6.0
高危
47 个模型检测该样本为恶意!
重新分析
更多

fd8acbf8de6fb437425a7ce74feac1dbb64a7eead618458e2804e2de914656e8

f27341dc0a98b8640ebe024e4e8c8d3c.exe

分析耗时

89s

最近分析

文件大小

1.2MB
静态报毒 动态报毒 ADSEARCH AGEN AI SCORE=67 APPLICUNWNT@#2CGIBZZSMCPXX BHODFLTTAB BSCOPE EBSDLK ELDORADO ELEX FILEREPMETAGEN GENASA GENCIRC JOHNNIE MLAC1DRDUKH MUTABAHA PCCLIENT SCORE TAIWANSHUI TECHNOLOGIES UNSAFE WINZIPPE WINZIPPER XADUPI YBU6KIW1PZI 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee PUP-FRR 20201031 6.0.6.653
Baidu 20190318 1.0.0.2
Avast 20201031 20.10.5736.0
Alibaba Trojan:Win32/Xadupi.5484ea3f 20190527 0.3.0.5
Tencent Malware.Win32.Gencirc.11497329 20201031 1.0.0.1
Kingsoft 20201031 2013.8.14.323
CrowdStrike 20190702 1.0
静态指标
Command line console output was observed (2 个事件)
Time & API Arguments Status Return Repeated
1620811497.429329
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f27341dc0a98b8640ebe024e4e8c8d3c.exe
console_handle: 0x00000007
success 1 0
1620811497.460329
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
This executable is signed
This executable has a PDB path (1 个事件)
pdb_path E:\svn\oiview\trunk\bin\eUninstall.pdb
行为判定
动态指标
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Foreign language identified in PE resource (1 个事件)
name RT_VERSION language LANG_CHINESE offset 0x0010b2d0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000003bc
Creates a suspicious process (2 个事件)
cmdline "C:\Windows\System32\cmd.exe" /c del /q "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f27341dc0a98b8640ebe024e4e8c8d3c.exe"
cmdline cmd.exe /c del /q "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f27341dc0a98b8640ebe024e4e8c8d3c.exe"
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f27341dc0a98b8640ebe024e4e8c8d3c.exe
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1620809365.464343
ShellExecuteExW
parameters: /c del /q "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f27341dc0a98b8640ebe024e4e8c8d3c.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
Uses Windows utilities for basic Windows functionality (2 个事件)
cmdline "C:\Windows\System32\cmd.exe" /c del /q "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f27341dc0a98b8640ebe024e4e8c8d3c.exe"
cmdline cmd.exe /c del /q "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f27341dc0a98b8640ebe024e4e8c8d3c.exe"
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Deletes executed files from disk (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f27341dc0a98b8640ebe024e4e8c8d3c.exe
Creates known PcClient mutex and/or file changes. (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\language\en_us\install_lang.ini
File has been identified by 47 AntiVirus engines on VirusTotal as malicious (47 个事件)
MicroWorld-eScan Gen:Variant.Adware.Johnnie.384
FireEye Generic.mg.f27341dc0a98b864
CAT-QuickHeal PUA.Taiwanshui.Gen
McAfee PUP-FRR
Cylance Unsafe
K7AntiVirus Adware ( 004dc2f41 )
BitDefender Gen:Variant.Adware.Johnnie.384
K7GW Adware ( 004dc2f41 )
Cybereason malicious.c0a98b
Arcabit PUP.Adware.Elex
Cyren W32/S-d4b4b0b9!Eldorado
Symantec PUA.Gen.3
APEX Malicious
Kaspersky not-a-virus:AdWare.Win32.ELEX.gpl
Alibaba Trojan:Win32/Xadupi.5484ea3f
NANO-Antivirus Riskware.Win32.Dwn.ebsdlk
ViRobot Adware.Elex.1208496.G
AegisLab Adware.Win32.ELEX.2!c
Tencent Malware.Win32.Gencirc.11497329
Ad-Aware Gen:Variant.Adware.Johnnie.384
Sophos Troj/WinZippe-A
Comodo ApplicUnwnt@#2cgibzzsmcpxx
F-Secure Heuristic.HEUR/AGEN.1102295
DrWeb Adware.Mutabaha.838
Zillya Trojan.BHODfltTab.Win64.11
Invincea Troj/WinZippe-A
McAfee-GW-Edition PUP-FRR
Emsisoft Application.AdSearch (A)
Jiangmin Downloader.Elex.ee
Avira HEUR/AGEN.1102295
Gridinsoft Adware.ELEX.vl!c
Microsoft Trojan:Win32/Xadupi
SUPERAntiSpyware PUP.Elex/Variant
ZoneAlarm not-a-virus:AdWare.Win32.ELEX.gpl
GData Gen:Variant.Adware.Johnnie.384
Cynet Malicious (score: 100)
MAX malware (ai score=67)
VBA32 BScope.Adware.Elex
Malwarebytes Adware.Elex
Panda PUP/Winzipper
ESET-NOD32 a variant of Win32/Adware.ELEX.PBU
Rising Trojan.Xadupi!8.300C (TFE:5:MlAC1drDUKH)
Yandex Trojan.GenAsa!Ybu6kiw1pZI
Fortinet Riskware/Elex
Webroot Pua.337.Technologies
AVG FileRepMetagen [Adw]
Qihoo-360 Win32/Virus.Downloader.16d
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2015-08-24 10:51:24

Imports

Library WS2_32.dll:
0x4c058c WSAStartup
0x4c0590 WSACleanup
Library SHLWAPI.dll:
0x4c03a8 PathRemoveFileSpecW
0x4c03ac StrStrIW
0x4c03b0 SHRegCloseUSKey
0x4c03b4 StrCmpIW
0x4c03b8 StrCmpNIW
0x4c03bc SHRegEnumUSKeyW
0x4c03c0 SHRegOpenUSKeyW
0x4c03c4 SHRegGetUSValueW
0x4c03c8 PathIsRelativeW
0x4c03cc PathFileExistsW
0x4c03d4 PathIsURLW
0x4c03d8 PathAppendW
0x4c03dc PathCombineW
0x4c03e0 PathFindFileNameW
0x4c03e4 SHDeleteKeyW
0x4c03e8 PathFindExtensionW
Library KERNEL32.dll:
0x4c0100 MultiByteToWideChar
0x4c0104 GetFileSize
0x4c0108 lstrlenA
0x4c0110 SetFileAttributesW
0x4c0114 ReadFile
0x4c0118 SetFilePointer
0x4c011c WideCharToMultiByte
0x4c0120 WaitNamedPipeW
0x4c0128 WriteFile
0x4c012c TlsAlloc
0x4c0130 TlsFree
0x4c0134 OutputDebugStringW
0x4c0138 SetEndOfFile
0x4c013c GetTickCount
0x4c0144 FormatMessageA
0x4c014c WriteConsoleW
0x4c0150 FlushFileBuffers
0x4c0154 SetStdHandle
0x4c0158 GetConsoleCP
0x4c0160 SetFilePointerEx
0x4c0164 ReadConsoleW
0x4c0168 GetConsoleMode
0x4c0178 GetFileType
0x4c017c GetOEMCP
0x4c0180 GetACP
0x4c0184 IsValidCodePage
0x4c0188 GetStdHandle
0x4c018c LCMapStringW
0x4c0190 CompareStringW
0x4c0194 GetStartupInfoW
0x4c0198 TlsSetValue
0x4c019c TlsGetValue
0x4c01a0 SetLastError
0x4c01a4 GetSystemInfo
0x4c01a8 GetVersionExW
0x4c01b0 InterlockedExchange
0x4c01b4 ResumeThread
0x4c01b8 CreateThread
0x4c01d0 SetEvent
0x4c01d4 CreateEventW
0x4c01d8 lstrlenW
0x4c01dc Process32NextW
0x4c01e0 Process32FirstW
0x4c01e4 GetCurrentThread
0x4c01e8 SetThreadPriority
0x4c01ec SetPriorityClass
0x4c01f4 GetCPInfo
0x4c01f8 RtlUnwind
0x4c01fc VirtualQuery
0x4c0200 VirtualProtect
0x4c0204 VirtualAlloc
0x4c020c GetCommandLineW
0x4c0214 IsDebuggerPresent
0x4c0218 GetModuleHandleExW
0x4c021c ExitProcess
0x4c0220 GetStringTypeW
0x4c0224 DecodePointer
0x4c0228 EncodePointer
0x4c022c LoadLibraryExW
0x4c0234 GetProfileIntW
0x4c0238 GlobalSize
0x4c023c GlobalUnlock
0x4c0240 GlobalLock
0x4c0244 GlobalFree
0x4c0248 GlobalAlloc
0x4c0258 DebugBreak
0x4c025c MulDiv
0x4c0260 RaiseException
0x4c0264 GetProcessHeap
0x4c0268 HeapSize
0x4c026c HeapFree
0x4c0270 HeapReAlloc
0x4c0274 HeapAlloc
0x4c0278 HeapDestroy
0x4c027c GetLastError
0x4c0280 GetModuleHandleW
0x4c0284 WaitForSingleObject
0x4c0288 CreateProcessW
0x4c028c TerminateProcess
0x4c0294 OpenProcess
0x4c0298 LoadLibraryW
0x4c029c GetProcAddress
0x4c02a0 FreeLibrary
0x4c02a4 CopyFileW
0x4c02a8 Sleep
0x4c02ac FindResourceExW
0x4c02b0 FindResourceW
0x4c02b4 LoadResource
0x4c02b8 LockResource
0x4c02bc SizeofResource
0x4c02c0 GetTempFileNameW
0x4c02c8 MoveFileExW
0x4c02cc DeleteFileW
0x4c02d0 FindNextFileW
0x4c02d4 FindClose
0x4c02d8 FindFirstFileW
0x4c02dc GetSystemDirectoryW
0x4c02e8 CreateDirectoryW
0x4c02ec GetModuleFileNameW
0x4c02f0 GetCurrentProcess
0x4c02f4 GetCurrentProcessId
0x4c02f8 GetCurrentThreadId
0x4c02fc CreateFileW
0x4c0300 GetSystemTime
0x4c0304 GetLocalTime
0x4c0308 LocalFree
0x4c030c CloseHandle
0x4c0310 CreateMutexW
Library USER32.dll:
0x4c03f0 CreateCaret
0x4c03f4 ShowCaret
0x4c03f8 SetCaretPos
0x4c03fc HideCaret
0x4c0404 GetCaretPos
0x4c0408 PeekMessageW
0x4c040c GetCapture
0x4c0410 SetTimer
0x4c0414 KillTimer
0x4c0418 MapWindowPoints
0x4c041c UpdateLayeredWindow
0x4c0420 SetWindowRgn
0x4c0424 GetUpdateRect
0x4c0428 GetWindowRgn
0x4c042c TrackMouseEvent
0x4c0430 GetMonitorInfoW
0x4c0434 MonitorFromWindow
0x4c0438 GetSystemMetrics
0x4c043c MoveWindow
0x4c0440 ScreenToClient
0x4c0444 GetWindowRect
0x4c0448 DefWindowProcW
0x4c044c CreateWindowExW
0x4c0450 PostMessageW
0x4c0454 DestroyWindow
0x4c0458 RegisterClassW
0x4c045c SendMessageW
0x4c0460 EnumWindows
0x4c0464 GetParent
0x4c0468 IsWindowVisible
0x4c0470 AttachThreadInput
0x4c0474 SetFocus
0x4c0478 SetForegroundWindow
0x4c047c BringWindowToTop
0x4c0480 SetWindowPos
0x4c0484 GetForegroundWindow
0x4c0490 FindWindowW
0x4c0494 SetWindowTextW
0x4c0498 SetCursor
0x4c049c LoadCursorW
0x4c04a0 IsWindow
0x4c04a4 GetDesktopWindow
0x4c04a8 GetWindow
0x4c04ac GetKeyState
0x4c04b0 ClientToScreen
0x4c04b4 GetWindowTextW
0x4c04b8 WindowFromPoint
0x4c04bc GetWindowLongW
0x4c04c0 SetWindowLongW
0x4c04c4 IntersectRect
0x4c04c8 GetDoubleClickTime
0x4c04cc GetCursorPos
0x4c04d0 ShowWindow
0x4c04d4 IsIconic
0x4c04d8 GetFocus
0x4c04dc IsChild
0x4c04e0 CopyImage
0x4c04e4 DrawTextW
0x4c04e8 wvsprintfW
0x4c04ec CopyRect
0x4c04f0 IsRectEmpty
0x4c04f4 PtInRect
0x4c04f8 SetRect
0x4c04fc SetRectEmpty
0x4c0500 EqualRect
0x4c0504 InflateRect
0x4c0508 OffsetRect
0x4c050c UnionRect
0x4c0510 CharLowerW
0x4c0514 CharNextW
0x4c0518 InvalidateRgn
0x4c0520 GetSysColor
0x4c0524 GetDC
0x4c0528 GetClientRect
0x4c052c ReleaseDC
0x4c0530 BeginPaint
0x4c0534 EndPaint
0x4c0538 InvalidateRect
0x4c053c FillRect
0x4c0540 DrawFocusRect
0x4c0544 FrameRect
0x4c0548 GetClassInfoExW
0x4c054c RegisterClassExW
0x4c0550 EnableWindow
0x4c0554 GetMessageW
0x4c0558 TranslateMessage
0x4c055c DispatchMessageW
0x4c0560 PostQuitMessage
0x4c0564 GetLastActivePopup
0x4c0568 SetPropW
0x4c056c GetPropW
0x4c0570 SetCapture
0x4c0574 ReleaseCapture
0x4c0578 CallWindowProcW
Library ADVAPI32.dll:
0x4c0004 RegOpenKeyExW
0x4c0008 RegSetValueExW
0x4c000c RegCloseKey
0x4c0010 RegQueryValueExW
0x4c0014 RegDeleteValueW
0x4c0018 RegOpenKeyW
Library SHELL32.dll:
0x4c0384 SHChangeNotify
0x4c0388 ShellExecuteExW
0x4c0390 SHFileOperationW
0x4c0394
0x4c0398 ShellExecuteW
0x4c039c SHGetFolderPathW
0x4c03a0 CommandLineToArgvW
Library ole32.dll:
0x4c06b8 OleDuplicateData
0x4c06c0 RegisterDragDrop
0x4c06c4 RevokeDragDrop
0x4c06c8 ReleaseStgMedium
0x4c06cc DoDragDrop
0x4c06d0 OleLockRunning
0x4c06d4 CoTaskMemAlloc
0x4c06d8 IIDFromString
0x4c06dc CoTaskMemFree
0x4c06e4 CLSIDFromString
0x4c06e8 OleInitialize
0x4c06ec OleUninitialize
0x4c06f0 CoInitialize
0x4c06f4 OleRun
0x4c06f8 CoCreateInstance
0x4c06fc CoUninitialize
Library OLEAUT32.dll:
0x4c0324 VariantChangeType
0x4c0328 LoadTypeLib
0x4c032c SysAllocStringLen
0x4c0334 SysStringByteLen
0x4c0338 DispCallFunc
0x4c033c VariantClear
0x4c0340 VariantInit
0x4c0344 SysAllocString
0x4c0348 SysFreeString
0x4c034c SafeArrayGetLBound
0x4c0350 SafeArrayGetUBound
0x4c0354 SafeArrayAccessData
0x4c0358 GetErrorInfo
0x4c035c SysStringLen
0x4c0364 VariantCopy
Library gdiplus.dll:
0x4c05a0 GdipFree
0x4c05ac GdipBitmapLockBits
0x4c05b4 GdiplusShutdown
0x4c05b8 GdiplusStartup
0x4c05cc GdipGetPropertyItem
0x4c05e4 GdipGetImageFlags
0x4c05f0 GdipGetFamily
0x4c05f4 GdipDeleteFont
0x4c060c GdipDrawImageI
0x4c0610 GdipMeasureString
0x4c0614 GdipDrawString
0x4c0618 GdipFillEllipseI
0x4c061c GdipFillRectangleI
0x4c0620 GdipGraphicsClear
0x4c0624 GdipDrawEllipseI
0x4c0628 GdipDrawRectangleI
0x4c062c GdipDrawLineI
0x4c0630 GdipDrawLines
0x4c0650 GdipCreateFromHDC
0x4c066c GdipSetPenDashStyle
0x4c0670 GdipDeletePen
0x4c0674 GdipCreatePen1
0x4c067c GdipCreateSolidFill
0x4c0680 GdipCloneBrush
0x4c0684 GdipDeleteBrush
0x4c0690 GdipGetImageHeight
0x4c0694 GdipGetImageWidth
0x4c0698 GdipAlloc
0x4c069c GdipDisposeImage
0x4c06a4 GdipDeleteGraphics
0x4c06ac GdipDrawImageRectI
0x4c06b0 GdipCloneImage
Library MSIMG32.dll:
0x4c0318 TransparentBlt
0x4c031c AlphaBlend
Library dbghelp.dll:
0x4c0598 MiniDumpWriteDump
Library RPCRT4.dll:
0x4c0374 UuidCreate
0x4c0378 UuidToStringW
0x4c037c RpcStringFreeW
Library PSAPI.DLL:
Library WINMM.dll:
0x4c0580 timeSetEvent
0x4c0584 timeKillEvent
Library urlmon.dll:
Library COMCTL32.dll:
0x4c0024
Library GDI32.dll:
0x4c002c CreateFontW
0x4c0030 CreateRectRgn
0x4c0034 SetStretchBltMode
0x4c0038 StretchBlt
0x4c003c SetBkMode
0x4c0040 SelectClipRgn
0x4c0044 OffsetClipRgn
0x4c0048 LineTo
0x4c004c ArcTo
0x4c0050 GetStockObject
0x4c0054 Rectangle
0x4c0058 Ellipse
0x4c005c Polygon
0x4c0060 Polyline
0x4c0064 SetTextColor
0x4c0068 GetDIBits
0x4c006c AddFontResourceW
0x4c0070 FrameRgn
0x4c0074 GetRgnBox
0x4c0078 SetWindowOrgEx
0x4c007c CopyMetaFileW
0x4c0080 GetDeviceCaps
0x4c0084 PtInRegion
0x4c0088 DeleteObject
0x4c008c CreatePatternBrush
0x4c0090 EnumFontFamiliesW
0x4c0094 FillRgn
0x4c0098 CreatePen
0x4c009c DeleteDC
0x4c00a0 SetPixel
0x4c00a4 GetPixel
0x4c00a8 BitBlt
0x4c00ac SetWorldTransform
0x4c00b0 SetGraphicsMode
0x4c00b8 GetObjectW
0x4c00bc CreateSolidBrush
0x4c00c0 CreateDIBSection
0x4c00c4 CreateCompatibleDC
0x4c00c8 GetObjectA
0x4c00cc RestoreDC
0x4c00d0 SaveDC
0x4c00d4 GetClipBox
0x4c00d8 CreateRoundRectRgn
0x4c00dc MoveToEx
0x4c00e0 GetCharABCWidthsW
0x4c00e8 SelectObject
0x4c00ec CombineRgn
0x4c00f4 SetDIBits
0x4c00f8 OffsetRgn

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.