SmartHawk

2.8

中危

54 个模型检测该样本为恶意！

重新分析

下载样本

5ed9ee6bd6d9bd2f8aff293cda5fac0c6af914a8bd0212b95ba8b55de2d0bed5

f363a1949f7221f02ea81d0a9318dc4c.exe

分析耗时

18s

最近分析

文件大小

480.0KB

静态报毒动态报毒 0XM7ZILK7CG 100% A + MAL AI SCORE=81 AIDETECTVM ATTRIBUTE CEEINJECT CLASSIC CONFIDENCE DRIDEX EC3@XCNFE ELDORADO FAKEALERT FOOBND GENASA GENERICGEN GENETIC GIFQ GIFY GIRH HIGH CONFIDENCE HIGHCONFIDENCE KRYPTIK MALICIOUS PE MALWARE1 MALWAREX PACKED2 QVM19 RECONYC SCORE SKEEYAH STATIC AI SUSGEN TIGGRE TLS@812ZM8 UNSAFE 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	VirTool:Win32/CeeInject.f0db1786	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Kingsoft		20201211	2017.9.26.565
McAfee	Packed-FJB!F363A1949F72	20201211	6.0.6.653
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0

One or more processes crashed (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619999686.862915 __exception__	stacktrace: f363a1949f7221f02ea81d0a9318dc4c+0x19f8 @ 0x4019f8 f363a1949f7221f02ea81d0a9318dc4c+0x1b17 @ 0x401b17 f363a1949f7221f02ea81d0a9318dc4c+0x1bc3 @ 0x401bc3 f363a1949f7221f02ea81d0a9318dc4c+0xd221 @ 0x40d221 registers.esp: 21495360 registers.edi: 4279296 registers.eax: 82432 registers.ebp: 21495440 registers.edx: 24118268 registers.ebx: 49807828 registers.esi: 4288512 registers.ecx: 84907078 exception.instruction_r: e4 03 8b 52 fc 29 d0 8d 48 01 6a 0a 8b 45 c0 8b exception.symbol: f363a1949f7221f02ea81d0a9318dc4c+0x149a0 exception.instruction: in al, 3 exception.module: f363a1949f7221f02ea81d0a9318dc4c.exe exception.exception_code: 0xc0000096 exception.offset: 84384 exception.address: 0x4149a0	success	0	0

Moves the original executable to a new location (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619999686.503915 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f363a1949f7221f02ea81d0a9318dc4c.exe newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\old_f363a1949f7221f02ea81d0a9318dc4c.exe newfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\old_f363a1949f7221f02ea81d0a9318dc4c.exe flags: 2 oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f363a1949f7221f02ea81d0a9318dc4c.exe	success	1	0

The binary likely contains encrypted or compressed data indicative of a packer (3 个事件)

entropy

7.050079645753293

section

{'size_of_data': '0x00013e00', 'virtual_address': '0x00001000', 'entropy': 7.050079645753293, 'name': '.text', 'virtual_size': '0x00013e00'}

description

A section with a high entropy has been found

entropy

7.955887416997285

section

{'size_of_data': '0x00054800', 'virtual_address': '0x00017000', 'entropy': 7.955887416997285, 'name': '.rdata', 'virtual_size': '0x000546ec'}

description

A section with a high entropy has been found

entropy

0.981198589894242

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Trojan.Heur.EC3@xCNFE!c
FireEye	Generic.mg.f363a1949f7221f0
CAT-QuickHeal	Trojan.Skeeyah.J1
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
K7AntiVirus	Trojan ( 005393141 )
Alibaba	VirTool:Win32/CeeInject.f0db1786
K7GW	Trojan ( 005393141 )
Cybereason	malicious.49f722
Arcabit	Trojan.Heur.E2DF8D
Cyren	W32/Kryptik.BQP.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Packed.Dridex-7734686-1
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Trojan.Heur.EC3@xCNFE!c
NANO-Antivirus	Trojan.Win32.FKM.foobnd
Ad-Aware	Gen:Trojan.Heur.EC3@xCNFE!c
Sophos	ML/PE-A + Mal/Inject-GJ
Comodo	TrojWare.Win32.Kryptik.TLS@812zm8
F-Secure	Trojan.TR/Crypt.FKM.Gen
DrWeb	Trojan.Packed2.41883
Zillya	Trojan.GenericGen.Win32.2
McAfee-GW-Edition	BehavesLike.Win32.Generic.gc
Emsisoft	Gen:Trojan.Heur.EC3@xCNFE!c (B)
SentinelOne	Static AI - Malicious PE
Avira	TR/Crypt.FKM.Gen
MAX	malware (ai score=81)
Antiy-AVL	Trojan/Win32.Kryptik.GIFY
Microsoft	VirTool:Win32/CeeInject.AKZ!bit
AegisLab	Trojan.Win32.Generic.4!c
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Gen:Trojan.Heur.EC3@xCNFE!c
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.Generic.C2578679
Acronis	suspicious
McAfee	Packed-FJB!F363A1949F72
VBA32	Trojan.Tiggre
Malwarebytes	Trojan.Reconyc
ESET-NOD32	a variant of Win32/Kryptik.GIRH
Rising	Trojan.Kryptik!1.B34D (CLASSIC)
Yandex	Trojan.GenAsa!0xM7zILK7cg
Ikarus	Trojan-Downloader.Win32.FakeAlert
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kryptik.GIFQ!tr
BitDefenderTheta	AI:Packer.CA1C995C1B

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1970-01-01 08:00:00

Imports

Library kernel32.dll:

• 0x4701c8 GetLastError

• 0x4701cc SetLastError

• 0x4701d0 GetTickCount

• 0x4701d4 ExitProcess

• 0x4701d8 GetStartupInfoA

• 0x4701dc GetStdHandle

• 0x4701e0 GetCommandLineA

• 0x4701e4 GetCurrentProcessId

• 0x4701e8 GetCurrentThreadId

• 0x4701ec GetCurrentProcess

• 0x4701f0 ReadProcessMemory

• 0x4701f4 GetModuleFileNameA

• 0x4701f8 GetModuleHandleA

• 0x4701fc WriteFile

• 0x470200 ReadFile

• 0x470204 CloseHandle

• 0x470208 SetFilePointer

• 0x47020c FreeLibrary

• 0x470210 LoadLibraryA

• 0x470214 GetProcAddress

• 0x470218 DeleteFileW

• 0x47021c MoveFileW

• 0x470220 CreateFileW

• 0x470224 GetFileAttributesW

• 0x470228 GetConsoleMode

• 0x47022c GetConsoleOutputCP

• 0x470230 GetOEMCP

• 0x470234 GetProcessHeap

• 0x470238 HeapAlloc

• 0x47023c HeapFree

• 0x470240 TlsAlloc

• 0x470244 TlsGetValue

• 0x470248 TlsSetValue

• 0x47024c CreateThread

• 0x470250 ExitThread

• 0x470254 LocalAlloc

• 0x470258 LocalFree

• 0x47025c Sleep

• 0x470260 SuspendThread

• 0x470264 ResumeThread

• 0x470268 TerminateThread

• 0x47026c WaitForSingleObject

• 0x470270 SetThreadPriority

• 0x470274 GetThreadPriority

• 0x470278 CreateEventA

• 0x47027c ResetEvent

• 0x470280 SetEvent

• 0x470284 InitializeCriticalSection

• 0x470288 DeleteCriticalSection

• 0x47028c EnterCriticalSection

• 0x470290 LeaveCriticalSection

• 0x470294 TryEnterCriticalSection

• 0x470298 MultiByteToWideChar

• 0x47029c WideCharToMultiByte

• 0x4702a0 GetACP

• 0x4702a4 GetConsoleCP

• 0x4702a8 SetUnhandledExceptionFilter

• 0x4702ac EnumResourceTypesA

• 0x4702b0 EnumResourceNamesA

• 0x4702b4 EnumResourceLanguagesA

• 0x4702b8 FindResourceA

• 0x4702bc FindResourceExA

• 0x4702c0 LoadResource

• 0x4702c4 SizeofResource

• 0x4702c8 LockResource

• 0x4702cc FreeResource

• 0x4702d0 GetWindowsDirectoryA

• 0x4702d4 CopyFileA

• 0x4702d8 CreateProcessA

• 0x4702dc GetVersionExA

• 0x4702e0 CompareStringA

• 0x4702e4 GetLocaleInfoA

• 0x4702e8 EnumCalendarInfoA

• 0x4702ec FormatMessageW

• 0x4702f0 CompareStringW

• 0x4702f4 TerminateProcess

• 0x4702f8 GetThreadLocale

• 0x4702fc SetThreadLocale

• 0x470300 GetUserDefaultLCID

Library oleaut32.dll:

• 0x470308 SysAllocStringLen

• 0x47030c SysFreeString

• 0x470310 SysReAllocStringLen

Library user32.dll:

• 0x470318 MessageBoxA

• 0x47031c CharUpperBuffW

• 0x470320 CharLowerBuffW

• 0x470324 CharUpperA

• 0x470328 CharUpperBuffA

• 0x47032c CharLowerA

• 0x470330 CharLowerBuffA

• 0x470334 GetSystemMetrics

• 0x470338 MessageBeep

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	50537	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.