7.8
高危
54 个模型检测该样本为恶意!
重新分析
更多

082f91a6f81abf6b98e3b01a893c2b69381cdccf67fc6a55b110646cc19f150e

d980a4a380dab9d04583b2a711d70baa.exe

分析耗时

77s

最近分析

文件大小

276.0KB
静态报毒 动态报毒 AI SCORE=81 AIDETECTVM BITCOINMINER CHJA CKGENERIC CLASSIC CRYPTERX DOWNLOADER34 ELDORADO EMOTET GENCIRC GENERICKD HIGH CONFIDENCE HSFIPN HYNAMER KRYPTIK MALWARE1 MRUEW NONAME@0 POSSIBLETHREAT R + TROJ R348101 SCORE SUSGEN THHAGBO UNSAFE WACATAC 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRV!D980A4A380DA 20200909 6.0.6.653
Alibaba Trojan:Win32/Emotet.ef603873 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:CrypterX-gen [Trj] 20200909 18.4.3895.0
Tencent Malware.Win32.Gencirc.10cde871 20200909 1.0.0.1
Kingsoft 20200909 2013.8.14.323
CrowdStrike 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619954178.282374
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1619954170.016374
CryptGenKey
crypto_handle: 0x002f5b40
algorithm_identifier: 0x0000660e ()
provider_handle: 0x002f4e60
flags: 1
key: f]œI¬¦ Ùo–õ$ÿ¤î
success 1 0
1619954178.297374
CryptExportKey
crypto_handle: 0x002f5b40
crypto_export_handle: 0x002f4e20
buffer: f¤_v©+ïú{Ü)+epÛ&]]œwëŸl]#æÉ,J¢[ù.¦sä'Ñ,†{䴓ÌߐöãW_SÛ*ڒýâVÈ}üÛÀö št“Á«0æz®LW'[†í]-;1
blob_type: 1
flags: 64
success 1 0
1619954213.438374
CryptExportKey
crypto_handle: 0x002f5b40
crypto_export_handle: 0x002f4e20
buffer: f¤*â),‚Wí‘HÚä·z´6AXÚ¾¬£|ßCh¨²g{ ü•ü­ Vëï¼\7p€<G» kjƒ°;o ±§¯ ´R݈Qy²wæÍÆ"°½NRŽÓçˆ_Kå`é™ ^+›
blob_type: 1
flags: 64
success 1 0
1619954219.500374
CryptExportKey
crypto_handle: 0x002f5b40
crypto_export_handle: 0x002f4e20
buffer: f¤Òú|óxK±>@G´„‚[š¬‡¸MYAËP8 w¿wì*:L°9È gY ýGníæóûúÚD YÇp]`cM´—|xPÅÁ¡Jscø…Š˜ö‹Ìñ|g“
blob_type: 1
flags: 64
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619954169.547374
NtAllocateVirtualMemory
process_identifier: 2264
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01e50000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (5 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619954178.797374
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.319004651476157 section {'size_of_data': '0x0000c000', 'virtual_address': '0x0003e000', 'entropy': 7.319004651476157, 'name': '.rsrc', 'virtual_size': '0x0000b7a0'} description A section with a high entropy has been found
Expresses interest in specific running processes (1 个事件)
process d980a4a380dab9d04583b2a711d70baa.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619954178.438374
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 172.217.24.14
host 67.205.85.243
host 68.44.137.144
host 69.30.203.214
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619954181.360374
RegSetValueExA
key_handle: 0x000003bc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619954181.360374
RegSetValueExA
key_handle: 0x000003bc
value: †Ê2<?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619954181.360374
RegSetValueExA
key_handle: 0x000003bc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619954181.360374
RegSetValueExW
key_handle: 0x000003bc
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619954181.360374
RegSetValueExA
key_handle: 0x000003d4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619954181.360374
RegSetValueExA
key_handle: 0x000003d4
value: †Ê2<?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619954181.360374
RegSetValueExA
key_handle: 0x000003d4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619954181.391374
RegSetValueExW
key_handle: 0x000003b8
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Generates some ICMP traffic
File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.34376828
FireEye Trojan.GenericKD.34376828
CAT-QuickHeal Trojan.CKGENERIC
McAfee Emotet-FRV!D980A4A380DA
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
SUPERAntiSpyware Trojan.Agent/Gen-Emotet
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/Emotet.ef603873
K7GW Riskware ( 0040eff71 )
Arcabit Trojan.Generic.D20C8C7C
TrendMicro Trojan.Win32.WACATAC.THHAGBO
Cyren W32/Injector.ABK.gen!Eldorado
Symantec Trojan.Emotet
APEX Malicious
Avast Win32:CrypterX-gen [Trj]
Kaspersky Backdoor.Win32.Emotet.chja
BitDefender Trojan.GenericKD.34376828
NANO-Antivirus Trojan.Win32.Emotet.hsfipn
Paloalto generic.ml
ViRobot Trojan.Win32.Z.Emotet.282624.OI
Tencent Malware.Win32.Gencirc.10cde871
Ad-Aware Trojan.GenericKD.34376828
Comodo fls.noname@0
F-Secure Trojan.TR/Emotet.mruew
DrWeb Trojan.DownLoader34.24976
Zillya Backdoor.Emotet.Win32.1004
Invincea Mal/Generic-R + Troj/Emotet-CLE
Sophos Troj/Emotet-CLE
Jiangmin Backdoor.Emotet.rh
Webroot W32.Trojan.Gen
Avira TR/Emotet.mruew
Antiy-AVL Trojan/Win32.Emotet
Microsoft Trojan:Win32/Emotet.ARK!MTB
AegisLab Trojan.Win32.Emotet.L!c
ZoneAlarm Backdoor.Win32.Emotet.chja
GData Trojan.GenericKD.34376828
Cynet Malicious (score: 85)
AhnLab-V3 Trojan/Win32.Emotet.R348101
ALYac Trojan.Agent.Emotet
MAX malware (ai score=81)
VBA32 Trojan.Hynamer
Malwarebytes Trojan.BitCoinMiner
ESET-NOD32 Win32/Emotet.CD
TrendMicro-HouseCall Trojan.Win32.WACATAC.THHAGBO
Rising Trojan.Kryptik!1.CA97 (CLASSIC)
Ikarus Trojan-Banker.Emotet
MaxSecure Trojan.Malware.11380361.susgen
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (4 个事件)
dead_host 69.30.203.214:8080
dead_host 67.205.85.243:8080
dead_host 192.168.56.101:49177
dead_host 68.44.137.144:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-17 19:35:48

Imports

Library KERNEL32.dll:
0x42b0e0 LCMapStringW
0x42b0e4 Sleep
0x42b0fc SetHandleCount
0x42b100 GetStdHandle
0x42b104 GetFileType
0x42b108 HeapDestroy
0x42b10c HeapCreate
0x42b110 VirtualFree
0x42b118 VirtualAlloc
0x42b11c IsBadWritePtr
0x42b120 LCMapStringA
0x42b124 GetStringTypeW
0x42b128 IsBadReadPtr
0x42b12c IsBadCodePtr
0x42b130 SetStdHandle
0x42b134 CompareStringA
0x42b138 CompareStringW
0x42b140 GetProfileStringA
0x42b144 InterlockedExchange
0x42b14c GetACP
0x42b150 HeapReAlloc
0x42b154 HeapSize
0x42b158 TerminateProcess
0x42b15c HeapFree
0x42b160 HeapAlloc
0x42b164 RaiseException
0x42b168 GetCommandLineA
0x42b16c GetStartupInfoA
0x42b170 RtlUnwind
0x42b174 GetFileTime
0x42b178 GetFileSize
0x42b17c GetFileAttributesA
0x42b180 GetTickCount
0x42b18c GetFullPathNameA
0x42b194 FindFirstFileA
0x42b198 FindClose
0x42b19c SetEndOfFile
0x42b1a0 UnlockFile
0x42b1a4 LockFile
0x42b1a8 FlushFileBuffers
0x42b1ac SetFilePointer
0x42b1b0 WriteFile
0x42b1b4 ReadFile
0x42b1b8 CreateFileA
0x42b1bc GetCurrentProcess
0x42b1c0 DuplicateHandle
0x42b1c4 SetErrorMode
0x42b1c8 GetThreadLocale
0x42b1d0 SizeofResource
0x42b1d4 GetOEMCP
0x42b1d8 GetCPInfo
0x42b1dc GetProcessVersion
0x42b1e0 GlobalFlags
0x42b1e4 TlsGetValue
0x42b1e8 LocalReAlloc
0x42b1ec TlsSetValue
0x42b1f4 GlobalReAlloc
0x42b1fc TlsFree
0x42b200 GlobalHandle
0x42b208 TlsAlloc
0x42b210 LocalAlloc
0x42b214 GetLastError
0x42b218 FormatMessageA
0x42b21c LocalFree
0x42b220 CloseHandle
0x42b224 GetModuleFileNameA
0x42b228 GlobalAlloc
0x42b22c lstrcmpA
0x42b230 GetCurrentThread
0x42b234 lstrcpynA
0x42b238 GlobalFree
0x42b23c GlobalLock
0x42b240 GlobalUnlock
0x42b244 MulDiv
0x42b248 SetLastError
0x42b24c MultiByteToWideChar
0x42b250 WideCharToMultiByte
0x42b254 lstrlenA
0x42b260 LoadLibraryA
0x42b264 FreeLibrary
0x42b268 FindResourceA
0x42b26c LoadResource
0x42b270 LockResource
0x42b274 GetVersion
0x42b278 lstrcatA
0x42b27c GetCurrentThreadId
0x42b280 GlobalGetAtomNameA
0x42b284 lstrcmpiA
0x42b288 GlobalAddAtomA
0x42b28c GlobalFindAtomA
0x42b290 GlobalDeleteAtom
0x42b294 lstrcpyA
0x42b298 GetModuleHandleA
0x42b29c GetProcAddress
0x42b2a0 GetStringTypeA
0x42b2a4 ExitProcess
Library USER32.dll:
0x42b2dc CharUpperA
0x42b2e4 PostThreadMessageA
0x42b2e8 EnableMenuItem
0x42b2ec GetNextDlgTabItem
0x42b2f0 IsWindowEnabled
0x42b2f4 ShowWindow
0x42b2f8 MoveWindow
0x42b2fc SetWindowTextA
0x42b300 IsDialogMessageA
0x42b304 wvsprintfA
0x42b308 PostMessageA
0x42b30c UpdateWindow
0x42b310 SendDlgItemMessageA
0x42b314 MapWindowPoints
0x42b318 DispatchMessageA
0x42b31c GetFocus
0x42b320 SetActiveWindow
0x42b324 SetFocus
0x42b328 AdjustWindowRectEx
0x42b32c ScreenToClient
0x42b330 IsWindowVisible
0x42b334 GetTopWindow
0x42b338 MessageBoxA
0x42b33c IsChild
0x42b340 WinHelpA
0x42b344 wsprintfA
0x42b348 GetClassInfoA
0x42b34c RegisterClassA
0x42b350 GetMenu
0x42b354 GetMenuItemCount
0x42b358 GetMenuItemID
0x42b35c GetDlgItem
0x42b360 CharNextA
0x42b364 GetWindowTextA
0x42b368 GetDlgCtrlID
0x42b36c GetKeyState
0x42b370 DefWindowProcA
0x42b374 DestroyWindow
0x42b378 CreateWindowExA
0x42b37c SetWindowsHookExA
0x42b380 CallNextHookEx
0x42b384 GetClassLongA
0x42b388 SetPropA
0x42b38c UnhookWindowsHookEx
0x42b390 GetPropA
0x42b394 CallWindowProcA
0x42b398 RemovePropA
0x42b39c GetMessageTime
0x42b3a0 GetLastActivePopup
0x42b3a4 GetForegroundWindow
0x42b3a8 SetForegroundWindow
0x42b3ac GetWindow
0x42b3b0 GetWindowLongA
0x42b3b4 SetWindowLongA
0x42b3b8 SetWindowPos
0x42b3c0 IntersectRect
0x42b3c4 GetWindowPlacement
0x42b3c8 GrayStringA
0x42b3cc DrawTextA
0x42b3d0 TabbedTextOutA
0x42b3d4 FillRect
0x42b3d8 IsIconic
0x42b3dc DrawIcon
0x42b3e0 GetSystemMenu
0x42b3e4 AppendMenuA
0x42b3e8 GetSysColor
0x42b3ec UnregisterClassA
0x42b3f0 HideCaret
0x42b3f4 ShowCaret
0x42b3f8 ExcludeUpdateRgn
0x42b3fc DefDlgProcA
0x42b400 IsWindowUnicode
0x42b404 SendMessageA
0x42b408 GetParent
0x42b40c LoadIconA
0x42b410 PeekMessageA
0x42b414 PostQuitMessage
0x42b418 InvalidateRect
0x42b41c ReleaseCapture
0x42b420 GetMessagePos
0x42b424 PtInRect
0x42b428 GetClientRect
0x42b42c GetCapture
0x42b430 SetCapture
0x42b438 EnableWindow
0x42b43c SetRect
0x42b440 MessageBeep
0x42b444 GetNextDlgGroupItem
0x42b448 GetSubMenu
0x42b450 IsWindow
0x42b454 RedrawWindow
0x42b458 CopyRect
0x42b45c GetSystemMetrics
0x42b460 DrawFrameControl
0x42b464 DrawEdge
0x42b468 InflateRect
0x42b46c OffsetRect
0x42b470 DrawFocusRect
0x42b474 GetWindowRect
0x42b478 GetSysColorBrush
0x42b47c LoadCursorA
0x42b480 GetDesktopWindow
0x42b484 GetClassNameA
0x42b488 DestroyMenu
0x42b48c LoadStringA
0x42b490 MapDialogRect
0x42b498 GetMessageA
0x42b49c TranslateMessage
0x42b4a0 ValidateRect
0x42b4a4 SetCursor
0x42b4a8 EndDialog
0x42b4ac GetActiveWindow
0x42b4b4 GetCursorPos
0x42b4b8 WindowFromPoint
0x42b4bc EndPaint
0x42b4c0 BeginPaint
0x42b4c4 GetWindowDC
0x42b4c8 ReleaseDC
0x42b4cc GetDC
0x42b4d0 ClientToScreen
0x42b4d8 LoadBitmapA
0x42b4dc GetMenuState
0x42b4e0 CheckMenuItem
0x42b4e8 SetMenuItemBitmaps
0x42b4ec ModifyMenuA
Library GDI32.dll:
0x42b01c SaveDC
0x42b020 RestoreDC
0x42b024 SelectObject
0x42b028 GetStockObject
0x42b02c SelectPalette
0x42b030 SetBkMode
0x42b034 SetMapMode
0x42b038 SetViewportOrgEx
0x42b03c OffsetViewportOrgEx
0x42b040 SetViewportExtEx
0x42b044 ScaleViewportExtEx
0x42b048 SetWindowOrgEx
0x42b04c SetWindowExtEx
0x42b050 ScaleWindowExtEx
0x42b054 IntersectClipRect
0x42b058 DeleteDC
0x42b05c DeleteObject
0x42b060 GetViewportExtEx
0x42b064 GetWindowExtEx
0x42b068 GetMapMode
0x42b06c PatBlt
0x42b070 DPtoLP
0x42b074 GetTextColor
0x42b078 GetBkColor
0x42b07c LPtoDP
0x42b080 CreateBitmap
0x42b084 GetObjectA
0x42b088 SetBkColor
0x42b08c SetTextColor
0x42b090 GetClipBox
0x42b094 Escape
0x42b098 ExtTextOutA
0x42b09c TextOutA
0x42b0a0 RectVisible
0x42b0a4 PtVisible
0x42b0ac CreateCompatibleDC
0x42b0b0 BitBlt
0x42b0b4 CreateSolidBrush
0x42b0b8 GetDeviceCaps
0x42b0bc RealizePalette
0x42b0c0 CreatePen
0x42b0c8 CreateFontIndirectA
0x42b0cc CreatePalette
0x42b0d0 CreateDIBitmap
0x42b0d4 GetTextExtentPointA
0x42b0d8 Rectangle
Library comdlg32.dll:
0x42b504 GetFileTitleA
0x42b508 ChooseColorA
Library WINSPOOL.DRV:
0x42b4f4 OpenPrinterA
0x42b4f8 ClosePrinter
0x42b4fc DocumentPropertiesA
Library ADVAPI32.dll:
0x42b000 RegCreateKeyExA
0x42b004 RegOpenKeyExA
0x42b008 RegSetValueExA
0x42b00c RegCloseKey
Library COMCTL32.dll:
0x42b014
Library oledlg.dll:
0x42b550
Library ole32.dll:
0x42b514 OleUninitialize
0x42b518 CoTaskMemAlloc
0x42b51c CoTaskMemFree
0x42b52c CoGetClassObject
0x42b530 CLSIDFromString
0x42b534 CLSIDFromProgID
0x42b53c CoRevokeClassObject
0x42b540 OleFlushClipboard
0x42b548 OleInitialize
Library OLEPRO32.DLL:
0x42b2d4
Library OLEAUT32.dll:
0x42b2ac SysFreeString
0x42b2b0 SysAllocStringLen
0x42b2b4 VariantClear
0x42b2bc VariantCopy
0x42b2c0 VariantChangeType
0x42b2c4 SysAllocString
0x42b2cc SysStringLen

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.