SmartHawk

3.4

中危

61 个模型检测该样本为恶意！

重新分析

下载样本

d59ee0bd69d267e8d9aadf5a275ea1ab05ea0e0426712aee56de4bb9c05b8c86

d3f041b05168ec7698ae405ac94e6dd3.exe

分析耗时

77s

最近分析

文件大小

1.9MB

静态报毒动态报毒 3Z1@AITLHTDI AGARD AI SCORE=84 AIDETECTVM ATTRIBUTE BANKI BSCOPE CLASSIC CONFIDENCE DANGEROUSSIG EHLS ENCPK F2ZI7DFJ1IO FAKESIG FALSESIGN GENETIC GRAYWARE HACKTOOL HFVB HIGH CONFIDENCE HIGHCONFIDENCE HSYZFB INJECT3 KRAP KRYPT KRYPTIK LKMC MALICIOUS PE MALWARE1 MALWARE@#35HDHXJYZPRXX PHZJH PINKSBOT QAKBOT QBOT QVM19 R + MAL R349085 RAZY S15694197 SCORE SMF1 THIBBBO UNSAFE UNYY WTDG ZENPAK ZENPAKPMF ZEXAF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	W32/PinkSbot-HA!D3F041B05168	20201012	6.0.6.653
Alibaba	Trojan:Win32/Qakbot.6bcdc945	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Tencent	Win32.Trojan.Falsesign.Wtdg	20201016	1.0.0.1
Kingsoft		20201016	2013.8.14.323
CrowdStrike	win/malicious_confidence_90% (W)	20190702	1.0

This executable is signed

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)

section	.ra2
section	.ra5
section	.ra4

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619910852.795531 NtAllocateVirtualMemory	process_identifier: 2620 region_size: 212992 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x005e0000	success	0	0

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Generates some ICMP traffic

File has been identified by 61 AntiVirus engines on VirusTotal as malicious (50 out of 61 个事件)

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Razy.743295
FireEye	Generic.mg.d3f041b05168ec76
CAT-QuickHeal	Trojan.ZenpakPMF.S15694197
McAfee	W32/PinkSbot-HA!D3F041B05168
Cylance	Unsafe
Zillya	Trojan.Zenpak.Win32.2853
Sangfor	Malware
K7AntiVirus	Trojan ( 0056d3901 )
Alibaba	Trojan:Win32/Qakbot.6bcdc945
K7GW	Trojan ( 0056d5111 )
Cybereason	malicious.37f28a
Arcabit	Trojan.Razy.DB577F
Invincea	Mal/Generic-R + Mal/EncPk-APV
Cyren	W32/Trojan.UNYY-7169
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Packed.Razy-9635986-0
Kaspersky	HEUR:Trojan.Win32.Agard.pef
BitDefender	Gen:Variant.Razy.743295
NANO-Antivirus	Trojan.Win32.Inject3.hsyzfb
Tencent	Win32.Trojan.Falsesign.Wtdg
Ad-Aware	Gen:Variant.Razy.743295
Emsisoft	Trojan.Crypt (A)
Comodo	Malware@#35hdhxjyzprxx
F-Secure	Trojan.TR/AD.Qbot.phzjh
DrWeb	Trojan.Inject3.53132
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Backdoor.Win32.QAKBOT.THIBBBO
McAfee-GW-Edition	W32/PinkSbot-HA!D3F041B05168
Sophos	Mal/EncPk-APV
Ikarus	Trojan.Win32.Krypt
Jiangmin	Trojan.Zenpak.cwe
Webroot	W32.Trojan.Gen
Avira	TR/AD.Qbot.phzjh
Antiy-AVL	GrayWare/Win32.Kryptik.ehls
Microsoft	Trojan:Win32/Qakbot.SD!MTB
AegisLab	Hacktool.Win32.Krap.lKMc
ZoneAlarm	HEUR:Trojan.Win32.Agard.pef
GData	Gen:Variant.Razy.743295
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Banki.R349085
Acronis	suspicious
ALYac	Gen:Variant.Razy.743295
MAX	malware (ai score=84)
VBA32	BScope.Malware-Cryptor.SB.01798
Malwarebytes	Trojan.FakeSig
ESET-NOD32	a variant of Win32/Kryptik.HFVB

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2097-10-18 04:01:18

Imports

Library KERNEL32.dll:

• 0x5da208 GetModuleHandleW

• 0x5da20c MulDiv

• 0x5da210 LeaveCriticalSection

• 0x5da214 InitializeCriticalSection

• 0x5da218 GetCurrentThreadId

• 0x5da21c InterlockedIncrement

• 0x5da220 InterlockedExchangeAdd

• 0x5da224 InterlockedExchange

• 0x5da228 InterlockedDecrement

• 0x5da22c InterlockedCompareExchange

• 0x5da230 FreeLibrary

• 0x5da234 EnterCriticalSection

• 0x5da238 DeleteCriticalSection

• 0x5da23c Sleep

• 0x5da240 Beep

• 0x5da244 CreateToolhelp32Snapshot

• 0x5da248 SetVolumeMountPointW

• 0x5da24c FreeEnvironmentStringsA

• 0x5da250 GetCommTimeouts

• 0x5da254 OpenEventW

• 0x5da258 GetCommMask

• 0x5da25c FindNextFileW

• 0x5da260 GetFileAttributesW

• 0x5da264 GetConsoleAliasExesW

• 0x5da268 ClearCommBreak

• 0x5da26c SetHandleInformation

• 0x5da270 CreateFiber

• 0x5da274 GetPrivateProfileStringW

• 0x5da278 WriteConsoleW

• 0x5da27c GetConsoleAliasA

• 0x5da280 BuildCommDCBW

• 0x5da284 GetCalendarInfoW

• 0x5da288 GetEnvironmentStrings

• 0x5da28c ReadConsoleOutputAttribute

• 0x5da290 GetProcessIoCounters

• 0x5da294 GetVolumePathNameW

• 0x5da298 UnlockFile

• 0x5da29c CreateRemoteThread

• 0x5da2a0 FindNextVolumeW

• 0x5da2a4 SetFileApisToOEM

• 0x5da2a8 ConvertThreadToFiber

• 0x5da2ac GetCPInfoExW

• 0x5da2b0 GetVolumePathNameA

• 0x5da2b4 EnumSystemLanguageGroupsW

• 0x5da2b8 GetOverlappedResult

• 0x5da2bc GetTapeParameters

• 0x5da2c0 ExpandEnvironmentStringsW

• 0x5da2c4 CreateDirectoryA

• 0x5da2c8 LocalShrink

• 0x5da2cc EraseTape

• 0x5da2d0 SetThreadPriorityBoost

• 0x5da2d4 ExitProcess

• 0x5da2d8 MapViewOfFileEx

• 0x5da2dc _lwrite

• 0x5da2e0 CreateHardLinkW

• 0x5da2e4 FindFirstChangeNotificationW

• 0x5da2e8 LocalFree

• 0x5da2ec FindVolumeMountPointClose

• 0x5da2f0 GlobalAlloc

• 0x5da2f4 TerminateProcess

• 0x5da2f8 SetEvent

• 0x5da2fc ReleaseMutex

• 0x5da300 SystemTimeToTzSpecificLocalTime

• 0x5da304 DeleteFileW

• 0x5da308 SetFilePointer

• 0x5da30c GetFileSize

• 0x5da310 SetPriorityClass

• 0x5da314 WriteFile

• 0x5da318 DeviceIoControl

• 0x5da31c SetCurrentDirectoryW

• 0x5da320 GetUserDefaultUILanguage

• 0x5da324 GetFileType

• 0x5da328 GetTimeZoneInformation

• 0x5da32c CreateProcessW

• 0x5da330 GlobalLock

• 0x5da334 GlobalUnlock

• 0x5da338 GlobalFree

• 0x5da33c CreateMutexW

• 0x5da340 WaitForSingleObject

• 0x5da344 GetVersion

• 0x5da348 GetTempPathW

• 0x5da34c GetModuleFileNameW

• 0x5da350 GetSystemInfo

• 0x5da354 GetLongPathNameW

• 0x5da358 DeleteAtom

• 0x5da35c FindAtomW

• 0x5da360 AddAtomW

• 0x5da364 OpenThread

• 0x5da368 GetAtomNameW

• 0x5da36c GetFileSizeEx

• 0x5da370 SetFilePointerEx

• 0x5da374 LocalFileTimeToFileTime

• 0x5da378 SystemTimeToFileTime

• 0x5da37c GetSystemTime

• 0x5da380 FormatMessageW

• 0x5da384 OutputDebugStringW

• 0x5da388 lstrcmpiA

• 0x5da38c lstrcmpA

• 0x5da390 SetEnvironmentVariableA

• 0x5da394 GetVersionExW

• 0x5da398 CompareStringA

• 0x5da39c CreateFileA

• 0x5da3a0 SetStdHandle

• 0x5da3a4 GetConsoleOutputCP

• 0x5da3a8 WriteConsoleA

• 0x5da3ac CreateEventW

• 0x5da3b0 InitializeCriticalSectionAndSpinCount

• 0x5da3b4 GetStringTypeA

• 0x5da3b8 GetLocaleInfoA

• 0x5da3bc FlushFileBuffers

• 0x5da3c0 GetConsoleMode

• 0x5da3c4 GetConsoleCP

• 0x5da3c8 QueryPerformanceCounter

• 0x5da3cc GetStartupInfoA

• 0x5da3d0 SetHandleCount

• 0x5da3d4 GetCommandLineW

• 0x5da3d8 GetEnvironmentStringsW

• 0x5da3dc FreeEnvironmentStringsW

• 0x5da3e0 GetDateFormatA

• 0x5da3e4 GetTimeFormatA

• 0x5da3e8 HeapCreate

• 0x5da3ec GetModuleFileNameA

• 0x5da3f0 GetStdHandle

• 0x5da3f4 TlsFree

• 0x5da3f8 TlsSetValue

• 0x5da3fc TlsAlloc

• 0x5da400 TlsGetValue

• 0x5da404 IsValidCodePage

• 0x5da408 GetOEMCP

• 0x5da40c GetACP

• 0x5da410 LCMapStringW

• 0x5da414 LCMapStringA

• 0x5da418 GetCPInfo

• 0x5da41c GetStringTypeW

• 0x5da420 RtlUnwind

• 0x5da424 GetStartupInfoW

• 0x5da428 VirtualQuery

• 0x5da42c GetSystemTimeAsFileTime

• 0x5da430 IsDebuggerPresent

• 0x5da434 UnhandledExceptionFilter

• 0x5da438 ExitThread

• 0x5da43c lstrlenA

• 0x5da440 VirtualAlloc

• 0x5da444 VirtualFree

• 0x5da448 IsProcessorFeaturePresent

• 0x5da44c GetProcessHeap

• 0x5da450 HeapSize

• 0x5da454 HeapReAlloc

• 0x5da458 HeapFree

• 0x5da45c HeapAlloc

• 0x5da460 HeapDestroy

• 0x5da464 LoadLibraryA

• 0x5da468 LoadLibraryExW

• 0x5da46c lstrcmpiW

• 0x5da470 VirtualAllocEx

• 0x5da474 GetLastError

Library USER32.dll:

• 0x5da47c UnregisterClassA

• 0x5da480 InvertRect

• 0x5da484 TileChildWindows

• 0x5da488 UnhookWindowsHookEx

• 0x5da48c CharUpperW

• 0x5da490 GetUserObjectInformationA

• 0x5da494 SetWindowWord

• 0x5da498 PostQuitMessage

• 0x5da49c PostThreadMessageA

• 0x5da4a0 GetDCEx

• 0x5da4a4 GetClassNameW

• 0x5da4a8 EnumDesktopsW

• 0x5da4ac FindWindowExA

• 0x5da4b0 CharNextW

• 0x5da4b4 TranslateAcceleratorW

• 0x5da4b8 SetCursor

• 0x5da4bc SetWindowTextA

• 0x5da4c0 GetClipboardData

• 0x5da4c4 SwitchToThisWindow

• 0x5da4c8 GetTitleBarInfo

• 0x5da4cc wvsprintfW

• 0x5da4d0 GetCursorPos

• 0x5da4d4 CreateWindowExA

• 0x5da4d8 ShowOwnedPopups

• 0x5da4dc DeleteMenu

• 0x5da4e0 DlgDirSelectExW

• 0x5da4e4 GetMonitorInfoW

• 0x5da4e8 SetCursorPos

• 0x5da4ec DlgDirListComboBoxA

• 0x5da4f0 LoadIconA

• 0x5da4f4 LoadCursorW

Library GDI32.dll:

• 0x5da4fc PtInRegion

• 0x5da500 SetMetaFileBitsEx

• 0x5da504 EngStrokeAndFillPath

• 0x5da508 DeviceCapabilitiesExA

• 0x5da50c EngStrokePath

• 0x5da510 Chord

• 0x5da514 GdiAddGlsBounds

• 0x5da518 EqualRgn

• 0x5da51c XFORMOBJ_bApplyXform

• 0x5da520 SetBitmapDimensionEx

• 0x5da524 SetPaletteEntries

• 0x5da528 GdiArtificialDecrementDriver

• 0x5da52c StartDocA

• 0x5da530 AddFontResourceW

• 0x5da534 SetDeviceGammaRamp

• 0x5da538 GdiConvertFont

• 0x5da53c GdiEndPageEMF

• 0x5da540 GdiFixUpHandle

• 0x5da544 EnumEnhMetaFile

• 0x5da548 GetTextCharacterExtra

• 0x5da54c GetPolyFillMode

• 0x5da550 EngFindResource

• 0x5da554 EndDoc

• 0x5da558 GetClipBox

• 0x5da55c GetSystemPaletteUse

• 0x5da560 GetObjectA

• 0x5da564 CreateFontW

• 0x5da568 SetTextColor

• 0x5da56c SetBkColor

• 0x5da570 SetViewportOrgEx

• 0x5da574 GetTextMetricsW

• 0x5da578 CreateSolidBrush

• 0x5da57c CreateCompatibleDC

• 0x5da580 CreateCompatibleBitmap

• 0x5da584 DeleteObject

• 0x5da588 BitBlt

• 0x5da58c DeleteDC

• 0x5da590 GetStockObject

• 0x5da594 GetObjectW

• 0x5da598 GetDeviceCaps

• 0x5da59c GetTextExtentPoint32W

• 0x5da5a0 SelectObject

• 0x5da5a4 GetEnhMetaFileBits

Library ADVAPI32.dll:

• 0x5da5ac RegOpenKeyW

• 0x5da5b0 RegQueryValueExA

• 0x5da5b4 GetUserNameA

Library SHELL32.dll:

• 0x5da5bc ShellExecuteW

• 0x5da5c0 SHPathPrepareForWriteA

• 0x5da5c4 SHBindToParent

• 0x5da5c8 SHGetFolderLocation

• 0x5da5cc DragQueryFileAorW

• 0x5da5d0 SHCreateDirectoryExA

• 0x5da5d4 SHBrowseForFolder

• 0x5da5d8 ExtractIconExW

• 0x5da5dc SHGetDesktopFolder

• 0x5da5e0 SHIsFileAvailableOffline

• 0x5da5e4 SHFileOperationW

• 0x5da5e8 DragFinish

• 0x5da5ec DragQueryFile

Library SHLWAPI.dll:

• 0x5da5f4 StrRChrIW

• 0x5da5f8 StrCmpNIW

Library COMCTL32.dll:

• 0x5da600 InitCommonControlsEx

• 0x5da604 _TrackMouseEvent

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	50537	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702
192.168.56.101	59704	239.255.255.250	1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.