SmartHawk

3.0

中危

56 个模型检测该样本为恶意！

重新分析

下载样本

ebed7819ae974b33c3c7e9511af86f5b2bf1ff8b3a88ffebc47aed30da4df9ab

ebefdbc014c8f81eb4039a483738197d.exe

分析耗时

77s

最近分析

文件大小

815.5KB

静态报毒动态报毒 95ZQRG AGENTTESLA AI SCORE=87 AIDETECTVM AUTO BLADABINDI CONFIDENCE DARKKOMET DELF DELPHILESS FAREIT FORMBOOK GENERICKD HIFSGX HIGH CONFIDENCE JIER KTSE LOKIBOT MALICIOUS PE MALWARE2 OGQKST4G68Y QVM05 R + TROJ SCORE SIGGEN2 STATIC AI TSCOPE UNSAFE WLDI X2059 YG0@AUQXASOI ZELPHIF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Baidu		20190318	1.0.0.2
Avast	Other:Malware-gen [Trj]	20201229	21.1.5827.0
Alibaba	Backdoor:Win32/FormBook.e2ca8a84	20190527	0.3.0.5
Kingsoft		20201230	2017.9.26.565
McAfee	Fareit-FSK!EBEFDBC014C8	20201229	6.0.6.653
Tencent	Win32.Trojan.Inject.Auto	20201229	1.0.0.1
CrowdStrike	win/malicious_confidence_90% (W)	20190702	1.0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)

section	CODE
section	DATA
section	BSS

The executable uses a known packer (1 个事件)

packer

BobSoft Mini Delphi -> BoB / BobSoft

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619999682.176234 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003d0000	success	0	0

The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)

entropy

7.585794876373198

section

{'size_of_data': '0x0000da00', 'virtual_address': '0x00051000', 'entropy': 7.585794876373198, 'name': 'DATA', 'virtual_size': '0x0000d9c8'}

description

A section with a high entropy has been found

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)

Bkav	W32.AIDetectVM.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.33623240
FireEye	Generic.mg.ebefdbc014c8f81e
CAT-QuickHeal	Trojan.Multi
Qihoo-360	Generic/HEUR/QVM05.1.6933.Malware.Gen
ALYac	Trojan.GenericKD.33623240
Malwarebytes	Spyware.LokiBot
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
K7AntiVirus	Riskware ( 0040eff71 )
BitDefender	Trojan.GenericKD.33623240
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.014c8f
Arcabit	Trojan.Generic.D2010CC8
BitDefenderTheta	Gen:NN.ZelphiF.34700.YG0@auqXaSoi
Symantec	Trojan Horse
ESET-NOD32	MSIL/Bladabindi.BC
APEX	Malicious
Avast	Other:Malware-gen [Trj]
ClamAV	Win.Trojan.Bladabindi-7663170-0
Kaspersky	HEUR:Backdoor.Win32.Bladabindi.gen
Alibaba	Backdoor:Win32/FormBook.e2ca8a84
NANO-Antivirus	Trojan.Win32.Bladabindi.hifsgx
Rising	Trojan.Injector!1.C561 (KTSE)
Ad-Aware	Trojan.GenericKD.33623240
F-Secure	Trojan.TR/Agent.jier
DrWeb	Trojan.PWS.Siggen2.46506
TrendMicro	Trojan.Win32.FORMBOOK.WLDI
McAfee-GW-Edition	BehavesLike.Win32.Trojan.ch
Sophos	Mal/Generic-R + Troj/Inject-FUF
Ikarus	Trojan.Inject
Jiangmin	Backdoor.Bladabindi.aw
Webroot	W32.Trojan.Gen
Avira	TR/Agent.jier
Antiy-AVL	Trojan[Backdoor]/Win32.Bladabindi
Gridinsoft	Backdoor.Win32.DarkKomet.ba!s1
Microsoft	Trojan:Win32/FormBook.BX!MTB
AhnLab-V3	Suspicious/Win.Delphiless.X2059
ZoneAlarm	HEUR:Backdoor.Win32.Bladabindi.gen
GData	Win32.Trojan-Stealer.AgentTesla.95ZQRG
Cynet	Malicious (score: 100)
McAfee	Fareit-FSK!EBEFDBC014C8
MAX	malware (ai score=87)
VBA32	TScope.Trojan.Delf
Panda	Trj/WLT.F
Zoner	Trojan.Win32.90912
TrendMicro-HouseCall	Trojan.Win32.FORMBOOK.WLDI
Tencent	Win32.Trojan.Inject.Auto
Yandex	Trojan.Bladabindi!OgqksT4G68Y

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:

• 0x460118 DeleteCriticalSection

• 0x46011c LeaveCriticalSection

• 0x460120 EnterCriticalSection

• 0x460124 InitializeCriticalSection

• 0x460128 VirtualFree

• 0x46012c VirtualAlloc

• 0x460130 LocalFree

• 0x460134 LocalAlloc

• 0x460138 GetVersion

• 0x46013c GetCurrentThreadId

• 0x460140 InterlockedDecrement

• 0x460144 InterlockedIncrement

• 0x460148 VirtualQuery

• 0x46014c WideCharToMultiByte

• 0x460150 MultiByteToWideChar

• 0x460154 lstrlenA

• 0x460158 lstrcpynA

• 0x46015c LoadLibraryExA

• 0x460160 GetThreadLocale

• 0x460164 GetStartupInfoA

• 0x460168 GetProcAddress

• 0x46016c GetModuleHandleA

• 0x460170 GetModuleFileNameA

• 0x460174 GetLocaleInfoA

• 0x460178 GetCommandLineA

• 0x46017c FreeLibrary

• 0x460180 FindFirstFileA

• 0x460184 FindClose

• 0x460188 ExitProcess

• 0x46018c WriteFile

• 0x460190 UnhandledExceptionFilter

• 0x460194 RtlUnwind

• 0x460198 RaiseException

• 0x46019c GetStdHandle

Library user32.dll:

• 0x4601a4 GetKeyboardType

• 0x4601a8 LoadStringA

• 0x4601ac MessageBoxA

• 0x4601b0 CharNextA

Library advapi32.dll:

• 0x4601b8 RegQueryValueExA

• 0x4601bc RegOpenKeyExA

• 0x4601c0 RegCloseKey

Library oleaut32.dll:

• 0x4601c8 SysFreeString

• 0x4601cc SysReAllocStringLen

• 0x4601d0 SysAllocStringLen

Library kernel32.dll:

• 0x4601d8 TlsSetValue

• 0x4601dc TlsGetValue

• 0x4601e0 LocalAlloc

• 0x4601e4 GetModuleHandleA

Library advapi32.dll:

• 0x4601ec RegQueryValueExA

• 0x4601f0 RegOpenKeyExA

• 0x4601f4 RegCloseKey

Library kernel32.dll:

• 0x4601fc lstrcpyA

• 0x460200 WriteFile

• 0x460204 WaitForSingleObject

• 0x460208 VirtualQuery

• 0x46020c VirtualAlloc

• 0x460210 Sleep

• 0x460214 SizeofResource

• 0x460218 SetUnhandledExceptionFilter

• 0x46021c SetThreadLocale

• 0x460220 SetFilePointer

• 0x460224 SetEvent

• 0x460228 SetErrorMode

• 0x46022c SetEndOfFile

• 0x460230 ResetEvent

• 0x460234 ReadFile

• 0x460238 MulDiv

• 0x46023c LockResource

• 0x460240 LoadResource

• 0x460244 LoadLibraryA

• 0x460248 LeaveCriticalSection

• 0x46024c InitializeCriticalSection

• 0x460250 GlobalUnlock

• 0x460254 GlobalReAlloc

• 0x460258 GlobalHandle

• 0x46025c GlobalLock

• 0x460260 GlobalFree

• 0x460264 GlobalFindAtomA

• 0x460268 GlobalDeleteAtom

• 0x46026c GlobalAlloc

• 0x460270 GlobalAddAtomA

• 0x460274 GetVersionExA

• 0x460278 GetVersion

• 0x46027c GetTickCount

• 0x460280 GetThreadLocale

• 0x460284 GetSystemTimeAsFileTime

• 0x460288 GetSystemTime

• 0x46028c GetSystemInfo

• 0x460290 GetStringTypeExA

• 0x460294 GetStdHandle

• 0x460298 GetProcAddress

• 0x46029c GetModuleHandleA

• 0x4602a0 GetModuleFileNameA

• 0x4602a4 GetLocaleInfoA

• 0x4602a8 GetLocalTime

• 0x4602ac GetLastError

• 0x4602b0 GetFullPathNameA

• 0x4602b4 GetDiskFreeSpaceA

• 0x4602b8 GetDateFormatA

• 0x4602bc GetCurrentThreadId

• 0x4602c0 GetCurrentProcessId

• 0x4602c4 GetCPInfo

• 0x4602c8 GetACP

• 0x4602cc FreeResource

• 0x4602d0 InterlockedExchange

• 0x4602d4 FreeLibrary

• 0x4602d8 FormatMessageA

• 0x4602dc FindResourceA

• 0x4602e0 FileTimeToSystemTime

• 0x4602e4 ExitThread

• 0x4602e8 EnumCalendarInfoA

• 0x4602ec EnterCriticalSection

• 0x4602f0 DeleteCriticalSection

• 0x4602f4 CreateThread

• 0x4602f8 CreateFileA

• 0x4602fc CreateEventA

• 0x460300 CompareStringA

• 0x460304 CloseHandle

Library version.dll:

• 0x46030c VerQueryValueA

• 0x460310 GetFileVersionInfoSizeA

• 0x460314 GetFileVersionInfoA

Library gdi32.dll:

• 0x46031c UnrealizeObject

• 0x460320 StretchBlt

• 0x460324 SetWindowOrgEx

• 0x460328 SetViewportOrgEx

• 0x46032c SetTextColor

• 0x460330 SetStretchBltMode

• 0x460334 SetROP2

• 0x460338 SetPixel

• 0x46033c SetDIBColorTable

• 0x460340 SetBrushOrgEx

• 0x460344 SetBkMode

• 0x460348 SetBkColor

• 0x46034c SelectPalette

• 0x460350 SelectObject

• 0x460354 SaveDC

• 0x460358 RestoreDC

• 0x46035c RectVisible

• 0x460360 RealizePalette

• 0x460364 PatBlt

• 0x460368 MoveToEx

• 0x46036c MaskBlt

• 0x460370 LineTo

• 0x460374 IntersectClipRect

• 0x460378 GetWindowOrgEx

• 0x46037c GetTextMetricsA

• 0x460380 GetTextExtentPoint32A

• 0x460384 GetSystemPaletteEntries

• 0x460388 GetStockObject

• 0x46038c GetPixel

• 0x460390 GetPaletteEntries

• 0x460394 GetObjectA

• 0x460398 GetDeviceCaps

• 0x46039c GetDIBits

• 0x4603a0 GetDIBColorTable

• 0x4603a4 GetDCOrgEx

• 0x4603a8 GetCurrentPositionEx

• 0x4603ac GetClipBox

• 0x4603b0 GetBrushOrgEx

• 0x4603b4 GetBitmapBits

• 0x4603b8 ExcludeClipRect

• 0x4603bc DeleteObject

• 0x4603c0 DeleteDC

• 0x4603c4 CreateSolidBrush

• 0x4603c8 CreatePenIndirect

• 0x4603cc CreatePalette

• 0x4603d0 CreateHalftonePalette

• 0x4603d4 CreateFontIndirectA

• 0x4603d8 CreateDIBitmap

• 0x4603dc CreateDIBSection

• 0x4603e0 CreateCompatibleDC

• 0x4603e4 CreateCompatibleBitmap

• 0x4603e8 CreateBrushIndirect

• 0x4603ec CreateBitmap

• 0x4603f0 BitBlt

Library user32.dll:

• 0x4603f8 CreateWindowExA

• 0x4603fc WindowFromPoint

• 0x460400 WinHelpA

• 0x460404 WaitMessage

• 0x460408 UpdateWindow

• 0x46040c UnregisterClassA

• 0x460410 UnhookWindowsHookEx

• 0x460414 TranslateMessage

• 0x460418 TranslateMDISysAccel

• 0x46041c TrackPopupMenu

• 0x460420 SystemParametersInfoA

• 0x460424 ShowWindow

• 0x460428 ShowScrollBar

• 0x46042c ShowOwnedPopups

• 0x460430 ShowCursor

• 0x460434 SetWindowsHookExA

• 0x460438 SetWindowPos

• 0x46043c SetWindowPlacement

• 0x460440 SetWindowLongA

• 0x460444 SetTimer

• 0x460448 SetScrollRange

• 0x46044c SetScrollPos

• 0x460450 SetScrollInfo

• 0x460454 SetRect

• 0x460458 SetPropA

• 0x46045c SetParent

• 0x460460 SetMenuItemInfoA

• 0x460464 SetMenu

• 0x460468 SetForegroundWindow

• 0x46046c SetFocus

• 0x460470 SetCursor

• 0x460474 SetClassLongA

• 0x460478 SetCapture

• 0x46047c SetActiveWindow

• 0x460480 SendMessageA

• 0x460484 ScrollWindow

• 0x460488 ScreenToClient

• 0x46048c RemovePropA

• 0x460490 RemoveMenu

• 0x460494 ReleaseDC

• 0x460498 ReleaseCapture

• 0x46049c RegisterWindowMessageA

• 0x4604a0 RegisterClipboardFormatA

• 0x4604a4 RegisterClassA

• 0x4604a8 RedrawWindow

• 0x4604ac PtInRect

• 0x4604b0 PostQuitMessage

• 0x4604b4 PostMessageA

• 0x4604b8 PeekMessageA

• 0x4604bc OffsetRect

• 0x4604c0 OemToCharA

• 0x4604c4 MessageBoxA

• 0x4604c8 MapWindowPoints

• 0x4604cc MapVirtualKeyA

• 0x4604d0 LoadStringA

• 0x4604d4 LoadKeyboardLayoutA

• 0x4604d8 LoadIconA

• 0x4604dc LoadCursorA

• 0x4604e0 LoadBitmapA

• 0x4604e4 KillTimer

• 0x4604e8 IsZoomed

• 0x4604ec IsWindowVisible

• 0x4604f0 IsWindowEnabled

• 0x4604f4 IsWindow

• 0x4604f8 IsRectEmpty

• 0x4604fc IsIconic

• 0x460500 IsDialogMessageA

• 0x460504 IsChild

• 0x460508 InvalidateRect

• 0x46050c IntersectRect

• 0x460510 InsertMenuItemA

• 0x460514 InsertMenuA

• 0x460518 InflateRect

• 0x46051c GetWindowThreadProcessId

• 0x460520 GetWindowTextA

• 0x460524 GetWindowRect

• 0x460528 GetWindowPlacement

• 0x46052c GetWindowLongA

• 0x460530 GetWindowDC

• 0x460534 GetTopWindow

• 0x460538 GetSystemMetrics

• 0x46053c GetSystemMenu

• 0x460540 GetSysColorBrush

• 0x460544 GetSysColor

• 0x460548 GetSubMenu

• 0x46054c GetScrollRange

• 0x460550 GetScrollPos

• 0x460554 GetScrollInfo

• 0x460558 GetPropA

• 0x46055c GetParent

• 0x460560 GetWindow

• 0x460564 GetMenuStringA

• 0x460568 GetMenuState

• 0x46056c GetMenuItemInfoA

• 0x460570 GetMenuItemID

• 0x460574 GetMenuItemCount

• 0x460578 GetMenu

• 0x46057c GetLastActivePopup

• 0x460580 GetKeyboardState

• 0x460584 GetKeyboardLayoutList

• 0x460588 GetKeyboardLayout

• 0x46058c GetKeyState

• 0x460590 GetKeyNameTextA

• 0x460594 GetIconInfo

• 0x460598 GetForegroundWindow

• 0x46059c GetFocus

• 0x4605a0 GetDesktopWindow

• 0x4605a4 GetDCEx

• 0x4605a8 GetDC

• 0x4605ac GetCursorPos

• 0x4605b0 GetCursor

• 0x4605b4 GetClientRect

• 0x4605b8 GetClassNameA

• 0x4605bc GetClassInfoA

• 0x4605c0 GetCapture

• 0x4605c4 GetActiveWindow

• 0x4605c8 FrameRect

• 0x4605cc FindWindowA

• 0x4605d0 FillRect

• 0x4605d4 EqualRect

• 0x4605d8 EnumWindows

• 0x4605dc EnumThreadWindows

• 0x4605e0 EndPaint

• 0x4605e4 EnableWindow

• 0x4605e8 EnableScrollBar

• 0x4605ec EnableMenuItem

• 0x4605f0 DrawTextA

• 0x4605f4 DrawMenuBar

• 0x4605f8 DrawIconEx

• 0x4605fc DrawIcon

• 0x460600 DrawFrameControl

• 0x460604 DrawEdge

• 0x460608 DispatchMessageA

• 0x46060c DestroyWindow

• 0x460610 DestroyMenu

• 0x460614 DestroyIcon

• 0x460618 DestroyCursor

• 0x46061c DeleteMenu

• 0x460620 DefWindowProcA

• 0x460624 DefMDIChildProcA

• 0x460628 DefFrameProcA

• 0x46062c CreatePopupMenu

• 0x460630 CreateMenu

• 0x460634 CreateIcon

• 0x460638 ClientToScreen

• 0x46063c CheckMenuItem

• 0x460640 CallWindowProcA

• 0x460644 CallNextHookEx

• 0x460648 BeginPaint

• 0x46064c CharNextA

• 0x460650 CharLowerA

• 0x460654 CharToOemA

• 0x460658 AdjustWindowRectEx

• 0x46065c ActivateKeyboardLayout

Library kernel32.dll:

• 0x460664 Sleep

Library oleaut32.dll:

• 0x46066c SafeArrayPtrOfIndex

• 0x460670 SafeArrayGetUBound

• 0x460674 SafeArrayGetLBound

• 0x460678 SafeArrayCreate

• 0x46067c VariantChangeType

• 0x460680 VariantCopy

• 0x460684 VariantClear

• 0x460688 VariantInit

Library comctl32.dll:

• 0x460690 ImageList_SetIconSize

• 0x460694 ImageList_GetIconSize

• 0x460698 ImageList_Write

• 0x46069c ImageList_Read

• 0x4606a0 ImageList_GetDragImage

• 0x4606a4 ImageList_DragShowNolock

• 0x4606a8 ImageList_SetDragCursorImage

• 0x4606ac ImageList_DragMove

• 0x4606b0 ImageList_DragLeave

• 0x4606b4 ImageList_DragEnter

• 0x4606b8 ImageList_EndDrag

• 0x4606bc ImageList_BeginDrag

• 0x4606c0 ImageList_Remove

• 0x4606c4 ImageList_DrawEx

• 0x4606c8 ImageList_Draw

• 0x4606cc ImageList_GetBkColor

• 0x4606d0 ImageList_SetBkColor

• 0x4606d4 ImageList_ReplaceIcon

• 0x4606d8 ImageList_Add

• 0x4606dc ImageList_GetImageCount

• 0x4606e0 ImageList_Destroy

• 0x4606e4 ImageList_Create

• 0x4606e8 InitCommonControls

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58368	239.255.255.250	3702
192.168.56.101	58370	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.