6.4
高危
59 个模型检测该样本为恶意!
重新分析
更多

370f3e9f42d074cd9575a0fa8df285e970dda741ae4200b54fb53f0a3145369e

e2ac3d9facc2259a85c66087ff0b6a85.exe

分析耗时

225s

最近分析

文件大小

278.0KB
静态报毒 动态报毒 100% AI SCORE=100 ALI2000008 AUTO BUAERV CONFIDENCE FAREIT FORMBOOK FUKMF GENERICKD HIGH CONFIDENCE HPCEXG IGENT KRYPTIK KTSE MALDOC MALICIOUS PE MALWARE@#EUOT2ECNG6JS MXRESICN NOON PWSX QVM03 R + TROJ RMW@AM@FL4L SCORE SIGGEN9 STATIC AI TSCOPE ULNR UNSAFE X6UE3C ZEMSILF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Maldoc.ali2000008 20190527 0.3.0.5
Avast Win32:PWSX-gen [Trj] 20210102 21.1.5827.0
Baidu 20190318 1.0.0.2
Kingsoft 20210104 2017.9.26.565
McAfee Fareit-FVK!E2AC3D9FACC2 20210102 6.0.6.653
Tencent Win32.Trojan.Inject.Auto 20210104 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Checks if process is being debugged by a debugger (50 out of 152 个事件)
Time & API Arguments Status Return Repeated
1619980906.09375
IsDebuggerPresent
failed 0 0
1619980906.09375
IsDebuggerPresent
failed 0 0
1619980913.17275
IsDebuggerPresent
failed 0 0
1619980913.17275
IsDebuggerPresent
failed 0 0
1619980915.21925
IsDebuggerPresent
failed 0 0
1619980915.21925
IsDebuggerPresent
failed 0 0
1619980916.173
IsDebuggerPresent
failed 0 0
1619980916.173
IsDebuggerPresent
failed 0 0
1619980920.0015
IsDebuggerPresent
failed 0 0
1619980920.0015
IsDebuggerPresent
failed 0 0
1619980922.173374
IsDebuggerPresent
failed 0 0
1619980922.173374
IsDebuggerPresent
failed 0 0
1619980923.329
IsDebuggerPresent
failed 0 0
1619980923.329
IsDebuggerPresent
failed 0 0
1619980924.250875
IsDebuggerPresent
failed 0 0
1619980924.250875
IsDebuggerPresent
failed 0 0
1619980925.250875
IsDebuggerPresent
failed 0 0
1619980925.250875
IsDebuggerPresent
failed 0 0
1619980926.298374
IsDebuggerPresent
failed 0 0
1619980926.298374
IsDebuggerPresent
failed 0 0
1619980927.31325
IsDebuggerPresent
failed 0 0
1619980927.31325
IsDebuggerPresent
failed 0 0
1619980928.18825
IsDebuggerPresent
failed 0 0
1619980928.18825
IsDebuggerPresent
failed 0 0
1619980929.079625
IsDebuggerPresent
failed 0 0
1619980929.079625
IsDebuggerPresent
failed 0 0
1619980930.157125
IsDebuggerPresent
failed 0 0
1619980930.157125
IsDebuggerPresent
failed 0 0
1619980931.359875
IsDebuggerPresent
failed 0 0
1619980931.359875
IsDebuggerPresent
failed 0 0
1619980932.469625
IsDebuggerPresent
failed 0 0
1619980932.469625
IsDebuggerPresent
failed 0 0
1619980934.375875
IsDebuggerPresent
failed 0 0
1619980934.375875
IsDebuggerPresent
failed 0 0
1619980935.423374
IsDebuggerPresent
failed 0 0
1619980935.438374
IsDebuggerPresent
failed 0 0
1619980937.36025
IsDebuggerPresent
failed 0 0
1619980937.36025
IsDebuggerPresent
failed 0 0
1619980938.73525
IsDebuggerPresent
failed 0 0
1619980938.73525
IsDebuggerPresent
failed 0 0
1619980939.907125
IsDebuggerPresent
failed 0 0
1619980939.907125
IsDebuggerPresent
failed 0 0
1619980941.204
IsDebuggerPresent
failed 0 0
1619980941.204
IsDebuggerPresent
failed 0 0
1619980943.5015
IsDebuggerPresent
failed 0 0
1619980943.5015
IsDebuggerPresent
failed 0 0
1619980945.954
IsDebuggerPresent
failed 0 0
1619980945.954
IsDebuggerPresent
failed 0 0
1619980947.734875
IsDebuggerPresent
failed 0 0
1619980947.734875
IsDebuggerPresent
failed 0 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619980906.10975
GlobalMemoryStatusEx
success 1 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (50 out of 2119 个事件)
Time & API Arguments Status Return Repeated
1619980905.48475
NtAllocateVirtualMemory
process_identifier: 2712
region_size: 1507328
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00890000
success 0 0
1619980905.48475
NtAllocateVirtualMemory
process_identifier: 2712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x009c0000
success 0 0
1619980905.98475
NtAllocateVirtualMemory
process_identifier: 2712
region_size: 917504
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x004d0000
success 0 0
1619980905.98475
NtAllocateVirtualMemory
process_identifier: 2712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00570000
success 0 0
1619980906.03175
NtProtectVirtualMemory
process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b91000
success 0 0
1619980906.09375
NtAllocateVirtualMemory
process_identifier: 2712
region_size: 524288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x004e0000
success 0 0
1619980906.09375
NtAllocateVirtualMemory
process_identifier: 2712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00520000
success 0 0
1619980906.09375
NtAllocateVirtualMemory
process_identifier: 2712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003fa000
success 0 0
1619980906.09375
NtProtectVirtualMemory
process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b92000
success 0 0
1619980906.09375
NtAllocateVirtualMemory
process_identifier: 2712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f2000
success 0 0
1619980906.35975
NtAllocateVirtualMemory
process_identifier: 2712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00412000
success 0 0
1619980906.42275
NtAllocateVirtualMemory
process_identifier: 2712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00435000
success 0 0
1619980906.43775
NtAllocateVirtualMemory
process_identifier: 2712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0043b000
success 0 0
1619980906.43775
NtAllocateVirtualMemory
process_identifier: 2712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00437000
success 0 0
1619980906.60975
NtAllocateVirtualMemory
process_identifier: 2712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00413000
success 0 0
1619980906.64075
NtAllocateVirtualMemory
process_identifier: 2712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0041c000
success 0 0
1619980906.70375
NtAllocateVirtualMemory
process_identifier: 2712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x007c0000
success 0 0
1619980906.71875
NtAllocateVirtualMemory
process_identifier: 2712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00426000
success 0 0
1619980906.76575
NtAllocateVirtualMemory
process_identifier: 2712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0042a000
success 0 0
1619980906.76575
NtAllocateVirtualMemory
process_identifier: 2712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00427000
success 0 0
1619980906.87575
NtAllocateVirtualMemory
process_identifier: 2712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00414000
success 0 0
1619980907.18775
NtAllocateVirtualMemory
process_identifier: 2712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00415000
success 0 0
1619980907.28175
NtAllocateVirtualMemory
process_identifier: 2712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x007c1000
success 0 0
1619980907.92275
NtAllocateVirtualMemory
process_identifier: 2712
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00950000
success 0 0
1619980909.12575
NtAllocateVirtualMemory
process_identifier: 2712
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x009b0000
success 0 0
1619980911.15675
NtAllocateVirtualMemory
process_identifier: 2712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00416000
success 0 0
1619980911.50075
NtAllocateVirtualMemory
process_identifier: 2712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x007c2000
success 0 0
1619980911.891625
NtAllocateVirtualMemory
process_identifier: 784
region_size: 3158016
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02700000
success 0 0
1619980913.14075
NtAllocateVirtualMemory
process_identifier: 2040
region_size: 655360
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x002e0000
success 0 0
1619980913.14075
NtAllocateVirtualMemory
process_identifier: 2040
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00340000
success 0 0
1619980913.15675
NtAllocateVirtualMemory
process_identifier: 2040
region_size: 983040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x004d0000
success 0 0
1619980913.15675
NtAllocateVirtualMemory
process_identifier: 2040
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00580000
success 0 0
1619980913.15675
NtProtectVirtualMemory
process_identifier: 2040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b91000
success 0 0
1619980913.17275
NtAllocateVirtualMemory
process_identifier: 2040
region_size: 1769472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x02330000
success 0 0
1619980913.17275
NtAllocateVirtualMemory
process_identifier: 2040
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x024a0000
success 0 0
1619980913.17275
NtAllocateVirtualMemory
process_identifier: 2040
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0031a000
success 0 0
1619980913.17275
NtProtectVirtualMemory
process_identifier: 2040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b92000
success 0 0
1619980913.17275
NtAllocateVirtualMemory
process_identifier: 2040
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00312000
success 0 0
1619980913.17275
NtAllocateVirtualMemory
process_identifier: 2040
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00322000
success 0 0
1619980913.18775
NtAllocateVirtualMemory
process_identifier: 2040
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00385000
success 0 0
1619980913.18775
NtAllocateVirtualMemory
process_identifier: 2040
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0038b000
success 0 0
1619980913.18775
NtAllocateVirtualMemory
process_identifier: 2040
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00387000
success 0 0
1619980913.18775
NtAllocateVirtualMemory
process_identifier: 2040
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00323000
success 0 0
1619980913.18775
NtAllocateVirtualMemory
process_identifier: 2040
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0032c000
success 0 0
1619980913.18775
NtAllocateVirtualMemory
process_identifier: 2040
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00560000
success 0 0
1619980913.18775
NtAllocateVirtualMemory
process_identifier: 2040
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00336000
success 0 0
1619980913.18775
NtAllocateVirtualMemory
process_identifier: 2040
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0033a000
success 0 0
1619980913.18775
NtAllocateVirtualMemory
process_identifier: 2040
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00337000
success 0 0
1619980913.23475
NtAllocateVirtualMemory
process_identifier: 2040
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00324000
success 0 0
1619980913.25075
NtAllocateVirtualMemory
process_identifier: 2040
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00325000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.382558952106721 section {'size_of_data': '0x00045200', 'virtual_address': '0x00002000', 'entropy': 7.382558952106721, 'name': '.text', 'virtual_size': '0x00045194'} description A section with a high entropy has been found
entropy 0.9963963963963964 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (50 out of 75 个事件)
Time & API Arguments Status Return Repeated
1619980911.35975
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980914.32875
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980915.32925
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980916.282
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980920.1265
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980922.282374
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980923.438
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980924.359875
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980925.359875
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980926.407374
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980927.42325
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980928.29825
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980929.282625
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980930.251125
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980931.468875
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980932.579625
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980934.484875
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980935.548374
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980937.46925
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980938.84425
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980940.282125
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980941.313
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980944.4075
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980946.61
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980948.109875
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980951.14075
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980952.157374
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980953.95375
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980955.42275
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980957.31325
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980960.063374
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980961.469374
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980963.4235
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980964.719374
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980968.23475
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980970.174688
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980972.097502
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980975.533688
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980977.1565
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980978.304249
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980980.371752
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980981.962601
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980983.351232
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980985.009299
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980987.142151
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980988.255435
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980989.448189
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980990.676948
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980993.24163
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619980995.216599
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
Terminates another process (50 out of 148 个事件)
Time & API Arguments Status Return Repeated
1619980914.37575
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000294
failed 0 0
1619980914.37575
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000294
success 0 0
1619980915.36025
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
failed 0 0
1619980915.36025
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
success 0 0
1619980916.329
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
failed 0 0
1619980916.329
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
success 0 0
1619980920.1735
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000028c
failed 0 0
1619980920.1735
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000028c
success 0 0
1619980922.329374
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
failed 0 0
1619980922.329374
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
success 0 0
1619980923.501
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
failed 0 0
1619980923.501
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
success 0 0
1619980924.422875
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
failed 0 0
1619980924.422875
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
success 0 0
1619980925.422875
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000028c
failed 0 0
1619980925.422875
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000028c
success 0 0
1619980926.469374
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
failed 0 0
1619980926.469374
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
success 0 0
1619980927.46925
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
failed 0 0
1619980927.46925
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
success 0 0
1619980928.36025
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
failed 0 0
1619980928.36025
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
success 0 0
1619980929.344625
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000294
failed 0 0
1619980929.344625
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000294
success 0 0
1619980930.329125
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
failed 0 0
1619980930.329125
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
success 0 0
1619980931.547875
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
failed 0 0
1619980931.547875
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
success 0 0
1619980932.641625
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000028c
failed 0 0
1619980932.641625
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000028c
success 0 0
1619980934.547875
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
failed 0 0
1619980934.547875
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
success 0 0
1619980935.626374
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
failed 0 0
1619980935.626374
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
success 0 0
1619980937.56325
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
failed 0 0
1619980937.56325
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
success 0 0
1619980938.93825
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
failed 0 0
1619980938.93825
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
success 0 0
1619980940.376125
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
failed 0 0
1619980940.376125
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
success 0 0
1619980942.157
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000284
failed 0 0
1619980942.157
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000284
success 0 0
1619980944.5165
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
failed 0 0
1619980944.5165
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
success 0 0
1619980946.735
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000284
failed 0 0
1619980946.735
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000284
success 0 0
1619980948.203875
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
failed 0 0
1619980948.203875
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
success 0 0
1619980951.25075
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000029c
failed 0 0
1619980951.25075
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000029c
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Manipulates memory of a non-child process indicative of process injection (39 个事件)
Process injection Process 2712 manipulating memory of non-child process 1868
Process injection Process 2040 manipulating memory of non-child process 3068
Process injection Process 3828 manipulating memory of non-child process 3940
Process injection Process 4748 manipulating memory of non-child process 4828
Process injection Process 4984 manipulating memory of non-child process 4652
Process injection Process 4824 manipulating memory of non-child process 4652
Process injection Process 4980 manipulating memory of non-child process 912
Process injection Process 5952 manipulating memory of non-child process 6016
Process injection Process 5460 manipulating memory of non-child process 5668
Process injection Process 5460 manipulating memory of non-child process 5548
Process injection Process 6640 manipulating memory of non-child process 6700
Process injection Process 6952 manipulating memory of non-child process 7036
Process injection Process 7144 manipulating memory of non-child process 968
Time & API Arguments Status Return Repeated
1619980910.84375
NtAllocateVirtualMemory
process_identifier: 1868
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000244
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619980910.84375
NtAllocateVirtualMemory
process_identifier: 1868
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000244
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
1619980914.31275
NtAllocateVirtualMemory
process_identifier: 3068
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619980914.31275
NtAllocateVirtualMemory
process_identifier: 3068
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
1619980929.251625
NtAllocateVirtualMemory
process_identifier: 3940
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619980929.251625
NtAllocateVirtualMemory
process_identifier: 3940
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
1619980949.18775
NtAllocateVirtualMemory
process_identifier: 4828
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000244
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619980949.18775
NtAllocateVirtualMemory
process_identifier: 4828
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000244
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
1619980970.065688
NtAllocateVirtualMemory
process_identifier: 4652
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000244
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619980970.065688
NtAllocateVirtualMemory
process_identifier: 4652
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000244
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
1619980978.288249
NtAllocateVirtualMemory
process_identifier: 4652
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
1619980978.288249
NtAllocateVirtualMemory
process_identifier: 4652
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000c0000
success 0 0
1619980980.261752
NtAllocateVirtualMemory
process_identifier: 912
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000244
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619980980.261752
NtAllocateVirtualMemory
process_identifier: 912
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000244
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
1619980999.075705
NtAllocateVirtualMemory
process_identifier: 6016
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000244
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619980999.075705
NtAllocateVirtualMemory
process_identifier: 6016
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000244
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
1619981005.46564
NtAllocateVirtualMemory
process_identifier: 5668
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619981005.46564
NtAllocateVirtualMemory
process_identifier: 5668
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
1619981005.73064
NtAllocateVirtualMemory
process_identifier: 5548
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000254
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619981005.73064
NtAllocateVirtualMemory
process_identifier: 5548
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000254
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
1619981080.785636
NtAllocateVirtualMemory
process_identifier: 6700
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619981080.785636
NtAllocateVirtualMemory
process_identifier: 6700
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
1619981084.957591
NtAllocateVirtualMemory
process_identifier: 7036
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619981084.957591
NtAllocateVirtualMemory
process_identifier: 7036
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
1619981091.761108
NtAllocateVirtualMemory
process_identifier: 968
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619981091.761108
NtAllocateVirtualMemory
process_identifier: 968
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Users\Administrator.Oskar-PC\s.exe:Zone.Identifier
File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)
Elastic malicious (high confidence)
DrWeb Trojan.Siggen9.62777
MicroWorld-eScan Trojan.GenericKD.43558299
FireEye Generic.mg.e2ac3d9facc2259a
CAT-QuickHeal Trojan.Generic
ALYac Trojan.GenericKD.43558299
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 0056081c1 )
Alibaba Trojan:Win32/Maldoc.ali2000008
K7GW Trojan ( 0056081c1 )
Cybereason malicious.facc22
Arcabit Trojan.Generic.D298A59B
BitDefenderTheta Gen:NN.ZemsilF.34700.rmW@am@fL4l
Cyren W32/Trojan.ULNR-4571
Symantec Trojan Horse
ESET-NOD32 Win32/Formbook.AA
TrendMicro-HouseCall TrojanSpy.MSIL.FORMBOOK.BP
Avast Win32:PWSX-gen [Trj]
Kaspersky HEUR:Trojan-Spy.MSIL.Noon.gen
BitDefender Trojan.GenericKD.43558299
NANO-Antivirus Trojan.Win32.XDR.hpcexg
Paloalto generic.ml
AegisLab Trojan.MSIL.Noon.l!c
Rising Spyware.Noon!8.E7C9 (KTSE)
Ad-Aware Trojan.GenericKD.43558299
Emsisoft Trojan.GenericKD.43558299 (B)
Comodo Malware@#euot2ecng6js
F-Secure Trojan.TR/Crypt.XDR.E
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.MSIL.FORMBOOK.BP
McAfee-GW-Edition BehavesLike.Win32.Generic.dc
Sophos Mal/Generic-R + Troj/MSIL-PKS
SentinelOne Static AI - Malicious PE
Jiangmin Trojan.Generic.fukmf
eGambit Unsafe.AI_Score_99%
Avira TR/Crypt.XDR.E
Antiy-AVL Trojan[Spy]/MSIL.Noon
Microsoft Trojan:MSIL/Formbook.VN!MTB
ViRobot Trojan.Win32.S.Agent.284672.FB
ZoneAlarm HEUR:Trojan-Spy.MSIL.Noon.gen
GData Win32.Trojan-Stealer.FormBook.X6UE3C
Cynet Malicious (score: 100)
Acronis suspicious
McAfee Fareit-FVK!E2AC3D9FACC2
MAX malware (ai score=100)
VBA32 TScope.Trojan.MSIL
Malwarebytes Trojan.MalPack.XOR
APEX Malicious
Tencent Win32.Trojan.Inject.Auto
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-28 16:19:03

Imports

Library mscoree.dll:
0x402000 _CorExeMain

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.