4.0
中危
52 个模型检测该样本为恶意!
重新分析
更多

f21ee25bdfd5269e5a7d3fc2f885ca2e23356c8bd78b2495fe2e6157a3c07c7c

7d4a2c1ffe8f5d04fa9530ca28b52664.exe

分析耗时

90s

最近分析

文件大小

2.3MB
静态报毒 动态报毒 100% AGNA AI SCORE=85 AIDETECTVM ATTRIBUTE BANKERX BSCOPE CONFIDENCE EHLS ELDORADO ENCPK GDSDA GENCIRC GENKRYPTIK GRAYWARE HACKTOOL HFYH HGXH HIGH CONFIDENCE HIGHCONFIDENCE HUSPLL KRAP KRYPTIK LKMC MALICIOUS PE MALWARE1 PINKSBOT QAKBOT QBOT R + MAL R349565 RAZY RFZ3EZUIUPE SCORE SMF1 UI0@AMKGCKLI ULMUN UNSAFE YAKES ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Baidu 20190318 1.0.0.2
Alibaba Trojan:Win32/Yakes.d20be219 20190527 0.3.0.5
Tencent Malware.Win32.Gencirc.11adcf1b 20201030 1.0.0.1
Kingsoft 20201030 2013.8.14.323
McAfee W32/PinkSbot-HC!7D4A2C1FFE8F 20201030 6.0.6.653
Avast 20201101 20.10.5736.0
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620786535.71375
NtAllocateVirtualMemory
process_identifier: 1244
region_size: 278528
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00660000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Razy.744623
FireEye Generic.mg.7d4a2c1ffe8f5d04
CAT-QuickHeal Trojan.Yakes
ALYac Gen:Variant.Razy.744623
Malwarebytes Backdoor.Qbot
VIPRE Trojan.Win32.Generic!BT
AegisLab Hacktool.Win32.Krap.lKMc
K7AntiVirus Trojan ( 0056d67c1 )
BitDefender Gen:Variant.Razy.744623
K7GW Trojan ( 0056d67c1 )
TrendMicro Backdoor.Win32.QAKBOT.SMF1
Cyren W32/RTM.A.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan.Win32.Yakes.vho
Alibaba Trojan:Win32/Yakes.d20be219
NANO-Antivirus Trojan.Win32.Yakes.huspll
Tencent Malware.Win32.Gencirc.11adcf1b
Ad-Aware Gen:Variant.Razy.744623
Emsisoft Gen:Variant.Razy.744623 (B)
F-Secure Trojan.TR/Kryptik.ulmun
Zillya Trojan.Yakes.Win32.82077
Invincea Mal/Generic-R + Mal/EncPk-APV
McAfee-GW-Edition W32/PinkSbot-HC!7D4A2C1FFE8F
Sophos Mal/EncPk-APV
Jiangmin Trojan.Yakes.agna
Avira TR/Kryptik.ulmun
eGambit Unsafe.AI_Score_98%
MAX malware (ai score=85)
Antiy-AVL GrayWare/Win32.Kryptik.ehls
Microsoft Trojan:Win32/Qbot.SM!MTB
Arcabit Trojan.Razy.DB5CAF
ZoneAlarm HEUR:Trojan.Win32.Yakes.vho
GData Gen:Variant.Razy.744623
Cynet Malicious (score: 100)
AhnLab-V3 Backdoor/Win32.Qakbot.R349565
McAfee W32/PinkSbot-HC!7D4A2C1FFE8F
VBA32 BScope.Malware-Cryptor.SB.01798
Cylance Unsafe
Panda Trj/GdSda.A
ESET-NOD32 a variant of Win32/Kryptik.HFYH
TrendMicro-HouseCall Backdoor.Win32.QAKBOT.SMF1
Rising Trojan.GenKryptik!8.AA55 (TFE:1:rFz3eZUIuPE)
SentinelOne DFI - Malicious PE
Fortinet W32/Kryptik.HGXH!tr
BitDefenderTheta Gen:NN.ZexaF.34590.uI0@amKGckli
AVG Win32:BankerX-gen [Trj]
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2097-10-18 04:01:18

Imports

Library KERNEL32.dll:
0x6501e4 GetLastError
0x6501e8 Sleep
0x6501ec VirtualAllocEx
0x6501f0 GetModuleHandleW
0x6501f4 FlushFileBuffers
0x6501f8 GetCurrentThreadId
0x6501fc GlobalMemoryStatus
0x650200 GetSystemInfo
0x650204 CreateFileA
0x650208 DeviceIoControl
0x65020c GetDiskFreeSpaceExA
0x650214 MulDiv
0x650218 WriteFile
0x65021c SetFilePointer
0x650220 SetErrorMode
0x650228 GetLongPathNameA
0x65022c GetSystemDirectoryA
0x650230 CreateMutexA
0x650238 GetModuleHandleA
0x65023c FormatMessageA
0x650240 VirtualQuery
0x650244 GlobalSize
0x650248 GlobalReAlloc
0x65024c lstrcmpiA
0x650250 GetCPInfo
0x650254 lstrlenW
0x650258 lstrlenA
0x65025c GetVersion
0x650260 FindResourceA
0x650264 SizeofResource
0x650268 LoadResource
0x65026c LockResource
0x650270 GlobalUnlock
0x650274 CopyFileA
0x650278 GetModuleFileNameA
0x650280 FindFirstFileA
0x650284 FindNextFileA
0x650288 FindClose
0x65028c MultiByteToWideChar
0x650290 SetEvent
0x650294 WaitForSingleObject
0x650298 CreateThread
0x65029c GlobalLock
0x6502a0 CloseHandle
0x6502a4 CreateEventA
0x6502a8 GetTempPathA
0x6502ac GetTempFileNameA
0x6502b0 GetCurrentProcessId
0x6502b4 GlobalAlloc
0x6502b8 GlobalFree
0x6502bc LoadLibraryA
0x6502c0 GetProcAddress
0x6502c4 GetDriveTypeA
0x6502cc GetShortPathNameA
0x6502d0 WinExec
0x6502d4 CreateDirectoryA
0x6502d8 MoveFileA
0x6502dc GetTickCount
0x6502e0 GetVersionExA
0x6502e4 ResumeThread
0x6502e8 TerminateThread
0x6502ec lstrcpyA
0x6502f0 RemoveDirectoryA
0x6502f4 DeleteFileA
0x6502f8 GetFileAttributesA
0x6502fc lstrcatA
0x650300 GetCurrentProcess
0x650304 GetStartupInfoA
0x650308 FreeLibrary
Library USER32.dll:
0x650310 LoadIconA
0x650314 GetAsyncKeyState
0x650318 CopyIcon
0x65031c GetKeyState
0x650320 AnyPopup
0x650324 IsCharLowerA
0x650328 GetShellWindow
0x65032c GetKeyboardType
0x650330 DestroyMenu
0x650334 CharNextA
0x65033c GetDialogBaseUnits
0x650340 GetMenu
0x650344 IsWindowUnicode
0x650348 VkKeyScanW
0x65034c GetCursor
0x650350 DrawMenuBar
0x650354 GetMessagePos
0x650360 LoadCursorW
0x650364 UnregisterClassW
0x650370 MessageBoxW
0x650374 RegisterClassW
0x650378 GetDesktopWindow
0x65037c CreateWindowExW
0x650380 SetWindowLongW
0x650384 GetWindowLongW
0x650388 DefWindowProcW
0x65038c PeekMessageW
0x650390 TranslateMessage
0x650394 DispatchMessageW
0x650398 DestroyWindow
Library GDI32.dll:
0x6503a0 GetEnhMetaFileBits
0x6503a4 GetStockObject
0x6503a8 SaveDC
0x6503ac AbortPath
0x6503b0 AddFontResourceW
0x6503b4 AddFontResourceA
0x6503b8 PathToRegion
0x6503bc GetObjectType
0x6503c0 EndPath
0x6503c4 DeleteObject
0x6503c8 GetTextColor
0x6503cc CancelDC
Library ADVAPI32.dll:
0x6503d4 RegOpenKeyW
0x6503d8 RegQueryValueExA
0x6503dc GetUserNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 63497 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60215 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.