比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-2 2020-02-09 21:44:10 2020-02-09 21:46:34 144 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 emlog采集者1.2.exe
文件大小 1294336 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 ed9c345057d4da64d1a82ba5770fe5fb
SHA1 54242829b8e93a822aab22ca0f60e58793ce5107
SHA256 01eea87203c9310ed83c335daa96174f064f6a9865ae7b3ba1c18764b8872f40
SHA512 c38bc0018a239883ab1dc2c06eec0f84cf4afac651cdbd6c0dd2341c2ed6c8c1d53b2e32b0139df610b0996c83a275c89faef243174c422f0219453c35ebe331
CRC32 E493D2E4
Ssdeep 24576:zRpR5dJ08g0rw+AJ4Lv8Ex9IHsEGjnIOZ/ybtb:zRpLdJ08XvmHsThZ/yR
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.l566.cn A 122.114.176.18
CNAME 627909.vhost222.cnameaddress.top
mubu.com A 101.226.28.227
A 101.226.28.226
A 101.226.28.230
CNAME mubu.com.w.kunluncan.com
A 101.226.28.229
A 101.226.28.231
A 101.226.28.228
A 101.226.28.232
A 101.226.28.233

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004b9068
声明校验值 0x00000000
实际校验值 0x0013f864
最低操作系统版本要求 4.0
编译时间 2020-02-09 21:37:39
载入哈希 4bec8137f385ff0173e045e690ee3c75

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000df4db 0x000e0000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.54
.rdata 0x000e1000 0x0003c0b8 0x0003d000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.25
.data 0x0011e000 0x00056e68 0x00018000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.16
.rsrc 0x00175000 0x00005b04 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.23

导入

库: RASAPI32.dll:
0x4e141c RasHangUpA
库: KERNEL32.dll:
0x4e1188 MulDiv
0x4e118c GetProcAddress
0x4e1190 GetModuleHandleA
0x4e119c CreateDirectoryA
0x4e11a0 GetFileAttributesA
0x4e11a4 FindClose
0x4e11a8 FindFirstFileA
0x4e11ac GlobalUnlock
0x4e11b0 GlobalLock
0x4e11b4 UnlockFile
0x4e11b8 GetCommandLineA
0x4e11bc LockFile
0x4e11c0 FlushFileBuffers
0x4e11c4 SetFilePointer
0x4e11c8 GetCurrentProcess
0x4e11cc DuplicateHandle
0x4e11d0 lstrcpynA
0x4e11d4 SuspendThread
0x4e11d8 ReleaseMutex
0x4e11dc CreateMutexA
0x4e11e0 TerminateThread
0x4e11e4 SetLastError
0x4e11e8 IsBadCodePtr
0x4e11ec IsBadReadPtr
0x4e11f0 CompareStringW
0x4e11f4 CompareStringA
0x4e11fc GetStringTypeW
0x4e1200 GetStringTypeA
0x4e1204 IsBadWritePtr
0x4e1208 VirtualAlloc
0x4e120c LCMapStringW
0x4e1210 LCMapStringA
0x4e1218 VirtualFree
0x4e121c HeapCreate
0x4e1220 HeapDestroy
0x4e1228 GetStdHandle
0x4e122c SetHandleCount
0x4e1244 GetFileType
0x4e1248 SetStdHandle
0x4e124c GetACP
0x4e1250 HeapSize
0x4e1254 TerminateProcess
0x4e1260 CreateSemaphoreA
0x4e1264 ResumeThread
0x4e1268 ReleaseSemaphore
0x4e1274 GetProfileStringA
0x4e1278 WriteFile
0x4e1280 CreateFileA
0x4e1284 SetEvent
0x4e1288 FindResourceA
0x4e128c LoadResource
0x4e1290 LockResource
0x4e1294 ReadFile
0x4e1298 lstrlenW
0x4e129c GetModuleFileNameA
0x4e12a0 GetCurrentThreadId
0x4e12a4 ExitProcess
0x4e12a8 GlobalSize
0x4e12ac GlobalFree
0x4e12b8 lstrcatA
0x4e12bc lstrlenA
0x4e12c0 WinExec
0x4e12c4 lstrcpyA
0x4e12c8 FindNextFileA
0x4e12cc GlobalReAlloc
0x4e12d0 HeapFree
0x4e12d4 HeapReAlloc
0x4e12d8 GetProcessHeap
0x4e12dc HeapAlloc
0x4e12e0 GetUserDefaultLCID
0x4e12e4 GetFullPathNameA
0x4e12e8 FreeLibrary
0x4e12ec LoadLibraryA
0x4e12f0 GetLastError
0x4e12f4 GetVersionExA
0x4e1300 CreateThread
0x4e1304 CreateEventA
0x4e1308 Sleep
0x4e130c RaiseException
0x4e1310 GetLocalTime
0x4e1314 GetSystemTime
0x4e1318 RtlUnwind
0x4e131c GetStartupInfoA
0x4e1320 GetOEMCP
0x4e1324 GetCPInfo
0x4e1328 GetProcessVersion
0x4e132c SetErrorMode
0x4e1330 GlobalFlags
0x4e1334 GetCurrentThread
0x4e1338 GetFileTime
0x4e133c GetFileSize
0x4e1340 TlsGetValue
0x4e1344 LocalReAlloc
0x4e1348 TlsSetValue
0x4e134c TlsFree
0x4e1350 GlobalHandle
0x4e1354 TlsAlloc
0x4e1358 LocalAlloc
0x4e135c lstrcmpA
0x4e1360 GetTickCount
0x4e1364 WaitForSingleObject
0x4e1368 CloseHandle
0x4e1370 FormatMessageA
0x4e1374 LocalFree
0x4e1378 MultiByteToWideChar
0x4e137c WideCharToMultiByte
0x4e1380 GetVersion
0x4e1384 GlobalGetAtomNameA
0x4e1388 GlobalAddAtomA
0x4e138c GlobalFindAtomA
0x4e1390 GlobalDeleteAtom
0x4e1394 lstrcmpiA
0x4e1398 GetThreadLocale
0x4e139c SetEndOfFile
0x4e13a4 GlobalAlloc
库: USER32.dll:
0x4e1434 GetSystemMetrics
0x4e1438 GetCursorPos
0x4e143c MessageBoxA
0x4e1440 MessageBeep
0x4e1444 SetWindowPos
0x4e1448 SendMessageA
0x4e144c DestroyCursor
0x4e1450 SetParent
0x4e1454 IsWindow
0x4e1458 PostMessageA
0x4e145c GetTopWindow
0x4e1460 GetParent
0x4e1464 GetFocus
0x4e1468 EmptyClipboard
0x4e146c SetClipboardData
0x4e1470 OpenClipboard
0x4e1474 GetClipboardData
0x4e1478 CloseClipboard
0x4e147c GetClientRect
0x4e1480 InvalidateRect
0x4e1484 ValidateRect
0x4e1488 UpdateWindow
0x4e148c EqualRect
0x4e1490 GetWindowRect
0x4e1494 SetForegroundWindow
0x4e1498 DestroyMenu
0x4e149c TrackPopupMenu
0x4e14a0 IsChild
0x4e14a4 ReleaseDC
0x4e14a8 wsprintfA
0x4e14ac FillRect
0x4e14b0 GetDC
0x4e14b4 SetCursor
0x4e14b8 LoadCursorA
0x4e14bc SetCursorPos
0x4e14c0 SetActiveWindow
0x4e14c4 GetSysColor
0x4e14c8 SetWindowLongA
0x4e14cc GetWindowLongA
0x4e14d0 RedrawWindow
0x4e14d4 EnableWindow
0x4e14d8 IsWindowVisible
0x4e14dc OffsetRect
0x4e14e0 PtInRect
0x4e14e4 DestroyIcon
0x4e14e8 IntersectRect
0x4e14ec InflateRect
0x4e14f0 SetRect
0x4e14f4 SetScrollPos
0x4e14f8 SetScrollRange
0x4e14fc GetScrollRange
0x4e1500 SetCapture
0x4e1504 GetCapture
0x4e1508 ReleaseCapture
0x4e150c SetTimer
0x4e1510 KillTimer
0x4e1514 WinHelpA
0x4e1518 LoadBitmapA
0x4e151c CopyRect
0x4e1524 ScreenToClient
0x4e1528 GetMessagePos
0x4e152c SetWindowRgn
0x4e1534 GetWindow
0x4e1538 GetActiveWindow
0x4e153c SetFocus
0x4e1540 IsRectEmpty
0x4e1544 UnhookWindowsHookEx
0x4e1548 IsIconic
0x4e154c PeekMessageA
0x4e1550 SetMenu
0x4e1554 GetMenu
0x4e1558 DeleteMenu
0x4e155c PostThreadMessageA
0x4e1560 GetNextDlgGroupItem
0x4e1564 MapDialogRect
0x4e156c CharNextA
0x4e1570 GetSysColorBrush
0x4e1574 LoadStringA
0x4e1578 FindWindowA
0x4e157c GetDesktopWindow
0x4e1580 GetClassNameA
0x4e1588 GetMenuState
0x4e158c SetMenuItemBitmaps
0x4e1590 CheckMenuItem
0x4e1594 SetWindowTextA
0x4e1598 LoadIconA
0x4e159c TranslateMessage
0x4e15a0 DrawFrameControl
0x4e15a4 DrawEdge
0x4e15a8 DrawFocusRect
0x4e15ac WindowFromPoint
0x4e15b0 GetMessageA
0x4e15b4 DispatchMessageA
0x4e15b8 SetRectEmpty
0x4e15c8 DrawIconEx
0x4e15cc CreatePopupMenu
0x4e15d0 AppendMenuA
0x4e15d4 ModifyMenuA
0x4e15d8 CreateMenu
0x4e15e0 GetDlgCtrlID
0x4e15e4 GetSubMenu
0x4e15e8 EnableMenuItem
0x4e15ec ClientToScreen
0x4e15f4 LoadImageA
0x4e15fc ShowWindow
0x4e1600 IsWindowEnabled
0x4e1608 GetKeyState
0x4e1610 PostQuitMessage
0x4e1614 IsZoomed
0x4e1618 GetClassInfoA
0x4e161c DefWindowProcA
0x4e1620 GetSystemMenu
0x4e1624 GetWindowTextA
0x4e162c CharUpperA
0x4e1630 GetWindowDC
0x4e1634 BeginPaint
0x4e1638 EndPaint
0x4e163c TabbedTextOutA
0x4e1640 DrawTextA
0x4e1644 GrayStringA
0x4e1648 GetDlgItem
0x4e164c DestroyWindow
0x4e1654 EndDialog
0x4e1658 GetNextDlgTabItem
0x4e165c GetWindowPlacement
0x4e1664 GetForegroundWindow
0x4e1668 GetLastActivePopup
0x4e166c GetMessageTime
0x4e1670 RemovePropA
0x4e1674 CallWindowProcA
0x4e1678 GetPropA
0x4e167c UnregisterClassA
0x4e1680 SetPropA
0x4e1684 GetClassLongA
0x4e1688 CallNextHookEx
0x4e168c SetWindowsHookExA
0x4e1690 CreateWindowExA
0x4e1694 GetMenuItemID
0x4e1698 GetMenuItemCount
0x4e169c RegisterClassA
0x4e16a0 GetScrollPos
0x4e16a4 ShowScrollBar
0x4e16a8 SetScrollInfo
0x4e16ac GetScrollInfo
0x4e16b0 ScrollWindow
0x4e16b4 AdjustWindowRectEx
0x4e16b8 MapWindowPoints
0x4e16bc SendDlgItemMessageA
0x4e16c0 ScrollWindowEx
0x4e16c4 IsDialogMessageA
0x4e16c8 MoveWindow
库: GDI32.dll:
0x4e1038 SetBkColor
0x4e1040 SetStretchBltMode
0x4e1044 GetClipRgn
0x4e1048 CreatePolygonRgn
0x4e104c SelectClipRgn
0x4e1050 DeleteObject
0x4e1054 CreateDIBitmap
0x4e105c CreatePalette
0x4e1060 StretchBlt
0x4e1064 SelectPalette
0x4e1068 RealizePalette
0x4e106c GetDIBits
0x4e1070 GetWindowExtEx
0x4e1074 GetViewportOrgEx
0x4e1078 GetWindowOrgEx
0x4e107c BeginPath
0x4e1080 EndPath
0x4e1084 PathToRegion
0x4e1088 CreateEllipticRgn
0x4e108c CreateRoundRectRgn
0x4e1090 GetTextColor
0x4e1094 GetBkMode
0x4e1098 GetBkColor
0x4e109c GetROP2
0x4e10a0 GetStretchBltMode
0x4e10a4 GetPolyFillMode
0x4e10ac CreateDCA
0x4e10b0 CreateBitmap
0x4e10b4 SelectObject
0x4e10b8 CreatePen
0x4e10bc PatBlt
0x4e10c0 CombineRgn
0x4e10c4 CreateRectRgn
0x4e10c8 FillRgn
0x4e10cc CreateSolidBrush
0x4e10d0 CreateFontIndirectA
0x4e10d4 GetStockObject
0x4e10d8 GetObjectA
0x4e10dc EndPage
0x4e10e0 EndDoc
0x4e10e4 DeleteDC
0x4e10e8 StartDocA
0x4e10ec StartPage
0x4e10f0 BitBlt
0x4e10f4 CreateCompatibleDC
0x4e10f8 Ellipse
0x4e10fc Rectangle
0x4e1100 LPtoDP
0x4e1104 DPtoLP
0x4e1108 GetCurrentObject
0x4e110c RoundRect
0x4e1114 GetDeviceCaps
0x4e1118 SaveDC
0x4e111c RestoreDC
0x4e1120 SetBkMode
0x4e1124 SetPolyFillMode
0x4e1128 SetROP2
0x4e112c SetTextColor
0x4e1130 SetMapMode
0x4e1134 SetViewportOrgEx
0x4e1138 OffsetViewportOrgEx
0x4e113c SetViewportExtEx
0x4e1140 ScaleViewportExtEx
0x4e1144 SetWindowOrgEx
0x4e1148 SetWindowExtEx
0x4e114c ScaleWindowExtEx
0x4e1150 GetClipBox
0x4e1154 ExcludeClipRect
0x4e1158 MoveToEx
0x4e115c LineTo
0x4e1160 ExtSelectClipRgn
0x4e1164 GetMapMode
0x4e1168 GetTextMetricsA
0x4e116c Escape
0x4e1170 ExtTextOutA
0x4e1174 TextOutA
0x4e1178 RectVisible
0x4e117c PtVisible
0x4e1180 GetViewportExtEx
库: WINMM.dll:
0x4e16fc waveOutRestart
0x4e1700 midiStreamRestart
0x4e170c waveOutWrite
0x4e1710 waveOutPause
0x4e1714 waveOutReset
0x4e1718 waveOutClose
0x4e171c waveOutGetNumDevs
0x4e1720 waveOutOpen
0x4e1728 midiStreamOpen
0x4e172c midiStreamProperty
0x4e1734 midiStreamOut
0x4e1738 midiStreamStop
0x4e173c midiOutReset
0x4e1740 midiStreamClose
库: WINSPOOL.DRV:
0x4e1748 DocumentPropertiesA
0x4e174c ClosePrinter
0x4e1750 OpenPrinterA
库: ADVAPI32.dll:
0x4e1000 RegQueryValueExA
0x4e1004 RegQueryValueA
0x4e1008 RegSetValueExA
0x4e100c RegOpenKeyExA
0x4e1010 RegCloseKey
0x4e1014 RegCreateKeyExA
库: SHELL32.dll:
0x4e1428 ShellExecuteA
0x4e142c Shell_NotifyIconA
库: ole32.dll:
0x4e17a4 CoDisconnectObject
0x4e17a8 CoGetClassObject
0x4e17c0 CoRevokeClassObject
0x4e17c4 OleFlushClipboard
0x4e17cc CoTaskMemAlloc
0x4e17d0 CLSIDFromProgID
0x4e17d4 OleRun
0x4e17d8 CoCreateInstance
0x4e17dc CLSIDFromString
0x4e17e0 OleUninitialize
0x4e17e4 OleInitialize
0x4e17e8 CoTaskMemFree
库: OLEAUT32.dll:
0x4e13b0 SafeArrayGetUBound
0x4e13b4 SafeArrayGetLBound
0x4e13b8 SafeArrayGetDim
0x4e13c0 SafeArrayAccessData
0x4e13c4 SafeArrayGetElement
0x4e13c8 VariantCopyInd
0x4e13cc VariantInit
0x4e13d0 SysAllocString
0x4e13d4 SafeArrayDestroy
0x4e13d8 SafeArrayCreate
0x4e13dc SafeArrayPutElement
0x4e13e0 RegisterTypeLib
0x4e13e4 LHashValOfNameSys
0x4e13e8 LoadTypeLib
0x4e13f0 UnRegisterTypeLib
0x4e13f4 SysFreeString
0x4e13f8 VariantClear
0x4e13fc VariantCopy
0x4e140c SysAllocStringLen
0x4e1410 SysStringLen
0x4e1414 VariantChangeType
库: COMCTL32.dll:
0x4e101c ImageList_Destroy
0x4e1028 None
0x4e102c ImageList_Read
0x4e1030 ImageList_Duplicate
库: oledlg.dll:
0x4e17f0 None
库: WS2_32.dll:
0x4e1758 recvfrom
0x4e175c ioctlsocket
0x4e1760 inet_ntoa
0x4e1764 recv
0x4e1768 getpeername
0x4e176c accept
0x4e1770 ntohl
0x4e1774 WSAStartup
0x4e1778 WSACleanup
0x4e177c select
0x4e1780 send
0x4e1784 closesocket
0x4e1788 WSAAsyncSelect
库: WININET.dll:
0x4e16d4 InternetCrackUrlA
0x4e16d8 HttpOpenRequestA
0x4e16dc HttpSendRequestA
0x4e16e0 InternetOpenA
0x4e16e4 InternetCloseHandle
0x4e16e8 InternetSetOptionA
0x4e16ec InternetConnectA
0x4e16f0 InternetReadFile
0x4e16f4 HttpQueryInfoA
库: comdlg32.dll:
0x4e1790 GetFileTitleA
0x4e1794 GetSaveFileNameA
0x4e1798 GetOpenFileNameA
0x4e179c ChooseColorA
.text
`.rdata
@.data
.rsrc
没有防病毒引擎扫描信息!

进程树

emlog_________1.2.exe, PID: 2688, 上一级进程 PID: 2316
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.202 49164 101.226.28.227 mubu.com 443
192.168.122.202 49161 122.114.176.18 www.l566.cn 80
192.168.122.202 49162 122.114.176.18 www.l566.cn 80
192.168.122.202 49163 122.114.176.18 www.l566.cn 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.202 55264 192.168.122.1 53
192.168.122.202 61249 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.l566.cn A 122.114.176.18
CNAME 627909.vhost222.cnameaddress.top
mubu.com A 101.226.28.227
A 101.226.28.226
A 101.226.28.230
CNAME mubu.com.w.kunluncan.com
A 101.226.28.229
A 101.226.28.231
A 101.226.28.228
A 101.226.28.232
A 101.226.28.233

TCP

源地址 源端口 目标地址 目标端口
192.168.122.202 49164 101.226.28.227 mubu.com 443
192.168.122.202 49161 122.114.176.18 www.l566.cn 80
192.168.122.202 49162 122.114.176.18 www.l566.cn 80
192.168.122.202 49163 122.114.176.18 www.l566.cn 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.202 55264 192.168.122.1 53
192.168.122.202 61249 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://www.l566.cn/ke4/kindeditor-min.js 
GET /ke4/kindeditor-min.js HTTP/1.1
Accept: */*
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.l566.cn
Connection: Keep-Alive
URL专业沙箱检测 -> http://www.l566.cn/ke4/themes/default/default.css 
GET /ke4/themes/default/default.css HTTP/1.1
Accept: */*
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.l566.cn
Connection: Keep-Alive
URL专业沙箱检测 -> http://www.l566.cn/ke4/lang/zh-CN.js 
GET /ke4/lang/zh-CN.js HTTP/1.1
Accept: */*
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.l566.cn
Connection: Keep-Alive
URL专业沙箱检测 -> http://www.l566.cn/ke4/themes/default/default.png 
GET /ke4/themes/default/default.png HTTP/1.1
Accept: */*
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.l566.cn
Connection: Keep-Alive

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2020-02-09 21:44:52.171535+0800 192.168.122.202 49164 101.226.28.227 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL RSA CA 2018 CN=*.mubu.com 47:8f:06:0d:5e:24:07:4f:95:29:eb:37:9b:76:07:21:69:79:6e:45

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 29.184 seconds )

  • 15.573 Suricata
  • 5.326 Static
  • 3.165 VirusTotal
  • 2.35 BehaviorAnalysis
  • 1.63 NetworkAnalysis
  • 0.628 TargetInfo
  • 0.429 peid
  • 0.062 AnalysisInfo
  • 0.014 Strings
  • 0.004 config_decoder
  • 0.003 Memory

Signatures ( 3.194 seconds )

  • 2.027 md_url_bl
  • 0.182 antiav_detectreg
  • 0.126 api_spamming
  • 0.105 stealth_timeout
  • 0.103 stealth_decoy_document
  • 0.066 infostealer_ftp
  • 0.038 antianalysis_detectreg
  • 0.037 infostealer_im
  • 0.024 antivm_generic_scsi
  • 0.023 md_domain_bl
  • 0.022 infostealer_mail
  • 0.021 stealth_file
  • 0.019 heapspray_js
  • 0.018 dridex_behavior
  • 0.017 antivm_generic_services
  • 0.016 anormaly_invoke_kills
  • 0.015 antidbg_windows
  • 0.013 virtualcheck_js
  • 0.013 antiav_detectfile
  • 0.012 geodo_banking_trojan
  • 0.01 kibex_behavior
  • 0.009 mimics_filetime
  • 0.009 antivm_parallels_keys
  • 0.009 antivm_xen_keys
  • 0.009 infostealer_bitcoin
  • 0.009 darkcomet_regkeys
  • 0.008 betabot_behavior
  • 0.008 anomaly_persistence_autorun
  • 0.008 virus
  • 0.007 bootkit
  • 0.007 reads_self
  • 0.007 dead_connect
  • 0.007 kovter_behavior
  • 0.007 ransomware_extensions
  • 0.007 ransomware_files
  • 0.006 antiemu_wine_func
  • 0.006 antivm_generic_disk
  • 0.006 infostealer_browser_password
  • 0.006 antivm_generic_diskreg
  • 0.006 network_http
  • 0.005 stealth_network
  • 0.005 antivm_vbox_files
  • 0.005 recon_fingerprint
  • 0.004 antivm_vbox_libs
  • 0.004 disables_browser_warn
  • 0.003 tinba_behavior
  • 0.003 antivm_vbox_window
  • 0.003 silverlight_js
  • 0.003 hancitor_behavior
  • 0.003 bypass_firewall
  • 0.003 antisandbox_productid
  • 0.003 antivm_xen_keys
  • 0.003 antivm_hyperv_keys
  • 0.003 antivm_vbox_acpi
  • 0.003 antivm_vbox_keys
  • 0.003 antivm_vmware_keys
  • 0.003 antivm_vpc_keys
  • 0.003 maldun_anormaly_invoke_vb_vba
  • 0.003 network_torgateway
  • 0.003 packer_armadillo_regkey
  • 0.002 hawkeye_behavior
  • 0.002 rat_nanocore
  • 0.002 maldun_malicious_write_executeable_under_temp_to_regrun
  • 0.002 maldun_anomaly_write_exe_and_obsfucate_extension
  • 0.002 maldun_anomaly_massive_file_ops
  • 0.002 injection_createremotethread
  • 0.002 sets_autoconfig_url
  • 0.002 kazybot_behavior
  • 0.002 exec_crash
  • 0.002 java_js
  • 0.002 js_phish
  • 0.002 cerber_behavior
  • 0.002 antisandbox_script_timer
  • 0.002 antidbg_devices
  • 0.002 antivm_generic_bios
  • 0.002 antivm_generic_system
  • 0.002 bot_drive
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.002 network_cnc_http
  • 0.001 network_tor
  • 0.001 browser_scanbox
  • 0.001 antiav_avast_libs
  • 0.001 infostealer_browser
  • 0.001 network_anomaly
  • 0.001 antivm_vmware_libs
  • 0.001 ransomware_message
  • 0.001 injection_explorer
  • 0.001 ursnif_behavior
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 antisandbox_sboxie_libs
  • 0.001 ipc_namedpipe
  • 0.001 antiav_bitdefender_libs
  • 0.001 ransomeware_modifies_desktop_wallpaper
  • 0.001 dyre_behavior
  • 0.001 shifu_behavior
  • 0.001 maldun_anomaly_write_exe_and_dll_under_winroot_run
  • 0.001 disables_wfp
  • 0.001 injection_runpe
  • 0.001 js_suspicious_redirect
  • 0.001 securityxploded_modules
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_vmware_files
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 codelux_behavior
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_programs
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt

Reporting ( 1.33 seconds )

  • 0.952 ReportHTMLSummary
  • 0.378 Malheur
Task ID 508913
Mongo ID 5e400d6c2f8f2e45149c7a88
Cuckoo release 1.4-Maldun