4.2
中危
63 个模型检测该样本为恶意!
重新分析
更多

21fd74234f073c7af91314d235b04418af7ad84f7a2cccc54b8af8192372cd7d

6b27f86a856fbd2ee82a3e460a635d39.exe

分析耗时

31s

最近分析

文件大小

899.5KB
静态报毒 动态报毒 100% 4GW@A8STI5PI AGENSLA AI SCORE=85 AIDETECTVM AUTO BEHAVIOR BFLX BUPSGE CLASSIC CONFIDENCE DELF ENFZ FAREIT GENERICKD GENERICKDZ GENETIC HIGH CONFIDENCE HULGHH IGENT KCLOUD KHOYV KRYPTIK MALWARE2 MALWARE@#2EXJRA515MGK6 R + TROJ SCORE SIGGEN2 STATIC AI SUSPICIOUS PE TROJANPSW TSCOPE UNSAFE USXVPI820 VNNA WACATAC ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FZN!6B27F86A856F 20210125 6.0.6.653
Alibaba TrojanPSW:Win32/Injector.32acec18 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20210125 21.1.5827.0
Tencent Win32.Trojan.Inject.Auto 20210125 1.0.0.1
Kingsoft Win32.Troj.Undef.(kcloud) 20210125 2017.9.26.565
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620780814.509876
NtAllocateVirtualMemory
process_identifier: 2984
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00920000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.513678043019723 section {'size_of_data': '0x00054400', 'virtual_address': '0x00092000', 'entropy': 7.513678043019723, 'name': '.rsrc', 'virtual_size': '0x00054318'} description A section with a high entropy has been found
entropy 0.37506956037840844 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 203.208.40.34
host 203.208.41.65
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.160.78:443
File has been identified by 63 AntiVirus engines on VirusTotal as malicious (50 out of 63 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.34491234
FireEye Generic.mg.6b27f86a856fbd2e
CAT-QuickHeal Trojan.Multi
McAfee Fareit-FZN!6B27F86A856F
Cylance Unsafe
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
Alibaba TrojanPSW:Win32/Injector.32acec18
K7GW Riskware ( 0040eff71 )
Cybereason malicious.a856fb
Arcabit Trojan.Generic.D20E4B62
Cyren W32/Injector.VNNA-5844
Symantec Trojan Horse
APEX Malicious
Avast Win32:Trojan-gen
ClamAV Win.Trojan.Generickdz-9756349-0
Kaspersky HEUR:Trojan-PSW.Win32.Agensla.gen
BitDefender Trojan.GenericKD.34491234
NANO-Antivirus Trojan.Win32.Agensla.hulghh
Paloalto generic.ml
AegisLab Trojan.Win32.Agensla.i!c
Tencent Win32.Trojan.Inject.Auto
Ad-Aware Trojan.GenericKD.34491234
Emsisoft Trojan.Injector (A)
Comodo Malware@#2exjra515mgk6
F-Secure Trojan.TR/Dropper.khoyv
DrWeb Trojan.PWS.Siggen2.54661
VIPRE Trojan.Win32.Generic!BT
TrendMicro Trojan.MSIL.WACATAC.USXVPI820
McAfee-GW-Edition BehavesLike.Win32.Fareit.cc
Sophos Mal/Generic-R + Troj/Agent-BFLX
Ikarus Trojan.Inject
Jiangmin Trojan.Kryptik.ces
Webroot W32.Trojan.Gen
Avira TR/Dropper.khoyv
Antiy-AVL Trojan[PSW]/Win32.Agensla
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Trojan.Win32.Packed.oa
Microsoft Trojan:Win32/Injector.KD!MTB
ZoneAlarm HEUR:Trojan-PSW.Win32.Agensla.gen
GData Trojan.GenericKD.34491234
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.Generic.C4193609
Acronis suspicious
BitDefenderTheta Gen:NN.ZelphiF.34780.4GW@a8Sti5pi
ALYac Trojan.GenericKD.34491234
MAX malware (ai score=85)
VBA32 TScope.Trojan.Delf
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x48518c VirtualFree
0x485190 VirtualAlloc
0x485194 LocalFree
0x485198 LocalAlloc
0x48519c GetVersion
0x4851a0 GetCurrentThreadId
0x4851ac VirtualQuery
0x4851b0 WideCharToMultiByte
0x4851b4 MultiByteToWideChar
0x4851b8 lstrlenA
0x4851bc lstrcpynA
0x4851c0 LoadLibraryExA
0x4851c4 GetThreadLocale
0x4851c8 GetStartupInfoA
0x4851cc GetProcAddress
0x4851d0 GetModuleHandleA
0x4851d4 GetModuleFileNameA
0x4851d8 GetLocaleInfoA
0x4851dc GetCommandLineA
0x4851e0 FreeLibrary
0x4851e4 FindFirstFileA
0x4851e8 FindClose
0x4851ec ExitProcess
0x4851f0 WriteFile
0x4851f8 RtlUnwind
0x4851fc RaiseException
0x485200 GetStdHandle
Library user32.dll:
0x485208 GetKeyboardType
0x48520c LoadStringA
0x485210 MessageBoxA
0x485214 CharNextA
Library advapi32.dll:
0x48521c RegQueryValueExA
0x485220 RegOpenKeyExA
0x485224 RegCloseKey
Library oleaut32.dll:
0x48522c SysFreeString
0x485230 SysReAllocStringLen
0x485234 SysAllocStringLen
Library kernel32.dll:
0x48523c TlsSetValue
0x485240 TlsGetValue
0x485244 LocalAlloc
0x485248 GetModuleHandleA
Library advapi32.dll:
0x485250 RegQueryValueExA
0x485254 RegOpenKeyExA
0x485258 RegCloseKey
Library kernel32.dll:
0x485260 lstrcpyA
0x485264 WriteFile
0x48526c WaitForSingleObject
0x485270 VirtualQuery
0x485274 VirtualProtectEx
0x485278 VirtualProtect
0x48527c VirtualAlloc
0x485280 Sleep
0x485284 SizeofResource
0x485288 SetThreadLocale
0x48528c SetFilePointer
0x485290 SetEvent
0x485294 SetErrorMode
0x485298 SetEndOfFile
0x48529c ResetEvent
0x4852a0 ReadFile
0x4852a4 MultiByteToWideChar
0x4852a8 MulDiv
0x4852ac LockResource
0x4852b0 LoadResource
0x4852b4 LoadLibraryA
0x4852c0 GlobalUnlock
0x4852c4 GlobalSize
0x4852c8 GlobalReAlloc
0x4852cc GlobalHandle
0x4852d0 GlobalLock
0x4852d4 GlobalFree
0x4852d8 GlobalFindAtomA
0x4852dc GlobalDeleteAtom
0x4852e0 GlobalAlloc
0x4852e4 GlobalAddAtomA
0x4852e8 GetVersionExA
0x4852ec GetVersion
0x4852f0 GetUserDefaultLCID
0x4852f4 GetTickCount
0x4852f8 GetThreadLocale
0x485300 GetSystemTime
0x485304 GetSystemInfo
0x485308 GetStringTypeExA
0x48530c GetStdHandle
0x485310 GetProcAddress
0x485314 GetModuleHandleA
0x485318 GetModuleFileNameA
0x48531c GetLocaleInfoA
0x485320 GetLocalTime
0x485324 GetLastError
0x485328 GetFullPathNameA
0x48532c GetFileAttributesA
0x485330 GetDiskFreeSpaceA
0x485334 GetDateFormatA
0x485338 GetCurrentThreadId
0x48533c GetCurrentProcessId
0x485340 GetCurrentProcess
0x485344 GetComputerNameA
0x485348 GetCPInfo
0x48534c GetACP
0x485350 FreeResource
0x485354 InterlockedExchange
0x485358 FreeLibrary
0x48535c FormatMessageA
0x485360 FindResourceA
0x485364 FindFirstFileA
0x485368 FindClose
0x485378 ExitProcess
0x48537c EnumCalendarInfoA
0x485388 CreateThread
0x48538c CreateFileA
0x485390 CreateEventA
0x485394 CompareStringA
0x485398 CloseHandle
Library version.dll:
0x4853a0 VerQueryValueA
0x4853a8 GetFileVersionInfoA
Library gdi32.dll:
0x4853b0 UnrealizeObject
0x4853b4 StretchBlt
0x4853b8 SetWindowOrgEx
0x4853bc SetWinMetaFileBits
0x4853c0 SetViewportOrgEx
0x4853c4 SetTextColor
0x4853c8 SetStretchBltMode
0x4853cc SetROP2
0x4853d0 SetPixel
0x4853d4 SetMapMode
0x4853d8 SetEnhMetaFileBits
0x4853dc SetDIBColorTable
0x4853e0 SetBrushOrgEx
0x4853e4 SetBkMode
0x4853e8 SetBkColor
0x4853ec SelectPalette
0x4853f0 SelectObject
0x4853f4 SaveDC
0x4853f8 RestoreDC
0x4853fc Rectangle
0x485400 RectVisible
0x485404 RealizePalette
0x485408 Polyline
0x48540c PlayEnhMetaFile
0x485410 PatBlt
0x485414 MoveToEx
0x485418 MaskBlt
0x48541c LineTo
0x485420 LPtoDP
0x485424 IntersectClipRect
0x485428 GetWindowOrgEx
0x48542c GetWinMetaFileBits
0x485430 GetTextMetricsA
0x48543c GetStockObject
0x485440 GetPixel
0x485444 GetPaletteEntries
0x485448 GetObjectA
0x485458 GetEnhMetaFileBits
0x48545c GetDeviceCaps
0x485460 GetDIBits
0x485464 GetDIBColorTable
0x485468 GetDCOrgEx
0x485470 GetClipBox
0x485474 GetBrushOrgEx
0x485478 GetBitmapBits
0x48547c ExtTextOutA
0x485480 ExcludeClipRect
0x485484 DeleteObject
0x485488 DeleteEnhMetaFile
0x48548c DeleteDC
0x485490 CreateSolidBrush
0x485494 CreatePenIndirect
0x485498 CreatePalette
0x4854a0 CreateFontIndirectA
0x4854a4 CreateEnhMetaFileA
0x4854a8 CreateDIBitmap
0x4854ac CreateDIBSection
0x4854b0 CreateCompatibleDC
0x4854b8 CreateBrushIndirect
0x4854bc CreateBitmap
0x4854c0 CopyEnhMetaFileA
0x4854c4 CloseEnhMetaFile
0x4854c8 BitBlt
Library opengl32.dll:
0x4854d0 wglCreateContext
Library user32.dll:
0x4854d8 CreateWindowExA
0x4854dc WindowFromPoint
0x4854e0 WinHelpA
0x4854e4 WaitMessage
0x4854e8 UpdateWindow
0x4854ec UnregisterClassA
0x4854f0 UnhookWindowsHookEx
0x4854f4 TranslateMessage
0x4854fc TrackPopupMenu
0x485504 ShowWindow
0x485508 ShowScrollBar
0x48550c ShowOwnedPopups
0x485510 ShowCursor
0x485514 SetWindowsHookExA
0x485518 SetWindowPos
0x48551c SetWindowPlacement
0x485520 SetWindowLongA
0x485524 SetTimer
0x485528 SetScrollRange
0x48552c SetScrollPos
0x485530 SetScrollInfo
0x485534 SetRect
0x485538 SetPropA
0x48553c SetParent
0x485540 SetMenuItemInfoA
0x485544 SetMenu
0x485548 SetForegroundWindow
0x48554c SetFocus
0x485550 SetCursor
0x485554 SetClassLongA
0x485558 SetCapture
0x48555c SetActiveWindow
0x485560 SendMessageA
0x485564 ScrollWindow
0x485568 ScreenToClient
0x48556c RemovePropA
0x485570 RemoveMenu
0x485574 ReleaseDC
0x485578 ReleaseCapture
0x485584 RegisterClassA
0x485588 RedrawWindow
0x48558c PtInRect
0x485590 PostQuitMessage
0x485594 PostMessageA
0x485598 PeekMessageA
0x48559c OffsetRect
0x4855a0 OemToCharA
0x4855a4 MessageBoxA
0x4855a8 MapWindowPoints
0x4855ac MapVirtualKeyA
0x4855b0 LoadStringA
0x4855b4 LoadKeyboardLayoutA
0x4855b8 LoadIconA
0x4855bc LoadCursorA
0x4855c0 LoadBitmapA
0x4855c4 KillTimer
0x4855c8 IsZoomed
0x4855cc IsWindowVisible
0x4855d0 IsWindowEnabled
0x4855d4 IsWindow
0x4855d8 IsRectEmpty
0x4855dc IsIconic
0x4855e0 IsDialogMessageA
0x4855e4 IsChild
0x4855e8 InvalidateRect
0x4855ec IntersectRect
0x4855f0 InsertMenuItemA
0x4855f4 InsertMenuA
0x4855f8 InflateRect
0x485600 GetWindowTextA
0x485604 GetWindowRect
0x485608 GetWindowPlacement
0x48560c GetWindowLongA
0x485610 GetWindowDC
0x485614 GetTopWindow
0x485618 GetSystemMetrics
0x48561c GetSystemMenu
0x485620 GetSysColorBrush
0x485624 GetSysColor
0x485628 GetSubMenu
0x48562c GetScrollRange
0x485630 GetScrollPos
0x485634 GetScrollInfo
0x485638 GetPropA
0x48563c GetParent
0x485640 GetWindow
0x485644 GetMessageTime
0x485648 GetMenuStringA
0x48564c GetMenuState
0x485650 GetMenuItemInfoA
0x485654 GetMenuItemID
0x485658 GetMenuItemCount
0x48565c GetMenu
0x485660 GetLastActivePopup
0x485664 GetKeyboardState
0x48566c GetKeyboardLayout
0x485670 GetKeyState
0x485674 GetKeyNameTextA
0x485678 GetIconInfo
0x48567c GetForegroundWindow
0x485680 GetFocus
0x485684 GetDlgItem
0x485688 GetDesktopWindow
0x48568c GetDCEx
0x485690 GetDC
0x485694 GetCursorPos
0x485698 GetCursor
0x48569c GetClipboardData
0x4856a0 GetClientRect
0x4856a4 GetClassNameA
0x4856a8 GetClassInfoA
0x4856ac GetCapture
0x4856b0 GetActiveWindow
0x4856b4 FrameRect
0x4856b8 FindWindowA
0x4856bc FillRect
0x4856c0 EqualRect
0x4856c4 EnumWindows
0x4856c8 EnumThreadWindows
0x4856cc EndPaint
0x4856d0 EnableWindow
0x4856d4 EnableScrollBar
0x4856d8 EnableMenuItem
0x4856dc DrawTextA
0x4856e0 DrawMenuBar
0x4856e4 DrawIconEx
0x4856e8 DrawIcon
0x4856ec DrawFrameControl
0x4856f0 DrawEdge
0x4856f4 DispatchMessageA
0x4856f8 DestroyWindow
0x4856fc DestroyMenu
0x485700 DestroyIcon
0x485704 DestroyCursor
0x485708 DeleteMenu
0x48570c DefWindowProcA
0x485710 DefMDIChildProcA
0x485714 DefFrameProcA
0x485718 CreatePopupMenu
0x48571c CreateMenu
0x485720 CreateIcon
0x485724 ClientToScreen
0x485728 CheckMenuItem
0x48572c CallWindowProcA
0x485730 CallNextHookEx
0x485734 BeginPaint
0x485738 CharNextA
0x48573c CharLowerBuffA
0x485740 CharLowerA
0x485744 CharToOemA
0x485748 AdjustWindowRectEx
Library kernel32.dll:
0x485754 Sleep
Library oleaut32.dll:
0x48575c SafeArrayPtrOfIndex
0x485760 SafeArrayGetUBound
0x485764 SafeArrayGetLBound
0x485768 SafeArrayCreate
0x48576c VariantChangeType
0x485770 VariantCopy
0x485774 VariantClear
0x485778 VariantInit
Library ole32.dll:
0x485784 IsAccelerator
0x485788 OleDraw
0x485790 CoTaskMemFree
0x485794 ProgIDFromCLSID
0x485798 StringFromCLSID
0x48579c CoCreateInstance
0x4857a0 CoGetClassObject
0x4857a4 CoUninitialize
0x4857a8 CoInitialize
0x4857ac IsEqualGUID
Library oleaut32.dll:
0x4857b4 GetErrorInfo
0x4857b8 GetActiveObject
0x4857bc SysFreeString
Library comctl32.dll:
0x4857cc ImageList_Write
0x4857d0 ImageList_Read
0x4857e0 ImageList_DragMove
0x4857e4 ImageList_DragLeave
0x4857e8 ImageList_DragEnter
0x4857ec ImageList_EndDrag
0x4857f0 ImageList_BeginDrag
0x4857f4 ImageList_Remove
0x4857f8 ImageList_DrawEx
0x4857fc ImageList_Replace
0x485800 ImageList_Draw
0x485810 ImageList_Add
0x485818 ImageList_Destroy
0x48581c ImageList_Create
0x485820 InitCommonControls
Library comdlg32.dll:
0x485828 GetOpenFileNameA
Library kernel32.dll:

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49236 239.255.255.250 3702
192.168.56.101 56542 239.255.255.250 1900
192.168.56.101 57875 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.