2.8
中危
27 个模型检测该样本为恶意!
重新分析
更多

960d05fa89cd1f62db289dbd39993a1ccc4178e8fa1001e82607705faff9673f

a20213d6960540d3c9b2ebe43f607ad8.exe

分析耗时

80s

最近分析

文件大小

365.0KB
静态报毒 动态报毒 AI SCORE=85 ARTEMIS CONFIDENCE HCUL HCUQ KRYPTIK MODERATE CONFIDENCE SCORE SUSPICIOUS PE TRICKBOT UNSAFE WACATAC WQX@AA2E3OKO XLNUH ZEXACO 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!A20213D69605 20200417 6.0.6.653
Alibaba 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_70% (D) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20200418 18.4.3895.0
Tencent 20200419 1.0.0.1
Kingsoft 20200419 2013.8.14.323
静态指标
行为判定
动态指标
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.3739997469365655 section {'size_of_data': '0x0003d000', 'virtual_address': '0x00020000', 'entropy': 7.3739997469365655, 'name': '.rsrc', 'virtual_size': '0x0003c4a4'} description A section with a high entropy has been found
entropy 0.6777777777777778 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 203.208.40.98
File has been identified by 27 AntiVirus engines on VirusTotal as malicious (27 个事件)
MicroWorld-eScan Trojan.Spy.Agent.OOJ
FireEye Generic.mg.a20213d6960540d3
McAfee Artemis!A20213D69605
CrowdStrike win/malicious_confidence_70% (D)
Invincea heuristic
APEX Malicious
Avast Win32:Malware-gen
BitDefender Trojan.Spy.Agent.OOJ
Endgame malicious (moderate confidence)
F-Secure Trojan.TR/AD.TrickBot.xlnuh
DrWeb Trojan.Packed.140
McAfee-GW-Edition BehavesLike.Win32.Generic.fc
Fortinet W32/Kryptik.HCUL!tr
Emsisoft Trojan.Spy.Agent.OOJ (B)
Avira TR/AD.TrickBot.xlnuh
eGambit Unsafe.AI_Score_86%
MAX malware (ai score=85)
Antiy-AVL Trojan/Win32.Wacatac
Arcabit Trojan.Spy.Agent.OOJ
GData Trojan.Spy.Agent.OOJ
ALYac Trojan.Spy.Agent.OOJ
Malwarebytes Trojan.TrickBot
ESET-NOD32 a variant of Win32/Kryptik.HCUQ
SentinelOne DFI - Suspicious PE
Ad-Aware Trojan.Spy.Agent.OOJ
BitDefenderTheta Gen:NN.ZexaCO.34106.wqX@aa2e3okO
AVG Win32:Malware-gen
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.24.14:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-09-10 20:27:41

Imports

Library SHLWAPI.dll:
0x417170 PathFindExtensionA
0x417174 PathFindFileNameA
Library comdlg32.dll:
0x4171ac GetOpenFileNameA
Library KERNEL32.dll:
0x417008 GetLocaleInfoW
0x41700c GetCurrentProcess
0x417010 LockResource
0x417014 SizeofResource
0x417018 LoadResource
0x41701c FindResourceA
0x417020 CloseHandle
0x417024 FindFirstFileA
0x417028 WriteFile
0x41702c ReadFile
0x417030 GetFileSize
0x417034 CreateFileA
0x417038 MoveFileA
0x41703c GetTempFileNameA
0x417040 LoadLibraryA
0x417044 GetModuleHandleA
0x417048 LoadLibraryW
0x417050 SetStdHandle
0x417054 WriteConsoleW
0x417058 GetConsoleOutputCP
0x41705c WriteConsoleA
0x417060 IsValidCodePage
0x417064 IsValidLocale
0x417068 EnumSystemLocalesA
0x41706c GetUserDefaultLCID
0x417070 DeleteFileA
0x417074 TerminateProcess
0x417078 Sleep
0x41707c InterlockedExchange
0x417090 WideCharToMultiByte
0x4170a0 MultiByteToWideChar
0x4170a8 RaiseException
0x4170ac RtlUnwind
0x4170b0 GetLastError
0x4170b4 HeapFree
0x4170b8 GetCommandLineA
0x4170bc GetVersionExA
0x4170c0 HeapAlloc
0x4170c4 GetProcessHeap
0x4170c8 GetStartupInfoA
0x4170d4 IsDebuggerPresent
0x4170d8 LCMapStringA
0x4170dc LCMapStringW
0x4170e0 GetCPInfo
0x4170e4 GetStringTypeA
0x4170e8 GetStringTypeW
0x4170ec GetProcAddress
0x4170f0 TlsGetValue
0x4170f4 TlsAlloc
0x4170f8 TlsSetValue
0x4170fc TlsFree
0x417100 SetLastError
0x417104 GetCurrentThreadId
0x417108 HeapDestroy
0x41710c HeapCreate
0x417110 VirtualFree
0x417114 VirtualAlloc
0x417118 HeapReAlloc
0x41711c ExitProcess
0x417120 GetStdHandle
0x417124 GetModuleFileNameA
0x417138 SetHandleCount
0x41713c GetFileType
0x417144 GetTickCount
0x417148 GetCurrentProcessId
0x41714c GetConsoleCP
0x417150 GetConsoleMode
0x417154 FlushFileBuffers
0x417158 SetFilePointer
0x41715c HeapSize
0x417160 GetACP
0x417164 GetOEMCP
0x417168 GetLocaleInfoA
Library USER32.dll:
0x41717c DialogBoxParamA
0x417180 SendMessageA
0x417184 GetDlgItem
0x417188 EndDialog
0x41718c LoadIconA
0x417190 MessageBoxA
0x417194 SetDlgItemTextA
0x417198 GetDlgItemTextA
0x41719c EnableWindow
0x4171a0 LoadBitmapA
0x4171a4 ShowWindow
Library GDI32.dll:
0x417000 DeleteObject

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.