5.4
中危
58 个模型检测该样本为恶意!
重新分析
更多

4540c3754b0563ef0392b1b0cacab2865d1638abb6dbe461ce3c7a912cfe3dad

ad630341a62ddfd67a8aed1638270825.exe

分析耗时

128s

最近分析

文件大小

430.0KB
静态报毒 动态报毒 0NA103HD20 100% AGENSLA AGENTTESLA AI SCORE=86 ALI2000008 AMW@AG1K@UFI ARTEMIS ATTRIBUTE AUTO CLOUD CONFIDENCE CRYPTINJECT CSHARP ELDORADO GDSDA GENERICKD GENKRYPTIK HAWKEY HGIASOKA HIGH CONFIDENCE HIGHCONFIDENCE HRTDEH KCLOUD KILLPROC2 KRYPTIK MALWARE@#220ES9YAZIQZS NANOCORE NHNLOVBIBYA PSWTROJ R + TROJ R357247 SAVE SCORE SUSGEN TROJANX TSCOPE UNSAFE WGWON ZEMSILF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!AD630341A62D 20210309 6.0.6.653
Alibaba Trojan:Win32/csharp.ali2000008 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:TrojanX-gen [Trj] 20210309 21.1.5827.0
Tencent Win32.Trojan.Inject.Auto 20210309 1.0.0.1
Kingsoft Win32.PSWTroj.Undef.(kcloud) 20210309 2017.9.26.565
CrowdStrike win/malicious_confidence_100% (W) 20210203 1.0
静态指标
Queries for the computername (17 个事件)
Time & API Arguments Status Return Repeated
1619834124.8395
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619834135.3705
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619834140.7615
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619834132.13625
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619834135.51125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619834141.63625
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619834149.07325
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619834129.83925
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619834135.87025
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619834141.63625
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619834147.32325
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619834129.839626
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619834135.698626
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619834142.933125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619834148.917125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619834153.589125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619834153.948125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks if process is being debugged by a debugger (48 个事件)
Time & API Arguments Status Return Repeated
1619826881.474793
IsDebuggerPresent
failed 0 0
1619826881.474793
IsDebuggerPresent
failed 0 0
1619834078.9485
IsDebuggerPresent
failed 0 0
1619834078.9485
IsDebuggerPresent
failed 0 0
1619834081.21475
IsDebuggerPresent
failed 0 0
1619834081.21475
IsDebuggerPresent
failed 0 0
1619834081.80825
IsDebuggerPresent
failed 0 0
1619834081.80825
IsDebuggerPresent
failed 0 0
1619834084.355501
IsDebuggerPresent
failed 0 0
1619834084.355501
IsDebuggerPresent
failed 0 0
1619834084.948626
IsDebuggerPresent
failed 0 0
1619834084.948626
IsDebuggerPresent
failed 0 0
1619834087.886375
IsDebuggerPresent
failed 0 0
1619834087.886375
IsDebuggerPresent
failed 0 0
1619834088.542125
IsDebuggerPresent
failed 0 0
1619834088.542125
IsDebuggerPresent
failed 0 0
1619834090.698375
IsDebuggerPresent
failed 0 0
1619834090.698375
IsDebuggerPresent
failed 0 0
1619834091.30825
IsDebuggerPresent
failed 0 0
1619834091.32325
IsDebuggerPresent
failed 0 0
1619834093.823875
IsDebuggerPresent
failed 0 0
1619834093.823875
IsDebuggerPresent
failed 0 0
1619834094.636125
IsDebuggerPresent
failed 0 0
1619834094.636125
IsDebuggerPresent
failed 0 0
1619834098.245626
IsDebuggerPresent
failed 0 0
1619834098.245626
IsDebuggerPresent
failed 0 0
1619834099.167626
IsDebuggerPresent
failed 0 0
1619834099.167626
IsDebuggerPresent
failed 0 0
1619834106.792375
IsDebuggerPresent
failed 0 0
1619834106.792375
IsDebuggerPresent
failed 0 0
1619834111.417125
IsDebuggerPresent
failed 0 0
1619834111.417125
IsDebuggerPresent
failed 0 0
1619834121.87025
IsDebuggerPresent
failed 0 0
1619834121.87025
IsDebuggerPresent
failed 0 0
1619834124.98025
IsDebuggerPresent
failed 0 0
1619834124.98025
IsDebuggerPresent
failed 0 0
1619834132.683875
IsDebuggerPresent
failed 0 0
1619834132.698875
IsDebuggerPresent
failed 0 0
1619834134.05875
IsDebuggerPresent
failed 0 0
1619834134.05875
IsDebuggerPresent
failed 0 0
1619834142.40175
IsDebuggerPresent
failed 0 0
1619834142.40175
IsDebuggerPresent
failed 0 0
1619834144.605626
IsDebuggerPresent
failed 0 0
1619834144.605626
IsDebuggerPresent
failed 0 0
1619834156.82325
IsDebuggerPresent
failed 0 0
1619834156.82325
IsDebuggerPresent
failed 0 0
1619834159.323
IsDebuggerPresent
failed 0 0
1619834159.339
IsDebuggerPresent
failed 0 0
This executable has a PDB path (1 个事件)
pdb_path C:\xampp\htdocs\Aspire\files\zeenet_ALMkCNmSyAMUypvd\ALMkCNmSyAMUypvdma.pdb
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619826881.506793
GlobalMemoryStatusEx
success 1 0
One or more processes crashed (4 个事件)
Time & API Arguments Status Return Repeated
1619834139.6515
__exception__
stacktrace: 
0xe1eb1e
0xe1db68
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73e94c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73f5ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73f5cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73f5cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73f5d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73f5d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73fdaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x752655ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x754e7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x754e4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3863296
registers.edi: 3863324
registers.eax: 0
registers.ebp: 3863340
registers.edx: 8
registers.ebx: 0
registers.esi: 47114476
registers.ecx: 0
exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc b8 b7 d7 a4 df e9
exception.instruction: mov eax, dword ptr [ecx]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x12625e2
success 0 0
1619834140.90125
__exception__
stacktrace: 
0x10beb1e
0x10bdb68
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73e94c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73f5ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73f5cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73f5cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73f5d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73f5d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73fdaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x752655ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x754e7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x754e4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1502656
registers.edi: 1502684
registers.eax: 0
registers.ebp: 1502700
registers.edx: 8
registers.ebx: 0
registers.esi: 45314856
registers.ecx: 0
exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc b8 b7 d7 a4 df e9
exception.instruction: mov eax, dword ptr [ecx]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xf125e2
success 0 0
1619834140.90125
__exception__
stacktrace: 
0x4dbeb1e
0x4dbdb68
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73e94c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73f5ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73f5cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73f5cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73f5d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73f5d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73fdaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x752655ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x754e7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x754e4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1503584
registers.edi: 1503612
registers.eax: 0
registers.ebp: 1503628
registers.edx: 8
registers.ebx: 0
registers.esi: 45314952
registers.ecx: 0
exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc b8 b7 d7 a4 df e9
exception.instruction: mov eax, dword ptr [ecx]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x53625e2
success 0 0
1619834153.245125
__exception__
stacktrace: 
0x11ceb1e
0x11cdb68
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73e94c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73f5ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73f5cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73f5cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73f5d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73f5d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73fdaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x752655ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x754e7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x754e4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3403152
registers.edi: 3403180
registers.eax: 0
registers.ebp: 3403196
registers.edx: 8
registers.ebx: 0
registers.esi: 47128844
registers.ecx: 0
exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc b8 b7 d7 a4 df e9
exception.instruction: mov eax, dword ptr [ecx]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x11925e2
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (50 out of 988 个事件)
Time & API Arguments Status Return Repeated
1619826880.678793
NtAllocateVirtualMemory
process_identifier: 732
region_size: 1376256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00740000
success 0 0
1619826880.678793
NtAllocateVirtualMemory
process_identifier: 732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00850000
success 0 0
1619826881.053793
NtAllocateVirtualMemory
process_identifier: 732
region_size: 589824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00360000
success 0 0
1619826881.053793
NtAllocateVirtualMemory
process_identifier: 732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003b0000
success 0 0
1619826881.209793
NtProtectVirtualMemory
process_identifier: 732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73e71000
success 0 0
1619826881.474793
NtAllocateVirtualMemory
process_identifier: 732
region_size: 1376256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x02110000
success 0 0
1619826881.474793
NtAllocateVirtualMemory
process_identifier: 732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02220000
success 0 0
1619826881.474793
NtAllocateVirtualMemory
process_identifier: 732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0039a000
success 0 0
1619826881.474793
NtProtectVirtualMemory
process_identifier: 732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73e72000
success 0 0
1619826881.474793
NtAllocateVirtualMemory
process_identifier: 732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00392000
success 0 0
1619826881.693793
NtAllocateVirtualMemory
process_identifier: 732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003a2000
success 0 0
1619826881.771793
NtAllocateVirtualMemory
process_identifier: 732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00485000
success 0 0
1619826881.771793
NtAllocateVirtualMemory
process_identifier: 732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0048b000
success 0 0
1619826881.771793
NtAllocateVirtualMemory
process_identifier: 732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00487000
success 0 0
1619826881.896793
NtAllocateVirtualMemory
process_identifier: 732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003a3000
success 0 0
1619826881.928793
NtAllocateVirtualMemory
process_identifier: 732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003ac000
success 0 0
1619826881.990793
NtAllocateVirtualMemory
process_identifier: 732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005b0000
success 0 0
1619826882.006793
NtAllocateVirtualMemory
process_identifier: 732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f6000
success 0 0
1619826882.021793
NtAllocateVirtualMemory
process_identifier: 732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003fa000
success 0 0
1619826882.021793
NtAllocateVirtualMemory
process_identifier: 732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f7000
success 0 0
1619826882.115793
NtAllocateVirtualMemory
process_identifier: 732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003a4000
success 0 0
1619826882.287793
NtAllocateVirtualMemory
process_identifier: 732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003a5000
success 0 0
1619826882.381793
NtAllocateVirtualMemory
process_identifier: 732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005b1000
success 0 0
1619826882.459793
NtAllocateVirtualMemory
process_identifier: 732
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x008c0000
success 0 0
1619826882.974793
NtAllocateVirtualMemory
process_identifier: 732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003a6000
success 0 0
1619826882.974793
NtAllocateVirtualMemory
process_identifier: 732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005b2000
success 0 0
1619834078.9175
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75261000
success 0 0
1619834078.9175
NtAllocateVirtualMemory
process_identifier: 2620
region_size: 458752
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00610000
success 0 0
1619834078.9175
NtAllocateVirtualMemory
process_identifier: 2620
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00640000
success 0 0
1619834078.9335
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73e71000
success 0 0
1619834078.9335
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x751a1000
success 0 0
1619834078.9335
NtAllocateVirtualMemory
process_identifier: 2620
region_size: 1048576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00850000
success 0 0
1619834078.9335
NtAllocateVirtualMemory
process_identifier: 2620
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00910000
success 0 0
1619834078.9335
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73e71000
success 0 0
1619834078.9485
NtAllocateVirtualMemory
process_identifier: 2620
region_size: 1966080
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00ba0000
success 0 0
1619834078.9485
NtAllocateVirtualMemory
process_identifier: 2620
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00d40000
success 0 0
1619834078.9645
NtAllocateVirtualMemory
process_identifier: 2620
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0052a000
success 0 0
1619834078.9645
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73e72000
success 0 0
1619834078.9645
NtAllocateVirtualMemory
process_identifier: 2620
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00522000
success 0 0
1619834078.9645
NtAllocateVirtualMemory
process_identifier: 2620
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00532000
success 0 0
1619834079.0425
NtAllocateVirtualMemory
process_identifier: 2620
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00565000
success 0 0
1619834079.0425
NtAllocateVirtualMemory
process_identifier: 2620
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0056b000
success 0 0
1619834079.0425
NtAllocateVirtualMemory
process_identifier: 2620
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00567000
success 0 0
1619834079.0425
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x755f1000
success 0 0
1619834079.0585
NtAllocateVirtualMemory
process_identifier: 2620
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00533000
success 0 0
1619834079.0735
NtProtectVirtualMemory
process_identifier: 2620
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74511000
success 0 0
1619834079.0895
NtAllocateVirtualMemory
process_identifier: 2620
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00534000
success 0 0
1619834079.0895
NtAllocateVirtualMemory
process_identifier: 2620
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0053c000
success 0 0
1619834079.1055
NtAllocateVirtualMemory
process_identifier: 2620
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00e10000
success 0 0
1619834079.1055
NtAllocateVirtualMemory
process_identifier: 2620
region_size: 49152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00e11000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.8541837903875 section {'size_of_data': '0x0005b200', 'virtual_address': '0x00002000', 'entropy': 7.8541837903875, 'name': '.text', 'virtual_size': '0x0005b134'} description A section with a high entropy has been found
entropy 0.8486612339930152 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (21 个事件)
Time & API Arguments Status Return Repeated
1619826882.881793
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619834092.5585
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619834081.52675
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619834093.54225
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619834084.636501
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619834096.792626
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619834088.183375
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619834101.683125
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619834091.058375
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619834104.98025
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619834094.339875
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619834108.339125
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619834098.823626
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619834111.198626
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619834109.089375
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619834123.823125
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619834124.48025
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619834133.261875
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619834146.51175
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619834144.02675
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619834158.55825
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
Terminates another process (50 个事件)
Time & API Arguments Status Return Repeated
1619834119.2925
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3272
process_handle: 0x00000278
failed 0 0
1619834119.2925
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3272
process_handle: 0x00000278
failed 3221225738 0
1619834081.68375
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000274
failed 0 0
1619834081.68375
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000274
success 0 0
1619834120.32325
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3272
process_handle: 0x00000274
failed 0 0
1619834120.32325
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3272
process_handle: 0x00000274
failed 3221225738 0
1619834084.776501
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000274
failed 0 0
1619834084.776501
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000274
success 0 0
1619834118.683626
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3272
process_handle: 0x00000278
failed 0 0
1619834118.683626
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3272
process_handle: 0x00000278
success 0 0
1619834127.323626
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3604
process_handle: 0x00000278
failed 0 0
1619834127.323626
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3604
process_handle: 0x00000278
success 0 0
1619834143.776626
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 2620
process_handle: 0x00000278
failed 0 0
1619834143.776626
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 2620
process_handle: 0x00000278
success 0 0
1619834156.058626
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3412
process_handle: 0x00000278
failed 0 0
1619834156.058626
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3412
process_handle: 0x00000278
success 0 0
1619834165.136626
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 2856
process_handle: 0x00000278
failed 0 0
1619834165.136626
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 2856
process_handle: 0x00000278
success 0 0
1619834088.308375
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000270
failed 0 0
1619834088.308375
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000270
success 0 0
1619834091.183375
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000270
failed 0 0
1619834091.183375
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000270
success 0 0
1619834120.73025
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3272
process_handle: 0x00000274
failed 0 0
1619834120.73025
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3272
process_handle: 0x00000274
failed 3221225738 0
1619834094.495875
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000026c
failed 0 0
1619834094.495875
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000026c
success 0 0
1619834120.433125
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3272
process_handle: 0x00000278
failed 0 0
1619834120.433125
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3272
process_handle: 0x00000278
failed 3221225738 0
1619834099.230626
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000270
failed 0 0
1619834099.230626
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000270
success 0 0
1619834122.980626
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3272
process_handle: 0x00000274
failed 0 0
1619834122.980626
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3272
process_handle: 0x00000274
failed 3221225738 0
1619834110.886375
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000278
failed 0 0
1619834110.886375
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000278
success 0 0
1619834126.589125
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3192
process_handle: 0x00000274
failed 0 0
1619834126.589125
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3192
process_handle: 0x00000274
success 0 0
1619834136.589125
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3772
process_handle: 0x00000274
failed 0 0
1619834136.589125
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3772
process_handle: 0x00000274
success 0 0
1619834136.605125
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3604
process_handle: 0x00000274
failed 0 0
1619834136.620125
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3604
process_handle: 0x00000274
failed 3221225738 0
1619834124.77625
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000270
failed 0 0
1619834124.77625
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000270
success 0 0
1619834133.589875
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000270
failed 0 0
1619834133.605875
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000270
success 0 0
1619834157.24575
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3292
process_handle: 0x00000274
failed 0 0
1619834157.24575
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3292
process_handle: 0x00000274
success 0 0
1619834145.08975
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000274
failed 0 0
1619834145.08975
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000274
success 0 0
1619834160.12025
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000270
failed 0 0
1619834160.12025
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000270
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
A process attempted to delay the analysis task. (1 个事件)
description RegAsm.exe tried to sleep 8184639 seconds, actually delayed analysis time by 8184639 seconds
File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.43656368
FireEye Generic.mg.ad630341a62ddfd6
McAfee Artemis!AD630341A62D
Cylance Unsafe
Zillya Trojan.GenKryptik.Win32.56453
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0056c5e01 )
Alibaba Trojan:Win32/csharp.ali2000008
K7GW Trojan ( 0056c5e01 )
Cybereason malicious.1a62dd
Arcabit Trojan.Generic.D29A24B0
Cyren W32/MSIL_Kryptik.XL.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan-PSW.MSIL.Agensla.gen
BitDefender Trojan.GenericKD.43656368
NANO-Antivirus Trojan.Win32.Agensla.hrtdeh
Avast Win32:TrojanX-gen [Trj]
Tencent Win32.Trojan.Inject.Auto
Ad-Aware Trojan.GenericKD.43656368
Emsisoft Trojan.GenericKD.43656368 (B)
Comodo Malware@#220es9yaziqzs
F-Secure Trojan.TR/Kryptik.wgwon
DrWeb Trojan.KillProc2.11346
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_FRS.0NA103HD20
McAfee-GW-Edition Artemis!Trojan
Sophos Mal/Generic-R + Troj/Hawkey-XU
ESET-NOD32 a variant of MSIL/Kryptik.YRH
eGambit Unsafe.AI_Score_95%
Avira TR/Kryptik.wgwon
Antiy-AVL Trojan[PSW]/MSIL.Agensla
Kingsoft Win32.PSWTroj.Undef.(kcloud)
Gridinsoft Trojan.Win32.Kryptik.oa
Microsoft Trojan:MSIL/Agensla.GA!MTB
AegisLab Trojan.MSIL.Agensla.i!c
ZoneAlarm HEUR:Trojan-PSW.MSIL.Agensla.gen
GData Trojan.GenericKD.43656368
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.RL_Generic.R357247
BitDefenderTheta Gen:NN.ZemsilF.34608.AmW@aG1K@Ufi
ALYac Spyware.AgentTesla
MAX malware (ai score=86)
VBA32 TScope.Trojan.MSIL
Malwarebytes Backdoor.NanoCore
TrendMicro-HouseCall TROJ_FRS.0NA103HD20
Rising Trojan.GenKryptik!8.AA55 (CLOUD)
Yandex Trojan.GenKryptik!NhnLoVBiBYA
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-12 18:00:41

Imports

Library mscoree.dll:
0x402000 _CorExeMain

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.