SmartHawk

3.0

中危

62 个模型检测该样本为恶意！

重新分析

下载样本

963f20948111e17170653bec6a0e95c63e46b180581070776672715f35faadff

9860cb754baae84f1cd51ee0a302a867.exe

分析耗时

24s

最近分析

文件大小

1.3MB

静态报毒动态报毒 100% 4K+VHHT5NIS AI SCORE=82 AIDETECTVM ALI2000015 CLASSIC CONFIDENCE DELF DELFINJECT ENIG ENME EWGS FAREIT GENKRYPTIK HIGH CONFIDENCE HTVK HUTXXS KRYPT KRYPTIK MALWARE2 MALWARE@#E3NL6WPBVVYD MASSLOGGER QVM05 R002C0WID20 R351094 SCORE SHW@A4G0L SIGGEN10 SUSGEN SUSPICIOUS PE TSCOPE UNSAFE VGILA ZELPHIF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Fareit-FZN!9860CB754BAA	20201023	6.0.6.653
Alibaba	Trojan:Win32/DelfInject.ali2000015	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:Malware-gen	20201023	18.4.3895.0
Tencent	Win32.Trojan.Kryptik.Htvk	20201024	1.0.0.1
Kingsoft		20201024	2013.8.14.323
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)

section	CODE
section	DATA
section	BSS

The executable uses a known packer (1 个事件)

packer

BobSoft Mini Delphi -> BoB / BobSoft

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620985511.621857 NtAllocateVirtualMemory	process_identifier: 648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003e0000	success	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.768254496210103

section

{'size_of_data': '0x000ab400', 'virtual_address': '0x000a5000', 'entropy': 7.768254496210103, 'name': '.rsrc', 'virtual_size': '0x000ab3a8'}

description

A section with a high entropy has been found

entropy

0.5191360363774157

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (2 个事件)

host	172.217.24.14
host	52.218.97.140

File has been identified by 62 AntiVirus engines on VirusTotal as malicious (50 out of 62 个事件)

Bkav	W32.AIDetectVM.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Agent.EWGS
CAT-QuickHeal	Trojan.Kryptik
McAfee	Fareit-FZN!9860CB754BAA
Cylance	Unsafe
Zillya	Trojan.Injector.Win32.770301
Sangfor	Malware
K7AntiVirus	Trojan ( 0056e2bb1 )
Alibaba	Trojan:Win32/DelfInject.ali2000015
K7GW	Trojan ( 0056e2bb1 )
Cybereason	malicious.bb34dc
Arcabit	Trojan.Agent.EWGS
Invincea	Mal/Generic-S
Symantec	Trojan.Gen.MBT
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	HEUR:Trojan.Win32.Kryptik.gen
BitDefender	Trojan.Agent.EWGS
NANO-Antivirus	Trojan.Win32.Kryptik.hutxxs
Paloalto	generic.ml
AegisLab	Trojan.Win32.Kryptik.4!c
Tencent	Win32.Trojan.Kryptik.Htvk
Ad-Aware	Trojan.Agent.EWGS
Emsisoft	Trojan.Agent.EWGS (B)
Comodo	Malware@#e3nl6wpbvvyd
F-Secure	Trojan.TR/Kryptik.vgila
DrWeb	Trojan.Siggen10.20534
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_GEN.R002C0WID20
McAfee-GW-Edition	BehavesLike.Win32.Fareit.tc
FireEye	Generic.mg.9860cb754baae84f
Sophos	Mal/Generic-S
SentinelOne	DFI - Suspicious PE
Jiangmin	Trojan.Kryptik.cqg
eGambit	Unsafe.AI_Score_98%
Avira	TR/Kryptik.vgila
Antiy-AVL	Trojan/Win32.Kryptik
Microsoft	TrojanSpy:Win32/MassLogger.MB!MTB
ViRobot	Trojan.Win32.Z.Agent.1352192.T
ZoneAlarm	HEUR:Trojan.Win32.Kryptik.gen
GData	Trojan.Agent.EWGS
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Kryptik.R351094
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZelphiF.34590.sHW@a4G0L!di
ALYac	Trojan.Agent.EWGS
MAX	malware (ai score=82)
VBA32	TScope.Trojan.Delf
Malwarebytes	Trojan.MalPack.DLF

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:

• 0x496140 DeleteCriticalSection

• 0x496144 LeaveCriticalSection

• 0x496148 EnterCriticalSection

• 0x49614c InitializeCriticalSection

• 0x496150 VirtualFree

• 0x496154 VirtualAlloc

• 0x496158 LocalFree

• 0x49615c LocalAlloc

• 0x496160 GetTickCount

• 0x496164 QueryPerformanceCounter

• 0x496168 GetVersion

• 0x49616c GetCurrentThreadId

• 0x496170 InterlockedDecrement

• 0x496174 InterlockedIncrement

• 0x496178 VirtualQuery

• 0x49617c WideCharToMultiByte

• 0x496180 MultiByteToWideChar

• 0x496184 lstrlenA

• 0x496188 lstrcpynA

• 0x49618c LoadLibraryExA

• 0x496190 GetThreadLocale

• 0x496194 GetStartupInfoA

• 0x496198 GetProcAddress

• 0x49619c GetModuleHandleA

• 0x4961a0 GetModuleFileNameA

• 0x4961a4 GetLocaleInfoA

• 0x4961a8 GetCommandLineA

• 0x4961ac FreeLibrary

• 0x4961b0 FindFirstFileA

• 0x4961b4 FindClose

• 0x4961b8 ExitProcess

• 0x4961bc ExitThread

• 0x4961c0 CreateThread

• 0x4961c4 WriteFile

• 0x4961c8 UnhandledExceptionFilter

• 0x4961cc RtlUnwind

• 0x4961d0 RaiseException

• 0x4961d4 GetStdHandle

Library user32.dll:

• 0x4961dc GetKeyboardType

• 0x4961e0 LoadStringA

• 0x4961e4 MessageBoxA

• 0x4961e8 CharNextA

Library advapi32.dll:

• 0x4961f0 RegQueryValueExA

• 0x4961f4 RegOpenKeyExA

• 0x4961f8 RegCloseKey

Library oleaut32.dll:

• 0x496200 SysFreeString

• 0x496204 SysReAllocStringLen

• 0x496208 SysAllocStringLen

Library kernel32.dll:

• 0x496210 TlsSetValue

• 0x496214 TlsGetValue

• 0x496218 LocalAlloc

• 0x49621c GetModuleHandleA

Library advapi32.dll:

• 0x496224 RegQueryValueExA

• 0x496228 RegQueryInfoKeyA

• 0x49622c RegOpenKeyExA

• 0x496230 RegFlushKey

• 0x496234 RegEnumKeyExA

• 0x496238 RegCloseKey

Library kernel32.dll:

• 0x496240 lstrcpyA

• 0x496244 WriteFile

• 0x496248 WaitForSingleObjectEx

• 0x49624c WaitForSingleObject

• 0x496250 VirtualQuery

• 0x496254 VirtualProtect

• 0x496258 VirtualAlloc

• 0x49625c SuspendThread

• 0x496260 Sleep

• 0x496264 SizeofResource

• 0x496268 SetThreadPriority

• 0x49626c SetThreadLocale

• 0x496270 SetFilePointer

• 0x496274 SetEvent

• 0x496278 SetErrorMode

• 0x49627c SetEndOfFile

• 0x496280 ResumeThread

• 0x496284 ResetEvent

• 0x496288 ReadFile

• 0x49628c MulDiv

• 0x496290 LockResource

• 0x496294 LoadResource

• 0x496298 LoadLibraryA

• 0x49629c LeaveCriticalSection

• 0x4962a0 InitializeCriticalSection

• 0x4962a4 GlobalUnlock

• 0x4962a8 GlobalReAlloc

• 0x4962ac GlobalHandle

• 0x4962b0 GlobalLock

• 0x4962b4 GlobalFree

• 0x4962b8 GlobalFindAtomA

• 0x4962bc GlobalDeleteAtom

• 0x4962c0 GlobalAlloc

• 0x4962c4 GlobalAddAtomA

• 0x4962c8 GetVersionExA

• 0x4962cc GetVersion

• 0x4962d0 GetTimeZoneInformation

• 0x4962d4 GetTickCount

• 0x4962d8 GetThreadLocale

• 0x4962dc GetTempPathA

• 0x4962e0 GetSystemTimeAsFileTime

• 0x4962e4 GetSystemTime

• 0x4962e8 GetSystemInfo

• 0x4962ec GetStringTypeExA

• 0x4962f0 GetStdHandle

• 0x4962f4 GetProcAddress

• 0x4962f8 GetModuleHandleA

• 0x4962fc GetModuleFileNameA

• 0x496300 GetLocaleInfoA

• 0x496304 GetLocalTime

• 0x496308 GetLastError

• 0x49630c GetFullPathNameA

• 0x496310 GetFileSize

• 0x496314 GetFileAttributesA

• 0x496318 GetExitCodeThread

• 0x49631c GetDiskFreeSpaceA

• 0x496320 GetDateFormatA

• 0x496324 GetCurrentThreadId

• 0x496328 GetCurrentProcessId

• 0x49632c GetCPInfo

• 0x496330 GetACP

• 0x496334 FreeResource

• 0x496338 InterlockedIncrement

• 0x49633c InterlockedExchange

• 0x496340 InterlockedDecrement

• 0x496344 FreeLibrary

• 0x496348 FormatMessageA

• 0x49634c FindResourceA

• 0x496350 FindFirstFileA

• 0x496354 FindClose

• 0x496358 FileTimeToSystemTime

• 0x49635c FileTimeToLocalFileTime

• 0x496360 FileTimeToDosDateTime

• 0x496364 ExitProcess

• 0x496368 EnumCalendarInfoA

• 0x49636c EnterCriticalSection

• 0x496370 DeleteCriticalSection

• 0x496374 CreateThread

• 0x496378 CreateFileA

• 0x49637c CreateEventA

• 0x496380 CompareStringA

• 0x496384 CloseHandle

Library version.dll:

• 0x49638c VerQueryValueA

• 0x496390 GetFileVersionInfoSizeA

• 0x496394 GetFileVersionInfoA

Library gdi32.dll:

• 0x49639c UnrealizeObject

• 0x4963a0 StretchBlt

• 0x4963a4 SetWindowOrgEx

• 0x4963a8 SetWinMetaFileBits

• 0x4963ac SetViewportOrgEx

• 0x4963b0 SetTextColor

• 0x4963b4 SetStretchBltMode

• 0x4963b8 SetROP2

• 0x4963bc SetPixel

• 0x4963c0 SetEnhMetaFileBits

• 0x4963c4 SetDIBColorTable

• 0x4963c8 SetBrushOrgEx

• 0x4963cc SetBkMode

• 0x4963d0 SetBkColor

• 0x4963d4 SelectPalette

• 0x4963d8 SelectObject

• 0x4963dc SaveDC

• 0x4963e0 RestoreDC

• 0x4963e4 Rectangle

• 0x4963e8 RectVisible

• 0x4963ec RealizePalette

• 0x4963f0 Polyline

• 0x4963f4 PlayEnhMetaFile

• 0x4963f8 PatBlt

• 0x4963fc MoveToEx

• 0x496400 MaskBlt

• 0x496404 LineTo

• 0x496408 IntersectClipRect

• 0x49640c GetWindowOrgEx

• 0x496410 GetWinMetaFileBits

• 0x496414 GetTextMetricsA

• 0x496418 GetTextExtentPoint32A

• 0x49641c GetSystemPaletteEntries

• 0x496420 GetStockObject

• 0x496424 GetPixel

• 0x496428 GetPaletteEntries

• 0x49642c GetObjectA

• 0x496430 GetEnhMetaFilePaletteEntries

• 0x496434 GetEnhMetaFileHeader

• 0x496438 GetEnhMetaFileBits

• 0x49643c GetDeviceCaps

• 0x496440 GetDIBits

• 0x496444 GetDIBColorTable

• 0x496448 GetDCOrgEx

• 0x49644c GetCurrentPositionEx

• 0x496450 GetClipBox

• 0x496454 GetBrushOrgEx

• 0x496458 GetBitmapBits

• 0x49645c ExtTextOutA

• 0x496460 ExcludeClipRect

• 0x496464 DeleteObject

• 0x496468 DeleteEnhMetaFile

• 0x49646c DeleteDC

• 0x496470 CreateSolidBrush

• 0x496474 CreatePenIndirect

• 0x496478 CreatePalette

• 0x49647c CreateHalftonePalette

• 0x496480 CreateFontIndirectA

• 0x496484 CreateDIBitmap

• 0x496488 CreateDIBSection

• 0x49648c CreateCompatibleDC

• 0x496490 CreateCompatibleBitmap

• 0x496494 CreateBrushIndirect

• 0x496498 CreateBitmap

• 0x49649c CopyEnhMetaFileA

• 0x4964a0 BitBlt

Library user32.dll:

• 0x4964a8 CreateWindowExA

• 0x4964ac WindowFromPoint

• 0x4964b0 WinHelpA

• 0x4964b4 WaitMessage

• 0x4964b8 UpdateWindow

• 0x4964bc UnregisterClassA

• 0x4964c0 UnhookWindowsHookEx

• 0x4964c4 TranslateMessage

• 0x4964c8 TranslateMDISysAccel

• 0x4964cc TrackPopupMenu

• 0x4964d0 SystemParametersInfoA

• 0x4964d4 ShowWindow

• 0x4964d8 ShowScrollBar

• 0x4964dc ShowOwnedPopups

• 0x4964e0 ShowCursor

• 0x4964e4 SetWindowsHookExA

• 0x4964e8 SetWindowPos

• 0x4964ec SetWindowPlacement

• 0x4964f0 SetWindowLongA

• 0x4964f4 SetTimer

• 0x4964f8 SetScrollRange

• 0x4964fc SetScrollPos

• 0x496500 SetScrollInfo

• 0x496504 SetRect

• 0x496508 SetPropA

• 0x49650c SetParent

• 0x496510 SetMenuItemInfoA

• 0x496514 SetMenu

• 0x496518 SetForegroundWindow

• 0x49651c SetFocus

• 0x496520 SetCursor

• 0x496524 SetClassLongA

• 0x496528 SetCapture

• 0x49652c SetActiveWindow

• 0x496530 SendMessageA

• 0x496534 ScrollWindow

• 0x496538 ScreenToClient

• 0x49653c RemovePropA

• 0x496540 RemoveMenu

• 0x496544 ReleaseDC

• 0x496548 ReleaseCapture

• 0x49654c RegisterWindowMessageA

• 0x496550 RegisterClipboardFormatA

• 0x496554 RegisterClassA

• 0x496558 RedrawWindow

• 0x49655c PtInRect

• 0x496560 PostQuitMessage

• 0x496564 PostMessageA

• 0x496568 PeekMessageA

• 0x49656c OffsetRect

• 0x496570 OemToCharA

• 0x496574 MsgWaitForMultipleObjects

• 0x496578 MessageBoxA

• 0x49657c MapWindowPoints

• 0x496580 MapVirtualKeyA

• 0x496584 LoadStringA

• 0x496588 LoadKeyboardLayoutA

• 0x49658c LoadIconA

• 0x496590 LoadCursorA

• 0x496594 LoadBitmapA

• 0x496598 KillTimer

• 0x49659c IsZoomed

• 0x4965a0 IsWindowVisible

• 0x4965a4 IsWindowEnabled

• 0x4965a8 IsWindow

• 0x4965ac IsRectEmpty

• 0x4965b0 IsIconic

• 0x4965b4 IsDialogMessageA

• 0x4965b8 IsChild

• 0x4965bc InvalidateRect

• 0x4965c0 IntersectRect

• 0x4965c4 InsertMenuItemA

• 0x4965c8 InsertMenuA

• 0x4965cc InflateRect

• 0x4965d0 GetWindowThreadProcessId

• 0x4965d4 GetWindowTextA

• 0x4965d8 GetWindowRect

• 0x4965dc GetWindowPlacement

• 0x4965e0 GetWindowLongA

• 0x4965e4 GetWindowDC

• 0x4965e8 GetTopWindow

• 0x4965ec GetSystemMetrics

• 0x4965f0 GetSystemMenu

• 0x4965f4 GetSysColorBrush

• 0x4965f8 GetSysColor

• 0x4965fc GetSubMenu

• 0x496600 GetScrollRange

• 0x496604 GetScrollPos

• 0x496608 GetScrollInfo

• 0x49660c GetPropA

• 0x496610 GetParent

• 0x496614 GetWindow

• 0x496618 GetMenuStringA

• 0x49661c GetMenuState

• 0x496620 GetMenuItemInfoA

• 0x496624 GetMenuItemID

• 0x496628 GetMenuItemCount

• 0x49662c GetMenu

• 0x496630 GetLastActivePopup

• 0x496634 GetKeyboardState

• 0x496638 GetKeyboardLayoutList

• 0x49663c GetKeyboardLayout

• 0x496640 GetKeyState

• 0x496644 GetKeyNameTextA

• 0x496648 GetInputState

• 0x49664c GetIconInfo

• 0x496650 GetForegroundWindow

• 0x496654 GetFocus

• 0x496658 GetDlgItem

• 0x49665c GetDesktopWindow

• 0x496660 GetDCEx

• 0x496664 GetDC

• 0x496668 GetCursorPos

• 0x49666c GetCursor

• 0x496670 GetClipboardData

• 0x496674 GetClientRect

• 0x496678 GetClassNameA

• 0x49667c GetClassInfoA

• 0x496680 GetCapture

• 0x496684 GetActiveWindow

• 0x496688 FrameRect

• 0x49668c FindWindowA

• 0x496690 FillRect

• 0x496694 EqualRect

• 0x496698 EnumWindows

• 0x49669c EnumThreadWindows

• 0x4966a0 EndPaint

• 0x4966a4 EnableWindow

• 0x4966a8 EnableScrollBar

• 0x4966ac EnableMenuItem

• 0x4966b0 DrawTextA

• 0x4966b4 DrawMenuBar

• 0x4966b8 DrawIconEx

• 0x4966bc DrawIcon

• 0x4966c0 DrawFrameControl

• 0x4966c4 DrawFocusRect

• 0x4966c8 DrawEdge

• 0x4966cc DispatchMessageA

• 0x4966d0 DestroyWindow

• 0x4966d4 DestroyMenu

• 0x4966d8 DestroyIcon

• 0x4966dc DestroyCursor

• 0x4966e0 DeleteMenu

• 0x4966e4 DefWindowProcA

• 0x4966e8 DefMDIChildProcA

• 0x4966ec DefFrameProcA

• 0x4966f0 CreatePopupMenu

• 0x4966f4 CreateMenu

• 0x4966f8 CreateIcon

• 0x4966fc ClientToScreen

• 0x496700 CheckMenuItem

• 0x496704 CallWindowProcA

• 0x496708 CallNextHookEx

• 0x49670c BeginPaint

• 0x496710 CharNextA

• 0x496714 CharLowerBuffA

• 0x496718 CharLowerA

• 0x49671c CharUpperBuffA

• 0x496720 CharToOemA

• 0x496724 AdjustWindowRectEx

• 0x496728 ActivateKeyboardLayout

Library kernel32.dll:

• 0x496730 Sleep

Library oleaut32.dll:

• 0x496738 SafeArrayPtrOfIndex

• 0x49673c SafeArrayGetUBound

• 0x496740 SafeArrayGetLBound

• 0x496744 SafeArrayCreate

• 0x496748 VariantChangeType

• 0x49674c VariantCopy

• 0x496750 VariantClear

• 0x496754 VariantInit

Library comctl32.dll:

• 0x49675c ImageList_SetIconSize

• 0x496760 ImageList_GetIconSize

• 0x496764 ImageList_Write

• 0x496768 ImageList_Read

• 0x49676c ImageList_GetDragImage

• 0x496770 ImageList_DragShowNolock

• 0x496774 ImageList_SetDragCursorImage

• 0x496778 ImageList_DragMove

• 0x49677c ImageList_DragLeave

• 0x496780 ImageList_DragEnter

• 0x496784 ImageList_EndDrag

• 0x496788 ImageList_BeginDrag

• 0x49678c ImageList_Remove

• 0x496790 ImageList_DrawEx

• 0x496794 ImageList_Replace

• 0x496798 ImageList_Draw

• 0x49679c ImageList_GetBkColor

• 0x4967a0 ImageList_SetBkColor

• 0x4967a4 ImageList_ReplaceIcon

• 0x4967a8 ImageList_Add

• 0x4967ac ImageList_GetImageCount

• 0x4967b0 ImageList_Destroy

• 0x4967b4 ImageList_Create

• 0x4967b8 InitCommonControls

Library comdlg32.dll:

• 0x4967c0 GetOpenFileNameA

Library kernel32.dll:

• 0x4967c8 AddVectoredExceptionHandler

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

Source	Source Port	Destination	Destination Port
52.218.97.140	80	192.168.56.101	49184

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49713	114.114.114.114	53
192.168.56.101	50002	114.114.114.114	53
192.168.56.101	53237	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	50568	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	62318	224.0.0.252	5355
192.168.56.101	62912	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	49238	239.255.255.250	1900
192.168.56.101	50569	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.