SmartHawk

5.6

高危

56 个模型检测该样本为恶意！

重新分析

下载样本

257e99cfd3593f0ae2b35f2b1a3a8448e1272f9455b7f03ada226b88222c5179

b3abef9c8f7dadf9c4021ccc225bdab7.exe

分析耗时

92s

最近分析

文件大小

711.5KB

静态报毒动态报毒 AI SCORE=88 AIDETECTVM ATTRIBUTE BBVK BSCOPE CLIPBANKER CLOUD CONFIDENCE HIGH CONFIDENCE HIGHCONFIDENCE JTWQZ MALWARE2 MALWARE@#1DABKAW7AB1RB MULDROP13 OCCAMY PFJF POSSIBLETHREAT QVM16 R340877 SCORE SCROP SUSGEN SUSPICIOUS PE SY0@AKQD TROJANBANKER TROJANX UNSAFE URSU VMPROTECT VSNTFE20 ZEXAF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	TrojanBanker:Win32/ClipBanker.692f7540	20190527	0.3.0.5
CrowdStrike	win/malicious_confidence_90% (W)	20190702	1.0
Tencent	Win32.Trojan-banker.Clipbanker.Pfjf	20200815	1.0.0.1
Baidu		20190318	1.0.0.2
Kingsoft		20200815	2013.8.14.323
McAfee	RDN/Generic.grp	20200815	6.0.6.653

Queries for the computername (3 个事件)

Time & API	Arguments	Status	Return
1619861125.470408 GetComputerNameW	computer_name: OSKAR-PC	success	1
1619861125.470408 GetComputerNameW	computer_name: OSKAR-PC	success	1
1619861125.813408 GetComputerNameW	computer_name: OSKAR-PC	success	1

Checks if process is being debugged by a debugger (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619894209.6705 IsDebuggerPresent		failed	0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619861122.157408 GlobalMemoryStatusEx		success	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 个事件)

section	.vmp0
section	.vmp1

Allocates read-write-execute memory (usually to unpack itself) (50 out of 129 个事件)

Time & API	Arguments	Status	Return
1619861121.407408 NtProtectVirtualMemory	process_identifier: 324 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 90112 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x00401000	success	0
1619861121.751408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77ec0000	success	0
1619861121.751408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77930000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77940000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77950000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77960000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77970000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77980000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77990000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x779a0000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x779b0000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x779c0000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x779d0000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x779e0000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x779f0000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77a00000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77a10000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77a20000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77a30000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77a40000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77a50000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77a60000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77a70000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77a80000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77a90000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77aa0000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77ab0000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77ac0000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77ad0000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77ae0000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77af0000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77b00000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77b10000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77b20000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77b30000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77b40000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77b50000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77b60000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77b70000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77b80000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77b90000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77ba0000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77bb0000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77bc0000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77bd0000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77be0000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77bf0000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77c00000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77c10000	failed	3221225496
1619861121.767408 NtAllocateVirtualMemory	process_identifier: 324 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x77c20000	failed	3221225496

Checks whether any human activity is being performed by constantly checking whether the foreground window changed

Creates executable files on the filesystem (1 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartClock.lnk

Creates a shortcut to an executable file (1 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartClock.lnk

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.985814727718872

section

{'size_of_data': '0x000aa800', 'virtual_address': '0x000be000', 'entropy': 7.985814727718872, 'name': '.vmp1', 'virtual_size': '0x000aa7ac'}

description

A section with a high entropy has been found

entropy

0.9598874032371569

description

Overall entropy of this PE file is high

The executable is likely packed with VMProtect (2 个事件)

section	.vmp0				description	Section name indicates VMProtect
section	.vmp1				description	Section name indicates VMProtect

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Installs itself for autorun at Windows startup (1 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartClock.lnk

File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)

Bkav	W32.AIDetectVM.malware2
Elastic	malicious (high confidence)
DrWeb	Trojan.MulDrop13.41683
MicroWorld-eScan	Gen:Variant.Ursu.904612
FireEye	Generic.mg.b3abef9c8f7dadf9
CAT-QuickHeal	Trojan.Multi
ALYac	Gen:Variant.Ursu.904612
Cylance	Unsafe
Zillya	Trojan.VMProtect.Win32.28292
Sangfor	Malware
K7AntiVirus	Trojan ( 00569ece1 )
Alibaba	TrojanBanker:Win32/ClipBanker.692f7540
K7GW	Trojan ( 00569ece1 )
CrowdStrike	win/malicious_confidence_90% (W)
TrendMicro	TROJ_FRS.VSNTFE20
BitDefenderTheta	Gen:NN.ZexaF.34152.Sy0@aKQD!nbi
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Packed.VMProtect.SA
TrendMicro-HouseCall	TROJ_FRS.VSNTFE20
Paloalto	generic.ml
GData	Gen:Variant.Ursu.904612
Kaspersky	Trojan-Banker.Win32.ClipBanker.lsr
BitDefender	Gen:Variant.Ursu.904612
AegisLab	Trojan.Win32.Ursu.4!c
Tencent	Win32.Trojan-banker.Clipbanker.Pfjf
Ad-Aware	Gen:Variant.Ursu.904612
Emsisoft	Gen:Variant.Ursu.904612 (B)
Comodo	Malware@#1dabkaw7ab1rb
F-Secure	Trojan.TR/Spy.Banker.jtwqz
VIPRE	Trojan.Win32.Generic!BT
Invincea	heuristic
Sophos	Mal/Generic-S
SentinelOne	DFI - Suspicious PE
Cyren	W32/Trojan.BBVK-0887
Jiangmin	Trojan.Banker.ClipBanker.apu
eGambit	Unsafe.AI_Score_99%
Avira	TR/Spy.Banker.jtwqz
Antiy-AVL	Trojan[Banker]/Win32.ClipBanker
Arcabit	Trojan.Ursu.DDCDA4
Microsoft	Trojan:Win32/Occamy.C25
Cynet	Malicious (score: 85)
AhnLab-V3	Malware/Win32.RL_Generic.R340877
McAfee	RDN/Generic.grp
MAX	malware (ai score=88)
VBA32	BScope.TrojanDropper.Scrop
Malwarebytes	Trojan.Dropper
APEX	Malicious
Rising	Trojan.Occamy!8.F1CD (CLOUD)
Yandex	Trojan.VMProtect!
Ikarus	Trojan.Win32.VMProtect

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-03-15 02:59:56

Imports

Library KERNEL32.dll:

• 0x562000 HeapDestroy

Library SHELL32.dll:

• 0x562008 SHGetSpecialFolderPathW

Library USER32.dll:

• 0x562010 SetClipboardData

Library ole32.dll:

• 0x562018 CoCreateInstance

Library OLEAUT32.dll:

• 0x562020 SysFreeString

Library KERNEL32.dll:

• 0x562028 GetModuleFileNameW

Library KERNEL32.dll:

• 0x562030 GetModuleHandleA

• 0x562034 LoadLibraryA

• 0x562038 LocalAlloc

• 0x56203c LocalFree

• 0x562040 GetModuleFileNameA

• 0x562044 ExitProcess

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	58368	239.255.255.250	3702
192.168.56.101	58370	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702
192.168.56.101	62194	239.255.255.250	1900
192.168.56.101	63430	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.