SmartHawk

2.4

中危

59 个模型检测该样本为恶意！

重新分析

下载样本

f5330581fea65e15d87fa6a32e61087bad5a5eb139249a6b77536a7a81591be5

b922a523976ee6f8f6e6c49923249f0b.exe

分析耗时

26s

最近分析

文件大小

668.0KB

静态报毒动态报毒 100% AI SCORE=94 AIDETECTVM AKLY ANDROM ATTRIBUTE AV@88XYVV BSCOPE CONFIDENCE ELDORADO FRGHXH GENASA GENCIRC GENERIC@ML GENERICRXHT GENETIC GTWJ GTXI HIGH CONFIDENCE HIGHCONFIDENCE IXRXAPD KRYPTIK LOKI LOKIBOT MALWARE1 MIKEY NETWIREDRC PRIMARYPASS PY0@AUNG5YDI R276058 RDML SCORE SOSL STATIC AI SUSGEN SUSPICIOUS PE SW1S9 TER3C8BZFZBFAASQ TSPY UNSAFE WACATAC WIRENET XPACK ZEXAF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	GenericRXHT-XX!B922A523976E	20201231	6.0.6.653
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0
Alibaba	Backdoor:Win32/Androm.8814b9ab	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:LokiBot-A [Trj]	20201231	21.1.5827.0
Kingsoft		20201231	2017.9.26.565
Tencent	Malware.Win32.Gencirc.10b9a870	20201231	1.0.0.1

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.gfids

The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)

resource name

PSQLQ

One or more processes crashed (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620897715.453875 __exception__	stacktrace: b922a523976ee6f8f6e6c49923249f0b+0x3bfe @ 0x12d3bfe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5 registers.esp: 3865308 registers.edi: 0 registers.eax: 1983198136 registers.ebp: 3865328 registers.edx: 19741689 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 exception.instruction_r: a1 18 50 42 00 56 57 bf 4e e6 40 bb be 00 00 ff exception.symbol: b922a523976ee6f8f6e6c49923249f0b+0x3e96 exception.instruction: mov eax, dword ptr [0x425018] exception.module: b922a523976ee6f8f6e6c49923249f0b.exe exception.exception_code: 0xc0000005 exception.offset: 16022 exception.address: 0x12d3e96	success	0	0

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Ser.Mikey.443
McAfee	GenericRXHT-XX!B922A523976E
Cylance	Unsafe
Sangfor	Malware
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Backdoor:Win32/Androm.8814b9ab
K7GW	Trojan ( 0054ff161 )
K7AntiVirus	Trojan ( 0054ff161 )
BitDefenderTheta	Gen:NN.ZexaF.34700.Py0@auNg5ydi
Cyren	W32/Wacatac.J.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
TrendMicro-HouseCall	TSPY_LOKI.SMA
Avast	Win32:LokiBot-A [Trj]
Kaspersky	Backdoor.Win32.Androm.sosl
BitDefender	Gen:Variant.Ser.Mikey.443
NANO-Antivirus	Trojan.Win32.Kryptik.frghxh
Paloalto	generic.ml
ViRobot	Backdoor.Win32.Agent.376832.A
Rising	Trojan.Generic@ML.96 (RDML:Sw1s9/TeR3C8BZFzbfaasQ)
Ad-Aware	Gen:Variant.Ser.Mikey.443
Emsisoft	Gen:Variant.Ser.Mikey.443 (B)
Comodo	Backdoor.Win32.Androm.AV@88xyvv
F-Secure	Trojan.TR/Crypt.XPACK.Gen
DrWeb	BackDoor.Wirenet.520
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TSPY_LOKI.SMA
McAfee-GW-Edition	GenericRXHT-XX!B922A523976E
FireEye	Generic.mg.b922a523976ee6f8
Sophos	Mal/Generic-R
APEX	Malicious
GData	Gen:Variant.Ser.Mikey.443
Jiangmin	Backdoor.Androm.akly
Avira	TR/Crypt.XPACK.Gen
MAX	malware (ai score=94)
Antiy-AVL	Trojan[Backdoor]/Win32.NetWiredRC
Arcabit	Trojan.Ser.Mikey.443
AegisLab	Trojan.Win32.Malicious.4!c
ZoneAlarm	Backdoor.Win32.Androm.sosl
Microsoft	Trojan:Win32/Wacatac.A!rfn
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Agent.R276058
VBA32	BScope.Trojan.Inject
ALYac	Gen:Variant.Ser.Mikey.443
TACHYON	Trojan/W32.Agent.684032.PS
Malwarebytes	Trojan.MalPack.RES
Ikarus	Trojan-Spy.Primarypass
Zoner	Trojan.Win32.79113
ESET-NOD32	a variant of Win32/Kryptik.GTXI

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2019-06-11 21:23:14

Imports

Library KERNEL32.DLL:

• 0x41c078 GetProcessHeap

• 0x41c07c FreeEnvironmentStringsW

• 0x41c080 GetEnvironmentStringsW

• 0x41c084 GetCPInfo

• 0x41c088 GetOEMCP

• 0x41c08c IsValidCodePage

• 0x41c090 GetConsoleCP

• 0x41c094 FindNextFileA

• 0x41c098 FindFirstFileExA

• 0x41c09c DecodePointer

• 0x41c0a0 GetFileAttributesA

• 0x41c0a4 WriteConsoleW

• 0x41c0a8 HeapSize

• 0x41c0ac HeapReAlloc

• 0x41c0b0 FlushFileBuffers

• 0x41c0b4 SetEndOfFile

• 0x41c0b8 ReadFile

• 0x41c0bc LoadLibraryA

• 0x41c0c0 VirtualAlloc

• 0x41c0c4 VirtualFree

• 0x41c0c8 VirtualProtect

• 0x41c0cc GetPrivateProfileStructA

• 0x41c0d0 GetEnvironmentVariableW

• 0x41c0d4 FindClose

• 0x41c0d8 GetConsoleAliasExesLengthW

• 0x41c0dc SetComputerNameA

• 0x41c0e0 _hread

• 0x41c0e4 CopyFileExW

• 0x41c0e8 TlsFree

• 0x41c0ec UnregisterWait

• 0x41c0f0 FillConsoleOutputCharacterW

• 0x41c0f4 SetConsoleTitleW

• 0x41c0f8 Process32First

• 0x41c0fc RequestWakeupLatency

• 0x41c100 FindNextChangeNotification

• 0x41c104 SetLocaleInfoA

• 0x41c108 DisableThreadLibraryCalls

• 0x41c10c LCMapStringW

• 0x41c110 CompareStringW

• 0x41c114 QueryPerformanceCounter

• 0x41c118 GetCurrentProcessId

• 0x41c11c GetCurrentThreadId

• 0x41c120 GetSystemTimeAsFileTime

• 0x41c124 InitializeSListHead

• 0x41c128 IsDebuggerPresent

• 0x41c12c UnhandledExceptionFilter

• 0x41c130 SetUnhandledExceptionFilter

• 0x41c134 GetStartupInfoW

• 0x41c138 IsProcessorFeaturePresent

• 0x41c13c GetModuleHandleW

• 0x41c140 GetCurrentProcess

• 0x41c144 TerminateProcess

• 0x41c148 RtlUnwind

• 0x41c14c VirtualQuery

• 0x41c150 GetLastError

• 0x41c154 SetLastError

• 0x41c158 EnterCriticalSection

• 0x41c15c LeaveCriticalSection

• 0x41c160 DeleteCriticalSection

• 0x41c164 InitializeCriticalSectionAndSpinCount

• 0x41c168 TlsAlloc

• 0x41c16c TlsGetValue

• 0x41c170 TlsSetValue

• 0x41c174 FreeLibrary

• 0x41c178 GetProcAddress

• 0x41c17c LoadLibraryExW

• 0x41c180 SetEnvironmentVariableA

• 0x41c184 SetEnvironmentVariableW

• 0x41c188 SetCurrentDirectoryW

• 0x41c18c GetCurrentDirectoryW

• 0x41c190 SetFilePointerEx

• 0x41c194 GetConsoleMode

• 0x41c198 ReadConsoleInputA

• 0x41c19c SetConsoleMode

• 0x41c1a0 CloseHandle

• 0x41c1a4 WaitForSingleObject

• 0x41c1a8 GetExitCodeProcess

• 0x41c1ac CreateProcessA

• 0x41c1b0 GetLocalTime

• 0x41c1b4 SetStdHandle

• 0x41c1b8 GetFileType

• 0x41c1bc GetStdHandle

• 0x41c1c0 WriteFile

• 0x41c1c4 GetModuleFileNameA

• 0x41c1c8 MultiByteToWideChar

• 0x41c1cc WideCharToMultiByte

• 0x41c1d0 ExitProcess

• 0x41c1d4 GetModuleHandleExW

• 0x41c1d8 GetCommandLineA

• 0x41c1dc GetCommandLineW

• 0x41c1e0 GetACP

• 0x41c1e4 HeapFree

• 0x41c1e8 HeapAlloc

• 0x41c1ec GetStringTypeW

• 0x41c1f0 RaiseException

• 0x41c1f4 CreateFileW

• 0x41c1f8 GetFileAttributesExW

• 0x41c1fc ReadConsoleW

Library ADVAPI32.dll:

• 0x41c000 LsaOpenTrustedDomain

• 0x41c004 AreAnyAccessesGranted

• 0x41c008 LsaLookupPrivilegeName

• 0x41c00c QueryServiceConfigA

• 0x41c010 LookupAccountNameW

• 0x41c014 SystemFunction031

• 0x41c018 AllocateAndInitializeSid

• 0x41c01c RegSaveKeyA

• 0x41c020 BuildExplicitAccessWithNameW

• 0x41c024 CryptEnumProvidersA

• 0x41c028 AddUsersToEncryptedFile

Library COMDLG32.dll:

• 0x41c030 GetOpenFileNameA

Library GDI32.dll:

• 0x41c038 CreateFontIndirectExA

• 0x41c03c GetColorSpace

• 0x41c040 UpdateColors

• 0x41c044 CreatePalette

• 0x41c048 EqualRgn

• 0x41c04c GetRgnBox

• 0x41c050 SetPixel

• 0x41c054 RemoveFontResourceExW

• 0x41c058 GetTextFaceW

• 0x41c05c GetGraphicsMode

• 0x41c060 SelectObject

• 0x41c064 GetGlyphOutlineA

• 0x41c068 SetWindowExtEx

• 0x41c06c GdiGetPageHandle

• 0x41c070 GetFontLanguageInfo

Library ole32.dll:

• 0x41c264 CLSIDFromString

• 0x41c268 HWND_UserUnmarshal

• 0x41c26c OleCreateFromData

• 0x41c270 CoAddRefServerProcess

• 0x41c274 ReadClassStg

• 0x41c278 WriteClassStg

Library USER32.dll:

• 0x41c204 GetUpdateRect

• 0x41c208 GetSystemMenu

• 0x41c20c SetMenuItemBitmaps

• 0x41c210 MoveWindow

• 0x41c214 CallNextHookEx

• 0x41c218 SetProcessWindowStation

• 0x41c21c PostThreadMessageW

• 0x41c220 GetTabbedTextExtentW

• 0x41c224 DeleteMenu

• 0x41c228 RealGetWindowClass

• 0x41c22c BroadcastSystemMessageW

• 0x41c230 GetClassInfoExW

• 0x41c234 WINNLSEnableIME

• 0x41c238 SetWindowsHookA

• 0x41c23c WaitForInputIdle

• 0x41c240 DdeDisconnect

• 0x41c244 FlashWindowEx

• 0x41c248 InSendMessage

• 0x41c24c GetNextDlgTabItem

Library WINSPOOL.DRV:

• 0x41c254 SetPrinterW

• 0x41c258 GetPrinterDataExW

• 0x41c25c EnumPortsW

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	51808	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	62318	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57756	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	53660	239.255.255.250	1900
192.168.56.101	53662	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702
192.168.56.101	62319	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.