1.2
低危
45 个模型检测该样本为恶意!
重新分析
更多

09a65efc086d6bb704c70790156939cbc12d2b03fbb97b6b17a0fab0ec0f9189

09a65efc086d6bb704c70790156939cbc12d2b03fbb97b6b17a0fab0ec0f9189.exe

分析耗时

195s

最近分析

385天前

文件大小

68.4KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 WORM PICSYS
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.72
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:Trojan-gen 20191004 18.4.3895.0
Baidu Win32.Worm-P2P.Picsys.a 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Kingsoft None 20191004 2013.8.14.323
McAfee GenericRXEO-AF!487C035061E6 20191004 6.0.6.653
Tencent Worm.Win32.Picsys.aab 20191004 1.0.0.1
行为判定
动态指标
可执行文件使用UPX压缩 (2 个事件)
section UPX0 description 节名称指示UPX
section UPX1 description 节名称指示UPX
网络通信
与未执行 DNS 查询的主机进行通信 (1 个事件)
host 114.114.114.114
文件已被 VirusTotal 上 45 个反病毒引擎识别为恶意 (45 个事件)
ALYac Generic.Malware.G!hidp2p!prng.CFFD94F6
APEX Malicious
AVG Win32:Trojan-gen
Acronis suspicious
Ad-Aware Generic.Malware.G!hidp2p!prng.CFFD94F6
AhnLab-V3 Worm/Win32.Picsys.R258480
Antiy-AVL Worm[P2P]/Win32.Picsys
Arcabit Generic.Malware.G!hidp2p!prng.CFFD94F6
Avast Win32:Trojan-gen
Baidu Win32.Worm-P2P.Picsys.a
BitDefender Generic.Malware.G!hidp2p!prng.CFFD94F6
CMC P2P-Worm.Win32.Picsys!O
ClamAV Win.Worm.Picsys-6888234-0
Comodo Worm.Win32.Picsys.BK@565vf1
CrowdStrike win/malicious_confidence_100% (D)
Cybereason malicious.061e60
Cyren W32/S-db3bc76d!Eldorado
DrWeb Win32.HLLW.Morpheus.2
Emsisoft Generic.Malware.G!hidp2p!prng.CFFD94F6 (B)
Endgame malicious (high confidence)
F-Prot W32/S-db3bc76d!Eldorado
FireEye Generic.mg.487c035061e60bdd
Fortinet W32/Picsys.B!worm.p2p
GData Generic.Malware.G!hidp2p!prng.CFFD94F6
Ikarus P2P-Worm.Win32.Picsys.b
Invincea heuristic
Jiangmin I-Worm/P2P.Picsys
Kaspersky P2P-Worm.Win32.Picsys.b
MAX malware (ai score=83)
McAfee GenericRXEO-AF!487C035061E6
McAfee-GW-Edition BehavesLike.Win32.Picsys.km
MicroWorld-eScan Generic.Malware.G!hidp2p!prng.CFFD94F6
Microsoft Worm:Win32/Yoof.E
NANO-Antivirus Trojan.Win32.Picsys.deaxpd
Rising Backdoor.Agent!1.663A (CLASSIC)
SentinelOne DFI - Malicious PE
Sophos W32/PicSys-B
Symantec W32.HLLW.Yoof
TACHYON Worm/W32.Picsys
Tencent Worm.Win32.Picsys.aab
TotalDefense Win32/Tnega.ZdXLcXB
Trapmine malicious.high.ml.score
Yandex Worm.P2P.Picsys.B
ZoneAlarm P2P-Worm.Win32.Picsys.b
eGambit Unsafe.AI_Score_75%
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
UPX0 0x00001000 0x00054000 0x00054000 5.8765584421182995
UPX1 0x00055000 0x0000e000 0x0000d200 0.0
.rsrc 0x00063000 0x00001000 0x00000400 0.0
.imports 0x00064000 0x00001000 0x00000800 0.0
L!This program must be run under Win32
.imports
StringX
TObject%HD
;u3YZ]_^[
SVWUL$
]_^[SVWUL$
uZ]_^[
YZ]_^[
_^[U3Uh.
d2d"h@
d2d"=E@
u3ZYYd
#_^[SVWU
SVW<$L$
]_^[USVW
d1d!=E@
2E3ZYYd
E_^[YY]
UQSVW3@
d1d!=E@
E3ZYYd
E_^[Y]
YZ]_^[
d2d"=E@
}3ZYYd
E_^[Y]
_^SVWU
< v;"u
3C<"u1S
>3Q<"u8S
< w]_^[
Ek<1fU
Ht Ht.g
6Huv=L
b}3E?E3s
<3EE_^[Y]
f=r/f=w)f%f=u
RPCHPt$
SVWPtl11
-tb+t_$t_xtZXtU0u
FxtHXtCt
~ExC[)A
FuY12_^[
@aQYR@
b@"E@|oe@p+
BkU'9p|B0<RB~QC/j\
Cv)/&D
dEJzEb
9;5S]=];Z T7aZ%]g']
R`%uYnb
AuM3Uhi2@
f%fUf?f
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
Iu9u_^[
PRQQTj
YZXtpH
S1VWUd
SPRQT$(j
ZTUWVSPRTj
uZd$,1Yd
t=HtN`
r6t0R=
t/=t&,*&"
USVW,@
USVW4@
d2d";~
P'v_^[]
aS1WV<
Ou^_[SVWt@
SVWU,@
^v]_^[
XRH0ZX
PQ}ZXSVW
,ISVWRP1L
JZ_^[X$
t8JIt2S
PHXHI|
St-Xt&J|
USVW\$
USVW\$
SVWUEEEh8F@
Rt@hHF@
EPPEPA"
E8\u8Ex
PPP5ttV PS
@PHPD@
VEPPEP
E_^[]kernel32.dll
GetLongPathNameA
3UhaG@
PEPHt"EPEPj
+PEPSFj
+PEPSj
Software\Borland\Locales
Software\Borland\Delphi\Locales
USVWE(@
d0d ]ES
u_^[YY]
UQE3UhI@
d2d"E@
t3ZYYd
U3UhbJ@
U3UhEL@
U3UhM@
U3UhAP@
Exception
EHeapExceptiondQ@
EOutOfMemory@
EInOutError
EExternalpR@
EExternalExceptionR@
EIntError(S@
EDivByZeroS@
ERangeErrorS@
EIntOverflow@
EMathErrorT@
EInvalidOpT@
EZeroDivide<U@
EOverflowU@
EUnderflowU@
EInvalidPointerHV@
EInvalidCast@
EConvertError
EAccessViolation@
EPrivilegeW@
EStackOverflow
EControlClX@
EVariantErrorX@
EAssertionFailed@
EAbstractErrorY@
EIntfCastErrorY@
ESafecallExceptionY@
SysUtils
SysUtils
P[SVWQj
PWVSgu
$Z_^[P
EPfEPfEPzt#EPEPt
^[]SVWU
3URURURURP
EUE3RPEU
E3RPEUM
1t!F<ar
)t[^_
D$ D$$
3(_^[SV
9t<%t^]E<-u
ZYuG1<*t"<0r=<9w9i
uSPE]7X[_^[[]
t't#PE
UWVSE/@
INFNAN
11(efM
M[YCVut
N^$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)]
+ES][}
00fJu2}
Z_^[UQSVWM]
)_^[Y]
U3QQQQQQSVW3Uhi@
d0d GE
JCDHyYU
JC8HVYUC
JE*YUC
u3ZYYd
*(_^[]
SV3Uhej@
ETv^[Y]
d0d EPs$k@
VCPhi@
U3QQQQQSVW3Uhl@
UlC\;~
PP6u#h
EEv_^[]
L$Hdp@
PD$L,PD$PPjP
jP6j@D$
PD$LPj
3Uh.p@
d0d EPU
d0d EPUEU
+3ZYYd
_^[YY]
TErrorRec
TExceptRec
]]3Uhr@
43ZYYd
t<HtHU
r3t7G=
SV3E3Uhgu@
UE3Uh3v@
d0d Ew%
u^[SVW
_^[US3
U3Uhxy@
UQSVW}
u_^[Y]
Hu.jJ,
U>Y_^[]
IuS3Uh?~@
<EPT~@
jEPp~@
fE3u?EPT~@
yuuh~@
m/d/yy
mmmm d, yyyy
:mm:ss
kernel32.dll
GetDiskFreeSpaceExA
U3Uh0@
d0d -8@
A,R3ZYYd
Want to see a massive horse cock in a tight little teen's pussy.mpg.pif
Choke on cum (sodomy, rape).mpg.exe
15 year old webcam.mpg.pif
play station emulator crack.exe
DivX pro key generator.exe
Lolita preteen sex.mpeg.pif
Jenna Jamison Dildo Humping.exe
jenna jameson - xxx nurse scene.mpg.pif
Another bang bus victim forced rape sex cum.mpg.exe
nikki nova sex scene huge dick blowjob.mpg.exe
Kama Sutra Tetris.exe
fetish bondage preteen porno.mpg.pif
CKY3 - Bam Margera World Industries Alien Workshop.exe
chubby girl fucked from all angles xxx.exe
jenna jameson - shower scene.exe
Hotmail Hacker.exe
Britney Spears Dance Beat.exe
virtua girl - adriana.pif
16 year old webcam.mpg.exe
Blonde and Japanese girl bukkake.mpg.exe
AOL, MSN, Yahoo mail password stealer.exe
yahoo cracker.exe
cute girl giving head.exe
jenna jameson sex scene huge dick blowjob.scr
illgal incest preteen porn cum.mpg.exe
Britney spears nude.exe
XXX Porn Passwords.exe
hotmailhacker.exe
preteen snuff sex rape with a stick hardcore.mpg.pif
teen tied up and raped.exe
Website Hacker.exe
hot girl on the beach sucking cock and fucking guy.mpg.exe
msncracker.exe
Teen Violent Forced Gangbang.exe
password stealer.exe
divx pro.exe
Counter Strike CD Keygen.exe
ICQ Hackingtools.exe
16 year old on beach.exe
GTA 3 Crack.exe
Grand theft auto 3 CD1 crack.exe
Pamela Anderson And Tommy Lee Home Video (Part 1).mpg.exe
siemens unlocker.exe
icqcracker.exe
Pamela Anderson.exe
Microsoft Office XP (english) key generator.exe
girls gone wild.mpg.exe
pamela anderson naked.mpg.exe
GTA 3 Serial.exe
porn account cracker.exe
Warcraft 3 battle.net serial generator.exe
preteen sucking huge cock illegal.mpg.exe
Winzip.exe
aimcracker.exe
Harry Potter and the sorcerors stone.divx.exe
15 year old on beach.mpg.exe
Bondage Fetish Foot Cum.exe
Digimon.exe
AIM Account Hacker.exe
AIM Flooder.exe
AIM Password Stealer.exe
chubby girl bukkake gang banged sucking cock.mpg.pif
crack.exe
aol password cracker.exe
illegal porno - 15 year old raped by two men on boat.mpg.pif
kill osama bin laden game.exe
invisible IP.exe
Universal Game Crack.exe
Windows 2000.exe
AIM Account Stealer.exe
OfficeXP Keygen.exe
Yahoo mail cracker.exe
Norton antivirus 2002.exe
Napster Clone.exe
GTA3 crack.exe
MSN.exe
aimhacker.exe
Flash Golf.exe
nude.exe
Free Porn.exe
AOL.exe
14 year old on beach.mpg.exe
MSN Flooder.exe
Xbox Iso 2 Rom Converter.exe
Cable Modem Uncapper.exe
warcraft 3 crack.exe
Play Games Online For FREE.exe
anastasia nude.exe
pamela anderson nude.exe
brutal preteen porn xxx.exe
win2k serial.exe
Jenna Jameson Nude Gang Bang Forced Cum Blowjob.mpg.pif
jenna jameson - built for speed.exe
MSN Password Hacker and Stealer.exe
Two girls - Blonde and Brunette - Giving head.exe
hotmail account sniffer.exe
virtua girl - bailey short skirt.pif
Nokia Unloker (most models).exe
illegal preteen porn anal fisting.mpg.pif
violent preteen gang bang illegal.mpg.exe
Preteen Rape Sex Illegal - Jenny - 13 Years old.mpg.pif
yahoo hacker.exe
12 year old forced rape cum.exe
windows xp key generator and cracker.exe
Hacking Tool Collection.exe
Tawny Roberts fucking with a lucky guy.mpg.exe
Worms World Play crack.exe
Windows 2000 win2k password stealer.exe
winxcfg.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\
U3UhX@
d0d d@
U3EEd@
d0d 3D
p3ZYYd
Version
Software\Kazaa\LocalContent
DisableSharing
\macromd
012345:
File probably corrupted or it have incomplete length
Runtime error at 00000000
0123456789ABCDEF
3&i$yN^[
V.O4_Ta,qHoq%&\c|r}9
q|1-r{
DE*8B}{
5xj-}L.!#
~z\ f^R[
z$>pzix
^& *M%
zM/y#t
5Pn*PB
Pmgou"4CQ`[
f x%y8
GvEX?49FB
qj-V2{
I4L_6>nfUj
`2p-8U
K;S_gv;k
4zngun
ThCsT|Q
\rVz5"
CP8;$7
y;.9~:Oy
wgr(j6
AzQm*@
;BP>RU
9GKbDb9/B
3i+})B
U::07u]
L&j+T3
I{(i!! p|j
-UqZ\r
!grY%,(^
Ms)%fD
$Q2vxj
]9[Rg]:{
_`?^D2KS@mE{E
Pf=YhD
a5|5A|!'W#O
`%)&EE
Fn0`u!
u{OZx{&b
{eCC6*Nmdy
iKsT])T]
0A~m[_lh
SuNQb ikL{
DlTc&LNE2lj@
_V`)'.nc
_75Mg+'
n$U]o`
%i8/>ot!EK
3#U5TS7
{)bs$h*6Q9
BO Md~o-<zr)m
wJ6;S{
OgvCx(pj.8.;
Q,R(rrM
m-jqmqbV;7}
#IKo|4
_wDqmCXS
~&!H&fLO
Wmi+\k<
Zh1(&yj
8P7i_owLk
;HG8om3B
+4`NmW;{s^8,
N=1RU=
Q &gBH
wDD6/Z,HJ
C3(?%1
'xN0ox zE$
-5ONrhTY
4n(52p9x
-".Mo`
XLc~KN
js{j@ZCBX2ya
7 QK03j
BW;pO'-CnAu\
@!y]N}
/g=L c
o~r+R3py
Js2~%luP
<,6_%ob8
6ox2@Sc_
WB-!dkFf0G
y:t2ei0P'w
flR;B.5
)nv<dG
%jBl>*M)b
%k|nuq
12C'N<N
3\t?e`
i#,kAj
nH?J6`3
P*jlT~[
&KVF&f*iXqQ3cz
0(?$*X
zVK%PkOQvTxI|8{W
kP+n+g!pN
)"E~~I[:
2 OD}8GW
I\4Y+sVpt
n88-F4Ii2',@.@
*V]2:,"r3JPF#/
S%9.'5i,@=p
OF/%KG
j-8@bA66
8ji,Ha[
Elq.**}
-9X8DoJ
LpZE0AS@xQ
j\'7|Hw;B^&?.b9
47@a)px1zNf
QSQ{![>
ygVY@
8"/9af
%I]>{4X
#)=Y8Q
Dv|{*>
YE7XP%acq
a9 kSWG
n;sSQIM]
uL)|5g
u~H={~
i<UB%T#v8
1d:P)>
'Z+i#S
I/?9c3v0"
"hm Lj
w&,}`|W<q~
PvWG|\|I
IO`g1f
Q1z^7
xEmcYPdp$
=$F;x<
p|,6+#,\m
j@`8in[v~v/n
>9^EOyg /
x'IJ2Ugxxs
_d'x3J#1h)X
8U7j^oZ
ABi|=*}\_Q
ir:2u.
f)StI*C
bJ{]VvfeivrX7
*Axp.A
Um'xf[a1<G
y='-qaJ
i)]F.x>2%o$M
P@Pisx
EAW[Il;
8:1Vn,G9=_*
1&TP"5
m40IbwYJV
`P"KU<=
gMCH34+Z[=yvbt18i1"{M
^&(e}m
A?U[$[^
^^Ps!C
VF9Lr nADRP
4%i>XI
!S4( /G9`
CYDOpE
{*{*2RU
-kbKITjo0
}ti 2.a.'T
z/ykw("
T!~zlwtxAj
Y3d|ZU
&2F<}4q9b
|i'?!D&#
"Kzt}"
x2(zpAOYB\~.]=tB\+$
\GTSf<@W9Q8
BX5ZMW:G]f4
H(tw$+
2]=kys^
eIzw(kF
f8]fvPA%
#f/fv`='wtuLKRYG_$UU^(M
07RmGZ o[
?,"s92I,og^K
@RN7C,:
lv$2h_^O
RO6|KGb]p[
zx#u7*N
^?$NC,
`jPXphjE5
EUYJ!QO
7dcc#D:&X
=6!z}?
!T,K*Xa{eEhMJ
z+s)$YNck}
c$Q^:n
jc@PdM#%j
og}t"a*x
xEhAo*V
[FctTo,:
Z1FJ3zZugcp/=
CmuwF4p3XReV.
Bd/8)d
tu336W]c75
`/`S!_
~Ab9_<=D
^0-A^1
tAPH%R,G(X
!M!yKVCb
ORvl|GU
%_%jH,
ks:){\t
cz{v-d
,6b1dU
k8`dae
reu^K`
hKN?6p
O"X"(yM
$zp^V<E}
zgqns*!$Yd]2BVFc
i2~F9+a
PX{b)&X
'xYY]B
/,|jep6B9$M[@UM2}
S;spqj8
@I#Tvx
21[Bz+k
AZuCvDLtKV
%HoYqnO
a|&AZESr
5&n9RY
QW~DK%
\qLT\Z(
pJaYa3
//`D76
GvXZ-i
|#7"xI
D?@Q#[@
;gM=|{!C
Q`PwGM
iSw-Bt{
HHyVOZj
&Zev$1+D
hurzu89
fi16A{E5zbje
["NT]*FjX
4wBe&\M
VS'b\n
B]Hc)~8v
BB"yUH
ZeI|D9
igDJ8'$Y4
^i# ]S
b,~T8p&.
}7C8Mw]-X4N
u%~(weC!K}d
l1}JVzd
vA1Dpj
>$Mcb?7pE!0I{
PZMRRVdko
L{^p)5
%,pb7nGg4z4
;Ikq=)
o))C3Hp[Lb\6
x,@JMmV
@@@@@@@@@

Process Tree

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.