2.4
中危
29 个模型检测该样本为恶意!
重新分析
更多

d69581cb3564853dd73e221cc3cb249ccb1b9680193d5e9327a95657ee1ab4a6

a8c647b30363624bb90794ff490da780.exe

分析耗时

74s

最近分析

文件大小

3.8MB
静态报毒 动态报毒 AI SCORE=88 ARTEMIS CLOUD FILEREPMETAGEN FUERBOOS GEN3 HGIASOCA JKSW MALICIOUS R066H09L120 SCORE UNSAFE URSU WACATAC XPACK YMACCO 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!A8C647B30363 20210311 6.0.6.653
Alibaba Trojan:Application/Generic.d42b0b36 20190527 0.3.0.5
CrowdStrike 20210203 1.0
Baidu 20190318 1.0.0.2
Avast FileRepMetagen [Malware] 20210311 21.1.5827.0
Kingsoft 20210312 2017.9.26.565
Tencent 20210312 1.0.0.1
行为判定
动态指标
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Generates some ICMP traffic
File has been identified by 29 AntiVirus engines on VirusTotal as malicious (29 个事件)
McAfee Artemis!A8C647B30363
Sangfor Trojan.Win32.Wacatac.C
Alibaba Trojan:Application/Generic.d42b0b36
Arcabit Trojan.Ursu.DE5C4A
Cyren W32/Trojan.JKSW-3686
Paloalto generic.ml
Cynet Malicious (score: 85)
BitDefender Gen:Variant.Ursu.941130
ViRobot Trojan.Win32.Z.Ursu.3964928
MicroWorld-eScan Gen:Variant.Ursu.941130
Avast FileRepMetagen [Malware]
Rising Trojan.Fuerboos!8.EFC8 (CLOUD)
Ad-Aware Gen:Variant.Ursu.941130
VIPRE Trojan.Win32.Generic!BT
FireEye Gen:Variant.Ursu.941130
Emsisoft Gen:Variant.Ursu.941130 (B)
Avira TR/Crypt.XPACK.Gen3
MAX malware (ai score=88)
Gridinsoft Ransom.Win32.Wacatac.oa
Microsoft Program:Win32/Ymacco.AAD6
AegisLab Trojan.Win32.Generic.4!c
GData Gen:Variant.Ursu.941130
ALYac Gen:Variant.Ursu.941130
Cylance Unsafe
TrendMicro-HouseCall TROJ_GEN.R066H09L120
Ikarus Trojan.Crypt
MaxSecure Virus.Patched.OF
AVG FileRepMetagen [Malware]
Qihoo-360 Win32/Trojan.Generic.HgIASOcA
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2012-01-12 12:11:05

Imports

Library USER32.dll:
0x6ec3b4 ShowWindowAsync
0x6ec3bc GetSystemMetrics
0x6ec3c0 MapVirtualKeyA
0x6ec3c4 ToAscii
0x6ec3c8 PostMessageA
0x6ec3cc CloseClipboard
0x6ec3d0 GetClipboardData
0x6ec3d4 OpenClipboard
0x6ec3dc SetClipboardData
0x6ec3e0 EmptyClipboard
0x6ec3e4 DestroyWindow
0x6ec3e8 DefWindowProcA
0x6ec3ec CreateWindowExA
0x6ec3f0 RegisterClassA
0x6ec3f8 ReleaseDC
0x6ec3fc SetFocus
0x6ec400 ShowWindow
0x6ec404 GetDC
0x6ec408 SetWindowPos
0x6ec40c AdjustWindowRect
0x6ec410 GetWindowLongA
0x6ec414 SetWindowLongA
0x6ec41c UnregisterClassA
0x6ec420 PostQuitMessage
0x6ec424 MessageBoxA
0x6ec428 ShowCursor
0x6ec42c GetKeyState
0x6ec430 SetCursorPos
0x6ec434 GetCursorPos
0x6ec438 GetWindowRect
0x6ec43c ClipCursor
0x6ec440 ReleaseCapture
0x6ec444 SetCapture
0x6ec448 GetDesktopWindow
0x6ec44c GetForegroundWindow
0x6ec450 DispatchMessageA
0x6ec454 TranslateMessage
0x6ec458 PeekMessageA
0x6ec464 LoadCursorA
0x6ec468 LoadIconA
0x6ec46c SetForegroundWindow
Library ADVAPI32.dll:
0x6ec000 RegCloseKey
0x6ec004 RegOpenKeyExA
0x6ec008 RegQueryValueExA
Library GDI32.dll:
0x6ec010 CreateFontA
0x6ec014 SelectObject
0x6ec018 SetBkColor
0x6ec01c SetTextColor
0x6ec020 GetTextMetricsA
0x6ec024 SetDeviceGammaRamp
0x6ec02c DeleteObject
0x6ec030 CreateCompatibleDC
0x6ec038 GetDeviceGammaRamp
0x6ec03c SetPixelFormat
0x6ec040 GetDeviceCaps
0x6ec044 GetGlyphOutlineA
0x6ec048 GetStockObject
Library WINMM.dll:
0x6ec474 mciSendCommandA
0x6ec478 auxGetVolume
0x6ec480 auxSetVolume
0x6ec488 auxGetDevCapsA
0x6ec48c auxGetNumDevs
0x6ec490 mixerClose
0x6ec498 mixerGetLineInfoA
0x6ec49c mixerOpen
0x6ec4a0 mixerGetNumDevs
0x6ec4a4 mciGetErrorStringA
Library WSOCK32.dll:
0x6ec4ac send
0x6ec4b0 connect
0x6ec4b4 socket
0x6ec4b8 recv
0x6ec4bc select
0x6ec4c0 closesocket
0x6ec4c4 ioctlsocket
0x6ec4c8 htons
0x6ec4cc sendto
0x6ec4d0 bind
0x6ec4d4 WSAGetLastError
0x6ec4d8 inet_addr
0x6ec4dc getsockname
0x6ec4e0 gethostbyname
0x6ec4e8 recvfrom
0x6ec4ec accept
0x6ec4f0 htonl
0x6ec4f4 ntohs
0x6ec4f8 WSACleanup
0x6ec4fc listen
0x6ec500 inet_ntoa
0x6ec504 WSAAsyncSelect
0x6ec508 WSAStartup
0x6ec510 WSASetLastError
0x6ec514 getsockopt
0x6ec518 __WSAFDIsSet
0x6ec51c setsockopt
Library KERNEL32.dll:
0x6ec050 ReleaseSemaphore
0x6ec054 WaitForSingleObject
0x6ec058 CreateSemaphoreA
0x6ec05c GetDriveTypeA
0x6ec060 ExitProcess
0x6ec064 DebugBreak
0x6ec068 GlobalAlloc
0x6ec06c GlobalLock
0x6ec070 GlobalUnlock
0x6ec074 FindNextFileA
0x6ec07c GetModuleFileNameA
0x6ec080 GetCurrentThreadId
0x6ec08c CreateDirectoryA
0x6ec090 FindFirstFileA
0x6ec094 FindClose
0x6ec098 CopyFileA
0x6ec09c AllocConsole
0x6ec0a0 SetConsoleTitleA
0x6ec0a4 GetStdHandle
0x6ec0ac ReadConsoleInputA
0x6ec0b4 CreateThread
0x6ec0c0 CreateMutexA
0x6ec0c8 GetCurrentProcess
0x6ec0d0 DuplicateHandle
0x6ec0d4 ReleaseMutex
0x6ec0d8 SetEvent
0x6ec0e0 GetStartupInfoA
0x6ec0e4 CreateEventA
0x6ec0e8 GetExitCodeThread
0x6ec0ec TerminateThread
0x6ec0f0 SleepEx
0x6ec0f4 PeekNamedPipe
0x6ec0f8 GetFileType
0x6ec100 GetDiskFreeSpaceW
0x6ec104 GetComputerNameA
0x6ec108 CreateProcessA
0x6ec10c CreateFileMappingA
0x6ec110 MapViewOfFile
0x6ec114 CreateFileW
0x6ec118 CreateFileA
0x6ec11c GetDiskFreeSpaceA
0x6ec120 GetFullPathNameW
0x6ec124 GetFullPathNameA
0x6ec128 FormatMessageW
0x6ec12c FormatMessageA
0x6ec130 LocalFree
0x6ec134 GetTempPathW
0x6ec138 GetTempPathA
0x6ec13c UnmapViewOfFile
0x6ec144 GetSystemTime
0x6ec148 GetCurrentProcessId
0x6ec14c GetTickCount
0x6ec154 LoadLibraryW
0x6ec15c DeleteFileW
0x6ec160 GetFileAttributesW
0x6ec164 DeleteFileA
0x6ec168 GetFileAttributesA
0x6ec16c UnlockFileEx
0x6ec170 LockFileEx
0x6ec174 LockFile
0x6ec178 UnlockFile
0x6ec17c GetFileSize
0x6ec180 FlushFileBuffers
0x6ec184 SetEndOfFile
0x6ec188 WriteFile
0x6ec18c ReadFile
0x6ec190 CloseHandle
0x6ec194 SetFilePointer
0x6ec198 AreFileApisANSI
0x6ec19c WideCharToMultiByte
0x6ec1a0 GetVersionExA
0x6ec1a8 Sleep
0x6ec1b0 TlsAlloc
0x6ec1b4 GetSystemInfo
0x6ec1b8 TlsGetValue
0x6ec1bc GetProcAddress
0x6ec1c0 FreeLibrary
0x6ec1c4 SetLastError
0x6ec1c8 GetLastError
0x6ec1cc LoadLibraryA
0x6ec1d0 GetModuleHandleA
0x6ec1d8 OutputDebugStringW
0x6ec1dc MultiByteToWideChar
0x6ec1ec VirtualFree
0x6ec1f0 VirtualAlloc
0x6ec1f4 TlsSetValue
Library SHELL32.dll:
0x6ec3a8 SHGetFolderPathA
0x6ec3ac ShellExecuteA
Library MSVCR71.dll:
0x6ec1fc localtime
0x6ec200 strncmp
0x6ec204 memmove
0x6ec208 ceil
0x6ec20c __RTDynamicCast
0x6ec210 _CIacos
0x6ec214 _CIasin
0x6ec218 _CIpow
0x6ec21c _CIfmod
0x6ec220 time
0x6ec224 atof
0x6ec228 exit
0x6ec22c fprintf
0x6ec230 putc
0x6ec234 _iob
0x6ec238 strncat
0x6ec23c _stricmp
0x6ec240 _strnicmp
0x6ec244 _strupr
0x6ec248 _strlwr
0x6ec24c strrchr
0x6ec250 strcspn
0x6ec254 strtok
0x6ec258 isalnum
0x6ec25c isalpha
0x6ec260 isspace
0x6ec264 isdigit
0x6ec268 vprintf
0x6ec26c vsprintf
0x6ec270 fflush
0x6ec274 qsort
0x6ec278 _exit
0x6ec27c sprintf
0x6ec280 getenv
0x6ec284 _setjmp3
0x6ec288 fread
0x6ec28c gmtime
0x6ec290 fwrite
0x6ec294 longjmp
0x6ec298 _open
0x6ec29c strtod
0x6ec2a0 _stati64
0x6ec2a4 fclose
0x6ec2a8 fopen
0x6ec2ac tolower
0x6ec2b0 isxdigit
0x6ec2b4 fseek
0x6ec2b8 _strtoi64
0x6ec2bc memchr
0x6ec2c0 _beginthreadex
0x6ec2c4 fgets
0x6ec2c8 fputs
0x6ec2cc strtol
0x6ec2d0 fputc
0x6ec2d4 _fstati64
0x6ec2d8 _lseeki64
0x6ec2dc strerror
0x6ec2e0 _sys_nerr
0x6ec2e4 _aligned_malloc
0x6ec2e8 _aligned_free
0x6ec2ec _ftol
0x6ec2f0 ldexp
0x6ec2f4 frexp
0x6ec2fc _except_handler3
0x6ec304 __dllonexit
0x6ec308 _onexit
0x6ec30c _c_exit
0x6ec310 _XcptFilter
0x6ec314 _ismbblead
0x6ec318 _cexit
0x6ec31c _acmdln
0x6ec320 _amsg_exit
0x6ec324 __getmainargs
0x6ec328 _initterm
0x6ec32c __setusermatherr
0x6ec330 _adjust_fdiv
0x6ec334 __p__commode
0x6ec338 __p__fmode
0x6ec33c __set_app_type
0x6ec340 ?terminate@@YAXXZ
0x6ec344 _controlfp
0x6ec348 _read
0x6ec34c _close
0x6ec350 _memicmp
0x6ec354 _strdup
0x6ec358 _fileno
0x6ec35c floor
0x6ec360 atoi
0x6ec364 _purecall
0x6ec368 _errno
0x6ec36c printf
0x6ec370 free
0x6ec374 malloc
0x6ec378 _snprintf
0x6ec37c strncpy
0x6ec380 perror
0x6ec384 strchr
0x6ec388 realloc
0x6ec38c strstr
0x6ec390 strtoul
0x6ec394 sscanf
0x6ec398 calloc
0x6ec39c _vsnprintf
0x6ec3a0 abort
Library iphlpapi.dll:
0x6ec524 GetAdaptersInfo
Library BlocklandLoader.dll:
0x8f40f0 loader

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.