7.0
高危
59 个模型检测该样本为恶意!
重新分析
更多

5845f8c6a360994b9315ad2e8abbb041a55f4653b6dfc704730202e8c8caf692

6412e813fe142994b2eb90a59e3985a2.exe

分析耗时

32s

最近分析

文件大小

616.0KB
静态报毒 动态报毒 100% AGEN AI SCORE=88 AIDETECTVM ALI2000015 BT7KVG CLASSIC CONFIDENCE DELF DELFINJECT DELPHILESS DGMD EMOY EMRA FAREIT FORMBO GDSDA HIGH CONFIDENCE HNZLYR HPLOKI IGENT KRYPTIK MALICIOUS PE MALWARE2 MALWARE@#2SN9W3Z87585G MGX@AYMVJ9GI NANOCORE PWSX QVM05 S + TROJ SCORE SMBD TROJANPWS TSCOPE TSPY UNSAFE WLPA X2091 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FVZ!6412E813FE14 20200913 6.0.6.653
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:PWSX-gen [Trj] 20200914 18.4.3895.0
Kingsoft 20200914 2013.8.14.323
Tencent Win32.Trojan.Kryptik.Wlpa 20200914 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (4 个事件)
Time & API Arguments Status Return Repeated
1619621297.927374
NtAllocateVirtualMemory
process_identifier: 2616
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e0000
success 0 0
1619621298.130374
NtProtectVirtualMemory
process_identifier: 2616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 32768
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00451000
success 0 0
1619621298.130374
NtAllocateVirtualMemory
process_identifier: 2616
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01e60000
success 0 0
1619621298.490501
NtAllocateVirtualMemory
process_identifier: 2520
region_size: 3158016
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00930000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.4036277753826845 section {'size_of_data': '0x00038a00', 'virtual_address': '0x00066000', 'entropy': 7.4036277753826845, 'name': '.rsrc', 'virtual_size': '0x000388bc'} description A section with a high entropy has been found
entropy 0.36859235150528885 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2616 called NtSetContextThread to modify thread in remote process 2520
Time & API Arguments Status Return Repeated
1619621298.177374
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4317872
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2520
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2616 resumed a thread in remote process 2520
Time & API Arguments Status Return Repeated
1619621298.287374
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 2520
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.24.14:443
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619621298.177374
CreateProcessInternalW
thread_identifier: 2420
thread_handle: 0x000000fc
process_identifier: 2520
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\6412e813fe142994b2eb90a59e3985a2.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000100
inherit_handles: 0
success 1 0
1619621298.177374
NtUnmapViewOfSection
process_identifier: 2520
region_size: 4096
process_handle: 0x00000100
base_address: 0x00400000
success 0 0
1619621298.177374
NtMapViewOfSection
section_handle: 0x00000108
process_identifier: 2520
commit_size: 184320
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000100
allocation_type: 0 ()
section_offset: 0
view_size: 184320
base_address: 0x00400000
success 0 0
1619621298.177374
NtGetContextThread
thread_handle: 0x000000fc
success 0 0
1619621298.177374
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4317872
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2520
success 0 0
1619621298.287374
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 2520
success 0 0
File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
ClamAV Win.Dropper.Nanocore-9003840-0
CAT-QuickHeal TrojanPWS.Fareit
McAfee Fareit-FVZ!6412E813FE14
Cylance Unsafe
Zillya Trojan.Kryptik.Win32.2264496
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Riskware ( 0040eff71 )
Cybereason malicious.99fa4f
Arcabit Trojan.Delf.FareIt.Gen.7
Invincea Mal/Generic-S + Troj/Formbo-GL
Cyren W32/Trojan.DGMD-5247
Symantec Trojan.Gen.MBT
ESET-NOD32 a variant of Win32/Injector.EMRA
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
BitDefender Trojan.Delf.FareIt.Gen.7
NANO-Antivirus Trojan.Win32.Kryptik.hnzlyr
ViRobot Trojan.Win32.Z.Kryptik.630784.PQ
MicroWorld-eScan Trojan.Delf.FareIt.Gen.7
Avast Win32:PWSX-gen [Trj]
Rising Trojan.Injector!1.C97E (CLASSIC)
Ad-Aware Trojan.Delf.FareIt.Gen.7
Comodo Malware@#2sn9w3z87585g
F-Secure Heuristic.HEUR/AGEN.1136653
DrWeb Trojan.PWS.Stealer.26517
VIPRE Trojan.Win32.Generic!BT
TrendMicro TSPY_HPLOKI.SMBD
FireEye Generic.mg.6412e813fe142994
Sophos Troj/Formbo-GL
Ikarus Trojan.Inject
Webroot W32.Trojan.Delf.Fareit.Gen
Avira HEUR/AGEN.1136653
Antiy-AVL Trojan/Win32.Kryptik
Microsoft PWS:Win32/Fareit.AQ!MTB
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Trojan.Delf.FareIt.Gen.7
AhnLab-V3 Suspicious/Win.Delphiless.X2091
Acronis suspicious
VBA32 TScope.Trojan.Delf
ALYac Trojan.Delf.FareIt.Gen.7
MAX malware (ai score=88)
Malwarebytes Trojan.MalPack.DLF
TrendMicro-HouseCall TSPY_HPLOKI.SMBD
Tencent Win32.Trojan.Kryptik.Wlpa
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x45c13c VirtualFree
0x45c140 VirtualAlloc
0x45c144 LocalFree
0x45c148 LocalAlloc
0x45c14c GetVersion
0x45c150 GetCurrentThreadId
0x45c15c VirtualQuery
0x45c160 WideCharToMultiByte
0x45c164 MultiByteToWideChar
0x45c168 lstrlenA
0x45c16c lstrcpynA
0x45c170 LoadLibraryExA
0x45c174 GetThreadLocale
0x45c178 GetStartupInfoA
0x45c17c GetProcAddress
0x45c180 GetModuleHandleA
0x45c184 GetModuleFileNameA
0x45c188 GetLocaleInfoA
0x45c18c GetCommandLineA
0x45c190 FreeLibrary
0x45c194 FindFirstFileA
0x45c198 FindClose
0x45c19c ExitProcess
0x45c1a0 WriteFile
0x45c1a8 RtlUnwind
0x45c1ac RaiseException
0x45c1b0 GetStdHandle
Library user32.dll:
0x45c1b8 GetKeyboardType
0x45c1bc LoadStringA
0x45c1c0 MessageBoxA
0x45c1c4 CharNextA
Library advapi32.dll:
0x45c1cc RegQueryValueExA
0x45c1d0 RegOpenKeyExA
0x45c1d4 RegCloseKey
Library oleaut32.dll:
0x45c1dc SysFreeString
0x45c1e0 SysReAllocStringLen
0x45c1e4 SysAllocStringLen
Library kernel32.dll:
0x45c1ec TlsSetValue
0x45c1f0 TlsGetValue
0x45c1f4 LocalAlloc
0x45c1f8 GetModuleHandleA
Library advapi32.dll:
0x45c200 RegQueryValueExA
0x45c204 RegOpenKeyExA
0x45c208 RegCloseKey
Library kernel32.dll:
0x45c210 lstrcpyA
0x45c214 WriteFile
0x45c218 WaitForSingleObject
0x45c21c VirtualQuery
0x45c220 VirtualProtect
0x45c224 VirtualAlloc
0x45c228 Sleep
0x45c22c SizeofResource
0x45c230 SetThreadLocale
0x45c234 SetFilePointer
0x45c238 SetEvent
0x45c23c SetErrorMode
0x45c240 SetEndOfFile
0x45c244 ResetEvent
0x45c248 ReadFile
0x45c24c MulDiv
0x45c250 LockResource
0x45c254 LoadResource
0x45c258 LoadLibraryA
0x45c264 GlobalUnlock
0x45c268 GlobalReAlloc
0x45c26c GlobalHandle
0x45c270 GlobalLock
0x45c274 GlobalFree
0x45c278 GlobalFindAtomA
0x45c27c GlobalDeleteAtom
0x45c280 GlobalAlloc
0x45c284 GlobalAddAtomA
0x45c288 GetVersionExA
0x45c28c GetVersion
0x45c290 GetTickCount
0x45c294 GetThreadLocale
0x45c298 GetSystemInfo
0x45c29c GetStringTypeExA
0x45c2a0 GetStdHandle
0x45c2a4 GetProcAddress
0x45c2a8 GetModuleHandleA
0x45c2ac GetModuleFileNameA
0x45c2b0 GetLocaleInfoA
0x45c2b4 GetLocalTime
0x45c2b8 GetLastError
0x45c2bc GetFullPathNameA
0x45c2c0 GetFileType
0x45c2c4 GetDiskFreeSpaceA
0x45c2c8 GetDateFormatA
0x45c2cc GetCurrentThreadId
0x45c2d0 GetCurrentProcessId
0x45c2d4 GetCPInfo
0x45c2d8 GetACP
0x45c2dc FreeResource
0x45c2e0 InterlockedExchange
0x45c2e4 FreeLibrary
0x45c2e8 FormatMessageA
0x45c2ec FindResourceA
0x45c2f0 EnumCalendarInfoA
0x45c2fc CreateThread
0x45c300 CreateFileA
0x45c304 CreateEventA
0x45c308 CompareStringA
0x45c30c CloseHandle
Library version.dll:
0x45c314 VerQueryValueA
0x45c31c GetFileVersionInfoA
Library gdi32.dll:
0x45c324 UnrealizeObject
0x45c328 StretchBlt
0x45c32c SetWindowOrgEx
0x45c330 SetViewportOrgEx
0x45c334 SetTextColor
0x45c338 SetStretchBltMode
0x45c33c SetROP2
0x45c340 SetPixel
0x45c344 SetDIBColorTable
0x45c348 SetBrushOrgEx
0x45c34c SetBkMode
0x45c350 SetBkColor
0x45c354 SelectPalette
0x45c358 SelectObject
0x45c35c SaveDC
0x45c360 RestoreDC
0x45c364 Rectangle
0x45c368 RectVisible
0x45c36c RealizePalette
0x45c370 PatBlt
0x45c374 MoveToEx
0x45c378 MaskBlt
0x45c37c LineTo
0x45c380 IntersectClipRect
0x45c384 GetWindowOrgEx
0x45c388 GetTextMetricsA
0x45c394 GetStockObject
0x45c398 GetPixel
0x45c39c GetPaletteEntries
0x45c3a0 GetObjectA
0x45c3a4 GetDeviceCaps
0x45c3a8 GetDIBits
0x45c3ac GetDIBColorTable
0x45c3b0 GetDCOrgEx
0x45c3b8 GetClipBox
0x45c3bc GetBrushOrgEx
0x45c3c0 GetBitmapBits
0x45c3c4 ExcludeClipRect
0x45c3c8 DeleteObject
0x45c3cc DeleteDC
0x45c3d0 CreateSolidBrush
0x45c3d4 CreatePenIndirect
0x45c3d8 CreatePen
0x45c3dc CreatePalette
0x45c3e4 CreateFontIndirectA
0x45c3e8 CreateDIBitmap
0x45c3ec CreateDIBSection
0x45c3f0 CreateCompatibleDC
0x45c3f8 CreateBrushIndirect
0x45c3fc CreateBitmap
0x45c400 BitBlt
Library user32.dll:
0x45c408 CreateWindowExA
0x45c40c WindowFromPoint
0x45c410 WinHelpA
0x45c414 WaitMessage
0x45c418 ValidateRect
0x45c41c UpdateWindow
0x45c420 UnregisterClassA
0x45c424 UnhookWindowsHookEx
0x45c428 TranslateMessage
0x45c430 TrackPopupMenu
0x45c438 ShowWindow
0x45c43c ShowScrollBar
0x45c440 ShowOwnedPopups
0x45c444 ShowCursor
0x45c448 SetWindowsHookExA
0x45c44c SetWindowPos
0x45c450 SetWindowPlacement
0x45c454 SetWindowLongA
0x45c458 SetTimer
0x45c45c SetScrollRange
0x45c460 SetScrollPos
0x45c464 SetScrollInfo
0x45c468 SetRect
0x45c46c SetPropA
0x45c470 SetParent
0x45c474 SetMenuItemInfoA
0x45c478 SetMenu
0x45c47c SetForegroundWindow
0x45c480 SetFocus
0x45c484 SetCursor
0x45c488 SetClassLongA
0x45c48c SetCapture
0x45c490 SetActiveWindow
0x45c494 SendMessageA
0x45c498 ScrollWindow
0x45c49c ScreenToClient
0x45c4a0 RemovePropA
0x45c4a4 RemoveMenu
0x45c4a8 ReleaseDC
0x45c4ac ReleaseCapture
0x45c4b8 RegisterClassA
0x45c4bc RedrawWindow
0x45c4c0 PtInRect
0x45c4c4 PostQuitMessage
0x45c4c8 PostMessageA
0x45c4cc PeekMessageA
0x45c4d0 OffsetRect
0x45c4d4 OemToCharA
0x45c4d8 MessageBoxA
0x45c4dc MapWindowPoints
0x45c4e0 MapVirtualKeyA
0x45c4e4 LoadStringA
0x45c4e8 LoadKeyboardLayoutA
0x45c4ec LoadIconA
0x45c4f0 LoadCursorA
0x45c4f4 LoadBitmapA
0x45c4f8 KillTimer
0x45c4fc IsZoomed
0x45c500 IsWindowVisible
0x45c504 IsWindowEnabled
0x45c508 IsWindow
0x45c50c IsRectEmpty
0x45c510 IsIconic
0x45c514 IsDialogMessageA
0x45c518 IsChild
0x45c51c InvalidateRect
0x45c520 IntersectRect
0x45c524 InsertMenuItemA
0x45c528 InsertMenuA
0x45c52c InflateRect
0x45c534 GetWindowTextA
0x45c538 GetWindowRect
0x45c53c GetWindowPlacement
0x45c540 GetWindowLongA
0x45c544 GetWindowDC
0x45c548 GetTopWindow
0x45c54c GetSystemMetrics
0x45c550 GetSystemMenu
0x45c554 GetSysColorBrush
0x45c558 GetSysColor
0x45c55c GetSubMenu
0x45c560 GetScrollRange
0x45c564 GetScrollPos
0x45c568 GetScrollInfo
0x45c56c GetPropA
0x45c570 GetParent
0x45c574 GetWindow
0x45c578 GetMenuStringA
0x45c57c GetMenuState
0x45c580 GetMenuItemInfoA
0x45c584 GetMenuItemID
0x45c588 GetMenuItemCount
0x45c58c GetMenu
0x45c590 GetLastActivePopup
0x45c594 GetKeyboardState
0x45c59c GetKeyboardLayout
0x45c5a0 GetKeyState
0x45c5a4 GetKeyNameTextA
0x45c5a8 GetIconInfo
0x45c5ac GetForegroundWindow
0x45c5b0 GetFocus
0x45c5b4 GetDlgItem
0x45c5b8 GetDesktopWindow
0x45c5bc GetDCEx
0x45c5c0 GetDC
0x45c5c4 GetCursorPos
0x45c5c8 GetCursor
0x45c5cc GetClientRect
0x45c5d0 GetClassNameA
0x45c5d4 GetClassInfoA
0x45c5d8 GetCapture
0x45c5dc GetActiveWindow
0x45c5e0 FrameRect
0x45c5e4 FindWindowA
0x45c5e8 FillRect
0x45c5ec EqualRect
0x45c5f0 EnumWindows
0x45c5f4 EnumThreadWindows
0x45c5f8 EndPaint
0x45c5fc EnableWindow
0x45c600 EnableScrollBar
0x45c604 EnableMenuItem
0x45c608 DrawTextA
0x45c60c DrawMenuBar
0x45c610 DrawIconEx
0x45c614 DrawIcon
0x45c618 DrawFrameControl
0x45c61c DrawEdge
0x45c620 DispatchMessageA
0x45c624 DestroyWindow
0x45c628 DestroyMenu
0x45c62c DestroyIcon
0x45c630 DestroyCursor
0x45c634 DeleteMenu
0x45c638 DefWindowProcA
0x45c63c DefMDIChildProcA
0x45c640 DefFrameProcA
0x45c644 CreatePopupMenu
0x45c648 CreateMenu
0x45c64c CreateIcon
0x45c650 ClientToScreen
0x45c654 CheckMenuItem
0x45c658 CallWindowProcA
0x45c65c CallNextHookEx
0x45c660 BeginPaint
0x45c664 CharNextA
0x45c668 CharLowerA
0x45c66c CharToOemA
0x45c670 AdjustWindowRectEx
Library kernel32.dll:
0x45c67c Sleep
Library oleaut32.dll:
0x45c684 SafeArrayPtrOfIndex
0x45c688 SafeArrayGetUBound
0x45c68c SafeArrayGetLBound
0x45c690 SafeArrayCreate
0x45c694 VariantChangeType
0x45c698 VariantCopy
0x45c69c VariantClear
0x45c6a0 VariantInit
Library comctl32.dll:
0x45c6b0 ImageList_Write
0x45c6b4 ImageList_Read
0x45c6c4 ImageList_DragMove
0x45c6c8 ImageList_DragLeave
0x45c6cc ImageList_DragEnter
0x45c6d0 ImageList_EndDrag
0x45c6d4 ImageList_BeginDrag
0x45c6d8 ImageList_Remove
0x45c6dc ImageList_DrawEx
0x45c6e0 ImageList_Draw
0x45c6f0 ImageList_Add
0x45c6f8 ImageList_Destroy
0x45c6fc ImageList_Create
0x45c700 InitCommonControls
Library comdlg32.dll:
0x45c708 GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 53658 239.255.255.250 3702
192.168.56.101 55369 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.