1.4
低危
61 个模型检测该样本为恶意!
重新分析
更多

223a10ef8a39c409c78e494a589397e0bd60c804d5c1f8882430f9a6c9dd0994

223a10ef8a39c409c78e494a589397e0bd60c804d5c1f8882430f9a6c9dd0994.exe

分析耗时

194s

最近分析

360天前

文件大小

27.0KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN VTFLOODER
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.59
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:Trojan-gen 20200121 18.4.3895.0
Baidu Win32.Trojan-Downloader.Tiny.c 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Kingsoft None 20200121 2013.8.14.323
McAfee VTFlooder!8110E17ECF02 20200121 6.0.6.653
Tencent Trojan.Win32.VtFlooder.a 20200121 1.0.0.1
行为判定
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具 (1 个事件)
section {'name': 'UPX1', 'virtual_address': '0x00007000', 'virtual_size': '0x00001000', 'size_of_data': '0x00000e00', 'entropy': 7.205364847460314} entropy 7.205364847460314 description 发现高熵的节
可执行文件使用UPX压缩 (3 个事件)
section UPX0 description 节名称指示UPX
section UPX1 description 节名称指示UPX
section UPX2 description 节名称指示UPX
网络通信
与未执行 DNS 查询的主机进行通信 (2 个事件)
host 114.114.114.114
host 8.8.8.8
文件已被 VirusTotal 上 61 个反病毒引擎识别为恶意 (50 out of 61 个事件)
ALYac Gen:Variant.Ulise.1586
APEX Malicious
AVG Win32:Trojan-gen
Acronis suspicious
Ad-Aware Gen:Variant.Ulise.1586
AhnLab-V3 Trojan/Win32.Vflooder.C1453219
Arcabit Trojan.Ulise.D632
Avast Win32:Trojan-gen
Avira TR/Crypt.XPACK.Gen
Baidu Win32.Trojan-Downloader.Tiny.c
BitDefender Gen:Variant.Ulise.1586
BitDefenderTheta Gen:NN.ZexaF.34084.bqW@aSiaIWd
Bkav W32.FamVT.VtfodsVM.Trojan
CAT-QuickHeal Trojan.Vflooder.E3
ClamAV Win.Malware.Vtflooder-6723768-0
Comodo Packed.Win32.MUPX.Gen@24tbus
CrowdStrike win/malicious_confidence_100% (D)
Cybereason malicious.ecf026
Cylance Unsafe
Cyren W32/S-528c72e4!Eldorado
DrWeb Trojan.Flood.22062
ESET-NOD32 Win32/TrojanClicker.Tiny.NAM
Emsisoft Gen:Variant.Ulise.1586 (B)
Endgame malicious (high confidence)
F-Prot W32/S-528c72e4!Eldorado
F-Secure Trojan.TR/Crypt.XPACK.Gen
FireEye Generic.mg.8110e17ecf026969
Fortinet W32/TrojanClicker.NAM!tr
GData Gen:Variant.Ulise.1586
Ikarus Trojan.Crypt
Invincea heuristic
Jiangmin Trojan/Badur.cky
K7AntiVirus Spyware ( 0049c3e41 )
K7GW Spyware ( 0049c3e41 )
Kaspersky Trojan.Win32.Vtflooder.cft
MAX malware (ai score=89)
Malwarebytes Trojan.Flooder.UPX
McAfee VTFlooder!8110E17ECF02
McAfee-GW-Edition BehavesLike.Win32.VTFlooder.mz
MicroWorld-eScan Gen:Variant.Ulise.1586
Microsoft Trojan:Win32/Vflooder.B
NANO-Antivirus Trojan.Win32.Crypted.dbpklq
Panda Trj/Genetic.gen
Qihoo-360 HEUR/QVM19.1.B565.Malware.Gen
Rising Trojan.Win32.Vflooder.b (RDMK:cmRtazp+6ToZo9hgfMOhzgSBxBCp)
Sangfor Malware
SentinelOne DFI - Malicious PE
Sophos Troj/Agent-AHNL
TACHYON Trojan/W32.Vtflooder.27648
Tencent Trojan.Win32.VtFlooder.a
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2014-07-01 20:25:47

PE Imphash

3d8c26f4cb1782a87c3bb42796fb6b85

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
UPX0 0x00001000 0x00006000 0x00005400 1.9601880330287247
UPX1 0x00007000 0x00001000 0x00000e00 7.205364847460314
UPX2 0x00008000 0x00001000 0x00000200 3.417706440053802
.imports 0x00009000 0x00001000 0x00000400 3.212395201352827

Imports

Library KERNEL32.DLL:
0x402000 Sleep
0x402004 lstrlenA
0x402008 CreateThread
0x40200c VirtualFree
0x402010 GetModuleFileNameW
0x402014 GetTickCount
0x402018 ExitProcess
0x40201c GetFileSize
0x402020 VirtualAlloc
0x402024 ReadFile
0x402028 CloseHandle
0x40202c CreateFileW
0x402030 lstrlenW
0x402034 MultiByteToWideChar
Library ntdll.dll:
0x402078 memset
0x40207c _wtoi
0x402080 memcpy
Library ole32.dll:
Library SHLWAPI.dll:
0x40203c StrStrA
Library USER32.dll:
0x402044 wsprintfA
0x402048 wsprintfW
Library WINHTTP.dll:
0x402050 WinHttpCrackUrl
0x402054 WinHttpOpen
0x402058 WinHttpConnect
0x40205c WinHttpOpenRequest
0x402060 WinHttpSendRequest
0x402064 WinHttpQueryHeaders
0x402068 WinHttpReadData
0x40206c WinHttpCloseHandle
L!This program cannot be run in DOS mode.
wy3*3*3*3*6*:4*8*3*(*(:
*0*(::*2*Rich3*
.imports
EEEEMQj
27UREPh
E3EEEEEMQj
UREPMQ
RPQRh"@
EEPMQUREP
Qjhx#@
EMQUREPMQ
QjU REP
EUREPMQUR
9U}$EMT
--------%015d
Content-Disposition: form-data; name="apikey"
Content-Type: text/plain
a0283a2c3d55728300d064874239b5346fb991317e8449fe43c902879d758088
Content-Disposition: form-data; name="file"; filename="1.exe"
Content-Type: application/x-msdownload
Content-Transfer-Encoding: binary
--------%015d--
|$$$}rstuvwxyz{$$$$$$$>?@ABCDEFGHIJKLMNOPQRSTUVW$$$$$$XYZ[\]^_`abcdefghijklmnopq
lstrlenA
CreateThread
VirtualFree
GetModuleFileNameW
GetTickCount
ExitProcess
GetFileSize
VirtualAlloc
ReadFile
CloseHandle
CreateFileW
lstrlenW
MultiByteToWideChar
memset
memcpy
CreateStreamOnHGlobal
StrStrA
wsprintfA
wsprintfW
WinHttpCrackUrl
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpReadData
WinHttpCloseHandle
WinHttpReceiveResponse
`.rdata
@.data
UR+Eo2
WQF*,Cx
mNL.|LZ
PUR!n%j<EZds7s<
0P#aKR
d>7,Y0
*`0Wj%3
x @ah4t!
EPQh(%TH
QUvlVOI(#>
$F{A._
,_|#PCi
T(]5"7f
hl#@2t!
DUR`oYFn@p#
PhxsP!!<
ef%eaPJl
"1d,0t
jchl%p/E
&^B_Y9
P5%~JkuX
Me:}~k
77Gt"6$u
VjYL%F6
-?A%015d
-Dispositi
: form-data; name=
k"apikey"3.Type'
xt[lain
a0283a2c3d557
00d064874239b5346fb991317e8449fe43c9279d758088
icaD/x-msdownload
ransfer-Encodg4b
S{ary3--"4|
atnfm)d
2SigeF
s]u%toElI]xg
8F~s{(
N[ m.)
XA8VUsE//
/Opit Kx'-_X7u
}rstuvwxyz{$>?@ABCDEFGHIJKLMNOPQRSTUVWXY
Z[\]^_`abcdefghijklmnopq
lstrnACreateTh
VirtualFe
GetModul
TickCount
ExitProcess
_(SizeHAll
seHand
Mr}tiByoWideCharxwm;mA{_wtoi
=;cpyTStm
mOnHGpb<:w
D]vwsprifA
m{kgPEttpWaU
ma]5$^Hvive
,/T,$`
<eB`.ro
0'v+LI
XPTPSWXaD$j
KERNEL32.DLL
ntdll.dll
ole32.dll
SHLWAPI.dll
USER32.dll
WINHTTP.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
CreateStreamOnHGlobal
StrStrA
wsprintfA
WinHttpOpen
KERNEL32.DLL
lstrlenA
CreateThread
VirtualFree
GetModuleFileNameW
GetTickCount
ExitProcess
GetFileSize
VirtualAlloc
ReadFile
CloseHandle
CreateFileW
lstrlenW
MultiByteToWideChar
ntdll.dll
memset
memcpy
ole32.dll
CreateStreamOnHGlobal
SHLWAPI.dll
StrStrA
USER32.dll
wsprintfA
wsprintfW
WINHTTP.dll
WinHttpCrackUrl
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpReadData
WinHttpCloseHandle
WinHttpReceiveResponse
jjjjjj
jjjjjj
jjjjjj
twitter.com
/pidoras6
Content-Type: multipart/form-data; boundary=------%015d
/vtapi/v2/file/scan
www.virustotal.com
Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14
Content-Type: application/x-www-form-urlencoded

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 61714 8.8.8.8 53
192.168.56.101 56933 8.8.8.8 53
192.168.56.101 138 192.168.56.255 138
192.168.56.101 58485 114.114.114.114 53
192.168.56.101 58485 8.8.8.8 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.