6.0
高危
54 个模型检测该样本为恶意!
重新分析
更多

5f72fd269fd4182bfb93c2f4b617c02cb004430cec77c16f46697ee20fd507a5

da05658e2c2ca36e08a48e7c65899f94.exe

分析耗时

77s

最近分析

文件大小

168.1KB
静态报毒 动态报毒 100% AI SCORE=80 ATTRIBUTE BSCOPE CLASSIC CONFIDENCE ELDORADO EMOTET GCMK GENCIRC GENERICKDZ GENETIC HFTA HIGH CONFIDENCE HIGHCONFIDENCE HSYZJI KRYPTIK KYX@AOO9MRKI MALWARE@#CIHWIKVX97YD MOECJ Q5HK9KZ1UWG R + TROJ R011C0DHR20 R349155 SCORE TRICK TROJANX UNSAFE ZEXAE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20200922 6.0.6.653
Alibaba Trojan:Win32/Emotet.468c49c9 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Tencent Malware.Win32.Gencirc.10cdee40 20200922 1.0.0.1
Kingsoft 20200922 2013.8.14.323
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619948428.512334
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1619948420.012334
CryptGenKey
crypto_handle: 0x005f6040
algorithm_identifier: 0x0000660e ()
provider_handle: 0x005f5530
flags: 1
key: fCü¾}­¢úD)ÂoÙO&
success 1 0
1619948428.527334
CryptExportKey
crypto_handle: 0x005f6040
crypto_export_handle: 0x005f55f8
buffer: f¤ª;O™>ø–T©€æ"£3½mYM¡;€Ó׎©*]Æ%¥Ažø>d)k²©< ‘—/ ¾Á½d$(çkX}£½Ž\ý9Y¿,>khífF„±à5™'z„𐘔ÓôÙ7
blob_type: 1
flags: 64
success 1 0
1619948463.996334
CryptExportKey
crypto_handle: 0x005f6040
crypto_export_handle: 0x005f55f8
buffer: f¤ûn1ÐÓíu€ÄŽp–z×È~”øÇòŒeŸ¥‘áý‡‚äÄ}VJˆŒ—*ù UÈÊst—Gñé$t líWÇäy3–ÎóG®Íßí”q•££ÿÃÍgå%‚b˜
blob_type: 1
flags: 64
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619948419.512334
NtAllocateVirtualMemory
process_identifier: 784
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004e0000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619948429.043334
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process da05658e2c2ca36e08a48e7c65899f94.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619948428.668334
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 107.5.122.110
host 172.217.24.14
host 199.101.86.6
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619948431.621334
RegSetValueExA
key_handle: 0x0000039c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619948431.637334
RegSetValueExA
key_handle: 0x0000039c
value:  bÃnI?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619948431.637334
RegSetValueExA
key_handle: 0x0000039c
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619948431.637334
RegSetValueExW
key_handle: 0x0000039c
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619948431.637334
RegSetValueExA
key_handle: 0x000003b4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619948431.637334
RegSetValueExA
key_handle: 0x000003b4
value:  bÃnI?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619948431.637334
RegSetValueExA
key_handle: 0x000003b4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619948431.652334
RegSetValueExW
key_handle: 0x00000398
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.69717
FireEye Trojan.GenericKDZ.69717
Qihoo-360 Win32/Trojan.f22
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/Emotet.468c49c9
K7GW Riskware ( 0040eff71 )
Arcabit Trojan.Generic.D11055
TrendMicro TROJ_GEN.R011C0DHR20
Cyren W32/Emotet.ARA.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
Kaspersky Trojan-Banker.Win32.Emotet.gcmk
BitDefender Trojan.GenericKDZ.69717
NANO-Antivirus Trojan.Win32.Emotet.hsyzji
AegisLab Trojan.Win32.Emotet.L!c
Tencent Malware.Win32.Gencirc.10cdee40
Ad-Aware Trojan.GenericKDZ.69717
TACHYON Banker/W32.Emotet.172152
Sophos Troj/Emotet-CLT
Comodo Malware@#cihwikvx97yd
F-Secure Trojan.TR/Crypt.Agent.moecj
DrWeb Trojan.Emotet.1005
Zillya Trojan.Emotet.Win32.25056
Invincea Mal/Generic-R + Troj/Emotet-CLT
Emsisoft Trojan.Emotet (A)
Jiangmin Trojan.Banker.Emotet.ofk
Webroot W32.Trojan.Emotet
Avira TR/Crypt.Agent.moecj
Antiy-AVL Trojan/Win32.Kryptik
Microsoft Trojan:Win32/Emotet.ARJ!MTB
ZoneAlarm Trojan-Banker.Win32.Emotet.gcmk
GData Trojan.GenericKDZ.69717
Cynet Malicious (score: 85)
AhnLab-V3 Malware/Win32.RL_Generic.R349155
BitDefenderTheta Gen:NN.ZexaE.34254.kyX@aOo9Mrki
ALYac Trojan.Agent.Emotet
MAX malware (ai score=80)
VBA32 BScope.Trojan.Trick
Malwarebytes Trojan.Emotet
ESET-NOD32 a variant of Win32/Kryptik.HFTA
TrendMicro-HouseCall TROJ_GEN.R011C0DHR20
Rising Trojan.Kryptik!1.CB1B (CLASSIC)
Yandex Trojan.Kryptik!q5hK9kz1uwg
Ikarus Trojan-Banker.Emotet
eGambit Unsafe.AI_Score_99%
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 107.5.122.110:80
dead_host 199.101.86.6:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-25 23:30:27

Imports

Library MFC42.DLL:
0x410884
0x410888
0x41088c
0x410890
0x410894
0x410898
0x41089c
0x4108a0
0x4108a4
0x4108a8
0x4108ac
0x4108b0
0x4108b4
0x4108b8
0x4108bc
0x4108c0
0x4108c4
0x4108c8
0x4108cc
0x4108d0
0x4108d4
0x4108d8
0x4108dc
0x4108e0
0x4108e4
0x4108e8
0x4108ec
0x4108f0
0x4108f4
0x4108f8
0x4108fc
0x410900
0x410904
0x410908
0x41090c
0x410910
0x410914
0x410918
0x41091c
0x410920
0x410924
0x410928
0x41092c
0x410930
0x410934
0x410938
0x41093c
0x410940
0x410944
0x410948
0x41094c
0x410950
0x410954
0x410958
0x41095c
0x410960
0x410964
0x410968
0x41096c
0x410970
0x410974
0x410978
0x41097c
0x410980
0x410984
0x410988
0x41098c
0x410990
0x410994
0x410998
0x41099c
0x4109a0
0x4109a4
0x4109a8
0x4109ac
0x4109b0
0x4109b4
0x4109b8
0x4109bc
0x4109c0
0x4109c4
0x4109c8
0x4109cc
0x4109d0
0x4109d4
0x4109d8
0x4109dc
0x4109e0
0x4109e4
0x4109e8
0x4109ec
0x4109f0
0x4109f4
0x4109f8
0x4109fc
0x410a00
0x410a04
0x410a08
0x410a0c
0x410a10
0x410a14
0x410a18
0x410a1c
0x410a20
0x410a24
0x410a28
0x410a2c
0x410a30
0x410a34
0x410a38
0x410a3c
0x410a40
0x410a44
0x410a48
0x410a4c
0x410a50
0x410a54
0x410a58
0x410a5c
0x410a60
0x410a64
0x410a68
0x410a6c
0x410a70
0x410a74
0x410a78
0x410a7c
0x410a80
0x410a84
0x410a88
0x410a8c
0x410a90
0x410a94
0x410a98
0x410a9c
0x410aa0
0x410aa4
0x410aa8
0x410aac
0x410ab0
0x410ab4
0x410ab8
0x410abc
0x410ac0
0x410ac4
0x410ac8
0x410acc
0x410ad0
0x410ad4
0x410ad8
0x410adc
0x410ae0
0x410ae4
0x410ae8
0x410aec
0x410af0
0x410af4
0x410af8
0x410afc
0x410b00
Library MSVCRT.dll:
0x410bec _adjust_fdiv
0x410bf0 __setusermatherr
0x410bf4 _initterm
0x410bf8 __getmainargs
0x410bfc _acmdln
0x410c00 exit
0x410c04 __p__commode
0x410c08 _exit
0x410c0c _onexit
0x410c10 __dllonexit
0x410c14 _ftol
0x410c18 atoi
0x410c1c _setmbcp
0x410c20 __p__fmode
0x410c24 __set_app_type
0x410c28 _except_handler3
0x410c2c _XcptFilter
0x410c30 __CxxFrameHandler
0x410c34 _EH_prolog
0x410c38 _mbsstr
0x410c3c _vsnprintf
0x410c40 sprintf
0x410c44 _mbsnbcpy
0x410c48 _mbscmp
0x410c4c _mbsupr
0x410c50 _mbsnbcat
0x410c54 _wcslwr
0x410c58 malloc
0x410c5c clock
0x410c60 _controlfp
Library KERNEL32.dll:
0x4107c0 GlobalLock
0x4107c4 GlobalUnlock
0x4107c8 FlushViewOfFile
0x4107cc CloseHandle
0x4107d0 UnmapViewOfFile
0x4107d4 GetCurrentThreadId
0x4107d8 SetEvent
0x4107dc IsBadWritePtr
0x4107e0 IsBadReadPtr
0x4107e4 GlobalSize
0x4107e8 ReleaseMutex
0x4107ec CreateEventA
0x4107f0 CreateMutexA
0x4107f4 OpenEventA
0x4107f8 OpenMutexA
0x4107fc GetLastError
0x410800 ExitProcess
0x410804 GetModuleHandleA
0x410808 GetStartupInfoA
0x41080c GlobalAlloc
0x410810 Sleep
0x410814 FreeLibrary
0x410818 LoadLibraryA
0x410820 WinExec
0x410824 DeviceIoControl
0x410828 GetFileSize
0x41082c CreateFileA
0x410830 MapViewOfFile
0x410834 WaitForSingleObject
0x410838 CreateFileMappingA
0x41083c OpenFileMappingA
Library USER32.dll:
0x410cd8 ScreenToClient
0x410cdc SendMessageA
0x410ce0 ReleaseDC
0x410ce4 InvalidateRect
0x410ce8 RedrawWindow
0x410cec SetTimer
0x410cf0 KillTimer
0x410cf4 GetParent
0x410cf8 GetSystemMetrics
0x410cfc DrawFocusRect
0x410d00 GetSubMenu
0x410d04 LoadMenuA
0x410d08 InSendMessage
0x410d0c CreateWindowExA
0x410d10 DrawIcon
0x410d14 GetClientRect
0x410d18 GetSystemMenu
0x410d1c IsIconic
0x410d20 LoadIconA
0x410d24 InflateRect
0x410d28 PtInRect
0x410d2c LoadCursorA
0x410d30 CopyIcon
0x410d34 IsWindow
0x410d38 GetSysColor
0x410d3c SetCursor
0x410d40 GetMessagePos
0x410d44 MessageBeep
0x410d48 SetWindowLongA
0x410d4c DestroyCursor
0x410d54 AppendMenuA
0x410d58 GetWindowRect
0x410d5c EmptyClipboard
0x410d60 SetClipboardData
0x410d64 OpenClipboard
0x410d68 GetClipboardData
0x410d6c CloseClipboard
0x410d70 EnableWindow
0x410d74 GetDC
Library GDI32.dll:
0x410774 GetTextMetricsA
0x41077c GetObjectA
0x410780 CreateFontIndirectA
0x410784 CreateSolidBrush
0x410788 GetStockObject
0x41078c GetCharWidthA
Library ADVAPI32.dll:
0x41073c RegQueryValueA
0x410740 RegCloseKey
0x410744 RegOpenKeyExA
Library SHELL32.dll:
0x410ca8 ShellExecuteA
Library MSVCP60.dll:

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.