比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp01-2 2020-04-08 20:35:06 2020-04-08 20:37:11 125 秒

魔盾分数

6.35

危险的

文件详细信息

文件名 Hash_new_133_0406.exe
文件大小 5705728 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 2eceb9cf9e346ae1729759d76b0aa2c9
SHA1 c706f531d56e62b564fd9648e04507dd91e12718
SHA256 e74a336bd92f0d5a1550bd4c109096af3d8782b6755d1ba5d35f4e97663be7f9
SHA512 beec96b30e835a811703ca2348361109822d0683b129a7a13301f71aaf3f53ccde5a7a0135c0304aeac0520c963794db484d049e368d1ffcc8e5d9c891b0d688
CRC32 9CA66617
Ssdeep 98304:P3TYaHfn1KxJvw2TThj1Mgh/IuGkGAIei+ic4CB5Eq49:1Hf1kdxMAg4liKDY
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.cheat8.com A 122.195.200.178
A 218.93.208.141

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0047cd6c
声明校验值 0x00000000
实际校验值 0x00576280
最低操作系统版本要求 4.0
编译时间 2020-04-06 19:54:03
载入哈希 91155ddc13a4708ef27c46436d2e7eef
图标
图标精确哈希值 1e8bcfa781bea4967b15829cc8ed6f2e
图标相似性哈希值 0c602bac3a4108fc7e69d3d6a5a49148

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0009de72 0x0009e000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.54
.rdata 0x0009f000 0x0041bc6a 0x0041c000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.94
.data 0x004bb000 0x0004fb6a 0x00013000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.11
.upx0 0x0050b000 0x00099ee0 0x0009a000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.99
.rsrc 0x005a5000 0x000087a9 0x00009000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.81

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TEXTINCLUDE 0x005a5e08 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x005a5e08 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x005a5e08 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
RT_CURSOR 0x005a6614 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 3.07 data
RT_CURSOR 0x005a6614 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 3.07 data
RT_CURSOR 0x005a6614 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 3.07 data
RT_CURSOR 0x005a6614 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 3.07 data
RT_CURSOR 0x005a6614 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 3.07 data
RT_CURSOR 0x005a6614 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 3.07 data
RT_CURSOR 0x005a6614 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 3.07 data
RT_BITMAP 0x005a8f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x005a8f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x005a8f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x005a8f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x005a8f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x005a8f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x005a8f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x005a8f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x005a8f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x005a8f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x005a8f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x005a8f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x005a8f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x005a8f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x005a8f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x005a8f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_ICON 0x005a9460 0x00002128 LANG_NEUTRAL SUBLANG_NEUTRAL 2.46 data
RT_ICON 0x005a9460 0x00002128 LANG_NEUTRAL SUBLANG_NEUTRAL 2.46 data
RT_ICON 0x005a9460 0x00002128 LANG_NEUTRAL SUBLANG_NEUTRAL 2.46 data
RT_MENU 0x005ab594 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_MENU 0x005ab594 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_DIALOG 0x005ac7dc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x005ac7dc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x005ac7dc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x005ac7dc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x005ac7dc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x005ac7dc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x005ac7dc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x005ac7dc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x005ac7dc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x005ac7dc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_STRING 0x005ad224 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x005ad224 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x005ad224 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x005ad224 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x005ad224 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x005ad224 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x005ad224 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x005ad224 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x005ad224 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x005ad224 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x005ad224 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_GROUP_CURSOR 0x005ad2ac 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x005ad2ac 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x005ad2ac 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x005ad2ac 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x005ad2ac 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x005ad2ac 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON 0x005ad2f8 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x005ad2f8 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x005ad2f8 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION 0x005ad30c 0x000002d0 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.56 data
RT_MANIFEST 0x005ad5dc 0x000001cd LANG_NEUTRAL SUBLANG_NEUTRAL 5.08 XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: WINMM.dll:
0x49f680 midiStreamOut
0x49f690 waveOutWrite
0x49f694 waveOutPause
0x49f698 waveOutReset
0x49f69c waveOutClose
0x49f6a0 waveOutGetNumDevs
0x49f6a4 waveOutOpen
0x49f6a8 midiStreamStop
0x49f6ac midiOutReset
0x49f6b0 midiStreamClose
0x49f6b4 midiStreamRestart
0x49f6bc midiStreamOpen
0x49f6c0 midiStreamProperty
库: WS2_32.dll:
0x49f6d8 WSACleanup
0x49f6dc closesocket
0x49f6e0 getpeername
0x49f6e4 accept
0x49f6e8 WSAAsyncSelect
0x49f6ec recvfrom
0x49f6f0 ioctlsocket
0x49f6f4 inet_ntoa
0x49f6f8 recv
库: KERNEL32.dll:
0x49f1b8 GetVersion
0x49f1bc GetACP
0x49f1c0 HeapSize
0x49f1c4 RaiseException
0x49f1c8 GetLocalTime
0x49f1cc GetSystemTime
0x49f1d0 RtlUnwind
0x49f1d4 GetStartupInfoA
0x49f1dc GetCPInfo
0x49f1e0 GetProcessVersion
0x49f1e4 SetErrorMode
0x49f1e8 GlobalFlags
0x49f1ec GetCurrentThread
0x49f1f0 GetFileTime
0x49f1f4 TlsGetValue
0x49f1f8 LocalReAlloc
0x49f1fc TlsSetValue
0x49f200 TlsFree
0x49f204 GlobalHandle
0x49f208 TlsAlloc
0x49f20c LocalAlloc
0x49f210 lstrcmpA
0x49f214 GlobalGetAtomNameA
0x49f218 GlobalAddAtomA
0x49f21c GlobalFindAtomA
0x49f220 GlobalDeleteAtom
0x49f224 lstrcmpiA
0x49f228 SetEndOfFile
0x49f22c UnlockFile
0x49f230 LockFile
0x49f234 FlushFileBuffers
0x49f238 DuplicateHandle
0x49f23c lstrcpynA
0x49f248 LocalFree
0x49f254 SetLastError
0x49f258 TerminateProcess
0x49f25c GetFileSize
0x49f260 SetFilePointer
0x49f264 WideCharToMultiByte
0x49f268 MultiByteToWideChar
0x49f26c GetCurrentProcess
0x49f274 GetSystemDirectoryA
0x49f278 CreateSemaphoreA
0x49f27c ResumeThread
0x49f280 ReleaseSemaphore
0x49f28c GetProfileStringA
0x49f290 WriteFile
0x49f294 ReadFile
0x49f29c CreateFileA
0x49f2a0 SetEvent
0x49f2a4 FindResourceA
0x49f2a8 LoadResource
0x49f2ac LockResource
0x49f2b0 GetModuleFileNameA
0x49f2b4 GetCurrentThreadId
0x49f2b8 ExitProcess
0x49f2bc GlobalSize
0x49f2c0 GlobalFree
0x49f2cc lstrcatA
0x49f2d0 lstrlenA
0x49f2d4 WinExec
0x49f2d8 lstrcpyA
0x49f2dc FindNextFileA
0x49f2e0 GlobalReAlloc
0x49f2e4 HeapFree
0x49f2e8 HeapReAlloc
0x49f2ec GetProcessHeap
0x49f2f0 HeapAlloc
0x49f2f4 GetFullPathNameA
0x49f2f8 FreeLibrary
0x49f2fc LoadLibraryA
0x49f300 GetLastError
0x49f304 GetVersionExA
0x49f30c InterlockedExchange
0x49f310 CreateThread
0x49f314 CreateEventA
0x49f318 Sleep
0x49f31c GlobalAlloc
0x49f320 GlobalLock
0x49f324 GlobalUnlock
0x49f328 GetTempPathA
0x49f32c FindFirstFileA
0x49f330 FindClose
0x49f334 GetFileAttributesA
0x49f340 GetModuleHandleA
0x49f344 GetProcAddress
0x49f348 MulDiv
0x49f34c GetCommandLineA
0x49f350 GetTickCount
0x49f354 WaitForSingleObject
0x49f358 CloseHandle
0x49f370 SetHandleCount
0x49f374 GetStdHandle
0x49f378 GetFileType
0x49f380 HeapDestroy
0x49f384 HeapCreate
0x49f388 VirtualFree
0x49f390 LCMapStringA
0x49f394 LCMapStringW
0x49f398 VirtualAlloc
0x49f39c IsBadWritePtr
0x49f3a4 GetStringTypeA
0x49f3a8 GetStringTypeW
0x49f3ac CompareStringA
0x49f3b0 CompareStringW
0x49f3b4 IsBadReadPtr
0x49f3b8 IsBadCodePtr
0x49f3bc SetStdHandle
0x49f3c0 GetOEMCP
库: USER32.dll:
0x49f3f0 IsWindowEnabled
0x49f3f8 GetKeyState
0x49f400 PostQuitMessage
0x49f404 IsZoomed
0x49f408 GetClassInfoA
0x49f40c DefWindowProcA
0x49f410 GetSystemMenu
0x49f414 DeleteMenu
0x49f418 GetMenu
0x49f41c SetMenu
0x49f420 PeekMessageA
0x49f424 IsIconic
0x49f428 SetFocus
0x49f42c ShowWindow
0x49f434 LoadImageA
0x49f43c ClientToScreen
0x49f440 EnableMenuItem
0x49f444 GetSubMenu
0x49f448 GetDlgCtrlID
0x49f450 CreateMenu
0x49f454 ModifyMenuA
0x49f458 GetActiveWindow
0x49f45c GetSysColorBrush
0x49f460 LoadStringA
0x49f464 AppendMenuA
0x49f468 CreatePopupMenu
0x49f46c DrawIconEx
0x49f47c SetRectEmpty
0x49f480 DispatchMessageA
0x49f484 GetMessageA
0x49f488 WindowFromPoint
0x49f48c DrawFocusRect
0x49f490 DrawEdge
0x49f494 DrawFrameControl
0x49f498 LoadIconA
0x49f49c TranslateMessage
0x49f4a0 GetCursor
0x49f4a4 DrawTextA
0x49f4a8 SetPropA
0x49f4ac CallWindowProcA
0x49f4b0 MoveWindow
0x49f4b4 GetPropA
0x49f4b8 FrameRect
0x49f4bc SetWindowsHookExA
0x49f4c0 GetWindow
0x49f4c8 SetWindowRgn
0x49f4cc GetMessagePos
0x49f4d0 ScreenToClient
0x49f4d8 CopyRect
0x49f4dc LoadBitmapA
0x49f4e0 WinHelpA
0x49f4e4 KillTimer
0x49f4e8 SetTimer
0x49f4ec ReleaseCapture
0x49f4f0 GetCapture
0x49f4f4 SetCapture
0x49f4f8 GetScrollRange
0x49f4fc SetScrollRange
0x49f500 SetScrollPos
0x49f504 SetRect
0x49f508 InflateRect
0x49f50c IntersectRect
0x49f514 SetMenuItemBitmaps
0x49f518 CheckMenuItem
0x49f51c IsDialogMessageA
0x49f520 ScrollWindowEx
0x49f524 DestroyIcon
0x49f528 PtInRect
0x49f52c OffsetRect
0x49f530 IsWindowVisible
0x49f534 EnableWindow
0x49f538 RedrawWindow
0x49f53c GetWindowLongA
0x49f540 SetWindowLongA
0x49f544 GetSysColor
0x49f548 SetActiveWindow
0x49f54c SetCursorPos
0x49f550 LoadCursorA
0x49f554 SetCursor
0x49f558 GetDC
0x49f55c FillRect
0x49f560 IsRectEmpty
0x49f564 ReleaseDC
0x49f568 IsChild
0x49f56c TrackPopupMenu
0x49f570 DestroyMenu
0x49f574 SetForegroundWindow
0x49f578 GetWindowRect
0x49f57c EqualRect
0x49f580 UpdateWindow
0x49f584 ValidateRect
0x49f588 InvalidateRect
0x49f58c GetClientRect
0x49f590 GetFocus
0x49f594 GetParent
0x49f598 GetTopWindow
0x49f59c PostMessageA
0x49f5a0 IsWindow
0x49f5a4 SetParent
0x49f5a8 DestroyCursor
0x49f5ac SendMessageA
0x49f5b0 SetWindowPos
0x49f5b4 MessageBoxA
0x49f5b8 GetCursorPos
0x49f5bc GetSystemMetrics
0x49f5c0 EmptyClipboard
0x49f5c4 SetClipboardData
0x49f5c8 OpenClipboard
0x49f5cc GetClipboardData
0x49f5d0 CloseClipboard
0x49f5d4 wsprintfA
0x49f5d8 CallNextHookEx
0x49f5dc UnhookWindowsHookEx
0x49f5e0 GetWindowDC
0x49f5e4 EnumChildWindows
0x49f5e8 WindowFromDC
0x49f5ec TabbedTextOutA
0x49f5f0 DrawStateA
0x49f5f8 GetMenuState
0x49f5fc GetMenuStringA
0x49f600 GetMenuItemID
0x49f604 GetMenuItemCount
0x49f608 SetWindowTextA
0x49f60c GetWindowTextA
0x49f610 GetForegroundWindow
0x49f614 GetDesktopWindow
0x49f618 GetClassNameA
0x49f61c GetDlgItem
0x49f620 FindWindowExA
0x49f624 UnregisterClassA
0x49f628 GrayStringA
0x49f630 CharUpperA
0x49f634 BeginPaint
0x49f638 EndPaint
0x49f63c DestroyWindow
0x49f644 EndDialog
0x49f648 GetNextDlgTabItem
0x49f64c GetWindowPlacement
0x49f654 GetLastActivePopup
0x49f658 GetMessageTime
0x49f65c RemovePropA
0x49f660 GetClassLongA
0x49f664 CreateWindowExA
0x49f668 RegisterClassA
0x49f66c GetScrollPos
0x49f670 AdjustWindowRectEx
0x49f674 MapWindowPoints
0x49f678 SendDlgItemMessageA
库: GDI32.dll:
0x49f050 ExtSelectClipRgn
0x49f054 LineTo
0x49f058 MoveToEx
0x49f05c DPtoLP
0x49f060 GetCurrentObject
0x49f064 RoundRect
0x49f06c GetDeviceCaps
0x49f070 GetViewportOrgEx
0x49f074 GetWindowExtEx
0x49f078 GetDIBits
0x49f07c RealizePalette
0x49f080 SelectPalette
0x49f084 StretchBlt
0x49f088 CreatePalette
0x49f090 CreateDIBitmap
0x49f094 DeleteObject
0x49f098 SelectClipRgn
0x49f09c CreatePolygonRgn
0x49f0a0 SetStretchBltMode
0x49f0a4 ExtCreateRegion
0x49f0a8 SetPixel
0x49f0ac CreateDIBSection
0x49f0b4 SetBkColor
0x49f0b8 SetBkMode
0x49f0bc SetTextColor
0x49f0c0 SetWindowOrgEx
0x49f0c4 SaveDC
0x49f0c8 RestoreDC
0x49f0cc CreatePenIndirect
0x49f0d0 PtVisible
0x49f0d4 RectVisible
0x49f0d8 TextOutA
0x49f0dc ExtTextOutA
0x49f0e0 Escape
0x49f0e4 ExcludeClipRect
0x49f0e8 GetClipBox
0x49f0ec ScaleWindowExtEx
0x49f0f0 SetWindowExtEx
0x49f0f4 ScaleViewportExtEx
0x49f0f8 SetViewportExtEx
0x49f0fc OffsetViewportOrgEx
0x49f100 SetViewportOrgEx
0x49f104 SetMapMode
0x49f108 SetROP2
0x49f10c GetViewportExtEx
0x49f110 GetTextMetricsA
0x49f114 LPtoDP
0x49f118 Rectangle
0x49f11c Ellipse
0x49f120 SetPixelV
0x49f124 CreateCompatibleDC
0x49f128 GetPixel
0x49f12c BitBlt
0x49f130 StartPage
0x49f134 StartDocA
0x49f138 DeleteDC
0x49f13c EndDoc
0x49f140 EndPage
0x49f144 CreateFontIndirectA
0x49f148 GetStockObject
0x49f14c CreateSolidBrush
0x49f150 FillRgn
0x49f154 CreateRectRgn
0x49f158 CombineRgn
0x49f15c PatBlt
0x49f160 CreatePen
0x49f164 SetPolyFillMode
0x49f168 GetObjectA
0x49f16c SelectObject
0x49f170 CreateBitmap
0x49f174 CreateBrushIndirect
0x49f178 CreateDCA
0x49f180 GetPolyFillMode
0x49f184 GetStretchBltMode
0x49f188 GetROP2
0x49f18c GetBkColor
0x49f190 GetBkMode
0x49f194 GetTextColor
0x49f198 CreateRoundRectRgn
0x49f19c CreateEllipticRgn
0x49f1a0 PathToRegion
0x49f1a4 GetWindowOrgEx
0x49f1a8 GetClipRgn
0x49f1ac EndPath
0x49f1b0 BeginPath
库: MSIMG32.dll:
0x49f3c8 GradientFill
库: WINSPOOL.DRV:
0x49f6c8 OpenPrinterA
0x49f6cc DocumentPropertiesA
0x49f6d0 ClosePrinter
库: ADVAPI32.dll:
0x49f000 RegOpenKeyExA
0x49f004 RegSetValueExA
0x49f008 RegQueryValueA
0x49f00c RegCreateKeyExA
0x49f010 RegCloseKey
库: SHELL32.dll:
0x49f3e0 Shell_NotifyIconA
0x49f3e4 ShellExecuteA
库: ole32.dll:
0x49f714 CLSIDFromString
0x49f718 OleUninitialize
0x49f71c OleInitialize
库: OLEAUT32.dll:
0x49f3d0 LoadTypeLib
0x49f3d4 RegisterTypeLib
0x49f3d8 UnRegisterTypeLib
库: COMCTL32.dll:
0x49f018 ImageList_GetIcon
0x49f028 ImageList_Draw
0x49f02c _TrackMouseEvent
0x49f030 ImageList_AddMasked
0x49f034 None
0x49f038 ImageList_Destroy
0x49f03c ImageList_Create
0x49f040 ImageList_Read
0x49f048 ImageList_Duplicate
库: comdlg32.dll:
0x49f700 ChooseColorA
0x49f704 GetFileTitleA
0x49f708 GetSaveFileNameA
0x49f70c GetOpenFileNameA
.text
`.rdata
@.data
.upx0
`.rsrc
8`}<j
T$hVj
T$th
|$TVj
DQRWj
|$`Vj
D$@Sj
L$8h
D$8Rj
l$<VWj
T$ Rj
L$4S+L$0Qj
}'h
9^xu5j
T$,Qj
T$0Pj
D$8RPj
D$0h
T$,Qj
jjjjh
没有防病毒引擎扫描信息!

进程树

Hash_new_133_0406.exe, PID: 2804, 上一级进程 PID: 2412
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.202 49160 218.93.208.141 www.cheat8.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.202 57325 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.cheat8.com A 122.195.200.178
A 218.93.208.141

TCP

源地址 源端口 目标地址 目标端口
192.168.122.202 49160 218.93.208.141 www.cheat8.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.202 57325 192.168.122.1 53

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2020-04-08 20:35:23.867587+0800 192.168.122.202 49160 218.93.208.141 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=cheat8.com 0f:42:24:c6:62:a9:f5:6e:dd:d1:be:20:3f:3c:7c:96:39:80:05:ee

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 17.823 seconds )

  • 9.191 Suricata
  • 3.469 NetworkAnalysis
  • 3.257 Static
  • 1.015 TargetInfo
  • 0.369 VirusTotal
  • 0.31 peid
  • 0.165 BehaviorAnalysis
  • 0.027 AnalysisInfo
  • 0.009 config_decoder
  • 0.009 Strings
  • 0.002 Memory

Signatures ( 0.147 seconds )

  • 0.035 antiav_detectreg
  • 0.013 infostealer_ftp
  • 0.01 md_domain_bl
  • 0.008 infostealer_im
  • 0.008 md_url_bl
  • 0.007 antianalysis_detectreg
  • 0.005 api_spamming
  • 0.004 stealth_decoy_document
  • 0.004 anomaly_persistence_autorun
  • 0.004 stealth_timeout
  • 0.004 antiav_detectfile
  • 0.004 infostealer_mail
  • 0.003 infostealer_bitcoin
  • 0.003 ransomware_extensions
  • 0.003 ransomware_files
  • 0.002 tinba_behavior
  • 0.002 kibex_behavior
  • 0.002 antidbg_windows
  • 0.002 antivm_parallels_keys
  • 0.002 antivm_vbox_files
  • 0.002 geodo_banking_trojan
  • 0.002 disables_browser_warn
  • 0.002 network_torgateway
  • 0.001 rat_nanocore
  • 0.001 antivm_generic_services
  • 0.001 betabot_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 anormaly_invoke_kills
  • 0.001 cerber_behavior
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_xen_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 darkcomet_regkeys
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 recon_fingerprint

Reporting ( 0.7 seconds )

  • 0.693 ReportHTMLSummary
  • 0.007 Malheur
Task ID 535186
Mongo ID 5e8dc594bb7d5727de78ba29
Cuckoo release 1.4-Maldun