4.2
中危
2 个模型检测该样本为恶意!
重新分析
更多

9444212aa1c0422123cca1b85dcb56a4ae799d9eb1b46a0f16e04511159a0fda

c464d22da762d417fd26f0e4bd21a909.exe

分析耗时

102s

最近分析

文件大小

16.2MB
静态报毒 动态报毒 QVM07 TURKOJAN
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20200129 18.4.3895.0
Kingsoft 20200129 2013.8.14.323
McAfee 20200129 6.0.6.653
Tencent 20200129 1.0.0.1
CrowdStrike 20190702 1.0
静态指标
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:3995498048&cup2hreq=69376cc8ba158d15f976c75152cd896eaf355256bc75f1140fa57d6b33386fa1
Performs some HTTP requests (4 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619913491&mv=u&mvi=1&pl=23&shardbypass=yes
request HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f042f8622c420550&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619913612&mv=m
request POST https://update.googleapis.com/service/update2?cup2key=10:3995498048&cup2hreq=69376cc8ba158d15f976c75152cd896eaf355256bc75f1140fa57d6b33386fa1
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:3995498048&cup2hreq=69376cc8ba158d15f976c75152cd896eaf355256bc75f1140fa57d6b33386fa1
Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (2 个事件)
Time & API Arguments Status Return Repeated
1619942682.132876
GetDiskFreeSpaceExW
root_path: C:\
free_bytes_available: 19462590464
total_number_of_free_bytes: 19462590464
total_number_of_bytes: 34252779520
success 1 0
1619942682.132876
GetDiskFreeSpaceW
root_path: C:\
sectors_per_cluster: 8
number_of_free_clusters: 4751609
total_number_of_clusters: 8362495
bytes_per_sector: 512
success 1 0
File has been identified by 2 AntiVirus engines on VirusTotal as malicious (2 个事件)
CMC Backdoor.Win32.Turkojan!O
Qihoo-360 HEUR/QVM07.1.60E5.Malware.Gen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2011-12-08 15:35:27

Imports

Library KERNEL32.dll:
0x4180a4 GetModuleFileNameA
0x4180a8 GetVersionExA
0x4180ac GetVersion
0x4180b4 GetStringTypeW
0x4180b8 GetStringTypeA
0x4180bc IsBadCodePtr
0x4180c0 IsBadReadPtr
0x4180c8 GetFileType
0x4180cc GetStdHandle
0x4180d0 SetHandleCount
0x4180e8 GetOEMCP
0x4180ec GetACP
0x4180f0 GetCPInfo
0x4180f4 LCMapStringW
0x4180f8 GetDriveTypeA
0x4180fc IsBadWritePtr
0x418100 HeapReAlloc
0x418104 VirtualAlloc
0x418108 VirtualFree
0x41810c HeapCreate
0x418110 HeapDestroy
0x418118 GetCommandLineA
0x41811c GetStartupInfoA
0x418120 GetModuleHandleA
0x418124 MoveFileA
0x418128 DeleteFileA
0x41812c RtlUnwind
0x418134 CreateDirectoryA
0x418138 HeapFree
0x41813c HeapAlloc
0x418140 HeapCompact
0x418144 TerminateProcess
0x418148 ExitProcess
0x41814c GetCurrentProcess
0x418150 MoveFileExA
0x418154 FormatMessageA
0x418158 SetFileTime
0x418160 OpenFile
0x418164 GetFileAttributesA
0x418168 SetFileAttributesA
0x41816c SetErrorMode
0x418170 GetLocalTime
0x418174 GetFullPathNameA
0x418178 MultiByteToWideChar
0x41817c WideCharToMultiByte
0x418180 GetTempPathA
0x418184 GetShortPathNameA
0x418188 GetExitCodeProcess
0x418194 CreateProcessA
0x418198 Sleep
0x41819c lstrcatA
0x4181a0 lstrlenA
0x4181a4 WinExec
0x4181a8 LoadLibraryA
0x4181ac GetProcAddress
0x4181b0 FreeLibrary
0x4181b4 GetDiskFreeSpaceA
0x4181b8 GlobalAlloc
0x4181bc GlobalLock
0x4181c0 GlobalUnlock
0x4181c4 GlobalFree
0x4181c8 CloseHandle
0x4181cc SetFilePointer
0x4181d0 WriteFile
0x4181d4 ReadFile
0x4181d8 CreateFileA
0x4181dc GetLastError
0x4181e0 FindFirstFileA
0x4181e4 FindClose
0x4181ec LCMapStringA
0x4181f0 GetSystemDirectoryA
Library USER32.dll:
0x418210 DialogBoxParamA
0x418214 ExitWindowsEx
0x418218 IsIconic
0x41821c PostQuitMessage
0x418220 DefWindowProcA
0x418224 AdjustWindowRectEx
0x418228 BringWindowToTop
0x41822c EndDialog
0x418230 IsDlgButtonChecked
0x418234 CheckDlgButton
0x418238 SetTimer
0x41823c GetDlgItemTextA
0x418240 SendDlgItemMessageA
0x418244 GetLastActivePopup
0x418248 RegisterClassA
0x41824c LoadCursorA
0x418250 LoadIconA
0x418254 PostMessageA
0x418258 GetWindow
0x41825c SendMessageA
0x418260 GetSysColor
0x418264 ScreenToClient
0x418268 GetWindowRect
0x41826c GetDlgItem
0x418270 EndPaint
0x418274 BeginPaint
0x418278 GetClientRect
0x41827c FillRect
0x418280 CheckRadioButton
0x418284 SetFocus
0x418288 GetParent
0x41828c UpdateWindow
0x418290 IsWindowVisible
0x418294 InvalidateRect
0x418298 CreateDialogParamA
0x41829c RedrawWindow
0x4182a0 PeekMessageA
0x4182a4 GetMessageA
0x4182a8 IsDialogMessageA
0x4182ac TranslateMessage
0x4182b0 DispatchMessageA
0x4182b4 SetDlgItemTextA
0x4182b8 SetWindowTextA
0x4182bc SetWindowPos
0x4182c0 ShowWindow
0x4182c4 DestroyWindow
0x4182c8 CreateWindowExA
0x4182cc GetWindowLongA
0x4182d0 IsWindowEnabled
0x4182d4 CallWindowProcA
0x4182d8 ValidateRect
0x4182dc SetWindowLongA
0x4182e0 GetClassNameA
0x4182e4 MessageBoxA
0x4182e8 EnableWindow
0x4182ec SendMessageTimeoutA
0x4182f0 wsprintfA
0x4182f4 GetSystemMetrics
0x4182f8 DrawTextA
0x4182fc FindWindowA
Library GDI32.dll:
0x41803c CreatePalette
0x418040 SetBkColor
0x418044 ExtTextOutA
0x418048 CreateFontIndirectA
0x418050 SetBkMode
0x418054 AddFontResourceA
0x418058 RemoveFontResourceA
0x41805c GetStockObject
0x418060 GetDeviceCaps
0x418064 DeleteDC
0x418068 DeleteObject
0x41806c BitBlt
0x418070 SelectObject
0x418078 CreateCompatibleDC
0x41807c RealizePalette
0x418080 SelectPalette
0x41808c CreateSolidBrush
0x418090 SetBrushOrgEx
0x418094 SetTextColor
0x418098 StretchDIBits
0x41809c SetStretchBltMode
Library ADVAPI32.dll:
0x418000 RegDeleteValueA
0x418004 OpenProcessToken
0x418010 RegCreateKeyExA
0x418014 RegCreateKeyA
0x418018 RegCloseKey
0x41801c RegOpenKeyA
0x418020 RegSetValueExA
0x418024 RegQueryValueA
0x418028 RegOpenKeyExA
0x41802c RegQueryValueExA
Library SHELL32.dll:
0x4181f8 SHBrowseForFolderA
0x418204 SHGetMalloc
0x418208 ShellExecuteA
Library ole32.dll:
0x418318 OleInitialize
0x41831c CoCreateInstance
0x418320 CoGetMalloc
0x418324 OleUninitialize
Library VERSION.dll:
0x418308 GetFileVersionInfoA
0x41830c VerQueryValueA
0x418310 VerFindFileA
Library COMCTL32.dll:
0x418034

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49192 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49193 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49190 203.208.40.98 update.googleapis.com 443
192.168.56.101 49191 203.208.41.65 redirector.gvt1.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 54178 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58970 114.114.114.114 53
192.168.56.101 60088 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 60221 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f042f8622c420550&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619913612&mv=m 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=f042f8622c420550&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619913612&mv=m HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619913491&mv=u&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619913491&mv=u&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.