7.0
高危

fc512a722be464a5e13652d5f6d79c418a2be467804fd858f9c62a14ca3a1a5b

41110b6c19cf79bdfd6774d490ce6ce0.exe

分析耗时

85s

最近分析

文件大小

5.8MB
静态报毒 动态报毒 AI SCORE=89 APPLICUNWNT@#3447TOIYOWEHR E1X2A4PA9VE FUSIONCORE GENERIC PUA HD GENERIC@ML HKDSBA HVT58H7QVVMBPRBIYQ INSTALLCORE JACARD RDML UNSAFE WACATAC WIHV 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Baidu 20190318 1.0.0.2
Avast 20210504 21.1.5827.0
Alibaba 20190527 0.3.0.5
Tencent 20210504 1.0.0.1
Kingsoft 20210504 2017.9.26.565
McAfee 20210504 6.0.6.653
CrowdStrike 20210203 1.0
静态指标
This executable is signed
Tries to locate where the browsers are installed (1 个事件)
file C:\Program Files\Google\Chrome\Application\chrome.exe
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620981115.795874
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .ndata
One or more processes crashed (8 个事件)
Time & API Arguments Status Return Repeated
1620981139.733874
__exception__
stacktrace:
0x5776c48
0x5774757
0x5776886
0x577ef8a
0x57829e9
0x57a7ec0
0x57a847d
0x57a9fdc
0x57a630f
0x57ac62a
0x57ac861
0x57aba01
0x57ab671
0x57becf4
0x5722e98
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 100792712
registers.edi: 11004
registers.eax: 100792712
registers.ebp: 100792792
registers.edx: 0
registers.ebx: 91695332
registers.esi: 96321728
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620981141.889874
__exception__
stacktrace:
0x5776c48
0x5774757
0x5776886
0x577ef8a
0x57829e9
0x57a7ec0
0x57a847d
0x57a9fdc
0x57a630f
0x57ac62a
0x57ac861
0x57aba01
0x57ab78f
0x59e107d
0x59e1849
0x5722ebb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 114358444
registers.edi: 11004
registers.eax: 114358444
registers.ebp: 114358524
registers.edx: 0
registers.ebx: 91695332
registers.esi: 96322480
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620981143.217874
__exception__
stacktrace:
0x5776c48
0x5774757
0x5776886
0x577ef8a
0x57829e9
0x57a7ec0
0x57a847d
0x57a9fdc
0x57a630f
0x57ac62a
0x57ac861
0x57aba01
0x57ab671
0x57becf4
0x5722e98
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 100792712
registers.edi: 11004
registers.eax: 100792712
registers.ebp: 100792792
registers.edx: 0
registers.ebx: 91695332
registers.esi: 96315984
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620981145.530874
__exception__
stacktrace:
0x5776c48
0x5774757
0x5776886
0x577ef8a
0x57829e9
0x57a7ec0
0x57a847d
0x57a9fdc
0x57a630f
0x57ac62a
0x57ac861
0x57aba01
0x57ab671
0x57becf4
0x5722e98
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 100792712
registers.edi: 11004
registers.eax: 100792712
registers.ebp: 100792792
registers.edx: 0
registers.ebx: 91695332
registers.esi: 96315632
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620981145.717874
__exception__
stacktrace:
0x5776c48
0x5774757
0x5776886
0x577ef8a
0x57829e9
0x57a7ec0
0x57a847d
0x57a9fdc
0x57a630f
0x57ac62a
0x57ac861
0x57aba01
0x57ab78f
0x59e107d
0x59e1849
0x5722ebb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 114358444
registers.edi: 11004
registers.eax: 114358444
registers.ebp: 114358524
registers.edx: 0
registers.ebx: 91695332
registers.esi: 96315632
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620981148.936874
__exception__
stacktrace:
0x5776c48
0x5774757
0x5776886
0x577ef8a
0x57829e9
0x57a7ec0
0x57a847d
0x57a9fdc
0x57a630f
0x57ac62a
0x57ac861
0x57aba01
0x57ab671
0x57becf4
0x5722e98
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 100792712
registers.edi: 11004
registers.eax: 100792712
registers.ebp: 100792792
registers.edx: 0
registers.ebx: 91695332
registers.esi: 96322256
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620981149.827874
__exception__
stacktrace:
0x5776c48
0x5774757
0x5776886
0x577ef8a
0x57829e9
0x57a7ec0
0x57a847d
0x57a9fdc
0x57a630f
0x57ac62a
0x57ac861
0x57aba01
0x57ab78f
0x59e107d
0x59e1849
0x5722ebb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 114358444
registers.edi: 11004
registers.eax: 114358444
registers.ebp: 114358524
registers.edx: 0
registers.ebx: 91695332
registers.esi: 96322256
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1620981151.498874
__exception__
stacktrace:
0x5776c48
0x5774757
0x5776886
0x577ef8a
0x57829e9
0x57a7ec0
0x57a847d
0x57a9fdc
0x57a630f
0x57ac62a
0x57ac861
0x57aba01
0x57ab78f
0x59e107d
0x59e1849
0x5722ebb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 114358444
registers.edi: 11004
registers.eax: 114358444
registers.ebp: 114358524
registers.edx: 0
registers.ebx: 91695332
registers.esi: 96322576
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (5 个事件)
Time & API Arguments Status Return Repeated
1620981121.186874
NtProtectVirtualMemory
process_identifier: 732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74985000
success 0 0
1620981126.155874
NtAllocateVirtualMemory
process_identifier: 732
region_size: 1744896
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05350000
success 0 0
1620981126.389874
NtProtectVirtualMemory
process_identifier: 732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 2433024
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x056b1000
success 0 0
1620981126.389874
NtProtectVirtualMemory
process_identifier: 732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 1736704
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x05903000
success 0 0
1620981126.545874
NtAllocateVirtualMemory
process_identifier: 732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x049b0000
success 0 0
Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (3 个事件)
Time & API Arguments Status Return Repeated
1620981135.686874
GetDiskFreeSpaceW
root_path: C:
sectors_per_cluster: 8
number_of_free_clusters: 4786002
total_number_of_clusters: 8362495
bytes_per_sector: 512
success 1 0
1620981138.108874
GetDiskFreeSpaceW
root_path: C:
sectors_per_cluster: 8
number_of_free_clusters: 4786002
total_number_of_clusters: 8362495
bytes_per_sector: 512
success 1 0
1620981141.123874
GetDiskFreeSpaceW
root_path: C:
sectors_per_cluster: 8
number_of_free_clusters: 4786002
total_number_of_clusters: 8362495
bytes_per_sector: 512
success 1 0
Steals private information from local Internet browsers (28 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ZxcvbnData\Cache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\MEIPreload\Cache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\pnacl\Cache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Cache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\Cache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel\Cache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\SafetyTips\Cache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\SwReporter\Cache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Floc\Cache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\OriginTrials\Cache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\Cache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Cache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Subresource Filter\Cache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\Cache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Safe Browsing\Cache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Cache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\hyphen-data\Cache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Cache\
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crowd Deny\Cache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\FontLookupTableCache\Cache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Cache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad\Cache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Cache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\AutofillStates\Cache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\WidevineCdm\Cache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\RecoveryImproved\Cache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\GrShaderCache\Cache
Creates executable files on the filesystem (4 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsa6D8C.tmp\System.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsa6D8C.tmp\Math.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsd130487529343\libeay32.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsd130487529343\ssleay32.dll
Drops an executable to the user AppData folder (5 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsa6D8C.tmp\Math.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsa6D8C.tmp\nsq6E87.tmp
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsd130487529343\ssleay32.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsa6D8C.tmp\System.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsd130487529343\libeay32.dll
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620981122.045874
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process 41110b6c19cf79bdfd6774d490ce6ce0.exe
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Creates an Alternate Data Stream (ADS) (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\41110b6c19cf79bdfd6774d490ce6ce0.exe:Zone.Identifier:$DATA
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620981124.655874
RegSetValueExA
key_handle: 0x000003fc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620981124.670874
RegSetValueExA
key_handle: 0x000003fc
value: ðÖ[[H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620981124.670874
RegSetValueExA
key_handle: 0x000003fc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620981124.670874
RegSetValueExW
key_handle: 0x000003fc
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620981124.686874
RegSetValueExA
key_handle: 0x00000418
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620981124.686874
RegSetValueExA
key_handle: 0x00000418
value: ðÖ[[H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620981124.686874
RegSetValueExA
key_handle: 0x00000418
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620981124.780874
RegSetValueExW
key_handle: 0x000003f8
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Network activity contains more than one unique useragent (2 个事件)
process 41110b6c19cf79bdfd6774d490ce6ce0.exe useragent
process 41110b6c19cf79bdfd6774d490ce6ce0.exe useragent Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
File has been identified by 27 AntiVirus engines on VirusTotal as malicious (27 个事件)
MicroWorld-eScan Gen:Variant.Jacard.173560
FireEye Gen:Variant.Jacard.173560
CAT-QuickHeal Trojan.Wacatac
ALYac Gen:Variant.Jacard.173560
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
K7AntiVirus Adware ( 00567ca61 )
BitDefender Gen:Variant.Jacard.173560
K7GW Adware ( 00567ca61 )
Cybereason malicious.c19cf7
Cyren W32/Application.WIHV-7319
ESET-NOD32 a variant of Win32/FusionCore.BC potentially unwanted
NANO-Antivirus Trojan.Win32.InstallCore.hkdsba
Emsisoft Gen:Variant.Jacard.173560 (B)
Comodo ApplicUnwnt@#3447toiyowehr
DrWeb Trojan.InstallCore.3952
Sophos Generic PUA HD (PUA)
GData Gen:Variant.Jacard.173560
Webroot W32.Adware.Gen
Arcabit Trojan.Jacard.D2A5F8
MAX malware (ai score=89)
VBA32 Trojan.InstallCore
Malwarebytes Generic.Malware/Suspicious
Panda PUP/InstallCore
Rising Trojan.Generic@ML.100 (RDML:dd1/hVT58h7qVvmbPrbIyQ)
Yandex Trojan.Agent!E1x2a4pa9vE
Fortinet Riskware/FusionCore
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-12-16 08:50:53

Imports

Library KERNEL32.dll:
0x408070 ExitProcess
0x408074 SetFileAttributesW
0x408078 Sleep
0x40807c GetTickCount
0x408080 CreateFileW
0x408084 GetFileSize
0x408088 GetModuleFileNameW
0x40808c GetCurrentProcess
0x408094 GetFileAttributesW
0x4080a0 GetTempPathW
0x4080a4 GetCommandLineW
0x4080a8 GetVersion
0x4080ac SetErrorMode
0x4080b0 lstrlenW
0x4080b4 lstrcpynW
0x4080b8 CopyFileW
0x4080bc MoveFileW
0x4080c0 GlobalLock
0x4080c4 CreateThread
0x4080c8 GetLastError
0x4080cc CreateDirectoryW
0x4080d0 CreateProcessW
0x4080d4 RemoveDirectoryW
0x4080d8 lstrcmpiA
0x4080dc GetTempFileNameW
0x4080e0 WriteFile
0x4080e4 lstrcpyA
0x4080e8 MoveFileExW
0x4080ec lstrcatW
0x4080f0 GetSystemDirectoryW
0x4080f4 GetProcAddress
0x4080f8 GetModuleHandleA
0x4080fc GetExitCodeProcess
0x408100 WaitForSingleObject
0x408104 lstrcmpiW
0x408108 lstrcmpW
0x40810c GetFullPathNameW
0x408110 GetShortPathNameW
0x408114 SearchPathW
0x408118 CompareFileTime
0x40811c SetFileTime
0x408120 CloseHandle
0x408128 GlobalFree
0x40812c GlobalUnlock
0x408130 GetDiskFreeSpaceW
0x408134 GlobalAlloc
0x408138 DeleteFileW
0x40813c FindFirstFileW
0x408140 FindNextFileW
0x408144 FindClose
0x408148 SetFilePointer
0x40814c ReadFile
0x408150 MulDiv
0x408154 lstrlenA
0x408158 WideCharToMultiByte
0x40815c MultiByteToWideChar
0x408164 FreeLibrary
0x40816c GetModuleHandleW
0x408170 LoadLibraryExW
Library USER32.dll:
0x408194 GetWindowRect
0x408198 GetSystemMenu
0x40819c SetClassLongW
0x4081a0 IsWindowEnabled
0x4081a4 SetWindowPos
0x4081a8 GetSysColor
0x4081ac GetWindowLongW
0x4081b0 SetCursor
0x4081b4 LoadCursorW
0x4081b8 CheckDlgButton
0x4081bc GetMessagePos
0x4081c0 CallWindowProcW
0x4081c4 IsWindowVisible
0x4081c8 CloseClipboard
0x4081cc SetClipboardData
0x4081d0 EmptyClipboard
0x4081d4 OpenClipboard
0x4081d8 TrackPopupMenu
0x4081dc ScreenToClient
0x4081e0 EnableMenuItem
0x4081e4 GetDlgItem
0x4081e8 SetDlgItemTextW
0x4081ec GetDlgItemTextW
0x4081f0 MessageBoxIndirectW
0x4081f4 CharPrevW
0x4081f8 CharNextA
0x4081fc wsprintfA
0x408200 DispatchMessageW
0x408204 PeekMessageW
0x408208 GetDC
0x40820c ReleaseDC
0x408210 EnableWindow
0x408214 InvalidateRect
0x408218 SendMessageW
0x40821c DefWindowProcW
0x408220 BeginPaint
0x408224 GetClientRect
0x408228 FillRect
0x408230 EndDialog
0x408234 RegisterClassW
0x408238 DialogBoxParamW
0x40823c CreateWindowExW
0x408240 GetClassInfoW
0x408244 DestroyWindow
0x408248 CharNextW
0x40824c ExitWindowsEx
0x408250 SetWindowTextW
0x408254 LoadImageW
0x408258 SetTimer
0x40825c ShowWindow
0x408260 PostQuitMessage
0x408264 wsprintfW
0x408268 SetWindowLongW
0x40826c FindWindowExW
0x408270 IsWindow
0x408274 CreatePopupMenu
0x408278 AppendMenuW
0x40827c GetSystemMetrics
0x408280 DrawTextW
0x408284 EndPaint
0x408288 CreateDialogParamW
0x40828c SendMessageTimeoutW
0x408290 SetForegroundWindow
Library GDI32.dll:
0x40804c SelectObject
0x408050 SetTextColor
0x408054 SetBkMode
0x408058 CreateFontIndirectW
0x40805c CreateBrushIndirect
0x408060 DeleteObject
0x408064 GetDeviceCaps
0x408068 SetBkColor
Library SHELL32.dll:
0x408178 ShellExecuteExW
0x408184 SHGetFileInfoW
0x408188 SHFileOperationW
0x40818c SHBrowseForFolderW
Library ADVAPI32.dll:
0x408004 RegCreateKeyExW
0x408008 RegOpenKeyExW
0x40800c SetFileSecurityW
0x408010 OpenProcessToken
0x408018 RegEnumValueW
0x40801c RegDeleteKeyW
0x408020 RegDeleteValueW
0x408024 RegCloseKey
0x408028 RegSetValueExW
0x40802c RegQueryValueExW
0x408030 RegEnumKeyW
Library COMCTL32.dll:
0x408038 ImageList_Create
0x40803c ImageList_AddMasked
0x408040
0x408044 ImageList_Destroy
Library ole32.dll:
0x408298 OleUninitialize
0x40829c OleInitialize
0x4082a0 CoTaskMemFree
0x4082a4 CoCreateInstance

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49710 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50047 114.114.114.114 53
192.168.56.101 50320 114.114.114.114 53
192.168.56.101 50433 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 50849 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 53500 114.114.114.114 53
192.168.56.101 53661 114.114.114.114 53
192.168.56.101 54178 114.114.114.114 53
192.168.56.101 54260 114.114.114.114 53
192.168.56.101 54991 114.114.114.114 53
192.168.56.101 55169 114.114.114.114 53
192.168.56.101 56743 114.114.114.114 53
192.168.56.101 57089 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 57367 114.114.114.114 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.