SmartHawk

3.6

中危

21 个模型检测该样本为恶意！

重新分析

下载样本

edbf3ac01757e4c47935b3cff7abb8a1fcc65aa9ad641a4d6625ef63aa43c753

a08fee015ab21fd2919c869a743699b6.exe

分析耗时

92s

最近分析

文件大小

1.4MB

静态报毒动态报毒 AIDETECTVM ARTEMIS CN0@AG7FIWC CONFIDENCE GENERIC@ML HIGH CONFIDENCE INO9JJPWJSWS4HNC2MNONQ MALWARE1 MALWARE@#3ADEMGT6PEOKX OCCAMY QVM20 RDMK SCORE STATIC AI SUSPICIOUS PE UNSAFE ZEXAF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Artemis!A08FEE015AB2	20201211	6.0.6.653
CrowdStrike	win/malicious_confidence_80% (W)	20190702	1.0
Alibaba		20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast		20201210	21.1.5827.0
Kingsoft		20201211	2017.9.26.565
Tencent		20201211	1.0.0.1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619801607.643876 GlobalMemoryStatusEx		success	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.code

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.885992974664264

section

{'size_of_data': '0x00126600', 'virtual_address': '0x0004f000', 'entropy': 7.885992974664264, 'name': '.rsrc', 'virtual_size': '0x001264c4'}

description

A section with a high entropy has been found

entropy

0.7966847090663058

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 21 AntiVirus engines on VirusTotal as malicious (21 个事件)

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
FireEye	Generic.mg.a08fee015ab21fd2
Qihoo-360	Generic/HEUR/QVM20.1.A115.Malware.Gen
McAfee	Artemis!A08FEE015AB2
Cylance	Unsafe
Sangfor	Malware
CrowdStrike	win/malicious_confidence_80% (W)
APEX	Malicious
Paloalto	generic.ml
AegisLab	Trojan.Win32.Generic.4!c
Rising	Trojan.Generic@ML.95 (RDMK:Ino9jJpwJSWS4HnC2mNoNQ)
Sophos	ML/PE-A
Comodo	Malware@#3ademgt6peokx
McAfee-GW-Edition	BehavesLike.Win32.Backdoor.tc
SentinelOne	Static AI - Suspicious PE
Antiy-AVL	Trojan/Win32.Occamy
Microsoft	Trojan:Win32/Occamy.CED
BitDefenderTheta	Gen:NN.ZexaF.34670.Cn0@aG7FiWc
VBA32	suspected of Trojan.Downloader.gen.h
eGambit	Unsafe.AI_Score_99%

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)

dead_host	172.217.24.14:443
dead_host	172.217.160.110:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-06-01 08:16:16

Imports

Library kernel32.dll:

• 0x43b3c0 AddAtomA

• 0x43b3c4 CloseHandle

• 0x43b3c8 CompareStringA

• 0x43b3cc CompareStringW

• 0x43b3d0 CreateDirectoryA

• 0x43b3d4 CreateFileA

• 0x43b3d8 CreateFileW

• 0x43b3dc CreateMutexA

• 0x43b3e0 CreateThread

• 0x43b3e4 DeleteCriticalSection

• 0x43b3e8 DeleteFileA

• 0x43b3ec DeleteFileW

• 0x43b3f0 DeviceIoControl

• 0x43b3f4 EnterCriticalSection

• 0x43b3f8 ExitProcess

• 0x43b3fc FindAtomA

• 0x43b400 FindClose

• 0x43b404 FindFirstFileA

• 0x43b408 FindNextFileA

• 0x43b40c FindResourceA

• 0x43b410 FlushFileBuffers

• 0x43b414 FreeEnvironmentStringsA

• 0x43b418 FreeEnvironmentStringsW

• 0x43b41c FreeLibrary

• 0x43b420 FreeResource

• 0x43b424 GetACP

• 0x43b428 GetAtomNameA

• 0x43b42c GetCPInfo

• 0x43b430 GetCommandLineA

• 0x43b434 GetCurrentProcess

• 0x43b438 GetCurrentThreadId

• 0x43b43c GetEnvironmentStringsA

• 0x43b440 GetEnvironmentStringsW

• 0x43b444 GetEnvironmentVariableA

• 0x43b448 GetFileSize

• 0x43b44c GetFileType

• 0x43b450 GetLastError

• 0x43b454 GetLocalTime

• 0x43b458 GetLongPathNameW

• 0x43b45c GetModuleFileNameA

• 0x43b460 GetModuleFileNameW

• 0x43b464 GetModuleHandleA

• 0x43b468 GetOEMCP

• 0x43b46c GetProcAddress

• 0x43b470 GetStartupInfoA

• 0x43b474 GetStdHandle

• 0x43b478 GetStringTypeA

• 0x43b47c GetStringTypeW

• 0x43b480 GetSystemDefaultLCID

• 0x43b484 GetTempPathA

• 0x43b488 GetTempPathW

• 0x43b48c GetTickCount

• 0x43b490 GetTimeZoneInformation

• 0x43b494 GetVersion

• 0x43b498 GetVersionExA

• 0x43b49c GlobalAlloc

• 0x43b4a0 GlobalFree

• 0x43b4a4 HeapAlloc

• 0x43b4a8 HeapCreate

• 0x43b4ac HeapDestroy

• 0x43b4b0 HeapFree

• 0x43b4b4 HeapReAlloc

• 0x43b4b8 InitializeCriticalSection

• 0x43b4bc InterlockedDecrement

• 0x43b4c0 InterlockedIncrement

• 0x43b4c4 LCMapStringA

• 0x43b4c8 LCMapStringW

• 0x43b4cc LeaveCriticalSection

• 0x43b4d0 LoadLibraryA

• 0x43b4d4 LoadLibraryExA

• 0x43b4d8 LoadResource

• 0x43b4dc LocalAlloc

• 0x43b4e0 LocalFree

• 0x43b4e4 MultiByteToWideChar

• 0x43b4e8 OpenMutexA

• 0x43b4ec QueryDosDeviceA

• 0x43b4f0 ReadFile

• 0x43b4f4 ReleaseMutex

• 0x43b4f8 RtlUnwind

• 0x43b4fc SetEnvironmentVariableA

• 0x43b500 SetFilePointer

• 0x43b504 SetHandleCount

• 0x43b508 SetLastError

• 0x43b50c SetStdHandle

• 0x43b510 SizeofResource

• 0x43b514 Sleep

• 0x43b518 TerminateProcess

• 0x43b51c TlsAlloc

• 0x43b520 TlsFree

• 0x43b524 TlsGetValue

• 0x43b528 TlsSetValue

• 0x43b52c VirtualAlloc

• 0x43b530 VirtualFree

• 0x43b534 WaitForSingleObject

• 0x43b538 WideCharToMultiByte

• 0x43b53c WriteFile

• 0x43b540 lstrcatA

• 0x43b544 lstrcatW

• 0x43b548 lstrcmpA

• 0x43b54c lstrcmpiA

• 0x43b550 lstrcmpiW

• 0x43b554 lstrcpyA

• 0x43b558 lstrcpyW

• 0x43b55c lstrlenA

• 0x43b560 lstrlenW

Library user32.dll:

• 0x43bd10 CreateIconIndirect

• 0x43bd14 CreateWindowExA

• 0x43bd18 CreateWindowExW

• 0x43bd1c DefWindowProcA

• 0x43bd20 DefWindowProcW

• 0x43bd24 DestroyWindow

• 0x43bd28 DispatchMessageA

• 0x43bd2c DispatchMessageW

• 0x43bd30 DrawIconEx

• 0x43bd34 DrawTextA

• 0x43bd38 DrawTextW

• 0x43bd3c EnableWindow

• 0x43bd40 GetClientRect

• 0x43bd44 GetDC

• 0x43bd48 GetFocus

• 0x43bd4c GetIconInfo

• 0x43bd50 GetMessageA

• 0x43bd54 GetMessageW

• 0x43bd58 GetSystemMetrics

• 0x43bd5c GetWindowLongA

• 0x43bd60 GetWindowLongW

• 0x43bd64 GetWindowRect

• 0x43bd68 GetWindowTextLengthA

• 0x43bd6c IsDialogMessageA

• 0x43bd70 KillTimer

• 0x43bd74 LoadCursorA

• 0x43bd78 LoadCursorW

• 0x43bd7c LoadIconA

• 0x43bd80 LoadIconW

• 0x43bd84 LoadImageA

• 0x43bd88 MapWindowPoints

• 0x43bd8c MessageBoxW

• 0x43bd90 MoveWindow

• 0x43bd94 PostMessageA

• 0x43bd98 PostQuitMessage

• 0x43bd9c RegisterClassA

• 0x43bda0 RegisterClassW

• 0x43bda4 ReleaseDC

• 0x43bda8 SendMessageA

• 0x43bdac SendMessageW

• 0x43bdb0 SetFocus

• 0x43bdb4 SetForegroundWindow

• 0x43bdb8 SetTimer

• 0x43bdbc SetWindowLongA

• 0x43bdc0 SetWindowPos

• 0x43bdc4 SetWindowTextW

• 0x43bdc8 ShowWindow

• 0x43bdcc TranslateMessage

• 0x43bdd0 wsprintfA

• 0x43bdd4 wsprintfW

Library gdi32.dll:

• 0x43c12c CreateBitmap

• 0x43c130 CreateCompatibleDC

• 0x43c134 CreateFontIndirectA

• 0x43c138 CreateSolidBrush

• 0x43c13c DeleteObject

• 0x43c140 GetDIBits

• 0x43c144 GetStockObject

• 0x43c148 RoundRect

• 0x43c14c SelectObject

• 0x43c150 SetBkColor

• 0x43c154 SetBkMode

• 0x43c158 SetDIBits

• 0x43c15c SetTextColor

Library ntdll.dll:

• 0x43c240 memset

• 0x43c244 memcpy

Library COMCTL32.DLL:

• 0x43c268 InitCommonControls

Library advapi32.dll:

• 0x43c2ac InitializeSecurityDescriptor

• 0x43c2b0 RegCloseKey

• 0x43c2b4 RegCreateKeyExA

• 0x43c2b8 RegEnumKeyExA

• 0x43c2bc RegOpenKeyExA

• 0x43c2c0 RegQueryValueExA

• 0x43c2c4 RegSetValueExA

• 0x43c2c8 SetSecurityDescriptorDacl

Library ole32.dll:

• 0x43c64c OleInitialize

• 0x43c650 OleCreate

• 0x43c654 OleSetContainedObject

• 0x43c658 CoInitialize

• 0x43c65c CoCreateInstance

• 0x43c660 CLSIDFromProgID

Library oleaut32.dll:

• 0x43c6e4 VariantInit

• 0x43c6e8 SysAllocString

• 0x43c6ec SysFreeString

Library setupapi.dll:

• 0x43c394 SetupDiGetDeviceRegistryPropertyA

• 0x43c398 SetupDiEnumDeviceInfo

• 0x43c39c SetupDiGetClassDevsA

• 0x43c3a0 SetupDiGetDeviceInterfaceDetailA

• 0x43c3a4 SetupDiEnumDeviceInterfaces

• 0x43c3a8 SetupDiGetDeviceInstanceIdA

• 0x43c3ac SetupDiDestroyDeviceInfoList

Library shell32.dll:

• 0x43c530 DragAcceptFiles

• 0x43c534 ShellExecuteA

• 0x43c538 SHGetFolderPathA

Library shlwapi.dll:

• 0x43c4a0 PathRemoveFileSpecA

• 0x43c4a4 PathFindExtensionA

• 0x43c4a8 PathFileExistsW

• 0x43c4ac PathStripPathW

• 0x43c4b0 PathFindExtensionW

Library ws2_32.dll:

• 0x43c5a0 WSAStartup

• 0x43c5a4 WSACleanup

• 0x43c5a8 socket

• 0x43c5ac closesocket

• 0x43c5b0 gethostbyname

• 0x43c5b4 connect

• 0x43c5b8 send

• 0x43c5bc recv

• 0x43c5c0 select

Library ole32.dll:

• 0x43c64c OleInitialize

• 0x43c650 OleCreate

• 0x43c654 OleSetContainedObject

• 0x43c658 CoInitialize

• 0x43c65c CoCreateInstance

• 0x43c660 CLSIDFromProgID

Library oleaut32.dll:

• 0x43c6e4 VariantInit

• 0x43c6e8 SysAllocString

• 0x43c6ec SysFreeString

Library msvcrt.dll:

• 0x43c750 _fdopen

• 0x43c754 fputc

• 0x43c758 fclose

• 0x43c75c fread

• 0x43c760 fwrite

• 0x43c764 fprintf

• 0x43c768 strcpy

• 0x43c76c strlen

• 0x43c770 fopen

• 0x43c774 fgetpos

Library version.dll:

• 0x43c7f8 GetFileVersionInfoSizeA

• 0x43c7fc GetFileVersionInfoA

• 0x43c800 VerQueryValueA

• 0x43c804 GetFileVersionInfoSizeW

• 0x43c808 GetFileVersionInfoW

• 0x43c80c VerQueryValueW

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
clients2.google.com	A 172.217.160.110 CNAME clients.l.google.com	172.217.160.78
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	49713	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	50002	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	50568	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57756	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	62912	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.