比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2020-01-23 21:37:58 2020-01-23 21:40:22 144 秒

魔盾分数

3.5

可疑的

文件详细信息

文件名 逐鹿人泰服pubg透视自瞄.exe
文件大小 2142208 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 9635861b9448370db7647a90c64dfd6b
SHA1 7b81229bc092bf4b41ef57556f31cef42adae0ba
SHA256 7dab7b09a7c24b52416c4070684ae2fbd3c8d342bd3d8d3da0948b762ebafdd4
SHA512 e5809800647604b3f3dcbaaf8d766408a8b7cbe4802ca53f82bf9167eafc25d138c7c71e7a04b32dc439f9aab3d07973fe0df30ac8d3ae6edf91763290bc176c
CRC32 26EC0135
Ssdeep 24576:g5D9LZZI7Cl6PzwShJbWxXnEGGeRink5J/LvW/4qT86MfzzLp2NJWEUWALbttmK:gTIVPzfJqxXn1Gen5Nvq8TfX+uWALbt
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00485865
声明校验值 0x00000000
实际校验值 0x00214288
最低操作系统版本要求 4.0
编译时间 2020-01-23 19:44:54
载入哈希 680d0134e3101253abd85b868e6910dd

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000a426a 0x000a5000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.59
.rdata 0x000a6000 0x00134122 0x00135000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.91
.data 0x001db000 0x00047308 0x0001a000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.88
.rsrc 0x00223000 0x00015490 0x00016000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.10

导入

库: KERNEL32.dll:
0x4a6198 SetLastError
0x4a61a4 LocalFree
0x4a61ac SuspendThread
0x4a61b0 TerminateThread
0x4a61b4 ReleaseMutex
0x4a61b8 CreateMutexA
0x4a61bc WideCharToMultiByte
0x4a61c0 MultiByteToWideChar
0x4a61c4 GetCurrentProcess
0x4a61cc GetSystemDirectoryA
0x4a61d0 CreateSemaphoreA
0x4a61d4 ResumeThread
0x4a61d8 ReleaseSemaphore
0x4a61e0 SetStdHandle
0x4a61e4 IsBadCodePtr
0x4a61e8 IsBadReadPtr
0x4a61ec CompareStringW
0x4a61f0 CompareStringA
0x4a61f8 GetStringTypeW
0x4a61fc GetStringTypeA
0x4a6200 IsBadWritePtr
0x4a6204 VirtualAlloc
0x4a6208 LCMapStringW
0x4a620c LCMapStringA
0x4a6214 VirtualFree
0x4a6218 HeapCreate
0x4a621c HeapDestroy
0x4a6224 GetFileType
0x4a6228 GetStdHandle
0x4a622c SetHandleCount
0x4a6244 GetACP
0x4a6248 HeapSize
0x4a624c TerminateProcess
0x4a6250 RaiseException
0x4a6254 GetLocalTime
0x4a6258 GetSystemTime
0x4a6264 GetProfileStringA
0x4a6268 WriteFile
0x4a6270 CreateFileA
0x4a6274 SetEvent
0x4a6278 FindResourceA
0x4a627c LoadResource
0x4a6280 LockResource
0x4a6284 ReadFile
0x4a6288 GetModuleFileNameA
0x4a628c GetCurrentThreadId
0x4a6290 ExitProcess
0x4a6294 GlobalSize
0x4a6298 GlobalFree
0x4a62a4 lstrcatA
0x4a62a8 lstrlenA
0x4a62ac WinExec
0x4a62b0 lstrcpyA
0x4a62b4 FindNextFileA
0x4a62b8 GlobalReAlloc
0x4a62bc HeapFree
0x4a62c0 HeapReAlloc
0x4a62c4 GetProcessHeap
0x4a62c8 HeapAlloc
0x4a62cc GetFullPathNameA
0x4a62d0 FreeLibrary
0x4a62d4 LoadLibraryA
0x4a62d8 GetLastError
0x4a62dc GetVersionExA
0x4a62e4 CreateThread
0x4a62e8 CreateEventA
0x4a62ec Sleep
0x4a62f0 GlobalAlloc
0x4a62f4 GlobalLock
0x4a62f8 GlobalUnlock
0x4a62fc GetTempPathA
0x4a6300 FindFirstFileA
0x4a6304 FindClose
0x4a6308 GetFileAttributesA
0x4a630c RtlUnwind
0x4a6310 GetStartupInfoA
0x4a6314 GetOEMCP
0x4a6318 GetCPInfo
0x4a631c GetProcessVersion
0x4a6320 SetErrorMode
0x4a6324 GlobalFlags
0x4a6328 GetCurrentThread
0x4a632c GetFileTime
0x4a6330 GetFileSize
0x4a6334 TlsGetValue
0x4a6338 LocalReAlloc
0x4a633c TlsSetValue
0x4a6340 TlsFree
0x4a6344 GlobalHandle
0x4a6348 TlsAlloc
0x4a634c LocalAlloc
0x4a6350 lstrcmpA
0x4a6354 GetVersion
0x4a6358 GlobalGetAtomNameA
0x4a635c GlobalAddAtomA
0x4a6360 GlobalFindAtomA
0x4a6364 GlobalDeleteAtom
0x4a6368 lstrcmpiA
0x4a636c DeleteFileA
0x4a6378 GetModuleHandleA
0x4a637c GetProcAddress
0x4a6380 MulDiv
0x4a6384 GetCommandLineA
0x4a6388 GetTickCount
0x4a638c WaitForSingleObject
0x4a6390 CloseHandle
0x4a6394 lstrcpynA
0x4a6398 DuplicateHandle
0x4a639c SetFilePointer
0x4a63a0 FlushFileBuffers
0x4a63a4 LockFile
0x4a63a8 UnlockFile
0x4a63ac SetEndOfFile
库: USER32.dll:
0x4a63e4 wsprintfA
0x4a63e8 CloseClipboard
0x4a63ec GetClipboardData
0x4a63f0 OpenClipboard
0x4a63f4 SetClipboardData
0x4a63f8 EmptyClipboard
0x4a63fc GetSystemMetrics
0x4a6400 GetCursorPos
0x4a6404 MessageBoxA
0x4a6408 SetWindowPos
0x4a640c SendMessageA
0x4a6410 DestroyCursor
0x4a6414 SetParent
0x4a6418 IsWindow
0x4a641c PostMessageA
0x4a6420 GetTopWindow
0x4a6424 GetParent
0x4a6428 GetFocus
0x4a642c GetClientRect
0x4a6430 InvalidateRect
0x4a6434 ValidateRect
0x4a6438 UpdateWindow
0x4a643c EqualRect
0x4a6440 GetWindowRect
0x4a6444 SetForegroundWindow
0x4a6448 DestroyMenu
0x4a644c IsChild
0x4a6450 ReleaseDC
0x4a6454 IsRectEmpty
0x4a6458 FillRect
0x4a645c GetDC
0x4a6460 SetCursor
0x4a6464 LoadCursorA
0x4a6468 SetCursorPos
0x4a646c SetActiveWindow
0x4a6470 GetSysColor
0x4a6474 SetWindowLongA
0x4a6478 GetWindowLongA
0x4a647c RedrawWindow
0x4a6480 EnableWindow
0x4a6484 IsWindowVisible
0x4a6488 OffsetRect
0x4a648c PtInRect
0x4a6490 DestroyIcon
0x4a6494 IntersectRect
0x4a6498 InflateRect
0x4a649c SetRect
0x4a64a0 SetScrollPos
0x4a64a4 SetScrollRange
0x4a64a8 GetScrollRange
0x4a64ac SetCapture
0x4a64b0 GetCapture
0x4a64b4 ReleaseCapture
0x4a64b8 SetTimer
0x4a64bc KillTimer
0x4a64c0 WinHelpA
0x4a64c4 LoadBitmapA
0x4a64c8 GetForegroundWindow
0x4a64cc UnregisterHotKey
0x4a64d0 RegisterHotKey
0x4a64d4 CreateWindowExA
0x4a64d8 CallWindowProcA
0x4a64dc LoadIconA
0x4a64e0 TranslateMessage
0x4a64e4 DrawFrameControl
0x4a64e8 DrawEdge
0x4a64ec DrawFocusRect
0x4a64f0 WindowFromPoint
0x4a64f4 GetMessageA
0x4a64f8 DispatchMessageA
0x4a64fc SetRectEmpty
0x4a650c DrawIconEx
0x4a6510 CreatePopupMenu
0x4a6514 AppendMenuA
0x4a6518 ModifyMenuA
0x4a651c CreateMenu
0x4a6524 GetDlgCtrlID
0x4a6528 GetSubMenu
0x4a652c EnableMenuItem
0x4a6530 ClientToScreen
0x4a6538 LoadImageA
0x4a6540 ShowWindow
0x4a6544 IsWindowEnabled
0x4a654c GetKeyState
0x4a6554 PostQuitMessage
0x4a6558 IsZoomed
0x4a655c GetClassInfoA
0x4a6560 DefWindowProcA
0x4a6564 GetSystemMenu
0x4a6568 DeleteMenu
0x4a656c GetMenu
0x4a6570 SetMenu
0x4a6574 PeekMessageA
0x4a6578 GetWindowTextA
0x4a6580 CharUpperA
0x4a6584 GetWindowDC
0x4a6588 BeginPaint
0x4a658c EndPaint
0x4a6590 TabbedTextOutA
0x4a6594 DrawTextA
0x4a6598 GrayStringA
0x4a659c GetDlgItem
0x4a65a0 DestroyWindow
0x4a65a8 EndDialog
0x4a65ac GetNextDlgTabItem
0x4a65b0 GetWindowPlacement
0x4a65b8 GetLastActivePopup
0x4a65bc GetMessageTime
0x4a65c0 RemovePropA
0x4a65c4 GetPropA
0x4a65c8 UnhookWindowsHookEx
0x4a65cc SetPropA
0x4a65d0 GetClassLongA
0x4a65d4 CallNextHookEx
0x4a65d8 SetWindowsHookExA
0x4a65dc UnregisterClassA
0x4a65e0 GetMenuItemID
0x4a65e4 GetMenuItemCount
0x4a65e8 RegisterClassA
0x4a65ec GetScrollPos
0x4a65f0 AdjustWindowRectEx
0x4a65f4 MapWindowPoints
0x4a65f8 SendDlgItemMessageA
0x4a65fc ScrollWindowEx
0x4a6600 IsDialogMessageA
0x4a6604 SetWindowTextA
0x4a6608 MoveWindow
0x4a660c CheckMenuItem
0x4a6610 SetMenuItemBitmaps
0x4a6614 GetMenuState
0x4a661c GetClassNameA
0x4a6620 GetDesktopWindow
0x4a6624 LoadStringA
0x4a6628 GetSysColorBrush
0x4a662c IsIconic
0x4a6630 SetFocus
0x4a6634 GetActiveWindow
0x4a6638 GetWindow
0x4a6640 SetWindowRgn
0x4a6644 GetMessagePos
0x4a6648 ScreenToClient
0x4a6650 CopyRect
库: GDI32.dll:
0x4a6044 SelectPalette
0x4a6048 RealizePalette
0x4a604c GetDIBits
0x4a6050 GetWindowExtEx
0x4a6054 GetViewportOrgEx
0x4a6058 GetWindowOrgEx
0x4a605c BeginPath
0x4a6060 EndPath
0x4a6064 PathToRegion
0x4a6068 CreateEllipticRgn
0x4a606c CreateRoundRectRgn
0x4a6070 GetTextColor
0x4a6074 GetBkMode
0x4a6078 GetBkColor
0x4a607c GetROP2
0x4a6080 GetStretchBltMode
0x4a6084 GetPolyFillMode
0x4a608c CreateDCA
0x4a6090 CreateBitmap
0x4a6094 SelectObject
0x4a6098 GetObjectA
0x4a609c CreatePen
0x4a60a0 PatBlt
0x4a60a4 CombineRgn
0x4a60a8 CreateRectRgn
0x4a60ac StretchBlt
0x4a60b0 CreateSolidBrush
0x4a60b4 GetStockObject
0x4a60b8 CreateFontIndirectA
0x4a60bc EndPage
0x4a60c0 EndDoc
0x4a60c4 DeleteDC
0x4a60c8 StartDocA
0x4a60cc StartPage
0x4a60d0 BitBlt
0x4a60d4 CreateCompatibleDC
0x4a60d8 Ellipse
0x4a60dc Rectangle
0x4a60e0 LPtoDP
0x4a60e4 DPtoLP
0x4a60e8 GetCurrentObject
0x4a60ec RoundRect
0x4a60f4 GetDeviceCaps
0x4a60f8 SaveDC
0x4a60fc RestoreDC
0x4a6100 SetBkMode
0x4a6104 SetPolyFillMode
0x4a6108 SetROP2
0x4a610c SetTextColor
0x4a6110 SetMapMode
0x4a6114 SetViewportOrgEx
0x4a6118 OffsetViewportOrgEx
0x4a611c SetViewportExtEx
0x4a6120 ScaleViewportExtEx
0x4a6124 SetWindowOrgEx
0x4a6128 SetWindowExtEx
0x4a612c ScaleWindowExtEx
0x4a6130 GetClipBox
0x4a6134 ExcludeClipRect
0x4a6138 MoveToEx
0x4a613c LineTo
0x4a6140 CreatePalette
0x4a6148 CreateDIBitmap
0x4a614c DeleteObject
0x4a6150 SelectClipRgn
0x4a6154 CreatePolygonRgn
0x4a6158 GetClipRgn
0x4a615c SetStretchBltMode
0x4a6164 SetBkColor
0x4a6168 CreateFontA
0x4a6170 FillRgn
0x4a6174 GetTextMetricsA
0x4a6178 Escape
0x4a617c ExtTextOutA
0x4a6180 TextOutA
0x4a6184 RectVisible
0x4a6188 PtVisible
0x4a618c GetViewportExtEx
0x4a6190 ExtSelectClipRgn
库: WINMM.dll:
0x4a6658 midiStreamRestart
0x4a665c midiStreamClose
0x4a6660 midiOutReset
0x4a6664 midiStreamStop
0x4a6668 midiStreamOut
0x4a6670 midiStreamProperty
0x4a6674 midiStreamOpen
0x4a667c waveOutOpen
0x4a6680 waveOutGetNumDevs
0x4a6684 waveOutClose
0x4a6688 waveOutReset
0x4a668c waveOutPause
0x4a6690 waveOutWrite
0x4a669c waveOutRestart
库: WINSPOOL.DRV:
0x4a66a4 ClosePrinter
0x4a66a8 DocumentPropertiesA
0x4a66ac OpenPrinterA
库: ADVAPI32.dll:
0x4a6000 RegCloseKey
0x4a6004 RegOpenKeyExA
0x4a6008 RegQueryValueA
0x4a600c RegSetValueExA
0x4a6010 RegCreateKeyExA
库: SHELL32.dll:
0x4a63c8 ShellExecuteA
0x4a63cc Shell_NotifyIconA
0x4a63d0 DragAcceptFiles
0x4a63d4 DragFinish
0x4a63d8 DragQueryFileA
库: ole32.dll:
0x4a66f4 OleInitialize
0x4a66f8 OleUninitialize
0x4a66fc CLSIDFromString
库: OLEAUT32.dll:
0x4a63b8 UnRegisterTypeLib
0x4a63bc RegisterTypeLib
0x4a63c0 LoadTypeLib
库: COMCTL32.dll:
0x4a6018 ImageList_Create
0x4a601c ImageList_BeginDrag
0x4a6020 ImageList_Destroy
0x4a6024 ImageList_DragEnter
0x4a6028 ImageList_DragLeave
0x4a602c ImageList_DragMove
0x4a6034 ImageList_EndDrag
0x4a6038 None
0x4a603c ImageList_Add
库: WS2_32.dll:
0x4a66b4 closesocket
0x4a66b8 WSAAsyncSelect
0x4a66bc recvfrom
0x4a66c0 ioctlsocket
0x4a66c4 recv
0x4a66c8 getpeername
0x4a66cc inet_ntoa
0x4a66d0 accept
0x4a66d4 ntohl
0x4a66d8 WSACleanup
库: comdlg32.dll:
0x4a66e0 GetFileTitleA
0x4a66e4 GetOpenFileNameA
0x4a66e8 ChooseColorA
0x4a66ec GetSaveFileNameA
.text
`.rdata
@.data
.rsrc
PhLB_
RPhLB_
RPhLB_
RPhLB_
RPhLB_
RPhLB_
RPhLB_
RPhLB_
RPhLB_
RPhLB_
RPhLB_
RPhLB_
RPhLB_
RPhLB_
8`}<j
T$th
|$`Vj
D$@Sj
L$8h
D$8Rj
l$<VWj
没有防病毒引擎扫描信息!

进程树

_______________pubg____________.exe, PID: 2716, 上一级进程 PID: 2336
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 26.123 seconds )

  • 15.502 Suricata
  • 7.386 Static
  • 1.395 VirusTotal
  • 0.834 TargetInfo
  • 0.432 peid
  • 0.354 NetworkAnalysis
  • 0.139 BehaviorAnalysis
  • 0.057 AnalysisInfo
  • 0.015 Strings
  • 0.006 config_decoder
  • 0.003 Memory

Signatures ( 0.197 seconds )

  • 0.028 antiav_detectreg
  • 0.019 md_url_bl
  • 0.017 md_domain_bl
  • 0.012 infostealer_ftp
  • 0.008 antiav_detectfile
  • 0.007 anomaly_persistence_autorun
  • 0.007 infostealer_im
  • 0.007 ransomware_files
  • 0.006 api_spamming
  • 0.006 antianalysis_detectreg
  • 0.006 ransomware_extensions
  • 0.005 stealth_timeout
  • 0.005 infostealer_bitcoin
  • 0.004 stealth_decoy_document
  • 0.004 infostealer_mail
  • 0.003 tinba_behavior
  • 0.003 antivm_vbox_files
  • 0.003 geodo_banking_trojan
  • 0.003 disables_browser_warn
  • 0.002 antiemu_wine_func
  • 0.002 rat_nanocore
  • 0.002 betabot_behavior
  • 0.002 infostealer_browser_password
  • 0.002 cerber_behavior
  • 0.002 kovter_behavior
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.001 network_tor
  • 0.001 ursnif_behavior
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 shifu_behavior
  • 0.001 antidbg_windows
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 darkcomet_regkeys
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 office_security
  • 0.001 ransomware_radamant
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_fingerprint
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt

Reporting ( 1.193 seconds )

  • 0.893 ReportHTMLSummary
  • 0.3 Malheur
Task ID 490340
Mongo ID 5e29a2672f8f2e089ad6af56
Cuckoo release 1.4-Maldun