SmartHawk

3.8

中危

42 个模型检测该样本为恶意！

重新分析

下载样本

eda591114149a0329864b4d6d1c2f97a87c9946b0a95e3c84237660c653a6173

88c072d8e6a579c5b2b0352f00195f05.exe

分析耗时

84s

最近分析

文件大小

759.5KB

静态报毒动态报毒 AI SCORE=87 ATTRIBUTE BEHAV CONFIDENCE GEN2 GENCIRC GENERIC@ML GENERICRXKL HIGH CONFIDENCE HIGHCONFIDENCE KIXQZ6HB0ALLOSGO5VD65Q MALICIOUS PE MODERATE MULTIPLUG OCCAMY POSSIBLETHREAT R002C0RDE20 RDMK SCORE UASE UNSAFE VYW@AK7WZHMK WACATAC WZHMK 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	GenericRXKL-HQ!88C072D8E6A5	20200528	6.0.6.653
Alibaba	Trojan:Application/Generic.a1052228	20190527	0.3.0.5
CrowdStrike	win/malicious_confidence_60% (W)	20190702	1.0
Baidu		20190318	1.0.0.2
Avast	Win32:Malware-gen	20200528	18.4.3895.0
Tencent	Malware.Win32.Gencirc.114b402d	20200528	1.0.0.1
Kingsoft		20200528	2013.8.14.323

Checks if process is being debugged by a debugger (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620965976.351125 IsDebuggerPresent		failed	0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.shell

A process attempted to delay the analysis task. (1 个事件)

description

88c072d8e6a579c5b2b0352f00195f05.exe tried to sleep 189 seconds, actually delayed analysis time by 189 seconds

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620965976.304125 LookupPrivilegeValueW	system_name: privilege_name: SeDebugPrivilege	success	1	0

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Generates some ICMP traffic

File has been identified by 42 AntiVirus engines on VirusTotal as malicious (42 个事件)

MicroWorld-eScan	Gen:Trojan.Heur.JP.VyW@aK7Wzhmk
CAT-QuickHeal	Trojan.Wacatac
McAfee	GenericRXKL-HQ!88C072D8E6A5
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	Trojan:Application/Generic.a1052228
K7GW	Riskware ( 0040eff71 )
CrowdStrike	win/malicious_confidence_60% (W)
Arcabit	Trojan.Heur.JP.E1ED88
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Malware-gen
BitDefender	Gen:Trojan.Heur.JP.VyW@aK7Wzhmk
Paloalto	generic.ml
Tencent	Malware.Win32.Gencirc.114b402d
Ad-Aware	Gen:Trojan.Heur.JP.VyW@aK7Wzhmk
Sophos	Mal/Behav-010
F-Secure	Trojan.TR/Downloader.Gen2
TrendMicro	TROJ_GEN.R002C0RDE20
McAfee-GW-Edition	BehavesLike.Win32.MultiPlug.bt
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.88c072d8e6a579c5
Emsisoft	Gen:Trojan.Heur.JP.VyW@aK7Wzhmk (B)
SentinelOne	DFI - Malicious PE
Cyren	W32/Trojan.UASE-1708
Avira	TR/Downloader.Gen2
MAX	malware (ai score=87)
Antiy-AVL	Trojan/Win32.Wacatac
Microsoft	Trojan:Win32/Occamy.C
Endgame	malicious (high confidence)
AegisLab	Trojan.Win32.Wzhmk.4!c
GData	Gen:Trojan.Heur.JP.VyW@aK7Wzhmk
AhnLab-V3	Malware/Win32.Generic.C4009886
TrendMicro-HouseCall	TROJ_GEN.R002C0RDE20
Rising	Trojan.Generic@ML.99 (RDMK:kixQz6hB0aLlOSgO5Vd65Q)
Ikarus	Trojan-Downloader
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/PossibleThreat
BitDefenderTheta	AI:Packer.FD54AC4C1F
AVG	Win32:Malware-gen
Cybereason	malicious.8e6a57

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-04-07 00:15:35

Imports

Library KERNEL32.dll:

• 0x45401c WideCharToMultiByte

• 0x454020 VirtualFreeEx

• 0x454024 Sleep

• 0x454028 ReadProcessMemory

• 0x45402c VirtualAlloc

• 0x454030 VirtualAllocEx

• 0x454034 GetSystemInfo

• 0x454038 CloseHandle

• 0x45403c WriteProcessMemory

• 0x454040 SuspendThread

• 0x454044 ResumeThread

• 0x454048 CreateThread

• 0x45404c ExitProcess

• 0x454050 CreateFileA

• 0x454054 lstrcmpA

• 0x454058 FreeLibrary

• 0x45405c WaitNamedPipeA

• 0x454060 GetCurrentProcess

• 0x454064 Process32First

• 0x454068 GlobalLock

• 0x45406c GetCurrentThread

• 0x454070 GetSystemTimeAsFileTime

• 0x454074 WriteFile

• 0x454078 OpenProcess

• 0x45407c GlobalAlloc

• 0x454080 GetPrivateProfileIntA

• 0x454084 K32GetModuleFileNameExA

• 0x454088 TerminateThread

• 0x45408c GetFileAttributesA

• 0x454090 Beep

• 0x454094 CreateProcessA

• 0x454098 TerminateProcess

• 0x45409c ReadFile

• 0x4540a0 GlobalUnlock

• 0x4540a4 GetLastError

• 0x4540a8 SetLastError

• 0x4540ac GetProcAddress

• 0x4540b0 GetPrivateProfileStringA

• 0x4540b4 GetLocalTime

• 0x4540b8 LoadLibraryA

• 0x4540bc OpenThread

• 0x4540c0 Process32Next

• 0x4540c4 WritePrivateProfileStringA

• 0x4540c8 GetModuleFileNameA

• 0x4540cc CreateRemoteThread

• 0x4540d0 CreateMutexA

• 0x4540d4 CreateToolhelp32Snapshot

• 0x4540d8 DeviceIoControl

• 0x4540dc GetVersionExA

• 0x4540e0 SetEndOfFile

• 0x4540e4 CreateFileW

• 0x4540e8 WriteConsoleW

• 0x4540ec SetStdHandle

• 0x4540f0 ReadConsoleW

• 0x4540f4 OutputDebugStringW

• 0x4540f8 GetTimeZoneInformation

• 0x4540fc FreeEnvironmentStringsW

• 0x454100 GetEnvironmentStringsW

• 0x454104 GetCurrentProcessId

• 0x454108 QueryPerformanceCounter

• 0x45410c LoadLibraryExW

• 0x454110 SetConsoleCtrlHandler

• 0x454114 GetOEMCP

• 0x454118 GetACP

• 0x45411c IsValidCodePage

• 0x454120 GetCurrentThreadId

• 0x454124 GetConsoleMode

• 0x454128 GetConsoleCP

• 0x45412c FlushFileBuffers

• 0x454130 SetFilePointerEx

• 0x454134 GetModuleFileNameW

• 0x454138 GetProcessHeap

• 0x45413c GetFileType

• 0x454140 GetStdHandle

• 0x454144 IsDebuggerPresent

• 0x454148 HeapSize

• 0x45414c EnumSystemLocalesW

• 0x454150 GetUserDefaultLCID

• 0x454154 IsValidLocale

• 0x454158 GetLocaleInfoW

• 0x45415c SetEnvironmentVariableA

• 0x454160 LCMapStringW

• 0x454164 CompareStringW

• 0x454168 GetTimeFormatW

• 0x45416c GetDateFormatW

• 0x454170 CreateSemaphoreW

• 0x454174 GetModuleHandleW

• 0x454178 GetStartupInfoW

• 0x45417c GetTickCount

• 0x454180 VirtualFree

• 0x454184 WaitForSingleObject

• 0x454188 VirtualQuery

• 0x45418c SetThreadContext

• 0x454190 GetModuleHandleA

• 0x454194 GetThreadContext

• 0x454198 TlsFree

• 0x45419c TlsSetValue

• 0x4541a0 TlsGetValue

• 0x4541a4 TlsAlloc

• 0x4541a8 CreateEventW

• 0x4541ac InitializeCriticalSectionAndSpinCount

• 0x4541b0 SetUnhandledExceptionFilter

• 0x4541b4 UnhandledExceptionFilter

• 0x4541b8 IsProcessorFeaturePresent

• 0x4541bc GetCPInfo

• 0x4541c0 EncodePointer

• 0x4541c4 DecodePointer

• 0x4541c8 EnterCriticalSection

• 0x4541cc LeaveCriticalSection

• 0x4541d0 DeleteCriticalSection

• 0x4541d4 MultiByteToWideChar

• 0x4541d8 GetStringTypeW

• 0x4541dc HeapFree

• 0x4541e0 HeapAlloc

• 0x4541e4 HeapReAlloc

• 0x4541e8 GetModuleHandleExW

• 0x4541ec AreFileApisANSI

• 0x4541f0 GetCommandLineA

• 0x4541f4 RaiseException

• 0x4541f8 FatalAppExitA

Library USER32.dll:

• 0x454200 GetDC

• 0x454204 MoveWindow

• 0x454208 GetWindowThreadProcessId

• 0x45420c mouse_event

• 0x454210 FindWindowA

• 0x454214 SetClipboardData

• 0x454218 SetWindowTextA

• 0x45421c MessageBoxW

• 0x454220 OpenClipboard

• 0x454224 DispatchMessageA

• 0x454228 keybd_event

• 0x45422c GetMessageA

• 0x454230 CloseClipboard

• 0x454234 GetClassNameA

• 0x454238 ScreenToClient

• 0x45423c GetWindowRect

• 0x454240 CreateDialogParamA

• 0x454244 PostQuitMessage

• 0x454248 SetForegroundWindow

• 0x45424c LoadIconA

• 0x454250 wsprintfA

• 0x454254 SetFocus

• 0x454258 SendMessageA

• 0x45425c SetActiveWindow

• 0x454260 IsDialogMessageA

• 0x454264 TranslateMessage

• 0x454268 GetForegroundWindow

• 0x45426c SetWindowLongA

• 0x454270 MessageBoxA

• 0x454274 SetCursorPos

• 0x454278 BringWindowToTop

• 0x45427c GetWindowLongA

• 0x454280 ReleaseDC

• 0x454284 EmptyClipboard

• 0x454288 GetDlgItem

• 0x45428c EndDialog

• 0x454290 ShowWindow

• 0x454294 IsWindow

Library GDI32.dll:

• 0x454014 GetPixel

Library ADVAPI32.dll:

• 0x454000 LookupPrivilegeValueA

• 0x454004 OpenThreadToken

• 0x454008 OpenProcessToken

• 0x45400c AdjustTokenPrivileges

Library WININET.dll:

• 0x45429c InternetOpenUrlA

• 0x4542a0 InternetQueryDataAvailable

• 0x4542a4 InternetReadFile

• 0x4542a8 InternetOpenA

• 0x4542ac InternetCloseHandle

Library ntdll.dll:

• 0x4542b4 NtQueryInformationProcess

• 0x4542b8 RtlUnwind

• 0x4542bc NtQuerySystemInformation

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50002	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	57756	114.114.114.114	53
192.168.56.101	57874	114.114.114.114	53
192.168.56.101	62318	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	53237	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	58367	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	65004	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50003	239.255.255.250	3702
192.168.56.101	58368	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.