4.2
中危
50 个模型检测该样本为恶意!
重新分析
更多

3db99896428786088fbe532fa990f3f1ae746ae484a694366bf074dcafe1eb22

f34ecc57aa0ae3c268d92175a4e1e07f.exe

分析耗时

82s

最近分析

文件大小

853.5KB
静态报毒 动态报毒 0NA103FD20 1KW@AUZWQQDI AI SCORE=83 ATTRIBUTE BLUTEAL BTUWTJ BYPASSUAC CLASSIC CONFIDENCE DELF DOWNLOADER33 DPIE DQXA EMPE FAREIT GDSDA GENCIRC GENKRYPTIK HACKTOOL HIGHCONFIDENCE HLBZXC IGENT KRYPTIK MALICIOUS MALWARE@#ALCY2PZNJ3OJ SCORE UNSAFE WACATAC ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FVP!F34ECC57AA0A 20200726 6.0.6.653
Alibaba TrojanDownloader:Win32/Bluteal.f540901d 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20200726 18.4.3895.0
Kingsoft 20200726 2013.8.14.323
Tencent Malware.Win32.Gencirc.10cdd5f7 20200726 1.0.0.1
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .itext
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619999728.322979
__exception__
stacktrace: 
0x33e963a
0x33e966d
0x33e958a
0x339fa10
0x33eb33e
0x33edb16
0x33ae6ea
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x775a7bca
0x33e71b4
0x33eddf7
f34ecc57aa0ae3c268d92175a4e1e07f+0x5b2a3 @ 0x45b2a3

registers.esp: 1634000
registers.edi: 0
registers.eax: 1634000
registers.ebp: 1634080
registers.edx: 0
registers.ebx: 1635756
registers.esi: 55081704
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1619999684.947979
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00500000
success 0 0
1619999685.869979
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x022a0000
success 0 0
Downloads a file or document from Google Drive (1 个事件)
domain drive.google.com
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 103.97.3.19:443
File has been identified by 50 AntiVirus engines on VirusTotal as malicious (50 个事件)
MicroWorld-eScan Trojan.Empe.1.Gen
FireEye Trojan.Empe.1.Gen
McAfee Fareit-FVP!F34ECC57AA0A
Malwarebytes Trojan.MalPack.DLF
Zillya Downloader.Delf.Win32.59256
K7AntiVirus Trojan-Downloader ( 00568a131 )
Alibaba TrojanDownloader:Win32/Bluteal.f540901d
K7GW Trojan-Downloader ( 00568a131 )
Arcabit Trojan.Empe.1.Gen
TrendMicro TROJ_FRS.0NA103FD20
F-Prot W32/Kryptik.AUQ
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Malware-gen
Kaspersky HEUR:Exploit.Win32.BypassUAC.gen
BitDefender Trojan.Empe.1.Gen
NANO-Antivirus Trojan.Win32.Delf.hlbzxc
Paloalto generic.ml
Rising Trojan.Injector!1.C74B (CLASSIC)
Ad-Aware Trojan.Empe.1.Gen
Emsisoft Trojan.Empe.1.Gen (B)
Comodo Malware@#alcy2pznj3oj
DrWeb Trojan.DownLoader33.53551
VIPRE Trojan.Win32.Generic!BT
Trapmine suspicious.low.ml.score
Sophos Mal/Generic-S
Cyren W32/Trojan.DQXA-4745
Jiangmin Exploit.BypassUAC.btb
eGambit Unsafe.AI_Score_74%
Antiy-AVL Trojan[Exploit]/Win32.BypassUAC
Microsoft PWS:Win32/Fareit.ART!MTB
AegisLab Hacktool.Win32.BypassUAC.3!c
ZoneAlarm HEUR:Exploit.Win32.BypassUAC.gen
GData Trojan.Empe.1.Gen
AhnLab-V3 Malware/Win32.Generic.C4125165
BitDefenderTheta Gen:NN.ZelphiF.34138.1KW@auzwqQdi
ALYac Trojan.Empe.1.Gen
MAX malware (ai score=83)
VBA32 Trojan.Wacatac
Cylance Unsafe
ESET-NOD32 Win32/TrojanDownloader.Delf.CXV
TrendMicro-HouseCall TROJ_FRS.0NA103FD20
Tencent Malware.Win32.Gencirc.10cdd5f7
Yandex Trojan.Igent.bTUWtj.23
Ikarus Trojan.Inject
Fortinet W32/GenKryptik.DPIE!tr
AVG Win32:Malware-gen
Panda Trj/GdSda.A
CrowdStrike win/malicious_confidence_60% (W)
Qihoo-360 Win32/Trojan.Exploit.714
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library oleaut32.dll:
0x4cc7cc SysFreeString
0x4cc7d0 SysReAllocStringLen
0x4cc7d4 SysAllocStringLen
Library advapi32.dll:
0x4cc7dc RegQueryValueExA
0x4cc7e0 RegOpenKeyExA
0x4cc7e4 RegCloseKey
Library user32.dll:
0x4cc7ec GetKeyboardType
0x4cc7f0 DestroyWindow
0x4cc7f4 LoadStringA
0x4cc7f8 MessageBoxA
0x4cc7fc CharNextA
Library kernel32.dll:
0x4cc804 GetACP
0x4cc808 Sleep
0x4cc80c VirtualFree
0x4cc810 VirtualAlloc
0x4cc814 GetCurrentThreadId
0x4cc820 VirtualQuery
0x4cc824 WideCharToMultiByte
0x4cc828 MultiByteToWideChar
0x4cc82c lstrlenA
0x4cc830 lstrcpynA
0x4cc834 LoadLibraryExA
0x4cc838 GetThreadLocale
0x4cc83c GetStartupInfoA
0x4cc840 GetProcAddress
0x4cc844 GetModuleHandleA
0x4cc848 GetModuleFileNameA
0x4cc84c GetLocaleInfoA
0x4cc850 GetCommandLineA
0x4cc854 FreeLibrary
0x4cc858 FindFirstFileA
0x4cc85c FindClose
0x4cc860 ExitProcess
0x4cc864 CompareStringA
0x4cc868 WriteFile
0x4cc870 RtlUnwind
0x4cc874 RaiseException
0x4cc878 GetStdHandle
Library kernel32.dll:
0x4cc880 TlsSetValue
0x4cc884 TlsGetValue
0x4cc888 LocalAlloc
0x4cc88c GetModuleHandleA
Library user32.dll:
0x4cc894 CreateWindowExA
0x4cc898 WindowFromPoint
0x4cc89c WaitMessage
0x4cc8a0 UpdateWindow
0x4cc8a4 UnregisterClassA
0x4cc8a8 UnhookWindowsHookEx
0x4cc8ac TranslateMessage
0x4cc8b4 TrackPopupMenu
0x4cc8bc ShowWindow
0x4cc8c0 ShowScrollBar
0x4cc8c4 ShowOwnedPopups
0x4cc8c8 SetWindowsHookExA
0x4cc8cc SetWindowTextA
0x4cc8d0 SetWindowPos
0x4cc8d4 SetWindowPlacement
0x4cc8d8 SetWindowLongW
0x4cc8dc SetWindowLongA
0x4cc8e0 SetTimer
0x4cc8e4 SetScrollRange
0x4cc8e8 SetScrollPos
0x4cc8ec SetScrollInfo
0x4cc8f0 SetRect
0x4cc8f4 SetPropA
0x4cc8f8 SetParent
0x4cc8fc SetMenuItemInfoA
0x4cc900 SetMenu
0x4cc904 SetForegroundWindow
0x4cc908 SetFocus
0x4cc90c SetCursor
0x4cc910 SetClipboardData
0x4cc914 SetClassLongA
0x4cc918 SetCapture
0x4cc91c SetActiveWindow
0x4cc920 SendMessageW
0x4cc924 SendMessageA
0x4cc928 ScrollWindow
0x4cc92c ScreenToClient
0x4cc930 RemovePropA
0x4cc934 RemoveMenu
0x4cc938 ReleaseDC
0x4cc93c ReleaseCapture
0x4cc948 RegisterClassA
0x4cc94c RedrawWindow
0x4cc950 PtInRect
0x4cc954 PostQuitMessage
0x4cc958 PostMessageA
0x4cc95c PeekMessageW
0x4cc960 PeekMessageA
0x4cc964 OpenClipboard
0x4cc968 OffsetRect
0x4cc96c OemToCharA
0x4cc970 MessageBoxA
0x4cc974 MessageBeep
0x4cc978 MapWindowPoints
0x4cc97c MapVirtualKeyA
0x4cc980 LoadStringA
0x4cc984 LoadKeyboardLayoutA
0x4cc988 LoadIconA
0x4cc98c LoadCursorA
0x4cc990 LoadBitmapA
0x4cc994 KillTimer
0x4cc998 IsZoomed
0x4cc99c IsWindowVisible
0x4cc9a0 IsWindowUnicode
0x4cc9a4 IsWindowEnabled
0x4cc9a8 IsWindow
0x4cc9ac IsRectEmpty
0x4cc9b0 IsIconic
0x4cc9b4 IsDialogMessageW
0x4cc9b8 IsDialogMessageA
0x4cc9bc IsChild
0x4cc9c0 InvalidateRect
0x4cc9c4 IntersectRect
0x4cc9c8 InsertMenuItemA
0x4cc9cc InsertMenuA
0x4cc9d0 InflateRect
0x4cc9d8 GetWindowTextA
0x4cc9dc GetWindowRect
0x4cc9e0 GetWindowPlacement
0x4cc9e4 GetWindowLongW
0x4cc9e8 GetWindowLongA
0x4cc9ec GetWindowDC
0x4cc9f0 GetTopWindow
0x4cc9f4 GetSystemMetrics
0x4cc9f8 GetSystemMenu
0x4cc9fc GetSysColorBrush
0x4cca00 GetSysColor
0x4cca04 GetSubMenu
0x4cca08 GetScrollRange
0x4cca0c GetScrollPos
0x4cca10 GetScrollInfo
0x4cca14 GetPropA
0x4cca18 GetParent
0x4cca1c GetWindow
0x4cca20 GetMessagePos
0x4cca24 GetMenuStringA
0x4cca28 GetMenuState
0x4cca2c GetMenuItemInfoA
0x4cca30 GetMenuItemID
0x4cca34 GetMenuItemCount
0x4cca38 GetMenu
0x4cca3c GetLastActivePopup
0x4cca40 GetKeyboardState
0x4cca4c GetKeyboardLayout
0x4cca50 GetKeyState
0x4cca54 GetKeyNameTextA
0x4cca58 GetIconInfo
0x4cca5c GetForegroundWindow
0x4cca60 GetFocus
0x4cca64 GetDlgItem
0x4cca68 GetDesktopWindow
0x4cca6c GetDCEx
0x4cca70 GetDC
0x4cca74 GetCursorPos
0x4cca78 GetCursor
0x4cca7c GetClipboardData
0x4cca80 GetClientRect
0x4cca84 GetClassLongA
0x4cca88 GetClassInfoA
0x4cca8c GetCapture
0x4cca90 GetActiveWindow
0x4cca94 FrameRect
0x4cca98 FindWindowA
0x4cca9c FillRect
0x4ccaa0 EqualRect
0x4ccaa4 EnumWindows
0x4ccaa8 EnumThreadWindows
0x4ccaac EnumChildWindows
0x4ccab0 EndPaint
0x4ccab4 EnableWindow
0x4ccab8 EnableScrollBar
0x4ccabc EnableMenuItem
0x4ccac0 EmptyClipboard
0x4ccac4 DrawTextA
0x4ccac8 DrawMenuBar
0x4ccacc DrawIconEx
0x4ccad0 DrawIcon
0x4ccad4 DrawFrameControl
0x4ccad8 DrawEdge
0x4ccadc DispatchMessageW
0x4ccae0 DispatchMessageA
0x4ccae4 DestroyWindow
0x4ccae8 DestroyMenu
0x4ccaec DestroyIcon
0x4ccaf0 DestroyCursor
0x4ccaf4 DeleteMenu
0x4ccaf8 DefWindowProcA
0x4ccafc DefMDIChildProcA
0x4ccb00 DefFrameProcA
0x4ccb04 CreatePopupMenu
0x4ccb08 CreateMenu
0x4ccb0c CreateIcon
0x4ccb10 CloseClipboard
0x4ccb14 ClientToScreen
0x4ccb18 CheckMenuItem
0x4ccb1c CallWindowProcA
0x4ccb20 CallNextHookEx
0x4ccb24 BeginPaint
0x4ccb28 CharNextA
0x4ccb2c CharLowerBuffA
0x4ccb30 CharLowerA
0x4ccb34 CharUpperBuffA
0x4ccb38 CharToOemA
0x4ccb3c AdjustWindowRectEx
Library gdi32.dll:
0x4ccb48 UnrealizeObject
0x4ccb4c StretchBlt
0x4ccb50 SetWindowOrgEx
0x4ccb54 SetWinMetaFileBits
0x4ccb58 SetViewportOrgEx
0x4ccb5c SetTextColor
0x4ccb60 SetStretchBltMode
0x4ccb64 SetROP2
0x4ccb68 SetPixel
0x4ccb6c SetEnhMetaFileBits
0x4ccb70 SetDIBColorTable
0x4ccb74 SetBrushOrgEx
0x4ccb78 SetBkMode
0x4ccb7c SetBkColor
0x4ccb80 SelectPalette
0x4ccb84 SelectObject
0x4ccb88 SaveDC
0x4ccb8c RestoreDC
0x4ccb90 Rectangle
0x4ccb94 RectVisible
0x4ccb98 RealizePalette
0x4ccb9c PlayEnhMetaFile
0x4ccba0 PatBlt
0x4ccba4 MoveToEx
0x4ccba8 MaskBlt
0x4ccbac LineTo
0x4ccbb0 IntersectClipRect
0x4ccbb4 GetWindowOrgEx
0x4ccbb8 GetWinMetaFileBits
0x4ccbbc GetTextMetricsA
0x4ccbc0 GetTextExtentPointA
0x4ccbcc GetStockObject
0x4ccbd0 GetRgnBox
0x4ccbd4 GetPixel
0x4ccbd8 GetPaletteEntries
0x4ccbdc GetObjectA
0x4ccbe8 GetEnhMetaFileBits
0x4ccbec GetDeviceCaps
0x4ccbf0 GetDIBits
0x4ccbf4 GetDIBColorTable
0x4ccbf8 GetDCOrgEx
0x4ccc00 GetClipBox
0x4ccc04 GetBrushOrgEx
0x4ccc08 GetBitmapBits
0x4ccc0c ExcludeClipRect
0x4ccc10 DeleteObject
0x4ccc14 DeleteEnhMetaFile
0x4ccc18 DeleteDC
0x4ccc1c CreateSolidBrush
0x4ccc20 CreatePenIndirect
0x4ccc24 CreatePalette
0x4ccc2c CreateFontIndirectA
0x4ccc30 CreateDIBitmap
0x4ccc34 CreateDIBSection
0x4ccc38 CreateCompatibleDC
0x4ccc40 CreateBrushIndirect
0x4ccc44 CreateBitmap
0x4ccc48 CopyEnhMetaFileA
0x4ccc4c BitBlt
Library version.dll:
0x4ccc54 VerQueryValueA
0x4ccc5c GetFileVersionInfoA
Library kernel32.dll:
0x4ccc64 lstrcpyA
0x4ccc68 WriteFile
0x4ccc6c WaitForSingleObject
0x4ccc70 VirtualQuery
0x4ccc74 VirtualProtect
0x4ccc78 VirtualAlloc
0x4ccc7c UnmapViewOfFile
0x4ccc80 SizeofResource
0x4ccc84 SetThreadLocale
0x4ccc88 SetFilePointer
0x4ccc8c SetEvent
0x4ccc90 SetErrorMode
0x4ccc94 SetEndOfFile
0x4ccc98 ResetEvent
0x4ccc9c ReadFile
0x4ccca0 MulDiv
0x4ccca4 MapViewOfFile
0x4ccca8 LockResource
0x4cccac LoadResource
0x4cccb0 LoadLibraryA
0x4cccbc GlobalUnlock
0x4cccc0 GlobalLock
0x4cccc4 GlobalFree
0x4cccc8 GlobalFindAtomA
0x4ccccc GlobalDeleteAtom
0x4cccd0 GlobalAlloc
0x4cccd4 GlobalAddAtomA
0x4cccd8 GetVersionExA
0x4cccdc GetVersion
0x4ccce0 GetTickCount
0x4ccce4 GetThreadLocale
0x4ccce8 GetStdHandle
0x4cccec GetProcAddress
0x4cccf0 GetModuleHandleA
0x4cccf4 GetModuleFileNameA
0x4cccf8 GetLocaleInfoA
0x4cccfc GetLocalTime
0x4ccd00 GetLastError
0x4ccd04 GetFullPathNameA
0x4ccd08 GetFileSize
0x4ccd0c GetDiskFreeSpaceA
0x4ccd10 GetDateFormatA
0x4ccd14 GetCurrentThreadId
0x4ccd18 GetCurrentProcessId
0x4ccd1c GetCPInfo
0x4ccd20 FreeResource
0x4ccd24 InterlockedExchange
0x4ccd28 FreeLibrary
0x4ccd2c FormatMessageA
0x4ccd30 FindResourceA
0x4ccd34 EnumCalendarInfoA
0x4ccd40 CreateThread
0x4ccd44 CreateFileMappingA
0x4ccd48 CreateFileA
0x4ccd4c CreateEventA
0x4ccd50 CompareStringA
0x4ccd54 CloseHandle
Library advapi32.dll:
0x4ccd5c RegQueryValueExA
0x4ccd60 RegOpenKeyExA
0x4ccd64 RegFlushKey
0x4ccd68 RegCloseKey
Library kernel32.dll:
0x4ccd70 Sleep
Library oleaut32.dll:
0x4ccd78 SafeArrayPtrOfIndex
0x4ccd7c SafeArrayGetUBound
0x4ccd80 SafeArrayGetLBound
0x4ccd84 SafeArrayCreate
0x4ccd88 VariantChangeType
0x4ccd8c VariantCopy
0x4ccd90 VariantClear
0x4ccd94 VariantInit
Library comctl32.dll:
0x4ccd9c _TrackMouseEvent
0x4ccda8 ImageList_Write
0x4ccdac ImageList_Read
0x4ccdb4 ImageList_DragMove
0x4ccdb8 ImageList_DragLeave
0x4ccdbc ImageList_DragEnter
0x4ccdc0 ImageList_EndDrag
0x4ccdc4 ImageList_BeginDrag
0x4ccdc8 ImageList_Remove
0x4ccdcc ImageList_DrawEx
0x4ccdd0 ImageList_Draw
0x4ccddc ImageList_Add
0x4ccde4 ImageList_Destroy
0x4ccde8 ImageList_Create
Library comdlg32.dll:
0x4ccdf0 GetOpenFileNameA
Library url.dll:
0x4ccdf8 InetIsOffline
Library winmm.dll:
0x4cce00 waveOutWrite
0x4cce08 waveOutReset
0x4cce10 waveOutOpen
0x4cce14 waveOutClose
Library advapi32.dll:
0x4cce1c QueryServiceStatus
0x4cce20 OpenServiceA
0x4cce24 OpenSCManagerA
0x4cce28 CloseServiceHandle

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.