0.9
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.47
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | MSIL:Agent-BXF [Trj] | 20200616 | 18.4.3895.0 |
| Baidu | MSIL.Backdoor.Bladabindi.a | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200616 | 2013.8.14.323 |
| McAfee | Trojan-FIGN | 20200616 | 6.0.6.653 |
| Tencent | None | 20200616 | 1.0.0.1 |
静态指标
动态指标
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 58 个反病毒引擎识别为恶意
(50 out of 58 个事件)
| ALYac | Generic.MSIL.Bladabindi.7BADC0B6 |
| APEX | Malicious |
| AVG | MSIL:Agent-BXF [Trj] |
| Ad-Aware | Generic.MSIL.Bladabindi.7BADC0B6 |
| Antiy-AVL | Trojan/Win32.Unknown |
| Arcabit | Generic.MSIL.Bladabindi.7BADC0B6 |
| Avast | MSIL:Agent-BXF [Trj] |
| Avira | TR/Dropper.Gen |
| Baidu | MSIL.Backdoor.Bladabindi.a |
| BitDefender | Generic.MSIL.Bladabindi.7BADC0B6 |
| BitDefenderTheta | Gen:NN.ZemsilF.34128.bmX@aiCf3Zl |
| CAT-QuickHeal | Backdoor.Bladabindi.AL3 |
| ClamAV | Win.Trojan.B-468 |
| Comodo | TrojWare.MSIL.Bladabindi.KX@52g0y5 |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.b2d565 |
| Cylance | Unsafe |
| Cynet | Malicious (score: 100) |
| Cyren | W32/MSIL_Bladabindi.AU.gen!Eldorado |
| DrWeb | Trojan.DownLoader10.19951 |
| ESET-NOD32 | a variant of MSIL/Bladabindi.AS |
| Emsisoft | Generic.MSIL.Bladabindi.7BADC0B6 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/MSIL_Bladabindi.AU.gen!Eldorado |
| F-Secure | Trojan.TR/Dropper.Gen |
| FireEye | Generic.mg.e5df932b2d5650a6 |
| Fortinet | MSIL/Agent.PPV!tr |
| GData | MSIL.Backdoor.Bladabindi.AV |
| Ikarus | Trojan.Msil |
| Invincea | heuristic |
| K7AntiVirus | Trojan ( 700000121 ) |
| K7GW | Trojan ( 700000121 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| MAX | malware (ai score=88) |
| Malwarebytes | Trojan.Agent.MSIL |
| McAfee | Trojan-FIGN |
| McAfee-GW-Edition | BehavesLike.Win32.Backdoor.mm |
| MicroWorld-eScan | Generic.MSIL.Bladabindi.7BADC0B6 |
| Microsoft | Backdoor:MSIL/Bladabindi.AJ |
| NANO-Antivirus | Trojan.Win32.Dwn.dbxzfj |
| Panda | Generic Malware |
| Qihoo-360 | HEUR/QVM03.0.F012.Malware.Gen |
| Rising | Backdoor.MSIL.Bladabindi!1.9E49 (CLASSIC) |
| SUPERAntiSpyware | Trojan.Agent/Gen-Barys |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | Mal/Bbindi-C |
| Symantec | Backdoor.Ratenjay |
| TotalDefense | Win32/DotNetDl.A!generic |
| Trapmine | suspicious.low.ml.score |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2020-03-24 23:46:05
PE Imphash
f34d5f2d4577ed6d9ceec516c1f5a744
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00002000 | 0x00006c00 | 0x00006c00 | 5.618416342111487 |
| .rsrc | 0x0000a000 | 0x00000400 | 0x00000400 | 3.5426138552292996 |
| .reloc | 0x0000c000 | 0x0000000c | 0x00000200 | 0.06116285224115448 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_MANIFEST | 0x0000a058 | 0x000001e7 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
Imports
Library mscoree.dll:
• 0x402000 _CorExeMain
L!This program cannot XSZ
`.rsrc
@.reloc
R (
v2.0.50727
#Strings
<Module>
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System
Object
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
System.Threading
System.IO
FileInfo
FileStream
Microsoft.VisualBasic.Devices
Computer
System.Diagnostics
Process
System.Net.Sockets
TcpClient
MemoryStream
Conversions
ToBoolean
System.Windows.Forms
Application
get_ExecutablePath
Exception
Microsoft.VisualBasic.MyServices
RegistryProxy
ServerComputer
get_Registry
Microsoft.Win32
RegistryKey
get_CurrentUser
String
Concat
OpenSubKey
DeleteValue
ProjectData
SetProjectError
ClearProjectError
GetValue
ToString
CreateSubKey
SetValue
Boolean
Operators
CompareString
Environment
get_MachineName
get_UserName
ComputerInfo
get_Info
get_OSFullName
Replace
OperatingSystem
get_OSVersion
get_ServicePack
Microsoft.VisualBasic
Strings
CompareMethod
SpecialFolder
GetFolderPath
Contains
RegistryKeyPermissionCheck
GetValueNames
get_Length
DateTime
FileSystemInfo
get_LastWriteTime
System.Text
Encoding
get_UTF8
GetBytes
Convert
ToBase64String
FromBase64String
GetString
Random
VBMath
Randomize
get_Chars
get_Default
System.Collections.Generic
List`1
ToArray
Stream
Dispose
System.IO.Compression
GZipStream
CompressionMode
set_Position
BitConverter
ToInt32
IntPtr
op_Equality
op_Explicit
StrDup
GetProcessById
get_MainWindowTitle
Interaction
Environ
Conversion
System.Reflection
Assembly
Module
GetModules
GetTypes
get_FullName
EndsWith
get_Assembly
CreateInstance
DirectoryInfo
get_Name
ToLower
get_Directory
get_Parent
Exists
Delete
EndApp
EnvironmentVariableTarget
SetEnvironmentVariable
AppWinStyle
get_LocalMachine
FileMode
Thread
NewLateBinding
LateGet
LateSetComplex
System.Net
WebClient
System.Drawing
Graphics
Bitmap
Rectangle
GetCurrentProcess
get_Id
GetProcesses
ProcessModule
get_MainModule
FileVersionInfo
get_FileVersionInfo
get_FileDescription
get_FileName
get_ProcessName
GetVersionInfo
ParameterizedThreadStart
ToInteger
get_Message
ProcessStartInfo
get_StartInfo
set_RedirectStandardOutput
set_RedirectStandardInput
set_RedirectStandardError
set_FileName
DataReceivedEventHandler
add_OutputDataReceived
add_ErrorDataReceived
EventArgs
EventHandler
add_Exited
set_UseShellExecute
set_CreateNoWindow
ProcessWindowStyle
set_WindowStyle
set_EnableRaisingEvents
BeginErrorReadLine
BeginOutputReadLine
StreamWriter
get_StandardInput
TextWriter
WriteLine
StartsWith
DownloadData
WriteAllBytes
RuntimeHelpers
GetObjectValue
LateSet
LateCall
CompareObjectEqual
OrObject
Screen
get_PrimaryScreen
get_Bounds
get_Width
get_Height
FromImage
CopyPixelOperation
CopyFromScreen
Cursor
Cursors
get_Position
GetThumbnailImageAbort
GetThumbnailImage
System.Drawing.Imaging
ImageFormat
get_Jpeg
WriteByte
ConditionalCompareObjectEqual
GetSubKeyNames
RegistryValueKind
GetValueKind
DeleteSubKeyTree
System.Security.Cryptography
MD5CryptoServiceProvider
HashAlgorithm
ComputeHash
get_ClassesRoot
get_Users
get_Handle
Monitor
Socket
get_Client
SocketFlags
Disconnect
Connect
get_Available
Receive
LateIndexGet
NetworkStream
GetStream
ReadByte
DeleteSubKey
DebuggerStepThroughAttribute
CompilerGeneratedAttribute
STAThreadAttribute
Command
WaitForExit
System.ComponentModel
Component
OpenExisting
ThreadStart
SessionEndingEventArgs
SessionEndingEventHandler
SystemEvents
add_SessionEnding
DoEvents
ConditionalCompareObjectNotEqual
Keyboard
StringBuilder
get_LocalTime
get_ShiftKeyDown
get_CapsLock
ToUpper
ReadAllText
Remove
WriteAllText
ClassLibrary1.exe
avicap32.dll
kernel32
user32.dll
user32
mscorlib
ClassLibrary1
lastcap
.cctor
EmptyWorkingSet
hProcess
NtSetInformationProcess
processInformationClass
processInformation
processInformationLength
capGetDriverDescriptionA
wDriver
lpszName
cbName
lpszVer
GetVolumeInformation
GetVolumeInformationA
lpRootPathName
lpVolumeNameBuffer
nVolumeNameSize
lpVolumeSerialNumber
lpMaximumComponentLength
lpFileSystemFlags
lpFileSystemNameBuffer
nFileSystemNameSize
GetForegroundWindow
GetWindowThreadProcessId
lpdwProcessID
GetWindowText
GetWindowTextA
WinTitle
MaxLength
GetWindowTextLength
GetWindowTextLengthA
Plugin
ByteOfPlugin
ClassName
CompDir
getMD5Hash
GetKey
connect
_Lambda$__1
_Lambda$__2
_Lambda$__3
LastAV
LastAS
lastKey
keyboard
LogsPath
ToUnicodeEx
wVirtKey
wScanCode
lpKeyState
pwszBuff
cchBuff
wFlags
GetKeyboardState
MapVirtualKey
uMapType
GetKeyboardLayout
dwLayout
GetAsyncKeyState
VKCodeToUnicode
VKCode
_Lambda$__4
p0N\c<
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
S�G�F�j�a�2�V�k�
E�x�p�l�o�r�e�r�.�e�x�e�
e�d�6�e�2�b�f�9�3�0�f�6�d�3�5�b�3�a�c�5�7�c�0�4�9�d�1�0�a�c�2�c�
a�b�d�o�9�5�.�d�d�n�s�.�n�e�t�
[�e�n�d�o�f�]�
S�o�f�t�w�a�r�e�\�M�i�c�r�o�s�o�f�t�\�W�i�n�d�o�w�s�\�C�u�r�r�e�n�t�V�e�r�s�i�o�n�\�R�u�n�
S�o�f�t�w�a�r�e�\�
M�i�c�r�o�s�o�f�t�
W�i�n�d�o�w�s�
y�y�y�y�-�M�M�-�d�d�
u�n�k�n�o�w�n�
a�b�c�d�e�f�g�h�i�j�k�l�m�n�o�p�q�r�s�t�u�v�w�x�y�z�
S�y�s�t�e�m�D�r�i�v�e�
S�E�E�_�M�A�S�K�_�N�O�Z�O�N�E�C�H�E�C�K�S�
n�e�t�s�h� �f�i�r�e�w�a�l�l� �a�d�d� �a�l�l�o�w�e�d�p�r�o�g�r�a�m� �"�
"� �E�N�A�B�L�E�
w�i�n�d�i�r�
\�s�y�s�t�e�m�3�2�\�
D�e�l�e�t�e�d� �
S�t�a�r�t�e�d� �
c�m�d�.�e�x�e�
g�e�t�v�a�l�u�e�
E�x�e�c�u�t�e� �E�R�R�O�R�
D�o�w�n�l�o�a�d� �E�R�R�O�R�
E�x�e�c�u�t�e�d� �A�s� �
U�p�d�a�t�e� �E�R�R�O�R�
U�p�d�a�t�i�n�g� �T�o� �
l�e�n�g�t�h�
n�e�t�s�h� �f�i�r�e�w�a�l�l� �d�e�l�e�t�e� �a�l�l�o�w�e�d�p�r�o�g�r�a�m� �"�
S�o�f�t�w�a�r�e�
c�m�d�.�e�x�e� �/�c� �p�i�n�g� �1�2�7�.�0�.�0�.�1� �&� �d�e�l� �"�
y�y�/�M�M�/�d�d�
?�?�/�?�?�/�?�?�
[�E�N�T�E�R�]�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.