恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-shaapp02-1	2020-10-27 16:04:35	2020-10-27 16:04:36	1 秒

魔盾分数

1.75

正常的

文件详细信息

文件名	DRG0.12.EXE
文件大小	6144000 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	4c450f5045ba203e074510dd55680b1e
SHA1	7cd5e724f0010cce77d492536d3c5aa0125e1a4a
SHA256	4147795faf49a44b42fd3423db33ea4306bc2550e3a4faef4a506812f1568226
SHA512	79cb012f9fccb78a7495225d064c285c1c791d41bc081f7383d93af552f7607b9d7b2ac3fa90ff0455623fe2231d6199cbf7dde0f8b818d7cb8616c89080096b
CRC32	9DE5261D
Ssdeep	98304:NZ+7KNsudkrIXGW+hGToow1eZr6C8v2GW9we0g7nR9yQGPTyu460yW5NJash/aSQ:NMCGyToohr6CZGy0h5PWu4rbNlp00A5
Yara	登录查看Yara规则
	样本下载提交漏报

登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址	0x00400000
入口地址	0x004015eb
声明校验值	0x00011163
实际校验值	0x005e585c
最低操作系统版本要求	5.0
编译时间	2013-06-28 22:45:44
载入哈希	8d92fa1956a6a631c642190121740197

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x00008d54	0x00008e00	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.56
.rdata	0x0000a000	0x00002114	0x00002200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.44
.data	0x0000d000	0x00002adc	0x00001000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	2.10
.rsrc	0x00010000	0x005cea60	0x005cec00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	7.98
.reloc	0x005df000	0x00000eea	0x00001000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	4.33

导入

库: SHLWAPI.dll:

• 0x40a144 PathAddBackslashA

• 0x40a148 PathStripPathA

• 0x40a14c PathRemoveFileSpecA

库: KERNEL32.dll:

• 0x40a008 GetModuleFileNameA

• 0x40a00c FindResourceA

• 0x40a010 GetModuleHandleA

• 0x40a014 SizeofResource

• 0x40a018 LoadResource

• 0x40a01c GetTempPathA

• 0x40a020 CreateDirectoryA

• 0x40a024 DeleteFileA

• 0x40a028 CreateFileA

• 0x40a02c WriteFile

• 0x40a030 CloseHandle

• 0x40a034 CreateProcessA

• 0x40a038 WaitForSingleObject

• 0x40a03c RemoveDirectoryA

• 0x40a040 FlushFileBuffers

• 0x40a044 GetTempFileNameA

• 0x40a048 GetCurrentThreadId

• 0x40a04c GetCommandLineA

• 0x40a050 GetStartupInfoA

• 0x40a054 TerminateProcess

• 0x40a058 GetCurrentProcess

• 0x40a05c UnhandledExceptionFilter

• 0x40a060 SetUnhandledExceptionFilter

• 0x40a064 IsDebuggerPresent

• 0x40a068 GetModuleHandleW

• 0x40a06c Sleep

• 0x40a070 GetProcAddress

• 0x40a074 ExitProcess

• 0x40a078 GetStdHandle

• 0x40a07c FreeEnvironmentStringsA

• 0x40a080 GetEnvironmentStrings

• 0x40a084 FreeEnvironmentStringsW

• 0x40a088 WideCharToMultiByte

• 0x40a08c GetLastError

• 0x40a090 GetEnvironmentStringsW

• 0x40a094 SetHandleCount

• 0x40a098 GetFileType

• 0x40a09c DeleteCriticalSection

• 0x40a0a0 TlsGetValue

• 0x40a0a4 TlsAlloc

• 0x40a0a8 TlsSetValue

• 0x40a0ac TlsFree

• 0x40a0b0 InterlockedIncrement

• 0x40a0b4 SetLastError

• 0x40a0b8 InterlockedDecrement

• 0x40a0bc HeapCreate

• 0x40a0c0 VirtualFree

• 0x40a0c4 HeapFree

• 0x40a0c8 QueryPerformanceCounter

• 0x40a0cc GetTickCount

• 0x40a0d0 GetCurrentProcessId

• 0x40a0d4 GetSystemTimeAsFileTime

• 0x40a0d8 SetFilePointer

• 0x40a0dc GetConsoleCP

• 0x40a0e0 GetConsoleMode

• 0x40a0e4 EnterCriticalSection

• 0x40a0e8 LeaveCriticalSection

• 0x40a0ec GetCPInfo

• 0x40a0f0 GetACP

• 0x40a0f4 GetOEMCP

• 0x40a0f8 IsValidCodePage

• 0x40a0fc LoadLibraryA

• 0x40a100 InitializeCriticalSectionAndSpinCount

• 0x40a104 HeapAlloc

• 0x40a108 VirtualAlloc

• 0x40a10c HeapReAlloc

• 0x40a110 RtlUnwind

• 0x40a114 SetStdHandle

• 0x40a118 WriteConsoleA

• 0x40a11c GetConsoleOutputCP

• 0x40a120 WriteConsoleW

• 0x40a124 MultiByteToWideChar

• 0x40a128 LCMapStringA

• 0x40a12c LCMapStringW

• 0x40a130 GetStringTypeA

• 0x40a134 GetStringTypeW

• 0x40a138 GetLocaleInfoA

• 0x40a13c HeapSize

库: USER32.dll:

• 0x40a154 MessageBoxA

库: ADVAPI32.dll:

• 0x40a000 ConvertStringSecurityDescriptorToSecurityDescriptorA

.text
`.rdata
@.data
.rsrc
@.reloc
YQPVh
uBh,)@
teh3,@
URPQQhls@
SVWUj
(null)
`h````
CorExitProcess
runtime error 
Microsoft Visual C++ Runtime Library
<program name unknown>
Program: 
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
CONOUT$
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
-ORIGIN:"%s"
DECOMPRESSOR
ARCHIVE
cetrainers
CET_Archive.dat
%s\%s
"%s" %s
Trainer failure
Launch Error
Failure creating a temporary folder
Failure assigning a temporary name
Failure getting the temp folder
D:(A;OICI;GA;;;WD)
PathRemoveFileSpecA
PathAddBackslashA
PathStripPathA
SHLWAPI.dll
GetModuleFileNameA
FindResourceA
GetModuleHandleA
SizeofResource
LoadResource
GetTempPathA
CreateDirectoryA
GetTempFileNameA
DeleteFileA
CreateFileA
WriteFile
CloseHandle
CreateProcessA
WaitForSingleObject
RemoveDirectoryA
KERNEL32.dll
MessageBoxA
USER32.dll
ConvertStringSecurityDescriptorToSecurityDescriptorA
ADVAPI32.dll
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
FlushFileBuffers
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
CET_TRAINER.CETRAINER
(null)
mscoree.dll
KERNEL32.DLL
DECOMPRESSOR

没有防病毒引擎扫描信息!

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 14.913 seconds )

11.866 Static
1.289 TargetInfo
1.249 VirusTotal
0.467 peid
0.016 config_decoder
0.012 Strings
0.01 AnalysisInfo
0.002 BehaviorAnalysis
0.002 Memory

Signatures ( 0.077 seconds )

0.012 antiav_detectreg
0.009 md_domain_bl
0.009 md_url_bl
0.005 anomaly_persistence_autorun
0.005 antiav_detectfile
0.005 infostealer_ftp
0.004 ransomware_files
0.003 infostealer_bitcoin
0.003 infostealer_im
0.003 ransomware_extensions
0.002 tinba_behavior
0.002 antianalysis_detectreg
0.002 antivm_vbox_files
0.002 disables_browser_warn
0.002 infostealer_mail
0.001 rat_nanocore
0.001 cerber_behavior
0.001 geodo_banking_trojan
0.001 bot_drive
0.001 bot_drive2
0.001 browser_security
0.001 modify_proxy
0.001 maldun_malicious_drop_executable_file_to_temp_folder
0.001 md_bad_drop

Reporting ( 0.524 seconds )

0.469 ReportHTMLSummary
0.055 Malheur


Task ID	583392
Mongo ID	5f97d4a8dc327b20ff2694c0
Cuckoo release	1.4-Maldun