5.2
中危
51 个模型检测该样本为恶意!
重新分析
更多

051329b4ccb54a317d1e02d5912585c21fc887fe551ae3e3a97c671aa50bb55b

977db42b45c4774b224ceb63ef0fce57.exe

分析耗时

89s

最近分析

文件大小

220.5KB
静态报毒 动态报毒 AI SCORE=81 ATTRIBUTE BLUTEAL EMOTET ESCI GDSDA GENCIRC GENERICRXLY GENKRYPTIK GGHHQVCMC1H HIGH CONFIDENCE HIGHCONFIDENCE HWLEPL ICEDID IVHO KCLOUD KRYPT KRYPTIK MALWARE@#349VMQTEI0K7C NU0@AYQMLVGI P99HEFSKFQS PACK PHOTODLDER SCORE SLEPAK SUSGEN THIAIBO TROJDOWNLOADER UNSAFE UPATRE WACATAC WDON WDONJ XZJP ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXLY-LA!977DB42B45C4 20201228 6.0.6.653
Baidu 20190318 1.0.0.2
Alibaba TrojanDownloader:Win32/Upatre.0a8a1eb6 20190527 0.3.0.5
Avast Win32:Trojan-gen 20201230 21.1.5827.0
Tencent Malware.Win32.Gencirc.11aeae34 20201228 1.0.0.1
Kingsoft Win32.TrojDownloader.Upatre.iv.(kcloud) 20201228 2017.9.26.565
CrowdStrike 20190702 1.0
静态指标
This executable has a PDB path (1 个事件)
pdb_path c:\Stop\party\82\77\41\Noise\20\64\97\cutinterest.pdb
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620830259.785249
GlobalMemoryStatusEx
success 1 0
行为判定
动态指标
Resolves a suspicious Top Level Domain (TLD) (1 个事件)
domain gastellino.top description Generic top level domain TLD
Allocates read-write-execute memory (usually to unpack itself) (4 个事件)
Time & API Arguments Status Return Repeated
1620830259.722249
NtProtectVirtualMemory
process_identifier: 2064
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 16384
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00643000
success 0 0
1620830259.722249
NtAllocateVirtualMemory
process_identifier: 2064
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00340000
success 0 0
1620830259.722249
NtAllocateVirtualMemory
process_identifier: 2064
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00350000
success 0 0
1620830259.722249
NtAllocateVirtualMemory
process_identifier: 2064
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00360000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Generates some ICMP traffic
File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Heur.Pack.Emotet.5
FireEye Generic.mg.977db42b45c4774b
Qihoo-360 Generic/Trojan.d84
McAfee GenericRXLY-LA!977DB42B45C4
Malwarebytes Trojan.Downloader
AegisLab Trojan.Win32.Upatre.a!c
K7AntiVirus Trojan ( 0056e32b1 )
BitDefender Gen:Heur.Pack.Emotet.5
K7GW Trojan ( 0056e32b1 )
Cybereason malicious.b45c47
BitDefenderTheta Gen:NN.ZexaF.34700.nu0@ayqMlVgi
Cyren W32/Trojan.XZJP-6731
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
Kaspersky Trojan-Downloader.Win32.Upatre.ivho
Alibaba TrojanDownloader:Win32/Upatre.0a8a1eb6
NANO-Antivirus Trojan.Win32.Upatre.hwlepl
Avast Win32:Trojan-gen
Tencent Malware.Win32.Gencirc.11aeae34
Ad-Aware Gen:Heur.Pack.Emotet.5
Sophos Mal/Generic-S
Comodo Malware@#349vmqtei0k7c
F-Secure Trojan.TR/AD.PhotoDlder.wdonj
VIPRE Trojan.Win32.Generic!BT
TrendMicro Trojan.Win32.UPATRE.THIAIBO
McAfee-GW-Edition GenericRXLY-LA!977DB42B45C4
Emsisoft Gen:Heur.Pack.Emotet.5 (B)
Ikarus Trojan.Win32.Krypt
Jiangmin Trojan.Slepak.ap
Avira TR/AD.PhotoDlder.wdonj
Kingsoft Win32.TrojDownloader.Upatre.iv.(kcloud)
Microsoft Trojan:Win32/IcedId.DJ!MTB
Gridinsoft Trojan.Win32.Kryptik.oa
ZoneAlarm Trojan-Downloader.Win32.Upatre.ivho
GData Gen:Heur.Pack.Emotet.5
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.Generic.C4204780
ALYac Trojan.IcedID.gen
MAX malware (ai score=81)
VBA32 Trojan.Wacatac
Cylance Unsafe
ESET-NOD32 a variant of Win32/GenKryptik.ESCI
TrendMicro-HouseCall Trojan.Win32.UPATRE.THIAIBO
Rising Trojan.Bluteal!8.EFE7 (TFE:5:ggHHqvcMc1H)
Yandex Trojan.GenKryptik!p99HEFskfQs
Fortinet W32/PhotoDlder.WDON!tr
AVG Win32:Trojan-gen
Panda Trj/GdSda.A
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2015-11-28 07:31:53

Imports

Library KERNEL32.dll:
0x1022060 GlobalAddAtomW
0x1022064 GlobalFlags
0x1022068 WriteFile
0x102206c SetFilePointer
0x1022070 FlushFileBuffers
0x1022074 GetCurrentProcess
0x1022078 GetModuleHandleA
0x102207c GlobalFindAtomW
0x1022080 GetStartupInfoW
0x1022084 HeapAlloc
0x1022088 HeapFree
0x102208c RtlUnwind
0x1022090 RaiseException
0x1022094 HeapReAlloc
0x1022098 HeapSize
0x102209c ExitProcess
0x10220a0 TerminateProcess
0x10220ac IsDebuggerPresent
0x10220b0 GetStdHandle
0x10220b4 GetModuleFileNameA
0x10220c0 GetCommandLineW
0x10220c4 SetHandleCount
0x10220c8 GetFileType
0x10220cc GetStartupInfoA
0x10220d0 HeapCreate
0x10220d4 VirtualFree
0x10220dc GetTickCount
0x10220e4 VirtualAlloc
0x10220ec GetCPInfo
0x10220f0 GetACP
0x10220f4 GetOEMCP
0x10220f8 IsValidCodePage
0x10220fc GetLocaleInfoA
0x1022100 GetConsoleCP
0x1022104 GetConsoleMode
0x1022108 LCMapStringA
0x102210c LCMapStringW
0x1022110 GetStringTypeA
0x1022114 GetStringTypeW
0x1022118 SetStdHandle
0x102211c WriteConsoleA
0x1022120 GetConsoleOutputCP
0x1022124 WriteConsoleW
0x1022128 CreateFileA
0x102212c GlobalDeleteAtom
0x1022130 LoadLibraryW
0x1022134 LoadLibraryA
0x1022138 lstrcmpW
0x102213c GetVersionExA
0x1022140 lstrlenA
0x1022144 lstrcmpA
0x1022148 InterlockedIncrement
0x102214c GetCurrentThreadId
0x1022150 CloseHandle
0x1022154 MultiByteToWideChar
0x1022158 FormatMessageW
0x102215c lstrlenW
0x1022160 WideCharToMultiByte
0x1022164 GetCurrentProcessId
0x1022168 FreeLibrary
0x102216c FindResourceW
0x1022170 LoadResource
0x1022174 LockResource
0x1022178 SizeofResource
0x102217c InterlockedDecrement
0x1022180 GetModuleFileNameW
0x1022184 GetModuleHandleW
0x1022188 GetProcAddress
0x102218c TlsFree
0x1022190 DeleteCriticalSection
0x1022194 LocalReAlloc
0x1022198 TlsSetValue
0x102219c TlsAlloc
0x10221a4 GlobalHandle
0x10221a8 GlobalUnlock
0x10221ac GlobalReAlloc
0x10221b0 GlobalLock
0x10221b4 EnterCriticalSection
0x10221b8 TlsGetValue
0x10221bc LeaveCriticalSection
0x10221c0 LocalFree
0x10221c4 LocalAlloc
0x10221c8 GetLastError
0x10221cc SetLastError
0x10221d0 GetVolumeInformationW
0x10221d4 GetVersion
0x10221d8 GetWindowsDirectoryW
0x10221dc VirtualProtect
0x10221e0 CreateEventW
0x10221e4 CreateSemaphoreW
0x10221e8 GlobalFree
0x10221ec GetCurrentDirectoryW
0x10221f0 FileTimeToSystemTime
0x10221f4 Sleep
0x10221f8 GetLocaleInfoW
0x10221fc GetSystemDirectoryW
0x1022200 GlobalAlloc
Library USER32.dll:
0x1022224 PostQuitMessage
0x1022228 GrayStringW
0x102222c DrawTextExW
0x1022230 DrawTextW
0x1022234 TabbedTextOutW
0x1022238 DestroyMenu
0x102223c ClientToScreen
0x1022240 SetWindowTextW
0x1022248 LoadIconW
0x102224c WinHelpW
0x1022250 GetCapture
0x1022254 GetClassLongW
0x1022258 GetClassNameW
0x102225c SetPropW
0x1022260 GetPropW
0x1022264 RemovePropW
0x1022268 IsWindow
0x102226c GetForegroundWindow
0x1022270 GetDlgItem
0x1022274 GetTopWindow
0x1022278 DestroyWindow
0x102227c GetMessageTime
0x1022280 GetMessagePos
0x1022284 MapWindowPoints
0x1022288 SetMenu
0x102228c SetForegroundWindow
0x1022290 GetClientRect
0x1022294 CreateWindowExW
0x1022298 GetClassInfoW
0x102229c RegisterClassW
0x10222a0 AdjustWindowRectEx
0x10222a4 CopyRect
0x10222a8 PtInRect
0x10222ac GetDlgCtrlID
0x10222b0 DefWindowProcW
0x10222b4 GetMenu
0x10222b8 SetWindowLongW
0x10222bc SetWindowPos
0x10222c0 SystemParametersInfoA
0x10222c4 IsIconic
0x10222c8 GetWindowPlacement
0x10222cc GetWindowRect
0x10222d0 GetWindow
0x10222d4 SetMenuItemBitmaps
0x10222dc CallWindowProcW
0x10222e0 GetCursorPos
0x10222e4 AppendMenuW
0x10222e8 RegisterClassExW
0x10222ec LoadBitmapW
0x10222f0 ModifyMenuW
0x10222f4 EnableMenuItem
0x10222f8 CheckMenuItem
0x10222fc GetWindowTextW
0x1022300 LoadCursorW
0x1022304 GetSystemMetrics
0x1022308 GetDC
0x102230c ReleaseDC
0x1022310 GetSysColor
0x1022314 GetSysColorBrush
0x1022318 SetDlgItemInt
0x102231c GetScrollRange
0x1022320 InsertMenuItemW
0x1022324 GetClassInfoExW
0x1022328 SetFocus
0x102232c GetFocus
0x1022330 GetMessageW
0x1022334 GetDlgItemInt
0x1022338 GetWindowTextLengthW
0x102233c SetCursor
0x1022340 UnhookWindowsHookEx
0x1022344 MessageBoxW
0x1022348 EnableWindow
0x102234c IsWindowEnabled
0x1022350 GetLastActivePopup
0x1022354 GetWindowLongW
0x1022358 GetParent
0x102235c SendMessageW
0x1022364 SetWindowsHookExW
0x1022368 CallNextHookEx
0x102236c DispatchMessageW
0x1022370 GetKeyState
0x1022374 PeekMessageW
0x1022378 ValidateRect
0x102237c GetMenuState
0x1022380 GetMenuItemID
0x1022384 GetMenuItemCount
0x1022388 GetSubMenu
0x102238c PostMessageW
Library OLEAUT32.dll:
0x1022214 VariantInit
0x1022218 VariantClear
0x102221c VariantChangeType
Library VERSION.dll:
0x1022398 VerQueryValueW
0x102239c GetFileVersionInfoW
Library GDI32.dll:
0x1022000 CreateBitmap
0x1022004 GetClipBox
0x1022008 SetTextColor
0x102200c SetBkColor
0x1022010 DeleteObject
0x1022014 ExtTextOutW
0x1022018 SaveDC
0x102201c RestoreDC
0x1022020 GetStockObject
0x1022024 DeleteDC
0x1022028 ScaleWindowExtEx
0x102202c SetWindowExtEx
0x1022030 GetDeviceCaps
0x1022034 ScaleViewportExtEx
0x1022038 SetViewportExtEx
0x102203c OffsetViewportOrgEx
0x1022040 SetViewportOrgEx
0x1022044 SelectObject
0x1022048 Escape
0x102204c TextOutW
0x1022050 RectVisible
0x1022054 PtVisible
0x1022058 SetMapMode
Library WINSPOOL.DRV:
0x10223a4 OpenPrinterW
0x10223a8 DocumentPropertiesW
0x10223ac ClosePrinter
Library OLEACC.dll:
0x1022208 LresultFromObject

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57236 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.