5.2
中危
56 个模型检测该样本为恶意!
重新分析
更多

f2cc934b80225445de9435f4b8b8ec4e6edabd21c49adf2d1490bebf60926f70

f0cb30a344eaeeb4b6eae5a735d61d01.exe

分析耗时

87s

最近分析

文件大小

651.5KB
静态报毒 动态报毒 AI SCORE=85 AIDETECTVM ATTRIBUTE BSCOPE BTEKCL CLASSIC CONFIDENCE DELF DELFINJECT ELDORADO EMPE GDSDA GENCIRC GENERICRXKI HIGH CONFIDENCE HIGHCONFIDENCE HJLSGN IGENT KRYPTIK MALWARE2 MALWARE@#3T5CDZ7HZ90HF R066C0PIK20 R334776 REMCOS REMCOSCRYPT SCORE SIGGEN8 SONBOKLI STATIC AI SUSGEN SUSPICIOUS PE UNSAFE WACATAC WZWBW 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXKI-OJ!F0CB30A344EA 20201229 6.0.6.653
Alibaba TrojanDownloader:Win32/Remcos.dec1e78c 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201229 21.1.5827.0
Kingsoft 20201229 2017.9.26.565
Tencent Malware.Win32.Gencirc.10b9ec98 20201229 1.0.0.1
CrowdStrike win/malicious_confidence_80% (D) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1620005594.35075
__exception__
stacktrace: 
0x2129416
DriverCallback+0x4e waveOutOpen-0xa2e winmm+0x3af0 @ 0x75113af0
timeEndPeriod+0x54a timeKillEvent-0x57 winmm+0xa535 @ 0x7511a535
timeEndPeriod+0x449 timeKillEvent-0x158 winmm+0xa434 @ 0x7511a434
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 56753176
registers.edi: 56753220
registers.eax: 0
registers.ebp: 56753772
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
exception.instruction_r: 8b 40 3c 99 03 04 24 13 54 24 04 83 c4 08 89 44
exception.instruction: mov eax, dword ptr [eax + 0x3c]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x2128bd8
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620005536.58575
NtAllocateVirtualMemory
process_identifier: 2760
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01de0000
success 0 0
Downloads a file or document from Google Drive (1 个事件)
domain drive.google.com
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620005562.47575
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620005565.03875
RegSetValueExA
key_handle: 0x000003c0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620005565.03875
RegSetValueExA
key_handle: 0x000003c0
value: 0œ •?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620005565.03875
RegSetValueExA
key_handle: 0x000003c0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620005565.03875
RegSetValueExW
key_handle: 0x000003c0
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620005565.05475
RegSetValueExA
key_handle: 0x000003d8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620005565.05475
RegSetValueExA
key_handle: 0x000003d8
value: 0œ •?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620005565.05475
RegSetValueExA
key_handle: 0x000003d8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620005565.06975
RegSetValueExW
key_handle: 0x000003bc
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 108.160.169.178:443
File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Empe.1.Gen
FireEye Generic.mg.f0cb30a344eaeeb4
McAfee GenericRXKI-OJ!F0CB30A344EA
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan-Downloader ( 0056594f1 )
Alibaba TrojanDownloader:Win32/Remcos.dec1e78c
K7GW Trojan-Downloader ( 0056594f1 )
Cybereason malicious.344eae
Arcabit Trojan.Empe.1.Gen
Cyren W32/DelfInject.CJ.gen!Eldorado
Symantec ML.Attribute.HighConfidence
TrendMicro-HouseCall TROJ_GEN.R066C0PIK20
Avast Win32:Trojan-gen
Kaspersky HEUR:Backdoor.Win32.Remcos.gen
BitDefender Trojan.Empe.1.Gen
NANO-Antivirus Trojan.Win32.Delf.hjlsgn
Paloalto generic.ml
Rising Trojan.Kryptik!1.C56D (CLASSIC)
Ad-Aware Trojan.Empe.1.Gen
Sophos Mal/Generic-S
Comodo Malware@#3t5cdz7hz90hf
F-Secure Trojan.TR/Dldr.Delf.wzwbw
DrWeb Trojan.Siggen8.46567
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R066C0PIK20
McAfee-GW-Edition GenericRXKI-OJ!F0CB30A344EA
SentinelOne Static AI - Suspicious PE
Emsisoft Trojan.Empe.1.Gen (B)
APEX Malicious
Jiangmin Backdoor.Remcos.bkm
Avira TR/Dldr.Delf.wzwbw
MAX malware (ai score=85)
Antiy-AVL Trojan/Win32.Wacatac
Microsoft Trojan:Win32/RemcosCrypt.ACH!MTB
ZoneAlarm HEUR:Backdoor.Win32.Remcos.gen
GData Trojan.Empe.1.Gen
Cynet Malicious (score: 85)
AhnLab-V3 Trojan/Win32.Sonbokli.R334776
VBA32 BScope.Trojan.Sonbokli
ALYac Trojan.Empe.1.Gen
TACHYON Trojan-Downloader/W32.DP-Injector.667138
Malwarebytes Backdoor.Remcos
ESET-NOD32 Win32/TrojanDownloader.Delf.CXJ
Tencent Malware.Win32.Gencirc.10b9ec98
Yandex Trojan.Igent.bTEKCl.60
Ikarus Trojan.Win32.Injector
MaxSecure Trojan.Malware.9833444.susgen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x482150 VirtualFree
0x482154 VirtualAlloc
0x482158 LocalFree
0x48215c LocalAlloc
0x482160 GetVersion
0x482164 GetCurrentThreadId
0x482170 VirtualQuery
0x482174 WideCharToMultiByte
0x482178 MultiByteToWideChar
0x48217c lstrlenA
0x482180 lstrcpynA
0x482184 LoadLibraryExA
0x482188 GetThreadLocale
0x48218c GetStartupInfoA
0x482190 GetProcAddress
0x482194 GetModuleHandleA
0x482198 GetModuleFileNameA
0x48219c GetLocaleInfoA
0x4821a0 GetCommandLineA
0x4821a4 FreeLibrary
0x4821a8 FindFirstFileA
0x4821ac FindClose
0x4821b0 ExitProcess
0x4821b4 WriteFile
0x4821bc RtlUnwind
0x4821c0 RaiseException
0x4821c4 GetStdHandle
Library user32.dll:
0x4821cc GetKeyboardType
0x4821d0 LoadStringA
0x4821d4 MessageBoxA
0x4821d8 CharNextA
Library advapi32.dll:
0x4821e0 RegQueryValueExA
0x4821e4 RegOpenKeyExA
0x4821e8 RegCloseKey
Library oleaut32.dll:
0x4821f0 SysFreeString
0x4821f4 SysReAllocStringLen
0x4821f8 SysAllocStringLen
Library kernel32.dll:
0x482200 TlsSetValue
0x482204 TlsGetValue
0x482208 LocalAlloc
0x48220c GetModuleHandleA
Library advapi32.dll:
0x482214 RegQueryValueExA
0x482218 RegOpenKeyExA
0x48221c RegCloseKey
Library kernel32.dll:
0x482224 lstrcpyA
0x482228 WriteFile
0x48222c WaitForSingleObject
0x482230 VirtualQuery
0x482234 VirtualProtect
0x482238 VirtualAlloc
0x48223c Sleep
0x482240 SizeofResource
0x482244 SetThreadLocale
0x482248 SetFilePointer
0x48224c SetEvent
0x482250 SetErrorMode
0x482254 SetEndOfFile
0x482258 ResetEvent
0x48225c ReadFile
0x482260 MulDiv
0x482264 LockResource
0x482268 LoadResource
0x48226c LoadLibraryA
0x482278 GlobalUnlock
0x48227c GlobalReAlloc
0x482280 GlobalHandle
0x482284 GlobalLock
0x482288 GlobalFree
0x48228c GlobalFindAtomA
0x482290 GlobalDeleteAtom
0x482294 GlobalAlloc
0x482298 GlobalAddAtomA
0x48229c GetVersionExA
0x4822a0 GetVersion
0x4822a4 GetTickCount
0x4822a8 GetThreadLocale
0x4822ac GetSystemInfo
0x4822b0 GetStringTypeExA
0x4822b4 GetStdHandle
0x4822b8 GetProcAddress
0x4822bc GetModuleHandleA
0x4822c0 GetModuleFileNameA
0x4822c4 GetLocaleInfoA
0x4822c8 GetLocalTime
0x4822cc GetLastError
0x4822d0 GetFullPathNameA
0x4822d4 GetFileAttributesA
0x4822d8 GetDiskFreeSpaceA
0x4822dc GetDateFormatA
0x4822e0 GetCurrentThreadId
0x4822e4 GetCurrentProcessId
0x4822e8 GetCPInfo
0x4822ec GetACP
0x4822f0 FreeResource
0x4822f4 InterlockedExchange
0x4822f8 FreeLibrary
0x4822fc FormatMessageA
0x482300 FindResourceA
0x482304 FindFirstFileA
0x482308 FindClose
0x482314 EnumCalendarInfoA
0x48231c DeleteFileA
0x482324 CreateThread
0x482328 CreateFileA
0x48232c CreateEventA
0x482330 CompareStringA
0x482334 CloseHandle
Library version.dll:
0x48233c VerQueryValueA
0x482344 GetFileVersionInfoA
Library gdi32.dll:
0x48234c UnrealizeObject
0x482350 StretchBlt
0x482354 SetWindowOrgEx
0x482358 SetWinMetaFileBits
0x48235c SetViewportOrgEx
0x482360 SetTextColor
0x482364 SetStretchBltMode
0x482368 SetROP2
0x48236c SetPixel
0x482370 SetEnhMetaFileBits
0x482374 SetDIBColorTable
0x482378 SetBrushOrgEx
0x48237c SetBkMode
0x482380 SetBkColor
0x482384 SelectPalette
0x482388 SelectObject
0x48238c SaveDC
0x482390 RestoreDC
0x482394 Rectangle
0x482398 RectVisible
0x48239c RealizePalette
0x4823a0 Polyline
0x4823a4 PlayEnhMetaFile
0x4823a8 PatBlt
0x4823ac MoveToEx
0x4823b0 MaskBlt
0x4823b4 LineTo
0x4823b8 IntersectClipRect
0x4823bc GetWindowOrgEx
0x4823c0 GetWinMetaFileBits
0x4823c4 GetTextMetricsA
0x4823c8 GetTextExtentPointA
0x4823d4 GetStockObject
0x4823d8 GetPixel
0x4823dc GetPaletteEntries
0x4823e0 GetObjectA
0x4823ec GetEnhMetaFileBits
0x4823f0 GetDeviceCaps
0x4823f4 GetDIBits
0x4823f8 GetDIBColorTable
0x4823fc GetDCOrgEx
0x482404 GetClipBox
0x482408 GetBrushOrgEx
0x48240c GetBitmapBits
0x482410 GdiFlush
0x482414 ExtTextOutA
0x482418 ExcludeClipRect
0x48241c DeleteObject
0x482420 DeleteEnhMetaFile
0x482424 DeleteDC
0x482428 CreateSolidBrush
0x48242c CreatePenIndirect
0x482430 CreatePalette
0x482438 CreateFontIndirectA
0x48243c CreateDIBitmap
0x482440 CreateDIBSection
0x482444 CreateCompatibleDC
0x48244c CreateBrushIndirect
0x482450 CreateBitmap
0x482454 CopyEnhMetaFileA
0x482458 BitBlt
Library user32.dll:
0x482460 CreateWindowExA
0x482464 WindowFromPoint
0x482468 WinHelpA
0x48246c WaitMessage
0x482470 UpdateWindow
0x482474 UnregisterClassA
0x482478 UnhookWindowsHookEx
0x48247c TranslateMessage
0x482484 TrackPopupMenu
0x48248c ShowWindow
0x482490 ShowScrollBar
0x482494 ShowOwnedPopups
0x482498 ShowCursor
0x48249c SetWindowsHookExA
0x4824a0 SetWindowTextA
0x4824a4 SetWindowPos
0x4824a8 SetWindowPlacement
0x4824ac SetWindowLongA
0x4824b0 SetTimer
0x4824b4 SetScrollRange
0x4824b8 SetScrollPos
0x4824bc SetScrollInfo
0x4824c0 SetRect
0x4824c4 SetPropA
0x4824c8 SetParent
0x4824cc SetMenuItemInfoA
0x4824d0 SetMenu
0x4824d4 SetForegroundWindow
0x4824d8 SetFocus
0x4824dc SetCursor
0x4824e0 SetClipboardData
0x4824e4 SetClassLongA
0x4824e8 SetCapture
0x4824ec SetActiveWindow
0x4824f0 SendMessageA
0x4824f4 ScrollWindow
0x4824f8 ScreenToClient
0x4824fc RemovePropA
0x482500 RemoveMenu
0x482504 ReleaseDC
0x482508 ReleaseCapture
0x482514 RegisterClassA
0x482518 RedrawWindow
0x48251c PtInRect
0x482520 PostQuitMessage
0x482524 PostMessageA
0x482528 PeekMessageA
0x48252c OpenClipboard
0x482530 OffsetRect
0x482534 OemToCharA
0x482538 MessageBoxA
0x48253c MessageBeep
0x482540 MapWindowPoints
0x482544 MapVirtualKeyA
0x482548 LoadStringA
0x48254c LoadKeyboardLayoutA
0x482550 LoadIconA
0x482554 LoadCursorA
0x482558 LoadBitmapA
0x48255c KillTimer
0x482560 IsZoomed
0x482564 IsWindowVisible
0x482568 IsWindowEnabled
0x48256c IsWindow
0x482570 IsRectEmpty
0x482574 IsIconic
0x482578 IsDialogMessageA
0x48257c IsChild
0x482580 InvalidateRect
0x482584 IntersectRect
0x482588 InsertMenuItemA
0x48258c InsertMenuA
0x482590 InflateRect
0x482598 GetWindowTextA
0x48259c GetWindowRect
0x4825a0 GetWindowPlacement
0x4825a4 GetWindowLongA
0x4825a8 GetWindowDC
0x4825ac GetTopWindow
0x4825b0 GetSystemMetrics
0x4825b4 GetSystemMenu
0x4825b8 GetSysColorBrush
0x4825bc GetSysColor
0x4825c0 GetSubMenu
0x4825c4 GetScrollRange
0x4825c8 GetScrollPos
0x4825cc GetScrollInfo
0x4825d0 GetPropA
0x4825d4 GetParent
0x4825d8 GetWindow
0x4825dc GetMenuStringA
0x4825e0 GetMenuState
0x4825e4 GetMenuItemInfoA
0x4825e8 GetMenuItemID
0x4825ec GetMenuItemCount
0x4825f0 GetMenu
0x4825f4 GetLastActivePopup
0x4825f8 GetKeyboardState
0x482600 GetKeyboardLayout
0x482604 GetKeyState
0x482608 GetKeyNameTextA
0x48260c GetIconInfo
0x482610 GetForegroundWindow
0x482614 GetFocus
0x482618 GetDlgItem
0x48261c GetDesktopWindow
0x482620 GetDCEx
0x482624 GetDC
0x482628 GetCursorPos
0x48262c GetCursor
0x482630 GetClipboardData
0x482634 GetClientRect
0x482638 GetClassNameA
0x48263c GetClassInfoA
0x482640 GetCapture
0x482644 GetActiveWindow
0x482648 FrameRect
0x48264c FindWindowA
0x482650 FillRect
0x482654 EqualRect
0x482658 EnumWindows
0x48265c EnumThreadWindows
0x482660 EndPaint
0x482664 EnableWindow
0x482668 EnableScrollBar
0x48266c EnableMenuItem
0x482670 EmptyClipboard
0x482674 DrawTextA
0x482678 DrawMenuBar
0x48267c DrawIconEx
0x482680 DrawIcon
0x482684 DrawFrameControl
0x482688 DrawEdge
0x48268c DispatchMessageA
0x482690 DestroyWindow
0x482694 DestroyMenu
0x482698 DestroyIcon
0x48269c DestroyCursor
0x4826a0 DeleteMenu
0x4826a4 DefWindowProcA
0x4826a8 DefMDIChildProcA
0x4826ac DefFrameProcA
0x4826b0 CreatePopupMenu
0x4826b4 CreateMenu
0x4826b8 CreateIcon
0x4826bc CloseClipboard
0x4826c0 ClientToScreen
0x4826c4 CheckMenuItem
0x4826c8 CallWindowProcA
0x4826cc CallNextHookEx
0x4826d0 BeginPaint
0x4826d4 CharNextA
0x4826d8 CharLowerBuffA
0x4826dc CharLowerA
0x4826e0 CharUpperBuffA
0x4826e4 CharToOemA
0x4826e8 AdjustWindowRectEx
Library kernel32.dll:
0x4826f4 Sleep
Library oleaut32.dll:
0x4826fc SafeArrayPtrOfIndex
0x482700 SafeArrayGetUBound
0x482704 SafeArrayGetLBound
0x482708 SafeArrayCreate
0x48270c VariantChangeType
0x482710 VariantCopy
0x482714 VariantClear
0x482718 VariantInit
Library comctl32.dll:
0x482728 ImageList_Write
0x48272c ImageList_Read
0x48273c ImageList_DragMove
0x482740 ImageList_DragLeave
0x482744 ImageList_DragEnter
0x482748 ImageList_EndDrag
0x48274c ImageList_BeginDrag
0x482750 ImageList_Remove
0x482754 ImageList_DrawEx
0x482758 ImageList_Replace
0x48275c ImageList_Draw
0x48276c ImageList_Add
0x482778 ImageList_Destroy
0x48277c ImageList_Create
0x482780 InitCommonControls
Library comdlg32.dll:
0x482788 GetOpenFileNameA
Library URL.DLL:
0x482790 InetIsOffline

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.