3.8
中危
48 个模型检测该样本为恶意!
重新分析
更多

38b7ba61ad087407146ccd397519b0af969e3dc6f70e0345e7cf0de3f18b12f4

a0af67431db081d3a9cea7aff03ddddb.exe

分析耗时

84s

最近分析

文件大小

37.0KB
静态报毒 动态报毒 A VARIANT OF GENERIK AI SCORE=86 ARTEMIS ATTRIBUTE AVSLY BSCOPE CLASSIC COBALTSTRIKE CONFIDENCE ELDORADO GENCIRC HACKTOOL HIGHCONFIDENCE HZNEJIR R03BC0DHO20 SUSPICIOUS PE SWRORT UMAL VEIL WACATAC XVNQV@0 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Swrort.12fdb54f 20190527 0.3.0.5
Avast Win32:Malware-gen 20200912 18.4.3895.0
Baidu 20190318 1.0.0.2
Kingsoft 20200913 2013.8.14.323
McAfee Artemis!A0AF67431DB0 20200912 6.0.6.653
Tencent Malware.Win32.Gencirc.11ad83a9 20200913 1.0.0.1
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
静态指标
This executable has a PDB path (1 个事件)
pdb_path D:\c\daima\cpulstest\Debug\xor.pdb
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section .textbss
section .gfids
section .00cfg
The executable uses a known packer (1 个事件)
packer Microsoft Visual C++ V8.0 (Debug)
行为判定
动态指标
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 个事件)
MicroWorld-eScan Generic.Exploit.Shellcode.1.1C7BB52C
FireEye Generic.Exploit.Shellcode.1.1C7BB52C
Qihoo-360 Generic/Trojan.b38
ALYac Generic.Exploit.Shellcode.1.1C7BB52C
Malwarebytes Trojan.Downloader
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/Swrort.12fdb54f
K7GW Riskware ( 0040eff71 )
Cybereason malicious.31db08
Arcabit Generic.Exploit.Shellcode.1.1C7BB52C
Invincea Troj/Swrort-BY
Cyren W32/S-e86b6348!Eldorado
Symantec ML.Attribute.HighConfidence
TrendMicro-HouseCall TROJ_GEN.R03BC0DHO20
Paloalto generic.ml
ClamAV Win.Trojan.CobaltStrike-7913051-0
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Generic.Exploit.Shellcode.1.1C7BB52C
ViRobot Trojan.Win32.Z.Swrort.37888.CE
Avast Win32:Malware-gen
Rising HackTool.Swrort!1.6477 (CLASSIC)
Ad-Aware Generic.Exploit.Shellcode.1.1C7BB52C
Comodo TrojWare.Win32.UMal.xvnqv@0
F-Secure Trojan.TR/Swrort.avsly
Zillya Trojan.Generic.Win32.1187557
TrendMicro TROJ_GEN.R03BC0DHO20
Sophos Troj/Swrort-BY
SentinelOne DFI - Suspicious PE
Webroot W32.Trojan.CobaltStrike
Avira TR/Swrort.avsly
Antiy-AVL Trojan/Win32.Swrort
Microsoft Trojan:Win32/Swrort.A
AegisLab Trojan.Win32.Generic.4!c
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Generic.Exploit.Shellcode.1.1C7BB52C
AhnLab-V3 Malware/Win32.Generic.C4193715
McAfee Artemis!A0AF67431DB0
MAX malware (ai score=86)
VBA32 BScope.Trojan.Wacatac
APEX Malicious
ESET-NOD32 a variant of Generik.HZNEJIR
Tencent Malware.Win32.Gencirc.11ad83a9
Ikarus Trojan.Veil
Fortinet W32/Generic!tr
AVG Win32:Malware-gen
CrowdStrike win/malicious_confidence_60% (W)
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.27.142:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-20 11:13:01

Imports

Library VCRUNTIME140D.dll:
0x4190ac memset
Library ucrtbased.dll:
0x4190e4 _seh_filter_dll
0x4190ec __p__commode
0x4190f4 _crt_atexit
0x4190f8 _crt_at_quick_exit
0x4190fc _controlfp_s
0x419100 terminate
0x419104 _wmakepath_s
0x419108 _wsplitpath_s
0x41910c wcscpy_s
0x419110 _set_new_mode
0x419114 _configthreadlocale
0x41911c _c_exit
0x419120 _cexit
0x419124 __p___argv
0x419128 __p___argc
0x41912c _set_fmode
0x419130 _exit
0x419134 exit
0x419138 _initterm_e
0x41913c _initterm
0x41914c __setusermatherr
0x419150 _set_app_type
0x419154 _seh_filter_exe
0x419158 _CrtDbgReportW
0x41915c _CrtDbgReport
0x419160 system
0x419168 __acrt_iob_func
Library KERNEL32.dll:
0x419000 RaiseException
0x419004 MultiByteToWideChar
0x419008 WideCharToMultiByte
0x419014 GetCurrentProcess
0x419018 GetProcAddress
0x41901c FreeLibrary
0x419020 VirtualQuery
0x419024 GetProcessHeap
0x419028 HeapFree
0x41902c HeapAlloc
0x419030 GetLastError
0x419034 GetModuleHandleW
0x419038 GetStartupInfoW
0x41903c InitializeSListHead
0x419044 GetCurrentThreadId
0x419048 GetCurrentProcessId
0x419054 TerminateProcess
0x419058 IsDebuggerPresent

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.