SmartHawk

4.2

中危

52 个模型检测该样本为恶意！

重新分析

下载样本

5ef2d70f9e7fa30c9fea637c8b0c60276ca69505640ffb417a27a320575f3807

dec6ea74b97f6b2f69d851955493bff7.exe

分析耗时

80s

最近分析

文件大小

636.0KB

静态报毒动态报毒 AGEN AGENTB AI SCORE=82 AIDETECTVM ATTRIBUTE BLUTEAL BNU1DJ7FALD CONFIDENCE DELF FAREIT GEN@0 GENCIRC GRAFTOR HIGH CONFIDENCE HIGHCONFIDENCE HSKKCR MALWARE2 MARIA NKW@AUVTH0DI POSSIBLETHREAT REMCOS SCORE UNCLASSIFIED UNSAFE USXVPHI20 WACATAC WOREFLINT ZBYK ZELPHIF ZUSY 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Fareit-FVP!DEC6EA74B97F	20200909	6.0.6.653
Alibaba	TrojanDownloader:Win32/Bluteal.7ee2e116	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:Trojan-gen	20200909	18.4.3895.0
Kingsoft		20200909	2013.8.14.323
Tencent	Malware.Win32.Gencirc.10cde8f8	20200909	1.0.0.1
CrowdStrike	win/malicious_confidence_70% (W)	20190702	1.0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.itext

The executable uses a known packer (1 个事件)

packer

BobSoft Mini Delphi -> BoB / BobSoft

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619948410.036429 NtAllocateVirtualMemory	process_identifier: 392 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x004c0000	success	0	0

Communicates with host for which no DNS query was performed (3 个事件)

host	172.217.24.14
host	203.208.40.34
host	203.208.41.33

Disables proxy possibly for traffic interception (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619948447.802429 RegSetValueExA	key_handle: 0x000002d0 value: 0 regkey_r: ProxyEnable reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable	success	0	0

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)

dead_host

52.58.1.161:443

File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 个事件)

Bkav	W32.AIDetectVM.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Zusy.311521
FireEye	Gen:Variant.Zusy.311521
CAT-QuickHeal	Trojan.Woreflint
McAfee	Fareit-FVP!DEC6EA74B97F
Cylance	Unsafe
Zillya	Downloader.Delf.Win32.59719
K7AntiVirus	Trojan-Downloader ( 0056cb6f1 )
Alibaba	TrojanDownloader:Win32/Bluteal.7ee2e116
K7GW	Trojan-Downloader ( 0056cb6f1 )
Arcabit	Trojan.Zusy.D4C0E1
TrendMicro	Trojan.MSIL.WACATAC.USXVPHI20
BitDefenderTheta	Gen:NN.ZelphiF.34216.NKW@auvTh0di
Cyren	W32/Delf.ZBYK-8034
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
ClamAV	Win.Dropper.Remcos-9413336-0
Kaspersky	HEUR:Trojan.Win32.Agentb.gen
BitDefender	Gen:Variant.Zusy.311521
NANO-Antivirus	Trojan.Win32.Maria.hskkcr
Avast	Win32:Trojan-gen
Rising	Downloader.Delf!8.16F (TFE:5:bNu1DJ7fALD)
Ad-Aware	Gen:Variant.Zusy.311521
Comodo	TrojWare.Win32.Unclassified.gen@0
F-Secure	Heuristic.HEUR/AGEN.1134473
DrWeb	Trojan.PWS.Maria.3
VIPRE	Trojan.Win32.Generic!BT
Invincea	Mal/Generic-S
Sophos	Mal/Generic-S
Ikarus	Trojan.Inject
Jiangmin	Trojan.Agentb.hiz
Avira	HEUR/AGEN.1134473
MAX	malware (ai score=82)
Antiy-AVL	Trojan/Win32.Agentb
Microsoft	Trojan:Win32/Bluteal!rfn
ViRobot	Trojan.Win32.Z.Graftor.651264.BH
ZoneAlarm	HEUR:Trojan.Win32.Agentb.gen
GData	Gen:Variant.Zusy.311521
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Infostealer.C4182634
VBA32	Trojan.Agentb
ALYac	Trojan.Infostealer.Gen
Malwarebytes	Trojan.MalPack.SMY
ESET-NOD32	Win32/TrojanDownloader.Delf.CZQ
TrendMicro-HouseCall	Trojan.MSIL.WACATAC.USXVPHI20
Tencent	Malware.Win32.Gencirc.10cde8f8
eGambit	Unsafe.AI_Score_99%
Fortinet	PossibleThreat.MU
AVG	Win32:Trojan-gen

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1992-06-20 06:22:17

Imports

Library oleaut32.dll:

• 0x488738 SysFreeString

• 0x48873c SysReAllocStringLen

• 0x488740 SysAllocStringLen

Library advapi32.dll:

• 0x488748 RegQueryValueExA

• 0x48874c RegOpenKeyExA

• 0x488750 RegCloseKey

Library user32.dll:

• 0x488758 GetKeyboardType

• 0x48875c DestroyWindow

• 0x488760 LoadStringA

• 0x488764 MessageBoxA

• 0x488768 CharNextA

Library kernel32.dll:

• 0x488770 GetACP

• 0x488774 Sleep

• 0x488778 VirtualFree

• 0x48877c VirtualAlloc

• 0x488780 GetTickCount

• 0x488784 QueryPerformanceCounter

• 0x488788 GetCurrentThreadId

• 0x48878c InterlockedDecrement

• 0x488790 InterlockedIncrement

• 0x488794 VirtualQuery

• 0x488798 WideCharToMultiByte

• 0x48879c MultiByteToWideChar

• 0x4887a0 lstrlenA

• 0x4887a4 lstrcpynA

• 0x4887a8 LoadLibraryExA

• 0x4887ac GetThreadLocale

• 0x4887b0 GetStartupInfoA

• 0x4887b4 GetProcAddress

• 0x4887b8 GetModuleHandleA

• 0x4887bc GetModuleFileNameA

• 0x4887c0 GetLocaleInfoA

• 0x4887c4 GetCommandLineA

• 0x4887c8 FreeLibrary

• 0x4887cc FindFirstFileA

• 0x4887d0 FindClose

• 0x4887d4 ExitProcess

• 0x4887d8 CompareStringA

• 0x4887dc WriteFile

• 0x4887e0 UnhandledExceptionFilter

• 0x4887e4 RtlUnwind

• 0x4887e8 RaiseException

• 0x4887ec GetStdHandle

Library kernel32.dll:

• 0x4887f4 TlsSetValue

• 0x4887f8 TlsGetValue

• 0x4887fc LocalAlloc

• 0x488800 GetModuleHandleA

Library user32.dll:

• 0x488808 CreateWindowExA

• 0x48880c WindowFromPoint

• 0x488810 WaitMessage

• 0x488814 UpdateWindow

• 0x488818 UnregisterClassA

• 0x48881c UnhookWindowsHookEx

• 0x488820 TranslateMessage

• 0x488824 TranslateMDISysAccel

• 0x488828 TrackPopupMenu

• 0x48882c SystemParametersInfoA

• 0x488830 ShowWindow

• 0x488834 ShowScrollBar

• 0x488838 ShowOwnedPopups

• 0x48883c SetWindowsHookExA

• 0x488840 SetWindowTextA

• 0x488844 SetWindowPos

• 0x488848 SetWindowPlacement

• 0x48884c SetWindowLongW

• 0x488850 SetWindowLongA

• 0x488854 SetTimer

• 0x488858 SetScrollRange

• 0x48885c SetScrollPos

• 0x488860 SetScrollInfo

• 0x488864 SetRect

• 0x488868 SetPropA

• 0x48886c SetParent

• 0x488870 SetMenuItemInfoA

• 0x488874 SetMenu

• 0x488878 SetForegroundWindow

• 0x48887c SetFocus

• 0x488880 SetCursor

• 0x488884 SetClassLongA

• 0x488888 SetCapture

• 0x48888c SetActiveWindow

• 0x488890 SendMessageW

• 0x488894 SendMessageA

• 0x488898 ScrollWindow

• 0x48889c ScreenToClient

• 0x4888a0 RemovePropA

• 0x4888a4 RemoveMenu

• 0x4888a8 ReleaseDC

• 0x4888ac ReleaseCapture

• 0x4888b0 RegisterWindowMessageA

• 0x4888b4 RegisterClipboardFormatA

• 0x4888b8 RegisterClassA

• 0x4888bc RedrawWindow

• 0x4888c0 PtInRect

• 0x4888c4 PostQuitMessage

• 0x4888c8 PostMessageA

• 0x4888cc PeekMessageW

• 0x4888d0 PeekMessageA

• 0x4888d4 OffsetRect

• 0x4888d8 OemToCharA

• 0x4888dc MessageBoxA

• 0x4888e0 MapWindowPoints

• 0x4888e4 MapVirtualKeyA

• 0x4888e8 LoadStringA

• 0x4888ec LoadKeyboardLayoutA

• 0x4888f0 LoadIconA

• 0x4888f4 LoadCursorA

• 0x4888f8 LoadBitmapA

• 0x4888fc KillTimer

• 0x488900 IsZoomed

• 0x488904 IsWindowVisible

• 0x488908 IsWindowUnicode

• 0x48890c IsWindowEnabled

• 0x488910 IsWindow

• 0x488914 IsRectEmpty

• 0x488918 IsIconic

• 0x48891c IsDialogMessageW

• 0x488920 IsDialogMessageA

• 0x488924 IsChild

• 0x488928 InvalidateRect

• 0x48892c IntersectRect

• 0x488930 InsertMenuItemA

• 0x488934 InsertMenuA

• 0x488938 InflateRect

• 0x48893c GetWindowThreadProcessId

• 0x488940 GetWindowTextA

• 0x488944 GetWindowRect

• 0x488948 GetWindowPlacement

• 0x48894c GetWindowLongW

• 0x488950 GetWindowLongA

• 0x488954 GetWindowDC

• 0x488958 GetTopWindow

• 0x48895c GetSystemMetrics

• 0x488960 GetSystemMenu

• 0x488964 GetSysColorBrush

• 0x488968 GetSysColor

• 0x48896c GetSubMenu

• 0x488970 GetScrollRange

• 0x488974 GetScrollPos

• 0x488978 GetScrollInfo

• 0x48897c GetPropA

• 0x488980 GetParent

• 0x488984 GetWindow

• 0x488988 GetMessagePos

• 0x48898c GetMenuStringA

• 0x488990 GetMenuState

• 0x488994 GetMenuItemInfoA

• 0x488998 GetMenuItemID

• 0x48899c GetMenuItemCount

• 0x4889a0 GetMenu

• 0x4889a4 GetLastActivePopup

• 0x4889a8 GetKeyboardState

• 0x4889ac GetKeyboardLayoutNameA

• 0x4889b0 GetKeyboardLayoutList

• 0x4889b4 GetKeyboardLayout

• 0x4889b8 GetKeyState

• 0x4889bc GetKeyNameTextA

• 0x4889c0 GetIconInfo

• 0x4889c4 GetForegroundWindow

• 0x4889c8 GetFocus

• 0x4889cc GetDesktopWindow

• 0x4889d0 GetDCEx

• 0x4889d4 GetDC

• 0x4889d8 GetCursorPos

• 0x4889dc GetCursor

• 0x4889e0 GetClipboardData

• 0x4889e4 GetClientRect

• 0x4889e8 GetClassLongA

• 0x4889ec GetClassInfoA

• 0x4889f0 GetCapture

• 0x4889f4 GetActiveWindow

• 0x4889f8 FrameRect

• 0x4889fc FindWindowA

• 0x488a00 FillRect

• 0x488a04 EqualRect

• 0x488a08 EnumWindows

• 0x488a0c EnumThreadWindows

• 0x488a10 EnumChildWindows

• 0x488a14 EndPaint

• 0x488a18 EnableWindow

• 0x488a1c EnableScrollBar

• 0x488a20 EnableMenuItem

• 0x488a24 DrawTextA

• 0x488a28 DrawMenuBar

• 0x488a2c DrawIconEx

• 0x488a30 DrawIcon

• 0x488a34 DrawFrameControl

• 0x488a38 DrawFocusRect

• 0x488a3c DrawEdge

• 0x488a40 DispatchMessageW

• 0x488a44 DispatchMessageA

• 0x488a48 DestroyWindow

• 0x488a4c DestroyMenu

• 0x488a50 DestroyIcon

• 0x488a54 DestroyCursor

• 0x488a58 DeleteMenu

• 0x488a5c DefWindowProcA

• 0x488a60 DefMDIChildProcA

• 0x488a64 DefFrameProcA

• 0x488a68 CreatePopupMenu

• 0x488a6c CreateMenu

• 0x488a70 CreateIcon

• 0x488a74 ClientToScreen

• 0x488a78 CheckMenuItem

• 0x488a7c CallWindowProcA

• 0x488a80 CallNextHookEx

• 0x488a84 BeginPaint

• 0x488a88 CharNextA

• 0x488a8c CharLowerBuffA

• 0x488a90 CharLowerA

• 0x488a94 CharToOemA

• 0x488a98 AdjustWindowRectEx

• 0x488a9c ActivateKeyboardLayout

Library gdi32.dll:

• 0x488aa4 UnrealizeObject

• 0x488aa8 StretchBlt

• 0x488aac SetWindowOrgEx

• 0x488ab0 SetWinMetaFileBits

• 0x488ab4 SetViewportOrgEx

• 0x488ab8 SetTextColor

• 0x488abc SetStretchBltMode

• 0x488ac0 SetROP2

• 0x488ac4 SetPixel

• 0x488ac8 SetEnhMetaFileBits

• 0x488acc SetDIBColorTable

• 0x488ad0 SetBrushOrgEx

• 0x488ad4 SetBkMode

• 0x488ad8 SetBkColor

• 0x488adc SelectPalette

• 0x488ae0 SelectObject

• 0x488ae4 SaveDC

• 0x488ae8 RestoreDC

• 0x488aec Rectangle

• 0x488af0 RectVisible

• 0x488af4 RealizePalette

• 0x488af8 Polyline

• 0x488afc PlayEnhMetaFile

• 0x488b00 PatBlt

• 0x488b04 MoveToEx

• 0x488b08 MaskBlt

• 0x488b0c LineTo

• 0x488b10 IntersectClipRect

• 0x488b14 GetWindowOrgEx

• 0x488b18 GetWinMetaFileBits

• 0x488b1c GetTextMetricsA

• 0x488b20 GetTextExtentPoint32A

• 0x488b24 GetSystemPaletteEntries

• 0x488b28 GetStockObject

• 0x488b2c GetRgnBox

• 0x488b30 GetPixel

• 0x488b34 GetPaletteEntries

• 0x488b38 GetObjectA

• 0x488b3c GetEnhMetaFilePaletteEntries

• 0x488b40 GetEnhMetaFileHeader

• 0x488b44 GetEnhMetaFileBits

• 0x488b48 GetDeviceCaps

• 0x488b4c GetDIBits

• 0x488b50 GetDIBColorTable

• 0x488b54 GetDCOrgEx

• 0x488b58 GetCurrentPositionEx

• 0x488b5c GetClipBox

• 0x488b60 GetBrushOrgEx

• 0x488b64 GetBitmapBits

• 0x488b68 GdiFlush

• 0x488b6c ExcludeClipRect

• 0x488b70 DeleteObject

• 0x488b74 DeleteEnhMetaFile

• 0x488b78 DeleteDC

• 0x488b7c CreateSolidBrush

• 0x488b80 CreatePenIndirect

• 0x488b84 CreatePalette

• 0x488b88 CreateHalftonePalette

• 0x488b8c CreateFontIndirectA

• 0x488b90 CreateDIBitmap

• 0x488b94 CreateDIBSection

• 0x488b98 CreateCompatibleDC

• 0x488b9c CreateCompatibleBitmap

• 0x488ba0 CreateBrushIndirect

• 0x488ba4 CreateBitmap

• 0x488ba8 CopyEnhMetaFileA

• 0x488bac BitBlt

Library version.dll:

• 0x488bb4 VerQueryValueA

• 0x488bb8 GetFileVersionInfoSizeA

• 0x488bbc GetFileVersionInfoA

Library kernel32.dll:

• 0x488bc4 lstrcpyA

• 0x488bc8 lstrcmpiA

• 0x488bcc WriteFile

• 0x488bd0 WaitForSingleObject

• 0x488bd4 VirtualQuery

• 0x488bd8 VirtualProtect

• 0x488bdc VirtualAlloc

• 0x488be0 SizeofResource

• 0x488be4 SetThreadLocale

• 0x488be8 SetFilePointer

• 0x488bec SetEvent

• 0x488bf0 SetErrorMode

• 0x488bf4 SetEndOfFile

• 0x488bf8 ResetEvent

• 0x488bfc ReadFile

• 0x488c00 MulDiv

• 0x488c04 LockResource

• 0x488c08 LoadResource

• 0x488c0c LoadLibraryA

• 0x488c10 LeaveCriticalSection

• 0x488c14 InitializeCriticalSection

• 0x488c18 GlobalFindAtomA

• 0x488c1c GlobalDeleteAtom

• 0x488c20 GlobalAddAtomA

• 0x488c24 GetVersionExA

• 0x488c28 GetVersion

• 0x488c2c GetTickCount

• 0x488c30 GetThreadLocale

• 0x488c34 GetStdHandle

• 0x488c38 GetProcAddress

• 0x488c3c GetModuleHandleA

• 0x488c40 GetModuleFileNameA

• 0x488c44 GetLocaleInfoA

• 0x488c48 GetLocalTime

• 0x488c4c GetLastError

• 0x488c50 GetFullPathNameA

• 0x488c54 GetDiskFreeSpaceA

• 0x488c58 GetDateFormatA

• 0x488c5c GetCurrentThreadId

• 0x488c60 GetCurrentProcessId

• 0x488c64 GetCPInfo

• 0x488c68 FreeResource

• 0x488c6c InterlockedExchange

• 0x488c70 FreeLibrary

• 0x488c74 FormatMessageA

• 0x488c78 FindResourceA

• 0x488c7c EnumCalendarInfoA

• 0x488c80 EnterCriticalSection

• 0x488c84 DeleteCriticalSection

• 0x488c88 CreateThread

• 0x488c8c CreateFileA

• 0x488c90 CreateEventA

• 0x488c94 CompareStringA

• 0x488c98 CloseHandle

Library advapi32.dll:

• 0x488ca0 RegQueryValueExA

• 0x488ca4 RegOpenKeyExA

• 0x488ca8 RegFlushKey

• 0x488cac RegCloseKey

Library kernel32.dll:

• 0x488cb4 Sleep

Library oleaut32.dll:

• 0x488cbc SafeArrayPtrOfIndex

• 0x488cc0 SafeArrayGetUBound

• 0x488cc4 SafeArrayGetLBound

• 0x488cc8 SafeArrayCreate

• 0x488ccc VariantChangeType

• 0x488cd0 VariantCopy

• 0x488cd4 VariantClear

• 0x488cd8 VariantInit

Library comctl32.dll:

• 0x488ce0 _TrackMouseEvent

• 0x488ce4 ImageList_SetIconSize

• 0x488ce8 ImageList_GetIconSize

• 0x488cec ImageList_Write

• 0x488cf0 ImageList_Read

• 0x488cf4 ImageList_GetDragImage

• 0x488cf8 ImageList_DragShowNolock

• 0x488cfc ImageList_DragMove

• 0x488d00 ImageList_DragLeave

• 0x488d04 ImageList_DragEnter

• 0x488d08 ImageList_EndDrag

• 0x488d0c ImageList_BeginDrag

• 0x488d10 ImageList_Remove

• 0x488d14 ImageList_DrawEx

• 0x488d18 ImageList_Replace

• 0x488d1c ImageList_Draw

• 0x488d20 ImageList_GetBkColor

• 0x488d24 ImageList_SetBkColor

• 0x488d28 ImageList_Add

• 0x488d2c ImageList_GetImageCount

• 0x488d30 ImageList_Destroy

• 0x488d34 ImageList_Create

Library UrL:

• 0x488d3c InetIsOffline

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
discord.com	A 52.58.1.161	66.220.147.47
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51808	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	63429	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	51809	239.255.255.250	3702
192.168.56.101	51811	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702
192.168.56.101	63430	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.