1.2
低危
53 个模型检测该样本为恶意!
重新分析
更多

18f6e65ba46f5cb58c61b7e048e1c2152e8b3229f49ad9f9b839a4b8d9f29191

18f6e65ba46f5cb58c61b7e048e1c2152e8b3229f49ad9f9b839a4b8d9f29191.exe

分析耗时

193s

最近分析

380天前

文件大小

39.8KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN WORM BOBIC
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.78
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:Bobic-GE [Wrm] 20190918 18.4.3895.0
Baidu None 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Kingsoft None 20190918 2013.8.14.323
McAfee W32/Bobax.k.m 20190918 6.0.6.653
Tencent None 20190918 1.0.0.1
行为判定
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具 (2 个事件)
section {'name': 'FLATPE!', 'virtual_address': '0x00001000', 'virtual_size': '0x00400000', 'size_of_data': '0x00009d12', 'entropy': 7.988075534954075} entropy 7.988075534954075 description 发现高熵的节
entropy 1.0 description 此PE文件的整体熵值较高
网络通信
与未执行 DNS 查询的主机进行通信 (2 个事件)
host 114.114.114.114
host 8.8.8.8
文件已被 VirusTotal 上 53 个反病毒引擎识别为恶意 (50 out of 53 个事件)
ALYac Win32.Worm.Bobic.AC
APEX Malicious
AVG Win32:Bobic-GE [Wrm]
Acronis suspicious
Ad-Aware Win32.Worm.Bobic.AC
Arcabit Win32.Worm.Bobic.AC
Avast Win32:Bobic-GE [Wrm]
Avira WORM/Bobic.Crypt
BitDefender Win32.Worm.Bobic.AC
CAT-QuickHeal W32.Bobic.poly
CMC Net-Worm.Win32.Bobic!O
Comodo NetWorm.Win32.Bobic.A@1f0hlb
CrowdStrike win/malicious_confidence_100% (D)
Cybereason malicious.7a87a8
Cylance Unsafe
Cyren W32/Bobic.A.gen!Eldorado
DrWeb Win32.Proxed
ESET-NOD32 Win32/Bobax.AL
Emsisoft Win32.Worm.Bobic.AC (B)
Endgame malicious (high confidence)
F-Prot W32/Bobic.A.gen!Eldorado
F-Secure Worm.WORM/Bobic.Crypt
FireEye Generic.mg.a82fea07a87a8c9c
Fortinet W32/Bobic.AC
GData Win32.Worm.Bobic.AC
Ikarus Net-Worm.Win32.Small
Invincea heuristic
Jiangmin I-Worm/Bobic.u
K7AntiVirus NetWorm ( 00004be71 )
K7GW Trojan ( 00004be71 )
Kaspersky Net-Worm.Win32.Bobic.ac
MAX malware (ai score=87)
MaxSecure Trojan.Malware.300983.susgen
McAfee W32/Bobax.k.m
McAfee-GW-Edition BehavesLike.Win32.VirRansom.nc
MicroWorld-eScan Win32.Worm.Bobic.AC
Microsoft Worm:Win32/Bobax.gen!B
NANO-Antivirus Virus.Win32.Gen-Crypt.ccnc
Panda W32/Bobax.gen.worm
Qihoo-360 HEUR/QVM19.1.F61F.Malware.Gen
Rising Packer.Win32.Agent.bj (CLASSIC)
SentinelOne DFI - Malicious PE
Sophos W32/Bobax-AC
Symantec W32.Bobax
TotalDefense Win32/Bobax.AP
Trapmine malicious.high.ml.score
TrendMicro TROJ_BOBAX.SMLV
TrendMicro-HouseCall TROJ_BOBAX.SMLV
VBA32 Heur.Trojan.Hlux
Webroot W32.Malware.Gen
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1970-01-01 08:00:00

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
FLATPE! 0x00001000 0x00400000 0x00009d12 7.988075534954075
FLATPE!
X 4LO'_"
4v`4_B
9p -is
.:ut;A>L55
ejP<0bH
xv$NO\*
_yb:s&_;
]lJ1Tv1R8<
+B7(dP
?O1K,
T:%NI<
qAHW |
sy"I(A7f
{FCD4Q?
P.JoDl,
d"@SQ(C
.>,"ty
LO1AI,Y
^g<'8t|
5%@wXn<x
H+W=n]
6,DJY
b_[/EN;
_3+6Yt
kTaR|3
nj@<]^Fh1
96~1()BmPR
+Yx,H(Ir
r5EEUYkE(
ee}C<FeB
%rFBq2
[ p_Fy*\A
~:,4,T
]D4sXj
bZc>t&y
h}X&`V #%
->M^ES
e yZu]F
;<pf95
QK9%!.
qICUz'
2YZgljW
X%0dFW=
;! b];[
|U|I1I@]
OY:i:p}
! :>#X/gg
t~y",[5r
g0=PIiVGF
\][CKCN`e,iuD.p~DnP#
?>lSW8"
y;$@:<Sa~;I+
fG3/S
R/Vb:-N
$`e<!H%:F]3n
,'cR#aA
TL@juLl
%d^=6yu
`a#0],[
$Fmr' uRs
">Usq}}`
8H'0i|fb~
!R~H_>@BC|cbB
P9CH]g
tJ},<~n/:K"
qy'r}303~
ve3J0j1V/__r?
6R/t2^nKp
w71U3H
9ycaBi"
%|zW8w
*&Xp%'m>!T
a}HfPu
5bp&>x
yB3k.C
~kFt{q1NJ
'**jUf
=2@r{
lnpITqf9\;D@
D~'K^x(]
"8lz+Ppe
8n^(~W
&sQ 6=
+H=hP^`4
`7(")hQ\
S1~49]e(
fn]D-$<Fe
~d!_g~
&p)3&^U
C1DJOsd~,
Xg5P$s
:RE_4=?+
1LIIed^g{
^X\j1pa
"b-%1+Lg|r
FP},\%
&#h^_,O
?*'K1
Is#7un
4tc8)rX
o?*)8S`U2)
iv%@Hr
2XN(N9;RC4Y
YxC{ HC
Y24-&IoO
Oj*j?Hz+7Eh2
K:l'p5k
]Uh1:I
assT,#F"
:0QUEv!
jlJD*8v;2
:|c]5>V
^0U^J{"|
8=hUsU
]^rI\Zvii
TUA<G04'
+@Y)o7[H$0
?z"_0j
vvoRJMEG
g@iDhPHY
L7$&h8C
\n<uhW
4whC&_;6[0^?
Hui,]$
4cUZU0N9S
0D 5</T.
Iliv*&
'jCh*,B@O<
7I2di:zWT^J
T$x4-&_>f'1lPWQ
Z8zT`q
G0"3A3
IcZH{18
6!%M.D3&+
5Dwl`C
>ytB^(}]wZz.P
z,OU/l
j|F)?AE
=zc.@c
;3X{o`e
EAjLe0tp67
IyAkS;
"y'Im#
<5Ir,d'
|/5>yDn}u3
Q>"ltI@s-@
T_&~HJ%=oL?
=K s}id
mV# JEn
Zp4=0m
=un]~K
+a$KX}
Rb`AM=
J%vRU\"p#:lnD`i<T
6^5E"x
JUSG{k;aS
50Qzg"C
_$\(;f
~CkJZ$4(;Gk7b2M
N]KTk-YxS&o
ARGb&B
$~, mV
(!Bqk<"(xsMSy
6Rb0\~
`Lt7@,a?
fLBny4TXk3L!^b5E
]%3=J,(
LwZ!^7
XAdYt-#l`
1U09QJ
z(5iNg
{zVelZg
E4g=`G
ifl3t-E
Tc~3M(
*[HRSk?
}<m[>k'G5{
5M*M^m"8tLIe
X?qS~i:8C*
r@Bpn
m jvTdV),v
V@v]0z
43+2t
L0LsF=
fpJG**
.,^//T<1-
Xn?!q<Q
<pVZsata:(htj
2`/jH@
"V9'[9
E^O9_d^Y
e)w@1236j>
:7$u6E
I3~e'$0x-X'?
q2LS :\>
0&59"a&q}
ojR(9'
|G\ob%5L
..uX#+
+7N&d$
6;RRLOC
5'kOVl4Kp,Wlwz8$6k
a*ksWqHSOL
IcC[LVQL3
Vj0}Vc)
kLgi4thC
<^uKcY0O
Mq0bPS=q<dEVU
;dir >(
WtDLRXmN_z!
[ub'M.k9
2*tn@UnHAH
i14(!>W
7h!V#j
7g,>_M
8[%@Tp
GG$F>!<{/%u
4-vIr
67v>0?[[M
lLi&fO1:F055p6
T%pY1N
5%YPm,e
2aC;}{(
h1zr`eJ
%"FT_V
ixl7nUa
$@1bWn
:R[dMFF}
>!reuY
bw.%|G}.IG
j{n@ax
IGod K
EG8>[U
b6e"FTDl=ti8;6
.O9.R-B
nqr3yuy
bw_lA6t:cI
<w9-d$q
HL-z/X
:a9F}2_E
3hIhj=
$J)>fd
>cxbb mA*gq
R50#p?
N4L'_<y`
<<0.+C.
_\cX,,)
F`FP+h'k
ji)7`B8
! S~@#
_hxFAVjm\O
<;t-x{2?@
kemG'j@CS
!BLk[!G4<4
H5wX+:
22^"2%
DG;niW
<ez"^H
uNYXB5fQ.G\k(
( nZ]eh1
ohah?i}U
I%,cvV9"s4
Eu6>mRJ
"g@\;>)l
GWap)-
?5B'AA~
_IN_X"PY)9<+P7
^17y=?
8kK<^7'j53p9P
j@z$sEc
?+QbXh5A
;EAldu"\
p+_MZRW4q
L}TuSIk
o}e!Wg0
@TV0:uN
k|NE`U2
Zs>;~
fpW8k=
|\U4pL
Q@etk:e(s0
Djy9::
&=g\h]GO;9t,#up,<
/6e4['O4.{
VoQjgmtKkg}
Y&zmyD^
x]:);q
{RT5-Fd=2~ft
@HtsE'
<i\?F1m
^iDXj}=hY
z}nbtq2
EYK:B(
k={x4a
o:T6BG&
K\6x+bq]kp00`
z3:2XCbL8j
@gh2Vwi
kx?F@
J'g`q1~d~8
Zjys@)
l*=y~aPle
Yl<UBh.E_[|WSB
K#H,$|vk
oP~U16-
Mle&D46vR^LQ
hW4De;
9i$QaTz
.}tiG"H
,E_S*1_m/+*
S v.^\>
]Gm4V[+x
rH(g'\bAF
6fjtX:&l
4jZW[e
\ ^Jl|?y
_[_<I9Tz
liJ[ku
P#KIi%
SEp;Dg=J/AP
q_2qCp{IvO=,![z
=xr$5pa!.
J^(PMcg
mK\kCo
F<LqZ.On[*6
Db^)Mpa
F&'Zp$rt
6D@trW
t1iwDKw
*`6j p
}Jb);Dy,
Co@TIR
U+|]ab}R
vx|<$~e
/gpM)>}E
&}l8mV'Igj
x"lH>>
GU`}jr
4~E.ag
v823`5f%
Qm$+,b|Qo
}Q7C(-}4&[)WB
gTaL#v
bOATD6
QpZ<_LZ6
bQjrT3=UF1k2
I:9l1zS
@`Po=s]K
RQ>7i#:
0I|1ho
]SWpDf@{`v
,1[3;
ReDvJ"
s2[yEa
^8qG#[hE
Japj*
x!h,v#<
qj !W*
qfD67&H
DMrXme
uU5Eq6
.2&aL/[e6!Z
J?uLCs
8!Amy/
pJh;Vx~6gbY
%JEXN1c
o:$$FxYV~g^SB@z
[FGOr6d@2~
g.Pv7^WEF-5?
TQKRa
/mI!lue]xc
EgY#K(
eYf5Y93,{
,sK?ZG
@W(i&4
$0dKQLo
rba;81&6So
:0PXJ*eOX;
x?LY%f
R&G:Y
=>yK$j
`! Q8:
^fn?6)
}?(f$=j8
KlXo1tn
V1@3h8P~4iA
wD;^M_&'(v
>OXvk(Lk
Y[#'wf
38BK1B .u
<oP1]ij\$
y+(h^${y4F^vo
GJ"VH:R
ZYj]zhRd1
5o?]'
tf*}Dx'>$j
EEP%)[:0(
*(r{xg
PFL8I(
|@_=E~
dq8};]1>kI`=
ec?q6;
FD-STo
2ws huqm+
9Pnbge2
1eJ $P
''Mg{'9QlRC
yO~2b]+0U
3fFy4F!
w btNhd~hX{
8]+"@'O
dEzE(l:
,.~]P)
1A(`^>HZ{
4M.{/=r
'dUpI#6a
s`O3y:
Z[?)uXL
$~Vi'y
>&3{a]|]5zs
GJok0ohaC)
ncGYw$
-/![dPtaI
8VGlo J
(0[eR&j
]0$3`P[
kY2Su5
lm~Um&bYc:
`65ANH0V=
X8UW@+%4+oXp
qxeb0:X`i]x
!IQ}(gf| [
j@X0Ju
QRv#WD
pO}Vs9l1
]ZCFp|wMV?k;
<FQ>S]NE_w
xyn?+CH`M&#9
PUE)}
=A.F&
T`sPB%:
,E2KE0
ZINoiN
xz3K_$>G
w0Coh0V_y
Cnd!>
y!oLdB
zt/<Q[
;YSw$G
1iHK+"
6dggBe;A
6[o'Ks3
azJ\n2
;6CB:[CI85
'9S\OO
{Y<;n?
`^UxQq
uF{?c#
gZe~Q$
e9"FOK
_\i{=7d9ER
E>YBE(
%q!&q
rr#RI&
LZ]am!
0da6"A]
yy!I#I
512^|e]bEVR
-P2~%l\O^J
=_ROtQW=
o_?JKNH77c
o%t]Dc
$&F#=",/]&t
Rh*J?@2
{ 9an,
6S66=Rp
A*x4q$2r]
*W\N?m*
ZGAV>|a
UXz4Gd8z
e=lZTXqt
Hm&i2nL
29k$@@A?8>!
_LMlo=
>4Vb\{
C|k>|4
MhB2J[mt
gUt\liiv^
8Ber(F
T/Ag7ll
hG"AT3
)&y'ZR
A5E lB
7O&b>;
+h<S2P
##bpY%&zQhZ0
!\%0m/
xrUl[VU1}lS
Y%(i<a5f
[#N<_M=
a7xNC-Y
9W1Z6X
,pj}FJ
^|{QamRH
zwbb[_5|
1&@Z@]
3$:0L.6a\,Z8;
n LsRS x3 spFxY
Jw.Sneyv
WZg8a/L
- vTkw7/
w>w@Plhfykl0L$>
u%I~PvI
_Xbn{Hr
XZj%n
b6}LlN
9,|KD4
k&fk63W
4te^r@@T
6n<3qtsU"
{-Ay\O
"&S:qH8u
T$n3xX
,#gjE-p
g$$EII1
Ni%D~e`@d>
+&.3D}4pZ(
M /=4[Jfs^PkU0{_/QJgo
b{80A\?d
d8'!sr3#fr1r)
-R(1:w4
mF`g(]T
i'TsV
<`M'M"+:O^V
3vs.|l
VhBx\)
@>s'vN'
OV`=rc
y)8X^3
gFAw_.;r9+K
/zx\qF
j`&n"(
M4%.4t
_nincCv-=t
q_!s"l$*
0kM;q <|N"
K'YkWHKM2^bo~Ks
`R3e>K>
06~_BB&Ug
^q^*q=
X%Lt,.w
eF.k)_>ca
8VN4 #?Z5tg1N
Vq Ycuo
Z~i,9 E
H%N#Q_?Q>
+~ X<5&
,'XJ$s
(E8>xh^X
,j9~yyLm
phMu(FHzkP
/qE^D&Y
$T$Wab
"/I.<
o^_5]VM
o3At):=u
z{\yW'Y1
)r`T4yL
FDDy
P~z%_hXjrpV
~$?([m2k
EGM_<wJ)
zFobn.9\!HaBf
pU:;=i -H
4U0b[#
91IhA2
'P"u9qWr
ibZ6v$
^kBp}Q
,3%`^glE
uFJN)<od
yc,L)kxV
^XN>`;-<
D?fre
nH9YfVo
;P1^J}*k4k
Wy'nJLRJ
CE)&GY?
rcTgx2Slt
i"Fo})#3`
_[n3XE
$Es`9Ug
&;SDgAyNY7<T
Ii%Kn
|f0]*t9}/
dSAI(N
H1,2(/;
;>^S"`2#
,E0ap^\7
\f3a.G|(33"%
nO>z:O&
}KB2oHB*
Rcnb+VntG
F72~IMeYk
9m<(Spp
ZO<a,W
=8'qsDh
UF#tMe\1>{ JfXh&Y,XE,#*vu
\LQD#n
.}nAJ9
zH~jg2k(
&yp;rT_
2m%G,!
lTe6=(ve
+Gx+y7]A{
1P-Z2@iL~V.!1?Mbv
51]"W6 J
i7*e$O*
3Uf@9$
E3 q\s
sN<\8Zc
i>:BtaA
=,%_z/-
qa"N&W*OmG
?X;Pji
?y\ []O|E3N
HhO|U>
k*I3Xgh
Vu)OI|
Eg~=1<8
}F>exPAbPz#JP
,MhAXv
y0fO!D/E
) D3ad7*;w
<y!nkM;
>OL#k;<!
g?KDPhPW_)/-=v
N1}2n)=Vv{
Siwr&?p
+Sa;{6(<
W32OsbHn
.PHQ3t
h{iY5w
(~PN*hlL o
P)3_p
b(7R*jgc
L@wlgN{
9=-z)@GPW
xBwtH[X@
xti21^# 6&U\
_;BHL\8/
"XL4I]EU
wxN%Zai4]<y9.}=zZJ8
9>x,6_Qd2
n~{U8U|
}$K3W'nt=
h:62#J|K
DK(Iqh
iW2?uCo^c
R3`#N-vE
bR">uO=
Bmu$,$k
];QYA[
bUQq*w
\"c>%-]g?
&FB<. E#
69]HIN P
fQ`.){z
%95 Xj
0k\`Tl
b:d3&A[
xf[H 1@Z
cb/)Dqv{6t
`9+}-m8X
jfIpZuIL
F5Gk'Nu
OX5\2cN}0
tur<^zrpLk
nL*'vJ
+WL!'0n
DUL6+r\V85a
MXEB>^
RT]prLC%WTlK&
=-y`E&w
t?zgTJZ$>P
H6]QV~
I.5"8Ja[6
ciq5N$P'dThK<{%
aggn]mHv @O]7ExD8
4x#G~.o7
OEQ'mwq:'X"43:Py6
Kj`m#^y<
%[ YvK2:Q}%
E3j^J?
(dr,6S$6E
WDLD7/r-
hG+r=B5
Eyf$qDs=UJyJ?
vQXk'(^\<62BXZr
bsO(uL

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 61714 8.8.8.8 53
192.168.56.101 56933 8.8.8.8 53
192.168.56.101 138 192.168.56.255 138
192.168.56.101 58485 114.114.114.114 53
192.168.56.101 57665 114.114.114.114 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.