3.0
中危
54 个模型检测该样本为恶意!
重新分析
更多

cd06cd467ba6c7f253a850450691e8b996f955b69f6fa9ff231f52bfe95fbd18

71209c7fc407220e9a698dac860554a7.exe

分析耗时

75s

最近分析

文件大小

700.0KB
静态报毒 动态报毒 100% ADTW AGEN AI SCORE=100 CONFIDENCE EGFJ ELDORADO EMOTET GENASA GENERIC@ML GENETIC GENKRYPTIK HCDS HIGH CONFIDENCE HNOPTW INJECT3 KCLOUD KRYPTIK LT9QVFUJ+IZKKYPFEJ6K8G MALWARE@#2JK21L7S6BB63 RDMK S + TROJ SCORE SUSGEN TRICKBO TRICKBOT TROJANX TSIDBPFZJAG UNSAFE WACATAC ZENPAK ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FPC!71209C7FC407 20201229 6.0.6.653
Alibaba Backdoor:Win32/Emotet.02d768ad 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:TrojanX-gen [Trj] 20201229 21.1.5827.0
Tencent Win32.Trojan.Zenpak.Adtw 20201229 1.0.0.1
Kingsoft Win32.Troj.Generic_a.a.(kcloud) 20201229 2017.9.26.565
静态指标
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (4 个事件)
Time & API Arguments Status Return Repeated
1619596030.663943
NtAllocateVirtualMemory
process_identifier: 1544
region_size: 274432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01f70000
success 0 0
1619618318.156626
NtAllocateVirtualMemory
process_identifier: 2996
region_size: 274432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01f50000
success 0 0
1619618335.640626
NtAllocateVirtualMemory
process_identifier: 2996
region_size: 200704
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02b40000
success 0 0
1619618335.656626
NtProtectVirtualMemory
process_identifier: 2996
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 200704
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02b81000
success 0 0
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619596046.179943
ShellExecuteExW
parameters:
filepath: C:\ProgramData\βιβλίαପୁସ୍ତକΔεपुस्.exe
filepath_r: C:\ProgramData\βιβλίαପୁସ୍ତକΔεपुस्.exe
show_type: 0
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 6.989421358458599 section {'size_of_data': '0x0001e000', 'virtual_address': '0x00095000', 'entropy': 6.989421358458599, 'name': '.rsrc', 'virtual_size': '0x0001da16'} description A section with a high entropy has been found
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Zusy.315185
FireEye Generic.mg.71209c7fc407220e
McAfee Emotet-FPC!71209C7FC407
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
SUPERAntiSpyware Trojan.Agent/Gen-Emotet
Sangfor Malware
K7AntiVirus Trojan ( 005632711 )
Alibaba Backdoor:Win32/Emotet.02d768ad
K7GW Trojan ( 005632711 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Zusy.D4CF31
Cyren W32/Kryptik.BIB.gen!Eldorado
Symantec Trojan Horse
APEX Malicious
Avast Win32:TrojanX-gen [Trj]
Kaspersky Trojan.Win32.Zenpak.xpb
BitDefender Gen:Variant.Zusy.315185
NANO-Antivirus Trojan.Win32.Zenpak.hnoptw
Paloalto generic.ml
AegisLab Trojan.Multi.Generic.4!c
Tencent Win32.Trojan.Zenpak.Adtw
Ad-Aware Gen:Variant.Zusy.315185
Sophos Mal/Generic-S + Troj/Trickbo-WC
Comodo Malware@#2jk21l7s6bb63
F-Secure Heuristic.HEUR/AGEN.1133166
DrWeb Trojan.Inject3.36659
McAfee-GW-Edition BehavesLike.Win32.Emotet.bh
Emsisoft Trojan.Agent (A)
Jiangmin Trojan.Zenpak.bpj
Avira HEUR/AGEN.1133166
Kingsoft Win32.Troj.Generic_a.a.(kcloud)
Gridinsoft Trojan.Win32.Agent.ba
Microsoft Trojan:Win32/Emotet.DDH!MTB
ViRobot Trojan.Win32.S.Trickbot.716800
ZoneAlarm Trojan.Win32.Zenpak.xpb
GData Gen:Variant.Zusy.315185
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Trickbot.C4028484
ALYac Trojan.Agent.Wacatac
MAX malware (ai score=100)
VBA32 Trojan.Zenpak
Malwarebytes Trojan.TrickBot
ESET-NOD32 a variant of Win32/Kryptik.HCDS
Rising Trojan.Generic@ML.85 (RDMK:lT9qVfuj+IzKkyPFEj6K8g)
Yandex Trojan.GenAsa!tsIDbPfzjag
Ikarus Trojan.Win32.Crypt
MaxSecure Trojan.Malware.1728101.susgen
Fortinet W32/GenKryptik.EGFJ!tr
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-02-03 04:58:39

Imports

Library KERNEL32.dll:
0x43d0bc ReadFile
0x43d0c0 WriteFile
0x43d0c4 SetFilePointer
0x43d0c8 FlushFileBuffers
0x43d0cc LockFile
0x43d0d0 UnlockFile
0x43d0d4 SetEndOfFile
0x43d0d8 GetFileSize
0x43d0dc GetThreadLocale
0x43d0e0 DuplicateHandle
0x43d0e4 GetCurrentProcess
0x43d0e8 FindClose
0x43d0ec FindFirstFileA
0x43d0f4 GetFullPathNameA
0x43d0f8 GetCPInfo
0x43d0fc GetOEMCP
0x43d104 SetErrorMode
0x43d10c GetFileAttributesA
0x43d110 GetTickCount
0x43d114 HeapAlloc
0x43d118 HeapFree
0x43d11c HeapReAlloc
0x43d120 VirtualProtect
0x43d124 VirtualAlloc
0x43d128 GetSystemInfo
0x43d12c VirtualQuery
0x43d130 RtlUnwind
0x43d134 RaiseException
0x43d138 GetCommandLineA
0x43d13c GetProcessHeap
0x43d140 GetStartupInfoA
0x43d144 ExitProcess
0x43d148 HeapSize
0x43d14c VirtualFree
0x43d150 HeapDestroy
0x43d154 HeapCreate
0x43d158 GetStdHandle
0x43d15c TerminateProcess
0x43d168 IsDebuggerPresent
0x43d17c SetHandleCount
0x43d180 GetFileType
0x43d18c GetACP
0x43d190 GetStringTypeA
0x43d194 GetStringTypeW
0x43d19c GetConsoleCP
0x43d1a0 GetConsoleMode
0x43d1a4 GetLocaleInfoW
0x43d1a8 LCMapStringA
0x43d1ac LCMapStringW
0x43d1b0 GetUserDefaultLCID
0x43d1b4 EnumSystemLocalesA
0x43d1b8 IsValidLocale
0x43d1bc IsValidCodePage
0x43d1c0 SetStdHandle
0x43d1c4 WriteConsoleA
0x43d1c8 GetConsoleOutputCP
0x43d1cc WriteConsoleW
0x43d1d4 GlobalFlags
0x43d1dc TlsFree
0x43d1e4 LocalReAlloc
0x43d1e8 TlsSetValue
0x43d1ec TlsAlloc
0x43d1f4 GlobalHandle
0x43d1f8 GlobalReAlloc
0x43d200 TlsGetValue
0x43d208 LocalAlloc
0x43d210 GetModuleFileNameW
0x43d214 GlobalGetAtomNameA
0x43d218 GlobalFindAtomA
0x43d21c lstrcmpW
0x43d220 GetVersionExA
0x43d228 FreeResource
0x43d22c GetCurrentProcessId
0x43d230 GlobalAddAtomA
0x43d234 GetCurrentThread
0x43d238 GetCurrentThreadId
0x43d240 GetModuleFileNameA
0x43d248 GetLocaleInfoA
0x43d24c LoadLibraryA
0x43d250 lstrcmpA
0x43d254 FreeLibrary
0x43d258 GlobalDeleteAtom
0x43d25c GetModuleHandleA
0x43d260 GlobalFree
0x43d264 GlobalAlloc
0x43d268 GlobalLock
0x43d26c GlobalUnlock
0x43d270 FormatMessageA
0x43d274 LocalFree
0x43d278 MulDiv
0x43d27c SetLastError
0x43d280 LoadLibraryW
0x43d284 GetProcAddress
0x43d288 FindResourceA
0x43d28c LoadResource
0x43d290 LockResource
0x43d294 SizeofResource
0x43d298 Sleep
0x43d29c CreateFileA
0x43d2a0 EscapeCommFunction
0x43d2a4 SetCommState
0x43d2a8 CloseHandle
0x43d2ac lstrlenA
0x43d2b0 CompareStringW
0x43d2b4 CompareStringA
0x43d2b8 GetVersion
0x43d2bc GetLastError
0x43d2c0 WideCharToMultiByte
0x43d2c4 MultiByteToWideChar
0x43d2c8 GetFileTime
0x43d2cc InterlockedExchange
Library USER32.dll:
0x43d320 CharNextA
0x43d328 IsRectEmpty
0x43d32c SetRect
0x43d330 InvalidateRect
0x43d334 InvalidateRgn
0x43d338 GetNextDlgGroupItem
0x43d33c MessageBeep
0x43d340 UnregisterClassA
0x43d348 PostThreadMessageA
0x43d34c ClientToScreen
0x43d350 GrayStringA
0x43d354 DrawTextExA
0x43d358 DrawTextA
0x43d35c TabbedTextOutA
0x43d360 DestroyMenu
0x43d364 ShowWindow
0x43d368 MoveWindow
0x43d36c SetWindowTextA
0x43d370 IsDialogMessageA
0x43d378 SendDlgItemMessageA
0x43d37c WinHelpA
0x43d380 IsChild
0x43d384 GetCapture
0x43d388 GetClassLongA
0x43d38c GetClassNameA
0x43d390 SetPropA
0x43d394 GetPropA
0x43d398 RemovePropA
0x43d39c SetFocus
0x43d3a0 GetWindowTextA
0x43d3a4 GetForegroundWindow
0x43d3a8 GetTopWindow
0x43d3ac UnhookWindowsHookEx
0x43d3b0 GetMessageTime
0x43d3b4 MapWindowPoints
0x43d3b8 ReleaseCapture
0x43d3bc SetForegroundWindow
0x43d3c0 UpdateWindow
0x43d3c4 GetMenu
0x43d3c8 CreateWindowExA
0x43d3cc GetClassInfoExA
0x43d3d0 GetClassInfoA
0x43d3d4 RegisterClassA
0x43d3d8 GetSysColor
0x43d3dc AdjustWindowRectEx
0x43d3e0 EqualRect
0x43d3e4 CopyRect
0x43d3e8 PtInRect
0x43d3ec GetDlgCtrlID
0x43d3f0 DefWindowProcA
0x43d3f4 CallWindowProcA
0x43d3f8 SetWindowLongA
0x43d3fc OffsetRect
0x43d400 IntersectRect
0x43d408 GetWindowPlacement
0x43d40c GetWindowRect
0x43d410 GetWindow
0x43d418 MapDialogRect
0x43d41c SetWindowPos
0x43d420 GetDesktopWindow
0x43d424 SetActiveWindow
0x43d42c DestroyWindow
0x43d430 IsWindow
0x43d434 GetDlgItem
0x43d438 GetNextDlgTabItem
0x43d43c EndDialog
0x43d444 GetWindowLongA
0x43d448 GetLastActivePopup
0x43d44c IsWindowEnabled
0x43d450 CharUpperA
0x43d454 DrawIcon
0x43d458 AppendMenuA
0x43d45c MessageBoxA
0x43d460 SetCursor
0x43d464 SetWindowsHookExA
0x43d468 CallNextHookEx
0x43d46c GetMessageA
0x43d470 TranslateMessage
0x43d474 DispatchMessageA
0x43d478 GetActiveWindow
0x43d47c IsWindowVisible
0x43d480 GetKeyState
0x43d484 PeekMessageA
0x43d488 GetCursorPos
0x43d48c SetCapture
0x43d490 LoadCursorA
0x43d494 GetSysColorBrush
0x43d498 SendMessageA
0x43d49c GetSystemMenu
0x43d4a0 IsIconic
0x43d4a4 GetClientRect
0x43d4a8 EnableWindow
0x43d4ac LoadIconA
0x43d4b0 GetSystemMetrics
0x43d4b4 EndPaint
0x43d4b8 BeginPaint
0x43d4bc GetWindowDC
0x43d4c0 ReleaseDC
0x43d4c4 GetDC
0x43d4c8 GetSubMenu
0x43d4cc GetMenuItemCount
0x43d4d0 GetMenuItemID
0x43d4d4 GetMenuState
0x43d4d8 PostQuitMessage
0x43d4dc PostMessageA
0x43d4e0 CheckMenuItem
0x43d4e4 EnableMenuItem
0x43d4e8 ModifyMenuA
0x43d4ec GetParent
0x43d4f0 GetFocus
0x43d4f4 LoadBitmapA
0x43d4fc SetMenuItemBitmaps
0x43d500 ValidateRect
0x43d504 GetMessagePos
Library CRYPT32.dll:
Library COMCTL32.dll:
0x43d028
Library SHLWAPI.dll:
0x43d30c PathFindFileNameA
0x43d310 PathStripToRootA
0x43d314 PathFindExtensionA
0x43d318 PathIsUNCA
Library oledlg.dll:
0x43d564
Library GDI32.dll:
0x43d038 ExtSelectClipRgn
0x43d03c DeleteDC
0x43d040 GetStockObject
0x43d044 CreateBitmap
0x43d048 GetClipBox
0x43d04c SetTextColor
0x43d050 SetBkColor
0x43d054 GetObjectA
0x43d058 ExtTextOutA
0x43d05c SaveDC
0x43d060 ScaleWindowExtEx
0x43d064 SetWindowExtEx
0x43d068 RestoreDC
0x43d06c GetBkColor
0x43d070 GetTextColor
0x43d078 GetRgnBox
0x43d07c GetMapMode
0x43d080 ScaleViewportExtEx
0x43d084 SetViewportExtEx
0x43d088 OffsetViewportOrgEx
0x43d08c SetViewportOrgEx
0x43d090 SelectObject
0x43d094 Escape
0x43d098 TextOutA
0x43d09c RectVisible
0x43d0a0 PtVisible
0x43d0a4 GetDeviceCaps
0x43d0a8 GetViewportExtEx
0x43d0ac DeleteObject
0x43d0b0 SetMapMode
0x43d0b4 GetWindowExtEx
Library WINSPOOL.DRV:
0x43d50c OpenPrinterA
0x43d510 ClosePrinter
0x43d514 DocumentPropertiesA
Library comdlg32.dll:
0x43d51c GetFileTitleA
Library ADVAPI32.dll:
0x43d000 RegSetValueExA
0x43d004 RegCreateKeyExA
0x43d008 RegQueryValueA
0x43d00c RegEnumKeyA
0x43d010 RegDeleteKeyA
0x43d014 RegOpenKeyExA
0x43d018 RegQueryValueExA
0x43d01c RegOpenKeyA
0x43d020 RegCloseKey
Library ole32.dll:
0x43d524 OleInitialize
0x43d52c OleUninitialize
0x43d53c CoGetClassObject
0x43d540 CLSIDFromString
0x43d544 OleFlushClipboard
0x43d548 CoRevokeClassObject
0x43d54c CLSIDFromProgID
0x43d550 CoTaskMemAlloc
0x43d554 CoTaskMemFree
Library OLEAUT32.dll:
0x43d2d4 SysAllocStringLen
0x43d2d8 VariantClear
0x43d2dc VariantChangeType
0x43d2e0 VariantInit
0x43d2e4 SysStringLen
0x43d2f8 SafeArrayDestroy
0x43d2fc SysAllocString
0x43d300 VariantCopy
0x43d304 SysFreeString

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49238 239.255.255.250 1900
192.168.56.101 49714 239.255.255.250 3702
192.168.56.101 49716 239.255.255.250 3702
192.168.56.101 53658 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.