分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2019-12-29 22:48:00 | 2019-12-29 22:50:21 | 141 秒 |
魔盾分数
3.5
可疑的
文件详细信息
| 文件名 | 逐鹿人.exe |
|---|---|
| 文件大小 | 4560896 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 2c4d390afe6232c37b1e30cf1ec52927 |
| SHA1 | aeb3d9b9ad665024a5c03b2f3068f8070fbb9f15 |
| SHA256 | a6f444713e100d821e3b2595e880e0813b1358a4164b8b323752018a9e1f6fc7 |
| SHA512 | 7bad821106ecdd71536d241d5969ac0df17ea6552017f34a470ecab0b66536620d137927f4edd201aae85ea1205225396314dea24e21ec8aa9aa5651f82829e1 |
| CRC32 | 2E0052C0 |
| Ssdeep | 49152:pmQKGYM3kP45R4ZCR/jSuQaNjQJCUXQuzRfV0kfw+QujY22RNi6x:UBP47k41NjiC18po+Bj6Pi6 |
| Yara | 登录查看Yara规则 |
| 样本下载 提交漏报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x00401000 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x004634aa |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2019-12-29 22:42:15 |
| 载入哈希 | e9f45238b186fd000263a217191b6ef2 |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x000ad6cc | 0x000ad800 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.05 |
| .rdata | 0x000af000 | 0x0000e146 | 0x0000e200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.88 |
| .data | 0x000be000 | 0x003a4560 | 0x0038ce00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.26 |
| .rsrc | 0x00463000 | 0x00010b40 | 0x00010c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 2.63 |
导入
库: KERNEL32.dll:
• 0x4af060 LoadResource
• 0x4af064 LockResource
• 0x4af068 SizeofResource
• 0x4af06c FreeResource
• 0x4af070 lstrlenW
• 0x4af074 GlobalSize
• 0x4af078 LocalSize
• 0x4af07c DeviceIoControl
• 0x4af080 CreateFileA
• 0x4af084 GetLastError
• 0x4af088 ExitProcess
• 0x4af08c HeapAlloc
• 0x4af090 HeapReAlloc
• 0x4af094 IsBadReadPtr
• 0x4af098 GetPrivateProfileStringA
• 0x4af09c GetModuleFileNameA
• 0x4af0a0 WriteFile
• 0x4af0a4 SetFileAttributesA
• 0x4af0a8 FindResourceA
• 0x4af0ac CreateProcessA
• 0x4af0b0 GetStartupInfoA
• 0x4af0b4 GetTickCount
• 0x4af0b8 Sleep
• 0x4af0bc FindClose
• 0x4af0c0 FindNextFileA
• 0x4af0c4 DeleteFileA
• 0x4af0c8 RemoveDirectoryA
• 0x4af0cc FindFirstFileA
• 0x4af0d0 RtlMoveMemory
• 0x4af0d4 ReadFile
• 0x4af0d8 GetFileSize
• 0x4af0dc GetUserDefaultLCID
• 0x4af0e0 FormatMessageA
• 0x4af0e4 GetCommandLineA
• 0x4af0e8 FreeLibrary
• 0x4af0ec LoadLibraryA
• 0x4af0f0 GetNativeSystemInfo
• 0x4af0f4 WaitForSingleObject
• 0x4af0f8 GetProcessHeap
• 0x4af0fc GetTempPathA
• 0x4af100 GetSystemDirectoryA
• 0x4af104 GetWindowsDirectoryA
• 0x4af108 GetSystemInfo
• 0x4af10c IsProcessorFeaturePresent
• 0x4af110 CloseHandle
• 0x4af114 SetWaitableTimer
• 0x4af118 MapViewOfFile
• 0x4af11c OpenFileMappingA
• 0x4af120 CreateThread
• 0x4af124 GetModuleHandleA
• 0x4af128 Module32First
• 0x4af12c MoveFileA
• 0x4af130 CreateDirectoryA
• 0x4af134 IsWow64Process
• 0x4af138 Process32Next
• 0x4af13c Process32First
• 0x4af140 GetModuleHandleW
• 0x4af144 CreateToolhelp32Snapshot
• 0x4af148 CreateWaitableTimerW
• 0x4af14c HeapFree
• 0x4af150 GlobalFree
• 0x4af154 GlobalUnlock
• 0x4af158 GlobalLock
• 0x4af15c GlobalAlloc
• 0x4af160 VirtualAlloc
• 0x4af164 MultiByteToWideChar
• 0x4af168 WideCharToMultiByte
• 0x4af16c GetProcAddress
• 0x4af170 VirtualFree
• 0x4af174 LCMapStringA
库: USER32.dll:
• 0x4af22c LoadCursorW
• 0x4af230 LookupIconIdFromDirectoryEx
• 0x4af234 RegisterClassExW
• 0x4af238 DefWindowProcW
• 0x4af23c SetCursor
• 0x4af240 BringWindowToTop
• 0x4af244 KillTimer
• 0x4af248 GetAsyncKeyState
• 0x4af24c IntersectRect
• 0x4af250 InvalidateRect
• 0x4af254 UpdateLayeredWindow
• 0x4af258 SendMessageA
• 0x4af25c UpdateWindow
• 0x4af260 ReleaseCapture
• 0x4af264 CreateWindowExW
• 0x4af268 SendMessageW
• 0x4af26c SystemParametersInfoA
• 0x4af270 GetClassNameW
• 0x4af274 MoveWindow
• 0x4af278 GetMessageW
• 0x4af27c TranslateMessage
• 0x4af280 DispatchMessageW
• 0x4af284 GetSystemMetrics
• 0x4af288 PostMessageW
• 0x4af28c IsZoomed
• 0x4af290 IsIconic
• 0x4af294 GetPropA
• 0x4af298 LoadCursorFromFileW
• 0x4af29c SetTimer
• 0x4af2a0 PtInRect
• 0x4af2a4 ReleaseDC
• 0x4af2a8 SetCaretPos
• 0x4af2ac GetCursorPos
• 0x4af2b0 CallWindowProcW
• 0x4af2b4 PeekMessageA
• 0x4af2b8 GetMessageA
• 0x4af2bc DispatchMessageA
• 0x4af2c0 wsprintfA
• 0x4af2c4 MessageBoxA
• 0x4af2c8 SetForegroundWindow
• 0x4af2cc RemovePropA
• 0x4af2d0 SetWindowRgn
• 0x4af2d4 GetWindowTextW
• 0x4af2d8 GetClassLongW
• 0x4af2dc SetPropA
• 0x4af2e0 SetWindowPos
• 0x4af2e4 SetWindowLongW
• 0x4af2e8 SetFocus
• 0x4af2ec FindWindowExA
• 0x4af2f0 GetDesktopWindow
• 0x4af2f4 GetWindow
• 0x4af2f8 IsWindowVisible
• 0x4af2fc GetWindowTextA
• 0x4af300 GetClassNameA
• 0x4af304 GetWindowThreadProcessId
• 0x4af308 ClientToScreen
• 0x4af30c GetWindowRect
• 0x4af310 GetParent
• 0x4af314 MsgWaitForMultipleObjects
• 0x4af318 CopyImage
• 0x4af31c CreateIconFromResourceEx
• 0x4af320 GetFocus
• 0x4af324 SetCapture
• 0x4af328 EndPaint
• 0x4af32c BeginPaint
• 0x4af330 ShowWindow
• 0x4af334 IsWindow
• 0x4af338 TrackMouseEvent
库: ADVAPI32.dll:
• 0x4af000 ControlService
• 0x4af004 CreateServiceA
• 0x4af008 CloseServiceHandle
• 0x4af00c OpenServiceA
• 0x4af010 StartServiceA
• 0x4af014 DeleteService
• 0x4af018 RegCloseKey
• 0x4af01c RegQueryValueExA
• 0x4af020 RegOpenKeyA
• 0x4af024 OpenSCManagerA
库: SHELL32.dll:
• 0x4af214 ShellExecuteA
• 0x4af218 Shell_NotifyIconW
• 0x4af21c SHGetSpecialFolderPathA
库: ole32.dll:
• 0x4af47c CLSIDFromProgID
• 0x4af480 CoCreateInstance
• 0x4af484 OleRun
• 0x4af488 CoUninitialize
• 0x4af48c CoInitialize
• 0x4af490 StringFromGUID2
• 0x4af494 CLSIDFromString
• 0x4af498 CreateStreamOnHGlobal
库: SHLWAPI.dll:
• 0x4af224 PathFileExistsA
库: GDI32.dll:
• 0x4af02c BitBlt
• 0x4af030 CreateDIBSection
• 0x4af034 SelectObject
• 0x4af038 DeleteObject
• 0x4af03c DeleteDC
• 0x4af040 CreateRoundRectRgn
• 0x4af044 CreateRectRgn
• 0x4af048 GetDIBits
• 0x4af04c CreateCompatibleDC
库: gdiplus.dll:
• 0x4af340 GdipCreateHBITMAPFromBitmap
• 0x4af344 GdipGetCompositingQuality
• 0x4af348 GdipCreatePathGradientFromPath
• 0x4af34c GdipDrawPolygon
• 0x4af350 GdipFillPolygon
• 0x4af354 GdipCreatePen2
• 0x4af358 GdipCreateLineBrush
• 0x4af35c GdipFillPath
• 0x4af360 GdipClosePathFigure
• 0x4af364 GdipAddPathArc
• 0x4af368 GdipCreatePath
• 0x4af36c GdipDeletePath
• 0x4af370 GdipDrawPath
• 0x4af374 GdipCreateRegionHrgn
• 0x4af378 GdipDeleteRegion
• 0x4af37c GdipGetRegionBounds
• 0x4af380 GdipMeasureCharacterRanges
• 0x4af384 GdipCreateRegion
• 0x4af388 GdipSetStringFormatMeasurableCharacterRanges
• 0x4af38c GdipGetImageEncoders
• 0x4af390 GdipGetImageEncodersSize
• 0x4af394 GdipSaveImageToStream
• 0x4af398 GdipLoadImageFromStream
• 0x4af39c GdipGetPropertyItem
• 0x4af3a0 GdipGetPropertyItemSize
• 0x4af3a4 GdipImageGetFrameCount
• 0x4af3a8 GdipImageSelectActiveFrame
• 0x4af3ac GdipGetStringFormatFlags
• 0x4af3b0 GdipGetStringFormatTrimming
• 0x4af3b4 GdipGetStringFormatAlign
• 0x4af3b8 GdipSetStringFormatFlags
• 0x4af3bc GdipSetStringFormatTrimming
• 0x4af3c0 GdipSetStringFormatAlign
• 0x4af3c4 GdipSetInterpolationMode
• 0x4af3c8 GdipSetCompositingQuality
• 0x4af3cc GdipGetImageGraphicsContext
• 0x4af3d0 GdipCreateBitmapFromScan0
• 0x4af3d4 GdipDrawString
• 0x4af3d8 GdipCreateSolidFill
• 0x4af3dc GdipGetFontHeight
• 0x4af3e0 GdipMeasureString
• 0x4af3e4 GdipDeleteBrush
• 0x4af3e8 GdipFillRectangle
• 0x4af3ec GdipCreateLineBrushFromRect
• 0x4af3f0 GdipDeleteStringFormat
• 0x4af3f4 GdipSetStringFormatHotkeyPrefix
• 0x4af3f8 GdipCreateStringFormat
• 0x4af3fc GdipDrawImageRect
• 0x4af400 GdipBitmapUnlockBits
• 0x4af404 GdipBitmapLockBits
• 0x4af408 GdipDisposeImage
• 0x4af40c GdipGetImageHeight
• 0x4af410 GdipGetImageWidth
• 0x4af414 GdipCloneBitmapArea
• 0x4af418 GdipGetImagePixelFormat
• 0x4af41c GdipDrawImageRectRect
• 0x4af420 GdipGraphicsClear
• 0x4af424 GdipSetSmoothingMode
• 0x4af428 GdipGetSmoothingMode
• 0x4af42c GdipCreateFromHDC
• 0x4af430 GdipDeleteGraphics
• 0x4af434 GdipResetClip
• 0x4af438 GdipSetClipRect
• 0x4af43c GdipSetClipRegion
• 0x4af440 GdipCreateImageAttributes
• 0x4af444 GdipSetPenDashStyle
• 0x4af448 GdipDeletePen
• 0x4af44c GdipDrawRectangle
• 0x4af450 GdipSetTextRenderingHint
• 0x4af454 GdipGetTextRenderingHint
• 0x4af458 GdipDeleteFont
• 0x4af45c GdipDeleteFontFamily
• 0x4af460 GdipCreateFontFamilyFromName
• 0x4af464 GdipCreateFont
• 0x4af468 GdipGetFontStyle
• 0x4af46c GdipGetFontSize
• 0x4af470 GdipGetFamilyName
• 0x4af474 GdiplusStartup
库: OLEAUT32.dll:
• 0x4af1e0 VarR8FromCy
• 0x4af1e4 VarR8FromBool
• 0x4af1e8 VariantChangeType
• 0x4af1ec LoadTypeLib
• 0x4af1f0 LHashValOfNameSys
• 0x4af1f4 RegisterTypeLib
• 0x4af1f8 VariantCopy
• 0x4af1fc SafeArrayCreate
• 0x4af200 SysAllocString
• 0x4af204 VariantClear
• 0x4af208 SafeArrayDestroy
• 0x4af20c OleLoadPicture
库: MSVCRT.dll:
• 0x4af17c rand
• 0x4af180 _ftol
• 0x4af184 floor
• 0x4af188 modf
• 0x4af18c ??2@YAPAXI@Z
• 0x4af190 ??3@YAXPAX@Z
• 0x4af194 srand
• 0x4af198 _CIfmod
• 0x4af19c strtod
• 0x4af1a0 free
• 0x4af1a4 malloc
• 0x4af1a8 strncpy
• 0x4af1ac strncmp
• 0x4af1b0 __CxxFrameHandler
• 0x4af1b4 strchr
• 0x4af1b8 realloc
• 0x4af1bc memmove
• 0x4af1c0 _CIacos
• 0x4af1c4 _finite
• 0x4af1c8 strrchr
• 0x4af1cc _CIpow
• 0x4af1d0 _stricmp
• 0x4af1d4 sprintf
• 0x4af1d8 atoi
.text
`.rdata
@.data
.rsrc
VMProtect begin
VMProtect end
[[[[h$
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 32.812 seconds )
- 15.945 Suricata
- 13.015 Static
- 1.415 VirusTotal
- 1.241 TargetInfo
- 0.428 peid
- 0.36 NetworkAnalysis
- 0.249 BehaviorAnalysis
- 0.126 AnalysisInfo
- 0.015 config_decoder
- 0.015 Strings
- 0.003 Memory
Signatures ( 0.227 seconds )
- 0.024 antiav_detectreg
- 0.019 md_url_bl
- 0.017 md_domain_bl
- 0.011 api_spamming
- 0.011 infostealer_ftp
- 0.011 ransomware_files
- 0.009 stealth_timeout
- 0.008 stealth_decoy_document
- 0.008 antiav_detectfile
- 0.007 anomaly_persistence_autorun
- 0.007 infostealer_im
- 0.007 ransomware_extensions
- 0.005 antianalysis_detectreg
- 0.005 infostealer_bitcoin
- 0.004 infostealer_mail
- 0.003 tinba_behavior
- 0.003 antiemu_wine_func
- 0.003 mimics_filetime
- 0.003 infostealer_browser_password
- 0.003 kovter_behavior
- 0.003 antivm_vbox_files
- 0.003 geodo_banking_trojan
- 0.003 disables_browser_warn
- 0.002 rat_nanocore
- 0.002 injection_createremotethread
- 0.002 betabot_behavior
- 0.002 reads_self
- 0.002 cerber_behavior
- 0.002 injection_runpe
- 0.002 browser_security
- 0.002 modify_proxy
- 0.002 md_bad_drop
- 0.001 network_tor
- 0.001 antivm_vbox_libs
- 0.001 bootkit
- 0.001 antiav_avast_libs
- 0.001 stealth_file
- 0.001 ursnif_behavior
- 0.001 antisandbox_sunbelt_libs
- 0.001 antisandbox_sboxie_libs
- 0.001 antiav_bitdefender_libs
- 0.001 kibex_behavior
- 0.001 shifu_behavior
- 0.001 exec_crash
- 0.001 antivm_generic_disk
- 0.001 antidbg_windows
- 0.001 virus
- 0.001 antianalysis_detectfile
- 0.001 antidbg_devices
- 0.001 antivm_generic_diskreg
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 maldun_malicious_drop_executable_file_to_temp_folder
- 0.001 office_security
- 0.001 rat_pcclient
- 0.001 rat_spynet
- 0.001 stealth_hide_notifications
- 0.001 stealth_modify_uac_prompt
Reporting ( 1.069 seconds )
- 0.848 ReportHTMLSummary
- 0.221 Malheur
| Task ID | 481375 |
|---|---|
| Mongo ID | 5e08bd5a2f8f2e408cbd4c52 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号