2.4
中危
34 个模型检测该样本为恶意!
重新分析
更多

495c4781b223f63312cb20fe721948bff389a3f170b1b1614dd635c84c2e2cae

a1d95c76090b20f7a2e78aec586a2723.exe

分析耗时

73s

最近分析

文件大小

150.2KB
静态报毒 动态报毒 ADKOR ADSHOP AI SCORE=98 ARTEMIS ATTRIBUTE DOWNLOADADMIN ELWL EQQYCW F47V0613 FKIQO GENERIC PUA IE HIGHCONFIDENCE KRADDARE KRADDARECRTD LMUJ LUCKYTOOL SAFETERRA SUBSHOP 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!A1D95C76090B 20180617 6.0.6.653
Baidu 20180615 1.0.0.2
Avast Win32:Adware-gen [Adw] 20180617 18.4.3895.0
Kingsoft 20180617 2013.8.14.323
Tencent Win32.Trojan.Adware.Lmuj 20180617 1.0.0.1
CrowdStrike 20180530 1.0
行为判定
动态指标
Foreign language identified in PE resource (13 个事件)
name RT_ICON language LANG_KOREAN offset 0x00024ac0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN size 0x00000468
name RT_ICON language LANG_KOREAN offset 0x00024ac0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN size 0x00000468
name RT_ICON language LANG_KOREAN offset 0x00024ac0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN size 0x00000468
name RT_ICON language LANG_KOREAN offset 0x00024ac0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN size 0x00000468
name RT_ICON language LANG_KOREAN offset 0x00024ac0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN size 0x00000468
name RT_ICON language LANG_KOREAN offset 0x00024ac0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN size 0x00000468
name RT_ICON language LANG_KOREAN offset 0x00024ac0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN size 0x00000468
name RT_ICON language LANG_KOREAN offset 0x00024ac0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN size 0x00000468
name RT_ICON language LANG_KOREAN offset 0x00024ac0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN size 0x00000468
name RT_ICON language LANG_KOREAN offset 0x00024ac0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN size 0x00000468
name RT_ICON language LANG_KOREAN offset 0x00024ac0 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN size 0x00000468
name RT_GROUP_ICON language LANG_KOREAN offset 0x00024f28 filetype data sublanguage SUBLANG_KOREAN size 0x000000a0
name RT_VERSION language LANG_KOREAN offset 0x00024fc8 filetype data sublanguage SUBLANG_KOREAN size 0x000002cc
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 203.208.41.66
File has been identified by 34 AntiVirus engines on VirusTotal as malicious (34 个事件)
MicroWorld-eScan Gen:Variant.Adware.Kraddare.26
CAT-QuickHeal Trojan.Downloadadmin
McAfee Artemis!A1D95C76090B
K7GW Adware ( 004b70241 )
K7AntiVirus Adware ( 004b70241 )
NANO-Antivirus Riskware.Win32.Agent.eqqycw
Cyren W32/Adware.ELWL-7619
Symantec ML.Attribute.HighConfidence
TrendMicro-HouseCall Suspicious_GEN.F47V0613
Avast Win32:Adware-gen [Adw]
BitDefender Gen:Variant.Adware.Kraddare.26
ViRobot Adware.Kraddare.153784
Ad-Aware Gen:Variant.Adware.Kraddare.26
Sophos Generic PUA IE (PUA)
F-Secure Gen:Variant.Adware.Kraddare
DrWeb Trojan.Adkor.387
Zillya Adware.KraddareCRTD.Win32.191
McAfee-GW-Edition Artemis
Emsisoft Application.AdShop (A)
Jiangmin Adware/Agent.syy
Webroot Pua.Subshop
Avira ADWARE/SafeTerra.fkiqo
Fortinet Riskware/SafeTerra
SUPERAntiSpyware PUP.LuckyTool/Variant
Microsoft PUA:Win32/DownloadAdmin
AhnLab-V3 PUP/Win32.SubShop.C578518
MAX malware (ai score=98)
Malwarebytes Adware.Kraddare
ESET-NOD32 Win32/Adware.SafeTerra.A
Tencent Win32.Trojan.Adware.Lmuj
GData Gen:Variant.Adware.Kraddare.26
AVG Win32:Adware-gen [Adw]
Cybereason malicious.6090b2
Paloalto generic.ml
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2014-09-18 16:46:54

Imports

Library KERNEL32.dll:
0x409060 OpenProcess
0x409064 Process32Next
0x40906c Process32First
0x409078 CreateEventA
0x40907c GetVersionExA
0x409080 GetModuleFileNameA
0x409084 WaitForSingleObject
0x409088 SetEvent
0x40908c CloseHandle
0x409090 FindResourceExW
0x409098 FindResourceW
0x40909c SizeofResource
0x4090a0 LockResource
0x4090a4 LoadResource
0x4090ac GetLastError
0x4090b0 WideCharToMultiByte
0x4090b4 MultiByteToWideChar
0x4090c0 GetCurrentThreadId
0x4090c4 GetCurrentProcessId
0x4090cc DecodePointer
0x4090d0 EncodePointer
0x4090d8 IsDebuggerPresent
0x4090e4 HeapDestroy
0x4090e8 HeapAlloc
0x4090ec HeapReAlloc
0x4090f0 HeapFree
0x4090f4 HeapSize
0x4090f8 LocalFree
0x4090fc GetProcessHeap
0x409100 RaiseException
Library ADVAPI32.dll:
0x409000 RegEnumValueA
0x409004 RevertToSelf
0x409010 SetTokenInformation
0x409014 DuplicateTokenEx
0x40901c OpenProcessToken
0x409024 DeleteService
0x409028 ControlService
0x40902c StartServiceA
0x409030 CloseServiceHandle
0x409034 OpenServiceA
0x409038 OpenSCManagerA
0x40903c SetServiceStatus
0x409044 RegQueryInfoKeyA
0x409048 RegEnumKeyExA
0x40904c RegCloseKey
0x409050 RegDeleteValueA
0x409054 RegDeleteKeyA
0x409058 RegOpenKeyExA
Library ole32.dll:
0x409238 CoUninitialize
0x40923c CoCreateInstance
0x409244 CoInitialize
Library OLEAUT32.dll:
0x4091f4 SysFreeString
0x4091f8 SysAllocString
0x4091fc VariantInit
0x409200 VariantClear
Library MSVCP110.dll:
Library WTSAPI32.dll:
0x409230 WTSQueryUserToken
Library USERENV.dll:
Library WININET.dll:
0x409214 InternetOpenA
0x409218 InternetConnectA
0x40921c HttpOpenRequestA
0x409220 InternetCloseHandle
0x409224 InternetReadFile
0x409228 HttpSendRequestA
Library MSVCR110.dll:
0x409120 __CxxFrameHandler3
0x409124 _controlfp_s
0x409128 ??3@YAXPAX@Z
0x40912c free
0x409130 malloc
0x409134 memcpy_s
0x409138 memmove
0x40913c memmove_s
0x409140 strcpy_s
0x409144 strcat_s
0x409148 _strlwr_s
0x40914c _mbslwr_s
0x409150 _splitpath_s
0x409154 strnlen
0x409158 ??_V@YAXPAX@Z
0x40915c _mbsstr
0x409160 ??2@YAPAXI@Z
0x409164 _stricmp
0x409168 _mbsspn
0x40916c _mbscspn
0x409170 _mbscmp
0x409174 _purecall
0x409178 memset
0x40917c _CxxThrowException
0x409184 _crt_debugger_hook
0x409190 _lock
0x409194 _unlock
0x409198 _calloc_crt
0x40919c __dllonexit
0x4091a0 _onexit
0x4091a4 _XcptFilter
0x4091a8 _amsg_exit
0x4091ac __getmainargs
0x4091b0 __set_app_type
0x4091b4 exit
0x4091b8 _exit
0x4091bc _cexit
0x4091c0 _configthreadlocale
0x4091c4 __setusermatherr
0x4091c8 _initterm_e
0x4091cc _initterm
0x4091d0 __initenv
0x4091d4 _fmode
0x4091d8 _commode
0x4091e0 ?terminate@@YAXXZ
0x4091e8 _invoke_watson
0x4091ec memcpy

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.