SmartHawk

3.8

中危

42 个模型检测该样本为恶意！

重新分析

下载样本

e1b5016103230fca60e8442f497393bf6d679550043edcf748a9aa3537a6cb58

7e5f007c2b07551567c07c7451e9fa39.exe

分析耗时

20s

最近分析

文件大小

619.1KB

静态报毒动态报毒 AFPU AI SCORE=87 AIDETECTVM AJVZ ARTEMIS BQY0OOGBUCE CLASSIC CONFIDENCE EGTDJH FTDM GDSDA GENASA GENERIC ML PUA GOFOT GRAFTOR HIGH CONFIDENCE KCLOUD MALICIOUS PE MALWARE1 MALWARE@#LE6ISXF0STTR R344203 SCORE STATIC AI TNX0 TROJDOWNLOADER UNSAFE UPATRE WACATAC 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Artemis!7E5F007C2B07	20201211	6.0.6.653
Alibaba	TrojanDownloader:Win32/Upatre.752d16e6	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast		20201210	21.1.5827.0
Tencent	Win32.Trojan-downloader.Upatre.Ajvz	20201211	1.0.0.1
Kingsoft	Win32.TrojDownloader.Upatre.ft.(kcloud)	20201211	2017.9.26.565
CrowdStrike	win/malicious_confidence_90% (W)	20190702	1.0

The executable uses a known packer (1 个事件)

packer

Armadillo v1.71

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.51580513327938

section

{'size_of_data': '0x00afa000', 'virtual_address': '0x00027000', 'entropy': 7.51580513327938, 'name': '.data', 'virtual_size': '0x00b0ff7c'}

description

A section with a high entropy has been found

entropy

0.98458304134548

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (3 个事件)

host	113.108.239.196
host	151.139.128.14
host	172.217.24.14

File has been identified by 42 AntiVirus engines on VirusTotal as malicious (42 个事件)

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Graftor.764660
FireEye	Generic.mg.7e5f007c2b075515
McAfee	Artemis!7E5F007C2B07
Alibaba	TrojanDownloader:Win32/Upatre.752d16e6
Cybereason	malicious.c358ff
Arcabit	Trojan.Graftor.DBAAF4
APEX	Malicious
Kaspersky	Trojan-Downloader.Win32.Upatre.ftdm
BitDefender	Gen:Variant.Graftor.764660
NANO-Antivirus	Trojan.Win32.Upatre.egtdjh
Paloalto	generic.ml
AegisLab	Trojan.Win32.Upatre.tnx0
Tencent	Win32.Trojan-downloader.Upatre.Ajvz
Ad-Aware	Gen:Variant.Graftor.764660
Sophos	Generic ML PUA (PUA)
Comodo	Malware@#le6isxf0sttr
Zillya	Downloader.Upatre.Win32.62534
McAfee-GW-Edition	Artemis!Trojan
Emsisoft	Gen:Variant.Graftor.764660 (B)
SentinelOne	Static AI - Malicious PE
Jiangmin	TrojanDownloader.Upatre.afpu
eGambit	Unsafe.AI_Score_99%
Antiy-AVL	Trojan[Downloader]/Win32.Upatre
Kingsoft	Win32.TrojDownloader.Upatre.ft.(kcloud)
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	Trojan-Downloader.Win32.Upatre.ftdm
GData	Gen:Variant.Graftor.764660
Cynet	Malicious (score: 100)
AhnLab-V3	Downloader/Win32.RL_Upatre.R344203
ALYac	Gen:Variant.Graftor.764660
MAX	malware (ai score=87)
VBA32	TrojanDownloader.Upatre
Rising	Trojan.Injector!1.A1C3 (CLASSIC)
Yandex	Trojan.GenAsa!Bqy0OogBUcE
Ikarus	Trojan-Downloader.Win32.Upatre
MaxSecure	CORRUPT:Trojan.Gofot.ges
Fortinet	W32/Upatre.FTDM!tr.dldr
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_90% (W)
Qihoo-360	Win32/Trojan.Downloader.fb1

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)

dead_host	192.168.56.101:49186
dead_host	192.168.56.101:49185

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2015-07-23 11:28:33

Imports

Library KERNEL32.dll:

• 0x421080 LoadLibraryA

• 0x421084 GetProcAddress

• 0x421088 FreeLibrary

• 0x42108c GetModuleFileNameA

• 0x421090 GetCommandLineA

• 0x421094 GlobalAlloc

• 0x421098 GlobalLock

• 0x42109c GlobalUnlock

• 0x4210a0 GlobalFree

• 0x4210a4 GetUserDefaultLCID

• 0x4210a8 GetStartupInfoA

• 0x4210ac CreateProcessA

• 0x4210b0 WaitForSingleObject

• 0x4210b4 WriteFile

• 0x4210b8 CreateFileA

• 0x4210bc GetFileSize

• 0x4210c0 ReadFile

• 0x4210c4 CloseHandle

• 0x4210c8 IsBadReadPtr

• 0x4210cc HeapFree

• 0x4210d0 HeapReAlloc

• 0x4210d4 HeapAlloc

• 0x4210d8 ExitProcess

• 0x4210dc GetModuleHandleA

• 0x4210e0 GetProcessHeap

• 0x4210e4 WideCharToMultiByte

• 0x4210e8 MultiByteToWideChar

• 0x4210ec SetEndOfFile

• 0x4210f0 SetFilePointer

• 0x4210f4 SetStdHandle

• 0x4210f8 IsBadCodePtr

• 0x4210fc GetLastError

• 0x421100 DeleteFileA

• 0x421104 GetStringTypeW

• 0x421108 GetStringTypeA

• 0x42110c SetUnhandledExceptionFilter

• 0x421110 IsBadWritePtr

• 0x421114 VirtualAlloc

• 0x421118 LCMapStringW

• 0x42111c LCMapStringA

• 0x421120 VirtualFree

• 0x421124 HeapCreate

• 0x421128 HeapDestroy

• 0x42112c GetEnvironmentVariableA

• 0x421130 GetFileType

• 0x421134 GetStdHandle

• 0x421138 SetHandleCount

• 0x42113c GetEnvironmentStringsW

• 0x421140 GetEnvironmentStrings

• 0x421144 FreeEnvironmentStringsW

• 0x421148 FreeEnvironmentStringsA

• 0x42114c UnhandledExceptionFilter

• 0x421150 GetACP

• 0x421154 HeapSize

• 0x421158 RaiseException

• 0x42115c TerminateProcess

• 0x421160 RtlUnwind

• 0x421164 GetOEMCP

• 0x421168 lstrlenA

• 0x42116c GetTempPathA

• 0x421170 GetSystemDirectoryA

• 0x421174 GetWindowsDirectoryA

• 0x421178 GetVersionExA

• 0x42117c GetCurrentProcess

• 0x421180 GetCurrentThreadId

• 0x421184 GetCurrentThread

• 0x421188 lstrcmpiA

• 0x42118c lstrcmpA

• 0x421190 GlobalDeleteAtom

• 0x421194 GetTickCount

• 0x421198 LocalAlloc

• 0x42119c LocalFree

• 0x4211a0 InitializeCriticalSection

• 0x4211a4 TlsAlloc

• 0x4211a8 DeleteCriticalSection

• 0x4211ac GlobalHandle

• 0x4211b0 TlsFree

• 0x4211b4 LeaveCriticalSection

• 0x4211b8 GlobalReAlloc

• 0x4211bc EnterCriticalSection

• 0x4211c0 TlsSetValue

• 0x4211c4 LocalReAlloc

• 0x4211c8 TlsGetValue

• 0x4211cc lstrcpynA

• 0x4211d0 MulDiv

• 0x4211d4 GlobalFlags

• 0x4211d8 InterlockedDecrement

• 0x4211dc WritePrivateProfileStringA

• 0x4211e0 lstrcatA

• 0x4211e4 lstrcpyA

• 0x4211e8 InterlockedIncrement

• 0x4211ec SetLastError

• 0x4211f0 GlobalFindAtomA

• 0x4211f4 GlobalAddAtomA

• 0x4211f8 GlobalGetAtomNameA

• 0x4211fc GetVersion

• 0x421200 LockResource

• 0x421204 LoadResource

• 0x421208 FindResourceA

• 0x42120c GetProcessVersion

• 0x421210 SetErrorMode

• 0x421214 FlushFileBuffers

• 0x421218 GetCPInfo

Library USER32.dll:

• 0x421280 MessageBoxA

• 0x421284 EnableWindow

• 0x421288 GetParent

• 0x42128c IsWindowEnabled

• 0x421290 GetForegroundWindow

• 0x421294 IsWindow

• 0x421298 GetActiveWindow

• 0x42129c SetActiveWindow

• 0x4212a0 SetForegroundWindow

• 0x4212a4 PostQuitMessage

• 0x4212a8 PostMessageA

• 0x4212ac SendMessageA

• 0x4212b0 SetCursor

• 0x4212b4 GetWindowLongA

• 0x4212b8 GetLastActivePopup

• 0x4212bc SetWindowsHookExA

• 0x4212c0 GetCursorPos

• 0x4212c4 IsWindowVisible

• 0x4212c8 ValidateRect

• 0x4212cc CallNextHookEx

• 0x4212d0 GetKeyState

• 0x4212d4 GetNextDlgTabItem

• 0x4212d8 GetFocus

• 0x4212dc EnableMenuItem

• 0x4212e0 CheckMenuItem

• 0x4212e4 SetMenuItemBitmaps

• 0x4212e8 ModifyMenuA

• 0x4212ec GetMenuState

• 0x4212f0 LoadBitmapA

• 0x4212f4 GetMenuCheckMarkDimensions

• 0x4212f8 RegisterClipboardFormatA

• 0x4212fc GetClassNameA

• 0x421300 PtInRect

• 0x421304 GetWindowRect

• 0x421308 GetDlgCtrlID

• 0x42130c GetWindow

• 0x421310 ClientToScreen

• 0x421314 SetWindowTextA

• 0x421318 GetWindowTextA

• 0x42131c UnhookWindowsHookEx

• 0x421320 GetMenuItemCount

• 0x421324 GetDC

• 0x421328 ReleaseDC

• 0x42132c TabbedTextOutA

• 0x421330 DrawTextA

• 0x421334 GrayStringA

• 0x421338 GetDlgItem

• 0x42133c SendDlgItemMessageA

• 0x421340 IsDialogMessageA

• 0x421344 SetWindowLongA

• 0x421348 SetWindowPos

• 0x42134c ShowWindow

• 0x421350 SetFocus

• 0x421354 GetSystemMetrics

• 0x421358 GetWindowPlacement

• 0x42135c IsIconic

• 0x421360 SystemParametersInfoA

• 0x421364 RegisterWindowMessageA

• 0x421368 GetMessagePos

• 0x42136c GetMessageTime

• 0x421370 DefWindowProcA

• 0x421374 RemovePropA

• 0x421378 CallWindowProcA

• 0x42137c GetPropA

• 0x421380 SetPropA

• 0x421384 GetClassLongA

• 0x421388 CreateWindowExA

• 0x42138c DestroyWindow

• 0x421390 GetMenuItemID

• 0x421394 GetSubMenu

• 0x421398 GetMenu

• 0x42139c RegisterClassA

• 0x4213a0 GetClassInfoA

• 0x4213a4 WinHelpA

• 0x4213a8 GetCapture

• 0x4213ac GetTopWindow

• 0x4213b0 CopyRect

• 0x4213b4 GetClientRect

• 0x4213b8 AdjustWindowRectEx

• 0x4213bc GetSysColor

• 0x4213c0 MapWindowPoints

• 0x4213c4 UpdateWindow

• 0x4213c8 LoadIconA

• 0x4213cc LoadCursorA

• 0x4213d0 GetSysColorBrush

• 0x4213d4 LoadStringA

• 0x4213d8 UnregisterClassA

• 0x4213dc PostThreadMessageA

• 0x4213e0 DestroyMenu

• 0x4213e4 CreateDialogIndirectParamA

• 0x4213e8 EndDialog

• 0x4213ec wsprintfA

• 0x4213f0 DispatchMessageA

• 0x4213f4 TranslateMessage

• 0x4213f8 GetMessageA

• 0x4213fc PeekMessageA

Library ole32.dll:

• 0x42141c CLSIDFromProgID

• 0x421420 CLSIDFromString

• 0x421424 CoCreateInstance

• 0x421428 CoInitialize

• 0x42142c CoUninitialize

• 0x421430 OleRun

• 0x421434 OleInitialize

• 0x421438 OleUninitialize

• 0x42143c CoFreeUnusedLibraries

• 0x421440 CoRegisterMessageFilter

• 0x421444 CoRevokeClassObject

• 0x421448 OleFlushClipboard

• 0x42144c OleIsCurrentClipboard

Library dbghelp.dll:

• 0x421414 MakeSureDirectoryPathExists

Library GDI32.dll:

• 0x42101c GetDeviceCaps

• 0x421020 PtVisible

• 0x421024 RectVisible

• 0x421028 TextOutA

• 0x42102c ExtTextOutA

• 0x421030 Escape

• 0x421034 GetObjectA

• 0x421038 GetStockObject

• 0x42103c CreateBitmap

• 0x421040 DeleteObject

• 0x421044 DeleteDC

• 0x421048 SaveDC

• 0x42104c RestoreDC

• 0x421050 SelectObject

• 0x421054 SetBkColor

• 0x421058 SetTextColor

• 0x42105c SetMapMode

• 0x421060 SetViewportOrgEx

• 0x421064 OffsetViewportOrgEx

• 0x421068 SetViewportExtEx

• 0x42106c ScaleViewportExtEx

• 0x421070 SetWindowExtEx

• 0x421074 ScaleWindowExtEx

• 0x421078 GetClipBox

Library WINSPOOL.DRV:

• 0x421404 OpenPrinterA

• 0x421408 DocumentPropertiesA

• 0x42140c ClosePrinter

Library COMCTL32.dll:

• 0x421014

Library oledlg.dll:

• 0x421454

Library OLEAUT32.dll:

• 0x421220 VariantChangeType

• 0x421224 VariantInit

• 0x421228 SafeArrayAllocDescriptor

• 0x42122c SafeArrayAllocData

• 0x421230 VariantCopy

• 0x421234 SafeArrayGetDim

• 0x421238 SafeArrayGetLBound

• 0x42123c SafeArrayGetUBound

• 0x421240 SafeArrayAccessData

• 0x421244 SafeArrayUnaccessData

• 0x421248 SafeArrayGetElemsize

• 0x42124c SysFreeString

• 0x421250 VarR8FromCy

• 0x421254 VarR8FromBool

• 0x421258 LoadTypeLib

• 0x42125c LHashValOfNameSys

• 0x421260 RegisterTypeLib

• 0x421264 SafeArrayCreate

• 0x421268 SysAllocString

• 0x42126c VariantClear

• 0x421270 SafeArrayDestroy

Library ADVAPI32.dll:

• 0x421000 RegCloseKey

• 0x421004 RegCreateKeyExA

• 0x421008 RegOpenKeyExA

• 0x42100c RegSetValueExA

Library SHELL32.dll:

• 0x421278 SHGetSpecialFolderPathA

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com

TCP

Source	Source Port	Destination	Destination Port
151.139.128.14	80	192.168.56.101	49192

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	65004	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	55369	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.