2.6
中危
23 个模型检测该样本为恶意!
重新分析
更多

eda602882db480cc8528eecdba3103c2fc57dff60cd577ebde31fc2fb9b93ce7

bb755a2c64700e01446464963d0c2705.exe

分析耗时

73s

最近分析

文件大小

157.5KB
静态报毒 动态报毒 ADAGENT AI SCORE=99 ARTEMIS ATTRIBUTE CLEANER FCFVNM HIGH CONFIDENCE HIGHCONFIDENCE MALWARE@#KDEKISL1RBNK MOREPOWERFULCLEANER MPCCLEANER MPCDOTCASH MUTABAHA SUSPICIOUS PE UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba AdWare:Win32/AdAgent.c9de0897 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20190928 18.4.3895.0
Kingsoft 20190928 2013.8.14.323
McAfee Artemis!BB755A2C6470 20190928 6.0.6.653
Tencent 20190928 1.0.0.1
CrowdStrike 20190702 1.0
静态指标
This executable is signed
This executable has a PDB path (1 个事件)
pdb_path E:\AvazuMPC\Branch\2016_MPC_Option2\Build\BranchBuild\Temp\CodeDir\2016_MPC_Option2\Bin\Pdb\Release\MPCSecurity.pdb
行为判定
动态指标
Foreign language identified in PE resource (8 个事件)
name RT_ICON language LANG_CHINESE offset 0x00026368 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x00026368 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x00026368 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x00026368 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x00026368 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x00026368 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x00026368 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_GROUP_ICON language LANG_CHINESE offset 0x000267d0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000068
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.456006610829642 section {'size_of_data': '0x00015e00', 'virtual_address': '0x00011000', 'entropy': 7.456006610829642, 'name': '.rsrc', 'virtual_size': '0x00015de4'} description A section with a high entropy has been found
entropy 0.587248322147651 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 113.108.239.196
host 172.217.24.14
File has been identified by 23 AntiVirus engines on VirusTotal as malicious (23 个事件)
FireEye Generic.mg.bb755a2c64700e01
Cylance Unsafe
SUPERAntiSpyware PUP.MPC/Variant
Alibaba AdWare:Win32/AdAgent.c9de0897
Invincea heuristic
Symantec ML.Attribute.HighConfidence
Kaspersky not-a-virus:AdWare.Win32.AdAgent.kl
NANO-Antivirus Riskware.Win32.AdAgent.fcfvnm
Emsisoft Application.Cleaner (A)
Comodo Malware@#kdekisl1rbnk
DrWeb Adware.Mutabaha.1089
Zillya Adware.AdAgent.Win32.1296
McAfee-GW-Edition Artemis
Webroot Pua.Mpccleaner
Microsoft PUA:Win32/MPCDotCash
Endgame malicious (high confidence)
ZoneAlarm not-a-virus:AdWare.Win32.AdAgent.kl
McAfee Artemis!BB755A2C6470
MAX malware (ai score=99)
VBA32 AdWare.AdAgent
Malwarebytes PUP.Optional.MorePowerfulCleaner
ESET-NOD32 a variant of Win32/MPCCleaner.A potentially unwanted
SentinelOne DFI - Suspicious PE
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2016-08-12 17:26:32

Imports

Library KERNEL32.dll:
0x40b024 GetTickCount
0x40b02c IsDebuggerPresent
0x40b03c Sleep
0x40b040 InterlockedExchange
0x40b044 WideCharToMultiByte
0x40b048 MultiByteToWideChar
0x40b04c CreateFileA
0x40b050 MoveFileExW
0x40b054 FreeLibrary
0x40b058 QueryDosDeviceW
0x40b05c SetFilePointer
0x40b060 GetFileSize
0x40b064 GetDiskFreeSpaceExW
0x40b068 CreateDirectoryW
0x40b06c RemoveDirectoryW
0x40b070 FindClose
0x40b074 SetFileAttributesW
0x40b078 FindNextFileW
0x40b07c FindFirstFileW
0x40b080 GetFileAttributesW
0x40b084 DeleteFileW
0x40b08c SetFileTime
0x40b094 GetSystemTime
0x40b098 CreateFileW
0x40b09c CreateEventW
0x40b0a0 UnmapViewOfFile
0x40b0a4 MapViewOfFile
0x40b0a8 OpenFileMappingW
0x40b0b0 LoadLibraryW
0x40b0b4 GetSystemDirectoryW
0x40b0cc SetThreadPriority
0x40b0d0 GetThreadPriority
0x40b0d4 SetPriorityClass
0x40b0d8 GetPriorityClass
0x40b0dc TerminateProcess
0x40b0e0 ReadFile
0x40b0e4 GetStartupInfoW
0x40b0e8 CreatePipe
0x40b0ec CreateProcessW
0x40b0f0 GetExitCodeProcess
0x40b0f4 ReadProcessMemory
0x40b0f8 Thread32Next
0x40b0fc Thread32First
0x40b104 GetModuleHandleW
0x40b108 GetProcAddress
0x40b10c OpenThread
0x40b110 GetCurrentThread
0x40b114 GetCurrentProcess
0x40b118 GetCurrentProcessId
0x40b11c OpenProcess
0x40b120 SetLastError
0x40b124 OutputDebugStringA
0x40b128 ReleaseMutex
0x40b12c GetLastError
0x40b130 CreateMutexW
0x40b134 CloseHandle
0x40b138 OpenMutexW
0x40b13c HeapFree
0x40b140 GetProcessHeap
0x40b144 HeapAlloc
0x40b148 GetCurrentThreadId
0x40b14c CreateFileMappingW
0x40b150 GetCommandLineW
Library ole32.dll:
0x40b438 CoTaskMemFree
Library MSVCP90.dll:
Library PSAPI.DLL:
Library Utility.dll:
Library XSkin.dll:
0x40b3dc ??1XString@@QAE@XZ
Library XBus.dll:
Library Support.dll:
Library XProcessBus.dll:
Library MSVCR90.dll:
0x40b1fc wcschr
0x40b200 wcsrchr
0x40b204 wcsstr
0x40b208 memcpy
0x40b20c fclose
0x40b210 fgetc
0x40b214 fopen_s
0x40b218 iswalpha
0x40b21c _vsnwprintf
0x40b220 ??_V@YAXPAX@Z
0x40b224 wcscat_s
0x40b228 ??_U@YAPAXI@Z
0x40b22c _wcsnicmp
0x40b230 wcslen
0x40b234 _wcsicmp
0x40b238 memset
0x40b23c memmove_s
0x40b244 _CxxThrowException
0x40b25c __CxxFrameHandler3
0x40b260 ??2@YAPAXI@Z
0x40b264 ??3@YAXPAX@Z
0x40b268 _lock
0x40b26c _onexit
0x40b270 strlen
0x40b274 _decode_pointer
0x40b278 _amsg_exit
0x40b27c tolower
0x40b280 toupper
0x40b284 _vsnwprintf_s
0x40b288 _vsnprintf_s
0x40b28c __wgetmainargs
0x40b290 _cexit
0x40b294 _exit
0x40b298 _XcptFilter
0x40b29c _unlock
0x40b2a0 __dllonexit
0x40b2a4 _controlfp_s
0x40b2a8 exit
0x40b2ac _wcmdln
0x40b2b0 _initterm
0x40b2b4 _initterm_e
0x40b2b8 _configthreadlocale
0x40b2bc __setusermatherr
0x40b2c0 _adjust_fdiv
0x40b2c4 __p__commode
0x40b2c8 __p__fmode
0x40b2cc __set_app_type
0x40b2d0 _encode_pointer
0x40b2d8 ?terminate@@YAXXZ
0x40b2e0 _crt_debugger_hook
0x40b2e4 _invoke_watson
Library IPHLPAPI.DLL:
0x40b018 GetExtendedTcpTable
Library VERSION.dll:
0x40b3a4 GetFileVersionInfoW
0x40b3a8 VerQueryValueW
Library MPR.dll:
0x40b158 WNetEnumResourceW
0x40b15c WNetOpenEnumW
0x40b160 WNetCloseEnum
Library USER32.dll:
0x40b31c IsIconic
0x40b320 ShowWindow
0x40b324 SetForegroundWindow
0x40b328 SetWindowPos
0x40b32c IsWindowVisible
0x40b330 IsWindowEnabled
0x40b334 GetForegroundWindow
0x40b33c AttachThreadInput
0x40b340 GetParent
0x40b344 GetWindowLongW
0x40b348 EnumWindows
0x40b34c PostMessageW
0x40b350 GetThreadDesktop
0x40b358 IsHungAppWindow
0x40b35c GetLastActivePopup
Library ADVAPI32.dll:
0x40b010 OpenProcessToken
Library ntdll.dll:
0x40b3f4 NtSuspendProcess
0x40b3fc NtTerminateProcess
0x40b408 NtLockVirtualMemory
0x40b418 NtCreatePagingFile
0x40b41c NtDuplicateObject
0x40b424 NtOpenProcess
0x40b42c NtResumeProcess
0x40b430 NtClose
Library SHLWAPI.dll:
0x40b300 PathStripPathW
0x40b304 StrStrW
0x40b308 PathFileExistsW
0x40b30c PathFindFileNameW
Library WS2_32.dll:
0x40b3b4 ntohs

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.