SmartHawk

3.2

中危

55 个模型检测该样本为恶意！

重新分析

下载样本

6f103ac2c04885d0f4e5df31e162676166cfa3f0b316d3ebb8ff1baf6f67a92a

877d133b7f929ca6fd4d743ff9375e7e.exe

分析耗时

100s

最近分析

文件大小

969.0KB

静态报毒动态报毒 100% 8UW@AM9P2POI AI SCORE=83 ATTRIBUTE AVEMARIA BSCOPE CLOUD CONFIDENCE CRYPTINJECT DOWNLOADER33 FAMVT GDSDA GENCIRC GENERICKD GENERICRXAA HIGH CONFIDENCE HIGHCONFIDENCE HKZTVD KRYPTIK MALICIOUS MALWARE@#1FWIWZEE35PE1 MIKEY MMUUX MORTYSTEALER NMBI POCARIMA Q8QS8QFT6DY R345369 SCORE STREAMER UNSAFE URSU YAKES ZEXAF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	Trojan:Win32/Streamer.a81f1a3f	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:Trojan-gen	20200729	18.4.3895.0
Kingsoft		20200729	2013.8.14.323
McAfee	GenericRXAA-AA!877D133B7F92	20200729	6.0.6.653
Tencent	Malware.Win32.Gencirc.10cdd3ca	20200729	1.0.0.1
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 个事件)

Bkav	W32.FamVT.PocariMA.Trojan
MicroWorld-eScan	Trojan.GenericKD.34002685
FireEye	Trojan.GenericKD.34002685
ALYac	Trojan.GenericKD.34002685
Malwarebytes	Backdoor.AveMaria
Zillya	Trojan.Streamer.Win32.126
Sangfor	Malware
K7AntiVirus	Trojan ( 0019d9b81 )
Alibaba	Trojan:Win32/Streamer.a81f1a3f
K7GW	Trojan ( 0019d9b81 )
TrendMicro	Backdoor.Win32.AVEMARIA.AD
BitDefenderTheta	Gen:NN.ZexaF.34138.8uW@am9p2poi
Cyren	W32/Trojan.NMBI-7721
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Trojan-gen
Kaspersky	Trojan.Win32.Streamer.sd
BitDefender	Trojan.GenericKD.34002685
NANO-Antivirus	Trojan.Win32.Mikey.hkztvd
Paloalto	generic.ml
ViRobot	Trojan.Win32.Z.Agent.992256.O
Rising	Trojan.Kryptik!1.C7AC (CLOUD)
Ad-Aware	Trojan.GenericKD.34002685
Emsisoft	Trojan.GenericKD.34002685 (B)
Comodo	Malware@#1fwiwzee35pe1
F-Secure	Trojan.TR/AD.MortyStealer.mmuux
DrWeb	Trojan.DownLoader33.52210
VIPRE	Trojan.Win32.Generic!BT
Invincea	heuristic
Sophos	Mal/Generic-S
Jiangmin	Trojan.Streamer.cx
Webroot	W32.Trojan.Gen
Avira	TR/AD.MortyStealer.mmuux
MAX	malware (ai score=83)
Antiy-AVL	Trojan/Win32.Streamer
Microsoft	Trojan:Win32/CryptInject!MTB
Endgame	malicious (high confidence)
AegisLab	Trojan.Win32.Streamer.4!c
ZoneAlarm	Trojan.Win32.Streamer.sd
GData	Trojan.GenericKD.34002685
Cynet	Malicious (score: 85)
AhnLab-V3	Trojan/Win32.Ursu.R345369
McAfee	GenericRXAA-AA!877D133B7F92
VBA32	BScope.Trojan.Yakes
Cylance	Unsafe
ESET-NOD32	Win32/Agent.TJS
TrendMicro-HouseCall	Backdoor.Win32.AVEMARIA.AD
Tencent	Malware.Win32.Gencirc.10cdd3ca
Yandex	Trojan.Kryptik!Q8qs8QfT6dY
Ikarus	Trojan-Spy.Agent

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)

dead_host	172.217.24.14:443
dead_host	172.217.160.78:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-06-08 09:38:11

Imports

Library KERNEL32.dll:

• 0x47e02c GlobalSize

• 0x47e030 MulDiv

• 0x47e034 GlobalFindAtomW

• 0x47e038 GetLastError

• 0x47e03c InterlockedDecrement

• 0x47e040 MultiByteToWideChar

• 0x47e044 GetLocalTime

• 0x47e048 GetLocaleInfoW

• 0x47e04c GetDateFormatW

• 0x47e050 InterlockedIncrement

• 0x47e054 WritePrivateProfileStringW

• 0x47e058 GetPrivateProfileStringW

• 0x47e05c VirtualAlloc

• 0x47e060 Sleep

• 0x47e064 FreeConsole

• 0x47e068 HeapSize

• 0x47e06c CreateFileW

• 0x47e070 WriteConsoleW

• 0x47e074 GetProcessHeap

• 0x47e078 SetStdHandle

• 0x47e07c GlobalLock

• 0x47e080 SetEnvironmentVariableA

• 0x47e084 FreeEnvironmentStringsW

• 0x47e088 GetEnvironmentStringsW

• 0x47e08c GetOEMCP

• 0x47e090 IsValidCodePage

• 0x47e094 FindNextFileW

• 0x47e098 FindNextFileA

• 0x47e09c FindFirstFileExW

• 0x47e0a0 FindFirstFileExA

• 0x47e0a4 FindClose

• 0x47e0a8 OutputDebugStringW

• 0x47e0ac OutputDebugStringA

• 0x47e0b0 GetTimeZoneInformation

• 0x47e0b4 HeapReAlloc

• 0x47e0b8 SetConsoleCtrlHandler

• 0x47e0bc SetFilePointerEx

• 0x47e0c0 ReadConsoleW

• 0x47e0c4 ReadFile

• 0x47e0c8 GetConsoleMode

• 0x47e0cc GetConsoleCP

• 0x47e0d0 GlobalUnlock

• 0x47e0d4 GlobalAlloc

• 0x47e0d8 lstrcmpW

• 0x47e0dc ResetEvent

• 0x47e0e0 CreateEventW

• 0x47e0e4 CreateThread

• 0x47e0e8 WaitForSingleObject

• 0x47e0ec SetEvent

• 0x47e0f0 CloseHandle

• 0x47e0f4 SetEnvironmentVariableW

• 0x47e0f8 GetSystemTime

• 0x47e0fc FlushFileBuffers

• 0x47e100 GetFileAttributesExW

• 0x47e104 CreateProcessW

• 0x47e108 CreateProcessA

• 0x47e10c GetExitCodeProcess

• 0x47e110 GetCurrentThread

• 0x47e114 GetFileType

• 0x47e118 EnumSystemLocalesW

• 0x47e11c GetUserDefaultLCID

• 0x47e120 IsValidLocale

• 0x47e124 GetTimeFormatW

• 0x47e128 FormatMessageW

• 0x47e12c WideCharToMultiByte

• 0x47e130 EnterCriticalSection

• 0x47e134 LeaveCriticalSection

• 0x47e138 DeleteCriticalSection

• 0x47e13c SetLastError

• 0x47e140 InitializeCriticalSectionAndSpinCount

• 0x47e144 SwitchToThread

• 0x47e148 TlsAlloc

• 0x47e14c TlsGetValue

• 0x47e150 TlsSetValue

• 0x47e154 TlsFree

• 0x47e158 GetSystemTimeAsFileTime

• 0x47e15c GetTickCount

• 0x47e160 GetModuleHandleW

• 0x47e164 GetProcAddress

• 0x47e168 EncodePointer

• 0x47e16c DecodePointer

• 0x47e170 CompareStringW

• 0x47e174 LCMapStringW

• 0x47e178 GetStringTypeW

• 0x47e17c GetCPInfo

• 0x47e180 UnhandledExceptionFilter

• 0x47e184 SetUnhandledExceptionFilter

• 0x47e188 GetCurrentProcess

• 0x47e18c TerminateProcess

• 0x47e190 IsProcessorFeaturePresent

• 0x47e194 QueryPerformanceCounter

• 0x47e198 GetCurrentProcessId

• 0x47e19c GetCurrentThreadId

• 0x47e1a0 InitializeSListHead

• 0x47e1a4 IsDebuggerPresent

• 0x47e1a8 GetStartupInfoW

• 0x47e1ac RtlUnwind

• 0x47e1b0 RaiseException

• 0x47e1b4 InterlockedPushEntrySList

• 0x47e1b8 InterlockedFlushSList

• 0x47e1bc FreeLibrary

• 0x47e1c0 LoadLibraryExW

• 0x47e1c4 GetStdHandle

• 0x47e1c8 WriteFile

• 0x47e1cc GetModuleFileNameW

• 0x47e1d0 GetModuleFileNameA

• 0x47e1d4 ExitProcess

• 0x47e1d8 GetModuleHandleExW

• 0x47e1dc GetCommandLineA

• 0x47e1e0 GetCommandLineW

• 0x47e1e4 GetACP

• 0x47e1e8 HeapAlloc

• 0x47e1ec HeapFree

• 0x47e1f0 SetEndOfFile

Library USER32.dll:

• 0x47e20c GetMessageW

• 0x47e210 TranslateAcceleratorW

• 0x47e214 SetWindowPlacement

• 0x47e218 SetForegroundWindow

• 0x47e21c RegisterClassExW

• 0x47e220 DialogBoxParamW

• 0x47e224 SystemParametersInfoW

• 0x47e228 MessageBeep

• 0x47e22c CreateWindowExW

• 0x47e230 CheckMenuRadioItem

• 0x47e234 FillRect

• 0x47e238 UnregisterClassA

• 0x47e23c LoadImageW

• 0x47e240 GetWindowPlacement

• 0x47e244 ShowWindow

• 0x47e248 UpdateWindow

• 0x47e24c CheckRadioButton

• 0x47e250 GetMenu

• 0x47e254 SetPropW

• 0x47e258 EnumChildWindows

• 0x47e25c GetSystemMetrics

• 0x47e260 GetDC

• 0x47e264 ReleaseDC

• 0x47e268 DrawTextW

Library GDI32.dll:

• 0x47e008 CreateCompatibleDC

• 0x47e00c CreateFontIndirectW

• 0x47e010 GetTextExtentPointW

• 0x47e014 DeleteDC

• 0x47e018 DeleteObject

• 0x47e01c CreateDIBSection

• 0x47e020 EqualRgn

• 0x47e024 GetDeviceCaps

Library COMCTL32.dll:

• 0x47e000 ImageList_LoadImageW

Library RPCRT4.dll:

• 0x47e1f8 UuidCreate

• 0x47e1fc UuidToStringW

• 0x47e200 RpcStringFreeW

• 0x47e204 I_UuidCreate

Library VERSION.dll:

• 0x47e270 GetFileVersionInfoSizeExW

• 0x47e274 VerQueryValueW

• 0x47e278 GetFileVersionInfoExW

Library WINMM.dll:

• 0x47e280 timeGetTime

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
clients2.google.com	A 172.217.160.78 CNAME clients.l.google.com	172.217.160.78
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	51808	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	60215	114.114.114.114	53
192.168.56.101	60384	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49713	224.0.0.252	5355
192.168.56.101	51378	224.0.0.252	5355
192.168.56.101	53237	224.0.0.252	5355
192.168.56.101	56539	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	58367	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62318	224.0.0.252	5355
192.168.56.101	65004	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	51379	239.255.255.250	3702
192.168.56.101	55369	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.