SmartHawk

7.4

高危

56 个模型检测该样本为恶意！

重新分析

下载样本

0bda455745bf357aceefb490c19c47e70b7e65ea11fd9352200f98e795c8cbdc

7c2416abd19b740c7701bfac7daf232b.exe

分析耗时

73s

最近分析

文件大小

939.1KB

静态报毒动态报毒 100% 6Y1AAQIRKNMI AGENERIC AI SCORE=86 AIDETECTVM ARTEMIS CLASSIC COC@52VN2U CONFIDENCE CXHRX EKYOJ ELDORADO GENERICKD GENETIC HIGH CONFIDENCE HLCKWI MALICIOUS PE MALWARE1 QUHM9DRKW QVM19 R + MAL REMTASU SCORE STATIC AI THEMIDA UNSAFE VIRTUMOD XRAT XTRAT XTREME XTREMERAT ZEXAF ZUSY 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	Backdoor:Win32/Xtrat.449e5371	20190527	0.3.0.5
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0
Baidu		20190318	1.0.0.2
Avast	Win32:Malware-gen	20201210	21.1.5827.0
Tencent		20201211	1.0.0.1
Kingsoft		20201211	2017.9.26.565
McAfee	Artemis!7C2416ABD19B	20201211	6.0.6.653

Checks if process is being debugged by a debugger (31 个事件)

Time & API	Arguments	Status	Return	Repeated
1619649227.284081 IsDebuggerPresent		failed	0	0
1619649229.081081 IsDebuggerPresent		failed	0	0
1619649231.081081 IsDebuggerPresent		failed	0	0
1619649233.096081 IsDebuggerPresent		failed	0	0
1619649235.112081 IsDebuggerPresent		failed	0	0
1619649237.127081 IsDebuggerPresent		failed	0	0
1619649239.143081 IsDebuggerPresent		failed	0	0
1619649241.159081 IsDebuggerPresent		failed	0	0
1619649243.174081 IsDebuggerPresent		failed	0	0
1619649245.190081 IsDebuggerPresent		failed	0	0
1619649247.206081 IsDebuggerPresent		failed	0	0
1619649249.221081 IsDebuggerPresent		failed	0	0
1619649251.237081 IsDebuggerPresent		failed	0	0
1619649253.252081 IsDebuggerPresent		failed	0	0
1619649255.268081 IsDebuggerPresent		failed	0	0
1619649257.284081 IsDebuggerPresent		failed	0	0
1619649259.299081 IsDebuggerPresent		failed	0	0
1619649261.315081 IsDebuggerPresent		failed	0	0
1619649263.331081 IsDebuggerPresent		failed	0	0
1619649265.346081 IsDebuggerPresent		failed	0	0
1619649267.362081 IsDebuggerPresent		failed	0	0
1619649269.377081 IsDebuggerPresent		failed	0	0
1619649271.393081 IsDebuggerPresent		failed	0	0
1619649273.409081 IsDebuggerPresent		failed	0	0
1619649275.424081 IsDebuggerPresent		failed	0	0
1619649277.440081 IsDebuggerPresent		failed	0	0
1619649279.456081 IsDebuggerPresent		failed	0	0
1619649281.471081 IsDebuggerPresent		failed	0	0
1619649283.487081 IsDebuggerPresent		failed	0	0
1619649285.502081 IsDebuggerPresent		failed	0	0
1619649287.534081 IsDebuggerPresent		failed	0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (5 个事件)

section	\x00
section	.idata
section
section	nhgxrnnn
section	zgwhklkc

One or more processes crashed (50 out of 119 个事件)

Time & API	Arguments	Status
1619649226.612081 __exception__	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5 registers.esp: 1638276 registers.edi: 0 registers.eax: 1 registers.ebp: 1638292 registers.edx: 6262784 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 exception.instruction_r: fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0x12e0c9 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 1237193 exception.address: 0x52e0c9	success
1619649226.612081 __exception__	stacktrace: registers.esp: 1638244 registers.edi: 4445554 registers.eax: 25691 registers.ebp: 4117737492 registers.edx: 1910749778 registers.ebx: 0 registers.esi: 3 registers.ecx: 1983315968 exception.instruction_r: fb e9 d7 fe ff ff 81 c5 04 00 00 00 81 ed 04 00 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0x3ce6b exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 249451 exception.address: 0x43ce6b	success
1619649226.612081 __exception__	stacktrace: registers.esp: 1638244 registers.edi: 4445554 registers.eax: 26092 registers.ebp: 4117737492 registers.edx: 4472104 registers.ebx: 0 registers.esi: 3 registers.ecx: 1983315968 exception.instruction_r: fb 51 e9 5e ff ff ff 56 55 bd b4 03 6b 1e 89 ee exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0x3d840 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 251968 exception.address: 0x43d840	success
1619649226.612081 __exception__	stacktrace: registers.esp: 1638244 registers.edi: 4445554 registers.eax: 223465 registers.ebp: 4117737492 registers.edx: 4448476 registers.ebx: 0 registers.esi: 3 registers.ecx: 1983315968 exception.instruction_r: fb 83 ec 04 e9 42 fd ff ff 8b 04 24 81 c4 04 00 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0x3dd35 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 253237 exception.address: 0x43dd35	success
1619649226.612081 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4445554 registers.eax: 4708907 registers.ebp: 4117737492 registers.edx: 2130566132 registers.ebx: 38797904 registers.esi: 3 registers.ecx: 592 exception.instruction_r: fb 53 bb e3 50 b2 59 01 d8 5b 55 e9 c7 fc ff ff exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0x7e03d exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 516157 exception.address: 0x47e03d	success
1619649226.612081 __exception__	stacktrace: registers.esp: 1638244 registers.edi: 4445554 registers.eax: 4712227 registers.ebp: 4117737492 registers.edx: 2130566132 registers.ebx: 0 registers.esi: 3 registers.ecx: 432617 exception.instruction_r: fb 68 71 36 00 00 89 3c 24 68 cb 6f 2c 10 e9 00 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0x7dc84 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 515204 exception.address: 0x47dc84	success
1619649226.612081 __exception__	stacktrace: registers.esp: 1638244 registers.edi: 199913 registers.eax: 26616 registers.ebp: 4117737492 registers.edx: 4745815 registers.ebx: 4714675 registers.esi: 1164460653 registers.ecx: 4294943196 exception.instruction_r: fb e9 95 02 00 00 89 1c 24 54 5b 81 c3 04 00 00 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0x8058b exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 525707 exception.address: 0x48058b	success
1619649226.612081 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 3026442 registers.eax: 31313 registers.ebp: 4117737492 registers.edx: 4724160 registers.ebx: 4714675 registers.esi: 1164460653 registers.ecx: 0 exception.instruction_r: fb 57 bf 2b 2d ad 5a e9 c3 01 00 00 ba 00 00 00 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0x818fb exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 530683 exception.address: 0x4818fb	success
1619649226.612081 __exception__	stacktrace: registers.esp: 1638244 registers.edi: 3026442 registers.eax: 31313 registers.ebp: 4117737492 registers.edx: 4755473 registers.ebx: 4714675 registers.esi: 1164460653 registers.ecx: 0 exception.instruction_r: fb 52 50 68 cc 4b 03 0f 58 25 14 72 b5 1f 25 90 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0x81d97 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 531863 exception.address: 0x481d97	success
1619649226.612081 __exception__	stacktrace: registers.esp: 1638244 registers.edi: 3026442 registers.eax: 134889 registers.ebp: 4117737492 registers.edx: 4755473 registers.ebx: 4294939020 registers.esi: 1164460653 registers.ecx: 0 exception.instruction_r: fb e9 ab fb ff ff 89 e0 e9 b5 f8 ff ff 81 c4 04 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0x82118 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 532760 exception.address: 0x482118	success
1619649226.627081 __exception__	stacktrace: registers.esp: 1638236 registers.edi: 3026442 registers.eax: 1447909480 registers.ebp: 4117737492 registers.edx: 22104 registers.ebx: 1983254709 registers.esi: 4748130 registers.ecx: 20 exception.instruction_r: ed 64 8f 05 00 00 00 00 e9 ee 0f 00 00 52 ba 01 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0x8793f exception.instruction: in eax, dx exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 555327 exception.address: 0x48793f	success
1619649226.627081 __exception__	stacktrace: registers.esp: 1638236 registers.edi: 3026442 registers.eax: 1 registers.ebp: 4117737492 registers.edx: 22104 registers.ebx: 0 registers.esi: 4748130 registers.ecx: 20 exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0x8b189 exception.address: 0x48b189 exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc000001d exception.offset: 569737	success
1619649226.627081 __exception__	stacktrace: registers.esp: 1638236 registers.edi: 3026442 registers.eax: 1447909480 registers.ebp: 4117737492 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 4748130 registers.ecx: 10 exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 1d 31 d4 0a 01 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0x87c7b exception.instruction: in eax, dx exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 556155 exception.address: 0x487c7b	success
1619649226.815081 __exception__	stacktrace: registers.esp: 1638244 registers.edi: 4294939076 registers.eax: 31687 registers.ebp: 4117737492 registers.edx: 233396064 registers.ebx: 4807049 registers.esi: 10 registers.ecx: 3232038912 exception.instruction_r: fb 50 89 2c 24 e9 01 f9 ff ff 81 c7 04 00 00 00 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0x8e57a exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 583034 exception.address: 0x48e57a	success
1619649226.815081 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 0 registers.eax: 1638204 registers.ebp: 4117737492 registers.edx: 0 registers.ebx: 4779724 registers.esi: 4779063 registers.ecx: 4779063 exception.instruction_r: cd 01 eb 00 6a 00 57 e8 03 00 00 00 20 5f c3 5f exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0x8ed4f exception.instruction: int 1 exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000005 exception.offset: 585039 exception.address: 0x48ed4f	success
1619649227.002081 __exception__	stacktrace: registers.esp: 1638240 registers.edi: 4439822 registers.eax: 26899 registers.ebp: 4117737492 registers.edx: 6 registers.ebx: 26487206 registers.esi: 4820453 registers.ecx: 0 exception.instruction_r: fb e9 a5 09 00 00 29 f0 e9 51 ff ff ff 31 34 24 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0x98ea6 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 626342 exception.address: 0x498ea6	success
1619649227.002081 __exception__	stacktrace: registers.esp: 1638244 registers.edi: 4439822 registers.eax: 26899 registers.ebp: 4117737492 registers.edx: 6 registers.ebx: 26487206 registers.esi: 4847352 registers.ecx: 0 exception.instruction_r: fb 57 50 b8 97 21 6f 5e c1 e0 03 35 1f 7f 3d a9 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0x9966b exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 628331 exception.address: 0x49966b	success
1619649227.002081 __exception__	stacktrace: registers.esp: 1638244 registers.edi: 4439822 registers.eax: 26899 registers.ebp: 4117737492 registers.edx: 539625 registers.ebx: 26487206 registers.esi: 4823220 registers.ecx: 0 exception.instruction_r: fb 68 a2 23 00 00 e9 f1 f9 ff ff 81 f7 49 04 1d exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0x9957f exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 628095 exception.address: 0x49957f	success
1619649227.002081 __exception__	stacktrace: registers.esp: 1638236 registers.edi: 4439822 registers.eax: 31495 registers.ebp: 4117737492 registers.edx: 4871048 registers.ebx: 26487206 registers.esi: 4823220 registers.ecx: 539625 exception.instruction_r: fb 68 00 00 00 00 ff 34 24 ff 34 24 e9 50 00 00 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0x9e312 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 647954 exception.address: 0x49e312	success
1619649227.002081 __exception__	stacktrace: registers.esp: 1638236 registers.edi: 4122962 registers.eax: 31495 registers.ebp: 4117737492 registers.edx: 4871048 registers.ebx: 4294938776 registers.esi: 4823220 registers.ecx: 539625 exception.instruction_r: fb 68 cb 66 00 00 e9 6a fd ff ff be 04 00 00 00 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0x9e10e exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 647438 exception.address: 0x49e10e	success
1619649227.002081 __exception__	stacktrace: registers.esp: 1638232 registers.edi: 4122962 registers.eax: 28438 registers.ebp: 4117737492 registers.edx: 4842771 registers.ebx: 4294938776 registers.esi: 4823220 registers.ecx: 539625 exception.instruction_r: fb 50 51 b9 e0 70 6e 4c 89 c8 59 c1 e0 02 55 50 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0x9ed62 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 650594 exception.address: 0x49ed62	success
1619649227.002081 __exception__	stacktrace: registers.esp: 1638236 registers.edi: 4122962 registers.eax: 28438 registers.ebp: 4117737492 registers.edx: 4871209 registers.ebx: 4294938776 registers.esi: 4823220 registers.ecx: 539625 exception.instruction_r: fb 68 d7 18 00 00 ff 34 24 ff 34 24 8b 0c 24 51 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0x9e752 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 649042 exception.address: 0x49e752	success
1619649227.002081 __exception__	stacktrace: registers.esp: 1638236 registers.edi: 82608469 registers.eax: 28438 registers.ebp: 4117737492 registers.edx: 4845773 registers.ebx: 4294938776 registers.esi: 4823220 registers.ecx: 0 exception.instruction_r: fb 57 bf 97 50 77 57 55 68 57 78 88 40 8b 2c 24 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0x9edd7 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 650711 exception.address: 0x49edd7	success
1619649227.002081 __exception__	stacktrace: registers.esp: 1638232 registers.edi: 82608469 registers.eax: 4846251 registers.ebp: 4117737492 registers.edx: 4845773 registers.ebx: 123136138 registers.esi: 4823220 registers.ecx: 2011404426 exception.instruction_r: fb 2d 96 0d 93 13 05 3c 45 c3 19 2d 61 1a 03 49 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0x9f3be exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 652222 exception.address: 0x49f3be	success
1619649227.002081 __exception__	stacktrace: registers.esp: 1638236 registers.edi: 0 registers.eax: 4849060 registers.ebp: 4117737492 registers.edx: 4845773 registers.ebx: 123136138 registers.esi: 66281 registers.ecx: 2011404426 exception.instruction_r: fb 50 e9 a3 fc ff ff 81 c6 04 00 00 00 e9 76 fd exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0x9f9b4 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 653748 exception.address: 0x49f9b4	success
1619649227.049081 __exception__	stacktrace: registers.esp: 1638236 registers.edi: 1166475412 registers.eax: 30428 registers.ebp: 4117737492 registers.edx: 1723711319 registers.ebx: 4924131 registers.esi: 45225 registers.ecx: 3232038912 exception.instruction_r: fb 31 d2 e9 dd fd ff ff 5a 5a 68 9d 7d 00 00 89 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0xab357 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 701271 exception.address: 0x4ab357	success
1619649227.049081 __exception__	stacktrace: registers.esp: 1638236 registers.edi: 1166475412 registers.eax: 30428 registers.ebp: 4117737492 registers.edx: 4294939356 registers.ebx: 4924131 registers.esi: 45225 registers.ecx: 116969 exception.instruction_r: fb 68 72 4a 92 33 ff 34 24 e9 ad 03 00 00 55 52 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0xaad61 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 699745 exception.address: 0x4aad61	success
1619649227.081081 __exception__	stacktrace: registers.esp: 1638200 registers.edi: 4970631 registers.eax: 29209 registers.ebp: 4117737492 registers.edx: 2130566132 registers.ebx: 4096 registers.esi: 4974378 registers.ecx: 2135536034 exception.instruction_r: fb 81 ef ec 0f 12 56 81 ec 04 00 00 00 89 1c 24 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0xbe31f exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 779039 exception.address: 0x4be31f	success
1619649227.081081 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 4999840 registers.eax: 29209 registers.ebp: 4117737492 registers.edx: 2130566132 registers.ebx: 4096 registers.esi: 4974378 registers.ecx: 2135536034 exception.instruction_r: fb 68 1a 5e 00 00 89 14 24 e9 4e 03 00 00 5d e9 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0xbdb19 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 776985 exception.address: 0x4bdb19	success
1619649227.081081 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 4973944 registers.eax: 2041757270 registers.ebp: 4117737492 registers.edx: 2130566132 registers.ebx: 0 registers.esi: 4974378 registers.ecx: 2135536034 exception.instruction_r: fb 50 52 ba 46 61 8c 63 81 f2 a2 02 1c 7e 81 ca exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0xbe0d6 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 778454 exception.address: 0x4be0d6	success
1619649227.081081 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 4973944 registers.eax: 32055 registers.ebp: 4117737492 registers.edx: 2033719911 registers.ebx: 0 registers.esi: 5006283 registers.ecx: 322094082 exception.instruction_r: fb 29 c9 ff 34 31 e9 60 00 00 00 bf 14 1a f7 66 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0xbef2a exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 782122 exception.address: 0x4bef2a	success
1619649227.096081 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 4973944 registers.eax: 1133481357 registers.ebp: 4117737492 registers.edx: 2033719911 registers.ebx: 0 registers.esi: 5006283 registers.ecx: 4294938244 exception.instruction_r: fb 50 89 e0 56 e9 2e 01 00 00 51 b9 ab 03 af 38 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0xbe746 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 780102 exception.address: 0x4be746	success
1619649227.096081 __exception__	stacktrace: registers.esp: 1638200 registers.edi: 4979784 registers.eax: 25721 registers.ebp: 4117737492 registers.edx: 2130566132 registers.ebx: 35328 registers.esi: 5006283 registers.ecx: 2005871740 exception.instruction_r: fb 53 55 bd 51 72 50 0d bb 1a bd 0a 4d 29 eb 5d exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0xbfe47 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 785991 exception.address: 0x4bfe47	success
1619649227.096081 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 5005505 registers.eax: 25721 registers.ebp: 4117737492 registers.edx: 2130566132 registers.ebx: 4294943980 registers.esi: 5006283 registers.ecx: 1452182925 exception.instruction_r: fb e9 1b f8 ff ff 89 3c 24 89 14 24 89 e2 81 c2 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0xc050a exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 787722 exception.address: 0x4c050a	success
1619649227.112081 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 0 registers.eax: 4996279 registers.ebp: 4117737492 registers.edx: 2130378752 registers.ebx: 65802 registers.esi: 6650667 registers.ecx: 856006029 exception.instruction_r: fb 68 79 52 00 00 e9 96 fd ff ff 8b 14 24 51 54 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0xc3ab9 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 801465 exception.address: 0x4c3ab9	success
1619649227.112081 __exception__	stacktrace: registers.esp: 1638200 registers.edi: 0 registers.eax: 30472 registers.ebp: 4117737492 registers.edx: 2130378752 registers.ebx: 4449049 registers.esi: 5002169 registers.ecx: 856006029 exception.instruction_r: fb 81 ee 26 3c d4 76 52 ba b1 67 53 60 29 d6 8b exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0xc5acc exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 809676 exception.address: 0x4c5acc	success
1619649227.112081 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 0 registers.eax: 30472 registers.ebp: 4117737492 registers.edx: 2130378752 registers.ebx: 4449049 registers.esi: 5032641 registers.ecx: 856006029 exception.instruction_r: fb 31 c9 ff 34 31 8b 1c 24 68 88 41 00 00 89 34 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0xc5c5e exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 810078 exception.address: 0x4c5c5e	success
1619649227.112081 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 0 registers.eax: 30472 registers.ebp: 4117737492 registers.edx: 2130378752 registers.ebx: 71913 registers.esi: 5032641 registers.ecx: 4294939440 exception.instruction_r: fb 68 c4 d2 97 24 ff 34 24 5b 53 e9 1d 03 00 00 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0xc586b exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 809067 exception.address: 0x4c586b	success
1619649227.112081 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 5041433 registers.eax: 29096 registers.ebp: 4117737492 registers.edx: 4294940772 registers.ebx: 18938888 registers.esi: 3508629276 registers.ecx: 7849576 exception.instruction_r: fb e9 d8 fd ff ff 55 bd 0b 08 01 00 29 ef 5d 89 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0xc8146 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 819526 exception.address: 0x4c8146	success
1619649227.112081 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 5041433 registers.eax: 30662 registers.ebp: 4117737492 registers.edx: 122904761 registers.ebx: 113530218 registers.esi: 5045811 registers.ecx: 7849576 exception.instruction_r: fb 29 d2 ff 34 32 e9 18 f8 ff ff 5c 81 ec 04 00 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0xc8fc4 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 823236 exception.address: 0x4c8fc4	success
1619649227.112081 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 5041433 registers.eax: 30662 registers.ebp: 4117737492 registers.edx: 4294939312 registers.ebx: 3880522344 registers.esi: 5045811 registers.ecx: 7849576 exception.instruction_r: fb 68 4d df 03 7d ff 34 24 e9 e6 fc ff ff 29 d5 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0xc9071 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 823409 exception.address: 0x4c9071	success
1619649227.112081 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 5041433 registers.eax: 29083 registers.ebp: 4117737492 registers.edx: 58795849 registers.ebx: 1266390024 registers.esi: 5047126 registers.ecx: 7849576 exception.instruction_r: fb 31 c0 ff 34 06 e9 b3 ff ff ff 81 c4 04 00 00 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0xc9665 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 824933 exception.address: 0x4c9665	success
1619649227.112081 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 26857 registers.eax: 4294940548 registers.ebp: 4117737492 registers.edx: 58795849 registers.ebx: 1266390024 registers.esi: 5047126 registers.ecx: 7849576 exception.instruction_r: fb e9 bd fa ff ff 56 89 e6 e9 74 fb ff ff c1 e6 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0xc97d9 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 825305 exception.address: 0x4c97d9	success
1619649227.268081 __exception__	stacktrace: registers.esp: 1638200 registers.edi: 0 registers.eax: 5052046 registers.ebp: 4117737492 registers.edx: 106157268 registers.ebx: 5040800 registers.esi: 34577232 registers.ecx: 33024 exception.instruction_r: fb e9 f6 fc ff ff 2d 31 1f 77 67 01 f8 05 31 1f exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0xd1ad1 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 858833 exception.address: 0x4d1ad1	success
1619649227.268081 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 0 registers.eax: 5055375 registers.ebp: 4117737492 registers.edx: 0 registers.ebx: 5040800 registers.esi: 9193 registers.ecx: 33024 exception.instruction_r: fb 51 68 b1 15 ac 5c 59 81 e9 01 00 00 00 c1 e1 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0xd16d8 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 857816 exception.address: 0x4d16d8	success
1619649227.284081 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 5059026 registers.eax: 27169 registers.ebp: 4117737492 registers.edx: 582600 registers.ebx: 1 registers.esi: 5067039 registers.ecx: 5093862 exception.instruction_r: fb 29 db 52 89 da 81 c2 00 00 00 00 81 c2 72 74 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0xd509f exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 872607 exception.address: 0x4d509f	success
1619649227.284081 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 5059026 registers.eax: 2892074381 registers.ebp: 4117737492 registers.edx: 582600 registers.ebx: 4294943144 registers.esi: 5067039 registers.ecx: 5093862 exception.instruction_r: fb 68 c5 5e 00 00 89 3c 24 e9 94 01 00 00 8f 04 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0xd5344 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 873284 exception.address: 0x4d5344	success
1619649227.346081 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 4294939812 registers.eax: 5116650 registers.ebp: 4117737492 registers.edx: 322689 registers.ebx: 5077695 registers.esi: 34577232 registers.ecx: 33024 exception.instruction_r: fb 53 e9 71 04 00 00 81 ed 3f 2d 9b 69 01 cd 81 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0xd9ce1 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 892129 exception.address: 0x4d9ce1	success
1619649227.346081 __exception__	stacktrace: registers.esp: 1638200 registers.edi: 4294939812 registers.eax: 5089626 registers.ebp: 4117737492 registers.edx: 824085085 registers.ebx: 5077695 registers.esi: 34577232 registers.ecx: 1762159729 exception.instruction_r: fb 51 56 e9 b2 03 00 00 01 f1 5e 53 52 68 66 6b exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0xdae4d exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 896589 exception.address: 0x4dae4d	success
1619649227.346081 __exception__	stacktrace: registers.esp: 1638204 registers.edi: 4294939812 registers.eax: 5119000 registers.ebp: 4117737492 registers.edx: 824085085 registers.ebx: 5077695 registers.esi: 34577232 registers.ecx: 1762159729 exception.instruction_r: fb 68 1f 1a 00 00 ff 34 24 5b 51 89 e1 e9 5f fc exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0xdaee9 exception.instruction: sti exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 896745 exception.address: 0x4daee9	success

Allocates read-write-execute memory (usually to unpack itself) (18 个事件)

Time & API	Arguments	Status
1619649227.518081 NtProtectVirtualMemory	process_identifier: 2200 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x77dcf000	success
1619649227.518081 NtProtectVirtualMemory	process_identifier: 2200 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x77d40000	success
1619649227.643081 NtProtectVirtualMemory	process_identifier: 2200 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 94208 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x00401000	success
1619649227.721081 NtAllocateVirtualMemory	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x040e0000	success
1619649227.721081 NtAllocateVirtualMemory	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x040f0000	success
1619649227.721081 NtAllocateVirtualMemory	process_identifier: 2200 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x04100000	success
1619649227.721081 NtAllocateVirtualMemory	process_identifier: 2200 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x04150000	success
1619649227.721081 NtAllocateVirtualMemory	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x04160000	success
1619649227.721081 NtAllocateVirtualMemory	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x04170000	success
1619649227.721081 NtAllocateVirtualMemory	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x04180000	success
1619649227.737081 NtAllocateVirtualMemory	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x04190000	success
1619649227.737081 NtAllocateVirtualMemory	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x041a0000	success
1619649227.737081 NtAllocateVirtualMemory	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x046c0000	success
1619649227.737081 NtAllocateVirtualMemory	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x046d0000	success
1619649227.737081 NtAllocateVirtualMemory	process_identifier: 2200 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x04720000	success
1619649227.737081 NtAllocateVirtualMemory	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x04730000	success
1619649227.737081 NtAllocateVirtualMemory	process_identifier: 2200 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x04740000	success
1619649227.737081 NtAllocateVirtualMemory	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x04750000	success

A process attempted to delay the analysis task. (1 个事件)

description

7c2416abd19b740c7701bfac7daf232b.exe tried to sleep 540 seconds, actually delayed analysis time by 540 seconds

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619649227.784081 NtProtectVirtualMemory	process_identifier: 2200 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 24576 protection: 32 (PAGE_EXECUTE_READ) process_handle: 0xffffffff base_address: 0x04040000	success	0	0

The binary likely contains encrypted or compressed data indicative of a packer (4 个事件)

entropy

7.959736850562741

section

{'size_of_data': '0x00017000', 'virtual_address': '0x00001000', 'entropy': 7.959736850562741, 'name': ' \\x00 ', 'virtual_size': '0x00032000'}

description

A section with a high entropy has been found

entropy

7.523454328130191

section

{'size_of_data': '0x00004000', 'virtual_address': '0x00033000', 'entropy': 7.523454328130191, 'name': '.rsrc', 'virtual_size': '0x00006d4c'}

description

A section with a high entropy has been found

entropy

7.861382049801123

section

{'size_of_data': '0x000cb000', 'virtual_address': '0x0012e000', 'entropy': 7.861382049801123, 'name': 'nhgxrnnn', 'virtual_size': '0x000cb000'}

description

A section with a high entropy has been found

entropy

0.9871244635193133

description

Overall entropy of this PE file is high

Expresses interest in specific running processes (1 个事件)

process

system

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Checks for the presence of known devices from debuggers and forensic tools (3 个事件)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (50 out of 185 个事件)

Time & API	Arguments	Status
1619649227.127081 FindWindowA	class_name: OLLYDBG window_name:	failed
1619649227.127081 FindWindowA	class_name: GBDYLLO window_name:	failed
1619649227.127081 FindWindowA	class_name: pediy06 window_name:	failed
1619649227.315081 FindWindowA	class_name: FilemonClass window_name:	failed
1619649227.315081 FindWindowA	class_name: FilemonClass window_name:	failed
1619649227.315081 FindWindowA	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com	failed
1619649227.315081 FindWindowA	class_name: PROCMON_WINDOW_CLASS window_name:	failed
1619649227.331081 FindWindowA	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com	failed
1619649227.362081 FindWindowA	class_name: RegmonClass window_name:	failed
1619649227.362081 FindWindowA	class_name: RegmonClass window_name:	failed
1619649227.362081 FindWindowA	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com	failed
1619649227.362081 FindWindowA	class_name: 18467-41 window_name:	failed
1619649227.659081 FindWindowA	class_name: FilemonClass window_name:	failed
1619649227.659081 FindWindowA	class_name: FilemonClass window_name:	failed
1619649227.659081 FindWindowA	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com	failed
1619649227.659081 FindWindowA	class_name: PROCMON_WINDOW_CLASS window_name:	failed
1619649227.659081 FindWindowA	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com	failed
1619649229.081081 FindWindowA	class_name: OLLYDBG window_name:	failed
1619649229.081081 FindWindowA	class_name: GBDYLLO window_name:	failed
1619649229.081081 FindWindowA	class_name: pediy06 window_name:	failed
1619649231.081081 FindWindowA	class_name: OLLYDBG window_name:	failed
1619649231.081081 FindWindowA	class_name: GBDYLLO window_name:	failed
1619649231.081081 FindWindowA	class_name: pediy06 window_name:	failed
1619649231.721081 FindWindowA	class_name: Regmonclass window_name:	failed
1619649231.721081 FindWindowA	class_name: Regmonclass window_name:	failed
1619649232.034081 FindWindowA	class_name: 18467-41 window_name:	failed
1619649232.346081 FindWindowA	class_name: Filemonclass window_name:	failed
1619649232.346081 FindWindowA	class_name: Filemonclass window_name:	failed
1619649232.346081 FindWindowA	class_name: PROCMON_WINDOW_CLASS window_name:	failed
1619649233.096081 FindWindowA	class_name: OLLYDBG window_name:	failed
1619649233.096081 FindWindowA	class_name: GBDYLLO window_name:	failed
1619649233.096081 FindWindowA	class_name: pediy06 window_name:	failed
1619649235.112081 FindWindowA	class_name: OLLYDBG window_name:	failed
1619649235.112081 FindWindowA	class_name: GBDYLLO window_name:	failed
1619649235.112081 FindWindowA	class_name: pediy06 window_name:	failed
1619649236.346081 FindWindowA	class_name: Regmonclass window_name:	failed
1619649236.346081 FindWindowA	class_name: Regmonclass window_name:	failed
1619649236.659081 FindWindowA	class_name: 18467-41 window_name:	failed
1619649236.971081 FindWindowA	class_name: Filemonclass window_name:	failed
1619649236.971081 FindWindowA	class_name: Filemonclass window_name:	failed
1619649236.971081 FindWindowA	class_name: PROCMON_WINDOW_CLASS window_name:	failed
1619649237.127081 FindWindowA	class_name: OLLYDBG window_name:	failed
1619649237.127081 FindWindowA	class_name: GBDYLLO window_name:	failed
1619649237.127081 FindWindowA	class_name: pediy06 window_name:	failed
1619649239.143081 FindWindowA	class_name: OLLYDBG window_name:	failed
1619649239.143081 FindWindowA	class_name: GBDYLLO window_name:	failed
1619649239.143081 FindWindowA	class_name: pediy06 window_name:	failed
1619649240.971081 FindWindowA	class_name: Regmonclass window_name:	failed
1619649240.971081 FindWindowA	class_name: Regmonclass window_name:	failed
1619649241.159081 FindWindowA	class_name: OLLYDBG window_name:	failed

Detects VirtualBox through the presence of a registry key (1 个事件)

registry

HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Detects VMWare through the in instruction feature (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619649226.627081 __exception__	stacktrace: registers.esp: 1638236 registers.edi: 3026442 registers.eax: 1447909480 registers.ebp: 4117737492 registers.edx: 22104 registers.ebx: 1983254709 registers.esi: 4748130 registers.ecx: 20 exception.instruction_r: ed 64 8f 05 00 00 00 00 e9 ee 0f 00 00 52 ba 01 exception.symbol: 7c2416abd19b740c7701bfac7daf232b+0x8793f exception.instruction: in eax, dx exception.module: 7c2416abd19b740c7701bfac7daf232b.exe exception.exception_code: 0xc0000096 exception.offset: 555327 exception.address: 0x48793f	success	0	0

Detects the presence of Wine emulator (1 个事件)

registry

HKEY_CURRENT_USER\Software\Wine

File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.40650649
FireEye	Generic.mg.7c2416abd19b740c
ALYac	Trojan.GenericKD.40650649
Cylance	Unsafe
Zillya	Trojan.Packed.Win32.124354
Sangfor	Malware
K7AntiVirus	Trojan ( 005464661 )
Alibaba	Backdoor:Win32/Xtrat.449e5371
K7GW	Trojan ( 005464661 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Generic.D26C4799
Cyren	W32/Zusy.BU.gen!Eldorado
Symantec	SMG.Heur!gen
APEX	Malicious
Avast	Win32:Malware-gen
ClamAV	Win.Malware.Zusy-6622765-0
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Trojan.GenericKD.40650649
NANO-Antivirus	Trojan.Win32.Virtumod.hlckwi
Paloalto	generic.ml
Ad-Aware	Trojan.GenericKD.40650649
Sophos	Mal/Generic-R + Mal/Agent-ATJ
Comodo	TrojWare.Win32.Agent.COC@52vn2u
F-Secure	Trojan.TR/AD.XtremeRAT.cxhrx
DrWeb	Trojan.Virtumod.11842
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Generic.dc
Emsisoft	Trojan.GenericKD.40650649 (B)
SentinelOne	Static AI - Malicious PE
Jiangmin	Trojan.Generic.ekyoj
Avira	TR/AD.XtremeRAT.cxhrx
Antiy-AVL	Trojan/Win32.AGeneric
Gridinsoft	Trojan.Win32.Agent.bot!s1
Microsoft	Backdoor:Win32/Xtrat
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Win32.Backdoor.XRat.A
Cynet	Malicious (score: 100)
AhnLab-V3	Backdoor/Win32.Xtreme.C2357910
Acronis	suspicious
McAfee	Artemis!7C2416ABD19B
MAX	malware (ai score=86)
VBA32	Backdoor.Xtreme
Malwarebytes	Trojan.KeyLogger
ESET-NOD32	Win32/Remtasu.S
Rising	Backdoor.Xtrat!1.B38D (CLASSIC)
Yandex	Riskware.Themida!QUHm9DRKW/g
Ikarus	Virus.Win32.VBInject
eGambit	Trojan.Generic

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2017-09-03 09:10:44

Imports

Library kernel32.dll:

• 0x43a033 lstrcpy

Library comctl32.dll:

• 0x43a03b InitCommonControls

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	50537	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.