3.0
中危
44 个模型检测该样本为恶意!
重新分析
更多

2d6359106c57e02d2a9364c02ee3657a894899e24b3273ee59095f925eae5500

7f36bcd5dca2e6c86b088c40cbfc2fbf.exe

分析耗时

78s

最近分析

文件大小

11.3MB
静态报毒 动态报毒 5GOLRTNIYPF3+VKZOX3PQA 9ZQOJCZNJEQ ADREPACK AI SCORE=84 ANNB ARTEMIS ATTRIBUTE B@83HTFQ CERTIFICATE CHINAD CRACK CTCYO EQTONEX FR3@AOBRZVGB GENERIC@ML GGGYDA HIGH CONFIDENCE HIGHCONFIDENCE JOHNNIE MALCERT MIKEY MULDROP MULDROP11 MULTIPLE DETECTIONS NBGG PERSISTENCE POSSIBLE R303784 RDMK REDCAP SCORE THREAT UNSAFE UNTRUSTED ZEXAF ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!7F36BCD5DCA2 20201023 6.0.6.653
Alibaba Trojan:Win32/AdRepack.70780de0 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Kingsoft 20201023 2013.8.14.323
Tencent 20201023 1.0.0.1
CrowdStrike 20190702 1.0
静态指标
This executable is signed
This executable has a PDB path (1 个事件)
pdb_path D:\SVN\rczip1\bin\Win32\release\pdb\HaoZip7zSetup.pdb
行为判定
动态指标
Foreign language identified in PE resource (50 out of 132 个事件)
name RT_ICON language LANG_CHINESE offset 0x000861d8 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x000861d8 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x000861d8 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_DIALOG language LANG_CHINESE offset 0x00086b1c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000150
name RT_DIALOG language LANG_CHINESE offset 0x00086b1c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000150
name RT_DIALOG language LANG_CHINESE offset 0x00086b1c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000150
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
name RT_STRING language LANG_CHINESE offset 0x00090694 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015e
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 6.895690138444797 section {'size_of_data': '0x0002d400', 'virtual_address': '0x00064000', 'entropy': 6.895690138444797, 'name': '.rsrc', 'virtual_size': '0x0002d274'} description A section with a high entropy has been found
entropy 0.31922398589065254 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 104.23.98.190
host 172.217.24.14
File has been identified by 44 AntiVirus engines on VirusTotal as malicious (44 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Zusy.312503
FireEye Generic.mg.7f36bcd5dca2e6c8
McAfee Artemis!7F36BCD5DCA2
Cylance Unsafe
K7AntiVirus Trojan ( 0056b2a91 )
Alibaba Trojan:Win32/AdRepack.70780de0
K7GW Trojan ( 0056b2a91 )
Cybereason malicious.5dca2e
Arcabit Trojan.Zusy.D4C4B7
BitDefenderTheta Gen:NN.ZexaF.34570.fr3@aObRzVgb
Cyren W32/Trojan.NBGG-8921
Symantec ML.Attribute.HighConfidence
APEX Malicious
ClamAV Win.Malware.Mikey-6986881-0
BitDefender Gen:Variant.Zusy.312503
NANO-Antivirus Trojan.Win32.Johnnie.gggyda
Rising Trojan.Generic@ML.94 (RDMK:5goLrTNIYPF3+vkzOx3PQA)
Ad-Aware Gen:Variant.Zusy.312503
Emsisoft MalCert-S.CB (A)
Comodo TrojWare.Win32.Eqtonex.B@83htfq
F-Secure Trojan.TR/Redcap.ctcyo
DrWeb Trojan.MulDrop11.27235
VIPRE Trojan.Win32.Generic!BT
Invincea Mal/Generic-S
McAfee-GW-Edition Artemis!Trojan
Sophos Mal/Generic-S
Jiangmin Adware.Agent.annb
Avira TR/Redcap.ctcyo
Microsoft Trojan:Win32/Persistence!rfn
GData Gen:Variant.Zusy.312503
Cynet Malicious (score: 85)
AhnLab-V3 Malware/Win32.RL_Generic.R303784
VBA32 Trojan.MulDrop
ALYac Gen:Variant.Zusy.312503
MAX malware (ai score=84)
Malwarebytes PUP.Optional.ChinAd
ESET-NOD32 multiple detections
Yandex PUP.Crack!9ZqoJCZNjeQ
Ikarus possible-Threat.Untrusted.Certificate
eGambit Unsafe.AI_Score_99%
Fortinet Riskware/AdRepack
AVG Win32:Trojan-gen
Qihoo-360 Generic/Trojan.8ce
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-02-22 11:23:18

Imports

Library COMCTL32.dll:
Library SHELL32.dll:
0x4471d0 SHBrowseForFolderW
0x4471d4 CommandLineToArgvW
0x4471d8 ShellExecuteW
0x4471dc SHGetMalloc
0x4471e0 ShellExecuteExW
0x4471e4 SHGetFileInfoW
Library KERNEL32.dll:
0x447014 TlsGetValue
0x447018 TlsAlloc
0x44701c TerminateProcess
0x447020 SetLastError
0x44702c HeapSize
0x447030 FreeLibrary
0x447034 HeapAlloc
0x447038 HeapFree
0x44703c GetProcessHeap
0x447040 LoadLibraryW
0x447044 GetLastError
0x447048 GetProcAddress
0x44704c GetFileAttributesW
0x447050 CloseHandle
0x447054 GetCurrentProcess
0x447058 GetModuleHandleW
0x44705c GetVersionExW
0x447060 CreateProcessW
0x447064 WaitForSingleObject
0x447070 GetModuleFileNameW
0x44707c LocalFree
0x447080 SetFileApisToOEM
0x447088 SetPriorityClass
0x44708c GetCurrentThread
0x447090 SetThreadPriority
0x447094 GetCommandLineW
0x4470a8 FindFirstFileW
0x4470ac FindClose
0x4470b0 FindNextFileW
0x4470b4 CreateFileW
0x4470b8 GetLongPathNameW
0x4470bc GetCurrentThreadId
0x4470c0 FindResourceW
0x4470c4 LoadLibraryExW
0x4470c8 SetEndOfFile
0x4470cc SetFileTime
0x4470d0 WriteFile
0x4470d4 FormatMessageW
0x4470d8 TlsSetValue
0x4470dc ResumeThread
0x4470e0 WideCharToMultiByte
0x4470e4 GetACP
0x4470e8 MultiByteToWideChar
0x4470ec GetFileSize
0x4470f0 SetFilePointer
0x4470f4 ReadFile
0x4470f8 GetFullPathNameW
0x4470fc GetTempFileNameW
0x447100 MoveFileExW
0x447104 CreateDirectoryW
0x447108 lstrlenW
0x44710c GetTempPathW
0x447110 MoveFileW
0x447114 RemoveDirectoryW
0x44711c DeleteFileW
0x447120 SetFileAttributesW
0x447124 SetEvent
0x447128 Sleep
0x44712c ResetEvent
0x447130 CreateEventW
0x447138 GetModuleHandleExW
0x447140 VirtualAlloc
0x447144 VirtualFree
0x447148 FlushFileBuffers
0x44714c WriteConsoleW
0x447150 SetStdHandle
0x447154 SetFilePointerEx
0x447158 GetConsoleMode
0x44715c GetConsoleCP
0x447160 OutputDebugStringW
0x447164 LCMapStringW
0x447168 HeapReAlloc
0x44716c GetStringTypeW
0x447170 GetCPInfo
0x447174 GetOEMCP
0x447178 IsValidCodePage
0x44717c TlsFree
0x447184 ExitProcess
0x447188 RtlUnwind
0x447194 GetCurrentProcessId
0x44719c GetFileType
0x4471a0 GetStdHandle
0x4471a4 EncodePointer
0x4471a8 DecodePointer
0x4471ac IsDebuggerPresent
0x4471b8 CreateThread
0x4471bc ExitThread
0x4471c0 RaiseException
0x4471c4 GetStartupInfoW
Library USER32.dll:
0x4471ec SendMessageW
0x4471f0 EndDialog
0x4471f4 GetDlgItem
0x4471f8 GetWindowTextW
0x4471fc SetFocus
0x447200 LoadStringW
0x447204 GetDesktopWindow
0x447208 SetTimer
0x44720c ScreenToClient
0x447210 GetMessageW
0x447214 PostQuitMessage
0x447218 KillTimer
0x44721c TranslateMessage
0x447220 IsDialogMessageW
0x447224 LoadIconW
0x447228 CreateDialogParamW
0x44722c IsWindowVisible
0x447230 EnableWindow
0x447234 DispatchMessageW
0x447238 DestroyIcon
0x44723c IsWindow
0x447240 ShowWindow
0x447244 MessageBoxW
0x447248 GetWindowRect
0x44724c PostMessageW
0x447250 DialogBoxParamW
0x447254 SetWindowPos
0x447258 GetSystemMetrics
0x44725c SetWindowTextW
Library GDI32.dll:
0x447008 CreateSolidBrush
0x44700c DeleteObject
Library ole32.dll:
0x447264 CoInitialize
0x447268 CoInitializeEx
0x44726c CoUninitialize
0x447270 CoCreateInstance

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
104.23.98.190 443 192.168.56.101 49180

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.