SmartHawk

3.0

中危

43 个模型检测该样本为恶意！

重新分析

下载样本

5ff64dbb052b9364274ada940f099efaf1e16dd41244b7f540dc2e574c770dfc

bb967f3c5c09d703abd406457ecb5e19.exe

分析耗时

20s

最近分析

文件大小

250.2KB

静态报毒动态报毒 AI SCORE=86 ATTRIBUTE DORIFEL EESREL ELEX HIGHCONFIDENCE JOHNNIE MUTABAHA R189923 SCORE SKDF TAIWANSHUI TECHNOLOGIES UNSAFE WINZIPPER XADUPI XADUPI RELATED ZPPKLQOCKGS 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	Trojan:Win32/Xadupi.7ad3022a	20190527	0.3.0.5
Tencent		20200905	1.0.0.1
Baidu		20190318	1.0.0.2
Kingsoft		20200905	2013.8.14.323
McAfee	PUP-FRR	20200905	6.0.6.653
CrowdStrike		20190702	1.0

This executable is signed

This executable has a PDB path (1 个事件)

pdb_path

E:\svn\oiview\trunk\bin\TrayDownloader.pdb

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Generates some ICMP traffic

File has been identified by 43 AntiVirus engines on VirusTotal as malicious (43 个事件)

DrWeb	Adware.Mutabaha.229
MicroWorld-eScan	Gen:Variant.Johnnie.56244
FireEye	Generic.mg.bb967f3c5c09d703
CAT-QuickHeal	PUA.Taiwanshui.Gen
ALYac	Gen:Variant.Johnnie.56244
Cylance	Unsafe
Zillya	Dropper.Dorifel.Win32.17474
SUPERAntiSpyware	PUP.Elex/Variant
K7AntiVirus	Adware ( 004dc2f41 )
Alibaba	Trojan:Win32/Xadupi.7ad3022a
K7GW	Adware ( 004dc2f41 )
Cybereason	malicious.c5c09d
Arcabit	PUP.Adware.Elex
Invincea	Xadupi Related (PUA)
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Kaspersky	not-a-virus:AdWare.Win32.ELEX.gpl
BitDefender	Gen:Variant.Johnnie.56244
NANO-Antivirus	Trojan.Win32.Elex.eesrel
Ad-Aware	Gen:Variant.Johnnie.56244
F-Secure	Adware.ADWARE/Elex.SKDF
TrendMicro	PUA_ELEX
Sophos	Xadupi Related (PUA)
Jiangmin	Downloader.Elex.f
Avira	ADWARE/Elex.SKDF
Microsoft	Trojan:Win32/Xadupi
AegisLab	Riskware.Win32.Elex.1!c
ZoneAlarm	not-a-virus:AdWare.Win32.ELEX.gpl
GData	Gen:Variant.Johnnie.56244
Cynet	Malicious (score: 100)
AhnLab-V3	Adware/Win32.ELEX.R189923
McAfee	PUP-FRR
MAX	malware (ai score=86)
VBA32	Downloader.Elex
Malwarebytes	Adware.Elex
ESET-NOD32	a variant of Win32/Adware.ELEX.PIH
TrendMicro-HouseCall	PUA_ELEX
Rising	Trojan.Xadupi!8.300C (TFE:5:ZPPklQocKGS)
Yandex	PUA.Downloader!
Fortinet	Riskware/Elex
Webroot	Pua.337.Technologies
Panda	PUP/Winzipper
Qihoo-360	Win32/Trojan.1e2

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2015-12-09 13:24:46

Imports

Library WININET.dll:

• 0x419218 InternetOpenW

• 0x41921c InternetCrackUrlW

• 0x419220 HttpQueryInfoW

• 0x419224 HttpSendRequestW

• 0x419228 HttpOpenRequestW

• 0x41922c InternetReadFile

• 0x419230 InternetConnectW

• 0x419234 InternetCloseHandle

Library SHLWAPI.dll:

• 0x419198 PathAppendW

• 0x41919c PathFileExistsW

• 0x4191a0 PathRemoveFileSpecW

Library KERNEL32.dll:

• 0x419000 WriteConsoleW

• 0x419004 SetStdHandle

• 0x419008 FlushFileBuffers

• 0x41900c SetEnvironmentVariableW

• 0x419010 GetStringTypeW

• 0x419014 SetFilePointerEx

• 0x419018 GetConsoleMode

• 0x41901c GetConsoleCP

• 0x419020 HeapReAlloc

• 0x419024 GetCPInfo

• 0x419028 GetOEMCP

• 0x41902c GetACP

• 0x419030 GetProcAddress

• 0x419034 WaitForSingleObject

• 0x419038 Sleep

• 0x41903c ReadFile

• 0x419040 SetFilePointer

• 0x419044 CloseHandle

• 0x419048 CreateMutexW

• 0x41904c LoadLibraryW

• 0x419050 CreateFileW

• 0x419054 DeleteFileW

• 0x419058 MoveFileExW

• 0x41905c WideCharToMultiByte

• 0x419060 CreateEventA

• 0x419064 SetEvent

• 0x419068 GetProcessHeap

• 0x41906c HeapAlloc

• 0x419070 HeapFree

• 0x419074 GetCurrentProcess

• 0x419078 GetCurrentProcessId

• 0x41907c SetUnhandledExceptionFilter

• 0x419080 GetCurrentThreadId

• 0x419084 GetSystemTime

• 0x419088 GetLocalTime

• 0x41908c GetModuleFileNameW

• 0x419090 CreateDirectoryW

• 0x419094 WriteFile

• 0x419098 GetLastError

• 0x41909c SetNamedPipeHandleState

• 0x4190a0 WaitNamedPipeW

• 0x4190a4 IsValidCodePage

• 0x4190a8 LCMapStringW

• 0x4190ac CompareStringW

• 0x4190b0 OutputDebugStringW

• 0x4190b4 GetModuleHandleW

• 0x4190b8 TerminateProcess

• 0x4190bc UnhandledExceptionFilter

• 0x4190c0 QueryPerformanceCounter

• 0x4190c4 GetStartupInfoW

• 0x4190c8 GetFileType

• 0x4190cc FreeEnvironmentStringsW

• 0x4190d0 GetEnvironmentStringsW

• 0x4190d4 DeleteCriticalSection

• 0x4190d8 InitializeCriticalSectionAndSpinCount

• 0x4190dc InterlockedIncrement

• 0x4190e0 SetLastError

• 0x4190e4 IsDebuggerPresent

• 0x4190e8 HeapSize

• 0x4190ec MultiByteToWideChar

• 0x4190f0 GetModuleHandleExW

• 0x4190f4 ExitProcess

• 0x4190f8 InterlockedDecrement

• 0x4190fc GetStdHandle

• 0x419100 LoadLibraryExW

• 0x419104 ExitThread

• 0x419108 CreateThread

• 0x41910c GetSystemTimeAsFileTime

• 0x419110 OpenEventA

• 0x419114 WaitForMultipleObjects

• 0x419118 ReleaseSemaphore

• 0x41911c ResetEvent

• 0x419120 GetModuleHandleA

• 0x419124 GetTickCount

• 0x419128 SetWaitableTimer

• 0x41912c ResumeThread

• 0x419130 TlsAlloc

• 0x419134 TlsGetValue

• 0x419138 TlsSetValue

• 0x41913c TlsFree

• 0x419140 CreateWaitableTimerA

• 0x419144 SystemTimeToFileTime

• 0x419148 LocalFree

• 0x41914c FormatMessageA

• 0x419150 EncodePointer

• 0x419154 DecodePointer

• 0x419158 RaiseException

• 0x41915c RtlUnwind

• 0x419160 EnterCriticalSection

• 0x419164 LeaveCriticalSection

• 0x419168 GetCommandLineW

• 0x41916c IsProcessorFeaturePresent

Library USER32.dll:

• 0x4191a8 LoadIconW

• 0x4191ac LoadCursorW

• 0x4191b0 GetCursorPos

• 0x4191b4 EndPaint

• 0x4191b8 BeginPaint

• 0x4191bc SetForegroundWindow

• 0x4191c0 UpdateWindow

• 0x4191c4 TrackPopupMenu

• 0x4191c8 AppendMenuW

• 0x4191cc LoadStringW

• 0x4191d0 TranslateAcceleratorW

• 0x4191d4 LoadAcceleratorsW

• 0x4191d8 EndDialog

• 0x4191dc DialogBoxParamW

• 0x4191e0 ShowWindow

• 0x4191e4 CreateWindowExW

• 0x4191e8 RegisterClassExW

• 0x4191ec PostQuitMessage

• 0x4191f0 DefWindowProcW

• 0x4191f4 PostMessageW

• 0x4191f8 DispatchMessageW

• 0x4191fc TranslateMessage

• 0x419200 GetMessageW

• 0x419204 RegisterWindowMessageW

• 0x419208 SendMessageW

• 0x41920c CreatePopupMenu

• 0x419210 DestroyWindow

Library SHELL32.dll:

• 0x419184

• 0x419188 Shell_NotifyIconW

• 0x41918c CommandLineToArgvW

• 0x419190 ShellExecuteExA

Library dbghelp.dll:

• 0x41923c MiniDumpWriteDump

Library RPCRT4.dll:

• 0x419174 UuidCreate

• 0x419178 RpcStringFreeW

• 0x41917c UuidToStringW

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	49236	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702
192.168.56.101	62192	239.255.255.250	3702
192.168.56.101	65005	239.255.255.250	3702
192.168.56.101	49235	8.8.8.8	53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.