SmartHawk

0.9

低危

66 个模型检测该样本为恶意！

重新分析

下载样本

213d554a68c5b6dfcbd4e0237495eb65389a5e5a7ea38385fe1eee618b1e2177

213d554a68c5b6dfcbd4e0237495eb65389a5e5a7ea38385fe1eee618b1e2177.exe

分析耗时

195s

最近分析

366天前

文件大小

52.0KB

静态报毒动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN CLONE

DACN 0.12

FACILE 1.00

IMCLNet 0.64

MFGraph 0.00

引擎	描述	特征	威胁分数	可能家族	检测耗时
DACN	基于动态分析和胶囊网络的可视化恶意软件检测	API调用、DLL以及注册表的修改情况	0.12	Unknown	0.05s
FACILE	利用改进的层次胶囊网络对二进制恶意软件图像进行识别分类	二进制图像映射为的灰度图像	1.00	Unknown	0.03s
IMCLNet	轻量化深度卷积网络模型实现恶意软件家族检测	原始二进制映射而成的可视化图像	0.64	Unknown	0.19s
MFGraph	利用静态特征构建图网络以检测恶意软件	原始二进制PE文件的静态特征节点	0.00	Unknown	0.00s

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	Trojan:Win32/VBClone.46cb0c2c	20190527	0.3.0.5
Avast	Win32:Malware-gen	20200318	18.4.3895.0
Baidu	Win32.Adware.Kryptik.h	20190318	1.0.0.2
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0
Kingsoft	None	20200318	2013.8.14.323
McAfee	Trojan-FGAU!CA32E817900D	20200318	6.0.6.653
Tencent	Win32.Trojan.Vb.Syhm	20200318	1.0.0.1

与未执行 DNS 查询的主机进行通信 (1 个事件)

host

114.114.114.114

文件已被 VirusTotal 上 66 个反病毒引擎识别为恶意 (50 out of 66 个事件)

ALYac	Trojan.Agent.VB.CAT
APEX	Malicious
AVG	Win32:Malware-gen
Acronis	suspicious
Ad-Aware	Trojan.Agent.VB.CAT
AhnLab-V3	Unwanted/Win32.Agent.R233450
Alibaba	Trojan:Win32/VBClone.46cb0c2c
Antiy-AVL	Trojan/Win32.VB.cuvt
Arcabit	Trojan.Agent.VB.CAT
Avast	Win32:Malware-gen
Avira	TR/VB.Agent.dleuig
Baidu	Win32.Adware.Kryptik.h
BitDefender	Trojan.Agent.VB.CAT
BitDefenderTheta	Gen:NN.ZevbaF.34100.dmX@aGwaI2p
Bkav	W32.FamVT.VBCloneAATTc.Worm
CAT-QuickHeal	Trojan.Cuvt.A3
ClamAV	Win.Trojan.Agent-1388662
Comodo	TrojWare.Win32.VBClone.CUV@5qbrk1
CrowdStrike	win/malicious_confidence_100% (W)
Cybereason	malicious.7900d7
Cylance	Unsafe
Cyren	W32/S-a70b72ab!Eldorado
DrWeb	Trojan.VbCrypt.250
ESET-NOD32	Win32/VBClone.B
Emsisoft	Trojan.Agent.VB.CAT (B)
Endgame	malicious (high confidence)
F-Prot	W32/S-a70b72ab!Eldorado
F-Secure	Trojan.TR/VB.Agent.dleuig
FireEye	Generic.mg.ca32e817900d7390
Fortinet	W32/Generic.AC.1103!tr
GData	Trojan.Agent.VB.CAT
Ikarus	Trojan.VB.Agent
Invincea	heuristic
Jiangmin	Worm.WBNA.hwtv
K7AntiVirus	Trojan ( 004c16291 )
K7GW	P2PWorm ( 004bf10d1 )
Kaspersky	Trojan.Win32.VB.cuvt
Lionic	Trojan.Win32.VB.tnqI
MAX	malware (ai score=85)
Malwarebytes	Trojan.VBClone
MaxSecure	Trojan.VB.CUVT
McAfee	Trojan-FGAU!CA32E817900D
McAfee-GW-Edition	BehavesLike.Win32.Generic.qz
MicroWorld-eScan	Trojan.Agent.VB.CAT
Microsoft	Trojan:Win32/VBClone
NANO-Antivirus	Trojan.Win32.VB.fnrisw
Panda	Trj/Genetic.gen
Qihoo-360	Win32/Trojan.VBClone.A
Rising	Trojan.Win32.VBClone.a (CLOUD)
SUPERAntiSpyware	Trojan.Agent/Generic

288x288

224x224

192x192

160x160

128x128

96x96

64x64

32x32

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2012-06-24 14:09:09

PE Imphash

61fb9f4cbf58f13a86f01ac0c3861d54

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x000065c8	0x00007000	5.45172806804613
.data	0x00008000	0x000009ec	0x00001000	0.0
.rsrc	0x00009000	0x00004000	0x00004000	0.0

Imports

Library MSVBVM60.DLL:

• 0x401000 _CIcos

• 0x401004 _adj_fptan

• 0x401008 __vbaStrI4

• 0x40100c __vbaFreeVar

• 0x401010 __vbaFreeVarList

• 0x401014 _adj_fdiv_m64

• 0x401018 __vbaFreeObjList

• 0x40101c _adj_fprem1

• 0x401020 __vbaStrCat

• 0x401024 __vbaHresultCheckObj

• 0x401028 _adj_fdiv_m32

• 0x40102c None

• 0x401030 None

• 0x401034 None

• 0x401038 _adj_fdiv_m16i

• 0x40103c _adj_fdivr_m16i

• 0x401040 _CIsin

• 0x401044 __vbaChkstk

• 0x401048 __vbaFileClose

• 0x40104c EVENT_SINK_AddRef

• 0x401050 __vbaGenerateBoundsError

• 0x401054 __vbaStrCmp

• 0x401058 __vbaPutOwner4

• 0x40105c _adj_fpatan

• 0x401060 __vbaRedim

• 0x401064 EVENT_SINK_Release

• 0x401068 __vbaUI1I2

• 0x40106c _CIsqrt

• 0x401070 EVENT_SINK_QueryInterface

• 0x401074 __vbaExceptHandler

• 0x401078 _adj_fprem

• 0x40107c _adj_fdivr_m64

• 0x401080 None

• 0x401084 __vbaFPException

• 0x401088 __vbaInStrVar

• 0x40108c None

• 0x401090 __vbaVarCat

• 0x401094 __vbaGetOwner4

• 0x401098 None

• 0x40109c _CIlog

• 0x4010a0 __vbaErrorOverflow

• 0x4010a4 __vbaFileOpen

• 0x4010a8 __vbaNew2

• 0x4010ac None

• 0x4010b0 _adj_fdiv_m32i

• 0x4010b4 _adj_fdivr_m32i

• 0x4010b8 __vbaFreeStrList

• 0x4010bc _adj_fdivr_m32

• 0x4010c0 _adj_fdiv_r

• 0x4010c4 None

• 0x4010c8 __vbaVarTstNe

• 0x4010cc __vbaI4Var

• 0x4010d0 __vbaVarDup

• 0x4010d4 __vbaR8IntI2

• 0x4010d8 _CIatan

• 0x4010dc __vbaStrMove

• 0x4010e0 _allmul

• 0x4010e4 _CItan

• 0x4010e8 _CIexp

• 0x4010ec __vbaFreeObj

L!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
r1hrbrr
rvjrtrn
rbr}Artr
r}irWrSr+rgr
r/Nrmrrr0lrrDr
Project1
FSY<u:O3f
FVQ[]XQQZ
J~|ssB
]SJMzL
bT^~vN
XfNeb[T@dI
abZMWVJF[UIN
LP@JYO
ar_g\a^Z_RTG=
NcT^jZbm`RYZVD
G]t^dYfcknKd_CQ:Q[=
h_VQOVbSMJZ
dbHa_^sFSNW
~wSgUdP=
d}qHVRWZHm
uazfEb:
yf}cdbo\Tb
n:@6,-
hZlkmpO
gp}ZSi
wmkfwiX`XJdaPX
a`_vZa_OVcNgb_chXa
j$j!^0B)^
[/c8\%o/j*_7U=h@X9U+nF`1f5h
GnsurmikifVgjdhYjIlNMUQe
Cyrmjzyvt3
P{zpz~vv
~t|pi}{7
D}u}t|sE
XpvX`E>W?GLHI
\jef_TJUPDSINRV
?TF4C@=
>u}||w=
RokRgkZMMLNW?J]NJ;
Esqvnduoo\\a[[VVFII0<9
`cbtqjfofufMiZPN
\|ppuhd\jZTTYgQOC
c{v{vzfr>EG=
nni\mYY_GZ
YZ>SGzd
jzvjj]O[^`bPb7
m[xsChf>R
jwQh]^_NsE
~kuX\Id
gh}yjg-
x{w{vnefa}[rTk
potinkSi
Rptry^ie
\aVd]Y]FLI
nkSc[ZfO`j_fb][^KM\DEIIXBRXI+
VB5!*
Icon_Morphic
Project1
Project1
Project1
HAXMjVeBD
+3q"=h
VBA6.DLL
__vbaVarDup
__vbaGetOwner4
__vbaRedim
__vbaFreeObjList
__vbaUI1I2
__vbaGenerateBoundsError
__vbaR8IntI2
__vbaI4Var
__vbaFreeVarList
__vbaVarCat
__vbaInStrVar
__vbaVarTstNe
__vbaErrorOverflow
__vbaFileClose
__vbaPutOwner4
__vbaFileOpen
__vbaFreeVar
__vbaFreeObj
__vbaFreeStrList
__vbaStrI4
__vbaHresultCheckObj
__vbaNew2
__vbaStrCat
__vbaStrMove
__vbaStrCmp
XSVWeE
UQERMPUQRj
pYM3hb[@
ERMPUQERPj
EEEEEp`P@0 
p`P@0 
REMPQPUERP
pP`QRPP@PQP0 RP
QRPPQPRP
PQRPPQPp`RP
PP@QRP0 PQ
Q R0P@QPR`PpQRPQRPQRP
R P0Q@RPP`QpRMPUQERMPUQRPj
ERMPQURPEMPQPp`RP
PP@QRP0 PQP
PQRPPQPRP
PQRPp`PQPP@RP
0P QRP
Q R0P@QPR`PpQRPQRPQRP
R P0Q@RPP`QpRMPUQERMPUQRPj
C8t+f8
C4t/f8
K8t)f9
C4t/f8
UQERMPQPUERP
pP`QRPP@PQP0 RP
QRPPQPRP
PQRPPQPp`RP
PP@QRP0 PQP
Q R0P@QPR`PpQRPQRPQRP
R P0Q@RPP`QpRMPUQERMPUQRPj
RPUQERP
MPUQRPp`PQPP@RP
0P QRP
PQRPPQPRP
pP`QRPP@PQP0 RP
R P0Q@RPP`QpRPQRPQRPQ
P Q0R@PPQ`RpPUQERMPUQERPQj
C8t+f8
C4t/f8
K8t)f9
C4t/f8
R P0Q@RPP`QpRPQRPQRPQ
P Q0R@PPQ`RpPUQERMPUQERMPQj 
SVWeE 
U]R]]]]
ERMPUQERPj
MMMUMEEEEDV@
MUQERPMj
UERMPUQRj
MPUQERMPQj
MUQERMPQj
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaStrI4
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaPutOwner4
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaInStrVar
__vbaVarCat
__vbaGetOwner4
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaVarDup
__vbaR8IntI2
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
\Yaq_[
9NanqV]
jWnWed
`WOV^c
Heabbcca
caVYkfJn
\hzgbZdZ`[fSZ^R[h[]cpR]_`hYZ\a_ZDj\W]WndgelMPWZc[SXN~ha^ig\kQPUgh^aR]YJZ`bg
cJVtciR^[rTZXh
@QeZ\Y`llgj_bgI
SPKel^Yw^^Y]_]k
UG^RjZiX]dgW^b
YXaTeglYYl]eh[
QdVRWqiihJ`VTS
W\bhU``lX_\Y^T
Z]d[h^\ZWSXVVs
`ZTdQhJb_[cXch
[hTFmSe^\gWnha
bhR_Ydqg^`bcTg
jjb]R^
`dc]Scfz
jc\ZZT[\dZ\^RMaNK^][
\UPd\ZhjfV`YYrR]\JhY_b
XmUSdccb^Qd^^qa\pc^[\e[kk`rZVfY[qQdfid\QjM[Rb`bjN\R]imggcnLaV[_`htpi_o_]YW`e
qaYad[f`PaF[Xf\h_Y]m`YejeKlMf^YNoachV^ZMZdZiQ^YlcaUcgZW^^[TJKfOFPmTTUacVkZXU`Lf`kWq``[UiZbcUhc\jSY^bX^eKe`b_q\]fdUkv_{
hVaMTXlZVTaQhjefaoYf
jfpjoMVJ[WmP\Wc]\hIV
]ZbXN_X\T_]k\cQLaUcW
\[Pj_Y_DegNYYegbcbka
`[jre_`fbXhR[NgY`We\
f\[`c_dPas[fSgY_a\T\
jjabf\__`hg^TfZWfwZZ
cb_]bpae[]\JLgadSXfZ
[^U\Yclf]kgaGg]hlWff
c\Rq]iinvacmifZfZsaa
gYTYN[fXji\JV^Wfn__h
JgUa[R\eWjgxc]`MI_\S
]\ZWkb[QX\^c^bMQ_[de
bW^dVkdSedkYtR^Yiea[
i[}o^EUYX\`\tlYlZbUl
QbT[a`\]WbaXWi\^q^ZY
P`[moOJ]^cZj]evPbX[\
ZRTUcXRqnaVVSdY\WZS\
\oZdRU]cglaVS\d]\KYk
]PgT]edc[Q\ZdN\fEdZXmQa`
ZZiW]aK[fIWQ[`ZbRhZ[T`f_b_
N`]Pg^bObP[iaWS^XdadekZf\fiU
fmgfd^_hasLc]kb_fRkabe^cX_a^OX
Qm[g^Wek`kVhRi\_Vae^pTPro_UWaV^P
cXYU`vaYX]\ijQi`d^Rdh\eggUUfMThgq^Y]rWG_ab`Hj]UOXb_i_feR\fNbaYYbVd^nSghjdcrg]tZgf[hUbjb_cFnLYQNZ`^^_ZZkdT][qX\
@*\AC:\Users\darka\Desktop\Untitled\Anti Heur Icon\Source_Code\Project1.vbp
\CloneF_
Finish!

Hosts

IP
114.114.114.114

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	53179	224.0.0.252	5355
192.168.56.101	49642	224.0.0.252	5355
192.168.56.101	137	192.168.56.255	137
192.168.56.101	61714	114.114.114.114	53
192.168.56.101	56933	114.114.114.114	53
192.168.56.101	138	192.168.56.255	138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.