分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2019-11-18 19:45:28 | 2019-11-18 19:47:44 | 136 秒 |
魔盾分数
3.1
可疑的
文件详细信息
| 文件名 | LOL小助手.exe |
|---|---|
| 文件大小 | 749568 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | af8b8da6746b71bf18a86f0e96e1fb60 |
| SHA1 | 74f2c58a68212e797ca00db88d4e5f2a4159a29d |
| SHA256 | a0763919f180ae169dad2ce32c6bc81a65cd406c7d8c265e82b9796ca7e6a71d |
| SHA512 | 4585145e0a28fb26d88b852f9adff4502cacf0480d02a513d5bda4f75e29323e5da748d0d50d584bfeacc4a2dfefa2e678415496a11407608c8ddbc499a1c7e0 |
| CRC32 | 0C1BE02E |
| Ssdeep | 12288:X3cysmQDOj9y74r7GnwFJBuYxoYqOxAosVWOFjnY:X3mSBy0r7AovpxoYfxAoiWORY |
| Yara | 登录查看Yara规则 |
| 样本下载 提交漏报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x004685f1 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x000c3ee5 |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2019-11-18 19:32:24 |
| 载入哈希 | 2ff7816690b9e6aa230bc2ed10f14431 |
版本信息
| LegalCopyright | |
|---|---|
| FileVersion | |
| CompanyName | |
| Comments | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00086fae | 0x00087000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.57 |
| .rdata | 0x00088000 | 0x000163a6 | 0x00017000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.42 |
| .data | 0x0009f000 | 0x0002dc48 | 0x00012000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 5.11 |
| .rsrc | 0x000cd000 | 0x00005b18 | 0x00006000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.77 |
导入
库: KERNEL32.dll:
• 0x48817c GlobalLock
• 0x488180 GlobalAlloc
• 0x488184 Sleep
• 0x488188 SetEndOfFile
• 0x48818c UnlockFile
• 0x488190 LockFile
• 0x488194 FlushFileBuffers
• 0x488198 SetFilePointer
• 0x48819c GetCurrentProcess
• 0x4881a0 DuplicateHandle
• 0x4881a4 lstrcpynA
• 0x4881a8 SetLastError
• 0x4881ac FileTimeToLocalFileTime
• 0x4881b0 FileTimeToSystemTime
• 0x4881b4 SetStdHandle
• 0x4881b8 GlobalUnlock
• 0x4881bc IsBadCodePtr
• 0x4881c0 IsBadReadPtr
• 0x4881c4 CompareStringW
• 0x4881c8 CompareStringA
• 0x4881cc SetUnhandledExceptionFilter
• 0x4881d0 GetStringTypeW
• 0x4881d4 GetStringTypeA
• 0x4881d8 IsBadWritePtr
• 0x4881dc VirtualAlloc
• 0x4881e0 LCMapStringW
• 0x4881e4 LCMapStringA
• 0x4881e8 SetEnvironmentVariableA
• 0x4881ec VirtualFree
• 0x4881f0 HeapCreate
• 0x4881f4 HeapDestroy
• 0x4881f8 GetEnvironmentVariableA
• 0x4881fc GetFileType
• 0x488200 GetStdHandle
• 0x488204 SetHandleCount
• 0x488208 GetEnvironmentStringsW
• 0x48820c GetEnvironmentStrings
• 0x488210 FreeEnvironmentStringsW
• 0x488214 FreeEnvironmentStringsA
• 0x488218 UnhandledExceptionFilter
• 0x48821c GetACP
• 0x488220 HeapSize
• 0x488224 TerminateProcess
• 0x488228 GetLocalTime
• 0x48822c GetSystemTime
• 0x488230 GetTimeZoneInformation
• 0x488234 LocalFree
• 0x488238 MultiByteToWideChar
• 0x48823c WideCharToMultiByte
• 0x488240 InterlockedDecrement
• 0x488244 CreateSemaphoreA
• 0x488248 ResumeThread
• 0x48824c ReleaseSemaphore
• 0x488250 EnterCriticalSection
• 0x488254 LeaveCriticalSection
• 0x488258 GetProfileStringA
• 0x48825c WriteFile
• 0x488260 WaitForMultipleObjects
• 0x488264 CreateFileA
• 0x488268 SetEvent
• 0x48826c FindResourceA
• 0x488270 LoadResource
• 0x488274 LockResource
• 0x488278 ReadFile
• 0x48827c GetModuleFileNameA
• 0x488280 GetCurrentThreadId
• 0x488284 ExitProcess
• 0x488288 GlobalSize
• 0x48828c GlobalFree
• 0x488290 DeleteCriticalSection
• 0x488294 InitializeCriticalSection
• 0x488298 lstrcatA
• 0x48829c lstrlenA
• 0x4882a0 WinExec
• 0x4882a4 lstrcpyA
• 0x4882a8 FindNextFileA
• 0x4882ac GlobalReAlloc
• 0x4882b0 HeapFree
• 0x4882b4 HeapReAlloc
• 0x4882b8 GetProcessHeap
• 0x4882bc HeapAlloc
• 0x4882c0 GetFullPathNameA
• 0x4882c4 FreeLibrary
• 0x4882c8 LoadLibraryA
• 0x4882cc GetLastError
• 0x4882d0 GetVersionExA
• 0x4882d4 WritePrivateProfileStringA
• 0x4882d8 CreateThread
• 0x4882dc CreateEventA
• 0x4882e0 RaiseException
• 0x4882e4 RtlUnwind
• 0x4882e8 GetStartupInfoA
• 0x4882ec GetOEMCP
• 0x4882f0 GetCPInfo
• 0x4882f4 GetProcessVersion
• 0x4882f8 SetErrorMode
• 0x4882fc GlobalFlags
• 0x488300 GetCurrentThread
• 0x488304 GetFileTime
• 0x488308 GetFileSize
• 0x48830c TlsGetValue
• 0x488310 LocalReAlloc
• 0x488314 TlsSetValue
• 0x488318 TlsFree
• 0x48831c GlobalHandle
• 0x488320 FindFirstFileA
• 0x488324 FindClose
• 0x488328 GetFileAttributesA
• 0x48832c TlsAlloc
• 0x488330 LocalAlloc
• 0x488334 lstrcmpA
• 0x488338 GetVersion
• 0x48833c GlobalGetAtomNameA
• 0x488340 GlobalAddAtomA
• 0x488344 GlobalFindAtomA
• 0x488348 GlobalDeleteAtom
• 0x48834c lstrcmpiA
• 0x488350 SetCurrentDirectoryA
• 0x488354 GetVolumeInformationA
• 0x488358 GetModuleHandleA
• 0x48835c GetProcAddress
• 0x488360 MulDiv
• 0x488364 GetCommandLineA
• 0x488368 GetTickCount
• 0x48836c WaitForSingleObject
• 0x488370 CloseHandle
• 0x488374 InterlockedIncrement
库: USER32.dll:
• 0x488398 OpenClipboard
• 0x48839c SetClipboardData
• 0x4883a0 EmptyClipboard
• 0x4883a4 GetSystemMetrics
• 0x4883a8 GetCursorPos
• 0x4883ac MessageBoxA
• 0x4883b0 SetWindowPos
• 0x4883b4 SendMessageA
• 0x4883b8 DestroyCursor
• 0x4883bc SetParent
• 0x4883c0 GetClipboardData
• 0x4883c4 PostMessageA
• 0x4883c8 GetTopWindow
• 0x4883cc GetParent
• 0x4883d0 CloseClipboard
• 0x4883d4 wsprintfA
• 0x4883d8 GetFocus
• 0x4883dc GetClientRect
• 0x4883e0 InvalidateRect
• 0x4883e4 ValidateRect
• 0x4883e8 UpdateWindow
• 0x4883ec EqualRect
• 0x4883f0 GetWindowRect
• 0x4883f4 SetForegroundWindow
• 0x4883f8 IsWindow
• 0x4883fc RegisterClassA
• 0x488400 DestroyMenu
• 0x488404 IsChild
• 0x488408 ReleaseDC
• 0x48840c IsRectEmpty
• 0x488410 FillRect
• 0x488414 GetDC
• 0x488418 SetCursor
• 0x48841c LoadCursorA
• 0x488420 SetCursorPos
• 0x488424 SetActiveWindow
• 0x488428 GetSysColor
• 0x48842c SetWindowLongA
• 0x488430 GetWindowLongA
• 0x488434 RedrawWindow
• 0x488438 EnableWindow
• 0x48843c IsWindowVisible
• 0x488440 OffsetRect
• 0x488444 PtInRect
• 0x488448 DestroyIcon
• 0x48844c IntersectRect
• 0x488450 InflateRect
• 0x488454 SetRect
• 0x488458 SetScrollPos
• 0x48845c SetScrollRange
• 0x488460 GetScrollRange
• 0x488464 SetCapture
• 0x488468 LoadIconA
• 0x48846c TranslateMessage
• 0x488470 DrawFrameControl
• 0x488474 DrawEdge
• 0x488478 DrawFocusRect
• 0x48847c WindowFromPoint
• 0x488480 GetMessageA
• 0x488484 DispatchMessageA
• 0x488488 SetRectEmpty
• 0x48848c RegisterClipboardFormatA
• 0x488490 CreateIconFromResourceEx
• 0x488494 CreateIconFromResource
• 0x488498 DrawIconEx
• 0x48849c CreatePopupMenu
• 0x4884a0 AppendMenuA
• 0x4884a4 ModifyMenuA
• 0x4884a8 CreateMenu
• 0x4884ac CreateAcceleratorTableA
• 0x4884b0 GetDlgCtrlID
• 0x4884b4 GetSubMenu
• 0x4884b8 EnableMenuItem
• 0x4884bc ClientToScreen
• 0x4884c0 EnumDisplaySettingsA
• 0x4884c4 LoadImageA
• 0x4884c8 SystemParametersInfoA
• 0x4884cc ShowWindow
• 0x4884d0 IsWindowEnabled
• 0x4884d4 TranslateAcceleratorA
• 0x4884d8 GetKeyState
• 0x4884dc CopyAcceleratorTableA
• 0x4884e0 PostQuitMessage
• 0x4884e4 IsZoomed
• 0x4884e8 GetClassInfoA
• 0x4884ec DefWindowProcA
• 0x4884f0 GetSystemMenu
• 0x4884f4 DeleteMenu
• 0x4884f8 GetMenu
• 0x4884fc SetMenu
• 0x488500 PeekMessageA
• 0x488504 GetWindowTextA
• 0x488508 GetWindowTextLengthA
• 0x48850c CharUpperA
• 0x488510 GetWindowDC
• 0x488514 BeginPaint
• 0x488518 EndPaint
• 0x48851c TabbedTextOutA
• 0x488520 DrawTextA
• 0x488524 GrayStringA
• 0x488528 GetDlgItem
• 0x48852c DestroyWindow
• 0x488530 CreateDialogIndirectParamA
• 0x488534 EndDialog
• 0x488538 GetNextDlgTabItem
• 0x48853c GetWindowPlacement
• 0x488540 RegisterWindowMessageA
• 0x488544 GetForegroundWindow
• 0x488548 GetLastActivePopup
• 0x48854c GetMessageTime
• 0x488550 RemovePropA
• 0x488554 CallWindowProcA
• 0x488558 GetPropA
• 0x48855c UnhookWindowsHookEx
• 0x488560 SetPropA
• 0x488564 GetClassLongA
• 0x488568 CallNextHookEx
• 0x48856c SetWindowsHookExA
• 0x488570 CreateWindowExA
• 0x488574 GetMenuItemID
• 0x488578 GetMenuItemCount
• 0x48857c UnregisterClassA
• 0x488580 GetScrollPos
• 0x488584 AdjustWindowRectEx
• 0x488588 MapWindowPoints
• 0x48858c SendDlgItemMessageA
• 0x488590 ScrollWindowEx
• 0x488594 IsDialogMessageA
• 0x488598 SetWindowTextA
• 0x48859c MoveWindow
• 0x4885a0 CheckMenuItem
• 0x4885a4 SetMenuItemBitmaps
• 0x4885a8 GetMenuState
• 0x4885ac GetMenuCheckMarkDimensions
• 0x4885b0 GetClassNameA
• 0x4885b4 GetDesktopWindow
• 0x4885b8 LoadStringA
• 0x4885bc GetSysColorBrush
• 0x4885c0 IsIconic
• 0x4885c4 SetFocus
• 0x4885c8 GetActiveWindow
• 0x4885cc GetWindow
• 0x4885d0 DestroyAcceleratorTable
• 0x4885d4 SetWindowRgn
• 0x4885d8 GetMessagePos
• 0x4885dc ScreenToClient
• 0x4885e0 ChildWindowFromPointEx
• 0x4885e4 CopyRect
• 0x4885e8 LoadBitmapA
• 0x4885ec WinHelpA
• 0x4885f0 KillTimer
• 0x4885f4 SetTimer
• 0x4885f8 ReleaseCapture
• 0x4885fc GetCapture
库: GDI32.dll:
• 0x488030 SetWindowExtEx
• 0x488034 SetBkColor
• 0x488038 CreateRectRgnIndirect
• 0x48803c SetStretchBltMode
• 0x488040 GetClipRgn
• 0x488044 CreatePolygonRgn
• 0x488048 SelectClipRgn
• 0x48804c DeleteObject
• 0x488050 CreateDIBitmap
• 0x488054 GetSystemPaletteEntries
• 0x488058 CreatePalette
• 0x48805c StretchBlt
• 0x488060 SelectPalette
• 0x488064 RealizePalette
• 0x488068 GetDIBits
• 0x48806c GetWindowExtEx
• 0x488070 GetViewportOrgEx
• 0x488074 GetWindowOrgEx
• 0x488078 BeginPath
• 0x48807c EndPath
• 0x488080 PathToRegion
• 0x488084 CreateEllipticRgn
• 0x488088 CreateRoundRectRgn
• 0x48808c GetTextColor
• 0x488090 GetBkMode
• 0x488094 GetBkColor
• 0x488098 GetROP2
• 0x48809c GetStretchBltMode
• 0x4880a0 GetPolyFillMode
• 0x4880a4 CreateCompatibleBitmap
• 0x4880a8 CreateDCA
• 0x4880ac CreateBitmap
• 0x4880b0 SelectObject
• 0x4880b4 GetObjectA
• 0x4880b8 CreatePen
• 0x4880bc PatBlt
• 0x4880c0 CombineRgn
• 0x4880c4 CreateRectRgn
• 0x4880c8 FillRgn
• 0x4880cc CreateSolidBrush
• 0x4880d0 GetStockObject
• 0x4880d4 CreateFontIndirectA
• 0x4880d8 EndPage
• 0x4880dc EndDoc
• 0x4880e0 DeleteDC
• 0x4880e4 StartDocA
• 0x4880e8 StartPage
• 0x4880ec BitBlt
• 0x4880f0 CreateCompatibleDC
• 0x4880f4 Ellipse
• 0x4880f8 Rectangle
• 0x4880fc LPtoDP
• 0x488100 DPtoLP
• 0x488104 GetCurrentObject
• 0x488108 RoundRect
• 0x48810c GetTextExtentPoint32A
• 0x488110 GetDeviceCaps
• 0x488114 SaveDC
• 0x488118 RestoreDC
• 0x48811c SetBkMode
• 0x488120 SetPolyFillMode
• 0x488124 SetROP2
• 0x488128 SetTextColor
• 0x48812c SetMapMode
• 0x488130 SetViewportOrgEx
• 0x488134 OffsetViewportOrgEx
• 0x488138 SetViewportExtEx
• 0x48813c ScaleViewportExtEx
• 0x488140 SetWindowOrgEx
• 0x488144 ScaleWindowExtEx
• 0x488148 GetClipBox
• 0x48814c ExcludeClipRect
• 0x488150 GetTextMetricsA
• 0x488154 Escape
• 0x488158 ExtTextOutA
• 0x48815c TextOutA
• 0x488160 RectVisible
• 0x488164 PtVisible
• 0x488168 GetViewportExtEx
• 0x48816c ExtSelectClipRgn
• 0x488170 LineTo
• 0x488174 MoveToEx
库: WINMM.dll:
• 0x488604 midiStreamRestart
• 0x488608 midiStreamClose
• 0x48860c midiOutReset
• 0x488610 midiStreamStop
• 0x488614 midiStreamOut
• 0x488618 midiOutPrepareHeader
• 0x48861c midiStreamProperty
• 0x488620 midiStreamOpen
• 0x488624 midiOutUnprepareHeader
• 0x488628 waveOutOpen
• 0x48862c waveOutGetNumDevs
• 0x488630 waveOutClose
• 0x488634 waveOutReset
• 0x488638 waveOutPause
• 0x48863c waveOutWrite
• 0x488640 waveOutPrepareHeader
• 0x488644 waveOutUnprepareHeader
库: ADVAPI32.dll:
• 0x488000 RegCreateKeyExA
• 0x488004 RegCloseKey
• 0x488008 RegOpenKeyExA
• 0x48800c RegSetValueExA
• 0x488010 RegQueryValueA
库: COMCTL32.dll:
• 0x488018 ImageList_Read
• 0x48801c ImageList_Destroy
• 0x488020 None
• 0x488024 ImageList_GetIcon
• 0x488028 ImageList_Duplicate
库: WS2_32.dll:
• 0x48865c recv
• 0x488660 getpeername
• 0x488664 accept
• 0x488668 ioctlsocket
• 0x48866c recvfrom
• 0x488670 WSAAsyncSelect
• 0x488674 closesocket
• 0x488678 inet_ntoa
• 0x48867c WSACleanup
库: comdlg32.dll:
• 0x488684 ChooseColorA
• 0x488688 GetSaveFileNameA
• 0x48868c GetOpenFileNameA
• 0x488690 GetFileTitleA
.text
`.rdata
@.data
.rsrc
VWQPh(
8`}<j
RQPhL,J
L$@hT,J
T$hVj
T$HhX,J
T$th
DRQPhd,J
|$`Vj
T$|h|,J
D$|hx,J
DRQPhd,J
|$|Vj
T$\Vj
D$@Sj
L$8h
D$8Rj
l$<VWj
tEhD.J
PWh0/J
L$TQVShd/J
T$TQRPh@/J
QVPhd/J
jjjjh
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 22.94 seconds )
- 15.538 Suricata
- 3.705 Static
- 1.354 VirusTotal
- 0.94 BehaviorAnalysis
- 0.475 TargetInfo
- 0.425 peid
- 0.356 NetworkAnalysis
- 0.127 AnalysisInfo
- 0.015 Strings
- 0.003 Memory
- 0.002 config_decoder
Signatures ( 0.552 seconds )
- 0.06 process_interest
- 0.058 api_spamming
- 0.055 injection_createremotethread
- 0.045 stealth_timeout
- 0.039 vawtrak_behavior
- 0.038 injection_runpe
- 0.036 stealth_decoy_document
- 0.029 antiav_detectreg
- 0.026 process_needed
- 0.019 md_url_bl
- 0.016 md_domain_bl
- 0.012 infostealer_ftp
- 0.01 ransomware_files
- 0.009 ransomware_extensions
- 0.007 anomaly_persistence_autorun
- 0.007 antiav_detectfile
- 0.007 infostealer_im
- 0.006 antianalysis_detectreg
- 0.005 infostealer_bitcoin
- 0.004 infostealer_mail
- 0.003 tinba_behavior
- 0.003 antidbg_windows
- 0.003 antivm_vbox_files
- 0.003 geodo_banking_trojan
- 0.003 disables_browser_warn
- 0.002 rat_nanocore
- 0.002 mimics_filetime
- 0.002 betabot_behavior
- 0.002 reads_self
- 0.002 cerber_behavior
- 0.002 bot_drive
- 0.002 browser_security
- 0.002 modify_proxy
- 0.002 md_bad_drop
- 0.002 stealth_modify_uac_prompt
- 0.001 bootkit
- 0.001 stealth_file
- 0.001 ursnif_behavior
- 0.001 kibex_behavior
- 0.001 antivm_generic_scsi
- 0.001 shifu_behavior
- 0.001 antivm_generic_disk
- 0.001 virus
- 0.001 hancitor_behavior
- 0.001 antianalysis_detectfile
- 0.001 antidbg_devices
- 0.001 antivm_generic_diskreg
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 darkcomet_regkeys
- 0.001 maldun_malicious_drop_executable_file_to_temp_folder
- 0.001 office_security
- 0.001 ransomware_radamant
- 0.001 rat_pcclient
- 0.001 rat_spynet
- 0.001 recon_fingerprint
- 0.001 stealth_hiddenreg
- 0.001 stealth_hide_notifications
- 0.001 stealth_modify_security_center_warnings
Reporting ( 1.197 seconds )
- 0.92 ReportHTMLSummary
- 0.277 Malheur
| Task ID | 460711 |
|---|---|
| Mongo ID | 5dd285052f8f2e08ee60a94a |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号