分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp01-1 2020-04-08 19:05:57 2020-04-08 19:08:00 123 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 0a11acc864b124af1d3de9145eccfc4ebc98f5.exe
文件大小 2914920 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 1976d15199e5f0a8fb6c885df9129f56
SHA1 930a11acc864b124af1d3de9145eccfc4ebc98f5
SHA256 195d8e3ba33b976cd661d7526daaae4852c6330bd6bb1ff7646cd7f2c0f1ad3f
SHA512 91bc79f7e8cc8de02421de0cfea204e6845dcecacb3bc337c414df5f89ab2958da6a9e645e6a4a056f35862e1954529fa66822dc8265a5e72aa6c986625d37ae
CRC32 650980AB
Ssdeep 49152:p5/f6IyzPzXIlPSEyOms7N0l467VBIofjwTZBNv0Fi3X0frHytR3Us4ja2C:p5SzPz4Xy1s7N0fvMTxqIETts4M
Yara 登录查看Yara规则
样本下载 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0041d759
声明校验值 0x00000000
实际校验值 0x002c94c7
最低操作系统版本要求 5.1
PDB路径 D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
编译时间 2019-04-28 04:03:27
载入哈希 00be6e6c4f9e287672c8301b72bdabf3
图标
图标精确哈希值 8d9da329386d64d6b86a12bd2f986399
图标相似性哈希值 9043363bfee17e0d508057b9ae7189e9

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0002e854 0x0002ea00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.69
.rdata 0x00030000 0x00009a9c 0x00009c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.13
.data 0x0003a000 0x000213d0 0x00000c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.25
.gfids 0x0005c000 0x000000e8 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 2.11
.rsrc 0x0005d000 0x0000d478 0x0000d600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.85
.reloc 0x0006b000 0x00001fcc 0x00002000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 6.65

覆盖

偏移量 0x00048e00
大小 0x0027ec68

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
PNG 0x0005e18c 0x000015a9 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.80 PNG image data, 186 x 604, 8-bit/color RGB, non-interlaced
PNG 0x0005e18c 0x000015a9 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.80 PNG image data, 186 x 604, 8-bit/color RGB, non-interlaced
RT_ICON 0x00064ea8 0x00003d71 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.95 PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x00064ea8 0x00003d71 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.95 PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x00064ea8 0x00003d71 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.95 PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x00064ea8 0x00003d71 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.95 PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x00064ea8 0x00003d71 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.95 PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x00064ea8 0x00003d71 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.95 PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x00064ea8 0x00003d71 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.95 PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_DIALOG 0x0006932c 0x000001e6 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.85 data
RT_DIALOG 0x0006932c 0x000001e6 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.85 data
RT_DIALOG 0x0006932c 0x000001e6 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.85 data
RT_DIALOG 0x0006932c 0x000001e6 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.85 data
RT_DIALOG 0x0006932c 0x000001e6 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.85 data
RT_DIALOG 0x0006932c 0x000001e6 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.85 data
RT_STRING 0x00069c44 0x00000078 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.43 data
RT_STRING 0x00069c44 0x00000078 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.43 data
RT_STRING 0x00069c44 0x00000078 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.43 data
RT_STRING 0x00069c44 0x00000078 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.43 data
RT_STRING 0x00069c44 0x00000078 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.43 data
RT_STRING 0x00069c44 0x00000078 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.43 data
RT_STRING 0x00069c44 0x00000078 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.43 data
RT_STRING 0x00069c44 0x00000078 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.43 data
RT_STRING 0x00069c44 0x00000078 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.43 data
RT_STRING 0x00069c44 0x00000078 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.43 data
RT_GROUP_ICON 0x00069cbc 0x00000068 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.72 MS Windows icon resource - 7 icons, 16x16
RT_MANIFEST 0x00069d24 0x00000753 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 XML 1.0 document, ASCII text, with CRLF line terminators

导入

库: KERNEL32.dll:
0x430000 GetLastError
0x430004 SetLastError
0x430008 GetCurrentProcess
0x43000c DeviceIoControl
0x430010 SetFileTime
0x430014 CloseHandle
0x430018 CreateDirectoryW
0x43001c RemoveDirectoryW
0x430020 CreateFileW
0x430024 DeleteFileW
0x430028 CreateHardLinkW
0x43002c GetShortPathNameW
0x430030 GetLongPathNameW
0x430034 MoveFileW
0x430038 GetFileType
0x43003c GetStdHandle
0x430040 WriteFile
0x430044 ReadFile
0x430048 FlushFileBuffers
0x43004c SetEndOfFile
0x430050 SetFilePointer
0x430054 SetFileAttributesW
0x430058 GetFileAttributesW
0x43005c FindClose
0x430060 FindFirstFileW
0x430064 FindNextFileW
0x430068 GetVersionExW
0x430070 GetFullPathNameW
0x430074 FoldStringW
0x430078 GetModuleFileNameW
0x43007c GetModuleHandleW
0x430080 FindResourceW
0x430084 FreeLibrary
0x430088 GetProcAddress
0x43008c GetCurrentProcessId
0x430090 ExitProcess
0x430098 Sleep
0x43009c LoadLibraryW
0x4300a0 GetSystemDirectoryW
0x4300a4 CompareStringW
0x4300a8 AllocConsole
0x4300ac FreeConsole
0x4300b0 AttachConsole
0x4300b4 WriteConsoleW
0x4300bc CreateThread
0x4300c0 SetThreadPriority
0x4300d4 SetEvent
0x4300d8 ResetEvent
0x4300dc ReleaseSemaphore
0x4300e0 WaitForSingleObject
0x4300e4 CreateEventW
0x4300e8 CreateSemaphoreW
0x4300ec GetSystemTime
0x430108 GetCPInfo
0x43010c IsDBCSLeadByte
0x430110 MultiByteToWideChar
0x430114 WideCharToMultiByte
0x430118 GlobalAlloc
0x43011c GetTickCount
0x430120 LockResource
0x430124 GlobalLock
0x430128 GlobalUnlock
0x43012c GlobalFree
0x430130 LoadResource
0x430134 SizeofResource
0x43013c GetExitCodeProcess
0x430140 GetLocalTime
0x430144 MapViewOfFile
0x430148 UnmapViewOfFile
0x43014c CreateFileMappingW
0x430150 OpenFileMappingW
0x430154 GetCommandLineW
0x430160 GetTempPathW
0x430164 MoveFileExW
0x430168 GetLocaleInfoW
0x43016c GetTimeFormatW
0x430170 GetDateFormatW
0x430174 GetNumberFormatW
0x430178 SetFilePointerEx
0x43017c GetConsoleMode
0x430180 GetConsoleCP
0x430184 HeapSize
0x430188 SetStdHandle
0x43018c GetProcessHeap
0x430190 RaiseException
0x430194 GetSystemInfo
0x430198 VirtualProtect
0x43019c VirtualQuery
0x4301a0 LoadLibraryExA
0x4301a8 IsDebuggerPresent
0x4301b4 GetStartupInfoW
0x4301bc GetCurrentThreadId
0x4301c4 InitializeSListHead
0x4301c8 TerminateProcess
0x4301cc RtlUnwind
0x4301d0 EncodePointer
0x4301d8 TlsAlloc
0x4301dc TlsGetValue
0x4301e0 TlsSetValue
0x4301e4 TlsFree
0x4301e8 LoadLibraryExW
0x4301f0 GetModuleHandleExW
0x4301f4 GetModuleFileNameA
0x4301f8 GetACP
0x4301fc HeapFree
0x430200 HeapAlloc
0x430204 HeapReAlloc
0x430208 GetStringTypeW
0x43020c LCMapStringW
0x430210 FindFirstFileExA
0x430214 FindNextFileA
0x430218 IsValidCodePage
0x43021c GetOEMCP
0x430220 GetCommandLineA
0x43022c DecodePointer
库: gdiplus.dll:
0x430234 GdiplusShutdown
0x430238 GdiplusStartup
0x430248 GdipDisposeImage
0x43024c GdipCloneImage
0x430250 GdipFree
0x430254 GdipAlloc

.text
`.rdata
@.data
.gfids
@.rsrc
@.reloc
t1h!0
ShG?@
SUVWj
t$$WSj
$SUVWj
ubh !D
SUVWh
D$4Pj
D$$Pj
Ph*QD
Ph*AD
f9=*AD
Wh"1D
,h*HE
D$(*QD
Ph*AD
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav W32.AIDetectVM.malware2 20200320
DrWeb 未发现病毒 20200320
MicroWorld-eScan Gen:Variant.Razy.236700 20200320
CMC 未发现病毒 20190321
CAT-QuickHeal 未发现病毒 20200320
ALYac 未发现病毒 20200320
Cylance Unsafe 20200320
Zillya 未发现病毒 20200320
SUPERAntiSpyware 未发现病毒 20200317
Sangfor 未发现病毒 20200314
K7AntiVirus Adware ( 004b942f1 ) 20200320
Alibaba Trojan:Win32/APosT.5364acb1 20190527
K7GW Adware ( 004b942f1 ) 20200320
CrowdStrike win/malicious_confidence_60% (W) 20190702
Arcabit Trojan.Razy.D39C9C 20200320
Invincea heuristic 20200219
BitDefenderTheta AI:Packer.EFBB01001F 20200311
Cyren W32/Trojan.KFNJ-6366 20200320
TotalDefense 未发现病毒 20200320
Zoner 未发现病毒 20200320
TrendMicro-HouseCall 未发现病毒 20200320
Avast Win32:Malware-gen 20200320
ClamAV 未发现病毒 20200319
GData Gen:Variant.Razy.236700 20200320
Kaspersky HEUR:Trojan.Win32.APosT.gen 20200320
BitDefender Gen:Variant.Razy.236700 20200320
NANO-Antivirus 未发现病毒 20200320
Paloalto generic.ml 20200320
ViRobot Trojan.Win32.Z.Razy.2914920 20200320
Tencent 未发现病毒 20200320
Ad-Aware 未发现病毒 20200320
Emsisoft Gen:Variant.Razy.236700 (B) 20200320
Comodo Malware@#1mioccgq6y53q 20200319
F-Secure Trojan.TR/RedCap.dcjuv 20200320
Baidu 未发现病毒 20190318
VIPRE 未发现病毒 20200320
TrendMicro TROJ_GEN.R002C0WC820 20200320
McAfee-GW-Edition BehavesLike.Win32.Backdoor.vc 20200320
Trapmine suspicious.low.ml.score 20200123
FireEye Generic.mg.1976d15199e5f0a8 20200316
Sophos Mal/Generic-S 20200320
Ikarus Trojan.Win32.Obsidium 20200320
F-Prot 未发现病毒 20200320
Jiangmin 未发现病毒 20200320
Webroot 未发现病毒 20200320
Avira TR/RedCap.ngexd 20200320
Antiy-AVL Trojan/Win32.APosT 20200320
Kingsoft 未发现病毒 20200320
Microsoft Trojan:Win32/Vigorf.A 20200320
Endgame malicious (high confidence) 20200226
AegisLab Trojan.BAT.Crypter.tqa8 20200320
ZoneAlarm HEUR:Trojan.Win32.APosT.gen 20200320
Avast-Mobile 未发现病毒 20200319
AhnLab-V3 未发现病毒 20200320
Acronis 未发现病毒 20200315
McAfee Artemis!1976D15199E5 20200320
MAX malware (ai score=87) 20200320
VBA32 BScope.Trojan.MulDrop 20200320
Malwarebytes 未发现病毒 20200320
APEX Malicious 20200319
ESET-NOD32 a variant of Generik.GEOWDUJ 20200320
Rising Trojan.Packed!1.B5F2 (CLOUD) 20200320
Yandex 未发现病毒 20200319
TACHYON 未发现病毒 20200320
eGambit 未发现病毒 20200320
Fortinet W32/APosT!tr 20200320
MaxSecure 未发现病毒 20200319
AVG Win32:Malware-gen 20200320
Cybereason malicious.199e5f 20190616
Panda Trj/CI.A 20200319
Qihoo-360 Win32/Trojan.4a8 20200320

进程树


0a11acc864b124af1d3de9145eccfc4ebc98f5.exe, PID: 2676, 上一级进程 PID: 2320
OSDUtility.exe, PID: 2932, 上一级进程 PID: 2676
Everything.exe, PID: 3044, 上一级进程 PID: 2932
wscript.exe, PID: 2792, 上一级进程 PID: 2932

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 6.038 seconds )

  • 1.759 VirusTotal
  • 1.699 Static
  • 1.278 BehaviorAnalysis
  • 0.733 TargetInfo
  • 0.312 peid
  • 0.223 NetworkAnalysis
  • 0.016 AnalysisInfo
  • 0.012 Strings
  • 0.005 config_decoder
  • 0.001 Memory

Signatures ( 0.722 seconds )

  • 0.095 antiav_detectreg
  • 0.066 api_spamming
  • 0.056 stealth_timeout
  • 0.05 stealth_decoy_document
  • 0.036 infostealer_ftp
  • 0.026 stealth_file
  • 0.02 mimics_filetime
  • 0.02 reads_self
  • 0.019 antianalysis_detectreg
  • 0.019 infostealer_im
  • 0.018 antiav_detectfile
  • 0.017 bootkit
  • 0.016 antivm_generic_disk
  • 0.013 virus
  • 0.012 antivm_generic_scsi
  • 0.012 infostealer_bitcoin
  • 0.012 infostealer_mail
  • 0.009 md_url_bl
  • 0.008 infostealer_browser
  • 0.008 antivm_generic_services
  • 0.008 anormaly_invoke_kills
  • 0.007 antivm_vbox_libs
  • 0.007 hancitor_behavior
  • 0.007 antivm_vbox_files
  • 0.006 maldun_anomaly_massive_file_ops
  • 0.006 anomaly_persistence_autorun
  • 0.006 kibex_behavior
  • 0.006 infostealer_browser_password
  • 0.005 betabot_behavior
  • 0.005 antivm_xen_keys
  • 0.005 geodo_banking_trojan
  • 0.005 md_domain_bl
  • 0.004 hawkeye_behavior
  • 0.004 injection_createremotethread
  • 0.004 antidbg_windows
  • 0.004 kovter_behavior
  • 0.004 antivm_parallels_keys
  • 0.004 darkcomet_regkeys
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 antiemu_wine_func
  • 0.003 antiav_avast_libs
  • 0.003 maldun_malicious_write_executeable_under_temp_to_regrun
  • 0.003 maldun_anomaly_write_exe_and_obsfucate_extension
  • 0.003 antisandbox_sunbelt_libs
  • 0.003 ipc_namedpipe
  • 0.003 exec_crash
  • 0.003 injection_runpe
  • 0.003 antivm_generic_diskreg
  • 0.003 disables_browser_warn
  • 0.002 tinba_behavior
  • 0.002 network_tor
  • 0.002 rat_nanocore
  • 0.002 antivm_vmware_libs
  • 0.002 antisandbox_sboxie_libs
  • 0.002 antiav_bitdefender_libs
  • 0.002 antisandbox_productid
  • 0.002 browser_security
  • 0.002 recon_fingerprint
  • 0.001 dridex_behavior
  • 0.001 rat_luminosity
  • 0.001 antivm_directory_objects
  • 0.001 antisandbox_sboxie_objects
  • 0.001 ransomware_message
  • 0.001 process_interest
  • 0.001 sets_autoconfig_url
  • 0.001 kazybot_behavior
  • 0.001 shifu_behavior
  • 0.001 maldun_anomaly_write_exe_and_dll_under_winroot_run
  • 0.001 vawtrak_behavior
  • 0.001 cerber_behavior
  • 0.001 securityxploded_modules
  • 0.001 bypass_firewall
  • 0.001 sniffer_winpcap
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_generic_bios
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_generic_system
  • 0.001 antivm_xen_keys
  • 0.001 antivm_hyperv_keys
  • 0.001 antivm_vbox_acpi
  • 0.001 antivm_vbox_keys
  • 0.001 antivm_vmware_files
  • 0.001 antivm_vmware_keys
  • 0.001 antivm_vpc_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 modify_proxy
  • 0.001 codelux_behavior
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 maldun_anomaly_invoke_vb_vba
  • 0.001 md_bad_drop
  • 0.001 packer_armadillo_regkey
  • 0.001 rat_pcclient

Reporting ( 0.502 seconds )

  • 0.47 ReportHTMLSummary
  • 0.032 Malheur
Task ID 535168
Mongo ID 5e8db09fbb7d5727df78b869
Cuckoo release 1.4-Maldun