分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2020-01-18 14:33:51 2020-01-18 14:36:10 139 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 神秘人REZ隔离检测v1.0.exe
文件大小 1257472 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 1d37e4b7f1e2d189a4f83959de5f8a32
SHA1 8d0bb5a53c1736b1d508a63ef4f4e1df6e0366a5
SHA256 e55b3f322d23014ba5250b563654f452800ce2ac9544971c4c7769d361696df8
SHA512 84c79274a88c1bd624e3165803d132f66857a2336d558404ac67c5ba7f31c05a307e899833bdbf70fd2572102e2d0426ac2afbe721dff0ace20c6916ce29ce60
CRC32 B6E326DC
Ssdeep 24576:KlEBJsB1XwWpstjRckW7GOgvlUUTVzyQ0y2mL92fE6P9D:KSJJWpuY7slUcV+Q0y2VZd
Yara 登录查看Yara规则
样本下载 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0045ff75
声明校验值 0x00000000
实际校验值 0x0013dd28
最低操作系统版本要求 4.0
编译时间 2020-01-18 13:36:24
载入哈希 3e38c2d4addb5ac9ba080e333ef852a1

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0007ddaa 0x0007e000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.58
.rdata 0x0007f000 0x0009bf44 0x0009c000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.15
.data 0x0011b000 0x000219e8 0x00012000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.04
.rsrc 0x0013d000 0x00005958 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.82

导入

库: KERNEL32.dll:
0x47f174 SetEndOfFile
0x47f178 UnlockFile
0x47f17c LockFile
0x47f180 FlushFileBuffers
0x47f184 SetFilePointer
0x47f188 GetCurrentProcess
0x47f18c DuplicateHandle
0x47f190 lstrcpynA
0x47f194 SetLastError
0x47f1a0 LocalFree
0x47f1a8 CreateSemaphoreA
0x47f1ac ResumeThread
0x47f1b0 ReleaseSemaphore
0x47f1bc GetProfileStringA
0x47f1c0 SetStdHandle
0x47f1c4 IsBadCodePtr
0x47f1c8 IsBadReadPtr
0x47f1cc CompareStringW
0x47f1d0 CompareStringA
0x47f1d8 GetStringTypeW
0x47f1dc GetStringTypeA
0x47f1e0 IsBadWritePtr
0x47f1e4 VirtualAlloc
0x47f1e8 LCMapStringW
0x47f1ec LCMapStringA
0x47f1f4 VirtualFree
0x47f1f8 HeapCreate
0x47f1fc HeapDestroy
0x47f204 GetFileType
0x47f208 GetStdHandle
0x47f20c SetHandleCount
0x47f224 GetACP
0x47f228 HeapSize
0x47f22c TerminateProcess
0x47f230 GetLocalTime
0x47f234 GetSystemTime
0x47f23c WriteFile
0x47f244 CreateFileA
0x47f248 SetEvent
0x47f24c FindResourceA
0x47f250 LoadResource
0x47f254 LockResource
0x47f258 ReadFile
0x47f25c GetModuleFileNameA
0x47f260 WideCharToMultiByte
0x47f264 MultiByteToWideChar
0x47f268 GetCurrentThreadId
0x47f26c ExitProcess
0x47f270 GlobalSize
0x47f274 GlobalFree
0x47f280 lstrcatA
0x47f284 lstrlenA
0x47f288 WinExec
0x47f28c lstrcpyA
0x47f290 FindNextFileA
0x47f294 GlobalReAlloc
0x47f298 HeapFree
0x47f29c HeapReAlloc
0x47f2a0 GetProcessHeap
0x47f2a4 HeapAlloc
0x47f2a8 GetFullPathNameA
0x47f2ac FreeLibrary
0x47f2b0 LoadLibraryA
0x47f2b4 GetLastError
0x47f2b8 GetVersionExA
0x47f2c0 CreateThread
0x47f2c4 CreateEventA
0x47f2c8 Sleep
0x47f2d0 GlobalAlloc
0x47f2d4 GlobalLock
0x47f2d8 GlobalUnlock
0x47f2dc FindFirstFileA
0x47f2e0 FindClose
0x47f2e4 GetFileAttributesA
0x47f2e8 RaiseException
0x47f2ec RtlUnwind
0x47f2f0 GetStartupInfoA
0x47f2f4 GetOEMCP
0x47f2f8 GetCPInfo
0x47f2fc GetProcessVersion
0x47f300 SetErrorMode
0x47f304 GlobalFlags
0x47f308 GetCurrentThread
0x47f30c GetFileTime
0x47f310 GetFileSize
0x47f314 TlsGetValue
0x47f318 LocalReAlloc
0x47f31c TlsSetValue
0x47f320 TlsFree
0x47f324 GlobalHandle
0x47f330 GetModuleHandleA
0x47f334 GetProcAddress
0x47f338 TlsAlloc
0x47f33c LocalAlloc
0x47f340 lstrcmpA
0x47f344 GetVersion
0x47f348 GlobalGetAtomNameA
0x47f34c GlobalAddAtomA
0x47f350 GlobalFindAtomA
0x47f354 GlobalDeleteAtom
0x47f358 lstrcmpiA
0x47f35c MulDiv
0x47f360 GetCommandLineA
0x47f364 GetTickCount
0x47f368 CreateProcessA
0x47f36c WaitForSingleObject
0x47f370 CloseHandle
库: USER32.dll:
0x47f398 OpenClipboard
0x47f39c SetClipboardData
0x47f3a0 EmptyClipboard
0x47f3a4 GetSystemMetrics
0x47f3a8 GetCursorPos
0x47f3ac MessageBoxA
0x47f3b0 SetWindowPos
0x47f3b4 SendMessageA
0x47f3b8 DestroyCursor
0x47f3bc SetParent
0x47f3c0 GetClipboardData
0x47f3c4 PostMessageA
0x47f3c8 GetTopWindow
0x47f3cc GetParent
0x47f3d0 CloseClipboard
0x47f3d4 wsprintfA
0x47f3d8 GetFocus
0x47f3dc GetClientRect
0x47f3e0 InvalidateRect
0x47f3e4 ValidateRect
0x47f3e8 UpdateWindow
0x47f3ec EqualRect
0x47f3f0 GetWindowRect
0x47f3f4 SetForegroundWindow
0x47f3f8 WaitForInputIdle
0x47f3fc IsWindow
0x47f400 RegisterClassA
0x47f404 DestroyMenu
0x47f408 IsChild
0x47f40c ReleaseDC
0x47f410 IsRectEmpty
0x47f414 FillRect
0x47f418 GetDC
0x47f41c SetCursor
0x47f420 LoadCursorA
0x47f424 SetCursorPos
0x47f428 SetActiveWindow
0x47f42c GetSysColor
0x47f430 SetWindowLongA
0x47f434 GetWindowLongA
0x47f438 RedrawWindow
0x47f43c EnableWindow
0x47f440 IsWindowVisible
0x47f444 OffsetRect
0x47f448 PtInRect
0x47f44c DestroyIcon
0x47f450 IntersectRect
0x47f454 InflateRect
0x47f458 SetRect
0x47f45c SetScrollPos
0x47f460 SetScrollRange
0x47f464 GetScrollRange
0x47f468 SetCapture
0x47f46c LoadIconA
0x47f470 TranslateMessage
0x47f474 DrawFrameControl
0x47f478 DrawEdge
0x47f47c DrawFocusRect
0x47f480 WindowFromPoint
0x47f484 GetMessageA
0x47f488 DispatchMessageA
0x47f48c SetRectEmpty
0x47f49c DrawIconEx
0x47f4a0 CreatePopupMenu
0x47f4a4 AppendMenuA
0x47f4a8 ModifyMenuA
0x47f4ac CreateMenu
0x47f4b4 GetDlgCtrlID
0x47f4b8 GetSubMenu
0x47f4bc EnableMenuItem
0x47f4c0 ClientToScreen
0x47f4c8 LoadImageA
0x47f4d0 ShowWindow
0x47f4d4 IsWindowEnabled
0x47f4dc GetKeyState
0x47f4e4 PostQuitMessage
0x47f4e8 IsZoomed
0x47f4ec GetClassInfoA
0x47f4f0 DefWindowProcA
0x47f4f4 GetSystemMenu
0x47f4f8 DeleteMenu
0x47f4fc GetMenu
0x47f500 SetMenu
0x47f504 PeekMessageA
0x47f508 GetWindowTextA
0x47f510 CharUpperA
0x47f514 GetWindowDC
0x47f518 BeginPaint
0x47f51c EndPaint
0x47f520 TabbedTextOutA
0x47f524 DrawTextA
0x47f528 GrayStringA
0x47f52c GetDlgItem
0x47f530 DestroyWindow
0x47f538 EndDialog
0x47f53c GetNextDlgTabItem
0x47f540 GetWindowPlacement
0x47f548 GetForegroundWindow
0x47f54c GetLastActivePopup
0x47f550 GetMessageTime
0x47f554 RemovePropA
0x47f558 CallWindowProcA
0x47f55c GetPropA
0x47f560 UnhookWindowsHookEx
0x47f564 SetPropA
0x47f568 GetClassLongA
0x47f56c CallNextHookEx
0x47f570 SetWindowsHookExA
0x47f574 CreateWindowExA
0x47f578 GetMenuItemID
0x47f57c GetMenuItemCount
0x47f580 UnregisterClassA
0x47f584 GetScrollPos
0x47f588 AdjustWindowRectEx
0x47f58c MapWindowPoints
0x47f590 SendDlgItemMessageA
0x47f594 ScrollWindowEx
0x47f598 IsDialogMessageA
0x47f59c SetWindowTextA
0x47f5a0 MoveWindow
0x47f5a4 CheckMenuItem
0x47f5a8 SetMenuItemBitmaps
0x47f5ac GetMenuState
0x47f5b4 GetClassNameA
0x47f5b8 GetDesktopWindow
0x47f5bc LoadStringA
0x47f5c0 GetSysColorBrush
0x47f5c4 IsIconic
0x47f5c8 SetFocus
0x47f5cc GetActiveWindow
0x47f5d0 GetWindow
0x47f5d8 SetWindowRgn
0x47f5dc GetMessagePos
0x47f5e0 ScreenToClient
0x47f5e8 CopyRect
0x47f5ec LoadBitmapA
0x47f5f0 WinHelpA
0x47f5f4 KillTimer
0x47f5f8 SetTimer
0x47f5fc ReleaseCapture
0x47f600 GetCapture
库: GDI32.dll:
0x47f028 GetClipRgn
0x47f02c CreatePolygonRgn
0x47f030 SelectClipRgn
0x47f034 DeleteObject
0x47f038 CreateDIBitmap
0x47f040 CreatePalette
0x47f044 StretchBlt
0x47f048 SelectPalette
0x47f04c RealizePalette
0x47f050 GetDIBits
0x47f054 GetWindowExtEx
0x47f058 GetViewportOrgEx
0x47f05c GetWindowOrgEx
0x47f060 BeginPath
0x47f064 EndPath
0x47f068 PathToRegion
0x47f06c CreateEllipticRgn
0x47f070 CreateRoundRectRgn
0x47f074 GetTextColor
0x47f078 GetBkMode
0x47f07c GetBkColor
0x47f080 GetROP2
0x47f084 GetStretchBltMode
0x47f088 GetPolyFillMode
0x47f090 CreateDCA
0x47f094 CreateBitmap
0x47f098 SelectObject
0x47f09c GetObjectA
0x47f0a0 CreatePen
0x47f0a4 PatBlt
0x47f0a8 SetStretchBltMode
0x47f0ac CreateRectRgn
0x47f0b0 FillRgn
0x47f0b4 CreateSolidBrush
0x47f0b8 GetStockObject
0x47f0bc CreateFontIndirectA
0x47f0c0 EndPage
0x47f0c4 EndDoc
0x47f0c8 DeleteDC
0x47f0cc StartDocA
0x47f0d0 StartPage
0x47f0d4 BitBlt
0x47f0d8 CreateCompatibleDC
0x47f0dc Ellipse
0x47f0e0 Rectangle
0x47f0e4 LPtoDP
0x47f0e8 DPtoLP
0x47f0ec GetCurrentObject
0x47f0f0 RoundRect
0x47f0f8 GetDeviceCaps
0x47f0fc SaveDC
0x47f100 RestoreDC
0x47f104 SetBkMode
0x47f108 SetPolyFillMode
0x47f10c SetROP2
0x47f110 SetTextColor
0x47f114 SetMapMode
0x47f118 SetViewportOrgEx
0x47f11c OffsetViewportOrgEx
0x47f120 SetViewportExtEx
0x47f124 ScaleViewportExtEx
0x47f128 SetWindowOrgEx
0x47f12c SetWindowExtEx
0x47f130 ScaleWindowExtEx
0x47f134 GetClipBox
0x47f138 ExcludeClipRect
0x47f13c MoveToEx
0x47f140 LineTo
0x47f148 SetBkColor
0x47f14c CombineRgn
0x47f150 GetTextMetricsA
0x47f154 Escape
0x47f158 ExtTextOutA
0x47f15c TextOutA
0x47f160 RectVisible
0x47f164 PtVisible
0x47f168 GetViewportExtEx
0x47f16c ExtSelectClipRgn
库: WINMM.dll:
0x47f608 midiStreamRestart
0x47f60c midiStreamClose
0x47f610 midiOutReset
0x47f614 midiStreamStop
0x47f618 midiStreamOut
0x47f620 midiStreamProperty
0x47f624 midiStreamOpen
0x47f62c waveOutOpen
0x47f630 waveOutGetNumDevs
0x47f634 waveOutClose
0x47f638 waveOutReset
0x47f63c waveOutPause
0x47f640 waveOutWrite
库: WINSPOOL.DRV:
0x47f650 ClosePrinter
0x47f654 DocumentPropertiesA
0x47f658 OpenPrinterA
库: ADVAPI32.dll:
0x47f000 RegCloseKey
0x47f004 RegQueryValueExA
0x47f008 RegOpenKeyExA
0x47f00c RegSetValueExA
0x47f010 RegQueryValueA
0x47f014 RegCreateKeyExA
库: SHELL32.dll:
0x47f38c ShellExecuteA
0x47f390 Shell_NotifyIconA
库: ole32.dll:
0x47f69c OleInitialize
0x47f6a0 OleUninitialize
0x47f6a4 CLSIDFromString
库: OLEAUT32.dll:
0x47f37c UnRegisterTypeLib
0x47f380 RegisterTypeLib
0x47f384 LoadTypeLib
库: COMCTL32.dll:
0x47f01c ImageList_Destroy
0x47f020 None
库: WS2_32.dll:
0x47f660 ioctlsocket
0x47f664 recv
0x47f668 getpeername
0x47f66c accept
0x47f670 recvfrom
0x47f674 WSAAsyncSelect
0x47f678 closesocket
0x47f67c inet_ntoa
0x47f680 WSACleanup
库: comdlg32.dll:
0x47f688 ChooseColorA
0x47f68c GetSaveFileNameA
0x47f690 GetOpenFileNameA
0x47f694 GetFileTitleA

.text
`.rdata
@.data
.rsrc
8`}<j
T$th
|$LVj
|$tVj
D$@Sj
L$8h
D$8Rj
l$<VWj
}'h
9^xu5j
T$,Qj
T$0Pj
D$8RPj
D$0h
T$,Qj
NpRQj
t$<Vj
没有防病毒引擎扫描信息!

进程树


_________REZ____________v1.0.exe, PID: 2628, 上一级进程 PID: 2332

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 24.401 seconds )

  • 15.506 Suricata
  • 5.038 Static
  • 2.207 VirusTotal
  • 0.626 TargetInfo
  • 0.455 peid
  • 0.346 NetworkAnalysis
  • 0.104 AnalysisInfo
  • 0.096 BehaviorAnalysis
  • 0.016 Strings
  • 0.004 config_decoder
  • 0.003 Memory

Signatures ( 0.183 seconds )

  • 0.029 antiav_detectreg
  • 0.014 md_url_bl
  • 0.012 infostealer_ftp
  • 0.01 md_domain_bl
  • 0.009 ransomware_extensions
  • 0.009 ransomware_files
  • 0.008 antiav_detectfile
  • 0.007 anomaly_persistence_autorun
  • 0.007 infostealer_im
  • 0.006 antianalysis_detectreg
  • 0.005 infostealer_bitcoin
  • 0.005 infostealer_mail
  • 0.004 api_spamming
  • 0.004 stealth_timeout
  • 0.003 tinba_behavior
  • 0.003 stealth_decoy_document
  • 0.003 antivm_vbox_files
  • 0.003 geodo_banking_trojan
  • 0.003 disables_browser_warn
  • 0.002 rat_nanocore
  • 0.002 betabot_behavior
  • 0.002 cerber_behavior
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.001 network_tor
  • 0.001 ursnif_behavior
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 shifu_behavior
  • 0.001 antidbg_windows
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 darkcomet_regkeys
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_tor_service
  • 0.001 ransomware_radamant
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_fingerprint
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt
  • 0.001 stealth_modify_security_center_warnings

Reporting ( 1.131 seconds )

  • 0.844 ReportHTMLSummary
  • 0.287 Malheur
Task ID 488305
Mongo ID 5e22a77a2f8f2e4bea6369ac
Cuckoo release 1.4-Maldun