4.4
中危
54 个模型检测该样本为恶意!
重新分析
更多

87a8cd05b7e43d7e974f3f3667a2f71f79527f64f78b4aae690d8c012ca40e49

5deddbf05dd2aedd4638037a74d403fe.exe

分析耗时

79s

最近分析

文件大小

543.0KB
静态报毒 动态报毒 AGEN AIDETECTVM ATTRIBUTE CLASSIC CONFIDENCE DELF DOWNLOADER33 FBYC GDSDA GENCIRC GENERICKD HGW@AWBQTGMI HIGH CONFIDENCE HIGHCONFIDENCE HIHKQU KLNQ KRYPTIK MALWARE1 NETWIREDRC POSSIBLETHREAT R06EC0PI220 R334355 RATX REMCOS REMCOSCRYPT SUSGEN TMPMIBLOV38 TSCOPE UNSAFE ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Downloader-FBYC!5DEDDBF05DD2 20201105 6.0.6.653
Baidu 20190318 1.0.0.2
Avast Win32:RATX-gen [Trj] 20201105 20.10.5736.0
Alibaba TrojanDownloader:Win32/Remcos.fbeda7cc 20190527 0.3.0.5
Tencent Malware.Win32.Gencirc.113ab1fa 20201105 1.0.0.1
Kingsoft 20201105 2013.8.14.323
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619513338.354662
__exception__
stacktrace: 
5deddbf05dd2aedd4638037a74d403fe+0x629f2 @ 0x4629f2
5deddbf05dd2aedd4638037a74d403fe+0x62a25 @ 0x462a25
5deddbf05dd2aedd4638037a74d403fe+0x62942 @ 0x462942
5deddbf05dd2aedd4638037a74d403fe+0xfad4 @ 0x40fad4
5deddbf05dd2aedd4638037a74d403fe+0x63499 @ 0x463499
5deddbf05dd2aedd4638037a74d403fe+0x635fb @ 0x4635fb
5deddbf05dd2aedd4638037a74d403fe+0x647db @ 0x4647db
5deddbf05dd2aedd4638037a74d403fe+0x1e7c6 @ 0x41e7c6
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x775a7bca
5deddbf05dd2aedd4638037a74d403fe+0x5a89c @ 0x45a89c
5deddbf05dd2aedd4638037a74d403fe+0x64ac4 @ 0x464ac4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1635004
registers.edi: 0
registers.eax: 1635004
registers.ebp: 1635084
registers.edx: 0
registers.ebx: 1636760
registers.esi: 4909812
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
Performs some HTTP requests (2 个事件)
request GET http://is.gd/TGKGYYYYZ
request GET https://is.gd/TGKGYYYYZ
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619513300.901662
NtAllocateVirtualMemory
process_identifier: 2900
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005a0000
success 0 0
Downloads a file or document from Google Drive (1 个事件)
domain drive.google.com
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 113.16.209.193
host 172.217.24.14
host 203.208.41.65
host 203.208.41.98
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 154.83.15.45:443
File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.33623835
FireEye Trojan.GenericKD.33623835
Qihoo-360 Trojan.Generic
McAfee Downloader-FBYC!5DEDDBF05DD2
Cylance Unsafe
Zillya Downloader.Delf.Win32.58817
AegisLab Trojan.Win32.Remcos.m!c
Sangfor Malware
K7AntiVirus Trojan-Downloader ( 005643111 )
BitDefender Trojan.GenericKD.33623835
K7GW Trojan-Downloader ( 005643111 )
Cybereason malicious.74a9a4
TrendMicro TROJ_GEN.R06EC0PI220
BitDefenderTheta Gen:NN.ZelphiF.34590.HGW@aWBQtGmi
Cyren W32/Trojan.KLNQ-8175
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:RATX-gen [Trj]
Kaspersky HEUR:Backdoor.Win32.Remcos.gen
Alibaba TrojanDownloader:Win32/Remcos.fbeda7cc
NANO-Antivirus Trojan.Win32.Remcos.hihkqu
Tencent Malware.Win32.Gencirc.113ab1fa
Ad-Aware Trojan.GenericKD.33623835
Sophos Mal/Generic-S
F-Secure Heuristic.HEUR/AGEN.1133033
DrWeb Trojan.DownLoader33.28834
VIPRE Trojan.Win32.Generic!BT
Invincea Mal/Generic-S
McAfee-GW-Edition Downloader-FBYC!5DEDDBF05DD2
Emsisoft Trojan.GenericKD.33623835 (B)
Ikarus Trojan-Downloader.Win32.Delf
Jiangmin Backdoor.Remcos.bfx
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1133033
Antiy-AVL Trojan[Backdoor]/Win32.Remcos
Microsoft Trojan:Win32/RemcosCrypt.ACH!MTB
Arcabit Trojan.Generic.D2010F1B
ZoneAlarm HEUR:Backdoor.Win32.Remcos.gen
GData Trojan.GenericKD.33623835
AhnLab-V3 Trojan/Win32.RL_NetWiredRC.R334355
VBA32 TScope.Trojan.Delf
Malwarebytes Backdoor.Remcos
Panda Trj/GdSda.A
ESET-NOD32 a variant of Win32/TrojanDownloader.Delf.CWN
TrendMicro-HouseCall TROJ_GEN.R06EC0PI220
Rising Trojan.Kryptik!1.C56D (CLASSIC)
Yandex Trojan.DL.Delf!tmPMiBLov38
Fortinet PossibleThreat.MU
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x4681a0 VirtualFree
0x4681a4 VirtualAlloc
0x4681a8 LocalFree
0x4681ac LocalAlloc
0x4681b0 GetVersion
0x4681b4 GetCurrentThreadId
0x4681c0 VirtualQuery
0x4681c4 WideCharToMultiByte
0x4681c8 MultiByteToWideChar
0x4681cc lstrlenA
0x4681d0 lstrcpynA
0x4681d4 LoadLibraryExA
0x4681d8 GetThreadLocale
0x4681dc GetStartupInfoA
0x4681e0 GetProcAddress
0x4681e4 GetModuleHandleA
0x4681e8 GetModuleFileNameA
0x4681ec GetLocaleInfoA
0x4681f0 GetLastError
0x4681f4 GetCommandLineA
0x4681f8 FreeLibrary
0x4681fc FindFirstFileA
0x468200 FindClose
0x468204 ExitProcess
0x468208 WriteFile
0x468210 SetFilePointer
0x468214 SetEndOfFile
0x468218 RtlUnwind
0x46821c ReadFile
0x468220 RaiseException
0x468224 GetStdHandle
0x468228 GetFileSize
0x46822c GetFileType
0x468230 CreateFileA
0x468234 CloseHandle
Library user32.dll:
0x46823c GetKeyboardType
0x468240 LoadStringA
0x468244 MessageBoxA
0x468248 CharNextA
Library advapi32.dll:
0x468250 RegQueryValueExA
0x468254 RegOpenKeyExA
0x468258 RegCloseKey
Library oleaut32.dll:
0x468260 SysFreeString
0x468264 SysReAllocStringLen
0x468268 SysAllocStringLen
Library kernel32.dll:
0x468270 TlsSetValue
0x468274 TlsGetValue
0x468278 LocalAlloc
0x46827c GetModuleHandleA
Library advapi32.dll:
0x468284 RegQueryValueExA
0x468288 RegOpenKeyExA
0x46828c RegCloseKey
Library kernel32.dll:
0x468294 lstrcpyA
0x468298 WriteFile
0x46829c WaitForSingleObject
0x4682a0 VirtualQuery
0x4682a4 VirtualProtect
0x4682a8 VirtualAlloc
0x4682ac Sleep
0x4682b0 SizeofResource
0x4682b4 SetThreadLocale
0x4682b8 SetFilePointer
0x4682bc SetEvent
0x4682c0 SetErrorMode
0x4682c4 SetEndOfFile
0x4682c8 ResetEvent
0x4682cc ReadFile
0x4682d0 MultiByteToWideChar
0x4682d4 MulDiv
0x4682d8 LockResource
0x4682dc LoadResource
0x4682e0 LoadLibraryA
0x4682ec GlobalUnlock
0x4682f0 GlobalReAlloc
0x4682f4 GlobalHandle
0x4682f8 GlobalLock
0x4682fc GlobalFree
0x468300 GlobalFindAtomA
0x468304 GlobalDeleteAtom
0x468308 GlobalAlloc
0x46830c GlobalAddAtomA
0x468310 GetVersionExA
0x468314 GetVersion
0x468318 GetTickCount
0x46831c GetThreadLocale
0x468320 GetSystemInfo
0x468324 GetStringTypeExA
0x468328 GetStdHandle
0x46832c GetProfileStringA
0x468330 GetProcAddress
0x468334 GetModuleHandleA
0x468338 GetModuleFileNameA
0x46833c GetLocaleInfoA
0x468340 GetLocalTime
0x468344 GetLastError
0x468348 GetFullPathNameA
0x46834c GetDiskFreeSpaceA
0x468350 GetDateFormatA
0x468354 GetCurrentThreadId
0x468358 GetCurrentProcessId
0x46835c GetCPInfo
0x468360 GetACP
0x468364 FreeResource
0x468368 InterlockedExchange
0x46836c FreeLibrary
0x468370 FormatMessageA
0x468374 FindResourceA
0x468378 FindFirstFileA
0x46837c FindClose
0x468388 EnumCalendarInfoA
0x468394 CreateThread
0x468398 CreateFileA
0x46839c CreateEventA
0x4683a0 CompareStringA
0x4683a4 CloseHandle
Library version.dll:
0x4683ac VerQueryValueA
0x4683b4 GetFileVersionInfoA
Library gdi32.dll:
0x4683bc UnrealizeObject
0x4683c0 StretchBlt
0x4683c4 StartPage
0x4683c8 StartDocA
0x4683cc SetWindowOrgEx
0x4683d0 SetWinMetaFileBits
0x4683d4 SetViewportOrgEx
0x4683d8 SetTextColor
0x4683dc SetStretchBltMode
0x4683e0 SetROP2
0x4683e4 SetPixel
0x4683e8 SetMapMode
0x4683ec SetEnhMetaFileBits
0x4683f0 SetDIBColorTable
0x4683f4 SetBrushOrgEx
0x4683f8 SetBkMode
0x4683fc SetBkColor
0x468400 SetAbortProc
0x468404 SelectPalette
0x468408 SelectObject
0x46840c SelectClipRgn
0x468410 SaveDC
0x468414 RestoreDC
0x468418 Rectangle
0x46841c RectVisible
0x468420 RealizePalette
0x468424 PlayEnhMetaFile
0x468428 PatBlt
0x46842c MoveToEx
0x468430 MaskBlt
0x468434 LineTo
0x468438 IntersectClipRect
0x46843c GetWindowOrgEx
0x468440 GetWinMetaFileBits
0x468444 GetTextMetricsA
0x468450 GetStockObject
0x468454 GetPixel
0x468458 GetPaletteEntries
0x46845c GetObjectA
0x468468 GetEnhMetaFileBits
0x46846c GetDeviceCaps
0x468470 GetDIBits
0x468474 GetDIBColorTable
0x468478 GetDCOrgEx
0x468480 GetClipBox
0x468484 GetBrushOrgEx
0x468488 GetBitmapBits
0x46848c ExcludeClipRect
0x468490 EndPage
0x468494 EndDoc
0x468498 DeleteObject
0x46849c DeleteEnhMetaFile
0x4684a0 DeleteDC
0x4684a4 CreateSolidBrush
0x4684a8 CreatePenIndirect
0x4684ac CreatePalette
0x4684b0 CreateICA
0x4684b8 CreateFontIndirectA
0x4684bc CreateDIBitmap
0x4684c0 CreateDIBSection
0x4684c4 CreateDCA
0x4684c8 CreateCompatibleDC
0x4684d0 CreateBrushIndirect
0x4684d4 CreateBitmap
0x4684d8 CopyEnhMetaFileA
0x4684dc BitBlt
Library user32.dll:
0x4684e4 CreateWindowExA
0x4684e8 WindowFromPoint
0x4684ec WinHelpA
0x4684f0 WaitMessage
0x4684f4 UpdateWindow
0x4684f8 UnregisterClassA
0x4684fc UnhookWindowsHookEx
0x468500 TranslateMessage
0x468508 TrackPopupMenu
0x468510 ShowWindow
0x468514 ShowScrollBar
0x468518 ShowOwnedPopups
0x46851c ShowCursor
0x468520 SetWindowsHookExA
0x468524 SetWindowTextA
0x468528 SetWindowPos
0x46852c SetWindowPlacement
0x468530 SetWindowLongA
0x468534 SetTimer
0x468538 SetScrollRange
0x46853c SetScrollPos
0x468540 SetScrollInfo
0x468544 SetRect
0x468548 SetPropA
0x46854c SetParent
0x468550 SetMenuItemInfoA
0x468554 SetMenu
0x468558 SetForegroundWindow
0x46855c SetFocus
0x468560 SetCursor
0x468564 SetClassLongA
0x468568 SetCapture
0x46856c SetActiveWindow
0x468570 SendMessageA
0x468574 ScrollWindow
0x468578 ScreenToClient
0x46857c RemovePropA
0x468580 RemoveMenu
0x468584 ReleaseDC
0x468588 ReleaseCapture
0x468594 RegisterClassA
0x468598 RedrawWindow
0x46859c PtInRect
0x4685a0 PostQuitMessage
0x4685a4 PostMessageA
0x4685a8 PeekMessageA
0x4685ac OffsetRect
0x4685b0 OemToCharA
0x4685b4 MessageBoxA
0x4685b8 MapWindowPoints
0x4685bc MapVirtualKeyA
0x4685c0 LoadStringA
0x4685c4 LoadKeyboardLayoutA
0x4685c8 LoadIconA
0x4685cc LoadCursorA
0x4685d0 LoadBitmapA
0x4685d4 KillTimer
0x4685d8 IsZoomed
0x4685dc IsWindowVisible
0x4685e0 IsWindowEnabled
0x4685e4 IsWindow
0x4685e8 IsRectEmpty
0x4685ec IsIconic
0x4685f0 IsDialogMessageA
0x4685f4 IsChild
0x4685f8 InvalidateRect
0x4685fc IntersectRect
0x468600 InsertMenuItemA
0x468604 InsertMenuA
0x468608 InflateRect
0x468610 GetWindowTextA
0x468614 GetWindowRect
0x468618 GetWindowPlacement
0x46861c GetWindowLongA
0x468620 GetWindowDC
0x468624 GetUpdateRect
0x468628 GetTopWindow
0x46862c GetSystemMetrics
0x468630 GetSystemMenu
0x468634 GetSysColorBrush
0x468638 GetSysColor
0x46863c GetSubMenu
0x468640 GetScrollRange
0x468644 GetScrollPos
0x468648 GetScrollInfo
0x46864c GetPropA
0x468650 GetParent
0x468654 GetWindow
0x468658 GetMenuStringA
0x46865c GetMenuState
0x468660 GetMenuItemInfoA
0x468664 GetMenuItemID
0x468668 GetMenuItemCount
0x46866c GetMenu
0x468670 GetLastActivePopup
0x468674 GetKeyboardState
0x46867c GetKeyboardLayout
0x468680 GetKeyState
0x468684 GetKeyNameTextA
0x468688 GetIconInfo
0x46868c GetForegroundWindow
0x468690 GetFocus
0x468694 GetDlgItem
0x468698 GetDesktopWindow
0x46869c GetDCEx
0x4686a0 GetDC
0x4686a4 GetCursorPos
0x4686a8 GetCursor
0x4686ac GetClipboardData
0x4686b0 GetClientRect
0x4686b4 GetClassNameA
0x4686b8 GetClassInfoA
0x4686bc GetCapture
0x4686c0 GetActiveWindow
0x4686c4 FrameRect
0x4686c8 FindWindowA
0x4686cc FillRect
0x4686d0 EqualRect
0x4686d4 EnumWindows
0x4686d8 EnumThreadWindows
0x4686dc EndPaint
0x4686e0 EnableWindow
0x4686e4 EnableScrollBar
0x4686e8 EnableMenuItem
0x4686ec DrawTextA
0x4686f0 DrawMenuBar
0x4686f4 DrawIconEx
0x4686f8 DrawIcon
0x4686fc DrawFrameControl
0x468700 DrawEdge
0x468704 DispatchMessageA
0x468708 DestroyWindow
0x46870c DestroyMenu
0x468710 DestroyIcon
0x468714 DestroyCursor
0x468718 DeleteMenu
0x46871c DefWindowProcA
0x468720 DefMDIChildProcA
0x468724 DefFrameProcA
0x468728 CreatePopupMenu
0x46872c CreateMenu
0x468730 CreateIcon
0x468734 ClientToScreen
0x468738 CheckMenuItem
0x46873c CallWindowProcA
0x468740 CallNextHookEx
0x468744 BeginPaint
0x468748 CharNextA
0x46874c CharLowerBuffA
0x468750 CharLowerA
0x468754 CharToOemA
0x468758 AdjustWindowRectEx
Library kernel32.dll:
0x468764 Sleep
Library oleaut32.dll:
0x46876c SafeArrayPtrOfIndex
0x468770 SafeArrayGetUBound
0x468774 SafeArrayGetLBound
0x468778 SafeArrayCreate
0x46877c VariantChangeType
0x468780 VariantCopy
0x468784 VariantClear
0x468788 VariantInit
Library ole32.dll:
0x468790 CLSIDFromProgID
0x468794 CoCreateInstance
0x468798 CoUninitialize
0x46879c CoInitialize
Library oleaut32.dll:
0x4687a4 GetErrorInfo
0x4687a8 SysFreeString
Library comctl32.dll:
0x4687b8 ImageList_Write
0x4687bc ImageList_Read
0x4687cc ImageList_DragMove
0x4687d0 ImageList_DragLeave
0x4687d4 ImageList_DragEnter
0x4687d8 ImageList_EndDrag
0x4687dc ImageList_BeginDrag
0x4687e0 ImageList_Remove
0x4687e4 ImageList_DrawEx
0x4687e8 ImageList_Replace
0x4687ec ImageList_Draw
0x4687fc ImageList_Add
0x468808 ImageList_Destroy
0x46880c ImageList_Create
Library winspool.drv:
0x468814 OpenPrinterA
0x468818 EnumPrintersA
0x46881c DocumentPropertiesA
0x468820 ClosePrinter
Library shell32.dll:
0x468828 ShellExecuteA
Library wininet.dll:
Library comdlg32.dll:
0x468838 GetSaveFileNameA
0x46883c GetOpenFileNameA

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
113.16.209.193 443 192.168.56.101 49180
192.168.56.101 49178 172.67.83.132 is.gd 80
192.168.56.101 49179 172.67.83.132 is.gd 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://is.gd/TGKGYYYYZ 
GET /TGKGYYYYZ HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: is.gd

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.