比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2020-10-27 17:36:55 2020-10-27 17:39:01 126 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 hiddeninput.exe
文件大小 780800 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 5d92f97b6d1b950694c410bb98f7a1e9
SHA1 4433cacb6919dd098760b005a90c9cd9406e8af6
SHA256 e833b0def83368b52f7ae9f03f28418f35aa4976197cd651707ad5489d43fdc3
SHA512 85b102343425cbe0c26003d1c90e4a8f8e40ef4b26b6b6634b46223aee4da7f6ad5c3546404a6f35b2775465a0b1bdf955569a0e3e99bbba46d86611397da36d
CRC32 89CF5E0F
Ssdeep 12288:WMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9SOj:WnsJ39LyjbJkQFMhmC+6GD93
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
xred.mooo.com A 118.5.49.6
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
A 23.218.94.163
CNAME a1983.dscd.akamai.net
A 23.218.94.155
docs.google.com A 31.13.76.8
freedns.afraid.org A 69.42.215.252
A 50.23.197.94

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0049ab80
声明校验值 0x00000000
实际校验值 0x000c26f7
最低操作系统版本要求 4.0
编译时间 1992-06-20 06:22:17
载入哈希 332f7ce65ead0adfb3d35147033aabe9
图标
图标精确哈希值 82cda1b5a550ffcd6cb6b89153678dd7
图标相似性哈希值 3b5d3c7d207e37dceeedd301e35e2e58

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
LegalTrademarks
Comments
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
CODE 0x00001000 0x00099bec 0x00099c00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.57
DATA 0x0009b000 0x00002e54 0x00003000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.85
BSS 0x0009e000 0x000011e5 0x00000000 IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.idata 0x000a0000 0x00002a42 0x00002c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.92
.tls 0x000a3000 0x00000010 0x00000000 IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.rdata 0x000a4000 0x00000039 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ 0.78
.reloc 0x000a5000 0x0000a980 0x0000aa00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ 6.67
.rsrc 0x000b0000 0x00014130 0x00014200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ 5.71

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_CURSOR 0x000b1500 0x00000134 LANG_NEUTRAL SUBLANG_NEUTRAL 2.92 data
RT_CURSOR 0x000b1500 0x00000134 LANG_NEUTRAL SUBLANG_NEUTRAL 2.92 data
RT_CURSOR 0x000b1500 0x00000134 LANG_NEUTRAL SUBLANG_NEUTRAL 2.92 data
RT_CURSOR 0x000b1500 0x00000134 LANG_NEUTRAL SUBLANG_NEUTRAL 2.92 data
RT_CURSOR 0x000b1500 0x00000134 LANG_NEUTRAL SUBLANG_NEUTRAL 2.92 data
RT_CURSOR 0x000b1500 0x00000134 LANG_NEUTRAL SUBLANG_NEUTRAL 2.92 data
RT_CURSOR 0x000b1500 0x00000134 LANG_NEUTRAL SUBLANG_NEUTRAL 2.92 data
RT_BITMAP 0x000b2868 0x000000e8 LANG_NEUTRAL SUBLANG_NEUTRAL 2.85 GLS_BINARY_LSB_FIRST
RT_BITMAP 0x000b2868 0x000000e8 LANG_NEUTRAL SUBLANG_NEUTRAL 2.85 GLS_BINARY_LSB_FIRST
RT_BITMAP 0x000b2868 0x000000e8 LANG_NEUTRAL SUBLANG_NEUTRAL 2.85 GLS_BINARY_LSB_FIRST
RT_BITMAP 0x000b2868 0x000000e8 LANG_NEUTRAL SUBLANG_NEUTRAL 2.85 GLS_BINARY_LSB_FIRST
RT_BITMAP 0x000b2868 0x000000e8 LANG_NEUTRAL SUBLANG_NEUTRAL 2.85 GLS_BINARY_LSB_FIRST
RT_BITMAP 0x000b2868 0x000000e8 LANG_NEUTRAL SUBLANG_NEUTRAL 2.85 GLS_BINARY_LSB_FIRST
RT_BITMAP 0x000b2868 0x000000e8 LANG_NEUTRAL SUBLANG_NEUTRAL 2.85 GLS_BINARY_LSB_FIRST
RT_BITMAP 0x000b2868 0x000000e8 LANG_NEUTRAL SUBLANG_NEUTRAL 2.85 GLS_BINARY_LSB_FIRST
RT_BITMAP 0x000b2868 0x000000e8 LANG_NEUTRAL SUBLANG_NEUTRAL 2.85 GLS_BINARY_LSB_FIRST
RT_BITMAP 0x000b2868 0x000000e8 LANG_NEUTRAL SUBLANG_NEUTRAL 2.85 GLS_BINARY_LSB_FIRST
RT_BITMAP 0x000b2868 0x000000e8 LANG_NEUTRAL SUBLANG_NEUTRAL 2.85 GLS_BINARY_LSB_FIRST
RT_ICON 0x000b39f8 0x000010a8 LANG_TURKISH SUBLANG_DEFAULT 2.52 dBase IV DBT of @.DBF, block length 8192, next free block index 40
RT_ICON 0x000b39f8 0x000010a8 LANG_TURKISH SUBLANG_DEFAULT 2.52 dBase IV DBT of @.DBF, block length 8192, next free block index 40
RT_DIALOG 0x000b4aa0 0x00000052 LANG_NEUTRAL SUBLANG_NEUTRAL 2.56 data
RT_STRING 0x000b8a6c 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x000b8a6c 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x000b8a6c 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x000b8a6c 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x000b8a6c 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x000b8a6c 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x000b8a6c 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x000b8a6c 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x000b8a6c 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x000b8a6c 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x000b8a6c 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x000b8a6c 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x000b8a6c 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x000b8a6c 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x000b8a6c 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x000b8a6c 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x000b8a6c 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x000b8a6c 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x000b8a6c 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x000b8a6c 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x000b8a6c 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x000b8a6c 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x000b8a6c 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_STRING 0x000b8a6c 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.11 data
RT_RCDATA 0x000bf5b8 0x000047d3 LANG_TURKISH SUBLANG_DEFAULT 7.52 Microsoft Excel 2007+
RT_RCDATA 0x000bf5b8 0x000047d3 LANG_TURKISH SUBLANG_DEFAULT 7.52 Microsoft Excel 2007+
RT_RCDATA 0x000bf5b8 0x000047d3 LANG_TURKISH SUBLANG_DEFAULT 7.52 Microsoft Excel 2007+
RT_RCDATA 0x000bf5b8 0x000047d3 LANG_TURKISH SUBLANG_DEFAULT 7.52 Microsoft Excel 2007+
RT_RCDATA 0x000bf5b8 0x000047d3 LANG_TURKISH SUBLANG_DEFAULT 7.52 Microsoft Excel 2007+
RT_RCDATA 0x000bf5b8 0x000047d3 LANG_TURKISH SUBLANG_DEFAULT 7.52 Microsoft Excel 2007+
RT_RCDATA 0x000bf5b8 0x000047d3 LANG_TURKISH SUBLANG_DEFAULT 7.52 Microsoft Excel 2007+
RT_RCDATA 0x000bf5b8 0x000047d3 LANG_TURKISH SUBLANG_DEFAULT 7.52 Microsoft Excel 2007+
RT_GROUP_CURSOR 0x000c3e04 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x000c3e04 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x000c3e04 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x000c3e04 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x000c3e04 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x000c3e04 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x000c3e04 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_ICON 0x000c3e18 0x00000014 LANG_TURKISH SUBLANG_DEFAULT 1.78 MS Windows icon resource - 1 icon, 32x32
RT_VERSION 0x000c3e2c 0x00000304 LANG_TURKISH SUBLANG_DEFAULT 3.22 data

导入

库: kernel32.dll:
0x4a01dc VirtualFree
0x4a01e0 VirtualAlloc
0x4a01e4 LocalFree
0x4a01e8 LocalAlloc
0x4a01ec GetTickCount
0x4a01f4 GetVersion
0x4a01f8 GetCurrentThreadId
0x4a0204 VirtualQuery
0x4a0208 WideCharToMultiByte
0x4a0210 MultiByteToWideChar
0x4a0214 lstrlenA
0x4a0218 lstrcpynA
0x4a021c LoadLibraryExA
0x4a0220 GetThreadLocale
0x4a0224 GetStartupInfoA
0x4a0228 GetProcAddress
0x4a022c GetModuleHandleA
0x4a0230 GetModuleFileNameA
0x4a0234 GetLocaleInfoA
0x4a0238 GetLastError
0x4a0240 GetCommandLineA
0x4a0244 FreeLibrary
0x4a0248 FindFirstFileA
0x4a024c FindClose
0x4a0250 ExitProcess
0x4a0254 ExitThread
0x4a0258 CreateThread
0x4a025c WriteFile
0x4a0264 SetFilePointer
0x4a0268 SetEndOfFile
0x4a026c RtlUnwind
0x4a0270 ReadFile
0x4a0274 RaiseException
0x4a0278 GetStdHandle
0x4a027c GetFileSize
0x4a0280 GetFileType
0x4a0284 CreateFileA
0x4a0288 CloseHandle
库: user32.dll:
0x4a0290 GetKeyboardType
0x4a0294 LoadStringA
0x4a0298 MessageBoxA
0x4a029c CharNextA
库: advapi32.dll:
0x4a02a4 RegQueryValueExA
0x4a02a8 RegOpenKeyExA
0x4a02ac RegCloseKey
库: oleaut32.dll:
0x4a02b4 SysFreeString
0x4a02b8 SysReAllocStringLen
0x4a02bc SysAllocStringLen
库: kernel32.dll:
0x4a02c4 TlsSetValue
0x4a02c8 TlsGetValue
0x4a02cc LocalAlloc
0x4a02d0 GetModuleHandleA
库: advapi32.dll:
0x4a02d8 RegSetValueExA
0x4a02dc RegQueryValueExA
0x4a02e0 RegOpenKeyExA
0x4a02e8 RegFlushKey
0x4a02ec RegDeleteValueA
0x4a02f0 RegCreateKeyExA
0x4a02f4 RegCloseKey
0x4a02f8 OpenProcessToken
0x4a0300 GetUserNameA
库: kernel32.dll:
0x4a030c lstrcpyA
0x4a0314 WriteFile
0x4a0318 WaitForSingleObject
0x4a0320 VirtualQuery
0x4a0324 VirtualAlloc
0x4a0328 UpdateResourceA
0x4a032c UnmapViewOfFile
0x4a0330 TerminateProcess
0x4a0334 Sleep
0x4a0338 SizeofResource
0x4a033c SetThreadLocale
0x4a0340 SetFilePointer
0x4a0344 SetFileAttributesA
0x4a0348 SetEvent
0x4a034c SetErrorMode
0x4a0350 SetEndOfFile
0x4a0354 ResumeThread
0x4a0358 ResetEvent
0x4a035c RemoveDirectoryA
0x4a0360 ReadFile
0x4a0364 OpenProcess
0x4a0368 OpenMutexA
0x4a036c MultiByteToWideChar
0x4a0370 MulDiv
0x4a0374 MoveFileA
0x4a0378 MapViewOfFile
0x4a037c LockResource
0x4a0380 LoadResource
0x4a0384 LoadLibraryA
0x4a0390 GlobalUnlock
0x4a0394 GlobalReAlloc
0x4a0398 GlobalHandle
0x4a039c GlobalLock
0x4a03a0 GlobalFree
0x4a03a4 GlobalFindAtomA
0x4a03a8 GlobalDeleteAtom
0x4a03ac GlobalAlloc
0x4a03b0 GlobalAddAtomA
0x4a03b4 GetVersionExA
0x4a03b8 GetVersion
0x4a03c0 GetTickCount
0x4a03c4 GetThreadLocale
0x4a03c8 GetTempPathA
0x4a03cc GetTempFileNameA
0x4a03d0 GetSystemInfo
0x4a03d4 GetSystemDirectoryA
0x4a03d8 GetStringTypeExA
0x4a03dc GetStdHandle
0x4a03e0 GetProcAddress
0x4a03e8 GetModuleHandleA
0x4a03ec GetModuleFileNameA
0x4a03f0 GetLogicalDrives
0x4a03f4 GetLocaleInfoA
0x4a03f8 GetLocalTime
0x4a03fc GetLastError
0x4a0400 GetFullPathNameA
0x4a0404 GetFileSize
0x4a0408 GetFileAttributesA
0x4a040c GetExitCodeThread
0x4a0410 GetDriveTypeA
0x4a0414 GetDiskFreeSpaceA
0x4a0418 GetDateFormatA
0x4a041c GetCurrentThreadId
0x4a0420 GetCurrentProcessId
0x4a0424 GetCurrentProcess
0x4a0428 GetComputerNameA
0x4a042c GetCPInfo
0x4a0430 GetACP
0x4a0434 FreeResource
0x4a043c InterlockedExchange
0x4a0444 FreeLibrary
0x4a0448 FormatMessageA
0x4a044c FindResourceA
0x4a0450 FindNextFileA
0x4a0454 FindFirstFileA
0x4a0458 FindClose
0x4a0464 EnumCalendarInfoA
0x4a046c EndUpdateResourceA
0x4a0470 DeleteFileA
0x4a0478 CreateThread
0x4a047c CreateProcessA
0x4a0480 CreatePipe
0x4a0484 CreateMutexA
0x4a0488 CreateFileMappingA
0x4a048c CreateFileA
0x4a0490 CreateEventA
0x4a0494 CreateDirectoryA
0x4a0498 CopyFileA
0x4a049c CompareStringA
0x4a04a0 CloseHandle
库: version.dll:
0x4a04ac VerQueryValueA
0x4a04b4 GetFileVersionInfoA
库: gdi32.dll:
0x4a04bc UnrealizeObject
0x4a04c0 StretchBlt
0x4a04c4 SetWindowOrgEx
0x4a04c8 SetWinMetaFileBits
0x4a04cc SetViewportOrgEx
0x4a04d0 SetTextColor
0x4a04d4 SetStretchBltMode
0x4a04d8 SetROP2
0x4a04dc SetPixel
0x4a04e0 SetEnhMetaFileBits
0x4a04e4 SetDIBColorTable
0x4a04e8 SetBrushOrgEx
0x4a04ec SetBkMode
0x4a04f0 SetBkColor
0x4a04f4 SelectPalette
0x4a04f8 SelectObject
0x4a04fc SaveDC
0x4a0500 RestoreDC
0x4a0504 RectVisible
0x4a0508 RealizePalette
0x4a050c PlayEnhMetaFile
0x4a0510 PatBlt
0x4a0514 MoveToEx
0x4a0518 MaskBlt
0x4a051c LineTo
0x4a0520 IntersectClipRect
0x4a0524 GetWindowOrgEx
0x4a0528 GetWinMetaFileBits
0x4a052c GetTextMetricsA
0x4a0538 GetStockObject
0x4a053c GetPixel
0x4a0540 GetPaletteEntries
0x4a0544 GetObjectA
0x4a0550 GetEnhMetaFileBits
0x4a0554 GetDeviceCaps
0x4a0558 GetDIBits
0x4a055c GetDIBColorTable
0x4a0560 GetDCOrgEx
0x4a0568 GetClipBox
0x4a056c GetBrushOrgEx
0x4a0570 GetBitmapBits
0x4a0574 GdiFlush
0x4a0578 ExcludeClipRect
0x4a057c DeleteObject
0x4a0580 DeleteEnhMetaFile
0x4a0584 DeleteDC
0x4a0588 CreateSolidBrush
0x4a058c CreatePenIndirect
0x4a0590 CreatePalette
0x4a0598 CreateFontIndirectA
0x4a059c CreateDIBitmap
0x4a05a0 CreateDIBSection
0x4a05a4 CreateCompatibleDC
0x4a05ac CreateBrushIndirect
0x4a05b0 CreateBitmap
0x4a05b4 CopyEnhMetaFileA
0x4a05b8 BitBlt
库: user32.dll:
0x4a05c0 CreateWindowExA
0x4a05c4 WindowFromPoint
0x4a05c8 WinHelpA
0x4a05cc WaitMessage
0x4a05d0 UpdateWindow
0x4a05d4 UnregisterClassA
0x4a05d8 UnhookWindowsHookEx
0x4a05dc TranslateMessage
0x4a05e4 TrackPopupMenu
0x4a05e8 ToAsciiEx
0x4a05f0 ShowWindow
0x4a05f4 ShowScrollBar
0x4a05f8 ShowOwnedPopups
0x4a05fc ShowCursor
0x4a0600 SetWindowsHookExA
0x4a0604 SetWindowTextA
0x4a0608 SetWindowPos
0x4a060c SetWindowPlacement
0x4a0610 SetWindowLongA
0x4a0614 SetTimer
0x4a0618 SetScrollRange
0x4a061c SetScrollPos
0x4a0620 SetScrollInfo
0x4a0624 SetRect
0x4a0628 SetPropA
0x4a062c SetParent
0x4a0630 SetMenuItemInfoA
0x4a0634 SetMenu
0x4a0638 SetForegroundWindow
0x4a063c SetFocus
0x4a0640 SetCursor
0x4a0644 SetClassLongA
0x4a0648 SetCapture
0x4a064c SetActiveWindow
0x4a0650 SendMessageA
0x4a0654 ScrollWindow
0x4a0658 ScreenToClient
0x4a065c RemovePropA
0x4a0660 RemoveMenu
0x4a0664 ReleaseDC
0x4a0668 ReleaseCapture
0x4a0674 RegisterClassA
0x4a0678 RedrawWindow
0x4a067c PtInRect
0x4a0680 PostQuitMessage
0x4a0684 PostMessageA
0x4a0688 PeekMessageA
0x4a068c OffsetRect
0x4a0690 OemToCharA
0x4a0698 MessageBoxA
0x4a069c MapWindowPoints
0x4a06a0 MapVirtualKeyExA
0x4a06a4 MapVirtualKeyA
0x4a06a8 LoadStringA
0x4a06ac LoadKeyboardLayoutA
0x4a06b0 LoadIconA
0x4a06b4 LoadCursorA
0x4a06b8 LoadBitmapA
0x4a06bc KillTimer
0x4a06c0 IsZoomed
0x4a06c4 IsWindowVisible
0x4a06c8 IsWindowEnabled
0x4a06cc IsWindow
0x4a06d0 IsRectEmpty
0x4a06d4 IsIconic
0x4a06d8 IsDialogMessageA
0x4a06dc IsChild
0x4a06e0 InvalidateRect
0x4a06e4 IntersectRect
0x4a06e8 InsertMenuItemA
0x4a06ec InsertMenuA
0x4a06f0 InflateRect
0x4a06fc GetWindowTextA
0x4a0700 GetWindowRect
0x4a0704 GetWindowPlacement
0x4a0708 GetWindowLongA
0x4a070c GetWindowDC
0x4a0710 GetTopWindow
0x4a0714 GetSystemMetrics
0x4a0718 GetSystemMenu
0x4a071c GetSysColorBrush
0x4a0720 GetSysColor
0x4a0724 GetSubMenu
0x4a0728 GetScrollRange
0x4a072c GetScrollPos
0x4a0730 GetScrollInfo
0x4a0734 GetPropA
0x4a0738 GetParent
0x4a073c GetWindow
0x4a0740 GetMenuStringA
0x4a0744 GetMenuState
0x4a0748 GetMenuItemInfoA
0x4a074c GetMenuItemID
0x4a0750 GetMenuItemCount
0x4a0754 GetMenu
0x4a0758 GetLastActivePopup
0x4a075c GetKeyboardState
0x4a0764 GetKeyboardLayout
0x4a0768 GetKeyState
0x4a076c GetKeyNameTextA
0x4a0770 GetIconInfo
0x4a0774 GetForegroundWindow
0x4a0778 GetFocus
0x4a077c GetDesktopWindow
0x4a0780 GetDCEx
0x4a0784 GetDC
0x4a0788 GetCursorPos
0x4a078c GetCursor
0x4a0790 GetClipboardData
0x4a0794 GetClientRect
0x4a0798 GetClassNameA
0x4a079c GetClassInfoA
0x4a07a0 GetCapture
0x4a07a4 GetActiveWindow
0x4a07a8 FrameRect
0x4a07ac FindWindowA
0x4a07b0 FillRect
0x4a07b4 EqualRect
0x4a07b8 EnumWindows
0x4a07bc EnumThreadWindows
0x4a07c0 EndPaint
0x4a07c4 EnableWindow
0x4a07c8 EnableScrollBar
0x4a07cc EnableMenuItem
0x4a07d0 DrawTextA
0x4a07d4 DrawMenuBar
0x4a07d8 DrawIconEx
0x4a07dc DrawIcon
0x4a07e0 DrawFrameControl
0x4a07e4 DrawEdge
0x4a07e8 DispatchMessageA
0x4a07ec DestroyWindow
0x4a07f0 DestroyMenu
0x4a07f4 DestroyIcon
0x4a07f8 DestroyCursor
0x4a07fc DeleteMenu
0x4a0800 DefWindowProcA
0x4a0804 DefMDIChildProcA
0x4a0808 DefFrameProcA
0x4a080c CreatePopupMenu
0x4a0810 CreateMenu
0x4a0814 CreateIcon
0x4a0818 ClientToScreen
0x4a081c CheckMenuItem
0x4a0820 CallWindowProcA
0x4a0824 CallNextHookEx
0x4a0828 BeginPaint
0x4a082c CharNextA
0x4a0830 CharLowerBuffA
0x4a0834 CharLowerA
0x4a0838 CharUpperBuffA
0x4a083c CharToOemA
0x4a0840 AdjustWindowRectEx
库: ole32.dll:
0x4a084c CLSIDFromString
库: kernel32.dll:
0x4a0854 Sleep
库: oleaut32.dll:
0x4a085c SafeArrayPtrOfIndex
0x4a0860 SafeArrayGetUBound
0x4a0864 SafeArrayGetLBound
0x4a0868 SafeArrayCreate
0x4a086c VariantChangeType
0x4a0870 VariantCopyInd
0x4a0874 VariantCopy
0x4a0878 VariantClear
0x4a087c VariantInit
库: ole32.dll:
0x4a0884 CLSIDFromProgID
0x4a0888 CoCreateInstance
0x4a088c CoUninitialize
0x4a0890 CoInitialize
库: oleaut32.dll:
0x4a0898 GetErrorInfo
0x4a089c SysFreeString
库: comctl32.dll:
0x4a08ac ImageList_Write
0x4a08b0 ImageList_Read
0x4a08c0 ImageList_DragMove
0x4a08c4 ImageList_DragLeave
0x4a08c8 ImageList_DragEnter
0x4a08cc ImageList_EndDrag
0x4a08d0 ImageList_BeginDrag
0x4a08d4 ImageList_Remove
0x4a08d8 ImageList_DrawEx
0x4a08dc ImageList_Draw
0x4a08ec ImageList_Add
0x4a08f4 ImageList_Destroy
0x4a08f8 ImageList_Create
库: shell32.dll:
0x4a0900 ShellExecuteExA
0x4a0904 ExtractIconExW
库: wininet.dll:
0x4a0910 InternetReadFile
0x4a0914 InternetOpenUrlA
0x4a0918 InternetOpenA
0x4a091c InternetCloseHandle
库: shell32.dll:
0x4a092c SHGetMalloc
0x4a0930 SHGetDesktopFolder
库: advapi32.dll:
0x4a0938 OpenSCManagerA
0x4a093c CloseServiceHandle
库: wsock32.dll:
0x4a0944 WSACleanup
0x4a0948 WSAStartup
0x4a094c gethostname
0x4a0950 gethostbyname
0x4a0954 inet_ntoa
库: netapi32.dll:
0x4a095c Netbios
`DATA
.idata
.rdata
P.reloc
P.rsrc
System
IInterface
UhI'@
UhY+@
F$P-@
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
Uh$=@
PhdA@
Ph"E@
UhjF@
kernel32.dll
GetLongPathNameA
Software\Borland\Locales
Software\Borland\Delphi\Locales
Uhoi@
Uhcj@
Uh.k@
Magellan MSWHEEL
MouseZ
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
UhY|@
SysUtils
False
AM/PM
D$LPj
WUWSj
m/d/yy
mmmm d, yyyy
AMPM
AMPM
:mm:ss
kernel32.dll
GetDiskFreeSpaceExA
oleaut32.dll
VariantChangeTypeEx
VarNeg
VarNot
VarAdd
VarSub
VarMul
VarDiv
VarIdiv
VarMod
VarAnd
VarOr
VarXor
VarCmp
VarI4FromStr
VarR4FromStr
VarR8FromStr
VarDateFromStr
VarCyFromStr
VarBoolFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromBool
Variants
UhW!A
UhX'A
Uha,A
Uhj>A
Uh7?A
UhcEA
Uh~FA
UhDGA
Uh'GA
Uh:RA
UhDTA
Uh/VA
UhyWA
Uh5XA
UhH[A
Uh7eA
UhmhA
Uh]iA
Empty
Smallint
Integer
Single
Double
Currency
OleStr
Dispatch
Error
Boolean
Variant
Unknown
Decimal
ShortInt
LongWord
Int64
String
Array
ByRef
UhspA
UhwsA
Uh!tA
UhquA
False
Uh$yA
Uh&zA
tagEXCEPINFO
UhU~A
TNotifyEvent
TObject
Classes
Classes
Classes
Classes
Classes
TStrings
Classes
Classes
Classes
EThread
Classes
%s[%d]
Strings
Owner
False
%s_%d
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav W32.FamVT.GaionLTK.Trojan 20200909
Elastic malicious (high confidence) 20200831
MicroWorld-eScan Dropped:Trojan.GenericKD.32840913 20200910
CMC 未发现病毒 20200909
CAT-QuickHeal Sus.Nocivo.E0011 20200909
McAfee GenericRXCB-VC!5D92F97B6D1B 20200910
Cylance Unsafe 20200910
Zillya Trojan.Delf.Win32.76144 20200909
AegisLab 未发现病毒 20200910
Sangfor Malware 20200814
K7AntiVirus Riskware ( 0040eff71 ) 20200909
Alibaba Backdoor:Win32/DarkKomet.1a3fffc1 20190527
K7GW Riskware ( 0040eff71 ) 20200909
Cybereason malicious.b6d1b9 20190616
Arcabit HEUR.VBA.Trojan.d 20200909
Baidu 未发现病毒 20190318
Cyren W32/Backdoor.OAZM-5661 20200910
Symantec ML.Attribute.HighConfidence 20200909
ESET-NOD32 Win32/Delf.NBX 20200910
APEX Malicious 20200907
Paloalto 未发现病毒 20200910
ClamAV Win.Malware.Delf-6899401-0 20200909
Kaspersky Backdoor.Win32.DarkKomet.hqxy 20200910
BitDefender Dropped:Trojan.GenericKD.32840913 20200910
NANO-Antivirus Trojan.Win32.DarkKomet.fazbwq 20200910
SUPERAntiSpyware Adware.FileTour/Variant 20200904
Avast Win32:Zorex-E [Wrm] 20200910
Tencent Virus.Win32.DarkKomet.a 20200910
Ad-Aware Dropped:Trojan.GenericKD.32840913 20200910
TACHYON 未发现病毒 20200910
Comodo Virus.Win32.Agent.DE@74b38h 20200728
F-Secure Trojan:W97M/MaliciousMacro.GEN 20200909
DrWeb Trojan.DownLoader22.9658 20200910
VIPRE BehavesLike.Win32.Malware.eah (mx-v) 20200910
TrendMicro Virus.Win32.NAPWHICH.B 20200910
FireEye Generic.mg.5d92f97b6d1b9506 20200909
Sophos ElReceptor Keyboard Hook (PUA) 20200910
Ikarus Trojan-PWS.Win32.QQPass 20200909
Jiangmin Trojan.Generic.bhoqf 20200909
eGambit Unsafe.AI_Score_100% 20200910
Avira DR/Delphi.Gen 20200909
Antiy-AVL Trojan[Downloader]/Script.AGeneric 20200910
Kingsoft 未发现病毒 20200910
Microsoft Worm:Win32/AutoRun!atmn 20200909
ViRobot 未发现病毒 20200909
ZoneAlarm Backdoor.Win32.DarkKomet.hqxy 20200910
GData Dropped:Trojan.GenericKD.32840913 20200910
Cynet Malicious (score: 100) 20200905
AhnLab-V3 Win32/Zorex.X1799 20200909
Acronis suspicious 20200806
BitDefenderTheta AI:Packer.F5AF03D517 20200902
ALYac Dropped:Trojan.GenericKD.32840913 20200910
MAX malware (ai score=83) 20200910
VBA32 TScope.Trojan.Delf 20200909
Malwarebytes Trojan.Agent 20200910
Zoner Trojan.Win32.88102 20200909
TrendMicro-HouseCall Virus.Win32.NAPWHICH.B 20200910
Rising Virus.Synaptics!1.C8FB (CLASSIC) 20200909
Yandex 未发现病毒 20200907
SentinelOne DFI - Malicious PE 20200724
MaxSecure Trojan.Malware.300983.susgen 20200908
Fortinet W32/Delf.NBX!tr 20200910
Webroot W32.Malware.gen 20200910
AVG Other:Malware-gen [Trj] 20200910
Panda Trj/Genetic.gen 20200909
CrowdStrike win/malicious_confidence_100% (D) 20190702
Qihoo-360 Win32/Virus.Synaptics.A 20200910

进程树

hiddeninput.exe, PID: 2316, 上一级进程 PID: 2160
._cache_hiddeninput.exe, PID: 2488, 上一级进程 PID: 2316
Synaptics.exe, PID: 2580, 上一级进程 PID: 2316
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49163 23.218.94.163 acroipm.adobe.com 80
192.168.122.201 49166 69.42.215.252 freedns.afraid.org 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
xred.mooo.com A 118.5.49.6
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
A 23.218.94.163
CNAME a1983.dscd.akamai.net
A 23.218.94.155
docs.google.com A 31.13.76.8
freedns.afraid.org A 69.42.215.252
A 50.23.197.94

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49163 23.218.94.163 acroipm.adobe.com 80
192.168.122.201 49166 69.42.215.252 freedns.afraid.org 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache
URL专业沙箱检测 -> http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 
GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
User-Agent: MyApp
Host: freedns.afraid.org
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 21.487 seconds )

  • 11.508 Suricata
  • 3.572 BehaviorAnalysis
  • 2.338 NetworkAnalysis
  • 1.692 VirusTotal
  • 1.663 Static
  • 0.368 TargetInfo
  • 0.318 peid
  • 0.013 AnalysisInfo
  • 0.012 Strings
  • 0.002 Memory
  • 0.001 config_decoder

Signatures ( 46.556 seconds )

  • 43.107 network_http
  • 1.368 md_url_bl
  • 0.472 antiav_detectreg
  • 0.181 api_spamming
  • 0.162 infostealer_ftp
  • 0.144 stealth_decoy_document
  • 0.125 stealth_timeout
  • 0.098 antianalysis_detectreg
  • 0.09 infostealer_im
  • 0.065 antivm_generic_scsi
  • 0.056 infostealer_mail
  • 0.034 stealth_file
  • 0.031 mimics_filetime
  • 0.03 antivm_generic_services
  • 0.029 reads_self
  • 0.025 anormaly_invoke_kills
  • 0.024 kibex_behavior
  • 0.024 antivm_parallels_keys
  • 0.024 antivm_xen_keys
  • 0.024 darkcomet_regkeys
  • 0.023 virus
  • 0.021 bootkit
  • 0.021 antivm_generic_disk
  • 0.021 recon_fingerprint
  • 0.02 geodo_banking_trojan
  • 0.018 betabot_behavior
  • 0.016 antivm_generic_diskreg
  • 0.015 hancitor_behavior
  • 0.015 md_domain_bl
  • 0.014 antiav_detectfile
  • 0.014 antisandbox_productid
  • 0.009 maldun_anomaly_invoke_vb_vba
  • 0.009 packer_armadillo_regkey
  • 0.008 anomaly_persistence_autorun
  • 0.008 bypass_firewall
  • 0.008 antivm_xen_keys
  • 0.008 antivm_hyperv_keys
  • 0.008 antivm_vbox_acpi
  • 0.008 antivm_vbox_keys
  • 0.008 antivm_vmware_keys
  • 0.008 antivm_vpc_keys
  • 0.008 infostealer_bitcoin
  • 0.007 shifu_behavior
  • 0.007 antivm_generic_system
  • 0.007 recon_programs
  • 0.006 infostealer_browser
  • 0.006 maldun_anomaly_massive_file_ops
  • 0.006 infostealer_browser_password
  • 0.006 antivm_generic_bios
  • 0.006 antivm_generic_cpu
  • 0.005 injection_createremotethread
  • 0.005 kovter_behavior
  • 0.005 antivm_vbox_files
  • 0.005 network_torgateway
  • 0.005 ransomware_files
  • 0.004 antiemu_wine_func
  • 0.004 maldun_malicious_write_executeable_under_temp_to_regrun
  • 0.004 maldun_anomaly_write_exe_and_obsfucate_extension
  • 0.004 ransomware_extensions
  • 0.003 ipc_namedpipe
  • 0.003 maldun_anomaly_write_exe_and_dll_under_winroot_run
  • 0.003 injection_runpe
  • 0.002 tinba_behavior
  • 0.002 antivm_vbox_libs
  • 0.002 rat_nanocore
  • 0.002 rat_luminosity
  • 0.002 anomaly_persistence_bootexecute
  • 0.002 antisandbox_sleep
  • 0.002 creates_nullvalue
  • 0.002 antidbg_devices
  • 0.002 browser_security
  • 0.002 disables_browser_warn
  • 0.001 hawkeye_behavior
  • 0.001 network_tor
  • 0.001 antiav_avast_libs
  • 0.001 dridex_behavior
  • 0.001 anomaly_reset_winsock
  • 0.001 injection_explorer
  • 0.001 sets_autoconfig_url
  • 0.001 creates_largekey
  • 0.001 kazybot_behavior
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 antisandbox_sboxie_libs
  • 0.001 antiav_bitdefender_libs
  • 0.001 exec_crash
  • 0.001 antidbg_windows
  • 0.001 nymaim_behavior
  • 0.001 cerber_behavior
  • 0.001 h1n1_behavior
  • 0.001 securityxploded_modules
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_vmware_files
  • 0.001 antiemu_wine_reg
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 modify_proxy
  • 0.001 codelux_behavior
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 office_security
  • 0.001 rat_pcclient
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.616 seconds )

  • 0.53 ReportHTMLSummary
  • 0.086 Malheur
Task ID 583398
Mongo ID 5f97eb067e769a0a8f08ecf4
Cuckoo release 1.4-Maldun