SmartHawk

0.9

低危

60 个模型检测该样本为恶意！

重新分析

下载样本

1c2cda7763f5064a67992a59b2887083cf4dedd2f44e092444eab343209e7e38

1c2cda7763f5064a67992a59b2887083cf4dedd2f44e092444eab343209e7e38.exe

分析耗时

194s

最近分析

364天前

文件大小

6.8KB

静态报毒动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN WORM DEBRIS

DACN 0.12

FACILE 1.00

IMCLNet 0.49

MFGraph 0.00

引擎	描述	特征	威胁分数	可能家族	检测耗时
DACN	基于动态分析和胶囊网络的可视化恶意软件检测	API调用、DLL以及注册表的修改情况	0.12	Unknown	0.06s
FACILE	利用改进的层次胶囊网络对二进制恶意软件图像进行识别分类	二进制图像映射为的灰度图像	1.00	Unknown	0.03s
IMCLNet	轻量化深度卷积网络模型实现恶意软件家族检测	原始二进制映射而成的可视化图像	0.49	Unknown	0.19s
MFGraph	利用静态特征构建图网络以检测恶意软件	原始二进制PE文件的静态特征节点	0.00	Unknown	0.00s

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	None	20190527	0.3.0.5
Avast	Win32:Debris-A [Wrm]	20190915	18.4.3895.0
Baidu	Win32.Worm.Bundpil.an	20190318	1.0.0.2
CrowdStrike	win/malicious_confidence_100% (D)	20190702	1.0
Kingsoft	None	20190915	2013.8.14.323
McAfee	W32/Worm-FKH!8C04248B76BB	20190915	6.0.6.653
Tencent	Worm.Win32.Debris.a	20190915	1.0.0.1

与未执行 DNS 查询的主机进行通信 (1 个事件)

host

114.114.114.114

文件已被 VirusTotal 上 60 个反病毒引擎识别为恶意 (50 out of 60 个事件)

APEX	Malicious
AVG	Win32:Debris-A [Wrm]
Acronis	suspicious
Ad-Aware	Gen:Variant.Barys.60646
AhnLab-V3	Worm/Win32.Debris.R68969
Antiy-AVL	Worm/Win32.Debris
Arcabit	Trojan.Barys.DECE6
Avast	Win32:Debris-A [Wrm]
Avira	WORM/Debris.J.1
Baidu	Win32.Worm.Bundpil.an
BitDefender	Gen:Variant.Barys.60646
Bkav	W32.FamVT.DebrisA.Worm
CAT-QuickHeal	Trojan.Agent.WL
CMC	Worm.Win32.Debris!O
ClamAV	Win.Adware.Downware-493
Comodo	Worm.Win32.Bundpil.AH@4yjufs
CrowdStrike	win/malicious_confidence_100% (D)
Cylance	Unsafe
Cyren	W32/Csyr.B.gen!Eldorado
DrWeb	Worm.Siggen.12242
ESET-NOD32	Win32/Bundpil.AH
Emsisoft	Gen:Variant.Barys.60646 (B)
Endgame	malicious (high confidence)
F-Prot	W32/Csyr.B.gen!Eldorado
F-Secure	Worm.WORM/Debris.J.1
FireEye	Generic.mg.8c04248b76bbc7b8
Fortinet	W32/Agent.AF!worm
GData	Gen:Variant.Barys.60646
Ikarus	Worm.Win32.Debris
Invincea	heuristic
Jiangmin	Worm/Debris.a
K7AntiVirus	Trojan ( 0040f7ba1 )
K7GW	Trojan ( 0040f7ba1 )
Kaspersky	Worm.Win32.Debris.h
Lionic	Worm.Win32.Debris.mrO7
MAX	malware (ai score=87)
Malwarebytes	Worm.Gamarue
McAfee	W32/Worm-FKH!8C04248B76BB
McAfee-GW-Edition	BehavesLike.Win32.Worm.xz
MicroWorld-eScan	Gen:Variant.Barys.60646
Microsoft	Worm:Win32/Gamarue.T
NANO-Antivirus	Trojan.Win32.Debris.cssocy
Paloalto	generic.ml
Panda	W32/Autorun.KAB.worm
Qihoo-360	Worm.Win32.Debris.D
Rising	Worm.Gamarue!1.9CB3 (CLASSIC)
SUPERAntiSpyware	Worm.Gamarue
SentinelOne	DFI - Malicious PE
Sophos	Troj/Agent-ACCV
Symantec	Downloader

288x288

224x224

192x192

160x160

128x128

96x96

64x64

32x32

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2013-05-23 19:25:12

PE Imphash

76812f441b0ed9d3cc0748af25d689a3

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x000001fe	0x00000200	5.649377364946391
.rdata	0x00002000	0x000001a7	0x00000200	3.5430645774958878
.data	0x00003000	0x00000248	0x00000400	0.15769643238445855
.reloc	0x00004000	0x00000080	0x00000200	3.4075315180578754

Imports

Library KERNEL32.dll:

• 0x10002000 ReadFile

• 0x10002004 CreateFileW

• 0x10002008 GetProcAddress

• 0x1000200c VirtualAlloc

• 0x10002010 LoadLibraryW

Library MSVCRT.dll:

• 0x10002018 free

• 0x1000201c _initterm

• 0x10002020 malloc

• 0x10002024 _adjust_fdiv

Exports

Ordinal	Address	Name
1	0x1000114e	rundll32

L!This program cannot be run in DOS mode.
`.rdata
@.data
.reloc
YY=u9@2
u7WPSt
u&WVSu
3WWhT 
t?Wh02
N39=02
0F;502
ShellExecuteW
LoadLibraryW
ReadFile
CreateFileW
GetProcAddress
VirtualAlloc
KERNEL32.dll
_initterm
malloc
_adjust_fdiv
MSVCRT.dll
tristar.dll
rundll32
0#00080F0K0P0U0`0m0w000000.1J1Q1V1\1c1n1s111111111111
GNGNDAGPNNGAIXIPPDGXDNANANGANIGIDPXPNNAADGDIDPXNINGAXGIXXIINPAADXDIIPPAGGDDXXXNPANDADDXXXPINNNGADDXIINPAAADGXXIIDNXAPGNNANGGDDDPINPGNNGGGGIXDPXPIGINAAGAXXPPIPPAAGXGXXIIGPDPIAIPANAADDIPIIPNNXXXIXNPIAPDNDGXXXIXPPAGGDDXXIPINNAAPXNXGIDXIIPPNNDDDDDIXPNNGADDPNNAAGDDIIIINNIIIIINPAGGXDIIPDADGPGXIIIIANDDGDDIIPNPANGGDIXIINPDIIIINNIIIIINPAGGXDIIPNNANGGAIGXXPIIAPGNDGGDDXXIIGDDXXIINAADGXXDXXIIPNNGGGGXXNAAGGXDGIDIXNPPANDAXDDXXIXNNDXXIIPNAGDDDXXPNNNAGGDXXPINPIPPAPAADIXIINNNDGXGIXXIIPPNNXIIPPNNGDDIXPPNNNGGDDDPXNPANADDXXIIDXXIINPAAADGXXXPIAPGAGXDIIPPNANGGDDINNAADGNXGXDPIPNNGADDXXXPINNNGGGGDDGPXIINPNAGGGXXIPPPPGGXXIPINNPDNGGXDXIIPPNAADDDDIINAGGGXDDDXIXPPAGAGDDXDPXNNAAAXDIDPIIPPNNGAIPPNNAGDXXPINNAGADDXXXNIANGANANAADGIIIPIANGGDXDIIXNINPGAAXGIXPIIAIANGADIIIIPPGGGDDIXPNNGADDAGADDXXIAPGADGXIXIXPIGGDDDIXNGADADDIPINPAAGIGIXPINANAGGDXIPPPNNPNPANGGDIDIIPPPANGGGDDPINIGNNGGDDXXINPGPDGDDDIXPPAXAXDIXIPPNNAAGIDIXPIIIPNPAAGIGPXNPPNPAAGGXPININPNDGXDPXPAPGNDGXXXIIPNAXAXDIXIAPGNDGAAADGXXNNNGGDDINIAPANAXDIXPIPGNGAXGIIIIPNNGXGIDPIPGNDNXDXPXNINPPNNGADDXPXNIANAXGIDPIPAPGNGADXXIIPPGDGXGIDPPPNNGGXIXNXNPAGADDXXIIIIINPGGGXDIIINPGNDGDXDXIIPNGNGGDDDIIPPNNGDGDDIXIIPNPGNADGIGPIXIIPPNNNDGXDPXPPPPNAGDIDPXNPAGGDDXXIAIANGAGDXXXIIPGNGAXGXXIIINPIAIANGAGDXXXIIPGNGAXGIXIIINNGXDPDNPPNNGGGDDPXNIANAGGDDXXPGNGAXGADGXXIIPANGGDDXIIPPNNDIDIXNINNAGADDXPXNIANGGGDDXIPGNDAXDDIIPPPNNDGXGPXXIIPPNNAXGIDPIIPPNNGAXIXPXNINGAXGIXINIAPGADXDXIIPNDNDGXDXNPAPDANGAGGDDXIIPPNNAXGXDIXPPNNNGGXPINIGNAGGXDXIINPGPDGDXDIIPPAXGXDIXXXXPINNADGDDIXIAPGNDGIIINPAANNNGNGGIXINPNAIPXPPNNGXXIIPPDXXIINPNDAXDIXGXGPDDDNNNGGDDXPINPANXIXIXIPDIXPIAPADAIDIIXPIAPGADXDIIPPIPPNNGADXXXXNPGGGXDIPPPPNNAGXIIPPNNADDDDXIXNPANDAXXXIINPGGGXDIIPNINPNAXNPANDAXXXIINPAAADGXXPPPANGGDPDPINPAGGGDDXXNIAPDADXXXXPPIPPAPGAIPXPIPNADDDDIIIPNANDAXPXPIAPGDDXDIIPGNDNXDXIXPPNNNDGXDIXPNNAADGADGIDPIPPPNNAGGIGPXNPNGGGGDXXNINPGNDXXXXPINGAXAIXIIINPAAAXGIXPIIPIPIPNGDDDDPIPPPNNGGGXDPXNPAGADDXXIAPANAAGIXPINPGDGXGIDPNNGNGGGDDXXIINAGGGDDINNANDGIIIIPNNADAIGPIPNNANGDDPDPINPADDDDXXIANGNXGDDGXDIINNNGGDDXIXIPPNNDNXGIXINNNNGGDIDIXNIAGGDGXXINPGPDGDIXPIPPPNNAADGIIIPPANDXDIXPPNNAGGDDXIXPPNNAGGGDDXXNIAPDADXXXXPPNGNDAXDDXDIIPPADGDDXXIPNNNGADDDXXPINNNNAGDDIDNXANADGDDXIIAIANGADIIIIPPPPNNNGGDXXIXPNPGNDGXDIPINNAAGXDIDIXPAAGADGININPGNGXDIXPPNDAXGIXINPANAAXIXPXNIAGGXGXXPGPGNDGXPIPPNNAXDIDPIPAAGADGININPGNDXXIXPPNDAXGIXXIXIIPPGGGDDIXPPPPNAGGXGPDNPNGAGGDXXNXNPANGXXXXIIPGADAIDIPPNPANAGGDDXXPNNAAGGXPPNNGAIIIIPNNADAIGPIPNNANGDDPDPINPADDDDXXIANGNXGDDGXDIINNNGGDDXIXIPPNNDNXGIXINNNNGGDIDIXNIAGGDGXXINPGPDGDIXPIPPPNNAADGIIIPPANDXDIXPPNNAGGDDXIXPPNNAGGGDDXXNIAPDADXXXXPPNGNDAXDDXDIIPPADGDDXXIPNNNGADDDXXPINNNNAGDDIDNXANADGDDXIIAIANGADIIIIPPPAPGNDGDXXPXPPAXAXDIXPANAAGGDPINIGNGDDXDIXNGNDAXDIPPNPAAGIDPXNPNGGDGDDPNPGPGNDXXPXPPAXAXDIXPANAAGGDPINIGNGDDXDIXNGNDAXDIPPNPAAGIDPXNPNXNXDGAINPAAGGDXXIIPPNDADGIDPPPNNGGDIDPXNPAGADDXXIAIANGADXXIIPPIPPNNGGGDDIXPPNGNGGDDGIDPINPDXIIIPPNAAGDXXIPPNPGNNGAXDIIADGXXIIIPIPIPNGDDXDPXXPINNGGIPPANGGGXDIIPPNGNGGDDGIXPINPXXIIINPAAADDXIDXDIIPPNANGGDDPAAGGXDXIIPPANGDGXDIIXPIAPGAIPPNNAAGDDXIIPPAAGAXGGGDXDIIPNNANDGDIXIIPNADGXGXDPPNNNGAXIXPXNIGAGDGXXPNPGPGAXXXIIPPIPPNNGADDDXXPIGDDXDPIPNNANGDXPXNINPGGDDDXXPANGNDAIXIIINPGDGIGIXNPNANGGGXDIDIXNNAAADGIPINIAPDGDXDIINGNDNDGIIIPPNNGXDIDIXNNAAADGIPINIAPNNNGGDDXNXNPANGDDXXIIPGNGAXGIIIPPANGXGIDPINNNGGDDXNXNPANGDDXXIIIIIPPANPPPNNGGIPIAPGAXPPNNGADXXIINPAGGDGIXPPPANGGAGGDDXXNAAGGXDXXXPINANGADDXXIAIANGAGXXIIPPPGNDAIDIIIPIAPDXDPDPINGADDXXPNNAAGGXXXXIPP
shell32.dll
desktop.ini

Hosts

IP
114.114.114.114

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	53179	224.0.0.252	5355
192.168.56.101	49642	224.0.0.252	5355
192.168.56.101	137	192.168.56.255	137
192.168.56.101	61714	114.114.114.114	53
192.168.56.101	56933	114.114.114.114	53
192.168.56.101	138	192.168.56.255	138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.