5.2
中危
54 个模型检测该样本为恶意!
重新分析
更多

27353906a9ebdd03dcbd51a518eccf7785d1c16aad3f77f31f10176ddf739ad1

4f1a05537b0abdc190537cc708c8ad25.exe

分析耗时

82s

最近分析

文件大小

772.5KB
静态报毒 动态报毒 AI SCORE=87 ATTRIBUTE CLOUD CONFIDENCE DOWNLOADER33 ELRO FAKEALERT GDSDA GENERICKD GF5EOJDRWEI GRAYWARE HIGHCONFIDENCE HKQWLK OIZFS PDWK R011C0WER20 REMCOS SCORE SUSPICIOUS PE TROJANX UNSAFE UNWADERS VIGORF WACATAC YRUI 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee RDN/Generic.tfr 20200615 6.0.6.653
Alibaba Backdoor:Win32/Injector.f41b9cc0 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:TrojanX-gen [Trj] 20200615 18.4.3895.0
Tencent Win32.Backdoor.Remcos.Pdwk 20200615 1.0.0.1
Kingsoft 20200615 2013.8.14.323
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .itext
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619427040.231334
__exception__
stacktrace: 
0x54

registers.esp: 57408540
registers.edi: 0
registers.eax: 0
registers.ebp: 57408568
registers.edx: 0
registers.ebx: 0
registers.esi: 57408584
registers.ecx: 0
exception.instruction_r: 8b 40 3c 99 03 04 24 13 54 24 04 83 c4 08 89 44
exception.instruction: mov eax, dword ptr [eax + 0x3c]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x2148c7b
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619426981.137334
NtAllocateVirtualMemory
process_identifier: 472
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00900000
success 0 0
Downloads a file or document from Google Drive (1 个事件)
domain drive.google.com
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619427008.856334
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619427011.434334
RegSetValueExA
key_handle: 0x000003a4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619427011.434334
RegSetValueExA
key_handle: 0x000003a4
value: Pid{:×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619427011.434334
RegSetValueExA
key_handle: 0x000003a4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619427011.434334
RegSetValueExW
key_handle: 0x000003a4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619427011.434334
RegSetValueExA
key_handle: 0x000003bc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619427011.434334
RegSetValueExA
key_handle: 0x000003bc
value: Pid{:×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619427011.434334
RegSetValueExA
key_handle: 0x000003bc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619427011.465334
RegSetValueExW
key_handle: 0x000003a0
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 104.16.252.55:443
File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)
MicroWorld-eScan Trojan.GenericKD.33908185
FireEye Trojan.GenericKD.33908185
CAT-QuickHeal Trojan.Wacatac
McAfee RDN/Generic.tfr
Cylance Unsafe
K7AntiVirus Trojan ( 005665de1 )
Alibaba Backdoor:Win32/Injector.f41b9cc0
K7GW Trojan ( 005665de1 )
Cybereason malicious.0129e1
Arcabit Trojan.Generic.D20565D9
F-Prot W32/Wacatac.CX
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:TrojanX-gen [Trj]
Kaspersky HEUR:Backdoor.Win32.Remcos.gen
BitDefender Trojan.GenericKD.33908185
NANO-Antivirus Trojan.Win32.FakeAlert.hkqwlk
Paloalto generic.ml
AegisLab Trojan.Win32.Remcos.m!c
Tencent Win32.Backdoor.Remcos.Pdwk
Sophos Mal/Generic-S
F-Secure Trojan.TR/Injector.oizfs
DrWeb Trojan.DownLoader33.47214
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R011C0WER20
McAfee-GW-Edition BehavesLike.Win32.Generic.bh
Trapmine suspicious.low.ml.score
Emsisoft Trojan.GenericKD.33908185 (B)
SentinelOne DFI - Suspicious PE
Cyren W32/Trojan.YRUI-7035
Jiangmin Backdoor.Remcos.bow
Avira TR/Injector.oizfs
MAX malware (ai score=87)
Antiy-AVL GrayWare/Win32.Unwaders
Microsoft Trojan:Win32/Vigorf.A
ZoneAlarm HEUR:Backdoor.Win32.Remcos.gen
GData Trojan.GenericKD.33908185
Cynet Malicious (score: 85)
AhnLab-V3 Trojan/Win32.Injector.C4110954
ALYac Trojan.GenericKD.33908185
VBA32 Backdoor.Remcos
Malwarebytes Trojan.MalPack.DLF
ESET-NOD32 a variant of Win32/Injector.ELRO
TrendMicro-HouseCall TROJ_GEN.R011C0WER20
Rising Trojan.Injector!1.C70A (CLOUD)
Yandex Trojan.Injector!Gf5eOjDRWeI
Ikarus Trojan.Inject
eGambit Unsafe.AI_Score_64%
Fortinet W32/ELRO!tr
Ad-Aware Trojan.GenericKD.33908185
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library oleaut32.dll:
0x46d744 SysFreeString
0x46d748 SysReAllocStringLen
0x46d74c SysAllocStringLen
Library advapi32.dll:
0x46d754 RegQueryValueExA
0x46d758 RegOpenKeyExA
0x46d75c RegCloseKey
Library user32.dll:
0x46d764 GetKeyboardType
0x46d768 DestroyWindow
0x46d76c LoadStringA
0x46d770 MessageBoxA
0x46d774 CharNextA
Library kernel32.dll:
0x46d77c GetACP
0x46d780 Sleep
0x46d784 VirtualFree
0x46d788 VirtualAlloc
0x46d78c GetCurrentThreadId
0x46d798 VirtualQuery
0x46d79c WideCharToMultiByte
0x46d7a0 MultiByteToWideChar
0x46d7a4 lstrlenA
0x46d7a8 lstrcpynA
0x46d7ac LoadLibraryExA
0x46d7b0 GetThreadLocale
0x46d7b4 GetStartupInfoA
0x46d7b8 GetProcAddress
0x46d7bc GetModuleHandleA
0x46d7c0 GetModuleFileNameA
0x46d7c4 GetLocaleInfoA
0x46d7c8 GetCommandLineA
0x46d7cc FreeLibrary
0x46d7d0 FindFirstFileA
0x46d7d4 FindClose
0x46d7d8 ExitProcess
0x46d7dc CompareStringA
0x46d7e0 WriteFile
0x46d7e8 RtlUnwind
0x46d7ec RaiseException
0x46d7f0 GetStdHandle
Library kernel32.dll:
0x46d7f8 TlsSetValue
0x46d7fc TlsGetValue
0x46d800 LocalAlloc
0x46d804 GetModuleHandleA
Library user32.dll:
0x46d80c CreateWindowExA
0x46d810 WindowFromPoint
0x46d814 WaitMessage
0x46d818 UpdateWindow
0x46d81c UnregisterClassA
0x46d820 UnhookWindowsHookEx
0x46d824 TranslateMessage
0x46d82c TrackPopupMenu
0x46d834 ShowWindow
0x46d838 ShowScrollBar
0x46d83c ShowOwnedPopups
0x46d840 SetWindowsHookExA
0x46d844 SetWindowPos
0x46d848 SetWindowPlacement
0x46d84c SetWindowLongW
0x46d850 SetWindowLongA
0x46d854 SetTimer
0x46d858 SetScrollRange
0x46d85c SetScrollPos
0x46d860 SetScrollInfo
0x46d864 SetRect
0x46d868 SetPropA
0x46d86c SetParent
0x46d870 SetMenuItemInfoA
0x46d874 SetMenu
0x46d878 SetForegroundWindow
0x46d87c SetFocus
0x46d880 SetCursor
0x46d884 SetClipboardData
0x46d888 SetClassLongA
0x46d88c SetCapture
0x46d890 SetActiveWindow
0x46d894 SendMessageW
0x46d898 SendMessageA
0x46d89c ScrollWindow
0x46d8a0 ScreenToClient
0x46d8a4 RemovePropA
0x46d8a8 RemoveMenu
0x46d8ac ReleaseDC
0x46d8b0 ReleaseCapture
0x46d8bc RegisterClassA
0x46d8c0 RedrawWindow
0x46d8c4 PtInRect
0x46d8c8 PostQuitMessage
0x46d8cc PostMessageA
0x46d8d0 PeekMessageW
0x46d8d4 PeekMessageA
0x46d8d8 OpenClipboard
0x46d8dc OffsetRect
0x46d8e0 OemToCharA
0x46d8e4 MessageBoxA
0x46d8e8 MessageBeep
0x46d8ec MapWindowPoints
0x46d8f0 MapVirtualKeyA
0x46d8f4 LoadStringA
0x46d8f8 LoadKeyboardLayoutA
0x46d8fc LoadIconA
0x46d900 LoadCursorA
0x46d904 LoadBitmapA
0x46d908 KillTimer
0x46d90c IsZoomed
0x46d910 IsWindowVisible
0x46d914 IsWindowUnicode
0x46d918 IsWindowEnabled
0x46d91c IsWindow
0x46d920 IsRectEmpty
0x46d924 IsIconic
0x46d928 IsDialogMessageW
0x46d92c IsDialogMessageA
0x46d930 IsChild
0x46d934 InvalidateRect
0x46d938 IntersectRect
0x46d93c InsertMenuItemA
0x46d940 InsertMenuA
0x46d944 InflateRect
0x46d94c GetWindowTextA
0x46d950 GetWindowRect
0x46d954 GetWindowPlacement
0x46d958 GetWindowLongW
0x46d95c GetWindowLongA
0x46d960 GetWindowDC
0x46d964 GetTopWindow
0x46d968 GetSystemMetrics
0x46d96c GetSystemMenu
0x46d970 GetSysColorBrush
0x46d974 GetSysColor
0x46d978 GetSubMenu
0x46d97c GetScrollRange
0x46d980 GetScrollPos
0x46d984 GetScrollInfo
0x46d988 GetPropA
0x46d98c GetParent
0x46d990 GetWindow
0x46d994 GetMessagePos
0x46d998 GetMenuStringA
0x46d99c GetMenuState
0x46d9a0 GetMenuItemInfoA
0x46d9a4 GetMenuItemID
0x46d9a8 GetMenuItemCount
0x46d9ac GetMenu
0x46d9b0 GetLastActivePopup
0x46d9b4 GetKeyboardState
0x46d9c0 GetKeyboardLayout
0x46d9c4 GetKeyState
0x46d9c8 GetKeyNameTextA
0x46d9cc GetIconInfo
0x46d9d0 GetForegroundWindow
0x46d9d4 GetFocus
0x46d9d8 GetDesktopWindow
0x46d9dc GetDCEx
0x46d9e0 GetDC
0x46d9e4 GetCursorPos
0x46d9e8 GetCursor
0x46d9ec GetClipboardData
0x46d9f0 GetClientRect
0x46d9f4 GetClassLongA
0x46d9f8 GetClassInfoA
0x46d9fc GetCapture
0x46da00 GetActiveWindow
0x46da04 FrameRect
0x46da08 FindWindowA
0x46da0c FillRect
0x46da10 EqualRect
0x46da14 EnumWindows
0x46da18 EnumThreadWindows
0x46da1c EnumChildWindows
0x46da20 EndPaint
0x46da24 EnableWindow
0x46da28 EnableScrollBar
0x46da2c EnableMenuItem
0x46da30 EmptyClipboard
0x46da34 DrawTextA
0x46da38 DrawMenuBar
0x46da3c DrawIconEx
0x46da40 DrawIcon
0x46da44 DrawFrameControl
0x46da48 DrawEdge
0x46da4c DispatchMessageW
0x46da50 DispatchMessageA
0x46da54 DestroyWindow
0x46da58 DestroyMenu
0x46da5c DestroyIcon
0x46da60 DestroyCursor
0x46da64 DeleteMenu
0x46da68 DefWindowProcA
0x46da6c DefMDIChildProcA
0x46da70 DefFrameProcA
0x46da74 CreatePopupMenu
0x46da78 CreateMenu
0x46da7c CreateIcon
0x46da80 CloseClipboard
0x46da84 ClientToScreen
0x46da88 CheckMenuItem
0x46da8c CallWindowProcA
0x46da90 CallNextHookEx
0x46da94 BeginPaint
0x46da98 CharNextA
0x46da9c CharLowerBuffA
0x46daa0 CharLowerA
0x46daa4 CharUpperBuffA
0x46daa8 CharToOemA
0x46daac AdjustWindowRectEx
Library gdi32.dll:
0x46dab8 UnrealizeObject
0x46dabc StretchBlt
0x46dac0 SetWindowOrgEx
0x46dac4 SetWinMetaFileBits
0x46dac8 SetViewportOrgEx
0x46dacc SetTextColor
0x46dad0 SetStretchBltMode
0x46dad4 SetROP2
0x46dad8 SetPixel
0x46dadc SetEnhMetaFileBits
0x46dae0 SetDIBColorTable
0x46dae4 SetBrushOrgEx
0x46dae8 SetBkMode
0x46daec SetBkColor
0x46daf0 SelectPalette
0x46daf4 SelectObject
0x46daf8 SaveDC
0x46dafc RestoreDC
0x46db00 Rectangle
0x46db04 RectVisible
0x46db08 RealizePalette
0x46db0c PlayEnhMetaFile
0x46db10 PatBlt
0x46db14 MoveToEx
0x46db18 MaskBlt
0x46db1c LineTo
0x46db20 IntersectClipRect
0x46db24 GetWindowOrgEx
0x46db28 GetWinMetaFileBits
0x46db2c GetTextMetricsA
0x46db30 GetTextExtentPointA
0x46db3c GetStockObject
0x46db40 GetRgnBox
0x46db44 GetPixel
0x46db48 GetPaletteEntries
0x46db4c GetObjectA
0x46db58 GetEnhMetaFileBits
0x46db5c GetDeviceCaps
0x46db60 GetDIBits
0x46db64 GetDIBColorTable
0x46db68 GetDCOrgEx
0x46db70 GetClipBox
0x46db74 GetBrushOrgEx
0x46db78 GetBitmapBits
0x46db7c GdiFlush
0x46db80 ExcludeClipRect
0x46db84 DeleteObject
0x46db88 DeleteEnhMetaFile
0x46db8c DeleteDC
0x46db90 CreateSolidBrush
0x46db94 CreatePenIndirect
0x46db98 CreatePalette
0x46dba0 CreateFontIndirectA
0x46dba4 CreateDIBitmap
0x46dba8 CreateDIBSection
0x46dbac CreateCompatibleDC
0x46dbb4 CreateBrushIndirect
0x46dbb8 CreateBitmap
0x46dbbc CopyEnhMetaFileA
0x46dbc0 BitBlt
Library version.dll:
0x46dbc8 VerQueryValueA
0x46dbd0 GetFileVersionInfoA
Library kernel32.dll:
0x46dbd8 lstrcpyA
0x46dbdc WriteFile
0x46dbe0 WaitForSingleObject
0x46dbe4 VirtualQuery
0x46dbe8 VirtualProtect
0x46dbec VirtualAlloc
0x46dbf0 SizeofResource
0x46dbf4 SetThreadLocale
0x46dbf8 SetFilePointer
0x46dbfc SetEvent
0x46dc00 SetErrorMode
0x46dc04 SetEndOfFile
0x46dc08 ResetEvent
0x46dc0c ReadFile
0x46dc10 MulDiv
0x46dc14 LockResource
0x46dc18 LoadResource
0x46dc1c LoadLibraryA
0x46dc28 GlobalUnlock
0x46dc2c GlobalLock
0x46dc30 GlobalFree
0x46dc34 GlobalFindAtomA
0x46dc38 GlobalDeleteAtom
0x46dc3c GlobalAlloc
0x46dc40 GlobalAddAtomA
0x46dc44 GetVersionExA
0x46dc48 GetVersion
0x46dc4c GetTickCount
0x46dc50 GetThreadLocale
0x46dc54 GetStdHandle
0x46dc58 GetProcAddress
0x46dc5c GetModuleHandleA
0x46dc60 GetModuleFileNameA
0x46dc64 GetLocaleInfoA
0x46dc68 GetLocalTime
0x46dc6c GetLastError
0x46dc70 GetFullPathNameA
0x46dc74 GetDiskFreeSpaceA
0x46dc78 GetDateFormatA
0x46dc7c GetCurrentThreadId
0x46dc80 GetCurrentProcessId
0x46dc84 GetCPInfo
0x46dc88 FreeResource
0x46dc8c InterlockedExchange
0x46dc90 FreeLibrary
0x46dc94 FormatMessageA
0x46dc98 FindResourceA
0x46dc9c EnumCalendarInfoA
0x46dca8 CreateThread
0x46dcac CreateFileA
0x46dcb0 CreateEventA
0x46dcb4 CompareStringA
0x46dcb8 CloseHandle
Library advapi32.dll:
0x46dcc0 RegQueryValueExA
0x46dcc4 RegOpenKeyExA
0x46dcc8 RegFlushKey
0x46dccc RegCloseKey
Library kernel32.dll:
0x46dcd4 Sleep
Library oleaut32.dll:
0x46dcdc SafeArrayPtrOfIndex
0x46dce0 SafeArrayGetUBound
0x46dce4 SafeArrayGetLBound
0x46dce8 SafeArrayCreate
0x46dcec VariantChangeType
0x46dcf0 VariantCopy
0x46dcf4 VariantClear
0x46dcf8 VariantInit
Library comctl32.dll:
0x46dd00 _TrackMouseEvent
0x46dd0c ImageList_Write
0x46dd10 ImageList_Read
0x46dd18 ImageList_DragMove
0x46dd1c ImageList_DragLeave
0x46dd20 ImageList_DragEnter
0x46dd24 ImageList_EndDrag
0x46dd28 ImageList_BeginDrag
0x46dd2c ImageList_Remove
0x46dd30 ImageList_DrawEx
0x46dd34 ImageList_Draw
0x46dd40 ImageList_Add
0x46dd48 ImageList_Destroy
0x46dd4c ImageList_Create
Library URL.DLL:
0x46dd54 InetIsOffline

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.