SmartHawk

2.4

中危

58 个模型检测该样本为恶意！

重新分析

下载样本

7d3d0bdf5b069659ff146015c331b9e5472d38641ce0e286ca61f31a8781cb2a

6d5fda9288689697e1d2916dc7beef73.exe

分析耗时

78s

最近分析

文件大小

1.7MB

静态报毒动态报毒 100% AI SCORE=85 AIDETECTGBM ATTRIBUTE BSCOPE CLASSIC CONFIDENCE EHLS ENCPK GENETIC GRAYWARE HACKTOOL HFVB HIGH CONFIDENCE HIGHCONFIDENCE HSOKZT HXQBEY0A INJECT3 JEFPOQJ KRAP KRYPTIK LKMC MALICIOUS PE MALWARE@#1A1Q6F3ZV8O7K MINT PINKSBOT QAKBOT QBOT R + MAL R348616 SAVE SCORE SMF1 STATIC AI SUSGEN UNSAFE WQNN XRQM YAKES ZAMG ZENPAK ZOBCP 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	W32/PinkSbot-HA!6D5FDA928868	20210223	6.0.6.653
Alibaba	Trojan:Win32/Zenpak.d8f7a68d	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:Trojan-gen	20210223	21.1.5827.0
Tencent	Win32.Trojan.Zenpak.Wqnn	20210223	1.0.0.1
Kingsoft		20210223	2017.9.26.565
CrowdStrike	win/malicious_confidence_100% (W)	20210203	1.0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 个事件)

section	.data2
section	.data4

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619596032.186008 NtAllocateVirtualMemory	process_identifier: 2824 region_size: 212992 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x005b0000	success	0	0

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 个事件)

Bkav	W32.AIDetectGBM.malware.01
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Mint.Zamg.O
FireEye	Generic.mg.6d5fda9288689697
McAfee	W32/PinkSbot-HA!6D5FDA928868
Malwarebytes	Backdoor.Qbot
Zillya	Trojan.Zenpak.Win32.3032
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0056d8651 )
Alibaba	Trojan:Win32/Zenpak.d8f7a68d
K7GW	Trojan ( 0056d8651 )
Cybereason	malicious.288689
Arcabit	Trojan.Mint.Zamg.O
Cyren	W32/Trojan.XRQM-5426
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Trojan-gen
Kaspersky	HEUR:Trojan.Win32.Zenpak.vho
BitDefender	Trojan.Mint.Zamg.O
NANO-Antivirus	Trojan.Win32.Yakes.hsokzt
Tencent	Win32.Trojan.Zenpak.Wqnn
Ad-Aware	Trojan.Mint.Zamg.O
Sophos	Mal/Generic-R + Mal/EncPk-APV
Comodo	Malware@#1a1q6f3zv8o7k
DrWeb	Trojan.Inject3.52098
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Backdoor.Win32.QAKBOT.SMF1
McAfee-GW-Edition	BehavesLike.Win32.Generic.tz
Emsisoft	Trojan.Crypt (A)
Paloalto	generic.ml
Jiangmin	Trojan.Zenpak.cwj
eGambit	Generic.Malware
Avira	TR/AD.Qbot.zobcp
MAX	malware (ai score=85)
Antiy-AVL	GrayWare/Win32.Kryptik.ehls
Gridinsoft	Trojan.Win32.Kryptik.oa
Microsoft	Trojan:Win32/Qbot.SK!MTB
AegisLab	Hacktool.Win32.Krap.lKMc
ZoneAlarm	HEUR:Trojan.Win32.Zenpak.vho
GData	Trojan.Mint.Zamg.O
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Yakes.R348616
BitDefenderTheta	AI:Packer.2292D6611E
ALYac	Trojan.Mint.Zamg.O
VBA32	BScope.Malware-Cryptor.SB.01798
Cylance	Unsafe
ESET-NOD32	a variant of Win32/Kryptik.HFVB
TrendMicro-HouseCall	Backdoor.Win32.QAKBOT.SMF1
Rising	Trojan.Kryptik!1.CA76 (CLASSIC)
Yandex	Trojan.Kryptik!JEfpOqj/rTU

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-08-09 20:18:25

Imports

Library KERNEL32.dll:

• 0x5a8e00 GetModuleHandleW

• 0x5a8e04 VirtualAllocEx

• 0x5a8e08 GetLastError

• 0x5a8e0c Sleep

Library USER32.dll:

• 0x5a8e14 LoadIconA

• 0x5a8e18 IsClipboardFormatAvailable

Library GDI32.dll:

• 0x5a8e20 GetStockObject

• 0x5a8e24 GetEnhMetaFileBits

Library ADVAPI32.dll:

• 0x5a8e2c RegOpenKeyW

• 0x5a8e30 RegQueryValueExA

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	50537	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.