3.8
中危
60 个模型检测该样本为恶意!
重新分析
更多

190429a9b3c77af4591eadffb647e4e0ecf4eb707a64cdd32573736b3edab8d4

a345ad99c92b3962b2cc09f3e8c4830c.exe

分析耗时

21s

最近分析

文件大小

1.3MB
静态报毒 动态报毒 AGENTTESLA AI SCORE=86 AIDETECTVM ALI2000015 ANDROM ARW@26LUBK BANLOAD BPIHI BSCOPE BXCKC CLASSIC CONFIDENCE DELF DELFINJECT ENGR ENME FAREIT FJDU FORMBOOK HIGH CONFIDENCE HUSNDB KCJ0O1D74SM LKDH MALWARE2 QHW@AW QVM05 R351152 SCORE SIGGEN10 SUSGEN SUSPICIOUS PE THIBOBO UNSAFE WACATAC ZELPHIF ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FZN!A345AD99C92B 20201022 6.0.6.653
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201022 18.4.3895.0
Tencent Win32.Backdoor.Androm.Lkdh 20201022 1.0.0.1
Kingsoft 20201022 2013.8.14.323
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620985508.963979
NtAllocateVirtualMemory
process_identifier: 912
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e0000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.746139718261007 section {'size_of_data': '0x000af400', 'virtual_address': '0x00098000', 'entropy': 7.746139718261007, 'name': '.rsrc', 'virtual_size': '0x000af26c'} description A section with a high entropy has been found
entropy 0.5432003099573809 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Generates some ICMP traffic
File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Delf.FareIt.Gen.13
FireEye Generic.mg.a345ad99c92b3962
McAfee Fareit-FZN!A345AD99C92B
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Trojan ( 0056e1db1 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Trojan ( 0056e1db1 )
Cybereason malicious.9c92b3
Arcabit Trojan.Delf.FareIt.Gen.13
BitDefenderTheta Gen:NN.ZelphiF.34570.qHW@aW!bpihi
Cyren W32/Trojan.FJDU-1226
Symantec Trojan.Gen.2
APEX Malicious
Avast Win32:Trojan-gen
Kaspersky HEUR:Backdoor.Win32.Androm.gen
BitDefender Trojan.Delf.FareIt.Gen.13
NANO-Antivirus Trojan.Win32.Androm.husndb
Paloalto generic.ml
Tencent Win32.Backdoor.Androm.Lkdh
Ad-Aware Trojan.Delf.FareIt.Gen.13
Sophos Mal/Generic-S
Comodo TrojWare.Win32.Downloader.Banload.arw@26lubk
F-Secure Trojan.TR/Injector.bxckc
DrWeb Trojan.Siggen10.17432
Zillya Trojan.Injector.Win32.772326
Invincea Mal/Generic-S
McAfee-GW-Edition BehavesLike.Win32.Fareit.tc
Emsisoft Trojan.Delf.FareIt.Gen.13 (B)
SentinelOne DFI - Suspicious PE
eGambit Unsafe.AI_Score_95%
Avira TR/Injector.bxckc
Antiy-AVL Trojan[Backdoor]/Win32.Androm
Microsoft Trojan:Win32/FormBook.SS!MTB
AegisLab Trojan.Win32.Zusy.4!c
ZoneAlarm HEUR:Backdoor.Win32.Androm.gen
GData Trojan.Delf.FareIt.Gen.13
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Formbook.R351152
Acronis suspicious
VBA32 BScope.Trojan.Wacatac
ALYac Trojan.Delf.FareIt.Gen.13
MAX malware (ai score=86)
Malwarebytes Spyware.AgentTesla
Zoner Trojan.Win32.93823
ESET-NOD32 a variant of Win32/Injector.ENGR
TrendMicro-HouseCall Trojan.Win32.WACATAC.THIBOBO
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x48b164 VirtualFree
0x48b168 VirtualAlloc
0x48b16c LocalFree
0x48b170 LocalAlloc
0x48b174 GetVersion
0x48b178 GetCurrentThreadId
0x48b184 VirtualQuery
0x48b188 WideCharToMultiByte
0x48b18c MultiByteToWideChar
0x48b190 lstrlenA
0x48b194 lstrcpynA
0x48b198 LoadLibraryExA
0x48b19c GetThreadLocale
0x48b1a0 GetStartupInfoA
0x48b1a4 GetProcAddress
0x48b1a8 GetModuleHandleA
0x48b1ac GetModuleFileNameA
0x48b1b0 GetLocaleInfoA
0x48b1b4 GetCommandLineA
0x48b1b8 FreeLibrary
0x48b1bc FindFirstFileA
0x48b1c0 FindClose
0x48b1c4 ExitProcess
0x48b1c8 WriteFile
0x48b1d0 RtlUnwind
0x48b1d4 RaiseException
0x48b1d8 GetStdHandle
Library user32.dll:
0x48b1e0 GetKeyboardType
0x48b1e4 LoadStringA
0x48b1e8 MessageBoxA
0x48b1ec CharNextA
Library advapi32.dll:
0x48b1f4 RegQueryValueExA
0x48b1f8 RegOpenKeyExA
0x48b1fc RegCloseKey
Library oleaut32.dll:
0x48b204 SysFreeString
0x48b208 SysReAllocStringLen
0x48b20c SysAllocStringLen
Library kernel32.dll:
0x48b214 TlsSetValue
0x48b218 TlsGetValue
0x48b21c LocalAlloc
0x48b220 GetModuleHandleA
Library advapi32.dll:
0x48b228 RegQueryValueExA
0x48b22c RegOpenKeyExA
0x48b230 RegCloseKey
Library kernel32.dll:
0x48b238 lstrcpyA
0x48b23c WriteFile
0x48b244 WaitForSingleObject
0x48b248 VirtualQuery
0x48b24c VirtualProtectEx
0x48b250 VirtualProtect
0x48b254 VirtualAlloc
0x48b258 Sleep
0x48b25c SizeofResource
0x48b260 SetThreadLocale
0x48b264 SetFilePointer
0x48b268 SetEvent
0x48b26c SetErrorMode
0x48b270 SetEndOfFile
0x48b274 ResetEvent
0x48b278 ReadFile
0x48b27c MulDiv
0x48b280 LockResource
0x48b284 LoadResource
0x48b288 LoadLibraryA
0x48b294 GlobalUnlock
0x48b298 GlobalReAlloc
0x48b29c GlobalHandle
0x48b2a0 GlobalLock
0x48b2a4 GlobalFree
0x48b2a8 GlobalFindAtomA
0x48b2ac GlobalDeleteAtom
0x48b2b0 GlobalAlloc
0x48b2b4 GlobalAddAtomA
0x48b2b8 GetVersionExA
0x48b2bc GetVersion
0x48b2c0 GetTickCount
0x48b2c4 GetThreadLocale
0x48b2cc GetSystemTime
0x48b2d0 GetSystemInfo
0x48b2d4 GetStringTypeExA
0x48b2d8 GetStdHandle
0x48b2dc GetProcAddress
0x48b2e0 GetModuleHandleA
0x48b2e4 GetModuleFileNameA
0x48b2e8 GetLocaleInfoA
0x48b2ec GetLocalTime
0x48b2f0 GetLastError
0x48b2f4 GetFullPathNameA
0x48b2f8 GetFileAttributesA
0x48b2fc GetDiskFreeSpaceA
0x48b300 GetDateFormatA
0x48b304 GetCurrentThreadId
0x48b308 GetCurrentProcessId
0x48b30c GetCPInfo
0x48b310 GetACP
0x48b314 FreeResource
0x48b318 InterlockedExchange
0x48b31c FreeLibrary
0x48b320 FormatMessageA
0x48b324 FindResourceA
0x48b328 FindFirstFileA
0x48b32c FindClose
0x48b33c ExitProcess
0x48b340 EnumCalendarInfoA
0x48b34c CreateThread
0x48b350 CreateFileA
0x48b354 CreateEventA
0x48b358 CompareStringA
0x48b35c CloseHandle
Library version.dll:
0x48b364 VerQueryValueA
0x48b36c GetFileVersionInfoA
Library gdi32.dll:
0x48b374 UnrealizeObject
0x48b378 StretchBlt
0x48b37c SetWindowOrgEx
0x48b380 SetWindowExtEx
0x48b384 SetWinMetaFileBits
0x48b388 SetViewportOrgEx
0x48b38c SetViewportExtEx
0x48b390 SetTextColor
0x48b394 SetStretchBltMode
0x48b398 SetROP2
0x48b39c SetPixel
0x48b3a0 SetMapMode
0x48b3a4 SetEnhMetaFileBits
0x48b3a8 SetDIBColorTable
0x48b3ac SetBrushOrgEx
0x48b3b0 SetBkMode
0x48b3b4 SetBkColor
0x48b3b8 SelectPalette
0x48b3bc SelectObject
0x48b3c0 SelectClipRgn
0x48b3c4 SaveDC
0x48b3c8 RestoreDC
0x48b3cc Rectangle
0x48b3d0 RectVisible
0x48b3d4 RealizePalette
0x48b3d8 Polyline
0x48b3dc PolyPolyline
0x48b3e0 PlayEnhMetaFile
0x48b3e4 PatBlt
0x48b3e8 MoveToEx
0x48b3ec MaskBlt
0x48b3f0 LineTo
0x48b3f4 IntersectClipRect
0x48b3f8 GetWindowOrgEx
0x48b3fc GetWinMetaFileBits
0x48b400 GetTextMetricsA
0x48b40c GetStockObject
0x48b410 GetPixel
0x48b414 GetPaletteEntries
0x48b418 GetObjectA
0x48b424 GetEnhMetaFileBits
0x48b428 GetDeviceCaps
0x48b42c GetDIBits
0x48b430 GetDIBColorTable
0x48b434 GetDCOrgEx
0x48b43c GetClipBox
0x48b440 GetBrushOrgEx
0x48b444 GetBitmapBits
0x48b448 ExtTextOutA
0x48b44c ExtCreatePen
0x48b450 ExcludeClipRect
0x48b454 DeleteObject
0x48b458 DeleteEnhMetaFile
0x48b45c DeleteDC
0x48b460 CreateSolidBrush
0x48b464 CreatePenIndirect
0x48b468 CreatePalette
0x48b470 CreateFontIndirectA
0x48b474 CreateDIBitmap
0x48b478 CreateDIBSection
0x48b47c CreateCompatibleDC
0x48b484 CreateBrushIndirect
0x48b488 CreateBitmap
0x48b48c CopyEnhMetaFileA
0x48b490 BitBlt
Library user32.dll:
0x48b498 CreateWindowExA
0x48b49c WindowFromPoint
0x48b4a0 WinHelpA
0x48b4a4 WaitMessage
0x48b4a8 ValidateRect
0x48b4ac UpdateWindow
0x48b4b0 UnregisterClassA
0x48b4b4 UnionRect
0x48b4b8 UnhookWindowsHookEx
0x48b4bc TranslateMessage
0x48b4c4 TrackPopupMenu
0x48b4cc ShowWindow
0x48b4d0 ShowScrollBar
0x48b4d4 ShowOwnedPopups
0x48b4d8 ShowCursor
0x48b4dc SetWindowsHookExA
0x48b4e0 SetWindowTextA
0x48b4e4 SetWindowPos
0x48b4e8 SetWindowPlacement
0x48b4ec SetWindowLongA
0x48b4f0 SetTimer
0x48b4f4 SetScrollRange
0x48b4f8 SetScrollPos
0x48b4fc SetScrollInfo
0x48b500 SetRect
0x48b504 SetPropA
0x48b508 SetParent
0x48b50c SetMenuItemInfoA
0x48b510 SetMenu
0x48b514 SetKeyboardState
0x48b518 SetForegroundWindow
0x48b51c SetFocus
0x48b520 SetCursor
0x48b524 SetClipboardData
0x48b528 SetClassLongA
0x48b52c SetCapture
0x48b530 SetActiveWindow
0x48b534 SendMessageA
0x48b538 ScrollWindowEx
0x48b53c ScrollWindow
0x48b540 ScreenToClient
0x48b544 RemovePropA
0x48b548 RemoveMenu
0x48b54c ReleaseDC
0x48b550 ReleaseCapture
0x48b55c RegisterClassA
0x48b560 RedrawWindow
0x48b564 PtInRect
0x48b568 PostQuitMessage
0x48b56c PostMessageA
0x48b570 PeekMessageA
0x48b574 OpenClipboard
0x48b578 OffsetRect
0x48b57c OemToCharA
0x48b580 MessageBoxA
0x48b584 MessageBeep
0x48b588 MapWindowPoints
0x48b58c MapVirtualKeyA
0x48b590 LoadStringA
0x48b594 LoadKeyboardLayoutA
0x48b598 LoadIconA
0x48b59c LoadCursorA
0x48b5a0 LoadBitmapA
0x48b5a4 KillTimer
0x48b5a8 IsZoomed
0x48b5ac IsWindowVisible
0x48b5b0 IsWindowEnabled
0x48b5b4 IsWindow
0x48b5b8 IsRectEmpty
0x48b5bc IsIconic
0x48b5c0 IsDialogMessageA
0x48b5c4 IsChild
0x48b5c8 IsCharAlphaNumericA
0x48b5cc IsCharAlphaA
0x48b5d0 InvalidateRect
0x48b5d4 IntersectRect
0x48b5d8 InsertMenuItemA
0x48b5dc InsertMenuA
0x48b5e0 InflateRect
0x48b5e8 GetWindowTextA
0x48b5ec GetWindowRect
0x48b5f0 GetWindowPlacement
0x48b5f4 GetWindowLongA
0x48b5f8 GetWindowDC
0x48b5fc GetTopWindow
0x48b600 GetSystemMetrics
0x48b604 GetSystemMenu
0x48b608 GetSysColorBrush
0x48b60c GetSysColor
0x48b610 GetSubMenu
0x48b614 GetScrollRange
0x48b618 GetScrollPos
0x48b61c GetScrollInfo
0x48b620 GetPropA
0x48b624 GetParent
0x48b628 GetWindow
0x48b62c GetMessageTime
0x48b630 GetMenuStringA
0x48b634 GetMenuState
0x48b638 GetMenuItemInfoA
0x48b63c GetMenuItemID
0x48b640 GetMenuItemCount
0x48b644 GetMenu
0x48b648 GetLastActivePopup
0x48b64c GetKeyboardState
0x48b654 GetKeyboardLayout
0x48b658 GetKeyState
0x48b65c GetKeyNameTextA
0x48b660 GetIconInfo
0x48b664 GetForegroundWindow
0x48b668 GetFocus
0x48b66c GetDoubleClickTime
0x48b670 GetDlgItem
0x48b674 GetDesktopWindow
0x48b678 GetDCEx
0x48b67c GetDC
0x48b680 GetCursorPos
0x48b684 GetCursor
0x48b688 GetClipboardData
0x48b68c GetClientRect
0x48b690 GetClassNameA
0x48b694 GetClassInfoA
0x48b698 GetCaretPos
0x48b69c GetCapture
0x48b6a0 GetActiveWindow
0x48b6a4 FrameRect
0x48b6a8 FindWindowA
0x48b6ac FillRect
0x48b6b0 EqualRect
0x48b6b4 EnumWindows
0x48b6b8 EnumThreadWindows
0x48b6c0 EndPaint
0x48b6c4 EnableWindow
0x48b6c8 EnableScrollBar
0x48b6cc EnableMenuItem
0x48b6d0 EmptyClipboard
0x48b6d4 DrawTextA
0x48b6d8 DrawMenuBar
0x48b6dc DrawIconEx
0x48b6e0 DrawIcon
0x48b6e4 DrawFrameControl
0x48b6e8 DrawFocusRect
0x48b6ec DrawEdge
0x48b6f0 DispatchMessageA
0x48b6f4 DestroyWindow
0x48b6f8 DestroyMenu
0x48b6fc DestroyIcon
0x48b700 DestroyCursor
0x48b704 DeleteMenu
0x48b708 DefWindowProcA
0x48b70c DefMDIChildProcA
0x48b710 DefFrameProcA
0x48b714 CreatePopupMenu
0x48b718 CreateMenu
0x48b71c CreateIcon
0x48b720 CloseClipboard
0x48b724 ClientToScreen
0x48b728 CheckMenuItem
0x48b72c CallWindowProcA
0x48b730 CallNextHookEx
0x48b734 BeginPaint
0x48b738 CharNextA
0x48b73c CharLowerBuffA
0x48b740 CharLowerA
0x48b744 CharUpperBuffA
0x48b748 CharToOemA
0x48b74c AdjustWindowRectEx
Library kernel32.dll:
0x48b758 Sleep
Library oleaut32.dll:
0x48b760 SafeArrayPtrOfIndex
0x48b764 SafeArrayGetUBound
0x48b768 SafeArrayGetLBound
0x48b76c SafeArrayCreate
0x48b770 VariantChangeType
0x48b774 VariantCopy
0x48b778 VariantClear
0x48b77c VariantInit
Library comctl32.dll:
0x48b78c ImageList_Write
0x48b790 ImageList_Read
0x48b7a0 ImageList_DragMove
0x48b7a4 ImageList_DragLeave
0x48b7a8 ImageList_DragEnter
0x48b7ac ImageList_EndDrag
0x48b7b0 ImageList_BeginDrag
0x48b7b4 ImageList_Remove
0x48b7b8 ImageList_DrawEx
0x48b7bc ImageList_Replace
0x48b7c0 ImageList_Draw
0x48b7d0 ImageList_Add
0x48b7d8 ImageList_Destroy
0x48b7dc ImageList_Create
0x48b7e0 InitCommonControls
Library comdlg32.dll:
0x48b7e8 GetOpenFileNameA
Library kernel32.dll:
0x48b7f0 MulDiv
Library kernel32.dll:

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.