2.2
中危
53 个模型检测该样本为恶意!
重新分析
更多

adc83327cb53ef6ac3451e3c9994afd0f4deffde0a5cf6592985b552c8afe40f

45978c35d869650c9bd7d0525e5875ac.exe

分析耗时

14s

最近分析

文件大小

128.5KB
静态报毒 动态报毒 100% AI SCORE=81 ATTRIBUTE BLADABINDI BLUTEAL CLOUD COBRA CONFIDENCE CRYSAN ELDORADO FAKEDOC FYKHB GDSDA GENERICKD HIGH CONFIDENCE HIGHCONFIDENCE IM0@AKUV9AJ MALICIOUS PE PALLAS PDCP POSSIBLETHREAT R002C0WH820 R312661 REDCAP SCORE SNOJAN SUSGEN TSCOPE UNCLASSIFIEDMALWARE@0 UNSAFE ZEMSILF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee RDN/Generic BackDoor 20200824 6.0.6.653
Alibaba Backdoor:MSIL/Crysan.82117b26 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20200824 18.4.3895.0
Tencent Msil.Backdoor.Crysan.Pdcp 20200824 1.0.0.1
Kingsoft 20200824 2013.8.14.323
静态指标
行为判定
动态指标
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.846044060133753 section {'size_of_data': '0x0000ee00', 'virtual_address': '0x00002000', 'entropy': 7.846044060133753, 'name': '.text', 'virtual_size': '0x0000ed84'} description A section with a high entropy has been found
entropy 0.46484375 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 个事件)
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
FireEye Generic.mg.45978c35d869650c
CAT-QuickHeal Backdoor.MSIL
McAfee RDN/Generic BackDoor
Cylance Unsafe
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Backdoor:MSIL/Crysan.82117b26
K7GW Riskware ( 0040eff71 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Generic.D20B90B2
TrendMicro TROJ_GEN.R002C0WH820
Cyren W32/MSIL_Bladabindi.DM.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
Kaspersky Backdoor.MSIL.Crysan.aip
BitDefender Trojan.GenericKD.34312370
ViRobot Trojan.Win32.Z.Agent.131584.KR
SUPERAntiSpyware Trojan.Agent/Gen-Dropper
MicroWorld-eScan Trojan.GenericKD.34312370
Avast Win32:Malware-gen
Tencent Msil.Backdoor.Crysan.Pdcp
Ad-Aware Trojan.GenericKD.34312370
Comodo .UnclassifiedMalware@0
F-Secure Backdoor.BDS/Redcap.fykhb
VIPRE Trojan.Win32.Generic.pak!cobra
Invincea heuristic
Sophos Mal/Generic-S
SentinelOne DFI - Malicious PE
Jiangmin Trojan.Snojan.cah
eGambit Unsafe.AI_Score_99%
Avira BDS/Redcap.fykhb
Microsoft Trojan:Win32/Bluteal!rfn
AegisLab Trojan.MSIL.Crysan.m!c
ZoneAlarm Backdoor.MSIL.Crysan.aip
GData Trojan.GenericKD.34312370
AhnLab-V3 Trojan/Win32.MSIL.R312661
BitDefenderTheta Gen:NN.ZemsilF.34196.im0@aKUV9aj
ALYac Trojan.GenericKD.34312370
MAX malware (ai score=81)
VBA32 TScope.Trojan.MSIL
Malwarebytes Trojan.FakeDoc
TrendMicro-HouseCall TROJ_GEN.R002C0WH820
Rising Backdoor.Crysan!8.10ECA (CLOUD)
Ikarus Trojan.MSIL.Crypt
MaxSecure Trojan.Malware.300983.susgen
Fortinet PossibleThreat.PALLAS.H
AVG Win32:Malware-gen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-07 22:55:03

Imports

Library mscoree.dll:
0x402000 _CorExeMain

Hosts

No hosts contacted.

DNS

No domains contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 56804 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.