2.4
中危
47 个模型检测该样本为恶意!
重新分析
更多

a412e64bc7e973e5fafd32ec014d705faafc9899a28503e5ff7787bcf2853da7

58af6d41650ae24dcb398d1d0468c5b1.exe

分析耗时

13s

最近分析

文件大小

103.0KB
静态报毒 动态报毒 100% AI SCORE=83 AIDETECTVM CLASSIC CONFIDENCE ELQV FSEV GANDCRAB GDSDA GENKRYPTIK HDGH HIGH CONFIDENCE KILLPROC KILLPROC2 KRYPTIK MALICIOUS PE MALPE MALWARE1 MALWARE@#5I5AXSZK9XHU MINT R06EC0DIA20 RACK S + MAL SCORE STATIC AI TITIREZ TOFSEE UNSAFE WACATAC X2065 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Tofsee.43b5fb01 20190527 0.3.0.5
Avast 20201210 21.1.5827.0
Baidu 20190318 1.0.0.2
Kingsoft 20201211 2017.9.26.565
McAfee Trojan-FSEV!58AF6D41650A 20201211 6.0.6.653
Tencent 20201211 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
This executable has a PDB path (1 个事件)
pdb_path C:\zugucawinuyesez57\sutofaxo gabevevi-laruzek.pdb82\bin\cojurevadi.pdb *Ø_¨
行为判定
动态指标
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.477211637157601 section {'size_of_data': '0x00013a00', 'virtual_address': '0x00001000', 'entropy': 7.477211637157601, 'name': '.text', 'virtual_size': '0x00013a00'} description A section with a high entropy has been found
entropy 0.4131578947368421 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 47 AntiVirus engines on VirusTotal as malicious (47 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
DrWeb Trojan.KillProc2.10385
MicroWorld-eScan Gen:Heur.Mint.Titirez.1.23
FireEye Generic.mg.58af6d41650ae24d
ALYac Gen:Heur.Mint.Titirez.1.23
Sangfor Malware
K7AntiVirus Trojan ( 0056809d1 )
Alibaba Trojan:Win32/Tofsee.43b5fb01
K7GW Trojan ( 0056809d1 )
Cybereason malicious.1650ae
Arcabit Trojan.Mint.Titirez.1.23
Symantec Trojan.Gen.2
ESET-NOD32 a variant of Win32/Kryptik.HDGH
APEX Malicious
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Gen:Heur.Mint.Titirez.1.23
Paloalto generic.ml
AegisLab Trojan.Win32.Generic.4!c
Rising Trojan.Kryptik!1.C65B (CLASSIC)
Ad-Aware Gen:Heur.Mint.Titirez.1.23
Emsisoft Gen:Heur.Mint.Titirez.1.23 (B)
Comodo Malware@#5i5axszk9xhu
Zillya Trojan.Rack.Win32.407
TrendMicro TROJ_GEN.R06EC0DIA20
McAfee-GW-Edition Trojan-FSEV!58AF6D41650A
Sophos Mal/Generic-S + Mal/GandCrab-G
SentinelOne Static AI - Malicious PE
Webroot W32.Trojan.Gen
Antiy-AVL Trojan/Win32.Wacatac
Gridinsoft Trojan.Win32.Kryptik.ba!s1
Microsoft Trojan:Win32/Tofsee.GM!MTB
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Gen:Heur.Mint.Titirez.1.23
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.MalPe.X2065
Acronis suspicious
McAfee Trojan-FSEV!58AF6D41650A
MAX malware (ai score=83)
VBA32 Trojan.KillProc
TrendMicro-HouseCall TROJ_GEN.R06EC0DIA20
Ikarus Trojan.Win32.Tofsee
eGambit Unsafe.AI_Score_98%
Fortinet W32/GenKryptik.ELQV!tr
Panda Trj/GdSda.A
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Generic/Trojan.82d
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-01-16 23:33:40

Imports

Library KERNEL32.dll:
0x415008 GetCurrencyFormatW
0x41500c GlobalAlloc
0x415010 Sleep
0x415014 GetExitCodeProcess
0x415018 GetFileAttributesW
0x41501c ReadFile
0x415020 lstrlenW
0x415024 IsBadStringPtrA
0x41502c SetCommTimeouts
0x415030 LCMapStringA
0x415034 FindFirstFileExA
0x415038 GetLastError
0x41503c RemoveDirectoryA
0x415040 OpenWaitableTimerA
0x415048 VirtualProtect
0x41504c GetCurrentProcessId
0x415050 FormatMessageA
0x415054 GetModuleHandleW
0x415058 CreateHardLinkA
0x41505c HeapAlloc
0x415060 GetDriveTypeW
0x415064 GetLocaleInfoA
0x415068 FindResourceA
0x415070 CreateFileA
0x415074 GetStartupInfoW
0x415078 TerminateProcess
0x41507c GetCurrentProcess
0x415088 IsDebuggerPresent
0x41508c GetProcAddress
0x415090 ExitProcess
0x415094 WriteFile
0x415098 GetStdHandle
0x41509c GetModuleFileNameA
0x4150a0 GetModuleFileNameW
0x4150ac GetCommandLineW
0x4150b0 SetHandleCount
0x4150b4 GetFileType
0x4150b8 GetStartupInfoA
0x4150c0 TlsGetValue
0x4150c4 TlsAlloc
0x4150c8 TlsSetValue
0x4150cc TlsFree
0x4150d4 SetLastError
0x4150d8 GetCurrentThreadId
0x4150e0 HeapCreate
0x4150e4 VirtualFree
0x4150e8 HeapFree
0x4150f0 GetTickCount
0x4150f8 RaiseException
0x415104 LoadLibraryA
0x41510c GetCPInfo
0x415110 GetACP
0x415114 GetOEMCP
0x415118 IsValidCodePage
0x41511c VirtualAlloc
0x415120 HeapReAlloc
0x415124 RtlUnwind
0x415128 GetModuleHandleA
0x41512c HeapSize
0x415130 WideCharToMultiByte
0x415134 GetStringTypeA
0x415138 MultiByteToWideChar
0x41513c GetStringTypeW
0x415140 LCMapStringW
Library ADVAPI32.dll:
0x415000 LookupAccountNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.