1.2
低危
48 个模型检测该样本为恶意!
重新分析
更多

21d4e7b1b66f35e0908f158f94e3daab5c6754b5127a2492b066c274668541a8

21d4e7b1b66f35e0908f158f94e3daab5c6754b5127a2492b066c274668541a8.exe

分析耗时

196s

最近分析

376天前

文件大小

8.5KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN WORM MYDOOM
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.54
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:Malware-gen 20190926 18.4.3895.0
Baidu None 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_90% (D) 20190702 1.0
Kingsoft None 20190926 2013.8.14.323
McAfee BackDoor-ESK 20190926 6.0.6.653
Tencent None 20190926 1.0.0.1
行为判定
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具 (2 个事件)
section {'name': '3ec2itgb', 'virtual_address': '0x0000a000', 'virtual_size': '0x00002000', 'size_of_data': '0x00001a00', 'entropy': 7.547400585476299} entropy 7.547400585476299 description 发现高熵的节
entropy 0.8125 description 此PE文件的整体熵值较高
网络通信
与未执行 DNS 查询的主机进行通信 (2 个事件)
host 114.114.114.114
host 8.8.8.8
文件已被 VirusTotal 上 48 个反病毒引擎识别为恶意 (48 个事件)
ALYac Generic.Mydoom.AC4E1A72
APEX Malicious
AVG Win32:Malware-gen
Acronis suspicious
Ad-Aware Generic.Mydoom.AC4E1A72
AhnLab-V3 Dropper/Win32.Mudrop.R65624
Antiy-AVL Trojan[Dropper]/Win32.Daws
Arcabit Generic.Mydoom.AC4E1A72
Avast Win32:Malware-gen
Avira BDS/Backdoor.Gen
BitDefender Generic.Mydoom.AC4E1A72
ClamAV Win.Worm.Mydoom-6840397-0
Comodo Worm.Win32.Autorun.~dy19@2vntd6
CrowdStrike win/malicious_confidence_90% (D)
Cylance Unsafe
Cyren W32/Trojan.IXSI-2812
DrWeb Trojan.Siggen5.62477
ESET-NOD32 a variant of Win32/Agent.NHB
Emsisoft Generic.Mydoom.AC4E1A72 (B)
Endgame malicious (high confidence)
F-Prot W32/Trojan2.MWJB
F-Secure Backdoor.BDS/Backdoor.Gen
FireEye Generic.mg.6484fbc07edbfd7d
Fortinet W32/AutoRun.BJD!worm
GData Generic.Mydoom.AC4E1A72
Ikarus Worm.Win32.AutoRun
Invincea heuristic
Jiangmin Worm/AutoRun.trl
K7AntiVirus Trojan ( 001183dd1 )
K7GW Trojan ( 001183dd1 )
Kaspersky HEUR:Trojan.Win32.Generic
MAX malware (ai score=83)
McAfee BackDoor-ESK
McAfee-GW-Edition BehavesLike.Win32.Backdoor.xh
MicroWorld-eScan Generic.Mydoom.AC4E1A72
Microsoft Trojan:Win32/Fuerboos.D!cl
NANO-Antivirus Trojan.Win32.AutoRun.bbmnol
Panda Trj/Genetic.gen
Qihoo-360 HEUR/QVM31.1.2627.Malware.Gen
Rising Worm.Agent!8.25 (TFE:5:vYQYvT3t4AO)
Sophos Mal/Behav-104
Symantec W32.Mydoom.B@mm
TotalDefense Win32/ASuspect.HHAGR
VBA32 BScope.Trojan-Spy.Zbot
ViRobot Worm.Win32.Autorun.8704.G
Yandex Worm.AutoRun!cad1tVlxORA
Zillya Worm.AutoRun.Win32.20537
ZoneAlarm HEUR:Trojan.Win32.Generic
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2010-05-20 17:10:51

PE Imphash

7a3ceb2d50178737a3dc1a0782288ea0

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
353iggif 0x00001000 0x00009000 0x00000000 0.0
3ec2itgb 0x0000a000 0x00002000 0x00001a00 7.547400585476299
38h5rfen 0x0000c000 0x00001000 0x00000600 4.231484467160695

Imports

Library KERNEL32.DLL:
0x1000c078 LoadLibraryA
0x1000c07c GetProcAddress
0x1000c080 VirtualProtect
0x1000c084 VirtualAlloc
0x1000c088 VirtualFree
Library ADVAPI32.DLL:
0x1000c090 RegCloseKey
Library msvcrt.dll:
0x1000c098 _iob
Library USER32.dll:
0x1000c0a0 wsprintfA
Library WSOCK32.DLL:
0x1000c0a8 bind

Exports

Ordinal Address Name
1 0x10001c8c AcceptThread@4
2 0x10006054 AuthLogin
3 0x100060c4 AuthPass
4 0x100011db CreateConnectStruct
5 0x10001f57 Get_Reg_SZ
6 0x10001bbe Socks5Accept
7 0x10001a5b Socks5Auth
8 0x1000153e Socks5CmdIsSupported
9 0x100017df Socks5GetCmd
10 0x1000140f Socks5SendCode
11 0x10001451 Socks5ServConnect
12 0x100012e4 SocksPipe@4
13 0x1000274e Write_REG_SZ
14 0x100011bd _malloc
15 0x10002209 add_system_direcroty
16 0x1000237f autostart_bot
17 0x10002806 copy_autoinf
18 0x10002c6c copy_filez
19 0x10001180 create_thread
20 0x1000271b filetyt
21 0x10002b9c get_dword
22 0x10006094 hDllInstance
23 0x10002a16 mutex_check
24 0x100060a4 name_exe
25 0x10001f26 rot13
26 0x10001e04 rot13c
27 0x10002ea8 run_another@4
28 0x10002cef run_flash@4
29 0x10002a60 run_process@4
30 0x100029b8 run_reestr@4
31 0x1000157e socks5_exec
32 0x1000128d sread
33 0x100024a2 sss_rans
34 0x10001236 swrite
35 0x10002020 xproxy_th@4
36 0x10002278 xsocks5
37 0x10001dd8 xstrchr
L!This program cannot be run in DOS mode.
353iggif
3ec2itgb
38h5rfen
X[]_V`
mtGt$lE_D$
[4W<s/{Gq
w+|7]u~&]
#J6FW
2s!e't
hAW 3U
EuXf6x}J='2El
$\ j h5
},<a.l}
@404,lx0n7`
f=$h$Kt
\j0\oLa%
d2Z% B
K^@mveD&G(#;i
4fo.#CHvPT\[rn+u @
\+o_EC^$\
Md2X&6tsXeY,
<#D$(<
<,044'
\)8T)B?m
UC'6"1
ECUjk}
_uJ2hIGx
s3K8fx38
;P#'kT
#,%dyL%l|0\t
x4t0Bd
FZ%@S`
ur!LVX)\^Vda%+A
0(e3f=
#@/N.U
5a' u~@zW s.-p
tTZB&5@Wg\
2D1duh
Pw*EBJ8u
)bX-\$\
YMF4B@`
K]FB1-y;H
y4d$5l%8@$
oC$3*%
3D&/h0%h
8YP d@
UB[)gKd
x.xqxu
NNTd{X
ygy`dhp-`
p(l\(t884!
PlTpAAXt\x<LA`|!%L
w3!>rX6d@H
dAh\l O
q,q <q(<y24r
'O<qqqq
i^EAM4B
4M"%(+.Q4M147:=(
ABCDEFGHIJKLMNOPQRSTUVWXYZ
fghijklmnopqrstuvwxyzFbsgjner\Zvpebf
\Jvaqbjf\Phe
agIr;vba\Rkcyb
e\ihyaiby3?2\
PYFVQ\{R6SO5R20-35-11PS-9P87-00NNno
5127RQ}\VacspFEi
aZNBgszp.rkr?
fnganf.qyy
[autorun]
sE;llc
icon=%%SysmRoot
.d3,4+ti-On fold
W view
iUs^0\lqlt(
\nmmd{
=Y3lAu
l[k_pxf5n
EFGHI,
,OPQRST,
,UVWXY
}?-LIBGCCW-EH-
GTHR-MING
_aodptr->size ==
__7ARED)
:%u: >
d ass1A `
CEg/i386/e-\;-f.c+GetAlmN
,t,ws)
DiP^ni?if{
$4BiP`v~`ms
"i,6@HPCf
CloseHdle
o'pyFi
Process
d8Dele
Driv5yp
LastErT
\alTi+
#ApDiacBry
ickCount
FK>[SesMod
wRegpK;|ey
QuesZV
WPr__d
hkflushoi
pL8[!f
ma#]5.Qmc
}i[Duoa
WSAS6taupc9pUbi
msukhcn>~F[g
5ansRi
vs/uehdow
F[N0"b
(,PK.'
XPTPSWXaD$j
KERNEL32.DLL
ADVAPI32.DLL
msvcrt.dll
USER32.dll
WSOCK32.DLL
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
RegCloseKey
wsprintfA
socks55.dll
AcceptThread@4
AuthLogin
AuthPass
CreateConnectStruct
Get_Reg_SZ
Socks5Accept
Socks5Auth
Socks5CmdIsSupported
Socks5GetCmd
Socks5SendCode
Socks5ServConnect
SocksPipe@4
Write_REG_SZ
_malloc
add_system_direcroty
autostart_bot
copy_autoinf
copy_filez
create_thread
filetyt
get_dword
hDllInstance
mutex_check
name_exe
rot13c
run_another@4
run_flash@4
run_process@4
run_reestr@4
socks5_exec
sss_rans
swrite
xproxy_th@4
xsocks5
xstrchr
 !"#$

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 61714 8.8.8.8 53
192.168.56.101 56933 8.8.8.8 53
192.168.56.101 138 192.168.56.255 138
192.168.56.101 58485 114.114.114.114 53
192.168.56.101 58485 8.8.8.8 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.