SmartHawk

4.4

中危

50 个模型检测该样本为恶意！

重新分析

下载样本

670d05296e29183d8f292c1fe61003bb8bc608c5ee4916c68996b4f64e587622

da8fc85764f9bf3760d75ca2598cc4dc.exe

分析耗时

53s

最近分析

文件大小

128.0KB

静态报毒动态报毒 9DRROKPTOVS AI SCORE=100 BSCOPE COMETER DEEPSCAN DTPGS EMOTET EOUY GDSDA GENKRYPTIK HIGH CONFIDENCE HNMPFR KILN KRYPTIK MALWARE@#2DZOXLOLV25BP METERPRETER R+ABP5EJVLC ROZENA SCORE SUSGEN SWRORT UNSAFE VSNTGB20 WTDV ZENPAK 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
CrowdStrike		20190702	1.0
Alibaba	Trojan:Win32/Cometer.3464390c	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:Malware-gen	20201016	18.4.3895.0
Tencent	Win32.Trojan.Cometer.Wtdv	20201016	1.0.0.1
Kingsoft		20201016	2013.8.14.323
McAfee	Emotet-FRH!DA8FC85764F9	20201012	6.0.6.653

This executable has a PDB path (1 个事件)

pdb_path

C:\Users\User\Desktop\Windows-classic-samples-master\Windows-classic-samples-master\Samples\Win7Samples\winui\msaa\CPP\Release\AccServer.pdb

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619948411.589343 NtAllocateVirtualMemory	process_identifier: 2760 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12289 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00440000	success	0	0

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619948413.964343 GetAdaptersAddresses	flags: 0 family: 0	failed	111	0

Communicates with host for which no DNS query was performed (2 个事件)

host	104.194.10.206
host	172.217.24.14

Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)

Time & API	Arguments	Status
1619948416.542343 RegSetValueExA	key_handle: 0x00000398 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1619948416.542343 RegSetValueExA	key_handle: 0x00000398 value: lDD?× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1619948416.542343 RegSetValueExA	key_handle: 0x00000398 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1619948416.542343 RegSetValueExW	key_handle: 0x00000398 value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1619948416.542343 RegSetValueExA	key_handle: 0x000003b0 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1619948416.542343 RegSetValueExA	key_handle: 0x000003b0 value: lDD?× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1619948416.542343 RegSetValueExA	key_handle: 0x000003b0 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success
1619948416.573343 RegSetValueExW	key_handle: 0x00000394 value: {40112ABE-63B3-43C3-BE93-1440EE3AF106} regkey_r: WpadLastNetwork reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork	success

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)

dead_host

104.194.10.206:443

File has been identified by 50 AntiVirus engines on VirusTotal as malicious (50 个事件)

Elastic	malicious (high confidence)
MicroWorld-eScan	DeepScan:Generic.Exploit.Shellcode.1.15B195D5
FireEye	DeepScan:Generic.Exploit.Shellcode.1.15B195D5
Qihoo-360	Win32/Trojan.d0f
ALYac	Trojan.Cometer
Cylance	Unsafe
Alibaba	Trojan:Win32/Cometer.3464390c
K7GW	Riskware ( 0040eff71 )
K7AntiVirus	Riskware ( 0040eff71 )
Arcabit	DeepScan:Generic.Exploit.Shellcode.1.15B195D5
Invincea	Mal/Generic-S
Cyren	W32/Trojan.KILN-2957
Symantec	Trojan.Gen.MBT
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Trojan.Win32.Cometer.dyc
BitDefender	DeepScan:Generic.Exploit.Shellcode.1.15B195D5
NANO-Antivirus	Trojan.Win32.Cometer.hnmpfr
AegisLab	Trojan.Win32.Cometer.4!c
Avast	Win32:Malware-gen
Tencent	Win32.Trojan.Cometer.Wtdv
Ad-Aware	DeepScan:Generic.Exploit.Shellcode.1.15B195D5
Sophos	Mal/Generic-S
Comodo	Malware@#2dzoxlolv25bp
F-Secure	Trojan.TR/AD.Swrort.dtpgs
DrWeb	BackDoor.Meterpreter.119
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_FRS.VSNTGB20
McAfee-GW-Edition	Emotet-FRH!DA8FC85764F9
Emsisoft	Trojan.Crypt (A)
Ikarus	Trojan.Win32.Crypt
Jiangmin	Trojan.Banker.Emotet.ocx
Avira	TR/AD.Swrort.dtpgs
Antiy-AVL	Trojan/Win32.Cometer
Microsoft	Trojan:Win32/Swrort.A
ZoneAlarm	Trojan.Win32.Cometer.dyc
GData	DeepScan:Generic.Exploit.Shellcode.1.15B195D5
Cynet	Malicious (score: 85)
McAfee	Emotet-FRH!DA8FC85764F9
MAX	malware (ai score=100)
VBA32	BScope.Trojan.Zenpak
Malwarebytes	Trojan.InfoStealer
ESET-NOD32	Win32/Rozena.ABP
TrendMicro-HouseCall	TROJ_FRS.VSNTGB20
Rising	Trojan.Kryptik!8.8 (TFE:5:9DrrOkPtOVS)
Yandex	Trojan.Rozena!R+abP5eJvLc
Fortinet	W32/GenKryptik.EOUY!tr
AVG	Win32:Malware-gen
Panda	Trj/GdSda.A
MaxSecure	Trojan.Malware.10056239.susgen

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-07-02 04:56:29

Imports

Library OLEACC.dll:

• 0x41813c LresultFromObject

• 0x418140 CreateStdAccessibleObject

Library KERNEL32.dll:

• 0x41803c OutputDebugStringW

• 0x418040 LCMapStringW

• 0x418044 FlushFileBuffers

• 0x418048 HeapReAlloc

• 0x41804c GetCPInfo

• 0x418050 GetOEMCP

• 0x418054 GetACP

• 0x418058 IsValidCodePage

• 0x41805c GetConsoleCP

• 0x418060 GetConsoleMode

• 0x418064 ReadFile

• 0x418068 ReadConsoleW

• 0x41806c GetStringTypeW

• 0x418070 SetFilePointerEx

• 0x418074 CloseHandle

• 0x418078 LoadLibraryExA

• 0x41807c LoadLibraryExW

• 0x418080 ExitProcess

• 0x418084 WriteConsoleW

• 0x418088 SetStdHandle

• 0x41808c EnterCriticalSection

• 0x418090 GetModuleHandleW

• 0x418094 TlsFree

• 0x418098 TlsSetValue

• 0x41809c TlsGetValue

• 0x4180a0 GetLastError

• 0x4180a4 HeapFree

• 0x4180a8 EncodePointer

• 0x4180ac DecodePointer

• 0x4180b0 GetCommandLineW

• 0x4180b4 RaiseException

• 0x4180b8 RtlUnwind

• 0x4180bc IsDebuggerPresent

• 0x4180c0 IsProcessorFeaturePresent

• 0x4180c4 GetProcessHeap

• 0x4180c8 HeapAlloc

• 0x4180cc CreateFileW

• 0x4180d0 LeaveCriticalSection

• 0x4180d4 GetModuleHandleExW

• 0x4180d8 GetProcAddress

• 0x4180dc MultiByteToWideChar

• 0x4180e0 WideCharToMultiByte

• 0x4180e4 HeapSize

• 0x4180e8 SetLastError

• 0x4180ec GetCurrentThreadId

• 0x4180f0 GetStdHandle

• 0x4180f4 GetFileType

• 0x4180f8 DeleteCriticalSection

• 0x4180fc GetStartupInfoW

• 0x418100 GetModuleFileNameW

• 0x418104 WriteFile

• 0x418108 QueryPerformanceCounter

• 0x41810c GetCurrentProcessId

• 0x418110 GetSystemTimeAsFileTime

• 0x418114 GetEnvironmentStringsW

• 0x418118 FreeEnvironmentStringsW

• 0x41811c UnhandledExceptionFilter

• 0x418120 SetUnhandledExceptionFilter

• 0x418124 InitializeCriticalSectionAndSpinCount

• 0x418128 Sleep

• 0x41812c GetCurrentProcess

• 0x418130 TerminateProcess

• 0x418134 TlsAlloc

Library USER32.dll:

• 0x418150 DialogBoxParamW

• 0x418154 EndDialog

• 0x418158 SendDlgItemMessageW

• 0x41815c EndPaint

• 0x418160 ClientToScreen

• 0x418164 NotifyWinEvent

• 0x418168 GetParent

• 0x41816c LoadCursorW

• 0x418170 GetClientRect

• 0x418174 BeginPaint

• 0x418178 DrawFocusRect

• 0x41817c SetFocus

• 0x418180 InvalidateRect

• 0x418184 GetWindowLongW

• 0x418188 SetWindowLongW

• 0x41818c GetSysColor

• 0x418190 GetSysColorBrush

• 0x418194 MessageBoxW

• 0x418198 RegisterClassW

• 0x41819c DefWindowProcW

• 0x4181a0 ScreenToClient

• 0x4181a4 GetWindowRect

• 0x4181a8 PostMessageW

• 0x4181ac GetFocus

• 0x4181b0 InflateRect

Library GDI32.dll:

• 0x418008 SetBkMode

• 0x41800c DeleteObject

• 0x418010 SelectObject

• 0x418014 Rectangle

• 0x418018 Ellipse

• 0x41801c CreateFontW

• 0x418020 GetObjectW

• 0x418024 CreatePen

• 0x418028 TextOutW

• 0x41802c GetStockObject

• 0x418030 CreateSolidBrush

• 0x418034 SetTextColor

Library ADVAPI32.dll:

• 0x418000 CryptAcquireContextA

Library ole32.dll:

• 0x4181b8 CoInitialize

• 0x4181bc CoUninitialize

Library OLEAUT32.dll:

• 0x418148 SysAllocString

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	51809	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.