4.4
中危
64 个模型检测该样本为恶意!
重新分析
更多

aebe8d103820148ec80b30a7333e8715eed74a47abd13035118afa3770c5e36b

f0f005585728a452cfd8a9c6fc07889a.exe

分析耗时

73s

最近分析

文件大小

238.3KB
静态报毒 动态报毒 AI SCORE=88 AIDETECTVM BITCOINMINER BTCMINE CLASSIC COINMINER CONFIDENCE DEJXVD ELDORADO FESQ GEN4 GENETIC GRAFTOR GSWZWAC HIGH CONFIDENCE KCLOUD M94N MAENER MALICIOUS PE MALWARE1 MINER MINT MURPHY OQY@AQD47LH OVJSG+4MNBC PQIF@5E7LUK QVM10 R + TROJ SCORE STATIC AI SUSGEN SVCMINER TNEGA UNSAFE ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Trojan-FESQ!F0F005585728 20201211 6.0.6.653
Alibaba Trojan:Win32/Maener.c9b045aa 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:SvcMiner-E [Trj] 20201210 21.1.5827.0
Kingsoft Win32.Troj.Undef.(kcloud) 20201211 2017.9.26.565
Tencent Trojan.Win32.CoinMiner.f 20201211 1.0.0.1
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features GET method with no useragent header, HTTP version 1.0 used suspicious_request GET http://api.vk.com/method/wall.get.xml
Performs some HTTP requests (1 个事件)
request GET http://api.vk.com/method/wall.get.xml
Resolves a suspicious Top Level Domain (TLD) (1 个事件)
domain 1.lalkaboy.z8.ru description Russian Federation domain TLD
Creates executable files on the filesystem (1 个事件)
file C:\.Trash-100\ActivateDesktop.exe
Creates hidden or system file (2 个事件)
Time & API Arguments Status Return Repeated
1619999683.692436
SetFileAttributesW
file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: C:\.Trash-100
filepath: C:\.Trash-100
success 1 0
1619999689.107008
SetFileAttributesW
file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: C:\.Trash-100
filepath: C:\.Trash-100
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Creates known CoinMiner Trojan mutexes (1 个事件)
mutex SamaelLovesMe
File has been identified by 64 AntiVirus engines on VirusTotal as malicious (50 out of 64 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Heur.Mint.Murphy.23
FireEye Generic.mg.f0f005585728a452
CAT-QuickHeal Trojan.Maener.A5
McAfee Trojan-FESQ!F0F005585728
Cylance Unsafe
VIPRE Trojan.Win32.CoinMiner.so (v)
Sangfor Malware
K7AntiVirus Trojan ( 0055e3fc1 )
Alibaba Trojan:Win32/Maener.c9b045aa
K7GW Trojan ( 0055e3fc1 )
Cybereason malicious.85728a
Arcabit Trojan.Mint.Murphy.23
Cyren W32/A-665df2f6!Eldorado
Symantec SMG.Heur!gen
TotalDefense Win32/Tnega.GSWZWAC
APEX Malicious
Avast Win32:SvcMiner-E [Trj]
ClamAV Win.Trojan.Coinminer-6750707-0
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Gen:Heur.Mint.Murphy.23
NANO-Antivirus Trojan.Win32.CoinMiner.dejxvd
Paloalto generic.ml
Rising Trojan.Maener!1.AFC8 (CLASSIC)
Ad-Aware Gen:Heur.Mint.Murphy.23
Sophos Mal/Generic-R + Troj/Miner-IM
Comodo TrojWare.Win32.Graftor.PQIF@5e7luk
F-Secure Trojan.TR/BitCoinMiner.Gen4
DrWeb Trojan.BtcMine.594
Zillya Trojan.CoinMiner.Win32.709
TrendMicro Mal_CoinMiner-2
McAfee-GW-Edition BehavesLike.Win32.Generic.dm
Emsisoft Gen:Heur.Mint.Murphy.23 (B)
SentinelOne Static AI - Malicious PE
Jiangmin Trojan/Banker.CoinMiner.a
Webroot W32.Trojan.Gen
Avira TR/BitCoinMiner.Gen4
Antiy-AVL Trojan[Banker]/Win32.CoinMiner
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Trojan.Win32.CoinMiner.bot!s1
Microsoft Trojan:Win32/Maener.A
AegisLab Trojan.Win32.Generic.m94N
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Win32.Trojan.Coinminer.CB
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Agent.C589004
Acronis suspicious
BitDefenderTheta Gen:NN.ZexaF.34670.oqY@aqd47Lh
ALYac Gen:Heur.Mint.Murphy.23
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2014-08-30 08:45:12

Imports

Library KERNEL32.dll:
0x421000 FindFirstFileA
0x421004 FindNextFileA
0x42100c CreateDirectoryA
0x421014 DeleteFileA
0x421018 WaitForSingleObject
0x42101c Sleep
0x421020 TerminateProcess
0x421024 ExitProcess
0x421028 GetTickCount
0x421030 GetLastError
0x421034 SetFileAttributesA
0x421038 GetModuleFileNameA
0x42103c CreateMutexA
0x421044 CloseHandle
0x421048 CreateFileA
0x42104c WriteFile
0x421054 GetCurrentProcess
0x421058 Process32First
0x42105c OpenProcess
0x421060 WideCharToMultiByte
0x421064 CreateProcessA
0x421068 SetLastError
0x42106c Process32Next
0x421070 IsWow64Process
0x421078 SetEndOfFile
0x42107c CreateFileW
0x421084 LoadLibraryW
0x421088 OutputDebugStringW
0x42108c WriteConsoleW
0x421090 SetStdHandle
0x421094 ReadConsoleW
0x421098 HeapReAlloc
0x42109c GetOEMCP
0x4210a0 IsValidCodePage
0x4210a4 SetFilePointer
0x4210a8 GetACP
0x4210b8 GetCurrentProcessId
0x4210c0 GetModuleFileNameW
0x4210c4 HeapSize
0x4210c8 GetConsoleMode
0x4210cc GetConsoleCP
0x4210d0 FlushFileBuffers
0x4210d4 SetFilePointerEx
0x4210d8 ReadFile
0x4210dc AreFileApisANSI
0x4210e0 GetModuleHandleExW
0x4210e4 GetProcessHeap
0x4210e8 GetFileType
0x4210ec GetStdHandle
0x4210f0 EnumSystemLocalesW
0x4210f4 GetUserDefaultLCID
0x4210f8 IsValidLocale
0x4210fc GetLocaleInfoW
0x421104 EncodePointer
0x421108 DecodePointer
0x42110c MultiByteToWideChar
0x421110 GetStringTypeW
0x421114 lstrlenA
0x421118 LocalFree
0x42111c HeapFree
0x421120 CreateThread
0x421124 GetCurrentThreadId
0x421128 ExitThread
0x42112c GetProcAddress
0x421130 LoadLibraryExW
0x421134 IsDebuggerPresent
0x42113c GetCommandLineA
0x421140 RaiseException
0x421144 RtlUnwind
0x421148 HeapAlloc
0x42114c GetCPInfo
0x421158 TlsAlloc
0x42115c TlsGetValue
0x421160 TlsSetValue
0x421164 TlsFree
0x421168 GetStartupInfoW
0x42116c GetModuleHandleW
0x421170 CompareStringW
0x421174 LCMapStringW
Library USER32.dll:
0x42118c GetCursorPos
0x421190 DispatchMessageA
0x421194 ShowWindow
0x421198 DefWindowProcA
0x42119c CreateWindowExA
0x4211a0 TranslateMessage
0x4211a4 PostQuitMessage
0x4211a8 RegisterClassExA
0x4211ac GetMessageA
0x4211b0 UpdateWindow
Library ole32.dll:
0x4211e4 CoSetProxyBlanket
0x4211ec CoInitializeEx
0x4211f0 CoUninitialize
0x4211f4 CoCreateInstance
Library OLEAUT32.dll:
0x42117c SysAllocString
0x421180 VariantClear
0x421184 SysFreeString
Library WS2_32.dll:
0x4211b8 connect
0x4211bc WSAStartup
0x4211c0 WSAGetLastError
0x4211c4 htons
0x4211c8 WSACleanup
0x4211cc recv
0x4211d0 send
0x4211d4 gethostbyname
0x4211d8 closesocket
0x4211dc socket

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49178 87.240.190.75 api.vk.com 80
192.168.56.101 49181 87.240.190.75 api.vk.com 80
192.168.56.101 49182 87.240.190.75 api.vk.com 80
192.168.56.101 49183 87.240.190.75 api.vk.com 80
192.168.56.101 49186 87.240.190.75 api.vk.com 80
192.168.56.101 49189 87.240.190.75 api.vk.com 80
192.168.56.101 49190 87.240.190.75 api.vk.com 80
192.168.56.101 49191 87.240.190.75 api.vk.com 80
192.168.56.101 49192 87.240.190.75 api.vk.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://api.vk.com/method/wall.get.xml 
GET /method/wall.get.xml HTTP/1.0
Host: api.vk.com
Cache-Control: max-age=0, no-store
User-agent: Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.5; Windows NT 5.1;)
http://api.vk.com/method/wall.get.xml 
GET /method/wall.get.xml HTTP/1.0
Host: api.vk.com
Cache-Control: max-age=0, no-store
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20060127 Netscape/8.1
http://api.vk.com/method/wall.get.xml 
GET /method/wall.get.xml HTTP/1.0
Host: api.vk.com
Cache-Control: max-age=0, no-store
User-agent: Mozilla/4.8 [en] (Windows NT 5.0; U)
http://api.vk.com/method/wall.get.xml 
GET /method/wall.get.xml HTTP/1.0
Host: api.vk.com
Cache-Control: max-age=0, no-store
User-agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
http://api.vk.com/method/wall.get.xml 
GET /method/wall.get.xml HTTP/1.0
Host: api.vk.com
Cache-Control: max-age=0, no-store
User-agent: Mozilla/5.0 (compatible; Konqueror/4.3; Linux) KHTML/4.3.5 (like Gecko)

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.