0.9
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.57
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Trojan-gen | 20200501 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200503 | 2013.8.14.323 |
| McAfee | PWS-FBLP!9597DB608A27 | 20200503 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b9c1c3 | 20200503 | 1.0.0.1 |
静态指标
动态指标
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 61 个反病毒引擎识别为恶意
(50 out of 61 个事件)
| ALYac | Trojan.Agent.BAVV |
| APEX | Malicious |
| AVG | Win32:Trojan-gen |
| Acronis | suspicious |
| Ad-Aware | Trojan.Agent.BAVV |
| AhnLab-V3 | Trojan/Win32.Upatre.C219756 |
| Antiy-AVL | Trojan/Win32.Vague |
| Arcabit | Trojan.Agent.BAVV |
| Avast | Win32:Trojan-gen |
| Avira | TR/Crypt.XPACK.Gen7 |
| BitDefender | Trojan.Agent.BAVV |
| BitDefenderTheta | Gen:NN.ZexaF.34108.bqX@a8y8ZVoi |
| Bkav | W32.FamVT.GeND.Trojan |
| CAT-QuickHeal | Trojan.Vague |
| Comodo | TrojWare.Win32.Kryptik.BFP@54u2z9 |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.08a273 |
| Cylance | Unsafe |
| Cyren | W32/Trojan.OLOO-0497 |
| DrWeb | Trojan.PWS.Panda.5183 |
| ESET-NOD32 | Win32/TrojanDownloader.Waski.A |
| Emsisoft | Trojan.Agent.BAVV (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Trojan3.GOO |
| F-Secure | Trojan.TR/Crypt.XPACK.Gen7 |
| FireEye | Generic.mg.9597db608a273610 |
| Fortinet | W32/ZBOT.GQ!tr |
| GData | Trojan.Agent.BAVV |
| Invincea | heuristic |
| Jiangmin | Trojan/Vague.i |
| K7AntiVirus | Trojan-Downloader ( 004b972f1 ) |
| K7GW | Trojan-Downloader ( 004b972f1 ) |
| Kaspersky | Trojan.Win32.Vague.bl |
| MAX | malware (ai score=84) |
| Malwarebytes | Trojan.Email |
| MaxSecure | Trojan.Upatre.Gen |
| McAfee | PWS-FBLP!9597DB608A27 |
| McAfee-GW-Edition | BehavesLike.Win32.Downloader.mt |
| MicroWorld-eScan | Trojan.Agent.BAVV |
| Microsoft | TrojanDownloader:Win32/Upatre.A |
| NANO-Antivirus | Trojan.Win32.Vague.cqjjaa |
| Panda | Generic Malware |
| Qihoo-360 | HEUR/QVM10.1.F8BC.Malware.Gen |
| Rising | Trojan.DL.Win32.Waski.k (RDMK:cmRtazr6yqxhKhDhd6POA0pnKREf) |
| Sangfor | Malware |
| SentinelOne | DFI - Suspicious PE |
| Sophos | Troj/Zbot-GZB |
| Tencent | Malware.Win32.Gencirc.10b9c1c3 |
| TotalDefense | Win32/Tnega.ATIC |
| Trapmine | suspicious.low.ml.score |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2013-11-21 14:23:34
PE Imphash
3c2e1c95b87b1cf3c33906bf62025007
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x0000123a | 0x00001400 | 5.865043419969081 |
| .rdata | 0x00003000 | 0x0000171e | 0x00001800 | 6.195364880298748 |
| .data | 0x00005000 | 0x00000430 | 0x00000200 | 1.060481211975618 |
| .rsrc | 0x00006000 | 0x00002990 | 0x00002a00 | 2.891928182575322 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x000060ec | 0x00002734 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_GROUP_ICON | 0x00008820 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_MANIFEST | 0x00008834 | 0x0000015a | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library msvcrt.dll:
• 0x403084 _ismbblead
• 0x403088 exit
• 0x40308c _exit
• 0x403090 _acmdln
• 0x403094 _initterm
• 0x403098 _amsg_exit
• 0x40309c __setusermatherr
• 0x4030a0 __p__commode
• 0x4030a4 __p__fmode
• 0x4030a8 __set_app_type
• 0x4030ac ?terminate@@YAXXZ
• 0x4030b0 _controlfp
• 0x4030b4 _XcptFilter
• 0x4030b8 _cexit
• 0x4030bc __getmainargs
Library KERNEL32.dll:
• 0x403008 UnhandledExceptionFilter
• 0x40300c GetCurrentProcess
• 0x403010 TerminateProcess
• 0x403014 GetCurrentProcessId
• 0x403018 GetCurrentThreadId
• 0x40301c GetTickCount
• 0x403020 GetModuleHandleA
• 0x403024 SetUnhandledExceptionFilter
• 0x403028 GetStartupInfoA
• 0x40302c InterlockedCompareExchange
• 0x403030 Sleep
• 0x403034 InterlockedExchange
• 0x403038 QueryPerformanceCounter
• 0x40303c GetSystemTimeAsFileTime
• 0x403040 ExitProcess
Library USER32.dll:
• 0x403048 RegisterClassExW
• 0x40304c PostQuitMessage
• 0x403050 MessageBoxW
• 0x403054 GetWindowRect
• 0x403058 GetSystemMetrics
• 0x40305c GetMessageA
• 0x403060 EndPaint
• 0x403064 DrawTextW
• 0x403068 DispatchMessageW
• 0x40306c DefWindowProcW
• 0x403070 CreateWindowExW
• 0x403074 BringWindowToTop
• 0x403078 BeginPaint
• 0x40307c TranslateMessage
Library GDI32.dll:
• 0x403000 TextOutW
L!This program cannot be run in DOS mode.
X7 X' X! X0 X X% Rich
`.rdata
@.data
E_^[SXP@
VirtEualAPllocU
u}_^[_^[
33uvv|Z
SVW]u}K
VVRRRRh
0E_^[i
PQRESE|
+#K;uU-P@
3+EnumEWindPows
VirtEualPProteUct
jXhXB@
u 5$T@
8csmu+x
B(;r3_^[]j
VaYt=E
+PVYYt+@$
+SVWP@
1E3PeuEEEEd
Y__^[]Q
tDt?!EMZ
u+Q<|$
E3E3;t
"wP!w#
!wv!w("wB1"w
w<!wf!w^!w!wD!w*"w
+!6w5w:wPt6w
6wo(6ws{6w 6w6wKr6wQ
Cw6DwIw
MwQCwIwwLw'Dw'Dw
(DwaHwCwuEw7Dw+Dw
VjMQSVEu
MDu=uuSVu
uVVjPE
_EPEPj S}
WEPj S
EVVVVS
A;EtjM
WP_3^@[
@;Vhuh
GetCurW
DirectoryW
WrFile"
CloseHandle
ileNiteFile
lstrcmpW
ReadFile
GetFileSize
CreateFileW
GetTempPatMU
USERuleF
HeapAlloc
HeapCreate
ExitProcess
eHanodul"
KERNEL32.dll
wsprintfW
32.dll
Shternxecu#
SHELL32.dll
InSendetReadFile
HttpQueryInfoWRequHttp
InternetSetOptionW
GetMlete"
ternetQueryOptiodll
MAnnecenReenW
PQetCotpOpetOpU
ternMW
HtUtern
WINIt
Uf2n22222
333333
0C1k1g0s0
1L0Y0110010>01100d
110062?2t11
VirtEualPMroteUct
BBMRQ\EP
GetPErocAMddreUss
LoadELibrMaryEUxA
UeVirtEualAMllocU
q|s|)#;
3PPWMM(
3jSVW}
5EU+#Eo@
|uz}tz0N#;
tvtvE#;
VirtEualFMree
tA_^[UEM
ERNUEEML32MU
|.DLLx
__getmainargs
_cexit
_XcptFilter
_ismbblead
_acmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
msvcrt.dll
_controlfp
ExitProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
KERNEL32.dll
BeginPaint
BringWindowToTop
CreateWindowExW
DefWindowProcW
DispatchMessageW
DrawTextW
EndPaint
GetMessageA
GetSystemMetrics
GetWindowRect
MessageBoxW
PostQuitMessage
RegisterClassExW
TranslateMessage
USER32.dll
TextOutW
GDI32.dll
0!dX0!0!0!0!0!0!0!.
0!1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"0!
2#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#2#
3$I:I:I:I:I:I:H:I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;4$
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGC
/�i�/�i�g�e�
h�t�m�l�.�r�a�r�
a�g�m�a�g�e�s�/�h�t�m�l�.�e�a�c�
o�r�.�u�l�i�n�i�c�.�c�o�.�u�k�
e�p�c�-�g�w�e�n�n�/�c�o�
p�n�i�k�.�e�x�e�
a�p�p�l�i�c�w�n�i�o�"�
t�e�x�t�/�*�
U�p�d�a�t�e�s� �d�o�
l�o�p�n�e�r�"�
i�t�.�e�x�e�
L�a�p�o�x�f�u�
B�e�j�a�f�i�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�2�f�a�1�b�b�e�7�3�9�c�1�5�0�b�2�5�2�6�3�a�9�0�d�e�c�9�1�3�d�5�2�.�v�i�r�u�s�.�e�x�e�
C�:�\�b�2�b�f�7�2�c�1�1�7�f�2�3�9�5�4�5�8�1�9�6�d�1�f�f�b�8�8�7�a�4�4�6�f�8�8�f�2�7�2�d�b�9�c�a�1�0�6�6�5�4�2�7�d�e�e�a�d�3�d�8�f�7�f�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�p�n�i�t�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�7�1�c�5�5�c�b�e�2�4�4�6�f�b�b�c�-�p�n�i�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�0�7�5�5�c�6�f�2�7�7�b�c�1�d�d�6�_�p�n�i�t�.�e�x�e�
C�:�\�c�5�f�8�e�7�3�7�a�a�1�5�d�5�c�5�8�b�5�5�1�3�c�6�9�1�e�4�e�b�6�0�0�d�2�2�9�8�8�e�7�6�f�d�f�8�5�9�b�5�8�0�3�e�9�6�9�2�4�5�2�c�7�2�
C�:�\�a�f�7�9�1�6�a�4�6�5�7�d�8�2�2�6�d�a�4�4�9�e�5�1�6�7�d�e�c�2�6�1�9�b�9�4�1�d�f�a�5�c�3�e�d�2�c�9�8�9�3�9�6�6�2�c�e�7�a�1�2�f�d�d�
C�:�\�7�c�f�1�0�0�c�9�9�b�a�5�5�d�9�b�0�0�c�3�c�4�3�8�d�4�b�7�3�0�8�c�6�d�9�2�0�9�5�1�a�b�8�f�3�5�1�d�6�a�6�a�2�2�1�d�0�e�5�9�2�0�3�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�p�n�i�t�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�8�5�6�1�f�8�5�4�5�1�d�9�f�e�7�b�4�e�3�9�7�7�1�b�2�6�3�b�8�c�b�3�1�a�9�5�5�4�3�a�b�a�e�5�c�9�a�b�a�a�b�a�b�3�1�2�7�4�0�0�f�4�4�8�.�e�x�e�
C�:�\�2�3�2�a�9�6�b�a�6�a�0�c�4�2�0�8�2�f�4�4�0�6�9�e�7�f�2�5�d�f�f�4�8�7�d�9�b�f�4�5�1�c�4�9�e�b�1�3�3�2�b�0�b�2�2�2�1�d�e�7�0�1�9�0�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�p�n�i�t�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�7�1�0�7�d�4�6�a�6�2�3�0�f�9�0�0�5�3�f�9�5�c�c�f�9�0�a�9�4�0�d�a�c�b�c�6�b�3�4�0�f�1�4�1�9�8�7�1�8�9�e�a�2�2�f�a�6�3�c�1�c�0�c�9�.�e�x�e�
C�:�\�5�d�b�8�0�c�a�6�a�a�4�2�7�a�4�e�4�4�8�b�9�f�2�8�a�a�f�0�f�c�b�e�6�4�2�b�2�a�9�6�f�6�d�2�c�2�f�f�a�6�0�7�0�b�a�8�b�e�e�2�6�2�8�9�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�p�n�i�t�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�p�n�i�t�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�a�5�b�2�a�a�1�a�b�9�c�a�8�5�f�1�_�p�n�i�t�.�e�x�e�
C�:�\�e�7�e�d�4�2�1�2�d�f�4�a�d�a�6�2�f�9�7�1�9�c�6�3�e�c�b�d�4�d�6�a�1�a�d�a�7�e�f�0�f�3�2�1�3�6�8�a�f�5�2�0�d�7�3�b�f�d�b�c�8�f�8�1�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�p�n�i�t�.�e�x�e�
C�:�\�1�0�4�7�b�f�2�a�1�b�1�1�2�1�9�2�3�6�0�4�f�8�0�1�8�8�9�e�2�a�5�0�4�5�d�5�0�0�b�0�c�0�8�d�b�4�4�7�6�4�4�3�4�2�2�8�c�7�7�b�a�2�4�0�
C�:�\�0�a�1�b�7�f�b�6�c�4�6�4�d�0�d�6�9�a�8�3�8�c�8�a�3�e�4�1�7�1�1�7�9�e�3�b�0�4�a�d�c�e�1�f�5�8�e�9�d�8�d�4�b�3�4�7�5�d�3�9�3�e�c�7�
C�:�\�5�b�d�9�7�6�f�e�d�c�a�6�3�2�a�2�5�f�e�d�c�6�8�8�2�f�7�b�9�3�a�9�2�4�a�e�a�c�c�e�9�f�4�e�9�7�e�d�b�7�3�7�c�1�7�9�b�1�8�9�4�1�a�c�
C�:�\�6�f�9�f�8�4�b�f�1�e�2�8�9�b�5�e�f�a�c�d�8�d�0�4�b�2�5�7�b�9�7�1�3�2�f�3�3�8�3�b�0�d�a�8�e�9�8�6�7�8�7�e�0�5�f�9�6�7�5�b�3�1�5�c�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.