SmartHawk

4.0

中危

50 个模型检测该样本为恶意！

重新分析

下载样本

e3be616e258172d4596cd61cbb6ec39b6e7aa0cf8138793783e21a4b6ab4c038

46e8a961f876b2ef8b9d0d392fac5119.exe

分析耗时

105s

最近分析

文件大小

563.5KB

静态报毒动态报毒 5WRUGEQ 9HUIEHYNQ2HWYM A VARIANT OF GENERIK AI SCORE=80 AMQUT ARTEMIS ATTRIBUTE CONFIDENCE EMOTET GDSDA GENERIC@ML HIBD HIGH CONFIDENCE HIGHCONFIDENCE HSLPVS ICEDID JU0@A4GQJBEI KCLOUD MALWARE@#ILLGB5E3B740 OWSMHN PACK PFJS POSSIBLETHREAT R002C0DHI20 RDML REDCAP SCORE SLEPAK SUSGEN UNSAFE ZEXAF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	Trojan:Win32/Slepak.abcbdc77	20190527	0.3.0.5
Avast	Win32:Malware-gen	20201228	21.1.5827.0
Tencent	Win32.Trojan.Slepak.Pfjs	20201228	1.0.0.1
Baidu		20190318	1.0.0.2
Kingsoft	Win32.Troj.Slepak.fu.(kcloud)	20201228	2017.9.26.565
McAfee	Artemis!46E8A961F876	20201228	6.0.6.653
CrowdStrike	win/malicious_confidence_60% (W)	20190702	1.0

This executable has a PDB path (1 个事件)

pdb_path

c:\huntback\learngold\westPeople\fieldgrass\slaveWear\brightMove\GirlContinentLay.pdb

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619473543.240999 GlobalMemoryStatusEx		success	1	0

Allocates read-write-execute memory (usually to unpack itself) (4 个事件)

Time & API	Arguments	Status
1619473543.209999 NtProtectVirtualMemory	process_identifier: 2256 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 16384 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x006d0000	success
1619473543.209999 NtAllocateVirtualMemory	process_identifier: 2256 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00350000	success
1619473543.209999 NtAllocateVirtualMemory	process_identifier: 2256 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00360000	success
1619473543.209999 NtAllocateVirtualMemory	process_identifier: 2256 region_size: 24576 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00370000	success

Communicates with host for which no DNS query was performed (3 个事件)

host	113.108.239.226
host	172.217.24.14
host	203.208.41.65

File has been identified by 50 AntiVirus engines on VirusTotal as malicious (50 个事件)

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Heur.Pack.Emotet.4
FireEye	Gen:Heur.Pack.Emotet.4
ALYac	Trojan.IcedID.gen
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	Trojan:Win32/Slepak.abcbdc77
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.1f876b
Arcabit	Trojan.Pack.Emotet.4
BitDefenderTheta	Gen:NN.ZexaF.34700.Ju0@a4gqJBei
Cyren	W32/Trojan.HIBD-1012
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Generik.OWSMHN
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	Trojan.Win32.Slepak.fu
BitDefender	Gen:Heur.Pack.Emotet.4
NANO-Antivirus	Trojan.Win32.Slepak.hslpvs
Paloalto	generic.ml
Tencent	Win32.Trojan.Slepak.Pfjs
Ad-Aware	Gen:Heur.Pack.Emotet.4
Sophos	Mal/Generic-S
Comodo	Malware@#illgb5e3b740
F-Secure	Trojan.TR/Redcap.amqut
TrendMicro	TROJ_GEN.R002C0DHI20
McAfee-GW-Edition	Artemis!Trojan
Emsisoft	Gen:Heur.Pack.Emotet.4 (B)
Ikarus	Trojan.SuspectCRC
Jiangmin	Trojan.Slepak.ad
Avira	TR/Redcap.amqut
MAX	malware (ai score=80)
Kingsoft	Win32.Troj.Slepak.fu.(kcloud)
Gridinsoft	Trojan.Win32.Gen.cc
Microsoft	Trojan:Win32/IcedId.VSD!MTB
ZoneAlarm	Trojan.Win32.Slepak.fu
GData	Gen:Heur.Pack.Emotet.4
Cynet	Malicious (score: 85)
McAfee	Artemis!46E8A961F876
VBA32	Trojan.Slepak
TrendMicro-HouseCall	TROJ_GEN.R002C0DHI20
Rising	Trojan.Generic@ML.93 (RDML:9hUIEHYNQ2hWYm/5WruGeQ)
MaxSecure	Trojan.Malware.105670621.susgen
Fortinet	PossibleThreat.MU
Webroot	W32.Trojan.Gen
AVG	Win32:Malware-gen
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_60% (W)
Qihoo-360	Win32/Trojan.e9c

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)

dead_host	172.217.24.14:443
dead_host	172.217.160.110:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-08-12 04:52:07

Imports

Library KERNEL32.dll:

• 0x105b10c CreateFileMappingA

• 0x105b110 MapViewOfFile

• 0x105b114 UnmapViewOfFile

• 0x105b118 OpenEventA

• 0x105b11c GetConsoleOutputCP

• 0x105b120 WriteConsoleA

• 0x105b124 SetStdHandle

• 0x105b128 GetConsoleMode

• 0x105b12c GetConsoleCP

• 0x105b130 GetStringTypeW

• 0x105b134 GetStringTypeA

• 0x105b138 LCMapStringW

• 0x105b13c LCMapStringA

• 0x105b140 InitializeCriticalSectionAndSpinCount

• 0x105b144 LoadLibraryW

• 0x105b148 IsValidCodePage

• 0x105b14c GetACP

• 0x105b150 HeapReAlloc

• 0x105b154 HeapSize

• 0x105b158 HeapAlloc

• 0x105b15c VirtualFree

• 0x105b160 HeapFree

• 0x105b164 HeapCreate

• 0x105b168 HeapDestroy

• 0x105b16c SetHandleCount

• 0x105b170 GetEnvironmentStringsW

• 0x105b174 FreeEnvironmentStringsW

• 0x105b178 GetEnvironmentStrings

• 0x105b17c FreeEnvironmentStringsA

• 0x105b180 GetSystemTimeAsFileTime

• 0x105b184 GetTickCount

• 0x105b188 QueryPerformanceCounter

• 0x105b18c IsDebuggerPresent

• 0x105b190 SetUnhandledExceptionFilter

• 0x105b194 UnhandledExceptionFilter

• 0x105b198 TerminateProcess

• 0x105b19c OutputDebugStringW

• 0x105b1a0 GetFileType

• 0x105b1a4 WriteConsoleW

• 0x105b1a8 OutputDebugStringA

• 0x105b1ac GetStdHandle

• 0x105b1b0 DebugBreak

• 0x105b1b4 ExitProcess

• 0x105b1b8 GetSystemInfo

• 0x105b1bc VirtualAlloc

• 0x105b1c0 RtlUnwind

• 0x105b1c4 IsBadReadPtr

• 0x105b1c8 HeapValidate

• 0x105b1cc GetStartupInfoA

• 0x105b1d0 GetCommandLineA

• 0x105b1d4 FlushFileBuffers

• 0x105b1d8 SetFilePointer

• 0x105b1dc WriteFile

• 0x105b1e0 CreateFileA

• 0x105b1e4 GetModuleHandleW

• 0x105b1e8 InterlockedIncrement

• 0x105b1ec GetCurrentThread

• 0x105b1f0 GetLocaleInfoA

• 0x105b1f4 GetOEMCP

• 0x105b1f8 GetCPInfo

• 0x105b1fc GlobalFlags

• 0x105b200 GetCurrentProcess

• 0x105b204 lstrcmpA

• 0x105b208 FormatMessageA

• 0x105b20c SetEvent

• 0x105b210 CloseHandle

• 0x105b214 CompareStringA

• 0x105b218 MultiByteToWideChar

• 0x105b21c lstrcmpW

• 0x105b220 GetCurrentThreadId

• 0x105b224 GlobalAddAtomA

• 0x105b228 GlobalFindAtomA

• 0x105b22c GlobalDeleteAtom

• 0x105b230 GetVersionExA

• 0x105b234 GetCurrentProcessId

• 0x105b238 TlsGetValue

• 0x105b23c LocalReAlloc

• 0x105b240 TlsSetValue

• 0x105b244 GlobalAlloc

• 0x105b248 GlobalReAlloc

• 0x105b24c GlobalLock

• 0x105b250 TlsFree

• 0x105b254 GlobalHandle

• 0x105b258 GlobalUnlock

• 0x105b25c GlobalFree

• 0x105b260 TlsAlloc

• 0x105b264 LoadResource

• 0x105b268 LockResource

• 0x105b26c SizeofResource

• 0x105b270 FindResourceA

• 0x105b274 InterlockedDecrement

• 0x105b278 GetModuleFileNameW

• 0x105b27c EnterCriticalSection

• 0x105b280 LeaveCriticalSection

• 0x105b284 DeleteCriticalSection

• 0x105b288 InitializeCriticalSection

• 0x105b28c WideCharToMultiByte

• 0x105b290 lstrlenA

• 0x105b294 GetModuleFileNameA

• 0x105b298 GetModuleHandleA

• 0x105b29c GetAtomNameA

• 0x105b2a0 GlobalGetAtomNameA

• 0x105b2a4 SetLastError

• 0x105b2a8 RaiseException

• 0x105b2ac GetLastError

• 0x105b2b0 InterlockedExchange

• 0x105b2b4 FreeLibrary

• 0x105b2b8 GetProcAddress

• 0x105b2bc LocalFree

• 0x105b2c0 LocalAlloc

• 0x105b2c4 WaitForMultipleObjects

• 0x105b2c8 LoadLibraryA

• 0x105b2cc GetTempFileNameA

• 0x105b2d0 VirtualProtectEx

• 0x105b2d4 GetShortPathNameA

• 0x105b2d8 GetEnvironmentVariableA

• 0x105b2dc GetSystemDirectoryA

• 0x105b2e0 GetFileAttributesA

• 0x105b2e4 Sleep

• 0x105b2e8 GetWindowsDirectoryA

Library USER32.dll:

• 0x105b308 PtInRect

• 0x105b30c InflateRect

• 0x105b310 SetWindowTextA

• 0x105b314 GetForegroundWindow

• 0x105b318 SetForegroundWindow

• 0x105b31c ShowOwnedPopups

• 0x105b320 IsWindowVisible

• 0x105b324 InvalidateRect

• 0x105b328 UpdateWindow

• 0x105b32c BringWindowToTop

• 0x105b330 GetDesktopWindow

• 0x105b334 GetActiveWindow

• 0x105b338 GetWindowDC

• 0x105b33c ReleaseDC

• 0x105b340 GetDC

• 0x105b344 ClientToScreen

• 0x105b348 LoadMenuA

• 0x105b34c SetMenuItemBitmaps

• 0x105b350 ModifyMenuA

• 0x105b354 InsertMenuItemA

• 0x105b358 GetSubMenu

• 0x105b35c GetMenuItemInfoA

• 0x105b360 GetMenuState

• 0x105b364 GetMenuItemID

• 0x105b368 GetMenuItemCount

• 0x105b36c CheckMenuItem

• 0x105b370 IsMenu

• 0x105b374 CreatePopupMenu

• 0x105b378 GrayStringA

• 0x105b37c DrawTextExA

• 0x105b380 DrawTextA

• 0x105b384 FillRect

• 0x105b388 LoadBitmapA

• 0x105b38c GetSysColorBrush

• 0x105b390 ValidateRect

• 0x105b394 GetClassInfoExA

• 0x105b398 GetClassInfoA

• 0x105b39c RegisterClassA

• 0x105b3a0 GetClientRect

• 0x105b3a4 MapWindowPoints

• 0x105b3a8 GetSysColor

• 0x105b3ac DispatchMessageA

• 0x105b3b0 GetFocus

• 0x105b3b4 SetActiveWindow

• 0x105b3b8 SetFocus

• 0x105b3bc AdjustWindowRectEx

• 0x105b3c0 ScreenToClient

• 0x105b3c4 EqualRect

• 0x105b3c8 CopyRect

• 0x105b3cc EndDeferWindowPos

• 0x105b3d0 GetTopWindow

• 0x105b3d4 GetWindow

• 0x105b3d8 GetCapture

• 0x105b3dc WinHelpA

• 0x105b3e0 TrackPopupMenu

• 0x105b3e4 GetDlgItem

• 0x105b3e8 GetWindowTextA

• 0x105b3ec GetKeyState

• 0x105b3f0 DestroyWindow

• 0x105b3f4 GetDlgCtrlID

• 0x105b3f8 SetWindowsHookExA

• 0x105b3fc CallNextHookEx

• 0x105b400 GetClassLongA

• 0x105b404 GetClassNameA

• 0x105b408 SetPropA

• 0x105b40c GetPropA

• 0x105b410 CallWindowProcA

• 0x105b414 RemovePropA

• 0x105b418 DefWindowProcA

• 0x105b41c SetMenu

• 0x105b420 GetMenu

• 0x105b424 GetMessageTime

• 0x105b428 GetMessagePos

• 0x105b42c SetWindowLongA

• 0x105b430 SetWindowPos

• 0x105b434 OffsetRect

• 0x105b438 IntersectRect

• 0x105b43c SystemParametersInfoA

• 0x105b440 IsIconic

• 0x105b444 GetWindowPlacement

• 0x105b448 GetWindowRect

• 0x105b44c GetSystemMetrics

• 0x105b450 MessageBoxA

• 0x105b454 GetWindowLongA

• 0x105b458 GetParent

• 0x105b45c GetLastActivePopup

• 0x105b460 IsWindowEnabled

• 0x105b464 GetWindowThreadProcessId

• 0x105b468 TabbedTextOutA

• 0x105b46c PostMessageA

• 0x105b470 SendMessageA

• 0x105b474 UnhookWindowsHookEx

• 0x105b478 PeekMessageA

• 0x105b47c PostQuitMessage

• 0x105b480 SetScrollInfo

• 0x105b484 LoadCursorA

• 0x105b488 SetMenuItemInfoA

• 0x105b48c UnregisterHotKey

• 0x105b490 EnableWindow

• 0x105b494 LoadIconA

• 0x105b498 CreateMenu

• 0x105b49c GetClipboardFormatNameA

• 0x105b4a0 RegisterWindowMessageA

• 0x105b4a4 UnpackDDElParam

• 0x105b4a8 ReuseDDElParam

• 0x105b4ac DestroyMenu

• 0x105b4b0 TranslateAcceleratorA

• 0x105b4b4 LoadAcceleratorsA

• 0x105b4b8 BeginDeferWindowPos

• 0x105b4bc DeferWindowPos

• 0x105b4c0 IsWindow

• 0x105b4c4 CreateWindowExA

• 0x105b4c8 TranslateMessage

• 0x105b4cc ReleaseCapture

• 0x105b4d0 SetCursor

• 0x105b4d4 SetRectEmpty

• 0x105b4d8 ShowWindow

• 0x105b4dc EnableMenuItem

• 0x105b4e0 GetMenuCheckMarkDimensions

Library COMCTL32.dll:

• 0x105b060 _TrackMouseEvent

• 0x105b064

• 0x105b068 ImageList_DragLeave

Library COMDLG32.dll:

• 0x105b070 GetSaveFileNameA

• 0x105b074 ChooseColorA

• 0x105b078 GetOpenFileNameA

Library ADVAPI32.dll:

• 0x105b000 RevertToSelf

• 0x105b004 RegCloseKey

• 0x105b008 ControlService

• 0x105b00c FreeSid

• 0x105b010 OpenSCManagerA

• 0x105b014 SetServiceStatus

• 0x105b018 AllocateAndInitializeSid

• 0x105b01c QueryServiceStatus

• 0x105b020 RegOpenKeyExA

• 0x105b024 RegCreateKeyExA

• 0x105b028 LookupPrivilegeValueA

• 0x105b02c SetSecurityDescriptorDacl

• 0x105b030 SetThreadToken

• 0x105b034 InitializeSecurityDescriptor

• 0x105b038 RegDeleteKeyA

• 0x105b03c RegQueryValueExA

• 0x105b040 RegisterServiceCtrlHandlerA

• 0x105b044 SetEntriesInAclA

• 0x105b048 OpenThreadToken

• 0x105b04c StartServiceCtrlDispatcherA

• 0x105b050 OpenProcessToken

• 0x105b054 OpenServiceA

• 0x105b058 CreateServiceW

Library WINMM.dll:

• 0x105b4e8 mciSendCommandA

• 0x105b4ec timeBeginPeriod

• 0x105b4f0 mciGetErrorStringA

• 0x105b4f4 timeEndPeriod

Library GDI32.dll:

• 0x105b080 GetStockObject

• 0x105b084 GetObjectA

• 0x105b088 SetBkColor

• 0x105b08c SetTextColor

• 0x105b090 GetClipBox

• 0x105b094 ExtTextOutA

• 0x105b098 GetObjectType

• 0x105b09c CreateSolidBrush

• 0x105b0a0 CreatePatternBrush

• 0x105b0a4 CreateFontIndirectA

• 0x105b0a8 CreateBitmap

• 0x105b0ac CreateCompatibleBitmap

• 0x105b0b0 CreateCompatibleDC

• 0x105b0b4 GetDeviceCaps

• 0x105b0b8 SelectObject

• 0x105b0bc PtVisible

• 0x105b0c0 RectVisible

• 0x105b0c4 BitBlt

• 0x105b0c8 GetPixel

• 0x105b0cc TextOutA

• 0x105b0d0 GetTextExtentPoint32A

• 0x105b0d4 Escape

• 0x105b0d8 DeleteDC

• 0x105b0dc SaveDC

• 0x105b0e0 RestoreDC

• 0x105b0e4 SetBkMode

• 0x105b0e8 SetMapMode

• 0x105b0ec SetViewportOrgEx

• 0x105b0f0 OffsetViewportOrgEx

• 0x105b0f4 SetViewportExtEx

• 0x105b0f8 ScaleViewportExtEx

• 0x105b0fc SetWindowExtEx

• 0x105b100 ScaleWindowExtEx

• 0x105b104 DeleteObject

Library OLEACC.dll:

• 0x105b2f0 LresultFromObject

• 0x105b2f4 CreateStdAccessibleObject

Library SHELL32.dll:

• 0x105b2fc DragFinish

• 0x105b300 DragQueryFileA

Library ole32.dll:

• 0x105b4fc StringFromCLSID

• 0x105b500 CoTaskMemFree

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
helindraold.co
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
mahindranew.co
clients2.google.com	A 172.217.160.110 CNAME clients.l.google.com	172.217.160.78
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49713	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	61680	114.114.114.114	53
192.168.56.101	62912	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	50002	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	50568	224.0.0.252	5355
192.168.56.101	53210	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57756	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.