3.8
中危
55 个模型检测该样本为恶意!
重新分析
更多

2a05b766ad6a992d09bb6ce7acfe2020e59c20dbd41909567f4aed439c07d258

b6894b86fe8bfcdb0b46d2631d75ceef.exe

分析耗时

77s

最近分析

文件大小

1.1MB
静态报毒 动态报毒 AI SCORE=85 AIDETECTVM BSCOPE CERT CLASSIC CONFIDENCE CRIDEX DANGEROUSSIG ENCPK ESWN GDSDA GENERICKD GENKRYPTIK HFHM HIGH CONFIDENCE HPWSFJ ISEKN JN1@A8GIISLI KCLOUD KRYPTIK MALWARE1 MALWARE@#TB3AQE3B8X3K PSWTROJ R + MAL R353486 RACEALER RACSTEALER RAZY SCORE SIGGEN2 STATIC AI SUSPICIOUS PE TROJANPSW UNSAFE ZENPAK ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Packed-GBS!B6894B86FE8B 20201210 6.0.6.653
Alibaba TrojanPSW:Win32/Racealer.80be5c15 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_80% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:DangerousSig [Trj] 20201209 21.1.5827.0
Kingsoft Win32.PSWTroj.Undef.(kcloud) 20201210 2017.9.26.565
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619861120.957915
NtAllocateVirtualMemory
process_identifier: 2996
region_size: 741376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01d40000
success 0 0
1619861123.973915
NtAllocateVirtualMemory
process_identifier: 2996
region_size: 737280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01e00000
success 0 0
1619861123.973915
NtProtectVirtualMemory
process_identifier: 2996
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 602112
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 6.972034583528405 section {'size_of_data': '0x000baa00', 'virtual_address': '0x00067000', 'entropy': 6.972034583528405, 'name': '.data', 'virtual_size': '0x000baa20'} description A section with a high entropy has been found
entropy 0.6369453924914675 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 128.242.240.20:443
File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.34263528
FireEye Generic.mg.b6894b86fe8bfcdb
McAfee Packed-GBS!B6894B86FE8B
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Trojan ( 005652be1 )
Alibaba TrojanPSW:Win32/Racealer.80be5c15
K7GW Trojan ( 005652be1 )
CrowdStrike win/malicious_confidence_80% (W)
Arcabit Trojan.Generic.D20AD1E8
Symantec Packed.Generic.459
APEX Malicious
Avast Win32:DangerousSig [Trj]
ClamAV Win.Packed.Razy-9783951-0
Kaspersky HEUR:Trojan.Win32.Zenpak.pef
BitDefender Trojan.GenericKD.34263528
NANO-Antivirus Trojan.Win32.Racealer.hpwsfj
Paloalto generic.ml
Ad-Aware Trojan.GenericKD.34263528
Emsisoft Trojan.GenericKD.34263528 (B)
Comodo Malware@#tb3aqe3b8x3k
F-Secure Trojan.TR/Kryptik.isekn
DrWeb Trojan.PWS.Siggen2.51569
Zillya Trojan.Kryptik.Win32.2319907
McAfee-GW-Edition Packed-GBS!B6894B86FE8B
Sophos Mal/Generic-R + Mal/EncPk-APV
SentinelOne Static AI - Suspicious PE
Jiangmin Trojan.PSW.Racealer.bex
Avira TR/Kryptik.isekn
Antiy-AVL Trojan[PSW]/Win32.Racealer
Kingsoft Win32.PSWTroj.Undef.(kcloud)
Gridinsoft Trojan.Win32.Kryptik.cc
Microsoft Trojan:Win32/RacStealer.DL!Cert
ZoneAlarm HEUR:Trojan.Win32.Zenpak.pef
GData Trojan.GenericKD.34263528
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.RL_Generic.R353486
BitDefenderTheta Gen:NN.ZexaF.34670.jn1@a8gIiSli
ALYac Trojan.GenericKD.34263528
MAX malware (ai score=85)
VBA32 BScope.Trojan.Inject
Malwarebytes Trojan.MalPack.DGI
ESET-NOD32 a variant of Win32/Kryptik.HFHM
Rising Trojan.Kryptik!1.C974 (CLASSIC)
Ikarus Trojan.Win32.Cridex
MaxSecure Trojan.Trojan.WIN32.Zenpak.pef_197600
Fortinet W32/GenKryptik.ESWN!tr
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-31 04:27:37

Imports

Library KERNEL32.dll:
0x51f7e4 DeleteFileW
0x51f7e8 ReleaseMutex
0x51f7ec SetFilePointer
0x51f7f0 HeapFree
0x51f7f4 GetProcessHeap
0x51f7f8 HeapAlloc
0x51f7fc CreateMutexW
0x51f800 FreeLibrary
0x51f804 FreeConsole
0x51f80c GetFileAttributesW
0x51f810 ReadConsoleOutputW
0x51f814 UnmapViewOfFile
0x51f818 SetConsoleMode
0x51f81c GetConsoleMode
0x51f820 GetStdHandle
0x51f824 GetProcAddress
0x51f828 LoadLibraryW
0x51f82c WriteConsoleOutputW
0x51f830 WriteConsoleW
0x51f834 IsValidLocale
0x51f838 lstrcmpW
0x51f83c lstrlenW
0x51f840 lstrcmpiW
0x51f844 GetTempFileNameW
0x51f848 FindFirstFileW
0x51f84c FindNextFileW
0x51f850 FindClose
0x51f854 CopyFileW
0x51f858 SetFileAttributesW
0x51f85c FormatMessageW
0x51f860 RaiseException
0x51f864 GetFileSize
0x51f868 CreateFileMappingW
0x51f870 MapViewOfFile
0x51f874 CreateThread
0x51f878 Sleep
0x51f884 WriteFile
0x51f888 CreateFileW
0x51f898 SetEvent
0x51f89c CreateEventW
0x51f8a0 LocalReAlloc
0x51f8a4 DeviceIoControl
0x51f8a8 GetExitCodeProcess
0x51f8ac VerSetConditionMask
0x51f8b0 VerifyVersionInfoW
0x51f8b4 CreateDirectoryW
0x51f8b8 RemoveDirectoryW
0x51f8c0 GetShortPathNameW
0x51f8c4 GetFullPathNameW
0x51f8cc MoveFileExW
0x51f8d0 SearchPathW
0x51f8d8 LoadLibraryExW
0x51f8dc CreateFileA
0x51f8e0 GetLocaleInfoW
0x51f8e4 SetEndOfFile
0x51f8e8 GetConsoleOutputCP
0x51f8ec WriteConsoleA
0x51f8f0 FlushFileBuffers
0x51f8f4 SetStdHandle
0x51f8f8 GetConsoleCP
0x51f8fc LoadLibraryA
0x51f900 GetLocaleInfoA
0x51f904 GetStringTypeW
0x51f908 ReadFile
0x51f90c LCMapStringW
0x51f910 LCMapStringA
0x51f914 GetOEMCP
0x51f918 GetACP
0x51f91c GetThreadLocale
0x51f920 SetThreadLocale
0x51f928 GetVersionExW
0x51f92c GetLocalTime
0x51f938 GetStringTypeA
0x51f93c WaitForSingleObject
0x51f940 GetCPInfo
0x51f948 TerminateProcess
0x51f94c OutputDebugStringA
0x51f954 GetCurrentProcessId
0x51f958 GetTickCount
0x51f960 VirtualFree
0x51f964 HeapCreate
0x51f968 GetCurrentThreadId
0x51f96c SetLastError
0x51f970 TlsFree
0x51f974 TlsSetValue
0x51f978 TlsAlloc
0x51f97c TlsGetValue
0x51f980 GetStartupInfoA
0x51f984 GetFileType
0x51f988 SetHandleCount
0x51f98c GetCommandLineA
0x51f9a0 GetModuleFileNameW
0x51f9a4 GetModuleFileNameA
0x51f9a8 ExitProcess
0x51f9ac GetModuleHandleA
0x51f9b4 VirtualQuery
0x51f9b8 GetSystemInfo
0x51f9bc GetModuleHandleW
0x51f9c0 VirtualAlloc
0x51f9c4 VirtualProtect
0x51f9c8 GetStartupInfoW
0x51f9d0 CompareStringW
0x51f9d4 WideCharToMultiByte
0x51f9d8 InterlockedExchange
0x51f9dc HeapSize
0x51f9e0 HeapReAlloc
0x51f9e4 HeapDestroy
0x51f9e8 GetVersionExA
0x51f9fc GetCommandLineW
0x51fa00 LocalAlloc
0x51fa04 GlobalFree
0x51fa08 LocalFree
0x51fa0c MultiByteToWideChar
0x51fa10 GetCurrentProcess
0x51fa14 GetLastError
0x51fa18 CloseHandle
0x51fa1c FindResourceExW
0x51fa20 FindResourceW
0x51fa24 LoadResource
0x51fa28 LockResource
0x51fa2c SizeofResource
0x51fa34 GetSystemDirectoryW
0x51fa38 lstrcatA
0x51fa40 CreateProcessA
0x51fa44 DisconnectNamedPipe
0x51fa48 DebugBreak
0x51fa50 GetComputerNameExW
0x51fa54 RemoveDirectoryA
0x51fa58 LocalFlags
0x51fa60 CreateFileMappingA
0x51fa64 EraseTape
0x51fa6c SetTapePosition
0x51fa70 LocalShrink
0x51fa78 SuspendThread
0x51fa7c SetFileApisToOEM
0x51fa84 CreateSemaphoreA
0x51fa88 LockFileEx
0x51fa98 GetLogicalDrives
0x51fa9c SetFileApisToANSI
0x51faa0 DefineDosDeviceW
0x51faa4 CompareFileTime
0x51faa8 MapViewOfFileEx
0x51fab4 _lread
0x51fab8 CreateDirectoryA
0x51fabc lstrcpyW
0x51fac0 CreateProcessW
0x51fac4 lstrcatW
0x51fac8 GetSystemTime
0x51facc GetCurrentThread
0x51fad0 SetThreadPriority
0x51fae0 OpenEventW
Library USER32.dll:
0x51faf0 ShowWindow
0x51faf4 CreateWindowExW
0x51faf8 DefWindowProcW
0x51fafc PostQuitMessage
0x51fb08 GetIconInfo
0x51fb0c DrawIconEx
0x51fb10 CreateIconIndirect
0x51fb14 LoadIconW
0x51fb18 LoadBitmapW
0x51fb1c DrawTextExW
0x51fb20 LoadImageW
0x51fb24 GetSystemMetrics
0x51fb28 GetSysColor
0x51fb2c DestroyWindow
0x51fb30 GetWindowLongW
0x51fb34 SendDlgItemMessageW
0x51fb38 InvalidateRect
0x51fb3c SetWindowTextW
0x51fb44 GetDC
0x51fb48 ReleaseDC
0x51fb4c SetWindowLongW
0x51fb50 SetDlgItemTextW
0x51fb54 GetParent
0x51fb58 PostMessageW
0x51fb5c IsDlgButtonChecked
0x51fb60 CheckDlgButton
0x51fb64 SetFocus
0x51fb68 CallWindowProcW
0x51fb6c DestroyIcon
0x51fb70 DialogBoxParamW
0x51fb74 GetDlgItem
0x51fb78 SendMessageW
0x51fb7c MessageBoxW
0x51fb80 RegisterClassExW
0x51fb84 UnregisterClassA
0x51fb88 CharLowerW
0x51fb8c CharPrevW
0x51fb90 EndDialog
0x51fb94 EnumDesktopWindows
0x51fb98 SetThreadDesktop
0x51fb9c PaintDesktop
0x51fba0 GetInputState
0x51fba4 CharNextExA
0x51fbac SetWinEventHook
0x51fbb0 EnumPropsExA
0x51fbb4 wsprintfW
0x51fbb8 GetKeyboardLayout
0x51fbbc GetDesktopWindow
0x51fbc0 LoadStringW
0x51fbc4 ExitWindowsEx
0x51fbc8 CharNextW
0x51fbd4 GetMessageExtraInfo
0x51fbd8 GetForegroundWindow
0x51fbdc GetMessagePos
0x51fbe0 GetDoubleClickTime
0x51fbe4 GetFocus
0x51fbe8 GetMessageTime
0x51fbec GetDialogBaseUnits
0x51fbf0 GetKBCodePage
0x51fbf4 GetActiveWindow
Library GDI32.dll:
0x51fbfc SetLayout
0x51fc00 DeleteDC
0x51fc04 GetObjectW
0x51fc0c CreateBitmap
0x51fc10 SelectObject
0x51fc14 StartPage
0x51fc18 EndPage
0x51fc1c StartDocW
0x51fc20 EndDoc
0x51fc24 GetTextMetricsW
0x51fc28 GetDeviceCaps
0x51fc2c CreateFontIndirectW
0x51fc30 DeleteObject
0x51fc34 CreateCompatibleDC
0x51fc3c OffsetViewportOrgEx
0x51fc40 LPtoDP
0x51fc44 SetDIBColorTable
0x51fc48 GetLogColorSpaceA
0x51fc58 EngLoadModule
0x51fc5c GetTextExtentPointA
0x51fc60 GdiGetCodePage
0x51fc64 EnumICMProfilesA
0x51fc68 SetBrushOrgEx
0x51fc6c ExtFloodFill
0x51fc70 PolyBezier
0x51fc74 GdiEntry14
0x51fc78 SetBoundsRect
0x51fc7c GetEnhMetaFileA
0x51fc80 GdiConvertRegion
0x51fc84 SetSystemPaletteUse
0x51fc88 SetPixelV
0x51fc8c GetWorldTransform
0x51fc90 CloseMetaFile
0x51fc94 DeleteMetaFile
0x51fc98 GetICMProfileW
0x51fca0 SetFontEnumeration
0x51fca4 PlgBlt
0x51fca8 GetViewportOrgEx
0x51fcac FillPath
0x51fcb0 CopyMetaFileW
0x51fcb4 GdiEntry6
0x51fcb8 EqualRgn
0x51fcbc GetKerningPairs
0x51fcc0 GdiEntry15
0x51fcc4 ExtTextOutA
0x51fcc8 GetTextExtentPointW
0x51fccc SetRelAbs
0x51fcd0 CreateFontIndirectA
0x51fcd4 AbortPath
0x51fcd8 AddFontResourceW
0x51fcdc GdiFlush
0x51fce0 GdiGetBatchLimit
0x51fce4 AddFontResourceA
0x51fce8 AbortDoc
0x51fcec GetStockObject
Library COMDLG32.dll:
0x51fcf4 GetSaveFileNameW
0x51fcf8 PrintDlgExW
Library ADVAPI32.dll:
0x51fd00 RegCloseKey
0x51fd04 RegQueryValueExW
0x51fd08 RegOpenKeyExW
0x51fd0c FreeSid
0x51fd10 EqualSid
0x51fd18 GetTokenInformation
0x51fd1c OpenProcessToken
0x51fd20 IsTextUnicode
0x51fd2c AddAccessAllowedAce
0x51fd30 InitializeAcl
0x51fd34 GetLengthSid
0x51fd3c SetEntriesInAclW
0x51fd40 DeleteService
0x51fd44 StartServiceW
0x51fd48 ControlService
0x51fd4c OpenSCManagerW
0x51fd50 CloseServiceHandle
0x51fd54 OpenServiceW
0x51fd58 QueryServiceStatus
0x51fd5c RegDeleteValueW
0x51fd60 RegCreateKeyExW
0x51fd64 RegSetValueExW
0x51fd68 RegDeleteKeyW
0x51fd70 RegOpenKeyExA
0x51fd74 ReportEventW
0x51fd80 GetUserNameW
0x51fd84 RegQueryInfoKeyW
0x51fd88 RegQueryValueExA
0x51fd8c RegOpenKeyW
Library SHELL32.dll:
0x51fd94 SHGetFolderPathW
0x51fd98 ShellExecuteExW
0x51fd9c CommandLineToArgvW
0x51fda0 SHFileOperationA
0x51fda4 DragQueryFileAorW
0x51fda8 FindExecutableA
0x51fdac DragQueryFileW
0x51fdb0 SHQueryRecycleBinA
0x51fdb4 SHGetDesktopFolder
Library ole32.dll:
0x51fdbc CoTaskMemFree
0x51fdc0 CoUninitialize
0x51fdc4 CoInitialize
0x51fdc8 CoCreateInstance
0x51fdcc StringFromCLSID
Library COMCTL32.dll:
0x51fddc ImageList_Create
0x51fde4 PropertySheetW

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.