3.4
中危
58 个模型检测该样本为恶意!
重新分析
更多

ec1f379b1032fc9f8acb9785d83978e3197dda7a3ab42ff697529c8cb7dfa579

ded638994c1ecda56005d0e739941d17.exe

分析耗时

74s

最近分析

文件大小

215.0KB
静态报毒 动态报毒 100% AEBG AI SCORE=100 AIDETECTVM CONFIDENCE ELDORADO EMOTET GENCIRC GENERICKDZ GENETIC HIGH CONFIDENCE ICEDID KRYPTIK MALWARE2 MALWARE@#BEEO8RBULT2U MRSSD MULTIRI NQW@A8KLAYHI PHOTODLDER R03BC0DF220 R338558 S13813137 SCORE SUSGEN TRICKBOT TROJANX UNSAFE WANNACRY YZY0OQP3RU7XTZWG ZENPAK ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FQS!DED638994C1E 20200714 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Alibaba Backdoor:Win32/Trickbot.27b793c3 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Kingsoft 20200715 2013.8.14.323
Tencent Malware.Win32.Gencirc.10cdd0f5 20200715 1.0.0.1
Avast Win32:TrojanX-gen [Trj] 20200715 18.4.3895.0
静态指标
This executable has a PDB path (1 个事件)
pdb_path c:\users\user\documents\visual studio 2012\Projects\bazdoom\Release\bazdoom.pdb
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619948416.495343
GlobalMemoryStatusEx
success 1 0
行为判定
动态指标
Resolves a suspicious Top Level Domain (TLD) (2 个事件)
domain mannycoder.top description Generic top level domain TLD
domain freekolobanga.top description Generic top level domain TLD
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619948416.449343
NtAllocateVirtualMemory
process_identifier: 368
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003d0000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.141618280289852 section {'size_of_data': '0x00016600', 'virtual_address': '0x00024000', 'entropy': 7.141618280289852, 'name': '.rsrc', 'virtual_size': '0x00016438'} description A section with a high entropy has been found
entropy 0.4182242990654206 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 个事件)
Bkav W32.AIDetectVM.malware2
DrWeb Trojan.IcedID.27
MicroWorld-eScan Trojan.GenericKDZ.67467
FireEye Generic.mg.ded638994c1ecda5
CAT-QuickHeal Trojan.MultiRI.S13813137
McAfee Emotet-FQS!DED638994C1E
Cylance Unsafe
Zillya Trojan.IcedId.Win32.2097
Sangfor Malware
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Backdoor:Win32/Trickbot.27b793c3
K7GW Trojan-Downloader ( 005637de1 )
K7AntiVirus Trojan-Downloader ( 005637de1 )
Arcabit Trojan.Generic.D1078B
TrendMicro TROJ_GEN.R03BC0DF220
BitDefenderTheta Gen:NN.ZexaF.34136.nqW@a8kLaYhi
F-Prot W32/Kryptik.BNW.gen!Eldorado
Symantec Ransom.Wannacry
ESET-NOD32 Win32/TrojanDownloader.IcedId.F
APEX Malicious
Paloalto generic.ml
ClamAV Win.Trojan.Agent-8014577-0
GData Trojan.GenericKDZ.67467
Kaspersky Trojan.Win32.Zenpak.aebg
BitDefender Trojan.GenericKDZ.67467
ViRobot Trojan.Win32.Z.Trickbot.220160.C
Rising Downloader.IcedId!8.1132C (C64:YzY0OqP3ru7xTZWg)
Ad-Aware Trojan.GenericKDZ.67467
Sophos Mal/Generic-S
Comodo Malware@#beeo8rbult2u
F-Secure Trojan.TR/AD.PhotoDlder.mrssd
VIPRE Trojan.Win32.Generic!BT
Emsisoft Trojan.GenericKDZ.67467 (B)
Cyren W32/Kryptik.BNW.gen!Eldorado
Jiangmin Trojan.Zenpak.bus
eGambit Unsafe.AI_Score_50%
Avira TR/AD.PhotoDlder.mrssd
Antiy-AVL Trojan/Win32.Zenpak
Microsoft Trojan:Win32/Trickbot.DHN!MTB
Endgame malicious (high confidence)
AegisLab Trojan.Multi.Generic.4!c
ZoneAlarm Trojan.Win32.Zenpak.aebg
Cynet Malicious (score: 85)
AhnLab-V3 Trojan/Win32.Trickbot.R338558
ALYac Trojan.IcedID.gen
MAX malware (ai score=100)
Malwarebytes Trojan.Downloader
Panda Trj/Genetic.gen
TrendMicro-HouseCall TROJ_GEN.R03BC0DF220
Tencent Malware.Win32.Gencirc.10cdd0f5
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2015-04-07 20:55:03

Imports

Library KERNEL32.dll:
0x419000 LoadLibraryExW
0x419004 GetCurrentProcess
0x419008 SizeofResource
0x41900c FreeConsole
0x419010 LoadLibraryExA
0x419018 GetLastError
0x41901c VirtualProtect
0x419020 Sleep
0x419028 LoadResource
0x41902c GetProcAddress
0x419030 TerminateProcess
0x419034 CreateFileW
0x419038 ReadConsoleW
0x41903c FindResourceA
0x419040 CloseHandle
0x419044 WriteConsoleW
0x419048 SetStdHandle
0x41904c WideCharToMultiByte
0x419058 EncodePointer
0x41905c DecodePointer
0x419070 GetLocaleInfoEx
0x419074 MultiByteToWideChar
0x419078 GetStringTypeW
0x41907c HeapFree
0x419080 GetCommandLineA
0x419084 RaiseException
0x419088 RtlUnwind
0x41908c GetCPInfo
0x419090 HeapAlloc
0x41909c IsDebuggerPresent
0x4190a0 ExitProcess
0x4190a4 GetModuleHandleExW
0x4190a8 HeapSize
0x4190ac GetStdHandle
0x4190b0 WriteFile
0x4190b4 GetModuleFileNameW
0x4190b8 GetProcessHeap
0x4190bc IsValidCodePage
0x4190c0 GetACP
0x4190c4 GetOEMCP
0x4190c8 SetLastError
0x4190cc GetCurrentThreadId
0x4190d0 GetFileType
0x4190d4 InitOnceExecuteOnce
0x4190d8 GetStartupInfoW
0x4190dc GetModuleFileNameA
0x4190e4 GetTickCount64
0x4190f0 FlushFileBuffers
0x4190f4 GetConsoleCP
0x4190f8 GetConsoleMode
0x4190fc ReadFile
0x419100 SetFilePointerEx
0x41910c FlsAlloc
0x419110 FlsGetValue
0x419114 FlsSetValue
0x419118 FlsFree
0x41911c GetModuleHandleW
0x419124 LCMapStringEx
0x419128 IsValidLocaleName
0x41912c EnumSystemLocalesEx
0x419130 HeapReAlloc
0x419134 OutputDebugStringW
0x419138 LoadLibraryW
Library USER32.dll:
0x419140 FindWindowA

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49177 143.110.186.213 freekolobanga.top 443
192.168.56.101 49178 143.110.186.213 freekolobanga.top 443
192.168.56.101 49181 143.110.186.213 freekolobanga.top 443
192.168.56.101 49182 143.110.186.213 freekolobanga.top 443
192.168.56.101 49185 143.110.186.213 freekolobanga.top 443
192.168.56.101 49186 143.110.186.213 freekolobanga.top 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.