5.6
高危
53 个模型检测该样本为恶意!
重新分析
更多

7cc5bf547bcf1746d4d710c4c9750a2763547176bd3fdb4e40f301ff7fdc1d18

3d70f7bb0ff767e40320ca697af79ed6.exe

分析耗时

75s

最近分析

文件大小

108.0KB
静态报毒 动态报毒 100% A VARIANT OF GENERIK AI SCORE=85 AIDETECTVM ATTRIBUTE BLML BULTA CASDET CONFIDENCE DRIDEX E6SKXW8MNXC EMOTET EMOTETU FAYQWXL GDUK GENCIRC GENERICRXLY GENKRYPTIK GMUMV GQW@AIWNITFG GQW@DIWNITFG HIGH CONFIDENCE HIGHCONFIDENCE HWFKLL ICEDID KCLOUD MALICIOUS PE MALWARE1 MALWARE@#E6XGH5JR2ABY QVM07 SA34V8XSG9M SCORE STATIC AI THIAIBO UNSAFE WACATAC ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXLY-VD!3D70F7BB0FF7 20201228 6.0.6.653
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20201228 21.1.5827.0
Alibaba Trojan:Win32/Casdet.c6e40341 20190527 0.3.0.5
Tencent Malware.Win32.Gencirc.11af1ea8 20201228 1.0.0.1
Kingsoft Win32.Troj.Banker.(kcloud) 20201228 2017.9.26.565
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:2921225589&cup2hreq=67c2dfd3af4b9fea3ea93279ffbba6e605255a4ec8134c1812d01a311bd81f3d
Performs some HTTP requests (4 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620698184&mv=m&mvi=1&pl=23&shardbypass=yes
request HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=bec4b130cb56debd&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620698184&mv=m&mvi=3
request POST https://update.googleapis.com/service/update2?cup2key=10:2921225589&cup2hreq=67c2dfd3af4b9fea3ea93279ffbba6e605255a4ec8134c1812d01a311bd81f3d
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:2921225589&cup2hreq=67c2dfd3af4b9fea3ea93279ffbba6e605255a4ec8134c1812d01a311bd81f3d
Resolves a suspicious Top Level Domain (TLD) (1 个事件)
domain zopenret.top description Generic top level domain TLD
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1620726216.375046
NtAllocateVirtualMemory
process_identifier: 648
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01d30000
success 0 0
1620726216.375046
NtAllocateVirtualMemory
process_identifier: 648
region_size: 20480
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01d40000
success 0 0
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1620726216.391046
NtProtectVirtualMemory
process_identifier: 648
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffff
base_address: 0x01d61000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 203.208.41.33
host 203.208.41.98
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 192.168.56.101:49180
File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.EmotetU.Gen.gqW@diwNItfG
FireEye Generic.mg.3d70f7bb0ff767e4
Qihoo-360 Generic/HEUR/QVM07.1.DB11.Malware.Gen
McAfee GenericRXLY-VD!3D70F7BB0FF7
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
K7AntiVirus Trojan ( 0056e31c1 )
BitDefender Trojan.EmotetU.Gen.gqW@diwNItfG
K7GW Trojan ( 0056e31c1 )
Cybereason malicious.b0ff76
BitDefenderTheta Gen:NN.ZexaF.34700.gqW@aiwNItfG
Cyren W32/Trojan.BLML-3918
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Malware-gen
Kaspersky Trojan-Banker.Win32.Emotet.gduk
Alibaba Trojan:Win32/Casdet.c6e40341
NANO-Antivirus Trojan.Win32.Emotet.hwfkll
AegisLab Trojan.Win32.Emotet.L!c
Tencent Malware.Win32.Gencirc.11af1ea8
Ad-Aware Trojan.EmotetU.Gen.gqW@diwNItfG
Emsisoft Trojan.EmotetU.Gen.gqW@diwNItfG (B)
Comodo Malware@#e6xgh5jr2aby
F-Secure Trojan.TR/Bulta.gmumv
DrWeb Trojan.Dridex.701
TrendMicro Trojan.Win32.WACATAC.THIAIBO
McAfee-GW-Edition GenericRXLY-VD!3D70F7BB0FF7
Sophos Mal/Generic-S
Ikarus Trojan-Banker.IcedID
Jiangmin Trojan.Banker.Emotet.ool
Webroot W32.Trojan.Gen
Avira TR/Bulta.gmumv
Kingsoft Win32.Troj.Banker.(kcloud)
Gridinsoft Ransom.Win32.Wacatac.oa
Arcabit Trojan.EmotetU.Gen.E27E0C
ZoneAlarm Trojan-Banker.Win32.Emotet.gduk
GData Trojan.EmotetU.Gen.gqW@diwNItfG
Cynet Malicious (score: 100)
ALYac Trojan.IcedID.gen
MAX malware (ai score=85)
Malwarebytes Trojan.Downloader
Panda Trj/CI.A
ESET-NOD32 a variant of Generik.FAYQWXL
TrendMicro-HouseCall Trojan.Win32.WACATAC.THIAIBO
Rising Trojan.GenKryptik!8.AA55 (TFE:5:E6sKXw8mnxC)
Yandex Trojan.Agent!sA34v8XsG9M
SentinelOne Static AI - Malicious PE
Fortinet W32/Emotet.CD!tr
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-09-10 21:25:34

Imports

Library MFC42.DLL:
0x403010
0x403014
0x403018
0x40301c
0x403020
0x403024
0x403028
0x40302c
0x403030
0x403034
0x403038
0x40303c
0x403040
0x403044
0x403048
0x40304c
0x403050
0x403054
0x403058
0x40305c
0x403060
0x403064
0x403068
0x40306c
0x403070
0x403074
0x403078
0x40307c
0x403080
0x403084
0x403088
0x40308c
0x403090
0x403094
0x403098
0x40309c
0x4030a0
0x4030a4
0x4030a8
0x4030ac
0x4030b0
0x4030b4
0x4030b8
0x4030bc
0x4030c0
0x4030c4
0x4030c8
0x4030cc
0x4030d0
0x4030d4
0x4030d8
0x4030dc
0x4030e0
0x4030e4
0x4030e8
0x4030ec
0x4030f0
0x4030f4
0x4030f8
0x4030fc
0x403100
0x403104
0x403108
0x40310c
0x403110
0x403114
0x403118
0x40311c
0x403120
0x403124
0x403128
0x40312c
0x403130
0x403134
0x403138
0x40313c
0x403140
0x403144
0x403148
0x40314c
0x403150
0x403154
0x403158
0x40315c
0x403160
0x403164
0x403168
0x40316c
0x403170
0x403174
0x403178
0x40317c
0x403180
0x403184
0x403188
0x40318c
0x403190
Library MSVCRT.dll:
0x4031ac __setusermatherr
0x4031b0 _adjust_fdiv
0x4031b4 __p__commode
0x4031b8 __p__fmode
0x4031bc __set_app_type
0x4031c0 _except_handler3
0x4031c4 _initterm
0x4031c8 _controlfp
0x4031cc _onexit
0x4031d0 __dllonexit
0x4031d4 strlen
0x4031d8 __CxxFrameHandler
0x4031dc _setmbcp
0x4031e0 __getmainargs
0x4031e4 _exit
0x4031e8 _acmdln
0x4031ec exit
0x4031f0 _XcptFilter
Library KERNEL32.dll:
0x403000 VirtualAlloc
0x403004 GetStartupInfoA
0x403008 GetModuleHandleA
Library USER32.dll:
0x4031f8 DrawIcon
0x4031fc AppendMenuA
0x403200 SendMessageA
0x403204 GetSystemMenu
0x403208 IsIconic
0x40320c GetClientRect
0x403210 LoadIconA
0x403214 GetSystemMetrics
0x403218 LoadCursorA
0x40321c EnableWindow
0x403220 SetCapture
0x403224 ReleaseCapture
0x403228 SetCursor
0x40322c GetWindowRect
Library MSVCP60.dll:

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49178 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49179 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49177 203.208.41.65 redirector.gvt1.com 80
192.168.56.101 49175 203.208.41.66 update.googleapis.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620698184&mv=m&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620698184&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=bec4b130cb56debd&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620698184&mv=m&mvi=3 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=bec4b130cb56debd&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620698184&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.