分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2020-02-19 04:58:08 2020-02-19 05:00:36 148 秒

魔盾分数

10.0

Mywebsearch病毒

文件详细信息

文件名 Adware.exe
文件大小 1722312 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 7dfb5cde56f28ea19e5bdf03bc3456c8
SHA1 89abbe84ec516131533ce23e272d339f6f683f32
SHA256 bd943aedb958f6369417bc4af26751e000ffda1d4fe18d6f1e101cb5d359a416
SHA512 408f1a5991f386ab64a7388bfcd0c438b501c51110c090629aaf5efabd5689b872bf994c4305d1102200447dffb146adf857c6d44f7d8a04c6775a738bd591d1
CRC32 7ED5C958
Ssdeep 24576:2b54NhCDIs1Ry+5Vy8BvdXK9dnaB/yFug5K3VsK1tB+7ImStYneaao7QOOYU4WQG:wXIsfySyKvd6XaGgxltcNHEOOMWl
Yara 登录查看Yara规则
样本下载 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00402344
声明校验值 0x00000000
实际校验值 0x001b2023
最低操作系统版本要求 4.0
编译时间 2011-11-04 10:23:07
载入哈希 e58e6bb0651bb364693b016e70a8753c

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

微软证书验证 (Sign Tool)

SHA1 时间戳 有效性 错误
None Thu Dec 01 01:44:51 2011
证书链 Certificate Chain 1
发行给 Class 3 Public Primary Certification Authority
发行人 Class 3 Public Primary Certification Authority
有效期 Wed Aug 02 075959 2028
SHA1 哈希 742c3192e607e424eb4549542be1bbc53e6174e2
证书链 Certificate Chain 2
发行给 VeriSign Class 3 Code Signing 2009-2 CA
发行人 Class 3 Public Primary Certification Authority
有效期 Tue May 21 075959 2019
SHA1 哈希 12d4872bc3ef019e7e0b6f132480ae29db5b1ca3
证书链 Certificate Chain 3
发行给 Mindspark Interactive Network
发行人 VeriSign Class 3 Code Signing 2009-2 CA
有效期 Mon May 07 075959 2012
SHA1 哈希 9fcb24a7661183fcb8ad11f8edf81351886cfc18
证书链 Timestamp Chain 1
发行给 Thawte Timestamping CA
发行人 Thawte Timestamping CA
有效期 Fri Jan 01 075959 2021
SHA1 哈希 be36a4562fb2ee05dbb3d32323adf445084ed656
证书链 Timestamp Chain 2
发行给 VeriSign Time Stamping Services CA
发行人 Thawte Timestamping CA
有效期 Wed Dec 04 075959 2013
SHA1 哈希 f46ac0c6efbb8c6a14f55f09e2d37df4c0de012d
证书链 Timestamp Chain 3
发行给 VeriSign Time Stamping Services Signer - G2
发行人 VeriSign Time Stamping Services CA
有效期 Fri Jun 15 075959 2012
SHA1 哈希 ada8aaa643ff7dc38dd40fa4c97ad559ff4846de

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00001f66 0x00002000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.25
.rdata 0x00003000 0x00000a64 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.60
.data 0x00004000 0x000008ae 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 1.92
.rsrc 0x00005000 0x0019d7f0 0x0019e000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.77

导入

库: KERNEL32.dll:
0x403020 EnumResourceNamesA
0x403024 GetProcAddress
0x403028 LocalFree
0x40302c GetExitCodeProcess
0x403030 WaitForSingleObject
0x403034 CreateProcessA
0x403038 GetPriorityClass
0x40303c GetCurrentProcess
0x403040 ResumeThread
0x403044 GetCurrentThreadId
0x403048 CreateEventA
0x40304c SetEvent
0x403050 GetExitCodeThread
0x403054 GetStartupInfoA
0x403058 ExitProcess
0x40305c GetCommandLineA
0x403068 lstrcmpiA
0x40306c HeapAlloc
0x403070 GetProcessHeap
0x403074 HeapReAlloc
0x403078 HeapFree
0x40307c CreateThread
0x403088 GetVersionExA
0x403090 ReadFile
0x403094 GetFileSize
0x403098 MoveFileA
0x40309c GetShortPathNameA
0x4030a4 SetLastError
0x4030a8 GetModuleFileNameA
0x4030ac FreeLibrary
0x4030b0 LoadLibraryA
0x4030b4 lstrcpyA
0x4030b8 lstrcatA
0x4030bc lstrlenW
0x4030c0 WideCharToMultiByte
0x4030c4 GetModuleHandleA
0x4030c8 GetTempPathA
0x4030cc FindResourceA
0x4030d0 SizeofResource
0x4030d4 LoadResource
0x4030d8 LockResource
0x4030dc SetFileAttributesA
0x4030e0 CreateFileA
0x4030e4 WriteFile
0x4030e8 CloseHandle
0x4030ec DeleteFileA
0x4030f0 lstrcpynA
0x4030f4 lstrlenA
库: USER32.dll:
0x403108 PostMessageA
0x40310c CharNextA
0x403110 DispatchMessageA
0x403114 TranslateMessage
0x403118 PeekMessageA
0x403120 wsprintfA
库: ADVAPI32.dll:
0x403000 RegCreateKeyExA
0x403004 RegSetValueExA
0x403008 RegFlushKey
0x40300c RegQueryValueExA
0x403010 RegCloseKey
0x403014 RegOpenKeyExA
0x403018 RegDeleteValueA
库: ole32.dll:
0x403128 CoCreateInstance
0x40312c CoUninitialize
0x403130 CoInitialize
库: OLEAUT32.dll:
0x4030fc VariantInit
0x403100 VariantClear

.text
`.rdata
@.data
.rsrc
PhX1@
Phx3@
Rh81@
YSh\F@
Yu,h,F@
SShtF@
ShpF@
ShpF@
ShpF@
UhhF@
ShpF@
t h8G@
t)hhG@
Software\TelevisionFanatic\bar\Switches
64SrcAs.dll
nodns
Software\TelevisionFanatic\bar
{PRODUCT_NAME}
{PRODUCT_DESCRIPTION}
{HOMEPAGE_DESCRIPTION}
Software\TelevisionFanatic
\wininit.ini
lstrlenA
lstrcpynA
DeleteFileA
CloseHandle
WriteFile
CreateFileA
SetFileAttributesA
LockResource
LoadResource
SizeofResource
FindResourceA
GetTempPathA
GetModuleHandleA
WideCharToMultiByte
lstrlenW
lstrcatA
lstrcpyA
LoadLibraryA
FreeLibrary
GetModuleFileNameA
lstrcmpiA
EnumResourceNamesA
GetProcAddress
LocalFree
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetPriorityClass
GetCurrentProcess
ResumeThread
GetCurrentThreadId
CreateEventA
SetEvent
GetExitCodeThread
GetStartupInfoA
ExitProcess
GetCommandLineA
InitializeCriticalSection
DeleteCriticalSection
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
CreateThread
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
WaitForMultipleObjects
ReadFile
GetFileSize
MoveFileA
GetShortPathNameA
GetWindowsDirectoryA
SetLastError
KERNEL32.dll
wsprintfA
PostMessageA
CharNextA
DispatchMessageA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects
USER32.dll
GDI32.dll
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegFlushKey
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
ADVAPI32.dll
SHELL32.dll
CoUninitialize
CoCreateInstance
CoInitialize
ole32.dll
OLEAUT32.dll
Software\TelevisionFanatic\bar
/ahp=
/ftab
/ffto
/nodns
PARAMETERSALLOWED_DDE0BB24-8F8C-44e9-B962-8289B302DEF9
_DDE0BB24-8F8C-44e9-B962-8289B302DEF9
.myway.com
.mywebsearch.com
Software\Microsoft\Internet Explorer\Main
Start Page
ptnrS=
http://home.mywebsearch.com/index.jhtml?n=77DE8857&
/n="TelevisionFanatic"
TelevisionFanatic
/p=XP
/p=%s
ffTabs
tiesd
MyFree
SetupDecompressOrCopyFileA
SetupGetFileCompressionInfoA
SETUPAPI
"%s" %s
Software\AppDataLow
IEGetWriteableHKCU
ieframe.dll
Software
[rename]
MoveFileExA
kernel32.dll
64Setup.exe
Az*5!
5u#[3R
T8SETUP.EXE
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav W32.HfsAdware.1166 20200217
MicroWorld-eScan 未发现病毒 20200217
CMC 未发现病毒 20190321
CAT-QuickHeal PUA.Mindsparki1.Gen 20200217
Qihoo-360 Win32/Trojan.65a 20200218
McAfee 未发现病毒 20200217
Cylance Unsafe 20200218
VIPRE MyWebSearch.J (v) (not malicious) 20200217
SUPERAntiSpyware PUP.MindSpark/Variant 20200214
Sangfor Malware 20200212
K7AntiVirus 未发现病毒 20200217
Alibaba 未发现病毒 20190527
K7GW 未发现病毒 20200217
Cybereason 未发现病毒 20190616
Arcabit PUP.WebToolbar.MyWebSearch 20200217
TrendMicro 未发现病毒 20200217
Baidu 未发现病毒 20190318
F-Prot W32/A-4763620f!Eldorado 20200217
Symantec 未发现病毒 20200217
ESET-NOD32 a variant of Win32/Toolbar.MyWebSearch.V potentially unwanted 20200217
APEX Malicious 20200216
Paloalto 未发现病毒 20200218
ClamAV Win.Adware.MyWebSearch-4 20200216
Kaspersky not-a-virus:WebToolbar.Win32.MyWebSearch.hl 20200217
BitDefender 未发现病毒 20200217
NANO-Antivirus Trojan.Win32.Shiz.tkjnl 20200217
ViRobot 未发现病毒 20200217
Avast Win32:PUP-gen [PUP] 20200217
Rising Trojan.Win32.Generic.15214345 (C64:YzY0OpxFvlYwM3/Z) 20200217
Endgame malicious (high confidence) 20200131
Sophos Generic PUA JK (PUA) 20200217
Comodo Suspicious@#2kono4gzpjcpc 20200217
F-Secure Trojan.TR/Siggen.cqjow 20200217
DrWeb Trojan.MulDrop5.45704 20200217
Zillya Adware.AdLoadCRT.Win32.530 20200217
Invincea 未发现病毒 20191211
McAfee-GW-Edition 未发现病毒 20200217
Trapmine 未发现病毒 20200123
FireEye Generic.mg.7dfb5cde56f28ea1 20200217
Emsisoft Application.Toolbar (A) 20200217
SentinelOne DFI - Suspicious PE 20191218
Cyren W32/A-4763620f!Eldorado 20200217
Jiangmin Trojan/JmGenGeneric.alk 20200217
Webroot Pua.Mindspark 20200218
Avira TR/Siggen.cqjow 20200217
Fortinet Adware/FunWeb 20200217
Antiy-AVL 未发现病毒 20200217
Kingsoft 未发现病毒 20200218
Microsoft PUA:Win32/MyWebSearch 20200217
AegisLab Adware.Win32.FunWeb.mhLz 20200217
ZoneAlarm not-a-virus:WebToolbar.Win32.MyWebSearch.hl 20200217
Avast-Mobile 未发现病毒 20200213
TACHYON 未发现病毒 20200217
AhnLab-V3 Win-PUP/Mindspark.Exp 20200217
Acronis 未发现病毒 20200217
BitDefenderTheta 未发现病毒 20200211
ALYac 未发现病毒 20200217
MAX malware (ai score=100) 20200218
VBA32 BScope.Adware.MyWebSearch 20200217
Zoner 未发现病毒 20200217
TrendMicro-HouseCall TROJ_GEN.R03FH0CBG20 20200217
Tencent Win32.Trojan.Falsesign.Angl 20200218
Yandex PUA.Toolbar.MyWebSearch! 20200217
Ikarus Win32.SuspectCrc 20200217
eGambit Unsafe.AI_Score_55% 20200218
GData Win32.Adware.Mindspark.E 20200217
Ad-Aware 未发现病毒 20200217
AVG Win32:PUP-gen [PUP] 20200217
Panda 未发现病毒 20200217
CrowdStrike win/malicious_confidence_60% (D) 20190702
MaxSecure not-a-virus:WebToolbar.Win32.MyWebSearch.sy 20200215

进程树


Adware.exe, PID: 2700, 上一级进程 PID: 2332
T8SETUP.EXE, PID: 2848, 上一级进程 PID: 2700
64SrchMn.exe, PID: 2212, 上一级进程 PID: 2848
64barsvc.exe, PID: 2440, 上一级进程 PID: 2848
64barsvc.exe, PID: 268, 上一级进程 PID: 2848
64brmon.exe, PID: 2680, 上一级进程 PID: 2848
64highin.exe, PID: 1456, 上一级进程 PID: 2848
services.exe, PID: 428, 上一级进程 PID: 332
64barsvc.exe, PID: 2812, 上一级进程 PID: 428
mscorsvw.exe, PID: 2684, 上一级进程 PID: 428
mscorsvw.exe, PID: 1988, 上一级进程 PID: 428

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 26.79 seconds )

  • 16.043 Suricata
  • 5.205 Static
  • 2.264 BehaviorAnalysis
  • 1.49 VirusTotal
  • 0.795 TargetInfo
  • 0.496 peid
  • 0.365 NetworkAnalysis
  • 0.095 AnalysisInfo
  • 0.017 Memory
  • 0.015 Strings
  • 0.005 config_decoder

Signatures ( 1.641 seconds )

  • 0.243 antiav_detectreg
  • 0.116 api_spamming
  • 0.093 stealth_timeout
  • 0.092 infostealer_ftp
  • 0.088 stealth_decoy_document
  • 0.073 anomaly_persistence_autorun
  • 0.052 infostealer_im
  • 0.05 antianalysis_detectreg
  • 0.031 md_domain_bl
  • 0.03 infostealer_mail
  • 0.029 disables_browser_warn
  • 0.028 mimics_filetime
  • 0.025 md_url_bl
  • 0.023 stealth_file
  • 0.023 antiav_detectfile
  • 0.022 antivm_generic_scsi
  • 0.022 antivm_generic_disk
  • 0.022 virus
  • 0.02 bootkit
  • 0.019 browser_security
  • 0.017 antivm_generic_services
  • 0.016 anormaly_invoke_kills
  • 0.016 modify_proxy
  • 0.016 infostealer_bitcoin
  • 0.013 kibex_behavior
  • 0.013 hancitor_behavior
  • 0.013 antivm_xen_keys
  • 0.013 browser_addon
  • 0.013 ransomware_extensions
  • 0.012 infostealer_browser
  • 0.012 antivm_parallels_keys
  • 0.012 geodo_banking_trojan
  • 0.012 darkcomet_regkeys
  • 0.011 betabot_behavior
  • 0.01 ransomware_files
  • 0.009 anomaly_persistence_bootexecute
  • 0.009 anomaly_reset_winsock
  • 0.009 shifu_behavior
  • 0.009 antivm_generic_diskreg
  • 0.009 antivm_vbox_files
  • 0.009 disables_system_restore
  • 0.009 disables_windows_defender
  • 0.009 stealth_modify_uac_prompt
  • 0.008 office_security
  • 0.007 banker_prinimalka
  • 0.007 injection_createremotethread
  • 0.007 sets_autoconfig_url
  • 0.007 creates_largekey
  • 0.007 cerber_behavior
  • 0.006 tinba_behavior
  • 0.006 ransomware_dmalocker
  • 0.006 maldun_anomaly_massive_file_ops
  • 0.006 stealth_hiddenreg
  • 0.006 stealth_hide_notifications
  • 0.005 ransomeware_modifies_desktop_wallpaper
  • 0.005 injection_runpe
  • 0.005 packer_armadillo_regkey
  • 0.005 rat_spynet
  • 0.005 recon_fingerprint
  • 0.005 stealth_modify_security_center_warnings
  • 0.004 gootkit_behavior
  • 0.004 ipc_namedpipe
  • 0.004 infostealer_browser_password
  • 0.004 vawtrak_behavior
  • 0.004 bypass_firewall
  • 0.004 antidbg_devices
  • 0.004 antivm_xen_keys
  • 0.004 antivm_hyperv_keys
  • 0.004 antivm_vbox_acpi
  • 0.004 antivm_vbox_keys
  • 0.004 antivm_vmware_keys
  • 0.004 antivm_vpc_keys
  • 0.004 maldun_anormaly_invoke_vb_vba
  • 0.003 hawkeye_behavior
  • 0.003 network_tor
  • 0.003 antivm_vbox_libs
  • 0.003 rat_nanocore
  • 0.003 maldun_malicious_write_executeable_under_temp_to_regrun
  • 0.003 maldun_anomaly_write_exe_and_obsfucate_extension
  • 0.003 kelihos_behavior
  • 0.003 ursnif_behavior
  • 0.003 pony_behavior
  • 0.003 kovter_behavior
  • 0.003 modifies_certs
  • 0.003 antiav_srp
  • 0.003 antisandbox_productid
  • 0.003 browser_startpage
  • 0.003 disables_app_launch
  • 0.003 disables_uac
  • 0.003 disables_wer
  • 0.003 disables_windowsupdate
  • 0.003 troldesh_behavior
  • 0.003 locker_regedit
  • 0.003 locker_taskmgr
  • 0.003 ransomware_radamant
  • 0.003 rat_pcclient
  • 0.003 stealth_hidden_extension
  • 0.002 antiav_avast_libs
  • 0.002 dridex_behavior
  • 0.002 ransomware_message
  • 0.002 antisandbox_sunbelt_libs
  • 0.002 securityxploded_modules
  • 0.002 antivm_generic_bios
  • 0.002 antivm_generic_system
  • 0.002 browser_helper_object
  • 0.002 md_bad_drop
  • 0.001 antiemu_wine_func
  • 0.001 disables_spdy
  • 0.001 rat_luminosity
  • 0.001 injection_explorer
  • 0.001 kazybot_behavior
  • 0.001 antisandbox_sboxie_libs
  • 0.001 antiav_bitdefender_libs
  • 0.001 maldun_anomaly_write_exe_and_dll_under_winroot_run
  • 0.001 exec_crash
  • 0.001 disables_wfp
  • 0.001 nymaim_behavior
  • 0.001 h1n1_behavior
  • 0.001 sniffer_winpcap
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_vmware_files
  • 0.001 banker_cridex
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 codelux_behavior
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 malicous_targeted_flame
  • 0.001 network_tor_service

Reporting ( 1.573 seconds )

  • 1.035 ReportHTMLSummary
  • 0.538 Malheur
Task ID 513040
Mongo ID 5e4c50a52f8f2e0df76c6c1a
Cuckoo release 1.4-Maldun