SmartHawk

2.4

中危

51 个模型检测该样本为恶意！

重新分析

下载样本

0930678a148689d3b2eab8f68acb2b8b857375a97e1701505c347ae30848dd6a

7e966249aa9c52dc3b90b1bbaef0faa8.exe

分析耗时

12s

最近分析

文件大小

512.4KB

静态报毒动态报毒 0NA103H420 0VXVNCMTLFI 100% 179JJDU AGENTB AGFU AI SCORE=85 AIDETECTVM ALJA BSCOPE CLASSIC CONFIDENCE EHLS EMOTET ENCPK GDSDA GENERICKDZ GENKDZ GIAI GRAYWARE HFMH HIGH CONFIDENCE JZNF KRYPTIK MALICIOUS PE MALWARE1 MALWARE@#379IJCGEDEBHD QAKBOT QBOT R + MAL SCORE SIGGEN2 STATIC AI SUSGEN TRZF UNSAFE WACATAC YAKES ZENPAK 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Packed-GCB!7E966249AA9C	20201115	6.0.6.653
Alibaba	Trojan:Win32/Agentb.fc837f70	20190527	0.3.0.5
Avast		20201115	20.10.5736.0
Baidu		20190318	1.0.0.2
Kingsoft		20201116	2013.8.14.323
Tencent	Win32.Trojan.Agentb.Alja	20201116	1.0.0.1
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.rdata5

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.0298235251024535

section

{'size_of_data': '0x00052600', 'virtual_address': '0x00001000', 'entropy': 7.0298235251024535, 'name': '.text', 'virtual_size': '0x00052515'}

description

A section with a high entropy has been found

entropy

0.5947653429602888

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 个事件)

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Siggen2.53082
MicroWorld-eScan	Trojan.GenericKDZ.69228
FireEye	Generic.mg.7e966249aa9c52dc
McAfee	Packed-GCB!7E966249AA9C
Cylance	Unsafe
Zillya	Trojan.Agent.Win32.1361409
Sangfor	Malware
Alibaba	Trojan:Win32/Agentb.fc837f70
Cybereason	malicious.32a859
Arcabit	Trojan.Generic.D10E6C
TrendMicro	TROJ_FRS.0NA103H420
Cyren	W32/Trojan.GIAI-3680
Symantec	Packed.Generic.459
APEX	Malicious
Kaspersky	Trojan.Win32.Agentb.jznf
BitDefender	Trojan.GenericKDZ.69228
Paloalto	generic.ml
AegisLab	Trojan.Win32.Zenpak.trzf
Rising	Trojan.Kryptik!1.C9B1 (CLASSIC)
Ad-Aware	Trojan.GenericKDZ.69228
Emsisoft	Trojan.GenericKDZ.69228 (B)
Comodo	Malware@#379ijcgedebhd
Invincea	Mal/Generic-R + Mal/EncPk-APV
McAfee-GW-Edition	BehavesLike.Win32.Emotet.hh
Sophos	Mal/EncPk-APV
SentinelOne	Static AI - Malicious PE
Jiangmin	Trojan.Yakes.agfu
MaxSecure	Trojan.Malware.104482407.susgen
MAX	malware (ai score=85)
Antiy-AVL	GrayWare/Win32.Kryptik.ehls
Gridinsoft	Trojan.Win32.Kryptik.oa
Microsoft	Trojan:Win32/Qakbot.AR!MTB
ZoneAlarm	Trojan.Win32.Agentb.jznf
GData	Win32.Trojan.PSE.179JJDU
AhnLab-V3	Trojan/Win32.Wacatac.C4175688
Acronis	suspicious
VBA32	BScope.Trojan.Qakbot
Malwarebytes	Backdoor.Qbot
ESET-NOD32	a variant of Win32/Kryptik.HFMH
TrendMicro-HouseCall	TROJ_FRS.0NA103H420
Tencent	Win32.Trojan.Agentb.Alja
Yandex	Trojan.Kryptik!0vxvNCmTLfI
Ikarus	Trojan-Banker.QakBot
eGambit	Unsafe.AI_Score_94%
Fortinet	W32/RTM.AG!tr
Webroot	W32.Trojan.GenKDZ
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_100% (W)

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1983-01-31 02:12:59

Imports

Library KERNEL32.dll:

• 0x46def8 GetACP

• 0x46defc Sleep

• 0x46df00 VirtualFree

• 0x46df04 VirtualAlloc

• 0x46df08 GetSystemInfo

• 0x46df0c GetVersion

• 0x46df10 GetCurrentThreadId

• 0x46df14 VirtualQuery

• 0x46df18 WideCharToMultiByte

• 0x46df1c MultiByteToWideChar

• 0x46df20 lstrlenW

• 0x46df24 lstrcpynW

• 0x46df28 LoadLibraryExW

• 0x46df2c GetThreadLocale

• 0x46df30 GetStartupInfoA

• 0x46df34 GetProcAddress

• 0x46df38 GetModuleHandleW

• 0x46df3c GetModuleFileNameW

• 0x46df40 GetLocaleInfoW

• 0x46df44 GetLastError

• 0x46df48 GetCommandLineW

• 0x46df4c FreeLibrary

• 0x46df50 FindFirstFileW

• 0x46df54 FindClose

• 0x46df58 ExitProcess

• 0x46df5c CreateThread

• 0x46df60 WriteFile

• 0x46df64 UnhandledExceptionFilter

• 0x46df68 SetFilePointer

• 0x46df6c SetEndOfFile

• 0x46df70 RtlUnwind

• 0x46df74 ReadFile

• 0x46df78 RaiseException

• 0x46df7c GetStdHandle

• 0x46df80 GetFileSize

• 0x46df84 GetFileType

• 0x46df88 CreateFileW

• 0x46df8c CloseHandle

• 0x46df90 TlsSetValue

• 0x46df94 TlsGetValue

• 0x46df98 LocalAlloc

• 0x46df9c lstrcmpA

• 0x46dfa0 WaitForSingleObject

• 0x46dfa4 VirtualQueryEx

• 0x46dfa8 VirtualProtect

• 0x46dfac UnmapViewOfFile

• 0x46dfb0 TerminateThread

• 0x46dfb4 TerminateProcess

• 0x46dfb8 SystemTimeToFileTime

• 0x46dfbc SuspendThread

• 0x46dfc0 SizeofResource

• 0x46dfc4 SignalObjectAndWait

• 0x46dfc8 SetUnhandledExceptionFilter

• 0x46dfcc SetThreadPriority

• 0x46dfd0 SetLastError

• 0x46dfd4 SetFileAttributesA

• 0x46dfd8 SetFileAttributesW

• 0x46dfdc SetEvent

• 0x46dfe0 ResumeThread

• 0x46dfe4 ResetEvent

• 0x46dfe8 RemoveDirectoryA

• 0x46dfec ReleaseMutex

• 0x46dff0 ReadProcessMemory

• 0x46dff4 QueryPerformanceFrequency

• 0x46dff8 QueryPerformanceCounter

• 0x46dffc OpenProcess

• 0x46e000 OpenFileMappingA

• 0x46e004 OpenFileMappingW

• 0x46e008 MapViewOfFile

• 0x46e00c LockResource

• 0x46e010 LocalSize

• 0x46e014 LocalFree

• 0x46e018 LoadResource

• 0x46e01c LoadLibraryExA

• 0x46e020 LoadLibraryW

• 0x46e024 LeaveCriticalSection

• 0x46e028 IsValidLocale

• 0x46e02c IsBadReadPtr

• 0x46e030 InitializeCriticalSection

• 0x46e034 GlobalUnlock

• 0x46e038 GlobalReAlloc

• 0x46e03c GlobalMemoryStatus

• 0x46e040 GlobalHandle

• 0x46e044 GlobalLock

• 0x46e048 GlobalFree

• 0x46e04c GlobalAlloc

• 0x46e050 GetWindowsDirectoryA

• 0x46e054 GetVersionExA

• 0x46e058 GetVersionExW

• 0x46e05c GetTickCount

• 0x46e060 GetThreadPriority

• 0x46e064 GetThreadContext

• 0x46e068 GetTempPathA

• 0x46e06c GetSystemTime

• 0x46e070 GetSystemDirectoryW

• 0x46e074 GetSystemDefaultLangID

• 0x46e078 GetPriorityClass

• 0x46e07c GetModuleHandleA

• 0x46e080 GetModuleFileNameA

• 0x46e084 GetLocaleInfoA

• 0x46e088 GetLocalTime

• 0x46e08c GetFullPathNameW

• 0x46e090 GetFileTime

• 0x46e094 GetFileAttributesA

• 0x46e098 GetFileAttributesW

• 0x46e09c GetDiskFreeSpaceA

• 0x46e0a0 GetDiskFreeSpaceW

• 0x46e0a4 GetDateFormatW

• 0x46e0a8 GetCurrentThread

• 0x46e0ac GetCurrentProcessId

• 0x46e0b0 GetCurrentProcess

• 0x46e0b4 GetComputerNameA

• 0x46e0b8 GetCommandLineA

• 0x46e0bc GetCPInfo

• 0x46e0c0 FreeResource

• 0x46e0c4 InterlockedIncrement

• 0x46e0c8 InterlockedExchange

• 0x46e0cc InterlockedDecrement

• 0x46e0d0 InterlockedCompareExchange

• 0x46e0d4 FormatMessageA

• 0x46e0d8 FormatMessageW

• 0x46e0dc FindResourceA

• 0x46e0e0 FindResourceW

• 0x46e0e4 FindNextFileA

• 0x46e0e8 FindFirstFileA

• 0x46e0ec FileTimeToSystemTime

• 0x46e0f0 FileTimeToLocalFileTime

• 0x46e0f4 FileTimeToDosDateTime

• 0x46e0f8 ExpandEnvironmentStringsA

• 0x46e0fc ExitThread

• 0x46e100 EnumCalendarInfoW

• 0x46e104 EnterCriticalSection

• 0x46e108 DuplicateHandle

• 0x46e10c DeleteFileA

• 0x46e110 DeleteFileW

• 0x46e114 DeleteCriticalSection

• 0x46e118 CreateRemoteThread

• 0x46e11c CreateProcessA

• 0x46e120 CreateProcessW

• 0x46e124 CreatePipe

• 0x46e128 CreateMutexA

• 0x46e12c CreateMutexW

• 0x46e130 CreateFileMappingA

• 0x46e134 CreateFileMappingW

• 0x46e138 CreateFileA

• 0x46e13c CreateEventW

• 0x46e140 CreateDirectoryA

• 0x46e144 CreateDirectoryW

• 0x46e148 CopyFileA

• 0x46e14c CompareStringW

• 0x46e150 Beep

• 0x46e154 VirtualAllocEx

Library USER32.dll:

• 0x46e15c GetKeyboardType

• 0x46e160 LoadStringW

• 0x46e164 MessageBoxA

• 0x46e168 CharNextW

• 0x46e16c CreateWindowExA

• 0x46e170 CreateWindowExW

• 0x46e174 WindowFromPoint

• 0x46e178 TranslateMessage

• 0x46e17c SystemParametersInfoW

• 0x46e180 ShowWindow

• 0x46e184 SetWindowTextA

• 0x46e188 SetWindowPos

• 0x46e18c SetWindowLongA

• 0x46e190 SetTimer

• 0x46e194 SetRect

• 0x46e198 SetForegroundWindow

• 0x46e19c SetFocus

• 0x46e1a0 SetCursor

• 0x46e1a4 SetClipboardData

• 0x46e1a8 SetCapture

• 0x46e1ac SetActiveWindow

• 0x46e1b0 SendMessageTimeoutA

• 0x46e1b4 SendMessageA

• 0x46e1b8 SendMessageW

• 0x46e1bc ScreenToClient

• 0x46e1c0 RemoveMenu

• 0x46e1c4 ReleaseDC

• 0x46e1c8 ReleaseCapture

• 0x46e1cc RegisterWindowMessageW

• 0x46e1d0 RegisterClassA

• 0x46e1d4 PostThreadMessageA

• 0x46e1d8 PostThreadMessageW

• 0x46e1dc PostQuitMessage

• 0x46e1e0 PostMessageA

• 0x46e1e4 PostMessageW

• 0x46e1e8 PeekMessageA

• 0x46e1ec PeekMessageW

• 0x46e1f0 OpenClipboard

• 0x46e1f4 OffsetRect

• 0x46e1f8 MessageBoxW

• 0x46e1fc MessageBeep

• 0x46e200 LoadImageA

• 0x46e204 LoadCursorW

• 0x46e208 KillTimer

• 0x46e20c IsWindowVisible

• 0x46e210 IsWindowUnicode

• 0x46e214 IsWindowEnabled

• 0x46e218 IsWindow

• 0x46e21c IsIconic

• 0x46e220 IsDialogMessageW

• 0x46e224 InvalidateRect

• 0x46e228 InflateRect

• 0x46e22c GetWindowThreadProcessId

• 0x46e230 GetWindowTextA

• 0x46e234 GetWindowRect

• 0x46e238 GetWindowPlacement

• 0x46e23c GetWindowLongW

• 0x46e240 GetWindowDC

• 0x46e244 GetSystemMetrics

• 0x46e248 GetSystemMenu

• 0x46e24c GetSysColorBrush

• 0x46e250 GetSysColor

• 0x46e254 GetWindow

• 0x46e258 GetMessageA

• 0x46e25c GetMessageW

• 0x46e260 GetKeyState

• 0x46e264 GetIconInfo

• 0x46e268 GetFocus

• 0x46e26c GetDC

• 0x46e270 GetCursorPos

• 0x46e274 GetCursor

• 0x46e278 GetClientRect

• 0x46e27c GetClassNameA

• 0x46e280 GetCapture

• 0x46e284 FrameRect

• 0x46e288 FindWindowW

• 0x46e28c FillRect

• 0x46e290 EnumWindows

• 0x46e294 EndPaint

• 0x46e298 EnableWindow

• 0x46e29c EmptyClipboard

• 0x46e2a0 DrawTextA

• 0x46e2a4 DrawIconEx

• 0x46e2a8 DrawFrameControl

• 0x46e2ac DrawFocusRect

• 0x46e2b0 DispatchMessageW

• 0x46e2b4 DestroyWindow

• 0x46e2b8 DefWindowProcA

• 0x46e2bc DefWindowProcW

• 0x46e2c0 CloseClipboard

• 0x46e2c4 CharUpperBuffW

• 0x46e2c8 CallWindowProcW

• 0x46e2cc BringWindowToTop

• 0x46e2d0 BeginPaint

• 0x46e2d4 AttachThreadInput

• 0x46e2d8 GetAsyncKeyState

• 0x46e2dc CharUpperW

• 0x46e2e0 GetDoubleClickTime

• 0x46e2e4 GetParent

• 0x46e2e8 GetTopWindow

• 0x46e2ec CharNextA

• 0x46e2f0 GetDesktopWindow

• 0x46e2f4 GetMenuContextHelpId

• 0x46e2f8 IsCharUpperW

• 0x46e2fc CharLowerW

• 0x46e300 LoadIconA

Library GDI32.dll:

• 0x46e308 TextOutA

• 0x46e30c StartPage

• 0x46e310 StartDocA

• 0x46e314 SetTextColor

• 0x46e318 SetMapMode

• 0x46e31c SetBkMode

• 0x46e320 SetBkColor

• 0x46e324 SelectObject

• 0x46e328 SelectClipRgn

• 0x46e32c MoveToEx

• 0x46e330 LineTo

• 0x46e334 GetTextMetricsW

• 0x46e338 GetTextFaceA

• 0x46e33c GetTextExtentPoint32A

• 0x46e340 GetStockObject

• 0x46e344 GetRgnBox

• 0x46e348 GetObjectW

• 0x46e34c GetDeviceCaps

• 0x46e350 GdiFlush

• 0x46e354 EndPage

• 0x46e358 EndDoc

• 0x46e35c DeleteObject

• 0x46e360 DeleteDC

• 0x46e364 CreateSolidBrush

• 0x46e368 CreateRectRgnIndirect

• 0x46e36c CreatePen

• 0x46e370 CreateFontA

• 0x46e374 CreateFontW

• 0x46e378 CreateDIBSection

• 0x46e37c CreateDCW

• 0x46e380 CreateCompatibleDC

• 0x46e384 CombineRgn

• 0x46e388 BitBlt

• 0x46e38c WidenPath

• 0x46e390 StrokePath

• 0x46e394 CloseEnhMetaFile

• 0x46e398 GetStretchBltMode

• 0x46e39c GetColorSpace

• 0x46e3a0 GetPixelFormat

• 0x46e3a4 SwapBuffers

• 0x46e3a8 FillPath

• 0x46e3ac CloseFigure

• 0x46e3b0 GetROP2

• 0x46e3b4 GetDCBrushColor

• 0x46e3b8 PathToRegion

• 0x46e3bc DeleteMetaFile

• 0x46e3c0 GetEnhMetaFileA

Library COMDLG32.dll:

• 0x46e3c8 PrintDlgW

• 0x46e3cc GetSaveFileNameA

Library ADVAPI32.dll:

• 0x46e3d4 RegQueryValueExW

• 0x46e3d8 RegOpenKeyExW

• 0x46e3dc RegCloseKey

• 0x46e3e0 SetSecurityDescriptorDacl

• 0x46e3e4 RegSetValueExA

• 0x46e3e8 RegQueryValueExA

• 0x46e3ec RegQueryInfoKeyW

• 0x46e3f0 RegOpenKeyExA

• 0x46e3f4 RegEnumKeyA

• 0x46e3f8 RegDeleteValueA

• 0x46e3fc RegCreateKeyExA

• 0x46e400 InitializeSecurityDescriptor

• 0x46e404 GetUserNameA

• 0x46e408 FreeSid

• 0x46e40c AllocateAndInitializeSid

• 0x46e410 RegOpenKeyW

Library SHELL32.dll:

• 0x46e418 SHBrowseForFolder

• 0x46e41c SHGetPathFromIDListW

• 0x46e420 SHGetFileInfoA

• 0x46e424 SHGetDiskFreeSpaceExA

• 0x46e428 Shell_NotifyIconW

• 0x46e42c ShellAboutA

• 0x46e430 ShellExecuteExA

• 0x46e434 SHGetInstanceExplorer

• 0x46e438 SHGetDiskFreeSpaceA

• 0x46e43c ShellAboutW

• 0x46e440 SHLoadInProc

• 0x46e444 SHGetFolderPathW

• 0x46e448 ExtractAssociatedIconW

• 0x46e44c DoEnvironmentSubstA

• 0x46e450 SHPathPrepareForWriteA

• 0x46e454 SHGetSpecialFolderLocation

• 0x46e458 SHCreateProcessAsUserW

Library SHLWAPI.dll:

• 0x46e460 StrStrA

• 0x46e464 StrStrIW

• 0x46e468 StrRChrA

• 0x46e46c StrStrIA

Library COMCTL32.dll:

• 0x46e474 ImageList_Destroy

• 0x46e478 ImageList_Create

• 0x46e47c

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.