9.2
极危
51 个模型检测该样本为恶意!
重新分析
更多

1002b7508336031b4e5c992ac2ab451c75f2782dd10f831829a9af87d32ed482

d45f542e9ffceb84d31a003362cdffce.exe

分析耗时

130s

最近分析

文件大小

242.5KB
静态报毒 动态报毒 100% AGEN AI SCORE=100 CLOUD CONFIDENCE DESHACOP DOFOIL DRECZT DYNAMER ELDORADO FAAH GENCIRC GENETIC GN@79B15X HIGH CONFIDENCE MALICIOUS PE MIKEY OBFUSCATED PQ0@A8GYZRDO R150542 SCORE SKEEYAH TINBA TROJANBANKER ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Obfuscated-FAAH!D45F542E9FFC 20200604 6.0.6.653
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Tencent Malware.Win32.Gencirc.10b2478e 20200604 1.0.0.1
Kingsoft 20200604 2013.8.14.323
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Resolves a suspicious Top Level Domain (TLD) (1 个事件)
domain brureservtestot.cc description Cocos Islands domain TLD
Allocates read-write-execute memory (usually to unpack itself) (5 个事件)
Time & API Arguments Status Return Repeated
1619910851.744662
NtAllocateVirtualMemory
process_identifier: 2308
region_size: 1712128
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01e10000
success 0 0
1619910851.744662
NtAllocateVirtualMemory
process_identifier: 2308
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01fb0000
success 0 0
1619910851.744662
NtProtectVirtualMemory
process_identifier: 2308
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 262144
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619910851.775662
NtAllocateVirtualMemory
process_identifier: 2308
region_size: 10485760
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02000000
success 0 0
1619933807.398374
NtAllocateVirtualMemory
process_identifier: 2504
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x002b0000
success 0 0
Foreign language identified in PE resource (1 个事件)
name RT_DIALOG language LANG_ORIYA offset 0x0003f1b0 filetype data sublanguage SUBLANG_ARABIC_BAHRAIN size 0x00000174
网络通信
One or more of the buffers contains an embedded PE file (1 个事件)
buffer Buffer with sha1: b31eee8bc16bcf1be6fbe1c97d1dc0717e03bd7e
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Allocates execute permission to another process indicative of possible code injection (40 个事件)
Time & API Arguments Status Return Repeated
1619910852.213662
NtProtectVirtualMemory
process_identifier: 2504
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000bc
base_address: 0x00951000
success 0 0
1619933807.398374
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000088
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x06c30000
success 0 0
1619933808.413374
NtAllocateVirtualMemory
process_identifier: 276
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00210000
success 0 0
1619933808.413374
NtAllocateVirtualMemory
process_identifier: 372
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00c00000
success 0 0
1619933808.413374
NtAllocateVirtualMemory
process_identifier: 424
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x0a210000
success 0 0
1619933808.429374
NtAllocateVirtualMemory
process_identifier: 432
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00110000
success 0 0
1619933808.429374
NtAllocateVirtualMemory
process_identifier: 476
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00110000
success 0 0
1619933808.429374
NtAllocateVirtualMemory
process_identifier: 508
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x001d0000
success 0 0
1619933808.429374
NtAllocateVirtualMemory
process_identifier: 536
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x009e0000
success 0 0
1619933808.429374
NtAllocateVirtualMemory
process_identifier: 544
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00190000
success 0 0
1619933808.429374
NtAllocateVirtualMemory
process_identifier: 656
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
1619933808.429374
NtAllocateVirtualMemory
process_identifier: 720
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000d0000
success 0 0
1619933808.445374
NtAllocateVirtualMemory
process_identifier: 788
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x001c0000
success 0 0
1619933808.445374
NtAllocateVirtualMemory
process_identifier: 868
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00e50000
success 0 0
1619933808.445374
NtAllocateVirtualMemory
process_identifier: 924
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00e50000
success 0 0
1619933808.460374
NtAllocateVirtualMemory
process_identifier: 956
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00f70000
success 0 0
1619933808.460374
NtAllocateVirtualMemory
process_identifier: 540
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00d00000
success 0 0
1619933808.460374
NtAllocateVirtualMemory
process_identifier: 1080
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x014f0000
success 0 0
1619933808.460374
NtAllocateVirtualMemory
process_identifier: 1260
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00190000
success 0 0
1619933808.460374
NtAllocateVirtualMemory
process_identifier: 1288
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00180000
success 0 0
1619933808.460374
NtAllocateVirtualMemory
process_identifier: 1336
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00350000
success 0 0
1619933808.460374
NtAllocateVirtualMemory
process_identifier: 1384
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00130000
success 0 0
1619933808.476374
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x06c40000
success 0 0
1619933808.476374
NtAllocateVirtualMemory
process_identifier: 1592
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004b0000
success 0 0
1619933808.476374
NtAllocateVirtualMemory
process_identifier: 1980
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00190000
success 0 0
1619933808.476374
NtAllocateVirtualMemory
process_identifier: 1240
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00370000
success 0 0
1619933808.476374
NtAllocateVirtualMemory
process_identifier: 2072
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00120000
success 0 0
1619933808.476374
NtAllocateVirtualMemory
process_identifier: 2380
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x04850000
success 0 0
1619933808.476374
NtAllocateVirtualMemory
process_identifier: 2460
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00bb0000
success 0 0
1619933808.491374
NtAllocateVirtualMemory
process_identifier: 2672
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003d0000
success 0 0
1619933808.491374
NtAllocateVirtualMemory
process_identifier: 2744
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00b60000
success 0 0
1619933808.491374
NtAllocateVirtualMemory
process_identifier: 2784
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x007a0000
success 0 0
1619933808.491374
NtAllocateVirtualMemory
process_identifier: 2884
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03f80000
success 0 0
1619933808.491374
NtAllocateVirtualMemory
process_identifier: 2940
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00140000
success 0 0
1619933808.491374
NtAllocateVirtualMemory
process_identifier: 2132
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000f0000
success 0 0
1619933808.507374
NtAllocateVirtualMemory
process_identifier: 1376
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00730000
success 0 0
1619933808.507374
NtAllocateVirtualMemory
process_identifier: 2996
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00e40000
success 0 0
1619933808.507374
NtAllocateVirtualMemory
process_identifier: 3068
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003f0000
success 0 0
1619933808.507374
NtAllocateVirtualMemory
process_identifier: 2308
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00050000
success 0 0
1619933808.523374
NtAllocateVirtualMemory
process_identifier: 2504
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00830000
success 0 0
Creates a thread using CreateRemoteThread in a non-child process indicative of process injection (2 个事件)
Process injection Process 2504 created a remote thread in non-child process 2308
Time & API Arguments Status Return Repeated
1619933808.523374
CreateRemoteThread
thread_identifier: 0
process_identifier: 2308
function_address: 0x0005094c
flags: 0
process_handle: 0x000000ac
parameter: 0x00000000
stack_size: 0
failed 0 0
Manipulates memory of a non-child process indicative of process injection (50 out of 77 个事件)
Process injection Process 2504 manipulating memory of non-child process 1424
Process injection Process 2504 manipulating memory of non-child process 276
Process injection Process 2504 manipulating memory of non-child process 372
Process injection Process 2504 manipulating memory of non-child process 424
Process injection Process 2504 manipulating memory of non-child process 432
Process injection Process 2504 manipulating memory of non-child process 476
Process injection Process 2504 manipulating memory of non-child process 508
Process injection Process 2504 manipulating memory of non-child process 536
Process injection Process 2504 manipulating memory of non-child process 544
Process injection Process 2504 manipulating memory of non-child process 656
Process injection Process 2504 manipulating memory of non-child process 720
Process injection Process 2504 manipulating memory of non-child process 788
Process injection Process 2504 manipulating memory of non-child process 868
Process injection Process 2504 manipulating memory of non-child process 924
Process injection Process 2504 manipulating memory of non-child process 956
Process injection Process 2504 manipulating memory of non-child process 540
Process injection Process 2504 manipulating memory of non-child process 1080
Process injection Process 2504 manipulating memory of non-child process 1260
Process injection Process 2504 manipulating memory of non-child process 1288
Process injection Process 2504 manipulating memory of non-child process 1336
Process injection Process 2504 manipulating memory of non-child process 1384
Process injection Process 2504 manipulating memory of non-child process 1592
Process injection Process 2504 manipulating memory of non-child process 1980
Process injection Process 2504 manipulating memory of non-child process 1240
Process injection Process 2504 manipulating memory of non-child process 2072
Time & API Arguments Status Return Repeated
1619933807.398374
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000088
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x06c30000
success 0 0
1619933808.413374
NtAllocateVirtualMemory
process_identifier: 276
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00210000
success 0 0
1619933808.413374
NtAllocateVirtualMemory
process_identifier: 372
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00c00000
success 0 0
1619933808.413374
NtAllocateVirtualMemory
process_identifier: 424
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x0a210000
success 0 0
1619933808.429374
NtAllocateVirtualMemory
process_identifier: 432
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00110000
success 0 0
1619933808.429374
NtAllocateVirtualMemory
process_identifier: 476
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00110000
success 0 0
1619933808.429374
NtAllocateVirtualMemory
process_identifier: 508
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x001d0000
success 0 0
1619933808.429374
NtAllocateVirtualMemory
process_identifier: 536
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x009e0000
success 0 0
1619933808.429374
NtAllocateVirtualMemory
process_identifier: 544
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00190000
success 0 0
1619933808.429374
NtAllocateVirtualMemory
process_identifier: 656
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
1619933808.429374
NtAllocateVirtualMemory
process_identifier: 720
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000d0000
success 0 0
1619933808.445374
NtAllocateVirtualMemory
process_identifier: 788
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x001c0000
success 0 0
1619933808.445374
NtAllocateVirtualMemory
process_identifier: 868
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00e50000
success 0 0
1619933808.445374
NtAllocateVirtualMemory
process_identifier: 924
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00e50000
success 0 0
1619933808.460374
NtAllocateVirtualMemory
process_identifier: 956
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00f70000
success 0 0
1619933808.460374
NtAllocateVirtualMemory
process_identifier: 540
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00d00000
success 0 0
1619933808.460374
NtAllocateVirtualMemory
process_identifier: 1080
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x014f0000
success 0 0
1619933808.460374
NtAllocateVirtualMemory
process_identifier: 1260
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00190000
success 0 0
1619933808.460374
NtAllocateVirtualMemory
process_identifier: 1288
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00180000
success 0 0
1619933808.460374
NtAllocateVirtualMemory
process_identifier: 1336
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00350000
success 0 0
1619933808.460374
NtAllocateVirtualMemory
process_identifier: 1384
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00130000
success 0 0
1619933808.476374
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x06c40000
success 0 0
1619933808.476374
NtAllocateVirtualMemory
process_identifier: 1592
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004b0000
success 0 0
1619933808.476374
NtAllocateVirtualMemory
process_identifier: 1980
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00190000
success 0 0
1619933808.476374
NtAllocateVirtualMemory
process_identifier: 1240
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00370000
success 0 0
Potential code injection by writing to the memory of another process (1 个事件)
Time & API Arguments Status Return Repeated
1619910852.213662
WriteProcessMemory
process_identifier: 2504
buffer: 艉ÇW蟉ÃèReadProcessMemoryWÿӉÆè VirtualAllocWÿÓè[ë˜@j@h0ÿ³Õ@jÿЅÀt ‰ÇƒÕ@jÿ0WÿpÿpÿօÀtÇ4 WÃî\$d¡0‹@ ‹@‹‹H y 32uò‹@ÃU‰åW‹E‰ÂR<‹Rx‹r Æ1ÉAƒÆ‹>ǁocAduï‰Ær$·4N4°r_ÉÂ
process_handle: 0x000000bc
base_address: 0x009516c1
success 1 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2308 resumed a thread in remote process 2504
Time & API Arguments Status Return Repeated
1619910852.525662
NtResumeThread
thread_handle: 0x00000048
suspend_count: 1
process_identifier: 2504
success 0 0
Generates some ICMP traffic
Executed a process and injected code into it, probably while unpacking (50 out of 82 个事件)
Time & API Arguments Status Return Repeated
1619910852.213662
CreateProcessInternalW
thread_identifier: 192
thread_handle: 0x00000048
process_identifier: 2504
current_directory:
filepath:
track: 1
command_line: winver
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x000000bc
inherit_handles: 0
success 1 0
1619910852.213662
NtGetContextThread
thread_handle: 0x00000048
success 0 0
1619910852.213662
WriteProcessMemory
process_identifier: 2504
buffer: 艉ÇW蟉ÃèReadProcessMemoryWÿӉÆè VirtualAllocWÿÓè[ë˜@j@h0ÿ³Õ@jÿЅÀt ‰ÇƒÕ@jÿ0WÿpÿpÿօÀtÇ4 WÃî\$d¡0‹@ ‹@‹‹H y 32uò‹@ÃU‰åW‹E‰ÂR<‹Rx‹r Æ1ÉAƒÆ‹>ǁocAduï‰Ær$·4N4°r_ÉÂ
process_handle: 0x000000bc
base_address: 0x009516c1
success 1 0
1619910852.525662
NtResumeThread
thread_handle: 0x00000048
suspend_count: 1
process_identifier: 2504
success 0 0
1619933807.398374
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000088
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x06c30000
success 0 0
1619933807.398374
WriteProcessMemory
process_identifier: 1424
buffer:
process_handle: 0x00000088
base_address: 0x06c30000
success 1 0
1619933808.413374
NtAllocateVirtualMemory
process_identifier: 276
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00210000
success 0 0
1619933808.413374
WriteProcessMemory
process_identifier: 276
buffer:
process_handle: 0x000000ac
base_address: 0x00210000
success 1 0
1619933808.413374
NtAllocateVirtualMemory
process_identifier: 372
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00c00000
success 0 0
1619933808.413374
WriteProcessMemory
process_identifier: 372
buffer:
process_handle: 0x000000ac
base_address: 0x00c00000
success 1 0
1619933808.413374
NtAllocateVirtualMemory
process_identifier: 424
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x0a210000
success 0 0
1619933808.413374
WriteProcessMemory
process_identifier: 424
buffer:
process_handle: 0x000000ac
base_address: 0x0a210000
success 1 0
1619933808.429374
NtAllocateVirtualMemory
process_identifier: 432
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00110000
success 0 0
1619933808.429374
WriteProcessMemory
process_identifier: 432
buffer:
process_handle: 0x000000ac
base_address: 0x00110000
success 1 0
1619933808.429374
NtAllocateVirtualMemory
process_identifier: 476
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00110000
success 0 0
1619933808.429374
WriteProcessMemory
process_identifier: 476
buffer:
process_handle: 0x000000ac
base_address: 0x00110000
success 1 0
1619933808.429374
NtAllocateVirtualMemory
process_identifier: 508
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x001d0000
success 0 0
1619933808.429374
WriteProcessMemory
process_identifier: 508
buffer:
process_handle: 0x000000ac
base_address: 0x001d0000
success 1 0
1619933808.429374
NtAllocateVirtualMemory
process_identifier: 536
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x009e0000
success 0 0
1619933808.429374
WriteProcessMemory
process_identifier: 536
buffer:
process_handle: 0x000000ac
base_address: 0x009e0000
success 1 0
1619933808.429374
NtAllocateVirtualMemory
process_identifier: 544
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00190000
success 0 0
1619933808.429374
WriteProcessMemory
process_identifier: 544
buffer:
process_handle: 0x000000ac
base_address: 0x00190000
success 1 0
1619933808.429374
NtAllocateVirtualMemory
process_identifier: 656
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
1619933808.429374
WriteProcessMemory
process_identifier: 656
buffer:
process_handle: 0x000000ac
base_address: 0x00400000
success 1 0
1619933808.429374
NtAllocateVirtualMemory
process_identifier: 720
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000d0000
success 0 0
1619933808.429374
WriteProcessMemory
process_identifier: 720
buffer:
process_handle: 0x000000ac
base_address: 0x000d0000
success 1 0
1619933808.445374
NtAllocateVirtualMemory
process_identifier: 788
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x001c0000
success 0 0
1619933808.445374
WriteProcessMemory
process_identifier: 788
buffer:
process_handle: 0x000000ac
base_address: 0x001c0000
success 1 0
1619933808.445374
NtAllocateVirtualMemory
process_identifier: 868
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00e50000
success 0 0
1619933808.445374
WriteProcessMemory
process_identifier: 868
buffer:
process_handle: 0x000000ac
base_address: 0x00e50000
success 1 0
1619933808.445374
NtAllocateVirtualMemory
process_identifier: 924
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00e50000
success 0 0
1619933808.445374
WriteProcessMemory
process_identifier: 924
buffer:
process_handle: 0x000000ac
base_address: 0x00e50000
success 1 0
1619933808.460374
NtAllocateVirtualMemory
process_identifier: 956
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00f70000
success 0 0
1619933808.460374
WriteProcessMemory
process_identifier: 956
buffer:
process_handle: 0x000000ac
base_address: 0x00f70000
success 1 0
1619933808.460374
NtAllocateVirtualMemory
process_identifier: 540
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00d00000
success 0 0
1619933808.460374
WriteProcessMemory
process_identifier: 540
buffer:
process_handle: 0x000000ac
base_address: 0x00d00000
success 1 0
1619933808.460374
NtAllocateVirtualMemory
process_identifier: 1080
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x014f0000
success 0 0
1619933808.460374
WriteProcessMemory
process_identifier: 1080
buffer:
process_handle: 0x000000ac
base_address: 0x014f0000
success 1 0
1619933808.460374
NtAllocateVirtualMemory
process_identifier: 1260
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00190000
success 0 0
1619933808.460374
WriteProcessMemory
process_identifier: 1260
buffer:
process_handle: 0x000000ac
base_address: 0x00190000
success 1 0
1619933808.460374
NtAllocateVirtualMemory
process_identifier: 1288
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00180000
success 0 0
1619933808.460374
WriteProcessMemory
process_identifier: 1288
buffer:
process_handle: 0x000000ac
base_address: 0x00180000
success 1 0
1619933808.460374
NtAllocateVirtualMemory
process_identifier: 1336
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00350000
success 0 0
1619933808.460374
WriteProcessMemory
process_identifier: 1336
buffer:
process_handle: 0x000000ac
base_address: 0x00350000
success 1 0
1619933808.460374
NtAllocateVirtualMemory
process_identifier: 1384
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00130000
success 0 0
1619933808.460374
WriteProcessMemory
process_identifier: 1384
buffer:
process_handle: 0x000000ac
base_address: 0x00130000
success 1 0
1619933808.476374
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x06c40000
success 0 0
1619933808.476374
WriteProcessMemory
process_identifier: 1424
buffer:
process_handle: 0x000000ac
base_address: 0x06c40000
success 1 0
1619933808.476374
NtAllocateVirtualMemory
process_identifier: 1592
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000000ac
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004b0000
success 0 0
1619933808.476374
WriteProcessMemory
process_identifier: 1592
buffer:
process_handle: 0x000000ac
base_address: 0x004b0000
success 1 0
File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 个事件)
MicroWorld-eScan Gen:Variant.Mikey.87396
FireEye Generic.mg.d45f542e9ffceb84
McAfee Obfuscated-FAAH!D45F542E9FFC
Zillya Trojan.Tinba.Win32.1635
Sangfor Malware
K7AntiVirus Trojan ( 004bdf531 )
K7GW Trojan ( 004bdf531 )
Cybereason malicious.e9ffce
Arcabit Trojan.Mikey.D15564
Invincea heuristic
Cyren W32/S-104687bc!Eldorado
Symantec Trojan.Tinba!gm
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Gen:Variant.Mikey.87396
NANO-Antivirus Trojan.Win32.Tinba.dreczt
Tencent Malware.Win32.Gencirc.10b2478e
Ad-Aware Gen:Variant.Mikey.87396
Emsisoft Gen:Variant.Mikey.87396 (B)
Comodo TrojWare.Win32.Tinba.GN@79b15x
F-Secure Heuristic.HEUR/AGEN.1118863
DrWeb Trojan.PWS.Tinba.153
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win32.Generic.dh
Trapmine suspicious.low.ml.score
Sophos Mal/Tinba-I
SentinelOne DFI - Malicious PE
F-Prot W32/S-104687bc!Eldorado
Jiangmin Trojan/Banker.Tinba.ank
Avira HEUR/AGEN.1118863
MAX malware (ai score=100)
Antiy-AVL Trojan[Banker]/Win32.Tinba
Microsoft Trojan:Win32/Skeeyah.A!rfn
Endgame malicious (high confidence)
AegisLab Trojan.Win32.Generic.4!c
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Gen:Variant.Mikey.87396
AhnLab-V3 Trojan/Win32.Dynamer.R150542
BitDefenderTheta Gen:NN.ZexaF.34126.pq0@a8gYzrdO
ALYac Gen:Variant.Mikey.87396
VBA32 TrojanBanker.Tinba
ESET-NOD32 Win32/Tinba.BK
Rising Downloader.Dofoil!8.322 (CLOUD)
Yandex Trojan.PWS.Tinba!
Ikarus Trojan.Win32.Tinba
Fortinet W32/Deshacop.XO!tr
AVG Win32:GenMalicious-KOE [Trj]
Panda Trj/Genetic.gen
CrowdStrike win/malicious_confidence_100% (D)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2005-01-24 11:35:21

Imports

Library SHLWAPI.dll:
0x427168 StrFormatByteSizeA
0x42716c StrToIntExA
0x427170 PathRemoveArgsW
0x427174 PathAddExtensionW
0x427178 PathCombineW
0x42717c PathIsURLW
0x427180 SHRegEnumUSKeyW
0x427184 PathIsRelativeW
0x427188 PathQuoteSpacesA
0x427190 PathFindFileNameA
0x427198 SHSetValueA
0x42719c PathCompactPathW
0x4271a0 PathRemoveArgsA
0x4271a4 PathStripPathW
0x4271a8 SHRegEnumUSKeyA
0x4271b0 PathCanonicalizeA
0x4271b8 PathCombineA
0x4271bc PathFindOnPathW
0x4271c0 StrSpnW
0x4271c4 PathAppendW
0x4271c8 SHGetValueW
0x4271cc ChrCmpIW
0x4271d8 StrCmpIW
0x4271e0 SHRegOpenUSKeyA
0x4271e4 PathStripToRootW
0x4271e8 PathCanonicalizeW
0x4271ec ChrCmpIA
0x4271f0 PathMatchSpecW
0x4271f4 PathIsUNCServerW
0x4271fc SHDeleteValueW
0x427200 StrIsIntlEqualW
0x427204 PathIsSameRootW
0x427208 PathRelativePathToA
0x42720c SHDeleteEmptyKeyW
0x427210 StrNCatW
0x427214 StrToIntA
0x427218 SHRegDeleteUSValueA
0x427220 PathIsUNCW
0x427228 StrCpyW
0x42722c PathFindExtensionW
0x427238 PathGetArgsW
0x42723c PathStripToRootA
0x427240 PathIsUNCServerA
0x427244 PathRemoveFileSpecW
0x427248 PathFindFileNameW
0x42724c StrCmpW
0x427250 StrTrimW
0x427254 PathRelativePathToW
0x427258 PathSkipRootW
0x427260 SHRegCreateUSKeyW
0x427264 StrTrimA
0x427270 SHEnumValueA
0x427274 PathCompactPathA
0x427278 SHDeleteEmptyKeyA
0x42727c StrCSpnIA
0x427280 SHQueryValueExA
0x427284 StrFormatByteSizeW
0x427288 PathRemoveFileSpecA
0x42728c PathSetDlgItemPathA
0x427294 StrPBrkW
0x427298 StrCSpnW
0x42729c PathIsPrefixW
0x4272a0 SHRegWriteUSValueW
0x4272a4 PathMakePrettyW
0x4272ac PathIsFileSpecA
0x4272b0 PathIsDirectoryW
0x4272b4 PathSkipRootA
0x4272b8 PathFindOnPathA
0x4272bc PathGetArgsA
0x4272c0 PathIsSystemFolderW
0x4272c4 PathBuildRootA
0x4272c8 SHDeleteValueA
0x4272cc SHRegWriteUSValueA
0x4272d4 PathIsDirectoryA
0x4272d8 PathUnquoteSpacesA
0x4272dc PathIsFileSpecW
0x4272e0 PathCompactPathExA
0x4272e4 PathMakePrettyA
0x4272e8 PathCommonPrefixW
0x4272ec StrDupW
0x4272f0 StrNCatA
0x4272f4 PathFindExtensionA
0x4272f8 PathCompactPathExW
0x4272fc SHDeleteKeyA
0x427300 SHRegQueryUSValueA
0x427304 SHEnumValueW
0x427308 PathQuoteSpacesW
0x42730c StrCatW
0x427310 SHOpenRegStreamA
0x427314 SHRegSetUSValueW
0x427318 StrIsIntlEqualA
0x42731c SHRegGetUSValueW
0x427324 SHRegEnumUSValueW
0x427328 StrToIntW
0x42732c PathGetDriveNumberA
0x427330 PathIsURLA
0x427334 SHEnumKeyExA
0x427338 SHDeleteKeyW
0x427340 PathAddExtensionA
Library MSVCRT.dll:
0x427048 _adjust_fdiv
0x42704c __setusermatherr
0x427050 _initterm
0x427054 __getmainargs
0x427058 _acmdln
0x42705c exit
0x427060 _XcptFilter
0x427064 _exit
0x427068 __p__commode
0x42706c __p__fmode
0x427070 __set_app_type
0x427074 _controlfp
0x427078 _except_handler3
Library OLEAUT32.dll:
0x427080 VarBstrFromCy
0x427088 VarDecCmp
0x42708c VarUI2FromR8
0x427090 VarBoolFromCy
0x427094 VarDateFromUdate
0x42709c VarBoolFromR8
0x4270a0 VarDecMul
0x4270a4 RegisterTypeLib
0x4270a8 VarBstrCat
0x4270ac UnRegisterTypeLib
0x4270b0 VarI2FromI1
0x4270b4 VarR8Pow
0x4270b8 OleSavePictureFile
0x4270bc VarCyFromDisp
0x4270c0 VarEqv
0x4270c8 VarR8FromDate
0x4270cc SysReAllocString
0x4270d0 VarR4CmpR8
0x4270d4 SafeArrayGetIID
0x4270d8 VarBoolFromI2
0x4270dc VARIANT_UserMarshal
0x4270e0 VarCyFromDec
0x4270e4 LoadTypeLib
0x4270e8 SysStringLen
0x4270ec BSTR_UserUnmarshal
0x4270f4 VarI2FromR4
0x4270f8 GetErrorInfo
0x4270fc VarUI4FromStr
0x427100 VarCat
0x427104 VarBoolFromStr
0x427108 VarUI1FromBool
0x42710c VarUI1FromUI2
0x427110 OleLoadPictureEx
0x427114 SafeArrayAccessData
0x42711c VarXor
0x427120 VarBoolFromUI4
0x427128 VarUI2FromBool
0x42712c VarDecFromUI4
0x427130 VarDecFromR8
0x427134 VarDecFromI4
0x427138 LoadTypeLibEx
0x42713c VarCyFromI1
Library COMCTL32.dll:
0x427004 UninitializeFlatSB
0x427010
0x427014 CreateStatusWindowW
0x42701c ImageList_DragLeave
0x427030
0x427034 PropertySheetA
Library ole32.dll:
0x427398 CoRegisterSurrogate
0x42739c CoTaskMemRealloc
0x4273a0 CreateItemMoniker
0x4273a4 CoGetMalloc
0x4273a8 CoInitialize
0x4273b8 CoGetPSClsid
0x4273bc CoCreateGuid
Library comdlg32.dll:
0x42738c GetOpenFileNameA
0x427390 FindTextA
Library KERNEL32.dll:
0x42703c GetStartupInfoA
0x427040 GetModuleHandleA
Library WINSPOOL.DRV:
0x427348 SetJobA
0x42734c AddPrinterW
0x427350 SetPrinterDataExA
0x427354 DeletePrinterKeyW
0x427358 DeletePrinter
0x42735c GetPrinterDriverW
0x427360 AddMonitorW
0x427364 PrinterProperties
0x42736c StartDocPrinterA
0x427370 GetJobA
0x42737c DeletePortW
0x427380 EnumPortsA
Library SHELL32.dll:
0x42714c SHGetFileInfoA
0x427158 Shell_NotifyIconA
0x42715c SHFileOperationW
0x427160 ShellExecuteA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 52387 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 59249 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62028 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 59250 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.