3.0
中危
49 个模型检测该样本为恶意!
重新分析
更多

4cd679aa5f3ccf47e45a2600bbaedbbacb5e606035656b03172aed4aebe9973a

592b7649c7682c19bfd909b883a72139.exe

分析耗时

19s

最近分析

文件大小

192.2KB
静态报毒 动态报毒 AGENTTESLA AI SCORE=83 ATTRIBUTE DEPTV FTAB GDSDA GENERICKD HIGHCONFIDENCE HSMGPY KRYPTIK LYPI4NC9QS0 MM1@AUPVAUHI MSILKRYPT MXRESICN NOON RCPQ REMLOADER SIGGEN10 SUXV TSCOPE UNSAFE YMACCO ZEMSILF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Trojan-FTAB!592B7649C768 20200910 6.0.6.653
Alibaba TrojanSpy:MSIL/Kryptik.947e6926 20190527 0.3.0.5
Avast Win32:Trojan-gen 20200911 18.4.3895.0
Baidu 20190318 1.0.0.2
Kingsoft 20200911 2013.8.14.323
Tencent Msil.Trojan-spy.Noon.Suxv 20200911 1.0.0.1
CrowdStrike 20190702 1.0
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1619513306.439408
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
1619513306.439408
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks if process is being debugged by a debugger (4 个事件)
Time & API Arguments Status Return Repeated
1619513305.501408
IsDebuggerPresent
failed 0 0
1619513305.501408
IsDebuggerPresent
failed 0 0
1619513306.423408
IsDebuggerPresent
failed 0 0
1619513306.423408
IsDebuggerPresent
failed 0 0
This executable is signed
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619513305.532408
GlobalMemoryStatusEx
success 1 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (19 个事件)
Time & API Arguments Status Return Repeated
1619513304.564408
NtAllocateVirtualMemory
process_identifier: 472
region_size: 1114112
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00540000
success 0 0
1619513304.564408
NtAllocateVirtualMemory
process_identifier: 472
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00610000
success 0 0
1619513305.220408
NtAllocateVirtualMemory
process_identifier: 472
region_size: 1703936
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x02160000
success 0 0
1619513305.220408
NtAllocateVirtualMemory
process_identifier: 472
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x022c0000
success 0 0
1619513305.423408
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73e71000
success 0 0
1619513305.501408
NtAllocateVirtualMemory
process_identifier: 472
region_size: 1114112
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00730000
success 0 0
1619513305.501408
NtAllocateVirtualMemory
process_identifier: 472
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00800000
success 0 0
1619513305.501408
NtAllocateVirtualMemory
process_identifier: 472
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0055a000
success 0 0
1619513305.501408
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73e72000
success 0 0
1619513305.501408
NtAllocateVirtualMemory
process_identifier: 472
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00552000
success 0 0
1619513305.845408
NtAllocateVirtualMemory
process_identifier: 472
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00562000
success 0 0
1619513305.939408
NtAllocateVirtualMemory
process_identifier: 472
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00585000
success 0 0
1619513305.939408
NtAllocateVirtualMemory
process_identifier: 472
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0058b000
success 0 0
1619513305.939408
NtAllocateVirtualMemory
process_identifier: 472
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00587000
success 0 0
1619513306.032408
NtAllocateVirtualMemory
process_identifier: 472
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00563000
success 0 0
1619513306.064408
NtAllocateVirtualMemory
process_identifier: 472
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0056c000
success 0 0
1619513306.095408
NtAllocateVirtualMemory
process_identifier: 472
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x006b0000
success 0 0
1619513306.111408
NtAllocateVirtualMemory
process_identifier: 472
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00564000
success 0 0
1619513306.392408
NtAllocateVirtualMemory
process_identifier: 472
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00801000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 49 AntiVirus engines on VirusTotal as malicious (49 个事件)
DrWeb Trojan.Siggen10.5653
MicroWorld-eScan Trojan.GenericKD.34383320
FireEye Generic.mg.592b7649c7682c19
CAT-QuickHeal TrojanSpy.MSIL
McAfee Trojan-FTAB!592B7649C768
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Trojan ( 0056cc0e1 )
Alibaba TrojanSpy:MSIL/Kryptik.947e6926
K7GW Trojan ( 0056cc0e1 )
Cybereason malicious.f1b124
Arcabit Trojan.Generic.D20CA5D8
Invincea Mal/Generic-S
BitDefenderTheta Gen:NN.ZemsilF.34216.mm1@auPvaUhi
Cyren W32/Trojan.RCPQ-8317
Symantec ML.Attribute.HighConfidence
TrendMicro-HouseCall Trojan.MSIL.REMLOADER.AAC
Kaspersky HEUR:Trojan-Spy.MSIL.Noon.gen
BitDefender Trojan.GenericKD.34383320
NANO-Antivirus Trojan.Win32.Noon.hsmgpy
ViRobot Trojan.Win32.S.Agent.196800.C
Avast Win32:Trojan-gen
Ad-Aware Trojan.GenericKD.34383320
F-Secure Trojan.TR/Kryptik.deptv
Zillya Trojan.Kryptik.Win32.2390941
TrendMicro Trojan.MSIL.REMLOADER.AAC
Sophos Mal/Generic-S
MaxSecure Win.MxResIcn.Heur.Gen
Avira TR/Kryptik.deptv
Antiy-AVL Trojan[Spy]/MSIL.Noon
Microsoft Trojan:Win32/Ymacco.AA4C
AegisLab Trojan.MSIL.Noon.l!c
ZoneAlarm HEUR:Trojan-Spy.MSIL.Noon.gen
GData Trojan.GenericKD.34383320
AhnLab-V3 Trojan/Win32.MSILKrypt.C4182910
VBA32 TScope.Trojan.MSIL
ALYac Trojan.GenericKD.34383320
MAX malware (ai score=83)
Malwarebytes Spyware.AgentTesla
APEX Malicious
ESET-NOD32 a variant of MSIL/Kryptik.XJU
Tencent Msil.Trojan-spy.Noon.Suxv
Yandex Trojan.Kryptik!lYpi4NC9QS0
Ikarus Trojan.Inject
Fortinet MSIL/Kryptik.XJP!tr
AVG Win32:Trojan-gen
Panda Trj/GdSda.A
Qihoo-360 Generic/Trojan.Spy.beb
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-04-25 04:40:02

Imports

Library mscoree.dll:
0x402000 _CorExeMain

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.