分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp01-1 | 2020-04-08 19:38:32 | 2020-04-08 19:40:34 | 122 秒 |
魔盾分数
10.0
危险的
文件详细信息
| 文件名 | Faronics Products Keymaker.exe |
|---|---|
| 文件大小 | 161280 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 14bf3bd3defb3bfa6163e736d1c51b8c |
| SHA1 | 65fec4b152678de74fafbe579a27d29b27c22087 |
| SHA256 | a8561d40c92849f0cb4b346c255c630f7917182505eecc3819eb0e4aa8639a3d |
| SHA512 | 4ed9c49998aa7c3631eb56299c2bbabcec213a0eb9e547b6477823aa44c36ac958c784a3b76ec53e7b190b92b79a7aae0a1e2c1b13de2d6c6966dbf68416071f |
| CRC32 | 31B43E3D |
| Ssdeep | 3072:SdO6xhdIcOjK9FyZNPo2ng1I2dY0/INhZnH:d6hVO+2ZNPVg1IWY0wNz |
| Yara | 登录查看Yara规则 |
| 样本下载 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x00401ef5 |
| 声明校验值 | 0x00036baa |
| 实际校验值 | 0x00036baa |
| 最低操作系统版本要求 | 5.0 |
| 编译时间 | 2015-01-10 22:02:42 |
| 载入哈希 | d6cc89e4096e578c23e5f7e60715901e |
| 图标 |  |
| 图标精确哈希值 | c4246f36827f9d427eaa70d80c88fbf2 |
| 图标相似性哈希值 | 0b3f0091790a26c67b6154f16043cef6 |
版本信息
| LegalCopyright | |
|---|---|
| FileVersion | |
| CompanyName | |
| Comments | |
| ProductVersion | |
| FileDescription | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00009282 | 0x00009400 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.56 |
| .rdata | 0x0000b000 | 0x00003904 | 0x00003a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.31 |
| .data | 0x0000f000 | 0x00001a40 | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 2.41 |
| .rsrc | 0x00011000 | 0x00019310 | 0x00019400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.95 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| RT_BITMAP | 0x00011220 | 0x0000dc00 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.25 | data |
| RT_ICON | 0x00028a28 | 0x000010a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.17 | data |
| RT_ICON | 0x00028a28 | 0x000010a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.17 | data |
| RT_ICON | 0x00028a28 | 0x000010a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.17 | data |
| RT_DIALOG | 0x00029ad0 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.22 | data |
| RT_GROUP_ICON | 0x00029d54 | 0x00000030 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.30 | MS Windows icon resource - 3 icons, 256x256 |
| RT_VERSION | 0x00029d84 | 0x0000032c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.55 | data |
| RT_MANIFEST | 0x0002a0b0 | 0x00000253 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.13 | XML 1.0 document, ASCII text, with CRLF line terminators |
导入
库: KERNEL32.DLL:
• 0x40b008 LCMapStringW
• 0x40b00c GetTickCount
• 0x40b010 GetStringTypeW
• 0x40b014 MultiByteToWideChar
• 0x40b018 GetStringTypeA
• 0x40b01c GetLocaleInfoA
• 0x40b020 LCMapStringA
• 0x40b024 lstrlenA
• 0x40b028 GetSystemTimeAsFileTime
• 0x40b02c GetCommandLineA
• 0x40b030 GetStartupInfoA
• 0x40b034 TerminateProcess
• 0x40b038 GetCurrentProcess
• 0x40b03c UnhandledExceptionFilter
• 0x40b040 SetUnhandledExceptionFilter
• 0x40b044 IsDebuggerPresent
• 0x40b048 GetLastError
• 0x40b04c HeapFree
• 0x40b050 HeapAlloc
• 0x40b054 RaiseException
• 0x40b058 GetModuleHandleW
• 0x40b05c GetProcAddress
• 0x40b060 TlsGetValue
• 0x40b064 TlsAlloc
• 0x40b068 TlsSetValue
• 0x40b06c TlsFree
• 0x40b070 InterlockedIncrement
• 0x40b074 SetLastError
• 0x40b078 GetCurrentThreadId
• 0x40b07c InterlockedDecrement
• 0x40b080 Sleep
• 0x40b084 ExitProcess
• 0x40b088 WriteFile
• 0x40b08c GetStdHandle
• 0x40b090 GetModuleFileNameA
• 0x40b094 FreeEnvironmentStringsA
• 0x40b098 GetEnvironmentStrings
• 0x40b09c FreeEnvironmentStringsW
• 0x40b0a0 WideCharToMultiByte
• 0x40b0a4 GetEnvironmentStringsW
• 0x40b0a8 SetHandleCount
• 0x40b0ac GetFileType
• 0x40b0b0 DeleteCriticalSection
• 0x40b0b4 HeapCreate
• 0x40b0b8 VirtualFree
• 0x40b0bc QueryPerformanceCounter
• 0x40b0c0 GetCurrentProcessId
• 0x40b0c4 LeaveCriticalSection
• 0x40b0c8 EnterCriticalSection
• 0x40b0cc VirtualAlloc
• 0x40b0d0 HeapReAlloc
• 0x40b0d4 RtlUnwind
• 0x40b0d8 HeapSize
• 0x40b0dc GetCPInfo
• 0x40b0e0 GetACP
• 0x40b0e4 GetOEMCP
• 0x40b0e8 IsValidCodePage
• 0x40b0ec LoadLibraryA
• 0x40b0f0 InitializeCriticalSectionAndSpinCount
库: COMCTL32.dll:
• 0x40b000 InitCommonControlsEx
库: USER32.dll:
• 0x40b0f8 RegisterClassA
• 0x40b0fc LoadIconA
• 0x40b100 SendMessageA
• 0x40b104 MessageBoxA
• 0x40b108 GetDlgItem
• 0x40b10c EndDialog
• 0x40b110 DefDlgProcA
• 0x40b114 SetWindowTextA
• 0x40b118 LoadCursorA
• 0x40b11c DialogBoxParamA
库: WS2_32.dll:
• 0x40b124 htonl
.text
`.rdata
@.data
.rsrc
YQPVh
teh40@
SVWUj
bad allocation
Unknown exception
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
runtime error
Microsoft Visual C++ Runtime Library
<program name unknown>
Program:
Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`RTTI
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
:zwt keymaker
Deep Freeze Standard
Deep Freeze Enterprse
Deep Freeze Server Enterprse
WINSelect Enterprise
Information
ABCDEFGHJKMNPQRSTVWXYZ1234567890
q^oYe8Az2xvc75$(#j9@!aak)
BEEFDEAD
fffc0b7f
bad exception
KERNEL32.DLL
COMCTL32.dll
USER32.dll
WS2_32.dll
LCMapStringW
GetTickCount
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
LCMapStringA
lstrlenA
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
HeapAlloc
RaiseException
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
InitCommonControlsEx
RegisterClassA
LoadIconA
SendMessageA
MessageBoxA
GetDlgItem
EndDialog
DefDlgProcA
SetWindowTextA
LoadCursorA
DialogBoxParamA
.?AVtype_info@@
.?AVbad_alloc@std@@
.?AVexception@std@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVCFaronicLicense@@
.::Farnocis Products Keymaker::.
.?AVbad_exception@std@@
JJz8/c#
CxWEI
X@c.5C
/`<28
6iL@>
@z`6M
.H &*
E~d@S
?vMRr
3`?5>
A~aLS
!C%&$
2U.,>
$E,EX
MEzI,i7
Rs)dw
H{Udw
UA|F,e8
Mo)^|
Dw3^|
2W 5xdIzRLi
W/1mF1mE
[7-j?-mI
Ql)Li
7[#dm
uNX)*6
c~/1C
C_,^S
<cC@C
q;sV2eF3X.E\
.S117
Nx@ji
x&^E;N
w7uW-2
7qUWi
;qU;N
>wXLS
@{Z@S
:Eo%$Q
Lu>Ld
3Mw.,S
8oQLX
In dm
3@j !I
>vW5>
>[#EI
>sX@>
I`#;N
@zXLI
5W @S
@{Z,>
?d5EN
@zX;>
;iL@C
?uUL7
CEw8-d)
{>sDCS
7lRL7
KERNEL32.DLL
mscoree.dll
| 防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
|---|---|---|
| Bkav | 未发现病毒 | 20200122 |
| MicroWorld-eScan | Gen:Variant.Graftor.497454 | 20200202 |
| CMC | 未发现病毒 | 20190321 |
| CAT-QuickHeal | Trojan.GenericPMF.S3117420 | 20200202 |
| McAfee | Artemis!14BF3BD3DEFB | 20200202 |
| Cylance | Unsafe | 20200203 |
| Zillya | 未发现病毒 | 20200201 |
| Sangfor | Malware | 20200114 |
| K7AntiVirus | 未发现病毒 | 20200202 |
| Alibaba | RiskWare:Win32/Generic.ee631259 | 20190527 |
| K7GW | 未发现病毒 | 20200202 |
| Cybereason | 未发现病毒 | 20190616 |
| Arcabit | Trojan.Graftor.D7972E | 20200202 |
| TrendMicro | 未发现病毒 | 20200202 |
| Baidu | 未发现病毒 | 20190318 |
| F-Prot | 未发现病毒 | 20200202 |
| Symantec | ML.Attribute.HighConfidence | 20200202 |
| ESET-NOD32 | a variant of Win32/Keygen.TJ potentially unsafe | 20200203 |
| APEX | Malicious | 20200201 |
| Paloalto | 未发现病毒 | 20200203 |
| ClamAV | 未发现病毒 | 20200202 |
| Kaspersky | 未发现病毒 | 20200203 |
| BitDefender | Gen:Variant.Graftor.497454 | 20200202 |
| NANO-Antivirus | 未发现病毒 | 20200202 |
| ViRobot | 未发现病毒 | 20200202 |
| SUPERAntiSpyware | Hack.Tool/Gen-KeyGen | 20200131 |
| Avast | 未发现病毒 | 20200202 |
| Rising | Malware.Generic.5!tfe (CLOUD) | 20200203 |
| Ad-Aware | Gen:Variant.Graftor.497454 | 20200203 |
| Sophos | Generic PUA GF (PUA) | 20200202 |
| Comodo | 未发现病毒 | 20200202 |
| F-Secure | 未发现病毒 | 20200202 |
| DrWeb | 未发现病毒 | 20200202 |
| VIPRE | Trojan.Win32.Generic!BT | 20200202 |
| Invincea | 未发现病毒 | 20191211 |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.ch | 20200202 |
| MaxSecure | 未发现病毒 | 20200131 |
| Trapmine | malicious.moderate.ml.score | 20200123 |
| FireEye | Generic.mg.14bf3bd3defb3bfa | 20200202 |
| Emsisoft | Gen:Variant.Graftor.497454 (B) | 20200202 |
| SentinelOne | 未发现病毒 | 20191218 |
| Cyren | 未发现病毒 | 20200202 |
| Jiangmin | Trojan.Generic.fosr | 20200202 |
| Webroot | W32.Malware.Gen | 20200203 |
| Avira | 未发现病毒 | 20200202 |
| Fortinet | 未发现病毒 | 20200202 |
| Antiy-AVL | 未发现病毒 | 20200202 |
| Kingsoft | 未发现病毒 | 20200203 |
| Endgame | 未发现病毒 | 20200131 |
| Microsoft | Trojan:Win32/Detplock | 20200202 |
| AegisLab | 未发现病毒 | 20200202 |
| ZoneAlarm | 未发现病毒 | 20200202 |
| Avast-Mobile | 未发现病毒 | 20200130 |
| TACHYON | 未发现病毒 | 20200202 |
| AhnLab-V3 | 未发现病毒 | 20200202 |
| Acronis | suspicious | 20200128 |
| VBA32 | 未发现病毒 | 20200131 |
| ALYac | Gen:Variant.Graftor.497454 | 20200202 |
| MAX | malware (ai score=88) | 20200203 |
| Zoner | 未发现病毒 | 20200203 |
| TrendMicro-HouseCall | 未发现病毒 | 20200202 |
| Tencent | 未发现病毒 | 20200203 |
| Yandex | 未发现病毒 | 20200131 |
| Ikarus | 未发现病毒 | 20200202 |
| eGambit | 未发现病毒 | 20200203 |
| GData | Gen:Variant.Graftor.497454 | 20200202 |
| BitDefenderTheta | Gen:NN.ZexaCO.34084.jq0@a8zxqIgb | 20200120 |
| AVG | 未发现病毒 | 20200202 |
| Panda | Trj/Genetic.gen | 20200202 |
| CrowdStrike | win/malicious_confidence_60% (W) | 20190702 |
| Qihoo-360 | 未发现病毒 | 20200203 |
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 3.901 seconds )
- 2.477 VirusTotal
- 0.535 Static
- 0.355 peid
- 0.229 TargetInfo
- 0.221 NetworkAnalysis
- 0.056 BehaviorAnalysis
- 0.014 AnalysisInfo
- 0.012 Strings
- 0.002 Memory
Signatures ( 0.116 seconds )
- 0.02 antiav_detectreg
- 0.01 md_url_bl
- 0.008 infostealer_ftp
- 0.008 md_domain_bl
- 0.006 anomaly_persistence_autorun
- 0.006 antiav_detectfile
- 0.005 infostealer_im
- 0.004 antianalysis_detectreg
- 0.004 ransomware_extensions
- 0.004 ransomware_files
- 0.003 api_spamming
- 0.003 stealth_timeout
- 0.003 infostealer_bitcoin
- 0.003 infostealer_mail
- 0.002 tinba_behavior
- 0.002 stealth_decoy_document
- 0.002 rat_nanocore
- 0.002 cerber_behavior
- 0.002 antivm_vbox_files
- 0.002 geodo_banking_trojan
- 0.002 disables_browser_warn
- 0.001 betabot_behavior
- 0.001 ursnif_behavior
- 0.001 kibex_behavior
- 0.001 shifu_behavior
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 browser_security
- 0.001 modify_proxy
- 0.001 maldun_malicious_drop_executable_file_to_temp_folder
- 0.001 md_bad_drop
- 0.001 stealth_modify_uac_prompt
Reporting ( 0.664 seconds )
- 0.643 ReportHTMLSummary
- 0.021 Malheur
| Task ID | 535170 |
|---|---|
| Mongo ID | 5e8db83cbb7d5727e178b725 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号