SmartHawk

2.6

中危

47 个模型检测该样本为恶意！

重新分析

下载样本

b19d64d6ef5329b388d688157ebb9f4fa8cae2ccd18ec1fe7bb75b0fcc2350f9

ec607802d2de9bfdae9cf0a94af5d987.exe

分析耗时

26s

最近分析

文件大小

268.0KB

静态报毒动态报毒 100% AGENTB AMBW BSCOPE CASDET CLOUD CONFIDENCE GDSDA GENERIC PWS GENERICKD GOBLINPANDA HIGH CONFIDENCE HSNTCF JZUI KCLOUD MALWARE@#18WM5LAAC2OA MASSON PASSWORDSTEALER QQ0@AE6HLADC SCORE SIGGEN10 TROJANPSW TRZW TXCD UNSAFE VSNTHP20 ZEXAF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	RDN/Generic PWS.y	20210422	6.0.6.653
Alibaba	Trojan:Win32/Agentb.b7792194	20190527	0.3.0.5
Avast	Win32:Trojan-gen	20210422	21.1.5827.0
Baidu		20190318	1.0.0.2
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)	20210422	2017.9.26.565
Tencent	Win32.Trojan.Agentb.Ambw	20210422	1.0.0.1
CrowdStrike	win/malicious_confidence_100% (W)	20210203	1.0

Queries for the computername (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620817592.76125 GetComputerNameW	computer_name: OSKAR-PC	success	1	0

The executable uses a known packer (1 个事件)

packer

Armadillo v1.71

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620817593.79225 GetAdaptersAddresses	flags: 0 family: 0	failed	111	0

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 47 AntiVirus engines on VirusTotal as malicious (47 个事件)

Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen10.13844
MicroWorld-eScan	Trojan.GenericKD.34417861
FireEye	Trojan.GenericKD.34417861
McAfee	RDN/Generic PWS.y
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Trojan.Win32.Casdet.rfn
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	Trojan:Win32/Agentb.b7792194
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.2d2de9
BitDefenderTheta	Gen:NN.ZexaF.34678.qq0@ae6Hladc
Cyren	W32/Agent.TXCD-7391
Symantec	Trojan.Gen.2
ESET-NOD32	a variant of Win32/Agent.UJW
APEX	Malicious
Avast	Win32:Trojan-gen
Kaspersky	Trojan.Win32.Agentb.jzui
BitDefender	Trojan.GenericKD.34417861
NANO-Antivirus	Trojan.Win32.Generic.hsntcf
Paloalto	generic.ml
Rising	Backdoor.[GoblinPanda]Agent!1.CB21 (CLOUD)
Ad-Aware	Trojan.GenericKD.34417861
Comodo	Malware@#18wm5laac2oa
Zillya	Trojan.Agent.Win32.1378255
TrendMicro	TROJ_FRS.VSNTHP20
McAfee-GW-Edition	RDN/Generic PWS.y
Emsisoft	Trojan.GenericKD.34417861 (B)
Jiangmin	Trojan.Agentb.jag
Webroot	W32.Trojan.Gen
Avira	TR/Agent.ayu
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Microsoft	Trojan:Win32/Masson.A!rfn
Gridinsoft	Trojan.Win32.Agent.dd!n
AegisLab	Trojan.Win32.Agentb.trzW
GData	Trojan.GenericKD.34417861
Cynet	Malicious (score: 99)
VBA32	BScope.TrojanPSW.Spy
ALYac	Trojan.Agent.Casdet
Malwarebytes	Spyware.PasswordStealer
TrendMicro-HouseCall	TROJ_FRS.VSNTHP20
Tencent	Win32.Trojan.Agentb.Ambw
Fortinet	W32/Agent.UJW!tr
AVG	Win32:Trojan-gen
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_100% (W)

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-07-13 15:32:05

Imports

Library MFC42.DLL:

• 0x43506c

• 0x435070

• 0x435074

• 0x435078

• 0x43507c

• 0x435080

• 0x435084

• 0x435088

• 0x43508c

• 0x435090

• 0x435094

• 0x435098

• 0x43509c

• 0x4350a0

• 0x4350a4

• 0x4350a8

• 0x4350ac

• 0x4350b0

• 0x4350b4

• 0x4350b8

• 0x4350bc

• 0x4350c0

• 0x4350c4

• 0x4350c8

• 0x4350cc

• 0x4350d0

• 0x4350d4

• 0x4350d8

• 0x4350dc

• 0x4350e0

• 0x4350e4

• 0x4350e8

• 0x4350ec

• 0x4350f0

• 0x4350f4

• 0x4350f8

• 0x4350fc

• 0x435100

• 0x435104

• 0x435108

• 0x43510c

• 0x435110

• 0x435114

• 0x435118

• 0x43511c

• 0x435120

• 0x435124

• 0x435128

• 0x43512c

• 0x435130

• 0x435134

• 0x435138

• 0x43513c

• 0x435140

• 0x435144

• 0x435148

• 0x43514c

• 0x435150

• 0x435154

• 0x435158

• 0x43515c

• 0x435160

• 0x435164

• 0x435168

• 0x43516c

• 0x435170

• 0x435174

• 0x435178

• 0x43517c

• 0x435180

• 0x435184

• 0x435188

• 0x43518c

• 0x435190

• 0x435194

• 0x435198

• 0x43519c

• 0x4351a0

• 0x4351a4

• 0x4351a8

• 0x4351ac

• 0x4351b0

• 0x4351b4

• 0x4351b8

• 0x4351bc

• 0x4351c0

• 0x4351c4

• 0x4351c8

• 0x4351cc

Library MSVCRT.dll:

• 0x435280 _stat

• 0x435284 _stricmp

• 0x435288 _setmbcp

• 0x43528c memmove

• 0x435290 fclose

• 0x435294 fread

• 0x435298 ftell

• 0x43529c fseek

• 0x4352a0 strstr

• 0x4352a4 atoi

• 0x4352a8 time

• 0x4352ac exit

• 0x4352b0 sscanf

• 0x4352b4 sprintf

• 0x4352b8 wcslen

• 0x4352bc __CxxFrameHandler

• 0x4352c0 fopen

• 0x4352c4 fwrite

• 0x4352c8 _wfopen

• 0x4352cc wcscpy

• 0x4352d0 _wcslwr

• 0x4352d4 wcsstr

• 0x4352d8 localtime

• 0x4352dc difftime

• 0x4352e0 _ftol

• 0x4352e4 swprintf

• 0x4352e8 _snprintf

• 0x4352ec malloc

• 0x4352f0 _wstat

• 0x4352f4 _waccess

• 0x4352f8 _access

• 0x4352fc mktime

• 0x435300 abort

• 0x435304 free

• 0x435308 strncpy

• 0x43530c _controlfp

• 0x435310 _except_handler3

• 0x435314 __set_app_type

• 0x435318 __p__fmode

• 0x43531c __p__commode

• 0x435320 _adjust_fdiv

• 0x435324 __setusermatherr

• 0x435328 _initterm

• 0x43532c __getmainargs

• 0x435330 _acmdln

• 0x435334 _XcptFilter

• 0x435338 _exit

• 0x43533c __dllonexit

• 0x435340 wcsrchr

• 0x435344 rename

• 0x435348 wcscmp

• 0x43534c wcsncpy

• 0x435350 isspace

• 0x435354 isprint

• 0x435358 getenv

• 0x43535c strrchr

• 0x435360 wcscat

• 0x435364 _mbsstr

• 0x435368 calloc

• 0x43536c _wcsnicmp

• 0x435370 tolower

• 0x435374 _onexit

Library KERNEL32.dll:

• 0x435014 CreateFileA

• 0x435018 ReadFile

• 0x43501c SystemTimeToFileTime

• 0x435020 GetCurrentDirectoryA

• 0x435024 LocalFileTimeToFileTime

• 0x435028 CreateDirectoryA

• 0x43502c GetFileAttributesA

• 0x435030 SetFileTime

• 0x435034 WriteFile

• 0x435038 SetFilePointer

• 0x43503c InterlockedExchange

• 0x435040 GetSystemDirectoryA

• 0x435044 DeviceIoControl

• 0x435048 GetDriveTypeA

• 0x43504c CreateThread

• 0x435050 GetLogicalDrives

• 0x435054 GetModuleHandleA

• 0x435058 GetStartupInfoA

• 0x43505c GetProcAddress

• 0x435060 Sleep

• 0x435064 CloseHandle

Library USER32.dll:

• 0x435384 SetTimer

• 0x435388 LoadIconA

• 0x43538c EnableWindow

• 0x435390 wsprintfA

• 0x435394 KillTimer

• 0x435398 IsIconic

• 0x43539c GetSystemMetrics

• 0x4353a0 GetClientRect

• 0x4353a4 DrawIcon

• 0x4353a8 GetSystemMenu

• 0x4353ac SendMessageA

• 0x4353b0 AppendMenuA

Library ADVAPI32.dll:

• 0x435000 RegCloseKey

• 0x435004 RegOpenKeyExA

• 0x435008 RegQueryValueExA

• 0x43500c RegEnumKeyExA

Library SHELL32.dll:

• 0x43537c SHGetSpecialFolderPathW

Library ole32.dll:

• 0x4353cc CoCreateInstance

• 0x4353d0 CoInitialize

• 0x4353d4 CoUninitialize

Library MSVCP60.dll:

• 0x4351d4 ?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z

• 0x4351d8 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z

• 0x4351dc ?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ

• 0x4351e0 ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z

• 0x4351e4 ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

• 0x4351e8 ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

• 0x4351ec ??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

• 0x4351f0 ?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z

• 0x4351f4 ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z

• 0x4351f8 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z

• 0x4351fc ?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ

• 0x435200 ?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z

• 0x435204 ?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ

• 0x435208 ?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z

• 0x43520c ?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z

• 0x435210 ??0_Lockit@std@@QAE@XZ

• 0x435214 ??1_Lockit@std@@QAE@XZ

• 0x435218 ?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z

• 0x43521c ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z

• 0x435220 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

• 0x435224 ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z

• 0x435228 ?_Xran@std@@YAXXZ

• 0x43522c ?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ

• 0x435230 ?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z

• 0x435234 ?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z

• 0x435238 ?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

• 0x43523c ??1_Winit@std@@QAE@XZ

• 0x435240 ??0_Winit@std@@QAE@XZ

• 0x435244 ??1Init@ios_base@std@@QAE@XZ

• 0x435248 ??0Init@ios_base@std@@QAE@XZ

• 0x43524c ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z

• 0x435250 ?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB

• 0x435254 ?_Xlen@std@@YAXXZ

• 0x435258 ?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z

• 0x43525c ?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB

• 0x435260 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ

• 0x435264 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

• 0x435268 ?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

• 0x43526c ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

• 0x435270 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

• 0x435274 ??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z

• 0x435278 ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ

Library WS2_32.dll:

• 0x4353b8 inet_addr

• 0x4353bc ntohs

• 0x4353c0 recv

• 0x4353c4 send

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50002	114.114.114.114	53
192.168.56.101	53237	114.114.114.114	53
192.168.56.101	57756	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	62318	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	60384	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50003	239.255.255.250	3702
192.168.56.101	51966	239.255.255.250	1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.