6.6
高危
59 个模型检测该样本为恶意!
重新分析
更多

23c0020ade9c7ce6a98d79b62852513209940a11e36554cdebccc29e679ba4e9

81ff0797553d101cf21fce3bfa2c1fd5.exe

分析耗时

89s

最近分析

文件大小

416.0KB
静态报毒 动态报毒 100% AI SCORE=100 AIDETECTGBM ATRAPS ATTRIBUTE CJQV CLOUD CONFIDENCE CRYPTERX DOWNLOADER34 ELDORADO EMOTET GENCIRC GENERICKDZ GENETIC GENKRYPTIK HGIASOOA HIGH CONFIDENCE HIGHCONFIDENCE HRYMAJ KCLOUD KRYPTIK MALWARE@#36M5ID2ZNYLAG MX1HRRQZZOK OILCC R + TROJ R348785 SCORE SUSGEN TRTO UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Emotet.11a938c0 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20210203 1.0
Baidu 20190318 1.0.0.2
Avast Win32:CrypterX-gen [Trj] 20210223 21.1.5827.0
Tencent Malware.Win32.Gencirc.10cdeb5f 20210223 1.0.0.1
Kingsoft Win32.Hack.Emotet.cj.(kcloud) 20210223 2017.9.26.565
McAfee Emotet-FRV!81FF0797553D 20210223 6.0.6.653
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619685991.937875
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (5 个事件)
Time & API Arguments Status Return Repeated
1619685981.999875
CryptGenKey
crypto_handle: 0x002c7398
algorithm_identifier: 0x0000660e ()
provider_handle: 0x002c69b0
flags: 1
key: fR^ÃÊï#D‘n­YÎ
success 1 0
1619685992.374875
CryptExportKey
crypto_handle: 0x002c7398
crypto_export_handle: 0x002c6a78
buffer: f¤UÎÔêòýCÛä[uI#¶E·\É0Û\5¢¬G…†*J¹ÁenJ¥HÕ÷7KqÎŽ¼ø² ‡nY:ÿÕ èkëaåA[/lŽ†u‡ßKJXÈqXñ3ããgb©É*åö¬
blob_type: 1
flags: 64
success 1 0
1619686020.749875
CryptExportKey
crypto_handle: 0x002c7398
crypto_export_handle: 0x002c6a78
buffer: f¤ªÈžhc‚„¥Ö}“MãÛDЩόz–X?úΣ7êö*Ü[—ˆÚ䁂ø«µ.!x²LÞX’,€ÕåšÆ黄‚æ,»=íÂÜ œPê`ðT·{ ´}W ÏÀۇóiÜzp
blob_type: 1
flags: 64
success 1 0
1619686038.499875
CryptExportKey
crypto_handle: 0x002c7398
crypto_export_handle: 0x002c6a78
buffer: f¤AýIZXøē”ì%ˆí2öI¼ÎËÖ›ñ^ƒëœÖ ¤WRgýòý¬íÉÍÄÕ1e nÊ~…x¯Þß³Ëäë.rc(½—èŠë¤äÛa×P~õMSÔÜI®t¶`4
blob_type: 1
flags: 64
success 1 0
1619686043.874875
CryptExportKey
crypto_handle: 0x002c7398
crypto_export_handle: 0x002c6a78
buffer: f¤@½Ýq‡›ÂxÝ^š¶øöښÝ™F@IYðYÍt¨° biÇZ¦®ºì=ƒš”ʧI>,K%Y‹Il?Eüôh©Sê©íç2Ó7 ª»ESTS÷ 幓¨›½Ê/dä4
blob_type: 1
flags: 64
success 1 0
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619685981.265875
NtAllocateVirtualMemory
process_identifier: 2996
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01ec0000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (3 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619685993.171875
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process 81ff0797553d101cf21fce3bfa2c1fd5.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619685992.890875
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (5 个事件)
host 172.217.24.14
host 173.94.215.84
host 178.128.14.92
host 60.125.114.64
host 85.25.207.108
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619685997.390875
RegSetValueExA
key_handle: 0x000003c0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619685997.390875
RegSetValueExA
key_handle: 0x000003c0
value: €OÇïÛ<×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619685997.390875
RegSetValueExA
key_handle: 0x000003c0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619685997.390875
RegSetValueExW
key_handle: 0x000003c0
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619685997.390875
RegSetValueExA
key_handle: 0x000003d8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619685997.390875
RegSetValueExA
key_handle: 0x000003d8
value: €OÇïÛ<×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619685997.390875
RegSetValueExA
key_handle: 0x000003d8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619685997.390875
RegSetValueExW
key_handle: 0x000003bc
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)
Bkav W32.AIDetectGBM.malware.02
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.69601
FireEye Generic.mg.81ff0797553d101c
ALYac Trojan.GenericKDZ.69601
Cylance Unsafe
Zillya Trojan.Emotet.Win32.24754
Sangfor Trojan.Win32.Emotet.ARJ
K7AntiVirus Trojan ( 0056cef21 )
Alibaba Trojan:Win32/Emotet.11a938c0
K7GW Trojan ( 0056cef21 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Generic.D10FE1
Cyren W32/Emotet.AQN.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:CrypterX-gen [Trj]
ClamAV Win.Packed.Atraps-9427203-0
Kaspersky Backdoor.Win32.Emotet.cjqv
BitDefender Trojan.GenericKDZ.69601
NANO-Antivirus Trojan.Win32.Emotet.hrymaj
Paloalto generic.ml
AegisLab Trojan.Win32.Emotet.trto
Tencent Malware.Win32.Gencirc.10cdeb5f
Ad-Aware Trojan.GenericKDZ.69601
TACHYON Backdoor/W32.Emotet.425984
Sophos Mal/Generic-R + Troj/Emotet-CLM
Comodo Malware@#36m5id2znylag
F-Secure Trojan.TR/AD.Emotet.oilcc
DrWeb Trojan.DownLoader34.26243
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win32.Emotet.gh
Emsisoft Trojan.Emotet (A)
Ikarus Trojan-Banker.Emotet
Jiangmin Backdoor.Emotet.rw
eGambit Generic.Malware
Avira TR/AD.Emotet.oilcc
Antiy-AVL Trojan[Backdoor]/Win32.Emotet
Kingsoft Win32.Hack.Emotet.cj.(kcloud)
Gridinsoft Trojan.Win32.Emotet.oa
Microsoft Trojan:Win32/Emotet.ARJ!MTB
ViRobot Trojan.Win32.Emotet.421888.E
ZoneAlarm Backdoor.Win32.Emotet.cjqv
GData Trojan.GenericKDZ.69601
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Emotet.R348785
McAfee Emotet-FRV!81FF0797553D
MAX malware (ai score=100)
VBA32 Backdoor.Emotet
Malwarebytes Trojan.MalPack.TRE.Generic
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (8 个事件)
dead_host 85.25.207.108:8080
dead_host 60.125.114.64:443
dead_host 172.217.160.110:443
dead_host 172.217.24.14:443
dead_host 192.168.56.101:49188
dead_host 173.94.215.84:80
dead_host 178.128.14.92:8080
dead_host 192.168.56.101:49186
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-21 00:10:41

Imports

Library KERNEL32.dll:
0x4360ac GetFileAttributesA
0x4360b0 GetFileTime
0x4360b4 HeapFree
0x4360b8 HeapAlloc
0x4360bc VirtualProtect
0x4360c0 VirtualAlloc
0x4360c4 GetSystemInfo
0x4360c8 VirtualQuery
0x4360cc HeapReAlloc
0x4360d0 GetCommandLineA
0x4360d4 GetProcessHeap
0x4360d8 GetStartupInfoA
0x4360dc RaiseException
0x4360e0 RtlUnwind
0x4360e4 HeapSize
0x4360e8 TerminateProcess
0x4360f4 IsDebuggerPresent
0x4360f8 HeapDestroy
0x4360fc HeapCreate
0x436100 VirtualFree
0x436104 GetStdHandle
0x436108 Sleep
0x43610c LCMapStringA
0x436110 LCMapStringW
0x436124 SetHandleCount
0x436128 GetFileType
0x436134 GetStringTypeA
0x436138 GetStringTypeW
0x436140 GetConsoleCP
0x436144 GetConsoleMode
0x436148 SetStdHandle
0x43614c WriteConsoleA
0x436150 GetConsoleOutputCP
0x436154 WriteConsoleW
0x436160 GetTickCount
0x436164 SetErrorMode
0x43616c GetOEMCP
0x436170 GetCPInfo
0x436174 CreateFileA
0x436178 GetFullPathNameA
0x436180 FindFirstFileA
0x436184 FindClose
0x436188 GetCurrentProcess
0x43618c DuplicateHandle
0x436190 GetFileSize
0x436194 SetEndOfFile
0x436198 UnlockFile
0x43619c LockFile
0x4361a0 FlushFileBuffers
0x4361a4 SetFilePointer
0x4361a8 WriteFile
0x4361ac ReadFile
0x4361b0 GetThreadLocale
0x4361b4 GlobalFlags
0x4361c0 TlsFree
0x4361c8 LocalReAlloc
0x4361cc TlsSetValue
0x4361d0 TlsAlloc
0x4361d8 GlobalHandle
0x4361dc GlobalReAlloc
0x4361e4 TlsGetValue
0x4361ec LocalAlloc
0x4361f4 GetModuleFileNameW
0x4361f8 GlobalGetAtomNameA
0x4361fc GlobalFindAtomA
0x436200 lstrcmpW
0x436204 GetVersionExA
0x436208 GetCurrentProcessId
0x43620c GlobalAddAtomA
0x436210 CloseHandle
0x436214 FreeResource
0x436218 GetCurrentThread
0x43621c GetCurrentThreadId
0x436224 GetModuleFileNameA
0x43622c GetLocaleInfoA
0x436230 LoadLibraryA
0x436234 lstrcmpA
0x436238 FreeLibrary
0x43623c GlobalDeleteAtom
0x436240 GetModuleHandleA
0x436244 GetProcAddress
0x436248 GlobalFree
0x43624c GlobalAlloc
0x436250 GlobalLock
0x436254 GlobalUnlock
0x436258 FormatMessageA
0x43625c LocalFree
0x436260 MulDiv
0x436264 ExitProcess
0x436268 FindResourceA
0x43626c LoadResource
0x436270 LockResource
0x436274 SizeofResource
0x436278 SetLastError
0x43627c GetVersion
0x436280 CompareStringA
0x436284 GetLastError
0x436288 InterlockedExchange
0x43628c MultiByteToWideChar
0x436290 CompareStringW
0x436294 WideCharToMultiByte
0x436298 lstrlenA
0x43629c GetACP
Library USER32.dll:
0x4362f0 UnregisterClassA
0x4362f8 PostThreadMessageA
0x4362fc SetCapture
0x436300 LoadCursorA
0x436304 GetSysColorBrush
0x436308 MoveWindow
0x43630c SetWindowTextA
0x436310 IsDialogMessageA
0x436314 IsDlgButtonChecked
0x436318 CheckRadioButton
0x43631c EndPaint
0x436320 BeginPaint
0x436324 GetWindowDC
0x436328 ReleaseDC
0x43632c GetDC
0x436330 ClientToScreen
0x436334 GrayStringA
0x436338 DrawTextExA
0x43633c DrawTextA
0x436340 TabbedTextOutA
0x436344 DestroyMenu
0x43634c SendDlgItemMessageA
0x436350 WinHelpA
0x436354 IsChild
0x436358 GetCapture
0x43635c GetClassLongA
0x436360 GetClassNameA
0x436364 SetPropA
0x436368 RemovePropA
0x43636c SetFocus
0x436374 GetWindowTextA
0x436378 GetForegroundWindow
0x43637c MessageBeep
0x436380 GetTopWindow
0x436384 UnhookWindowsHookEx
0x436388 GetMessageTime
0x43638c GetMessagePos
0x436390 MapWindowPoints
0x436394 SetForegroundWindow
0x436398 UpdateWindow
0x43639c GetMenu
0x4363a0 CreateWindowExA
0x4363a4 GetClassInfoExA
0x4363a8 GetClassInfoA
0x4363ac RegisterClassA
0x4363b0 GetSysColor
0x4363b4 AdjustWindowRectEx
0x4363b8 EqualRect
0x4363bc CopyRect
0x4363c0 PtInRect
0x4363c4 GetDlgCtrlID
0x4363c8 DefWindowProcA
0x4363cc CallWindowProcA
0x4363d0 SetWindowLongA
0x4363d4 OffsetRect
0x4363d8 IntersectRect
0x4363e0 GetWindowPlacement
0x4363e4 GetWindowRect
0x4363ec GetLastActivePopup
0x4363f0 MessageBoxA
0x4363f4 SetCursor
0x4363f8 SetWindowsHookExA
0x4363fc CallNextHookEx
0x436400 GetMessageA
0x436404 CharUpperA
0x436408 LoadIconA
0x43640c ShowWindow
0x436410 TranslateMessage
0x436414 DispatchMessageA
0x436418 IsWindowVisible
0x43641c GetKeyState
0x436420 PeekMessageA
0x436424 GetCursorPos
0x436428 ValidateRect
0x43642c SetMenuItemBitmaps
0x436434 LoadBitmapA
0x436438 GetFocus
0x43643c ModifyMenuA
0x436440 EnableMenuItem
0x436444 GetNextDlgGroupItem
0x436448 InvalidateRgn
0x43644c InvalidateRect
0x436450 SetRect
0x436454 IsRectEmpty
0x43645c CharNextA
0x436460 ReleaseCapture
0x436464 GetSystemMenu
0x436468 AppendMenuA
0x43646c IsIconic
0x436470 GetSystemMetrics
0x436474 GetClientRect
0x436478 DrawIcon
0x43647c SendMessageA
0x436480 EnableWindow
0x436484 GetSubMenu
0x436488 GetMenuItemCount
0x43648c GetMenuItemID
0x436490 GetMenuState
0x436494 PostMessageA
0x436498 PostQuitMessage
0x43649c SetWindowPos
0x4364a0 MapDialogRect
0x4364a4 GetParent
0x4364ac GetWindow
0x4364b0 EndDialog
0x4364b4 GetNextDlgTabItem
0x4364b8 IsWindowEnabled
0x4364bc GetDlgItem
0x4364c0 GetWindowLongA
0x4364c4 IsWindow
0x4364c8 DestroyWindow
0x4364d0 SetActiveWindow
0x4364d4 GetActiveWindow
0x4364d8 GetDesktopWindow
0x4364dc CheckMenuItem
0x4364e0 GetPropA
Library GDI32.dll:
0x436028 SetWindowExtEx
0x43602c ScaleWindowExtEx
0x436030 ExtSelectClipRgn
0x436034 DeleteDC
0x436038 GetStockObject
0x43603c GetBkColor
0x436040 GetTextColor
0x436048 GetRgnBox
0x43604c GetMapMode
0x436050 ScaleViewportExtEx
0x436054 SetViewportExtEx
0x436058 OffsetViewportOrgEx
0x43605c SetViewportOrgEx
0x436060 SelectObject
0x436064 Escape
0x436068 TextOutA
0x43606c RectVisible
0x436070 PtVisible
0x436074 GetDeviceCaps
0x436078 GetViewportExtEx
0x43607c DeleteObject
0x436080 SetMapMode
0x436084 RestoreDC
0x436088 SaveDC
0x43608c ExtTextOutA
0x436090 GetObjectA
0x436094 SetBkColor
0x436098 SetTextColor
0x43609c GetClipBox
0x4360a0 CreateBitmap
0x4360a4 GetWindowExtEx
Library comdlg32.dll:
0x4364f8 GetFileTitleA
Library WINSPOOL.DRV:
0x4364e8 DocumentPropertiesA
0x4364ec OpenPrinterA
0x4364f0 ClosePrinter
Library ADVAPI32.dll:
0x436000 RegSetValueExA
0x436004 RegCreateKeyExA
0x436008 RegQueryValueA
0x43600c RegEnumKeyA
0x436010 RegDeleteKeyA
0x436014 RegOpenKeyExA
0x436018 RegQueryValueExA
0x43601c RegOpenKeyA
0x436020 RegCloseKey
Library SHLWAPI.dll:
0x4362dc PathFindFileNameA
0x4362e0 PathStripToRootA
0x4362e4 PathFindExtensionA
0x4362e8 PathIsUNCA
Library oledlg.dll:
0x436540
Library ole32.dll:
0x436500 OleInitialize
0x436508 OleUninitialize
0x436518 CoGetClassObject
0x43651c CLSIDFromString
0x436520 CoRevokeClassObject
0x436524 CoTaskMemAlloc
0x436528 CoTaskMemFree
0x436530 OleFlushClipboard
0x436538 CLSIDFromProgID
Library OLEAUT32.dll:
0x4362a4 SysAllocStringLen
0x4362a8 VariantClear
0x4362ac VariantChangeType
0x4362b0 VariantInit
0x4362b4 SysStringLen
0x4362c8 SafeArrayDestroy
0x4362cc SysAllocString
0x4362d0 VariantCopy
0x4362d4 SysFreeString

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60221 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.