6.8
高危
50 个模型检测该样本为恶意!
重新分析
更多

213f79bad4560630fa59c7d038f5d906f2064efa5c10bb36047cf32aa98b6d62

cf56fbd6ce9b982a1b10981a493273e7.exe

分析耗时

77s

最近分析

文件大小

588.0KB
静态报毒 动态报毒 AI SCORE=82 AIDETECTVM ATTRIBUTE BYEY CLASSIC ELDORADO EMOTET EUYX GENCIRC GENETIC HIGH CONFIDENCE HIGHCONFIDENCE HRUYVP IGENERIC KRYPTIK MALWARE2 QVM41 R + TROJ R002C0DHE20 R347812 SMTHH SUSGEN UDTZG UMAL UNSAFE ZHUAE@0 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Emotet.2a18bd72 20190527 0.3.0.5
CrowdStrike 20190702 1.0
Tencent Malware.Win32.Gencirc.10cde85f 20200910 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft 20200910 2013.8.14.323
McAfee Emotet-FRV!CF56FBD6CE9B 20200910 6.0.6.653
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619910859.027334
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1619910850.902334
CryptGenKey
crypto_handle: 0x00583818
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00585af8
flags: 1
key: f8mÒߺȅ£ûÄJ–O½ß
success 1 0
1619910859.043334
CryptExportKey
crypto_handle: 0x00583818
crypto_export_handle: 0x00583798
buffer: f¤=¦5zÔ`ÂÁCÌ¢Z]oÝ^ ^ûßJùsÚëSíÂ{íak´±ðDCÈv,ދ—¹·tDyß؋Ÿ‡“oæá:’ÓÎ üYApNBÖì˜,îœY?Ä»›î™†¸
blob_type: 1
flags: 64
success 1 0
1619910893.855334
CryptExportKey
crypto_handle: 0x00583818
crypto_export_handle: 0x00583798
buffer: f¤3âŸX?Ž×ڑ@_=ãÎAȬ U†fÔOõRZyæBÂî$ÜðèaBDMKœ  GdZ±b2Õß@WŸ/’$Mp×I¶S‹…ä•â0T —µjͼßhe‚™
blob_type: 1
flags: 64
success 1 0
This executable has a PDB path (1 个事件)
pdb_path c:\Users\Mr.Anderson\Desktop\2005\13.8.20\cgridlistctrlex-master\vs2003\Release\CGridListCtrlEx.pdb
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619910850.496334
NtAllocateVirtualMemory
process_identifier: 368
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01ee0000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619910859.496334
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process cf56fbd6ce9b982a1b10981a493273e7.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619910859.168334
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 159.203.232.29
host 172.217.24.14
host 66.61.94.36
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619910862.058334
RegSetValueExA
key_handle: 0x000003c4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619910862.074334
RegSetValueExA
key_handle: 0x000003c4
value: :†Áø>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619910862.074334
RegSetValueExA
key_handle: 0x000003c4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619910862.074334
RegSetValueExW
key_handle: 0x000003c4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619910862.074334
RegSetValueExA
key_handle: 0x000003dc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619910862.074334
RegSetValueExA
key_handle: 0x000003dc
value: :†Áø>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619910862.074334
RegSetValueExA
key_handle: 0x000003dc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619910862.105334
RegSetValueExW
key_handle: 0x000003c0
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Generates some ICMP traffic
File has been identified by 50 AntiVirus engines on VirusTotal as malicious (50 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
DrWeb Trojan.Emotet.1000
FireEye Trojan.Agent.EUYX
CAT-QuickHeal Trojan.IGENERIC
ALYac Trojan.Agent.Emotet
Cylance Unsafe
Zillya Trojan.Emotet.Win32.24499
K7AntiVirus Trojan ( 005600261 )
Alibaba Trojan:Win32/Emotet.2a18bd72
K7GW Trojan ( 005600261 )
Invincea Mal/Generic-R + Troj/Emotet-CLA
Cyren W32/Emotet.APQ.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
ClamAV Win.Malware.Emotet-9371541-0
Kaspersky Backdoor.Win32.Emotet.byey
BitDefender Trojan.Agent.EUYX
NANO-Antivirus Trojan.Win32.Emotet.hruyvp
MicroWorld-eScan Trojan.Agent.EUYX
Tencent Malware.Win32.Gencirc.10cde85f
Ad-Aware Trojan.Agent.EUYX
Emsisoft Trojan.Emotet (A)
Comodo TrojWare.Win32.UMal.zhuae@0
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R002C0DHE20
Sophos Troj/Emotet-CLA
Ikarus Trojan-Banker.Emotet
Jiangmin Backdoor.Emotet.qu
Avira TR/AD.Emotet.udtzg
Antiy-AVL Trojan[Backdoor]/Win32.Emotet
Microsoft Trojan:Win32/Emotet.ARJ!MTB
AegisLab Trojan.Win32.Emotet.L!c
ZoneAlarm Backdoor.Win32.Emotet.byey
GData Trojan.Agent.EUYX
TACHYON Trojan/W32.Emotet.602112
AhnLab-V3 Trojan/Win32.Emotet.R347812
McAfee Emotet-FRV!CF56FBD6CE9B
MAX malware (ai score=82)
Malwarebytes Trojan.MalPack.TRE
ESET-NOD32 Win32/Emotet.CD
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMTHH.hp
Rising Trojan.Kryptik!1.CAB2 (CLASSIC)
Yandex Trojan.Emotet!
MaxSecure Trojan.Malware.105306873.susgen
Fortinet W32/Emotet.6DC5!tr
AVG Win32:Malware-gen
Panda Trj/Genetic.gen
Qihoo-360 Generic/HEUR/QVM41.2.3987.Malware.Gen
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 66.61.94.36:80
dead_host 159.203.232.29:8080
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-14 00:30:01

Imports

Library KERNEL32.dll:
0x4580e0 SetErrorMode
0x4580e4 GetFileAttributesA
0x4580e8 GetFileTime
0x4580ec RtlUnwind
0x4580f0 TerminateProcess
0x4580fc IsDebuggerPresent
0x458100 GetTimeFormatA
0x458104 GetDateFormatA
0x458108 HeapAlloc
0x45810c HeapFree
0x458110 HeapReAlloc
0x458114 VirtualProtect
0x458118 VirtualAlloc
0x45811c GetSystemInfo
0x458120 VirtualQuery
0x458128 GetCommandLineA
0x45812c GetProcessHeap
0x458130 GetStartupInfoA
0x458134 HeapSize
0x458138 GetACP
0x458140 LCMapStringW
0x458148 VirtualFree
0x45814c HeapDestroy
0x458150 HeapCreate
0x458154 GetStdHandle
0x458158 GetStringTypeA
0x45815c GetStringTypeW
0x458170 SetHandleCount
0x458174 GetFileType
0x45817c GetUserDefaultLCID
0x458180 EnumSystemLocalesA
0x458184 IsValidLocale
0x458188 IsValidCodePage
0x45818c GetConsoleCP
0x458190 GetConsoleMode
0x458194 GetLocaleInfoW
0x458198 SetStdHandle
0x45819c WriteConsoleA
0x4581a0 GetConsoleOutputCP
0x4581a4 WriteConsoleW
0x4581ac GetOEMCP
0x4581b0 GetCPInfo
0x4581b4 CreateFileA
0x4581b8 GetFullPathNameA
0x4581c0 FindFirstFileA
0x4581c4 FindClose
0x4581c8 GetCurrentProcess
0x4581cc DuplicateHandle
0x4581d0 GetThreadLocale
0x4581d4 GetFileSize
0x4581d8 SetEndOfFile
0x4581dc UnlockFile
0x4581e0 LockFile
0x4581e4 FlushFileBuffers
0x4581e8 SetFilePointer
0x4581ec WriteFile
0x4581f0 ReadFile
0x4581f8 TlsFree
0x458200 LocalReAlloc
0x458204 TlsSetValue
0x458208 TlsAlloc
0x458210 GlobalHandle
0x458214 GlobalReAlloc
0x45821c TlsGetValue
0x458224 LocalAlloc
0x458228 GlobalFlags
0x45822c GetProfileIntA
0x458238 GetModuleFileNameW
0x45823c CopyFileA
0x458240 GlobalSize
0x458244 FormatMessageA
0x458248 LocalFree
0x45824c MulDiv
0x458250 GlobalGetAtomNameA
0x458254 GlobalFindAtomA
0x458258 lstrcmpW
0x45825c GetVersionExA
0x458260 GetTickCount
0x45826c FreeResource
0x458270 GetCurrentProcessId
0x458274 GlobalAddAtomA
0x458278 CloseHandle
0x45827c GetCurrentThread
0x458280 GetCurrentThreadId
0x458288 GetModuleFileNameA
0x458290 GetLocaleInfoA
0x458294 lstrcmpA
0x458298 GlobalDeleteAtom
0x45829c GlobalAlloc
0x4582a0 GlobalLock
0x4582a4 GlobalUnlock
0x4582a8 GlobalFree
0x4582ac lstrcpynA
0x4582b0 Sleep
0x4582b4 FreeLibrary
0x4582b8 VerSetConditionMask
0x4582bc VerifyVersionInfoA
0x4582c0 DebugBreak
0x4582c4 RaiseException
0x4582c8 lstrlenA
0x4582cc CompareStringW
0x4582d0 CompareStringA
0x4582d4 lstrlenW
0x4582d8 GetVersion
0x4582dc MultiByteToWideChar
0x4582e0 InterlockedExchange
0x4582e4 ExitProcess
0x4582e8 GetLastError
0x4582ec SetLastError
0x4582f0 GetProcAddress
0x4582f4 GetModuleHandleA
0x4582f8 LoadLibraryA
0x4582fc WideCharToMultiByte
0x458300 FindResourceA
0x458304 LoadResource
0x458308 LockResource
0x45830c LCMapStringA
0x458310 SizeofResource
Library USER32.dll:
0x458378 CharNextA
0x458380 InvalidateRgn
0x458384 GetNextDlgGroupItem
0x458388 MessageBeep
0x45838c UnregisterClassA
0x458390 EndPaint
0x458394 BeginPaint
0x458398 GetWindowDC
0x45839c ClientToScreen
0x4583a0 GrayStringA
0x4583a4 DrawTextExA
0x4583a8 TabbedTextOutA
0x4583ac DestroyMenu
0x4583b0 ShowWindow
0x4583b4 MoveWindow
0x4583b8 SetWindowTextA
0x4583bc IsDialogMessageA
0x4583c4 SendDlgItemMessageA
0x4583c8 WinHelpA
0x4583cc IsChild
0x4583d0 GetCapture
0x4583d4 GetClassLongA
0x4583d8 GetClassNameA
0x4583dc SetPropA
0x4583e0 GetPropA
0x4583e4 RemovePropA
0x4583e8 SetFocus
0x4583f0 GetWindowTextA
0x4583f4 GetTopWindow
0x4583f8 UnhookWindowsHookEx
0x4583fc GetMessageTime
0x458400 MapWindowPoints
0x458404 PostThreadMessageA
0x458408 GetScrollRange
0x45840c GetScrollPos
0x458410 SetForegroundWindow
0x458414 GetMenu
0x458418 GetSubMenu
0x45841c GetMenuItemID
0x458420 CreateWindowExA
0x458424 GetClassInfoExA
0x458428 GetClassInfoA
0x45842c RegisterClassA
0x458430 AdjustWindowRectEx
0x458434 GetDlgCtrlID
0x458438 DefWindowProcA
0x45843c CallWindowProcA
0x458440 SetWindowLongA
0x458444 IntersectRect
0x45844c GetWindowPlacement
0x458454 MapDialogRect
0x458458 SetWindowPos
0x458460 SetActiveWindow
0x458468 DestroyWindow
0x45846c IsWindow
0x458470 GetDlgItem
0x458474 GetNextDlgTabItem
0x458478 EndDialog
0x458480 GetWindowLongA
0x458484 GetLastActivePopup
0x458488 IsWindowEnabled
0x45848c MessageBoxA
0x458490 SetCursor
0x458494 SetWindowsHookExA
0x458498 DrawIcon
0x45849c AppendMenuA
0x4584a0 SendMessageA
0x4584a4 GetSystemMenu
0x4584a8 IsIconic
0x4584ac GetClientRect
0x4584b0 CallNextHookEx
0x4584b4 GetMessageA
0x4584b8 TranslateMessage
0x4584bc DispatchMessageA
0x4584c0 GetActiveWindow
0x4584c4 IsWindowVisible
0x4584c8 PeekMessageA
0x4584cc GetCursorPos
0x4584d0 ValidateRect
0x4584d4 SetMenuItemBitmaps
0x4584dc LoadBitmapA
0x4584e0 ModifyMenuA
0x4584e4 GetMenuState
0x4584e8 EnableMenuItem
0x4584ec GetSysColorBrush
0x4584f0 LoadCursorA
0x4584f4 CheckMenuItem
0x4584f8 PostQuitMessage
0x4584fc WindowFromPoint
0x458500 ReleaseCapture
0x458504 SetCapture
0x458508 SetRect
0x45850c TrackPopupMenu
0x458510 IsRectEmpty
0x458514 EnableWindow
0x458518 LoadIconA
0x45851c GetSystemMetrics
0x458520 CharUpperA
0x458524 PostMessageA
0x458528 GetDC
0x45852c ReleaseDC
0x458530 UpdateWindow
0x458534 InvalidateRect
0x458538 GetWindow
0x45853c GetParent
0x458540 GetFocus
0x458544 PtInRect
0x458548 InflateRect
0x45854c OffsetRect
0x458550 FillRect
0x458554 GetWindowRect
0x458558 GetKeyState
0x45855c DrawTextA
0x458560 CreatePopupMenu
0x458564 GetMenuItemCount
0x458568 ScreenToClient
0x45856c OpenClipboard
0x458570 GetSysColor
0x458574 GetDesktopWindow
0x458578 GetMessagePos
0x45857c SetClipboardData
0x458580 CloseClipboard
0x458584 EmptyClipboard
0x458588 CopyRect
0x45858c EqualRect
0x458590 DrawFocusRect
0x458594 GetForegroundWindow
Library GDI32.dll:
0x458034 SetWindowExtEx
0x458038 ScaleWindowExtEx
0x45803c ExtSelectClipRgn
0x458040 DeleteDC
0x458044 GetStockObject
0x458048 CreatePen
0x45804c CreateSolidBrush
0x458050 GetMapMode
0x458054 GetBkColor
0x458058 GetTextColor
0x45805c GetRgnBox
0x458060 ScaleViewportExtEx
0x458064 SetViewportExtEx
0x458068 OffsetViewportOrgEx
0x45806c SetViewportOrgEx
0x458070 SelectObject
0x458074 Escape
0x458078 TextOutA
0x45807c RectVisible
0x458080 PtVisible
0x458084 GetWindowExtEx
0x458088 GetViewportExtEx
0x458090 MoveToEx
0x458094 LineTo
0x458098 SetMapMode
0x45809c RestoreDC
0x4580a0 SaveDC
0x4580a4 ExtTextOutA
0x4580a8 CopyMetaFileA
0x4580ac GetDeviceCaps
0x4580b0 SetBkColor
0x4580b4 SetTextColor
0x4580b8 GetClipBox
0x4580c0 CreateBitmap
0x4580c4 DeleteObject
0x4580c8 CreateFontIndirectA
0x4580cc CreateCompatibleDC
0x4580d4 GetCurrentObject
0x4580d8 GetObjectA
Library comdlg32.dll:
0x4585ac GetFileTitleA
Library WINSPOOL.DRV:
0x45859c DocumentPropertiesA
0x4585a0 OpenPrinterA
0x4585a4 ClosePrinter
Library ADVAPI32.dll:
0x458000 RegCreateKeyExA
0x458004 RegDeleteValueA
0x458008 RegSetValueExA
0x45800c RegCloseKey
0x458010 RegQueryValueA
0x458014 RegOpenKeyA
0x458018 RegEnumKeyA
0x45801c RegDeleteKeyA
0x458020 RegOpenKeyExA
0x458024 RegQueryValueExA
Library SHELL32.dll:
0x45835c ShellExecuteA
Library COMCTL32.dll:
0x45802c
Library SHLWAPI.dll:
0x458364 PathFindFileNameA
0x458368 PathStripToRootA
0x45836c PathFindExtensionA
0x458370 PathIsUNCA
Library oledlg.dll:
0x458610
Library ole32.dll:
0x4585c4 CoRevokeClassObject
0x4585c8 CoGetClassObject
0x4585cc OleFlushClipboard
0x4585d4 DoDragDrop
0x4585d8 RevokeDragDrop
0x4585e0 RegisterDragDrop
0x4585e4 OleDuplicateData
0x4585e8 ReleaseStgMedium
0x4585ec CoTaskMemFree
0x4585f0 CLSIDFromString
0x4585f4 CLSIDFromProgID
0x4585f8 OleInitialize
0x458600 OleUninitialize
0x458608 CoTaskMemAlloc
Library OLEAUT32.dll:
0x45831c SysFreeString
0x458320 VarBstrFromDate
0x458324 VarUdateFromDate
0x458328 VarDateFromStr
0x45832c SysStringLen
0x458330 SysAllocStringLen
0x458334 VariantClear
0x458338 VariantChangeType
0x45833c VariantInit
0x458348 SafeArrayDestroy
0x45834c SysAllocString
0x458350 VariantCopy

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.