32.dll:
0x45d1b0 SysFreeString
0x45d1b4 SysAllocString
0x45d1b8 VariantClear
Library IMM32.dll:
0x45d044 ImmGetContext
Library d3d9.dll:
0x45d4ac Direct3DCreate9
Library urlmon.dll:
0x45d4c4 URLDownloadToFileA
Library WS2_32.dll:
0x45d2c0 WSAGetLastError
0x45d2c4 WSACleanup
0x45d2c8 accept
0x45d2cc freeaddrinfo
0x45d2d0 recvfrom
0x45d2d4 sendto
0x45d2d8 getaddrinfo
0x45d2dc socket
0x45d2e0 WSAIoctl
0x45d2e4 setsockopt
0x45d2e8 ntohs
0x45d2ec htons
0x45d2f0 getsockopt
0x45d2f4 getsockname
0x45d2f8 getpeername
0x45d2fc connect
0x45d300 closesocket
0x45d304 bind
0x45d308 send
0x45d30c recv
0x45d310 WSASetLastError
0x45d314 select
0x45d318 WSAStartup
0x45d31c listen
0x45d320 ioctlsocket
0x45d324 __WSAFDIsSet
0x45d328 ntohl
0x45d32c htonl
0x45d330 gethostname
Library CRYPT32.dll:
Library WLDAP32.dll:
0x45d27c
0x45d280
0x45d284
0x45d288
0x45d28c
0x45d290
0x45d294
0x45d298
0x45d29c
0x45d2a0
0x45d2a4
0x45d2a8
0x45d2ac
0x45d2b0
0x45d2b4
0x45d2b8
Library Normaliz.dll:
0x45d1a8 IdnToAscii
Library ntdll.dll:
0x45d4bc VerSetConditionMask

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50003 239.255.255.250 3702
192.168.56.101 50005 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.