7.4
高危
47 个模型检测该样本为恶意!
重新分析
更多

99b24003e4d5a19430653760db6492d920dfda94194ba8aaa9e82d2949aab740

4ac5dd87c8689619510de9f659118bd1.exe

分析耗时

112s

最近分析

文件大小

92.0KB
静态报毒 动态报毒 AI SCORE=88 ARTEMIS ATTRIBUTE CLOUD CONFIDENCE DOWNLOADER34 GCRM GDSDA HGIASOOA HIGH CONFIDENCE HIGHCONFIDENCE HOUOKI MALICIOUS PE MALWARE@#1GUHSY93XX2S6 PGDH RAZY SAVE SCORE STATIC AI SUSGEN UNSAFE VJZNI YMACCO 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!4AC5DD87C868 20210210 6.0.6.653
Alibaba Trojan:MSIL/Generic.f374eccd 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20210210 21.1.5827.0
Tencent Msil.Trojan.Agent.Pgdh 20210210 1.0.0.1
Kingsoft 20210210 2017.9.26.565
CrowdStrike win/malicious_confidence_60% (W) 20210203 1.0
静态指标
Checks if process is being debugged by a debugger (2 个事件)
Time & API Arguments Status Return Repeated
1619464037.06275
IsDebuggerPresent
failed 0 0
1619464037.06275
IsDebuggerPresent
failed 0 0
This executable has a PDB path (1 个事件)
pdb_path C:\Users\Jadhav\Source\Repos\OprLibrary\OprLibrary\obj\Release\OprLibrary.pdb
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619464037.09375
GlobalMemoryStatusEx
success 1 0
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619464043.34375
__exception__
stacktrace: 
LogHelp_TerminateOnAssert+0x2fb8b StrongNameErrorInfo-0x5830f clr+0x8c5e3 @ 0x73c1c5e3
LogHelp_TerminateOnAssert+0x30167 StrongNameErrorInfo-0x57d33 clr+0x8cbbf @ 0x73c1cbbf
LogHelp_TerminateOnAssert+0x302a6 StrongNameErrorInfo-0x57bf4 clr+0x8ccfe @ 0x73c1ccfe
RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x77d76ab9
RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x77d76a8b
New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x745b482b
KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x77d40143
LogHelp_TerminateOnAssert+0x2e1b0 StrongNameErrorInfo-0x59cea clr+0x8ac08 @ 0x73c1ac08
CopyPDBs+0x4abd MetaDataGetDispenser-0x4237 clr+0xfab0b @ 0x73c8ab0b
LookupHistoryAssembly+0x2fbdd clr+0x4d2bb4 @ 0x74062bb4
mscorlib+0x2c1301 @ 0x71ed1301
mscorlib+0x2b9b20 @ 0x71ec9b20
mscorlib+0x229ad7 @ 0x71e39ad7
0x700525
mscorlib+0x230de1 @ 0x71e40de1
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73be9424
StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73bd3f33
StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73bd3f92
GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73be92c8
GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73be9619
StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73bd3ea9
CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73bc0bf1
LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73c289e7
mscorlib+0x24e713 @ 0x71e5e713
mscorlib+0x24e4ea @ 0x71e5e4ea
mscorlib+0x23d314 @ 0x71e4d314
mscorlib+0x23cf95 @ 0x71e4cf95
mscorlib+0x23cd51 @ 0x71e4cd51
mscorlib+0x23caba @ 0x71e4caba
mscorlib+0x2bba5a @ 0x71ecba5a
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
LogHelp_TerminateOnAssert+0x42ba0 StrongNameErrorInfo-0x452fa clr+0x9f5f8 @ 0x73c2f5f8
LogHelp_TerminateOnAssert+0x42cf7 StrongNameErrorInfo-0x451a3 clr+0x9f74f @ 0x73c2f74f
mscorlib+0x2bb931 @ 0x71ecb931
mscorlib+0x2bbc18 @ 0x71ecbc18
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
LogHelp_TerminateOnAssert+0x31879 StrongNameErrorInfo-0x56621 clr+0x8e2d1 @ 0x73c1e2d1
LogHelp_TerminateOnAssert+0x3197b StrongNameErrorInfo-0x5651f clr+0x8e3d3 @ 0x73c1e3d3
mscorlib+0x826304 @ 0x72436304
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
GetCLRFunction+0x4d5 GetMetaDataPublicInterfaceFromInternal-0x9198 clr+0xec74f @ 0x73c7c74f
CopyPDBs+0x321b MetaDataGetDispenser-0x5ad9 clr+0xf9269 @ 0x73c89269
CopyPDBs+0x30c8 MetaDataGetDispenser-0x5c2c clr+0xf9116 @ 0x73c89116
CopyPDBs+0x3fa1 MetaDataGetDispenser-0x4d53 clr+0xf9fef @ 0x73c89fef
CopyPDBs+0x4a9b MetaDataGetDispenser-0x4259 clr+0xfaae9 @ 0x73c8aae9
LookupHistoryAssembly+0x2fbdd clr+0x4d2bb4 @ 0x74062bb4
mscorlib+0x2c1301 @ 0x71ed1301
mscorlib+0x2b9b20 @ 0x71ec9b20
mscorlib+0x229ad7 @ 0x71e39ad7
0x700525

registers.esp: 2793500
registers.edi: 4294959103
registers.eax: 0
registers.ebp: 2793520
registers.edx: 1
registers.ebx: 1
registers.esi: 3678632
registers.ecx: 3678632
exception.instruction_r: 8b 40 18 85 c0 0f 84 cb f2 ff ff 8b c8 8b 40 18
exception.instruction: mov eax, dword ptr [eax + 0x18]
exception.exception_code: 0xc0000005
exception.symbol: LogHelp_TerminateOnAssert+0x313b7 StrongNameErrorInfo-0x56ae3 clr+0x8de0f
exception.address: 0x73c1de0f
success 0 0
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:154123707&cup2hreq=f492c7a9bdeda6adae2ebecd60262c2d36f0e7857c8a17aa56576f3ebd150663
Performs some HTTP requests (4 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619454021&mv=m&mvi=1&pl=23&shardbypass=yes
request HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=9c6657183f1bc0cb&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619454260&mv=m
request POST https://update.googleapis.com/service/update2?cup2key=10:154123707&cup2hreq=f492c7a9bdeda6adae2ebecd60262c2d36f0e7857c8a17aa56576f3ebd150663
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:154123707&cup2hreq=f492c7a9bdeda6adae2ebecd60262c2d36f0e7857c8a17aa56576f3ebd150663
Allocates read-write-execute memory (usually to unpack itself) (26 个事件)
Time & API Arguments Status Return Repeated
1619464036.10975
NtAllocateVirtualMemory
process_identifier: 2272
region_size: 1441792
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00650000
success 0 0
1619464036.10975
NtAllocateVirtualMemory
process_identifier: 2272
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00770000
success 0 0
1619464036.48475
NtAllocateVirtualMemory
process_identifier: 2272
region_size: 524288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x005b0000
success 0 0
1619464036.48475
NtAllocateVirtualMemory
process_identifier: 2272
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005f0000
success 0 0
1619464036.76575
NtProtectVirtualMemory
process_identifier: 2272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b91000
success 0 0
1619464037.06275
NtAllocateVirtualMemory
process_identifier: 2272
region_size: 1179648
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01ed0000
success 0 0
1619464037.06275
NtAllocateVirtualMemory
process_identifier: 2272
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01fb0000
success 0 0
1619464037.06275
NtAllocateVirtualMemory
process_identifier: 2272
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0057a000
success 0 0
1619464037.06275
NtProtectVirtualMemory
process_identifier: 2272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b92000
success 0 0
1619464037.06275
NtAllocateVirtualMemory
process_identifier: 2272
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00572000
success 0 0
1619464037.29675
NtAllocateVirtualMemory
process_identifier: 2272
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00592000
success 0 0
1619464037.37475
NtAllocateVirtualMemory
process_identifier: 2272
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005c5000
success 0 0
1619464037.37475
NtAllocateVirtualMemory
process_identifier: 2272
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005cb000
success 0 0
1619464037.37475
NtAllocateVirtualMemory
process_identifier: 2272
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005c7000
success 0 0
1619464037.51575
NtAllocateVirtualMemory
process_identifier: 2272
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00593000
success 0 0
1619464037.53175
NtAllocateVirtualMemory
process_identifier: 2272
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0059c000
success 0 0
1619464037.57775
NtAllocateVirtualMemory
process_identifier: 2272
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00700000
success 0 0
1619464038.18775
NtAllocateVirtualMemory
process_identifier: 2272
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00594000
success 0 0
1619464038.18775
NtAllocateVirtualMemory
process_identifier: 2272
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00596000
success 0 0
1619464038.57775
NtAllocateVirtualMemory
process_identifier: 2272
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005ba000
success 0 0
1619464038.57775
NtAllocateVirtualMemory
process_identifier: 2272
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005b7000
success 0 0
1619464041.67175
NtAllocateVirtualMemory
process_identifier: 2272
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005b6000
success 0 0
1619464041.96875
NtAllocateVirtualMemory
process_identifier: 2272
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0057c000
success 0 0
1619464042.03175
NtAllocateVirtualMemory
process_identifier: 2272
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00597000
success 0 0
1619464042.04675
NtAllocateVirtualMemory
process_identifier: 2272
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00598000
success 0 0
1619482850.750271
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00000000041b0000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scriptpbox.lnk
Creates a shortcut to an executable file (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scriptpbox.lnk
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Installs itself for autorun at Windows startup (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scriptpbox.lnk
File has been identified by 47 AntiVirus engines on VirusTotal as malicious (47 个事件)
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
McAfee Artemis!4AC5DD87C868
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0056b2b91 )
Alibaba Trojan:MSIL/Generic.f374eccd
K7GW Trojan ( 0056b2b91 )
Cybereason malicious.7c8689
Cyren W32/Trojan.GCRM-6802
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan.MSIL.Agent.gen
BitDefender Gen:Variant.Razy.724490
NANO-Antivirus Trojan.Win32.Dwn.houoki
MicroWorld-eScan Gen:Variant.Razy.724490
Avast Win32:Trojan-gen
Tencent Msil.Trojan.Agent.Pgdh
Ad-Aware Gen:Variant.Razy.724490
Emsisoft Gen:Variant.Razy.724490 (B)
Comodo Malware@#1guhsy93xx2s6
F-Secure Trojan.TR/Agent.vjzni
DrWeb Trojan.DownLoader34.5301
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition Artemis
FireEye Gen:Variant.Razy.724490
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
GData Gen:Variant.Razy.724490
Avira TR/Agent.vjzni
MAX malware (ai score=88)
Arcabit Trojan.Razy.DB0E0A
AegisLab Trojan.MSIL.Agent.4!c
ZoneAlarm HEUR:Trojan.MSIL.Agent.gen
Microsoft Trojan:Win32/Ymacco.AA99
ALYac Trojan.MSIL.Agent
Malwarebytes Trojan.Dropper
ESET-NOD32 a variant of MSIL/Agent.CWN
Rising Trojan.Agent!8.B1E (CLOUD)
Ikarus Trojan.MSIL.Agent
MaxSecure Trojan.Malware.8703358.susgen
Fortinet MSIL/Agent.CWN!tr
AVG Win32:Trojan-gen
Panda Trj/GdSda.A
CrowdStrike win/malicious_confidence_60% (W)
Qihoo-360 Win32/Trojan.Generic.HgIASOoA
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.110:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2043-03-15 13:44:25

Imports

Library mscoree.dll:
0x402000 _CorExeMain

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49185 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49186 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49184 203.208.41.65 redirector.gvt1.com 80
192.168.56.101 49183 203.208.41.98 update.googleapis.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 54178 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 58970 114.114.114.114 53
192.168.56.101 60088 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 54991 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60221 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619454021&mv=m&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619454021&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=9c6657183f1bc0cb&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619454260&mv=m 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=9c6657183f1bc0cb&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619454260&mv=m HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.