分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2020-07-06 00:04:48 | 2020-07-06 00:06:07 | 79 秒 |
魔盾分数
4.216
可疑的
文件详细信息
| 文件名 | csrss.exe |
|---|---|
| 文件大小 | 10010624 字节 |
| 文件类型 | PE32 executable (console) Intel 80386, for MS Windows |
| MD5 | bf8fe423e90775e579c520cc8d3999a1 |
| SHA1 | 741668af5b37fc5506b8f1882211bd4303075ec5 |
| SHA256 | baf8899cfee109f6164fb9b99e821a5f3dce977990e14af68b6f5c38e23d033d |
| SHA512 | 61c17e8ca144bd36d43330a49c8aa3992549fce464e8b3eed9ca076d311fdd6827ab076d730c6f91b3aa21c097f6fb5da6906128e10b03c6df7ab948601f4bb9 |
| CRC32 | 0593D11B |
| Ssdeep | 98304:V5xxFahjqN6H0kWEGWHIr1PwiFIIXNKUb7wJje:VfWjqkH5ib7qje |
| Yara | 登录查看Yara规则 |
| 样本下载 提交漏报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x004625d6 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x00990aa4 |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2020-07-06 00:01:17 |
| 载入哈希 | db2e08e35e207bfa68aae7146fef48d3 |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00075c26 | 0x00076000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.09 |
| .rdata | 0x00077000 | 0x00007d86 | 0x00008000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.21 |
| .data | 0x0007f000 | 0x009252ec | 0x0090d000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 5.81 |
导入
库: KERNEL32.dll:
• 0x4770e8 LCMapStringA
• 0x4770ec LoadLibraryA
• 0x4770f0 FreeLibrary
• 0x4770f4 GlobalFree
• 0x4770f8 GetEnvironmentVariableA
• 0x4770fc GetFileSize
• 0x477100 ReadFile
• 0x477104 Sleep
• 0x477108 FindFirstFileA
• 0x47710c RemoveDirectoryA
• 0x477110 DeleteFileA
• 0x477114 FindNextFileA
• 0x477118 FindClose
• 0x47711c SetFileAttributesA
• 0x477120 WriteFile
• 0x477124 GetModuleFileNameA
• 0x477128 GetTickCount
• 0x47712c IsBadReadPtr
• 0x477130 lstrlenW
• 0x477134 lstrlenA
• 0x477138 HeapFree
• 0x47713c InterlockedDecrement
• 0x477140 InterlockedIncrement
• 0x477144 RtlMoveMemory
• 0x477148 LocalSize
• 0x47714c HeapAlloc
• 0x477150 GetProcessHeap
• 0x477154 EndUpdateResourceA
• 0x477158 UpdateResourceA
• 0x47715c InterlockedExchange
• 0x477160 BeginUpdateResourceA
• 0x477164 HeapReAlloc
• 0x477168 SetStdHandle
• 0x47716c IsBadCodePtr
• 0x477170 GetStringTypeW
• 0x477174 GetStringTypeA
• 0x477178 SetUnhandledExceptionFilter
• 0x47717c lstrcmpiW
• 0x477180 IsBadWritePtr
• 0x477184 VirtualAlloc
• 0x477188 VirtualFree
• 0x47718c GetStartupInfoA
• 0x477190 GetFileType
• 0x477194 GetStdHandle
• 0x477198 SetHandleCount
• 0x47719c GetEnvironmentStringsW
• 0x4771a0 GetEnvironmentStrings
• 0x4771a4 FreeEnvironmentStringsW
• 0x4771a8 FreeEnvironmentStringsA
• 0x4771ac UnhandledExceptionFilter
• 0x4771b0 GetACP
• 0x4771b4 TerminateProcess
• 0x4771b8 HeapSize
• 0x4771bc RaiseException
• 0x4771c0 RtlUnwind
• 0x4771c4 FlushFileBuffers
• 0x4771c8 SetFilePointer
• 0x4771cc GetOEMCP
• 0x4771d0 GetCPInfo
• 0x4771d4 GlobalFlags
• 0x4771d8 GetProcessVersion
• 0x4771dc GlobalGetAtomNameA
• 0x4771e0 GlobalAddAtomA
• 0x4771e4 GlobalFindAtomA
• 0x4771e8 GlobalDeleteAtom
• 0x4771ec SetLastError
• 0x4771f0 CopyFileA
• 0x4771f4 VirtualQueryEx
• 0x4771f8 GetProcAddress
• 0x4771fc SetWaitableTimer
• 0x477200 CreateWaitableTimerA
• 0x477204 CreateThread
• 0x477208 ReadProcessMemory
• 0x47720c OpenProcess
• 0x477210 GetCurrentProcess
• 0x477214 Module32Next
• 0x477218 Module32First
• 0x47721c MoveFileA
• 0x477220 CreateDirectoryA
• 0x477224 Process32Next
• 0x477228 GetVersion
• 0x47722c TlsGetValue
• 0x477230 LocalReAlloc
• 0x477234 TlsSetValue
• 0x477238 EnterCriticalSection
• 0x47723c GlobalReAlloc
• 0x477240 LeaveCriticalSection
• 0x477244 TlsFree
• 0x477248 GlobalHandle
• 0x47724c DeleteCriticalSection
• 0x477250 TlsAlloc
• 0x477254 InitializeCriticalSection
• 0x477258 LocalFree
• 0x47725c LocalAlloc
• 0x477260 ExitProcess
• 0x477264 GetCommandLineA
• 0x477268 GlobalUnlock
• 0x47726c GlobalLock
• 0x477270 GlobalAlloc
• 0x477274 lstrcmpW
• 0x477278 RtlZeroMemory
• 0x47727c lstrcmpiA
• 0x477280 HeapDestroy
• 0x477284 HeapCreate
• 0x477288 CreateFileA
• 0x47728c GetAtomNameW
• 0x477290 GetModuleFileNameW
• 0x477294 WideCharToMultiByte
• 0x477298 GetCommandLineW
• 0x47729c GetModuleHandleW
• 0x4772a0 MultiByteToWideChar
• 0x4772a4 lstrcatW
• 0x4772a8 GetCurrentThreadId
• 0x4772ac lstrcpynA
• 0x4772b0 lstrcpyA
• 0x4772b4 lstrcatA
• 0x4772b8 SetErrorMode
• 0x4772bc CloseHandle
• 0x4772c0 Process32First
• 0x4772c4 GetLastError
• 0x4772c8 GetVersionExA
• 0x4772cc GetWindowsDirectoryA
• 0x4772d0 GetSystemDirectoryA
• 0x4772d4 GetTempPathA
• 0x4772d8 LCMapStringW
• 0x4772dc lstrcmpA
• 0x4772e0 CreateToolhelp32Snapshot
• 0x4772e4 GetModuleHandleA
库: USER32.dll:
• 0x477334 GetAsyncKeyState
• 0x477338 IsWindow
• 0x47733c FindWindowExW
• 0x477340 GetClassNameW
• 0x477344 GetWindowTextLengthW
• 0x477348 GetWindowTextW
• 0x47734c GetWindowLongW
• 0x477350 SendMessageW
• 0x477354 DestroyCursor
• 0x477358 SetCursor
• 0x47735c GetClientRect
• 0x477360 SetCapture
• 0x477364 ReleaseCapture
• 0x477368 LoadCursorW
• 0x47736c DestroyIcon
• 0x477370 DestroyAcceleratorTable
• 0x477374 GetSysColor
• 0x477378 IsWindowEnabled
• 0x47737c EnableWindow
• 0x477380 InvalidateRect
• 0x477384 MapWindowPoints
• 0x477388 GetFocus
• 0x47738c SetFocus
• 0x477390 GetMessageW
• 0x477394 IsChild
• 0x477398 TranslateMDISysAccel
• 0x47739c TranslateAcceleratorW
• 0x4773a0 IsDialogMessageW
• 0x4773a4 TranslateMessage
• 0x4773a8 DispatchMessageW
• 0x4773ac SetWindowLongW
• 0x4773b0 GetAncestor
• 0x4773b4 GetDlgItem
• 0x4773b8 TrackMouseEvent
• 0x4773bc EndPaint
• 0x4773c0 BeginPaint
• 0x4773c4 wvsprintfA
• 0x4773c8 GetNextDlgTabItem
• 0x4773cc PostQuitMessage
• 0x4773d0 CreateWindowExW
• 0x4773d4 GetClassInfoExW
• 0x4773d8 RegisterClassExW
• 0x4773dc CreateDialogIndirectParamW
• 0x4773e0 GetClassLongW
• 0x4773e4 SetClassLongW
• 0x4773e8 DestroyWindow
• 0x4773ec DialogBoxIndirectParamW
• 0x4773f0 EndDialog
• 0x4773f4 GrayStringA
• 0x4773f8 DrawTextA
• 0x4773fc TabbedTextOutA
• 0x477400 PtInRect
• 0x477404 GetSysColorBrush
• 0x477408 LoadCursorA
• 0x47740c SetWindowTextA
• 0x477410 LoadIconA
• 0x477414 PostMessageA
• 0x477418 AdjustWindowRectEx
• 0x47741c CopyRect
• 0x477420 GetTopWindow
• 0x477424 GetCapture
• 0x477428 WinHelpA
• 0x47742c GetClassInfoA
• 0x477430 RegisterClassA
• 0x477434 GetInputState
• 0x477438 GetWindow
• 0x47743c GetClassLongA
• 0x477440 CallWindowProcA
• 0x477444 DefWindowProcA
• 0x477448 GetMessageTime
• 0x47744c GetMessagePos
• 0x477450 GetLastActivePopup
• 0x477454 GetWindowLongA
• 0x477458 SetWindowLongA
• 0x47745c RegisterWindowMessageA
• 0x477460 SystemParametersInfoA
• 0x477464 GetWindowPlacement
• 0x477468 GetMenuCheckMarkDimensions
• 0x47746c LoadBitmapA
• 0x477470 ModifyMenuA
• 0x477474 SetMenuItemBitmaps
• 0x477478 EnableMenuItem
• 0x47747c LoadStringA
• 0x477480 SendMessageA
• 0x477484 GetKeyState
• 0x477488 GetForegroundWindow
• 0x47748c CreateDialogParamW
• 0x477490 DialogBoxParamW
• 0x477494 CreateMDIWindowW
• 0x477498 CallWindowProcW
• 0x47749c DefWindowProcW
• 0x4774a0 ShowWindow
• 0x4774a4 PostMessageW
• 0x4774a8 CopyIcon
• 0x4774ac GetIconInfo
• 0x4774b0 ScreenToClient
• 0x4774b4 ValidateRect
• 0x4774b8 SetParent
• 0x4774bc SetWindowTextW
• 0x4774c0 MessageBoxW
• 0x4774c4 GetDC
• 0x4774c8 ReleaseDC
• 0x4774cc SetTimer
• 0x4774d0 KillTimer
• 0x4774d4 SetPropW
• 0x4774d8 SetPropA
• 0x4774dc GetPropW
• 0x4774e0 GetPropA
• 0x4774e4 RemovePropW
• 0x4774e8 RemovePropA
• 0x4774ec EnumPropsExW
• 0x4774f0 LoadIconW
• 0x4774f4 SetWindowRgn
• 0x4774f8 SetRect
• 0x4774fc IsIconic
• 0x477500 IsZoomed
• 0x477504 GetSystemMetrics
• 0x477508 GetMenu
• 0x47750c SetMenu
• 0x477510 DrawMenuBar
• 0x477514 RegisterWindowMessageW
• 0x477518 SystemParametersInfoW
• 0x47751c UpdateLayeredWindow
• 0x477520 CreateIconFromResourceEx
• 0x477524 LoadImageW
• 0x477528 DrawIconEx
• 0x47752c CreateMenu
• 0x477530 CreatePopupMenu
• 0x477534 GetSystemMenu
• 0x477538 LoadMenuW
• 0x47753c GetMenuInfo
• 0x477540 DestroyMenu
• 0x477544 GetMenuItemCount
• 0x477548 GetMenuItemInfoW
• 0x47754c AppendMenuW
• 0x477550 InsertMenuW
• 0x477554 SetMenuInfo
• 0x477558 GetSubMenu
• 0x47755c GetMenuItemID
• 0x477560 CheckMenuRadioItem
• 0x477564 SetForegroundWindow
• 0x477568 TrackPopupMenu
• 0x47756c GetMenuStringW
• 0x477570 GetMenuItemRect
• 0x477574 GetMenuState
• 0x477578 GetMenuDefaultItem
• 0x47757c MenuItemFromPoint
• 0x477580 RemoveMenu
• 0x477584 CheckMenuItem
• 0x477588 SetMenuItemInfoW
• 0x47758c SetMenuDefaultItem
• 0x477590 LoadStringW
• 0x477594 CharUpperW
• 0x477598 CharLowerW
• 0x47759c MessageBoxA
• 0x4775a0 wsprintfA
• 0x4775a4 DispatchMessageA
• 0x4775a8 GetMessageA
• 0x4775ac PeekMessageA
• 0x4775b0 SendInput
• 0x4775b4 UnhookWindowsHookEx
• 0x4775b8 SetWindowPos
• 0x4775bc UpdateWindow
• 0x4775c0 MoveWindow
• 0x4775c4 GetParent
• 0x4775c8 SetWindowsHookExA
• 0x4775cc GetWindowRect
• 0x4775d0 ClientToScreen
• 0x4775d4 MsgWaitForMultipleObjects
• 0x4775d8 GetWindowTextLengthA
• 0x4775dc GetWindowThreadProcessId
• 0x4775e0 GetClassNameA
• 0x4775e4 GetWindowTextA
• 0x4775e8 GetDlgCtrlID
• 0x4775ec IsWindowVisible
• 0x4775f0 FindWindowExA
• 0x4775f4 GetDesktopWindow
• 0x4775f8 CreateWindowExA
• 0x4775fc CallNextHookEx
库: ADVAPI32.dll:
• 0x477000 CryptReleaseContext
• 0x477004 DeleteService
• 0x477008 ControlService
• 0x47700c StartServiceA
• 0x477010 CloseServiceHandle
• 0x477014 OpenServiceA
• 0x477018 CreateServiceA
• 0x47701c OpenSCManagerA
• 0x477020 CryptGetHashParam
• 0x477024 CryptDestroyHash
• 0x477028 CryptHashData
• 0x47702c CryptCreateHash
• 0x477030 CryptAcquireContextA
库: SHELL32.dll:
• 0x4772f4 Shell_NotifyIconW
• 0x4772f8 SHGetSpecialFolderPathA
• 0x4772fc DragQueryFileW
• 0x477300 DragAcceptFiles
• 0x477304 CommandLineToArgvW
• 0x477308 DragFinish
库: ole32.dll:
• 0x477a50 StringFromGUID2
• 0x477a54 GetHGlobalFromStream
• 0x477a58 CLSIDFromString
• 0x477a5c CoInitialize
• 0x477a60 CoUninitialize
• 0x477a64 CreateStreamOnHGlobal
库: GDI32.dll:
• 0x477054 GetDIBits
• 0x477058 CreatePatternBrush
• 0x47705c CreateSolidBrush
• 0x477060 CreateFontIndirectW
• 0x477064 GetObjectW
• 0x477068 StretchBlt
• 0x47706c SetStretchBltMode
• 0x477070 GetStretchBltMode
• 0x477074 CreateDIBSection
• 0x477078 CreateCompatibleDC
• 0x47707c BitBlt
• 0x477080 GetStockObject
• 0x477084 CreateRoundRectRgn
• 0x477088 SetViewportOrgEx
• 0x47708c DeleteDC
• 0x477090 SelectObject
• 0x477094 DeleteObject
• 0x477098 GetObjectA
• 0x47709c CreateBitmap
• 0x4770a0 GetClipBox
• 0x4770a4 SetTextColor
• 0x4770a8 SetBkColor
• 0x4770ac GetDeviceCaps
• 0x4770b0 SaveDC
• 0x4770b4 RestoreDC
• 0x4770b8 SetMapMode
• 0x4770bc OffsetViewportOrgEx
• 0x4770c0 SetViewportExtEx
• 0x4770c4 ScaleViewportExtEx
• 0x4770c8 SetWindowExtEx
• 0x4770cc ScaleWindowExtEx
• 0x4770d0 Escape
• 0x4770d4 ExtTextOutA
• 0x4770d8 TextOutA
• 0x4770dc RectVisible
• 0x4770e0 PtVisible
库: SHLWAPI.dll:
• 0x477310 StrToIntExA
• 0x477314 PathFileExistsA
• 0x477318 PathRemoveFileSpecW
• 0x47731c PathFindFileNameW
• 0x477320 StrTrimW
• 0x477324 StrToIntW
• 0x477328 wvnsprintfW
• 0x47732c StrToIntExW
库: gdiplus.dll:
• 0x477614 GdipCreateBitmapFromResource
• 0x477618 GdipSetImageAttributesColorMatrix
• 0x47761c GdipGetImageAttributesAdjustedPalette
• 0x477620 GdipSetImageAttributesWrapMode
• 0x477624 GdipSetImageAttributesRemapTable
• 0x47762c GdipCreateImageAttributes
• 0x477630 GdipSetImageAttributesOutputChannel
• 0x477634 GdipCreateBitmapFromHICON
• 0x477638 GdipSetImageAttributesGamma
• 0x47763c GdipSetImageAttributesNoOp
• 0x477640 GdipSetImageAttributesThreshold
• 0x477644 GdipResetImageAttributes
• 0x477648 GdipSetImageAttributesToIdentity
• 0x47764c GdipCloneBitmapArea
• 0x477650 GdipDisposeImage
• 0x477654 GdipDeleteGraphics
• 0x477658 GdipDisposeImageAttributes
• 0x47765c GdipDeleteBrush
• 0x477660 GdipFillRectangle
• 0x477664 GdipCreateTexture
• 0x477668 GdipCreateBitmapFromHBITMAP
• 0x47766c GdipCreateBitmapFromGdiDib
• 0x477670 GdipCreateBitmapFromGraphics
• 0x477674 GdipCreateBitmapFromStream
• 0x477678 GdipCreateBitmapFromFile
• 0x47767c GdipGetLineSpacing
• 0x477680 GdipGetCellDescent
• 0x477684 GdipGetCellAscent
• 0x477688 GdipGetEmHeight
• 0x47768c GdipBitmapSetResolution
• 0x477690 GdipCreateHBITMAPFromBitmap
• 0x477694 GdipCreateFromHDC
• 0x477698 GdipDeleteStringFormat
• 0x47769c GdiplusStartup
• 0x4776a0 GdipDeleteFont
• 0x4776a4 GdipDeletePath
• 0x4776a8 GdipCloneImageAttributes
• 0x4776ac GdipIsStyleAvailable
• 0x4776b0 GdipGetFamilyName
• 0x4776b4 GdipGetGenericFontFamilyMonospace
• 0x4776b8 GdipGetGenericFontFamilySerif
• 0x4776bc GdipGetGenericFontFamilySansSerif
• 0x4776c0 GdipCreateFontFamilyFromName
• 0x4776c4 GdipCloneFontFamily
• 0x4776c8 GdipGetFontCollectionFamilyList
• 0x4776cc GdipGetFontCollectionFamilyCount
• 0x4776d0 GdipPrivateAddMemoryFont
• 0x4776d4 GdipPrivateAddFontFile
• 0x4776d8 GdipNewPrivateFontCollection
• 0x4776dc GdipNewInstalledFontCollection
• 0x4776e0 GdipIsMatrixEqual
• 0x4776e4 GdipIsMatrixIdentity
• 0x4776e8 GdipIsMatrixInvertible
• 0x4776ec GdipVectorTransformMatrixPoints
• 0x4776f0 GdipTransformMatrixPoints
• 0x4776f4 GdipShearMatrix
• 0x4776f8 GdipScaleMatrix
• 0x4776fc GdipInvertMatrix
• 0x477700 GdipRotateMatrix
• 0x477704 GdipTranslateMatrix
• 0x477708 GdipMultiplyMatrix
• 0x47770c GdipGetMatrixElements
• 0x477710 GdipSetMatrixElements
• 0x477714 GdipCloneMatrix
• 0x477718 GdipCreateMatrix3
• 0x47771c GdipCreateMatrix2
• 0x477720 GdipCreateMatrix
• 0x477724 GdipGetRegionScans
• 0x477728 GdipGetRegionScansCount
• 0x47772c GdipIsVisibleRegionRect
• 0x477730 GdipIsVisibleRegionPoint
• 0x477734 GdipIsEqualRegion
• 0x477738 GdipIsInfiniteRegion
• 0x47773c GdipIsEmptyRegion
• 0x477740 GdipGetRegionHRgn
• 0x477744 GdipGetRegionData
• 0x477748 GdipGetRegionDataSize
• 0x47774c GdipGetRegionBounds
• 0x477750 GdipTransformRegion
• 0x477754 GdipTranslateRegion
• 0x477758 GdipCombineRegionPath
• 0x47775c GdipCombineRegionRegion
• 0x477760 GdipCombineRegionRect
• 0x477764 GdipSetEmpty
• 0x477768 GdipSetInfinite
• 0x47776c GdipCloneRegion
• 0x477770 GdipCreateRegionRgnData
• 0x477774 GdipCreateRegionHrgn
• 0x477778 GdipCreateRegionPath
• 0x47777c GdipCreateRegionRect
• 0x477780 GdipIsOutlineVisiblePathPoint
• 0x477784 GdipIsVisiblePathPoint
• 0x477788 GdipWarpPath
• 0x47778c GdipWindingModeOutline
• 0x477790 GdipWidenPath
• 0x477794 GdipFlattenPath
• 0x477798 GdipGetPathWorldBounds
• 0x47779c GdipTransformPath
• 0x4777a0 GdipAddPathString
• 0x4777a4 GdipAddPathPath
• 0x4777a8 GdipAddPathPolygon
• 0x4777ac GdipAddPathPie
• 0x4777b0 GdipAddPathEllipse
• 0x4777b4 GdipAddPathRectangle
• 0x4777b8 GdipAddPathClosedCurve2
• 0x4777bc GdipAddPathClosedCurve
• 0x4777c0 GdipAddPathCurve2
• 0x4777c4 GdipAddPathCurve
• 0x4777c8 GdipAddPathBezier
• 0x4777cc GdipAddPathArc
• 0x4777d0 GdipAddPathLine
• 0x4777d4 GdipGetPathLastPoint
• 0x4777d8 GdipReversePath
• 0x4777dc GdipClearPathMarkers
• 0x4777e0 GdipSetPathMarker
• 0x4777e4 GdipClosePathFigures
• 0x4777e8 GdipClosePathFigure
• 0x4777ec GdipStartPathFigure
• 0x4777f0 GdipGetPathData
• 0x4777f4 GdipGetPointCount
• 0x4777f8 GdipSetPathFillMode
• 0x4777fc GdipGetPathFillMode
• 0x477800 GdipResetPath
• 0x477804 GdipClonePath
• 0x477808 GdipCreatePath2
• 0x47780c GdipCreatePath
• 0x477810 GdipGetImageGraphicsContext
• 0x477814 GdipCreateFromHWND
• 0x477818 GdipBitmapUnlockBits
• 0x47781c GdipBitmapLockBits
• 0x477820 GdipCreateBitmapFromScan0
• 0x477824 GdipGetFontHeightGivenDPI
• 0x477828 GdipGetFontHeight
• 0x47782c GdipGetFontUnit
• 0x477830 GdipGetFontSize
• 0x477834 GdipGetFontStyle
• 0x477838 GdipGetFamily
• 0x47783c GdipGetLogFontA
• 0x477840 GdipGetLogFontW
• 0x477844 GdipCloneFont
• 0x477848 GdipCreateFontFromLogfontA
• 0x47784c GdipCreateFontFromDC
• 0x477850 GdipDeleteFontFamily
• 0x477854 GdipDeletePrivateFontCollection
• 0x477858 GdipCreateFontFromLogfontW
• 0x47785c GdipCreateFont
• 0x477860 GdipGetSolidFillColor
• 0x477864 GdipSetSolidFillColor
• 0x477868 GdipCreateSolidFill
• 0x47786c GdipGetBrushType
• 0x477870 GdipDeleteRegion
• 0x477878 GdipSetStringFormatMeasurableCharacterRanges
• 0x47787c GdipGetStringFormatDigitSubstitution
• 0x477880 GdipSetStringFormatDigitSubstitution
• 0x477884 GdipGetStringFormatTabStops
• 0x477888 GdipGetStringFormatTabStopCount
• 0x47788c GdipSetStringFormatTabStops
• 0x477890 GdipGetStringFormatHotkeyPrefix
• 0x477894 GdipSetStringFormatHotkeyPrefix
• 0x477898 GdipGetStringFormatTrimming
• 0x47789c GdipSetStringFormatTrimming
• 0x4778a0 GdipGetStringFormatLineAlign
• 0x4778a4 GdipSetStringFormatLineAlign
• 0x4778a8 GdipGetStringFormatAlign
• 0x4778ac GdipSetStringFormatAlign
• 0x4778b0 GdipGetStringFormatFlags
• 0x4778b4 GdipSetStringFormatFlags
• 0x4778b8 GdipCloneStringFormat
• 0x4778bc GdipStringFormatGetGenericTypographic
• 0x4778c0 GdipStringFormatGetGenericDefault
• 0x4778c4 GdipCreateStringFormat
• 0x4778c8 GdipCreateHICONFromBitmap
• 0x4778cc GdipImageSelectActiveFrame
• 0x4778d0 GdipImageGetFrameCount
• 0x4778d4 GdipGetImageThumbnail
• 0x4778d8 GdipGetImageVerticalResolution
• 0x4778dc GdipGetImageHorizontalResolution
• 0x4778e0 GdipGetImageHeight
• 0x4778e4 GdipGetImageWidth
• 0x4778e8 GdipGetImageBounds
• 0x4778ec GdipGetImageDimension
• 0x4778f0 GdipGetImageEncoders
• 0x4778f4 GdipGetImageEncodersSize
• 0x4778f8 GdipSaveImageToStream
• 0x4778fc GdipGetImagePixelFormat
• 0x477900 GdipGetImageRawFormat
• 0x477904 GdipCloneImage
• 0x477908 GdipLoadImageFromStream
• 0x47790c GdipLoadImageFromFile
• 0x477910 GdipEndContainer
• 0x477914 GdipBeginContainer2
• 0x477918 GdipBeginContainer
• 0x47791c GdipRestoreGraphics
• 0x477920 GdipSaveGraphics
• 0x477924 GdipIsVisibleRect
• 0x477928 GdipIsVisiblePoint
• 0x47792c GdipIsVisibleClipEmpty
• 0x477930 GdipIsClipEmpty
• 0x477934 GdipGetVisibleClipBounds
• 0x477938 GdipGetClipBounds
• 0x47793c GdipGetClip
• 0x477940 GdipTranslateClip
• 0x477944 GdipResetClip
• 0x477948 GdipSetClipHrgn
• 0x47794c GdipSetClipRegion
• 0x477950 GdipSetClipRect
• 0x477954 GdipSetClipPath
• 0x477958 GdipSetClipGraphics
• 0x47795c GdipDrawImagePointsRect
• 0x477960 GdipDrawImagePointRect
• 0x477964 GdipDrawImagePoints
• 0x477968 GdipDrawImageRect
• 0x47796c GdipDrawImageRectRect
• 0x477970 GdipDrawImage
• 0x477974 GdipDrawDriverString
• 0x477978 GdipMeasureCharacterRanges
• 0x47797c GdipCreateRegion
• 0x477980 GdipMeasureString
• 0x477984 GdipDrawString
• 0x477988 GdipFillRegion
• 0x47798c GdipFillClosedCurve2
• 0x477990 GdipFillClosedCurve
• 0x477994 GdipFillPath
• 0x477998 GdipFillPie
• 0x47799c GdipFillEllipse
• 0x4779a0 GdipFillPolygon
• 0x4779a4 GdipGraphicsClear
• 0x4779a8 GdipDrawClosedCurve2
• 0x4779ac GdipDrawClosedCurve
• 0x4779b0 GdipDrawCurve2
• 0x4779b4 GdipDrawCurve
• 0x4779b8 GdipDrawPath
• 0x4779bc GdipDrawPolygon
• 0x4779c0 GdipDrawPie
• 0x4779c4 GdipDrawEllipse
• 0x4779c8 GdipDrawRectangle
• 0x4779cc GdipDrawBezier
• 0x4779d0 GdipDrawArc
• 0x4779d4 GdipDrawLine
• 0x4779d8 GdipGetNearestColor
• 0x4779dc GdipTransformPointsI
• 0x4779e0 GdipTransformPoints
• 0x4779e4 GdipGetDpiY
• 0x4779e8 GdipGetDpiX
• 0x4779ec GdipGetPageScale
• 0x4779f0 GdipSetPageScale
• 0x4779f4 GdipGetPageUnit
• 0x4779f8 GdipSetPageUnit
• 0x4779fc GdipRotateWorldTransform
• 0x477a00 GdipScaleWorldTransform
• 0x477a04 GdipTranslateWorldTransform
• 0x477a08 GdipResetWorldTransform
• 0x477a0c GdipDeleteMatrix
• 0x477a10 GdipGetWorldTransform
• 0x477a14 GdipSetWorldTransform
• 0x477a18 GdipGetPixelOffsetMode
• 0x477a1c GdipSetPixelOffsetMode
• 0x477a20 GdipGetSmoothingMode
• 0x477a24 GdipSetSmoothingMode
• 0x477a28 GdipGetInterpolationMode
• 0x477a2c GdipSetInterpolationMode
• 0x477a30 GdipGetTextRenderingHint
• 0x477a34 GdipSetTextRenderingHint
• 0x477a38 GdipReleaseDC
• 0x477a3c GdipGetDC
• 0x477a40 GdipSetImageAttributesColorKeys
• 0x477a44 GdipFlush
• 0x477a48 GdipCloneBrush
库: ATL.DLL:
• 0x477038 None
库: CRYPT32.dll:
• 0x47704c CryptStringToBinaryW
库: MSIMG32.dll:
• 0x4772ec AlphaBlend
.text
`.rdata
@.data
VMProtect end
VMProtect begin
SEBEGN
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
SEENDP
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 52.693 seconds )
- 29.35 Static
- 15.527 Suricata
- 3.473 TargetInfo
- 3.338 VirusTotal
- 0.44 peid
- 0.356 NetworkAnalysis
- 0.094 BehaviorAnalysis
- 0.059 AnalysisInfo
- 0.032 config_decoder
- 0.021 Strings
- 0.003 Memory
Signatures ( 0.19 seconds )
- 0.027 antiav_detectreg
- 0.021 md_url_bl
- 0.02 md_domain_bl
- 0.011 infostealer_ftp
- 0.008 ransomware_files
- 0.007 anomaly_persistence_autorun
- 0.007 antiav_detectfile
- 0.007 infostealer_im
- 0.007 ransomware_extensions
- 0.006 antianalysis_detectreg
- 0.005 infostealer_bitcoin
- 0.004 api_spamming
- 0.004 infostealer_mail
- 0.003 tinba_behavior
- 0.003 stealth_decoy_document
- 0.003 stealth_timeout
- 0.003 antivm_vbox_files
- 0.003 geodo_banking_trojan
- 0.003 disables_browser_warn
- 0.002 rat_nanocore
- 0.002 betabot_behavior
- 0.002 dyre_behavior
- 0.002 cerber_behavior
- 0.002 browser_security
- 0.002 modify_proxy
- 0.002 md_bad_drop
- 0.001 ursnif_behavior
- 0.001 kibex_behavior
- 0.001 antivm_generic_scsi
- 0.001 shifu_behavior
- 0.001 encrypted_ioc
- 0.001 antianalysis_detectfile
- 0.001 antidbg_devices
- 0.001 antivm_generic_diskreg
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 darkcomet_regkeys
- 0.001 maldun_malicious_drop_executable_file_to_temp_folder
- 0.001 office_security
- 0.001 rat_spynet
- 0.001 recon_fingerprint
- 0.001 stealth_hiddenreg
- 0.001 stealth_hide_notifications
- 0.001 stealth_modify_uac_prompt
Reporting ( 1.038 seconds )
- 0.857 ReportHTMLSummary
- 0.181 Malheur
| Task ID | 557778 |
|---|---|
| Mongo ID | 5f01fab92f8f2e386b66315f |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号