0.6
低危
DACN
0.14
FACILE
1.00
IMCLNet
0.57
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (W) | 20190702 | 1.0 |
| Kingsoft | None | 20200204 | 2013.8.14.323 |
| McAfee | GenericRXIJ-BB!A52AA8C5E52E | 20200204 | 6.0.6.653 |
| Tencent | None | 20200204 | 1.0.0.1 |
静态指标
动态指标
网络通信
文件已被 VirusTotal 上 49 个反病毒引擎识别为恶意
(49 个事件)
| ALYac | Gen:Variant.Razy.396392 |
| APEX | Malicious |
| AVG | Win32:CrypterX-gen [Trj] |
| Acronis | suspicious |
| Ad-Aware | Gen:Variant.Razy.396392 |
| AhnLab-V3 | Win-Trojan/LimeRAT.Exp |
| Arcabit | Trojan.Razy.D60C68 |
| Avira | TR/Spy.Gen8 |
| BitDefender | Gen:Variant.Razy.396392 |
| BitDefenderTheta | Gen:NN.ZemsilF.34084.biW@aaig6jp |
| CAT-QuickHeal | Trojan.MsilFC.S9414873 |
| ClamAV | Win.Malware.Barys-6836745-0 |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Cybereason | malicious.5e52e4 |
| Cylance | Unsafe |
| Cyren | W32/Tasker.A.gen!Eldorado |
| DrWeb | Trojan.DownLoader29.2373 |
| ESET-NOD32 | a variant of MSIL/Agent.BPK |
| Emsisoft | Gen:Variant.Razy.396392 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Tasker.A.gen!Eldorado |
| F-Secure | Trojan.TR/Spy.Gen8 |
| FireEye | Generic.mg.a52aa8c5e52e4c8f |
| Fortinet | MSIL/Agent.SWO!tr |
| GData | MSIL.Trojan-Ransom.LimeRans.A |
| Ikarus | Trojan.MSIL.Agent |
| Invincea | heuristic |
| K7AntiVirus | Trojan ( 700000121 ) |
| Kaspersky | HEUR:Trojan.MSIL.Tasker.gen |
| MAX | malware (ai score=87) |
| Malwarebytes | Backdoor.LimeRat |
| MaxSecure | Trojan.Malware.300983.susgen |
| McAfee | GenericRXIJ-BB!A52AA8C5E52E |
| McAfee-GW-Edition | BehavesLike.Win32.Trojan.mm |
| MicroWorld-eScan | Gen:Variant.Razy.396392 |
| Microsoft | Backdoor:Win32/LimeRat.YA!MTB |
| Panda | Trj/GdSda.A |
| Qihoo-360 | HEUR/QVM03.0.0439.Malware.Gen |
| Rising | Backdoor.LimeRat!1.B863 (CLASSIC) |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Symantec | ML.Attribute.HighConfidence |
| Trapmine | malicious.high.ml.score |
| TrendMicro | Coinminer.MSIL.LIMERAT.SMA |
| TrendMicro-HouseCall | Coinminer.MSIL.LIMERAT.SMA |
| VIPRE | Trojan.Win32.Generic!BT |
| Zillya | Trojan.Injector.Win32.500896 |
| ZoneAlarm | HEUR:Trojan.MSIL.Tasker.gen |
| eGambit | Unsafe.AI_Score_99% |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2020-01-11 23:38:34
PE Imphash
f34d5f2d4577ed6d9ceec516c1f5a744
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00002000 | 0x00006d54 | 0x00006e00 | 6.069229901656176 |
| .reloc | 0x0000a000 | 0x0000000c | 0x00000200 | 0.08153941234324169 |
Imports
Library mscoree.dll:
• 0x402000 _CorExeMain
L!This program cannot be run in DOS mode.
`.reloc
i?>%()
v4.0.30319
#Strings
_Closure$__R1-0
$IR12-1
_Lambda$__R12-1
ThreadSafeObjectProvider`1
List`1
$IR13-2
_Lambda$__R13-2
kernel32
Microsoft.Win32
ToInt32
_Lambda$__R2
$VB$NonLocal_2
get_UTF8
<Module>
ES_SYSTEM_REQUIRED
ES_DISPLAY_REQUIRED
EXECUTION_STATE
System.IO
ES_CONTINUOUS
_Closure$__
Dispose__Instance__
Create__Instance__
value__
ProjectData
mscorlib
System.Collections.Generic
Microsoft.VisualBasic
Thread
RijndaelManaged
get_IsAttached
get_Connected
Append
CompareMethod
get_Clipboard
Replace
CreateInstance
get_GetInstance
instance
GetHashCode
set_Mode
FileMode
EnterDebugMode
CompressionMode
CipherMode
SelectMode
FromImage
DrawImage
get_Message
Invoke
GetEnvironmentVariable
get_Available
IDisposable
RuntimeTypeHandle
GetTypeFromHandle
WaitHandle
Rectangle
DownloadFile
DeleteFile
IsInRole
WindowsBuiltInRole
AppWinStyle
get_Name
GetTempFileName
GetFileName
get_MachineName
get_OSFullName
get_UserName
GetProcessesByName
DateTime
get_LastWriteTime
GetType
MethodBase
ConsoleApplicationBase
Dispose
EditorBrowsableState
SetThreadExecutionState
SetApartmentState
Delete
ThreadStaticAttribute
STAThreadAttribute
CompilerGeneratedAttribute
HelpKeywordAttribute
GeneratedCodeAttribute
EditorBrowsableAttribute
ComVisibleAttribute
StandardModuleAttribute
HideModuleNameAttribute
DebuggerHiddenAttribute
MyGroupCollectionAttribute
m_ThreadStaticValue
DeleteValue
GetObjectValue
GetValue
SetValue
Receive
set_SendBufferSize
set_ReceiveBufferSize
get_Jpeg
System.Threading
add_SessionEnding
NewLateBinding
Encoding
System.Drawing.Imaging
IsLogging
FromBase64String
ToBase64String
CompareString
ToString
GetString
Substring
System.Drawing
ComputeHash
get_ExecutablePath
get_Width
get_Length
StartsWith
TimerCallback
TransformFinalBlock
RtlSetProcessIsCritical
NetworkCredential
System.Security.Principal
WindowsPrincipal
ConditionalCompareObjectNotEqual
System.ComponentModel
LateCall
kernel32.dll
NTdll.dll
coredll.dll
FileStream
GZipStream
MemoryStream
get_Item
System
SymmetricAlgorithm
HashAlgorithm
Random
ICryptoTransform
ToBoolean
CopyFromScreen
get_PrimaryScreen
System.ComponentModel.Design
AppDomain
get_CurrentDomain
System.IO.Compression
MyApplication
CopyPixelOperation
Interaction
System.Reflection
ManagementObjectCollection
set_Position
Exception
Environ
get_Reason
get_Info
MethodInfo
FileInfo
FileSystemInfo
MemberInfo
ComputerInfo
DirectoryInfo
Bitmap
EndApp
MD5CryptoServiceProvider
StringBuilder
ToInteger
Debugger
ManagementObjectSearcher
SessionEndingEventHandler
System.CodeDom.Compiler
ToUpper
CurrentUser
BitConverter
ServerComputer
MyComputer
ToLower
ClearProjectError
SetProjectError
ManagementObjectEnumerator
GetEnumerator
Activator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
Graphics
System.Diagnostics
get_Bounds
GetMethods
Microsoft.VisualBasic.Devices
MyWebServices
Microsoft.VisualBasic.ApplicationServices
System.Runtime.InteropServices
Microsoft.VisualBasic.CompilerServices
System.Runtime.CompilerServices
Microsoft.VisualBasic.MyServices
GetInstances
GetDirectories
GetTypes
GetBytes
SocketFlags
Strings
SessionEndingEventArgs
ICredentials
set_Credentials
Equals
System.Windows.Forms
Contains
Conversions
SessionEndReasons
RuntimeHelpers
Operators
ManagementClass
FileAccess
Process
System.Net.Sockets
SystemEvents
Exists
Concat
ImageFormat
PixelFormat
AddObject
ManagementBaseObject
ConcatenateObject
ManagementObject
MyProject
Connect
LateGet
LateIndexGet
System.Net
Socket
SystemIdleTimerReset
get_Height
GraphicsUnit
get_Default
ToUpperInvariant
get_Client
WebClient
TcpClient
System.Management
RuntimeEnvironment
Component
get_Current
GetCurrent
ParameterizedThreadStart
Convert
set_SendTimeout
set_ReceiveTimeout
MoveNext
System.Text
GetText
SetText
Client.My
ToArray
set_Key
CreateSubKey
RegistryKey
System.Security.Cryptography
Assembly
LoadLibrary
GetRuntimeDirectory
CreateDirectory
Registry
WindowsIdentity
ClipboardProxy
6FNZY`
MyTemplate
11.0.0.0
My.Computer
My.Application
My.User
My.WebServices
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
_CorExeMain
mscoree.dll
S�b�i�e�D�l�l�.�d�l�l�
w�i�n�d�i�r�
\�v�b�o�x�h�o�o�k�.�d�l�l�
Y�2�1�k�L�m�V�4�Z�S�A�v�Y�y�B�w�a�W�5�n�I�D�A�g�L�W�4�g�M�i�A�m�I�G�R�l�b�C�A�=�
S�e�l�e�c�t� �*� �f�r�o�m� �W�i�n�3�2�_�C�o�m�p�u�t�e�r�S�y�s�t�e�m�
M�a�n�u�f�a�c�t�u�r�e�r�
m�i�c�r�o�s�o�f�t� �c�o�r�p�o�r�a�t�i�o�n�
V�I�R�T�U�A�L�
v�m�w�a�r�e�
V�i�r�t�u�a�l�B�o�x�
M�i�c�r�o�s�o�f�t�
W�i�n�d�o�w�s�
U�n�k�o�w�n�
P�R�O�C�E�S�S�O�R�_�A�R�C�H�I�T�E�C�T�U�R�E�
d�d�/�M�M�/�y�y�y�
W�i�n�3�2�_�P�r�o�c�e�s�s�o�r�
P�r�o�c�e�s�s�o�r�I�d�
W�i�n�3�2�_�B�I�O�S�
S�e�r�i�a�l�N�u�m�b�e�r�
W�i�n�3�2�_�B�a�s�e�B�o�a�r�d�
W�i�n�3�2�_�V�i�d�e�o�C�o�n�t�r�o�l�l�e�r�
R�a�n�s�-�S�t�a�t�u�s�
N�o�t� �e�n�c�r�y�p�t�e�d�
N�o�t� �r�e�a�d�y�
D�i�s�a�b�l�e�d�
\�r�o�o�t�\�S�e�c�u�r�i�t�y�C�e�n�t�e�r�2�
S�E�L�E�C�T� �*� �F�R�O�M� �A�n�t�i�v�i�r�u�s�P�r�o�d�u�c�t�
d�i�s�p�l�a�y�N�a�m�e�
R�e�g�a�s�m�
s�e�l�e�c�t� �C�o�m�m�a�n�d�L�i�n�e� �f�r�o�m� �W�i�n�3�2�_�P�r�o�c�e�s�s� �w�h�e�r�e� �N�a�m�e�=�'�{�0�}�'�
R�e�g�a�s�m�.�e�x�e�
C�o�m�m�a�n�d�L�i�n�e�
-�-�d�o�n�a�t�e�-�l�e�v�e�l�=�
M�i�n�n�i�n�g�.�.�.�
W�i�n�3�2�_�P�r�o�c�e�s�s�o�r�.�d�e�v�i�c�e�i�d�=�"�C�P�U�0�"�
C�o�r�e�(�T�M�)�
U�n�k�n�o�w�
S�o�f�t�w�a�r�e�\�
:�Z�o�n�e�.�I�d�e�n�t�i�f�i�e�r�
t�q�z�Y�L�U�C�f�J�3�k�y�V�e�v�T�i�7�7�Z�n�R�Q�Q�2�l�c�F�5�d�/�f�A�/�D�Q�V�s�o�5�2�m�f�M�n�M�5�1�d�9�9�O�5�m�5�M�r�2�3�p�+�e�Y�k�
1�2�3�4�5�6�
W�s�e�r�v�i�c�e�s�.�e�x�e�
!�P�S�e�n�d�
!�P�S�t�a�r�t�
E�r�r�o�r�!� �
P�l�u�g�i�n� �E�r�r�o�r�!� �
l�e�n�g�t�h�
D�o�w�n�l�o�a�d�S�t�r�i�n�g�
v�0�.�1�.�9�.�2�
s�c�h�t�a�s�k�s� �/�c�r�e�a�t�e� �/�f� �/�s�c� �O�N�L�O�G�O�N� �/�R�L� �H�I�G�H�E�S�T� �/�t�n� �L�i�m�e�R�A�T�-�A�d�m�i�n� �/�t�r� �"�'�
S�o�f�t�w�a�r�e�\�M�i�c�r�o�s�o�f�t�\�W�i�n�d�o�w�s�\�C�u�r�r�e�n�t�V�e�r�s�i�o�n�\�R�u�n�\�
F�l�o�o�d�!� �
_�U�S�B� �E�r�r�o�r�!� �
_�P�I�N� �E�r�r�o�r�!� �
Process Tree
- 0bee7ab0f53665e749fb85c6b2bb8cca62a8b463071cfa0f6648e312b2d161de.exe (2064) "C:\Users\Administrator\AppData\Local\Temp\0bee7ab0f53665e749fb85c6b2bb8cca62a8b463071cfa0f6648e312b2d161de.exe"
Hosts
No hosts contacted.
DNS
No domains contacted.
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.