分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2020-02-19 02:08:32 2020-02-19 02:11:00 148 秒

魔盾分数

2.8

可疑的

文件详细信息

文件名 设置.exe
文件大小 749568 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 05ea335774257656cefbcbe6cbe6bca1
SHA1 b7627dc05f7142302f6ef15bbcf65fbe3e91b826
SHA256 8877e8ac66a151bd1ea896eabcd3f9f5d96c3b1e31cedb446d0b71cf92ccb2db
SHA512 b2087850b9f6fc022cab1d2d896e72b6c5cd0da8376a07189ab15f69ff89788b32bb52b2b7eee239c5f6887b5b56071b3eba3ceedcdbce9b79c1d787b6127b60
CRC32 96B57032
Ssdeep 6144:4htCZm2No3+alWGpkZhMqArO/5rCRDKLLWWu6TcAcV0C508je0DHc4AJVXqBNKzL:4hOm2N++al7unFLqW1YSXfuHc/3
Yara 登录查看Yara规则
样本下载 提交漏报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0045c865
声明校验值 0x00000000
实际校验值 0x000bfcc9
最低操作系统版本要求 4.0
编译时间 2020-02-06 20:54:38
载入哈希 d2907d4c2de6ea99979b14af9d8872a8

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0007a3ee 0x0007b000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.57
.rdata 0x0007c000 0x00012dbe 0x00013000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.60
.data 0x0008f000 0x000219a8 0x00012000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.08
.rsrc 0x000b1000 0x00015648 0x00016000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.32

导入

库: KERNEL32.dll:
0x47c170 SetEndOfFile
0x47c174 UnlockFile
0x47c178 LockFile
0x47c17c FlushFileBuffers
0x47c180 SetFilePointer
0x47c184 GetCurrentProcess
0x47c188 DuplicateHandle
0x47c18c SetLastError
0x47c190 lstrcpynA
0x47c194 GetVersion
0x47c198 GlobalGetAtomNameA
0x47c19c GlobalAddAtomA
0x47c1a0 GlobalFindAtomA
0x47c1a4 GlobalDeleteAtom
0x47c1a8 lstrcmpA
0x47c1ac lstrcmpiA
0x47c1b0 CreateSemaphoreA
0x47c1b4 ResumeThread
0x47c1b8 ReleaseSemaphore
0x47c1c4 FindResourceA
0x47c1c8 SetStdHandle
0x47c1cc CompareStringW
0x47c1d0 CompareStringA
0x47c1d4 IsBadCodePtr
0x47c1d8 IsBadReadPtr
0x47c1dc GetStringTypeW
0x47c1e0 GetStringTypeA
0x47c1ec IsBadWritePtr
0x47c1f0 VirtualAlloc
0x47c1f4 LCMapStringW
0x47c1f8 LCMapStringA
0x47c1fc VirtualFree
0x47c200 HeapCreate
0x47c204 HeapDestroy
0x47c20c GetFileType
0x47c210 GetStdHandle
0x47c214 SetHandleCount
0x47c22c GetACP
0x47c230 HeapSize
0x47c234 GetLocalTime
0x47c238 GetSystemTime
0x47c240 RaiseException
0x47c244 LoadResource
0x47c248 LockResource
0x47c24c GetFullPathNameA
0x47c254 CreateThread
0x47c258 CreateEventA
0x47c25c GetFileAttributesA
0x47c264 GetCommandLineA
0x47c268 GetModuleFileNameA
0x47c26c Sleep
0x47c270 WideCharToMultiByte
0x47c274 MultiByteToWideChar
0x47c278 GetProfileStringA
0x47c27c CreateFileA
0x47c280 WriteFile
0x47c284 ReadFile
0x47c288 GetLastError
0x47c290 SetEvent
0x47c294 GlobalAlloc
0x47c298 WaitForSingleObject
0x47c29c CloseHandle
0x47c2a0 MulDiv
0x47c2a4 GetCurrentThreadId
0x47c2a8 ExitProcess
0x47c2ac GetModuleHandleA
0x47c2b0 GetProcAddress
0x47c2b4 LoadLibraryA
0x47c2b8 FreeLibrary
0x47c2bc GlobalSize
0x47c2c0 GlobalLock
0x47c2c4 GlobalFree
0x47c2d0 GetVersionExA
0x47c2d4 lstrcatA
0x47c2d8 TerminateProcess
0x47c2dc RtlUnwind
0x47c2e0 GetStartupInfoA
0x47c2e4 SetErrorMode
0x47c2e8 GetOEMCP
0x47c2ec GetCPInfo
0x47c2f0 GetProcessVersion
0x47c2f4 GetFileTime
0x47c2f8 GetFileSize
0x47c2fc TlsGetValue
0x47c300 LocalReAlloc
0x47c304 TlsSetValue
0x47c308 TlsFree
0x47c30c GlobalHandle
0x47c310 TlsAlloc
0x47c314 LocalAlloc
0x47c318 GlobalFlags
0x47c31c lstrlenA
0x47c320 WinExec
0x47c324 lstrcpyA
0x47c328 FindFirstFileA
0x47c32c FindNextFileA
0x47c330 FindClose
0x47c33c LocalFree
0x47c34c GetTickCount
0x47c350 GlobalUnlock
0x47c354 GlobalReAlloc
0x47c358 HeapFree
0x47c35c HeapReAlloc
0x47c360 GetProcessHeap
0x47c364 HeapAlloc
0x47c368 GetCurrentThread
库: USER32.dll:
0x47c38c GetWindowRect
0x47c390 GetSystemMetrics
0x47c394 RedrawWindow
0x47c398 InvalidateRect
0x47c39c EnableWindow
0x47c3a0 wsprintfA
0x47c3a4 IsWindowVisible
0x47c3a8 FillRect
0x47c3ac OffsetRect
0x47c3b0 GetClientRect
0x47c3b4 PtInRect
0x47c3b8 SetParent
0x47c3bc SendMessageA
0x47c3c0 LoadCursorA
0x47c3c4 IsRectEmpty
0x47c3c8 IsWindow
0x47c3cc GetWindowLongA
0x47c3d0 SetWindowLongA
0x47c3d4 DestroyIcon
0x47c3d8 IntersectRect
0x47c3dc InflateRect
0x47c3e0 SetRect
0x47c3e4 SetScrollPos
0x47c3e8 SetScrollRange
0x47c3ec GetScrollRange
0x47c3f0 PostMessageA
0x47c3f4 SetCapture
0x47c3f8 GetSysColor
0x47c3fc GetParent
0x47c400 CharUpperA
0x47c404 GetCapture
0x47c408 ReleaseCapture
0x47c40c SetTimer
0x47c410 KillTimer
0x47c414 WinHelpA
0x47c418 LoadBitmapA
0x47c41c CopyRect
0x47c420 GetFocus
0x47c428 ScreenToClient
0x47c42c GetMessagePos
0x47c430 UpdateWindow
0x47c434 SetWindowRgn
0x47c438 DestroyCursor
0x47c440 IsChild
0x47c444 GetWindow
0x47c448 GetTopWindow
0x47c44c GetActiveWindow
0x47c450 SetWindowPos
0x47c454 SetFocus
0x47c458 DestroyMenu
0x47c45c SetActiveWindow
0x47c460 IsIconic
0x47c464 PeekMessageA
0x47c468 SetMenu
0x47c46c GetMenu
0x47c470 SetCursorPos
0x47c474 GetCursorPos
0x47c478 TranslateMessage
0x47c47c LoadIconA
0x47c480 CreatePopupMenu
0x47c484 AppendMenuA
0x47c488 ModifyMenuA
0x47c48c CreateMenu
0x47c494 GetSubMenu
0x47c498 EnableMenuItem
0x47c49c GetDC
0x47c4a0 ReleaseDC
0x47c4a4 SetForegroundWindow
0x47c4a8 EqualRect
0x47c4ac ValidateRect
0x47c4b0 GetDlgCtrlID
0x47c4b8 LoadImageA
0x47c4bc MessageBoxA
0x47c4c8 DrawIconEx
0x47c4cc DrawFrameControl
0x47c4d0 DrawEdge
0x47c4d4 DrawFocusRect
0x47c4d8 GetClipboardData
0x47c4dc OpenClipboard
0x47c4e0 EmptyClipboard
0x47c4e4 SetClipboardData
0x47c4e8 CloseClipboard
0x47c4ec GetMessageA
0x47c4f0 DispatchMessageA
0x47c4f4 SetRectEmpty
0x47c4f8 GetWindowPlacement
0x47c500 GetForegroundWindow
0x47c504 GetLastActivePopup
0x47c508 GetMessageTime
0x47c50c RemovePropA
0x47c510 CallWindowProcA
0x47c514 GetPropA
0x47c518 UnhookWindowsHookEx
0x47c51c SetPropA
0x47c520 GetClassLongA
0x47c524 CallNextHookEx
0x47c528 SetWindowsHookExA
0x47c52c CreateWindowExA
0x47c530 DestroyWindow
0x47c534 GetWindowTextA
0x47c53c GetDlgItem
0x47c540 GetMenuItemID
0x47c544 GetMenuItemCount
0x47c548 RegisterClassA
0x47c54c GetScrollPos
0x47c550 AdjustWindowRectEx
0x47c554 MapWindowPoints
0x47c558 SendDlgItemMessageA
0x47c55c UnregisterClassA
0x47c560 ScrollWindowEx
0x47c564 IsDialogMessageA
0x47c568 SetWindowTextA
0x47c56c MoveWindow
0x47c570 GetWindowDC
0x47c574 BeginPaint
0x47c578 EndPaint
0x47c57c TabbedTextOutA
0x47c580 DrawTextA
0x47c584 GrayStringA
0x47c588 GetNextDlgTabItem
0x47c58c CheckMenuItem
0x47c590 SetMenuItemBitmaps
0x47c594 GetMenuState
0x47c5a0 EndDialog
0x47c5a4 GetClassNameA
0x47c5a8 GetDesktopWindow
0x47c5ac GetSysColorBrush
0x47c5b0 LoadStringA
0x47c5b8 ClientToScreen
0x47c5bc WindowFromPoint
0x47c5c4 ShowWindow
0x47c5c8 SetCursor
0x47c5cc IsWindowEnabled
0x47c5d4 GetKeyState
0x47c5dc PostQuitMessage
0x47c5e0 IsZoomed
0x47c5e4 GetClassInfoA
0x47c5e8 DefWindowProcA
0x47c5ec GetSystemMenu
0x47c5f0 DeleteMenu
库: GDI32.dll:
0x47c024 StartDocA
0x47c028 CreatePolygonRgn
0x47c02c GetWindowExtEx
0x47c030 GetViewportOrgEx
0x47c034 GetWindowOrgEx
0x47c038 SetStretchBltMode
0x47c03c StretchBlt
0x47c040 CreateDIBitmap
0x47c044 GetClipRgn
0x47c048 SelectClipRgn
0x47c04c DeleteObject
0x47c050 LPtoDP
0x47c058 DeleteDC
0x47c05c BeginPath
0x47c060 EndPath
0x47c064 PathToRegion
0x47c068 CreateEllipticRgn
0x47c06c CreateRoundRectRgn
0x47c070 EndDoc
0x47c074 GetTextColor
0x47c078 GetBkMode
0x47c07c GetBkColor
0x47c080 GetROP2
0x47c084 GetStretchBltMode
0x47c088 GetPolyFillMode
0x47c08c SetBkColor
0x47c090 EndPage
0x47c098 CreateDCA
0x47c09c GetDeviceCaps
0x47c0a0 DPtoLP
0x47c0a4 CreateBitmap
0x47c0a8 CreateCompatibleDC
0x47c0ac SelectObject
0x47c0b0 BitBlt
0x47c0b4 GetObjectA
0x47c0b8 CreatePen
0x47c0bc PatBlt
0x47c0c0 Rectangle
0x47c0c4 Ellipse
0x47c0c8 RoundRect
0x47c0cc CombineRgn
0x47c0d0 CreateRectRgn
0x47c0d4 FillRgn
0x47c0d8 GetCurrentObject
0x47c0e0 CreateSolidBrush
0x47c0e4 GetStockObject
0x47c0e8 CreateFontIndirectA
0x47c0ec GetTextMetricsA
0x47c0f0 GetClipBox
0x47c0f4 SetTextColor
0x47c0f8 SaveDC
0x47c0fc RestoreDC
0x47c100 SetBkMode
0x47c104 SetPolyFillMode
0x47c108 SetROP2
0x47c10c SetMapMode
0x47c110 SetViewportOrgEx
0x47c114 OffsetViewportOrgEx
0x47c118 SetViewportExtEx
0x47c11c ScaleViewportExtEx
0x47c120 SetWindowOrgEx
0x47c124 SetWindowExtEx
0x47c128 ScaleWindowExtEx
0x47c12c ExcludeClipRect
0x47c130 MoveToEx
0x47c134 LineTo
0x47c138 GetDIBits
0x47c13c RealizePalette
0x47c140 SelectPalette
0x47c144 CreatePalette
0x47c14c StartPage
0x47c150 Escape
0x47c154 ExtTextOutA
0x47c158 TextOutA
0x47c15c RectVisible
0x47c160 PtVisible
0x47c164 GetViewportExtEx
0x47c168 ExtSelectClipRgn
库: WINMM.dll:
0x47c5f8 midiStreamRestart
0x47c5fc midiStreamClose
0x47c600 midiOutReset
0x47c604 midiStreamStop
0x47c608 midiStreamOut
0x47c610 midiStreamProperty
0x47c614 midiStreamOpen
0x47c61c waveOutOpen
0x47c620 waveOutGetNumDevs
0x47c624 waveOutClose
0x47c628 waveOutReset
0x47c62c waveOutPause
0x47c630 waveOutWrite
库: WINSPOOL.DRV:
0x47c640 ClosePrinter
0x47c644 DocumentPropertiesA
0x47c648 OpenPrinterA
库: ADVAPI32.dll:
0x47c000 RegCreateKeyExA
0x47c004 RegCloseKey
0x47c008 RegQueryValueA
0x47c00c RegOpenKeyExA
0x47c010 RegSetValueExA
库: SHELL32.dll:
0x47c380 ShellExecuteA
0x47c384 Shell_NotifyIconA
库: ole32.dll:
0x47c68c OleInitialize
0x47c690 OleUninitialize
0x47c694 CLSIDFromString
库: OLEAUT32.dll:
0x47c370 LoadTypeLib
0x47c374 RegisterTypeLib
0x47c378 UnRegisterTypeLib
库: COMCTL32.dll:
0x47c018 ImageList_Destroy
0x47c01c None
库: WS2_32.dll:
0x47c650 inet_ntoa
0x47c654 getpeername
0x47c658 accept
0x47c65c ioctlsocket
0x47c660 recvfrom
0x47c664 recv
0x47c668 WSACleanup
0x47c66c WSAAsyncSelect
0x47c670 closesocket
库: comdlg32.dll:
0x47c678 ChooseColorA
0x47c67c GetSaveFileNameA
0x47c680 GetOpenFileNameA
0x47c684 GetFileTitleA

.text
`.rdata
@.data
.rsrc
8`}<j
T$Hhd+I
T$th
T$|hx+I
D$|ht+I
D$@Sj
L$8h
D$8Rj
l$<VWj
D$,RVhl,I
tEh0-I
|$$h(.I
t*hd.I
Rh(8H
T$$Rh88H
T$Dh
D$0Rj
T$\h
L$POj
L$PMj
D$Ph
D$|h
T$ Wj
L$@RQj
D$@RPQj
D$ Pj
D$4Wj
D$8Wj
T$<h
D$(hF
D$(h
T$Dhb
没有防病毒引擎扫描信息!

进程树


______.exe, PID: 2728, 上一级进程 PID: 2332

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 23.042 seconds )

  • 16.171 Suricata
  • 3.884 Static
  • 1.324 VirusTotal
  • 0.594 peid
  • 0.499 TargetInfo
  • 0.365 NetworkAnalysis
  • 0.138 AnalysisInfo
  • 0.029 BehaviorAnalysis
  • 0.021 Memory
  • 0.015 Strings
  • 0.002 config_decoder

Signatures ( 0.15 seconds )

  • 0.02 md_url_bl
  • 0.017 md_domain_bl
  • 0.016 antiav_detectreg
  • 0.009 anomaly_persistence_autorun
  • 0.008 infostealer_ftp
  • 0.007 antiav_detectfile
  • 0.007 ransomware_files
  • 0.006 ransomware_extensions
  • 0.005 infostealer_bitcoin
  • 0.005 infostealer_im
  • 0.003 tinba_behavior
  • 0.003 rat_nanocore
  • 0.003 antianalysis_detectreg
  • 0.003 antivm_vbox_files
  • 0.003 disables_browser_warn
  • 0.003 infostealer_mail
  • 0.002 cerber_behavior
  • 0.002 geodo_banking_trojan
  • 0.002 bot_drive
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.001 network_tor
  • 0.001 betabot_behavior
  • 0.001 ursnif_behavior
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 office_security
  • 0.001 rat_spynet
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt

Reporting ( 1.094 seconds )

  • 0.902 ReportHTMLSummary
  • 0.192 Malheur
Task ID 513034
Mongo ID 5e4c28d12f8f2e0df46c763e
Cuckoo release 1.4-Maldun