3.0
中危
57 个模型检测该样本为恶意!
重新分析
更多

a0023ed551a57c336b69dcf494bbf83549ef8ce570fcb273333cf1abbc2863cc

dca81edd37ed6153526ceccbccc31ba6.exe

分析耗时

19s

最近分析

文件大小

267.4KB
静态报毒 动态报毒 AI SCORE=100 AIDETECT AIYA BSCOPE CLOUD CONFIDENCE CRIDEX CRYPTINJECT DANGEROUSSIG DOWNLOADER33 EHLS ELDORADO ENCPK GENCIRC GRAYWARE HDYD HIGH CONFIDENCE HLIGIK HXQBPFSA JHZZD KCLOUD KRYPTIK MALICIOUS PE MALWARE1 MALWARE@#1934I99CRO6G0 MOKES QQ1@AEK1N3PK R + MAL RAZY SCORE SMOKELDR SMOKELOADER STATIC AI SUSGEN UNSAFE WACATAC ZEXAF ZURGOP 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Baidu 20190318 1.0.0.2
Alibaba Backdoor:Win32/Mokes.fc7275c3 20190527 0.3.0.5
Tencent Malware.Win32.Gencirc.11934953 20210303 1.0.0.1
Kingsoft Win32.Hack.Mokes.ai.(kcloud) 20210303 2017.9.26.565
McAfee Packed-GBW!DCA81EDD37ED 20210303 6.0.6.653
Avast Win32:DangerousSig [Trj] 20210303 21.1.5827.0
CrowdStrike win/malicious_confidence_80% (W) 20210203 1.0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619948410.1193
NtAllocateVirtualMemory
process_identifier: 472
region_size: 40960
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003f0000
success 0 0
1619948410.5573
NtAllocateVirtualMemory
process_identifier: 472
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00450000
success 0 0
1619948410.5573
NtProtectVirtualMemory
process_identifier: 472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 40960
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Detects Avast Antivirus through the presence of a library (2 个事件)
Time & API Arguments Status Return Repeated
1619948410.8223
LdrGetDllHandle
module_name: snxhk
stack_pivoted: 0
module_address: 0x00000000
failed 3221225781 0
1619948410.8223
LdrGetDllHandle
module_name: snxhk
stack_pivoted: 0
module_address: 0x00000000
failed 3221225781 0
File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 个事件)
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Razy.682481
CAT-QuickHeal Trojan.Cryptinject
Qihoo-360 Win32/Backdoor.Mokes.HxQBPfsA
ALYac Gen:Variant.Razy.682481
Malwarebytes Trojan.MalPack
VIPRE Trojan.Win32.Generic!BT
K7AntiVirus Riskware ( 0040eff71 )
BitDefender Gen:Variant.Razy.682481
K7GW Riskware ( 0040eff71 )
Cybereason malicious.d37ed6
BitDefenderTheta Gen:NN.ZexaF.34590.qq1@aek1n3pk
Cyren W32/Agent.BUM.gen!Eldorado
Symantec Packed.Generic.459
APEX Malicious
Paloalto generic.ml
Kaspersky Backdoor.Win32.Mokes.aiya
Alibaba Backdoor:Win32/Mokes.fc7275c3
NANO-Antivirus Trojan.Win32.Kryptik.hligik
ViRobot Trojan.Win32.Z.Wacatac.273800
Tencent Malware.Win32.Gencirc.11934953
Ad-Aware Gen:Variant.Razy.682481
Sophos Mal/Generic-R + Mal/EncPk-APV
Comodo Malware@#1934i99cro6g0
F-Secure Trojan.TR/AD.SmokeLoader.jhzzd
DrWeb Trojan.DownLoader33.54581
McAfee-GW-Edition Packed-GBW!DCA81EDD37ED
FireEye Generic.mg.dca81edd37ed6153
Emsisoft Gen:Variant.Razy.682481 (B)
Ikarus Trojan-Downloader.Win32.Zurgop
Jiangmin Backdoor.Mokes.cjx
Avira TR/AD.SmokeLoader.jhzzd
Antiy-AVL GrayWare/Win32.Kryptik.ehls
Kingsoft Win32.Hack.Mokes.ai.(kcloud)
Microsoft Trojan:Win32/CryptInject!MSR
Gridinsoft Trojan.Win32.Kryptik.vb
Arcabit Trojan.Razy.DA69F1
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik
ZoneAlarm Backdoor.Win32.Mokes.aiya
GData Gen:Variant.Razy.682481
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Smokeldr.C4118538
Acronis suspicious
McAfee Packed-GBW!DCA81EDD37ED
MAX malware (ai score=100)
VBA32 BScope.Trojan.Encoder
Cylance Unsafe
Panda Trj/Agent.OOW
ESET-NOD32 a variant of Win32/Kryptik.HDYD
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-06-08 20:23:44

Imports

Library KERNEL32.dll:
0x441c70 GetStartupInfoA
0x441c74 GetModuleHandleA
0x441c78 DeleteFileA
0x441c7c GetModuleFileNameA
0x441c80 GetVersionExA
0x441c84 MoveFileExA
0x441c8c CopyFileA
0x441c90 FindNextFileA
0x441c94 FindClose
0x441c98 CreateFileA
0x441c9c ReadFile
0x441ca0 CompareFileTime
0x441ca4 GetLastError
0x441ca8 CloseHandle
0x441cac FindFirstFileA
0x441cb0 LoadLibraryA
0x441cb4 GetProcAddress
0x441cb8 GetModuleHandleW
Library USER32.dll:
0x441cc0 SetCursorPos
0x441cc4 GetWindowTextW
0x441cc8 SetDlgItemInt
0x441ccc PostThreadMessageA
0x441cd0 SetWindowsHookA
0x441cd4 SendNotifyMessageW
0x441cd8 DefDlgProcA
0x441cdc EndTask
0x441ce0 SetMenuItemInfoW
0x441ce8 DrawTextA
0x441cec EnumDesktopsW
0x441cf8 SetRect
0x441cfc CharToOemBuffA
0x441d00 DdeInitializeW
0x441d0c GetDC
0x441d10 GetListBoxInfo
0x441d14 GetKeyState
0x441d18 LoadCursorW
Library GDI32.dll:
0x441d20 GdiGetDC
0x441d24 RoundRect
0x441d28 GdiDllInitialize
0x441d2c NamedEscape
0x441d30 CreatePen
0x441d34 GdiSetPixelFormat
0x441d38 GetArcDirection
0x441d3c StrokeAndFillPath
0x441d40 GdiPlayPageEMF
0x441d48 EngTextOut
0x441d4c GetMetaRgn
0x441d54 RectVisible
0x441d58 DeleteObject
0x441d5c AddFontResourceA
0x441d60 PaintRgn
0x441d64 CreateDCA
0x441d6c SetDCPenColor
0x441d74 GdiIsPlayMetafileDC
0x441d78 SetBkMode
0x441d7c EngCreateClip
0x441d80 GetTextFaceW
0x441d84 GdiStartPageEMF
0x441d8c DeleteMetaFile
0x441d90 UpdateICMRegKeyW
0x441d94 cGetTTFFromFOT
0x441d98 EngPaint
0x441d9c RestoreDC
0x441da0 CreateFontIndirectW
0x441da4 GetSystemPaletteUse
0x441da8 GetCharABCWidthsW
0x441dac GetGlyphOutlineWow
0x441db4 GetGlyphIndicesA
0x441db8 GdiComment
0x441dbc GetBkMode
0x441dc0 GetObjectW
0x441dc4 EnumObjects
0x441dc8 CreateBrushIndirect
0x441dcc GdiEntry8
0x441dd0 Escape
0x441dd4 GetStockObject
0x441dd8 GetStretchBltMode
0x441ddc GetEnhMetaFileW
0x441de0 GetEnhMetaFileA
Library COMDLG32.dll:
0x441de8 GetFileTitleA
Library ADVAPI32.dll:
0x441df0 RegQueryValueExA
0x441df4 GetUserNameA
0x441df8 RegOpenKeyExA
0x441dfc RegEnumKeyA
0x441e00 RegOpenKeyA
Library SHELL32.dll:
0x441e08 SHEmptyRecycleBinA
0x441e10 DragFinish
Library ole32.dll:
0x441e18 CoTaskMemFree
Library SHLWAPI.dll:
0x441e20 StrRChrIA
0x441e24 StrStrIW
0x441e28 StrChrIA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.