7.0
高危
54 个模型检测该样本为恶意!
重新分析
更多

1d553ea52f29fcc014b1b9849dcf45e4bec16f480bd2d71825800be012856802

7e19130efc9f099a18862b773a871d2c.exe

分析耗时

75s

最近分析

文件大小

300.0KB
静态报毒 动态报毒 100% AGEN AI SCORE=100 BANKERX BSCOPE CLASSIC CONFIDENCE DOWNLOADER34 ELDORADO EMOTET EPAZ FAMVT GENCIRC GENERICKDZ GENKRYPTIK HIGH CONFIDENCE HPGFRT KCLOUD KRYPTIK LOZAKAI MALWARE@#216TSQBP3HRO9 R + TROJ R346328 SCORE SGENERIC SUSGEN UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRI!7E19130EFC9F 20201211 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Alibaba Trojan:Win32/Emotet.28cea219 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:BankerX-gen [Trj] 20201210 21.1.5827.0
Kingsoft Win32.Hack.Undef.(kcloud) 20201211 2017.9.26.565
Tencent Malware.Win32.Gencirc.10cde4d4 20201211 1.0.0.1
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619649241.520598
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1619649225.723598
CryptGenKey
crypto_handle: 0x00616a78
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00613388
flags: 1
key: fËÐJ—·Xv aÒnéÎö
success 1 0
1619649241.535598
CryptExportKey
crypto_handle: 0x00616a78
crypto_export_handle: 0x006169b8
buffer: f¤_è€Ôó$ÉÝ«w”z‚æÛö¥TÐÊXöiUWFéL᠜x%=ŏ!gˆ3›GnÚ~ÅÜ98Nôlì¿sJxbSË£ø6w°è iš0Û´ÇÊî\u]ŠŸbPïÀƬ
blob_type: 1
flags: 64
success 1 0
1619649277.613598
CryptExportKey
crypto_handle: 0x00616a78
crypto_export_handle: 0x006169b8
buffer: f¤_ˆ½V·ñ(ûë~Íä­ó.Ò/“+:-›ooÔNˆs§d>ßìœDuYàù'ÔÑ~2‘5"º(ÅÇáVŠÖQؽ]V½Ñ Xw (%ý‰°¶yokÇÛ±07æ
blob_type: 1
flags: 64
success 1 0
1619649283.613598
CryptExportKey
crypto_handle: 0x00616a78
crypto_export_handle: 0x006169b8
buffer: f¤wåq!r«=î¨F®³¥ Š\†©OÖ$åG‚\ü‡Z°È°+Â[FxèÇåµoRè«Ö?Yn--›éHkB;¦…LçEËxÌq‹T¸Ò€¤Ã¢gþZIJ6
blob_type: 1
flags: 64
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619649225.098598
NtAllocateVirtualMemory
process_identifier: 912
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00590000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (3 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619649242.004598
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.14489614985422 section {'size_of_data': '0x0000d000', 'virtual_address': '0x00042000', 'entropy': 7.14489614985422, 'name': '.rsrc', 'virtual_size': '0x0000c908'} description A section with a high entropy has been found
Expresses interest in specific running processes (1 个事件)
process 7e19130efc9f099a18862b773a871d2c.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619649241.660598
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 172.217.24.14
host 179.60.229.168
host 185.94.252.13
host 189.218.165.63
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619649244.566598
RegSetValueExA
key_handle: 0x000003c8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619649244.566598
RegSetValueExA
key_handle: 0x000003c8
value: `ê4xk<×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619649244.566598
RegSetValueExA
key_handle: 0x000003c8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619649244.566598
RegSetValueExW
key_handle: 0x000003c8
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619649244.566598
RegSetValueExA
key_handle: 0x000003e0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619649244.566598
RegSetValueExA
key_handle: 0x000003e0
value: `ê4xk<×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619649244.566598
RegSetValueExA
key_handle: 0x000003e0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619649244.598598
RegSetValueExW
key_handle: 0x000003c4
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)
Bkav W32.FamVT.LozakaI.Trojan
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.69112
FireEye Trojan.GenericKDZ.69112
McAfee Emotet-FRI!7E19130EFC9F
Cylance Unsafe
Zillya Backdoor.Emotet.Win32.651
Sangfor Malware
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Trojan:Win32/Emotet.28cea219
K7GW Trojan ( 0056c5421 )
K7AntiVirus Trojan ( 0056c5421 )
Arcabit Trojan.Generic.D10DF8
Cyren W32/Emotet.AOC.gen!Eldorado
Symantec Trojan.Emotet
APEX Malicious
Avast Win32:BankerX-gen [Trj]
ClamAV Win.Keylogger.Emotet-9528738-0
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.pef
BitDefender Trojan.GenericKDZ.69112
NANO-Antivirus Trojan.Win32.Emotet.hpgfrt
Paloalto generic.ml
AegisLab Trojan.Multi.Generic.4!c
Rising Trojan.Kryptik!1.C89F (CLASSIC)
Ad-Aware Trojan.GenericKDZ.69112
Sophos Mal/Generic-R + Troj/Emotet-CKK
Comodo Malware@#216tsqbp3hro9
F-Secure Heuristic.HEUR/AGEN.1137702
DrWeb Trojan.DownLoader34.9808
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win32.Emotet.fh
Emsisoft Trojan.Emotet (A)
Jiangmin Backdoor.Emotet.ov
Avira HEUR/AGEN.1137702
Antiy-AVL Trojan/Win32.SGeneric
Kingsoft Win32.Hack.Undef.(kcloud)
Gridinsoft Trojan.Win32.Emotet.oa
Microsoft Trojan:Win32/Emotet.ARJ!MTB
ZoneAlarm HEUR:Trojan-Banker.Win32.Emotet.pef
GData Trojan.GenericKDZ.69112
Cynet Malicious (score: 90)
AhnLab-V3 Trojan/Win32.Emotet.R346328
ALYac Trojan.GenericKDZ.69112
MAX malware (ai score=100)
VBA32 BScope.Trojan.Downloader
Malwarebytes Trojan.MalPack.TRE
ESET-NOD32 Win32/Emotet.CD
Tencent Malware.Win32.Gencirc.10cde4d4
Ikarus Trojan-Banker.Emotet
MaxSecure Trojan.Malware.74690904.susgen
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 192.168.56.101:49177
dead_host 179.60.229.168:443
dead_host 185.94.252.13:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-29 16:52:01

Imports

Library SHLWAPI.dll:
0x4302e8 StrRetToStrA
Library KERNEL32.dll:
0x4300c4 HeapSize
0x4300c8 HeapReAlloc
0x4300d0 GetACP
0x4300d4 CompareStringA
0x4300d8 CompareStringW
0x4300f0 SetHandleCount
0x4300f4 GetStdHandle
0x4300f8 GetFileType
0x4300fc HeapDestroy
0x430100 HeapCreate
0x430104 VirtualFree
0x43010c LCMapStringA
0x430110 LCMapStringW
0x430114 VirtualAlloc
0x430118 IsBadWritePtr
0x43011c GetStringTypeA
0x430120 GetStringTypeW
0x430124 GetDriveTypeA
0x430128 Sleep
0x43012c IsBadReadPtr
0x430130 IsBadCodePtr
0x430134 SetStdHandle
0x43013c HeapFree
0x430140 HeapAlloc
0x430144 RaiseException
0x430148 GetProfileStringA
0x43014c InterlockedExchange
0x430150 GetTickCount
0x430154 GetFileAttributesA
0x430158 GetCurrentProcess
0x43015c SizeofResource
0x430160 GetProcAddress
0x430164 LoadLibraryExA
0x430168 LoadLibraryExW
0x43016c lstrlenA
0x430170 GetModuleHandleA
0x430174 lstrcpyA
0x430178 GlobalDeleteAtom
0x43017c GlobalFindAtomA
0x430180 GlobalAddAtomA
0x430184 lstrcmpiA
0x430188 GlobalGetAtomNameA
0x43018c GetCurrentThreadId
0x430190 lstrcatA
0x430194 GetVersion
0x430198 LockResource
0x43019c LoadResource
0x4301a0 FindResourceA
0x4301a4 FreeLibrary
0x4301a8 LoadLibraryA
0x4301b4 WideCharToMultiByte
0x4301b8 MultiByteToWideChar
0x4301bc LocalFree
0x4301c0 FormatMessageA
0x4301c4 lstrcpynA
0x4301c8 FindClose
0x4301cc SetLastError
0x4301d0 GetLastError
0x4301d4 FindFirstFileA
0x4301d8 FindNextFileA
0x4301dc lstrcmpA
0x4301e0 GetCurrentThread
0x4301e4 ExitProcess
0x4301e8 GetCommandLineA
0x4301ec GetStartupInfoA
0x4301f0 RtlUnwind
0x4301f4 GetFileTime
0x4301f8 GetFileSize
0x4301fc GlobalAlloc
0x430200 GlobalLock
0x430204 GetModuleFileNameA
0x430208 TerminateProcess
0x43020c CloseHandle
0x430210 GetFullPathNameA
0x430218 SetEndOfFile
0x43021c UnlockFile
0x430220 LockFile
0x430224 FlushFileBuffers
0x430228 SetFilePointer
0x43022c WriteFile
0x430230 ReadFile
0x430234 CreateFileA
0x430238 DuplicateHandle
0x43023c SetErrorMode
0x430240 GetThreadLocale
0x430254 GetOEMCP
0x430258 GetCPInfo
0x43025c GetProcessVersion
0x430260 TlsGetValue
0x430264 LocalReAlloc
0x430268 TlsSetValue
0x43026c GlobalReAlloc
0x430270 TlsFree
0x430274 GlobalHandle
0x430278 TlsAlloc
0x43027c LocalAlloc
0x430290 GlobalFlags
0x430294 MulDiv
0x430298 GlobalUnlock
0x43029c GlobalFree
Library USER32.dll:
0x4302f0 InvalidateRect
0x4302f4 CharUpperA
0x4302fc PostThreadMessageA
0x430300 MessageBeep
0x430304 GetNextDlgGroupItem
0x430308 SetRect
0x430310 CharNextA
0x430314 GetSysColorBrush
0x430318 LoadCursorA
0x43031c GetDesktopWindow
0x430320 PtInRect
0x430324 GetClassNameA
0x430328 InflateRect
0x43032c GrayStringA
0x430330 DrawTextA
0x430334 TabbedTextOutA
0x430338 EndPaint
0x43033c BeginPaint
0x430340 GetWindowDC
0x430344 ClientToScreen
0x430348 DestroyMenu
0x43034c LoadStringA
0x430350 MapDialogRect
0x430358 EndDialog
0x430360 GetMessageA
0x430364 TranslateMessage
0x430368 GetActiveWindow
0x43036c ValidateRect
0x430370 GetCursorPos
0x430374 PostQuitMessage
0x43037c LoadBitmapA
0x430380 GetMenuState
0x430384 ModifyMenuA
0x430388 SetMenuItemBitmaps
0x43038c CheckMenuItem
0x430390 EnableMenuItem
0x430394 GetNextDlgTabItem
0x430398 IsWindowEnabled
0x43039c ShowWindow
0x4303a0 MoveWindow
0x4303a4 SetWindowTextA
0x4303a8 IsDialogMessageA
0x4303ac PostMessageA
0x4303b0 UpdateWindow
0x4303b4 SendDlgItemMessageA
0x4303b8 MapWindowPoints
0x4303bc GetSysColor
0x4303c0 PeekMessageA
0x4303c4 DispatchMessageA
0x4303c8 GetFocus
0x4303cc SetActiveWindow
0x4303d0 SendMessageA
0x4303d4 GetParent
0x4303d8 EnableWindow
0x4303dc UnregisterClassA
0x4303e0 HideCaret
0x4303e4 ShowCaret
0x4303e8 ExcludeUpdateRgn
0x4303ec DrawFocusRect
0x4303f0 IsWindow
0x4303f4 SetFocus
0x4303f8 AdjustWindowRectEx
0x4303fc ScreenToClient
0x430400 IsWindowVisible
0x430404 GetTopWindow
0x430408 MessageBoxA
0x43040c IsChild
0x430410 GetCapture
0x430414 WinHelpA
0x430418 wsprintfA
0x43041c GetClassInfoA
0x430420 RegisterClassA
0x430424 GetMenu
0x430428 GetMenuItemCount
0x43042c GetSubMenu
0x430430 GetMenuItemID
0x430434 GetDlgItem
0x430438 DefDlgProcA
0x43043c IsWindowUnicode
0x430440 LoadIconA
0x430444 GetSystemMenu
0x430448 AppendMenuA
0x43044c DrawIcon
0x430450 GetClientRect
0x430454 GetSystemMetrics
0x430458 IsIconic
0x43045c ReleaseDC
0x430460 GetDC
0x430464 CopyRect
0x430468 GetWindowRect
0x43046c GetWindowPlacement
0x430474 IntersectRect
0x430478 OffsetRect
0x430480 SetWindowPos
0x430484 SetWindowLongA
0x430488 GetWindowLongA
0x43048c GetWindow
0x430490 SetForegroundWindow
0x430494 GetForegroundWindow
0x430498 GetLastActivePopup
0x43049c GetMessagePos
0x4304a0 GetMessageTime
0x4304a4 RemovePropA
0x4304a8 CallWindowProcA
0x4304ac GetPropA
0x4304b0 UnhookWindowsHookEx
0x4304b4 SetPropA
0x4304b8 GetClassLongA
0x4304bc CallNextHookEx
0x4304c0 SetWindowsHookExA
0x4304c8 GetWindowTextA
0x4304cc GetDlgCtrlID
0x4304d0 GetKeyState
0x4304d4 DefWindowProcA
0x4304d8 DestroyWindow
0x4304dc CreateWindowExA
0x4304e0 SetCursor
Library GDI32.dll:
0x430024 ScaleViewportExtEx
0x430028 SetWindowExtEx
0x43002c ScaleWindowExtEx
0x430030 IntersectClipRect
0x430034 DeleteObject
0x430038 SetViewportExtEx
0x43003c GetDeviceCaps
0x430040 GetViewportExtEx
0x430044 GetWindowExtEx
0x430048 CreateSolidBrush
0x43004c PtVisible
0x430050 RectVisible
0x430054 TextOutA
0x430058 ExtTextOutA
0x43005c Escape
0x430060 GetMapMode
0x430064 DPtoLP
0x430068 GetTextColor
0x43006c GetBkColor
0x430070 LPtoDP
0x430074 OffsetViewportOrgEx
0x430078 SetViewportOrgEx
0x43007c SetMapMode
0x430080 SetBkMode
0x430084 GetStockObject
0x430088 SelectObject
0x43008c RestoreDC
0x430090 SaveDC
0x430094 DeleteDC
0x430098 CreateBitmap
0x43009c GetObjectA
0x4300a0 SetBkColor
0x4300a4 SetTextColor
0x4300a8 GetClipBox
0x4300ac CreateDIBitmap
0x4300b0 GetTextExtentPointA
0x4300b4 BitBlt
0x4300b8 CreateCompatibleDC
0x4300bc PatBlt
Library comdlg32.dll:
0x4304f8 GetFileTitleA
Library WINSPOOL.DRV:
0x4304e8 ClosePrinter
0x4304ec DocumentPropertiesA
0x4304f0 OpenPrinterA
Library ADVAPI32.dll:
0x430000 RegCreateKeyExA
0x430004 RegOpenKeyExA
0x430008 RegSetValueExA
0x43000c RegCloseKey
Library SHELL32.dll:
0x4302d4 SHGetFileInfoA
0x4302d8 SHGetMalloc
0x4302e0 SHGetDesktopFolder
Library COMCTL32.dll:
0x430014 ImageList_Destroy
0x43001c
Library oledlg.dll:
0x430540
Library ole32.dll:
0x430500 OleUninitialize
0x430504 OleInitialize
0x430518 CoGetClassObject
0x43051c CoTaskMemAlloc
0x430520 CLSIDFromString
0x430524 CLSIDFromProgID
0x430528 CoTaskMemFree
0x430530 CoRevokeClassObject
0x430534 OleFlushClipboard
Library OLEPRO32.DLL:
0x4302cc
Library OLEAUT32.dll:
0x4302a4 VariantCopy
0x4302a8 VariantClear
0x4302ac VariantChangeType
0x4302b0 SysAllocStringLen
0x4302b4 SysFreeString
0x4302b8 SysAllocString
0x4302bc SysStringLen

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51809 239.255.255.250 3702
192.168.56.101 51811 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.