1.6
低危
53 个模型检测该样本为恶意!
重新分析
更多

dff1e27ea5797b49da2a5c7ca8ef6af4b4681d9bdc3baf92ceb0db77cb00fc83

9fc684095937fb1c40cdb480df66b2ef.exe

分析耗时

11s

最近分析

文件大小

490.5KB
静态报毒 动态报毒 AGENSLA AGENTTESLA AI SCORE=80 ANDROM ATTRIBUTE BUMLLI CONFIDENCE ELDORADO FAREIT GDSDA GENERICKD GENOME HIGH CONFIDENCE HIGHCONFIDENCE HUBGG HYTQ IGENT KRYPTIK MXRESICN OCWYG@0 PWSX R349657 SCORE SIGGEN2 TSCOPE UNSAFE USXVPI120 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Backdoor:MSIL/AgentTesla.2ed93348 20190527 0.3.0.5
Avast Win32:PWSX-gen [Trj] 20200908 18.4.3895.0
Baidu 20190318 1.0.0.2
Kingsoft 20200909 2013.8.14.323
McAfee Fareit-FZD!9FC684095937 20200908 6.0.6.653
Tencent Msil.Backdoor.Androm.Hytq 20200909 1.0.0.1
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
行为判定
动态指标
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.970034205128268 section {'size_of_data': '0x00075c00', 'virtual_address': '0x00002000', 'entropy': 7.970034205128268, 'name': '.text', 'virtual_size': '0x00075bac'} description A section with a high entropy has been found
entropy 0.9612244897959183 description Overall entropy of this PE file is high
网络通信
File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 个事件)
Elastic malicious (high confidence)
DrWeb Trojan.PWS.Siggen2.54183
MicroWorld-eScan Trojan.GenericKD.43757123
FireEye Generic.mg.9fc684095937fb1c
ALYac Trojan.GenericKD.43757123
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Trojan ( 0056d82f1 )
Alibaba Backdoor:MSIL/AgentTesla.2ed93348
K7GW Trojan ( 0056d82f1 )
Cybereason malicious.f53bb3
Invincea Mal/Generic-S
Cyren W32/MSIL_Troj.YM.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Kryptik.XNL
TrendMicro-HouseCall TrojanSpy.MSIL.AGENSLA.USXVPI120
Avast Win32:PWSX-gen [Trj]
Cynet Malicious (score: 90)
Kaspersky HEUR:Backdoor.MSIL.Androm.gen
BitDefender Trojan.GenericKD.43757123
Paloalto generic.ml
AegisLab Trojan.MSIL.Androm.m!c
Ad-Aware Trojan.GenericKD.43757123
Emsisoft Trojan.Crypt (A)
Comodo TrojWare.Win32.Genome.ocwyg@0
F-Secure Trojan.TR/Dropper.MSIL.hubgg
Zillya Trojan.Kryptik.Win32.2464206
TrendMicro TrojanSpy.MSIL.AGENSLA.USXVPI120
Sophos Mal/Generic-S
Ikarus Trojan.MSIL.Inject
Webroot W32.Trojan.Gen
Avira TR/Dropper.MSIL.hubgg
Microsoft Trojan:MSIL/AgentTesla.PBH!MTB
Arcabit Trojan.Generic.D29BAE43
ViRobot Trojan.Win32.Z.Kryptik.502272.AE
ZoneAlarm HEUR:Backdoor.MSIL.Androm.gen
GData Trojan.GenericKD.43757123
AhnLab-V3 Trojan/Win32.MSIL.R349657
McAfee Fareit-FZD!9FC684095937
MAX malware (ai score=80)
VBA32 TScope.Trojan.MSIL
Malwarebytes Trojan.MalPack.PNG.Generic
APEX Malicious
Tencent Msil.Backdoor.Androm.Hytq
Yandex Trojan.Igent.bUmLLi.2
eGambit Unsafe.AI_Score_82%
Fortinet MSIL/Kryptik.XNL!tr
MaxSecure Win.MxResIcn.Heur.Gen
AVG Win32:PWSX-gen [Trj]
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-31 11:04:16

Imports

Library mscoree.dll:
0x402000 _CorExeMain

Hosts

No hosts contacted.

DNS

No domains contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.