分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2020-07-05 21:47:13 | 2020-07-05 21:49:39 | 146 秒 |
魔盾分数
5.15
可疑的
文件详细信息
| 文件名 | 助瞄单板狙击.exe |
|---|---|
| 文件大小 | 4784128 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | fff7bc44e7145bbd1a8a5d5d2251e38c |
| SHA1 | 9518b71f81be9149440bed3bdd79773c09686ea7 |
| SHA256 | afa0808a97d7460b7a975d53974e91fbf51581e26951f42e39f702be1a5258db |
| SHA512 | d42ee9ce997f617bc85fd8f694567687e2f8e778dde5bd3b9119b02b051272e3a64cacda950725a40e53c4b656eb30165b0d5f93a05625efa83104dbebb90f73 |
| CRC32 | 986071C9 |
| Ssdeep | 98304:lpU0XdfHpe2UVk5KEXyfzlfVWFoP32M8A4bONSDDYJz2GNInSailuSQs6YLNcofD:7r82YVEXYzNVKVhKNSDDEdNGZTs6YBxb |
| Yara | 登录查看Yara规则 |
| 样本下载 提交漏报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x004773e1 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x0049811b |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2020-07-05 21:45:57 |
| 载入哈希 | 28bf634070b40eb17a1a8d988226ff91 |
版本信息
| LegalCopyright | |
|---|---|
| FileVersion | |
| CompanyName | |
| Comments | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00095d0e | 0x00096000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.52 |
| .rdata | 0x00097000 | 0x003dcdfa | 0x003dd000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.66 |
| .data | 0x00474000 | 0x0004448a | 0x00012000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 5.11 |
| .rsrc | 0x004b9000 | 0x00009234 | 0x0000a000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.50 |
导入
库: WINMM.dll:
• 0x497660 midiStreamOut
• 0x497664 midiOutPrepareHeader
• 0x497668 waveOutWrite
• 0x49766c waveOutPause
• 0x497670 waveOutReset
• 0x497674 waveOutClose
• 0x497678 waveOutGetNumDevs
• 0x49767c waveOutOpen
• 0x497680 midiOutUnprepareHeader
• 0x497684 midiStreamOpen
• 0x497688 midiStreamProperty
• 0x49768c midiStreamStop
• 0x497690 midiOutReset
• 0x497694 midiStreamClose
• 0x497698 midiStreamRestart
• 0x49769c waveOutUnprepareHeader
• 0x4976a0 waveOutPrepareHeader
库: WS2_32.dll:
• 0x4976b8 WSACleanup
• 0x4976bc closesocket
• 0x4976c0 getpeername
• 0x4976c4 accept
• 0x4976c8 WSAAsyncSelect
• 0x4976cc recvfrom
• 0x4976d0 ioctlsocket
• 0x4976d4 inet_ntoa
• 0x4976d8 recv
库: KERNEL32.dll:
• 0x497198 GetVersion
• 0x49719c FreeEnvironmentStringsA
• 0x4971a0 UnhandledExceptionFilter
• 0x4971a4 GetACP
• 0x4971a8 HeapSize
• 0x4971ac RaiseException
• 0x4971b0 GetLocalTime
• 0x4971b4 GetSystemTime
• 0x4971b8 RtlUnwind
• 0x4971bc GetStartupInfoA
• 0x4971c0 GetOEMCP
• 0x4971c4 GetCPInfo
• 0x4971c8 GetProcessVersion
• 0x4971cc SetErrorMode
• 0x4971d0 GlobalFlags
• 0x4971d4 GetCurrentThread
• 0x4971d8 GetFileTime
• 0x4971dc TlsGetValue
• 0x4971e0 LocalReAlloc
• 0x4971e4 TlsSetValue
• 0x4971e8 TlsFree
• 0x4971ec GlobalHandle
• 0x4971f0 TlsAlloc
• 0x4971f4 LocalAlloc
• 0x4971f8 lstrcmpA
• 0x4971fc GlobalGetAtomNameA
• 0x497200 GlobalAddAtomA
• 0x497204 GlobalFindAtomA
• 0x497208 GlobalDeleteAtom
• 0x49720c lstrcmpiA
• 0x497210 SetEndOfFile
• 0x497214 UnlockFile
• 0x497218 LockFile
• 0x49721c FlushFileBuffers
• 0x497220 DuplicateHandle
• 0x497224 lstrcpynA
• 0x497228 FileTimeToLocalFileTime
• 0x49722c FileTimeToSystemTime
• 0x497230 LocalFree
• 0x497234 InterlockedDecrement
• 0x497238 InterlockedIncrement
• 0x49723c GetTimeZoneInformation
• 0x497240 SetLastError
• 0x497244 TerminateProcess
• 0x497248 GetCurrentProcess
• 0x49724c GetFileSize
• 0x497250 SetFilePointer
• 0x497254 CreateSemaphoreA
• 0x497258 ResumeThread
• 0x49725c ReleaseSemaphore
• 0x497260 EnterCriticalSection
• 0x497264 LeaveCriticalSection
• 0x497268 GetProfileStringA
• 0x49726c WriteFile
• 0x497270 WaitForMultipleObjects
• 0x497274 CreateFileA
• 0x497278 SetEvent
• 0x49727c FindResourceA
• 0x497280 LoadResource
• 0x497284 LockResource
• 0x497288 ReadFile
• 0x49728c lstrlenW
• 0x497290 GetModuleFileNameA
• 0x497294 WideCharToMultiByte
• 0x497298 MultiByteToWideChar
• 0x49729c GetCurrentThreadId
• 0x4972a0 ExitProcess
• 0x4972a4 GlobalSize
• 0x4972a8 GlobalFree
• 0x4972ac DeleteCriticalSection
• 0x4972b0 InterlockedExchange
• 0x4972b4 InitializeCriticalSection
• 0x4972b8 lstrcatA
• 0x4972bc lstrlenA
• 0x4972c0 WinExec
• 0x4972c4 lstrcpyA
• 0x4972c8 FindNextFileA
• 0x4972cc GlobalReAlloc
• 0x4972d0 HeapFree
• 0x4972d4 HeapReAlloc
• 0x4972d8 GetProcessHeap
• 0x4972dc HeapAlloc
• 0x4972e0 GetUserDefaultLCID
• 0x4972e4 GetFullPathNameA
• 0x4972e8 FreeLibrary
• 0x4972ec LoadLibraryA
• 0x4972f0 GetLastError
• 0x4972f4 GetVersionExA
• 0x4972f8 WritePrivateProfileStringA
• 0x4972fc CreateThread
• 0x497300 CreateEventA
• 0x497304 Sleep
• 0x497308 GlobalAlloc
• 0x49730c GlobalLock
• 0x497310 GlobalUnlock
• 0x497314 FindFirstFileA
• 0x497318 FindClose
• 0x49731c SetFileAttributesA
• 0x497320 GetFileAttributesA
• 0x497324 DeleteFileA
• 0x497328 SetCurrentDirectoryA
• 0x49732c GetVolumeInformationA
• 0x497330 GetModuleHandleA
• 0x497334 GetProcAddress
• 0x497338 MulDiv
• 0x49733c GetCommandLineA
• 0x497340 GetTickCount
• 0x497344 WaitForSingleObject
• 0x497348 CloseHandle
• 0x49734c FreeEnvironmentStringsW
• 0x497350 GetEnvironmentStrings
• 0x497354 GetEnvironmentStringsW
• 0x497358 SetHandleCount
• 0x49735c GetStdHandle
• 0x497360 GetFileType
• 0x497364 GetEnvironmentVariableA
• 0x497368 HeapDestroy
• 0x49736c HeapCreate
• 0x497370 VirtualFree
• 0x497374 SetEnvironmentVariableA
• 0x497378 LCMapStringA
• 0x49737c LCMapStringW
• 0x497380 VirtualAlloc
• 0x497384 IsBadWritePtr
• 0x497388 SetUnhandledExceptionFilter
• 0x49738c GetStringTypeA
• 0x497390 GetStringTypeW
• 0x497394 CompareStringA
• 0x497398 CompareStringW
• 0x49739c IsBadReadPtr
• 0x4973a0 IsBadCodePtr
• 0x4973a4 SetStdHandle
库: USER32.dll:
• 0x4973ec GetSysColorBrush
• 0x4973f0 ShowWindow
• 0x4973f4 SystemParametersInfoA
• 0x4973f8 LoadImageA
• 0x4973fc EnumDisplaySettingsA
• 0x497400 ClientToScreen
• 0x497404 EnableMenuItem
• 0x497408 GetSubMenu
• 0x49740c GetDlgCtrlID
• 0x497410 CreateAcceleratorTableA
• 0x497414 CreateMenu
• 0x497418 ModifyMenuA
• 0x49741c AppendMenuA
• 0x497420 CreatePopupMenu
• 0x497424 DrawIconEx
• 0x497428 CreateIconFromResource
• 0x49742c CreateIconFromResourceEx
• 0x497430 RegisterClipboardFormatA
• 0x497434 SetRectEmpty
• 0x497438 DispatchMessageA
• 0x49743c GetMessageA
• 0x497440 WindowFromPoint
• 0x497444 DrawFocusRect
• 0x497448 IsZoomed
• 0x49744c GetClassInfoA
• 0x497450 DefWindowProcA
• 0x497454 GetSystemMenu
• 0x497458 DeleteMenu
• 0x49745c GetMenu
• 0x497460 SetMenu
• 0x497464 PeekMessageA
• 0x497468 IsIconic
• 0x49746c SetFocus
• 0x497470 GetActiveWindow
• 0x497474 GetWindow
• 0x497478 DrawEdge
• 0x49747c SetWindowRgn
• 0x497480 GetMessagePos
• 0x497484 ScreenToClient
• 0x497488 ChildWindowFromPointEx
• 0x49748c CopyRect
• 0x497490 LoadBitmapA
• 0x497494 WinHelpA
• 0x497498 KillTimer
• 0x49749c SetTimer
• 0x4974a0 ReleaseCapture
• 0x4974a4 GetCapture
• 0x4974a8 LoadStringA
• 0x4974ac GetMenuCheckMarkDimensions
• 0x4974b0 GetMenuState
• 0x4974b4 SetMenuItemBitmaps
• 0x4974b8 SetCapture
• 0x4974bc GetScrollRange
• 0x4974c0 SetScrollRange
• 0x4974c4 PostQuitMessage
• 0x4974c8 SetRect
• 0x4974cc InflateRect
• 0x4974d0 IntersectRect
• 0x4974d4 DestroyIcon
• 0x4974d8 PtInRect
• 0x4974dc OffsetRect
• 0x4974e0 IsWindowVisible
• 0x4974e4 EnableWindow
• 0x4974e8 RedrawWindow
• 0x4974ec GetWindowLongA
• 0x4974f0 SetWindowLongA
• 0x4974f4 GetSysColor
• 0x4974f8 SetActiveWindow
• 0x4974fc SetCursorPos
• 0x497500 LoadCursorA
• 0x497504 SetCursor
• 0x497508 GetDC
• 0x49750c FillRect
• 0x497510 IsRectEmpty
• 0x497514 ReleaseDC
• 0x497518 IsChild
• 0x49751c DestroyMenu
• 0x497520 SetForegroundWindow
• 0x497524 GetWindowRect
• 0x497528 EqualRect
• 0x49752c UpdateWindow
• 0x497530 ValidateRect
• 0x497534 InvalidateRect
• 0x497538 GetClientRect
• 0x49753c GetFocus
• 0x497540 GetParent
• 0x497544 GetTopWindow
• 0x497548 PostMessageA
• 0x49754c IsWindow
• 0x497550 SetParent
• 0x497554 DestroyCursor
• 0x497558 SendMessageA
• 0x49755c SetWindowPos
• 0x497560 MessageBoxA
• 0x497564 GetCursorPos
• 0x497568 GetSystemMetrics
• 0x49756c EmptyClipboard
• 0x497570 SetClipboardData
• 0x497574 OpenClipboard
• 0x497578 GetClipboardData
• 0x49757c CloseClipboard
• 0x497580 wsprintfA
• 0x497584 DrawFrameControl
• 0x497588 TranslateMessage
• 0x49758c LoadIconA
• 0x497590 CallWindowProcA
• 0x497594 CreateWindowExA
• 0x497598 RegisterHotKey
• 0x49759c UnregisterHotKey
• 0x4975a0 GetDesktopWindow
• 0x4975a4 GetClassNameA
• 0x4975a8 GetDlgItem
• 0x4975ac GetWindowTextA
• 0x4975b0 GetForegroundWindow
• 0x4975b4 CopyAcceleratorTableA
• 0x4975b8 GetKeyState
• 0x4975bc TranslateAcceleratorA
• 0x4975c0 SetScrollPos
• 0x4975c4 IsWindowEnabled
• 0x4975c8 DestroyAcceleratorTable
• 0x4975cc UnregisterClassA
• 0x4975d0 GetWindowTextLengthA
• 0x4975d4 CharUpperA
• 0x4975d8 GetWindowDC
• 0x4975dc BeginPaint
• 0x4975e0 EndPaint
• 0x4975e4 TabbedTextOutA
• 0x4975e8 DrawTextA
• 0x4975ec GrayStringA
• 0x4975f0 DestroyWindow
• 0x4975f4 CreateDialogIndirectParamA
• 0x4975f8 EndDialog
• 0x4975fc GetNextDlgTabItem
• 0x497600 GetWindowPlacement
• 0x497604 RegisterWindowMessageA
• 0x497608 GetLastActivePopup
• 0x49760c GetMessageTime
• 0x497610 RemovePropA
• 0x497614 GetPropA
• 0x497618 UnhookWindowsHookEx
• 0x49761c SetPropA
• 0x497620 GetClassLongA
• 0x497624 CallNextHookEx
• 0x497628 SetWindowsHookExA
• 0x49762c GetMenuItemID
• 0x497630 GetMenuItemCount
• 0x497634 RegisterClassA
• 0x497638 GetScrollPos
• 0x49763c AdjustWindowRectEx
• 0x497640 MapWindowPoints
• 0x497644 SendDlgItemMessageA
• 0x497648 ScrollWindowEx
• 0x49764c IsDialogMessageA
• 0x497650 SetWindowTextA
• 0x497654 MoveWindow
• 0x497658 CheckMenuItem
库: GDI32.dll:
• 0x497044 LineTo
• 0x497048 MoveToEx
• 0x49704c ExcludeClipRect
• 0x497050 GetStretchBltMode
• 0x497054 GetPolyFillMode
• 0x497058 CreateCompatibleBitmap
• 0x49705c CreateDCA
• 0x497060 CreateBitmap
• 0x497064 SelectObject
• 0x497068 CreatePen
• 0x49706c PatBlt
• 0x497070 CombineRgn
• 0x497074 CreateRectRgn
• 0x497078 FillRgn
• 0x49707c CreateSolidBrush
• 0x497080 CreateFontIndirectA
• 0x497084 GetStockObject
• 0x497088 GetObjectA
• 0x49708c EndPage
• 0x497090 EndDoc
• 0x497094 DeleteDC
• 0x497098 StartDocA
• 0x49709c StartPage
• 0x4970a0 CreateCompatibleDC
• 0x4970a4 Ellipse
• 0x4970a8 Rectangle
• 0x4970ac LPtoDP
• 0x4970b0 DPtoLP
• 0x4970b4 GetCurrentObject
• 0x4970b8 RoundRect
• 0x4970bc GetTextExtentPoint32A
• 0x4970c0 GetDeviceCaps
• 0x4970c4 GetClipBox
• 0x4970c8 ScaleWindowExtEx
• 0x4970cc SetWindowExtEx
• 0x4970d0 SetWindowOrgEx
• 0x4970d4 ScaleViewportExtEx
• 0x4970d8 SetViewportExtEx
• 0x4970dc OffsetViewportOrgEx
• 0x4970e0 SetViewportOrgEx
• 0x4970e4 SetMapMode
• 0x4970e8 SetTextColor
• 0x4970ec SetROP2
• 0x4970f0 ExtSelectClipRgn
• 0x4970f4 GetViewportExtEx
• 0x4970f8 PtVisible
• 0x4970fc RectVisible
• 0x497100 TextOutA
• 0x497104 ExtTextOutA
• 0x497108 Escape
• 0x49710c GetTextMetricsA
• 0x497110 GetROP2
• 0x497114 GetBkColor
• 0x497118 GetBkMode
• 0x49711c GetTextColor
• 0x497120 CreateRoundRectRgn
• 0x497124 CreateEllipticRgn
• 0x497128 PathToRegion
• 0x49712c EndPath
• 0x497130 BeginPath
• 0x497134 SetPolyFillMode
• 0x497138 SetBkMode
• 0x49713c RestoreDC
• 0x497140 SaveDC
• 0x497144 GetWindowOrgEx
• 0x497148 GetViewportOrgEx
• 0x49714c GetWindowExtEx
• 0x497150 GetDIBits
• 0x497154 RealizePalette
• 0x497158 SelectPalette
• 0x49715c StretchBlt
• 0x497160 CreatePalette
• 0x497164 GetSystemPaletteEntries
• 0x497168 CreateDIBitmap
• 0x49716c DeleteObject
• 0x497170 SelectClipRgn
• 0x497174 CreatePolygonRgn
• 0x497178 GetClipRgn
• 0x49717c SetStretchBltMode
• 0x497180 CreateRectRgnIndirect
• 0x497184 SetBkColor
• 0x497188 CreateFontA
• 0x49718c TranslateCharsetInfo
• 0x497190 BitBlt
库: ADVAPI32.dll:
• 0x497000 RegOpenKeyExA
• 0x497004 RegSetValueExA
• 0x497008 RegQueryValueA
• 0x49700c RegCreateKeyExA
• 0x497010 RegCloseKey
库: SHELL32.dll:
• 0x4973d4 ShellExecuteA
• 0x4973d8 Shell_NotifyIconA
• 0x4973dc DragAcceptFiles
• 0x4973e0 DragFinish
• 0x4973e4 DragQueryFileA
库: ole32.dll:
• 0x4976f4 CLSIDFromProgID
• 0x4976f8 OleRun
• 0x4976fc CoCreateInstance
• 0x497700 CLSIDFromString
• 0x497704 OleUninitialize
• 0x497708 OleInitialize
库: OLEAUT32.dll:
• 0x4973ac UnRegisterTypeLib
• 0x4973b0 LoadTypeLib
• 0x4973b4 LHashValOfNameSys
• 0x4973b8 RegisterTypeLib
• 0x4973bc SysAllocString
• 0x4973c0 VariantInit
• 0x4973c4 VariantCopyInd
• 0x4973c8 VariantChangeType
• 0x4973cc VariantClear
库: COMCTL32.dll:
• 0x497018 ImageList_Add
• 0x49701c ImageList_BeginDrag
• 0x497020 ImageList_Create
• 0x497024 ImageList_Destroy
• 0x497028 ImageList_DragEnter
• 0x49702c ImageList_DragLeave
• 0x497030 ImageList_DragMove
• 0x497034 ImageList_DragShowNolock
• 0x497038 ImageList_EndDrag
• 0x49703c None
库: comdlg32.dll:
• 0x4976e0 ChooseColorA
• 0x4976e4 GetFileTitleA
• 0x4976e8 GetSaveFileNameA
• 0x4976ec GetOpenFileNameA
.text
`.rdata
@.data
.rsrc
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect begin
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
8`}<j
T$hVj
DRQPj
T$|Vj
T$th
|$|Vj
T$\Vj
D$@Sj
L$8h
jjjjh
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 36.718 seconds )
- 15.585 Suricata
- 14.753 Static
- 3.871 VirusTotal
- 1.486 TargetInfo
- 0.444 peid
- 0.352 NetworkAnalysis
- 0.107 BehaviorAnalysis
- 0.085 AnalysisInfo
- 0.018 Strings
- 0.014 config_decoder
- 0.003 Memory
Signatures ( 0.185 seconds )
- 0.027 antiav_detectreg
- 0.02 md_url_bl
- 0.019 md_domain_bl
- 0.011 infostealer_ftp
- 0.007 anomaly_persistence_autorun
- 0.007 antiav_detectfile
- 0.007 infostealer_im
- 0.007 ransomware_files
- 0.006 antianalysis_detectreg
- 0.006 ransomware_extensions
- 0.005 infostealer_bitcoin
- 0.004 api_spamming
- 0.004 antidbg_windows
- 0.004 infostealer_mail
- 0.003 tinba_behavior
- 0.003 stealth_decoy_document
- 0.003 stealth_timeout
- 0.003 antivm_vbox_files
- 0.003 geodo_banking_trojan
- 0.003 disables_browser_warn
- 0.002 rat_nanocore
- 0.002 betabot_behavior
- 0.002 cerber_behavior
- 0.002 browser_security
- 0.002 modify_proxy
- 0.002 md_bad_drop
- 0.001 ursnif_behavior
- 0.001 kibex_behavior
- 0.001 antivm_generic_scsi
- 0.001 shifu_behavior
- 0.001 antianalysis_detectfile
- 0.001 antivm_generic_diskreg
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 darkcomet_regkeys
- 0.001 maldun_malicious_drop_executable_file_to_temp_folder
- 0.001 office_security
- 0.001 rat_spynet
- 0.001 recon_fingerprint
- 0.001 stealth_hide_notifications
- 0.001 stealth_modify_uac_prompt
Reporting ( 1.238 seconds )
- 0.984 ReportHTMLSummary
- 0.254 Malheur
| Task ID | 557760 |
|---|---|
| Mongo ID | 5f01daa22f8f2e385d6631a1 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号