2.4
中危
54 个模型检测该样本为恶意!
重新分析
更多

a13aca83ee725cc84bb73ce26e11abd9c7953048c4850ca359f5dca1284b7bc4

625f9cacc726448b8eff97036a100ac5.exe

分析耗时

30s

最近分析

文件大小

3.5MB
静态报毒 动态报毒 AGEN AI SCORE=85 BITCOINMINER BITMINER CLASSIC COINMINER COINMINERX ELDORADO GENERIC PUA BB HACKTOOL HIGH CONFIDENCE HUSGST MALWARE@#X0XJ1JTWRB60 MINER3 PROMETEI QSVHKE81U R02DC0WHU20 RAZY RISKTOOL SCORE UNSAFE XMRMINER 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee W64/CoinMiner 20201115 6.0.6.653
Alibaba Trojan:Win32/Coinminer.2cc 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win64:CoinminerX-gen [Trj] 20201115 20.10.5736.0
Kingsoft 20201115 2013.8.14.323
Tencent 20201115 1.0.0.1
CrowdStrike 20190702 1.0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620764457.304375
NtAllocateVirtualMemory
process_identifier: 2632
region_size: 81920
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00000000006d0000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Razy.599886
FireEye Generic.mg.625f9cacc726448b
Qihoo-360 Win32/Virus.RiskTool.435
McAfee W64/CoinMiner
Cylance Unsafe
Zillya Trojan.Prometei.Win64.6
K7AntiVirus Adware ( 0055fa291 )
Alibaba Trojan:Win32/Coinminer.2cc
K7GW Adware ( 0055fa291 )
Cybereason malicious.cc7264
Arcabit Trojan.Razy.D9274E
Invincea Generic PUA BB (PUA)
Cyren W64/Coinminer.BN.gen!Eldorado
Symantec Trojan.Gen.MBT
APEX Malicious
Avast Win64:CoinminerX-gen [Trj]
ClamAV Win.Coinminer.Generic-7151250-0
Kaspersky not-a-virus:HEUR:RiskTool.Win32.BitMiner.gen
BitDefender Gen:Variant.Razy.599886
NANO-Antivirus Trojan.Win64.CoinMiner.husgst
Paloalto generic.ml
ViRobot Trojan.Win64.S.CoinMiner.3722240
Rising HackTool.XMRMiner!1.C2EC (CLASSIC)
Ad-Aware Gen:Variant.Razy.599886
Emsisoft Gen:Variant.Razy.599886 (B)
Comodo Malware@#x0xj1jtwrb60
F-Secure Heuristic.HEUR/AGEN.1134782
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R02DC0WHU20
McAfee-GW-Edition BehavesLike.Win64.CoinMiner.wh
Sophos Generic PUA BB (PUA)
Jiangmin Trojan.Prometei.w
Webroot Bitcoinminer.Gen
Avira HEUR/AGEN.1134782
MAX malware (ai score=85)
Gridinsoft Trojan.Win64.CoinMiner.vb
Microsoft PUA:Win32/CoinMiner
AegisLab Riskware.Win32.BitMiner.1!c
ZoneAlarm not-a-virus:HEUR:RiskTool.Win32.BitMiner.gen
GData Gen:Variant.Razy.599886
Cynet Malicious (score: 100)
AhnLab-V3 Win-Trojan/Miner3.Exp
Acronis suspicious
VBA32 Trojan.Win64.Prometei
ALYac Gen:Variant.Razy.599886
Malwarebytes Trojan.BitCoinMiner.Generic
ESET-NOD32 a variant of Win64/CoinMiner.QG potentially unwanted
TrendMicro-HouseCall TROJ_GEN.R02DC0WHU20
Yandex Riskware.Agent!qsvHkE81u/8
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-25 21:57:15

Imports

Library WS2_32.dll:
0x14028a8a8 getpeername
0x14028a8b0 ntohs
0x14028a8b8 recv
0x14028a8c0 select
0x14028a8c8 WSARecvFrom
0x14028a8d0 WSASocketW
0x14028a8d8 WSASend
0x14028a8e0 WSARecv
0x14028a8e8 WSAIoctl
0x14028a8f0 WSADuplicateSocketW
0x14028a8f8 shutdown
0x14028a900 htons
0x14028a908 FreeAddrInfoW
0x14028a910 GetAddrInfoW
0x14028a918 gethostname
0x14028a920 htonl
0x14028a928 socket
0x14028a930 setsockopt
0x14028a938 listen
0x14028a940 closesocket
0x14028a948 bind
0x14028a950 WSACleanup
0x14028a958 WSAStartup
0x14028a960 getsockopt
0x14028a968 getsockname
0x14028a970 ioctlsocket
0x14028a978 WSAGetLastError
0x14028a980 WSASetLastError
0x14028a988 send
Library PSAPI.DLL:
0x14028a838 GetProcessMemoryInfo
Library IPHLPAPI.DLL:
0x14028a150 GetAdaptersAddresses
Library USERENV.dll:
0x14028a898 GetUserProfileDirectoryW
Library CRYPT32.dll:
0x14028a118 CertOpenStore
0x14028a120 CertCloseStore
Library KERNEL32.dll:
0x14028a160 SetConsoleMode
0x14028a168 GetConsoleMode
0x14028a170 SizeofResource
0x14028a178 LockResource
0x14028a180 LoadResource
0x14028a188 FindResourceW
0x14028a190 MultiByteToWideChar
0x14028a198 SetPriorityClass
0x14028a1a0 GetCurrentProcess
0x14028a1a8 SetThreadPriority
0x14028a1b0 GetCurrentThread
0x14028a1b8 GetProcAddress
0x14028a1c0 GetModuleHandleW
0x14028a1c8 CloseHandle
0x14028a1d0 FreeConsole
0x14028a1d8 GetConsoleWindow
0x14028a1e0 VirtualProtect
0x14028a1e8 VirtualFree
0x14028a1f0 VirtualAlloc
0x14028a1f8 GetLargePageMinimum
0x14028a200 LocalAlloc
0x14028a208 GetLastError
0x14028a210 LocalFree
0x14028a218 FlushInstructionCache
0x14028a220 DeviceIoControl
0x14028a228 GetModuleFileNameW
0x14028a230 CreateFileW
0x14028a238 GetCurrentThreadId
0x14028a248 SetLastError
0x14028a250 GetSystemTime
0x14028a258 SystemTimeToFileTime
0x14028a260 GetModuleHandleExW
0x14028a268 EnterCriticalSection
0x14028a270 LeaveCriticalSection
0x14028a280 DeleteCriticalSection
0x14028a288 TlsAlloc
0x14028a290 TlsGetValue
0x14028a298 TlsSetValue
0x14028a2a0 TlsFree
0x14028a2a8 SwitchToFiber
0x14028a2b0 DeleteFiber
0x14028a2b8 CreateFiber
0x14028a2c0 FindClose
0x14028a2c8 FindFirstFileW
0x14028a2d0 FindNextFileW
0x14028a2d8 WideCharToMultiByte
0x14028a2e0 GetFileType
0x14028a2e8 WriteFile
0x14028a2f0 ConvertFiberToThread
0x14028a2f8 ConvertThreadToFiber
0x14028a300 QueryPerformanceCounter
0x14028a308 GetCurrentProcessId
0x14028a310 GetSystemTimeAsFileTime
0x14028a318 FreeLibrary
0x14028a320 LoadLibraryA
0x14028a328 LoadLibraryW
0x14028a330 GetEnvironmentVariableW
0x14028a338 ReadConsoleA
0x14028a340 ReadConsoleW
0x14028a348 CreateFileA
0x14028a350 DuplicateHandle
0x14028a360 SetEvent
0x14028a368 ResetEvent
0x14028a370 WaitForSingleObject
0x14028a378 CreateEventA
0x14028a380 Sleep
0x14028a388 QueueUserWorkItem
0x14028a398 UnregisterWait
0x14028a3a8 ReadConsoleInputW
0x14028a3b0 WriteConsoleW
0x14028a3c8 GetConsoleCursorInfo
0x14028a3d0 SetConsoleCursorInfo
0x14028a3e0 SetConsoleCursorPosition
0x14028a3e8 SetConsoleTextAttribute
0x14028a3f0 WriteConsoleInputW
0x14028a3f8 VerSetConditionMask
0x14028a400 GetEnvironmentStringsW
0x14028a408 GetStdHandle
0x14028a410 SetConsoleTitleA
0x14028a418 SetCurrentDirectoryW
0x14028a420 GetCurrentDirectoryW
0x14028a428 GetTempPathW
0x14028a440 GlobalMemoryStatusEx
0x14028a448 GetSystemInfo
0x14028a450 GetVersionExW
0x14028a458 VerifyVersionInfoA
0x14028a460 FileTimeToSystemTime
0x14028a468 CreateDirectoryW
0x14028a470 FlushFileBuffers
0x14028a478 GetDiskFreeSpaceW
0x14028a480 GetFileAttributesW
0x14028a490 GetFileSizeEx
0x14028a4a0 GetFullPathNameW
0x14028a4a8 ReadFile
0x14028a4b0 RemoveDirectoryW
0x14028a4b8 SetFilePointerEx
0x14028a4c0 SetFileTime
0x14028a4c8 MapViewOfFile
0x14028a4d0 FlushViewOfFile
0x14028a4d8 RtlUnwind
0x14028a4e0 CreateFileMappingA
0x14028a4e8 ReOpenFile
0x14028a4f0 CopyFileW
0x14028a4f8 MoveFileExW
0x14028a500 CreateHardLinkW
0x14028a510 CreateSymbolicLinkW
0x14028a518 SetConsoleCtrlHandler
0x14028a520 GetLongPathNameW
0x14028a528 GetShortPathNameW
0x14028a530 CreateIoCompletionPort
0x14028a538 ReadDirectoryChangesW
0x14028a540 SetHandleInformation
0x14028a548 CancelIo
0x14028a558 SetErrorMode
0x14028a568 ConnectNamedPipe
0x14028a570 PeekNamedPipe
0x14028a578 CreateNamedPipeW
0x14028a580 CancelIoEx
0x14028a588 CancelSynchronousIo
0x14028a590 SwitchToThread
0x14028a598 TerminateProcess
0x14028a5a0 GetExitCodeProcess
0x14028a5a8 UnregisterWaitEx
0x14028a5b0 LCMapStringW
0x14028a5b8 DebugBreak
0x14028a5c0 FormatMessageA
0x14028a5c8 TryEnterCriticalSection
0x14028a5d8 WakeConditionVariable
0x14028a5e0 SleepConditionVariableCS
0x14028a5e8 ReleaseSemaphore
0x14028a5f0 ResumeThread
0x14028a5f8 GetNativeSystemInfo
0x14028a600 CreateSemaphoreA
0x14028a608 GetModuleHandleA
0x14028a610 GetStartupInfoW
0x14028a618 GetProcessAffinityMask
0x14028a620 SetProcessAffinityMask
0x14028a628 SetThreadAffinityMask
0x14028a630 GetNumaHighestNodeNumber
0x14028a638 DeleteTimerQueueTimer
0x14028a640 ChangeTimerQueueTimer
0x14028a648 CreateTimerQueueTimer
0x14028a658 GetThreadPriority
0x14028a660 CreateThread
0x14028a668 SignalObjectAndWait
0x14028a670 CreateTimerQueue
0x14028a678 InitializeSListHead
0x14028a680 IsDebuggerPresent
0x14028a688 SetEnvironmentVariableW
0x14028a690 GetThreadTimes
0x14028a698 FreeLibraryAndExitThread
0x14028a6a0 LoadLibraryExW
0x14028a6a8 InterlockedPopEntrySList
0x14028a6b8 InterlockedFlushSList
0x14028a6c0 QueryDepthSList
0x14028a6c8 RtlUnwindEx
0x14028a6d0 RtlPcToFileHeader
0x14028a6d8 RaiseException
0x14028a6e0 GetCommandLineA
0x14028a6e8 GetCommandLineW
0x14028a6f0 ExitThread
0x14028a6f8 GetDriveTypeW
0x14028a708 ExitProcess
0x14028a710 SetStdHandle
0x14028a718 GetFileAttributesExW
0x14028a720 SetFileAttributesW
0x14028a728 GetConsoleCP
0x14028a730 HeapReAlloc
0x14028a738 HeapFree
0x14028a740 HeapAlloc
0x14028a748 IsValidLocale
0x14028a750 GetUserDefaultLCID
0x14028a758 EnumSystemLocalesW
0x14028a760 GetTimeZoneInformation
0x14028a768 HeapSize
0x14028a770 SetEndOfFile
0x14028a778 FindFirstFileExW
0x14028a780 IsValidCodePage
0x14028a788 GetACP
0x14028a790 GetOEMCP
0x14028a798 GetProcessHeap
0x14028a7a0 FreeEnvironmentStringsW
0x14028a7a8 UnmapViewOfFile
0x14028a7c0 WaitForSingleObjectEx
0x14028a7c8 GetExitCodeThread
0x14028a7d0 EncodePointer
0x14028a7d8 DecodePointer
0x14028a7e0 GetCPInfo
0x14028a7e8 CreateEventW
0x14028a7f0 GetTickCount
0x14028a7f8 CompareStringW
0x14028a800 GetLocaleInfoW
0x14028a808 GetStringTypeW
0x14028a810 RtlCaptureContext
0x14028a818 RtlLookupFunctionEntry
0x14028a820 RtlVirtualUnwind
0x14028a828 UnhandledExceptionFilter
Library USER32.dll:
0x14028a848 GetSystemMetrics
0x14028a850 MapVirtualKeyW
0x14028a858 DispatchMessageA
0x14028a860 TranslateMessage
0x14028a868 GetMessageA
0x14028a870 MessageBoxW
0x14028a880 GetProcessWindowStation
0x14028a888 ShowWindow
Library ADVAPI32.dll:
0x14028a000 SystemFunction036
0x14028a008 GetUserNameW
0x14028a010 CryptEnumProvidersW
0x14028a018 CryptSignHashW
0x14028a020 CryptDestroyHash
0x14028a028 CryptCreateHash
0x14028a030 CryptDecrypt
0x14028a038 CryptExportKey
0x14028a040 CryptGetUserKey
0x14028a048 CryptGetProvParam
0x14028a050 CryptSetHashParam
0x14028a058 CryptDestroyKey
0x14028a060 CryptReleaseContext
0x14028a068 CryptAcquireContextW
0x14028a070 ReportEventW
0x14028a078 RegisterEventSourceW
0x14028a080 DeregisterEventSource
0x14028a088 CreateServiceW
0x14028a090 QueryServiceStatus
0x14028a098 CloseServiceHandle
0x14028a0a0 OpenSCManagerW
0x14028a0a8 QueryServiceConfigA
0x14028a0b0 DeleteService
0x14028a0b8 ControlService
0x14028a0c0 StartServiceW
0x14028a0c8 OpenServiceW
0x14028a0d0 LookupPrivilegeValueW
0x14028a0d8 AdjustTokenPrivileges
0x14028a0e0 OpenProcessToken
0x14028a0e8 LsaOpenPolicy
0x14028a0f0 LsaAddAccountRights
0x14028a0f8 LsaClose
0x14028a100 GetTokenInformation
Library bcrypt.dll:
0x14028a998 BCryptGenRandom

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 60126 239.255.255.250 1900
192.168.56.101 60128 239.255.255.250 3702
192.168.56.101 60130 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.