2.8
中危
56 个模型检测该样本为恶意!
重新分析
更多

8f74fa342c03d7c65f83e2a3b6938e88d1ebde47f121e6c1997e0384a9269c7c

d46ca48c40fd70bf9fa8362543e9354a.exe

分析耗时

84s

最近分析

文件大小

1.8MB
静态报毒 动态报毒 0N0@A88XWQII ABAN AI SCORE=86 BANKERX BSCOPE CLOUD CONFIDENCE DRIDEX GENCIRC GENERICKDZ GENETIC HDFF HIGH CONFIDENCE HKCVQY INJECT3 KRYPTIK KZIP MALICIOUS PE MALWARE@#1YZYEIEW93GUF MVR0X1LY2Z0 PINKSBOT QAKBOT QBOT QBOTPMF QVM20 S13277806 SCORE SUSGEN UNSAFE WACATAC ZENPAK ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
CrowdStrike win/malicious_confidence_70% (W) 20190702 1.0
Alibaba Backdoor:Win32/KZip.64753a7f 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:BankerX-gen [Trj] 20200605 18.4.3895.0
Tencent Malware.Win32.Gencirc.10ba42ed 20200606 1.0.0.1
Kingsoft 20200606 2013.8.14.323
McAfee W32/PinkSbot-GN!D46CA48C40FD 20200605 6.0.6.653
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619910896.6193
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (4 个事件)
Time & API Arguments Status Return Repeated
1619910853.1503
NtAllocateVirtualMemory
process_identifier: 360
region_size: 225280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x005e0000
success 0 0
1619910896.4943
NtAllocateVirtualMemory
process_identifier: 360
region_size: 221184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00620000
success 0 0
1619910896.4943
NtProtectVirtualMemory
process_identifier: 360
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 237568
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619934461.460625
NtAllocateVirtualMemory
process_identifier: 2144
region_size: 225280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x005e0000
success 0 0
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619910897.2753
CreateProcessInternalW
thread_identifier: 420
thread_handle: 0x0000013c
process_identifier: 2144
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d46ca48c40fd70bf9fa8362543e9354a.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000140
inherit_handles: 0
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)
MicroWorld-eScan Trojan.GenericKDZ.67035
CAT-QuickHeal Trojan.QbotPMF.S13277806
ALYac Trojan.Agent.Wacatac
Cylance Unsafe
Zillya Trojan.Kryptik.Win32.2018806
Sangfor Malware
CrowdStrike win/malicious_confidence_70% (W)
Alibaba Backdoor:Win32/KZip.64753a7f
K7GW Trojan ( 0056649a1 )
K7AntiVirus Trojan ( 0056649a1 )
Arcabit Trojan.Generic.D105DB
Invincea heuristic
Symantec Packed.Generic.459
APEX Malicious
Avast Win32:BankerX-gen [Trj]
Kaspersky Trojan.Win32.Zenpak.aban
BitDefender Trojan.GenericKDZ.67035
NANO-Antivirus Trojan.Win32.Inject3.hkcvqy
Paloalto generic.ml
Tencent Malware.Win32.Gencirc.10ba42ed
Ad-Aware Trojan.GenericKDZ.67035
Emsisoft Trojan.GenericKDZ.67035 (B)
Comodo Malware@#1yzyeiew93guf
DrWeb Trojan.Inject3.39688
VIPRE Trojan.Win32.Generic!BT
TrendMicro Backdoor.Win32.QAKBOT.SMP
McAfee-GW-Edition W32/PinkSbot-GN!D46CA48C40FD
Trapmine suspicious.low.ml.score
FireEye Generic.mg.d46ca48c40fd70bf
Sophos Troj/Qbot-FS
SentinelOne DFI - Malicious PE
Jiangmin Trojan.Banker.Qbot.oo
MAX malware (ai score=86)
Antiy-AVL Trojan/Win32.Wacatac
Microsoft Trojan:Win32/Dridex.RAC!MTB
Endgame malicious (high confidence)
AegisLab Trojan.Win32.Generic.4!c
ZoneAlarm Trojan.Win32.Zenpak.aban
GData Trojan.GenericKDZ.67035
AhnLab-V3 Malware/Win32.Backdoor.C4090435
Acronis suspicious
McAfee W32/PinkSbot-GN!D46CA48C40FD
VBA32 BScope.Trojan.Inject
Malwarebytes Backdoor.Qbot
ESET-NOD32 a variant of Win32/Kryptik.HDFF
TrendMicro-HouseCall Backdoor.Win32.QAKBOT.SMP
Rising Trojan.Kryptik!1.C427 (CLOUD)
Yandex Trojan.Kryptik!mvR0X1Ly2z0
Ikarus Backdoor.QBot
MaxSecure Trojan.Malware.74807846.susgen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-05-08 06:16:42

Imports

Library KERNEL32.dll:
0x5cefc8 TlsSetValue
0x5cefcc TlsGetValue
0x5cefd0 LocalAlloc
0x5cefd4 GetModuleHandleW
0x5cefd8 lstrlenW
0x5cefdc lstrcmpA
0x5cefe0 WriteProcessMemory
0x5cefe4 WriteFile
0x5cefe8 WideCharToMultiByte
0x5cefec WaitForSingleObject
0x5ceff4 VirtualQueryEx
0x5ceff8 VirtualQuery
0x5ceffc VirtualProtectEx
0x5cf000 VirtualProtect
0x5cf004 VirtualFree
0x5cf008 VirtualAlloc
0x5cf00c UnmapViewOfFile
0x5cf010 TerminateThread
0x5cf014 TerminateProcess
0x5cf01c SuspendThread
0x5cf020 Sleep
0x5cf024 SizeofResource
0x5cf028 SetVolumeLabelW
0x5cf02c SetThreadPriority
0x5cf030 SetThreadContext
0x5cf038 SetPriorityClass
0x5cf03c SetLastError
0x5cf040 SetFilePointer
0x5cf044 SetEvent
0x5cf048 SetErrorMode
0x5cf04c SetEndOfFile
0x5cf050 ResumeThread
0x5cf054 ResetEvent
0x5cf058 ReleaseSemaphore
0x5cf05c ReleaseMutex
0x5cf060 ReadProcessMemory
0x5cf064 ReadFile
0x5cf070 PulseEvent
0x5cf074 OutputDebugStringW
0x5cf078 OpenProcess
0x5cf07c OpenMutexW
0x5cf080 OpenFileMappingA
0x5cf084 OpenEventA
0x5cf088 MultiByteToWideChar
0x5cf08c MulDiv
0x5cf090 MapViewOfFile
0x5cf094 LockResource
0x5cf098 LocalFree
0x5cf0a0 LoadResource
0x5cf0a4 LoadLibraryExA
0x5cf0a8 LoadLibraryExW
0x5cf0ac LoadLibraryA
0x5cf0b0 LoadLibraryW
0x5cf0c0 GetLastError
Library USER32.dll:
0x5cf0c8 GetDoubleClickTime
0x5cf0cc LoadIconA
Library GDI32.dll:
0x5cf0d8 StretchDIBits
0x5cf0dc StretchBlt
0x5cf0e0 SetStretchBltMode
0x5cf0e4 SetBkMode
0x5cf0e8 SetBkColor
0x5cf0ec SelectObject
0x5cf0f0 SelectClipRgn
0x5cf0f4 GetTextExtentPointW
0x5cf0fc GetPaletteEntries
0x5cf100 GetObjectW
0x5cf108 GetDeviceCaps
0x5cf10c GetDIBits
0x5cf110 DeleteObject
0x5cf114 DeleteDC
0x5cf118 CreateRoundRectRgn
0x5cf11c CreateRectRgn
0x5cf120 CreatePalette
0x5cf124 CreateFontIndirectW
0x5cf128 CreateDIBitmap
0x5cf12c CreateDIBSection
0x5cf130 CreateCompatibleDC
0x5cf138 CreateBitmap
0x5cf13c BitBlt
0x5cf140 SetPixel
0x5cf144 SelectPalette
0x5cf148 CreateSolidBrush
0x5cf14c ExtEscape
0x5cf150 CreateDCA
0x5cf154 TextOutA
0x5cf15c ExtTextOutA
0x5cf160 GetObjectA
0x5cf164 SetTextColor
0x5cf168 CreateFontIndirectA
0x5cf16c GetPixel
0x5cf170 RealizePalette
0x5cf174 GetStockObject
0x5cf178 GetEnhMetaFileW
Library ADVAPI32.dll:
0x5cf180 RegOpenKeyA
0x5cf184 RegQueryValueExA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.