3.8
中危
36 个模型检测该样本为恶意!
重新分析
更多

6194e84abd60d7ce60ef014c0da2c55a8b648d22b589f6b29558bf537f968266

ee89e5b8e4a7bd3ad344c825812f9994.exe

分析耗时

75s

最近分析

文件大小

309.7KB
静态报毒 动态报毒 100% AI SCORE=88 ANPP ARTEMIS BAZAR BBPD CERTIFICATE CLASSIC CONFIDENCE FALSESIGN GENCBL GENERICKD HWFYXU MALCERT MALWARE@#3VCOKCFWPAQ8O MANSABO POSSIBLE SUSGEN THREAT UNSAFE UNTRUSTED YMACCO 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!EE89E5B8E4A7 20201027 6.0.6.653
Baidu 20190318 1.0.0.2
Alibaba Trojan:Win32/Mansabo.d134ef15 20190527 0.3.0.5
Kingsoft 20201027 2013.8.14.323
Tencent Win32.Trojan.Falsesign.Anpp 20201027 1.0.0.1
Avast Win64:Trojan-gen 20201027 18.4.3895.0
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
This executable is signed
This executable has a PDB path (1 个事件)
pdb_path C:\Users\Mr.Anderson\Desktop\2013\WindowsSDK7-Samples-master\WindowsSDK7-Samples-master\winui\msaa\CPP\x64\Release\AccServer.pdb
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620812047.470021
NtAllocateVirtualMemory
process_identifier: 2228
region_size: 155648
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x0000000001c40000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (2 个事件)
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1620812047.642021
NtProtectVirtualMemory
process_identifier: 2228
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 86016
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffffffffffff
base_address: 0x0000000180001000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.783120240082527 section {'size_of_data': '0x0002b800', 'virtual_address': '0x00028000', 'entropy': 7.783120240082527, 'name': '.rsrc', 'virtual_size': '0x0002b788'} description A section with a high entropy has been found
entropy 0.5723684210526315 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 36 AntiVirus engines on VirusTotal as malicious (36 个事件)
MicroWorld-eScan Trojan.GenericKD.34508283
FireEye Trojan.GenericKD.34508283
McAfee Artemis!EE89E5B8E4A7
Cylance Unsafe
K7AntiVirus Trojan ( 0056e1ed1 )
BitDefender Trojan.GenericKD.34508283
K7GW Trojan ( 0056e1ed1 )
Cyren W64/Trojan.BBPD-4608
ESET-NOD32 Win64/Bazar.Q
Paloalto generic.ml
Kaspersky Trojan.Win32.Mansabo.frw
Alibaba Trojan:Win32/Mansabo.d134ef15
NANO-Antivirus Trojan.Win64.Mansabo.hwfyxu
Rising Trojan.MalCert!1.CC23 (CLASSIC)
Ad-Aware Trojan.GenericKD.34508283
Comodo Malware@#3vcokcfwpaq8o
Invincea Mal/Generic-S
McAfee-GW-Edition Artemis!Trojan
Sophos Mal/Generic-S
GData Trojan.GenericKD.34508283
Jiangmin Trojan.Mansabo.buq
Webroot W32.Trojan.Gen
MAX malware (ai score=88)
Arcabit Trojan.Generic.D20E8DFB
ZoneAlarm Trojan.Win32.Mansabo.frw
Microsoft Trojan:Win32/Ymacco.AA61
VBA32 Trojan.Mansabo
Panda Trj/CI.A
Tencent Win32.Trojan.Falsesign.Anpp
Ikarus possible-Threat.Untrusted.Certificate
MaxSecure Trojan.Malware.106440253.susgen
Fortinet W32/GenCBL.V!tr
AVG Win64:Trojan-gen
Avast Win64:Trojan-gen
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Win64/Trojan.4b0
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-09-10 23:09:40

Imports

Library OLEACC.dll:
0x140015298 LresultFromObject
Library KERNEL32.dll:
0x140015068 GetConsoleMode
0x140015070 GetConsoleCP
0x140015078 FlushFileBuffers
0x140015080 GetStringTypeW
0x140015088 HeapReAlloc
0x140015090 LCMapStringW
0x140015098 SetStdHandle
0x1400150a0 OutputDebugStringW
0x1400150a8 GetCPInfo
0x1400150b0 GetOEMCP
0x1400150b8 GetACP
0x1400150c0 IsValidCodePage
0x1400150c8 LoadLibraryExW
0x1400150d0 LeaveCriticalSection
0x1400150d8 EnterCriticalSection
0x1400150e0 SetFilePointerEx
0x1400150e8 VirtualAlloc
0x1400150f0 GetProcAddress
0x1400150f8 SizeofResource
0x140015100 CreateDirectoryW
0x140015108 LoadResource
0x140015110 FindResourceA
0x140015118 ExitProcess
0x140015120 WriteConsoleW
0x140015128 CloseHandle
0x140015130 RtlUnwindEx
0x140015138 HeapSize
0x140015140 FreeEnvironmentStringsW
0x140015148 GetEnvironmentStringsW
0x140015150 GetSystemTimeAsFileTime
0x140015158 GetCurrentProcessId
0x140015160 GetLastError
0x140015168 HeapFree
0x140015170 HeapAlloc
0x140015178 IsDebuggerPresent
0x140015188 GetCommandLineW
0x140015190 EncodePointer
0x140015198 DecodePointer
0x1400151a0 RtlPcToFileHeader
0x1400151a8 RaiseException
0x1400151b0 RtlLookupFunctionEntry
0x1400151b8 CreateFileW
0x1400151c0 GetProcessHeap
0x1400151c8 GetModuleHandleExW
0x1400151d0 MultiByteToWideChar
0x1400151d8 WideCharToMultiByte
0x1400151e0 GetStdHandle
0x1400151e8 WriteFile
0x1400151f0 GetModuleFileNameW
0x1400151f8 RtlCaptureContext
0x140015200 RtlVirtualUnwind
0x140015208 UnhandledExceptionFilter
0x140015218 SetLastError
0x140015228 Sleep
0x140015230 GetCurrentProcess
0x140015238 TerminateProcess
0x140015240 TlsAlloc
0x140015248 TlsGetValue
0x140015250 TlsSetValue
0x140015258 TlsFree
0x140015260 GetStartupInfoW
0x140015268 GetModuleHandleW
0x140015270 GetCurrentThreadId
0x140015278 GetFileType
0x140015280 DeleteCriticalSection
0x140015288 QueryPerformanceCounter
Library USER32.dll:
0x1400152c0 DialogBoxParamW
0x1400152c8 EndDialog
0x1400152d0 SendDlgItemMessageW
0x1400152d8 EndPaint
0x1400152e0 ClientToScreen
0x1400152e8 NotifyWinEvent
0x1400152f0 GetParent
0x1400152f8 LoadCursorW
0x140015300 GetWindowLongPtrW
0x140015308 GetClientRect
0x140015310 BeginPaint
0x140015318 SetFocus
0x140015320 InflateRect
0x140015328 InvalidateRect
0x140015330 GetSysColor
0x140015338 GetSysColorBrush
0x140015340 MessageBoxW
0x140015348 RegisterClassW
0x140015350 SetWindowLongPtrW
0x140015358 DefWindowProcW
0x140015360 ScreenToClient
0x140015368 GetWindowRect
0x140015370 PostMessageW
0x140015378 GetFocus
0x140015380 DrawFocusRect
Library GDI32.dll:
0x140015000 SetBkMode
0x140015008 DeleteObject
0x140015010 SelectObject
0x140015018 Rectangle
0x140015020 Ellipse
0x140015028 CreateFontW
0x140015030 GetObjectW
0x140015038 CreatePen
0x140015040 TextOutW
0x140015048 GetStockObject
0x140015050 CreateSolidBrush
0x140015058 SetTextColor
Library ole32.dll:
0x140015390 CoInitialize
0x140015398 CoUninitialize
Library OLEAUT32.dll:
0x1400152b0 SysAllocString

Exports

Ordinal Address Name
1 0x140003670 sdfxsdfghjghhfEEADSDDd

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.