6.4
高危
45 个模型检测该样本为恶意!
重新分析
更多

ce678868095353b895385977e4277db71b8b5edbca935f546bb5bc6e26ab1076

a26706c7f4f522c223872a3dcc807ee8.exe

分析耗时

106s

最近分析

文件大小

549.0KB
静态报毒 动态报毒 AGEN AI SCORE=83 AIDETECTVM ATTRIBUTE BLUTEAL BSCOPE CKGENERIC CLASSIC CONFIDENCE DELF EKLE EPYJ FAREIT GDSDA GENERICKD GENKRYPTIK HIGH CONFIDENCE HIGHCONFIDENCE IGW@AWCZGDGI KRYPTIK LKNF MALICIOUS PE MALWARE2 SCORE SUSGEN UNCLASSIFIEDMALWARE@0 UNSAFE USXVPHA20 WACATAC ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Bluteal.de468aa8 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20200822 18.4.3895.0
Tencent Win32.Trojan.Generic.Lknf 20200822 1.0.0.1
Kingsoft 20200822 2013.8.14.323
McAfee Fareit-FVM!A26706C7F4F5 20200822 6.0.6.653
CrowdStrike win/malicious_confidence_70% (D) 20190702 1.0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619781422.6565
NtAllocateVirtualMemory
process_identifier: 1752
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01cc0000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619781461.1405
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Disables proxy possibly for traffic interception (1 个事件)
Time & API Arguments Status Return Repeated
1619781460.9685
RegSetValueExA
key_handle: 0x000002dc
value: 0
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
success 0 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619781463.7655
RegSetValueExA
key_handle: 0x000003d4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619781463.7655
RegSetValueExA
key_handle: 0x000003d4
value: Eg;„=×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619781463.7655
RegSetValueExA
key_handle: 0x000003d4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619781463.7655
RegSetValueExW
key_handle: 0x000003d4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619781463.7655
RegSetValueExA
key_handle: 0x000003f0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619781463.7655
RegSetValueExA
key_handle: 0x000003f0
value: Eg;„=×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619781463.7655
RegSetValueExA
key_handle: 0x000003f0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619781463.8125
RegSetValueExW
key_handle: 0x000003d0
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Network activity contains more than one unique useragent (2 个事件)
process a26706c7f4f522c223872a3dcc807ee8.exe useragent Internal
process a26706c7f4f522c223872a3dcc807ee8.exe useragent WcE
File has been identified by 45 AntiVirus engines on VirusTotal as malicious (45 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.34315792
FireEye Generic.mg.a26706c7f4f522c2
CAT-QuickHeal Trojan.CKGENERIC
ALYac Trojan.GenericKD.34315792
Cylance Unsafe
K7AntiVirus Trojan ( 0056c7401 )
Alibaba Trojan:Win32/Bluteal.de468aa8
K7GW Trojan ( 0056c7401 )
Cybereason malicious.fe0730
Arcabit Trojan.Generic.D20B9E10
TrendMicro Trojan.MSIL.WACATAC.USXVPHA20
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Trojan-gen
BitDefender Trojan.GenericKD.34315792
Paloalto generic.ml
ViRobot Trojan.Win32.Z.Agent.562176.AEO
Tencent Win32.Trojan.Generic.Lknf
Ad-Aware Trojan.GenericKD.34315792
Comodo .UnclassifiedMalware@0
F-Secure Heuristic.HEUR/AGEN.1136339
Sophos Mal/Generic-S
Ikarus Trojan-Dropper.Win32.Delf
Avira HEUR/AGEN.1136339
Antiy-AVL Trojan/Win32.GenKryptik
Microsoft Trojan:Win32/Bluteal!rfn
GData Trojan.GenericKD.34315792
Cynet Malicious (score: 85)
McAfee Fareit-FVM!A26706C7F4F5
MAX malware (ai score=83)
VBA32 BScope.Trojan.Downloader
Malwarebytes Trojan.MalPack.SMY
ESET-NOD32 a variant of Win32/GenKryptik.EPYJ
TrendMicro-HouseCall Trojan.MSIL.WACATAC.USXVPHA20
Rising Trojan.Kryptik!1.C56D (CLASSIC)
SentinelOne DFI - Malicious PE
eGambit Unsafe.AI_Score_85%
Fortinet W32/GenKryptik.EKLE!tr
BitDefenderTheta Gen:NN.ZelphiF.34186.IGW@aWCZGDgi
AVG Win32:Trojan-gen
Panda Trj/GdSda.A
CrowdStrike win/malicious_confidence_70% (D)
MaxSecure Trojan.Malware.104688457.susgen
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.110:443
dead_host 31.13.86.16:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x469150 VirtualFree
0x469154 VirtualAlloc
0x469158 LocalFree
0x46915c LocalAlloc
0x469160 GetTickCount
0x469168 GetVersion
0x46916c GetCurrentThreadId
0x469178 VirtualQuery
0x46917c WideCharToMultiByte
0x469180 MultiByteToWideChar
0x469184 lstrlenA
0x469188 lstrcpynA
0x46918c LoadLibraryExA
0x469190 GetThreadLocale
0x469194 GetStartupInfoA
0x469198 GetProcAddress
0x46919c GetModuleHandleA
0x4691a0 GetModuleFileNameA
0x4691a4 GetLocaleInfoA
0x4691a8 GetCommandLineA
0x4691ac FreeLibrary
0x4691b0 FindFirstFileA
0x4691b4 FindClose
0x4691b8 ExitProcess
0x4691bc WriteFile
0x4691c4 RtlUnwind
0x4691c8 RaiseException
0x4691cc GetStdHandle
Library user32.dll:
0x4691d4 GetKeyboardType
0x4691d8 LoadStringA
0x4691dc MessageBoxA
0x4691e0 CharNextA
Library advapi32.dll:
0x4691e8 RegQueryValueExA
0x4691ec RegOpenKeyExA
0x4691f0 RegCloseKey
Library oleaut32.dll:
0x4691f8 SysFreeString
0x4691fc SysReAllocStringLen
0x469200 SysAllocStringLen
Library kernel32.dll:
0x469208 TlsSetValue
0x46920c TlsGetValue
0x469210 LocalAlloc
0x469214 GetModuleHandleA
Library advapi32.dll:
0x46921c RegQueryValueExA
0x469220 RegOpenKeyExA
0x469224 RegCloseKey
Library kernel32.dll:
0x46922c lstrcpyA
0x469230 WriteFile
0x469234 WaitForSingleObject
0x469238 VirtualQuery
0x46923c VirtualProtect
0x469240 VirtualAlloc
0x469244 Sleep
0x469248 SizeofResource
0x46924c SetThreadLocale
0x469250 SetFilePointer
0x469254 SetEvent
0x469258 SetErrorMode
0x46925c SetEndOfFile
0x469260 ResetEvent
0x469264 ReadFile
0x469268 MulDiv
0x46926c LockResource
0x469270 LoadResource
0x469274 LoadLibraryA
0x469280 GlobalUnlock
0x469284 GlobalReAlloc
0x469288 GlobalHandle
0x46928c GlobalLock
0x469290 GlobalFree
0x469294 GlobalFindAtomA
0x469298 GlobalDeleteAtom
0x46929c GlobalAlloc
0x4692a0 GlobalAddAtomA
0x4692a4 GetVersionExA
0x4692a8 GetVersion
0x4692ac GetTickCount
0x4692b0 GetThreadLocale
0x4692b4 GetSystemInfo
0x4692b8 GetStringTypeExA
0x4692bc GetStdHandle
0x4692c0 GetProfileStringA
0x4692c4 GetProcAddress
0x4692c8 GetModuleHandleA
0x4692cc GetModuleFileNameA
0x4692d0 GetLocaleInfoA
0x4692d4 GetLocalTime
0x4692d8 GetLastError
0x4692dc GetFullPathNameA
0x4692e0 GetDiskFreeSpaceA
0x4692e4 GetDateFormatA
0x4692e8 GetCurrentThreadId
0x4692ec GetCurrentProcessId
0x4692f0 GetCPInfo
0x4692f4 GetACP
0x4692f8 FreeResource
0x4692fc InterlockedExchange
0x469300 FreeLibrary
0x469304 FormatMessageA
0x469308 FindResourceA
0x46930c EnumCalendarInfoA
0x469318 CreateThread
0x46931c CreateFileA
0x469320 CreateEventA
0x469324 CompareStringA
0x469328 CloseHandle
Library version.dll:
0x469330 VerQueryValueA
0x469338 GetFileVersionInfoA
Library gdi32.dll:
0x469340 UnrealizeObject
0x469344 StretchBlt
0x469348 StartPage
0x46934c StartDocA
0x469350 SetWindowOrgEx
0x469354 SetViewportOrgEx
0x469358 SetTextColor
0x46935c SetStretchBltMode
0x469360 SetROP2
0x469364 SetPixel
0x469368 SetMapMode
0x46936c SetDIBColorTable
0x469370 SetBrushOrgEx
0x469374 SetBkMode
0x469378 SetBkColor
0x46937c SetAbortProc
0x469380 SelectPalette
0x469384 SelectObject
0x469388 SelectClipRgn
0x46938c SaveDC
0x469390 RestoreDC
0x469394 RectVisible
0x469398 RealizePalette
0x46939c Polyline
0x4693a0 PatBlt
0x4693a4 MoveToEx
0x4693a8 MaskBlt
0x4693ac LineTo
0x4693b0 IntersectClipRect
0x4693b4 GetWindowOrgEx
0x4693b8 GetTextMetricsA
0x4693c4 GetStockObject
0x4693c8 GetPixel
0x4693cc GetPaletteEntries
0x4693d0 GetObjectA
0x4693d4 GetDeviceCaps
0x4693d8 GetDIBits
0x4693dc GetDIBColorTable
0x4693e0 GetDCOrgEx
0x4693e4 GetDCBrushColor
0x4693ec GetClipBox
0x4693f0 GetBrushOrgEx
0x4693f4 GetBitmapBits
0x4693f8 ExcludeClipRect
0x4693fc EndPage
0x469400 EndDoc
0x469404 DeleteObject
0x469408 DeleteDC
0x46940c CreateSolidBrush
0x469410 CreatePenIndirect
0x469414 CreatePalette
0x469418 CreateICA
0x469420 CreateFontIndirectA
0x469424 CreateDIBitmap
0x469428 CreateDIBSection
0x46942c CreateDCA
0x469430 CreateCompatibleDC
0x469438 CreateBrushIndirect
0x46943c CreateBitmap
0x469440 BitBlt
Library user32.dll:
0x469448 CreateWindowExA
0x46944c WindowFromPoint
0x469450 WinHelpA
0x469454 WaitMessage
0x469458 UpdateWindow
0x46945c UnregisterClassA
0x469460 UnhookWindowsHookEx
0x469464 TranslateMessage
0x46946c TrackPopupMenu
0x469474 ShowWindow
0x469478 ShowScrollBar
0x46947c ShowOwnedPopups
0x469480 ShowCursor
0x469484 SetWindowsHookExA
0x469488 SetWindowTextA
0x46948c SetWindowPos
0x469490 SetWindowPlacement
0x469494 SetWindowLongA
0x469498 SetTimer
0x46949c SetScrollRange
0x4694a0 SetScrollPos
0x4694a4 SetScrollInfo
0x4694a8 SetRect
0x4694ac SetPropA
0x4694b0 SetParent
0x4694b4 SetMenuItemInfoA
0x4694b8 SetMenu
0x4694bc SetForegroundWindow
0x4694c0 SetFocus
0x4694c4 SetCursor
0x4694c8 SetClassLongA
0x4694cc SetCapture
0x4694d0 SetActiveWindow
0x4694d4 SendMessageA
0x4694d8 ScrollWindow
0x4694dc ScreenToClient
0x4694e0 RemovePropA
0x4694e4 RemoveMenu
0x4694e8 ReleaseDC
0x4694ec ReleaseCapture
0x4694f8 RegisterClassA
0x4694fc RedrawWindow
0x469500 PtInRect
0x469504 PostQuitMessage
0x469508 PostMessageA
0x46950c PeekMessageA
0x469510 OffsetRect
0x469514 OemToCharA
0x469518 MessageBoxA
0x46951c MapWindowPoints
0x469520 MapVirtualKeyA
0x469524 LoadStringA
0x469528 LoadKeyboardLayoutA
0x46952c LoadIconA
0x469530 LoadCursorA
0x469534 LoadBitmapA
0x469538 KillTimer
0x46953c IsZoomed
0x469540 IsWindowVisible
0x469544 IsWindowEnabled
0x469548 IsWindow
0x46954c IsRectEmpty
0x469550 IsIconic
0x469554 IsDialogMessageA
0x469558 IsChild
0x46955c InvalidateRect
0x469560 IntersectRect
0x469564 InsertMenuItemA
0x469568 InsertMenuA
0x46956c InflateRect
0x469574 GetWindowTextA
0x469578 GetWindowRect
0x46957c GetWindowPlacement
0x469580 GetWindowLongA
0x469584 GetWindowDC
0x469588 GetUpdateRect
0x46958c GetTopWindow
0x469590 GetSystemMetrics
0x469594 GetSystemMenu
0x469598 GetSysColorBrush
0x46959c GetSysColor
0x4695a0 GetSubMenu
0x4695a4 GetScrollRange
0x4695a8 GetScrollPos
0x4695ac GetScrollInfo
0x4695b0 GetPropA
0x4695b4 GetParent
0x4695b8 GetWindow
0x4695bc GetMenuStringA
0x4695c0 GetMenuState
0x4695c4 GetMenuItemInfoA
0x4695c8 GetMenuItemID
0x4695cc GetMenuItemCount
0x4695d0 GetMenu
0x4695d4 GetLastActivePopup
0x4695d8 GetKeyboardState
0x4695e0 GetKeyboardLayout
0x4695e4 GetKeyState
0x4695e8 GetKeyNameTextA
0x4695ec GetIconInfo
0x4695f0 GetForegroundWindow
0x4695f4 GetFocus
0x4695f8 GetDesktopWindow
0x4695fc GetDCEx
0x469600 GetDC
0x469604 GetCursorPos
0x469608 GetCursor
0x46960c GetClientRect
0x469610 GetClassNameA
0x469614 GetClassInfoA
0x469618 GetCapture
0x46961c GetActiveWindow
0x469620 FrameRect
0x469624 FindWindowA
0x469628 FillRect
0x46962c EqualRect
0x469630 EnumWindows
0x469634 EnumThreadWindows
0x469638 EndPaint
0x46963c EnableWindow
0x469640 EnableScrollBar
0x469644 EnableMenuItem
0x469648 DrawTextA
0x46964c DrawMenuBar
0x469650 DrawIconEx
0x469654 DrawIcon
0x469658 DrawFrameControl
0x46965c DrawEdge
0x469660 DispatchMessageA
0x469664 DestroyWindow
0x469668 DestroyMenu
0x46966c DestroyIcon
0x469670 DestroyCursor
0x469674 DeleteMenu
0x469678 DefWindowProcA
0x46967c DefMDIChildProcA
0x469680 DefFrameProcA
0x469684 CreatePopupMenu
0x469688 CreateMenu
0x46968c CreateIcon
0x469690 ClientToScreen
0x469694 CheckMenuItem
0x469698 CallWindowProcA
0x46969c CallNextHookEx
0x4696a0 BeginPaint
0x4696a4 CharNextA
0x4696a8 CharLowerBuffA
0x4696ac CharLowerA
0x4696b0 CharToOemA
0x4696b4 AdjustWindowRectEx
Library kernel32.dll:
0x4696c0 Sleep
Library oleaut32.dll:
0x4696c8 SafeArrayPtrOfIndex
0x4696cc SafeArrayGetUBound
0x4696d0 SafeArrayGetLBound
0x4696d4 SafeArrayCreate
0x4696d8 VariantChangeType
0x4696dc VariantCopy
0x4696e0 VariantClear
0x4696e4 VariantInit
Library comctl32.dll:
0x4696f4 ImageList_Write
0x4696f8 ImageList_Read
0x469708 ImageList_DragMove
0x46970c ImageList_DragLeave
0x469710 ImageList_DragEnter
0x469714 ImageList_EndDrag
0x469718 ImageList_BeginDrag
0x46971c ImageList_Remove
0x469720 ImageList_DrawEx
0x469724 ImageList_Draw
0x469734 ImageList_Add
0x469740 ImageList_Destroy
0x469744 ImageList_Create
0x469748 InitCommonControls
Library winspool.drv:
0x469750 OpenPrinterA
0x469754 EnumPrintersA
0x469758 DocumentPropertiesA
0x46975c ClosePrinter
Library UrL:
0x469764 InetIsOffline

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 62191 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 58970 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.