3.0
中危
30 个模型检测该样本为恶意!
重新分析
更多

eda5a7f7b0a0d207114a1f6f0353e61bb56dc433ac07f2fafa2a279ada58b368

6c5ed99a4cbab50b78d39900ffbb538f.exe

分析耗时

22s

最近分析

文件大小

622.7KB
静态报毒 动态报毒 ADWAREX AI SCORE=87 ARTEMIS BSCOPE CLOUD GENERIC PUA NI GENERICKD HHASWH HIGH CONFIDENCE NAAS R002H0CDL20 SOFTCNAPP SUSGEN UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!6C5ED99A4CBA 20200505 6.0.6.653
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:AdwareX-gen [Adw] 20200505 18.4.3895.0
Tencent 20200505 1.0.0.1
Kingsoft 20200505 2013.8.14.323
CrowdStrike 20190702 1.0
行为判定
动态指标
Foreign language identified in PE resource (13 个事件)
name XML language LANG_CHINESE offset 0x0009be40 filetype XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00001b58
name RT_ICON language LANG_CHINESE offset 0x0009b918 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0009b918 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0009b918 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0009b918 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0009b918 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0009b918 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_MENU language LANG_CHINESE offset 0x0009bde0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000050
name RT_DIALOG language LANG_CHINESE offset 0x0009d998 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000c6
name RT_STRING language LANG_CHINESE offset 0x0009dce8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000003c
name RT_ACCELERATOR language LANG_CHINESE offset 0x0009be30 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000010
name RT_GROUP_ICON language LANG_CHINESE offset 0x0009bd80 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000005a
name RT_VERSION language LANG_CHINESE offset 0x0009da60 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000284
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 30 AntiVirus engines on VirusTotal as malicious (30 个事件)
MicroWorld-eScan Trojan.GenericKD.33685679
McAfee Artemis!6C5ED99A4CBA
Cylance Unsafe
K7AntiVirus Adware ( 005365071 )
K7GW Adware ( 005365071 )
Avast Win32:AdwareX-gen [Adw]
BitDefender Trojan.GenericKD.33685679
NANO-Antivirus Riskware.Win32.Softcnapp.hhaswh
Endgame malicious (high confidence)
Sophos Generic PUA NI (PUA)
DrWeb Adware.Softcnapp.110
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition Artemis!PUP
Emsisoft Trojan.GenericKD.33685679 (B)
Cyren W32/Trojan.NAAS-7114
Webroot W32.Malware.Gen
Microsoft PUA:Win32/Softcnapp
Arcabit Trojan.Generic.D20200AF
GData Trojan.GenericKD.33685679
VBA32 BScope.Trojan.Downloader
ALYac Trojan.GenericKD.33685679
MAX malware (ai score=87)
Ad-Aware Trojan.GenericKD.33685679
ESET-NOD32 a variant of Win32/Softcnapp.AJ potentially unwanted
TrendMicro-HouseCall TROJ_GEN.R002H0CDL20
Rising Adware.Agent!1.BA2E (CLOUD)
Ikarus PUA.Softcnapp
Fortinet Riskware/Softcnapp
AVG Win32:AdwareX-gen [Adw]
MaxSecure Trojan.Malware.89964185.susgen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-03-10 13:53:12

Imports

Library KERNEL32.dll:
0x43e08c WriteFile
0x43e090 CreateMutexW
0x43e094 ReleaseMutex
0x43e098 Sleep
0x43e09c DeviceIoControl
0x43e0a0 GetSystemDirectoryW
0x43e0a8 UnmapViewOfFile
0x43e0ac OpenFileMappingW
0x43e0b0 CreateFileMappingW
0x43e0b4 MapViewOfFile
0x43e0b8 FindResourceW
0x43e0bc LoadResource
0x43e0c0 LockResource
0x43e0c4 SizeofResource
0x43e0c8 TerminateThread
0x43e0cc CreateThread
0x43e0d0 OutputDebugStringW
0x43e0d4 SetEndOfFile
0x43e0d8 HeapReAlloc
0x43e0dc HeapSize
0x43e0e0 WriteConsoleW
0x43e0e4 FlushFileBuffers
0x43e0e8 FindClose
0x43e0ec ReadConsoleW
0x43e0f0 SetStdHandle
0x43e100 GetCommandLineW
0x43e104 GetCommandLineA
0x43e108 GetCPInfo
0x43e10c GetOEMCP
0x43e110 IsValidCodePage
0x43e114 GetConsoleMode
0x43e118 GetConsoleCP
0x43e120 GetStringTypeW
0x43e124 GetFileType
0x43e128 EnumSystemLocalesW
0x43e12c GetUserDefaultLCID
0x43e130 IsValidLocale
0x43e134 GetLocaleInfoW
0x43e138 LCMapStringW
0x43e13c FindNextFileW
0x43e140 FindFirstFileW
0x43e144 MoveFileExW
0x43e148 DeleteFileW
0x43e14c GlobalFree
0x43e150 GlobalAlloc
0x43e154 GetVersionExW
0x43e158 GetLastError
0x43e15c GetTempPathW
0x43e160 GetTickCount
0x43e164 WideCharToMultiByte
0x43e168 MultiByteToWideChar
0x43e16c Process32NextW
0x43e170 OpenProcess
0x43e174 Process32FirstW
0x43e17c ReadFile
0x43e180 GetFileSize
0x43e190 SetErrorMode
0x43e194 FreeLibrary
0x43e198 GetCurrentProcess
0x43e19c GetCurrentProcessId
0x43e1a0 GetCurrentThreadId
0x43e1a4 CreateFileW
0x43e1a8 CreateDirectoryW
0x43e1ac GetModuleFileNameW
0x43e1b0 LoadLibraryW
0x43e1b8 CloseHandle
0x43e1bc CreateProcessW
0x43e1c4 GetLocalTime
0x43e1c8 HeapFree
0x43e1cc GetModuleHandleW
0x43e1d0 GetProcAddress
0x43e1d4 GetProcessHeap
0x43e1d8 CompareStringW
0x43e1dc GetACP
0x43e1e0 GetStdHandle
0x43e1e4 GetModuleHandleExW
0x43e1e8 ExitProcess
0x43e1ec FindFirstFileExW
0x43e1f0 SetLastError
0x43e1f4 RtlUnwind
0x43e1f8 LoadLibraryExW
0x43e1fc TlsFree
0x43e200 TlsSetValue
0x43e204 TlsGetValue
0x43e208 TlsAlloc
0x43e210 HeapAlloc
0x43e214 SetFilePointerEx
0x43e218 RaiseException
0x43e21c EncodePointer
0x43e220 InitializeSListHead
0x43e238 SetEvent
0x43e23c ResetEvent
0x43e244 CreateEventW
0x43e24c TerminateProcess
0x43e254 IsDebuggerPresent
0x43e258 GetStartupInfoW
0x43e25c DecodePointer
Library ADVAPI32.dll:
0x43e000 AddAccessAllowedAce
0x43e008 DeleteService
0x43e00c ControlService
0x43e014 CreateServiceW
0x43e018 CloseServiceHandle
0x43e01c OpenServiceW
0x43e020 OpenSCManagerW
0x43e024 SetServiceStatus
0x43e034 DuplicateTokenEx
0x43e038 OpenProcessToken
0x43e03c RegSetValueExW
0x43e040 RegCreateKeyExW
0x43e044 RegCloseKey
0x43e048 RegQueryValueExW
0x43e04c RegOpenKeyExW
0x43e050 RevertToSelf
0x43e060 AddAce
0x43e064 EqualSid
0x43e068 GetAce
0x43e06c InitializeAcl
0x43e070 GetLengthSid
0x43e074 GetAclInformation
0x43e07c LookupAccountNameW
Library SHELL32.dll:
0x43e268 SHGetFolderPathW
Library ole32.dll:
0x43e280 CLSIDFromString
Library USERENV.dll:
Library IPHLPAPI.DLL:
0x43e084 GetAdaptersInfo
Library urlmon.dll:
0x43e288 URLDownloadToFileW
Library SHLWAPI.dll:
0x43e270 PathFileExistsW

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49714 239.255.255.250 3702
192.168.56.101 49716 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.