恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-hpdapp01-1	2020-07-05 23:48:54	2020-07-05 23:49:51	57 秒

魔盾分数

2.0

正常的

文件详细信息

文件名	version.dll
文件大小	107008 字节
文件类型	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	03e710788b9e710e21bbc20ddadff3d4
SHA1	ba4efd4565b1d26b461010d2825f7441bbf51775
SHA256	2bfe3473afc151ed060612696f5a43f022af0a6d434affdc39d028f5e2f5dfcd
SHA512	589c2b83533bd75e5f35b3673933d18eeaf2329f97253dff68f3d77e1150a4dd09b266ea94954b53869d81b2c70386b953f1a22d9203a22d1f82b15a18ad1252
CRC32	EF41F0EE
Ssdeep	3072:HEE9/Tp6s0ZlgTs/NNLo0vKdtV9eAscS1fxaTZYJ/ZxClckVPxiTyKiNTBs/3ZJk:Hnx0DgTCrBCdD9ea
Yara	登录查看Yara规则
	样本下载提交漏报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址	0x180000000
入口地址	0x1800074b0
声明校验值	0x00000000
实际校验值	0x00020010
最低操作系统版本要求	6.0
编译时间	2019-03-11 16:39:20
载入哈希	827b5480936cc786f8bd12d8ef3fe8a9
导出DLL库名称	\x31\x31\x31\x31\x31\x31\x31\x34\x31\x31\x31

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x0001075d	0x00010800	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.26
.rdata	0x00012000	0x0000538a	0x00005400	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.87
.data	0x00018000	0x000044d8	0x00002200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	2.90
.pdata	0x0001d000	0x000011b8	0x00001200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.02
_RDATA	0x0001f000	0x000006f0	0x00000800	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	2.94
.reloc	0x00020000	0x000005b8	0x00000600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	4.09

导入

库: VERSION.dll:

• 0x1800122d0 VerQueryValueA

• 0x1800122d8 GetFileVersionInfoA

• 0x1800122e0 GetFileVersionInfoSizeA

库: KERNEL32.dll:

• 0x180012000 FlushFileBuffers

• 0x180012008 WriteConsoleW

• 0x180012010 SetStdHandle

• 0x180012018 DisableThreadLibraryCalls

• 0x180012020 GetModuleHandleW

• 0x180012028 GetSystemDirectoryW

• 0x180012030 LoadLibraryW

• 0x180012038 GetProcAddress

• 0x180012040 GetSystemTimeAsFileTime

• 0x180012048 GetModuleFileNameA

• 0x180012050 VirtualProtect

• 0x180012058 GetStringTypeW

• 0x180012060 FlushInstructionCache

• 0x180012068 HeapCreate

• 0x180012070 HeapDestroy

• 0x180012078 HeapAlloc

• 0x180012080 HeapReAlloc

• 0x180012088 HeapFree

• 0x180012090 GetCurrentProcess

• 0x180012098 GetCurrentProcessId

• 0x1800120a0 GetCurrentThreadId

• 0x1800120a8 OpenThread

• 0x1800120b0 GetThreadContext

• 0x1800120b8 SetThreadContext

• 0x1800120c0 SuspendThread

• 0x1800120c8 ResumeThread

• 0x1800120d0 Sleep

• 0x1800120d8 CloseHandle

• 0x1800120e0 CreateToolhelp32Snapshot

• 0x1800120e8 Thread32First

• 0x1800120f0 Thread32Next

• 0x1800120f8 VirtualAlloc

• 0x180012100 VirtualFree

• 0x180012108 VirtualQuery

• 0x180012110 GetSystemInfo

• 0x180012118 RtlUnwindEx

• 0x180012120 GetLastError

• 0x180012128 GetCommandLineA

• 0x180012130 IsDebuggerPresent

• 0x180012138 RaiseException

• 0x180012140 LoadLibraryExW

• 0x180012148 MultiByteToWideChar

• 0x180012150 WideCharToMultiByte

• 0x180012158 IsProcessorFeaturePresent

• 0x180012160 EncodePointer

• 0x180012168 DecodePointer

• 0x180012170 ExitProcess

• 0x180012178 GetModuleHandleExW

• 0x180012180 CreateFileW

• 0x180012188 GetStdHandle

• 0x180012190 WriteFile

• 0x180012198 GetModuleFileNameW

• 0x1800121a0 GetProcessHeap

• 0x1800121a8 SetLastError

• 0x1800121b0 GetFileType

• 0x1800121b8 InitializeCriticalSectionAndSpinCount

• 0x1800121c0 DeleteCriticalSection

• 0x1800121c8 InitOnceExecuteOnce

• 0x1800121d0 GetStartupInfoW

• 0x1800121d8 QueryPerformanceCounter

• 0x1800121e0 GetTickCount64

• 0x1800121e8 GetEnvironmentStringsW

• 0x1800121f0 FreeEnvironmentStringsW

• 0x1800121f8 RtlCaptureContext

• 0x180012200 RtlLookupFunctionEntry

• 0x180012208 RtlVirtualUnwind

• 0x180012210 UnhandledExceptionFilter

• 0x180012218 SetUnhandledExceptionFilter

• 0x180012220 FlsAlloc

• 0x180012228 FlsGetValue

• 0x180012230 FlsSetValue

• 0x180012238 FlsFree

• 0x180012240 TerminateProcess

• 0x180012248 FreeLibrary

• 0x180012250 EnterCriticalSection

• 0x180012258 LeaveCriticalSection

• 0x180012260 IsValidCodePage

• 0x180012268 GetACP

• 0x180012270 GetOEMCP

• 0x180012278 GetCPInfo

• 0x180012280 OutputDebugStringW

• 0x180012288 GetConsoleCP

• 0x180012290 GetConsoleMode

• 0x180012298 SetFilePointerEx

• 0x1800122a0 HeapSize

• 0x1800122a8 LCMapStringEx

库: USER32.dll:

• 0x1800122b8 MessageBoxA

• 0x1800122c0 CharUpperA

导出

序列	地址	名称
1	0x180001280	GetFileVersionInfoA
2	0x180001290	GetFileVersionInfoByHandle
3	0x1800012a0	GetFileVersionInfoExA
4	0x1800012b0	GetFileVersionInfoExW
5	0x1800012c0	GetFileVersionInfoSizeA
6	0x1800012d0	GetFileVersionInfoSizeExW
7	0x1800012e0	GetFileVersionInfoSizeW
8	0x1800012f0	GetFileVersionInfoW
9	0x180001300	VerFindFileA
10	0x180001310	VerFindFileW
11	0x180001320	VerInstallFileA
12	0x180001330	VerInstallFileW
13	0x180001340	VerLanguageNameA
14	0x180001350	VerLanguageNameW
15	0x180001360	VerQueryValueA
16	0x180001370	VerQueryValueW
17	0x180001280	pGetFileVersionInfoA
18	0x180001290	pGetFileVersionInfoByHandle
19	0x1800012a0	pGetFileVersionInfoExA
20	0x1800012b0	pGetFileVersionInfoExW
21	0x1800012c0	pGetFileVersionInfoSizeA
22	0x1800012d0	pGetFileVersionInfoSizeExW
23	0x1800012e0	pGetFileVersionInfoSizeW
24	0x1800012f0	pGetFileVersionInfoW
25	0x180001300	pVerFindFileA
26	0x180001310	pVerFindFileW
27	0x180001320	pVerInstallFileA
28	0x180001330	pVerInstallFileW
29	0x180001340	pVerLanguageNameA
30	0x180001350	pVerLanguageNameW
31	0x180001360	pVerQueryValueA
32	0x180001370	pVerQueryValueW

.text
`.rdata
@.data
.pdata
@_RDATA
@.reloc
GetFileVersionInfoA
GetFileVersionInfoByHandle
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW
OriginalFilename
\StringFileInfo\%04x%04x\%s
\VarFileInfo\Translation
Watercolor.
SmartMask.
Retoucher.
Refocus.
Points.
Pastel.
OilPaint.
Noise Buster.
Neon.
NatureArt.
MultiBrush.
MakeUp.
Magnifier.
LightShop.
HDRFactory.
Frames.
Enhancer.
Draw.
Decorator.
Coloriage.
Charcoal.
Chameleon.
ArtWork.
AliveColors.
Sketch.
AirBrush.
ArtSuite.
Didn't find PublicKey!
ERROR!
Error write patch!
threads
threads
oldProtect
threads
threads
instBuf
Stack around the variable '
' was corrupted.
The variable '
' is being used without being initialized.
Unknown Filename
Unknown Module Name
Run-Time Check Failure #%d - %s
Stack corrupted near unknown variable
A variable is being used without being initialized.
CorExitProcess
(null)
`h````
GetCurrentPackageId
Stack pointer corruption
Cast to smaller type causing loss of data
Stack memory corruption
Local variable used before initialization
Stack around _alloca corrupted
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
PDBOpenValidate5
MessageBoxW
GetActiveWindow
GetLastActivePopup
GetUserObjectInformationW
GetProcessWindowStation
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
March
April
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
VERSION.dll
DisableThreadLibraryCalls
GetModuleHandleW
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
GetSystemTimeAsFileTime
GetModuleFileNameA
VirtualProtect
KERNEL32.dll
CharUpperA
MessageBoxA
USER32.dll
FlushInstructionCache
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
OpenThread
GetThreadContext
SetThreadContext
SuspendThread
ResumeThread
Sleep
CloseHandle
CreateToolhelp32Snapshot
Thread32First
Thread32Next
VirtualAlloc
VirtualFree
VirtualQuery
GetSystemInfo
RtlUnwindEx
GetLastError
GetCommandLineA
IsDebuggerPresent
RaiseException
LoadLibraryExW
MultiByteToWideChar
WideCharToMultiByte
IsProcessorFeaturePresent
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetProcessHeap
SetLastError
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
QueryPerformanceCounter
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
TerminateProcess
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
HeapSize
LCMapStringEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileW
version.dll
GetFileVersionInfoA
GetFileVersionInfoByHandle
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW
pGetFileVersionInfoA
pGetFileVersionInfoByHandle
pGetFileVersionInfoExA
pGetFileVersionInfoExW
pGetFileVersionInfoSizeA
pGetFileVersionInfoSizeExW
pGetFileVersionInfoSizeW
pGetFileVersionInfoW
pVerFindFileA
pVerFindFileW
pVerInstallFileA
pVerInstallFileW
pVerLanguageNameA
pVerLanguageNameW
pVerQueryValueA
pVerQueryValueW
MH_UNKNOWN
MH_OK
MH_ERROR_ALREADY_INITIALIZED
MH_ERROR_NOT_INITIALIZED
MH_ERROR_ALREADY_CREATED
MH_ERROR_NOT_CREATED
MH_ERROR_ENABLED
MH_ERROR_DISABLED
MH_ERROR_NOT_EXECUTABLE
MH_ERROR_UNSUPPORTED_FUNCTION
MH_ERROR_MEMORY_ALLOC
MH_ERROR_MEMORY_PROTECT
MH_ERROR_MODULE_NOT_FOUND
MH_ERROR_FUNCTION_NOT_FOUND
(unknown)
@@@@AI@@@@LB@@@@@@@@ODS@@@DWC\@`@@@@@@@@@@@@@@dfnk@@jF@@DF@@[D@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
\version.dll
 Unable to display RTC Message.
Run-Time Check Failure #%d - %s
mscoree.dll
runtime error 
Program: 
<program name unknown>
Microsoft Visual C++ Runtime Library
(null)
kernel32.dll
bin\amd64\MSPDB110.DLL
ADVAPI32.DLL
SOFTWARE\Wow6432Node\Microsoft\VisualStudio\11.0\Setup\VC
ProductDir
ja-JP
zh-CN
ko-KR
zh-TW
USER32.DLL
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
March
April
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
en-US
CONOUT$

防病毒引擎/厂商	病毒名/规则匹配	病毒库日期
Bkav	未发现病毒	20200513
DrWeb	未发现病毒	20200514
MicroWorld-eScan	未发现病毒	20200513
CMC	未发现病毒	20190321
CAT-QuickHeal	未发现病毒	20200514
Qihoo-360	未发现病毒	20200513
ALYac	未发现病毒	20200513
Cylance	未发现病毒	20200513
Zillya	未发现病毒	20200514
SUPERAntiSpyware	未发现病毒	20200508
Sangfor	未发现病毒	20200423
CrowdStrike	未发现病毒	20190702
Alibaba	未发现病毒	20190527
K7GW	未发现病毒	20200513
K7AntiVirus	未发现病毒	20200513
Invincea	未发现病毒	20200502
BitDefenderTheta	未发现病毒	20200428
Cyren	未发现病毒	20200514
Symantec	未发现病毒	20200514
ESET-NOD32	未发现病毒	20200513
APEX	未发现病毒	20200513
Paloalto	未发现病毒	20200513
ClamAV	未发现病毒	20200514
GData	未发现病毒	20200513
BitDefender	未发现病毒	20200513
NANO-Antivirus	未发现病毒	20200513
AegisLab	未发现病毒	20200513
Tencent	未发现病毒	20200513
Ad-Aware	未发现病毒	20200513
Sophos	未发现病毒	20200513
Comodo	未发现病毒	20200513
F-Secure	未发现病毒	20200513
Baidu	未发现病毒	20190318
VIPRE	未发现病毒	20200513
TrendMicro	未发现病毒	20200513
McAfee-GW-Edition	未发现病毒	20200514
Trapmine	未发现病毒	20200505
FireEye	未发现病毒	20200508
Emsisoft	未发现病毒	20200513
SentinelOne	未发现病毒	20200505
F-Prot	未发现病毒	20200514
Jiangmin	未发现病毒	20200513
Webroot	未发现病毒	20200513
Avira	未发现病毒	20200513
Antiy-AVL	未发现病毒	20200513
Kingsoft	未发现病毒	20200513
Endgame	未发现病毒	20200512
Arcabit	未发现病毒	20200513
ViRobot	未发现病毒	20200513
ZoneAlarm	未发现病毒	20200513
Avast-Mobile	未发现病毒	20200513
Microsoft	未发现病毒	20200513
AhnLab-V3	未发现病毒	20200513
Acronis	未发现病毒	20200509
McAfee	未发现病毒	20200514
MAX	未发现病毒	20200513
VBA32	未发现病毒	20200513
Malwarebytes	未发现病毒	20200513
Panda	未发现病毒	20200513
Zoner	未发现病毒	20200513
TrendMicro-HouseCall	未发现病毒	20200513
Rising	未发现病毒	20200513
Yandex	未发现病毒	20200513
TACHYON	未发现病毒	20200513
eGambit	未发现病毒	20200513
Fortinet	未发现病毒	20200513
AVG	未发现病毒	20200513
Avast	未发现病毒	20200513
MaxSecure	未发现病毒	20200512

进程树

rundll32.exe id: 2704

搜索
rundll32.exe (2704)

rundll32.exe, PID: 2704, 上一级进程 PID: 2332

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 22.228 seconds )

15.585 Suricata
4.125 VirusTotal
1.226 Static
0.418 peid
0.358 TargetInfo
0.354 NetworkAnalysis
0.093 AnalysisInfo
0.048 BehaviorAnalysis
0.018 Strings
0.003 Memory

Signatures ( 0.154 seconds )

0.019 md_domain_bl
0.019 md_url_bl
0.017 antiav_detectreg
0.008 antiav_detectfile
0.008 infostealer_ftp
0.007 anomaly_persistence_autorun
0.007 ransomware_files
0.006 ransomware_extensions
0.005 infostealer_bitcoin
0.005 infostealer_im
0.003 tinba_behavior
0.003 antianalysis_detectreg
0.003 antivm_vbox_files
0.003 disables_browser_warn
0.003 infostealer_mail
0.002 rat_nanocore
0.002 api_spamming
0.002 cerber_behavior
0.002 geodo_banking_trojan
0.002 browser_security
0.002 modify_proxy
0.002 md_bad_drop
0.001 network_tor
0.001 stealth_decoy_document
0.001 injection_createremotethread
0.001 betabot_behavior
0.001 ursnif_behavior
0.001 kibex_behavior
0.001 shifu_behavior
0.001 stealth_timeout
0.001 antianalysis_detectfile
0.001 antidbg_devices
0.001 antivm_parallels_keys
0.001 antivm_xen_keys
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 disables_system_restore
0.001 disables_windows_defender
0.001 maldun_malicious_drop_executable_file_to_temp_folder
0.001 office_security
0.001 rat_pcclient
0.001 rat_spynet
0.001 stealth_hide_notifications
0.001 stealth_modify_uac_prompt

Reporting ( 1.206 seconds )

0.952 ReportHTMLSummary
0.254 Malheur


Task ID	557775
Mongo ID	5f01f6bc2f8f2e3868663528
Cuckoo release	1.4-Maldun