2.6
中危
63 个模型检测该样本为恶意!
重新分析
更多

6d1db4978fdc70f6186902477781554d94874f15eebe9ee1ef03374213dd5bad

ddf4ca2ff70041f0c56db234de5d1e08.exe

分析耗时

78s

最近分析

文件大小

1.7MB
静态报毒 动态报毒 100% AI SCORE=100 BANLOAD CLASSIC CONFIDENCE CSTQAJ DARKSHELL DUMPMODULEINFECTIOUSNME FAMVT FILEINFECTOR HIGH HIGH CONFIDENCE JADTRE KA@558NXG KUDJ LOADER M1R5 MALICIOUS PE MIKCER NIMNUL OTWYCAL PATCHLOAD PCARRIER RAMNIT ROUE SCORE SMALL UNSAFE VIRUT VJADTRE WALI WAPOMI 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee W32/Kudj 20200426 6.0.6.653
Alibaba Virus:Win32/Nimnul.4898f1cb 20190527 0.3.0.5
Avast Win32:Malware-gen 20200426 18.4.3895.0
Baidu Win32.Virus.Otwycal.d 20190318 1.0.0.2
Kingsoft 20200426 2013.8.14.323
Tencent Virus.Win32.Loader.aab 20200426 1.0.0.1
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
This executable has a PDB path (1 个事件)
pdb_path F:\Source Main\SkinChangerLauncher\Release\Skinchanger.pdb
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section \xb5\x0b\x80\xe2\xa3u
行为判定
动态指标
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 6.934634529914888 section {'size_of_data': '0x00004200', 'virtual_address': '0x001c3000', 'entropy': 6.934634529914888, 'name': '\\xb5\\x0b\\x80\\xe2\\xa3u\n', 'virtual_size': '0x00005000'} description A section with a high entropy has been found
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 63 AntiVirus engines on VirusTotal as malicious (50 out of 63 个事件)
Bkav W32.FamVT.DumpModuleInfectiousNME.PE
DrWeb BackDoor.Darkshell.246
MicroWorld-eScan Win32.VJadtre.3
FireEye Generic.mg.ddf4ca2ff70041f0
McAfee W32/Kudj
Cylance Unsafe
Zillya Virus.Nimnul.Win32.5
Sangfor Malware
K7AntiVirus Virus ( 0040f7441 )
Alibaba Virus:Win32/Nimnul.4898f1cb
K7GW Virus ( 0040f7441 )
Cybereason malicious.ff7004
Arcabit Win32.VJadtre.3
BitDefenderTheta AI:FileInfector.991137D00F
F-Prot W32/PatchLoad.E
Symantec W32.Wapomi.C!inf
ESET-NOD32 Win32/Wapomi.BA
APEX Malicious
TotalDefense Win32/Nimnul.A
Avast Win32:Malware-gen
Kaspersky Virus.Win32.Nimnul.f
BitDefender Win32.VJadtre.3
NANO-Antivirus Trojan.Win32.Banload.cstqaj
Paloalto generic.ml
AegisLab Virus.Win32.Nimnul.m1R5
Rising Virus.Roue!1.9E10 (CLASSIC)
Ad-Aware Win32.VJadtre.3
Emsisoft Win32.VJadtre.3 (B)
Comodo Virus.Win32.Wali.KA@558nxg
F-Secure Malware.W32/Jadtre.B
Baidu Win32.Virus.Otwycal.d
VIPRE Virus.Win32.Small.acea (v)
TrendMicro PE_WAPOMI.BM
McAfee-GW-Edition BehavesLike.Win32.Virut.th
Trapmine malicious.high.ml.score
Sophos W32/Nimnul-A
SentinelOne DFI - Malicious PE
Cyren W32/PatchLoad.E
Jiangmin Win32/Nimnul.f
Avira W32/Jadtre.B
Antiy-AVL Virus/Win32.Nimnul.f
Microsoft Virus:Win32/Mikcer.B
Endgame malicious (high confidence)
ViRobot Win32.Ramnit.F
ZoneAlarm Virus.Win32.Nimnul.f
GData Win32.Virus.Wapomi.A
TACHYON Virus/W32.Ramnit.C
AhnLab-V3 Win32/VJadtre.Gen
Acronis suspicious
VBA32 Virus.Nimnul.19209
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-04-14 06:07:09

Imports

Library KERNEL32.dll:
0x525034 Sleep
0x525038 GetTickCount64
0x52503c Process32NextW
0x525040 Process32FirstW
0x525044 RaiseException
0x525048 DecodePointer
0x52504c GetProcAddress
0x525054 ExitProcess
0x525058 lstrcmpiW
0x52505c SetWaitableTimer
0x525060 TlsSetValue
0x525064 VerifyVersionInfoA
0x525068 SetLastError
0x525080 WaitForSingleObject
0x525088 CreateEventW
0x52508c FormatMessageW
0x525090 SetEvent
0x525094 TerminateThread
0x525098 TlsAlloc
0x52509c QueueUserAPC
0x5250a4 LocalFree
0x5250a8 VerSetConditionMask
0x5250ac WideCharToMultiByte
0x5250b0 SleepEx
0x5250b4 TlsGetValue
0x5250bc TlsFree
0x5250c0 FormatMessageA
0x5250c8 GetModuleHandleA
0x5250d0 GetModuleFileNameA
0x5250d4 GetLastError
0x5250e0 GlobalUnlock
0x5250e4 GlobalLock
0x5250e8 GlobalAlloc
0x5250ec CloseHandle
0x5250f0 CreateFileA
0x5250f8 SetEndOfFile
0x5250fc HeapSize
0x525100 SetStdHandle
0x525104 GetProcessHeap
0x525114 GetCommandLineW
0x525118 GetCommandLineA
0x52511c GetOEMCP
0x525120 GetACP
0x525124 IsValidCodePage
0x525128 FindNextFileW
0x52512c FindFirstFileExW
0x525130 FindClose
0x525134 HeapReAlloc
0x52513c GetFileSizeEx
0x525140 GetConsoleCP
0x525144 FlushFileBuffers
0x525148 EnumSystemLocalesW
0x52514c GetUserDefaultLCID
0x525150 IsValidLocale
0x525154 GetTimeFormatW
0x525158 GetDateFormatW
0x52515c ReadConsoleW
0x525160 GetConsoleMode
0x525164 SetFilePointerEx
0x525168 HeapAlloc
0x52516c HeapFree
0x525170 WriteConsoleW
0x525174 GetFileType
0x525178 GetStdHandle
0x52517c ExitThread
0x525180 RtlUnwind
0x525184 UnregisterWaitEx
0x525188 QueryDepthSList
0x525198 ReleaseSemaphore
0x52519c VirtualProtect
0x5251a0 GetVersionExW
0x5251a4 LoadLibraryExW
0x5251ac UnregisterWait
0x5251d0 GetThreadPriority
0x5251d4 SetThreadPriority
0x5251d8 SignalObjectAndWait
0x5251dc CreateTimerQueue
0x5251e0 OutputDebugStringW
0x5251e4 InitializeSListHead
0x5251e8 GetStartupInfoW
0x5251ec IsDebuggerPresent
0x5251f8 GetCPInfo
0x525204 VirtualFree
0x525208 GetCurrentProcess
0x52520c VirtualAlloc
0x525210 TerminateProcess
0x525218 ResumeThread
0x52521c GetModuleFileNameW
0x525220 GetFileAttributesW
0x525224 MultiByteToWideChar
0x525228 GetModuleHandleW
0x52522c CreateActCtxW
0x525230 WriteFile
0x525234 GetTempPathW
0x525238 CreateFileW
0x52523c UnmapViewOfFile
0x525240 DeleteFileW
0x525244 GetTempFileNameW
0x525248 CreateFileMappingW
0x52524c ReleaseActCtx
0x525250 MapViewOfFile
0x525254 ActivateActCtx
0x52525c GetSystemDirectoryW
0x525260 DeactivateActCtx
0x525268 Module32FirstW
0x525274 DuplicateHandle
0x525278 GetCurrentThread
0x52527c ResetEvent
0x525280 GetTickCount
0x525284 Thread32Next
0x525288 Thread32First
0x52528c GetCurrentThreadId
0x525290 GetCurrentProcessId
0x525294 ReadFile
0x525298 CreateNamedPipeW
0x52529c CreateThread
0x5252a0 GetExitCodeThread
0x5252a4 OpenProcess
0x5252a8 GetNativeSystemInfo
0x5252ac IsWow64Process
0x5252b0 GetSystemInfo
0x5252b4 VirtualAllocEx
0x5252b8 VirtualFreeEx
0x5252bc WriteProcessMemory
0x5252c0 VirtualProtectEx
0x5252c4 GetThreadContext
0x5252c8 ReadProcessMemory
0x5252cc CreateRemoteThread
0x5252d0 SetThreadContext
0x5252d4 VirtualQueryEx
0x5252d8 LoadLibraryW
0x5252dc FreeLibrary
0x5252e0 SuspendThread
0x5252e4 GetThreadTimes
0x5252e8 OpenThread
0x5252f0 QueueUserWorkItem
0x5252f4 GetModuleHandleExW
0x525300 SwitchToThread
0x525304 GetStringTypeW
0x525308 EncodePointer
0x52530c CompareStringW
0x525310 LCMapStringW
0x525314 GetLocaleInfoW
0x525318 DeviceIoControl
Library USER32.dll:
0x525330 MessageBoxA
0x525334 RegisterClassA
0x525338 DefWindowProcA
0x52533c ShowWindow
0x525340 DispatchMessageA
0x525344 LoadCursorA
0x525348 CreateWindowExA
0x52534c SetClipboardData
0x525350 GetClipboardData
0x525354 EmptyClipboard
0x525358 CloseClipboard
0x52535c OpenClipboard
0x525360 ReleaseCapture
0x525364 GetClientRect
0x525368 SetCursor
0x52536c TranslateMessage
0x525370 SetWindowPos
0x525374 SetCapture
0x525378 wsprintfW
0x52537c GetWindowRect
0x525380 GetKeyState
0x525384 UpdateWindow
0x525388 GetDesktopWindow
0x52538c PostQuitMessage
0x525390 UnregisterClassA
0x525394 PeekMessageA
Library SHELL32.dll:
0x525320 ShellExecuteA
Library ole32.dll:
0x525454 CoUninitialize
0x525458 CoCreateInstance
0x52545c CoInitialize
Library WS2_32.dll:
0x5253c4 inet_addr
0x5253c8 getsockname
0x5253cc send
0x5253d0 socket
0x5253d4 ntohs
0x5253d8 __WSAFDIsSet
0x5253dc WSAIoctl
0x5253e0 WSASend
0x5253e4 select
0x5253e8 WSAStartup
0x5253ec shutdown
0x5253f0 closesocket
0x5253f4 bind
0x5253f8 accept
0x5253fc WSACleanup
0x525400 WSAGetLastError
0x525404 setsockopt
0x525408 ioctlsocket
0x52540c freeaddrinfo
0x525410 htons
0x525414 htonl
0x525418 getsockopt
0x52541c WSARecv
0x525420 WSAAddressToStringW
0x525424 connect
0x525428 getpeername
0x52542c getaddrinfo
0x525430 WSASocketW
0x525434 WSASetLastError
0x525438 ntohl
0x52543c listen
Library d3d9.dll:
0x525444 Direct3DCreate9
Library d3dx9_43.dll:
Library SHLWAPI.dll:
0x525328 SHDeleteKeyW
Library WINHTTP.dll:
0x5253a0 WinHttpConnect
0x5253a4 WinHttpSendRequest
0x5253a8 WinHttpCloseHandle
0x5253ac WinHttpOpenRequest
0x5253b0 WinHttpQueryHeaders
0x5253b4 WinHttpOpen
0x5253bc WinHttpReadData
Library ADVAPI32.dll:
0x525000 RegEnumValueW
0x525004 RegOpenKeyW
0x525008 RegCloseKey
0x525010 RegCreateKeyW
0x525014 RegSetValueExW
0x525018 RegQueryValueExW
0x52501c OpenThreadToken
0x525020 RegOpenKeyExW
0x525024 OpenProcessToken

Exports

Ordinal Address Name
1 0x4ba420 ??0Assembler@asmjit@@QAE@PAURuntime@1@@Z
2 0x4c94b0 ??0CodeGen@asmjit@@QAE@PAURuntime@1@@Z
3 0x4c1950 ??0HostRuntime@asmjit@@QAE@XZ
4 0x4c1a80 ??0JitRuntime@asmjit@@QAE@XZ
5 0x4c1910 ??0Runtime@asmjit@@QAE@XZ
6 0x4c19b0 ??0StaticRuntime@asmjit@@QAE@PAXI@Z
7 0x4bf0a0 ??0VMemMgr@asmjit@@QAE@PAX@Z
8 0x4c1d50 ??0X86Assembler@asmjit@@QAE@PAURuntime@1@I@Z
9 0x4c97a0 ??0Zone@asmjit@@QAE@I@Z
10 0x4ba4c0 ??1Assembler@asmjit@@UAE@XZ

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.