5.4
中危
50 个模型检测该样本为恶意!
重新分析
更多

3142e234938b7d0d3bccb3faada5555b00f9e5d8fe9fc7dba7efe07ae03e4d99

86e098767867b13c91aa0b5c7c37ace3.exe

分析耗时

99s

最近分析

文件大小

949.5KB
静态报毒 动态报毒 100% 7M0@AOACXJK AGENSLA AI SCORE=84 ATTRIBUTE AUTO AVSARHER BUBVUR CONFIDENCE EEXCG ELDORADO FAREIT FORMBOOK GDSDA HIGH CONFIDENCE HIGHCONFIDENCE KRYPTIK MALICIOUS PE MALWARE@#IGRZR8BWPK0P MSILRANDOMKRYPT NANOCORE PACKEDNET PWSX R345359 SCORE STATIC AI TSCOPE UNSAFE YAKBEEXMSIL ZEMSILF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Avast Win32:PWSX-gen [Trj] 20201210 21.1.5827.0
Alibaba TrojanSpy:MSIL/FormBook.ff8ad256 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Kingsoft 20201211 2017.9.26.565
McAfee Fareit-FUQ!86E098767867 20201211 6.0.6.653
Tencent Win32.Trojan.Inject.Auto 20201211 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Checks if process is being debugged by a debugger (50 out of 142 个事件)
Time & API Arguments Status Return Repeated
1620820212.69025
IsDebuggerPresent
failed 0 0
1620820212.69025
IsDebuggerPresent
failed 0 0
1620820214.95625
IsDebuggerPresent
failed 0 0
1620820215.40925
IsDebuggerPresent
failed 0 0
1620820215.95625
IsDebuggerPresent
failed 0 0
1620820216.40925
IsDebuggerPresent
failed 0 0
1620820216.95625
IsDebuggerPresent
failed 0 0
1620820217.40925
IsDebuggerPresent
failed 0 0
1620820217.95625
IsDebuggerPresent
failed 0 0
1620820218.40925
IsDebuggerPresent
failed 0 0
1620820218.95625
IsDebuggerPresent
failed 0 0
1620820219.40925
IsDebuggerPresent
failed 0 0
1620820219.95625
IsDebuggerPresent
failed 0 0
1620820220.40925
IsDebuggerPresent
failed 0 0
1620820220.95625
IsDebuggerPresent
failed 0 0
1620820221.40925
IsDebuggerPresent
failed 0 0
1620820221.95625
IsDebuggerPresent
failed 0 0
1620820222.40925
IsDebuggerPresent
failed 0 0
1620820222.95625
IsDebuggerPresent
failed 0 0
1620820223.40925
IsDebuggerPresent
failed 0 0
1620820223.95625
IsDebuggerPresent
failed 0 0
1620820224.40925
IsDebuggerPresent
failed 0 0
1620820224.95625
IsDebuggerPresent
failed 0 0
1620820225.40925
IsDebuggerPresent
failed 0 0
1620820225.95625
IsDebuggerPresent
failed 0 0
1620820226.40925
IsDebuggerPresent
failed 0 0
1620820226.95625
IsDebuggerPresent
failed 0 0
1620820227.40925
IsDebuggerPresent
failed 0 0
1620820227.95625
IsDebuggerPresent
failed 0 0
1620820228.40925
IsDebuggerPresent
failed 0 0
1620820228.95625
IsDebuggerPresent
failed 0 0
1620820229.40925
IsDebuggerPresent
failed 0 0
1620820229.95625
IsDebuggerPresent
failed 0 0
1620820230.40925
IsDebuggerPresent
failed 0 0
1620820230.95625
IsDebuggerPresent
failed 0 0
1620820231.40925
IsDebuggerPresent
failed 0 0
1620820231.95625
IsDebuggerPresent
failed 0 0
1620820232.40925
IsDebuggerPresent
failed 0 0
1620820232.95625
IsDebuggerPresent
failed 0 0
1620820233.40925
IsDebuggerPresent
failed 0 0
1620820233.95625
IsDebuggerPresent
failed 0 0
1620820234.40925
IsDebuggerPresent
failed 0 0
1620820234.95625
IsDebuggerPresent
failed 0 0
1620820235.40925
IsDebuggerPresent
failed 0 0
1620820235.95625
IsDebuggerPresent
failed 0 0
1620820236.40925
IsDebuggerPresent
failed 0 0
1620820236.95625
IsDebuggerPresent
failed 0 0
1620820237.40925
IsDebuggerPresent
failed 0 0
1620820237.95625
IsDebuggerPresent
failed 0 0
1620820238.40925
IsDebuggerPresent
failed 0 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620820212.75325
GlobalMemoryStatusEx
success 1 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (50 out of 61 个事件)
Time & API Arguments Status Return Repeated
1620820212.19025
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 786432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00560000
success 0 0
1620820212.19025
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005e0000
success 0 0
1620820212.56525
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 1638400
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01fa0000
success 0 0
1620820212.56525
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x020f0000
success 0 0
1620820212.61225
NtProtectVirtualMemory
process_identifier: 1932
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b91000
success 0 0
1620820212.69025
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 262144
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00590000
success 0 0
1620820212.69025
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00590000
success 0 0
1620820212.69025
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0042a000
success 0 0
1620820212.69025
NtProtectVirtualMemory
process_identifier: 1932
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b92000
success 0 0
1620820212.69025
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00422000
success 0 0
1620820212.90925
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00442000
success 0 0
1620820212.95625
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00565000
success 0 0
1620820212.95625
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0056b000
success 0 0
1620820212.95625
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00567000
success 0 0
1620820213.12825
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00443000
success 0 0
1620820213.23725
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0044c000
success 0 0
1620820213.28425
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00700000
success 0 0
1620820213.28425
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00444000
success 0 0
1620820213.29925
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00701000
success 0 0
1620820213.31525
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00702000
success 0 0
1620820213.31525
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00703000
success 0 0
1620820213.36225
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00704000
success 0 0
1620820213.36225
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00705000
success 0 0
1620820213.89325
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00445000
success 0 0
1620820214.01825
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00706000
success 0 0
1620820214.95625
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00707000
success 0 0
1620820215.48725
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00446000
success 0 0
1620820215.72125
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00447000
success 0 0
1620820215.87825
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00448000
success 0 0
1620820215.92425
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00449000
success 0 0
1620820216.09625
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00708000
success 0 0
1620820216.19025
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01fa0000
success 0 0
1620820216.48725
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01fa1000
success 0 0
1620820219.33125
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01fa2000
success 0 0
1620820252.86225
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00709000
success 0 0
1620820253.15925
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01fa3000
success 0 0
1620820253.20625
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00456000
success 0 0
1620820253.20625
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01fa4000
success 0 0
1620820253.20625
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0044d000
success 0 0
1620820253.22125
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0045a000
success 0 0
1620820253.23725
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00457000
success 0 0
1620820253.28425
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0070a000
success 0 0
1620820253.29925
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01fa5000
success 0 0
1620820253.33125
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0070b000
success 0 0
1620820253.34625
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01fa6000
success 0 0
1620820253.34625
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00591000
success 0 0
1620820253.36225
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00592000
success 0 0
1620820253.36225
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00593000
success 0 0
1620820253.36225
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00594000
success 0 0
1620820253.36225
NtAllocateVirtualMemory
process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00595000
success 0 0
A process attempted to delay the analysis task. (1 个事件)
description 86e098767867b13c91aa0b5c7c37ace3.exe tried to sleep 171 seconds, actually delayed analysis time by 171 seconds
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.890712081849077 section {'size_of_data': '0x000ecc00', 'virtual_address': '0x00002000', 'entropy': 7.890712081849077, 'name': '.text', 'virtual_size': '0x000ecb24'} description A section with a high entropy has been found
entropy 0.9978925184404637 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1620820214.06525
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 50 AntiVirus engines on VirusTotal as malicious (50 个事件)
Elastic malicious (high confidence)
DrWeb Trojan.PackedNET.331
MicroWorld-eScan Gen:Heur.MSILRandomKrypt.2
FireEye Generic.mg.86e098767867b13c
CAT-QuickHeal Trojan.YakbeexMSIL.ZZ4
ALYac Gen:Heur.MSILRandomKrypt.2
Cylance Unsafe
K7AntiVirus Trojan ( 005686581 )
BitDefender Gen:Heur.MSILRandomKrypt.2
K7GW Trojan ( 005686581 )
Cybereason malicious.79ef4a
BitDefenderTheta Gen:NN.ZemsilF.34670.7m0@aOacXJk
Cyren W32/MSIL_Agent.BJM.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:PWSX-gen [Trj]
Kaspersky HEUR:Trojan-PSW.MSIL.Agensla.gen
Alibaba TrojanSpy:MSIL/FormBook.ff8ad256
AegisLab Trojan.MSIL.Agensla.i!c
Ad-Aware Gen:Heur.MSILRandomKrypt.2
Emsisoft Gen:Heur.MSILRandomKrypt.2 (B)
Comodo Malware@#igrzr8bwpk0p
F-Secure Trojan.TR/Kryptik.eexcg
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win32.Generic.dc
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
GData Gen:Heur.MSILRandomKrypt.2
Avira TR/Kryptik.eexcg
MAX malware (ai score=84)
Gridinsoft Trojan.Win32.Downloader.dd!ni
Arcabit Trojan.MSILRandomKrypt.2
ZoneAlarm HEUR:Trojan-PSW.MSIL.Agensla.gen
Microsoft Trojan:MSIL/NanoCore.VN!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Kryptik.R345359
McAfee Fareit-FUQ!86E098767867
VBA32 TScope.Trojan.MSIL
Malwarebytes Spyware.Agent
Panda Trj/GdSda.A
ESET-NOD32 a variant of MSIL/Kryptik.WGM
Tencent Win32.Trojan.Inject.Auto
Yandex Trojan.AvsArher.bUbVUr
Ikarus Trojan.MSIL.Crypt
eGambit Unsafe.AI_Score_99%
Fortinet MSIL/Kryptik.WGM!tr
AVG Win32:PWSX-gen [Trj]
Paloalto generic.ml
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Generic/Trojan.PSW.374
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
dead_host 216.58.200.46:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2082-08-11 14:56:44

Imports

Library mscoree.dll:
0x402000 _CorExeMain

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.