2.6
中危
17 个模型检测该样本为恶意!
重新分析
更多

798baec5220b7d647bde4ad1fed04b8e4c0611ad710ebfdb3ca850de5233a1c6

be958f21c0e2d0c0b01ff68a2b75a36e.exe

分析耗时

90s

最近分析

文件大小

1.2MB
静态报毒 动态报毒 APOST BSCOPE CLOUD PJDL SCORE SEARCHER UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20200404 6.0.6.653
Alibaba Trojan:Win32/APosT.ae9d33b1 20190527 0.3.0.5
CrowdStrike 20190702 1.0
Baidu 20190318 1.0.0.2
Avast 20200403 18.4.3895.0
Tencent Win32.Trojan.Apost.Pjdl 20200404 1.0.0.1
Kingsoft 20200404 2013.8.14.323
行为判定
动态指标
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.2661420693731325 section {'size_of_data': '0x000ecc00', 'virtual_address': '0x00046000', 'entropy': 7.2661420693731325, 'name': '.rsrc', 'virtual_size': '0x000ecab8'} description A section with a high entropy has been found
entropy 0.7759115116755428 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (2 个事件)
Time & API Arguments Status Return Repeated
1621008463.142751
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1621008463.157751
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 17 AntiVirus engines on VirusTotal as malicious (17 个事件)
Cylance Unsafe
Zillya Trojan.APosT.Win32.1316
Alibaba Trojan:Win32/APosT.ae9d33b1
Kaspersky Trojan.Win32.APosT.ktt
AegisLab Trojan.Win32.APosT.4!c
Tencent Win32.Trojan.Apost.Pjdl
DrWeb Adware.Searcher.3327
TrendMicro PUA.Win32.APosT.B
Jiangmin Trojan.APosT.abb
eGambit Unsafe.AI_Score_99%
Antiy-AVL Trojan/Win32.APosT
ZoneAlarm Trojan.Win32.APosT.ktt
VBA32 BScope.Trojan.APosT
TrendMicro-HouseCall PUA.Win32.APosT.B
Rising Trojan.APosT!8.E271 (CLOUD)
Webroot W32.Adware.Gen
Qihoo-360 Win32/Trojan.f30
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-02-08 01:39:42

Imports

Library KERNEL32.dll:
0x438078 GetCurrentProcessId
0x43807c CreateThread
0x438080 GetVersionExA
0x438084 VirtualFree
0x438088 DisconnectNamedPipe
0x43808c GetACP
0x438090 GetModuleHandleA
0x438098 FreeLibrary
0x4380a0 LockResource
0x4380a4 CreateProcessW
0x4380a8 TlsFree
0x4380b0 CreateJobSet
0x4380b8 GetProcAddress
0x4380c0 GetStringTypeA
0x4380c4 SetFilePointer
0x4380c8 LoadLibraryA
0x4380d0 WriteFile
0x4380d4 GetCurrencyFormatEx
0x4380dc SetLastError
0x4380e4 CreateDirectoryA
0x4380e8 GetFileType
0x4380ec CreateFileA
0x4380f0 GetCurrentThreadId
0x4380f8 SetHandleCount
0x4380fc RaiseException
0x438100 LCMapStringA
0x438104 CompareStringW
0x438108 CreateProcessA
0x43810c GetConsoleMode
0x438110 CopyFileW
0x438114 SizeofResource
0x438118 GetStringTypeW
0x43811c FindNextFileNameW
0x438124 LCMapStringW
0x438128 MultiByteToWideChar
0x43812c LoadResource
0x438134 AddAtomA
0x438138 GetLocaleInfoA
0x43813c GetLocaleInfoW
0x438140 GetConsoleCP
0x438144 TlsAlloc
0x438148 GetConsoleOutputCP
0x43814c HeapSize
0x438154 lstrlenA
0x438158 GetTickCount
0x43815c InterlockedExchange
0x438164 HeapDestroy
0x438180 EnumSystemLocalesA
0x438184 WriteConsoleInputA
0x43818c GetCurrentThread
0x438190 ReadFile
0x438198 GetProcessHeap
0x43819c GetLastError
0x4381a4 WriteConsoleW
0x4381a8 HeapFree
0x4381ac FlushFileBuffers
0x4381b4 CreateMutexA
0x4381b8 WideCharToMultiByte
0x4381c0 TlsSetValue
0x4381c4 VirtualLock
0x4381c8 FindResourceExA
0x4381cc FindResourceA
0x4381d0 CompareStringA
0x4381d4 GetStartupInfoA
0x4381e4 ExitProcess
0x4381e8 WriteConsoleA
0x4381ec SetEndOfFile
0x4381f0 GetOEMCP
0x4381f4 GetConsoleFontSize
0x4381f8 GetCurrentProcess
0x4381fc RemoveDirectoryA
0x438200 GetFileSize
0x438204 SetStdHandle
0x438208 GetStdHandle
0x43820c GetTimeFormatA
0x438210 RtlCaptureContext
0x438214 HeapAlloc
0x438218 GetCPInfo
0x438220 Process32First
0x438224 IsDebuggerPresent
0x438228 Sleep
0x43822c DeleteFileA
0x438230 GetUserDefaultLCID
0x438234 TerminateProcess
0x438238 AddAtomW
0x43823c FatalAppExitA
0x438240 HeapReAlloc
0x438250 GetDateFormatA
0x438254 IsValidCodePage
0x438258 CreateFileW
0x43825c HeapCreate
0x438260 Process32Next
0x438264 GetTempPathA
0x438268 GetCommandLineA
0x43826c IsValidLocale
0x438270 TlsGetValue
0x438278 GetModuleFileNameW
0x43827c CallbackMayRunLong
0x438280 RtlUnwind
0x438284 VirtualAlloc
0x43828c GetModuleFileNameA
0x438290 CloseHandle
0x438298 GetModuleHandleW
Library USER32.dll:
0x438338 MessageBoxA
0x43833c GetClassInfoA
0x438340 EndMenu
0x438344 SetCaretBlinkTime
0x438348 EnableMenuItem
0x43834c GetDlgItem
0x438350 SwitchToThisWindow
0x438354 LoadIconA
0x438358 InSendMessage
0x43835c BeginDeferWindowPos
0x438360 GetListBoxInfo
0x438364 OpenWindowStationW
0x438368 DialogBoxParamA
0x43836c RegisterClassW
0x438370 SendMessageA
0x438374 WinHelpW
0x438378 GetWindowLongA
0x43837c DefMDIChildProcW
0x438380 EnumPropsW
0x438384 SetDebugErrorLevel
0x438388 EnumThreadWindows
0x43838c FindWindowExA
0x438390 GetSystemMenu
0x438394 EndDialog
0x438398 SetWindowPos
0x43839c GetKeyNameTextA
0x4383a0 PostMessageA
Library ADVAPI32.dll:
0x438000 EventAccessRemove
0x438004 GetFileSecurityW
0x43800c CloseServiceHandle
0x438014 OpenProcessToken
0x438018 FreeSid
0x43801c RegCloseKey
0x438020 PerfStopProvider
0x43802c RegEnumValueA
0x438030 RegDeleteKeyA
0x438034 GetUserNameA
0x43803c SetServiceBits
0x438040 RegOpenKeyExA
0x438048 RegSaveKeyW
0x43805c EventAccessQuery
0x438064 GetLengthSid
0x438068 RegQueryInfoKeyA
Library SHELL32.dll:
0x4382e0
0x4382e4
0x4382ec
0x4382f4 SHGetFolderPathA
0x4382f8 DragQueryFileA
Library ole32.dll:
0x4383cc CoInitializeEx
0x4383d4 CoCreateInstance
0x4383d8 CoUninitialize
0x4383dc CoTaskMemFree
Library OLEAUT32.dll:
0x4382a0 VarR8FromCy
0x4382a4 VarUI8FromUI1
0x4382a8 VarUI2FromUI1
0x4382ac VarDateFromBool
0x4382b0 VarUdateFromDate
0x4382b4 VarI4FromUI4
0x4382b8 VarBoolFromUI8
0x4382bc VarBoolFromCy
0x4382c0 VarDiv
0x4382c4 VarR8Round
0x4382c8 SysAllocString
0x4382cc SysFreeString
Library SHLWAPI.dll:
0x438300 SHRegQueryUSValueA
0x438308 PathSetDlgItemPathA
0x43830c PathAddExtensionA
0x438310 SHRegWriteUSValueW
0x438314 UrlApplySchemeA
0x43831c PathFindFileNameA
0x438320 PathIsLFNFileSpecW
0x438324 PathFileExistsA
0x438328 UrlCompareW
0x43832c PathAppendA
0x438330 StrDupW
Library WININET.dll:
0x4383a8 HttpOpenRequestA
0x4383ac InternetConnectA
Library PSAPI.DLL:
0x4382d4 EnumProcessModules
Library WTSAPI32.dll:
0x4383b4 WTSQueryUserToken
0x4383b8 WTSOpenServerA
0x4383bc WTSLogoffSession
0x4383c0 WTSSendMessageW

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49238 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.