6.2
高危
60 个模型检测该样本为恶意!
重新分析
更多

2e0c5e30bd04c779967542fb3b8f3741e4f454f2bc29fa5e6e2403923df5687f

ac9031118760415d1d8d1dc276b18edf.exe

分析耗时

79s

最近分析

文件大小

203.8KB
静态报毒 动态报毒 A + W32 AGEN AGENERIC AI SCORE=88 AIDETECTVM ATTRIBUTE BGCNGJOEHBE BRLS CEEINJECT CLASSIC CMIFAO2I9NL CONFIDENCE CTSINF DAWS DOWNLOADER23 ECUA FILEINFECTORX FKILPX GENCIRC GENERICKD HIGH CONFIDENCE HIGHCONFIDENCE MALICIOUS PE MALWARE1 MAUVAISE NEYNDY PREPSCRAM R246075 SCORE STATIC AI TPMQ UNSAFE VP@8EK9GA 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Prepscram.5bccd796 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:FileinfectorX-gen [Trj] 20201210 21.1.5827.0
Kingsoft 20201211 2017.9.26.565
McAfee W32/Autorun.worm.tv 20201211 6.0.6.653
Tencent Malware.Win32.Gencirc.10b8ad11 20201211 1.0.0.1
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619826883.795008
NtAllocateVirtualMemory
process_identifier: 1380
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000002150000
success 0 0
Creates executable files on the filesystem (10 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\VirtualBox Dropped Files\2021-04-11T12_48_05.093039900Z\ChromeSetup.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\VirtualBox Dropped Files\2021-04-11T12_55_56.358189200Z\dotNetFx40_Full_x86_x64.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX1\Loader.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Windows_Activator\Windows Activator.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX0\Loader.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\VirtualBox Dropped Files\2021-04-11T13_03_23.134665700Z\vcredist_x64.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\VirtualBox Dropped Files\2021-04-11T12_55_50.744383200Z\vcredist_x64.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Wintup.exe
file C:\Windows\CTS.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\M23XmJwn8BUgu9Z.exe
Drops a binary and executes it (1 个事件)
file C:\Windows\CTS.exe
Drops an executable to the user AppData folder (8 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\VirtualBox Dropped Files\2021-04-11T12_55_56.358189200Z\dotNetFx40_Full_x86_x64.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX0\Loader.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\VirtualBox Dropped Files\2021-04-11T13_03_23.134665700Z\vcredist_x64.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX1\Loader.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Windows_Activator\Windows Activator.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\VirtualBox Dropped Files\2021-04-11T12_55_50.744383200Z\vcredist_x64.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\VirtualBox Dropped Files\2021-04-11T12_48_05.093039900Z\ChromeSetup.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Wintup.exe
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.838283320600078 section {'size_of_data': '0x00006200', 'virtual_address': '0x0000f000', 'entropy': 7.838283320600078, 'name': 'UPX1', 'virtual_size': '0x00007000'} description A section with a high entropy has been found
entropy 0.98 description Overall entropy of this PE file is high
The executable is compressed using UPX (3 个事件)
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
section UPX2 description Section name indicates UPX
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Installs itself for autorun at Windows startup (2 个事件)
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CTS reg_value C:\Windows\CTS.exe
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CTS reg_value C:\Windows\CTS.exe
Manipulates memory of a non-child process indicative of process injection (50 out of 758 个事件)
Process injection Process 1380 manipulating memory of non-child process 1424
Time & API Arguments Status Return Repeated
1619826882.092008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000000000000e8
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c30000
success 0 0
1619826882.170008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000000000000ec
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c30000
success 0 0
1619826882.186008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000000000000ec
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c30000
success 0 0
1619826882.202008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000000000000ec
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c30000
success 0 0
1619826882.202008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000000000000ec
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c30000
success 0 0
1619826882.233008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000000000000ec
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c30000
success 0 0
1619826882.248008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000000000000ec
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c30000
success 0 0
1619826882.280008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000000000000ec
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c30000
success 0 0
1619826882.280008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000000000000ec
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c30000
success 0 0
1619826882.342008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000000000000ec
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c30000
success 0 0
1619826882.358008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000000000000ec
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c30000
success 0 0
1619826882.373008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000000000000ec
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c30000
success 0 0
1619826882.373008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000000000000ec
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c30000
success 0 0
1619826882.389008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000000000000ec
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c30000
success 0 0
1619826882.420008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000000000000ec
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c30000
success 0 0
1619826882.436008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000000000000ec
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c30000
success 0 0
1619826882.436008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000000000000ec
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c30000
success 0 0
1619826882.452008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000000000000ec
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c30000
success 0 0
1619826882.467008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000000000000ec
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c30000
success 0 0
1619826882.498008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000000000000ec
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c30000
success 0 0
1619826882.498008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000000000000ec
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c30000
success 0 0
1619826886.545008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000000000000178
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c40000
success 0 0
1619826886.561008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000000000000178
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c40000
success 0 0
1619826886.577008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000000000000178
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c40000
success 0 0
1619826886.577008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000000000000178
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c40000
success 0 0
1619826886.577008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000000000000178
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c40000
success 0 0
1619826886.592008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000000000000178
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c40000
success 0 0
1619826886.592008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000000000000178
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c40000
success 0 0
1619826886.592008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000000000000178
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c40000
success 0 0
1619826886.592008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000000000000178
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c40000
success 0 0
1619826886.623008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000000000000178
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c40000
success 0 0
1619826886.623008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000000000000178
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c40000
success 0 0
1619826886.623008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000000000000178
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c40000
success 0 0
1619826886.623008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000000000000178
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c40000
success 0 0
1619826886.639008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000000000000178
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c40000
success 0 0
1619826886.639008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000000000000178
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c40000
success 0 0
1619826886.639008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000000000000178
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c40000
success 0 0
1619826886.639008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000000000000178
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c40000
success 0 0
1619826886.655008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000000000000178
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c40000
success 0 0
1619826886.655008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000000000000178
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c40000
success 0 0
1619826886.670008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000000000000178
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c40000
success 0 0
1619826886.686008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000000000000178
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c40000
success 0 0
1619826887.842008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x000000000000017c
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c40000
success 0 0
1619826887.842008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x000000000000017c
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c40000
success 0 0
1619826887.842008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x000000000000017c
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c40000
success 0 0
1619826887.842008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x000000000000017c
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c40000
success 0 0
1619826887.842008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x000000000000017c
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c40000
success 0 0
1619826887.858008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x000000000000017c
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c40000
success 0 0
1619826887.858008
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x000000000000017c
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000006c40000
success 0 0
Potential code injection by writing to the memory of another process (50 out of 794 个事件)
Process injection Process 1380 injected into non-child 1424
Time & API Arguments Status Return Repeated
1619826882.092008
WriteProcessMemory
process_identifier: 1424
buffer: ÿÿÿÿ
process_handle: 0x00000000000000e8
base_address: 0x0000000006c3000c
success 1 0
1619826882.092008
WriteProcessMemory
process_identifier: 1424
buffer: O
process_handle: 0x00000000000000e8
base_address: 0x0000000006c30000
success 1 0
1619826882.170008
WriteProcessMemory
process_identifier: 1424
buffer: 8Ã
process_handle: 0x00000000000000ec
base_address: 0x0000000006c30000
success 1 0
1619826882.186008
WriteProcessMemory
process_identifier: 1424
buffer:
process_handle: 0x00000000000000ec
base_address: 0x0000000006c30000
success 1 0
1619826882.202008
WriteProcessMemory
process_identifier: 1424
buffer: gJüþ
process_handle: 0x00000000000000ec
base_address: 0x0000000006c30000
success 1 0
1619826882.217008
WriteProcessMemory
process_identifier: 1424
buffer:
process_handle: 0x00000000000000ec
base_address: 0x0000000006c30000
success 1 0
1619826882.233008
WriteProcessMemory
process_identifier: 1424
buffer: 8Ã
process_handle: 0x00000000000000ec
base_address: 0x0000000006c30000
success 1 0
1619826882.248008
WriteProcessMemory
process_identifier: 1424
buffer: 
process_handle: 0x00000000000000ec
base_address: 0x0000000006c30000
success 1 0
1619826882.280008
WriteProcessMemory
process_identifier: 1424
buffer: gJüþ
process_handle: 0x00000000000000ec
base_address: 0x0000000006c30000
success 1 0
1619826882.280008
WriteProcessMemory
process_identifier: 1424
buffer: 
process_handle: 0x00000000000000ec
base_address: 0x0000000006c30000
success 1 0
1619826882.342008
WriteProcessMemory
process_identifier: 1424
buffer: 8Ã
process_handle: 0x00000000000000ec
base_address: 0x0000000006c30000
success 1 0
1619826882.358008
WriteProcessMemory
process_identifier: 1424
buffer:
process_handle: 0x00000000000000ec
base_address: 0x0000000006c30000
success 1 0
1619826882.373008
WriteProcessMemory
process_identifier: 1424
buffer: gJüþ
process_handle: 0x00000000000000ec
base_address: 0x0000000006c30000
success 1 0
1619826882.389008
WriteProcessMemory
process_identifier: 1424
buffer:
process_handle: 0x00000000000000ec
base_address: 0x0000000006c30000
success 1 0
1619826882.389008
WriteProcessMemory
process_identifier: 1424
buffer: 8Ã
process_handle: 0x00000000000000ec
base_address: 0x0000000006c30000
success 1 0
1619826882.420008
WriteProcessMemory
process_identifier: 1424
buffer: 
process_handle: 0x00000000000000ec
base_address: 0x0000000006c30000
success 1 0
1619826882.436008
WriteProcessMemory
process_identifier: 1424
buffer: gJüþ
process_handle: 0x00000000000000ec
base_address: 0x0000000006c30000
success 1 0
1619826882.436008
WriteProcessMemory
process_identifier: 1424
buffer: 
process_handle: 0x00000000000000ec
base_address: 0x0000000006c30000
success 1 0
1619826882.452008
WriteProcessMemory
process_identifier: 1424
buffer: 8Ã
process_handle: 0x00000000000000ec
base_address: 0x0000000006c30000
success 1 0
1619826882.467008
WriteProcessMemory
process_identifier: 1424
buffer: 
process_handle: 0x00000000000000ec
base_address: 0x0000000006c30000
success 1 0
1619826882.498008
WriteProcessMemory
process_identifier: 1424
buffer: gJüþ
process_handle: 0x00000000000000ec
base_address: 0x0000000006c30000
success 1 0
1619826882.498008
WriteProcessMemory
process_identifier: 1424
buffer: 
process_handle: 0x00000000000000ec
base_address: 0x0000000006c30000
success 1 0
1619826886.545008
WriteProcessMemory
process_identifier: 1424
buffer: ÿÿÿÿ
process_handle: 0x0000000000000178
base_address: 0x0000000006c4000c
success 1 0
1619826886.545008
WriteProcessMemory
process_identifier: 1424
buffer: ™
process_handle: 0x0000000000000178
base_address: 0x0000000006c40000
success 1 0
1619826886.561008
WriteProcessMemory
process_identifier: 1424
buffer: 8Ä
process_handle: 0x0000000000000178
base_address: 0x0000000006c40000
success 1 0
1619826886.577008
WriteProcessMemory
process_identifier: 1424
buffer:
process_handle: 0x0000000000000178
base_address: 0x0000000006c40000
success 1 0
1619826886.577008
WriteProcessMemory
process_identifier: 1424
buffer: gJüþ
process_handle: 0x0000000000000178
base_address: 0x0000000006c40000
success 1 0
1619826886.577008
WriteProcessMemory
process_identifier: 1424
buffer:
process_handle: 0x0000000000000178
base_address: 0x0000000006c40000
success 1 0
1619826886.592008
WriteProcessMemory
process_identifier: 1424
buffer: 8Ä
process_handle: 0x0000000000000178
base_address: 0x0000000006c40000
success 1 0
1619826886.592008
WriteProcessMemory
process_identifier: 1424
buffer: 
process_handle: 0x0000000000000178
base_address: 0x0000000006c40000
success 1 0
1619826886.592008
WriteProcessMemory
process_identifier: 1424
buffer: gJüþ
process_handle: 0x0000000000000178
base_address: 0x0000000006c40000
success 1 0
1619826886.592008
WriteProcessMemory
process_identifier: 1424
buffer: 
process_handle: 0x0000000000000178
base_address: 0x0000000006c40000
success 1 0
1619826886.623008
WriteProcessMemory
process_identifier: 1424
buffer: 8Ä
process_handle: 0x0000000000000178
base_address: 0x0000000006c40000
success 1 0
1619826886.623008
WriteProcessMemory
process_identifier: 1424
buffer:
process_handle: 0x0000000000000178
base_address: 0x0000000006c40000
success 1 0
1619826886.623008
WriteProcessMemory
process_identifier: 1424
buffer: gJüþ
process_handle: 0x0000000000000178
base_address: 0x0000000006c40000
success 1 0
1619826886.623008
WriteProcessMemory
process_identifier: 1424
buffer:
process_handle: 0x0000000000000178
base_address: 0x0000000006c40000
success 1 0
1619826886.639008
WriteProcessMemory
process_identifier: 1424
buffer: 8Ä
process_handle: 0x0000000000000178
base_address: 0x0000000006c40000
success 1 0
1619826886.639008
WriteProcessMemory
process_identifier: 1424
buffer: 
process_handle: 0x0000000000000178
base_address: 0x0000000006c40000
success 1 0
1619826886.639008
WriteProcessMemory
process_identifier: 1424
buffer: gJüþ
process_handle: 0x0000000000000178
base_address: 0x0000000006c40000
success 1 0
1619826886.639008
WriteProcessMemory
process_identifier: 1424
buffer: 
process_handle: 0x0000000000000178
base_address: 0x0000000006c40000
success 1 0
1619826886.655008
WriteProcessMemory
process_identifier: 1424
buffer: 8Ä
process_handle: 0x0000000000000178
base_address: 0x0000000006c40000
success 1 0
1619826886.670008
WriteProcessMemory
process_identifier: 1424
buffer: 
process_handle: 0x0000000000000178
base_address: 0x0000000006c40000
success 1 0
1619826886.670008
WriteProcessMemory
process_identifier: 1424
buffer: gJüþ
process_handle: 0x0000000000000178
base_address: 0x0000000006c40000
success 1 0
1619826886.686008
WriteProcessMemory
process_identifier: 1424
buffer: 
process_handle: 0x0000000000000178
base_address: 0x0000000006c40000
success 1 0
1619826887.842008
WriteProcessMemory
process_identifier: 1424
buffer: ÿÿÿÿ
process_handle: 0x000000000000017c
base_address: 0x0000000006c4000c
success 1 0
1619826887.842008
WriteProcessMemory
process_identifier: 1424
buffer: 6g
process_handle: 0x000000000000017c
base_address: 0x0000000006c40000
success 1 0
1619826887.842008
WriteProcessMemory
process_identifier: 1424
buffer: 8Ä
process_handle: 0x000000000000017c
base_address: 0x0000000006c40000
success 1 0
1619826887.842008
WriteProcessMemory
process_identifier: 1424
buffer:
process_handle: 0x000000000000017c
base_address: 0x0000000006c40000
success 1 0
1619826887.842008
WriteProcessMemory
process_identifier: 1424
buffer: gJüþ
process_handle: 0x000000000000017c
base_address: 0x0000000006c40000
success 1 0
File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.43776977
FireEye Generic.mg.ac9031118760415d
CAT-QuickHeal Trojan.Mauvaise.SL1
ALYac Trojan.GenericKD.43776977
Cylance Unsafe
Zillya Dropper.Daws.Win32.19056
SUPERAntiSpyware Trojan.Agent/Gen-Malagent
Sangfor Malware
K7AntiVirus Trojan ( 00561d541 )
Alibaba Trojan:Win32/Prepscram.5bccd796
K7GW Trojan ( 00561d541 )
Cybereason malicious.187604
Arcabit Trojan.Generic.D29BFBD1
Cyren W32/Trojan.ECUA-4313
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:FileinfectorX-gen [Trj]
ClamAV Win.Malware.Cmifao2i9nl-6825052-0
Kaspersky Trojan.Win32.Agent.neyndy
BitDefender Trojan.GenericKD.43776977
NANO-Antivirus Trojan.Win32.RP.fkilpx
Paloalto generic.ml
ViRobot Win32.CTS.A
Rising Trojan.Agent!1.B5F1 (CLASSIC)
Ad-Aware Trojan.GenericKD.43776977
TACHYON Worm/W32.CTS.Zen
Sophos ML/PE-A + W32/CTSInf-B
Comodo Virus.Win32.Agent.VP@8ek9ga
F-Secure Heuristic.HEUR/AGEN.1135903
DrWeb Trojan.DownLoader23.51365
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win32.Generic.dc
Emsisoft Trojan.GenericKD.43776977 (B)
Ikarus Virus.Win32.CeeInject
Jiangmin Trojan.Agent.brls
Avira HEUR/AGEN.1135903
Antiy-AVL Trojan/Win32.AGeneric
Gridinsoft Trojan.Win32.Agent.ka!s2
Microsoft Trojan:Win32/Prepscram
AegisLab Trojan.Win32.Agent.tpMQ
ZoneAlarm Trojan.Win32.Agent.neyndy
GData Trojan.GenericKD.43776977
Cynet Malicious (score: 100)
AhnLab-V3 Malware/RL.Generic.R246075
Acronis suspicious
McAfee W32/Autorun.worm.tv
MAX malware (ai score=88)
VBA32 Trojan.Agent
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2015-05-05 21:45:31

Imports

Library ADVAPI32.dll:
0x416064 RegCloseKey
Library KERNEL32.DLL:
0x41606c LoadLibraryA
0x416070 ExitProcess
0x416074 GetProcAddress
0x416078 VirtualProtect
Library ntdll.dll:
0x416080 NtClose
Library USER32.dll:
0x416088 wsprintfW

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.