9.2
极危
48 个模型检测该样本为恶意!
重新分析
更多

548c375182f63e134625ec757d001e42051be39bf22f4065932ba53557825312

b2739f6ec18e593bfe048aa21825466c.exe

分析耗时

81s

最近分析

文件大小

3.4MB
静态报毒 动态报毒 0NA103F120 A VARIANT OF GENERIK AI SCORE=100 ARTEMIS ATTRIBUTE CLOUD CONFIDENCE GENERICKD GPZCJJJ HIGH HIGHCONFIDENCE MALWARE@#2Q0AHHORW93T9 NANOBOT NANOCORE PDVN PGMFG SCORE SUSGEN TPYN UNDEFINED UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!B2739F6EC18E 20200709 6.0.6.653
Alibaba Trojan:Win32/NanoBot.ca2982ae 20190527 0.3.0.5
Avast Win32:Malware-gen 20200709 18.4.3895.0
Tencent Win32.Trojan.Nanobot.Pdvn 20200709 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft 20200709 2013.8.14.323
CrowdStrike win/malicious_confidence_80% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619889312.071352
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1619889309.196352
IsDebuggerPresent
failed 0 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
This executable has a PDB path (1 个事件)
pdb_path wextract.pdb
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619889311.837352
GlobalMemoryStatusEx
success 1 0
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name AVI
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Connects to a Dynamic DNS Domain (1 个事件)
domain cheks.ddns.net
Allocates read-write-execute memory (usually to unpack itself) (50 out of 103 个事件)
Time & API Arguments Status Return Repeated
1619889304.211
NtProtectVirtualMemory
process_identifier: 2636
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x750c1000
success 0 0
1619889305.414
NtProtectVirtualMemory
process_identifier: 2636
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75091000
success 0 0
1619889306.07025
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74581000
success 0 0
1619889306.14825
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74fd1000
success 0 0
1619889306.14825
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74251000
success 0 0
1619889306.21125
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74fa1000
success 0 0
1619889306.28925
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74541000
success 0 0
1619889306.50725
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x741d1000
success 0 0
1619889306.50725
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x741a1000
success 0 0
1619889307.94525
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74511000
success 0 0
1619889328.63225
NtProtectVirtualMemory
process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75c41000
success 0 0
1619889308.618352
NtProtectVirtualMemory
process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x740b1000
success 0 0
1619889308.633352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 1638400
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00a80000
success 0 0
1619889308.633352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00bd0000
success 0 0
1619889308.962352
NtProtectVirtualMemory
process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b01000
success 0 0
1619889308.962352
NtProtectVirtualMemory
process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73ac4000
success 0 0
1619889309.102352
NtProtectVirtualMemory
process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b01000
success 0 0
1619889309.196352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0046a000
success 0 0
1619889309.196352
NtProtectVirtualMemory
process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b02000
success 0 0
1619889309.196352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00462000
success 0 0
1619889309.383352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00472000
success 0 0
1619889309.508352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00473000
success 0 0
1619889309.524352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004ab000
success 0 0
1619889309.524352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004a7000
success 0 0
1619889309.883352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00474000
success 0 0
1619889309.883352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00475000
success 0 0
1619889309.915352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00476000
success 0 0
1619889309.915352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0047c000
success 0 0
1619889310.102352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00910000
success 0 0
1619889310.212352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
base_address: 0x7ef50000
success 0 0
1619889310.212352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x7ef50000
success 0 0
1619889310.212352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x7ef50000
success 0 0
1619889310.212352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
base_address: 0x7ef40000
success 0 0
1619889310.212352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x7ef40000
success 0 0
1619889310.243352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0049a000
success 0 0
1619889310.290352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00477000
success 0 0
1619889310.337352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0048a000
success 0 0
1619889310.337352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00487000
success 0 0
1619889310.368352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0046b000
success 0 0
1619889310.446352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00486000
success 0 0
1619889310.555352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00478000
success 0 0
1619889310.602352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00a20000
success 0 0
1619889310.649352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0047a000
success 0 0
1619889310.696352
NtProtectVirtualMemory
process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x736b1000
success 0 0
1619889310.743352
NtProtectVirtualMemory
process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73651000
success 0 0
1619889310.774352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00911000
success 0 0
1619889310.774352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004a5000
success 0 0
1619889310.837352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00912000
success 0 0
1619889310.883352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 1703936
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x04fd0000
success 0 0
1619889310.883352
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05130000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (2 个事件)
Time & API Arguments Status Return Repeated
1619889304.195
GetDiskFreeSpaceW
root_path: \
sectors_per_cluster: 8
number_of_free_clusters: 4786183
total_number_of_clusters: 8362495
bytes_per_sector: 512
success 1 0
1619889304.226
GetDiskFreeSpaceW
root_path: \
sectors_per_cluster: 8
number_of_free_clusters: 4786183
total_number_of_clusters: 8362495
bytes_per_sector: 512
success 1 0
Creates executable files on the filesystem (4 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\IXP000.TMP\crypted.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\IXP000.TMP\lua51.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\IXP000.TMP\lua5.1.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\IXP000.TMP\CDS.exe
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.991299326666394 section {'size_of_data': '0x00351600', 'virtual_address': '0x0000b000', 'entropy': 7.991299326666394, 'name': '.rsrc', 'virtual_size': '0x00352000'} description A section with a high entropy has been found
entropy 0.9905247813411079 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1619889311.790352
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
One or more of the buffers contains an embedded PE file (2 个事件)
buffer Buffer with sha1: 874b7c3c97cc5b13b9dd172fec5a54bc1f258005
buffer Buffer with sha1: 874f3caf663265f7dd18fb565d91b7d915031251
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Looks for the Windows Idle Time to determine the uptime (1 个事件)
Time & API Arguments Status Return Repeated
1619889312.258352
NtQuerySystemInformation
information_class: 8 (SystemProcessorPerformanceInformation)
success 0 0
A process attempted to delay the analysis task. (1 个事件)
description crypted.exe tried to sleep 5456510 seconds, actually delayed analysis time by 5456510 seconds
Installs itself for autorun at Windows startup (2 个事件)
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 reg_value rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\IXP000.TMP\"
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\DSL Service reg_value C:\Program Files (x86)\DSL Service\dslsvc.exe
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2340 resumed a thread in remote process 2236
Time & API Arguments Status Return Repeated
1619889308.32025
NtResumeThread
thread_handle: 0x00000360
suspend_count: 1
process_identifier: 2236
success 0 0
File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 个事件)
MicroWorld-eScan Trojan.GenericKD.33924545
FireEye Generic.mg.b2739f6ec18e593b
CAT-QuickHeal Trojan.Multi
McAfee Artemis!B2739F6EC18E
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 005674761 )
Alibaba Trojan:Win32/NanoBot.ca2982ae
K7GW Trojan ( 005674761 )
Cybereason malicious.2e78e4
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Generik.GPZCJJJ
APEX Malicious
Avast Win32:Malware-gen
ClamAV Win.Malware.Generic-6895514-0
Kaspersky Trojan.Win32.NanoBot.ydd
BitDefender Trojan.GenericKD.33924545
Paloalto generic.ml
AegisLab Trojan.Multi.Generic.4!c
Tencent Win32.Trojan.Nanobot.Pdvn
Ad-Aware Trojan.GenericKD.33924545
Emsisoft Trojan.GenericKD.33924545 (B)
Comodo Malware@#2q0ahhorw93t9
F-Secure Trojan.TR/AD.Nanocore.pgmfg
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_FRS.0NA103F120
Trapmine malicious.high.ml.score
Sophos Mal/Generic-S
Webroot W32.NanoBot
Avira TR/AD.Nanocore.pgmfg
Microsoft Trojan:Win32/NanoCore!MSR
ViRobot Dropper.S.Agent.3513344
ZoneAlarm Trojan.Win32.NanoBot.ydd
GData Trojan.GenericKD.33924545
Cynet Malicious (score: 85)
AhnLab-V3 Trojan/Win32.Tpyn.C4107707
ALYac Backdoor.Agent.NanoBot.Gen
MAX malware (ai score=100)
Malwarebytes Backdoor.Agent
TrendMicro-HouseCall TROJ_FRS.0NA103F120
Rising Malware.Undefined!8.C (CLOUD)
Ikarus Trojan.Win32.Cab
Fortinet W32/Agent.RVD!tr
MaxSecure Trojan.Malware.101763785.susgen
AVG Win32:Malware-gen
Panda Trj/CI.A
CrowdStrike win/malicious_confidence_80% (W)
Qihoo-360 Win32/Trojan.BO.ad8
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2012-07-26 10:16:02

Imports

Library ADVAPI32.dll:
0x409348 OpenProcessToken
0x40934c GetTokenInformation
0x409350 RegSetValueExA
0x409354 EqualSid
0x409358 RegQueryValueExA
0x409360 RegCreateKeyExA
0x409364 RegOpenKeyExA
0x409368 RegQueryInfoKeyA
0x40936c RegDeleteValueA
0x409374 FreeSid
0x40937c RegCloseKey
Library KERNEL32.dll:
0x4093ac GetFileAttributesA
0x4093b0 IsDBCSLeadByte
0x4093b4 GetSystemDirectoryA
0x4093b8 GlobalUnlock
0x4093bc GetShortPathNameA
0x4093c0 CreateDirectoryA
0x4093c4 FindFirstFileA
0x4093c8 GetLastError
0x4093cc GetProcAddress
0x4093d0 RemoveDirectoryA
0x4093d4 SetFileAttributesA
0x4093d8 GlobalFree
0x4093dc FindClose
0x4093e4 LoadLibraryA
0x4093e8 LocalAlloc
0x4093f0 GetModuleFileNameA
0x4093f4 FindNextFileA
0x4093f8 CompareStringA
0x4093fc _lopen
0x409400 CloseHandle
0x409404 LocalFree
0x409408 DeleteFileA
0x40940c ExitProcess
0x409414 CreateFileA
0x409418 FindResourceA
0x40941c SetFilePointer
0x409420 FreeResource
0x409424 LoadResource
0x409428 WaitForSingleObject
0x40942c SetEvent
0x409430 GetModuleHandleW
0x409434 FormatMessageA
0x409438 SetFileTime
0x40943c WriteFile
0x409440 GetDriveTypeA
0x409448 TerminateThread
0x40944c SizeofResource
0x409450 CreateEventA
0x409454 GetExitCodeProcess
0x409458 CreateProcessA
0x40945c ReadFile
0x409464 GetTempFileNameA
0x409468 ResetEvent
0x40946c LockResource
0x409470 GetSystemInfo
0x409474 LoadLibraryExA
0x409478 CreateMutexA
0x409480 GetVersionExA
0x409484 GetVersion
0x409488 GetTempPathA
0x40948c CreateThread
0x409494 GlobalAlloc
0x40949c _lclose
0x4094a0 GlobalLock
0x4094a4 GetCurrentProcess
0x4094a8 FreeLibrary
0x4094ac _llseek
0x4094b0 lstrcmpA
0x4094b4 Sleep
0x4094b8 InterlockedExchange
0x4094c0 GetStartupInfoA
0x4094cc TerminateProcess
0x4094d0 GetModuleHandleA
0x4094d8 GetCurrentProcessId
0x4094dc GetCurrentThreadId
0x4094e4 GetTickCount
0x4094ec MulDiv
0x4094f0 GetDiskFreeSpaceA
Library GDI32.dll:
0x4093a0 GetDeviceCaps
Library USER32.dll:
0x4094fc GetDC
0x409500 SendMessageA
0x409504 SetForegroundWindow
0x40950c SendDlgItemMessageA
0x409510 GetWindowRect
0x409514 GetSystemMetrics
0x409518 MessageBoxA
0x40951c GetWindowLongA
0x409520 PeekMessageA
0x409524 ReleaseDC
0x409528 GetDlgItem
0x40952c SetWindowPos
0x409530 ShowWindow
0x409534 DispatchMessageA
0x409538 SetWindowTextA
0x40953c EnableWindow
0x409540 CallWindowProcA
0x409548 GetDlgItemTextA
0x40954c LoadStringA
0x409550 MessageBeep
0x409554 CharUpperA
0x409558 CharNextA
0x40955c ExitWindowsEx
0x409560 CharPrevA
0x409564 EndDialog
0x409568 GetDesktopWindow
0x40956c SetDlgItemTextA
0x409570 SetWindowLongA
Library msvcrt.dll:
0x40958c _controlfp
0x409590 ?terminate@@YAXXZ
0x409594 _acmdln
0x409598 _initterm
0x40959c __setusermatherr
0x4095a0 _ismbblead
0x4095a4 __p__fmode
0x4095a8 _cexit
0x4095ac _exit
0x4095b0 exit
0x4095b4 __set_app_type
0x4095b8 __getmainargs
0x4095bc _amsg_exit
0x4095c0 __p__commode
0x4095c4 _XcptFilter
0x4095c8 memcpy_s
0x4095cc _vsnprintf
0x4095d0 memcpy
0x4095d4 memset
Library COMCTL32.dll:
0x409384
Library Cabinet.dll:
0x40938c
0x409390
0x409394
0x409398
Library VERSION.dll:
0x40957c VerQueryValueA
0x409580 GetFileVersionInfoA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 49713 8.8.4.4 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.