6.2
高危
54 个模型检测该样本为恶意!
重新分析
更多

b11360ddb0645ca9480e8be79ccad59e3e7ada6f0f51d1343645d295c66d6766

b9a61ce2b549bc13e3268b8c0c19526e.exe

分析耗时

76s

最近分析

文件大小

483.0KB
静态报毒 动态报毒 135TTC AI SCORE=82 ATTRIBUTE BANKERX CLASSIC CONFIDENCE DOWNLOADER34 EMOTET EZBB FAMVT GDMH GENERICKDZ HIGH CONFIDENCE HIGHCONFIDENCE HUCAPT MALWARE@#UKRYTJIXICOE SCORE SUSGEN THIAOBO TROJANBANKER UNSAFE ZIPPT 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRT!B9A61CE2B549 20201002 6.0.6.653
CrowdStrike win/malicious_confidence_60% (D) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:BankerX-gen [Trj] 20201002 18.4.3895.0
Alibaba Trojan:Win32/Emotet.997f3b7b 20190527 0.3.0.5
Kingsoft 20201002 2013.8.14.323
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619861138.508148
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1619861122.665148
CryptGenKey
crypto_handle: 0x00916b18
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00916130
flags: 1
key: f7-$ø5nȤ$(­ö 
success 1 0
1619861138.540148
CryptExportKey
crypto_handle: 0x00916b18
crypto_export_handle: 0x009161f8
buffer: f¤vNÐô«ì) @ƒªmr°~ ÂV¡6,‡‹Ñ+æÈ ‰|N9@;?u­swŸø{™FiF BäÈ#É_bsž+ A­&Šöý»… {éüõ£z,-ñ8¿Qk»!Ä)Àpœ
blob_type: 1
flags: 64
success 1 0
1619861173.133148
CryptExportKey
crypto_handle: 0x00916b18
crypto_export_handle: 0x009161f8
buffer: f¤|DŸzLõ¯©©æº-3ÛæoQ«þѽ¶ì,„¥ßŧíU ÉÂH¦ïÑÎÌM¦š«J ²…oÙfªŽLŒhõ|d,K·x5âè÷3œž0ñið0í²TÌÑ¥2Ízì,,A]
blob_type: 1
flags: 64
success 1 0
This executable has a PDB path (1 个事件)
pdb_path C:\Users\Mr.Anderson\Desktop\2008\HtmlParser\HtmlParser\Release\HtmlParser.pdb
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1619861122.227148
NtAllocateVirtualMemory
process_identifier: 2128
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00630000
success 0 0
1619861122.227148
NtAllocateVirtualMemory
process_identifier: 2128
region_size: 45056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00640000
success 0 0
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1619861122.227148
NtProtectVirtualMemory
process_identifier: 2128
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 28672
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffff
base_address: 0x00871000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619861139.102148
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process b9a61ce2b549bc13e3268b8c0c19526e.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619861138.696148
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 185.215.227.107
host 51.38.124.206
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619861141.665148
RegSetValueExA
key_handle: 0x000003bc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619861141.665148
RegSetValueExA
key_handle: 0x000003bc
value: 0×Ãà‘>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619861141.665148
RegSetValueExA
key_handle: 0x000003bc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619861141.665148
RegSetValueExW
key_handle: 0x000003bc
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619861141.665148
RegSetValueExA
key_handle: 0x000003d4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619861141.665148
RegSetValueExA
key_handle: 0x000003d4
value: 0×Ãà‘>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619861141.665148
RegSetValueExA
key_handle: 0x000003d4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619861141.696148
RegSetValueExW
key_handle: 0x000003b8
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 185.215.227.107:443
File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)
Bkav W32.FamVT.135TTc.Worm
Elastic malicious (high confidence)
Cynet Malicious (score: 85)
FireEye Generic.mg.b9a61ce2b549bc13
McAfee Emotet-FRT!B9A61CE2B549
Cylance Unsafe
Zillya Trojan.Emotet.Win32.28362
Sangfor Malware
CrowdStrike win/malicious_confidence_60% (D)
BitDefender Trojan.GenericKDZ.69910
K7GW Riskware ( 0040eff71 )
K7AntiVirus Riskware ( 0040eff71 )
Invincea Troj/Emotet-CNB
Cyren W32/Emotet.EZBB-2593
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:BankerX-gen [Trj]
ClamAV Win.Keylogger.Emotet-9753158-0
Kaspersky Trojan-Banker.Win32.Emotet.gdmh
Alibaba Trojan:Win32/Emotet.997f3b7b
NANO-Antivirus Trojan.Win32.Emotet.hucapt
Paloalto generic.ml
MicroWorld-eScan Trojan.GenericKDZ.69910
Ad-Aware Trojan.GenericKDZ.69910
Emsisoft Trojan.Emotet (A)
Comodo Malware@#ukrytjixicoe
F-Secure Trojan.TR/Emotet.zippt
DrWeb Trojan.DownLoader34.32479
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.EMOTET.THIAOBO
McAfee-GW-Edition BehavesLike.Win32.Emotet.gh
Sophos Troj/Emotet-CNB
Ikarus Trojan-Banker.Emotet
Jiangmin Trojan.Banker.Emotet.ohr
Avira TR/Emotet.zippt
Antiy-AVL Trojan[Banker]/Win32.Emotet
Microsoft Trojan:Win32/Emotet.ARJ!MTB
AegisLab Trojan.Win32.Emotet.L!c
ZoneAlarm Trojan-Banker.Win32.Emotet.gdmh
GData Trojan.GenericKDZ.69910
TACHYON Banker/W32.Emotet.494592
AhnLab-V3 Malware/Win32.Generic.C4194118
VBA32 TrojanBanker.Emotet
ALYac Trojan.Agent.Emotet
MAX malware (ai score=82)
Malwarebytes Trojan.MalPack.TRE
ESET-NOD32 Win32/Emotet.CD
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THIAOBO
Rising Trojan.Emotet!1.CBD1 (CLASSIC)
MaxSecure Trojan.Malware.106378964.susgen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-09-04 04:54:50

Imports

Library KERNEL32.dll:
0x4470b8 GetTickCount
0x4470bc RtlUnwind
0x4470c0 TerminateProcess
0x4470cc IsDebuggerPresent
0x4470d4 RaiseException
0x4470d8 GetCommandLineA
0x4470dc GetStartupInfoA
0x4470e0 HeapAlloc
0x4470e4 HeapFree
0x4470e8 Sleep
0x4470ec ExitProcess
0x4470f0 VirtualProtect
0x4470f4 GetSystemInfo
0x4470f8 VirtualQuery
0x4470fc HeapReAlloc
0x447100 HeapSize
0x447104 SetStdHandle
0x447108 GetFileType
0x44710c GetACP
0x447110 IsValidCodePage
0x447114 GetStringTypeA
0x447118 GetStringTypeW
0x44711c LCMapStringA
0x447120 LCMapStringW
0x447124 SetErrorMode
0x447128 GetStdHandle
0x44713c SetHandleCount
0x447140 HeapCreate
0x447144 VirtualFree
0x447150 GetConsoleCP
0x447154 GetConsoleMode
0x447158 WriteConsoleA
0x44715c GetConsoleOutputCP
0x447160 WriteConsoleW
0x447164 CompareStringW
0x44716c GetFileTime
0x447170 GetFileSizeEx
0x447174 GetFileAttributesA
0x447178 GetModuleHandleW
0x44717c GetOEMCP
0x447180 GetCPInfo
0x447184 CreateFileA
0x447188 GetFullPathNameA
0x447190 FindFirstFileA
0x447194 FindClose
0x447198 GetCurrentProcess
0x44719c DuplicateHandle
0x4471a0 SetEndOfFile
0x4471a4 UnlockFile
0x4471a8 LockFile
0x4471ac FlushFileBuffers
0x4471b0 SetFilePointer
0x4471b4 WriteFile
0x4471b8 ReadFile
0x4471bc GetThreadLocale
0x4471c4 TlsFree
0x4471c8 LocalReAlloc
0x4471cc TlsSetValue
0x4471d0 TlsAlloc
0x4471d4 GlobalHandle
0x4471d8 GlobalReAlloc
0x4471dc TlsGetValue
0x4471e0 GlobalFlags
0x4471e4 LocalAlloc
0x447204 GetModuleFileNameW
0x447208 FormatMessageA
0x44720c LocalFree
0x447210 MulDiv
0x447214 GlobalGetAtomNameA
0x447218 GlobalFindAtomA
0x44721c lstrcmpW
0x447220 GetVersionExA
0x447224 lstrlenA
0x44722c GlobalUnlock
0x447230 GlobalFree
0x447234 FreeResource
0x447238 GetCurrentProcessId
0x44723c SetLastError
0x447240 GlobalAddAtomA
0x447244 WaitForSingleObject
0x447248 GlobalDeleteAtom
0x44724c GetCurrentThread
0x447250 GetCurrentThreadId
0x44725c GetModuleFileNameA
0x447260 GetLocaleInfoA
0x447264 LoadLibraryA
0x447268 CompareStringA
0x44726c InterlockedExchange
0x447270 GlobalLock
0x447274 lstrcmpA
0x447278 GlobalAlloc
0x44727c FreeLibrary
0x447280 GetModuleHandleA
0x447284 GetProcAddress
0x447288 GetFileSize
0x44728c CreateFileMappingA
0x447290 MapViewOfFile
0x447294 UnmapViewOfFile
0x447298 CloseHandle
0x44729c MultiByteToWideChar
0x4472a0 GetLastError
0x4472a4 WideCharToMultiByte
0x4472a8 LoadResource
0x4472ac LockResource
0x4472b0 SizeofResource
0x4472b4 FindResourceA
0x4472bc VirtualAlloc
Library USER32.dll:
0x447318 PostThreadMessageA
0x44731c CharUpperA
0x447320 GetSysColorBrush
0x447324 ReleaseCapture
0x447328 LoadCursorA
0x44732c SetCapture
0x447330 DestroyMenu
0x447334 EndPaint
0x447338 BeginPaint
0x44733c GetWindowDC
0x447340 ClientToScreen
0x447344 GrayStringA
0x447348 DrawTextExA
0x44734c DrawTextA
0x447350 TabbedTextOutA
0x447354 ShowWindow
0x447358 MoveWindow
0x44735c SetWindowTextA
0x447360 IsDialogMessageA
0x447364 SetDlgItemTextA
0x44736c SendDlgItemMessageA
0x447370 WinHelpA
0x447374 IsChild
0x447378 GetCapture
0x44737c GetClassLongA
0x447380 GetClassNameA
0x447384 SetPropA
0x447388 GetPropA
0x44738c RemovePropA
0x447390 SetFocus
0x447394 GetWindowTextA
0x447398 GetForegroundWindow
0x44739c GetTopWindow
0x4473a0 UnhookWindowsHookEx
0x4473a4 GetMessageTime
0x4473a8 GetMessagePos
0x4473ac MapWindowPoints
0x4473b0 SetMenu
0x4473b4 SetForegroundWindow
0x4473b8 UpdateWindow
0x4473bc GetSubMenu
0x4473c0 GetMenuItemID
0x4473c4 GetMenuItemCount
0x4473c8 CreateWindowExA
0x4473cc GetClassInfoExA
0x4473d0 GetClassInfoA
0x4473d4 RegisterClassA
0x4473d8 GetSysColor
0x4473dc AdjustWindowRectEx
0x4473e0 EqualRect
0x4473e4 PtInRect
0x4473e8 GetDlgCtrlID
0x4473ec DefWindowProcA
0x4473f0 CallWindowProcA
0x4473f4 GetMenu
0x4473f8 SetWindowLongA
0x4473fc OffsetRect
0x447400 IntersectRect
0x447408 GetWindowPlacement
0x44740c GetWindowRect
0x447410 ReleaseDC
0x447414 GetDC
0x447418 CopyRect
0x44741c GetWindow
0x447424 MapDialogRect
0x447428 SetWindowPos
0x44742c GetDesktopWindow
0x447430 SetActiveWindow
0x447438 DestroyWindow
0x44743c GetDlgItem
0x447440 GetNextDlgTabItem
0x447444 EndDialog
0x44744c GetWindowLongA
0x447450 UnregisterClassA
0x447454 MessageBeep
0x447458 GetNextDlgGroupItem
0x44745c InvalidateRgn
0x447460 InvalidateRect
0x447464 SetRect
0x447468 IsRectEmpty
0x447470 CharNextA
0x447478 GetLastActivePopup
0x44747c IsWindowEnabled
0x447480 MessageBoxA
0x447484 SetCursor
0x447488 SetWindowsHookExA
0x44748c CallNextHookEx
0x447490 GetMessageA
0x447494 TranslateMessage
0x447498 DispatchMessageA
0x44749c GetActiveWindow
0x4474a0 IsWindowVisible
0x4474a4 GetKeyState
0x4474a8 PeekMessageA
0x4474ac GetCursorPos
0x4474b0 ValidateRect
0x4474b4 SetMenuItemBitmaps
0x4474bc LoadBitmapA
0x4474c0 GetFocus
0x4474c4 GetParent
0x4474c8 ModifyMenuA
0x4474cc GetMenuState
0x4474d0 EnableMenuItem
0x4474d4 CheckMenuItem
0x4474d8 PostMessageA
0x4474dc PostQuitMessage
0x4474e0 RedrawWindow
0x4474e4 IsWindow
0x4474e8 LoadIconA
0x4474ec EnableWindow
0x4474f0 GetClientRect
0x4474f4 IsIconic
0x4474f8 GetSystemMenu
0x4474fc SendMessageA
0x447500 AppendMenuA
0x447504 DrawIcon
0x447508 GetSystemMetrics
Library GDI32.dll:
0x447034 Escape
0x447038 GetStockObject
0x44703c GetDeviceCaps
0x447040 DeleteDC
0x447044 GetBkColor
0x447048 GetTextColor
0x44704c GetRgnBox
0x447050 GetMapMode
0x447054 ExtSelectClipRgn
0x447058 ExtTextOutA
0x44705c TextOutA
0x447060 RectVisible
0x447064 PtVisible
0x447068 ScaleWindowExtEx
0x44706c SetWindowExtEx
0x447070 ScaleViewportExtEx
0x447074 SetViewportExtEx
0x447078 OffsetViewportOrgEx
0x44707c SetViewportOrgEx
0x447080 CreateBitmap
0x447084 GetWindowExtEx
0x447088 GetViewportExtEx
0x44708c DeleteObject
0x447090 SetMapMode
0x447094 RestoreDC
0x447098 SaveDC
0x44709c GetObjectA
0x4470a0 SetBkColor
0x4470a4 SetTextColor
0x4470a8 GetClipBox
0x4470b0 SelectObject
Library COMDLG32.dll:
0x44702c GetFileTitleA
Library WINSPOOL.DRV:
0x44754c ClosePrinter
0x447550 DocumentPropertiesA
0x447554 OpenPrinterA
Library ADVAPI32.dll:
0x447000 RegSetValueExA
0x447004 RegCreateKeyExA
0x447008 RegQueryValueA
0x44700c RegOpenKeyA
0x447010 RegEnumKeyA
0x447014 RegDeleteKeyA
0x447018 RegOpenKeyExA
0x44701c RegQueryValueExA
0x447020 RegCloseKey
Library SHLWAPI.dll:
0x4472fc PathFindExtensionA
0x447300 UrlUnescapeA
0x447304 PathStripToRootA
0x447308 PathIsUNCA
0x44730c PathFindFileNameA
Library oledlg.dll:
0x44759c
Library ole32.dll:
0x447560 CLSIDFromProgID
0x447564 CLSIDFromString
0x447568 CoTaskMemFree
0x44756c CoTaskMemAlloc
0x447570 CoGetClassObject
0x44757c OleUninitialize
0x447584 OleInitialize
0x447588 CoRevokeClassObject
0x447590 OleFlushClipboard
Library OLEAUT32.dll:
0x4472c4 VariantCopy
0x4472c8 SysAllocString
0x4472cc SafeArrayDestroy
0x4472d8 SysStringLen
0x4472dc VariantInit
0x4472e0 VariantChangeType
0x4472e4 VariantClear
0x4472e8 SysAllocStringLen
0x4472ec SysFreeString
Library WININET.dll:
0x447510 InternetOpenUrlA
0x447514 InternetReadFile
0x447518 InternetWriteFile
0x447524 InternetOpenA
0x44752c InternetCloseHandle
0x447530 HttpQueryInfoA
0x447540 InternetCrackUrlA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.