4.0
中危
57 个模型检测该样本为恶意!
重新分析
更多

455a500ea93a92f98650b301e2198c019ea63821af4b70434cad46f05eae853f

b034a30cb1bcfe53f8c8a853cf398647.exe

分析耗时

73s

最近分析

文件大小

546.5KB
静态报毒 动态报毒 AI SCORE=80 AIDETECTVM ANSERIN BANKERX BSCOPE CLASSIC CONFIDENCE ELDORADO ENCPK GA@8SFC92 GENERICKDZ GENETIC HIGH CONFIDENCE HKWPVY INJECT3 IQW@AGWRYOCI KRYPTIK KZIP MALICIOUS PE MALWARE1 MULDROP N4449CCFG QAKBOT QBOT R + MAL R338953 SCORE SMTHA STATIC AI TDLGR UNSAFE ZENPAK ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Packed-GBS!B034A30CB1BC 20201211 6.0.6.653
Alibaba Backdoor:Win32/KZip.e007fc89 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_80% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:BankerX-gen [Trj] 20201210 21.1.5827.0
Kingsoft 20201211 2017.9.26.565
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1619861119.133465
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619880819.537126
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619880820.193126
__exception__
stacktrace: 
b034a30cb1bcfe53f8c8a853cf398647+0x3f07 @ 0x403f07
b034a30cb1bcfe53f8c8a853cf398647+0x1b25 @ 0x401b25
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 6432528
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: b034a30cb1bcfe53f8c8a853cf398647+0x3449
exception.instruction: in eax, dx
exception.module: b034a30cb1bcfe53f8c8a853cf398647.exe
exception.exception_code: 0xc0000096
exception.offset: 13385
exception.address: 0x403449
success 0 0
1619880820.193126
__exception__
stacktrace: 
b034a30cb1bcfe53f8c8a853cf398647+0x3f10 @ 0x403f10
b034a30cb1bcfe53f8c8a853cf398647+0x1b25 @ 0x401b25
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637628
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 6432528
registers.ecx: 20
exception.instruction_r: ed 89 45 e4 5a 59 5b 58 83 4d fc ff eb 11 33 c0
exception.symbol: b034a30cb1bcfe53f8c8a853cf398647+0x34e2
exception.instruction: in eax, dx
exception.module: b034a30cb1bcfe53f8c8a853cf398647.exe
exception.exception_code: 0xc0000096
exception.offset: 13538
exception.address: 0x4034e2
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1619861118.883465
NtAllocateVirtualMemory
process_identifier: 368
region_size: 225280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003b0000
success 0 0
1619861118.899465
NtAllocateVirtualMemory
process_identifier: 368
region_size: 221184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00490000
success 0 0
1619861118.899465
NtProtectVirtualMemory
process_identifier: 368
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 237568
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619880819.459126
NtAllocateVirtualMemory
process_identifier: 2452
region_size: 225280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00490000
success 0 0
1619880819.475126
NtAllocateVirtualMemory
process_identifier: 2452
region_size: 221184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004d0000
success 0 0
1619880819.490126
NtProtectVirtualMemory
process_identifier: 2452
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 237568
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619861119.852465
CreateProcessInternalW
thread_identifier: 2404
thread_handle: 0x00000144
process_identifier: 2452
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\b034a30cb1bcfe53f8c8a853cf398647.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000148
inherit_handles: 0
success 1 0
Expresses interest in specific running processes (1 个事件)
process vboxservice.exe
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Detects VMWare through the in instruction feature (1 个事件)
Time & API Arguments Status Return Repeated
1619880820.193126
__exception__
stacktrace: 
b034a30cb1bcfe53f8c8a853cf398647+0x3f07 @ 0x403f07
b034a30cb1bcfe53f8c8a853cf398647+0x1b25 @ 0x401b25
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 6432528
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: b034a30cb1bcfe53f8c8a853cf398647+0x3449
exception.instruction: in eax, dx
exception.module: b034a30cb1bcfe53f8c8a853cf398647.exe
exception.exception_code: 0xc0000096
exception.offset: 13385
exception.address: 0x403449
success 0 0
File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.67552
FireEye Generic.mg.b034a30cb1bcfe53
McAfee Packed-GBS!B034A30CB1BC
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Backdoor ( 00546c1a1 )
Alibaba Backdoor:Win32/KZip.e007fc89
K7GW Backdoor ( 00546c1a1 )
CrowdStrike win/malicious_confidence_80% (W)
Arcabit Trojan.Generic.D107E0
Cyren W32/Qakbot.T.gen!Eldorado
Symantec Trojan.Anserin
APEX Malicious
Avast Win32:BankerX-gen [Trj]
Kaspersky HEUR:Trojan.Win32.Zenpak.pef
BitDefender Trojan.GenericKDZ.67552
NANO-Antivirus Trojan.Win32.Inject3.hkwpvy
Paloalto generic.ml
AegisLab Trojan.Win32.Malicious.4!c
Ad-Aware Trojan.GenericKDZ.67552
Sophos Mal/Generic-R + Mal/EncPk-APV
Comodo TrojWare.Win32.Qbot.GA@8sfc92
F-Secure Trojan.TR/AD.Qbot.tdlgr
DrWeb Trojan.Inject3.40873
Zillya Trojan.Zenpak.Win32.2106
TrendMicro TrojanSpy.Win32.QAKBOT.SMTHA.hp
McAfee-GW-Edition BehavesLike.Win32.Generic.hm
Emsisoft Trojan.GenericKDZ.67552 (B)
Ikarus Backdoor.QBot
Jiangmin Trojan.Zenpak.bwa
Webroot W32.Trojan.Gen
Avira TR/AD.Qbot.tdlgr
MAX malware (ai score=80)
Antiy-AVL Trojan/Win32.Zenpak
Microsoft Trojan:Win32/Qakbot.AR!MTB
ZoneAlarm HEUR:Trojan.Win32.Zenpak.pef
GData Trojan.GenericKDZ.67552
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.QBot.R338953
Acronis suspicious
BitDefenderTheta Gen:NN.ZexaF.34670.IqW@aGwryoci
ALYac Backdoor.QBot.gen
VBA32 BScope.Trojan.MulDrop
Malwarebytes Trojan.MalPack
ESET-NOD32 Win32/Qbot.CC
TrendMicro-HouseCall TrojanSpy.Win32.QAKBOT.SMTHA.hp
Rising Trojan.Kryptik!1.C745 (CLASSIC)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-06-02 01:41:11

Imports

Library KERNEL32.dll:
0x4829c0 ReleaseMutex
0x4829c4 lstrcmpW
0x4829c8 lstrcpynW
0x4829cc GetLastError
0x4829d0 OpenProcess
0x4829d4 CreateMutexW
0x4829d8 GetCurrentProcessId
0x4829e0 TerminateProcess
0x4829e4 GetCurrentProcess
0x4829f0 GetTickCount
0x4829f4 GetCommandLineW
0x4829f8 GetModuleHandleA
0x4829fc GetStartupInfoA
0x482a00 GetProcAddress
0x482a04 Sleep
0x482a08 LoadLibraryA
0x482a0c CloseHandle
0x482a10 lstrcmpiW
0x482a18 CreateThread
0x482a1c GetCurrentThreadId
0x482a20 OpenEventW
0x482a24 CreateEventW
0x482a28 SetEvent
0x482a2c lstrlenW
0x482a38 CopyFileExA
0x482a3c QueueUserWorkItem
0x482a40 _lopen
0x482a48 RemoveDirectoryW
0x482a4c PulseEvent
0x482a50 EscapeCommFunction
0x482a54 GlobalWire
0x482a5c DefineDosDeviceA
0x482a60 QueryDosDeviceW
0x482a68 EnumDateFormatsExW
0x482a70 TlsSetValue
0x482a74 TlsGetValue
0x482a78 LocalAlloc
0x482a7c GetModuleHandleW
0x482a80 WriteProcessMemory
0x482a88 WaitForSingleObject
0x482a8c VirtualProtect
0x482a90 ReadProcessMemory
0x482a94 ReadFile
0x482a98 PeekNamedPipe
0x482a9c OutputDebugStringW
0x482aa0 MulDiv
0x482aa4 LoadLibraryW
0x482aac IsBadWritePtr
0x482ab0 IsBadReadPtr
0x482ab8 HeapFree
0x482abc HeapDestroy
0x482ac0 HeapCreate
0x482ac4 HeapAlloc
0x482acc GlobalFindAtomW
0x482ad4 GetVersionExW
0x482ad8 GetTempPathW
0x482adc GetSystemInfo
0x482ae0 GetSystemDirectoryW
0x482ae8 GetExitCodeProcess
0x482af4 InterlockedExchange
0x482b00 FreeLibrary
0x482b0c ExitProcess
0x482b14 CreateProcessW
0x482b18 CreatePipe
0x482b1c CopyFileW
Library USER32.dll:
0x482b2c MessageBoxW
0x482b30 LoadStringW
0x482b38 OpenWindowStationW
0x482b3c CloseWindowStation
0x482b40 SetWindowPos
0x482b44 OpenInputDesktop
0x482b48 GetDesktopWindow
0x482b4c wsprintfW
0x482b50 EnableWindow
0x482b54 GetDlgItem
0x482b58 IsIconic
0x482b5c EndDialog
0x482b60 IsDlgButtonChecked
0x482b64 WinHelpW
0x482b68 MessageBeep
0x482b6c GetSystemMetrics
0x482b70 PostQuitMessage
0x482b74 ShowWindow
0x482b78 KillTimer
0x482b7c SetTimer
0x482b80 CheckDlgButton
0x482b84 DialogBoxParamW
0x482b8c AppendMenuW
0x482b90 GetSystemMenu
0x482b94 CreateDialogParamW
0x482b98 DispatchMessageW
0x482b9c TranslateMessage
0x482ba0 IsDialogMessageW
0x482ba4 GetMessageW
0x482bac OpenDesktopW
0x482bb4 CloseDesktop
0x482bb8 LoadImageW
0x482bbc SendMessageW
0x482bc0 GetThreadDesktop
0x482bc4 SetThreadDesktop
0x482bc8 IsWindowVisible
0x482bcc PostMessageW
0x482bd0 GetWindowRect
0x482bd4 ToAscii
0x482bd8 GetParent
0x482bdc SetActiveWindow
0x482be0 DispatchMessageA
0x482be4 EnumDesktopWindows
0x482be8 SetShellWindow
0x482bec TrackMouseEvent
0x482bf0 LoadAcceleratorsA
0x482bf4 CreateWindowExW
0x482bf8 UpdateWindow
0x482bfc ShowCaret
0x482c00 SetWindowRgn
0x482c04 SetWindowLongW
0x482c08 SetScrollInfo
0x482c0c SetPropW
0x482c10 SetForegroundWindow
0x482c14 SetFocus
0x482c18 RemovePropW
0x482c1c ReleaseDC
0x482c20 ReleaseCapture
0x482c28 RegisterClassW
0x482c2c RedrawWindow
0x482c30 PtInRect
0x482c34 OffsetRect
0x482c38 MapWindowPoints
0x482c3c LoadCursorW
0x482c40 InvalidateRect
0x482c44 InflateRect
0x482c48 HideCaret
0x482c4c GetWindowPlacement
0x482c50 GetWindowLongW
0x482c54 GetWindowDC
0x482c58 GetSysColor
0x482c5c GetScrollRange
0x482c60 GetScrollPos
0x482c64 GetScrollInfo
0x482c68 GetScrollBarInfo
0x482c6c GetIconInfo
0x482c70 GetDC
0x482c74 GetCursorPos
0x482c78 GetCursor
0x482c7c GetClientRect
0x482c80 GetClassNameW
0x482c84 GetClassInfoW
0x482c88 GetCapture
0x482c8c FrameRect
0x482c90 FindWindowW
0x482c94 FillRect
0x482c98 EndPaint
0x482c9c DrawTextExW
0x482ca0 DrawTextW
0x482ca4 DrawFrameControl
0x482ca8 DestroyWindow
0x482cac DefWindowProcW
0x482cb0 CallWindowProcW
0x482cb4 BeginPaint
0x482cb8 AnyPopup
0x482cbc LoadIconW
0x482cc0 CharLowerA
0x482cc8 EndMenu
0x482ccc IsCharLowerW
0x482cd0 LoadCursorFromFileA
0x482cd4 GetMenu
0x482cd8 PaintDesktop
0x482cdc GetClipboardData
0x482ce0 GetTopWindow
0x482ce8 CharUpperW
0x482cec IsCharLowerA
0x482cf0 GetMessageExtraInfo
0x482cf4 OpenIcon
0x482cf8 GetKBCodePage
0x482d00 LoadCursorFromFileW
Library GDI32.dll:
0x482d08 DPtoLP
0x482d0c EnumMetaFile
0x482d10 GdiGetBatchLimit
0x482d14 GetGlyphOutlineW
0x482d24 GdiConvertBrush
0x482d28 SetPixelV
0x482d2c CombineTransform
0x482d38 DeleteColorSpace
0x482d3c GetBkColor
0x482d40 DeleteDC
0x482d44 XFORMOBJ_iGetXform
0x482d48 SetPixel
0x482d50 GetMetaRgn
0x482d54 GetStockObject
0x482d58 SetICMProfileW
0x482d5c FONTOBJ_vGetInfo
0x482d60 SetWindowExtEx
0x482d64 CreateFontIndirectA
0x482d6c GetBoundsRect
0x482d70 SetPixelFormat
0x482d74 StretchDIBits
0x482d78 StretchBlt
0x482d7c SetViewportOrgEx
0x482d80 SetTextColor
0x482d84 SetTextAlign
0x482d88 SetStretchBltMode
0x482d8c SetBkMode
0x482d90 SetBkColor
0x482d94 SelectPalette
0x482d98 SelectObject
0x482d9c SelectClipRgn
0x482da0 SaveDC
0x482da4 RestoreDC
0x482da8 ResizePalette
0x482dac RealizePalette
0x482db0 Polygon
0x482db4 IntersectClipRect
0x482db8 GetViewportOrgEx
0x482dbc GetTextMetricsW
0x482dc4 GetTextAlign
0x482dc8 GetPaletteEntries
0x482dcc GetObjectType
0x482dd0 GetObjectW
0x482dd8 GetDeviceCaps
0x482ddc GetDIBits
0x482de0 GetCurrentObject
0x482de4 GetClipBox
0x482de8 ExcludeClipRect
0x482dec DeleteObject
0x482df0 CreateSolidBrush
0x482df4 CreateRoundRectRgn
0x482df8 CreateRectRgn
0x482dfc CreatePalette
0x482e04 CreateFontIndirectW
0x482e08 CreateDIBSection
0x482e0c CreateCompatibleDC
0x482e14 BitBlt
0x482e18 SetMetaRgn
0x482e1c GetTextColor
0x482e20 CreatePatternBrush
0x482e24 EndDoc
0x482e28 StrokePath
0x482e2c CloseMetaFile
0x482e30 AbortDoc
0x482e34 AbortPath
Library ADVAPI32.dll:
0x482e3c RegSetValueExW
0x482e40 RegOpenKeyExA
0x482e44 RegQueryValueExA
0x482e4c GetAclInformation
0x482e50 GetAce
0x482e54 IsWellKnownSid
0x482e58 RegOpenKeyExW
0x482e5c RegQueryValueExW
0x482e60 RegCloseKey
0x482e64 OpenProcessToken
0x482e68 DuplicateTokenEx
0x482e74 FreeSid
0x482e78 RegCreateKeyExW
0x482e7c GetUserNameW
0x482e80 RegOpenKeyA
Library SHELL32.dll:
0x482e88 ShellExecuteW
0x482e90 SHAddToRecentDocs
0x482e94 ExtractIconExA
0x482e9c SHGetFileInfoW
0x482ea0 SHGetDiskFreeSpaceA
0x482eac DragQueryPoint
0x482eb0 SHFormatDrive
0x482ec4 ShellHookProc
0x482ecc SHFileOperationW
0x482ed0 ShellAboutW
0x482ed8 FindExecutableW
0x482edc Shell_NotifyIconW
0x482ee0 SHGetFileInfo
0x482ee4 ExtractIconEx
0x482ee8 SHBrowseForFolder
0x482eec ShellAboutA
0x482ef0 DuplicateIcon
0x482ef4 SHGetFileInfoA
0x482efc ShellExecuteEx
Library ole32.dll:
0x482f04 CoInitialize
0x482f08 CoCreateInstance
0x482f0c CoTaskMemFree
Library SHLWAPI.dll:
0x482f14 StrStrA
0x482f18 StrChrIA
0x482f1c StrChrIW
0x482f20 StrStrIA
0x482f24 StrRStrIW
0x482f28 StrRChrW
0x482f2c StrStrW
0x482f30 StrChrA
0x482f34 StrStrIW
Library COMCTL32.dll:
0x482f3c _TrackMouseEvent
0x482f44 ImageList_Draw

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.