分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2019-12-12 23:18:52 2019-12-12 23:21:12 140 秒

魔盾分数

3.5

可疑的

文件详细信息

文件名 逐鹿人win10.exe
文件大小 4694016 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 cab3fc02c31a5db33f59b3e8914770ab
SHA1 8b9a4102fb1f5906a2e690842e2e66a259dc65af
SHA256 ff6e606b9250c6622d1c4fa24767a7e69226481008e8fa2a70c5056d4636a666
SHA512 6908ed3745c83a3cc03b2e92f04822c41e955a0d9d145fb8f27714f06a0f0003d665d07511911fd678ecc4a61bca0cc7e8afcb1af8ca40044a03ff2a043b06b1
CRC32 D87F1E50
Ssdeep 49152:FZVexYM3kP45R4ZCR/jSuQaNjQJCUXQuzRfV0kW+QujY22RNi6x:vbP47k41NjiC18pW+Bj6Pi6
Yara 登录查看Yara规则
样本下载 提交漏报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004b0e91
声明校验值 0x00000000
实际校验值 0x00488d29
最低操作系统版本要求 4.0
编译时间 2019-12-12 23:15:15
载入哈希 30b6fef5b0e5ab5712ce50365b73d0c0

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000c399a 0x000c4000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.16
.rdata 0x000c5000 0x000124b4 0x00013000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.79
.data 0x000d8000 0x003aba24 0x00391000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.25
.rsrc 0x00484000 0x00010c88 0x00011000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2.64

导入

库: KERNEL32.dll:
0x4c50c8 LoadLibraryA
0x4c50cc FreeLibrary
0x4c50d0 GetCommandLineA
0x4c50d4 FormatMessageA
0x4c50d8 GetUserDefaultLCID
0x4c50dc GetFileSize
0x4c50e0 ReadFile
0x4c50e4 LCMapStringA
0x4c50e8 FindFirstFileA
0x4c50ec RemoveDirectoryA
0x4c50f0 DeleteFileA
0x4c50f4 FindNextFileA
0x4c50f8 FindClose
0x4c50fc Sleep
0x4c5100 GetTickCount
0x4c5104 GetStartupInfoA
0x4c5108 CreateProcessA
0x4c510c WaitForSingleObject
0x4c5110 SetFileAttributesA
0x4c5114 WriteFile
0x4c5118 GetModuleFileNameA
0x4c5120 IsBadReadPtr
0x4c5124 HeapReAlloc
0x4c5128 HeapAlloc
0x4c512c ExitProcess
0x4c5130 GetLastError
0x4c5134 CreateFileA
0x4c5138 DeviceIoControl
0x4c513c LocalSize
0x4c5140 GlobalSize
0x4c5144 lstrlenW
0x4c5148 RtlMoveMemory
0x4c514c MapViewOfFile
0x4c5150 OpenFileMappingA
0x4c5154 FreeResource
0x4c5158 SizeofResource
0x4c515c LockResource
0x4c5160 LoadResource
0x4c5164 FindResourceA
0x4c5168 GetNativeSystemInfo
0x4c516c GetProcessHeap
0x4c5170 CreateThread
0x4c5174 GetModuleHandleA
0x4c5178 Module32First
0x4c517c MoveFileA
0x4c5180 CreateDirectoryA
0x4c5184 IsWow64Process
0x4c5188 Process32Next
0x4c518c Process32First
0x4c5194 GetModuleHandleW
0x4c5198 CloseHandle
0x4c519c SetWaitableTimer
0x4c51a4 HeapFree
0x4c51a8 GlobalFree
0x4c51ac GlobalUnlock
0x4c51b0 GlobalLock
0x4c51b4 GlobalAlloc
0x4c51b8 MultiByteToWideChar
0x4c51bc WideCharToMultiByte
0x4c51c0 SetStdHandle
0x4c51c4 IsBadCodePtr
0x4c51c8 GetStringTypeW
0x4c51cc GetStringTypeA
0x4c51d4 LCMapStringW
0x4c51d8 IsBadWritePtr
0x4c51dc HeapCreate
0x4c51e0 HeapDestroy
0x4c51e8 GetFileType
0x4c51ec GetStdHandle
0x4c51f0 SetHandleCount
0x4c5208 GetACP
0x4c520c HeapSize
0x4c5210 RaiseException
0x4c5214 TerminateProcess
0x4c5218 RtlUnwind
0x4c521c GetOEMCP
0x4c5220 GetCPInfo
0x4c5224 FlushFileBuffers
0x4c5228 SetFilePointer
0x4c522c SetErrorMode
0x4c5230 GetProcessVersion
0x4c5234 GetVersion
0x4c5238 GlobalGetAtomNameA
0x4c523c GlobalAddAtomA
0x4c5240 GlobalFindAtomA
0x4c5244 SetLastError
0x4c5248 lstrcpyA
0x4c524c lstrcatA
0x4c5254 GlobalFlags
0x4c5258 MulDiv
0x4c525c lstrcpynA
0x4c5260 TlsGetValue
0x4c5264 LocalReAlloc
0x4c5268 TlsSetValue
0x4c5270 GlobalReAlloc
0x4c5278 TlsFree
0x4c527c GlobalHandle
0x4c5284 TlsAlloc
0x4c5288 GetProcAddress
0x4c528c VirtualFree
0x4c5290 VirtualAlloc
0x4c5298 LocalFree
0x4c529c LocalAlloc
0x4c52a0 GlobalDeleteAtom
0x4c52a4 lstrcmpA
0x4c52a8 GetCurrentThread
0x4c52ac GetCurrentThreadId
0x4c52b0 lstrcmpiA
0x4c52b8 GetSystemInfo
0x4c52bc lstrlenA
0x4c52c0 GetTempPathA
0x4c52c4 GetSystemDirectoryA
0x4c52cc GetVersionExA
0x4c52d0 GetCurrentProcess
库: USER32.dll:
0x4c5324 GetDesktopWindow
0x4c5328 GetWindow
0x4c532c IsWindowVisible
0x4c5330 GetWindowTextA
0x4c5334 GetClassNameA
0x4c533c ClientToScreen
0x4c5340 GetWindowRect
0x4c5344 GetParent
0x4c5348 MoveWindow
0x4c534c UpdateWindow
0x4c5350 BringWindowToTop
0x4c5354 LoadCursorW
0x4c535c RegisterClassExW
0x4c5360 DefWindowProcW
0x4c5364 SetCursor
0x4c5368 SendMessageA
0x4c536c KillTimer
0x4c5370 FindWindowExA
0x4c5374 IntersectRect
0x4c5378 InvalidateRect
0x4c537c UpdateLayeredWindow
0x4c5380 ReleaseCapture
0x4c5384 PostMessageW
0x4c5388 IsZoomed
0x4c538c IsIconic
0x4c5390 GetPropA
0x4c5394 LoadCursorFromFileW
0x4c5398 SetTimer
0x4c539c PtInRect
0x4c53a0 ReleaseDC
0x4c53a4 SetCaretPos
0x4c53a8 GetCursorPos
0x4c53ac CallWindowProcW
0x4c53b0 TrackMouseEvent
0x4c53b4 ShowWindow
0x4c53b8 BeginPaint
0x4c53bc EndPaint
0x4c53c0 SetCapture
0x4c53c4 GetAsyncKeyState
0x4c53c8 GetSystemMetrics
0x4c53cc GetFocus
0x4c53d0 SetFocus
0x4c53d4 EnableWindow
0x4c53d8 IsWindowEnabled
0x4c53dc GetForegroundWindow
0x4c53e0 GetActiveWindow
0x4c53e4 SetActiveWindow
0x4c53e8 PostQuitMessage
0x4c53ec PostMessageA
0x4c53f0 GetWindowLongA
0x4c53f4 GetLastActivePopup
0x4c53f8 SetWindowsHookExA
0x4c53fc ValidateRect
0x4c5400 DispatchMessageW
0x4c5404 GetKeyState
0x4c5408 GetNextDlgTabItem
0x4c540c EnableMenuItem
0x4c5410 CheckMenuItem
0x4c5414 SetMenuItemBitmaps
0x4c5418 ModifyMenuA
0x4c541c GetMenuState
0x4c5420 LoadBitmapA
0x4c542c GetDlgCtrlID
0x4c5430 SetWindowTextA
0x4c5434 UnhookWindowsHookEx
0x4c5438 GetMenuItemCount
0x4c543c GetDC
0x4c5440 TabbedTextOutA
0x4c5444 DrawTextA
0x4c5448 GrayStringA
0x4c544c GetDlgItem
0x4c5450 SendDlgItemMessageA
0x4c5454 IsDialogMessageA
0x4c5458 SetWindowLongA
0x4c545c GetWindowPlacement
0x4c5464 GetMessagePos
0x4c5468 GetMessageTime
0x4c546c DefWindowProcA
0x4c5470 CallWindowProcA
0x4c5474 GetClassLongA
0x4c5478 CreateWindowExA
0x4c547c DestroyWindow
0x4c5480 GetMenuItemID
0x4c5484 GetSubMenu
0x4c5488 GetMenu
0x4c548c RegisterClassA
0x4c5490 GetClassInfoA
0x4c5494 WinHelpA
0x4c5498 GetCapture
0x4c549c GetTopWindow
0x4c54a0 CopyRect
0x4c54a4 GetClientRect
0x4c54a8 AdjustWindowRectEx
0x4c54ac GetSysColor
0x4c54b0 MapWindowPoints
0x4c54b4 LoadIconA
0x4c54b8 LoadCursorA
0x4c54bc GetSysColorBrush
0x4c54c0 LoadStringA
0x4c54c4 UnregisterClassA
0x4c54c8 PostThreadMessageA
0x4c54cc DestroyMenu
0x4c54d4 EndDialog
0x4c54d8 SetWindowLongW
0x4c54dc SetWindowPos
0x4c54e0 SetPropA
0x4c54e4 GetClassLongW
0x4c54e8 GetWindowTextW
0x4c54ec SetWindowRgn
0x4c54f0 RemovePropA
0x4c54f4 TranslateMessage
0x4c54f8 GetMessageW
0x4c54fc IsWindow
0x4c5500 PeekMessageA
0x4c5504 GetClassNameW
0x4c550c SendMessageW
0x4c5510 CreateWindowExW
0x4c5518 CopyImage
0x4c5520 CallNextHookEx
0x4c5524 SetForegroundWindow
0x4c5528 MessageBoxA
0x4c552c wsprintfA
0x4c5530 DispatchMessageA
0x4c5534 GetMessageA
库: ADVAPI32.dll:
0x4c5000 CreateServiceA
0x4c5004 OpenSCManagerA
0x4c5008 CloseServiceHandle
0x4c500c OpenServiceA
0x4c5010 StartServiceA
0x4c5014 ControlService
0x4c5018 DeleteService
0x4c501c RegCloseKey
0x4c5020 RegQueryValueExA
0x4c5024 RegOpenKeyA
0x4c5028 RegCreateKeyExA
0x4c502c RegOpenKeyExA
0x4c5030 RegSetValueExA
库: SHELL32.dll:
0x4c5310 ShellExecuteA
0x4c5314 Shell_NotifyIconW
库: ole32.dll:
0x4c5688 CLSIDFromProgID
0x4c568c CoCreateInstance
0x4c5690 OleRun
0x4c5694 CoUninitialize
0x4c5698 CoInitialize
0x4c569c StringFromGUID2
0x4c56a0 CLSIDFromString
0x4c56a8 OleInitialize
0x4c56ac OleUninitialize
0x4c56bc OleFlushClipboard
0x4c56c0 CoRevokeClassObject
库: SHLWAPI.dll:
0x4c531c PathFileExistsA
库: GDI32.dll:
0x4c5040 BitBlt
0x4c5044 CreateCompatibleDC
0x4c5048 CreateDIBSection
0x4c504c SelectObject
0x4c5050 DeleteObject
0x4c5054 DeleteDC
0x4c5058 CreateRoundRectRgn
0x4c505c CreateRectRgn
0x4c5060 GetDIBits
0x4c5064 GetObjectA
0x4c5068 GetStockObject
0x4c506c CreateBitmap
0x4c5070 SaveDC
0x4c5074 RestoreDC
0x4c5078 SetTextColor
0x4c507c SetMapMode
0x4c5080 SetViewportOrgEx
0x4c5084 OffsetViewportOrgEx
0x4c5088 SetViewportExtEx
0x4c508c ScaleViewportExtEx
0x4c5090 SetWindowExtEx
0x4c5094 ScaleWindowExtEx
0x4c5098 GetClipBox
0x4c509c SetBkColor
0x4c50a0 Escape
0x4c50a4 ExtTextOutA
0x4c50a8 TextOutA
0x4c50ac RectVisible
0x4c50b0 PtVisible
0x4c50b4 GetDeviceCaps
库: gdiplus.dll:
0x4c554c GdipCreatePath
0x4c5550 GdipDeletePath
0x4c5554 GdipDrawPath
0x4c555c GdipDeleteRegion
0x4c5560 GdipGetRegionBounds
0x4c5568 GdipCreateRegion
0x4c556c GdipAddPathArc
0x4c5570 GdipClosePathFigure
0x4c5574 GdipFillPath
0x4c558c GdipGetPropertyItem
0x4c559c GdipCreateLineBrush
0x4c55a0 GdipCreatePen2
0x4c55a4 GdipFillPolygon
0x4c55a8 GdipDrawPolygon
0x4c55b0 GdipGetFamilyName
0x4c55b4 GdipGetFontSize
0x4c55b8 GdipGetFontStyle
0x4c55bc GdipCreateFont
0x4c55c8 GdipDeleteFont
0x4c55d4 GdipDrawRectangle
0x4c55d8 GdipDeletePen
0x4c55dc GdipSetPenDashStyle
0x4c55e0 GdiplusStartup
0x4c55e8 GdipSetClipRegion
0x4c55ec GdipSetClipRect
0x4c55f0 GdipResetClip
0x4c55f4 GdipDeleteGraphics
0x4c55f8 GdipCreateFromHDC
0x4c5604 GdipGraphicsClear
0x4c5610 GdipCloneBitmapArea
0x4c5614 GdipGetImageWidth
0x4c561c GdipDisposeImage
0x4c5620 GdipBitmapLockBits
0x4c5628 GdipDrawImageRect
0x4c563c GdipFillRectangle
0x4c5640 GdipDeleteBrush
0x4c5644 GdipMeasureString
0x4c5648 GdipGetFontHeight
0x4c564c GdipCreateSolidFill
0x4c5650 GdipDrawString
0x4c5680 GdipGetImageHeight
库: IMM32.dll:
0x4c50bc ImmAssociateContext
0x4c50c0 ImmGetContext
库: OLEAUT32.dll:
0x4c52e0 VarR8FromCy
0x4c52e4 VarR8FromBool
0x4c52e8 LoadTypeLib
0x4c52ec LHashValOfNameSys
0x4c52f0 RegisterTypeLib
0x4c52f4 SafeArrayCreate
0x4c52f8 SysAllocString
0x4c52fc VariantClear
0x4c5300 SafeArrayDestroy
0x4c5304 OleLoadPicture
库: oledlg.dll:
0x4c56c8 None
库: WINSPOOL.DRV:
0x4c553c ClosePrinter
0x4c5540 DocumentPropertiesA
0x4c5544 OpenPrinterA
库: COMCTL32.dll:
0x4c5038 None

.text
`.rdata
@.data
.rsrc
3h P
VMProtect begin
VMProtect end
[[[[h$
没有防病毒引擎扫描信息!

进程树


_________win10.exe, PID: 2480, 上一级进程 PID: 2332

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 35.316 seconds )

  • 15.594 Suricata
  • 14.103 Static
  • 3.189 VirusTotal
  • 1.248 TargetInfo
  • 0.429 peid
  • 0.367 NetworkAnalysis
  • 0.262 BehaviorAnalysis
  • 0.09 AnalysisInfo
  • 0.016 config_decoder
  • 0.015 Strings
  • 0.003 Memory

Signatures ( 0.218 seconds )

  • 0.023 antiav_detectreg
  • 0.019 md_url_bl
  • 0.018 md_domain_bl
  • 0.011 api_spamming
  • 0.01 infostealer_ftp
  • 0.009 stealth_timeout
  • 0.008 stealth_decoy_document
  • 0.007 anomaly_persistence_autorun
  • 0.007 antiav_detectfile
  • 0.007 ransomware_extensions
  • 0.007 ransomware_files
  • 0.006 infostealer_im
  • 0.005 antianalysis_detectreg
  • 0.005 infostealer_bitcoin
  • 0.004 infostealer_mail
  • 0.003 tinba_behavior
  • 0.003 antiemu_wine_func
  • 0.003 infostealer_browser_password
  • 0.003 kovter_behavior
  • 0.003 antivm_vbox_files
  • 0.003 geodo_banking_trojan
  • 0.003 disables_browser_warn
  • 0.002 rat_nanocore
  • 0.002 mimics_filetime
  • 0.002 injection_createremotethread
  • 0.002 betabot_behavior
  • 0.002 reads_self
  • 0.002 cerber_behavior
  • 0.002 injection_runpe
  • 0.002 bot_drive
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.001 antivm_vbox_libs
  • 0.001 bootkit
  • 0.001 antiav_avast_libs
  • 0.001 stealth_file
  • 0.001 ursnif_behavior
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 antisandbox_sboxie_libs
  • 0.001 antiav_bitdefender_libs
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 antivm_generic_disk
  • 0.001 virus
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 office_security
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt

Reporting ( 1.153 seconds )

  • 0.895 ReportHTMLSummary
  • 0.258 Malheur
Task ID 473395
Mongo ID 5df25b162f8f2e4e2fb0eac0
Cuckoo release 1.4-Maldun