3.6
中危
49 个模型检测该样本为恶意!
重新分析
更多

829d4c12a03fcefe1562f2d3ad1d5e8a9627ecc0d15f438fd4455e77571c4460

e58905396ab3a73d998233d260f240d5.exe

分析耗时

77s

最近分析

文件大小

666.0KB
静态报毒 动态报毒 100% ADWAREX AI SCORE=84 AIDETECTVM ATTRIBUTE BUNDLER CHAPAK CLASSIC CONFIDENCE DHDZ DWNP ELDORADO FPXXNJ GENCIRC GENETIC GENKRYPTIK GRAYWARE HALS HIGH CONFIDENCE HIGHCONFIDENCE ISTARTSURF ISTARTSURFINSTALLER KRYPTIK MALICIOUS PE MALWARE2 PREPSCRAM PREPSCRAMPMF PS@8C4M91 PUW@AILWT4OI QVM20 R269135 S6204162 SCORE SOFTWAREBUNDLER UNSAFE ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba 20190527 0.3.0.5
Avast Win32:AdwareX-gen [Adw] 20200831 18.4.3895.0
Tencent Malware.Win32.Gencirc.10b3e96e 20200831 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft 20200831 2013.8.14.323
McAfee IStartSurf 20200831 6.0.6.653
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
行为判定
动态指标
Performs some HTTP requests (1 个事件)
request GET http://d1hq9wbcfo7dcl.cloudfront.nethttp://d1hq9wbcfo7dcl.cloudfront.net/offer.php?affId=1278&trackingId=413326376&instId=731&ho_trackingid=HO413326376&cc=US&sb=x64&wv=7sp1&db=Chrome&uac=1&cid=45617f22da69ecdb42ae1967c0480004&v=3&net=4.0.30319&ie=8%2e0%2e7601%2e17514&res=800x600&osd=30&kid=hqmrb21b79cf0gan9qp
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1620809370.868465
NtProtectVirtualMemory
process_identifier: 2264
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00413000
success 0 0
1620809371.758465
NtAllocateVirtualMemory
process_identifier: 2264
region_size: 806912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x006e0000
success 0 0
1620809371.774465
NtAllocateVirtualMemory
process_identifier: 2264
region_size: 827392
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01f70000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.998975559477146 section {'size_of_data': '0x00088a00', 'virtual_address': '0x00022000', 'entropy': 7.998975559477146, 'name': '.rsrc', 'virtual_size': '0x000888f0'} description A section with a high entropy has been found
entropy 0.8218045112781955 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 49 AntiVirus engines on VirusTotal as malicious (49 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Agent.DWNP
FireEye Generic.mg.e58905396ab3a73d
CAT-QuickHeal Bundler.PrepscramPMF.S6204162
ALYac Trojan.Agent.DWNP
Malwarebytes Adware.IStartSurf
SUPERAntiSpyware Trojan.Agent/Gen-Chapak
Sangfor Malware
K7AntiVirus Trojan ( 0054db091 )
K7GW Trojan ( 0054db091 )
Cybereason malicious.96ab3a
Invincea heuristic
BitDefenderTheta Gen:NN.ZexaF.34196.PuW@ailwT4oi
Cyren W32/S-9dce85ed!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Trojan.Agent.DWNP
NANO-Antivirus Trojan.Win32.GenKryptik.fpxxnj
Avast Win32:AdwareX-gen [Adw]
Tencent Malware.Win32.Gencirc.10b3e96e
Ad-Aware Trojan.Agent.DWNP
Comodo Application.Win32.IStartSurf.PS@8c4m91
Sophos IStartSurfInstaller (PUA)
Ikarus PUA.Win32.Prepscram
Jiangmin Trojan.Chapak.dct
Webroot W32.Adware.Gen
Avira TR/Dropper.Gen
Antiy-AVL GrayWare/Win32.Kryptik.dhx
Microsoft SoftwareBundler:Win32/Prepscram
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Trojan.Agent.DWNP
Cynet Malicious (score: 100)
AhnLab-V3 PUP/Win32.IStartSurf.R269135
Acronis suspicious
McAfee IStartSurf
MAX malware (ai score=84)
VBA32 Adware.Prepscram
Cylance Unsafe
ESET-NOD32 a variant of Win32/Kryptik.HALS
Rising Trojan.Kryptik!1.B835 (CLASSIC)
SentinelOne DFI - Malicious PE
eGambit Unsafe.AI_Score_100%
Fortinet W32/GenKryptik.DHDZ!tr
AVG Win32:AdwareX-gen [Adw]
Panda Trj/Genetic.gen
CrowdStrike win/malicious_confidence_100% (D)
Qihoo-360 HEUR/QVM20.1.9C3A.Malware.Gen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-05-08 14:46:59

Imports

Library KERNEL32.dll:
0x41300c WriteConsoleW
0x413014 VirtualProtect
0x413018 FreeConsole
0x41301c GetModuleHandleW
0x413020 CloseHandle
0x413024 CreateFileW
0x413028 SetFilePointerEx
0x41302c GetConsoleMode
0x413030 GetConsoleCP
0x413034 FlushFileBuffers
0x413038 HeapReAlloc
0x41303c HeapSize
0x413040 GetProcessHeap
0x41304c GetCurrentProcess
0x413050 TerminateProcess
0x41305c GetCurrentProcessId
0x413060 GetCurrentThreadId
0x413068 InitializeSListHead
0x41306c IsDebuggerPresent
0x413070 GetStartupInfoW
0x413074 RtlUnwind
0x413078 RaiseException
0x41307c GetLastError
0x413080 SetLastError
0x413084 EncodePointer
0x413098 TlsAlloc
0x41309c TlsGetValue
0x4130a0 TlsSetValue
0x4130a4 TlsFree
0x4130a8 FreeLibrary
0x4130ac GetProcAddress
0x4130b0 LoadLibraryExW
0x4130b4 GetStdHandle
0x4130b8 WriteFile
0x4130bc GetModuleFileNameW
0x4130c0 ExitProcess
0x4130c4 GetModuleHandleExW
0x4130c8 GetCommandLineA
0x4130cc GetCommandLineW
0x4130d0 HeapAlloc
0x4130d4 HeapFree
0x4130d8 FindClose
0x4130dc FindFirstFileExW
0x4130e0 FindNextFileW
0x4130e4 IsValidCodePage
0x4130e8 GetACP
0x4130ec GetOEMCP
0x4130f0 GetCPInfo
0x4130f4 MultiByteToWideChar
0x4130f8 WideCharToMultiByte
0x413108 SetStdHandle
0x41310c GetFileType
0x413110 GetStringTypeW
0x413114 CompareStringW
0x413118 LCMapStringW
0x41311c DecodePointer
Library GDI32.dll:
0x413000 CreateHatchBrush
0x413004 CreateMetaFileW
Library SHELL32.dll:
0x413124
0x41312c
0x413138 SHGetFolderPathW
0x413140

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49177 52.85.56.225 d1hq9wbcfo7dcl.cloudfront.net 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 51808 8.8.8.8 53

HTTP & HTTPS Requests

URI Data
http://d1hq9wbcfo7dcl.cloudfront.net/http://d1hq9wbcfo7dcl.cloudfront.net/offer.php?affId=1278&trackingId=413326376&instId=731&ho_trackingid=HO413326376&cc=US&sb=x64&wv=7sp1&db=Chrome&uac=1&cid=45617f22da69ecdb42ae1967c0480004&v=3&net=4.0.30319&ie=8%2e0%2e7601%2e17514&res=800x600&osd=30&kid=hqmrb21b79cf0gan9qp 
GET http://d1hq9wbcfo7dcl.cloudfront.net/offer.php?affId=1278&trackingId=413326376&instId=731&ho_trackingid=HO413326376&cc=US&sb=x64&wv=7sp1&db=Chrome&uac=1&cid=45617f22da69ecdb42ae1967c0480004&v=3&net=4.0.30319&ie=8%2e0%2e7601%2e17514&res=800x600&osd=30&kid=hqmrb21b79cf0gan9qp HTTP/1.1
Host: d1hq9wbcfo7dcl.cloudfront.net
Connection: close
Accept: */*
User-Agent:

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.