分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2019-11-18 16:15:42 2019-11-18 16:17:57 135 秒

魔盾分数

9.1

危险的

文件详细信息

文件名 PsQREdit 2.4.3huajun.exe
文件大小 252400 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 eedbf7a7d70fd618773edf8c5898a995
SHA1 792f5fb9e60c7ff63fb659276b626d2666f2b9ee
SHA256 f1bb56ffe4f4c9714a5f70ea93630abfaee0bd3ffa3b99565879e2c14899cdcc
SHA512 d48377b4b29085e098fdc941e4c9915c995684e4c6e994708a057a8305864f8f6a3fdcf923689011e168e6260491a5aaf1b22b12ec1085e61d3cc8729905b115
CRC32 41C8196D
Ssdeep 3072:ec8z0aBu5qWohUjAfA1dvYS6M3f+VqiO4pnCcYZojFlYQotLBnRQf22J3J0wJ16o:ec8QY8AY4p3YakhRKO2J3JTTL
Yara 登录查看Yara规则
样本下载 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00421e2a
声明校验值 0x000453ad
实际校验值 0x000453ad
最低操作系统版本要求 4.0
编译时间 2009-10-05 12:43:57
载入哈希 ca18b8f109eb3059d32a73332f5c1c1b

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
PrivateBuild
LegalTrademarks
Comments
ProductName
SpecialBuild
ProductVersion
FileDescription
OriginalFilename
Translation

微软证书验证 (Sign Tool)

SHA1 时间戳 有效性 错误
75e75f6f00fbed4d3ba753120475ef0ba924fabf Mon Oct 05 12:44:25 2009
WinVerifyTrust returned error 0x80096010
证书链 Certificate Chain 1
发行给 GlobalSign Root CA
发行人 GlobalSign Root CA
有效期 Fri Jan 28 200000 2028
SHA1 哈希 b1bc968bd4f49d622aa89a81f2150152a41d829c
证书链 Certificate Chain 2
发行给 GlobalSign Primary Object Publishing CA
发行人 GlobalSign Root CA
有效期 Fri Jan 27 200000 2017
SHA1 哈希 1aaf4df10d36215e09e4eefd70e340c2e4decf38
证书链 Certificate Chain 3
发行给 GlobalSign ObjectSign CA
发行人 GlobalSign Primary Object Publishing CA
有效期 Fri Jan 27 190000 2017
SHA1 哈希 b859853ef366ac9335763c340a87bd208113055f
证书链 Certificate Chain 4
发行给 Psytec Inc.
发行人 GlobalSign ObjectSign CA
有效期 Fri Sep 07 170903 2012
SHA1 哈希 7993f75f5066494f4d7542d7f312f1b564758b98
证书链 Timestamp Chain 1
发行给 GlobalSign Root CA
发行人 GlobalSign Root CA
有效期 Fri Jan 28 200000 2028
SHA1 哈希 b1bc968bd4f49d622aa89a81f2150152a41d829c
证书链 Timestamp Chain 2
发行给 GlobalSign RootSign Partners CA
发行人 GlobalSign Root CA
有效期 Mon Jan 27 190000 2014
SHA1 哈希 0ceeb712ae36104d77193533fdf91f15b5119177
证书链 Timestamp Chain 3
发行给 GlobalSign Time Stamping Authority
发行人 GlobalSign RootSign Partners CA
有效期 Mon Jan 27 170000 2014
SHA1 哈希 8c4eb0708e6ec754f47b2d788089132ecbcc9b01

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00022302 0x00023000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.32
.rdata 0x00024000 0x00005974 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.18
.data 0x0002a000 0x00004034 0x00004000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.60
.rsrc 0x0002f000 0x0000d28a 0x0000e000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.55

导入

库: USER32.dll:
0x424668 IsWindow
0x42466c LoadMenuA
0x424670 GetSubMenu
0x424674 EnableMenuItem
0x424678 GetClientRect
0x42467c EnableWindow
0x424680 GetFocus
0x424684 GetClassNameA
0x424688 OpenClipboard
0x424690 CloseClipboard
0x424694 GetWindowRect
0x424698 LoadIconA
0x42469c GetKeyState
0x4246a0 IsIconic
0x4246a4 GetWindowLongA
0x4246a8 SendMessageA
0x4246ac GetKeyboardLayout
0x4246b4 ClientToScreen
0x4246b8 PtInRect
0x4246bc SetCapture
0x4246c0 ReleaseCapture
0x4246c4 LoadImageA
0x4246c8 UpdateWindow
0x4246cc SetForegroundWindow
0x4246d0 PostMessageA
0x4246d8 SetRect
0x4246dc LoadCursorA
0x4246e0 SetCursor
0x4246e4 MonitorFromRect
0x4246e8 GetMonitorInfoA
0x4246ec CopyRect
0x4246f0 LoadBitmapA
0x4246f4 FillRect
0x4246f8 EmptyClipboard
0x4246fc SetClipboardData
0x424700 SetWindowTextA
0x424704 GetParent
0x424708 ValidateRect
0x42470c GetDC
0x424710 ReleaseDC
0x424714 InvalidateRect
库: SHLWAPI.dll:
0x42465c PathFindFileNameA
0x424660 PathFindExtensionA
库: gdiplus.dll:
0x424734 GdipBitmapGetPixel
0x424738 GdiplusShutdown
0x42473c GdipGetImageHeight
0x424740 GdipGetImageWidth
0x424748 GdipAlloc
0x42474c GdiplusStartup
0x424750 GdipSaveImageToFile
0x424758 GdipBitmapLockBits
0x42475c GdipSetImagePalette
0x424770 GdipCloneImage
0x424774 GdipFree
0x424778 GdipDisposeImage
库: IMM32.dll:
0x42407c ImmSetOpenStatus
0x424080 ImmGetContext
0x424084 ImmAssociateContext
0x424088 ImmGetOpenStatus
0x424090 ImmReleaseContext
库: MFC42.DLL:
0x4240ec None
0x4240f0 None
0x4240f4 None
0x4240f8 None
0x4240fc None
0x424100 None
0x424104 None
0x424108 None
0x42410c None
0x424110 None
0x424114 None
0x424118 None
0x42411c None
0x424120 None
0x424124 None
0x424128 None
0x42412c None
0x424130 None
0x424134 None
0x424138 None
0x42413c None
0x424140 None
0x424144 None
0x424148 None
0x42414c None
0x424150 None
0x424154 None
0x424158 None
0x42415c None
0x424160 None
0x424164 None
0x424168 None
0x42416c None
0x424170 None
0x424174 None
0x424178 None
0x42417c None
0x424180 None
0x424184 None
0x424188 None
0x42418c None
0x424190 None
0x424194 None
0x424198 None
0x42419c None
0x4241a0 None
0x4241a4 None
0x4241a8 None
0x4241ac None
0x4241b0 None
0x4241b4 None
0x4241b8 None
0x4241bc None
0x4241c0 None
0x4241c4 None
0x4241c8 None
0x4241cc None
0x4241d0 None
0x4241d4 None
0x4241d8 None
0x4241dc None
0x4241e0 None
0x4241e4 None
0x4241e8 None
0x4241ec None
0x4241f0 None
0x4241f4 None
0x4241f8 None
0x4241fc None
0x424200 None
0x424204 None
0x424208 None
0x42420c None
0x424210 None
0x424214 None
0x424218 None
0x42421c None
0x424220 None
0x424224 None
0x424228 None
0x42422c None
0x424230 None
0x424234 None
0x424238 None
0x42423c None
0x424240 None
0x424244 None
0x424248 None
0x42424c None
0x424250 None
0x424254 None
0x424258 None
0x42425c None
0x424260 None
0x424264 None
0x424268 None
0x42426c None
0x424270 None
0x424274 None
0x424278 None
0x42427c None
0x424280 None
0x424284 None
0x424288 None
0x42428c None
0x424290 None
0x424294 None
0x424298 None
0x42429c None
0x4242a0 None
0x4242a4 None
0x4242a8 None
0x4242ac None
0x4242b0 None
0x4242b4 None
0x4242b8 None
0x4242bc None
0x4242c0 None
0x4242c4 None
0x4242c8 None
0x4242cc None
0x4242d0 None
0x4242d4 None
0x4242d8 None
0x4242dc None
0x4242e0 None
0x4242e4 None
0x4242e8 None
0x4242ec None
0x4242f0 None
0x4242f4 None
0x4242f8 None
0x4242fc None
0x424300 None
0x424304 None
0x424308 None
0x42430c None
0x424310 None
0x424314 None
0x424318 None
0x42431c None
0x424320 None
0x424324 None
0x424328 None
0x42432c None
0x424330 None
0x424334 None
0x424338 None
0x42433c None
0x424340 None
0x424344 None
0x424348 None
0x42434c None
0x424350 None
0x424354 None
0x424358 None
0x42435c None
0x424360 None
0x424364 None
0x424368 None
0x42436c None
0x424370 None
0x424374 None
0x424378 None
0x42437c None
0x424380 None
0x424384 None
0x424388 None
0x42438c None
0x424390 None
0x424394 None
0x424398 None
0x42439c None
0x4243a0 None
0x4243a4 None
0x4243a8 None
0x4243ac None
0x4243b0 None
0x4243b4 None
0x4243b8 None
0x4243bc None
0x4243c0 None
0x4243c4 None
0x4243c8 None
0x4243cc None
0x4243d0 None
0x4243d4 None
0x4243d8 None
0x4243dc None
0x4243e0 None
0x4243e4 None
0x4243e8 None
0x4243ec None
0x4243f0 None
0x4243f4 None
0x4243f8 None
0x4243fc None
0x424400 None
0x424404 None
0x424408 None
0x42440c None
0x424410 None
0x424414 None
0x424418 None
0x42441c None
0x424420 None
0x424424 None
0x424428 None
0x42442c None
0x424430 None
0x424434 None
0x424438 None
0x42443c None
0x424440 None
0x424444 None
0x424448 None
0x42444c None
0x424450 None
0x424454 None
0x424458 None
0x42445c None
0x424460 None
0x424464 None
0x424468 None
0x42446c None
0x424470 None
0x424474 None
0x424478 None
0x42447c None
0x424480 None
0x424484 None
0x424488 None
0x42448c None
0x424490 None
0x424494 None
0x424498 None
0x42449c None
0x4244a0 None
0x4244a4 None
0x4244a8 None
0x4244ac None
0x4244b0 None
0x4244b4 None
0x4244b8 None
0x4244bc None
0x4244c0 None
0x4244c4 None
0x4244c8 None
0x4244cc None
0x4244d0 None
0x4244d4 None
0x4244d8 None
0x4244dc None
0x4244e0 None
0x4244e4 None
0x4244e8 None
0x4244ec None
0x4244f0 None
0x4244f4 None
0x4244f8 None
0x4244fc None
0x424500 None
0x424504 None
0x424508 None
0x42450c None
0x424510 None
0x424514 None
0x424518 None
0x42451c None
0x424520 None
0x424524 None
0x424528 None
0x42452c None
0x424530 None
0x424534 None
0x424538 None
0x42453c None
0x424540 None
0x424544 None
0x424548 None
0x42454c None
0x424550 None
0x424554 None
0x424558 None
0x42455c None
0x424560 None
0x424564 None
0x424568 None
0x42456c None
0x424570 None
0x424574 None
0x424578 None
0x42457c None
0x424580 None
0x424584 None
0x424588 None
0x42458c None
0x424590 None
0x424594 None
0x424598 None
0x42459c None
0x4245a0 None
0x4245a4 None
0x4245a8 None
0x4245ac None
0x4245b0 None
0x4245b4 None
0x4245b8 None
0x4245bc None
0x4245c0 None
0x4245c4 None
0x4245c8 None
0x4245cc None
库: MSVCRT.dll:
0x4245d4 mbstowcs
0x4245d8 _setmbcp
0x4245dc _exit
0x4245e0 __lconv_init
0x4245e4 _controlfp
0x4245e8 _onexit
0x4245ec __dllonexit
0x4245f0 ?terminate@@YAXXZ
0x4245f4 __set_app_type
0x4245f8 __p__fmode
0x4245fc __p__commode
0x424600 _adjust_fdiv
0x424604 __setusermatherr
0x424608 _initterm
0x42460c __getmainargs
0x424610 _acmdln
0x424614 exit
0x424618 __CxxFrameHandler
0x42461c _mbsicmp
0x424620 free
0x424624 _mbscmp
0x424628 memmove
0x42462c malloc
0x424630 realloc
0x424634 _CIasin
0x424638 _ftol
0x42463c _except_handler3
0x424640 setlocale
0x424644 wcscmp
0x424648 _XcptFilter
库: KERNEL32.dll:
0x424098 MapViewOfFile
0x42409c UnmapViewOfFile
0x4240a0 CreateFileA
0x4240a4 GetLastError
0x4240a8 CloseHandle
0x4240ac GlobalSize
0x4240b0 GlobalAlloc
0x4240b4 GlobalUnlock
0x4240b8 GlobalLock
0x4240bc GlobalFree
0x4240c0 GetVersionExA
0x4240c4 lstrcpyA
0x4240c8 lstrlenA
0x4240cc lstrcmpiA
0x4240d0 GetFileSize
0x4240d4 WideCharToMultiByte
0x4240d8 MultiByteToWideChar
0x4240dc GetModuleHandleA
0x4240e0 GetStartupInfoA
0x4240e4 CreateFileMappingA
库: GDI32.dll:
0x424030 BitBlt
0x424034 DeleteObject
0x424038 CreateFontIndirectA
0x42403c GetPixel
0x424040 Rectangle
0x424044 CreateDCA
0x424048 CreatePatternBrush
0x42404c CreatePen
0x424050 CreateSolidBrush
0x424054 GetDIBits
0x424058 CreateBitmap
0x42405c SetPixel
0x424064 CreateCompatibleDC
0x42406c StretchBlt
0x424070 GetStockObject
库: comdlg32.dll:
0x42471c GetSaveFileNameA
0x424720 GetOpenFileNameA
库: ADVAPI32.dll:
0x424000 RegDeleteKeyA
0x424004 RegQueryValueExA
0x424008 RegOpenKeyExA
0x42400c RegSetValueExA
0x424010 RegDeleteValueA
0x424014 RegCloseKey
0x424018 RegEnumKeyExA
0x42401c RegCreateKeyExA
库: SHELL32.dll:
0x424650 ShellExecuteA
0x424654 DragQueryFileA
库: COMCTL32.dll:
库: ole32.dll:
0x424780 OleUninitialize
0x424784 RegisterDragDrop
0x424788 OleInitialize
0x42478c RevokeDragDrop

.text
`.rdata
@.data
.rsrc
L$8h
F|Pi@
F0VPWj
T$<QRj
D$<RPj
L$<PQj
T$<QRj
D$<RPj
L$<PQj
T$<QRj
D$<RPj
L$<PQj
T$<QRj
D$<RPj
L$<PQj
T$<QRj
L$<PQj
L$0PQj
QSUVWj
N(IQj
N(IQj
N(IQj
T$4WRj
T$4WRj
N(IQWj
N(IQj
N(IQWj
N(IQj
L$<Qj
T$`Qj
D$<Pj
L$$h
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20191116
MicroWorld-eScan 未发现病毒 20191118
CMC 未发现病毒 20190321
CAT-QuickHeal 未发现病毒 20191118
McAfee 未发现病毒 20191113
Malwarebytes 未发现病毒 20191118
Zillya 未发现病毒 20191115
SUPERAntiSpyware 未发现病毒 20191115
CrowdStrike 未发现病毒 20190702
Alibaba 未发现病毒 20190527
K7GW 未发现病毒 20191118
K7AntiVirus 未发现病毒 20191118
Arcabit 未发现病毒 20191118
TrendMicro 未发现病毒 20191118
BitDefenderTheta 未发现病毒 20191113
Cyren 未发现病毒 20191118
ESET-NOD32 未发现病毒 20191118
Baidu 未发现病毒 20190318
APEX 未发现病毒 20191116
Paloalto 未发现病毒 20191118
ClamAV 未发现病毒 20191117
Kaspersky 未发现病毒 20191118
BitDefender 未发现病毒 20191118
NANO-Antivirus 未发现病毒 20191118
ViRobot 未发现病毒 20191118
Tencent 未发现病毒 20191118
Ad-Aware 未发现病毒 20191118
Sophos 未发现病毒 20191118
Comodo 未发现病毒 20191118
F-Secure 未发现病毒 20191118
DrWeb 未发现病毒 20191118
VIPRE 未发现病毒 20191118
Invincea 未发现病毒 20190904
McAfee-GW-Edition 未发现病毒 20191118
Fortinet 未发现病毒 20191118
Trapmine 未发现病毒 20190826
FireEye 未发现病毒 20191118
Emsisoft 未发现病毒 20191031
SentinelOne 未发现病毒 20191115
F-Prot 未发现病毒 20191118
Jiangmin 未发现病毒 20191118
Webroot 未发现病毒 20191118
Avira 未发现病毒 20191118
MAX 未发现病毒 20191118
Kingsoft 未发现病毒 20191118
Endgame 未发现病毒 20190918
Microsoft 未发现病毒 20191118
AegisLab 未发现病毒 20191116
ZoneAlarm 未发现病毒 20191118
Avast-Mobile 未发现病毒 20191118
AhnLab-V3 未发现病毒 20191118
Acronis 未发现病毒 20191113
ALYac 未发现病毒 20191118
TACHYON 未发现病毒 20191118
VBA32 未发现病毒 20191116
Cylance 未发现病毒 20191118
Panda 未发现病毒 20191117
Zoner 未发现病毒 20191117
TrendMicro-HouseCall 未发现病毒 20191118
Rising 未发现病毒 20191118
Yandex 未发现病毒 20191114
Ikarus 未发现病毒 20191117
MaxSecure 未发现病毒 20191118
GData 未发现病毒 20191118
AVG 未发现病毒 20191118
Avast 未发现病毒 20191118
Qihoo-360 未发现病毒 20191118

进程树


PsQREdit 2.4.3huajun.exe, PID: 2488, 上一级进程 PID: 2336

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 20.197 seconds )

  • 15.541 Suricata
  • 1.913 Static
  • 1.294 VirusTotal
  • 0.418 peid
  • 0.388 TargetInfo
  • 0.364 NetworkAnalysis
  • 0.154 BehaviorAnalysis
  • 0.107 AnalysisInfo
  • 0.015 Strings
  • 0.003 Memory

Signatures ( 0.216 seconds )

  • 0.036 antiav_detectreg
  • 0.02 md_url_bl
  • 0.016 md_domain_bl
  • 0.015 infostealer_ftp
  • 0.009 infostealer_im
  • 0.008 anomaly_persistence_autorun
  • 0.008 antiav_detectfile
  • 0.008 antianalysis_detectreg
  • 0.007 ransomware_extensions
  • 0.007 ransomware_files
  • 0.006 api_spamming
  • 0.005 stealth_timeout
  • 0.005 infostealer_bitcoin
  • 0.005 infostealer_mail
  • 0.004 stealth_decoy_document
  • 0.003 tinba_behavior
  • 0.003 antivm_vbox_files
  • 0.003 geodo_banking_trojan
  • 0.003 disables_browser_warn
  • 0.003 md_bad_drop
  • 0.002 rat_nanocore
  • 0.002 betabot_behavior
  • 0.002 kibex_behavior
  • 0.002 antidbg_windows
  • 0.002 cerber_behavior
  • 0.002 antivm_parallels_keys
  • 0.002 antivm_xen_keys
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.001 network_tor
  • 0.001 antivm_generic_services
  • 0.001 ursnif_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 shifu_behavior
  • 0.001 anormaly_invoke_kills
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_diskreg
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 darkcomet_regkeys
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 office_security
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_fingerprint
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt
  • 0.001 stealth_modify_security_center_warnings

Reporting ( 1.231 seconds )

  • 0.994 ReportHTMLSummary
  • 0.237 Malheur
Task ID 460577
Mongo ID 5dd253d32f8f2e08fb60a8b7
Cuckoo release 1.4-Maldun