2.8
中危
53 个模型检测该样本为恶意!
重新分析
更多

9ad02a119c0df3fb652557b2b5c3136a3fb7f80e78774f1bffd5237eb2d9a514

7282aa3b1b192586026943ee2880c388.exe

分析耗时

75s

最近分析

文件大小

556.0KB
静态报毒 动态报毒 100% AGENTGOZIMH AI SCORE=89 BANKERX CJWUGTW+3HO CNFG CONFIDENCE EOFA ETSS FUERY GDSDA GENCIRC GENERICRXLK GENKRYPTIK HNXCQP ICEDID MALWARE@#G1H3HK0QQYOG PEGOU PHOTODLDER R02CC0DKD20 SCORE SLEPAK SMQHNRFSITV SUSGEN TROJANBANKER UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXLK-SS!7282AA3B1B19 20210106 6.0.6.653
Alibaba Trojan:Win32/Slepak.e45d5bcd 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:BankerX-gen [Trj] 20210106 21.1.5827.0
Tencent Malware.Win32.Gencirc.11a5e4ec 20210106 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
This executable has a PDB path (1 个事件)
pdb_path c:\Comesand\powerTop\Settletruck\wishear\OwnHat\Conditionatom\justLedparticular.pdb
行为判定
动态指标
Resolves a suspicious Top Level Domain (TLD) (2 个事件)
domain portivitto.top description Generic top level domain TLD
domain slizilinno.top description Generic top level domain TLD
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619596050.425081
NtAllocateVirtualMemory
process_identifier: 2344
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00360000
success 0 0
1619596050.425081
NtAllocateVirtualMemory
process_identifier: 2344
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00370000
success 0 0
1619596050.425081
NtAllocateVirtualMemory
process_identifier: 2344
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00380000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 个事件)
Bkav W32.AgentGoziMH.Trojan
MicroWorld-eScan Trojan.Agent.ETSS
FireEye Generic.mg.7282aa3b1b192586
McAfee GenericRXLK-SS!7282AA3B1B19
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 0056a9d61 )
Alibaba Trojan:Win32/Slepak.e45d5bcd
K7GW Trojan ( 0056a9d61 )
Cybereason malicious.b1b192
Arcabit Trojan.Agent.ETSS
Cyren W32/Trojan.CNFG-8840
Symantec Trojan Horse
APEX Malicious
Avast Win32:BankerX-gen [Trj]
Kaspersky Trojan.Win32.Slepak.ad
BitDefender Trojan.Agent.ETSS
NANO-Antivirus Trojan.Win32.IcedID.hnxcqp
Paloalto generic.ml
AegisLab Trojan.Win32.Slepak.4!c
Tencent Malware.Win32.Gencirc.11a5e4ec
Ad-Aware Trojan.Agent.ETSS
TACHYON Trojan/W32.Fuery.569344.B
Sophos Mal/Generic-S
Comodo Malware@#g1h3hk0qqyog
F-Secure Trojan.TR/AD.PhotoDlder.pegou
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R02CC0DKD20
McAfee-GW-Edition GenericRXLK-SS!7282AA3B1B19
Emsisoft Trojan.Agent.ETSS (B)
Ikarus Trojan-Banker.IcedID
Webroot W32.Trojan.Gen
Avira TR/AD.PhotoDlder.pegou
Antiy-AVL Trojan[Banker]/Win32.IcedID
Microsoft Trojan:Win32/IcedID.MB!MTB
ZoneAlarm Trojan.Win32.Slepak.ad
GData Trojan.Agent.ETSS
Cynet Malicious (score: 85)
AhnLab-V3 Trojan/Win32.Fuery.C4160901
VBA32 TrojanBanker.IcedID
ALYac Trojan.IcedID.gen
MAX malware (ai score=89)
Malwarebytes Trojan.IcedID
ESET-NOD32 a variant of Win32/GenKryptik.EOFA
TrendMicro-HouseCall TROJ_GEN.R02CC0DKD20
Rising Trojan.GenKryptik!8.AA55 (TFE:5:sMQhnRfsItV)
Yandex Trojan.GenKryptik!CjWugTW+3Ho
MaxSecure Trojan.Malware.104001718.susgen
Fortinet W32/Slepak.AZ!tr
AVG Win32:BankerX-gen [Trj]
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2015-01-05 07:35:48

Imports

Library KERNEL32.dll:
0x10010ec GlobalHandle
0x10010f4 TlsAlloc
0x10010f8 TlsSetValue
0x10010fc LocalReAlloc
0x1001100 DeleteCriticalSection
0x1001104 TlsFree
0x1001108 GetProcAddress
0x100110c GetModuleHandleA
0x1001110 InterlockedDecrement
0x1001114 FreeLibrary
0x1001118 InterlockedIncrement
0x100111c CloseHandle
0x1001120 GetCurrentThreadId
0x1001124 lstrcmpA
0x1001128 GlobalFlags
0x100112c GlobalReAlloc
0x1001130 GetThreadLocale
0x1001134 GetVersionExA
0x1001138 lstrcmpW
0x100113c GlobalDeleteAtom
0x1001140 GlobalFindAtomA
0x1001144 GlobalAddAtomA
0x1001148 GetLocaleInfoA
0x100114c GetCPInfo
0x1001150 GetOEMCP
0x1001154 WriteFile
0x1001158 SetFilePointer
0x100115c FlushFileBuffers
0x1001160 GetCurrentProcess
0x1001164 CreateFileA
0x1001168 HeapFree
0x100116c HeapAlloc
0x1001170 HeapReAlloc
0x1001174 GetCommandLineA
0x1001178 GetProcessHeap
0x100117c GetStartupInfoA
0x1001180 RaiseException
0x1001184 RtlUnwind
0x1001188 HeapSize
0x100118c TerminateProcess
0x1001198 IsDebuggerPresent
0x100119c HeapDestroy
0x10011a0 HeapCreate
0x10011a4 VirtualFree
0x10011a8 GetStdHandle
0x10011b0 GetEnvironmentStrings
0x10011bc SetHandleCount
0x10011c0 GetFileType
0x10011c8 GetTickCount
0x10011d0 GetACP
0x10011d4 GetConsoleCP
0x10011d8 GetConsoleMode
0x10011dc LCMapStringA
0x10011e0 LCMapStringW
0x10011e4 GetStringTypeA
0x10011e8 GetStringTypeW
0x10011ec SetStdHandle
0x10011f0 WriteConsoleA
0x10011f4 GetConsoleOutputCP
0x10011f8 WriteConsoleW
0x10011fc EnterCriticalSection
0x1001200 TlsGetValue
0x1001204 LeaveCriticalSection
0x1001208 LocalAlloc
0x100120c GlobalFree
0x1001210 GlobalAlloc
0x1001214 GlobalLock
0x1001218 GlobalUnlock
0x100121c FormatMessageA
0x1001220 LocalFree
0x1001224 FindResourceA
0x1001228 LoadResource
0x100122c LockResource
0x1001230 SizeofResource
0x1001234 SetLastError
0x1001238 GetTempPathA
0x100123c GetCurrentProcessId
0x1001240 GetVersion
0x1001244 GetFileTime
0x1001248 ExitProcess
0x100124c CompareStringA
0x1001250 GetCurrentDirectoryA
0x1001254 VirtualProtect
0x1001258 GetModuleFileNameA
0x1001260 GetSystemInfo
0x1001264 LoadLibraryA
0x1001268 ResetEvent
0x100126c CopyFileA
0x1001270 VirtualAlloc
0x1001274 GetLastError
0x1001278 InterlockedExchange
0x100127c CreateDirectoryA
0x1001280 GetShortPathNameA
0x1001284 MultiByteToWideChar
0x100128c GetFileAttributesA
0x1001290 Sleep
0x1001294 WideCharToMultiByte
0x1001298 GetWindowsDirectoryA
0x100129c MoveFileExA
0x10012a0 lstrlenA
0x10012a4 GlobalGetAtomNameA
Library USER32.dll:
0x10012c8 DestroyMenu
0x10012cc TabbedTextOutA
0x10012d0 DrawTextA
0x10012d4 DrawTextExA
0x10012d8 GrayStringA
0x10012dc PostQuitMessage
0x10012e0 DefWindowProcA
0x10012e4 CallWindowProcA
0x10012e8 SetWindowLongA
0x10012ec IsIconic
0x10012f0 GetWindowPlacement
0x10012f4 SetMenuItemBitmaps
0x10012fc LoadBitmapA
0x1001300 ModifyMenuA
0x1001304 EnableMenuItem
0x1001308 CheckMenuItem
0x100130c GetFocus
0x1001310 GetWindow
0x1001314 GetDlgCtrlID
0x1001318 GetWindowRect
0x100131c PtInRect
0x1001320 SetWindowTextA
0x1001324 UnregisterClassA
0x1001328 SetWindowsHookExA
0x100132c CallNextHookEx
0x1001330 DispatchMessageA
0x1001338 GetSystemMetrics
0x100133c ReleaseDC
0x1001340 GetSysColor
0x1001344 GetSysColorBrush
0x1001348 UnhookWindowsHookEx
0x1001350 SendMessageA
0x1001354 GetParent
0x1001358 GetWindowLongA
0x100135c GetLastActivePopup
0x1001360 IsWindowEnabled
0x1001364 EnableWindow
0x1001368 MessageBoxA
0x100136c GetMenuState
0x1001370 GetMenuItemID
0x1001374 GetMenuItemCount
0x1001378 GetSubMenu
0x100137c WinHelpA
0x1001380 GetMessagePos
0x1001384 FindWindowA
0x1001388 UpdateWindow
0x100138c SystemParametersInfoA
0x1001390 FrameRect
0x1001394 EnumChildWindows
0x1001398 ClientToScreen
0x100139c GetMessageA
0x10013a0 CloseClipboard
0x10013a4 GetClassNameA
0x10013a8 ScreenToClient
0x10013ac RegisterClassExA
0x10013b0 LoadIconA
0x10013b4 GetWindowTextLengthA
0x10013b8 GetDC
0x10013bc OffsetRect
0x10013c0 GetWindowTextA
0x10013c4 GetAsyncKeyState
0x10013c8 EndDialog
0x10013cc SetWindowPos
0x10013d0 PeekMessageA
0x10013d4 GetCapture
0x10013d8 GetClassLongA
0x10013dc SetPropA
0x10013e0 LoadCursorA
0x10013e4 GetPropA
0x10013e8 RemovePropA
0x10013ec IsWindow
0x10013f0 GetForegroundWindow
0x10013f4 GetDlgItem
0x10013f8 GetTopWindow
0x10013fc DestroyWindow
0x1001400 GetMessageTime
0x1001404 MapWindowPoints
0x1001408 SetForegroundWindow
0x100140c GetClientRect
0x1001410 GetMenu
0x1001414 PostMessageA
0x1001418 CreateWindowExA
0x100141c GetClassInfoExA
0x1001420 GetClassInfoA
0x1001424 RegisterClassA
0x1001428 AdjustWindowRectEx
0x100142c CopyRect
0x1001430 GetKeyState
0x1001434 ValidateRect
Library GDI32.dll:
0x1001074 SetMapMode
0x1001078 GetStockObject
0x100107c DeleteDC
0x1001080 AbortDoc
0x1001084 EndDoc
0x1001088 GetTextMetricsA
0x100108c CombineRgn
0x1001090 SetRectRgn
0x1001094 SetAbortProc
0x1001098 ScaleWindowExtEx
0x100109c SetWindowExtEx
0x10010a0 ScaleViewportExtEx
0x10010a4 RestoreDC
0x10010a8 SaveDC
0x10010ac ExtTextOutA
0x10010b0 SetBkColor
0x10010b4 SetTextColor
0x10010b8 GetClipBox
0x10010bc CreateBitmap
0x10010c0 DeleteObject
0x10010c4 PtVisible
0x10010c8 RectVisible
0x10010cc TextOutA
0x10010d0 Escape
0x10010d4 SelectObject
0x10010d8 SetViewportOrgEx
0x10010dc OffsetViewportOrgEx
0x10010e0 SetViewportExtEx
0x10010e4 GetDeviceCaps
Library COMCTL32.dll:
0x1001058
0x100105c CreateToolbarEx
0x1001060 ImageList_LoadImageA
0x1001064
Library comdlg32.dll:
0x100144c GetSaveFileNameA
0x1001450 GetOpenFileNameA
Library ole32.dll:
0x1001458 OleSetContainedObject
0x100145c OleInitialize
0x1001460 OleUninitialize
Library OLEAUT32.dll:
0x10012b8 VariantChangeType
0x10012bc VariantClear
0x10012c0 VariantInit
Library ADVAPI32.dll:
0x1001000 RegCloseKey
0x1001004 RegEnumKeyA
0x1001008 FreeSid
0x100100c OpenSCManagerA
0x1001010 SetServiceStatus
0x1001018 QueryServiceStatus
0x100101c RegOpenKeyExA
0x1001020 LookupPrivilegeValueW
0x100102c CreateServiceA
0x1001030 RegQueryValueExA
0x1001038 RegSetValueExA
0x100103c GetTokenInformation
0x1001040 SetEntriesInAclA
0x1001044 OpenThreadToken
0x100104c OpenProcessToken
0x1001050 OpenServiceA
Library WINSPOOL.DRV:
0x100143c OpenPrinterA
0x1001440 ClosePrinter
0x1001444 DocumentPropertiesA
Library OLEACC.dll:
0x10012b0 LresultFromObject

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 51378 8.8.8.8 53
192.168.56.101 51808 8.8.8.8 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.