1.2
低危
58 个模型检测该样本为恶意!
重新分析
更多

1f7d8e6b6c815dcb9ec8631c9951020072c8bbedc13106532d7d96b5739b9002

1f7d8e6b6c815dcb9ec8631c9951020072c8bbedc13106532d7d96b5739b9002.exe

分析耗时

194s

最近分析

364天前

文件大小

2.8MB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN WORM HIDPRN
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.97
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:SillyP2P-X [Wrm] 20191228 18.4.3895.0
Baidu None 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Kingsoft None 20191228 2013.8.14.323
McAfee GenericRXII-VF!F92B8C35DCB7 20191228 6.0.6.653
Tencent Trojan.Win32.Small.p 20191228 1.0.0.1
行为判定
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具 (2 个事件)
section {'name': 'uYtLTSyQ', 'virtual_address': '0x00009000', 'virtual_size': '0x00007000', 'size_of_data': '0x00006c00', 'entropy': 7.880006040368946} entropy 7.880006040368946 description 发现高熵的节
entropy 0.9 description 此PE文件的整体熵值较高
网络通信
与未执行 DNS 查询的主机进行通信 (1 个事件)
host 114.114.114.114
文件已被 VirusTotal 上 58 个反病毒引擎识别为恶意 (50 out of 58 个事件)
ALYac Generic.Malware.SN!hidprn.04880AC5
APEX Malicious
AVG Win32:SillyP2P-X [Wrm]
Acronis suspicious
Ad-Aware Generic.Malware.SN!hidprn.04880AC5
AhnLab-V3 Worm/Win32.Agent.R287264
Antiy-AVL Trojan[Dropper]/Win32.Agent.a
Arcabit Generic.Malware.SN!hidprn.04880AC5
Avast Win32:SillyP2P-X [Wrm]
Avira TR/Crypt.FKM.Gen
BitDefender Generic.Malware.SN!hidprn.04880AC5
BitDefenderTheta Gen:NN.ZexaF.33558.ZoNfau8DQcI
Bkav W32.AIDetectVM.malware1
CAT-QuickHeal Trojan.GenericRI.S7237852
Comodo Heur.Packed.MultiPacked@1z141z3
CrowdStrike win/malicious_confidence_100% (D)
Cybereason malicious.435155
Cylance Unsafe
Cyren W32/FakeMS.AQ.gen!Eldorado
DrWeb Win32.HLLW.Xiquit
ESET-NOD32 Win32/Agent.NIQ
Emsisoft Generic.Malware.SN!hidprn.04880AC5 (B)
Endgame malicious (high confidence)
F-Prot W32/FakeMS.AQ.gen!Eldorado
F-Secure Trojan.TR/Crypt.FKM.Gen
FireEye Generic.mg.c04999a4351555f6
Fortinet W32/Parite.C
GData Generic.Malware.SN!hidprn.04880AC5
Ikarus Trojan-Dropper.Win32.Dogrobot
Invincea heuristic
Jiangmin Trojan.Generic.dztvs
K7AntiVirus Trojan ( 0051918e1 )
K7GW Trojan ( 0051918e1 )
Kaspersky HEUR:Trojan.Win32.Generic
MAX malware (ai score=80)
Malwarebytes Trojan.Agent
MaxSecure Win.MxResIcn.Heur.Gen
McAfee GenericRXII-VF!F92B8C35DCB7
McAfee-GW-Edition GenericRXII-VF!F92B8C35DCB7
MicroWorld-eScan Generic.Malware.SN!hidprn.04880AC5
NANO-Antivirus Trojan.Win32.Xiquit.fyxxck
Panda Trj/Genetic.gen
Qihoo-360 HEUR/QVM11.1.2E6D.Malware.Gen
Rising Dropper.Generic!8.35E (TFE:1:7nvSIoVDjwJ)
SUPERAntiSpyware Trojan.Agent/Gen-MSFake[All]
Sangfor Malware
SentinelOne DFI - Suspicious PE
Sophos W32/VB-FFH
Symantec W32.SillyP2P
TACHYON Worm/W32.SillyP2P.Zen.G
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2004-05-07 07:02:15

PE Imphash

365b1d12b684a96b167a74679ec9e4e3

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
MHxrlORb 0x00001000 0x00008000 0x00000000 0.0
uYtLTSyQ 0x00009000 0x00007000 0x00006c00 7.880006040368946
.rsrc 0x00010000 0x00001000 0x00000c00 3.5175292580299633

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00010408 0x00000128 LANG_SPANISH SUBLANG_SPANISH_MODERN None
RT_ICON 0x00010408 0x00000128 LANG_SPANISH SUBLANG_SPANISH_MODERN None
RT_GROUP_ICON 0x00010534 0x00000022 LANG_SPANISH SUBLANG_SPANISH_MODERN None
RT_VERSION 0x0001055c 0x000003fc LANG_SPANISH SUBLANG_SPANISH_MODERN None

Imports

Library ADVAPI32.dll:
0x4109a8 RegCloseKey
Library KERNEL32.DLL:
0x4109b0 LoadLibraryA
0x4109b4 ExitProcess
0x4109b8 GetProcAddress
0x4109bc VirtualProtect
Library USER32.dll:
0x4109c4 MessageBoxA
L!This program cannot be run in DOS mode.
/<kRkRkR
^iRYjR\gRXWR
AlRkS\RDiRTjRRichkR
MHxrlORb
uYtLTSyQ
#x@3e*qdjSAu
"C@j#gtq$
}}%HS\
h4(s-(@
FCR1NWSm=@(GpkQ9BSV
/`l$ZyU:
(JXm^w
35#5N&A)H^Z&
1|GR1`Py
-a|SoP\
cRgY'|7
SGC<5dL_>-u>c
= Hb1F
8L\W[GYh3
c8/TTPd
3kN64)@
Zx'|@C-exe^
X+zHPd)yv
3^cs=0x!X`
~Qx&W
7^,Ssr}kzT
B.]+`r
0JoFB^r
`0z]NU9 t
J\E KE<yb0G
_?OC6R
txS5q^AQB9F{
W:a`GIvgw
nr#D>^t|
~-k0]g
o6DCj*
[OR|%ks5
x6 C:(wp2
c%`mQQ
[m6^K$+
ek"I}I01Sg
Yr)LkwLG9ChS3;-7
O"S@7.>sdz2
}&0~GQHU
S%"EC9
CkAnpYp
#0O[4`;.TM? ^
MU\=bD@
^Zn$b7h
_vhL}2m5
9~7Oz&5e
s;9R.K
v6u\PMJ
FnGl*]NxkV
?>"Wu0h
lm!V_s
2OY`~j
WKW}i/_B;`
w_2GYt`4
.v-f_!9
D^Pw[{-
M q l<o
gHp{IxUT
)=~>7+
aeiPY.B9
/`covy_
BcgrH6
1+s_86
-/Pwz6
n}P(C3zm
J?=_:4
_Gn7vX
VOv@G31@jL
`Yr,4B
^|$;X(9@G0="^O*|o
;!.7R[9kW(`
-0CCVd
6CYy4_{""8
l}rt~d
gt_:K
{{fNSDv
9^o|{"
hgP1CH
CV1$d|)QQm'f
*b/K 6
&_o:u;
~O$rMToIp:xU_I
l.Va7j>
1-yfb0
k89PI<!b-G
(~Gg?)k?S
xCaq[T
A_:0i)Be,P:
052a2zM
q/=4e<"7O
@,_<H9L
*D}W:G
mou{=4W
V7IJ<i%
4</P_YFN%?[|
B0[%>G
jNs_G0tTnPT[S8;
:_Ue}A,~)
ocoe^(hvSr
a4DPyB^/2w_pq'kE-70
ax[)@H
R!%^Vh
_,a9ntqF
5w5CZ-
S`Y!|7
Yov57"
Z<h8j$SU
h0RF~Oz+
jQ74fD
W^`lxL
oS@uaL?
n{/L1 Be2_
l*Ho|;zK1c
x}1.\M
%wPgDpz|
u)}z%.4E8
|^znpE
D;6k58
M[k{y
JxkK#ilrF
z_l6q3
TZ"Z0W
<=eO">#W/Kn!
>0~2N5$e-
?A"8%
|8D5<iH
nBzQF?
^;.D/:Pk`c5xo
u#mYX^
.)3h5xLg^i.FB;
5U4wo0UV
P64YI4
jG0|-Sw! 4w
Uto*i6
o<NdX7
10`<JT
3#x*`3V
oF~\s:
ou$2c[Y_Wj
b1[WX8g
@FC^(S
lIG_.2HR$E&qb(lztSEFS
1[iXFr
/-vOA>vO4
:D>~d*G
n;`0Fn_N}]Yn6R
|&[;$BO
U!`u8\
~fsPxDXStkt
,lbqDV
'tWW#c
Ez;*.z[s
;BnF'J
~+Cj%
Q!Cz'l
:G$.C+
[6)loxB
~m5[t2 ozta>rNH
-A[|m63UCo2
_#nD_Vdl|N
0w|/T"-0V]2
>3Z>k$
Qv/g:e
vC#no6}@
w6,E+=bylcY$&Z
|l}R"B7D
keF7(u.
`G#G*D[mK
l*5jO
Po4oS0#:>
Tz4BxUZ$
Y}i'N#X%
7BKo_5
+DsHmk!/p
LNK\!s
1+oHJ*U7B
QEFQ!0G
"%BD/Z(F
E"SD]wn{
o=Q-gj
`%R_^
,6^nd'Nx
z5VPz`Sd
zal<CSn
1x\CAU
st!n`+(D
|<DH*X
ly@rv+$p\
7CR\y]
ICAXYh
aHJg81
v-edv| "}0
*]"J:_VMV
cfPCQ0
u#_P^9j{
+n`^qpnl
C#-/Fx2G*=
53aD%Z-@P
u5j58]g
[@pUk
6,&KZTBE-c
.]_V8^
G:}-\RM
@VR<!0
P4t7G7
$zXnFu
w+ld1NF*A
BP,6LCjlKb
:v;#k[T@scV|
r$B^fG?Zx
LiC} `P
N-.uIls|2\[K-
XlT67K
Gp_;,4OeE
IhBkrh'
7,~{mgHg
QKzT35
zd%> 4Ru^
?=7'D3n*
cotJr<I;_
h627kJ|
_3. PopP
/fjSPb4
|7~k!G"
HOhf*S
K/IFEC_2J7o
lz4LVSj>
uhhWV*1
c1}D_i
)LjF[V
Q)QyRo~$].
2oI7z61
G5.F9,C? n
Fsim!g
>)jF(C
dATiVd<
db_I|M,g,$e\
0su(]2
GBF^W[
YcYIp
ihO%[un
x8>-$-]
*sy_XX
=](CgW
91/,IYb0S
hOa7@S
M7@h@#I
\:.5'~?
eDPc]0~o
5$b~yyrR/eH
SeX{%u
CD.c_
K2#j|e|
5/{;\NO_)
5~j2,hR9
oQulG@
))n|+~,
4G2{e$8?
|Z1jmR_
65Ml|6[
-<GPx=NH%
6Y\[,o
9Dhk1A)s
!@4Inj&
0M^\@}\Q
z\OeY6jp/_
-EW97k
r}~kJGs[
nkzL(FY
_U^23E
yjX,Z//
k7nyEZdfu
MzPKKW
HkYmw4
{,t<u
FPU}+s,`
q;~%j$5$o74
3qQ3$_T<u5G
_pSSBDFS_}~`(U
W@Z&C/Q4*
-77# 36HT07$,ST
V/PBP.9[
`D}[r_
?Q;(?3
)n5F{"
1--7/&
|u%Zgf}
9?Y'pR%
0Y;6\+sK
EA|5[8o
|Go_a:j2|
X;t=w[
bboat e
9#{nfo
3@ 4N
3&C\Cu
h;<- pnw
FJ-u>\ST
0uo,l*
T}-9Pc7<2k
xmz?'w
!'6RG+MP
'MnMPO
oT`bye
~Lstk(
JhGIJ(k?
iE_u#5qvT
)(vN)g
(w/3/{z
f9`QcBVB|j?
D3t).gy[L
e,_ePs6
U*nw"kC
z:NyHY
CU(oowkD
Qm$G*4p>
gQ;s{9
^QG^PY
VmAYWGVEW-c@(
%mtA3o
[H;k3zzG
xchUO1
r5j(Vz
8|n@D$?X.EYA4
_ifE)Aiv+VQd
|?"w.#7L
_%.yw>\+
[?VSPB[RQEY
o:KTT j&.
6Q\u2b
s>t/>1-
lPK0B$Vtv
;!`cgcph
Vwo?lLCZxE?TI
8?OM]ECt
Ep=".n:
lI=\h7
1X<+OYlF
zho_CUVC
PmWwAbzsn
M dk%B?&?!&
6wFh;r
`zHn}9?
op=lE[
6kX`f^
Q5ro\k
"cP#7w[<
4B6eQvK"
: C5u6d
kpJ2__
3v3<.sE
pU5!Mm|ny?$E
Kr(V4n7;K
3J>s+s'
l37rBe
t+E~C=2G~
gD={JE{B0
,:HV4Mfte4M
xi"8Pj|iit
4M.>TdBe?
50, (8PX
cw(null
runtime error
_R6028
- Kablto} iniValiz
heap7'o7not=
ugh spac#n
nf{lowi8a
on76std~
5pur+virtu!m3c# c
l('m)4__*ex\/;kX
opeX1so
sc+8F$
C#7mth
p@gB(lram Jm6/3
A*sF+0.+8
)argu(s_W`+fnngo
MB+-`9f
Vis`C++ RLibrA{
a%,klwnc>
GetLa2A
vePm;]up
oessageBoxA3s%32>-.d*"g`
^i@/pv
%uGvXKKbOS
Y@#EXE
COMZ^I+RAR
LuHAZH
RRG,CD
MTDI@RL
s3uKDC4T
SU^s]mW
TGTJTnW|3n
ASN@V}wOOAU@WAVmA
-vl6AI"RMI
^sKSTJ+
M=wM1V
9VdXVKDO
]wTXTcD"RT
HL+M;7vs
Pjamp 5.0 (
f vers).
C.5En&
6Dpde Photos
9.16_e_Its Work!]A
C_aWr85B
Ace8)w5
ZZ IJl>
~{Pluu(DAP)$ dm
BOnlay
BRaA6}1
cackcM%Cm
dtaH 200
2 freeweLZ
3DTtuqR8
Sb(<RDub
].4OMx!n meng$,<
H7.harofeC`npEt
azkaiH(mgFfDd?Zk KqIV
Ccomic
VA< NO7
DLYnBaZ j
j%Z^mP
T/;y Look@+
vr9/Movi
W!mr-P
H,2MPf
fSG=nm
7b2DaC}
C25.)H
vd!Ehl
oJc 6[G$
CC$ARCc+hDn
ZJCG-`a6tjm
GGoi^x
gLz/jT'
Abrut-<
Ci< 6Pp
SP~,4(<N?^d
7`3SoQM
$Lt$ADDQ(eB
`8]hum
\4O&perT0(p
JzukhO`=
a(Ex|aim0
_MI#838A`
nNkSmaQ^B4@CZu4Wts!3H? !F<`o g9
z5@E1S{ivoE*
L_-m-`qc oEt
1 Bd7{abO
+6mb2[tkoKx
uyoigOo!
8uj"ess
EMULE.t
dSdaG@h
+012345:
Kazaa\!
l'kDB0?
IM5ll"h
z|4Mxh
^a[_~ow
^__j2/
dTUUU2*
StTypeW7
|f_j&soryAjn
g_Free
yce)(upInfoR<mf
EDPr7mY
n&URe{
vpt<te`EaOH
MBys,Z
P*Uapd
Fh'Bu0aff
+Addr/Lol
adJdlOfp
21,`@2
@.&Ox4
FebX'h
XPTPSWXaD$j
33333330
{{{{{{{3
{{{{{{{33
{{{{{{{330
{{{{{{{330
{{{{{{{330
3333333
33?030
33333333
wwwwwwwwwww
DDDDDD@
DDDDDDGpw
DDDDDDGpw
DDDDDDDDDDD
wwwwwwwwwww
DDDpp@
ADVAPI32.dll
KERNEL32.DLL
USER32.dll
RegCloseKey
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
MessageBoxA
VS_VERSION_INFO
StringFileInfo
0c0a04b0
Comments
Microsoft
CompanyName
Microsoft
FileDescription
Microsoft
FileVersion
1, 0, 0, 1
InternalName
Microsoft
LegalCopyright
Copyright
LegalTrademarks
Debido a que es un Gusano, no creo oportuno rellenar este cuadro. jejeje
OriginalFilename
Microsoft
PrivateBuild
Microsoft
ProductName
Microsoft
ProductVersion
1, 0, 0, 1
SpecialBuild
Microsoft
VarFileInfo
Translation

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.