恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-shaapp02-1	2020-09-25 16:50:19	2020-09-25 16:50:20	1 秒

魔盾分数

10.0

Dialer病毒

文件详细信息

文件名	复件 1151937_ex.exe
文件大小	100864 字节
文件类型	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	9263501eaf4ee12cfde17e0a52c56514
SHA1	68e414bc92470019aaca35a1b3d3039e1e749be5
SHA256	5be6956f89dc28abc839fa9ac5a3a9d01e5e1ed66387e57386feb186d78a8ffc
SHA512	10b070e3eb933e336efcf2a50334a85695700035b0d89ea420c3a2c3817149db11a86115764a26449e3383c2b2222cef6fb2a487141e83787d92299d9cae4eb1
CRC32	F2561A92
Ssdeep	3072:j0GjoP/qHGp3cFIDwtlcdqz6/f11kUaUz:AGjE/qfF1lkOSf1aUa
Yara	登录查看Yara规则
	样本下载提交误报

登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址	0x10000000
入口地址	0x100118ba
声明校验值	0x00000000
实际校验值	0x0001c333
最低操作系统版本要求	4.0
编译时间	2008-05-19 01:28:34
载入哈希	5c38312da54af04f6a40592477000188
导出DLL库名称	\x31\x31\x39\x31\x31\x31\x31\x34\x31\x31\x31

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
PrivateBuild
LegalTrademarks
Comments
ProductName
SpecialBuild
ProductVersion
FileDescription
OriginalFilename
Translation

PEiD 规则

[u'Armadillo v1.xx - v2.xx']

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x00010e55	0x00011000	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.46
.rdata	0x00012000	0x000037be	0x00003800	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.33
.data	0x00016000	0x000020f8	0x00001c00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	3.76
.rsrc	0x00019000	0x00000fa0	0x00001000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	3.74
.reloc	0x0001a000	0x0000111c	0x00001200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	5.62

导入

库: KERNEL32.dll:

• 0x100120ec GetProcessHeap

• 0x100120f0 MapViewOfFile

• 0x100120f4 CreateFileMappingA

• 0x100120f8 HeapAlloc

• 0x100120fc UnmapViewOfFile

• 0x10012100 GlobalFree

• 0x10012104 GlobalUnlock

• 0x10012108 GlobalLock

• 0x1001210c GlobalAlloc

• 0x10012110 GlobalSize

• 0x10012114 GetStartupInfoA

• 0x10012118 CreatePipe

• 0x1001211c DisconnectNamedPipe

• 0x10012120 TerminateProcess

• 0x10012124 PeekNamedPipe

• 0x10012128 WaitForMultipleObjects

• 0x1001212c SizeofResource

• 0x10012130 LoadResource

• 0x10012134 OpenProcess

• 0x10012138 HeapFree

• 0x1001213c LoadLibraryExA

• 0x10012140 GetModuleHandleA

• 0x10012144 SetFileAttributesA

• 0x10012148 ReleaseMutex

• 0x1001214c OpenEventA

• 0x10012150 SetErrorMode

• 0x10012154 CreateMutexA

• 0x10012158 SetUnhandledExceptionFilter

• 0x1001215c FreeConsole

• 0x10012160 LocalSize

• 0x10012164 Process32Next

• 0x10012168 Process32First

• 0x1001216c CreateToolhelp32Snapshot

• 0x10012170 lstrcmpiA

• 0x10012174 GetCurrentThreadId

• 0x10012178 VirtualAllocEx

• 0x1001217c WriteProcessMemory

• 0x10012180 CreateRemoteThread

• 0x10012184 GetLocalTime

• 0x10012188 GetTickCount

• 0x1001218c DeviceIoControl

• 0x10012190 MoveFileExA

• 0x10012194 GetCurrentProcess

• 0x10012198 GetSystemDirectoryA

• 0x1001219c SetLastError

• 0x100121a0 GetModuleFileNameA

• 0x100121a4 MoveFileA

• 0x100121a8 WriteFile

• 0x100121ac SetFilePointer

• 0x100121b0 ReadFile

• 0x100121b4 CreateFileA

• 0x100121b8 GetFileSize

• 0x100121bc RemoveDirectoryA

• 0x100121c0 LocalAlloc

• 0x100121c4 FindFirstFileA

• 0x100121c8 LocalReAlloc

• 0x100121cc FindNextFileA

• 0x100121d0 LocalFree

• 0x100121d4 FindClose

• 0x100121d8 GetLogicalDriveStringsA

• 0x100121dc GetVolumeInformationA

• 0x100121e0 GetDiskFreeSpaceExA

• 0x100121e4 GetDriveTypeA

• 0x100121e8 CreateProcessA

• 0x100121ec GetFileAttributesA

• 0x100121f0 CreateDirectoryA

• 0x100121f4 GetLastError

• 0x100121f8 DeleteFileA

• 0x100121fc GetVersionExA

• 0x10012200 GetPrivateProfileStringA

• 0x10012204 lstrcmpA

• 0x10012208 WideCharToMultiByte

• 0x1001220c MultiByteToWideChar

• 0x10012210 LoadLibraryA

• 0x10012214 GetProcAddress

• 0x10012218 FreeLibrary

• 0x1001221c GetWindowsDirectoryA

• 0x10012220 lstrcatA

• 0x10012224 GetPrivateProfileSectionNamesA

• 0x10012228 lstrlenA

• 0x1001222c Sleep

• 0x10012230 CancelIo

• 0x10012234 InterlockedExchange

• 0x10012238 lstrcpyA

• 0x1001223c ResetEvent

• 0x10012240 VirtualAlloc

• 0x10012244 EnterCriticalSection

• 0x10012248 LeaveCriticalSection

• 0x1001224c VirtualFree

• 0x10012250 DeleteCriticalSection

• 0x10012254 InitializeCriticalSection

• 0x10012258 CreateEventA

• 0x1001225c CreateThread

• 0x10012260 ResumeThread

• 0x10012264 SetEvent

• 0x10012268 WaitForSingleObject

• 0x1001226c TerminateThread

• 0x10012270 CloseHandle

• 0x10012274 FindResourceA

库: USER32.dll:

• 0x10012350 SetCapture

• 0x10012354 WindowFromPoint

• 0x10012358 SetCursorPos

• 0x1001235c mouse_event

• 0x10012360 CloseClipboard

• 0x10012364 SetClipboardData

• 0x10012368 EmptyClipboard

• 0x1001236c OpenClipboard

• 0x10012370 SendMessageA

• 0x10012374 SystemParametersInfoA

• 0x10012378 SetRect

• 0x1001237c MapVirtualKeyA

• 0x10012380 GetDesktopWindow

• 0x10012384 ReleaseDC

• 0x10012388 GetCursorInfo

• 0x1001238c GetCursorPos

• 0x10012390 SetProcessWindowStation

• 0x10012394 OpenWindowStationA

• 0x10012398 GetProcessWindowStation

• 0x1001239c ExitWindowsEx

• 0x100123a0 GetWindowThreadProcessId

• 0x100123a4 IsWindow

• 0x100123a8 BlockInput

• 0x100123ac GetDC

• 0x100123b0 keybd_event

• 0x100123b4 GetSystemMetrics

• 0x100123b8 DispatchMessageA

• 0x100123bc GetKeyNameTextA

• 0x100123c0 CallNextHookEx

• 0x100123c4 SetWindowsHookExA

• 0x100123c8 UnhookWindowsHookEx

• 0x100123cc LoadCursorA

• 0x100123d0 GetClipboardData

• 0x100123d4 DestroyCursor

• 0x100123d8 TranslateMessage

• 0x100123dc GetMessageA

• 0x100123e0 wsprintfA

• 0x100123e4 CharNextA

• 0x100123e8 GetWindowTextA

• 0x100123ec GetActiveWindow

• 0x100123f0 CloseWindow

• 0x100123f4 CreateWindowExA

• 0x100123f8 PostMessageA

• 0x100123fc OpenDesktopA

• 0x10012400 GetThreadDesktop

• 0x10012404 GetUserObjectInformationA

• 0x10012408 OpenInputDesktop

• 0x1001240c SetThreadDesktop

• 0x10012410 CloseDesktop

• 0x10012414 EnumWindows

• 0x10012418 IsWindowVisible

库: GDI32.dll:

• 0x100120b8 BitBlt

• 0x100120bc CreateCompatibleDC

• 0x100120c0 CreateCompatibleBitmap

• 0x100120c4 CreateDIBSection

• 0x100120c8 GetDIBits

• 0x100120cc DeleteObject

• 0x100120d0 SelectObject

• 0x100120d4 DeleteDC

库: ADVAPI32.dll:

• 0x10012000 LsaClose

• 0x10012004 LookupAccountNameA

• 0x10012008 IsValidSid

• 0x1001200c GetTokenInformation

• 0x10012010 LookupAccountSidA

• 0x10012014 SetServiceStatus

• 0x10012018 RegisterServiceCtrlHandlerA

• 0x1001201c StartServiceA

• 0x10012020 RegCreateKeyExA

• 0x10012024 RegDeleteKeyA

• 0x10012028 LsaRetrievePrivateData

• 0x1001202c LsaOpenPolicy

• 0x10012030 LsaFreeMemory

• 0x10012034 RegCloseKey

• 0x10012038 RegQueryValueA

• 0x1001203c RegOpenKeyExA

• 0x10012040 CloseServiceHandle

• 0x10012044 DeleteService

• 0x10012048 ControlService

• 0x1001204c QueryServiceStatus

• 0x10012050 OpenServiceA

• 0x10012054 OpenSCManagerA

• 0x10012058 RegSetValueExA

• 0x1001205c RegCreateKeyA

• 0x10012060 RegQueryValueExA

• 0x10012064 RegOpenKeyA

• 0x10012068 CloseEventLog

• 0x1001206c ClearEventLogA

• 0x10012070 OpenEventLogA

• 0x10012074 AdjustTokenPrivileges

• 0x10012078 LookupPrivilegeValueA

• 0x1001207c OpenProcessToken

• 0x10012080 FreeSid

• 0x10012084 SetSecurityDescriptorDacl

• 0x10012088 AddAccessAllowedAce

• 0x1001208c InitializeAcl

• 0x10012090 GetLengthSid

• 0x10012094 AllocateAndInitializeSid

• 0x10012098 InitializeSecurityDescriptor

• 0x1001209c RegEnumValueA

• 0x100120a0 RegEnumKeyExA

• 0x100120a4 RegDeleteValueA

库: SHELL32.dll:

• 0x1001233c SHGetSpecialFolderPathA

• 0x10012340 SHGetFileInfoA

库: SHLWAPI.dll:

• 0x10012348 SHDeleteKeyA

库: MSVCRT.dll:

• 0x100122a8 _strnicmp

• 0x100122ac _strcmpi

• 0x100122b0 _adjust_fdiv

• 0x100122b4 _initterm

• 0x100122b8 ??1type_info@@UAE@XZ

• 0x100122bc calloc

• 0x100122c0 _beginthreadex

• 0x100122c4 wcstombs

• 0x100122c8 atoi

• 0x100122cc realloc

• 0x100122d0 strncat

• 0x100122d4 strncpy

• 0x100122d8 strrchr

• 0x100122dc _except_handler3

• 0x100122e0 free

• 0x100122e4 malloc

• 0x100122e8 strchr

• 0x100122ec _CxxThrowException

• 0x100122f0 strstr

• 0x100122f4 _ftol

• 0x100122f8 ceil

• 0x100122fc memmove

• 0x10012300 __CxxFrameHandler

• 0x10012304 ??3@YAXPAX@Z

• 0x10012308 ??2@YAPAXI@Z

库: WINMM.dll:

• 0x10012434 waveOutClose

• 0x10012438 waveOutReset

• 0x1001243c waveInClose

• 0x10012440 waveInUnprepareHeader

• 0x10012444 waveInReset

• 0x10012448 waveInStop

• 0x1001244c waveOutWrite

• 0x10012450 waveInStart

• 0x10012454 waveInAddBuffer

• 0x10012458 waveInPrepareHeader

• 0x1001245c waveOutGetNumDevs

• 0x10012460 waveInOpen

• 0x10012464 waveInGetNumDevs

• 0x10012468 waveOutPrepareHeader

• 0x1001246c waveOutUnprepareHeader

• 0x10012470 waveOutOpen

库: WS2_32.dll:

• 0x10012478 gethostname

• 0x1001247c send

• 0x10012480 select

• 0x10012484 WSACleanup

• 0x10012488 WSAIoctl

• 0x1001248c setsockopt

• 0x10012490 connect

• 0x10012494 htons

• 0x10012498 gethostbyname

• 0x1001249c socket

• 0x100124a0 ntohs

• 0x100124a4 recv

• 0x100124a8 getsockname

• 0x100124ac closesocket

• 0x100124b0 WSAStartup

库: MSVCP60.dll:

• 0x1001227c ?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z

• 0x10012280 ?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

• 0x10012284 ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

• 0x10012288 ?_Xran@std@@YAXXZ

• 0x1001228c ?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ

• 0x10012290 ?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

• 0x10012294 ?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z

• 0x10012298 ?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z

• 0x1001229c ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

• 0x100122a0 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

库: IMM32.dll:

• 0x100120dc ImmReleaseContext

• 0x100120e0 ImmGetContext

• 0x100120e4 ImmGetCompositionStringA

库: WININET.dll:

• 0x10012420 InternetOpenA

• 0x10012424 InternetOpenUrlA

• 0x10012428 InternetReadFile

• 0x1001242c InternetCloseHandle

库: AVICAP32.dll:

• 0x100120ac capGetDriverDescriptionA

• 0x100120b0 capCreateCaptureWindowA

库: MSVFW32.dll:

• 0x10012310 ICSeqCompressFrame

• 0x10012314 ICSendMessage

• 0x10012318 ICOpen

• 0x1001231c ICClose

• 0x10012320 ICCompressorFree

• 0x10012324 ICSeqCompressFrameEnd

• 0x10012328 ICSeqCompressFrameStart

库: PSAPI.DLL:

• 0x10012330 GetModuleFileNameExA

• 0x10012334 EnumProcessModules

库: WTSAPI32.dll:

• 0x100124b8 WTSFreeMemory

• 0x100124bc WTSQuerySessionInformationA

导出

序列	地址	名称
1	0x1000a230	ResetSSDT
2	0x1000a240	ServiceMain

.text
`.rdata
@.data
.rsrc
@.reloc
SUVWj
L$$Pj
L$8Pj
D$lRPj
D$(RPj
T$ QRj
SUVWj
wQt1-
NLRPj
D$ Pj
NPRPUSj
QWRVj
T$|Qj
D$$SVh 
L$4Qj
L$4Qj
L$$Qj
T$,Vj
SUVWj
L$ RUPj
 deflate 1.1.4 Copyright 1995-2002 Jean-loup Gailly 
 inflate 1.1.4 Copyright 1995-2002 Mark Adler 
CreateEventA
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
ResetEvent
lstrcpyA
InterlockedExchange
CancelIo
Sleep
lstrlenA
GetPrivateProfileSectionNamesA
lstrcatA
GetWindowsDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
GetVersionExA
DeleteFileA
GetLastError
CreateDirectoryA
GetFileAttributesA
CreateProcessA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
GetFileSize
CreateFileA
ReadFile
SetFilePointer
WriteFile
MoveFileA
GetModuleFileNameA
SetLastError
GetSystemDirectoryA
GetCurrentProcess
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
MoveFileExA
GetTickCount
GetLocalTime
HeapFree
GetProcessHeap
MapViewOfFile
CreateFileMappingA
HeapAlloc
UnmapViewOfFile
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
SizeofResource
LoadResource
FindResourceA
DeviceIoControl
LoadLibraryExA
GetModuleHandleA
SetFileAttributesA
ReleaseMutex
OpenEventA
SetErrorMode
CreateMutexA
SetUnhandledExceptionFilter
FreeConsole
LocalSize
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
GetCurrentThreadId
KERNEL32.dll
DispatchMessageA
TranslateMessage
GetMessageA
wsprintfA
CharNextA
GetWindowTextA
GetActiveWindow
GetKeyNameTextA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
LoadCursorA
DestroyCursor
BlockInput
SystemParametersInfoA
SendMessageA
keybd_event
MapVirtualKeyA
SetCapture
WindowFromPoint
SetCursorPos
mouse_event
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
GetSystemMetrics
SetRect
GetDC
GetDesktopWindow
ReleaseDC
GetCursorInfo
GetCursorPos
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
ExitWindowsEx
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop
OpenDesktopA
PostMessageA
CreateWindowExA
CloseWindow
IsWindow
USER32.dll
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
DeleteDC
BitBlt
GetDIBits
CreateCompatibleBitmap
GDI32.dll
IsValidSid
LookupAccountNameA
LsaClose
LsaRetrievePrivateData
LsaOpenPolicy
LsaFreeMemory
RegCloseKey
RegQueryValueA
RegOpenKeyExA
CloseServiceHandle
DeleteService
ControlService
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegSetValueExA
RegCreateKeyA
RegQueryValueExA
RegOpenKeyA
CloseEventLog
ClearEventLogA
OpenEventLogA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
FreeSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
StartServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
LookupAccountSidA
GetTokenInformation
ADVAPI32.dll
SHGetSpecialFolderPathA
SHGetFileInfoA
SHELL32.dll
SHDeleteKeyA
SHLWAPI.dll
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
memmove
_ftol
strstr
_CxxThrowException
strchr
malloc
_except_handler3
strrchr
strncpy
strncat
realloc
wcstombs
_beginthreadex
calloc
MSVCRT.dll
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
waveOutClose
waveOutUnprepareHeader
waveOutReset
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveOutWrite
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
WINMM.dll
WSAIoctl
WS2_32.dll
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
MSVCP60.dll
ImmReleaseContext
ImmGetCompositionStringA
ImmGetContext
IMM32.dll
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA
WININET.dll
capGetDriverDescriptionA
capCreateCaptureWindowA
ICSeqCompressFrame
ICSeqCompressFrameStart
ICSendMessage
ICOpen
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
AVICAP32.dll
MSVFW32.dll
GetModuleFileNameExA
EnumProcessModules
PSAPI.DLL
WTSFreeMemory
WTSQuerySessionInformationA
WTSAPI32.dll
_strnicmp
_strcmpi
svchost.dll
ResetSSDT
ServiceMain
bad Allocate
bad buffer
%s\%s
Microsoft\Network\Connections\pbk\rasphone.pbk
\Application Data\Microsoft\Network\Connections\pbk\rasphone.pbk
Documents and Settings\
ConvertSidToStringSidA
advapi32.dll
L$_RasDefaultCredentials#0
RasDialParams!%s#0
Device
PhoneNumber
DialParamsUID
WinSta0\Default
%s\shell\open\command
%s\*.*
%s%s%s
%s%s*.*
SYSTEM\CurrentControlSet\Services\%s
InstallModule
RegSetValueEx(start)
SYSTEM\CurrentControlSet\Services\
RegQueryValueEx(Type)
\syslog.dat
Gh0st Update
Applications\iexplore.exe\shell\open\command
System
Security
Application
SeDebugPrivilege
CloseHandle
Sleep
kernel32.dll
SHDeleteKeyA
shlwapi.dll
CloseServiceHandle
DeleteService
StartServiceA
ControlService
QueryServiceStatus
OpenServiceA
OpenSCManagerA
winlogon.exe
%d.bak
ex.dll
_kaspersky
REG_BINARY
REG_MULTI_SZ
REG_DWORD
REG_EXPAND_SZ
REG_SZ
\cmd.exe
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
Mozilla/4.0 (compatible)
https://
http://
HARDWARE\DESCRIPTION\System\CentralProcessor\0
KeServiceDescriptorTable
ntdll.dll
NtQuerySystemInformation
\\.\RESSDTDOS
Global\Gh0st %d
winsta0
AAAAAA
SeShutdownPrivilege
explorer.exe
Winlogon
CVideoCap
#32770
1.1.4
need dictionary
incorrect data check
incorrect header check
invalid window size
unknown compression method
invalid bit length repeat
too many length or distance symbols
invalid stored block lengths
invalid block type
incompatible version
buffer error
insufficient memory
data error
stream error
file error
stream end
invalid distance code
invalid literal/length code
incomplete dynamic bit lengths tree
oversubscribed dynamic bit lengths tree
incomplete literal/length tree
oversubscribed literal/length tree
empty distance tree with lengths
incomplete distance tree
oversubscribed distance tree
.?AVtype_info@@
.text
h.rdata
H.data
.reloc
e:\gh0st\server\sys\i386\RESSDT.pdb
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
_except_handler3
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
KeTickCount
ntoskrnl.exe
323a3
>m?|?
>)>L>
6 6,686D6P6\6
;4;@;\;
jjjjjjjjh
jjjjh
\Device\RESSDT
\??\RESSDTDOS
VS_VERSION_INFO
StringFileInfo
080404b0
Comments
CompanyName
Microsoft Corporation
FileDescription
Device Protect Application
FileVersion
3, 5, 0, 0
InternalName
Microsoft(R) Windows(R) Operating System
LegalCopyright
Copyright ? 2008
LegalTrademarks
OriginalFilename
svchost.dll
PrivateBuild
ProductName
Microsoft(R) Windows(R) Operating System
ProductVersion
3, 5, 0, 0
SpecialBuild
VarFileInfo
Translation

防病毒引擎/厂商	病毒名/规则匹配	病毒库日期
Bkav	W32.OnlineGameJKLF.Trojan	20180112
MicroWorld-eScan	Generic.PcClient2.5D42C954	20180113
nProtect	Trojan/W32.Dialer.100864.D	20180113
CMC	Generic.Win32.9263501eaf!CMCRadar	20180111
CAT-QuickHeal	Backdoor.Farfli.K5	20180113
McAfee	Generic BackDoor.t	20180113
Malwarebytes	未发现病毒	20180113
VIPRE	Backdoor.Win32.Farfli.k.dll (v)	20180113
K7AntiVirus	Trojan ( 005189541 )	20180113
K7GW	Trojan ( 005189541 )	20180112
TheHacker	Trojan/Dialer.bib	20180112
Arcabit	Generic.PcClient2.5D42C954	20180113
TrendMicro	TROJ_REDOS.SM2	20180113
Baidu	Win32.Trojan.Farfli.ai	20180112
F-Prot	W32/OnlineGames.BW.gen!Eldorado	20180113
Symantec	Backdoor.Trojan	20180113
TotalDefense	Win32/Gosht.AY	20180113
TrendMicro-HouseCall	TROJ_REDOS.SM2	20180113
Paloalto	未发现病毒	20180113
ClamAV	Win.Trojan.Agent-36272	20180113
Kaspersky	Trojan.Win32.Dialer.bib	20180113
BitDefender	Generic.PcClient2.5D42C954	20180113
NANO-Antivirus	Trojan.Win32.MLW.cetwi	20180113
ViRobot	Trojan.Win32.Dialer.100864	20180113
SUPERAntiSpyware	Trojan.Agent/Gen-WebGame	20180113
Rising	Backdoor.Farfli!1.6495 (CLASSIC)	20180113
Ad-Aware	Generic.PcClient2.5D42C954	20180113
Emsisoft	Generic.PcClient2.5D42C954 (B)	20180113
Comodo	TrojWare.Win32.Dialer.~KA	20180113
F-Secure	Generic.PcClient2.5D42C954	20180113
DrWeb	BackDoor.Siggen.52105	20180113
Zillya	Trojan.Dialer.Win32.11	20180112
Invincea	heuristic	20170914
McAfee-GW-Edition	BehavesLike.Win32.Backdoor.nh	20180113
Sophos	Mal/Whybo-A	20180113
SentinelOne	static engine - malicious	20171224
Cyren	W32/OnlineGames.BW.gen!Eldorado	20180113
Jiangmin	Trojan/Dialer.kgg	20180113
Webroot	W32.Farfli.Gen	20180113
Avira	TR/Rootkit.Gen	20180113
Antiy-AVL	Trojan[Rootkit]/Win32.Ressdt	20180113
Kingsoft	Win32.Hack.PcClientT.bc.96768	20180113
Microsoft	Backdoor:Win32/PcClient	20180113
Endgame	malicious (high confidence)	20171130
AegisLab	Troj.W32.Dialer.bib!c	20180113
ZoneAlarm	Trojan.Win32.Dialer.bib	20180113
Avast-Mobile	未发现病毒	20180113
GData	Generic.PcClient2.5D42C954	20180113
AhnLab-V3	Win-Trojan/Onlinegamehack9.Gen	20180113
ALYac	Spyware.WOW	20180113
AVware	Backdoor.Win32.Farfli.k.dll (v)	20180103
MAX	malware (ai score=100)	20180113
VBA32	Rootkit.Ressdt	20180112
Cylance	Unsafe	20180113
WhiteArmor	未发现病毒	20180110
Panda	Trj/Genetic.gen	20180113
Zoner	未发现病毒	20180113
ESET-NOD32	Win32/Dialer.NEW	20180113
Tencent	Backdoor.Win32.Gh0st.h	20180113
Yandex	Trojan.Dialer!gbhnztbzC4U	20180112
Ikarus	Backdoor.Win32.FirstInj	20180113
eGambit	Trojan.Generic	20180113
Fortinet	W32/Farfli.DZ!tr	20180113
AVG	Win32:Agent-AAMP [Trj]	20180113
Avast	Win32:Agent-AAMP [Trj]	20180113
CrowdStrike	malicious_confidence_100% (D)	20171016
Qihoo-360	Backdoor.Win32.Gh0st.CQ	20180113

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 2.946 seconds )

1.326 Static
1.07 VirusTotal
0.293 peid
0.235 TargetInfo
0.01 AnalysisInfo
0.008 Strings
0.002 BehaviorAnalysis
0.002 Memory

Signatures ( 0.075 seconds )

0.011 antiav_detectreg
0.009 md_url_bl
0.008 md_domain_bl
0.005 anomaly_persistence_autorun
0.005 infostealer_ftp
0.004 antiav_detectfile
0.004 ransomware_files
0.003 disables_browser_warn
0.003 infostealer_bitcoin
0.003 infostealer_im
0.003 ransomware_extensions
0.002 tinba_behavior
0.002 antianalysis_detectreg
0.002 antivm_vbox_files
0.002 infostealer_mail
0.001 rat_nanocore
0.001 cerber_behavior
0.001 geodo_banking_trojan
0.001 bot_drive
0.001 bot_drive2
0.001 browser_security
0.001 modify_proxy
0.001 maldun_malicious_drop_executable_file_to_temp_folder
0.001 md_bad_drop

Reporting ( 0.492 seconds )

0.459 ReportHTMLSummary
0.033 Malheur


Task ID	577660
Mongo ID	5f6daf53dc327b35632294a2
Cuckoo release	1.4-Maldun