6.2
高危
40 个模型检测该样本为恶意!
重新分析
更多

cb31aa64d622af367e69b61866890c93debe845d7a719b7bd7fc2de765de08f3

804223b2ff7251869bbf77cd700b7870.exe

分析耗时

77s

最近分析

文件大小

176.1KB
静态报毒 动态报毒 1NF0C60 5D54D80UGXE AI SCORE=83 AIDETECTVM ATTRIBUTE CJQL ELDORADO EMOTET EVEX GENCIRC GENETIC HCEJ HIGH CONFIDENCE HIGHCONFIDENCE HRVUQO KRYPTIK MALWARE1 QVM07 R348890 SUSGEN WACATAC 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20200901 18.4.3895.0
Tencent Malware.Win32.Gencirc.10cde9e2 20200901 1.0.0.1
Kingsoft 20200901 2013.8.14.323
McAfee Emotet-FRV!804223B2FF72 20200901 6.0.6.653
CrowdStrike 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1620946632.662952
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1620946616.662952
CryptGenKey
crypto_handle: 0x008854c8
algorithm_identifier: 0x0000660e ()
provider_handle: 0x008849b8
flags: 1
key: f•RèãKq­æmZ¶©
success 1 0
1620946632.678952
CryptExportKey
crypto_handle: 0x008854c8
crypto_export_handle: 0x00885370
buffer: f¤èIÆS¤UÀ¯¯¿‹F§ðÇpb¼5m يÃǟÖ8|éw·tȋŠ×–<=Œj9f»Ì…Cznpùó˜Q»‡Œ”ó+Šñþeg*»Ð!P.*(cQ#Ïk
blob_type: 1
flags: 64
success 1 0
1620946667.553952
CryptExportKey
crypto_handle: 0x008854c8
crypto_export_handle: 0x00885370
buffer: f¤ 1S+þZçÑ‏ý´_öºoµ f[¥'9)÷1^ü÷?š½h“=¶È§…)¨,þØRp1 4½œEìJ¢öB͉4Ò. Šœªt0dIÔ¦vnéǏz
blob_type: 1
flags: 64
success 1 0
1620946672.615952
CryptExportKey
crypto_handle: 0x008854c8
crypto_export_handle: 0x00885370
buffer: f¤GÚ`Ró˾lU®­~ÛS±ä·WÚ­ Cù¦‚ c”•M1ý—´Ö©nF>•Ù쐓5–ø±mFî‡0ø;k9_|{6´ŸÎ~£²EôàÎ0‰¨˜ÃQªPÙ¼
blob_type: 1
flags: 64
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620946616.162952
NtAllocateVirtualMemory
process_identifier: 2976
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x021c0000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620946633.225952
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process 804223b2ff7251869bbf77cd700b7870.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1620946632.850952
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 116.202.234.183
host 172.217.24.14
host 69.30.203.214
host 70.121.172.89
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620946635.818952
RegSetValueExA
key_handle: 0x00000398
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620946635.818952
RegSetValueExA
key_handle: 0x00000398
value: Ð¬H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620946635.818952
RegSetValueExA
key_handle: 0x00000398
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620946635.818952
RegSetValueExW
key_handle: 0x00000398
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620946635.818952
RegSetValueExA
key_handle: 0x000003ac
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620946635.818952
RegSetValueExA
key_handle: 0x000003ac
value: Ð¬H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620946635.818952
RegSetValueExA
key_handle: 0x000003ac
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620946635.850952
RegSetValueExW
key_handle: 0x00000394
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 40 AntiVirus engines on VirusTotal as malicious (40 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Agent.EVEX
FireEye Trojan.Agent.EVEX
Qihoo-360 HEUR/QVM07.1.A467.Malware.Gen
ALYac Trojan.Agent.EVEX
Zillya Trojan.Emotet.Win32.24750
K7AntiVirus Riskware ( 0040eff71 )
K7GW Riskware ( 0040eff71 )
Arcabit Trojan.Agent.EVEX
Cyren W32/Emotet.AQM.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Trojan-gen
Kaspersky Backdoor.Win32.Emotet.cjql
BitDefender Trojan.Agent.EVEX
NANO-Antivirus Trojan.Win32.Emotet.hrvuqo
Tencent Malware.Win32.Gencirc.10cde9e2
Ad-Aware Trojan.Agent.EVEX
DrWeb Trojan.Emotet.999
Sophos Troj/Emotet-CLL
Jiangmin Backdoor.Emotet.sf
MAX malware (ai score=83)
Antiy-AVL Trojan/Win32.Emotet
Microsoft Trojan:Win32/Emotet.PED!MTB
ViRobot Trojan.Win32.Emotet.274432
ZoneAlarm Backdoor.Win32.Emotet.cjql
GData Win32.Trojan.PSE.1NF0C60
AhnLab-V3 Trojan/Win32.Emotet.R348890
McAfee Emotet-FRV!804223B2FF72
TACHYON Backdoor/W32.Emotet.180333
VBA32 Trojan.Wacatac
Malwarebytes Trojan.MalPack.TRE
ESET-NOD32 Win32/Emotet.CD
Rising Trojan.Kryptik!8.8 (TFE:5:5d54d80ugxE)
Ikarus Trojan-Banker.Emotet
Fortinet W32/Kryptik.HCEJ!tr
AVG Win32:Trojan-gen
Panda Trj/Genetic.gen
MaxSecure Trojan.Malware.105527967.susgen
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 192.168.56.101:49178
dead_host 70.121.172.89:80
dead_host 116.202.234.183:8080
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-20 05:06:25

Imports

Library VERSION.dll:
0x417038 GetFileVersionInfoA
0x41703c VerQueryValueA
Library MFC42.DLL:
0x4169ac
0x4169b0
0x4169b4
0x4169b8
0x4169bc
0x4169c0
0x4169c4
0x4169c8
0x4169cc
0x4169d0
0x4169d4
0x4169d8
0x4169dc
0x4169e0
0x4169e4
0x4169e8
0x4169ec
0x4169f0
0x4169f4
0x4169f8
0x4169fc
0x416a00
0x416a04
0x416a08
0x416a0c
0x416a10
0x416a14
0x416a18
0x416a1c
0x416a20
0x416a24
0x416a28
0x416a2c
0x416a30
0x416a34
0x416a38
0x416a3c
0x416a40
0x416a44
0x416a48
0x416a4c
0x416a50
0x416a54
0x416a58
0x416a5c
0x416a60
0x416a64
0x416a68
0x416a6c
0x416a70
0x416a74
0x416a78
0x416a7c
0x416a80
0x416a84
0x416a88
0x416a8c
0x416a90
0x416a94
0x416a98
0x416a9c
0x416aa0
0x416aa4
0x416aa8
0x416aac
0x416ab0
0x416ab4
0x416ab8
0x416abc
0x416ac0
0x416ac4
0x416ac8
0x416acc
0x416ad0
0x416ad4
0x416ad8
0x416adc
0x416ae0
0x416ae4
0x416ae8
0x416aec
0x416af0
0x416af4
0x416af8
0x416afc
0x416b00
0x416b04
0x416b08
0x416b0c
0x416b10
0x416b14
0x416b18
0x416b1c
0x416b20
0x416b24
0x416b28
0x416b2c
0x416b30
0x416b34
0x416b38
0x416b3c
0x416b40
0x416b44
0x416b48
0x416b4c
0x416b50
0x416b54
0x416b58
0x416b5c
0x416b60
0x416b64
0x416b68
0x416b6c
0x416b70
0x416b74
0x416b78
0x416b7c
0x416b80
0x416b84
0x416b88
0x416b8c
0x416b90
0x416b94
0x416b98
0x416b9c
0x416ba0
0x416ba4
0x416ba8
0x416bac
0x416bb0
0x416bb4
0x416bb8
0x416bbc
0x416bc0
0x416bc4
0x416bc8
0x416bcc
0x416bd0
0x416bd4
0x416bd8
0x416bdc
0x416be0
0x416be4
0x416be8
0x416bec
0x416bf0
0x416bf4
0x416bf8
0x416bfc
0x416c00
0x416c04
0x416c08
0x416c0c
0x416c10
0x416c14
0x416c18
0x416c1c
0x416c20
0x416c24
0x416c28
0x416c2c
0x416c30
0x416c34
0x416c38
0x416c3c
0x416c40
0x416c44
0x416c48
0x416c4c
0x416c50
0x416c54
0x416c58
0x416c5c
0x416c60
0x416c64
0x416c68
0x416c6c
0x416c70
0x416c74
0x416c78
0x416c7c
0x416c80
0x416c84
0x416c88
0x416c8c
0x416c90
0x416c94
0x416c98
0x416c9c
0x416ca0
0x416ca4
0x416ca8
0x416cac
0x416cb0
0x416cb4
0x416cb8
0x416cbc
0x416cc0
0x416cc4
0x416cc8
0x416ccc
0x416cd0
0x416cd4
0x416cd8
0x416cdc
0x416ce0
0x416ce4
0x416ce8
0x416cec
0x416cf0
0x416cf4
0x416cf8
0x416cfc
0x416d00
0x416d04
0x416d08
0x416d0c
0x416d10
0x416d14
0x416d18
0x416d1c
0x416d20
0x416d24
0x416d28
0x416d2c
0x416d30
0x416d34
0x416d38
0x416d3c
0x416d40
0x416d44
0x416d48
0x416d4c
0x416d50
0x416d54
Library MSVCRT.dll:
0x416e7c __p__commode
0x416e80 _adjust_fdiv
0x416e84 __setusermatherr
0x416e88 _initterm
0x416e8c __getmainargs
0x416e90 __p__fmode
0x416e94 exit
0x416e98 _XcptFilter
0x416e9c _exit
0x416ea4 _onexit
0x416ea8 __set_app_type
0x416eac _controlfp
0x416eb0 _acmdln
0x416eb4 _setmbcp
0x416eb8 __CxxFrameHandler
0x416ebc memcpy
0x416ec0 memset
0x416ec4 _wcslwr
0x416ec8 malloc
0x416ecc _mbscmp
0x416ed0 _mbsicmp
0x416ed4 abs
0x416ed8 _splitpath
0x416edc __dllonexit
0x416ee0 _except_handler3
Library KERNEL32.dll:
0x416948 GetStartupInfoA
0x41694c DeleteFileA
0x416950 lstrcatA
0x416954 CreateDirectoryA
0x416958 MultiByteToWideChar
0x41695c LoadLibraryA
0x416960 GetProcAddress
0x416964 GetModuleFileNameA
0x416968 MulDiv
0x41696c GetModuleHandleA
0x416970 lstrcpyA
0x416974 ExitProcess
Library USER32.dll:
0x416f58 GetWindow
0x416f5c PostMessageA
0x416f60 IsWindow
0x416f64 InvalidateRect
0x416f68 RedrawWindow
0x416f6c DrawTextExA
0x416f70 GetSysColor
0x416f74 GetCursorPos
0x416f78 PtInRect
0x416f7c InflateRect
0x416f80 LoadMenuA
0x416f84 ScreenToClient
0x416f88 KillTimer
0x416f8c GetParent
0x416f90 SetTimer
0x416f94 GetSysColorBrush
0x416f98 LoadCursorA
0x416f9c SetCursor
0x416fa0 GetSubMenu
0x416fa4 GetMenuItemID
0x416fa8 GetMenuItemCount
0x416fac OffsetRect
0x416fb0 UnregisterHotKey
0x416fb4 GetWindowRect
0x416fb8 LoadIconA
0x416fbc RegisterHotKey
0x416fc0 SendMessageA
0x416fc4 SetForegroundWindow
0x416fc8 GetClientRect
0x416fcc WinHelpA
0x416fd0 GetMenu
0x416fd4 IsWindowVisible
0x416fd8 GetDlgItem
0x416fdc EnumWindows
0x416fe0 EnableWindow
0x416fe4 wsprintfA
0x416fe8 GetForegroundWindow
Library GDI32.dll:
0x4168f4 GetObjectA
0x4168f8 GetStockObject
0x416900 BitBlt
0x416904 Polygon
0x416908 CreateCompatibleDC
0x416910 CreateFontA
0x416914 CreateFontIndirectA
Library SHELL32.dll:
0x416f24 ShellExecuteA
0x416f28 Shell_NotifyIconA
Library COMCTL32.dll:
0x4168c0
Library ole32.dll:
0x41706c CoUninitialize
0x417070 CoCreateInstance
0x417074 CoInitialize
Library MSVCP60.dll:

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.