SmartHawk

2.0

低危

3 个模型检测该样本为恶意！

重新分析

下载样本

fd116367089a75034a07c241e77b9fc4ee28827b9afcd38f0ad798d026d73115

62e1338f0dccdcfe12695e7665ebaae3.exe

分析耗时

80s

最近分析

文件大小

71.0KB

静态报毒动态报毒 GENERICCRTD VRBROTHERS

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀时间	查杀版本
McAfee	20180501	6.0.6.653
Baidu	20180428	1.0.0.2
Avast	20180501	18.3.3860.0
Kingsoft	20180501	2013.8.14.323
Tencent	20180501	1.0.0.1
CrowdStrike	20180418	1.0

This executable is signed

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620979537.15825 GlobalMemoryStatusEx		success	1	0

The executable uses a known packer (1 个事件)

packer

Armadillo v1.71

Foreign language identified in PE resource (5 个事件)

name

RT_ICON

language

LANG_CHINESE

offset

0x0000a160

filetype

dBase IV DBT, blocks size 0, block length 18432, next free block index 40, next free block 4280271103, next used block 4294967295

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00004c28

name

RT_DIALOG

language

LANG_CHINESE

offset

0x0000eda0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000000c0

name

RT_STRING

language

LANG_CHINESE

offset

0x0000f0d0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000190

name

RT_STRING

language

LANG_CHINESE

offset

0x0000f0d0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000190

name

RT_GROUP_ICON

language

LANG_CHINESE

offset

0x0000ed88

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000014

File has been identified by 3 AntiVirus engines on VirusTotal as malicious (3 个事件)

Malwarebytes	Adware.VRBrothers
Zillya	Downloader.GenericCRTD.Win32.5149
Webroot	W32.Trojan.Gen

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2009-04-08 10:06:51

Imports

Library MFC42.DLL:

• 0x407048

• 0x40704c

• 0x407050

• 0x407054

• 0x407058

• 0x40705c

• 0x407060

• 0x407064

• 0x407068

• 0x40706c

• 0x407070

• 0x407074

• 0x407078

• 0x40707c

• 0x407080

• 0x407084

• 0x407088

• 0x40708c

• 0x407090

• 0x407094

• 0x407098

• 0x40709c

• 0x4070a0

• 0x4070a4

• 0x4070a8

• 0x4070ac

• 0x4070b0

• 0x4070b4

• 0x4070b8

• 0x4070bc

• 0x4070c0

• 0x4070c4

• 0x4070c8

• 0x4070cc

• 0x4070d0

• 0x4070d4

• 0x4070d8

• 0x4070dc

• 0x4070e0

• 0x4070e4

• 0x4070e8

• 0x4070ec

• 0x4070f0

• 0x4070f4

• 0x4070f8

• 0x4070fc

• 0x407100

• 0x407104

• 0x407108

• 0x40710c

• 0x407110

• 0x407114

• 0x407118

• 0x40711c

• 0x407120

• 0x407124

• 0x407128

• 0x40712c

• 0x407130

• 0x407134

• 0x407138

• 0x40713c

• 0x407140

• 0x407144

• 0x407148

• 0x40714c

• 0x407150

• 0x407154

• 0x407158

• 0x40715c

• 0x407160

• 0x407164

• 0x407168

• 0x40716c

• 0x407170

• 0x407174

• 0x407178

• 0x40717c

• 0x407180

• 0x407184

• 0x407188

• 0x40718c

• 0x407190

• 0x407194

• 0x407198

• 0x40719c

• 0x4071a0

• 0x4071a4

• 0x4071a8

• 0x4071ac

• 0x4071b0

• 0x4071b4

• 0x4071b8

• 0x4071bc

• 0x4071c0

• 0x4071c4

• 0x4071c8

• 0x4071cc

• 0x4071d0

• 0x4071d4

• 0x4071d8

• 0x4071dc

• 0x4071e0

• 0x4071e4

• 0x4071e8

• 0x4071ec

• 0x4071f0

• 0x4071f4

• 0x4071f8

• 0x4071fc

• 0x407200

• 0x407204

• 0x407208

• 0x40720c

• 0x407210

• 0x407214

• 0x407218

• 0x40721c

• 0x407220

• 0x407224

• 0x407228

• 0x40722c

• 0x407230

• 0x407234

• 0x407238

• 0x40723c

• 0x407240

• 0x407244

• 0x407248

• 0x40724c

• 0x407250

• 0x407254

• 0x407258

• 0x40725c

• 0x407260

• 0x407264

Library MSVCRT.dll:

• 0x40726c __set_app_type

• 0x407270 _except_handler3

• 0x407274 _controlfp

• 0x407278 __p__commode

• 0x40727c _adjust_fdiv

• 0x407280 __setusermatherr

• 0x407284 _initterm

• 0x407288 __getmainargs

• 0x40728c _acmdln

• 0x407290 exit

• 0x407294 _XcptFilter

• 0x407298 _exit

• 0x40729c ??1type_info@@UAE@XZ

• 0x4072a0 _onexit

• 0x4072a4 __dllonexit

• 0x4072a8 atol

• 0x4072ac _mbscmp

• 0x4072b0 atoi

• 0x4072b4 __CxxFrameHandler

• 0x4072b8 _setmbcp

• 0x4072bc __p__fmode

Library KERNEL32.dll:

• 0x407000 DeleteFileA

• 0x407004 CreateProcessA

• 0x407008 Sleep

• 0x40700c SetCurrentDirectoryA

• 0x407010 lstrlenA

• 0x407014 CloseHandle

• 0x407018 CreateEventA

• 0x40701c GetLastError

• 0x407020 GetExitCodeThread

• 0x407024 CreateThread

• 0x407028 GetVersionExA

• 0x40702c HeapFree

• 0x407030 HeapAlloc

• 0x407034 GetProcessHeap

• 0x407038 GetModuleHandleA

• 0x40703c GetStartupInfoA

• 0x407040 WaitForSingleObject

Library USER32.dll:

• 0x4072cc GetClientRect

• 0x4072d0 GetSystemMetrics

• 0x4072d4 IsIconic

• 0x4072d8 PostMessageA

• 0x4072dc DrawIcon

• 0x4072e0 EnableWindow

• 0x4072e4 IsWindow

• 0x4072e8 AppendMenuA

• 0x4072ec PostQuitMessage

• 0x4072f0 GetSystemMenu

• 0x4072f4 LoadIconA

• 0x4072f8 SendMessageA

Library SHELL32.dll:

• 0x4072c4 ShellExecuteA

Library WS2_32.dll:

• 0x407300 WSAGetLastError

• 0x407304 setsockopt

• 0x407308 WSASocketA

• 0x40730c closesocket

• 0x407310 WSAWaitForMultipleEvents

• 0x407314 WSAEventSelect

• 0x407318 shutdown

• 0x40731c WSAStartup

• 0x407320 WSAEnumNetworkEvents

• 0x407324 WSASend

• 0x407328 WSAConnect

• 0x40732c inet_addr

• 0x407330 inet_ntoa

• 0x407334 gethostbyname

• 0x407338 htons

• 0x40733c ntohl

• 0x407340 ntohs

• 0x407344 WSACleanup

• 0x407348 htonl

• 0x40734c WSARecv

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
down.jdyou.com
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
down1.jdyou.com
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49713	114.114.114.114	53
192.168.56.101	50002	114.114.114.114	53
192.168.56.101	51808	114.114.114.114	53
192.168.56.101	57756	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	60384	114.114.114.114	53
192.168.56.101	62318	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51378	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	53237	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50003	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.