4.2
中危
61 个模型检测该样本为恶意!
重新分析
更多

c96586228f5074a9bff189f1142062b6421f43f679ad04ccf5274be43b1e8199

ed813fe5771e853926c8705edc5f1402.exe

分析耗时

82s

最近分析

文件大小

1.9MB
静态报毒 动态报毒 3R0@A85Y9MGI AD@8R7EF8 AI SCORE=80 AIDETECTVM BANKERX BSCOPE CLASSIC CONFIDENCE ELDORADO ENCPK GENCIRC GENERICKDZ GENETIC GENKRYPTIK HCYD HIGH CONFIDENCE INJECT3 KRYPTIK MALICIOUS PE MALWARE1 PINKSBOT QAKBOT QBOT QVM20 R + MAL R334198 SCORE SHADE STATIC AI SUSGEN TLHL TROJANBANKER UNSAFE XEJIO ZEXAF ZQ8A48 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanBanker:Win32/Kryptik.4120a408 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:BankerX-gen [Trj] 20201229 21.1.5827.0
Kingsoft 20201229 2017.9.26.565
McAfee W32/PinkSbot-GN!ED813FE5771E 20201229 6.0.6.653
Tencent Malware.Win32.Gencirc.10b9eaa9 20201229 1.0.0.1
CrowdStrike win/malicious_confidence_80% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619999729.5964
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
The file contains an unknown PE resource name possibly indicative of a packer (2 个事件)
resource name MUI
resource name REGINST
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (4 个事件)
Time & API Arguments Status Return Repeated
1619999682.1584
NtAllocateVirtualMemory
process_identifier: 2248
region_size: 233472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x006c0000
success 0 0
1619999729.5024
NtAllocateVirtualMemory
process_identifier: 2248
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x020a0000
success 0 0
1619999729.5024
NtProtectVirtualMemory
process_identifier: 2248
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 245760
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1620005826.443874
NtAllocateVirtualMemory
process_identifier: 3044
region_size: 233472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01e00000
success 0 0
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619999730.2684
CreateProcessInternalW
thread_identifier: 340
thread_handle: 0x00000154
process_identifier: 3044
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\ed813fe5771e853926c8705edc5f1402.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000158
inherit_handles: 0
success 1 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Generates some ICMP traffic
File has been identified by 61 AntiVirus engines on VirusTotal as malicious (50 out of 61 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.66726
FireEye Generic.mg.ed813fe5771e8539
CAT-QuickHeal Trojan.Qbot
ALYac Trojan.Agent.QakBot
Cylance Unsafe
SUPERAntiSpyware Trojan.Agent/Gen-QBot
Sangfor Malware
K7AntiVirus Trojan ( 0056589c1 )
Alibaba TrojanBanker:Win32/Kryptik.4120a408
K7GW Trojan ( 005655711 )
Cybereason malicious.5771e8
Arcabit Trojan.Generic.D104A6
Cyren W32/Trojan.FLH.gen!Eldorado
Symantec Packed.Generic.459
APEX Malicious
Avast Win32:BankerX-gen [Trj]
ClamAV Win.Dropper.Qakbot-7686012-0
Kaspersky HEUR:Trojan-Banker.Win32.Qbot.vho
BitDefender Trojan.GenericKDZ.66726
Paloalto generic.ml
AegisLab Trojan.Win32.Malicious.4!c
Rising Trojan.Kryptik!1.C427 (CLASSIC)
Ad-Aware Trojan.GenericKDZ.66726
Sophos Mal/Generic-R + Mal/EncPk-APV
Comodo TrojWare.Win32.Qbot.AD@8r7ef8
F-Secure Trojan.TR/AD.Qbot.xejio
DrWeb Trojan.Inject3.39113
VIPRE Trojan.Win32.Generic!BT
TrendMicro Backdoor.Win32.QAKBOT.SME
McAfee-GW-Edition BehavesLike.Win32.Dropper.tz
Emsisoft Trojan.GenericKDZ.66726 (B)
SentinelOne Static AI - Malicious PE
Jiangmin Trojan.Banker.Qbot.nv
Avira TR/AD.Qbot.xejio
MAX malware (ai score=80)
Antiy-AVL Trojan[Banker]/Win32.Qbot
Gridinsoft Trojan.Win32.Kryptik.ba!s3
Microsoft Trojan:Win32/Qbot.MX!MTB
ZoneAlarm HEUR:Trojan-Banker.Win32.Qbot.vho
GData Trojan.GenericKDZ.66726
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.QBot.R334198
Acronis suspicious
McAfee W32/PinkSbot-GN!ED813FE5771E
TACHYON Backdoor/W32.QBot.1950208
VBA32 BScope.TrojanRansom.Shade
Malwarebytes Trojan.Qbot
ESET-NOD32 a variant of Win32/Kryptik.HCYD
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-04-23 20:47:57

Imports

Library KERNEL32.dll:
0x5dbb00 VirtualAlloc
0x5dbb04 GetModuleHandleW
0x5dbb08 lstrlenW
0x5dbb0c lstrcmpA
0x5dbb10 WriteProcessMemory
0x5dbb14 WriteFile
0x5dbb18 WideCharToMultiByte
0x5dbb1c WaitForSingleObject
0x5dbb24 VirtualQueryEx
0x5dbb28 VirtualQuery
0x5dbb2c VirtualProtectEx
0x5dbb30 VirtualProtect
0x5dbb34 VirtualFree
0x5dbb38 UnmapViewOfFile
0x5dbb3c TerminateThread
0x5dbb40 TerminateProcess
0x5dbb48 SuspendThread
0x5dbb4c Sleep
0x5dbb50 SizeofResource
0x5dbb54 SetThreadPriority
0x5dbb58 SetThreadContext
0x5dbb60 SetPriorityClass
0x5dbb64 SetLastError
0x5dbb68 SetFilePointer
0x5dbb6c SetEvent
0x5dbb70 ResumeThread
0x5dbb74 ResetEvent
0x5dbb78 ReleaseSemaphore
0x5dbb7c ReleaseMutex
0x5dbb80 ReadProcessMemory
0x5dbb84 ReadFile
0x5dbb90 PulseEvent
0x5dbb94 OutputDebugStringW
0x5dbb98 OpenProcess
0x5dbb9c OpenMutexW
0x5dbba0 OpenFileMappingA
0x5dbba4 OpenFileMappingW
0x5dbba8 OpenEventA
0x5dbbac MultiByteToWideChar
0x5dbbb0 MulDiv
0x5dbbb4 MapViewOfFile
0x5dbbb8 LockResource
0x5dbbbc LocalFree
0x5dbbc0 LocalAlloc
0x5dbbc4 LoadResource
0x5dbbc8 LoadLibraryExA
0x5dbbcc LoadLibraryExW
0x5dbbd0 LoadLibraryA
0x5dbbd4 LoadLibraryW
0x5dbbe0 GlobalUnlock
0x5dbbe4 GlobalSize
0x5dbbe8 GlobalReAlloc
0x5dbbec GlobalHandle
0x5dbbf0 GlobalLock
0x5dbbf4 GlobalFree
0x5dbbf8 GlobalFindAtomW
0x5dbbfc GlobalDeleteAtom
0x5dbc00 GlobalAlloc
0x5dbc04 GlobalAddAtomW
0x5dbc14 GetVersionExA
0x5dbc18 GetVersionExW
0x5dbc1c GetVersion
0x5dbc20 GetTickCount
0x5dbc24 GetThreadPriority
0x5dbc28 GetThreadLocale
0x5dbc2c GetThreadContext
0x5dbc30 GetTempPathW
0x5dbc34 GetSystemTime
0x5dbc38 GetSystemDirectoryA
0x5dbc3c GetSystemDirectoryW
0x5dbc40 GetStartupInfoW
0x5dbc44 GetProcessVersion
0x5dbc4c GetProcAddress
0x5dbc50 GetPriorityClass
0x5dbc54 GetModuleHandleA
0x5dbc58 GetModuleFileNameA
0x5dbc5c GetModuleFileNameW
0x5dbc60 GetLogicalDrives
0x5dbc64 GetLastError
0x5dbc68 GetFileSize
0x5dbc6c GetFileAttributesA
0x5dbc70 GetFileAttributesW
0x5dbc74 GetExitCodeThread
0x5dbc78 GetExitCodeProcess
0x5dbc80 GetDriveTypeW
0x5dbc84 GetCurrentThreadId
0x5dbc88 GetCurrentThread
0x5dbc8c GetCurrentProcessId
0x5dbc90 GetCurrentProcess
0x5dbc94 GetComputerNameW
0x5dbc98 GetCommandLineA
0x5dbc9c FreeResource
0x5dbca8 FreeLibrary
0x5dbcac FormatMessageA
0x5dbcb0 FormatMessageW
0x5dbcb4 FindResourceA
0x5dbcb8 FindResourceW
0x5dbcbc FindNextFileW
0x5dbcc0 FindFirstFileA
0x5dbcc4 FindFirstFileW
0x5dbcc8 FindClose
0x5dbcd0 ExitProcess
0x5dbcd4 EnumResourceNamesW
0x5dbcdc DuplicateHandle
0x5dbce4 CreateThread
0x5dbce8 CreateSemaphoreW
0x5dbcec CreateMutexA
0x5dbcf0 CreateMutexW
0x5dbcf4 CreateFileMappingA
0x5dbcf8 CreateFileMappingW
0x5dbcfc CreateFileA
0x5dbd00 CreateFileW
0x5dbd04 CreateEventA
0x5dbd08 CreateEventW
0x5dbd0c CompareStringW
0x5dbd10 CloseHandle
0x5dbd14 GetProfileSectionA
0x5dbd18 FatalExit
0x5dbd1c ExitThread
0x5dbd20 GetShortPathNameA
0x5dbd24 GetDiskFreeSpaceExA
0x5dbd28 GetLongPathNameA
0x5dbd2c GetConsoleTitleA
0x5dbd30 Heap32ListNext
0x5dbd3c RtlZeroMemory
0x5dbd40 _lclose
0x5dbd44 OpenJobObjectA
0x5dbd48 GetMailslotInfo
0x5dbd4c GetDriveTypeA
0x5dbd50 SwitchToThread
0x5dbd58 _lwrite
0x5dbd5c CommConfigDialogA
0x5dbd60 InterlockedExchange
0x5dbd68 GetStartupInfoA
Library USER32.dll:
0x5dbd70 LoadIconW
0x5dbd74 LoadCursorFromFileW
0x5dbd78 GetAsyncKeyState
0x5dbd7c GetForegroundWindow
0x5dbd80 GetKeyboardLayout
0x5dbd84 GetDC
0x5dbd88 GetSystemMetrics
0x5dbd8c GetDlgCtrlID
0x5dbd90 GetListBoxInfo
0x5dbd94 GetThreadDesktop
0x5dbd98 ShowCaret
0x5dbd9c DestroyWindow
0x5dbda0 GetClipboardViewer
0x5dbda4 GetTopWindow
0x5dbda8 CharLowerA
0x5dbdac LoadIconA
0x5dbdb0 WaitForInputIdle
0x5dbdb4 TranslateMessage
0x5dbdbc AnimateWindow
0x5dbdc0 ShowWindow
0x5dbdc4 ShowOwnedPopups
0x5dbdc8 SetWindowRgn
0x5dbdcc SetWindowPos
0x5dbdd0 SetWindowPlacement
0x5dbdd4 SetWindowLongW
0x5dbdd8 SetTimer
0x5dbddc SetPropA
0x5dbde0 SetParent
0x5dbde4 SetForegroundWindow
0x5dbde8 SetCursorPos
0x5dbdec SetClassLongW
0x5dbdf0 SendMessageTimeoutA
0x5dbdf4 SendMessageTimeoutW
0x5dbdfc SendMessageA
0x5dbe00 SendMessageW
0x5dbe04 RemovePropA
0x5dbe08 ReleaseDC
0x5dbe10 PostThreadMessageA
0x5dbe14 PostMessageA
0x5dbe18 PostMessageW
0x5dbe1c OffsetRect
0x5dbe24 LoadImageW
0x5dbe28 LoadCursorW
0x5dbe2c LoadBitmapW
0x5dbe30 KillTimer
0x5dbe34 IsZoomed
0x5dbe38 IsWindowVisible
0x5dbe3c IsWindowUnicode
0x5dbe40 IsWindowEnabled
0x5dbe44 IsWindow
0x5dbe48 IsIconic
0x5dbe4c InvalidateRect
0x5dbe50 InflateRect
0x5dbe58 GetWindowRect
0x5dbe5c GetWindowPlacement
0x5dbe60 GetWindowLongW
0x5dbe64 GetSystemMenu
0x5dbe68 GetPropA
0x5dbe6c GetParent
0x5dbe70 GetWindow
0x5dbe74 GetMessageW
0x5dbe78 GetMenu
0x5dbe7c GetClientRect
0x5dbe80 GetClassNameA
0x5dbe84 GetClassLongW
0x5dbe88 FrameRect
0x5dbe8c FindWindowExA
0x5dbe90 FindWindowExW
0x5dbe94 FindWindowW
0x5dbe98 EnumWindows
0x5dbe9c EnumThreadWindows
0x5dbea0 EnableWindow
0x5dbea4 EnableMenuItem
0x5dbea8 DrawTextW
0x5dbeac DrawFrameControl
0x5dbeb0 DrawFocusRect
0x5dbeb4 DispatchMessageW
0x5dbeb8 DestroyIcon
0x5dbec0 CharUpperW
0x5dbec4 CharLowerW
0x5dbec8 AttachThreadInput
0x5dbecc AdjustWindowRectEx
Library GDI32.dll:
0x5dbed4 GetStockObject
0x5dbed8 UnrealizeObject
0x5dbedc CreateMetaFileA
0x5dbee0 CreatePatternBrush
0x5dbee4 GetPolyFillMode
0x5dbee8 DeleteDC
0x5dbeec FillPath
0x5dbef4 SelectObject
0x5dbef8 GetTextExtentPointW
0x5dbf00 DeleteObject
0x5dbf04 CreateRoundRectRgn
0x5dbf08 CreateFontIndirectW
0x5dbf0c BitBlt
0x5dbf14 CreateDIBitmap
0x5dbf1c GetPath
0x5dbf20 CLIPOBJ_cEnumStart
0x5dbf2c GetCurrentObject
Library ADVAPI32.dll:
0x5dbf34 RegOpenKeyA
0x5dbf38 RegQueryValueExA
0x5dbf40 RegUnLoadKeyW
0x5dbf44 RegOpenKeyExA
0x5dbf48 RegLoadKeyW
0x5dbf4c RegCloseKey
0x5dbf50 OpenProcessToken
0x5dbf54 LookupAccountSidA
0x5dbf58 LookupAccountSidW
0x5dbf60 GetUserNameW
0x5dbf64 GetTokenInformation
0x5dbf68 GetLengthSid
0x5dbf6c QueryServiceStatus
0x5dbf70 OpenServiceW
0x5dbf74 OpenSCManagerW
0x5dbf78 CloseServiceHandle
0x5dbf80 CryptSetProvParam
0x5dbf84 CryptGetProvParam
0x5dbf88 CryptDestroyHash
0x5dbf8c CryptSignHashA
0x5dbf90 CryptSetHashParam
0x5dbf94 CryptCreateHash
0x5dbf98 CryptImportKey
0x5dbf9c CryptExportKey
0x5dbfa0 CryptReleaseContext
0x5dbfa4 CryptDestroyKey
0x5dbfa8 CryptGetUserKey
0x5dbfb0 CryptDecrypt
Library SHELL32.dll:
0x5dbfb8 SHGetFileInfoA
0x5dbfbc ShellExecuteW
0x5dbfc0 Shell_NotifyIconW
0x5dbfc4 SHGetFolderPathA
0x5dbfc8 SHGetFolderPathW
0x5dbfcc
0x5dbfd4 SHGetFolderLocation
0x5dbfe0 SHBrowseForFolderW
0x5dbfe4 Shell_NotifyIcon
0x5dbfe8 ExtractIconA
0x5dbfec SHBrowseForFolderA
0x5dbff4 ShellAboutW
0x5dbff8 FindExecutableW
0x5dbffc ShellExecuteA
0x5dc000 SHLoadInProc
0x5dc004 SHFileOperationA
0x5dc008 Shell_NotifyIconA
0x5dc00c DoEnvironmentSubstW
0x5dc010 SHBindToParent
0x5dc014 SHGetDesktopFolder
0x5dc01c ExtractIconExA
0x5dc020 SHGetMalloc
0x5dc024 CheckEscapesW
0x5dc030 DoEnvironmentSubstA
0x5dc034 SHChangeNotify
0x5dc03c DragQueryFileAorW
0x5dc048 FindExecutableA
0x5dc04c DragFinish
Library ole32.dll:
0x5dc05c OleUninitialize
0x5dc060 CoTaskMemFree
0x5dc064 CoCreateInstance
0x5dc068 CoUninitialize
0x5dc06c CoInitialize
0x5dc074 CoCreateGuid
Library SHLWAPI.dll:
0x5dc07c StrStrIW
0x5dc080 StrStrA
0x5dc084 StrChrIA
0x5dc088 StrRStrIA
0x5dc08c StrChrA
Library COMCTL32.dll:
0x5dc098 ImageList_Write
0x5dc09c ImageList_Read
0x5dc0a0 ImageList_GetIcon
0x5dc0ac ImageList_Destroy
0x5dc0b0 ImageList_Create

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.