1.2
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.97
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:SillyP2P-X [Wrm] | 20200523 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_80% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200523 | 2013.8.14.323 |
| McAfee | GenericRXII-VF!AD69B31B9645 | 20200523 | 6.0.6.653 |
| Tencent | Trojan.Win32.Small.p | 20200523 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(2 个事件)
| section | DiZwhcQz |
| section | IdJwCytq |
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
| section | {'name': 'IdJwCytq', 'virtual_address': '0x00009000', 'virtual_size': '0x00007000', 'size_of_data': '0x00006800', 'entropy': 7.913995266210968} | entropy | 7.913995266210968 | description | 发现高熵的节 | |||||||||
| entropy | 0.896551724137931 | description | 此PE文件的整体熵值较高 | |||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 56 个反病毒引擎识别为恶意
(50 out of 56 个事件)
| ALYac | Generic.Malware.SN!hidprn.DC2947C3 |
| APEX | Malicious |
| AVG | Win32:SillyP2P-X [Wrm] |
| Acronis | suspicious |
| Ad-Aware | Generic.Malware.SN!hidprn.DC2947C3 |
| AhnLab-V3 | Worm/Win32.Agent.R287264 |
| Antiy-AVL | Trojan[Dropper]/Win32.Agent.a |
| Avast | Win32:SillyP2P-X [Wrm] |
| Avira | TR/Crypt.FKM.Gen |
| BitDefender | Generic.Malware.SN!hidprn.DC2947C3 |
| BitDefenderTheta | Gen:NN.ZexaF.34122.@pNfa4NdgXG |
| CAT-QuickHeal | Trojan.GenericRI.S7237852 |
| ClamAV | Win.Malware.Hidprn-7191578-0 |
| Comodo | Heur.Packed.MultiPacked@1z141z3 |
| CrowdStrike | win/malicious_confidence_80% (D) |
| Cybereason | malicious.78b2f1 |
| Cylance | Unsafe |
| Cyren | W32/FakeMS.AQ.gen!Eldorado |
| DrWeb | Win32.HLLW.Xiquit |
| ESET-NOD32 | Win32/Agent.NIQ |
| Emsisoft | Generic.Malware.SN!hidprn.DC2947C3 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/FakeMS.AQ.gen!Eldorado |
| F-Secure | Trojan.TR/Crypt.FKM.Gen |
| FireEye | Generic.mg.bc4e23f78b2f1b48 |
| Fortinet | W32/Parite.C |
| GData | Win32.Worm.Agent.ASR |
| Ikarus | Trojan-Dropper.Win32.Dogrobot |
| Invincea | heuristic |
| Jiangmin | Trojan.Generic.dzvcn |
| K7AntiVirus | Trojan ( 0051918e1 ) |
| K7GW | Trojan ( 0051918e1 ) |
| Kaspersky | HEUR:Trojan-Dropper.Win32.Daws.pef |
| MAX | malware (ai score=85) |
| Malwarebytes | Trojan.Agent |
| MaxSecure | Win.MxResIcn.Heur.Gen |
| McAfee | GenericRXII-VF!AD69B31B9645 |
| McAfee-GW-Edition | GenericRXII-VF!AD69B31B9645 |
| MicroWorld-eScan | Generic.Malware.SN!hidprn.DC2947C3 |
| Microsoft | Trojan:Win32/Wacatac.C!ml |
| NANO-Antivirus | Trojan.Win32.Xiquit.fywtld |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM11.1.693F.Malware.Gen |
| Rising | Worm.Agent!1.9D8A (RDMK:cmRtazoDg2jRnotAvuvyEcHqKi8P) |
| SUPERAntiSpyware | Trojan.Agent/Gen-MSFake[All] |
| Sangfor | Malware |
| SentinelOne | DFI - Suspicious PE |
| Sophos | W32/VB-FFH |
| Tencent | Trojan.Win32.Small.p |
| Trapmine | malicious.moderate.ml.score |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2004-05-07 07:02:15
PE Imphash
365b1d12b684a96b167a74679ec9e4e3
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| DiZwhcQz | 0x00001000 | 0x00008000 | 0x00000000 | 0.0 |
| IdJwCytq | 0x00009000 | 0x00007000 | 0x00006800 | 7.913995266210968 |
| .rsrc | 0x00010000 | 0x00001000 | 0x00000c00 | 3.5175292580299633 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x00010408 | 0x00000128 | LANG_SPANISH | SUBLANG_SPANISH_MODERN | None |
| RT_ICON | 0x00010408 | 0x00000128 | LANG_SPANISH | SUBLANG_SPANISH_MODERN | None |
| RT_GROUP_ICON | 0x00010534 | 0x00000022 | LANG_SPANISH | SUBLANG_SPANISH_MODERN | None |
| RT_VERSION | 0x0001055c | 0x000003fc | LANG_SPANISH | SUBLANG_SPANISH_MODERN | None |
Imports
Library ADVAPI32.dll:
• 0x4109a8 RegCloseKey
Library KERNEL32.DLL:
• 0x4109b0 LoadLibraryA
• 0x4109b4 ExitProcess
• 0x4109b8 GetProcAddress
• 0x4109bc VirtualProtect
Library USER32.dll:
• 0x4109c4 MessageBoxA
L!This program cannot be run in DOS mode.
/<kRkRkR
^iRYjR\gRXWR
AlRkS\RDiRTjRRichkR
DiZwhcQz
IdJwCytq
RS\U&" gm
p%f$GaAr
?Jy9Tc
U$|^\!
.tg9KpM%
>oaY`K
^] "O.O
oL>qMA7{c#IqH
B,qh?DxXqL
Pl"_=Ej,
kqU_aTM=!mr
)p{yyPN
PJllTP
Wdle .\K,-
#^Xf!P_
'}_TKo
"k}8qDt:?
K0lPv9
EH=$[IiC
1l<:`8
N3 >9%
5P} \T.
/|,Lp
k}Y\%an
#UmjG_
]npnLB
X_K t9e$4Rq
$2Xd6'7[W%IK81vK
2lf]~q
U8cZo9|
Zd5od(s{*
W>):!h
xhZ0.<
r)HdBX
W7a& 7
HQb]^v
(o>#R#W[2
bV^3jR
Dr<.k%a
}`c4\^
0-%?_rK?rB<)
Z:/d%K
vXG:kd
87psR)%nr
LnVKCjhd mh
lk(-(o
f\a#h%/
X4o.m8
UvyiS<8
1I-do]w0r#
V7qM vT>yu
9XRhFhm%<s+
^boe%i
L" =>qI^I
&K/YS'n
W. T"W=sqkTmFn`
9#%[FNt:S
jLj1nS
r m7[5/
pFXti9juh?ABQ
zP/h?RC
pq9lLg_F
1< "o\x
mvdd%?.>A
, 5$g\
a%zl{&m
om&LCmQ
na/q$5Z
/7Pf!pgl!1RN%\!
i2%8Pq&,+
D[%-a bno
0d)%Eo-Y!G>d'D'm8[
j(!~=!?}
+z^qiD{c \
U8]v6o&.
oP%\WPcS $
}P(S0l*Rj*$w
oys)>
WJ=L{V
h{P>ny%.
2e(2'r
-,6%(knOM
YUc &7D\B
Gl6"Ez
/'xd_)
%oC Yv
g&i/J_%#w
lao#4,
PXzD/es
,HYG-k#\f(Z|IC:@o
P`n81C:cZ;w1u3*r
\nTd*n3>Q|w
B}M %%
]$x/ukr
$ZZ@o4:
0O/r@%
&'2)=`6)
o~XMrl` /ts
(kJy&E}cu~-p
QL8h4tQ
w&6k`J[
YLdvV(Bt
f$[A7%{dl
Z[v7jq
X*8 !8
#<9k-:em
=|It;`
t{R8HP
? N&G+
+\op/cb
*wR$W-cS
dI~';6
y94K(8he!
QmF~t0C9
qL=M%>OiEd)jp m
&- /Kl
>8^`I
AD[W=&1_
- >a:FK
9<YU?qD^[`Faf[X]k
i[4-}U
4~]bU_o/YMeI
kE%$MQVS4~xo
QbdA*\i^
@]Q#HB%g,PSah
b`)_UEo4m
}p0>Km
*8.`ix!
tR !(]oN
tjM@-_Z2|#
${R\c/|`"
""l{QQ
CZ jQKo
l/_/SV
SYM8/*%
?cG#ziZ
%}$d'WM}=T\
n+43qLF7
nkMPY{a
[%B@mV !
|sJT 5ln ,o*+
oc/&9`_
Wa9Z]i`3B'
.v!~Tx^t:Ab
zqk}mNoO
QkN&#>
+r=)[{
&d<Ub$S*hf5,]Gd1~[
Z_Or:-
_o oyld
%BqiBhV7
JmAgj.u
/l&YhJ
) _h;lo
i$FgmF!
{&pn&:&IX
iP!_|,yYpkZo
48s dd
h1$F!DTe
l\<!n1JMg
I&K|Lq
f5s{-G_
8p`Tsw_bB
CM9w,~++
L'VM|Qi2
YE?_voq!\dbo)
Yg\!Y]Dr
Tp'a)6WQ
"qkKdDG$
7` /7 Yc
=koQ _K
%I?ooF7-
^|XGzk
!AjR#-yhxC
YT]#h%Q)
3 lF[O$
Cl%hSq^s-vr
VW&0e
v!SJHpp}
lb/n']}w
Eh ~g%`x\It{
&kUbzk[RF#f
hWC?Bl
pmdB%m$
{UU8W/\.
nP#,u
]&uUMc:
n.1V'o
omM:4T4
7c]|#$5vuh2$
Bj8#do*u&
K}!UdZ
Z\3\TO
gYRI&?d.qK
JcrMcf+
Q`;aUl
>mUjJT
4+U^=(
`*S#<W
nGYW'G
>OgFJl
R*Sl4ry
,nMh4P"sb~G[RO|9fI&
no%oorQ5
oJ= 4\
8+m<]KW"
d8(0KJ
wHgwK r
L^@S`r
4l`]b@5
qg }D6jO(
oTwcK4
,2Qj^wVK7mXTZ+]w
qZa(FRn%
M<a`a 7
&oL5n_&
oo-KXl
xYh_ [
A.S%s
!x#XG}6~
n>e5o1
o')oqo
.I{m_&
-d\# /;HL
i{l.M7,^
1Yan"c"
1B]N29
nH8F<Zq!]8C
U$E?`$f(y
IB8P-v
|sm-D,}B
V=EUm3Kr
VQg.,rAlo0i9
Y^WokNZEn
trS)'|
\nPkX VdBJ%Rv)Bo=lC#
67$&ekf<
SY%F^LZ
oUh[s'v?n`&8
-G#czi{&p
,8QPe%
u;hb/T
Kq]hLN
9H+*qx7
x64ln$!02V-
B?m1RCx
zoL*eY@6\i
noeaS>m Qk _
QvQh`%
3QwP%Pro\@mt&E
AHq>awG^
o6Qm9.a\
BK;NDJ4z
vmi]xk
c&@P1{r3,%
]v=%(|ym_
%i@"YAn
m\2K6!3
T>8!!ZYn
4TA[ia8hm
F=.(_/
X^E* \
ioo!)}Y
lWZ~#WYGk
V7r!6K86
[rkQl_
5l)\P#
]cY'#Y\
XjI7hpl$
_B3 !?
nbYW'q]
j~Um0}j8>)
0vw`W4U
?%p}gD]`MJ
!gDZF<
;Pfnd;"
*n2[A3-%
3SA,nMqc&
k(PNc.r
%<ZqL!
l!Q%m>
RQ^cfOm##
/L1&x#MI W[o
k/a IFoM
cj%p_Np\
eywEJ?
cqeD&S
$@)--==S;6U
IkTjAs%<,
8&e)_qY
G^j Pr
Uo\i}a`{
a7/?^ziY$
gnoNnG}*T
pQ{V,g>8I4
_-3F-x*
j^_oY|
k %JHh@4nn3
W_xF=lOB
Lrf-q_
E$oVk()^}]
_F #jg)+
xjT_]R
of)`hJ
!XxQyr
q|kMh(?S
X~s%o C_z!j&h
ZE*"a^l8pf
;W~E!6iTG.a
FK}V/'F
/n\onlm
J;5;"
DhQ/7eN
4{Y@hgk
Af%c<\R
_.{Y*Ul Qn'u
o}T7RKl@uq
4iSi"rd(bJtRzhi
6k*(wCp
k&lg)6-
XYTMH"-h
d:nJiE
;oPh` no`M%X
5mEcc.,
dc5z_X'^(co
f+eA$y]
FL`^S.
/%]Q):
RH,,F8760x5
wkzN /Y-xL
`ah{'~
g=>[5*D
C)2Tlm
YPXRGU_%vmvM_>_rJ$C
ae2\foB
h$%zB_?
!?=VVB
jok=[/@
FLl7Q,EEUlKZ[
0\18d1
yG0\\Q
TPmV_^;bFgz][
g!3[E7"
CY8af)q^e@xBLKmY
,^g`>*?x
rX8j/|
5k?\cP
8nG\z+ U!
Y6GsB,rhHc]goG
"fm>zf&
`&5Pp
[mU0+&
!7@nla <
@ZZAnzlVp
e7Np!C,c7K
( [XP7U
F0BDo"ao
7D|#PJl 8H
@M1I^~S
hu!{I~
Ql-<)-A;ya4
{l %aI7AFk !f|M
/YqXmw
:w<18K
Spt0G;
Kd\l<z
_hD){
Q`2T-\
Y.oAG W
)9Le7n
MesTD4
CO,87fc
@@g}$q
2~{!X/)$
*S;AC#l
;"u+Fg6!
b{BfXiV[}e)g
'?[|Xlq
R.98^nS
[l_^m&;56
>})5TY
{uP(~!
4A1Yi:
,:HiiVftiM4
x"8Pj|4M45M
.>Td]3
50, (8PX
700\WP
)w (null
runtime error
R60285j
?Kablto in
iValiz
heap7'7
k?not=
ugh spac#fv
w{lowi8a
on7<\6std35pur+virtu!3_lmc# c
l('4mMa__*ex\/X^{
_19mws_opeX1so
c+8F$o Ded
7m]h[a
!ck/`+
4da5Zs.
@gram Jm6/CKa/09O
A>h4*+0.+8!|Bargu(s_
}`+fnngo
-M-`9f
?C++ RLibr
<%,kl;6~{wn>
GetLa2A
sageBoxA3s%32.d*
vXKKb{
Y@#EXE
KpyCOMZI+RAR
ISORRG,CD
MTDI@RL5
N6kkPS
TGTJTnW|m{|3
AnSN@VOOAU@WAVm
6AI"RMIk
9VdXVvKDOTXTcD"RT
naHL+M
amp 5.0 (f vers
|Av C.5En&
lDpdeo
/9.16_Its Work!]A+
Ace8)w
Pluu(DAP)$] ds
s=@8v3
RaA6}1
GCtaH 200
I2 freeweLZ
3DTtuq0R8'!
SbDub.
M meng
Hharofe0mpEt
i=sBsw\ p
azk3aiHFfDd5V? KqI
{ kVWY
CO0comic
VA<_7 NOKIAX
MDLYnBaPh
-dj^m{P
T/;y Lo
k=okhXXON
gOOmsGvr9/MBovi
\Emu<aE
H,2[MP
+DY3xfSt6hG
R5^7b2D!
Gd!Ehl*
$qJc 6[
CC #RCc
aaZJBuCG`a6tjmoi<
gLz5L/'
LCi< .
N7SoQM"lk
0@8]hum`
FohHeX8
](ixO&pU
MHlPo9j
CSh]:\mee
Jzuk'B09=
j`%aB(Exim0
_MI#838
rb[:\Gu
neNQ^B4:@Ctsum!3H? vk!Fo g93l
5E1@SivoE*S/L
qc oEp
loY1 BfWod7{abO=
ex_OeSOFT
\R+ 6mb
!alx /|`-xCafuyoigO
hs-ldb
?Ecvm.t
EMULEax.
KP;dSda4
G+012345:A
Kazaa\
J!l'a{
%dG\qU
6CIM"h
lTDuMt
6W_Y{l
@~/=Bx
@`C`/A
^__j2/
UUUJFQU%@4(MOu#$_n@
CWe{+E
StTypeW
&soryAja
upInfoR<mY
Linch7
EDPr7[{VOEDee
-&Re{Bv
pt<te`E
F[deCh
ToMBys
Uxn pd
bmwtlw5o
h%Fh'!LBuff
+Addr/6
LoadJ($dOfp
g\V#.l
xfX]`'
XPTPSWXaD$j
33333330
{{{{{{{3
{{{{{{{33
{{{{{{{330
{{{{{{{330
{{{{{{{330
3333333
33?030
33333333
wwwwwwwwwww
DDDDDD@
DDDDDDGpw
DDDDDDGpw
DDDDDDDDDDD
wwwwwwwwwww
DDDpp@
ADVAPI32.dll
KERNEL32.DLL
USER32.dll
RegCloseKey
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
MessageBoxA
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�c�0�a�0�4�b�0�
C�o�m�m�e�n�t�s�
M�i�c�r�o�s�o�f�t�
C�o�m�p�a�n�y�N�a�m�e�
M�i�c�r�o�s�o�f�t�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
M�i�c�r�o�s�o�f�t�
F�i�l�e�V�e�r�s�i�o�n�
1�,� �0�,� �0�,� �1�
I�n�t�e�r�n�a�l�N�a�m�e�
M�i�c�r�o�s�o�f�t�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
C�o�p�y�r�i�g�h�t� �
L�e�g�a�l�T�r�a�d�e�m�a�r�k�s�
D�e�b�i�d�o� �a� �q�u�e� �e�s� �u�n� �G�u�s�a�n�o�,� �n�o� �c�r�e�o� �o�p�o�r�t�u�n�o� �r�e�l�l�e�n�a�r� �e�s�t�e� �c�u�a�d�r�o�.� �j�e�j�e�j�e�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
M�i�c�r�o�s�o�f�t�
P�r�i�v�a�t�e�B�u�i�l�d�
M�i�c�r�o�s�o�f�t�
P�r�o�d�u�c�t�N�a�m�e�
M�i�c�r�o�s�o�f�t�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
1�,� �0�,� �0�,� �1�
S�p�e�c�i�a�l�B�u�i�l�d�
M�i�c�r�o�s�o�f�t�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.