SmartHawk

4.6

中危

59 个模型检测该样本为恶意！

重新分析

下载样本

d2bb06dc3882c72e26ed7598fee37d128955c229246225ed393d90bd2a4eb1dd

6b582e42d3a129be4988404c68e64c67.exe

分析耗时

89s

最近分析

文件大小

865.5KB

静态报毒动态报毒 2GW@AEWQGDMI AGEN AI SCORE=80 AIDETECTVM AUTOG AYHW CEEINJECT CLASSIC CONFIDENCE DELF DELPHILESS ELDORADO ENEL ENEZ FAREIT GENETIC HIGH CONFIDENCE HUCAUA MALWARE2 NONAME@0 QVM05 R049C0DI520 S + TROJ SCORE SIGGEN2 SUSGEN TSCOPE UNSAFE X+ZD894A1UG X2094 ZELPHIF ZUSY 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba		20190527	0.3.0.5
Avast	Win32:Trojan-gen	20200915	18.4.3895.0
Tencent		20200915	1.0.0.1
Baidu		20190318	1.0.0.2
Kingsoft		20200915	2013.8.14.323
McAfee	Fareit-FZN!6B582E42D3A1	20200914	6.0.6.653
CrowdStrike	win/malicious_confidence_90% (W)	20190702	1.0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)

section	CODE
section	DATA
section	BSS

The executable uses a known packer (1 个事件)

packer

BobSoft Mini Delphi -> BoB / BobSoft

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619640172.742375 NtAllocateVirtualMemory	process_identifier: 2288 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x005c0000	success	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.5393648550333205

section

{'size_of_data': '0x0004ee00', 'virtual_address': '0x0008f000', 'entropy': 7.5393648550333205, 'name': '.rsrc', 'virtual_size': '0x0004ece4'}

description

A section with a high entropy has been found

entropy

0.3649508386350492

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 个事件)

host

113.108.239.196

File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)

Bkav	W32.AIDetectVM.malware2
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Siggen2.54419
MicroWorld-eScan	Gen:Variant.Zusy.312609
CAT-QuickHeal	Trojan.Multi
ALYac	Gen:Variant.Zusy.312609
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
SUPERAntiSpyware	Trojan.Agent/Gen-Injector
Sangfor	Malware
K7AntiVirus	Trojan ( 0056dafb1 )
K7GW	Trojan ( 0056dafb1 )
Cybereason	malicious.238228
TrendMicro	TROJ_GEN.R049C0DI520
BitDefenderTheta	Gen:NN.ZelphiF.34242.2GW@aeWQgDmi
Cyren	W32/Zusy.EK.gen!Eldorado
Symantec	Trojan.Gen.2
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Crypt.gen
BitDefender	Gen:Variant.Zusy.312609
NANO-Antivirus	Trojan.Win32.Crypt.hucaua
ViRobot	Trojan.Win32.Z.Injector.886272.S
Avast	Win32:Trojan-gen
Ad-Aware	Gen:Variant.Zusy.312609
Comodo	fls.noname@0
F-Secure	Heuristic.HEUR/AGEN.1137568
Zillya	Trojan.Crypt.Win32.65893
Invincea	Mal/Generic-S + Troj/AutoG-IZ
FireEye	Generic.mg.6b582e42d3a129be
Sophos	Troj/AutoG-IZ
Ikarus	Trojan.Inject
Jiangmin	Backdoor.Generic.ayhw
Avira	HEUR/AGEN.1137568
Antiy-AVL	Trojan/Win32.Crypt
Microsoft	VirTool:Win32/CeeInject.JJ!bit
Arcabit	Trojan.Zusy.D4C521
AegisLab	Trojan.Multi.Generic.4!c
ZoneAlarm	HEUR:Trojan.Win32.Crypt.gen
GData	Gen:Variant.Zusy.312609
AhnLab-V3	Suspicious/Win.Delphiless.X2094
Acronis	suspicious
McAfee	Fareit-FZN!6B582E42D3A1
MAX	malware (ai score=80)
VBA32	TScope.Trojan.Delf
Malwarebytes	Trojan.MalPack.DLF
Zoner	Trojan.Win32.93148
ESET-NOD32	a variant of Win32/Injector.ENEL
TrendMicro-HouseCall	TROJ_GEN.R049C0DI520

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)

dead_host	172.217.24.14:443
dead_host	172.217.160.110:443
dead_host	192.168.56.101:49193

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:

• 0x482154 DeleteCriticalSection

• 0x482158 LeaveCriticalSection

• 0x48215c EnterCriticalSection

• 0x482160 InitializeCriticalSection

• 0x482164 VirtualFree

• 0x482168 VirtualAlloc

• 0x48216c LocalFree

• 0x482170 LocalAlloc

• 0x482174 GetVersion

• 0x482178 GetCurrentThreadId

• 0x48217c InterlockedDecrement

• 0x482180 InterlockedIncrement

• 0x482184 VirtualQuery

• 0x482188 WideCharToMultiByte

• 0x48218c SetCurrentDirectoryA

• 0x482190 MultiByteToWideChar

• 0x482194 lstrlenA

• 0x482198 lstrcpynA

• 0x48219c LoadLibraryExA

• 0x4821a0 GetThreadLocale

• 0x4821a4 GetStartupInfoA

• 0x4821a8 GetProcAddress

• 0x4821ac GetModuleHandleA

• 0x4821b0 GetModuleFileNameA

• 0x4821b4 GetLocaleInfoA

• 0x4821b8 GetLastError

• 0x4821bc GetCurrentDirectoryA

• 0x4821c0 GetCommandLineA

• 0x4821c4 FreeLibrary

• 0x4821c8 FindFirstFileA

• 0x4821cc FindClose

• 0x4821d0 ExitProcess

• 0x4821d4 WriteFile

• 0x4821d8 UnhandledExceptionFilter

• 0x4821dc RtlUnwind

• 0x4821e0 RaiseException

• 0x4821e4 GetStdHandle

Library user32.dll:

• 0x4821ec GetKeyboardType

• 0x4821f0 LoadStringA

• 0x4821f4 MessageBoxA

• 0x4821f8 CharNextA

Library advapi32.dll:

• 0x482200 RegQueryValueExA

• 0x482204 RegOpenKeyExA

• 0x482208 RegCloseKey

Library oleaut32.dll:

• 0x482210 SysFreeString

• 0x482214 SysReAllocStringLen

• 0x482218 SysAllocStringLen

Library kernel32.dll:

• 0x482220 TlsSetValue

• 0x482224 TlsGetValue

• 0x482228 LocalAlloc

• 0x48222c GetModuleHandleA

Library advapi32.dll:

• 0x482234 RegQueryValueExA

• 0x482238 RegOpenKeyExA

• 0x48223c RegCloseKey

Library kernel32.dll:

• 0x482244 lstrcpyA

• 0x482248 WriteFile

• 0x48224c WaitForSingleObjectEx

• 0x482250 WaitForSingleObject

• 0x482254 VirtualQuery

• 0x482258 VirtualProtectEx

• 0x48225c VirtualProtect

• 0x482260 VirtualAlloc

• 0x482264 Sleep

• 0x482268 SizeofResource

• 0x48226c SetThreadLocale

• 0x482270 SetFilePointer

• 0x482274 SetEvent

• 0x482278 SetErrorMode

• 0x48227c SetEndOfFile

• 0x482280 ResetEvent

• 0x482284 ReadFile

• 0x482288 MulDiv

• 0x48228c LockResource

• 0x482290 LoadResource

• 0x482294 LoadLibraryA

• 0x482298 LeaveCriticalSection

• 0x48229c InitializeCriticalSection

• 0x4822a0 GlobalUnlock

• 0x4822a4 GlobalReAlloc

• 0x4822a8 GlobalHandle

• 0x4822ac GlobalLock

• 0x4822b0 GlobalFree

• 0x4822b4 GlobalFindAtomA

• 0x4822b8 GlobalDeleteAtom

• 0x4822bc GlobalAlloc

• 0x4822c0 GlobalAddAtomA

• 0x4822c4 GetVersionExA

• 0x4822c8 GetVersion

• 0x4822cc GetTickCount

• 0x4822d0 GetThreadLocale

• 0x4822d4 GetSystemInfo

• 0x4822d8 GetStringTypeExA

• 0x4822dc GetStdHandle

• 0x4822e0 GetProcAddress

• 0x4822e4 GetModuleHandleA

• 0x4822e8 GetModuleFileNameA

• 0x4822ec GetLocaleInfoA

• 0x4822f0 GetLocalTime

• 0x4822f4 GetLastError

• 0x4822f8 GetFullPathNameA

• 0x4822fc GetFileAttributesA

• 0x482300 GetDiskFreeSpaceA

• 0x482304 GetDateFormatA

• 0x482308 GetCurrentThreadId

• 0x48230c GetCurrentProcessId

• 0x482310 GetCurrentProcess

• 0x482314 GetCPInfo

• 0x482318 GetACP

• 0x48231c FreeResource

• 0x482320 InterlockedExchange

• 0x482324 FreeLibrary

• 0x482328 FormatMessageA

• 0x48232c FindResourceA

• 0x482330 FindNextFileA

• 0x482334 FindFirstFileA

• 0x482338 FindClose

• 0x48233c FileTimeToLocalFileTime

• 0x482340 FileTimeToDosDateTime

• 0x482344 EnumCalendarInfoA

• 0x482348 EnterCriticalSection

• 0x48234c DeleteCriticalSection

• 0x482350 CreateThread

• 0x482354 CreateFileA

• 0x482358 CreateEventA

• 0x48235c CompareStringA

• 0x482360 CloseHandle

Library version.dll:

• 0x482368 VerQueryValueA

• 0x48236c GetFileVersionInfoSizeA

• 0x482370 GetFileVersionInfoA

Library gdi32.dll:

• 0x482378 UnrealizeObject

• 0x48237c StretchBlt

• 0x482380 SetWindowOrgEx

• 0x482384 SetWinMetaFileBits

• 0x482388 SetViewportOrgEx

• 0x48238c SetTextColor

• 0x482390 SetStretchBltMode

• 0x482394 SetROP2

• 0x482398 SetPixel

• 0x48239c SetEnhMetaFileBits

• 0x4823a0 SetDIBColorTable

• 0x4823a4 SetBrushOrgEx

• 0x4823a8 SetBkMode

• 0x4823ac SetBkColor

• 0x4823b0 SelectPalette

• 0x4823b4 SelectObject

• 0x4823b8 SelectClipRgn

• 0x4823bc SaveDC

• 0x4823c0 RestoreDC

• 0x4823c4 Rectangle

• 0x4823c8 RectVisible

• 0x4823cc RealizePalette

• 0x4823d0 Polyline

• 0x4823d4 PlayEnhMetaFile

• 0x4823d8 PatBlt

• 0x4823dc MoveToEx

• 0x4823e0 MaskBlt

• 0x4823e4 LineTo

• 0x4823e8 IntersectClipRect

• 0x4823ec GetWindowOrgEx

• 0x4823f0 GetWinMetaFileBits

• 0x4823f4 GetTextMetricsA

• 0x4823f8 GetTextExtentPoint32A

• 0x4823fc GetSystemPaletteEntries

• 0x482400 GetStockObject

• 0x482404 GetPixel

• 0x482408 GetPaletteEntries

• 0x48240c GetObjectA

• 0x482410 GetEnhMetaFilePaletteEntries

• 0x482414 GetEnhMetaFileHeader

• 0x482418 GetEnhMetaFileBits

• 0x48241c GetDeviceCaps

• 0x482420 GetDIBits

• 0x482424 GetDIBColorTable

• 0x482428 GetDCOrgEx

• 0x48242c GetCurrentPositionEx

• 0x482430 GetClipRgn

• 0x482434 GetClipBox

• 0x482438 GetBrushOrgEx

• 0x48243c GetBitmapBits

• 0x482440 ExtTextOutA

• 0x482444 ExcludeClipRect

• 0x482448 DeleteObject

• 0x48244c DeleteEnhMetaFile

• 0x482450 DeleteDC

• 0x482454 CreateSolidBrush

• 0x482458 CreateRectRgn

• 0x48245c CreatePenIndirect

• 0x482460 CreatePen

• 0x482464 CreatePalette

• 0x482468 CreateHalftonePalette

• 0x48246c CreateFontIndirectA

• 0x482470 CreateDIBitmap

• 0x482474 CreateDIBSection

• 0x482478 CreateCompatibleDC

• 0x48247c CreateCompatibleBitmap

• 0x482480 CreateBrushIndirect

• 0x482484 CreateBitmap

• 0x482488 CopyEnhMetaFileA

• 0x48248c BitBlt

Library user32.dll:

• 0x482494 CreateWindowExA

• 0x482498 WindowFromPoint

• 0x48249c WinHelpA

• 0x4824a0 WaitMessage

• 0x4824a4 ValidateRect

• 0x4824a8 UpdateWindow

• 0x4824ac UnregisterClassA

• 0x4824b0 UnhookWindowsHookEx

• 0x4824b4 TranslateMessage

• 0x4824b8 TranslateMDISysAccel

• 0x4824bc TrackPopupMenu

• 0x4824c0 SystemParametersInfoA

• 0x4824c4 ShowWindow

• 0x4824c8 ShowScrollBar

• 0x4824cc ShowOwnedPopups

• 0x4824d0 ShowCursor

• 0x4824d4 SetWindowsHookExA

• 0x4824d8 SetWindowTextA

• 0x4824dc SetWindowPos

• 0x4824e0 SetWindowPlacement

• 0x4824e4 SetWindowLongA

• 0x4824e8 SetTimer

• 0x4824ec SetScrollRange

• 0x4824f0 SetScrollPos

• 0x4824f4 SetScrollInfo

• 0x4824f8 SetRect

• 0x4824fc SetPropA

• 0x482500 SetParent

• 0x482504 SetMenuItemInfoA

• 0x482508 SetMenu

• 0x48250c SetForegroundWindow

• 0x482510 SetFocus

• 0x482514 SetCursor

• 0x482518 SetClassLongA

• 0x48251c SetCapture

• 0x482520 SetActiveWindow

• 0x482524 SendMessageA

• 0x482528 ScrollWindow

• 0x48252c ScreenToClient

• 0x482530 RemovePropA

• 0x482534 RemoveMenu

• 0x482538 ReleaseDC

• 0x48253c ReleaseCapture

• 0x482540 RegisterWindowMessageA

• 0x482544 RegisterClipboardFormatA

• 0x482548 RegisterClassA

• 0x48254c RedrawWindow

• 0x482550 PtInRect

• 0x482554 PostQuitMessage

• 0x482558 PostMessageA

• 0x48255c PeekMessageA

• 0x482560 OffsetRect

• 0x482564 OemToCharA

• 0x482568 MessageBoxA

• 0x48256c MapWindowPoints

• 0x482570 MapVirtualKeyA

• 0x482574 LoadStringA

• 0x482578 LoadKeyboardLayoutA

• 0x48257c LoadIconA

• 0x482580 LoadCursorA

• 0x482584 LoadBitmapA

• 0x482588 KillTimer

• 0x48258c IsZoomed

• 0x482590 IsWindowVisible

• 0x482594 IsWindowEnabled

• 0x482598 IsWindow

• 0x48259c IsRectEmpty

• 0x4825a0 IsIconic

• 0x4825a4 IsDialogMessageA

• 0x4825a8 IsChild

• 0x4825ac InvalidateRect

• 0x4825b0 IntersectRect

• 0x4825b4 InsertMenuItemA

• 0x4825b8 InsertMenuA

• 0x4825bc InflateRect

• 0x4825c0 GetWindowThreadProcessId

• 0x4825c4 GetWindowTextA

• 0x4825c8 GetWindowRect

• 0x4825cc GetWindowPlacement

• 0x4825d0 GetWindowLongA

• 0x4825d4 GetWindowDC

• 0x4825d8 GetTopWindow

• 0x4825dc GetSystemMetrics

• 0x4825e0 GetSystemMenu

• 0x4825e4 GetSysColorBrush

• 0x4825e8 GetSysColor

• 0x4825ec GetSubMenu

• 0x4825f0 GetScrollRange

• 0x4825f4 GetScrollPos

• 0x4825f8 GetScrollInfo

• 0x4825fc GetPropA

• 0x482600 GetParent

• 0x482604 GetWindow

• 0x482608 GetMenuStringA

• 0x48260c GetMenuState

• 0x482610 GetMenuItemInfoA

• 0x482614 GetMenuItemID

• 0x482618 GetMenuItemCount

• 0x48261c GetMenu

• 0x482620 GetLastActivePopup

• 0x482624 GetKeyboardState

• 0x482628 GetKeyboardLayoutList

• 0x48262c GetKeyboardLayout

• 0x482630 GetKeyState

• 0x482634 GetKeyNameTextA

• 0x482638 GetIconInfo

• 0x48263c GetForegroundWindow

• 0x482640 GetFocus

• 0x482644 GetDlgItem

• 0x482648 GetDesktopWindow

• 0x48264c GetDCEx

• 0x482650 GetDC

• 0x482654 GetCursorPos

• 0x482658 GetCursor

• 0x48265c GetClipboardData

• 0x482660 GetClientRect

• 0x482664 GetClassNameA

• 0x482668 GetClassLongA

• 0x48266c GetClassInfoA

• 0x482670 GetCapture

• 0x482674 GetActiveWindow

• 0x482678 FrameRect

• 0x48267c FindWindowA

• 0x482680 FillRect

• 0x482684 EqualRect

• 0x482688 EnumWindows

• 0x48268c EnumThreadWindows

• 0x482690 EndPaint

• 0x482694 EnableWindow

• 0x482698 EnableScrollBar

• 0x48269c EnableMenuItem

• 0x4826a0 DrawTextA

• 0x4826a4 DrawMenuBar

• 0x4826a8 DrawIconEx

• 0x4826ac DrawIcon

• 0x4826b0 DrawFrameControl

• 0x4826b4 DrawFocusRect

• 0x4826b8 DrawEdge

• 0x4826bc DispatchMessageA

• 0x4826c0 DestroyWindow

• 0x4826c4 DestroyMenu

• 0x4826c8 DestroyIcon

• 0x4826cc DestroyCursor

• 0x4826d0 DeleteMenu

• 0x4826d4 DefWindowProcA

• 0x4826d8 DefMDIChildProcA

• 0x4826dc DefFrameProcA

• 0x4826e0 CreatePopupMenu

• 0x4826e4 CreateMenu

• 0x4826e8 CreateIcon

• 0x4826ec ClientToScreen

• 0x4826f0 CheckMenuItem

• 0x4826f4 CallWindowProcA

• 0x4826f8 CallNextHookEx

• 0x4826fc BeginPaint

• 0x482700 CharNextA

• 0x482704 CharLowerBuffA

• 0x482708 CharLowerA

• 0x48270c CharToOemA

• 0x482710 AdjustWindowRectEx

• 0x482714 ActivateKeyboardLayout

Library kernel32.dll:

• 0x48271c Sleep

Library oleaut32.dll:

• 0x482724 SafeArrayPtrOfIndex

• 0x482728 SafeArrayGetUBound

• 0x48272c SafeArrayGetLBound

• 0x482730 SafeArrayCreate

• 0x482734 VariantChangeType

• 0x482738 VariantCopy

• 0x48273c VariantClear

• 0x482740 VariantInit

Library comctl32.dll:

• 0x482748 ImageList_SetIconSize

• 0x48274c ImageList_GetIconSize

• 0x482750 ImageList_Write

• 0x482754 ImageList_Read

• 0x482758 ImageList_GetDragImage

• 0x48275c ImageList_DragShowNolock

• 0x482760 ImageList_SetDragCursorImage

• 0x482764 ImageList_DragMove

• 0x482768 ImageList_DragLeave

• 0x48276c ImageList_DragEnter

• 0x482770 ImageList_EndDrag

• 0x482774 ImageList_BeginDrag

• 0x482778 ImageList_Remove

• 0x48277c ImageList_DrawEx

• 0x482780 ImageList_Replace

• 0x482784 ImageList_Draw

• 0x482788 ImageList_GetBkColor

• 0x48278c ImageList_SetBkColor

• 0x482790 ImageList_ReplaceIcon

• 0x482794 ImageList_Add

• 0x482798 ImageList_GetImageCount

• 0x48279c ImageList_Destroy

• 0x4827a0 ImageList_Create

• 0x4827a4 InitCommonControls

Library comdlg32.dll:

• 0x4827ac GetOpenFileNameA

Library winmm.dll:

• 0x4827b4 mciSendCommandA

• 0x4827b8 mciGetErrorStringA

Library kernel32.dll:

• 0x4827c0 AddVectoredExceptionHandler

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
clients2.google.com	A 172.217.24.14 CNAME clients.l.google.com A 172.217.160.110	172.217.160.78
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	53210	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	60215	114.114.114.114	53
192.168.56.101	63429	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	50002	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	53380	224.0.0.252	5355
192.168.56.101	56539	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57756	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	60384	224.0.0.252	5355
192.168.56.101	61680	224.0.0.252	5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.