4.0
中危
60 个模型检测该样本为恶意!
重新分析
更多

45dc30bcec908f472f43b27b576974827df9708fddd61c63a75a63b3259411a6

867f641694d4378acdb3cc83a957ca8c.exe

分析耗时

37s

最近分析

文件大小

751.0KB
静态报毒 动态报毒 AI SCORE=87 AIDETECTVM BXQI CLASSIC CONFIDENCE DELF DELPHILESS EMOY EMSE FAREIT GPPIP HIGH CONFIDENCE HOGYDQ KCLOUD KRYPTIK LOKI LOKIBOT MALICIOUS PE MALWARE1 MALWARE@#1B51G16DQDQN3 NANOCORE PWSX QVM05 S7SUQM7IH+W SCORE SIGGEN2 SMAD1 STATIC AI SUSGEN TSCOPE UGX@AS6HBBOI UNSAFE X2094 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Kryptik.16fb71eb 20190527 0.3.0.5
Tencent 20201211 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft Win32.Troj.Undef.(kcloud) 20201211 2017.9.26.565
McAfee Fareit-FVZ!867F641694D4 20201211 6.0.6.653
Avast Win32:PWSX-gen [Trj] 20201210 21.1.5827.0
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619712460.403375
NtAllocateVirtualMemory
process_identifier: 2404
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00370000
success 0 0
1619712460.762375
NtProtectVirtualMemory
process_identifier: 2404
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 40960
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0046c000
success 0 0
1619712460.778375
NtAllocateVirtualMemory
process_identifier: 2404
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x008a0000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.3470154436736586 section {'size_of_data': '0x0003a400', 'virtual_address': '0x00087000', 'entropy': 7.3470154436736586, 'name': '.rsrc', 'virtual_size': '0x0003a3b8'} description A section with a high entropy has been found
entropy 0.31087391594396263 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.24.14:443
File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
DrWeb Trojan.PWS.Siggen2.52272
MicroWorld-eScan Trojan.Delf.FareIt.Gen.7
FireEye Generic.mg.867f641694d4378a
ALYac Trojan.Delf.FareIt.Gen.7
Malwarebytes Trojan.MalPack.DLF
Zillya Trojan.Kryptik.Win32.2255126
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
BitDefender Trojan.Delf.FareIt.Gen.7
K7GW Riskware ( 0040eff71 )
Cybereason malicious.19138e
BitDefenderTheta Gen:NN.ZelphiF.34670.UGX@aS6hBboi
Cyren W32/Injector.BXQI-7705
Symantec Infostealer.Lokibot!43
APEX Malicious
Paloalto generic.ml
ClamAV Win.Dropper.Nanocore-9003807-0
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
Alibaba Trojan:Win32/Kryptik.16fb71eb
NANO-Antivirus Trojan.Win32.Kryptik.hogydq
AegisLab Trojan.Multi.Generic.4!c
Ad-Aware Trojan.Delf.FareIt.Gen.7
Sophos Mal/Generic-S
Comodo Malware@#1b51g16dqdqn3
F-Secure Trojan.TR/Injector.gppip
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.LOKI.SMAD1.hp
McAfee-GW-Edition BehavesLike.Win32.Fareit.bc
Emsisoft Trojan.Delf.FareIt.Gen.7 (B)
SentinelOne Static AI - Malicious PE
Jiangmin Trojan.Kryptik.bxd
Avira TR/Injector.gppip
Antiy-AVL Trojan/Win32.Kryptik
Kingsoft Win32.Troj.Undef.(kcloud)
Microsoft PWS:Win32/Fareit.AQ!MTB
Arcabit Trojan.Delf.FareIt.Gen.7
SUPERAntiSpyware Trojan.Agent/Gen-Injector
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Trojan.Delf.FareIt.Gen.7
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2094
Acronis suspicious
McAfee Fareit-FVZ!867F641694D4
MAX malware (ai score=87)
VBA32 TScope.Trojan.Delf
Cylance Unsafe
Panda Trj/CI.A
Zoner Trojan.Win32.97342
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x47a164 VirtualFree
0x47a168 VirtualAlloc
0x47a16c LocalFree
0x47a170 LocalAlloc
0x47a174 GetVersion
0x47a178 GetCurrentThreadId
0x47a184 VirtualQuery
0x47a188 WideCharToMultiByte
0x47a190 MultiByteToWideChar
0x47a194 lstrlenA
0x47a198 lstrcpynA
0x47a19c LoadLibraryExA
0x47a1a0 GetThreadLocale
0x47a1a4 GetStartupInfoA
0x47a1a8 GetProcAddress
0x47a1ac GetModuleHandleA
0x47a1b0 GetModuleFileNameA
0x47a1b4 GetLocaleInfoA
0x47a1b8 GetLastError
0x47a1c0 GetCommandLineA
0x47a1c4 FreeLibrary
0x47a1c8 FindFirstFileA
0x47a1cc FindClose
0x47a1d0 ExitProcess
0x47a1d4 WriteFile
0x47a1dc RtlUnwind
0x47a1e0 RaiseException
0x47a1e4 GetStdHandle
Library user32.dll:
0x47a1ec GetKeyboardType
0x47a1f0 LoadStringA
0x47a1f4 MessageBoxA
0x47a1f8 CharNextA
Library advapi32.dll:
0x47a200 RegQueryValueExA
0x47a204 RegOpenKeyExA
0x47a208 RegCloseKey
Library oleaut32.dll:
0x47a210 SysFreeString
0x47a214 SysReAllocStringLen
0x47a218 SysAllocStringLen
Library kernel32.dll:
0x47a220 TlsSetValue
0x47a224 TlsGetValue
0x47a228 LocalAlloc
0x47a22c GetModuleHandleA
Library advapi32.dll:
0x47a234 RegQueryValueExA
0x47a238 RegOpenKeyExA
0x47a23c RegCloseKey
Library kernel32.dll:
0x47a244 lstrcpyA
0x47a248 WriteFile
0x47a24c WaitForSingleObject
0x47a250 VirtualQuery
0x47a254 VirtualProtect
0x47a258 VirtualAlloc
0x47a25c Sleep
0x47a260 SizeofResource
0x47a264 SetThreadLocale
0x47a268 SetFilePointer
0x47a26c SetEvent
0x47a270 SetErrorMode
0x47a274 SetEndOfFile
0x47a278 ResetEvent
0x47a27c ReadFile
0x47a280 MultiByteToWideChar
0x47a284 MulDiv
0x47a288 LockResource
0x47a28c LoadResource
0x47a290 LoadLibraryA
0x47a29c GlobalUnlock
0x47a2a0 GlobalSize
0x47a2a4 GlobalReAlloc
0x47a2a8 GlobalHandle
0x47a2ac GlobalLock
0x47a2b0 GlobalFree
0x47a2b4 GlobalFindAtomA
0x47a2b8 GlobalDeleteAtom
0x47a2bc GlobalAlloc
0x47a2c0 GlobalAddAtomA
0x47a2c4 GetVersionExA
0x47a2c8 GetVersion
0x47a2cc GetUserDefaultLCID
0x47a2d0 GetTickCount
0x47a2d4 GetThreadLocale
0x47a2d8 GetSystemInfo
0x47a2dc GetStringTypeExA
0x47a2e0 GetStdHandle
0x47a2e4 GetProcAddress
0x47a2e8 GetModuleHandleA
0x47a2ec GetModuleFileNameA
0x47a2f0 GetLocaleInfoA
0x47a2f4 GetLocalTime
0x47a2f8 GetLastError
0x47a2fc GetFullPathNameA
0x47a300 GetFileAttributesA
0x47a304 GetDiskFreeSpaceA
0x47a308 GetDateFormatA
0x47a30c GetCurrentThreadId
0x47a310 GetCurrentProcessId
0x47a314 GetComputerNameA
0x47a318 GetCPInfo
0x47a31c GetACP
0x47a320 FreeResource
0x47a324 InterlockedExchange
0x47a328 FreeLibrary
0x47a32c FormatMessageA
0x47a330 FindResourceA
0x47a334 FindNextFileA
0x47a338 FindFirstFileA
0x47a33c FindClose
0x47a348 EnumCalendarInfoA
0x47a354 CreateThread
0x47a358 CreateFileA
0x47a35c CreateEventA
0x47a360 CompareStringA
0x47a364 CloseHandle
Library version.dll:
0x47a36c VerQueryValueA
0x47a374 GetFileVersionInfoA
Library gdi32.dll:
0x47a37c UnrealizeObject
0x47a380 StretchBlt
0x47a384 SetWindowOrgEx
0x47a388 SetWinMetaFileBits
0x47a38c SetViewportOrgEx
0x47a390 SetTextColor
0x47a394 SetStretchBltMode
0x47a398 SetROP2
0x47a39c SetPixel
0x47a3a0 SetMapMode
0x47a3a4 SetEnhMetaFileBits
0x47a3a8 SetDIBColorTable
0x47a3ac SetBrushOrgEx
0x47a3b0 SetBkMode
0x47a3b4 SetBkColor
0x47a3b8 SelectPalette
0x47a3bc SelectObject
0x47a3c0 SaveDC
0x47a3c4 RestoreDC
0x47a3c8 Rectangle
0x47a3cc RectVisible
0x47a3d0 RealizePalette
0x47a3d4 Polyline
0x47a3d8 PlayEnhMetaFile
0x47a3dc PatBlt
0x47a3e0 MoveToEx
0x47a3e4 MaskBlt
0x47a3e8 LineTo
0x47a3ec LPtoDP
0x47a3f0 IntersectClipRect
0x47a3f4 GetWindowOrgEx
0x47a3f8 GetWinMetaFileBits
0x47a3fc GetTextMetricsA
0x47a408 GetStockObject
0x47a40c GetPixel
0x47a410 GetPaletteEntries
0x47a414 GetObjectA
0x47a424 GetEnhMetaFileBits
0x47a428 GetDeviceCaps
0x47a42c GetDIBits
0x47a430 GetDIBColorTable
0x47a434 GetDCOrgEx
0x47a43c GetClipBox
0x47a440 GetBrushOrgEx
0x47a444 GetBitmapBits
0x47a448 ExtTextOutA
0x47a44c ExcludeClipRect
0x47a450 DeleteObject
0x47a454 DeleteEnhMetaFile
0x47a458 DeleteDC
0x47a45c CreateSolidBrush
0x47a460 CreatePenIndirect
0x47a464 CreatePalette
0x47a46c CreateFontIndirectA
0x47a470 CreateEnhMetaFileA
0x47a474 CreateDIBitmap
0x47a478 CreateDIBSection
0x47a47c CreateCompatibleDC
0x47a484 CreateBrushIndirect
0x47a488 CreateBitmap
0x47a48c CopyEnhMetaFileA
0x47a490 CloseEnhMetaFile
0x47a494 BitBlt
Library user32.dll:
0x47a49c CreateWindowExA
0x47a4a0 WindowFromPoint
0x47a4a4 WinHelpA
0x47a4a8 WaitMessage
0x47a4ac UpdateWindow
0x47a4b0 UnregisterClassA
0x47a4b4 UnhookWindowsHookEx
0x47a4b8 TranslateMessage
0x47a4c0 TrackPopupMenu
0x47a4c8 ShowWindow
0x47a4cc ShowScrollBar
0x47a4d0 ShowOwnedPopups
0x47a4d4 ShowCursor
0x47a4d8 SetWindowsHookExA
0x47a4dc SetWindowTextA
0x47a4e0 SetWindowPos
0x47a4e4 SetWindowPlacement
0x47a4e8 SetWindowLongA
0x47a4ec SetTimer
0x47a4f0 SetScrollRange
0x47a4f4 SetScrollPos
0x47a4f8 SetScrollInfo
0x47a4fc SetRect
0x47a500 SetPropA
0x47a504 SetParent
0x47a508 SetMenuItemInfoA
0x47a50c SetMenu
0x47a510 SetForegroundWindow
0x47a514 SetFocus
0x47a518 SetCursor
0x47a51c SetClassLongA
0x47a520 SetCapture
0x47a524 SetActiveWindow
0x47a528 SendMessageA
0x47a52c ScrollWindow
0x47a530 ScreenToClient
0x47a534 RemovePropA
0x47a538 RemoveMenu
0x47a53c ReleaseDC
0x47a540 ReleaseCapture
0x47a54c RegisterClassA
0x47a550 RedrawWindow
0x47a554 PtInRect
0x47a558 PostQuitMessage
0x47a55c PostMessageA
0x47a560 PeekMessageA
0x47a564 OffsetRect
0x47a568 OemToCharA
0x47a56c MessageBoxA
0x47a570 MapWindowPoints
0x47a574 MapVirtualKeyA
0x47a578 LoadStringA
0x47a57c LoadKeyboardLayoutA
0x47a580 LoadIconA
0x47a584 LoadCursorA
0x47a588 LoadBitmapA
0x47a58c KillTimer
0x47a590 IsZoomed
0x47a594 IsWindowVisible
0x47a598 IsWindowEnabled
0x47a59c IsWindow
0x47a5a0 IsRectEmpty
0x47a5a4 IsIconic
0x47a5a8 IsDialogMessageA
0x47a5ac IsChild
0x47a5b0 InvalidateRect
0x47a5b4 IntersectRect
0x47a5b8 InsertMenuItemA
0x47a5bc InsertMenuA
0x47a5c0 InflateRect
0x47a5c8 GetWindowTextA
0x47a5cc GetWindowRect
0x47a5d0 GetWindowPlacement
0x47a5d4 GetWindowLongA
0x47a5d8 GetWindowDC
0x47a5dc GetTopWindow
0x47a5e0 GetSystemMetrics
0x47a5e4 GetSystemMenu
0x47a5e8 GetSysColorBrush
0x47a5ec GetSysColor
0x47a5f0 GetSubMenu
0x47a5f4 GetScrollRange
0x47a5f8 GetScrollPos
0x47a5fc GetScrollInfo
0x47a600 GetPropA
0x47a604 GetParent
0x47a608 GetWindow
0x47a60c GetMessageTime
0x47a610 GetMenuStringA
0x47a614 GetMenuState
0x47a618 GetMenuItemInfoA
0x47a61c GetMenuItemID
0x47a620 GetMenuItemCount
0x47a624 GetMenu
0x47a628 GetLastActivePopup
0x47a62c GetKeyboardState
0x47a634 GetKeyboardLayout
0x47a638 GetKeyState
0x47a63c GetKeyNameTextA
0x47a640 GetIconInfo
0x47a644 GetForegroundWindow
0x47a648 GetFocus
0x47a64c GetDlgItem
0x47a650 GetDesktopWindow
0x47a654 GetDCEx
0x47a658 GetDC
0x47a65c GetCursorPos
0x47a660 GetCursor
0x47a664 GetClipboardData
0x47a668 GetClientRect
0x47a66c GetClassNameA
0x47a670 GetClassInfoA
0x47a674 GetCapture
0x47a678 GetActiveWindow
0x47a67c FrameRect
0x47a680 FindWindowA
0x47a684 FillRect
0x47a688 EqualRect
0x47a68c EnumWindows
0x47a690 EnumThreadWindows
0x47a694 EndPaint
0x47a698 EnableWindow
0x47a69c EnableScrollBar
0x47a6a0 EnableMenuItem
0x47a6a4 DrawTextA
0x47a6a8 DrawMenuBar
0x47a6ac DrawIconEx
0x47a6b0 DrawIcon
0x47a6b4 DrawFrameControl
0x47a6b8 DrawFocusRect
0x47a6bc DrawEdge
0x47a6c0 DispatchMessageA
0x47a6c4 DestroyWindow
0x47a6c8 DestroyMenu
0x47a6cc DestroyIcon
0x47a6d0 DestroyCursor
0x47a6d4 DeleteMenu
0x47a6d8 DefWindowProcA
0x47a6dc DefMDIChildProcA
0x47a6e0 DefFrameProcA
0x47a6e4 CreatePopupMenu
0x47a6e8 CreateMenu
0x47a6ec CreateIcon
0x47a6f0 ClientToScreen
0x47a6f4 CheckMenuItem
0x47a6f8 CallWindowProcA
0x47a6fc CallNextHookEx
0x47a700 BeginPaint
0x47a704 CharNextA
0x47a708 CharLowerBuffA
0x47a70c CharLowerA
0x47a710 CharToOemA
0x47a714 AdjustWindowRectEx
Library kernel32.dll:
0x47a720 Sleep
Library oleaut32.dll:
0x47a728 SafeArrayPtrOfIndex
0x47a72c SafeArrayGetUBound
0x47a730 SafeArrayGetLBound
0x47a734 SafeArrayCreate
0x47a738 VariantChangeType
0x47a73c VariantCopy
0x47a740 VariantClear
0x47a744 VariantInit
Library ole32.dll:
0x47a750 IsAccelerator
0x47a754 OleDraw
0x47a75c CoTaskMemFree
0x47a760 ProgIDFromCLSID
0x47a764 StringFromCLSID
0x47a768 CoCreateInstance
0x47a76c CoGetClassObject
0x47a770 CoUninitialize
0x47a774 CoInitialize
0x47a778 IsEqualGUID
Library oleaut32.dll:
0x47a780 GetErrorInfo
0x47a784 GetActiveObject
0x47a788 SysFreeString
Library comctl32.dll:
0x47a798 ImageList_Write
0x47a79c ImageList_Read
0x47a7ac ImageList_DragMove
0x47a7b0 ImageList_DragLeave
0x47a7b4 ImageList_DragEnter
0x47a7b8 ImageList_EndDrag
0x47a7bc ImageList_BeginDrag
0x47a7c0 ImageList_Remove
0x47a7c4 ImageList_DrawEx
0x47a7c8 ImageList_Replace
0x47a7cc ImageList_Draw
0x47a7dc ImageList_Add
0x47a7e4 ImageList_Destroy
0x47a7e8 ImageList_Create
Library comdlg32.dll:
0x47a7f0 GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 53658 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 60216 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.