比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2020-02-28 16:21:57 2020-02-28 16:24:17 140 秒

魔盾分数

3.95

可疑的

文件详细信息

文件名 键盘UI.exe
文件大小 1144320 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 80a4e2d206e971af4724db2f1a23d50c
SHA1 7df478f8892cdb59fd6b999a1d3f66bb8695a9f1
SHA256 befd98c8daae53f6389f3923681472f7a243d66795d9a29c6de91719d945e8ab
SHA512 55250b1436dd201b8f9db10f7695a4f7b94f73e6e2f767521b38a8a7763786f9810e9e4ebf6ddd21d6bf417a6072f5d84cadb47912fc1f86b887200e4c1a55e6
CRC32 C17D297F
Ssdeep 12288:C/cxRjCLkDSstAu2nEv90fCdfO9vSzBYhXjNmXEiYmUcTbVem3XVZm8U0f/xUVYw:3xRuBNuT9/df2KYlNmO8bV7VFUCtY1
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0053e034
声明校验值 0x00000000
实际校验值 0x0011f5e4
最低操作系统版本要求 5.1
编译时间 2020-02-28 12:05:02
载入哈希 180f5bcf185033ae6b055cbd0b190763

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0009cf5d 0x0009d000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.51
.rdata 0x0009e000 0x00039af8 0x00039c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.91
.data 0x000d8000 0x0003994c 0x00014e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 6.46
.rsrc 0x00112000 0x00015694 0x00015800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 2.86
.data 0x00128000 0x00015dbc 0x00015e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.97
.text 0x0013e000 0x00000200 0x00000200 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 6.84

导入

库: KERNEL32.dll:
0x49e170 GetModuleFileNameW
0x49e174 GetStdHandle
0x49e17c IsValidCodePage
0x49e180 GetACP
0x49e184 HeapSize
0x49e18c GetModuleHandleW
0x49e190 RaiseException
0x49e194 GetConsoleMode
0x49e198 DecodePointer
0x49e19c EncodePointer
0x49e1a0 RtlUnwind
0x49e1a4 GetStartupInfoW
0x49e1a8 HeapSetInformation
0x49e1ac GetOEMCP
0x49e1b0 GetCPInfo
0x49e1b4 GetProcessVersion
0x49e1bc GlobalFlags
0x49e1c0 GetCurrentThread
0x49e1c4 GetFileTime
0x49e1c8 GetFileSize
0x49e1cc TlsGetValue
0x49e1d0 LocalReAlloc
0x49e1d4 TlsSetValue
0x49e1d8 TlsFree
0x49e1dc GlobalHandle
0x49e1e0 TlsAlloc
0x49e1e4 LocalAlloc
0x49e1e8 lstrcmpA
0x49e1ec GetVersion
0x49e1f0 GlobalGetAtomNameA
0x49e1f4 GlobalAddAtomA
0x49e1f8 GlobalFindAtomA
0x49e1fc GlobalDeleteAtom
0x49e200 lstrcmpiA
0x49e204 SetEndOfFile
0x49e208 UnlockFile
0x49e20c LockFile
0x49e210 FlushFileBuffers
0x49e214 SetFilePointer
0x49e218 GetCurrentProcess
0x49e21c DuplicateHandle
0x49e220 lstrcpynA
0x49e224 SetLastError
0x49e230 LocalFree
0x49e240 SetHandleCount
0x49e248 GetFileType
0x49e24c HeapCreate
0x49e254 GetCurrentProcessId
0x49e264 IsDebuggerPresent
0x49e268 TerminateProcess
0x49e270 LCMapStringW
0x49e274 GetConsoleCP
0x49e278 CreateFileW
0x49e27c GetStringTypeW
0x49e284 LoadLibraryW
0x49e288 CompareStringW
0x49e28c SetStdHandle
0x49e290 WriteConsoleW
0x49e294 SuspendThread
0x49e298 TerminateThread
0x49e29c ReleaseMutex
0x49e2a0 CreateMutexA
0x49e2a4 CreateSemaphoreA
0x49e2a8 ResumeThread
0x49e2ac ReleaseSemaphore
0x49e2b8 GetProfileStringA
0x49e2bc WriteFile
0x49e2c4 CreateFileA
0x49e2c8 SetEvent
0x49e2cc FindResourceA
0x49e2d0 LoadResource
0x49e2d4 LockResource
0x49e2d8 ReadFile
0x49e2dc GetModuleFileNameA
0x49e2e0 WideCharToMultiByte
0x49e2e4 MultiByteToWideChar
0x49e2e8 GetCurrentThreadId
0x49e2ec ExitProcess
0x49e2f0 GlobalSize
0x49e2f4 GlobalFree
0x49e300 lstrcatA
0x49e304 CloseHandle
0x49e308 lstrlenA
0x49e30c WinExec
0x49e310 lstrcpyA
0x49e314 FindNextFileA
0x49e318 GlobalReAlloc
0x49e31c HeapFree
0x49e320 HeapReAlloc
0x49e324 GetProcessHeap
0x49e328 HeapAlloc
0x49e32c GetFullPathNameA
0x49e330 FreeLibrary
0x49e334 LoadLibraryA
0x49e338 GetLastError
0x49e340 CreateThread
0x49e344 CreateEventA
0x49e348 Sleep
0x49e34c GlobalAlloc
0x49e350 GlobalLock
0x49e354 GlobalUnlock
0x49e358 FindFirstFileA
0x49e35c FindClose
0x49e360 GetFileAttributesA
0x49e36c GetModuleHandleA
0x49e370 GetProcAddress
0x49e374 MulDiv
0x49e378 GetCommandLineA
0x49e37c GetTickCount
0x49e380 WaitForSingleObject
0x49e384 SetErrorMode
库: USER32.dll:
0x49e3a8 RegisterClassA
0x49e3ac CreateWindowExA
0x49e3b0 MoveWindow
0x49e3b4 SetPropA
0x49e3b8 DefWindowProcW
0x49e3bc GetPropA
0x49e3c0 LoadIconA
0x49e3c4 TranslateMessage
0x49e3c8 DrawFrameControl
0x49e3cc DrawEdge
0x49e3d0 DrawFocusRect
0x49e3d4 WindowFromPoint
0x49e3d8 GetMessageA
0x49e3dc DispatchMessageA
0x49e3e0 SetRectEmpty
0x49e3f0 DrawIconEx
0x49e3f4 CreatePopupMenu
0x49e3f8 AppendMenuA
0x49e3fc ModifyMenuA
0x49e400 CreateMenu
0x49e408 GetDlgCtrlID
0x49e40c GetSubMenu
0x49e410 EnableMenuItem
0x49e414 ClientToScreen
0x49e41c LoadImageA
0x49e424 ShowWindow
0x49e428 IsWindowEnabled
0x49e430 GetKeyState
0x49e438 PostQuitMessage
0x49e43c IsZoomed
0x49e440 GetClassInfoA
0x49e444 DefWindowProcA
0x49e448 GetSystemMenu
0x49e44c DeleteMenu
0x49e450 GetMenu
0x49e454 SetMenu
0x49e458 PeekMessageA
0x49e45c IsIconic
0x49e460 SetFocus
0x49e464 GetActiveWindow
0x49e468 GetWindow
0x49e470 SetWindowRgn
0x49e474 GetMessagePos
0x49e478 ScreenToClient
0x49e480 CopyRect
0x49e484 LoadBitmapA
0x49e488 WinHelpA
0x49e48c KillTimer
0x49e490 SetTimer
0x49e494 ReleaseCapture
0x49e498 GetCapture
0x49e49c SetCapture
0x49e4a0 GetScrollRange
0x49e4a4 SetScrollRange
0x49e4a8 SetScrollPos
0x49e4ac SetRect
0x49e4b0 InflateRect
0x49e4b4 IntersectRect
0x49e4b8 UnregisterClassA
0x49e4bc PtInRect
0x49e4c0 OffsetRect
0x49e4c4 IsWindowVisible
0x49e4c8 EnableWindow
0x49e4cc RedrawWindow
0x49e4d0 GetWindowLongA
0x49e4d4 SetWindowLongA
0x49e4d8 GetSysColor
0x49e4dc SetActiveWindow
0x49e4e0 SetCursorPos
0x49e4e4 LoadCursorA
0x49e4e8 SetCursor
0x49e4ec GetDC
0x49e4f0 FillRect
0x49e4f4 IsRectEmpty
0x49e4f8 ReleaseDC
0x49e4fc IsChild
0x49e500 DestroyMenu
0x49e504 SetForegroundWindow
0x49e508 GetWindowRect
0x49e50c EqualRect
0x49e510 UpdateWindow
0x49e514 ValidateRect
0x49e518 InvalidateRect
0x49e51c GetClientRect
0x49e520 GetFocus
0x49e524 GetParent
0x49e528 GetTopWindow
0x49e52c PostMessageA
0x49e530 IsWindow
0x49e534 SetParent
0x49e538 DestroyCursor
0x49e53c SendMessageA
0x49e540 GetWindowTextA
0x49e548 CharUpperA
0x49e54c GetWindowDC
0x49e550 BeginPaint
0x49e554 EndPaint
0x49e558 TabbedTextOutA
0x49e55c DrawTextA
0x49e560 GrayStringA
0x49e564 GetDlgItem
0x49e568 DestroyWindow
0x49e570 EndDialog
0x49e574 GetNextDlgTabItem
0x49e578 GetWindowPlacement
0x49e580 GetForegroundWindow
0x49e584 GetLastActivePopup
0x49e588 GetMessageTime
0x49e58c RemovePropA
0x49e590 CallWindowProcA
0x49e594 UnhookWindowsHookEx
0x49e598 GetClassLongA
0x49e59c CallNextHookEx
0x49e5a0 SetWindowsHookExA
0x49e5a4 GetMenuItemID
0x49e5a8 GetMenuItemCount
0x49e5ac GetScrollPos
0x49e5b0 AdjustWindowRectEx
0x49e5b4 MapWindowPoints
0x49e5b8 SendDlgItemMessageA
0x49e5bc ScrollWindowEx
0x49e5c0 IsDialogMessageA
0x49e5c4 SetWindowTextA
0x49e5c8 CheckMenuItem
0x49e5cc SetMenuItemBitmaps
0x49e5d0 GetMenuState
0x49e5d8 GetClassNameA
0x49e5dc GetDesktopWindow
0x49e5e0 LoadStringA
0x49e5e4 GetSysColorBrush
0x49e5e8 SetWindowPos
0x49e5ec MessageBoxA
0x49e5f0 GetCursorPos
0x49e5f4 GetSystemMetrics
0x49e5f8 EmptyClipboard
0x49e5fc SetClipboardData
0x49e600 OpenClipboard
0x49e604 GetClipboardData
0x49e608 CloseClipboard
0x49e60c wsprintfA
0x49e610 DestroyIcon
库: GDI32.dll:
0x49e024 ExtTextOutA
0x49e028 GetTextMetricsA
0x49e02c TextOutA
0x49e030 RectVisible
0x49e034 PtVisible
0x49e038 Escape
0x49e03c GetViewportExtEx
0x49e040 ExtSelectClipRgn
0x49e044 SetBkColor
0x49e04c SetStretchBltMode
0x49e050 GetClipRgn
0x49e054 CreatePolygonRgn
0x49e058 SelectClipRgn
0x49e05c DeleteObject
0x49e060 CreateDIBitmap
0x49e068 CreatePalette
0x49e06c StretchBlt
0x49e070 SelectPalette
0x49e074 RealizePalette
0x49e078 GetDIBits
0x49e07c GetWindowExtEx
0x49e080 GetViewportOrgEx
0x49e084 GetWindowOrgEx
0x49e088 BeginPath
0x49e08c EndPath
0x49e090 PathToRegion
0x49e094 CreateEllipticRgn
0x49e098 CreateRoundRectRgn
0x49e09c GetTextColor
0x49e0a0 GetBkMode
0x49e0a4 GetBkColor
0x49e0a8 GetROP2
0x49e0ac GetStretchBltMode
0x49e0b0 GetPolyFillMode
0x49e0b8 CreateDCA
0x49e0bc CreateBitmap
0x49e0c0 SelectObject
0x49e0c4 GetObjectA
0x49e0c8 CreatePen
0x49e0cc PatBlt
0x49e0d0 CombineRgn
0x49e0d4 CreateRectRgn
0x49e0d8 FillRgn
0x49e0dc SetWindowOrgEx
0x49e0e0 ScaleViewportExtEx
0x49e0e4 SetViewportExtEx
0x49e0e8 OffsetViewportOrgEx
0x49e0ec SetViewportOrgEx
0x49e0f0 SetMapMode
0x49e0f4 SetTextColor
0x49e0f8 SetROP2
0x49e0fc SetPolyFillMode
0x49e100 SetBkMode
0x49e104 RestoreDC
0x49e108 SaveDC
0x49e10c CreateSolidBrush
0x49e110 GetStockObject
0x49e114 CreateFontIndirectA
0x49e118 EndPage
0x49e11c EndDoc
0x49e120 DeleteDC
0x49e124 StartDocA
0x49e128 StartPage
0x49e12c BitBlt
0x49e130 CreateCompatibleDC
0x49e134 Ellipse
0x49e138 Rectangle
0x49e13c LPtoDP
0x49e140 DPtoLP
0x49e144 GetCurrentObject
0x49e148 RoundRect
0x49e150 GetDeviceCaps
0x49e154 LineTo
0x49e158 MoveToEx
0x49e15c ExcludeClipRect
0x49e160 GetClipBox
0x49e164 ScaleWindowExtEx
0x49e168 SetWindowExtEx
库: WINMM.dll:
0x49e618 waveOutRestart
0x49e624 waveOutWrite
0x49e628 waveOutPause
0x49e62c waveOutReset
0x49e630 waveOutClose
0x49e634 waveOutGetNumDevs
0x49e638 waveOutOpen
0x49e640 midiStreamOpen
0x49e644 midiStreamProperty
0x49e64c midiStreamOut
0x49e650 midiStreamStop
0x49e654 midiOutReset
0x49e658 midiStreamClose
0x49e65c midiStreamRestart
库: WINSPOOL.DRV:
0x49e664 OpenPrinterA
0x49e668 DocumentPropertiesA
0x49e66c ClosePrinter
库: ADVAPI32.dll:
0x49e000 RegQueryValueA
0x49e004 RegSetValueExA
0x49e008 RegCreateKeyExA
0x49e00c RegCloseKey
0x49e010 RegOpenKeyExA
库: SHELL32.dll:
0x49e39c ShellExecuteA
0x49e3a0 Shell_NotifyIconA
库: ole32.dll:
0x49e6b4 CLSIDFromString
0x49e6b8 OleUninitialize
0x49e6bc OleInitialize
库: OLEAUT32.dll:
0x49e38c UnRegisterTypeLib
0x49e390 RegisterTypeLib
0x49e394 LoadTypeLib
库: COMCTL32.dll:
0x49e018 None
0x49e01c ImageList_Destroy
库: WS2_32.dll:
0x49e674 inet_ntoa
0x49e678 WSACleanup
0x49e67c ntohl
0x49e680 accept
0x49e684 getpeername
0x49e688 recv
0x49e68c ioctlsocket
0x49e690 recvfrom
0x49e694 closesocket
0x49e698 WSAAsyncSelect
库: comdlg32.dll:
0x49e6a0 ChooseColorA
0x49e6a4 GetOpenFileNameA
0x49e6a8 GetSaveFileNameA
0x49e6ac GetFileTitleA
.text
.rdata
.data
.rsrc
@.data
.text
没有防病毒引擎扫描信息!

进程树

______UI.exe, PID: 2700, 上一级进程 PID: 2332
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 23.508 seconds )

  • 17.249 Suricata
  • 4.688 Static
  • 0.591 TargetInfo
  • 0.431 peid
  • 0.359 NetworkAnalysis
  • 0.138 AnalysisInfo
  • 0.03 BehaviorAnalysis
  • 0.015 Strings
  • 0.004 Memory
  • 0.003 config_decoder

Signatures ( 0.156 seconds )

  • 0.019 md_url_bl
  • 0.017 md_domain_bl
  • 0.016 antiav_detectreg
  • 0.01 ransomware_files
  • 0.009 anomaly_persistence_autorun
  • 0.009 ransomware_extensions
  • 0.008 antiav_detectfile
  • 0.008 infostealer_ftp
  • 0.006 infostealer_bitcoin
  • 0.005 infostealer_im
  • 0.003 tinba_behavior
  • 0.003 antianalysis_detectreg
  • 0.003 antivm_vbox_files
  • 0.003 disables_browser_warn
  • 0.003 infostealer_mail
  • 0.002 rat_nanocore
  • 0.002 betabot_behavior
  • 0.002 cerber_behavior
  • 0.002 geodo_banking_trojan
  • 0.002 bot_drive
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.001 network_tor
  • 0.001 api_spamming
  • 0.001 ursnif_behavior
  • 0.001 kazybot_behavior
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 office_security
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.273 seconds )

  • 0.273 Malheur
Task ID 518306
Mongo ID 5e58ce502f8f2e54374fe268
Cuckoo release 1.4-Maldun