4.8
中危
48 个模型检测该样本为恶意!
重新分析
更多

6021ffdfff2641d982b363b78f14d2b81e60c87d0f65450ab07bbf2bb8f62ed6

a7ad56f302a6643085d3be603783a95c.exe

分析耗时

137s

最近分析

文件大小

3.1MB
静态报毒 动态报毒 AGEN AI SCORE=85 AKWOZ ARTEMIS ATTRIBUTE BITCOINMINER BITMINER BSCOPE CLOUD COINMINER CONFIDENCE HARHARMINER HCHTJI HIGHCONFIDENCE LNYB MINER MODERATE MODERATE CONFIDENCE R03FH0CBF20 RISKTOOL SCORE SR9HH1KUTOQ SUSGEN TJIK UNSAFE XMRIG MINER 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!A7AD56F302A6 20200304 6.0.6.653
Alibaba Trojan:Win32/Miner.98a2259e 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:HarHarMiner-A [Trj] 20200308 18.4.3895.0
Tencent Win32.Trojan.Miner.Lnyb 20200308 1.0.0.1
Kingsoft 20200308 2013.8.14.323
静态指标
Command line console output was observed (1 个事件)
Time & API Arguments Status Return Repeated
1620830815.25775
WriteConsoleA
buffer: [2021-05-12 16:06:55.225] unable to open "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\config.json".
console_handle: 0x00000007
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620830815.66375
GlobalMemoryStatusEx
success 1 0
行为判定
动态指标
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620830815.64775
GetAdaptersAddresses
flags: 14
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.872282763183631 section {'size_of_data': '0x0031d800', 'virtual_address': '0x0043e000', 'entropy': 7.872282763183631, 'name': 'UPX1', 'virtual_size': '0x0031e000'} description A section with a high entropy has been found
entropy 0.9923782858920517 description Overall entropy of this PE file is high
The executable is compressed using UPX (2 个事件)
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 个事件)
MicroWorld-eScan Generic.Application.CoinMiner.1.9C1F20E7
FireEye Generic.Application.CoinMiner.1.9C1F20E7
McAfee Artemis!A7AD56F302A6
Cylance Unsafe
K7AntiVirus Adware ( 005237ed1 )
Alibaba Trojan:Win32/Miner.98a2259e
K7GW Adware ( 005237ed1 )
CrowdStrike win/malicious_confidence_60% (W)
Arcabit Generic.Application.CoinMiner.1.9C1F20E7
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:HarHarMiner-A [Trj]
ClamAV Win.Coinminer.Generic-7151250-0
Kaspersky Trojan.Win32.Miner.akwoz
BitDefender Generic.Application.CoinMiner.1.9C1F20E7
NANO-Antivirus Trojan.Win32.Miner.hchtji
AegisLab Trojan.Win32.Miner.4!c
Tencent Win32.Trojan.Miner.Lnyb
Endgame malicious (moderate confidence)
Emsisoft Generic.Application.CoinMiner.1.9C1F20E7 (B)
F-Secure Heuristic.HEUR/AGEN.1045823
McAfee-GW-Edition BehavesLike.Win32.Generic.wc
Trapmine malicious.moderate.ml.score
Sophos XMRig Miner (PUA)
Ikarus PUA.CoinMiner
Cyren W32/Application.TJIK-8142
Jiangmin Trojan.Miner.kqy
Webroot Bitcoinminer.Gen
Avira HEUR/AGEN.1045823
MAX malware (ai score=85)
Antiy-AVL RiskWare[RiskTool]/Win32.BitMiner
Microsoft Trojan:Win32/CoinMiner.C!cl
ZoneAlarm Trojan.Win32.Miner.akwoz
GData Win32.Application.Coinminer.BU
Acronis suspicious
VBA32 BScope.Trojan.Miner
Malwarebytes RiskWare.BitCoinMiner
ESET-NOD32 a variant of Win32/CoinMiner.ES potentially unwanted
TrendMicro-HouseCall TROJ_GEN.R03FH0CBF20
Rising Trojan.Miner!8.EA1 (CLOUD)
Yandex Trojan.Miner!sr9hH1kUtoQ
MaxSecure Trojan.Malware.73756954.susgen
Fortinet Riskware/Miner
Ad-Aware Generic.Application.CoinMiner.1.9C1F20E7
AVG Win32:HarHarMiner-A [Trj]
Cybereason malicious.302a66
Panda Trj/CI.A
Qihoo-360 Win32/Virus.RiskTool.435
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 216.58.200.46:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-01-21 21:48:26

Imports

Library KERNEL32.DLL:
0xb61f3c LoadLibraryA
0xb61f40 GetProcAddress
0xb61f44 VirtualProtect
0xb61f48 VirtualAlloc
0xb61f4c VirtualFree
0xb61f50 ExitProcess
Library ADVAPI32.dll:
0xb61f58 LsaClose
Library CRYPT32.dll:
0xb61f60 CertOpenStore
Library IPHLPAPI.DLL:
Library msvcrt.dll:
0xb61f70 _iob
Library PSAPI.DLL:
Library SHELL32.dll:
Library USER32.dll:
0xb61f88 ShowWindow
Library USERENV.dll:
Library WS2_32.dll:
0xb61f98 bind

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49178 94.23.23.52 pool.supportxmr.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 62912 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.