3.8
中危
47 个模型检测该样本为恶意!
重新分析
更多

58215823021c2da84fcf725bbb9b118aba9b72178577cba1d4c69545b9ae7fa2

9cd6fd8a97096da267c0b51a2e5c2982.exe

分析耗时

76s

最近分析

文件大小

336.0KB
静态报毒 动态报毒 AI SCORE=85 AIDETECTVM ARTEMIS ATTRIBUTE CONFIDENCE EOVB EPSX GDSDA GENERIC@ML GENKRYPTIK HIGH CONFIDENCE HIGHCONFIDENCE HRYIKZ HXZY ICEDID KRYPT MALWARE1 MALWARE@#WY5JH3OSBXKT QVM10 RDML SCORE SLEPAK SUSGEN UNSAFE XXBUTWONVXNVIHQNIPKCEG Y3DMXPZC ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!9CD6FD8A9709 20201211 6.0.6.653
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20201210 21.1.5827.0
Alibaba Trojan:Win32/Slepak.e7e35ec5 20190527 0.3.0.5
Tencent Win32.Trojan.Slepak.Hxzy 20201211 1.0.0.1
Kingsoft 20201211 2017.9.26.565
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
静态指标
This executable has a PDB path (1 个事件)
pdb_path c:\Officeturn\thisshare\pathgentle\villagebrother\ShellCent\townPicturemotion.pdb
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619781083.856176
GlobalMemoryStatusEx
success 1 0
行为判定
动态指标
Resolves a suspicious Top Level Domain (TLD) (2 个事件)
domain iskuliokilo.pw description Palau domain TLD
domain passiopersio.top description Generic top level domain TLD
Allocates read-write-execute memory (usually to unpack itself) (4 个事件)
Time & API Arguments Status Return Repeated
1619781083.668176
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 12288
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0053f000
success 0 0
1619781083.668176
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00230000
success 0 0
1619781083.668176
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00240000
success 0 0
1619781083.668176
NtAllocateVirtualMemory
process_identifier: 784
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00260000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Generates some ICMP traffic
File has been identified by 47 AntiVirus engines on VirusTotal as malicious (47 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Zusy.309986
FireEye Generic.mg.9cd6fd8a97096da2
Qihoo-360 Generic/HEUR/QVM10.2.CBD7.Malware.Gen
McAfee Artemis!9CD6FD8A9709
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Trojan ( 0056b3af1 )
BitDefender Gen:Variant.Zusy.309986
K7GW Trojan ( 0056b3af1 )
Cybereason malicious.ea3167
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/GenKryptik.EOVB
APEX Malicious
Avast Win32:Malware-gen
Kaspersky Trojan.Win32.Slepak.bt
Alibaba Trojan:Win32/Slepak.e7e35ec5
NANO-Antivirus Trojan.Win32.IcedID.hryikz
Tencent Win32.Trojan.Slepak.Hxzy
Ad-Aware Gen:Variant.Zusy.309986
Emsisoft Gen:Variant.Zusy.309986 (B)
Comodo Malware@#wy5jh3osbxkt
Zillya Trojan.GenKryptik.Win32.52319
McAfee-GW-Edition BehavesLike.Win32.Generic.fh
Sophos Mal/Generic-S
Ikarus Trojan.Win32.Krypt
MAX malware (ai score=85)
Antiy-AVL Trojan/Win32.Slepak
Arcabit Trojan.Zusy.D4BAE2
ZoneAlarm Trojan.Win32.Slepak.bt
GData Gen:Variant.Zusy.309986
Cynet Malicious (score: 100)
Acronis suspicious
VBA32 Trojan.Slepak
ALYac Trojan.IcedID.gen
TACHYON Trojan/W32.Slepak.344064
Malwarebytes Trojan.MalPack
Panda Trj/GdSda.A
Rising Trojan.Generic@ML.85 (RDML:xXButWONvxnvIhQNipkCEg)
Yandex Trojan.GenKryptik!y3DmXpzC/Uo
Fortinet W32/GenKryptik.EPSX!tr
AVG Win32:Malware-gen
Paloalto generic.ml
CrowdStrike win/malicious_confidence_60% (W)
MaxSecure Trojan.Malware.104306834.susgen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2015-12-24 22:00:04

Imports

Library KERNEL32.dll:
0x1024000 CreateFileA
0x1024008 GetDateFormatA
0x102400c OpenProcess
0x1024010 GetVolumeInformationA
0x1024014 Sleep
0x1024018 SizeofResource
0x102401c CreateEventA
0x1024020 GetSystemDirectoryA
0x1024024 LockResource
0x1024028 GetSystemInfo
0x102402c GetModuleHandleA
0x1024030 VirtualProtect
0x1024034 GetCurrentDirectoryA
0x1024038 GetVersionExA
0x102403c GetVersion
0x1024040 GetTempPathA
0x1024044 GetSystemTime
0x1024048 GetProcessHeap
0x102404c SetEndOfFile
0x1024050 WriteConsoleW
0x1024054 GetConsoleOutputCP
0x1024058 WriteConsoleA
0x102405c GetLocaleInfoW
0x1024060 LoadLibraryA
0x1024064 SetStdHandle
0x102406c IsValidLocale
0x1024070 EnumSystemLocalesA
0x1024074 GetLocaleInfoA
0x1024078 GetUserDefaultLCID
0x102407c IsValidCodePage
0x1024080 GetOEMCP
0x1024084 WideCharToMultiByte
0x1024088 InterlockedIncrement
0x102408c InterlockedDecrement
0x1024094 InterlockedExchange
0x1024098 MultiByteToWideChar
0x10240a0 DeleteCriticalSection
0x10240a4 EnterCriticalSection
0x10240a8 LeaveCriticalSection
0x10240ac GetLastError
0x10240b0 HeapFree
0x10240b4 TerminateProcess
0x10240b8 GetCurrentProcess
0x10240c4 IsDebuggerPresent
0x10240c8 GetCommandLineA
0x10240cc GetStartupInfoA
0x10240d0 GetCPInfo
0x10240d4 RaiseException
0x10240d8 RtlUnwind
0x10240dc LCMapStringW
0x10240e0 LCMapStringA
0x10240e4 GetStringTypeW
0x10240e8 HeapAlloc
0x10240ec HeapCreate
0x10240f0 VirtualFree
0x10240f4 VirtualAlloc
0x10240f8 HeapReAlloc
0x10240fc GetModuleHandleW
0x1024100 GetProcAddress
0x1024104 TlsGetValue
0x1024108 TlsAlloc
0x102410c TlsSetValue
0x1024110 TlsFree
0x1024114 SetLastError
0x1024118 GetCurrentThreadId
0x102411c SetHandleCount
0x1024120 GetStdHandle
0x1024124 GetFileType
0x1024128 CloseHandle
0x102412c ExitProcess
0x1024130 WriteFile
0x1024134 GetModuleFileNameA
0x102413c GetEnvironmentStrings
0x1024148 GetTickCount
0x102414c GetCurrentProcessId
0x1024154 GetStringTypeA
0x1024158 GetConsoleCP
0x102415c GetConsoleMode
0x1024160 FlushFileBuffers
0x1024164 ReadFile
0x1024168 SetFilePointer
0x102416c HeapSize
0x1024170 GetACP
Library USER32.dll:
0x1024184 GetWindowRect
0x1024188 TrackPopupMenu
0x102418c FillRect
0x1024190 GetClientRect
0x1024194 IsDialogMessageA
0x1024198 GetForegroundWindow
0x102419c CreatePopupMenu
0x10241a0 GetSysColorBrush
0x10241a4 GetActiveWindow
0x10241a8 AppendMenuA
0x10241ac PostMessageA
0x10241b0 DispatchMessageA
0x10241b8 DrawFrameControl
Library Secur32.dll:
0x1024178 FreeContextBuffer

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51966 239.255.255.250 1900
192.168.56.101 53238 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.