6.6
高危
56 个模型检测该样本为恶意!
重新分析
更多

54065e720c554f076957e57e0f058b8824bf0a4932277178cdcbc383b4601359

b5e46644064741fd5288304a7ba4e01f.exe

分析耗时

77s

最近分析

文件大小

412.0KB
静态报毒 动态报毒 100% AI SCORE=86 AIDETECTGBM ATRAPS ATTRIBUTE CJQU CLOUD CONFIDENCE CRYPTERX DOWNLOADER34 ELDORADO EMOTET GENCIRC GENERICKDZ GENETIC GENKRYPTIK HGIASOYA HIGH CONFIDENCE HIGHCONFIDENCE HRYMAJ KCLOUD KRYPTIK MALWARE@#1HZZ11F3LLTCS MX1HRRQZZOK R + TROJ R348785 SCORE SUSGEN TRTO UNSAFE VTQQC 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Baidu 20190318 1.0.0.2
Avast Win32:CrypterX-gen [Trj] 20210223 21.1.5827.0
Alibaba Trojan:Win32/Emotet.9a6570e0 20190527 0.3.0.5
Tencent Malware.Win32.Gencirc.10cdeb5f 20210223 1.0.0.1
Kingsoft Win32.Hack.Emotet.cj.(kcloud) 20210223 2017.9.26.565
McAfee Emotet-FRV!B5E466440647 20210223 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20210203 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619861132.678269
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1619861116.693269
CryptGenKey
crypto_handle: 0x00537570
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00536b88
flags: 1
key: f’££KȞÝLlGY•úÃÆ
success 1 0
1619861132.693269
CryptExportKey
crypto_handle: 0x00537570
crypto_export_handle: 0x00536c50
buffer: f¤dúۄ«ðàhp4(¦€¦·S08gÞ|O®gÓâH`!Étµ¾$Ìûókêøګِ/Ñ ƒï·]Ÿ„Pr^ EÙ;+AŒÆ# ¸!¶ÆþÕ&ȯó÷·¦Ýu¾Oª¸† ¦3aŽ
blob_type: 1
flags: 64
success 1 0
1619861167.162269
CryptExportKey
crypto_handle: 0x00537570
crypto_export_handle: 0x00536c50
buffer: f¤NwöSô¬³ÊÃÝpÒ=ç³X Ù¥*Õ±½~¢ò`¼U‡ â;=,Œ{²Ýü&ïÎ~¬ß`Ý{»ñÓÊ\àpÚÑ·›V=¬+'Å|ܼb[¬ëeP#Ðʖ¦YîÍÊ{—ç¾É&
blob_type: 1
flags: 64
success 1 0
1619861171.803269
CryptExportKey
crypto_handle: 0x00537570
crypto_export_handle: 0x00536c50
buffer: f¤oGG«&ô¯Ÿ遥¹K7­½/ q›’|ƒøó çÿN±£¼žÞL8Ñ¥úÑkÂS0µ°x2’«„²0ŸªAze„A7•Œ&ž/„:r¸¬“ï® §qFϟ“)Ü«‚›x
blob_type: 1
flags: 64
success 1 0
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619861116.162269
NtAllocateVirtualMemory
process_identifier: 648
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01d80000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (6 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619861133.178269
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process b5e46644064741fd5288304a7ba4e01f.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619861132.850269
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 172.217.24.14
host 209.126.6.222
host 5.153.250.14
host 65.36.62.20
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619861135.756269
RegSetValueExA
key_handle: 0x000003c0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619861135.756269
RegSetValueExA
key_handle: 0x000003c0
value: ©dk>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619861135.756269
RegSetValueExA
key_handle: 0x000003c0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619861135.756269
RegSetValueExW
key_handle: 0x000003c0
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619861135.756269
RegSetValueExA
key_handle: 0x000003d8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619861135.756269
RegSetValueExA
key_handle: 0x000003d8
value: ©dk>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619861135.756269
RegSetValueExA
key_handle: 0x000003d8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619861135.787269
RegSetValueExW
key_handle: 0x000003bc
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)
Bkav W32.AIDetectGBM.malware.02
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.69598
FireEye Generic.mg.b5e46644064741fd
ALYac Trojan.Agent.Emotet
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
AegisLab Trojan.Win32.Emotet.trto
Sangfor Trojan.Win32.Emotet.ARJ
K7AntiVirus Trojan ( 0056cef21 )
BitDefender Trojan.GenericKDZ.69598
K7GW Trojan ( 0056cef21 )
Cybereason malicious.406474
Cyren W32/Emotet.AQN.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:CrypterX-gen [Trj]
ClamAV Win.Packed.Atraps-9427203-0
Kaspersky Backdoor.Win32.Emotet.cjqu
Alibaba Trojan:Win32/Emotet.9a6570e0
NANO-Antivirus Trojan.Win32.Emotet.hrymaj
ViRobot Trojan.Win32.Emotet.421888.E
Tencent Malware.Win32.Gencirc.10cdeb5f
Ad-Aware Trojan.GenericKDZ.69598
Emsisoft Trojan.Emotet (A)
Comodo Malware@#1hzz11f3lltcs
F-Secure Trojan.TR/AD.Emotet.vtqqc
DrWeb Trojan.DownLoader34.26246
Zillya Trojan.Emotet.Win32.24754
McAfee-GW-Edition BehavesLike.Win32.Emotet.gh
Sophos Mal/Generic-R + Troj/Emotet-CLM
Jiangmin Backdoor.Emotet.rw
Avira TR/AD.Emotet.vtqqc
MAX malware (ai score=86)
Antiy-AVL Trojan[Backdoor]/Win32.Emotet
Kingsoft Win32.Hack.Emotet.cj.(kcloud)
Microsoft Trojan:Win32/Emotet.ARJ!MTB
Gridinsoft Trojan.Win32.Emotet.oa
ZoneAlarm Backdoor.Win32.Emotet.cjqu
GData Trojan.GenericKDZ.69598
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Emotet.R348785
McAfee Emotet-FRV!B5E466440647
TACHYON Backdoor/W32.Emotet.421888.B
VBA32 Backdoor.Emotet
Malwarebytes Trojan.MalPack.TRE.Generic
Panda Trj/Genetic.gen
ESET-NOD32 Win32/Emotet.CD
Rising Trojan.Kryptik!1.CAEE (CLOUD)
Yandex Trojan.GenKryptik!mX1hRRqzZOk
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 192.168.56.101:49178
dead_host 209.126.6.222:8080
dead_host 65.36.62.20:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-21 00:10:12

Imports

Library KERNEL32.dll:
0x4360ac GetFileAttributesA
0x4360b0 GetFileTime
0x4360b4 HeapFree
0x4360b8 HeapAlloc
0x4360bc VirtualProtect
0x4360c0 VirtualAlloc
0x4360c4 GetSystemInfo
0x4360c8 VirtualQuery
0x4360cc HeapReAlloc
0x4360d0 GetCommandLineA
0x4360d4 GetProcessHeap
0x4360d8 GetStartupInfoA
0x4360dc RaiseException
0x4360e0 RtlUnwind
0x4360e4 HeapSize
0x4360e8 TerminateProcess
0x4360f4 IsDebuggerPresent
0x4360f8 HeapDestroy
0x4360fc HeapCreate
0x436100 VirtualFree
0x436104 GetStdHandle
0x436108 Sleep
0x43610c LCMapStringA
0x436110 LCMapStringW
0x436124 SetHandleCount
0x436128 GetFileType
0x436134 GetStringTypeA
0x436138 GetStringTypeW
0x436140 GetConsoleCP
0x436144 GetConsoleMode
0x436148 SetStdHandle
0x43614c WriteConsoleA
0x436150 GetConsoleOutputCP
0x436154 WriteConsoleW
0x436160 GetTickCount
0x436164 SetErrorMode
0x43616c GetOEMCP
0x436170 GetCPInfo
0x436174 CreateFileA
0x436178 GetFullPathNameA
0x436180 FindFirstFileA
0x436184 FindClose
0x436188 GetCurrentProcess
0x43618c DuplicateHandle
0x436190 GetFileSize
0x436194 SetEndOfFile
0x436198 UnlockFile
0x43619c LockFile
0x4361a0 FlushFileBuffers
0x4361a4 SetFilePointer
0x4361a8 WriteFile
0x4361ac ReadFile
0x4361b0 GetThreadLocale
0x4361b4 GlobalFlags
0x4361c0 TlsFree
0x4361c8 LocalReAlloc
0x4361cc TlsSetValue
0x4361d0 TlsAlloc
0x4361d8 GlobalHandle
0x4361dc GlobalReAlloc
0x4361e4 TlsGetValue
0x4361ec LocalAlloc
0x4361f4 GetModuleFileNameW
0x4361f8 GlobalGetAtomNameA
0x4361fc GlobalFindAtomA
0x436200 lstrcmpW
0x436204 GetVersionExA
0x436208 GetCurrentProcessId
0x43620c GlobalAddAtomA
0x436210 CloseHandle
0x436214 FreeResource
0x436218 GetCurrentThread
0x43621c GetCurrentThreadId
0x436224 GetModuleFileNameA
0x43622c GetLocaleInfoA
0x436230 LoadLibraryA
0x436234 lstrcmpA
0x436238 FreeLibrary
0x43623c GlobalDeleteAtom
0x436240 GetModuleHandleA
0x436244 GetProcAddress
0x436248 GlobalFree
0x43624c GlobalAlloc
0x436250 GlobalLock
0x436254 GlobalUnlock
0x436258 FormatMessageA
0x43625c LocalFree
0x436260 MulDiv
0x436264 ExitProcess
0x436268 FindResourceA
0x43626c LoadResource
0x436270 LockResource
0x436274 SizeofResource
0x436278 SetLastError
0x43627c GetVersion
0x436280 CompareStringA
0x436284 GetLastError
0x436288 InterlockedExchange
0x43628c MultiByteToWideChar
0x436290 CompareStringW
0x436294 WideCharToMultiByte
0x436298 lstrlenA
0x43629c GetACP
Library USER32.dll:
0x4362f0 UnregisterClassA
0x4362f8 PostThreadMessageA
0x4362fc SetCapture
0x436300 LoadCursorA
0x436304 GetSysColorBrush
0x436308 MoveWindow
0x43630c SetWindowTextA
0x436310 IsDialogMessageA
0x436314 IsDlgButtonChecked
0x436318 CheckRadioButton
0x43631c EndPaint
0x436320 BeginPaint
0x436324 GetWindowDC
0x436328 ReleaseDC
0x43632c GetDC
0x436330 ClientToScreen
0x436334 GrayStringA
0x436338 DrawTextExA
0x43633c DrawTextA
0x436340 TabbedTextOutA
0x436344 DestroyMenu
0x43634c SendDlgItemMessageA
0x436350 WinHelpA
0x436354 IsChild
0x436358 GetCapture
0x43635c GetClassLongA
0x436360 GetClassNameA
0x436364 SetPropA
0x436368 RemovePropA
0x43636c SetFocus
0x436374 GetWindowTextA
0x436378 GetForegroundWindow
0x43637c MessageBeep
0x436380 GetTopWindow
0x436384 UnhookWindowsHookEx
0x436388 GetMessageTime
0x43638c GetMessagePos
0x436390 MapWindowPoints
0x436394 SetForegroundWindow
0x436398 UpdateWindow
0x43639c GetMenu
0x4363a0 CreateWindowExA
0x4363a4 GetClassInfoExA
0x4363a8 GetClassInfoA
0x4363ac RegisterClassA
0x4363b0 GetSysColor
0x4363b4 AdjustWindowRectEx
0x4363b8 EqualRect
0x4363bc CopyRect
0x4363c0 PtInRect
0x4363c4 GetDlgCtrlID
0x4363c8 DefWindowProcA
0x4363cc CallWindowProcA
0x4363d0 SetWindowLongA
0x4363d4 OffsetRect
0x4363d8 IntersectRect
0x4363e0 GetWindowPlacement
0x4363e4 GetWindowRect
0x4363ec GetLastActivePopup
0x4363f0 MessageBoxA
0x4363f4 SetCursor
0x4363f8 SetWindowsHookExA
0x4363fc CallNextHookEx
0x436400 GetMessageA
0x436404 CharUpperA
0x436408 LoadIconA
0x43640c ShowWindow
0x436410 TranslateMessage
0x436414 DispatchMessageA
0x436418 IsWindowVisible
0x43641c GetKeyState
0x436420 PeekMessageA
0x436424 GetCursorPos
0x436428 ValidateRect
0x43642c SetMenuItemBitmaps
0x436434 LoadBitmapA
0x436438 GetFocus
0x43643c ModifyMenuA
0x436440 EnableMenuItem
0x436444 GetNextDlgGroupItem
0x436448 InvalidateRgn
0x43644c InvalidateRect
0x436450 SetRect
0x436454 IsRectEmpty
0x43645c CharNextA
0x436460 ReleaseCapture
0x436464 GetSystemMenu
0x436468 AppendMenuA
0x43646c IsIconic
0x436470 GetSystemMetrics
0x436474 GetClientRect
0x436478 DrawIcon
0x43647c SendMessageA
0x436480 EnableWindow
0x436484 GetSubMenu
0x436488 GetMenuItemCount
0x43648c GetMenuItemID
0x436490 GetMenuState
0x436494 PostMessageA
0x436498 PostQuitMessage
0x43649c SetWindowPos
0x4364a0 MapDialogRect
0x4364a4 GetParent
0x4364ac GetWindow
0x4364b0 EndDialog
0x4364b4 GetNextDlgTabItem
0x4364b8 IsWindowEnabled
0x4364bc GetDlgItem
0x4364c0 GetWindowLongA
0x4364c4 IsWindow
0x4364c8 DestroyWindow
0x4364d0 SetActiveWindow
0x4364d4 GetActiveWindow
0x4364d8 GetDesktopWindow
0x4364dc CheckMenuItem
0x4364e0 GetPropA
Library GDI32.dll:
0x436028 SetWindowExtEx
0x43602c ScaleWindowExtEx
0x436030 ExtSelectClipRgn
0x436034 DeleteDC
0x436038 GetStockObject
0x43603c GetBkColor
0x436040 GetTextColor
0x436048 GetRgnBox
0x43604c GetMapMode
0x436050 ScaleViewportExtEx
0x436054 SetViewportExtEx
0x436058 OffsetViewportOrgEx
0x43605c SetViewportOrgEx
0x436060 SelectObject
0x436064 Escape
0x436068 TextOutA
0x43606c RectVisible
0x436070 PtVisible
0x436074 GetDeviceCaps
0x436078 GetViewportExtEx
0x43607c DeleteObject
0x436080 SetMapMode
0x436084 RestoreDC
0x436088 SaveDC
0x43608c ExtTextOutA
0x436090 GetObjectA
0x436094 SetBkColor
0x436098 SetTextColor
0x43609c GetClipBox
0x4360a0 CreateBitmap
0x4360a4 GetWindowExtEx
Library comdlg32.dll:
0x4364f8 GetFileTitleA
Library WINSPOOL.DRV:
0x4364e8 DocumentPropertiesA
0x4364ec OpenPrinterA
0x4364f0 ClosePrinter
Library ADVAPI32.dll:
0x436000 RegSetValueExA
0x436004 RegCreateKeyExA
0x436008 RegQueryValueA
0x43600c RegEnumKeyA
0x436010 RegDeleteKeyA
0x436014 RegOpenKeyExA
0x436018 RegQueryValueExA
0x43601c RegOpenKeyA
0x436020 RegCloseKey
Library SHLWAPI.dll:
0x4362dc PathFindFileNameA
0x4362e0 PathStripToRootA
0x4362e4 PathFindExtensionA
0x4362e8 PathIsUNCA
Library oledlg.dll:
0x436540
Library ole32.dll:
0x436500 OleInitialize
0x436508 OleUninitialize
0x436518 CoGetClassObject
0x43651c CLSIDFromString
0x436520 CoRevokeClassObject
0x436524 CoTaskMemAlloc
0x436528 CoTaskMemFree
0x436530 OleFlushClipboard
0x436538 CLSIDFromProgID
Library OLEAUT32.dll:
0x4362a4 SysAllocStringLen
0x4362a8 VariantClear
0x4362ac VariantChangeType
0x4362b0 VariantInit
0x4362b4 SysStringLen
0x4362c8 SafeArrayDestroy
0x4362cc SysAllocString
0x4362d0 VariantCopy
0x4362d4 SysFreeString

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.