5.8
高危
35 个模型检测该样本为恶意!
重新分析
更多

811e54263b49935364dcfc270f72c889a7cf4a946b12ff767f94ec634f130408

7807ed1daef7ca659bc2e95b141c0723.exe

分析耗时

93s

最近分析

文件大小

339.5KB
静态报毒 动态报毒 100% AFRJ AI SCORE=100 ARTEMIS ATTRIBUTE CLOUD ELDORADO FLYSTUDIO GENERIC PUA CI GRAYWARE HACKTOOL HIGHCONFIDENCE MALWARE@#286NCZ08LQPT8 ONLINEGAMES PACKEDBAIDU PRESENOKER PYSPY R002C0PER20 RMKFAOXFGYNB SCORE SUSGEN SUSPICIOUS PE UNSAFE WACATAC ZEXAF ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba 20190527 0.3.0.5
Tencent Win32.Trojan.Spy.Afrj 20200822 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft 20200822 2013.8.14.323
McAfee Artemis!7807ED1DAEF7 20200822 6.0.6.653
CrowdStrike 20190702 1.0
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:3859698984&cup2hreq=63bbeff987c949bb783e620ba1545f1570774b205d0679d02b82be1c3b030391
Performs some HTTP requests (4 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620758926&mv=u&mvi=1&pl=23&shardbypass=yes
request HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=9ab57a02a19cb4f6&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620758415&mv=m&mvi=3
request POST https://update.googleapis.com/service/update2?cup2key=10:3859698984&cup2hreq=63bbeff987c949bb783e620ba1545f1570774b205d0679d02b82be1c3b030391
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:3859698984&cup2hreq=63bbeff987c949bb783e620ba1545f1570774b205d0679d02b82be1c3b030391
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsm8D09.tmp\InstallOptions.dll
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsm8D09.tmp\InstallOptions.dll
Queries for potentially installed applications (1 个事件)
Time & API Arguments Status Return Repeated
1620788014.271374
RegOpenKeyExA
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SetDns(¦ᆵ￀￀ᅪ￸ᅭᄈ투ᅨ￙ᅥ￷)
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\SetDns(ä¯ÀÀÍøÒ³¼ÓËÙÆ÷)
options: 0
failed 2 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 35 AntiVirus engines on VirusTotal as malicious (35 个事件)
FireEye Generic.mg.7807ed1daef7ca65
CAT-QuickHeal Hacktool.Flystudio.16558
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 005246d51 )
K7GW Trojan ( 005246d51 )
Cybereason malicious.daef7c
TrendMicro TROJ_GEN.R002C0PER20
BitDefenderTheta Gen:NN.ZexaF.34186.rmKfaOXFGynb
Cyren W32/OnlineGames.HI.gen!Eldorado
Symantec ML.Attribute.HighConfidence
TotalDefense Win32/PackedBaidu
APEX Malicious
ClamAV Win.Malware.Zusy-6840460-0
AegisLab Trojan.Win32.PySpy.4!c
Tencent Win32.Trojan.Spy.Afrj
Comodo Malware@#286ncz08lqpt8
VIPRE Trojan.Win32.OnlineGames
Invincea heuristic
Sophos Generic PUA CI (PUA)
eGambit Unsafe.AI_Score_100%
Antiy-AVL GrayWare/Win32.FlyStudio.a
Microsoft PUA:Win32/Presenoker
AhnLab-V3 Malware/Win32.Generic.C2786188
McAfee Artemis!7807ED1DAEF7
MAX malware (ai score=100)
VBA32 TrojanSpy.PySpy
ESET-NOD32 a variant of Win32/Packed.FlyStudio.AA potentially unwanted
TrendMicro-HouseCall TROJ_GEN.R002C0PER20
Rising Trojan.Wacatac!8.10C01 (CLOUD)
SentinelOne DFI - Suspicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet Riskware/FlyStudio
AVG Win32:Dropper-gen [Drp]
Panda Trj/CI.A
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 216.58.200.46:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2016-04-02 11:21:36

Imports

Library KERNEL32.dll:
0x408064 GetShortPathNameA
0x408068 GetFullPathNameA
0x40806c MoveFileA
0x408070 GetLastError
0x408078 GetFileAttributesA
0x40807c SearchPathA
0x408080 SetFileAttributesA
0x408084 Sleep
0x408088 GetTickCount
0x40808c GetFileSize
0x408090 GetModuleFileNameA
0x408094 GetCurrentProcess
0x408098 CopyFileA
0x40809c ExitProcess
0x4080a4 SetFileTime
0x4080a8 CompareFileTime
0x4080ac lstrlenA
0x4080b0 GetVersion
0x4080b4 SetErrorMode
0x4080b8 lstrcpynA
0x4080bc GetDiskFreeSpaceA
0x4080c0 GlobalUnlock
0x4080c4 GlobalLock
0x4080c8 CreateThread
0x4080cc CreateDirectoryA
0x4080d0 CreateProcessA
0x4080d4 RemoveDirectoryA
0x4080d8 CreateFileA
0x4080dc GetTempFileNameA
0x4080e0 lstrcatA
0x4080e4 GetSystemDirectoryA
0x4080e8 CloseHandle
0x4080ec lstrcmpiA
0x4080f0 lstrcmpA
0x4080f8 GlobalFree
0x4080fc GlobalAlloc
0x408100 WaitForSingleObject
0x408104 GetExitCodeProcess
0x408108 GetCommandLineA
0x40810c GetTempPathA
0x408110 GetProcAddress
0x408114 DeleteFileA
0x408118 FindFirstFileA
0x40811c FindNextFileA
0x408120 FindClose
0x408124 SetFilePointer
0x408128 ReadFile
0x40812c WriteFile
0x408138 MultiByteToWideChar
0x40813c FreeLibrary
0x408140 MulDiv
0x408144 LoadLibraryExA
0x408148 GetModuleHandleA
Library USER32.dll:
0x40816c GetWindowRect
0x408170 EnableMenuItem
0x408174 GetSystemMenu
0x408178 ScreenToClient
0x40817c SetClassLongA
0x408180 IsWindowEnabled
0x408184 SetWindowPos
0x408188 GetSysColor
0x40818c GetWindowLongA
0x408190 SetCursor
0x408194 LoadCursorA
0x408198 CheckDlgButton
0x40819c GetAsyncKeyState
0x4081a0 IsDlgButtonChecked
0x4081a4 GetMessagePos
0x4081a8 LoadBitmapA
0x4081ac CallWindowProcA
0x4081b0 IsWindowVisible
0x4081b4 CloseClipboard
0x4081bc RegisterClassA
0x4081c0 EndDialog
0x4081c4 TrackPopupMenu
0x4081c8 AppendMenuA
0x4081cc CreatePopupMenu
0x4081d0 GetSystemMetrics
0x4081d4 SetDlgItemTextA
0x4081d8 GetDlgItemTextA
0x4081dc MessageBoxIndirectA
0x4081e0 CharPrevA
0x4081e4 wvsprintfA
0x4081e8 DispatchMessageA
0x4081ec PeekMessageA
0x4081f0 EnableWindow
0x4081f4 InvalidateRect
0x4081f8 SendMessageA
0x4081fc DefWindowProcA
0x408200 BeginPaint
0x408204 GetClientRect
0x408208 FillRect
0x40820c DrawTextA
0x408210 EndPaint
0x408214 CreateWindowExA
0x408218 GetClassInfoA
0x40821c DialogBoxParamA
0x408220 CharNextA
0x408224 SetTimer
0x408228 OpenClipboard
0x40822c SetWindowTextA
0x408230 GetDC
0x408234 LoadImageA
0x408238 ShowWindow
0x40823c wsprintfA
0x408240 SendMessageTimeoutA
0x408244 FindWindowExA
0x408248 IsWindow
0x40824c GetDlgItem
0x408250 SetWindowLongA
0x408254 SetClipboardData
0x408258 EmptyClipboard
0x40825c DestroyWindow
0x408260 ExitWindowsEx
0x408264 SetForegroundWindow
0x408268 PostQuitMessage
0x40826c CreateDialogParamA
Library GDI32.dll:
0x408040 SelectObject
0x408044 SetTextColor
0x408048 SetBkMode
0x40804c CreateFontIndirectA
0x408050 CreateBrushIndirect
0x408054 DeleteObject
0x408058 GetDeviceCaps
0x40805c SetBkColor
Library SHELL32.dll:
0x408158 SHBrowseForFolderA
0x40815c SHGetFileInfoA
0x408160 ShellExecuteA
0x408164 SHFileOperationA
Library ADVAPI32.dll:
0x408000 RegDeleteValueA
0x408004 SetFileSecurityA
0x408008 RegOpenKeyExA
0x40800c RegDeleteKeyA
0x408010 RegEnumValueA
0x408014 RegCloseKey
0x408018 RegCreateKeyExA
0x40801c RegSetValueExA
0x408020 RegQueryValueExA
0x408024 RegEnumKeyA
Library COMCTL32.dll:
0x40802c ImageList_Create
0x408030 ImageList_Destroy
0x408034
0x408038 ImageList_AddMasked
Library ole32.dll:
0x408274 OleUninitialize
0x408278 OleInitialize
0x40827c CoTaskMemFree
0x408280 CoCreateInstance

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49180 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49181 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49179 203.208.41.65 redirector.gvt1.com 80
192.168.56.101 49178 203.208.41.66 update.googleapis.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 54178 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 58970 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57236 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=9ab57a02a19cb4f6&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620758415&mv=m&mvi=3 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=9ab57a02a19cb4f6&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620758415&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620758926&mv=u&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620758926&mv=u&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.