SmartHawk

2.8

中危

43 个模型检测该样本为恶意！

重新分析

下载样本

ad6e6790cc8922aee9c4d4f3354386c816c9b1f68c26be072909cab83b96a025

c3ecac99539eed0540a74c1577246ff0.exe

分析耗时

19s

最近分析

文件大小

193.0KB

静态报毒动态报毒 100% AI SCORE=84 ALJZ ARTEMIS ATTRIBUTE AZORULT BEHAVIOR CLOUD CONFIDENCE DT4AKR FILEREPMALWARE GDSDA GENERICKD GENKRYPTIK HACKTOOL HBBG HIGH HIGH CONFIDENCE HIGHCONFIDENCE KRYPT KRYPTIK MALPE MKW@AK1AJBAG MOKSSTEAL MULTIPLUG OCCAMY OHXXO R325581 SCORE STEAM SUSGEN UNSAFE ZEXAF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Artemis!C3ECAC99539E	20200213	6.0.6.653
Avast		20200213	18.4.3895.0
Baidu		20190318	1.0.0.2
Kingsoft		20200213	2013.8.14.323
Tencent		20200213	1.0.0.1
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (4 个事件)

section	.yilor
section	.tejilo
section	.wiyagal
section	.komoso

Allocates read-write-execute memory (usually to unpack itself) (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1620985509.528017 NtProtectVirtualMemory	process_identifier: 472 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 69632 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x008ca000	success	0	0
1620985509.528017 NtAllocateVirtualMemory	process_identifier: 472 region_size: 118784 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00310000	success	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.618811578234703

section

{'size_of_data': '0x0001f800', 'virtual_address': '0x00001000', 'entropy': 7.618811578234703, 'name': '.text', 'virtual_size': '0x0001f620'}

description

A section with a high entropy has been found

entropy

0.65625

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 43 AntiVirus engines on VirusTotal as malicious (43 个事件)

DrWeb	Trojan.PWS.Steam.17623
MicroWorld-eScan	Trojan.GenericKD.33270210
FireEye	Generic.mg.c3ecac99539eed05
McAfee	Artemis!C3ECAC99539E
Sangfor	Malware
K7GW	Hacktool ( 700007861 )
Cybereason	malicious.9539ee
Arcabit	Trojan.Generic.D1FBA9C2
Invincea	heuristic
BitDefenderTheta	Gen:NN.ZexaF.34090.mKW@aK1ajBaG
Symantec	ML.Attribute.HighConfidence
ClamAV	Win.Malware.Generic-7561022-0
Kaspersky	Trojan-PSW.Win32.Azorult.aljz
BitDefender	Trojan.GenericKD.33270210
Rising	Trojan.GenKryptik!8.AA55 (CLOUD)
Ad-Aware	Trojan.GenericKD.33270210
Emsisoft	Trojan.GenericKD.33270210 (B)
F-Secure	Trojan.TR/AD.MoksSteal.ohxxo
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.MultiPlug.ch
Trapmine	malicious.high.ml.score
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Krypt
Avira	TR/AD.MoksSteal.ohxxo
Microsoft	Trojan:Win32/Occamy.C
Endgame	malicious (high confidence)
AegisLab	Trojan.Win32.Malicious.4!c
ZoneAlarm	Trojan-PSW.Win32.Azorult.aljz
GData	Win32.Trojan-Stealer.Azorult.DT4AKR
AhnLab-V3	Trojan/Win32.MalPe.R325581
Acronis	suspicious
ALYac	Trojan.GenericKD.33270210
Malwarebytes	Trojan.MalPack.GS
APEX	Malicious
ESET-NOD32	a variant of Win32/Kryptik.HBBG
MAX	malware (ai score=84)
eGambit	Unsafe.AI_Score_87%
Fortinet	Malicious_Behavior.SB
MaxSecure	Trojan.Malware.300983.susgen
AVG	FileRepMalware
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_100% (W)
Qihoo-360	Win32/Trojan.PSW.5ce

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2018-10-20 17:38:49

Imports

Library KERNEL32.dll:

• 0x421000 IsBadStringPtrW

• 0x421004 WriteConsoleOutputCharacterW

• 0x421008 lstrlenA

• 0x42100c HeapAlloc

• 0x421010 ClearCommError

• 0x421014 GetCurrentProcess

• 0x421018 GetSystemWindowsDirectoryW

• 0x42101c SetThreadExecutionState

• 0x421020 SetCommBreak

• 0x421024 ConnectNamedPipe

• 0x421028 GetTickCount

• 0x42102c GetCommConfig

• 0x421030 SizeofResource

• 0x421034 DeleteVolumeMountPointW

• 0x421038 EnumSystemCodePagesA

• 0x42103c FindNextVolumeW

• 0x421040 GetAtomNameW

• 0x421044 CompareStringW

• 0x421048 MultiByteToWideChar

• 0x42104c FindFirstFileExA

• 0x421050 GetProcAddress

• 0x421054 LoadLibraryA

• 0x421058 ProcessIdToSessionId

• 0x42105c LocalAlloc

• 0x421060 BuildCommDCBAndTimeoutsW

• 0x421064 SetConsoleCtrlHandler

• 0x421068 RtlCaptureStackBackTrace

• 0x42106c WTSGetActiveConsoleSessionId

• 0x421070 PurgeComm

• 0x421074 lstrcpyA

• 0x421078 GetCommandLineW

• 0x42107c HeapSetInformation

• 0x421080 GetStartupInfoW

• 0x421084 TerminateProcess

• 0x421088 UnhandledExceptionFilter

• 0x42108c SetUnhandledExceptionFilter

• 0x421090 IsDebuggerPresent

• 0x421094 EncodePointer

• 0x421098 DecodePointer

• 0x42109c IsProcessorFeaturePresent

• 0x4210a0 EnterCriticalSection

• 0x4210a4 LeaveCriticalSection

• 0x4210a8 GetLastError

• 0x4210ac SetFilePointer

• 0x4210b0 HeapFree

• 0x4210b4 CloseHandle

• 0x4210b8 GetModuleHandleW

• 0x4210bc ExitProcess

• 0x4210c0 WriteFile

• 0x4210c4 GetStdHandle

• 0x4210c8 GetModuleFileNameW

• 0x4210cc FreeEnvironmentStringsW

• 0x4210d0 GetEnvironmentStringsW

• 0x4210d4 SetHandleCount

• 0x4210d8 InitializeCriticalSectionAndSpinCount

• 0x4210dc GetFileType

• 0x4210e0 DeleteCriticalSection

• 0x4210e4 TlsAlloc

• 0x4210e8 TlsGetValue

• 0x4210ec TlsSetValue

• 0x4210f0 TlsFree

• 0x4210f4 InterlockedIncrement

• 0x4210f8 SetLastError

• 0x4210fc GetCurrentThreadId

• 0x421100 InterlockedDecrement

• 0x421104 HeapCreate

• 0x421108 QueryPerformanceCounter

• 0x42110c GetCurrentProcessId

• 0x421110 GetSystemTimeAsFileTime

• 0x421114 RaiseException

• 0x421118 Sleep

• 0x42111c RtlUnwind

• 0x421120 GetCPInfo

• 0x421124 GetACP

• 0x421128 GetOEMCP

• 0x42112c IsValidCodePage

• 0x421130 WideCharToMultiByte

• 0x421134 GetConsoleCP

• 0x421138 GetConsoleMode

• 0x42113c SetStdHandle

• 0x421140 FlushFileBuffers

• 0x421144 LoadLibraryW

• 0x421148 HeapReAlloc

• 0x42114c LCMapStringW

• 0x421150 GetStringTypeW

• 0x421154 ReadFile

• 0x421158 WriteConsoleW

• 0x42115c HeapSize

• 0x421160 CreateFileW

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.