4.4
中危
52 个模型检测该样本为恶意!
重新分析
更多

70c7a48f3dfb41c0137b736bf5f3071bfd550eb8dee8fc6b3c5a075adbecbdbb

42b62f4ff20ab5a7eb4a3f0a3e34217b.exe

分析耗时

73s

最近分析

文件大小

1.0MB
静态报毒 动态报毒 100% 1KU1H7 A + MAL AI SCORE=82 ATTRIBUTE CLASSIC CONFIDENCE CVX@AEGHAMKG DANGEROUSSIG ENCPK EUGU GENCIRC GENERICKD GENERICKDZ HFYN HGMS HIGH CONFIDENCE HIGHCONFIDENCE HUPUDT INJECT3 KRYPTIK MALCERT MALICIOUS PE MALWARE@#1KD3JVMOZI5BW MLBBNM0APRO MULTIPMF ODAFB PINKSBOT QAKBOT QBOT R350973 S15902124 SCORE SUSGEN TRUU UNSAFE ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee W32/PinkSbot-HE!42B62F4FF20A 20201022 6.0.6.653
Alibaba Trojan:Win32/Kryptik.48564d77 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:DangerousSig [Trj] 20201022 18.4.3895.0
Kingsoft 20201022 2013.8.14.323
Tencent Malware.Win32.Gencirc.10ce00cd 20201022 1.0.0.1
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1620726224.191074
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620750186.435001
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
This executable is signed
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620726224.144074
GlobalMemoryStatusEx
success 1 0
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1620750187.122001
__exception__
stacktrace: 
42b62f4ff20ab5a7eb4a3f0a3e34217b+0x3f4c @ 0x403f4c
42b62f4ff20ab5a7eb4a3f0a3e34217b+0x1b4c @ 0x401b4c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638144
registers.edi: 6118016
registers.eax: 1447909480
registers.ebp: 1638204
registers.edx: 22104
registers.ebx: 1
registers.esi: 0
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: 42b62f4ff20ab5a7eb4a3f0a3e34217b+0x348a
exception.instruction: in eax, dx
exception.module: 42b62f4ff20ab5a7eb4a3f0a3e34217b.exe
exception.exception_code: 0xc0000096
exception.offset: 13450
exception.address: 0x40348a
success 0 0
1620750187.122001
__exception__
stacktrace: 
42b62f4ff20ab5a7eb4a3f0a3e34217b+0x3f55 @ 0x403f55
42b62f4ff20ab5a7eb4a3f0a3e34217b+0x1b4c @ 0x401b4c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638148
registers.edi: 6118016
registers.eax: 1447909480
registers.ebp: 1638204
registers.edx: 22104
registers.ebx: 1
registers.esi: 0
registers.ecx: 20
exception.instruction_r: ed 89 45 e4 5a 59 5b 58 83 4d fc ff eb 11 33 c0
exception.symbol: 42b62f4ff20ab5a7eb4a3f0a3e34217b+0x3523
exception.instruction: in eax, dx
exception.module: 42b62f4ff20ab5a7eb4a3f0a3e34217b.exe
exception.exception_code: 0xc0000096
exception.offset: 13603
exception.address: 0x403523
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (4 个事件)
Time & API Arguments Status Return Repeated
1620726222.644074
NtAllocateVirtualMemory
process_identifier: 1404
region_size: 1024000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02060000
success 0 0
1620726222.644074
NtProtectVirtualMemory
process_identifier: 1404
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 1024000
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1620750185.950001
NtAllocateVirtualMemory
process_identifier: 324
region_size: 1024000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01db0000
success 0 0
1620750185.966001
NtProtectVirtualMemory
process_identifier: 324
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 1024000
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1620726224.925074
CreateProcessInternalW
thread_identifier: 2252
thread_handle: 0x00000194
process_identifier: 324
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\42b62f4ff20ab5a7eb4a3f0a3e34217b.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000198
inherit_handles: 0
success 1 0
Expresses interest in specific running processes (1 个事件)
process vboxservice.exe
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Detects VMWare through the in instruction feature (1 个事件)
Time & API Arguments Status Return Repeated
1620750187.122001
__exception__
stacktrace: 
42b62f4ff20ab5a7eb4a3f0a3e34217b+0x3f4c @ 0x403f4c
42b62f4ff20ab5a7eb4a3f0a3e34217b+0x1b4c @ 0x401b4c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638144
registers.edi: 6118016
registers.eax: 1447909480
registers.ebp: 1638204
registers.edx: 22104
registers.ebx: 1
registers.esi: 0
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: 42b62f4ff20ab5a7eb4a3f0a3e34217b+0x348a
exception.instruction: in eax, dx
exception.module: 42b62f4ff20ab5a7eb4a3f0a3e34217b.exe
exception.exception_code: 0xc0000096
exception.offset: 13450
exception.address: 0x40348a
success 0 0
File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.34494180
FireEye Generic.mg.42b62f4ff20ab5a7
CAT-QuickHeal Trojan.MultiPMF.S15902124
McAfee W32/PinkSbot-HE!42B62F4FF20A
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 0056dc761 )
Alibaba Trojan:Win32/Kryptik.48564d77
K7GW Trojan ( 0056e1541 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Generic.D20E56E4
BitDefenderTheta Gen:NN.ZexaF.34570.cvX@aeghaMkG
Cyren W32/Trojan.EUGU-2567
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:DangerousSig [Trj]
ClamAV Win.Packed.Generickdz-9764486-0
Kaspersky Trojan.Win32.Qbot.dv
BitDefender Trojan.GenericKD.34494180
NANO-Antivirus Trojan.Win32.Qbot.hupudt
Paloalto generic.ml
AegisLab Trojan.Win32.Qbot.truu
Rising Trojan.MalCert!1.CBD2 (CLASSIC)
Ad-Aware Trojan.GenericKD.34494180
Emsisoft MalCert.A (A)
Comodo Malware@#1kd3jvmozi5bw
DrWeb Trojan.Inject3.56781
VIPRE Trojan.Win32.Generic!BT
Invincea ML/PE-A + Mal/EncPk-APW
McAfee-GW-Edition BehavesLike.Win32.Generic.tt
Sophos Mal/EncPk-APW
SentinelOne DFI - Malicious PE
Jiangmin Trojan.Qbot.k
eGambit Unsafe.AI_Score_94%
Avira TR/AD.Qbot.odafb
MAX malware (ai score=82)
Microsoft Trojan:Win32/Qakbot!MSR
ViRobot Trojan.Win32.Z.Kryptik.1093600
ZoneAlarm Trojan.Win32.Qbot.dv
GData Win32.Trojan.PSE.1KU1H7
AhnLab-V3 Trojan/Win32.Kryptik.R350973
ALYac Trojan.Agent.QakBot
ESET-NOD32 a variant of Win32/Kryptik.HGMS
Tencent Malware.Win32.Gencirc.10ce00cd
Yandex Trojan.Kryptik!mLBBnM0APRo
Ikarus Trojan.Win32.Crypt
MaxSecure Trojan.Malware.106424031.susgen
Fortinet W32/Kryptik.HFYN!tr
AVG Win32:DangerousSig [Trj]
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-17 03:44:28

Imports

Library kernel32.dll:
0x4f81a0 GetProcAddress
0x4f81a4 GetVersion
0x4f81a8 LoadLibraryA
0x4f81ac VirtualAlloc
0x4f81b0 VirtualFree
0x4f81b4 VirtualProtect
0x4f81b8 GetModuleHandleA
0x4f81bc lstrcmpA
0x4f81c0 GetCurrentThread
0x4f81c4 VerifyVersionInfoA
0x4f81c8 EnumTimeFormatsW
0x4f81d0 VerLanguageNameW
0x4f81d8 TerminateProcess
0x4f81dc SetConsoleCP
0x4f81e0 lstrcpynA
0x4f81e4 EnumSystemLocalesA
0x4f81e8 IsBadReadPtr
Library oledlg.dll:
0x4f82d8 OleUIConvertA
0x4f82dc OleUIBusyA
0x4f82e0 OleUIEditLinksA
0x4f82e8 OleUIChangeSourceA
0x4f82ec OleUIPasteSpecialW
0x4f82f0 OleUIUpdateLinksA
0x4f82f4 OleUIChangeSourceW
0x4f82f8 OleUIPromptUserA
0x4f82fc OleUIChangeIconA
0x4f8300 OleUIPromptUserW
0x4f8304 OleUIUpdateLinksW
Library user32.dll:
0x4f8364 ReleaseCapture
0x4f8368 GetAsyncKeyState
0x4f8370 GetForegroundWindow
0x4f8374 EndDialog
0x4f8378 LoadStringA
0x4f837c CharToOemW
0x4f8380 SetClipboardData
0x4f8384 OpenWindowStationA
0x4f8388 SetParent
0x4f8390 DlgDirSelectExW
0x4f8394 GetIconInfo
0x4f8398 WaitForInputIdle
0x4f839c TabbedTextOutA
0x4f83a0 InSendMessageEx
0x4f83a4 ModifyMenuW
0x4f83a8 ToUnicodeEx
0x4f83ac MessageBoxA
0x4f83b4 SetActiveWindow
Library ole32.dll:
0x4f81f0 OleInitialize
0x4f8208 CreateClassMoniker
0x4f8210 StgCreatePropStg
0x4f8214 CoUnloadingWOW
0x4f821c OleDuplicateData
0x4f8224 CoGetObject
0x4f8230 CoMarshalHresult
0x4f8234 DllRegisterServer
0x4f8238 GetConvertStg
Library comctl32.dll:
0x4f8058 ImageList_Copy
0x4f8064 DSA_DeleteAllItems
0x4f8068 DPA_DeleteAllPtrs
0x4f806c DPA_Search
0x4f807c CreateStatusWindowA
0x4f8080 DrawStatusTextW
0x4f8084 DPA_GetPtr
0x4f8088 DPA_Destroy
0x4f8090 DPA_EnumCallback
0x4f8094 ImageList_Create
0x4f8098 FlatSB_GetScrollPos
0x4f809c ImageList_AddIcon
0x4f80a0 DrawStatusText
0x4f80a4 UninitializeFlatSB
0x4f80a8 DSA_Destroy
0x4f80ac ImageList_Draw
0x4f80b0 DSA_InsertItem
Library advapi32.dll:
0x4f8010 StartServiceA
0x4f8014 GetAce
0x4f801c TraceMessage
0x4f802c RegQueryValueExW
0x4f8048 ElfNumberOfRecords
0x4f804c MD5Final
Library shell32.dll:
0x4f830c ShellMessageBoxW
0x4f8310 Control_RunDLLW
0x4f8314 StrNCmpW
0x4f831c Shell_GetImageLists
0x4f8324 StrCmpNIA
0x4f832c SHObjectProperties
0x4f8330 StrCmpNIW
0x4f8334 IsNetDrive
0x4f8338 SheGetDirA
0x4f833c ILIsParent
0x4f8340 StrStrIA
0x4f8344 PickIconDlg
0x4f8348 SHQueryRecycleBinW
0x4f834c DAD_DragEnterEx2
0x4f8350 DAD_AutoScroll
0x4f8358 ExtractIconEx
Library imagehlp.dll:
0x4f815c MapFileAndCheckSumA
0x4f8164 SymMatchFileName
0x4f816c SymInitialize
0x4f8170 SymEnumerateModules
0x4f8178 SymGetSymPrev
0x4f817c UpdateDebugInfoFile
0x4f8180 SymUnDName64
0x4f8184 ImageAddCertificate
0x4f8188 SymGetModuleBase64
0x4f818c SymUnDName
0x4f8190 SymGetSearchPath
0x4f8194 ReBaseImage64
0x4f8198 FindDebugInfoFileEx
Library oleaut32.dll:
0x4f8280 VarUI1FromDate
0x4f8284 VarI2FromDec
0x4f8288 CreateStdDispatch
0x4f828c VarUI1FromCy
0x4f8290 VarMul
0x4f829c ClearCustData
0x4f82a0 VARIANT_UserMarshal
0x4f82a4 LHashValOfNameSys
0x4f82a8 VarUI8FromI2
0x4f82ac VarUI1FromUI2
0x4f82b0 VarCyFromDate
0x4f82b4 LoadTypeLibEx
0x4f82b8 VarR4FromDate
0x4f82bc VarUI4FromDate
0x4f82c0 VarUI2FromDate
0x4f82c4 VectorFromBstr
0x4f82c8 VarUI1FromStr
0x4f82cc VarDecCmp
0x4f82d0 VarR4FromDisp
Library oleacc.dll:
0x4f8250 ObjectFromLresult
0x4f8254 AccessibleChildren
0x4f8268 GetRoleTextW
0x4f8270 IID_IAccessible
0x4f8274 GetRoleTextA
Library gdi32.dll:
0x4f8100 GdiGetLocalFont
0x4f8108 DdEntry37
0x4f810c GdiDrawStream
0x4f8110 UpdateICMRegKeyA
0x4f8118 GetGlyphIndicesA
0x4f811c DeleteMetaFile
0x4f8120 SetGraphicsMode
0x4f8124 SetWindowExtEx
0x4f8128 GetMetaFileW
0x4f812c EndPath
0x4f8130 EnumICMProfilesA
0x4f8134 ExcludeClipRect
0x4f8138 DescribePixelFormat
0x4f8144 DdEntry11
0x4f8148 GdiConvertFont
0x4f814c ResetDCA
0x4f8150 PolyTextOutW
Library winmm.dll:
0x4f83dc midiStreamRestart
0x4f83e0 midiInGetErrorTextW
0x4f83e4 mciGetErrorStringA
0x4f83e8 midiOutGetID
0x4f83ec waveInGetErrorTextW
0x4f83f0 mciSendStringW
0x4f83f4 mixerMessage
0x4f83f8 mixerGetLineInfoA
0x4f83fc auxGetNumDevs
0x4f8400 mciGetDeviceIDW
0x4f8404 waveOutRestart
0x4f8408 mciDriverNotify
0x4f840c mixerGetNumDevs
0x4f8410 waveInOpen
0x4f8414 midiInGetErrorTextA
0x4f8418 joySetCapture
0x4f841c auxGetDevCapsW
0x4f8420 mmioInstallIOProcA
0x4f8424 mciSetDriverData
0x4f8428 mxd32Message
Library comdlg32.dll:
0x4f80b8 FindTextA
0x4f80bc ReplaceTextA
0x4f80c0 dwOKSubclass
0x4f80c4 WantArrows
0x4f80c8 PrintDlgExA
0x4f80cc FindTextW
0x4f80d0 PrintDlgA
0x4f80d8 PrintDlgW
0x4f80dc GetSaveFileNameW
0x4f80e0 GetOpenFileNameA
0x4f80e4 GetSaveFileNameA
0x4f80e8 ReplaceTextW
0x4f80ec PageSetupDlgW
0x4f80f0 GetFileTitleW
0x4f80f4 ChooseColorW
0x4f80f8 PageSetupDlgA
Library version.dll:
0x4f83bc GetFileVersionInfoA
0x4f83c0 VerFindFileW
0x4f83c4 VerQueryValueW
0x4f83c8 GetFileVersionInfoW
0x4f83cc VerFindFileA
0x4f83d0 VerQueryValueA
Library winspool.drv:
0x50c16c PerfOpen

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49238 239.255.255.250 1900
192.168.56.101 50003 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.