5.4
中危
50 个模型检测该样本为恶意!
重新分析
更多

6fd0a04c0f0097c81deea7eed8ca5a4771411ab17232ecb13d75802373f29763

97c9bc5f54925b20fb7d1c8620fe2340.exe

分析耗时

109s

最近分析

文件大小

1.8MB
静态报毒 动态报毒 100% AI SCORE=86 ATTRIBUTE CLOUD CONFIDENCE CQJPW DELF DELFINJECT FAREIT GDSDA GENCIRC HACKTOOL HEDG HFQY HIGH CONFIDENCE HIGHCONFIDENCE KRAP KRYPTIK MALICIOUS PE QVVE R002C0WHI20 R348220 SCORE UNSAFE WACATAC ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FVP!97C9BC5F5492 20200827 6.0.6.653
Alibaba Trojan:Win32/DelfInject.5de947ff 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20200827 18.4.3895.0
Tencent Malware.Win32.Gencirc.10cdeb60 20200827 1.0.0.1
Kingsoft 20200827 2013.8.14.323
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620808743.922625
NtAllocateVirtualMemory
process_identifier: 1940
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004f0000
success 0 0
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1620808763.265625
NtProtectVirtualMemory
process_identifier: 1940
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 40960
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffff
base_address: 0x033f1000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Disables proxy possibly for traffic interception (1 个事件)
Time & API Arguments Status Return Repeated
1620808778.390625
RegSetValueExA
key_handle: 0x000002c8
value: 0
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
success 0 0
File has been identified by 50 AntiVirus engines on VirusTotal as malicious (50 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Zusy.311456
FireEye Generic.mg.97c9bc5f54925b20
CAT-QuickHeal Trojan.Wacatac
McAfee Fareit-FVP!97C9BC5F5492
Cylance Unsafe
Zillya Downloader.Delf.Win32.59697
Sangfor Malware
K7AntiVirus Trojan-Downloader ( 0056ca9c1 )
Alibaba Trojan:Win32/DelfInject.5de947ff
K7GW Trojan-Downloader ( 0056ca9c1 )
Arcabit Trojan.Zusy.D4C0A0
TrendMicro TROJ_GEN.R002C0WHI20
Cyren W32/Trojan.HEDG-0582
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:HackTool.Win32.Agent.gen
BitDefender Gen:Variant.Zusy.311456
ViRobot Trojan.Win32.Z.Zusy.1836484
Avast Win32:Malware-gen
Tencent Malware.Win32.Gencirc.10cdeb60
Ad-Aware Gen:Variant.Zusy.311456
Sophos Mal/Generic-S
F-Secure Trojan.TR/Dldr.Delf.cqjpw
DrWeb Trojan.PWS.Spy.21482
VIPRE Trojan.Win32.Generic!BT
Emsisoft Gen:Variant.Zusy.311456 (B)
Ikarus Packed.Win32.Krap
Jiangmin AdWare.Generic.qvve
Avira TR/Dldr.Delf.cqjpw
Antiy-AVL Trojan[Downloader]/Win32.Delf
Microsoft Trojan:Win32/DelfInject.PND!MTB
ZoneAlarm HEUR:HackTool.Win32.Agent.gen
GData Gen:Variant.Zusy.311456
Cynet Malicious (score: 85)
AhnLab-V3 Trojan/Win32.DownLoader.R348220
ALYac Gen:Variant.Zusy.311456
MAX malware (ai score=86)
Malwarebytes Trojan.MalPack.DLF
Zoner Trojan.Win32.92359
ESET-NOD32 a variant of Win32/Kryptik.HFQY
TrendMicro-HouseCall TROJ_GEN.R002C0WHI20
Rising Downloader.Delf!8.16F (CLOUD)
SentinelOne DFI - Malicious PE
Fortinet W32/Delf.CZO!tr
AVG Win32:Malware-gen
Panda Trj/GdSda.A
CrowdStrike win/malicious_confidence_100% (D)
Qihoo-360 Win32/Trojan.Hacktool.ccf
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.24.14:443
dead_host 216.58.200.46:443
dead_host 31.13.75.5:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library oleaut32.dll:
0x4ab81c SysFreeString
0x4ab820 SysReAllocStringLen
0x4ab824 SysAllocStringLen
Library advapi32.dll:
0x4ab82c RegQueryValueExA
0x4ab830 RegOpenKeyExA
0x4ab834 RegCloseKey
Library user32.dll:
0x4ab83c GetKeyboardType
0x4ab840 DestroyWindow
0x4ab844 LoadStringA
0x4ab848 MessageBoxA
0x4ab84c CharNextA
Library kernel32.dll:
0x4ab854 GetACP
0x4ab858 Sleep
0x4ab85c VirtualFree
0x4ab860 VirtualAlloc
0x4ab864 GetTickCount
0x4ab86c GetCurrentThreadId
0x4ab878 VirtualQuery
0x4ab87c WideCharToMultiByte
0x4ab880 MultiByteToWideChar
0x4ab884 lstrlenA
0x4ab888 lstrcpynA
0x4ab88c LoadLibraryExA
0x4ab890 GetThreadLocale
0x4ab894 GetStartupInfoA
0x4ab898 GetProcAddress
0x4ab89c GetModuleHandleA
0x4ab8a0 GetModuleFileNameA
0x4ab8a4 GetLocaleInfoA
0x4ab8a8 GetCommandLineA
0x4ab8ac FreeLibrary
0x4ab8b0 FindFirstFileA
0x4ab8b4 FindClose
0x4ab8b8 ExitProcess
0x4ab8bc CompareStringA
0x4ab8c0 WriteFile
0x4ab8c8 RtlUnwind
0x4ab8cc RaiseException
0x4ab8d0 GetStdHandle
Library kernel32.dll:
0x4ab8d8 TlsSetValue
0x4ab8dc TlsGetValue
0x4ab8e0 LocalAlloc
0x4ab8e4 GetModuleHandleA
Library user32.dll:
0x4ab8ec CreateWindowExA
0x4ab8f0 WindowFromPoint
0x4ab8f4 WaitMessage
0x4ab8f8 UpdateWindow
0x4ab8fc UnregisterClassA
0x4ab900 UnhookWindowsHookEx
0x4ab904 TranslateMessage
0x4ab90c TrackPopupMenu
0x4ab914 ShowWindow
0x4ab918 ShowScrollBar
0x4ab91c ShowOwnedPopups
0x4ab920 ShowCaret
0x4ab924 SetWindowsHookExA
0x4ab928 SetWindowPos
0x4ab92c SetWindowPlacement
0x4ab930 SetWindowLongW
0x4ab934 SetWindowLongA
0x4ab938 SetTimer
0x4ab93c SetScrollRange
0x4ab940 SetScrollPos
0x4ab944 SetScrollInfo
0x4ab948 SetRect
0x4ab94c SetPropA
0x4ab950 SetParent
0x4ab954 SetMenuItemInfoA
0x4ab958 SetMenu
0x4ab95c SetForegroundWindow
0x4ab960 SetFocus
0x4ab964 SetCursor
0x4ab968 SetClipboardData
0x4ab96c SetClassLongA
0x4ab970 SetCapture
0x4ab974 SetActiveWindow
0x4ab978 SendMessageW
0x4ab97c SendMessageA
0x4ab980 ScrollWindow
0x4ab984 ScreenToClient
0x4ab988 RemovePropA
0x4ab98c RemoveMenu
0x4ab990 ReleaseDC
0x4ab994 ReleaseCapture
0x4ab9a0 RegisterClassA
0x4ab9a4 RedrawWindow
0x4ab9a8 PtInRect
0x4ab9ac PostQuitMessage
0x4ab9b0 PostMessageA
0x4ab9b4 PeekMessageW
0x4ab9b8 PeekMessageA
0x4ab9bc OpenClipboard
0x4ab9c0 OffsetRect
0x4ab9c4 OemToCharA
0x4ab9c8 NotifyWinEvent
0x4ab9cc MessageBoxA
0x4ab9d0 MessageBeep
0x4ab9d4 MapWindowPoints
0x4ab9d8 MapVirtualKeyA
0x4ab9dc LoadStringA
0x4ab9e0 LoadKeyboardLayoutA
0x4ab9e4 LoadIconA
0x4ab9e8 LoadCursorA
0x4ab9ec LoadBitmapA
0x4ab9f0 KillTimer
0x4ab9f4 IsZoomed
0x4ab9f8 IsWindowVisible
0x4ab9fc IsWindowUnicode
0x4aba00 IsWindowEnabled
0x4aba04 IsWindow
0x4aba08 IsRectEmpty
0x4aba0c IsIconic
0x4aba10 IsDialogMessageW
0x4aba14 IsDialogMessageA
0x4aba18 IsChild
0x4aba1c InvalidateRect
0x4aba20 IntersectRect
0x4aba24 InsertMenuItemA
0x4aba28 InsertMenuA
0x4aba2c InflateRect
0x4aba30 HideCaret
0x4aba38 GetWindowTextA
0x4aba3c GetWindowRect
0x4aba40 GetWindowPlacement
0x4aba44 GetWindowLongW
0x4aba48 GetWindowLongA
0x4aba4c GetWindowDC
0x4aba50 GetTopWindow
0x4aba54 GetSystemMetrics
0x4aba58 GetSystemMenu
0x4aba5c GetSysColorBrush
0x4aba60 GetSysColor
0x4aba64 GetSubMenu
0x4aba68 GetScrollRange
0x4aba6c GetScrollPos
0x4aba70 GetScrollInfo
0x4aba74 GetPropA
0x4aba78 GetParent
0x4aba7c GetWindow
0x4aba80 GetMessagePos
0x4aba84 GetMenuStringA
0x4aba88 GetMenuState
0x4aba8c GetMenuItemInfoA
0x4aba90 GetMenuItemID
0x4aba94 GetMenuItemCount
0x4aba98 GetMenu
0x4aba9c GetLastActivePopup
0x4abaa0 GetKeyboardState
0x4abaac GetKeyboardLayout
0x4abab0 GetKeyState
0x4abab4 GetKeyNameTextA
0x4abab8 GetIconInfo
0x4ababc GetForegroundWindow
0x4abac0 GetFocus
0x4abac4 GetDesktopWindow
0x4abac8 GetDCEx
0x4abacc GetDC
0x4abad0 GetCursorPos
0x4abad4 GetCursor
0x4abad8 GetClipboardData
0x4abadc GetClientRect
0x4abae0 GetClassLongA
0x4abae4 GetClassInfoA
0x4abae8 GetCapture
0x4abaec GetActiveWindow
0x4abaf0 FrameRect
0x4abaf4 FindWindowA
0x4abaf8 FillRect
0x4abafc EqualRect
0x4abb00 EnumWindows
0x4abb04 EnumThreadWindows
0x4abb08 EnumChildWindows
0x4abb0c EndPaint
0x4abb10 EnableWindow
0x4abb14 EnableScrollBar
0x4abb18 EnableMenuItem
0x4abb1c EmptyClipboard
0x4abb20 DrawTextA
0x4abb24 DrawStateA
0x4abb28 DrawMenuBar
0x4abb2c DrawIconEx
0x4abb30 DrawIcon
0x4abb34 DrawFrameControl
0x4abb38 DrawEdge
0x4abb3c DispatchMessageW
0x4abb40 DispatchMessageA
0x4abb44 DestroyWindow
0x4abb48 DestroyMenu
0x4abb4c DestroyIcon
0x4abb50 DestroyCursor
0x4abb54 DeleteMenu
0x4abb58 DefWindowProcA
0x4abb5c DefMDIChildProcA
0x4abb60 DefFrameProcA
0x4abb64 CreatePopupMenu
0x4abb68 CreateMenu
0x4abb6c CreateIcon
0x4abb70 CloseClipboard
0x4abb74 ClientToScreen
0x4abb78 CheckMenuItem
0x4abb7c CharNextW
0x4abb80 CallWindowProcA
0x4abb84 CallNextHookEx
0x4abb88 BeginPaint
0x4abb8c CharNextA
0x4abb90 CharLowerBuffA
0x4abb94 CharLowerA
0x4abb98 CharUpperBuffA
0x4abb9c CharToOemA
0x4abba0 AdjustWindowRectEx
Library gdi32.dll:
0x4abbac UnrealizeObject
0x4abbb0 StretchBlt
0x4abbb4 SetWindowOrgEx
0x4abbb8 SetWinMetaFileBits
0x4abbbc SetViewportOrgEx
0x4abbc0 SetTextColor
0x4abbc4 SetStretchBltMode
0x4abbc8 SetROP2
0x4abbcc SetPixel
0x4abbd0 SetEnhMetaFileBits
0x4abbd4 SetDIBColorTable
0x4abbd8 SetBrushOrgEx
0x4abbdc SetBkMode
0x4abbe0 SetBkColor
0x4abbe4 SelectPalette
0x4abbe8 SelectObject
0x4abbec SaveDC
0x4abbf0 RestoreDC
0x4abbf4 Rectangle
0x4abbf8 RectVisible
0x4abbfc RealizePalette
0x4abc00 Polyline
0x4abc04 Polygon
0x4abc08 PlayEnhMetaFile
0x4abc0c PatBlt
0x4abc10 MoveToEx
0x4abc14 MaskBlt
0x4abc18 LineTo
0x4abc1c IntersectClipRect
0x4abc20 GetWindowOrgEx
0x4abc24 GetWinMetaFileBits
0x4abc28 GetTextMetricsA
0x4abc2c GetTextExtentPointA
0x4abc34 GetTextAlign
0x4abc3c GetStockObject
0x4abc40 GetRgnBox
0x4abc44 GetROP2
0x4abc48 GetPolyFillMode
0x4abc4c GetPixel
0x4abc50 GetPaletteEntries
0x4abc54 GetObjectA
0x4abc60 GetEnhMetaFileBits
0x4abc64 GetDeviceCaps
0x4abc68 GetDIBits
0x4abc6c GetDIBColorTable
0x4abc70 GetDCOrgEx
0x4abc78 GetClipBox
0x4abc7c GetBrushOrgEx
0x4abc80 GetBitmapBits
0x4abc84 GdiFlush
0x4abc88 ExcludeClipRect
0x4abc8c DeleteObject
0x4abc90 DeleteEnhMetaFile
0x4abc94 DeleteDC
0x4abc98 CreateSolidBrush
0x4abc9c CreatePenIndirect
0x4abca0 CreatePalette
0x4abca8 CreateFontIndirectA
0x4abcac CreateDIBitmap
0x4abcb0 CreateDIBSection
0x4abcb4 CreateCompatibleDC
0x4abcbc CreateBrushIndirect
0x4abcc0 CreateBitmap
0x4abcc4 CopyEnhMetaFileA
0x4abcc8 BitBlt
Library version.dll:
0x4abcd0 VerQueryValueA
0x4abcd8 GetFileVersionInfoA
Library kernel32.dll:
0x4abce0 lstrcpyA
0x4abce4 lstrcmpiA
0x4abce8 WriteFile
0x4abcec WaitForSingleObject
0x4abcf0 VirtualQuery
0x4abcf4 VirtualProtect
0x4abcf8 VirtualAlloc
0x4abcfc SizeofResource
0x4abd00 SetThreadLocale
0x4abd04 SetFilePointer
0x4abd08 SetEvent
0x4abd0c SetErrorMode
0x4abd10 SetEndOfFile
0x4abd14 ResetEvent
0x4abd18 ReadFile
0x4abd1c MultiByteToWideChar
0x4abd20 MulDiv
0x4abd24 LockResource
0x4abd28 LoadResource
0x4abd2c LoadLibraryA
0x4abd38 GlobalUnlock
0x4abd3c GlobalLock
0x4abd40 GlobalFree
0x4abd44 GlobalFindAtomA
0x4abd48 GlobalDeleteAtom
0x4abd4c GlobalAlloc
0x4abd50 GlobalAddAtomA
0x4abd54 GetVersionExA
0x4abd58 GetVersion
0x4abd5c GetTickCount
0x4abd60 GetThreadLocale
0x4abd64 GetStdHandle
0x4abd68 GetProcAddress
0x4abd6c GetModuleHandleA
0x4abd70 GetModuleFileNameA
0x4abd74 GetLocaleInfoA
0x4abd78 GetLocalTime
0x4abd7c GetLastError
0x4abd80 GetFullPathNameA
0x4abd84 GetFileAttributesA
0x4abd88 GetDiskFreeSpaceA
0x4abd8c GetDateFormatA
0x4abd90 GetCurrentThreadId
0x4abd94 GetCurrentProcessId
0x4abd98 GetCPInfo
0x4abd9c FreeResource
0x4abda0 InterlockedExchange
0x4abda4 FreeLibrary
0x4abda8 FormatMessageA
0x4abdac FindResourceA
0x4abdb0 EnumCalendarInfoA
0x4abdb8 DeleteFileA
0x4abdc0 CreateThread
0x4abdc4 CreateFileA
0x4abdc8 CreateEventA
0x4abdcc CompareStringA
0x4abdd0 CloseHandle
Library advapi32.dll:
0x4abdd8 RegQueryValueExA
0x4abddc RegOpenKeyExA
0x4abde0 RegFlushKey
0x4abde4 RegCloseKey
Library oleaut32.dll:
0x4abdec GetErrorInfo
0x4abdf0 VariantInit
0x4abdf4 SysFreeString
Library ole32.dll:
0x4abdfc CoUninitialize
0x4abe00 CoInitialize
Library kernel32.dll:
0x4abe08 Sleep
Library oleaut32.dll:
0x4abe10 SafeArrayPtrOfIndex
0x4abe14 SafeArrayPutElement
0x4abe18 SafeArrayGetElement
0x4abe20 SafeArrayAccessData
0x4abe24 SafeArrayGetUBound
0x4abe28 SafeArrayGetLBound
0x4abe2c SafeArrayCreate
0x4abe30 VariantChangeType
0x4abe34 VariantCopyInd
0x4abe38 VariantCopy
0x4abe3c VariantClear
0x4abe40 VariantInit
Library comctl32.dll:
0x4abe48 _TrackMouseEvent
0x4abe54 ImageList_Write
0x4abe58 ImageList_Read
0x4abe64 ImageList_DragMove
0x4abe68 ImageList_DragLeave
0x4abe6c ImageList_DragEnter
0x4abe70 ImageList_EndDrag
0x4abe74 ImageList_BeginDrag
0x4abe78 ImageList_Remove
0x4abe7c ImageList_DrawEx
0x4abe80 ImageList_Replace
0x4abe84 ImageList_Draw
0x4abe90 ImageList_Add
0x4abe98 ImageList_Destroy
0x4abe9c ImageList_Create
Library winmm.dll:
0x4abea4 sndPlaySoundA
Library UrL:
0x4abeac InetIsOffline
Library oleacc.dll:
0x4abeb4 LresultFromObject

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57236 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.