1.8
低危
28 个模型检测该样本为恶意!
重新分析
更多

329cdeac33b923e6298a73a1baa4ab3a8cfca9b6eb5a887ac1b4e84b16062e23

bb115e92474dbb685954cb97d5c9541d.exe

分析耗时

72s

最近分析

文件大小

356.8KB
静态报毒 动态报毒 APPLICUNWNT@#10ODQXUFCJFXK BROWSERMODIFIER ELDORADO ELEX GENASA GENCIRC MALICIOUS MUTABAHA UNSAFE WVFQ18LYDG0 XEELYAK YET ANOTHER CLEANER 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba AdWare:Win32/Generic.0d1e6a21 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Elex-P [Adw] 20201026 18.4.3895.0
Tencent Malware.Win32.Gencirc.114bdd2b 20201026 1.0.0.1
Kingsoft 20201026 2013.8.14.323
McAfee PUP-GJL 20201026 6.0.6.653
CrowdStrike 20190702 1.0
静态指标
This executable is signed
This executable has a PDB path (1 个事件)
pdb_path D:\Build\isafe\branches\RF6.3\bin\feedback.pdb
行为判定
动态指标
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 28 AntiVirus engines on VirusTotal as malicious (28 个事件)
FireEye Generic.mg.bb115e92474dbb68
Cylance Unsafe
K7AntiVirus Riskware ( 0040eff71 )
Alibaba AdWare:Win32/Generic.0d1e6a21
K7GW Riskware ( 0040eff71 )
Cyren W32/S-37eba679!Eldorado
APEX Malicious
Kaspersky not-a-virus:HEUR:AdWare.Win32.ELEX.gen
SUPERAntiSpyware PUP.YAC/Variant
Avast Win32:Elex-P [Adw]
Tencent Malware.Win32.Gencirc.114bdd2b
Comodo ApplicUnwnt@#10odqxufcjfxk
DrWeb Adware.Mutabaha.582
Invincea Yet Another Cleaner (PUA)
McAfee-GW-Edition PUP-GJL
Sophos Yet Another Cleaner (PUA)
Jiangmin AdWare.ELEX.azm
Webroot W32.Adware.Elex
Microsoft BrowserModifier:Win32/Xeelyak
ZoneAlarm not-a-virus:HEUR:AdWare.Win32.ELEX.gen
GData Win32.Application.Elex.O
McAfee PUP-GJL
VBA32 Adware.Elex
ESET-NOD32 a variant of Win32/Adware.ELEX.TN.gen
Yandex Trojan.GenAsa!WVfQ18lydG0
Fortinet Riskware/Elex
AVG Win32:Elex-P [Adw]
Panda PUP/YAC
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2016-03-30 18:31:50

Imports

Library iSafeBase.dll:
Library iImportLib.dll:
Library KERNEL32.dll:
0x423024 CloseHandle
0x423028 GlobalLock
0x42302c GlobalUnlock
0x423034 CreateMutexW
0x423038 GetLastError
0x423040 GetCurrentThreadId
0x423048 MultiByteToWideChar
0x423060 CreateThread
0x423064 ResumeThread
0x423068 InterlockedExchange
0x42306c GetModuleFileNameW
0x423070 GetCurrentProcess
0x423074 GetModuleHandleW
0x423078 GetFileSize
0x42307c DeviceIoControl
0x423080 GlobalFree
0x42308c TlsAlloc
0x423090 TlsFree
0x423094 GetCurrentProcessId
0x423098 LocalFree
0x42309c FreeLibrary
0x4230a0 GetProcAddress
0x4230a4 LoadLibraryW
0x4230a8 GlobalAlloc
0x4230ac CreateFileW
0x4230b0 FormatMessageA
0x4230bc HeapAlloc
0x4230c0 HeapReAlloc
0x4230c4 HeapFree
0x4230c8 HeapSize
0x4230cc GetProcessHeap
0x4230d0 EncodePointer
0x4230d4 DecodePointer
0x4230d8 IsDebuggerPresent
0x4230e0 HeapDestroy
Library USER32.dll:
0x423280 OpenClipboard
0x423284 EmptyClipboard
0x423288 CloseClipboard
0x42328c LoadCursorW
0x423290 SetCursor
0x423294 ScreenToClient
0x423298 GetCursorPos
0x42329c SetForegroundWindow
0x4232a0 BringWindowToTop
0x4232a4 IsIconic
0x4232a8 ShowWindow
0x4232ac SetClipboardData
0x4232b0 wsprintfW
0x4232b4 SetWindowTextW
0x4232b8 GetForegroundWindow
0x4232c0 AttachThreadInput
0x4232c4 IsWindowVisible
Library COMDLG32.dll:
0x42301c GetOpenFileNameW
Library ADVAPI32.dll:
0x423000 RegOpenKeyW
0x42300c RegCloseKey
0x423010 RegOpenKeyExW
0x423014 RegQueryValueExW
Library SHELL32.dll:
0x423260 ShellExecuteExW
Library OLEAUT32.dll:
0x423258 VariantClear
Library SHLWAPI.dll:
0x423268 PathCombineW
0x42326c PathFileExistsW
0x423270 PathAppendW
0x423274 PathFindFileNameW
0x423278 PathRemoveFileSpecW
Library ouilibx.dll:
Library MSVCP110.dll:
0x423108 _Strxfrm
0x42310c _Strcoll
Library WS2_32.dll:
0x4232cc WSAStartup
0x4232d0 WSACleanup
Library MSVCR110.dll:
0x423158 memchr
0x42315c _purecall
0x423160 ??_V@YAXPAX@Z
0x423164 exit
0x42316c _wcslwr_s
0x423170 swprintf_s
0x423174 wcschr
0x423180 _wtoi
0x423184 _wfopen_s
0x423188 fread
0x42318c fclose
0x423190 __RTDynamicCast
0x423194 memcpy
0x423198 strerror
0x4231a0 sprintf_s
0x4231a4 __CxxFrameHandler3
0x4231a8 _CxxThrowException
0x4231ac memset
0x4231b4 _lock
0x4231b8 _unlock
0x4231bc _calloc_crt
0x4231c0 strchr
0x4231d4 memmove
0x4231d8 ??2@YAPAXI@Z
0x4231dc wcscpy_s
0x4231e0 _wcsicmp
0x4231e4 realloc
0x4231e8 free
0x4231ec ??3@YAXPAX@Z
0x4231f4 __dllonexit
0x4231f8 _onexit
0x4231fc ?terminate@@YAXXZ
0x423200 _XcptFilter
0x423208 _amsg_exit
0x42320c __wgetmainargs
0x423210 __set_app_type
0x423214 _controlfp_s
0x423218 _invoke_watson
0x42322c _crt_debugger_hook
0x423230 _commode
0x423234 _fmode
0x423238 _wcmdln
0x42323c _initterm
0x423240 _initterm_e
0x423244 __setusermatherr
0x423248 _configthreadlocale
0x42324c _cexit
0x423250 _exit
Library isafepxy.dll:

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.