3.2
中危
47 个模型检测该样本为恶意!
重新分析
更多

7f698295230f59c7ca8193322eb48d71cd203f3675139f2da99e326589bfdad3

98e304e28a51acd92a363346c2b02b2f.exe

分析耗时

87s

最近分析

文件大小

467.0KB
静态报毒 动态报毒 100% AI SCORE=94 BLDBF BOBIK CLOUD CONFIDENCE GENERIC PWS GENERICKD GIFT H8OAQCCA HSEHJZ HWWH JJSJ MALWARE@#3UD3DOGV9EK92 SEDNIT UNSAFE XL3QKJQ7OPO 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee RDN/Generic PWS.y 20210408 6.0.6.653
Alibaba TrojanDownloader:Win64/Sednit.76f199ec 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win64:Trojan-gen 20210408 21.1.5827.0
Tencent Win32.Trojan-spy.Bobik.Hwwh 20210408 1.0.0.1
Kingsoft 20210408 2017.9.26.565
CrowdStrike win/malicious_confidence_100% (W) 20210203 1.0
静态指标
行为判定
动态指标
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 203.208.41.66
File has been identified by 47 AntiVirus engines on VirusTotal as malicious (47 个事件)
CAT-QuickHeal Trojanspy.Bobik
McAfee RDN/Generic PWS.y
Cylance Unsafe
Zillya Trojan.Bobik.Win32.1621
K7AntiVirus Trojan-Downloader ( 0056c9651 )
Alibaba TrojanDownloader:Win64/Sednit.76f199ec
K7GW Trojan-Downloader ( 0056c9651 )
Cybereason malicious.28a51a
Cyren W64/Trojan.JJSJ-9344
Symantec Trojan Horse
ESET-NOD32 Win64/TrojanDownloader.Sednit.AA
Paloalto generic.ml
Kaspersky Trojan-Spy.Win32.Bobik.eqz
BitDefender Trojan.GenericKD.34338859
NANO-Antivirus Trojan.Win64.Bobik.hsehjz
MicroWorld-eScan Trojan.GenericKD.34338859
Avast Win64:Trojan-gen
Tencent Win32.Trojan-spy.Bobik.Hwwh
Ad-Aware Trojan.GenericKD.34338859
Emsisoft Trojan.GenericKD.34338859 (B)
Comodo Malware@#3ud3dogv9ek92
F-Secure Trojan.TR/Spy.Bobik.bldbf
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win64.Generic.gm
FireEye Trojan.GenericKD.34338859
Sophos Mal/Generic-S
Ikarus Trojan-Downloader.Win64.Sednit
GData Trojan.GenericKD.34338859
Jiangmin TrojanSpy.Bobik.kr
Webroot W32.Trojan.Gen
Avira TR/Spy.Bobik.bldbf
Gridinsoft Trojan.Win64.Gen.oa
Arcabit Trojan.Generic.D20BF82B
AegisLab Trojan.Multi.Generic.4!c
ZoneAlarm Trojan-Spy.Win32.Bobik.eqz
Microsoft Worm:DOS/Gift!rfn
AhnLab-V3 Malware/Win64.Generic.C4189135
VBA32 TrojanSpy.Bobik
ALYac Trojan.GenericKD.34338859
MAX malware (ai score=94)
Rising Worm.Gift!8.570F (CLOUD)
Yandex Trojan.DL.Sednit!xL3qkjQ7oPo
Fortinet W32/Bobik.EQZ!tr
AVG Win64:Trojan-gen
Panda Trj/CI.A
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Win64/TrojanSpy.Bobik.H8oAQccA
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1970-01-01 08:00:00

Imports

Library KERNEL32.dll:
0x45e328 GetCurrentProcess
0x45e330 GetCurrentProcessId
0x45e338 GetCurrentThreadId
0x45e340 GetLastError
0x45e348 GetModuleHandleA
0x45e350 GetProcAddress
0x45e358 GetStartupInfoA
0x45e368 GetTickCount
0x45e380 LoadLibraryA
0x45e390 RtlAddFunctionTable
0x45e398 RtlCaptureContext
0x45e3a8 RtlVirtualUnwind
0x45e3b8 Sleep
0x45e3c0 TerminateProcess
0x45e3c8 TlsGetValue
0x45e3d8 VirtualAlloc
0x45e3e0 VirtualFree
0x45e3e8 VirtualProtect
0x45e3f0 VirtualQuery
Library msvcrt.dll:
0x45e408 __dllonexit
0x45e410 __doserrno
0x45e418 __getmainargs
0x45e420 __initenv
0x45e428 __iob_func
0x45e430 __lconv_init
0x45e438 __pioinfo
0x45e440 __set_app_type
0x45e448 __setusermatherr
0x45e450 _acmdln
0x45e458 _amsg_exit
0x45e460 _cexit
0x45e468 _errno
0x45e470 _filelengthi64
0x45e478 _fileno
0x45e480 _fmode
0x45e488 _initterm
0x45e490 _lock
0x45e498 _lseeki64
0x45e4a0 _onexit
0x45e4a8 _setjmp
0x45e4b0 _setmode
0x45e4b8 _unlock
0x45e4c0 _wfopen
0x45e4c8 _write
0x45e4d0 abort
0x45e4d8 calloc
0x45e4e0 clearerr
0x45e4e8 exit
0x45e4f0 fclose
0x45e4f8 ferror
0x45e500 fflush
0x45e508 fgetc
0x45e510 fgetpos
0x45e518 fgets
0x45e520 fprintf
0x45e528 fputc
0x45e530 fread
0x45e538 free
0x45e540 fsetpos
0x45e548 fwrite
0x45e550 getenv
0x45e558 longjmp
0x45e560 malloc
0x45e568 memchr
0x45e570 memcmp
0x45e578 memcpy
0x45e580 printf
0x45e588 setvbuf
0x45e590 signal
0x45e598 strerror
0x45e5a0 strlen
0x45e5a8 strncmp
0x45e5b0 ungetc
0x45e5b8 vfprintf
0x45e5c0 wcschr
Library USER32.dll:
0x45e5d0 MessageBoxA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.