3.2
中危
26 个模型检测该样本为恶意!
重新分析
更多

4cd81edc81bf28a5a329df01f492105d3dfb67afb196971589f30a956da24035

ec68a1203bdf5f4ea6cb1df9ca6e50a8.exe

分析耗时

99s

最近分析

文件大小

4.8MB
静态报毒 动态报毒 @V0@AUTNVYFI AI SCORE=83 ARTEMIS CLOUD CONFIDENCE FUERY HGIASOOA NJDX R002H09BL21 SUSGEN UNSAFE URSU WACATAC ZELPHIF ZPEVDO 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20210222 21.1.5827.0
Kingsoft 20210222 2017.9.26.565
McAfee Artemis!EC68A1203BDF 20210222 6.0.6.653
Tencent 20210222 1.0.0.1
CrowdStrike win/malicious_confidence_60% (W) 20210203 1.0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620809368.125
NtAllocateVirtualMemory
process_identifier: 2504
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003c0000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 26 AntiVirus engines on VirusTotal as malicious (26 个事件)
MicroWorld-eScan Gen:Variant.Ursu.266401
CAT-QuickHeal Trojan.Agent
ALYac Gen:Variant.Ursu.266401
Cylance Unsafe
Sangfor Trojan.Win32.Wacatac.D4
Cybereason malicious.03bdf5
Arcabit Trojan.Ursu.D410A1
Cyren W32/Trojan.NJDX-2844
APEX Malicious
BitDefender Gen:Variant.Ursu.266401
Paloalto generic.ml
Rising Trojan.Fuery!8.EAFB (CLOUD)
Ad-Aware Gen:Variant.Ursu.266401
McAfee-GW-Edition BehavesLike.Win32.Dropper.rh
FireEye Gen:Variant.Ursu.266401
Emsisoft Gen:Variant.Ursu.266401 (B)
MAX malware (ai score=83)
Microsoft Trojan:Win32/Zpevdo.B
GData Gen:Variant.Ursu.266401
McAfee Artemis!EC68A1203BDF
Malwarebytes Generic.Malware/Suspicious
TrendMicro-HouseCall TROJ_GEN.R002H09BL21
MaxSecure Trojan.Malware.86477056.susgen
BitDefenderTheta Gen:NN.ZelphiF.34574.@V0@autNvyfi
CrowdStrike win/malicious_confidence_60% (W)
Qihoo-360 Win32/Trojan.Generic.HgIASOoA
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.24.14:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-06-19 04:08:20

Imports

Library oleaut32.dll:
0x847b54 SysFreeString
0x847b58 SysReAllocStringLen
0x847b5c SysAllocStringLen
Library advapi32.dll:
0x847b64 RegQueryValueExW
0x847b68 RegOpenKeyExW
0x847b6c RegCloseKey
Library user32.dll:
0x847b74 CharNextW
0x847b78 LoadStringW
Library kernel32.dll:
0x847b80 Sleep
0x847b84 VirtualFree
0x847b88 VirtualAlloc
0x847b8c lstrlenW
0x847b90 VirtualQuery
0x847b98 GetTickCount
0x847b9c GetSystemInfo
0x847ba0 GetVersion
0x847ba4 CompareStringW
0x847ba8 IsValidLocale
0x847bac SetThreadLocale
0x847bb8 GetLocaleInfoW
0x847bbc WideCharToMultiByte
0x847bc0 MultiByteToWideChar
0x847bc4 GetACP
0x847bc8 LoadLibraryExW
0x847bcc GetStartupInfoW
0x847bd0 GetProcAddress
0x847bd4 GetModuleHandleW
0x847bd8 GetModuleFileNameW
0x847bdc GetCommandLineW
0x847be0 FreeLibrary
0x847be4 GetLastError
0x847bec RtlUnwind
0x847bf0 RaiseException
0x847bf4 ExitProcess
0x847bf8 ExitThread
0x847bfc SwitchToThread
0x847c00 GetCurrentThreadId
0x847c04 CreateThread
0x847c18 FindFirstFileW
0x847c1c FindClose
0x847c24 WriteFile
0x847c28 GetStdHandle
0x847c2c CloseHandle
Library kernel32.dll:
0x847c34 GetProcAddress
0x847c38 RaiseException
0x847c3c LoadLibraryA
0x847c40 GetLastError
0x847c44 TlsSetValue
0x847c48 TlsGetValue
0x847c4c LocalFree
0x847c50 LocalAlloc
0x847c54 GetModuleHandleW
0x847c58 FreeLibrary
Library user32.dll:
0x847c60 SetClassLongW
0x847c64 GetClassLongW
0x847c68 SetWindowLongW
0x847c6c GetWindowLongW
0x847c70 CreateWindowExW
0x847c74 WindowFromPoint
0x847c78 WaitMessage
0x847c7c UpdateWindow
0x847c80 UnregisterClassW
0x847c84 UnhookWindowsHookEx
0x847c88 TranslateMessage
0x847c90 TrackPopupMenu
0x847c98 ShowWindow
0x847c9c ShowScrollBar
0x847ca0 ShowOwnedPopups
0x847ca4 ShowCaret
0x847ca8 SetWindowRgn
0x847cac SetWindowsHookExW
0x847cb0 SetWindowTextW
0x847cb4 SetWindowPos
0x847cb8 SetWindowPlacement
0x847cbc SetTimer
0x847cc0 SetScrollRange
0x847cc4 SetScrollPos
0x847cc8 SetScrollInfo
0x847ccc SetRect
0x847cd0 SetPropW
0x847cd4 SetParent
0x847cd8 SetMenuItemInfoW
0x847cdc SetMenu
0x847ce0 SetForegroundWindow
0x847ce4 SetFocus
0x847ce8 SetCursorPos
0x847cec SetCursor
0x847cf0 SetClipboardData
0x847cf4 SetCapture
0x847cf8 SetActiveWindow
0x847cfc SendMessageA
0x847d00 SendMessageW
0x847d04 ScrollWindow
0x847d08 ScreenToClient
0x847d0c RemovePropW
0x847d10 RemoveMenu
0x847d14 ReleaseDC
0x847d18 ReleaseCapture
0x847d24 RegisterClassW
0x847d28 RedrawWindow
0x847d2c PtInRect
0x847d30 PostQuitMessage
0x847d34 PostMessageW
0x847d38 PeekMessageA
0x847d3c PeekMessageW
0x847d40 OpenClipboard
0x847d44 OffsetRect
0x847d50 MessageBoxW
0x847d54 MessageBeep
0x847d58 MapWindowPoints
0x847d5c MapVirtualKeyW
0x847d60 LoadStringW
0x847d64 LoadKeyboardLayoutW
0x847d68 LoadImageW
0x847d6c LoadIconW
0x847d70 LoadCursorW
0x847d74 LoadBitmapW
0x847d78 KillTimer
0x847d7c IsZoomed
0x847d80 IsWindowVisible
0x847d84 IsWindowUnicode
0x847d88 IsWindowEnabled
0x847d8c IsWindow
0x847d90 IsRectEmpty
0x847d94 IsIconic
0x847d98 IsDialogMessageA
0x847d9c IsDialogMessageW
0x847da0 IsChild
0x847da4 InvalidateRect
0x847da8 InsertMenuItemW
0x847dac InsertMenuW
0x847db0 InflateRect
0x847db4 HideCaret
0x847dbc GetWindowTextW
0x847dc0 GetWindowRect
0x847dc4 GetWindowPlacement
0x847dc8 GetWindowDC
0x847dcc GetTopWindow
0x847dd0 GetSystemMetrics
0x847dd4 GetSystemMenu
0x847dd8 GetSysColorBrush
0x847ddc GetSysColor
0x847de0 GetSubMenu
0x847de4 GetScrollRange
0x847de8 GetScrollPos
0x847dec GetScrollInfo
0x847df0 GetPropW
0x847df4 GetParent
0x847df8 GetWindow
0x847dfc GetMessagePos
0x847e00 GetMessageExtraInfo
0x847e04 GetMenuStringW
0x847e08 GetMenuState
0x847e0c GetMenuItemRect
0x847e10 GetMenuItemInfoW
0x847e14 GetMenuItemID
0x847e18 GetMenuItemCount
0x847e1c GetMenu
0x847e20 GetLastActivePopup
0x847e24 GetKeyboardState
0x847e30 GetKeyboardLayout
0x847e34 GetKeyState
0x847e38 GetKeyNameTextW
0x847e3c GetIconInfo
0x847e40 GetForegroundWindow
0x847e44 GetFocus
0x847e48 GetDlgItem
0x847e4c GetDlgCtrlID
0x847e50 GetDesktopWindow
0x847e54 GetDCEx
0x847e58 GetDC
0x847e5c GetCursorPos
0x847e60 GetCursor
0x847e64 GetComboBoxInfo
0x847e68 GetClipboardData
0x847e6c GetClientRect
0x847e70 GetClassNameW
0x847e74 GetClassInfoExW
0x847e78 GetClassInfoW
0x847e7c GetCapture
0x847e80 GetActiveWindow
0x847e84 FrameRect
0x847e88 FindWindowExW
0x847e8c FindWindowW
0x847e90 FillRect
0x847e94 EnumWindows
0x847e98 EnumThreadWindows
0x847e9c EnumChildWindows
0x847ea0 EndPaint
0x847ea4 EndMenu
0x847ea8 EnableWindow
0x847eac EnableScrollBar
0x847eb0 EnableMenuItem
0x847eb4 EmptyClipboard
0x847eb8 DrawTextExW
0x847ebc DrawTextW
0x847ec0 DrawMenuBar
0x847ec4 DrawIconEx
0x847ec8 DrawIcon
0x847ecc DrawFrameControl
0x847ed0 DrawFocusRect
0x847ed4 DrawEdge
0x847ed8 DispatchMessageA
0x847edc DispatchMessageW
0x847ee0 DestroyWindow
0x847ee4 DestroyMenu
0x847ee8 DestroyIcon
0x847eec DestroyCursor
0x847ef0 DeleteMenu
0x847ef4 DefWindowProcW
0x847ef8 DefMDIChildProcW
0x847efc DefFrameProcW
0x847f00 CreatePopupMenu
0x847f04 CreateMenu
0x847f08 CreateIconIndirect
0x847f0c CreateIcon
0x847f14 CopyImage
0x847f18 CopyIcon
0x847f1c CloseClipboard
0x847f20 ClientToScreen
0x847f24 CheckMenuItem
0x847f28 CharUpperBuffW
0x847f2c CharUpperW
0x847f30 CharNextW
0x847f34 CharLowerBuffW
0x847f38 CharLowerW
0x847f3c CallWindowProcW
0x847f40 CallNextHookEx
0x847f44 BeginPaint
0x847f48 AdjustWindowRectEx
Library gdi32.dll:
0x847f54 UnrealizeObject
0x847f58 StretchDIBits
0x847f5c StretchBlt
0x847f60 StartPage
0x847f64 StartDocW
0x847f68 SetWorldTransform
0x847f6c SetWindowOrgEx
0x847f70 SetWinMetaFileBits
0x847f74 SetViewportOrgEx
0x847f78 SetTextColor
0x847f7c SetStretchBltMode
0x847f80 SetRectRgn
0x847f84 SetROP2
0x847f88 SetPixel
0x847f8c SetGraphicsMode
0x847f90 SetEnhMetaFileBits
0x847f94 SetDIBits
0x847f98 SetDIBColorTable
0x847f9c SetBrushOrgEx
0x847fa0 SetBkMode
0x847fa4 SetBkColor
0x847fa8 SetAbortProc
0x847fac SelectPalette
0x847fb0 SelectObject
0x847fb4 SaveDC
0x847fb8 RoundRect
0x847fbc RestoreDC
0x847fc0 ResizePalette
0x847fc4 Rectangle
0x847fc8 RectVisible
0x847fcc RealizePalette
0x847fd0 Polyline
0x847fd4 Polygon
0x847fd8 PolyBezierTo
0x847fdc PolyBezier
0x847fe0 PlayEnhMetaFile
0x847fe4 Pie
0x847fe8 PatBlt
0x847fec MoveToEx
0x847ff0 MaskBlt
0x847ff4 LineTo
0x847ff8 IntersectClipRect
0x847ffc GetWindowOrgEx
0x848000 GetWinMetaFileBits
0x848004 GetViewportOrgEx
0x848008 GetTextMetricsW
0x84800c GetTextExtentPointW
0x848014 GetTextColor
0x84801c GetStretchBltMode
0x848020 GetStockObject
0x848024 GetRgnBox
0x848028 GetPixel
0x84802c GetPaletteEntries
0x848030 GetObjectW
0x848044 GetEnhMetaFileBits
0x848048 GetDeviceCaps
0x84804c GetDIBits
0x848050 GetDIBColorTable
0x848058 GetCurrentObject
0x84805c GetClipBox
0x848060 GetBrushOrgEx
0x848064 GetBkMode
0x848068 GetBitmapBits
0x84806c GdiFlush
0x848070 FrameRgn
0x848074 ExtTextOutW
0x848078 ExtFloodFill
0x84807c ExtCreateRegion
0x848080 ExcludeClipRect
0x848084 EnumFontsW
0x848088 EnumFontFamiliesExW
0x84808c EndPage
0x848090 EndDoc
0x848094 Ellipse
0x848098 DeleteObject
0x84809c DeleteEnhMetaFile
0x8480a0 DeleteDC
0x8480a4 CreateSolidBrush
0x8480a8 CreateRoundRectRgn
0x8480ac CreateRectRgn
0x8480b0 CreatePenIndirect
0x8480b4 CreatePalette
0x8480b8 CreateICW
0x8480c0 CreateFontIndirectW
0x8480c4 CreateDIBitmap
0x8480c8 CreateDIBSection
0x8480cc CreateDCW
0x8480d0 CreateCompatibleDC
0x8480d8 CreateBrushIndirect
0x8480dc CreateBitmap
0x8480e0 CopyEnhMetaFileW
0x8480e4 CombineRgn
0x8480e8 Chord
0x8480ec BitBlt
0x8480f0 ArcTo
0x8480f4 Arc
0x8480f8 AngleArc
0x8480fc AbortDoc
Library version.dll:
0x848104 VerQueryValueW
0x84810c GetFileVersionInfoW
Library kernel32.dll:
0x848114 WriteFile
0x848118 WideCharToMultiByte
0x84811c WaitForSingleObject
0x848124 VirtualQueryEx
0x848128 VirtualQuery
0x84812c VirtualProtect
0x848130 VirtualFree
0x848134 VirtualAlloc
0x848138 VerSetConditionMask
0x84813c VerifyVersionInfoW
0x848140 UnmapViewOfFile
0x84814c SwitchToThread
0x848150 SuspendThread
0x848154 Sleep
0x848158 SizeofResource
0x84815c SetThreadPriority
0x848160 SetThreadLocale
0x848164 SetLastError
0x848168 SetFileTime
0x84816c SetFilePointer
0x848170 SetFileAttributesW
0x848174 SetEvent
0x848178 SetErrorMode
0x84817c SetEndOfFile
0x848180 ResumeThread
0x848184 ResetEvent
0x848188 RemoveDirectoryW
0x84818c ReadFile
0x848190 RaiseException
0x84819c QueryDosDeviceW
0x8481a0 IsDebuggerPresent
0x8481a4 MultiByteToWideChar
0x8481a8 MulDiv
0x8481ac MapViewOfFile
0x8481b0 LockResource
0x8481b4 LocalFree
0x8481bc LoadResource
0x8481c0 LoadLibraryW
0x8481c8 IsValidLocale
0x8481d0 HeapSize
0x8481d4 HeapFree
0x8481d8 HeapDestroy
0x8481dc HeapCreate
0x8481e0 HeapAlloc
0x8481e4 GlobalUnlock
0x8481e8 GlobalLock
0x8481ec GlobalFree
0x8481f0 GlobalFindAtomW
0x8481f4 GlobalDeleteAtom
0x8481f8 GlobalAlloc
0x8481fc GlobalAddAtomW
0x848208 GetVersionExW
0x84820c GetVersion
0x848214 GetTickCount
0x848218 GetThreadPriority
0x84821c GetThreadLocale
0x848220 GetTempPathW
0x848224 GetStdHandle
0x848228 GetLongPathNameW
0x84822c GetProcAddress
0x848230 GetModuleHandleW
0x848234 GetModuleFileNameW
0x848238 GetLogicalDrives
0x848240 GetLocaleInfoW
0x848244 GetLocalTime
0x848248 GetLastError
0x84824c GetFullPathNameW
0x848250 GetFileSize
0x848258 GetFileAttributesW
0x84825c GetExitCodeThread
0x848264 GetDriveTypeW
0x848268 GetDiskFreeSpaceW
0x84826c GetDateFormatW
0x848270 GetCurrentThreadId
0x848274 GetCurrentThread
0x848278 GetCurrentProcessId
0x84827c GetCurrentProcess
0x848280 GetComputerNameW
0x848284 GetCPInfoExW
0x848288 GetCPInfo
0x84828c GetACP
0x848290 FreeResource
0x848294 FreeLibrary
0x848298 FormatMessageW
0x84829c FindResourceW
0x8482a0 FindNextFileW
0x8482a4 FindFirstFileW
0x8482a8 FindClose
0x8482b8 EnumSystemLocalesW
0x8482bc EnumResourceNamesW
0x8482c0 EnumCalendarInfoW
0x8482c8 DeleteFileW
0x8482d0 CreateThread
0x8482d4 CreateMutexW
0x8482d8 CreateFileMappingW
0x8482dc CreateFileW
0x8482e0 CreateEventW
0x8482e4 CreateDirectoryW
0x8482e8 CompareStringA
0x8482ec CompareStringW
0x8482f0 CloseHandle
Library advapi32.dll:
0x8482f8 RegUnLoadKeyW
0x8482fc RegSetValueExW
0x848300 RegSaveKeyW
0x848304 RegRestoreKeyW
0x848308 RegReplaceKeyW
0x84830c RegQueryValueExW
0x848310 RegQueryInfoKeyW
0x848314 RegOpenKeyExW
0x848318 RegLoadKeyW
0x84831c RegFlushKey
0x848320 RegEnumValueW
0x848324 RegEnumKeyExW
0x848328 RegDeleteValueW
0x84832c RegDeleteKeyW
0x848330 RegCreateKeyExW
0x848334 RegConnectRegistryW
0x848338 RegCloseKey
Library SHFolder.dll:
0x848340 SHGetFolderPathW
Library kernel32.dll:
0x848348 Sleep
Library netapi32.dll:
0x848350 NetApiBufferFree
0x848354 NetWkstaGetInfo
Library oleaut32.dll:
0x84835c SafeArrayPtrOfIndex
0x848360 SafeArrayPutElement
0x848364 SafeArrayGetElement
0x84836c SafeArrayAccessData
0x848370 SafeArrayGetUBound
0x848374 SafeArrayGetLBound
0x848378 SafeArrayRedim
0x84837c SafeArrayCreate
0x848380 VariantChangeType
0x848384 VariantCopyInd
0x848388 VariantCopy
0x84838c VariantClear
0x848390 VariantInit
Library oleaut32.dll:
0x848398 CreateErrorInfo
0x84839c GetErrorInfo
0x8483a0 SetErrorInfo
0x8483a4 SysFreeString
Library ole32.dll:
0x8483ac OleUninitialize
0x8483b0 OleInitialize
0x8483b4 CoTaskMemFree
0x8483b8 CoTaskMemAlloc
0x8483bc StringFromCLSID
0x8483c0 CoCreateInstance
0x8483c4 CoUninitialize
0x8483c8 CoInitialize
0x8483cc IsEqualGUID
Library comctl32.dll:
0x8483d4 InitializeFlatSB
0x8483dc FlatSB_SetScrollPos
0x8483e4 FlatSB_GetScrollPos
0x8483ec _TrackMouseEvent
0x8483fc ImageList_Write
0x848400 ImageList_Read
0x84840c ImageList_DragMove
0x848410 ImageList_DragLeave
0x848414 ImageList_DragEnter
0x848418 ImageList_EndDrag
0x84841c ImageList_BeginDrag
0x848420 ImageList_Copy
0x848428 ImageList_GetIcon
0x84842c ImageList_Remove
0x848430 ImageList_DrawEx
0x848434 ImageList_Replace
0x848438 ImageList_Draw
0x84844c ImageList_Add
0x848458 ImageList_Destroy
0x84845c ImageList_Create
0x848460 InitCommonControls
Library user32.dll:
0x848468 EnumDisplayMonitors
0x84846c GetMonitorInfoW
0x848470 MonitorFromPoint
0x848474 MonitorFromRect
0x848478 MonitorFromWindow
Library msvcrt.dll:
0x848480 memset
0x848484 memcpy
Library shell32.dll:
0x84848c ShellExecuteW
0x848490 Shell_NotifyIconW

Exports

Ordinal Address Name
3 0x469b1c TMethodImplementationIntercept
2 0x410eec __dbk_fcall_wrapper
1 0x82f630 dbkFCallWrapperAddr

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 53945 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.