| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| McAfee | Emotet-FMI!86EA894E1A24 | 20201229 | 6.0.6.653 |
| Alibaba | Trojan:Win32/Emotet.cc5cae61 | 20190527 | 0.3.0.5 |
| Baidu | 20190318 | 1.0.0.2 | |
| Avast | Win32:DangerousSig [Trj] | 20201229 | 21.1.5827.0 |
| Tencent | Malware.Win32.Gencirc.10ba342c | 20201229 | 1.0.0.1 |
| Kingsoft | 20201229 | 2017.9.26.565 | |
| CrowdStrike | win/malicious_confidence_100% (W) | 20190702 | 1.0 |
| Time & API | Arguments | Status | Return | Repeated |
|---|---|---|---|---|
|
1619712297.503626 GetComputerNameW |
computer_name:
OSKAR-PC
|
success | 1 | 0 |
| suspicious_features | POST method with no referer header | suspicious_request | POST https://update.googleapis.com/service/update2?cup2key=10:2865978569&cup2hreq=f92150667dc7131c4d74ba221967de48babc7f91ffccb08d1cd6f4d06d62dfcb | ||||||
| request | HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe |
| request | HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619683212&mv=m&mvi=1&pl=23&shardbypass=yes |
| request | HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=656b7228436ca15e&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619683212&mv=m |
| request | POST https://update.googleapis.com/service/update2?cup2key=10:2865978569&cup2hreq=f92150667dc7131c4d74ba221967de48babc7f91ffccb08d1cd6f4d06d62dfcb |
| request | POST https://update.googleapis.com/service/update2?cup2key=10:2865978569&cup2hreq=f92150667dc7131c4d74ba221967de48babc7f91ffccb08d1cd6f4d06d62dfcb |
| file | C:\Users\Public\Desktop\Google Chrome.lnk |
| entropy | 7.157239907990297 | section | {'size_of_data': '0x00016e00', 'virtual_address': '0x00001000', 'entropy': 7.157239907990297, 'name': '.text', 'virtual_size': '0x00016ce6'} | description | A section with a high entropy has been found | |||||||||
| entropy | 0.5772870662460567 | description | Overall entropy of this PE file is high | |||||||||||
| host | 172.217.24.14 | |||
| host | 181.15.177.100 | |||
| host | 189.143.52.49 | |||
| service_name | dmapnf | service_path | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\dmapnf.exe" | ||||||
| file | C:\Windows\SysWOW64\dmapnf.exe:Zone.Identifier |
| Bkav | W32.AIDetectVM.malware1 |
| Elastic | malicious (high confidence) |
| MicroWorld-eScan | Trojan.Agent.DWYG |
| FireEye | Generic.mg.86ea894e1a24a536 |
| McAfee | Emotet-FMI!86EA894E1A24 |
| Cylance | Unsafe |
| SUPERAntiSpyware | Trojan.Agent/Gen-Emotet |
| Sangfor | Malware |
| K7AntiVirus | Trojan ( 0054e0681 ) |
| Alibaba | Trojan:Win32/Emotet.cc5cae61 |
| K7GW | Trojan ( 0054e0681 ) |
| Cybereason | malicious.e1a24a |
| Arcabit | Trojan.Agent.DWYG |
| Cyren | W32/Emotet.AAP.gen!Eldorado |
| Symantec | Packed.Generic.459 |
| APEX | Malicious |
| Avast | Win32:DangerousSig [Trj] |
| ClamAV | Win.Malware.Emotet-6971817-0 |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| BitDefender | Trojan.Agent.DWYG |
| NANO-Antivirus | Trojan.Win32.Kryptik.fqfuxx |
| Paloalto | generic.ml |
| AegisLab | Trojan.Win32.Malicious.4!c |
| Tencent | Malware.Win32.Gencirc.10ba342c |
| Ad-Aware | Trojan.Agent.DWYG |
| Sophos | Mal/Generic-R + Mal/Emotet-Q |
| Comodo | TrojWare.Win32.Emotet.AVA@89pp2y |
| F-Secure | Heuristic.HEUR/AGEN.1125423 |
| VIPRE | Trojan.Win32.Generic!BT |
| TrendMicro | TrojanSpy.Win32.EMOTET.SMC |
| McAfee-GW-Edition | Emotet-FMI!86EA894E1A24 |
| Emsisoft | Trojan.Agent.DWYG (B) |
| Ikarus | Trojan-Banker.Emotet |
| Jiangmin | Trojan.Banker.Emotet.iph |
| eGambit | Unsafe.AI_Score_66% |
| Avira | HEUR/AGEN.1125423 |
| Antiy-AVL | Trojan/Win32.Emotet |
| Gridinsoft | Trojan.Win32.Kryptik.vb!s1 |
| Microsoft | Trojan:Win32/Emotet.PA!MTB |
| ZoneAlarm | HEUR:Trojan.Win32.Generic |
| GData | Trojan.Agent.DWYG |
| Cynet | Malicious (score: 100) |
| AhnLab-V3 | Malware/Win32.Generic.R255822 |
| Acronis | suspicious |
| BitDefenderTheta | Gen:NN.ZexaF.34700.kqX@ai!m7Djc |
| ALYac | Trojan.Agent.Emotet |
| MAX | malware (ai score=86) |
| VBA32 | BScope.Malware-Cryptor.Emotet |
| Malwarebytes | Trojan.Emotet |
| ESET-NOD32 | a variant of Win32/Kryptik.GQEV |
| dead_host | 172.217.160.110:443 |
| dead_host | 172.217.24.14:443 |
| dead_host | 181.15.177.100:443 |
| dead_host | 189.143.52.49:443 |
| dead_host | 172.217.160.78:443 |
No hosts contacted.
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 49193 | 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com | 80 |
| 192.168.56.101 | 49194 | 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com | 80 |
| 192.168.56.101 | 49192 | 203.208.41.33 redirector.gvt1.com | 80 |
| 192.168.56.101 | 49191 | 203.208.41.66 update.googleapis.com | 443 |
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 49235 | 114.114.114.114 | 53 |
| 192.168.56.101 | 50568 | 114.114.114.114 | 53 |
| 192.168.56.101 | 51963 | 114.114.114.114 | 53 |
| 192.168.56.101 | 53657 | 114.114.114.114 | 53 |
| 192.168.56.101 | 54991 | 114.114.114.114 | 53 |
| 192.168.56.101 | 55368 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56539 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56743 | 114.114.114.114 | 53 |
| 192.168.56.101 | 57236 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58070 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58970 | 114.114.114.114 | 53 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 123 | 20.189.79.72 time.windows.com | 123 |
| 192.168.56.101 | 50002 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 50534 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 51808 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 53210 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 54178 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 54260 | 224.0.0.252 | 5355 |
| URI | Data |
|---|---|
| http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe | HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: redirector.gvt1.com |
| http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619683212&mv=m&mvi=1&pl=23&shardbypass=yes | HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619683212&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r1---sn-j5o7dn7e.gvt1.com |
| http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=656b7228436ca15e&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619683212&mv=m | HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=656b7228436ca15e&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619683212&mv=m HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r3---sn-j5o7dn7e.gvt1.com |
No ICMP traffic performed.
No IRC requests performed.
No Suricata Alerts
No Suricata TLS
No Snort Alerts