比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2019-11-02 11:33:24 2019-11-02 11:34:24 60 秒

魔盾分数

6.55

危险的

文件详细信息

文件名 云顶之弈 - 团子辅助.exe
文件大小 11079680 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 d0f49a4637fda20759accca988604cda
SHA1 ba1a81571401b00af478eae2730bea3dc5c634c8
SHA256 e3afde460ae4a7749d7af5f4e4efeaaa73337adc4f9eabf094e12477e7044cbc
SHA512 88ad5dce9b19e2d55572dbe1c006bfcd88f1caa8ed26adb3c110ce78061b2ac49103ff418f9279f6b03ee294490e16640ce8d30f8ffdfd19e3c3bb83b7991167
CRC32 14B78433
Ssdeep 196608:Aj0BAUSlxmlq6UFe8j1AejIi6YQbuI0L26hpgncaU7ITnRCYh2ghfFNhWyYU:Aj0BQxmE6ees1BLQXejhLHIEYhldayYU
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00fc52a4
声明校验值 0x00000000
实际校验值 0x00a9a562
最低操作系统版本要求 4.0
编译时间 2019-11-02 11:11:50
载入哈希 da3aaf662d946f600c01180a0b9041c6

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0009b8be 0x00000000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 0.00
.rdata 0x0009d000 0x007e6278 0x00000000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 0.00
.data 0x00884000 0x0004514a 0x00000000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.vmp0 0x008ca000 0x001663ad 0x00000000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 0.00
.rsrc 0x014b8000 0x0000c91a 0x00009000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.05

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_BITMAP 0x014c2acc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x014c2acc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x014c2acc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x014c2acc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x014c2acc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x014c2acc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x014c2acc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x014c2acc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x014c2acc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x014c2acc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x014c2acc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x014c2acc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x014c2acc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x014c2acc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x014c2acc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_MENU 0x014c2c1c 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_MENU 0x014c2c1c 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x014c3e64 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x014c3e64 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x014c3e64 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x014c3e64 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x014c3e64 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x014c3e64 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x014c3e64 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x014c3e64 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x014c3e64 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x014c3e64 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x014c48ac 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x014c48ac 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x014c48ac 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x014c48ac 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x014c48ac 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x014c48ac 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x014c48ac 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x014c48ac 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x014c48ac 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x014c48ac 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x014c48ac 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_GROUP_CURSOR 0x014c48f8 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_GROUP_CURSOR 0x014c48f8 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_GROUP_CURSOR 0x014c48f8 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None

导入

库: WINMM.dll:
0xe3a000 midiStreamOut
0xe3a010 waveOutWrite
0xe3a014 waveOutPause
0xe3a018 waveOutReset
0xe3a01c waveOutClose
0xe3a020 waveOutGetNumDevs
0xe3a024 waveOutOpen
0xe3a028 midiStreamStop
0xe3a02c midiOutReset
0xe3a030 midiStreamClose
0xe3a034 midiStreamRestart
0xe3a03c midiStreamOpen
0xe3a040 midiStreamProperty
库: WS2_32.dll:
0xe3a048 WSACleanup
0xe3a04c closesocket
0xe3a050 getpeername
0xe3a054 accept
0xe3a058 WSAAsyncSelect
0xe3a05c recvfrom
0xe3a060 ioctlsocket
0xe3a064 inet_ntoa
0xe3a068 recv
库: KERNEL32.dll:
0xe3a070 SetLastError
0xe3a078 GetVersion
0xe3a07c GetACP
0xe3a080 HeapSize
0xe3a084 RaiseException
0xe3a088 GetLocalTime
0xe3a08c RtlUnwind
0xe3a090 GetStartupInfoA
0xe3a094 GetOEMCP
0xe3a098 GetCPInfo
0xe3a09c GetProcessVersion
0xe3a0a0 SetErrorMode
0xe3a0a4 GlobalFlags
0xe3a0a8 GetCurrentThread
0xe3a0ac GetFileTime
0xe3a0b0 TlsGetValue
0xe3a0b4 LocalReAlloc
0xe3a0b8 TlsSetValue
0xe3a0bc TlsFree
0xe3a0c0 GlobalHandle
0xe3a0c4 TlsAlloc
0xe3a0c8 LocalAlloc
0xe3a0cc lstrcmpA
0xe3a0d0 GlobalGetAtomNameA
0xe3a0d4 GlobalAddAtomA
0xe3a0d8 GlobalFindAtomA
0xe3a0dc GlobalDeleteAtom
0xe3a0e0 lstrcmpiA
0xe3a0e4 SetEndOfFile
0xe3a0e8 UnlockFile
0xe3a0ec LockFile
0xe3a0f0 FlushFileBuffers
0xe3a0f4 DuplicateHandle
0xe3a0f8 lstrcpynA
0xe3a104 LocalFree
0xe3a110 OpenProcess
0xe3a114 TerminateProcess
0xe3a118 GetFileSize
0xe3a11c SetFilePointer
0xe3a124 Process32First
0xe3a128 Process32Next
0xe3a12c WideCharToMultiByte
0xe3a130 MultiByteToWideChar
0xe3a134 GetCurrentProcess
0xe3a13c GetSystemDirectoryA
0xe3a140 CreateSemaphoreA
0xe3a144 ResumeThread
0xe3a148 ReleaseSemaphore
0xe3a154 GetProfileStringA
0xe3a158 WriteFile
0xe3a160 CreateFileA
0xe3a164 SetEvent
0xe3a168 FindResourceA
0xe3a16c LoadResource
0xe3a170 LockResource
0xe3a174 ReadFile
0xe3a178 RemoveDirectoryA
0xe3a17c GetModuleFileNameA
0xe3a180 GetCurrentThreadId
0xe3a184 ExitProcess
0xe3a188 GlobalSize
0xe3a18c GlobalFree
0xe3a198 lstrcatA
0xe3a19c lstrlenA
0xe3a1a0 WinExec
0xe3a1a4 InterlockedExchange
0xe3a1a8 lstrcpyA
0xe3a1ac FindNextFileA
0xe3a1b0 GlobalReAlloc
0xe3a1b4 HeapFree
0xe3a1b8 HeapReAlloc
0xe3a1bc GetProcessHeap
0xe3a1c0 HeapAlloc
0xe3a1c4 GetFullPathNameA
0xe3a1c8 FreeLibrary
0xe3a1cc LoadLibraryA
0xe3a1d0 GetLastError
0xe3a1d4 GetVersionExA
0xe3a1dc CreateThread
0xe3a1e0 CreateEventA
0xe3a1e4 Sleep
0xe3a1e8 GlobalAlloc
0xe3a1ec GlobalLock
0xe3a1f0 GlobalUnlock
0xe3a1f4 GetTempPathA
0xe3a1f8 FindFirstFileA
0xe3a1fc FindClose
0xe3a200 SetFileAttributesA
0xe3a204 GetFileAttributesA
0xe3a208 DeleteFileA
0xe3a214 GetModuleHandleA
0xe3a218 GetProcAddress
0xe3a21c MulDiv
0xe3a220 GetCommandLineA
0xe3a224 GetTickCount
0xe3a228 WaitForSingleObject
0xe3a22c CloseHandle
0xe3a244 SetHandleCount
0xe3a248 GetStdHandle
0xe3a24c GetFileType
0xe3a254 HeapDestroy
0xe3a258 HeapCreate
0xe3a25c VirtualFree
0xe3a264 LCMapStringA
0xe3a268 LCMapStringW
0xe3a26c VirtualAlloc
0xe3a270 IsBadWritePtr
0xe3a278 GetStringTypeA
0xe3a27c GetStringTypeW
0xe3a280 CompareStringA
0xe3a284 CompareStringW
0xe3a288 IsBadReadPtr
0xe3a28c IsBadCodePtr
0xe3a290 SetStdHandle
0xe3a294 GetSystemTime
库: USER32.dll:
0xe3a29c GetMenu
0xe3a2a0 SetMenu
0xe3a2a4 PeekMessageA
0xe3a2a8 IsIconic
0xe3a2ac SetFocus
0xe3a2b0 GetActiveWindow
0xe3a2b4 DeleteMenu
0xe3a2b8 GetSystemMenu
0xe3a2bc DefWindowProcA
0xe3a2c0 GetClassInfoA
0xe3a2c4 IsZoomed
0xe3a2c8 PostQuitMessage
0xe3a2d0 GetKeyState
0xe3a2d8 IsWindowEnabled
0xe3a2dc ShowWindow
0xe3a2e4 LoadImageA
0xe3a2ec ClientToScreen
0xe3a2f0 EnableMenuItem
0xe3a2f4 GetSubMenu
0xe3a2f8 GetDlgCtrlID
0xe3a300 CreateMenu
0xe3a304 ModifyMenuA
0xe3a308 AppendMenuA
0xe3a30c GetWindow
0xe3a314 SetWindowRgn
0xe3a318 GetMessagePos
0xe3a31c ScreenToClient
0xe3a320 CreatePopupMenu
0xe3a324 CopyRect
0xe3a328 LoadBitmapA
0xe3a32c WinHelpA
0xe3a330 KillTimer
0xe3a334 SetTimer
0xe3a338 ReleaseCapture
0xe3a33c GetCapture
0xe3a340 SetCapture
0xe3a344 GetScrollRange
0xe3a348 SetScrollRange
0xe3a34c SetScrollPos
0xe3a350 SetRect
0xe3a354 InflateRect
0xe3a358 IntersectRect
0xe3a35c GetSysColorBrush
0xe3a360 DestroyIcon
0xe3a364 PtInRect
0xe3a368 OffsetRect
0xe3a36c IsWindowVisible
0xe3a370 EnableWindow
0xe3a374 RedrawWindow
0xe3a378 GetWindowLongA
0xe3a37c SetWindowLongA
0xe3a380 GetSysColor
0xe3a384 SetActiveWindow
0xe3a388 SetCursorPos
0xe3a38c LoadCursorA
0xe3a390 SetCursor
0xe3a394 GetDC
0xe3a398 FillRect
0xe3a39c IsRectEmpty
0xe3a3a0 ReleaseDC
0xe3a3a4 IsChild
0xe3a3a8 DestroyMenu
0xe3a3ac SetForegroundWindow
0xe3a3b0 GetWindowRect
0xe3a3b4 EqualRect
0xe3a3b8 UpdateWindow
0xe3a3bc ValidateRect
0xe3a3c0 InvalidateRect
0xe3a3c4 GetClientRect
0xe3a3c8 GetFocus
0xe3a3cc GetParent
0xe3a3d0 GetTopWindow
0xe3a3d4 PostMessageA
0xe3a3d8 IsWindow
0xe3a3dc SetParent
0xe3a3e0 DestroyCursor
0xe3a3e4 SendMessageA
0xe3a3e8 SetWindowPos
0xe3a3ec MessageBoxA
0xe3a3f0 GetCursorPos
0xe3a3f4 GetSystemMetrics
0xe3a3f8 EmptyClipboard
0xe3a3fc SetClipboardData
0xe3a400 OpenClipboard
0xe3a404 GetClipboardData
0xe3a408 CloseClipboard
0xe3a40c wsprintfA
0xe3a410 DrawIconEx
0xe3a420 SetRectEmpty
0xe3a424 DispatchMessageA
0xe3a428 WindowFromPoint
0xe3a42c DrawFocusRect
0xe3a430 DrawEdge
0xe3a434 DrawFrameControl
0xe3a438 TranslateMessage
0xe3a43c LoadIconA
0xe3a440 GetForegroundWindow
0xe3a444 GetDesktopWindow
0xe3a448 GetClassNameA
0xe3a450 FindWindowA
0xe3a454 GetDlgItem
0xe3a458 FindWindowExA
0xe3a45c GetWindowTextA
0xe3a464 UnregisterClassA
0xe3a468 GetMessageA
0xe3a470 CharUpperA
0xe3a474 GetWindowDC
0xe3a478 BeginPaint
0xe3a47c EndPaint
0xe3a480 TabbedTextOutA
0xe3a484 DrawTextA
0xe3a488 GrayStringA
0xe3a48c DestroyWindow
0xe3a494 EndDialog
0xe3a498 GetNextDlgTabItem
0xe3a49c GetWindowPlacement
0xe3a4a4 GetLastActivePopup
0xe3a4a8 GetMessageTime
0xe3a4ac RemovePropA
0xe3a4b0 CallWindowProcA
0xe3a4b4 GetPropA
0xe3a4b8 UnhookWindowsHookEx
0xe3a4bc SetPropA
0xe3a4c0 GetClassLongA
0xe3a4c4 CallNextHookEx
0xe3a4c8 SetWindowsHookExA
0xe3a4cc CreateWindowExA
0xe3a4d0 GetMenuItemID
0xe3a4d4 GetMenuItemCount
0xe3a4d8 RegisterClassA
0xe3a4dc GetScrollPos
0xe3a4e0 AdjustWindowRectEx
0xe3a4e4 MapWindowPoints
0xe3a4e8 SendDlgItemMessageA
0xe3a4ec ScrollWindowEx
0xe3a4f0 IsDialogMessageA
0xe3a4f4 SetWindowTextA
0xe3a4f8 MoveWindow
0xe3a4fc CheckMenuItem
0xe3a500 SetMenuItemBitmaps
0xe3a504 GetMenuState
0xe3a50c LoadStringA
库: GDI32.dll:
0xe3a514 PtVisible
0xe3a518 GetViewportExtEx
0xe3a51c ExtSelectClipRgn
0xe3a520 CombineRgn
0xe3a524 CreateRectRgn
0xe3a528 FillRgn
0xe3a52c CreateSolidBrush
0xe3a530 GetStockObject
0xe3a534 CreateFontIndirectA
0xe3a538 EndPage
0xe3a53c EndDoc
0xe3a540 DeleteDC
0xe3a544 StartDocA
0xe3a548 StartPage
0xe3a54c BitBlt
0xe3a550 CreateCompatibleDC
0xe3a554 Ellipse
0xe3a558 Rectangle
0xe3a55c RectVisible
0xe3a560 DPtoLP
0xe3a564 GetCurrentObject
0xe3a568 RoundRect
0xe3a570 GetDeviceCaps
0xe3a574 SetBkColor
0xe3a578 LineTo
0xe3a57c MoveToEx
0xe3a580 ExcludeClipRect
0xe3a584 GetClipBox
0xe3a588 ScaleWindowExtEx
0xe3a58c SetWindowExtEx
0xe3a590 SetWindowOrgEx
0xe3a594 TextOutA
0xe3a598 ExtTextOutA
0xe3a59c Escape
0xe3a5a0 GetTextMetricsA
0xe3a5a4 PatBlt
0xe3a5a8 CreatePen
0xe3a5ac GetObjectA
0xe3a5b0 SelectObject
0xe3a5b4 CreateBitmap
0xe3a5b8 CreateDCA
0xe3a5c0 GetPolyFillMode
0xe3a5c4 GetStretchBltMode
0xe3a5c8 GetROP2
0xe3a5cc GetBkColor
0xe3a5d0 GetBkMode
0xe3a5d4 GetTextColor
0xe3a5d8 CreateRoundRectRgn
0xe3a5dc CreateEllipticRgn
0xe3a5e0 PathToRegion
0xe3a5e4 EndPath
0xe3a5e8 BeginPath
0xe3a5ec GetWindowOrgEx
0xe3a5f0 GetViewportOrgEx
0xe3a5f4 ScaleViewportExtEx
0xe3a5f8 SetViewportExtEx
0xe3a5fc OffsetViewportOrgEx
0xe3a600 SetViewportOrgEx
0xe3a604 SetMapMode
0xe3a608 SetTextColor
0xe3a60c SetROP2
0xe3a610 SetPolyFillMode
0xe3a614 GetWindowExtEx
0xe3a618 GetDIBits
0xe3a61c RealizePalette
0xe3a620 SelectPalette
0xe3a624 StretchBlt
0xe3a628 CreatePalette
0xe3a630 CreateDIBitmap
0xe3a634 DeleteObject
0xe3a638 SelectClipRgn
0xe3a640 GetClipRgn
0xe3a644 SetStretchBltMode
0xe3a648 LPtoDP
0xe3a64c CreatePolygonRgn
0xe3a650 SetBkMode
0xe3a654 RestoreDC
0xe3a658 SaveDC
库: WINSPOOL.DRV:
0xe3a660 OpenPrinterA
0xe3a664 DocumentPropertiesA
0xe3a668 ClosePrinter
库: ADVAPI32.dll:
0xe3a670 RegOpenKeyExA
0xe3a674 RegSetValueExA
0xe3a678 RegQueryValueA
0xe3a67c RegCreateKeyExA
0xe3a680 RegCloseKey
库: SHELL32.dll:
0xe3a688 ShellExecuteA
0xe3a68c Shell_NotifyIconA
库: ole32.dll:
0xe3a698 CLSIDFromString
0xe3a69c OleUninitialize
0xe3a6a0 OleInitialize
库: OLEAUT32.dll:
0xe3a6a8 LoadTypeLib
0xe3a6ac RegisterTypeLib
0xe3a6b0 UnRegisterTypeLib
库: COMCTL32.dll:
0xe3a6b8 None
0xe3a6bc ImageList_Destroy
库: comdlg32.dll:
0xe3a6c4 ChooseColorA
0xe3a6c8 GetFileTitleA
0xe3a6cc GetSaveFileNameA
0xe3a6d0 GetOpenFileNameA
库: KERNEL32.dll:
0xe3a6d8 GetModuleFileNameW
库: KERNEL32.dll:
0xe3a6e0 GetModuleHandleA
0xe3a6e4 LoadLibraryA
0xe3a6e8 LocalAlloc
0xe3a6ec LocalFree
0xe3a6f0 GetModuleFileNameA
0xe3a6f4 ExitProcess
.text
`.rdata
@.data
.vmp0
`.vmp1
.rsrc
TranslateAcceleratorA
SetParent
Process32Next
WINSPOOL.DRV
VirtualAlloc
SendDlgItemMessageA
GetWindowThreadProcessId
ReleaseDC
CreateRoundRectRgn
KillTimer
LoadStringA
COMCTL32.dll
GetModuleFileNameA
GetTickCount
HeapDestroy
GetStartupInfoA
SetScrollRange
ExcludeClipRect
LoadImageA
FindNextFileA
ExtSelectClipRgn
LocalAlloc
FillRgn
WinHelpA
AdjustWindowRectEx
TlsAlloc
lstrlenA
GetFullPathNameA
OffsetRect
ScreenToClient
midiOutReset
SetViewportExtEx
GetClientRect
DeleteFileA
GetMenuState
OpenClipboard
SetFileAttributesA
CallNextHookEx
SetWindowExtEx
GetEnvironmentStrings
ClientToScreen
GetProcessHeap
LockResource
waveOutWrite
Ellipse
IsDialogMessageA
EndDoc
SetPropA
WaitForSingleObject
GetROP2
GetWindowsDirectoryA
IsBadCodePtr
LeaveCriticalSection
GetDlgItem
SelectObject
GetForegroundWindow
CLSIDFromString
RegQueryValueA
GetSystemTime
SHELL32.dll
LoadCursorA
MoveWindow
CreateDCA
DestroyIcon
SetErrorMode
SetMapMode
GetClipBox
WINMM.dll
GlobalAlloc
OffsetViewportOrgEx
midiStreamClose
waveOutClose
CreateDIBitmap
GetPolyFillMode
GetBkColor
FindWindowExA
GetStdHandle
SetHandleCount
CloseHandle
CompareStringA
SetScrollPos
GetWindowLongA
GlobalUnlock
ReleaseCapture
PathToRegion
FindWindowA
CreateAcceleratorTableA
CreateCompatibleDC
CreateEventA
MessageBoxA
Shell_NotifyIconA
GetFileTitleA
StartPage
GetWindowPlacement
GetTextColor
LPtoDP
PostQuitMessage
SetROP2
GlobalDeleteAtom
CreateWindowExA
EndPaint
UnhookWindowsHookEx
lstrcmpiA
TlsSetValue
RemoveDirectoryA
RestoreDC
DestroyMenu
IntersectRect
ole32.dll
GetStretchBltMode
DrawEdge
LCMapStringW
SetWindowTextA
SelectClipRgn
ExtTextOutA
GlobalGetAtomNameA
GetWindowTextA
CheckMenuItem
GetFocus
DrawTextA
LocalFree
lstrcpynA
ExitProcess
SetFilePointer
EmptyClipboard
GetMenuItemID
MulDiv
SaveDC
SetWindowLongA
SetTextColor
FreeEnvironmentStringsA
SetCursor
PatBlt
GetMenuItemCount
GetCapture
SetBkMode
ScaleWindowExtEx
EndDialog
SetRectEmpty
UnregisterClassA
DestroyWindow
CreateMenu
midiStreamRestart
waveOutPause
WaitForMultipleObjects
EnterCriticalSection
CreateRectRgn
CopyRect
comdlg32.dll
GetModuleHandleA
GetCPInfo
CreateThread
FillRect
GetTimeZoneInformation
GetDlgCtrlID
waveOutUnprepareHeader
UpdateWindow
BeginPaint
HeapSize
EndPath
GetLocalTime
SetWindowsHookExA
GetStringTypeW
waveOutGetNumDevs
StartDocA
SetActiveWindow
lstrcatA
SetEnvironmentVariableA
CharUpperA
SetPolyFillMode
ScaleViewportExtEx
SetStretchBltMode
ImageList_Destroy
SetWindowPos
ReleaseSemaphore
EqualRect
midiOutPrepareHeader
CompareStringW
OleUninitialize
GetWindow
waveOutPrepareHeader
GetActiveWindow
FileTimeToLocalFileTime
midiStreamOpen
SetStdHandle
GetKeyState
SetWindowRgn
midiStreamStop
SetCurrentDirectoryA
midiOutUnprepareHeader
CreatePen
PtVisible
OLEAUT32.dll
GetWindowDC
GetSysColorBrush
FreeLibrary
IsBadWritePtr
GetDesktopWindow
GetCommandLineA
RegSetValueExA
CreateEllipticRgn
TabbedTextOutA
GlobalFlags
RealizePalette
EndPage
GetLastError
WS2_32.dll
FreeEnvironmentStringsW
GetScrollRange
WindowFromPoint
DeleteMenu
ResumeThread
ClosePrinter
CloseClipboard
Rectangle
SetTimer
}*hd&
没有防病毒引擎扫描信息!

进程树

____________ - ____________.exe, PID: 2496, 上一级进程 PID: 2348
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 50.837 seconds )

  • 30.106 Static
  • 15.604 Suricata
  • 2.331 TargetInfo
  • 1.482 VirusTotal
  • 0.456 peid
  • 0.358 NetworkAnalysis
  • 0.344 BehaviorAnalysis
  • 0.08 AnalysisInfo
  • 0.058 config_decoder
  • 0.015 Strings
  • 0.003 Memory

Signatures ( 0.243 seconds )

  • 0.028 antiav_detectreg
  • 0.02 md_url_bl
  • 0.018 api_spamming
  • 0.016 md_domain_bl
  • 0.015 stealth_timeout
  • 0.014 stealth_decoy_document
  • 0.012 infostealer_ftp
  • 0.008 anomaly_persistence_autorun
  • 0.008 antiav_detectfile
  • 0.007 infostealer_im
  • 0.007 ransomware_files
  • 0.006 antianalysis_detectreg
  • 0.006 ransomware_extensions
  • 0.005 infostealer_bitcoin
  • 0.004 infostealer_mail
  • 0.003 tinba_behavior
  • 0.003 antiemu_wine_func
  • 0.003 infostealer_browser_password
  • 0.003 antidbg_windows
  • 0.003 kovter_behavior
  • 0.003 antivm_vbox_files
  • 0.003 geodo_banking_trojan
  • 0.003 disables_browser_warn
  • 0.003 md_bad_drop
  • 0.002 antivm_vbox_libs
  • 0.002 rat_nanocore
  • 0.002 betabot_behavior
  • 0.002 cerber_behavior
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.001 network_tor
  • 0.001 mimics_filetime
  • 0.001 injection_createremotethread
  • 0.001 reads_self
  • 0.001 ursnif_behavior
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 virus
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 darkcomet_regkeys
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 office_security
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_fingerprint
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.774 seconds )

  • 0.77 ReportHTMLSummary
  • 0.004 Malheur
Task ID 428224
Mongo ID 5dbcf9872f8f2e7038221a13
Cuckoo release 1.4-Maldun