比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2020-02-19 09:12:11 2020-02-19 09:13:58 107 秒

魔盾分数

10.0

Malicious病毒

文件详细信息

文件名 HoneyMiner.bin
文件大小 891392 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 7d94ad31b5a080029bf0906c0cce5d49
SHA1 db59548d1f548a380d2a96926c8d1833b323536f
SHA256 75acd0d8914dfc5baeac76867bd07f27b90d3fd0378fbbe4f2a41cab5cd1bc79
SHA512 6147a1655521f81084441ca6061634da9ba4ef9f23178d92ad2d1fddd63c9dbe89a5164a7d9a6a6e82f5932bcd9a4f1e87bb6ff4cb2cd7f01be87547dde79c5c
CRC32 10016FA0
Ssdeep 24576:QAHnh+eWsN3skA4RV1Hom2KXMmHa2fz5:Hh+ZkldoPK8Ya2N
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
dl.dropbox.com A 67.228.221.221

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0042800a
声明校验值 0x000dda04
实际校验值 0x000de17b
最低操作系统版本要求 5.1
编译时间 2020-02-19 02:07:23
载入哈希 afcdf79be1557326c854b6e20cb900a7

版本信息

Translation

微软证书验证 (Sign Tool)

SHA1 时间戳 有效性 错误
None Thu Jan 30 02:46:47 2020
WinVerifyTrust returned error 0x80096010
证书链 Certificate Chain 1
发行给 DigiCert Assured ID Root CA
发行人 DigiCert Assured ID Root CA
有效期 Mon Nov 10 080000 2031
SHA1 哈希 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43
证书链 Certificate Chain 2
发行给 DigiCert SHA2 Assured ID Code Signing CA
发行人 DigiCert Assured ID Root CA
有效期 Sun Oct 22 200000 2028
SHA1 哈希 92c1588e85af2201ce7915e8538b492f605b80c6
证书链 Certificate Chain 3
发行给 GitHub, Inc.
发行人 DigiCert SHA2 Assured ID Code Signing CA
有效期 Tue Feb 08 200000 2022
SHA1 哈希 fb713a60a7fa79dfc03cb301ca05d4e8c1bdd431
证书链 Timestamp Chain 1
发行给 DigiCert Assured ID Root CA
发行人 DigiCert Assured ID Root CA
有效期 Mon Nov 10 080000 2031
SHA1 哈希 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43
证书链 Timestamp Chain 2
发行给 DigiCert SHA2 Assured ID Timestamping CA
发行人 DigiCert Assured ID Root CA
有效期 Tue Jan 07 200000 2031
SHA1 哈希 3ba63a6e4841355772debef9cdcf4d5af353a297
证书链 Timestamp Chain 3
发行给 TIMESTAMP-SHA256-2019-10-15
发行人 DigiCert SHA2 Assured ID Timestamping CA
有效期 Thu Oct 17 080000 2030
SHA1 哈希 0325bd505eda96302dc22f4fa01e4c28be2834c5

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0008dfdd 0x0008e000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.68
.rdata 0x0008f000 0x0002fd8e 0x0002fe00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.76
.data 0x000bf000 0x00008f74 0x00005200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 1.20
.rsrc 0x000c8000 0x0000d6f3 0x0000d800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.57
.reloc 0x000d6000 0x00007134 0x00007200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 6.78

导入

库: WSOCK32.dll:
0x48f7c8 WSACleanup
0x48f7cc socket
0x48f7d0 inet_ntoa
0x48f7d4 setsockopt
0x48f7d8 ntohs
0x48f7dc recvfrom
0x48f7e0 ioctlsocket
0x48f7e4 htons
0x48f7e8 WSAStartup
0x48f7ec __WSAFDIsSet
0x48f7f0 select
0x48f7f4 accept
0x48f7f8 listen
0x48f7fc bind
0x48f800 closesocket
0x48f804 WSAGetLastError
0x48f808 recv
0x48f80c sendto
0x48f810 send
0x48f814 inet_addr
0x48f818 gethostbyname
0x48f81c gethostname
0x48f820 connect
库: VERSION.dll:
0x48f76c GetFileVersionInfoW
0x48f774 VerQueryValueW
库: WINMM.dll:
0x48f7b8 timeGetTime
0x48f7bc waveOutSetVolume
0x48f7c0 mciSendStringW
库: COMCTL32.dll:
0x48f08c ImageList_Destroy
0x48f090 ImageList_Remove
0x48f098 ImageList_BeginDrag
0x48f09c ImageList_DragEnter
0x48f0a0 ImageList_DragLeave
0x48f0a4 ImageList_EndDrag
0x48f0a8 ImageList_DragMove
0x48f0b0 ImageList_Create
库: MPR.dll:
0x48f3f8 WNetUseConnectionW
0x48f400 WNetGetConnectionW
0x48f404 WNetAddConnection2W
库: WININET.dll:
0x48f780 InternetCloseHandle
0x48f784 InternetOpenW
0x48f788 InternetSetOptionW
0x48f78c InternetCrackUrlW
0x48f790 HttpQueryInfoW
0x48f798 HttpOpenRequestW
0x48f79c HttpSendRequestW
0x48f7a0 FtpOpenFileW
0x48f7a4 FtpGetFileSize
0x48f7a8 InternetOpenUrlW
0x48f7ac InternetReadFile
0x48f7b0 InternetConnectW
库: PSAPI.DLL:
库: IPHLPAPI.DLL:
0x48f154 IcmpCreateFile
0x48f158 IcmpCloseHandle
0x48f15c IcmpSendEcho
库: USERENV.dll:
0x48f754 UnloadUserProfile
0x48f75c LoadUserProfileW
库: UxTheme.dll:
0x48f764 IsThemeActive
库: KERNEL32.dll:
0x48f164 DuplicateHandle
0x48f168 CreateThread
0x48f16c WaitForSingleObject
0x48f170 HeapAlloc
0x48f174 GetProcessHeap
0x48f178 HeapFree
0x48f17c Sleep
0x48f180 GetCurrentThreadId
0x48f184 MultiByteToWideChar
0x48f188 MulDiv
0x48f18c GetVersionExW
0x48f190 IsWow64Process
0x48f194 GetSystemInfo
0x48f198 FreeLibrary
0x48f19c LoadLibraryA
0x48f1a0 GetProcAddress
0x48f1a4 SetErrorMode
0x48f1a8 GetModuleFileNameW
0x48f1ac WideCharToMultiByte
0x48f1b0 lstrcpyW
0x48f1b4 lstrlenW
0x48f1b8 GetModuleHandleW
0x48f1c0 VirtualFreeEx
0x48f1c4 OpenProcess
0x48f1c8 VirtualAllocEx
0x48f1cc WriteProcessMemory
0x48f1d0 ReadProcessMemory
0x48f1d4 CreateFileW
0x48f1d8 SetFilePointerEx
0x48f1dc SetEndOfFile
0x48f1e0 ReadFile
0x48f1e4 WriteFile
0x48f1e8 FlushFileBuffers
0x48f1ec TerminateProcess
0x48f1f4 Process32FirstW
0x48f1f8 Process32NextW
0x48f1fc SetFileTime
0x48f200 GetFileAttributesW
0x48f204 FindFirstFileW
0x48f20c GetLongPathNameW
0x48f210 GetShortPathNameW
0x48f214 DeleteFileW
0x48f218 FindNextFileW
0x48f21c CopyFileExW
0x48f220 MoveFileW
0x48f224 CreateDirectoryW
0x48f228 RemoveDirectoryW
0x48f22c SetSystemPowerState
0x48f234 FindResourceW
0x48f238 LoadResource
0x48f23c LockResource
0x48f240 SizeofResource
0x48f244 EnumResourceNamesW
0x48f248 OutputDebugStringW
0x48f24c GetTempPathW
0x48f250 GetTempFileNameW
0x48f254 DeviceIoControl
0x48f258 GetLocalTime
0x48f25c CompareStringW
0x48f260 GetCurrentProcess
0x48f26c GetStdHandle
0x48f270 CreatePipe
0x48f274 InterlockedExchange
0x48f278 TerminateThread
0x48f27c LoadLibraryExW
0x48f280 FindResourceExW
0x48f284 CopyFileW
0x48f288 VirtualFree
0x48f28c FormatMessageW
0x48f290 GetExitCodeProcess
0x48f2b8 GetDriveTypeW
0x48f2bc GetDiskFreeSpaceExW
0x48f2c0 GetDiskFreeSpaceW
0x48f2c8 SetVolumeLabelW
0x48f2cc CreateHardLinkW
0x48f2d0 SetFileAttributesW
0x48f2d4 CreateEventW
0x48f2d8 SetEvent
0x48f2e4 GlobalLock
0x48f2e8 GlobalUnlock
0x48f2ec GlobalAlloc
0x48f2f0 GetFileSize
0x48f2f4 GlobalFree
0x48f2fc Beep
0x48f300 GetSystemDirectoryW
0x48f304 HeapReAlloc
0x48f308 HeapSize
0x48f30c GetComputerNameW
0x48f314 GetCurrentProcessId
0x48f31c CreateProcessW
0x48f320 GetProcessId
0x48f324 SetPriorityClass
0x48f328 LoadLibraryW
0x48f32c VirtualAlloc
0x48f330 IsDebuggerPresent
0x48f338 lstrcmpiW
0x48f33c DecodePointer
0x48f340 GetLastError
0x48f344 RaiseException
0x48f358 GetCurrentThread
0x48f35c CloseHandle
0x48f360 GetFullPathNameW
0x48f364 EncodePointer
0x48f368 ExitProcess
0x48f36c GetModuleHandleExW
0x48f370 ExitThread
0x48f378 ResumeThread
0x48f37c GetCommandLineW
0x48f384 IsValidCodePage
0x48f388 GetACP
0x48f38c GetOEMCP
0x48f390 GetCPInfo
0x48f394 SetLastError
0x48f3a0 TlsAlloc
0x48f3a4 TlsGetValue
0x48f3a8 TlsSetValue
0x48f3ac TlsFree
0x48f3b0 GetStartupInfoW
0x48f3b4 GetStringTypeW
0x48f3b8 SetStdHandle
0x48f3bc GetFileType
0x48f3c0 GetConsoleCP
0x48f3c4 GetConsoleMode
0x48f3c8 RtlUnwind
0x48f3cc ReadConsoleW
0x48f3d4 GetDateFormatW
0x48f3d8 GetTimeFormatW
0x48f3dc LCMapStringW
0x48f3e8 WriteConsoleW
0x48f3ec FindClose
库: USER32.dll:
0x48f4cc AdjustWindowRectEx
0x48f4d0 CopyImage
0x48f4d4 SetWindowPos
0x48f4d8 GetCursorInfo
0x48f4dc RegisterHotKey
0x48f4e0 ClientToScreen
0x48f4e8 IsCharAlphaW
0x48f4ec IsCharAlphaNumericW
0x48f4f0 IsCharLowerW
0x48f4f4 IsCharUpperW
0x48f4f8 GetMenuStringW
0x48f4fc GetSubMenu
0x48f500 GetCaretPos
0x48f504 IsZoomed
0x48f508 MonitorFromPoint
0x48f50c GetMonitorInfoW
0x48f510 SetWindowLongW
0x48f518 FlashWindow
0x48f51c GetClassLongW
0x48f524 IsDialogMessageW
0x48f528 GetSysColor
0x48f52c InflateRect
0x48f530 DrawFocusRect
0x48f534 DrawTextW
0x48f538 FrameRect
0x48f53c DrawFrameControl
0x48f540 FillRect
0x48f544 PtInRect
0x48f550 SetCursor
0x48f554 GetWindowDC
0x48f558 GetSystemMetrics
0x48f55c GetActiveWindow
0x48f560 CharNextW
0x48f564 wsprintfW
0x48f568 RedrawWindow
0x48f56c DrawMenuBar
0x48f570 DestroyMenu
0x48f574 SetMenu
0x48f57c CreateMenu
0x48f580 IsDlgButtonChecked
0x48f584 DefDlgProcW
0x48f588 CallWindowProcW
0x48f58c ReleaseCapture
0x48f590 SetCapture
0x48f598 mouse_event
0x48f59c ExitWindowsEx
0x48f5a0 SetActiveWindow
0x48f5a4 FindWindowExW
0x48f5a8 EnumThreadWindows
0x48f5ac SetMenuDefaultItem
0x48f5b0 InsertMenuItemW
0x48f5b4 IsMenu
0x48f5b8 TrackPopupMenuEx
0x48f5bc GetCursorPos
0x48f5c0 DeleteMenu
0x48f5c4 SetRect
0x48f5c8 GetMenuItemID
0x48f5cc GetMenuItemCount
0x48f5d0 SetMenuItemInfoW
0x48f5d4 GetMenuItemInfoW
0x48f5d8 SetForegroundWindow
0x48f5dc IsIconic
0x48f5e0 FindWindowW
0x48f5e4 MonitorFromRect
0x48f5e8 keybd_event
0x48f5ec SendInput
0x48f5f0 GetAsyncKeyState
0x48f5f4 SetKeyboardState
0x48f5f8 GetKeyboardState
0x48f5fc GetKeyState
0x48f600 VkKeyScanW
0x48f604 LoadStringW
0x48f608 DialogBoxParamW
0x48f60c MessageBeep
0x48f610 EndDialog
0x48f614 SendDlgItemMessageW
0x48f618 GetDlgItem
0x48f61c SetWindowTextW
0x48f620 CopyRect
0x48f624 ReleaseDC
0x48f628 GetDC
0x48f62c EndPaint
0x48f630 BeginPaint
0x48f634 GetClientRect
0x48f638 GetMenu
0x48f63c DestroyWindow
0x48f640 EnumWindows
0x48f644 GetDesktopWindow
0x48f648 IsWindow
0x48f64c IsWindowEnabled
0x48f650 IsWindowVisible
0x48f654 EnableWindow
0x48f658 InvalidateRect
0x48f65c GetWindowLongW
0x48f664 AttachThreadInput
0x48f668 GetFocus
0x48f66c GetWindowTextW
0x48f670 ScreenToClient
0x48f674 SendMessageTimeoutW
0x48f678 EnumChildWindows
0x48f67c CharUpperBuffW
0x48f680 GetParent
0x48f684 GetDlgCtrlID
0x48f688 SendMessageW
0x48f68c MapVirtualKeyW
0x48f690 PostMessageW
0x48f694 GetWindowRect
0x48f69c CloseDesktop
0x48f6a0 CloseWindowStation
0x48f6a4 OpenDesktopW
0x48f6b0 OpenWindowStationW
0x48f6b8 MessageBoxW
0x48f6bc DefWindowProcW
0x48f6c0 SetClipboardData
0x48f6c4 EmptyClipboard
0x48f6cc CloseClipboard
0x48f6d0 GetClipboardData
0x48f6d8 OpenClipboard
0x48f6dc BlockInput
0x48f6e0 GetMessageW
0x48f6e4 LockWindowUpdate
0x48f6e8 DispatchMessageW
0x48f6ec TranslateMessage
0x48f6f0 PeekMessageW
0x48f6f4 UnregisterHotKey
0x48f6f8 CheckMenuRadioItem
0x48f6fc CharLowerBuffW
0x48f700 MoveWindow
0x48f704 SetFocus
0x48f708 PostQuitMessage
0x48f70c KillTimer
0x48f710 CreatePopupMenu
0x48f718 SetTimer
0x48f71c ShowWindow
0x48f720 CreateWindowExW
0x48f724 RegisterClassExW
0x48f728 LoadIconW
0x48f72c LoadCursorW
0x48f730 GetSysColorBrush
0x48f734 GetForegroundWindow
0x48f738 MessageBoxA
0x48f73c DestroyIcon
0x48f744 LoadImageW
0x48f748 GetClassNameW
库: GDI32.dll:
0x48f0c4 StrokePath
0x48f0c8 DeleteObject
0x48f0d0 ExtCreatePen
0x48f0d4 GetDeviceCaps
0x48f0d8 EndPath
0x48f0dc SetPixel
0x48f0e0 CloseFigure
0x48f0e8 CreateCompatibleDC
0x48f0ec SelectObject
0x48f0f0 StretchBlt
0x48f0f4 GetDIBits
0x48f0f8 LineTo
0x48f0fc AngleArc
0x48f100 MoveToEx
0x48f104 Ellipse
0x48f108 DeleteDC
0x48f10c GetPixel
0x48f110 CreateDCW
0x48f114 GetStockObject
0x48f118 GetTextFaceW
0x48f11c CreateFontW
0x48f120 SetTextColor
0x48f124 PolyDraw
0x48f128 BeginPath
0x48f12c Rectangle
0x48f130 SetViewportOrgEx
0x48f134 GetObjectW
0x48f138 SetBkMode
0x48f13c RoundRect
0x48f140 SetBkColor
0x48f144 CreatePen
0x48f148 CreateSolidBrush
0x48f14c StrokeAndFillPath
库: COMDLG32.dll:
0x48f0b8 GetOpenFileNameW
0x48f0bc GetSaveFileNameW
库: ADVAPI32.dll:
0x48f000 GetAce
0x48f004 RegEnumValueW
0x48f008 RegDeleteValueW
0x48f00c RegDeleteKeyW
0x48f010 RegEnumKeyExW
0x48f014 RegSetValueExW
0x48f018 RegOpenKeyExW
0x48f01c RegCloseKey
0x48f020 RegQueryValueExW
0x48f024 RegConnectRegistryW
0x48f02c InitializeAcl
0x48f034 OpenThreadToken
0x48f038 OpenProcessToken
0x48f040 DuplicateTokenEx
0x48f04c GetLengthSid
0x48f050 CopySid
0x48f054 LogonUserW
0x48f060 RegCreateKeyExW
0x48f064 FreeSid
0x48f068 GetTokenInformation
0x48f070 GetAclInformation
0x48f074 AddAce
0x48f07c GetUserNameW
库: SHELL32.dll:
0x48f48c DragQueryPoint
0x48f490 ShellExecuteExW
0x48f494 DragQueryFileW
0x48f498 SHEmptyRecycleBinW
0x48f4a0 SHBrowseForFolderW
0x48f4a4 SHCreateShellItem
0x48f4a8 SHGetDesktopFolder
0x48f4b0 SHGetFolderPathW
0x48f4b4 SHFileOperationW
0x48f4b8 ExtractIconExW
0x48f4bc Shell_NotifyIconW
0x48f4c0 ShellExecuteW
0x48f4c4 DragFinish
库: ole32.dll:
0x48f828 CoTaskMemAlloc
0x48f82c CoTaskMemFree
0x48f830 CLSIDFromString
0x48f834 ProgIDFromCLSID
0x48f838 CLSIDFromProgID
0x48f840 MkParseDisplayName
0x48f848 CoCreateInstance
0x48f84c IIDFromString
0x48f850 StringFromGUID2
0x48f858 OleInitialize
0x48f85c OleUninitialize
0x48f860 CoInitialize
0x48f864 CoUninitialize
0x48f870 CoGetObject
0x48f874 CoSetProxyBlanket
0x48f878 CoCreateInstanceEx
库: OLEAUT32.dll:
0x48f40c LoadTypeLibEx
0x48f410 VariantCopyInd
0x48f414 SysReAllocString
0x48f418 SysFreeString
0x48f428 SafeArrayAccessData
0x48f42c SafeArrayAllocData
0x48f438 RegisterTypeLib
0x48f43c CreateStdDispatch
0x48f440 DispCallFunc
0x48f444 VariantChangeType
0x48f448 SysStringLen
0x48f450 VarR8FromDec
0x48f454 SafeArrayGetVartype
0x48f458 VariantCopy
0x48f45c VariantClear
0x48f460 OleLoadPicture
0x48f470 UnRegisterTypeLib
0x48f474 CreateDispTypeInfo
0x48f478 SysAllocString
0x48f47c VariantInit
.text
`.rdata
@.data
.rsrc
@.reloc
9=thL
;=$tL
(SVWh
rCSVWj
,SVWh
Whvw@
D$<DtL
D$`DtL
D$8DtL
D$`DtL
;5htL
;=htL
D$$PVj
D$(PVj
D$d|)I
D$p$*I
!"#$%%%%%%&&'()*+%%%%%%&&'()*+,,,,,,--./012RRRRRRRRRRRR3345566789::::;<=<=>?>@ABC>@ABCRRRRRDEFGHIJKLMNO
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav W32.AIDetectVM.malware2 20200217
MicroWorld-eScan 未发现病毒 20200217
CMC 未发现病毒 20190321
CAT-QuickHeal 未发现病毒 20200217
McAfee 未发现病毒 20200217
Cylance 未发现病毒 20200219
VIPRE 未发现病毒 20200217
SUPERAntiSpyware 未发现病毒 20200214
Sangfor 未发现病毒 20200212
CrowdStrike 未发现病毒 20190702
Alibaba 未发现病毒 20190527
K7GW 未发现病毒 20200217
K7AntiVirus 未发现病毒 20200217
Arcabit 未发现病毒 20200217
Invincea 未发现病毒 20191211
Baidu 未发现病毒 20190318
F-Prot 未发现病毒 20200217
Symantec 未发现病毒 20200217
ESET-NOD32 未发现病毒 20200217
APEX Malicious 20200216
Avast Win32:Malware-gen 20200217
ClamAV 未发现病毒 20200216
Kaspersky 未发现病毒 20200217
BitDefender 未发现病毒 20200217
NANO-Antivirus 未发现病毒 20200217
Paloalto 未发现病毒 20200219
AegisLab 未发现病毒 20200217
Tencent 未发现病毒 20200219
Ad-Aware 未发现病毒 20200217
Sophos 未发现病毒 20200217
Comodo 未发现病毒 20200217
F-Secure 未发现病毒 20200217
DrWeb 未发现病毒 20200217
Zillya 未发现病毒 20200217
TrendMicro 未发现病毒 20200217
McAfee-GW-Edition 未发现病毒 20200217
Fortinet 未发现病毒 20200217
Trapmine suspicious.low.ml.score 20200123
FireEye Generic.mg.7d94ad31b5a08002 20200217
Emsisoft 未发现病毒 20200217
SentinelOne 未发现病毒 20191218
Cyren 未发现病毒 20200217
Jiangmin 未发现病毒 20200217
Webroot 未发现病毒 20200219
Avira 未发现病毒 20200217
MAX 未发现病毒 20200219
Antiy-AVL 未发现病毒 20200217
Kingsoft 未发现病毒 20200219
Endgame malicious (high confidence) 20200131
Microsoft 未发现病毒 20200217
ViRobot 未发现病毒 20200217
ZoneAlarm 未发现病毒 20200217
Avast-Mobile 未发现病毒 20200213
AhnLab-V3 未发现病毒 20200217
Acronis 未发现病毒 20200217
BitDefenderTheta 未发现病毒 20200211
ALYac 未发现病毒 20200217
TACHYON 未发现病毒 20200217
VBA32 未发现病毒 20200217
Zoner 未发现病毒 20200217
TrendMicro-HouseCall 未发现病毒 20200217
Rising 未发现病毒 20200217
Yandex Trojan.AvsArher.bS970C 20200217
Ikarus Trojan-Spy.HawkEye 20200217
eGambit PE.Heur.InvalidSig 20200219
GData 未发现病毒 20200217
MaxSecure Trojan.Malware.300983.susgen 20200215
AVG Win32:Malware-gen 20200217
Cybereason malicious.d1f548 20190616
Panda 未发现病毒 20200217
Qihoo-360 HEUR/QVM10.1.5763.Malware.Gen 20200219

进程树

HoneyMiner.bin, PID: 2748, 上一级进程 PID: 2332
powershell.exe, PID: 2880, 上一级进程 PID: 2748
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 64912 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
dl.dropbox.com A 67.228.221.221

TCP

无TCP连接纪录.

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 64912 192.168.122.1 53

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 27.787 seconds )

  • 15.641 Suricata
  • 5.559 Static
  • 2.494 BehaviorAnalysis
  • 1.528 NetworkAnalysis
  • 1.432 VirusTotal
  • 0.58 TargetInfo
  • 0.467 peid
  • 0.065 AnalysisInfo
  • 0.015 Strings
  • 0.003 Memory
  • 0.003 config_decoder

Signatures ( 1.639 seconds )

  • 0.333 antiav_detectreg
  • 0.127 infostealer_ftp
  • 0.12 api_spamming
  • 0.098 stealth_timeout
  • 0.092 stealth_decoy_document
  • 0.072 infostealer_im
  • 0.07 antianalysis_detectreg
  • 0.042 infostealer_mail
  • 0.039 antiav_detectfile
  • 0.03 antivm_generic_scsi
  • 0.027 infostealer_bitcoin
  • 0.02 mimics_filetime
  • 0.02 md_domain_bl
  • 0.019 reads_self
  • 0.019 md_url_bl
  • 0.018 kibex_behavior
  • 0.018 virus
  • 0.017 stealth_file
  • 0.017 antivm_generic_disk
  • 0.017 antivm_parallels_keys
  • 0.017 antivm_xen_keys
  • 0.017 darkcomet_regkeys
  • 0.016 bootkit
  • 0.016 antivm_vbox_files
  • 0.015 betabot_behavior
  • 0.015 geodo_banking_trojan
  • 0.014 recon_fingerprint
  • 0.013 antivm_generic_services
  • 0.012 antivm_generic_diskreg
  • 0.011 anormaly_invoke_kills
  • 0.01 hancitor_behavior
  • 0.01 antisandbox_productid
  • 0.009 anomaly_persistence_autorun
  • 0.008 infostealer_browser_password
  • 0.008 kovter_behavior
  • 0.007 antiemu_wine_func
  • 0.007 maldun_anomaly_massive_file_ops
  • 0.007 injection_createremotethread
  • 0.007 antidbg_devices
  • 0.007 packer_armadillo_regkey
  • 0.007 ransomware_extensions
  • 0.007 ransomware_files
  • 0.006 bypass_firewall
  • 0.006 antivm_vbox_keys
  • 0.006 antivm_vmware_keys
  • 0.005 antivm_vbox_libs
  • 0.005 shifu_behavior
  • 0.005 injection_runpe
  • 0.005 antivm_generic_bios
  • 0.005 antivm_generic_system
  • 0.005 antivm_xen_keys
  • 0.005 antivm_hyperv_keys
  • 0.005 antivm_vbox_acpi
  • 0.005 antivm_vpc_keys
  • 0.005 maldun_anormaly_invoke_vb_vba
  • 0.005 rat_pcclient
  • 0.005 recon_programs
  • 0.004 network_tor
  • 0.004 dyre_behavior
  • 0.004 antivm_generic_cpu
  • 0.004 disables_browser_warn
  • 0.004 network_torgateway
  • 0.003 tinba_behavior
  • 0.003 hawkeye_behavior
  • 0.003 rat_nanocore
  • 0.003 Locky_behavior
  • 0.003 kazybot_behavior
  • 0.003 antisandbox_sunbelt_libs
  • 0.003 antivm_vmware_files
  • 0.003 codelux_behavior
  • 0.002 antiav_avast_libs
  • 0.002 infostealer_browser
  • 0.002 maldun_malicious_write_executeable_under_temp_to_regrun
  • 0.002 dridex_behavior
  • 0.002 rat_luminosity
  • 0.002 maldun_anomaly_write_exe_and_obsfucate_extension
  • 0.002 antisandbox_sboxie_libs
  • 0.002 antiav_bitdefender_libs
  • 0.002 maldun_anomaly_write_exe_and_dll_under_winroot_run
  • 0.002 exec_crash
  • 0.002 encrypted_ioc
  • 0.002 cerber_behavior
  • 0.002 sniffer_winpcap
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.002 network_tor_service
  • 0.001 anomaly_persistence_bootexecute
  • 0.001 antivm_vmware_libs
  • 0.001 anomaly_reset_winsock
  • 0.001 injection_explorer
  • 0.001 creates_largekey
  • 0.001 ursnif_behavior
  • 0.001 creates_nullvalue
  • 0.001 antidbg_windows
  • 0.001 ispy_behavior
  • 0.001 h1n1_behavior
  • 0.001 cryptowall_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antisandbox_sunbelt_files
  • 0.001 antivm_vpc_files
  • 0.001 antiemu_wine_reg
  • 0.001 banker_cridex
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 malicous_targeted_flame
  • 0.001 maldun_network_blacklist
  • 0.001 office_security
  • 0.001 rat_spynet
  • 0.001 stealth_modify_uac_prompt

Reporting ( 1.256 seconds )

  • 0.93 ReportHTMLSummary
  • 0.326 Malheur
Task ID 513082
Mongo ID 5e4c8c082f8f2e0df26c719c
Cuckoo release 1.4-Maldun