3.4
中危
59 个模型检测该样本为恶意!
重新分析
更多

a69fdd9e4c3558d323c3ddab6c89328ead207046764019014e013dc696d5861e

ab979bad22978286f693fa6d89733b59.exe

分析耗时

95s

最近分析

文件大小

2.3MB
静态报毒 动态报毒 3ALOKLWWS0G AI SCORE=87 AIDETECTVM BANKERX BSCOPE CLASSIC CONFIDENCE EKVT ELDORADO EMOTET ENCPK EPOY GENCIRC GENETIC GENKRYPTIK HBR@8QRQPO HCWQ HIGH CONFIDENCE INJECT3 KRYPTIK MALICIOUS PE MALWARE1 OAICX PINKSBOT QAKBOT QBOT QS0@A8ZZSIGI R + MAL R338453 SCORE SHADE STATIC AI SUSGEN TROJANBANKER UNSAFE ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanBanker:Win32/Emotet.506cccbc 20190527 0.3.0.5
Avast Win32:BankerX-gen [Trj] 20201229 21.1.5827.0
Tencent Malware.Win32.Gencirc.10b9e5cd 20201229 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft 20201229 2017.9.26.565
McAfee W32/PinkSbot-GN!AB979BAD2297 20201229 6.0.6.653
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619826920.78356
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name MUI
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (4 个事件)
Time & API Arguments Status Return Repeated
1619826879.34656
NtAllocateVirtualMemory
process_identifier: 2228
region_size: 233472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01f30000
success 0 0
1619826920.72156
NtAllocateVirtualMemory
process_identifier: 2228
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01fb0000
success 0 0
1619826920.72156
NtProtectVirtualMemory
process_identifier: 2228
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 245760
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619827653.863625
NtAllocateVirtualMemory
process_identifier: 284
region_size: 233472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00940000
success 0 0
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619826921.83056
CreateProcessInternalW
thread_identifier: 3068
thread_handle: 0x00000154
process_identifier: 284
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\ab979bad22978286f693fa6d89733b59.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000158
inherit_handles: 0
success 1 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (2 个事件)
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 3.222.126.94
File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
DrWeb Trojan.Inject3.38964
MicroWorld-eScan Trojan.Agent.EPOY
FireEye Generic.mg.ab979bad22978286
CAT-QuickHeal Trojan.Qbot
ALYac Trojan.Agent.EPOY
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 005652cb1 )
Alibaba TrojanBanker:Win32/Emotet.506cccbc
K7GW Trojan ( 005652cb1 )
Cybereason malicious.d22978
Arcabit Trojan.Agent.EPOY
BitDefenderTheta Gen:NN.ZexaF.34700.qs0@a8ZzSIgi
Cyren W32/Emotet.AJZ.gen!Eldorado
Symantec Packed.Generic.459
ESET-NOD32 a variant of Win32/Kryptik.HCWQ
APEX Malicious
Paloalto generic.ml
ClamAV Win.Malware.Qbot-7682531-0
Kaspersky HEUR:Trojan-Banker.Win32.Qbot.vho
BitDefender Trojan.Agent.EPOY
Avast Win32:BankerX-gen [Trj]
Tencent Malware.Win32.Gencirc.10b9e5cd
Ad-Aware Trojan.Agent.EPOY
TACHYON Backdoor/W32.Qbot.2373120
Sophos Mal/Generic-R + Mal/EncPk-APV
Comodo TrojWare.Win32.Kryptik.HBR@8qrqpo
F-Secure Trojan.TR/Kryptik.oaicx
VIPRE Trojan.Win32.Generic!BT
TrendMicro Backdoor.Win32.QAKBOT.SME
McAfee-GW-Edition BehavesLike.Win32.PinkSbot.vz
Emsisoft Trojan.Agent.EPOY (B)
SentinelOne Static AI - Malicious PE
Jiangmin Trojan.Banker.Qbot.nt
Avira TR/Kryptik.oaicx
Antiy-AVL Trojan[Banker]/Win32.Qbot
Gridinsoft Trojan.Win32.Kryptik.ba!s3
Microsoft Trojan:Win32/Emotet.MS!MTB
AegisLab Trojan.Win32.Malicious.4!c
ZoneAlarm HEUR:Trojan-Banker.Win32.Qbot.vho
GData Trojan.Agent.EPOY
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Qakbot.R338453
McAfee W32/PinkSbot-GN!AB979BAD2297
MAX malware (ai score=87)
VBA32 BScope.TrojanRansom.Shade
Malwarebytes Backdoor.Qbot
TrendMicro-HouseCall Backdoor.Win32.QAKBOT.SME
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-04-21 20:03:37

Imports

Library KERNEL32.dll:
0x62b9a8 VirtualAlloc
0x62b9ac GetModuleHandleW
0x62b9b0 lstrlenW
0x62b9b4 lstrcmpA
0x62b9b8 WriteProcessMemory
0x62b9bc WriteFile
0x62b9c0 WideCharToMultiByte
0x62b9c4 WaitForSingleObject
0x62b9cc VirtualQueryEx
0x62b9d0 VirtualQuery
0x62b9d4 VirtualProtectEx
0x62b9d8 VirtualProtect
0x62b9dc VirtualFree
0x62b9e0 UnmapViewOfFile
0x62b9e4 TerminateThread
0x62b9e8 TerminateProcess
0x62b9f0 SuspendThread
0x62b9f4 Sleep
0x62b9f8 SizeofResource
0x62b9fc SetThreadPriority
0x62ba00 SetThreadContext
0x62ba08 SetPriorityClass
0x62ba0c SetLastError
0x62ba10 SetFilePointer
0x62ba14 SetEvent
0x62ba18 ResumeThread
0x62ba1c ResetEvent
0x62ba20 ReleaseSemaphore
0x62ba24 ReleaseMutex
0x62ba28 ReadProcessMemory
0x62ba2c ReadFile
0x62ba38 PulseEvent
0x62ba3c OutputDebugStringW
0x62ba40 OpenProcess
0x62ba44 OpenMutexW
0x62ba48 OpenFileMappingA
0x62ba4c OpenFileMappingW
0x62ba50 OpenEventA
0x62ba54 MultiByteToWideChar
0x62ba58 MulDiv
0x62ba5c MapViewOfFile
0x62ba60 LockResource
0x62ba64 LocalFree
0x62ba68 LocalAlloc
0x62ba6c LoadResource
0x62ba70 LoadLibraryExA
0x62ba74 LoadLibraryExW
0x62ba78 LoadLibraryA
0x62ba7c LoadLibraryW
0x62ba88 GlobalUnlock
0x62ba8c GlobalSize
0x62ba90 GlobalReAlloc
0x62ba94 GlobalHandle
0x62ba98 GlobalLock
0x62ba9c GlobalFree
0x62baa0 GlobalFindAtomW
0x62baa4 GlobalDeleteAtom
0x62baa8 GlobalAlloc
0x62baac GlobalAddAtomW
0x62babc GetVersionExA
0x62bac0 GetVersionExW
0x62bac4 GetVersion
0x62bac8 GetTickCount
0x62bacc GetThreadPriority
0x62bad0 GetThreadLocale
0x62bad4 GetThreadContext
0x62bad8 GetTempPathW
0x62badc GetSystemTime
0x62bae0 GetSystemDirectoryA
0x62bae4 GetSystemDirectoryW
0x62bae8 GetStartupInfoW
0x62baec GetProcessVersion
0x62baf4 GetProcAddress
0x62baf8 GetPriorityClass
0x62bafc GetModuleHandleA
0x62bb00 GetModuleFileNameA
0x62bb04 GetModuleFileNameW
0x62bb08 GetLogicalDrives
0x62bb0c GetLastError
0x62bb10 GetFileSize
0x62bb14 GetFileAttributesA
0x62bb18 GetFileAttributesW
0x62bb1c GetExitCodeThread
0x62bb20 GetExitCodeProcess
0x62bb28 GetDriveTypeW
0x62bb2c GetCurrentThreadId
0x62bb30 GetCurrentThread
0x62bb34 GetCurrentProcessId
0x62bb38 GetCurrentProcess
0x62bb3c GetComputerNameW
0x62bb40 GetCommandLineA
0x62bb44 FreeResource
0x62bb50 FreeLibrary
0x62bb54 FormatMessageA
0x62bb58 FormatMessageW
0x62bb5c FindResourceA
0x62bb60 FindResourceW
0x62bb64 FindNextFileW
0x62bb68 FindFirstFileA
0x62bb6c FindFirstFileW
0x62bb70 FindClose
0x62bb78 ExitProcess
0x62bb7c EnumResourceNamesW
0x62bb84 DuplicateHandle
0x62bb8c CreateThread
0x62bb90 CreateSemaphoreW
0x62bb94 CreateMutexA
0x62bb98 CreateMutexW
0x62bb9c CreateFileMappingA
0x62bba0 CreateFileMappingW
0x62bba4 CreateFileA
0x62bba8 CreateFileW
0x62bbac CreateEventA
0x62bbb0 CreateEventW
0x62bbb4 CompareStringW
0x62bbb8 CloseHandle
0x62bbbc GetProfileSectionA
0x62bbc0 FatalExit
0x62bbc4 ExitThread
0x62bbc8 GetShortPathNameA
0x62bbcc GetDiskFreeSpaceExA
0x62bbd0 GetLongPathNameA
0x62bbd4 GetConsoleTitleA
0x62bbd8 Heap32ListNext
0x62bbe4 RtlZeroMemory
0x62bbe8 _lclose
0x62bbec OpenJobObjectA
0x62bbf0 GetMailslotInfo
0x62bbf4 GetDriveTypeA
0x62bbf8 SwitchToThread
0x62bc00 _lwrite
0x62bc04 CommConfigDialogA
0x62bc08 InterlockedExchange
0x62bc10 GetStartupInfoA
Library USER32.dll:
0x62bc18 LoadIconW
0x62bc1c LoadCursorFromFileW
0x62bc20 GetAsyncKeyState
0x62bc24 GetForegroundWindow
0x62bc28 GetKeyboardLayout
0x62bc2c GetDC
0x62bc30 GetSystemMetrics
0x62bc34 GetDlgCtrlID
0x62bc38 GetListBoxInfo
0x62bc3c GetThreadDesktop
0x62bc40 ShowCaret
0x62bc44 DestroyWindow
0x62bc48 GetClipboardViewer
0x62bc4c GetTopWindow
0x62bc50 CharLowerA
0x62bc54 IsWindow
0x62bc58 GetFocus
0x62bc60 CreateMenu
0x62bc64 GetCapture
0x62bc68 GetKBCodePage
0x62bc6c LoadIconA
0x62bc70 WaitForInputIdle
0x62bc74 TranslateMessage
0x62bc7c AnimateWindow
0x62bc80 ShowWindow
0x62bc84 ShowOwnedPopups
0x62bc88 SetWindowRgn
0x62bc8c SetWindowPos
0x62bc90 SetWindowPlacement
0x62bc94 SetWindowLongW
0x62bc98 SetTimer
0x62bc9c SetPropA
0x62bca0 SetParent
0x62bca4 SetForegroundWindow
0x62bca8 SetCursorPos
0x62bcac SetClassLongW
0x62bcb0 SendMessageTimeoutA
0x62bcb4 SendMessageTimeoutW
0x62bcbc SendMessageA
0x62bcc0 SendMessageW
0x62bcc4 RemovePropA
0x62bcc8 ReleaseDC
0x62bcd0 PostThreadMessageA
0x62bcd4 PostMessageA
0x62bcd8 PostMessageW
0x62bcdc OffsetRect
0x62bce4 LoadImageW
0x62bce8 LoadCursorW
0x62bcec LoadBitmapW
0x62bcf0 KillTimer
0x62bcf4 IsZoomed
0x62bcf8 IsWindowVisible
0x62bcfc IsWindowUnicode
0x62bd00 IsWindowEnabled
0x62bd04 IsIconic
0x62bd08 InvalidateRect
0x62bd0c InflateRect
0x62bd14 GetWindowRect
0x62bd18 GetWindowPlacement
0x62bd1c GetWindowLongW
0x62bd20 GetSystemMenu
0x62bd24 GetPropA
0x62bd28 GetParent
0x62bd2c GetWindow
0x62bd30 GetMessageW
0x62bd34 GetMenu
0x62bd38 GetClientRect
0x62bd3c GetClassNameA
0x62bd40 GetClassLongW
0x62bd44 FrameRect
0x62bd48 FindWindowExA
0x62bd4c FindWindowExW
0x62bd50 FindWindowW
0x62bd54 EnumWindows
0x62bd58 EnumThreadWindows
0x62bd5c EnableWindow
0x62bd60 EnableMenuItem
0x62bd64 DrawTextW
0x62bd68 DrawFrameControl
0x62bd6c DrawFocusRect
0x62bd70 DispatchMessageW
0x62bd74 DestroyIcon
0x62bd7c CharUpperW
0x62bd80 CharLowerW
0x62bd84 AttachThreadInput
0x62bd88 AdjustWindowRectEx
0x62bd8c ReplyMessage
0x62bd90 wsprintfA
0x62bd94 DdeEnableCallback
0x62bd98 MonitorFromPoint
0x62bda0 VkKeyScanExA
0x62bda4 GetDlgItem
0x62bda8 GetDesktopWindow
0x62bdac SetSysColors
0x62bdb0 DlgDirListComboBoxA
0x62bdb4 TabbedTextOutW
0x62bdb8 ExcludeUpdateRgn
0x62bdbc LoadStringW
0x62bdc0 SetClipboardData
0x62bdc8 EqualRect
0x62bdcc OpenDesktopA
0x62bdd0 keybd_event
0x62bdd4 CharPrevExA
0x62bddc DdeFreeDataHandle
0x62bde0 MessageBeep
0x62bde4 SetWindowsHookW
0x62bde8 IMPQueryIMEA
0x62bdec EndMenu
0x62bdf0 InvertRect
0x62bdf4 SetMenu
0x62bdf8 VkKeyScanW
Library GDI32.dll:
0x62be00 GetStockObject
0x62be04 CreateMetaFileA
0x62be08 CreatePatternBrush
0x62be0c GetPolyFillMode
0x62be10 DeleteDC
0x62be14 FillPath
0x62be18 UnrealizeObject
0x62be1c AddFontResourceA
0x62be20 GetFontLanguageInfo
0x62be28 SelectObject
0x62be2c GetTextExtentPointW
0x62be34 DeleteObject
0x62be38 CreateRoundRectRgn
0x62be3c CreateFontIndirectW
0x62be40 BitBlt
0x62be48 CreateDIBitmap
0x62be50 GetPath
0x62be54 CLIPOBJ_cEnumStart
0x62be60 GetCurrentObject
Library ADVAPI32.dll:
0x62be68 RegOpenKeyA
0x62be6c RegQueryValueExA
0x62be74 RegUnLoadKeyW
0x62be78 RegOpenKeyExA
0x62be7c RegLoadKeyW
0x62be80 RegCloseKey
0x62be84 OpenProcessToken
0x62be88 LookupAccountSidA
0x62be8c LookupAccountSidW
0x62be94 GetUserNameW
0x62be98 GetTokenInformation
0x62be9c GetLengthSid
0x62bea0 QueryServiceStatus
0x62bea4 OpenServiceW
0x62bea8 OpenSCManagerW
0x62beac CloseServiceHandle
0x62beb4 CryptSetProvParam
0x62beb8 CryptGetProvParam
0x62bebc CryptDestroyHash
0x62bec0 CryptSignHashA
0x62bec4 CryptSetHashParam
0x62bec8 CryptCreateHash
0x62becc CryptImportKey
0x62bed0 CryptExportKey
0x62bed4 CryptReleaseContext
0x62bed8 CryptDestroyKey
0x62bedc CryptGetUserKey
0x62bee4 CryptDecrypt
Library SHELL32.dll:
0x62beec SHGetFileInfoA
0x62bef0 ShellExecuteW
0x62bef4 Shell_NotifyIconW
0x62bef8 SHGetFolderPathA
0x62befc SHGetFolderPathW
0x62bf00
0x62bf08 SHGetFolderLocation
0x62bf14 SHBrowseForFolderW
0x62bf18 Shell_NotifyIcon
0x62bf1c ExtractIconA
0x62bf20 SHBrowseForFolderA
0x62bf28 ShellAboutW
0x62bf2c FindExecutableW
0x62bf30 ShellExecuteA
0x62bf34 SHLoadInProc
0x62bf38 SHFileOperationA
0x62bf3c Shell_NotifyIconA
0x62bf40 DoEnvironmentSubstW
0x62bf44 SHBindToParent
0x62bf48 SHGetDesktopFolder
0x62bf50 ExtractIconExA
0x62bf54 SHGetMalloc
0x62bf58 CheckEscapesW
0x62bf64 DoEnvironmentSubstA
0x62bf68 SHChangeNotify
0x62bf70 DragQueryFileAorW
0x62bf7c FindExecutableA
0x62bf80 DragFinish
Library ole32.dll:
0x62bf90 OleUninitialize
0x62bf94 CoTaskMemFree
0x62bf98 CoCreateInstance
0x62bf9c CoUninitialize
0x62bfa0 CoInitialize
0x62bfa8 CoCreateGuid
Library SHLWAPI.dll:
0x62bfb0 StrStrIW
0x62bfb4 StrStrA
0x62bfb8 StrChrIA
0x62bfbc StrRStrIA
0x62bfc0 StrChrA
Library COMCTL32.dll:
0x62bfcc ImageList_Write
0x62bfd0 ImageList_Read
0x62bfd4 ImageList_GetIcon
0x62bfe0 ImageList_Destroy
0x62bfe4 ImageList_Create

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702
192.168.56.101 65005 239.255.255.250 3702
192.168.56.101 65007 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.