2.0
低危
59 个模型检测该样本为恶意!
重新分析
更多

b840d427761bd6b69b6dbdfda6d4ac764f6cc0116c6b932b66a47886aca3be77

4c3d5f3a22440e2c824654ed2e06e86d.exe

分析耗时

21s

最近分析

文件大小

744.5KB
静态报毒 动态报毒 100% A + MAL AI SCORE=82 AIDETECTVM ANLSH5TQYCW BANKERX CLASSIC CONFIDENCE ELJF EMOTET ENCPK ERHS GENCIRC GENETIC GENKRYPTIK HDMT HIGH CONFIDENCE INJECT3 KCLOUD KRYPTIK MALICIOUS PE MALWARE1 MALWARE@#2X2CJEHMKS791 OZTKQ PINKSBOT QAKBOT QBOT RAZY SCORE SMTHA STATIC AI SUSGEN TROJANBANKER UM0@AS2CTLKI UNSAFE VZUG ZENPAK ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee W32/PinkSbot-GS!4C3D5F3A2244 20201211 6.0.6.653
Alibaba TrojanBanker:Win32/Qakbot.e8824e4d 20190527 0.3.0.5
Avast Win32:BankerX-gen [Trj] 20201210 21.1.5827.0
Baidu 20190318 1.0.0.2
Kingsoft Win32.Troj.Banker.(kcloud) 20201211 2017.9.26.565
Tencent Malware.Win32.Gencirc.10cdcb5f 20201211 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
The file contains an unknown PE resource name possibly indicative of a packer (4 个事件)
resource name IMAGE
resource name MUI
resource name UIFILE
resource name WEVT_TEMPLATE
行为判定
动态指标
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
DrWeb Trojan.Inject3.40354
MicroWorld-eScan Trojan.Agent.ERHS
FireEye Generic.mg.4c3d5f3a22440e2c
McAfee W32/PinkSbot-GS!4C3D5F3A2244
Cylance Unsafe
Zillya Trojan.Qbot.Win32.8222
Sangfor Malware
K7AntiVirus Trojan ( 005673a11 )
Alibaba TrojanBanker:Win32/Qakbot.e8824e4d
K7GW Trojan ( 005673a11 )
Cybereason malicious.6ac93c
Arcabit Trojan.Agent.ERHS
BitDefenderTheta Gen:NN.ZexaF.34670.Um0@aS2cTLki
Cyren W32/Trojan.VZUG-6653
Symantec Packed.Generic.459
ESET-NOD32 a variant of Win32/Kryptik.HDMT
APEX Malicious
Paloalto generic.ml
ClamAV Win.Packed.Razy-8019799-0
Kaspersky HEUR:Trojan-Banker.Win32.Qbot.pef
BitDefender Trojan.Agent.ERHS
Avast Win32:BankerX-gen [Trj]
Rising Trojan.Kryptik!1.C6C9 (CLASSIC)
Ad-Aware Trojan.Agent.ERHS
TACHYON Trojan/W32.Agent.762368.DQ
Emsisoft Trojan.Agent.ERHS (B)
Comodo Malware@#2x2cjehmks791
F-Secure Trojan.TR/AD.Qbot.oztkq
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.QAKBOT.SMTHA.hp
McAfee-GW-Edition BehavesLike.Win32.Emotet.bh
Sophos ML/PE-A + Mal/EncPk-APV
Ikarus Backdoor.QBot
Jiangmin Trojan.Zenpak.bsq
Avira TR/AD.Qbot.oztkq
Antiy-AVL Trojan[Banker]/Win32.Qbot
Kingsoft Win32.Troj.Banker.(kcloud)
Microsoft Trojan:Win32/Qakbot.AR!MTB
AegisLab Trojan.Multi.Generic.4!c
ZoneAlarm HEUR:Trojan-Banker.Win32.Qbot.pef
GData Trojan.Agent.ERHS
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.Generic.C4105164
VBA32 TrojanBanker.Qbot
ALYac Trojan.Agent.QakBot
MAX malware (ai score=82)
Malwarebytes Backdoor.Qbot
TrendMicro-HouseCall TrojanSpy.Win32.QAKBOT.SMTHA.hp
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-05-22 03:35:07

Imports

Library KERNEL32.dll:
0x496904 GetDriveTypeA
0x496908 GetTickCount
0x49690c GetLocalTime
0x496910 WriteFile
0x496918 SetFilePointer
0x49691c ReadFile
0x496920 MoveFileExA
0x496924 CopyFileA
0x496930 GetLongPathNameA
0x496934 GlobalAlloc
0x496938 GlobalFree
0x49693c SetFileAttributesA
0x496940 DeleteFileA
0x496944 GetSystemTime
0x496948 GetComputerNameA
0x49694c CreateDirectoryA
0x496954 FindFirstFileA
0x496958 FindNextFileA
0x49695c FindClose
0x496960 GetLastError
0x496968 ResetEvent
0x49696c SetEvent
0x496970 CreateEventA
0x496984 WaitForSingleObject
0x496988 GetModuleHandleA
0x496994 LocalFree
0x496998 FormatMessageA
0x49699c GetFileType
0x4969a0 FlushFileBuffers
0x4969a4 GlobalDeleteAtom
0x4969a8 GlobalUnlock
0x4969ac GlobalLock
0x4969b0 MultiByteToWideChar
0x4969b8 DeleteAtom
0x4969bc GetCurrentThreadId
0x4969c0 AddAtomA
0x4969c4 RtlUnwind
0x4969c8 RaiseException
0x4969cc HeapFree
0x4969d0 HeapReAlloc
0x4969d4 HeapAlloc
0x4969d8 ExitThread
0x4969dc CreateThread
0x4969e0 GetStartupInfoA
0x4969e4 GetCommandLineA
0x4969e8 ExitProcess
0x4969ec WideCharToMultiByte
0x4969f0 TlsAlloc
0x4969f4 SetLastError
0x4969f8 TlsFree
0x4969fc TlsSetValue
0x496a00 TlsGetValue
0x496a04 GetACP
0x496a08 GetOEMCP
0x496a0c GetCPInfo
0x496a10 LCMapStringA
0x496a14 LCMapStringW
0x496a1c HeapDestroy
0x496a20 HeapCreate
0x496a24 VirtualFree
0x496a28 VirtualAlloc
0x496a2c IsBadWritePtr
0x496a34 HeapSize
0x496a38 GetStdHandle
0x496a4c SetHandleCount
0x496a50 CompareStringA
0x496a54 CompareStringW
0x496a58 GetStringTypeA
0x496a5c GetStringTypeW
0x496a60 IsBadReadPtr
0x496a64 IsBadCodePtr
0x496a68 GetLocaleInfoA
0x496a6c VirtualProtect
0x496a70 GetSystemInfo
0x496a74 InterlockedExchange
0x496a78 SetStdHandle
0x496a80 GetLongPathNameW
0x496a84 Sleep
0x496a8c GetStartupInfoW
0x496a90 CopyFileW
0x496a94 GetCurrentProcessId
0x496a9c TerminateProcess
0x496aa0 GetCurrentProcess
0x496aa4 IsDebuggerPresent
0x496aa8 GetModuleFileNameW
0x496aac CreateDirectoryW
0x496ab0 CloseHandle
0x496ab4 LoadLibraryA
0x496ab8 GetProcAddress
0x496abc GetModuleHandleW
Library USER32.dll:
0x496ac4 GetDC
0x496ac8 SetDeskWallpaper
0x496ad4 LoadIconA
0x496ad8 LoadCursorFromFileW
0x496adc CharNextA
Library COMDLG32.dll:
0x496ae4 GetFileTitleW
Library ADVAPI32.dll:
0x496aec RegCloseKey
0x496af0 RegOpenKeyA
0x496af4 RegQueryValueExA
Library SHELL32.dll:
0x496afc DragFinish
Library SHLWAPI.dll:
0x496b04 PathIsUNCW
Library IMM32.dll:
0x496b0c ImmGetContext

Hosts

No hosts contacted.

DNS

No domains contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.