1.4
低危
22 个模型检测该样本为恶意!
重新分析
更多

bfbec35767b1cb06475a8ed88e3ae86b89a0567834b9fd1c810730a4aa57e8b6

ac09c7cb712946ec44d1e5d355b196a1.exe

分析耗时

15s

最近分析

文件大小

256.5KB
静态报毒 动态报毒 AI SCORE=83 ARTEMIS CONFIDENCE GENERICKD HIGH CONFIDENCE MALWARE@#195D6DG2DYAFG QUW@AYEC5WOI QVM10 R06EH09IG20 R352548 SUSGEN ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!AC09C7CB7129 20201022 6.0.6.653
Alibaba 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast 20201022 18.4.3895.0
Kingsoft 20201022 2013.8.14.323
静态指标
行为判定
动态指标
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 22 AntiVirus engines on VirusTotal as malicious (22 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.43824482
FireEye Generic.mg.ac09c7cb712946ec
McAfee Artemis!AC09C7CB7129
Sangfor Malware
CrowdStrike win/malicious_confidence_90% (W)
Arcabit Trojan.Generic.D29CB562
APEX Malicious
BitDefender Trojan.GenericKD.43824482
AegisLab Trojan.Win32.Generic.4!c
Ad-Aware Trojan.GenericKD.43824482
Emsisoft Trojan.GenericKD.43824482 (B)
Comodo Malware@#195d6dg2dyafg
McAfee-GW-Edition Artemis!Trojan
MaxSecure Trojan.Malware.106654488.susgen
GData Trojan.GenericKD.43824482
AhnLab-V3 Malware/Win32.RL_Generic.R352548
ALYac Trojan.GenericKD.43824482
MAX malware (ai score=83)
TrendMicro-HouseCall TROJ_GEN.R06EH09IG20
BitDefenderTheta Gen:NN.ZexaF.34570.quW@ayeC5Woi
Qihoo-360 Generic/HEUR/QVM10.2.E67F.Malware.Gen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-09-13 15:42:04

Imports

Library KERNEL32.dll:
0x42e010 OpenProcess
0x42e018 Sleep
0x42e01c GetLastError
0x42e020 Process32NextW
0x42e024 Process32FirstW
0x42e028 GetModuleHandleA
0x42e02c Module32FirstW
0x42e030 GetProcAddress
0x42e034 ReadProcessMemory
0x42e038 Module32NextW
0x42e03c lstrcmpiW
0x42e040 IsWow64Process
0x42e044 SetEndOfFile
0x42e048 WaitForSingleObject
0x42e04c GetCurrentProcess
0x42e050 CloseHandle
0x42e054 QueryDosDeviceW
0x42e058 WideCharToMultiByte
0x42e06c SetLastError
0x42e074 SwitchToThread
0x42e078 TlsAlloc
0x42e07c TlsGetValue
0x42e080 TlsSetValue
0x42e084 TlsFree
0x42e08c GetModuleHandleW
0x42e090 EncodePointer
0x42e094 DecodePointer
0x42e098 MultiByteToWideChar
0x42e09c CompareStringW
0x42e0a0 LCMapStringW
0x42e0a4 GetLocaleInfoW
0x42e0a8 GetStringTypeW
0x42e0ac GetCPInfo
0x42e0b8 TerminateProcess
0x42e0c0 IsDebuggerPresent
0x42e0c4 GetStartupInfoW
0x42e0c8 GetCurrentProcessId
0x42e0cc GetCurrentThreadId
0x42e0d0 InitializeSListHead
0x42e0d4 RtlUnwind
0x42e0d8 RaiseException
0x42e0dc FreeLibrary
0x42e0e0 LoadLibraryExW
0x42e0e4 ExitProcess
0x42e0e8 GetModuleHandleExW
0x42e0ec ReadFile
0x42e0f0 CreateFileW
0x42e0f4 GetDriveTypeW
0x42e0fc GetFileType
0x42e100 PeekNamedPipe
0x42e10c GetModuleFileNameW
0x42e110 GetStdHandle
0x42e114 WriteFile
0x42e118 GetCommandLineA
0x42e11c GetCommandLineW
0x42e120 SetFilePointerEx
0x42e124 GetConsoleMode
0x42e128 ReadConsoleW
0x42e12c GetFileSizeEx
0x42e130 HeapAlloc
0x42e134 HeapFree
0x42e138 GetDateFormatW
0x42e13c GetTimeFormatW
0x42e140 IsValidLocale
0x42e144 GetUserDefaultLCID
0x42e148 EnumSystemLocalesW
0x42e14c FlushFileBuffers
0x42e150 GetConsoleCP
0x42e158 GetFullPathNameW
0x42e15c SetStdHandle
0x42e164 HeapReAlloc
0x42e168 FindClose
0x42e16c FindFirstFileExW
0x42e170 FindNextFileW
0x42e174 IsValidCodePage
0x42e178 GetACP
0x42e17c GetOEMCP
0x42e18c GetProcessHeap
0x42e190 HeapSize
0x42e194 WriteConsoleW
Library ADVAPI32.dll:
0x42e000 RegSetValueExA
0x42e004 RegOpenKeyExW
0x42e008 RegCloseKey

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.