1.6
低危
51 个模型检测该样本为恶意!
重新分析
更多

8f4534e365d2100fcc3af88ac8920546e8aa21c1f3f0e9881729e467ee04b32c

476522c716b10aa16f0e5d501d95414b.exe

分析耗时

3s

最近分析

文件大小

627.5KB
静态报毒 动态报毒 AGENSLA AGENTTESLA AI SCORE=88 AVSARHER BSK66A CONFIDENCE ELDORADO FAREIT GDSDA GENERICKD HIGH CONFIDENCE KRYPTIK MALICIOUS PE MALWAREX NM0@AEULPTD NONAME@0 PCSR QQPASS QQROB QVM03 R + TROJ R350011 SFONE SIGGEN2 SUSGEN TSCOPE TSVMJ UNSAFE USXVPI320 ZEMSILCO 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanSpy:MSIL/AgentTesla.2959466d 20190527 0.3.0.5
Tencent Msil.Trojan-qqpass.Qqrob.Pcsr 20200917 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft 20200917 2013.8.14.323
McAfee Fareit-FZD!476522C716B1 20200915 6.0.6.653
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
静态指标
行为判定
动态指标
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.905033082696371 section {'size_of_data': '0x0008de00', 'virtual_address': '0x00002000', 'entropy': 7.905033082696371, 'name': '.text', 'virtual_size': '0x0008dc70'} description A section with a high entropy has been found
entropy 0.905103668261563 description Overall entropy of this PE file is high
网络通信
File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 个事件)
Elastic malicious (high confidence)
DrWeb Trojan.PWS.Siggen2.54325
MicroWorld-eScan Trojan.GenericKD.34463319
FireEye Generic.mg.476522c716b10aa1
ALYac Trojan.GenericKD.34463319
Cylance Unsafe
Zillya Trojan.Kryptik.Win32.2466401
Sangfor Malware
K7AntiVirus Trojan ( 0056d9bf1 )
Alibaba TrojanSpy:MSIL/AgentTesla.2959466d
K7GW Trojan ( 0056d9bf1 )
Cybereason malicious.870aa6
Arcabit Trojan.Generic.D20DDE57
Invincea Mal/Generic-R + Troj/MSIL-PPV
BitDefenderTheta Gen:NN.ZemsilCO.34242.Nm0@aeulPTd
Cyren W32/MSIL_Kryptik.BNP.gen!Eldorado
Symantec Packed.Generic.570
ESET-NOD32 a variant of MSIL/Kryptik.XOE
TrendMicro-HouseCall Worm.Win32.SFONE.USXVPI320
Paloalto generic.ml
Kaspersky HEUR:Trojan-PSW.MSIL.Agensla.gen
BitDefender Trojan.GenericKD.34463319
Tencent Msil.Trojan-qqpass.Qqrob.Pcsr
Ad-Aware Trojan.GenericKD.34463319
Comodo fls.noname@0
F-Secure Trojan.TR/Kryptik.tsvmj
VIPRE Trojan.Win32.Generic!BT
TrendMicro Worm.Win32.SFONE.USXVPI320
Sophos Troj/MSIL-PPV
Ikarus Trojan.MSIL.Inject
Webroot W32.Trojan.Gen
Avira TR/Kryptik.tsvmj
Antiy-AVL Trojan[PSW]/MSIL.Agensla
Microsoft TrojanSpy:MSIL/AgentTesla.AQ!MTB
AegisLab Trojan.MSIL.Agensla.i!c
ZoneAlarm HEUR:Trojan-PSW.MSIL.Agensla.gen
GData Trojan.GenericKD.34463319
AhnLab-V3 Trojan/Win32.Kryptik.R350011
McAfee Fareit-FZD!476522C716B1
MAX malware (ai score=88)
VBA32 TScope.Trojan.MSIL
Malwarebytes Spyware.AgentTesla
APEX Malicious
Yandex Trojan.AvsArher.bSK66A
SentinelOne DFI - Malicious PE
Fortinet MSIL/Kryptik.XRP!tr
MaxSecure Trojan.Malware.74499699.susgen
AVG Win32:MalwareX-gen [Trj]
Panda Trj/GdSda.A
CrowdStrike win/malicious_confidence_60% (W)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-09-02 11:44:08

Imports

Library mscoree.dll:
0x402000 _CorExeMain

Hosts

No hosts contacted.

DNS

No domains contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.