比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2019-10-25 22:21:22 2019-10-25 22:23:51 149 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 【姿美汇】活动软件1.0.exe
文件大小 7303168 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 673a97797c1949977a90b01b3ef194fb
SHA1 41c315c5818dd3d8a9edc90a3cde369676e38e12
SHA256 3d09ae0a8ce81cd1ab86e39188416d9b56d0cc309f2ed98ffa8d60c95752fdf5
SHA512 cb15d163e06339ba2f6ee0c1ba468a8c23988b99fea27925695f568585a38ae43b5e5dda4e29edbe1ca9886e443e4abc8405277e3ae67a2444a0b926d5588c90
CRC32 46D5486C
Ssdeep 49152:3kGKvbgkOD6OVYjdxk1+xBIBcjyaEIlWyZ60hNg:X+gkOlVY9BIBcjyaEIlWyZ6X
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x005159c2
声明校验值 0x00000000
实际校验值 0x006fc9da
最低操作系统版本要求 4.0
编译时间 2019-10-25 14:15:27
载入哈希 2c49fc7a08ea4386bce4efc06fee2b2d

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x001396b6 0x0013a000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.50
.rdata 0x0013b000 0x00592c90 0x00593000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.60
.data 0x006ce000 0x000991cb 0x00021000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.34
.rsrc 0x00768000 0x00007950 0x00008000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.55

导入

库: MSVFW32.dll:
0x53b40c DrawDibDraw
库: AVIFIL32.dll:
0x53b018 AVIStreamInfoA
0x53b01c AVIStreamGetFrame
库: WINMM.dll:
0x53b72c waveOutRestart
0x53b730 midiStreamRestart
0x53b734 midiStreamClose
0x53b738 midiOutReset
0x53b73c midiStreamStop
0x53b740 midiStreamOut
0x53b748 midiStreamProperty
0x53b74c midiStreamOpen
0x53b750 PlaySoundA
0x53b75c waveOutWrite
0x53b760 waveOutPause
0x53b764 waveOutReset
0x53b76c waveOutOpen
0x53b770 waveOutGetNumDevs
0x53b774 waveOutClose
库: WS2_32.dll:
0x53b794 inet_ntoa
0x53b798 WSAStartup
0x53b79c select
0x53b7a0 send
0x53b7a4 closesocket
0x53b7a8 WSAAsyncSelect
0x53b7ac WSACleanup
0x53b7b0 recvfrom
0x53b7b4 ioctlsocket
0x53b7b8 recv
0x53b7bc accept
0x53b7c0 ntohl
0x53b7c4 getpeername
库: RASAPI32.dll:
0x53b464 RasHangUpA
库: KERNEL32.dll:
0x53b1d8 GetVersion
0x53b1e4 CreateMutexA
0x53b1e8 ReleaseMutex
0x53b1ec SuspendThread
0x53b1f8 LocalFree
0x53b200 lstrcpynA
0x53b204 DuplicateHandle
0x53b208 FlushFileBuffers
0x53b20c LockFile
0x53b210 UnlockFile
0x53b214 SetEndOfFile
0x53b218 lstrcmpiA
0x53b21c GlobalDeleteAtom
0x53b220 GlobalFindAtomA
0x53b224 GlobalAddAtomA
0x53b228 GlobalGetAtomNameA
0x53b22c lstrcmpA
0x53b230 LocalAlloc
0x53b234 TlsAlloc
0x53b238 GlobalHandle
0x53b23c TlsFree
0x53b240 TlsSetValue
0x53b244 LocalReAlloc
0x53b248 TlsGetValue
0x53b24c GetFileTime
0x53b250 GetCurrentThread
0x53b254 GlobalFlags
0x53b258 SetErrorMode
0x53b25c GetProcessVersion
0x53b260 GetCPInfo
0x53b264 GetOEMCP
0x53b268 GetStartupInfoA
0x53b26c RtlUnwind
0x53b270 GetSystemTime
0x53b274 GetLocalTime
0x53b278 RaiseException
0x53b27c HeapSize
0x53b280 GetACP
0x53b284 SetStdHandle
0x53b288 GetFileType
0x53b2a0 SetHandleCount
0x53b2a4 GetStdHandle
0x53b2ac HeapDestroy
0x53b2b0 HeapCreate
0x53b2b4 VirtualFree
0x53b2bc LCMapStringA
0x53b2c0 LCMapStringW
0x53b2c4 VirtualAlloc
0x53b2c8 IsBadWritePtr
0x53b2d0 GetStringTypeA
0x53b2d4 GetStringTypeW
0x53b2d8 CompareStringA
0x53b2dc CompareStringW
0x53b2e0 IsBadReadPtr
0x53b2e4 IsBadCodePtr
0x53b2e8 SetLastError
0x53b2ec GetSystemDirectoryA
0x53b2f0 LoadLibraryExA
0x53b2f8 TerminateProcess
0x53b2fc GetCurrentProcess
0x53b300 GetFileSize
0x53b304 SetFilePointer
0x53b308 CreateSemaphoreA
0x53b30c ResumeThread
0x53b310 ReleaseSemaphore
0x53b31c GetProfileStringA
0x53b320 WriteFile
0x53b328 CreateFileA
0x53b32c SetEvent
0x53b330 FindResourceA
0x53b334 LoadResource
0x53b338 LockResource
0x53b33c ReadFile
0x53b340 lstrlenW
0x53b344 GetModuleFileNameA
0x53b348 WideCharToMultiByte
0x53b34c MultiByteToWideChar
0x53b350 GetCurrentThreadId
0x53b354 ExitProcess
0x53b358 GlobalSize
0x53b35c GlobalFree
0x53b368 lstrcatA
0x53b36c lstrlenA
0x53b370 WinExec
0x53b374 lstrcpyA
0x53b378 FindNextFileA
0x53b37c GlobalReAlloc
0x53b380 HeapFree
0x53b384 HeapReAlloc
0x53b388 GetProcessHeap
0x53b38c HeapAlloc
0x53b390 GetUserDefaultLCID
0x53b394 GetFullPathNameA
0x53b398 FreeLibrary
0x53b39c LoadLibraryA
0x53b3a0 GetLastError
0x53b3a4 GetVersionExA
0x53b3b0 CreateThread
0x53b3b4 CreateEventA
0x53b3b8 Sleep
0x53b3bc GlobalAlloc
0x53b3c0 GlobalLock
0x53b3c4 GlobalUnlock
0x53b3c8 GetTempPathA
0x53b3cc FindFirstFileA
0x53b3d0 FindClose
0x53b3d4 GetFileAttributesA
0x53b3e0 GetModuleHandleA
0x53b3e4 GetProcAddress
0x53b3e8 MulDiv
0x53b3ec GetCommandLineA
0x53b3f0 GetTickCount
0x53b3f4 CreateProcessA
0x53b3f8 WaitForSingleObject
0x53b3fc CloseHandle
0x53b400 InterlockedExchange
0x53b404 TerminateThread
库: USER32.dll:
0x53b490 SetMenuItemBitmaps
0x53b494 CheckMenuItem
0x53b498 MoveWindow
0x53b49c IsDialogMessageA
0x53b4a0 ScrollWindowEx
0x53b4a4 SendDlgItemMessageA
0x53b4a8 MapWindowPoints
0x53b4ac AdjustWindowRectEx
0x53b4b0 GetScrollPos
0x53b4b4 RegisterClassA
0x53b4b8 GetClassLongA
0x53b4bc SetPropA
0x53b4c0 GetPropA
0x53b4c4 RemovePropA
0x53b4c8 GetMessageTime
0x53b4cc GetLastActivePopup
0x53b4d4 GetWindowPlacement
0x53b4d8 EndDialog
0x53b4e0 DestroyWindow
0x53b4e4 GrayStringA
0x53b4e8 DrawTextA
0x53b4ec TabbedTextOutA
0x53b4f0 EndPaint
0x53b4f4 BeginPaint
0x53b4f8 GetWindowDC
0x53b4fc CharUpperA
0x53b504 CreateIconIndirect
0x53b508 GetIconInfo
0x53b50c CopyIcon
0x53b510 LoadStringA
0x53b514 SetWindowTextA
0x53b518 UnhookWindowsHookEx
0x53b51c SetWindowsHookExA
0x53b520 CallNextHookEx
0x53b524 GetMenuItemCount
0x53b528 GetMenuItemID
0x53b52c GetMenuState
0x53b530 UnregisterHotKey
0x53b534 RegisterHotKey
0x53b538 CreateWindowExA
0x53b53c CallWindowProcA
0x53b540 GetForegroundWindow
0x53b544 EnumWindows
0x53b548 GetWindowTextA
0x53b54c FindWindowExA
0x53b550 GetDlgItem
0x53b554 GetClassNameA
0x53b558 GetDesktopWindow
0x53b55c DrawStateA
0x53b560 FrameRect
0x53b564 GetNextDlgTabItem
0x53b568 LoadIconA
0x53b56c TranslateMessage
0x53b570 DrawFrameControl
0x53b574 DrawEdge
0x53b578 DrawFocusRect
0x53b57c WindowFromPoint
0x53b580 GetMessageA
0x53b584 DispatchMessageA
0x53b588 GetSysColorBrush
0x53b598 DrawIconEx
0x53b59c CreatePopupMenu
0x53b5a0 AppendMenuA
0x53b5a4 ModifyMenuA
0x53b5a8 CreateMenu
0x53b5b0 GetDlgCtrlID
0x53b5b4 GetSubMenu
0x53b5b8 EnableMenuItem
0x53b5bc ClientToScreen
0x53b5c4 LoadImageA
0x53b5cc ShowWindow
0x53b5d0 IsWindowEnabled
0x53b5d8 GetKeyState
0x53b5e0 PostQuitMessage
0x53b5e4 IsZoomed
0x53b5e8 GetClassInfoA
0x53b5ec DefWindowProcA
0x53b5f0 GetSystemMenu
0x53b5f4 DeleteMenu
0x53b5f8 GetMenu
0x53b5fc SetMenu
0x53b600 PeekMessageA
0x53b604 IsIconic
0x53b608 SetFocus
0x53b60c GetActiveWindow
0x53b610 GetWindow
0x53b618 SetWindowRgn
0x53b61c GetMessagePos
0x53b620 ScreenToClient
0x53b628 CopyRect
0x53b62c LoadBitmapA
0x53b630 WinHelpA
0x53b634 KillTimer
0x53b638 SetTimer
0x53b63c ReleaseCapture
0x53b640 SetCapture
0x53b644 GetScrollRange
0x53b648 SetScrollRange
0x53b64c SetScrollPos
0x53b650 SetRect
0x53b654 InflateRect
0x53b658 IntersectRect
0x53b65c DestroyIcon
0x53b660 PtInRect
0x53b664 OffsetRect
0x53b668 IsWindowVisible
0x53b66c EnableWindow
0x53b670 RedrawWindow
0x53b674 GetWindowLongA
0x53b678 SetWindowLongA
0x53b67c GetSysColor
0x53b680 SetActiveWindow
0x53b684 SetCursorPos
0x53b688 LoadCursorA
0x53b68c SetCursor
0x53b690 GetDC
0x53b694 FillRect
0x53b698 IsRectEmpty
0x53b69c ReleaseDC
0x53b6a0 IsChild
0x53b6a4 TrackPopupMenu
0x53b6a8 DestroyMenu
0x53b6ac SetForegroundWindow
0x53b6b0 GetWindowRect
0x53b6b4 EqualRect
0x53b6b8 UpdateWindow
0x53b6bc ValidateRect
0x53b6c0 InvalidateRect
0x53b6c4 GetClientRect
0x53b6c8 GetFocus
0x53b6cc GetParent
0x53b6d0 GetTopWindow
0x53b6d4 PostMessageA
0x53b6d8 IsWindow
0x53b6dc SetParent
0x53b6e0 DestroyCursor
0x53b6e4 SendMessageA
0x53b6e8 SetWindowPos
0x53b6ec MessageBoxA
0x53b6f0 GetCursorPos
0x53b6f4 GetSystemMetrics
0x53b6f8 EmptyClipboard
0x53b6fc SetClipboardData
0x53b700 OpenClipboard
0x53b704 GetClipboardData
0x53b708 CloseClipboard
0x53b70c wsprintfA
0x53b710 WaitForInputIdle
0x53b714 SetRectEmpty
0x53b718 GetCapture
0x53b71c UnregisterClassA
库: GDI32.dll:
0x53b068 GetStockObject
0x53b06c CreateFontIndirectA
0x53b070 CreateSolidBrush
0x53b074 FillRgn
0x53b078 CreateRectRgn
0x53b07c CombineRgn
0x53b080 PatBlt
0x53b084 CreatePen
0x53b088 SelectObject
0x53b08c CreatePatternBrush
0x53b090 CreateBitmap
0x53b094 CreateDCA
0x53b09c GetPolyFillMode
0x53b0a0 GetStretchBltMode
0x53b0a4 GetROP2
0x53b0a8 GetBkColor
0x53b0ac GetBkMode
0x53b0b0 GetTextColor
0x53b0b4 CreateRoundRectRgn
0x53b0b8 CreateEllipticRgn
0x53b0bc PathToRegion
0x53b0c0 EndPath
0x53b0c4 BeginPath
0x53b0c8 OffsetRgn
0x53b0cc GetTextMetricsA
0x53b0d0 LineTo
0x53b0d4 MoveToEx
0x53b0d8 SaveDC
0x53b0dc RestoreDC
0x53b0e0 SetROP2
0x53b0e4 SetMapMode
0x53b0e8 SetViewportOrgEx
0x53b0ec OffsetViewportOrgEx
0x53b0f0 SetViewportExtEx
0x53b0f4 ScaleViewportExtEx
0x53b0f8 SetWindowOrgEx
0x53b0fc SetWindowExtEx
0x53b100 ScaleWindowExtEx
0x53b104 GetClipBox
0x53b108 ExcludeClipRect
0x53b10c GetObjectA
0x53b110 EndPage
0x53b114 ExtSelectClipRgn
0x53b118 GetViewportExtEx
0x53b11c PtVisible
0x53b120 RectVisible
0x53b124 ExtTextOutA
0x53b128 Escape
0x53b12c SetDIBitsToDevice
0x53b130 SetTextColor
0x53b134 SetBkMode
0x53b138 TextOutA
0x53b13c SetBkColor
0x53b144 CreateDIBSection
0x53b148 SetPixel
0x53b14c ExtCreateRegion
0x53b150 SetStretchBltMode
0x53b154 GetClipRgn
0x53b158 CreatePolygonRgn
0x53b15c SelectClipRgn
0x53b160 DeleteObject
0x53b164 CreateDIBitmap
0x53b16c CreatePalette
0x53b170 StretchBlt
0x53b174 SelectPalette
0x53b178 RealizePalette
0x53b17c GetDIBits
0x53b180 BitBlt
0x53b184 GetPixel
0x53b188 CreateCompatibleDC
0x53b18c Ellipse
0x53b190 Rectangle
0x53b194 LPtoDP
0x53b198 DPtoLP
0x53b19c GetCurrentObject
0x53b1a0 RoundRect
0x53b1a4 CreateFontA
0x53b1a8 EndDoc
0x53b1ac DeleteDC
0x53b1b0 StartDocA
0x53b1b4 StartPage
0x53b1c0 SetPolyFillMode
0x53b1c4 GetDeviceCaps
0x53b1c8 GetWindowExtEx
0x53b1cc GetViewportOrgEx
0x53b1d0 GetWindowOrgEx
库: WINSPOOL.DRV:
0x53b77c OpenPrinterA
0x53b780 ClosePrinter
0x53b784 DocumentPropertiesA
库: comdlg32.dll:
0x53b7cc GetFileTitleA
0x53b7d0 GetSaveFileNameA
0x53b7d4 GetOpenFileNameA
0x53b7d8 ChooseColorA
0x53b7dc ChooseFontA
库: ADVAPI32.dll:
0x53b000 RegCreateKeyExA
0x53b004 RegQueryValueA
0x53b008 RegSetValueExA
0x53b00c RegOpenKeyExA
0x53b010 RegCloseKey
库: SHELL32.dll:
0x53b470 Shell_NotifyIconA
0x53b474 ShellExecuteA
0x53b47c DragAcceptFiles
0x53b480 DragFinish
0x53b484 DragQueryFileA
库: ole32.dll:
0x53b7e4 CLSIDFromProgID
0x53b7e8 ReleaseStgMedium
0x53b7ec RevokeDragDrop
0x53b7f0 RegisterDragDrop
0x53b7f4 OleInitialize
0x53b7f8 OleUninitialize
0x53b7fc CLSIDFromString
0x53b800 CoCreateInstance
0x53b804 OleRun
库: OLEAUT32.dll:
0x53b414 SafeArrayGetElement
0x53b418 SafeArrayAccessData
0x53b420 VariantCopyInd
0x53b424 SafeArrayGetLBound
0x53b428 SafeArrayGetUBound
0x53b42c VariantChangeType
0x53b430 VariantClear
0x53b434 VariantCopy
0x53b438 VariantInit
0x53b43c SysAllocString
0x53b440 SafeArrayDestroy
0x53b444 SafeArrayCreate
0x53b448 SafeArrayPutElement
0x53b44c RegisterTypeLib
0x53b450 LHashValOfNameSys
0x53b454 SafeArrayGetDim
0x53b458 UnRegisterTypeLib
0x53b45c LoadTypeLib
库: COMCTL32.dll:
0x53b024 None
0x53b028 ImageList_EndDrag
0x53b030 ImageList_DragMove
0x53b034 ImageList_DragLeave
0x53b038 ImageList_DragEnter
0x53b03c ImageList_Destroy
0x53b040 ImageList_Create
0x53b044 ImageList_BeginDrag
0x53b048 ImageList_Add
0x53b04c _TrackMouseEvent
0x53b058 ImageList_GetIcon
0x53b05c ImageList_Duplicate
0x53b060 ImageList_Read
库: WLDAP32.dll:
0x53b78c None
库: WININET.dll:
0x53b724 InternetCloseHandle
.text
`.rdata
@.data
.rsrc
没有防病毒引擎扫描信息!

进程树

___________________________1.0.exe, PID: 2500, 上一级进程 PID: 2352
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 43.198 seconds )

  • 23.006 Static
  • 15.598 Suricata
  • 1.513 TargetInfo
  • 1.396 VirusTotal
  • 0.888 BehaviorAnalysis
  • 0.359 NetworkAnalysis
  • 0.332 peid
  • 0.062 AnalysisInfo
  • 0.024 Strings
  • 0.016 config_decoder
  • 0.004 Memory

Signatures ( 0.388 seconds )

  • 0.047 api_spamming
  • 0.04 stealth_timeout
  • 0.039 stealth_decoy_document
  • 0.034 antiav_detectreg
  • 0.032 antidbg_windows
  • 0.019 md_url_bl
  • 0.017 md_domain_bl
  • 0.014 infostealer_ftp
  • 0.01 antiav_detectfile
  • 0.008 anomaly_persistence_autorun
  • 0.008 infostealer_im
  • 0.007 antianalysis_detectreg
  • 0.007 ransomware_files
  • 0.006 antivm_vbox_window
  • 0.006 infostealer_bitcoin
  • 0.006 ransomware_extensions
  • 0.005 infostealer_mail
  • 0.004 antiemu_wine_func
  • 0.004 infostealer_browser_password
  • 0.004 antisandbox_script_timer
  • 0.004 kovter_behavior
  • 0.004 antivm_vbox_files
  • 0.004 disables_browser_warn
  • 0.003 tinba_behavior
  • 0.003 antivm_vbox_libs
  • 0.003 geodo_banking_trojan
  • 0.002 rat_nanocore
  • 0.002 betabot_behavior
  • 0.002 ransomeware_modifies_desktop_wallpaper
  • 0.002 kibex_behavior
  • 0.002 antivm_generic_scsi
  • 0.002 cerber_behavior
  • 0.002 antivm_parallels_keys
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.001 network_tor
  • 0.001 antiav_avast_libs
  • 0.001 injection_createremotethread
  • 0.001 antivm_generic_services
  • 0.001 reads_self
  • 0.001 ursnif_behavior
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 anormaly_invoke_kills
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 darkcomet_regkeys
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 office_security
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_fingerprint
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt
  • 0.001 stealth_modify_security_center_warnings

Reporting ( 0.918 seconds )

  • 0.914 ReportHTMLSummary
  • 0.004 Malheur
Task ID 414743
Mongo ID 5db305ad2f8f2e4496ebf9e8
Cuckoo release 1.4-Maldun