4.6
中危
45 个模型检测该样本为恶意!
重新分析
更多

f7723b0a935da0543cba04fe7f9785ff1a6bf086c963e4fae08dcd3ed0fa59c3

852ea8d27fc4653ec19e7e66d1fa3a9d.exe

分析耗时

93s

最近分析

文件大小

874.0KB
静态报毒 动态报毒 100% 2YW@AGG54MNI ADWAREX AGEN AI SCORE=75 AIDETECTVM ATTRIBUTE BUNDLER CHAPAK CONFIDENCE ELDORADO FMTV GENERICPMF GENETIC GRAYWARE GTSW HIGH CONFIDENCE HIGHCONFIDENCE ISTARTSURF ISTARTSURFINSTALLER KRYPTIK MALICIOUS PE MALWARE1 PREPSCRAM PS@8C4M91 R275102 S6487981 SCORE SOFTWAREBUNDLER SYACJB0ZZFP ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee IStartSurf 20200830 6.0.6.653
Alibaba 20190527 0.3.0.5
Avast Win32:AdwareX-gen [Adw] 20200830 18.4.3895.0
Baidu 20190318 1.0.0.2
Kingsoft 20200830 2013.8.14.323
Tencent 20200830 1.0.0.1
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
行为判定
动态指标
Performs some HTTP requests (1 个事件)
request GET http://d1hq9wbcfo7dcl.cloudfront.nethttp://d1hq9wbcfo7dcl.cloudfront.net/offer.php?affId=1278&trackingId=416061048&instId=731&ho_trackingid=HO416061048&cc=US&sb=x64&wv=7sp1&db=Chrome&uac=1&cid=45617f22da69ecdb42ae1967c0480004&v=3&net=4.0.30319&ie=8%2e0%2e7601%2e17514&res=800x600&osd=31&kid=hqmrb21b9e4evvjvoqo
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1620808794.9835
NtProtectVirtualMemory
process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00b27000
success 0 0
1620808794.9995
NtAllocateVirtualMemory
process_identifier: 2988
region_size: 806912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00970000
success 0 0
1620808794.9995
NtAllocateVirtualMemory
process_identifier: 2988
region_size: 827392
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01f30000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 113.108.239.196
host 172.217.24.14
File has been identified by 45 AntiVirus engines on VirusTotal as malicious (45 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Application.Bundler.iStartSurf.AJX
FireEye Generic.mg.852ea8d27fc4653e
CAT-QuickHeal Trojan.GenericPMF.S6487981
McAfee IStartSurf
Malwarebytes Trojan.IStartSurf
SUPERAntiSpyware PUP.Bundler/Variant
Sangfor Malware
K7AntiVirus Trojan ( 0054ea9e1 )
K7GW Trojan ( 0054ea9e1 )
Cybereason malicious.27fc46
Arcabit Application.Bundler.iStartSurf.AJX
BitDefenderTheta Gen:NN.ZexaF.34196.2yW@aGG54mni
Cyren W32/Agent.BAF.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:AdwareX-gen [Adw]
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Application.Bundler.iStartSurf.AJX
Rising Exploit.UAC!8.107CD (TFE:1:syacjB0zzFP)
Ad-Aware Application.Bundler.iStartSurf.AJX
Comodo Application.Win32.IStartSurf.PS@8c4m91
F-Secure Heuristic.HEUR/AGEN.1103295
Invincea heuristic
Sophos IStartSurfInstaller (PUA)
SentinelOne DFI - Malicious PE
Jiangmin Trojan.Chapak.dwb
Webroot W32.Adware.Gen
Avira HEUR/AGEN.1103295
MAX malware (ai score=75)
Antiy-AVL GrayWare/Win32.Kryptik.cux
Microsoft SoftwareBundler:Win32/Prepscram
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Application.Bundler.iStartSurf.AJX
Cynet Malicious (score: 100)
AhnLab-V3 PUP/Win32.IStartSurf.R275102
Acronis suspicious
VBA32 Adware.Prepscram
ESET-NOD32 a variant of Win32/Kryptik.GTSW
Ikarus PUA.Win32.Prepscram
Fortinet W32/Kryptik.FMTV!tr
AVG Win32:AdwareX-gen [Adw]
Panda Trj/Genetic.gen
CrowdStrike win/malicious_confidence_100% (D)
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
dead_host 142.250.66.110:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-06-06 18:04:39

Imports

Library KERNEL32.dll:
0x4d1000 GetModuleHandleW
0x4d1004 VirtualProtect
0x4d1008 WriteConsoleW
0x4d100c CloseHandle
0x4d1010 CreateFileW
0x4d1014 SetFilePointerEx
0x4d1018 GetConsoleMode
0x4d101c GetConsoleCP
0x4d1020 FlushFileBuffers
0x4d1024 HeapReAlloc
0x4d1028 HeapSize
0x4d1034 GetCurrentProcess
0x4d1038 TerminateProcess
0x4d1044 GetCurrentProcessId
0x4d1048 GetCurrentThreadId
0x4d1050 InitializeSListHead
0x4d1054 IsDebuggerPresent
0x4d1058 GetStartupInfoW
0x4d105c RtlUnwind
0x4d1060 GetLastError
0x4d1064 SetLastError
0x4d1078 TlsAlloc
0x4d107c TlsGetValue
0x4d1080 TlsSetValue
0x4d1084 TlsFree
0x4d1088 FreeLibrary
0x4d108c GetProcAddress
0x4d1090 LoadLibraryExW
0x4d1094 RaiseException
0x4d1098 GetStdHandle
0x4d109c WriteFile
0x4d10a0 GetModuleFileNameW
0x4d10a4 ExitProcess
0x4d10a8 GetModuleHandleExW
0x4d10ac HeapAlloc
0x4d10b0 HeapFree
0x4d10b4 FindClose
0x4d10b8 FindFirstFileExW
0x4d10bc FindNextFileW
0x4d10c0 IsValidCodePage
0x4d10c4 GetACP
0x4d10c8 GetOEMCP
0x4d10cc GetCPInfo
0x4d10d0 GetCommandLineA
0x4d10d4 GetCommandLineW
0x4d10d8 MultiByteToWideChar
0x4d10dc WideCharToMultiByte
0x4d10e8 SetStdHandle
0x4d10ec GetFileType
0x4d10f0 GetStringTypeW
0x4d10f4 LCMapStringW
0x4d10f8 GetProcessHeap
0x4d10fc DecodePointer
Library USER32.dll:
Library urlmon.dll:
0x4d1120 CreateURLMoniker
Library WSCAPI.dll:

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49177 52.85.56.217 d1hq9wbcfo7dcl.cloudfront.net 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60221 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://d1hq9wbcfo7dcl.cloudfront.net/http://d1hq9wbcfo7dcl.cloudfront.net/offer.php?affId=1278&trackingId=416061048&instId=731&ho_trackingid=HO416061048&cc=US&sb=x64&wv=7sp1&db=Chrome&uac=1&cid=45617f22da69ecdb42ae1967c0480004&v=3&net=4.0.30319&ie=8%2e0%2e7601%2e17514&res=800x600&osd=31&kid=hqmrb21b9e4evvjvoqo 
GET http://d1hq9wbcfo7dcl.cloudfront.net/offer.php?affId=1278&trackingId=416061048&instId=731&ho_trackingid=HO416061048&cc=US&sb=x64&wv=7sp1&db=Chrome&uac=1&cid=45617f22da69ecdb42ae1967c0480004&v=3&net=4.0.30319&ie=8%2e0%2e7601%2e17514&res=800x600&osd=31&kid=hqmrb21b9e4evvjvoqo HTTP/1.1
Host: d1hq9wbcfo7dcl.cloudfront.net
Connection: close
Accept: */*
User-Agent:

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.