6.2
高危
47 个模型检测该样本为恶意!
重新分析
更多

e8bfedf9966667a2728db26326da9f3e6884bd4ead23a63bd4ebd8b62cb51080

85c492c20db3afb3c30023a7779216c3.exe

分析耗时

87s

最近分析

文件大小

588.0KB
静态报毒 动态报毒 AI SCORE=89 AIDETECTVM ATTRIBUTE CLASSIC ELDORADO EMOTET EUYU GENCIRC GENETIC HIGH CONFIDENCE HIGHCONFIDENCE HSNTER KRYPTIK MALWARE2 MALWARE@#1R9Q55E70QRG5 PAUN7Z4A0WI QVM41 R + TROJ R002C0DHE20 R347812 SCORE SMTHH UDTZG UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRV!85C492C20DB3 20201023 6.0.6.653
Alibaba Trojan:Win32/Emotet.f7ef4889 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Kingsoft 20201023 2013.8.14.323
Tencent Malware.Win32.Gencirc.10cde85f 20201023 1.0.0.1
CrowdStrike 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619718898.93025
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1619718883.13325
CryptGenKey
crypto_handle: 0x009037f0
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00905ad0
flags: 1
key: fëà\›îÖårÈؘÐߍž
success 1 0
1619718898.96125
CryptExportKey
crypto_handle: 0x009037f0
crypto_export_handle: 0x00903770
buffer: f¤*¯:ØÍî~p  ôõ!ý(lçÊ)Zäg—¡¯›OoHœtƒæ4z"¶êï…wb_ Yð»U ‚:¿Å-ô§°~˜Þ®Ö /á/Û+_½D6^²|¥C±GíaP
blob_type: 1
flags: 64
success 1 0
1619718926.77325
CryptExportKey
crypto_handle: 0x009037f0
crypto_export_handle: 0x00903770
buffer: f¤ E¤qP`IJZMÛAà³] N«uÒdžëÙÐ#vUœj©0ô.ÞÉ£èW/Z…ÿ ¢©n,bÓ°®~-4‚Ó¨FFaí`³ÔG;iÕ9½X›Ç¾Îí¥‹
blob_type: 1
flags: 64
success 1 0
This executable has a PDB path (1 个事件)
pdb_path c:\Users\Mr.Anderson\Desktop\2005\13.8.20\cgridlistctrlex-master\vs2003\Release\CGridListCtrlEx.pdb
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619718882.35125
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00630000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619718899.47625
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process 85c492c20db3afb3c30023a7779216c3.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619718899.22625
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 159.203.232.29
host 172.217.24.14
host 66.61.94.36
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619718902.03925
RegSetValueExA
key_handle: 0x000003c0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619718902.03925
RegSetValueExA
key_handle: 0x000003c0
value: `¡=×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619718902.03925
RegSetValueExA
key_handle: 0x000003c0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619718902.05525
RegSetValueExW
key_handle: 0x000003c0
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619718902.05525
RegSetValueExA
key_handle: 0x000003d8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619718902.05525
RegSetValueExA
key_handle: 0x000003d8
value: `¡=×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619718902.05525
RegSetValueExA
key_handle: 0x000003d8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619718902.05525
RegSetValueExW
key_handle: 0x000003bc
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 47 AntiVirus engines on VirusTotal as malicious (47 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
DrWeb Trojan.Emotet.1000
MicroWorld-eScan Trojan.Agent.EUYU
FireEye Trojan.Agent.EUYU
McAfee Emotet-FRV!85C492C20DB3
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
K7AntiVirus Trojan ( 005600261 )
Alibaba Trojan:Win32/Emotet.f7ef4889
K7GW Trojan ( 005600261 )
Invincea Mal/Generic-R + Troj/Emotet-CLA
Cyren W32/Emotet.APQ.gen!Eldorado
Symantec ML.Attribute.HighConfidence
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMTHH.hp
ClamAV Win.Malware.Emotet-9371541-0
Kaspersky HEUR:Backdoor.Win32.Emotet.vho
BitDefender Trojan.Agent.EUYU
NANO-Antivirus Trojan.Win32.Emotet.hsnter
Rising Trojan.Kryptik!1.CAB2 (CLASSIC)
Ad-Aware Trojan.Agent.EUYU
Emsisoft Trojan.Emotet (A)
Comodo Malware@#1r9q55e70qrg5
TrendMicro TROJ_GEN.R002C0DHE20
McAfee-GW-Edition BehavesLike.Win32.Emotet.hh
Sophos Troj/Emotet-CLA
Ikarus Trojan-Banker.Emotet
Jiangmin Backdoor.Emotet.qu
Avira TR/AD.Emotet.udtzg
Antiy-AVL Trojan[Backdoor]/Win32.Emotet
Microsoft Trojan:Win32/Emotet.ARJ!MTB
ZoneAlarm HEUR:Backdoor.Win32.Emotet.vho
GData Trojan.Agent.EUYU
Cynet Malicious (score: 90)
AhnLab-V3 Trojan/Win32.Emotet.R347812
ALYac Trojan.Agent.Emotet
TACHYON Trojan/W32.Emotet.602112
Malwarebytes Trojan.MalPack.TRE
APEX Malicious
ESET-NOD32 Win32/Emotet.CD
Tencent Malware.Win32.Gencirc.10cde85f
Yandex Trojan.Emotet!pAun7Z4a0WI
MAX malware (ai score=89)
Fortinet W32/Emotet.6DC5!tr
AVG Win32:Malware-gen
Panda Trj/Genetic.gen
Qihoo-360 Generic/HEUR/QVM41.2.3987.Malware.Gen
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (4 个事件)
dead_host 172.217.24.14:443
dead_host 66.61.94.36:80
dead_host 172.217.27.142:443
dead_host 159.203.232.29:8080
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-14 00:30:01

Imports

Library KERNEL32.dll:
0x4580e0 SetErrorMode
0x4580e4 GetFileAttributesA
0x4580e8 GetFileTime
0x4580ec RtlUnwind
0x4580f0 TerminateProcess
0x4580fc IsDebuggerPresent
0x458100 GetTimeFormatA
0x458104 GetDateFormatA
0x458108 HeapAlloc
0x45810c HeapFree
0x458110 HeapReAlloc
0x458114 VirtualProtect
0x458118 VirtualAlloc
0x45811c GetSystemInfo
0x458120 VirtualQuery
0x458128 GetCommandLineA
0x45812c GetProcessHeap
0x458130 GetStartupInfoA
0x458134 HeapSize
0x458138 GetACP
0x458140 LCMapStringW
0x458148 VirtualFree
0x45814c HeapDestroy
0x458150 HeapCreate
0x458154 GetStdHandle
0x458158 GetStringTypeA
0x45815c GetStringTypeW
0x458170 SetHandleCount
0x458174 GetFileType
0x45817c GetUserDefaultLCID
0x458180 EnumSystemLocalesA
0x458184 IsValidLocale
0x458188 IsValidCodePage
0x45818c GetConsoleCP
0x458190 GetConsoleMode
0x458194 GetLocaleInfoW
0x458198 SetStdHandle
0x45819c WriteConsoleA
0x4581a0 GetConsoleOutputCP
0x4581a4 WriteConsoleW
0x4581ac GetOEMCP
0x4581b0 GetCPInfo
0x4581b4 CreateFileA
0x4581b8 GetFullPathNameA
0x4581c0 FindFirstFileA
0x4581c4 FindClose
0x4581c8 GetCurrentProcess
0x4581cc DuplicateHandle
0x4581d0 GetThreadLocale
0x4581d4 GetFileSize
0x4581d8 SetEndOfFile
0x4581dc UnlockFile
0x4581e0 LockFile
0x4581e4 FlushFileBuffers
0x4581e8 SetFilePointer
0x4581ec WriteFile
0x4581f0 ReadFile
0x4581f8 TlsFree
0x458200 LocalReAlloc
0x458204 TlsSetValue
0x458208 TlsAlloc
0x458210 GlobalHandle
0x458214 GlobalReAlloc
0x45821c TlsGetValue
0x458224 LocalAlloc
0x458228 GlobalFlags
0x45822c GetProfileIntA
0x458238 GetModuleFileNameW
0x45823c CopyFileA
0x458240 GlobalSize
0x458244 FormatMessageA
0x458248 LocalFree
0x45824c MulDiv
0x458250 GlobalGetAtomNameA
0x458254 GlobalFindAtomA
0x458258 lstrcmpW
0x45825c GetVersionExA
0x458260 GetTickCount
0x45826c FreeResource
0x458270 GetCurrentProcessId
0x458274 GlobalAddAtomA
0x458278 CloseHandle
0x45827c GetCurrentThread
0x458280 GetCurrentThreadId
0x458288 GetModuleFileNameA
0x458290 GetLocaleInfoA
0x458294 lstrcmpA
0x458298 GlobalDeleteAtom
0x45829c GlobalAlloc
0x4582a0 GlobalLock
0x4582a4 GlobalUnlock
0x4582a8 GlobalFree
0x4582ac lstrcpynA
0x4582b0 Sleep
0x4582b4 FreeLibrary
0x4582b8 VerSetConditionMask
0x4582bc VerifyVersionInfoA
0x4582c0 DebugBreak
0x4582c4 RaiseException
0x4582c8 lstrlenA
0x4582cc CompareStringW
0x4582d0 CompareStringA
0x4582d4 lstrlenW
0x4582d8 GetVersion
0x4582dc MultiByteToWideChar
0x4582e0 InterlockedExchange
0x4582e4 ExitProcess
0x4582e8 GetLastError
0x4582ec SetLastError
0x4582f0 GetProcAddress
0x4582f4 GetModuleHandleA
0x4582f8 LoadLibraryA
0x4582fc WideCharToMultiByte
0x458300 FindResourceA
0x458304 LoadResource
0x458308 LockResource
0x45830c LCMapStringA
0x458310 SizeofResource
Library USER32.dll:
0x458378 CharNextA
0x458380 InvalidateRgn
0x458384 GetNextDlgGroupItem
0x458388 MessageBeep
0x45838c UnregisterClassA
0x458390 EndPaint
0x458394 BeginPaint
0x458398 GetWindowDC
0x45839c ClientToScreen
0x4583a0 GrayStringA
0x4583a4 DrawTextExA
0x4583a8 TabbedTextOutA
0x4583ac DestroyMenu
0x4583b0 ShowWindow
0x4583b4 MoveWindow
0x4583b8 SetWindowTextA
0x4583bc IsDialogMessageA
0x4583c4 SendDlgItemMessageA
0x4583c8 WinHelpA
0x4583cc IsChild
0x4583d0 GetCapture
0x4583d4 GetClassLongA
0x4583d8 GetClassNameA
0x4583dc SetPropA
0x4583e0 GetPropA
0x4583e4 RemovePropA
0x4583e8 SetFocus
0x4583f0 GetWindowTextA
0x4583f4 GetTopWindow
0x4583f8 UnhookWindowsHookEx
0x4583fc GetMessageTime
0x458400 MapWindowPoints
0x458404 PostThreadMessageA
0x458408 GetScrollRange
0x45840c GetScrollPos
0x458410 SetForegroundWindow
0x458414 GetMenu
0x458418 GetSubMenu
0x45841c GetMenuItemID
0x458420 CreateWindowExA
0x458424 GetClassInfoExA
0x458428 GetClassInfoA
0x45842c RegisterClassA
0x458430 AdjustWindowRectEx
0x458434 GetDlgCtrlID
0x458438 DefWindowProcA
0x45843c CallWindowProcA
0x458440 SetWindowLongA
0x458444 IntersectRect
0x45844c GetWindowPlacement
0x458454 MapDialogRect
0x458458 SetWindowPos
0x458460 SetActiveWindow
0x458468 DestroyWindow
0x45846c IsWindow
0x458470 GetDlgItem
0x458474 GetNextDlgTabItem
0x458478 EndDialog
0x458480 GetWindowLongA
0x458484 GetLastActivePopup
0x458488 IsWindowEnabled
0x45848c MessageBoxA
0x458490 SetCursor
0x458494 SetWindowsHookExA
0x458498 DrawIcon
0x45849c AppendMenuA
0x4584a0 SendMessageA
0x4584a4 GetSystemMenu
0x4584a8 IsIconic
0x4584ac GetClientRect
0x4584b0 CallNextHookEx
0x4584b4 GetMessageA
0x4584b8 TranslateMessage
0x4584bc DispatchMessageA
0x4584c0 GetActiveWindow
0x4584c4 IsWindowVisible
0x4584c8 PeekMessageA
0x4584cc GetCursorPos
0x4584d0 ValidateRect
0x4584d4 SetMenuItemBitmaps
0x4584dc LoadBitmapA
0x4584e0 ModifyMenuA
0x4584e4 GetMenuState
0x4584e8 EnableMenuItem
0x4584ec GetSysColorBrush
0x4584f0 LoadCursorA
0x4584f4 CheckMenuItem
0x4584f8 PostQuitMessage
0x4584fc WindowFromPoint
0x458500 ReleaseCapture
0x458504 SetCapture
0x458508 SetRect
0x45850c TrackPopupMenu
0x458510 IsRectEmpty
0x458514 EnableWindow
0x458518 LoadIconA
0x45851c GetSystemMetrics
0x458520 CharUpperA
0x458524 PostMessageA
0x458528 GetDC
0x45852c ReleaseDC
0x458530 UpdateWindow
0x458534 InvalidateRect
0x458538 GetWindow
0x45853c GetParent
0x458540 GetFocus
0x458544 PtInRect
0x458548 InflateRect
0x45854c OffsetRect
0x458550 FillRect
0x458554 GetWindowRect
0x458558 GetKeyState
0x45855c DrawTextA
0x458560 CreatePopupMenu
0x458564 GetMenuItemCount
0x458568 ScreenToClient
0x45856c OpenClipboard
0x458570 GetSysColor
0x458574 GetDesktopWindow
0x458578 GetMessagePos
0x45857c SetClipboardData
0x458580 CloseClipboard
0x458584 EmptyClipboard
0x458588 CopyRect
0x45858c EqualRect
0x458590 DrawFocusRect
0x458594 GetForegroundWindow
Library GDI32.dll:
0x458034 SetWindowExtEx
0x458038 ScaleWindowExtEx
0x45803c ExtSelectClipRgn
0x458040 DeleteDC
0x458044 GetStockObject
0x458048 CreatePen
0x45804c CreateSolidBrush
0x458050 GetMapMode
0x458054 GetBkColor
0x458058 GetTextColor
0x45805c GetRgnBox
0x458060 ScaleViewportExtEx
0x458064 SetViewportExtEx
0x458068 OffsetViewportOrgEx
0x45806c SetViewportOrgEx
0x458070 SelectObject
0x458074 Escape
0x458078 TextOutA
0x45807c RectVisible
0x458080 PtVisible
0x458084 GetWindowExtEx
0x458088 GetViewportExtEx
0x458090 MoveToEx
0x458094 LineTo
0x458098 SetMapMode
0x45809c RestoreDC
0x4580a0 SaveDC
0x4580a4 ExtTextOutA
0x4580a8 CopyMetaFileA
0x4580ac GetDeviceCaps
0x4580b0 SetBkColor
0x4580b4 SetTextColor
0x4580b8 GetClipBox
0x4580c0 CreateBitmap
0x4580c4 DeleteObject
0x4580c8 CreateFontIndirectA
0x4580cc CreateCompatibleDC
0x4580d4 GetCurrentObject
0x4580d8 GetObjectA
Library comdlg32.dll:
0x4585ac GetFileTitleA
Library WINSPOOL.DRV:
0x45859c DocumentPropertiesA
0x4585a0 OpenPrinterA
0x4585a4 ClosePrinter
Library ADVAPI32.dll:
0x458000 RegCreateKeyExA
0x458004 RegDeleteValueA
0x458008 RegSetValueExA
0x45800c RegCloseKey
0x458010 RegQueryValueA
0x458014 RegOpenKeyA
0x458018 RegEnumKeyA
0x45801c RegDeleteKeyA
0x458020 RegOpenKeyExA
0x458024 RegQueryValueExA
Library SHELL32.dll:
0x45835c ShellExecuteA
Library COMCTL32.dll:
0x45802c
Library SHLWAPI.dll:
0x458364 PathFindFileNameA
0x458368 PathStripToRootA
0x45836c PathFindExtensionA
0x458370 PathIsUNCA
Library oledlg.dll:
0x458610
Library ole32.dll:
0x4585c4 CoRevokeClassObject
0x4585c8 CoGetClassObject
0x4585cc OleFlushClipboard
0x4585d4 DoDragDrop
0x4585d8 RevokeDragDrop
0x4585e0 RegisterDragDrop
0x4585e4 OleDuplicateData
0x4585e8 ReleaseStgMedium
0x4585ec CoTaskMemFree
0x4585f0 CLSIDFromString
0x4585f4 CLSIDFromProgID
0x4585f8 OleInitialize
0x458600 OleUninitialize
0x458608 CoTaskMemAlloc
Library OLEAUT32.dll:
0x45831c SysFreeString
0x458320 VarBstrFromDate
0x458324 VarUdateFromDate
0x458328 VarDateFromStr
0x45832c SysStringLen
0x458330 SysAllocStringLen
0x458334 VariantClear
0x458338 VariantChangeType
0x45833c VariantInit
0x458348 SafeArrayDestroy
0x45834c SysAllocString
0x458350 VariantCopy

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.