4.0
中危
53 个模型检测该样本为恶意!
重新分析
更多

60b57a5e5fe515104f57a44c136e7ddaac0d72b099c3959a26493b8c47f66e3f

de297c315d9a0becc347550486ad930e.exe

分析耗时

75s

最近分析

文件大小

424.5KB
静态报毒 动态报毒 AI SCORE=80 AIDETECTVM AKW@AU3IXGPI ARTEMIS ATTRIBUTE BSCOPE CONFIDENCE EMOTET GDDJU GENERIC@ML GENERICKD GENKD HIGHCONFIDENCE HVDXWI MALICIOUS MALWARE2 MALWARE@#PE94J740JUZY R + TROJ RDML ROZENA SKHXQ SUSGEN SWRORT T+EZERGXPLDDVOAWJSWJ+A THIBABO UNSAFE VZHZ WSJX ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Baidu 20190318 1.0.0.2
Alibaba Trojan:Win32/Rozena.089852d5 20190527 0.3.0.5
Tencent Win32.Trojan.Generic.Wsjx 20200925 1.0.0.1
Kingsoft 20200925 2013.8.14.323
McAfee Artemis!DE297C315D9A 20200925 6.0.6.653
Avast Win32:Malware-gen 20200925 18.4.3895.0
CrowdStrike win/malicious_confidence_80% (W) 20190702 1.0
静态指标
Command line console output was observed (3 个事件)
Time & API Arguments Status Return Repeated
1620809363.435698
WriteConsoleA
buffer: [+]Client Connected...
console_handle: 0x00000007
success 1 0
1620809363.435698
WriteConsoleA
buffer: [+]Get DATA Length : 799
console_handle: 0x00000007
success 1 0
1620809363.435698
WriteConsoleA
buffer: [+]Send Success ! Shellcode : 799 Bytes
console_handle: 0x00000007
success 1 0
This executable has a PDB path (1 个事件)
pdb_path C:\Users\cc\source\repos\ConsoleApplication3\Debug\ConsoleApplication3.pdb
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section .textbss
section .msvcjmc
section .00cfg
The executable uses a known packer (1 个事件)
packer Microsoft Visual C++ V8.0 (Debug)
行为判定
动态指标
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1620809413.435698
NtProtectVirtualMemory
process_identifier: 2424
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 16 (PAGE_EXECUTE)
process_handle: 0xffffffff
base_address: 0x005d0000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620809413.981698
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 151.139.128.14
host 139.217.103.7
host 172.217.24.14
host 52.218.117.20
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620809416.560698
RegSetValueExA
key_handle: 0x00000360
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620809416.560698
RegSetValueExA
key_handle: 0x00000360
value: à’ÂÄåF×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620809416.560698
RegSetValueExA
key_handle: 0x00000360
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620809416.560698
RegSetValueExW
key_handle: 0x00000360
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620809416.560698
RegSetValueExA
key_handle: 0x00000378
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620809416.560698
RegSetValueExA
key_handle: 0x00000378
value: à’ÂÄåF×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620809416.560698
RegSetValueExA
key_handle: 0x00000378
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620809416.591698
RegSetValueExW
key_handle: 0x0000035c
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 个事件)
Bkav W32.AIDetectVM.malware2
MicroWorld-eScan Trojan.GenericKD.34459998
FireEye Generic.mg.de297c315d9a0bec
CAT-QuickHeal Trojan.Generic
Qihoo-360 Generic/Trojan.b3e
ALYac Trojan.GenericKD.34459998
Cylance Unsafe
AegisLab Trojan.Win32.Generic.4!c
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
BitDefender Trojan.GenericKD.34459998
K7GW Riskware ( 0040eff71 )
TrendMicro TrojanSpy.Win32.EMOTET.THIBABO
BitDefenderTheta Gen:NN.ZexaF.34254.AKW@au3iXgpi
Cyren W32/Trojan.VZHZ-1265
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Rozena.AVY
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THIBABO
Paloalto generic.ml
Kaspersky HEUR:Trojan.Win32.Generic
Alibaba Trojan:Win32/Rozena.089852d5
NANO-Antivirus Trojan.Win32.ShellCode.hvdxwi
ViRobot Trojan.Win32.Z.Agent.434688.HE
Tencent Win32.Trojan.Generic.Wsjx
Ad-Aware Trojan.GenericKD.34459998
Sophos Troj/Swrort-BY
Comodo Malware@#pe94j740juzy
F-Secure Trojan.TR/AD.Swrort.skhxq
DrWeb Exploit.ShellCode.26
Zillya Trojan.Generic.Win32.1206845
Invincea Mal/Generic-R + Troj/Swrort-BY
McAfee-GW-Edition BehavesLike.Win32.Generic.gm
Emsisoft Trojan.GenericKD.34459998 (B)
APEX Malicious
GData Trojan.GenericKD.34459998
Jiangmin Trojan.Generic.gddju
Webroot W32.Trojan.GenKD
Avira TR/AD.Swrort.skhxq
MAX malware (ai score=80)
Antiy-AVL Trojan/Win32.Generic
Arcabit Trojan.Generic.D20DD15E
ZoneAlarm HEUR:Trojan.Win32.Generic
Microsoft Trojan:Win32/Emotet!ibt
McAfee Artemis!DE297C315D9A
VBA32 BScope.Exploit.ShellCode
Malwarebytes Trojan.Injector
Rising Trojan.Generic@ML.99 (RDML:T+ezergXpLDdvOAwJsWj+A)
Ikarus Trojan.Swrort
Fortinet W32/Generic.BY!tr
AVG Win32:Malware-gen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-09-01 23:09:04

Imports

Library KERNEL32.dll:
0x491000 CreateFileW
0x491004 ReadFile
0x491008 WriteFile
0x49100c CloseHandle
0x491010 GetLastError
0x491014 ConnectNamedPipe
0x491018 CreateNamedPipeW
0x49101c WaitNamedPipeW
0x491020 WaitForSingleObject
0x491024 Sleep
0x491028 CreateThread
0x49102c VirtualAlloc
0x491030 VirtualProtect
0x491034 GetConsoleWindow
0x491038 WriteConsoleW
0x49103c ReadConsoleW
0x491040 HeapReAlloc
0x491044 GetCurrentThreadId
0x491048 IsDebuggerPresent
0x49104c RaiseException
0x491050 MultiByteToWideChar
0x491054 WideCharToMultiByte
0x491060 GetCurrentProcess
0x491064 TerminateProcess
0x491070 GetCurrentProcessId
0x491078 InitializeSListHead
0x49107c GetStartupInfoW
0x491080 GetModuleHandleW
0x491084 HeapAlloc
0x491088 HeapFree
0x49108c GetProcessHeap
0x491090 VirtualQuery
0x491094 FreeLibrary
0x491098 GetProcAddress
0x4910a4 GetModuleFileNameW
0x4910a8 LoadLibraryExW
0x4910ac RtlUnwind
0x4910b0 SetLastError
0x4910c4 TlsAlloc
0x4910c8 TlsGetValue
0x4910cc TlsSetValue
0x4910d0 TlsFree
0x4910d4 EncodePointer
0x4910d8 GetStdHandle
0x4910dc ExitProcess
0x4910e0 GetModuleHandleExW
0x4910e4 GetCommandLineA
0x4910e8 GetCommandLineW
0x4910ec GetDateFormatW
0x4910f0 GetTimeFormatW
0x4910f4 CompareStringW
0x4910f8 LCMapStringW
0x4910fc GetLocaleInfoW
0x491100 IsValidLocale
0x491104 GetUserDefaultLCID
0x491108 EnumSystemLocalesW
0x49110c GetFileType
0x491110 GetCurrentThread
0x491114 OutputDebugStringW
0x491118 FindClose
0x49111c FindFirstFileExW
0x491120 FindNextFileW
0x491124 IsValidCodePage
0x491128 GetACP
0x49112c GetOEMCP
0x491130 GetCPInfo
0x491140 SetStdHandle
0x491144 GetStringTypeW
0x49114c FlushFileBuffers
0x491150 GetConsoleCP
0x491154 GetConsoleMode
0x491158 GetFileSizeEx
0x49115c SetFilePointerEx
0x491160 HeapSize
0x491164 DecodePointer
Library USER32.dll:
0x4911dc ShowWindow

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
52.218.117.20 80 192.168.56.101 49188

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.