SmartHawk

3.0

中危

59 个模型检测该样本为恶意！

重新分析

下载样本

4458df211fccf5c1d24b96ebb7b4191cc94edc0b0e13bbb80ae3919f015297d9

77c9ea3033b075ae8897963c0bf08a5b.exe

分析耗时

79s

最近分析

文件大小

785.5KB

静态报毒动态报毒 AGEN AI SCORE=100 AIDETECT AJVT CLOUD DELF DELFINJECT DELPHILESS ENEL ENEZ FAREIT FORMBOOK HIGH CONFIDENCE HTWTWI HWUBBAIC KCLOUD MALWARE1 MALWARE@#3MYMEG0P92KHT MBLTNHH6UVG SAVE SCORE STATIC AI SUSGEN SUSPICIOUS PE TSCOPE UNSAFE WUTX X2094 XGX@AKIMOIEI ZELPHIF ZUSY 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Fareit-FZN!77C9EA3033B0	20210309	6.0.6.653
Alibaba	Trojan:Win32/DelfInject.f8dae17e	20190527	0.3.0.5
Avast	Win32:Trojan-gen	20210309	21.1.5827.0
Tencent	Win32.Trojan.Crypt.Ajvt	20210309	1.0.0.1
Baidu		20190318	1.0.0.2
Kingsoft	Win32.Troj.Undef.(kcloud)	20210309	2017.9.26.565
CrowdStrike		20180202	1.0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)

section	CODE
section	DATA
section	BSS

The executable uses a known packer (1 个事件)

packer

BobSoft Mini Delphi -> BoB / BobSoft

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619680445.125375 NtAllocateVirtualMemory	process_identifier: 784 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00660000	success	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.548563555857732

section

{'size_of_data': '0x00039000', 'virtual_address': '0x00091000', 'entropy': 7.548563555857732, 'name': '.rsrc', 'virtual_size': '0x00038e04'}

description

A section with a high entropy has been found

entropy

0.29081632653061223

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Stealer.29223
MicroWorld-eScan	Gen:Variant.Zusy.312576
FireEye	Generic.mg.77c9ea3033b075ae
McAfee	Fareit-FZN!77C9EA3033B0
Cylance	Unsafe
Zillya	Trojan.Injector.Win32.767868
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0056da011 )
Alibaba	Trojan:Win32/DelfInject.f8dae17e
K7GW	Trojan ( 0056da011 )
Cybereason	malicious.033b07
Arcabit	Trojan.Zusy.D4C500
BitDefenderTheta	Gen:NN.ZelphiF.34608.XGX@aKIMoiei
Cyren	W32/Injector.WUTX-6330
Symantec	Trojan Horse
ESET-NOD32	a variant of Win32/Injector.ENEL
APEX	Malicious
Avast	Win32:Trojan-gen
ClamAV	Win.Trojan.Zusy-9740416-0
Kaspersky	HEUR:Trojan.Win32.Crypt.gen
BitDefender	Gen:Variant.Zusy.312576
NANO-Antivirus	Trojan.Win32.Crypt.htwtwi
Paloalto	generic.ml
AegisLab	Trojan.Win32.Crypt.4!c
Tencent	Win32.Trojan.Crypt.Ajvt
Ad-Aware	Gen:Variant.Zusy.312576
Sophos	Mal/Generic-S
Comodo	Malware@#3mymeg0p92kht
F-Secure	Heuristic.HEUR/AGEN.1139008
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Fareit.bh
Emsisoft	Trojan.Injector (A)
SentinelOne	Static AI - Suspicious PE
eGambit	Unsafe.AI_Score_99%
Avira	HEUR/AGEN.1139008
Antiy-AVL	Trojan/Win32.Crypt
Kingsoft	Win32.Troj.Undef.(kcloud)
Gridinsoft	Trojan.Win32.Agent.oa
Microsoft	Trojan:Win32/DelfInject.AR!MTB
ZoneAlarm	HEUR:Trojan.Win32.Crypt.gen
GData	Gen:Variant.Zusy.312576
Cynet	Malicious (score: 100)
AhnLab-V3	Suspicious/Win.Delphiless.X2094
Acronis	suspicious
VBA32	TScope.Trojan.Delf
ALYac	Trojan.Agent.FormBook
MAX	malware (ai score=100)
Malwarebytes	Trojan.MalPack.DLF

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:

• 0x484168 DeleteCriticalSection

• 0x48416c LeaveCriticalSection

• 0x484170 EnterCriticalSection

• 0x484174 InitializeCriticalSection

• 0x484178 VirtualFree

• 0x48417c VirtualAlloc

• 0x484180 LocalFree

• 0x484184 LocalAlloc

• 0x484188 GetVersion

• 0x48418c GetCurrentThreadId

• 0x484190 InterlockedDecrement

• 0x484194 InterlockedIncrement

• 0x484198 VirtualQuery

• 0x48419c WideCharToMultiByte

• 0x4841a0 SetCurrentDirectoryA

• 0x4841a4 MultiByteToWideChar

• 0x4841a8 lstrlenA

• 0x4841ac lstrcpynA

• 0x4841b0 LoadLibraryExA

• 0x4841b4 GetThreadLocale

• 0x4841b8 GetStartupInfoA

• 0x4841bc GetProcAddress

• 0x4841c0 GetModuleHandleA

• 0x4841c4 GetModuleFileNameA

• 0x4841c8 GetLocaleInfoA

• 0x4841cc GetLastError

• 0x4841d0 GetCurrentDirectoryA

• 0x4841d4 GetCommandLineA

• 0x4841d8 FreeLibrary

• 0x4841dc FindFirstFileA

• 0x4841e0 FindClose

• 0x4841e4 ExitProcess

• 0x4841e8 WriteFile

• 0x4841ec UnhandledExceptionFilter

• 0x4841f0 RtlUnwind

• 0x4841f4 RaiseException

• 0x4841f8 GetStdHandle

Library user32.dll:

• 0x484200 GetKeyboardType

• 0x484204 LoadStringA

• 0x484208 MessageBoxA

• 0x48420c CharNextA

Library advapi32.dll:

• 0x484214 RegQueryValueExA

• 0x484218 RegOpenKeyExA

• 0x48421c RegCloseKey

Library oleaut32.dll:

• 0x484224 SysFreeString

• 0x484228 SysReAllocStringLen

• 0x48422c SysAllocStringLen

Library kernel32.dll:

• 0x484234 TlsSetValue

• 0x484238 TlsGetValue

• 0x48423c LocalAlloc

• 0x484240 GetModuleHandleA

Library advapi32.dll:

• 0x484248 RegQueryValueExA

• 0x48424c RegOpenKeyExA

• 0x484250 RegCloseKey

Library kernel32.dll:

• 0x484258 lstrcpyA

• 0x48425c WriteFile

• 0x484260 WaitForSingleObjectEx

• 0x484264 WaitForSingleObject

• 0x484268 VirtualQuery

• 0x48426c VirtualProtectEx

• 0x484270 VirtualProtect

• 0x484274 VirtualAlloc

• 0x484278 Sleep

• 0x48427c SizeofResource

• 0x484280 SetThreadLocale

• 0x484284 SetFilePointer

• 0x484288 SetEvent

• 0x48428c SetErrorMode

• 0x484290 SetEndOfFile

• 0x484294 ResetEvent

• 0x484298 ReadFile

• 0x48429c MulDiv

• 0x4842a0 LockResource

• 0x4842a4 LoadResource

• 0x4842a8 LoadLibraryA

• 0x4842ac LeaveCriticalSection

• 0x4842b0 InitializeCriticalSection

• 0x4842b4 GlobalUnlock

• 0x4842b8 GlobalReAlloc

• 0x4842bc GlobalHandle

• 0x4842c0 GlobalLock

• 0x4842c4 GlobalFree

• 0x4842c8 GlobalFindAtomA

• 0x4842cc GlobalDeleteAtom

• 0x4842d0 GlobalAlloc

• 0x4842d4 GlobalAddAtomA

• 0x4842d8 GetVolumeInformationA

• 0x4842dc GetVersionExA

• 0x4842e0 GetVersion

• 0x4842e4 GetTickCount

• 0x4842e8 GetThreadLocale

• 0x4842ec GetSystemInfo

• 0x4842f0 GetStringTypeExA

• 0x4842f4 GetStdHandle

• 0x4842f8 GetProcAddress

• 0x4842fc GetModuleHandleA

• 0x484300 GetModuleFileNameA

• 0x484304 GetLogicalDrives

• 0x484308 GetLocaleInfoA

• 0x48430c GetLocalTime

• 0x484310 GetLastError

• 0x484314 GetFullPathNameA

• 0x484318 GetFileAttributesA

• 0x48431c GetDriveTypeA

• 0x484320 GetDiskFreeSpaceA

• 0x484324 GetDateFormatA

• 0x484328 GetCurrentThreadId

• 0x48432c GetCurrentProcessId

• 0x484330 GetCurrentProcess

• 0x484334 GetCPInfo

• 0x484338 GetACP

• 0x48433c FreeResource

• 0x484340 InterlockedExchange

• 0x484344 FreeLibrary

• 0x484348 FormatMessageA

• 0x48434c FindResourceA

• 0x484350 FindNextFileA

• 0x484354 FindFirstFileA

• 0x484358 FindClose

• 0x48435c FileTimeToLocalFileTime

• 0x484360 FileTimeToDosDateTime

• 0x484364 EnumCalendarInfoA

• 0x484368 EnterCriticalSection

• 0x48436c DeleteCriticalSection

• 0x484370 CreateThread

• 0x484374 CreateFileA

• 0x484378 CreateEventA

• 0x48437c CompareStringA

• 0x484380 CloseHandle

Library mpr.dll:

• 0x484388 WNetGetConnectionA

Library version.dll:

• 0x484390 VerQueryValueA

• 0x484394 GetFileVersionInfoSizeA

• 0x484398 GetFileVersionInfoA

Library gdi32.dll:

• 0x4843a0 UnrealizeObject

• 0x4843a4 StretchBlt

• 0x4843a8 SetWindowOrgEx

• 0x4843ac SetWinMetaFileBits

• 0x4843b0 SetViewportOrgEx

• 0x4843b4 SetTextColor

• 0x4843b8 SetStretchBltMode

• 0x4843bc SetROP2

• 0x4843c0 SetPixel

• 0x4843c4 SetEnhMetaFileBits

• 0x4843c8 SetDIBColorTable

• 0x4843cc SetBrushOrgEx

• 0x4843d0 SetBkMode

• 0x4843d4 SetBkColor

• 0x4843d8 SelectPalette

• 0x4843dc SelectObject

• 0x4843e0 SaveDC

• 0x4843e4 RestoreDC

• 0x4843e8 Rectangle

• 0x4843ec RectVisible

• 0x4843f0 RealizePalette

• 0x4843f4 Polyline

• 0x4843f8 PlayEnhMetaFile

• 0x4843fc PatBlt

• 0x484400 MoveToEx

• 0x484404 MaskBlt

• 0x484408 LineTo

• 0x48440c IntersectClipRect

• 0x484410 GetWindowOrgEx

• 0x484414 GetWinMetaFileBits

• 0x484418 GetTextMetricsA

• 0x48441c GetTextExtentPoint32A

• 0x484420 GetSystemPaletteEntries

• 0x484424 GetStockObject

• 0x484428 GetPixel

• 0x48442c GetPaletteEntries

• 0x484430 GetObjectA

• 0x484434 GetEnhMetaFilePaletteEntries

• 0x484438 GetEnhMetaFileHeader

• 0x48443c GetEnhMetaFileBits

• 0x484440 GetDeviceCaps

• 0x484444 GetDIBits

• 0x484448 GetDIBColorTable

• 0x48444c GetDCOrgEx

• 0x484450 GetCurrentPositionEx

• 0x484454 GetClipBox

• 0x484458 GetBrushOrgEx

• 0x48445c GetBitmapBits

• 0x484460 ExtTextOutA

• 0x484464 ExcludeClipRect

• 0x484468 DeleteObject

• 0x48446c DeleteEnhMetaFile

• 0x484470 DeleteDC

• 0x484474 CreateSolidBrush

• 0x484478 CreatePenIndirect

• 0x48447c CreatePen

• 0x484480 CreatePalette

• 0x484484 CreateHalftonePalette

• 0x484488 CreateFontIndirectA

• 0x48448c CreateDIBitmap

• 0x484490 CreateDIBSection

• 0x484494 CreateCompatibleDC

• 0x484498 CreateCompatibleBitmap

• 0x48449c CreateBrushIndirect

• 0x4844a0 CreateBitmap

• 0x4844a4 CopyEnhMetaFileA

• 0x4844a8 BitBlt

Library opengl32.dll:

• 0x4844b0 wglCreateContext

Library user32.dll:

• 0x4844b8 CreateWindowExA

• 0x4844bc WindowFromPoint

• 0x4844c0 WinHelpA

• 0x4844c4 WaitMessage

• 0x4844c8 ValidateRect

• 0x4844cc UpdateWindow

• 0x4844d0 UnregisterClassA

• 0x4844d4 UnhookWindowsHookEx

• 0x4844d8 TranslateMessage

• 0x4844dc TranslateMDISysAccel

• 0x4844e0 TrackPopupMenu

• 0x4844e4 SystemParametersInfoA

• 0x4844e8 ShowWindow

• 0x4844ec ShowScrollBar

• 0x4844f0 ShowOwnedPopups

• 0x4844f4 ShowCursor

• 0x4844f8 SetWindowsHookExA

• 0x4844fc SetWindowTextA

• 0x484500 SetWindowPos

• 0x484504 SetWindowPlacement

• 0x484508 SetWindowLongA

• 0x48450c SetTimer

• 0x484510 SetScrollRange

• 0x484514 SetScrollPos

• 0x484518 SetScrollInfo

• 0x48451c SetRect

• 0x484520 SetPropA

• 0x484524 SetParent

• 0x484528 SetMenuItemInfoA

• 0x48452c SetMenu

• 0x484530 SetForegroundWindow

• 0x484534 SetFocus

• 0x484538 SetCursor

• 0x48453c SetClassLongA

• 0x484540 SetCapture

• 0x484544 SetActiveWindow

• 0x484548 SendMessageA

• 0x48454c ScrollWindow

• 0x484550 ScreenToClient

• 0x484554 RemovePropA

• 0x484558 RemoveMenu

• 0x48455c ReleaseDC

• 0x484560 ReleaseCapture

• 0x484564 RegisterWindowMessageA

• 0x484568 RegisterClipboardFormatA

• 0x48456c RegisterClassA

• 0x484570 RedrawWindow

• 0x484574 PtInRect

• 0x484578 PostQuitMessage

• 0x48457c PostMessageA

• 0x484580 PeekMessageA

• 0x484584 OffsetRect

• 0x484588 OemToCharA

• 0x48458c MessageBoxA

• 0x484590 MapWindowPoints

• 0x484594 MapVirtualKeyA

• 0x484598 LoadStringA

• 0x48459c LoadKeyboardLayoutA

• 0x4845a0 LoadIconA

• 0x4845a4 LoadCursorA

• 0x4845a8 LoadBitmapA

• 0x4845ac KillTimer

• 0x4845b0 IsZoomed

• 0x4845b4 IsWindowVisible

• 0x4845b8 IsWindowEnabled

• 0x4845bc IsWindow

• 0x4845c0 IsRectEmpty

• 0x4845c4 IsIconic

• 0x4845c8 IsDialogMessageA

• 0x4845cc IsChild

• 0x4845d0 InvalidateRect

• 0x4845d4 IntersectRect

• 0x4845d8 InsertMenuItemA

• 0x4845dc InsertMenuA

• 0x4845e0 InflateRect

• 0x4845e4 GetWindowThreadProcessId

• 0x4845e8 GetWindowTextA

• 0x4845ec GetWindowRect

• 0x4845f0 GetWindowPlacement

• 0x4845f4 GetWindowLongA

• 0x4845f8 GetWindowDC

• 0x4845fc GetTopWindow

• 0x484600 GetSystemMetrics

• 0x484604 GetSystemMenu

• 0x484608 GetSysColorBrush

• 0x48460c GetSysColor

• 0x484610 GetSubMenu

• 0x484614 GetScrollRange

• 0x484618 GetScrollPos

• 0x48461c GetScrollInfo

• 0x484620 GetPropA

• 0x484624 GetParent

• 0x484628 GetWindow

• 0x48462c GetMenuStringA

• 0x484630 GetMenuState

• 0x484634 GetMenuItemInfoA

• 0x484638 GetMenuItemID

• 0x48463c GetMenuItemCount

• 0x484640 GetMenu

• 0x484644 GetLastActivePopup

• 0x484648 GetKeyboardState

• 0x48464c GetKeyboardLayoutList

• 0x484650 GetKeyboardLayout

• 0x484654 GetKeyState

• 0x484658 GetKeyNameTextA

• 0x48465c GetIconInfo

• 0x484660 GetForegroundWindow

• 0x484664 GetFocus

• 0x484668 GetDlgItem

• 0x48466c GetDesktopWindow

• 0x484670 GetDCEx

• 0x484674 GetDC

• 0x484678 GetCursorPos

• 0x48467c GetCursor

• 0x484680 GetClipboardData

• 0x484684 GetClientRect

• 0x484688 GetClassNameA

• 0x48468c GetClassInfoA

• 0x484690 GetCapture

• 0x484694 GetActiveWindow

• 0x484698 FrameRect

• 0x48469c FindWindowA

• 0x4846a0 FillRect

• 0x4846a4 EqualRect

• 0x4846a8 EnumWindows

• 0x4846ac EnumThreadWindows

• 0x4846b0 EndPaint

• 0x4846b4 EnableWindow

• 0x4846b8 EnableScrollBar

• 0x4846bc EnableMenuItem

• 0x4846c0 DrawTextA

• 0x4846c4 DrawMenuBar

• 0x4846c8 DrawIconEx

• 0x4846cc DrawIcon

• 0x4846d0 DrawFrameControl

• 0x4846d4 DrawFocusRect

• 0x4846d8 DrawEdge

• 0x4846dc DispatchMessageA

• 0x4846e0 DestroyWindow

• 0x4846e4 DestroyMenu

• 0x4846e8 DestroyIcon

• 0x4846ec DestroyCursor

• 0x4846f0 DeleteMenu

• 0x4846f4 DefWindowProcA

• 0x4846f8 DefMDIChildProcA

• 0x4846fc DefFrameProcA

• 0x484700 CreatePopupMenu

• 0x484704 CreateMenu

• 0x484708 CreateIcon

• 0x48470c ClientToScreen

• 0x484710 CheckMenuItem

• 0x484714 CallWindowProcA

• 0x484718 CallNextHookEx

• 0x48471c BeginPaint

• 0x484720 CharNextA

• 0x484724 CharLowerBuffA

• 0x484728 CharLowerA

• 0x48472c CharUpperBuffA

• 0x484730 CharToOemA

• 0x484734 AdjustWindowRectEx

• 0x484738 ActivateKeyboardLayout

Library kernel32.dll:

• 0x484740 Sleep

Library oleaut32.dll:

• 0x484748 SafeArrayPtrOfIndex

• 0x48474c SafeArrayGetUBound

• 0x484750 SafeArrayGetLBound

• 0x484754 SafeArrayCreate

• 0x484758 VariantChangeType

• 0x48475c VariantCopy

• 0x484760 VariantClear

• 0x484764 VariantInit

Library comctl32.dll:

• 0x48476c ImageList_SetIconSize

• 0x484770 ImageList_GetIconSize

• 0x484774 ImageList_Write

• 0x484778 ImageList_Read

• 0x48477c ImageList_GetDragImage

• 0x484780 ImageList_DragShowNolock

• 0x484784 ImageList_SetDragCursorImage

• 0x484788 ImageList_DragMove

• 0x48478c ImageList_DragLeave

• 0x484790 ImageList_DragEnter

• 0x484794 ImageList_EndDrag

• 0x484798 ImageList_BeginDrag

• 0x48479c ImageList_Remove

• 0x4847a0 ImageList_DrawEx

• 0x4847a4 ImageList_Replace

• 0x4847a8 ImageList_Draw

• 0x4847ac ImageList_GetBkColor

• 0x4847b0 ImageList_SetBkColor

• 0x4847b4 ImageList_ReplaceIcon

• 0x4847b8 ImageList_Add

• 0x4847bc ImageList_GetImageCount

• 0x4847c0 ImageList_Destroy

• 0x4847c4 ImageList_Create

• 0x4847c8 InitCommonControls

Library comdlg32.dll:

• 0x4847d0 GetOpenFileNameA

Library kernel32.dll:

• 0x4847d8 AddVectoredExceptionHandler

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58368	239.255.255.250	3702
192.168.56.101	58370	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.