2.0
低危
45 个模型检测该样本为恶意!
重新分析
更多

66acc9883b31344df1953a5f8e72bddbb1f0c422f73e2a4181106dc5a0fbbb3b

af6383bb1addb36a7c5262bec697cfa5.exe

分析耗时

17s

最近分析

文件大小

626.0KB
静态报毒 动态报毒 100% AI SCORE=83 CLASSIC CONFIDENCE ELDORADO EMOTET EMOTETPMF ERIO GCUJ GENCIRC GENERICKDZ GENETIC GENKRYPTIK HIGH CONFIDENCE KRYPTIK MALWARE@#EO0I7DAB2SN3 R349733 S15677529 SUSGEN TRWV UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FQS!AF6383BB1ADD 20201022 6.0.6.653
Alibaba Trojan:Win32/Emotet.484fd0fc 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201022 18.4.3895.0
Tencent Malware.Win32.Gencirc.10cdf979 20201022 1.0.0.1
Kingsoft 20201022 2013.8.14.323
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
行为判定
动态指标
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 45 AntiVirus engines on VirusTotal as malicious (45 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.69802
FireEye Generic.mg.af6383bb1addb36a
CAT-QuickHeal Trojan.EmotetPMF.S15677529
McAfee Emotet-FQS!AF6383BB1ADD
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 0056da601 )
Alibaba Trojan:Win32/Emotet.484fd0fc
K7GW Trojan ( 0056e09c1 )
Arcabit Trojan.Generic.D110AA
Cyren W32/Kryptik.BVJ.gen!Eldorado
Symantec Trojan.Gen.MBT
APEX Malicious
Paloalto generic.ml
ClamAV Win.Keylogger.Emotet-9759180-0
Kaspersky Trojan-Banker.Win32.Emotet.gcuj
BitDefender Trojan.GenericKDZ.69802
ViRobot Trojan.Win32.Emotet.649728
Avast Win32:Trojan-gen
Tencent Malware.Win32.Gencirc.10cdf979
Ad-Aware Trojan.GenericKDZ.69802
Comodo Malware@#eo0i7dab2sn3
DrWeb Trojan.Emotet.1005
Invincea Troj/Emotet-CMB
McAfee-GW-Edition BehavesLike.Win32.Emotet.jh
Sophos Troj/Emotet-CMB
Ikarus Trojan-Banker.Emotet
Jiangmin Trojan.Banker.Emotet.ogd
Microsoft Trojan:Win32/Emotet.ARJ!MTB
AegisLab Trojan.Win32.Emotet.trwV
ZoneAlarm Trojan-Banker.Win32.Emotet.gcuj
GData Trojan.GenericKDZ.69802
AhnLab-V3 Trojan/Win32.Emotet.R349733
ALYac Trojan.GenericKDZ.69802
MAX malware (ai score=83)
ESET-NOD32 Win32/Emotet.CD
Rising Trojan.Emotet!1.CB4A (CLASSIC)
Yandex Trojan.Emotet!
MaxSecure Trojan.Malware.106084403.susgen
Fortinet W32/GenKryptik.ERIO!tr
AVG Win32:Trojan-gen
Panda Trj/Genetic.gen
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Win32/Trojan.621
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-28 21:37:36

Imports

Library KERNEL32.dll:
0x4490e0 RaiseException
0x4490e4 RtlUnwind
0x4490e8 GetCommandLineA
0x4490ec GetStartupInfoA
0x4490f0 HeapAlloc
0x4490f4 HeapFree
0x4490f8 VirtualProtect
0x4490fc GetSystemInfo
0x449100 VirtualQuery
0x449104 HeapReAlloc
0x449108 Sleep
0x44910c HeapSize
0x449110 GetStdHandle
0x449124 SetHandleCount
0x449128 GetFileType
0x44912c HeapCreate
0x449130 VirtualFree
0x449138 IsDebuggerPresent
0x44913c GetACP
0x449140 IsValidCodePage
0x449148 GetStringTypeA
0x44914c GetStringTypeW
0x449154 GetConsoleCP
0x449158 GetConsoleMode
0x44915c LCMapStringA
0x449160 LCMapStringW
0x449164 SetStdHandle
0x449168 WriteConsoleA
0x44916c GetConsoleOutputCP
0x449170 WriteConsoleW
0x449174 CompareStringW
0x449184 TerminateProcess
0x449188 GetTickCount
0x44918c GetFileTime
0x449190 GetFileSizeEx
0x449194 GetFileAttributesA
0x44919c SetErrorMode
0x4491a0 CreateFileA
0x4491a4 GetFullPathNameA
0x4491ac FindFirstFileA
0x4491b0 FindClose
0x4491b4 GetCurrentProcess
0x4491b8 DuplicateHandle
0x4491bc GetFileSize
0x4491c0 SetEndOfFile
0x4491c4 UnlockFile
0x4491c8 LockFile
0x4491cc FlushFileBuffers
0x4491d0 SetFilePointer
0x4491d4 WriteFile
0x4491d8 ReadFile
0x4491e4 GetThreadLocale
0x4491e8 GetModuleHandleW
0x4491ec GetOEMCP
0x4491f0 GetCPInfo
0x4491f8 GlobalFlags
0x4491fc TlsFree
0x449204 LocalReAlloc
0x449208 TlsSetValue
0x44920c TlsAlloc
0x449214 GlobalHandle
0x449218 GlobalReAlloc
0x449220 TlsGetValue
0x449228 LocalAlloc
0x44922c CloseHandle
0x449230 GetCurrentThread
0x44923c GetLocaleInfoA
0x449240 InterlockedExchange
0x449244 lstrcmpA
0x449248 GetCurrentProcessId
0x44924c GetModuleFileNameA
0x449254 GetModuleFileNameW
0x449258 GlobalFree
0x44925c GlobalAlloc
0x449260 GlobalLock
0x449264 GlobalUnlock
0x449268 FormatMessageA
0x44926c LocalFree
0x449270 MulDiv
0x449274 lstrlenA
0x449278 FreeResource
0x44927c GetCurrentThreadId
0x449280 GlobalGetAtomNameA
0x449284 GlobalAddAtomA
0x449288 GlobalFindAtomA
0x44928c GlobalDeleteAtom
0x449290 FreeLibrary
0x449294 CompareStringA
0x449298 LoadLibraryA
0x44929c GetLastError
0x4492a0 SetLastError
0x4492a4 MultiByteToWideChar
0x4492a8 lstrcmpW
0x4492ac GetModuleHandleA
0x4492b0 GetProcAddress
0x4492b4 GetVersionExA
0x4492b8 VirtualAlloc
0x4492bc ExitProcess
0x4492c0 WideCharToMultiByte
0x4492c4 FindResourceA
0x4492c8 LoadResource
0x4492cc LockResource
0x4492d4 SizeofResource
Library USER32.dll:
0x449334 PostThreadMessageA
0x449338 ReleaseCapture
0x44933c WindowFromPoint
0x449340 SetCapture
0x449344 UnregisterClassA
0x449348 DestroyMenu
0x44934c SetRectEmpty
0x449350 IsZoomed
0x449358 MapDialogRect
0x44935c GetDesktopWindow
0x449364 GetNextDlgTabItem
0x449368 EndDialog
0x44936c SetCursor
0x449370 GetMessageA
0x449374 TranslateMessage
0x449378 GetActiveWindow
0x44937c ValidateRect
0x449380 PostQuitMessage
0x449388 EndPaint
0x44938c BeginPaint
0x449390 GetWindowDC
0x449394 ClientToScreen
0x449398 GrayStringA
0x44939c DrawTextExA
0x4493a0 DrawTextA
0x4493a4 TabbedTextOutA
0x4493a8 IsWindowEnabled
0x4493ac ShowWindow
0x4493b0 MoveWindow
0x4493b4 SetWindowTextA
0x4493b8 IsDialogMessageA
0x4493bc SetDlgItemInt
0x4493c0 GetDlgItemInt
0x4493c4 SetMenuItemBitmaps
0x4493cc ModifyMenuA
0x4493d0 GetMenuState
0x4493d4 EnableMenuItem
0x4493d8 CheckMenuItem
0x4493e0 SendDlgItemMessageA
0x4493e4 WinHelpA
0x4493e8 IsChild
0x4493ec GetCapture
0x4493f0 SetWindowsHookExA
0x4493f4 CallNextHookEx
0x4493f8 GetClassLongA
0x4493fc GetClassNameA
0x449400 SetPropA
0x449404 GetPropA
0x449408 RemovePropA
0x44940c GetFocus
0x449410 IsWindow
0x449414 SetFocus
0x449418 GetWindowTextA
0x44941c GetForegroundWindow
0x449420 GetLastActivePopup
0x449424 SetActiveWindow
0x449428 DispatchMessageA
0x44942c BeginDeferWindowPos
0x449430 EndDeferWindowPos
0x449434 GetDlgItem
0x449438 GetTopWindow
0x44943c DestroyWindow
0x449440 UnhookWindowsHookEx
0x449444 GetMessageTime
0x449448 GetMessagePos
0x44944c PeekMessageA
0x449450 MapWindowPoints
0x449454 GetKeyState
0x449458 SetMenu
0x44945c GetScrollRange
0x449460 SetScrollPos
0x449464 GetScrollPos
0x449468 DrawStateA
0x44946c EqualRect
0x449470 DrawFocusRect
0x449474 GetClientRect
0x449478 SetForegroundWindow
0x44947c ShowScrollBar
0x449480 IsWindowVisible
0x449484 UpdateWindow
0x449488 PostMessageA
0x44948c GetSubMenu
0x449490 GetMenuItemID
0x449494 GetMenuItemCount
0x449498 CreateWindowExA
0x44949c GetClassInfoExA
0x4494a0 RegisterClassA
0x4494a4 GetSysColor
0x4494a8 AdjustWindowRectEx
0x4494ac MessageBeep
0x4494b0 GetNextDlgGroupItem
0x4494b4 InvalidateRgn
0x4494b8 SetRect
0x4494bc GetParent
0x4494c0 DeferWindowPos
0x4494c4 IsRectEmpty
0x4494cc CharNextA
0x4494d0 CharUpperA
0x4494d4 ScreenToClient
0x4494d8 GetDC
0x4494dc ReleaseDC
0x4494e0 EnableScrollBar
0x4494e4 SetTimer
0x4494e8 KillTimer
0x4494ec EnableWindow
0x4494f0 LoadCursorA
0x4494f4 GetCursorPos
0x4494f8 GetSysColorBrush
0x4494fc DefWindowProcA
0x449500 GetClassInfoA
0x449504 MessageBoxA
0x449508 LoadStringA
0x44950c DrawIcon
0x449510 SendMessageA
0x449514 IsIconic
0x449518 InvalidateRect
0x44951c LoadIconA
0x449520 GetSystemMetrics
0x449524 LoadBitmapA
0x449528 GetWindow
0x44952c GetWindowRect
0x449530 GetWindowPlacement
0x449538 IntersectRect
0x44953c OffsetRect
0x449540 SetWindowPos
0x449544 SetWindowLongA
0x449548 GetWindowLongA
0x44954c GetMenu
0x449550 CallWindowProcA
0x449554 GetDlgCtrlID
0x449558 PtInRect
0x44955c CopyRect
0x449560 SetScrollInfo
0x449564 GetScrollInfo
Library GDI32.dll:
0x449038 ExtSelectClipRgn
0x44903c DeleteDC
0x449040 GetStockObject
0x449044 GetMapMode
0x449048 GetTextMetricsA
0x449050 GetBkColor
0x449054 GetTextColor
0x449058 GetRgnBox
0x44905c ScaleWindowExtEx
0x449060 SetWindowExtEx
0x449064 ScaleViewportExtEx
0x449068 SetViewportExtEx
0x44906c OffsetViewportOrgEx
0x449070 SetViewportOrgEx
0x449074 Escape
0x449078 ExtTextOutA
0x44907c TextOutA
0x449080 RectVisible
0x449088 CreatePen
0x44908c GetWindowExtEx
0x449090 GetViewportExtEx
0x449094 DeleteObject
0x449098 IntersectClipRect
0x44909c ExcludeClipRect
0x4490a0 SetMapMode
0x4490a4 RestoreDC
0x4490a8 SaveDC
0x4490ac GetDeviceCaps
0x4490b0 CreateBitmap
0x4490b4 GetObjectA
0x4490b8 SetBkColor
0x4490bc SetTextColor
0x4490c0 GetClipBox
0x4490c4 BitBlt
0x4490c8 Polyline
0x4490cc SelectObject
0x4490d0 CreateCompatibleDC
0x4490d8 PtVisible
Library MSIMG32.dll:
0x4492dc TransparentBlt
Library COMDLG32.dll:
0x449030 GetFileTitleA
Library WINSPOOL.DRV:
0x44956c DocumentPropertiesA
0x449570 ClosePrinter
0x449574 OpenPrinterA
Library ADVAPI32.dll:
0x449000 RegOpenKeyA
0x449004 RegSetValueExA
0x449008 RegCreateKeyExA
0x44900c RegQueryValueA
0x449010 RegCloseKey
0x449014 RegEnumKeyA
0x449018 RegDeleteKeyA
0x44901c RegOpenKeyExA
0x449020 RegQueryValueExA
Library COMCTL32.dll:
0x449028
Library SHLWAPI.dll:
0x44931c PathFindFileNameA
0x449320 PathStripToRootA
0x449324 PathIsUNCA
0x449328 PathFindExtensionA
Library oledlg.dll:
0x4495bc
Library ole32.dll:
0x44957c CoRevokeClassObject
0x449580 OleInitialize
0x449588 OleUninitialize
0x449598 CoGetClassObject
0x4495a0 CLSIDFromString
0x4495a4 CLSIDFromProgID
0x4495a8 CoTaskMemAlloc
0x4495ac CoTaskMemFree
0x4495b0 OleFlushClipboard
Library OLEAUT32.dll:
0x4492e4 VariantChangeType
0x4492e8 VariantInit
0x4492ec SysAllocStringLen
0x4492f0 SysStringLen
0x4492f4 SysFreeString
0x4492fc VariantCopy
0x449300 VariantClear
0x449304 SafeArrayDestroy
0x449314 SysAllocString

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62192 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.