SmartHawk

3.4

中危

55 个模型检测该样本为恶意！

重新分析

下载样本

c075269eeafa44949769e52951fa9c3d98ee3fe5cbef54b93aee6baeecb1d657

d7b234aa7eb91be2abdbcd5fb1fd43ed.exe

分析耗时

81s

最近分析

文件大小

861.5KB

静态报毒动态报毒 100% 1M0@A0WMFDD AGENTTESLA AI SCORE=89 ANDROM ATTRIBUTE AUTO AVSARHER BTJEKX CONFIDENCE ELDORADO ERDU FAREIT GDSDA GENERICKD GENKRYPTIK HIGH CONFIDENCE HIGHCONFIDENCE HTLDBO KRYPTIK MALWARE@#3II8NKKIMCEEO QVM03 R349291 RATX RCRYPT SCORE SPYBOTNET SUDLOADER SUSPICIOUS PE TASKUN THIAOBO TSCOPE UMXDB UNSAFE ZEMSILF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Fareit-FYV!D7B234AA7EB9	20200925	6.0.6.653
Avast		20200927	18.4.3895.0
Alibaba	Trojan:MSIL/Androm.1511e4d8	20190527	0.3.0.5
Tencent	Win32.Trojan.Inject.Auto	20200925	1.0.0.1
Baidu		20190318	1.0.0.2
Kingsoft		20200925	2013.8.14.323
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0

Checks if process is being debugged by a debugger (42 个事件)

Time & API	Arguments	Status	Return	Repeated
1619948415.561008 IsDebuggerPresent		failed	0	0
1619948415.561008 IsDebuggerPresent		failed	0	0
1619948462.764008 IsDebuggerPresent		failed	0	0
1619948463.264008 IsDebuggerPresent		failed	0	0
1619948463.764008 IsDebuggerPresent		failed	0	0
1619948464.264008 IsDebuggerPresent		failed	0	0
1619948464.764008 IsDebuggerPresent		failed	0	0
1619948465.264008 IsDebuggerPresent		failed	0	0
1619948465.764008 IsDebuggerPresent		failed	0	0
1619948466.264008 IsDebuggerPresent		failed	0	0
1619948466.764008 IsDebuggerPresent		failed	0	0
1619948467.264008 IsDebuggerPresent		failed	0	0
1619948467.764008 IsDebuggerPresent		failed	0	0
1619948468.264008 IsDebuggerPresent		failed	0	0
1619948468.764008 IsDebuggerPresent		failed	0	0
1619948469.264008 IsDebuggerPresent		failed	0	0
1619948469.764008 IsDebuggerPresent		failed	0	0
1619948470.264008 IsDebuggerPresent		failed	0	0
1619948470.764008 IsDebuggerPresent		failed	0	0
1619948471.264008 IsDebuggerPresent		failed	0	0
1619948471.764008 IsDebuggerPresent		failed	0	0
1619948472.264008 IsDebuggerPresent		failed	0	0
1619948472.764008 IsDebuggerPresent		failed	0	0
1619948473.264008 IsDebuggerPresent		failed	0	0
1619948473.764008 IsDebuggerPresent		failed	0	0
1619948474.264008 IsDebuggerPresent		failed	0	0
1619948474.780008 IsDebuggerPresent		failed	0	0
1619948475.264008 IsDebuggerPresent		failed	0	0
1619948475.780008 IsDebuggerPresent		failed	0	0
1619948476.264008 IsDebuggerPresent		failed	0	0
1619948476.780008 IsDebuggerPresent		failed	0	0
1619948477.264008 IsDebuggerPresent		failed	0	0
1619948477.780008 IsDebuggerPresent		failed	0	0
1619948478.264008 IsDebuggerPresent		failed	0	0
1619948478.780008 IsDebuggerPresent		failed	0	0
1619948479.264008 IsDebuggerPresent		failed	0	0
1619948479.780008 IsDebuggerPresent		failed	0	0
1619948480.264008 IsDebuggerPresent		failed	0	0
1619948480.780008 IsDebuggerPresent		failed	0	0
1619948481.264008 IsDebuggerPresent		failed	0	0
1619948481.811008 IsDebuggerPresent		failed	0	0
1619948482.264008 IsDebuggerPresent		failed	0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619948415.576008 GlobalMemoryStatusEx		success	1	0

Allocates read-write-execute memory (usually to unpack itself) (50 out of 99 个事件)

Time & API	Arguments	Status	Return
1619948415.201008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 1310720 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 8192 (MEM_RESERVE) base_address: 0x00580000	success	0
1619948415.201008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00680000	success	0
1619948415.342008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 327680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 8192 (MEM_RESERVE) base_address: 0x004f0000	success	0
1619948415.342008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00500000	success	0
1619948415.405008 NtProtectVirtualMemory	process_identifier: 340 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x73e71000	success	0
1619948415.561008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 2097152 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 8192 (MEM_RESERVE) base_address: 0x02120000	success	0
1619948415.561008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x022e0000	success	0
1619948415.561008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x005aa000	success	0
1619948415.561008 NtProtectVirtualMemory	process_identifier: 340 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x73e72000	success	0
1619948415.561008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x005a2000	success	0
1619948415.748008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x005b2000	success	0
1619948415.795008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x005d5000	success	0
1619948415.811008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x005db000	success	0
1619948415.811008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x005d7000	success	0
1619948415.889008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x005b3000	success	0
1619948415.936008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x005bc000	success	0
1619948415.983008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00710000	success	0
1619948415.983008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x005b4000	success	0
1619948416.061008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x022e1000	success	0
1619948416.061008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x022e2000	success	0
1619948416.108008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x005b5000	success	0
1619948416.108008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x005c6000	success	0
1619948416.123008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00711000	success	0
1619948416.123008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x022e3000	success	0
1619948416.123008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x022e4000	success	0
1619948416.155008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x022e5000	success	0
1619948416.155008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 69632 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x022e9000	success	0
1619948416.170008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x022fa000	success	0
1619948416.186008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00712000	success	0
1619948416.186008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x005ca000	success	0
1619948416.186008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x005c7000	success	0
1619948416.201008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x005ac000	success	0
1619948416.248008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x005b6000	success	0
1619948416.389008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x005b7000	success	0
1619948416.686008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x005b8000	success	0
1619948416.701008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x005b9000	success	0
1619948416.873008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00740000	success	0
1619948416.873008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x005ba000	success	0
1619948416.998008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00750000	success	0
1619948417.045008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00713000	success	0
1619948417.045008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00751000	success	0
1619948417.061008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x005bd000	success	0
1619948417.061008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00752000	success	0
1619948417.076008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 12288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00714000	success	0
1619948417.092008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 12288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00717000	success	0
1619948450.483008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x0071a000	success	0
1619948450.576008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00753000	success	0
1619948450.592008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x0071b000	success	0
1619948450.717008 NtProtectVirtualMemory	process_identifier: 340 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 504832 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x05680400	failed	3221225550
1619948462.045008 NtAllocateVirtualMemory	process_identifier: 340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x0071c000	success	0

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.95937328458171

section

{'size_of_data': '0x000a9200', 'virtual_address': '0x00002000', 'entropy': 7.95937328458171, 'name': '.text', 'virtual_size': '0x000a90a0'}

description

A section with a high entropy has been found

entropy

0.7857142857142857

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619948450.701008 LookupPrivilegeValueW	system_name: privilege_name: SeDebugPrivilege	success	1	0

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 个事件)

Elastic	malicious (high confidence)
DrWeb	BackDoor.SpyBotNET.25
MicroWorld-eScan	Trojan.GenericKD.34426239
FireEye	Generic.mg.d7b234aa7eb91be2
CAT-QuickHeal	Trojan.MSIL
McAfee	Fareit-FYV!D7B234AA7EB9
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
K7AntiVirus	Trojan ( 0056d4b91 )
BitDefender	Trojan.GenericKD.34426239
K7GW	Trojan ( 0056d4b91 )
Cybereason	malicious.a07370
Invincea	Mal/Generic-S
BitDefenderTheta	Gen:NN.ZemsilF.34254.1m0@a0WMfDd
Cyren	W32/MSIL_Kryptik.BLK.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Kaspersky	HEUR:Trojan.MSIL.Taskun.gen
Alibaba	Trojan:MSIL/Androm.1511e4d8
NANO-Antivirus	Trojan.Win32.Taskun.htldbo
ViRobot	Trojan.Win32.Z.Kryptik.882176.BP
AegisLab	Trojan.MSIL.Taskun.4!c
Tencent	Win32.Trojan.Inject.Auto
Ad-Aware	Trojan.GenericKD.34426239
Sophos	Mal/Generic-S
Comodo	Malware@#3ii8nkkimceeo
F-Secure	Trojan.TR/Kryptik.umxdb
Zillya	Trojan.Taskun.Win32.359
TrendMicro	Trojan.MSIL.SUDLOADER.THIAOBO
McAfee-GW-Edition	BehavesLike.Win32.Generic.cc
Emsisoft	Trojan.Crypt (A)
SentinelOne	DFI - Suspicious PE
GData	Trojan.GenericKD.34426239
Avira	TR/Kryptik.umxdb
MAX	malware (ai score=89)
Antiy-AVL	Trojan/MSIL.Taskun
Arcabit	Trojan.Generic.D20D4D7F
ZoneAlarm	HEUR:Trojan.MSIL.Taskun.gen
Microsoft	Trojan:Win32/Agenttesla.TB!rfn
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Kryptik.R349291
VBA32	TScope.Trojan.MSIL
ALYac	Trojan.GenericKD.34426239
Malwarebytes	Trojan.RCrypt.MSIL.Generic
Panda	Trj/GdSda.A
ESET-NOD32	a variant of MSIL/Kryptik.XLS
TrendMicro-HouseCall	Trojan.MSIL.SUDLOADER.THIAOBO
Yandex	Trojan.AvsArher.bTJEKx
Ikarus	Trojan.MSIL.Inject

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-08-25 20:28:07

Imports

Library mscoree.dll:

• 0x402000 _CorExeMain

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	50537	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.