6.4
高危
55 个模型检测该样本为恶意!
重新分析
更多

40babfd984dbe7eb25016ca7432afb70f2d4671015c4d13fdf6e38771e936d05

deef4645a00f68c3ca8f38b1672dee10.exe

分析耗时

76s

最近分析

文件大小

1.1MB
静态报毒 动态报毒 5KXVORFHSDN AI SCORE=100 BKETT EMOTET ER0@AEEBC@EI GDEP GENCIRC GENERICKDZ GENETIC GRAYWARE HDAI HIGH CONFIDENCE HTXFEK KRYPTIK NONAME@0 R + TROJ R057C0DI420 R350033 SCORE SIGGEN10 SUSGEN TDHP TROJANBANKER TRUY UNSAFE VOBFUSAGENTHI ZEXTET 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Emotet.680b7b77 20190527 0.3.0.5
Avast Win32:Trojan-gen 20200918 18.4.3895.0
Baidu 20190318 1.0.0.2
Kingsoft 20200918 2013.8.14.323
McAfee 20200915 6.0.6.653
Tencent Malware.Win32.Gencirc.10cdfce5 20200918 1.0.0.1
CrowdStrike 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619948430.768241
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (5 个事件)
Time & API Arguments Status Return Repeated
1619948415.706241
CryptGenKey
crypto_handle: 0x0069b698
algorithm_identifier: 0x0000660e ()
provider_handle: 0x0069a980
flags: 1
key: fá}eŸ§É|¹Ï^„ª[ß
success 1 0
1619948430.784241
CryptExportKey
crypto_handle: 0x0069b698
crypto_export_handle: 0x0069aa48
buffer: f¤XT÷G€FB«ÂwÑø7yªþ&Ô"#€ 8€Ä—{°ÓC/ln¢6à_òÑq`ÁlÕZ4r3ë\ÄêÙ1¢¸Lisu ‹=8u;Ɍf жW×¼J­-
blob_type: 1
flags: 64
success 1 0
1619948465.581241
CryptExportKey
crypto_handle: 0x0069b698
crypto_export_handle: 0x0069aa48
buffer: f¤··éø‚«à´–^XþGJô_ܧ!ˆE @Ž“³ïîb)$³þúfxØšU“‚"ë:™×’fŒåò 悺£’·añï¥%ÿӅ$é÷çS‹Ëo–
blob_type: 1
flags: 64
success 1 0
1619948470.768241
CryptExportKey
crypto_handle: 0x0069b698
crypto_export_handle: 0x0069aa48
buffer: f¤©~§óy)YkaåqZùo€ÈtŲ„ Žª 0BÊLEúˆ›9οËÙé z&ŒÌŠ@>¾_÷—iTž  »™‹‹gþP&k2¡Î[kϝÕ ´¢ìZº|<€Ï
blob_type: 1
flags: 64
success 1 0
1619948475.174241
CryptExportKey
crypto_handle: 0x0069b698
crypto_export_handle: 0x0069aa48
buffer: f¤Ïî \w‹4ca›«³g¬P⟟2 ¶jÆe6»fc«[£)§ÿ:Ö¨Mœ”ãŒ@hê˜Ç¿U+1®D²ԘžR}¥Ü½éGÐ÷fȚg0ƒUR’S®\t
blob_type: 1
flags: 64
success 1 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619948415.159241
NtAllocateVirtualMemory
process_identifier: 648
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003d0000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619948431.268241
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process deef4645a00f68c3ca8f38b1672dee10.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619948430.940241
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (6 个事件)
host 172.217.24.14
host 50.121.220.50
host 51.75.33.122
host 54.37.42.48
host 91.121.54.71
host 203.208.41.33
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619948433.846241
RegSetValueExA
key_handle: 0x000003ac
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619948433.846241
RegSetValueExA
key_handle: 0x000003ac
value: €µ\?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619948433.846241
RegSetValueExA
key_handle: 0x000003ac
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619948433.846241
RegSetValueExW
key_handle: 0x000003ac
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619948433.846241
RegSetValueExA
key_handle: 0x000003c4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619948433.846241
RegSetValueExA
key_handle: 0x000003c4
value: €µ\?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619948433.846241
RegSetValueExA
key_handle: 0x000003c4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619948433.877241
RegSetValueExW
key_handle: 0x000003a8
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 个事件)
Bkav W32.VobfusAgentHI.Trojan
Elastic malicious (high confidence)
DrWeb Trojan.Siggen10.11107
MicroWorld-eScan Trojan.GenericKDZ.69879
FireEye Generic.mg.deef4645a00f68c3
ALYac Trojan.Agent.Emotet
Cylance Unsafe
Zillya Trojan.Emotet.Win32.28366
SUPERAntiSpyware Trojan.Agent/Gen-Dropper
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/Emotet.680b7b77
K7GW Riskware ( 0040eff71 )
Arcabit Trojan.Generic.D110F7
Invincea Mal/Generic-R + Troj/Emotet-CMX
BitDefenderTheta Gen:NN.Zextet.34252.er0@aeebC@ei
Cyren W32/Trojan.TDHP-3379
Symantec Trojan.Emotet
TrendMicro-HouseCall TROJ_GEN.R057C0DI420
Paloalto generic.ml
Cynet Malicious (score: 85)
Kaspersky Trojan-Banker.Win32.Emotet.gdep
BitDefender Trojan.GenericKDZ.69879
NANO-Antivirus Trojan.Win32.Emotet.htxfek
ViRobot Trojan.Win32.Emotet.1122304
Avast Win32:Trojan-gen
Rising Trojan.Kryptik!8.8 (TFE:5:5kXVoRFHSDN)
Ad-Aware Trojan.GenericKDZ.69879
Comodo fls.noname@0
F-Secure Trojan.TR/Emotet.bkett
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R057C0DI420
Sophos Troj/Emotet-CMX
Ikarus Trojan-Banker.Emotet
Jiangmin Trojan.Banker.Emotet.ohb
MaxSecure Trojan.Malware.106299874.susgen
Avira TR/Emotet.bkett
Antiy-AVL GrayWare/Win32.Kryptik.hda
Microsoft Trojan:Win32/Emotet.ARK!MTB
AegisLab Trojan.Win32.Emotet.truy
ZoneAlarm Trojan-Banker.Win32.Emotet.gdep
GData Trojan.GenericKDZ.69879
TACHYON Banker/W32.Emotet.1122304
AhnLab-V3 Malware/Win32.RL_Generic.R350033
MAX malware (ai score=100)
VBA32 TrojanBanker.Emotet
Malwarebytes Trojan.Emotet
APEX Malicious
ESET-NOD32 Win32/Emotet.CD
Tencent Malware.Win32.Gencirc.10cdfce5
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (7 个事件)
dead_host 192.168.56.101:49178
dead_host 91.121.54.71:8080
dead_host 51.75.33.122:80
dead_host 192.168.56.101:49177
dead_host 192.168.56.101:49176
dead_host 50.121.220.50:80
dead_host 54.37.42.48:8080
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-09-02 22:31:45

Imports

Library KERNEL32.dll:
0x4310b4 GetSystemInfo
0x4310b8 VirtualQuery
0x4310bc GetStartupInfoA
0x4310c0 GetCommandLineA
0x4310c4 ExitProcess
0x4310c8 TerminateProcess
0x4310cc HeapReAlloc
0x4310d0 HeapSize
0x4310d4 LCMapStringA
0x4310d8 LCMapStringW
0x4310dc HeapDestroy
0x4310e0 HeapCreate
0x4310e4 VirtualFree
0x4310e8 IsBadWritePtr
0x4310ec GetStdHandle
0x4310fc VirtualAlloc
0x431104 SetHandleCount
0x431108 GetFileType
0x431110 GetCurrentProcessId
0x431118 GetStringTypeA
0x43111c GetStringTypeW
0x431124 GetUserDefaultLCID
0x431128 EnumSystemLocalesA
0x43112c IsValidLocale
0x431130 IsValidCodePage
0x431134 IsBadReadPtr
0x431138 IsBadCodePtr
0x43113c SetStdHandle
0x431140 GetLocaleInfoW
0x431148 VirtualProtect
0x43114c HeapFree
0x431150 HeapAlloc
0x431158 RtlUnwind
0x43115c GetTickCount
0x431160 GetFileTime
0x431164 GetFileAttributesA
0x43116c SetErrorMode
0x431174 GetOEMCP
0x431178 GetCPInfo
0x43117c CreateFileA
0x431180 GetFullPathNameA
0x431188 FindFirstFileA
0x43118c FindClose
0x431190 GetCurrentProcess
0x431194 DuplicateHandle
0x431198 GetFileSize
0x43119c SetEndOfFile
0x4311a0 UnlockFile
0x4311a4 LockFile
0x4311a8 FlushFileBuffers
0x4311ac SetFilePointer
0x4311b0 WriteFile
0x4311b4 ReadFile
0x4311b8 TlsFree
0x4311bc LocalReAlloc
0x4311c0 TlsSetValue
0x4311c4 TlsAlloc
0x4311c8 TlsGetValue
0x4311d0 GlobalHandle
0x4311d4 GlobalReAlloc
0x4311dc LocalAlloc
0x4311e8 RaiseException
0x4311ec GlobalFlags
0x4311fc SetLastError
0x431200 MulDiv
0x431204 FormatMessageA
0x431208 LocalFree
0x43120c GlobalGetAtomNameA
0x431210 GlobalFindAtomA
0x431214 lstrcatA
0x431218 lstrcmpW
0x43121c lstrcpynA
0x431220 GlobalUnlock
0x431224 GlobalFree
0x431228 FreeResource
0x43122c CloseHandle
0x431230 GlobalAddAtomA
0x431234 GetCurrentThread
0x431238 GetCurrentThreadId
0x43123c GlobalLock
0x431240 GlobalAlloc
0x431244 FreeLibrary
0x431248 GlobalDeleteAtom
0x43124c lstrcmpA
0x431250 GetModuleFileNameA
0x431254 GetModuleHandleA
0x431258 GetProcAddress
0x431264 lstrcpyA
0x431268 LoadLibraryA
0x43126c CompareStringW
0x431270 CompareStringA
0x431274 lstrlenA
0x431278 lstrcmpiA
0x43127c GetVersion
0x431280 GetLastError
0x431284 MultiByteToWideChar
0x431288 WideCharToMultiByte
0x43128c FindResourceA
0x431290 LoadResource
0x431294 LockResource
0x431298 SizeofResource
0x43129c GetVersionExA
0x4312a0 GetThreadLocale
0x4312a4 GetLocaleInfoA
0x4312a8 GetACP
0x4312ac InterlockedExchange
0x4312b4 LoadLibraryExA
Library USER32.dll:
0x431304 PostThreadMessageA
0x43130c WinHelpA
0x431310 GetCapture
0x431314 CreateWindowExA
0x431318 GetClassLongA
0x43131c GetClassInfoExA
0x431320 GetClassNameA
0x431324 SetPropA
0x431328 GetPropA
0x43132c RemovePropA
0x431330 SendDlgItemMessageA
0x431334 SetFocus
0x431338 IsChild
0x431340 GetWindowTextA
0x431344 GetForegroundWindow
0x431348 GetTopWindow
0x43134c UnhookWindowsHookEx
0x431350 GetMessageTime
0x431354 GetMessagePos
0x431358 MapWindowPoints
0x43135c SetForegroundWindow
0x431360 UpdateWindow
0x431364 GetMenu
0x431368 GetSubMenu
0x43136c GetMenuItemID
0x431370 GetMenuItemCount
0x431374 GetSysColor
0x431378 AdjustWindowRectEx
0x43137c EqualRect
0x431380 GetClassInfoA
0x431384 RegisterClassA
0x431388 UnregisterClassA
0x43138c GetDlgCtrlID
0x431390 MessageBeep
0x431394 CallWindowProcA
0x431398 SetWindowLongA
0x43139c OffsetRect
0x4313a0 IntersectRect
0x4313a8 GetWindowPlacement
0x4313ac CopyRect
0x4313b0 PtInRect
0x4313b4 GetWindow
0x4313bc MapDialogRect
0x4313c0 SetWindowPos
0x4313c4 GetDesktopWindow
0x4313c8 SetActiveWindow
0x4313d0 DestroyWindow
0x4313d4 IsWindow
0x4313d8 GetDlgItem
0x4313dc GetNextDlgTabItem
0x4313e0 EndDialog
0x4313e4 SetMenuItemBitmaps
0x4313e8 GetFocus
0x4313ec ModifyMenuA
0x4313f0 GetMenuState
0x4313f4 EnableMenuItem
0x4313f8 CheckMenuItem
0x431400 LoadBitmapA
0x431404 SetWindowsHookExA
0x431408 CallNextHookEx
0x43140c GetMessageA
0x431410 TranslateMessage
0x431414 DispatchMessageA
0x431418 GetActiveWindow
0x43141c IsWindowVisible
0x431420 GetKeyState
0x431424 PeekMessageA
0x431428 GetNextDlgGroupItem
0x43142c InvalidateRgn
0x431430 InvalidateRect
0x431438 SetRect
0x43143c IsRectEmpty
0x431440 CharNextA
0x431444 GetSysColorBrush
0x431448 ReleaseCapture
0x43144c GetCursorPos
0x431450 ValidateRect
0x431454 MessageBoxA
0x431458 GetParent
0x43145c GetWindowLongA
0x431460 GetLastActivePopup
0x431464 IsWindowEnabled
0x431468 SetCursor
0x43146c PostQuitMessage
0x431470 PostMessageA
0x431474 CharUpperA
0x43147c GetSystemMetrics
0x431480 LoadIconA
0x431484 EnableWindow
0x431488 GetClientRect
0x43148c IsIconic
0x431490 GetSystemMenu
0x431494 SetMenu
0x431498 SendMessageA
0x43149c LoadMenuA
0x4314a0 AppendMenuA
0x4314a4 DrawIcon
0x4314a8 ShowWindow
0x4314ac GetWindowRect
0x4314b0 LoadCursorA
0x4314b4 SetCapture
0x4314b8 EndPaint
0x4314bc BeginPaint
0x4314c0 GetWindowDC
0x4314c4 ReleaseDC
0x4314c8 GetDC
0x4314cc ClientToScreen
0x4314d0 GrayStringA
0x4314d4 DrawTextExA
0x4314d8 DrawTextA
0x4314dc TabbedTextOutA
0x4314e0 wsprintfA
0x4314e4 DestroyMenu
0x4314e8 MoveWindow
0x4314ec SetWindowTextA
0x4314f0 IsDialogMessageA
0x4314f4 DefWindowProcA
Library GDI32.dll:
0x431030 DeleteObject
0x431034 GetViewportExtEx
0x431038 GetWindowExtEx
0x43103c PtVisible
0x431040 RectVisible
0x431044 TextOutA
0x431048 Escape
0x43104c SelectObject
0x431050 SetViewportOrgEx
0x431054 OffsetViewportOrgEx
0x431058 SetViewportExtEx
0x43105c ScaleViewportExtEx
0x431060 SetWindowExtEx
0x431064 ScaleWindowExtEx
0x431068 ExtSelectClipRgn
0x43106c GetStockObject
0x431070 GetBkColor
0x431074 GetTextColor
0x43107c GetRgnBox
0x431080 GetMapMode
0x431084 SetMapMode
0x431088 RestoreDC
0x43108c SaveDC
0x431090 ExtTextOutA
0x431094 GetDeviceCaps
0x431098 GetObjectA
0x43109c SetBkColor
0x4310a0 SetTextColor
0x4310a4 GetClipBox
0x4310a8 DeleteDC
0x4310ac CreateBitmap
Library comdlg32.dll:
0x43150c GetFileTitleA
Library WINSPOOL.DRV:
0x4314fc OpenPrinterA
0x431500 DocumentPropertiesA
0x431504 ClosePrinter
Library ADVAPI32.dll:
0x431000 RegQueryValueExA
0x431004 RegOpenKeyExA
0x431008 RegDeleteKeyA
0x43100c RegEnumKeyA
0x431010 RegOpenKeyA
0x431014 RegQueryValueA
0x431018 RegCreateKeyExA
0x43101c RegSetValueExA
0x431020 RegCloseKey
Library COMCTL32.dll:
0x431028
Library SHLWAPI.dll:
0x4312f0 PathFindFileNameA
0x4312f4 PathStripToRootA
0x4312f8 PathFindExtensionA
0x4312fc PathIsUNCA
Library oledlg.dll:
0x431554
Library ole32.dll:
0x431520 CoGetClassObject
0x431524 CoTaskMemAlloc
0x431528 CoTaskMemFree
0x43152c CLSIDFromString
0x431530 CLSIDFromProgID
0x431534 OleUninitialize
0x431540 OleFlushClipboard
0x431548 CoRevokeClassObject
0x43154c OleInitialize
Library OLEAUT32.dll:
0x4312bc SysFreeString
0x4312c0 VariantClear
0x4312c4 VariantChangeType
0x4312c8 VariantInit
0x4312cc SysStringLen
0x4312dc SafeArrayDestroy
0x4312e0 SysAllocString
0x4312e4 VariantCopy
0x4312e8 SysAllocStringLen

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.