比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2020-02-19 12:39:48 2020-02-19 12:40:34 46 秒

魔盾分数

3.15

可疑的

文件详细信息

文件名 TenBount.dll
文件大小 876544 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 e571c94a8db9ef3ce730830f4e8b4cfa
SHA1 a924a16f59d2134b2fea98e9438d11b731aacb1e
SHA256 40f64a840bb74e6db96c4199302b656b8d6f8cec8ee85f19d998702d12bafdfd
SHA512 550410fef165ffc03ffd28c00dc9eaee231cfe2b9d6bafa957167d852f70dbe2c5314de1a5c14b8528f5d787168df3cd1badfb36612b4245310e91d81da9fcd5
CRC32 ED544E27
Ssdeep 12288:Qovb393FLXN0Iuf2zHtZlDUuiEQGUNe66pY:Jvb391XSIq25PUulQrNP6K
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x10000000
入口地址 0x100755c8
声明校验值 0x00000000
实际校验值 0x000e2441
最低操作系统版本要求 4.0
编译时间 2020-02-18 22:18:52
载入哈希 a051c53b883457f122411f8824512c3b
导出DLL库名称 \x38\x31\x31\x36\x31\x31\x31\x31\x34\x31\x31\x31

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PEiD 规则

[u'Armadillo v1.xx - v2.xx']

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00093222 0x00094000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.55
.rdata 0x00095000 0x00013fc6 0x00014000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.97
.data 0x000a9000 0x0003716e 0x00012000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.18
.rsrc 0x000e1000 0x00005958 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.82
.reloc 0x000e7000 0x0001474e 0x00015000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 3.31

导入

库: WINMM.dll:
0x10095608 midiOutReset
0x1009560c midiStreamRestart
0x10095610 waveOutUnprepareHeader
0x10095614 waveOutPrepareHeader
0x10095618 waveOutWrite
0x1009561c waveOutPause
0x10095620 waveOutReset
0x10095624 waveOutClose
0x10095628 midiStreamClose
0x1009562c midiStreamStop
0x10095630 midiStreamOut
0x10095634 midiOutPrepareHeader
0x10095638 midiStreamProperty
0x1009563c midiStreamOpen
0x10095640 midiOutUnprepareHeader
0x10095644 waveOutOpen
0x10095648 waveOutGetNumDevs
库: WS2_32.dll:
0x10095660 inet_ntoa
0x10095664 WSACleanup
0x10095668 closesocket
0x1009566c WSAAsyncSelect
0x10095670 recvfrom
0x10095674 ioctlsocket
0x10095678 recv
0x1009567c getpeername
0x10095680 accept
库: KERNEL32.dll:
0x10095170 GetFileSize
0x10095174 TerminateProcess
0x10095178 SetLastError
0x1009517c GetTimeZoneInformation
0x10095180 GetVersion
0x10095184 SetFilePointer
0x10095188 TerminateThread
0x1009518c GetCurrentProcess
0x10095190 GetWindowsDirectoryA
0x10095194 GetSystemDirectoryA
0x10095198 CreateSemaphoreA
0x1009519c InterlockedExchange
0x100951a0 SetStdHandle
0x100951a4 IsBadCodePtr
0x100951a8 IsBadReadPtr
0x100951ac CompareStringW
0x100951b0 CompareStringA
0x100951b4 GetStringTypeW
0x100951b8 GetStringTypeA
0x100951c0 IsBadWritePtr
0x100951c4 ResumeThread
0x100951c8 LCMapStringW
0x100951cc LCMapStringA
0x100951d4 VirtualFree
0x100951d8 HeapCreate
0x100951dc HeapDestroy
0x100951e4 GetEnvironmentStringsW
0x100951e8 GetEnvironmentStrings
0x100951f4 GetStartupInfoA
0x100951f8 GetFileType
0x100951fc GetStdHandle
0x10095200 SetHandleCount
0x10095204 GetACP
0x10095208 HeapSize
0x1009520c RaiseException
0x10095210 GetLocalTime
0x10095214 GetSystemTime
0x10095218 RtlUnwind
0x1009521c GetOEMCP
0x10095220 GetCPInfo
0x10095224 GetProcessVersion
0x10095228 SetErrorMode
0x1009522c GlobalFlags
0x10095230 GetCurrentThread
0x10095234 GetFileTime
0x10095238 TlsGetValue
0x1009523c LocalReAlloc
0x10095240 TlsSetValue
0x10095244 TlsFree
0x10095248 GlobalHandle
0x1009524c TlsAlloc
0x10095250 LocalAlloc
0x10095254 lstrcmpA
0x10095258 GlobalGetAtomNameA
0x1009525c GlobalAddAtomA
0x10095260 GlobalFindAtomA
0x10095264 GlobalDeleteAtom
0x10095268 lstrcmpiA
0x1009526c SetEndOfFile
0x10095270 UnlockFile
0x10095274 LockFile
0x10095278 FlushFileBuffers
0x1009527c DuplicateHandle
0x10095280 lstrcpynA
0x10095288 FileTimeToSystemTime
0x1009528c LocalFree
0x10095290 InterlockedDecrement
0x10095294 InterlockedIncrement
0x10095298 ReleaseSemaphore
0x1009529c EnterCriticalSection
0x100952a0 LeaveCriticalSection
0x100952a4 GetProfileStringA
0x100952a8 WriteFile
0x100952ac VirtualAlloc
0x100952b0 CloseHandle
0x100952b4 WaitForSingleObject
0x100952b8 GetTickCount
0x100952bc GetCommandLineA
0x100952c0 MulDiv
0x100952c4 GetProcAddress
0x100952c8 GetModuleHandleA
0x100952cc GetVolumeInformationA
0x100952d0 SetCurrentDirectoryA
0x100952d4 GetFileAttributesA
0x100952d8 WaitForMultipleObjects
0x100952dc CreateFileA
0x100952e0 SetEvent
0x100952e4 FindResourceA
0x100952e8 LoadResource
0x100952ec LockResource
0x100952f0 ReadFile
0x100952f4 GetModuleFileNameA
0x100952f8 WideCharToMultiByte
0x100952fc MultiByteToWideChar
0x10095300 GetCurrentThreadId
0x10095304 ExitProcess
0x10095308 GlobalSize
0x1009530c GlobalFree
0x10095310 DeleteCriticalSection
0x10095318 lstrcatA
0x1009531c lstrlenA
0x10095320 WinExec
0x10095324 lstrcpyA
0x10095328 FindNextFileA
0x1009532c GlobalReAlloc
0x10095330 HeapFree
0x10095334 HeapReAlloc
0x10095338 GetProcessHeap
0x1009533c HeapAlloc
0x10095340 GetFullPathNameA
0x10095344 FreeLibrary
0x10095348 LoadLibraryA
0x1009534c GetLastError
0x10095350 GetVersionExA
0x1009535c CreateThread
0x10095360 CreateEventA
0x10095364 Sleep
0x10095368 GlobalAlloc
0x1009536c GlobalLock
0x10095370 GlobalUnlock
0x10095374 GetTempPathA
0x10095378 FindFirstFileA
0x1009537c FindClose
库: USER32.dll:
0x100953a4 SetClipboardData
0x100953a8 OpenClipboard
0x100953ac GetClipboardData
0x100953b0 CloseClipboard
0x100953b4 wsprintfA
0x100953b8 EmptyClipboard
0x100953bc GetSystemMetrics
0x100953c0 GetCursorPos
0x100953c4 GetSysColorBrush
0x100953c8 GetWindowTextA
0x100953cc GetDlgItem
0x100953d0 GetClassNameA
0x100953d4 GetDesktopWindow
0x100953d8 GetForegroundWindow
0x100953dc LoadIconA
0x100953e0 TranslateMessage
0x100953e4 DrawFrameControl
0x100953e8 DrawEdge
0x100953ec DrawFocusRect
0x100953f0 WindowFromPoint
0x100953f4 GetMessageA
0x100953f8 DispatchMessageA
0x100953fc SetRectEmpty
0x10095408 CreateIconFromResource
0x1009540c DrawIconEx
0x10095410 CreatePopupMenu
0x10095414 LoadStringA
0x10095418 UnregisterClassA
0x10095420 AppendMenuA
0x10095424 ModifyMenuA
0x10095428 CreateMenu
0x10095430 GetDlgCtrlID
0x10095434 GetSubMenu
0x10095438 EnableMenuItem
0x1009543c ClientToScreen
0x10095440 EnumDisplaySettingsA
0x10095444 LoadImageA
0x10095448 SystemParametersInfoA
0x1009544c ShowWindow
0x10095450 IsWindowEnabled
0x10095454 TranslateAcceleratorA
0x10095458 GetKeyState
0x1009545c CopyAcceleratorTableA
0x10095460 PostQuitMessage
0x10095464 IsZoomed
0x10095468 GetClassInfoA
0x1009546c DefWindowProcA
0x10095470 GetMenu
0x10095474 SetMenu
0x10095478 PeekMessageA
0x1009547c IsIconic
0x10095480 SetFocus
0x10095484 GetActiveWindow
0x10095488 GetWindow
0x10095490 SetWindowRgn
0x10095494 GetMessagePos
0x10095498 ScreenToClient
0x1009549c ChildWindowFromPointEx
0x100954a0 CopyRect
0x100954a4 LoadBitmapA
0x100954a8 WinHelpA
0x100954ac KillTimer
0x100954b0 SetTimer
0x100954b4 ReleaseCapture
0x100954b8 GetCapture
0x100954bc SetCapture
0x100954c0 GetScrollRange
0x100954c4 SetScrollRange
0x100954c8 SetScrollPos
0x100954cc SetRect
0x100954d0 InflateRect
0x100954d4 IntersectRect
0x100954d8 DestroyIcon
0x100954dc PtInRect
0x100954e0 OffsetRect
0x100954e4 IsWindowVisible
0x100954e8 EnableWindow
0x100954ec RedrawWindow
0x100954f0 GetWindowLongA
0x100954f4 SetWindowLongA
0x100954f8 GetSysColor
0x100954fc SetActiveWindow
0x10095500 SetCursorPos
0x10095504 LoadCursorA
0x10095508 SetCursor
0x1009550c GetDC
0x10095510 FillRect
0x10095514 IsRectEmpty
0x10095518 ReleaseDC
0x1009551c IsChild
0x10095520 DestroyMenu
0x10095524 SetForegroundWindow
0x10095528 GetWindowRect
0x1009552c EqualRect
0x10095530 UpdateWindow
0x10095534 ValidateRect
0x10095538 InvalidateRect
0x1009553c GetClientRect
0x10095540 GetFocus
0x10095544 GetParent
0x10095548 GetTopWindow
0x1009554c PostMessageA
0x10095550 IsWindow
0x10095554 SetParent
0x10095558 DestroyCursor
0x1009555c SendMessageA
0x10095560 SetWindowPos
0x10095564 MessageBoxA
0x10095568 GetMenuState
0x1009556c GetWindowTextLengthA
0x10095570 CharUpperA
0x10095574 GetWindowDC
0x10095578 BeginPaint
0x1009557c EndPaint
0x10095580 TabbedTextOutA
0x10095584 DrawTextA
0x10095588 GrayStringA
0x1009558c DestroyWindow
0x10095594 EndDialog
0x10095598 GetNextDlgTabItem
0x1009559c GetWindowPlacement
0x100955a0 RegisterWindowMessageA
0x100955a4 GetLastActivePopup
0x100955a8 GetMessageTime
0x100955ac RemovePropA
0x100955b0 CallWindowProcA
0x100955b4 GetPropA
0x100955b8 UnhookWindowsHookEx
0x100955bc SetPropA
0x100955c0 GetClassLongA
0x100955c4 CallNextHookEx
0x100955c8 SetWindowsHookExA
0x100955cc CreateWindowExA
0x100955d0 GetMenuItemID
0x100955d4 GetMenuItemCount
0x100955d8 RegisterClassA
0x100955dc GetScrollPos
0x100955e0 AdjustWindowRectEx
0x100955e4 MapWindowPoints
0x100955e8 SendDlgItemMessageA
0x100955ec ScrollWindowEx
0x100955f0 IsDialogMessageA
0x100955f4 SetWindowTextA
0x100955f8 MoveWindow
0x100955fc CheckMenuItem
0x10095600 SetMenuItemBitmaps
库: GDI32.dll:
0x10095024 ExtSelectClipRgn
0x10095028 LineTo
0x1009502c MoveToEx
0x10095030 ExcludeClipRect
0x10095034 GetClipBox
0x10095038 ScaleWindowExtEx
0x1009503c SetWindowExtEx
0x10095040 SetWindowOrgEx
0x10095044 ScaleViewportExtEx
0x10095048 GetViewportExtEx
0x1009504c SetBkColor
0x10095050 CreateRectRgnIndirect
0x10095054 SetStretchBltMode
0x10095058 GetClipRgn
0x1009505c CreatePolygonRgn
0x10095060 SelectClipRgn
0x10095064 CreateDIBitmap
0x1009506c CreatePalette
0x10095070 StretchBlt
0x10095074 SelectPalette
0x10095078 RealizePalette
0x1009507c GetDIBits
0x10095080 GetWindowExtEx
0x10095084 GetViewportOrgEx
0x10095088 GetWindowOrgEx
0x1009508c BeginPath
0x10095090 EndPath
0x10095094 PathToRegion
0x10095098 CreateEllipticRgn
0x1009509c CreateRoundRectRgn
0x100950a0 GetTextColor
0x100950a4 GetBkMode
0x100950a8 GetBkColor
0x100950ac GetROP2
0x100950b0 GetStretchBltMode
0x100950b4 GetPolyFillMode
0x100950b8 CreateCompatibleBitmap
0x100950bc CreateDCA
0x100950c0 CreateBitmap
0x100950c4 SelectObject
0x100950c8 GetObjectA
0x100950cc CreatePen
0x100950d0 PatBlt
0x100950d4 CombineRgn
0x100950d8 CreateRectRgn
0x100950dc FillRgn
0x100950e0 CreateSolidBrush
0x100950e4 GetStockObject
0x100950e8 CreateFontIndirectA
0x100950ec EndPage
0x100950f0 EndDoc
0x100950f4 DeleteDC
0x100950f8 StartDocA
0x100950fc StartPage
0x10095100 BitBlt
0x10095104 CreateCompatibleDC
0x10095108 Ellipse
0x1009510c Rectangle
0x10095110 LPtoDP
0x10095114 DPtoLP
0x10095118 GetCurrentObject
0x1009511c RoundRect
0x10095120 GetTextExtentPoint32A
0x10095124 GetDeviceCaps
0x10095128 PtVisible
0x1009512c RectVisible
0x10095130 TextOutA
0x10095134 ExtTextOutA
0x10095138 Escape
0x1009513c GetTextMetricsA
0x10095140 DeleteObject
0x10095144 SaveDC
0x10095148 RestoreDC
0x1009514c SetBkMode
0x10095150 SetPolyFillMode
0x10095154 SetROP2
0x10095158 SetTextColor
0x1009515c SetMapMode
0x10095160 SetViewportOrgEx
0x10095164 OffsetViewportOrgEx
0x10095168 SetViewportExtEx
库: WINSPOOL.DRV:
0x10095650 OpenPrinterA
0x10095654 DocumentPropertiesA
0x10095658 ClosePrinter
库: ADVAPI32.dll:
0x10095000 RegQueryValueA
0x10095004 RegSetValueExA
0x10095008 RegOpenKeyExA
0x1009500c RegCloseKey
0x10095010 RegCreateKeyExA
库: SHELL32.dll:
0x10095398 ShellExecuteA
0x1009539c Shell_NotifyIconA
库: ole32.dll:
0x1009569c OleInitialize
0x100956a0 OleUninitialize
0x100956a4 CLSIDFromString
库: OLEAUT32.dll:
0x10095384 UnRegisterTypeLib
0x10095388 RegisterTypeLib
0x1009538c LoadTypeLib
库: COMCTL32.dll:
0x10095018 ImageList_Destroy
0x1009501c None
库: comdlg32.dll:
0x10095688 GetFileTitleA
0x1009568c ChooseColorA
0x10095690 GetOpenFileNameA
0x10095694 GetSaveFileNameA

导出

序列 地址 名称
1 0x100186ed gumeng
.text
`.rdata
@.data
.rsrc
@.reloc
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
h@wKAh
8`}<j
T$th
没有防病毒引擎扫描信息!

进程树

rundll32.exe, PID: 2704, 上一级进程 PID: 2332
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 27.335 seconds )

  • 15.576 Suricata
  • 5.371 Static
  • 4.74 VirusTotal
  • 0.607 peid
  • 0.526 TargetInfo
  • 0.354 NetworkAnalysis
  • 0.078 BehaviorAnalysis
  • 0.063 AnalysisInfo
  • 0.014 Strings
  • 0.004 Memory
  • 0.002 config_decoder

Signatures ( 0.174 seconds )

  • 0.022 md_url_bl
  • 0.017 antiav_detectreg
  • 0.017 md_domain_bl
  • 0.009 antiav_detectfile
  • 0.009 infostealer_ftp
  • 0.008 ransomware_files
  • 0.007 anomaly_persistence_autorun
  • 0.007 ransomware_extensions
  • 0.006 infostealer_bitcoin
  • 0.005 infostealer_im
  • 0.004 antianalysis_detectreg
  • 0.004 antivm_vbox_files
  • 0.004 infostealer_mail
  • 0.003 tinba_behavior
  • 0.003 api_spamming
  • 0.003 disables_browser_warn
  • 0.002 stealth_decoy_document
  • 0.002 rat_nanocore
  • 0.002 cerber_behavior
  • 0.002 stealth_timeout
  • 0.002 geodo_banking_trojan
  • 0.002 bot_drive
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.001 network_tor
  • 0.001 mimics_filetime
  • 0.001 stealth_file
  • 0.001 betabot_behavior
  • 0.001 reads_self
  • 0.001 ursnif_behavior
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 antivm_generic_disk
  • 0.001 virus
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 office_security
  • 0.001 ransomware_radamant
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt
  • 0.001 stealth_modify_security_center_warnings

Reporting ( 1.151 seconds )

  • 0.826 ReportHTMLSummary
  • 0.325 Malheur
Task ID 513176
Mongo ID 5e4cbc632f8f2e0df16c6b2a
Cuckoo release 1.4-Maldun