比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2020-09-25 21:13:21 2020-09-25 21:13:23 2 秒

魔盾分数

7.0

危险的

文件详细信息

文件名 DWM.dll
文件大小 2244608 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 9e47ffd6ee4d1806134ecd4e5a82dbb5
SHA1 f209e79aaebc23c57c400b8489e60388aaf0382e
SHA256 957132fdbc46145ee5d0f8cd418e087640f816ad6799177456f75f5006092246
SHA512 b9f6296d062f27b2eaa131b9ba63df5e3771b5f58c1ef93744608e645afe9be40dc2692feccff3994b37a43c984cd62bc6469dae67588c796f13f3fd2c6d9761
CRC32 43955626
Ssdeep 49152:Q0aWGPAzwKEkVtjRCZUMnxpJEhwNLXCKi3vrJ5ZH6:OW2w7EkVtjIZ1ZEhwQKu
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x10000000
入口地址 0x10082f6b
声明校验值 0x00000000
实际校验值 0x00224084
最低操作系统版本要求 4.0
编译时间 2020-09-23 13:04:34
载入哈希 52068188958bc24efcf642ab64dd8560
导出DLL库名称 \x35\x35\x35\x34\x31\x31\x31

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PEiD 规则

[u'Armadillo v1.xx - v2.xx']

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000a07c2 0x000a1000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.66
.rdata 0x000a2000 0x001548f4 0x00155000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.40
.data 0x001f7000 0x0002cb4c 0x00014000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.99
.rsrc 0x00224000 0x0000595c 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.82
.reloc 0x0022a000 0x00012fb8 0x00013000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 3.70

导入

库: KERNEL32.dll:
0x100a2170 GlobalLock
0x100a2174 GlobalAlloc
0x100a2178 GetCurrentProcess
0x100a217c SetStdHandle
0x100a2180 IsBadCodePtr
0x100a2184 IsBadReadPtr
0x100a2188 CompareStringW
0x100a218c CompareStringA
0x100a2194 GlobalUnlock
0x100a2198 GetStringTypeA
0x100a219c IsBadWritePtr
0x100a21a0 VirtualAlloc
0x100a21a4 LCMapStringW
0x100a21a8 LCMapStringA
0x100a21b0 VirtualFree
0x100a21b4 HeapCreate
0x100a21b8 HeapDestroy
0x100a21c0 GetEnvironmentStringsW
0x100a21c4 GetEnvironmentStrings
0x100a21d0 GetStartupInfoA
0x100a21d4 GetFileType
0x100a21d8 GetStdHandle
0x100a21dc SetHandleCount
0x100a21e0 GetACP
0x100a21e4 HeapSize
0x100a21e8 TerminateProcess
0x100a21ec GetLocalTime
0x100a21f0 GetSystemTime
0x100a21f4 GetTimeZoneInformation
0x100a21f8 RaiseException
0x100a21fc RtlUnwind
0x100a2200 GetOEMCP
0x100a2204 GetCPInfo
0x100a2208 GetProcessVersion
0x100a220c SetErrorMode
0x100a2210 GlobalFlags
0x100a2214 GetCurrentThread
0x100a2218 GetFileTime
0x100a221c CreateSemaphoreA
0x100a2220 ResumeThread
0x100a2224 ReleaseSemaphore
0x100a2228 EnterCriticalSection
0x100a222c LeaveCriticalSection
0x100a2230 GetProfileStringA
0x100a2234 WriteFile
0x100a2238 WaitForMultipleObjects
0x100a223c CreateFileA
0x100a2240 SetEvent
0x100a2244 FindResourceA
0x100a2248 LoadResource
0x100a224c LockResource
0x100a2250 ReadFile
0x100a2254 GetModuleFileNameA
0x100a2258 WideCharToMultiByte
0x100a225c MultiByteToWideChar
0x100a2260 GetCurrentThreadId
0x100a2264 ExitProcess
0x100a2268 GlobalSize
0x100a226c GlobalFree
0x100a2270 DeleteCriticalSection
0x100a2278 lstrcatA
0x100a227c lstrlenA
0x100a2280 WinExec
0x100a2284 lstrcpyA
0x100a2288 FindNextFileA
0x100a228c GlobalReAlloc
0x100a2290 HeapFree
0x100a2294 HeapReAlloc
0x100a2298 GetProcessHeap
0x100a229c HeapAlloc
0x100a22a0 GetFullPathNameA
0x100a22a4 FreeLibrary
0x100a22a8 LoadLibraryA
0x100a22ac GetLastError
0x100a22b0 GetVersionExA
0x100a22b8 CreateThread
0x100a22bc CreateEventA
0x100a22c0 Sleep
0x100a22c4 GetFileSize
0x100a22c8 TlsGetValue
0x100a22cc LocalReAlloc
0x100a22d0 TlsSetValue
0x100a22d4 TlsFree
0x100a22d8 GlobalHandle
0x100a22dc TlsAlloc
0x100a22e0 LocalAlloc
0x100a22e4 lstrcmpA
0x100a22e8 GetVersion
0x100a22ec GlobalGetAtomNameA
0x100a22f0 GlobalAddAtomA
0x100a22f4 GlobalFindAtomA
0x100a22f8 GlobalDeleteAtom
0x100a22fc lstrcmpiA
0x100a2300 SetEndOfFile
0x100a2304 UnlockFile
0x100a2308 LockFile
0x100a230c FlushFileBuffers
0x100a2310 SetFilePointer
0x100a2314 DuplicateHandle
0x100a2318 lstrcpynA
0x100a231c SetLastError
0x100a2324 FileTimeToSystemTime
0x100a2328 LocalFree
0x100a232c InterlockedDecrement
0x100a2330 FindFirstFileA
0x100a2334 FindClose
0x100a2338 GetFileAttributesA
0x100a233c SetCurrentDirectoryA
0x100a2340 InterlockedIncrement
0x100a2344 GetVolumeInformationA
0x100a2348 GetModuleHandleA
0x100a234c GetProcAddress
0x100a2350 MulDiv
0x100a2354 GetCommandLineA
0x100a2358 GetTickCount
0x100a235c WaitForSingleObject
0x100a2360 GetStringTypeW
0x100a2364 CloseHandle
库: USER32.dll:
0x100a2388 GetClipboardData
0x100a238c CloseClipboard
0x100a2390 wsprintfA
0x100a2394 SetClipboardData
0x100a2398 EmptyClipboard
0x100a239c GetSystemMetrics
0x100a23a0 GetCursorPos
0x100a23a4 OpenClipboard
0x100a23a8 MessageBoxA
0x100a23ac SetWindowPos
0x100a23b0 SendMessageA
0x100a23b4 DestroyCursor
0x100a23b8 SetParent
0x100a23bc IsWindow
0x100a23c0 PostMessageA
0x100a23c4 GetTopWindow
0x100a23c8 GetParent
0x100a23cc GetFocus
0x100a23d0 GetClientRect
0x100a23d4 InvalidateRect
0x100a23d8 ValidateRect
0x100a23dc UpdateWindow
0x100a23e0 EqualRect
0x100a23e4 GetWindowRect
0x100a23e8 SetForegroundWindow
0x100a23ec DestroyMenu
0x100a23f0 IsChild
0x100a23f4 ReleaseDC
0x100a23f8 IsRectEmpty
0x100a23fc FillRect
0x100a2400 GetDC
0x100a2404 SetCursor
0x100a2408 LoadCursorA
0x100a240c SetCursorPos
0x100a2410 GetForegroundWindow
0x100a2414 LoadIconA
0x100a2418 TranslateMessage
0x100a241c DrawFrameControl
0x100a2420 DrawEdge
0x100a2424 DrawFocusRect
0x100a2428 WindowFromPoint
0x100a242c GetMessageA
0x100a2430 DispatchMessageA
0x100a2434 SetRectEmpty
0x100a2440 CreateIconFromResource
0x100a2444 DrawIconEx
0x100a2448 CreatePopupMenu
0x100a244c AppendMenuA
0x100a2450 ModifyMenuA
0x100a2454 CreateMenu
0x100a245c GetDlgCtrlID
0x100a2460 GetSubMenu
0x100a2464 EnableMenuItem
0x100a2468 ClientToScreen
0x100a246c EnumDisplaySettingsA
0x100a2470 LoadImageA
0x100a2474 SystemParametersInfoA
0x100a2478 ShowWindow
0x100a247c IsWindowEnabled
0x100a2480 TranslateAcceleratorA
0x100a2484 GetKeyState
0x100a2488 CopyAcceleratorTableA
0x100a248c PostQuitMessage
0x100a2490 IsZoomed
0x100a2494 GetClassInfoA
0x100a2498 DefWindowProcA
0x100a249c GetMenu
0x100a24a0 SetMenu
0x100a24a4 PeekMessageA
0x100a24a8 IsIconic
0x100a24ac SetFocus
0x100a24b0 GetActiveWindow
0x100a24b4 GetWindow
0x100a24bc SetWindowRgn
0x100a24c0 GetMessagePos
0x100a24c4 ScreenToClient
0x100a24c8 ChildWindowFromPointEx
0x100a24cc CopyRect
0x100a24d0 LoadBitmapA
0x100a24d4 WinHelpA
0x100a24d8 KillTimer
0x100a24dc SetTimer
0x100a24e0 ReleaseCapture
0x100a24e4 GetWindowTextA
0x100a24e8 GetWindowTextLengthA
0x100a24ec CharUpperA
0x100a24f0 GetWindowDC
0x100a24f4 BeginPaint
0x100a24f8 EndPaint
0x100a24fc TabbedTextOutA
0x100a2500 DrawTextA
0x100a2504 GrayStringA
0x100a2508 GetDlgItem
0x100a250c DestroyWindow
0x100a2514 EndDialog
0x100a2518 GetNextDlgTabItem
0x100a251c GetWindowPlacement
0x100a2520 RegisterWindowMessageA
0x100a2524 GetLastActivePopup
0x100a2528 GetMessageTime
0x100a252c RemovePropA
0x100a2530 CallWindowProcA
0x100a2534 GetPropA
0x100a2538 UnhookWindowsHookEx
0x100a253c SetPropA
0x100a2540 GetClassLongA
0x100a2544 CallNextHookEx
0x100a2548 SetWindowsHookExA
0x100a254c CreateWindowExA
0x100a2550 GetMenuItemID
0x100a2554 GetMenuItemCount
0x100a2558 RegisterClassA
0x100a255c GetScrollPos
0x100a2560 AdjustWindowRectEx
0x100a2564 MapWindowPoints
0x100a2568 SendDlgItemMessageA
0x100a256c ScrollWindowEx
0x100a2570 IsDialogMessageA
0x100a2574 SetWindowTextA
0x100a2578 MoveWindow
0x100a257c CheckMenuItem
0x100a2580 SetMenuItemBitmaps
0x100a2584 GetMenuState
0x100a258c GetClassNameA
0x100a2590 GetDesktopWindow
0x100a2594 UnregisterClassA
0x100a2598 LoadStringA
0x100a259c GetSysColorBrush
0x100a25a0 GetCapture
0x100a25a4 SetCapture
0x100a25a8 GetScrollRange
0x100a25ac SetScrollRange
0x100a25b0 SetScrollPos
0x100a25b4 SetRect
0x100a25b8 InflateRect
0x100a25bc IntersectRect
0x100a25c0 DestroyIcon
0x100a25c4 PtInRect
0x100a25c8 OffsetRect
0x100a25cc IsWindowVisible
0x100a25d0 EnableWindow
0x100a25d4 RedrawWindow
0x100a25d8 GetWindowLongA
0x100a25dc SetWindowLongA
0x100a25e0 GetSysColor
0x100a25e4 SetActiveWindow
库: GDI32.dll:
0x100a2024 SetBkMode
0x100a2028 SetBkColor
0x100a202c CreateRectRgnIndirect
0x100a2030 SetStretchBltMode
0x100a2034 GetClipRgn
0x100a2038 CreatePolygonRgn
0x100a203c SelectClipRgn
0x100a2040 DeleteObject
0x100a2044 CreateDIBitmap
0x100a204c CreatePalette
0x100a2050 StretchBlt
0x100a2054 SelectPalette
0x100a2058 RealizePalette
0x100a205c GetDIBits
0x100a2060 GetWindowExtEx
0x100a2064 GetViewportOrgEx
0x100a2068 GetWindowOrgEx
0x100a206c BeginPath
0x100a2070 EndPath
0x100a2074 PathToRegion
0x100a2078 CreateEllipticRgn
0x100a207c CreateRoundRectRgn
0x100a2080 GetTextColor
0x100a2084 GetBkMode
0x100a2088 GetBkColor
0x100a208c GetROP2
0x100a2090 GetStretchBltMode
0x100a2094 GetPolyFillMode
0x100a2098 CreateCompatibleBitmap
0x100a209c CreateDCA
0x100a20a0 CreateBitmap
0x100a20a4 SelectObject
0x100a20a8 GetObjectA
0x100a20ac CreatePen
0x100a20b0 PatBlt
0x100a20b4 CombineRgn
0x100a20b8 CreateRectRgn
0x100a20bc FillRgn
0x100a20c0 CreateSolidBrush
0x100a20c4 GetStockObject
0x100a20c8 CreateFontIndirectA
0x100a20cc EndPage
0x100a20d0 EndDoc
0x100a20d4 DeleteDC
0x100a20d8 StartDocA
0x100a20dc StartPage
0x100a20e0 BitBlt
0x100a20e4 CreateCompatibleDC
0x100a20e8 Ellipse
0x100a20ec Rectangle
0x100a20f0 LPtoDP
0x100a20f4 DPtoLP
0x100a20f8 GetCurrentObject
0x100a20fc RoundRect
0x100a2100 GetTextExtentPoint32A
0x100a2104 GetDeviceCaps
0x100a2108 SaveDC
0x100a210c RestoreDC
0x100a2110 SetPolyFillMode
0x100a2114 SetROP2
0x100a2118 SetTextColor
0x100a211c SetMapMode
0x100a2120 SetViewportOrgEx
0x100a2124 OffsetViewportOrgEx
0x100a2128 SetViewportExtEx
0x100a212c ScaleViewportExtEx
0x100a2130 SetWindowOrgEx
0x100a2134 GetTextMetricsA
0x100a2138 Escape
0x100a213c ExtTextOutA
0x100a2140 TextOutA
0x100a2144 RectVisible
0x100a2148 PtVisible
0x100a214c GetViewportExtEx
0x100a2150 ExtSelectClipRgn
0x100a2154 LineTo
0x100a2158 MoveToEx
0x100a215c ExcludeClipRect
0x100a2160 GetClipBox
0x100a2164 ScaleWindowExtEx
0x100a2168 SetWindowExtEx
库: WINMM.dll:
0x100a25ec midiStreamRestart
0x100a25f0 midiStreamClose
0x100a25f4 midiOutReset
0x100a25f8 midiStreamStop
0x100a25fc midiStreamOut
0x100a2600 midiOutPrepareHeader
0x100a2604 midiStreamProperty
0x100a2608 midiStreamOpen
0x100a260c midiOutUnprepareHeader
0x100a2610 waveOutOpen
0x100a2614 waveOutGetNumDevs
0x100a2618 waveOutClose
0x100a261c waveOutReset
0x100a2620 waveOutPause
0x100a2624 waveOutWrite
0x100a2628 waveOutPrepareHeader
0x100a262c waveOutUnprepareHeader
库: WINSPOOL.DRV:
0x100a2634 ClosePrinter
0x100a2638 DocumentPropertiesA
0x100a263c OpenPrinterA
库: ADVAPI32.dll:
0x100a2000 RegCloseKey
0x100a2004 RegOpenKeyExA
0x100a2008 RegSetValueExA
0x100a200c RegQueryValueA
0x100a2010 RegCreateKeyExA
库: SHELL32.dll:
0x100a237c Shell_NotifyIconA
0x100a2380 ShellExecuteA
库: ole32.dll:
0x100a2680 CLSIDFromString
0x100a2684 OleUninitialize
0x100a2688 OleInitialize
库: OLEAUT32.dll:
0x100a236c UnRegisterTypeLib
0x100a2370 RegisterTypeLib
0x100a2374 LoadTypeLib
库: COMCTL32.dll:
0x100a2018 ImageList_Destroy
0x100a201c None
库: WS2_32.dll:
0x100a2644 accept
0x100a2648 inet_ntoa
0x100a264c WSACleanup
0x100a2650 getpeername
0x100a2654 recv
0x100a2658 closesocket
0x100a265c WSAAsyncSelect
0x100a2660 recvfrom
0x100a2664 ioctlsocket
库: comdlg32.dll:
0x100a266c GetSaveFileNameA
0x100a2670 GetOpenFileNameA
0x100a2674 ChooseColorA
0x100a2678 GetFileTitleA

导出

序列 地址 名称
1 0x10019e5d
2 0x10019eb9
3 0x10019e1f
4 0x10019da3
5 0x10019d01
6 0x10019e3e
7 0x10019de1
8 0x10019d51
9 0x10019dc2
10 0x10019e00
11 0x10019cce
.text
`.rdata
@.data
.rsrc
@.reloc
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
没有防病毒引擎扫描信息!

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 8.201 seconds )

  • 6.08 Static
  • 1.203 VirusTotal
  • 0.561 TargetInfo
  • 0.327 peid
  • 0.013 Strings
  • 0.009 AnalysisInfo
  • 0.005 config_decoder
  • 0.002 Memory
  • 0.001 BehaviorAnalysis

Signatures ( 0.075 seconds )

  • 0.011 antiav_detectreg
  • 0.009 md_url_bl
  • 0.008 md_domain_bl
  • 0.005 anomaly_persistence_autorun
  • 0.005 infostealer_ftp
  • 0.004 antiav_detectfile
  • 0.004 ransomware_files
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_im
  • 0.003 ransomware_extensions
  • 0.002 tinba_behavior
  • 0.002 antianalysis_detectreg
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.001 rat_nanocore
  • 0.001 betabot_behavior
  • 0.001 cerber_behavior
  • 0.001 geodo_banking_trojan
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop

Reporting ( 0.484 seconds )

  • 0.431 ReportHTMLSummary
  • 0.053 Malheur
Task ID 577692
Mongo ID 5f6ded01dc327b356122943f
Cuckoo release 1.4-Maldun