SmartHawk

2.8

中危

52 个模型检测该样本为恶意！

重新分析

下载样本

71c3e92e9aeef1f3cc3460b1e83f34d5ae9a8a380d13d772e76d1c4c11278016

9a4264c2ecac38a222aa5b3bb175c285.exe

分析耗时

31s

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Trojan-FQMJ!9A4264C2ECAC	20201022	6.0.6.653
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0
Alibaba	Trojan:Win32/Emotet.45bbad86	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:Malware-gen	20201022	18.4.3895.0
Tencent		20201022	1.0.0.1
Kingsoft		20201022	2013.8.14.323

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2018-12-18 20:52:35

Imports

Library KERNEL32.dll:

• 0x40314c GetSystemTimeAsFileTime

• 0x403150 GetTempFileNameA

• 0x403154 GetTempFileNameW

• 0x403158 GetTempPathA

• 0x40315c GetTempPathW

• 0x403160 GetTickCount

• 0x403164 GetTimeZoneInformation

• 0x403168 GetUserDefaultLCID

• 0x40316c GetVersionExW

• 0x403170 GetVolumeInformationW

• 0x403174 GlobalAlloc

• 0x403178 GlobalLock

• 0x40317c GlobalSize

• 0x403180 GlobalUnlock

• 0x403184 HeapAlloc

• 0x403188 HeapCreate

• 0x40318c HeapFree

• 0x403190 HeapReAlloc

• 0x403194 HeapSetInformation

• 0x403198 HeapSize

• 0x40319c InitializeCriticalSection

• 0x4031a0 InitializeCriticalSectionAndSpinCount

• 0x4031a4 InterlockedCompareExchange

• 0x4031a8 InterlockedDecrement

• 0x4031ac InterlockedExchange

• 0x4031b0 InterlockedIncrement

• 0x4031b4 InterlockedPopEntrySList

• 0x4031b8 InterlockedPushEntrySList

• 0x4031bc IsDebuggerPresent

• 0x4031c0 IsProcessorFeaturePresent

• 0x4031c4 IsValidCodePage

• 0x4031c8 IsValidLocale

• 0x4031cc LCMapStringW

• 0x4031d0 LeaveCriticalSection

• 0x4031d4 LoadLibraryA

• 0x4031d8 LoadLibraryExW

• 0x4031dc LoadResource

• 0x4031e0 LocalAlloc

• 0x4031e4 LocalFree

• 0x4031e8 LocalLock

• 0x4031ec LocalUnlock

• 0x4031f0 LockResource

• 0x4031f4 MulDiv

• 0x4031f8 MultiByteToWideChar

• 0x4031fc GetStringTypeW

• 0x403200 QueryPerformanceCounter

• 0x403204 RaiseException

• 0x403208 ReadFile

• 0x40320c ReleaseMutex

• 0x403210 RemoveDirectoryA

• 0x403214 RemoveDirectoryW

• 0x403218 ResetEvent

• 0x40321c RtlUnwind

• 0x403220 SetCalendarInfoW

• 0x403224 SetComputerNameExW

• 0x403228 SetEnvironmentVariableA

• 0x40322c SetEvent

• 0x403230 SetFilePointer

• 0x403234 SetHandleCount

• 0x403238 SetLastError

• 0x40323c SetStdHandle

• 0x403240 SetUnhandledExceptionFilter

• 0x403244 SizeofResource

• 0x403248 Sleep

• 0x40324c SystemTimeToFileTime

• 0x403250 TerminateProcess

• 0x403254 TerminateThread

• 0x403258 TlsAlloc

• 0x40325c TlsFree

• 0x403260 TlsGetValue

• 0x403264 TlsSetValue

• 0x403268 UnhandledExceptionFilter

• 0x40326c VirtualAlloc

• 0x403270 VirtualFree

• 0x403274 WaitForMultipleObjects

• 0x403278 WaitForSingleObject

• 0x40327c WideCharToMultiByte

• 0x403280 WinExec

• 0x403284 WriteConsoleW

• 0x403288 WriteFile

• 0x40328c _llseek

• 0x403290 lstrcatW

• 0x403294 lstrcmpW

• 0x403298 lstrcmpiW

• 0x40329c lstrcpyW

• 0x4032a0 lstrcpynW

• 0x4032a4 lstrlenA

• 0x4032a8 lstrlenW

• 0x4032ac GetStdHandle

• 0x4032b0 GetStartupInfoW

• 0x4032b4 GetStartupInfoA

• 0x4032b8 GetProfileIntW

• 0x4032bc GetProcessHeap

• 0x4032c0 GetPrivateProfileSectionNamesA

• 0x4032c4 GetPrivateProfileSectionA

• 0x4032c8 GetPriorityClass

• 0x4032cc GetOEMCP

• 0x4032d0 GetNumberFormatW

• 0x4032d4 GetNamedPipeInfo

• 0x4032d8 GetModuleHandleW

• 0x4032dc GetModuleFileNameW

• 0x4032e0 GetModuleFileNameA

• 0x4032e4 GetLocaleInfoW

• 0x4032e8 GetLocaleInfoA

• 0x4032ec GetLocalTime

• 0x4032f0 GetLastError

• 0x4032f4 GetFileType

• 0x4032f8 GetFileTime

• 0x4032fc GetFileSize

• 0x403300 GetFileAttributesW

• 0x403304 GetFileAttributesExW

• 0x403308 GetFileAttributesA

• 0x40330c GetExitCodeProcess

• 0x403310 GetEnvironmentStringsW

• 0x403314 GetDriveTypeW

• 0x403318 GetDiskFreeSpaceExW

• 0x40331c GetDateFormatW

• 0x403320 GetCurrentThreadId

• 0x403324 GetCurrentProcessId

• 0x403328 GetCurrentProcess

• 0x40332c GetConsoleMode

• 0x403330 GetConsoleCP

• 0x403334 GetConsoleAliasExesW

• 0x403338 GetCommandLineW

• 0x40333c GetCPInfo

• 0x403340 GetACP

• 0x403344 FreeLibrary

• 0x403348 FreeEnvironmentStringsW

• 0x40334c FormatMessageW

• 0x403350 FlushInstructionCache

• 0x403354 FlushFileBuffers

• 0x403358 FindResourceW

• 0x40335c FindNextFileW

• 0x403360 FindFirstFileW

• 0x403364 FindClose

• 0x403368 FindAtomW

• 0x40336c FileTimeToSystemTime

• 0x403370 FileTimeToLocalFileTime

• 0x403374 FileTimeToDosDateTime

• 0x403378 ExpandEnvironmentStringsA

• 0x40337c ExitProcess

• 0x403380 EnumSystemLocalesA

• 0x403384 EnterCriticalSection

• 0x403388 EncodePointer

• 0x40338c DuplicateHandle

• 0x403390 DosDateTimeToFileTime

• 0x403394 DeviceIoControl

• 0x403398 DeleteFileW

• 0x40339c DeleteFileA

• 0x4033a0 DeleteCriticalSection

• 0x4033a4 DecodePointer

• 0x4033a8 CreateThread

• 0x4033ac CreateSemaphoreA

• 0x4033b0 CreateProcessW

• 0x4033b4 CreateProcessA

• 0x4033b8 CreatePipe

• 0x4033bc CreateMutexW

• 0x4033c0 CreateFileW

• 0x4033c4 CreateEventW

• 0x4033c8 CreateDirectoryW

• 0x4033cc CopyFileA

• 0x4033d0 CompareStringW

• 0x4033d4 CompareStringA

• 0x4033d8 CompareFileTime

• 0x4033dc CloseHandle

• 0x4033e0 AreFileApisANSI

• 0x4033e4 GetModuleHandleA

• 0x4033e8 VirtualAllocEx

• 0x4033ec LoadLibraryW

• 0x4033f0 PeekNamedPipe

• 0x4033f4 GetProcAddress

Library USER32.dll:

• 0x40344c LoadMenuW

• 0x403450 LoadStringA

• 0x403454 LoadStringW

• 0x403458 MapWindowPoints

• 0x40345c MessageBeep

• 0x403460 MessageBoxW

• 0x403464 ModifyMenuW

• 0x403468 MoveWindow

• 0x40346c OffsetRect

• 0x403470 OpenClipboard

• 0x403474 OpenDesktopA

• 0x403478 OpenWindowStationW

• 0x40347c PeekMessageW

• 0x403480 PostMessageA

• 0x403484 PostMessageW

• 0x403488 PostQuitMessage

• 0x40348c PtInRect

• 0x403490 RedrawWindow

• 0x403494 RegisterClassExA

• 0x403498 RegisterClassExW

• 0x40349c RegisterClipboardFormatW

• 0x4034a0 RegisterWindowMessageW

• 0x4034a4 ReleaseCapture

• 0x4034a8 ReleaseDC

• 0x4034ac RemoveMenu

• 0x4034b0 ScreenToClient

• 0x4034b4 ScrollDC

• 0x4034b8 SendDlgItemMessageW

• 0x4034bc SendMessageA

• 0x4034c0 SendMessageW

• 0x4034c4 SetCapture

• 0x4034c8 SetClipboardData

• 0x4034cc SetCursor

• 0x4034d0 SetDlgItemTextW

• 0x4034d4 SetFocus

• 0x4034d8 SetMenu

• 0x4034dc SetMenuDefaultItem

• 0x4034e0 SetMenuItemInfoW

• 0x4034e4 SetRectEmpty

• 0x4034e8 SetTimer

• 0x4034ec SetWindowLongA

• 0x4034f0 SetWindowLongW

• 0x4034f4 SetWindowPos

• 0x4034f8 SetWindowTextW

• 0x4034fc SetWindowsHookExW

• 0x403500 ShowWindow

• 0x403504 SystemParametersInfoW

• 0x403508 TrackMouseEvent

• 0x40350c TrackPopupMenuEx

• 0x403510 TranslateAcceleratorW

• 0x403514 TranslateMessage

• 0x403518 UnhookWindowsHookEx

• 0x40351c UnregisterClassA

• 0x403520 UpdateWindow

• 0x403524 WindowFromPoint

• 0x403528 wsprintfW

• 0x40352c LoadImageW

• 0x403530 LoadIconW

• 0x403534 LoadIconA

• 0x403538 LoadCursorW

• 0x40353c LoadCursorA

• 0x403540 LoadBitmapW

• 0x403544 LoadAcceleratorsW

• 0x403548 KillTimer

• 0x40354c IsZoomed

• 0x403550 IsWindowVisible

• 0x403554 IsWindowUnicode

• 0x403558 IsWindowEnabled

• 0x40355c IsWindow

• 0x403560 IsMenu

• 0x403564 IsIconic

• 0x403568 IsDlgButtonChecked

• 0x40356c IsDialogMessageW

• 0x403570 IsClipboardFormatAvailable

• 0x403574 InvalidateRect

• 0x403578 InsertMenuW

• 0x40357c InflateRect

• 0x403580 IMPGetIMEW

• 0x403584 GetWindowThreadProcessId

• 0x403588 GetWindowTextW

• 0x40358c GetWindowTextLengthW

• 0x403590 GetWindowRect

• 0x403594 GetWindowPlacement

• 0x403598 GetWindowLongW

• 0x40359c GetWindowLongA

• 0x4035a0 GetWindowDC

• 0x4035a4 GetWindow

• 0x4035a8 GetSystemMetrics

• 0x4035ac GetSystemMenu

• 0x4035b0 GetSysColorBrush

• 0x4035b4 GetSysColor

• 0x4035b8 GetSubMenu

• 0x4035bc GetParent

• 0x4035c0 GetMessageW

• 0x4035c4 GetMessageTime

• 0x4035c8 GetMessagePos

• 0x4035cc GetMenuItemInfoW

• 0x4035d0 GetMenuItemCount

• 0x4035d4 GetMenu

• 0x4035d8 GetKeyboardLayoutList

• 0x4035dc GetKeyState

• 0x4035e0 GetForegroundWindow

• 0x4035e4 GetFocus

• 0x4035e8 GetDlgItemTextW

• 0x4035ec GetDlgItem

• 0x4035f0 GetDesktopWindow

• 0x4035f4 GetDC

• 0x4035f8 GetCursorPos

• 0x4035fc GetCursor

• 0x403600 GetClipboardData

• 0x403604 GetClientRect

• 0x403608 GetClassNameW

• 0x40360c GetClassInfoExW

• 0x403610 GetAsyncKeyState

• 0x403614 GetActiveWindow

• 0x403618 FrameRect

• 0x40361c FindWindowExW

• 0x403620 FindWindowA

• 0x403624 FillRect

• 0x403628 EnumWindowStationsW

• 0x40362c EnumDisplaySettingsA

• 0x403630 EndPaint

• 0x403634 EndDialog

• 0x403638 EndDeferWindowPos

• 0x40363c EnableWindow

• 0x403640 EnableMenuItem

• 0x403644 DrawTextW

• 0x403648 DrawStateW

• 0x40364c DrawIcon

• 0x403650 DrawFrameControl

• 0x403654 DrawFocusRect

• 0x403658 DrawEdge

• 0x40365c DispatchMessageW

• 0x403660 DialogBoxParamW

• 0x403664 DestroyWindow

• 0x403668 DestroyMenu

• 0x40366c DestroyIcon

• 0x403670 DestroyCursor

• 0x403674 DeferWindowPos

• 0x403678 DefWindowProcW

• 0x40367c CreateWindowExW

• 0x403680 CreatePopupMenu

• 0x403684 CreateDialogParamW

• 0x403688 CopyIcon

• 0x40368c CloseClipboard

• 0x403690 ClientToScreen

• 0x403694 CheckRadioButton

• 0x403698 CheckMenuRadioItem

• 0x40369c CheckMenuItem

• 0x4036a0 CheckDlgButton

• 0x4036a4 CharNextW

• 0x4036a8 CharLowerW

• 0x4036ac CallWindowProcW

• 0x4036b0 CallWindowProcA

• 0x4036b4 CallNextHookEx

• 0x4036b8 BeginPaint

• 0x4036bc BeginDeferWindowPos

• 0x4036c0 AppendMenuW

• 0x4036c4 GetCapture

Library GDI32.dll:

• 0x40304c GetRegionData

• 0x403050 GetStockObject

• 0x403054 GetStringBitmapW

• 0x403058 GetTextAlign

• 0x40305c GetTextExtentPoint32A

• 0x403060 GetTextExtentPoint32W

• 0x403064 GetTextMetricsW

• 0x403068 MoveToEx

• 0x40306c PATHOBJ_vEnumStart

• 0x403070 PatBlt

• 0x403074 Polygon

• 0x403078 RemoveFontResourceTracking

• 0x40307c GetObjectW

• 0x403080 STROBJ_vEnumStart

• 0x403084 SelectObject

• 0x403088 SetBkColor

• 0x40308c SetBkMode

• 0x403090 ExcludeClipRect

• 0x403094 SetBrushOrgEx

• 0x403098 SetDIBitsToDevice

• 0x40309c SetMetaRgn

• 0x4030a0 SetRelAbs

• 0x4030a4 SetTextColor

• 0x4030a8 XFORMOBJ_bApplyXform

• 0x4030ac GetObjectA

• 0x4030b0 GetMetaFileA

• 0x4030b4 GetMetaFileBitsEx

• 0x4030b8 GetLayout

• 0x4030bc GetGraphicsMode

• 0x4030c0 GetDeviceCaps

• 0x4030c4 GetDIBits

• 0x4030c8 GetCharacterPlacementA

• 0x4030cc GetCharWidthInfo

• 0x4030d0 GdiRealizationInfo

• 0x4030d4 GdiPlayPrivatePageEMF

• 0x4030d8 GdiPlayJournal

• 0x4030dc GdiEntry9

• 0x4030e0 GdiEndPageEMF

• 0x4030e4 GdiDeleteSpoolFileHandle

• 0x4030e8 FONTOBJ_pQueryGlyphAttrs

• 0x4030ec FONTOBJ_cGetAllGlyphHandles

• 0x4030f0 RestoreDC

• 0x4030f4 BitBlt

• 0x4030f8 EudcLoadLinkW

• 0x4030fc EngTransparentBlt

• 0x403100 EngDeletePalette

• 0x403104 EnableEUDC

• 0x403108 DeleteObject

• 0x40310c DeleteMetaFile

• 0x403110 DeleteDC

• 0x403114 CreateSolidBrush

• 0x403118 CreateRectRgnIndirect

• 0x40311c CreatePatternBrush

• 0x403120 CreateMetaFileA

• 0x403124 CreateHatchBrush

• 0x403128 CreateFontIndirectW

• 0x40312c CreateFontIndirectA

• 0x403130 CreateDIBSection

• 0x403134 CreateCompatibleDC

• 0x403138 CreateCompatibleBitmap

• 0x40313c CreateBitmap

• 0x403140 CLIPOBJ_bEnum

• 0x403144 ExtTextOutW

Library COMDLG32.dll:

• 0x403040 GetOpenFileNameW

• 0x403044 GetSaveFileNameW

Library ADVAPI32.dll:

• 0x403000 RegSetValueExA

• 0x403004 RegQueryValueExW

• 0x403008 RegQueryValueExA

• 0x40300c RegQueryInfoKeyW

• 0x403010 RegQueryInfoKeyA

• 0x403014 RegOpenKeyExA

• 0x403018 RegOpenKeyA

• 0x40301c RegEnumKeyExW

• 0x403020 RegDeleteValueW

• 0x403024 RegDeleteKeyW

• 0x403028 RegDeleteKeyA

• 0x40302c RegCreateKeyExW

• 0x403030 RegCloseKey

• 0x403034 RegOpenKeyExW

• 0x403038 RegSetValueExW

Library SHELL32.dll:

• 0x4033fc ShellExecuteW

• 0x403400 ShellExecuteExW

• 0x403404 ShellExecuteA

• 0x403408 SHGetSpecialFolderPathW

• 0x40340c SHGetSpecialFolderLocation

• 0x403410 SHGetPathFromIDListW

• 0x403414 SHGetMalloc

• 0x403418 SHGetFolderPathW

• 0x40341c SHGetFolderPathA

• 0x403420 SHGetFileInfoW

• 0x403424 SHGetDesktopFolder

• 0x403428 SHFormatDrive

• 0x40342c SHBrowseForFolderW

• 0x403430 FindExecutableA

• 0x403434 ExtractIconW

• 0x403438 DragQueryPoint

• 0x40343c DragQueryFileW

• 0x403440 DragFinish

• 0x403444 CheckEscapesW

Library ole32.dll:

• 0x4036cc CoCreateInstance

• 0x4036d0 CoLockObjectExternal

• 0x4036d4 CoTaskMemAlloc

• 0x4036d8 CoTaskMemFree

• 0x4036dc CoTaskMemRealloc

• 0x4036e0 DoDragDrop

• 0x4036e4 OleInitialize

• 0x4036e8 OleUninitialize

• 0x4036ec RegisterDragDrop

• 0x4036f0 ReleaseStgMedium

• 0x4036f4 RevokeDragDrop

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	57756	114.114.114.114	53
192.168.56.101	60123	114.114.114.114	53
192.168.56.101	60215	114.114.114.114	53
192.168.56.101	63429	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51378	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	53237	224.0.0.252	5355
192.168.56.101	56539	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	49236	239.255.255.250	3702
192.168.56.101	51379	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Agent.DLUW
FireEye	Generic.mg.9a4264c2ecac38a2
McAfee	Trojan-FQMJ!9A4264C2ECAC
Sangfor	Malware
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Trojan:Win32/Emotet.45bbad86
K7GW	Trojan ( 0051e8781 )
K7AntiVirus	Trojan ( 0051e8781 )
Arcabit	Trojan.Agent.DLUW
TrendMicro	TrojanSpy.Win32.EMOTET.SMA
Cyren	W32/Trojan.MREZ-1600
Symantec	Packed.Generic.459
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	HEUR:Trojan-Banker.Win32.Emotet.gen
BitDefender	Trojan.Agent.DLUW
NANO-Antivirus	Trojan.Win32.Encoder.flpjuk
Paloalto	generic.ml
ViRobot	Trojan.Win32.Z.Shade.910792
Ad-Aware	Trojan.Agent.DLUW
Emsisoft	Trojan.Agent.DLUW (B)
Comodo	Malware@#22781rnz74nnj
DrWeb	Trojan.Encoder.26818
Zillya	Trojan.Shade.Win32.941
Invincea	Mal/Generic-R + Mal/Emotet-Q
McAfee-GW-Edition	BehavesLike.Win32.StartPage.cm
Sophos	Mal/Emotet-Q
Ikarus	Trojan-Ransom.Crypted007
Jiangmin	Trojan.Shade.oy
Antiy-AVL	Trojan[Ransom]/Win32.Shade
Microsoft	Trojan:Win32/Emotet.PB
AegisLab	Trojan.Win32.Emotet.L!c
ZoneAlarm	HEUR:Trojan-Banker.Win32.Emotet.gen
GData	Trojan.Agent.DLUW
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.Cerber.C2948562
Acronis	suspicious
VBA32	BScope.TrojanRansom.Shade
ALYac	Trojan.Agent.DLUW
MAX	malware (ai score=86)
Malwarebytes	Trojan.Crypt
TrendMicro-HouseCall	TrojanSpy.Win32.EMOTET.SMA
Rising	Trojan.Emotet!8.B95 (TFE:2:Dq6GsgS5cCG)
SentinelOne	DFI - Malicious PE
eGambit	Unsafe.AI_Score_97%
Fortinet	W32/Kryptik.GOUT!tr.ransom
AVG	Win32:Malware-gen
Cybereason	malicious.2ecac3