2.6
中危
56 个模型检测该样本为恶意!
重新分析
更多

661a64ee7db2b0ddbcfc619258bdd2c06ab206b7efb4280d1efb5206eaa4701c

8cd52d0030f16f10a358f51460ed6b07.exe

分析耗时

81s

最近分析

文件大小

46.5KB
静态报毒 动态报毒 AI SCORE=100 ANTIVM ASYNCRAT BANKERX CICP CLASSIC CM0@AGAVUXL COINMINER CRYSAN DOWNLOADER31 EFBH ELDORADO FCQR GDSDA GTKVBL HIGH CONFIDENCE MALICIOUS PE MALWARE@#2L5X38GPBS9Q9 MSILFC NYANWORM RAZY S17036755 SCORE STATIC AI SUBTIRAT SUSGEN TSCOPE UNSAFE XORYZ ZEMSILF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
CrowdStrike 20190702 1.0
Avast Win32:BankerX-gen [Trj] 20201229 21.1.5827.0
Alibaba Backdoor:MSIL/Crysan.64138e27 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Kingsoft 20201229 2017.9.26.565
McAfee PWS-FCQR!8CD52D0030F1 20201229 6.0.6.653
Tencent Msil.Backdoor.Crysan.Efbh 20201229 1.0.0.1
静态指标
Checks if process is being debugged by a debugger (2 个事件)
Time & API Arguments Status Return Repeated
1619686132.41196
IsDebuggerPresent
failed 0 0
1619686132.41196
IsDebuggerPresent
failed 0 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619686132.47396
GlobalMemoryStatusEx
success 1 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (47 个事件)
Time & API Arguments Status Return Repeated
1619686131.36496
NtAllocateVirtualMemory
process_identifier: 340
region_size: 589824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x0000000000410000
success 0 0
1619686131.36496
NtAllocateVirtualMemory
process_identifier: 340
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000000420000
success 0 0
1619686131.97396
NtAllocateVirtualMemory
process_identifier: 340
region_size: 2097152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x0000000002190000
success 0 0
1619686131.97396
NtAllocateVirtualMemory
process_identifier: 340
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000002310000
success 0 0
1619686132.09896
NtProtectVirtualMemory
process_identifier: 340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
base_address: 0x000007fef1ae1000
success 0 0
1619686132.09896
NtProtectVirtualMemory
process_identifier: 340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
base_address: 0x000007fef1ae1000
success 0 0
1619686132.11496
NtProtectVirtualMemory
process_identifier: 340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
base_address: 0x000007fef2160000
success 0 0
1619686132.39596
NtAllocateVirtualMemory
process_identifier: 340
region_size: 1441792
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x0000000002190000
success 0 0
1619686132.39596
NtAllocateVirtualMemory
process_identifier: 340
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000002270000
success 0 0
1619686132.42796
NtProtectVirtualMemory
process_identifier: 340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
base_address: 0x000007fef1ae2000
success 0 0
1619686132.44296
NtProtectVirtualMemory
process_identifier: 340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
base_address: 0x000007fef1ae2000
success 0 0
1619686132.44296
NtProtectVirtualMemory
process_identifier: 340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
base_address: 0x000007fef1ae2000
success 0 0
1619686132.44296
NtProtectVirtualMemory
process_identifier: 340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
base_address: 0x000007fef1ae2000
success 0 0
1619686132.44296
NtProtectVirtualMemory
process_identifier: 340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
base_address: 0x000007fef1ae2000
success 0 0
1619686132.44296
NtProtectVirtualMemory
process_identifier: 340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
base_address: 0x000007fef1ae3000
success 0 0
1619686132.44296
NtProtectVirtualMemory
process_identifier: 340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
base_address: 0x000007fef1ae3000
success 0 0
1619686132.44296
NtProtectVirtualMemory
process_identifier: 340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
base_address: 0x000007fef1ae3000
success 0 0
1619686132.44296
NtProtectVirtualMemory
process_identifier: 340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
base_address: 0x000007fef1ae3000
success 0 0
1619686132.44296
NtProtectVirtualMemory
process_identifier: 340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
base_address: 0x000007fef1ae3000
success 0 0
1619686132.44296
NtProtectVirtualMemory
process_identifier: 340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
base_address: 0x000007fef1ae3000
success 0 0
1619686132.44296
NtProtectVirtualMemory
process_identifier: 340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
base_address: 0x000007fef1ae3000
success 0 0
1619686132.44296
NtProtectVirtualMemory
process_identifier: 340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
base_address: 0x000007fef1ae1000
success 0 0
1619686132.44296
NtProtectVirtualMemory
process_identifier: 340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
base_address: 0x000007fef1ae2000
success 0 0
1619686132.44296
NtProtectVirtualMemory
process_identifier: 340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
base_address: 0x000007fef1ae2000
success 0 0
1619686132.45896
NtProtectVirtualMemory
process_identifier: 340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
base_address: 0x000007fef1ae2000
success 0 0
1619686132.45896
NtProtectVirtualMemory
process_identifier: 340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
base_address: 0x000007fef1ae2000
success 0 0
1619686132.45896
NtProtectVirtualMemory
process_identifier: 340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
base_address: 0x000007fef1ae2000
success 0 0
1619686132.80296
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000007ff00052000
success 0 0
1619686132.83396
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000007ff00042000
success 0 0
1619686132.91196
NtAllocateVirtualMemory
process_identifier: 340
region_size: 655360
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
base_address: 0x000007fffff00000
success 0 0
1619686132.91196
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000007fffff00000
success 0 0
1619686132.91196
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000007fffff00000
success 0 0
1619686132.91196
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000007fffff10000
success 0 0
1619686132.91196
NtAllocateVirtualMemory
process_identifier: 340
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
base_address: 0x000007ffffef0000
success 0 0
1619686132.91196
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000007ffffef0000
success 0 0
1619686132.92796
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000007ff0004a000
success 0 0
1619686132.95896
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000007ff00053000
success 0 0
1619686132.97396
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000007ff000fc000
success 0 0
1619686132.97396
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000007ff00126000
success 0 0
1619686132.97396
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000007ff00100000
success 0 0
1619686133.23996
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000007ff00054000
success 0 0
1619686133.28696
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000007ff0004b000
success 0 0
1619686133.28696
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000007ff0005c000
success 0 0
1619686133.53696
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000007ff00170000
success 0 0
1619686138.61496
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000007ff00055000
success 0 0
1619686139.73996
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000007ff0006b000
success 0 0
1619686139.75596
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000007ff00056000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)
Elastic malicious (high confidence)
DrWeb Trojan.DownLoader31.47047
MicroWorld-eScan Gen:Variant.Razy.583888
FireEye Generic.mg.8cd52d0030f16f10
CAT-QuickHeal Backdoor.MsilFC.S17036755
ALYac Gen:Variant.Razy.583888
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
AegisLab Trojan.MSIL.Crysan.m!c
K7AntiVirus Trojan ( 005614241 )
BitDefender Gen:Variant.Razy.583888
K7GW Trojan ( 005614241 )
BitDefenderTheta Gen:NN.ZemsilF.34700.cm0@aGavuXl
Cyren W32/MSIL_Agent.KX.gen!Eldorado
Symantec Trojan Horse
ESET-NOD32 a variant of MSIL/Agent.CFQ
APEX Malicious
Avast Win32:BankerX-gen [Trj]
ClamAV Win.Packed.Razy-7486442-0
Kaspersky HEUR:Backdoor.MSIL.Crysan.gen
Alibaba Backdoor:MSIL/Crysan.64138e27
NANO-Antivirus Trojan.Win32.Razy.gtkvbl
Rising Trojan.AntiVM!1.CF63 (CLASSIC)
Ad-Aware Gen:Variant.Razy.583888
Sophos Mal/Generic-S
Comodo Malware@#2l5x38gpbs9q9
F-Secure Trojan.TR/AD.SubtiRAT.xoryz
TrendMicro Coinminer.MSIL.CRYSAN.SM
McAfee-GW-Edition PWS-FCQR!8CD52D0030F1
Emsisoft Gen:Variant.Razy.583888 (B)
Ikarus Trojan.MSIL.Agent
GData Gen:Variant.Razy.583888
Jiangmin Backdoor.MSIL.cicp
Avira TR/AD.SubtiRAT.xoryz
MAX malware (ai score=100)
Antiy-AVL Trojan[Backdoor]/MSIL.Crysan
Arcabit Trojan.Razy.D8E8D0
SUPERAntiSpyware Backdoor.NyanWorm/Variant
ZoneAlarm HEUR:Backdoor.MSIL.Crysan.gen
Microsoft Trojan:MSIL/CoinMiner
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.AsyncRAT.C3502839
McAfee PWS-FCQR!8CD52D0030F1
VBA32 TScope.Trojan.MSIL
Malwarebytes Backdoor.NyanWorm
Panda Trj/GdSda.A
TrendMicro-HouseCall Coinminer.MSIL.CRYSAN.SM
Tencent Msil.Backdoor.Crysan.Efbh
SentinelOne Static AI - Malicious PE
eGambit Unsafe.AI_Score_99%
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2043-08-24 16:18:35

Imports

Library mscoree.dll:
0x402000 _CorExeMain

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.