3.2
中危
33 个模型检测该样本为恶意!
重新分析
更多

94845caa1b9ac90fa7fbda390cc0214d989424e4818440c4a3462ea4d06a4b78

d0a98f9a2ed037985c1f0a03fbcc0242.exe

分析耗时

75s

最近分析

文件大小

496.5KB
静态报毒 动态报毒 100% AI SCORE=87 AIDETECTVM ATTRIBUTE CONFIDENCE FILEREPMETAGEN FUJACK FUJACKS GENERICKD HIGHCONFIDENCE KNASE MALWARE5 MALWARE@#11RY1MKRTD9YB SUSPECTFILE TAIL UNSAFE VIGORF VIKING 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee W32/Fujacks.v.gen 20201101 6.0.6.653
Alibaba Trojan:Win32/SuspectFile.8b96b0b0 20190527 0.3.0.5
Baidu Win32.Virus.Fujack.a 20190318 1.0.0.2
Tencent 20201101 1.0.0.1
Kingsoft 20201101 2013.8.14.323
Avast 20201101 20.10.5736.0
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (5 个事件)
section CODE
section DATA
section BSS
section .aspack
section .adata
The executable uses a known packer (1 个事件)
packer ASPack v2.12 -> Alexey Solodovnikov
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619910850.744662
NtAllocateVirtualMemory
process_identifier: 2368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x008b0000
success 0 0
Foreign language identified in PE resource (3 个事件)
name RT_ICON language LANG_CHINESE offset 0x000a04a8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000002e8
name RT_GROUP_ICON language LANG_CHINESE offset 0x000a0494 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_VERSION language LANG_CHINESE offset 0x000a0220 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000274
The binary likely contains encrypted or compressed data indicative of a packer (5 个事件)
entropy 7.99850638434048 section {'size_of_data': '0x0002c000', 'virtual_address': '0x00001000', 'entropy': 7.99850638434048, 'name': 'CODE', 'virtual_size': '0x0006e000'} description A section with a high entropy has been found
entropy 7.376522395731184 section {'size_of_data': '0x00000a00', 'virtual_address': '0x0006f000', 'entropy': 7.376522395731184, 'name': 'DATA', 'virtual_size': '0x00002000'} description A section with a high entropy has been found
entropy 7.54554848864511 section {'size_of_data': '0x00000e00', 'virtual_address': '0x00072000', 'entropy': 7.54554848864511, 'name': '.idata', 'virtual_size': '0x00003000'} description A section with a high entropy has been found
entropy 7.6697945413323465 section {'size_of_data': '0x00006200', 'virtual_address': '0x00080000', 'entropy': 7.6697945413323465, 'name': '.rsrc', 'virtual_size': '0x0001f000'} description A section with a high entropy has been found
entropy 0.9694835680751174 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 33 AntiVirus engines on VirusTotal as malicious (33 个事件)
Bkav W32.AIDetectVM.malware5
MicroWorld-eScan Trojan.GenericKD.43278288
McAfee W32/Fujacks.v.gen
Cylance Unsafe
VIPRE Win32.Fujacks.Gen (v)
Alibaba Trojan:Win32/SuspectFile.8b96b0b0
Cybereason malicious.ff926e
TrendMicro PE_FUJACKS.RC
Cyren W32/Fujack.A!Generic
Symantec ML.Attribute.HighConfidence
Baidu Win32.Virus.Fujack.a
TrendMicro-HouseCall PE_FUJACKS.RC
Paloalto generic.ml
BitDefender Trojan.GenericKD.43278288
APEX Malicious
Ad-Aware Trojan.GenericKD.43278288
Sophos Mal/Generic-S
Comodo Malware@#11ry1mkrtd9yb
Invincea Mal/Generic-S
McAfee-GW-Edition BehavesLike.Win32.Dropper.gc
FireEye Generic.mg.d0a98f9a2ed03798
Emsisoft Trojan.GenericKD.43278288 (B)
Ikarus SuspectFile
GData Trojan.GenericKD.43278288
Jiangmin Worm/Viking.Tail
Arcabit Trojan.Generic.D2945FD0
AegisLab Virus.Win32.Fujack.n!c
Microsoft Virus:Win32/Vigorf.A
ALYac Trojan.GenericKD.43278288
MAX malware (ai score=87)
Panda W32/Knase.C
AVG FileRepMetagen [Malware]
CrowdStrike win/malicious_confidence_100% (W)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x49ff5c GetProcAddress
0x49ff60 GetModuleHandleA
0x49ff64 LoadLibraryA
Library user32.dll:
0x4a010e GetKeyboardType
Library advapi32.dll:
0x4a0116 RegQueryValueExA
Library oleaut32.dll:
0x4a011e VariantChangeTypeEx
Library advapi32.dll:
0x4a0126 RegQueryValueExA
Library mpr.dll:
Library gdi32.dll:
0x4a0136 UnrealizeObject
Library user32.dll:
0x4a013e WindowFromPoint
Library ole32.dll:
0x4a0146 IsEqualGUID
Library comctl32.dll:
Library shell32.dll:
0x4a0156 ShellExecuteA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.