4.8
中危
58 个模型检测该样本为恶意!
重新分析
更多

8799e5ea88300796b9a0ff95668c81998e3805d1844325931b25183d8385560c

c3ca8eefb6f375848498fb6386cd10c7.exe

分析耗时

110s

最近分析

文件大小

1.1MB
静态报毒 动态报毒 AI SCORE=80 AIDETECTVM AUTO BSCOPE CLASSIC CONFIDENCE DELFINJECT DELPHILESS EHW@AWMULCCI ENEZ FAREIT GENERICKD GENETIC HIGH CONFIDENCE HTPDIB KRYPTIK LOKIBOT MALWARE2 NONAME@0 QVM05 R002C0DI320 SCORE SUSPICIOUS PE UNSAFE WANNACRY X2094 XAKK YAYXWFEUKD4 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FYT!C3CA8EEFB6F3 20200914 6.0.6.653
Baidu 20190318 1.0.0.2
Alibaba Trojan:Win32/DelfInject.5f0a13b8 20190527 0.3.0.5
Avast Win32:Trojan-gen 20200916 18.4.3895.0
Tencent Win32.Trojan.Inject.Auto 20200915 1.0.0.1
Kingsoft 20200915 2013.8.14.323
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619861597.17225
NtAllocateVirtualMemory
process_identifier: 1300
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f0000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.602980296687065 section {'size_of_data': '0x00074a00', 'virtual_address': '0x000a2000', 'entropy': 7.602980296687065, 'name': '.rsrc', 'virtual_size': '0x00074964'} description A section with a high entropy has been found
entropy 0.42661179698216734 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.43763776
FireEye Generic.mg.c3ca8eefb6f37584
CAT-QuickHeal Trojan.Crypt
McAfee Fareit-FYT!C3CA8EEFB6F3
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
AegisLab Trojan.Win32.Crypt.4!c
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
BitDefender Trojan.GenericKD.43763776
K7GW Riskware ( 0040eff71 )
Cybereason malicious.77d41c
Arcabit Trojan.Generic.D29BC840
TrendMicro TROJ_GEN.R002C0DI320
BitDefenderTheta Gen:NN.ZelphiF.34242.eHW@aWMulCci
Cyren W32/DelfInject.XAKK-4290
Symantec Ransom.Wannacry
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.Win32.Crypt.gen
Alibaba Trojan:Win32/DelfInject.5f0a13b8
NANO-Antivirus Trojan.Win32.Crypt.htpdib
ViRobot Trojan.Win32.Z.Injector.1120768.AL
Avast Win32:Trojan-gen
Tencent Win32.Trojan.Inject.Auto
Ad-Aware Trojan.GenericKD.43763776
Comodo fls.noname@0
DrWeb Trojan.PWS.Stealer.29212
Zillya Trojan.Injector.Win32.767132
Invincea Mal/Generic-S
Sophos Mal/Generic-S
Ikarus Trojan.Inject
Jiangmin Trojan.Crypt.dxn
MAX malware (ai score=80)
Antiy-AVL Trojan/Win32.Crypt
Microsoft Trojan:Win32/DelfInject.VA!MSR
ZoneAlarm HEUR:Trojan.Win32.Crypt.gen
GData Trojan.GenericKD.43763776
AhnLab-V3 Suspicious/Win.Delphiless.X2094
Acronis suspicious
VBA32 BScope.Trojan.Kryptik
ALYac Trojan.GenericKD.43763776
Malwarebytes Spyware.LokiBot
Zoner Trojan.Win32.92439
ESET-NOD32 MSIL/PSW.Agent.OMJ
TrendMicro-HouseCall TROJ_GEN.R002C0DI320
Rising Trojan.Injector!1.CB34 (CLASSIC)
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.110:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x49418c VirtualFree
0x494190 VirtualAlloc
0x494194 LocalFree
0x494198 LocalAlloc
0x49419c GetVersion
0x4941a0 GetCurrentThreadId
0x4941ac VirtualQuery
0x4941b0 WideCharToMultiByte
0x4941b8 MultiByteToWideChar
0x4941bc lstrlenA
0x4941c0 lstrcpynA
0x4941c4 LoadLibraryExA
0x4941c8 GetThreadLocale
0x4941cc GetStartupInfoA
0x4941d0 GetProcAddress
0x4941d4 GetModuleHandleA
0x4941d8 GetModuleFileNameA
0x4941dc GetLocaleInfoA
0x4941e0 GetLastError
0x4941e8 GetCommandLineA
0x4941ec FreeLibrary
0x4941f0 FindFirstFileA
0x4941f4 FindClose
0x4941f8 ExitProcess
0x4941fc WriteFile
0x494204 RtlUnwind
0x494208 RaiseException
0x49420c GetStdHandle
Library user32.dll:
0x494214 GetKeyboardType
0x494218 LoadStringA
0x49421c MessageBoxA
0x494220 CharNextA
Library advapi32.dll:
0x494228 RegQueryValueExA
0x49422c RegOpenKeyExA
0x494230 RegCloseKey
Library oleaut32.dll:
0x494238 SysFreeString
0x49423c SysReAllocStringLen
0x494240 SysAllocStringLen
Library kernel32.dll:
0x494248 TlsSetValue
0x49424c TlsGetValue
0x494250 LocalAlloc
0x494254 GetModuleHandleA
Library advapi32.dll:
0x49425c RegQueryValueExA
0x494260 RegOpenKeyExA
0x494264 RegCloseKey
Library kernel32.dll:
0x49426c lstrcpyA
0x494270 WriteFile
0x494274 WaitForSingleObject
0x494278 VirtualQuery
0x49427c VirtualProtect
0x494280 VirtualAlloc
0x494284 Sleep
0x494288 SizeofResource
0x49428c SetThreadLocale
0x494290 SetFilePointer
0x494294 SetEvent
0x494298 SetErrorMode
0x49429c SetEndOfFile
0x4942a0 ResetEvent
0x4942a4 ReadFile
0x4942a8 MultiByteToWideChar
0x4942ac MulDiv
0x4942b0 LockResource
0x4942b4 LoadResource
0x4942b8 LoadLibraryA
0x4942c4 GlobalUnlock
0x4942c8 GlobalSize
0x4942cc GlobalReAlloc
0x4942d0 GlobalHandle
0x4942d4 GlobalLock
0x4942d8 GlobalFree
0x4942dc GlobalFindAtomA
0x4942e0 GlobalDeleteAtom
0x4942e4 GlobalAlloc
0x4942e8 GlobalAddAtomA
0x4942f0 GetVersionExA
0x4942f4 GetVersion
0x4942f8 GetUserDefaultLCID
0x4942fc GetTickCount
0x494300 GetThreadLocale
0x494304 GetSystemInfo
0x494308 GetStringTypeExA
0x49430c GetStdHandle
0x494310 GetProcAddress
0x494314 GetModuleHandleA
0x494318 GetModuleFileNameA
0x49431c GetLocaleInfoA
0x494320 GetLocalTime
0x494324 GetLastError
0x494328 GetFullPathNameA
0x49432c GetFileAttributesA
0x494330 GetDiskFreeSpaceA
0x494334 GetDateFormatA
0x494338 GetCurrentThreadId
0x49433c GetCurrentProcessId
0x494340 GetComputerNameA
0x494344 GetCPInfo
0x494348 GetACP
0x49434c FreeResource
0x494350 InterlockedExchange
0x494354 FreeLibrary
0x494358 FormatMessageA
0x49435c FindResourceA
0x494360 FindNextFileA
0x494364 FindFirstFileA
0x494368 FindClose
0x494374 EnumCalendarInfoA
0x494380 CreateThread
0x494384 CreateFileA
0x494388 CreateEventA
0x49438c CompareStringA
0x494390 CloseHandle
Library version.dll:
0x494398 VerQueryValueA
0x4943a0 GetFileVersionInfoA
Library gdi32.dll:
0x4943a8 UnrealizeObject
0x4943ac StretchBlt
0x4943b0 SetWindowOrgEx
0x4943b4 SetWinMetaFileBits
0x4943b8 SetViewportOrgEx
0x4943bc SetTextColor
0x4943c0 SetStretchBltMode
0x4943c4 SetROP2
0x4943c8 SetPixel
0x4943cc SetMapMode
0x4943d0 SetEnhMetaFileBits
0x4943d4 SetDIBColorTable
0x4943d8 SetBrushOrgEx
0x4943dc SetBkMode
0x4943e0 SetBkColor
0x4943e4 SelectPalette
0x4943e8 SelectObject
0x4943ec SaveDC
0x4943f0 RestoreDC
0x4943f4 Rectangle
0x4943f8 RectVisible
0x4943fc RealizePalette
0x494400 Polyline
0x494404 PlayEnhMetaFile
0x494408 PatBlt
0x49440c MoveToEx
0x494410 MaskBlt
0x494414 LineTo
0x494418 LPtoDP
0x49441c IntersectClipRect
0x494420 GetWindowOrgEx
0x494424 GetWinMetaFileBits
0x494428 GetTextMetricsA
0x494434 GetStockObject
0x494438 GetPixel
0x49443c GetPaletteEntries
0x494440 GetObjectA
0x494450 GetEnhMetaFileBits
0x494454 GetDeviceCaps
0x494458 GetDIBits
0x49445c GetDIBColorTable
0x494460 GetDCOrgEx
0x494468 GetClipBox
0x49446c GetBrushOrgEx
0x494470 GetBitmapBits
0x494474 ExtTextOutA
0x494478 ExcludeClipRect
0x49447c DeleteObject
0x494480 DeleteEnhMetaFile
0x494484 DeleteDC
0x494488 CreateSolidBrush
0x49448c CreatePenIndirect
0x494490 CreatePen
0x494494 CreatePalette
0x49449c CreateFontIndirectA
0x4944a0 CreateEnhMetaFileA
0x4944a4 CreateDIBitmap
0x4944a8 CreateDIBSection
0x4944ac CreateCompatibleDC
0x4944b4 CreateBrushIndirect
0x4944b8 CreateBitmap
0x4944bc CopyEnhMetaFileA
0x4944c0 CloseEnhMetaFile
0x4944c4 BitBlt
Library user32.dll:
0x4944cc CreateWindowExA
0x4944d0 WindowFromPoint
0x4944d4 WinHelpA
0x4944d8 WaitMessage
0x4944dc ValidateRect
0x4944e0 UpdateWindow
0x4944e4 UnregisterClassA
0x4944e8 UnhookWindowsHookEx
0x4944ec TranslateMessage
0x4944f4 TrackPopupMenu
0x4944fc ShowWindow
0x494500 ShowScrollBar
0x494504 ShowOwnedPopups
0x494508 ShowCursor
0x49450c SetWindowsHookExA
0x494510 SetWindowTextA
0x494514 SetWindowPos
0x494518 SetWindowPlacement
0x49451c SetWindowLongA
0x494520 SetTimer
0x494524 SetScrollRange
0x494528 SetScrollPos
0x49452c SetScrollInfo
0x494530 SetRect
0x494534 SetPropA
0x494538 SetParent
0x49453c SetMenuItemInfoA
0x494540 SetMenu
0x494544 SetForegroundWindow
0x494548 SetFocus
0x49454c SetCursor
0x494550 SetClassLongA
0x494554 SetCapture
0x494558 SetActiveWindow
0x49455c SendMessageA
0x494560 ScrollWindow
0x494564 ScreenToClient
0x494568 RemovePropA
0x49456c RemoveMenu
0x494570 ReleaseDC
0x494574 ReleaseCapture
0x494580 RegisterClassA
0x494584 RedrawWindow
0x494588 PtInRect
0x49458c PostQuitMessage
0x494590 PostMessageA
0x494594 PeekMessageA
0x494598 OffsetRect
0x49459c OemToCharA
0x4945a0 MessageBoxA
0x4945a4 MapWindowPoints
0x4945a8 MapVirtualKeyA
0x4945ac LoadStringA
0x4945b0 LoadKeyboardLayoutA
0x4945b4 LoadIconA
0x4945b8 LoadCursorA
0x4945bc LoadBitmapA
0x4945c0 KillTimer
0x4945c4 IsZoomed
0x4945c8 IsWindowVisible
0x4945cc IsWindowEnabled
0x4945d0 IsWindow
0x4945d4 IsRectEmpty
0x4945d8 IsIconic
0x4945dc IsDialogMessageA
0x4945e0 IsChild
0x4945e4 InvalidateRect
0x4945e8 IntersectRect
0x4945ec InsertMenuItemA
0x4945f0 InsertMenuA
0x4945f4 InflateRect
0x4945fc GetWindowTextA
0x494600 GetWindowRect
0x494604 GetWindowPlacement
0x494608 GetWindowLongA
0x49460c GetWindowDC
0x494610 GetTopWindow
0x494614 GetSystemMetrics
0x494618 GetSystemMenu
0x49461c GetSysColorBrush
0x494620 GetSysColor
0x494624 GetSubMenu
0x494628 GetScrollRange
0x49462c GetScrollPos
0x494630 GetScrollInfo
0x494634 GetPropA
0x494638 GetParent
0x49463c GetWindow
0x494640 GetMessageTime
0x494644 GetMenuStringA
0x494648 GetMenuState
0x49464c GetMenuItemInfoA
0x494650 GetMenuItemID
0x494654 GetMenuItemCount
0x494658 GetMenu
0x49465c GetLastActivePopup
0x494660 GetKeyboardState
0x494668 GetKeyboardLayout
0x49466c GetKeyState
0x494670 GetKeyNameTextA
0x494674 GetIconInfo
0x494678 GetForegroundWindow
0x49467c GetFocus
0x494680 GetDlgItem
0x494684 GetDesktopWindow
0x494688 GetDCEx
0x49468c GetDC
0x494690 GetCursorPos
0x494694 GetCursor
0x494698 GetClipboardData
0x49469c GetClientRect
0x4946a0 GetClassNameA
0x4946a4 GetClassInfoA
0x4946a8 GetCapture
0x4946ac GetActiveWindow
0x4946b0 FrameRect
0x4946b4 FindWindowA
0x4946b8 FillRect
0x4946bc EqualRect
0x4946c0 EnumWindows
0x4946c4 EnumThreadWindows
0x4946c8 EndPaint
0x4946cc EnableWindow
0x4946d0 EnableScrollBar
0x4946d4 EnableMenuItem
0x4946d8 DrawTextA
0x4946dc DrawMenuBar
0x4946e0 DrawIconEx
0x4946e4 DrawIcon
0x4946e8 DrawFrameControl
0x4946ec DrawFocusRect
0x4946f0 DrawEdge
0x4946f4 DispatchMessageA
0x4946f8 DestroyWindow
0x4946fc DestroyMenu
0x494700 DestroyIcon
0x494704 DestroyCursor
0x494708 DeleteMenu
0x49470c DefWindowProcA
0x494710 DefMDIChildProcA
0x494714 DefFrameProcA
0x494718 CreatePopupMenu
0x49471c CreateMenu
0x494720 CreateIcon
0x494724 ClientToScreen
0x494728 CheckMenuItem
0x49472c CallWindowProcA
0x494730 CallNextHookEx
0x494734 BeginPaint
0x494738 CharNextA
0x49473c CharLowerBuffA
0x494740 CharLowerA
0x494744 CharToOemA
0x494748 AdjustWindowRectEx
Library kernel32.dll:
0x494754 Sleep
Library oleaut32.dll:
0x49475c SafeArrayPtrOfIndex
0x494760 SafeArrayGetUBound
0x494764 SafeArrayGetLBound
0x494768 SafeArrayCreate
0x49476c VariantChangeType
0x494770 VariantCopy
0x494774 VariantClear
0x494778 VariantInit
Library ole32.dll:
0x494784 IsAccelerator
0x494788 OleDraw
0x494790 CoTaskMemFree
0x494794 ProgIDFromCLSID
0x494798 StringFromCLSID
0x49479c CoCreateInstance
0x4947a0 CoGetClassObject
0x4947a4 CoUninitialize
0x4947a8 CoInitialize
0x4947ac IsEqualGUID
Library oleaut32.dll:
0x4947b4 GetErrorInfo
0x4947b8 GetActiveObject
0x4947bc SysFreeString
Library comctl32.dll:
0x4947cc ImageList_Write
0x4947d0 ImageList_Read
0x4947e0 ImageList_DragMove
0x4947e4 ImageList_DragLeave
0x4947e8 ImageList_DragEnter
0x4947ec ImageList_EndDrag
0x4947f0 ImageList_BeginDrag
0x4947f4 ImageList_Remove
0x4947f8 ImageList_DrawEx
0x4947fc ImageList_Replace
0x494800 ImageList_Draw
0x494810 ImageList_Add
0x494818 ImageList_Destroy
0x49481c ImageList_Create
0x494820 InitCommonControls
Library comdlg32.dll:
0x494828 GetOpenFileNameA
Library winmm.dll:
0x494830 mciSendCommandA
0x494834 mciGetErrorStringA
Library kernel32.dll:

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 60221 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.