4.4
中危
49 个模型检测该样本为恶意!
重新分析
更多

a46e5c3dac07527c49ecb79ed1fff922289f05a575e686db8bcc3dff43ebe107

9d629eff9238cdf6fc8a774b6199484b.exe

分析耗时

32s

最近分析

文件大小

82.0KB
静态报毒 动态报毒 7H3315X5FL4 AI SCORE=74 BHKC BSCOPE BUNDLER CONFIDENCE DOWNADMIN DOWNLOAD ADMIN DOWNLOADADMIN DOWNLOADMIN DZKKQH ELDORADO GRHHHEDDARM HIGH CONFIDENCE MALICIOUS PE MCZ5 OCNA Q@6AZWTV R174578 SCORE SOFTCNAPP SUSGEN UNSAFE VITTALIA 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee PUP-FCA 20201029 6.0.6.653
Alibaba Downloader:Win32/Softcnapp.ee80f285 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:PUP-gen [PUP] 20201028 18.4.3895.0
Tencent 20201029 1.0.0.1
Kingsoft 20201029 2013.8.14.323
CrowdStrike win/malicious_confidence_60% (D) 20190702 1.0
静态指标
This executable has a PDB path (1 个事件)
pdb_path debug.pdb
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.563353607744868 section {'size_of_data': '0x00003200', 'virtual_address': '0x00011000', 'entropy': 7.563353607744868, 'name': '.data', 'virtual_size': '0x00003fdc'} description A section with a high entropy has been found
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2288 resumed a thread in remote process 1940
Time & API Arguments Status Return Repeated
1620808753.249375
NtResumeThread
thread_handle: 0x000000c0
suspend_count: 1
process_identifier: 1940
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.24.14:443
File has been identified by 49 AntiVirus engines on VirusTotal as malicious (49 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Application.Bundler.DownloadAdmin.4
FireEye Generic.mg.9d629eff9238cdf6
CAT-QuickHeal Downloader.Download.30696
McAfee PUP-FCA
Cylance Unsafe
K7AntiVirus Adware ( 004d4a341 )
Alibaba Downloader:Win32/Softcnapp.ee80f285
K7GW Adware ( 004d4a341 )
Cybereason malicious.f9238c
Arcabit Trojan.Application.Bundler.DownloadAdmin.4
Invincea Download Admin (PUA)
Cyren W32/S-9075581b!Eldorado
Symantec PUA.DownloadAdmin
Avast Win32:PUP-gen [PUP]
Kaspersky not-a-virus:HEUR:Downloader.Win32.Generic
BitDefender Gen:Variant.Application.Bundler.DownloadAdmin.4
NANO-Antivirus Trojan.Win32.Vittalia.dzkkqh
ViRobot Adware.Downloadadmin.83968.A
Ad-Aware Gen:Variant.Application.Bundler.DownloadAdmin.4
Sophos Download Admin (PUA)
Comodo Application.Win32.DownloadAdmin.Q@6azwtv
DrWeb Trojan.Vittalia.1323
VIPRE Trojan.Win32.Generic!BT
TrendMicro PUA_DOWNADMIN.SM
McAfee-GW-Edition PUP-FCA
Emsisoft Gen:Variant.Application.Bundler.DownloadAdmin.4 (B)
SentinelOne DFI - Malicious PE
Jiangmin Downloader.Generic.bhkc
eGambit Unsafe.AI_Score_98%
Microsoft PUA:Win32/DownloadAdmin
AegisLab Adware.Win32.Ocna.mCz5
ZoneAlarm not-a-virus:HEUR:Downloader.Win32.Generic
GData Gen:Variant.Application.Bundler.DownloadAdmin.4
Cynet Malicious (score: 100)
AhnLab-V3 PUP/Win32.DownloadAdmin.R174578
MAX malware (ai score=74)
VBA32 BScope.Downloader.DownloAdmin
ESET-NOD32 a variant of Win32/DownloadAdmin.P potentially unwanted
TrendMicro-HouseCall PUA_DOWNADMIN.SM
Rising PUF.DownloadAdmin!8.123 (TFE:5:GRHHHEDDarM)
Yandex Riskware.Agent!7H3315x5fL4
Ikarus PUA.DownloadAdmin
MaxSecure Trojan.Malware.12126263.susgen
Fortinet Riskware/Generic
AVG Win32:PUP-gen [PUP]
Panda Trj/CI.A
CrowdStrike win/malicious_confidence_60% (D)
Qihoo-360 Win32/Virus.Downloader.c27
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2014-10-27 16:54:47

Imports

Library comdlg32.dll:
0x40f198 GetOpenFileNameA
0x40f19c GetSaveFileNameA
Library USER32.dll:
0x40f158 TranslateMessage
0x40f15c PostMessageA
0x40f160 RegisterClassA
0x40f164 GetWindowLongA
0x40f168 DispatchMessageA
0x40f16c EndPaint
0x40f170 ShowWindow
0x40f174 DrawTextA
0x40f178 GetDC
0x40f17c DrawTextW
0x40f180 SendMessageW
0x40f184 SendMessageA
0x40f188 GetMessageA
0x40f18c CreateWindowExA
0x40f190 BeginPaint
Library GDI32.dll:
0x40f000 GetMetaRgn
0x40f004 StrokePath
0x40f008 PolyBezierTo
0x40f00c Polyline
0x40f010 WidenPath
0x40f014 CreateFontA
0x40f018 CreateFontIndirectA
0x40f01c CreateBitmap
0x40f020 SelectObject
0x40f024 EnumObjects
0x40f028 DeleteObject
0x40f02c Rectangle
Library KERNEL32.dll:
0x40f034 LocalFree
0x40f038 GetVersionExA
0x40f03c MultiByteToWideChar
0x40f040 FormatMessageA
0x40f048 TerminateThread
0x40f04c HeapWalk
0x40f050 GetCurrentThreadId
0x40f054 GetTickCount
0x40f064 GetStartupInfoA
0x40f06c Sleep
0x40f070 InterlockedExchange
0x40f074 RtlUnwind
0x40f080 GetLastError
0x40f084 GetProcAddress
0x40f088 WaitForSingleObject
0x40f08c ReleaseMutex
0x40f090 CloseHandle
0x40f094 GetFileSize
0x40f098 MapViewOfFile
0x40f09c CreateFileMappingA
0x40f0a0 CreateFileA
0x40f0a4 lstrcmpiA
0x40f0a8 CreateMutexA
0x40f0ac GetVersion
0x40f0b0 OutputDebugStringA
0x40f0b4 lstrcpynA
0x40f0b8 ExitProcess
0x40f0bc GetModuleFileNameA
0x40f0c0 FreeLibrary
0x40f0c4 DeleteFileA
0x40f0cc DuplicateHandle
0x40f0d0 GetCurrentProcess
0x40f0d4 GetCurrentProcessId
0x40f0dc GetExitCodeProcess
0x40f0e0 TerminateProcess
0x40f0e4 ResumeThread
0x40f0e8 CreateProcessA
0x40f0ec GetCommandLineA
0x40f0f0 LoadLibraryA
0x40f0f4 FlushFileBuffers
0x40f0f8 WriteFile
0x40f100 CreateDirectoryA
0x40f104 GetFileAttributesA
0x40f110 GetModuleHandleA
0x40f114 ReadConsoleA
0x40f118 WriteConsoleA
0x40f11c GetStdHandle
0x40f120 GetFullPathNameA
0x40f124 SetErrorMode
0x40f12c HeapCreate
0x40f130 HeapValidate
Library msvcrt.dll:
0x40f1a8 atoi
0x40f1ac realloc
0x40f1b0 rand
0x40f1b4 ??2@YAPAXI@Z
0x40f1b8 memset
0x40f1bc srand
0x40f1c0 _pgmptr
0x40f1c4 __argc
0x40f1c8 __argv
0x40f1cc memmove
0x40f1d0 _ismbblead
0x40f1d4 __getmainargs
0x40f1d8 _cexit
0x40f1dc _exit
0x40f1e0 _XcptFilter
0x40f1e4 exit
0x40f1e8 _acmdln
0x40f1ec _initterm
0x40f1f0 _amsg_exit
0x40f1f4 __setusermatherr
0x40f1f8 __p__commode
0x40f1fc __p__fmode
0x40f200 __set_app_type
0x40f204 ?terminate@@YAXXZ
0x40f208 _controlfp
0x40f20c __CxxFrameHandler
0x40f210 _snprintf
0x40f214 ??3@YAXPAX@Z
0x40f218 _time64
0x40f21c memcpy
0x40f220 free
0x40f224 malloc
Library ole32.dll:
0x40f22c CoTaskMemFree
0x40f230 StringFromCLSID
0x40f238 CoInitializeEx
0x40f23c OleInitialize
0x40f240 CoCreateInstance
Library SHELL32.dll:
0x40f13c SHFileOperationA
0x40f144
0x40f148 ShellAboutA
0x40f14c ShellExecuteExA
0x40f150 SHBrowseForFolderA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 53658 239.255.255.250 3702
192.168.56.101 55369 239.255.255.250 3702
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62194 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.