4.2
中危
54 个模型检测该样本为恶意!
重新分析
更多

60342b6e3f8ea75723ead2e27517dbc1dd29a5323916cd1c5220834b5279b3db

e2cee2924a09d5e606388e3389a61f31.exe

分析耗时

98s

最近分析

文件大小

722.8KB
静态报毒 动态报毒 100% AI SCORE=88 AIDETECTVM ATTRIBUTE BLACKHOLE CERBU CHINAD CONFIDENCE DQOD ELDORADO FLYAGENT FLYSTUDIO FLYSTUDIO POTENTIALLY UNWANTED GENERIC PUA CI GRAYWARE HIGH CONFIDENCE HIGHCONFIDENCE HKYHPL KNZGS MALICIOUS PE MALWARE1 PACK PKD@1QU9UM QQPASS R007C0PJN20 SCORE SILLYAUTORUN STATIC AI TU3@AMIQM5KB UNSAFE YMACCO ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee BackDoor-DRV.gen.c 20201211 6.0.6.653
Alibaba Backdoor:Win32/BlackHole.9aba71d1 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20201210 21.1.5827.0
Tencent 20201211 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
行为判定
动态指标
Foreign language identified in PE resource (3 个事件)
name RT_ICON language LANG_CHINESE offset 0x000640e8 filetype dBase III DBT, version number 0, next free block index 40 sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000a2a8
name RT_GROUP_ICON language LANG_CHINESE offset 0x0006e390 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_VERSION language LANG_CHINESE offset 0x0006e3a4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000240
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.163148985080404 section {'size_of_data': '0x0005b000', 'virtual_address': '0x00009000', 'entropy': 7.163148985080404, 'name': '.data', 'virtual_size': '0x0005b000'} description A section with a high entropy has been found
entropy 0.8272727272727273 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Cerbu.70335
FireEye Generic.mg.e2cee2924a09d5e6
McAfee BackDoor-DRV.gen.c
Cylance Unsafe
VIPRE Backdoor.Win32.FlyAgent.h (v)
Sangfor Malware
Alibaba Backdoor:Win32/BlackHole.9aba71d1
Cybereason malicious.cfd4e2
Arcabit Trojan.Cerbu.D112BF
Cyren W32/FlyStudio.A.gen!Eldorado
Symantec ML.Attribute.HighConfidence
TotalDefense Win32/SillyAutorun.ALB
APEX Malicious
Paloalto generic.ml
ClamAV Win.Malware.Flystudio-6937682-0
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Gen:Variant.Cerbu.70335
NANO-Antivirus Trojan.Win32.BlackHole.hkyhpl
Avast Win32:Malware-gen
Ad-Aware Gen:Variant.Cerbu.70335
Sophos Generic PUA CI (PUA)
Comodo TrojWare.Win32.Agent.pkd@1qu9um
F-Secure Trojan:W32/Agent.DQOD
DrWeb BackDoor.BlackHole.10549
Zillya Trojan.QQPass.Win32.60604
TrendMicro TROJ_GEN.R007C0PJN20
McAfee-GW-Edition BehavesLike.Win32.Autorun.bc
Emsisoft Trojan.Agent (A)
SentinelOne Static AI - Malicious PE
Avira BDS/BlackHole.knzgs
Antiy-AVL GrayWare/Win32.FlyStudio.b
Gridinsoft Malware.Win32.Pack.24374!se
Microsoft Trojan:Win32/Ymacco.AB60
AegisLab Trojan.Win32.FlyStudio.4!c
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Win32.Trojan.FlyStudio.A
Cynet Malicious (score: 100)
AhnLab-V3 Win32/Flystudio.worm.Gen
Acronis suspicious
ALYac Gen:Variant.Cerbu.70335
MAX malware (ai score=88)
Malwarebytes PUP.Optional.ChinAd
Zoner Trojan.Win32.92118
ESET-NOD32 a variant of Win32/Packed.FlyStudio potentially unwanted
TrendMicro-HouseCall TROJ_GEN.R007C0PJN20
MaxSecure Trojan.Autorun.DM
Fortinet W32/Generic.AP.14793D8!tr
BitDefenderTheta Gen:NN.ZexaF.34670.Tu3@amIqM5kb
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.27.142:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1972-12-25 13:33:23

Imports

Library KERNEL32.dll:
0x406000 GetProcAddress
0x406004 LoadLibraryA
0x406008 CloseHandle
0x40600c WriteFile
0x406010 CreateDirectoryA
0x406014 GetTempPathA
0x406018 ReadFile
0x40601c SetFilePointer
0x406020 CreateFileA
0x406024 GetModuleFileNameA
0x406028 GetStringTypeA
0x40602c LCMapStringW
0x406030 LCMapStringA
0x406034 HeapAlloc
0x406038 HeapFree
0x40603c GetModuleHandleA
0x406040 GetStartupInfoA
0x406044 GetCommandLineA
0x406048 GetVersion
0x40604c ExitProcess
0x406050 HeapDestroy
0x406054 HeapCreate
0x406058 VirtualFree
0x40605c VirtualAlloc
0x406060 HeapReAlloc
0x406064 TerminateProcess
0x406068 GetCurrentProcess
0x406078 WideCharToMultiByte
0x406084 SetHandleCount
0x406088 GetStdHandle
0x40608c GetFileType
0x406090 RtlUnwind
0x406094 GetCPInfo
0x406098 GetACP
0x40609c GetOEMCP
0x4060a0 MultiByteToWideChar
0x4060a4 GetStringTypeW
Library USER32.dll:
0x4060ac MessageBoxA
0x4060b0 wsprintfA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51379 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.