3.4
中危
5 个模型检测该样本为恶意!
重新分析
更多

6020b89044558a83b9778dfd3df89b59356ea124ae5b7951e6d51a5bb8ad6d88

56955fed176c45dff0ff32a88927b43a.exe

分析耗时

84s

最近分析

文件大小

435.5KB
静态报毒 动态报毒 AIDETECTVM BG0@A8M0R6OG CONFIDENCE DELF MALICIOUS MALWARE2 TSCOPE ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20201107 6.0.6.653
Baidu 20190318 1.0.0.2
Alibaba 20190527 0.3.0.5
Avast 20201107 20.10.5736.0
Kingsoft 20201107 2013.8.14.323
Tencent 20201107 1.0.0.1
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620762775.764875
NtAllocateVirtualMemory
process_identifier: 2988
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003d0000
success 0 0
Foreign language identified in PE resource (3 个事件)
name RT_ICON language LANG_KOREAN offset 0x0006d754 filetype dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 49, next used block 48059 sublanguage SUBLANG_KOREAN size 0x000002e8
name RT_GROUP_ICON language LANG_KOREAN offset 0x000718a4 filetype data sublanguage SUBLANG_KOREAN size 0x00000014
name RT_VERSION language LANG_KOREAN offset 0x000718b8 filetype data sublanguage SUBLANG_KOREAN size 0x00000280
File has been identified by 5 AntiVirus engines on VirusTotal as malicious (5 个事件)
Bkav W32.AIDetectVM.malware2
APEX Malicious
BitDefenderTheta Gen:NN.ZelphiF.34590.BG0@a8M0r6oG
VBA32 TScope.Trojan.Delf
CrowdStrike win/malicious_confidence_60% (W)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x45f128 VirtualFree
0x45f12c VirtualAlloc
0x45f130 LocalFree
0x45f134 LocalAlloc
0x45f138 GetVersion
0x45f13c GetCurrentThreadId
0x45f148 VirtualQuery
0x45f14c WideCharToMultiByte
0x45f150 MultiByteToWideChar
0x45f154 lstrlenA
0x45f158 lstrcpynA
0x45f15c LoadLibraryExA
0x45f160 GetThreadLocale
0x45f164 GetStartupInfoA
0x45f168 GetProcAddress
0x45f16c GetModuleHandleA
0x45f170 GetModuleFileNameA
0x45f174 GetLocaleInfoA
0x45f178 GetCommandLineA
0x45f17c FreeLibrary
0x45f180 FindFirstFileA
0x45f184 FindClose
0x45f188 ExitProcess
0x45f18c WriteFile
0x45f194 RtlUnwind
0x45f198 RaiseException
0x45f19c GetStdHandle
Library user32.dll:
0x45f1a4 GetKeyboardType
0x45f1a8 LoadStringA
0x45f1ac MessageBoxA
0x45f1b0 CharNextA
Library advapi32.dll:
0x45f1b8 RegQueryValueExA
0x45f1bc RegOpenKeyExA
0x45f1c0 RegCloseKey
Library oleaut32.dll:
0x45f1c8 SysFreeString
0x45f1cc SysReAllocStringLen
0x45f1d0 SysAllocStringLen
Library kernel32.dll:
0x45f1d8 TlsSetValue
0x45f1dc TlsGetValue
0x45f1e0 LocalAlloc
0x45f1e4 GetModuleHandleA
Library advapi32.dll:
0x45f1ec RegQueryValueExA
0x45f1f0 RegOpenKeyExA
0x45f1f4 RegCloseKey
Library kernel32.dll:
0x45f1fc lstrcpyA
0x45f200 WriteFile
0x45f204 WaitForSingleObject
0x45f208 VirtualQuery
0x45f20c VirtualAlloc
0x45f210 Sleep
0x45f214 SizeofResource
0x45f218 SetThreadLocale
0x45f21c SetFilePointer
0x45f220 SetEvent
0x45f224 SetErrorMode
0x45f228 SetEndOfFile
0x45f22c ResetEvent
0x45f230 ReadFile
0x45f234 MulDiv
0x45f238 LockResource
0x45f23c LoadResource
0x45f240 LoadLibraryA
0x45f24c GlobalUnlock
0x45f250 GlobalReAlloc
0x45f254 GlobalHandle
0x45f258 GlobalLock
0x45f25c GlobalFree
0x45f260 GlobalFindAtomA
0x45f264 GlobalDeleteAtom
0x45f268 GlobalAlloc
0x45f26c GlobalAddAtomA
0x45f270 GetVersionExA
0x45f274 GetVersion
0x45f278 GetTickCount
0x45f27c GetThreadLocale
0x45f280 GetTempPathA
0x45f284 GetSystemInfo
0x45f288 GetStringTypeExA
0x45f28c GetStdHandle
0x45f290 GetProcAddress
0x45f294 GetModuleHandleA
0x45f298 GetModuleFileNameA
0x45f29c GetLocaleInfoA
0x45f2a0 GetLocalTime
0x45f2a4 GetLastError
0x45f2a8 GetFullPathNameA
0x45f2ac GetFileSize
0x45f2b0 GetDiskFreeSpaceA
0x45f2b4 GetDateFormatA
0x45f2b8 GetCurrentThreadId
0x45f2bc GetCurrentProcessId
0x45f2c0 GetCPInfo
0x45f2c4 GetACP
0x45f2c8 FreeResource
0x45f2cc InterlockedExchange
0x45f2d0 FreeLibrary
0x45f2d4 FormatMessageA
0x45f2d8 FindResourceA
0x45f2dc EnumCalendarInfoA
0x45f2e8 CreateThread
0x45f2ec CreateMutexA
0x45f2f0 CreateFileA
0x45f2f4 CreateEventA
0x45f2f8 CompareStringA
0x45f2fc CloseHandle
Library version.dll:
0x45f304 VerQueryValueA
0x45f30c GetFileVersionInfoA
Library gdi32.dll:
0x45f314 UnrealizeObject
0x45f318 StretchBlt
0x45f31c SetWindowOrgEx
0x45f320 SetViewportOrgEx
0x45f324 SetTextColor
0x45f328 SetStretchBltMode
0x45f32c SetROP2
0x45f330 SetPixel
0x45f334 SetDIBColorTable
0x45f338 SetBrushOrgEx
0x45f33c SetBkMode
0x45f340 SetBkColor
0x45f344 SelectPalette
0x45f348 SelectObject
0x45f34c SaveDC
0x45f350 RestoreDC
0x45f354 RectVisible
0x45f358 RealizePalette
0x45f35c Polyline
0x45f360 PatBlt
0x45f364 MoveToEx
0x45f368 MaskBlt
0x45f36c LineTo
0x45f370 IntersectClipRect
0x45f374 GetWindowOrgEx
0x45f378 GetTextMetricsA
0x45f384 GetStockObject
0x45f388 GetPixel
0x45f38c GetPaletteEntries
0x45f390 GetObjectA
0x45f394 GetDeviceCaps
0x45f398 GetDIBits
0x45f39c GetDIBColorTable
0x45f3a0 GetDCOrgEx
0x45f3a8 GetClipBox
0x45f3ac GetBrushOrgEx
0x45f3b0 GetBitmapBits
0x45f3b4 ExcludeClipRect
0x45f3b8 DeleteObject
0x45f3bc DeleteDC
0x45f3c0 CreateSolidBrush
0x45f3c4 CreatePenIndirect
0x45f3c8 CreatePalette
0x45f3d0 CreateFontIndirectA
0x45f3d4 CreateDIBitmap
0x45f3d8 CreateDIBSection
0x45f3dc CreateCompatibleDC
0x45f3e4 CreateBrushIndirect
0x45f3e8 CreateBitmap
0x45f3ec BitBlt
Library user32.dll:
0x45f3f4 CreateWindowExA
0x45f3f8 WindowFromPoint
0x45f3fc WinHelpA
0x45f400 WaitMessage
0x45f404 UpdateWindow
0x45f408 UnregisterClassA
0x45f40c UnhookWindowsHookEx
0x45f410 TranslateMessage
0x45f418 TrackPopupMenu
0x45f420 ShowWindow
0x45f424 ShowScrollBar
0x45f428 ShowOwnedPopups
0x45f42c ShowCursor
0x45f430 SetWindowsHookExA
0x45f434 SetWindowTextA
0x45f438 SetWindowPos
0x45f43c SetWindowPlacement
0x45f440 SetWindowLongA
0x45f444 SetTimer
0x45f448 SetScrollRange
0x45f44c SetScrollPos
0x45f450 SetScrollInfo
0x45f454 SetRect
0x45f458 SetPropA
0x45f45c SetParent
0x45f460 SetMenuItemInfoA
0x45f464 SetMenu
0x45f468 SetForegroundWindow
0x45f46c SetFocus
0x45f470 SetCursor
0x45f474 SetClassLongA
0x45f478 SetCapture
0x45f47c SetActiveWindow
0x45f480 SendMessageA
0x45f484 ScrollWindow
0x45f488 ScreenToClient
0x45f48c RemovePropA
0x45f490 RemoveMenu
0x45f494 ReleaseDC
0x45f498 ReleaseCapture
0x45f4a4 RegisterClassA
0x45f4a8 RedrawWindow
0x45f4ac PtInRect
0x45f4b0 PostQuitMessage
0x45f4b4 PostMessageA
0x45f4b8 PeekMessageA
0x45f4bc OffsetRect
0x45f4c0 OemToCharA
0x45f4c4 MessageBoxA
0x45f4c8 MapWindowPoints
0x45f4cc MapVirtualKeyA
0x45f4d0 LoadStringA
0x45f4d4 LoadKeyboardLayoutA
0x45f4d8 LoadIconA
0x45f4dc LoadCursorA
0x45f4e0 LoadBitmapA
0x45f4e4 KillTimer
0x45f4e8 IsZoomed
0x45f4ec IsWindowVisible
0x45f4f0 IsWindowEnabled
0x45f4f4 IsWindow
0x45f4f8 IsRectEmpty
0x45f4fc IsIconic
0x45f500 IsDialogMessageA
0x45f504 IsChild
0x45f508 InvalidateRect
0x45f50c IntersectRect
0x45f510 InsertMenuItemA
0x45f514 InsertMenuA
0x45f518 InflateRect
0x45f520 GetWindowTextA
0x45f524 GetWindowRect
0x45f528 GetWindowPlacement
0x45f52c GetWindowLongA
0x45f530 GetWindowDC
0x45f534 GetTopWindow
0x45f538 GetSystemMetrics
0x45f53c GetSystemMenu
0x45f540 GetSysColorBrush
0x45f544 GetSysColor
0x45f548 GetSubMenu
0x45f54c GetScrollRange
0x45f550 GetScrollPos
0x45f554 GetScrollInfo
0x45f558 GetPropA
0x45f55c GetParent
0x45f560 GetWindow
0x45f564 GetMenuStringA
0x45f568 GetMenuState
0x45f56c GetMenuItemInfoA
0x45f570 GetMenuItemID
0x45f574 GetMenuItemCount
0x45f578 GetMenu
0x45f57c GetLastActivePopup
0x45f580 GetKeyboardState
0x45f588 GetKeyboardLayout
0x45f58c GetKeyState
0x45f590 GetKeyNameTextA
0x45f594 GetIconInfo
0x45f598 GetForegroundWindow
0x45f59c GetFocus
0x45f5a0 GetDesktopWindow
0x45f5a4 GetDCEx
0x45f5a8 GetDC
0x45f5ac GetCursorPos
0x45f5b0 GetCursor
0x45f5b4 GetClientRect
0x45f5b8 GetClassNameA
0x45f5bc GetClassInfoA
0x45f5c0 GetCapture
0x45f5c4 GetActiveWindow
0x45f5c8 FrameRect
0x45f5cc FindWindowA
0x45f5d0 FillRect
0x45f5d4 EqualRect
0x45f5d8 EnumWindows
0x45f5dc EnumThreadWindows
0x45f5e0 EndPaint
0x45f5e4 EnableWindow
0x45f5e8 EnableScrollBar
0x45f5ec EnableMenuItem
0x45f5f0 DrawTextA
0x45f5f4 DrawMenuBar
0x45f5f8 DrawIconEx
0x45f5fc DrawIcon
0x45f600 DrawFrameControl
0x45f604 DrawEdge
0x45f608 DispatchMessageA
0x45f60c DestroyWindow
0x45f610 DestroyMenu
0x45f614 DestroyIcon
0x45f618 DestroyCursor
0x45f61c DeleteMenu
0x45f620 DefWindowProcA
0x45f624 DefMDIChildProcA
0x45f628 DefFrameProcA
0x45f62c CreatePopupMenu
0x45f630 CreateMenu
0x45f634 CreateIcon
0x45f638 ClientToScreen
0x45f63c CheckMenuItem
0x45f640 CallWindowProcA
0x45f644 CallNextHookEx
0x45f648 BeginPaint
0x45f64c CharNextA
0x45f650 CharLowerA
0x45f654 CharUpperBuffA
0x45f658 CharToOemA
0x45f65c AdjustWindowRectEx
Library kernel32.dll:
0x45f668 Sleep
Library oleaut32.dll:
0x45f670 SafeArrayPtrOfIndex
0x45f674 SafeArrayGetUBound
0x45f678 SafeArrayGetLBound
0x45f67c SafeArrayCreate
0x45f680 VariantChangeType
0x45f684 VariantCopy
0x45f688 VariantClear
0x45f68c VariantInit
Library comctl32.dll:
0x45f69c ImageList_Write
0x45f6a0 ImageList_Read
0x45f6b0 ImageList_DragMove
0x45f6b4 ImageList_DragLeave
0x45f6b8 ImageList_DragEnter
0x45f6bc ImageList_EndDrag
0x45f6c0 ImageList_BeginDrag
0x45f6c4 ImageList_Remove
0x45f6c8 ImageList_DrawEx
0x45f6cc ImageList_Draw
0x45f6dc ImageList_Add
0x45f6e4 ImageList_Destroy
0x45f6e8 ImageList_Create
0x45f6ec InitCommonControls

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.