分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2019-11-18 15:39:25 2019-11-18 15:40:24 59 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 自动牌王.exe
文件大小 5124076 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 549ed1e97bce276c704329a7d2272642
SHA1 41089c16cb0f16a8510f18be278e5f5982793693
SHA256 eacfb7e4ee2fda43d1ce4d938fa9a2d05cc157c97439bc0598ab89ebae7b9020
SHA512 3828bc9cd525344e74a338d92f3f1dd4f6cdcff939aa478e8c31e70fdef98069ac13e0d477ae09130a5a65d7136f7d7390c6938ccf5fe76a4c2cf756b34f8c76
CRC32 B0C4821B
Ssdeep 98304:ej2hqA70X8lG4v54mk45SbWf+YFCOdlwu7XUU+jFsxhD8pkmqp6Snq:eKhr0X74Qaf+H0kQsS6l
Yara 登录查看Yara规则
样本下载 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004e2895
声明校验值 0x00000000
实际校验值 0x004f262a
最低操作系统版本要求 4.0
编译时间 2019-11-13 19:27:22
载入哈希 9f6c26c964c9756b266f2859b18f52f0

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00102512 0x00103000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.54
.rdata 0x00104000 0x00386440 0x00387000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.90
.data 0x0048b000 0x0007634a 0x00045000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.15
.rsrc 0x00502000 0x00009250 0x0000a000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.66

覆盖

偏移量 0x004da000
大小 0x00008fec

导入

库: user32.dll:
0x504a04 GetMenuItemCount
0x504a0c SetForegroundWindow
0x504a10 GetMessagePos
0x504a14 GetMessageTime
0x504a18 DefWindowProcA
0x504a1c RemovePropA
0x504a20 CallWindowProcA
0x504a24 IsIconic
0x504a28 SetPropA
0x504a2c GetClassLongA
0x504a30 CreateWindowExA
0x504a34 DestroyWindow
0x504a38 GetMenuItemID
0x504a3c GetSubMenu
0x504a40 GetMenu
0x504a44 RegisterClassA
0x504a48 GetClassInfoA
0x504a50 GetCapture
0x504a54 GetTopWindow
0x504a58 CopyRect
0x504a5c GetClientRect
0x504a60 AdjustWindowRectEx
0x504a64 IsWindow
0x504a68 SetActiveWindow
0x504a6c GetSysColor
0x504a70 MapWindowPoints
0x504a74 UpdateWindow
0x504a78 GetSysColorBrush
0x504a7c GetPropA
0x504a80 PostMessageA
0x504a84 SendMessageA
0x504a88 SetCursor
0x504a8c EnableWindow
0x504a90 GetWindowLongA
0x504a94 IsWindowEnabled
0x504a98 GetLastActivePopup
0x504a9c GetParent
0x504aa0 SetWindowsHookExA
0x504aa4 GetCursorPos
0x504aa8 PeekMessageA
0x504aac IsWindowVisible
0x504ab0 ValidateRect
0x504ab4 CallNextHookEx
0x504ab8 GetKeyState
0x504abc GetActiveWindow
0x504ac0 DispatchMessageA
0x504ac4 TranslateMessage
0x504ac8 GetMessageA
0x504acc GetNextDlgTabItem
0x504ad0 GetFocus
0x504ad4 EnableMenuItem
0x504ad8 CheckMenuItem
0x504adc SetMenuItemBitmaps
0x504ae0 ModifyMenuA
0x504ae4 GetMenuState
0x504ae8 LoadBitmapA
0x504af4 UnhookWindowsHookEx
0x504af8 UnregisterClassA
0x504afc GetClassNameA
0x504b00 PtInRect
0x504b04 GetWindowRect
0x504b08 wsprintfA
0x504b0c MessageBoxA
0x504b10 ReleaseDC
0x504b14 ShowWindow
0x504b18 SetWindowPos
0x504b1c GetForegroundWindow
0x504b20 GetDlgItem
0x504b24 FindWindowA
0x504b28 GetDlgCtrlID
0x504b2c GetWindow
0x504b30 GetDC
0x504b34 SetCursorPos
0x504b38 GetAncestor
0x504b3c EnumWindows
0x504b40 PostQuitMessage
0x504b44 SetFocus
0x504b48 GetSystemMetrics
0x504b4c GetWindowPlacement
0x504b50 EndDialog
0x504b58 DestroyMenu
0x504b5c PostThreadMessageA
0x504b60 LoadStringA
0x504b64 WinHelpA
0x504b68 LoadIconA
0x504b6c ClientToScreen
0x504b70 SetWindowTextA
0x504b74 GetWindowTextA
0x504b78 LoadCursorA
0x504b7c TabbedTextOutA
0x504b80 DrawTextA
0x504b84 GrayStringA
0x504b88 SendDlgItemMessageA
0x504b8c IsDialogMessageA
0x504b90 SetWindowLongA
库: kernel32.dll:
0x5047a8 OpenProcess
0x5047ac RtlFillMemory
0x5047b0 Process32Next
0x5047b4 CloseHandle
0x5047b8 Process32First
0x5047c0 ReadProcessMemory
0x5047c4 LocalSize
0x5047c8 MultiByteToWideChar
0x5047cc WideCharToMultiByte
0x5047d0 GetProcessHeap
0x5047d4 ExitProcess
0x5047d8 HeapAlloc
0x5047dc HeapReAlloc
0x5047e0 HeapFree
0x5047e4 IsBadReadPtr
0x5047e8 GetTickCount
0x5047ec GetModuleFileNameA
0x5047f0 GetLocalTime
0x5047f4 VirtualQueryEx
0x5047f8 Sleep
0x5047fc LCMapStringA
0x504800 GetUserDefaultLCID
0x504804 GlobalFree
0x504808 GlobalUnlock
0x50480c GlobalLock
0x504810 GlobalAlloc
0x504814 DeleteFileA
0x504818 ReadFile
0x50481c SetFilePointer
0x504820 GetFileSize
0x504824 ResumeThread
0x50482c GetModuleHandleA
0x504830 lstrcpyn
0x504838 FreeLibrary
0x50483c LoadLibraryA
0x504840 CreateFileA
0x504844 WriteFile
0x504848 RtlMoveMemory
0x50484c GetProcAddress
0x504850 DeviceIoControl
0x504854 GetCurrentThreadId
0x504858 GetCurrentThread
0x50485c lstrcmpiA
0x504860 lstrcmpA
0x504864 GlobalDeleteAtom
0x504868 lstrlenA
0x50486c LocalAlloc
0x504870 LocalFree
0x504878 TlsAlloc
0x504880 GlobalHandle
0x504884 TlsFree
0x50488c GlobalReAlloc
0x504894 TlsSetValue
0x504898 LocalReAlloc
0x50489c TlsGetValue
0x5048a4 SetErrorMode
0x5048a8 lstrcatA
0x5048ac lstrcpyA
0x5048b0 WriteProcessMemory
0x5048b4 lstrcpynA
0x5048b8 GetVersion
0x5048bc MulDiv
0x5048c0 GlobalFlags
0x5048c8 SetLastError
0x5048cc GetLastError
0x5048d0 GlobalFindAtomA
0x5048d4 GlobalAddAtomA
0x5048d8 GlobalGetAtomNameA
0x5048dc LockResource
0x5048e0 LoadResource
0x5048e4 FindResourceA
0x5048e8 GetProcessVersion
0x5048ec GetCurrentProcess
0x5048f0 FlushFileBuffers
0x5048f4 GetCPInfo
0x5048f8 GetOEMCP
0x5048fc GetCommandLineA
0x504900 RtlUnwind
0x504904 TerminateProcess
0x504908 RaiseException
0x50490c HeapSize
0x504910 GetACP
0x504914 SetHandleCount
0x504918 GetStdHandle
0x50491c GetFileType
0x504920 GetStartupInfoA
0x504938 GetVersionExA
0x50493c HeapDestroy
0x504940 HeapCreate
0x504944 VirtualFree
0x504948 VirtualAlloc
0x50494c IsBadWritePtr
0x504950 LCMapStringW
0x504958 GetStringTypeA
0x50495c GetStringTypeW
0x504960 IsBadCodePtr
0x504964 SetStdHandle
库: gdi32.dll:
0x504738 SaveDC
0x50473c GetStockObject
0x504740 SetBkColor
0x504744 Rectangle
0x504748 CreateFontIndirectA
0x50474c SetBkMode
0x504750 SetTextColor
0x504754 TextOutA
0x504758 DeleteObject
0x50475c GetObjectA
0x504760 Escape
0x504764 ExtTextOutA
0x504768 RectVisible
0x50476c PtVisible
0x504770 SetMapMode
0x504774 SetViewportOrgEx
0x504778 OffsetViewportOrgEx
0x50477c SetViewportExtEx
0x504780 ScaleViewportExtEx
0x504784 RestoreDC
0x504788 SetWindowExtEx
0x50478c GetDeviceCaps
0x504790 SelectObject
0x504794 CreateBitmap
0x504798 GetClipBox
0x50479c ScaleWindowExtEx
0x5047a0 DeleteDC
库: ws2_32.dll:
0x504ba8 recv
0x504bac select
0x504bb0 setsockopt
0x504bb4 send
0x504bb8 inet_addr
0x504bbc ntohs
库: atl.dll:
0x504714 None
库: winspool.drv:
0x504b98 OpenPrinterA
0x504b9c ClosePrinter
0x504ba0 DocumentPropertiesA
库: advapi32.dll:
0x5046f8 RegCloseKey
0x5046fc RegSetValueExA
0x504700 RegCreateKeyExA
0x504704 RegQueryValueExA
0x504708 RegOpenKeyExA
0x50470c RegOpenKeyA
库: comctl32.dll:
0x50471c None
库: oledlg.dll:
0x5049fc None
库: ole32.dll:
0x50496c CoRevokeClassObject
0x504974 OleInitialize
0x504978 OleUninitialize
0x50497c CLSIDFromString
0x504980 CoCreateInstance
0x504984 OleRun
0x504988 OleUninitialize
0x50498c OleInitialize
0x504990 CLSIDFromProgID
0x504994 CLSIDFromString
0x504998 CoCreateInstance
0x50499c OleRun
0x5049a0 OleFlushClipboard
0x5049ac CLSIDFromProgID
库: oleaut32.dll:
0x5049b4 LoadTypeLib
0x5049b8 VarR8FromBool
0x5049bc VarR8FromCy
0x5049c8 SafeArrayAccessData
0x5049cc SafeArrayGetUBound
0x5049d0 SafeArrayGetLBound
0x5049d4 SafeArrayDestroy
0x5049d8 VariantClear
0x5049dc SysAllocString
0x5049e0 SafeArrayCreate
0x5049e4 RegisterTypeLib
0x5049e8 SafeArrayGetDim
0x5049ec VariantChangeType
0x5049f0 VariantInit
0x5049f4 LHashValOfNameSys
库: WINMM.dll:
0x504678 midiStreamRestart
0x50467c midiStreamClose
0x504680 midiOutReset
0x504684 midiStreamOut
0x50468c midiStreamProperty
0x504690 midiStreamOpen
0x504698 waveOutOpen
0x50469c waveOutGetNumDevs
0x5046a0 waveOutClose
0x5046a4 waveOutReset
0x5046a8 waveOutPause
0x5046ac waveOutWrite
0x5046b0 midiStreamStop
库: WS2_32.dll:
0x5046d0 inet_ntoa
0x5046d4 WSACleanup
0x5046d8 closesocket
0x5046dc WSAAsyncSelect
0x5046e0 ioctlsocket
0x5046e4 recv
0x5046e8 getpeername
0x5046ec accept
0x5046f0 recvfrom
库: KERNEL32.dll:
0x50417c RaiseException
0x504180 GetSystemTime
0x504184 RtlUnwind
0x504188 GetStartupInfoA
0x50418c GetOEMCP
0x504190 GetCPInfo
0x504194 GetProcessVersion
0x504198 SetErrorMode
0x50419c GlobalFlags
0x5041a0 GetCurrentThread
0x5041a4 GetFileTime
0x5041a8 TlsGetValue
0x5041ac LocalReAlloc
0x5041b0 TlsSetValue
0x5041b4 TlsFree
0x5041b8 GlobalHandle
0x5041bc TlsAlloc
0x5041c0 LocalAlloc
0x5041c4 GlobalGetAtomNameA
0x5041c8 GlobalAddAtomA
0x5041cc GlobalFindAtomA
0x5041d0 GlobalDeleteAtom
0x5041d4 SetEndOfFile
0x5041d8 UnlockFile
0x5041dc LockFile
0x5041e0 FlushFileBuffers
0x5041e4 LocalFree
0x5041f0 HeapSize
0x5041f4 GetACP
0x50420c SetHandleCount
0x504210 GetStdHandle
0x504218 HeapDestroy
0x50421c HeapCreate
0x504220 VirtualFree
0x504224 WideCharToMultiByte
0x504228 GetVersion
0x504230 SetLastError
0x504234 MultiByteToWideChar
0x504238 GetSystemDirectoryA
0x504240 OpenProcess
0x504244 TerminateProcess
0x50424c Process32First
0x504250 Process32Next
0x504254 SetFileTime
0x50425c GetLocalTime
0x504264 GetCurrentProcess
0x504268 DuplicateHandle
0x50426c GetFileType
0x504274 LCMapStringA
0x504278 LCMapStringW
0x50427c VirtualAlloc
0x504280 IsBadWritePtr
0x504288 GetStringTypeA
0x50428c GetStringTypeW
0x504290 CompareStringA
0x504294 CompareStringW
0x504298 IsBadReadPtr
0x50429c IsBadCodePtr
0x5042a0 SetStdHandle
0x5042a4 InterlockedExchange
0x5042a8 GetFileSize
0x5042ac SetFilePointer
0x5042b8 lstrcpynA
0x5042bc lstrcmpiA
0x5042c0 lstrcmpA
0x5042c4 IsDBCSLeadByte
0x5042c8 CreateSemaphoreA
0x5042cc ResumeThread
0x5042d0 ReleaseSemaphore
0x5042dc GetProfileStringA
0x5042e0 WriteFile
0x5042e8 CreateFileA
0x5042ec SetEvent
0x5042f0 FindResourceA
0x5042f4 LoadResource
0x5042f8 LockResource
0x5042fc ReadFile
0x504300 lstrlenW
0x504304 GetModuleFileNameA
0x504308 GetCurrentThreadId
0x50430c ExitProcess
0x504310 GlobalSize
0x504314 GlobalFree
0x504320 lstrcatA
0x504324 lstrlenA
0x504328 WinExec
0x50432c lstrcpyA
0x504330 FindNextFileA
0x504334 GlobalReAlloc
0x504338 HeapFree
0x50433c HeapReAlloc
0x504340 GetProcessHeap
0x504344 HeapAlloc
0x504348 GetUserDefaultLCID
0x50434c GetFullPathNameA
0x504350 FreeLibrary
0x504354 LoadLibraryA
0x504358 GetLastError
0x50435c GetVersionExA
0x504368 CreateThread
0x50436c CreateEventA
0x504370 CloseHandle
0x504374 WaitForSingleObject
0x504378 CreateProcessA
0x50437c GetTickCount
0x504380 GetCommandLineA
0x504384 MulDiv
0x504388 GetProcAddress
0x50438c GetModuleHandleA
0x50439c CreateDirectoryA
0x5043a0 GetFileAttributesA
0x5043a4 SetFileAttributesA
0x5043a8 FindClose
0x5043ac FindFirstFileA
0x5043b0 GetTempPathA
0x5043b4 GlobalUnlock
0x5043b8 GlobalLock
0x5043bc GlobalAlloc
0x5043c0 Sleep
库: USER32.dll:
0x504400 TabbedTextOutA
0x504404 BeginPaint
0x504408 GetWindowDC
0x504410 DrawTextA
0x504414 CallWindowProcA
0x504418 RemovePropA
0x50441c GetMessageTime
0x504420 GetLastActivePopup
0x504428 GetWindowPlacement
0x50442c GrayStringA
0x504430 DestroyWindow
0x504438 EndDialog
0x50443c EndPaint
0x504440 GetPropA
0x504444 UnhookWindowsHookEx
0x504448 SetPropA
0x50444c GetClassLongA
0x504450 CallNextHookEx
0x504454 SetWindowsHookExA
0x504458 CreateWindowExA
0x50445c GetMenuItemID
0x504460 GetMenuItemCount
0x504464 RegisterClassA
0x504468 GetScrollPos
0x50446c AdjustWindowRectEx
0x504470 MapWindowPoints
0x504474 SendDlgItemMessageA
0x504478 WaitForInputIdle
0x50447c wsprintfA
0x504480 CloseClipboard
0x504484 GetClipboardData
0x504488 OpenClipboard
0x50448c SetClipboardData
0x504490 EmptyClipboard
0x504494 GetSystemMetrics
0x504498 GetCursorPos
0x50449c MessageBoxA
0x5044a0 SetWindowPos
0x5044a4 SendMessageA
0x5044a8 DestroyCursor
0x5044ac SetParent
0x5044b0 IsWindow
0x5044b4 PostMessageA
0x5044b8 GetTopWindow
0x5044bc GetParent
0x5044c0 GetFocus
0x5044c4 GetClientRect
0x5044c8 InvalidateRect
0x5044cc UpdateWindow
0x5044d0 EqualRect
0x5044d4 GetWindowRect
0x5044d8 SetForegroundWindow
0x5044dc DestroyMenu
0x5044e0 UnregisterClassA
0x5044e4 ReleaseDC
0x5044e8 IsRectEmpty
0x5044ec FillRect
0x5044f0 GetDC
0x5044f4 SetCursor
0x5044f8 LoadCursorA
0x5044fc SetCursorPos
0x504500 SetActiveWindow
0x504504 GetSysColor
0x504508 SetWindowLongA
0x50450c GetWindowLongA
0x504510 RedrawWindow
0x504514 EnableWindow
0x504518 IsWindowVisible
0x50451c OffsetRect
0x504520 PtInRect
0x504524 DestroyIcon
0x504528 IntersectRect
0x50452c InflateRect
0x504530 SetRect
0x504534 SetScrollPos
0x504538 SetScrollRange
0x50453c GetScrollRange
0x504540 SetCapture
0x504544 GetCapture
0x504548 ReleaseCapture
0x50454c SetTimer
0x504550 KillTimer
0x504554 WinHelpA
0x504558 LoadBitmapA
0x50455c CopyRect
0x504564 ScreenToClient
0x504568 GetMessagePos
0x50456c SetWindowRgn
0x504574 GetWindow
0x504578 GetActiveWindow
0x50457c SetFocus
0x504580 IsIconic
0x504584 PeekMessageA
0x504588 SetMenu
0x50458c GetMenu
0x504590 DeleteMenu
0x504594 GetSystemMenu
0x504598 DefWindowProcA
0x50459c GetClassInfoA
0x5045a0 IsZoomed
0x5045a4 PostQuitMessage
0x5045ac GetKeyState
0x5045b4 IsWindowEnabled
0x5045b8 ShowWindow
0x5045c0 LoadImageA
0x5045c8 ClientToScreen
0x5045cc EnableMenuItem
0x5045d0 GetSubMenu
0x5045d4 GetDlgCtrlID
0x5045dc CreateMenu
0x5045e0 ModifyMenuA
0x5045e4 AppendMenuA
0x5045e8 CreatePopupMenu
0x5045ec DrawIconEx
0x5045fc SetRectEmpty
0x504600 DispatchMessageA
0x504604 GetMessageA
0x504608 WindowFromPoint
0x50460c DrawFocusRect
0x504610 DrawEdge
0x504614 DrawFrameControl
0x504618 TranslateMessage
0x50461c LoadIconA
0x504620 CharUpperA
0x504624 GetDesktopWindow
0x504628 GetClassNameA
0x504630 FindWindowA
0x504634 GetDlgItem
0x504638 GetWindowTextA
0x50463c GetForegroundWindow
0x504640 GetSysColorBrush
0x504644 GetNextDlgTabItem
0x504648 ScrollWindowEx
0x50464c IsDialogMessageA
0x504650 SetWindowTextA
0x504654 MoveWindow
0x504658 CheckMenuItem
0x50465c SetMenuItemBitmaps
0x504660 GetMenuState
0x504668 LoadStringA
0x50466c ValidateRect
0x504670 IsChild
库: GDI32.dll:
0x504030 LineTo
0x504034 MoveToEx
0x504038 ExcludeClipRect
0x50403c GetClipBox
0x504040 ScaleWindowExtEx
0x504044 SetWindowExtEx
0x504048 SetWindowOrgEx
0x50404c ScaleViewportExtEx
0x504050 SetViewportExtEx
0x504054 OffsetViewportOrgEx
0x504058 SetViewportOrgEx
0x50405c SetMapMode
0x504060 SetTextColor
0x504064 SetROP2
0x504068 SetPolyFillMode
0x50406c SetBkMode
0x504070 RestoreDC
0x504074 SaveDC
0x50407c GetDeviceCaps
0x504080 FillRgn
0x504084 CreateRectRgn
0x504088 CombineRgn
0x50408c PatBlt
0x504090 CreatePen
0x504094 SelectObject
0x504098 CreateBitmap
0x5040a0 GetPolyFillMode
0x5040a4 GetStretchBltMode
0x5040a8 GetROP2
0x5040ac GetBkColor
0x5040b0 GetBkMode
0x5040b4 GetTextColor
0x5040b8 CreateRoundRectRgn
0x5040bc CreateEllipticRgn
0x5040c0 PathToRegion
0x5040c4 EndPath
0x5040c8 BeginPath
0x5040cc GetWindowOrgEx
0x5040d0 GetViewportOrgEx
0x5040d4 GetWindowExtEx
0x5040d8 GetDIBits
0x5040dc RealizePalette
0x5040e0 SelectPalette
0x5040e4 StretchBlt
0x5040e8 CreatePalette
0x5040f0 CreateDIBitmap
0x5040f4 CreateSolidBrush
0x5040f8 SelectClipRgn
0x5040fc CreatePolygonRgn
0x504100 GetClipRgn
0x504104 SetStretchBltMode
0x50410c SetBkColor
0x504110 ExtSelectClipRgn
0x504114 GetViewportExtEx
0x504118 PtVisible
0x50411c RectVisible
0x504120 TextOutA
0x504124 ExtTextOutA
0x504128 Escape
0x50412c GetTextMetricsA
0x504130 RoundRect
0x504134 GetCurrentObject
0x504138 DPtoLP
0x50413c LPtoDP
0x504140 Rectangle
0x504144 Ellipse
0x504148 CreateCompatibleDC
0x50414c BitBlt
0x504150 StartPage
0x504154 StartDocA
0x504158 DeleteDC
0x50415c EndDoc
0x504160 EndPage
0x504164 GetObjectA
0x504168 GetStockObject
0x50416c CreateFontIndirectA
0x504170 CreateDCA
0x504174 DeleteObject
库: WINSPOOL.DRV:
0x5046c0 ClosePrinter
0x5046c4 DocumentPropertiesA
0x5046c8 OpenPrinterA
库: ADVAPI32.dll:
0x504000 RegOpenKeyExA
0x504004 RegSetValueExA
0x504008 RegCreateKeyA
0x50400c RegDeleteValueA
0x504010 RegDeleteKeyA
0x504014 RegQueryValueA
0x504018 RegCreateKeyExA
0x50401c RegCloseKey
库: SHELL32.dll:
0x5043f4 Shell_NotifyIconA
0x5043f8 ShellExecuteA
库: OLEAUT32.dll:
0x5043c8 UnRegisterTypeLib
0x5043cc LoadTypeLib
0x5043d0 LHashValOfNameSys
0x5043d4 RegisterTypeLib
0x5043d8 SysAllocString
0x5043dc VariantInit
0x5043e0 VariantCopyInd
0x5043e4 VariantChangeType
0x5043e8 VariantClear
库: COMCTL32.dll:
0x504024 None
0x504028 ImageList_Destroy
库: comdlg32.dll:
0x504724 GetSaveFileNameA
0x504728 ChooseColorA
0x50472c GetOpenFileNameA
0x504730 GetFileTitleA

.text
`.rdata
@.data
.rsrc
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
t)hQE
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
没有防病毒引擎扫描信息!

进程树


____________.exe, PID: 2476, 上一级进程 PID: 2336
cmd.exe, PID: 2540, 上一级进程 PID: 2476
cmd.exe, PID: 2576, 上一级进程 PID: 2476
regsvr32.exe, PID: 2668, 上一级进程 PID: 2540
taskkill.exe, PID: 2704, 上一级进程 PID: 2576

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 36.1 seconds )

  • 15.974 Static
  • 15.547 Suricata
  • 1.686 VirusTotal
  • 1.275 TargetInfo
  • 0.655 BehaviorAnalysis
  • 0.432 peid
  • 0.355 NetworkAnalysis
  • 0.132 AnalysisInfo
  • 0.022 config_decoder
  • 0.019 Strings
  • 0.003 Memory

Signatures ( 0.383 seconds )

  • 0.036 antiav_detectreg
  • 0.032 api_spamming
  • 0.025 stealth_timeout
  • 0.022 md_url_bl
  • 0.021 stealth_decoy_document
  • 0.018 kovter_behavior
  • 0.018 md_domain_bl
  • 0.016 antiemu_wine_func
  • 0.015 infostealer_browser_password
  • 0.015 infostealer_ftp
  • 0.01 anomaly_persistence_autorun
  • 0.009 antiav_detectfile
  • 0.009 infostealer_im
  • 0.008 antidbg_windows
  • 0.008 antianalysis_detectreg
  • 0.008 ransomware_files
  • 0.007 ransomware_extensions
  • 0.006 infostealer_bitcoin
  • 0.006 infostealer_mail
  • 0.004 mimics_filetime
  • 0.004 antivm_vbox_files
  • 0.004 disables_browser_warn
  • 0.003 tinba_behavior
  • 0.003 antivm_vbox_libs
  • 0.003 stealth_file
  • 0.003 injection_createremotethread
  • 0.003 reads_self
  • 0.003 geodo_banking_trojan
  • 0.003 browser_security
  • 0.003 md_bad_drop
  • 0.002 bootkit
  • 0.002 rat_nanocore
  • 0.002 antivm_vbox_window
  • 0.002 betabot_behavior
  • 0.002 kibex_behavior
  • 0.002 antivm_generic_scsi
  • 0.002 antivm_generic_disk
  • 0.002 cerber_behavior
  • 0.002 injection_runpe
  • 0.002 virus
  • 0.002 hancitor_behavior
  • 0.002 antivm_parallels_keys
  • 0.002 antivm_xen_keys
  • 0.002 modify_proxy
  • 0.001 network_tor
  • 0.001 antiav_avast_libs
  • 0.001 anomaly_persistence_bootexecute
  • 0.001 antivm_generic_services
  • 0.001 injection_explorer
  • 0.001 browser_needed
  • 0.001 ursnif_behavior
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 antisandbox_script_timer
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_diskreg
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 darkcomet_regkeys
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 office_security
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_fingerprint
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt
  • 0.001 stealth_modify_security_center_warnings

Reporting ( 1.183 seconds )

  • 0.857 ReportHTMLSummary
  • 0.326 Malheur
Task ID 460544
Mongo ID 5dd24b182f8f2e08f660a8da
Cuckoo release 1.4-Maldun