3.2
中危
60 个模型检测该样本为恶意!
重新分析
更多

938015f958e315599318398a69789188b8ceb9d4d73a6ec5b59d71c16899f944

c1a8d951b5d64b9bd95b955fc89ba1c5.exe

分析耗时

24s

最近分析

文件大小

741.0KB
静态报毒 动态报毒 100% 42DGGNGZJEM AGENTEVE AI SCORE=82 AIDETECTVM BSCOPE CCKH CONFIDENCE DELF DELFINJECT ENGR FAREIT GENETIC HIGH CONFIDENCE HOQGF HUKABF KRYPTIK LOKIBOT MALWARE2 MALWARE@#U7S3C7ZEV7WR QVM05 R002C0WIA20 SCORE SIGGEN9 SUSPICIOUS PE SXOA UGW@AWJG01CI UNSAFE WACATAC ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FZN!C1A8D951B5D6 20200924 6.0.6.653
Alibaba Trojan:Win32/DelfInject.35fbfc62 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20200925 18.4.3895.0
Tencent Win32.Trojan.Kryptik.Sxoa 20200925 1.0.0.1
Kingsoft 20200925 2013.8.14.323
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620985514.003915
NtAllocateVirtualMemory
process_identifier: 2256
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f0000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.478225697454294 section {'size_of_data': '0x00023000', 'virtual_address': '0x0009c000', 'entropy': 7.478225697454294, 'name': '.rsrc', 'virtual_size': '0x00022e20'} description A section with a high entropy has been found
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 52.218.85.20
File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.AgentEve.1
FireEye Generic.mg.c1a8d951b5d64b9b
McAfee Fareit-FZN!C1A8D951B5D6
Cylance Unsafe
Zillya Dropper.Agent.Win32.435556
SUPERAntiSpyware Trojan.Agent/Gen-Downloader
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/DelfInject.35fbfc62
K7GW Riskware ( 0040eff71 )
Cybereason malicious.1b5d64
Arcabit Trojan.AgentEve.1
Invincea Mal/Generic-S
BitDefenderTheta Gen:NN.ZelphiF.34254.UGW@aWjG01ci
Cyren W32/Delf.CCKH-1589
Symantec Trojan.Gen.MBT
APEX Malicious
Avast Win32:Trojan-gen
ClamAV Win.Dropper.LokiBot-9756467-0
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
BitDefender Trojan.AgentEve.1
NANO-Antivirus Trojan.Win32.Kryptik.hukabf
Paloalto generic.ml
ViRobot Trojan.Win32.Z.Wacatac.758784.E
Tencent Win32.Trojan.Kryptik.Sxoa
Ad-Aware Trojan.AgentEve.1
Emsisoft Trojan.AgentEve.1 (B)
Comodo Malware@#u7s3c7zev7wr
F-Secure Trojan.TR/Dropper.hoqgf
DrWeb Trojan.Siggen9.48175
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R002C0WIA20
McAfee-GW-Edition BehavesLike.Win32.Fareit.bh
Sophos Mal/Generic-S
SentinelOne DFI - Suspicious PE
Webroot W32.Trojan.Gen
Avira TR/Dropper.hoqgf
MAX malware (ai score=82)
Antiy-AVL Trojan/Win32.Kryptik
Microsoft Trojan:Win32/DelfInject.PIA!MTB
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Trojan.AgentEve.1
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Wacatac.C4194450
Acronis suspicious
ALYac Trojan.AgentEve.1
VBA32 BScope.Trojan.Wacatac
Malwarebytes Trojan.MalPack.DLF
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x48e178 VirtualFree
0x48e17c VirtualAlloc
0x48e180 LocalFree
0x48e184 LocalAlloc
0x48e188 GetVersion
0x48e18c GetCurrentThreadId
0x48e198 VirtualQuery
0x48e19c WideCharToMultiByte
0x48e1a0 MultiByteToWideChar
0x48e1a4 lstrlenA
0x48e1a8 lstrcpynA
0x48e1ac LoadLibraryExA
0x48e1b0 GetThreadLocale
0x48e1b4 GetStartupInfoA
0x48e1b8 GetProcAddress
0x48e1bc GetModuleHandleA
0x48e1c0 GetModuleFileNameA
0x48e1c4 GetLocaleInfoA
0x48e1c8 GetCommandLineA
0x48e1cc FreeLibrary
0x48e1d0 FindFirstFileA
0x48e1d4 FindClose
0x48e1d8 ExitProcess
0x48e1dc WriteFile
0x48e1e4 RtlUnwind
0x48e1e8 RaiseException
0x48e1ec GetStdHandle
Library user32.dll:
0x48e1f4 GetKeyboardType
0x48e1f8 LoadStringA
0x48e1fc MessageBoxA
0x48e200 CharNextA
Library advapi32.dll:
0x48e208 RegQueryValueExA
0x48e20c RegOpenKeyExA
0x48e210 RegCloseKey
Library oleaut32.dll:
0x48e218 SysFreeString
0x48e21c SysReAllocStringLen
0x48e220 SysAllocStringLen
Library kernel32.dll:
0x48e228 TlsSetValue
0x48e22c TlsGetValue
0x48e230 LocalAlloc
0x48e234 GetModuleHandleA
Library advapi32.dll:
0x48e23c RegQueryValueExA
0x48e240 RegOpenKeyExA
0x48e244 RegCloseKey
Library kernel32.dll:
0x48e24c lstrcpyA
0x48e250 WriteFile
0x48e258 WaitForSingleObject
0x48e25c VirtualQuery
0x48e260 VirtualProtectEx
0x48e264 VirtualProtect
0x48e268 VirtualAlloc
0x48e26c Sleep
0x48e270 SizeofResource
0x48e274 SetThreadLocale
0x48e278 SetFilePointer
0x48e27c SetEvent
0x48e280 SetErrorMode
0x48e284 SetEndOfFile
0x48e288 ResetEvent
0x48e28c ReadFile
0x48e290 MultiByteToWideChar
0x48e294 MulDiv
0x48e298 LockResource
0x48e29c LoadResource
0x48e2a0 LoadLibraryA
0x48e2ac GlobalUnlock
0x48e2b0 GlobalSize
0x48e2b4 GlobalReAlloc
0x48e2b8 GlobalHandle
0x48e2bc GlobalLock
0x48e2c0 GlobalFree
0x48e2c4 GlobalFindAtomA
0x48e2c8 GlobalDeleteAtom
0x48e2cc GlobalAlloc
0x48e2d0 GlobalAddAtomA
0x48e2d4 GetVersionExA
0x48e2d8 GetVersion
0x48e2dc GetUserDefaultLCID
0x48e2e0 GetTickCount
0x48e2e4 GetThreadLocale
0x48e2e8 GetTempPathA
0x48e2f0 GetSystemTime
0x48e2f4 GetSystemInfo
0x48e2f8 GetStringTypeExA
0x48e2fc GetStdHandle
0x48e300 GetProcAddress
0x48e304 GetModuleHandleA
0x48e308 GetModuleFileNameA
0x48e30c GetLocaleInfoA
0x48e310 GetLocalTime
0x48e314 GetLastError
0x48e318 GetFullPathNameA
0x48e31c GetFileSize
0x48e320 GetFileAttributesA
0x48e324 GetDiskFreeSpaceA
0x48e328 GetDateFormatA
0x48e32c GetCurrentThreadId
0x48e330 GetCurrentProcessId
0x48e334 GetComputerNameA
0x48e338 GetCPInfo
0x48e33c GetACP
0x48e340 FreeResource
0x48e344 InterlockedExchange
0x48e348 FreeLibrary
0x48e34c FormatMessageA
0x48e350 FindResourceA
0x48e354 FindFirstFileA
0x48e358 FindClose
0x48e368 ExitProcess
0x48e36c EnumCalendarInfoA
0x48e378 CreateThread
0x48e37c CreateFileA
0x48e380 CreateEventA
0x48e384 CopyFileA
0x48e388 CompareStringA
0x48e38c CloseHandle
Library version.dll:
0x48e394 VerQueryValueA
0x48e39c GetFileVersionInfoA
Library gdi32.dll:
0x48e3a4 UnrealizeObject
0x48e3a8 StretchBlt
0x48e3ac SetWindowOrgEx
0x48e3b0 SetWinMetaFileBits
0x48e3b4 SetViewportOrgEx
0x48e3b8 SetTextColor
0x48e3bc SetStretchBltMode
0x48e3c0 SetROP2
0x48e3c4 SetPixel
0x48e3c8 SetMapMode
0x48e3cc SetEnhMetaFileBits
0x48e3d0 SetDIBColorTable
0x48e3d4 SetBrushOrgEx
0x48e3d8 SetBkMode
0x48e3dc SetBkColor
0x48e3e0 SelectPalette
0x48e3e4 SelectObject
0x48e3e8 SelectClipRgn
0x48e3ec SaveDC
0x48e3f0 RestoreDC
0x48e3f4 Rectangle
0x48e3f8 RectVisible
0x48e3fc RealizePalette
0x48e400 Polyline
0x48e404 PlayEnhMetaFile
0x48e408 PatBlt
0x48e40c MoveToEx
0x48e410 MaskBlt
0x48e414 LineTo
0x48e418 LPtoDP
0x48e41c IntersectClipRect
0x48e420 GetWindowOrgEx
0x48e424 GetWinMetaFileBits
0x48e428 GetTextMetricsA
0x48e434 GetStockObject
0x48e438 GetPixel
0x48e43c GetPaletteEntries
0x48e440 GetObjectA
0x48e450 GetEnhMetaFileBits
0x48e454 GetDeviceCaps
0x48e458 GetDIBits
0x48e45c GetDIBColorTable
0x48e460 GetDCOrgEx
0x48e468 GetClipRgn
0x48e46c GetClipBox
0x48e470 GetBrushOrgEx
0x48e474 GetBitmapBits
0x48e478 ExcludeClipRect
0x48e47c DeleteObject
0x48e480 DeleteEnhMetaFile
0x48e484 DeleteDC
0x48e488 CreateSolidBrush
0x48e48c CreateRectRgn
0x48e490 CreatePenIndirect
0x48e494 CreatePalette
0x48e49c CreateFontIndirectA
0x48e4a0 CreateEnhMetaFileA
0x48e4a4 CreateDIBitmap
0x48e4a8 CreateDIBSection
0x48e4ac CreateCompatibleDC
0x48e4b4 CreateBrushIndirect
0x48e4b8 CreateBitmap
0x48e4bc CopyEnhMetaFileA
0x48e4c0 CloseEnhMetaFile
0x48e4c4 BitBlt
Library user32.dll:
0x48e4cc CreateWindowExA
0x48e4d0 WindowFromPoint
0x48e4d4 WinHelpA
0x48e4d8 WaitMessage
0x48e4dc UpdateWindow
0x48e4e0 UnregisterClassA
0x48e4e4 UnhookWindowsHookEx
0x48e4e8 TranslateMessage
0x48e4f0 TrackPopupMenu
0x48e4f8 ShowWindow
0x48e4fc ShowScrollBar
0x48e500 ShowOwnedPopups
0x48e504 ShowCursor
0x48e508 SetWindowsHookExA
0x48e50c SetWindowTextA
0x48e510 SetWindowPos
0x48e514 SetWindowPlacement
0x48e518 SetWindowLongA
0x48e51c SetTimer
0x48e520 SetScrollRange
0x48e524 SetScrollPos
0x48e528 SetScrollInfo
0x48e52c SetRect
0x48e530 SetPropA
0x48e534 SetParent
0x48e538 SetMenuItemInfoA
0x48e53c SetMenu
0x48e540 SetKeyboardState
0x48e544 SetForegroundWindow
0x48e548 SetFocus
0x48e54c SetCursor
0x48e550 SetClipboardData
0x48e554 SetClassLongA
0x48e558 SetCapture
0x48e55c SetActiveWindow
0x48e560 SendMessageA
0x48e564 ScrollWindow
0x48e568 ScreenToClient
0x48e56c RemovePropA
0x48e570 RemoveMenu
0x48e574 ReleaseDC
0x48e578 ReleaseCapture
0x48e584 RegisterClassA
0x48e588 RedrawWindow
0x48e58c PtInRect
0x48e590 PostQuitMessage
0x48e594 PostMessageA
0x48e598 PeekMessageA
0x48e59c OpenClipboard
0x48e5a0 OffsetRect
0x48e5a4 OemToCharA
0x48e5a8 MessageBoxA
0x48e5ac MessageBeep
0x48e5b0 MapWindowPoints
0x48e5b4 MapVirtualKeyA
0x48e5b8 LoadStringA
0x48e5bc LoadKeyboardLayoutA
0x48e5c0 LoadIconA
0x48e5c4 LoadCursorA
0x48e5c8 LoadBitmapA
0x48e5cc KillTimer
0x48e5d0 IsZoomed
0x48e5d4 IsWindowVisible
0x48e5d8 IsWindowEnabled
0x48e5dc IsWindow
0x48e5e0 IsRectEmpty
0x48e5e4 IsIconic
0x48e5e8 IsDialogMessageA
0x48e5ec IsChild
0x48e5f0 IsCharAlphaNumericA
0x48e5f4 IsCharAlphaA
0x48e5f8 InvalidateRect
0x48e5fc IntersectRect
0x48e600 InsertMenuItemA
0x48e604 InsertMenuA
0x48e608 InflateRect
0x48e610 GetWindowTextA
0x48e614 GetWindowRect
0x48e618 GetWindowPlacement
0x48e61c GetWindowLongA
0x48e620 GetWindowDC
0x48e624 GetTopWindow
0x48e628 GetSystemMetrics
0x48e62c GetSystemMenu
0x48e630 GetSysColorBrush
0x48e634 GetSysColor
0x48e638 GetSubMenu
0x48e63c GetScrollRange
0x48e640 GetScrollPos
0x48e644 GetScrollInfo
0x48e648 GetPropA
0x48e64c GetParent
0x48e650 GetWindow
0x48e654 GetMessageTime
0x48e658 GetMenuStringA
0x48e65c GetMenuState
0x48e660 GetMenuItemInfoA
0x48e664 GetMenuItemID
0x48e668 GetMenuItemCount
0x48e66c GetMenu
0x48e670 GetLastActivePopup
0x48e674 GetKeyboardState
0x48e67c GetKeyboardLayout
0x48e680 GetKeyState
0x48e684 GetKeyNameTextA
0x48e688 GetIconInfo
0x48e68c GetForegroundWindow
0x48e690 GetFocus
0x48e694 GetDlgItem
0x48e698 GetDesktopWindow
0x48e69c GetDCEx
0x48e6a0 GetDC
0x48e6a4 GetCursorPos
0x48e6a8 GetCursor
0x48e6ac GetClipboardData
0x48e6b0 GetClientRect
0x48e6b4 GetClassNameA
0x48e6b8 GetClassInfoA
0x48e6bc GetCapture
0x48e6c0 GetActiveWindow
0x48e6c4 FrameRect
0x48e6c8 FindWindowA
0x48e6cc FillRect
0x48e6d0 EqualRect
0x48e6d4 EnumWindows
0x48e6d8 EnumThreadWindows
0x48e6e0 EndPaint
0x48e6e4 EndDeferWindowPos
0x48e6e8 EnableWindow
0x48e6ec EnableScrollBar
0x48e6f0 EnableMenuItem
0x48e6f4 EmptyClipboard
0x48e6f8 DrawTextA
0x48e6fc DrawMenuBar
0x48e700 DrawIconEx
0x48e704 DrawIcon
0x48e708 DrawFrameControl
0x48e70c DrawFocusRect
0x48e710 DrawEdge
0x48e714 DispatchMessageA
0x48e718 DestroyWindow
0x48e71c DestroyMenu
0x48e720 DestroyIcon
0x48e724 DestroyCursor
0x48e728 DeleteMenu
0x48e72c DeferWindowPos
0x48e730 DefWindowProcA
0x48e734 DefMDIChildProcA
0x48e738 DefFrameProcA
0x48e73c CreatePopupMenu
0x48e740 CreateMenu
0x48e744 CreateIcon
0x48e748 CloseClipboard
0x48e74c ClientToScreen
0x48e750 CheckMenuItem
0x48e754 CallWindowProcA
0x48e758 CallNextHookEx
0x48e75c BeginPaint
0x48e760 BeginDeferWindowPos
0x48e764 CharNextA
0x48e768 CharLowerBuffA
0x48e76c CharLowerA
0x48e770 CharUpperBuffA
0x48e774 CharToOemA
0x48e778 AdjustWindowRectEx
Library kernel32.dll:
0x48e784 Sleep
Library oleaut32.dll:
0x48e78c SafeArrayPtrOfIndex
0x48e790 SafeArrayGetUBound
0x48e794 SafeArrayGetLBound
0x48e798 SafeArrayCreate
0x48e79c VariantChangeType
0x48e7a0 VariantCopy
0x48e7a4 VariantClear
0x48e7a8 VariantInit
Library ole32.dll:
0x48e7b4 IsAccelerator
0x48e7b8 OleDraw
0x48e7c0 CoTaskMemFree
0x48e7c4 ProgIDFromCLSID
0x48e7c8 StringFromCLSID
0x48e7cc CoCreateInstance
0x48e7d0 CoGetClassObject
0x48e7d4 CoUninitialize
0x48e7d8 CoInitialize
0x48e7dc IsEqualGUID
Library oleaut32.dll:
0x48e7e4 GetErrorInfo
0x48e7e8 GetActiveObject
0x48e7ec SysFreeString
Library comctl32.dll:
0x48e7fc ImageList_Write
0x48e800 ImageList_Read
0x48e810 ImageList_DragMove
0x48e814 ImageList_DragLeave
0x48e818 ImageList_DragEnter
0x48e81c ImageList_EndDrag
0x48e820 ImageList_BeginDrag
0x48e824 ImageList_Remove
0x48e828 ImageList_DrawEx
0x48e82c ImageList_Replace
0x48e830 ImageList_Draw
0x48e840 ImageList_Add
0x48e848 ImageList_Destroy
0x48e84c ImageList_Create
Library comdlg32.dll:
0x48e854 GetOpenFileNameA
Library kernel32.dll:

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
52.218.85.20 80 192.168.56.101 49182

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 53658 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 60124 239.255.255.250 3702
192.168.56.101 62194 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.