8.6
极危
60 个模型检测该样本为恶意!
重新分析
更多

272250b295e6c441b9d15fc276bcd1d98676e010687a3ceaf28afad3113b0cc0

d2fe3029886ac2d2a3c688682a76211f.exe

分析耗时

130s

最近分析

文件大小

51.5KB
静态报毒 动态报毒 100% AI SCORE=89 AIDETECTVM ATTRIBUTE BSCOPE CONFIDENCE CYHB DC1@AISDH3JI DFAR DOFOIL ELDORADO FINAX FS@6K0819 GEN4 GENCIRC GENERICRXKW GENETIC HIGH CONFIDENCE HIGHCONFIDENCE HLPZRI HUPIGON KCLOUD KRYPTIK MALICIOUS PE MALWARE1 NFVZFI QOCC QVM20 R007C0DJN20 RAZY SCORE STATIC AI SUSGEN TINBA TROJANPSW UNSAFE ZEXAF ZPACK 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXKW-VA!D2FE3029886A 20201211 6.0.6.653
Alibaba Trojan:Win32/Tinba.c0b07903 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20201210 21.1.5827.0
Kingsoft Win32.Troj.Undef.(kcloud) 20201211 2017.9.26.565
Tencent Malware.Win32.Gencirc.10cdd1fb 20201211 1.0.0.1
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619910848.059334
NtAllocateVirtualMemory
process_identifier: 1316
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00020000
success 0 0
1619910848.074334
NtAllocateVirtualMemory
process_identifier: 1316
region_size: 10485760
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x021d0000
success 0 0
1619922132.39525
NtAllocateVirtualMemory
process_identifier: 2616
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00330000
success 0 0
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\59976B06\bin.exe
Creates hidden or system file (3 个事件)
Time & API Arguments Status Return Repeated
1619922137.41125
SetFileAttributesW
file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Packages\windows_ie_ac_001\AC\59976B06
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Packages\windows_ie_ac_001\AC\59976B06
failed 0 0
1619922137.41125
SetFileAttributesW
file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\LocalLow\59976B06
filepath: C:\Users\Administrator.Oskar-PC\AppData\LocalLow\59976B06
success 1 0
1619922137.41125
SetFileAttributesW
file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Roaming\59976B06
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\59976B06
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.360260215315749 section {'size_of_data': '0x00002000', 'virtual_address': '0x0000a000', 'entropy': 7.360260215315749, 'name': '.8NzKTbM', 'virtual_size': '0x00001f8a'} description A section with a high entropy has been found
网络通信
One or more of the buffers contains an embedded PE file (1 个事件)
buffer Buffer with sha1: fee2310aeecea7c606a75b9ccce0363bde314813
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Allocates execute permission to another process indicative of possible code injection (39 个事件)
Time & API Arguments Status Return Repeated
1619910848.684334
NtProtectVirtualMemory
process_identifier: 2616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000074
base_address: 0x008f1000
success 0 0
1619922132.39525
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000088
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x06cf0000
success 0 0
1619922138.41125
NtAllocateVirtualMemory
process_identifier: 276
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00210000
success 0 0
1619922138.41125
NtAllocateVirtualMemory
process_identifier: 372
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00c00000
success 0 0
1619922138.41125
NtAllocateVirtualMemory
process_identifier: 424
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01320000
success 0 0
1619922138.41125
NtAllocateVirtualMemory
process_identifier: 432
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00110000
success 0 0
1619922138.41125
NtAllocateVirtualMemory
process_identifier: 476
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00110000
success 0 0
1619922138.41125
NtAllocateVirtualMemory
process_identifier: 508
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x001d0000
success 0 0
1619922138.41125
NtAllocateVirtualMemory
process_identifier: 536
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x009e0000
success 0 0
1619922138.41125
NtAllocateVirtualMemory
process_identifier: 544
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00190000
success 0 0
1619922138.42625
NtAllocateVirtualMemory
process_identifier: 656
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
1619922138.42625
NtAllocateVirtualMemory
process_identifier: 720
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000d0000
success 0 0
1619922138.42625
NtAllocateVirtualMemory
process_identifier: 788
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x001c0000
success 0 0
1619922138.42625
NtAllocateVirtualMemory
process_identifier: 868
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00e50000
success 0 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 924
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00e50000
success 0 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 956
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00f70000
success 0 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 540
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00d10000
success 0 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 1080
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x014f0000
success 0 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 1260
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00190000
success 0 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 1288
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00180000
success 0 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 1336
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00350000
success 0 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 1384
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00130000
success 0 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x06d10000
success 0 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 1592
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004b0000
success 0 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 1980
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00190000
success 0 0
1619922138.45825
NtAllocateVirtualMemory
process_identifier: 1240
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00370000
success 0 0
1619922138.45825
NtAllocateVirtualMemory
process_identifier: 2072
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00120000
success 0 0
1619922138.45825
NtAllocateVirtualMemory
process_identifier: 2380
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x04850000
success 0 0
1619922138.45825
NtAllocateVirtualMemory
process_identifier: 2460
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00bb0000
success 0 0
1619922138.45825
NtAllocateVirtualMemory
process_identifier: 2672
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003d0000
success 0 0
1619922138.45825
NtAllocateVirtualMemory
process_identifier: 2744
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00b60000
success 0 0
1619922138.45825
NtAllocateVirtualMemory
process_identifier: 2784
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x007a0000
success 0 0
1619922138.45825
NtAllocateVirtualMemory
process_identifier: 2884
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03f80000
success 0 0
1619922138.45825
NtAllocateVirtualMemory
process_identifier: 2940
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00140000
success 0 0
1619922138.45825
NtAllocateVirtualMemory
process_identifier: 2132
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000f0000
success 0 0
1619922138.45825
NtAllocateVirtualMemory
process_identifier: 2272
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02ab0000
success 0 0
1619922138.45825
NtAllocateVirtualMemory
process_identifier: 2264
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00690000
success 0 0
1619922138.45825
NtAllocateVirtualMemory
process_identifier: 2368
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00170000
success 0 0
1619922138.45825
NtAllocateVirtualMemory
process_identifier: 2616
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00890000
success 0 0
Installs itself for autorun at Windows startup (1 个事件)
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\59976B06 reg_value C:\Users\Administrator.Oskar-PC\AppData\Roaming\59976B06\bin.exe
Manipulates memory of a non-child process indicative of process injection (50 out of 75 个事件)
Process injection Process 2616 manipulating memory of non-child process 1424
Process injection Process 2616 manipulating memory of non-child process 276
Process injection Process 2616 manipulating memory of non-child process 372
Process injection Process 2616 manipulating memory of non-child process 424
Process injection Process 2616 manipulating memory of non-child process 432
Process injection Process 2616 manipulating memory of non-child process 476
Process injection Process 2616 manipulating memory of non-child process 508
Process injection Process 2616 manipulating memory of non-child process 536
Process injection Process 2616 manipulating memory of non-child process 544
Process injection Process 2616 manipulating memory of non-child process 656
Process injection Process 2616 manipulating memory of non-child process 720
Process injection Process 2616 manipulating memory of non-child process 788
Process injection Process 2616 manipulating memory of non-child process 868
Process injection Process 2616 manipulating memory of non-child process 924
Process injection Process 2616 manipulating memory of non-child process 956
Process injection Process 2616 manipulating memory of non-child process 540
Process injection Process 2616 manipulating memory of non-child process 1080
Process injection Process 2616 manipulating memory of non-child process 1260
Process injection Process 2616 manipulating memory of non-child process 1288
Process injection Process 2616 manipulating memory of non-child process 1336
Process injection Process 2616 manipulating memory of non-child process 1384
Process injection Process 2616 manipulating memory of non-child process 1592
Process injection Process 2616 manipulating memory of non-child process 1980
Process injection Process 2616 manipulating memory of non-child process 1240
Process injection Process 2616 manipulating memory of non-child process 2072
Time & API Arguments Status Return Repeated
1619922132.39525
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000088
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x06cf0000
success 0 0
1619922138.41125
NtAllocateVirtualMemory
process_identifier: 276
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00210000
success 0 0
1619922138.41125
NtAllocateVirtualMemory
process_identifier: 372
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00c00000
success 0 0
1619922138.41125
NtAllocateVirtualMemory
process_identifier: 424
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01320000
success 0 0
1619922138.41125
NtAllocateVirtualMemory
process_identifier: 432
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00110000
success 0 0
1619922138.41125
NtAllocateVirtualMemory
process_identifier: 476
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00110000
success 0 0
1619922138.41125
NtAllocateVirtualMemory
process_identifier: 508
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x001d0000
success 0 0
1619922138.41125
NtAllocateVirtualMemory
process_identifier: 536
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x009e0000
success 0 0
1619922138.41125
NtAllocateVirtualMemory
process_identifier: 544
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00190000
success 0 0
1619922138.42625
NtAllocateVirtualMemory
process_identifier: 656
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
1619922138.42625
NtAllocateVirtualMemory
process_identifier: 720
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000d0000
success 0 0
1619922138.42625
NtAllocateVirtualMemory
process_identifier: 788
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x001c0000
success 0 0
1619922138.42625
NtAllocateVirtualMemory
process_identifier: 868
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00e50000
success 0 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 924
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00e50000
success 0 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 956
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00f70000
success 0 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 540
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00d10000
success 0 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 1080
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x014f0000
success 0 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 1260
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00190000
success 0 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 1288
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00180000
success 0 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 1336
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00350000
success 0 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 1384
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00130000
success 0 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x06d10000
success 0 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 1592
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004b0000
success 0 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 1980
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00190000
success 0 0
1619922138.45825
NtAllocateVirtualMemory
process_identifier: 1240
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00370000
success 0 0
Potential code injection by writing to the memory of another process (1 个事件)
Time & API Arguments Status Return Repeated
1619910848.684334
WriteProcessMemory
process_identifier: 2616
buffer: 艉ÇW蟉ÃèReadProcessMemoryWÿӉÆè VirtualAllocWÿÓè[ë@j@h0ÿ³W@jÿЅÀt ‰ÇƒW@jÿ0WÿpÿpÿօÀtÇó WÃÌ[$d¡0‹@ ‹@‹‹H y 32uò‹@ÃU‰åW‹E‰ÂR<‹Rx‹r Æ1ÉAƒÆ‹>ǁocAduï‰Ær$·4N4°r_ÉÂ
process_handle: 0x00000074
base_address: 0x008f16c1
success 1 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 1316 resumed a thread in remote process 2616
Time & API Arguments Status Return Repeated
1619910849.246334
NtResumeThread
thread_handle: 0x0000002c
suspend_count: 1
process_identifier: 2616
success 0 0
Executed a process and injected code into it, probably while unpacking (50 out of 80 个事件)
Time & API Arguments Status Return Repeated
1619910848.684334
CreateProcessInternalW
thread_identifier: 152
thread_handle: 0x0000002c
process_identifier: 2616
current_directory:
filepath:
track: 1
command_line: winver
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000074
inherit_handles: 0
success 1 0
1619910848.684334
NtGetContextThread
thread_handle: 0x0000002c
success 0 0
1619910848.684334
WriteProcessMemory
process_identifier: 2616
buffer: 艉ÇW蟉ÃèReadProcessMemoryWÿӉÆè VirtualAllocWÿÓè[ë@j@h0ÿ³W@jÿЅÀt ‰ÇƒW@jÿ0WÿpÿpÿօÀtÇó WÃÌ[$d¡0‹@ ‹@‹‹H y 32uò‹@ÃU‰åW‹E‰ÂR<‹Rx‹r Æ1ÉAƒÆ‹>ǁocAduï‰Ær$·4N4°r_ÉÂ
process_handle: 0x00000074
base_address: 0x008f16c1
success 1 0
1619910849.246334
NtResumeThread
thread_handle: 0x0000002c
suspend_count: 1
process_identifier: 2616
success 0 0
1619922132.39525
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000088
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x06cf0000
success 0 0
1619922132.39525
WriteProcessMemory
process_identifier: 1424
buffer:
process_handle: 0x00000088
base_address: 0x06cf0000
success 1 0
1619922138.41125
NtAllocateVirtualMemory
process_identifier: 276
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00210000
success 0 0
1619922138.41125
WriteProcessMemory
process_identifier: 276
buffer:
process_handle: 0x000000a4
base_address: 0x00210000
success 1 0
1619922138.41125
NtAllocateVirtualMemory
process_identifier: 372
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00c00000
success 0 0
1619922138.41125
WriteProcessMemory
process_identifier: 372
buffer:
process_handle: 0x000000a4
base_address: 0x00c00000
success 1 0
1619922138.41125
NtAllocateVirtualMemory
process_identifier: 424
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01320000
success 0 0
1619922138.41125
WriteProcessMemory
process_identifier: 424
buffer:
process_handle: 0x000000a4
base_address: 0x01320000
success 1 0
1619922138.41125
NtAllocateVirtualMemory
process_identifier: 432
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00110000
success 0 0
1619922138.41125
WriteProcessMemory
process_identifier: 432
buffer:
process_handle: 0x000000a4
base_address: 0x00110000
success 1 0
1619922138.41125
NtAllocateVirtualMemory
process_identifier: 476
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00110000
success 0 0
1619922138.41125
WriteProcessMemory
process_identifier: 476
buffer:
process_handle: 0x000000a4
base_address: 0x00110000
success 1 0
1619922138.41125
NtAllocateVirtualMemory
process_identifier: 508
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x001d0000
success 0 0
1619922138.41125
WriteProcessMemory
process_identifier: 508
buffer:
process_handle: 0x000000a4
base_address: 0x001d0000
success 1 0
1619922138.41125
NtAllocateVirtualMemory
process_identifier: 536
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x009e0000
success 0 0
1619922138.41125
WriteProcessMemory
process_identifier: 536
buffer:
process_handle: 0x000000a4
base_address: 0x009e0000
success 1 0
1619922138.41125
NtAllocateVirtualMemory
process_identifier: 544
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00190000
success 0 0
1619922138.41125
WriteProcessMemory
process_identifier: 544
buffer:
process_handle: 0x000000a4
base_address: 0x00190000
success 1 0
1619922138.42625
NtAllocateVirtualMemory
process_identifier: 656
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
1619922138.42625
WriteProcessMemory
process_identifier: 656
buffer:
process_handle: 0x000000a4
base_address: 0x00400000
success 1 0
1619922138.42625
NtAllocateVirtualMemory
process_identifier: 720
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000d0000
success 0 0
1619922138.42625
WriteProcessMemory
process_identifier: 720
buffer:
process_handle: 0x000000a4
base_address: 0x000d0000
success 1 0
1619922138.42625
NtAllocateVirtualMemory
process_identifier: 788
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x001c0000
success 0 0
1619922138.42625
WriteProcessMemory
process_identifier: 788
buffer:
process_handle: 0x000000a4
base_address: 0x001c0000
success 1 0
1619922138.42625
NtAllocateVirtualMemory
process_identifier: 868
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00e50000
success 0 0
1619922138.42625
WriteProcessMemory
process_identifier: 868
buffer:
process_handle: 0x000000a4
base_address: 0x00e50000
success 1 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 924
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00e50000
success 0 0
1619922138.44225
WriteProcessMemory
process_identifier: 924
buffer:
process_handle: 0x000000a4
base_address: 0x00e50000
success 1 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 956
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00f70000
success 0 0
1619922138.44225
WriteProcessMemory
process_identifier: 956
buffer:
process_handle: 0x000000a4
base_address: 0x00f70000
success 1 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 540
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00d10000
success 0 0
1619922138.44225
WriteProcessMemory
process_identifier: 540
buffer:
process_handle: 0x000000a4
base_address: 0x00d10000
success 1 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 1080
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x014f0000
success 0 0
1619922138.44225
WriteProcessMemory
process_identifier: 1080
buffer:
process_handle: 0x000000a4
base_address: 0x014f0000
success 1 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 1260
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00190000
success 0 0
1619922138.44225
WriteProcessMemory
process_identifier: 1260
buffer:
process_handle: 0x000000a4
base_address: 0x00190000
success 1 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 1288
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00180000
success 0 0
1619922138.44225
WriteProcessMemory
process_identifier: 1288
buffer:
process_handle: 0x000000a4
base_address: 0x00180000
success 1 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 1336
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00350000
success 0 0
1619922138.44225
WriteProcessMemory
process_identifier: 1336
buffer:
process_handle: 0x000000a4
base_address: 0x00350000
success 1 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 1384
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00130000
success 0 0
1619922138.44225
WriteProcessMemory
process_identifier: 1384
buffer:
process_handle: 0x000000a4
base_address: 0x00130000
success 1 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x06d10000
success 0 0
1619922138.44225
WriteProcessMemory
process_identifier: 1424
buffer:
process_handle: 0x000000a4
base_address: 0x06d10000
success 1 0
1619922138.44225
NtAllocateVirtualMemory
process_identifier: 1592
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000a4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004b0000
success 0 0
1619922138.44225
WriteProcessMemory
process_identifier: 1592
buffer:
process_handle: 0x000000a4
base_address: 0x004b0000
success 1 0
File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Razy.619814
FireEye Generic.mg.d2fe3029886ac2d2
McAfee GenericRXKW-VA!D2FE3029886A
Cylance Unsafe
Zillya Trojan.Kryptik.Win32.2018107
Sangfor Malware
K7AntiVirus Trojan ( 004f01f01 )
Alibaba Trojan:Win32/Tinba.c0b07903
K7GW Trojan ( 004b8c3b1 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Razy.D97526
BitDefenderTheta Gen:NN.ZexaF.34670.dC1@aiSdh3ji
Cyren W32/Dofoil.C.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Malware-gen
ClamAV Win.Trojan.Tinba-6390856-0
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Gen:Variant.Razy.619814
NANO-Antivirus Trojan.Win32.Tinba.hlpzri
Paloalto generic.ml
Ad-Aware Gen:Variant.Razy.619814
Sophos Mal/Generic-S
Comodo TrojWare.Win32.Tinba.FS@6k0819
F-Secure Trojan.TR/Crypt.ZPACK.Gen4
DrWeb Trojan.PWS.Tinba.661
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R007C0DJN20
McAfee-GW-Edition BehavesLike.Win32.Dropper.qh
Emsisoft Gen:Variant.Razy.619814 (B)
SentinelOne Static AI - Malicious PE
Jiangmin Trojan.Generic.finax
Avira TR/Crypt.ZPACK.Gen4
MAX malware (ai score=89)
Antiy-AVL Trojan[Backdoor]/Win32.Hupigon
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Trojan.Heur!.02016021
Microsoft Trojan:Win32/Tinba.DSK!MTB
AegisLab Trojan.Win32.Generic.4!c
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Gen:Variant.Razy.619814
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.Generic.C752686
Acronis suspicious
ALYac Gen:Variant.Razy.619814
VBA32 BScope.TrojanPSW.Tinba
Malwarebytes Trojan.MalPack
ESET-NOD32 a variant of Win32/Kryptik.CYHB
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2015-02-10 12:34:02

Imports

Library KERNEL32.dll:
0x408000 FreeConsole
0x408004 GetCalendarInfoW
0x408008 CompareStringA
0x40800c CopyFileW
0x408010 GetCalendarInfoW
Library USER32.dll:
0x40803c CheckDlgButton
0x408040 DestroyMenu
0x408044 GetAncestor
0x408048 SetParent
0x40804c GetCursorInfo
0x408050 GetPropA
0x408058 GetDC
0x40805c AppendMenuW
0x408060 SetWindowLongW
0x408064 AppendMenuA
0x40806c UnionRect
0x408070 DrawTextExA
0x408074 GetUpdateRect
0x40807c GetWindowLongW
0x408080 ExcludeUpdateRgn
0x408084 CallMsgFilterA
0x408088 GetDlgItem
0x40808c CascadeWindows
0x408090 GetSubMenu
0x408094 GetClassWord
0x40809c GetParent
0x4080a0 DlgDirListW
0x4080a4 PeekMessageA
0x4080a8 CreateMDIWindowA
0x4080ac RemoveMenu
0x4080b0 LoadKeyboardLayoutW
0x4080b4 AttachThreadInput
0x4080b8 SetWindowTextW
0x4080bc LoadKeyboardLayoutA
0x4080c0 CharLowerBuffA
0x4080c4 GetLastActivePopup
Library WS2_32.dll:
0x4080cc accept
0x4080d4 inet_ntoa
0x4080d8 WSASetServiceW
0x4080e0 setsockopt
0x4080e4 WSAEnumProtocolsW
0x4080e8 WSAHtons
0x4080ec WSASendTo
0x4080f0 WSAEnumProtocolsA
0x4080fc WSARecvDisconnect
0x408100 getprotobyname
0x408104 getprotobynumber
0x408108 getservbyname
0x408110 gethostbyaddr
0x408114 gethostbyname
0x408118 WSAGetQOSByName
0x40811c gethostname
0x408124 WSASocketW
0x40812c getpeername
0x408130 WSAHtonl
0x408134 WSAEventSelect
0x408138 WSAGetLastError
Library rtm.dll:
0x40814c RtmCreateDestEnum
0x408150 RtmGetNextHopInfo
0x408154 RtmLockRoute
0x408158 RtmCreateRouteList
0x408160 RtmGetChangedDests
0x408168 RtmReleaseEntities
0x40816c RtmGetEntityInfo
0x408174 RtmReleaseRoutes
0x408178 RtmGetRouteInfo
0x408180 RtmReleaseRouteInfo
0x408184 RtmGetRoutePointer
0x40818c RtmLockDestination
0x408190 RtmGetEnumRoutes
0x408194 RtmGetEntityMethods
0x408198 RtmFindNextHop
0x40819c RtmInvokeMethod
0x4081a0 RtmDeleteEnumHandle
0x4081a4 RtmIsBestRoute
Library Secur32.dll:
0x40802c ApplyControlToken

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 60369 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.