SmartHawk

3.6

中危

60 个模型检测该样本为恶意！

重新分析

下载样本

7f12ab6909f7a932ee097634ab529b1e2c1f07534097785c90ff03eb9671e784

c6b17ba345f31f19dbd4f68ad398a7e9.exe

分析耗时

49s

最近分析

文件大小

926.5KB

静态报毒动态报毒 5MW@A0C5GZLG ABDDLLLUTVOUD1KG2XSBOW AI SCORE=81 AIDETECTVM ANFSN ATTRIBUTE BKUL BSCOPE COINS CONFIDENCE ENCPK GENERIC@ML GENERICKD HFOQ HIGH CONFIDENCE HIGHCONFIDENCE HSMRAI IUNO KRYPTIK MALICIOUS PE MALWARE1 MALWARE@#38C4E72DPRHFC NAHRQ PASKJURLNTY PASSWORDSTEALER QVM20 R066C0PHL20 RDML S + MAL SCORE SIGGEN10 SUSGEN SZUV TROJANPSW UNSAFE VBOBFUS YMACCO ZEXAF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	RDN/Generic.grp	20200920	6.0.6.653
Alibaba	Trojan:Win32/Kryptik.621b3f6d	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:Malware-gen	20200920	18.4.3895.0
Tencent	Win32.Trojan.Inject.Szuv	20200920	1.0.0.1
Kingsoft		20200920	2013.8.14.323
CrowdStrike	win/malicious_confidence_80% (W)	20190702	1.0

Allocates read-write-execute memory (usually to unpack itself) (3 个事件)

Time & API	Arguments	Status
1619918629.2085 NtAllocateVirtualMemory	process_identifier: 2764 region_size: 954368 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x020e0000	success
1619918629.2085 NtProtectVirtualMemory	process_identifier: 2764 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 954368 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x00400000	success
1619918634.8955 NtAllocateVirtualMemory	process_identifier: 2764 region_size: 3158016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x024a0000	success

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.34382687
FireEye	Generic.mg.c6b17ba345f31f19
CAT-QuickHeal	Trojan.Inject
McAfee	RDN/Generic.grp
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
K7AntiVirus	Trojan ( 0056cb311 )
Alibaba	Trojan:Win32/Kryptik.621b3f6d
K7GW	Trojan ( 0056cb311 )
Cybereason	malicious.345f31
Arcabit	Trojan.Generic.D20CA35F
TrendMicro	TROJ_GEN.R066C0PHL20
Cyren	W32/Trojan.IUNO-7186
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Malware-gen
Cynet	Malicious (score: 100)
Kaspersky	Trojan.Win32.Inject.anfsn
BitDefender	Trojan.GenericKD.34382687
NANO-Antivirus	Trojan.Win32.Inject.hsmrai
Paloalto	generic.ml
AegisLab	Trojan.Win32.Inject.4!c
Tencent	Win32.Trojan.Inject.Szuv
Ad-Aware	Trojan.GenericKD.34382687
Comodo	Malware@#38c4e72dprhfc
F-Secure	Trojan.TR/Crypt.Agent.nahrq
DrWeb	Trojan.Siggen10.5641
Zillya	Trojan.Kryptik.Win32.2426225
Invincea	Mal/Generic-S + Mal/EncPk-APW
McAfee-GW-Edition	BehavesLike.Win32.VBObfus.dt
Sophos	Mal/EncPk-APW
SentinelOne	DFI - Malicious PE
Jiangmin	Trojan.Inject.bkul
Avira	TR/Crypt.Agent.nahrq
eGambit	Unsafe.AI_Score_90%
Antiy-AVL	Trojan/Win32.Inject
Microsoft	Trojan:Win32/Ymacco.AA7F
ViRobot	Trojan.Win32.Z.Inject.948736
ZoneAlarm	Trojan.Win32.Inject.anfsn
GData	Trojan.GenericKD.34382687
TACHYON	Trojan/W32.Inject.948736
AhnLab-V3	Trojan/Win32.Inject.C4182901
VBA32	BScope.TrojanPSW.Coins
ALYac	Trojan.GenericKD.34382687
MAX	malware (ai score=81)
Malwarebytes	Spyware.PasswordStealer
ESET-NOD32	a variant of Win32/Kryptik.HFOQ

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)

dead_host	172.217.24.14:443
dead_host	172.217.160.110:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-08-17 03:44:28

Imports

Library kernel32.dll:

• 0x4e6bd4 GetProcAddress

• 0x4e6bd8 GetVersion

• 0x4e6bdc LoadLibraryA

• 0x4e6be0 VirtualAlloc

• 0x4e6be4 VirtualFree

• 0x4e6be8 VirtualProtect

• 0x4e6bec GetModuleHandleA

• 0x4e6bf0 GetACP

• 0x4e6bf4 lstrcmpA

• 0x4e6bf8 GetLastError

• 0x4e6bfc SetLastError

• 0x4e6c00 GetProcessId

• 0x4e6c04 lstrlenA

• 0x4e6c08 lstrcatA

• 0x4e6c0c GetCurrentThreadId

• 0x4e6c10 GetTickCount

• 0x4e6c14 GetCurrentThread

• 0x4e6c18 SetThreadExecutionState

• 0x4e6c1c GetShortPathNameW

• 0x4e6c20 DeleteCriticalSection

• 0x4e6c24 NlsGetCacheUpdateCount

• 0x4e6c28 GlobalSize

• 0x4e6c2c CreateJobObjectA

• 0x4e6c30 WriteProfileSectionW

• 0x4e6c34 SetHandleCount

Library user32.dll:

• 0x4e6d40 GetGUIThreadInfo

• 0x4e6d44 GetCapture

• 0x4e6d48 ReleaseDC

• 0x4e6d4c DispatchMessageA

• 0x4e6d50 SetDlgItemTextW

• 0x4e6d54 SetClassWord

• 0x4e6d58 ImpersonateDdeClientWindow

• 0x4e6d5c WinHelpW

• 0x4e6d60 GetMenu

• 0x4e6d64 SetWindowsHookW

• 0x4e6d68 SetWindowsHookExA

• 0x4e6d6c SetClassLongW

• 0x4e6d70 LoadIconW

• 0x4e6d74 GetCaretPos

• 0x4e6d78 DrawStateA

• 0x4e6d7c RegisterClipboardFormatW

• 0x4e6d80 InvertRect

• 0x4e6d84 RegisterSystemThread

• 0x4e6d88 DefWindowProcA

• 0x4e6d8c IsWinEventHookInstalled

• 0x4e6d90 ChangeMenuW

• 0x4e6d94 CreateIconFromResource

• 0x4e6d98 IsIconic

• 0x4e6d9c DeleteMenu

• 0x4e6da0 CallWindowProcA

Library comctl32.dll:

• 0x4e6a68 InitCommonControls

• 0x4e6a6c DPA_DeletePtr

• 0x4e6a70 DPA_InsertPtr

• 0x4e6a74 DPA_Search

• 0x4e6a78 ImageList_SetImageCount

• 0x4e6a7c ImageList_Destroy

• 0x4e6a80 ImageList_AddIcon

• 0x4e6a84 FlatSB_GetScrollRange

• 0x4e6a88 DPA_DestroyCallback

• 0x4e6a8c ImageList_Read

• 0x4e6a90 ImageList_SetFlags

• 0x4e6a94 ImageList_GetImageRect

• 0x4e6a98 ImageList_DrawEx

• 0x4e6a9c RemoveWindowSubclass

• 0x4e6aa0 DrawStatusTextW

• 0x4e6aa4 PropertySheetW

• 0x4e6aa8 ImageList_EndDrag

• 0x4e6aac CreateUpDownControl

Library ole32.dll:

• 0x4e6c54 CoRevokeMallocSpy

• 0x4e6c58 OleFlushClipboard

• 0x4e6c5c CoSetCancelObject

• 0x4e6c60 GetRunningObjectTable

• 0x4e6c64 ReadFmtUserTypeStg

• 0x4e6c68 WriteStringStream

• 0x4e6c6c CoRegisterSurrogateEx

• 0x4e6c70 CreateErrorInfo

• 0x4e6c74 CoTaskMemAlloc

• 0x4e6c78 OleCreateLinkFromDataEx

• 0x4e6c7c StgIsStorageILockBytes

• 0x4e6c80 CoQueryProxyBlanket

• 0x4e6c84 StgPropertyLengthAsVariant

• 0x4e6c88 DllGetClassObject

Library winmm.dll:

• 0x4e6da8 joyReleaseCapture

• 0x4e6dac waveOutSetPitch

• 0x4e6db0 mmGetCurrentTask

• 0x4e6db4 mciSendCommandW

• 0x4e6db8 midiOutShortMsg

• 0x4e6dbc mciSendStringW

• 0x4e6dc0 midiOutMessage

• 0x4e6dc4 OpenDriver

• 0x4e6dc8 midiOutSetVolume

• 0x4e6dcc waveInGetDevCapsA

• 0x4e6dd0 mciGetErrorStringA

• 0x4e6dd4 joy32Message

• 0x4e6dd8 waveOutSetVolume

• 0x4e6ddc waveInStop

• 0x4e6de0 midiConnect

• 0x4e6de4 mmTaskCreate

• 0x4e6de8 mciExecute

• 0x4e6dec midiOutGetNumDevs

• 0x4e6df0 mmioGetInfo

• 0x4e6df4 midiInAddBuffer

• 0x4e6df8 mixerGetID

• 0x4e6dfc waveOutSetPlaybackRate

• 0x4e6e00 waveInGetNumDevs

• 0x4e6e04 waveOutGetPlaybackRate

• 0x4e6e08 wid32Message

• 0x4e6e0c midiOutLongMsg

• 0x4e6e10 timeGetDevCaps

• 0x4e6e14 midiOutCacheDrumPatches

• 0x4e6e18 waveOutGetDevCapsA

• 0x4e6e1c mmioStringToFOURCCA

• 0x4e6e20 midiOutOpen

• 0x4e6e24 mmioRenameW

• 0x4e6e28 mmioFlush

• 0x4e6e2c joyConfigChanged

• 0x4e6e30 joyGetNumDevs

• 0x4e6e34 mixerClose

Library gdi32.dll:

• 0x4e6b00 GetTextCharsetInfo

• 0x4e6b04 PolylineTo

• 0x4e6b08 DdEntry33

• 0x4e6b0c FONTOBJ_pxoGetXform

• 0x4e6b10 GetOutlineTextMetricsW

• 0x4e6b14 EngCreateBitmap

• 0x4e6b18 EngGradientFill

• 0x4e6b1c GetObjectA

• 0x4e6b20 SetLayout

• 0x4e6b24 AddFontResourceExA

• 0x4e6b28 GetPath

• 0x4e6b2c GetSystemPaletteEntries

• 0x4e6b30 GdiEntry5

• 0x4e6b34 EngFillPath

• 0x4e6b38 AnimatePalette

• 0x4e6b3c GetWindowOrgEx

• 0x4e6b40 ExtFloodFill

• 0x4e6b44 StretchDIBits

• 0x4e6b48 GetEUDCTimeStampExW

• 0x4e6b4c CreateCompatibleDC

• 0x4e6b50 SetWindowExtEx

• 0x4e6b54 ModifyWorldTransform

• 0x4e6b58 FixBrushOrgEx

• 0x4e6b5c GdiInitializeLanguagePack

• 0x4e6b60 CreateRectRgnIndirect

Library msimg32.dll:

• 0x4e6c3c DllInitialize

• 0x4e6c40 GradientFill

• 0x4e6c44 vSetDdrawflag

• 0x4e6c48 AlphaBlend

• 0x4e6c4c TransparentBlt

Library oledlg.dll:

• 0x4e6d04 OleUIAddVerbMenuA

• 0x4e6d08 OleUIChangeIconW

• 0x4e6d0c OleUIInsertObjectW

• 0x4e6d10 OleUIConvertW

• 0x4e6d14 OleUIEditLinksW

• 0x4e6d18 OleUIBusyW

• 0x4e6d1c OleUIAddVerbMenuW

• 0x4e6d20 OleUIConvertA

• 0x4e6d24 OleUIEditLinksA

• 0x4e6d28 OleUIChangeSourceA

• 0x4e6d2c OleUIInsertObjectA

• 0x4e6d30 OleUIPromptUserW

• 0x4e6d34 OleUIUpdateLinksA

• 0x4e6d38 OleUIObjectPropertiesA

Library comdlg32.dll:

• 0x4e6ab4 dwLBSubclass

• 0x4e6ab8 PrintDlgExW

• 0x4e6abc PrintDlgW

• 0x4e6ac0 GetFileTitleA

• 0x4e6ac4 FindTextW

• 0x4e6ac8 ChooseColorA

• 0x4e6acc GetOpenFileNameA

• 0x4e6ad0 ReplaceTextW

• 0x4e6ad4 dwOKSubclass

• 0x4e6ad8 CommDlgExtendedError

• 0x4e6adc GetSaveFileNameA

• 0x4e6ae0 LoadAlterBitmap

• 0x4e6ae4 PrintDlgExA

• 0x4e6ae8 PrintDlgA

• 0x4e6aec Ssync_ANSI_UNICODE_Struct_For_WOW

• 0x4e6af0 ChooseFontA

• 0x4e6af4 GetFileTitleW

• 0x4e6af8 FindTextA

Library gdiplus.dll:

• 0x4e6b68 GdipCreateImageAttributes

• 0x4e6b6c GdipEnumerateMetafileDestPointI

• 0x4e6b70 GdipAddPathEllipse

• 0x4e6b74 GdipGetImageDimension

• 0x4e6b78 GdipSetPenDashOffset

• 0x4e6b7c GdipPrivateAddFontFile

• 0x4e6b80 GdipCreateFromHDC2

• 0x4e6b84 GdipEnumerateMetafileDestPoints

• 0x4e6b88 GdipSetImageAttributesOutputChannelColorProfile

• 0x4e6b8c GdipMultiplyMatrix

• 0x4e6b90 GdipGetHatchStyle

• 0x4e6b94 GdipAddPathRectangleI

• 0x4e6b98 GdipAddPathBezier

• 0x4e6b9c GdiplusNotificationUnhook

• 0x4e6ba0 GdipCreateBitmapFromGdiDib

• 0x4e6ba4 GdipGetBrushType

• 0x4e6ba8 GdipFillPie

• 0x4e6bac GdipGetSmoothingMode

• 0x4e6bb0 GdipGetPathGradientTransform

• 0x4e6bb4 GdipGetCustomLineCapBaseInset

• 0x4e6bb8 GdipGetPenEndCap

• 0x4e6bbc GdipAddPathCurve

• 0x4e6bc0 GdipGetVisibleClipBoundsI

• 0x4e6bc4 GdipGetTextContrast

• 0x4e6bc8 GdipIsVisiblePathPoint

• 0x4e6bcc GdipSetStringFormatTabStops

Library oleaut32.dll:

• 0x4e6c90 VarR8FromCy

• 0x4e6c94 VarUI1FromI4

• 0x4e6c98 DispGetParam

• 0x4e6c9c VarCyFromStr

• 0x4e6ca0 BSTR_UserSize

• 0x4e6ca4 VarR8FromUI2

• 0x4e6ca8 LPSAFEARRAY_UserMarshal

• 0x4e6cac UnRegisterTypeLibForUser

• 0x4e6cb0 VarR8Round

• 0x4e6cb4 VarI4FromI1

• 0x4e6cb8 VarI1FromR4

• 0x4e6cbc VarBstrFromI8

• 0x4e6cc0 VarBstrCat

• 0x4e6cc4 GetVarConversionLocaleSetting

• 0x4e6cc8 VarI2FromDate

• 0x4e6ccc VarBoolFromStr

• 0x4e6cd0 VarI8FromDate

• 0x4e6cd4 VarI4FromDate

• 0x4e6cd8 VarUI2FromI1

• 0x4e6cdc VarDecDiv

• 0x4e6ce0 VarDecFromUI4

• 0x4e6ce4 VarI1FromUI4

• 0x4e6ce8 SafeArrayDestroyDescriptor

• 0x4e6cec SafeArrayGetRecordInfo

• 0x4e6cf0 VarCyFromUI8

• 0x4e6cf4 SysAllocString

• 0x4e6cf8 VarUI2FromR4

• 0x4e6cfc VarUI1FromBool

Library advapi32.dll:

• 0x4e6a00 SystemFunction009

• 0x4e6a04 WmiSetSingleItemW

• 0x4e6a08 RegQueryInfoKeyW

• 0x4e6a0c BuildImpersonateTrusteeA

• 0x4e6a10 InitializeSecurityDescriptor

• 0x4e6a14 GetSidSubAuthorityCount

• 0x4e6a18 GetSidLengthRequired

• 0x4e6a1c RegDeleteValueW

• 0x4e6a20 RegDeleteValueA

• 0x4e6a24 EnumServicesStatusW

• 0x4e6a28 ElfRegisterEventSourceW

• 0x4e6a2c LsaGetQuotasForAccount

• 0x4e6a30 CloseServiceHandle

• 0x4e6a34 CryptSignHashW

• 0x4e6a38 BuildSecurityDescriptorA

• 0x4e6a3c EncryptFileW

• 0x4e6a40 OpenSCManagerW

• 0x4e6a44 EncryptedFileKeyInfo

• 0x4e6a48 OpenServiceA

• 0x4e6a4c LsaICLookupSids

• 0x4e6a50 LsaCreateAccount

• 0x4e6a54 ElfReportEventW

• 0x4e6a58 BuildExplicitAccessWithNameA

• 0x4e6a5c ReadEventLogA

• 0x4e6a60 RegisterTraceGuidsW

Library winspool.drv:

• 0x4e6e3c DeletePrinterConnectionW

• 0x4e6e40 EnumPrinterDataW

• 0x4e6e44 DeviceCapabilities

• 0x4e6e48 AddPrinterDriverExW

• 0x4e6e4c DeletePortA

• 0x4e6e50 FindClosePrinterChangeNotification

• 0x4e6e54 FindFirstPrinterChangeNotification

• 0x4e6e58 SetFormW

• 0x4e6e5c DeviceCapabilitiesA

• 0x4e6e60 EnumPortsA

• 0x4e6e64 DevicePropertySheets

• 0x4e6e68 DeletePortW

• 0x4e6e6c StartDocDlgA

• 0x4e6e70 AddPrintProcessorW

• 0x4e6e74 StartPagePrinter

• 0x4e6e78 GetPrinterA

• 0x4e6e7c EndPagePrinter

• 0x4e6e80 ClosePrinter

• 0x4e6e84 EndDocPrinter

• 0x4e6e88 PrinterProperties

• 0x4e6e8c ConvertUnicodeDevModeToAnsiDevmode

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
teredo.ipv6.microsoft.com		127.0.0.1
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
clients2.google.com	A 172.217.160.110 CNAME clients.l.google.com	172.217.160.78

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	60215	114.114.114.114	53
192.168.56.101	63429	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	50002	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	56539	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57756	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	60384	224.0.0.252	5355
192.168.56.101	61680	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	49238	239.255.255.250	1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.