0.9
低危
62 个模型检测该样本为恶意!
重新分析
更多

100b17e1a740ad1162e18de22e6ccd5a7d776b2c13589d2361f444762bfc5c42

100b17e1a740ad1162e18de22e6ccd5a7d776b2c13589d2361f444762bfc5c42.exe

分析耗时

193s

最近分析

370天前

文件大小

9.7KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN BADUR
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.55
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:TrojanX-gen [Trj] 20200415 18.4.3895.0
Baidu Win32.Trojan-Downloader.Tiny.c 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Kingsoft None 20200416 2013.8.14.323
McAfee VTFlooder!4524580B764A 20200416 6.0.6.653
Tencent Trojan.Win32.VtFlooder.a 20200416 1.0.0.1
静态指标
行为判定
动态指标
网络通信
与未执行 DNS 查询的主机进行通信 (1 个事件)
host 114.114.114.114
文件已被 VirusTotal 上 62 个反病毒引擎识别为恶意 (50 out of 62 个事件)
ALYac Gen:Variant.Ulise.1586
APEX Malicious
AVG Win32:TrojanX-gen [Trj]
Acronis suspicious
Ad-Aware Gen:Variant.Ulise.1586
AhnLab-V3 Trojan/Win32.Downloader.R117998
Antiy-AVL Trojan/Win32.Badur
Arcabit Trojan.Ulise.D632
Avast Win32:TrojanX-gen [Trj]
Avira TR/Crypt.XPACK.Gen7
Baidu Win32.Trojan-Downloader.Tiny.c
BitDefender Gen:Variant.Ulise.1586
BitDefenderTheta Gen:NN.ZexaF.34106.amX@ayelrii
Bkav W32.FamVT.VtfodtVM.Trojan
CAT-QuickHeal Trojan.Necurs.MUE.A3
ClamAV Win.Malware.Vtflooder-6723768-0
Comodo TrojWare.Win32.Vflooder.TIQD@5i3ljh
CrowdStrike win/malicious_confidence_100% (D)
Cybereason malicious.b764ab
Cylance Unsafe
Cyren W32/A-f89cd476!Eldorado
DrWeb Trojan.Flood.22062
ESET-NOD32 Win32/Flooder.Tiny.A
Emsisoft Gen:Variant.Ulise.1586 (B)
Endgame malicious (high confidence)
F-Prot W32/A-f89cd476!Eldorado
F-Secure Trojan.TR/Crypt.XPACK.Gen7
FireEye Generic.mg.4524580b764abaf6
Fortinet W32/Generic.AC.41!tr
GData Win32.Trojan.Vflooder.A
Ikarus Trojan.Win32.TrojanClicker
Invincea heuristic
Jiangmin Trojan/Badur.crh
K7AntiVirus Trojan ( 0040f9251 )
K7GW Trojan ( 0040f9251 )
Kaspersky Trojan.Win32.Vtflooder.cft
MAX malware (ai score=84)
Malwarebytes Trojan.Vtflooder
MaxSecure Trojan.Badur.ilcp
McAfee VTFlooder!4524580B764A
McAfee-GW-Edition BehavesLike.Win32.VTFlooder.zz
MicroWorld-eScan Gen:Variant.Ulise.1586
Microsoft Trojan:Win32/Vflooder.A
NANO-Antivirus Trojan.Win32.Crypted.dbpklq
Panda Trj/Genetic.gen
Qihoo-360 HEUR/QVM20.1.9945.Malware.Gen
Rising Trojan.Win32.Vflooder.b (RDMK:cmRtazrRqZRUUoF8qpqqkFzG4+Gu)
Sangfor Malware
SentinelOne DFI - Malicious PE
Sophos Troj/Agent-AHNL
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2014-07-07 05:11:21

PE Imphash

3d8c26f4cb1782a87c3bb42796fb6b85

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00000d42 0x00000e00 5.491480219841643
.rdata 0x00002000 0x00000768 0x00000800 4.2238910446785765
.data 0x00003000 0x00002810 0x00000200 0.17014565200323517

Imports

Library KERNEL32.DLL:
0x402000 Sleep
0x402004 lstrlenA
0x402008 CreateThread
0x40200c VirtualFree
0x402010 GetModuleFileNameW
0x402014 GetTickCount
0x402018 ExitProcess
0x40201c GetFileSize
0x402020 VirtualAlloc
0x402024 ReadFile
0x402028 CloseHandle
0x40202c CreateFileW
0x402030 lstrlenW
0x402034 MultiByteToWideChar
Library ntdll.dll:
0x402078 memset
0x40207c _wtoi
0x402080 memcpy
Library ole32.dll:
Library SHLWAPI.dll:
0x40203c StrStrA
Library USER32.dll:
0x402044 wsprintfA
0x402048 wsprintfW
Library WINHTTP.dll:
0x402050 WinHttpCrackUrl
0x402054 WinHttpOpen
0x402058 WinHttpConnect
0x40205c WinHttpOpenRequest
0x402060 WinHttpSendRequest
0x402064 WinHttpQueryHeaders
0x402068 WinHttpReadData
0x40206c WinHttpCloseHandle
L!This program cannot be run in DOS mode.
wy3*3*3*3*6*:4*8*3*(*(:
*0*(::*2*Rich3*
`.rdata
@.data
EEEEMQj
27UREPh
E3EEEEEMQj
UREPMQ
RPQRh"@
EPMQUREP
Qjhx#@
EMQUREPMQ
QjU REP
EUREPMQUR
9U}$EMT
--------%015d
Content-Disposition: form-data; name="apikey"
Content-Type: text/plain
03488030fb57e825ca7f652571f12f15dbb069220773190978b85793c9ecfead
Content-Disposition: form-data; name="file"; filename="1.exe"
Content-Type: application/x-msdownload
Content-Transfer-Encoding: binary
--------%015d--
|$$$}rstuvwxyz{$$$$$$$>?@ABCDEFGHIJKLMNOPQRSTUVW$$$$$$XYZ[\]^_`abcdefghijklmnopq
KERNEL32.DLL
ntdll.dll
ole32.dll
SHLWAPI.dll
USER32.dll
WINHTTP.dll
lstrlenA
CreateThread
VirtualFree
GetModuleFileNameW
GetTickCount
ExitProcess
GetFileSize
VirtualAlloc
ReadFile
CloseHandle
CreateFileW
lstrlenW
MultiByteToWideChar
memset
memcpy
CreateStreamOnHGlobal
StrStrA
wsprintfA
wsprintfW
WinHttpCrackUrl
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpReadData
WinHttpCloseHandle
WinHttpReceiveResponse
--------000000000110417--
--------000000000105144--
jjjjjj
jjjjjj
jjjjjj
twitter.com
/pidoras6
Content-Type: multipart/form-data; boundary=------%015d
/vtapi/v2/file/scan
www.virustotal.com
Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14
Content-Type: application/x-www-form-urlencoded

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.