2.6
中危
56 个模型检测该样本为恶意!
重新分析
更多

8deba9fb53096d6ea5e2090b662244293829096eee03d06108deb15e496a807e

deee7f1b3e1e8114cf8d3aecc2ffce61.exe

分析耗时

75s

最近分析

文件大小

624.3KB
静态报毒 动态报毒 100% 2NNN0V AGEN AGENTB AI SCORE=86 ATTRIBUTE CONFIDENCE ELDORADO EMOTET ENCPK FACCZVJ FKRG4HUOFEM GDSDA GENASA GENCIRC GENERIK HGGPYU HIGH CONFIDENCE HIGHCONFIDENCE JWZN KRYPTIK MALWARE@#12H0A3M8F1W1M NQX@AGI7CXMI QBOT R + MAL R334274 RPJE SCORE STATIC AI SUSGEN SUSPICIOUS PE TIGOCBAINQ TRICKBOT TRICKSTER TROJANX UNSAFE ZENPAK ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FQC!DEEE7F1B3E1E 20201229 6.0.6.653
Alibaba Trojan:Win32/Agentb.887dd127 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:TrojanX-gen [Trj] 20201229 21.1.5827.0
Kingsoft 20201229 2017.9.26.565
Tencent Malware.Win32.Gencirc.1169e3d8 20201229 1.0.0.1
静态指标
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (4 个事件)
Time & API Arguments Status Return Repeated
1619948412.872646
NtAllocateVirtualMemory
process_identifier: 368
region_size: 274432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00630000
success 0 0
1619959878.600499
NtAllocateVirtualMemory
process_identifier: 912
region_size: 274432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01e00000
success 0 0
1619959908.443499
NtAllocateVirtualMemory
process_identifier: 912
region_size: 204800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02c30000
success 0 0
1619959908.443499
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 200704
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02c71000
success 0 0
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619948431.090646
ShellExecuteExW
parameters:
filepath: C:\ProgramData\ΔευτέραວັນຈັນأخসোমবারباCC;ↈↈↈ;;راПонедељакلإثنين.exe
filepath_r: C:\ProgramData\ΔευτέραວັນຈັນأخসোমবারباCC;ↈↈↈ;;راПонедељакلإثنين.exe
show_type: 0
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Trickbot.86
FireEye Generic.mg.deee7f1b3e1e8114
McAfee Emotet-FQC!DEEE7F1B3E1E
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 00564c2c1 )
Alibaba Trojan:Win32/Agentb.887dd127
K7GW Trojan ( 00564c2c1 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Trickbot.86
Cyren W32/Kryptik.BIB.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:TrojanX-gen [Trj]
Kaspersky Trojan.Win32.Agentb.jwzn
BitDefender Gen:Variant.Trickbot.86
NANO-Antivirus Trojan.Win32.TrickBot.hggpyu
Paloalto generic.ml
Rising Trojan.Qbot!8.8A3 (TFE:5:FKrg4HuOfeM)
Ad-Aware Gen:Variant.Trickbot.86
Emsisoft Gen:Variant.Trickbot.86 (B)
Comodo Malware@#12h0a3m8f1w1m
F-Secure Heuristic.HEUR/AGEN.1105926
DrWeb Trojan.Packed.140
VIPRE Trojan.Win32.Generic!BT
TrendMicro Trojan.Win32.TRICKBOT.TIGOCBAINQ
McAfee-GW-Edition Emotet-FQC!DEEE7F1B3E1E
Sophos Mal/Generic-R + Mal/EncPk-APM
SentinelOne Static AI - Suspicious PE
Jiangmin Trojan.Zenpak.cii
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1105926
MAX malware (ai score=86)
Antiy-AVL Trojan/Win32.Qbot
Microsoft Trojan:Win32/Qbot.KDP!MTB
AegisLab Trojan.Win32.Agentb.4!c
ZoneAlarm Trojan.Win32.Agentb.jwzn
GData Gen:Variant.Trickbot.86
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Trickbot.R334274
BitDefenderTheta Gen:NN.ZexaF.34700.NqX@aGi7Cxmi
ALYac Trojan.Trickster.Gen
VBA32 Trojan.Packed
Malwarebytes Trojan.TrickBot
ESET-NOD32 Win32/TrickBot.CR
TrendMicro-HouseCall Trojan.Win32.TRICKBOT.TIGOCBAINQ
Tencent Malware.Win32.Gencirc.1169e3d8
Yandex Trojan.GenAsa!2NnN0V/RpjE
Ikarus Trojan.Win32.Crypt
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-02-03 02:22:01

Imports

Library KERNEL32.dll:
0x4430b4 ReadFile
0x4430b8 WriteFile
0x4430bc SetFilePointer
0x4430c0 FlushFileBuffers
0x4430c4 LockFile
0x4430c8 UnlockFile
0x4430cc SetEndOfFile
0x4430d0 GetFileSize
0x4430d4 GetThreadLocale
0x4430d8 DuplicateHandle
0x4430dc GetCurrentProcess
0x4430e0 FindClose
0x4430e4 FindFirstFileA
0x4430ec GetFullPathNameA
0x4430f0 GetCPInfo
0x4430f4 GetOEMCP
0x4430fc SetErrorMode
0x443104 GetFileAttributesA
0x443108 GlobalFlags
0x44310c GetTickCount
0x443110 HeapAlloc
0x443114 HeapFree
0x443118 HeapReAlloc
0x44311c VirtualProtect
0x443120 VirtualAlloc
0x443124 GetSystemInfo
0x443128 VirtualQuery
0x44312c RtlUnwind
0x443130 RaiseException
0x443134 GetCommandLineA
0x443138 GetProcessHeap
0x44313c GetStartupInfoA
0x443140 HeapSize
0x443144 VirtualFree
0x443148 HeapDestroy
0x44314c HeapCreate
0x443150 GetStdHandle
0x443154 TerminateProcess
0x443160 IsDebuggerPresent
0x443174 SetHandleCount
0x443178 GetFileType
0x443184 GetACP
0x443188 GetStringTypeA
0x44318c GetStringTypeW
0x443194 GetConsoleCP
0x443198 GetConsoleMode
0x44319c GetLocaleInfoW
0x4431a0 LCMapStringA
0x4431a4 LCMapStringW
0x4431a8 GetUserDefaultLCID
0x4431ac EnumSystemLocalesA
0x4431b0 IsValidLocale
0x4431b4 IsValidCodePage
0x4431b8 SetStdHandle
0x4431bc WriteConsoleA
0x4431c0 GetConsoleOutputCP
0x4431c4 WriteConsoleW
0x4431d0 TlsFree
0x4431d8 LocalReAlloc
0x4431dc TlsSetValue
0x4431e0 TlsAlloc
0x4431e8 GlobalHandle
0x4431ec GlobalReAlloc
0x4431f4 TlsGetValue
0x4431fc LocalAlloc
0x443204 GetModuleFileNameW
0x443208 GlobalGetAtomNameA
0x44320c GlobalFindAtomA
0x443210 lstrcmpW
0x443214 GetVersionExA
0x44321c FreeResource
0x443220 GetCurrentProcessId
0x443224 GlobalAddAtomA
0x443228 GetCurrentThread
0x44322c GetCurrentThreadId
0x443234 GetModuleFileNameA
0x44323c GetLocaleInfoA
0x443240 LoadLibraryA
0x443244 lstrcmpA
0x443248 FreeLibrary
0x44324c GlobalDeleteAtom
0x443250 GetModuleHandleA
0x443254 GlobalFree
0x443258 GlobalAlloc
0x44325c GlobalLock
0x443260 GlobalUnlock
0x443264 FormatMessageA
0x443268 LocalFree
0x44326c MulDiv
0x443270 SetLastError
0x443274 ExitProcess
0x443278 LoadLibraryW
0x44327c GetProcAddress
0x443280 FindResourceA
0x443284 LoadResource
0x443288 LockResource
0x44328c SizeofResource
0x443290 Sleep
0x443294 CreateFileA
0x443298 EscapeCommFunction
0x44329c SetCommState
0x4432a0 CloseHandle
0x4432a4 lstrlenA
0x4432a8 CompareStringW
0x4432ac CompareStringA
0x4432b0 GetVersion
0x4432b4 GetLastError
0x4432b8 WideCharToMultiByte
0x4432bc MultiByteToWideChar
0x4432c0 GetFileTime
0x4432c4 InterlockedExchange
Library USER32.dll:
0x443318 CharNextA
0x443320 IsRectEmpty
0x443324 SetRect
0x443328 InvalidateRect
0x44332c InvalidateRgn
0x443330 GetNextDlgGroupItem
0x443334 MessageBeep
0x443338 UnregisterClassA
0x443340 PostThreadMessageA
0x443344 ClientToScreen
0x443348 GrayStringA
0x44334c DrawTextExA
0x443350 DrawTextA
0x443354 TabbedTextOutA
0x443358 DestroyMenu
0x44335c ShowWindow
0x443360 MoveWindow
0x443364 SetWindowTextA
0x443368 IsDialogMessageA
0x443370 SendDlgItemMessageA
0x443374 WinHelpA
0x443378 IsChild
0x44337c GetCapture
0x443380 GetClassLongA
0x443384 GetClassNameA
0x443388 SetPropA
0x44338c GetPropA
0x443390 RemovePropA
0x443394 SetFocus
0x443398 GetWindowTextA
0x44339c GetForegroundWindow
0x4433a0 GetTopWindow
0x4433a4 UnhookWindowsHookEx
0x4433a8 GetMessagePos
0x4433ac MapWindowPoints
0x4433b0 ReleaseCapture
0x4433b4 SetForegroundWindow
0x4433b8 UpdateWindow
0x4433bc GetMenu
0x4433c0 CreateWindowExA
0x4433c4 GetClassInfoExA
0x4433c8 GetClassInfoA
0x4433cc RegisterClassA
0x4433d0 GetSysColor
0x4433d4 AdjustWindowRectEx
0x4433d8 EqualRect
0x4433dc CopyRect
0x4433e0 PtInRect
0x4433e4 GetDlgCtrlID
0x4433e8 DefWindowProcA
0x4433ec CallWindowProcA
0x4433f0 SetWindowLongA
0x4433f4 OffsetRect
0x4433f8 IntersectRect
0x443400 GetWindowPlacement
0x443404 GetWindowRect
0x443408 GetWindow
0x443410 MapDialogRect
0x443414 SetWindowPos
0x443418 GetDesktopWindow
0x44341c SetActiveWindow
0x443424 DestroyWindow
0x443428 IsWindow
0x44342c GetDlgItem
0x443430 GetNextDlgTabItem
0x443434 EndDialog
0x44343c GetWindowLongA
0x443440 GetLastActivePopup
0x443444 IsWindowEnabled
0x443448 CharUpperA
0x44344c DrawIcon
0x443450 AppendMenuA
0x443454 MessageBoxA
0x443458 SetCursor
0x44345c SetWindowsHookExA
0x443460 CallNextHookEx
0x443464 GetMessageA
0x443468 TranslateMessage
0x44346c DispatchMessageA
0x443470 GetActiveWindow
0x443474 IsWindowVisible
0x443478 GetKeyState
0x44347c PeekMessageA
0x443480 GetCursorPos
0x443484 SetCapture
0x443488 LoadCursorA
0x44348c GetSysColorBrush
0x443490 SendMessageA
0x443494 GetSystemMenu
0x443498 IsIconic
0x44349c GetClientRect
0x4434a0 EnableWindow
0x4434a4 LoadIconA
0x4434a8 GetSystemMetrics
0x4434ac EndPaint
0x4434b0 BeginPaint
0x4434b4 GetWindowDC
0x4434b8 ReleaseDC
0x4434bc GetDC
0x4434c0 GetSubMenu
0x4434c4 GetMenuItemCount
0x4434c8 GetMenuItemID
0x4434cc GetMenuState
0x4434d0 PostQuitMessage
0x4434d4 PostMessageA
0x4434d8 CheckMenuItem
0x4434dc EnableMenuItem
0x4434e0 ModifyMenuA
0x4434e4 GetParent
0x4434e8 GetFocus
0x4434ec LoadBitmapA
0x4434f4 SetMenuItemBitmaps
0x4434f8 ValidateRect
0x4434fc GetMessageTime
Library COMCTL32.dll:
0x443028
Library SHLWAPI.dll:
0x443304 PathFindFileNameA
0x443308 PathStripToRootA
0x44330c PathFindExtensionA
0x443310 PathIsUNCA
Library oledlg.dll:
0x44355c
Library GDI32.dll:
0x443030 ScaleWindowExtEx
0x443034 ExtSelectClipRgn
0x443038 DeleteDC
0x44303c GetStockObject
0x443040 CreateBitmap
0x443044 GetClipBox
0x443048 SetTextColor
0x44304c SetBkColor
0x443050 GetObjectA
0x443054 ExtTextOutA
0x443058 SaveDC
0x44305c SetWindowExtEx
0x443060 RestoreDC
0x443064 GetBkColor
0x443068 GetTextColor
0x443070 GetRgnBox
0x443074 GetMapMode
0x443078 ScaleViewportExtEx
0x44307c SetViewportExtEx
0x443080 OffsetViewportOrgEx
0x443084 SetViewportOrgEx
0x443088 SelectObject
0x44308c Escape
0x443090 TextOutA
0x443094 RectVisible
0x443098 PtVisible
0x44309c GetDeviceCaps
0x4430a0 GetViewportExtEx
0x4430a4 DeleteObject
0x4430a8 SetMapMode
0x4430ac GetWindowExtEx
Library WINSPOOL.DRV:
0x443504 OpenPrinterA
0x443508 ClosePrinter
0x44350c DocumentPropertiesA
Library comdlg32.dll:
0x443514 GetFileTitleA
Library ADVAPI32.dll:
0x443000 RegSetValueExA
0x443004 RegCreateKeyExA
0x443008 RegQueryValueA
0x44300c RegEnumKeyA
0x443010 RegDeleteKeyA
0x443014 RegOpenKeyExA
0x443018 RegQueryValueExA
0x44301c RegOpenKeyA
0x443020 RegCloseKey
Library ole32.dll:
0x44351c OleInitialize
0x443524 OleUninitialize
0x443534 CoGetClassObject
0x443538 CLSIDFromString
0x44353c OleFlushClipboard
0x443540 CoRevokeClassObject
0x443544 CLSIDFromProgID
0x443548 CoTaskMemAlloc
0x44354c CoTaskMemFree
Library OLEAUT32.dll:
0x4432cc SysAllocStringLen
0x4432d0 VariantClear
0x4432d4 VariantChangeType
0x4432d8 VariantInit
0x4432dc SysStringLen
0x4432f0 SafeArrayDestroy
0x4432f4 SysAllocString
0x4432f8 VariantCopy
0x4432fc SysFreeString

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.