1.6
低危
18 个模型检测该样本为恶意!
重新分析
更多

7ebec93c2162beb93fc439199129021d5bd2e90fdb1eca090566f5b97671239b

cab36444cd3763b606f903d2707891d2.exe

分析耗时

75s

最近分析

文件大小

1.9MB
静态报毒 动态报毒 ARTEMIS BLUTEAL BSCOPE CDUD CLOUD CONFIDENCE HFSOVAL MALICIOUS MALICIOUS PE POSSIBLETHREAT SUSGEN TIGGRE TVRI UNSAFE VBKRYPT 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!CAB36444CD37 20200205 6.0.6.653
Alibaba 20190527 0.3.0.5
Avast 20200205 18.4.3895.0
Baidu 20190318 1.0.0.2
Kingsoft 20200205 2013.8.14.323
Tencent 20200205 1.0.0.1
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
静态指标
行为判定
动态指标
Foreign language identified in PE resource (1 个事件)
name RT_VERSION language LANG_CHINESE offset 0x000520f0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000380
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 18 AntiVirus engines on VirusTotal as malicious (18 个事件)
Bkav W32.HfsOval.
McAfee Artemis!CAB36444CD37
Cylance Unsafe
F-Prot W32/Trojan.CDUD
ClamAV Win.Trojan.Agent-491290
Paloalto generic.ml
Rising Trojan.Tiggre!8.ED98 (CLOUD)
McAfee-GW-Edition Artemis
Ikarus Trojan-Dropper.Agent
Cyren W32/Trojan.TVRI-0396
Microsoft Trojan:Win32/Bluteal!rfn
VBA32 BScope.Trojan.VBKrypt
APEX Malicious
SentinelOne DFI - Malicious PE
MaxSecure Trojan.Malware.11973.susgen
Fortinet PossibleThreat
Webroot W32.Trojan.Cdud
CrowdStrike win/malicious_confidence_60% (W)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2006-09-04 15:33:15

Imports

Library MSVBVM50.DLL:
0x4512a4 __vbaVarSub
0x4512a8 __vbaStrI2
0x4512ac _CIcos
0x4512b0 _adj_fptan
0x4512b4 __vbaVarMove
0x4512b8 __vbaStrI4
0x4512bc __vbaFreeVar
0x4512c0 __vbaLenBstr
0x4512c4 __vbaStrVarMove
0x4512c8
0x4512cc __vbaVarIdiv
0x4512d0 __vbaFreeVarList
0x4512d4 __vbaEnd
0x4512d8 _adj_fdiv_m64
0x4512dc __vbaPut4
0x4512e0 __vbaVarIndexStore
0x4512e4 __vbaFreeObjList
0x4512e8
0x4512ec __vbaGetFxStr4
0x4512f0
0x4512f4 __vbaStrErrVarCopy
0x4512f8 _adj_fprem1
0x4512fc __vbaRecAnsiToUni
0x451300 __vbaResume
0x451304 __vbaStrCat
0x451308 __vbaLsetFixstr
0x45130c __vbaRecDestruct
0x451310 __vbaSetSystemError
0x451318 __vbaLenVar
0x45131c _adj_fdiv_m32
0x451320 __vbaAryDestruct
0x451324
0x451328 __vbaBoolStr
0x45132c
0x451330 __vbaExitProc
0x451334 __vbaFileCloseAll
0x451338
0x45133c __vbaOnError
0x451340 __vbaObjSet
0x451344
0x451348
0x45134c _adj_fdiv_m16i
0x451350 __vbaObjSetAddref
0x451354 _adj_fdivr_m16i
0x451358
0x45135c __vbaVarIndexLoad
0x451360 __vbaBoolVarNull
0x451364 _CIsin
0x451368
0x45136c
0x451370 __vbaErase
0x451374 __vbaVarCmpGt
0x451378 __vbaChkstk
0x45137c
0x451380 __vbaFileClose
0x451384 EVENT_SINK_AddRef
0x451388
0x45138c __vbaVarAbs
0x451390 __vbaStrCmp
0x451394 __vbaGet4
0x451398 __vbaPutOwner3
0x45139c __vbaVarTstEq
0x4513a0 __vbaR4Str
0x4513a4 DllFunctionCall
0x4513a8
0x4513ac __vbaVarOr
0x4513b0 __vbaAryConstruct
0x4513b4 __vbaStrR4
0x4513b8 _adj_fpatan
0x4513bc __vbaLateIdCallLd
0x4513c0 __vbaR8Cy
0x4513c4 __vbaRedim
0x4513c8 __vbaRecUniToAnsi
0x4513cc EVENT_SINK_Release
0x4513d0 __vbaNew
0x4513d4
0x4513d8 _CIsqrt
0x4513dc __vbaRedimVar
0x4513e0 __vbaVarAnd
0x4513e8 __vbaVarMul
0x4513ec __vbaExceptHandler
0x4513f0 __vbaStrToUnicode
0x4513f4
0x4513f8 _adj_fprem
0x4513fc _adj_fdivr_m64
0x451400 __vbaVarDiv
0x451404
0x451408
0x45140c
0x451410 __vbaFPException
0x451414 __vbaInStrVar
0x451418 __vbaGetOwner3
0x45141c __vbaUbound
0x451420 __vbaStrVarVal
0x451424 __vbaR4ForNextCheck
0x451428 __vbaGetOwner4
0x45142c __vbaVarCat
0x451430 __vbaLsetFixstrFree
0x451434
0x451438
0x45143c
0x451440 _CIlog
0x451444 __vbaFileOpen
0x451448
0x45144c
0x451450 __vbaNew2
0x451454 __vbaInStr
0x451458 __vbaR8Str
0x45145c _adj_fdiv_m32i
0x451460 _adj_fdivr_m32i
0x451464 __vbaStrCopy
0x451468 __vbaI4Str
0x45146c __vbaFreeStrList
0x451470
0x451474 _adj_fdivr_m32
0x451478 __vbaPowerR8
0x45147c _adj_fdiv_r
0x451480
0x451484
0x451488
0x45148c
0x451490 __vbaVarTstNe
0x451494 __vbaI4Var
0x451498 __vbaVarCmpEq
0x45149c __vbaFpCy
0x4514a0 __vbaVarAdd
0x4514a4 __vbaAryLock
0x4514a8 __vbaVarDup
0x4514ac __vbaStrToAnsi
0x4514b0 __vbaVerifyVarObj
0x4514b4 __vbaFpI2
0x4514b8 __vbaVarMod
0x4514bc __vbaFpI4
0x4514c0
0x4514c4 __vbaVarCopy
0x4514cc __vbaR8IntI2
0x4514d0 _CIatan
0x4514d4 __vbaCastObj
0x4514d8 __vbaStrMove
0x4514dc
0x4514e0 __vbaR8IntI4
0x4514e4
0x4514e8 __vbaPutFxStr4
0x4514ec _allmul
0x4514f0 __vbaLenVarB
0x4514f4 _CItan
0x4514f8 __vbaFPInt
0x4514fc __vbaAryUnlock
0x451500 _CIexp
0x451504 __vbaMidStmtBstr
0x451508
0x45150c __vbaFreeObj
0x451510 __vbaFreeStr
0x451514 __vbaI4ErrVar
0x451518

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49238 239.255.255.250 1900
192.168.56.101 53658 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.