5.8
高危
56 个模型检测该样本为恶意!
重新分析
更多

63af9dabdaba25f49985302e38c911432368174205f80234b16bce6b22b1d3b4

da61fe4a69692b430110eb5582e14859.exe

分析耗时

76s

最近分析

文件大小

372.0KB
静态报毒 动态报毒 12DJQCC AI SCORE=84 AIDETECTVM ATTRIBUTE BVLH CLASSIC EMOTET GENCIRC GENERICKDZ HFMJ HIGH CONFIDENCE HIGHCONFIDENCE HRRFUH JZIMN KRYPTIK MALWARE2 MALWARE@#2ZG7BW1O0T2E1 MBPN2PPDMM8 MULTIPMF QKWG QVM41 R + TROJ R347702 S15425705 SCORE THHABBO UNSAFE WACATAC 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRV!DA61FE4A6969 20200924 6.0.6.653
Alibaba Trojan:Win32/Emotet.f076e4df 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20200925 18.4.3895.0
Tencent Malware.Win32.Gencirc.10cde803 20200925 1.0.0.1
Kingsoft 20200925 2013.8.14.323
CrowdStrike 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619948432.97056
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1619948416.76756
CryptGenKey
crypto_handle: 0x009254d8
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00924b28
flags: 1
key: fë\túUþheǛ¸@DŽBÅ
success 1 0
1619948432.98656
CryptExportKey
crypto_handle: 0x009254d8
crypto_export_handle: 0x00924ae8
buffer: f¤ƒ÷‘C¨Üdì¥Ì–«tœí¹Íþz¯€½Áû±;/3çWÐò¥hÊÜß|ŸÛ’  á:­¹uÈ*­ŒÍyxÄ>]WÖ°5=m?0#c] ™;yÐfó1ÕÇôtjf”
blob_type: 1
flags: 64
success 1 0
1619948467.84556
CryptExportKey
crypto_handle: 0x009254d8
crypto_export_handle: 0x00924ae8
buffer: f¤Y:¨M~Á€³å)AªKwð&:9®`Ú¤¯©gbo•Ï¶?𤠷[ÞBj C´Ûçbk0q˜•DKp%û“fä0T¦zÆ\̼zIÌ$‡•®Ô K"$Θ
blob_type: 1
flags: 64
success 1 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619948416.28356
NtAllocateVirtualMemory
process_identifier: 2976
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x008b0000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619948433.45556
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 6.92965811133161 section {'size_of_data': '0x00015000', 'virtual_address': '0x0004c000', 'entropy': 6.92965811133161, 'name': '.rsrc', 'virtual_size': '0x00014450'} description A section with a high entropy has been found
entropy 0.22826086956521738 description Overall entropy of this PE file is high
Expresses interest in specific running processes (1 个事件)
process da61fe4a69692b430110eb5582e14859.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619948433.14256
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 159.203.232.29
host 172.217.24.14
host 176.216.226.44
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619948436.03356
RegSetValueExA
key_handle: 0x000003b8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619948436.03356
RegSetValueExA
key_handle: 0x000003b8
value: üj:7?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619948436.03356
RegSetValueExA
key_handle: 0x000003b8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619948436.03356
RegSetValueExW
key_handle: 0x000003b8
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619948436.03356
RegSetValueExA
key_handle: 0x000003d0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619948436.03356
RegSetValueExA
key_handle: 0x000003d0
value: üj:7?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619948436.03356
RegSetValueExA
key_handle: 0x000003d0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619948436.06456
RegSetValueExW
key_handle: 0x000003b4
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 176.216.226.44:80
File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.69402
FireEye Generic.mg.da61fe4a69692b43
CAT-QuickHeal Trojan.MultiPMF.S15425705
McAfee Emotet-FRV!DA61FE4A6969
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
SUPERAntiSpyware Trojan.Agent/Gen-Emotet
Sangfor Malware
K7AntiVirus Trojan ( 0056e0961 )
Alibaba Trojan:Win32/Emotet.f076e4df
K7GW Trojan ( 0056e0961 )
Arcabit Trojan.Generic.D10F1A
Invincea Mal/Generic-R + Troj/Emotet-CKY
Cyren W32/Emotet.QKWG-5644
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Trojan-gen
ClamAV Win.Trojan.Emotet-9752370-0
Kaspersky Backdoor.Win32.Emotet.bvlh
BitDefender Trojan.GenericKDZ.69402
NANO-Antivirus Trojan.Win32.Emotet.hrrfuh
ViRobot Trojan.Win32.Emotet.380928.A
Tencent Malware.Win32.Gencirc.10cde803
Ad-Aware Trojan.GenericKDZ.69402
TACHYON Trojan/W32.Agent.380928.AAX
Sophos Troj/Emotet-CKY
Comodo Malware@#2zg7bw1o0t2e1
F-Secure Trojan.TR/AD.Emotet.jzimn
DrWeb Trojan.Emotet.1000
Zillya Backdoor.Emotet.Win32.933
TrendMicro Trojan.Win32.WACATAC.THHABBO
McAfee-GW-Edition BehavesLike.Win32.Emotet.fh
Emsisoft Trojan.Emotet (A)
Jiangmin Backdoor.Emotet.qo
Avira TR/AD.Emotet.jzimn
Antiy-AVL Trojan[Backdoor]/Win32.Emotet
Microsoft Trojan:Win32/Emotet.ARJ!MTB
AegisLab Trojan.Win32.Emotet.L!c
ZoneAlarm Backdoor.Win32.Emotet.bvlh
GData Win32.Trojan.PSE.12DJQCC
Cynet Malicious (score: 90)
AhnLab-V3 Trojan/Win32.Emotet.R347702
ALYac Trojan.Agent.Emotet
MAX malware (ai score=84)
Malwarebytes Trojan.MalPack.TRE
ESET-NOD32 a variant of Win32/Kryptik.HFMJ
TrendMicro-HouseCall Trojan.Win32.WACATAC.THHABBO
Rising Trojan.Kryptik!1.CA6F (CLASSIC)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-12 18:13:22

Imports

Library KERNEL32.dll:
0x4370ac GetFileAttributesA
0x4370b0 GetFileTime
0x4370b4 GetTickCount
0x4370b8 HeapAlloc
0x4370bc HeapFree
0x4370c0 HeapReAlloc
0x4370c4 VirtualProtect
0x4370c8 VirtualAlloc
0x4370cc GetSystemInfo
0x4370d0 VirtualQuery
0x4370d4 RtlUnwind
0x4370d8 GetCommandLineA
0x4370dc GetProcessHeap
0x4370e0 GetStartupInfoA
0x4370e4 RaiseException
0x4370e8 HeapSize
0x4370ec VirtualFree
0x4370f0 HeapDestroy
0x4370f4 HeapCreate
0x4370f8 GetStdHandle
0x4370fc TerminateProcess
0x437108 IsDebuggerPresent
0x43710c Sleep
0x437110 LCMapStringA
0x437114 LCMapStringW
0x437128 SetHandleCount
0x43712c GetFileType
0x437138 GetStringTypeA
0x43713c GetStringTypeW
0x437144 GetConsoleCP
0x437148 GetConsoleMode
0x43714c SetStdHandle
0x437150 WriteConsoleA
0x437154 GetConsoleOutputCP
0x437158 WriteConsoleW
0x437164 SetErrorMode
0x437168 GetOEMCP
0x43716c GetCPInfo
0x437170 CreateFileA
0x437174 GetFullPathNameA
0x43717c FindFirstFileA
0x437180 FindClose
0x437184 GetCurrentProcess
0x437188 DuplicateHandle
0x43718c GetFileSize
0x437190 SetEndOfFile
0x437194 UnlockFile
0x437198 LockFile
0x43719c FlushFileBuffers
0x4371a0 SetFilePointer
0x4371a4 WriteFile
0x4371a8 ReadFile
0x4371ac GlobalFlags
0x4371b8 GetThreadLocale
0x4371c0 TlsFree
0x4371c8 LocalReAlloc
0x4371cc TlsSetValue
0x4371d0 TlsAlloc
0x4371d8 GlobalHandle
0x4371dc GlobalReAlloc
0x4371e4 TlsGetValue
0x4371ec LocalAlloc
0x4371f4 GetModuleFileNameW
0x4371f8 GlobalGetAtomNameA
0x4371fc GlobalFindAtomA
0x437200 lstrcmpW
0x437204 GetVersionExA
0x437208 FreeResource
0x43720c GetCurrentProcessId
0x437210 GlobalAddAtomA
0x437214 CloseHandle
0x437218 GetCurrentThread
0x43721c GetCurrentThreadId
0x437224 GetModuleFileNameA
0x43722c GetLocaleInfoA
0x437230 LoadLibraryA
0x437234 lstrcmpA
0x437238 FreeLibrary
0x43723c GlobalDeleteAtom
0x437240 GetModuleHandleA
0x437244 GetProcAddress
0x437248 GlobalFree
0x43724c GlobalAlloc
0x437250 GlobalLock
0x437254 GlobalUnlock
0x437258 FormatMessageA
0x43725c LocalFree
0x437260 MulDiv
0x437264 SetLastError
0x437268 ExitProcess
0x43726c FindResourceA
0x437270 LoadResource
0x437274 LockResource
0x437278 SizeofResource
0x43727c lstrlenA
0x437280 CompareStringW
0x437284 CompareStringA
0x437288 GetVersion
0x43728c GetLastError
0x437290 WideCharToMultiByte
0x437294 MultiByteToWideChar
0x437298 GetACP
0x43729c InterlockedExchange
Library USER32.dll:
0x4372f8 SetRect
0x4372fc InvalidateRect
0x437300 InvalidateRgn
0x437304 GetNextDlgGroupItem
0x437308 MessageBeep
0x43730c UnregisterClassA
0x437314 PostThreadMessageA
0x437318 GetSysColorBrush
0x43731c EndPaint
0x437320 BeginPaint
0x437324 GetWindowDC
0x437328 ClientToScreen
0x43732c GrayStringA
0x437330 DrawTextExA
0x437334 DrawTextA
0x437338 TabbedTextOutA
0x43733c DestroyMenu
0x437340 ShowWindow
0x437344 MoveWindow
0x437348 SetWindowTextA
0x43734c IsDialogMessageA
0x437354 SendDlgItemMessageA
0x437358 WinHelpA
0x43735c IsChild
0x437360 GetCapture
0x437364 GetClassLongA
0x437368 GetClassNameA
0x43736c SetPropA
0x437370 GetPropA
0x437374 RemovePropA
0x437378 SetFocus
0x43737c GetWindowTextA
0x437380 GetForegroundWindow
0x437384 GetTopWindow
0x437388 UnhookWindowsHookEx
0x43738c IsRectEmpty
0x437390 GetMessagePos
0x437394 MapWindowPoints
0x437398 SetForegroundWindow
0x43739c UpdateWindow
0x4373a0 GetMenu
0x4373a4 GetClassInfoExA
0x4373a8 GetClassInfoA
0x4373ac RegisterClassA
0x4373b0 GetSysColor
0x4373b4 AdjustWindowRectEx
0x4373b8 EqualRect
0x4373bc PtInRect
0x4373c0 GetDlgCtrlID
0x4373c4 DefWindowProcA
0x4373c8 CallWindowProcA
0x4373cc SetWindowLongA
0x4373d0 OffsetRect
0x4373d4 IntersectRect
0x4373dc GetWindowPlacement
0x4373e0 GetWindowRect
0x4373e4 GetWindow
0x4373ec MapDialogRect
0x4373f0 SetWindowPos
0x4373f4 ReleaseDC
0x4373f8 GetDC
0x4373fc CopyRect
0x437400 GetDesktopWindow
0x437404 SetActiveWindow
0x43740c DestroyWindow
0x437410 IsWindow
0x437414 CharUpperA
0x437418 InSendMessage
0x43741c CreateWindowExA
0x437420 GetDlgItem
0x437424 GetNextDlgTabItem
0x437428 EndDialog
0x437430 GetWindowLongA
0x437434 GetLastActivePopup
0x437438 IsWindowEnabled
0x43743c MessageBoxA
0x437440 SetCursor
0x437444 SetWindowsHookExA
0x437448 CallNextHookEx
0x43744c GetMessageA
0x437454 CharNextA
0x437458 ReleaseCapture
0x43745c SetCapture
0x437460 GetMessageTime
0x437464 LoadCursorA
0x437468 SendMessageA
0x43746c DrawIcon
0x437470 AppendMenuA
0x437474 GetSystemMenu
0x437478 IsIconic
0x43747c GetClientRect
0x437480 EnableWindow
0x437484 LoadIconA
0x437488 GetSystemMetrics
0x43748c GetSubMenu
0x437490 GetMenuItemCount
0x437494 GetMenuItemID
0x437498 GetMenuState
0x43749c PostQuitMessage
0x4374a0 PostMessageA
0x4374a4 CheckMenuItem
0x4374a8 EnableMenuItem
0x4374ac ModifyMenuA
0x4374b0 GetParent
0x4374b4 GetFocus
0x4374b8 LoadBitmapA
0x4374c0 SetMenuItemBitmaps
0x4374c4 ValidateRect
0x4374c8 GetCursorPos
0x4374cc PeekMessageA
0x4374d0 GetKeyState
0x4374d4 IsWindowVisible
0x4374d8 GetActiveWindow
0x4374dc DispatchMessageA
0x4374e0 TranslateMessage
Library GDI32.dll:
0x437028 ScaleViewportExtEx
0x43702c SetWindowExtEx
0x437030 ScaleWindowExtEx
0x437034 ExtSelectClipRgn
0x437038 DeleteDC
0x43703c GetStockObject
0x437040 SetViewportExtEx
0x437044 GetMapMode
0x437048 GetBkColor
0x43704c GetTextColor
0x437050 GetRgnBox
0x437054 OffsetViewportOrgEx
0x437058 SetViewportOrgEx
0x43705c SelectObject
0x437060 Escape
0x437064 TextOutA
0x437068 RectVisible
0x43706c PtVisible
0x437070 GetWindowExtEx
0x437074 GetViewportExtEx
0x437078 GetDeviceCaps
0x43707c DeleteObject
0x437080 SetMapMode
0x437084 RestoreDC
0x437088 SaveDC
0x43708c ExtTextOutA
0x437090 GetObjectA
0x437094 SetBkColor
0x437098 SetTextColor
0x43709c GetClipBox
0x4370a4 CreateBitmap
Library comdlg32.dll:
0x4374fc GetFileTitleA
Library WINSPOOL.DRV:
0x4374ec DocumentPropertiesA
0x4374f0 OpenPrinterA
0x4374f4 ClosePrinter
Library ADVAPI32.dll:
0x437000 RegSetValueExA
0x437004 RegCreateKeyExA
0x437008 RegQueryValueA
0x43700c RegEnumKeyA
0x437010 RegDeleteKeyA
0x437014 RegOpenKeyExA
0x437018 RegQueryValueExA
0x43701c RegOpenKeyA
0x437020 RegCloseKey
Library SHELL32.dll:
0x4372dc SHGetFileInfoA
Library SHLWAPI.dll:
0x4372e4 PathFindFileNameA
0x4372e8 PathStripToRootA
0x4372ec PathFindExtensionA
0x4372f0 PathIsUNCA
Library oledlg.dll:
0x437544
Library ole32.dll:
0x437504 OleInitialize
0x43750c OleUninitialize
0x43751c CoGetClassObject
0x437520 CLSIDFromString
0x437524 CoRevokeClassObject
0x437528 CoTaskMemAlloc
0x43752c CoTaskMemFree
0x437534 OleFlushClipboard
0x43753c CLSIDFromProgID
Library OLEAUT32.dll:
0x4372a4 SysFreeString
0x4372ac SysAllocStringLen
0x4372b0 VariantClear
0x4372b4 VariantChangeType
0x4372b8 VariantInit
0x4372bc VariantCopy
0x4372c0 SafeArrayDestroy
0x4372d0 SysAllocString
0x4372d4 SysStringLen

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.