6.4
高危
48 个模型检测该样本为恶意!
重新分析
更多

60dcd76aa3925de4b6716d50c18d732d579bfb83fb73f944c84e16e571a68399

8eb1560f8fa15e502956c048d74ecc25.exe

分析耗时

77s

最近分析

文件大小

300.0KB
静态报毒 动态报毒 100% AI SCORE=80 AJXK BANKERX BSCOPE CLOUD CONFIDENCE DOWNLOADER34 ELDORADO EMOTET EOMR GENCIRC GENERICKDZ GENKRYPTIK HFGD HIGH CONFIDENCE HPGFRT KRYPTIK MALICIOUS R002C0DGU20 R346328 SGENERIC UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRI!8EB1560F8FA1 20200807 6.0.6.653
Alibaba Trojan:Win32/Emotet.368e870b 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:BankerX-gen [Trj] 20200807 18.4.3895.0
Tencent Malware.Win32.Gencirc.10cde4d4 20200807 1.0.0.1
Kingsoft 20200807 2013.8.14.323
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619686151.219205
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1619686135.360205
CryptGenKey
crypto_handle: 0x006ae528
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00603320
flags: 1
key: fe¨W_°/ûÀYe¦†Ñâ
success 1 0
1619686151.235205
CryptExportKey
crypto_handle: 0x006ae528
crypto_export_handle: 0x006ae468
buffer: f¤!cbzn¶Œ@»ÈÇ_ž?â8ùÏÊHA èK•¨à‚Ä$@á—2N>É[ØÚrñž< –sö$öF„ô8ËñB\ è¡¡„C"ïŸK IÆ×:D©íà‘¤aÍsBŠå
blob_type: 1
flags: 64
success 1 0
1619686185.938205
CryptExportKey
crypto_handle: 0x006ae528
crypto_export_handle: 0x006ae468
buffer: f¤ìVӉj4¿3Ç¥EÅC›É´¿m÷èÒÔΚÄræx_, ußrJŸRÏ© hyS‘~[X§Qïí<­1ÙÂÐ?ü &†ÂÝÐ<= ê…Ó|ûh¼ø‰%ƚøH“¤››ˆ
blob_type: 1
flags: 64
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619686134.344205
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00580000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619686151.922205
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.243599626291257 section {'size_of_data': '0x0000d000', 'virtual_address': '0x00042000', 'entropy': 7.243599626291257, 'name': '.rsrc', 'virtual_size': '0x0000c908'} description A section with a high entropy has been found
Expresses interest in specific running processes (1 个事件)
process 8eb1560f8fa15e502956c048d74ecc25.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619686151.485205
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 177.37.81.212
host 74.207.230.187
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619686154.501205
RegSetValueExA
key_handle: 0x000003c4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619686154.501205
RegSetValueExA
key_handle: 0x000003c4
value: à‰áÃî<×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619686154.501205
RegSetValueExA
key_handle: 0x000003c4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619686154.501205
RegSetValueExW
key_handle: 0x000003c4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619686154.501205
RegSetValueExA
key_handle: 0x000003dc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619686154.501205
RegSetValueExA
key_handle: 0x000003dc
value: à‰áÃî<×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619686154.501205
RegSetValueExA
key_handle: 0x000003dc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619686154.532205
RegSetValueExW
key_handle: 0x000003c0
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 177.37.81.212:443
File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 个事件)
MicroWorld-eScan Trojan.GenericKDZ.69112
FireEye Trojan.GenericKDZ.69112
CAT-QuickHeal Backdoor.Emotet
McAfee Emotet-FRI!8EB1560F8FA1
Malwarebytes Trojan.MalPack.TRE
Zillya Backdoor.Emotet.Win32.651
K7AntiVirus Trojan ( 0056b6f11 )
Alibaba Trojan:Win32/Emotet.368e870b
K7GW Trojan ( 0056b6f11 )
Arcabit Trojan.Generic.D10DF8
TrendMicro TROJ_GEN.R002C0DGU20
F-Prot W32/Emotet.AOC.gen!Eldorado
Symantec Trojan.Emotet
APEX Malicious
Paloalto generic.ml
Kaspersky Backdoor.Win32.Emotet.ajxk
BitDefender Trojan.GenericKDZ.69112
NANO-Antivirus Trojan.Win32.Emotet.hpgfrt
AegisLab Trojan.Win32.Emotet.L!c
Avast Win32:BankerX-gen [Trj]
Tencent Malware.Win32.Gencirc.10cde4d4
Ad-Aware Trojan.GenericKDZ.69112
Sophos Troj/Emotet-CKK
DrWeb Trojan.DownLoader34.9808
VIPRE Trojan.Win32.Generic!BT
Invincea heuristic
Emsisoft Trojan.Emotet (A)
Cyren W32/Emotet.AOC.gen!Eldorado
Jiangmin Backdoor.Emotet.ov
Antiy-AVL Trojan/Win32.SGeneric
Microsoft Trojan:Win32/Emotet.ARJ!MTB
Endgame malicious (high confidence)
ViRobot Trojan.Win32.Z.Emotet.307200.CTO
ZoneAlarm Backdoor.Win32.Emotet.ajxk
GData Trojan.GenericKDZ.69112
AhnLab-V3 Trojan/Win32.Emotet.R346328
ALYac Trojan.GenericKDZ.69112
MAX malware (ai score=80)
VBA32 BScope.Trojan.Downloader
Cylance Unsafe
ESET-NOD32 a variant of Win32/Kryptik.HFGD
TrendMicro-HouseCall TROJ_GEN.R002C0DGU20
Rising Trojan.Kryptik!1.C89F (CLOUD)
Ikarus Trojan-Banker.Emotet
Fortinet W32/GenKryptik.EOMR!tr
AVG Win32:BankerX-gen [Trj]
Panda Trj/Emotet.C
CrowdStrike win/malicious_confidence_100% (W)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-29 16:50:51

Imports

Library SHLWAPI.dll:
0x4302e8 StrRetToStrA
Library KERNEL32.dll:
0x4300c4 HeapSize
0x4300c8 HeapReAlloc
0x4300d0 GetACP
0x4300d4 CompareStringA
0x4300d8 CompareStringW
0x4300f0 SetHandleCount
0x4300f4 GetStdHandle
0x4300f8 GetFileType
0x4300fc HeapDestroy
0x430100 HeapCreate
0x430104 VirtualFree
0x43010c LCMapStringA
0x430110 LCMapStringW
0x430114 VirtualAlloc
0x430118 IsBadWritePtr
0x43011c GetStringTypeA
0x430120 GetStringTypeW
0x430124 GetDriveTypeA
0x430128 Sleep
0x43012c IsBadReadPtr
0x430130 IsBadCodePtr
0x430134 SetStdHandle
0x43013c HeapFree
0x430140 HeapAlloc
0x430144 RaiseException
0x430148 GetProfileStringA
0x43014c InterlockedExchange
0x430150 GetTickCount
0x430154 GetFileAttributesA
0x430158 GetCurrentProcess
0x43015c SizeofResource
0x430160 GetProcAddress
0x430164 LoadLibraryExA
0x430168 LoadLibraryExW
0x43016c lstrlenA
0x430170 GetModuleHandleA
0x430174 lstrcpyA
0x430178 GlobalDeleteAtom
0x43017c GlobalFindAtomA
0x430180 GlobalAddAtomA
0x430184 lstrcmpiA
0x430188 GlobalGetAtomNameA
0x43018c GetCurrentThreadId
0x430190 lstrcatA
0x430194 GetVersion
0x430198 LockResource
0x43019c LoadResource
0x4301a0 FindResourceA
0x4301a4 FreeLibrary
0x4301a8 LoadLibraryA
0x4301b4 WideCharToMultiByte
0x4301b8 MultiByteToWideChar
0x4301bc LocalFree
0x4301c0 FormatMessageA
0x4301c4 lstrcpynA
0x4301c8 FindClose
0x4301cc SetLastError
0x4301d0 GetLastError
0x4301d4 FindFirstFileA
0x4301d8 FindNextFileA
0x4301dc lstrcmpA
0x4301e0 GetCurrentThread
0x4301e4 ExitProcess
0x4301e8 GetCommandLineA
0x4301ec GetStartupInfoA
0x4301f0 RtlUnwind
0x4301f4 GetFileTime
0x4301f8 GetFileSize
0x4301fc GlobalAlloc
0x430200 GlobalLock
0x430204 GetModuleFileNameA
0x430208 TerminateProcess
0x43020c CloseHandle
0x430210 GetFullPathNameA
0x430218 SetEndOfFile
0x43021c UnlockFile
0x430220 LockFile
0x430224 FlushFileBuffers
0x430228 SetFilePointer
0x43022c WriteFile
0x430230 ReadFile
0x430234 CreateFileA
0x430238 DuplicateHandle
0x43023c SetErrorMode
0x430240 GetThreadLocale
0x430254 GetOEMCP
0x430258 GetCPInfo
0x43025c GetProcessVersion
0x430260 TlsGetValue
0x430264 LocalReAlloc
0x430268 TlsSetValue
0x43026c GlobalReAlloc
0x430270 TlsFree
0x430274 GlobalHandle
0x430278 TlsAlloc
0x43027c LocalAlloc
0x430290 GlobalFlags
0x430294 MulDiv
0x430298 GlobalUnlock
0x43029c GlobalFree
Library USER32.dll:
0x4302f0 InvalidateRect
0x4302f4 CharUpperA
0x4302fc PostThreadMessageA
0x430300 MessageBeep
0x430304 GetNextDlgGroupItem
0x430308 SetRect
0x430310 CharNextA
0x430314 GetSysColorBrush
0x430318 LoadCursorA
0x43031c GetDesktopWindow
0x430320 PtInRect
0x430324 GetClassNameA
0x430328 InflateRect
0x43032c GrayStringA
0x430330 DrawTextA
0x430334 TabbedTextOutA
0x430338 EndPaint
0x43033c BeginPaint
0x430340 GetWindowDC
0x430344 ClientToScreen
0x430348 DestroyMenu
0x43034c LoadStringA
0x430350 MapDialogRect
0x430358 EndDialog
0x430360 GetMessageA
0x430364 TranslateMessage
0x430368 GetActiveWindow
0x43036c ValidateRect
0x430370 GetCursorPos
0x430374 PostQuitMessage
0x43037c LoadBitmapA
0x430380 GetMenuState
0x430384 ModifyMenuA
0x430388 SetMenuItemBitmaps
0x43038c CheckMenuItem
0x430390 EnableMenuItem
0x430394 GetNextDlgTabItem
0x430398 IsWindowEnabled
0x43039c ShowWindow
0x4303a0 MoveWindow
0x4303a4 SetWindowTextA
0x4303a8 IsDialogMessageA
0x4303ac PostMessageA
0x4303b0 UpdateWindow
0x4303b4 SendDlgItemMessageA
0x4303b8 MapWindowPoints
0x4303bc GetSysColor
0x4303c0 PeekMessageA
0x4303c4 DispatchMessageA
0x4303c8 GetFocus
0x4303cc SetActiveWindow
0x4303d0 SendMessageA
0x4303d4 GetParent
0x4303d8 EnableWindow
0x4303dc UnregisterClassA
0x4303e0 HideCaret
0x4303e4 ShowCaret
0x4303e8 ExcludeUpdateRgn
0x4303ec DrawFocusRect
0x4303f0 IsWindow
0x4303f4 SetFocus
0x4303f8 AdjustWindowRectEx
0x4303fc ScreenToClient
0x430400 IsWindowVisible
0x430404 GetTopWindow
0x430408 MessageBoxA
0x43040c IsChild
0x430410 GetCapture
0x430414 WinHelpA
0x430418 wsprintfA
0x43041c GetClassInfoA
0x430420 RegisterClassA
0x430424 GetMenu
0x430428 GetMenuItemCount
0x43042c GetSubMenu
0x430430 GetMenuItemID
0x430434 GetDlgItem
0x430438 DefDlgProcA
0x43043c IsWindowUnicode
0x430440 LoadIconA
0x430444 GetSystemMenu
0x430448 AppendMenuA
0x43044c DrawIcon
0x430450 GetClientRect
0x430454 GetSystemMetrics
0x430458 IsIconic
0x43045c ReleaseDC
0x430460 GetDC
0x430464 CopyRect
0x430468 GetWindowRect
0x43046c GetWindowPlacement
0x430474 IntersectRect
0x430478 OffsetRect
0x430480 SetWindowPos
0x430484 SetWindowLongA
0x430488 GetWindowLongA
0x43048c GetWindow
0x430490 SetForegroundWindow
0x430494 GetForegroundWindow
0x430498 GetLastActivePopup
0x43049c GetMessagePos
0x4304a0 GetMessageTime
0x4304a4 RemovePropA
0x4304a8 CallWindowProcA
0x4304ac GetPropA
0x4304b0 UnhookWindowsHookEx
0x4304b4 SetPropA
0x4304b8 GetClassLongA
0x4304bc CallNextHookEx
0x4304c0 SetWindowsHookExA
0x4304c8 GetWindowTextA
0x4304cc GetDlgCtrlID
0x4304d0 GetKeyState
0x4304d4 DefWindowProcA
0x4304d8 DestroyWindow
0x4304dc CreateWindowExA
0x4304e0 SetCursor
Library GDI32.dll:
0x430024 ScaleViewportExtEx
0x430028 SetWindowExtEx
0x43002c ScaleWindowExtEx
0x430030 IntersectClipRect
0x430034 DeleteObject
0x430038 SetViewportExtEx
0x43003c GetDeviceCaps
0x430040 GetViewportExtEx
0x430044 GetWindowExtEx
0x430048 CreateSolidBrush
0x43004c PtVisible
0x430050 RectVisible
0x430054 TextOutA
0x430058 ExtTextOutA
0x43005c Escape
0x430060 GetMapMode
0x430064 DPtoLP
0x430068 GetTextColor
0x43006c GetBkColor
0x430070 LPtoDP
0x430074 OffsetViewportOrgEx
0x430078 SetViewportOrgEx
0x43007c SetMapMode
0x430080 SetBkMode
0x430084 GetStockObject
0x430088 SelectObject
0x43008c RestoreDC
0x430090 SaveDC
0x430094 DeleteDC
0x430098 CreateBitmap
0x43009c GetObjectA
0x4300a0 SetBkColor
0x4300a4 SetTextColor
0x4300a8 GetClipBox
0x4300ac CreateDIBitmap
0x4300b0 GetTextExtentPointA
0x4300b4 BitBlt
0x4300b8 CreateCompatibleDC
0x4300bc PatBlt
Library comdlg32.dll:
0x4304f8 GetFileTitleA
Library WINSPOOL.DRV:
0x4304e8 ClosePrinter
0x4304ec DocumentPropertiesA
0x4304f0 OpenPrinterA
Library ADVAPI32.dll:
0x430000 RegCreateKeyExA
0x430004 RegOpenKeyExA
0x430008 RegSetValueExA
0x43000c RegCloseKey
Library SHELL32.dll:
0x4302d4 SHGetFileInfoA
0x4302d8 SHGetMalloc
0x4302e0 SHGetDesktopFolder
Library COMCTL32.dll:
0x430014 ImageList_Destroy
0x43001c
Library oledlg.dll:
0x430540
Library ole32.dll:
0x430500 OleUninitialize
0x430504 OleInitialize
0x430518 CoGetClassObject
0x43051c CoTaskMemAlloc
0x430520 CLSIDFromString
0x430524 CLSIDFromProgID
0x430528 CoTaskMemFree
0x430530 CoRevokeClassObject
0x430534 OleFlushClipboard
Library OLEPRO32.DLL:
0x4302cc
Library OLEAUT32.dll:
0x4302a4 VariantCopy
0x4302a8 VariantClear
0x4302ac VariantChangeType
0x4302b0 SysAllocStringLen
0x4302b4 SysFreeString
0x4302b8 SysAllocString
0x4302bc SysStringLen

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49238 239.255.255.250 1900
192.168.56.101 49714 239.255.255.250 3702
192.168.56.101 49716 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.