6.8
高危
65 个模型检测该样本为恶意!
重新分析
更多

e80b2835e8235ac3f80787c7b4acea651c9fe5dc89a3992667a38222b6260736

f27c89f4c93c9e4be61563087ff16229.exe

分析耗时

130s

最近分析

文件大小

551.0KB
静态报毒 动态报毒 100% AI SCORE=100 AIDETECTVM BAGSU BAWA BINDER CLOUD CONFIDENCE DELF DELPHI DORV EIMP FLAGCE FYNLOSKI GAMEHACK GENCIRC GENERICKD GENERICRXDR GENETIC GENOME HIGH HIGH CONFIDENCE LEZZ MALWARE2 PZJI R30190 RBOT RUFTAR SCAR SCORE SMBD SOC@572VWY SUSPICIOUS PE TROJAN2 UNSAFE VVWT WACATAC ZHLKEDD 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXDR-OQ!F27C89F4C93C 20200629 6.0.6.653
Alibaba TrojanDropper:Win32/Dorv.c1670cda 20190527 0.3.0.5
Baidu Win32.Trojan-Dropper.Delf.as 20190318 1.0.0.2
Avast Win32:Bagsu-L [PUP] 20200629 18.4.3895.0
Kingsoft 20200629 2013.8.14.323
Tencent Malware.Win32.Gencirc.10b0cf09 20200629 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Checks if process is being debugged by a debugger (50 out of 71 个事件)
Time & API Arguments Status Return Repeated
1620019189.01841
IsDebuggerPresent
failed 0 0
1620019189.11241
IsDebuggerPresent
failed 0 0
1620019200.09641
IsDebuggerPresent
failed 0 0
1620019200.11241
IsDebuggerPresent
failed 0 0
1620019200.12741
IsDebuggerPresent
failed 0 0
1620019200.28441
IsDebuggerPresent
failed 0 0
1620019200.29941
IsDebuggerPresent
failed 0 0
1620019200.37741
IsDebuggerPresent
failed 0 0
1620019200.51841
IsDebuggerPresent
failed 0 0
1620019201.54941
IsDebuggerPresent
failed 0 0
1620019201.64341
IsDebuggerPresent
failed 0 0
1620019203.23741
IsDebuggerPresent
failed 0 0
1620019212.36241
IsDebuggerPresent
failed 0 0
1620019212.72141
IsDebuggerPresent
failed 0 0
1620019213.19041
IsDebuggerPresent
failed 0 0
1620019215.70541
IsDebuggerPresent
failed 0 0
1620019215.81541
IsDebuggerPresent
failed 0 0
1620019220.47141
IsDebuggerPresent
failed 0 0
1620019222.31541
IsDebuggerPresent
failed 0 0
1620019222.39341
IsDebuggerPresent
failed 0 0
1620019228.64341
IsDebuggerPresent
failed 0 0
1620019187.877785
IsDebuggerPresent
failed 0 0
1620019188.065785
IsDebuggerPresent
failed 0 0
1620019196.674785
IsDebuggerPresent
failed 0 0
1620019196.815785
IsDebuggerPresent
failed 0 0
1620019196.830785
IsDebuggerPresent
failed 0 0
1620019197.159785
IsDebuggerPresent
failed 0 0
1620019197.190785
IsDebuggerPresent
failed 0 0
1620019197.299785
IsDebuggerPresent
failed 0 0
1620019197.330785
IsDebuggerPresent
failed 0 0
1620019200.049785
IsDebuggerPresent
failed 0 0
1620019200.315785
IsDebuggerPresent
failed 0 0
1620019202.127785
IsDebuggerPresent
failed 0 0
1620019208.112785
IsDebuggerPresent
failed 0 0
1620019208.393785
IsDebuggerPresent
failed 0 0
1620019209.174785
IsDebuggerPresent
failed 0 0
1620019210.768785
IsDebuggerPresent
failed 0 0
1620019212.784785
IsDebuggerPresent
failed 0 0
1620019216.440785
IsDebuggerPresent
failed 0 0
1620019219.237785
IsDebuggerPresent
failed 0 0
1620019188.519037
IsDebuggerPresent
failed 0 0
1620019188.597037
IsDebuggerPresent
failed 0 0
1620019201.878037
IsDebuggerPresent
failed 0 0
1620019201.925037
IsDebuggerPresent
failed 0 0
1620019202.175037
IsDebuggerPresent
failed 0 0
1620019202.206037
IsDebuggerPresent
failed 0 0
1620019202.238037
IsDebuggerPresent
failed 0 0
1620019202.253037
IsDebuggerPresent
failed 0 0
1620019203.769037
IsDebuggerPresent
failed 0 0
1620019207.269037
IsDebuggerPresent
failed 0 0
Command line console output was observed (9 个事件)
Time & API Arguments Status Return Repeated
1620019608.010758
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1620019608.010758
WriteConsoleW
buffer: start
console_handle: 0x00000007
success 1 0
1620019608.026758
WriteConsoleW
buffer: https://www.youtube.com/channel/UCmlFfCjqKPAr63Kzko2eISQ?sub_confirmation=1
console_handle: 0x00000007
success 1 0
1620019608.776758
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1620019608.776758
WriteConsoleW
buffer: start
console_handle: 0x00000007
success 1 0
1620019608.776758
WriteConsoleW
buffer: https://discord.gg/VhMyVMT
console_handle: 0x00000007
success 1 0
1620019609.072758
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1620019609.072758
WriteConsoleW
buffer: start
console_handle: 0x00000007
success 1 0
1620019609.072758
WriteConsoleW
buffer: https://vk.com/4itmen_hack
console_handle: 0x00000007
success 1 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Tries to locate where the browsers are installed (1 个事件)
file C:\Program Files\Google\Chrome\Application\89.0.4389.114\chrome.dll
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620019608.432758
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1620019228.94041
__exception__
stacktrace: 
0xb92e04
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30

registers.r14: 7537735142912
registers.r9: 0
registers.rcx: 1196
registers.rsi: -6148914691236517206
registers.r10: 0
registers.rbx: 274198208
registers.rdi: 17302540
registers.r11: 274202128
registers.r8: 2009563532
registers.rdx: 1328
registers.rbp: 274198064
registers.r15: 274198568
registers.r12: 274198968
registers.rsp: 274197928
registers.rax: 12135936
registers.r13: 7537736089600
exception.instruction_r: ff 15 16 1f 09 00 ff 25 00 00 00 00 aa a4 a3 77
exception.instruction: call qword ptr [rip + 0x91f16]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xb92e04
success 0 0
1620019221.705785
__exception__
stacktrace: 
0x192e04
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30

registers.r14: 7375509966336
registers.r9: 0
registers.rcx: 1244
registers.rsi: -6148914691236517206
registers.r10: 0
registers.rbx: 256897024
registers.rdi: 17302540
registers.r11: 256900944
registers.r8: 2009563532
registers.rdx: 1308
registers.rbp: 256896880
registers.r15: 256897384
registers.r12: 256897784
registers.rsp: 256896744
registers.rax: 1650176
registers.r13: 7375510962176
exception.instruction_r: ff 15 16 1f 09 00 ff 25 00 00 00 00 aa a4 a3 77
exception.instruction: call qword ptr [rip + 0x91f16]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x192e04
success 0 0
行为判定
动态指标
An application raised an exception which may be indicative of an exploit crash (4 个事件)
Application Crash Process chrome.exe with pid 200 crashed
Application Crash Process chrome.exe with pid 2560 crashed
Time & API Arguments Status Return Repeated
1620019228.94041
__exception__
stacktrace: 
0xb92e04
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30

registers.r14: 7537735142912
registers.r9: 0
registers.rcx: 1196
registers.rsi: -6148914691236517206
registers.r10: 0
registers.rbx: 274198208
registers.rdi: 17302540
registers.r11: 274202128
registers.r8: 2009563532
registers.rdx: 1328
registers.rbp: 274198064
registers.r15: 274198568
registers.r12: 274198968
registers.rsp: 274197928
registers.rax: 12135936
registers.r13: 7537736089600
exception.instruction_r: ff 15 16 1f 09 00 ff 25 00 00 00 00 aa a4 a3 77
exception.instruction: call qword ptr [rip + 0x91f16]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xb92e04
success 0 0
1620019221.705785
__exception__
stacktrace: 
0x192e04
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30

registers.r14: 7375509966336
registers.r9: 0
registers.rcx: 1244
registers.rsi: -6148914691236517206
registers.r10: 0
registers.rbx: 256897024
registers.rdi: 17302540
registers.r11: 256900944
registers.r8: 2009563532
registers.rdx: 1308
registers.rbp: 256896880
registers.r15: 256897384
registers.r12: 256897784
registers.rsp: 256896744
registers.rax: 1650176
registers.r13: 7375510962176
exception.instruction_r: ff 15 16 1f 09 00 ff 25 00 00 00 00 aa a4 a3 77
exception.instruction: call qword ptr [rip + 0x91f16]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x192e04
success 0 0
Steals private information from local Internet browsers (24 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad\reports
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\FontLookupTableCache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\bf0f177c-d5cc-459e-aa08-8f2cc21894b0.tmp
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-608F8E5D-C8.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\BrowserMetrics
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Local State
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad\metadata
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\First Run
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-608F8E5E-560.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-spare.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\old_GPUCache_000
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma~RF1cb2997.TMP
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-608F8E58-A00.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
Creates executable files on the filesystem (2 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\4ITMEN.bat
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\GLOBALHACK[RU_VN][27.07.2019].exe
Creates hidden or system file (2 个事件)
Time & API Arguments Status Return Repeated
1620019606.630499
NtCreateFile
create_disposition: 5 (FILE_OVERWRITE_IF)
file_handle: 0x0000007c
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\GLOBALHACK[RU_VN][27.07.2019].exe
desired_access: 0x40100080 (FILE_READ_ATTRIBUTES|SYNCHRONIZE|GENERIC_WRITE)
file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: \??\C:\Users\ADMINI~1.OSK\AppData\Local\Temp\GLOBALHACK[RU_VN][27.07.2019].exe
create_options: 96 (FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT)
status_info: 2 (FILE_CREATED)
share_access: 2 (FILE_SHARE_WRITE)
success 0 0
1620019607.552499
NtCreateFile
create_disposition: 5 (FILE_OVERWRITE_IF)
file_handle: 0x0000022c
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\4ITMEN.bat
desired_access: 0x40100080 (FILE_READ_ATTRIBUTES|SYNCHRONIZE|GENERIC_WRITE)
file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: \??\C:\Users\ADMINI~1.OSK\AppData\Local\Temp\4ITMEN.bat
create_options: 96 (FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT)
status_info: 2 (FILE_CREATED)
share_access: 2 (FILE_SHARE_WRITE)
success 0 0
Drops a binary and executes it (2 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\GLOBALHACK[RU_VN][27.07.2019].exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\4ITMEN.bat
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\GLOBALHACK[RU_VN][27.07.2019].exe
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
One or more non-safelisted processes were created (5 个事件)
parent_process chrome.exe martian_process "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xac,0xb0,0xb4,0x80,0xb8,0x7fef24e4f50,0x7fef24e4f60,0x7fef24e4f70
parent_process chrome.exe martian_process "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1020,9720354643269863115,6368228727771939028,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1028 /prefetch:2
parent_process chrome.exe martian_process "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xb0,0xb4,0xb8,0x84,0xbc,0x7fef24e4f50,0x7fef24e4f60,0x7fef24e4f70
parent_process chrome.exe martian_process "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1048,2129471743453579767,2830331819654543101,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1068 /prefetch:2
parent_process chrome.exe martian_process "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xac,0xb0,0xb4,0x80,0xb8,0x7fef24e4f50,0x7fef24e4f60,0x7fef24e4f70
Resumed a suspended thread in a remote process potentially indicative of process injection (18 个事件)
Process injection Process 3168 resumed a thread in remote process 2560
Process injection Process 3112 resumed a thread in remote process 200
Time & API Arguments Status Return Repeated
1620019227.066285
NtResumeThread
thread_handle: 0x000000000000013c
suspend_count: 2
process_identifier: 2560
success 0 0
1620019228.847285
NtResumeThread
thread_handle: 0x000000000000013c
suspend_count: 2
process_identifier: 2560
success 0 0
1620019230.316285
NtResumeThread
thread_handle: 0x000000000000013c
suspend_count: 2
process_identifier: 2560
success 0 0
1620019231.425285
NtResumeThread
thread_handle: 0x000000000000013c
suspend_count: 2
process_identifier: 2560
success 0 0
1620019233.066285
NtResumeThread
thread_handle: 0x000000000000013c
suspend_count: 2
process_identifier: 2560
success 0 0
1620019235.253285
NtResumeThread
thread_handle: 0x000000000000013c
suspend_count: 2
process_identifier: 2560
success 0 0
1620019238.378285
NtResumeThread
thread_handle: 0x000000000000013c
suspend_count: 2
process_identifier: 2560
success 0 0
1620019240.035285
NtResumeThread
thread_handle: 0x000000000000013c
suspend_count: 2
process_identifier: 2560
success 0 0
1620019241.816285
NtResumeThread
thread_handle: 0x000000000000013c
suspend_count: 2
process_identifier: 2560
success 0 0
1620019243.581285
NtResumeThread
thread_handle: 0x000000000000013c
suspend_count: 2
process_identifier: 2560
success 0 0
1620019231.612785
NtResumeThread
thread_handle: 0x000000000000010c
suspend_count: 2
process_identifier: 200
success 0 0
1620019232.940785
NtResumeThread
thread_handle: 0x000000000000010c
suspend_count: 2
process_identifier: 200
success 0 0
1620019234.862785
NtResumeThread
thread_handle: 0x000000000000010c
suspend_count: 2
process_identifier: 200
success 0 0
1620019238.799785
NtResumeThread
thread_handle: 0x000000000000010c
suspend_count: 2
process_identifier: 200
success 0 0
1620019240.159785
NtResumeThread
thread_handle: 0x000000000000010c
suspend_count: 2
process_identifier: 200
success 0 0
1620019242.080785
NtResumeThread
thread_handle: 0x000000000000010c
suspend_count: 2
process_identifier: 200
success 0 0
File has been identified by 65 AntiVirus engines on VirusTotal as malicious (50 out of 65 个事件)
Bkav W32.AIDetectVM.malware2
MicroWorld-eScan Dropped:Trojan.GenericKD.42147856
FireEye Generic.mg.f27c89f4c93c9e4b
McAfee GenericRXDR-OQ!F27C89F4C93C
Malwarebytes Trojan.Dropper.DLF
SUPERAntiSpyware Trojan.Agent/Gen-Dropper
Sangfor Malware
K7AntiVirus Trojan ( 004bdc281 )
Alibaba TrojanDropper:Win32/Dorv.c1670cda
K7GW Trojan ( 004bdc281 )
Cybereason malicious.4c93c9
TrendMicro TROJ_BINDER.SMBD
Baidu Win32.Trojan-Dropper.Delf.as
F-Prot W32/Trojan2.PZJI
Symantec SMG.Heur!gen
TotalDefense Win32/Fynloski.ZHLKEDD
APEX Malicious
Avast Win32:Bagsu-L [PUP]
ClamAV Win.Trojan.Injector-6297685-1
Kaspersky Trojan-Dropper.Win32.Delf.eimp
BitDefender Dropped:Trojan.GenericKD.42147856
NANO-Antivirus Trojan.Win32.Delf.flagce
Paloalto generic.ml
AegisLab Trojan.Win32.Rbot.leZz
Rising Dropper.Delf!8.1EC (CLOUD)
Endgame malicious (high confidence)
Emsisoft Dropped:Trojan.GenericKD.42147856 (B)
Comodo TrojWare.Win32.TrojanDropper.Delf.SOC@572vwy
F-Secure Dropper.DR/Delphi.Gen
DrWeb Trojan.Packed.20771
Zillya Dropper.Delf.Win32.29059
Invincea heuristic
Trapmine malicious.high.ml.score
Sophos Mal/Generic-S
SentinelOne DFI - Suspicious PE
Cyren W32/Trojan.VVWT-8174
Jiangmin Trojan/Genome.bawa
Webroot W32.Trojan.Gen
Avira DR/Delphi.Gen
eGambit Unsafe.AI_Score_100%
Antiy-AVL Trojan/Win32.Wacatac
Microsoft Trojan:Win32/Dorv.A
Arcabit Trojan.Generic.D2832010
ViRobot Trojan.Win32.A.Scar.451584.A
ZoneAlarm Trojan-Dropper.Win32.Delf.eimp
GData Dropped:Trojan.GenericKD.42147856
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Ruftar.R30190
Acronis suspicious
VBA32 TrojanDropper.Delf
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x405064 GetCurrentThreadId
0x405070 ExitProcess
0x405074 RtlUnwind
0x405078 RaiseException
0x40507c TlsSetValue
0x405080 TlsGetValue
0x405084 LocalAlloc
0x405088 GetModuleHandleA
0x40508c FreeLibrary
0x405090 HeapFree
0x405094 HeapReAlloc
0x405098 HeapAlloc
0x40509c GetProcessHeap
Library kernel32.dll:
0x4050a4 WriteFile
0x4050a8 SizeofResource
0x4050ac SetFilePointer
0x4050b0 LockResource
0x4050b4 LoadResource
0x4050bc GetTempPathA
0x4050c0 GetSystemDirectoryA
0x4050c4 FreeResource
0x4050c8 FindResourceA
0x4050cc CreateFileA
0x4050d0 CloseHandle
Library shfolder.dll:
0x4050d8 SHGetFolderPathA
Library shell32.dll:
0x4050e0 ShellExecuteA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.