5.2
中危
56 个模型检测该样本为恶意!
重新分析
更多

9e93976df5b936549eda831dadf148fc2dd8683ee9e847fb2edd9c482273691a

9ed1bdb2b472bf9e5655aefbfa345737.exe

分析耗时

92s

最近分析

文件大小

592.0KB
静态报毒 动态报毒 AI SCORE=80 AIDETECTVM ATTRIBUTE BLOCKER BLUTEAL BSCOPE CLASSIC DELF DOWNLOADER34 FAREIT GRAFTOR HIGH CONFIDENCE HIGHCONFIDENCE HTJMNB HYTL MALWARE1 MALWARE@#RO1RF1OBY4O1 NVUV R06CC0PHS20 R349505 REMCOSCRYPT SCORE STATIC AI SUSGEN SUSPICIOUS PE TROJANX UNSAFE ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanDownloader:Win32/Bluteal.ebb8096d 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:TrojanX-gen [Trj] 20201115 20.10.5736.0
Tencent Win32.Trojan.Delf.Hytl 20201115 1.0.0.1
Kingsoft 20201115 2013.8.14.323
McAfee Fareit-FUL!9ED1BDB2B472 20201115 6.0.6.653
CrowdStrike 20190702 1.0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619781474.329
NtAllocateVirtualMemory
process_identifier: 2256
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004a0000
success 0 0
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1619781491.391
NtProtectVirtualMemory
process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 40960
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffff
base_address: 0x01f11000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Disables proxy possibly for traffic interception (1 个事件)
Time & API Arguments Status Return Repeated
1619781511.516
RegSetValueExA
key_handle: 0x000002dc
value: 0
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
success 0 0
File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Zusy.312229
FireEye Generic.mg.9ed1bdb2b472bf9e
CAT-QuickHeal Trojan.Delf
Qihoo-360 Win32/Trojan.432
ALYac Gen:Variant.Zusy.312229
Cylance Unsafe
Zillya Downloader.Delf.Win32.59797
Sangfor Malware
K7AntiVirus Trojan-Downloader ( 0056d5dc1 )
Alibaba TrojanDownloader:Win32/Bluteal.ebb8096d
K7GW Trojan-Downloader ( 0056d5dc1 )
Arcabit Trojan.Zusy.D4C3A5
Invincea Mal/Generic-S
Cyren W32/Trojan.NVUV-4207
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:TrojanX-gen [Trj]
Kaspersky HEUR:Trojan.Win32.Delf.gen
BitDefender Gen:Variant.Zusy.312229
NANO-Antivirus Trojan.Win32.Delf.htjmnb
Paloalto generic.ml
AegisLab Trojan.Win32.Graftor.4!c
Tencent Win32.Trojan.Delf.Hytl
Ad-Aware Gen:Variant.Zusy.312229
Emsisoft Gen:Variant.Zusy.312229 (B)
Comodo Malware@#ro1rf1oby4o1
DrWeb Trojan.DownLoader34.29290
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R06CC0PHS20
McAfee-GW-Edition Fareit-FUL!9ED1BDB2B472
Sophos Mal/Generic-S
Ikarus Trojan-Downloader.Win32.Delf
MAX malware (ai score=80)
Antiy-AVL Trojan/Win32.Delf
Gridinsoft Trojan.Win32.Agent.oa
Microsoft Trojan:Win32/RemcosCrypt.ACH!MTB
ZoneAlarm HEUR:Trojan.Win32.Delf.gen
GData Gen:Variant.Zusy.312229
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Fareit.R349505
Acronis suspicious
McAfee Fareit-FUL!9ED1BDB2B472
VBA32 BScope.TrojanRansom.Blocker
Malwarebytes Trojan.MalPack.DLF
Zoner Trojan.Win32.92784
ESET-NOD32 Win32/TrojanDownloader.Delf.CZV
TrendMicro-HouseCall TROJ_GEN.R06CC0PHS20
Rising Trojan.Injector!1.CB77 (CLASSIC)
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.110:443
dead_host 157.240.10.32:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x460178 VirtualFree
0x46017c VirtualAlloc
0x460180 LocalFree
0x460184 LocalAlloc
0x460188 GetTickCount
0x460190 GetVersion
0x460194 GetCurrentThreadId
0x4601a0 VirtualQuery
0x4601a4 WideCharToMultiByte
0x4601a8 MultiByteToWideChar
0x4601ac lstrlenA
0x4601b0 lstrcpynA
0x4601b4 LoadLibraryExA
0x4601b8 GetThreadLocale
0x4601bc GetStartupInfoA
0x4601c0 GetProcAddress
0x4601c4 GetModuleHandleA
0x4601c8 GetModuleFileNameA
0x4601cc GetLocaleInfoA
0x4601d0 GetCommandLineA
0x4601d4 FreeLibrary
0x4601d8 FindFirstFileA
0x4601dc FindClose
0x4601e0 ExitProcess
0x4601e4 WriteFile
0x4601ec RtlUnwind
0x4601f0 RaiseException
0x4601f4 GetStdHandle
Library user32.dll:
0x4601fc GetKeyboardType
0x460200 LoadStringA
0x460204 MessageBoxA
0x460208 CharNextA
Library advapi32.dll:
0x460210 RegQueryValueExA
0x460214 RegOpenKeyExA
0x460218 RegCloseKey
Library oleaut32.dll:
0x460220 SysFreeString
0x460224 SysReAllocStringLen
0x460228 SysAllocStringLen
Library kernel32.dll:
0x460230 TlsSetValue
0x460234 TlsGetValue
0x460238 LocalAlloc
0x46023c GetModuleHandleA
Library advapi32.dll:
0x460244 RegQueryValueExA
0x460248 RegOpenKeyExA
0x46024c RegCloseKey
Library kernel32.dll:
0x460254 lstrcpyA
0x460258 lstrcmpiA
0x46025c WriteFile
0x460260 WaitForSingleObject
0x460264 VirtualQuery
0x460268 VirtualProtect
0x46026c VirtualAlloc
0x460270 Sleep
0x460274 SizeofResource
0x460278 SetThreadLocale
0x46027c SetFilePointer
0x460280 SetEvent
0x460284 SetErrorMode
0x460288 SetEndOfFile
0x46028c ResetEvent
0x460290 ReadFile
0x460294 MultiByteToWideChar
0x460298 MulDiv
0x46029c LockResource
0x4602a0 LoadResource
0x4602a4 LoadLibraryA
0x4602b0 GlobalUnlock
0x4602b4 GlobalSize
0x4602b8 GlobalReAlloc
0x4602bc GlobalHandle
0x4602c0 GlobalLock
0x4602c4 GlobalFree
0x4602c8 GlobalFindAtomA
0x4602cc GlobalDeleteAtom
0x4602d0 GlobalAlloc
0x4602d4 GlobalAddAtomA
0x4602d8 GetVersionExA
0x4602dc GetVersion
0x4602e0 GetUserDefaultLCID
0x4602e4 GetTickCount
0x4602e8 GetThreadLocale
0x4602ec GetSystemInfo
0x4602f0 GetStringTypeExA
0x4602f4 GetStdHandle
0x4602f8 GetProcAddress
0x4602fc GetModuleHandleA
0x460300 GetModuleFileNameA
0x460304 GetLocaleInfoA
0x460308 GetLocalTime
0x46030c GetLastError
0x460310 GetFullPathNameA
0x460314 GetDiskFreeSpaceA
0x460318 GetDateFormatA
0x46031c GetCurrentThreadId
0x460320 GetCurrentProcessId
0x460324 GetCPInfo
0x460328 GetACP
0x46032c FreeResource
0x460330 InterlockedExchange
0x460334 FreeLibrary
0x460338 FormatMessageA
0x46033c FindResourceA
0x460340 EnumCalendarInfoA
0x46034c CreateThread
0x460350 CreateFileA
0x460354 CreateEventA
0x460358 CompareStringA
0x46035c CloseHandle
Library version.dll:
0x460364 VerQueryValueA
0x46036c GetFileVersionInfoA
Library gdi32.dll:
0x460374 UnrealizeObject
0x460378 StretchBlt
0x46037c SetWindowOrgEx
0x460380 SetWinMetaFileBits
0x460384 SetViewportOrgEx
0x460388 SetTextColor
0x46038c SetStretchBltMode
0x460390 SetROP2
0x460394 SetPixel
0x460398 SetEnhMetaFileBits
0x46039c SetDIBColorTable
0x4603a0 SetBrushOrgEx
0x4603a4 SetBkMode
0x4603a8 SetBkColor
0x4603ac SelectPalette
0x4603b0 SelectObject
0x4603b4 SaveDC
0x4603b8 RestoreDC
0x4603bc Rectangle
0x4603c0 RectVisible
0x4603c4 RealizePalette
0x4603c8 Polyline
0x4603cc PlayEnhMetaFile
0x4603d0 PatBlt
0x4603d4 MoveToEx
0x4603d8 MaskBlt
0x4603dc LineTo
0x4603e0 IntersectClipRect
0x4603e4 GetWindowOrgEx
0x4603e8 GetWinMetaFileBits
0x4603ec GetTextMetricsA
0x4603f4 GetTextAlign
0x4603fc GetStockObject
0x460400 GetROP2
0x460404 GetPolyFillMode
0x460408 GetPixelFormat
0x46040c GetPixel
0x460410 GetPaletteEntries
0x460414 GetObjectA
0x460424 GetEnhMetaFileBits
0x460428 GetDeviceCaps
0x46042c GetDIBits
0x460430 GetDIBColorTable
0x460434 GetDCOrgEx
0x460438 GetDCPenColor
0x46043c GetDCBrushColor
0x460444 GetClipBox
0x460448 GetBrushOrgEx
0x46044c GetBkMode
0x460450 GetBkColor
0x460454 GetBitmapBits
0x460458 ExcludeClipRect
0x46045c DeleteObject
0x460460 DeleteEnhMetaFile
0x460464 DeleteDC
0x460468 CreateSolidBrush
0x46046c CreatePenIndirect
0x460470 CreatePalette
0x460478 CreateFontIndirectA
0x46047c CreateEnhMetaFileA
0x460480 CreateDIBitmap
0x460484 CreateDIBSection
0x460488 CreateCompatibleDC
0x460490 CreateBrushIndirect
0x460494 CreateBitmap
0x460498 CopyEnhMetaFileA
0x46049c CloseEnhMetaFile
0x4604a0 BitBlt
Library user32.dll:
0x4604a8 CreateWindowExA
0x4604ac WindowFromPoint
0x4604b0 WinHelpA
0x4604b4 WaitMessage
0x4604b8 UpdateWindow
0x4604bc UnregisterClassA
0x4604c0 UnhookWindowsHookEx
0x4604c4 TranslateMessage
0x4604cc TrackPopupMenu
0x4604d4 ShowWindow
0x4604d8 ShowScrollBar
0x4604dc ShowOwnedPopups
0x4604e0 ShowCursor
0x4604e4 SetWindowsHookExA
0x4604e8 SetWindowPos
0x4604ec SetWindowPlacement
0x4604f0 SetWindowLongA
0x4604f4 SetTimer
0x4604f8 SetScrollRange
0x4604fc SetScrollPos
0x460500 SetScrollInfo
0x460504 SetRect
0x460508 SetPropA
0x46050c SetParent
0x460510 SetMenuItemInfoA
0x460514 SetMenu
0x460518 SetForegroundWindow
0x46051c SetFocus
0x460520 SetCursor
0x460524 SetClassLongA
0x460528 SetCapture
0x46052c SetActiveWindow
0x460530 SendMessageA
0x460534 ScrollWindow
0x460538 ScreenToClient
0x46053c RemovePropA
0x460540 RemoveMenu
0x460544 ReleaseDC
0x460548 ReleaseCapture
0x460554 RegisterClassA
0x460558 RedrawWindow
0x46055c PtInRect
0x460560 PostQuitMessage
0x460564 PostMessageA
0x460568 PeekMessageA
0x46056c OffsetRect
0x460570 OemToCharA
0x460574 MessageBoxA
0x460578 MapWindowPoints
0x46057c MapVirtualKeyA
0x460580 LoadStringA
0x460584 LoadKeyboardLayoutA
0x460588 LoadIconA
0x46058c LoadCursorA
0x460590 LoadBitmapA
0x460594 KillTimer
0x460598 IsZoomed
0x46059c IsWindowVisible
0x4605a0 IsWindowEnabled
0x4605a4 IsWindow
0x4605a8 IsRectEmpty
0x4605ac IsIconic
0x4605b0 IsDialogMessageA
0x4605b4 IsChild
0x4605b8 InvalidateRect
0x4605bc IntersectRect
0x4605c0 InsertMenuItemA
0x4605c4 InsertMenuA
0x4605c8 InflateRect
0x4605d0 GetWindowTextA
0x4605d4 GetWindowRect
0x4605d8 GetWindowPlacement
0x4605dc GetWindowLongA
0x4605e0 GetWindowDC
0x4605e4 GetTopWindow
0x4605e8 GetSystemMetrics
0x4605ec GetSystemMenu
0x4605f0 GetSysColorBrush
0x4605f4 GetSysColor
0x4605f8 GetSubMenu
0x4605fc GetScrollRange
0x460600 GetScrollPos
0x460604 GetScrollInfo
0x460608 GetPropA
0x46060c GetParent
0x460610 GetWindow
0x460614 GetMessageTime
0x460618 GetMenuStringA
0x46061c GetMenuState
0x460620 GetMenuItemInfoA
0x460624 GetMenuItemID
0x460628 GetMenuItemCount
0x46062c GetMenu
0x460630 GetLastActivePopup
0x460634 GetKeyboardState
0x46063c GetKeyboardLayout
0x460640 GetKeyState
0x460644 GetKeyNameTextA
0x460648 GetIconInfo
0x46064c GetForegroundWindow
0x460650 GetFocus
0x460654 GetDesktopWindow
0x460658 GetDCEx
0x46065c GetDC
0x460660 GetCursorPos
0x460664 GetCursor
0x460668 GetClipboardData
0x46066c GetClientRect
0x460670 GetClassNameA
0x460674 GetClassInfoA
0x460678 GetCapture
0x46067c GetActiveWindow
0x460680 FrameRect
0x460684 FindWindowA
0x460688 FillRect
0x46068c EqualRect
0x460690 EnumWindows
0x460694 EnumThreadWindows
0x460698 EndPaint
0x46069c EnableWindow
0x4606a0 EnableScrollBar
0x4606a4 EnableMenuItem
0x4606a8 DrawTextA
0x4606ac DrawMenuBar
0x4606b0 DrawIconEx
0x4606b4 DrawIcon
0x4606b8 DrawFrameControl
0x4606bc DrawEdge
0x4606c0 DispatchMessageA
0x4606c4 DestroyWindow
0x4606c8 DestroyMenu
0x4606cc DestroyIcon
0x4606d0 DestroyCursor
0x4606d4 DeleteMenu
0x4606d8 DefWindowProcA
0x4606dc DefMDIChildProcA
0x4606e0 DefFrameProcA
0x4606e4 CreatePopupMenu
0x4606e8 CreateMenu
0x4606ec CreateIcon
0x4606f0 ClientToScreen
0x4606f4 CheckMenuItem
0x4606f8 CallWindowProcA
0x4606fc CallNextHookEx
0x460700 BeginPaint
0x460704 CharNextA
0x460708 CharLowerBuffA
0x46070c CharLowerA
0x460710 CharToOemA
0x460714 AdjustWindowRectEx
Library kernel32.dll:
0x460720 Sleep
Library oleaut32.dll:
0x460728 SafeArrayPtrOfIndex
0x46072c SafeArrayGetUBound
0x460730 SafeArrayGetLBound
0x460734 SafeArrayCreate
0x460738 VariantChangeType
0x46073c VariantCopy
0x460740 VariantClear
0x460744 VariantInit
Library ole32.dll:
0x460750 IsAccelerator
0x460754 OleDraw
0x46075c CoCreateInstance
0x460760 CoGetClassObject
0x460764 CoUninitialize
0x460768 CoInitialize
0x46076c IsEqualGUID
Library oleaut32.dll:
0x460774 GetErrorInfo
0x460778 SysFreeString
Library comctl32.dll:
0x460788 ImageList_Write
0x46078c ImageList_Read
0x46079c ImageList_DragMove
0x4607a0 ImageList_DragLeave
0x4607a4 ImageList_DragEnter
0x4607a8 ImageList_EndDrag
0x4607ac ImageList_BeginDrag
0x4607b0 ImageList_Remove
0x4607b4 ImageList_DrawEx
0x4607b8 ImageList_Draw
0x4607c8 ImageList_Add
0x4607d4 ImageList_Destroy
0x4607d8 ImageList_Create
Library advapi32.dll:
0x4607e0 QueryServiceStatus
0x4607e4 OpenServiceA
0x4607e8 OpenSCManagerA
0x4607ec CloseServiceHandle
Library UrL:
0x4607f4 InetIsOffline

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57236 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.