4.0
中危
56 个模型检测该样本为恶意!
重新分析
更多

e24298b174f7e0ac0ff54e424e20981739f31d285969d829dfb0b7b95272b7d6

4fcc4fca36e125d88394e15f6d0474dd.exe

分析耗时

78s

最近分析

文件大小

1.1MB
静态报毒 动态报毒 100% AI SCORE=82 AIDETECTVM ANTIAV ATTRIBUTE AVEMARIA BTL0SL CLASSIC CONFIDENCE CRYPTINJECT DELF DFASB DOWNLOADER33 ELDORADO ELRO GDSDA GENCIRC GENERICKD GENERICRXKQ HIGH CONFIDENCE HIGHCONFIDENCE IGENT ILX@AS5YZQFI KRYPTIK MALWARE1 MALWARE@#19DMQ6VF1WS5 REMCOS S + TROJ SCORE STATIC AI SUSPICIOUS PE TROJANX TSCOPE UNSAFE ZELPHICO 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXKQ-YP!4FCC4FCA36E1 20201211 6.0.6.653
Alibaba TrojanDownloader:Win32/CryptInject.c12f3611 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:TrojanX-gen [Trj] 20201210 21.1.5827.0
Kingsoft 20201211 2017.9.26.565
Tencent Malware.Win32.Gencirc.10cdcdeb 20201211 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .itext
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619427001.682503
__exception__
stacktrace: 
0x34f1722
0x34f1755
0x34f1672
0x34af654
0x34f28cd
0x34f2d92
0x34be2ba
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x775a7bca
0x34ef34c
0x34f2fe3
4fcc4fca36e125d88394e15f6d0474dd+0x5baaf @ 0x45baaf

registers.esp: 1633976
registers.edi: 0
registers.eax: 1633976
registers.ebp: 1634056
registers.edx: 0
registers.ebx: 1635732
registers.esi: 55654548
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1619426979.682503
NtAllocateVirtualMemory
process_identifier: 3000
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00540000
success 0 0
1619426985.323503
NtAllocateVirtualMemory
process_identifier: 3000
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02210000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.283349372281159 section {'size_of_data': '0x0005e000', 'virtual_address': '0x000ce000', 'entropy': 7.283349372281159, 'name': '.rsrc', 'virtual_size': '0x0005dfe6'} description A section with a high entropy has been found
entropy 0.32427770590771887 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Generates some ICMP traffic
File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.33961000
FireEye Trojan.GenericKD.33961000
McAfee GenericRXKQ-YP!4FCC4FCA36E1
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Trojan-Downloader ( 0056707f1 )
Alibaba TrojanDownloader:Win32/CryptInject.c12f3611
K7GW Trojan-Downloader ( 0056707f1 )
Cybereason malicious.98228e
Arcabit Trojan.Generic.D2063428
Cyren W32/Delf.KU.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:TrojanX-gen [Trj]
Kaspersky HEUR:Trojan.Win32.Crypt.gen
BitDefender Trojan.GenericKD.33961000
Paloalto generic.ml
Rising Trojan.Kryptik!1.C56D (CLASSIC)
Ad-Aware Trojan.GenericKD.33961000
Emsisoft Trojan.GenericKD.33961000 (B)
Comodo Malware@#19dmq6vf1ws5
F-Secure Trojan.TR/Dldr.Delf.dfasb
DrWeb Trojan.DownLoader33.43563
Zillya Downloader.Delf.Win32.59171
TrendMicro Backdoor.Win32.REMCOS.SM
McAfee-GW-Edition BehavesLike.Win32.Generic.th
Sophos Mal/Generic-S + Troj/AntiAV-Y
SentinelOne Static AI - Suspicious PE
Jiangmin Trojan.Crypt.dew
Webroot W32.Trojan.Gen
Avira TR/Dldr.Delf.dfasb
Antiy-AVL Trojan/Win32.Crypt
Microsoft Trojan:Win32/CryptInject.AL!MTB
AegisLab Trojan.Win32.Crypt.4!c
ZoneAlarm HEUR:Trojan.Win32.Crypt.gen
GData Trojan.GenericKD.33961000
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.Generic.C4104202
BitDefenderTheta Gen:NN.ZelphiCO.34670.iLX@aS5Yzqfi
ALYac Trojan.PSW.AveMaria
MAX malware (ai score=82)
VBA32 TScope.Trojan.Delf
Zoner Trojan.Win32.92229
ESET-NOD32 Win32/TrojanDownloader.Delf.BZL
TrendMicro-HouseCall Backdoor.Win32.REMCOS.SM
Tencent Malware.Win32.Gencirc.10cdcdeb
Yandex Trojan.Igent.bTL0SL.61
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library oleaut32.dll:
0x4c2738 SysFreeString
0x4c273c SysReAllocStringLen
0x4c2740 SysAllocStringLen
Library advapi32.dll:
0x4c2748 RegQueryValueExA
0x4c274c RegOpenKeyExA
0x4c2750 RegCloseKey
Library user32.dll:
0x4c2758 GetKeyboardType
0x4c275c DestroyWindow
0x4c2760 LoadStringA
0x4c2764 MessageBoxA
0x4c2768 CharNextA
Library kernel32.dll:
0x4c2770 GetACP
0x4c2774 Sleep
0x4c2778 VirtualFree
0x4c277c VirtualAlloc
0x4c2780 GetTickCount
0x4c2788 GetCurrentThreadId
0x4c2794 VirtualQuery
0x4c2798 WideCharToMultiByte
0x4c279c MultiByteToWideChar
0x4c27a0 lstrlenA
0x4c27a4 lstrcpynA
0x4c27a8 LoadLibraryExA
0x4c27ac GetThreadLocale
0x4c27b0 GetStartupInfoA
0x4c27b4 GetProcAddress
0x4c27b8 GetModuleHandleA
0x4c27bc GetModuleFileNameA
0x4c27c0 GetLocaleInfoA
0x4c27c4 GetCommandLineA
0x4c27c8 FreeLibrary
0x4c27cc FindFirstFileA
0x4c27d0 FindClose
0x4c27d4 ExitProcess
0x4c27d8 CompareStringA
0x4c27dc WriteFile
0x4c27e4 RtlUnwind
0x4c27e8 RaiseException
0x4c27ec GetStdHandle
Library kernel32.dll:
0x4c27f4 TlsSetValue
0x4c27f8 TlsGetValue
0x4c27fc LocalAlloc
0x4c2800 GetModuleHandleA
Library user32.dll:
0x4c2808 CreateWindowExA
0x4c280c WindowFromPoint
0x4c2810 WaitMessage
0x4c2814 UpdateWindow
0x4c2818 UnregisterClassA
0x4c281c UnhookWindowsHookEx
0x4c2820 TranslateMessage
0x4c2828 TrackPopupMenu
0x4c2830 ShowWindow
0x4c2834 ShowScrollBar
0x4c2838 ShowOwnedPopups
0x4c283c SetWindowsHookExA
0x4c2840 SetWindowTextA
0x4c2844 SetWindowPos
0x4c2848 SetWindowPlacement
0x4c284c SetWindowLongW
0x4c2850 SetWindowLongA
0x4c2854 SetTimer
0x4c2858 SetScrollRange
0x4c285c SetScrollPos
0x4c2860 SetScrollInfo
0x4c2864 SetRect
0x4c2868 SetPropA
0x4c286c SetParent
0x4c2870 SetMenuItemInfoA
0x4c2874 SetMenu
0x4c2878 SetForegroundWindow
0x4c287c SetFocus
0x4c2880 SetCursor
0x4c2884 SetClassLongA
0x4c2888 SetCapture
0x4c288c SetActiveWindow
0x4c2890 SendMessageW
0x4c2894 SendMessageA
0x4c2898 ScrollWindow
0x4c289c ScreenToClient
0x4c28a0 RemovePropA
0x4c28a4 RemoveMenu
0x4c28a8 ReleaseDC
0x4c28ac ReleaseCapture
0x4c28b8 RegisterClassA
0x4c28bc RedrawWindow
0x4c28c0 PtInRect
0x4c28c4 PostQuitMessage
0x4c28c8 PostMessageA
0x4c28cc PeekMessageW
0x4c28d0 PeekMessageA
0x4c28d4 OffsetRect
0x4c28d8 OemToCharA
0x4c28dc MessageBoxA
0x4c28e0 MapWindowPoints
0x4c28e4 MapVirtualKeyA
0x4c28e8 LoadStringA
0x4c28ec LoadKeyboardLayoutA
0x4c28f0 LoadIconA
0x4c28f4 LoadCursorA
0x4c28f8 LoadBitmapA
0x4c28fc KillTimer
0x4c2900 IsZoomed
0x4c2904 IsWindowVisible
0x4c2908 IsWindowUnicode
0x4c290c IsWindowEnabled
0x4c2910 IsWindow
0x4c2914 IsRectEmpty
0x4c2918 IsIconic
0x4c291c IsDialogMessageW
0x4c2920 IsDialogMessageA
0x4c2924 IsChild
0x4c2928 InvalidateRect
0x4c292c IntersectRect
0x4c2930 InsertMenuItemA
0x4c2934 InsertMenuA
0x4c2938 InflateRect
0x4c2940 GetWindowTextA
0x4c2944 GetWindowRect
0x4c2948 GetWindowPlacement
0x4c294c GetWindowLongW
0x4c2950 GetWindowLongA
0x4c2954 GetWindowDC
0x4c2958 GetTopWindow
0x4c295c GetSystemMetrics
0x4c2960 GetSystemMenu
0x4c2964 GetSysColorBrush
0x4c2968 GetSysColor
0x4c296c GetSubMenu
0x4c2970 GetScrollRange
0x4c2974 GetScrollPos
0x4c2978 GetScrollInfo
0x4c297c GetPropA
0x4c2980 GetParent
0x4c2984 GetWindow
0x4c2988 GetMessagePos
0x4c298c GetMenuStringA
0x4c2990 GetMenuState
0x4c2994 GetMenuItemInfoA
0x4c2998 GetMenuItemID
0x4c299c GetMenuItemCount
0x4c29a0 GetMenu
0x4c29a4 GetLastActivePopup
0x4c29a8 GetKeyboardState
0x4c29b4 GetKeyboardLayout
0x4c29b8 GetKeyState
0x4c29bc GetKeyNameTextA
0x4c29c0 GetIconInfo
0x4c29c4 GetForegroundWindow
0x4c29c8 GetFocus
0x4c29cc GetDesktopWindow
0x4c29d0 GetDCEx
0x4c29d4 GetDC
0x4c29d8 GetCursorPos
0x4c29dc GetCursor
0x4c29e0 GetClipboardData
0x4c29e4 GetClientRect
0x4c29e8 GetClassLongA
0x4c29ec GetClassInfoA
0x4c29f0 GetCapture
0x4c29f4 GetActiveWindow
0x4c29f8 FrameRect
0x4c29fc FindWindowA
0x4c2a00 FillRect
0x4c2a04 EqualRect
0x4c2a08 EnumWindows
0x4c2a0c EnumThreadWindows
0x4c2a10 EnumChildWindows
0x4c2a14 EndPaint
0x4c2a18 EnableWindow
0x4c2a1c EnableScrollBar
0x4c2a20 EnableMenuItem
0x4c2a24 DrawTextA
0x4c2a28 DrawMenuBar
0x4c2a2c DrawIconEx
0x4c2a30 DrawIcon
0x4c2a34 DrawFrameControl
0x4c2a38 DrawEdge
0x4c2a3c DispatchMessageW
0x4c2a40 DispatchMessageA
0x4c2a44 DestroyWindow
0x4c2a48 DestroyMenu
0x4c2a4c DestroyIcon
0x4c2a50 DestroyCursor
0x4c2a54 DeleteMenu
0x4c2a58 DefWindowProcA
0x4c2a5c DefMDIChildProcA
0x4c2a60 DefFrameProcA
0x4c2a64 CreatePopupMenu
0x4c2a68 CreateMenu
0x4c2a6c CreateIcon
0x4c2a70 ClientToScreen
0x4c2a74 CheckMenuItem
0x4c2a78 CallWindowProcA
0x4c2a7c CallNextHookEx
0x4c2a80 BeginPaint
0x4c2a84 CharNextA
0x4c2a88 CharLowerBuffA
0x4c2a8c CharLowerA
0x4c2a90 CharToOemA
0x4c2a94 AdjustWindowRectEx
Library gdi32.dll:
0x4c2aa0 UnrealizeObject
0x4c2aa4 StretchBlt
0x4c2aa8 SetWindowOrgEx
0x4c2aac SetWinMetaFileBits
0x4c2ab0 SetViewportOrgEx
0x4c2ab4 SetTextColor
0x4c2ab8 SetStretchBltMode
0x4c2abc SetROP2
0x4c2ac0 SetPixel
0x4c2ac4 SetEnhMetaFileBits
0x4c2ac8 SetDIBColorTable
0x4c2acc SetBrushOrgEx
0x4c2ad0 SetBkMode
0x4c2ad4 SetBkColor
0x4c2ad8 SelectPalette
0x4c2adc SelectObject
0x4c2ae0 SaveDC
0x4c2ae4 RestoreDC
0x4c2ae8 Rectangle
0x4c2aec RectVisible
0x4c2af0 RealizePalette
0x4c2af4 Polyline
0x4c2af8 PlayEnhMetaFile
0x4c2afc Pie
0x4c2b00 PatBlt
0x4c2b04 MoveToEx
0x4c2b08 MaskBlt
0x4c2b0c LineTo
0x4c2b10 IntersectClipRect
0x4c2b14 GetWindowOrgEx
0x4c2b18 GetWinMetaFileBits
0x4c2b1c GetTextMetricsA
0x4c2b28 GetStockObject
0x4c2b2c GetRgnBox
0x4c2b30 GetPixel
0x4c2b34 GetPaletteEntries
0x4c2b38 GetObjectA
0x4c2b44 GetEnhMetaFileBits
0x4c2b48 GetDeviceCaps
0x4c2b4c GetDIBits
0x4c2b50 GetDIBColorTable
0x4c2b54 GetDCOrgEx
0x4c2b5c GetClipBox
0x4c2b60 GetBrushOrgEx
0x4c2b64 GetBitmapBits
0x4c2b68 ExtTextOutA
0x4c2b6c ExcludeClipRect
0x4c2b70 Ellipse
0x4c2b74 DeleteObject
0x4c2b78 DeleteEnhMetaFile
0x4c2b7c DeleteDC
0x4c2b80 CreateSolidBrush
0x4c2b84 CreatePenIndirect
0x4c2b88 CreatePalette
0x4c2b90 CreateFontIndirectA
0x4c2b94 CreateDIBitmap
0x4c2b98 CreateDIBSection
0x4c2b9c CreateCompatibleDC
0x4c2ba4 CreateBrushIndirect
0x4c2ba8 CreateBitmap
0x4c2bac CopyEnhMetaFileA
0x4c2bb0 Chord
0x4c2bb4 BitBlt
0x4c2bb8 Arc
Library version.dll:
0x4c2bc0 VerQueryValueA
0x4c2bc8 GetFileVersionInfoA
Library kernel32.dll:
0x4c2bd0 lstrcpyA
0x4c2bd4 WriteFile
0x4c2bd8 WaitForSingleObject
0x4c2bdc VirtualQuery
0x4c2be0 VirtualProtect
0x4c2be4 VirtualAlloc
0x4c2be8 SizeofResource
0x4c2bec SetThreadLocale
0x4c2bf0 SetFilePointer
0x4c2bf4 SetEvent
0x4c2bf8 SetErrorMode
0x4c2bfc SetEndOfFile
0x4c2c00 ResetEvent
0x4c2c04 ReadFile
0x4c2c08 MulDiv
0x4c2c0c LockResource
0x4c2c10 LoadResource
0x4c2c14 LoadLibraryA
0x4c2c20 GlobalFindAtomA
0x4c2c24 GlobalDeleteAtom
0x4c2c28 GlobalAddAtomA
0x4c2c2c GetVersionExA
0x4c2c30 GetVersion
0x4c2c34 GetTickCount
0x4c2c38 GetThreadLocale
0x4c2c3c GetStdHandle
0x4c2c40 GetProcAddress
0x4c2c44 GetModuleHandleA
0x4c2c48 GetModuleFileNameA
0x4c2c4c GetLocaleInfoA
0x4c2c50 GetLocalTime
0x4c2c54 GetLastError
0x4c2c58 GetFullPathNameA
0x4c2c5c GetDiskFreeSpaceA
0x4c2c60 GetDateFormatA
0x4c2c64 GetCurrentThreadId
0x4c2c68 GetCurrentProcessId
0x4c2c6c GetCPInfo
0x4c2c70 FreeResource
0x4c2c74 InterlockedExchange
0x4c2c78 FreeLibrary
0x4c2c7c FormatMessageA
0x4c2c80 FindResourceA
0x4c2c84 EnumCalendarInfoA
0x4c2c90 CreateThread
0x4c2c94 CreateFileA
0x4c2c98 CreateEventA
0x4c2c9c CompareStringA
0x4c2ca0 CloseHandle
Library advapi32.dll:
0x4c2ca8 RegQueryValueExA
0x4c2cac RegOpenKeyExA
0x4c2cb0 RegFlushKey
0x4c2cb4 RegCloseKey
Library kernel32.dll:
0x4c2cbc Sleep
Library oleaut32.dll:
0x4c2cc4 SafeArrayPtrOfIndex
0x4c2cc8 SafeArrayGetUBound
0x4c2ccc SafeArrayGetLBound
0x4c2cd0 SafeArrayCreate
0x4c2cd4 VariantChangeType
0x4c2cd8 VariantCopy
0x4c2cdc VariantClear
0x4c2ce0 VariantInit
Library comctl32.dll:
0x4c2ce8 _TrackMouseEvent
0x4c2cf4 ImageList_Write
0x4c2cf8 ImageList_Read
0x4c2d00 ImageList_DragMove
0x4c2d04 ImageList_DragLeave
0x4c2d08 ImageList_DragEnter
0x4c2d0c ImageList_EndDrag
0x4c2d10 ImageList_BeginDrag
0x4c2d14 ImageList_Remove
0x4c2d18 ImageList_DrawEx
0x4c2d1c ImageList_Draw
0x4c2d28 ImageList_Add
0x4c2d30 ImageList_Destroy
0x4c2d34 ImageList_Create
Library URL.DLL:
0x4c2d3c InetIsOffline

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49175 184.168.131.241 acdesignhub.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702
192.168.56.101 58367 8.8.8.8 53

HTTP & HTTPS Requests

URI Data
http://acdesignhub.com/AAddropboxusercontent52t2jofjdp8lir2361P9A8E8B0G4YF1LIhiM1554 
GET /AAddropboxusercontent52t2jofjdp8lir2361P9A8E8B0G4YF1LIhiM1554 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: acdesignhub.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.