分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2020-07-05 20:07:34 2020-07-05 20:09:57 143 秒

魔盾分数

5.941

可疑的

文件详细信息

文件名 csrss.exe
文件大小 765952 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 451555d54f9cbc96ec7a3d23bbec378c
SHA1 32bfc460d1cbd8a6e38f967cb6d439769de63a59
SHA256 562d46a7f67313bab90f7e5cc1f0671b9eac846ed07f528d4e89f5fea6bcdb48
SHA512 53ccb14eec788b8209615c3436b8e2e809eaca7eba7796be601ca54c75e756af0f20e11151877261841666a84c195a3eef083f1c5942b30142b0fe8a5859234d
CRC32 66E2EBD1
Ssdeep 12288:kH1TIZ8qgR5uaxpM6Q9VnB1weMgzrDz7BQ4:kH1suRAarfQTnPw5g7BQ4
Yara 登录查看Yara规则
样本下载 提交漏报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0046a4f7
声明校验值 0x00000000
实际校验值 0x000bc6b6
最低操作系统版本要求 4.0
编译时间 2020-07-05 19:45:37
载入哈希 a53e9d41e6441e399a62ad28458f28ef

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00088a1e 0x00089000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.57
.rdata 0x0008a000 0x00018e26 0x00019000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.82
.data 0x000a3000 0x0004322a 0x00012000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.08
.rsrc 0x000e7000 0x00005b1c 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.79

导入

库: WINMM.dll:
0x48a618 midiStreamOut
0x48a628 waveOutWrite
0x48a62c waveOutPause
0x48a630 waveOutReset
0x48a634 waveOutClose
0x48a638 waveOutGetNumDevs
0x48a63c waveOutOpen
0x48a640 midiStreamStop
0x48a644 midiOutReset
0x48a648 midiStreamClose
0x48a64c midiStreamRestart
0x48a654 midiStreamOpen
0x48a658 midiStreamProperty
库: WS2_32.dll:
0x48a670 WSACleanup
0x48a674 closesocket
0x48a678 getpeername
0x48a67c accept
0x48a680 WSAAsyncSelect
0x48a684 recvfrom
0x48a688 ioctlsocket
0x48a68c inet_ntoa
0x48a690 recv
库: KERNEL32.dll:
0x48a170 SetLastError
0x48a178 GetVersion
0x48a17c WideCharToMultiByte
0x48a180 GetACP
0x48a184 HeapSize
0x48a188 RaiseException
0x48a18c GetLocalTime
0x48a190 MultiByteToWideChar
0x48a194 RtlUnwind
0x48a198 GetStartupInfoA
0x48a19c GetOEMCP
0x48a1a0 GetCPInfo
0x48a1a4 GetProcessVersion
0x48a1a8 SetErrorMode
0x48a1ac GlobalFlags
0x48a1b0 GetCurrentThread
0x48a1b4 GetFileTime
0x48a1b8 TlsGetValue
0x48a1bc LocalReAlloc
0x48a1c0 TlsSetValue
0x48a1c4 TlsFree
0x48a1c8 GlobalHandle
0x48a1cc TlsAlloc
0x48a1d0 LocalAlloc
0x48a1d4 lstrcmpA
0x48a1d8 GlobalGetAtomNameA
0x48a1dc GlobalAddAtomA
0x48a1e0 GlobalFindAtomA
0x48a1e4 GlobalDeleteAtom
0x48a1e8 lstrcmpiA
0x48a1ec SetEndOfFile
0x48a1f0 UnlockFile
0x48a1f4 LockFile
0x48a1f8 FlushFileBuffers
0x48a1fc DuplicateHandle
0x48a200 lstrcpynA
0x48a20c LocalFree
0x48a218 GetSystemDirectoryA
0x48a220 TerminateProcess
0x48a224 GetCurrentProcess
0x48a228 GetFileSize
0x48a22c SetFilePointer
0x48a230 CreateSemaphoreA
0x48a234 ResumeThread
0x48a238 ReleaseSemaphore
0x48a244 GetProfileStringA
0x48a248 WriteFile
0x48a250 CreateFileA
0x48a254 SetEvent
0x48a258 FindResourceA
0x48a25c LoadResource
0x48a260 LockResource
0x48a264 ReadFile
0x48a268 RemoveDirectoryA
0x48a26c GetModuleFileNameA
0x48a270 GetCurrentThreadId
0x48a274 ExitProcess
0x48a278 GlobalSize
0x48a27c GlobalFree
0x48a288 lstrcatA
0x48a28c lstrlenA
0x48a290 WinExec
0x48a294 lstrcpyA
0x48a298 InterlockedExchange
0x48a29c FindNextFileA
0x48a2a0 GlobalReAlloc
0x48a2a4 HeapFree
0x48a2a8 HeapReAlloc
0x48a2ac GetProcessHeap
0x48a2b0 HeapAlloc
0x48a2b4 GetFullPathNameA
0x48a2b8 FreeLibrary
0x48a2bc LoadLibraryA
0x48a2c0 GetLastError
0x48a2c4 GetVersionExA
0x48a2cc CreateThread
0x48a2d0 CreateEventA
0x48a2d4 Sleep
0x48a2d8 GlobalAlloc
0x48a2dc GlobalLock
0x48a2e0 GlobalUnlock
0x48a2e4 GetTempPathA
0x48a2e8 FindFirstFileA
0x48a2ec FindClose
0x48a2f0 SetFileAttributesA
0x48a2f4 GetFileAttributesA
0x48a2f8 DeleteFileA
0x48a304 GetModuleHandleA
0x48a308 GetProcAddress
0x48a30c MulDiv
0x48a310 GetCommandLineA
0x48a314 GetTickCount
0x48a318 WaitForSingleObject
0x48a31c CloseHandle
0x48a334 SetHandleCount
0x48a338 GetStdHandle
0x48a33c GetFileType
0x48a344 HeapDestroy
0x48a348 HeapCreate
0x48a34c VirtualFree
0x48a354 LCMapStringA
0x48a358 LCMapStringW
0x48a35c VirtualAlloc
0x48a360 IsBadWritePtr
0x48a368 GetStringTypeA
0x48a36c GetStringTypeW
0x48a370 CompareStringA
0x48a374 CompareStringW
0x48a378 IsBadReadPtr
0x48a37c IsBadCodePtr
0x48a380 SetStdHandle
0x48a384 GetSystemTime
库: USER32.dll:
0x48a3ac GetMenu
0x48a3b0 SetMenu
0x48a3b4 PeekMessageA
0x48a3b8 IsIconic
0x48a3bc SetFocus
0x48a3c0 GetActiveWindow
0x48a3c4 DeleteMenu
0x48a3c8 GetSystemMenu
0x48a3cc DefWindowProcA
0x48a3d0 GetClassInfoA
0x48a3d4 IsZoomed
0x48a3d8 PostQuitMessage
0x48a3e0 GetKeyState
0x48a3e8 IsWindowEnabled
0x48a3ec ShowWindow
0x48a3f4 LoadImageA
0x48a3fc ClientToScreen
0x48a400 EnableMenuItem
0x48a404 GetSubMenu
0x48a408 GetDlgCtrlID
0x48a410 CreateMenu
0x48a414 ModifyMenuA
0x48a418 AppendMenuA
0x48a41c GetWindow
0x48a424 SetWindowRgn
0x48a428 GetMessagePos
0x48a42c ScreenToClient
0x48a430 CreatePopupMenu
0x48a434 CopyRect
0x48a438 LoadBitmapA
0x48a43c WinHelpA
0x48a440 KillTimer
0x48a444 SetTimer
0x48a448 ReleaseCapture
0x48a44c GetCapture
0x48a450 SetCapture
0x48a454 GetScrollRange
0x48a458 SetScrollRange
0x48a45c SetScrollPos
0x48a460 SetRect
0x48a464 InflateRect
0x48a468 IntersectRect
0x48a46c GetSysColorBrush
0x48a470 DestroyIcon
0x48a474 PtInRect
0x48a478 OffsetRect
0x48a47c IsWindowVisible
0x48a480 EnableWindow
0x48a484 RedrawWindow
0x48a488 GetWindowLongA
0x48a48c SetWindowLongA
0x48a490 GetSysColor
0x48a494 SetActiveWindow
0x48a498 SetCursorPos
0x48a49c LoadCursorA
0x48a4a0 SetCursor
0x48a4a4 GetDC
0x48a4a8 FillRect
0x48a4ac IsRectEmpty
0x48a4b0 ReleaseDC
0x48a4b4 IsChild
0x48a4b8 DestroyMenu
0x48a4bc SetForegroundWindow
0x48a4c0 GetWindowRect
0x48a4c4 EqualRect
0x48a4c8 UpdateWindow
0x48a4cc ValidateRect
0x48a4d0 InvalidateRect
0x48a4d4 GetClientRect
0x48a4d8 GetFocus
0x48a4dc GetParent
0x48a4e0 GetTopWindow
0x48a4e4 PostMessageA
0x48a4e8 IsWindow
0x48a4ec SetParent
0x48a4f0 DestroyCursor
0x48a4f4 SendMessageA
0x48a4f8 SetWindowPos
0x48a4fc MessageBoxA
0x48a500 GetCursorPos
0x48a504 GetSystemMetrics
0x48a508 EmptyClipboard
0x48a50c SetClipboardData
0x48a510 OpenClipboard
0x48a514 GetClipboardData
0x48a518 CloseClipboard
0x48a51c wsprintfA
0x48a520 DrawIconEx
0x48a530 SetRectEmpty
0x48a534 DispatchMessageA
0x48a538 GetMessageA
0x48a53c DrawFocusRect
0x48a540 DrawEdge
0x48a544 DrawFrameControl
0x48a548 TranslateMessage
0x48a54c LoadIconA
0x48a550 GetDesktopWindow
0x48a554 GetClassNameA
0x48a558 GetDlgItem
0x48a55c GetWindowTextA
0x48a560 GetForegroundWindow
0x48a568 UnregisterClassA
0x48a56c WindowFromPoint
0x48a574 CharUpperA
0x48a578 GetWindowDC
0x48a57c BeginPaint
0x48a580 EndPaint
0x48a584 TabbedTextOutA
0x48a588 DrawTextA
0x48a58c GrayStringA
0x48a590 DestroyWindow
0x48a598 EndDialog
0x48a59c GetNextDlgTabItem
0x48a5a0 GetWindowPlacement
0x48a5a8 GetLastActivePopup
0x48a5ac GetMessageTime
0x48a5b0 RemovePropA
0x48a5b4 CallWindowProcA
0x48a5b8 GetPropA
0x48a5bc UnhookWindowsHookEx
0x48a5c0 SetPropA
0x48a5c4 GetClassLongA
0x48a5c8 CallNextHookEx
0x48a5cc SetWindowsHookExA
0x48a5d0 CreateWindowExA
0x48a5d4 GetMenuItemID
0x48a5d8 GetMenuItemCount
0x48a5dc RegisterClassA
0x48a5e0 GetScrollPos
0x48a5e4 AdjustWindowRectEx
0x48a5e8 MapWindowPoints
0x48a5ec SendDlgItemMessageA
0x48a5f0 ScrollWindowEx
0x48a5f4 IsDialogMessageA
0x48a5f8 SetWindowTextA
0x48a5fc MoveWindow
0x48a600 CheckMenuItem
0x48a604 SetMenuItemBitmaps
0x48a608 GetMenuState
0x48a610 LoadStringA
库: GDI32.dll:
0x48a024 PtVisible
0x48a028 GetViewportExtEx
0x48a02c ExtSelectClipRgn
0x48a030 CombineRgn
0x48a034 CreateRectRgn
0x48a038 FillRgn
0x48a03c CreateSolidBrush
0x48a040 GetStockObject
0x48a044 CreateFontIndirectA
0x48a048 EndPage
0x48a04c EndDoc
0x48a050 DeleteDC
0x48a054 StartDocA
0x48a058 StartPage
0x48a05c BitBlt
0x48a060 CreateCompatibleDC
0x48a064 Ellipse
0x48a068 Rectangle
0x48a06c RectVisible
0x48a070 DPtoLP
0x48a074 GetCurrentObject
0x48a078 RoundRect
0x48a080 GetDeviceCaps
0x48a084 SetBkColor
0x48a088 LineTo
0x48a08c MoveToEx
0x48a090 ExcludeClipRect
0x48a094 GetClipBox
0x48a098 ScaleWindowExtEx
0x48a09c SetWindowExtEx
0x48a0a0 SetWindowOrgEx
0x48a0a4 TextOutA
0x48a0a8 ExtTextOutA
0x48a0ac Escape
0x48a0b0 GetTextMetricsA
0x48a0b4 PatBlt
0x48a0b8 CreatePen
0x48a0bc GetObjectA
0x48a0c0 SelectObject
0x48a0c4 CreateBitmap
0x48a0c8 CreateDCA
0x48a0d0 GetPolyFillMode
0x48a0d4 GetStretchBltMode
0x48a0d8 GetROP2
0x48a0dc GetBkColor
0x48a0e0 GetBkMode
0x48a0e4 GetTextColor
0x48a0e8 CreateRoundRectRgn
0x48a0ec CreateEllipticRgn
0x48a0f0 PathToRegion
0x48a0f4 EndPath
0x48a0f8 BeginPath
0x48a0fc GetWindowOrgEx
0x48a100 GetViewportOrgEx
0x48a104 ScaleViewportExtEx
0x48a108 SetViewportExtEx
0x48a10c OffsetViewportOrgEx
0x48a110 SetViewportOrgEx
0x48a114 SetMapMode
0x48a118 SetTextColor
0x48a11c SetROP2
0x48a120 SetPolyFillMode
0x48a124 GetWindowExtEx
0x48a128 GetDIBits
0x48a12c RealizePalette
0x48a130 SelectPalette
0x48a134 StretchBlt
0x48a138 CreatePalette
0x48a140 CreateDIBitmap
0x48a144 DeleteObject
0x48a148 SelectClipRgn
0x48a14c CreatePolygonRgn
0x48a154 SetStretchBltMode
0x48a158 LPtoDP
0x48a15c GetClipRgn
0x48a160 SetBkMode
0x48a164 RestoreDC
0x48a168 SaveDC
库: WINSPOOL.DRV:
0x48a660 OpenPrinterA
0x48a664 DocumentPropertiesA
0x48a668 ClosePrinter
库: ADVAPI32.dll:
0x48a000 RegOpenKeyExA
0x48a004 RegSetValueExA
0x48a008 RegQueryValueA
0x48a00c RegCreateKeyExA
0x48a010 RegCloseKey
库: SHELL32.dll:
0x48a39c ShellExecuteA
0x48a3a0 Shell_NotifyIconA
库: ole32.dll:
0x48a6ac CLSIDFromString
0x48a6b0 OleUninitialize
0x48a6b4 OleInitialize
库: OLEAUT32.dll:
0x48a38c LoadTypeLib
0x48a390 RegisterTypeLib
0x48a394 UnRegisterTypeLib
库: COMCTL32.dll:
0x48a018 None
0x48a01c ImageList_Destroy
库: comdlg32.dll:
0x48a698 ChooseColorA
0x48a69c GetFileTitleA
0x48a6a0 GetSaveFileNameA
0x48a6a4 GetOpenFileNameA

.text
`.rdata
@.data
.rsrc
PhLGK
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
8`}<j
T$th
|$`Vj
|$|Vj
T$\Vj
D$@Sj
L$8h
t<hlmJ
D$8Rj
l$<VWj
Ph@nJ
u#h\nJ
Ph4oJ
T$ Rj
L$4S+L$0Qj
t*hdoJ
D$8d%I
D$(d%I
D$(p%I
D$(d%I
D$(p%I
D$(p%I
D$8p%I
RhpoI
没有防病毒引擎扫描信息!

进程树


csrss.exe, PID: 2716, 上一级进程 PID: 2332
services.exe, PID: 428, 上一级进程 PID: 332
mscorsvw.exe, PID: 1288, 上一级进程 PID: 428
mscorsvw.exe, PID: 1008, 上一级进程 PID: 428

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 26.727 seconds )

  • 16.371 Suricata
  • 4.656 VirusTotal
  • 3.799 Static
  • 0.544 BehaviorAnalysis
  • 0.503 TargetInfo
  • 0.421 peid
  • 0.353 NetworkAnalysis
  • 0.057 AnalysisInfo
  • 0.018 Strings
  • 0.003 Memory
  • 0.002 config_decoder

Signatures ( 0.41 seconds )

  • 0.061 antiav_detectreg
  • 0.028 api_spamming
  • 0.024 infostealer_ftp
  • 0.022 stealth_timeout
  • 0.022 md_url_bl
  • 0.021 stealth_decoy_document
  • 0.02 md_domain_bl
  • 0.019 stealth_file
  • 0.014 infostealer_im
  • 0.012 antianalysis_detectreg
  • 0.009 antiav_detectfile
  • 0.008 shifu_behavior
  • 0.008 infostealer_mail
  • 0.008 ransomware_extensions
  • 0.008 ransomware_files
  • 0.007 anomaly_persistence_autorun
  • 0.006 mimics_filetime
  • 0.006 virus
  • 0.006 infostealer_bitcoin
  • 0.005 reads_self
  • 0.005 antivm_generic_disk
  • 0.004 bootkit
  • 0.004 hancitor_behavior
  • 0.004 antivm_vbox_files
  • 0.004 geodo_banking_trojan
  • 0.003 tinba_behavior
  • 0.003 betabot_behavior
  • 0.003 kibex_behavior
  • 0.003 antivm_generic_scsi
  • 0.003 antivm_xen_keys
  • 0.003 disables_browser_warn
  • 0.003 darkcomet_regkeys
  • 0.002 rat_nanocore
  • 0.002 antivm_generic_services
  • 0.002 antidbg_windows
  • 0.002 anormaly_invoke_kills
  • 0.002 cerber_behavior
  • 0.002 antivm_generic_diskreg
  • 0.002 antivm_parallels_keys
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.002 recon_fingerprint
  • 0.001 network_tor
  • 0.001 antivm_vbox_libs
  • 0.001 injection_createremotethread
  • 0.001 ursnif_behavior
  • 0.001 exec_crash
  • 0.001 injection_runpe
  • 0.001 bypass_firewall
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antisandbox_productid
  • 0.001 antivm_xen_keys
  • 0.001 antivm_hyperv_keys
  • 0.001 antivm_vbox_acpi
  • 0.001 antivm_vbox_keys
  • 0.001 antivm_vmware_keys
  • 0.001 antivm_vpc_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 maldun_anomaly_invoke_vb_vba
  • 0.001 office_security
  • 0.001 packer_armadillo_regkey
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_programs
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt

Reporting ( 1.21 seconds )

  • 0.951 ReportHTMLSummary
  • 0.259 Malheur
Task ID 557755
Mongo ID 5f01c33b2f8f2e38696631b7
Cuckoo release 1.4-Maldun