5.2
中危
45 个模型检测该样本为恶意!
重新分析
更多

07c550d81a89943f6d836816d7ab56678cecba4450ec4de144e53e913302b1a9

c6679c57ac9c0d78239baee102b76271.exe

分析耗时

99s

最近分析

文件大小

1.1MB
静态报毒 动态报毒 AI SCORE=81 ARTEMIS ATTRIBUTE AUTOG BSCOPE CONFIDENCE DELF DOWNLOADER33 EKLE GDSDA GENCIRC GENERICKD GENKRYPTIK HIGHCONFIDENCE HNSYNN INVALIDSIG JLY@AW2RIKCI MALICIOUS R06BC0WGE20 REMCOS REMCOSRAT SCORE TUTKE UNSAFE WACATAC YZY0ORA2J6PYAJ2Q ZELPHICO 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!C6679C57AC9C 20200802 6.0.6.653
Alibaba TrojanDownloader:Win32/Remcosrat.e094198a 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20200802 18.4.3895.0
Tencent Malware.Win32.Gencirc.10cddeeb 20200802 1.0.0.1
Kingsoft 20200802 2013.8.14.323
CrowdStrike win/malicious_confidence_70% (D) 20190702 1.0
静态指标
This executable is signed
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .itext
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619935185.39575
__exception__
stacktrace: 
0x32c9696
0x32c96c9
0x32c95e6
0x327f720
0x32ca025
0x32caf2e
0x328e3fa
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x775a7bca
0x32c67ec
0x32cb1f7
c6679c57ac9c0d78239baee102b76271+0x8a322 @ 0x48a322

registers.esp: 1634020
registers.edi: 0
registers.eax: 1634020
registers.ebp: 1634100
registers.edx: 0
registers.ebx: 1635776
registers.esi: 54478300
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1619935145.56775
NtAllocateVirtualMemory
process_identifier: 1916
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00360000
success 0 0
1619935147.31775
NtAllocateVirtualMemory
process_identifier: 1916
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00950000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Disables proxy possibly for traffic interception (1 个事件)
Time & API Arguments Status Return Repeated
1619935164.11375
RegSetValueExA
key_handle: 0x000002d8
value: 0
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
success 0 0
File has been identified by 45 AntiVirus engines on VirusTotal as malicious (45 个事件)
MicroWorld-eScan Trojan.GenericKD.43485488
FireEye Trojan.GenericKD.43485488
McAfee Artemis!C6679C57AC9C
Cylance Unsafe
Zillya Backdoor.Remcos.Win32.2770
Sangfor Malware
K7AntiVirus Trojan-Downloader ( 0056a9011 )
Alibaba TrojanDownloader:Win32/Remcosrat.e094198a
K7GW Trojan-Downloader ( 0056a9011 )
Arcabit Trojan.Generic.D2978930
BitDefenderTheta Gen:NN.ZelphiCO.34144.jLY@aW2rikci
Symantec ML.Attribute.HighConfidence
Avast Win32:Malware-gen
Kaspersky HEUR:Backdoor.Win32.Remcos.gen
BitDefender Trojan.GenericKD.43485488
NANO-Antivirus Trojan.Win32.Remcos.hnsynn
Tencent Malware.Win32.Gencirc.10cddeeb
Ad-Aware Trojan.GenericKD.43485488
Sophos Troj/AutoG-IP
F-Secure Trojan.TR/Dldr.Delf.tutke
DrWeb Trojan.DownLoader33.63862
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R06BC0WGE20
Emsisoft Trojan.GenericKD.43485488 (B)
Jiangmin Backdoor.Remcos.cay
Avira TR/Dldr.Delf.tutke
MAX malware (ai score=81)
Antiy-AVL Trojan[Backdoor]/Win32.Remcos
Microsoft Trojan:Win32/Remcosrat.VD!MTB
ZoneAlarm HEUR:Backdoor.Win32.Remcos.gen
GData Trojan.GenericKD.43485488
Cynet Malicious (score: 90)
AhnLab-V3 Malware/Win32.Generic.C4159902
VBA32 BScope.Trojan.Wacatac
Malwarebytes Trojan.MalPack.SMY
ESET-NOD32 Win32/TrojanDownloader.Delf.CYK
TrendMicro-HouseCall TROJ_GEN.R06BC0WGE20
Rising Downloader.Delf!8.16F (C64:YzY0Ora2J6PyaJ2q)
Ikarus Trojan.Inject
eGambit PE.Heur.InvalidSig
Fortinet W32/GenKryptik.EKLE!tr
AVG Win32:Malware-gen
Panda Trj/GdSda.A
CrowdStrike win/malicious_confidence_70% (D)
Qihoo-360 Win32/Backdoor.a07
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.110:443
dead_host 66.220.149.18:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library oleaut32.dll:
0x506804 SysFreeString
0x506808 SysReAllocStringLen
0x50680c SysAllocStringLen
Library advapi32.dll:
0x506814 RegQueryValueExA
0x506818 RegOpenKeyExA
0x50681c RegCloseKey
Library user32.dll:
0x506824 GetKeyboardType
0x506828 DestroyWindow
0x50682c LoadStringA
0x506830 MessageBoxA
0x506834 CharNextA
Library kernel32.dll:
0x50683c GetACP
0x506840 Sleep
0x506844 VirtualFree
0x506848 VirtualAlloc
0x50684c GetTickCount
0x506854 GetCurrentThreadId
0x506860 VirtualQuery
0x506864 WideCharToMultiByte
0x506868 MultiByteToWideChar
0x50686c lstrlenA
0x506870 lstrcpynA
0x506874 LoadLibraryExA
0x506878 GetThreadLocale
0x50687c GetStartupInfoA
0x506880 GetProcAddress
0x506884 GetModuleHandleA
0x506888 GetModuleFileNameA
0x50688c GetLocaleInfoA
0x506890 GetCommandLineA
0x506894 FreeLibrary
0x506898 FindFirstFileA
0x50689c FindClose
0x5068a0 ExitProcess
0x5068a4 CompareStringA
0x5068a8 WriteFile
0x5068b0 RtlUnwind
0x5068b4 RaiseException
0x5068b8 GetStdHandle
Library kernel32.dll:
0x5068c0 TlsSetValue
0x5068c4 TlsGetValue
0x5068c8 LocalAlloc
0x5068cc GetModuleHandleA
Library user32.dll:
0x5068d4 CreateWindowExA
0x5068d8 WindowFromPoint
0x5068dc WaitMessage
0x5068e0 UpdateWindow
0x5068e4 UnregisterClassA
0x5068e8 UnhookWindowsHookEx
0x5068ec TranslateMessage
0x5068f4 TrackPopupMenu
0x5068fc ShowWindow
0x506900 ShowScrollBar
0x506904 ShowOwnedPopups
0x506908 SetWindowsHookExA
0x50690c SetWindowTextA
0x506910 SetWindowPos
0x506914 SetWindowPlacement
0x506918 SetWindowLongW
0x50691c SetWindowLongA
0x506920 SetTimer
0x506924 SetScrollRange
0x506928 SetScrollPos
0x50692c SetScrollInfo
0x506930 SetRect
0x506934 SetPropA
0x506938 SetParent
0x50693c SetMenuItemInfoA
0x506940 SetMenu
0x506944 SetForegroundWindow
0x506948 SetFocus
0x50694c SetCursor
0x506950 SetClipboardData
0x506954 SetClassLongA
0x506958 SetCapture
0x50695c SetActiveWindow
0x506960 SendMessageW
0x506964 SendMessageA
0x506968 ScrollWindow
0x50696c ScreenToClient
0x506970 RemovePropA
0x506974 RemoveMenu
0x506978 ReleaseDC
0x50697c ReleaseCapture
0x506988 RegisterClassA
0x50698c RedrawWindow
0x506990 PtInRect
0x506994 PostQuitMessage
0x506998 PostMessageA
0x50699c PeekMessageW
0x5069a0 PeekMessageA
0x5069a4 OpenClipboard
0x5069a8 OffsetRect
0x5069ac OemToCharA
0x5069b0 MessageBoxA
0x5069b4 MessageBeep
0x5069b8 MapWindowPoints
0x5069bc MapVirtualKeyA
0x5069c0 LoadStringA
0x5069c4 LoadKeyboardLayoutA
0x5069c8 LoadIconA
0x5069cc LoadCursorA
0x5069d0 LoadBitmapA
0x5069d4 KillTimer
0x5069d8 IsZoomed
0x5069dc IsWindowVisible
0x5069e0 IsWindowUnicode
0x5069e4 IsWindowEnabled
0x5069e8 IsWindow
0x5069ec IsRectEmpty
0x5069f0 IsIconic
0x5069f4 IsDialogMessageW
0x5069f8 IsDialogMessageA
0x5069fc IsChild
0x506a00 InvalidateRect
0x506a04 IntersectRect
0x506a08 InsertMenuItemA
0x506a0c InsertMenuA
0x506a10 InflateRect
0x506a18 GetWindowTextA
0x506a1c GetWindowRect
0x506a20 GetWindowPlacement
0x506a24 GetWindowLongW
0x506a28 GetWindowLongA
0x506a2c GetWindowDC
0x506a30 GetTopWindow
0x506a34 GetSystemMetrics
0x506a38 GetSystemMenu
0x506a3c GetSysColorBrush
0x506a40 GetSysColor
0x506a44 GetSubMenu
0x506a48 GetScrollRange
0x506a4c GetScrollPos
0x506a50 GetScrollInfo
0x506a54 GetPropA
0x506a58 GetParent
0x506a5c GetWindow
0x506a60 GetMessagePos
0x506a64 GetMenuStringA
0x506a68 GetMenuState
0x506a6c GetMenuItemInfoA
0x506a70 GetMenuItemID
0x506a74 GetMenuItemCount
0x506a78 GetMenu
0x506a7c GetLastActivePopup
0x506a80 GetKeyboardState
0x506a8c GetKeyboardLayout
0x506a90 GetKeyState
0x506a94 GetKeyNameTextA
0x506a98 GetIconInfo
0x506a9c GetForegroundWindow
0x506aa0 GetFocus
0x506aa4 GetDlgItem
0x506aa8 GetDesktopWindow
0x506aac GetDCEx
0x506ab0 GetDC
0x506ab4 GetCursorPos
0x506ab8 GetCursor
0x506abc GetClipboardData
0x506ac0 GetClientRect
0x506ac4 GetClassLongA
0x506ac8 GetClassInfoA
0x506acc GetCapture
0x506ad0 GetActiveWindow
0x506ad4 FrameRect
0x506ad8 FindWindowA
0x506adc FillRect
0x506ae0 EqualRect
0x506ae4 EnumWindows
0x506ae8 EnumThreadWindows
0x506aec EnumChildWindows
0x506af0 EndPaint
0x506af4 EnableWindow
0x506af8 EnableScrollBar
0x506afc EnableMenuItem
0x506b00 EmptyClipboard
0x506b04 DrawTextA
0x506b08 DrawMenuBar
0x506b0c DrawIconEx
0x506b10 DrawIcon
0x506b14 DrawFrameControl
0x506b18 DrawFocusRect
0x506b1c DrawEdge
0x506b20 DispatchMessageW
0x506b24 DispatchMessageA
0x506b28 DestroyWindow
0x506b2c DestroyMenu
0x506b30 DestroyIcon
0x506b34 DestroyCursor
0x506b38 DeleteMenu
0x506b3c DefWindowProcA
0x506b40 DefMDIChildProcA
0x506b44 DefFrameProcA
0x506b48 CreatePopupMenu
0x506b4c CreateMenu
0x506b50 CreateIcon
0x506b54 CloseClipboard
0x506b58 ClientToScreen
0x506b5c CheckMenuItem
0x506b60 CharNextW
0x506b64 CallWindowProcA
0x506b68 CallNextHookEx
0x506b6c BeginPaint
0x506b70 CharNextA
0x506b74 CharLowerBuffA
0x506b78 CharLowerA
0x506b7c CharUpperBuffA
0x506b80 CharToOemA
0x506b84 AdjustWindowRectEx
Library gdi32.dll:
0x506b90 UnrealizeObject
0x506b94 StretchBlt
0x506b98 SetWindowOrgEx
0x506b9c SetWinMetaFileBits
0x506ba0 SetViewportOrgEx
0x506ba4 SetTextColor
0x506ba8 SetStretchBltMode
0x506bac SetROP2
0x506bb0 SetPixel
0x506bb4 SetEnhMetaFileBits
0x506bb8 SetDIBColorTable
0x506bbc SetBrushOrgEx
0x506bc0 SetBkMode
0x506bc4 SetBkColor
0x506bc8 SelectPalette
0x506bcc SelectObject
0x506bd0 SelectClipRgn
0x506bd4 SaveDC
0x506bd8 RestoreDC
0x506bdc Rectangle
0x506be0 RectVisible
0x506be4 RealizePalette
0x506be8 Polyline
0x506bec PlayEnhMetaFile
0x506bf0 PatBlt
0x506bf4 MoveToEx
0x506bf8 MaskBlt
0x506bfc LineTo
0x506c00 IntersectClipRect
0x506c04 GetWindowOrgEx
0x506c08 GetWinMetaFileBits
0x506c0c GetTextMetricsA
0x506c10 GetTextExtentPointA
0x506c1c GetStockObject
0x506c20 GetRgnBox
0x506c24 GetPolyFillMode
0x506c28 GetPixel
0x506c2c GetPaletteEntries
0x506c30 GetObjectA
0x506c34 GetGraphicsMode
0x506c40 GetEnhMetaFileBits
0x506c44 GetDeviceCaps
0x506c48 GetDIBits
0x506c4c GetDIBColorTable
0x506c50 GetDCOrgEx
0x506c58 GetClipBox
0x506c5c GetBrushOrgEx
0x506c60 GetBitmapBits
0x506c64 GdiFlush
0x506c68 ExtTextOutA
0x506c6c ExcludeClipRect
0x506c70 DeleteObject
0x506c74 DeleteEnhMetaFile
0x506c78 DeleteDC
0x506c7c CreateSolidBrush
0x506c80 CreatePenIndirect
0x506c84 CreatePalette
0x506c8c CreateFontIndirectA
0x506c90 CreateDIBitmap
0x506c94 CreateDIBSection
0x506c98 CreateCompatibleDC
0x506ca0 CreateBrushIndirect
0x506ca4 CreateBitmap
0x506ca8 CopyEnhMetaFileA
0x506cac BitBlt
Library version.dll:
0x506cb4 VerQueryValueA
0x506cbc GetFileVersionInfoA
Library kernel32.dll:
0x506cc4 lstrcpyA
0x506cc8 WriteFile
0x506ccc WaitForSingleObject
0x506cd0 VirtualQuery
0x506cd4 VirtualProtect
0x506cd8 VirtualAlloc
0x506cdc SizeofResource
0x506ce0 SetThreadLocale
0x506ce4 SetFilePointer
0x506ce8 SetEvent
0x506cec SetErrorMode
0x506cf0 SetEndOfFile
0x506cf4 ResetEvent
0x506cf8 ReadFile
0x506cfc MultiByteToWideChar
0x506d00 MulDiv
0x506d04 LockResource
0x506d08 LoadResource
0x506d0c LoadLibraryA
0x506d18 GlobalUnlock
0x506d1c GlobalLock
0x506d20 GlobalFree
0x506d24 GlobalFindAtomA
0x506d28 GlobalDeleteAtom
0x506d2c GlobalAlloc
0x506d30 GlobalAddAtomA
0x506d34 GetVersionExA
0x506d38 GetVersion
0x506d3c GetTickCount
0x506d40 GetThreadLocale
0x506d44 GetStdHandle
0x506d48 GetProcAddress
0x506d4c GetModuleHandleA
0x506d50 GetModuleFileNameA
0x506d54 GetLocaleInfoA
0x506d58 GetLocalTime
0x506d5c GetLastError
0x506d60 GetFullPathNameA
0x506d64 GetFileAttributesA
0x506d68 GetDiskFreeSpaceA
0x506d6c GetDateFormatA
0x506d70 GetCurrentThreadId
0x506d74 GetCurrentProcessId
0x506d78 GetCPInfo
0x506d7c FreeResource
0x506d80 InterlockedExchange
0x506d84 FreeLibrary
0x506d88 FormatMessageA
0x506d8c FindResourceA
0x506d90 EnumCalendarInfoA
0x506d9c CreateThread
0x506da0 CreateFileA
0x506da4 CreateEventA
0x506da8 CompareStringA
0x506dac CloseHandle
Library advapi32.dll:
0x506db4 RegQueryValueExA
0x506db8 RegOpenKeyExA
0x506dbc RegFlushKey
0x506dc0 RegCloseKey
Library oleaut32.dll:
0x506dc8 GetErrorInfo
0x506dcc SysFreeString
Library ole32.dll:
0x506dd4 CoUninitialize
0x506dd8 CoInitialize
Library kernel32.dll:
0x506de0 Sleep
Library oleaut32.dll:
0x506de8 SafeArrayPtrOfIndex
0x506dec SafeArrayPutElement
0x506df0 SafeArrayGetElement
0x506df8 SafeArrayAccessData
0x506dfc SafeArrayGetUBound
0x506e00 SafeArrayGetLBound
0x506e04 SafeArrayCreate
0x506e08 VariantChangeType
0x506e0c VariantCopyInd
0x506e10 VariantCopy
0x506e14 VariantClear
0x506e18 VariantInit
Library comctl32.dll:
0x506e20 _TrackMouseEvent
0x506e2c ImageList_Write
0x506e30 ImageList_Read
0x506e3c ImageList_DragMove
0x506e40 ImageList_DragLeave
0x506e44 ImageList_DragEnter
0x506e48 ImageList_EndDrag
0x506e4c ImageList_BeginDrag
0x506e50 ImageList_Remove
0x506e54 ImageList_DrawEx
0x506e58 ImageList_Replace
0x506e5c ImageList_Draw
0x506e68 ImageList_Add
0x506e70 ImageList_Destroy
0x506e74 ImageList_Create
0x506e78 InitCommonControls
Library comdlg32.dll:
0x506e80 GetSaveFileNameA
0x506e84 GetOpenFileNameA
Library advapi32.dll:
0x506e8c QueryServiceStatus
0x506e90 OpenServiceA
0x506e94 OpenSCManagerA
0x506e98 CloseServiceHandle

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57236 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.