4.4
中危
50 个模型检测该样本为恶意!
重新分析
更多

51b7c8cb8bab1320ae6905f2fb1c94749b1f4750570b7377e92b1888061bc319

7ceb3562fec50d874625c6dd7002534d.exe

分析耗时

91s

最近分析

文件大小

941.5KB
静态报毒 动态报毒 100% 6CW@AKXM0SII ADWAREX AI SCORE=72 AIDETECTVM ATTRIBUTE BUNDLER CHAPAK CLASSIC CONFIDENCE DHDZ ELDORADO FPWMDO FUERBOOSPMF GEN2 GENCIRC GENERICRXHO GENETIC GENKRYPTIK GRAYWARE GSPK HIGH CONFIDENCE HIGHCONFIDENCE ISTARTSURF ISTARTSURFINSTALLER KRYPTIK MALICIOUS PE MALWARE2 PREPSCRAM QVM19 R268776 RV@862X1F S6138443 SCORE SOFTWAREBUNDLER UNSAFE VITTALIA XPACK ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXHO-XO!7CEB3562FEC5 20200904 6.0.6.653
Alibaba 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Avast Win32:AdwareX-gen [Adw] 20200904 18.4.3895.0
Baidu 20190318 1.0.0.2
Kingsoft 20200904 2013.8.14.323
Tencent Malware.Win32.Gencirc.10b2103e 20200904 1.0.0.1
行为判定
动态指标
Performs some HTTP requests (1 个事件)
request GET http://d1hq9wbcfo7dcl.cloudfront.nethttp://d1hq9wbcfo7dcl.cloudfront.net/offer.php?affId=1006&trackingId=413000200&instId=11&ho_trackingid=HO413000200&cc=US&sb=x64&wv=7sp1&db=Chrome&uac=1&cid=45617f22da69ecdb42ae1967c0480004&v=3&net=4.0.30319&ie=8%2e0%2e7601%2e17514&res=800x600&osd=30&kid=hqmrb21b72anjqljunk
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1620765712.22175
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00401000
success 0 0
1620765714.00275
NtAllocateVirtualMemory
process_identifier: 284
region_size: 806912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01e80000
success 0 0
1620765714.00275
NtAllocateVirtualMemory
process_identifier: 284
region_size: 827392
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01f50000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 50 AntiVirus engines on VirusTotal as malicious (50 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
DrWeb Trojan.Vittalia.17867
MicroWorld-eScan Application.Bundler.BZJ
FireEye Generic.mg.7ceb3562fec50d87
CAT-QuickHeal Trojan.FuerboosPMF.S6138443
McAfee GenericRXHO-XO!7CEB3562FEC5
SUPERAntiSpyware Trojan.Agent/Gen-Chapak
Sangfor Malware
K7AntiVirus Trojan ( 0054f2991 )
K7GW Trojan ( 0054d83c1 )
CrowdStrike win/malicious_confidence_100% (D)
Arcabit Application.Bundler.BZJ
Invincea IStartSurfInstaller (PUA)
BitDefenderTheta Gen:NN.ZexaF.34216.6CW@aKXM0sii
Cyren W32/S-e98971d7!Eldorado
Symantec ML.Attribute.HighConfidence
Avast Win32:AdwareX-gen [Adw]
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Application.Bundler.BZJ
NANO-Antivirus Trojan.Win32.Vittalia.fpwmdo
Rising Trojan.Kryptik!1.B835 (CLASSIC)
Ad-Aware Application.Bundler.BZJ
Comodo Application.Win32.Prepscram.RV@862x1f
F-Secure Trojan.TR/Crypt.XPACK.Gen2
Sophos IStartSurfInstaller (PUA)
SentinelOne DFI - Malicious PE
Jiangmin Trojan.Chapak.dbn
Webroot W32.Adware.Gen
Avira TR/Crypt.XPACK.Gen2
Antiy-AVL GrayWare/Win32.Kryptik.dhx
Microsoft SoftwareBundler:Win32/Prepscram
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Application.Bundler.BZJ
Cynet Malicious (score: 90)
AhnLab-V3 PUP/Win32.IStartSurf.R268776
Acronis suspicious
VBA32 Trojan.Chapak
MAX malware (ai score=72)
Malwarebytes Adware.IStartSurf
APEX Malicious
ESET-NOD32 a variant of Win32/Kryptik.GSPK
Tencent Malware.Win32.Gencirc.10b2103e
Ikarus PUA.Win32.Prepscram
eGambit Unsafe.AI_Score_99%
Fortinet W32/GenKryptik.DHDZ!tr
AVG Win32:AdwareX-gen [Adw]
Cybereason malicious.2fec50
Panda Trj/Genetic.gen
Qihoo-360 HEUR/QVM19.1.B567.Malware.Gen
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 216.58.200.238:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-05-06 19:03:36

Imports

Library KERNEL32.dll:
0x419014 WriteConsoleW
0x419018 SetFilePointerEx
0x41901c GetConsoleMode
0x419024 VirtualProtect
0x419028 GetModuleHandleW
0x41902c CreateFileW
0x419030 CloseHandle
0x419034 GetConsoleWindow
0x419038 GetConsoleCP
0x41903c FlushFileBuffers
0x419040 HeapReAlloc
0x419044 HeapSize
0x419048 GetProcessHeap
0x41904c LCMapStringW
0x419050 CompareStringW
0x41905c GetCurrentProcess
0x419060 TerminateProcess
0x41906c GetCurrentProcessId
0x419070 GetCurrentThreadId
0x419078 InitializeSListHead
0x41907c IsDebuggerPresent
0x419080 GetStartupInfoW
0x419084 RtlUnwind
0x419088 RaiseException
0x41908c GetLastError
0x419090 SetLastError
0x419094 EncodePointer
0x4190a8 TlsAlloc
0x4190ac TlsGetValue
0x4190b0 TlsSetValue
0x4190b4 TlsFree
0x4190b8 FreeLibrary
0x4190bc GetProcAddress
0x4190c0 LoadLibraryExW
0x4190c4 GetStdHandle
0x4190c8 WriteFile
0x4190cc GetModuleFileNameW
0x4190d0 ExitProcess
0x4190d4 GetModuleHandleExW
0x4190d8 GetCommandLineA
0x4190dc GetCommandLineW
0x4190e0 HeapAlloc
0x4190e4 HeapFree
0x4190e8 FindClose
0x4190ec FindFirstFileExW
0x4190f0 FindNextFileW
0x4190f4 IsValidCodePage
0x4190f8 GetACP
0x4190fc GetOEMCP
0x419100 GetCPInfo
0x419104 MultiByteToWideChar
0x419108 WideCharToMultiByte
0x419118 SetStdHandle
0x41911c GetFileType
0x419120 GetStringTypeW
0x419124 DecodePointer
Library USER32.dll:
0x419150 ShowWindow
Library GDI32.dll:
0x419000 CreatePalette
0x419004 CreateHatchBrush
0x419008 CreateMetaFileW
0x41900c CreateSolidBrush
Library SHELL32.dll:
0x41912c
0x419134
0x419140 SHGetFolderPathW
0x419148

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49180 52.85.56.217 d1hq9wbcfo7dcl.cloudfront.net 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51379 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://d1hq9wbcfo7dcl.cloudfront.net/http://d1hq9wbcfo7dcl.cloudfront.net/offer.php?affId=1006&trackingId=413000200&instId=11&ho_trackingid=HO413000200&cc=US&sb=x64&wv=7sp1&db=Chrome&uac=1&cid=45617f22da69ecdb42ae1967c0480004&v=3&net=4.0.30319&ie=8%2e0%2e7601%2e17514&res=800x600&osd=30&kid=hqmrb21b72anjqljunk 
GET http://d1hq9wbcfo7dcl.cloudfront.net/offer.php?affId=1006&trackingId=413000200&instId=11&ho_trackingid=HO413000200&cc=US&sb=x64&wv=7sp1&db=Chrome&uac=1&cid=45617f22da69ecdb42ae1967c0480004&v=3&net=4.0.30319&ie=8%2e0%2e7601%2e17514&res=800x600&osd=30&kid=hqmrb21b72anjqljunk HTTP/1.1
Host: d1hq9wbcfo7dcl.cloudfront.net
Connection: close
Accept: */*
User-Agent:

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.