比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2020-07-14 13:27:40 2020-07-14 13:28:21 41 秒

魔盾分数

1.4

正常的

文件详细信息

文件名 烛龙.exe
文件大小 459264 字节
文件类型 PE32 executable (console) Intel 80386, for MS Windows
MD5 472e80d5b3778f3d48dc81b558a5faf3
SHA1 595d70eec018d64099a23b9cc3fd37b28d7a73f9
SHA256 e4f6b14419ef77c9d670a2f28ae95d6c6ea15cb8b0f3e1c8040bc1d7cba0153f
SHA512 049dad82e09b9b693fa4351967df71ddeb87497a0c28a1850b2caa931543c5cbdbed5291ec187d1cfe9ab8f4e68cb94f626d0db9c6178c4ee858055c4e41091e
CRC32 44343F76
Ssdeep 6144:735EgwfnnIjxOSBEWUwihyvec5Y1oiLd4akZZkfQVCStbrDo:T5EgWnnQ5GWUbhyveu+o0dPkZafyrU
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0045446c
声明校验值 0x00000000
实际校验值 0x00073082
最低操作系统版本要求 6.0
PDB路径 D:\\xe5\xb7\xa5\xe5\x85\xb7\xe6\xba\x90\xe7\xa0\x81\C#\xe6\xba\x90\xe7\xa0\x81\\xe7\x83\x9b\xe9\xbe\x99\xe5\x85\x8d\xe8\xb4\xb9\xe7\x89\x88\Release\\xe7\x83\x9b\xe9\xbe\x99.pdb
编译时间 2020-07-14 13:26:39
载入哈希 ac4357ac3926fa94809ed9d51f74372c

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00054082 0x00054200 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.03
.rdata 0x00056000 0x00003e0e 0x00004000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.74
.data 0x0005a000 0x00012e84 0x00012c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.90
.rsrc 0x0006d000 0x00002b00 0x00002c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.78
.reloc 0x00070000 0x000023c8 0x00002400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 6.74

导入

库: KERNEL32.dll:
0x456000 WriteProcessMemory
0x456004 ReadProcessMemory
0x45600c GetStdHandle
0x456010 Sleep
0x45601c SetConsoleTitleA
0x456020 GetModuleHandleA
0x456024 FreeConsole
0x456028 CreateThread
0x45602c Process32First
0x456030 Module32Next
0x456034 OpenProcess
0x45603c Process32Next
0x456040 CloseHandle
0x456044 GetLastError
0x456048 TlsGetValue
0x45604c SetLastError
0x456050 TlsFree
0x456054 TlsAlloc
0x456058 TlsSetValue
0x45605c RtlUnwind
0x456068 GetVersion
0x45606c GetCommandLineA
0x456070 IsBadCodePtr
0x456074 SetStdHandle
0x456078 FlushFileBuffers
0x45607c LCMapStringA
0x456080 FreeLibrary
0x456084 WriteFile
0x456088 CreateDirectoryA
0x45608c GetFileSize
0x456090 ReadFile
0x456094 GetLocalTime
0x456098 IsBadReadPtr
0x45609c HeapReAlloc
0x4560a0 ExitProcess
0x4560a4 HeapFree
0x4560ac TerminateThread
0x4560b0 GetExitCodeThread
0x4560b8 GetComputerNameA
0x4560bc LoadLibraryA
0x4560c8 DeviceIoControl
0x4560cc CreateFileA
0x4560d0 RtlMoveMemory
0x4560d4 HeapAlloc
0x4560d8 GetProcessHeap
0x4560dc GetTickCount
0x4560f0 lstrcpyn
0x4560f4 GetProcAddress
0x4560f8 WideCharToMultiByte
0x4560fc MultiByteToWideChar
0x456100 GetModuleHandleW
0x456104 IsDebuggerPresent
0x456108 InitializeSListHead
0x456110 GetCurrentThreadId
0x456114 GetCurrentProcessId
0x456120 TerminateProcess
0x456124 GetCurrentProcess
0x456128 GetStringTypeW
0x45612c GetStringTypeA
0x456130 SetFilePointer
0x456134 GetOEMCP
0x456138 GetACP
0x45613c GetCPInfo
0x456140 IsBadWritePtr
0x456144 VirtualAlloc
0x456148 RaiseException
0x45614c LCMapStringW
0x456158 VirtualFree
0x45615c GetFileType
0x456160 HeapCreate
0x456164 HeapDestroy
0x456168 GetVersionExA
0x456180 GetStartupInfoA
0x456184 GetModuleFileNameA
0x456188 SetHandleCount
库: USER32.dll:
0x4561d0 PeekMessageA
0x4561d4 GetMessageA
0x4561d8 TranslateMessage
0x4561dc DispatchMessageA
0x4561e0 GetAsyncKeyState
0x4561e4 wsprintfA
0x4561e8 MessageBoxA
0x4561ec CloseWindowStation
库: MSVCP140.dll:
库: VCRUNTIME140.dll:
0x4561fc memcpy
0x456200 memset
0x456208 _CxxThrowException
0x45620c __CxxFrameHandler3
0x456210 __std_terminate
0x45621c memmove
0x456220 strstr
0x456224 __current_exception
库: api-ms-win-crt-convert-l1-1-0.dll:
0x45622c atof
库: api-ms-win-crt-stdio-l1-1-0.dll:
0x4562b8 getchar
0x4562bc __p__commode
0x4562c0 _set_fmode
库: api-ms-win-crt-runtime-l1-1-0.dll:
0x456264 _seh_filter_exe
0x456268 terminate
0x45626c _controlfp_s
0x456270 _crt_atexit
0x45627c _set_app_type
0x456284 _c_exit
0x456288 _cexit
0x45628c __p___argv
0x456290 __p___argc
0x456298 _exit
0x45629c exit
0x4562a0 _initterm_e
0x4562a4 _initterm
0x4562b0 system
库: api-ms-win-crt-string-l1-1-0.dll:
0x4562c8 strncpy
库: api-ms-win-crt-heap-l1-1-0.dll:
0x456234 _callnewh
0x456238 malloc
0x45623c _set_new_mode
0x456240 free
库: api-ms-win-crt-math-l1-1-0.dll:
0x456250 _CIatan2
0x456258 __setusermatherr
库: api-ms-win-crt-locale-l1-1-0.dll:
0x456248 _configthreadlocale
.text
`.rdata
@.data
.rsrc
@.reloc
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
没有防病毒引擎扫描信息!
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 21.612 seconds )

  • 15.598 Suricata
  • 2.935 Static
  • 1.685 VirusTotal
  • 0.443 peid
  • 0.441 TargetInfo
  • 0.356 NetworkAnalysis
  • 0.126 AnalysisInfo
  • 0.017 Strings
  • 0.005 Memory
  • 0.004 BehaviorAnalysis
  • 0.002 config_decoder

Signatures ( 0.161 seconds )

  • 0.02 md_domain_bl
  • 0.02 md_url_bl
  • 0.018 antiav_detectreg
  • 0.011 anomaly_persistence_autorun
  • 0.008 antiav_detectfile
  • 0.007 infostealer_ftp
  • 0.007 ransomware_extensions
  • 0.007 ransomware_files
  • 0.005 infostealer_im
  • 0.004 tinba_behavior
  • 0.004 infostealer_bitcoin
  • 0.003 rat_nanocore
  • 0.003 cerber_behavior
  • 0.003 antianalysis_detectreg
  • 0.003 antivm_vbox_files
  • 0.003 disables_browser_warn
  • 0.003 infostealer_mail
  • 0.002 betabot_behavior
  • 0.002 geodo_banking_trojan
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.001 network_tor
  • 0.001 anomaly_persistence_bootexecute
  • 0.001 ursnif_behavior
  • 0.001 kazybot_behavior
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 office_security
  • 0.001 ransomware_radamant
  • 0.001 rat_spynet
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt
  • 0.001 stealth_modify_security_center_warnings

Reporting ( 1.227 seconds )

  • 0.889 ReportHTMLSummary
  • 0.338 Malheur
Task ID 559993
Mongo ID 5f0d42912f8f2e49d82efc04
Cuckoo release 1.4-Maldun