3.6
中危
60 个模型检测该样本为恶意!
重新分析
更多

a6dbfda2fe88b1f7e1184f3ab5fd3e206aece25707fb55d25b1fda513bf93007

dd7f7c1bc9efd5c6005ae212075818d4.exe

分析耗时

61s

最近分析

文件大小

440.5KB
静态报毒 动态报毒 100% 61ZQDF41WEW AI SCORE=94 AIDETECT BUW@ACYWZZN CHAPAK CLOUD CONFIDENCE CYAFY DROPPERX ELDORADO ESPK FSUC GDSDA GENERICKDZ GENKRYPTIK GLUPTEBA HGAA HGIASOYA HIGH CONFIDENCE HWBAXA KCLOUD KRYPTIK LOCKBIT MALICIOUS PE MALPE MALWARE1 MALWARE@#3RYGXBVI5ST4H R350509 SAVE SCORE SIGGEN10 STATIC AI SUSGEN TOFSEE UNSAFE WTXN ZENPAK ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Chapak.d02dba33 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:DropperX-gen [Drp] 20210309 21.1.5827.0
Kingsoft Win32.Troj.Generic_a.a.(kcloud) 20210309 2017.9.26.565
McAfee Lockbit-FSUC!DD7F7C1BC9EF 20210309 6.0.6.653
Tencent Win32.Trojan.Zenpak.Wtxn 20210309 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20210203 1.0
静态指标
The file contains an unknown PE resource name possibly indicative of a packer (2 个事件)
resource name AFX_DIALOG_LAYOUT
resource name None
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1620809407.558026
NtProtectVirtualMemory
process_identifier: 648
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 356352
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x05f3c000
success 0 0
1620809407.574026
NtAllocateVirtualMemory
process_identifier: 648
region_size: 569344
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05db0000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.962968152449732 section {'size_of_data': '0x00061800', 'virtual_address': '0x00001000', 'entropy': 7.962968152449732, 'name': '.text', 'virtual_size': '0x000617c0'} description A section with a high entropy has been found
entropy 0.8873720136518771 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Generates some ICMP traffic
File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.69945
FireEye Generic.mg.dd7f7c1bc9efd5c6
ALYac Trojan.GenericKDZ.69945
Cylance Unsafe
Zillya Trojan.Chapak.Win32.87275
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0056df151 )
Alibaba Trojan:Win32/Chapak.d02dba33
K7GW Trojan ( 0056df151 )
Cybereason malicious.bc9efd
Arcabit Trojan.Generic.D11139
BitDefenderTheta Gen:NN.ZexaF.34608.BuW@aCywZZN
Cyren W32/Kryptik.BXE.gen!Eldorado
Symantec Packed.Generic.525
APEX Malicious
Paloalto generic.ml
ClamAV Win.Packed.Tofsee-9755191-0
Kaspersky HEUR:Trojan.Win32.Zenpak.pef
BitDefender Trojan.GenericKDZ.69945
NANO-Antivirus Trojan.Win32.Chapak.hwbaxa
Avast Win32:DropperX-gen [Drp]
Rising Trojan.Kryptik!1.CB79 (CLOUD)
Ad-Aware Trojan.GenericKDZ.69945
Emsisoft Trojan.GenericKDZ.69945 (B)
Comodo Malware@#3rygxbvi5st4h
F-Secure Trojan.TR/Crypt.Agent.cyafy
DrWeb Trojan.Siggen10.13754
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win32.Generic.gc
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
ESET-NOD32 a variant of Win32/Kryptik.HGAA
eGambit Unsafe.AI_Score_98%
Avira TR/Crypt.Agent.cyafy
MAX malware (ai score=94)
Antiy-AVL Trojan/Win32.Chapak
Kingsoft Win32.Troj.Generic_a.a.(kcloud)
Gridinsoft Trojan.Win32.Packed.oa
Microsoft Trojan:Win32/Glupteba.NU!MTB
AegisLab Trojan.Win32.Chapak.4!c
ZoneAlarm HEUR:Trojan.Win32.Zenpak.pef
GData Trojan.GenericKDZ.69945
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.MalPe.R350509
Acronis suspicious
McAfee Lockbit-FSUC!DD7F7C1BC9EF
VBA32 Trojan.Chapak
Malwarebytes Trojan.MalPack.GS
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-12-13 00:58:54

Imports

Library KERNEL32.dll:
0x463008 EnumResourceNamesW
0x46300c SetVolumeLabelA
0x463014 CreateMutexW
0x463018 SetLocalTime
0x463020 CallNamedPipeA
0x463024 LoadResource
0x46302c ReadConsoleA
0x463030 CreateJobObjectW
0x463034 WaitForSingleObject
0x463038 OpenSemaphoreA
0x463040 ConnectNamedPipe
0x463044 _lclose
0x463048 VirtualFree
0x463050 SetCommTimeouts
0x463058 FindResourceExA
0x46305c GlobalAlloc
0x463060 GetConsoleMode
0x463064 TerminateThread
0x463070 lstrcatA
0x463074 GetBinaryTypeW
0x463078 lstrlenW
0x46307c GlobalUnlock
0x463080 InterlockedExchange
0x46308c GetLastError
0x463090 SetVolumeLabelW
0x463094 LocalLock
0x46309c SetStdHandle
0x4630a0 OpenWaitableTimerA
0x4630a4 OpenMutexA
0x4630a8 WriteConsoleA
0x4630ac LocalAlloc
0x4630b0 AddAtomW
0x4630b4 SetFileApisToANSI
0x4630c0 VirtualLock
0x4630c4 GlobalHandle
0x4630c8 GlobalUnWire
0x4630cc GetModuleHandleA
0x4630d0 VirtualProtect
0x4630d4 EnumDateFormatsW
0x4630dc SetCalendarInfoA
0x4630e0 GetSystemTime
0x4630e4 SuspendThread
0x4630e8 GetCommandLineA
0x4630ec GetStartupInfoA
0x4630f4 SetHandleCount
0x4630f8 GetStdHandle
0x4630fc GetFileType
0x463104 TerminateProcess
0x463108 GetCurrentProcess
0x463114 IsDebuggerPresent
0x463118 GetModuleHandleW
0x46311c Sleep
0x463120 GetProcAddress
0x463124 ExitProcess
0x463128 WriteFile
0x46312c GetModuleFileNameA
0x46313c WideCharToMultiByte
0x463144 TlsGetValue
0x463148 TlsAlloc
0x46314c TlsSetValue
0x463150 TlsFree
0x463158 SetLastError
0x46315c GetCurrentThreadId
0x463164 HeapCreate
0x463168 HeapFree
0x463170 GetTickCount
0x463174 GetCurrentProcessId
0x463180 RtlUnwind
0x463184 GetCPInfo
0x463188 GetACP
0x46318c GetOEMCP
0x463190 IsValidCodePage
0x463194 MultiByteToWideChar
0x463198 SetFilePointer
0x46319c GetConsoleCP
0x4631a0 LoadLibraryA
0x4631a4 HeapAlloc
0x4631a8 VirtualAlloc
0x4631ac HeapReAlloc
0x4631b0 FlushFileBuffers
0x4631b4 LCMapStringA
0x4631b8 LCMapStringW
0x4631bc GetStringTypeA
0x4631c0 GetStringTypeW
0x4631c4 GetLocaleInfoA
0x4631c8 ReadFile
0x4631cc GetConsoleOutputCP
0x4631d0 WriteConsoleW
0x4631d4 HeapSize
0x4631d8 CloseHandle
0x4631dc CreateFileA
Library USER32.dll:
0x4631e4 GetCursorPos

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.