3.0
中危
56 个模型检测该样本为恶意!
重新分析
更多

841b9682f1bcb94cc4c510c2564791004f3d1c26ae764c42c145fe16ab093901

d48dfaadabf9b1c77ea8dbd2ac760902.exe

分析耗时

29s

最近分析

文件大小

768.0KB
静态报毒 动态报毒 AGENERIC AI SCORE=100 AIDETECTVM ARTEMIS ATTRIBUTE BARYS CLASSIC CONFIDENCE CROWTI CWO@7K0RZK ELDORADO EQTML FARFLI FORMBOOK HCGI HIGH CONFIDENCE HIGHCONFIDENCE HIQYAI IAIYT KRYPTIK MALWARE1 R06EC0DI220 SCORE SIGGEN9 SUSGEN UNSAFE WACATAC WUW@AQBGXOB ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Formbook.9318b713 20190527 0.3.0.5
Avast Win32:Trojan-gen 20201229 21.1.5827.0
Baidu 20190318 1.0.0.2
Kingsoft 20201229 2017.9.26.565
McAfee Artemis!D48DFAADABF9 20201229 6.0.6.653
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1619910849.565915
NtProtectVirtualMemory
process_identifier: 364
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0045a000
success 0 0
1619915238.68375
NtAllocateVirtualMemory
process_identifier: 2504
region_size: 3158016
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00840000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (3 个事件)
entropy 7.577686606249031 section {'size_of_data': '0x00012000', 'virtual_address': '0x0005a000', 'entropy': 7.577686606249031, 'name': '.data', 'virtual_size': '0x00015b48'} description A section with a high entropy has been found
entropy 7.942420315976362 section {'size_of_data': '0x0002b000', 'virtual_address': '0x00070000', 'entropy': 7.942420315976362, 'name': '.jjbxv', 'virtual_size': '0x0002a039'} description A section with a high entropy has been found
entropy 0.3193717277486911 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
DrWeb Trojan.Siggen9.35038
MicroWorld-eScan Gen:Variant.Barys.1716
FireEye Generic.mg.d48dfaadabf9b1c7
CAT-QuickHeal Trojan.Generic
ALYac Gen:Variant.Barys.1716
Cylance Unsafe
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik
K7AntiVirus Trojan ( 00563aea1 )
Alibaba Trojan:Win32/Formbook.9318b713
K7GW Trojan ( 00563aea1 )
Cybereason malicious.dabf9b
Arcabit Trojan.Barys.D6B4
BitDefenderTheta Gen:NN.ZexaF.34700.WuW@aqBgXob
Cyren W32/Agent.BEB.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Kryptik.HCGI
APEX Malicious
Paloalto generic.ml
ClamAV Win.Malware.Score-7597125-0
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Gen:Variant.Barys.1716
NANO-Antivirus Trojan.Win32.Kryptik.hiqyai
Avast Win32:Trojan-gen
Ad-Aware Gen:Variant.Barys.1716
Sophos Mal/Generic-S
Comodo TrojWare.Win32.TrojanDownloader.Farfli.CWO@7k0rzk
F-Secure Trojan.TR/Crypt.Agent.iaiyt
VIPRE LooksLike.Win32.Crowti.b (v)
TrendMicro TROJ_GEN.R06EC0DI220
McAfee-GW-Edition BehavesLike.Win32.Worm.bh
Emsisoft Gen:Variant.Barys.1716 (B)
Jiangmin Trojan.Generic.eqtml
eGambit Unsafe.AI_Score_74%
Avira TR/Crypt.Agent.iaiyt
Antiy-AVL Trojan/Win32.AGeneric
Microsoft Trojan:Win32/Formbook.DSK!MTB
AegisLab Trojan.Win32.Generic.4!c
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Gen:Variant.Barys.1716
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Generic.C4052500
McAfee Artemis!D48DFAADABF9
MAX malware (ai score=100)
VBA32 Trojan.Wacatac
Malwarebytes Trojan.Crypt
TrendMicro-HouseCall TROJ_GEN.R06EC0DI220
Rising Trojan.Kryptik!1.C4BA (CLASSIC)
Ikarus Trojan.Win32.Crypt
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2016-12-06 19:23:28

Imports

Library KERNEL32.dll:
0x44a0d4 HeapAlloc
0x44a0d8 RaiseException
0x44a0dc HeapReAlloc
0x44a0e0 HeapSize
0x44a0e4 GetACP
0x44a100 SetHandleCount
0x44a104 GetStdHandle
0x44a108 GetFileType
0x44a10c HeapDestroy
0x44a110 HeapCreate
0x44a114 VirtualFree
0x44a118 VirtualAlloc
0x44a11c IsBadWritePtr
0x44a120 LCMapStringA
0x44a124 LCMapStringW
0x44a128 GetStringTypeA
0x44a12c GetStringTypeW
0x44a130 Sleep
0x44a134 IsBadReadPtr
0x44a138 IsBadCodePtr
0x44a13c SetStdHandle
0x44a140 CompareStringA
0x44a144 CompareStringW
0x44a14c HeapFree
0x44a150 TerminateProcess
0x44a154 GetProfileStringA
0x44a158 InterlockedExchange
0x44a15c ExitProcess
0x44a160 GetCommandLineA
0x44a164 GetStartupInfoA
0x44a168 RtlUnwind
0x44a16c FormatMessageA
0x44a170 GetFileTime
0x44a174 GetFileSize
0x44a178 GetFileAttributesA
0x44a17c GetTickCount
0x44a188 GetFullPathNameA
0x44a190 FindFirstFileA
0x44a194 FindClose
0x44a198 SetEndOfFile
0x44a19c UnlockFile
0x44a1a0 LockFile
0x44a1a4 FlushFileBuffers
0x44a1a8 SetFilePointer
0x44a1ac WriteFile
0x44a1b0 ReadFile
0x44a1b4 CreateFileA
0x44a1b8 GetCurrentProcess
0x44a1bc DuplicateHandle
0x44a1c0 SetErrorMode
0x44a1c4 GetOEMCP
0x44a1c8 GetCPInfo
0x44a1cc GetThreadLocale
0x44a1d0 SizeofResource
0x44a1d4 GetProcessVersion
0x44a1d8 GetLastError
0x44a1e0 GlobalFlags
0x44a1e4 lstrcpynA
0x44a1e8 TlsGetValue
0x44a1ec LocalReAlloc
0x44a1f0 TlsSetValue
0x44a1f8 GlobalReAlloc
0x44a200 TlsFree
0x44a204 GlobalHandle
0x44a20c TlsAlloc
0x44a214 LocalFree
0x44a218 LocalAlloc
0x44a21c MulDiv
0x44a220 SetLastError
0x44a224 MultiByteToWideChar
0x44a228 WideCharToMultiByte
0x44a22c lstrlenA
0x44a238 LoadLibraryA
0x44a23c FreeLibrary
0x44a240 GetVersion
0x44a244 lstrcatA
0x44a248 GlobalGetAtomNameA
0x44a24c GlobalAddAtomA
0x44a250 GlobalFindAtomA
0x44a254 lstrcpyA
0x44a258 GetModuleHandleA
0x44a25c GetProcAddress
0x44a260 GlobalUnlock
0x44a264 GlobalFree
0x44a268 LockResource
0x44a26c FindResourceA
0x44a270 LoadResource
0x44a274 CloseHandle
0x44a278 GetModuleFileNameA
0x44a27c GlobalLock
0x44a280 GlobalAlloc
0x44a284 GlobalDeleteAtom
0x44a288 lstrcmpA
0x44a28c lstrcmpiA
0x44a290 GetCurrentThread
0x44a294 GetCurrentThreadId
0x44a29c VirtualProtect
Library USER32.dll:
0x44a2d4 InvalidateRect
0x44a2d8 CharUpperA
0x44a2dc InflateRect
0x44a2e4 PostThreadMessageA
0x44a2e8 SendDlgItemMessageA
0x44a2ec MapWindowPoints
0x44a2f0 GetSysColor
0x44a2f4 SetFocus
0x44a2f8 AdjustWindowRectEx
0x44a2fc ScreenToClient
0x44a300 CopyRect
0x44a304 GetTopWindow
0x44a308 IsChild
0x44a30c GetCapture
0x44a310 WinHelpA
0x44a314 wsprintfA
0x44a318 GetClassInfoA
0x44a31c RegisterClassA
0x44a320 GetMenu
0x44a324 GetMenuItemCount
0x44a328 GetSubMenu
0x44a32c GetMenuItemID
0x44a334 GetWindowTextA
0x44a338 GetDlgCtrlID
0x44a33c DefWindowProcA
0x44a340 CreateWindowExA
0x44a344 GetClassLongA
0x44a348 SetPropA
0x44a34c UnhookWindowsHookEx
0x44a350 GetPropA
0x44a354 CallWindowProcA
0x44a358 RemovePropA
0x44a35c GetMessageTime
0x44a360 GetForegroundWindow
0x44a364 SetForegroundWindow
0x44a36c OffsetRect
0x44a370 IntersectRect
0x44a378 GetWindowPlacement
0x44a37c MapDialogRect
0x44a380 SetWindowPos
0x44a384 GetWindow
0x44a38c EndDialog
0x44a390 SetActiveWindow
0x44a394 IsWindow
0x44a39c DestroyWindow
0x44a3a0 GetDlgItem
0x44a3a4 LoadBitmapA
0x44a3a8 GetMenuState
0x44a3ac ModifyMenuA
0x44a3b0 SetMenuItemBitmaps
0x44a3b4 CheckMenuItem
0x44a3b8 EnableMenuItem
0x44a3bc GetFocus
0x44a3c0 GetNextDlgTabItem
0x44a3c4 GetMessageA
0x44a3c8 TranslateMessage
0x44a3cc DispatchMessageA
0x44a3d0 GetActiveWindow
0x44a3d4 GetKeyState
0x44a3d8 CallNextHookEx
0x44a3dc ValidateRect
0x44a3e0 IsWindowVisible
0x44a3e4 PeekMessageA
0x44a3e8 GetCursorPos
0x44a3ec SetWindowsHookExA
0x44a3f0 GetParent
0x44a3f4 GetLastActivePopup
0x44a3f8 GrayStringA
0x44a3fc SetClassWord
0x44a400 EnableWindow
0x44a404 UnregisterClassA
0x44a408 HideCaret
0x44a40c ShowCaret
0x44a410 ExcludeUpdateRgn
0x44a414 DrawFocusRect
0x44a418 IsWindowEnabled
0x44a41c GetWindowLongA
0x44a420 MessageBoxA
0x44a424 SetCursor
0x44a428 PostQuitMessage
0x44a42c PostMessageA
0x44a430 GetClientRect
0x44a434 IsIconic
0x44a438 DrawIcon
0x44a43c GetSystemMetrics
0x44a440 GetWindowRect
0x44a444 SetWindowRgn
0x44a448 MessageBeep
0x44a44c GetNextDlgGroupItem
0x44a450 SetRect
0x44a458 GetMessagePos
0x44a45c CharNextA
0x44a460 SendMessageA
0x44a464 GetSystemMenu
0x44a468 DefDlgProcA
0x44a46c IsWindowUnicode
0x44a470 LoadIconA
0x44a474 AppendMenuA
0x44a478 PtInRect
0x44a47c GetClassNameA
0x44a480 GetDesktopWindow
0x44a484 LoadCursorA
0x44a488 DrawTextA
0x44a48c TabbedTextOutA
0x44a490 EndPaint
0x44a494 BeginPaint
0x44a498 GetWindowDC
0x44a49c ReleaseDC
0x44a4a0 GetDC
0x44a4a4 ClientToScreen
0x44a4a8 DestroyMenu
0x44a4ac LoadStringA
0x44a4b0 ShowWindow
0x44a4b4 MoveWindow
0x44a4b8 SetWindowTextA
0x44a4bc IsDialogMessageA
0x44a4c4 GetSysColorBrush
0x44a4c8 UpdateWindow
0x44a4cc SetWindowLongA
Library GDI32.dll:
0x44a01c RestoreDC
0x44a020 SelectObject
0x44a024 GetStockObject
0x44a028 SetBkMode
0x44a02c SetMapMode
0x44a030 SetViewportOrgEx
0x44a034 OffsetViewportOrgEx
0x44a038 SetViewportExtEx
0x44a03c ScaleViewportExtEx
0x44a040 SetWindowExtEx
0x44a044 ScaleWindowExtEx
0x44a048 IntersectClipRect
0x44a04c SaveDC
0x44a050 GetDeviceCaps
0x44a054 GetViewportExtEx
0x44a058 GetWindowExtEx
0x44a05c CreateSolidBrush
0x44a060 PtVisible
0x44a064 RectVisible
0x44a068 TextOutA
0x44a06c ExtTextOutA
0x44a070 Escape
0x44a074 GetTextColor
0x44a078 GetBkColor
0x44a07c DPtoLP
0x44a080 LPtoDP
0x44a084 GetMapMode
0x44a088 PatBlt
0x44a08c DeleteDC
0x44a090 GetObjectA
0x44a094 SetBkColor
0x44a098 SetTextColor
0x44a09c GetClipBox
0x44a0a0 CreateBitmap
0x44a0a4 CombineRgn
0x44a0a8 CreateRoundRectRgn
0x44a0ac CreatePolygonRgn
0x44a0b0 CreateEllipticRgn
0x44a0b4 CreateRectRgn
0x44a0b8 DeleteObject
0x44a0bc CreateDIBitmap
0x44a0c0 GetTextExtentPointA
0x44a0c4 BitBlt
0x44a0c8 CreateCompatibleDC
0x44a0cc SetColorSpace
Library comdlg32.dll:
0x44a4e4 GetFileTitleA
Library WINSPOOL.DRV:
0x44a4d4 ClosePrinter
0x44a4d8 DocumentPropertiesA
0x44a4dc OpenPrinterA
Library ADVAPI32.dll:
0x44a000 RegCloseKey
0x44a004 RegSetValueExA
0x44a008 RegOpenKeyExA
0x44a00c RegCreateKeyExA
Library COMCTL32.dll:
0x44a014
Library oledlg.dll:
0x44a52c
Library ole32.dll:
0x44a4f0 OleInitialize
0x44a4f4 CoTaskMemAlloc
0x44a4f8 CoTaskMemFree
0x44a508 CoGetClassObject
0x44a50c CLSIDFromString
0x44a510 CLSIDFromProgID
0x44a518 CoRevokeClassObject
0x44a51c OleFlushClipboard
0x44a524 OleUninitialize
Library OLEPRO32.DLL:
0x44a2cc
Library OLEAUT32.dll:
0x44a2a4 VariantCopy
0x44a2a8 VariantClear
0x44a2ac SysAllocStringLen
0x44a2b0 SysFreeString
0x44a2b4 VariantChangeType
0x44a2b8 SysAllocString
0x44a2c0 SysStringLen

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51809 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 60124 239.255.255.250 3702
192.168.56.101 62194 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.