1.6
低危
8 个模型检测该样本为恶意!
重新分析
更多

fd4d17d87a311ca7f9d4c5d522ce4f1e5a5e1bcfe88f258af5385150be5ff39b

e9fcc48889d939e1d7ac45f785fc1c18.exe

分析耗时

19s

最近分析

文件大小

162.0KB
静态报毒 动态报毒 AIDETECTVM BROSAFE CONFIDENCE MALWARE2 QVM20 XPACK
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20200905 6.0.6.653
Alibaba 20190527 0.3.0.5
Avast 20200905 18.4.3895.0
Baidu 20190318 1.0.0.2
Kingsoft 20200905 2013.8.14.323
Tencent 20200905 1.0.0.1
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
行为判定
动态指标
File has been identified by 8 AntiVirus engines on VirusTotal as malicious (8 个事件)
Bkav W32.AIDetectVM.malware2
F-Secure Trojan.TR/Crypt.XPACK.Gen
Jiangmin AdWare.BroSafe.d
Avira TR/Crypt.XPACK.Gen
AegisLab Riskware.Win32.Generic.1!c
Ikarus Trojan.Crypt
CrowdStrike win/malicious_confidence_60% (W)
Qihoo-360 Generic/HEUR/QVM20.1.ADF2.Malware.Gen
The binary likely contains encrypted or compressed data indicative of a packer (4 个事件)
entropy 7.1654436241923 section {'size_of_data': '0x00006e00', 'virtual_address': '0x0000c000', 'entropy': 7.1654436241923, 'name': '.rdata', 'virtual_size': '0x00006dec'} description A section with a high entropy has been found
entropy 7.7373485303167016 section {'size_of_data': '0x00000400', 'virtual_address': '0x0009a000', 'entropy': 7.7373485303167016, 'name': '/31', 'virtual_size': '0x00000333'} description A section with a high entropy has been found
entropy 7.878298057816858 section {'size_of_data': '0x00000800', 'virtual_address': '0x0009b000', 'entropy': 7.878298057816858, 'name': '/45', 'virtual_size': '0x0000065e'} description A section with a high entropy has been found
entropy 7.572973610674473 section {'size_of_data': '0x00000200', 'virtual_address': '0x0009c000', 'entropy': 7.572973610674473, 'name': '/57', 'virtual_size': '0x00000012'} description A section with a high entropy has been found
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-02-03 18:07:11

Imports

Library ADVAPI32.dll:
0x43e358 OpenProcessToken
0x43e35c RegCloseKey
0x43e360 RegCreateKeyExW
0x43e364 RegDeleteKeyW
0x43e368 RegDeleteValueW
0x43e36c RegEnumKeyW
0x43e370 RegEnumValueW
0x43e374 RegOpenKeyExW
0x43e378 RegQueryValueExW
0x43e37c RegSetValueExW
0x43e380 SetFileSecurityW
Library COMCTL32.DLL:
0x43e388 ImageList_AddMasked
0x43e38c ImageList_Create
0x43e390 ImageList_Destroy
0x43e394 InitCommonControls
Library GDI32.dll:
0x43e39c CreateBrushIndirect
0x43e3a0 CreateFontIndirectW
0x43e3a4 DeleteObject
0x43e3a8 GetDeviceCaps
0x43e3ac SelectObject
0x43e3b0 SetBkColor
0x43e3b4 SetBkMode
0x43e3b8 SetTextColor
Library KERNEL32.dll:
0x43e3c0 CloseHandle
0x43e3c4 CompareFileTime
0x43e3c8 CopyFileW
0x43e3cc CreateDirectoryW
0x43e3d0 CreateFileW
0x43e3d4 CreateProcessW
0x43e3d8 CreateThread
0x43e3dc DeleteFileW
0x43e3e0 ExitProcess
0x43e3e8 FindClose
0x43e3ec FindFirstFileW
0x43e3f0 FindNextFileW
0x43e3f4 FreeLibrary
0x43e3f8 GetCommandLineW
0x43e3fc GetCurrentProcess
0x43e400 GetDiskFreeSpaceW
0x43e404 GetExitCodeProcess
0x43e408 GetFileAttributesW
0x43e40c GetFileSize
0x43e410 GetFullPathNameW
0x43e414 GetLastError
0x43e418 GetModuleFileNameW
0x43e41c GetModuleHandleA
0x43e420 GetModuleHandleW
0x43e428 GetProcAddress
0x43e42c GetShortPathNameW
0x43e430 GetSystemDirectoryW
0x43e434 GetTempFileNameW
0x43e438 GetTempPathW
0x43e43c GetTickCount
0x43e440 GetVersion
0x43e448 GlobalAlloc
0x43e44c GlobalFree
0x43e450 GlobalLock
0x43e454 GlobalUnlock
0x43e458 LoadLibraryExW
0x43e45c MoveFileExW
0x43e460 MoveFileW
0x43e464 MulDiv
0x43e468 MultiByteToWideChar
0x43e46c ReadFile
0x43e470 RemoveDirectoryW
0x43e474 SearchPathW
0x43e480 SetErrorMode
0x43e484 SetFileAttributesW
0x43e488 SetFilePointer
0x43e48c SetFileTime
0x43e490 Sleep
0x43e494 WaitForSingleObject
0x43e498 WideCharToMultiByte
0x43e49c WriteFile
0x43e4a4 lstrcatW
0x43e4a8 lstrcmpW
0x43e4ac lstrcmpiA
0x43e4b0 lstrcmpiW
0x43e4b4 lstrcpyA
0x43e4b8 lstrcpynW
0x43e4bc lstrlenA
0x43e4c0 lstrlenW
Library ole32.dll:
0x43e4c8 CoCreateInstance
0x43e4cc CoTaskMemFree
0x43e4d0 OleInitialize
0x43e4d4 OleUninitialize
Library SHELL32.dll:
0x43e4dc SHBrowseForFolderW
0x43e4e0 SHFileOperationW
0x43e4e4 SHGetFileInfoW
0x43e4f0 ShellExecuteExW
Library USER32.dll:
0x43e4f8 AppendMenuW
0x43e4fc BeginPaint
0x43e500 CallWindowProcW
0x43e504 CharNextA
0x43e508 CharNextW
0x43e50c CharPrevW
0x43e510 CheckDlgButton
0x43e514 CloseClipboard
0x43e518 CreateDialogParamW
0x43e51c CreatePopupMenu
0x43e520 CreateWindowExW
0x43e524 DefWindowProcW
0x43e528 DestroyWindow
0x43e52c DialogBoxParamW
0x43e530 DispatchMessageW
0x43e534 DrawTextW
0x43e538 EmptyClipboard
0x43e53c EnableMenuItem
0x43e540 EnableWindow
0x43e544 EndDialog
0x43e548 EndPaint
0x43e54c ExitWindowsEx
0x43e550 FillRect
0x43e554 FindWindowExW
0x43e558 GetClassInfoW
0x43e55c GetClientRect
0x43e560 GetDC
0x43e564 GetDlgItem
0x43e568 GetDlgItemTextW
0x43e56c GetMessagePos
0x43e570 GetSysColor
0x43e574 GetSystemMenu
0x43e578 GetSystemMetrics
0x43e57c GetWindowLongW
0x43e580 GetWindowRect
0x43e584 InvalidateRect
0x43e588 IsWindow
0x43e58c IsWindowEnabled
0x43e590 IsWindowVisible
0x43e594 LoadBitmapW
0x43e598 LoadCursorW
0x43e59c LoadImageW
0x43e5a0 MessageBoxIndirectW
0x43e5a4 OpenClipboard
0x43e5a8 PeekMessageW
0x43e5ac PostQuitMessage
0x43e5b0 RegisterClassW
0x43e5b4 ReleaseDC
0x43e5b8 ScreenToClient
0x43e5bc SendMessageTimeoutW
0x43e5c0 SendMessageW
0x43e5c4 SetClassLongW
0x43e5c8 SetClipboardData
0x43e5cc SetCursor
0x43e5d0 SetDlgItemTextW
0x43e5d4 SetForegroundWindow
0x43e5d8 SetTimer
0x43e5dc SetWindowLongW
0x43e5e0 SetWindowPos
0x43e5e4 SetWindowTextW
0x43e5e8 ShowWindow
0x43e5f0 TrackPopupMenu
0x43e5f4 wsprintfA
0x43e5f8 wsprintfW

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 53238 239.255.255.250 3702
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 63434 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.