7.2
高危
47 个模型检测该样本为恶意!
重新分析
更多

324539e62239a1e43bd6dc73e329a0d605d0b4d48ad27398f1d31b16b10fcc9d

beb8657097e37426e6fe97008c1c2df9.exe

分析耗时

111s

最近分析

文件大小

160.0KB
静态报毒 动态报毒 ATTRIBUTE CCMW CJRQ CLASSIC ELDORADO EMOTET GENCIRC GENETIC HIGHCONFIDENCE LBIX MALICIOUS R + TROJ R06CC0DHN20 R349131 SCORE SMALL SUSGEN UNSAFE XMYVJ ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee RDN/Generic.grp 20200903 6.0.6.653
Alibaba Trojan:Win32/Emotet.d72f6ac4 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Kingsoft 20200903 2013.8.14.323
Tencent Malware.Win32.Gencirc.10cdec41 20200903 1.0.0.1
CrowdStrike 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619861639.265125
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (5 个事件)
Time & API Arguments Status Return Repeated
1619861627.703125
CryptGenKey
crypto_handle: 0x0058ed28
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00656180
flags: 1
key: fZàF™(ڟ#Nç…Nµ‰
success 1 0
1619861639.312125
CryptExportKey
crypto_handle: 0x0058ed28
crypto_export_handle: 0x00656258
buffer: f¤ø‡ð©Vôᆁ—qó(‡¡ oÖ9™„ñÊ÷¸ñс˜±»¹ŠÙ‚òíEã¼^ߏŽÉõ‡Bõ‰‰Ÿ»ŠoPšQύWó[A”´úîTÿ¦$7ä þ2Ñq:,u×îjQ¬™
blob_type: 1
flags: 64
success 1 0
1619861667.265125
CryptExportKey
crypto_handle: 0x0058ed28
crypto_export_handle: 0x00656258
buffer: f¤XB„å`ÚÓ¦÷3‡B^µá®˜2˜÷P–6´õp¤ÛC|³òQ¶ Ø ejMØ3®º|IáFL¨µÎ  ± ÿ0‹8à(°½$ú3W¢+Òk8¬ôä‚|•
blob_type: 1
flags: 64
success 1 0
1619861671.750125
CryptExportKey
crypto_handle: 0x0058ed28
crypto_export_handle: 0x00656258
buffer: f¤2ÈÈçi¹ÍܵÐPX¬ý·PÒ¨T¹ä×)=b©ø£Âl>¨¼XAvø ÚtÜä2Ê6Вݺ¿8ãáúƒ=0$?›d·£É߈…„Œ9UÃôÆaGœÀb„q"{à°$ô…
blob_type: 1
flags: 64
success 1 0
1619861676.843125
CryptExportKey
crypto_handle: 0x0058ed28
crypto_export_handle: 0x00656258
buffer: f¤l“@òåܤ`¹±°à:0IòÁ5Aa‚vTT‡Ûß­E¯1ÿ\QË?„ƍ~P¢ÝµDגuªÚå4~™à4¢î S ה¾6ÈR4ûXV’¨-¡Æ{‚]›¶^þ^
blob_type: 1
flags: 64
success 1 0
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:3997925484&cup2hreq=70f12c2b03fce554f2fe79bf36395807921da85d97caa7f713ebbe46c730561d
Performs some HTTP requests (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:3997925484&cup2hreq=70f12c2b03fce554f2fe79bf36395807921da85d97caa7f713ebbe46c730561d
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:3997925484&cup2hreq=70f12c2b03fce554f2fe79bf36395807921da85d97caa7f713ebbe46c730561d
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619861626.687125
NtAllocateVirtualMemory
process_identifier: 1436
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003b0000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619861640.015125
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process beb8657097e37426e6fe97008c1c2df9.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619861639.656125
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (6 个事件)
host 113.108.239.196
host 116.202.234.183
host 137.119.36.33
host 172.217.24.14
host 204.197.146.48
host 69.30.203.214
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619861642.562125
RegSetValueExA
key_handle: 0x00000384
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619861642.562125
RegSetValueExA
key_handle: 0x00000384
value: Pž¼%>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619861642.562125
RegSetValueExA
key_handle: 0x00000384
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619861642.562125
RegSetValueExW
key_handle: 0x00000384
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619861642.562125
RegSetValueExA
key_handle: 0x0000039c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619861642.578125
RegSetValueExA
key_handle: 0x0000039c
value: Pž¼%>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619861642.578125
RegSetValueExA
key_handle: 0x0000039c
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619861642.593125
RegSetValueExW
key_handle: 0x00000380
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 47 AntiVirus engines on VirusTotal as malicious (47 个事件)
DrWeb Trojan.Emotet.999
MicroWorld-eScan Gen:Variant.Zusy.311759
FireEye Gen:Variant.Zusy.311759
CAT-QuickHeal Backdoor.Emotet
McAfee RDN/Generic.grp
Cylance Unsafe
Zillya Backdoor.Emotet.Win32.1128
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/Emotet.d72f6ac4
K7GW Riskware ( 0040eff71 )
Arcabit Trojan.Zusy.D4C1CF
Invincea Mal/Generic-R + Troj/Emotet-CLO
Cyren W32/Emotet.AQV.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
Kaspersky Backdoor.Win32.Emotet.cjrq
BitDefender Gen:Variant.Zusy.311759
NANO-Antivirus Virus.Win32.Gen.ccmw
Rising Trojan.Emotet!1.CAFF (CLASSIC)
Ad-Aware Gen:Variant.Zusy.311759
F-Secure Trojan.TR/Emotet.xmyvj
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R06CC0DHN20
Sophos Troj/Emotet-CLO
Jiangmin Backdoor.Emotet.sl
Avira TR/Emotet.xmyvj
Antiy-AVL Trojan[Backdoor]/Win32.Emotet
Microsoft Trojan:Win32/Emotet.PED!MTB
AegisLab Trojan.Win32.Small.lbIX
ZoneAlarm Backdoor.Win32.Emotet.cjrq
GData Gen:Variant.Zusy.311759
Cynet Malicious (score: 85)
AhnLab-V3 Trojan/Win32.Emotet.R349131
VBA32 Backdoor.Emotet
ALYac Gen:Variant.Zusy.311759
TACHYON Backdoor/W32.Emotet.163840
Malwarebytes Trojan.Emotet
ESET-NOD32 Win32/Emotet.CD
TrendMicro-HouseCall TROJ_GEN.R06CC0DHN20
Tencent Malware.Win32.Gencirc.10cdec41
Ikarus Trojan-Banker.Emotet
MaxSecure Trojan.Malware.105705907.susgen
Fortinet W32/Emotet.E88D!tr
AVG Win32:Malware-gen
Panda Trj/Genetic.gen
Qihoo-360 Generic/Trojan.d51
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (9 个事件)
dead_host 172.217.160.110:443
dead_host 137.119.36.33:80
dead_host 172.217.27.142:443
dead_host 172.217.24.14:443
dead_host 116.202.234.183:8080
dead_host 69.30.203.214:8080
dead_host 204.197.146.48:80
dead_host 192.168.56.101:49183
dead_host 192.168.56.101:49184
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-21 23:24:42

Imports

Library WINMM.dll:
0x40b140 waveOutGetVolume
0x40b144 waveInReset
0x40b14c waveInClose
0x40b150 waveInOpen
0x40b154 waveInPrepareHeader
0x40b158 waveInAddBuffer
0x40b15c waveInStart
0x40b160 waveOutSetVolume
0x40b164 mixerOpen
0x40b168 mixerGetLineInfoA
0x40b16c mixerClose
0x40b17c mciGetErrorStringA
Library COMCTL32.dll:
0x40b000
Library KERNEL32.dll:
0x40b028 SetStdHandle
0x40b02c GetOEMCP
0x40b030 GetACP
0x40b034 LoadLibraryA
0x40b038 IsBadCodePtr
0x40b03c IsBadReadPtr
0x40b040 InterlockedExchange
0x40b044 GetTickCount
0x40b048 GetCurrentThreadId
0x40b04c OutputDebugStringA
0x40b050 VirtualAlloc
0x40b054 GetCurrentProcessId
0x40b058 GetModuleHandleA
0x40b05c ExitProcess
0x40b060 GetCPInfo
0x40b064 GetLocaleInfoA
0x40b068 SetFilePointer
0x40b070 HeapSize
0x40b074 GetFileType
0x40b078 SetHandleCount
0x40b094 GetStringTypeA
0x40b098 GetStringTypeW
0x40b09c FlushFileBuffers
0x40b0a0 VirtualFree
0x40b0a4 RaiseException
0x40b0a8 HeapAlloc
0x40b0ac RtlUnwind
0x40b0b0 GetStartupInfoA
0x40b0b4 GetCommandLineA
0x40b0b8 GetVersionExA
0x40b0bc CloseHandle
0x40b0c0 HeapFree
0x40b0c4 GetProcAddress
0x40b0c8 VirtualProtect
0x40b0cc GetSystemInfo
0x40b0d0 VirtualQuery
0x40b0d4 MultiByteToWideChar
0x40b0d8 LCMapStringA
0x40b0dc WideCharToMultiByte
0x40b0e0 GetLastError
0x40b0e4 LCMapStringW
0x40b0e8 HeapDestroy
0x40b0ec HeapCreate
0x40b0f0 HeapReAlloc
0x40b0f4 IsBadWritePtr
0x40b0f8 TerminateProcess
0x40b0fc GetCurrentProcess
0x40b100 WriteFile
0x40b104 GetStdHandle
0x40b108 GetModuleFileNameA
Library USER32.dll:
0x40b110 LoadIconA
0x40b114 DialogBoxParamA
0x40b118 SendMessageA
0x40b11c EndDialog
0x40b120 GetDlgItem
0x40b124 GetClientRect
0x40b128 GetDC
0x40b12c ReleaseDC
0x40b130 GetDlgCtrlID
0x40b134 ShowWindow
0x40b138 MessageBoxA
Library GDI32.dll:
0x40b008 DeleteDC
0x40b00c CreateCompatibleDC
0x40b014 CreateSolidBrush
0x40b018 DeleteObject
0x40b01c SelectObject

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49187 203.208.41.98 update.googleapis.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 54178 114.114.114.114 53
192.168.56.101 54260 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 62191 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 58070 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.