0.9
低危
49 个模型检测该样本为恶意!
重新分析
更多

1e440bfd2539a5953e1d48d9c0b10cbb10fbb3aadabd3228f7efd3c4afc43f72

1e440bfd2539a5953e1d48d9c0b10cbb10fbb3aadabd3228f7efd3c4afc43f72.exe

分析耗时

195s

最近分析

362天前

文件大小

36.0KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN WORM GIGEX
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.53
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:Gigu [Wrm] 20200531 18.4.3895.0
Baidu None 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Kingsoft None 20200531 2013.8.14.323
McAfee None 20200531 6.0.6.653
Tencent Malware.Win32.Gencirc.10b0cc37 20200531 1.0.0.1
静态指标
行为判定
动态指标
网络通信
与未执行 DNS 查询的主机进行通信 (1 个事件)
host 114.114.114.114
文件已被 VirusTotal 上 49 个反病毒引擎识别为恶意 (49 个事件)
ALYac Generic.Malware.G!M!P!Pk!oeg.92A1C983
APEX Malicious
AVG Win32:Gigu [Wrm]
Acronis suspicious
Ad-Aware Generic.Malware.G!M!P!Pk!oeg.92A1C983
AhnLab-V3 Trojan/Win32.HDC.C82118
Antiy-AVL Worm[Email]/Win32.Gigex
Arcabit Generic.Malware.G!M!P!Pk!oeg.92A1C983
Avast Win32:Gigu [Wrm]
Avira WORM/Gigex.2
BitDefender Generic.Malware.G!M!P!Pk!oeg.92A1C983
BitDefenderTheta AI:Packer.0DBF010D1E
Comodo Worm.Win32.Gigex.A@8f3nxw
CrowdStrike win/malicious_confidence_100% (D)
Cybereason malicious.df4df0
Cylance Unsafe
Cyren W32/AV-Killer-based_DET!Eldorado
DrWeb Win32.HLLM.Gigu.24608
Emsisoft Generic.Malware.G!M!P!Pk!oeg.92A1C983 (B)
Endgame malicious (high confidence)
F-Prot W32/AV-Killer-based_DET!Eldorado
F-Secure Worm.WORM/Gigex.2
FireEye Generic.mg.d7a24e4df4df0def
Fortinet PossibleThreat.PALLAS.H
GData Generic.Malware.G!M!P!Pk!oeg.92A1C983
Ikarus Email-Worm.Win32.Gigex
Invincea heuristic
K7AntiVirus Trojan ( 005581461 )
K7GW Trojan ( 005581461 )
Kaspersky UDS:DangerousObject.Multi.Generic
MAX malware (ai score=84)
Malwarebytes Worm.Agent
MaxSecure Trojan.Malware.121218.susgen
MicroWorld-eScan Generic.Malware.G!M!P!Pk!oeg.92A1C983
NANO-Antivirus Trojan.Win32.Gigex.glom
Panda Trj/Genetic.gen
Qihoo-360 Generic/HEUR/QVM19.1.945C.Malware.Gen
Rising Worm.Gigex!8.5D2D (RDMK:cmRtazrejt8ESUM6STCKBuLJLzmY)
Sangfor Malware
SentinelOne DFI - Malicious PE
Symantec ML.Attribute.HighConfidence
Tencent Malware.Win32.Gencirc.10b0cc37
Trapmine suspicious.low.ml.score
TrendMicro TROJ_GEN.R007C0OEV20
TrendMicro-HouseCall TROJ_GEN.R007C0OEV20
VIPRE Trojan.Crypt.FKM.Gen (v)
Yandex I-Worm.Gigex.A
ZoneAlarm UDS:DangerousObject.Multi.Generic
eGambit Unsafe.AI_Score_80%
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2002-08-30 22:18:48

PE Imphash

f736665ac33b6775ed4c156ddf9c52af

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x000032e8 0x000032e8 6.1673970150210025
.bss 0x00005000 0x00000d34 0x00000000 0.0
.data 0x00006000 0x00001ba0 0x00001ba0 4.566248877978046
.idata 0x00008000 0x00000fac 0x00000fac 5.417464138570893

Imports

Library wsock32.dll:
0x408268 WSACleanup
0x40826c WSAStartup
0x408270 closesocket
0x408274 connect
0x408278 gethostbyname
0x40827c htons
0x408280 inet_addr
0x408284 recv
0x408288 send
0x40828c socket
Library KERNEL32.DLL:
0x408298 ExitProcess
0x40829c FindFirstFileA
0x4082a0 FindNextFileA
0x4082a4 FreeLibrary
0x4082a8 GetCommandLineA
0x4082ac GetCurrentProcess
0x4082b0 GetFileSize
0x4082b4 GetModuleFileNameA
0x4082b8 GetModuleHandleA
0x4082bc CloseHandle
0x4082c0 GetProcAddress
0x4082c4 GetSystemDirectoryA
0x4082c8 GetTickCount
0x4082d0 CopyFileA
0x4082d4 IsBadReadPtr
0x4082d8 LoadLibraryA
0x4082dc MapViewOfFile
0x4082e0 OpenMutexA
0x4082e4 OpenProcess
0x4082e8 Process32First
0x4082ec Process32Next
0x4082f0 CreateFileA
0x4082f4 ReadFile
0x4082f8 CreateFileMappingA
0x4082fc ReadProcessMemory
0x408300 ReleaseMutex
0x408304 RtlUnwind
0x408308 RtlZeroMemory
0x408310 SetEndOfFile
0x408314 SetFileAttributesA
0x408318 SetFilePointer
0x40831c SetThreadPriority
0x408320 CreateMutexA
0x408324 TerminateProcess
0x408328 UnmapViewOfFile
0x40832c VirtualProtect
0x408330 WriteFile
0x408334 CreateThread
Library USER32.DLL:
0x408344 LoadCursorA
0x408348 SetTimer
0x40834c KillTimer
0x408350 RegisterClassA
0x408354 GetMessageA
0x408358 TranslateMessage
0x40835c DispatchMessageA
0x408360 CreateWindowExA
0x408364 DefWindowProcA
Library ADVAPI32.DLL:
0x408370 GetUserNameA
0x408374 RegCloseKey
0x408378 RegOpenKeyExA
0x40837c RegQueryValueExA
0x408380 RegSetValueExA
Library CRTDLL.DLL:
0x40838c __GetMainArgs
0x408390 _strcmpi
0x408394 toupper
0x408398 abort
0x40839c exit
0x4083a0 fclose
0x4083a4 feof
0x4083a8 fgets
0x4083ac fopen
0x4083b0 fputc
0x4083b4 fputs
0x4083b8 fread
0x4083bc free
0x4083c0 fseek
0x4083c4 ftell
0x4083c8 fwrite
0x4083cc malloc
0x4083d0 memcmp
0x4083d4 memcpy
0x4083d8 memset
0x4083dc raise
0x4083e0 rand
0x4083e4 signal
0x4083e8 srand
0x4083ec strcat
0x4083f0 strchr
0x4083f4 strcmp
0x4083f8 strstr
L!This program cannot be run in DOS mode.
.idata
t ;t$$t
_^[USVWUj
]_^[]U
v41qUk
SVWeP<$f
UQPSVW]
JB<fa@
SVW}5$b@
E}51b@
JB|=W<
1<|=W<
_^[U)+
SVW1uE
MURcuP}
SVWp56b@
E)E`USU`UTU
TtttP}
}tl=pW}
+EPH}u
SVWhz@
Uf8MZu
REPEPuVUEUPXEPEPuVUV!
1_^[UQSVWf
9r_^[UDSVW1
E;PPvD@P
uhuPu4
FC>r=b@
d_^[UVWE
_^]5[@
UW%XY@
_]UVWj
1_^]UQVW}
EPS\hOz@
EPS(hHz@
1_^[UQWh
E?EE<@r
_^[UQPW}
1@_UQW}
SVWb5s@
u"EPhP\@
uEEPhP\@
_^[5Y@
_U(SVW}5s@
thbj h<X@
EPh<X@
t&EPh\@
VWj5s@
f85!t@
jPShx@
jPBhx@
8P1hx@
EP#hx@
`C1@_^
SVWhkz@
}RSWuEVhx@
JBUVhv@
EE9EvVhu@
_^[5[@
t|`5[@
?"u#j"@P4
ffffffffffffffff
4Vx`xV4
KERNEL32.dll
GetProcAddress
GetModuleHandleA
LoadLibraryA
PEncrypt v4.0d$
JunkCode
KochiD$
KeralaABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
=TASKMGR.EXE
NAVAPW32.EXE
NETSTAT.EXE
NAVAPW32.EXE
MSCONFIG.EXE
SYSEDIT.EXE
ZAPRO.EXE
ZONEALARM.EXE
ZATUTOR.EXE
ZAUINST.EXE
MINILOG.EXE
VSMON.EXE
REGEDIT.EXE
LOCKDOWN.EXE
ANTS.EXE
FAST.EXE
GUARD.EXE
UPDATE.EXE
AUTOUPDATE.EXE
TC.EXE
SPYXX.EXE
CLEAN.EXE
PVIEW95.EXE
DRWATSON.EXE
SFC.EXE
MSINFO32.EXE
NSCHED32.EXE
CLEANER.EXE
LSETUP.EXE
AUPDATE.EXE
LUALL.EXE
LUCOMSERVER.EXE
LUINIT.EXE
NAVW32.EXE
NAVSTUB.EXE
BOOTWARN.EXE
QCONSOLE.EXE
QSERVER.EXE
NAVDX.EXE
UNDOBOOT.EXE
CFGWIZ.EXE
MOOLIVE.EXE
TCA.EXE
TCM.EXE
TDS-3.EXE
SS3EDIT.EXE
UPDATE.EXE
ANTI-TROJAN.EXE
ATCON.EXE
ATUPDATER.EXE
ATWATCH.EXE
WGFE95.EXE
POPROXY.EXE
NPROTECT.EXE
VSSTAT.EXE
VSHWIN32.EXE
NDD32.EXE
MCAGENT.EXE
MCUPDATE.EXE
AVPCC.EXE
AVPM.EXE
WATCHDOG.EXE
TAUMON.EXE
IAMAPP.EXE
IAMSERV.EXE
LOCKDOWN2000.EXESPHINX.EXE
AVCONSOL.EXE
WEBSCANX.EXE
VSECOMR.EXE
_AVP32.EXE
_AVPCC.EXE
_AVPM.EXE
AVP32.EXE
AVPCC.EXE
AVP.EXE
PCCIOMON.EXE
ICLOAD95.EXE
ICMON.EXE
ICSUPP95.EXE
ICLOADNT.EXE
ICSUPPNT.EXE
FRW.EXE
FIREWALL.EXE
ANTIVIRUS.EXE
BLACKICE.EXE
BLACKD.EXE
WRCTRL.EXE
WRADMIN.EXE
CLEANER3.EXE
PCFWALLICON.EXE
APLICA32.EXE
CFIADMIN.EXE
CFIAUDIT.EXE
CFINET32.EXE
CFINET.EXE
TDS2-98.EXE
TDS2-NT.EXE
SAFEWEB.EXE
NVARCH16.EXE
VSMAIN.EXE
PERSFW.EXE
AVSYNMGR.EXE
PAVPROXY.EXE
MSSMMC32.EXE
TRJSCAN.EXE
DEFWATCH.EXE
VPC42.EXE
RTVSCN95.EXE
VPTRAY.EXE
MGUI.EXE
APVXDWIN.EXE
FSAV.EXE
AGENTSVR.EXE
NMAIN.EXE
NISUM.EXE
NISSERV.EXE
TASKMON.EXE
RRGUARD.EXE
RESCUE32.EXE
RESCUE.EXE
RSHELL.EXE
APIMONITOR.EXE
BORG2.EXE
W32DSM89.EXE
CLEANPC.EXE
Software\Microsoft\Internet Account Manager
mailto:
Check this out!
Interesting..
Cool Stuff!!
I've a greeting attached :-)
look what i've made..
I've made something 4 ya..
awesome stuff, check att.
Happy_XMas.eXe
Fun_Games.eXe
MyHeart4u.eXe
HeartsOnFire.eXe
I-Worm.GiGu v0.1, JunkCode [ junkcode@gmx.net ]
------=_NextPart_000_001E_01C24D48.186EE4E0--
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="
name="
------=_NextPart_000_001E_01C24D48.186EE4E0
Content-Type: application/x-msdownload;
Content-Transfer-Encoding: 7bit
------=_NextPart_000_001E_01C24D48.186EE4E0
Content-Type: text/plain;
charset="iso-8859-1"
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
This is a multi-part message in MIME format.
boundary="----=_NextPart_000_001E_01C24D48.186EE4E0"
X-Priority: 3
X-MSMail-Priority: Normal
Date: Sat, 31 Aug 2003 21:32:30 +0530
MIME-Version: 1.0
Content-Type: multipart/mixed;
Subject:
To: Friend <victim@i-worm.gigu>
From: "
Personal
Favorites
Desktop
.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
\uGiG.eXe
localhost
SMTP Email Address
SMTP Server
\Accounts\
Default Mail Account
RegisterServiceProcess
Kernel32.DLL
\GiGu.eXe
\GiGu.eml
I-Worm.Gigu
uGiG.eXe
I-Worm.GiGu
Software\Microsoft\Windows\CurrentVersion\Run
RCPT TO:
MAIL FROM:
CheckSumMappedFile
ImageHLP.DLL
((((( H
|}|;|P
|lm|i|i|`
|d|d`|4]||Z|T|T|N|$L|dH|H
9||d6|1|0|
0|t/|4*|
CA~8)A~8DA~5A~VA~P#A~ hA~nA~iA~
<w'wP#w
WSACleanup
WSAStartup
closesocket
connect
gethostbyname
inet_addr
socket
ExitProcess
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTickCount
GetWindowsDirectoryA
CopyFileA
IsBadReadPtr
LoadLibraryA
MapViewOfFile
OpenMutexA
OpenProcess
Process32First
Process32Next
CreateFileA
ReadFile
CreateFileMappingA
ReadProcessMemory
ReleaseMutex
RtlUnwind
RtlZeroMemory
SetCurrentDirectoryA
SetEndOfFile
SetFileAttributesA
SetFilePointer
SetThreadPriority
CreateMutexA
TerminateProcess
UnmapViewOfFile
VirtualProtect
WriteFile
CreateThread
CreateToolhelp32Snapshot
LoadCursorA
SetTimer
KillTimer
RegisterClassA
GetMessageA
TranslateMessage
DispatchMessageA
CreateWindowExA
DefWindowProcA
GetUserNameA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
__GetMainArgs
_strcmpi
toupper
fclose
fwrite
malloc
memcmp
memcpy
memset
signal
strcat
strchr
strcmp
strstr
Aiwsock32.dll
KERNEL32.DLL
USER32.DLL
ADVAPI32.DLL
CRTDLL.DLL
WP@u- #
b/|l81b.
jjjjjjh
fffffff
fffffff
fffffff
fffffff

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.