1.2
低危
65 个模型检测该样本为恶意!
重新分析
更多

0f622ef2f844a8c2e266c79ce627a63e5a30950c343e4d7346a1a7ab79989e5a

0f622ef2f844a8c2e266c79ce627a63e5a30950c343e4d7346a1a7ab79989e5a.exe

分析耗时

192s

最近分析

374天前

文件大小

16.1KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN DOWNLOADER SOCKS
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.62
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanDownloader:Win32/Socks.e0d596b9 20190527 0.3.0.5
Avast Win32:Trojan-gen 20240708 23.9.8494.0
Baidu Win32.Trojan-Downloader.Agent.au 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (D) 20231026 1.0
Kingsoft malware.kb.a.1000 20230906 None
McAfee GenericRXAA-AA!DF1D68D16550 20240707 6.0.6.653
Tencent Malware.Win32.Gencirc.10bfa406 20240708 1.0.0.1
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报) (4 个事件)
section DATA
section .text-c
section .itext
section .data-c
行为判定
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具 (2 个事件)
section {'name': '.text-c', 'virtual_address': '0x00010000', 'virtual_size': '0x00003000', 'size_of_data': '0x00002600', 'entropy': 7.739082917362483} entropy 7.739082917362483 description 发现高熵的节
entropy 0.6240697972799589 description 此PE文件的整体熵值较高
网络通信
与未执行 DNS 查询的主机进行通信 (1 个事件)
host 114.114.114.114
文件已被 VirusTotal 上 65 个反病毒引擎识别为恶意 (50 out of 65 个事件)
ALYac Trojan.Agent.EGAS
APEX Malicious
AVG Win32:Trojan-gen
Acronis suspicious
AhnLab-V3 Worm/Win32.Socks.R296118
Alibaba TrojanDownloader:Win32/Socks.e0d596b9
Antiy-AVL Worm/Win32.Socks
Arcabit Trojan.Agent.EGAS
Avast Win32:Trojan-gen
Avira TR/Dldr.Small.lwkey
Baidu Win32.Trojan-Downloader.Agent.au
BitDefender Trojan.Agent.EGAS
BitDefenderTheta AI:Packer.6414CF941B
Bkav W32.AIDetectMalware
ClamAV Win.Worm.Socks-8977376-0
CrowdStrike win/malicious_confidence_100% (D)
Cybereason malicious.16550f
Cylance Unsafe
Cynet Malicious (score: 100)
DeepInstinct MALICIOUS
DrWeb Trojan.DownLoader.57133
ESET-NOD32 Win32/TrojanDownloader.Small.OBC
Elastic malicious (high confidence)
Emsisoft Trojan.Agent.EGAS (B)
F-Secure Trojan.TR/Dldr.Small.lwkey
FireEye Generic.mg.df1d68d16550f775
Fortinet Small.OBC!tr
GData Trojan.Agent.EGAS
Google Detected
Gridinsoft Trojan.Win32.Downloader.oa!s2
Ikarus Trojan-Downloader.Agent
Jiangmin Worm/Socks.pa
K7AntiVirus Trojan-Downloader ( 0055a7da1 )
K7GW Trojan-Downloader ( 0055a7da1 )
Kaspersky Worm.Win32.Socks.ae
Kingsoft malware.kb.a.1000
Lionic Trojan.Win32.Generic.l92u
MAX malware (ai score=85)
Malwarebytes Generic.Malware.AI.DDS
MaxSecure Trojan.Malware.300983.susgen
McAfee GenericRXAA-AA!DF1D68D16550
McAfeeD Real Protect-LS!DF1D68D16550
MicroWorld-eScan Trojan.Agent.EGAS
Microsoft TrojanDownloader:Win32/Palev.A
NANO-Antivirus Trojan.Win32.Socks.cvqkwt
Paloalto generic.ml
Panda W32/Socks.D.worm
Rising Trojan.Kryptik!1.BDF5 (CLASSIC)
Sangfor Suspicious.Win32.Save.a
SentinelOne Static AI - Malicious PE
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2008-03-21 18:56:49

PE Imphash

e90d12dac5d7f7fda399190869980957

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
DATA 0x00001000 0x0000f000 0x00000000 0.0
.text-c 0x00010000 0x00003000 0x00002600 7.739082917362483
.itext 0x00013000 0x00001000 0x00000200 2.473377797119488
.pdata 0x00014000 0x00000200 0x00000200 3.8694310388062267
.data-c 0x00015000 0x00001400 0x000012e4 4.891420948553109

Imports

Library KERNEL32.DLL:
0x413064 LoadLibraryA
0x413068 GetProcAddress
0x41306c VirtualProtect
0x413070 ExitProcess
Library ADVAPI32.dll:
0x413078 RegOpenKeyExA
Library MSVCRT.dll:
0x413080 atoi
Library WS2_32.dll:
0x413088 WSACleanup
Library shlwapi.dll:
0x415d10 UrlIsA
0x415d14 UrlCompareA
0x415d18 PathCommonPrefixA
0x415d1c UrlIsOpaqueW
0x415d20 UrlHashW
0x415d24 UrlIsNoHistoryW
0x415d28 PathCompactPathW
0x415d2c PathCombineW
0x415d30 UrlGetLocationA
0x415d34 PathStripPathW
0x415d38 PathAppendW
0x415d3c SHAutoComplete
0x415d40 PathFileExistsW
0x415d44 PathFileExistsA
0x415d48 PathIsDirectoryA
0x415d4c PathCombineA
0x415d50 PathQuoteSpacesW
0x415d54 PathCompactPathA
0x415d58 UrlCombineA
0x415d60 PathIsRelativeW
0x415d64 PathRemoveFileSpecA
0x415d68 wvnsprintfA
0x415d6c wnsprintfA
0x415d70 StrCatBuffA
0x415d74 SHGetValueW
0x415d78 StrCmpIW
0x415d7c PathRemoveFileSpecW
0x415d80 PathFindFileNameW
0x415d84 SHStrDupW
0x415d88 StrCpyNW
0x415d8c StrStrIA
0x415d90 PathAppendA
0x415d94 AssocQueryStringW
0x415d98 StrCmpW
0x415da0 PathUnquoteSpacesW
0x415da4 SHSetValueW
0x415da8 StrToIntExW
0x415dac StrChrW
0x415db4 SHRegGetUSValueW
0x415db8 StrCmpNIW
0x415dbc PathGetArgsA
0x415dc0 StrChrA
0x415dc4 StrRStrIA
0x415dcc UrlCreateFromPathA
0x415dd0 UrlCanonicalizeW
0x415dd4 UrlHashA
0x415dd8 StrFormatByteSizeW
0x415ddc StrToIntA
0x415de0 StrStrA
0x415de4 StrTrimA
0x415de8 SHGetValueA
0x415dec SHDeleteKeyW
0x415df0 PathRelativePathToA
0x415df8 UrlIsW
0x415dfc PathGetDriveNumberW
0x415e00 UrlCreateFromPathW
0x415e04 PathCommonPrefixW
0x415e08 PathStripToRootW
0x415e0c PathStripPathA
0x415e10 PathFindExtensionA
0x415e14 SHRegOpenUSKeyW
0x415e18 SHDeleteEmptyKeyA
0x415e1c StrDupA
0x415e28 PathGetArgsW
0x415e2c PathIsRelativeA
0x415e30 StrNCatA
0x415e34 StrCatW
0x415e38 SHRegGetUSValueA
0x415e3c SHRegSetUSValueW
0x415e40 StrTrimW
0x415e44 PathFindOnPathA
0x415e50 PathGetDriveNumberA
0x415e54 PathCanonicalizeA
0x415e58 ChrCmpIA
0x415e5c PathIsPrefixA
0x415e60 SHRegDeleteUSValueW
0x415e68 ChrCmpIW
0x415e6c StrDupW
0x415e70 PathIsSystemFolderW
0x415e80 PathIsContentTypeW
0x415e84 PathGetCharTypeA
0x415e88 PathBuildRootA
0x415e8c PathCompactPathExA
0x415e90 StrPBrkA
0x415e94 SHDeleteEmptyKeyW
0x415e98 PathMatchSpecA
0x415e9c PathIsURLA
0x415ea0 PathIsPrefixW
0x415ea8 SHDeleteValueW
0x415eac SHEnumValueW
0x415eb0 SHRegQueryUSValueW
0x415eb4 StrToIntExA
0x415eb8 SHRegCloseUSKey
0x415ebc PathIsSameRootA
0x415ec0 PathRemoveBlanksW
0x415ec4 StrIsIntlEqualA
0x415ec8 PathMakePrettyA
0x415ecc ColorHLSToRGB
0x415ed0 ColorRGBToHLS
0x415ed4 UrlGetPartA
0x415ed8 StrCmpNIA
0x415edc PathCanonicalizeW
0x415ee0 PathRelativePathToW
0x415ee4 PathSkipRootA
0x415ee8 StrPBrkW
0x415ef0 StrFormatByteSizeA
0x415ef4 PathFindOnPathW
0x415ef8 PathCompactPathExW
0x415f00 SHQueryInfoKeyW
0x415f04 PathBuildRootW
0x415f08 StrCSpnA
0x415f0c StrCSpnW
0x415f10 SHRegWriteUSValueW
0x415f14 UrlCombineW
0x415f18 StrFormatKBSizeW
0x415f24 PathSkipRootW
0x415f28 PathIsFileSpecW
0x415f2c SHRegGetValueW
0x415f34 SHCopyKeyW
0x415f3c StrRChrW
0x415f44 SHStrDupA
0x415f48 AssocCreate
0x415f4c SHSetThreadRef
0x415f50 StrStrNW
0x415f54 PathMatchSpecExA
0x415f58 PathIsNetworkPathA
0x415f5c PathMatchSpecExW
0x415f60 StrFormatByteSizeEx
0x415f64 StrRChrIW
0x415f68 PathFindFileNameA
0x415f6c StrStrIW
0x415f70 StrCmpNW
0x415f74 StrCatBuffW
0x415f78 wnsprintfW
0x415f7c PathAddExtensionW
0x415f80 PathFindExtensionW
0x415f84 PathAddExtensionA
0x415f88 StrStrNIW
0x415f8c PathRemoveBlanksA
0x415f90 PathIsNetworkPathW
0x415f94 PathIsUNCW
0x415f98 PathMatchSpecW
0x415f9c StrStrW
0x415fa0 PathIsRootW
0x415fa4 SHDeleteValueA
0x415fa8 PathIsUNCA
0x415fac PathIsURLW
0x415fb0 UrlEscapeW
0x415fb4 UrlUnescapeW
0x415fb8 StrRetToStrW
0x415fbc SHCreateThreadRef
0x415fc0 PathMakePrettyW
0x415fc4 SHRegGetPathW
0x415fc8 SHCopyKeyA
0x415fcc PathQuoteSpacesA
0x415fd0 PathUnquoteSpacesA
0x415fd8 UrlGetLocationW
0x415fdc PathCreateFromUrlA
.text-c
.itext
.pdata
.data-c
iDl$6M,R
NVjkq"rpmepco"acllmv"`g`"pwl"k
FMQ"omfg,
&C&FG(
{GgX",#)
LHu>'Pkaj?RGN
doGWRZ2
'B0;%M3
* 0,20
(ViRBi
pexkr.i
^orx,v
p61s16
ftp://
8BAl=x
zaMq0]1
pgatYUQCP
9?v*@5I
Z[[$7?BV
YR[uY12
07*L1}?
<]o>RRBb#
*%I}fuJw
u%;nv
cM5*[
%z g%1IR-3:g
'qK2~;|n
C'~X|Tcx|B
KP]v7/vv
Y:%*q[OO1"F
2<vO%T
/L}8twJ[JY
t!3mK
`G".7_x`2/d
n0:K3#B*2M
J.Y_*y
y"U204a
2^B:0u
q;pn^4,/H
NRo;[-
?a;$S\|#Ts9p
w GB.cUTQ
mr>]\:
K\'CE>Vg
UpkvgRagqqO
QX*grAnmqgJcZ
wm2gVj
fANcSGp:p
O/7?zSP#}R,
Omfwn_C2&>hw[]df
ktocnlI
v\poZ^Yd@a
_lar`]
mvALvJmmiGz
4Ufmuq
F1QrKx
REUJWF
M"}b*}Z
4Cv~n&
IGPLGNFNN
OQTAPVQ
Z/NmcfNk`<s
Tkpvw-
Itcrke+&Zigplgn
BUklVo
At{Dkk
%]{`wv?
7nwgp{/
j4r8--dguduw[g,amo-
bobikkadvo,g
rgflibuk=
ABCDEFGHIJKLMNOPQnRSTUVWXYZabcdefghijxop7
stuxyz0R34567[89+/W%%%02Xw
n#BseXaun
~aQmuug^Okaq?a
^z^Awpp
/IVeP.h;[QVGO'
An^xsQ
^Qd^q%.
.:^m"^om
^{q(oF
znda.php
vbspr:_G~
<fo meod=
MAMgWV]@COGqr
?RPMDKN
^Nmt"v9eCrrn
.a;r3,
/V{8"c-z/Fu
0/w%af
s HTTP/1.1
jici?l
--url#c
]8a8vm
ckot+7
_ z3s;6'
PhA,s~Q
EJ3h= x
MTURGld&6
#3snQhS
/A'aQ{A
/8UJa=9u
t)Sh|@
62Mh(os
,+:,tn{
Sweb8ShXMw?Ve
1>h+(!a^<h&U
6g}EPL(~
;t#rCz
&:F3;}
7vfM]9}
TpAV:3E
{/Z(`/#
ok,sd$
+to!-0(
v=tNhL
x9we2h x
A+tW
6pkmQQu
+DoPG'g$=d
PXia$?
"+N3#*
24[D{"D
4>9v$D
l|u'Ga6
F$'\@2
(r,%ld'&<N
&E'&&'
$/%(.$
$';(&5
&JL,tT)GxL
ht"'-1KR
D`navD)
v}"44Ul
j_d NB+O
']TjDj
gw.65H4X|"\P=k
vdgjdd6Yi0tY
5RtT9cF>%
'PP])N
X>[5j,f
;<^uV(
`!,2u,
"[ 8e
4Y@^EbP@>
*}eL?L+
<x!s+8@Y
~OK&A==q+
9PiD$0
x#e5PNlI+rL9l#X-t\l
QVl$?$
P#B6[}8
E_bXLj
4_@:[$rnA
qTeVPI!e%I
POCQf>
P2Q4$n0um>"u:F
EJ+ vXPVSST,J
GetStartupInfoA"ModuleH&
_Error
CreateMu
mx-Las
cpyam_(tL+LibrmyA9P4AddPss
=Volumerm&TempFiWNa
a]Y'ep
losExi
SnapshotwickCoBwun'h
?RegOp
l_c-ff_7
@mpim\
spri&f7
zll6ws
Z+% pt
hrVpMt
s7__gv
n*gH1s
fdidp_Smagm
t/U~PE
.MS?=eo"
GPGWHUh
XPTPSWXaD$j
KERNEL32.DLL
ADVAPI32.dll
MSVCRT.dll
WS2_32.dll
LoadLibraryA
GetProcAddress
VirtualProtect
ExitProcess
RegOpenKeyExA
Thank you for choosing Microsoft Office 2013. This is a license agreement between you and Microsoft Corporation (or, based on where you live, one of its affiliates) that describes your rights to use the Office 2013 software. For your convenience, we
ve organized this agreement into two parts. The first part includes introductory terms;
KERNEL32.DLL
LoadLibraryA
GetProcAddress
VirtualProtect
ExitProcess
ADVAPI32.dll
RegOpenKeyExA
MSVCRT.dll
WS2_32.dll
shlwapi.dll
UrlIsA
UrlCompareA
PathCommonPrefixA
UrlIsOpaqueW
UrlHashW
UrlIsNoHistoryW
PathCompactPathW
PathCombineW
UrlGetLocationA
PathStripPathW
PathAppendW
SHAutoComplete
PathFileExistsW
PathFileExistsA
PathIsDirectoryA
PathCombineA
PathQuoteSpacesW
PathCompactPathA
UrlCombineA
SHCreateStreamOnFileW
PathIsRelativeW
PathRemoveFileSpecA
wvnsprintfA
wnsprintfA
StrCatBuffA
SHGetValueW
StrCmpIW
PathRemoveFileSpecW
PathFindFileNameW
SHStrDupW
StrCpyNW
StrStrIA
PathAppendA
AssocQueryStringW
StrCmpW
PathRemoveExtensionW
PathUnquoteSpacesW
SHSetValueW
StrToIntExW
StrChrW
PathRemoveBackslashW
SHRegGetUSValueW
StrCmpNIW
PathGetArgsA
StrChrA
StrRStrIA
PathRenameExtensionA
UrlCreateFromPathA
UrlCanonicalizeW
UrlHashA
StrFormatByteSizeW
StrToIntA
StrStrA
StrTrimA
SHGetValueA
SHDeleteKeyW
PathRelativePathToA
PathRemoveBackslashA
UrlIsW
PathGetDriveNumberW
UrlCreateFromPathW
PathCommonPrefixW
PathStripToRootW
PathStripPathA
PathFindExtensionA
SHRegOpenUSKeyW
SHDeleteEmptyKeyA
StrDupA
PathRenameExtensionW
PathRemoveExtensionA
PathGetArgsW
PathIsRelativeA
StrNCatA
StrCatW
SHRegGetUSValueA
SHRegSetUSValueW
StrTrimW
PathFindOnPathA
PathMakeSystemFolderA
SHRegGetBoolUSValueA
PathGetDriveNumberA
PathCanonicalizeA
ChrCmpIA
PathIsPrefixA
SHRegDeleteUSValueW
PathIsUNCServerShareA
ChrCmpIW
StrDupW
PathIsSystemFolderW
StrFromTimeIntervalW
PathMakeSystemFolderW
PathIsUNCServerShareW
PathIsContentTypeW
PathGetCharTypeA
PathBuildRootA
PathCompactPathExA
StrPBrkA
SHDeleteEmptyKeyW
PathMatchSpecA
PathIsURLA
PathIsPrefixW
PathParseIconLocationW
SHDeleteValueW
SHEnumValueW
SHRegQueryUSValueW
StrToIntExA
SHRegCloseUSKey
PathIsSameRootA
PathRemoveBlanksW
StrIsIntlEqualA
PathMakePrettyA
ColorHLSToRGB
ColorRGBToHLS
UrlGetPartA
StrCmpNIA
PathCanonicalizeW
PathRelativePathToW
PathSkipRootA
StrPBrkW
PathFindNextComponentA
StrFormatByteSizeA
PathFindOnPathW
PathCompactPathExW
PathParseIconLocationA
SHQueryInfoKeyW
PathBuildRootW
StrCSpnA
StrCSpnW
SHRegWriteUSValueW
UrlCombineW
StrFormatKBSizeW
PathSearchAndQualifyW
PathIsDirectoryEmptyW
PathSkipRootW
PathIsFileSpecW
SHRegGetValueW
SHCreateStreamOnFileEx
SHCopyKeyW
AssocGetPerceivedType
StrRChrW
PathFindNextComponentW
SHStrDupA
AssocCreate
SHSetThreadRef
StrStrNW
PathMatchSpecExA
PathIsNetworkPathA
PathMatchSpecExW
StrFormatByteSizeEx
StrRChrIW
PathFindFileNameA
StrStrIW
StrCmpNW
StrCatBuffW
wnsprintfW
PathAddExtensionW
PathFindExtensionW
PathAddExtensionA
StrStrNIW
PathRemoveBlanksA
PathIsNetworkPathW
PathIsUNCW
PathMatchSpecW
StrStrW
PathIsRootW
SHDeleteValueA
PathIsUNCA
PathIsURLW
UrlEscapeW
UrlUnescapeW
StrRetToStrW
SHCreateThreadRef
PathMakePrettyW
SHRegGetPathW
SHCopyKeyA
PathQuoteSpacesA
PathUnquoteSpacesA
PathFindSuffixArrayW
UrlGetLocationW
PathCreateFromUrlA
0Q(9?D+
ocOJMn
@KY'1F"
l<6@pX
SY'%y2\>^Lek|^3
y2&3qV)
tEzYNp5=q-
.D ;\)Nk9
M_/]C,~1t
\M?;#!
{b+)UA
EJt|43
Uf_qIN
Td`;)?^Uf@I

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.