5.2
中危
48 个模型检测该样本为恶意!
重新分析
更多

b1e43124a401714ce72691a059cfaf3182e0e63986ab8e165d8333bf11540568

8152535e957820c4977d19f87ff3ed1c.exe

分析耗时

89s

最近分析

文件大小

612.0KB
静态报毒 动态报毒 4QHUYSMYKXP AGEN AI SCORE=86 AIDETECTVM ATTRIBUTE BSCOPE BUJISP CONFIDENCE DELF DELPHI DXWC ELDORADO GDSDA GENERIC PUA AM GENERIC PUP GENERICKD HACKTOOL HIGH CONFIDENCE HIGHCONFIDENCE HRXEIZ IGENT MALICIOUS PE MALWARE2 MALWARE@#3J7DYDWLAISGO MGW@A4XI4DDI SCORE SUSGEN UNSAFE WACATAC ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee RDN/Generic PUP.z 20201023 6.0.6.653
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Tencent Win32.Trojan-downloader.Agent.Dxwc 20201023 1.0.0.1
Kingsoft 20201023 2013.8.14.323
CrowdStrike win/malicious_confidence_80% (W) 20190702 1.0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619685968.07875
NtAllocateVirtualMemory
process_identifier: 2764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003a0000
success 0 0
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1619685983.75075
NtProtectVirtualMemory
process_identifier: 2764
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 40960
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffff
base_address: 0x032f1000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Disables proxy possibly for traffic interception (1 个事件)
Time & API Arguments Status Return Repeated
1619685998.96875
RegSetValueExA
key_handle: 0x000002e4
value: 0
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
success 0 0
File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.43663389
FireEye Generic.mg.8152535e957820c4
McAfee RDN/Generic PUP.z
Malwarebytes Trojan.Downloader.DLF
Zillya Downloader.Delf.Win32.59699
AegisLab Trojan.Multi.Generic.4!c
Sangfor Malware
K7AntiVirus Trojan-Downloader ( 0056ca6c1 )
K7GW Trojan-Downloader ( 0056ca6c1 )
Arcabit Trojan.Generic.D29A401D
Cyren W32/Delf.LQ.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan-Downloader.Win32.Agent.gen
BitDefender Trojan.GenericKD.43663389
NANO-Antivirus Trojan.Win32.Delphi.hrxeiz
Tencent Win32.Trojan-downloader.Agent.Dxwc
Ad-Aware Trojan.GenericKD.43663389
Emsisoft Trojan.GenericKD.43663389 (B)
Comodo Malware@#3j7dydwlaisgo
VIPRE Trojan.Win32.Generic!BT
Invincea Generic PUA AM (PUA)
McAfee-GW-Edition RDN/Generic PUP.z
Sophos Generic PUA AM (PUA)
Ikarus Trojan.Win32.Injector
Avira HEUR/AGEN.1138481
Antiy-AVL HackTool/Win32.Agent
Microsoft Trojan:Win32/Wacatac.C!ml
ZoneAlarm HEUR:Trojan-Downloader.Win32.Agent.gen
GData Trojan.GenericKD.43663389
Cynet Malicious (score: 100)
BitDefenderTheta Gen:NN.ZelphiF.34570.MGW@a4XI4ddi
MAX malware (ai score=86)
VBA32 BScope.Trojan.Downloader
Cylance Unsafe
ESET-NOD32 Win32/TrojanDownloader.Delf.CZO
Rising Downloader.Delf!8.16F (TFE:5:4QHUysmykXP)
Yandex Trojan.Igent.bUjISp.8
SentinelOne DFI - Malicious PE
MaxSecure Trojan.Malware.1929549.susgen
Fortinet Riskware/Agent
AVG Win32:Malware-gen
Panda Trj/GdSda.A
CrowdStrike win/malicious_confidence_80% (W)
Qihoo-360 Win32/Trojan.Hacktool.ccf
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
dead_host 162.125.8.1:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x477178 VirtualFree
0x47717c VirtualAlloc
0x477180 LocalFree
0x477184 LocalAlloc
0x477188 GetTickCount
0x477190 GetVersion
0x477194 GetCurrentThreadId
0x4771a0 VirtualQuery
0x4771a4 WideCharToMultiByte
0x4771a8 MultiByteToWideChar
0x4771ac lstrlenA
0x4771b0 lstrcpynA
0x4771b4 LoadLibraryExA
0x4771b8 GetThreadLocale
0x4771bc GetStartupInfoA
0x4771c0 GetProcAddress
0x4771c4 GetModuleHandleA
0x4771c8 GetModuleFileNameA
0x4771cc GetLocaleInfoA
0x4771d0 GetCommandLineA
0x4771d4 FreeLibrary
0x4771d8 FindFirstFileA
0x4771dc FindClose
0x4771e0 ExitProcess
0x4771e4 WriteFile
0x4771ec RtlUnwind
0x4771f0 RaiseException
0x4771f4 GetStdHandle
Library user32.dll:
0x4771fc GetKeyboardType
0x477200 LoadStringA
0x477204 MessageBoxA
0x477208 CharNextA
Library advapi32.dll:
0x477210 RegQueryValueExA
0x477214 RegOpenKeyExA
0x477218 RegCloseKey
Library oleaut32.dll:
0x477220 SysFreeString
0x477224 SysReAllocStringLen
0x477228 SysAllocStringLen
Library kernel32.dll:
0x477230 TlsSetValue
0x477234 TlsGetValue
0x477238 LocalAlloc
0x47723c GetModuleHandleA
Library advapi32.dll:
0x477244 RegQueryValueExA
0x477248 RegOpenKeyExA
0x47724c RegCloseKey
Library kernel32.dll:
0x477254 lstrcpyA
0x477258 lstrcmpiA
0x47725c WriteFile
0x477260 WaitForSingleObject
0x477264 VirtualQuery
0x477268 VirtualProtect
0x47726c VirtualAlloc
0x477270 Sleep
0x477274 SizeofResource
0x477278 SetThreadLocale
0x47727c SetFilePointer
0x477280 SetEvent
0x477284 SetErrorMode
0x477288 SetEndOfFile
0x47728c ResetEvent
0x477290 ReadFile
0x477294 MultiByteToWideChar
0x477298 MulDiv
0x47729c LockResource
0x4772a0 LoadResource
0x4772a4 LoadLibraryA
0x4772b0 GlobalUnlock
0x4772b4 GlobalReAlloc
0x4772b8 GlobalHandle
0x4772bc GlobalLock
0x4772c0 GlobalFree
0x4772c4 GlobalFindAtomA
0x4772c8 GlobalDeleteAtom
0x4772cc GlobalAlloc
0x4772d0 GlobalAddAtomA
0x4772d4 GetVersionExA
0x4772d8 GetVersion
0x4772dc GetTickCount
0x4772e0 GetThreadLocale
0x4772e4 GetSystemInfo
0x4772e8 GetStringTypeExA
0x4772ec GetStdHandle
0x4772f0 GetProcAddress
0x4772f4 GetModuleHandleA
0x4772f8 GetModuleFileNameA
0x4772fc GetLocaleInfoA
0x477300 GetLocalTime
0x477304 GetLastError
0x477308 GetFullPathNameA
0x47730c GetDiskFreeSpaceA
0x477310 GetDateFormatA
0x477314 GetCurrentThreadId
0x477318 GetCurrentProcessId
0x47731c GetCPInfo
0x477320 GetACP
0x477324 FreeResource
0x477328 InterlockedExchange
0x47732c FreeLibrary
0x477330 FormatMessageA
0x477334 FindResourceA
0x477338 EnumCalendarInfoA
0x477344 CreateThread
0x477348 CreateFileA
0x47734c CreateEventA
0x477350 CompareStringA
0x477354 CloseHandle
Library version.dll:
0x47735c VerQueryValueA
0x477364 GetFileVersionInfoA
Library gdi32.dll:
0x47736c UnrealizeObject
0x477370 StretchBlt
0x477374 SetWindowOrgEx
0x477378 SetViewportOrgEx
0x47737c SetTextColor
0x477380 SetStretchBltMode
0x477384 SetROP2
0x477388 SetPixel
0x47738c SetDIBColorTable
0x477390 SetBrushOrgEx
0x477394 SetBkMode
0x477398 SetBkColor
0x47739c SelectPalette
0x4773a0 SelectObject
0x4773a4 SelectClipRgn
0x4773a8 SaveDC
0x4773ac RestoreDC
0x4773b0 Rectangle
0x4773b4 RectVisible
0x4773b8 RealizePalette
0x4773bc Polyline
0x4773c0 PatBlt
0x4773c4 MoveToEx
0x4773c8 MaskBlt
0x4773cc LineTo
0x4773d0 IntersectClipRect
0x4773d4 GetWindowOrgEx
0x4773d8 GetTextMetricsA
0x4773e4 GetStockObject
0x4773e8 GetPixel
0x4773ec GetPaletteEntries
0x4773f0 GetObjectA
0x4773f4 GetDeviceCaps
0x4773f8 GetDIBits
0x4773fc GetDIBColorTable
0x477400 GetDCOrgEx
0x477408 GetClipBox
0x47740c GetBrushOrgEx
0x477410 GetBkMode
0x477414 GetBitmapBits
0x477418 ExcludeClipRect
0x47741c DeleteObject
0x477420 DeleteDC
0x477424 CreateSolidBrush
0x477428 CreatePenIndirect
0x47742c CreatePalette
0x477434 CreateFontIndirectA
0x477438 CreateDIBitmap
0x47743c CreateDIBSection
0x477440 CreateCompatibleDC
0x477448 CreateBrushIndirect
0x47744c CreateBitmap
0x477450 BitBlt
Library user32.dll:
0x477458 CreateWindowExA
0x47745c WindowFromPoint
0x477460 WinHelpA
0x477464 WaitMessage
0x477468 UpdateWindow
0x47746c UnregisterClassA
0x477470 UnhookWindowsHookEx
0x477474 TranslateMessage
0x47747c TrackPopupMenu
0x477484 ShowWindow
0x477488 ShowScrollBar
0x47748c ShowOwnedPopups
0x477490 ShowCursor
0x477494 SetWindowsHookExA
0x477498 SetWindowTextA
0x47749c SetWindowPos
0x4774a0 SetWindowPlacement
0x4774a4 SetWindowLongA
0x4774a8 SetTimer
0x4774ac SetScrollRange
0x4774b0 SetScrollPos
0x4774b4 SetScrollInfo
0x4774b8 SetRect
0x4774bc SetPropA
0x4774c0 SetParent
0x4774c4 SetMenuItemInfoA
0x4774c8 SetMenu
0x4774cc SetForegroundWindow
0x4774d0 SetFocus
0x4774d4 SetCursor
0x4774d8 SetClassLongA
0x4774dc SetCapture
0x4774e0 SetActiveWindow
0x4774e4 SendMessageA
0x4774e8 ScrollWindow
0x4774ec ScreenToClient
0x4774f0 RemovePropA
0x4774f4 RemoveMenu
0x4774f8 ReleaseDC
0x4774fc ReleaseCapture
0x477508 RegisterClassA
0x47750c RedrawWindow
0x477510 PtInRect
0x477514 PostQuitMessage
0x477518 PostMessageA
0x47751c PeekMessageA
0x477520 OffsetRect
0x477524 OemToCharA
0x477528 MessageBoxA
0x47752c MapWindowPoints
0x477530 MapVirtualKeyA
0x477534 LoadStringA
0x477538 LoadKeyboardLayoutA
0x47753c LoadIconA
0x477540 LoadCursorA
0x477544 LoadBitmapA
0x477548 KillTimer
0x47754c IsZoomed
0x477550 IsWindowVisible
0x477554 IsWindowEnabled
0x477558 IsWindow
0x47755c IsRectEmpty
0x477560 IsIconic
0x477564 IsDialogMessageA
0x477568 IsChild
0x47756c InvalidateRect
0x477570 IntersectRect
0x477574 InsertMenuItemA
0x477578 InsertMenuA
0x47757c InflateRect
0x477584 GetWindowTextA
0x477588 GetWindowRect
0x47758c GetWindowPlacement
0x477590 GetWindowLongA
0x477594 GetWindowDC
0x477598 GetTopWindow
0x47759c GetSystemMetrics
0x4775a0 GetSystemMenu
0x4775a4 GetSysColorBrush
0x4775a8 GetSysColor
0x4775ac GetSubMenu
0x4775b0 GetScrollRange
0x4775b4 GetScrollPos
0x4775b8 GetScrollInfo
0x4775bc GetPropA
0x4775c0 GetParent
0x4775c4 GetWindow
0x4775c8 GetMenuStringA
0x4775cc GetMenuState
0x4775d0 GetMenuItemInfoA
0x4775d4 GetMenuItemID
0x4775d8 GetMenuItemCount
0x4775dc GetMenu
0x4775e0 GetLastActivePopup
0x4775e4 GetKeyboardState
0x4775ec GetKeyboardLayout
0x4775f0 GetKeyState
0x4775f4 GetKeyNameTextA
0x4775f8 GetIconInfo
0x4775fc GetForegroundWindow
0x477600 GetFocus
0x477604 GetDesktopWindow
0x477608 GetDCEx
0x47760c GetDC
0x477610 GetCursorPos
0x477614 GetCursor
0x477618 GetClientRect
0x47761c GetClassNameA
0x477620 GetClassInfoA
0x477624 GetCapture
0x477628 GetActiveWindow
0x47762c FrameRect
0x477630 FindWindowA
0x477634 FillRect
0x477638 EqualRect
0x47763c EnumWindows
0x477640 EnumThreadWindows
0x477644 EndPaint
0x477648 EndDeferWindowPos
0x47764c EnableWindow
0x477650 EnableScrollBar
0x477654 EnableMenuItem
0x477658 DrawTextA
0x47765c DrawMenuBar
0x477660 DrawIconEx
0x477664 DrawIcon
0x477668 DrawFrameControl
0x47766c DrawFocusRect
0x477670 DrawEdge
0x477674 DispatchMessageA
0x477678 DestroyWindow
0x47767c DestroyMenu
0x477680 DestroyIcon
0x477684 DestroyCursor
0x477688 DeleteMenu
0x47768c DeferWindowPos
0x477690 DefWindowProcA
0x477694 DefMDIChildProcA
0x477698 DefFrameProcA
0x47769c CreatePopupMenu
0x4776a0 CreateMenu
0x4776a4 CreateIcon
0x4776a8 ClientToScreen
0x4776ac CheckMenuItem
0x4776b0 CallWindowProcA
0x4776b4 CallNextHookEx
0x4776b8 BeginPaint
0x4776bc BeginDeferWindowPos
0x4776c0 CharNextA
0x4776c4 CharLowerA
0x4776c8 CharUpperBuffA
0x4776cc CharToOemA
0x4776d0 AdjustWindowRectEx
Library kernel32.dll:
0x4776dc Sleep
Library oleaut32.dll:
0x4776e4 SafeArrayPtrOfIndex
0x4776e8 SafeArrayPutElement
0x4776ec SafeArrayGetElement
0x4776f4 SafeArrayAccessData
0x4776f8 SafeArrayGetUBound
0x4776fc SafeArrayGetLBound
0x477700 SafeArrayCreate
0x477704 VariantChangeType
0x477708 VariantCopyInd
0x47770c VariantCopy
0x477710 VariantClear
0x477714 VariantInit
Library ole32.dll:
0x47771c CoUninitialize
0x477720 CoInitialize
Library oleaut32.dll:
0x477728 GetErrorInfo
0x47772c SysFreeString
Library comctl32.dll:
0x47773c ImageList_Write
0x477740 ImageList_Read
0x477750 ImageList_DragMove
0x477754 ImageList_DragLeave
0x477758 ImageList_DragEnter
0x47775c ImageList_EndDrag
0x477760 ImageList_BeginDrag
0x477764 ImageList_Remove
0x477768 ImageList_DrawEx
0x47776c ImageList_Replace
0x477770 ImageList_Draw
0x477780 ImageList_Add
0x47778c ImageList_Destroy
0x477790 ImageList_Create
Library comdlg32.dll:
0x477798 ChooseColorA
Library UrL:
0x4777a0 InetIsOffline

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.