SmartHawk

5.0

中危

54 个模型检测该样本为恶意！

重新分析

下载样本

71519171005b0a3567a141c4b0bd1dffc20c0a3781af6700c9f22561694d31ef

aad81bee49d90535cf23f2c040a98903.exe

分析耗时

90s

最近分析

文件大小

763.0KB

静态报毒动态报毒 AGENTTESLA AI SCORE=88 BUQBYI BYKOF CONFIDENCE ELDORADO FAREIT GDSDA GENERICKD HIGH CONFIDENCE HUTZBV IGENT INJECT3 KRYPTIK MALICIOUS PE MALWARE@#3LWY5UEFDDJK2 MALWAREX R03BC0DID20 SCORE SUSGEN TASKUN TSCOPE UNSAFE VM0@AMDRGNH ZEMSILF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	TrojanSpy:MSIL/AgentTesla.e8ffde87	20190527	0.3.0.5
CrowdStrike	win/malicious_confidence_90% (W)	20190702	1.0
Baidu		20190318	1.0.0.2
Kingsoft		20201010	2013.8.14.323
McAfee	Fareit-FZV!AAD81BEE49D9	20201010	6.0.6.653

Queries for the computername (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620920603.665501 GetComputerNameW	computer_name: OSKAR-PC	success	1	0

Checks if process is being debugged by a debugger (50 out of 52 个事件)

Time & API	Arguments	Status	Return	Repeated
1620920598.008501 IsDebuggerPresent		failed	0	0
1620920598.008501 IsDebuggerPresent		failed	0	0
1620920647.258501 IsDebuggerPresent		failed	0	0
1620920647.774501 IsDebuggerPresent		failed	0	0
1620920648.290501 IsDebuggerPresent		failed	0	0
1620920648.774501 IsDebuggerPresent		failed	0	0
1620920649.290501 IsDebuggerPresent		failed	0	0
1620920649.774501 IsDebuggerPresent		failed	0	0
1620920650.290501 IsDebuggerPresent		failed	0	0
1620920650.774501 IsDebuggerPresent		failed	0	0
1620920651.290501 IsDebuggerPresent		failed	0	0
1620920651.774501 IsDebuggerPresent		failed	0	0
1620920652.290501 IsDebuggerPresent		failed	0	0
1620920652.774501 IsDebuggerPresent		failed	0	0
1620920653.290501 IsDebuggerPresent		failed	0	0
1620920653.774501 IsDebuggerPresent		failed	0	0
1620920654.290501 IsDebuggerPresent		failed	0	0
1620920654.774501 IsDebuggerPresent		failed	0	0
1620920655.290501 IsDebuggerPresent		failed	0	0
1620920655.774501 IsDebuggerPresent		failed	0	0
1620920656.290501 IsDebuggerPresent		failed	0	0
1620920656.774501 IsDebuggerPresent		failed	0	0
1620920657.336501 IsDebuggerPresent		failed	0	0
1620920657.774501 IsDebuggerPresent		failed	0	0
1620920658.352501 IsDebuggerPresent		failed	0	0
1620920658.774501 IsDebuggerPresent		failed	0	0
1620920659.352501 IsDebuggerPresent		failed	0	0
1620920659.774501 IsDebuggerPresent		failed	0	0
1620920660.352501 IsDebuggerPresent		failed	0	0
1620920660.774501 IsDebuggerPresent		failed	0	0
1620920661.352501 IsDebuggerPresent		failed	0	0
1620920661.774501 IsDebuggerPresent		failed	0	0
1620920662.352501 IsDebuggerPresent		failed	0	0
1620920662.790501 IsDebuggerPresent		failed	0	0
1620920663.352501 IsDebuggerPresent		failed	0	0
1620920663.790501 IsDebuggerPresent		failed	0	0
1620920664.352501 IsDebuggerPresent		failed	0	0
1620920664.790501 IsDebuggerPresent		failed	0	0
1620920665.352501 IsDebuggerPresent		failed	0	0
1620920665.790501 IsDebuggerPresent		failed	0	0
1620920666.383501 IsDebuggerPresent		failed	0	0
1620920666.790501 IsDebuggerPresent		failed	0	0
1620920667.399501 IsDebuggerPresent		failed	0	0
1620920667.790501 IsDebuggerPresent		failed	0	0
1620920668.415501 IsDebuggerPresent		failed	0	0
1620920668.790501 IsDebuggerPresent		failed	0	0
1620920669.415501 IsDebuggerPresent		failed	0	0
1620920669.805501 IsDebuggerPresent		failed	0	0
1620920670.540501 IsDebuggerPresent		failed	0	0
1620920670.805501 IsDebuggerPresent		failed	0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620920598.071501 GlobalMemoryStatusEx		success	1	0

Allocates read-write-execute memory (usually to unpack itself) (50 out of 93 个事件)

Time & API	Arguments	Status	Return
1620920597.118501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 1835008 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 8192 (MEM_RESERVE) base_address: 0x00820000	success	0
1620920597.118501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x009a0000	success	0
1620920597.321501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 2162688 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 8192 (MEM_RESERVE) base_address: 0x024c0000	success	0
1620920597.321501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02690000	success	0
1620920597.540501 NtProtectVirtualMemory	process_identifier: 2636 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x73e71000	success	0
1620920598.008501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 917504 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 8192 (MEM_RESERVE) base_address: 0x005c0000	success	0
1620920598.008501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00660000	success	0
1620920598.024501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x0052a000	success	0
1620920598.024501 NtProtectVirtualMemory	process_identifier: 2636 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x73e72000	success	0
1620920598.024501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00522000	success	0
1620920598.336501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00532000	success	0
1620920598.618501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00555000	success	0
1620920598.633501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x0055b000	success	0
1620920598.633501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00557000	success	0
1620920598.899501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00533000	success	0
1620920599.040501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x0053c000	success	0
1620920600.415501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00534000	success	0
1620920600.446501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00536000	success	0
1620920600.852501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x006b0000	success	0
1620920601.133501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00537000	success	0
1620920601.665501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x0054a000	success	0
1620920601.665501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00547000	success	0
1620920602.930501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x0053a000	success	0
1620920603.086501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00546000	success	0
1620920603.461501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00538000	success	0
1620920603.586501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00720000	success	0
1620920603.774501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x0054b000	success	0
1620920604.008501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x006b1000	success	0
1620920604.008501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x0052c000	success	0
1620920604.055501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00539000	success	0
1620920604.086501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00523000	success	0
1620920637.352501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02691000	success	0
1620920637.430501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x006b2000	success	0
1620920637.665501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02680000	success	0
1620920637.711501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02681000	success	0
1620920637.711501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02682000	success	0
1620920637.790501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02683000	success	0
1620920637.821501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x006b3000	success	0
1620920637.852501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02684000	success	0
1620920637.852501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x0053d000	success	0
1620920637.883501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 12288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x006b4000	success	0
1620920637.899501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x006b7000	success	0
1620920638.024501 NtProtectVirtualMemory	process_identifier: 2636 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 296448 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x04af0400	failed	3221225550
1620920645.743501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x006b8000	success	0
1620920645.743501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02685000	success	0
1620920645.743501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x006b9000	success	0
1620920645.774501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x006ba000	success	0
1620920645.821501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x006bb000	success	0
1620920645.993501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x006bc000	success	0
1620920646.165501 NtAllocateVirtualMemory	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x006bd000	success	0

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.832762534296554

section

{'size_of_data': '0x0006f000', 'virtual_address': '0x00002000', 'entropy': 7.832762534296554, 'name': '.text', 'virtual_size': '0x0006efdc'}

description

A section with a high entropy has been found

entropy

0.5822950819672131

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620920638.008501 LookupPrivilegeValueW	system_name: privilege_name: SeDebugPrivilege	success	1	0

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

A process attempted to delay the analysis task. (1 个事件)

description

aad81bee49d90535cf23f2c040a98903.exe tried to sleep 2728244 seconds, actually delayed analysis time by 2728244 seconds

Generates some ICMP traffic

File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.34504029
FireEye	Generic.mg.aad81bee49d90535
CAT-QuickHeal	Trojan.MSIL
ALYac	Trojan.GenericKD.34504029
Cylance	Unsafe
Zillya	Trojan.Kryptik.Win32.2529485
K7AntiVirus	Trojan ( 0056e1571 )
Alibaba	TrojanSpy:MSIL/AgentTesla.e8ffde87
K7GW	Trojan ( 005690671 )
CrowdStrike	win/malicious_confidence_90% (W)
Arcabit	Trojan.Generic.D20E7D5D
Invincea	Mal/Generic-S
Cyren	W32/MSIL_Kryptik.BOU.gen!Eldorado
Symantec	Packed.Generic.570
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 85)
Kaspersky	HEUR:Trojan.MSIL.Taskun.gen
BitDefender	Trojan.GenericKD.34504029
NANO-Antivirus	Trojan.Win32.Taskun.hutzbv
ViRobot	Trojan.Win32.Z.Kryptik.781312.F
Ad-Aware	Trojan.GenericKD.34504029
Emsisoft	Trojan.Crypt (A)
Comodo	Malware@#3lwy5uefddjk2
F-Secure	Trojan.TR/Kryptik.bykof
DrWeb	Trojan.Inject3.58449
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_GEN.R03BC0DID20
McAfee-GW-Edition	BehavesLike.Win32.Generic.bc
Sophos	Mal/Generic-S
SentinelOne	DFI - Malicious PE
Webroot	W32.Trojan.Gen
Avira	TR/Kryptik.bykof
eGambit	Unsafe.AI_Score_61%
Microsoft	TrojanSpy:MSIL/AgentTesla.PBU!MTB
AegisLab	Trojan.MSIL.Taskun.4!c
ZoneAlarm	HEUR:Trojan.MSIL.Taskun.gen
GData	Trojan.GenericKD.34504029
AhnLab-V3	Malware/Win32.RL_Generic.C4194937
McAfee	Fareit-FZV!AAD81BEE49D9
MAX	malware (ai score=88)
VBA32	TScope.Trojan.MSIL
Malwarebytes	Trojan.MalPack
ESET-NOD32	a variant of MSIL/Kryptik.XRP
TrendMicro-HouseCall	TROJ_GEN.R03BC0DID20
Yandex	Trojan.Igent.bUqBYi.44
Ikarus	Trojan.MSIL.Inject
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Kryptik.XRP!tr

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-09-10 09:25:15

Imports

Library mscoree.dll:

• 0x402000 _CorExeMain

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net A 51.105.208.173
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50002	114.114.114.114	53
192.168.56.101	53237	114.114.114.114	53
192.168.56.101	57756	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	62318	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50003	239.255.255.250	3702
192.168.56.101	50539	239.255.255.250	1900
192.168.56.101	58368	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.