4.4
中危
60 个模型检测该样本为恶意!
重新分析
更多

a8db203583ee37305e16b64593e03b7d7ff295d0f2a28a79cb89ce0cf490643c

91fbf7f9b1875c0f2bfee03ddcd5f852.exe

分析耗时

82s

最近分析

文件大小

729.1KB
静态报毒 动态报毒 100% 2L3BWHPDHXS ADWAREDEALPLY AI SCORE=87 AIDETECTVM ATTRIBUTE AUTOG BHMKH CONFIDENCE DAPATO DAPATOIH DELF DOWNLOADER34 DROPPERX ENCB EUTY FAREIT GENCIRC GENERICKD HIGH CONFIDENCE HIGHCONFIDENCE HTCZPF MALWARE2 MALWARE@#1VERIXELC7EIA POSSIBLETHREAT R002C0WHP20 R349039 S + TROJ S15671551 SCORE SKEEYAH SUSGEN TJNDROPPR TKX@AAEFWOLI UNSAFE ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FVP!91FBF7F9B187 20201029 6.0.6.653
Alibaba TrojanDropper:Win32/Injector.94d85818 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:DropperX-gen [Drp] 20201029 18.4.3895.0
Tencent Malware.Win32.Gencirc.10ce00ce 20201029 1.0.0.1
Kingsoft 20201029 2013.8.14.323
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619702834.7345
NtAllocateVirtualMemory
process_identifier: 284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004d0000
success 0 0
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1619702850.2815
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 40960
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffff
base_address: 0x02131000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Disables proxy possibly for traffic interception (1 个事件)
Time & API Arguments Status Return Repeated
1619702870.3755
RegSetValueExA
key_handle: 0x000002c8
value: 0
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 202.160.128.203:443
File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.34414230
FireEye Generic.mg.91fbf7f9b1875c0f
CAT-QuickHeal TjnDroppr.DapatoIH.S15671551
McAfee Fareit-FVP!91FBF7F9B187
Malwarebytes Trojan.MalPack.DLF
Zillya Trojan.Injector.Win32.764008
Sangfor Malware
K7AntiVirus Trojan ( 0056d3f41 )
Alibaba TrojanDropper:Win32/Injector.94d85818
K7GW Trojan ( 0056d3f41 )
Cybereason malicious.07a109
Arcabit Trojan.Generic.D20D1E96
TrendMicro TROJ_GEN.R002C0WHP20
Cyren W32/Trojan.EUTY-7263
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:DropperX-gen [Drp]
Kaspersky HEUR:Trojan-Dropper.Win32.Dapato.gen
BitDefender Trojan.GenericKD.34414230
NANO-Antivirus Trojan.Win32.Dapato.htczpf
Paloalto generic.ml
AegisLab Trojan.Win32.Dapato.b!c
Tencent Malware.Win32.Gencirc.10ce00ce
Ad-Aware Trojan.GenericKD.34414230
Sophos Troj/AutoG-IX
Comodo Malware@#1verixelc7eia
F-Secure Trojan.TR/Injector.bhmkh
DrWeb Trojan.DownLoader34.56488
VIPRE Trojan.Win32.Generic!BT
Invincea Mal/Generic-S + Troj/AutoG-IX
McAfee-GW-Edition BehavesLike.Win32.AdwareDealPly.bh
Emsisoft Trojan.Injector (A)
Jiangmin TrojanDropper.Dapato.acbe
Webroot W32.Malware.Gen
Avira TR/Injector.bhmkh
MAX malware (ai score=87)
Antiy-AVL Trojan[Downloader]/Win32.Delf
Microsoft Trojan:Win32/Skeeyah!MTB
ZoneAlarm HEUR:Trojan-Dropper.Win32.Dapato.gen
GData Trojan.GenericKD.34414230
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Dapato.R349039
BitDefenderTheta Gen:NN.ZelphiF.34590.TKX@aaefwOli
ALYac Trojan.Dropper.Dapato
VBA32 TrojanDropper.Dapato
Cylance Unsafe
Zoner Trojan.Win32.92580
ESET-NOD32 Win32/Injector.ENCB
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library oleaut32.dll:
0x4687ac SysFreeString
0x4687b0 SysReAllocStringLen
0x4687b4 SysAllocStringLen
Library advapi32.dll:
0x4687bc RegQueryValueExA
0x4687c0 RegOpenKeyExA
0x4687c4 RegCloseKey
Library user32.dll:
0x4687cc GetKeyboardType
0x4687d0 DestroyWindow
0x4687d4 LoadStringA
0x4687d8 MessageBoxA
0x4687dc CharNextA
Library kernel32.dll:
0x4687e4 GetACP
0x4687e8 Sleep
0x4687ec VirtualFree
0x4687f0 VirtualAlloc
0x4687f4 GetTickCount
0x4687fc GetCurrentThreadId
0x468808 VirtualQuery
0x46880c WideCharToMultiByte
0x468810 MultiByteToWideChar
0x468814 lstrlenA
0x468818 lstrcpynA
0x46881c LoadLibraryExA
0x468820 GetThreadLocale
0x468824 GetStartupInfoA
0x468828 GetProcAddress
0x46882c GetModuleHandleA
0x468830 GetModuleFileNameA
0x468834 GetLocaleInfoA
0x468838 GetCommandLineA
0x46883c FreeLibrary
0x468840 FindFirstFileA
0x468844 FindClose
0x468848 ExitProcess
0x46884c CompareStringA
0x468850 WriteFile
0x468858 RtlUnwind
0x46885c RaiseException
0x468860 GetStdHandle
Library kernel32.dll:
0x468868 TlsSetValue
0x46886c TlsGetValue
0x468870 LocalAlloc
0x468874 GetModuleHandleA
Library user32.dll:
0x46887c CreateWindowExA
0x468880 WindowFromPoint
0x468884 WaitMessage
0x468888 UpdateWindow
0x46888c UnregisterClassA
0x468890 UnhookWindowsHookEx
0x468894 TranslateMessage
0x46889c TrackPopupMenu
0x4688a4 ShowWindow
0x4688a8 ShowScrollBar
0x4688ac ShowOwnedPopups
0x4688b0 SetWindowsHookExA
0x4688b4 SetWindowTextA
0x4688b8 SetWindowPos
0x4688bc SetWindowPlacement
0x4688c0 SetWindowLongW
0x4688c4 SetWindowLongA
0x4688c8 SetTimer
0x4688cc SetScrollRange
0x4688d0 SetScrollPos
0x4688d4 SetScrollInfo
0x4688d8 SetRect
0x4688dc SetPropA
0x4688e0 SetParent
0x4688e4 SetMenuItemInfoA
0x4688e8 SetMenu
0x4688ec SetForegroundWindow
0x4688f0 SetFocus
0x4688f4 SetCursor
0x4688f8 SetClassLongA
0x4688fc SetCapture
0x468900 SetActiveWindow
0x468904 SendMessageW
0x468908 SendMessageA
0x46890c ScrollWindow
0x468910 ScreenToClient
0x468914 RemovePropA
0x468918 RemoveMenu
0x46891c ReleaseDC
0x468920 ReleaseCapture
0x46892c RegisterClassA
0x468930 RedrawWindow
0x468934 PtInRect
0x468938 PostQuitMessage
0x46893c PostMessageA
0x468940 PeekMessageW
0x468944 PeekMessageA
0x468948 OffsetRect
0x46894c OemToCharA
0x468950 MessageBoxA
0x468954 MapWindowPoints
0x468958 MapVirtualKeyA
0x46895c LoadStringA
0x468960 LoadKeyboardLayoutA
0x468964 LoadIconA
0x468968 LoadCursorA
0x46896c LoadBitmapA
0x468970 KillTimer
0x468974 IsZoomed
0x468978 IsWindowVisible
0x46897c IsWindowUnicode
0x468980 IsWindowEnabled
0x468984 IsWindow
0x468988 IsRectEmpty
0x46898c IsIconic
0x468990 IsDialogMessageW
0x468994 IsDialogMessageA
0x468998 IsChild
0x46899c InvalidateRect
0x4689a0 IntersectRect
0x4689a4 InsertMenuItemA
0x4689a8 InsertMenuA
0x4689ac InflateRect
0x4689b4 GetWindowTextA
0x4689b8 GetWindowRect
0x4689bc GetWindowPlacement
0x4689c0 GetWindowLongW
0x4689c4 GetWindowLongA
0x4689c8 GetWindowDC
0x4689cc GetTopWindow
0x4689d0 GetSystemMetrics
0x4689d4 GetSystemMenu
0x4689d8 GetSysColorBrush
0x4689dc GetSysColor
0x4689e0 GetSubMenu
0x4689e4 GetScrollRange
0x4689e8 GetScrollPos
0x4689ec GetScrollInfo
0x4689f0 GetPropA
0x4689f4 GetParent
0x4689f8 GetWindow
0x4689fc GetMessagePos
0x468a00 GetMenuStringA
0x468a04 GetMenuState
0x468a08 GetMenuItemInfoA
0x468a0c GetMenuItemID
0x468a10 GetMenuItemCount
0x468a14 GetMenu
0x468a18 GetLastActivePopup
0x468a1c GetKeyboardState
0x468a28 GetKeyboardLayout
0x468a2c GetKeyState
0x468a30 GetKeyNameTextA
0x468a34 GetIconInfo
0x468a38 GetForegroundWindow
0x468a3c GetFocus
0x468a40 GetDesktopWindow
0x468a44 GetDCEx
0x468a48 GetDC
0x468a4c GetCursorPos
0x468a50 GetCursor
0x468a54 GetClipboardData
0x468a58 GetClientRect
0x468a5c GetClassLongA
0x468a60 GetClassInfoA
0x468a64 GetCapture
0x468a68 GetActiveWindow
0x468a6c FrameRect
0x468a70 FindWindowA
0x468a74 FillRect
0x468a78 EqualRect
0x468a7c EnumWindows
0x468a80 EnumThreadWindows
0x468a84 EnumChildWindows
0x468a88 EndPaint
0x468a8c EnableWindow
0x468a90 EnableScrollBar
0x468a94 EnableMenuItem
0x468a98 DrawTextA
0x468a9c DrawMenuBar
0x468aa0 DrawIconEx
0x468aa4 DrawIcon
0x468aa8 DrawFrameControl
0x468aac DrawEdge
0x468ab0 DispatchMessageW
0x468ab4 DispatchMessageA
0x468ab8 DestroyWindow
0x468abc DestroyMenu
0x468ac0 DestroyIcon
0x468ac4 DestroyCursor
0x468ac8 DeleteMenu
0x468acc DefWindowProcA
0x468ad0 DefMDIChildProcA
0x468ad4 DefFrameProcA
0x468ad8 CreatePopupMenu
0x468adc CreateMenu
0x468ae0 CreateIcon
0x468ae4 ClientToScreen
0x468ae8 CheckMenuItem
0x468aec CallWindowProcA
0x468af0 CallNextHookEx
0x468af4 BeginPaint
0x468af8 CharNextA
0x468afc CharLowerBuffA
0x468b00 CharLowerA
0x468b04 CharToOemA
0x468b08 AdjustWindowRectEx
Library gdi32.dll:
0x468b14 UnrealizeObject
0x468b18 StretchBlt
0x468b1c SetWindowOrgEx
0x468b20 SetWinMetaFileBits
0x468b24 SetViewportOrgEx
0x468b28 SetTextColor
0x468b2c SetStretchBltMode
0x468b30 SetROP2
0x468b34 SetPixel
0x468b38 SetEnhMetaFileBits
0x468b3c SetDIBColorTable
0x468b40 SetBrushOrgEx
0x468b44 SetBkMode
0x468b48 SetBkColor
0x468b4c SelectPalette
0x468b50 SelectObject
0x468b54 SaveDC
0x468b58 RestoreDC
0x468b5c Rectangle
0x468b60 RectVisible
0x468b64 RealizePalette
0x468b68 Polyline
0x468b6c PlayEnhMetaFile
0x468b70 PatBlt
0x468b74 MoveToEx
0x468b78 MaskBlt
0x468b7c LineTo
0x468b80 IntersectClipRect
0x468b84 GetWindowOrgEx
0x468b88 GetWinMetaFileBits
0x468b8c GetTextMetricsA
0x468b94 GetTextAlign
0x468b9c GetStockObject
0x468ba0 GetRgnBox
0x468ba4 GetPolyFillMode
0x468ba8 GetPixelFormat
0x468bac GetPixel
0x468bb0 GetPaletteEntries
0x468bb4 GetObjectA
0x468bb8 GetMapMode
0x468bc4 GetEnhMetaFileBits
0x468bc8 GetDeviceCaps
0x468bcc GetDIBits
0x468bd0 GetDIBColorTable
0x468bd4 GetDCOrgEx
0x468bd8 GetDCPenColor
0x468be0 GetClipBox
0x468be4 GetBrushOrgEx
0x468be8 GetBkColor
0x468bec GetBitmapBits
0x468bf0 ExcludeClipRect
0x468bf4 DeleteObject
0x468bf8 DeleteEnhMetaFile
0x468bfc DeleteDC
0x468c00 CreateSolidBrush
0x468c04 CreatePenIndirect
0x468c08 CreatePalette
0x468c10 CreateFontIndirectA
0x468c14 CreateDIBitmap
0x468c18 CreateDIBSection
0x468c1c CreateCompatibleDC
0x468c24 CreateBrushIndirect
0x468c28 CreateBitmap
0x468c2c CopyEnhMetaFileA
0x468c30 BitBlt
Library version.dll:
0x468c38 VerQueryValueA
0x468c40 GetFileVersionInfoA
Library kernel32.dll:
0x468c48 lstrcpyA
0x468c4c lstrcmpiA
0x468c50 WriteFile
0x468c54 WaitForSingleObject
0x468c58 VirtualQuery
0x468c5c VirtualProtect
0x468c60 VirtualAlloc
0x468c64 SizeofResource
0x468c68 SetThreadLocale
0x468c6c SetFilePointer
0x468c70 SetEvent
0x468c74 SetErrorMode
0x468c78 SetEndOfFile
0x468c7c ResetEvent
0x468c80 ReadFile
0x468c84 MultiByteToWideChar
0x468c88 MulDiv
0x468c8c LockResource
0x468c90 LoadResource
0x468c94 LoadLibraryA
0x468ca0 GlobalFindAtomA
0x468ca4 GlobalDeleteAtom
0x468ca8 GlobalAddAtomA
0x468cac GetVersionExA
0x468cb0 GetVersion
0x468cb4 GetTickCount
0x468cb8 GetThreadLocale
0x468cbc GetStdHandle
0x468cc0 GetProcAddress
0x468cc4 GetModuleHandleA
0x468cc8 GetModuleFileNameA
0x468ccc GetLocaleInfoA
0x468cd0 GetLocalTime
0x468cd4 GetLastError
0x468cd8 GetFullPathNameA
0x468cdc GetDiskFreeSpaceA
0x468ce0 GetDateFormatA
0x468ce4 GetCurrentThreadId
0x468ce8 GetCurrentProcessId
0x468cec GetCPInfo
0x468cf0 FreeResource
0x468cf4 InterlockedExchange
0x468cf8 FreeLibrary
0x468cfc FormatMessageA
0x468d00 FindResourceA
0x468d04 EnumCalendarInfoA
0x468d10 CreateThread
0x468d14 CreateFileA
0x468d18 CreateEventA
0x468d1c CompareStringA
0x468d20 CloseHandle
Library advapi32.dll:
0x468d28 RegQueryValueExA
0x468d2c RegOpenKeyExA
0x468d30 RegFlushKey
0x468d34 RegCloseKey
Library oleaut32.dll:
0x468d3c GetErrorInfo
0x468d40 SysFreeString
Library ole32.dll:
0x468d48 CoUninitialize
0x468d4c CoInitialize
Library kernel32.dll:
0x468d54 Sleep
Library oleaut32.dll:
0x468d5c SafeArrayPtrOfIndex
0x468d60 SafeArrayGetUBound
0x468d64 SafeArrayGetLBound
0x468d68 SafeArrayCreate
0x468d6c VariantChangeType
0x468d70 VariantCopy
0x468d74 VariantClear
0x468d78 VariantInit
Library comctl32.dll:
0x468d80 _TrackMouseEvent
0x468d8c ImageList_Write
0x468d90 ImageList_Read
0x468d98 ImageList_DragMove
0x468d9c ImageList_DragLeave
0x468da0 ImageList_DragEnter
0x468da4 ImageList_EndDrag
0x468da8 ImageList_BeginDrag
0x468dac ImageList_Remove
0x468db0 ImageList_DrawEx
0x468db4 ImageList_Draw
0x468dc0 ImageList_Add
0x468dc8 ImageList_Destroy
0x468dcc ImageList_Create
Library advapi32.dll:
0x468dd4 QueryServiceStatus
0x468dd8 OpenServiceA
0x468ddc OpenSCManagerA
0x468de0 CloseServiceHandle
Library UrL:
0x468de8 InetIsOffline

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.