3.8
中危
48 个模型检测该样本为恶意!
重新分析
更多

d6e3f20c3d9cf39d7a052c31e192b933705a84282a73225fb30f1ec980854847

fdbeb1f12f301c0f5efc9983e4b74f93.exe

分析耗时

77s

最近分析

文件大小

220.5KB
静态报毒 动态报毒 100% A VARIANT OF GENERIK AI SCORE=88 ATTRIBUTE BLUTEAL CANDDFI CONFIDENCE EMOTET GDSDA GENCIRC GENERICRXLY GENKRYPTIK GGHHQVCMC1H HIGH CONFIDENCE HIGHCONFIDENCE HWFSMT ICEDID IIRHP KCLOUD KRYPT NU0@A0QPJ3CI P99HEFSKFQS PACK PHOTODLDER R03BC0DID20 SCORE SLEPAK UNSAFE WACATAC WDON XKTL ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Avast Win32:Trojan-gen 20201228 21.1.5827.0
Alibaba Trojan:Win32/Slepak.e4a2ddda 20190527 0.3.0.5
Tencent Malware.Win32.Gencirc.11aeae34 20201228 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft Win32.Troj.Slepak.ii.(kcloud) 20201228 2017.9.26.565
McAfee GenericRXLY-LA!FDBEB1F12F30 20201228 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
This executable has a PDB path (1 个事件)
pdb_path c:\Stop\party\82\77\41\Noise\20\64\97\cutinterest.pdb
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620809389.161588
GlobalMemoryStatusEx
success 1 0
行为判定
动态指标
Resolves a suspicious Top Level Domain (TLD) (1 个事件)
domain gastellino.top description Generic top level domain TLD
Allocates read-write-execute memory (usually to unpack itself) (4 个事件)
Time & API Arguments Status Return Repeated
1620809388.880588
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 16384
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00ec3000
success 0 0
1620809388.880588
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003d0000
success 0 0
1620809388.880588
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003e0000
success 0 0
1620809388.880588
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Generates some ICMP traffic
File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Heur.Pack.Emotet.5
FireEye Generic.mg.fdbeb1f12f301c0f
Qihoo-360 Generic/Trojan.1b8
ALYac Trojan.IcedID.gen
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
K7AntiVirus Trojan ( 0056e32f1 )
BitDefender Gen:Heur.Pack.Emotet.5
K7GW Trojan ( 0056e32f1 )
Cybereason malicious.12f301
BitDefenderTheta Gen:NN.ZexaF.34700.nu0@a0qpJ3ci
Cyren W32/Trojan.XKTL-2801
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Trojan-gen
Kaspersky Trojan.Win32.Slepak.ii
Alibaba Trojan:Win32/Slepak.e4a2ddda
NANO-Antivirus Trojan.Win32.Slepak.hwfsmt
Tencent Malware.Win32.Gencirc.11aeae34
Ad-Aware Gen:Heur.Pack.Emotet.5
Sophos Mal/Generic-S
F-Secure Trojan.TR/AD.PhotoDlder.iirhp
TrendMicro TROJ_GEN.R03BC0DID20
McAfee-GW-Edition GenericRXLY-LA!FDBEB1F12F30
Emsisoft Gen:Heur.Pack.Emotet.5 (B)
Jiangmin Trojan.Slepak.ap
Avira TR/AD.PhotoDlder.iirhp
MAX malware (ai score=88)
Kingsoft Win32.Troj.Slepak.ii.(kcloud)
Gridinsoft Ransom.Win32.Wacatac.oa
Arcabit Trojan.Pack.Emotet.5
ZoneAlarm Trojan.Win32.Slepak.ii
GData Gen:Heur.Pack.Emotet.5
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.Generic.C4204780
McAfee GenericRXLY-LA!FDBEB1F12F30
VBA32 Trojan.Wacatac
Panda Trj/GdSda.A
ESET-NOD32 a variant of Generik.CANDDFI
TrendMicro-HouseCall TROJ_GEN.R03BC0DID20
Rising Trojan.Bluteal!8.EFE7 (TFE:5:ggHHqvcMc1H)
Yandex Trojan.GenKryptik!p99HEFskfQs
Ikarus Trojan.Win32.Krypt
Fortinet W32/PhotoDlder.WDON!tr
AVG Win32:Trojan-gen
Paloalto generic.ml
CrowdStrike win/malicious_confidence_100% (W)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2015-04-21 20:51:36

Imports

Library KERNEL32.dll:
0x1022060 GlobalAddAtomW
0x1022064 GlobalFlags
0x1022068 WriteFile
0x102206c SetFilePointer
0x1022070 FlushFileBuffers
0x1022074 GetCurrentProcess
0x1022078 GetModuleHandleA
0x102207c GlobalFindAtomW
0x1022080 GetStartupInfoW
0x1022084 HeapAlloc
0x1022088 HeapFree
0x102208c RtlUnwind
0x1022090 RaiseException
0x1022094 HeapReAlloc
0x1022098 HeapSize
0x102209c ExitProcess
0x10220a0 TerminateProcess
0x10220ac IsDebuggerPresent
0x10220b0 GetStdHandle
0x10220b4 GetModuleFileNameA
0x10220c0 GetCommandLineW
0x10220c4 SetHandleCount
0x10220c8 GetFileType
0x10220cc GetStartupInfoA
0x10220d0 HeapCreate
0x10220d4 VirtualFree
0x10220dc GetTickCount
0x10220e4 VirtualAlloc
0x10220ec GetCPInfo
0x10220f0 GetACP
0x10220f4 GetOEMCP
0x10220f8 IsValidCodePage
0x10220fc GetLocaleInfoA
0x1022100 GetConsoleCP
0x1022104 GetConsoleMode
0x1022108 LCMapStringA
0x102210c LCMapStringW
0x1022110 GetStringTypeA
0x1022114 GetStringTypeW
0x1022118 SetStdHandle
0x102211c WriteConsoleA
0x1022120 GetConsoleOutputCP
0x1022124 WriteConsoleW
0x1022128 CreateFileA
0x102212c GlobalDeleteAtom
0x1022130 LoadLibraryW
0x1022134 LoadLibraryA
0x1022138 lstrcmpW
0x102213c GetVersionExA
0x1022140 lstrlenA
0x1022144 lstrcmpA
0x1022148 InterlockedIncrement
0x102214c GetCurrentThreadId
0x1022150 CloseHandle
0x1022154 MultiByteToWideChar
0x1022158 FormatMessageW
0x102215c lstrlenW
0x1022160 WideCharToMultiByte
0x1022164 GetCurrentProcessId
0x1022168 FreeLibrary
0x102216c FindResourceW
0x1022170 LoadResource
0x1022174 LockResource
0x1022178 SizeofResource
0x102217c InterlockedDecrement
0x1022180 GetModuleFileNameW
0x1022184 GetModuleHandleW
0x1022188 GetProcAddress
0x102218c TlsFree
0x1022190 DeleteCriticalSection
0x1022194 LocalReAlloc
0x1022198 TlsSetValue
0x102219c TlsAlloc
0x10221a4 GlobalHandle
0x10221a8 GlobalUnlock
0x10221ac GlobalReAlloc
0x10221b0 GlobalLock
0x10221b4 EnterCriticalSection
0x10221b8 TlsGetValue
0x10221bc LeaveCriticalSection
0x10221c0 LocalFree
0x10221c4 LocalAlloc
0x10221c8 GetLastError
0x10221cc SetLastError
0x10221d0 GetVolumeInformationW
0x10221d4 GetVersion
0x10221d8 GetWindowsDirectoryW
0x10221dc VirtualProtect
0x10221e0 CreateEventW
0x10221e4 CreateSemaphoreW
0x10221e8 GlobalFree
0x10221ec GetCurrentDirectoryW
0x10221f0 FileTimeToSystemTime
0x10221f4 Sleep
0x10221f8 GetLocaleInfoW
0x10221fc GetSystemDirectoryW
0x1022200 GlobalAlloc
Library USER32.dll:
0x1022224 PostQuitMessage
0x1022228 GrayStringW
0x102222c DrawTextExW
0x1022230 DrawTextW
0x1022234 TabbedTextOutW
0x1022238 DestroyMenu
0x102223c ClientToScreen
0x1022240 SetWindowTextW
0x1022248 LoadIconW
0x102224c WinHelpW
0x1022250 GetCapture
0x1022254 GetClassLongW
0x1022258 GetClassNameW
0x102225c SetPropW
0x1022260 GetPropW
0x1022264 RemovePropW
0x1022268 IsWindow
0x102226c GetForegroundWindow
0x1022270 GetDlgItem
0x1022274 GetTopWindow
0x1022278 DestroyWindow
0x102227c GetMessageTime
0x1022280 GetMessagePos
0x1022284 MapWindowPoints
0x1022288 SetMenu
0x102228c SetForegroundWindow
0x1022290 GetClientRect
0x1022294 CreateWindowExW
0x1022298 GetClassInfoW
0x102229c RegisterClassW
0x10222a0 AdjustWindowRectEx
0x10222a4 CopyRect
0x10222a8 PtInRect
0x10222ac GetDlgCtrlID
0x10222b0 DefWindowProcW
0x10222b4 GetMenu
0x10222b8 SetWindowLongW
0x10222bc SetWindowPos
0x10222c0 SystemParametersInfoA
0x10222c4 IsIconic
0x10222c8 GetWindowPlacement
0x10222cc GetWindowRect
0x10222d0 GetWindow
0x10222d4 SetMenuItemBitmaps
0x10222dc CallWindowProcW
0x10222e0 GetCursorPos
0x10222e4 AppendMenuW
0x10222e8 RegisterClassExW
0x10222ec LoadBitmapW
0x10222f0 ModifyMenuW
0x10222f4 EnableMenuItem
0x10222f8 CheckMenuItem
0x10222fc GetWindowTextW
0x1022300 LoadCursorW
0x1022304 GetSystemMetrics
0x1022308 GetDC
0x102230c ReleaseDC
0x1022310 GetSysColor
0x1022314 GetSysColorBrush
0x1022318 SetDlgItemInt
0x102231c GetScrollRange
0x1022320 InsertMenuItemW
0x1022324 GetClassInfoExW
0x1022328 SetFocus
0x102232c GetFocus
0x1022330 GetMessageW
0x1022334 GetDlgItemInt
0x1022338 GetWindowTextLengthW
0x102233c SetCursor
0x1022340 UnhookWindowsHookEx
0x1022344 MessageBoxW
0x1022348 EnableWindow
0x102234c IsWindowEnabled
0x1022350 GetLastActivePopup
0x1022354 GetWindowLongW
0x1022358 GetParent
0x102235c SendMessageW
0x1022364 SetWindowsHookExW
0x1022368 CallNextHookEx
0x102236c DispatchMessageW
0x1022370 GetKeyState
0x1022374 PeekMessageW
0x1022378 ValidateRect
0x102237c GetMenuState
0x1022380 GetMenuItemID
0x1022384 GetMenuItemCount
0x1022388 GetSubMenu
0x102238c PostMessageW
Library OLEAUT32.dll:
0x1022214 VariantInit
0x1022218 VariantClear
0x102221c VariantChangeType
Library VERSION.dll:
0x1022398 VerQueryValueW
0x102239c GetFileVersionInfoW
Library GDI32.dll:
0x1022000 CreateBitmap
0x1022004 GetClipBox
0x1022008 SetTextColor
0x102200c SetBkColor
0x1022010 DeleteObject
0x1022014 ExtTextOutW
0x1022018 SaveDC
0x102201c RestoreDC
0x1022020 GetStockObject
0x1022024 DeleteDC
0x1022028 ScaleWindowExtEx
0x102202c SetWindowExtEx
0x1022030 GetDeviceCaps
0x1022034 ScaleViewportExtEx
0x1022038 SetViewportExtEx
0x102203c OffsetViewportOrgEx
0x1022040 SetViewportOrgEx
0x1022044 SelectObject
0x1022048 Escape
0x102204c TextOutW
0x1022050 RectVisible
0x1022054 PtVisible
0x1022058 SetMapMode
Library WINSPOOL.DRV:
0x10223a4 OpenPrinterW
0x10223a8 DocumentPropertiesW
0x10223ac ClosePrinter
Library OLEACC.dll:
0x1022208 LresultFromObject

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.