分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2019-11-18 16:37:38 | 2019-11-18 16:38:25 | 47 秒 |
魔盾分数
10.0
危险的
文件详细信息
| 文件名 | erweimajiam.exe |
|---|---|
| 文件大小 | 192512 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | f64032bf0afb3322375288539ad5326b |
| SHA1 | f95f6d9ff845a2f8aeb1fa86274945bea026e313 |
| SHA256 | cfd76ef8c0ff1b41eee4aee9804beb36065f7c06bb3825519d68f860a72cc05b |
| SHA512 | 78ce6ed844f8a85c17a4841ab38a895e03da1ea1c983c0ed00b39977df7fd4ae4a2362b1866559a1a8cdab4c58bdd58f46934ffa6b18ab782863868d4a711bb5 |
| CRC32 | 16531D63 |
| Ssdeep | 768:3BQpm04tAaE78OQ/FBX64w4MuCFVlAgKsRHQpm04tA:y804tAmOWZ66/4jRw804tA |
| Yara | 登录查看Yara规则 |
| 样本下载 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x00401428 |
| 声明校验值 | 0x0003a42c |
| 实际校验值 | 0x0003a42c |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2014-06-26 13:54:10 |
| 载入哈希 | bfb84706c766a60d6dcd9087cdd46cd8 |
版本信息
| Translation | |
|---|---|
| InternalName | |
| FileVersion | |
| CompanyName | |
| ProductName | |
| ProductVersion | |
| OriginalFilename |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x0001b420 | 0x0001c000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 3.62 |
| .data | 0x0001d000 | 0x00001274 | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .rsrc | 0x0001f000 | 0x0001059c | 0x00011000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 2.73 |
导入
库: MSVBVM60.DLL:
• 0x401000 EVENT_SINK_GetIDsOfNames
• 0x401004 _CIcos
• 0x401008 _adj_fptan
• 0x40100c __vbaVarMove
• 0x401010 __vbaStrI4
• 0x401014 __vbaFreeVar
• 0x401018 __vbaLateIdCall
• 0x40101c __vbaEnd
• 0x401020 __vbaFreeVarList
• 0x401024 _adj_fdiv_m64
• 0x401028 EVENT_SINK_Invoke
• 0x40102c __vbaFreeObjList
• 0x401030 __vbaLineInputVar
• 0x401034 _adj_fprem1
• 0x401038 __vbaStrCat
• 0x40103c __vbaSetSystemError
• 0x401040 __vbaHresultCheckObj
• 0x401044 _adj_fdiv_m32
• 0x401048 __vbaAryVar
• 0x40104c Zombie_GetTypeInfo
• 0x401050 __vbaAryDestruct
• 0x401054 None
• 0x401058 None
• 0x40105c __vbaObjSet
• 0x401060 None
• 0x401064 _adj_fdiv_m16i
• 0x401068 __vbaObjSetAddref
• 0x40106c _adj_fdivr_m16i
• 0x401070 _CIsin
• 0x401074 __vbaChkstk
• 0x401078 __vbaFileClose
• 0x40107c EVENT_SINK_AddRef
• 0x401080 __vbaGenerateBoundsError
• 0x401084 __vbaStrCmp
• 0x401088 DllFunctionCall
• 0x40108c __vbaVarLateMemSt
• 0x401090 __vbaCastObjVar
• 0x401094 _adj_fpatan
• 0x401098 __vbaLateIdCallLd
• 0x40109c Zombie_GetTypeInfoCount
• 0x4010a0 EVENT_SINK_Release
• 0x4010a4 None
• 0x4010a8 _CIsqrt
• 0x4010ac EVENT_SINK_QueryInterface
• 0x4010b0 __vbaExceptHandler
• 0x4010b4 None
• 0x4010b8 __vbaPrintFile
• 0x4010bc _adj_fprem
• 0x4010c0 _adj_fdivr_m64
• 0x4010c4 __vbaFPException
• 0x4010c8 None
• 0x4010cc __vbaStrVarVal
• 0x4010d0 _CIlog
• 0x4010d4 __vbaErrorOverflow
• 0x4010d8 __vbaFileOpen
• 0x4010dc __vbaNew2
• 0x4010e0 __vbaR8Str
• 0x4010e4 __vbaVarLateMemCallLdRf
• 0x4010e8 _adj_fdiv_m32i
• 0x4010ec _adj_fdivr_m32i
• 0x4010f0 __vbaFreeStrList
• 0x4010f4 _adj_fdivr_m32
• 0x4010f8 _adj_fdiv_r
• 0x4010fc None
• 0x401100 __vbaVarTstNe
• 0x401104 __vbaVarSetVar
• 0x401108 None
• 0x40110c __vbaVarDup
• 0x401110 __vbaStrToAnsi
• 0x401114 None
• 0x401118 __vbaFpI4
• 0x40111c __vbaR8IntI2
• 0x401120 _CIatan
• 0x401124 __vbaStrMove
• 0x401128 __vbaAryCopy
• 0x40112c _allmul
• 0x401130 _CItan
• 0x401134 __vbaFPInt
• 0x401138 _CIexp
• 0x40113c __vbaFreeObj
• 0x401140 __vbaFreeStr
.text
`.data
.rsrc
MSVBVM60.DLL
Form1
Form1
Form1
Text4
Text4
Text2
Text2
Timer1
Text3
Text3
Frame3
WebBrowser2
SHDocVwCtl.WebBrowser
Text1
Command1
Frame1
Frame4
Label2
WebBrowser1
SHDocVwCtl.WebBrowser
Command3
Frame2
Frame5
Frame5
WebBrowser3
SHDocVwCtl.WebBrowser
Label6
Label5
Label3
Label1
admin123
Label4
VB5!6&vb6chs.dll
ReadyState
ieframe.dll
SHDocVwCtl.WebBrowser
WebBrowser
Form1
Module1
Form2
WebBrowser1
C:\Windows\SysWOW64\ieframe.oca
SHDocVwCtl
Label2
g:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Frame4
WebBrowser2
WebBrowser3
Text1
M_Dom
C:\Windows\SysWow64\mshtml.tlb
MSHTML
Timer1
Text4
Text2
Frame3
Label1
Label3
Text3
Frame1
Label4
Label5
Label6
Frame2
Command1
Command3
Frame5
urlmon
URLDownloadToFileA
kernel32
GetPrivateProfileStringA
WritePrivateProfileStringA
user32
SetWindowPos
M_Dom_oncontextmenu
SkinH.dll
SkinH_SetAero
SkinH_Attach
SkinH_AttachEx
VBA6.DLL
__vbaPrintFile
__vbaFileClose
__vbaVarLateMemCallLdRf
__vbaVarLateMemSt
__vbaStrI4
__vbaErrorOverflow
__vbaR8IntI2
__vbaAryDestruct
__vbaVarSetVar
__vbaLateIdCall
__vbaSetSystemError
__vbaStrToAnsi
__vbaR8Str
__vbaFreeStrList
__vbaGenerateBoundsError
__vbaStrVarVal
__vbaAryVar
__vbaAryCopy
__vbaLineInputVar
__vbaStrMove
__vbaFileOpen
__vbaFPInt
__vbaFpI4
__vbaVarDup
__vbaHresultCheckObj
__vbaVarMove
__vbaFreeVarList
__vbaStrCat
__vbaFreeStr
__vbaStrCmp
__vbaEnd
__vbaFreeObj
__vbaObjSetAddref
__vbaNew2
__vbaFreeVar
__vbaFreeObjList
__vbaLateIdCallLd
__vbaCastObjVar
__vbaObjSet
__vbaVarTstNe
Form2
{XXX_
pUUUV
kUUS^
rSNNO
~~~~kNNK]
~~~~ttttrNHKI
~~~tttpppYKHE\
utppppnnnN889
xpppnnnnYH55g
wnnkkYYkN44:
okkYYYYXE42j
oYYYXXXU523
yXXXXUXN20Q
zUUUUUS4/1
_UUSSSN0-?
aSSNNN5,+
dSNNNN0*>
aOHHK5+.
eebPEHE-)
ebP8E6*=
cbP882&
h^P58,<
a]A78
b]]V:4K
b`]\\\N42q
|_\\VVV?20
{\VVTTQ4.J
{WTTTQN0(u
yTTQQN:&'
yXQNAA2"H
}}lOAA?:(#
wwjR??::!$
pF."+
3=87:
Form2
Text3
Text3
Command1
Label2
Label1
Ph\-A
jXh|-A
jPh|-A
jPh|-A
jPh|-A
jPh|-A
jXh|-A
jPh|-A
jPh|-A
jPh|-A
jXh|-A
jTh<3A
jPh|-A
MSVBVM60.DLL
EVENT_SINK_GetIDsOfNames
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
__vbaLateIdCall
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaFreeObjList
__vbaLineInputVar
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
DllFunctionCall
__vbaVarLateMemSt
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaR8Str
__vbaVarLateMemCallLdRf
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaVarSetVar
__vbaVarDup
__vbaStrToAnsi
__vbaFpI4
__vbaR8IntI2
_CIatan
__vbaStrMove
__vbaAryCopy
_allmul
_CItan
__vbaFPInt
_CIexp
__vbaFreeObj
__vbaFreeStr
http:///
http:///
http:///
******
\TOMCTML32.OCX.exe
\time.ini
/BaiSeJianYue.she
http://www.9g99.com/9g99ewmdj/
http://www.9g99.com/
Scroll
\Csrsrv.OCX.exe
http://www.gucaifang.com/shengji/cftyfzhq/sj.exe
\name.ini
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
080404B0
CompanyName
kusoman.com
ProductName
FileVersion
2014.06.0026
ProductVersion
2014.06.0026
InternalName
OriginalFilename
| 防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
|---|---|---|
| Bkav | 未发现病毒 | 20180906 |
| MicroWorld-eScan | 未发现病毒 | 20180910 |
| CMC | 未发现病毒 | 20180910 |
| CAT-QuickHeal | 未发现病毒 | 20180909 |
| McAfee | RDN/Generic Downloader.x | 20180910 |
| Malwarebytes | 未发现病毒 | 20180910 |
| VIPRE | Trojan.Win32.Generic!BT | 20180910 |
| SUPERAntiSpyware | 未发现病毒 | 20180907 |
| TheHacker | 未发现病毒 | 20180907 |
| K7GW | 未发现病毒 | 20180910 |
| K7AntiVirus | 未发现病毒 | 20180910 |
| Invincea | heuristic | 20180717 |
| Baidu | Win32.Trojan-Downloader.VB.ca | 20180910 |
| Babable | 未发现病毒 | 20180907 |
| F-Prot | 未发现病毒 | 20180910 |
| Symantec | Trojan.Gen.2 | 20180910 |
| TotalDefense | 未发现病毒 | 20180910 |
| TrendMicro-HouseCall | TROJ_GEN.R029C0OEG18 | 20180910 |
| Avast | Win32:Malware-gen | 20180910 |
| ClamAV | 未发现病毒 | 20180910 |
| GData | Win32.Trojan.Agent.JIJNJV | 20180910 |
| Kaspersky | UDS:DangerousObject.Multi.Generic | 20180910 |
| BitDefender | 未发现病毒 | 20180910 |
| NANO-Antivirus | Trojan.Win32.VB.dukxqj | 20180910 |
| Paloalto | generic.ml | 20180910 |
| AegisLab | Trojan.Multi.Generic.4!c | 20180910 |
| Tencent | 未发现病毒 | 20180910 |
| Ad-Aware | 未发现病毒 | 20180910 |
| Sophos | Mal/Generic-S | 20180910 |
| Comodo | 未发现病毒 | 20180910 |
| F-Secure | 未发现病毒 | 20180910 |
| DrWeb | 未发现病毒 | 20180910 |
| Zillya | 未发现病毒 | 20180908 |
| TrendMicro | TROJ_GEN.R029C0OEG18 | 20180910 |
| McAfee-GW-Edition | BehavesLike.Win32.Autorun.cz | 20180910 |
| Emsisoft | 未发现病毒 | 20180910 |
| SentinelOne | 未发现病毒 | 20180830 |
| Cyren | W32/Trojan.NYXT-9373 | 20180910 |
| Jiangmin | 未发现病毒 | 20180910 |
| Webroot | 未发现病毒 | 20180910 |
| Avira | 未发现病毒 | 20180910 |
| Antiy-AVL | 未发现病毒 | 20180910 |
| Kingsoft | 未发现病毒 | 20180910 |
| Endgame | 未发现病毒 | 20180730 |
| Arcabit | 未发现病毒 | 20180910 |
| ViRobot | 未发现病毒 | 20180910 |
| ZoneAlarm | UDS:DangerousObject.Multi.Generic | 20180910 |
| Avast-Mobile | 未发现病毒 | 20180910 |
| Microsoft | Trojan:Win32/Skeeyah.A!bit | 20180910 |
| TACHYON | 未发现病毒 | 20180910 |
| AhnLab-V3 | 未发现病毒 | 20180910 |
| ALYac | 未发现病毒 | 20180910 |
| AVware | Trojan.Win32.Generic!BT | 20180910 |
| MAX | 未发现病毒 | 20180910 |
| VBA32 | 未发现病毒 | 20180907 |
| Cylance | Unsafe | 20180910 |
| Zoner | 未发现病毒 | 20180910 |
| ESET-NOD32 | Win32/TrojanDownloader.VB.QNG | 20180910 |
| Rising | Downloader.VB!8.1EB (CLOUD) | 20180910 |
| Yandex | 未发现病毒 | 20180908 |
| Ikarus | Trojan-Downloader.Win32.VB | 20180910 |
| eGambit | 未发现病毒 | 20180910 |
| Fortinet | W32/VB.QNG!tr | 20180910 |
| AVG | Win32:Malware-gen | 20180910 |
| Cybereason | 未发现病毒 | 20180225 |
| Panda | Trj/CI.A | 20180910 |
| CrowdStrike | malicious_confidence_60% (W) | 20180723 |
| Qihoo-360 | 未发现病毒 | 20180910 |
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 20.516 seconds )
- 15.497 Suricata
- 1.553 VirusTotal
- 1.179 Static
- 1.09 BehaviorAnalysis
- 0.414 peid
- 0.364 TargetInfo
- 0.351 NetworkAnalysis
- 0.051 AnalysisInfo
- 0.014 Strings
- 0.003 Memory
Signatures ( 0.807 seconds )
- 0.148 antiav_detectreg
- 0.055 api_spamming
- 0.055 infostealer_ftp
- 0.046 stealth_timeout
- 0.042 stealth_decoy_document
- 0.031 stealth_file
- 0.031 antianalysis_detectreg
- 0.031 infostealer_im
- 0.024 antivm_generic_scsi
- 0.019 md_url_bl
- 0.018 infostealer_mail
- 0.017 antivm_generic_services
- 0.016 anormaly_invoke_kills
- 0.016 md_domain_bl
- 0.015 antiav_detectfile
- 0.011 ransomware_extensions
- 0.01 infostealer_bitcoin
- 0.009 anomaly_persistence_autorun
- 0.009 ransomware_files
- 0.008 mimics_filetime
- 0.008 kibex_behavior
- 0.007 betabot_behavior
- 0.007 antidbg_windows
- 0.007 antivm_parallels_keys
- 0.007 antivm_xen_keys
- 0.007 geodo_banking_trojan
- 0.007 darkcomet_regkeys
- 0.006 antivm_vbox_files
- 0.005 bootkit
- 0.005 reads_self
- 0.005 virus
- 0.005 antivm_generic_diskreg
- 0.004 antiemu_wine_func
- 0.004 dridex_behavior
- 0.004 antivm_generic_disk
- 0.004 infostealer_browser_password
- 0.004 kovter_behavior
- 0.004 disables_browser_warn
- 0.004 recon_fingerprint
- 0.003 tinba_behavior
- 0.003 rat_nanocore
- 0.003 maldun_anomaly_massive_file_ops
- 0.003 heapspray_js
- 0.003 antisandbox_productid
- 0.003 packer_armadillo_regkey
- 0.002 network_tor
- 0.002 antivm_vbox_libs
- 0.002 virtualcheck_js
- 0.002 shifu_behavior
- 0.002 cerber_behavior
- 0.002 hancitor_behavior
- 0.002 bypass_firewall
- 0.002 antidbg_devices
- 0.002 antivm_xen_keys
- 0.002 antivm_hyperv_keys
- 0.002 antivm_vbox_acpi
- 0.002 antivm_vbox_keys
- 0.002 antivm_vmware_keys
- 0.002 antivm_vpc_keys
- 0.002 browser_security
- 0.002 modify_proxy
- 0.002 maldun_anormaly_invoke_vb_vba
- 0.002 md_bad_drop
- 0.002 rat_pcclient
- 0.001 hawkeye_behavior
- 0.001 antiav_avast_libs
- 0.001 maldun_malicious_write_executeable_under_temp_to_regrun
- 0.001 maldun_anomaly_write_exe_and_obsfucate_extension
- 0.001 injection_createremotethread
- 0.001 antivm_vbox_window
- 0.001 sets_autoconfig_url
- 0.001 ursnif_behavior
- 0.001 kazybot_behavior
- 0.001 antisandbox_sunbelt_libs
- 0.001 antisandbox_sboxie_libs
- 0.001 antiav_bitdefender_libs
- 0.001 maldun_anomaly_write_exe_and_dll_under_winroot_run
- 0.001 exec_crash
- 0.001 antisandbox_script_timer
- 0.001 silverlight_js
- 0.001 antianalysis_detectfile
- 0.001 antivm_generic_bios
- 0.001 antivm_generic_cpu
- 0.001 antivm_generic_system
- 0.001 antivm_vmware_files
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 codelux_behavior
- 0.001 maldun_malicious_drop_executable_file_to_temp_folder
- 0.001 malicous_targeted_flame
- 0.001 office_security
- 0.001 rat_spynet
- 0.001 recon_programs
- 0.001 stealth_hiddenreg
- 0.001 stealth_hide_notifications
- 0.001 stealth_modify_uac_prompt
Reporting ( 1.09 seconds )
- 0.775 ReportHTMLSummary
- 0.315 Malheur
| Task ID | 460599 |
|---|---|
| Mongo ID | 5dd2589e2f8f2e08ed60a8e2 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号