0.9
低危
61 个模型检测该样本为恶意!
重新分析
更多

111af8cdf462f549a450b84aef7a6854ac265504b7490151f88d39424dd7c300

111af8cdf462f549a450b84aef7a6854ac265504b7490151f88d39424dd7c300.exe

分析耗时

193s

最近分析

386天前

文件大小

10.0KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN RAZY
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.55
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:TrojanX-gen [Trj] 20200521 18.4.3895.0
Baidu Win32.Trojan-Downloader.Tiny.c 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Kingsoft None 20200521 2013.8.14.323
McAfee VTFlooder!6D4A1BA772A8 20200521 6.0.6.653
Tencent Trojan.Win32.VtFlooder.a 20200521 1.0.0.1
静态指标
行为判定
动态指标
网络通信
与未执行 DNS 查询的主机进行通信 (1 个事件)
host 114.114.114.114
文件已被 VirusTotal 上 61 个反病毒引擎识别为恶意 (50 out of 61 个事件)
ALYac Gen:Variant.Razy.564176
APEX Malicious
AVG Win32:TrojanX-gen [Trj]
Acronis suspicious
Ad-Aware Gen:Variant.Razy.564176
AhnLab-V3 Trojan/Win32.Downloader.R117998
Antiy-AVL Trojan/Win32.TSGeneric
Arcabit Trojan.Razy.D89BD0
Avast Win32:TrojanX-gen [Trj]
Avira TR/Crypt.XPACK.Gen7
Baidu Win32.Trojan-Downloader.Tiny.c
BitDefender Gen:Variant.Razy.564176
BitDefenderTheta Gen:NN.ZexaF.34110.amX@aupsvge
Bkav W32.FamVT.Badur.A.Trojan
CAT-QuickHeal Trojan.Necurs.MUE.A3
ClamAV Win.Malware.Vtflooder-6723768-0
Comodo TrojWare.Win32.Vflooder.TIQD@5i3ljh
CrowdStrike win/malicious_confidence_100% (D)
Cybereason malicious.772a80
Cylance Unsafe
Cyren W32/Clicker.UQTC-1556
DrWeb Trojan.Flood.22062
ESET-NOD32 Win32/TrojanClicker.Tiny.NAM
Emsisoft Gen:Variant.Razy.564176 (B)
Endgame malicious (high confidence)
F-Prot W32/Clicker.CL
FireEye Generic.mg.6d4a1ba772a804bd
Fortinet W32/Generic.AC.41!tr
GData Gen:Variant.Razy.564176
Ikarus Trojan.Win32.TrojanClicker
Invincea heuristic
Jiangmin Trojan.Win32.Badur.d
K7AntiVirus Trojan ( 0040f9251 )
K7GW Trojan ( 0040f9251 )
Kaspersky Trojan.Win32.Vtflooder.cft
MAX malware (ai score=87)
Malwarebytes Trojan.Vtflooder
MaxSecure Trojan.Badur.ilcp
McAfee VTFlooder!6D4A1BA772A8
McAfee-GW-Edition BehavesLike.Win32.VTFlooder.lz
MicroWorld-eScan Gen:Variant.Razy.564176
Microsoft Trojan:Win32/Vflooder.B
NANO-Antivirus Trojan.Win32.Crypted.dbpklq
Panda Trj/Genetic.gen
Qihoo-360 HEUR/QVM20.1.5DF7.Malware.Gen
Rising Trojan.Vflooder!1.A171 (RDMK:cmRtazppbAWVIZNwhw/JWXJ6dcX9)
Sangfor Malware
SentinelOne DFI - Malicious PE
Sophos Troj/Agent-AHNL
Tencent Trojan.Win32.VtFlooder.a
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1970-01-01 08:18:49

PE Imphash

3d8c26f4cb1782a87c3bb42796fb6b85

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00000d42 0x00000e00 5.487670414874794
.rdata 0x00002000 0x00000768 0x00000800 4.220369955649523
.data 0x00003000 0x00002810 0x00000200 0.17014565200323517

Imports

Library KERNEL32.DLL:
0x402000 Sleep
0x402004 lstrlenA
0x402008 CreateThread
0x40200c VirtualFree
0x402010 GetModuleFileNameW
0x402014 GetTickCount
0x402018 ExitProcess
0x40201c GetFileSize
0x402020 VirtualAlloc
0x402024 ReadFile
0x402028 CloseHandle
0x40202c CreateFileW
0x402030 lstrlenW
0x402034 MultiByteToWideChar
Library ntdll.dll:
0x402078 memset
0x40207c _wtoi
0x402080 memcpy
Library ole32.dll:
Library SHLWAPI.dll:
0x40203c StrStrA
Library USER32.dll:
0x402044 wsprintfA
0x402048 wsprintfW
Library WINHTTP.dll:
0x402050 WinHttpCrackUrl
0x402054 WinHttpOpen
0x402058 WinHttpConnect
0x40205c WinHttpOpenRequest
0x402060 WinHttpSendRequest
0x402064 WinHttpQueryHeaders
0x402068 WinHttpReadData
0x40206c WinHttpCloseHandle
L!This program cannot be run in DOS mode.
wy3*3*3*3*6*:4*8*3*(*(:
*0*(::*2*Rich3*
`.rdata
@.data
EEEEMQj
27UREPh
E3EEEEEMQj
UREPMQ
RPQRh"@
EEPMQUREP
Qjhx#@
EMQUREPMQ
QjU REP
EUREPMQUR
9U}$EMT
--------%015d
Content-Disposition: form-data; name="apikey"
Content-Type: text/plain
f25133d9068704c23335fc39a7351828fa80c5dde894d731d5450cf8ab8569e8
Content-Disposition: form-data; name="file"; filename="1.exe"
Content-Type: application/x-msdownload
Content-Transfer-Encoding: binary
--------%015d--
|$$$}rstuvwxyz{$$$$$$$>?@ABCDEFGHIJKLMNOPQRSTUVW$$$$$$XYZ[\]^_`abcdefghijklmnopq
KERNEL32.DLL
ntdll.dll
ole32.dll
SHLWAPI.dll
USER32.dll
WINHTTP.dll
lstrlenA
CreateThread
VirtualFree
GetModuleFileNameW
GetTickCount
ExitProcess
GetFileSize
VirtualAlloc
ReadFile
CloseHandle
CreateFileW
lstrlenW
MultiByteToWideChar
memset
memcpy
CreateStreamOnHGlobal
StrStrA
wsprintfA
wsprintfW
WinHttpCrackUrl
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpReadData
WinHttpCloseHandle
WinHttpReceiveResponse
jjjjjj
jjjjjj
jjjjjj
twitter.com
/pidoras6
Content-Type: multipart/form-data; boundary=------%015d
/vtapi/v2/file/scan
www.virustotal.com
Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14
Content-Type: application/x-www-form-urlencoded

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.