5.2
中危
8 个模型检测该样本为恶意!
重新分析
更多

6e963b91edf51752d0b15e2bc222ec22106716091eabed06cb783e707e374d88

90261d2db632f0322fc3ebfe8e8bf729.exe

分析耗时

96s

最近分析

文件大小

6.1MB
静态报毒 动态报毒 100% ATTRIBUTE CONFIDENCE GEN@1QLOJK HIGHCONFIDENCE INVALIDSIG IOBIT IOBIT UNINSTALLER XMXD 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (D) 20210203 1.0
Avast 20210416 21.1.5827.0
Tencent 20210416 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft 20210416 2017.9.26.565
McAfee 20210416 6.0.6.653
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:3985990416&cup2hreq=c6ec00e7a685dad9627d5c6c81988962088600ec38a52adefef5d65fe686a69e
Performs some HTTP requests (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:3985990416&cup2hreq=c6ec00e7a685dad9627d5c6c81988962088600ec38a52adefef5d65fe686a69e
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:3985990416&cup2hreq=c6ec00e7a685dad9627d5c6c81988962088600ec38a52adefef5d65fe686a69e
Foreign language identified in PE resource (14 个事件)
name RT_ICON language LANG_CHINESE offset 0x004d1dc4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x004d1dc4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x004d1dc4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x004d1dc4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x004d1dc4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x004d1dc4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x004d1dc4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x004d1dc4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x004d1dc4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x004d1dc4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x004d1dc4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x004d1dc4 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_GROUP_ICON language LANG_CHINESE offset 0x0066816c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000000ae
name RT_VERSION language LANG_CHINESE offset 0x0066821c filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000344
File has been identified by 8 AntiVirus engines on VirusTotal as malicious (8 个事件)
DrWeb Program.Unwanted.2520
CrowdStrike win/malicious_confidence_100% (D)
Cyren W32/Application.XMXD-3076
Symantec ML.Attribute.HighConfidence
Comodo TrojWare.Win32.Spy.Banker.Gen@1qlojk
Sophos IObit Uninstaller (PUA)
GData Win32.Application.iObit.B
eGambit PE.Heur.InvalidSig
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.446799328750893 section {'size_of_data': '0x00218e00', 'virtual_address': '0x00450000', 'entropy': 7.446799328750893, 'name': '.rsrc', 'virtual_size': '0x00218d04'} description A section with a high entropy has been found
entropy 0.3424766765010765 description Overall entropy of this PE file is high
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-19 18:05:31

Imports

Library rtl120.bpl:
0x7f76ac @System@@New$qqripv
0x7f780c @System@@Halt0$qqrv
0x7f78dc @System@@SetEq$qqrv
0x7f7900 @System@@TRUNC$qqrv
0x7f7904 @System@@ROUND$qqrv
0x7f7908 @System@Sqrt$qqrxg
0x7f790c @System@Ln$qqrxg
0x7f7910 @System@Sin$qqrxg
0x7f7914 @System@Cos$qqrxg
0x7f7918 @System@Exp$qqrxg
0x7f791c @System@Int$qqrxg
0x7f7928 @System@UpCase$qqrb
0x7f795c @System@DebugHook
0x7f7964 @System@CPUCount
0x7f7968 @System@IsLibrary
0x7f7984 @$xp$9IDispatch
0x7f7990 @System@TObject@
0x7f79a8 @$xp$8LongBool
0x7f79bc @$xp$11System@Comp
0x7f79c0 @$xp$4Real
0x7f79c4 @$xp$6Double
0x7f79cc @$xp$6Single
0x7f79d0 @$xp$6UInt64
0x7f79d4 @$xp$5Int64
0x7f79d8 @$xp$8Cardinal
0x7f79dc @$xp$11System@Word
0x7f79e0 @$xp$11System@Byte
0x7f79e4 @$xp$7Integer
0x7f79e8 @$xp$8SmallInt
0x7f79f0 @$xp$11System@Char
0x7f79f4 @$xp$8AnsiChar
0x7f79f8 @$xp$7Boolean
Library kernel32.dll:
0x7f7a00 TlsSetValue
0x7f7a04 TlsGetValue
0x7f7a08 LocalAlloc
0x7f7a0c GetModuleHandleW
Library madExcept_.bpl:
0x7f7a2c @Madexcept@Plugins
Library user32.dll:
0x7f7a34 CreateWindowExW
0x7f7a38 WindowFromPoint
0x7f7a3c WindowFromDC
0x7f7a40 WaitForInputIdle
0x7f7a44 UpdateLayeredWindow
0x7f7a48 UpdateWindow
0x7f7a4c UnregisterHotKey
0x7f7a50 UnregisterClassW
0x7f7a54 UnhookWindowsHookEx
0x7f7a58 TranslateMessage
0x7f7a60 AnimateWindow
0x7f7a64 ShowWindow
0x7f7a68 ShowCaret
0x7f7a6c SetWindowRgn
0x7f7a70 SetWindowsHookExW
0x7f7a74 SetWindowPos
0x7f7a78 SetWindowLongW
0x7f7a7c SetTimer
0x7f7a80 SetScrollPos
0x7f7a84 SetScrollInfo
0x7f7a88 SetRect
0x7f7a8c SetPropW
0x7f7a90 SetForegroundWindow
0x7f7a94 SetFocus
0x7f7a98 SetCursor
0x7f7a9c SetClassLongW
0x7f7aa0 SetCaretPos
0x7f7aa4 SendMessageW
0x7f7aa8 ScreenToClient
0x7f7aac RemovePropW
0x7f7ab0 ReleaseDC
0x7f7ab4 ReleaseCapture
0x7f7abc RegisterHotKey
0x7f7ac4 RegisterClassW
0x7f7ac8 RedrawWindow
0x7f7acc PtInRect
0x7f7ad0 PostMessageW
0x7f7ad4 PeekMessageW
0x7f7ad8 OffsetRect
0x7f7ae0 MessageBoxW
0x7f7ae4 MapWindowPoints
0x7f7ae8 MapVirtualKeyW
0x7f7aec LockWindowUpdate
0x7f7af0 LoadStringW
0x7f7af4 LoadImageW
0x7f7af8 LoadIconW
0x7f7afc LoadCursorW
0x7f7b00 KillTimer
0x7f7b04 IsZoomed
0x7f7b08 IsWindowVisible
0x7f7b0c IsWindowEnabled
0x7f7b10 IsWindow
0x7f7b14 IsRectEmpty
0x7f7b18 IsIconic
0x7f7b1c InvalidateRect
0x7f7b20 IntersectRect
0x7f7b24 InflateRect
0x7f7b28 HideCaret
0x7f7b30 GetWindowTextW
0x7f7b34 GetWindowRgn
0x7f7b38 GetWindowRect
0x7f7b3c GetWindowPlacement
0x7f7b40 GetWindowLongW
0x7f7b44 GetWindowDC
0x7f7b48 GetSystemMetrics
0x7f7b4c GetSysColorBrush
0x7f7b50 GetSysColor
0x7f7b54 GetScrollRange
0x7f7b58 GetScrollPos
0x7f7b5c GetScrollInfo
0x7f7b60 GetScrollBarInfo
0x7f7b64 GetParent
0x7f7b68 GetWindow
0x7f7b6c GetMessageW
0x7f7b70 GetIconInfo
0x7f7b74 GetForegroundWindow
0x7f7b78 GetDesktopWindow
0x7f7b7c GetDC
0x7f7b80 GetCursorPos
0x7f7b84 GetCursor
0x7f7b8c GetClipboardData
0x7f7b90 GetClientRect
0x7f7b94 GetClassNameW
0x7f7b98 GetClassLongW
0x7f7b9c GetClassInfoW
0x7f7ba0 GetCaretPos
0x7f7ba4 GetCapture
0x7f7ba8 GetAsyncKeyState
0x7f7bac GetActiveWindow
0x7f7bb0 FrameRect
0x7f7bb4 FindWindowExW
0x7f7bb8 FindWindowW
0x7f7bbc FillRect
0x7f7bc0 ExitWindowsEx
0x7f7bc4 EqualRect
0x7f7bc8 EnumWindows
0x7f7bcc EndPaint
0x7f7bd0 DrawTextExW
0x7f7bd4 DrawTextW
0x7f7bd8 DrawIconEx
0x7f7bdc DrawFrameControl
0x7f7be0 DrawEdge
0x7f7be4 DispatchMessageW
0x7f7be8 DestroyWindow
0x7f7bec DestroyIcon
0x7f7bf0 DestroyCaret
0x7f7bf4 DefWindowProcW
0x7f7bf8 CreateIconIndirect
0x7f7bfc CreateCaret
0x7f7c00 ClientToScreen
0x7f7c04 CallWindowProcW
0x7f7c08 CallNextHookEx
0x7f7c0c BringWindowToTop
0x7f7c10 BeginPaint
0x7f7c14 AttachThreadInput
Library msimg32.dll:
0x7f7c1c TransparentBlt
0x7f7c20 AlphaBlend
Library gdi32.dll:
0x7f7c28 TextOutW
0x7f7c2c StretchDIBits
0x7f7c30 StretchBlt
0x7f7c34 SetWindowOrgEx
0x7f7c38 SetViewportOrgEx
0x7f7c3c SetTextColor
0x7f7c40 SetStretchBltMode
0x7f7c44 SetROP2
0x7f7c48 SetPixelV
0x7f7c4c SetPixel
0x7f7c50 SetDIBitsToDevice
0x7f7c54 SetDIBits
0x7f7c58 SetBkMode
0x7f7c5c SetBkColor
0x7f7c60 SetBitmapBits
0x7f7c64 SelectPalette
0x7f7c68 SelectObject
0x7f7c6c SelectClipRgn
0x7f7c70 SaveDC
0x7f7c74 RoundRect
0x7f7c78 RestoreDC
0x7f7c7c ResizePalette
0x7f7c80 Rectangle
0x7f7c84 RectVisible
0x7f7c88 RealizePalette
0x7f7c8c PtInRegion
0x7f7c90 Polyline
0x7f7c94 PlgBlt
0x7f7c98 OffsetViewportOrgEx
0x7f7c9c MoveToEx
0x7f7ca0 MaskBlt
0x7f7ca4 LineTo
0x7f7ca8 IntersectClipRect
0x7f7cac GetViewportOrgEx
0x7f7cb0 GetTextMetricsW
0x7f7cbc GetTextColor
0x7f7cc0 GetStockObject
0x7f7cc4 GetROP2
0x7f7cc8 GetPixel
0x7f7ccc GetPaletteEntries
0x7f7cd0 GetObjectType
0x7f7cd4 GetObjectA
0x7f7cd8 GetObjectW
0x7f7ce0 GetDeviceCaps
0x7f7ce4 GetDIBits
0x7f7ce8 GetDIBColorTable
0x7f7cf0 GetCurrentObject
0x7f7cf4 GetClipBox
0x7f7cf8 GetBkMode
0x7f7cfc GetBkColor
0x7f7d00 GetBitmapBits
0x7f7d04 GdiFlush
0x7f7d08 ExtTextOutW
0x7f7d0c ExtSelectClipRgn
0x7f7d10 ExcludeClipRect
0x7f7d14 Ellipse
0x7f7d18 DeleteObject
0x7f7d1c DeleteDC
0x7f7d20 CreateSolidBrush
0x7f7d24 CreateRoundRectRgn
0x7f7d28 CreateRectRgn
0x7f7d2c CreatePolygonRgn
0x7f7d30 CreatePenIndirect
0x7f7d34 CreatePalette
0x7f7d3c CreateFontIndirectW
0x7f7d40 CreateEllipticRgn
0x7f7d44 CreateDIBitmap
0x7f7d48 CreateDIBSection
0x7f7d4c CreateCompatibleDC
0x7f7d54 CreateBrushIndirect
0x7f7d58 CreateBitmap
0x7f7d5c BitBlt
Library version.dll:
0x7f7d64 VerQueryValueW
0x7f7d6c GetFileVersionInfoW
Library kernel32.dll:
0x7f7d74 lstrlenW
0x7f7d78 lstrcmpiA
0x7f7d7c lstrcmpW
0x7f7d80 WriteProcessMemory
0x7f7d88 WriteFile
0x7f7d8c WinExec
0x7f7d90 WideCharToMultiByte
0x7f7d94 WaitForSingleObject
0x7f7d98 VirtualQuery
0x7f7d9c VirtualProtect
0x7f7da0 VirtualFreeEx
0x7f7da4 VirtualAllocEx
0x7f7da8 UnmapViewOfFile
0x7f7db0 TerminateThread
0x7f7db4 TerminateProcess
0x7f7dc0 Sleep
0x7f7dc4 SetLastError
0x7f7dc8 SetFileAttributesW
0x7f7dcc SetEvent
0x7f7dd0 SearchPathW
0x7f7dd4 ResetEvent
0x7f7dd8 RemoveDirectoryW
0x7f7ddc ReadProcessMemory
0x7f7de0 RaiseException
0x7f7dec QueryDosDeviceW
0x7f7df0 OutputDebugStringW
0x7f7df4 OpenProcess
0x7f7df8 MultiByteToWideChar
0x7f7dfc MulDiv
0x7f7e00 MoveFileExW
0x7f7e04 MapViewOfFile
0x7f7e08 LocalFree
0x7f7e0c LocalAlloc
0x7f7e10 LoadLibraryW
0x7f7e18 IsBadReadPtr
0x7f7e1c IsBadCodePtr
0x7f7e24 HeapFree
0x7f7e28 HeapDestroy
0x7f7e2c HeapAlloc
0x7f7e30 GlobalUnlock
0x7f7e34 GlobalSize
0x7f7e3c GlobalMemoryStatus
0x7f7e40 GlobalHandle
0x7f7e44 GlobalLock
0x7f7e48 GlobalGetAtomNameW
0x7f7e4c GlobalFree
0x7f7e50 GlobalFindAtomW
0x7f7e54 GlobalAlloc
0x7f7e58 GlobalAddAtomW
0x7f7e60 GetVersionExW
0x7f7e64 GetVersion
0x7f7e6c GetTickCount
0x7f7e70 GetTempPathW
0x7f7e74 GetTempFileNameW
0x7f7e7c GetSystemTime
0x7f7e80 GetSystemInfo
0x7f7e84 GetSystemDirectoryW
0x7f7e8c GetShortPathNameW
0x7f7e90 GetProcessTimes
0x7f7e94 GetProcAddress
0x7f7e9c GetPriorityClass
0x7f7ea0 GetModuleHandleW
0x7f7ea4 GetModuleFileNameW
0x7f7eac GetLocaleInfoW
0x7f7eb0 GetLocalTime
0x7f7eb4 GetLastError
0x7f7eb8 GetFileSize
0x7f7ec0 GetFileAttributesW
0x7f7ec4 GetDriveTypeW
0x7f7ec8 GetDiskFreeSpaceExW
0x7f7ecc GetCurrentThreadId
0x7f7ed0 GetCurrentProcessId
0x7f7ed4 GetCurrentProcess
0x7f7ed8 GetComputerNameW
0x7f7edc GetCommandLineW
0x7f7ee0 GetCPInfo
0x7f7eec InterlockedExchange
0x7f7ef8 FreeLibrary
0x7f7efc FormatMessageW
0x7f7f04 FlushFileBuffers
0x7f7f08 FindFirstFileW
0x7f7f0c FindClose
0x7f7f24 DeleteFileW
0x7f7f2c CreateThread
0x7f7f30 CreateProcessW
0x7f7f34 CreateMutexW
0x7f7f38 CreateFileMappingW
0x7f7f3c CreateFileW
0x7f7f40 CreateEventW
0x7f7f44 CopyFileW
0x7f7f48 CompareStringW
0x7f7f4c CloseHandle
Library advapi32.dll:
0x7f7f54 RevertToSelf
0x7f7f58 RegQueryValueExW
0x7f7f5c RegQueryInfoKeyW
0x7f7f60 RegOpenKeyExW
0x7f7f64 RegFlushKey
0x7f7f68 RegEnumValueW
0x7f7f6c RegEnumKeyExW
0x7f7f70 RegDeleteValueW
0x7f7f74 RegDeleteKeyW
0x7f7f78 RegCreateKeyExW
0x7f7f7c RegCloseKey
0x7f7f80 OpenProcessToken
0x7f7f88 LookupAccountSidW
0x7f7f8c LookupAccountNameW
0x7f7f94 GetUserNameW
0x7f7f98 GetTokenInformation
0x7f7fa0 GetSidSubAuthority
0x7f7fa4 DuplicateTokenEx
Library rtl120.bpl:
0x7f7fc4 @Types@Point$qqrii
0x7f7fd0 @Types@Rect$qqriiii
Library madBasic_.bpl:
Library madBasic_.bpl:
Library madExcept_.bpl:
Library madDisAsm_.bpl:
Library madExcept_.bpl:
Library wsock32.dll:
0x7f8080 send
Library rtl120.bpl:
Library shell32.dll:
0x7f8090 ShellExecuteExW
0x7f8094 ShellExecuteW
0x7f8098 SHGetFileInfoW
0x7f809c SHFileOperationW
0x7f80a0 SHAppBarMessage
0x7f80a4 ExtractIconExW
0x7f80a8 DragQueryFileW
0x7f80ac DragFinish
0x7f80b0 DragAcceptFiles
0x7f80b4 CommandLineToArgvW
Library shell32.dll:
0x7f80c8 SHGetDesktopFolder
0x7f80cc SHBrowseForFolderW
Library rtl120.bpl:
0x7f80d8 @$xp$12IEnumVARIANT

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49180 203.208.41.98 update.googleapis.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 54178 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60221 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.