SmartHawk

2.6

中危

60 个模型检测该样本为恶意！

重新分析

下载样本

fea27a041a45b4f5fd5fb49c50f0dd538e3fc2448374a2cde475204fc7cdd454

9c355034f7aa77a9e7820c72ccebe512.exe

分析耗时

81s

最近分析

文件大小

239.6KB

静态报毒动态报毒 AGCG AI SCORE=82 AIDETECTVM AKMT CLASSIC CMWE CONFIDENCE CRYPTERX EHLS EMOTET ENCPK GDSDA GEN2 GENCIRC GOZI GRAYWARE HERM HIGH CONFIDENCE HNHWYQ KCLOUD KRYPTIK M2KOQISWTQ4 MALCERT MALICIOUS PE MALWARE1 MALWARE@#3J4S0MQLMKMHJ MINT OQ2@AKYPJFAI R + MAL R343830 SCORE SNIFULA STATIC AI SUSGEN TRICKBOT TROJANPSW TROJANPWS UNSAFE XPACK YAKES ZAMG ZBOT ZENPAK ZEXAF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	TrojanPSW:Win32/Kryptik.c48baab7	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:CrypterX-gen [Trj]	20201210	21.1.5827.0
Kingsoft	Win32.Troj.Undef.(kcloud)	20201211	2017.9.26.565
McAfee	Packed-GCB!9C355034F7AA	20201211	6.0.6.653
Tencent	Malware.Win32.Gencirc.10cddc57	20201211	1.0.0.1
CrowdStrike	win/malicious_confidence_90% (W)	20190702	1.0

Queries for the computername (3 个事件)

Time & API	Arguments	Status	Return
1619784934.959501 GetComputerNameW	computer_name:	failed	0
1619784934.959501 GetComputerNameW	computer_name: OSKAR-PC	success	1
1619784935.193501 GetComputerNameW	computer_name: OSKAR-PC	success	1

This executable is signed

Allocates read-write-execute memory (usually to unpack itself) (3 个事件)

Time & API	Arguments	Status
1619784910.537501 NtAllocateVirtualMemory	process_identifier: 2536 region_size: 163840 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x003d0000	success
1619784934.553501 NtAllocateVirtualMemory	process_identifier: 2536 region_size: 159744 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00440000	success
1619784934.553501 NtProtectVirtualMemory	process_identifier: 2536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 73728 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x00400000	success

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Mint.Zamg.O
FireEye	Generic.mg.9c355034f7aa77a9
CAT-QuickHeal	TrojanPWS.Zbot.Y
ALYac	Trojan.Mint.Zamg.O
Cylance	Unsafe
Zillya	Trojan.Zenpak.Win32.2338
Sangfor	Malware
K7AntiVirus	Riskware ( 0049f6ae1 )
Alibaba	TrojanPSW:Win32/Kryptik.c48baab7
K7GW	Riskware ( 0049f6ae1 )
Cybereason	malicious.b52a70
Arcabit	Trojan.Mint.Zamg.O
Cyren	W32/Trojan.CMWE-0113
Symantec	Infostealer.Snifula
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Packed.Yakes-8864402-0
Kaspersky	HEUR:Trojan.Win32.Yakes.pef
BitDefender	Trojan.Mint.Zamg.O
NANO-Antivirus	Trojan.Win32.Yakes.hnhwyq
AegisLab	Trojan.Win32.Yakes.4!c
Avast	Win32:CrypterX-gen [Trj]
Rising	Trojan.Kryptik!1.C93E (CLASSIC)
Ad-Aware	Trojan.Mint.Zamg.O
Sophos	Mal/Generic-R + Mal/EncPk-APV
Comodo	Malware@#3j4s0mqlmkmhj
F-Secure	Trojan.TR/Crypt.XPACK.Gen2
DrWeb	Trojan.Gozi.703
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Emotet.dm
Emsisoft	MalCert.A (A)
SentinelOne	Static AI - Malicious PE
Jiangmin	Trojan.Yakes.agcg
Webroot	W32.Trickbot.Gen
Avira	TR/Crypt.XPACK.Gen2
Antiy-AVL	GrayWare/Win32.Kryptik.ehls
Kingsoft	Win32.Troj.Undef.(kcloud)
Gridinsoft	Trojan.Win32.Kryptik.yp!s1
Microsoft	PWS:Win32/Zbot.SS!MTB
ZoneAlarm	HEUR:Trojan.Win32.Yakes.pef
GData	Trojan.Mint.Zamg.O
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Kryptik.R343830
Acronis	suspicious
McAfee	Packed-GCB!9C355034F7AA
MAX	malware (ai score=82)
VBA32	Trojan.Zenpak
ESET-NOD32	a variant of Win32/Kryptik.HERM

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2000-01-07 18:58:14

Imports

Library KERNEL32.dll:

• 0x4317a8 DeleteCriticalSection

• 0x4317ac IsDebuggerPresent

• 0x4317b0 CloseHandle

• 0x4317b4 RaiseException

• 0x4317b8 WaitForSingleObject

• 0x4317bc Sleep

• 0x4317c0 GetCurrentThreadId

• 0x4317c4 TlsAlloc

• 0x4317c8 TlsGetValue

• 0x4317cc TlsSetValue

• 0x4317d0 TlsFree

• 0x4317d4 QueryPerformanceCounter

• 0x4317d8 QueryPerformanceFrequency

• 0x4317dc GetSystemTimeAsFileTime

• 0x4317e0 GetVersionExW

• 0x4317e4 GetNativeSystemInfo

• 0x4317e8 GetModuleFileNameW

• 0x4317ec InitializeCriticalSectionAndSpinCount

• 0x4317f0 SetHandleInformation

• 0x4317f4 GetProcessHandleCount

• 0x4317f8 VirtualFree

• 0x4317fc GetCurrentProcessId

• 0x431800 FreeLibrary

• 0x431804 HeapSetInformation

• 0x431808 GetCurrentDirectoryW

• 0x43180c GetFileType

• 0x431810 SignalObjectAndWait

• 0x431814 CreateFileW

• 0x431818 WriteConsoleW

• 0x43181c SetStdHandle

• 0x431820 SetFilePointerEx

• 0x431824 GetConsoleMode

• 0x431828 GetConsoleCP

• 0x43182c FlushFileBuffers

• 0x431830 EnumSystemLocalesW

• 0x431834 GetUserDefaultLCID

• 0x431838 IsValidLocale

• 0x43183c GetLocaleInfoW

• 0x431840 LCMapStringW

• 0x431844 LeaveCriticalSection

• 0x431848 EnterCriticalSection

• 0x43184c GetModuleHandleExW

• 0x431850 SetLastError

• 0x431854 GetComputerNameW

• 0x431858 LocalFree

• 0x43185c GetSystemDirectoryW

• 0x431860 GetLastError

• 0x431864 GetVolumeInformationW

• 0x431868 TerminateProcess

• 0x43186c VerifyVersionInfoW

• 0x431870 SetDllDirectoryW

• 0x431874 LoadLibraryExA

• 0x431878 GetProcAddress

• 0x43187c GetModuleHandleW

• 0x431880 GetModuleHandleA

• 0x431884 VirtualProtectEx

• 0x431888 VirtualAllocEx

• 0x43188c FlushInstructionCache

• 0x431890 ExpandEnvironmentStringsW

• 0x431894 SetEnvironmentVariableW

• 0x431898 GetEnvironmentVariableW

• 0x43189c VerSetConditionMask

• 0x4318a0 GetCurrentProcess

• 0x4318a4 MultiByteToWideChar

• 0x4318a8 VirtualQuery

• 0x4318ac GetCommandLineW

• 0x4318b0 EncodePointer

• 0x4318b4 DecodePointer

• 0x4318b8 HeapFree

• 0x4318bc HeapAlloc

• 0x4318c0 HeapReAlloc

• 0x4318c4 IsProcessorFeaturePresent

• 0x4318c8 LoadLibraryExW

• 0x4318cc ExitProcess

• 0x4318d0 WideCharToMultiByte

• 0x4318d4 GetProcessHeap

• 0x4318d8 GetStdHandle

• 0x4318dc GetStartupInfoW

• 0x4318e0 WriteFile

• 0x4318e4 GetEnvironmentStringsW

• 0x4318e8 FreeEnvironmentStringsW

• 0x4318ec HeapSize

• 0x4318f0 UnhandledExceptionFilter

• 0x4318f4 SetUnhandledExceptionFilter

• 0x4318f8 IsValidCodePage

• 0x4318fc GetACP

• 0x431900 GetOEMCP

• 0x431904 GetCPInfo

• 0x431908 GetStringTypeW

• 0x43190c RtlUnwind

• 0x431910 OutputDebugStringW

• 0x431914 GetCalendarInfoW

• 0x431918 GetPrivateProfileStructA

• 0x43191c EraseTape

• 0x431920 DnsHostnameToComputerNameA

• 0x431924 _lwrite

• 0x431928 GetProfileIntW

• 0x43192c WaitNamedPipeW

• 0x431930 PrepareTape

• 0x431934 CreateHardLinkA

• 0x431938 RequestDeviceWakeup

• 0x43193c GetEnvironmentVariableA

• 0x431940 TransmitCommChar

• 0x431944 EnumResourceNamesA

• 0x431948 CopyFileW

• 0x43194c OpenJobObjectA

• 0x431950 CreateFileA

• 0x431954 FindClose

• 0x431958 FindFirstFileA

• 0x43195c FindNextFileA

• 0x431960 ReadFile

• 0x431964 VirtualAlloc

• 0x431968 LoadLibraryA

Library USER32.dll:

• 0x431970 CopyImage

• 0x431974 GetClassNameW

• 0x431978 GetMenuCheckMarkDimensions

• 0x43197c DdeCreateStringHandleW

• 0x431980 DdeConnect

• 0x431984 CharUpperA

• 0x431988 LoadIconW

Library GDI32.dll:

• 0x431990 EngLineTo

• 0x431994 GetGraphicsMode

• 0x431998 PlayEnhMetaFileRecord

• 0x43199c GetROP2

• 0x4319a0 GetClipBox

• 0x4319a4 GetStretchBltMode

• 0x4319a8 GdiAlphaBlend

• 0x4319ac GdiPlayDCScript

• 0x4319b0 EngWideCharToMultiByte

• 0x4319b4 SetDIBits

• 0x4319b8 SetMetaFileBitsEx

• 0x4319bc GdiGetLocalBrush

• 0x4319c0 RemoveFontResourceTracking

• 0x4319c4 GetStockObject

• 0x4319c8 GetEnhMetaFileA

Library ADVAPI32.dll:

• 0x4319d0 RegOpenKeyExW

• 0x4319d4 RegDisablePredefinedCache

• 0x4319d8 RegCloseKey

• 0x4319dc RevertToSelf

• 0x4319e0 GetLengthSid

• 0x4319e4 OpenProcessToken

• 0x4319e8 ConvertStringSidToSidW

• 0x4319ec SetTokenInformation

• 0x4319f0 ConvertSidToStringSidW

• 0x4319f4 LookupAccountNameW

• 0x4319f8 RegOpenKeyA

• 0x4319fc RegQueryValueExW

Library SHELL32.dll:

• 0x431a04 SHGetDesktopFolder

• 0x431a08 SHGetFileInfo

• 0x431a0c SHGetInstanceExplorer

Library SHLWAPI.dll:

• 0x431a14 StrChrIW

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49713	114.114.114.114	53
192.168.56.101	50002	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	60384	114.114.114.114	53
192.168.56.101	62318	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57756	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	51966	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.