2.6
中危
22 个模型检测该样本为恶意!
重新分析
更多

704819ae01481929baf73950c4e51535310d772d3d6baf1d3523d5cf87d3cab1

4586b24120b963f3057b91f967179a7b.exe

分析耗时

75s

最近分析

文件大小

33.6KB
静态报毒 动态报毒 A@DAM ARTEMIS ATTRIBUTE CLOUD CONFIDENCE ELKERN HIGHCONFIDENCE INJECTED MALWARE@#2BBJUH9I9O7KF OCCAMY SURI TEMCAC UNSAFE WACATAC 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!4586B24120B9 20200604 6.0.6.653
Alibaba Trojan:Win32/Patched.8be9cd75 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:Injected-AZ 20200604 18.4.3895.0
Kingsoft 20200604 2013.8.14.323
Tencent 20200604 1.0.0.1
静态指标
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1620726219.522633
IsDebuggerPresent
failed 0 0
The executable uses a known packer (1 个事件)
packer InstallShield 2000
行为判定
动态指标
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 104.21.22.178
host 172.217.24.14
host 93.184.220.29
Generates some ICMP traffic
File has been identified by 22 AntiVirus engines on VirusTotal as malicious (22 个事件)
McAfee Artemis!4586B24120B9
Cylance Unsafe
Zillya Trojan.Suri.Win32.37
Sangfor Malware
Alibaba Trojan:Win32/Patched.8be9cd75
CrowdStrike win/malicious_confidence_90% (W)
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Injected-AZ
Paloalto generic.ml
AegisLab Trojan.Win32.Generic.4!c
Rising Trojan.Wacatac!8.10C01 (CLOUD)
Comodo Malware@#2bbjuh9i9o7kf
F-Secure Trojan.TR/Patched.Ren.Gen
VIPRE Trojan.Win32.Generic!BT
Sophos Mal/Generic-S
Avira TR/Patched.Ren.Gen
Microsoft Trojan:Win32/Occamy.C70
GData Win32.Virus.Temcac.A@dam
Ikarus Virus.Win32.Elkern
AVG Win32:Injected-AZ
Cybereason malicious.120b96
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1997-08-11 22:34:33

Imports

Library COMCTL32.dll:
0x4082b8
Library GDI32.dll:
0x4082c0 GetTextMetricsA
0x4082c4 SelectObject
0x4082c8 ExtTextOutA
Library KERNEL32.dll:
0x4082d0 GetFileTime
0x4082d4 GetModuleFileNameA
0x4082dc GetDateFormatA
0x4082e0 CloseHandle
0x4082e4 OpenFile
0x4082ec WaitForSingleObject
0x4082f0 GetProcAddress
0x4082f4 LoadLibraryA
0x4082fc GetFileSize
0x408300 GetLocaleInfoA
0x408304 lstrcatA
0x40830c GetSystemDirectoryA
0x408310 lstrcmpiA
0x408314 GlobalLock
0x408318 GlobalReAlloc
0x40831c GlobalFlags
0x408320 GlobalUnlock
0x408324 GlobalAlloc
0x408328 GlobalFree
0x40832c lstrlenA
0x408330 lstrcpyA
0x408334 FreeLibrary
0x40833c CreateEventA
0x408340 SetEvent
0x408348 GetStartupInfoA
0x40834c GetModuleHandleA
Library USER32.dll:
0x4083e4 GetClientRect
0x4083e8 GetParent
0x4083ec MapWindowPoints
0x4083f0 EnumChildWindows
0x4083f4 SetDlgItemTextA
0x4083f8 SendDlgItemMessageA
0x4083fc CheckDlgButton
0x408400 InflateRect
0x408404 GetClassNameA
0x408408 SetWindowPos
0x40840c RemovePropA
0x408410 CallWindowProcA
0x408414 BringWindowToTop
0x408418 MoveWindow
0x40841c DestroyWindow
0x408420 MessageBeep
0x408424 GetPropA
0x408428 GetKeyState
0x40842c ShowWindow
0x408430 SetPropA
0x408434 GetWindowTextA
0x408438 PostQuitMessage
0x40843c PostMessageA
0x408440 SendMessageA
0x408444 LoadCursorA
0x408448 DefWindowProcA
0x40844c LoadIconA
0x408450 GetMessageA
0x408454 RegisterClassA
0x408458 CreateDialogParamA
0x40845c DispatchMessageA
0x408460 IsDialogMessageA
0x408464 TranslateMessage
0x408468 GetDC
0x40846c GetWindowLongA
0x408470 SetWindowLongA
0x408474 EndDialog
0x408478 ReleaseDC
0x40847c CopyRect
0x408480 IsDlgButtonChecked
0x408484 GetDlgItem
0x408488 EnableWindow
0x40848c SetFocus
0x408490 LoadStringA
0x408494 wsprintfA
0x408498 GetDlgItemTextA
0x40849c MessageBoxA
0x4084a0 DialogBoxParamA
0x4084a4 UpdateWindow
Library MSVCRT.dll:
0x408354 _strrev
0x408358 _strupr
0x40835c strcpy
0x408360 strcmp
0x408364 _controlfp
0x408368 _except_handler3
0x40836c __p__fmode
0x408370 __p__commode
0x408374 __set_app_type
0x408378 __setusermatherr
0x40837c _initterm
0x408380 _adjust_fdiv
0x408384 _acmdln
0x408388 exit
0x40838c __getmainargs
0x408390 _exit
0x408394 memmove
0x408398 _XcptFilter
0x40839c strncmp
0x4083a0 memcpy
0x4083a4 _strnicmp
0x4083a8 _findclose
0x4083ac _findnext
0x4083b0 _findfirst
0x4083b4 malloc
0x4083b8 _beginthread
0x4083bc _endthread
0x4083c0 memset
0x4083c4 strtok
0x4083c8 strcat
0x4083cc strlen
0x4083d0 _strlwr
0x4083d4 _stricmp
0x4083d8 free
0x4083dc strstr
Library ADVAPI32.dll:
0x40829c RegCloseKey
0x4082a0 RegQueryValueExA
0x4082a4 RegCreateKeyExA
0x4082a8 RegSetValueExA
0x4082ac RegEnumValueA
0x4082b0 RegDeleteValueA

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
104.21.22.178 443 192.168.56.101 49209

UDP

Source Source Port Destination Destination Port
114.114.114.114 53 192.168.56.101 55331
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51809 239.255.255.250 3702
192.168.56.101 51811 239.255.255.250 3702
192.168.56.101 51813 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62194 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.