SmartHawk

3.4

中危

60 个模型检测该样本为恶意！

重新分析

下载样本

aab2868a6ebc6bdee5bd12104191db9fc1950b30bcf96eab99801624651e77b6

d2de01858417fa3b580b3a95857847d5.exe

分析耗时

72s

最近分析

文件大小

164.0KB

静态报毒动态报毒 100% AGENTB AI SCORE=100 AIDETECTVM AKDOOR APTLAZERUS ARTEMIS BFNV BSCOPE CONFIDENCE DYNAMER EPHJCK FJIE FUERY GDSDA GENCIRC HIGH CONFIDENCE JXUW KCLOUD KQX@A8OVAJNG MALWARE2 MALWARE@#1TEPRTIDOGCS4 MJEE NUKESPED OCCAMY PEBBLEDASH R + TROJ SBEOO SCORE SOHORUUEIJH STATIC AI SUSPICIOUS PE UNSAFE WACATAC ZEXAF ZUSY 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Artemis!D2DE01858417	20210120	6.0.6.653
Alibaba	Trojan:Win32/Agentb.67733493	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:Malware-gen	20210120	21.1.5827.0
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)	20210120	2017.9.26.565
Tencent	Malware.Win32.Gencirc.114a14f5	20210120	1.0.0.1
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0

The executable uses a known packer (1 个事件)

packer

Armadillo v1.71

The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)

resource name

None

Foreign language identified in PE resource (2 个事件)

name

RT_BITMAP

language

LANG_KOREAN

offset

0x0002b0b0

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

size

0x000000e0

name

None

language

LANG_KOREAN

offset

0x0002b0a0

filetype

data

sublanguage

SUBLANG_KOREAN

size

0x0000000a

Communicates with host for which no DNS query was performed (2 个事件)

host	112.217.108.138
host	172.217.24.14

Generates some ICMP traffic

File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)

Bkav	W32.AIDetectVM.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Zusy.344441
McAfee	Artemis!D2DE01858417
Cylance	Unsafe
Zillya	Trojan.NukeSped.Win32.4
Sangfor	Malware
K7AntiVirus	Trojan ( 005641cc1 )
Alibaba	Trojan:Win32/Agentb.67733493
K7GW	Trojan ( 005641cc1 )
Cybereason	malicious.58417f
Cyren	W32/Trojan.MJEE-6834
Symantec	Trojan Horse
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Malware.Agent-7787947-0
Kaspersky	Trojan.Win32.Agentb.jxuw
BitDefender	Gen:Variant.Zusy.344441
NANO-Antivirus	Trojan.Win32.Fuery.ephjck
ViRobot	Trojan.Win32.Agent.167936.EE
Avast	Win32:Malware-gen
Rising	Trojan.NukeSped!8.3184 (TFE:5:sOhoruuEIjH)
Ad-Aware	Gen:Variant.Zusy.344441
Sophos	Mal/Generic-R + Troj/Agent-BFNV
Comodo	Malware@#1teprtidogcs4
F-Secure	Trojan.TR/AD.APTLazerus.sbeoo
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Backdoor.Win32.NUKESPED.AB
McAfee-GW-Edition	BehavesLike.Win32.Worm.ch
FireEye	Generic.mg.d2de01858417fa3b
Emsisoft	Gen:Variant.Zusy.344441 (B)
SentinelOne	Static AI - Suspicious PE
GData	Gen:Variant.Zusy.344441
Jiangmin	Trojan.Agentb.gxo
Webroot	W32.Trojan.Gen
Avira	TR/AD.APTLazerus.sbeoo
MAX	malware (ai score=100)
Antiy-AVL	Trojan/Win32.Wacatac
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Arcabit	Trojan.Zusy.D54179
AegisLab	Trojan.Win32.Malicious.4!c
ZoneAlarm	Trojan.Win32.Agentb.jxuw
Microsoft	Trojan:Win32/Occamy.AA
Cynet	Malicious (score: 85)
AhnLab-V3	Trojan/Win32.Akdoor.C2030137
BitDefenderTheta	Gen:NN.ZexaF.34760.kqX@a8ovAJnG
ALYac	Backdoor.Agent.fjie
TACHYON	Trojan/W32.PEBBLEDASH.167937
VBA32	BScope.Trojan.Dynamer
Malwarebytes	Trojan.PebbleDash

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2017-05-10 20:32:48

Imports

Library KERNEL32.dll:

• 0x422014 GetModuleHandleW

• 0x422018 GetVersionExW

• 0x42201c GetComputerNameW

• 0x422020 MultiByteToWideChar

• 0x422024 SetFileAttributesW

• 0x422028 FlushFileBuffers

• 0x42202c GetFileSizeEx

• 0x422030 GetLastError

• 0x422034 GetTickCount

• 0x422038 SetErrorMode

• 0x42203c Sleep

• 0x422040 lstrcpyA

• 0x422044 lstrlenA

• 0x422048 LockResource

• 0x42204c SizeofResource

• 0x422050 LoadResource

• 0x422054 FindResourceW

• 0x422058 SetFilePointer

• 0x42205c GetFileType

• 0x422060 CreateFileW

• 0x422064 DuplicateHandle

• 0x422068 GetCurrentProcess

• 0x42206c GetSystemInfo

• 0x422070 ReadFile

• 0x422074 WideCharToMultiByte

• 0x422078 SystemTimeToFileTime

• 0x42207c GetCurrentDirectoryW

• 0x422080 DosDateTimeToFileTime

• 0x422084 CreateDirectoryW

• 0x422088 SetFileTime

• 0x42208c WriteFile

• 0x422090 FileTimeToSystemTime

• 0x422094 FileTimeToDosDateTime

• 0x422098 GetFileSize

• 0x42209c GetLocalTime

• 0x4220a0 GetFileInformationByHandle

• 0x4220a4 MapViewOfFile

• 0x4220a8 CreateFileMappingW

• 0x4220ac UnmapViewOfFile

• 0x4220b0 FindClose

• 0x4220b4 FindNextFileW

• 0x4220b8 FindFirstFileW

• 0x4220bc GetOEMCP

• 0x4220c0 GetACP

• 0x4220c4 CompareStringW

• 0x4220c8 GetDiskFreeSpaceExW

• 0x4220cc GetSystemTime

• 0x4220d0 LoadLibraryA

• 0x4220d4 CloseHandle

• 0x4220d8 GetProcAddress

• 0x4220dc CompareStringA

• 0x4220e0 GetCPInfo

• 0x4220e4 SetEnvironmentVariableA

• 0x4220e8 SetStdHandle

• 0x4220ec GetStringTypeW

• 0x4220f0 GetStringTypeA

• 0x4220f4 IsBadCodePtr

• 0x4220f8 IsBadReadPtr

• 0x4220fc SetUnhandledExceptionFilter

• 0x422100 LCMapStringW

• 0x422104 LCMapStringA

• 0x422108 IsBadWritePtr

• 0x42210c VirtualAlloc

• 0x422110 HeapSize

• 0x422114 HeapReAlloc

• 0x422118 GetModuleHandleA

• 0x42211c GetStartupInfoW

• 0x422120 GetVersion

• 0x422124 ExitProcess

• 0x422128 MoveFileW

• 0x42212c TerminateProcess

• 0x422130 GetTimeZoneInformation

• 0x422134 HeapAlloc

• 0x422138 HeapFree

• 0x42213c RtlUnwind

• 0x422140 UnhandledExceptionFilter

• 0x422144 GetModuleFileNameW

• 0x422148 FreeEnvironmentStringsA

• 0x42214c FreeEnvironmentStringsW

• 0x422150 GetEnvironmentStringsW

• 0x422154 GetEnvironmentStrings

• 0x422158 GetCommandLineW

• 0x42215c GetCommandLineA

• 0x422160 SetHandleCount

• 0x422164 GetStdHandle

• 0x422168 GetStartupInfoA

• 0x42216c HeapDestroy

• 0x422170 HeapCreate

• 0x422174 VirtualFree

• 0x422178 GetModuleFileNameA

Library USER32.dll:

• 0x422188 MessageBoxW

• 0x42218c GetSystemMetrics

Library ADVAPI32.dll:

• 0x422000 OpenProcessToken

• 0x422004 GetTokenInformation

• 0x422008 LookupAccountSidW

• 0x42200c DuplicateTokenEx

Library OLEAUT32.dll:

• 0x422180 SystemTimeToVariantTime

Library WS2_32.dll:

• 0x422194 htonl

• 0x422198 WSAGetLastError

• 0x42219c ntohs

• 0x4221a0 gethostname

• 0x4221a4 setsockopt

• 0x4221a8 htons

• 0x4221ac ioctlsocket

• 0x4221b0 __WSAFDIsSet

Library WTSAPI32.dll:

• 0x4221b8 WTSQuerySessionInformationW

• 0x4221bc WTSEnumerateSessionsW

• 0x4221c0 WTSQueryUserToken

• 0x4221c4 WTSFreeMemory

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58368	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.