6.4
高危
60 个模型检测该样本为恶意!
重新分析
更多

9f7c431af40f923923f7fcf65597abc46f9fd528637cab148e221b13c6eaa9ed

cc39461c59f8baeb8d9cdcd037cbaae3.exe

分析耗时

77s

最近分析

文件大小

1.1MB
静态报毒 动态报毒 100% 49FPU+EYTXM 5KXVORFHSDN AI SCORE=100 BAZARBACKDOOR BWBRS CONFIDENCE EMOTET ER0@AEEBC@EI GENCIRC GENERICKD GENETIC GRAYWARE HDAI HIGH CONFIDENCE HUCATU KCLOUD KRYPTIK MALREP MALWARE@#155ZZOFD9W5KU R + TROJ R350033 SCORE SIGGEN10 TDHP THIAEBO TROJANBANKER TRUY UNSAFE VOBFUSAGENTHI ZEXTET 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Emotet.0691aa69 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20210106 21.1.5827.0
Tencent Malware.Win32.Gencirc.10cdfce5 20210106 1.0.0.1
Kingsoft Win32.Troj.Banker.(kcloud) 20210106 2017.9.26.565
McAfee Emotet-FRI!CC39461C59F8 20210106 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1621002051.393375
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (5 个事件)
Time & API Arguments Status Return Repeated
1621002039.596375
CryptGenKey
crypto_handle: 0x0074b698
algorithm_identifier: 0x0000660e ()
provider_handle: 0x0074a980
flags: 1
key: f°Úbݒƒ÷šPi™ œ
success 1 0
1621002051.408375
CryptExportKey
crypto_handle: 0x0074b698
crypto_export_handle: 0x0074aa48
buffer: f¤¬Yï ü÷2Äç²ô;%@S·Êèùº ®æœrÙ::<æ|mÈ_)C°X$• ‘N´É¾Æ‚6ÄB”Où3£Ùb63)`í Þ8E[¨Žj¨·ƒJ&` „¥%¢
blob_type: 1
flags: 64
success 1 0
1621002087.861375
CryptExportKey
crypto_handle: 0x0074b698
crypto_export_handle: 0x0074aa48
buffer: f¤¬,B×ö`Açó¾û–Ëͤ7‡Åˆ*†Ž´¸cóXOuB•†íC£Aû4A¸HÛö¢N”¤y[,X>ôö*3|%ò콺™¥b«ÓíXý-®/Åâ7öB1mqæ7€
blob_type: 1
flags: 64
success 1 0
1621002092.377375
CryptExportKey
crypto_handle: 0x0074b698
crypto_export_handle: 0x0074aa48
buffer: f¤T‰ãdÅR²s)»Qx«%ð¼’nSW{¦/€™¸GĂ¯è·¸ÔˆõË~Iìuh©Ûg1ˆw1™Ù [uWá*ivÐ+•Â¨)¨štF röø}L ÖL
blob_type: 1
flags: 64
success 1 0
1621002097.033375
CryptExportKey
crypto_handle: 0x0074b698
crypto_export_handle: 0x0074aa48
buffer: f¤p{²V¤½K­ £9|SÃÏúª•ŠëÞùy²GÎDô U¦ э©+]ÙøÝPïÝóU¯‡•<!ê¥on‹¿UHxxà±ç Çì ö<dJ\U‰ –WÝÖ@¿…>Mb/
blob_type: 1
flags: 64
success 1 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1621002039.049375
NtAllocateVirtualMemory
process_identifier: 2340
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003e0000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1621002052.002375
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process cc39461c59f8baeb8d9cdcd037cbaae3.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1621002051.580375
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (5 个事件)
host 172.217.24.14
host 50.121.220.50
host 51.75.33.122
host 54.37.42.48
host 91.121.54.71
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1621002054.564375
RegSetValueExA
key_handle: 0x000003a8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1621002054.580375
RegSetValueExA
key_handle: 0x000003a8
value: @¶“¥ŸH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1621002054.580375
RegSetValueExA
key_handle: 0x000003a8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1621002054.580375
RegSetValueExW
key_handle: 0x000003a8
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1621002054.580375
RegSetValueExA
key_handle: 0x000003c0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1621002054.580375
RegSetValueExA
key_handle: 0x000003c0
value: @¶“¥ŸH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1621002054.580375
RegSetValueExA
key_handle: 0x000003c0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1621002054.627375
RegSetValueExW
key_handle: 0x000003a4
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)
Bkav W32.VobfusAgentHI.Trojan
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.BazarBackdoor.GenericKD.44632099
FireEye Generic.mg.cc39461c59f8baeb
ALYac Trojan.Agent.Emotet
Cylance Unsafe
SUPERAntiSpyware Trojan.Agent/Gen-Dropper
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/Emotet.0691aa69
K7GW Riskware ( 0040eff71 )
Cybereason malicious.c59f8b
Arcabit Trojan.BazarBackdoor.Generic.D2A90823
Cyren W32/Trojan.TDHP-3379
Symantec Trojan.Emotet
APEX Malicious
Avast Win32:Trojan-gen
ClamAV Win.Malware.Emotet-9746935-0
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.pef
BitDefender Trojan.BazarBackdoor.GenericKD.44632099
NANO-Antivirus Trojan.Win32.Emotet.hucatu
Paloalto generic.ml
ViRobot Trojan.Win32.Emotet.1122304
Tencent Malware.Win32.Gencirc.10cdfce5
Ad-Aware Trojan.BazarBackdoor.GenericKD.44632099
Emsisoft Trojan.Emotet (A)
Comodo Malware@#155zzofd9w5ku
F-Secure Trojan.TR/AD.Emotet.bwbrs
DrWeb Trojan.Siggen10.11107
VIPRE Trojan.Win32.Generic!BT
TrendMicro Trojan.Win32.MALREP.THIAEBO
McAfee-GW-Edition BehavesLike.Win32.Emotet.th
Sophos Mal/Generic-R + Troj/Emotet-CMX
Ikarus Trojan-Banker.Emotet
Jiangmin Trojan.Banker.Emotet.ohb
Webroot W32.Trojan.Gen
Avira TR/AD.Emotet.bwbrs
MAX malware (ai score=100)
Antiy-AVL GrayWare/Win32.Kryptik.hda
Kingsoft Win32.Troj.Banker.(kcloud)
Gridinsoft Trojan.Win32.Emotet.oa
Microsoft Trojan:Win32/Emotet.ARK!MTB
AegisLab Trojan.Win32.Emotet.truy
ZoneAlarm HEUR:Trojan-Banker.Win32.Emotet.pef
GData Trojan.BazarBackdoor.GenericKD.44632099
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.RL_Generic.R350033
McAfee Emotet-FRI!CC39461C59F8
TACHYON Banker/W32.Emotet.1122304
VBA32 TrojanBanker.Emotet
Malwarebytes Trojan.Emotet
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (5 个事件)
dead_host 192.168.56.101:49180
dead_host 192.168.56.101:49179
dead_host 51.75.33.122:80
dead_host 50.121.220.50:80
dead_host 54.37.42.48:8080
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-09-02 22:31:45

Imports

Library KERNEL32.dll:
0x4310b4 GetSystemInfo
0x4310b8 VirtualQuery
0x4310bc GetStartupInfoA
0x4310c0 GetCommandLineA
0x4310c4 ExitProcess
0x4310c8 TerminateProcess
0x4310cc HeapReAlloc
0x4310d0 HeapSize
0x4310d4 LCMapStringA
0x4310d8 LCMapStringW
0x4310dc HeapDestroy
0x4310e0 HeapCreate
0x4310e4 VirtualFree
0x4310e8 IsBadWritePtr
0x4310ec GetStdHandle
0x4310fc VirtualAlloc
0x431104 SetHandleCount
0x431108 GetFileType
0x431110 GetCurrentProcessId
0x431118 GetStringTypeA
0x43111c GetStringTypeW
0x431124 GetUserDefaultLCID
0x431128 EnumSystemLocalesA
0x43112c IsValidLocale
0x431130 IsValidCodePage
0x431134 IsBadReadPtr
0x431138 IsBadCodePtr
0x43113c SetStdHandle
0x431140 GetLocaleInfoW
0x431148 VirtualProtect
0x43114c HeapFree
0x431150 HeapAlloc
0x431158 RtlUnwind
0x43115c GetTickCount
0x431160 GetFileTime
0x431164 GetFileAttributesA
0x43116c SetErrorMode
0x431174 GetOEMCP
0x431178 GetCPInfo
0x43117c CreateFileA
0x431180 GetFullPathNameA
0x431188 FindFirstFileA
0x43118c FindClose
0x431190 GetCurrentProcess
0x431194 DuplicateHandle
0x431198 GetFileSize
0x43119c SetEndOfFile
0x4311a0 UnlockFile
0x4311a4 LockFile
0x4311a8 FlushFileBuffers
0x4311ac SetFilePointer
0x4311b0 WriteFile
0x4311b4 ReadFile
0x4311b8 TlsFree
0x4311bc LocalReAlloc
0x4311c0 TlsSetValue
0x4311c4 TlsAlloc
0x4311c8 TlsGetValue
0x4311d0 GlobalHandle
0x4311d4 GlobalReAlloc
0x4311dc LocalAlloc
0x4311e8 RaiseException
0x4311ec GlobalFlags
0x4311fc SetLastError
0x431200 MulDiv
0x431204 FormatMessageA
0x431208 LocalFree
0x43120c GlobalGetAtomNameA
0x431210 GlobalFindAtomA
0x431214 lstrcatA
0x431218 lstrcmpW
0x43121c lstrcpynA
0x431220 GlobalUnlock
0x431224 GlobalFree
0x431228 FreeResource
0x43122c CloseHandle
0x431230 GlobalAddAtomA
0x431234 GetCurrentThread
0x431238 GetCurrentThreadId
0x43123c GlobalLock
0x431240 GlobalAlloc
0x431244 FreeLibrary
0x431248 GlobalDeleteAtom
0x43124c lstrcmpA
0x431250 GetModuleFileNameA
0x431254 GetModuleHandleA
0x431258 GetProcAddress
0x431264 lstrcpyA
0x431268 LoadLibraryA
0x43126c CompareStringW
0x431270 CompareStringA
0x431274 lstrlenA
0x431278 lstrcmpiA
0x43127c GetVersion
0x431280 GetLastError
0x431284 MultiByteToWideChar
0x431288 WideCharToMultiByte
0x43128c FindResourceA
0x431290 LoadResource
0x431294 LockResource
0x431298 SizeofResource
0x43129c GetVersionExA
0x4312a0 GetThreadLocale
0x4312a4 GetLocaleInfoA
0x4312a8 GetACP
0x4312ac InterlockedExchange
0x4312b4 LoadLibraryExA
Library USER32.dll:
0x431304 PostThreadMessageA
0x43130c WinHelpA
0x431310 GetCapture
0x431314 CreateWindowExA
0x431318 GetClassLongA
0x43131c GetClassInfoExA
0x431320 GetClassNameA
0x431324 SetPropA
0x431328 GetPropA
0x43132c RemovePropA
0x431330 SendDlgItemMessageA
0x431334 SetFocus
0x431338 IsChild
0x431340 GetWindowTextA
0x431344 GetForegroundWindow
0x431348 GetTopWindow
0x43134c UnhookWindowsHookEx
0x431350 GetMessageTime
0x431354 GetMessagePos
0x431358 MapWindowPoints
0x43135c SetForegroundWindow
0x431360 UpdateWindow
0x431364 GetMenu
0x431368 GetSubMenu
0x43136c GetMenuItemID
0x431370 GetMenuItemCount
0x431374 GetSysColor
0x431378 AdjustWindowRectEx
0x43137c EqualRect
0x431380 GetClassInfoA
0x431384 RegisterClassA
0x431388 UnregisterClassA
0x43138c GetDlgCtrlID
0x431390 MessageBeep
0x431394 CallWindowProcA
0x431398 SetWindowLongA
0x43139c OffsetRect
0x4313a0 IntersectRect
0x4313a8 GetWindowPlacement
0x4313ac CopyRect
0x4313b0 PtInRect
0x4313b4 GetWindow
0x4313bc MapDialogRect
0x4313c0 SetWindowPos
0x4313c4 GetDesktopWindow
0x4313c8 SetActiveWindow
0x4313d0 DestroyWindow
0x4313d4 IsWindow
0x4313d8 GetDlgItem
0x4313dc GetNextDlgTabItem
0x4313e0 EndDialog
0x4313e4 SetMenuItemBitmaps
0x4313e8 GetFocus
0x4313ec ModifyMenuA
0x4313f0 GetMenuState
0x4313f4 EnableMenuItem
0x4313f8 CheckMenuItem
0x431400 LoadBitmapA
0x431404 SetWindowsHookExA
0x431408 CallNextHookEx
0x43140c GetMessageA
0x431410 TranslateMessage
0x431414 DispatchMessageA
0x431418 GetActiveWindow
0x43141c IsWindowVisible
0x431420 GetKeyState
0x431424 PeekMessageA
0x431428 GetNextDlgGroupItem
0x43142c InvalidateRgn
0x431430 InvalidateRect
0x431438 SetRect
0x43143c IsRectEmpty
0x431440 CharNextA
0x431444 GetSysColorBrush
0x431448 ReleaseCapture
0x43144c GetCursorPos
0x431450 ValidateRect
0x431454 MessageBoxA
0x431458 GetParent
0x43145c GetWindowLongA
0x431460 GetLastActivePopup
0x431464 IsWindowEnabled
0x431468 SetCursor
0x43146c PostQuitMessage
0x431470 PostMessageA
0x431474 CharUpperA
0x43147c GetSystemMetrics
0x431480 LoadIconA
0x431484 EnableWindow
0x431488 GetClientRect
0x43148c IsIconic
0x431490 GetSystemMenu
0x431494 SetMenu
0x431498 SendMessageA
0x43149c LoadMenuA
0x4314a0 AppendMenuA
0x4314a4 DrawIcon
0x4314a8 ShowWindow
0x4314ac GetWindowRect
0x4314b0 LoadCursorA
0x4314b4 SetCapture
0x4314b8 EndPaint
0x4314bc BeginPaint
0x4314c0 GetWindowDC
0x4314c4 ReleaseDC
0x4314c8 GetDC
0x4314cc ClientToScreen
0x4314d0 GrayStringA
0x4314d4 DrawTextExA
0x4314d8 DrawTextA
0x4314dc TabbedTextOutA
0x4314e0 wsprintfA
0x4314e4 DestroyMenu
0x4314e8 MoveWindow
0x4314ec SetWindowTextA
0x4314f0 IsDialogMessageA
0x4314f4 DefWindowProcA
Library GDI32.dll:
0x431030 DeleteObject
0x431034 GetViewportExtEx
0x431038 GetWindowExtEx
0x43103c PtVisible
0x431040 RectVisible
0x431044 TextOutA
0x431048 Escape
0x43104c SelectObject
0x431050 SetViewportOrgEx
0x431054 OffsetViewportOrgEx
0x431058 SetViewportExtEx
0x43105c ScaleViewportExtEx
0x431060 SetWindowExtEx
0x431064 ScaleWindowExtEx
0x431068 ExtSelectClipRgn
0x43106c GetStockObject
0x431070 GetBkColor
0x431074 GetTextColor
0x43107c GetRgnBox
0x431080 GetMapMode
0x431084 SetMapMode
0x431088 RestoreDC
0x43108c SaveDC
0x431090 ExtTextOutA
0x431094 GetDeviceCaps
0x431098 GetObjectA
0x43109c SetBkColor
0x4310a0 SetTextColor
0x4310a4 GetClipBox
0x4310a8 DeleteDC
0x4310ac CreateBitmap
Library comdlg32.dll:
0x43150c GetFileTitleA
Library WINSPOOL.DRV:
0x4314fc OpenPrinterA
0x431500 DocumentPropertiesA
0x431504 ClosePrinter
Library ADVAPI32.dll:
0x431000 RegQueryValueExA
0x431004 RegOpenKeyExA
0x431008 RegDeleteKeyA
0x43100c RegEnumKeyA
0x431010 RegOpenKeyA
0x431014 RegQueryValueA
0x431018 RegCreateKeyExA
0x43101c RegSetValueExA
0x431020 RegCloseKey
Library COMCTL32.dll:
0x431028
Library SHLWAPI.dll:
0x4312f0 PathFindFileNameA
0x4312f4 PathStripToRootA
0x4312f8 PathFindExtensionA
0x4312fc PathIsUNCA
Library oledlg.dll:
0x431554
Library ole32.dll:
0x431520 CoGetClassObject
0x431524 CoTaskMemAlloc
0x431528 CoTaskMemFree
0x43152c CLSIDFromString
0x431530 CLSIDFromProgID
0x431534 OleUninitialize
0x431540 OleFlushClipboard
0x431548 CoRevokeClassObject
0x43154c OleInitialize
Library OLEAUT32.dll:
0x4312bc SysFreeString
0x4312c0 VariantClear
0x4312c4 VariantChangeType
0x4312c8 VariantInit
0x4312cc SysStringLen
0x4312dc SafeArrayDestroy
0x4312e0 SysAllocString
0x4312e4 VariantCopy
0x4312e8 SysAllocStringLen

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51809 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 60124 239.255.255.250 3702
192.168.56.101 62194 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.