4.4
中危
49 个模型检测该样本为恶意!
重新分析
更多

b0e406be036f2507001eecb51b0cc1d93fba8588c5e02e13f483b30eee9b6c92

e41e28e964bc0b98a3465a4b1a51192a.exe

分析耗时

86s

最近分析

文件大小

1.2MB
静态报毒 动态报毒 AI SCORE=80 AIDETECTVM AUTO AUTOG BSCOPE CEEINJECT CLASSIC CONFIDENCE DCKMG DELF DELPHILESS ENBK FAREIT HIGH CONFIDENCE HSQCSF KRYPTIK MALWARE2 MALWARE@#2CE12FQ29UAMC NANOBOT NANOBOTIH NHW@AITQBNOI S + TROJ S15671552 SCORE SIGGEN2 SUSPICIOUS PE UNSAFE X2094 ZAPJ ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FYT!E41E28E964BC 20201024 6.0.6.653
Alibaba Backdoor:Win32/Injector.e68b145e 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20201024 18.4.3895.0
Kingsoft 20201024 2013.8.14.323
Tencent Win32.Trojan.Inject.Auto 20201024 1.0.0.1
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619951360.57825
NtAllocateVirtualMemory
process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003d0000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.64648012669555 section {'size_of_data': '0x000b4400', 'virtual_address': '0x00086000', 'entropy': 7.64648012669555, 'name': '.rsrc', 'virtual_size': '0x000b42e8'} description A section with a high entropy has been found
entropy 0.5826262626262626 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 49 AntiVirus engines on VirusTotal as malicious (49 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Delf.FareIt.Gen.13
FireEye Generic.mg.e41e28e964bc0b98
CAT-QuickHeal Backdoor.NanoBotIH.S15671552
McAfee Fareit-FYT!E41E28E964BC
Sangfor Malware
K7AntiVirus Trojan ( 0056e0811 )
Alibaba Backdoor:Win32/Injector.e68b145e
K7GW Trojan ( 0056e0811 )
Cybereason malicious.a33091
Arcabit Trojan.Delf.FareIt.Gen.13
BitDefenderTheta Gen:NN.ZelphiF.34590.nHW@aitqbNoi
Cyren W32/Injector.ZAPJ-0885
Symantec Trojan.Gen.MBT
APEX Malicious
Avast Win32:Malware-gen
Kaspersky HEUR:Backdoor.Win32.NanoBot.gen
BitDefender Trojan.Delf.FareIt.Gen.13
NANO-Antivirus Trojan.Win32.NanoBot.hsqcsf
Paloalto generic.ml
Rising Trojan.Injector!1.CB1A (CLASSIC)
Ad-Aware Trojan.Delf.FareIt.Gen.13
Emsisoft Trojan.Delf.FareIt.Gen.13 (B)
Comodo Malware@#2ce12fq29uamc
DrWeb Trojan.PWS.Siggen2.51569
Invincea Mal/Generic-S + Troj/AutoG-IX
McAfee-GW-Edition BehavesLike.Win32.Fareit.tc
Sophos Troj/AutoG-IX
Ikarus Trojan.Inject
Jiangmin Backdoor.Nanobot.fn
eGambit Unsafe.AI_Score_99%
Avira TR/Injector.dckmg
Microsoft VirTool:Win32/CeeInject.JJ!bit
ZoneAlarm HEUR:Backdoor.Win32.NanoBot.gen
GData Trojan.Delf.FareIt.Gen.13
AhnLab-V3 Suspicious/Win.Delphiless.X2094
Acronis suspicious
VBA32 BScope.Trojan.Kryptik
MAX malware (ai score=80)
Zoner Trojan.Win32.92388
ESET-NOD32 a variant of Win32/Injector.ENBK
Tencent Win32.Trojan.Inject.Auto
SentinelOne DFI - Suspicious PE
Fortinet W32/ENBK!tr
AVG Win32:Malware-gen
Panda Trj/CI.A
CrowdStrike win/malicious_confidence_90% (W)
Qihoo-360 Win32/Backdoor.BO.fce
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.110:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x47a13c VirtualFree
0x47a140 VirtualAlloc
0x47a144 LocalFree
0x47a148 LocalAlloc
0x47a14c GetVersion
0x47a150 GetCurrentThreadId
0x47a15c VirtualQuery
0x47a160 WideCharToMultiByte
0x47a164 MultiByteToWideChar
0x47a168 lstrlenA
0x47a16c lstrcpynA
0x47a170 LoadLibraryExA
0x47a174 GetThreadLocale
0x47a178 GetStartupInfoA
0x47a17c GetProcAddress
0x47a180 GetModuleHandleA
0x47a184 GetModuleFileNameA
0x47a188 GetLocaleInfoA
0x47a18c GetCommandLineA
0x47a190 FreeLibrary
0x47a194 FindFirstFileA
0x47a198 FindClose
0x47a19c ExitProcess
0x47a1a0 WriteFile
0x47a1a8 RtlUnwind
0x47a1ac RaiseException
0x47a1b0 GetStdHandle
Library user32.dll:
0x47a1b8 GetKeyboardType
0x47a1bc LoadStringA
0x47a1c0 MessageBoxA
0x47a1c4 CharNextA
Library advapi32.dll:
0x47a1cc RegQueryValueExA
0x47a1d0 RegOpenKeyExA
0x47a1d4 RegCloseKey
Library oleaut32.dll:
0x47a1dc SysFreeString
0x47a1e0 SysReAllocStringLen
0x47a1e4 SysAllocStringLen
Library kernel32.dll:
0x47a1ec TlsSetValue
0x47a1f0 TlsGetValue
0x47a1f4 LocalAlloc
0x47a1f8 GetModuleHandleA
Library advapi32.dll:
0x47a200 RegQueryValueExA
0x47a204 RegOpenKeyExA
0x47a208 RegCloseKey
Library kernel32.dll:
0x47a210 lstrcpyA
0x47a214 WriteFile
0x47a218 WaitForSingleObject
0x47a21c VirtualQuery
0x47a220 VirtualAlloc
0x47a224 Sleep
0x47a228 SizeofResource
0x47a230 SetThreadLocale
0x47a234 SetFilePointer
0x47a238 SetEvent
0x47a23c SetErrorMode
0x47a240 SetEndOfFile
0x47a244 ResetEvent
0x47a248 ReadFile
0x47a24c MulDiv
0x47a250 LockResource
0x47a254 LoadResource
0x47a258 LoadLibraryA
0x47a264 GlobalUnlock
0x47a268 GlobalReAlloc
0x47a26c GlobalHandle
0x47a270 GlobalLock
0x47a274 GlobalFree
0x47a278 GlobalFindAtomA
0x47a27c GlobalDeleteAtom
0x47a280 GlobalAlloc
0x47a284 GlobalAddAtomA
0x47a288 GetVersionExA
0x47a28c GetVersion
0x47a290 GetTickCount
0x47a294 GetThreadLocale
0x47a29c GetSystemTime
0x47a2a0 GetSystemInfo
0x47a2a4 GetStringTypeExA
0x47a2a8 GetStdHandle
0x47a2ac GetProcAddress
0x47a2b0 GetModuleHandleA
0x47a2b4 GetModuleFileNameA
0x47a2b8 GetLocaleInfoA
0x47a2bc GetLocalTime
0x47a2c0 GetLastError
0x47a2c4 GetFullPathNameA
0x47a2c8 GetDiskFreeSpaceA
0x47a2cc GetDateFormatA
0x47a2d0 GetCurrentThreadId
0x47a2d4 GetCurrentProcessId
0x47a2d8 GetCPInfo
0x47a2dc GetACP
0x47a2e0 FreeResource
0x47a2e4 InterlockedExchange
0x47a2e8 FreeLibrary
0x47a2ec FormatMessageA
0x47a2f0 FindResourceA
0x47a2f8 ExitThread
0x47a2fc EnumCalendarInfoA
0x47a308 CreateThread
0x47a30c CreateFileA
0x47a310 CreateEventA
0x47a314 CompareStringA
0x47a318 CloseHandle
Library version.dll:
0x47a320 VerQueryValueA
0x47a328 GetFileVersionInfoA
Library gdi32.dll:
0x47a330 UnrealizeObject
0x47a334 StretchBlt
0x47a338 SetWindowOrgEx
0x47a33c SetWinMetaFileBits
0x47a340 SetViewportOrgEx
0x47a344 SetTextColor
0x47a348 SetStretchBltMode
0x47a34c SetROP2
0x47a350 SetPixel
0x47a354 SetEnhMetaFileBits
0x47a358 SetDIBColorTable
0x47a35c SetBrushOrgEx
0x47a360 SetBkMode
0x47a364 SetBkColor
0x47a368 SelectPalette
0x47a36c SelectObject
0x47a370 SelectClipRgn
0x47a374 SelectClipPath
0x47a378 SaveDC
0x47a37c RestoreDC
0x47a380 Rectangle
0x47a384 RectVisible
0x47a388 RealizePalette
0x47a38c PlayEnhMetaFile
0x47a390 PatBlt
0x47a394 MoveToEx
0x47a398 MaskBlt
0x47a39c LineTo
0x47a3a0 IntersectClipRect
0x47a3a4 GetWindowOrgEx
0x47a3a8 GetWinMetaFileBits
0x47a3ac GetTextMetricsA
0x47a3b8 GetStockObject
0x47a3bc GetPixel
0x47a3c0 GetPaletteEntries
0x47a3c4 GetObjectA
0x47a3d0 GetEnhMetaFileBits
0x47a3d4 GetDeviceCaps
0x47a3d8 GetDIBits
0x47a3dc GetDIBColorTable
0x47a3e0 GetDCOrgEx
0x47a3e8 GetClipRgn
0x47a3ec GetClipBox
0x47a3f0 GetBrushOrgEx
0x47a3f4 GetBitmapBits
0x47a3f8 ExtTextOutA
0x47a3fc ExcludeClipRect
0x47a400 DeleteObject
0x47a404 DeleteEnhMetaFile
0x47a408 DeleteDC
0x47a40c CreateSolidBrush
0x47a410 CreateRectRgn
0x47a414 CreatePenIndirect
0x47a418 CreatePalette
0x47a420 CreateFontIndirectA
0x47a424 CreateDIBitmap
0x47a428 CreateDIBSection
0x47a42c CreateCompatibleDC
0x47a434 CreateBrushIndirect
0x47a438 CreateBitmap
0x47a43c CopyEnhMetaFileA
0x47a440 BitBlt
Library user32.dll:
0x47a448 CreateWindowExA
0x47a44c WindowFromPoint
0x47a450 WinHelpA
0x47a454 WaitMessage
0x47a458 UpdateWindow
0x47a45c UnregisterClassA
0x47a460 UnhookWindowsHookEx
0x47a464 TranslateMessage
0x47a46c TrackPopupMenu
0x47a474 ShowWindow
0x47a478 ShowScrollBar
0x47a47c ShowOwnedPopups
0x47a480 ShowCursor
0x47a484 SetWindowsHookExA
0x47a488 SetWindowTextA
0x47a48c SetWindowPos
0x47a490 SetWindowPlacement
0x47a494 SetWindowLongA
0x47a498 SetTimer
0x47a49c SetScrollRange
0x47a4a0 SetScrollPos
0x47a4a4 SetScrollInfo
0x47a4a8 SetRect
0x47a4ac SetPropA
0x47a4b0 SetParent
0x47a4b4 SetMenuItemInfoA
0x47a4b8 SetMenu
0x47a4bc SetKeyboardState
0x47a4c0 SetForegroundWindow
0x47a4c4 SetFocus
0x47a4c8 SetCursor
0x47a4cc SetClipboardData
0x47a4d0 SetClassLongA
0x47a4d4 SetCapture
0x47a4d8 SetActiveWindow
0x47a4dc SendMessageA
0x47a4e0 ScrollWindow
0x47a4e4 ScreenToClient
0x47a4e8 RemovePropA
0x47a4ec RemoveMenu
0x47a4f0 ReleaseDC
0x47a4f4 ReleaseCapture
0x47a500 RegisterClassA
0x47a504 RedrawWindow
0x47a508 PtInRect
0x47a50c PostQuitMessage
0x47a510 PostMessageA
0x47a514 PeekMessageA
0x47a518 OpenClipboard
0x47a51c OffsetRect
0x47a520 OemToCharA
0x47a524 MessageBoxA
0x47a528 MessageBeep
0x47a52c MapWindowPoints
0x47a530 MapVirtualKeyA
0x47a534 LoadStringA
0x47a538 LoadKeyboardLayoutA
0x47a53c LoadIconA
0x47a540 LoadCursorA
0x47a544 LoadBitmapA
0x47a548 KillTimer
0x47a54c IsZoomed
0x47a550 IsWindowVisible
0x47a554 IsWindowEnabled
0x47a558 IsWindow
0x47a55c IsRectEmpty
0x47a560 IsIconic
0x47a564 IsDialogMessageA
0x47a568 IsChild
0x47a56c IsCharAlphaNumericA
0x47a570 IsCharAlphaA
0x47a574 InvalidateRect
0x47a578 IntersectRect
0x47a57c InsertMenuItemA
0x47a580 InsertMenuA
0x47a584 InflateRect
0x47a58c GetWindowTextA
0x47a590 GetWindowRect
0x47a594 GetWindowPlacement
0x47a598 GetWindowLongA
0x47a59c GetWindowDC
0x47a5a0 GetTopWindow
0x47a5a4 GetSystemMetrics
0x47a5a8 GetSystemMenu
0x47a5ac GetSysColorBrush
0x47a5b0 GetSysColor
0x47a5b4 GetSubMenu
0x47a5b8 GetScrollRange
0x47a5bc GetScrollPos
0x47a5c0 GetScrollInfo
0x47a5c4 GetPropA
0x47a5c8 GetParent
0x47a5cc GetWindow
0x47a5d0 GetMenuStringA
0x47a5d4 GetMenuState
0x47a5d8 GetMenuItemInfoA
0x47a5dc GetMenuItemID
0x47a5e0 GetMenuItemCount
0x47a5e4 GetMenu
0x47a5e8 GetLastActivePopup
0x47a5ec GetKeyboardState
0x47a5f4 GetKeyboardLayout
0x47a5f8 GetKeyState
0x47a5fc GetKeyNameTextA
0x47a600 GetIconInfo
0x47a604 GetForegroundWindow
0x47a608 GetFocus
0x47a60c GetDlgItem
0x47a610 GetDesktopWindow
0x47a614 GetDCEx
0x47a618 GetDC
0x47a61c GetCursorPos
0x47a620 GetCursor
0x47a624 GetClipboardData
0x47a628 GetClientRect
0x47a62c GetClassNameA
0x47a630 GetClassInfoA
0x47a634 GetCapture
0x47a638 GetActiveWindow
0x47a63c FrameRect
0x47a640 FindWindowA
0x47a644 FillRect
0x47a648 EqualRect
0x47a64c EnumWindows
0x47a650 EnumThreadWindows
0x47a658 EndPaint
0x47a65c EnableWindow
0x47a660 EnableScrollBar
0x47a664 EnableMenuItem
0x47a668 EmptyClipboard
0x47a66c DrawTextA
0x47a670 DrawMenuBar
0x47a674 DrawIconEx
0x47a678 DrawIcon
0x47a67c DrawFrameControl
0x47a680 DrawFocusRect
0x47a684 DrawEdge
0x47a688 DispatchMessageA
0x47a68c DestroyWindow
0x47a690 DestroyMenu
0x47a694 DestroyIcon
0x47a698 DestroyCursor
0x47a69c DeleteMenu
0x47a6a0 DefWindowProcA
0x47a6a4 DefMDIChildProcA
0x47a6a8 DefFrameProcA
0x47a6ac CreatePopupMenu
0x47a6b0 CreateMenu
0x47a6b4 CreateIcon
0x47a6b8 CloseClipboard
0x47a6bc ClientToScreen
0x47a6c0 CheckMenuItem
0x47a6c4 CallWindowProcA
0x47a6c8 CallNextHookEx
0x47a6cc BeginPaint
0x47a6d0 CharNextA
0x47a6d4 CharLowerBuffA
0x47a6d8 CharLowerA
0x47a6dc CharUpperBuffA
0x47a6e0 CharToOemA
0x47a6e4 AdjustWindowRectEx
Library kernel32.dll:
0x47a6f0 Sleep
Library oleaut32.dll:
0x47a6f8 SafeArrayPtrOfIndex
0x47a6fc SafeArrayGetUBound
0x47a700 SafeArrayGetLBound
0x47a704 SafeArrayCreate
0x47a708 VariantChangeType
0x47a70c VariantCopy
0x47a710 VariantClear
0x47a714 VariantInit
Library comctl32.dll:
0x47a724 ImageList_Write
0x47a728 ImageList_Read
0x47a738 ImageList_DragMove
0x47a73c ImageList_DragLeave
0x47a740 ImageList_DragEnter
0x47a744 ImageList_EndDrag
0x47a748 ImageList_BeginDrag
0x47a74c ImageList_Remove
0x47a750 ImageList_DrawEx
0x47a754 ImageList_Replace
0x47a758 ImageList_Draw
0x47a768 ImageList_Add
0x47a770 ImageList_Destroy
0x47a774 ImageList_Create
0x47a778 InitCommonControls
Library comdlg32.dll:
0x47a780 GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.