分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2020-09-25 19:26:53 2020-09-25 19:26:55 2 秒

魔盾分数

1.4

正常的

文件详细信息

文件名 植物大战僵尸修改器v2.6.0.5.exe
文件大小 1146880 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 0b3f53a9083e186b435d4d62193e87ee
SHA1 41c66906cdcd75074f28c755ed1a566f513b9cac
SHA256 e79e1818b18fc38888ba8564efc509f410cec9ba873af29ea8c544249d3cf041
SHA512 64f3b32e4c38d750ff312b13ca1368f73f593eafded5930c1548aeceb9bf1be69024f13c1e32ae6e2629733115a724a5c5c49fb72bd60f32080381e77e8945a8
CRC32 3327F9FE
Ssdeep 24576:Y5zdOwghAewI07xpdJdXdu8JMBH6m/dQvCuKdSqItM6:Y1cwxdW/d86SvK6
Yara
  • Detected code injection function with CreateRemoteThread in a remote process
  • Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files
样本下载 提交漏报

登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

PE 信息

初始地址 0x00400000
入口地址 0x0048f9ef
声明校验值 0x00000000
实际校验值 0x0012418a
最低操作系统版本要求 4.0
编译时间 2017-10-02 23:09:01
载入哈希 6a0a9da4fdbc5e96f31e1a88bdd6eb57

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000adee6 0x000ae000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.57
.rdata 0x000af000 0x0005093c 0x00051000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.77
.data 0x00100000 0x00025a68 0x00012000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.03
.rsrc 0x00126000 0x00005f70 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.22

导入

库: KERNEL32.dll:
0x4af198 GetFileAttributesA
0x4af19c FindClose
0x4af1a0 FindFirstFileA
0x4af1a4 GlobalUnlock
0x4af1a8 GlobalLock
0x4af1ac GlobalAlloc
0x4af1b0 Sleep
0x4af1b4 CreateEventA
0x4af1b8 lstrcpynA
0x4af1bc SetLastError
0x4af1c4 SetStdHandle
0x4af1c8 IsBadCodePtr
0x4af1cc IsBadReadPtr
0x4af1d0 CompareStringW
0x4af1d4 CompareStringA
0x4af1dc GetStringTypeW
0x4af1e0 GetStringTypeA
0x4af1e4 IsBadWritePtr
0x4af1e8 VirtualAlloc
0x4af1ec LCMapStringW
0x4af1f0 LCMapStringA
0x4af1f8 VirtualFree
0x4af1fc HeapCreate
0x4af200 HeapDestroy
0x4af208 GetFileType
0x4af20c GetStdHandle
0x4af210 SetHandleCount
0x4af228 GetACP
0x4af22c HeapSize
0x4af230 TerminateProcess
0x4af234 GetLocalTime
0x4af238 GetSystemTime
0x4af240 LocalFree
0x4af244 MultiByteToWideChar
0x4af248 WideCharToMultiByte
0x4af250 CreateSemaphoreA
0x4af254 ResumeThread
0x4af258 ReleaseSemaphore
0x4af264 GetProfileStringA
0x4af268 WriteFile
0x4af26c ReadFile
0x4af274 CreateFileA
0x4af278 SetEvent
0x4af27c FindResourceA
0x4af280 LoadResource
0x4af284 LockResource
0x4af288 GetModuleFileNameA
0x4af28c GetCurrentThreadId
0x4af290 ExitProcess
0x4af294 GlobalSize
0x4af298 GlobalFree
0x4af2a4 lstrcatA
0x4af2a8 lstrlenA
0x4af2ac WinExec
0x4af2b0 lstrcpyA
0x4af2b4 FindNextFileA
0x4af2b8 GlobalReAlloc
0x4af2bc HeapFree
0x4af2c0 HeapReAlloc
0x4af2c4 GetProcessHeap
0x4af2c8 HeapAlloc
0x4af2cc GetFullPathNameA
0x4af2d0 FreeLibrary
0x4af2d4 LoadLibraryA
0x4af2d8 GetLastError
0x4af2dc GetVersionExA
0x4af2e4 CreateThread
0x4af2ec RaiseException
0x4af2f0 RtlUnwind
0x4af2f4 GetStartupInfoA
0x4af2f8 GetOEMCP
0x4af2fc GetCPInfo
0x4af300 GetProcessVersion
0x4af304 SetErrorMode
0x4af308 GlobalFlags
0x4af30c GetCurrentThread
0x4af310 GetFileTime
0x4af314 GetFileSize
0x4af318 TlsGetValue
0x4af31c LocalReAlloc
0x4af320 TlsSetValue
0x4af324 TlsFree
0x4af328 GlobalHandle
0x4af32c TlsAlloc
0x4af330 LocalAlloc
0x4af334 lstrcmpA
0x4af338 GetVersion
0x4af33c GlobalGetAtomNameA
0x4af340 GlobalAddAtomA
0x4af34c GetModuleHandleA
0x4af350 GetProcAddress
0x4af354 GlobalFindAtomA
0x4af358 GlobalDeleteAtom
0x4af35c lstrcmpiA
0x4af360 SetEndOfFile
0x4af364 UnlockFile
0x4af368 LockFile
0x4af36c FlushFileBuffers
0x4af370 SetFilePointer
0x4af374 GetCurrentProcess
0x4af378 DuplicateHandle
0x4af37c MulDiv
0x4af380 GetCommandLineA
0x4af384 GetTickCount
0x4af388 WaitForSingleObject
0x4af38c CloseHandle
库: USER32.dll:
0x4af3c0 EmptyClipboard
0x4af3c4 GetSystemMetrics
0x4af3c8 GetCursorPos
0x4af3cc MessageBoxA
0x4af3d0 SetWindowPos
0x4af3d4 SendMessageA
0x4af3d8 DestroyCursor
0x4af3dc SetParent
0x4af3e0 IsWindow
0x4af3e4 SetClipboardData
0x4af3e8 GetTopWindow
0x4af3ec GetParent
0x4af3f0 GetFocus
0x4af3f4 GetClientRect
0x4af3f8 InvalidateRect
0x4af3fc ValidateRect
0x4af400 UpdateWindow
0x4af404 OpenClipboard
0x4af408 EqualRect
0x4af40c GetWindowRect
0x4af410 SetForegroundWindow
0x4af414 DestroyMenu
0x4af418 GetClipboardData
0x4af41c CloseClipboard
0x4af420 wsprintfA
0x4af424 PostMessageA
0x4af428 IsChild
0x4af42c ReleaseDC
0x4af430 IsRectEmpty
0x4af434 FillRect
0x4af438 GetDC
0x4af43c SetCursor
0x4af440 LoadCursorA
0x4af444 SetCursorPos
0x4af448 SetActiveWindow
0x4af44c GetSysColor
0x4af450 SetWindowLongA
0x4af454 GetWindowLongA
0x4af458 RedrawWindow
0x4af45c EnableWindow
0x4af460 IsWindowVisible
0x4af464 OffsetRect
0x4af468 PtInRect
0x4af46c DestroyIcon
0x4af470 IntersectRect
0x4af474 InflateRect
0x4af478 SetRect
0x4af47c SetScrollPos
0x4af480 SetScrollRange
0x4af484 GetScrollRange
0x4af488 SetCapture
0x4af48c GetCapture
0x4af490 ReleaseCapture
0x4af494 SetTimer
0x4af498 UnregisterHotKey
0x4af49c RegisterHotKey
0x4af4a0 CreateWindowExA
0x4af4a4 CallWindowProcA
0x4af4a8 TranslateMessage
0x4af4ac LoadIconA
0x4af4b0 DrawFrameControl
0x4af4b4 DrawEdge
0x4af4b8 DrawFocusRect
0x4af4bc WindowFromPoint
0x4af4c0 GetMessageA
0x4af4c4 DispatchMessageA
0x4af4c8 SetRectEmpty
0x4af4d8 DrawIconEx
0x4af4dc CreatePopupMenu
0x4af4e0 AppendMenuA
0x4af4e4 ModifyMenuA
0x4af4e8 CreateMenu
0x4af4f0 GetDlgCtrlID
0x4af4f4 GetSubMenu
0x4af4f8 EnableMenuItem
0x4af4fc ClientToScreen
0x4af504 LoadImageA
0x4af50c ShowWindow
0x4af510 IsWindowEnabled
0x4af518 GetKeyState
0x4af520 PostQuitMessage
0x4af524 IsZoomed
0x4af528 GetClassInfoA
0x4af52c GetWindowTextA
0x4af534 CharUpperA
0x4af538 GetWindowDC
0x4af53c BeginPaint
0x4af540 EndPaint
0x4af544 TabbedTextOutA
0x4af548 DrawTextA
0x4af54c GrayStringA
0x4af550 GetDlgItem
0x4af554 DestroyWindow
0x4af55c EndDialog
0x4af560 GetNextDlgTabItem
0x4af564 GetWindowPlacement
0x4af56c GetForegroundWindow
0x4af570 GetLastActivePopup
0x4af574 GetMessageTime
0x4af578 RemovePropA
0x4af57c GetPropA
0x4af580 UnhookWindowsHookEx
0x4af584 SetPropA
0x4af588 GetClassLongA
0x4af58c CallNextHookEx
0x4af590 SetWindowsHookExA
0x4af594 GetMenuItemID
0x4af598 GetMenuItemCount
0x4af59c RegisterClassA
0x4af5a0 GetScrollPos
0x4af5a4 UnregisterClassA
0x4af5a8 AdjustWindowRectEx
0x4af5ac MapWindowPoints
0x4af5b0 SendDlgItemMessageA
0x4af5b4 ScrollWindowEx
0x4af5b8 IsDialogMessageA
0x4af5bc SetWindowTextA
0x4af5c0 MoveWindow
0x4af5c4 CheckMenuItem
0x4af5c8 SetMenuItemBitmaps
0x4af5cc GetMenuState
0x4af5d4 GetClassNameA
0x4af5d8 GetDesktopWindow
0x4af5dc LoadStringA
0x4af5e0 GetSysColorBrush
0x4af5e4 DefWindowProcA
0x4af5e8 GetSystemMenu
0x4af5ec DeleteMenu
0x4af5f0 GetMenu
0x4af5f4 SetMenu
0x4af5f8 PeekMessageA
0x4af5fc IsIconic
0x4af600 SetFocus
0x4af604 GetActiveWindow
0x4af608 GetWindow
0x4af610 SetWindowRgn
0x4af614 GetMessagePos
0x4af618 ScreenToClient
0x4af620 CopyRect
0x4af624 LoadBitmapA
0x4af628 WinHelpA
0x4af62c KillTimer
库: GDI32.dll:
0x4af044 ScaleWindowExtEx
0x4af04c CreateFontA
0x4af050 SetBkColor
0x4af058 SetStretchBltMode
0x4af05c GetClipRgn
0x4af060 CreatePolygonRgn
0x4af064 SelectClipRgn
0x4af068 DeleteObject
0x4af06c CreateDIBitmap
0x4af074 CreatePalette
0x4af078 StretchBlt
0x4af07c SelectPalette
0x4af080 RealizePalette
0x4af084 GetDIBits
0x4af088 GetWindowExtEx
0x4af08c GetViewportOrgEx
0x4af090 GetWindowOrgEx
0x4af094 BeginPath
0x4af098 EndPath
0x4af09c PathToRegion
0x4af0a0 CreateEllipticRgn
0x4af0a4 CreateRoundRectRgn
0x4af0a8 GetTextColor
0x4af0ac GetBkMode
0x4af0b0 GetBkColor
0x4af0b4 GetROP2
0x4af0b8 GetStretchBltMode
0x4af0bc GetPolyFillMode
0x4af0c4 CreateDCA
0x4af0c8 CreateBitmap
0x4af0cc SelectObject
0x4af0d0 GetObjectA
0x4af0d4 CreatePen
0x4af0d8 PatBlt
0x4af0dc CombineRgn
0x4af0e0 CreateRectRgn
0x4af0e4 FillRgn
0x4af0e8 CreateSolidBrush
0x4af0ec GetStockObject
0x4af0f0 CreateFontIndirectA
0x4af0f4 EndPage
0x4af0f8 EndDoc
0x4af0fc DeleteDC
0x4af100 StartDocA
0x4af104 StartPage
0x4af108 BitBlt
0x4af10c CreateCompatibleDC
0x4af110 Ellipse
0x4af114 Rectangle
0x4af118 LPtoDP
0x4af11c DPtoLP
0x4af120 GetCurrentObject
0x4af124 RoundRect
0x4af12c GetDeviceCaps
0x4af130 SaveDC
0x4af134 RestoreDC
0x4af138 SetBkMode
0x4af13c SetPolyFillMode
0x4af140 SetROP2
0x4af144 SetTextColor
0x4af148 SetMapMode
0x4af14c SetViewportOrgEx
0x4af150 OffsetViewportOrgEx
0x4af154 SetViewportExtEx
0x4af158 ScaleViewportExtEx
0x4af15c SetWindowOrgEx
0x4af160 SetWindowExtEx
0x4af164 GetClipBox
0x4af168 ExcludeClipRect
0x4af16c GetTextMetricsA
0x4af170 Escape
0x4af174 ExtTextOutA
0x4af178 TextOutA
0x4af17c RectVisible
0x4af180 PtVisible
0x4af184 GetViewportExtEx
0x4af188 ExtSelectClipRgn
0x4af18c LineTo
0x4af190 MoveToEx
库: WINMM.dll:
0x4af634 midiStreamRestart
0x4af638 midiStreamClose
0x4af63c midiOutReset
0x4af640 midiStreamStop
0x4af644 midiStreamOut
0x4af64c midiStreamProperty
0x4af650 midiStreamOpen
0x4af658 waveOutOpen
0x4af65c waveOutGetNumDevs
0x4af660 waveOutClose
0x4af664 waveOutReset
0x4af668 waveOutPause
0x4af66c waveOutWrite
库: WINSPOOL.DRV:
0x4af67c ClosePrinter
0x4af680 DocumentPropertiesA
0x4af684 OpenPrinterA
库: ADVAPI32.dll:
0x4af000 RegCloseKey
0x4af004 RegOpenKeyExA
0x4af008 RegSetValueExA
0x4af00c RegQueryValueA
0x4af010 RegCreateKeyExA
库: SHELL32.dll:
0x4af3a8 ShellExecuteA
0x4af3ac DragAcceptFiles
0x4af3b0 DragFinish
0x4af3b4 DragQueryFileA
0x4af3b8 Shell_NotifyIconA
库: ole32.dll:
0x4af6c8 OleUninitialize
0x4af6cc OleInitialize
0x4af6d0 CLSIDFromString
库: OLEAUT32.dll:
0x4af398 UnRegisterTypeLib
0x4af39c RegisterTypeLib
0x4af3a0 LoadTypeLib
库: COMCTL32.dll:
0x4af018 ImageList_DragMove
0x4af01c ImageList_DragLeave
0x4af020 ImageList_DragEnter
0x4af024 ImageList_BeginDrag
0x4af028 ImageList_Destroy
0x4af02c ImageList_Create
0x4af030 ImageList_Add
0x4af038 ImageList_EndDrag
0x4af03c None
库: WS2_32.dll:
0x4af68c recvfrom
0x4af690 ioctlsocket
0x4af694 recv
0x4af698 getpeername
0x4af69c WSAAsyncSelect
0x4af6a0 accept
0x4af6a4 closesocket
0x4af6a8 WSACleanup
0x4af6ac inet_ntoa
库: comdlg32.dll:
0x4af6b4 GetFileTitleA
0x4af6b8 GetSaveFileNameA
0x4af6bc GetOpenFileNameA
0x4af6c0 ChooseColorA

.text
`.rdata
@.data
.rsrc
没有防病毒引擎扫描信息!

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 6.245 seconds )

  • 3.517 Static
  • 1.925 VirusTotal
  • 0.39 TargetInfo
  • 0.387 peid
  • 0.011 Strings
  • 0.009 AnalysisInfo
  • 0.002 BehaviorAnalysis
  • 0.002 Memory
  • 0.002 config_decoder

Signatures ( 0.075 seconds )

  • 0.011 antiav_detectreg
  • 0.009 md_domain_bl
  • 0.009 md_url_bl
  • 0.005 anomaly_persistence_autorun
  • 0.005 infostealer_ftp
  • 0.004 antiav_detectfile
  • 0.004 ransomware_files
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_im
  • 0.003 ransomware_extensions
  • 0.002 tinba_behavior
  • 0.002 antianalysis_detectreg
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.001 rat_nanocore
  • 0.001 cerber_behavior
  • 0.001 geodo_banking_trojan
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop

Reporting ( 0.514 seconds )

  • 0.461 ReportHTMLSummary
  • 0.053 Malheur
Task ID 577682
Mongo ID 5f6dd406dc327b356222950f
Cuckoo release 1.4-Maldun