分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2020-07-06 00:52:16 2020-07-06 00:53:14 58 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 cs.exe
文件大小 5451776 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 be64cb911cba81db85df764ddfd79219
SHA1 33a63dba73274dbceb96ee135ced7811393d141a
SHA256 ace21ab8c5c39fc93d9e7618e5576b1f6954013b83360ab8a1c553908ce1c43d
SHA512 4afd110802778d542df199c524964575445367bdf22562ca3a81e1d599e7d5ea0bddb1493f21b5eb39943a3ce2c8709fa3d465295751850d305f4d752a980062
CRC32 92FB2572
Ssdeep 98304:3wXhLuerBQljTwbr/EEc8JCC1jqjdkkao94IOJBAUZLS6:xhK7S80MjqJpqJVG6
Yara 登录查看Yara规则
样本下载 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0045e305
声明校验值 0x00000000
实际校验值 0x005395a9
最低操作系统版本要求 4.0
编译时间 2020-07-06 00:51:15
载入哈希 5028e5c9ed837e27346b8425a32c20f5

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0007bf3a 0x0007c000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.60
.rdata 0x0007d000 0x0049d67a 0x0049e000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.36
.data 0x0051b000 0x00024a68 0x00012000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.09
.rsrc 0x00540000 0x00005958 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.82

导入

库: KERNEL32.dll:
0x47d170 SetEndOfFile
0x47d174 UnlockFile
0x47d178 LockFile
0x47d17c FlushFileBuffers
0x47d180 SetFilePointer
0x47d184 GetCurrentProcess
0x47d188 DuplicateHandle
0x47d18c lstrcpynA
0x47d190 SetLastError
0x47d19c LocalFree
0x47d1a4 CreateSemaphoreA
0x47d1a8 ResumeThread
0x47d1ac ReleaseSemaphore
0x47d1b8 GetProfileStringA
0x47d1bc SetStdHandle
0x47d1c0 IsBadCodePtr
0x47d1c4 IsBadReadPtr
0x47d1c8 CompareStringW
0x47d1cc CompareStringA
0x47d1d4 GetStringTypeW
0x47d1d8 GetStringTypeA
0x47d1dc IsBadWritePtr
0x47d1e0 VirtualAlloc
0x47d1e4 LCMapStringW
0x47d1e8 LCMapStringA
0x47d1f0 VirtualFree
0x47d1f4 HeapCreate
0x47d1f8 HeapDestroy
0x47d200 GetFileType
0x47d204 GetStdHandle
0x47d208 SetHandleCount
0x47d220 GetACP
0x47d224 HeapSize
0x47d228 TerminateProcess
0x47d22c GetLocalTime
0x47d230 GetSystemTime
0x47d238 WriteFile
0x47d240 CreateFileA
0x47d244 SetEvent
0x47d248 FindResourceA
0x47d24c LoadResource
0x47d250 LockResource
0x47d254 ReadFile
0x47d258 GetModuleFileNameA
0x47d25c WideCharToMultiByte
0x47d260 MultiByteToWideChar
0x47d264 GetCurrentThreadId
0x47d268 ExitProcess
0x47d26c GlobalSize
0x47d270 GlobalFree
0x47d27c lstrcatA
0x47d280 lstrlenA
0x47d284 WinExec
0x47d288 lstrcpyA
0x47d28c FindNextFileA
0x47d290 GlobalReAlloc
0x47d294 HeapFree
0x47d298 HeapReAlloc
0x47d29c GetProcessHeap
0x47d2a0 HeapAlloc
0x47d2a4 GetFullPathNameA
0x47d2a8 FreeLibrary
0x47d2ac LoadLibraryA
0x47d2b0 GetLastError
0x47d2b4 GetVersionExA
0x47d2bc CreateThread
0x47d2c0 CreateEventA
0x47d2c4 Sleep
0x47d2c8 GlobalAlloc
0x47d2cc GlobalLock
0x47d2d0 GlobalUnlock
0x47d2d4 FindFirstFileA
0x47d2d8 FindClose
0x47d2dc SetFileAttributesA
0x47d2e0 GetFileAttributesA
0x47d2e4 DeleteFileA
0x47d2e8 RaiseException
0x47d2ec RtlUnwind
0x47d2f0 GetStartupInfoA
0x47d2f4 GetOEMCP
0x47d2f8 GetCPInfo
0x47d2fc GetProcessVersion
0x47d300 SetErrorMode
0x47d304 GlobalFlags
0x47d308 GetCurrentThread
0x47d30c GetFileTime
0x47d310 GetFileSize
0x47d314 TlsGetValue
0x47d318 LocalReAlloc
0x47d31c TlsSetValue
0x47d320 TlsFree
0x47d324 GlobalHandle
0x47d328 TlsAlloc
0x47d32c LocalAlloc
0x47d338 GetModuleHandleA
0x47d33c GetProcAddress
0x47d340 MulDiv
0x47d344 lstrcmpA
0x47d348 GetVersion
0x47d34c GlobalGetAtomNameA
0x47d350 GlobalAddAtomA
0x47d354 GlobalFindAtomA
0x47d358 GlobalDeleteAtom
0x47d35c lstrcmpiA
0x47d360 GetCommandLineA
0x47d364 GetTickCount
0x47d368 WaitForSingleObject
0x47d36c CloseHandle
库: USER32.dll:
0x47d394 OpenClipboard
0x47d398 SetClipboardData
0x47d39c EmptyClipboard
0x47d3a0 GetSystemMetrics
0x47d3a4 GetCursorPos
0x47d3a8 MessageBoxA
0x47d3ac SetWindowPos
0x47d3b0 SendMessageA
0x47d3b4 DestroyCursor
0x47d3b8 SetParent
0x47d3bc GetClipboardData
0x47d3c0 PostMessageA
0x47d3c4 GetTopWindow
0x47d3c8 GetParent
0x47d3cc CloseClipboard
0x47d3d0 wsprintfA
0x47d3d4 GetFocus
0x47d3d8 GetClientRect
0x47d3dc InvalidateRect
0x47d3e0 ValidateRect
0x47d3e4 UpdateWindow
0x47d3e8 EqualRect
0x47d3ec GetWindowRect
0x47d3f0 SetForegroundWindow
0x47d3f4 IsWindow
0x47d3f8 GetMenuItemCount
0x47d3fc DestroyMenu
0x47d400 IsChild
0x47d404 ReleaseDC
0x47d408 IsRectEmpty
0x47d40c FillRect
0x47d410 GetDC
0x47d414 SetCursor
0x47d418 LoadCursorA
0x47d41c SetCursorPos
0x47d420 SetActiveWindow
0x47d424 GetSysColor
0x47d428 SetWindowLongA
0x47d42c GetWindowLongA
0x47d430 RedrawWindow
0x47d434 EnableWindow
0x47d438 IsWindowVisible
0x47d43c OffsetRect
0x47d440 PtInRect
0x47d444 DestroyIcon
0x47d448 IntersectRect
0x47d44c InflateRect
0x47d450 SetRect
0x47d454 SetScrollPos
0x47d458 SetScrollRange
0x47d45c GetScrollRange
0x47d460 SetCapture
0x47d464 GetCapture
0x47d468 ReleaseCapture
0x47d46c LoadIconA
0x47d470 TranslateMessage
0x47d474 DrawFrameControl
0x47d478 DrawEdge
0x47d47c DrawFocusRect
0x47d480 WindowFromPoint
0x47d484 GetMessageA
0x47d488 DispatchMessageA
0x47d48c SetRectEmpty
0x47d49c DrawIconEx
0x47d4a0 CreatePopupMenu
0x47d4a4 AppendMenuA
0x47d4a8 ModifyMenuA
0x47d4ac CreateMenu
0x47d4b4 GetDlgCtrlID
0x47d4b8 GetSubMenu
0x47d4bc EnableMenuItem
0x47d4c0 ClientToScreen
0x47d4c8 LoadImageA
0x47d4d0 ShowWindow
0x47d4d4 IsWindowEnabled
0x47d4dc GetKeyState
0x47d4e4 PostQuitMessage
0x47d4e8 IsZoomed
0x47d4ec GetClassInfoA
0x47d4f0 DefWindowProcA
0x47d4f4 GetSystemMenu
0x47d4f8 DeleteMenu
0x47d4fc GetMenu
0x47d500 SetMenu
0x47d504 PeekMessageA
0x47d508 GetWindowTextA
0x47d510 CharUpperA
0x47d514 GetWindowDC
0x47d518 BeginPaint
0x47d51c EndPaint
0x47d520 TabbedTextOutA
0x47d524 DrawTextA
0x47d528 GrayStringA
0x47d52c GetDlgItem
0x47d530 DestroyWindow
0x47d538 EndDialog
0x47d53c GetNextDlgTabItem
0x47d540 GetWindowPlacement
0x47d548 GetForegroundWindow
0x47d54c GetLastActivePopup
0x47d550 GetMessageTime
0x47d554 RemovePropA
0x47d558 CallWindowProcA
0x47d55c GetPropA
0x47d560 UnhookWindowsHookEx
0x47d564 SetPropA
0x47d568 GetClassLongA
0x47d56c CallNextHookEx
0x47d570 SetWindowsHookExA
0x47d574 CreateWindowExA
0x47d578 GetMenuItemID
0x47d57c UnregisterClassA
0x47d580 RegisterClassA
0x47d584 GetScrollPos
0x47d588 AdjustWindowRectEx
0x47d58c MapWindowPoints
0x47d590 SendDlgItemMessageA
0x47d594 ScrollWindowEx
0x47d598 IsDialogMessageA
0x47d59c SetWindowTextA
0x47d5a0 MoveWindow
0x47d5a4 CheckMenuItem
0x47d5a8 SetMenuItemBitmaps
0x47d5ac GetMenuState
0x47d5b4 GetClassNameA
0x47d5b8 GetDesktopWindow
0x47d5bc LoadStringA
0x47d5c0 GetSysColorBrush
0x47d5c4 IsIconic
0x47d5c8 SetFocus
0x47d5cc GetActiveWindow
0x47d5d0 GetWindow
0x47d5d8 SetWindowRgn
0x47d5dc GetMessagePos
0x47d5e0 ScreenToClient
0x47d5e8 CopyRect
0x47d5ec LoadBitmapA
0x47d5f0 WinHelpA
0x47d5f4 KillTimer
0x47d5f8 SetTimer
库: GDI32.dll:
0x47d024 SelectClipRgn
0x47d028 DeleteObject
0x47d02c CreateDIBitmap
0x47d034 CreatePalette
0x47d038 StretchBlt
0x47d03c SelectPalette
0x47d040 RealizePalette
0x47d044 GetDIBits
0x47d048 GetWindowExtEx
0x47d04c GetViewportOrgEx
0x47d050 GetWindowOrgEx
0x47d054 BeginPath
0x47d058 EndPath
0x47d05c PathToRegion
0x47d060 CreateEllipticRgn
0x47d064 CreateRoundRectRgn
0x47d068 GetTextColor
0x47d06c GetBkMode
0x47d070 GetBkColor
0x47d074 GetROP2
0x47d078 GetStretchBltMode
0x47d07c GetPolyFillMode
0x47d084 CreateDCA
0x47d088 CreateBitmap
0x47d08c SelectObject
0x47d090 GetObjectA
0x47d094 CreatePen
0x47d098 PatBlt
0x47d09c CombineRgn
0x47d0a0 CreateRectRgn
0x47d0a4 CreatePolygonRgn
0x47d0a8 CreateSolidBrush
0x47d0ac GetStockObject
0x47d0b0 CreateFontIndirectA
0x47d0b4 EndPage
0x47d0b8 EndDoc
0x47d0bc DeleteDC
0x47d0c0 StartDocA
0x47d0c4 StartPage
0x47d0c8 BitBlt
0x47d0cc CreateCompatibleDC
0x47d0d0 Ellipse
0x47d0d4 Rectangle
0x47d0d8 LPtoDP
0x47d0dc DPtoLP
0x47d0e0 GetCurrentObject
0x47d0e4 RoundRect
0x47d0ec GetDeviceCaps
0x47d0f0 SaveDC
0x47d0f4 RestoreDC
0x47d0f8 SetBkMode
0x47d0fc SetPolyFillMode
0x47d100 SetROP2
0x47d104 SetTextColor
0x47d108 SetMapMode
0x47d10c SetViewportOrgEx
0x47d110 OffsetViewportOrgEx
0x47d114 SetViewportExtEx
0x47d118 ScaleViewportExtEx
0x47d11c SetWindowOrgEx
0x47d120 SetWindowExtEx
0x47d124 ScaleWindowExtEx
0x47d128 GetClipBox
0x47d12c ExcludeClipRect
0x47d130 MoveToEx
0x47d134 LineTo
0x47d138 GetClipRgn
0x47d13c SetStretchBltMode
0x47d144 SetBkColor
0x47d148 FillRgn
0x47d14c GetTextMetricsA
0x47d150 Escape
0x47d154 ExtTextOutA
0x47d158 TextOutA
0x47d15c RectVisible
0x47d160 PtVisible
0x47d164 GetViewportExtEx
0x47d168 ExtSelectClipRgn
库: WINMM.dll:
0x47d600 midiStreamRestart
0x47d604 midiStreamClose
0x47d608 midiOutReset
0x47d60c midiStreamStop
0x47d610 midiStreamOut
0x47d618 midiStreamProperty
0x47d61c midiStreamOpen
0x47d624 waveOutOpen
0x47d628 waveOutGetNumDevs
0x47d62c waveOutClose
0x47d630 waveOutReset
0x47d634 waveOutPause
0x47d638 waveOutWrite
库: WINSPOOL.DRV:
0x47d648 ClosePrinter
0x47d64c DocumentPropertiesA
0x47d650 OpenPrinterA
库: ADVAPI32.dll:
0x47d000 RegCloseKey
0x47d004 RegOpenKeyExA
0x47d008 RegSetValueExA
0x47d00c RegQueryValueA
0x47d010 RegCreateKeyExA
库: SHELL32.dll:
0x47d388 ShellExecuteA
0x47d38c Shell_NotifyIconA
库: ole32.dll:
0x47d694 OleInitialize
0x47d698 OleUninitialize
0x47d69c CLSIDFromString
库: OLEAUT32.dll:
0x47d378 UnRegisterTypeLib
0x47d37c RegisterTypeLib
0x47d380 LoadTypeLib
库: COMCTL32.dll:
0x47d018 ImageList_Destroy
0x47d01c None
库: WS2_32.dll:
0x47d658 recvfrom
0x47d65c ioctlsocket
0x47d660 recv
0x47d664 getpeername
0x47d668 accept
0x47d66c WSAAsyncSelect
0x47d670 closesocket
0x47d674 inet_ntoa
0x47d678 WSACleanup
库: comdlg32.dll:
0x47d680 GetSaveFileNameA
0x47d684 GetOpenFileNameA
0x47d688 ChooseColorA
0x47d68c GetFileTitleA

.text
`.rdata
@.data
.rsrc
8`}<j
T$th
|$`Vj
D$@Sj
L$8h
D$8Rj
l$<VWj
}'h
9^xu5j
T$,Qj
T$0Pj
D$8RPj
D$0h
T$,Qj
NpRQj
t$<Vj
T$<h
D$(hF
D$(h
T$Dhb
没有防病毒引擎扫描信息!

进程树


cs.exe, PID: 2700, 上一级进程 PID: 2340

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 36.937 seconds )

  • 16.407 Static
  • 15.527 Suricata
  • 2.009 VirusTotal
  • 1.981 TargetInfo
  • 0.442 peid
  • 0.358 NetworkAnalysis
  • 0.117 BehaviorAnalysis
  • 0.056 AnalysisInfo
  • 0.019 config_decoder
  • 0.018 Strings
  • 0.003 Memory

Signatures ( 0.211 seconds )

  • 0.028 antiav_detectreg
  • 0.02 md_url_bl
  • 0.019 md_domain_bl
  • 0.014 stealth_file
  • 0.012 infostealer_ftp
  • 0.008 antiav_detectfile
  • 0.007 anomaly_persistence_autorun
  • 0.007 infostealer_im
  • 0.007 ransomware_extensions
  • 0.007 ransomware_files
  • 0.006 antianalysis_detectreg
  • 0.005 api_spamming
  • 0.005 infostealer_bitcoin
  • 0.004 stealth_decoy_document
  • 0.004 stealth_timeout
  • 0.004 infostealer_mail
  • 0.003 tinba_behavior
  • 0.003 antivm_vbox_files
  • 0.003 geodo_banking_trojan
  • 0.003 disables_browser_warn
  • 0.002 rat_nanocore
  • 0.002 betabot_behavior
  • 0.002 cerber_behavior
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.001 network_tor
  • 0.001 bootkit
  • 0.001 mimics_filetime
  • 0.001 reads_self
  • 0.001 ursnif_behavior
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 shifu_behavior
  • 0.001 antivm_generic_disk
  • 0.001 antidbg_windows
  • 0.001 virus
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 darkcomet_regkeys
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 office_security
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_fingerprint
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.974 seconds )

  • 0.769 ReportHTMLSummary
  • 0.205 Malheur
Task ID 557783
Mongo ID 5f0205ae2f8f2e385f663225
Cuckoo release 1.4-Maldun