比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-2 2020-02-19 02:09:22 2020-02-19 02:10:49 87 秒

魔盾分数

3.15

可疑的

文件详细信息

文件名 进度条.exe
文件大小 1470464 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 330cdf8d7f98e04f036123625e36a8a3
SHA1 6546f4e791a06852f0767445a529ce89b4a7b8f3
SHA256 97b90e13a2d2cb73919f894603bcc6d89f6bb8edcb83eaf154d821fa79000528
SHA512 5984f204dcfd91ce1bfee5b4fb1770c36fd2e952f611e0bfa8c589ca56c8b9b256563123e17adecb2939d2f7c7f5c3f09385c724e5b38d1be9dfae27d2f0ac34
CRC32 4475C8C0
Ssdeep 24576:R8tSQb6iLnMW2BiTPSf/4WnwwwuQRtfyUXygFslx3zs57:OtjMW2oegWnww6dVyOslxs
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00461444
声明校验值 0x00000000
实际校验值 0x0016cb30
最低操作系统版本要求 4.0
编译时间 2020-02-08 23:25:05
载入哈希 d6bb8ed014005c9f0dd1b234525ffa79

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0007f6ee 0x00080000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.56
.rdata 0x00081000 0x000cc6c0 0x000cd000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.01
.data 0x0014e000 0x0003a0ca 0x00012000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.07
.rsrc 0x00189000 0x00006108 0x00007000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.23

导入

库: WINMM.dll:
0x48160c midiStreamOut
0x481614 waveOutWrite
0x481618 waveOutPause
0x48161c waveOutReset
0x481620 waveOutClose
0x481624 waveOutGetNumDevs
0x481628 waveOutOpen
0x481630 midiStreamOpen
0x481634 midiStreamProperty
0x481638 midiStreamStop
0x48163c midiOutReset
0x481640 midiStreamClose
0x481644 midiStreamRestart
库: WS2_32.dll:
0x481664 WSAAsyncSelect
0x481668 closesocket
0x48166c WSACleanup
0x481670 inet_ntoa
0x481674 recvfrom
0x481678 ioctlsocket
0x48167c recv
0x481680 accept
0x481684 getpeername
库: KERNEL32.dll:
0x481180 SetLastError
0x481188 GetVersion
0x48118c GetACP
0x481190 HeapSize
0x481194 RaiseException
0x481198 GetLocalTime
0x48119c GetSystemTime
0x4811a0 RtlUnwind
0x4811a4 GetStartupInfoA
0x4811a8 GetOEMCP
0x4811ac GetCPInfo
0x4811b0 GetProcessVersion
0x4811b4 SetErrorMode
0x4811b8 GlobalFlags
0x4811bc GetCurrentThread
0x4811c0 GetFileTime
0x4811c4 TlsGetValue
0x4811c8 LocalReAlloc
0x4811cc TlsSetValue
0x4811d0 TlsFree
0x4811d4 GlobalHandle
0x4811d8 TlsAlloc
0x4811dc LocalAlloc
0x4811e0 lstrcmpA
0x4811e4 GlobalGetAtomNameA
0x4811e8 GlobalAddAtomA
0x4811ec GlobalFindAtomA
0x4811f0 GlobalDeleteAtom
0x4811f4 lstrcmpiA
0x4811f8 SetEndOfFile
0x4811fc UnlockFile
0x481200 LockFile
0x481204 FlushFileBuffers
0x481208 DuplicateHandle
0x48120c lstrcpynA
0x481218 LocalFree
0x481224 TerminateProcess
0x481228 GetCurrentProcess
0x48122c GetFileSize
0x481230 SetFilePointer
0x481234 CreateSemaphoreA
0x481238 ResumeThread
0x48123c ReleaseSemaphore
0x481248 GetProfileStringA
0x48124c WriteFile
0x481254 CreateFileA
0x481258 SetEvent
0x48125c FindResourceA
0x481260 LoadResource
0x481264 LockResource
0x481268 ReadFile
0x48126c GetModuleFileNameA
0x481270 WideCharToMultiByte
0x481274 MultiByteToWideChar
0x481278 GetCurrentThreadId
0x48127c ExitProcess
0x481280 GlobalSize
0x481284 GlobalFree
0x48128c InterlockedExchange
0x481294 lstrcatA
0x481298 lstrlenA
0x48129c WinExec
0x4812a0 lstrcpyA
0x4812a4 FindNextFileA
0x4812a8 GlobalReAlloc
0x4812ac HeapFree
0x4812b0 HeapReAlloc
0x4812b4 GetProcessHeap
0x4812b8 HeapAlloc
0x4812bc GetFullPathNameA
0x4812c0 FreeLibrary
0x4812c4 LoadLibraryA
0x4812c8 GetLastError
0x4812cc GetVersionExA
0x4812d4 CreateThread
0x4812d8 CreateEventA
0x4812dc Sleep
0x4812e0 GlobalAlloc
0x4812e4 GlobalLock
0x4812e8 GlobalUnlock
0x4812ec FindFirstFileA
0x4812f0 FindClose
0x4812f4 GetFileAttributesA
0x481300 GetModuleHandleA
0x481304 GetProcAddress
0x481308 MulDiv
0x48130c GetCommandLineA
0x481310 GetTickCount
0x481314 WaitForSingleObject
0x481318 CloseHandle
0x481330 SetHandleCount
0x481334 GetStdHandle
0x481338 GetFileType
0x481340 HeapDestroy
0x481344 HeapCreate
0x481348 VirtualFree
0x481350 LCMapStringA
0x481354 LCMapStringW
0x481358 VirtualAlloc
0x48135c IsBadWritePtr
0x481364 GetStringTypeA
0x481368 GetStringTypeW
0x48136c CompareStringA
0x481370 CompareStringW
0x481374 IsBadReadPtr
0x481378 IsBadCodePtr
0x48137c SetStdHandle
库: USER32.dll:
0x4813a0 IsIconic
0x4813a4 IsZoomed
0x4813a8 PostQuitMessage
0x4813b0 GetKeyState
0x4813b8 IsWindowEnabled
0x4813bc ShowWindow
0x4813c4 LoadImageA
0x4813cc ClientToScreen
0x4813d0 EnableMenuItem
0x4813d4 GetSubMenu
0x4813d8 GetDlgCtrlID
0x4813e0 CreateMenu
0x4813e4 ModifyMenuA
0x4813e8 AppendMenuA
0x4813ec CreatePopupMenu
0x4813f0 DrawIconEx
0x4813fc SetFocus
0x481400 GetActiveWindow
0x481404 GetWindow
0x48140c SetWindowRgn
0x481410 GetMessagePos
0x481414 ScreenToClient
0x48141c CopyRect
0x481420 LoadBitmapA
0x481424 WinHelpA
0x481428 KillTimer
0x48142c SetTimer
0x481434 GetCapture
0x481438 SetCapture
0x48143c GetScrollRange
0x481440 GetSysColorBrush
0x481444 LoadStringA
0x481448 SetScrollRange
0x48144c SetScrollPos
0x481450 SetRect
0x481454 InflateRect
0x481458 IntersectRect
0x48145c DestroyIcon
0x481460 PtInRect
0x481464 OffsetRect
0x481468 IsWindowVisible
0x48146c EnableWindow
0x481470 RedrawWindow
0x481474 GetWindowLongA
0x481478 PeekMessageA
0x48147c GetSysColor
0x481480 SetActiveWindow
0x481484 SetCursorPos
0x481488 LoadCursorA
0x48148c SetCursor
0x481490 GetDC
0x481494 FillRect
0x481498 IsRectEmpty
0x48149c ReleaseDC
0x4814a0 IsChild
0x4814a4 DestroyMenu
0x4814a8 SetForegroundWindow
0x4814ac GetWindowRect
0x4814b0 EqualRect
0x4814b4 UpdateWindow
0x4814b8 ValidateRect
0x4814bc InvalidateRect
0x4814c0 GetClientRect
0x4814c4 GetFocus
0x4814c8 GetParent
0x4814cc GetTopWindow
0x4814d0 PostMessageA
0x4814d4 IsWindow
0x4814d8 SetParent
0x4814dc DestroyCursor
0x4814e0 SendMessageA
0x4814e4 SetWindowPos
0x4814e8 MessageBoxA
0x4814ec GetCursorPos
0x4814f0 GetSystemMetrics
0x4814f4 EmptyClipboard
0x4814f8 SetClipboardData
0x4814fc OpenClipboard
0x481500 GetClipboardData
0x481504 CloseClipboard
0x481508 wsprintfA
0x48150c SetMenu
0x481510 GetMenu
0x481514 SetRectEmpty
0x481518 DispatchMessageA
0x48151c GetMessageA
0x481520 DrawFocusRect
0x481524 DrawEdge
0x481528 DrawFrameControl
0x48152c TranslateMessage
0x481530 LoadIconA
0x481534 GetDesktopWindow
0x481538 GetClassNameA
0x48153c GetDlgItem
0x481540 GetWindowTextA
0x481544 DeleteMenu
0x481548 GetSystemMenu
0x48154c DefWindowProcA
0x481550 GetClassInfoA
0x481554 SetWindowLongA
0x481558 ReleaseCapture
0x48155c UnregisterClassA
0x481560 WindowFromPoint
0x481568 CharUpperA
0x48156c GetWindowDC
0x481570 BeginPaint
0x481574 EndPaint
0x481578 TabbedTextOutA
0x48157c DrawTextA
0x481580 GrayStringA
0x481584 DestroyWindow
0x48158c EndDialog
0x481590 GetNextDlgTabItem
0x481594 GetWindowPlacement
0x48159c GetForegroundWindow
0x4815a0 GetLastActivePopup
0x4815a4 GetMessageTime
0x4815a8 RemovePropA
0x4815ac CallWindowProcA
0x4815b0 GetPropA
0x4815b4 UnhookWindowsHookEx
0x4815b8 SetPropA
0x4815bc GetClassLongA
0x4815c0 CallNextHookEx
0x4815c4 SetWindowsHookExA
0x4815c8 CreateWindowExA
0x4815cc GetMenuItemID
0x4815d0 GetMenuItemCount
0x4815d4 RegisterClassA
0x4815d8 GetScrollPos
0x4815dc AdjustWindowRectEx
0x4815e0 MapWindowPoints
0x4815e4 SendDlgItemMessageA
0x4815e8 ScrollWindowEx
0x4815ec IsDialogMessageA
0x4815f0 SetWindowTextA
0x4815f4 MoveWindow
0x4815f8 CheckMenuItem
0x4815fc SetMenuItemBitmaps
0x481600 GetMenuState
库: GDI32.dll:
0x481024 GetViewportExtEx
0x481028 ExtSelectClipRgn
0x48102c LineTo
0x481030 CreateBitmap
0x481034 SelectObject
0x481038 GetObjectA
0x48103c CreatePen
0x481040 PatBlt
0x481044 CombineRgn
0x481048 CreateRectRgn
0x48104c FillRgn
0x481050 CreateSolidBrush
0x481054 GetStockObject
0x481058 CreateFontIndirectA
0x48105c EndPage
0x481060 EndDoc
0x481064 DeleteDC
0x481068 StartDocA
0x48106c StartPage
0x481070 BitBlt
0x481074 GetPixel
0x481078 Ellipse
0x48107c Rectangle
0x481080 LPtoDP
0x481084 DPtoLP
0x481088 GetCurrentObject
0x48108c RoundRect
0x481094 GetDeviceCaps
0x481098 MoveToEx
0x48109c ExcludeClipRect
0x4810a0 GetClipBox
0x4810a4 ScaleWindowExtEx
0x4810a8 SetWindowExtEx
0x4810ac SetWindowOrgEx
0x4810b0 ScaleViewportExtEx
0x4810b4 SetViewportExtEx
0x4810b8 OffsetViewportOrgEx
0x4810bc PtVisible
0x4810c0 RectVisible
0x4810c4 TextOutA
0x4810c8 ExtTextOutA
0x4810cc Escape
0x4810d0 GetTextMetricsA
0x4810d4 CreateDCA
0x4810dc GetPolyFillMode
0x4810e0 GetStretchBltMode
0x4810e4 GetROP2
0x4810e8 GetBkColor
0x4810ec GetBkMode
0x4810f0 GetTextColor
0x4810f4 CreateRoundRectRgn
0x4810f8 CreateEllipticRgn
0x4810fc PathToRegion
0x481100 EndPath
0x481104 BeginPath
0x481108 GetWindowOrgEx
0x48110c GetViewportOrgEx
0x481110 GetWindowExtEx
0x481114 GetDIBits
0x481118 SetViewportOrgEx
0x48111c SetMapMode
0x481120 SetTextColor
0x481124 SetROP2
0x481128 SetPolyFillMode
0x48112c SetBkMode
0x481130 RestoreDC
0x481134 SaveDC
0x481138 RealizePalette
0x48113c SelectPalette
0x481140 StretchBlt
0x481144 CreatePalette
0x48114c CreateDIBitmap
0x481150 DeleteObject
0x481154 SelectClipRgn
0x481158 CreatePolygonRgn
0x48115c SetStretchBltMode
0x481160 ExtCreateRegion
0x481164 SetPixel
0x481168 CreateDIBSection
0x481170 CreateCompatibleDC
0x481174 GetClipRgn
0x481178 SetBkColor
库: WINSPOOL.DRV:
0x481654 OpenPrinterA
0x481658 DocumentPropertiesA
0x48165c ClosePrinter
库: ADVAPI32.dll:
0x481000 RegOpenKeyExA
0x481004 RegSetValueExA
0x481008 RegQueryValueA
0x48100c RegCreateKeyExA
0x481010 RegCloseKey
库: SHELL32.dll:
0x481394 ShellExecuteA
0x481398 Shell_NotifyIconA
库: ole32.dll:
0x4816a0 CLSIDFromString
0x4816a4 OleUninitialize
0x4816a8 OleInitialize
库: OLEAUT32.dll:
0x481384 LoadTypeLib
0x481388 RegisterTypeLib
0x48138c UnRegisterTypeLib
库: COMCTL32.dll:
0x481018 None
0x48101c ImageList_Destroy
库: comdlg32.dll:
0x48168c ChooseColorA
0x481690 GetFileTitleA
0x481694 GetSaveFileNameA
0x481698 GetOpenFileNameA
.text
`.rdata
@.data
.rsrc
8`}<j
T$th
D$@Sj
L$8h
D$8Rj
l$<VWj
l$lh,'U
}'h
9^xu5j
T$,Qj
T$0Pj
D$8RPj
D$0h
T$,Qj
NpRQj
t$<Vj
T$<h
D$(hF
D$(h
L$@h
D$$VPj
T$Dhb
没有防病毒引擎扫描信息!

进程树

_________.exe, PID: 2720, 上一级进程 PID: 2344
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 26.711 seconds )

  • 16.67 Suricata
  • 5.716 Static
  • 2.542 VirusTotal
  • 0.725 TargetInfo
  • 0.466 peid
  • 0.368 NetworkAnalysis
  • 0.133 BehaviorAnalysis
  • 0.053 AnalysisInfo
  • 0.019 Memory
  • 0.015 Strings
  • 0.004 config_decoder

Signatures ( 0.199 seconds )

  • 0.032 antiav_detectreg
  • 0.018 md_domain_bl
  • 0.017 md_url_bl
  • 0.013 infostealer_ftp
  • 0.008 infostealer_im
  • 0.007 anomaly_persistence_autorun
  • 0.007 antiav_detectfile
  • 0.007 antianalysis_detectreg
  • 0.006 api_spamming
  • 0.006 ransomware_extensions
  • 0.006 ransomware_files
  • 0.005 stealth_timeout
  • 0.005 infostealer_bitcoin
  • 0.005 infostealer_mail
  • 0.004 stealth_decoy_document
  • 0.003 tinba_behavior
  • 0.003 antidbg_windows
  • 0.003 antivm_vbox_files
  • 0.003 geodo_banking_trojan
  • 0.003 disables_browser_warn
  • 0.002 rat_nanocore
  • 0.002 betabot_behavior
  • 0.002 cerber_behavior
  • 0.002 antivm_parallels_keys
  • 0.002 bot_drive
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.001 mimics_filetime
  • 0.001 antivm_generic_services
  • 0.001 reads_self
  • 0.001 ursnif_behavior
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 shifu_behavior
  • 0.001 antivm_generic_disk
  • 0.001 virus
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 darkcomet_regkeys
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 recon_fingerprint
  • 0.001 stealth_modify_uac_prompt

Reporting ( 1.052 seconds )

  • 0.854 ReportHTMLSummary
  • 0.198 Malheur
Task ID 513035
Mongo ID 5e4c28ca2f8f2e0df56c71e6
Cuckoo release 1.4-Maldun