4.8
中危
59 个模型检测该样本为恶意!
重新分析
更多

337c48bb28381345b02514cec70019ee58f9489bd8cff53bb911b7d34f56e4b3

6c2dd31fafeb289082e26903f97dfb99.exe

分析耗时

91s

最近分析

文件大小

678.5KB
静态报毒 动态报毒 AI SCORE=86 AIDETECTVM BSCOPE BUK3QO CLASSIC CONFIDENCE DCFII@0 DELFINJECT ENDZ ENEX FAREIT GENETIC HAWKEYE HIGH CONFIDENCE HTDAKW IGENT KRYPTIK MALWARE2 QGW@AY8P5TOI R06CC0PHS20 R349466 SCORE SUSPICIOUS PE UNSAFE WACATAC WPAB XBRL XJJLI ZELPHIF ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
Alibaba Trojan:Win32/DelfInject.7aa9cea1 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20200910 18.4.3895.0
Tencent Win32.Trojan.Kryptik.Wpab 20200910 1.0.0.1
Kingsoft 20200910 2013.8.14.323
McAfee Fareit-FYT!6C2DD31FAFEB 20200910 6.0.6.653
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620762791.985
NtAllocateVirtualMemory
process_identifier: 3000
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f0000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.152130369697062 section {'size_of_data': '0x00016600', 'virtual_address': '0x00099000', 'entropy': 7.152130369697062, 'name': '.rsrc', 'virtual_size': '0x000165c0'} description A section with a high entropy has been found
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Zusy.311947
FireEye Generic.mg.6c2dd31fafeb2890
CAT-QuickHeal Trojan.Multi
ALYac Gen:Variant.Zusy.311947
Cylance Unsafe
Zillya Trojan.Injector.Win32.765497
CrowdStrike win/malicious_confidence_90% (W)
Alibaba Trojan:Win32/DelfInject.7aa9cea1
K7GW Trojan ( 0056d46c1 )
K7AntiVirus Trojan ( 0056d46c1 )
Arcabit Trojan.Zusy.D4C28B
Invincea Mal/Generic-S
BitDefenderTheta Gen:NN.ZelphiF.34216.QGW@ay8p5Toi
Cyren W32/Trojan.XBRL-8174
Symantec Trojan.Gen.2
ESET-NOD32 a variant of Win32/Injector.ENDZ
TrendMicro-HouseCall TROJ_GEN.R06CC0PHS20
Avast Win32:Trojan-gen
ClamAV Win.Trojan.HawkEye-9543958-0
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
BitDefender Gen:Variant.Zusy.311947
NANO-Antivirus Trojan.Win32.Kryptik.htdakw
Paloalto generic.ml
ViRobot Trojan.Win32.Z.Zusy.694784.AN
Tencent Win32.Trojan.Kryptik.Wpab
Ad-Aware Gen:Variant.Zusy.311947
Comodo TrojWare.Win32.Agent.dcfii@0
F-Secure Trojan.TR/Kryptik.xjjli
DrWeb Trojan.PWS.Stealer.29229
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R06CC0PHS20
SentinelOne DFI - Suspicious PE
Sophos Mal/Generic-S
APEX Malicious
Jiangmin Trojan.Kryptik.cdv
Avira TR/Kryptik.xjjli
MAX malware (ai score=86)
Antiy-AVL Trojan/Win32.Kryptik
Microsoft Trojan:Win32/DelfInject.AR!MTB
AegisLab Trojan.Multi.Generic.4!c
AhnLab-V3 Trojan/Win32.Kryptik.R349466
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Gen:Variant.Zusy.311947
Cynet Malicious (score: 100)
Acronis suspicious
McAfee Fareit-FYT!6C2DD31FAFEB
VBA32 BScope.Trojan.Wacatac
Malwarebytes Trojan.MalPack.DLF
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
dead_host 216.58.200.46:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x48b18c VirtualFree
0x48b190 VirtualAlloc
0x48b194 LocalFree
0x48b198 LocalAlloc
0x48b19c GetVersion
0x48b1a0 GetCurrentThreadId
0x48b1ac VirtualQuery
0x48b1b0 WideCharToMultiByte
0x48b1b8 MultiByteToWideChar
0x48b1bc lstrlenA
0x48b1c0 lstrcpynA
0x48b1c4 LoadLibraryExA
0x48b1c8 GetThreadLocale
0x48b1cc GetStartupInfoA
0x48b1d0 GetProcAddress
0x48b1d4 GetModuleHandleA
0x48b1d8 GetModuleFileNameA
0x48b1dc GetLocaleInfoA
0x48b1e0 GetLastError
0x48b1e8 GetCommandLineA
0x48b1ec FreeLibrary
0x48b1f0 FindFirstFileA
0x48b1f4 FindClose
0x48b1f8 ExitProcess
0x48b1fc WriteFile
0x48b204 RtlUnwind
0x48b208 RaiseException
0x48b20c GetStdHandle
Library user32.dll:
0x48b214 GetKeyboardType
0x48b218 LoadStringA
0x48b21c MessageBoxA
0x48b220 CharNextA
Library advapi32.dll:
0x48b228 RegQueryValueExA
0x48b22c RegOpenKeyExA
0x48b230 RegCloseKey
Library oleaut32.dll:
0x48b238 SysFreeString
0x48b23c SysReAllocStringLen
0x48b240 SysAllocStringLen
Library kernel32.dll:
0x48b248 TlsSetValue
0x48b24c TlsGetValue
0x48b250 LocalAlloc
0x48b254 GetModuleHandleA
Library advapi32.dll:
0x48b25c RegQueryValueExA
0x48b260 RegOpenKeyExA
0x48b264 RegCloseKey
Library kernel32.dll:
0x48b26c lstrcpyA
0x48b270 WriteFile
0x48b274 WaitForSingleObject
0x48b278 VirtualQuery
0x48b27c VirtualProtect
0x48b280 VirtualAlloc
0x48b284 Sleep
0x48b288 SizeofResource
0x48b28c SetThreadLocale
0x48b290 SetFilePointer
0x48b294 SetEvent
0x48b298 SetErrorMode
0x48b29c SetEndOfFile
0x48b2a0 ResetEvent
0x48b2a4 ReadFile
0x48b2a8 MultiByteToWideChar
0x48b2ac MulDiv
0x48b2b0 LockResource
0x48b2b4 LoadResource
0x48b2b8 LoadLibraryA
0x48b2c4 GlobalUnlock
0x48b2c8 GlobalSize
0x48b2cc GlobalReAlloc
0x48b2d0 GlobalHandle
0x48b2d4 GlobalLock
0x48b2d8 GlobalFree
0x48b2dc GlobalFindAtomA
0x48b2e0 GlobalDeleteAtom
0x48b2e4 GlobalAlloc
0x48b2e8 GlobalAddAtomA
0x48b2f0 GetVersionExA
0x48b2f4 GetVersion
0x48b2f8 GetUserDefaultLCID
0x48b2fc GetTickCount
0x48b300 GetThreadLocale
0x48b308 GetSystemTime
0x48b30c GetSystemInfo
0x48b310 GetStringTypeExA
0x48b314 GetStdHandle
0x48b318 GetProcAddress
0x48b31c GetModuleHandleA
0x48b320 GetModuleFileNameA
0x48b324 GetLocaleInfoA
0x48b328 GetLocalTime
0x48b32c GetLastError
0x48b330 GetFullPathNameA
0x48b334 GetFileAttributesA
0x48b338 GetDiskFreeSpaceA
0x48b33c GetDateFormatA
0x48b340 GetCurrentThreadId
0x48b344 GetCurrentProcessId
0x48b348 GetComputerNameA
0x48b34c GetCPInfo
0x48b350 GetACP
0x48b354 FreeResource
0x48b358 InterlockedExchange
0x48b35c FreeLibrary
0x48b360 FormatMessageA
0x48b364 FindResourceA
0x48b368 FindNextFileA
0x48b36c FindFirstFileA
0x48b370 FindClose
0x48b380 EnumCalendarInfoA
0x48b38c CreateThread
0x48b390 CreateFileA
0x48b394 CreateEventA
0x48b398 CompareStringA
0x48b39c CloseHandle
Library version.dll:
0x48b3a4 VerQueryValueA
0x48b3ac GetFileVersionInfoA
Library gdi32.dll:
0x48b3b4 UnrealizeObject
0x48b3b8 StretchBlt
0x48b3bc SetWindowOrgEx
0x48b3c0 SetWinMetaFileBits
0x48b3c4 SetViewportOrgEx
0x48b3c8 SetTextColor
0x48b3cc SetStretchBltMode
0x48b3d0 SetROP2
0x48b3d4 SetPixel
0x48b3d8 SetMapMode
0x48b3dc SetEnhMetaFileBits
0x48b3e0 SetDIBColorTable
0x48b3e4 SetBrushOrgEx
0x48b3e8 SetBkMode
0x48b3ec SetBkColor
0x48b3f0 SelectPalette
0x48b3f4 SelectObject
0x48b3f8 SaveDC
0x48b3fc RestoreDC
0x48b400 Rectangle
0x48b404 RectVisible
0x48b408 RealizePalette
0x48b40c Polyline
0x48b410 PlayEnhMetaFile
0x48b414 PatBlt
0x48b418 MoveToEx
0x48b41c MaskBlt
0x48b420 LineTo
0x48b424 LPtoDP
0x48b428 IntersectClipRect
0x48b42c GetWindowOrgEx
0x48b430 GetWinMetaFileBits
0x48b434 GetTextMetricsA
0x48b440 GetStockObject
0x48b444 GetPixel
0x48b448 GetPaletteEntries
0x48b44c GetObjectA
0x48b45c GetEnhMetaFileBits
0x48b460 GetDeviceCaps
0x48b464 GetDIBits
0x48b468 GetDIBColorTable
0x48b46c GetDCOrgEx
0x48b474 GetClipBox
0x48b478 GetBrushOrgEx
0x48b47c GetBitmapBits
0x48b480 ExtTextOutA
0x48b484 ExcludeClipRect
0x48b488 DeleteObject
0x48b48c DeleteEnhMetaFile
0x48b490 DeleteDC
0x48b494 CreateSolidBrush
0x48b498 CreatePenIndirect
0x48b49c CreatePen
0x48b4a0 CreatePalette
0x48b4a8 CreateFontIndirectA
0x48b4ac CreateEnhMetaFileA
0x48b4b0 CreateDIBitmap
0x48b4b4 CreateDIBSection
0x48b4b8 CreateCompatibleDC
0x48b4c0 CreateBrushIndirect
0x48b4c4 CreateBitmap
0x48b4c8 CopyEnhMetaFileA
0x48b4cc CloseEnhMetaFile
0x48b4d0 BitBlt
Library opengl32.dll:
0x48b4d8 wglDeleteContext
Library user32.dll:
0x48b4e0 CreateWindowExA
0x48b4e4 WindowFromPoint
0x48b4e8 WinHelpA
0x48b4ec WaitMessage
0x48b4f0 ValidateRect
0x48b4f4 UpdateWindow
0x48b4f8 UnregisterClassA
0x48b4fc UnhookWindowsHookEx
0x48b500 TranslateMessage
0x48b508 TrackPopupMenu
0x48b510 ShowWindow
0x48b514 ShowScrollBar
0x48b518 ShowOwnedPopups
0x48b51c ShowCursor
0x48b520 SetWindowsHookExA
0x48b524 SetWindowTextA
0x48b528 SetWindowPos
0x48b52c SetWindowPlacement
0x48b530 SetWindowLongA
0x48b534 SetTimer
0x48b538 SetScrollRange
0x48b53c SetScrollPos
0x48b540 SetScrollInfo
0x48b544 SetRect
0x48b548 SetPropA
0x48b54c SetParent
0x48b550 SetMenuItemInfoA
0x48b554 SetMenu
0x48b558 SetForegroundWindow
0x48b55c SetFocus
0x48b560 SetCursor
0x48b564 SetClassLongA
0x48b568 SetCapture
0x48b56c SetActiveWindow
0x48b570 SendMessageA
0x48b574 ScrollWindow
0x48b578 ScreenToClient
0x48b57c RemovePropA
0x48b580 RemoveMenu
0x48b584 ReleaseDC
0x48b588 ReleaseCapture
0x48b594 RegisterClassA
0x48b598 RedrawWindow
0x48b59c PtInRect
0x48b5a0 PostQuitMessage
0x48b5a4 PostMessageA
0x48b5a8 PeekMessageA
0x48b5ac OffsetRect
0x48b5b0 OemToCharA
0x48b5b4 MessageBoxA
0x48b5b8 MapWindowPoints
0x48b5bc MapVirtualKeyA
0x48b5c0 LoadStringA
0x48b5c4 LoadKeyboardLayoutA
0x48b5c8 LoadIconA
0x48b5cc LoadCursorA
0x48b5d0 LoadBitmapA
0x48b5d4 KillTimer
0x48b5d8 IsZoomed
0x48b5dc IsWindowVisible
0x48b5e0 IsWindowEnabled
0x48b5e4 IsWindow
0x48b5e8 IsRectEmpty
0x48b5ec IsIconic
0x48b5f0 IsDialogMessageA
0x48b5f4 IsChild
0x48b5f8 InvalidateRect
0x48b5fc IntersectRect
0x48b600 InsertMenuItemA
0x48b604 InsertMenuA
0x48b608 InflateRect
0x48b610 GetWindowTextA
0x48b614 GetWindowRect
0x48b618 GetWindowPlacement
0x48b61c GetWindowLongA
0x48b620 GetWindowDC
0x48b624 GetTopWindow
0x48b628 GetSystemMetrics
0x48b62c GetSystemMenu
0x48b630 GetSysColorBrush
0x48b634 GetSysColor
0x48b638 GetSubMenu
0x48b63c GetScrollRange
0x48b640 GetScrollPos
0x48b644 GetScrollInfo
0x48b648 GetPropA
0x48b64c GetParent
0x48b650 GetWindow
0x48b654 GetMessageTime
0x48b658 GetMenuStringA
0x48b65c GetMenuState
0x48b660 GetMenuItemInfoA
0x48b664 GetMenuItemID
0x48b668 GetMenuItemCount
0x48b66c GetMenu
0x48b670 GetLastActivePopup
0x48b674 GetKeyboardState
0x48b67c GetKeyboardLayout
0x48b680 GetKeyState
0x48b684 GetKeyNameTextA
0x48b688 GetIconInfo
0x48b68c GetForegroundWindow
0x48b690 GetFocus
0x48b694 GetDlgItem
0x48b698 GetDesktopWindow
0x48b69c GetDCEx
0x48b6a0 GetDC
0x48b6a4 GetCursorPos
0x48b6a8 GetCursor
0x48b6ac GetClipboardData
0x48b6b0 GetClientRect
0x48b6b4 GetClassNameA
0x48b6b8 GetClassInfoA
0x48b6bc GetCapture
0x48b6c0 GetActiveWindow
0x48b6c4 FrameRect
0x48b6c8 FindWindowA
0x48b6cc FillRect
0x48b6d0 EqualRect
0x48b6d4 EnumWindows
0x48b6d8 EnumThreadWindows
0x48b6dc EndPaint
0x48b6e0 EnableWindow
0x48b6e4 EnableScrollBar
0x48b6e8 EnableMenuItem
0x48b6ec DrawTextA
0x48b6f0 DrawMenuBar
0x48b6f4 DrawIconEx
0x48b6f8 DrawIcon
0x48b6fc DrawFrameControl
0x48b700 DrawFocusRect
0x48b704 DrawEdge
0x48b708 DispatchMessageA
0x48b70c DestroyWindow
0x48b710 DestroyMenu
0x48b714 DestroyIcon
0x48b718 DestroyCursor
0x48b71c DeleteMenu
0x48b720 DefWindowProcA
0x48b724 DefMDIChildProcA
0x48b728 DefFrameProcA
0x48b72c CreatePopupMenu
0x48b730 CreateMenu
0x48b734 CreateIcon
0x48b738 ClientToScreen
0x48b73c CheckMenuItem
0x48b740 CallWindowProcA
0x48b744 CallNextHookEx
0x48b748 BeginPaint
0x48b74c CharNextA
0x48b750 CharLowerBuffA
0x48b754 CharLowerA
0x48b758 CharToOemA
0x48b75c AdjustWindowRectEx
Library kernel32.dll:
0x48b768 Sleep
Library oleaut32.dll:
0x48b770 SafeArrayPtrOfIndex
0x48b774 SafeArrayGetUBound
0x48b778 SafeArrayGetLBound
0x48b77c SafeArrayCreate
0x48b780 VariantChangeType
0x48b784 VariantCopy
0x48b788 VariantClear
0x48b78c VariantInit
Library ole32.dll:
0x48b798 IsAccelerator
0x48b79c OleDraw
0x48b7a4 CoTaskMemFree
0x48b7a8 ProgIDFromCLSID
0x48b7ac StringFromCLSID
0x48b7b0 CoCreateInstance
0x48b7b4 CoGetClassObject
0x48b7b8 CoUninitialize
0x48b7bc CoInitialize
0x48b7c0 IsEqualGUID
Library oleaut32.dll:
0x48b7c8 GetErrorInfo
0x48b7cc GetActiveObject
0x48b7d0 SysFreeString
Library comctl32.dll:
0x48b7e0 ImageList_Write
0x48b7e4 ImageList_Read
0x48b7f4 ImageList_DragMove
0x48b7f8 ImageList_DragLeave
0x48b7fc ImageList_DragEnter
0x48b800 ImageList_EndDrag
0x48b804 ImageList_BeginDrag
0x48b808 ImageList_Remove
0x48b80c ImageList_DrawEx
0x48b810 ImageList_Replace
0x48b814 ImageList_Draw
0x48b824 ImageList_Add
0x48b82c ImageList_Destroy
0x48b830 ImageList_Create
0x48b834 InitCommonControls
Library comdlg32.dll:
0x48b83c GetOpenFileNameA
Library kernel32.dll:

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.