恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-hpdapp01-2	2020-08-01 13:37:26	2020-08-01 13:38:35	69 秒

魔盾分数

10.0

危险的

文件详细信息

文件名	BlazeCleanerV4.exe
文件大小	11264 字节
文件类型	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	d4bc91c21112405f84257692ee789925
SHA1	1c0f43d3bfe42f00bbb819ea27960d986ec11a92
SHA256	cacf7b21c88cb279760ef05353b98e99234ae64ee0e94bf5639c48a00c7ca462
SHA512	2ca5be3100e268eadd4e1f19f9c6fb9aa2f86a17d949cd66f625b19c4f8766f5c61208acf803e519f13ec28af35f8acbafdf4051ba4a11f0cfe0c523a749e374
CRC32	A95B2183
Ssdeep	192:vYdDgfWb+00Iz+Ijzh7mUxvJ8GUc5tuTpqKi3hYV4:vY9db+FBCzhiqJ8GUc5tuTpqKi3hC4
Yara	登录查看Yara规则
	样本下载提交误报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址	0x00400000
入口地址	0x004035e2
声明校验值	0x00000000
实际校验值	0x00008051
最低操作系统版本要求	4.0
PDB路径	C:\Users\hasan\Downloads\Fortnite-Cheat-Stuff-master\Fortnite-Cheat-Stuff-master\Pasted Spoofer Source\Your First Pasted Spoofer\obj\Debug\BlazeCleanerV4.pdb
编译时间	2046-10-11 16:35:36
载入哈希	f34d5f2d4577ed6d9ceec516c1f5a744

版本信息

Translation
LegalCopyright
Assembly Version
InternalName
FileVersion
CompanyName
LegalTrademarks
Comments
ProductName
ProductVersion
FileDescription
OriginalFilename

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00002000	0x000015e8	0x00001600	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	5.06
.rsrc	0x00004000	0x00001004	0x00001200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.71
.reloc	0x00006000	0x0000000c	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	0.08

导入

库: mscoree.dll:

• 0x402000 _CorExeMain

装载信息

名称	BlazeCleanerV4
版本	1.0.0.0

装载参考

名称	版本
mscorlib	4.0.0.0
System	4.0.0.0

自定义属性

类型	名称	值
Assembly	[mscorlib]System.Reflection.AssemblyTitleAttribute	BlazeCleaner
Assembly	[mscorlib]System.Reflection.AssemblyProductAttribute	BlazeCleaner
Assembly	[mscorlib]System.Reflection.AssemblyCopyrightAttribute	Copyright \xc2\xa9 20
Assembly	[mscorlib]System.Runtime.InteropServices.GuidAttribute	9314a34d-eaf0-49b0-bebc-0a77a6bb02
Assembly	[mscorlib]System.Reflection.AssemblyFileVersionAttribute	1.0.0

类型参考

装载	类型名称
System	System.Diagnostics.Process
System	System.Diagnostics.ProcessStartInfo
System	System.Diagnostics.ProcessWindowStyle
System	System.Net.WebClient
mscorlib	System.Console
mscorlib	System.ConsoleColor
mscorlib	System.ConsoleKeyInfo
mscorlib	System.Diagnostics.DebuggableAttribute
mscorlib	System.Diagnostics.DebuggableAttribute/DebuggingModes
mscorlib	System.IO.File
mscorlib	System.Object
mscorlib	System.Reflection.AssemblyCompanyAttribute
mscorlib	System.Reflection.AssemblyConfigurationAttribute
mscorlib	System.Reflection.AssemblyCopyrightAttribute
mscorlib	System.Reflection.AssemblyDescriptionAttribute
mscorlib	System.Reflection.AssemblyFileVersionAttribute
mscorlib	System.Reflection.AssemblyProductAttribute
mscorlib	System.Reflection.AssemblyTitleAttribute
mscorlib	System.Reflection.AssemblyTrademarkAttribute
mscorlib	System.Runtime.CompilerServices.CompilationRelaxationsAttribute
mscorlib	System.Runtime.CompilerServices.RuntimeCompatibilityAttribute
mscorlib	System.Runtime.InteropServices.ComVisibleAttribute
mscorlib	System.Runtime.InteropServices.GuidAttribute
mscorlib	System.Runtime.Versioning.TargetFrameworkAttribute
mscorlib	System.String
mscorlib	System.Threading.Thread

.text
`.rsrc
@.reloc
v4.0.30319
#Strings
#GUID
#Blob
BlazeCleanerV4
<Module>
DrawASCII
System.IO
mscorlib
Thread
DownloadFile
Console
set_Title
set_WindowStyle
ProcessWindowStyle
set_FileName
ReadLine
WriteLine
Close
Delete
Write
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
BlazeCleanerV4.exe
Blaze
System.Threading
System.Runtime.Versioning
String
Program
System
System.Reflection
ResetOption
get_StartInfo
ProcessStartInfo
ConsoleKeyInfo
Sleep
Clear
number
set_ForegroundColor
ConsoleColor
.ctor
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
Process
Object
System.Net
WebClient
Start
HashText
OptionText
set_CreateNoWindow
ReadKey
op_Equality
BlazeCleanerV4
  2020
$9314a34d-eaf0-49b0-bebc-0a77a6bb02b0
1.0.0.0
.NET Framework 4.7.2
C:\Users\hasan\Downloads\Fortnite-Cheat-Stuff-master\Fortnite-Cheat-Stuff-master\Pasted Spoofer Source\Your First Pasted Spoofer\obj\Debug\BlazeCleanerV4.pdb
_CorExeMain
mscoree.dll
Ok retard maybe type right next time
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
BlazeCleanerV4
FileVersion
1.0.0.0
InternalName
BlazeCleanerV4.exe
LegalCopyright
  2020
LegalTrademarks
OriginalFilename
BlazeCleanerV4.exe
ProductName
BlazeCleanerV4
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0

防病毒引擎/厂商	病毒名/规则匹配	病毒库日期
Bkav	未发现病毒	20200801
DrWeb	未发现病毒	20200801
ClamAV	未发现病毒	20200731
CMC	未发现病毒	20200801
CAT-QuickHeal	未发现病毒	20200731
McAfee	Artemis!D4BC91C21112	20200801
Malwarebytes	未发现病毒	20200801
Zillya	未发现病毒	20200731
Sangfor	未发现病毒	20200423
K7AntiVirus	未发现病毒	20200731
Alibaba	未发现病毒	20190527
K7GW	未发现病毒	20200801
Cybereason	未发现病毒	20190616
Arcabit	Trojan.Generic.D298E209	20200801
TrendMicro	未发现病毒	20200801
BitDefenderTheta	未发现病毒	20200730
Cyren	未发现病毒	20200801
Symantec	未发现病毒	20200731
ESET-NOD32	a variant of MSIL/TrojanDownloader.Small.CFU	20200801
Zoner	未发现病毒	20200731
TrendMicro-HouseCall	未发现病毒	20200801
Paloalto	未发现病毒	20200801
Cynet	未发现病毒	20200728
Kaspersky	未发现病毒	20200801
BitDefender	Trojan.GenericKD.43573769	20200801
NANO-Antivirus	未发现病毒	20200801
ViRobot	未发现病毒	20200731
SUPERAntiSpyware	未发现病毒	20200731
MicroWorld-eScan	Trojan.GenericKD.43573769	20200801
Avast	FileRepMalware	20200801
Tencent	未发现病毒	20200801
Ad-Aware	Trojan.GenericKD.43573769	20200801
Sophos	未发现病毒	20200801
Comodo	未发现病毒	20200728
F-Secure	未发现病毒	20200801
Baidu	未发现病毒	20190318
VIPRE	未发现病毒	20200801
Invincea	未发现病毒	20200502
Trapmine	未发现病毒	20200727
FireEye	Trojan.GenericKD.43573769	20200801
Emsisoft	Trojan.GenericKD.43573769 (B)	20200801
Ikarus	Win32.Outbreak	20200731
F-Prot	未发现病毒	20200801
Jiangmin	未发现病毒	20200801
Webroot	未发现病毒	20200801
Avira	未发现病毒	20200801
Fortinet	未发现病毒	20200729
Antiy-AVL	未发现病毒	20200801
Kingsoft	未发现病毒	20200801
Endgame	未发现病毒	20200727
Microsoft	未发现病毒	20200801
AegisLab	未发现病毒	20200801
ZoneAlarm	未发现病毒	20200801
Avast-Mobile	未发现病毒	20200801
TACHYON	未发现病毒	20200801
AhnLab-V3	未发现病毒	20200801
Acronis	未发现病毒	20200603
VBA32	未发现病毒	20200731
ALYac	未发现病毒	20200801
MAX	malware (ai score=80)	20200801
Cylance	未发现病毒	20200801
APEX	Malicious	20200801
Rising	未发现病毒	20200801
Yandex	未发现病毒	20200707
SentinelOne	DFI - Malicious PE	20200724
eGambit	未发现病毒	20200801
GData	Trojan.GenericKD.43573769	20200801
MaxSecure	Trojan.Malware.300983.susgen	20200622
AVG	FileRepMalware	20200801
Panda	未发现病毒	20200731
CrowdStrike	win/malicious_confidence_60% (W)	20190702
Qihoo-360	未发现病毒	20200801

进程树

BlazeCleanerV4.exe id: 2716

搜索
BlazeCleanerV4.exe (2716)

BlazeCleanerV4.exe, PID: 2716, 上一级进程 PID: 2324

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 19.354 seconds )

15.49 Suricata
1.629 VirusTotal
0.678 Static
0.426 peid
0.355 NetworkAnalysis
0.34 TargetInfo
0.189 BehaviorAnalysis
0.171 static_dotnet
0.067 AnalysisInfo
0.006 Strings
0.003 Memory

Signatures ( 0.203 seconds )

0.022 antiav_detectreg
0.018 md_domain_bl
0.018 md_url_bl
0.011 infostealer_ftp
0.01 antiav_detectfile
0.009 api_spamming
0.007 anomaly_persistence_autorun
0.007 stealth_timeout
0.007 infostealer_bitcoin
0.007 infostealer_im
0.007 ransomware_files
0.006 stealth_decoy_document
0.006 ransomware_extensions
0.005 antianalysis_detectreg
0.004 antivm_vbox_files
0.004 infostealer_mail
0.003 tinba_behavior
0.003 geodo_banking_trojan
0.003 disables_browser_warn
0.002 antiemu_wine_func
0.002 rat_nanocore
0.002 betabot_behavior
0.002 infostealer_browser_password
0.002 cerber_behavior
0.002 kovter_behavior
0.002 bot_drive
0.002 browser_security
0.002 modify_proxy
0.002 md_bad_drop
0.001 hawkeye_behavior
0.001 network_tor
0.001 bootkit
0.001 mimics_filetime
0.001 stealth_file
0.001 injection_createremotethread
0.001 antivm_generic_services
0.001 reads_self
0.001 ursnif_behavior
0.001 kibex_behavior
0.001 antivm_generic_scsi
0.001 shifu_behavior
0.001 antivm_generic_disk
0.001 virus
0.001 antianalysis_detectfile
0.001 antidbg_devices
0.001 antivm_parallels_keys
0.001 antivm_xen_keys
0.001 banker_zeus_mutex
0.001 bot_drive2
0.001 browser_addon
0.001 disables_system_restore
0.001 disables_windows_defender
0.001 maldun_malicious_drop_executable_file_to_temp_folder
0.001 rat_pcclient
0.001 stealth_modify_uac_prompt

Reporting ( 1.128 seconds )

0.856 ReportHTMLSummary
0.272 Malheur


Task ID	564223
Mongo ID	5f24fff42f8f2e019c566e36
Cuckoo release	1.4-Maldun