分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2020-09-25 16:50:19 2020-09-25 16:50:20 1 秒

魔盾分数

10.0

Dialer病毒

文件详细信息

文件名 复件 1151937_ex.exe
文件大小 100864 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 9263501eaf4ee12cfde17e0a52c56514
SHA1 68e414bc92470019aaca35a1b3d3039e1e749be5
SHA256 5be6956f89dc28abc839fa9ac5a3a9d01e5e1ed66387e57386feb186d78a8ffc
SHA512 10b070e3eb933e336efcf2a50334a85695700035b0d89ea420c3a2c3817149db11a86115764a26449e3383c2b2222cef6fb2a487141e83787d92299d9cae4eb1
CRC32 F2561A92
Ssdeep 3072:j0GjoP/qHGp3cFIDwtlcdqz6/f11kUaUz:AGjE/qfF1lkOSf1aUa
Yara
  • Detected code injection function with CreateRemoteThread in a remote process
  • Record Audio
  • Remote Administration toolkit using webcam
  • Create or check mutex
  • Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files
  • Detect a DLL sample
样本下载 提交误报

登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

PE 信息

初始地址 0x10000000
入口地址 0x100118ba
声明校验值 0x00000000
实际校验值 0x0001c333
最低操作系统版本要求 4.0
编译时间 2008-05-19 01:28:34
载入哈希 5c38312da54af04f6a40592477000188
导出DLL库名称 \x31\x31\x39\x31\x31\x31\x31\x34\x31\x31\x31

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
PrivateBuild
LegalTrademarks
Comments
ProductName
SpecialBuild
ProductVersion
FileDescription
OriginalFilename
Translation

PEiD 规则

[u'Armadillo v1.xx - v2.xx']

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00010e55 0x00011000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.46
.rdata 0x00012000 0x000037be 0x00003800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.33
.data 0x00016000 0x000020f8 0x00001c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.76
.rsrc 0x00019000 0x00000fa0 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.74
.reloc 0x0001a000 0x0000111c 0x00001200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 5.62

导入

库: KERNEL32.dll:
0x100120ec GetProcessHeap
0x100120f0 MapViewOfFile
0x100120f4 CreateFileMappingA
0x100120f8 HeapAlloc
0x100120fc UnmapViewOfFile
0x10012100 GlobalFree
0x10012104 GlobalUnlock
0x10012108 GlobalLock
0x1001210c GlobalAlloc
0x10012110 GlobalSize
0x10012114 GetStartupInfoA
0x10012118 CreatePipe
0x1001211c DisconnectNamedPipe
0x10012120 TerminateProcess
0x10012124 PeekNamedPipe
0x10012128 WaitForMultipleObjects
0x1001212c SizeofResource
0x10012130 LoadResource
0x10012134 OpenProcess
0x10012138 HeapFree
0x1001213c LoadLibraryExA
0x10012140 GetModuleHandleA
0x10012144 SetFileAttributesA
0x10012148 ReleaseMutex
0x1001214c OpenEventA
0x10012150 SetErrorMode
0x10012154 CreateMutexA
0x1001215c FreeConsole
0x10012160 LocalSize
0x10012164 Process32Next
0x10012168 Process32First
0x10012170 lstrcmpiA
0x10012174 GetCurrentThreadId
0x10012178 VirtualAllocEx
0x1001217c WriteProcessMemory
0x10012180 CreateRemoteThread
0x10012184 GetLocalTime
0x10012188 GetTickCount
0x1001218c DeviceIoControl
0x10012190 MoveFileExA
0x10012194 GetCurrentProcess
0x10012198 GetSystemDirectoryA
0x1001219c SetLastError
0x100121a0 GetModuleFileNameA
0x100121a4 MoveFileA
0x100121a8 WriteFile
0x100121ac SetFilePointer
0x100121b0 ReadFile
0x100121b4 CreateFileA
0x100121b8 GetFileSize
0x100121bc RemoveDirectoryA
0x100121c0 LocalAlloc
0x100121c4 FindFirstFileA
0x100121c8 LocalReAlloc
0x100121cc FindNextFileA
0x100121d0 LocalFree
0x100121d4 FindClose
0x100121dc GetVolumeInformationA
0x100121e0 GetDiskFreeSpaceExA
0x100121e4 GetDriveTypeA
0x100121e8 CreateProcessA
0x100121ec GetFileAttributesA
0x100121f0 CreateDirectoryA
0x100121f4 GetLastError
0x100121f8 DeleteFileA
0x100121fc GetVersionExA
0x10012204 lstrcmpA
0x10012208 WideCharToMultiByte
0x1001220c MultiByteToWideChar
0x10012210 LoadLibraryA
0x10012214 GetProcAddress
0x10012218 FreeLibrary
0x1001221c GetWindowsDirectoryA
0x10012220 lstrcatA
0x10012228 lstrlenA
0x1001222c Sleep
0x10012230 CancelIo
0x10012234 InterlockedExchange
0x10012238 lstrcpyA
0x1001223c ResetEvent
0x10012240 VirtualAlloc
0x10012244 EnterCriticalSection
0x10012248 LeaveCriticalSection
0x1001224c VirtualFree
0x10012250 DeleteCriticalSection
0x10012258 CreateEventA
0x1001225c CreateThread
0x10012260 ResumeThread
0x10012264 SetEvent
0x10012268 WaitForSingleObject
0x1001226c TerminateThread
0x10012270 CloseHandle
0x10012274 FindResourceA
库: USER32.dll:
0x10012350 SetCapture
0x10012354 WindowFromPoint
0x10012358 SetCursorPos
0x1001235c mouse_event
0x10012360 CloseClipboard
0x10012364 SetClipboardData
0x10012368 EmptyClipboard
0x1001236c OpenClipboard
0x10012370 SendMessageA
0x10012374 SystemParametersInfoA
0x10012378 SetRect
0x1001237c MapVirtualKeyA
0x10012380 GetDesktopWindow
0x10012384 ReleaseDC
0x10012388 GetCursorInfo
0x1001238c GetCursorPos
0x10012394 OpenWindowStationA
0x1001239c ExitWindowsEx
0x100123a4 IsWindow
0x100123a8 BlockInput
0x100123ac GetDC
0x100123b0 keybd_event
0x100123b4 GetSystemMetrics
0x100123b8 DispatchMessageA
0x100123bc GetKeyNameTextA
0x100123c0 CallNextHookEx
0x100123c4 SetWindowsHookExA
0x100123c8 UnhookWindowsHookEx
0x100123cc LoadCursorA
0x100123d0 GetClipboardData
0x100123d4 DestroyCursor
0x100123d8 TranslateMessage
0x100123dc GetMessageA
0x100123e0 wsprintfA
0x100123e4 CharNextA
0x100123e8 GetWindowTextA
0x100123ec GetActiveWindow
0x100123f0 CloseWindow
0x100123f4 CreateWindowExA
0x100123f8 PostMessageA
0x100123fc OpenDesktopA
0x10012400 GetThreadDesktop
0x10012408 OpenInputDesktop
0x1001240c SetThreadDesktop
0x10012410 CloseDesktop
0x10012414 EnumWindows
0x10012418 IsWindowVisible
库: GDI32.dll:
0x100120b8 BitBlt
0x100120bc CreateCompatibleDC
0x100120c0 CreateCompatibleBitmap
0x100120c4 CreateDIBSection
0x100120c8 GetDIBits
0x100120cc DeleteObject
0x100120d0 SelectObject
0x100120d4 DeleteDC
库: ADVAPI32.dll:
0x10012000 LsaClose
0x10012004 LookupAccountNameA
0x10012008 IsValidSid
0x1001200c GetTokenInformation
0x10012010 LookupAccountSidA
0x10012014 SetServiceStatus
0x1001201c StartServiceA
0x10012020 RegCreateKeyExA
0x10012024 RegDeleteKeyA
0x10012028 LsaRetrievePrivateData
0x1001202c LsaOpenPolicy
0x10012030 LsaFreeMemory
0x10012034 RegCloseKey
0x10012038 RegQueryValueA
0x1001203c RegOpenKeyExA
0x10012040 CloseServiceHandle
0x10012044 DeleteService
0x10012048 ControlService
0x1001204c QueryServiceStatus
0x10012050 OpenServiceA
0x10012054 OpenSCManagerA
0x10012058 RegSetValueExA
0x1001205c RegCreateKeyA
0x10012060 RegQueryValueExA
0x10012064 RegOpenKeyA
0x10012068 CloseEventLog
0x1001206c ClearEventLogA
0x10012070 OpenEventLogA
0x10012074 AdjustTokenPrivileges
0x10012078 LookupPrivilegeValueA
0x1001207c OpenProcessToken
0x10012080 FreeSid
0x10012088 AddAccessAllowedAce
0x1001208c InitializeAcl
0x10012090 GetLengthSid
0x1001209c RegEnumValueA
0x100120a0 RegEnumKeyExA
0x100120a4 RegDeleteValueA
库: SHELL32.dll:
0x10012340 SHGetFileInfoA
库: SHLWAPI.dll:
0x10012348 SHDeleteKeyA
库: MSVCRT.dll:
0x100122a8 _strnicmp
0x100122ac _strcmpi
0x100122b0 _adjust_fdiv
0x100122b4 _initterm
0x100122b8 ??1type_info@@UAE@XZ
0x100122bc calloc
0x100122c0 _beginthreadex
0x100122c4 wcstombs
0x100122c8 atoi
0x100122cc realloc
0x100122d0 strncat
0x100122d4 strncpy
0x100122d8 strrchr
0x100122dc _except_handler3
0x100122e0 free
0x100122e4 malloc
0x100122e8 strchr
0x100122ec _CxxThrowException
0x100122f0 strstr
0x100122f4 _ftol
0x100122f8 ceil
0x100122fc memmove
0x10012300 __CxxFrameHandler
0x10012304 ??3@YAXPAX@Z
0x10012308 ??2@YAPAXI@Z
库: WINMM.dll:
0x10012434 waveOutClose
0x10012438 waveOutReset
0x1001243c waveInClose
0x10012440 waveInUnprepareHeader
0x10012444 waveInReset
0x10012448 waveInStop
0x1001244c waveOutWrite
0x10012450 waveInStart
0x10012454 waveInAddBuffer
0x10012458 waveInPrepareHeader
0x1001245c waveOutGetNumDevs
0x10012460 waveInOpen
0x10012464 waveInGetNumDevs
0x10012468 waveOutPrepareHeader
0x1001246c waveOutUnprepareHeader
0x10012470 waveOutOpen
库: WS2_32.dll:
0x10012478 gethostname
0x1001247c send
0x10012480 select
0x10012484 WSACleanup
0x10012488 WSAIoctl
0x1001248c setsockopt
0x10012490 connect
0x10012494 htons
0x10012498 gethostbyname
0x1001249c socket
0x100124a0 ntohs
0x100124a4 recv
0x100124a8 getsockname
0x100124ac closesocket
0x100124b0 WSAStartup
库: IMM32.dll:
0x100120dc ImmReleaseContext
0x100120e0 ImmGetContext
库: WININET.dll:
0x10012420 InternetOpenA
0x10012424 InternetOpenUrlA
0x10012428 InternetReadFile
0x1001242c InternetCloseHandle
库: AVICAP32.dll:
库: MSVFW32.dll:
0x10012310 ICSeqCompressFrame
0x10012314 ICSendMessage
0x10012318 ICOpen
0x1001231c ICClose
0x10012320 ICCompressorFree
0x10012324 ICSeqCompressFrameEnd
库: PSAPI.DLL:
0x10012330 GetModuleFileNameExA
0x10012334 EnumProcessModules
库: WTSAPI32.dll:
0x100124b8 WTSFreeMemory

导出

序列 地址 名称
1 0x1000a230 ResetSSDT
2 0x1000a240 ServiceMain
.text
`.rdata
@.data
.rsrc
@.reloc
SUVWj
L$$Pj
L$8Pj
D$lRPj
D$(RPj
T$ QRj
SUVWj
wQt1-
NLRPj
D$ Pj
NPRPUSj
QWRVj
T$|Qj
D$$SVh
L$4Qj
L$4Qj
L$$Qj
T$,Vj
SUVWj
L$ RUPj
deflate 1.1.4 Copyright 1995-2002 Jean-loup Gailly
inflate 1.1.4 Copyright 1995-2002 Mark Adler
CreateEventA
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
ResetEvent
lstrcpyA
InterlockedExchange
CancelIo
Sleep
lstrlenA
GetPrivateProfileSectionNamesA
lstrcatA
GetWindowsDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
GetVersionExA
DeleteFileA
GetLastError
CreateDirectoryA
GetFileAttributesA
CreateProcessA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
GetFileSize
CreateFileA
ReadFile
SetFilePointer
WriteFile
MoveFileA
GetModuleFileNameA
SetLastError
GetSystemDirectoryA
GetCurrentProcess
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
MoveFileExA
GetTickCount
GetLocalTime
HeapFree
GetProcessHeap
MapViewOfFile
CreateFileMappingA
HeapAlloc
UnmapViewOfFile
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
SizeofResource
LoadResource
FindResourceA
DeviceIoControl
LoadLibraryExA
GetModuleHandleA
SetFileAttributesA
ReleaseMutex
OpenEventA
SetErrorMode
CreateMutexA
SetUnhandledExceptionFilter
FreeConsole
LocalSize
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
GetCurrentThreadId
KERNEL32.dll
DispatchMessageA
TranslateMessage
GetMessageA
wsprintfA
CharNextA
GetWindowTextA
GetActiveWindow
GetKeyNameTextA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
LoadCursorA
DestroyCursor
BlockInput
SystemParametersInfoA
SendMessageA
keybd_event
MapVirtualKeyA
SetCapture
WindowFromPoint
SetCursorPos
mouse_event
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
GetSystemMetrics
SetRect
GetDC
GetDesktopWindow
ReleaseDC
GetCursorInfo
GetCursorPos
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
ExitWindowsEx
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop
OpenDesktopA
PostMessageA
CreateWindowExA
CloseWindow
IsWindow
USER32.dll
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
DeleteDC
BitBlt
GetDIBits
CreateCompatibleBitmap
GDI32.dll
IsValidSid
LookupAccountNameA
LsaClose
LsaRetrievePrivateData
LsaOpenPolicy
LsaFreeMemory
RegCloseKey
RegQueryValueA
RegOpenKeyExA
CloseServiceHandle
DeleteService
ControlService
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegSetValueExA
RegCreateKeyA
RegQueryValueExA
RegOpenKeyA
CloseEventLog
ClearEventLogA
OpenEventLogA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
FreeSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
StartServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
LookupAccountSidA
GetTokenInformation
ADVAPI32.dll
SHGetSpecialFolderPathA
SHGetFileInfoA
SHELL32.dll
SHDeleteKeyA
SHLWAPI.dll
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
memmove
_ftol
strstr
_CxxThrowException
strchr
malloc
_except_handler3
strrchr
strncpy
strncat
realloc
wcstombs
_beginthreadex
calloc
MSVCRT.dll
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
waveOutClose
waveOutUnprepareHeader
waveOutReset
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveOutWrite
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
WINMM.dll
WSAIoctl
WS2_32.dll
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
MSVCP60.dll
ImmReleaseContext
ImmGetCompositionStringA
ImmGetContext
IMM32.dll
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA
WININET.dll
capGetDriverDescriptionA
capCreateCaptureWindowA
ICSeqCompressFrame
ICSeqCompressFrameStart
ICSendMessage
ICOpen
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
AVICAP32.dll
MSVFW32.dll
GetModuleFileNameExA
EnumProcessModules
PSAPI.DLL
WTSFreeMemory
WTSQuerySessionInformationA
WTSAPI32.dll
_strnicmp
_strcmpi
svchost.dll
ResetSSDT
ServiceMain
bad Allocate
bad buffer
%s\%s
Microsoft\Network\Connections\pbk\rasphone.pbk
\Application Data\Microsoft\Network\Connections\pbk\rasphone.pbk
Documents and Settings\
ConvertSidToStringSidA
advapi32.dll
L$_RasDefaultCredentials#0
RasDialParams!%s#0
Device
PhoneNumber
DialParamsUID
WinSta0\Default
%s\shell\open\command
%s\*.*
%s%s%s
%s%s*.*
SYSTEM\CurrentControlSet\Services\%s
InstallModule
RegSetValueEx(start)
SYSTEM\CurrentControlSet\Services\
RegQueryValueEx(Type)
\syslog.dat
Gh0st Update
Applications\iexplore.exe\shell\open\command
System
Security
Application
SeDebugPrivilege
CloseHandle
Sleep
kernel32.dll
SHDeleteKeyA
shlwapi.dll
CloseServiceHandle
DeleteService
StartServiceA
ControlService
QueryServiceStatus
OpenServiceA
OpenSCManagerA
winlogon.exe
%d.bak
ex.dll
_kaspersky
REG_BINARY
REG_MULTI_SZ
REG_DWORD
REG_EXPAND_SZ
REG_SZ
\cmd.exe
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
Mozilla/4.0 (compatible)
https://
http://
HARDWARE\DESCRIPTION\System\CentralProcessor\0
KeServiceDescriptorTable
ntdll.dll
NtQuerySystemInformation
\\.\RESSDTDOS
Global\Gh0st %d
winsta0
AAAAAA
SeShutdownPrivilege
explorer.exe
Winlogon
CVideoCap
#32770
1.1.4
need dictionary
incorrect data check
incorrect header check
invalid window size
unknown compression method
invalid bit length repeat
too many length or distance symbols
invalid stored block lengths
invalid block type
incompatible version
buffer error
insufficient memory
data error
stream error
file error
stream end
invalid distance code
invalid literal/length code
incomplete dynamic bit lengths tree
oversubscribed dynamic bit lengths tree
incomplete literal/length tree
oversubscribed literal/length tree
empty distance tree with lengths
incomplete distance tree
oversubscribed distance tree
.?AVtype_info@@
.text
h.rdata
H.data
.reloc
e:\gh0st\server\sys\i386\RESSDT.pdb
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
_except_handler3
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
KeTickCount
ntoskrnl.exe
323a3
>m?|?
>)>L>
6 6,686D6P6\6
;4;@;\;
jjjjjjjjh
jjjjh
\Device\RESSDT
\??\RESSDTDOS
VS_VERSION_INFO
StringFileInfo
080404b0
Comments
CompanyName
Microsoft Corporation
FileDescription
Device Protect Application
FileVersion
3, 5, 0, 0
InternalName
Microsoft(R) Windows(R) Operating System
LegalCopyright
Copyright ? 2008
LegalTrademarks
OriginalFilename
svchost.dll
PrivateBuild
ProductName
Microsoft(R) Windows(R) Operating System
ProductVersion
3, 5, 0, 0
SpecialBuild
VarFileInfo
Translation
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav W32.OnlineGameJKLF.Trojan 20180112
MicroWorld-eScan Generic.PcClient2.5D42C954 20180113
nProtect Trojan/W32.Dialer.100864.D 20180113
CMC Generic.Win32.9263501eaf!CMCRadar 20180111
CAT-QuickHeal Backdoor.Farfli.K5 20180113
McAfee Generic BackDoor.t 20180113
Malwarebytes 未发现病毒 20180113
VIPRE Backdoor.Win32.Farfli.k.dll (v) 20180113
K7AntiVirus Trojan ( 005189541 ) 20180113
K7GW Trojan ( 005189541 ) 20180112
TheHacker Trojan/Dialer.bib 20180112
Arcabit Generic.PcClient2.5D42C954 20180113
TrendMicro TROJ_REDOS.SM2 20180113
Baidu Win32.Trojan.Farfli.ai 20180112
F-Prot W32/OnlineGames.BW.gen!Eldorado 20180113
Symantec Backdoor.Trojan 20180113
TotalDefense Win32/Gosht.AY 20180113
TrendMicro-HouseCall TROJ_REDOS.SM2 20180113
Paloalto 未发现病毒 20180113
ClamAV Win.Trojan.Agent-36272 20180113
Kaspersky Trojan.Win32.Dialer.bib 20180113
BitDefender Generic.PcClient2.5D42C954 20180113
NANO-Antivirus Trojan.Win32.MLW.cetwi 20180113
ViRobot Trojan.Win32.Dialer.100864 20180113
SUPERAntiSpyware Trojan.Agent/Gen-WebGame 20180113
Rising Backdoor.Farfli!1.6495 (CLASSIC) 20180113
Ad-Aware Generic.PcClient2.5D42C954 20180113
Emsisoft Generic.PcClient2.5D42C954 (B) 20180113
Comodo TrojWare.Win32.Dialer.~KA 20180113
F-Secure Generic.PcClient2.5D42C954 20180113
DrWeb BackDoor.Siggen.52105 20180113
Zillya Trojan.Dialer.Win32.11 20180112
Invincea heuristic 20170914
McAfee-GW-Edition BehavesLike.Win32.Backdoor.nh 20180113
Sophos Mal/Whybo-A 20180113
SentinelOne static engine - malicious 20171224
Cyren W32/OnlineGames.BW.gen!Eldorado 20180113
Jiangmin Trojan/Dialer.kgg 20180113
Webroot W32.Farfli.Gen 20180113
Avira TR/Rootkit.Gen 20180113
Antiy-AVL Trojan[Rootkit]/Win32.Ressdt 20180113
Kingsoft Win32.Hack.PcClientT.bc.96768 20180113
Microsoft Backdoor:Win32/PcClient 20180113
Endgame malicious (high confidence) 20171130
AegisLab Troj.W32.Dialer.bib!c 20180113
ZoneAlarm Trojan.Win32.Dialer.bib 20180113
Avast-Mobile 未发现病毒 20180113
GData Generic.PcClient2.5D42C954 20180113
AhnLab-V3 Win-Trojan/Onlinegamehack9.Gen 20180113
ALYac Spyware.WOW 20180113
AVware Backdoor.Win32.Farfli.k.dll (v) 20180103
MAX malware (ai score=100) 20180113
VBA32 Rootkit.Ressdt 20180112
Cylance Unsafe 20180113
WhiteArmor 未发现病毒 20180110
Panda Trj/Genetic.gen 20180113
Zoner 未发现病毒 20180113
ESET-NOD32 Win32/Dialer.NEW 20180113
Tencent Backdoor.Win32.Gh0st.h 20180113
Yandex Trojan.Dialer!gbhnztbzC4U 20180112
Ikarus Backdoor.Win32.FirstInj 20180113
eGambit Trojan.Generic 20180113
Fortinet W32/Farfli.DZ!tr 20180113
AVG Win32:Agent-AAMP [Trj] 20180113
Avast Win32:Agent-AAMP [Trj] 20180113
CrowdStrike malicious_confidence_100% (D) 20171016
Qihoo-360 Backdoor.Win32.Gh0st.CQ 20180113

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 2.946 seconds )

  • 1.326 Static
  • 1.07 VirusTotal
  • 0.293 peid
  • 0.235 TargetInfo
  • 0.01 AnalysisInfo
  • 0.008 Strings
  • 0.002 BehaviorAnalysis
  • 0.002 Memory

Signatures ( 0.075 seconds )

  • 0.011 antiav_detectreg
  • 0.009 md_url_bl
  • 0.008 md_domain_bl
  • 0.005 anomaly_persistence_autorun
  • 0.005 infostealer_ftp
  • 0.004 antiav_detectfile
  • 0.004 ransomware_files
  • 0.003 disables_browser_warn
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_im
  • 0.003 ransomware_extensions
  • 0.002 tinba_behavior
  • 0.002 antianalysis_detectreg
  • 0.002 antivm_vbox_files
  • 0.002 infostealer_mail
  • 0.001 rat_nanocore
  • 0.001 cerber_behavior
  • 0.001 geodo_banking_trojan
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop

Reporting ( 0.492 seconds )

  • 0.459 ReportHTMLSummary
  • 0.033 Malheur
Task ID 577660
Mongo ID 5f6daf53dc327b35632294a2
Cuckoo release 1.4-Maldun