5.0
中危
51 个模型检测该样本为恶意!
重新分析
更多

dba6d083812f2fd178b14204fd189aaacc74d7d8dfa3380777bf00c3039de547

c9e43b3f19fb932ed22dbe5650cfe83f.exe

分析耗时

98s

最近分析

文件大小

1.0MB
静态报毒 动态报毒 100% AI SCORE=84 AIDETECTVM ARTEMIS ATTRIBUTE CONFIDENCE DELF DLW@AAO0KXPI EKLE FAREIT GBXIJHNIPFZNALLQWI7SDA GDSDA GENERIC@ML GENKRYPTIK HIGHCONFIDENCE HSRRUH IELNQ JACARD KCLOUD LYOJJAZHKQ8 MALWARE2 MALWARE@#MMXCMCA36MF0 RDML SCORE SUSGEN TCCA THIAABO TSCOPE UNSAFE YACI ZELPHICO 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!C9E43B3F19FB 20210201 6.0.6.653
Alibaba TrojanDownloader:Win32/Generic.08ea9e84 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20210201 21.1.5827.0
Tencent Win32.Trojan.Jacard.Tcca 20210201 1.0.0.1
Kingsoft Win32.Troj.Undef.(kcloud) 20210201 2017.9.26.565
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .itext
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619935487.727374
__exception__
stacktrace: 
0x216977a
0x21697ad
0x21696ca
0x211f730
0x216a8d3
0x216bcf3
0x2140162
0x212e40a
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x775a7bca
0x21667fc
0x216c07f
c9e43b3f19fb932ed22dbe5650cfe83f+0x8a4fc @ 0x48a4fc

registers.esp: 1634060
registers.edi: 3
registers.eax: 1634060
registers.ebp: 1634140
registers.edx: 0
registers.ebx: 1635816
registers.esi: 56452916
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1619935424.586374
NtAllocateVirtualMemory
process_identifier: 1916
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00660000
success 0 0
1619935470.461374
NtAllocateVirtualMemory
process_identifier: 1916
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02190000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Disables proxy possibly for traffic interception (1 个事件)
Time & API Arguments Status Return Repeated
1619935487.024374
RegSetValueExA
key_handle: 0x000002d0
value: 0
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
success 0 0
File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 个事件)
Bkav W32.AIDetectVM.malware2
MicroWorld-eScan Gen:Variant.Jacard.192653
FireEye Gen:Variant.Jacard.192653
McAfee Artemis!C9E43B3F19FB
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan-Downloader ( 0056aec91 )
Alibaba TrojanDownloader:Win32/Generic.08ea9e84
K7GW Trojan-Downloader ( 0056aec91 )
Cybereason malicious.f19fb9
Arcabit Trojan.Jacard.D2F08D
Cyren W32/Trojan.YACI-3422
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Trojan-gen
BitDefender Gen:Variant.Jacard.192653
NANO-Antivirus Trojan.Win32.Delf.hsrruh
Paloalto generic.ml
Tencent Win32.Trojan.Jacard.Tcca
Ad-Aware Gen:Variant.Jacard.192653
Sophos Mal/Generic-S
Comodo Malware@#mmxcmca36mf0
F-Secure Trojan.TR/Dldr.Delf.ielnq
VIPRE Trojan.Win32.Generic!BT
TrendMicro Trojan.Win32.DELF.THIAABO
McAfee-GW-Edition BehavesLike.Win32.Rootkit.tc
Emsisoft Gen:Variant.Jacard.192653 (B)
Avira TR/Dldr.Delf.ielnq
MAX malware (ai score=84)
Antiy-AVL Trojan[PSW]/Win32.Fareit
Kingsoft Win32.Troj.Undef.(kcloud)
Microsoft PWS:Win32/Fareit.ART!MTB
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Gen:Variant.Jacard.192653
Cynet Malicious (score: 85)
BitDefenderTheta Gen:NN.ZelphiCO.34780.dLW@aaO0KXpi
ALYac Gen:Variant.Jacard.192653
VBA32 TScope.Trojan.Delf
Malwarebytes Trojan.MalPack.SMY.Generic
ESET-NOD32 Win32/TrojanDownloader.Delf.CYQ
TrendMicro-HouseCall Trojan.Win32.DELF.THIAABO
Rising Trojan.Generic@ML.100 (RDML:gbXijhNipfznALLQWI7sdA)
Yandex Trojan.DL.Delf!LYoJJAzhkQ8
Ikarus Trojan-Downloader.Win32.Delf
MaxSecure Trojan.Malware.82636496.susgen
Fortinet W32/GenKryptik.EKLE!tr
Webroot W32.Trojan.Gen
AVG Win32:Trojan-gen
Panda Trj/GdSda.A
CrowdStrike win/malicious_confidence_100% (W)
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.110:443
dead_host 172.217.27.142:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library oleaut32.dll:
0x4fa80c SysFreeString
0x4fa810 SysReAllocStringLen
0x4fa814 SysAllocStringLen
Library advapi32.dll:
0x4fa81c RegQueryValueExA
0x4fa820 RegOpenKeyExA
0x4fa824 RegCloseKey
Library user32.dll:
0x4fa82c GetKeyboardType
0x4fa830 DestroyWindow
0x4fa834 LoadStringA
0x4fa838 MessageBoxA
0x4fa83c CharNextA
Library kernel32.dll:
0x4fa844 GetACP
0x4fa848 Sleep
0x4fa84c VirtualFree
0x4fa850 VirtualAlloc
0x4fa854 GetTickCount
0x4fa85c GetCurrentThreadId
0x4fa868 VirtualQuery
0x4fa86c WideCharToMultiByte
0x4fa870 MultiByteToWideChar
0x4fa874 lstrlenA
0x4fa878 lstrcpynA
0x4fa87c LoadLibraryExA
0x4fa880 GetThreadLocale
0x4fa884 GetStartupInfoA
0x4fa888 GetProcAddress
0x4fa88c GetModuleHandleA
0x4fa890 GetModuleFileNameA
0x4fa894 GetLocaleInfoA
0x4fa898 GetCommandLineA
0x4fa89c FreeLibrary
0x4fa8a0 FindFirstFileA
0x4fa8a4 FindClose
0x4fa8a8 ExitProcess
0x4fa8ac CompareStringA
0x4fa8b0 WriteFile
0x4fa8b8 RtlUnwind
0x4fa8bc RaiseException
0x4fa8c0 GetStdHandle
Library kernel32.dll:
0x4fa8c8 TlsSetValue
0x4fa8cc TlsGetValue
0x4fa8d0 LocalAlloc
0x4fa8d4 GetModuleHandleA
Library user32.dll:
0x4fa8dc CreateWindowExA
0x4fa8e0 WindowFromPoint
0x4fa8e4 WaitMessage
0x4fa8e8 UpdateWindow
0x4fa8ec UnregisterClassA
0x4fa8f0 UnhookWindowsHookEx
0x4fa8f4 TranslateMessage
0x4fa8fc TrackPopupMenu
0x4fa904 ShowWindow
0x4fa908 ShowScrollBar
0x4fa90c ShowOwnedPopups
0x4fa910 SetWindowsHookExA
0x4fa914 SetWindowTextA
0x4fa918 SetWindowPos
0x4fa91c SetWindowPlacement
0x4fa920 SetWindowLongW
0x4fa924 SetWindowLongA
0x4fa928 SetTimer
0x4fa92c SetScrollRange
0x4fa930 SetScrollPos
0x4fa934 SetScrollInfo
0x4fa938 SetRect
0x4fa93c SetPropA
0x4fa940 SetParent
0x4fa944 SetMenuItemInfoA
0x4fa948 SetMenu
0x4fa94c SetKeyboardState
0x4fa950 SetForegroundWindow
0x4fa954 SetFocus
0x4fa958 SetCursor
0x4fa95c SetClipboardData
0x4fa960 SetClassLongA
0x4fa964 SetCapture
0x4fa968 SetActiveWindow
0x4fa96c SendMessageW
0x4fa970 SendMessageA
0x4fa974 ScrollWindow
0x4fa978 ScreenToClient
0x4fa97c RemovePropA
0x4fa980 RemoveMenu
0x4fa984 ReleaseDC
0x4fa988 ReleaseCapture
0x4fa994 RegisterClassA
0x4fa998 RedrawWindow
0x4fa99c PtInRect
0x4fa9a0 PostQuitMessage
0x4fa9a4 PostMessageA
0x4fa9a8 PeekMessageW
0x4fa9ac PeekMessageA
0x4fa9b0 OpenClipboard
0x4fa9b4 OffsetRect
0x4fa9b8 OemToCharA
0x4fa9bc MessageBoxA
0x4fa9c0 MessageBeep
0x4fa9c4 MapWindowPoints
0x4fa9c8 MapVirtualKeyA
0x4fa9cc LoadStringA
0x4fa9d0 LoadKeyboardLayoutA
0x4fa9d4 LoadIconA
0x4fa9d8 LoadCursorA
0x4fa9dc LoadBitmapA
0x4fa9e0 KillTimer
0x4fa9e4 IsZoomed
0x4fa9e8 IsWindowVisible
0x4fa9ec IsWindowUnicode
0x4fa9f0 IsWindowEnabled
0x4fa9f4 IsWindow
0x4fa9f8 IsRectEmpty
0x4fa9fc IsIconic
0x4faa00 IsDialogMessageW
0x4faa04 IsDialogMessageA
0x4faa08 IsChild
0x4faa0c IsCharAlphaNumericA
0x4faa10 IsCharAlphaA
0x4faa14 InvalidateRect
0x4faa18 IntersectRect
0x4faa1c InsertMenuItemA
0x4faa20 InsertMenuA
0x4faa24 InflateRect
0x4faa2c GetWindowTextA
0x4faa30 GetWindowRect
0x4faa34 GetWindowPlacement
0x4faa38 GetWindowLongW
0x4faa3c GetWindowLongA
0x4faa40 GetWindowDC
0x4faa44 GetTopWindow
0x4faa48 GetSystemMetrics
0x4faa4c GetSystemMenu
0x4faa50 GetSysColorBrush
0x4faa54 GetSysColor
0x4faa58 GetSubMenu
0x4faa5c GetScrollRange
0x4faa60 GetScrollPos
0x4faa64 GetScrollInfo
0x4faa68 GetPropA
0x4faa6c GetParent
0x4faa70 GetWindow
0x4faa74 GetMessagePos
0x4faa78 GetMenuStringA
0x4faa7c GetMenuState
0x4faa80 GetMenuItemInfoA
0x4faa84 GetMenuItemID
0x4faa88 GetMenuItemCount
0x4faa8c GetMenu
0x4faa90 GetLastActivePopup
0x4faa94 GetKeyboardState
0x4faaa0 GetKeyboardLayout
0x4faaa4 GetKeyState
0x4faaa8 GetKeyNameTextA
0x4faaac GetIconInfo
0x4faab0 GetForegroundWindow
0x4faab4 GetFocus
0x4faab8 GetDlgItem
0x4faabc GetDesktopWindow
0x4faac0 GetDCEx
0x4faac4 GetDC
0x4faac8 GetCursorPos
0x4faacc GetCursor
0x4faad0 GetClipboardData
0x4faad4 GetClientRect
0x4faad8 GetClassLongA
0x4faadc GetClassInfoA
0x4faae0 GetCapture
0x4faae4 GetActiveWindow
0x4faae8 FrameRect
0x4faaec FindWindowA
0x4faaf0 FillRect
0x4faaf4 EqualRect
0x4faaf8 EnumWindows
0x4faafc EnumThreadWindows
0x4fab04 EnumChildWindows
0x4fab08 EndPaint
0x4fab0c EnableWindow
0x4fab10 EnableScrollBar
0x4fab14 EnableMenuItem
0x4fab18 EmptyClipboard
0x4fab1c DrawTextA
0x4fab20 DrawMenuBar
0x4fab24 DrawIconEx
0x4fab28 DrawIcon
0x4fab2c DrawFrameControl
0x4fab30 DrawFocusRect
0x4fab34 DrawEdge
0x4fab38 DispatchMessageW
0x4fab3c DispatchMessageA
0x4fab40 DestroyWindow
0x4fab44 DestroyMenu
0x4fab48 DestroyIcon
0x4fab4c DestroyCursor
0x4fab50 DeleteMenu
0x4fab54 DefWindowProcA
0x4fab58 DefMDIChildProcA
0x4fab5c DefFrameProcA
0x4fab60 CreatePopupMenu
0x4fab64 CreateMenu
0x4fab68 CreateIcon
0x4fab6c CloseClipboard
0x4fab70 ClientToScreen
0x4fab74 CheckMenuItem
0x4fab78 CharNextW
0x4fab7c CallWindowProcA
0x4fab80 CallNextHookEx
0x4fab84 BeginPaint
0x4fab88 CharNextA
0x4fab8c CharLowerBuffA
0x4fab90 CharLowerA
0x4fab94 CharUpperBuffA
0x4fab98 CharToOemA
0x4fab9c AdjustWindowRectEx
Library gdi32.dll:
0x4faba8 UnrealizeObject
0x4fabac StretchBlt
0x4fabb0 SetWindowOrgEx
0x4fabb4 SetWinMetaFileBits
0x4fabb8 SetViewportOrgEx
0x4fabbc SetTextColor
0x4fabc0 SetStretchBltMode
0x4fabc4 SetROP2
0x4fabc8 SetPixel
0x4fabcc SetEnhMetaFileBits
0x4fabd0 SetDIBColorTable
0x4fabd4 SetBrushOrgEx
0x4fabd8 SetBkMode
0x4fabdc SetBkColor
0x4fabe0 SelectPalette
0x4fabe4 SelectObject
0x4fabe8 SaveDC
0x4fabec RestoreDC
0x4fabf0 Rectangle
0x4fabf4 RectVisible
0x4fabf8 RealizePalette
0x4fabfc Polyline
0x4fac00 PlayEnhMetaFile
0x4fac04 PatBlt
0x4fac08 MoveToEx
0x4fac0c MaskBlt
0x4fac10 LineTo
0x4fac14 IntersectClipRect
0x4fac18 GetWindowOrgEx
0x4fac1c GetWinMetaFileBits
0x4fac20 GetTextMetricsA
0x4fac2c GetStockObject
0x4fac30 GetRgnBox
0x4fac34 GetPixel
0x4fac38 GetPaletteEntries
0x4fac3c GetObjectA
0x4fac48 GetEnhMetaFileBits
0x4fac4c GetDeviceCaps
0x4fac50 GetDIBits
0x4fac54 GetDIBColorTable
0x4fac58 GetDCOrgEx
0x4fac60 GetClipBox
0x4fac64 GetBrushOrgEx
0x4fac68 GetBitmapBits
0x4fac6c ExtTextOutA
0x4fac70 ExcludeClipRect
0x4fac74 DeleteObject
0x4fac78 DeleteEnhMetaFile
0x4fac7c DeleteDC
0x4fac80 CreateSolidBrush
0x4fac84 CreatePenIndirect
0x4fac88 CreatePalette
0x4fac90 CreateFontIndirectA
0x4fac94 CreateDIBitmap
0x4fac98 CreateDIBSection
0x4fac9c CreateCompatibleDC
0x4faca4 CreateBrushIndirect
0x4faca8 CreateBitmap
0x4facac CopyEnhMetaFileA
0x4facb0 BitBlt
Library version.dll:
0x4facb8 VerQueryValueA
0x4facc0 GetFileVersionInfoA
Library kernel32.dll:
0x4facc8 lstrcpyA
0x4faccc WriteFile
0x4facd0 WaitForSingleObject
0x4facd4 VirtualQuery
0x4facd8 VirtualProtect
0x4facdc VirtualAlloc
0x4face0 SizeofResource
0x4face4 SetThreadLocale
0x4face8 SetLastError
0x4facec SetFilePointer
0x4facf0 SetEvent
0x4facf4 SetErrorMode
0x4facf8 SetEndOfFile
0x4facfc ResetEvent
0x4fad00 ReadFile
0x4fad04 MultiByteToWideChar
0x4fad08 MulDiv
0x4fad0c LockResource
0x4fad10 LoadResource
0x4fad14 LoadLibraryA
0x4fad20 GlobalUnlock
0x4fad24 GlobalLock
0x4fad28 GlobalFindAtomA
0x4fad2c GlobalDeleteAtom
0x4fad30 GlobalAddAtomA
0x4fad34 GetVersionExA
0x4fad38 GetVersion
0x4fad3c GetTickCount
0x4fad40 GetThreadLocale
0x4fad44 GetStdHandle
0x4fad48 GetProcAddress
0x4fad4c GetModuleHandleA
0x4fad50 GetModuleFileNameA
0x4fad54 GetLocaleInfoA
0x4fad58 GetLocalTime
0x4fad5c GetLastError
0x4fad60 GetFullPathNameA
0x4fad64 GetDiskFreeSpaceA
0x4fad68 GetDateFormatA
0x4fad6c GetCurrentThreadId
0x4fad70 GetCurrentProcessId
0x4fad74 GetCPInfo
0x4fad78 FreeResource
0x4fad7c InterlockedExchange
0x4fad80 FreeLibrary
0x4fad84 FormatMessageA
0x4fad88 FindResourceA
0x4fad8c EnumCalendarInfoA
0x4fad98 CreateThread
0x4fad9c CreateFileA
0x4fada0 CreateEventA
0x4fada4 CompareStringW
0x4fada8 CompareStringA
0x4fadac CloseHandle
Library advapi32.dll:
0x4fadb4 RegQueryValueExA
0x4fadb8 RegOpenKeyExA
0x4fadbc RegFlushKey
0x4fadc0 RegCloseKey
Library oleaut32.dll:
0x4fadc8 GetErrorInfo
0x4fadcc SysFreeString
Library ole32.dll:
0x4fadd4 CoUninitialize
0x4fadd8 CoInitialize
Library kernel32.dll:
0x4fade0 Sleep
Library oleaut32.dll:
0x4fade8 SafeArrayPtrOfIndex
0x4fadec SafeArrayPutElement
0x4fadf0 SafeArrayGetElement
0x4fadf8 SafeArrayAccessData
0x4fadfc SafeArrayGetUBound
0x4fae00 SafeArrayGetLBound
0x4fae04 SafeArrayCreate
0x4fae08 VariantChangeType
0x4fae0c VariantCopyInd
0x4fae10 VariantCopy
0x4fae14 VariantClear
0x4fae18 VariantInit
Library comctl32.dll:
0x4fae20 _TrackMouseEvent
0x4fae2c ImageList_Write
0x4fae30 ImageList_Read
0x4fae38 ImageList_DragMove
0x4fae3c ImageList_DragLeave
0x4fae40 ImageList_DragEnter
0x4fae44 ImageList_EndDrag
0x4fae48 ImageList_BeginDrag
0x4fae4c ImageList_Remove
0x4fae50 ImageList_DrawEx
0x4fae54 ImageList_Draw
0x4fae60 ImageList_Add
0x4fae68 ImageList_Destroy
0x4fae6c ImageList_Create
Library comdlg32.dll:
0x4fae74 GetSaveFileNameA
0x4fae78 GetOpenFileNameA
Library advapi32.dll:
0x4fae80 QueryServiceStatus
0x4fae84 OpenServiceA
0x4fae88 OpenSCManagerA
0x4fae8c CloseServiceHandle
Library url.dll:
0x4fae94 InetIsOffline

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57236 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.