6.0
高危
53 个模型检测该样本为恶意!
重新分析
更多

e59af1342e79f9d8fdfb7b1ad7503cc3361cd8548f9df0433795bf543fed977f

7ccf1ecb5cfb8fcf11b8eba0f00eb28b.exe

分析耗时

81s

最近分析

文件大小

464.0KB
静态报毒 动态报毒 AI SCORE=87 AIDETECTVM ATTRIBUTE CDWFC CLASSIC DOWNLOADER34 ELDORADO EMOTET GENCIRC GENERICKDZ GENETIC HFMY HIGH CONFIDENCE HIGHCONFIDENCE HRWWCX IGENERIC INJUKE KRYPTIK MALWARE1 R + TROJ R002C0DHE20 SCORE SQD+DSK3A SUSGEN UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRV!7CCF1ECB5CFB 20200909 6.0.6.653
Alibaba Trojan:Win32/Injuke.e0da795f 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20200909 18.4.3895.0
Tencent Malware.Win32.Gencirc.10cde818 20200909 1.0.0.1
Kingsoft 20200909 2013.8.14.323
CrowdStrike 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619677435.266125
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1619677426.470125
CryptGenKey
crypto_handle: 0x00604588
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00606648
flags: 1
key: f›%E¸­/!iwù(àg>-
success 1 0
1619677435.282125
CryptExportKey
crypto_handle: 0x00604588
crypto_export_handle: 0x00604508
buffer: f¤BÍzЋjÀÄû™öíÎTü‹üxCÑ鎾mÌ×ùAŠ˜yÂæg%°™¹OÛ)K{æÂ,Á¿‹®²{…c=¡Ã¶T3œ›ñîcôÐéã‘ÜþeEϘÍ&÷þp
blob_type: 1
flags: 64
success 1 0
1619677471.688125
CryptExportKey
crypto_handle: 0x00604588
crypto_export_handle: 0x00604508
buffer: f¤(DyÆßС£C¥íÊî§(ö#_Dü„ê`4¡'‡.µ$%XW—Û8Ê$*l½þ+Ú×/ˆð+G<@mæø~YAÀ–Ù¦Âšá$¹9cu’ ökÊõ×Ñ ¤¿1ebkpÈ
blob_type: 1
flags: 64
success 1 0
This executable has a PDB path (1 个事件)
pdb_path c:\Users\Mr.Anderson\Desktop\Vc++ 6.0\13.8.20\cgridlistctrlex-master\cgridlistctrlex-master\vs2003\Release\CGridListCtrlEx.pdb
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619677425.923125
NtAllocateVirtualMemory
process_identifier: 1632
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x007c0000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619677435.876125
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process 7ccf1ecb5cfb8fcf11b8eba0f00eb28b.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619677435.501125
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 201.171.150.41
host 94.76.247.61
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619677438.470125
RegSetValueExA
key_handle: 0x000003c4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619677438.470125
RegSetValueExA
key_handle: 0x000003c4
value: PZµžÈ<×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619677438.470125
RegSetValueExA
key_handle: 0x000003c4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619677438.470125
RegSetValueExW
key_handle: 0x000003c4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619677438.470125
RegSetValueExA
key_handle: 0x000003dc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619677438.470125
RegSetValueExA
key_handle: 0x000003dc
value: PZµžÈ<×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619677438.470125
RegSetValueExA
key_handle: 0x000003dc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619677438.501125
RegSetValueExW
key_handle: 0x000003c0
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
Cynet Malicious (score: 85)
FireEye Trojan.GenericKDZ.69431
CAT-QuickHeal Trojan.IGENERIC
McAfee Emotet-FRV!7CCF1ECB5CFB
Cylance Unsafe
Zillya Backdoor.Emotet.Win32.938
SUPERAntiSpyware Trojan.Agent/Gen-Emotet
Sangfor Malware
K7AntiVirus Trojan ( 0056c7e01 )
Alibaba Trojan:Win32/Injuke.e0da795f
K7GW Trojan ( 0056c7e01 )
Arcabit Trojan.Generic.D10F37
Invincea Mal/Generic-R + Troj/Emotet-CLA
Cyren W32/Emotet.APQ.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
Kaspersky Trojan.Win32.Injuke.pme
BitDefender Trojan.GenericKDZ.69431
NANO-Antivirus Trojan.Win32.Injuke.hrwwcx
MicroWorld-eScan Trojan.GenericKDZ.69431
Avast Win32:Malware-gen
Tencent Malware.Win32.Gencirc.10cde818
Ad-Aware Trojan.GenericKDZ.69431
F-Secure Trojan.TR/Kryptik.cdwfc
DrWeb Trojan.DownLoader34.22507
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R002C0DHE20
Sophos Troj/Emotet-CLA
Jiangmin Trojan.Banker.Emotet.odi
Avira TR/Kryptik.cdwfc
Antiy-AVL Trojan[Backdoor]/Win32.Emotet
Microsoft Trojan:Win32/Emotet.ARJ!MTB
AegisLab Trojan.Win32.Injuke.4!c
ZoneAlarm Trojan.Win32.Injuke.pme
GData Trojan.GenericKDZ.69431
TACHYON Backdoor/W32.Emotet.475136
AhnLab-V3 Malware/Win32.Generic.C4180461
ALYac Trojan.Agent.Emotet
MAX malware (ai score=87)
Malwarebytes Trojan.MalPack.TRE
ESET-NOD32 a variant of Win32/Kryptik.HFMY
TrendMicro-HouseCall TROJ_GEN.R002C0DHE20
Rising Trojan.Kryptik!1.CA5D (CLASSIC)
Yandex Trojan.Kryptik!c/sQD+dSk3A
Ikarus Trojan-Banker.Emotet
MaxSecure Trojan.Malware.105305601.susgen
Fortinet W32/Emotet.E88D!tr
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 94.76.247.61:8080
dead_host 201.171.150.41:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-13 17:23:00

Imports

Library KERNEL32.dll:
0x448104 GetSystemInfo
0x448108 VirtualQuery
0x44810c HeapReAlloc
0x448114 GetStartupInfoA
0x448118 GetCommandLineA
0x44811c TerminateProcess
0x448120 HeapSize
0x448128 GetCurrentProcessId
0x44812c LCMapStringA
0x448130 LCMapStringW
0x44813c HeapDestroy
0x448140 HeapCreate
0x448144 VirtualFree
0x448148 IsBadWritePtr
0x44814c VirtualAlloc
0x448150 GetStringTypeW
0x448154 GetStdHandle
0x44816c SetHandleCount
0x448170 GetFileType
0x448174 IsBadReadPtr
0x448178 IsBadCodePtr
0x44817c GetUserDefaultLCID
0x448180 EnumSystemLocalesA
0x448184 IsValidLocale
0x448188 IsValidCodePage
0x44818c SetStdHandle
0x448190 GetLocaleInfoW
0x448198 InterlockedExchange
0x44819c VirtualProtect
0x4481a0 HeapFree
0x4481a4 HeapAlloc
0x4481a8 GetDateFormatA
0x4481ac GetTimeFormatA
0x4481b0 RtlUnwind
0x4481b4 GetFileTime
0x4481b8 GetFileAttributesA
0x4481bc SetErrorMode
0x4481c4 GetOEMCP
0x4481c8 GetCPInfo
0x4481cc CreateFileA
0x4481d0 GetFullPathNameA
0x4481d8 FindFirstFileA
0x4481dc FindClose
0x4481e0 GetCurrentProcess
0x4481e4 DuplicateHandle
0x4481e8 GetFileSize
0x4481ec SetEndOfFile
0x4481f0 UnlockFile
0x4481f4 LockFile
0x4481f8 FlushFileBuffers
0x4481fc SetFilePointer
0x448200 WriteFile
0x448204 ReadFile
0x448208 TlsFree
0x44820c LocalReAlloc
0x448210 TlsSetValue
0x448214 TlsAlloc
0x448218 TlsGetValue
0x448220 GlobalHandle
0x448224 GlobalReAlloc
0x44822c LocalAlloc
0x448230 GlobalFlags
0x448238 GetProfileIntA
0x448244 SetLastError
0x448248 CopyFileA
0x44824c MulDiv
0x448250 GlobalSize
0x448254 FormatMessageA
0x448258 LocalFree
0x44825c GlobalGetAtomNameA
0x448260 GlobalFindAtomA
0x448264 lstrcatA
0x448268 lstrcmpW
0x44826c GetTickCount
0x448278 FreeResource
0x44827c CloseHandle
0x448280 GlobalAddAtomA
0x448284 GetCurrentThread
0x448288 GetCurrentThreadId
0x44828c GlobalDeleteAtom
0x448290 lstrcmpA
0x448294 GetModuleFileNameA
0x448298 GetModuleHandleA
0x4482a4 lstrcpyA
0x4482a8 GlobalAlloc
0x4482ac GlobalLock
0x4482b0 GlobalUnlock
0x4482b4 GlobalFree
0x4482b8 lstrcpynA
0x4482bc Sleep
0x4482c0 LoadLibraryA
0x4482c4 GetProcAddress
0x4482c8 FreeLibrary
0x4482cc VerSetConditionMask
0x4482d0 VerifyVersionInfoA
0x4482d4 DebugBreak
0x4482d8 CompareStringW
0x4482dc CompareStringA
0x4482e0 lstrlenA
0x4482e4 lstrlenW
0x4482e8 lstrcmpiA
0x4482ec GetVersion
0x4482f8 GetLastError
0x4482fc RaiseException
0x448300 MultiByteToWideChar
0x448304 ExitProcess
0x448308 WideCharToMultiByte
0x44830c FindResourceA
0x448310 LoadResource
0x448314 LockResource
0x448318 SizeofResource
0x44831c GetVersionExA
0x448320 GetThreadLocale
0x448324 GetLocaleInfoA
0x448328 GetACP
0x44832c GetStringTypeA
Library USER32.dll:
0x448394 InvalidateRgn
0x44839c CharNextA
0x4483a0 PostThreadMessageA
0x4483a4 GetSysColorBrush
0x4483a8 LoadCursorA
0x4483ac WindowFromPoint
0x4483b0 ReleaseCapture
0x4483b4 SetCapture
0x4483b8 SetRect
0x4483bc IsRectEmpty
0x4483c0 EndPaint
0x4483c4 BeginPaint
0x4483c8 GetWindowDC
0x4483cc ClientToScreen
0x4483d0 GrayStringA
0x4483d4 DrawTextExA
0x4483d8 TabbedTextOutA
0x4483dc DestroyMenu
0x4483e0 ShowWindow
0x4483e4 MoveWindow
0x4483e8 SetWindowTextA
0x4483ec IsDialogMessageA
0x4483f0 WinHelpA
0x4483f4 GetCapture
0x4483f8 CreateWindowExA
0x4483fc GetClassLongA
0x448400 GetClassInfoExA
0x448404 GetClassNameA
0x448408 SetPropA
0x44840c GetPropA
0x448410 RemovePropA
0x448414 SendDlgItemMessageA
0x448418 SetFocus
0x44841c IsChild
0x448424 GetWindowTextA
0x448428 GetForegroundWindow
0x44842c GetTopWindow
0x448430 UnhookWindowsHookEx
0x448434 GetMessageTime
0x448438 MapWindowPoints
0x44843c TrackPopupMenu
0x448440 GetScrollPos
0x448444 SetForegroundWindow
0x448448 GetMenu
0x44844c GetSubMenu
0x448450 GetMenuItemID
0x448454 AdjustWindowRectEx
0x448458 GetClassInfoA
0x44845c RegisterClassA
0x448460 GetDlgCtrlID
0x448464 DefWindowProcA
0x448468 CallWindowProcA
0x44846c SetWindowLongA
0x448470 IntersectRect
0x448478 GetWindowPlacement
0x448480 MapDialogRect
0x448484 SetWindowPos
0x44848c wsprintfA
0x448490 DrawIcon
0x448494 AppendMenuA
0x448498 SendMessageA
0x44849c GetSystemMenu
0x4484a0 IsIconic
0x4484a4 GetClientRect
0x4484a8 EnableWindow
0x4484ac LoadIconA
0x4484b0 GetSystemMetrics
0x4484b4 CharUpperA
0x4484bc SetActiveWindow
0x4484c4 DestroyWindow
0x4484c8 IsWindow
0x4484cc GetDlgItem
0x4484d0 GetNextDlgTabItem
0x4484d4 EndDialog
0x4484d8 SetMenuItemBitmaps
0x4484dc ModifyMenuA
0x4484e0 GetMenuState
0x4484e4 EnableMenuItem
0x4484e8 CheckMenuItem
0x4484f0 LoadBitmapA
0x4484f4 SetWindowsHookExA
0x4484f8 CallNextHookEx
0x4484fc GetMessageA
0x448500 TranslateMessage
0x448504 DispatchMessageA
0x448508 GetActiveWindow
0x44850c IsWindowVisible
0x448510 PeekMessageA
0x448514 GetCursorPos
0x448518 ValidateRect
0x44851c MessageBoxA
0x448520 GetWindowLongA
0x448524 GetLastActivePopup
0x448528 IsWindowEnabled
0x44852c SetCursor
0x448530 PostQuitMessage
0x448534 DrawFocusRect
0x448538 MessageBeep
0x44853c GetScrollRange
0x448540 GetNextDlgGroupItem
0x448544 UnregisterClassA
0x448548 PostMessageA
0x44854c GetDC
0x448550 ReleaseDC
0x448554 UpdateWindow
0x448558 InvalidateRect
0x44855c GetWindow
0x448560 GetParent
0x448564 GetFocus
0x448568 PtInRect
0x44856c InflateRect
0x448570 OffsetRect
0x448574 FillRect
0x448578 GetWindowRect
0x44857c GetKeyState
0x448580 DrawTextA
0x448584 CreatePopupMenu
0x448588 GetMenuItemCount
0x44858c ScreenToClient
0x448590 OpenClipboard
0x448594 GetSysColor
0x448598 GetDesktopWindow
0x44859c GetMessagePos
0x4485a0 CloseClipboard
0x4485a4 SetClipboardData
0x4485a8 EmptyClipboard
0x4485ac CopyRect
0x4485b0 EqualRect
Library GDI32.dll:
0x448058 CreatePen
0x44805c CreateSolidBrush
0x448060 GetMapMode
0x448064 GetBkColor
0x448068 GetRgnBox
0x44806c GetStockObject
0x448070 DeleteDC
0x448074 ExtSelectClipRgn
0x448078 ScaleWindowExtEx
0x44807c SetWindowExtEx
0x448080 ScaleViewportExtEx
0x448084 SetViewportExtEx
0x448088 OffsetViewportOrgEx
0x44808c SetViewportOrgEx
0x448090 SelectObject
0x448094 Escape
0x448098 TextOutA
0x44809c RectVisible
0x4480a0 PtVisible
0x4480a4 GetWindowExtEx
0x4480a8 GetTextColor
0x4480b0 MoveToEx
0x4480b4 LineTo
0x4480b8 SetMapMode
0x4480bc RestoreDC
0x4480c0 SaveDC
0x4480c4 ExtTextOutA
0x4480c8 CopyMetaFileA
0x4480cc GetDeviceCaps
0x4480d0 SetBkColor
0x4480d4 SetTextColor
0x4480d8 GetClipBox
0x4480e0 CreateBitmap
0x4480e4 DeleteObject
0x4480e8 CreateFontIndirectA
0x4480ec CreateCompatibleDC
0x4480f4 GetCurrentObject
0x4480f8 GetObjectA
0x4480fc GetViewportExtEx
Library comdlg32.dll:
0x4485c8 GetFileTitleA
Library WINSPOOL.DRV:
0x4485b8 OpenPrinterA
0x4485bc DocumentPropertiesA
0x4485c0 ClosePrinter
Library ADVAPI32.dll:
0x448000 RegCloseKey
0x448004 RegOpenKeyExA
0x448008 RegDeleteKeyA
0x44800c RegEnumKeyA
0x448010 RegOpenKeyA
0x448014 RegQueryValueA
0x448018 RegCreateKeyExA
0x44801c RegSetValueExA
0x448020 RegDeleteValueA
0x448024 RegQueryValueExA
Library SHELL32.dll:
0x448378 ShellExecuteA
Library COMCTL32.dll:
0x448034 ImageList_AddMasked
0x448038 ImageList_Draw
0x448048 ImageList_Destroy
0x44804c ImageList_Create
0x448050
Library SHLWAPI.dll:
0x448380 PathFindFileNameA
0x448384 PathStripToRootA
0x448388 PathFindExtensionA
0x44838c PathIsUNCA
Library oledlg.dll:
0x44862c
Library ole32.dll:
0x4485d0 OleFlushClipboard
0x4485d8 DoDragDrop
0x4485dc RevokeDragDrop
0x4485e4 RegisterDragDrop
0x4485e8 OleDuplicateData
0x4485ec ReleaseStgMedium
0x4485f0 CoTaskMemAlloc
0x4485f4 CoGetClassObject
0x4485f8 CoTaskMemFree
0x4485fc CLSIDFromString
0x448600 CLSIDFromProgID
0x448604 OleInitialize
0x44860c OleUninitialize
0x448624 CoRevokeClassObject
Library OLEAUT32.dll:
0x448334 SysFreeString
0x44833c VarBstrFromDate
0x448340 VarUdateFromDate
0x448348 VarDateFromStr
0x44834c SysStringLen
0x448350 SysAllocStringLen
0x448354 VariantClear
0x448358 VariantChangeType
0x44835c VariantInit
0x448368 SafeArrayDestroy
0x44836c SysAllocString
0x448370 VariantCopy

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.