2.0
低危
24 个模型检测该样本为恶意!
重新分析
更多

8558dd30c98173365158628ae8e70961ece4e3f5d92fdab8cb392f95d35534e1

97efda236eefef4079065532e36f747b.exe

分析耗时

80s

最近分析

文件大小

2.6MB
静态报毒 动态报毒 AI SCORE=99 AIDETECT ARTEMIS CLOUD CONFIDENCE GENERIC PUA MJ MALWARE1 MALWARE@#3UVXPQJ57MN1F R002H07E821 RO0@AWUSNYJ SUSGEN UEUQCDP0U90 UNSAFE WACAPEW ZEMSILF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!97EFDA236EEF 20210504 6.0.6.653
CrowdStrike win/malicious_confidence_60% (W) 20210203 1.0
Baidu 20190318 1.0.0.2
Alibaba 20190527 0.3.0.5
Kingsoft 20210510 2017.9.26.565
Tencent 20210510 1.0.0.1
Avast Win32:Malware-gen 20210510 21.1.5827.0
静态指标
This executable has a PDB path (1 个事件)
pdb_path d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (7 个事件)
Time & API Arguments Status Return Repeated
1620985513.639841
NtProtectVirtualMemory
process_identifier: 732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75121000
success 0 0
1620985513.858841
NtProtectVirtualMemory
process_identifier: 732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75101000
success 0 0
1620985514.623841
NtProtectVirtualMemory
process_identifier: 732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77711000
success 0 0
1620985514.623841
NtProtectVirtualMemory
process_identifier: 732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76241000
success 0 0
1620985514.623841
NtProtectVirtualMemory
process_identifier: 732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76121000
success 0 0
1620985515.030841
NtProtectVirtualMemory
process_identifier: 732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74fe1000
success 0 0
1620985515.030841
NtProtectVirtualMemory
process_identifier: 732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76881000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 24 AntiVirus engines on VirusTotal as malicious (24 个事件)
Bkav W32.AIDetect.malware1
McAfee Artemis!97EFDA236EEF
Cylance Unsafe
CrowdStrike win/malicious_confidence_60% (W)
Symantec Trojan.Gen.MBT
APEX Malicious
Paloalto generic.ml
Kaspersky UDS:DangerousObject.Multi.Generic
Rising Trojan.Agent!8.B1E (CLOUD)
Comodo Malware@#3uvxpqj57mn1f
Sophos Generic PUA MJ (PUA)
Webroot W32.Malware.Gen
MAX malware (ai score=99)
Microsoft Program:Win32/Wacapew.C!ml
AegisLab Trojan.Multi.Generic.4!c
AhnLab-V3 Trojan/Win32.Generic.C3017041
BitDefenderTheta Gen:NN.ZemsilF.34688.ro0@aWUsNYj
Malwarebytes Malware.AI.4184289236
TrendMicro-HouseCall TROJ_GEN.R002H07E821
Yandex Trojan.Agent!ueUqCDp0u90
Fortinet W32/Agent!tr
MaxSecure Trojan.Malware.1728101.susgen
AVG Win32:Malware-gen
Avast Win32:Malware-gen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2013-12-01 16:08:23

Imports

Library COMCTL32.dll:
Library SHLWAPI.dll:
0x427288 SHAutoComplete
Library KERNEL32.dll:
0x427064 ReadFile
0x427068 GetFileAttributesW
0x42706c SetFileAttributesW
0x427070 FindNextFileW
0x427074 GetFullPathNameW
0x427078 GetModuleFileNameW
0x42707c FindResourceW
0x427080 GetModuleHandleW
0x427084 FreeLibrary
0x427088 GetProcAddress
0x42708c LoadLibraryW
0x427090 GetCurrentProcessId
0x427094 GetLocaleInfoW
0x427098 GetNumberFormatW
0x4270a0 WaitForSingleObject
0x4270a8 GetDateFormatW
0x4270ac GetTimeFormatW
0x4270b8 GetExitCodeProcess
0x4270bc GetTempPathW
0x4270c0 MoveFileExW
0x4270c4 Sleep
0x4270c8 UnmapViewOfFile
0x4270cc MapViewOfFile
0x4270d0 GetCommandLineW
0x4270d4 CreateFileMappingW
0x4270d8 GetTickCount
0x4270e0 OpenFileMappingW
0x4270e4 CreateThread
0x4270f4 ReleaseSemaphore
0x4270f8 ResetEvent
0x427100 SetEvent
0x427104 SetThreadPriority
0x42710c CreateEventW
0x427110 CreateSemaphoreW
0x427118 GetSystemTime
0x427120 WideCharToMultiByte
0x427124 MultiByteToWideChar
0x427128 CompareStringW
0x42712c IsDBCSLeadByte
0x427130 FindFirstFileW
0x427134 GetFileType
0x42713c WriteConsoleW
0x427140 GetConsoleOutputCP
0x427144 WriteConsoleA
0x427148 SetStdHandle
0x42714c GetLocaleInfoA
0x427150 GetStringTypeW
0x427154 GetStringTypeA
0x427158 LoadLibraryA
0x42715c GetConsoleMode
0x427160 GetConsoleCP
0x42716c SetHandleCount
0x427180 LCMapStringW
0x427184 LCMapStringA
0x427188 IsValidCodePage
0x42718c GetOEMCP
0x427190 GetACP
0x427194 GetModuleFileNameA
0x427198 ExitProcess
0x42719c HeapSize
0x4271a0 IsDebuggerPresent
0x4271ac TerminateProcess
0x4271b0 VirtualAlloc
0x4271b4 VirtualFree
0x4271b8 HeapCreate
0x4271c0 GetCurrentThreadId
0x4271c8 TlsFree
0x4271cc TlsSetValue
0x4271d0 TlsAlloc
0x4271d4 TlsGetValue
0x4271d8 GetStartupInfoA
0x4271dc GetCommandLineA
0x4271e0 RaiseException
0x4271e8 SetEndOfFile
0x4271ec SetFilePointer
0x4271f0 GetStdHandle
0x4271f4 WriteFile
0x4271f8 FlushFileBuffers
0x4271fc GetLongPathNameW
0x427200 MoveFileW
0x427204 GetShortPathNameW
0x427208 CreateDirectoryW
0x42720c RemoveDirectoryW
0x427210 GlobalAlloc
0x427214 DeleteFileW
0x427218 FindClose
0x42721c CreateFileW
0x427220 DeviceIoControl
0x427224 SetFileTime
0x427228 GetCurrentProcess
0x42722c CloseHandle
0x427230 CreateHardLinkW
0x427234 SetLastError
0x427238 GetLastError
0x427240 CreateFileA
0x427244 GetCPInfo
0x427248 HeapAlloc
0x42724c HeapReAlloc
0x427250 HeapFree
0x427254 RtlUnwind
Library USER32.dll:
0x427290 EnableWindow
0x427294 ShowWindow
0x427298 GetDlgItem
0x42729c MessageBoxW
0x4272a0 FindWindowExW
0x4272a4 GetParent
0x4272a8 MapWindowPoints
0x4272ac CreateWindowExW
0x4272b0 UpdateWindow
0x4272b4 LoadCursorW
0x4272b8 RegisterClassExW
0x4272bc DefWindowProcW
0x4272c0 DestroyWindow
0x4272c4 CopyRect
0x4272c8 IsWindow
0x4272cc CharUpperW
0x4272d0 OemToCharBuffA
0x4272d4 LoadIconW
0x4272d8 PostMessageW
0x4272dc GetSysColor
0x4272e0 SetForegroundWindow
0x4272e4 WaitForInputIdle
0x4272e8 IsWindowVisible
0x4272ec DialogBoxParamW
0x4272f0 DestroyIcon
0x4272f4 SetFocus
0x4272f8 GetClassNameW
0x4272fc SendDlgItemMessageW
0x427300 EndDialog
0x427304 GetDlgItemTextW
0x427308 SetDlgItemTextW
0x42730c wvsprintfW
0x427310 SendMessageW
0x427314 GetDC
0x427318 ReleaseDC
0x42731c PeekMessageW
0x427320 GetMessageW
0x427324 TranslateMessage
0x427328 DispatchMessageW
0x42732c LoadStringW
0x427330 GetWindowRect
0x427334 GetClientRect
0x427338 SetWindowPos
0x42733c GetWindowTextW
0x427340 SetWindowTextW
0x427344 GetSystemMetrics
0x427348 GetWindow
0x42734c GetWindowLongW
0x427350 SetWindowLongW
0x427354 LoadBitmapW
Library GDI32.dll:
0x427040 GetDeviceCaps
0x427044 CreateCompatibleDC
0x427048 GetObjectW
0x427050 SelectObject
0x427054 StretchBlt
0x427058 DeleteDC
0x42705c DeleteObject
Library COMDLG32.dll:
0x427030 GetSaveFileNameW
0x427038 GetOpenFileNameW
Library ADVAPI32.dll:
0x427000 RegOpenKeyExW
0x427004 RegQueryValueExW
0x427008 RegCreateKeyExW
0x42700c RegSetValueExW
0x427010 RegCloseKey
0x427014 SetFileSecurityW
0x427018 OpenProcessToken
Library SHELL32.dll:
0x427264 SHChangeNotify
0x427268 SHGetFileInfoW
0x42726c SHGetMalloc
0x427278 SHBrowseForFolderW
0x42727c ShellExecuteExW
0x427280 SHFileOperationW
Library ole32.dll:
0x42735c CLSIDFromString
0x427360 CoCreateInstance
0x427364 OleInitialize
0x427368 OleUninitialize
Library OLEAUT32.dll:
0x42725c VariantInit

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.