2.6
中危
1 个模型检测该样本为恶意!
重新分析
更多

5060860b105db5dd8b2a46e919c461d595c062c366903f4194ba604b884fa9fa

b9c151f1fa6b35aa30014dccc2aaf2f7.exe

分析耗时

86s

最近分析

文件大小

14.7MB
静态报毒 动态报毒 AIJJ DIPLE
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba 20190527 0.3.0.5
Avast 20210411 21.1.5827.0
Baidu 20190318 1.0.0.2
Kingsoft 20210411 2017.9.26.565
McAfee 20210411 6.0.6.653
Tencent 20210411 1.0.0.1
CrowdStrike 20210203 1.0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (4 个事件)
Time & API Arguments Status Return Repeated
1620906988.37625
NtProtectVirtualMemory
process_identifier: 1404
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74711000
success 0 0
1620906988.37625
NtProtectVirtualMemory
process_identifier: 1404
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76881000
success 0 0
1620906993.18925
NtProtectVirtualMemory
process_identifier: 1404
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74631000
success 0 0
1620906993.50125
NtProtectVirtualMemory
process_identifier: 1404
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x764c1000
success 0 0
Creates executable files on the filesystem (2 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsn6EC3.tmp\AdvSplash.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsn6EC3.tmp\InstallOptions.dll
Drops an executable to the user AppData folder (2 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsn6EC3.tmp\AdvSplash.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsn6EC3.tmp\InstallOptions.dll
File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)
Jiangmin Trojan.Diple.aijj
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2009-03-20 13:26:05

Imports

Library ADVAPI32.DLL:
0x431364 RegCloseKey
0x431368 RegCreateKeyExA
0x43136c RegDeleteKeyA
0x431370 RegDeleteValueA
0x431374 RegEnumKeyA
0x431378 RegEnumValueA
0x43137c RegOpenKeyExA
0x431380 RegQueryValueExA
0x431384 RegSetValueExA
Library COMCTL32.DLL:
0x431390 ImageList_AddMasked
0x431394 ImageList_Create
0x431398 ImageList_Destroy
0x43139c InitCommonControls
Library GDI32.dll:
0x4313a8 CreateBrushIndirect
0x4313ac CreateFontIndirectA
0x4313b0 DeleteObject
0x4313b4 GetDeviceCaps
0x4313b8 SelectObject
0x4313bc SetBkColor
0x4313c0 SetBkMode
0x4313c4 SetTextColor
Library KERNEL32.dll:
0x4313d0 CloseHandle
0x4313d4 CompareFileTime
0x4313d8 CopyFileA
0x4313dc CreateDirectoryA
0x4313e0 CreateFileA
0x4313e4 CreateProcessA
0x4313e8 CreateThread
0x4313ec DeleteFileA
0x4313f0 ExitProcess
0x4313f8 FindClose
0x4313fc FindFirstFileA
0x431400 FindNextFileA
0x431404 FreeLibrary
0x431408 GetCommandLineA
0x43140c GetCurrentProcess
0x431410 GetDiskFreeSpaceA
0x431414 GetExitCodeProcess
0x431418 GetFileAttributesA
0x43141c GetFileSize
0x431420 GetFullPathNameA
0x431424 GetLastError
0x431428 GetModuleFileNameA
0x43142c GetModuleHandleA
0x431434 GetProcAddress
0x431438 GetShortPathNameA
0x43143c GetSystemDirectoryA
0x431440 GetTempFileNameA
0x431444 GetTempPathA
0x431448 GetTickCount
0x43144c GetVersion
0x431454 GlobalAlloc
0x431458 GlobalFree
0x43145c GlobalLock
0x431460 GlobalUnlock
0x431464 LoadLibraryA
0x431468 LoadLibraryExA
0x43146c MoveFileA
0x431470 MulDiv
0x431474 MultiByteToWideChar
0x431478 ReadFile
0x43147c RemoveDirectoryA
0x431480 SearchPathA
0x431488 SetErrorMode
0x43148c SetFileAttributesA
0x431490 SetFilePointer
0x431494 SetFileTime
0x431498 Sleep
0x43149c WaitForSingleObject
0x4314a0 WriteFile
0x4314a8 lstrcatA
0x4314ac lstrcmpA
0x4314b0 lstrcmpiA
0x4314b4 lstrcpynA
0x4314b8 lstrlenA
Library OLE32.dll:
0x4314c4 CoCreateInstance
0x4314c8 CoTaskMemFree
0x4314cc OleInitialize
0x4314d0 OleUninitialize
Library SHELL32.DLL:
0x4314dc SHBrowseForFolderA
0x4314e0 SHFileOperationA
0x4314e4 SHGetFileInfoA
0x4314f0 ShellExecuteA
Library USER32.dll:
0x4314fc AppendMenuA
0x431500 BeginPaint
0x431504 CallWindowProcA
0x431508 CharNextA
0x43150c CharPrevA
0x431510 CheckDlgButton
0x431514 CloseClipboard
0x431518 CreateDialogParamA
0x43151c CreatePopupMenu
0x431520 CreateWindowExA
0x431524 DefWindowProcA
0x431528 DestroyWindow
0x43152c DialogBoxParamA
0x431530 DispatchMessageA
0x431534 DrawTextA
0x431538 EmptyClipboard
0x43153c EnableMenuItem
0x431540 EnableWindow
0x431544 EndDialog
0x431548 EndPaint
0x43154c ExitWindowsEx
0x431550 FillRect
0x431554 FindWindowExA
0x431558 GetClassInfoA
0x43155c GetClientRect
0x431560 GetDC
0x431564 GetDlgItem
0x431568 GetDlgItemTextA
0x43156c GetMessagePos
0x431570 GetSysColor
0x431574 GetSystemMenu
0x431578 GetSystemMetrics
0x43157c GetWindowLongA
0x431580 GetWindowRect
0x431584 InvalidateRect
0x431588 IsWindow
0x43158c IsWindowEnabled
0x431590 IsWindowVisible
0x431594 LoadBitmapA
0x431598 LoadCursorA
0x43159c LoadImageA
0x4315a0 MessageBoxIndirectA
0x4315a4 OpenClipboard
0x4315a8 PeekMessageA
0x4315ac PostQuitMessage
0x4315b0 RegisterClassA
0x4315b4 ScreenToClient
0x4315b8 SendMessageA
0x4315bc SendMessageTimeoutA
0x4315c0 SetClassLongA
0x4315c4 SetClipboardData
0x4315c8 SetCursor
0x4315cc SetDlgItemTextA
0x4315d0 SetForegroundWindow
0x4315d4 SetTimer
0x4315d8 SetWindowLongA
0x4315dc SetWindowPos
0x4315e0 SetWindowTextA
0x4315e4 ShowWindow
0x4315ec TrackPopupMenu
0x4315f0 wsprintfA
Library VERSION.dll:
0x4315fc GetFileVersionInfoA
0x431604 VerQueryValueA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51966 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.