比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2020-01-18 22:19:54 2020-01-18 22:21:20 86 秒

魔盾分数

4.075

可疑的

文件详细信息

文件名 三合一.exe
文件大小 7615488 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 6ab5bc18ad7fd173924aa9e7e6386078
SHA1 6e92a5c43dae0d1f9dc97f40039fe746ed0a0a1c
SHA256 d359f5d10b27b4dd43a2a257c03fde9bc9831a73f8b11947a022fb200faddaeb
SHA512 3f922c2c028e8126f269bc2988a0150496d48d7a84035c58ac37d6a6dbc311cd7fa0f9752dada9bfde2236a5515abada7c0a2ff3819221f1bd373b7dc4ff0311
CRC32 2724678E
Ssdeep 196608:c25KPPt1TbtEYU/aGfXD0RLecWyCHtB9yR+tAFLOyomFHKnP:c2505B4XQRJS+R3F
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
29.dmiug.com A 221.229.162.40

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0058c13b
声明校验值 0x00000000
实际校验值 0x0074f530
最低操作系统版本要求 5.1
PDB路径 C:\Users\Administrator\Documents\Tencent Files\3105558310\FileRecv\\xe4\xb8\x89\xe5\x90\x88\xe4\xb8\x80\xe6\xba\x90\xe7\xa0\x81\Release\\xe4\xb8\x89\xe5\x90\x88\xe4\xb8\x80.pdb
编译时间 2020-01-18 14:08:24
载入哈希 1b163831ba92f1866da5fa4faeb43406

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x001d3f5f 0x001d4000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.52
.rdata 0x001d5000 0x0005c542 0x0005c600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.00
.data 0x00232000 0x0000f85c 0x00008200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.00
.gfids 0x00242000 0x0001b4a8 0x0001b600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.22
.giats 0x0025e000 0x00000010 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 0.16
.tls 0x0025f000 0x00000009 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.02
.reloc 0x0072b000 0x0002469c 0x00024800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 6.55

导入

库: HID.DLL:
0x5d51cc HidD_GetFeature
0x5d51d0 HidD_SetFeature
0x5d51d8 HidP_GetCaps
0x5d51e0 HidD_GetAttributes
0x5d51e4 HidD_GetHidGuid
库: KERNEL32.dll:
0x5d5200 ReleaseSemaphore
0x5d5204 VirtualFree
0x5d5208 GetThreadTimes
0x5d520c UnregisterWait
0x5d5230 GetThreadPriority
0x5d5234 SwitchToThread
0x5d5238 SignalObjectAndWait
0x5d523c CreateTimerQueue
0x5d5240 WriteConsoleW
0x5d5250 GetCPInfo
0x5d5254 GetOEMCP
0x5d5258 IsValidCodePage
0x5d525c FindNextFileW
0x5d5260 FindFirstFileExW
0x5d5264 SetFilePointerEx
0x5d5268 GetConsoleMode
0x5d526c GetConsoleCP
0x5d5270 QueryDepthSList
0x5d5274 GetStringTypeW
0x5d5278 LCMapStringW
0x5d527c GetACP
0x5d5280 GetStdHandle
0x5d5284 GetFileType
0x5d5288 SetStdHandle
0x5d528c VirtualAlloc
0x5d5290 GetSystemInfo
0x5d529c ExitThread
0x5d52a0 CreateThread
0x5d52a4 GetCommandLineW
0x5d52a8 GetCommandLineA
0x5d52ac GetModuleHandleExW
0x5d52b0 ExitProcess
0x5d52b4 VirtualQuery
0x5d52c0 RtlUnwind
0x5d52cc GetExitCodeThread
0x5d52d0 OutputDebugStringW
0x5d52d4 SizeofResource
0x5d52d8 LockResource
0x5d52dc LoadResource
0x5d52e0 FindResourceW
0x5d52e4 MultiByteToWideChar
0x5d52e8 UnregisterWaitEx
0x5d52f0 GetModuleHandleW
0x5d52fc CreateFileW
0x5d5300 WriteFile
0x5d5304 CloseHandle
0x5d5308 Sleep
0x5d530c SetEvent
0x5d5310 LoadLibraryW
0x5d5314 GetProcAddress
0x5d5318 FreeLibrary
0x5d531c HeapFree
0x5d532c HeapSize
0x5d5330 GetLastError
0x5d5334 HeapReAlloc
0x5d5338 RaiseException
0x5d533c HeapAlloc
0x5d5340 DecodePointer
0x5d5348 GetProcessHeap
0x5d5350 WideCharToMultiByte
0x5d5354 GetTickCount
0x5d5358 CreateFileA
0x5d535c GetCurrentThread
0x5d5360 GetCurrentThreadId
0x5d5364 GetVersionExW
0x5d5368 GetModuleFileNameW
0x5d536c LoadLibraryExW
0x5d5370 GlobalAlloc
0x5d5374 GlobalLock
0x5d5378 GlobalDeleteAtom
0x5d537c lstrcmpA
0x5d5380 lstrcmpW
0x5d5384 OutputDebugStringA
0x5d5388 EncodePointer
0x5d538c SetLastError
0x5d5390 GetSystemDirectoryW
0x5d5394 FreeResource
0x5d5398 GetModuleHandleA
0x5d539c LoadLibraryA
0x5d53a0 GlobalAddAtomW
0x5d53a4 GlobalFindAtomW
0x5d53a8 GlobalFree
0x5d53ac lstrcpyW
0x5d53b8 GlobalUnlock
0x5d53bc GetCurrentProcessId
0x5d53c0 GlobalSize
0x5d53c4 LocalFree
0x5d53c8 MulDiv
0x5d53cc FormatMessageW
0x5d53d0 CopyFileW
0x5d53d4 WaitForSingleObject
0x5d53d8 CreateEventW
0x5d53dc SetThreadPriority
0x5d53e0 ResumeThread
0x5d53e8 GetThreadLocale
0x5d53ec TlsAlloc
0x5d53f0 TlsGetValue
0x5d53f4 TlsSetValue
0x5d53f8 TlsFree
0x5d53fc GlobalReAlloc
0x5d5400 GlobalHandle
0x5d5404 LocalAlloc
0x5d5408 LocalReAlloc
0x5d5410 CompareStringW
0x5d5414 GetLocaleInfoW
0x5d5420 GlobalFlags
0x5d5424 DeleteFileW
0x5d5428 GlobalGetAtomNameW
0x5d542c VirtualProtect
0x5d5430 VerSetConditionMask
0x5d5434 VerifyVersionInfoW
0x5d5438 GetFileAttributesW
0x5d543c GetFileSize
0x5d5440 FindClose
0x5d5444 FindFirstFileW
0x5d5448 FlushFileBuffers
0x5d544c GetFullPathNameW
0x5d5454 LockFile
0x5d5458 ReadFile
0x5d545c SetEndOfFile
0x5d5460 SetFilePointer
0x5d5464 UnlockFile
0x5d5468 DuplicateHandle
0x5d546c GetCurrentProcess
0x5d5470 lstrcmpiW
0x5d5474 SetErrorMode
0x5d5480 GetFileSizeEx
0x5d5484 GetFileTime
0x5d548c FindResourceExW
0x5d5490 GetTempFileNameW
0x5d5494 GetTempPathW
0x5d5498 GetProfileIntW
0x5d549c SearchPathW
0x5d54ac TerminateProcess
0x5d54b4 ResetEvent
0x5d54c4 InitializeSListHead
0x5d54c8 IsDebuggerPresent
0x5d54cc GetStartupInfoW
库: USER32.dll:
0x5d5594 LoadImageW
0x5d5598 DestroyIcon
0x5d559c EmptyClipboard
0x5d55a0 SetClipboardData
0x5d55a4 CloseClipboard
0x5d55a8 OpenClipboard
0x5d55ac MonitorFromPoint
0x5d55b0 SetParent
0x5d55b4 EnumDisplayMonitors
0x5d55bc MessageBeep
0x5d55c0 GetNextDlgGroupItem
0x5d55c4 IntersectRect
0x5d55c8 SetRect
0x5d55cc InvalidateRgn
0x5d55d4 CharNextW
0x5d55d8 GetAsyncKeyState
0x5d55dc GetMenuItemInfoW
0x5d55e0 DestroyMenu
0x5d55e4 KillTimer
0x5d55e8 SetTimer
0x5d55f0 DeleteMenu
0x5d55f8 CopyImage
0x5d55fc LoadCursorW
0x5d5600 WindowFromPoint
0x5d5604 ReleaseCapture
0x5d5608 SetCapture
0x5d560c WaitMessage
0x5d5610 SetRectEmpty
0x5d5614 SendDlgItemMessageA
0x5d5618 IsDialogMessageW
0x5d561c SetWindowTextW
0x5d5620 IsDlgButtonChecked
0x5d5624 CheckRadioButton
0x5d5628 CheckDlgButton
0x5d562c MoveWindow
0x5d5630 ShowWindow
0x5d5634 InvalidateRect
0x5d5638 SetCursor
0x5d563c ShowOwnedPopups
0x5d5640 TranslateMessage
0x5d5644 GetMessageW
0x5d5648 LoadBitmapW
0x5d564c SetMenuItemInfoW
0x5d5654 SetMenuItemBitmaps
0x5d5658 EnableMenuItem
0x5d565c CheckMenuItem
0x5d5660 ClientToScreen
0x5d5664 ReleaseDC
0x5d5668 GetWindowDC
0x5d566c GetKeyboardLayout
0x5d5670 GetKeyboardState
0x5d5674 MapVirtualKeyW
0x5d567c GetKeyNameTextW
0x5d5680 SubtractRect
0x5d5684 IsMenu
0x5d5688 IsChild
0x5d568c GetDC
0x5d5690 TabbedTextOutW
0x5d5694 GrayStringW
0x5d5698 DrawTextExW
0x5d569c DrawTextW
0x5d56a0 RemoveMenu
0x5d56a4 AppendMenuW
0x5d56a8 InsertMenuW
0x5d56ac GetMenuState
0x5d56b0 GetMenuStringW
0x5d56b4 CharUpperBuffW
0x5d56b8 LoadMenuW
0x5d56bc GetDesktopWindow
0x5d56c0 IsWindowEnabled
0x5d56c4 GetActiveWindow
0x5d56c8 GetNextDlgTabItem
0x5d56cc TrackMouseEvent
0x5d56d0 IsZoomed
0x5d56d4 CharUpperW
0x5d56d8 GetSystemMenu
0x5d56dc NotifyWinEvent
0x5d56e0 SetCursorPos
0x5d56e4 UnionRect
0x5d56e8 BringWindowToTop
0x5d56ec CreatePopupMenu
0x5d56f0 LockWindowUpdate
0x5d56f4 EnableScrollBar
0x5d56f8 GetDoubleClickTime
0x5d56fc GetIconInfo
0x5d5700 CopyIcon
0x5d5704 GetMenuDefaultItem
0x5d570c DrawIconEx
0x5d5710 SetMenuDefaultItem
0x5d5714 ModifyMenuW
0x5d571c SetClassLongW
0x5d5720 ToUnicodeEx
0x5d5724 GetUpdateRect
0x5d5728 UpdateLayeredWindow
0x5d572c DestroyWindow
0x5d5730 SetWindowPos
0x5d5734 GetWindowPlacement
0x5d5738 SetWindowPlacement
0x5d573c BeginDeferWindowPos
0x5d5740 DeferWindowPos
0x5d5744 EndDeferWindowPos
0x5d5748 IsWindowVisible
0x5d574c GetDlgItem
0x5d5750 GetDlgCtrlID
0x5d5754 SetFocus
0x5d5758 GetFocus
0x5d575c GetKeyState
0x5d5760 GetCapture
0x5d5764 GetMenu
0x5d5768 SetMenu
0x5d576c GetSubMenu
0x5d5770 GetMenuItemID
0x5d5774 GetMenuItemCount
0x5d5778 TrackPopupMenu
0x5d577c UpdateWindow
0x5d5780 SetActiveWindow
0x5d5784 GetForegroundWindow
0x5d5788 SetForegroundWindow
0x5d578c BeginPaint
0x5d5790 EndPaint
0x5d5794 ValidateRect
0x5d5798 RedrawWindow
0x5d579c ScrollWindow
0x5d57a0 SetScrollPos
0x5d57a4 GetScrollPos
0x5d57a8 SetScrollRange
0x5d57ac IsWindow
0x5d57b0 GetScrollRange
0x5d57b4 ShowScrollBar
0x5d57b8 SetPropW
0x5d57bc GetPropW
0x5d57c0 RemovePropW
0x5d57c4 GetWindowTextW
0x5d57cc GetWindowRect
0x5d57d0 AdjustWindowRectEx
0x5d57d4 MessageBoxW
0x5d57d8 ScreenToClient
0x5d57dc MapWindowPoints
0x5d57e0 GetSysColor
0x5d57e4 CopyRect
0x5d57e8 EqualRect
0x5d57ec PtInRect
0x5d57f0 GetWindowLongW
0x5d57f4 SetWindowLongW
0x5d57f8 GetClassLongW
0x5d57fc GetParent
0x5d5800 GetClassNameW
0x5d5804 GetTopWindow
0x5d5808 GetLastActivePopup
0x5d580c GetWindow
0x5d5810 SetWindowsHookExW
0x5d5814 CallNextHookEx
0x5d5818 SetScrollInfo
0x5d581c GetScrollInfo
0x5d5820 WinHelpW
0x5d5824 MonitorFromWindow
0x5d5828 GetMonitorInfoW
0x5d5830 MapDialogRect
0x5d5834 DrawEdge
0x5d5838 DrawFrameControl
0x5d583c DrawStateW
0x5d5840 SetWindowRgn
0x5d5844 GetSysColorBrush
0x5d5848 DrawFocusRect
0x5d584c FillRect
0x5d5850 InflateRect
0x5d5854 OffsetRect
0x5d5858 IsRectEmpty
0x5d585c FrameRect
0x5d5864 PostThreadMessageW
0x5d5868 IsCharLowerW
0x5d586c LoadAcceleratorsW
0x5d5874 InsertMenuItemW
0x5d5878 UnpackDDElParam
0x5d587c ReuseDDElParam
0x5d5884 EndDialog
0x5d5888 MapVirtualKeyExW
0x5d588c DrawMenuBar
0x5d5890 DefFrameProcW
0x5d5894 DefMDIChildProcW
0x5d589c GetComboBoxInfo
0x5d58a0 HideCaret
0x5d58a4 InvertRect
0x5d58a8 CreateMenu
0x5d58ac DestroyCursor
0x5d58b0 GetWindowRgn
0x5d58b4 GetClassInfoW
0x5d58b8 EnableWindow
0x5d58bc LoadIconW
0x5d58c0 SendMessageW
0x5d58c4 IsIconic
0x5d58c8 GetSystemMetrics
0x5d58cc GetClientRect
0x5d58d0 DrawIcon
0x5d58d4 UnregisterClassW
0x5d58d8 GetCursorPos
0x5d58dc PostMessageW
0x5d58e0 PostQuitMessage
0x5d58e4 UnhookWindowsHookEx
0x5d58ec DispatchMessageW
0x5d58f0 PeekMessageW
0x5d58f4 GetMessagePos
0x5d58f8 GetMessageTime
0x5d58fc DefWindowProcW
0x5d5900 CallWindowProcW
0x5d5904 RegisterClassW
0x5d5908 GetClassInfoExW
0x5d590c CreateWindowExW
库: GDI32.dll:
0x5d5040 CreateRectRgn
0x5d5044 CreateHatchBrush
0x5d5048 CreateEllipticRgn
0x5d504c CombineRgn
0x5d5050 GetObjectW
0x5d5054 SetTextColor
0x5d5058 SetBkColor
0x5d505c ExcludeClipRect
0x5d5060 GetTextFaceW
0x5d5064 SetPixelV
0x5d5068 GetWindowOrgEx
0x5d506c GetViewportOrgEx
0x5d5070 PtInRegion
0x5d5074 GetBoundsRect
0x5d5078 FrameRgn
0x5d507c FillRgn
0x5d5080 SetPaletteEntries
0x5d5084 ExtFloodFill
0x5d5088 LPtoDP
0x5d5094 EnumFontFamiliesExW
0x5d5098 GetPaletteEntries
0x5d509c CreatePalette
0x5d50a0 RoundRect
0x5d50a4 OffsetRgn
0x5d50a8 Rectangle
0x5d50ac CreateRoundRectRgn
0x5d50b0 SetDIBColorTable
0x5d50b4 CreateDIBSection
0x5d50b8 StretchBlt
0x5d50bc SetPixel
0x5d50c0 RealizePalette
0x5d50c4 GetTextCharsetInfo
0x5d50c8 EnumFontFamiliesW
0x5d50cc CreateDIBitmap
0x5d50d4 DPtoLP
0x5d50d8 SetRectRgn
0x5d50dc GetMapMode
0x5d50e0 GetRgnBox
0x5d50e4 CreateFontIndirectW
0x5d50e8 ScaleWindowExtEx
0x5d50ec ScaleViewportExtEx
0x5d50f0 OffsetWindowOrgEx
0x5d50f4 OffsetViewportOrgEx
0x5d50f8 SetWindowOrgEx
0x5d50fc SetWindowExtEx
0x5d5100 SetViewportOrgEx
0x5d5104 SetViewportExtEx
0x5d5108 TextOutW
0x5d510c MoveToEx
0x5d5110 SetTextAlign
0x5d5114 SetROP2
0x5d5118 SetPolyFillMode
0x5d511c GetLayout
0x5d5120 SetLayout
0x5d5124 SetMapMode
0x5d5128 SetBkMode
0x5d512c SelectPalette
0x5d5130 SelectObject
0x5d5134 ExtSelectClipRgn
0x5d5138 SelectClipRgn
0x5d513c SaveDC
0x5d5140 RestoreDC
0x5d5144 RectVisible
0x5d5148 PtVisible
0x5d514c LineTo
0x5d5150 IntersectClipRect
0x5d5154 GetWindowExtEx
0x5d5158 GetViewportExtEx
0x5d515c GetStockObject
0x5d5160 GetPixel
0x5d5164 GetObjectType
0x5d5168 GetClipBox
0x5d5170 Escape
0x5d5174 DeleteObject
0x5d5178 CreatePatternBrush
0x5d517c CreatePen
0x5d5180 CreateCompatibleDC
0x5d5184 CreateBitmap
0x5d5188 BitBlt
0x5d518c GetDeviceCaps
0x5d5190 CreateDCW
0x5d5194 CopyMetaFileW
0x5d5198 GetTextMetricsW
0x5d519c Polyline
0x5d51a0 Polygon
0x5d51a4 CreatePolygonRgn
0x5d51a8 ExtTextOutW
0x5d51ac PatBlt
0x5d51b4 GetTextColor
0x5d51b8 GetBkColor
0x5d51bc Ellipse
0x5d51c0 CreateSolidBrush
0x5d51c4 DeleteDC
库: MSIMG32.dll:
0x5d54d4 AlphaBlend
0x5d54d8 TransparentBlt
库: WINSPOOL.DRV:
0x5d5954 OpenPrinterW
0x5d5958 ClosePrinter
0x5d595c DocumentPropertiesW
库: ADVAPI32.dll:
0x5d5000 RegEnumKeyExW
0x5d5004 RegQueryValueExA
0x5d5008 RegOpenKeyExA
0x5d500c RegOpenKeyExW
0x5d5010 RegQueryValueExW
0x5d5014 RegCreateKeyExW
0x5d5018 RegDeleteKeyW
0x5d501c RegDeleteValueW
0x5d5020 RegSetValueExW
0x5d5024 RegCloseKey
0x5d5028 RegEnumValueW
0x5d502c RegQueryValueW
0x5d5030 RegEnumKeyW
库: SHELL32.dll:
0x5d5554 SHBrowseForFolderW
0x5d5558 SHGetDesktopFolder
0x5d555c SHAppBarMessage
0x5d5560 SHGetMalloc
0x5d5564 ShellExecuteW
0x5d5568 DragFinish
0x5d556c DragQueryFileW
0x5d5570 SHGetFileInfoW
库: COMCTL32.dll:
库: SHLWAPI.dll:
0x5d5578 PathIsUNCW
0x5d557c StrFormatKBSizeW
0x5d5580 PathRemoveFileSpecW
0x5d5584 PathFindExtensionW
0x5d5588 PathFindFileNameW
0x5d558c PathStripToRootW
库: UxTheme.dll:
0x5d5918 DrawThemeText
0x5d591c GetThemePartSize
0x5d5920 GetThemeSysColor
0x5d5924 OpenThemeData
0x5d5928 CloseThemeData
0x5d592c DrawThemeBackground
0x5d5930 GetThemeColor
0x5d5934 GetCurrentThemeName
0x5d5938 IsAppThemed
0x5d593c GetWindowTheme
库: ole32.dll:
0x5d59c0 IsAccelerator
0x5d59d4 CoInitializeEx
0x5d59d8 OleLockRunning
0x5d59dc RegisterDragDrop
0x5d59e4 OleGetClipboard
0x5d59e8 DoDragDrop
0x5d59f0 OleFlushClipboard
0x5d59f4 OleUninitialize
0x5d59f8 OleInitialize
0x5d5a10 CoGetClassObject
0x5d5a14 ReleaseStgMedium
0x5d5a18 OleDuplicateData
0x5d5a1c CoTaskMemFree
0x5d5a20 CoTaskMemAlloc
0x5d5a24 CLSIDFromString
0x5d5a28 CoCreateGuid
0x5d5a2c CoUninitialize
0x5d5a30 CoCreateInstance
0x5d5a34 CLSIDFromProgID
0x5d5a38 CoInitialize
0x5d5a3c RevokeDragDrop
0x5d5a40 CoRevokeClassObject
0x5d5a44 CoDisconnectObject
库: OLEAUT32.dll:
0x5d54f0 VariantCopy
0x5d54f4 SafeArrayDestroy
0x5d5500 SysStringLen
0x5d5504 VariantChangeType
0x5d5508 SysAllocStringLen
0x5d550c VariantInit
0x5d5510 VariantClear
0x5d5514 SysAllocString
0x5d5518 SysFreeString
0x5d551c VarBstrFromDate
0x5d5520 LoadTypeLib
库: oledlg.dll:
0x5d5a4c OleUIBusyW
库: gdiplus.dll:
0x5d5968 GdipBitmapLockBits
0x5d5970 GdipDeleteGraphics
0x5d5974 GdipDrawImageI
0x5d597c GdipCreateFromHDC
0x5d5984 GdipDrawImageRectI
0x5d5988 GdipAlloc
0x5d598c GdipFree
0x5d5990 GdiplusStartup
0x5d5994 GdipCloneImage
0x5d5998 GdipDisposeImage
0x5d59a0 GdipGetImageWidth
0x5d59a4 GdipGetImageHeight
0x5d59ac GdipGetImagePalette
0x5d59b8 GdiplusShutdown
库: SETUPAPI.dll:
库: OLEACC.dll:
0x5d54e4 LresultFromObject
库: IMM32.dll:
0x5d51ec ImmGetContext
0x5d51f0 ImmGetOpenStatus
0x5d51f4 ImmReleaseContext
库: WINMM.dll:
0x5d594c PlaySoundW
.text
`.rdata
@.data
.gfids
@.giats
@.tls
.rsrc
@.reloc
Rj(hL c
Rj4h\ c
Ph$!c
PhL!c
4h8"c
dm.dll
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
Qh8B`
没有防病毒引擎扫描信息!

进程树

_________.exe, PID: 2656, 上一级进程 PID: 2332
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49161 221.229.162.40 29.dmiug.com 8088

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 64912 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
29.dmiug.com A 221.229.162.40

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49161 221.229.162.40 29.dmiug.com 8088

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 64912 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://29.dmiug.com:8088/get_reg.asp?code=dRNKBBgGDBP4BBBBa/oQIW3nBnvJCJQcJxioDeW7cGoQyK1URInOvYpa0rNg8PDS%%2b6E7OghAoJtpViUBz8XISRsX8g0hffKIK080CXrNsS/LNY0CPPRddxBa1CngqiL8Z3Ih4e6toYSInYp/1v8WPZotboSjfcZPGwmDvx3pyNYQk%%2b0XcdtPlf/IkmtF/nYB8%%2buHkMAhgf7Jzel/n5xR5S6m7EfyyT7f%%2bTsv%%2bVmU/k70Tv37W7yCxy9Y1l4D7t6u6surWw==--22329 
GET /get_reg.asp?code=dRNKBBgGDBP4BBBBa/oQIW3nBnvJCJQcJxioDeW7cGoQyK1URInOvYpa0rNg8PDS%%2b6E7OghAoJtpViUBz8XISRsX8g0hffKIK080CXrNsS/LNY0CPPRddxBa1CngqiL8Z3Ih4e6toYSInYp/1v8WPZotboSjfcZPGwmDvx3pyNYQk%%2b0XcdtPlf/IkmtF/nYB8%%2buHkMAhgf7Jzel/n5xR5S6m7EfyyT7f%%2bTsv%%2bVmU/k70Tv37W7yCxy9Y1l4D7t6u6surWw==--22329 HTTP/1.0
Host: 29.dmiug.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 53.187 seconds )

  • 30.096 Static
  • 15.576 Suricata
  • 2.456 VirusTotal
  • 2.159 TargetInfo
  • 1.428 NetworkAnalysis
  • 0.655 BehaviorAnalysis
  • 0.643 peid
  • 0.132 AnalysisInfo
  • 0.024 config_decoder
  • 0.015 Strings
  • 0.003 Memory

Signatures ( 2.318 seconds )

  • 1.901 md_url_bl
  • 0.045 antiav_detectreg
  • 0.033 api_spamming
  • 0.027 stealth_timeout
  • 0.023 stealth_decoy_document
  • 0.02 md_domain_bl
  • 0.019 infostealer_ftp
  • 0.016 kovter_behavior
  • 0.015 antiemu_wine_func
  • 0.014 infostealer_browser_password
  • 0.012 antiav_detectfile
  • 0.011 infostealer_im
  • 0.009 hawkeye_behavior
  • 0.009 anomaly_persistence_autorun
  • 0.009 antianalysis_detectreg
  • 0.008 infostealer_bitcoin
  • 0.007 geodo_banking_trojan
  • 0.007 infostealer_mail
  • 0.006 mimics_filetime
  • 0.006 reads_self
  • 0.006 network_http
  • 0.006 ransomware_files
  • 0.005 stealth_file
  • 0.005 antivm_vbox_files
  • 0.005 ransomware_extensions
  • 0.004 bootkit
  • 0.004 antivm_generic_disk
  • 0.004 virus
  • 0.004 disables_browser_warn
  • 0.003 tinba_behavior
  • 0.003 betabot_behavior
  • 0.003 hancitor_behavior
  • 0.003 browser_security
  • 0.003 network_torgateway
  • 0.002 antivm_vbox_libs
  • 0.002 rat_nanocore
  • 0.002 injection_createremotethread
  • 0.002 antivm_generic_services
  • 0.002 kibex_behavior
  • 0.002 antivm_generic_scsi
  • 0.002 cerber_behavior
  • 0.002 antivm_parallels_keys
  • 0.002 antivm_xen_keys
  • 0.002 modify_proxy
  • 0.002 darkcomet_regkeys
  • 0.002 md_bad_drop
  • 0.002 network_cnc_http
  • 0.001 network_tor
  • 0.001 antiav_avast_libs
  • 0.001 infostealer_browser
  • 0.001 dridex_behavior
  • 0.001 maldun_anomaly_massive_file_ops
  • 0.001 ursnif_behavior
  • 0.001 kazybot_behavior
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 antisandbox_sboxie_libs
  • 0.001 antiav_bitdefender_libs
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 anormaly_invoke_kills
  • 0.001 injection_runpe
  • 0.001 bypass_firewall
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antisandbox_productid
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_vmware_files
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 codelux_behavior
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 maldun_network_blacklist
  • 0.001 office_security
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_fingerprint
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt
  • 0.001 stealth_modify_security_center_warnings

Reporting ( 1.167 seconds )

  • 0.878 ReportHTMLSummary
  • 0.289 Malheur
Task ID 488350
Mongo ID 5e2314aa2f8f2e4bf0637005
Cuckoo release 1.4-Maldun