分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp01-1 | 2020-01-18 19:05:04 | 2020-01-18 19:07:07 | 123 秒 |
魔盾分数
5.5
可疑的
文件详细信息
| 文件名 | 黑龙虾.exe |
|---|---|
| 文件大小 | 8364032 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | c73ca54f8437e648b2782fac207e7a26 |
| SHA1 | 2dc14f4c28e8cb2c2e271815e2fc38d59bda236a |
| SHA256 | 4e104d4dd48662e5d987a654b0078c3ffabb1ff02718aa57e519a0ccabe307c5 |
| SHA512 | da78670c07a737c2f4a99e81761b974cc3f8ec025acd9cac79a03d6e15dd0087cd00d363731f6d2e0ea449aec4ea53fb9f735eacf1f28c776e4a3bf0cf82645b |
| CRC32 | 737F3ABF |
| Ssdeep | 196608:BXvIpSDgblSXim1U5ia+TKsZ99sPwKU+vB7fQ0VfEZTXeW1VZsyr:BUhlSSm1U5iaKbviwx+vB7Y0V8ZTVnu |
| Yara | 登录查看Yara规则 |
| 样本下载 提交漏报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x00afac53 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x00803fd6 |
| 最低操作系统版本要求 | 5.0 |
| 编译时间 | 2020-01-17 22:29:27 |
| 载入哈希 | f6b79dc7b92fd2305480028315994c6e |
| 图标 |  |
| 图标精确哈希值 | 41d303a6ee5afd40ee9c5259a097a637 |
| 图标相似性哈希值 | 3b5d3c7d207e37dceeedd301e35e2e58 |
| 导出DLL库名称 | MZ\x90 |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00114152 | 0x00115000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.78 |
| .rdata | 0x00116000 | 0x00192af4 | 0x00193000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.23 |
| .data | 0x002a9000 | 0x0008a78a | 0x0002a000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 5.22 |
| ezdun0 | 0x00334000 | 0x00319a9f | 0x0031a000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 7.76 |
| ezdun1 | 0x0064e000 | 0x001f5ed0 | 0x001f6000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 7.62 |
| .rsrc | 0x00844000 | 0x00016f31 | 0x00017000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 2.33 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| TEXTINCLUDE | 0x00844d78 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| TEXTINCLUDE | 0x00844d78 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| TEXTINCLUDE | 0x00844d78 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| WAVE | 0x00844ecc | 0x00001448 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.35 | RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 22050 Hz |
| RT_CURSOR | 0x00846898 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.43 | AmigaOS bitmap font |
| RT_CURSOR | 0x00846898 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.43 | AmigaOS bitmap font |
| RT_CURSOR | 0x00846898 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.43 | AmigaOS bitmap font |
| RT_CURSOR | 0x00846898 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.43 | AmigaOS bitmap font |
| RT_CURSOR | 0x00846898 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.43 | AmigaOS bitmap font |
| RT_CURSOR | 0x00846898 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.43 | AmigaOS bitmap font |
| RT_BITMAP | 0x0084818c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0084818c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0084818c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0084818c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0084818c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0084818c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0084818c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0084818c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0084818c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0084818c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0084818c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0084818c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0084818c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0084818c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0084818c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_ICON | 0x008486e0 | 0x00010828 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.88 | dBase III DBT, version number 0, next free block index 40 |
| RT_ICON | 0x008486e0 | 0x00010828 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.88 | dBase III DBT, version number 0, next free block index 40 |
| RT_ICON | 0x008486e0 | 0x00010828 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.88 | dBase III DBT, version number 0, next free block index 40 |
| RT_MENU | 0x00858f14 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
| RT_MENU | 0x00858f14 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
| RT_DIALOG | 0x0085a15c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x0085a15c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x0085a15c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x0085a15c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x0085a15c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x0085a15c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x0085a15c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x0085a15c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x0085a15c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x0085a15c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_STRING | 0x0085aba4 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x0085aba4 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x0085aba4 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x0085aba4 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x0085aba4 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x0085aba4 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x0085aba4 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x0085aba4 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x0085aba4 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x0085aba4 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x0085aba4 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_GROUP_CURSOR | 0x0085ac18 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x0085ac18 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x0085ac18 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x0085ac18 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x0085ac18 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_ICON | 0x0085ac64 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_GROUP_ICON | 0x0085ac64 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_GROUP_ICON | 0x0085ac64 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_MANIFEST | 0x0085ac78 | 0x000002b9 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.02 | XML 1.0 document, ASCII text, with very long lines, with no line terminators |
导入
库: WINMM.dll:
• 0xae5000 waveOutUnprepareHeader
• 0xae5004 midiStreamRestart
• 0xae5008 midiStreamClose
• 0xae500c midiOutReset
• 0xae5010 midiStreamStop
• 0xae5014 PlaySoundA
• 0xae5018 waveOutRestart
• 0xae501c waveOutWrite
• 0xae5020 waveOutPause
• 0xae5024 waveOutReset
• 0xae5028 midiStreamOut
• 0xae502c midiOutPrepareHeader
• 0xae5030 midiStreamProperty
• 0xae5034 midiStreamOpen
• 0xae5038 midiOutUnprepareHeader
• 0xae503c waveOutOpen
• 0xae5040 waveOutGetNumDevs
• 0xae5044 waveOutClose
• 0xae5048 waveOutPrepareHeader
库: WS2_32.dll:
• 0xae5050 inet_ntoa
• 0xae5054 WSAStartup
• 0xae5058 WSACleanup
• 0xae505c select
• 0xae5060 send
• 0xae5064 closesocket
• 0xae5068 WSAAsyncSelect
• 0xae506c recvfrom
• 0xae5070 ioctlsocket
• 0xae5074 recv
• 0xae5078 getpeername
• 0xae507c accept
• 0xae5080 ntohl
库: VERSION.dll:
• 0xae5088 VerLanguageNameA
库: MSVFW32.dll:
• 0xae5090 DrawDibDraw
库: KERNEL32.dll:
• 0xae50b0 GetSystemDefaultLangID
• 0xae50b4 GetLocaleInfoA
• 0xae50b8 GetVersion
• 0xae50bc FileTimeToSystemTime
• 0xae50c0 GetTimeZoneInformation
• 0xae50c4 ReleaseMutex
• 0xae50c8 SuspendThread
• 0xae50cc InterlockedIncrement
• 0xae50d0 InterlockedDecrement
• 0xae50d4 LocalFree
• 0xae50d8 FileTimeToLocalFileTime
• 0xae50dc lstrcpynA
• 0xae50e0 DuplicateHandle
• 0xae50e4 FlushFileBuffers
• 0xae50e8 LockFile
• 0xae50ec UnlockFile
• 0xae50f0 SetEndOfFile
• 0xae50f4 lstrcmpiA
• 0xae50f8 GlobalDeleteAtom
• 0xae50fc GlobalFindAtomA
• 0xae5100 GlobalAddAtomA
• 0xae5104 GlobalGetAtomNameA
• 0xae5108 lstrcmpA
• 0xae510c LocalAlloc
• 0xae5110 TlsAlloc
• 0xae5114 GlobalHandle
• 0xae5118 TlsFree
• 0xae511c TlsSetValue
• 0xae5120 LocalReAlloc
• 0xae5124 TlsGetValue
• 0xae5128 GetFileTime
• 0xae512c GetCurrentThread
• 0xae5130 GlobalFlags
• 0xae5134 SetErrorMode
• 0xae5138 GetProcessVersion
• 0xae513c GetCPInfo
• 0xae5140 GetOEMCP
• 0xae5144 GetStartupInfoA
• 0xae5148 RtlUnwind
• 0xae514c GetSystemTime
• 0xae5150 GetLocalTime
• 0xae5154 RaiseException
• 0xae5158 HeapSize
• 0xae515c GetACP
• 0xae5160 SetStdHandle
• 0xae5164 GetFileType
• 0xae5168 UnhandledExceptionFilter
• 0xae516c FreeEnvironmentStringsA
• 0xae5170 FreeEnvironmentStringsW
• 0xae5174 GetEnvironmentStrings
• 0xae5178 GetEnvironmentStringsW
• 0xae517c SetHandleCount
• 0xae5180 GetStdHandle
• 0xae5184 GetEnvironmentVariableA
• 0xae5188 HeapDestroy
• 0xae518c HeapCreate
• 0xae5190 VirtualFree
• 0xae5194 SetEnvironmentVariableA
• 0xae5198 LCMapStringA
• 0xae519c LCMapStringW
• 0xae51a0 VirtualAlloc
• 0xae51a4 IsBadWritePtr
• 0xae51a8 SetUnhandledExceptionFilter
• 0xae51ac GetStringTypeA
• 0xae51b0 GetStringTypeW
• 0xae51b4 CompareStringA
• 0xae51b8 CompareStringW
• 0xae51bc IsBadReadPtr
• 0xae51c0 IsBadCodePtr
• 0xae51c4 IsValidLocale
• 0xae51c8 IsValidCodePage
• 0xae51cc EnumSystemLocalesA
• 0xae51d0 GetLocaleInfoW
• 0xae51d4 GetSystemInfo
• 0xae51d8 IsProcessorFeaturePresent
• 0xae51dc SetLastError
• 0xae51e0 GetSystemDirectoryA
• 0xae51e4 GetWindowsDirectoryA
• 0xae51e8 OpenProcess
• 0xae51ec TerminateProcess
• 0xae51f0 GetCurrentProcess
• 0xae51f4 GetFileSize
• 0xae51f8 SetFilePointer
• 0xae51fc CreateToolhelp32Snapshot
• 0xae5200 Process32First
• 0xae5204 Process32Next
• 0xae5208 TerminateThread
• 0xae520c CreateSemaphoreA
• 0xae5210 ResumeThread
• 0xae5214 ReleaseSemaphore
• 0xae5218 EnterCriticalSection
• 0xae521c LeaveCriticalSection
• 0xae5220 GetProfileStringA
• 0xae5224 WriteFile
• 0xae5228 WaitForMultipleObjects
• 0xae522c CreateFileA
• 0xae5230 SetEvent
• 0xae5234 FindResourceA
• 0xae5238 LoadResource
• 0xae523c LockResource
• 0xae5240 ReadFile
• 0xae5244 RemoveDirectoryA
• 0xae5248 GetModuleFileNameA
• 0xae524c WideCharToMultiByte
• 0xae5250 MultiByteToWideChar
• 0xae5254 GetCurrentThreadId
• 0xae5258 ExitProcess
• 0xae525c GlobalSize
• 0xae5260 GlobalFree
• 0xae5264 DeleteCriticalSection
• 0xae5268 InitializeCriticalSection
• 0xae526c lstrcatA
• 0xae5270 lstrlenA
• 0xae5274 WinExec
• 0xae5278 lstrcpyA
• 0xae527c FindNextFileA
• 0xae5280 GlobalReAlloc
• 0xae5284 HeapFree
• 0xae5288 HeapReAlloc
• 0xae528c GetProcessHeap
• 0xae5290 HeapAlloc
• 0xae5294 GetUserDefaultLCID
• 0xae5298 GetFullPathNameA
• 0xae529c FreeLibrary
• 0xae52a0 LoadLibraryA
• 0xae52a4 GetLastError
• 0xae52a8 GetVersionExA
• 0xae52ac WritePrivateProfileStringA
• 0xae52b0 GetPrivateProfileStringA
• 0xae52b4 CreateThread
• 0xae52b8 CreateEventA
• 0xae52bc Sleep
• 0xae52c0 GlobalAlloc
• 0xae52c4 GlobalLock
• 0xae52c8 GlobalUnlock
• 0xae52cc GetTempPathA
• 0xae52d0 FindFirstFileA
• 0xae52d4 FindClose
• 0xae52d8 SetFileAttributesA
• 0xae52dc GetFileAttributesA
• 0xae52e0 DeleteFileA
• 0xae52e4 SetCurrentDirectoryA
• 0xae52e8 GetVolumeInformationA
• 0xae52ec GetModuleHandleA
• 0xae52f0 GetProcAddress
• 0xae52f4 MulDiv
• 0xae52f8 GetCommandLineA
• 0xae52fc GetTickCount
• 0xae5300 CreateProcessA
• 0xae5304 WaitForSingleObject
• 0xae5308 CloseHandle
• 0xae530c InterlockedExchange
• 0xae5310 CreateMutexA
库: USER32.dll:
• 0xae5318 LoadStringA
• 0xae531c GetMenuCheckMarkDimensions
• 0xae5320 GetMenuState
• 0xae5324 SetMenuItemBitmaps
• 0xae5328 CheckMenuItem
• 0xae532c MoveWindow
• 0xae5330 IsDialogMessageA
• 0xae5334 ScrollWindowEx
• 0xae5338 SendDlgItemMessageA
• 0xae533c MapWindowPoints
• 0xae5340 AdjustWindowRectEx
• 0xae5344 GetScrollPos
• 0xae5348 RegisterClassA
• 0xae534c GetMenuItemCount
• 0xae5350 GetMenuItemID
• 0xae5354 SetWindowsHookExA
• 0xae5358 CallNextHookEx
• 0xae535c GetClassLongA
• 0xae5360 SetPropA
• 0xae5364 UnhookWindowsHookEx
• 0xae5368 GetPropA
• 0xae536c RemovePropA
• 0xae5370 GetMessageTime
• 0xae5374 GetLastActivePopup
• 0xae5378 RegisterWindowMessageA
• 0xae537c GetWindowPlacement
• 0xae5380 EndDialog
• 0xae5384 CreateDialogIndirectParamA
• 0xae5388 DestroyWindow
• 0xae538c GrayStringA
• 0xae5390 DrawTextA
• 0xae5394 TabbedTextOutA
• 0xae5398 EndPaint
• 0xae539c BeginPaint
• 0xae53a0 GetWindowDC
• 0xae53a4 CharUpperA
• 0xae53a8 GetWindowTextLengthA
• 0xae53ac SetWindowTextA
• 0xae53b0 DrawStateA
• 0xae53b4 FrameRect
• 0xae53b8 GetNextDlgTabItem
• 0xae53bc UnregisterHotKey
• 0xae53c0 RegisterHotKey
• 0xae53c4 CreateWindowExA
• 0xae53c8 CallWindowProcA
• 0xae53cc UnregisterClassA
• 0xae53d0 GetWindowTextA
• 0xae53d4 GetDlgItem
• 0xae53d8 FindWindowA
• 0xae53dc GetWindowThreadProcessId
• 0xae53e0 GetClassNameA
• 0xae53e4 GetDesktopWindow
• 0xae53e8 GetKeyboardLayout
• 0xae53ec LoadIconA
• 0xae53f0 TranslateMessage
• 0xae53f4 DrawFrameControl
• 0xae53f8 DrawEdge
• 0xae53fc DrawFocusRect
• 0xae5400 WindowFromPoint
• 0xae5404 GetMessageA
• 0xae5408 DispatchMessageA
• 0xae540c SetRectEmpty
• 0xae5410 RegisterClipboardFormatA
• 0xae5414 CreateIconFromResourceEx
• 0xae5418 GetSysColorBrush
• 0xae541c DrawIconEx
• 0xae5420 CreatePopupMenu
• 0xae5424 AppendMenuA
• 0xae5428 ModifyMenuA
• 0xae542c CreateMenu
• 0xae5430 CreateAcceleratorTableA
• 0xae5434 GetDlgCtrlID
• 0xae5438 GetSubMenu
• 0xae543c EnableMenuItem
• 0xae5440 ClientToScreen
• 0xae5444 EnumDisplaySettingsA
• 0xae5448 LoadImageA
• 0xae544c SystemParametersInfoA
• 0xae5450 ShowWindow
• 0xae5454 IsWindowEnabled
• 0xae5458 TranslateAcceleratorA
• 0xae545c GetKeyState
• 0xae5460 CopyAcceleratorTableA
• 0xae5464 PostQuitMessage
• 0xae5468 IsZoomed
• 0xae546c GetClassInfoA
• 0xae5470 DefWindowProcA
• 0xae5474 GetSystemMenu
• 0xae5478 DeleteMenu
• 0xae547c GetMenu
• 0xae5480 SetMenu
• 0xae5484 PeekMessageA
• 0xae5488 IsIconic
• 0xae548c SetFocus
• 0xae5490 GetActiveWindow
• 0xae5494 GetWindow
• 0xae5498 DestroyAcceleratorTable
• 0xae549c SetWindowRgn
• 0xae54a0 GetMessagePos
• 0xae54a4 ScreenToClient
• 0xae54a8 ChildWindowFromPointEx
• 0xae54ac CopyRect
• 0xae54b0 LoadBitmapA
• 0xae54b4 WinHelpA
• 0xae54b8 KillTimer
• 0xae54bc SetTimer
• 0xae54c0 ReleaseCapture
• 0xae54c4 GetCapture
• 0xae54c8 SetCapture
• 0xae54cc GetScrollRange
• 0xae54d0 SetScrollRange
• 0xae54d4 SetScrollPos
• 0xae54d8 SetRect
• 0xae54dc InflateRect
• 0xae54e0 DestroyIcon
• 0xae54e4 PtInRect
• 0xae54e8 OffsetRect
• 0xae54ec IsWindowVisible
• 0xae54f0 EnableWindow
• 0xae54f4 RedrawWindow
• 0xae54f8 GetWindowLongA
• 0xae54fc SetWindowLongA
• 0xae5500 GetSysColor
• 0xae5504 SetActiveWindow
• 0xae5508 SetCursorPos
• 0xae550c LoadCursorA
• 0xae5510 SetCursor
• 0xae5514 GetDC
• 0xae5518 FillRect
• 0xae551c IsRectEmpty
• 0xae5520 ReleaseDC
• 0xae5524 IsChild
• 0xae5528 DestroyMenu
• 0xae552c SetForegroundWindow
• 0xae5530 GetWindowRect
• 0xae5534 EqualRect
• 0xae5538 UpdateWindow
• 0xae553c ValidateRect
• 0xae5540 InvalidateRect
• 0xae5544 GetClientRect
• 0xae5548 GetFocus
• 0xae554c GetParent
• 0xae5550 GetTopWindow
• 0xae5554 PostMessageA
• 0xae5558 IsWindow
• 0xae555c SetParent
• 0xae5560 DestroyCursor
• 0xae5564 SendMessageA
• 0xae5568 SetWindowPos
• 0xae556c MessageBoxA
• 0xae5570 GetCursorPos
• 0xae5574 GetSystemMetrics
• 0xae5578 EmptyClipboard
• 0xae557c SetClipboardData
• 0xae5580 OpenClipboard
• 0xae5584 GetClipboardData
• 0xae5588 CloseClipboard
• 0xae558c wsprintfA
• 0xae5590 WaitForInputIdle
• 0xae5594 CreateIconFromResource
• 0xae5598 IntersectRect
• 0xae559c GetForegroundWindow
库: GDI32.dll:
• 0xae55a4 GetStretchBltMode
• 0xae55a8 GetROP2
• 0xae55ac GetPolyFillMode
• 0xae55b0 CreateCompatibleBitmap
• 0xae55b4 GetBkColor
• 0xae55b8 CreateDCA
• 0xae55bc CreateBitmap
• 0xae55c0 CreatePatternBrush
• 0xae55c4 SelectObject
• 0xae55c8 GetBkMode
• 0xae55cc CreatePen
• 0xae55d0 PatBlt
• 0xae55d4 CombineRgn
• 0xae55d8 GetTextColor
• 0xae55dc CreateRectRgn
• 0xae55e0 CreateRoundRectRgn
• 0xae55e4 CreateEllipticRgn
• 0xae55e8 PathToRegion
• 0xae55ec EndPath
• 0xae55f0 BeginPath
• 0xae55f4 GetWindowOrgEx
• 0xae55f8 GetViewportOrgEx
• 0xae55fc SaveDC
• 0xae5600 RestoreDC
• 0xae5604 SetPolyFillMode
• 0xae5608 SetROP2
• 0xae560c SetMapMode
• 0xae5610 FillRgn
• 0xae5614 OffsetViewportOrgEx
• 0xae5618 SetViewportExtEx
• 0xae561c ScaleViewportExtEx
• 0xae5620 SetWindowOrgEx
• 0xae5624 SetWindowExtEx
• 0xae5628 CreateSolidBrush
• 0xae562c GetClipBox
• 0xae5630 ExcludeClipRect
• 0xae5634 MoveToEx
• 0xae5638 LineTo
• 0xae563c ExtSelectClipRgn
• 0xae5640 GetViewportExtEx
• 0xae5644 PtVisible
• 0xae5648 RectVisible
• 0xae564c ExtTextOutA
• 0xae5650 Escape
• 0xae5654 GetTextMetricsA
• 0xae5658 SetBkColor
• 0xae565c CreateRectRgnIndirect
• 0xae5660 CreateDIBSection
• 0xae5664 SetStretchBltMode
• 0xae5668 GetClipRgn
• 0xae566c CreatePolygonRgn
• 0xae5670 SelectClipRgn
• 0xae5674 DeleteObject
• 0xae5678 CreateDIBitmap
• 0xae567c GetSystemPaletteEntries
• 0xae5680 CreatePalette
• 0xae5684 StretchBlt
• 0xae5688 SelectPalette
• 0xae568c RealizePalette
• 0xae5690 GetDIBits
• 0xae5694 CreateFontIndirectA
• 0xae5698 GetStockObject
• 0xae569c GetObjectA
• 0xae56a0 EndPage
• 0xae56a4 EndDoc
• 0xae56a8 DeleteDC
• 0xae56ac StartDocA
• 0xae56b0 StartPage
• 0xae56b4 BitBlt
• 0xae56b8 GetPixel
• 0xae56bc CreateCompatibleDC
• 0xae56c0 ScaleWindowExtEx
• 0xae56c4 SetDIBitsToDevice
• 0xae56c8 SetTextColor
• 0xae56cc SetBkMode
• 0xae56d0 Ellipse
• 0xae56d4 Rectangle
• 0xae56d8 LPtoDP
• 0xae56dc DPtoLP
• 0xae56e0 GetCurrentObject
• 0xae56e4 RoundRect
• 0xae56e8 GetTextExtentPoint32A
• 0xae56ec TextOutA
• 0xae56f0 TranslateCharsetInfo
• 0xae56f4 SetViewportOrgEx
• 0xae56f8 GetDeviceCaps
• 0xae56fc GetWindowExtEx
• 0xae5700 CreateFontA
库: comdlg32.dll:
• 0xae5718 GetFileTitleA
• 0xae571c GetOpenFileNameA
• 0xae5720 ChooseColorA
• 0xae5724 GetSaveFileNameA
库: ADVAPI32.dll:
• 0xae572c RegCreateKeyExA
• 0xae5730 GetUserNameA
• 0xae5734 RegOpenKeyA
• 0xae5738 RegQueryValueA
• 0xae573c RegSetValueExA
• 0xae5740 RegOpenKeyExA
• 0xae5744 RegQueryValueExA
• 0xae5748 RegCloseKey
库: SHELL32.dll:
• 0xae5750 ShellExecuteA
• 0xae5754 DragAcceptFiles
• 0xae5758 DragFinish
• 0xae575c DragQueryFileA
• 0xae5760 Shell_NotifyIconA
• 0xae5764 SHGetSpecialFolderPathA
库: COMCTL32.dll:
• 0xae578c ImageList_Add
• 0xae5790 ImageList_BeginDrag
• 0xae5794 ImageList_Create
• 0xae5798 ImageList_Destroy
• 0xae579c ImageList_DragEnter
• 0xae57a0 ImageList_DragLeave
• 0xae57a4 ImageList_DragMove
• 0xae57a8 ImageList_DragShowNolock
• 0xae57ac ImageList_EndDrag
• 0xae57b0 None
• 0xae57b4 _TrackMouseEvent
库: WININET.dll:
• 0xae57bc InternetCloseHandle
库: WTSAPI32.dll:
• 0xae57c4 WTSSendMessageW
库: KERNEL32.dll:
• 0xae57cc VirtualQuery
• 0xae57d0 GetSystemTimeAsFileTime
• 0xae57d4 GetModuleHandleA
• 0xae57d8 CreateEventA
• 0xae57dc GetModuleFileNameW
• 0xae57e0 LoadLibraryA
• 0xae57e4 TerminateProcess
• 0xae57e8 GetCurrentProcess
• 0xae57ec CreateToolhelp32Snapshot
• 0xae57f0 Thread32First
• 0xae57f4 GetCurrentProcessId
• 0xae57f8 GetCurrentThreadId
• 0xae57fc OpenThread
• 0xae5800 Thread32Next
• 0xae5804 CloseHandle
• 0xae5808 SuspendThread
• 0xae580c ResumeThread
• 0xae5810 WriteProcessMemory
• 0xae5814 GetSystemInfo
• 0xae5818 VirtualAlloc
• 0xae581c VirtualProtect
• 0xae5820 VirtualFree
• 0xae5824 GetProcessAffinityMask
• 0xae5828 SetProcessAffinityMask
• 0xae582c GetCurrentThread
• 0xae5830 SetThreadAffinityMask
• 0xae5834 Sleep
• 0xae5838 FreeLibrary
• 0xae583c GetTickCount
• 0xae5840 GlobalFree
• 0xae5844 GetProcAddress
• 0xae5848 LocalAlloc
• 0xae584c LocalFree
• 0xae5850 ExitProcess
• 0xae5854 EnterCriticalSection
• 0xae5858 LeaveCriticalSection
• 0xae585c InitializeCriticalSection
• 0xae5860 DeleteCriticalSection
• 0xae5864 GetModuleHandleW
• 0xae5868 LoadResource
• 0xae586c MultiByteToWideChar
• 0xae5870 FindResourceExW
• 0xae5874 FindResourceExA
• 0xae5878 WideCharToMultiByte
• 0xae587c GetThreadLocale
• 0xae5880 GetUserDefaultLCID
• 0xae5884 GetSystemDefaultLCID
• 0xae5888 EnumResourceNamesA
• 0xae588c EnumResourceNamesW
• 0xae5890 EnumResourceLanguagesA
• 0xae5894 EnumResourceLanguagesW
• 0xae5898 EnumResourceTypesA
• 0xae589c EnumResourceTypesW
• 0xae58a0 CreateFileW
• 0xae58a4 LoadLibraryW
• 0xae58a8 GetLastError
• 0xae58ac FlushFileBuffers
• 0xae58b0 CreateFileA
• 0xae58b4 WriteConsoleW
• 0xae58b8 GetConsoleOutputCP
• 0xae58bc WriteConsoleA
• 0xae58c0 GetCommandLineA
• 0xae58c4 RaiseException
• 0xae58c8 RtlUnwind
• 0xae58cc HeapFree
• 0xae58d0 GetCPInfo
• 0xae58d4 InterlockedIncrement
• 0xae58d8 InterlockedDecrement
• 0xae58dc GetACP
• 0xae58e0 GetOEMCP
• 0xae58e4 IsValidCodePage
• 0xae58e8 TlsGetValue
• 0xae58ec TlsAlloc
• 0xae58f0 TlsSetValue
• 0xae58f4 TlsFree
• 0xae58f8 SetLastError
• 0xae58fc UnhandledExceptionFilter
• 0xae5900 SetUnhandledExceptionFilter
• 0xae5904 IsDebuggerPresent
• 0xae5908 HeapAlloc
• 0xae590c LCMapStringA
• 0xae5910 LCMapStringW
• 0xae5914 SetHandleCount
• 0xae5918 GetStdHandle
• 0xae591c GetFileType
• 0xae5920 GetStartupInfoA
• 0xae5924 GetModuleFileNameA
• 0xae5928 FreeEnvironmentStringsA
• 0xae592c GetEnvironmentStrings
• 0xae5930 FreeEnvironmentStringsW
• 0xae5934 GetEnvironmentStringsW
• 0xae5938 HeapCreate
• 0xae593c HeapDestroy
• 0xae5940 QueryPerformanceCounter
• 0xae5944 HeapReAlloc
• 0xae5948 GetStringTypeA
• 0xae594c GetStringTypeW
• 0xae5950 GetLocaleInfoA
• 0xae5954 HeapSize
• 0xae5958 WriteFile
• 0xae595c SetFilePointer
• 0xae5960 GetConsoleCP
• 0xae5964 GetConsoleMode
• 0xae5968 InitializeCriticalSectionAndSpinCount
• 0xae596c SetStdHandle
库: USER32.dll:
• 0xae5974 GetUserObjectInformationW
• 0xae5978 CharUpperBuffW
• 0xae597c MessageBoxW
• 0xae5980 GetProcessWindowStation
库: KERNEL32.dll:
• 0xae5988 LocalAlloc
• 0xae598c LocalFree
• 0xae5990 GetModuleFileNameW
• 0xae5994 GetProcessAffinityMask
• 0xae5998 SetProcessAffinityMask
• 0xae599c SetThreadAffinityMask
• 0xae59a0 Sleep
• 0xae59a4 ExitProcess
• 0xae59a8 FreeLibrary
• 0xae59ac LoadLibraryA
• 0xae59b0 GetModuleHandleA
• 0xae59b4 GetProcAddress
.text
`.rdata
@.data
ezdun0
`ezdun1
`.rsrc
D$,ree
D$ ary
D$(ree
PhD(m
PhH(m
kawh,B
O.K80
"\A~i
Ph\(m
PhT(m
PhX(m
Phd(m
2;8p)
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 9.02 seconds )
- 5.288 Static
- 1.506 VirusTotal
- 1.331 TargetInfo
- 0.32 peid
- 0.308 BehaviorAnalysis
- 0.221 NetworkAnalysis
- 0.018 AnalysisInfo
- 0.015 config_decoder
- 0.011 Strings
- 0.002 Memory
Signatures ( 0.197 seconds )
- 0.026 antiav_detectreg
- 0.014 api_spamming
- 0.011 stealth_timeout
- 0.01 stealth_decoy_document
- 0.01 infostealer_ftp
- 0.01 md_url_bl
- 0.008 kovter_behavior
- 0.007 antiemu_wine_func
- 0.007 anomaly_persistence_autorun
- 0.007 infostealer_browser_password
- 0.007 md_domain_bl
- 0.006 antiav_detectfile
- 0.006 infostealer_im
- 0.005 antianalysis_detectreg
- 0.004 infostealer_bitcoin
- 0.004 infostealer_mail
- 0.004 ransomware_extensions
- 0.004 ransomware_files
- 0.003 antivm_vbox_files
- 0.003 disables_browser_warn
- 0.002 tinba_behavior
- 0.002 antivm_vbox_libs
- 0.002 rat_nanocore
- 0.002 geodo_banking_trojan
- 0.002 bot_drive
- 0.002 browser_security
- 0.002 modify_proxy
- 0.001 bootkit
- 0.001 antiav_avast_libs
- 0.001 mimics_filetime
- 0.001 stealth_file
- 0.001 betabot_behavior
- 0.001 reads_self
- 0.001 antisandbox_sunbelt_libs
- 0.001 kibex_behavior
- 0.001 antivm_generic_scsi
- 0.001 shifu_behavior
- 0.001 exec_crash
- 0.001 antivm_generic_disk
- 0.001 antidbg_windows
- 0.001 cerber_behavior
- 0.001 virus
- 0.001 antivm_generic_diskreg
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 darkcomet_regkeys
- 0.001 maldun_malicious_drop_executable_file_to_temp_folder
- 0.001 md_bad_drop
- 0.001 stealth_modify_uac_prompt
Reporting ( 0.659 seconds )
- 0.659 ReportHTMLSummary
| Task ID | 488334 |
|---|---|
| Mongo ID | 5e22e6e9bb7d575f473aafd9 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号