SmartHawk

2.8

中危

56 个模型检测该样本为恶意！

重新分析

下载样本

3d569e91d2ca75b52e3baa820cf909bb86e8163fcc8a03a7d88dd37654914cd2

b2169c360386860fab55bb2deb32d94c.exe

分析耗时

67s

最近分析

文件大小

533.5KB

静态报毒动态报毒 100% AI SCORE=82 AIDETECTVM ATTRIBUTE CLOUD CONFIDENCE DANABOT ELDORADO GDSDA GENERICKDZ HDWU HIGH CONFIDENCE HIGHCONFIDENCE HLRUEZ HQ0@AAB2PMJG INJECT3 INJUKE KRYPTIK MALICIOUS PE MALPE MALWARE1 MALWARE@#1NWIDPTE6KXKJ MALWAREX NBHLW PBOO R339546 SCORE SUSGEN UNSAFE USXVPF720 WACATAC ZEXAF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Packed-GBE!B2169C360386	20200726	6.0.6.653
Alibaba	Trojan:Win32/Injuke.7de11ad7	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:MalwareX-gen [Trj]	20200726	18.4.3895.0
Kingsoft		20200726	2013.8.14.323
Tencent	Win32.Trojan.Injuke.Pboo	20200726	1.0.0.1
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0

This executable has a PDB path (1 个事件)

pdb_path

C:\junifu_ciwikefaxasexanim16_midec.pdbmp_417192655\bin\wipebasi.pdbP0BV

Allocates read-write-execute memory (usually to unpack itself) (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1619861132.141046 NtProtectVirtualMemory	process_identifier: 912 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 372736 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x01f1a000	success	0	0
1619861132.188046 NtAllocateVirtualMemory	process_identifier: 912 region_size: 552960 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00310000	success	0	0

The binary likely contains encrypted or compressed data indicative of a packer (3 个事件)

entropy

6.897165631646824

section

{'size_of_data': '0x0000d400', 'virtual_address': '0x00001000', 'entropy': 6.897165631646824, 'name': '.text', 'virtual_size': '0x0000d3d8'}

description

A section with a high entropy has been found

entropy

7.985460199879602

section

{'size_of_data': '0x0005ee00', 'virtual_address': '0x0000f000', 'entropy': 7.985460199879602, 'name': '.rdata', 'virtual_size': '0x0005ede6'}

description

A section with a high entropy has been found

entropy

0.812206572769953

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)

Bkav	W32.AIDetectVM.malware1
MicroWorld-eScan	Trojan.GenericKDZ.67631
Qihoo-360	Win32/Trojan.dd3
McAfee	Packed-GBE!B2169C360386
Cylance	Unsafe
Zillya	Trojan.Kryptik.Win32.2048491
Sangfor	Malware
K7AntiVirus	Trojan ( 0056a4591 )
Alibaba	Trojan:Win32/Injuke.7de11ad7
K7GW	Trojan ( 0056a4591 )
Cybereason	malicious.340799
Arcabit	Trojan.Generic.D1082F
TrendMicro	Trojan.Win32.WACATAC.USXVPF720
F-Prot	W32/S-d364ccf3!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:MalwareX-gen [Trj]
GData	Trojan.GenericKDZ.67631
Kaspersky	Trojan.Win32.Injuke.cuj
BitDefender	Trojan.GenericKDZ.67631
NANO-Antivirus	Trojan.Win32.Inject3.hlruez
Paloalto	generic.ml
Rising	Trojan.Kryptik!1.C835 (CLOUD)
Ad-Aware	Trojan.GenericKDZ.67631
Emsisoft	Trojan.GenericKDZ.67631 (B)
Comodo	Malware@#1nwidpte6kxkj
F-Secure	Trojan.TR/Crypt.Agent.nbhlw
DrWeb	Trojan.Inject3.42158
VIPRE	Trojan.Win32.Generic!BT
Invincea	heuristic
FireEye	Generic.mg.b2169c360386860f
Sophos	Mal/Generic-S
SentinelOne	DFI - Malicious PE
Cyren	W32/S-d364ccf3!Eldorado
Jiangmin	Trojan.Injuke.cz
Avira	TR/Crypt.Agent.nbhlw
Antiy-AVL	Trojan/Win32.Injuke
Endgame	malicious (high confidence)
AegisLab	Trojan.Win32.Malicious.4!c
ZoneAlarm	Trojan.Win32.Injuke.cuj
Microsoft	Trojan:Win32/DanaBot.GJ!MTB
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.MalPe.R339546
MAX	malware (ai score=82)
Malwarebytes	Trojan.MalPack.GS
ESET-NOD32	a variant of Win32/Kryptik.HDWU
TrendMicro-HouseCall	Trojan.Win32.WACATAC.USXVPF720
Tencent	Win32.Trojan.Injuke.Pboo
Ikarus	Trojan.Win32.Crypt
eGambit	Unsafe.AI_Score_86%

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2019-11-08 19:58:45

Imports

Library KERNEL32.dll:

• 0x40f000 LoadResource

• 0x40f004 GlobalAddAtomA

• 0x40f008 GetCurrentProcess

• 0x40f00c GetUserDefaultLCID

• 0x40f010 GetCommProperties

• 0x40f014 GetTickCount

• 0x40f018 WriteFile

• 0x40f01c GetUserGeoID

• 0x40f020 GetProcessTimes

• 0x40f024 TlsSetValue

• 0x40f028 IsBadStringPtrA

• 0x40f02c WritePrivateProfileStringW

• 0x40f030 GlobalUnlock

• 0x40f034 GetProcAddress

• 0x40f038 GetTapeStatus

• 0x40f03c ReadFileEx

• 0x40f040 LoadLibraryA

• 0x40f044 CreateHardLinkW

• 0x40f048 RemoveDirectoryW

• 0x40f04c GetTapeParameters

• 0x40f050 OpenFileMappingW

• 0x40f054 BuildCommDCBA

• 0x40f058 LocalFree

• 0x40f05c GetProcessIoCounters

• 0x40f060 GetNumberOfConsoleInputEvents

• 0x40f064 lstrlenA

• 0x40f068 SetProcessAffinityMask

• 0x40f06c GlobalFix

• 0x40f070 SetConsoleTitleA

• 0x40f074 UnregisterWait

• 0x40f078 EncodePointer

• 0x40f07c DecodePointer

• 0x40f080 GetCommandLineA

• 0x40f084 HeapSetInformation

• 0x40f088 GetStartupInfoW

• 0x40f08c TerminateProcess

• 0x40f090 UnhandledExceptionFilter

• 0x40f094 SetUnhandledExceptionFilter

• 0x40f098 IsDebuggerPresent

• 0x40f09c Sleep

• 0x40f0a0 HeapSize

• 0x40f0a4 GetModuleHandleW

• 0x40f0a8 ExitProcess

• 0x40f0ac GetStdHandle

• 0x40f0b0 GetModuleFileNameW

• 0x40f0b4 GetModuleFileNameA

• 0x40f0b8 FreeEnvironmentStringsW

• 0x40f0bc WideCharToMultiByte

• 0x40f0c0 GetEnvironmentStringsW

• 0x40f0c4 SetHandleCount

• 0x40f0c8 InitializeCriticalSectionAndSpinCount

• 0x40f0cc GetFileType

• 0x40f0d0 DeleteCriticalSection

• 0x40f0d4 TlsAlloc

• 0x40f0d8 TlsGetValue

• 0x40f0dc TlsFree

• 0x40f0e0 InterlockedIncrement

• 0x40f0e4 SetLastError

• 0x40f0e8 GetCurrentThreadId

• 0x40f0ec GetLastError

• 0x40f0f0 InterlockedDecrement

• 0x40f0f4 HeapCreate

• 0x40f0f8 QueryPerformanceCounter

• 0x40f0fc GetCurrentProcessId

• 0x40f100 GetSystemTimeAsFileTime

• 0x40f104 GetCPInfo

• 0x40f108 GetACP

• 0x40f10c GetOEMCP

• 0x40f110 IsValidCodePage

• 0x40f114 HeapAlloc

• 0x40f118 HeapReAlloc

• 0x40f11c LeaveCriticalSection

• 0x40f120 EnterCriticalSection

• 0x40f124 LoadLibraryW

• 0x40f128 RtlUnwind

• 0x40f12c HeapFree

• 0x40f130 LCMapStringW

• 0x40f134 MultiByteToWideChar

• 0x40f138 GetStringTypeW

• 0x40f13c IsProcessorFeaturePresent

• 0x40f140 RaiseException

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58368	239.255.255.250	3702
192.168.56.101	58370	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.