3.0
中危
52 个模型检测该样本为恶意!
重新分析
更多

0cd22dac5b9c62d397e890ba01bfd978db6abdd0628dd4918b163a4806b8d151

48a1b123b99bda98895af26cabc761a0.exe

分析耗时

273s

最近分析

文件大小

612.0KB
静态报毒 动态报毒 0QQSYTIS1YC AI SCORE=83 AIDETECTVM ATTRIBUTE AVET BANKERX CONFIDENCE EMOTET ENCPK GENERIC@ML GUKKR HBWF HFQQML HIGHCONFIDENCE JOHNNIE KRYPTIK MALWARE2 MALWARE@#1JOHDERBEO1ZY MQY@AQ PEPT R + MAL R066C0DIA20 RDMK SCORE STATIC AI SULB SUSPICIOUS PE TRICKBOT UB7WIIXEHUKOFG4XMRO6NQ UNSAFE ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Trickbot.3ca3da18 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_70% (W) 20190702 1.0
Avast Win32:BankerX-gen [Trj] 20201210 21.1.5827.0
Baidu 20190318 1.0.0.2
Kingsoft 20201211 2017.9.26.565
McAfee Emotet-FQC!48A1B123B99B 20201211 6.0.6.653
Tencent Win32.Trojan.Johnnie.Pept 20201211 1.0.0.1
静态指标
This executable has a PDB path (1 个事件)
pdb_path c:\Users\User\Desktop\2005\10.3.20\unzip_src\Unzip\Release\Unzip.pdb
行为判定
动态指标
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 124.225.105.97
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.24.14:443
File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 个事件)
Bkav W32.AIDetectVM.malware2
DrWeb Trojan.Emotet.972
MicroWorld-eScan Gen:Variant.Johnnie.225522
FireEye Generic.mg.48a1b123b99bda98
ALYac Backdoor.Agent.Trickbot
Cylance Unsafe
Zillya Backdoor.Emotet.Win32.164
Sangfor Malware
K7AntiVirus Trojan ( 005624971 )
Alibaba Trojan:Win32/Trickbot.3ca3da18
K7GW Trojan ( 005624971 )
CrowdStrike win/malicious_confidence_70% (W)
Arcabit Trojan.Johnnie.D370F2
BitDefenderTheta Gen:NN.ZexaF.34670.MqY@aq!SuLb
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:BankerX-gen [Trj]
ClamAV Win.Malware.Emotet-7617331-0
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Gen:Variant.Johnnie.225522
NANO-Antivirus Trojan.Win32.Emotet.hfqqml
Rising Trojan.Generic@ML.83 (RDMK:uB7WiIxeHUkOfG4XMro6NQ)
Ad-Aware Gen:Variant.Johnnie.225522
Emsisoft Gen:Variant.Johnnie.225522 (B)
Comodo Malware@#1johderbeo1zy
F-Secure Trojan.TR/Crypt.Agent.gukkr
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R066C0DIA20
McAfee-GW-Edition Emotet-FQC!48A1B123B99B
Sophos Mal/Generic-R + Mal/EncPk-APM
Paloalto generic.ml
Jiangmin Backdoor.Emotet.bi
Avira TR/Crypt.Agent.gukkr
MAX malware (ai score=83)
Antiy-AVL Trojan[Backdoor]/Win32.Emotet
Microsoft Trojan:Win32/Trickbot.KMG!MTB
AegisLab Trojan.Win32.Generic.4!c
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Gen:Variant.Johnnie.225522
Cynet Malicious (score: 85)
McAfee Emotet-FQC!48A1B123B99B
VBA32 Backdoor.Emotet
Malwarebytes Trojan.Emotet
ESET-NOD32 a variant of Win32/Kryptik.HBWF
TrendMicro-HouseCall TROJ_GEN.R066C0DIA20
Tencent Win32.Trojan.Johnnie.Pept
Yandex Trojan.Kryptik!0QqsYTiS1Yc
SentinelOne Static AI - Suspicious PE
Fortinet W32/TrickBot.AVET!tr
AVG Win32:BankerX-gen [Trj]
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-02-12 06:14:43

Imports

Library ntdll.dll:
0x46b7bc strrchr
0x46b7c4 memset
0x46b7c8 RtlInitAnsiString
0x46b7cc LdrLoadDll
0x46b7d0 _chkstk
0x46b7d4 _allmul
Library KERNEL32.dll:
0x46b198 LockFile
0x46b19c UnlockFile
0x46b1a0 SetEndOfFile
0x46b1a4 GetFileSize
0x46b1a8 GetThreadLocale
0x46b1ac DuplicateHandle
0x46b1b0 FindClose
0x46b1b4 FindFirstFileA
0x46b1bc GetFullPathNameA
0x46b1c0 GetShortPathNameA
0x46b1c4 GetCPInfo
0x46b1c8 GetOEMCP
0x46b1cc GetAtomNameA
0x46b1d8 SetErrorMode
0x46b1e0 SetFileAttributesA
0x46b1e4 HeapAlloc
0x46b1e8 HeapFree
0x46b1ec HeapReAlloc
0x46b1f0 VirtualProtect
0x46b1f4 VirtualAlloc
0x46b1f8 GetSystemInfo
0x46b1fc VirtualQuery
0x46b200 RtlUnwind
0x46b208 RaiseException
0x46b20c GetCommandLineA
0x46b210 GetProcessHeap
0x46b214 GetStartupInfoA
0x46b218 FlushFileBuffers
0x46b21c CreateThread
0x46b220 HeapSize
0x46b224 FatalAppExitA
0x46b228 VirtualFree
0x46b22c HeapDestroy
0x46b230 HeapCreate
0x46b234 GetStdHandle
0x46b238 TerminateProcess
0x46b244 IsDebuggerPresent
0x46b248 Sleep
0x46b24c GetACP
0x46b250 LCMapStringA
0x46b254 LCMapStringW
0x46b268 SetHandleCount
0x46b26c GetFileType
0x46b274 GetConsoleCP
0x46b278 GetConsoleMode
0x46b284 GetStringTypeA
0x46b288 GetStringTypeW
0x46b28c GetTimeFormatA
0x46b290 GetDateFormatA
0x46b294 GetUserDefaultLCID
0x46b298 EnumSystemLocalesA
0x46b29c IsValidLocale
0x46b2a0 IsValidCodePage
0x46b2a4 SetStdHandle
0x46b2a8 WriteConsoleA
0x46b2ac GetConsoleOutputCP
0x46b2b0 WriteConsoleW
0x46b2b4 GetLocaleInfoW
0x46b2bc SetFilePointer
0x46b2c0 ReadFile
0x46b2c4 DeleteFileA
0x46b2c8 MoveFileA
0x46b2cc GlobalFlags
0x46b2e4 TlsFree
0x46b2ec LocalReAlloc
0x46b2f0 TlsSetValue
0x46b2f4 TlsAlloc
0x46b2fc GlobalHandle
0x46b300 GlobalReAlloc
0x46b308 TlsGetValue
0x46b310 LocalAlloc
0x46b314 GlobalGetAtomNameA
0x46b318 GlobalFindAtomA
0x46b31c lstrcmpW
0x46b320 GetVersionExA
0x46b328 GetModuleFileNameW
0x46b32c FreeResource
0x46b330 GetCurrentProcessId
0x46b334 GlobalAddAtomA
0x46b338 CreateEventA
0x46b33c SuspendThread
0x46b340 SetEvent
0x46b344 WaitForSingleObject
0x46b348 ResumeThread
0x46b34c SetThreadPriority
0x46b350 GetCurrentThread
0x46b354 GetCurrentThreadId
0x46b35c GetModuleFileNameA
0x46b364 GetLocaleInfoA
0x46b368 LoadLibraryA
0x46b36c lstrcmpA
0x46b370 FreeLibrary
0x46b374 GlobalDeleteAtom
0x46b378 GetModuleHandleA
0x46b37c GetProcAddress
0x46b380 GlobalFree
0x46b384 CopyFileA
0x46b388 GlobalSize
0x46b38c GlobalAlloc
0x46b390 GlobalLock
0x46b394 GlobalUnlock
0x46b398 FormatMessageA
0x46b39c LocalFree
0x46b3a0 MulDiv
0x46b3a4 SetLastError
0x46b3a8 lstrcatA
0x46b3ac WriteFile
0x46b3b0 lstrcpyA
0x46b3b4 CreateFileA
0x46b3b8 GetFileTime
0x46b3c4 SetFileTime
0x46b3c8 CloseHandle
0x46b3cc GetFileAttributesA
0x46b3d0 CreateDirectoryA
0x46b3d4 ExitProcess
0x46b3d8 GetCurrentProcess
0x46b3dc GetTickCount
0x46b3e0 FindResourceA
0x46b3e4 LoadResource
0x46b3e8 LockResource
0x46b3ec SizeofResource
0x46b3f0 GetStringTypeExW
0x46b3f4 GetStringTypeExA
0x46b400 lstrlenA
0x46b404 lstrcmpiW
0x46b408 lstrcmpiA
0x46b40c CompareStringW
0x46b410 CompareStringA
0x46b414 lstrlenW
0x46b418 GetVersion
0x46b41c GetLastError
0x46b420 WideCharToMultiByte
0x46b424 MultiByteToWideChar
0x46b428 InterlockedExchange
0x46b42c ExitThread
Library USER32.dll:
0x46b4f8 ReleaseCapture
0x46b4fc WaitMessage
0x46b500 DestroyIcon
0x46b504 GetDialogBaseUnits
0x46b508 InflateRect
0x46b50c UnregisterClassA
0x46b510 GetMenuItemInfoA
0x46b514 DestroyMenu
0x46b51c SetMenu
0x46b520 BringWindowToTop
0x46b524 SetRectEmpty
0x46b528 CreatePopupMenu
0x46b52c InsertMenuItemA
0x46b530 InvalidateRect
0x46b534 LoadAcceleratorsA
0x46b538 LoadMenuA
0x46b53c ReuseDDElParam
0x46b540 UnpackDDElParam
0x46b544 IsRectEmpty
0x46b548 GetSystemMenu
0x46b54c SetParent
0x46b550 UnionRect
0x46b554 SetRect
0x46b558 SetTimer
0x46b55c KillTimer
0x46b560 GetDCEx
0x46b564 LockWindowUpdate
0x46b568 DrawTextA
0x46b56c TabbedTextOutA
0x46b570 FillRect
0x46b574 ScrollWindowEx
0x46b578 ShowWindow
0x46b57c MoveWindow
0x46b580 SetWindowTextA
0x46b584 IsDialogMessageA
0x46b588 IsDlgButtonChecked
0x46b58c SetDlgItemTextA
0x46b590 SetDlgItemInt
0x46b594 GetDlgItemTextA
0x46b598 GetDlgItemInt
0x46b59c CheckRadioButton
0x46b5a0 CheckDlgButton
0x46b5a8 SendDlgItemMessageA
0x46b5ac WinHelpA
0x46b5b0 IsChild
0x46b5b4 GetCapture
0x46b5b8 GetClassLongA
0x46b5bc GetClassNameA
0x46b5c0 SetPropA
0x46b5c4 GetPropA
0x46b5c8 RemovePropA
0x46b5cc SetFocus
0x46b5d4 GetWindowTextA
0x46b5d8 GetForegroundWindow
0x46b5dc BeginDeferWindowPos
0x46b5e0 EndDeferWindowPos
0x46b5e4 GetTopWindow
0x46b5e8 GetMessageTime
0x46b5ec GetMessagePos
0x46b5f0 MapWindowPoints
0x46b5f4 ScrollWindow
0x46b5f8 TrackPopupMenuEx
0x46b5fc TrackPopupMenu
0x46b600 SetScrollRange
0x46b604 WindowFromPoint
0x46b608 SetScrollPos
0x46b60c GetScrollPos
0x46b610 SetForegroundWindow
0x46b614 ShowScrollBar
0x46b618 GetMenu
0x46b61c CreateWindowExA
0x46b620 GetClassInfoExA
0x46b624 GetClassInfoA
0x46b628 RegisterClassA
0x46b62c GetSysColor
0x46b630 AdjustWindowRectEx
0x46b634 ScreenToClient
0x46b638 EqualRect
0x46b63c DeferWindowPos
0x46b640 GetScrollInfo
0x46b644 SetScrollInfo
0x46b648 PtInRect
0x46b64c SetWindowPlacement
0x46b650 GetDlgCtrlID
0x46b654 DefWindowProcA
0x46b658 CallWindowProcA
0x46b65c SetWindowLongA
0x46b660 OffsetRect
0x46b664 IntersectRect
0x46b66c GetWindowPlacement
0x46b670 GetWindowRect
0x46b674 GetWindow
0x46b678 UnhookWindowsHookEx
0x46b67c MapVirtualKeyA
0x46b680 GetKeyNameTextA
0x46b684 ReleaseDC
0x46b688 GetDC
0x46b68c CopyRect
0x46b690 GetDesktopWindow
0x46b694 SetActiveWindow
0x46b69c DestroyWindow
0x46b6a0 IsWindow
0x46b6a4 GetDlgItem
0x46b6a8 GetNextDlgTabItem
0x46b6ac EndDialog
0x46b6b4 GetWindowLongA
0x46b6b8 GetLastActivePopup
0x46b6bc IsWindowEnabled
0x46b6c0 MessageBoxA
0x46b6c4 ShowOwnedPopups
0x46b6c8 SetCursor
0x46b6cc SetWindowsHookExA
0x46b6d0 CallNextHookEx
0x46b6d4 GetMessageA
0x46b6d8 TranslateMessage
0x46b6dc DispatchMessageA
0x46b6e0 GetActiveWindow
0x46b6e4 IsWindowVisible
0x46b6e8 GetKeyState
0x46b6ec PeekMessageA
0x46b6f0 GetCursorPos
0x46b6f4 ValidateRect
0x46b6f8 SetMenuItemBitmaps
0x46b700 LoadBitmapA
0x46b704 GetFocus
0x46b708 GetParent
0x46b70c ModifyMenuA
0x46b710 EnableMenuItem
0x46b714 CheckMenuItem
0x46b718 SetCapture
0x46b71c DeleteMenu
0x46b720 LoadCursorA
0x46b724 GetSysColorBrush
0x46b728 EndPaint
0x46b72c BeginPaint
0x46b730 GetWindowDC
0x46b734 ClientToScreen
0x46b738 GrayStringA
0x46b73c GetScrollRange
0x46b740 DrawTextExA
0x46b744 PostMessageA
0x46b748 PostQuitMessage
0x46b74c GetMenuState
0x46b750 GetMenuStringA
0x46b754 AppendMenuA
0x46b758 GetMenuItemID
0x46b75c InsertMenuA
0x46b760 GetMenuItemCount
0x46b764 GetSubMenu
0x46b768 RemoveMenu
0x46b76c GetSystemMetrics
0x46b770 EnableWindow
0x46b774 LoadIconA
0x46b778 UpdateWindow
0x46b77c GetClientRect
0x46b780 IsIconic
0x46b784 SendMessageA
0x46b788 DrawIcon
0x46b78c CharUpperW
0x46b790 CharUpperA
0x46b794 CharLowerW
0x46b798 CharLowerA
0x46b79c SetWindowPos
Library GDI32.dll:
0x46b034 RectVisible
0x46b038 TextOutA
0x46b03c ExtTextOutA
0x46b040 Escape
0x46b044 SelectObject
0x46b048 SetViewportOrgEx
0x46b04c OffsetViewportOrgEx
0x46b050 SetViewportExtEx
0x46b054 ScaleViewportExtEx
0x46b058 SetWindowOrgEx
0x46b05c OffsetWindowOrgEx
0x46b060 SetWindowExtEx
0x46b064 ScaleWindowExtEx
0x46b06c ArcTo
0x46b070 PolyDraw
0x46b074 PolylineTo
0x46b078 PolyBezierTo
0x46b07c ExtSelectClipRgn
0x46b080 GetViewportExtEx
0x46b084 DeleteDC
0x46b08c CreatePatternBrush
0x46b090 CreateCompatibleDC
0x46b094 GetStockObject
0x46b098 SelectPalette
0x46b09c PtVisible
0x46b0a0 GetObjectType
0x46b0a4 EnumMetaFile
0x46b0a8 PlayMetaFile
0x46b0ac CreatePen
0x46b0b0 ExtCreatePen
0x46b0b4 CreateSolidBrush
0x46b0b8 CreateHatchBrush
0x46b0c0 GetTextMetricsA
0x46b0c4 CreateFontIndirectA
0x46b0c8 SetRectRgn
0x46b0cc CombineRgn
0x46b0d0 GetMapMode
0x46b0d4 DPtoLP
0x46b0dc GetCharWidthA
0x46b0e0 CreateFontA
0x46b0e4 StretchDIBits
0x46b0e8 GetBkColor
0x46b0ec SelectClipPath
0x46b0f0 CreateRectRgn
0x46b0f4 GetClipRgn
0x46b0f8 SelectClipRgn
0x46b0fc DeleteObject
0x46b100 SetColorAdjustment
0x46b104 StartDocA
0x46b108 GetPixel
0x46b10c BitBlt
0x46b110 SetTextColor
0x46b114 GetClipBox
0x46b118 GetDCOrgEx
0x46b11c PatBlt
0x46b124 CreateBitmap
0x46b128 CreateDCA
0x46b12c CopyMetaFileA
0x46b130 PlayMetaFileRecord
0x46b134 GetDeviceCaps
0x46b138 SetArcDirection
0x46b13c SetMapperFlags
0x46b148 SetTextAlign
0x46b14c MoveToEx
0x46b150 LineTo
0x46b154 OffsetClipRgn
0x46b158 IntersectClipRect
0x46b15c ExcludeClipRect
0x46b160 SetMapMode
0x46b168 SetWorldTransform
0x46b16c SetGraphicsMode
0x46b170 SetStretchBltMode
0x46b174 SetROP2
0x46b178 SetPolyFillMode
0x46b17c SetBkMode
0x46b180 RestoreDC
0x46b184 SaveDC
0x46b188 GetObjectA
0x46b18c SetBkColor
0x46b190 GetWindowExtEx
Library comdlg32.dll:
0x46b7b4 GetFileTitleA
Library WINSPOOL.DRV:
0x46b7a4 DocumentPropertiesA
0x46b7a8 ClosePrinter
0x46b7ac OpenPrinterA
Library ADVAPI32.dll:
0x46b000 RegDeleteValueA
0x46b004 RegSetValueExA
0x46b008 RegCreateKeyExA
0x46b00c RegQueryValueA
0x46b010 RegEnumKeyA
0x46b014 RegDeleteKeyA
0x46b018 RegOpenKeyExA
0x46b01c RegQueryValueExA
0x46b020 RegOpenKeyA
0x46b024 RegSetValueA
0x46b028 RegCloseKey
0x46b02c RegCreateKeyA
Library SHELL32.dll:
0x46b4cc SHGetFileInfoA
0x46b4d0 DragFinish
0x46b4d4 DragQueryFileA
0x46b4d8 ExtractIconA
Library SHLWAPI.dll:
0x46b4e4 PathFindFileNameA
0x46b4e8 PathStripToRootA
0x46b4ec PathFindExtensionA
0x46b4f0 PathIsUNCA
Library ole32.dll:
0x46b7e0 WriteFmtUserTypeStg
0x46b7e4 WriteClassStg
0x46b7e8 CoTaskMemFree
0x46b7ec OleRegGetUserType
0x46b7f0 ReadFmtUserTypeStg
0x46b7f4 ReadClassStg
0x46b7f8 StringFromCLSID
0x46b7fc CoTreatAsClass
0x46b800 CreateBindCtx
0x46b804 ReleaseStgMedium
0x46b808 CoTaskMemAlloc
0x46b80c OleDuplicateData
0x46b810 CoDisconnectObject
0x46b814 CoCreateInstance
0x46b818 StringFromGUID2
0x46b81c CLSIDFromString
0x46b820 SetConvertStg
Library OLEAUT32.dll:
0x46b434 SysStringLen
0x46b444 SafeArrayDestroy
0x46b448 SafeArrayUnlock
0x46b44c SafeArrayLock
0x46b450 SafeArrayPutElement
0x46b454 SafeArrayPtrOfIndex
0x46b458 SafeArrayGetElement
0x46b45c SafeArrayCopy
0x46b464 SafeArrayAllocData
0x46b468 VariantCopy
0x46b46c SafeArrayRedim
0x46b470 SafeArrayCreate
0x46b474 SafeArrayGetDim
0x46b47c SafeArrayGetLBound
0x46b480 SafeArrayGetUBound
0x46b484 SafeArrayAccessData
0x46b48c SysStringByteLen
0x46b494 SysFreeString
0x46b498 VariantClear
0x46b49c VariantChangeType
0x46b4a0 VariantInit
0x46b4a4 SysAllocStringLen
0x46b4ac SysReAllocStringLen
0x46b4b0 VarDateFromStr
0x46b4b4 VarBstrFromCy
0x46b4b8 VarBstrFromDec
0x46b4bc VarDecFromStr
0x46b4c0 VarCyFromStr
0x46b4c4 VarBstrFromDate

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51964 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.