SmartHawk

2.2

中危

39 个模型检测该样本为恶意！

重新分析

下载样本

0b7a38d7f1e5be7efb13f7e955659dcbefbbef32fd49a8252273ff1943c7ae07

7b9d1c21ce79d2bd6964a226162d641d.exe

分析耗时

15s

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	Trojan:Win32/Emotet.676cba8e	20190527	0.3.0.5
CrowdStrike	win/malicious_confidence_60% (W)	20190702	1.0
Tencent	Malware.Win32.Gencirc.10cdeb5f	20200908	1.0.0.1
Baidu		20190318	1.0.0.2
Kingsoft		20200908	2013.8.14.323
McAfee	Emotet-FRV!7B9D1C21CE79	20200908	6.0.6.653

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-08-21 00:10:12

Imports

Library KERNEL32.dll:

• 0x4360ac GetFileAttributesA

• 0x4360b0 GetFileTime

• 0x4360b4 HeapFree

• 0x4360b8 HeapAlloc

• 0x4360bc VirtualProtect

• 0x4360c0 VirtualAlloc

• 0x4360c4 GetSystemInfo

• 0x4360c8 VirtualQuery

• 0x4360cc HeapReAlloc

• 0x4360d0 GetCommandLineA

• 0x4360d4 GetProcessHeap

• 0x4360d8 GetStartupInfoA

• 0x4360dc RaiseException

• 0x4360e0 RtlUnwind

• 0x4360e4 HeapSize

• 0x4360e8 TerminateProcess

• 0x4360ec UnhandledExceptionFilter

• 0x4360f0 SetUnhandledExceptionFilter

• 0x4360f4 IsDebuggerPresent

• 0x4360f8 HeapDestroy

• 0x4360fc HeapCreate

• 0x436100 VirtualFree

• 0x436104 GetStdHandle

• 0x436108 Sleep

• 0x43610c LCMapStringA

• 0x436110 LCMapStringW

• 0x436114 FreeEnvironmentStringsA

• 0x436118 GetEnvironmentStrings

• 0x43611c FreeEnvironmentStringsW

• 0x436120 GetEnvironmentStringsW

• 0x436124 SetHandleCount

• 0x436128 GetFileType

• 0x43612c QueryPerformanceCounter

• 0x436130 GetSystemTimeAsFileTime

• 0x436134 GetStringTypeA

• 0x436138 GetStringTypeW

• 0x43613c GetTimeZoneInformation

• 0x436140 GetConsoleCP

• 0x436144 GetConsoleMode

• 0x436148 SetStdHandle

• 0x43614c WriteConsoleA

• 0x436150 GetConsoleOutputCP

• 0x436154 WriteConsoleW

• 0x436158 SetEnvironmentVariableA

• 0x43615c FileTimeToLocalFileTime

• 0x436160 GetTickCount

• 0x436164 SetErrorMode

• 0x436168 FileTimeToSystemTime

• 0x43616c GetOEMCP

• 0x436170 GetCPInfo

• 0x436174 CreateFileA

• 0x436178 GetFullPathNameA

• 0x43617c GetVolumeInformationA

• 0x436180 FindFirstFileA

• 0x436184 FindClose

• 0x436188 GetCurrentProcess

• 0x43618c DuplicateHandle

• 0x436190 GetFileSize

• 0x436194 SetEndOfFile

• 0x436198 UnlockFile

• 0x43619c LockFile

• 0x4361a0 FlushFileBuffers

• 0x4361a4 SetFilePointer

• 0x4361a8 WriteFile

• 0x4361ac ReadFile

• 0x4361b0 GetThreadLocale

• 0x4361b4 GlobalFlags

• 0x4361b8 WritePrivateProfileStringA

• 0x4361bc InterlockedIncrement

• 0x4361c0 TlsFree

• 0x4361c4 DeleteCriticalSection

• 0x4361c8 LocalReAlloc

• 0x4361cc TlsSetValue

• 0x4361d0 TlsAlloc

• 0x4361d4 InitializeCriticalSection

• 0x4361d8 GlobalHandle

• 0x4361dc GlobalReAlloc

• 0x4361e0 EnterCriticalSection

• 0x4361e4 TlsGetValue

• 0x4361e8 LeaveCriticalSection

• 0x4361ec LocalAlloc

• 0x4361f0 InterlockedDecrement

• 0x4361f4 GetModuleFileNameW

• 0x4361f8 GlobalGetAtomNameA

• 0x4361fc GlobalFindAtomA

• 0x436200 lstrcmpW

• 0x436204 GetVersionExA

• 0x436208 GetCurrentProcessId

• 0x43620c GlobalAddAtomA

• 0x436210 CloseHandle

• 0x436214 FreeResource

• 0x436218 GetCurrentThread

• 0x43621c GetCurrentThreadId

• 0x436220 ConvertDefaultLocale

• 0x436224 GetModuleFileNameA

• 0x436228 EnumResourceLanguagesA

• 0x43622c GetLocaleInfoA

• 0x436230 LoadLibraryA

• 0x436234 lstrcmpA

• 0x436238 FreeLibrary

• 0x43623c GlobalDeleteAtom

• 0x436240 GetModuleHandleA

• 0x436244 GetProcAddress

• 0x436248 GlobalFree

• 0x43624c GlobalAlloc

• 0x436250 GlobalLock

• 0x436254 GlobalUnlock

• 0x436258 FormatMessageA

• 0x43625c LocalFree

• 0x436260 MulDiv

• 0x436264 ExitProcess

• 0x436268 FindResourceA

• 0x43626c LoadResource

• 0x436270 LockResource

• 0x436274 SizeofResource

• 0x436278 SetLastError

• 0x43627c GetVersion

• 0x436280 CompareStringA

• 0x436284 GetLastError

• 0x436288 InterlockedExchange

• 0x43628c MultiByteToWideChar

• 0x436290 CompareStringW

• 0x436294 WideCharToMultiByte

• 0x436298 lstrlenA

• 0x43629c GetACP

Library USER32.dll:

• 0x4362f0 UnregisterClassA

• 0x4362f4 RegisterClipboardFormatA

• 0x4362f8 PostThreadMessageA

• 0x4362fc SetCapture

• 0x436300 LoadCursorA

• 0x436304 GetSysColorBrush

• 0x436308 MoveWindow

• 0x43630c SetWindowTextA

• 0x436310 IsDialogMessageA

• 0x436314 IsDlgButtonChecked

• 0x436318 CheckRadioButton

• 0x43631c EndPaint

• 0x436320 BeginPaint

• 0x436324 GetWindowDC

• 0x436328 ReleaseDC

• 0x43632c GetDC

• 0x436330 ClientToScreen

• 0x436334 GrayStringA

• 0x436338 DrawTextExA

• 0x43633c DrawTextA

• 0x436340 TabbedTextOutA

• 0x436344 DestroyMenu

• 0x436348 RegisterWindowMessageA

• 0x43634c SendDlgItemMessageA

• 0x436350 WinHelpA

• 0x436354 IsChild

• 0x436358 GetCapture

• 0x43635c GetClassLongA

• 0x436360 GetClassNameA

• 0x436364 SetPropA

• 0x436368 RemovePropA

• 0x43636c SetFocus

• 0x436370 GetWindowTextLengthA

• 0x436374 GetWindowTextA

• 0x436378 GetForegroundWindow

• 0x43637c MessageBeep

• 0x436380 GetTopWindow

• 0x436384 UnhookWindowsHookEx

• 0x436388 GetMessageTime

• 0x43638c GetMessagePos

• 0x436390 MapWindowPoints

• 0x436394 SetForegroundWindow

• 0x436398 UpdateWindow

• 0x43639c GetMenu

• 0x4363a0 CreateWindowExA

• 0x4363a4 GetClassInfoExA

• 0x4363a8 GetClassInfoA

• 0x4363ac RegisterClassA

• 0x4363b0 GetSysColor

• 0x4363b4 AdjustWindowRectEx

• 0x4363b8 EqualRect

• 0x4363bc CopyRect

• 0x4363c0 PtInRect

• 0x4363c4 GetDlgCtrlID

• 0x4363c8 DefWindowProcA

• 0x4363cc CallWindowProcA

• 0x4363d0 SetWindowLongA

• 0x4363d4 OffsetRect

• 0x4363d8 IntersectRect

• 0x4363dc SystemParametersInfoA

• 0x4363e0 GetWindowPlacement

• 0x4363e4 GetWindowRect

• 0x4363e8 GetWindowThreadProcessId

• 0x4363ec GetLastActivePopup

• 0x4363f0 MessageBoxA

• 0x4363f4 SetCursor

• 0x4363f8 SetWindowsHookExA

• 0x4363fc CallNextHookEx

• 0x436400 GetMessageA

• 0x436404 CharUpperA

• 0x436408 LoadIconA

• 0x43640c ShowWindow

• 0x436410 TranslateMessage

• 0x436414 DispatchMessageA

• 0x436418 IsWindowVisible

• 0x43641c GetKeyState

• 0x436420 PeekMessageA

• 0x436424 GetCursorPos

• 0x436428 ValidateRect

• 0x43642c SetMenuItemBitmaps

• 0x436430 GetMenuCheckMarkDimensions

• 0x436434 LoadBitmapA

• 0x436438 GetFocus

• 0x43643c ModifyMenuA

• 0x436440 EnableMenuItem

• 0x436444 GetNextDlgGroupItem

• 0x436448 InvalidateRgn

• 0x43644c InvalidateRect

• 0x436450 SetRect

• 0x436454 IsRectEmpty

• 0x436458 CopyAcceleratorTableA

• 0x43645c CharNextA

• 0x436460 ReleaseCapture

• 0x436464 GetSystemMenu

• 0x436468 AppendMenuA

• 0x43646c IsIconic

• 0x436470 GetSystemMetrics

• 0x436474 GetClientRect

• 0x436478 DrawIcon

• 0x43647c SendMessageA

• 0x436480 EnableWindow

• 0x436484 GetSubMenu

• 0x436488 GetMenuItemCount

• 0x43648c GetMenuItemID

• 0x436490 GetMenuState

• 0x436494 PostMessageA

• 0x436498 PostQuitMessage

• 0x43649c SetWindowPos

• 0x4364a0 MapDialogRect

• 0x4364a4 GetParent

• 0x4364a8 SetWindowContextHelpId

• 0x4364ac GetWindow

• 0x4364b0 EndDialog

• 0x4364b4 GetNextDlgTabItem

• 0x4364b8 IsWindowEnabled

• 0x4364bc GetDlgItem

• 0x4364c0 GetWindowLongA

• 0x4364c4 IsWindow

• 0x4364c8 DestroyWindow

• 0x4364cc CreateDialogIndirectParamA

• 0x4364d0 SetActiveWindow

• 0x4364d4 GetActiveWindow

• 0x4364d8 GetDesktopWindow

• 0x4364dc CheckMenuItem

• 0x4364e0 GetPropA

Library GDI32.dll:

• 0x436028 SetWindowExtEx

• 0x43602c ScaleWindowExtEx

• 0x436030 ExtSelectClipRgn

• 0x436034 DeleteDC

• 0x436038 GetStockObject

• 0x43603c GetBkColor

• 0x436040 GetTextColor

• 0x436044 CreateRectRgnIndirect

• 0x436048 GetRgnBox

• 0x43604c GetMapMode

• 0x436050 ScaleViewportExtEx

• 0x436054 SetViewportExtEx

• 0x436058 OffsetViewportOrgEx

• 0x43605c SetViewportOrgEx

• 0x436060 SelectObject

• 0x436064 Escape

• 0x436068 TextOutA

• 0x43606c RectVisible

• 0x436070 PtVisible

• 0x436074 GetDeviceCaps

• 0x436078 GetViewportExtEx

• 0x43607c DeleteObject

• 0x436080 SetMapMode

• 0x436084 RestoreDC

• 0x436088 SaveDC

• 0x43608c ExtTextOutA

• 0x436090 GetObjectA

• 0x436094 SetBkColor

• 0x436098 SetTextColor

• 0x43609c GetClipBox

• 0x4360a0 CreateBitmap

• 0x4360a4 GetWindowExtEx

Library comdlg32.dll:

• 0x4364f8 GetFileTitleA

Library WINSPOOL.DRV:

• 0x4364e8 DocumentPropertiesA

• 0x4364ec OpenPrinterA

• 0x4364f0 ClosePrinter

Library ADVAPI32.dll:

• 0x436000 RegSetValueExA

• 0x436004 RegCreateKeyExA

• 0x436008 RegQueryValueA

• 0x43600c RegEnumKeyA

• 0x436010 RegDeleteKeyA

• 0x436014 RegOpenKeyExA

• 0x436018 RegQueryValueExA

• 0x43601c RegOpenKeyA

• 0x436020 RegCloseKey

Library SHLWAPI.dll:

• 0x4362dc PathFindFileNameA

• 0x4362e0 PathStripToRootA

• 0x4362e4 PathFindExtensionA

• 0x4362e8 PathIsUNCA

Library oledlg.dll:

• 0x436540

Library ole32.dll:

• 0x436500 OleInitialize

• 0x436504 CoFreeUnusedLibraries

• 0x436508 OleUninitialize

• 0x43650c CreateILockBytesOnHGlobal

• 0x436510 StgCreateDocfileOnILockBytes

• 0x436514 StgOpenStorageOnILockBytes

• 0x436518 CoGetClassObject

• 0x43651c CLSIDFromString

• 0x436520 CoRevokeClassObject

• 0x436524 CoTaskMemAlloc

• 0x436528 CoTaskMemFree

• 0x43652c OleIsCurrentClipboard

• 0x436530 OleFlushClipboard

• 0x436534 CoRegisterMessageFilter

• 0x436538 CLSIDFromProgID

Library OLEAUT32.dll:

• 0x4362a4 SysAllocStringLen

• 0x4362a8 VariantClear

• 0x4362ac VariantChangeType

• 0x4362b0 VariantInit

• 0x4362b4 SysStringLen

• 0x4362b8 SysAllocStringByteLen

• 0x4362bc OleCreateFontIndirect

• 0x4362c0 VariantTimeToSystemTime

• 0x4362c4 SystemTimeToVariantTime

• 0x4362c8 SafeArrayDestroy

• 0x4362cc SysAllocString

• 0x4362d0 VariantCopy

• 0x4362d4 SysFreeString

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58368	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKDZ.69598
FireEye	Generic.mg.7b9d1c21ce79d2bd
ALYac	Trojan.Agent.Emotet
Zillya	Trojan.Emotet.Win32.24754
K7AntiVirus	Trojan ( 0056cef21 )
Alibaba	Trojan:Win32/Emotet.676cba8e
K7GW	Trojan ( 0056cef21 )
CrowdStrike	win/malicious_confidence_60% (W)
Arcabit	Trojan.Generic.D10FDE
Invincea	Mal/Generic-R + Troj/Emotet-CLM
Cyren	W32/Emotet.AQN.gen!Eldorado
Symantec	Trojan.Gen.MBT
ESET-NOD32	Win32/Emotet.CD
TrendMicro-HouseCall	TROJ_GEN.R002C0DHL20
Paloalto	generic.ml
ClamAV	Win.Packed.Atraps-9427203-0
BitDefender	Trojan.GenericKDZ.69598
NANO-Antivirus	Trojan.Win32.Emotet.hrymaj
ViRobot	Trojan.Win32.Emotet.421888.E
Tencent	Malware.Win32.Gencirc.10cdeb5f
Ad-Aware	Trojan.GenericKDZ.69598
TrendMicro	TROJ_GEN.R002C0DHL20
Sophos	Troj/Emotet-CLM
Ikarus	Trojan-Banker.Emotet
Jiangmin	Backdoor.Emotet.rw
Antiy-AVL	Trojan[Backdoor]/Win32.Emotet
Microsoft	Trojan:Win32/Emotet.ARJ!MTB
AegisLab	Trojan.Win32.Emotet.trto
GData	Trojan.GenericKDZ.69598
McAfee	Emotet-FRV!7B9D1C21CE79
VBA32	Backdoor.Emotet
APEX	Malicious
Rising	Trojan.Kryptik!1.CAEE (CLASSIC)
MAX	malware (ai score=87)
Fortinet	W32/Emotet.6DC5!tr
AVG	Win32:CrypterX-gen [Trj]
Panda	Trj/Genetic.gen
Qihoo-360	Win32/Trojan.cfe