4.4
中危
57 个模型检测该样本为恶意!
重新分析
更多

539832697774fb2b092df3c545301d1ab576d915137a366b92863645148f6788

eb7aad69d1c1ed58db3d78c38dab1817.exe

分析耗时

19s

最近分析

文件大小

150.5KB
静态报毒 动态报毒 100% AI SCORE=84 ATTRIBUTE BSCOPE CLOUD CONFIDENCE DISKWRITER FSYSNA GDSDA GENCIRC GENERICKD GEXQ HGAFVN HIGH CONFIDENCE HIGHCONFIDENCE HJSNC HVVIQS KILLMBR MALWARE@#16B4NVFSIBHWI MBRINFECTOR MODERATE ONAS R002C0PD320 SCORE SHUTDOWNER SIGGEN9 SUSGEN UNSAFE WACATAC WBK3 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee RDN/Generic.grp 20200415 6.0.6.653
Alibaba Trojan:Win32/Fsysna.0db8b125 20190527 0.3.0.5
Avast Win32:Trojan-gen 20200414 18.4.3895.0
Baidu 20190318 1.0.0.2
Kingsoft 20200415 2013.8.14.323
Tencent Malware.Win32.Gencirc.10b99aaf 20200415 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1620001417.813374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Command line console output was observed (1 个事件)
Time & API Arguments Status Return Repeated
1620001418.860374
WriteConsoleW
buffer: 成功: 成功创建计划任务 "wininit"。
console_handle: 0x00000007
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
行为判定
动态指标
Creates a suspicious process (1 个事件)
cmdline schtasks.exe /Create /TN wininit /ru SYSTEM /SC ONSTART /TR "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\eb7aad69d1c1ed58db3d78c38dab1817.exe"
Uses Windows utilities for basic Windows functionality (1 个事件)
cmdline schtasks.exe /Create /TN wininit /ru SYSTEM /SC ONSTART /TR "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\eb7aad69d1c1ed58db3d78c38dab1817.exe"
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Installs itself for autorun at Windows startup (2 个事件)
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\wininit reg_value C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\eb7aad69d1c1ed58db3d78c38dab1817.exe
cmdline schtasks.exe /Create /TN wininit /ru SYSTEM /SC ONSTART /TR "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\eb7aad69d1c1ed58db3d78c38dab1817.exe"
Uses Sysinternals tools in order to add additional command line functionality (1 个事件)
cmdline schtasks.exe /Create /TN wininit /ru SYSTEM /SC ONSTART /TR "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\eb7aad69d1c1ed58db3d78c38dab1817.exe"
File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 个事件)
DrWeb Trojan.Siggen9.27655
MicroWorld-eScan Trojan.GenericKD.42909832
CAT-QuickHeal Trojan.Fsysna
McAfee RDN/Generic.grp
Cylance Unsafe
Zillya Trojan.Fsysna.Win32.19555
K7AntiVirus Trojan ( 0055f5981 )
Alibaba Trojan:Win32/Fsysna.0db8b125
K7GW Trojan ( 0055f5981 )
Cybereason malicious.9d1c1e
Arcabit Trojan.Generic.D28EC088
Invincea heuristic
BitDefenderTheta AI:Packer.B2E53AA121
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
Kaspersky Trojan.Win32.Fsysna.gexq
BitDefender Trojan.GenericKD.42909832
NANO-Antivirus Trojan.Win32.KillMBR.hgafvn
AegisLab Trojan.Multi.Generic.4!c
Avast Win32:Trojan-gen
Rising Trojan.KillMBR!1.C48A (CLOUD)
Ad-Aware Trojan.GenericKD.42909832
Emsisoft Trojan.GenericKD.42909832 (B)
Comodo Malware@#16b4nvfsibhwi
F-Secure Trojan.TR/KillMBR.hjsnc
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R002C0PD320
McAfee-GW-Edition RDN/Generic.grp
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.eb7aad69d1c1ed58
Sophos Troj/KillMBR-S
Cyren W32/Trojan.ONAS-7661
Jiangmin Trojan.Shutdowner.an
Webroot W32.Trojan.Gen
Avira TR/KillMBR.hjsnc
Antiy-AVL Trojan/Win32.Wacatac
Endgame malicious (high confidence)
ViRobot Trojan.Win32.S.KillMBR.154112.C
ZoneAlarm Trojan.Win32.Fsysna.gexq
GData Win32.Malware.MBRInfector.A
Acronis suspicious
VBA32 BScope.Trojan.DiskWriter
ALYac Trojan.Agent.KillMBR
MAX malware (ai score=84)
ESET-NOD32 a variant of Win32/KillMBR.NDS
TrendMicro-HouseCall TROJ_GEN.R002C0PD320
Tencent Malware.Win32.Gencirc.10b99aaf
Yandex Trojan.KillMBR!wBK3/HvViqs
Ikarus Trojan.Win32.KillMBR
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x434128 VirtualFree
0x43412c VirtualAlloc
0x434130 LocalFree
0x434134 LocalAlloc
0x434138 GetVersion
0x43413c GetCurrentThreadId
0x434148 VirtualQuery
0x43414c WideCharToMultiByte
0x434150 MultiByteToWideChar
0x434154 lstrlenA
0x434158 lstrcpynA
0x43415c LoadLibraryExA
0x434160 GetThreadLocale
0x434164 GetStartupInfoA
0x434168 GetProcAddress
0x43416c GetModuleHandleA
0x434170 GetModuleFileNameA
0x434174 GetLocaleInfoA
0x434178 GetCommandLineA
0x43417c FreeLibrary
0x434180 FindFirstFileA
0x434184 FindClose
0x434188 ExitProcess
0x43418c WriteFile
0x434194 RtlUnwind
0x434198 RaiseException
0x43419c GetStdHandle
Library user32.dll:
0x4341a4 GetKeyboardType
0x4341a8 LoadStringA
0x4341ac MessageBoxA
0x4341b0 CharNextA
Library advapi32.dll:
0x4341b8 RegQueryValueExA
0x4341bc RegOpenKeyExA
0x4341c0 RegCloseKey
Library oleaut32.dll:
0x4341c8 SysFreeString
0x4341cc SysReAllocStringLen
0x4341d0 SysAllocStringLen
Library kernel32.dll:
0x4341d8 TlsSetValue
0x4341dc TlsGetValue
0x4341e0 LocalAlloc
0x4341e4 GetModuleHandleA
Library advapi32.dll:
0x4341ec RegSetValueExA
0x4341f0 RegOpenKeyExA
0x4341f4 RegFlushKey
0x4341f8 RegDeleteValueA
0x4341fc RegCreateKeyExA
0x434200 RegCloseKey
0x434204 OpenProcessToken
0x43420c FreeSid
Library kernel32.dll:
0x43421c WriteFile
0x434220 WinExec
0x434224 WaitForSingleObject
0x434228 VirtualQuery
0x43422c TerminateProcess
0x434230 SetFilePointer
0x434234 SetEvent
0x434238 SetEndOfFile
0x43423c ResetEvent
0x434240 ReadFile
0x434244 OpenProcess
0x434250 GetVersionExA
0x434254 GetThreadLocale
0x434258 GetStringTypeExA
0x43425c GetStdHandle
0x434260 GetProcAddress
0x434264 GetModuleHandleA
0x434268 GetModuleFileNameA
0x43426c GetLocaleInfoA
0x434270 GetLocalTime
0x434274 GetLastError
0x434278 GetFullPathNameA
0x43427c GetDiskFreeSpaceA
0x434280 GetDateFormatA
0x434284 GetCurrentThreadId
0x434288 GetCurrentProcess
0x43428c GetCPInfo
0x434290 GetACP
0x434294 FormatMessageA
0x434298 FindFirstFileA
0x43429c FindClose
0x4342a8 EnumCalendarInfoA
0x4342b0 DeviceIoControl
0x4342b4 DeleteFileA
0x4342bc CreateFileA
0x4342c0 CreateEventA
0x4342c4 CompareStringA
0x4342c8 CloseHandle
Library user32.dll:
0x4342d0 PostMessageA
0x4342d4 MessageBoxA
0x4342d8 LoadStringA
0x4342dc GetSystemMetrics
0x4342e0 FindWindowA
0x4342e4 ExitWindowsEx
0x4342e8 CharNextA
0x4342ec CharToOemA
Library kernel32.dll:
0x4342f4 Sleep
Library shell32.dll:
0x4342fc ShellExecuteExA
Library oleaut32.dll:
0x434304 SafeArrayPtrOfIndex
0x434308 SafeArrayGetUBound
0x43430c SafeArrayGetLBound
0x434310 SafeArrayCreate
0x434314 VariantChangeType
0x434318 VariantCopy
0x43431c VariantClear
0x434320 VariantInit
Library advapi32.dll:
Library ntdll.dll:

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.