3.6
中危
52 个模型检测该样本为恶意!
重新分析
更多

7310d9b87d90bb647879dd9a7adc8cb76e0630dca1e15e75abfd0083203e83a2

c19c9fa6faab2f58ec048bb4718a0150.exe

分析耗时

34s

最近分析

文件大小

738.0KB
静态报毒 动态报毒 AGEN AI SCORE=88 AIDETECTVM ANDROM ATTRIBUTE CEEINJECT CLOUD CONFIDENCE EZZKJ FSBM GDSDA GENERICKD HDDU HIGH CONFIDENCE HIGHCONFIDENCE HPDF KRYPTIK LVDR MALICIOUS PE MALPE MALWARE1 MALWARE@#1PJXM7HUTKHPA QVM10 SCORE SPYBOTNET THEOIBO UNSAFE UUW@AUO5HDSG X2068 ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Trojan-FSBM!C19C9FA6FAAB 20200811 6.0.6.653
Alibaba Trojan:Win32/Androm.838c3284 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20200811 18.4.3895.0
Kingsoft 20200811 2013.8.14.323
Tencent 20200811 1.0.0.1
CrowdStrike win/malicious_confidence_80% (W) 20190702 1.0
静态指标
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1619861636.95225
NtProtectVirtualMemory
process_identifier: 1888
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 499712
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x005aa000
success 0 0
1619861636.96825
NtAllocateVirtualMemory
process_identifier: 1888
region_size: 815104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00680000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.9763686937270535 section {'size_of_data': '0x0007e800', 'virtual_address': '0x00018000', 'entropy': 7.9763686937270535, 'name': '.rdata', 'virtual_size': '0x0007e74e'} description A section with a high entropy has been found
entropy 0.6865671641791045 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.24.14:443
File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.33788806
FireEye Generic.mg.c19c9fa6faab2f58
McAfee Trojan-FSBM!C19C9FA6FAAB
Cylance Unsafe
Zillya Trojan.Kryptik.Win32.2015361
Sangfor Malware
K7AntiVirus Trojan ( 005662ee1 )
Alibaba Trojan:Win32/Androm.838c3284
K7GW Trojan ( 005662ee1 )
Cybereason malicious.8afc5d
TrendMicro Backdoor.Win32.ANDROM.THEOIBO
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Trojan-gen
GData Trojan.GenericKD.33788806
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Trojan.GenericKD.33788806
Paloalto generic.ml
AegisLab Trojan.Multi.Generic.4!c
Rising Trojan.Kryptik!1.C698 (CLOUD)
Ad-Aware Trojan.GenericKD.33788806
Emsisoft Trojan.GenericKD.33788806 (B)
Comodo Malware@#1pjxm7hutkhpa
F-Secure Heuristic.HEUR/AGEN.1135293
DrWeb BackDoor.SpyBotNET.10
VIPRE Trojan.Win32.Generic!BT
Invincea heuristic
Sophos Mal/Generic-S
SentinelOne DFI - Malicious PE
Cyren W32/Trojan.LVDR-1834
Jiangmin Trojan.Generic.ezzkj
Avira HEUR/AGEN.1135293
Arcabit Trojan.Generic.D2039386
ZoneAlarm HEUR:Trojan.Win32.Generic
Microsoft VirTool:Win32/CeeInject.JJ!rfn
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.MalPe.X2068
Acronis suspicious
BitDefenderTheta Gen:NN.ZexaF.34152.UuW@auO5hdSG
ALYac Trojan.GenericKD.33788806
MAX malware (ai score=88)
Malwarebytes Trojan.MalPack.GS
ESET-NOD32 a variant of Win32/Kryptik.HDDU
TrendMicro-HouseCall Backdoor.Win32.ANDROM.THEOIBO
Ikarus Trojan.Win32.Crypt
Fortinet W32/Kryptik.HPDF!tr
AVG Win32:Trojan-gen
Panda Trj/GdSda.A
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2018-11-13 13:21:35

Imports

Library KERNEL32.dll:
0x418000 lstrlenA
0x418008 FindAtomW
0x41800c OpenFileMappingA
0x418010 GetLongPathNameW
0x418014 GetConsoleAliasA
0x418018 MapViewOfFile
0x418020 DisconnectNamedPipe
0x418028 OpenProcess
0x418030 SetVolumeLabelW
0x41803c ClearCommError
0x418040 HeapAlloc
0x418048 GetLastError
0x41804c FindFirstFileExA
0x418050 LoadResource
0x418054 GlobalAlloc
0x418058 GetProcAddress
0x41805c GetModuleHandleA
0x418060 lstrcatA
0x418068 GetExitCodeThread
0x418070 GetAtomNameW
0x418074 GetACP
0x41807c CreateMailslotW
0x418080 GetPriorityClass
0x418090 Sleep
0x4180a4 EncodePointer
0x4180a8 DecodePointer
0x4180ac HeapFree
0x4180b0 RaiseException
0x4180b4 RtlUnwind
0x4180b8 GetCommandLineW
0x4180bc HeapSetInformation
0x4180c0 GetStartupInfoW
0x4180c4 WideCharToMultiByte
0x4180c8 LCMapStringW
0x4180cc MultiByteToWideChar
0x4180d0 GetCPInfo
0x4180d8 TerminateProcess
0x4180dc GetCurrentProcess
0x4180e8 IsDebuggerPresent
0x4180ec HeapCreate
0x4180f0 TlsAlloc
0x4180f4 TlsGetValue
0x4180f8 TlsSetValue
0x4180fc TlsFree
0x418100 GetModuleHandleW
0x418104 SetLastError
0x418108 GetCurrentThreadId
0x41810c SetFilePointer
0x418110 ExitProcess
0x418114 WriteFile
0x418118 GetStdHandle
0x41811c GetModuleFileNameW
0x418128 SetHandleCount
0x418130 GetFileType
0x418138 GetTickCount
0x41813c GetCurrentProcessId
0x418144 GetOEMCP
0x418148 IsValidCodePage
0x41814c GetStringTypeW
0x418150 GetLocaleInfoW
0x418154 HeapReAlloc
0x418158 HeapSize
0x41815c GetUserDefaultLCID
0x418160 GetLocaleInfoA
0x418164 EnumSystemLocalesA
0x418168 IsValidLocale
0x41816c SetStdHandle
0x418170 GetConsoleCP
0x418174 GetConsoleMode
0x418178 FlushFileBuffers
0x41817c LoadLibraryW
0x418180 WriteConsoleW
0x418184 CreateFileW
0x418188 CloseHandle

Exports

Ordinal Address Name
1 0x401170 @calculator@8

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51379 239.255.255.250 3702
192.168.56.101 55371 239.255.255.250 1900
192.168.56.101 55373 239.255.255.250 3702
192.168.56.101 55375 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.