6.4
高危
57 个模型检测该样本为恶意!
重新分析
更多

3358bd8c8a90defdc510fbd02d15ff40aa8e00c6a81e9800b2b5f1807754acb5

d5db929f0d2847fd072f6923e61cefb2.exe

分析耗时

78s

最近分析

文件大小

1.1MB
静态报毒 动态报毒 5KXVORFHSDN AI SCORE=89 EMOTET ER0@AEEBC@EI GDEP GENCIRC GENERICKDZ GENETIC GRAYWARE HDAI HIGH CONFIDENCE HTXLHB KRYPTIK NONAME@0 R + TROJ R057C0DI420 R350033 ROBHH SCORE SIGGEN10 TDHP TROJANBANKER UNSAFE VOBFUSAGENTHI ZEXTET 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRI!D5DB929F0D28 20200911 6.0.6.653
Alibaba Trojan:Win32/Emotet.a70f9ddc 20190527 0.3.0.5
CrowdStrike 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20200912 18.4.3895.0
Tencent Malware.Win32.Gencirc.10cdfce5 20200912 1.0.0.1
Kingsoft 20200912 2013.8.14.323
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619911350.829
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (6 个事件)
Time & API Arguments Status Return Repeated
1619911341.595
CryptGenKey
crypto_handle: 0x00a7b698
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00a7a980
flags: 1
key: fü÷ª^þ⭊nšûóô
success 1 0
1619911350.845
CryptExportKey
crypto_handle: 0x00a7b698
crypto_export_handle: 0x00a7aa48
buffer: f¤0)Âù)å1ÖÔäs!“†}hÆÛ~€òŽu{_KNQ©©É54Gºš —¸m$ô˱/'©4˜¯ÚМ¡/«îËxÖ ¹’…O¾KÚï¸Ás`Ûˆ&´q1)·„
blob_type: 1
flags: 64
success 1 0
1619911386.048
CryptExportKey
crypto_handle: 0x00a7b698
crypto_export_handle: 0x00a7aa48
buffer: f¤Q…eÄíNä¬?ŸÈá^gi:³,I¥5ÓEXp‰S²ˆƒ3Fñƒ ÊYSt‡”=Tý/‹?@)¸Z1¾DrëÿÿóÌ«7Ý£÷"ãí}¾X{Q$3òC?ÿ×Hy
blob_type: 1
flags: 64
success 1 0
1619911391.97
CryptExportKey
crypto_handle: 0x00a7b698
crypto_export_handle: 0x00a7aa48
buffer: f¤gT+ž¾;5t|‘èo.ù_`À4&»0$+V–]!Z–ÇÑ?4ê8I—Þïcxç(múy[™f ÜDj1ý–qùkíÕ÷̐)pU``%s«Z†9 MÊË_e¾1t·
blob_type: 1
flags: 64
success 1 0
1619911397.688
CryptExportKey
crypto_handle: 0x00a7b698
crypto_export_handle: 0x00a7aa48
buffer: f¤S¸''?X2Ò LI ¹)®¥Å‘'ò#‚Ö^™¤Ô˜‘ á‚àœ x’’bŽ$CãºMfúÇí­0•‘%zÁµÎu#´ ªçñ±þ³"˖‘ Ɣw f3Ø#kÕÛl„q½
blob_type: 1
flags: 64
success 1 0
1619911403.11
CryptExportKey
crypto_handle: 0x00a7b698
crypto_export_handle: 0x00a7aa48
buffer: f¤7û²aØaQ èºc'v]¤~Ù¶—-Q†NöråÁ)%Š£1짉sPz'»ÅOÚµ"˜•Í(–Å Ð*ô~0ýœÃ7ޞ4ßSÊÕfÓÎíÅe@ ÈpåÖˋ
blob_type: 1
flags: 64
success 1 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619911341.001
NtAllocateVirtualMemory
process_identifier: 3068
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00360000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (45 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619911351.438
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process d5db929f0d2847fd072f6923e61cefb2.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619911351.048
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (6 个事件)
host 172.217.24.14
host 45.16.226.117
host 50.121.220.50
host 51.75.33.122
host 54.37.42.48
host 91.121.54.71
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619911354.017
RegSetValueExA
key_handle: 0x000003a8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619911354.017
RegSetValueExA
key_handle: 0x000003a8
value: Éûsæ>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619911354.017
RegSetValueExA
key_handle: 0x000003a8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619911354.017
RegSetValueExW
key_handle: 0x000003a8
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619911354.017
RegSetValueExA
key_handle: 0x000003c0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619911354.017
RegSetValueExA
key_handle: 0x000003c0
value: Éûsæ>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619911354.017
RegSetValueExA
key_handle: 0x000003c0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619911354.048
RegSetValueExW
key_handle: 0x000003a4
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 个事件)
Bkav W32.VobfusAgentHI.Trojan
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.69879
FireEye Generic.mg.d5db929f0d2847fd
CAT-QuickHeal Trojan.Emotet
McAfee Emotet-FRI!D5DB929F0D28
Cylance Unsafe
Zillya Trojan.Emotet.Win32.28366
SUPERAntiSpyware Trojan.Agent/Gen-Dropper
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/Emotet.a70f9ddc
K7GW Riskware ( 0040eff71 )
Arcabit Trojan.Generic.D110F7
Invincea Mal/Generic-R + Troj/Emotet-CMX
BitDefenderTheta Gen:NN.Zextet.34216.er0@aeebC@ei
Cyren W32/Trojan.TDHP-3379
Symantec Trojan.Emotet
APEX Malicious
Paloalto generic.ml
ClamAV Win.Malware.Emotet-9746935-0
Kaspersky Trojan-Banker.Win32.Emotet.gdep
BitDefender Trojan.GenericKDZ.69879
NANO-Antivirus Trojan.Win32.Emotet.htxlhb
ViRobot Trojan.Win32.Emotet.1122304
Avast Win32:Trojan-gen
Tencent Malware.Win32.Gencirc.10cdfce5
Ad-Aware Trojan.GenericKDZ.69879
Comodo fls.noname@0
F-Secure Trojan.TR/Emotet.robhh
DrWeb Trojan.Siggen10.11107
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R057C0DI420
Sophos Troj/Emotet-CMX
Jiangmin Trojan.Banker.Emotet.ohb
Webroot W32.Trojan.Gen
Avira TR/Emotet.robhh
MAX malware (ai score=89)
Antiy-AVL GrayWare/Win32.Kryptik.hda
Microsoft Trojan:Win32/Emotet.ARK!MTB
AegisLab Trojan.Win32.Emotet.L!c
ZoneAlarm Trojan-Banker.Win32.Emotet.gdep
GData Trojan.GenericKDZ.69879
Cynet Malicious (score: 85)
AhnLab-V3 Malware/Win32.RL_Generic.R350033
VBA32 TrojanBanker.Emotet
ALYac Trojan.Agent.Emotet
TACHYON Banker/W32.Emotet.1122304
Malwarebytes Trojan.Emotet
ESET-NOD32 Win32/Emotet.CD
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (7 个事件)
dead_host 192.168.56.101:49178
dead_host 192.168.56.101:49179
dead_host 91.121.54.71:8080
dead_host 51.75.33.122:80
dead_host 192.168.56.101:49177
dead_host 50.121.220.50:80
dead_host 54.37.42.48:8080
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-09-02 22:31:45

Imports

Library KERNEL32.dll:
0x4310b4 GetSystemInfo
0x4310b8 VirtualQuery
0x4310bc GetStartupInfoA
0x4310c0 GetCommandLineA
0x4310c4 ExitProcess
0x4310c8 TerminateProcess
0x4310cc HeapReAlloc
0x4310d0 HeapSize
0x4310d4 LCMapStringA
0x4310d8 LCMapStringW
0x4310dc HeapDestroy
0x4310e0 HeapCreate
0x4310e4 VirtualFree
0x4310e8 IsBadWritePtr
0x4310ec GetStdHandle
0x4310fc VirtualAlloc
0x431104 SetHandleCount
0x431108 GetFileType
0x431110 GetCurrentProcessId
0x431118 GetStringTypeA
0x43111c GetStringTypeW
0x431124 GetUserDefaultLCID
0x431128 EnumSystemLocalesA
0x43112c IsValidLocale
0x431130 IsValidCodePage
0x431134 IsBadReadPtr
0x431138 IsBadCodePtr
0x43113c SetStdHandle
0x431140 GetLocaleInfoW
0x431148 VirtualProtect
0x43114c HeapFree
0x431150 HeapAlloc
0x431158 RtlUnwind
0x43115c GetTickCount
0x431160 GetFileTime
0x431164 GetFileAttributesA
0x43116c SetErrorMode
0x431174 GetOEMCP
0x431178 GetCPInfo
0x43117c CreateFileA
0x431180 GetFullPathNameA
0x431188 FindFirstFileA
0x43118c FindClose
0x431190 GetCurrentProcess
0x431194 DuplicateHandle
0x431198 GetFileSize
0x43119c SetEndOfFile
0x4311a0 UnlockFile
0x4311a4 LockFile
0x4311a8 FlushFileBuffers
0x4311ac SetFilePointer
0x4311b0 WriteFile
0x4311b4 ReadFile
0x4311b8 TlsFree
0x4311bc LocalReAlloc
0x4311c0 TlsSetValue
0x4311c4 TlsAlloc
0x4311c8 TlsGetValue
0x4311d0 GlobalHandle
0x4311d4 GlobalReAlloc
0x4311dc LocalAlloc
0x4311e8 RaiseException
0x4311ec GlobalFlags
0x4311fc SetLastError
0x431200 MulDiv
0x431204 FormatMessageA
0x431208 LocalFree
0x43120c GlobalGetAtomNameA
0x431210 GlobalFindAtomA
0x431214 lstrcatA
0x431218 lstrcmpW
0x43121c lstrcpynA
0x431220 GlobalUnlock
0x431224 GlobalFree
0x431228 FreeResource
0x43122c CloseHandle
0x431230 GlobalAddAtomA
0x431234 GetCurrentThread
0x431238 GetCurrentThreadId
0x43123c GlobalLock
0x431240 GlobalAlloc
0x431244 FreeLibrary
0x431248 GlobalDeleteAtom
0x43124c lstrcmpA
0x431250 GetModuleFileNameA
0x431254 GetModuleHandleA
0x431258 GetProcAddress
0x431264 lstrcpyA
0x431268 LoadLibraryA
0x43126c CompareStringW
0x431270 CompareStringA
0x431274 lstrlenA
0x431278 lstrcmpiA
0x43127c GetVersion
0x431280 GetLastError
0x431284 MultiByteToWideChar
0x431288 WideCharToMultiByte
0x43128c FindResourceA
0x431290 LoadResource
0x431294 LockResource
0x431298 SizeofResource
0x43129c GetVersionExA
0x4312a0 GetThreadLocale
0x4312a4 GetLocaleInfoA
0x4312a8 GetACP
0x4312ac InterlockedExchange
0x4312b4 LoadLibraryExA
Library USER32.dll:
0x431304 PostThreadMessageA
0x43130c WinHelpA
0x431310 GetCapture
0x431314 CreateWindowExA
0x431318 GetClassLongA
0x43131c GetClassInfoExA
0x431320 GetClassNameA
0x431324 SetPropA
0x431328 GetPropA
0x43132c RemovePropA
0x431330 SendDlgItemMessageA
0x431334 SetFocus
0x431338 IsChild
0x431340 GetWindowTextA
0x431344 GetForegroundWindow
0x431348 GetTopWindow
0x43134c UnhookWindowsHookEx
0x431350 GetMessageTime
0x431354 GetMessagePos
0x431358 MapWindowPoints
0x43135c SetForegroundWindow
0x431360 UpdateWindow
0x431364 GetMenu
0x431368 GetSubMenu
0x43136c GetMenuItemID
0x431370 GetMenuItemCount
0x431374 GetSysColor
0x431378 AdjustWindowRectEx
0x43137c EqualRect
0x431380 GetClassInfoA
0x431384 RegisterClassA
0x431388 UnregisterClassA
0x43138c GetDlgCtrlID
0x431390 MessageBeep
0x431394 CallWindowProcA
0x431398 SetWindowLongA
0x43139c OffsetRect
0x4313a0 IntersectRect
0x4313a8 GetWindowPlacement
0x4313ac CopyRect
0x4313b0 PtInRect
0x4313b4 GetWindow
0x4313bc MapDialogRect
0x4313c0 SetWindowPos
0x4313c4 GetDesktopWindow
0x4313c8 SetActiveWindow
0x4313d0 DestroyWindow
0x4313d4 IsWindow
0x4313d8 GetDlgItem
0x4313dc GetNextDlgTabItem
0x4313e0 EndDialog
0x4313e4 SetMenuItemBitmaps
0x4313e8 GetFocus
0x4313ec ModifyMenuA
0x4313f0 GetMenuState
0x4313f4 EnableMenuItem
0x4313f8 CheckMenuItem
0x431400 LoadBitmapA
0x431404 SetWindowsHookExA
0x431408 CallNextHookEx
0x43140c GetMessageA
0x431410 TranslateMessage
0x431414 DispatchMessageA
0x431418 GetActiveWindow
0x43141c IsWindowVisible
0x431420 GetKeyState
0x431424 PeekMessageA
0x431428 GetNextDlgGroupItem
0x43142c InvalidateRgn
0x431430 InvalidateRect
0x431438 SetRect
0x43143c IsRectEmpty
0x431440 CharNextA
0x431444 GetSysColorBrush
0x431448 ReleaseCapture
0x43144c GetCursorPos
0x431450 ValidateRect
0x431454 MessageBoxA
0x431458 GetParent
0x43145c GetWindowLongA
0x431460 GetLastActivePopup
0x431464 IsWindowEnabled
0x431468 SetCursor
0x43146c PostQuitMessage
0x431470 PostMessageA
0x431474 CharUpperA
0x43147c GetSystemMetrics
0x431480 LoadIconA
0x431484 EnableWindow
0x431488 GetClientRect
0x43148c IsIconic
0x431490 GetSystemMenu
0x431494 SetMenu
0x431498 SendMessageA
0x43149c LoadMenuA
0x4314a0 AppendMenuA
0x4314a4 DrawIcon
0x4314a8 ShowWindow
0x4314ac GetWindowRect
0x4314b0 LoadCursorA
0x4314b4 SetCapture
0x4314b8 EndPaint
0x4314bc BeginPaint
0x4314c0 GetWindowDC
0x4314c4 ReleaseDC
0x4314c8 GetDC
0x4314cc ClientToScreen
0x4314d0 GrayStringA
0x4314d4 DrawTextExA
0x4314d8 DrawTextA
0x4314dc TabbedTextOutA
0x4314e0 wsprintfA
0x4314e4 DestroyMenu
0x4314e8 MoveWindow
0x4314ec SetWindowTextA
0x4314f0 IsDialogMessageA
0x4314f4 DefWindowProcA
Library GDI32.dll:
0x431030 DeleteObject
0x431034 GetViewportExtEx
0x431038 GetWindowExtEx
0x43103c PtVisible
0x431040 RectVisible
0x431044 TextOutA
0x431048 Escape
0x43104c SelectObject
0x431050 SetViewportOrgEx
0x431054 OffsetViewportOrgEx
0x431058 SetViewportExtEx
0x43105c ScaleViewportExtEx
0x431060 SetWindowExtEx
0x431064 ScaleWindowExtEx
0x431068 ExtSelectClipRgn
0x43106c GetStockObject
0x431070 GetBkColor
0x431074 GetTextColor
0x43107c GetRgnBox
0x431080 GetMapMode
0x431084 SetMapMode
0x431088 RestoreDC
0x43108c SaveDC
0x431090 ExtTextOutA
0x431094 GetDeviceCaps
0x431098 GetObjectA
0x43109c SetBkColor
0x4310a0 SetTextColor
0x4310a4 GetClipBox
0x4310a8 DeleteDC
0x4310ac CreateBitmap
Library comdlg32.dll:
0x43150c GetFileTitleA
Library WINSPOOL.DRV:
0x4314fc OpenPrinterA
0x431500 DocumentPropertiesA
0x431504 ClosePrinter
Library ADVAPI32.dll:
0x431000 RegQueryValueExA
0x431004 RegOpenKeyExA
0x431008 RegDeleteKeyA
0x43100c RegEnumKeyA
0x431010 RegOpenKeyA
0x431014 RegQueryValueA
0x431018 RegCreateKeyExA
0x43101c RegSetValueExA
0x431020 RegCloseKey
Library COMCTL32.dll:
0x431028
Library SHLWAPI.dll:
0x4312f0 PathFindFileNameA
0x4312f4 PathStripToRootA
0x4312f8 PathFindExtensionA
0x4312fc PathIsUNCA
Library oledlg.dll:
0x431554
Library ole32.dll:
0x431520 CoGetClassObject
0x431524 CoTaskMemAlloc
0x431528 CoTaskMemFree
0x43152c CLSIDFromString
0x431530 CLSIDFromProgID
0x431534 OleUninitialize
0x431540 OleFlushClipboard
0x431548 CoRevokeClassObject
0x43154c OleInitialize
Library OLEAUT32.dll:
0x4312bc SysFreeString
0x4312c0 VariantClear
0x4312c4 VariantChangeType
0x4312c8 VariantInit
0x4312cc SysStringLen
0x4312dc SafeArrayDestroy
0x4312e0 SysAllocString
0x4312e4 VariantCopy
0x4312e8 SysAllocStringLen

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51966 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.