分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp01-2 | 2020-04-08 20:51:56 | 2020-04-08 20:53:57 | 121 秒 |
魔盾分数
10.0
危险的
文件详细信息
| 文件名 | 自瞄版本2.2.exe |
|---|---|
| 文件大小 | 1798144 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 3f3ef74c2bac94c874a09b9c35a1cbba |
| SHA1 | 784899f1caaa040f663d284c3fcd085125f8ca59 |
| SHA256 | e9a79c7218cfc2014c1892a2b2676cd3aebd6fd5dedb735e2a8b34d067aac249 |
| SHA512 | 682577961e3efb20dad1f91a5e6971c75131aad9a31e5af45b7c1be8334003cfd0fdd20c2796a51af78ff663b6b914ba00b3869275c730805de7e7a943640d3d |
| CRC32 | C7BE3C01 |
| Ssdeep | 24576:dMjrxI+MYHrfUEpLiIGVQKBvdzSt6Woi0PTZv+d4mO33piVvQ0:d+YENGVQK9Nur0TVdL3p10 |
| Yara | 登录查看Yara规则 |
| 样本下载 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x004d5f25 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x001be5eb |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2020-04-08 20:26:41 |
| 载入哈希 | 96b464b517672eb260c5e13ba418189a |
| 图标 |  |
| 图标精确哈希值 | 561f57d053b52009fb77a51d7b89b449 |
| 图标相似性哈希值 | b3dcf49cb74668f8a713b737446fecc1 |
版本信息
| LegalCopyright | |
|---|---|
| FileVersion | |
| Comments | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x000f560e | 0x000f6000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.56 |
| .rdata | 0x000f7000 | 0x00090b04 | 0x00091000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.74 |
| .data | 0x00188000 | 0x0005392a | 0x0001a000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.88 |
| .rsrc | 0x001dc000 | 0x00014b4c | 0x00015000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 3.88 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| TEXTINCLUDE | 0x001dcbc0 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| TEXTINCLUDE | 0x001dcbc0 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| TEXTINCLUDE | 0x001dcbc0 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| RT_CURSOR | 0x001dd0b0 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_CURSOR | 0x001dd0b0 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_CURSOR | 0x001dd0b0 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_CURSOR | 0x001dd0b0 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_BITMAP | 0x001de7b8 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x001de7b8 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x001de7b8 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x001de7b8 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x001de7b8 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x001de7b8 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x001de7b8 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x001de7b8 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x001de7b8 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x001de7b8 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x001de7b8 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x001de7b8 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x001de7b8 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x001de7b8 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_ICON | 0x001ded0c | 0x0000fbc8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.04 | dBase IV DBT of \364.DBF, blocks size 0, block length 62464, next free block index 40, next free block 0, next used block 0 |
| RT_ICON | 0x001ded0c | 0x0000fbc8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.04 | dBase IV DBT of \364.DBF, blocks size 0, block length 62464, next free block index 40, next free block 0, next used block 0 |
| RT_ICON | 0x001ded0c | 0x0000fbc8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.04 | dBase IV DBT of \364.DBF, blocks size 0, block length 62464, next free block index 40, next free block 0, next used block 0 |
| RT_MENU | 0x001ee8e0 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
| RT_MENU | 0x001ee8e0 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
| RT_DIALOG | 0x001efb28 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x001efb28 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x001efb28 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x001efb28 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x001efb28 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x001efb28 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x001efb28 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x001efb28 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x001efb28 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x001efb28 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_STRING | 0x001f0570 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x001f0570 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x001f0570 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x001f0570 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x001f0570 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x001f0570 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x001f0570 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x001f0570 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x001f0570 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x001f0570 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x001f0570 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_GROUP_CURSOR | 0x001f05bc | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x001f05bc | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x001f05bc | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_ICON | 0x001f0608 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_GROUP_ICON | 0x001f0608 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_GROUP_ICON | 0x001f0608 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_VERSION | 0x001f061c | 0x00000274 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.48 | data |
| RT_MANIFEST | 0x001f0890 | 0x000002b9 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.02 | XML 1.0 document, ASCII text, with very long lines, with no line terminators |
导入
库: WINMM.dll:
• 0x4f7698 midiStreamOut
• 0x4f769c midiOutPrepareHeader
• 0x4f76a0 waveOutWrite
• 0x4f76a4 waveOutPause
• 0x4f76a8 waveOutReset
• 0x4f76ac waveOutClose
• 0x4f76b0 waveOutGetNumDevs
• 0x4f76b4 waveOutOpen
• 0x4f76b8 midiOutUnprepareHeader
• 0x4f76bc midiStreamOpen
• 0x4f76c0 midiStreamProperty
• 0x4f76c4 midiStreamStop
• 0x4f76c8 midiOutReset
• 0x4f76cc midiStreamClose
• 0x4f76d0 midiStreamRestart
• 0x4f76d4 waveOutUnprepareHeader
• 0x4f76d8 waveOutRestart
• 0x4f76dc waveOutPrepareHeader
库: WS2_32.dll:
• 0x4f76f4 WSACleanup
• 0x4f76f8 inet_ntoa
• 0x4f76fc closesocket
• 0x4f7700 getpeername
• 0x4f7704 accept
• 0x4f7708 ntohl
• 0x4f770c WSAAsyncSelect
• 0x4f7710 recvfrom
• 0x4f7714 ioctlsocket
• 0x4f7718 recv
库: KERNEL32.dll:
• 0x4f71a0 SetLastError
• 0x4f71a4 GetTimeZoneInformation
• 0x4f71a8 GetVersion
• 0x4f71ac CreateMutexA
• 0x4f71b0 ReleaseMutex
• 0x4f71b4 SuspendThread
• 0x4f71b8 FreeEnvironmentStringsA
• 0x4f71bc UnhandledExceptionFilter
• 0x4f71c0 HeapSize
• 0x4f71c4 RaiseException
• 0x4f71c8 GetLocalTime
• 0x4f71cc GetSystemTime
• 0x4f71d0 RtlUnwind
• 0x4f71d4 GetStartupInfoA
• 0x4f71d8 GetOEMCP
• 0x4f71dc GetCPInfo
• 0x4f71e0 GetProcessVersion
• 0x4f71e4 SetErrorMode
• 0x4f71e8 GlobalFlags
• 0x4f71ec GetCurrentThread
• 0x4f71f0 GetFileTime
• 0x4f71f4 TlsGetValue
• 0x4f71f8 LocalReAlloc
• 0x4f71fc TlsSetValue
• 0x4f7200 TlsFree
• 0x4f7204 GlobalHandle
• 0x4f7208 TlsAlloc
• 0x4f720c LocalAlloc
• 0x4f7210 lstrcmpA
• 0x4f7214 GlobalGetAtomNameA
• 0x4f7218 GlobalAddAtomA
• 0x4f721c GlobalFindAtomA
• 0x4f7220 GlobalDeleteAtom
• 0x4f7224 lstrcmpiA
• 0x4f7228 SetEndOfFile
• 0x4f722c UnlockFile
• 0x4f7230 LockFile
• 0x4f7234 FlushFileBuffers
• 0x4f7238 DuplicateHandle
• 0x4f723c lstrcpynA
• 0x4f7240 FileTimeToLocalFileTime
• 0x4f7244 FileTimeToSystemTime
• 0x4f7248 LocalFree
• 0x4f724c InterlockedDecrement
• 0x4f7250 InterlockedIncrement
• 0x4f7254 OpenProcess
• 0x4f7258 TerminateProcess
• 0x4f725c GetFileSize
• 0x4f7260 SetFilePointer
• 0x4f7264 CreateToolhelp32Snapshot
• 0x4f7268 Process32First
• 0x4f726c Process32Next
• 0x4f7270 GetCurrentProcess
• 0x4f7274 GetWindowsDirectoryA
• 0x4f7278 GetSystemDirectoryA
• 0x4f727c TerminateThread
• 0x4f7280 CreateSemaphoreA
• 0x4f7284 ResumeThread
• 0x4f7288 ReleaseSemaphore
• 0x4f728c EnterCriticalSection
• 0x4f7290 LeaveCriticalSection
• 0x4f7294 GetProfileStringA
• 0x4f7298 WriteFile
• 0x4f729c WaitForMultipleObjects
• 0x4f72a0 CreateFileA
• 0x4f72a4 SetEvent
• 0x4f72a8 FindResourceA
• 0x4f72ac LoadResource
• 0x4f72b0 LockResource
• 0x4f72b4 ReadFile
• 0x4f72b8 RemoveDirectoryA
• 0x4f72bc GetModuleFileNameA
• 0x4f72c0 WideCharToMultiByte
• 0x4f72c4 MultiByteToWideChar
• 0x4f72c8 GetCurrentThreadId
• 0x4f72cc ExitProcess
• 0x4f72d0 GlobalSize
• 0x4f72d4 GlobalFree
• 0x4f72d8 DeleteCriticalSection
• 0x4f72dc InitializeCriticalSection
• 0x4f72e0 lstrcatA
• 0x4f72e4 lstrlenA
• 0x4f72e8 InterlockedExchange
• 0x4f72ec WinExec
• 0x4f72f0 lstrcpyA
• 0x4f72f4 FindNextFileA
• 0x4f72f8 GlobalReAlloc
• 0x4f72fc HeapFree
• 0x4f7300 HeapReAlloc
• 0x4f7304 GetProcessHeap
• 0x4f7308 HeapAlloc
• 0x4f730c GetFullPathNameA
• 0x4f7310 FreeLibrary
• 0x4f7314 LoadLibraryA
• 0x4f7318 GetLastError
• 0x4f731c GetVersionExA
• 0x4f7320 WritePrivateProfileStringA
• 0x4f7324 GetPrivateProfileStringA
• 0x4f7328 CreateThread
• 0x4f732c CreateEventA
• 0x4f7330 Sleep
• 0x4f7334 ExpandEnvironmentStringsA
• 0x4f7338 GlobalAlloc
• 0x4f733c GlobalLock
• 0x4f7340 GlobalUnlock
• 0x4f7344 GetTempPathA
• 0x4f7348 FindFirstFileA
• 0x4f734c FindClose
• 0x4f7350 SetFileAttributesA
• 0x4f7354 GetFileAttributesA
• 0x4f7358 DeleteFileA
• 0x4f735c GetCurrentDirectoryA
• 0x4f7360 SetCurrentDirectoryA
• 0x4f7364 GetVolumeInformationA
• 0x4f7368 GetModuleHandleA
• 0x4f736c GetProcAddress
• 0x4f7370 MulDiv
• 0x4f7374 GetCommandLineA
• 0x4f7378 GetTickCount
• 0x4f737c CreateProcessA
• 0x4f7380 WaitForSingleObject
• 0x4f7384 CloseHandle
• 0x4f7388 FreeEnvironmentStringsW
• 0x4f738c GetEnvironmentStrings
• 0x4f7390 GetEnvironmentStringsW
• 0x4f7394 SetHandleCount
• 0x4f7398 GetStdHandle
• 0x4f739c GetFileType
• 0x4f73a0 GetEnvironmentVariableA
• 0x4f73a4 HeapDestroy
• 0x4f73a8 HeapCreate
• 0x4f73ac VirtualFree
• 0x4f73b0 SetEnvironmentVariableA
• 0x4f73b4 LCMapStringA
• 0x4f73b8 LCMapStringW
• 0x4f73bc VirtualAlloc
• 0x4f73c0 IsBadWritePtr
• 0x4f73c4 SetUnhandledExceptionFilter
• 0x4f73c8 GetStringTypeA
• 0x4f73cc GetStringTypeW
• 0x4f73d0 CompareStringA
• 0x4f73d4 CompareStringW
• 0x4f73d8 IsBadReadPtr
• 0x4f73dc IsBadCodePtr
• 0x4f73e0 SetStdHandle
• 0x4f73e4 GetACP
库: USER32.dll:
• 0x4f7418 GetMenu
• 0x4f741c DeleteMenu
• 0x4f7420 GetSystemMenu
• 0x4f7424 DefWindowProcA
• 0x4f7428 GetClassInfoA
• 0x4f742c IsZoomed
• 0x4f7430 SetMenu
• 0x4f7434 PeekMessageA
• 0x4f7438 GetSysColorBrush
• 0x4f743c LoadStringA
• 0x4f7440 ShowWindow
• 0x4f7444 SystemParametersInfoA
• 0x4f7448 LoadImageA
• 0x4f744c EnumDisplaySettingsA
• 0x4f7450 ClientToScreen
• 0x4f7454 EnableMenuItem
• 0x4f7458 GetSubMenu
• 0x4f745c GetDlgCtrlID
• 0x4f7460 CreateAcceleratorTableA
• 0x4f7464 CreateMenu
• 0x4f7468 ModifyMenuA
• 0x4f746c AppendMenuA
• 0x4f7470 CreatePopupMenu
• 0x4f7474 DrawIconEx
• 0x4f7478 CreateIconFromResource
• 0x4f747c CreateIconFromResourceEx
• 0x4f7480 RegisterClipboardFormatA
• 0x4f7484 SetRectEmpty
• 0x4f7488 DispatchMessageA
• 0x4f748c GetMessageA
• 0x4f7490 WindowFromPoint
• 0x4f7494 DrawFocusRect
• 0x4f7498 IsIconic
• 0x4f749c SetFocus
• 0x4f74a0 GetActiveWindow
• 0x4f74a4 DrawEdge
• 0x4f74a8 DestroyAcceleratorTable
• 0x4f74ac SetWindowRgn
• 0x4f74b0 GetMessagePos
• 0x4f74b4 ScreenToClient
• 0x4f74b8 ChildWindowFromPointEx
• 0x4f74bc CopyRect
• 0x4f74c0 LoadBitmapA
• 0x4f74c4 WinHelpA
• 0x4f74c8 KillTimer
• 0x4f74cc SetTimer
• 0x4f74d0 ReleaseCapture
• 0x4f74d4 GetCapture
• 0x4f74d8 SetCapture
• 0x4f74dc GetScrollRange
• 0x4f74e0 SetScrollRange
• 0x4f74e4 GetMenuCheckMarkDimensions
• 0x4f74e8 GetMenuState
• 0x4f74ec SetMenuItemBitmaps
• 0x4f74f0 CheckMenuItem
• 0x4f74f4 PostQuitMessage
• 0x4f74f8 SetScrollPos
• 0x4f74fc SetRect
• 0x4f7500 InflateRect
• 0x4f7504 IntersectRect
• 0x4f7508 DestroyIcon
• 0x4f750c PtInRect
• 0x4f7510 OffsetRect
• 0x4f7514 IsWindowVisible
• 0x4f7518 EnableWindow
• 0x4f751c RedrawWindow
• 0x4f7520 GetWindowLongA
• 0x4f7524 SetWindowLongA
• 0x4f7528 GetSysColor
• 0x4f752c SetActiveWindow
• 0x4f7530 SetCursorPos
• 0x4f7534 LoadCursorA
• 0x4f7538 SetCursor
• 0x4f753c GetDC
• 0x4f7540 FillRect
• 0x4f7544 IsRectEmpty
• 0x4f7548 ReleaseDC
• 0x4f754c IsChild
• 0x4f7550 DestroyMenu
• 0x4f7554 SetForegroundWindow
• 0x4f7558 GetWindowRect
• 0x4f755c EqualRect
• 0x4f7560 UpdateWindow
• 0x4f7564 ValidateRect
• 0x4f7568 InvalidateRect
• 0x4f756c GetClientRect
• 0x4f7570 GetFocus
• 0x4f7574 GetParent
• 0x4f7578 GetTopWindow
• 0x4f757c PostMessageA
• 0x4f7580 IsWindow
• 0x4f7584 SetParent
• 0x4f7588 DestroyCursor
• 0x4f758c SendMessageA
• 0x4f7590 SetWindowPos
• 0x4f7594 MessageBoxA
• 0x4f7598 GetCursorPos
• 0x4f759c GetSystemMetrics
• 0x4f75a0 EmptyClipboard
• 0x4f75a4 SetClipboardData
• 0x4f75a8 OpenClipboard
• 0x4f75ac GetClipboardData
• 0x4f75b0 CloseClipboard
• 0x4f75b4 wsprintfA
• 0x4f75b8 WaitForInputIdle
• 0x4f75bc DrawFrameControl
• 0x4f75c0 LoadIconA
• 0x4f75c4 GetForegroundWindow
• 0x4f75c8 GetDesktopWindow
• 0x4f75cc GetClassNameA
• 0x4f75d0 GetWindowThreadProcessId
• 0x4f75d4 FindWindowA
• 0x4f75d8 GetDlgItem
• 0x4f75dc GetWindowTextA
• 0x4f75e0 CallWindowProcA
• 0x4f75e4 CreateWindowExA
• 0x4f75e8 RegisterHotKey
• 0x4f75ec UnregisterHotKey
• 0x4f75f0 CopyAcceleratorTableA
• 0x4f75f4 GetKeyState
• 0x4f75f8 TranslateAcceleratorA
• 0x4f75fc MoveWindow
• 0x4f7600 IsWindowEnabled
• 0x4f7604 GetWindow
• 0x4f7608 UnregisterClassA
• 0x4f760c TranslateMessage
• 0x4f7610 GetWindowTextLengthA
• 0x4f7614 CharUpperA
• 0x4f7618 GetWindowDC
• 0x4f761c BeginPaint
• 0x4f7620 EndPaint
• 0x4f7624 TabbedTextOutA
• 0x4f7628 DrawTextA
• 0x4f762c GrayStringA
• 0x4f7630 DestroyWindow
• 0x4f7634 CreateDialogIndirectParamA
• 0x4f7638 EndDialog
• 0x4f763c GetNextDlgTabItem
• 0x4f7640 GetWindowPlacement
• 0x4f7644 RegisterWindowMessageA
• 0x4f7648 GetLastActivePopup
• 0x4f764c GetMessageTime
• 0x4f7650 RemovePropA
• 0x4f7654 GetPropA
• 0x4f7658 UnhookWindowsHookEx
• 0x4f765c SetPropA
• 0x4f7660 GetClassLongA
• 0x4f7664 CallNextHookEx
• 0x4f7668 SetWindowsHookExA
• 0x4f766c GetMenuItemID
• 0x4f7670 GetMenuItemCount
• 0x4f7674 RegisterClassA
• 0x4f7678 GetScrollPos
• 0x4f767c AdjustWindowRectEx
• 0x4f7680 MapWindowPoints
• 0x4f7684 SendDlgItemMessageA
• 0x4f7688 ScrollWindowEx
• 0x4f768c IsDialogMessageA
• 0x4f7690 SetWindowTextA
库: GDI32.dll:
• 0x4f704c LineTo
• 0x4f7050 MoveToEx
• 0x4f7054 ExcludeClipRect
• 0x4f7058 GetClipBox
• 0x4f705c ScaleWindowExtEx
• 0x4f7060 CreatePen
• 0x4f7064 PatBlt
• 0x4f7068 CombineRgn
• 0x4f706c CreateRectRgn
• 0x4f7070 FillRgn
• 0x4f7074 CreateSolidBrush
• 0x4f7078 GetStockObject
• 0x4f707c CreateFontIndirectA
• 0x4f7080 EndPage
• 0x4f7084 EndDoc
• 0x4f7088 DeleteDC
• 0x4f708c StartDocA
• 0x4f7090 StartPage
• 0x4f7094 BitBlt
• 0x4f7098 CreateCompatibleDC
• 0x4f709c Ellipse
• 0x4f70a0 Rectangle
• 0x4f70a4 ExtSelectClipRgn
• 0x4f70a8 DPtoLP
• 0x4f70ac GetCurrentObject
• 0x4f70b0 RoundRect
• 0x4f70b4 GetTextExtentPoint32A
• 0x4f70b8 GetDeviceCaps
• 0x4f70bc SetStretchBltMode
• 0x4f70c0 CreateRectRgnIndirect
• 0x4f70c4 SetBkColor
• 0x4f70c8 CreateFontA
• 0x4f70cc TranslateCharsetInfo
• 0x4f70d0 SetWindowExtEx
• 0x4f70d4 SetWindowOrgEx
• 0x4f70d8 ScaleViewportExtEx
• 0x4f70dc SetViewportExtEx
• 0x4f70e0 OffsetViewportOrgEx
• 0x4f70e4 SetViewportOrgEx
• 0x4f70e8 SetMapMode
• 0x4f70ec SetTextColor
• 0x4f70f0 SetROP2
• 0x4f70f4 SetPolyFillMode
• 0x4f70f8 SetBkMode
• 0x4f70fc GetViewportExtEx
• 0x4f7100 PtVisible
• 0x4f7104 RectVisible
• 0x4f7108 TextOutA
• 0x4f710c ExtTextOutA
• 0x4f7110 Escape
• 0x4f7114 GetTextMetricsA
• 0x4f7118 GetObjectA
• 0x4f711c SelectObject
• 0x4f7120 CreateBitmap
• 0x4f7124 CreateDCA
• 0x4f7128 CreateCompatibleBitmap
• 0x4f712c GetPolyFillMode
• 0x4f7130 GetStretchBltMode
• 0x4f7134 GetROP2
• 0x4f7138 GetBkColor
• 0x4f713c GetBkMode
• 0x4f7140 GetTextColor
• 0x4f7144 RestoreDC
• 0x4f7148 SaveDC
• 0x4f714c CreateRoundRectRgn
• 0x4f7150 CreateEllipticRgn
• 0x4f7154 PathToRegion
• 0x4f7158 EndPath
• 0x4f715c BeginPath
• 0x4f7160 GetWindowOrgEx
• 0x4f7164 GetViewportOrgEx
• 0x4f7168 GetWindowExtEx
• 0x4f716c GetDIBits
• 0x4f7170 RealizePalette
• 0x4f7174 SelectPalette
• 0x4f7178 StretchBlt
• 0x4f717c CreatePalette
• 0x4f7180 GetClipRgn
• 0x4f7184 CreateDIBitmap
• 0x4f7188 DeleteObject
• 0x4f718c SelectClipRgn
• 0x4f7190 LPtoDP
• 0x4f7194 GetSystemPaletteEntries
• 0x4f7198 CreatePolygonRgn
库: ADVAPI32.dll:
• 0x4f7000 RegQueryValueExA
• 0x4f7004 RegOpenKeyExA
• 0x4f7008 RegSetValueExA
• 0x4f700c RegCreateKeyA
• 0x4f7010 RegQueryValueA
• 0x4f7014 RegCreateKeyExA
• 0x4f7018 RegCloseKey
库: SHELL32.dll:
• 0x4f73fc SHGetSpecialFolderPathA
• 0x4f7400 DragQueryFileA
• 0x4f7404 DragFinish
• 0x4f7408 DragAcceptFiles
• 0x4f740c ShellExecuteA
• 0x4f7410 Shell_NotifyIconA
库: COMCTL32.dll:
• 0x4f7020 ImageList_Add
• 0x4f7024 ImageList_BeginDrag
• 0x4f7028 ImageList_Create
• 0x4f702c ImageList_Destroy
• 0x4f7030 ImageList_DragEnter
• 0x4f7034 ImageList_DragLeave
• 0x4f7038 ImageList_DragMove
• 0x4f703c ImageList_DragShowNolock
• 0x4f7040 ImageList_EndDrag
• 0x4f7044 None
库: comdlg32.dll:
• 0x4f7720 ChooseColorA
• 0x4f7724 GetFileTitleA
• 0x4f7728 GetSaveFileNameA
• 0x4f772c GetOpenFileNameA
.text
`.rdata
@.data
.rsrc
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
t)hQE
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 4.692 seconds )
- 2.115 VirusTotal
- 1.559 Static
- 0.404 TargetInfo
- 0.308 peid
- 0.226 NetworkAnalysis
- 0.049 BehaviorAnalysis
- 0.015 AnalysisInfo
- 0.011 Strings
- 0.003 config_decoder
- 0.002 Memory
Signatures ( 0.102 seconds )
- 0.013 antiav_detectreg
- 0.01 md_url_bl
- 0.007 anomaly_persistence_autorun
- 0.007 md_domain_bl
- 0.006 antiav_detectfile
- 0.006 infostealer_ftp
- 0.004 infostealer_bitcoin
- 0.004 infostealer_im
- 0.004 ransomware_extensions
- 0.004 ransomware_files
- 0.003 antianalysis_detectreg
- 0.002 tinba_behavior
- 0.002 rat_nanocore
- 0.002 api_spamming
- 0.002 cerber_behavior
- 0.002 antivm_vbox_files
- 0.002 geodo_banking_trojan
- 0.002 disables_browser_warn
- 0.002 infostealer_mail
- 0.001 antiemu_wine_func
- 0.001 stealth_decoy_document
- 0.001 betabot_behavior
- 0.001 ursnif_behavior
- 0.001 kibex_behavior
- 0.001 infostealer_browser_password
- 0.001 kovter_behavior
- 0.001 stealth_timeout
- 0.001 antivm_parallels_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 browser_security
- 0.001 modify_proxy
- 0.001 maldun_malicious_drop_executable_file_to_temp_folder
- 0.001 md_bad_drop
- 0.001 stealth_modify_uac_prompt
Reporting ( 0.643 seconds )
- 0.636 ReportHTMLSummary
- 0.007 Malheur
| Task ID | 535190 |
|---|---|
| Mongo ID | 5e8dc971bb7d5727e078b7c0 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号