SmartHawk

2.8

中危

59 个模型检测该样本为恶意！

重新分析

下载样本

d179103e8407544d7558eaea73b9607425de4366ee66586799d4707f70f2ddc1

724d93a08e0e6780f8975e6f93e9fa11.exe

分析耗时

19s

最近分析

文件大小

536.5KB

静态报毒动态报毒 AI SCORE=87 AIDETECTVM ATMN ATTRIBUTE BSCOPE CLASSIC CONFIDENCE ELDORADO GEN2 GENCIRC GENERICRXHS GENETIC GLUPTEBA HIGH CONFIDENCE HIGHCONFIDENCE KCLOUD KEPITEN KI1GRPQ MALICIOUS PE MALWARE1 MALWARE@#2ZLLLBPSADDEY R + TROJ R06EC0DIA20 R332075 RAZY SCORE SPYBOT STATIC AI SUSGEN TRML TROJANPROXY TROJANX UNSAFE XPACK 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	Trojan:Win32/Glupteba.11b	20190527	0.3.0.5
Avast	Win32:TrojanX-gen [Trj]	20201210	21.1.5827.0
Baidu		20190318	1.0.0.2
Kingsoft	Win32.Troj.Kepiten.a.(kcloud)	20201211	2017.9.26.565
McAfee	GenericRXHS-AA!724D93A08E0E	20201211	6.0.6.653
Tencent	Malware.Win32.Gencirc.10b9c0f4	20201211	1.0.0.1
CrowdStrike	win/malicious_confidence_70% (W)	20190702	1.0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

init

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619624287.639626 NtProtectVirtualMemory	process_identifier: 2200 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 430080 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x00401000	success	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.803855626024514

section

{'size_of_data': '0x00068e00', 'virtual_address': '0x00001000', 'entropy': 7.803855626024514, 'name': '.text', 'virtual_size': '0x00068dd6'}

description

A section with a high entropy has been found

entropy

0.7833800186741363

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
DrWeb	Trojan.SpyBot.961
MicroWorld-eScan	Gen:Variant.Razy.553929
FireEye	Generic.mg.724d93a08e0e6780
ALYac	Gen:Variant.Razy.553929
Cylance	Unsafe
SUPERAntiSpyware	Trojan.Agent/Gen-Glupteba
Sangfor	Malware
K7AntiVirus	Trojan ( 0056559e1 )
Alibaba	Trojan:Win32/Glupteba.11b
K7GW	Trojan ( 0056559e1 )
Cybereason	malicious.08e0e6
Arcabit	Trojan.Razy.D873C9
BitDefenderTheta	AI:Packer.3C00351F1F
Cyren	W32/S-3ebf0797!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Glupteba.BC
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Trojan.Win32.Kepiten.a
BitDefender	Gen:Variant.Razy.553929
Avast	Win32:TrojanX-gen [Trj]
Rising	Trojan.Glupteba!1.BC88 (CLASSIC)
Ad-Aware	Gen:Variant.Razy.553929
Sophos	Mal/Generic-R + Troj/Glupteba-M
Comodo	Malware@#2zlllbpsaddey
F-Secure	Trojan.TR/Crypt.XPACK.Gen2
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_GEN.R06EC0DIA20
McAfee-GW-Edition	BehavesLike.Win32.Generic.hc
Emsisoft	Gen:Variant.Razy.553929 (B)
SentinelOne	Static AI - Malicious PE
Jiangmin	Trojan.Kepiten.a
Avira	TR/Crypt.XPACK.Gen2
Antiy-AVL	Trojan/Win32.Kepiten
Kingsoft	Win32.Troj.Kepiten.a.(kcloud)
Gridinsoft	Trojan.Win32.Agent.vb
Microsoft	Trojan:Win32/Glupteba!atmn
AegisLab	Trojan.Win32.Kepiten.trmL
ZoneAlarm	Trojan.Win32.Kepiten.a
GData	Gen:Variant.Razy.553929
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.Generic.R332075
Acronis	suspicious
McAfee	GenericRXHS-AA!724D93A08E0E
MAX	malware (ai score=87)
VBA32	BScope.TrojanProxy.Glupteba
Malwarebytes	Trojan.Glupteba
TrendMicro-HouseCall	TROJ_GEN.R06EC0DIA20

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-05-20 21:56:20

Imports

Library SHLWAPI.dll:

• 0x46a24c StrCpyNW

Library WININET.dll:

• 0x46a254 InternetCheckConnectionW

Library KERNEL32.dll:

• 0x46a034 FormatMessageA

• 0x46a038 PostQueuedCompletionStatus

• 0x46a03c GetQueuedCompletionStatus

• 0x46a040 SetLastError

• 0x46a044 SetWaitableTimer

• 0x46a048 LeaveCriticalSection

• 0x46a04c EnterCriticalSection

• 0x46a050 TlsFree

• 0x46a054 TlsAlloc

• 0x46a058 TlsSetValue

• 0x46a05c TlsGetValue

• 0x46a060 CloseHandle

• 0x46a064 WaitForSingleObject

• 0x46a068 SleepEx

• 0x46a06c SetEvent

• 0x46a070 CreateEventW

• 0x46a074 QueueUserAPC

• 0x46a078 TerminateThread

• 0x46a07c WaitForMultipleObjects

• 0x46a080 DeleteCriticalSection

• 0x46a084 CreateIoCompletionPort

• 0x46a088 InitializeCriticalSectionAndSpinCount

• 0x46a08c VerifyVersionInfoW

• 0x46a090 VerSetConditionMask

• 0x46a094 FormatMessageW

• 0x46a098 CopyFileW

• 0x46a09c lstrlenW

• 0x46a0a0 GetTempFileNameW

• 0x46a0a4 MultiByteToWideChar

• 0x46a0a8 GetTickCount

• 0x46a0ac CreateMutexW

• 0x46a0b0 CreateMutexA

• 0x46a0b4 ExitProcess

• 0x46a0b8 DeleteFileW

• 0x46a0bc RemoveDirectoryW

• 0x46a0c0 AllocConsole

• 0x46a0c4 SetConsoleTextAttribute

• 0x46a0c8 GetStdHandle

• 0x46a0cc WriteConsoleW

• 0x46a0d0 ReadConsoleInputW

• 0x46a0d4 FreeConsole

• 0x46a0d8 GetLocalTime

• 0x46a0dc GetWindowsDirectoryW

• 0x46a0e0 OpenEventW

• 0x46a0e4 InitializeCriticalSection

• 0x46a0e8 GetModuleHandleA

• 0x46a0ec VirtualProtect

• 0x46a0f0 lstrcmp

• 0x46a0f4 GetModuleFileNameW

• 0x46a0f8 CreateProcessW

• 0x46a0fc GetModuleHandleW

• 0x46a100 SetEnvironmentVariableW

• 0x46a104 LocalFree

• 0x46a108 WideCharToMultiByte

• 0x46a10c MoveFileExW

• 0x46a110 GetTickCount64

• 0x46a114 GetLastError

• 0x46a118 GetProcessHeap

• 0x46a11c SetStdHandle

• 0x46a120 HeapSize

• 0x46a124 GetCurrentProcess

• 0x46a128 FreeEnvironmentStringsW

• 0x46a12c GetEnvironmentStringsW

• 0x46a130 GetOEMCP

• 0x46a134 GetACP

• 0x46a138 IsValidCodePage

• 0x46a13c GetTimeZoneInformation

• 0x46a140 HeapReAlloc

• 0x46a144 ReadConsoleW

• 0x46a148 ReadFile

• 0x46a14c FlushFileBuffers

• 0x46a150 GetFileSizeEx

• 0x46a154 GetConsoleMode

• 0x46a158 GetConsoleCP

• 0x46a15c GetFileType

• 0x46a160 EnumSystemLocalesW

• 0x46a164 GetUserDefaultLCID

• 0x46a168 IsValidLocale

• 0x46a16c GetTimeFormatW

• 0x46a170 GetDateFormatW

• 0x46a174 HeapAlloc

• 0x46a178 HeapFree

• 0x46a17c WriteFile

• 0x46a180 GetCommandLineW

• 0x46a184 GetCommandLineA

• 0x46a188 GetModuleHandleExW

• 0x46a18c ExitThread

• 0x46a190 RaiseException

• 0x46a194 RtlUnwind

• 0x46a198 WaitForSingleObjectEx

• 0x46a19c Sleep

• 0x46a1a0 SwitchToThread

• 0x46a1a4 GetCurrentThreadId

• 0x46a1a8 QueryPerformanceCounter

• 0x46a1ac QueryPerformanceFrequency

• 0x46a1b0 CreateFileW

• 0x46a1b4 FindClose

• 0x46a1b8 FindFirstFileExW

• 0x46a1bc FindNextFileW

• 0x46a1c0 GetFileAttributesW

• 0x46a1c4 GetFileAttributesExW

• 0x46a1c8 GetFileInformationByHandle

• 0x46a1cc SetEndOfFile

• 0x46a1d0 SetFilePointerEx

• 0x46a1d4 AreFileApisANSI

• 0x46a1d8 DeviceIoControl

• 0x46a1dc GetProcAddress

• 0x46a1e0 GetSystemTimeAsFileTime

• 0x46a1e4 EncodePointer

• 0x46a1e8 DecodePointer

• 0x46a1ec CompareStringW

• 0x46a1f0 LCMapStringW

• 0x46a1f4 GetLocaleInfoW

• 0x46a1f8 GetStringTypeW

• 0x46a1fc GetCPInfo

• 0x46a200 GetEnvironmentVariableW

• 0x46a204 ResetEvent

• 0x46a208 InitializeSListHead

• 0x46a20c UnhandledExceptionFilter

• 0x46a210 SetUnhandledExceptionFilter

• 0x46a214 TerminateProcess

• 0x46a218 IsProcessorFeaturePresent

• 0x46a21c IsDebuggerPresent

• 0x46a220 GetStartupInfoW

• 0x46a224 GetCurrentProcessId

• 0x46a228 CreateThread

• 0x46a22c GetCurrentThread

• 0x46a230 GetThreadTimes

• 0x46a234 FreeLibrary

• 0x46a238 FreeLibraryAndExitThread

• 0x46a23c LoadLibraryExW

Library ADVAPI32.dll:

• 0x46a000 RegDeleteValueW

• 0x46a004 CryptGenRandom

• 0x46a008 CryptReleaseContext

• 0x46a00c CryptAcquireContextW

• 0x46a010 ConvertSidToStringSidA

• 0x46a014 RegQueryValueExW

• 0x46a018 RegOpenKeyExW

• 0x46a01c RegSetValueExW

• 0x46a020 RegCreateKeyExW

• 0x46a024 RegCloseKey

• 0x46a028 GetTokenInformation

• 0x46a02c OpenProcessToken

Library SHELL32.dll:

• 0x46a244 SHGetFolderPathAndSubDirW

Library ole32.dll:

• 0x46a2b8 CoInitializeEx

• 0x46a2bc CoUninitialize

• 0x46a2c0 CoCreateGuid

• 0x46a2c4 StringFromGUID2

• 0x46a2c8 CoInitializeSecurity

Library WS2_32.dll:

• 0x46a25c setsockopt

• 0x46a260 ioctlsocket

• 0x46a264 WSASetLastError

• 0x46a268 WSAGetLastError

• 0x46a26c closesocket

• 0x46a270 WSACleanup

• 0x46a274 WSASend

• 0x46a278 select

• 0x46a27c connect

• 0x46a280 WSASocketW

• 0x46a284 shutdown

• 0x46a288 htonl

• 0x46a28c ntohl

• 0x46a290 htons

• 0x46a294 getaddrinfo

• 0x46a298 getsockopt

• 0x46a29c WSACloseEvent

• 0x46a2a0 WSAStartup

• 0x46a2a4 WSARecv

• 0x46a2a8 WSACreateEvent

• 0x46a2ac freeaddrinfo

• 0x46a2b0 WSAEventSelect

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	50537	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.