1.8
低危
54 个模型检测该样本为恶意!
重新分析
更多

cab492cb2a3458a610cb3dbbaa824af61b9a1c8359922338bd4d0c05cb47d19f

57eb5be5bb0045638235a41f36669443.exe

分析耗时

17s

最近分析

文件大小

160.0KB
静态报毒 动态报毒 100% AGENERIC AI SCORE=87 AIDETECTVM ATTRIBUTE BANKERX BSCOPE CONFIDENCE ELDORADO GBQBWA GENASA GENCIRC GENERICRXJI HIGH CONFIDENCE HIGHCONFIDENCE HLLP MALICIOUS PE MALWARE1 MALWARE@#2T9US1U2S55UN NHDTROXZVHJ PLUROX RAZY SCORE STATIC AI TRICK TRICKBOT UNSAFE YS5BEJXHE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/TrickBot.fc068d22 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Kingsoft 20201211 2017.9.26.565
McAfee GenericRXJI-YZ!57EB5BE5BB00 20201211 6.0.6.653
Tencent Malware.Win32.Gencirc.11847fd0 20201211 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
行为判定
动态指标
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Razy.514218
FireEye Generic.mg.57eb5be5bb004563
ALYac Gen:Variant.Razy.514218
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Trojan ( 005582d41 )
Alibaba Trojan:Win32/TrickBot.fc068d22
K7GW Trojan ( 005582d41 )
Cybereason malicious.5bb004
Arcabit Trojan.Razy.D7D8AA
BitDefenderTheta AI:Packer.41EF78AE1F
Cyren W32/Agent.BNQ.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Gen:Variant.Razy.514218
NANO-Antivirus Trojan.Win32.TrickBot.gbqbwa
Rising Trojan.TrickBot!8.E313 (TFE:1:NhdtrOxZvhJ)
Ad-Aware Gen:Variant.Razy.514218
Sophos Mal/Generic-S
Comodo Malware@#2t9us1u2s55un
F-Secure Trojan.TR/Spy.Gen
DrWeb Trojan.Trick.46503
Zillya Trojan.TrickBot.Win32.1770
McAfee-GW-Edition BehavesLike.Win32.HLLP.cm
Emsisoft Gen:Variant.Razy.514218 (B)
SentinelOne Static AI - Malicious PE
Avira TR/Spy.Gen
Antiy-AVL Trojan/Win32.AGeneric
Microsoft Trojan:Win32/TrickBot.SE!bit
AegisLab Trojan.Win32.Generic.4!c
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Gen:Variant.Razy.514218
AhnLab-V3 Trojan/Win32.Generic.C3048693
Acronis suspicious
McAfee GenericRXJI-YZ!57EB5BE5BB00
MAX malware (ai score=87)
VBA32 BScope.Backdoor.Plurox
Malwarebytes Trojan.TrickBot
ESET-NOD32 a variant of Win32/TrickBot.CT
Tencent Malware.Win32.Gencirc.11847fd0
Yandex Trojan.GenAsa!5/ys5BEJxhE
Ikarus Trojan-Banker.TrickBot
eGambit Unsafe.AI_Score_95%
Fortinet W32/Generic.AP.30C26C!tr
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2058-06-26 13:36:18

Imports

Library ADVAPI32.dll:
0x40c248 CryptGenRandom
0x40c24c CryptReleaseContext
0x40c250 EqualSid
0x40c254 FreeSid
0x40c258 GetSidSubAuthority
0x40c260 GetTokenInformation
0x40c268 OpenProcessToken
0x40c26c RegCloseKey
0x40c270 RegDeleteValueW
0x40c274 RegOpenKeyExW
0x40c278 RegQueryValueExW
0x40c27c RegSetValueExW
Library KERNEL32.dll:
0x40c284 CloseHandle
0x40c288 CreateFileW
0x40c28c CreateRemoteThread
0x40c294 DeleteFileW
0x40c298 ExitProcess
0x40c29c FindResourceW
0x40c2a0 GetCurrentProcess
0x40c2a4 GetCurrentProcessId
0x40c2a8 GetExitCodeProcess
0x40c2ac GetFileAttributesW
0x40c2b0 GetFileSize
0x40c2b4 GetLastError
0x40c2b8 GetModuleFileNameW
0x40c2bc GetModuleHandleW
0x40c2c0 GetProcAddress
0x40c2c4 GetProcessHeap
0x40c2c8 GetSystemTime
0x40c2cc GetVersion
0x40c2d0 HeapAlloc
0x40c2d4 HeapFree
0x40c2d8 HeapReAlloc
0x40c2dc HeapSize
0x40c2e0 IsWow64Process
0x40c2e4 LoadResource
0x40c2e8 LockResource
0x40c2ec MultiByteToWideChar
0x40c2f0 OpenMutexW
0x40c2f4 OpenProcess
0x40c2f8 Process32FirstW
0x40c2fc Process32NextW
0x40c300 ReadFile
0x40c304 ReadProcessMemory
0x40c308 SetFileAttributesW
0x40c30c SetFileTime
0x40c310 SizeofResource
0x40c314 Sleep
0x40c31c TerminateProcess
0x40c320 VirtualAlloc
0x40c324 VirtualAllocEx
0x40c328 WideCharToMultiByte
0x40c32c WriteFile
0x40c330 WriteProcessMemory
Library msvcrt.dll:
0x40c338 _iob
0x40c33c _vsnprintf
0x40c340 _vsnwprintf
0x40c344 fgetwc
0x40c348 getc
0x40c34c memcpy
0x40c350 memset
Library ole32.dll:
0x40c358 CoCreateInstance
0x40c35c CoInitializeEx
0x40c364 CoSetProxyBlanket
0x40c368 CoUninitialize
Library OLEAUT32.dll:
0x40c370 VariantClear
Library SHELL32.dll:
0x40c378 StrStrIW
Library SHLWAPI.dll:
0x40c380 StrCmpIW
Library WS2_32.dll:
0x40c388 FreeAddrInfoW
0x40c38c GetAddrInfoW
0x40c390 WSAGetLastError
0x40c394 WSAStartup
0x40c398 __WSAFDIsSet
0x40c39c closesocket
0x40c3a0 connect
0x40c3a4 ioctlsocket
0x40c3a8 recv
0x40c3ac select
0x40c3b0 send
0x40c3b4 setsockopt
0x40c3b8 shutdown
0x40c3bc socket

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.