4.6
中危
56 个模型检测该样本为恶意!
重新分析
更多

dccc689c986e357d5dbdc987e72e6b8a0e9017cbf347449b27c84b8b7b9d507a

d17150af2caeec5da4029822d740137a.exe

分析耗时

145s

最近分析

文件大小

2.8MB
静态报毒 动态报毒 100% AI SCORE=99 AIDETECTVM AKMT ARTEMIS ATTRIBUTE AVADDON AVADDONRANSOM AVVADDON BLOCKER CLASSIC CONFIDENCE CRIDEX DANGEROUSSIG DOWNLOADER33 EHLS ENCPK FALSESIGN GRAYWARE HDZX HIGH CONFIDENCE HIGHCONFIDENCE HLQKVI IL8ZPSBSHCI KRYPTIK MALICIOUS PE MALWARE1 MALWARE@#1GSBTGP53AKBK MPGA NJYGP PLUF QAKBOT R + MAL RAZY SCORE STATIC AI UBAZ UNSAFE WPIV XO1@A0UKY ZENPAK ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!D17150AF2CAE 20201227 6.0.6.653
Baidu 20190318 1.0.0.2
Avast Win32:DangerousSig [Trj] 20201227 21.1.5827.0
Alibaba Trojan:Win32/QakBot.19d63c1c 20190527 0.3.0.5
Tencent Win32.Trojan.Falsesign.Wpiv 20201227 1.0.0.1
Kingsoft 20201227 2017.9.26.565
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:3470400578&cup2hreq=8c0242645f86e6d6fe9e6b7d2770165f1ca1bf630576e620eb3104b6ecdd32fe
Performs some HTTP requests (5 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o76n7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.105&mm=28&mn=sn-j5o76n7e&ms=nvh&mt=1619902133&mv=u&mvi=1&pl=23&shardbypass=yes
request HEAD http://r4---sn-j5o76n7l.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=4&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5oe7e&req_id=c75d8515596b043e&cms_redirect=yes&ipbypass=yes&mip=59.50.85.28&mm=28&mn=sn-j5o76n7l&ms=nvh&mt=1619902577&mv=m
request GET http://r4---sn-j5o76n7l.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=4&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5oe7e&req_id=c75d8515596b043e&cms_redirect=yes&ipbypass=yes&mip=59.50.85.28&mm=28&mn=sn-j5o76n7l&ms=nvh&mt=1619902577&mv=m
request POST https://update.googleapis.com/service/update2?cup2key=10:3470400578&cup2hreq=8c0242645f86e6d6fe9e6b7d2770165f1ca1bf630576e620eb3104b6ecdd32fe
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:3470400578&cup2hreq=8c0242645f86e6d6fe9e6b7d2770165f1ca1bf630576e620eb3104b6ecdd32fe
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619910851.887334
NtAllocateVirtualMemory
process_identifier: 472
region_size: 1085440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x006d0000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 203.208.41.66
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.160.78:443
File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
McAfee Artemis!D17150AF2CAE
Cylance Unsafe
Zillya Trojan.Kryptik.Win32.2044590
K7AntiVirus Trojan ( 005689d01 )
BitDefender Gen:Variant.Razy.684851
K7GW Trojan ( 005689d01 )
Cybereason malicious.f2caee
Cyren W32/Trojan.UBAZ-1073
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Kryptik.HDZX
APEX Malicious
Avast Win32:DangerousSig [Trj]
Cynet Malicious (score: 100)
Kaspersky Trojan-Ransom.Win32.Blocker.mpga
Alibaba Trojan:Win32/QakBot.19d63c1c
NANO-Antivirus Trojan.Win32.Kryptik.hlqkvi
Paloalto generic.ml
MicroWorld-eScan Gen:Variant.Razy.684851
Tencent Win32.Trojan.Falsesign.Wpiv
Ad-Aware Gen:Variant.Razy.684851
Sophos Mal/Generic-R + Mal/EncPk-APV
Comodo Malware@#1gsbtgp53akbk
F-Secure Trojan.TR/AD.AvaddonRansom.njygp
DrWeb Trojan.DownLoader33.53035
VIPRE Trojan.Win32.Generic!BT
TrendMicro Backdoor.Win32.QAKBOT.SMF
McAfee-GW-Edition Avvaddon.a
FireEye Gen:Variant.Razy.684851
Emsisoft Adware.Generic (A)
SentinelOne Static AI - Malicious PE
GData Gen:Variant.Razy.684851
Webroot W32.Trojan.Gen
Avira TR/AD.AvaddonRansom.njygp
Antiy-AVL GrayWare/Win32.Kryptik.ehls
Gridinsoft Trojan.Win32.Kryptik.vb
Arcabit Trojan.Razy.DA7333
AegisLab Trojan.Win32.Blocker.j!c
ZoneAlarm Trojan-Ransom.Win32.Blocker.mpga
Microsoft Trojan:Win32/QakBot.GM!MTB
AhnLab-V3 Trojan/Win32.Agent.C4130020
ALYac Trojan.Ransom.Avaddon
MAX malware (ai score=99)
VBA32 Trojan.Downloader
Malwarebytes Trojan.MalPack.DGI
TrendMicro-HouseCall Backdoor.Win32.QAKBOT.SMF
Rising Trojan.Kryptik!1.C778 (CLASSIC)
Yandex Trojan.Kryptik!iL8zPsBShCI
Ikarus Trojan.Win32.Pluf
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-06-10 16:30:52

Imports

Library KERNEL32.dll:
0x6c7328 GetModuleHandleA
0x6c732c VirtualAllocEx
0x6c7330 GetLastError
0x6c7334 LoadLibraryA
0x6c7338 GetProcAddress
Library USER32.dll:
0x6c7340 LoadIconA
0x6c7344 LoadCursorA
0x6c7348 RegisterClassExA
0x6c734c CreateWindowExA
0x6c7350 ShowWindow
0x6c7354 UpdateWindow
0x6c7358 GetMessageA
0x6c735c TranslateMessage
0x6c7360 DispatchMessageA
0x6c7364 BeginPaint
0x6c7368 GetClientRect
0x6c736c DrawTextA
0x6c7370 EndPaint
0x6c7374 PostQuitMessage
0x6c7378 DefWindowProcA
0x6c737c DestroyCursor
Library GDI32.dll:
0x6c7384 GetStockObject
0x6c7388 AddFontResourceA
0x6c738c GetEnhMetaFileW
0x6c7390 CloseEnhMetaFile
Library ADVAPI32.dll:
0x6c7398 RegOpenKeyW
0x6c739c RegQueryValueExA
Library WINMM.dll:
0x6c73a4 PlaySoundA

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49181 113.108.239.130 r1---sn-j5o76n7e.gvt1.com 80
192.168.56.101 49177 203.208.40.34 update.googleapis.com 443
192.168.56.101 49180 203.208.41.65 redirector.gvt1.com 80
192.168.56.101 49182 58.63.233.69 r4---sn-j5o76n7l.gvt1.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://r4---sn-j5o76n7l.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=4&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5oe7e&req_id=c75d8515596b043e&cms_redirect=yes&ipbypass=yes&mip=59.50.85.28&mm=28&mn=sn-j5o76n7l&ms=nvh&mt=1619902577&mv=m 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=4&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5oe7e&req_id=c75d8515596b043e&cms_redirect=yes&ipbypass=yes&mip=59.50.85.28&mm=28&mn=sn-j5o76n7l&ms=nvh&mt=1619902577&mv=m HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r4---sn-j5o76n7l.gvt1.com
http://r4---sn-j5o76n7l.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=4&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5oe7e&req_id=c75d8515596b043e&cms_redirect=yes&ipbypass=yes&mip=59.50.85.28&mm=28&mn=sn-j5o76n7l&ms=nvh&mt=1619902577&mv=m 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=4&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5oe7e&req_id=c75d8515596b043e&cms_redirect=yes&ipbypass=yes&mip=59.50.85.28&mm=28&mn=sn-j5o76n7l&ms=nvh&mt=1619902577&mv=m HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=0-7415
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r4---sn-j5o76n7l.gvt1.com
http://r4---sn-j5o76n7l.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=4&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5oe7e&req_id=c75d8515596b043e&cms_redirect=yes&ipbypass=yes&mip=59.50.85.28&mm=28&mn=sn-j5o76n7l&ms=nvh&mt=1619902577&mv=m 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=4&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5oe7e&req_id=c75d8515596b043e&cms_redirect=yes&ipbypass=yes&mip=59.50.85.28&mm=28&mn=sn-j5o76n7l&ms=nvh&mt=1619902577&mv=m HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=7416-18081
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r4---sn-j5o76n7l.gvt1.com
http://r1---sn-j5o76n7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.105&mm=28&mn=sn-j5o76n7e&ms=nvh&mt=1619902133&mv=u&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.105&mm=28&mn=sn-j5o76n7e&ms=nvh&mt=1619902133&mv=u&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o76n7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.