比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2020-01-18 17:25:47 2020-01-18 17:26:42 55 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 龙心3.2.exe
文件大小 5324800 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 9c43009170a5be92550790bc5f4a9008
SHA1 37bfeba51358c760d50790a66465a739cb5a2f3f
SHA256 2307ed3aca857fc8905a8a5e5353807eeb81a2b54188a317c08bab94b6c4835e
SHA512 a654c03383c44c280d701ad9c8d019f164bceeda9a3fb00be74c4002a214ce2c53c8696f58a6a9ce1b205c3fea7d15647feeef12c6eb0c159b832ec1d7f203d6
CRC32 394D7A95
Ssdeep 98304:p0XPEVo77cRVy6Vzfht58oPEXM/c0fYd6pN0kX6t58oPEXd8Tha4MTX7icCjP:rVdzfRPEXM/cNd6pGkiPEXdHi
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x009717d0
声明校验值 0x00000000
实际校验值 0x00519d37
最低操作系统版本要求 4.0
编译时间 2006-04-01 18:05:04
载入哈希 bcdf97b0527c6a145dad664bc1dd6b1c

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0056e8f4 0x00001000 IMAGE_SCN_MEM_READ 4.83
VProtect 0x00570000 0x00059000 0x00059000 IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.25
VProtect 0x005c9000 0x004a7000 0x004a5000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.98
VProtect 0x00a70000 0x00002000 0x00002000 IMAGE_SCN_MEM_READ 0.71
VProtect 0x00a72000 0x00012000 0x00012000 IMAGE_SCN_MEM_READ 3.14

导入

库: iphlpapi.dll:
0xe71000 GetAdaptersInfo
库: WINMM.dll:
0xe71008 midiStreamProperty
库: WS2_32.dll:
0xe71010 recv
库: KERNEL32.dll:
0xe71018 GetACP
库: USER32.dll:
库: GDI32.dll:
0xe71028 DeleteObject
库: WINSPOOL.DRV:
0xe71030 ClosePrinter
库: ADVAPI32.dll:
0xe71038 RegCloseKey
库: SHELL32.dll:
0xe71040 ShellExecuteA
库: ole32.dll:
0xe71048 OleInitialize
库: OLEAUT32.dll:
库: COMCTL32.dll:
0xe71058 ImageList_Destroy
库: comdlg32.dll:
0xe71060 GetOpenFileNameA
库: KERNEL32.dll:
0x975034 GetProcessHeap
0x975038 Sleep
0x97503c ReadFile
0x975040 CreateFileW
0x975044 lstrcatA
0x975048 SetThreadPriority
0x975050 GetLastError
0x975054 SetLastError
0x975058 VirtualAlloc
0x97505c CopyFileA
0x975060 LoadLibraryA
0x975064 GetModuleFileNameA
0x975068 GetModuleHandleA
0x97506c IsDebuggerPresent
0x975070 VirtualFree
0x975074 SuspendThread
0x975078 DeleteFileA
0x97507c CreateThread
0x975084 TerminateThread
0x975088 GetProcAddress
0x97508c VirtualProtect
0x975090 lstrlenW
0x975098 VirtualProtectEx
0x9750a0 TerminateProcess
0x9750a4 RtlUnwind
0x9750a8 GetModuleHandleW
0x9750ac OutputDebugStringW
0x9750b4 WaitForSingleObject
0x9750bc HeapFree
0x9750c0 GetCurrentProcess
0x9750c4 HeapAlloc
0x9750c8 lstrlenA
0x9750cc CreateMutexW
0x9750d0 GetFileSize
0x9750d4 CreateFileA
0x9750d8 CloseHandle
0x9750dc ExitProcess
库: USER32.dll:
0x975104 LoadCursorW
0x975108 BeginPaint
0x97510c GetDC
0x975110 RegisterClassExW
0x975114 KillTimer
0x975118 EndPaint
0x97511c UnregisterClassW
0x975120 DefWindowProcW
0x975124 MessageBoxA
0x975128 LoadStringW
0x97512c UpdateWindow
0x975130 PeekMessageW
0x975134 CreateWindowExW
0x975138 GetSystemMetrics
0x97513c SetTimer
0x975140 DispatchMessageW
0x975144 DestroyWindow
0x975148 ShowWindow
库: GDI32.dll:
0x975014 DeleteObject
0x975018 SelectObject
0x97501c CreateCompatibleDC
0x975020 BitBlt
0x975024 DeleteDC
0x975028 CreateSolidBrush
0x97502c CreateDIBitmap
库: ADVAPI32.dll:
0x975000 RegCloseKey
库: SHELL32.dll:
0x9750f4 DragQueryFileW
库: ole32.dll:
0x975160 CoInitialize
库: PSAPI.DLL:
库: imagehlp.dll:
0x975158 CheckSumMappedFile
库: COMCTL32.dll:
库: SHLWAPI.dll:
0x9750fc PathFindExtensionW
库: WS2_32.dll:
0x975150 send
库: MSWSOCK.dll:
0x9750e4 AcceptEx
.text
@VProtect
VProtect
VProtect
@VProtect
VProtect Professional v2.1.0.0
SVWUj
bad allocation
bad allocation
bad allocation
bad allocation
bad allocation
bad allocation
MessageBoxTimeoutA
MessageBoxTimeoutW
bad allocation
bad allocation
bad allocation
bad allocation
bad allocation
ExitProcess
CreateFileA
GetFileSize
CreateMutexW
lstrlenA
HeapAlloc
GetCurrentProcess
HeapFree
SetHandleInformation
WaitForSingleObject
OutputDebugStringW
GetModuleHandleW
VirtualFree
GetProcessHeap
Sleep
ReadFile
CreateFileW
lstrcatA
SetThreadPriority
GetHandleInformation
GetLastError
SetLastError
VirtualAlloc
CopyFileA
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
IsDebuggerPresent
CloseHandle
SuspendThread
DeleteFileA
CreateThread
InterlockedDecrement
TerminateThread
GetProcAddress
VirtualProtect
lstrlenW
GetPrivateProfileIntW
VirtualProtectEx
KERNEL32.dll
DispatchMessageW
DefWindowProcW
UpdateWindow
GetSystemMetrics
CreateWindowExW
ShowWindow
PeekMessageW
RegisterClassExW
GetDC
BeginPaint
LoadCursorW
KillTimer
UnregisterClassW
SetTimer
DestroyWindow
EndPaint
LoadStringW
MessageBoxA
USER32.dll
CreateSolidBrush
CreateDIBitmap
CreateCompatibleDC
SelectObject
DeleteObject
DeleteDC
BitBlt
GDI32.dll
RegCloseKey
ADVAPI32.dll
DragQueryFileW
SHELL32.dll
CoInitialize
ole32.dll
GetModuleFileNameExW
PSAPI.DLL
CheckSumMappedFile
imagehlp.dll
InitCommonControlsEx
ImageList_GetIconSize
COMCTL32.dll
PathFindExtensionW
SHLWAPI.dll
WS2_32.dll
AcceptEx
MSWSOCK.dll
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RxMvuC
user32.dll
0588B8BD-A653-4701-AA7B-C8AF862C20A5
0588B8BD-A653-4701-AA7B-C8AF862C20A5
0588B8BD-A653-4701-AA7B-C8AF862C20A5
0588B8BD-A653-4701-AA7B-C8AF862C20A5
EC89625D-9516-4892-B681-9CA5BB4538C1
%s%s%s%s%s%s
没有防病毒引擎扫描信息!

进程树

______3.2.exe, PID: 2640, 上一级进程 PID: 2336
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 36.412 seconds )

  • 16.48 Suricata
  • 15.374 Static
  • 1.57 TargetInfo
  • 1.494 VirusTotal
  • 0.497 BehaviorAnalysis
  • 0.462 peid
  • 0.357 NetworkAnalysis
  • 0.133 AnalysisInfo
  • 0.027 config_decoder
  • 0.015 Strings
  • 0.003 Memory

Signatures ( 0.307 seconds )

  • 0.029 antiav_detectreg
  • 0.025 api_spamming
  • 0.02 stealth_timeout
  • 0.02 md_url_bl
  • 0.017 stealth_decoy_document
  • 0.017 md_domain_bl
  • 0.012 infostealer_ftp
  • 0.01 kovter_behavior
  • 0.009 antiemu_wine_func
  • 0.008 infostealer_browser_password
  • 0.008 antiav_detectfile
  • 0.007 anomaly_persistence_autorun
  • 0.007 infostealer_im
  • 0.007 ransomware_extensions
  • 0.007 ransomware_files
  • 0.006 antiav_avast_libs
  • 0.006 antisandbox_sunbelt_libs
  • 0.006 antianalysis_detectreg
  • 0.006 infostealer_bitcoin
  • 0.005 antisandbox_sboxie_libs
  • 0.005 antiav_bitdefender_libs
  • 0.005 infostealer_mail
  • 0.003 tinba_behavior
  • 0.003 injection_createremotethread
  • 0.003 antivm_vbox_files
  • 0.003 geodo_banking_trojan
  • 0.003 disables_browser_warn
  • 0.002 antivm_vbox_libs
  • 0.002 rat_nanocore
  • 0.002 betabot_behavior
  • 0.002 antidbg_windows
  • 0.002 cerber_behavior
  • 0.002 injection_runpe
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.001 network_tor
  • 0.001 mimics_filetime
  • 0.001 stealth_file
  • 0.001 antisandbox_suspend
  • 0.001 reads_self
  • 0.001 ursnif_behavior
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 antivm_generic_disk
  • 0.001 virus
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 darkcomet_regkeys
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 office_security
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_fingerprint
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt

Reporting ( 1.246 seconds )

  • 0.846 ReportHTMLSummary
  • 0.4 Malheur
Task ID 488328
Mongo ID 5e22cf872f8f2e4bf4636ec1
Cuckoo release 1.4-Maldun