2.4
中危
54 个模型检测该样本为恶意!
重新分析
更多

58afb18d8c04bd6a2a9f18f29904d1733f017d446bc4cec77da85d1e6158c504

09c3538d8f536f809f4c789149d0664d.exe

分析耗时

75s

最近分析

文件大小

409.5KB
静态报毒 动态报毒 AI SCORE=89 AIDETECTVM ATTRIBUTE BLFPE CLASSIC DRIDEX ELDORADO EMOTET GCSU GENCIRC GENERICKD GENETIC GENKRYPTIK HFWW HIGHCONFIDENCE HTOLMT ICEDID KRYPT KRYPTIK MALICIOUS MALWARE1 MALWARE@#220W7SHLE58VN R06BC0PHT20 R349678 SCORE SUSGEN TROJANBANKER UNSAFE YMACCO ZEXAE ZU0@AAKX8IBI 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee RDN/Generic.dx 20200920 6.0.6.653
Alibaba Trojan:Win32/Emotet.a0c67905 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Kingsoft 20200921 2013.8.14.323
Tencent Malware.Win32.Gencirc.10cdfc47 20200921 1.0.0.1
CrowdStrike 20190702 1.0
静态指标
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619134516.851633
GlobalMemoryStatusEx
success 1 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619134516.772633
NtAllocateVirtualMemory
process_identifier: 2536
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00530000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)
Bkav W32.AIDetectVM.malware1
MicroWorld-eScan Trojan.GenericKD.43744627
FireEye Trojan.GenericKD.43744627
CAT-QuickHeal Trojan.Emotet
McAfee RDN/Generic.dx
Cylance Unsafe
Zillya Trojan.Emotet.Win32.27716
SUPERAntiSpyware Trojan.Agent/Gen-Emotet
Sangfor Malware
K7AntiVirus Trojan ( 0056e4741 )
Alibaba Trojan:Win32/Emotet.a0c67905
K7GW Trojan ( 0056d7981 )
Arcabit Trojan.Generic.D29B7D73
Invincea Mal/Generic-S
BitDefenderTheta Gen:NN.ZexaE.34254.zu0@aakx8IBi
Cyren W32/Emotet.ART.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 85)
Kaspersky Trojan-Banker.Win32.Emotet.gcsu
BitDefender Trojan.GenericKD.43744627
NANO-Antivirus Trojan.Win32.Emotet.htolmt
Rising Trojan.Kryptik!1.CBB2 (CLASSIC)
Ad-Aware Trojan.GenericKD.43744627
Comodo Malware@#220w7shle58vn
F-Secure Trojan.TR/Kryptik.blfpe
DrWeb Trojan.Dridex.701
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R06BC0PHT20
Sophos Mal/Generic-S
Jiangmin Trojan.Banker.Emotet.ohe
MaxSecure Trojan.Malware.105981136.susgen
Avira TR/Kryptik.blfpe
MAX malware (ai score=89)
Antiy-AVL Trojan[Banker]/Win32.Emotet
Microsoft Trojan:Win32/Ymacco.AA58
AegisLab Trojan.Win32.Emotet.L!c
ZoneAlarm Trojan-Banker.Win32.Emotet.gcsu
GData Trojan.GenericKD.43744627
AhnLab-V3 Trojan/Win32.Emotet.R349678
ALYac Trojan.IcedID.gen
VBA32 TrojanBanker.Emotet
Malwarebytes Trojan.Downloader
ESET-NOD32 a variant of Win32/Kryptik.HFWW
TrendMicro-HouseCall TROJ_GEN.R06BC0PHT20
Tencent Malware.Win32.Gencirc.10cdfc47
Yandex Trojan.GenKryptik!
Ikarus Trojan.Win32.Krypt
Fortinet W32/Emotet.GCSU!tr
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-27 19:18:45

Imports

Library KERNEL32.dll:
0x4390b4 GetTickCount
0x4390b8 TerminateProcess
0x4390c4 IsDebuggerPresent
0x4390c8 RaiseException
0x4390cc RtlUnwind
0x4390d0 GetCommandLineA
0x4390d4 GetStartupInfoA
0x4390d8 HeapAlloc
0x4390dc HeapFree
0x4390e0 VirtualProtect
0x4390e4 VirtualAlloc
0x4390e8 GetSystemInfo
0x4390ec VirtualQuery
0x4390f0 HeapReAlloc
0x4390f4 Sleep
0x4390f8 HeapSize
0x4390fc GetACP
0x439100 IsValidCodePage
0x439104 GetStringTypeA
0x439108 GetStringTypeW
0x43910c LCMapStringW
0x439110 GetStdHandle
0x43911c GetFileTime
0x439124 SetHandleCount
0x439128 GetFileType
0x43912c HeapCreate
0x439130 VirtualFree
0x439144 LCMapStringA
0x439148 GetConsoleCP
0x43914c GetConsoleMode
0x439150 SetStdHandle
0x439154 WriteConsoleA
0x439158 GetConsoleOutputCP
0x43915c WriteConsoleW
0x439160 CompareStringW
0x439168 GetFileSizeEx
0x43916c GetProcessHeap
0x439174 SetErrorMode
0x439178 GetOEMCP
0x43917c GetCPInfo
0x439180 CreateFileA
0x439188 FindFirstFileA
0x43918c FindClose
0x439190 GetCurrentProcess
0x439194 DuplicateHandle
0x439198 GetFileSize
0x43919c SetEndOfFile
0x4391a0 UnlockFile
0x4391a4 LockFile
0x4391a8 FlushFileBuffers
0x4391ac SetFilePointer
0x4391b0 WriteFile
0x4391b4 ReadFile
0x4391b8 GlobalFlags
0x4391c4 GetThreadLocale
0x4391cc GetModuleHandleW
0x4391d0 TlsFree
0x4391d8 LocalReAlloc
0x4391dc TlsSetValue
0x4391e0 TlsAlloc
0x4391e8 GlobalHandle
0x4391ec GlobalReAlloc
0x4391f4 TlsGetValue
0x4391fc LocalAlloc
0x439200 GetModuleFileNameW
0x439204 GlobalGetAtomNameA
0x439208 GlobalFindAtomA
0x43920c lstrcmpW
0x439210 GetVersionExA
0x439214 FreeResource
0x439218 GetCurrentProcessId
0x43921c GlobalAddAtomA
0x439220 CloseHandle
0x439224 GlobalDeleteAtom
0x439228 GetCurrentThread
0x43922c GetCurrentThreadId
0x439238 GetLocaleInfoA
0x43923c LoadLibraryA
0x439240 CompareStringA
0x439244 InterlockedExchange
0x439248 lstrcmpA
0x43924c FreeLibrary
0x439250 GetModuleHandleA
0x439254 GetProcAddress
0x439258 GlobalFree
0x43925c GlobalAlloc
0x439260 GlobalLock
0x439264 GlobalUnlock
0x439268 FormatMessageA
0x43926c LocalFree
0x439270 MultiByteToWideChar
0x439274 MulDiv
0x439278 lstrlenA
0x43927c GetLastError
0x439280 ExitProcess
0x439288 GetModuleFileNameA
0x439290 GetFullPathNameA
0x439298 GetFileAttributesA
0x43929c SetLastError
0x4392a0 WideCharToMultiByte
0x4392a4 FindResourceA
0x4392a8 LoadResource
0x4392ac LockResource
0x4392b4 SizeofResource
Library USER32.dll:
0x439374 DestroyMenu
0x439378 ShowWindow
0x43937c MoveWindow
0x439380 SetWindowTextA
0x439384 IsDialogMessageA
0x439388 SetDlgItemTextA
0x439390 SendDlgItemMessageA
0x439394 WinHelpA
0x439398 IsChild
0x43939c GetCapture
0x4393a0 GetClassLongA
0x4393a4 GetClassNameA
0x4393a8 SetPropA
0x4393ac GetPropA
0x4393b0 RemovePropA
0x4393b4 SetFocus
0x4393bc GetWindowTextA
0x4393c0 GetForegroundWindow
0x4393c4 GetTopWindow
0x4393c8 UnhookWindowsHookEx
0x4393cc GetMessageTime
0x4393d0 GetMessagePos
0x4393d4 MapWindowPoints
0x4393d8 SetMenu
0x4393dc UpdateWindow
0x4393e0 CreateWindowExA
0x4393e4 GetClassInfoExA
0x4393e8 GetClassInfoA
0x4393ec RegisterClassA
0x4393f0 GetSysColor
0x4393f4 AdjustWindowRectEx
0x4393f8 ScreenToClient
0x4393fc EqualRect
0x439400 PtInRect
0x439404 GetDlgCtrlID
0x439408 DefWindowProcA
0x43940c CallWindowProcA
0x439410 GetMenu
0x439414 SetWindowLongA
0x439418 OffsetRect
0x43941c IntersectRect
0x439424 GetWindowPlacement
0x439428 GetWindow
0x439430 MapDialogRect
0x439434 DrawIcon
0x439438 AppendMenuA
0x43943c SendMessageA
0x439440 GetSystemMenu
0x439444 SetWindowPos
0x439448 ReleaseDC
0x43944c GetDC
0x439450 CopyRect
0x439454 GetDesktopWindow
0x439458 SetActiveWindow
0x439460 DestroyWindow
0x439464 IsWindow
0x439468 GetDlgItem
0x43946c GetNextDlgTabItem
0x439470 TabbedTextOutA
0x439474 DrawTextA
0x439478 DrawTextExA
0x43947c GrayStringA
0x439480 ClientToScreen
0x439484 GetWindowDC
0x439488 BeginPaint
0x43948c EndPaint
0x439490 GetSysColorBrush
0x439494 LoadCursorA
0x439498 SetCapture
0x43949c ReleaseCapture
0x4394a0 CharUpperA
0x4394a4 CharNextA
0x4394ac IsRectEmpty
0x4394b0 PostThreadMessageA
0x4394b8 UnregisterClassA
0x4394bc MessageBeep
0x4394c0 GetNextDlgGroupItem
0x4394c4 InvalidateRgn
0x4394c8 InvalidateRect
0x4394cc SetForegroundWindow
0x4394d0 SetRect
0x4394d4 IsIconic
0x4394d8 GetWindowRect
0x4394dc GetClientRect
0x4394e0 EnableWindow
0x4394e4 LoadIconA
0x4394e8 GetSystemMetrics
0x4394ec GetSubMenu
0x4394f0 GetMenuItemCount
0x4394f4 GetMenuItemID
0x4394f8 GetMenuState
0x4394fc PostQuitMessage
0x439500 PostMessageA
0x439504 CheckMenuItem
0x439508 EnableMenuItem
0x43950c ModifyMenuA
0x439510 GetParent
0x439514 GetFocus
0x439518 LoadBitmapA
0x439520 SetMenuItemBitmaps
0x439524 ValidateRect
0x439528 GetCursorPos
0x43952c PeekMessageA
0x439530 GetKeyState
0x439534 IsWindowVisible
0x439538 GetActiveWindow
0x43953c DispatchMessageA
0x439540 TranslateMessage
0x439544 GetMessageA
0x439548 CallNextHookEx
0x43954c SetWindowsHookExA
0x439550 SetCursor
0x439554 MessageBoxA
0x439558 IsWindowEnabled
0x43955c EndDialog
0x439564 GetWindowLongA
0x439568 GetLastActivePopup
Library GDI32.dll:
0x439030 ExtSelectClipRgn
0x439034 DeleteDC
0x439038 GetStockObject
0x43903c GetMapMode
0x439040 GetBkColor
0x439044 GetTextColor
0x439048 GetRgnBox
0x43904c ScaleWindowExtEx
0x439050 SetWindowExtEx
0x439054 ScaleViewportExtEx
0x439058 SetViewportExtEx
0x43905c OffsetViewportOrgEx
0x439060 SetViewportOrgEx
0x439064 SelectObject
0x439068 Escape
0x43906c TextOutA
0x439070 RectVisible
0x439074 GetDeviceCaps
0x439078 GetWindowExtEx
0x43907c GetViewportExtEx
0x439080 DeleteObject
0x439084 SetMapMode
0x439088 RestoreDC
0x43908c SaveDC
0x439090 ExtTextOutA
0x439094 GetObjectA
0x439098 SetBkColor
0x43909c SetTextColor
0x4390a0 GetClipBox
0x4390a8 CreateBitmap
0x4390ac PtVisible
Library COMDLG32.dll:
0x439028 GetFileTitleA
Library WINSPOOL.DRV:
0x439570 DocumentPropertiesA
0x439574 ClosePrinter
0x439578 OpenPrinterA
Library ADVAPI32.dll:
0x439000 RegQueryValueA
0x439004 RegOpenKeyA
0x439008 RegEnumKeyA
0x43900c RegDeleteKeyA
0x439010 RegCreateKeyExA
0x439014 RegSetValueExA
0x439018 RegOpenKeyExA
0x43901c RegQueryValueExA
0x439020 RegCloseKey
Library SHLWAPI.dll:
0x4392f4 PathIsUNCA
0x4392f8 PathIsSameRootA
0x4392fc PathIsRootA
0x439300 PathIsPrefixA
0x439304 PathIsFileSpecA
0x439308 PathRemoveArgsA
0x439310 PathSetDlgItemPathA
0x439318 PathAddExtensionA
0x43931c PathFindExtensionA
0x439320 PathFindFileNameA
0x439324 PathCanonicalizeA
0x439328 PathSkipRootA
0x43932c PathFindOnPathA
0x439330 PathIsUNCServerA
0x439334 PathCommonPrefixA
0x43933c PathRemoveFileSpecA
0x439344 PathAppendA
0x439348 PathAddBackslashA
0x43934c PathMakePrettyA
0x439350 PathQuoteSpacesA
0x439354 PathMatchSpecA
0x439358 PathGetDriveNumberA
0x43935c PathIsRelativeA
0x439364 PathIsURLA
0x439368 PathStripToRootA
0x43936c PathRelativePathToA
Library oledlg.dll:
0x4395c0
Library ole32.dll:
0x439580 CoRevokeClassObject
0x439584 OleInitialize
0x43958c OleUninitialize
0x43959c CoGetClassObject
0x4395a4 CLSIDFromString
0x4395a8 CLSIDFromProgID
0x4395ac CoTaskMemAlloc
0x4395b0 CoTaskMemFree
0x4395b4 OleFlushClipboard
Library OLEAUT32.dll:
0x4392bc SysStringLen
0x4392c4 SysAllocStringLen
0x4392c8 VariantClear
0x4392cc VariantChangeType
0x4392d0 VariantInit
0x4392d4 VariantCopy
0x4392d8 SafeArrayDestroy
0x4392e8 SysAllocString
0x4392ec SysFreeString

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.