SmartHawk

2.6

中危

60 个模型检测该样本为恶意！

重新分析

下载样本

3c515f1e713ab87873126ddf9413efed4d4b51d09a4b4b1f6cc49f815b2a3a33

8d1d96c47368954dc7c1ec1307cafb60.exe

分析耗时

73s

最近分析

文件大小

104.5KB

静态报毒动态报毒 A + W32 AI SCORE=82 BANLOAD CLASSIC CONFIDENCE CSTQAJ DARKSHELL DUMPMODULEINFECTIOUSNME FAMVT FILEINFECTOR HIGH CONFIDENCE JADTRE KA@558NXG KUDJ LOADER M1R5 MALICIOUS PE MIKCER NIMNUL OTWYCAL PATCHLOAD PCARRIER RAMNIT ROUE SCORE SMALL STATIC AI UNSAFE VJADTRE WALI WAPOMI 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	W32/Kudj	20201211	6.0.6.653
Alibaba	Virus:Win32/Nimnul.256a647f	20190527	0.3.0.5
Baidu	Win32.Virus.Otwycal.d	20190318	1.0.0.2
Avast	Other:Malware-gen [Trj]	20201210	21.1.5827.0
Kingsoft		20201211	2017.9.26.565
Tencent	Virus.Win32.Loader.aab	20201211	1.0.0.1
CrowdStrike	win/malicious_confidence_90% (W)	20190702	1.0

This executable has a PDB path (1 个事件)

pdb_path

C:\Jenkins\jobs\miktex-2.9\workspace\build-x86\binlib\hbf2gf.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)

section	.gfids
section	.00cfg
section	NG\x15\xd5\xa3u\x1f

The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)

entropy

6.933658987099725

section

{'size_of_data': '0x00004200', 'virtual_address': '0x00152000', 'entropy': 6.933658987099725, 'name': 'NG\\x15\\xd5\\xa3u\\x1f', 'virtual_size': '0x00005000'}

description

A section with a high entropy has been found

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)

Bkav	W32.FamVT.DumpModuleInfectiousNME.PE
Elastic	malicious (high confidence)
MicroWorld-eScan	Win32.VJadtre.3
FireEye	Generic.mg.8d1d96c47368954d
Qihoo-360	Virus.Win32.Agent.P
McAfee	W32/Kudj
Cylance	Unsafe
VIPRE	Virus.Win32.Small.acea (v)
K7AntiVirus	Virus ( 0040f7441 )
Alibaba	Virus:Win32/Nimnul.256a647f
K7GW	Virus ( 0040f7441 )
Cybereason	malicious.473689
Arcabit	Win32.VJadtre.3
BitDefenderTheta	AI:FileInfector.991137D00F
Cyren	W32/PatchLoad.E
Symantec	W32.Wapomi.C!inf
TotalDefense	Win32/Nimnul.A
Baidu	Win32.Virus.Otwycal.d
APEX	Malicious
Avast	Other:Malware-gen [Trj]
ClamAV	Win.Trojan.Downloader-64720
Kaspersky	Virus.Win32.Nimnul.f
BitDefender	Win32.VJadtre.3
NANO-Antivirus	Trojan.Win32.Banload.cstqaj
Paloalto	generic.ml
AegisLab	Virus.Win32.Nimnul.m1R5
Rising	Virus.Roue!1.9E10 (CLASSIC)
Ad-Aware	Win32.VJadtre.3
Emsisoft	Win32.VJadtre.3 (B)
Comodo	Virus.Win32.Wali.KA@558nxg
F-Secure	Malware.W32/Jadtre.B
DrWeb	BackDoor.Darkshell.246
Zillya	Virus.Nimnul.Win32.5
TrendMicro	PE_WAPOMI.BM
McAfee-GW-Edition	BehavesLike.Win32.Kudj.cm
Sophos	ML/PE-A + W32/Nimnul-A
SentinelOne	Static AI - Malicious PE
Jiangmin	Win32/Nimnul.f
Avira	W32/Jadtre.B
MAX	malware (ai score=82)
Antiy-AVL	Virus/Win32.Nimnul.f
Gridinsoft	Trojan.Heur!.03842201
Microsoft	Virus:Win32/Mikcer.B
ViRobot	Win32.Ramnit.F
ZoneAlarm	Virus.Win32.Nimnul.f
GData	Win32.Virus.Wapomi.A
Cynet	Malicious (score: 90)
AhnLab-V3	Win32/VJadtre.Gen
VBA32	Virus.Nimnul.19209
ALYac	Win32.VJadtre.3

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2016-08-09 02:53:09

Imports

Library MiKTeX209-app.dll:

• 0x54b0a0 ?Finalize@Application@App@MiKTeX@@UAEXXZ

• 0x54b0a4 ?Init@Application@App@MiKTeX@@UAEXAAV?$vector@PADV?$allocator@PAD@std@@@std@@@Z

• 0x54b0a8 ??1Application@App@MiKTeX@@UAE@XZ

• 0x54b0ac ?Sorry@Application@App@MiKTeX@@SAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVMiKTeXException@Core@3@@Z

• 0x54b0b0 ?Sorry@Application@App@MiKTeX@@SAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVexception@5@@Z

• 0x54b0b4 ??0Application@App@MiKTeX@@QAE@XZ

Library MiKTeX209-core.dll:

• 0x54b0e8 miktex_find_hbf_file

• 0x54b0ec miktex_exit

Library MiKTeX209-util.dll:

• 0x54b11c ?AnsiToUTF8@StringUtil@Util@MiKTeX@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBD@Z

Library MSVCP140.dll:

• 0x54b068 ?_Xout_of_range@std@@YAXPBD@Z

• 0x54b06c ?_Xlength_error@std@@YAXPBD@Z

• 0x54b070 ?_Xbad_alloc@std@@YAXXZ

Library VCRUNTIME140.dll:

• 0x54b14c __std_type_info_destroy_list

• 0x54b150 memmove

• 0x54b154 _CxxThrowException

• 0x54b158 __CxxFrameHandler3

• 0x54b15c memcpy

• 0x54b160 strchr

• 0x54b164 memset

• 0x54b168 _except_handler4_common

• 0x54b16c __std_exception_destroy

• 0x54b170 __std_exception_copy

Library api-ms-win-crt-stdio-l1-1-0.dll:

• 0x54b348 _set_fmode

• 0x54b34c __acrt_iob_func

• 0x54b350 fclose

• 0x54b354 fflush

• 0x54b358 __p__commode

• 0x54b35c __stdio_common_vsscanf

• 0x54b360 fseek

• 0x54b364 fread

• 0x54b368 fgetc

• 0x54b36c fopen

• 0x54b370 fputc

• 0x54b374 fputs

• 0x54b378 ftell

• 0x54b37c rewind

• 0x54b380 getc

• 0x54b384 __stdio_common_vfprintf

• 0x54b388 __stdio_common_vsprintf

Library api-ms-win-crt-convert-l1-1-0.dll:

• 0x54b1a8 strtol

• 0x54b1ac atoi

• 0x54b1b0 atof

• 0x54b1b4 strtoul

Library api-ms-win-crt-environment-l1-1-0.dll:

• 0x54b1e4 getenv

Library api-ms-win-crt-time-l1-1-0.dll:

• 0x54b410 strftime

• 0x54b414 _localtime64

• 0x54b418 _time64

Library api-ms-win-crt-string-l1-1-0.dll:

• 0x54b3c4 _strdup

• 0x54b3c8 isalpha

• 0x54b3cc isalnum

• 0x54b3d0 tolower

• 0x54b3d4 _stricmp

• 0x54b3d8 isspace

• 0x54b3dc strncpy

Library api-ms-win-crt-runtime-l1-1-0.dll:

• 0x54b2b0 _invalid_parameter_noinfo_noreturn

• 0x54b2b4 _controlfp_s

• 0x54b2b8 terminate

• 0x54b2bc _seh_filter_dll

• 0x54b2c0 _configure_narrow_argv

• 0x54b2c4 _initialize_narrow_environment

• 0x54b2c8 _initialize_onexit_table

• 0x54b2cc _register_onexit_function

• 0x54b2d0 _execute_onexit_table

• 0x54b2d4 _crt_atexit

• 0x54b2d8 _crt_at_quick_exit

• 0x54b2dc _cexit

• 0x54b2e0 _register_thread_local_exe_atexit_callback

• 0x54b2e4 _seh_filter_exe

• 0x54b2e8 _set_app_type

• 0x54b2ec _get_initial_narrow_environment

• 0x54b2f0 _initterm

• 0x54b2f4 _initterm_e

• 0x54b2f8 exit

• 0x54b2fc _exit

• 0x54b300 _c_exit

• 0x54b304 __p___argc

• 0x54b308 __p___argv

Library api-ms-win-crt-heap-l1-1-0.dll:

• 0x54b214 _callnewh

• 0x54b218 malloc

• 0x54b21c free

• 0x54b220 _set_new_mode

Library api-ms-win-crt-math-l1-1-0.dll:

• 0x54b280 __setusermatherr

Library api-ms-win-crt-locale-l1-1-0.dll:

• 0x54b250 _configthreadlocale

Library KERNEL32.dll:

• 0x54b000 SetUnhandledExceptionFilter

• 0x54b004 GetCurrentProcess

• 0x54b008 TerminateProcess

• 0x54b00c IsProcessorFeaturePresent

• 0x54b010 IsDebuggerPresent

• 0x54b014 GetStartupInfoW

• 0x54b018 InitializeSListHead

• 0x54b01c GetSystemTimeAsFileTime

• 0x54b020 GetCurrentThreadId

• 0x54b024 GetCurrentProcessId

• 0x54b028 QueryPerformanceCounter

• 0x54b02c UnhandledExceptionFilter

• 0x54b030 GetModuleHandleW

Exports

Ordinal	Address	Name
1	0x4014ba	Main

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	50537	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.