5.6
高危
57 个模型检测该样本为恶意!
重新分析
更多

aaf7a834529623fa776d9574d7026a9a40148fec3b8d598e8e8dfced91973760

55efd44f3444d6dcd463f231d1e39a17.exe

分析耗时

21s

最近分析

文件大小

755.5KB
静态报毒 动态报毒 +TRJ3EXIYZW AGEN AI SCORE=89 AIDETECTVM ALI1000123 AUTOG CLASSIC CMPO CONFIDENCE CRYSIS DELF DELPHILESS EMZL FAREIT GENERICIH GENERICKD HIGH CONFIDENCE HRQTPQ KRYPTIK LOKIBOT MALWARE2 MALWARE@#3SRRMEJIFHXOE NANOCORE QVM05 RUNNER S + TROJ S15461333 SCORE SPYBOTNET SUSPICIOUS PE THIAOBO TSCOPE VGX@AMWXQRFI WACATAC X2094 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FPQ!55EFD44F3444 20201023 6.0.6.653
Alibaba Trojan:Win32/runner.ali1000123 20190527 0.3.0.5
Avast Win32:Trojan-gen 20201023 18.4.3895.0
Baidu 20190318 1.0.0.2
Kingsoft 20201023 2013.8.14.323
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (4 个事件)
Time & API Arguments Status Return Repeated
1619426985.230495
NtAllocateVirtualMemory
process_identifier: 648
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003d0000
success 0 0
1619426985.308495
NtProtectVirtualMemory
process_identifier: 648
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 69632
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00469000
success 0 0
1619426985.308495
NtAllocateVirtualMemory
process_identifier: 648
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004e0000
success 0 0
1619456924.967124
NtAllocateVirtualMemory
process_identifier: 2868
region_size: 3158016
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x008d0000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.605551917740431 section {'size_of_data': '0x00037c00', 'virtual_address': '0x0008b000', 'entropy': 7.605551917740431, 'name': '.rsrc', 'virtual_size': '0x00037ae0'} description A section with a high entropy has been found
entropy 0.2957559681697613 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 648 called NtSetContextThread to modify thread in remote process 2868
Time & API Arguments Status Return Repeated
1619426985.433495
NtSetContextThread
thread_handle: 0x000000f8
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4317984
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2868
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 648 resumed a thread in remote process 2868
Time & API Arguments Status Return Repeated
1619426985.949495
NtResumeThread
thread_handle: 0x000000f8
suspend_count: 1
process_identifier: 2868
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619426985.417495
CreateProcessInternalW
thread_identifier: 912
thread_handle: 0x000000f8
process_identifier: 2868
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\55efd44f3444d6dcd463f231d1e39a17.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x000000fc
inherit_handles: 0
success 1 0
1619426985.417495
NtUnmapViewOfSection
process_identifier: 2868
region_size: 4096
process_handle: 0x000000fc
base_address: 0x00400000
success 0 0
1619426985.417495
NtMapViewOfSection
section_handle: 0x00000104
process_identifier: 2868
commit_size: 184320
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x000000fc
allocation_type: 0 ()
section_offset: 0
view_size: 184320
base_address: 0x00400000
success 0 0
1619426985.433495
NtGetContextThread
thread_handle: 0x000000f8
success 0 0
1619426985.433495
NtSetContextThread
thread_handle: 0x000000f8
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4317984
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2868
success 0 0
1619426985.949495
NtResumeThread
thread_handle: 0x000000f8
suspend_count: 1
process_identifier: 2868
success 0 0
File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
DrWeb BackDoor.SpyBotNET.25
MicroWorld-eScan Trojan.GenericKD.43647830
FireEye Generic.mg.55efd44f3444d6dc
CAT-QuickHeal Trojan.GenericIH.S15461333
Qihoo-360 Generic/HEUR/QVM05.1.32BB.Malware.Gen
McAfee Fareit-FPQ!55EFD44F3444
Zillya Trojan.Injector.Win32.761599
K7AntiVirus Trojan ( 0056c5991 )
Alibaba Trojan:Win32/runner.ali1000123
K7GW Trojan ( 0056c5991 )
Cybereason malicious.d6f299
Arcabit Trojan.Generic.D29A0356
Invincea Mal/Generic-S + Troj/AutoG-IV
BitDefenderTheta Gen:NN.ZelphiF.34570.VGX@amwXqrfi
Cyren W32/Injector.CMPO-5871
Symantec Infostealer.Lokibot!43
TrendMicro-HouseCall Trojan.Win32.WACATAC.THIAOBO
Avast Win32:Trojan-gen
ClamAV Win.Keylogger.CrySIS-9298412-0
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
BitDefender Trojan.GenericKD.43647830
NANO-Antivirus Trojan.Win32.Kryptik.hrqtpq
Paloalto generic.ml
Ad-Aware Trojan.GenericKD.43647830
TACHYON Trojan/W32.DP-Agent.773632.D
Emsisoft Trojan.GenericKD.43647830 (B)
Comodo Malware@#3srrmejifhxoe
F-Secure Heuristic.HEUR/AGEN.1105414
VIPRE Trojan.Win32.Generic!BT
TrendMicro Trojan.Win32.WACATAC.THIAOBO
McAfee-GW-Edition BehavesLike.Win32.Fareit.bh
Sophos Troj/AutoG-IV
SentinelOne DFI - Suspicious PE
Jiangmin Trojan.Kryptik.cbq
Avira HEUR/AGEN.1105414
Antiy-AVL Trojan/Win32.Kryptik
Microsoft Trojan:Win32/NanoCore.VD!MTB
AegisLab Riskware.Win32.Malicious.1!c
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Trojan.GenericKD.43647830
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2094
ALYac Trojan.GenericKD.43647830
MAX malware (ai score=89)
VBA32 TScope.Trojan.Delf
Malwarebytes Trojan.MalPack.DLF
APEX Malicious
ESET-NOD32 a variant of Win32/Injector.EMZL
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x47e13c VirtualFree
0x47e140 VirtualAlloc
0x47e144 LocalFree
0x47e148 LocalAlloc
0x47e14c GetVersion
0x47e150 GetCurrentThreadId
0x47e15c VirtualQuery
0x47e160 WideCharToMultiByte
0x47e168 MultiByteToWideChar
0x47e16c lstrlenA
0x47e170 lstrcpynA
0x47e174 LoadLibraryExA
0x47e178 GetThreadLocale
0x47e17c GetStartupInfoA
0x47e180 GetProcAddress
0x47e184 GetModuleHandleA
0x47e188 GetModuleFileNameA
0x47e18c GetLocaleInfoA
0x47e190 GetLastError
0x47e198 GetCommandLineA
0x47e19c FreeLibrary
0x47e1a0 FindFirstFileA
0x47e1a4 FindClose
0x47e1a8 ExitProcess
0x47e1ac WriteFile
0x47e1b4 RtlUnwind
0x47e1b8 RaiseException
0x47e1bc GetStdHandle
Library user32.dll:
0x47e1c4 GetKeyboardType
0x47e1c8 LoadStringA
0x47e1cc MessageBoxA
0x47e1d0 CharNextA
Library advapi32.dll:
0x47e1d8 RegQueryValueExA
0x47e1dc RegOpenKeyExA
0x47e1e0 RegCloseKey
Library oleaut32.dll:
0x47e1e8 SysFreeString
0x47e1ec SysReAllocStringLen
0x47e1f0 SysAllocStringLen
Library kernel32.dll:
0x47e1f8 TlsSetValue
0x47e1fc TlsGetValue
0x47e200 LocalAlloc
0x47e204 GetModuleHandleA
Library advapi32.dll:
0x47e20c RegQueryValueExA
0x47e210 RegOpenKeyExA
0x47e214 RegCloseKey
Library kernel32.dll:
0x47e21c lstrcpyA
0x47e220 WriteFile
0x47e224 WaitForSingleObject
0x47e228 VirtualQuery
0x47e22c VirtualProtect
0x47e230 VirtualAlloc
0x47e234 Sleep
0x47e238 SizeofResource
0x47e23c SetThreadLocale
0x47e240 SetFilePointer
0x47e244 SetEvent
0x47e248 SetErrorMode
0x47e24c SetEndOfFile
0x47e250 ResetEvent
0x47e254 ReadFile
0x47e258 MulDiv
0x47e25c LockResource
0x47e260 LoadResource
0x47e264 LoadLibraryA
0x47e270 GlobalUnlock
0x47e274 GlobalReAlloc
0x47e278 GlobalHandle
0x47e27c GlobalLock
0x47e280 GlobalFree
0x47e284 GlobalFindAtomA
0x47e288 GlobalDeleteAtom
0x47e28c GlobalAlloc
0x47e290 GlobalAddAtomA
0x47e298 GetVersionExA
0x47e29c GetVersion
0x47e2a0 GetTickCount
0x47e2a4 GetThreadLocale
0x47e2ac GetSystemInfo
0x47e2b0 GetStringTypeExA
0x47e2b4 GetStdHandle
0x47e2b8 GetProcAddress
0x47e2bc GetModuleHandleA
0x47e2c0 GetModuleFileNameA
0x47e2c4 GetLocaleInfoA
0x47e2c8 GetLocalTime
0x47e2cc GetLastError
0x47e2d0 GetFullPathNameA
0x47e2d4 GetFileAttributesA
0x47e2d8 GetDiskFreeSpaceA
0x47e2dc GetDateFormatA
0x47e2e0 GetCurrentThreadId
0x47e2e4 GetCurrentProcessId
0x47e2e8 GetCPInfo
0x47e2ec GetACP
0x47e2f0 FreeResource
0x47e2f4 InterlockedExchange
0x47e2f8 FreeLibrary
0x47e2fc FormatMessageA
0x47e300 FindResourceA
0x47e304 FindNextFileA
0x47e308 FindFirstFileA
0x47e30c FindClose
0x47e31c EnumCalendarInfoA
0x47e328 CreateThread
0x47e32c CreateFileA
0x47e330 CreateEventA
0x47e334 CompareStringA
0x47e338 CloseHandle
Library version.dll:
0x47e340 VerQueryValueA
0x47e348 GetFileVersionInfoA
Library gdi32.dll:
0x47e350 UnrealizeObject
0x47e354 StretchBlt
0x47e358 SetWindowOrgEx
0x47e35c SetWinMetaFileBits
0x47e360 SetViewportOrgEx
0x47e364 SetTextColor
0x47e368 SetStretchBltMode
0x47e36c SetROP2
0x47e370 SetPixel
0x47e374 SetEnhMetaFileBits
0x47e378 SetDIBColorTable
0x47e37c SetBrushOrgEx
0x47e380 SetBkMode
0x47e384 SetBkColor
0x47e388 SelectPalette
0x47e38c SelectObject
0x47e390 SelectClipRgn
0x47e394 SaveDC
0x47e398 RestoreDC
0x47e39c Rectangle
0x47e3a0 RectVisible
0x47e3a4 RealizePalette
0x47e3a8 Polyline
0x47e3ac PlayEnhMetaFile
0x47e3b0 PatBlt
0x47e3b4 MoveToEx
0x47e3b8 MaskBlt
0x47e3bc LineTo
0x47e3c0 IntersectClipRect
0x47e3c4 GetWindowOrgEx
0x47e3c8 GetWinMetaFileBits
0x47e3cc GetTextMetricsA
0x47e3d8 GetStockObject
0x47e3dc GetPixel
0x47e3e0 GetPaletteEntries
0x47e3e4 GetObjectA
0x47e3f0 GetEnhMetaFileBits
0x47e3f4 GetDeviceCaps
0x47e3f8 GetDIBits
0x47e3fc GetDIBColorTable
0x47e400 GetDCOrgEx
0x47e408 GetClipRgn
0x47e40c GetClipBox
0x47e410 GetBrushOrgEx
0x47e414 GetBitmapBits
0x47e418 ExtTextOutA
0x47e41c ExcludeClipRect
0x47e420 DeleteObject
0x47e424 DeleteEnhMetaFile
0x47e428 DeleteDC
0x47e42c CreateSolidBrush
0x47e430 CreateRectRgn
0x47e434 CreatePenIndirect
0x47e438 CreatePalette
0x47e440 CreateFontIndirectA
0x47e444 CreateDIBitmap
0x47e448 CreateDIBSection
0x47e44c CreateCompatibleDC
0x47e454 CreateBrushIndirect
0x47e458 CreateBitmap
0x47e45c CopyEnhMetaFileA
0x47e460 BitBlt
Library user32.dll:
0x47e468 CreateWindowExA
0x47e46c WindowFromPoint
0x47e470 WinHelpA
0x47e474 WaitMessage
0x47e478 UpdateWindow
0x47e47c UnregisterClassA
0x47e480 UnhookWindowsHookEx
0x47e484 TranslateMessage
0x47e48c TrackPopupMenu
0x47e494 ShowWindow
0x47e498 ShowScrollBar
0x47e49c ShowOwnedPopups
0x47e4a0 ShowCursor
0x47e4a4 SetWindowsHookExA
0x47e4a8 SetWindowTextA
0x47e4ac SetWindowPos
0x47e4b0 SetWindowPlacement
0x47e4b4 SetWindowLongA
0x47e4b8 SetTimer
0x47e4bc SetScrollRange
0x47e4c0 SetScrollPos
0x47e4c4 SetScrollInfo
0x47e4c8 SetRect
0x47e4cc SetPropA
0x47e4d0 SetParent
0x47e4d4 SetMenuItemInfoA
0x47e4d8 SetMenu
0x47e4dc SetKeyboardState
0x47e4e0 SetForegroundWindow
0x47e4e4 SetFocus
0x47e4e8 SetCursor
0x47e4ec SetClipboardData
0x47e4f0 SetClassLongA
0x47e4f4 SetCapture
0x47e4f8 SetActiveWindow
0x47e4fc SendMessageA
0x47e500 ScrollWindow
0x47e504 ScreenToClient
0x47e508 RemovePropA
0x47e50c RemoveMenu
0x47e510 ReleaseDC
0x47e514 ReleaseCapture
0x47e520 RegisterClassA
0x47e524 RedrawWindow
0x47e528 PtInRect
0x47e52c PostQuitMessage
0x47e530 PostMessageA
0x47e534 PeekMessageA
0x47e538 OpenClipboard
0x47e53c OffsetRect
0x47e540 OemToCharA
0x47e544 MessageBoxA
0x47e548 MessageBeep
0x47e54c MapWindowPoints
0x47e550 MapVirtualKeyA
0x47e554 LoadStringA
0x47e558 LoadKeyboardLayoutA
0x47e55c LoadIconA
0x47e560 LoadCursorA
0x47e564 LoadBitmapA
0x47e568 KillTimer
0x47e56c IsZoomed
0x47e570 IsWindowVisible
0x47e574 IsWindowEnabled
0x47e578 IsWindow
0x47e57c IsRectEmpty
0x47e580 IsIconic
0x47e584 IsDialogMessageA
0x47e588 IsChild
0x47e58c IsCharAlphaNumericA
0x47e590 IsCharAlphaA
0x47e594 InvalidateRect
0x47e598 IntersectRect
0x47e59c InsertMenuItemA
0x47e5a0 InsertMenuA
0x47e5a4 InflateRect
0x47e5ac GetWindowTextA
0x47e5b0 GetWindowRect
0x47e5b4 GetWindowPlacement
0x47e5b8 GetWindowLongA
0x47e5bc GetWindowDC
0x47e5c0 GetTopWindow
0x47e5c4 GetSystemMetrics
0x47e5c8 GetSystemMenu
0x47e5cc GetSysColorBrush
0x47e5d0 GetSysColor
0x47e5d4 GetSubMenu
0x47e5d8 GetScrollRange
0x47e5dc GetScrollPos
0x47e5e0 GetScrollInfo
0x47e5e4 GetPropA
0x47e5e8 GetParent
0x47e5ec GetWindow
0x47e5f0 GetMenuStringA
0x47e5f4 GetMenuState
0x47e5f8 GetMenuItemInfoA
0x47e5fc GetMenuItemID
0x47e600 GetMenuItemCount
0x47e604 GetMenuDefaultItem
0x47e608 GetMenu
0x47e60c GetLastActivePopup
0x47e610 GetKeyboardState
0x47e618 GetKeyboardLayout
0x47e61c GetKeyState
0x47e620 GetKeyNameTextA
0x47e624 GetIconInfo
0x47e628 GetForegroundWindow
0x47e62c GetFocus
0x47e630 GetDlgItem
0x47e634 GetDesktopWindow
0x47e638 GetDCEx
0x47e63c GetDC
0x47e640 GetCursorPos
0x47e644 GetCursor
0x47e648 GetClipboardData
0x47e64c GetClientRect
0x47e650 GetClassNameA
0x47e654 GetClassInfoA
0x47e658 GetCapture
0x47e65c GetActiveWindow
0x47e660 FrameRect
0x47e664 FindWindowA
0x47e668 FillRect
0x47e66c EqualRect
0x47e670 EnumWindows
0x47e674 EnumThreadWindows
0x47e67c EndPaint
0x47e680 EndDeferWindowPos
0x47e684 EnableWindow
0x47e688 EnableScrollBar
0x47e68c EnableMenuItem
0x47e690 EmptyClipboard
0x47e694 DrawTextA
0x47e698 DrawMenuBar
0x47e69c DrawIconEx
0x47e6a0 DrawIcon
0x47e6a4 DrawFrameControl
0x47e6a8 DrawFocusRect
0x47e6ac DrawEdge
0x47e6b0 DispatchMessageA
0x47e6b4 DestroyWindow
0x47e6b8 DestroyMenu
0x47e6bc DestroyIcon
0x47e6c0 DestroyCursor
0x47e6c4 DeleteMenu
0x47e6c8 DeferWindowPos
0x47e6cc DefWindowProcA
0x47e6d0 DefMDIChildProcA
0x47e6d4 DefFrameProcA
0x47e6d8 CreatePopupMenu
0x47e6dc CreateMenu
0x47e6e0 CreateIcon
0x47e6e4 CloseClipboard
0x47e6e8 ClientToScreen
0x47e6ec CheckMenuItem
0x47e6f0 CallWindowProcA
0x47e6f4 CallNextHookEx
0x47e6f8 BeginPaint
0x47e6fc BeginDeferWindowPos
0x47e700 CharNextA
0x47e704 CharLowerBuffA
0x47e708 CharLowerA
0x47e70c CharUpperBuffA
0x47e710 CharToOemA
0x47e714 AdjustWindowRectEx
Library kernel32.dll:
0x47e720 Sleep
Library oleaut32.dll:
0x47e728 SafeArrayPtrOfIndex
0x47e72c SafeArrayGetUBound
0x47e730 SafeArrayGetLBound
0x47e734 SafeArrayCreate
0x47e738 VariantChangeType
0x47e73c VariantCopy
0x47e740 VariantClear
0x47e744 VariantInit
Library comctl32.dll:
0x47e754 ImageList_Write
0x47e758 ImageList_Read
0x47e768 ImageList_DragMove
0x47e76c ImageList_DragLeave
0x47e770 ImageList_DragEnter
0x47e774 ImageList_EndDrag
0x47e778 ImageList_BeginDrag
0x47e77c ImageList_Remove
0x47e780 ImageList_DrawEx
0x47e784 ImageList_Replace
0x47e788 ImageList_Draw
0x47e798 ImageList_Add
0x47e7a0 ImageList_Destroy
0x47e7a4 ImageList_Create
0x47e7a8 InitCommonControls
Library comdlg32.dll:
0x47e7b0 GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.