2.8
中危
46 个模型检测该样本为恶意!
重新分析
更多

40792cf64b7e1d94206760068306b2ee33a2d2e23ef7596ced41f06748874438

4dca1c2b37cd14e38bdd010cf0758060.exe

分析耗时

82s

最近分析

文件大小

378.9KB
静态报毒 动态报毒 ADMEDIA CLOUD DIGITALPIN1 DWTFKL ELDORADO FALSESIGN FILEREPMALWARE GEN4 GENERICKD GENETIC GRAYWARE HFSADWARE HIGH CONFIDENCE MEDIAMAGNET MMAG PHHA POTENTIALRISK UNDEFINED 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee PUP-XFG-BB 20190412 6.0.6.653
Alibaba 20190402 0.3.0.4
Baidu 20190318 1.0.0.2
Tencent Win32.Trojan.Falsesign.Phha 20190413 1.0.0.1
Kingsoft 20190413 2013.8.14.323
Avast Win32:MediaMagnet-Q [PUP] 20190412 18.4.3895.0
CrowdStrike 20190212 1.0
行为判定
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 46 AntiVirus engines on VirusTotal as malicious (46 个事件)
Bkav W32.HfsAdware.FF7D
MicroWorld-eScan Adware.GenericKD.30767005
FireEye Generic.mg.4dca1c2b37cd14e3
CAT-QuickHeal PUA.Digitalpin1.Gen
McAfee PUP-XFG-BB
Malwarebytes PUP.Optional.MediaMagnet
K7GW Unwanted-Program ( 004a9da41 )
K7AntiVirus Unwanted-Program ( 0040f9ef1 )
NANO-Antivirus Riskware.Win32.MMag.dwtfkl
Cyren W32/MediaMagnet.A.gen!Eldorado
ESET-NOD32 a variant of Win32/MediaMagnet.A potentially unwanted
Paloalto generic.ml
ClamAV Win.Trojan.Mmag-4
Kaspersky not-a-virus:AdWare.Win32.MMag.k
BitDefender Adware.GenericKD.30767005
Tencent Win32.Trojan.Falsesign.Phha
Ad-Aware Adware.GenericKD.30767005
Sophos MediaMagnet (PUA)
F-Secure PotentialRisk.PUA/MediaMagnet.Gen4
DrWeb Adware.Downware.16442
Zillya Adware.MMag.Win32.15
Invincea heuristic
McAfee-GW-Edition PUP-XFG-BB
Emsisoft Application.AdMedia (A)
GData Adware.GenericKD.30767005
Jiangmin AdWare/MMag.ac
Avira PUA/MediaMagnet.Gen4
Antiy-AVL GrayWare[AdWare]/Win32.MMag
Microsoft PUA:Win32/MediaMagnet
Endgame malicious (high confidence)
Arcabit Adware.Generic.D1D5779D
SUPERAntiSpyware PUP.MediaMagnet/Variant
ZoneAlarm not-a-virus:AdWare.Win32.MMag.k
Acronis suspicious
VBA32 AdWare.MMag
ALYac Adware.GenericKD.30767005
TACHYON Trojan-Clicker/W32.DP-MMag.387984
Panda Trj/Genetic.gen
Rising Malware.Undefined!8.C (CLOUD)
Yandex PUA.MMag!
Ikarus PUA.MediaMagnet
Fortinet Adware/MediaMagnet
AVG FileRepMalware
Cybereason malicious.b37cd1
Avast Win32:MediaMagnet-Q [PUP]
Qihoo-360 Win32/Virus.3ae
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2014-02-23 01:53:39

Imports

Library oleaut32.dll:
0x45673c SysFreeString
0x456740 SysReAllocStringLen
0x456744 SysAllocStringLen
Library advapi32.dll:
0x45674c RegQueryValueExW
0x456750 RegOpenKeyExW
0x456754 RegCloseKey
Library user32.dll:
0x45675c LoadStringW
0x456760 MessageBoxA
0x456764 CharNextW
Library kernel32.dll:
0x45676c lstrcmpiA
0x456770 LoadLibraryA
0x456774 LocalFree
0x456778 LocalAlloc
0x45677c GetACP
0x456780 Sleep
0x456784 VirtualFree
0x456788 VirtualAlloc
0x45678c GetSystemInfo
0x456790 GetVersion
0x456794 GetCurrentThreadId
0x456798 VirtualQuery
0x45679c WideCharToMultiByte
0x4567a0 MultiByteToWideChar
0x4567a4 lstrlenW
0x4567a8 lstrcpynW
0x4567ac LoadLibraryExW
0x4567b0 IsValidLocale
0x4567b8 GetStartupInfoA
0x4567bc GetProcAddress
0x4567c0 GetModuleHandleW
0x4567c4 GetModuleFileNameW
0x4567cc GetLocaleInfoW
0x4567d0 GetLastError
0x4567d4 GetCommandLineW
0x4567d8 FreeLibrary
0x4567dc FindFirstFileW
0x4567e0 FindClose
0x4567e4 ExitProcess
0x4567e8 CompareStringW
0x4567ec WriteFile
0x4567f4 RtlUnwind
0x4567f8 RaiseException
0x4567fc GetStdHandle
0x456810 CloseHandle
Library kernel32.dll:
0x456818 TlsSetValue
0x45681c TlsGetValue
0x456820 LocalAlloc
0x456824 GetModuleHandleW
Library user32.dll:
0x45682c CreateWindowExW
0x456830 WaitMessage
0x456834 TranslateMessage
0x456838 ShowWindow
0x45683c SetWindowPos
0x456840 SetTimer
0x456844 SetScrollInfo
0x456848 SetParent
0x45684c SetForegroundWindow
0x456850 SetFocus
0x456854 SetCursor
0x456858 SetCapture
0x45685c ScreenToClient
0x456860 ReleaseDC
0x456864 ReleaseCapture
0x456868 RegisterClassW
0x45686c PtInRect
0x456870 PostQuitMessage
0x456874 OffsetRect
0x456878 MessageBoxW
0x45687c LoadStringW
0x456880 KillTimer
0x456884 IsWindowVisible
0x456888 IsWindowEnabled
0x45688c IsWindow
0x456890 IsIconic
0x456894 InvalidateRect
0x456898 InflateRect
0x45689c GetWindowTextW
0x4568a0 GetWindowRect
0x4568a4 GetUpdateRgn
0x4568a8 GetSystemMetrics
0x4568ac GetSystemMenu
0x4568b0 GetSysColor
0x4568b4 GetScrollPos
0x4568b8 GetScrollInfo
0x4568bc GetKeyboardState
0x4568c0 GetKeyState
0x4568c4 GetFocus
0x4568c8 GetDC
0x4568cc GetCursorPos
0x4568d0 GetClientRect
0x4568d4 GetClassInfoW
0x4568d8 GetAsyncKeyState
0x4568dc FillRect
0x4568e0 EndPaint
0x4568e4 EnableWindow
0x4568e8 EnableMenuItem
0x4568ec DestroyWindow
0x4568f0 DestroyIcon
0x4568f4 CopyImage
0x4568f8 ClientToScreen
0x4568fc CharUpperBuffW
0x456900 CharLowerBuffW
0x456904 BeginPaint
Library gdi32.dll:
0x45690c SetTextColor
0x456910 SetROP2
0x456914 SetBrushOrgEx
0x456918 SetBkMode
0x45691c SetBkColor
0x456920 SelectObject
0x456924 MoveToEx
0x456928 GetStockObject
0x45692c DeleteObject
0x456930 DeleteDC
0x456934 CreateSolidBrush
0x456938 CreateRectRgn
Library kernel32.dll:
0x456940 lstrcpyW
0x456944 WriteFile
0x456948 WideCharToMultiByte
0x45694c WaitForSingleObject
0x456950 VirtualQuery
0x456954 TerminateThread
0x456958 TerminateProcess
0x456960 Sleep
0x456964 SizeofResource
0x456968 SignalObjectAndWait
0x45696c SetFilePointer
0x456970 SetEvent
0x456974 SetErrorMode
0x456978 SetEndOfFile
0x456980 ResumeThread
0x456984 ResetEvent
0x456988 ReadFile
0x45698c OpenProcess
0x456990 MultiByteToWideChar
0x456994 LocalFree
0x456998 LoadResource
0x45699c LoadLibraryW
0x4569a4 IsValidLocale
0x4569ac GlobalUnlock
0x4569b0 GlobalLock
0x4569b4 GetVersionExW
0x4569b8 GetVersion
0x4569bc GetTickCount
0x4569c0 GetThreadLocale
0x4569c4 GetStdHandle
0x4569c8 GetProcAddress
0x4569cc GetModuleHandleW
0x4569d0 GetModuleFileNameW
0x4569d4 GetLocaleInfoW
0x4569d8 GetLocalTime
0x4569dc GetLastError
0x4569e0 GetFileSize
0x4569e4 GetExitCodeThread
0x4569e8 GetExitCodeProcess
0x4569ec GetDiskFreeSpaceW
0x4569f0 GetDateFormatW
0x4569f4 GetCurrentThread
0x4569f8 GetCurrentProcessId
0x4569fc GetCurrentProcess
0x456a00 GetCPInfo
0x456a04 InterlockedExchange
0x456a0c FreeLibrary
0x456a10 FormatMessageW
0x456a14 FindFirstFileExW
0x456a18 FindClose
0x456a24 EnumCalendarInfoW
0x456a2c DeleteFileW
0x456a34 CreateThread
0x456a38 CreateFileW
0x456a3c CreateEventW
0x456a40 CopyFileW
0x456a44 CompareStringW
0x456a48 CloseHandle
Library advapi32.dll:
0x456a50 RegCloseKey
0x456a54 OpenThreadToken
0x456a58 OpenProcessToken
0x456a5c GetTokenInformation
0x456a60 FreeSid
0x456a64 EqualSid
Library oleaut32.dll:
0x456a70 SysFreeString
0x456a74 SysAllocStringLen
Library comctl32.dll:
0x456a7c InitCommonControls
Library user32.dll:
0x456a84 wvsprintfW
0x456a88 SetWindowLongW
0x456a8c SetPropW
0x456a90 SendMessageW
0x456a94 PostMessageW
0x456a98 PeekMessageW
0x456a9c MessageBoxW
0x456aa0 LoadStringW
0x456aa4 LoadIconW
0x456aa8 LoadCursorW
0x456ab0 GetWindowLongW
0x456ab4 GetPropW
0x456ab8 GetClassLongW
0x456abc GetClassInfoW
0x456ac0 DrawTextW
0x456ac4 DispatchMessageW
0x456ac8 DefWindowProcW
0x456acc CallWindowProcW
Library gdi32.dll:
0x456ad8 CreateFontIndirectW
Library kernel32.dll:
0x456ae0 QueryDosDeviceW
0x456ae4 LoadLibraryW
0x456aec GetTempPathW
0x456af0 GetTempFileNameW
0x456af4 GetModuleHandleW
0x456af8 GetModuleFileNameW
0x456afc GetFileAttributesW
0x456b00 GetDateFormatW
0x456b04 FormatMessageW
0x456b08 FindResourceW
0x456b0c FindNextFileW
0x456b10 DeleteFileW
0x456b14 CreateProcessW
0x456b18 CreateFileW
0x456b1c CreateDirectoryW
Library advapi32.dll:
0x456b24 RegSetValueExW
0x456b28 RegQueryValueExW
0x456b2c RegQueryInfoKeyW
0x456b30 RegOpenKeyExW
0x456b34 RegEnumValueW
0x456b38 RegEnumKeyExW
0x456b3c RegCreateKeyExW
Library shell32.dll:
0x456b44 ShellExecuteExW
Library advapi32.dll:
Library oleaut32.dll:
0x456b54 GetErrorInfo
0x456b58 SysFreeString
Library ole32.dll:
0x456b60 CLSIDFromProgID
0x456b64 CoCreateInstance
0x456b68 CoUninitialize
0x456b6c CoInitialize
Library GdiPlus.dll:
0x456b80 GdipGetImageHeight
0x456b84 GdipGetImageWidth
0x456b90 GdipDisposeImage
0x456b94 GdipDrawImageRectI
0x456b98 GdipGraphicsClear
0x456b9c GdipCreateFromHDC
0x456ba0 GdipDeleteGraphics
0x456ba4 GdiplusShutdown
0x456ba8 GdiplusStartup

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50003 239.255.255.250 3702
192.168.56.101 50005 239.255.255.250 3702
192.168.56.101 51966 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.