2.4
中危
11 个模型检测该样本为恶意!
重新分析
更多

f554d833e9508ae00c683f62a4460f4604f22bfe66b267c7314a960b2243be64

f28ebe263da76a31badfa1312c24e930.exe

分析耗时

80s

最近分析

文件大小

429.5KB
静态报毒 动态报毒 6QX2IQ A@6K1YFT ARTEMIS DEXEL EUXZ GENERIC@ML HTUDGX6KZPXUSCY PRESENOKER RDML UNSAFE VOBFUS 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!F28EBE263DA7 20191113 6.0.6.653
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20191118 18.4.3895.0
Tencent 20191118 1.0.0.1
Kingsoft 20191118 2013.8.14.323
CrowdStrike 20190702 1.0
静态指标
Queries for the computername (7 个事件)
Time & API Arguments Status Return Repeated
1620838787.417125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620838797.871125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620838808.542125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620838818.652125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620838828.886125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620838839.011125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620838849.183125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
This executable has a PDB path (1 个事件)
pdb_path C:\Projets\vbsedit_source\script2exe\Release\mywscript.pdb
行为判定
动态指标
A process attempted to delay the analysis task. (1 个事件)
description f28ebe263da76a31badfa1312c24e930.exe tried to sleep 120 seconds, actually delayed analysis time by 120 seconds
Executes one or more WMI queries (1 个事件)
wmi Select Name from Win32_Process WHERE Name='hltv.exe'
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 11 AntiVirus engines on VirusTotal as malicious (11 个事件)
FireEye Generic.mg.f28ebe263da76a31
McAfee Artemis!F28EBE263DA7
Cylance Unsafe
ClamAV Win.Malware.Dexel-6910198-0
Comodo TrojWare.Win32.TrojanDropper.Dexel.A@6k1yft
McAfee-GW-Edition BehavesLike.Win32.Generic.gm
Cyren W32/Trojan.EUXZ-2417
Jiangmin Trojan/Vobfus.wqc
Antiy-AVL Trojan/Win32.Vobfus
Microsoft PUA:Win32/Presenoker
Rising Trojan.Generic@ML.92 (RDML:hTudgx6kZPxuSCy/6QX2iQ)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2013-10-18 17:26:29

Imports

Library KERNEL32.dll:
0x42d09c GetFileAttributesW
0x42d0a0 GetFileSizeEx
0x42d0a4 GetFileTime
0x42d0a8 GetStartupInfoW
0x42d0ac HeapAlloc
0x42d0b0 HeapFree
0x42d0b4 RtlUnwind
0x42d0b8 HeapReAlloc
0x42d0bc RaiseException
0x42d0c0 VirtualProtect
0x42d0c4 VirtualAlloc
0x42d0c8 GetSystemInfo
0x42d0cc VirtualQuery
0x42d0d0 HeapSize
0x42d0d8 GetModuleFileNameA
0x42d0e4 SetHandleCount
0x42d0e8 GetStartupInfoA
0x42d0ec HeapCreate
0x42d0f0 VirtualFree
0x42d0f4 CreateFileW
0x42d0f8 GetTickCount
0x42d100 TerminateProcess
0x42d108 IsDebuggerPresent
0x42d10c GetCPInfo
0x42d110 GetACP
0x42d114 GetOEMCP
0x42d118 IsValidCodePage
0x42d124 GetConsoleCP
0x42d128 GetConsoleMode
0x42d12c LCMapStringA
0x42d130 LCMapStringW
0x42d134 GetStringTypeA
0x42d138 GetStringTypeW
0x42d13c GetLocaleInfoA
0x42d140 SetStdHandle
0x42d144 WriteConsoleA
0x42d148 WriteConsoleW
0x42d14c CreateFileA
0x42d154 GetFullPathNameW
0x42d15c FindFirstFileW
0x42d160 FindClose
0x42d164 GetCurrentProcess
0x42d168 DuplicateHandle
0x42d16c GetFileSize
0x42d170 SetEndOfFile
0x42d174 UnlockFile
0x42d178 LockFile
0x42d180 GetModuleHandleA
0x42d184 GlobalFlags
0x42d188 TlsFree
0x42d190 LocalReAlloc
0x42d194 TlsSetValue
0x42d198 TlsAlloc
0x42d1a0 GlobalHandle
0x42d1a4 GlobalReAlloc
0x42d1ac TlsGetValue
0x42d1b4 LocalAlloc
0x42d1bc GetCurrentProcessId
0x42d1c0 SetErrorMode
0x42d1c4 GetCurrentThread
0x42d1d0 GetLocaleInfoW
0x42d1d4 LoadLibraryExW
0x42d1d8 CompareStringA
0x42d1dc InterlockedExchange
0x42d1e4 lstrlenA
0x42d1e8 lstrcmpA
0x42d1ec GetCurrentThreadId
0x42d1f0 GlobalAddAtomW
0x42d1f4 GlobalFindAtomW
0x42d1f8 GlobalDeleteAtom
0x42d1fc LoadLibraryW
0x42d200 CompareStringW
0x42d204 LoadLibraryA
0x42d208 lstrcmpW
0x42d20c GetVersionExA
0x42d210 FreeLibrary
0x42d218 GetProcAddress
0x42d21c SetLastError
0x42d220 GlobalFree
0x42d224 GlobalAlloc
0x42d228 GlobalLock
0x42d22c GlobalUnlock
0x42d230 lstrlenW
0x42d234 WriteFile
0x42d238 SetConsoleOutputCP
0x42d23c GetConsoleOutputCP
0x42d240 WideCharToMultiByte
0x42d244 GetFileType
0x42d248 FlushFileBuffers
0x42d24c SetFilePointer
0x42d250 ReadFile
0x42d258 CloseHandle
0x42d25c GetExitCodeProcess
0x42d260 WaitForSingleObject
0x42d264 GetModuleFileNameW
0x42d268 ExitProcess
0x42d26c LocalFree
0x42d270 GetLastError
0x42d274 FormatMessageW
0x42d278 GetStdHandle
0x42d27c CreateThread
0x42d280 Sleep
0x42d284 GetModuleHandleW
0x42d288 GetCommandLineW
0x42d28c MultiByteToWideChar
0x42d290 FindResourceW
0x42d294 LoadResource
0x42d298 LockResource
0x42d2a0 SizeofResource
Library USER32.dll:
0x42d2ec CharUpperW
0x42d2f0 SetCursor
0x42d2f4 GrayStringW
0x42d2f8 DrawTextExW
0x42d2fc DrawTextW
0x42d300 TabbedTextOutW
0x42d304 ClientToScreen
0x42d308 DestroyMenu
0x42d30c ShowWindow
0x42d310 SetWindowTextW
0x42d314 LoadCursorW
0x42d318 GetDC
0x42d31c ReleaseDC
0x42d320 GetSysColorBrush
0x42d328 IsWindowEnabled
0x42d32c PostQuitMessage
0x42d330 SetMenuItemBitmaps
0x42d338 ModifyMenuW
0x42d33c EnableMenuItem
0x42d340 GetMessageW
0x42d344 GetCursorPos
0x42d348 ValidateRect
0x42d350 LoadIconW
0x42d354 WinHelpW
0x42d358 GetCapture
0x42d35c SetWindowsHookExW
0x42d360 CallNextHookEx
0x42d364 GetClassLongW
0x42d368 GetClassNameW
0x42d36c SetPropW
0x42d370 GetPropW
0x42d374 RemovePropW
0x42d378 GetFocus
0x42d37c IsWindow
0x42d380 GetWindowTextW
0x42d384 GetForegroundWindow
0x42d388 GetLastActivePopup
0x42d38c GetDlgItem
0x42d390 GetTopWindow
0x42d394 DestroyWindow
0x42d398 GetMessageTime
0x42d39c GetMessagePos
0x42d3a0 MapWindowPoints
0x42d3a4 GetKeyState
0x42d3a8 SetMenu
0x42d3ac MessageBoxW
0x42d3b0 GetActiveWindow
0x42d3b8 PeekMessageW
0x42d3bc EnableWindow
0x42d3c0 SetForegroundWindow
0x42d3c4 IsWindowVisible
0x42d3c8 GetClientRect
0x42d3cc PostMessageW
0x42d3d0 CreateWindowExW
0x42d3d4 GetClassInfoExW
0x42d3d8 GetClassInfoW
0x42d3dc RegisterClassW
0x42d3e0 LoadBitmapW
0x42d3e4 TranslateMessage
0x42d3e8 DispatchMessageW
0x42d3ec GetSubMenu
0x42d3f0 GetMenuItemCount
0x42d3f4 GetMenuItemID
0x42d3f8 GetMenuState
0x42d3fc UnhookWindowsHookEx
0x42d400 GetWindow
0x42d404 GetSystemMetrics
0x42d408 GetWindowRect
0x42d40c GetWindowPlacement
0x42d410 IsIconic
0x42d418 SetWindowPos
0x42d41c SetWindowLongW
0x42d420 GetWindowLongW
0x42d424 GetMenu
0x42d428 PtInRect
0x42d42c GetSysColor
0x42d430 AdjustWindowRectEx
0x42d434 GetParent
0x42d438 GetDlgCtrlID
0x42d43c SendMessageW
0x42d440 DefWindowProcW
0x42d444 CallWindowProcW
0x42d448 CopyRect
0x42d44c CheckMenuItem
Library GDI32.dll:
0x42d038 DeleteDC
0x42d03c GetStockObject
0x42d040 ScaleWindowExtEx
0x42d044 SetWindowExtEx
0x42d048 ScaleViewportExtEx
0x42d04c SetViewportExtEx
0x42d050 OffsetViewportOrgEx
0x42d054 SetViewportOrgEx
0x42d058 SelectObject
0x42d05c Escape
0x42d060 TextOutW
0x42d064 RectVisible
0x42d068 GetDeviceCaps
0x42d06c SetMapMode
0x42d070 RestoreDC
0x42d074 SaveDC
0x42d078 DeleteObject
0x42d07c ExtTextOutW
0x42d080 CreateBitmap
0x42d084 SetBkColor
0x42d088 SetTextColor
0x42d08c GetClipBox
0x42d090 PtVisible
Library COMDLG32.dll:
0x42d030 GetFileTitleW
Library WINSPOOL.DRV:
0x42d454 DocumentPropertiesW
0x42d458 OpenPrinterW
0x42d45c ClosePrinter
Library ADVAPI32.dll:
0x42d000 RegSetValueExW
0x42d004 RegEnumKeyW
0x42d008 RegDeleteKeyW
0x42d00c RegQueryValueW
0x42d010 RegOpenKeyW
0x42d014 RegCreateKeyExW
0x42d018 RegCloseKey
0x42d01c RegQueryValueExW
0x42d020 RegEnumKeyExW
0x42d024 RegOpenKeyExW
Library SHLWAPI.dll:
0x42d2d8 PathStripToRootW
0x42d2dc PathIsUNCW
0x42d2e0 PathFindFileNameW
0x42d2e4 PathFindExtensionW
Library ole32.dll:
0x42d464 CoDisconnectObject
0x42d468 StringFromGUID2
0x42d46c CoGetObject
0x42d470 CoCreateInstance
0x42d474 CLSIDFromProgID
0x42d478 CoInitialize
Library OLEAUT32.dll:
0x42d2a8 SysFreeString
0x42d2ac VariantInit
0x42d2b0 VariantCopy
0x42d2b4 VariantClear
0x42d2b8 SysAllocStringLen
0x42d2bc VariantChangeType
0x42d2c0 LoadTypeLibEx
0x42d2c4 LoadRegTypeLib
0x42d2c8 SysAllocString
0x42d2cc SysStringLen
0x42d2d0 LoadTypeLib

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.