分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp01-1 | 2020-04-08 17:32:03 | 2020-04-08 17:32:32 | 29 秒 |
魔盾分数
8.75
危险的
文件详细信息
| 文件名 | 直播插件.exe |
|---|---|
| 文件大小 | 1003520 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | fca8263c549d25e6f6804b399c86f518 |
| SHA1 | 38dc17d56d9ab8824659d8ebe997fc5399b8595a |
| SHA256 | a217e7b4b2864757f36b40fd97e7a6b334067b0cc7d8f99b2f3939a53e6154ae |
| SHA512 | 6f9601daac7d5b50548c6f51ef4558d11ac360bf92014fcea2c7775f471982ab79e8cb1952b5c30a364e9551476024517ece212932bef69ff392d017f1e4e22b |
| CRC32 | B89FDF27 |
| Ssdeep | 12288:JCRoBOHdFKbnJZnLKTtsOLYcF/Gx6vi/eFOOHl1KFycNQwp7Sp73YW5WT:ISBOT0JZqYcIx43l1KFywlpmp73G |
| Yara | 登录查看Yara规则 |
| 样本下载 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x004b27ec |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x000f9ea8 |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2020-04-05 12:28:37 |
| 载入哈希 | c4be68886f4ecc7c453da098ef9b469b |
| 图标 |  |
| 图标精确哈希值 | 027e291a6b7abf6b6d795e2cabadf733 |
| 图标相似性哈希值 | 14fbc9405dbf816c70d31815b7d5b0dc |
版本信息
| LegalCopyright | |
|---|---|
| FileVersion | |
| CompanyName | |
| Comments | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x000b1b79 | 0x000b2000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.21 |
| .rdata | 0x000b3000 | 0x0001686a | 0x00017000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.67 |
| .data | 0x000ca000 | 0x00041f8a | 0x00015000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 5.95 |
| .rsrc | 0x0010c000 | 0x0001547c | 0x00016000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.44 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| TEXTINCLUDE | 0x0010cb78 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| TEXTINCLUDE | 0x0010cb78 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| TEXTINCLUDE | 0x0010cb78 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| RT_CURSOR | 0x0010d068 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_CURSOR | 0x0010d068 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_CURSOR | 0x0010d068 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_CURSOR | 0x0010d068 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_BITMAP | 0x0010e770 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0010e770 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0010e770 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0010e770 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0010e770 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0010e770 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0010e770 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0010e770 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0010e770 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0010e770 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0010e770 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0010e770 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0010e770 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0010e770 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_ICON | 0x0010ecc4 | 0x00010828 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.87 | dBase III DBT, version number 0, next free block index 40 |
| RT_ICON | 0x0010ecc4 | 0x00010828 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.87 | dBase III DBT, version number 0, next free block index 40 |
| RT_ICON | 0x0010ecc4 | 0x00010828 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.87 | dBase III DBT, version number 0, next free block index 40 |
| RT_MENU | 0x0011f4f8 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
| RT_MENU | 0x0011f4f8 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
| RT_DIALOG | 0x00120740 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x00120740 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x00120740 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x00120740 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x00120740 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x00120740 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x00120740 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x00120740 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x00120740 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x00120740 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_STRING | 0x00121188 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x00121188 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x00121188 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x00121188 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x00121188 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x00121188 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x00121188 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x00121188 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x00121188 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x00121188 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x00121188 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_GROUP_CURSOR | 0x001211d4 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x001211d4 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x001211d4 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_ICON | 0x00121220 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_GROUP_ICON | 0x00121220 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_GROUP_ICON | 0x00121220 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_VERSION | 0x00121234 | 0x00000248 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.18 | data |
导入
库: iphlpapi.dll:
• 0x4b3774 GetAdaptersInfo
库: WINMM.dll:
• 0x4b3698 midiStreamOut
• 0x4b369c midiOutPrepareHeader
• 0x4b36a0 waveOutUnprepareHeader
• 0x4b36a4 waveOutPrepareHeader
• 0x4b36a8 waveOutWrite
• 0x4b36ac waveOutPause
• 0x4b36b0 waveOutReset
• 0x4b36b4 waveOutClose
• 0x4b36b8 waveOutGetNumDevs
• 0x4b36bc midiStreamStop
• 0x4b36c0 midiOutReset
• 0x4b36c4 midiStreamClose
• 0x4b36c8 midiStreamRestart
• 0x4b36cc waveOutOpen
• 0x4b36d0 midiOutUnprepareHeader
• 0x4b36d4 midiStreamOpen
• 0x4b36d8 midiStreamProperty
库: WS2_32.dll:
• 0x4b36f0 socket
• 0x4b36f4 htonl
• 0x4b36f8 bind
• 0x4b36fc htons
• 0x4b3700 WSAAsyncSelect
• 0x4b3704 closesocket
• 0x4b3708 send
• 0x4b370c select
• 0x4b3710 WSACleanup
• 0x4b3714 gethostbyname
• 0x4b3718 inet_ntoa
• 0x4b371c ntohs
• 0x4b3720 getsockname
• 0x4b3724 sendto
• 0x4b3728 recvfrom
• 0x4b372c ioctlsocket
• 0x4b3730 connect
• 0x4b3734 recv
• 0x4b3738 inet_addr
• 0x4b373c gethostname
• 0x4b3740 listen
• 0x4b3744 getpeername
• 0x4b3748 accept
• 0x4b374c __WSAFDIsSet
• 0x4b3750 shutdown
• 0x4b3754 WSAStartup
• 0x4b3758 WSAGetLastError
库: KERNEL32.dll:
• 0x4b3180 EnterCriticalSection
• 0x4b3184 ReleaseSemaphore
• 0x4b3188 ResumeThread
• 0x4b318c CreateSemaphoreA
• 0x4b3190 TerminateThread
• 0x4b3194 SetFilePointer
• 0x4b3198 GetFileSize
• 0x4b319c GetCurrentProcess
• 0x4b31a0 TerminateProcess
• 0x4b31a4 LeaveCriticalSection
• 0x4b31a8 SetLastError
• 0x4b31ac QueryPerformanceFrequency
• 0x4b31b0 QueryPerformanceCounter
• 0x4b31b4 GetTimeZoneInformation
• 0x4b31b8 GetVersion
• 0x4b31bc FileTimeToSystemTime
• 0x4b31c0 GetOEMCP
• 0x4b31c4 GetCPInfo
• 0x4b31c8 GetProcessVersion
• 0x4b31cc SetErrorMode
• 0x4b31d0 GlobalFlags
• 0x4b31d4 GetCurrentThread
• 0x4b31d8 GetFileTime
• 0x4b31dc TlsGetValue
• 0x4b31e0 LocalReAlloc
• 0x4b31e4 TlsSetValue
• 0x4b31e8 TlsFree
• 0x4b31ec GlobalHandle
• 0x4b31f0 TlsAlloc
• 0x4b31f4 LocalAlloc
• 0x4b31f8 lstrcmpA
• 0x4b31fc GlobalGetAtomNameA
• 0x4b3200 GlobalAddAtomA
• 0x4b3204 GlobalFindAtomA
• 0x4b3208 GlobalDeleteAtom
• 0x4b320c lstrcmpiA
• 0x4b3210 SetEndOfFile
• 0x4b3214 UnlockFile
• 0x4b3218 LockFile
• 0x4b321c FlushFileBuffers
• 0x4b3220 DuplicateHandle
• 0x4b3224 lstrcpynA
• 0x4b3228 FileTimeToLocalFileTime
• 0x4b322c LocalFree
• 0x4b3230 WideCharToMultiByte
• 0x4b3234 InterlockedDecrement
• 0x4b3238 InterlockedIncrement
• 0x4b323c GetProfileStringA
• 0x4b3240 WriteFile
• 0x4b3244 WaitForMultipleObjects
• 0x4b3248 CreateFileA
• 0x4b324c DeviceIoControl
• 0x4b3250 SetEvent
• 0x4b3254 FindResourceA
• 0x4b3258 LoadResource
• 0x4b325c LockResource
• 0x4b3260 ReadFile
• 0x4b3264 lstrlenW
• 0x4b3268 RemoveDirectoryA
• 0x4b326c GetModuleFileNameA
• 0x4b3270 GetCurrentThreadId
• 0x4b3274 ExitProcess
• 0x4b3278 GlobalSize
• 0x4b327c GlobalFree
• 0x4b3280 DeleteCriticalSection
• 0x4b3284 InitializeCriticalSection
• 0x4b3288 lstrcatA
• 0x4b328c lstrlenA
• 0x4b3290 WinExec
• 0x4b3294 lstrcpyA
• 0x4b3298 FindNextFileA
• 0x4b329c GlobalReAlloc
• 0x4b32a0 HeapFree
• 0x4b32a4 HeapReAlloc
• 0x4b32a8 GetProcessHeap
• 0x4b32ac HeapAlloc
• 0x4b32b0 GetUserDefaultLCID
• 0x4b32b4 GetFullPathNameA
• 0x4b32b8 FreeLibrary
• 0x4b32bc LoadLibraryA
• 0x4b32c0 GetLastError
• 0x4b32c4 GetVersionExA
• 0x4b32c8 WritePrivateProfileStringA
• 0x4b32cc CreateThread
• 0x4b32d0 CreateEventA
• 0x4b32d4 Sleep
• 0x4b32d8 ExpandEnvironmentStringsA
• 0x4b32dc GlobalAlloc
• 0x4b32e0 GlobalLock
• 0x4b32e4 GlobalUnlock
• 0x4b32e8 FindFirstFileA
• 0x4b32ec FindClose
• 0x4b32f0 GetFileAttributesA
• 0x4b32f4 InterlockedExchange
• 0x4b32f8 DeleteFileA
• 0x4b32fc SetCurrentDirectoryA
• 0x4b3300 GetVolumeInformationA
• 0x4b3304 GetModuleHandleA
• 0x4b3308 GetProcAddress
• 0x4b330c MulDiv
• 0x4b3310 GetCommandLineA
• 0x4b3314 GetTickCount
• 0x4b3318 CreateProcessA
• 0x4b331c WaitForSingleObject
• 0x4b3320 CloseHandle
• 0x4b3324 GetStartupInfoA
• 0x4b3328 RtlUnwind
• 0x4b332c GetSystemTime
• 0x4b3330 GetLocalTime
• 0x4b3334 RaiseException
• 0x4b3338 HeapSize
• 0x4b333c GetACP
• 0x4b3340 SetStdHandle
• 0x4b3344 GetFileType
• 0x4b3348 UnhandledExceptionFilter
• 0x4b334c FreeEnvironmentStringsA
• 0x4b3350 FreeEnvironmentStringsW
• 0x4b3354 GetEnvironmentStrings
• 0x4b3358 GetEnvironmentStringsW
• 0x4b335c SetHandleCount
• 0x4b3360 GetStdHandle
• 0x4b3364 GetEnvironmentVariableA
• 0x4b3368 HeapDestroy
• 0x4b336c HeapCreate
• 0x4b3370 VirtualFree
• 0x4b3374 SetEnvironmentVariableA
• 0x4b3378 LCMapStringA
• 0x4b337c LCMapStringW
• 0x4b3380 VirtualAlloc
• 0x4b3384 IsBadWritePtr
• 0x4b3388 GetStringTypeA
• 0x4b338c GetStringTypeW
• 0x4b3390 SetUnhandledExceptionFilter
• 0x4b3394 CompareStringA
• 0x4b3398 CompareStringW
• 0x4b339c IsBadReadPtr
• 0x4b33a0 IsBadCodePtr
• 0x4b33a4 MultiByteToWideChar
库: USER32.dll:
• 0x4b3404 KillTimer
• 0x4b3408 WinHelpA
• 0x4b340c LoadBitmapA
• 0x4b3410 CopyRect
• 0x4b3414 ChildWindowFromPointEx
• 0x4b3418 ScreenToClient
• 0x4b341c GetMessagePos
• 0x4b3420 SetTimer
• 0x4b3424 ReleaseCapture
• 0x4b3428 GetCapture
• 0x4b342c SetCapture
• 0x4b3430 GetScrollRange
• 0x4b3434 SetScrollRange
• 0x4b3438 GetSysColorBrush
• 0x4b343c SetWindowRgn
• 0x4b3440 DestroyAcceleratorTable
• 0x4b3444 GetWindow
• 0x4b3448 GetActiveWindow
• 0x4b344c SetFocus
• 0x4b3450 IsIconic
• 0x4b3454 PeekMessageA
• 0x4b3458 SetMenu
• 0x4b345c GetMenu
• 0x4b3460 DefWindowProcA
• 0x4b3464 GetClassInfoA
• 0x4b3468 IsZoomed
• 0x4b346c PostQuitMessage
• 0x4b3470 CopyAcceleratorTableA
• 0x4b3474 GetKeyState
• 0x4b3478 TranslateAcceleratorA
• 0x4b347c IsWindowEnabled
• 0x4b3480 ShowWindow
• 0x4b3484 SystemParametersInfoA
• 0x4b3488 LoadImageA
• 0x4b348c EnumDisplaySettingsA
• 0x4b3490 SetScrollPos
• 0x4b3494 SetRect
• 0x4b3498 InflateRect
• 0x4b349c IntersectRect
• 0x4b34a0 DestroyIcon
• 0x4b34a4 PtInRect
• 0x4b34a8 OffsetRect
• 0x4b34ac IsWindowVisible
• 0x4b34b0 EnableWindow
• 0x4b34b4 RedrawWindow
• 0x4b34b8 GetWindowLongA
• 0x4b34bc SetWindowLongA
• 0x4b34c0 ClientToScreen
• 0x4b34c4 GetMenuCheckMarkDimensions
• 0x4b34c8 GetMenuState
• 0x4b34cc SetMenuItemBitmaps
• 0x4b34d0 CheckMenuItem
• 0x4b34d4 MoveWindow
• 0x4b34d8 IsDialogMessageA
• 0x4b34dc ScrollWindowEx
• 0x4b34e0 SendDlgItemMessageA
• 0x4b34e4 MapWindowPoints
• 0x4b34e8 AdjustWindowRectEx
• 0x4b34ec GetScrollPos
• 0x4b34f0 RegisterClassA
• 0x4b34f4 GetMenuItemCount
• 0x4b34f8 GetMenuItemID
• 0x4b34fc CreateWindowExA
• 0x4b3500 SetWindowsHookExA
• 0x4b3504 CallNextHookEx
• 0x4b3508 GetClassLongA
• 0x4b350c SetPropA
• 0x4b3510 UnhookWindowsHookEx
• 0x4b3514 GetPropA
• 0x4b3518 GetSysColor
• 0x4b351c SetActiveWindow
• 0x4b3520 SetCursorPos
• 0x4b3524 LoadCursorA
• 0x4b3528 SetCursor
• 0x4b352c GetDC
• 0x4b3530 FillRect
• 0x4b3534 IsRectEmpty
• 0x4b3538 ReleaseDC
• 0x4b353c IsChild
• 0x4b3540 DestroyMenu
• 0x4b3544 SetForegroundWindow
• 0x4b3548 GetWindowRect
• 0x4b354c EqualRect
• 0x4b3550 UpdateWindow
• 0x4b3554 ValidateRect
• 0x4b3558 InvalidateRect
• 0x4b355c GetClientRect
• 0x4b3560 GetFocus
• 0x4b3564 GetParent
• 0x4b3568 GetTopWindow
• 0x4b356c PostMessageA
• 0x4b3570 IsWindow
• 0x4b3574 SetParent
• 0x4b3578 DestroyCursor
• 0x4b357c SendMessageA
• 0x4b3580 SetWindowPos
• 0x4b3584 MessageBoxA
• 0x4b3588 GetCursorPos
• 0x4b358c GetSystemMetrics
• 0x4b3590 EmptyClipboard
• 0x4b3594 SetClipboardData
• 0x4b3598 OpenClipboard
• 0x4b359c GetClipboardData
• 0x4b35a0 CloseClipboard
• 0x4b35a4 wsprintfA
• 0x4b35a8 WaitForInputIdle
• 0x4b35ac EnableMenuItem
• 0x4b35b0 GetSubMenu
• 0x4b35b4 GetDlgCtrlID
• 0x4b35b8 CreateAcceleratorTableA
• 0x4b35bc CreateMenu
• 0x4b35c0 ModifyMenuA
• 0x4b35c4 AppendMenuA
• 0x4b35c8 CreatePopupMenu
• 0x4b35cc DrawIconEx
• 0x4b35d0 CreateIconFromResource
• 0x4b35d4 CreateIconFromResourceEx
• 0x4b35d8 RegisterClipboardFormatA
• 0x4b35dc SetRectEmpty
• 0x4b35e0 DispatchMessageA
• 0x4b35e4 GetMessageA
• 0x4b35e8 WindowFromPoint
• 0x4b35ec UnregisterClassA
• 0x4b35f0 DrawFocusRect
• 0x4b35f4 DrawEdge
• 0x4b35f8 DrawFrameControl
• 0x4b35fc TranslateMessage
• 0x4b3600 GetDesktopWindow
• 0x4b3604 GetClassNameA
• 0x4b3608 GetDlgItem
• 0x4b360c GetWindowTextA
• 0x4b3610 SetWindowTextA
• 0x4b3614 LoadStringA
• 0x4b3618 LoadIconA
• 0x4b361c GetWindowTextLengthA
• 0x4b3620 CharUpperA
• 0x4b3624 GetWindowDC
• 0x4b3628 BeginPaint
• 0x4b362c EndPaint
• 0x4b3630 TabbedTextOutA
• 0x4b3634 DrawTextA
• 0x4b3638 GrayStringA
• 0x4b363c DestroyWindow
• 0x4b3640 CreateDialogIndirectParamA
• 0x4b3644 EndDialog
• 0x4b3648 GetNextDlgTabItem
• 0x4b364c GetWindowPlacement
• 0x4b3650 RegisterWindowMessageA
• 0x4b3654 GetForegroundWindow
• 0x4b3658 GetLastActivePopup
• 0x4b365c GetMessageTime
• 0x4b3660 RemovePropA
• 0x4b3664 CallWindowProcA
库: GDI32.dll:
• 0x4b3034 GetTextMetricsA
• 0x4b3038 Escape
• 0x4b303c ExtTextOutA
• 0x4b3040 TextOutA
• 0x4b3044 RectVisible
• 0x4b3048 PtVisible
• 0x4b304c GetViewportExtEx
• 0x4b3050 ExtSelectClipRgn
• 0x4b3054 LineTo
• 0x4b3058 MoveToEx
• 0x4b305c RoundRect
• 0x4b3060 GetTextExtentPoint32A
• 0x4b3064 GetDeviceCaps
• 0x4b3068 BeginPath
• 0x4b306c GetWindowOrgEx
• 0x4b3070 GetWindowExtEx
• 0x4b3074 GetDIBits
• 0x4b3078 RealizePalette
• 0x4b307c SelectPalette
• 0x4b3080 StretchBlt
• 0x4b3084 CreatePalette
• 0x4b3088 GetSystemPaletteEntries
• 0x4b308c CreateDIBitmap
• 0x4b3090 DeleteObject
• 0x4b3094 SelectClipRgn
• 0x4b3098 CreatePolygonRgn
• 0x4b309c GetClipRgn
• 0x4b30a0 SetStretchBltMode
• 0x4b30a4 CreateRectRgnIndirect
• 0x4b30a8 SetBkColor
• 0x4b30ac ExcludeClipRect
• 0x4b30b0 GetClipBox
• 0x4b30b4 ScaleWindowExtEx
• 0x4b30b8 SetWindowExtEx
• 0x4b30bc SetWindowOrgEx
• 0x4b30c0 ScaleViewportExtEx
• 0x4b30c4 SetViewportExtEx
• 0x4b30c8 OffsetViewportOrgEx
• 0x4b30cc SetViewportOrgEx
• 0x4b30d0 SetMapMode
• 0x4b30d4 GetCurrentObject
• 0x4b30d8 DPtoLP
• 0x4b30dc LPtoDP
• 0x4b30e0 Rectangle
• 0x4b30e4 Ellipse
• 0x4b30e8 CreateCompatibleDC
• 0x4b30ec BitBlt
• 0x4b30f0 StartPage
• 0x4b30f4 StartDocA
• 0x4b30f8 DeleteDC
• 0x4b30fc EndDoc
• 0x4b3100 EndPage
• 0x4b3104 GetObjectA
• 0x4b3108 GetStockObject
• 0x4b310c CreateFontIndirectA
• 0x4b3110 CreateSolidBrush
• 0x4b3114 FillRgn
• 0x4b3118 CreateRectRgn
• 0x4b311c CombineRgn
• 0x4b3120 PatBlt
• 0x4b3124 CreatePen
• 0x4b3128 SelectObject
• 0x4b312c CreateBitmap
• 0x4b3130 CreateDCA
• 0x4b3134 SetTextColor
• 0x4b3138 SetROP2
• 0x4b313c SetPolyFillMode
• 0x4b3140 SetBkMode
• 0x4b3144 RestoreDC
• 0x4b3148 SaveDC
• 0x4b314c CreateCompatibleBitmap
• 0x4b3150 GetPolyFillMode
• 0x4b3154 GetStretchBltMode
• 0x4b3158 GetROP2
• 0x4b315c GetBkColor
• 0x4b3160 GetBkMode
• 0x4b3164 GetTextColor
• 0x4b3168 CreateRoundRectRgn
• 0x4b316c CreateEllipticRgn
• 0x4b3170 PathToRegion
• 0x4b3174 GetViewportOrgEx
• 0x4b3178 EndPath
库: ADVAPI32.dll:
• 0x4b3000 RegCloseKey
• 0x4b3004 RegQueryValueExA
• 0x4b3008 RegOpenKeyExA
• 0x4b300c RegSetValueExA
• 0x4b3010 RegCreateKeyA
• 0x4b3014 RegDeleteValueA
• 0x4b3018 RegDeleteKeyA
• 0x4b301c RegQueryValueA
• 0x4b3020 RegCreateKeyExA
库: ole32.dll:
• 0x4b377c CLSIDFromProgID
• 0x4b3780 OleRun
• 0x4b3784 CoCreateInstance
• 0x4b3788 CLSIDFromString
• 0x4b378c OleUninitialize
• 0x4b3790 OleInitialize
库: OLEAUT32.dll:
• 0x4b33ac VariantChangeType
• 0x4b33b0 VariantClear
• 0x4b33b4 SafeArrayGetUBound
• 0x4b33b8 SafeArrayGetLBound
• 0x4b33bc SafeArrayGetElement
• 0x4b33c0 VariantCopyInd
• 0x4b33c4 VariantInit
• 0x4b33c8 SysAllocString
• 0x4b33cc SafeArrayGetDim
• 0x4b33d0 SafeArrayUnaccessData
• 0x4b33d4 UnRegisterTypeLib
• 0x4b33d8 LoadTypeLib
• 0x4b33dc LHashValOfNameSys
• 0x4b33e0 RegisterTypeLib
• 0x4b33e4 SafeArrayAccessData
库: WININET.dll:
• 0x4b366c InternetCanonicalizeUrlA
• 0x4b3670 InternetCrackUrlA
• 0x4b3674 HttpOpenRequestA
• 0x4b3678 HttpSendRequestA
• 0x4b367c HttpQueryInfoA
• 0x4b3680 InternetConnectA
• 0x4b3684 InternetSetOptionA
• 0x4b3688 InternetOpenA
• 0x4b368c InternetCloseHandle
• 0x4b3690 InternetReadFile
库: comdlg32.dll:
• 0x4b3760 ChooseColorA
• 0x4b3764 GetFileTitleA
• 0x4b3768 GetSaveFileNameA
• 0x4b376c GetOpenFileNameA
.text
.rdata
@.data
.rsrc
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 2.657 seconds )
- 1.116 Static
- 0.501 TargetInfo
- 0.404 VirusTotal
- 0.299 peid
- 0.225 NetworkAnalysis
- 0.081 BehaviorAnalysis
- 0.017 AnalysisInfo
- 0.011 Strings
- 0.002 Memory
- 0.001 config_decoder
Signatures ( 0.12 seconds )
- 0.018 md_url_bl
- 0.013 antiav_detectreg
- 0.007 md_domain_bl
- 0.006 anomaly_persistence_autorun
- 0.006 antiav_detectfile
- 0.006 infostealer_ftp
- 0.006 ransomware_files
- 0.005 ransomware_extensions
- 0.004 api_spamming
- 0.004 infostealer_bitcoin
- 0.004 infostealer_im
- 0.003 stealth_timeout
- 0.003 antianalysis_detectreg
- 0.002 tinba_behavior
- 0.002 stealth_decoy_document
- 0.002 rat_nanocore
- 0.002 injection_createremotethread
- 0.002 process_interest
- 0.002 antivm_vbox_files
- 0.002 geodo_banking_trojan
- 0.002 disables_browser_warn
- 0.002 infostealer_mail
- 0.001 antivm_vbox_libs
- 0.001 betabot_behavior
- 0.001 kibex_behavior
- 0.001 vawtrak_behavior
- 0.001 cerber_behavior
- 0.001 injection_runpe
- 0.001 process_needed
- 0.001 antivm_parallels_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 browser_security
- 0.001 modify_proxy
- 0.001 maldun_malicious_drop_executable_file_to_temp_folder
- 0.001 md_bad_drop
- 0.001 stealth_modify_uac_prompt
Reporting ( 0.725 seconds )
- 0.717 ReportHTMLSummary
- 0.008 Malheur
| Task ID | 535148 |
|---|---|
| Mongo ID | 5e8d9a36bb7d5768392ba4f2 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号