2.0
低危
10 个模型检测该样本为恶意!
重新分析
更多

6d1c3848d512f7c899afb9a72746ed912be780a2e8f42a877d0d3ae390f6165f

5a10767f0d02e84fd0aee76222acbddc.exe

分析耗时

82s

最近分析

文件大小

1.7MB
静态报毒 动态报毒 BITCOINMINER CLOUD COINMINER CUDA MINER GRAYWARE HIGH CONFIDENCE QVM202 UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20200430 6.0.6.653
CrowdStrike 20190702 1.0
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20200430 18.4.3895.0
Tencent 20200430 1.0.0.1
Kingsoft 20200430 2013.8.14.323
静态指标
This executable has a PDB path (1 个事件)
pdb_path T:\TFS-TradeProject\PDB\Release\TT-Miner.pdb
The file contains an unknown PE resource name possibly indicative of a packer (3 个事件)
resource name PNG
resource name STYLE_XML
resource name None
行为判定
动态指标
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.5472421216890115 section {'size_of_data': '0x0015f400', 'virtual_address': '0x0005d000', 'entropy': 7.5472421216890115, 'name': '.rsrc', 'virtual_size': '0x0015f238'} description A section with a high entropy has been found
entropy 0.7969370391378332 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 10 AntiVirus engines on VirusTotal as malicious (10 个事件)
Cylance Unsafe
Invincea heuristic
Sophos CUDA Miner (PUA)
Antiy-AVL GrayWare/Win64.CoinMiner
Microsoft PUA:Win64/CoinMiner
Endgame malicious (high confidence)
Malwarebytes RiskWare.BitCoinMiner
Rising PUA.CoinMiner!8.4639 (CLOUD)
Webroot W32.Trojan.Gen
Qihoo-360 Generic/HEUR/QVM202.0.DD6C.Malware.Gen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-04-19 00:59:20

Imports

Library nvml.dll:
0x14003a858 nvmlErrorString
0x14003a860 nvmlDeviceGetPowerUsage
0x14003a868 nvmlDeviceGetMemoryInfo
0x14003a870 nvmlDeviceGetFanSpeed
0x14003a878 nvmlDeviceGetClock
0x14003a880 nvmlDeviceGetTemperature
0x14003a888 nvmlDeviceGetPciInfo_v3
0x14003a898 nvmlShutdown
0x14003a8a8 nvmlInit_v2
Library nvcuda.dll:
0x14003a838 cuDeviceGet
0x14003a840 cuGetErrorString
0x14003a848 cuInit
Library KERNEL32.dll:
0x14003a000 InitializeSListHead
0x14003a008 IsDebuggerPresent
0x14003a018 TerminateProcess
0x14003a028 UnhandledExceptionFilter
0x14003a030 RtlVirtualUnwind
0x14003a038 RtlLookupFunctionEntry
0x14003a040 RtlCaptureContext
0x14003a048 ResumeThread
0x14003a050 CreateDirectoryW
0x14003a058 OpenEventA
0x14003a060 MultiByteToWideChar
0x14003a068 CloseHandle
0x14003a070 CreateToolhelp32Snapshot
0x14003a078 Process32First
0x14003a080 Process32Next
0x14003a088 WideCharToMultiByte
0x14003a090 LocalFree
0x14003a098 FormatMessageW
0x14003a0a0 FormatMessageA
0x14003a0a8 DeleteCriticalSection
0x14003a0b0 GetLastError
0x14003a0c0 LeaveCriticalSection
0x14003a0c8 EnterCriticalSection
0x14003a0d8 TlsFree
0x14003a0e0 TlsAlloc
0x14003a0e8 TlsSetValue
0x14003a0f0 TlsGetValue
0x14003a0f8 GetModuleFileNameA
0x14003a100 GetComputerNameA
0x14003a110 SetLastError
0x14003a118 SetWaitableTimer
0x14003a120 WaitForSingleObject
0x14003a128 SleepEx
0x14003a130 SetEvent
0x14003a138 CreateEventW
0x14003a140 CreateIoCompletionPort
0x14003a148 VerifyVersionInfoA
0x14003a150 VerSetConditionMask
0x14003a158 QueueUserAPC
0x14003a160 TerminateThread
0x14003a168 WaitForMultipleObjects
0x14003a170 GetSystemTimeAsFileTime
0x14003a178 CreateWaitableTimerA
0x14003a180 SetPriorityClass
0x14003a188 GetCurrentProcess
0x14003a190 ReleaseSemaphore
0x14003a198 CreateSemaphoreA
0x14003a1a0 GetProcessHeap
0x14003a1a8 HeapFree
0x14003a1b0 WaitForSingleObjectEx
0x14003a1b8 CreateEventA
0x14003a1c0 WaitForMultipleObjectsEx
0x14003a1c8 HeapAlloc
0x14003a1d0 GetProcAddress
0x14003a1d8 FreeLibrary
0x14003a1e8 QueryPerformanceCounter
0x14003a1f0 GetSystemInfo
0x14003a1f8 Sleep
0x14003a208 TryEnterCriticalSection
0x14003a210 GetCurrentProcessId
0x14003a218 GetCurrentThreadId
0x14003a220 SwitchToThread
0x14003a228 ResetEvent
0x14003a230 HeapDestroy
0x14003a238 GetModuleHandleA
0x14003a240 HeapCreate
0x14003a248 LocalAlloc
0x14003a250 GetSystemDirectoryW
0x14003a258 GetFileAttributesW
0x14003a260 CreateFileW
0x14003a268 GetModuleHandleW
0x14003a270 LoadLibraryExW
0x14003a278 GetFullPathNameW
0x14003a280 VerifyVersionInfoW
0x14003a288 FindClose
0x14003a290 FindFirstFileExW
0x14003a298 FindNextFileW
0x14003a2a0 GetFileAttributesExW
0x14003a2b0 AreFileApisANSI
Library MSVCP140.dll:
0x14003a2c0 _Xtime_get_ticks
0x14003a2c8 _Thrd_sleep
0x14003a300 _Query_perf_counter
0x14003a308 _Query_perf_frequency
Library TT-SubSystem.dll:
0x14003a390 ?_st_malloc@@YAPEAX_K@Z
0x14003a3a0 ?_st_free@@YAXPEAX@Z
0x14003a3f0 ??1CPing@@UEAA@XZ
0x14003a3f8 ??0CPing@@QEAA@XZ
0x14003a480 ??0CSSXmlFormat@@QEAA@XZ
0x14003a488 ??1CSSXmlFormat@@QEAA@XZ
0x14003a4b8 ?RemoveCrLf@@YAXPEAD@Z
0x14003a4f0 ?GetKbHit@@YAIAEAI@Z
0x14003a528 ?ReplaceAll@@YAXPEADDD@Z
Library WS2_32.dll:
0x14003a648 WSAStartup
0x14003a650 WSACleanup
Library VCRUNTIME140_1.dll:
0x14003a638 __CxxFrameHandler4
Library VCRUNTIME140.dll:
0x14003a5a0 __current_exception
0x14003a5b0 wcsstr
0x14003a5b8 wcsrchr
0x14003a5c0 memmove
0x14003a5c8 _CxxThrowException
0x14003a5d0 memset
0x14003a5d8 memcmp
0x14003a5e0 memcpy
0x14003a5e8 strrchr
0x14003a5f0 __std_type_info_compare
0x14003a5f8 _purecall
0x14003a600 __std_terminate
0x14003a608 strstr
0x14003a610 __C_specific_handler
0x14003a618 strchr
0x14003a620 __std_exception_destroy
0x14003a628 __std_exception_copy
Library api-ms-win-crt-string-l1-1-0.dll:
0x14003a7c0 _strupr_s
0x14003a7c8 isalpha
0x14003a7d0 _wcsnicmp
0x14003a7d8 _strlwr_s
0x14003a7e0 _wcsicmp
0x14003a7e8 isdigit
0x14003a7f0 strcpy_s
0x14003a7f8 strncpy
0x14003a800 _wcsupr
0x14003a808 _stricmp
0x14003a810 strcat_s
0x14003a818 toupper
Library api-ms-win-crt-stdio-l1-1-0.dll:
0x14003a780 __stdio_common_vsprintf
0x14003a788 fopen_s
0x14003a790 _set_fmode
0x14003a798 fclose
0x14003a7a0 __p__commode
0x14003a7a8 fgets
Library api-ms-win-crt-runtime-l1-1-0.dll:
0x14003a6d0 exit
0x14003a6e0 terminate
0x14003a6f0 _c_exit
0x14003a6f8 __p___argv
0x14003a700 __p___argc
0x14003a708 _exit
0x14003a710 _initterm_e
0x14003a718 _initterm
0x14003a720 strerror
0x14003a728 _configure_narrow_argv
0x14003a738 _initialize_onexit_table
0x14003a748 _crt_atexit
0x14003a750 _cexit
0x14003a758 _seh_filter_exe
0x14003a760 _set_app_type
0x14003a768 _beginthreadex
Library api-ms-win-crt-convert-l1-1-0.dll:
0x14003a660 atof
0x14003a668 atoi
Library api-ms-win-crt-time-l1-1-0.dll:
0x14003a828 _gmtime64
Library api-ms-win-crt-heap-l1-1-0.dll:
0x14003a678 malloc
0x14003a680 free
0x14003a688 realloc
0x14003a690 _callnewh
0x14003a698 _set_new_mode
Library api-ms-win-crt-locale-l1-1-0.dll:
0x14003a6a8 ___lc_codepage_func
0x14003a6b0 _configthreadlocale
Library api-ms-win-crt-math-l1-1-0.dll:
0x14003a6c0 __setusermatherr

Exports

Ordinal Address Name
1 0x140052020 NvOptimusEnablementCuda

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49238 239.255.255.250 1900
192.168.56.101 49714 239.255.255.250 3702
192.168.56.101 49716 239.255.255.250 3702
192.168.56.101 53658 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.