4.4
中危
50 个模型检测该样本为恶意!
重新分析
更多

aa0b58ae89fdf5b12b069321c962d6301a2803404df494694dc7f05f8dd0ae13

a58db738134049883944ba72ae82925f.exe

分析耗时

77s

最近分析

文件大小

169.5KB
静态报毒 动态报毒 100% AI SCORE=88 ATTRIBUTE CLOUD COINMINERX CONFIDENCE FSEV GANDCRAB GDSDA GENERICKD HDGH HDGJ HIGH CONFIDENCE HIGHCONFIDENCE KQ0@AEHCLIH KRYPTIK LMKR MALPE MALWARE@#2SOHOFITWNWRB MULTIPLUG R011C0DEC20 R336025 SCORE SUSGEN UNSAFE WACATAC ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Trojan-FSEV!A58DB7381340 20200519 6.0.6.653
Alibaba Ransom:Win32/Shellcode.9aa0b77e 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:CoinminerX-gen [Trj] 20200519 18.4.3895.0
Tencent Win32.Exploit.Shellcode.Lmkr 20200519 1.0.0.1
Kingsoft 20200519 2013.8.14.323
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
This executable has a PDB path (1 个事件)
pdb_path C:\jerozadozemetalexoga_bonubo bisu.pdbmp_1096233113\bin\vaguxete.pdbà%hPg
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name AFX_DIALOG_LAYOUT
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1619781469.156
NtProtectVirtualMemory
process_identifier: 2860
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 32768
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x005fa000
success 0 0
1619781469.156
NtAllocateVirtualMemory
process_identifier: 2860
region_size: 40960
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00310000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.520782700644164 section {'size_of_data': '0x0000ec00', 'virtual_address': '0x00001000', 'entropy': 7.520782700644164, 'name': '.text', 'virtual_size': '0x0000ea30'} description A section with a high entropy has been found
entropy 0.35014836795252224 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 50 AntiVirus engines on VirusTotal as malicious (50 个事件)
MicroWorld-eScan Trojan.GenericKD.33817823
FireEye Generic.mg.a58db73813404988
McAfee Trojan-FSEV!A58DB7381340
Cylance Unsafe
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Ransom:Win32/Shellcode.9aa0b77e
K7GW Riskware ( 0040eff71 )
Cybereason malicious.2cf1c5
Arcabit Trojan.Generic.D20404DF
TrendMicro Ransom_Gandcrab.R011C0DEC20
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
Kaspersky Exploit.Win32.Shellcode.qaa
BitDefender Trojan.GenericKD.33817823
ViRobot Trojan.Win32.S.Agent.173568.GH
Avast Win32:CoinminerX-gen [Trj]
Tencent Win32.Exploit.Shellcode.Lmkr
Ad-Aware Trojan.GenericKD.33817823
Sophos Mal/Generic-S
Comodo Malware@#2sohofitwnwrb
VIPRE Trojan.Win32.Generic!BT
Invincea heuristic
McAfee-GW-Edition BehavesLike.Win32.MultiPlug.ct
Trapmine suspicious.low.ml.score
Emsisoft Trojan.GenericKD.33817823 (B)
Antiy-AVL Trojan/Win32.Wacatac
Microsoft Ransom:Win32/Gandcrab.AHB!MTB
Endgame malicious (high confidence)
AegisLab Riskware.Win32.Generic.1!c
ZoneAlarm Exploit.Win32.Shellcode.qaa
GData Trojan.GenericKD.33817823
AhnLab-V3 Trojan/Win32.MalPe.R336025
Acronis suspicious
BitDefenderTheta Gen:NN.ZexaF.34110.kq0@aehcLIH
ALYac Trojan.GenericKD.33817823
MAX malware (ai score=88)
Malwarebytes Trojan.MalPack.GS
ESET-NOD32 a variant of Win32/Kryptik.HDGH
TrendMicro-HouseCall Ransom_Gandcrab.R011C0DEC20
Rising Trojan.Kryptik!1.C65B (CLOUD)
Ikarus Trojan.Win32.Crypt
eGambit Unsafe.AI_Score_75%
Fortinet W32/Kryptik.HDGJ!tr
MaxSecure Trojan.Malware.300983.susgen
AVG Win32:CoinminerX-gen [Trj]
Panda Trj/GdSda.A
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Win32/Trojan.Exploit.025
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.110:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-07-16 07:08:01

Imports

Library KERNEL32.dll:
0x40010008 SetCommTimeouts
0x4001000c GetCurrencyFormatW
0x40010010 GlobalAlloc
0x40010014 GetExitCodeProcess
0x40010018 GetFileAttributesW
0x4001001c ReadFile
0x40010020 lstrlenW
0x40010024 IsBadStringPtrA
0x4001002c FormatMessageA
0x40010030 LCMapStringA
0x40010034 FindFirstFileExA
0x40010038 GetLastError
0x4001003c GetProcAddress
0x40010040 RemoveDirectoryA
0x40010044 OpenWaitableTimerA
0x4001004c GetCurrentProcessId
0x40010050 GetModuleHandleW
0x40010054 SleepEx
0x40010058 CreateHardLinkA
0x4001005c HeapAlloc
0x40010060 GetDriveTypeW
0x40010064 GetLocaleInfoA
0x40010068 FindResourceA
0x40010070 CreateFileA
0x40010074 GetStartupInfoW
0x40010078 TerminateProcess
0x4001007c GetCurrentProcess
0x40010088 IsDebuggerPresent
0x4001008c Sleep
0x40010090 ExitProcess
0x40010094 WriteFile
0x40010098 GetStdHandle
0x4001009c GetModuleFileNameA
0x400100a0 GetModuleFileNameW
0x400100a8 GetEnvironmentStringsW
0x400100ac GetCommandLineW
0x400100b0 SetHandleCount
0x400100b4 GetFileType
0x400100b8 GetStartupInfoA
0x400100bc DeleteCriticalSection
0x400100c0 TlsGetValue
0x400100c4 TlsAlloc
0x400100c8 TlsSetValue
0x400100cc TlsFree
0x400100d0 InterlockedIncrement
0x400100d4 SetLastError
0x400100d8 GetCurrentThreadId
0x400100dc InterlockedDecrement
0x400100e0 HeapCreate
0x400100e4 VirtualFree
0x400100e8 HeapFree
0x400100f0 GetTickCount
0x400100f8 LeaveCriticalSection
0x400100fc EnterCriticalSection
0x40010100 LoadLibraryA
0x40010108 GetCPInfo
0x4001010c GetACP
0x40010110 GetOEMCP
0x40010114 IsValidCodePage
0x40010118 VirtualAlloc
0x4001011c HeapReAlloc
0x40010120 RtlUnwind
0x40010124 HeapSize
0x40010128 WideCharToMultiByte
0x4001012c GetStringTypeA
0x40010130 MultiByteToWideChar
0x40010134 GetStringTypeW
0x40010138 LCMapStringW
Library ADVAPI32.dll:
0x40010000 LookupAccountNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 62191 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51964 239.255.255.250 3702
192.168.56.101 53238 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.