SmartHawk

1.4

低危

4 个模型检测该样本为恶意！

重新分析

下载样本

8d59e218224dcc4d91025a12d1403479687a5747e524a0591b90b550b1f3a83b

8ea74d30f8070b12a375b61f1a50bef2.exe

分析耗时

78s

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee		20200205	6.0.6.653
Alibaba		20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast		20200205	18.4.3895.0
Tencent		20200205	1.0.0.1
Kingsoft		20200205	2013.8.14.323
CrowdStrike	win/malicious_confidence_60% (W)	20190702	1.0

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2007-08-29 14:38:28

Imports

Library MSVBVM50.DLL:

• 0x4542c0 __vbaVarSub

• 0x4542c4 __vbaStrI2

• 0x4542c8 _CIcos

• 0x4542cc _adj_fptan

• 0x4542d0 __vbaVarMove

• 0x4542d4 __vbaStrI4

• 0x4542d8 __vbaFreeVar

• 0x4542dc __vbaLenBstr

• 0x4542e0 __vbaStrVarMove

• 0x4542e4

• 0x4542e8 __vbaVarIdiv

• 0x4542ec __vbaFreeVarList

• 0x4542f0 __vbaEnd

• 0x4542f4 _adj_fdiv_m64

• 0x4542f8 __vbaPut4

• 0x4542fc __vbaVarIndexStore

• 0x454300 __vbaFreeObjList

• 0x454304

• 0x454308 __vbaGetFxStr4

• 0x45430c

• 0x454310 __vbaStrErrVarCopy

• 0x454314 _adj_fprem1

• 0x454318 __vbaRecAnsiToUni

• 0x45431c __vbaResume

• 0x454320 __vbaStrCat

• 0x454324 __vbaLsetFixstr

• 0x454328 __vbaRecDestruct

• 0x45432c __vbaSetSystemError

• 0x454330 __vbaHresultCheckObj

• 0x454334 __vbaLenVar

• 0x454338 _adj_fdiv_m32

• 0x45433c __vbaAryDestruct

• 0x454340

• 0x454344 __vbaBoolStr

• 0x454348 __vbaForEachCollObj

• 0x45434c

• 0x454350 __vbaExitProc

• 0x454354 __vbaFileCloseAll

• 0x454358

• 0x45435c __vbaOnError

• 0x454360 __vbaObjSet

• 0x454364

• 0x454368

• 0x45436c _adj_fdiv_m16i

• 0x454370 __vbaObjSetAddref

• 0x454374 _adj_fdivr_m16i

• 0x454378

• 0x45437c __vbaVarIndexLoad

• 0x454380 __vbaBoolVarNull

• 0x454384 _CIsin

• 0x454388

• 0x45438c

• 0x454390 __vbaErase

• 0x454394 __vbaNextEachCollObj

• 0x454398 __vbaVarCmpGt

• 0x45439c __vbaChkstk

• 0x4543a0

• 0x4543a4 __vbaFileClose

• 0x4543a8 EVENT_SINK_AddRef

• 0x4543ac

• 0x4543b0

• 0x4543b4 __vbaVarAbs

• 0x4543b8 __vbaExitEachColl

• 0x4543bc

• 0x4543c0 __vbaStrCmp

• 0x4543c4 __vbaGet4

• 0x4543c8 __vbaPutOwner3

• 0x4543cc __vbaVarTstEq

• 0x4543d0 __vbaR4Str

• 0x4543d4 DllFunctionCall

• 0x4543d8

• 0x4543dc __vbaVarOr

• 0x4543e0 __vbaAryConstruct

• 0x4543e4 __vbaStrR4

• 0x4543e8 _adj_fpatan

• 0x4543ec __vbaFixstrConstruct

• 0x4543f0 __vbaLateIdCallLd

• 0x4543f4 __vbaR8Cy

• 0x4543f8 __vbaRedim

• 0x4543fc __vbaRecUniToAnsi

• 0x454400 EVENT_SINK_Release

• 0x454404 __vbaNew

• 0x454408 _CIsqrt

• 0x45440c __vbaObjIs

• 0x454410 __vbaRedimVar

• 0x454414 __vbaVarAnd

• 0x454418 EVENT_SINK_QueryInterface

• 0x45441c __vbaVarMul

• 0x454420 __vbaExceptHandler

• 0x454424 __vbaStrToUnicode

• 0x454428

• 0x45442c _adj_fprem

• 0x454430 _adj_fdivr_m64

• 0x454434 __vbaVarDiv

• 0x454438

• 0x45443c

• 0x454440

• 0x454444 __vbaFPException

• 0x454448 __vbaInStrVar

• 0x45444c __vbaGetOwner3

• 0x454450 __vbaUbound

• 0x454454 __vbaStrVarVal

• 0x454458 __vbaR4ForNextCheck

• 0x45445c __vbaGetOwner4

• 0x454460 __vbaVarCat

• 0x454464 __vbaLsetFixstrFree

• 0x454468

• 0x45446c

• 0x454470

• 0x454474 _CIlog

• 0x454478 __vbaFileOpen

• 0x45447c

• 0x454480

• 0x454484 __vbaNew2

• 0x454488 __vbaInStr

• 0x45448c __vbaR8Str

• 0x454490 _adj_fdiv_m32i

• 0x454494 _adj_fdivr_m32i

• 0x454498 __vbaStrCopy

• 0x45449c __vbaI4Str

• 0x4544a0 __vbaFreeStrList

• 0x4544a4

• 0x4544a8 _adj_fdivr_m32

• 0x4544ac __vbaPowerR8

• 0x4544b0 _adj_fdiv_r

• 0x4544b4

• 0x4544b8

• 0x4544bc

• 0x4544c0

• 0x4544c4 __vbaVarTstNe

• 0x4544c8 __vbaI4Var

• 0x4544cc __vbaVarCmpEq

• 0x4544d0 __vbaFpCy

• 0x4544d4 __vbaVarAdd

• 0x4544d8 __vbaAryLock

• 0x4544dc __vbaVarDup

• 0x4544e0 __vbaStrToAnsi

• 0x4544e4 __vbaVerifyVarObj

• 0x4544e8 __vbaFpI2

• 0x4544ec __vbaVarMod

• 0x4544f0 __vbaFpI4

• 0x4544f4

• 0x4544f8 __vbaVarCopy

• 0x4544fc

• 0x454500 __vbaRecDestructAnsi

• 0x454504 __vbaR8IntI2

• 0x454508 _CIatan

• 0x45450c __vbaCastObj

• 0x454510 __vbaStrMove

• 0x454514

• 0x454518 __vbaR8IntI4

• 0x45451c

• 0x454520 __vbaPutFxStr4

• 0x454524 _allmul

• 0x454528 __vbaLenVarB

• 0x45452c _CItan

• 0x454530 __vbaFPInt

• 0x454534 __vbaAryUnlock

• 0x454538 _CIexp

• 0x45453c __vbaMidStmtBstr

• 0x454540

• 0x454544 __vbaFreeObj

• 0x454548 __vbaFreeStr

• 0x45454c __vbaI4ErrVar

• 0x454550

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50002	114.114.114.114	53
192.168.56.101	51378	114.114.114.114	53
192.168.56.101	57756	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	62318	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	53237	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50003	239.255.255.250	3702
192.168.56.101	50005	239.255.255.250	3702
192.168.56.101	51968	239.255.255.250	1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.

Bkav	W32.HfsOval.
SentinelOne	DFI - Suspicious PE
VBA32	BScope.Trojan.VBKrypt
CrowdStrike	win/malicious_confidence_60% (W)