7.2
高危
57 个模型检测该样本为恶意!
重新分析
更多

b6676b16e9117e2b65774276f299ca41b7039a48d1ebd28eaa9b3b0deb0fefda

6cc352a6a9729c5c02c878684ee528a8.exe

分析耗时

81s

最近分析

文件大小

268.0KB
静态报毒 动态报毒 100% AI SCORE=80 CONFIDENCE DOWNLOADER34 ELDORADO EMOTET ENQXC GDND GENCIRC GENERICKDZ GENETIC HFZB HGIASOQA HIGH CONFIDENCE HUCSVI KRYPTIK OBFUSE QRYOC0YXLYU R + TROJ SCORE SMTHP SUSGEN TROJANBANKER TROJANX UNSAFE VOBFUSAGENTHQ X0326FSZVZ0 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Baidu 20190318 1.0.0.2
Avast Win32:TrojanX-gen [Trj] 20210222 21.1.5827.0
Alibaba Trojan:Win32/Emotet.1bd737ec 20190527 0.3.0.5
Kingsoft 20210223 2017.9.26.565
McAfee Emotet-FSD!6CC352A6A972 20210223 6.0.6.653
Tencent Malware.Win32.Gencirc.10cdfe48 20210223 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20210203 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1620955345.931751
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1620955335.744751
CryptGenKey
crypto_handle: 0x008a5b08
algorithm_identifier: 0x0000660e ()
provider_handle: 0x008a5310
flags: 1
key: f1TÌl'‡Õe€ à‰æñ(
success 1 0
1620955345.962751
CryptExportKey
crypto_handle: 0x008a5b08
crypto_export_handle: 0x008a5ac8
buffer: f¤(zSʃ¢›má ü”íp†½rǼXé8þK©Ñ UóÛÓ)Þ¬dr€!XÉ0ÉÛ-ÔUdFÚ}­‚qµ—gƒWQɓ·J^Ô$ám7žïó~ØßÀc2 st»§…
blob_type: 1
flags: 64
success 1 0
1620955381.822751
CryptExportKey
crypto_handle: 0x008a5b08
crypto_export_handle: 0x008a5ac8
buffer: f¤)÷örƜØ}øþ· #ì€kÀCFÚQˊ:½8nî!¹ûdhÓ ®ý`»ç2¸ µUõr©T¨#· ·¬.•!vh£X! 6¡æO‚.k™âF¤ÒuM‰V
blob_type: 1
flags: 64
success 1 0
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620955334.900751
NtAllocateVirtualMemory
process_identifier: 520
region_size: 45056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00840000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1620955334.931751
NtProtectVirtualMemory
process_identifier: 520
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 28672
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffff
base_address: 0x01d61000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620955346.853751
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 6.959926921745421 section {'size_of_data': '0x00010000', 'virtual_address': '0x00037000', 'entropy': 6.959926921745421, 'name': '.rsrc', 'virtual_size': '0x0000ffa8'} description A section with a high entropy has been found
entropy 0.24242424242424243 description Overall entropy of this PE file is high
Expresses interest in specific running processes (1 个事件)
process 6cc352a6a9729c5c02c878684ee528a8.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1620955346.275751
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 118.2.218.1
host 172.217.24.14
host 51.254.140.91
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620955349.462751
RegSetValueExA
key_handle: 0x000003b4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620955349.462751
RegSetValueExA
key_handle: 0x000003b4
value: pUýgH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620955349.462751
RegSetValueExA
key_handle: 0x000003b4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620955349.462751
RegSetValueExW
key_handle: 0x000003b4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620955349.462751
RegSetValueExA
key_handle: 0x000003cc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620955349.462751
RegSetValueExA
key_handle: 0x000003cc
value: pUýgH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620955349.462751
RegSetValueExA
key_handle: 0x000003cc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620955349.509751
RegSetValueExW
key_handle: 0x000003b0
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 个事件)
Bkav W32.VobfusAgentHQ.Trojan
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.69924
FireEye Generic.mg.6cc352a6a9729c5c
ALYac Trojan.Agent.Emotet
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
AegisLab Trojan.Win32.Emotet.L!c
Sangfor Trojan.Win32.Emotet.gdnd
K7AntiVirus Trojan ( 0056de091 )
BitDefender Trojan.GenericKDZ.69924
K7GW Trojan ( 0056dcb21 )
Cybereason malicious.6a9729
Cyren W32/Kryptik.BWJ.gen!Eldorado
Symantec Packed.Generic.554
ESET-NOD32 a variant of Win32/Kryptik.HFZB
APEX Malicious
Avast Win32:TrojanX-gen [Trj]
ClamAV Win.Malware.Emotet-9753021-0
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.pef
Alibaba Trojan:Win32/Emotet.1bd737ec
NANO-Antivirus Trojan.Win32.Emotet.hucsvi
ViRobot Trojan.Win32.Emotet.274432.A
Rising Downloader.Obfuse!8.105AD (TFE:6:qryoc0yxlYU)
Ad-Aware Trojan.GenericKDZ.69924
TACHYON Trojan/W32.Agent.274432.ALH
Sophos Mal/Generic-R + Troj/Emotet-CLZ
F-Secure Trojan.TR/Crypt.Agent.enqxc
DrWeb Trojan.DownLoader34.32692
Zillya Trojan.Emotet.Win32.28359
TrendMicro TrojanSpy.Win32.EMOTET.SMTHP
McAfee-GW-Edition BehavesLike.Win32.Emotet.dh
Emsisoft Trojan.Emotet (A)
Jiangmin Trojan.Banker.Emotet.oic
Avira TR/Crypt.Agent.enqxc
Antiy-AVL Trojan[Banker]/Win32.Emotet
Microsoft Trojan:Win32/Emotet.ARK!MTB
Gridinsoft Trojan.Win32.Emotet.oa
Arcabit Trojan.Generic.D11124
AhnLab-V3 Malware/Win32.Generic.C4192695
ZoneAlarm HEUR:Trojan-Banker.Win32.Emotet.pef
GData Trojan.GenericKDZ.69924
Cynet Malicious (score: 100)
McAfee Emotet-FSD!6CC352A6A972
MAX malware (ai score=80)
VBA32 TrojanBanker.Emotet
Malwarebytes Trojan.Agent
Panda Trj/Genetic.gen
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMTHP
Tencent Malware.Win32.Gencirc.10cdfe48
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 51.254.140.91:7080
dead_host 118.2.218.1:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-09-05 01:03:35

Imports

Library KERNEL32.dll:
0x4260b4 RtlUnwind
0x4260b8 GetStartupInfoA
0x4260bc GetCommandLineA
0x4260c0 ExitProcess
0x4260c4 TerminateProcess
0x4260c8 HeapReAlloc
0x4260cc HeapSize
0x4260d0 HeapDestroy
0x4260d4 HeapCreate
0x4260d8 VirtualFree
0x4260dc IsBadWritePtr
0x4260e0 LCMapStringA
0x4260e4 LCMapStringW
0x4260e8 GetStdHandle
0x4260fc VirtualQuery
0x426100 SetHandleCount
0x426104 GetFileType
0x42610c GetCurrentProcessId
0x426118 GetStringTypeA
0x42611c GetStringTypeW
0x426124 IsBadReadPtr
0x426128 IsBadCodePtr
0x42612c SetStdHandle
0x426134 GetSystemInfo
0x426138 VirtualAlloc
0x42613c VirtualProtect
0x426140 HeapFree
0x426144 HeapAlloc
0x426148 GetTickCount
0x42614c GetFileTime
0x426150 GetFileAttributesA
0x426158 SetErrorMode
0x426160 GetOEMCP
0x426164 GetCPInfo
0x426168 CreateFileA
0x42616c GetFullPathNameA
0x426174 FindFirstFileA
0x426178 FindClose
0x42617c GetCurrentProcess
0x426180 DuplicateHandle
0x426184 GetFileSize
0x426188 SetEndOfFile
0x42618c UnlockFile
0x426190 LockFile
0x426194 FlushFileBuffers
0x426198 SetFilePointer
0x42619c WriteFile
0x4261a0 ReadFile
0x4261a4 GlobalFlags
0x4261a8 TlsFree
0x4261ac LocalReAlloc
0x4261b0 TlsSetValue
0x4261b4 TlsAlloc
0x4261b8 TlsGetValue
0x4261c0 GlobalHandle
0x4261c4 GlobalReAlloc
0x4261cc LocalAlloc
0x4261dc RaiseException
0x4261e0 GlobalGetAtomNameA
0x4261e4 GlobalFindAtomA
0x4261e8 lstrcatA
0x4261ec lstrcmpW
0x4261f8 FreeResource
0x4261fc CloseHandle
0x426200 GlobalAddAtomA
0x426204 GetCurrentThread
0x426208 GetCurrentThreadId
0x42620c FreeLibrary
0x426210 GlobalDeleteAtom
0x426214 lstrcmpA
0x426218 GetModuleFileNameA
0x42621c GetModuleHandleA
0x426228 lstrcpyA
0x42622c LoadLibraryA
0x426230 SetLastError
0x426234 GlobalFree
0x426238 MulDiv
0x42623c GlobalAlloc
0x426240 GlobalLock
0x426244 GlobalUnlock
0x426248 FormatMessageA
0x42624c lstrcpynA
0x426250 LocalFree
0x426254 LoadLibraryW
0x426258 GetProcAddress
0x42625c FindResourceA
0x426260 LoadResource
0x426264 LockResource
0x426268 SizeofResource
0x42626c CompareStringW
0x426270 CompareStringA
0x426274 lstrlenA
0x426278 lstrcmpiA
0x42627c GetVersion
0x426280 GetLastError
0x426284 WideCharToMultiByte
0x426288 MultiByteToWideChar
0x42628c GetVersionExA
0x426290 GetThreadLocale
0x426294 GetLocaleInfoA
0x426298 GetACP
0x4262a0 InterlockedExchange
Library USER32.dll:
0x4262f0 PostThreadMessageA
0x4262f4 MessageBeep
0x4262f8 GetNextDlgGroupItem
0x4262fc InvalidateRgn
0x426300 InvalidateRect
0x426308 SetRect
0x42630c IsRectEmpty
0x426310 CharNextA
0x426314 ReleaseCapture
0x426318 SetCapture
0x42631c LoadCursorA
0x426320 GetSysColorBrush
0x426324 EndPaint
0x426328 BeginPaint
0x42632c GetWindowDC
0x426330 ReleaseDC
0x426334 GetDC
0x426338 ClientToScreen
0x42633c GrayStringA
0x426340 DrawTextExA
0x426344 DrawTextA
0x426348 TabbedTextOutA
0x42634c ShowWindow
0x426350 MoveWindow
0x426354 SetWindowTextA
0x426358 IsDialogMessageA
0x426360 WinHelpA
0x426364 GetCapture
0x426368 CreateWindowExA
0x42636c GetClassLongA
0x426370 GetClassInfoExA
0x426374 GetClassNameA
0x426378 SetPropA
0x42637c GetPropA
0x426380 RemovePropA
0x426384 SendDlgItemMessageA
0x426388 SetFocus
0x42638c IsChild
0x426394 GetWindowTextA
0x426398 GetForegroundWindow
0x42639c GetTopWindow
0x4263a0 GetMessageTime
0x4263a4 MapWindowPoints
0x4263a8 SetForegroundWindow
0x4263ac UpdateWindow
0x4263b0 GetMenu
0x4263b4 AdjustWindowRectEx
0x4263b8 EqualRect
0x4263bc GetClassInfoA
0x4263c0 RegisterClassA
0x4263c4 UnregisterClassA
0x4263c8 GetDlgCtrlID
0x4263cc DefWindowProcA
0x4263d0 CallWindowProcA
0x4263d4 SetWindowLongA
0x4263d8 OffsetRect
0x4263dc IntersectRect
0x4263e0 GetWindowPlacement
0x4263e4 GetWindowRect
0x4263e8 PtInRect
0x4263ec CharUpperA
0x4263f0 DrawIcon
0x4263f4 AppendMenuA
0x4263f8 SendMessageA
0x4263fc GetSystemMenu
0x426400 IsIconic
0x426404 GetClientRect
0x426408 EnableWindow
0x42640c LoadIconA
0x426410 GetSystemMetrics
0x426414 GetSysColor
0x42641c DestroyMenu
0x426420 CopyRect
0x426424 UnhookWindowsHookEx
0x426428 GetWindow
0x426430 MapDialogRect
0x426434 SetWindowPos
0x426438 wsprintfA
0x42643c GetDesktopWindow
0x426440 SetActiveWindow
0x42644c DestroyWindow
0x426450 IsWindow
0x426454 GetDlgItem
0x426458 GetNextDlgTabItem
0x42645c EndDialog
0x426460 SetMenuItemBitmaps
0x426464 GetFocus
0x426468 ModifyMenuA
0x42646c EnableMenuItem
0x426470 CheckMenuItem
0x426478 LoadBitmapA
0x42647c GetMessagePos
0x426480 GetSubMenu
0x426484 GetMenuItemCount
0x426488 GetMenuItemID
0x42648c GetMenuState
0x426490 PostMessageA
0x426494 PostQuitMessage
0x426498 SetCursor
0x42649c IsWindowEnabled
0x4264a0 GetLastActivePopup
0x4264a4 GetWindowLongA
0x4264a8 GetParent
0x4264ac MessageBoxA
0x4264b0 ValidateRect
0x4264b4 GetCursorPos
0x4264b8 PeekMessageA
0x4264bc GetKeyState
0x4264c0 IsWindowVisible
0x4264c4 GetActiveWindow
0x4264c8 DispatchMessageA
0x4264cc TranslateMessage
0x4264d0 GetMessageA
0x4264d4 CallNextHookEx
0x4264d8 SetWindowsHookExA
Library GDI32.dll:
0x426030 GetBkColor
0x426034 GetTextColor
0x42603c GetRgnBox
0x426040 GetStockObject
0x426044 DeleteDC
0x426048 ExtSelectClipRgn
0x42604c ScaleWindowExtEx
0x426050 SetWindowExtEx
0x426054 ScaleViewportExtEx
0x426058 SetViewportExtEx
0x42605c OffsetViewportOrgEx
0x426060 SetViewportOrgEx
0x426064 SelectObject
0x426068 Escape
0x42606c TextOutA
0x426070 RectVisible
0x426074 GetMapMode
0x426078 GetDeviceCaps
0x42607c GetWindowExtEx
0x426080 GetViewportExtEx
0x426084 DeleteObject
0x426088 SetMapMode
0x42608c RestoreDC
0x426090 SaveDC
0x426094 SetBkColor
0x426098 SetTextColor
0x42609c GetClipBox
0x4260a0 ExtTextOutA
0x4260a4 GetObjectA
0x4260a8 CreateBitmap
0x4260ac PtVisible
Library comdlg32.dll:
0x4264f0 GetFileTitleA
Library WINSPOOL.DRV:
0x4264e0 OpenPrinterA
0x4264e4 DocumentPropertiesA
0x4264e8 ClosePrinter
Library ADVAPI32.dll:
0x426000 RegQueryValueExA
0x426004 RegCreateKeyExA
0x426008 RegSetValueExA
0x42600c RegOpenKeyA
0x426010 RegOpenKeyExA
0x426014 RegDeleteKeyA
0x426018 RegEnumKeyA
0x42601c RegQueryValueA
0x426020 RegCloseKey
Library COMCTL32.dll:
0x426028
Library SHLWAPI.dll:
0x4262dc PathFindFileNameA
0x4262e0 PathStripToRootA
0x4262e4 PathFindExtensionA
0x4262e8 PathIsUNCA
Library oledlg.dll:
0x426538
Library ole32.dll:
0x426504 CoGetClassObject
0x426508 CLSIDFromString
0x42650c CLSIDFromProgID
0x426510 CoTaskMemFree
0x426514 OleUninitialize
0x426520 OleFlushClipboard
0x426528 CoRevokeClassObject
0x42652c CoTaskMemAlloc
0x426530 OleInitialize
Library OLEAUT32.dll:
0x4262a8 SysAllocStringLen
0x4262ac VariantClear
0x4262b0 VariantChangeType
0x4262b4 VariantInit
0x4262b8 SysStringLen
0x4262c8 SafeArrayDestroy
0x4262cc SysAllocString
0x4262d0 VariantCopy
0x4262d4 SysFreeString

Exports

Ordinal Address Name
1 0x401545 UUACZDADWAJJJJJ

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50003 239.255.255.250 3702
192.168.56.101 56809 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.