6.6
高危
55 个模型检测该样本为恶意!
重新分析
更多

cc50eb39c876ef262894aadc3cd26c5c04075772f2ab9b81f9e5db79ca8a34af

60b7025ce56fb971f6e769428b094e8b.exe

分析耗时

75s

最近分析

文件大小

338.5KB
静态报毒 动态报毒 100% AI SCORE=100 ATTRIBUTE CLASSIC CONFIDENCE DOWNLOADER33 EKVJ ELDORADO EMOTET EMOTETU ENCPK GENCIRC GENKRYPTIK GRAYWARE HDNR HIGH CONFIDENCE HIGHCONFIDENCE KCLOUD KRYPTIK LQ77DPTOZLK MALWARE@#2RG9E0MOF2H3A MCEBW R345836 S + MAL SCORE SUSGEN UNSAFE VQ0@AYIVO4AI VQ0@BYIVO4AI ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FQU!60B7025CE56F 20201211 6.0.6.653
Alibaba Trojan:Win32/Emotet.84a6b14d 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20201210 21.1.5827.0
Tencent Malware.Win32.Gencirc.10cdcd5d 20201211 1.0.0.1
Kingsoft Win32.Hack.Undef.(kcloud) 20201211 2017.9.26.565
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619513321.325334
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1619513308.965334
CryptGenKey
crypto_handle: 0x00575470
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00574e38
flags: 1
key: fÅ Ôà8ÅèB”§Ïܾú`
success 1 0
1619513321.465334
CryptExportKey
crypto_handle: 0x00575470
crypto_export_handle: 0x00574f00
buffer: f¤`FÀ¯"šY›-Ä]%d!l±ùšæÅ1Ó2²—†Ð¥+êbs¢»ùGd<HÕ1½“8ì‰ótñnÆÆÜë?I9¾èäj9.r»?”?@ü (]­8Dí¦ghÌgœtÁ•S'Ê
blob_type: 1
flags: 64
success 1 0
1619513357.465334
CryptExportKey
crypto_handle: 0x00575470
crypto_export_handle: 0x00574f00
buffer: f¤” •Ü=+]{¼±õ%ªDó( ðD‚o¢¾´æ1J5èAì„ÏŒú*²c]†ˆE˜Ð®$Sc«_¼{ãRrn<¸ï…ÿcÁA*¨cщÍ@TS¨µ’m–Ï1ˆ ŒE
blob_type: 1
flags: 64
success 1 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619513304.075334
NtAllocateVirtualMemory
process_identifier: 3040
region_size: 45056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01db0000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1619513304.106334
NtProtectVirtualMemory
process_identifier: 3040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 32768
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffff
base_address: 0x01dd1000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619513322.028334
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.274672069211022 section {'size_of_data': '0x0000f000', 'virtual_address': '0x0004c000', 'entropy': 7.274672069211022, 'name': '.rsrc', 'virtual_size': '0x0000ef38'} description A section with a high entropy has been found
Expresses interest in specific running processes (1 个事件)
process 60b7025ce56fb971f6e769428b094e8b.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619513321.653334
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 162.154.38.103
host 172.217.24.14
host 95.216.118.202
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619513324.606334
RegSetValueExA
key_handle: 0x000003c8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619513324.606334
RegSetValueExA
key_handle: 0x000003c8
value: à”•;×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619513324.606334
RegSetValueExA
key_handle: 0x000003c8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619513324.606334
RegSetValueExW
key_handle: 0x000003c8
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619513324.606334
RegSetValueExA
key_handle: 0x000003e0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619513324.606334
RegSetValueExA
key_handle: 0x000003e0
value: à”•;×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619513324.606334
RegSetValueExA
key_handle: 0x000003e0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619513324.637334
RegSetValueExW
key_handle: 0x000003c4
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 162.154.38.103:80
File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 个事件)
Elastic malicious (high confidence)
ClamAV Win.Dropper.Emotet-7995957-0
FireEye Generic.mg.60b7025ce56fb971
McAfee Emotet-FQU!60B7025CE56F
Cylance Unsafe
Zillya Trojan.Emotet.Win32.20811
Sangfor Malware
K7AntiVirus Trojan ( 00567d591 )
Alibaba Trojan:Win32/Emotet.84a6b14d
K7GW Trojan ( 00567d591 )
Cybereason malicious.35f83b
Arcabit Trojan.EmotetU.Gen.E1EECB
Cyren W32/Emotet.ALE.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Malware-gen
Cynet Malicious (score: 100)
Kaspersky HEUR:Backdoor.Win32.Emotet.vho
BitDefender Trojan.EmotetU.Gen.vq0@byiVo4ai
Paloalto generic.ml
MicroWorld-eScan Trojan.EmotetU.Gen.vq0@byiVo4ai
Tencent Malware.Win32.Gencirc.10cdcd5d
Ad-Aware Trojan.EmotetU.Gen.vq0@byiVo4ai
Sophos Mal/Generic-S + Mal/EncPk-APM
Comodo Malware@#2rg9e0mof2h3a
F-Secure Trojan.TR/AD.Emotet.mcebw
DrWeb Trojan.DownLoader33.43602
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.EMOTET.SMV.hp
McAfee-GW-Edition BehavesLike.Win32.Emotet.fh
Emsisoft Trojan.Emotet (A)
Ikarus Trojan-Banker.Emotet
Jiangmin Backdoor.Emotet.gk
Avira TR/AD.Emotet.mcebw
Antiy-AVL GrayWare/Win32.Generic
Kingsoft Win32.Hack.Undef.(kcloud)
Microsoft Trojan:Win32/Emotet.DEU!MTB
ZoneAlarm HEUR:Backdoor.Win32.Emotet.vho
GData Trojan.EmotetU.Gen.vq0@byiVo4ai
AhnLab-V3 Malware/Win32.RL_Generic.R345836
BitDefenderTheta Gen:NN.ZexaF.34670.vq0@ayiVo4ai
ALYac Trojan.EmotetU.Gen.vq0@byiVo4ai
MAX malware (ai score=100)
VBA32 Trojan.Downloader
Malwarebytes Trojan.Emotet
ESET-NOD32 a variant of Win32/Kryptik.HDNR
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMV.hp
Rising Trojan.Kryptik!1.C782 (CLASSIC)
Yandex Trojan.Kryptik!LQ77dptoZLk
MaxSecure Trojan.Malware.74836433.susgen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-05-20 23:26:08

Imports

Library KERNEL32.dll:
0x4370b8 GlobalReAlloc
0x4370bc GlobalHandle
0x4370c4 TlsAlloc
0x4370c8 TlsSetValue
0x4370cc LocalReAlloc
0x4370d4 TlsFree
0x4370d8 ReadFile
0x4370dc WriteFile
0x4370e0 SetFilePointer
0x4370e4 FlushFileBuffers
0x4370e8 LockFile
0x4370ec UnlockFile
0x4370f0 SetEndOfFile
0x4370f4 GetFileSize
0x4370f8 DuplicateHandle
0x4370fc FindClose
0x437100 FindFirstFileA
0x437108 GetFullPathNameA
0x43710c TlsGetValue
0x437110 GetModuleHandleW
0x437114 GetCPInfo
0x437118 GetOEMCP
0x43711c SetErrorMode
0x437124 GetFileAttributesA
0x437128 GetFileSizeEx
0x43712c GetFileTime
0x437130 GetTickCount
0x437134 RtlUnwind
0x437138 RaiseException
0x437140 GetTimeFormatA
0x437144 GetDateFormatA
0x437148 GetCommandLineA
0x43714c GetStartupInfoA
0x437150 HeapAlloc
0x437154 HeapFree
0x437158 Sleep
0x43715c ExitProcess
0x437160 VirtualProtect
0x437164 VirtualAlloc
0x437168 GetSystemInfo
0x43716c VirtualQuery
0x437170 HeapReAlloc
0x437174 HeapSize
0x437178 TerminateProcess
0x437184 IsDebuggerPresent
0x43718c GetACP
0x437190 IsValidCodePage
0x437194 GetStdHandle
0x4371a8 SetHandleCount
0x4371ac GetFileType
0x4371b0 HeapCreate
0x4371b4 VirtualFree
0x4371c0 GetStringTypeA
0x4371c4 GetStringTypeW
0x4371c8 LCMapStringA
0x4371cc LCMapStringW
0x4371d0 GetConsoleCP
0x4371d4 GetConsoleMode
0x4371d8 SetStdHandle
0x4371dc WriteConsoleA
0x4371e0 GetConsoleOutputCP
0x4371e4 WriteConsoleW
0x4371e8 CompareStringW
0x4371f0 GetProcessHeap
0x4371f8 LocalAlloc
0x4371fc GlobalFlags
0x437208 GetThreadLocale
0x43720c GlobalGetAtomNameA
0x437210 GlobalFindAtomA
0x437214 lstrcmpW
0x437218 GetVersionExA
0x43721c GetModuleFileNameW
0x437220 FormatMessageA
0x437224 LocalFree
0x437228 MulDiv
0x43722c lstrlenA
0x437230 GlobalUnlock
0x437234 GlobalFree
0x437238 FreeResource
0x43723c GetCurrentProcessId
0x437240 GetLastError
0x437244 SetLastError
0x437248 GlobalAddAtomA
0x43724c CloseHandle
0x437250 GlobalDeleteAtom
0x437254 GetCurrentThread
0x437258 GetCurrentThreadId
0x437264 GetModuleFileNameA
0x437268 GetLocaleInfoA
0x43726c LoadLibraryA
0x437270 CompareStringA
0x437274 InterlockedExchange
0x437278 GlobalLock
0x43727c lstrcmpA
0x437280 GlobalAlloc
0x437284 FreeLibrary
0x437288 GetModuleHandleA
0x43728c GetProcAddress
0x437290 LoadLibraryExW
0x437294 GetCurrentProcess
0x43729c MultiByteToWideChar
0x4372a0 WideCharToMultiByte
0x4372a8 FindResourceA
0x4372ac LoadResource
0x4372b0 LockResource
0x4372b4 SizeofResource
0x4372b8 CreateFileA
0x4372bc lstrlenW
Library USER32.dll:
0x43733c EndPaint
0x437340 SetCapture
0x437344 LoadCursorA
0x437348 ReleaseCapture
0x43734c GetSysColorBrush
0x437350 CharUpperA
0x437354 CharNextA
0x43735c IsRectEmpty
0x437360 SetRect
0x437364 InvalidateRect
0x437368 InvalidateRgn
0x43736c GetNextDlgGroupItem
0x437370 MessageBeep
0x437374 UnregisterClassA
0x43737c PostThreadMessageA
0x437380 MoveWindow
0x437384 SetWindowTextA
0x437388 IsDialogMessageA
0x437390 SendDlgItemMessageA
0x437394 WinHelpA
0x437398 IsChild
0x43739c GetCapture
0x4373a0 GetClassLongA
0x4373a4 GetClassNameA
0x4373a8 SetPropA
0x4373ac GetPropA
0x4373b0 RemovePropA
0x4373b4 SetFocus
0x4373b8 GetWindowTextA
0x4373bc GetForegroundWindow
0x4373c0 GetTopWindow
0x4373c4 GetMessageTime
0x4373c8 GetMessagePos
0x4373cc MapWindowPoints
0x4373d0 SetMenu
0x4373d4 BeginPaint
0x4373d8 SetForegroundWindow
0x4373dc UpdateWindow
0x4373e0 CreateWindowExA
0x4373e4 GetClassInfoExA
0x4373e8 RegisterClassA
0x4373ec AdjustWindowRectEx
0x4373f0 EqualRect
0x4373f4 PtInRect
0x4373f8 GetDlgCtrlID
0x4373fc DefWindowProcA
0x437400 CallWindowProcA
0x437404 GetMenu
0x437408 SetWindowLongA
0x43740c OffsetRect
0x437410 IntersectRect
0x437414 GetWindowPlacement
0x437418 GetWindowRect
0x43741c GetSysColor
0x437424 DestroyMenu
0x437428 CopyRect
0x43742c UnhookWindowsHookEx
0x437430 GetMenuItemID
0x437434 GetMenuItemCount
0x437438 GetSubMenu
0x43743c GetWindow
0x437444 MapDialogRect
0x437448 SetWindowPos
0x43744c GetDesktopWindow
0x437450 SetActiveWindow
0x437458 DestroyWindow
0x43745c IsWindow
0x437460 GetDlgItem
0x437464 GetNextDlgTabItem
0x437468 EndDialog
0x437470 GetWindowLongA
0x437474 GetLastActivePopup
0x437478 IsWindowEnabled
0x43747c MessageBoxA
0x437480 DrawIcon
0x437484 AppendMenuA
0x437488 SendMessageA
0x43748c GetSystemMenu
0x437490 SetCursor
0x437494 SetWindowsHookExA
0x437498 CallNextHookEx
0x43749c GetMessageA
0x4374a0 TranslateMessage
0x4374a4 DispatchMessageA
0x4374a8 GetActiveWindow
0x4374ac IsWindowVisible
0x4374b0 GetKeyState
0x4374b4 PeekMessageA
0x4374b8 GetCursorPos
0x4374bc ValidateRect
0x4374c0 SetMenuItemBitmaps
0x4374c8 GetWindowDC
0x4374cc ReleaseDC
0x4374d0 GetDC
0x4374d4 ClientToScreen
0x4374d8 GrayStringA
0x4374dc IsIconic
0x4374e0 GetClientRect
0x4374e4 LoadIconA
0x4374e8 EnableWindow
0x4374ec GetSystemMetrics
0x4374f0 DrawTextExA
0x4374f4 DrawTextA
0x4374f8 TabbedTextOutA
0x4374fc ShowWindow
0x437500 PostQuitMessage
0x437504 PostMessageA
0x437508 CheckMenuItem
0x43750c EnableMenuItem
0x437510 GetMenuState
0x437514 ModifyMenuA
0x437518 GetParent
0x43751c GetFocus
0x437520 LoadBitmapA
0x437524 GetClassInfoA
Library OLEAUT32.dll:
0x4372d4 VariantChangeType
0x4372d8 VarUdateFromDate
0x4372dc VariantCopy
0x4372e4 SafeArrayCreate
0x4372e8 SafeArrayAccessData
0x4372ec SafeArrayGetElement
0x4372f0 SafeArrayDestroy
0x4372f8 SysStringByteLen
0x437300 SysAllocString
0x437304 VariantClear
0x437308 SysAllocStringLen
0x43730c SysFreeString
0x437310 SysStringLen
0x437320 VariantInit
Library SHLWAPI.dll:
0x437328 PathFindFileNameA
0x43732c PathStripToRootA
0x437330 PathIsUNCA
0x437334 PathFindExtensionA
Library oledlg.dll:
0x43757c
Library OLEACC.dll:
0x4372c4 LresultFromObject
Library GDI32.dll:
0x437030 GetObjectA
0x437034 ExtTextOutA
0x437038 GetClipBox
0x43703c SetTextColor
0x437040 SetBkColor
0x437044 SaveDC
0x437048 RestoreDC
0x43704c SetMapMode
0x437050 DeleteObject
0x437054 GetViewportExtEx
0x437058 GetWindowExtEx
0x43705c GetStockObject
0x437060 GetBkColor
0x437064 GetTextColor
0x43706c GetRgnBox
0x437070 GetMapMode
0x437074 GetDeviceCaps
0x437078 DeleteDC
0x43707c ExtSelectClipRgn
0x437080 ScaleWindowExtEx
0x437084 SetWindowExtEx
0x437088 CreateBitmap
0x43708c SetViewportExtEx
0x437090 OffsetViewportOrgEx
0x437094 SetViewportOrgEx
0x437098 SelectObject
0x43709c Escape
0x4370a0 TextOutA
0x4370a4 RectVisible
0x4370a8 PtVisible
0x4370ac ScaleViewportExtEx
Library WINSPOOL.DRV:
0x43752c DocumentPropertiesA
0x437530 ClosePrinter
0x437534 OpenPrinterA
Library COMDLG32.dll:
0x437028 GetFileTitleA
Library ADVAPI32.dll:
0x437000 RegSetValueExA
0x437004 RegCreateKeyExA
0x437008 RegQueryValueA
0x43700c RegOpenKeyA
0x437010 RegEnumKeyA
0x437014 RegDeleteKeyA
0x437018 RegOpenKeyExA
0x43701c RegQueryValueExA
0x437020 RegCloseKey
Library ole32.dll:
0x43753c OleInitialize
0x437540 CoRevokeClassObject
0x437548 OleFlushClipboard
0x43755c CoGetClassObject
0x437564 CoTaskMemAlloc
0x437568 OleUninitialize
0x43756c CoTaskMemFree
0x437570 CLSIDFromString
0x437574 CLSIDFromProgID

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.