恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-hpdapp01-1	2020-07-05 20:21:07	2020-07-05 20:21:50	43 秒

魔盾分数

1.75

正常的

文件详细信息

文件名	version.dll
文件大小	86528 字节
文件类型	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	1332ec3b421b6e54b2fff1e2edc577fd
SHA1	b4e5d366a4a0ec24a3d09bc515b2cb29f6fe1132
SHA256	9e0a6e632527e726afcac65994363ed138ecfc8a39468ca59844418b3c842cb8
SHA512	7beb5c5fab193e68bcd7676ab9696f614e65da8bfd1b253687ef172ae21246635c2f8904864f94dad0c58c963c27d59f3aec8620141fcb9c683bd097ea253813
CRC32	8E78E9ED
Ssdeep	1536:FbErvw2sROmnVoTybrAVGYPc8+8NZsz/EohuOwu2J41rkdImckVPxIiTL4o3/ZEr:FbEbw99GTyb0QYPc8hNZ0V2J41rkd/cV
Yara	登录查看Yara规则
	样本下载提交漏报

登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址	0x180000000
入口地址	0x18000c0e0
声明校验值	0x00000000
实际校验值	0x000231ac
最低操作系统版本要求	6.0
编译时间	2020-04-24 21:02:31
载入哈希	5c3fd36291f3a821a62412184728504a
导出DLL库名称	\x31\x31\x31\x31\x31\x31\x31\x34\x31\x31\x31

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x0000f31c	0x0000f400	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.46
.rdata	0x00011000	0x000043b2	0x00004400	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.93
.data	0x00016000	0x00000b68	0x00000400	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	4.66
.pdata	0x00017000	0x00000a68	0x00000c00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.37
.rsrc	0x00018000	0x00000320	0x00000400	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	2.67
.reloc	0x00019000	0x00000088	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	1.84

导入

库: KERNEL32.dll:

• 0x180011000 VirtualFree

• 0x180011008 VirtualAlloc

• 0x180011010 GetSystemInfo

• 0x180011018 VirtualQuery

• 0x180011020 HeapCreate

• 0x180011028 VirtualProtect

• 0x180011030 HeapFree

• 0x180011038 GetCurrentProcess

• 0x180011040 Thread32Next

• 0x180011048 Thread32First

• 0x180011050 GetCurrentThreadId

• 0x180011058 SuspendThread

• 0x180011060 ResumeThread

• 0x180011068 CreateToolhelp32Snapshot

• 0x180011070 Sleep

• 0x180011078 HeapReAlloc

• 0x180011080 CloseHandle

• 0x180011088 HeapAlloc

• 0x180011090 GetThreadContext

• 0x180011098 GetProcAddress

• 0x1800110a0 GetCurrentProcessId

• 0x1800110a8 GetModuleHandleW

• 0x1800110b0 FlushInstructionCache

• 0x1800110b8 SetThreadContext

• 0x1800110c0 OpenThread

• 0x1800110c8 SetLastError

• 0x1800110d0 GetCommandLineW

• 0x1800110d8 GetModuleFileNameW

• 0x1800110e0 LocalAlloc

• 0x1800110e8 CreateFileW

• 0x1800110f0 GetSystemDirectoryW

• 0x1800110f8 UnmapViewOfFile

• 0x180011100 OutputDebugStringW

• 0x180011108 DisableThreadLibraryCalls

• 0x180011110 lstrcatW

• 0x180011118 K32GetModuleInformation

• 0x180011120 LoadLibraryW

• 0x180011128 VirtualProtectEx

• 0x180011130 LocalFree

• 0x180011138 GetFileSize

• 0x180011140 ExitProcess

• 0x180011148 lstrcpyW

• 0x180011150 CreateFileMappingW

• 0x180011158 MapViewOfFile

• 0x180011160 FreeLibrary

• 0x180011168 RaiseException

• 0x180011170 EncodePointer

• 0x180011178 InterlockedFlushSList

• 0x180011180 RtlUnwindEx

• 0x180011188 IsDebuggerPresent

• 0x180011190 InitializeSListHead

• 0x180011198 GetTickCount64

• 0x1800111a0 GetSystemTimeAsFileTime

• 0x1800111a8 QueryPerformanceCounter

• 0x1800111b0 IsProcessorFeaturePresent

• 0x1800111b8 TerminateProcess

• 0x1800111c0 SetUnhandledExceptionFilter

• 0x1800111c8 UnhandledExceptionFilter

• 0x1800111d0 RtlVirtualUnwind

• 0x1800111d8 RtlLookupFunctionEntry

• 0x1800111e0 RtlCaptureContext

库: USER32.dll:

• 0x180011238 CallNextHookEx

• 0x180011240 WindowFromPoint

• 0x180011248 SendMessageTimeoutW

• 0x180011250 GetKeyState

• 0x180011258 GetForegroundWindow

• 0x180011260 GetClassNameW

• 0x180011268 SetWindowsHookExW

• 0x180011270 wsprintfW

• 0x180011278 GetParent

• 0x180011280 IsWindowVisible

• 0x180011288 PtInRect

库: SHELL32.dll:

• 0x180011208 ShellExecuteExW

• 0x180011210 CommandLineToArgvW

库: SHLWAPI.dll:

• 0x180011220 PathRemoveFileSpecW

• 0x180011228 PathCanonicalizeW

库: OLEACC.dll:

• 0x1800111f0 AccessibleChildren

• 0x1800111f8 AccessibleObjectFromWindow

库: msvcrt.dll:

• 0x180011298 _CxxThrowException

• 0x1800112a0 abort

• 0x1800112a8 __DestructExceptionObject

• 0x1800112b0 memmove

• 0x1800112b8 _invalid_parameter

• 0x1800112c0 _lock

• 0x1800112c8 _unlock

• 0x1800112d0 __CxxFrameHandler3

• 0x1800112d8 ??3@YAXPEAX@Z

• 0x1800112e0 ?terminate@@YAXXZ

• 0x1800112e8 __CppXcptFilter

• 0x1800112f0 ??8type_info@@QEBAHAEBV0@@Z

• 0x1800112f8 strcmp

• 0x180011300 _vsnwprintf_s

• 0x180011308 _vscwprintf

• 0x180011310 free

• 0x180011318 __getmainargs

• 0x180011320 _amsg_exit

• 0x180011328 _errno

• 0x180011330 ??0exception@@QEAA@AEBQEBD@Z

• 0x180011338 memset

• 0x180011340 _cexit

• 0x180011348 __C_specific_handler

• 0x180011350 _initterm_e

• 0x180011358 _initterm

• 0x180011360 isspace

• 0x180011368 wcsstr

• 0x180011370 _memicmp

• 0x180011378 ??0exception@@QEAA@AEBV0@@Z

• 0x180011380 ??1exception@@UEAA@XZ

• 0x180011388 ?what@exception@@UEBAPEBDXZ

• 0x180011390 malloc

• 0x180011398 ??2@YAPEAX_K@Z

• 0x1800113a0 memchr

• 0x1800113a8 memcmp

• 0x1800113b0 memcpy

• 0x1800113b8 wcscmp

导出

序列	地址	名称
1	0x180006bf0	GetFileVersionInfoA
2	0x180006ce0	GetFileVersionInfoByHandle
3	0x180006c90	GetFileVersionInfoExA
4	0x180006c40	GetFileVersionInfoExW
5	0x180006c04	GetFileVersionInfoSizeA
6	0x180006ca4	GetFileVersionInfoSizeExA
7	0x180006c54	GetFileVersionInfoSizeExW
8	0x180006c68	GetFileVersionInfoSizeW
9	0x180006c7c	GetFileVersionInfoW
10	0x180006cb8	VerFindFileA
11	0x180006cf4	VerFindFileW
12	0x180006ccc	VerInstallFileA
13	0x180006d08	VerInstallFileW
14	0x180006d1c	VerLanguageNameA
15	0x180006d30	VerLanguageNameW
16	0x180006c18	VerQueryValueA
17	0x180006c2c	VerQueryValueW
18	0x180009830	shuax

.text
`.rdata
@.data
.pdata
@.rsrc
@.reloc
bad exception
AddDllDirectory
bad array new length
.text
.rdata
LdrLoadDll
<dom-module id="settings-about-page"
hidden="true"
hidden="[[!showUpdateStatus_]]"
hidden="[[!shouldShowIcons_(showUpdateStatus_)]]"
{aboutBrowserVersion}</div><div class="secondary"><a target="_blank" href="https://shuax.com/project/chrome/">Chrome++</a> 1.3.0 inside</div>
{aboutBrowserVersion}</div>
PSStringFromPropertyKey
GetComputerNameW
GetVolumeInformationW
CryptProtectData
CryptUnprotectData
LogonUserW
NetUserGetInfo
invalid string position
vector too long
string too long
.text$mn
.text$mn$00
.text$x
.idata$5
.00cfg
.CRT$XCA
.CRT$XCZ
.CRT$XIA
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$r
.rdata$zzzdbg
.tls$
.tls$ZZZ
.xdata
.xdata$x
.edata
.idata$2
.idata$3
.idata$4
.idata$6
.data
.data$r
.pdata
.rsrc$01
.rsrc$02
version.dll
GetFileVersionInfoA
GetFileVersionInfoByHandle
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW
shuax
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
CloseHandle
HeapAlloc
GetThreadContext
GetProcAddress
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
SetLastError
GetCommandLineW
GetModuleFileNameW
LocalAlloc
CreateFileW
GetSystemDirectoryW
UnmapViewOfFile
OutputDebugStringW
DisableThreadLibraryCalls
lstrcatW
K32GetModuleInformation
LoadLibraryW
VirtualProtectEx
LocalFree
GetFileSize
ExitProcess
lstrcpyW
CreateFileMappingW
MapViewOfFile
KERNEL32.dll
PtInRect
GetParent
wsprintfW
SetWindowsHookExW
GetClassNameW
GetForegroundWindow
WindowFromPoint
CallNextHookEx
IsWindowVisible
SendMessageTimeoutW
GetKeyState
USER32.dll
CommandLineToArgvW
ShellExecuteExW
SHELL32.dll
PathRemoveFileSpecW
PathCanonicalizeW
SHLWAPI.dll
AccessibleChildren
AccessibleObjectFromWindow
OLEACC.dll
malloc
??2@YAPEAX_K@Z
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_memicmp
wcsstr
isspace
_initterm
_initterm_e
__C_specific_handler
_cexit
memset
_errno
_amsg_exit
__getmainargs
??0exception@@QEAA@AEBQEBD@Z
_CxxThrowException
abort
__DestructExceptionObject
memmove
_invalid_parameter
_lock
_unlock
__CxxFrameHandler3
msvcrt.dll
??3@YAXPEAX@Z
?terminate@@YAXXZ
__CppXcptFilter
??8type_info@@QEBAHAEBV0@@Z
_vsnwprintf_s
_vscwprintf
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
InterlockedFlushSList
EncodePointer
RaiseException
FreeLibrary
memchr
memcmp
memcpy
strcmp
wcscmp
@@@@AI@@@@LB@@@@@@@@ODS@@@DWC\@`@@@@@@@@@@@@@@dfnk@@jF@@DF@@[D@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVbad_exception@std@@
.?AVbad_alloc@std@@
.?AVexception@@
.?AVbad_array_new_length@std@@
api-ms-win-core-datetime-l1-1-1
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-file-l1-2-2
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-synch-l1-2-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
advapi32
kernel32
ntdll
api-ms-win-appmodel-runtime-l1-1-2
user32
\version.dll
pepflashplayer
patch flash failed %p
chrome.dll
patch DevWarning failed %p
ntdll.dll
MH_CreateHook LdrLoadDll failed:%d
Chrome_WidgetWin_1
FindTopContainerView failed
IsOnOneTab failed
IsOnlyOneTab failed
IsOnTheTab failed
\..\Data
--with-chrome-plus-plus
--disable-features=RendererCodeIntegrity,FlashDeprecationWarning
--user-data-dir=%s
resources.pak
MH_CreateHook CreateFileW failed:%d
Propsys.dll
MH_CreateHook PSStringFromPropertyKey failed:%d
kernel32.dll
MH_CreateHook GetComputerNameW failed:%d
MH_CreateHook GetVolumeInformationW failed:%d
Crypt32.dll
MH_CreateHook CryptProtectData failed:%d
MH_CreateHook CryptUnprotectData failed:%d
Advapi32.dll
MH_CreateHook LogonUserW failed:%d
Shlwapi.dll
MH_CreateHook IsOS failed:%d
Netapi32.dll
MH_CreateHook NetUserGetInfo failed:%d
-type=
MH_CreateHook InstallLoader failed:%d
MH_Initialize failed:%d
ngzip compress error %d %d
VS_VERSION_INFO
StringFileInfo
080404b0
CompanyName
www.shuax.com
FileDescription
FileVersion
1.3.0
InternalName
chrome++.dll
LegalCopyright
 2020
OriginalFilename
chrome++.dll
ProductName
chrome++
ProductVersion
1.3.0
VarFileInfo
Translation

防病毒引擎/厂商	病毒名/规则匹配	病毒库日期
Bkav	未发现病毒	20200509
DrWeb	未发现病毒	20200509
MicroWorld-eScan	未发现病毒	20200509
FireEye	未发现病毒	20200508
CAT-QuickHeal	未发现病毒	20200509
ALYac	未发现病毒	20200509
Cylance	未发现病毒	20200509
Zillya	未发现病毒	20200508
SUPERAntiSpyware	未发现病毒	20200508
Sangfor	未发现病毒	20200423
CrowdStrike	未发现病毒	20190702
Alibaba	未发现病毒	20190527
K7GW	未发现病毒	20200509
K7AntiVirus	未发现病毒	20200509
Arcabit	未发现病毒	20200509
Invincea	未发现病毒	20200502
BitDefenderTheta	未发现病毒	20200428
F-Prot	未发现病毒	20200509
Symantec	未发现病毒	20200508
ESET-NOD32	未发现病毒	20200509
APEX	未发现病毒	20200507
TotalDefense	未发现病毒	20200509
Avast	未发现病毒	20200509
ClamAV	未发现病毒	20200509
GData	未发现病毒	20200509
Kaspersky	未发现病毒	20200509
BitDefender	未发现病毒	20200509
NANO-Antivirus	未发现病毒	20200509
Paloalto	未发现病毒	20200509
ViRobot	未发现病毒	20200509
Rising	未发现病毒	20200509
Ad-Aware	未发现病毒	20200509
Sophos	未发现病毒	20200509
Comodo	未发现病毒	20200509
F-Secure	未发现病毒	20200509
Baidu	未发现病毒	20190318
VIPRE	未发现病毒	20200509
TrendMicro	未发现病毒	20200509
McAfee-GW-Edition	未发现病毒	20200509
Trapmine	未发现病毒	20200505
CMC	未发现病毒	20190321
Emsisoft	未发现病毒	20200509
SentinelOne	未发现病毒	20200505
Cyren	未发现病毒	20200509
Jiangmin	未发现病毒	20200509
Webroot	未发现病毒	20200509
Avira	未发现病毒	20200509
Antiy-AVL	未发现病毒	20200509
Kingsoft	未发现病毒	20200509
Microsoft	未发现病毒	20200509
Endgame	未发现病毒	20200226
AegisLab	未发现病毒	20200509
ZoneAlarm	未发现病毒	20200509
Avast-Mobile	未发现病毒	20200508
TACHYON	未发现病毒	20200508
AhnLab-V3	未发现病毒	20200509
Acronis	未发现病毒	20200509
McAfee	未发现病毒	20200509
MAX	未发现病毒	20200509
VBA32	未发现病毒	20200508
Malwarebytes	未发现病毒	20200509
Zoner	未发现病毒	20200508
TrendMicro-HouseCall	未发现病毒	20200509
Tencent	未发现病毒	20200509
Yandex	未发现病毒	20200507
Ikarus	未发现病毒	20200509
eGambit	未发现病毒	20200509
Fortinet	未发现病毒	20200509
MaxSecure	未发现病毒	20200509
AVG	未发现病毒	20200509
Panda	未发现病毒	20200509
Qihoo-360	未发现病毒	20200509

进程树

rundll32.exe id: 2700

搜索
rundll32.exe (2700)

rundll32.exe, PID: 2700, 上一级进程 PID: 2332

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 5.791 seconds )

3.385 VirusTotal
1.169 Static
0.424 peid
0.334 TargetInfo
0.239 NetworkAnalysis
0.141 AnalysisInfo
0.084 BehaviorAnalysis
0.012 Strings
0.003 Memory

Signatures ( 0.163 seconds )

0.02 md_url_bl
0.019 md_domain_bl
0.017 antiav_detectreg
0.008 antiav_detectfile
0.008 infostealer_ftp
0.007 anomaly_persistence_autorun
0.007 ransomware_files
0.006 ransomware_extensions
0.005 infostealer_bitcoin
0.005 infostealer_im
0.003 tinba_behavior
0.003 api_spamming
0.003 antianalysis_detectreg
0.003 antivm_vbox_files
0.003 disables_browser_warn
0.003 infostealer_mail
0.002 stealth_decoy_document
0.002 rat_nanocore
0.002 injection_createremotethread
0.002 cerber_behavior
0.002 stealth_timeout
0.002 geodo_banking_trojan
0.002 bot_drive
0.002 browser_security
0.002 modify_proxy
0.002 md_bad_drop
0.001 network_tor
0.001 mimics_filetime
0.001 betabot_behavior
0.001 reads_self
0.001 ursnif_behavior
0.001 kibex_behavior
0.001 shifu_behavior
0.001 injection_runpe
0.001 antianalysis_detectfile
0.001 antidbg_devices
0.001 antivm_parallels_keys
0.001 antivm_xen_keys
0.001 banker_zeus_mutex
0.001 bot_drive2
0.001 browser_addon
0.001 disables_system_restore
0.001 disables_windows_defender
0.001 maldun_malicious_drop_executable_file_to_temp_folder
0.001 office_security
0.001 rat_pcclient
0.001 rat_spynet
0.001 stealth_hide_notifications
0.001 stealth_modify_uac_prompt

Reporting ( 1.128 seconds )

0.881 ReportHTMLSummary
0.247 Malheur


Task ID	557756
Mongo ID	5f01c5ea2f8f2e386a663116
Cuckoo release	1.4-Maldun