比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2020-02-19 13:05:32 2020-02-19 13:07:54 142 秒

魔盾分数

10.0

Malicious病毒

文件详细信息

文件名 123.exe
文件大小 122880 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 2ce0b905b9e04f2fc1c5394875169d4d
SHA1 b1cd70b769b0fe6e54cfcec35d0c018dcf536d95
SHA256 79fed372ab21c4dde772d8e46eac557dc6865e918e3ce9714da65c79b234b079
SHA512 3e4d700e45068714cda9835b3930f443e7e5f892685c3aa28556fa159e2fea5b8670b6173e49f1a187e65d0531813e8df68df1470542a6f97eac89253156b286
CRC32 DDF78611
Ssdeep 1536:LOCODWJKa/8SNYBaPyvoL6dxHdjXuw/Khe9uDO6YQO1cW/UU6yH4VV:LNblN+aPyv71Xuw/iouDO6XWs5jV
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004082fc
声明校验值 0x0002db6c
实际校验值 0x0002db6c
最低操作系统版本要求 4.0
编译时间 2020-02-15 04:28:09
载入哈希 442463d652ec832136bd2a44dd4f7cf3

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
LegalTrademarks
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00007b6a 0x00008000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 4.84
.rdata 0x00009000 0x0000211e 0x00003000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.60
.data 0x0000c000 0x00000380 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 1.17
.rsrc 0x0000d000 0x000102f0 0x00011000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.17

导入

库: MFC42.DLL:
0x409024 None
0x409028 None
0x40902c None
0x409030 None
0x409034 None
0x409038 None
0x40903c None
0x409040 None
0x409044 None
0x409048 None
0x40904c None
0x409050 None
0x409054 None
0x409058 None
0x40905c None
0x409060 None
0x409064 None
0x409068 None
0x40906c None
0x409070 None
0x409074 None
0x409078 None
0x40907c None
0x409080 None
0x409084 None
0x409088 None
0x40908c None
0x409090 None
0x409094 None
0x409098 None
0x40909c None
0x4090a0 None
0x4090a4 None
0x4090a8 None
0x4090ac None
0x4090b0 None
0x4090b4 None
0x4090b8 None
0x4090bc None
0x4090c0 None
0x4090c4 None
0x4090c8 None
0x4090cc None
0x4090d0 None
0x4090d4 None
0x4090d8 None
0x4090dc None
0x4090e0 None
0x4090e4 None
0x4090e8 None
0x4090ec None
0x4090f0 None
0x4090f4 None
0x4090f8 None
0x4090fc None
0x409100 None
0x409104 None
0x409108 None
0x40910c None
0x409110 None
0x409114 None
0x409118 None
0x40911c None
0x409120 None
0x409124 None
0x409128 None
0x40912c None
0x409130 None
0x409134 None
0x409138 None
0x40913c None
0x409140 None
0x409144 None
0x409148 None
0x40914c None
0x409150 None
0x409154 None
0x409158 None
0x40915c None
0x409160 None
0x409164 None
0x409168 None
0x40916c None
0x409170 None
0x409174 None
0x409178 None
0x40917c None
0x409180 None
0x409184 None
0x409188 None
0x40918c None
0x409190 None
0x409194 None
0x409198 None
0x40919c None
0x4091a0 None
0x4091a4 None
0x4091a8 None
0x4091ac None
0x4091b0 None
0x4091b4 None
0x4091b8 None
0x4091bc None
0x4091c0 None
0x4091c4 None
0x4091c8 None
0x4091cc None
0x4091d0 None
0x4091d4 None
0x4091d8 None
0x4091dc None
0x4091e0 None
0x4091e4 None
0x4091e8 None
0x4091ec None
0x4091f0 None
0x4091f4 None
0x4091f8 None
0x4091fc None
0x409200 None
0x409204 None
0x409208 None
0x40920c None
0x409210 None
0x409214 None
0x409218 None
0x40921c None
0x409220 None
0x409224 None
0x409228 None
0x40922c None
0x409230 None
0x409234 None
0x409238 None
0x40923c None
0x409240 None
0x409244 None
0x409248 None
0x40924c None
0x409250 None
0x409254 None
0x409258 None
0x40925c None
0x409260 None
0x409264 None
0x409268 None
0x40926c None
0x409270 None
0x409274 None
0x409278 None
0x40927c None
0x409280 None
0x409284 None
0x409288 None
0x40928c None
0x409290 None
0x409294 None
0x409298 None
0x40929c None
0x4092a0 None
0x4092a4 None
0x4092a8 None
0x4092ac None
0x4092b0 None
0x4092b4 None
0x4092b8 None
0x4092bc None
0x4092c0 None
0x4092c4 None
0x4092c8 None
0x4092cc None
0x4092d0 None
0x4092d4 None
0x4092d8 None
0x4092dc None
0x4092e0 None
0x4092e4 None
0x4092e8 None
0x4092ec None
0x4092f0 None
0x4092f4 None
0x4092f8 None
0x4092fc None
0x409300 None
0x409304 None
0x409308 None
0x40930c None
0x409310 None
0x409314 None
0x409318 None
0x40931c None
0x409320 None
0x409324 None
0x409328 None
0x40932c None
0x409330 None
0x409334 None
0x409338 None
0x40933c None
0x409340 None
0x409344 None
0x409348 None
0x40934c None
0x409350 None
0x409354 None
0x409358 None
0x40935c None
0x409360 None
0x409364 None
0x409368 None
0x40936c None
0x409370 None
0x409374 None
0x409378 None
0x40937c None
0x409380 None
0x409384 None
0x409388 None
0x40938c None
0x409390 None
0x409394 None
0x409398 None
0x40939c None
0x4093a0 None
0x4093a4 None
0x4093a8 None
0x4093ac None
0x4093b0 None
0x4093b4 None
0x4093b8 None
0x4093bc None
0x4093c0 None
0x4093c4 None
0x4093c8 None
0x4093cc None
0x4093d0 None
0x4093d4 None
0x4093d8 None
0x4093dc None
0x4093e0 None
0x4093e4 None
0x4093e8 None
0x4093ec None
0x4093f0 None
0x4093f4 None
0x4093f8 None
0x4093fc None
0x409400 None
0x409404 None
0x409408 None
0x40940c None
0x409410 None
0x409414 None
0x409418 None
0x40941c None
0x409420 None
0x409424 None
库: MSVCRT.dll:
0x409440 _acmdln
0x409444 __getmainargs
0x409448 _initterm
0x40944c __setusermatherr
0x409450 _adjust_fdiv
0x409454 __p__commode
0x409458 __p__fmode
0x40945c __set_app_type
0x409460 _except_handler3
0x409464 exit
0x409468 _controlfp
0x40946c _mbscmp
0x409470 time
0x409474 srand
0x409478 rand
0x40947c atoi
0x409480 strlen
0x409484 memcpy
0x409488 _setmbcp
0x40948c _XcptFilter
0x409490 _exit
0x409494 _onexit
0x409498 __dllonexit
0x40949c __CxxFrameHandler
0x4094a0 _EH_prolog
0x4094a4 _mbsicmp
库: KERNEL32.dll:
0x409008 GetModuleHandleA
0x40900c GetStartupInfoA
0x409010 DeleteFileA
0x409014 ExitProcess
0x409018 GetProcAddress
0x40901c LoadLibraryW
库: USER32.dll:
0x4094ac IsWindowVisible
0x4094b0 SendMessageA
0x4094b4 UpdateWindow
0x4094b8 SetRectEmpty
0x4094bc EnableWindow
0x4094c0 IsWindow
库: GDI32.dll:
库: MSVCP60.dll:
.text
`.rdata
@.data
.rsrc
MFC42.DLL
__CxxFrameHandler
_EH_prolog
memcpy
strlen
srand
_mbscmp
_mbsicmp
MSVCRT.dll
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
GetProcAddress
LoadLibraryW
ExitProcess
DeleteFileA
GetModuleHandleA
GetStartupInfoA
KERNEL32.dll
EnableWindow
SetRectEmpty
UpdateWindow
SendMessageA
IsWindowVisible
IsWindow
USER32.dll
GetTextExtentPoint32A
GDI32.dll
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
MSVCP60.dll
_setmbcp
Edit Word
New Word
CryptAcquireContextA
APPLE
Peter Pearson
CDictionaryEditorDoc
CDictionaryEditorView
Ready
Exporting words
Export words
Text Files (*.txt)|*.txt|All Files (*.*)|*.*||
Importing words...
Import words
CMainFrame
CProgressBar
CSmartListView
SysListView32
`ShS8Zh
aB;?V\X
naBI@;K
//Hfmnj9/
/2HV!#]vzzpM%
MHSnvil0
Mv|wSdreW/
aO92522
^P<2%
sjS9+
EXAF2
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
wwwwwwwp
wwwwp
wwGtwDwwwwwtDDDDw
33330wp3
wwwww
wwtDtwGwp
wwwwwwww
p0wwww
wwwww
wwwwwww
wwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
|Eri6o$*XJY0qRTjZrGLEZo~QS2MG
ADVAPI32.DLL
KERNEL32.DLL
APPLE
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
FileDescription
These numbers are cumulative since Jan. 21 and include people with travel history to China
FileVersion
1, 0, 0, 1
InternalName
Two California cases and the Texas case are among evacuees from China
LegalCopyright
different times than the WHO
LegalTrademarks
OriginalFilename
n Wednesday, China reported far fewer cases of the novel coronavirus
ProductName
The spike is partly due to a broader definition
ProductVersion
1, 0, 0, 1
VarFileInfo
Translation
&File
Ctrl+N
Ctrl+O
Ctrl+S
Save &As...
&Import...
&Export...
Recent File
E&xit
&Edit
Ctrl+Z
Ctrl+X
Ctrl+C
Ctrl+V
&View
&Toolbar
&Status Bar
&Tools
&Trim
Lowercase
&Help
&About DictionaryEditor...
About DictionaryEditor
MS Sans Serif
DictionaryEditor Version 1.0
Copyright (C) 2001
Add Word
MS Sans Serif
Cancel
Dictio Document
Ready
Save As
Previous Pane
Split
Paste
Toggle StatusBar
Enlarge the window to full size"Switch to the next document window&Switch to the previous document window9Close the active window and prompts to save the documents
Activate Task List
Edit Word
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20200214
MicroWorld-eScan 未发现病毒 20200216
CMC 未发现病毒 20190321
CAT-QuickHeal 未发现病毒 20200216
Qihoo-360 未发现病毒 20200216
McAfee 未发现病毒 20200216
Cylance 未发现病毒 20200216
Zillya 未发现病毒 20200214
AegisLab 未发现病毒 20200216
Sangfor 未发现病毒 20200212
K7AntiVirus 未发现病毒 20200216
Alibaba 未发现病毒 20190527
K7GW 未发现病毒 20200216
CrowdStrike 未发现病毒 20190702
Arcabit 未发现病毒 20200216
TrendMicro 未发现病毒 20200216
BitDefenderTheta Gen:NN.ZexaF.34090.hq0@auXa98mi 20200211
Cyren 未发现病毒 20200216
ESET-NOD32 a variant of Win32/GenKryptik.EELO 20200216
Baidu 未发现病毒 20190318
APEX Malicious 20200216
Paloalto 未发现病毒 20200216
ClamAV 未发现病毒 20200216
Kaspersky 未发现病毒 20200216
BitDefender 未发现病毒 20200216
NANO-Antivirus 未发现病毒 20200216
SUPERAntiSpyware 未发现病毒 20200214
Avast Win32:Malware-gen 20200216
Rising Trojan.GenKryptik!8.AA55 (TFE:dGZlOgVTY9+M0MkFyg) 20200216
Ad-Aware 未发现病毒 20200216
Sophos 未发现病毒 20200216
Comodo 未发现病毒 20200216
F-Secure 未发现病毒 20200216
DrWeb Trojan.DownLoader33.3028 20200216
VIPRE 未发现病毒 20200216
Invincea heuristic 20191211
McAfee-GW-Edition 未发现病毒 20200216
Trapmine malicious.high.ml.score 20200123
FireEye Generic.mg.2ce0b905b9e04f2f 20200217
Emsisoft 未发现病毒 20200216
Ikarus 未发现病毒 20200216
F-Prot 未发现病毒 20200217
Jiangmin 未发现病毒 20200216
Webroot W32.Trojan.Gen 20200216
Avira 未发现病毒 20200216
Fortinet W32/GenKryptik.EEIQ!tr 20200216
Antiy-AVL 未发现病毒 20200216
Kingsoft 未发现病毒 20200216
Endgame malicious (high confidence) 20200131
Microsoft 未发现病毒 20200216
ViRobot 未发现病毒 20200216
ZoneAlarm 未发现病毒 20200216
Avast-Mobile 未发现病毒 20200213
TACHYON 未发现病毒 20200216
AhnLab-V3 未发现病毒 20200216
Acronis suspicious 20200216
VBA32 未发现病毒 20200214
ALYac 未发现病毒 20200216
MAX 未发现病毒 20200216
Zoner 未发现病毒 20200216
TrendMicro-HouseCall 未发现病毒 20200216
Tencent 未发现病毒 20200216
Yandex 未发现病毒 20200216
SentinelOne 未发现病毒 20191218
eGambit 未发现病毒 20200216
GData 未发现病毒 20200216
AVG Win32:Malware-gen 20200216
Cybereason 未发现病毒 20190616
Panda 未发现病毒 20200216
MaxSecure 未发现病毒 20200215

进程树

123.exe, PID: 2704, 上一级进程 PID: 2336
dmutil.exe, PID: 2364, 上一级进程 PID: 2704
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 21.48 seconds )

  • 15.496 Suricata
  • 2.873 VirusTotal
  • 1.164 Static
  • 0.598 BehaviorAnalysis
  • 0.487 peid
  • 0.371 TargetInfo
  • 0.353 NetworkAnalysis
  • 0.12 AnalysisInfo
  • 0.015 Strings
  • 0.003 Memory

Signatures ( 0.376 seconds )

  • 0.042 antiav_detectreg
  • 0.03 api_spamming
  • 0.025 stealth_timeout
  • 0.023 stealth_decoy_document
  • 0.02 md_url_bl
  • 0.017 infostealer_ftp
  • 0.017 md_domain_bl
  • 0.015 antivm_vbox_libs
  • 0.01 infostealer_im
  • 0.009 antianalysis_detectreg
  • 0.008 anomaly_persistence_autorun
  • 0.008 antiav_detectfile
  • 0.007 exec_crash
  • 0.007 ransomware_extensions
  • 0.007 ransomware_files
  • 0.006 infostealer_bitcoin
  • 0.006 infostealer_mail
  • 0.005 antiemu_wine_func
  • 0.005 antisandbox_sunbelt_libs
  • 0.005 kovter_behavior
  • 0.004 antiav_avast_libs
  • 0.004 antivm_vmware_libs
  • 0.004 infostealer_browser_password
  • 0.004 antivm_vbox_files
  • 0.004 disables_browser_warn
  • 0.003 tinba_behavior
  • 0.003 bootkit
  • 0.003 mimics_filetime
  • 0.003 stealth_file
  • 0.003 reads_self
  • 0.003 antisandbox_sboxie_libs
  • 0.003 antiav_bitdefender_libs
  • 0.003 antivm_generic_scsi
  • 0.003 antivm_generic_disk
  • 0.003 virus
  • 0.003 geodo_banking_trojan
  • 0.002 rat_nanocore
  • 0.002 antivm_generic_services
  • 0.002 betabot_behavior
  • 0.002 kibex_behavior
  • 0.002 anormaly_invoke_kills
  • 0.002 cerber_behavior
  • 0.002 antivm_parallels_keys
  • 0.002 antivm_xen_keys
  • 0.002 bot_drive
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.002 stealth_modify_uac_prompt
  • 0.001 hawkeye_behavior
  • 0.001 network_tor
  • 0.001 injection_createremotethread
  • 0.001 ursnif_behavior
  • 0.001 shifu_behavior
  • 0.001 injection_runpe
  • 0.001 hancitor_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antisandbox_productid
  • 0.001 antivm_generic_diskreg
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 darkcomet_regkeys
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 office_security
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_fingerprint
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_security_center_warnings

Reporting ( 1.108 seconds )

  • 0.846 ReportHTMLSummary
  • 0.262 Malheur
Task ID 513181
Mongo ID 5e4cc2c82f8f2e0dfe6c859d
Cuckoo release 1.4-Maldun