SmartHawk

2.0

低危

45 个模型检测该样本为恶意！

重新分析

下载样本

68969f5021302759a1a380abc2ff239ab7bb8f66f6bc184dd42e6f2f6952be07

54bada2ed58d0a4a7c28a9802997959f.exe

分析耗时

72s

最近分析

文件大小

42.4KB

静态报毒动态报毒 AAWFV ACCG AI SCORE=84 ARTEMIS BADCERT CLASSIC DANGEROUSSIG ERBG GENERICKD GENKRYPTIK HTIIVP KRYPTIK MALCERT MALWARE@#1G16RSN943EEG METERPRETER NETTRAVELER R011C0RHQ20 R351032 TRAVNET UNSAFE 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Artemis!54BADA2ED58D	20200922	6.0.6.653
Alibaba	TrojanDropper:Win32/NetTraveler.a8e38548	20190527	0.3.0.5
CrowdStrike		20190702	1.0
Avast	Win64:DangerousSig [Trj]	20200922	18.4.3895.0
Tencent		20200922	1.0.0.1
Baidu		20190318	1.0.0.2
Kingsoft		20200922	2013.8.14.323

This executable is signed

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 45 AntiVirus engines on VirusTotal as malicious (45 个事件)

DrWeb	BackDoor.Spy.3756
MicroWorld-eScan	Trojan.GenericKD.34438154
FireEye	Trojan.GenericKD.34438154
CAT-QuickHeal	Trojandropper.Nettraveler
McAfee	Artemis!54BADA2ED58D
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Trojan ( 0056a4101 )
Alibaba	TrojanDropper:Win32/NetTraveler.a8e38548
K7GW	Trojan ( 0056a4101 )
Arcabit	Trojan.Generic.D20D7C0A
Invincea	Mal/BadCert-Gen
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win32/Agent.ACCG.gen
TrendMicro-HouseCall	TROJ_GEN.R011C0RHQ20
Paloalto	generic.ml
Kaspersky	Trojan-Dropper.Win32.NetTraveler.ah
BitDefender	Trojan.GenericKD.34438154
NANO-Antivirus	Trojan.Win64.NetTraveler.htiivp
ViRobot	Trojan.Win32.Z.Nettraveler.43424
Avast	Win64:DangerousSig [Trj]
Ad-Aware	Trojan.GenericKD.34438154
Emsisoft	MalCert.A (A)
Comodo	Malware@#1g16rsn943eeg
F-Secure	Trojan.TR/Crypt.Agent.aawfv
Zillya	Dropper.NetTraveler.Win32.7
TrendMicro	TROJ_GEN.R011C0RHQ20
McAfee-GW-Edition	Artemis!Trojan
Sophos	Mal/BadCert-Gen
Ikarus	Trojan.Win32.Meterpreter
Jiangmin	TrojanDropper.NetTraveler.b
Avira	TR/Crypt.Agent.aawfv
Antiy-AVL	Trojan[Dropper]/Win32.NetTraveler
Microsoft	TrojanDownloader:Win64/Travnet!MTB
AegisLab	Trojan.Win32.NetTraveler.b!c
ZoneAlarm	Trojan-Dropper.Win32.NetTraveler.ah
GData	Trojan.GenericKD.34438154
AhnLab-V3	Malware/Win64.RL_Generic.R351032
ALYac	Trojan.GenericKD.34438154
Rising	Trojan.Win64/Kryptik!1.CB24 (CLASSIC)
MAX	malware (ai score=84)
Fortinet	W64/GenKryptik.ERBG!tr
AVG	Win64:DangerousSig [Trj]
Panda	Trj/CI.A
Qihoo-360	Win32/Trojan.Dropper.ad0

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-08-25 14:40:16

Imports

Library KERNEL32.dll:

• 0x140004000 ExitProcess

• 0x140004008 FindResourceA

• 0x140004010 LoadResource

• 0x140004018 FormatMessageA

• 0x140004020 OpenProcess

• 0x140004028 SizeofResource

• 0x140004030 InitializeCriticalSectionEx

• 0x140004038 GetLastError

• 0x140004040 GetProcAddress

• 0x140004048 VirtualAllocEx

• 0x140004050 LockResource

• 0x140004058 DecodePointer

• 0x140004060 GetModuleHandleA

• 0x140004068 DeleteCriticalSection

• 0x140004070 GetCurrentProcessId

• 0x140004078 LocalFree

• 0x140004080 WriteProcessMemory

• 0x140004088 lstrcpyA

• 0x140004090 IsDebuggerPresent

• 0x140004098 IsProcessorFeaturePresent

• 0x1400040a0 QueryPerformanceCounter

• 0x1400040a8 GetCurrentThreadId

• 0x1400040b0 EncodePointer

• 0x1400040b8 OutputDebugStringW

• 0x1400040c0 GetSystemTimeAsFileTime

Library USER32.dll:

• 0x1400042b0 GetWindowThreadProcessId

• 0x1400042b8 EnumChildWindows

• 0x1400042c0 GetClassNameA

• 0x1400042c8 GetWindowTextLengthA

• 0x1400042d0 SendMessageA

• 0x1400042d8 EnumWindows

• 0x1400042e0 GetWindowTextA

Library MSVCR120.dll:

• 0x140004158 _XcptFilter

• 0x140004160 _amsg_exit

• 0x140004168 __wgetmainargs

• 0x140004170 __set_app_type

• 0x140004178 exit

• 0x140004180 _exit

• 0x140004188 _cexit

• 0x140004190 _configthreadlocale

• 0x140004198 __setusermatherr

• 0x1400041a0 _initterm_e

• 0x1400041a8 __crtCapturePreviousContext

• 0x1400041b0 __winitenv

• 0x1400041b8 _fmode

• 0x1400041c0 _commode

• 0x1400041c8 ?terminate@@YAXXZ

• 0x1400041d0 ?_type_info_dtor_internal_method@type_info@@QEAAXXZ

• 0x1400041d8 __crtSetUnhandledExceptionFilter

• 0x1400041e0 memset

• 0x1400041e8 _CxxThrowException

• 0x1400041f0 __CxxFrameHandler3

• 0x1400041f8 __crtTerminateProcess

• 0x140004200 __crtUnhandledException

• 0x140004208 __crt_debugger_hook

• 0x140004210 _onexit

• 0x140004218 __C_specific_handler

• 0x140004220 __dllonexit

• 0x140004228 _calloc_crt

• 0x140004230 _unlock

• 0x140004238 ??2@YAPEAX_K@Z

• 0x140004240 _purecall

• 0x140004248 strcpy_s

• 0x140004250 printf

• 0x140004258 vsprintf_s

• 0x140004260 wprintf

• 0x140004268 malloc

• 0x140004270 free

• 0x140004278 ??_U@YAPEAX_K@Z

• 0x140004280 memmove

• 0x140004288 _initterm

• 0x140004290 ??3@YAXPEAX@Z

• 0x140004298 _lock

• 0x1400042a0 memcpy

Library WININET.dll:

• 0x1400042f0 InternetOpenA

• 0x1400042f8 InternetCloseHandle

• 0x140004300 InternetOpenUrlA

Library MSVCP120.dll:

• 0x1400040d0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

• 0x1400040d8 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

• 0x1400040e0 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z

• 0x1400040e8 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z

• 0x1400040f0 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ

• 0x1400040f8 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ

• 0x140004100 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z

• 0x140004108 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z

• 0x140004110 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z

• 0x140004118 ?uncaught_exception@std@@YA_NXZ

• 0x140004120 ?_Xlength_error@std@@YAXPEBD@Z

• 0x140004128 ?_Xout_of_range@std@@YAXPEBD@Z

• 0x140004130 ?_Xbad_alloc@std@@YAXXZ

• 0x140004138 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

• 0x140004140 ?_Syserror_map@std@@YAPEBDH@Z

• 0x140004148 ?_Winerror_map@std@@YAPEBDH@Z

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	65004	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	58368	239.255.255.250	3702
192.168.56.101	58370	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702
192.168.56.101	62194	239.255.255.250	1900
192.168.56.101	63430	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.