6.2
高危
48 个模型检测该样本为恶意!
重新分析
更多

429751b02e221be29864e3965472b25ffae4445897489acc276ae5efbd970e49

d2e4ca3f10fcc05103d158524e55f01a.exe

分析耗时

77s

最近分析

文件大小

347.5KB
静态报毒 动态报毒 100% 92AJPHWRTS AI SCORE=88 ATTRIBUTE BSCOPE CLASSIC CONFIDENCE EKZK ELDORADO EMOTET EMOTETU ENCPK GENCIRC GENKRYPTIK HIGH CONFIDENCE HIGHCONFIDENCE HNRAES KRYPT KRYPTIK MALWARE@#25CNFPW40FPTV R + MAL R342999 SCORE TRICKBOT VDMER VQ0@ACKDBFHI VQ0@BCKDBFHI ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FQU!D2E4CA3F10FC 20201211 6.0.6.653
Alibaba Trojan:Win32/Emotet.74a9ab63 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20201210 21.1.5827.0
Kingsoft 20201211 2017.9.26.565
Tencent Malware.Win32.Gencirc.10cdcf12 20201211 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619929500.8395
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1619929488.6675
CryptGenKey
crypto_handle: 0x00513ad0
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00512ee0
flags: 1
key: fÚ95üM±Ÿ# žzu3
success 1 0
1619929500.9645
CryptExportKey
crypto_handle: 0x00513ad0
crypto_export_handle: 0x00512fa8
buffer: f¤²·M²‡ ’`B§Ú7-Nž©†˜j>²Îƒ7¾b&_v¼=²¬«€„ÛµQØÑOʕG7mçžófh<RÀk¥ÝkQkK=wâÀeƒÀû¯Óqáqgð íõ9*C§Y›ÝÆ
blob_type: 1
flags: 64
success 1 0
1619929536.3245
CryptExportKey
crypto_handle: 0x00513ad0
crypto_export_handle: 0x00512fa8
buffer: f¤T€ï ð­šÀRÆàè_àƒ$ùœOk¹òÀ›v×Y‡”ñR1¯Z¤öcàÌ´'+®ïg8GìõÔWg4tò:(],§®‹¼6÷“o%¨yё%zl™Ðô¾ÿÙP 
blob_type: 1
flags: 64
success 1 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619929484.3865
NtAllocateVirtualMemory
process_identifier: 2976
region_size: 45056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003e0000
success 0 0
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1619929484.4025
NtProtectVirtualMemory
process_identifier: 2976
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 32768
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffff
base_address: 0x01d11000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619929501.5115
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 6.9201785985160935 section {'size_of_data': '0x00011000', 'virtual_address': '0x0004c000', 'entropy': 6.9201785985160935, 'name': '.rsrc', 'virtual_size': '0x00010f4c'} description A section with a high entropy has been found
Expresses interest in specific running processes (1 个事件)
process d2e4ca3f10fcc05103d158524e55f01a.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619929501.1675
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 162.154.38.103
host 172.217.24.14
host 95.216.118.202
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619929504.1055
RegSetValueExA
key_handle: 0x0000039c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619929504.1055
RegSetValueExA
key_handle: 0x0000039c
value:  “wúñ>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619929504.1055
RegSetValueExA
key_handle: 0x0000039c
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619929504.1055
RegSetValueExW
key_handle: 0x0000039c
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619929504.1055
RegSetValueExA
key_handle: 0x000003b4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619929504.1055
RegSetValueExA
key_handle: 0x000003b4
value:  “wúñ>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619929504.1055
RegSetValueExA
key_handle: 0x000003b4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619929504.1205
RegSetValueExW
key_handle: 0x00000398
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 162.154.38.103:80
File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.EmotetU.Gen.vq0@bCkdbfhi
FireEye Generic.mg.d2e4ca3f10fcc051
McAfee Emotet-FQU!D2E4CA3F10FC
Malwarebytes Trojan.Emotet
VIPRE Trojan.Win32.Generic!BT
K7AntiVirus Trojan ( 005675131 )
Alibaba Trojan:Win32/Emotet.74a9ab63
K7GW Trojan ( 005675131 )
BitDefenderTheta Gen:NN.ZexaF.34670.vq0@aCkdbfhi
Cyren W32/Trickbot.DU.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Avast Win32:Malware-gen
ClamAV Win.Malware.Emotet-7997984-0
Kaspersky HEUR:Backdoor.Win32.Emotet.vho
BitDefender Trojan.EmotetU.Gen.vq0@bCkdbfhi
NANO-Antivirus Trojan.Win32.Emotet.hnraes
Paloalto generic.ml
Rising Trojan.Kryptik!1.C782 (CLASSIC)
Ad-Aware Trojan.EmotetU.Gen.vq0@bCkdbfhi
Emsisoft Trojan.Emotet (A)
Comodo Malware@#25cnfpw40fptv
F-Secure Trojan.TR/AD.Emotet.vdmer
DrWeb Trojan.Emotet.982
McAfee-GW-Edition BehavesLike.Win32.Emotet.fh
Sophos Mal/Generic-R + Mal/EncPk-APM
APEX Malicious
Jiangmin Backdoor.Emotet.gi
Avira TR/AD.Emotet.vdmer
MAX malware (ai score=88)
Antiy-AVL Trojan[Backdoor]/Win32.Emotet
Microsoft Trojan:Win32/Emotet.DSB!MTB
AegisLab Trojan.Win32.Emotet.L!c
ZoneAlarm HEUR:Backdoor.Win32.Emotet.vho
GData Trojan.EmotetU.Gen.vq0@bCkdbfhi
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.RL_Generic.R342999
VBA32 BScope.Trojan.Downloader
ALYac Trojan.EmotetU.Gen.vq0@bCkdbfhi
ESET-NOD32 Win32/Emotet.CD
Tencent Malware.Win32.Gencirc.10cdcf12
Yandex Trojan.Emotet!/92ajpHwrTs
Ikarus Trojan.Win32.Krypt
Fortinet W32/GenKryptik.EKZK!tr
AVG Win32:Malware-gen
Panda Trj/Emotet.A
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Win32/Backdoor.101
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-05-23 02:58:17

Imports

Library KERNEL32.dll:
0x4370e0 GetCommandLineA
0x4370e4 GetStartupInfoA
0x4370e8 HeapAlloc
0x4370ec HeapFree
0x4370f0 VirtualAlloc
0x4370f4 ExitProcess
0x4370f8 ExitThread
0x4370fc CreateThread
0x437100 HeapReAlloc
0x437104 HeapSize
0x437108 TerminateProcess
0x437114 IsDebuggerPresent
0x437118 GetStdHandle
0x43712c SetHandleCount
0x437130 GetFileType
0x437134 HeapCreate
0x437138 VirtualFree
0x43713c RaiseException
0x437140 GetTickCount
0x437148 GetACP
0x43714c IsValidCodePage
0x437158 GetConsoleCP
0x43715c GetConsoleMode
0x437160 LCMapStringA
0x437164 LCMapStringW
0x437168 GetStringTypeA
0x43716c GetStringTypeW
0x437170 SetStdHandle
0x437174 WriteConsoleA
0x437178 GetConsoleOutputCP
0x43717c WriteConsoleW
0x437180 CompareStringW
0x437188 RtlUnwind
0x43718c SetErrorMode
0x437190 GetFileSizeEx
0x4371a4 CreateFileA
0x4371a8 GetShortPathNameA
0x4371b0 FindFirstFileA
0x4371b4 FindClose
0x4371b8 DuplicateHandle
0x4371bc GetFileSize
0x4371c0 SetEndOfFile
0x4371c4 UnlockFile
0x4371c8 LockFile
0x4371cc FlushFileBuffers
0x4371d0 SetFilePointer
0x4371d4 WriteFile
0x4371d8 ReadFile
0x4371dc lstrcmpiA
0x4371e0 GetThreadLocale
0x4371e4 GetStringTypeExA
0x4371e8 DeleteFileA
0x4371ec MoveFileA
0x4371f4 GetModuleHandleW
0x4371f8 GetOEMCP
0x4371fc GetCPInfo
0x437208 GetModuleFileNameW
0x43720c TlsFree
0x437210 LocalReAlloc
0x437214 TlsSetValue
0x437218 TlsAlloc
0x43721c GlobalHandle
0x437220 GlobalReAlloc
0x437224 TlsGetValue
0x437228 LocalAlloc
0x43722c GlobalFlags
0x437230 GetDiskFreeSpaceA
0x437234 GetFullPathNameA
0x437238 GetTempFileNameA
0x43723c GetFileTime
0x437240 SetFileTime
0x437244 GetFileAttributesA
0x437248 SuspendThread
0x43724c GetCurrentThread
0x437258 GetModuleFileNameA
0x43725c GetLocaleInfoA
0x437260 InterlockedExchange
0x437264 lstrcmpA
0x437268 GlobalFree
0x43726c GlobalAlloc
0x437270 FormatMessageA
0x437274 LocalFree
0x437278 MulDiv
0x43727c FreeResource
0x437280 GetCurrentThreadId
0x437284 GlobalFindAtomA
0x437288 GlobalDeleteAtom
0x43728c FreeLibrary
0x437290 CompareStringA
0x437294 lstrcmpW
0x437298 GetVersionExA
0x43729c lstrlenA
0x4372a0 GlobalLock
0x4372a4 GlobalUnlock
0x4372a8 GetCurrentProcessId
0x4372ac GetProcAddress
0x4372b0 GetModuleHandleA
0x4372b4 LoadLibraryA
0x4372b8 GlobalGetAtomNameA
0x4372bc GlobalAddAtomA
0x4372c0 GetLastError
0x4372c4 SetLastError
0x4372c8 MultiByteToWideChar
0x4372d4 CreateEventA
0x4372d8 SetEvent
0x4372dc WaitForSingleObject
0x4372e0 Sleep
0x4372e4 ResumeThread
0x4372e8 SetThreadPriority
0x4372f0 LoadLibraryExW
0x4372f4 LoadLibraryExA
0x4372f8 GetCurrentProcess
0x4372fc WideCharToMultiByte
0x437304 CloseHandle
0x437308 FindResourceA
0x43730c LoadResource
0x437310 LockResource
0x437318 SizeofResource
Library USER32.dll:
0x43735c GetMenuItemInfoA
0x437360 InflateRect
0x437364 EndPaint
0x437368 BeginPaint
0x43736c GetWindowDC
0x437370 ReleaseDC
0x437374 GetDC
0x437378 ClientToScreen
0x43737c GrayStringA
0x437380 DrawTextExA
0x437384 DrawTextA
0x437388 TabbedTextOutA
0x43738c FillRect
0x437394 GetNextDlgTabItem
0x437398 EndDialog
0x43739c ShowOwnedPopups
0x4373a0 GetMessageA
0x4373a4 TranslateMessage
0x4373a8 GetCursorPos
0x4373ac ValidateRect
0x4373b0 PostQuitMessage
0x4373b4 SetWindowTextA
0x4373b8 IsDialogMessageA
0x4373bc SetMenuItemBitmaps
0x4373c4 LoadBitmapA
0x4373c8 ModifyMenuA
0x4373cc GetMenuState
0x4373d0 EnableMenuItem
0x4373d4 CheckMenuItem
0x4373dc SendDlgItemMessageA
0x4373e0 IsChild
0x4373e4 SetWindowsHookExA
0x4373e8 CallNextHookEx
0x4373ec GetClassLongA
0x4373f0 SetPropA
0x4373f4 RemovePropA
0x4373f8 GetWindowTextA
0x4373fc GetForegroundWindow
0x437400 DispatchMessageA
0x437404 BeginDeferWindowPos
0x437408 EndDeferWindowPos
0x43740c GetTopWindow
0x437410 DestroyWindow
0x437414 UnhookWindowsHookEx
0x437418 GetMessageTime
0x43741c GetMessagePos
0x437420 MapWindowPoints
0x437424 TrackPopupMenu
0x437428 SetForegroundWindow
0x43742c MessageBoxA
0x437430 CreateWindowExA
0x437434 GetClassInfoExA
0x437438 RegisterClassA
0x43743c AdjustWindowRectEx
0x437440 ScreenToClient
0x437444 DeferWindowPos
0x437448 PtInRect
0x43744c DefWindowProcA
0x437450 CallWindowProcA
0x437458 GetWindowPlacement
0x43745c GetWindowRect
0x437460 GetSystemMetrics
0x437464 GetClassNameA
0x437468 EnableWindow
0x43746c GetSystemMenu
0x437470 InvalidateRect
0x437474 SetRect
0x437478 GetSysColor
0x43747c UnpackDDElParam
0x437480 ReuseDDElParam
0x437484 LoadMenuA
0x437488 DestroyMenu
0x43748c WinHelpA
0x437490 SetWindowPos
0x437494 SetFocus
0x43749c GetActiveWindow
0x4374a0 IsWindowEnabled
0x4374a4 EqualRect
0x4374a8 GetDlgItem
0x4374ac SetWindowLongA
0x4374b0 UnregisterClassA
0x4374b4 CharUpperA
0x4374b8 DestroyIcon
0x4374bc LoadCursorA
0x4374c0 GetPropA
0x4374c4 GetSysColorBrush
0x4374c8 OffsetRect
0x4374cc GetClientRect
0x4374d4 IsWindow
0x4374d8 GetWindowLongA
0x4374dc ShowWindow
0x4374e0 GetWindow
0x4374e4 GetDesktopWindow
0x4374e8 SetMenu
0x4374ec PostMessageA
0x4374f0 BringWindowToTop
0x4374f4 GetLastActivePopup
0x4374f8 GetMenu
0x4374fc CopyRect
0x437500 SetRectEmpty
0x437504 IntersectRect
0x437508 GetClassInfoA
0x43750c CreatePopupMenu
0x437510 GetMenuItemCount
0x437514 GetMenuItemID
0x437518 GetDlgCtrlID
0x43751c GetKeyState
0x437520 LoadIconA
0x437524 SetCursor
0x437528 PeekMessageA
0x43752c GetCapture
0x437530 ReleaseCapture
0x437534 LoadAcceleratorsA
0x437538 GetParent
0x43753c SetActiveWindow
0x437540 IsWindowVisible
0x437544 UpdateWindow
0x437548 IsIconic
0x43754c SendMessageA
0x437550 InsertMenuItemA
0x437554 GetSubMenu
0x437558 GetFocus
Library GDI32.dll:
0x437040 ScaleWindowExtEx
0x437044 DeleteDC
0x437048 CreatePatternBrush
0x43704c GetStockObject
0x437050 SetWindowExtEx
0x437054 CreateSolidBrush
0x437058 CreateFontIndirectA
0x437060 ScaleViewportExtEx
0x437064 SetViewportExtEx
0x437068 OffsetViewportOrgEx
0x43706c SetViewportOrgEx
0x437070 SelectObject
0x437074 Escape
0x437078 ExtTextOutA
0x43707c TextOutA
0x437080 RectVisible
0x437084 PtVisible
0x437088 GetPixel
0x43708c CreatePen
0x437090 Ellipse
0x437094 DeleteObject
0x437098 MoveToEx
0x43709c LineTo
0x4370a0 SetMapMode
0x4370a4 SetBkMode
0x4370a8 RestoreDC
0x4370ac SaveDC
0x4370b0 GetDeviceCaps
0x4370b4 CreateBitmap
0x4370b8 GetObjectA
0x4370bc SetBkColor
0x4370c0 SetTextColor
0x4370c4 GetClipBox
0x4370c8 CreateCompatibleDC
0x4370d0 GdiFlush
0x4370d4 Rectangle
0x4370d8 BitBlt
Library COMDLG32.dll:
0x437038 GetFileTitleA
Library WINSPOOL.DRV:
0x437560 DocumentPropertiesA
0x437564 OpenPrinterA
0x437568 ClosePrinter
Library ADVAPI32.dll:
0x437000 RegSetValueExA
0x437004 RegCreateKeyA
0x437008 RegCreateKeyExA
0x43700c GetFileSecurityA
0x437010 SetFileSecurityA
0x437014 RegQueryValueA
0x437018 RegOpenKeyA
0x43701c RegEnumKeyA
0x437020 RegDeleteKeyA
0x437024 RegOpenKeyExA
0x437028 RegQueryValueExA
0x43702c RegSetValueA
0x437030 RegCloseKey
Library SHELL32.dll:
0x437330 DragFinish
0x437334 ExtractIconA
0x437338 SHGetFileInfoA
0x43733c DragQueryFileA
Library SHLWAPI.dll:
0x437344 PathFindFileNameA
0x437348 PathStripToRootA
0x43734c PathIsUNCA
0x437350 PathFindExtensionA
0x437354 PathRemoveFileSpecW
Library ole32.dll:
0x437570 CoCreateInstance
0x437574 CoTaskMemFree
0x437578 CoUninitialize
0x43757c CoInitializeEx
Library OLEAUT32.dll:
0x437320 VariantClear
0x437324 VariantChangeType
0x437328 VariantInit

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.