比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2020-11-30 12:49:22 2020-11-30 12:50:14 52 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 MusicTools v1.9.0.0.exe
文件大小 4220021 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 ca33edcc509a99d3019fa0adb4a48346
SHA1 49d01615a5ccc2f3fb6c6b792fd274f9f13e3b27
SHA256 26eb93c7460cde6a875e45621df7ee9b877ad939f0223f62405361dcb29ea5eb
SHA512 f020a8e0edd22158e09438f112abaed12275be2c5c3fb63f5a760e487b852d1b0026581f34714d6e1f6e9f6b64dc35c8be8f3e4dcd9ac56b04b27eb00f712cf5
CRC32 F46093BE
Ssdeep 98304:2gwR0QYiTlfnqCmuC1LJvXdV+iJ9lR+ckDRmCZ:2gWYn9uuJvNVtlR+cCZ
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
A 23.218.94.163
CNAME a1983.dscd.akamai.net
A 23.218.94.155

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0041942f
声明校验值 0x0003e540
实际校验值 0x0040bd59
最低操作系统版本要求 4.0
编译时间 2012-12-31 08:38:51
载入哈希 f6baa5eaa8231d4fe8e922a2e6d240ea
图标
图标精确哈希值 d5b9392dcabed06cda461c15e6786241
图标相似性哈希值 7e406196e2740baa2cd11ed30cb18e8f

版本信息

Translation
LegalCopyright
Assembly Version
InternalName
FileVersion
CompanyName
LegalTrademarks
Comments
ProductName
ProductVersion
FileDescription
OriginalFilename

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00018dde 0x00018e00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.67
.rdata 0x0001a000 0x00003bca 0x00003c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.72
.data 0x0001e000 0x00004dec 0x00000a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.45
.rsrc 0x00023000 0x00016ab0 0x00016c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.17

覆盖

偏移量 0x00034200
大小 0x003d2275

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_ICON 0x00038cb8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x00038cb8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x00038cb8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x00038cb8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.10 GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x00039120 0x0000003e LANG_NEUTRAL SUBLANG_NEUTRAL 2.77 MS Windows icon resource - 4 icons, 128x128
RT_VERSION 0x00039160 0x00000358 LANG_NEUTRAL SUBLANG_NEUTRAL 3.58 data
RT_MANIFEST 0x000394b8 0x000005f8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.42 XML 1.0 document text

导入

库: COMCTL32.dll:
0x41a010 None
库: SHELL32.dll:
0x41a260 ShellExecuteW
0x41a264 SHGetMalloc
0x41a26c SHBrowseForFolderW
0x41a270 SHGetFileInfoW
0x41a274 ShellExecuteExW
库: GDI32.dll:
0x41a018 CreateCompatibleDC
0x41a01c CreateFontIndirectW
0x41a020 DeleteObject
0x41a024 DeleteDC
0x41a028 GetCurrentObject
0x41a02c StretchBlt
0x41a030 GetDeviceCaps
0x41a038 SelectObject
0x41a03c SetStretchBltMode
0x41a040 GetObjectW
库: ADVAPI32.dll:
0x41a000 FreeSid
库: USER32.dll:
0x41a27c GetWindowLongW
0x41a280 GetMenu
0x41a284 SetWindowPos
0x41a288 GetWindowDC
0x41a28c ReleaseDC
0x41a290 GetDlgItem
0x41a294 GetParent
0x41a298 GetWindowRect
0x41a29c GetClassNameA
0x41a2a0 CreateWindowExW
0x41a2a4 SetTimer
0x41a2a8 GetMessageW
0x41a2ac DispatchMessageW
0x41a2b0 KillTimer
0x41a2b4 DestroyWindow
0x41a2b8 SendMessageW
0x41a2bc EndDialog
0x41a2c0 wsprintfW
0x41a2c4 GetWindowTextW
0x41a2cc GetSysColor
0x41a2d0 wsprintfA
0x41a2d4 SetWindowTextW
0x41a2d8 MessageBoxA
0x41a2dc ScreenToClient
0x41a2e0 GetClientRect
0x41a2e4 SetWindowLongW
0x41a2e8 UnhookWindowsHookEx
0x41a2ec SetFocus
0x41a2f0 GetSystemMetrics
0x41a2f8 ShowWindow
0x41a2fc DrawTextW
0x41a300 GetDC
0x41a304 ClientToScreen
0x41a308 GetWindow
0x41a310 DrawIconEx
0x41a314 CallWindowProcW
0x41a318 DefWindowProcW
0x41a31c CallNextHookEx
0x41a320 PtInRect
0x41a324 SetWindowsHookExW
0x41a328 LoadImageW
0x41a32c LoadIconW
0x41a330 MessageBeep
0x41a334 EnableWindow
0x41a338 IsWindow
0x41a33c EnableMenuItem
0x41a340 GetSystemMenu
0x41a344 CreateWindowExA
0x41a348 wvsprintfW
0x41a34c CharUpperW
0x41a350 GetKeyState
0x41a354 CopyImage
库: ole32.dll:
0x41a360 CoCreateInstance
0x41a364 CoInitialize
库: OLEAUT32.dll:
0x41a248 VariantClear
0x41a24c SysFreeString
0x41a250 OleLoadPicture
0x41a254 SysAllocString
库: KERNEL32.dll:
0x41a048 GetFileSize
0x41a04c SetFilePointer
0x41a050 ReadFile
0x41a058 GetModuleHandleA
0x41a05c SetFileTime
0x41a060 SetEndOfFile
0x41a070 FormatMessageW
0x41a074 lstrcpyW
0x41a078 LocalFree
0x41a07c IsBadReadPtr
0x41a080 GetSystemDirectoryW
0x41a084 GetCurrentThreadId
0x41a088 SuspendThread
0x41a08c TerminateThread
0x41a094 ResetEvent
0x41a098 SetEvent
0x41a09c CreateEventW
0x41a0a0 GetVersionExW
0x41a0a4 GetModuleFileNameW
0x41a0a8 GetCurrentProcess
0x41a0b4 GetDriveTypeW
0x41a0b8 CreateFileW
0x41a0bc GetCommandLineW
0x41a0c0 GetStartupInfoW
0x41a0c4 CreateProcessW
0x41a0c8 CreateJobObjectW
0x41a0cc ResumeThread
0x41a0e0 GetExitCodeProcess
0x41a0e4 CloseHandle
0x41a0ec GetTempPathW
0x41a0f4 lstrlenW
0x41a0f8 CompareFileTime
0x41a0fc SetThreadLocale
0x41a100 FindFirstFileW
0x41a104 DeleteFileW
0x41a108 FindNextFileW
0x41a10c FindClose
0x41a110 RemoveDirectoryW
0x41a118 WideCharToMultiByte
0x41a11c VirtualAlloc
0x41a124 lstrcmpW
0x41a12c lstrcmpiW
0x41a130 lstrlenA
0x41a134 GetLocaleInfoW
0x41a138 MultiByteToWideChar
0x41a148 lstrcmpiA
0x41a14c GlobalAlloc
0x41a150 GlobalFree
0x41a154 MulDiv
0x41a158 FindResourceExA
0x41a15c SizeofResource
0x41a160 LoadResource
0x41a164 LockResource
0x41a168 LoadLibraryA
0x41a16c GetProcAddress
0x41a170 GetModuleHandleW
0x41a174 ExitProcess
0x41a178 lstrcatW
0x41a17c GetDiskFreeSpaceExW
0x41a180 SetFileAttributesW
0x41a184 SetLastError
0x41a188 Sleep
0x41a18c GetExitCodeThread
0x41a190 WaitForSingleObject
0x41a194 CreateThread
0x41a198 GetLastError
0x41a1a0 GetLocalTime
0x41a1a4 GetFileAttributesW
0x41a1a8 CreateDirectoryW
0x41a1ac WriteFile
0x41a1b0 GetStdHandle
0x41a1b4 VirtualFree
0x41a1b8 GetStartupInfoA
库: MSVCRT.dll:
0x41a1c0 ??3@YAXPAX@Z
0x41a1c4 ??2@YAPAXI@Z
0x41a1c8 memcmp
0x41a1cc free
0x41a1d0 memcpy
0x41a1d4 _wtol
0x41a1d8 _controlfp
0x41a1dc _except_handler3
0x41a1e0 __set_app_type
0x41a1e4 __p__fmode
0x41a1e8 __p__commode
0x41a1ec _adjust_fdiv
0x41a1f0 __setusermatherr
0x41a1f4 _initterm
0x41a1f8 __getmainargs
0x41a1fc _acmdln
0x41a200 exit
0x41a204 _XcptFilter
0x41a208 _exit
0x41a210 _onexit
0x41a214 __dllonexit
0x41a218 _CxxThrowException
0x41a21c _beginthreadex
0x41a220 _EH_prolog
0x41a228 memset
0x41a22c _wcsnicmp
0x41a230 strncmp
0x41a234 wcsncmp
0x41a238 malloc
0x41a23c memmove
0x41a240 _purecall
.text
`.rdata
@.data
.rsrc
DSVWj
tMf=,
tSf="
t,f=
v"f=a
tdf=P
t^f=y
v f=a
Ph;[@
PhBL@
_8Wh+v@
Vhv;A
SetThreadPreferredUILanguages
kernel32
SetProcessPreferredUILanguages
IMAGES
STATIC
GetNativeSystemInfo
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
riched20
{\rtf
:Language:%u
amd64
Finish
"%s".
Could not overwrite file "%s".
"%s".
Could not create file "%s".
No "HelpText" in the configuration file.
Really cancel the installation?
Extraction path:
Extraction path
0x%08X.
7-Zip: Internal error, code 0x%08X.
7-Zip: Internal error, code %u.
(CRC).
7-Zip: CRC error.
"%s".
Could not find command for "%s".
"%s".
Could not delete file or folder "%s".
"%s".
Non 7z archive.
"%s".
Could not open archive file "%s".
Could not get SFX filename.
7z SFX
Could not allocate memory
7-Zip SFX
Sorry, this program requires Microsoft Windows 2000 or later.
123456789ABCDEFGHJKMNPQRSTUVWXYZ
SetWindowTheme
uxtheme
out of memory
COMCTL32.dll
SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHELL32.dll
DeleteDC
GetCurrentObject
StretchBlt
SetStretchBltMode
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetObjectW
GetDeviceCaps
DeleteObject
CreateFontIndirectW
GDI32.dll
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
ADVAPI32.dll
wsprintfW
EndDialog
SendMessageW
DestroyWindow
KillTimer
DispatchMessageW
GetMessageW
SetTimer
CreateWindowExW
ScreenToClient
GetWindowRect
GetParent
CopyImage
ReleaseDC
GetWindowDC
SetWindowPos
GetMenu
GetWindowLongW
GetClassNameA
GetWindowTextW
GetWindowTextLengthW
GetSysColor
wsprintfA
SetWindowTextW
MessageBoxA
GetKeyState
GetDlgItem
GetClientRect
SetWindowLongW
UnhookWindowsHookEx
SetFocus
GetSystemMetrics
SystemParametersInfoW
ShowWindow
DrawTextW
GetDC
ClientToScreen
GetWindow
DialogBoxIndirectParamW
DrawIconEx
CallWindowProcW
DefWindowProcW
CallNextHookEx
PtInRect
SetWindowsHookExW
LoadImageW
LoadIconW
MessageBeep
EnableWindow
IsWindow
EnableMenuItem
GetSystemMenu
CreateWindowExA
wvsprintfW
CharUpperW
USER32.dll
CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
ole32.dll
OLEAUT32.dll
ExitProcess
lstrcatW
GetDiskFreeSpaceExW
SetFileAttributesW
SetLastError
Sleep
GetExitCodeThread
WaitForSingleObject
CreateThread
GetLastError
SystemTimeToFileTime
GetLocalTime
GetFileAttributesW
CreateDirectoryW
WriteFile
GetStdHandle
VirtualFree
GetModuleHandleW
GetProcAddress
LoadLibraryA
LockResource
LoadResource
SizeofResource
FindResourceExA
MulDiv
GlobalFree
GlobalAlloc
lstrcmpiA
GetSystemDefaultLCID
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
MultiByteToWideChar
GetLocaleInfoW
lstrlenA
lstrcmpiW
GetEnvironmentVariableW
lstrcmpW
GlobalMemoryStatusEx
VirtualAlloc
WideCharToMultiByte
ExpandEnvironmentStringsW
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
SetThreadLocale
CompareFileTime
lstrlenW
GetSystemTimeAsFileTime
GetTempPathW
SetEnvironmentVariableW
CloseHandle
GetExitCodeProcess
GetQueuedCompletionStatus
SetInformationJobObject
CreateIoCompletionPort
AssignProcessToJobObject
ResumeThread
CreateJobObjectW
CreateProcessW
GetStartupInfoW
GetCommandLineW
CreateFileW
GetDriveTypeW
SetCurrentDirectoryW
SetProcessWorkingSetSize
GetCurrentProcess
GetModuleFileNameW
GetVersionExW
CreateEventW
SetEvent
ResetEvent
InitializeCriticalSection
TerminateThread
SuspendThread
GetCurrentThreadId
GetSystemDirectoryW
IsBadReadPtr
LocalFree
lstrcpyW
FormatMessageW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetFileSize
SetFilePointer
ReadFile
SetFileTime
SetEndOfFile
WaitForMultipleObjects
KERNEL32.dll
_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z
memcmp
memcpy
_wtol
memmove
malloc
wcsncmp
strncmp
_wcsnicmp
memset
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_EH_prolog
_beginthreadex
_CxxThrowException
MSVCRT.dll
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
GetModuleHandleA
GetStartupInfoA
,!@Install@!UTF-8!
,!@InstallEnd@!
.?AUCInBufferException@@
.?AUCOutBufferException@@
.?AUCSystemException@@
.?AVCInArchiveException@N7z@NArchive@@
GenuineIntelAuthenticAMDCentaurHauls
.?AVtype_info@@
@Static
%04X%c%04X%c
SfxString%d
RichEdit20W
{\rtf
SetEnvironment
GUIFlags
MiscFlags
RunProgram
AutoInstall
Shortcut
Delete
ExecuteFile
MyDocs
MyDocuments
UserDesktop
CommonDocuments
CommonDesktop
@SfxFolder%02d
@Title
ErrorTitle
WarningTitle
GUIMode
BeginPrompt
InstallPath
ExtractTitle
ExtractCancelText
ExtractDialogText
ExtractDialogWidth
SelfDelete
ExtractPathTitle
ExtractPathText
HelpText
OverwriteMode
CancelPrompt
ExtractPathWidth
FinishMessage
ExecuteParameters
Directory
Progress
BeginPromptTimeout
PasswordTitle
PasswordText
%X - %03X - %03X - %03X - %03X
runas
sfxwaitall
if exist "
del "
7ZSfx%03x.cmd
amd64
forcenowait
nowait
hidcon
waitall
setup.exe
7ZipSfx.%03x
SfxAuthor
SfxVarCmdLine1
SfxVarCmdLine2
sfxconfig
sfxtest
sfxelevation
sfxversion
sfxlang
SfxVarSystemLanguage
SfxVarCmdLine0
SfxVarSystemPlatform
SfxVarModulePlatform
@ (%d%s)
@ 100%%
7zAES
@BCJ2
@Copy
@Deflate
@LZMA
@LZMA2
APPMD
MS Shell Dlg
msctls_progress32
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav W32.AIDetectVM.malware2 20201128
Elastic 未发现病毒 20201030
MicroWorld-eScan 未发现病毒 20201129
CMC 未发现病毒 20201127
CAT-QuickHeal 未发现病毒 20201129
McAfee Artemis!CA33EDCC509A 20201129
Cylance 未发现病毒 20201129
Zillya 未发现病毒 20201127
SUPERAntiSpyware 未发现病毒 20201127
Sangfor 未发现病毒 20201125
K7AntiVirus 未发现病毒 20201129
Alibaba 未发现病毒 20190527
K7GW 未发现病毒 20201129
Cybereason 未发现病毒 20190616
Baidu 未发现病毒 20190318
Cyren 未发现病毒 20201129
Symantec 未发现病毒 20201128
TotalDefense 未发现病毒 20201129
APEX Malicious 20201128
Avast 未发现病毒 20201129
ClamAV 未发现病毒 20201128
Kaspersky 未发现病毒 20201129
BitDefender 未发现病毒 20201129
NANO-Antivirus 未发现病毒 20201129
Paloalto 未发现病毒 20201129
ViRobot 未发现病毒 20201129
Tencent 未发现病毒 20201129
Ad-Aware 未发现病毒 20201129
Sophos 未发现病毒 20201129
Comodo 未发现病毒 20201129
F-Secure 未发现病毒 20201129
DrWeb 未发现病毒 20201129
VIPRE 未发现病毒 20201129
TrendMicro 未发现病毒 20201129
McAfee-GW-Edition BehavesLike.Win32.BadFile.rc 20201128
Emsisoft 未发现病毒 20201129
SentinelOne 未发现病毒 20201129
Jiangmin 未发现病毒 20201129
eGambit Unsafe.AI_Score_99% 20201129
Avira 未发现病毒 20201129
Antiy-AVL 未发现病毒 20201129
Kingsoft 未发现病毒 20201129
Microsoft Trojan:Win32/Woreflint.A!cl 20201129
Gridinsoft 未发现病毒 20201129
Arcabit 未发现病毒 20201129
AegisLab 未发现病毒 20201129
ZoneAlarm 未发现病毒 20201129
GData 未发现病毒 20201129
Cynet 未发现病毒 20201129
AhnLab-V3 未发现病毒 20201129
Acronis 未发现病毒 20201023
BitDefenderTheta Gen:NN.ZemsilF.34658.Pm0@aGtZPId 20201125
ALYac 未发现病毒 20201129
MAX 未发现病毒 20201129
VBA32 未发现病毒 20201127
Malwarebytes 未发现病毒 20201129
Zoner 未发现病毒 20201128
ESET-NOD32 未发现病毒 20201129
TrendMicro-HouseCall 未发现病毒 20201129
Rising 未发现病毒 20201128
Yandex 未发现病毒 20201129
TACHYON 未发现病毒 20201128
MaxSecure 未发现病毒 20201128
Fortinet 未发现病毒 20201129
Webroot W32.Trojan.Gen 20201129
AVG 未发现病毒 20201129
Panda 未发现病毒 20201129
CrowdStrike win/malicious_confidence_60% (D) 20190702
Qihoo-360 未发现病毒 20201129

进程树

MusicTools v1.9.0.0.exe, PID: 2312, 上一级进程 PID: 2152
cmd.exe, PID: 2496, 上一级进程 PID: 2312
attrib.exe, PID: 2568, 上一级进程 PID: 2496
MusicTools.exe, PID: 2636, 上一级进程 PID: 2312
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49164 23.218.94.155 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
A 23.218.94.163
CNAME a1983.dscd.akamai.net
A 23.218.94.155

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49164 23.218.94.155 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 23.34 seconds )

  • 10.921 Suricata
  • 4.698 BehaviorAnalysis
  • 3.646 VirusTotal
  • 1.948 Static
  • 0.994 TargetInfo
  • 0.774 NetworkAnalysis
  • 0.326 peid
  • 0.013 Strings
  • 0.011 AnalysisInfo
  • 0.007 config_decoder
  • 0.002 Memory

Signatures ( 2.565 seconds )

  • 1.456 md_url_bl
  • 0.245 api_spamming
  • 0.232 injection_createremotethread
  • 0.176 stealth_decoy_document
  • 0.138 injection_runpe
  • 0.031 antiav_detectreg
  • 0.018 antiav_detectfile
  • 0.017 stealth_file
  • 0.016 infostealer_ftp
  • 0.011 mimics_filetime
  • 0.011 infostealer_bitcoin
  • 0.01 infostealer_im
  • 0.01 md_domain_bl
  • 0.009 reads_self
  • 0.009 virus
  • 0.009 kovter_behavior
  • 0.008 antiemu_wine_func
  • 0.008 bootkit
  • 0.008 infostealer_browser_password
  • 0.007 antivm_generic_disk
  • 0.007 antivm_vbox_files
  • 0.006 stealth_timeout
  • 0.006 antianalysis_detectreg
  • 0.006 infostealer_mail
  • 0.005 maldun_anomaly_massive_file_ops
  • 0.005 anomaly_persistence_autorun
  • 0.005 hancitor_behavior
  • 0.005 geodo_banking_trojan
  • 0.004 antidbg_windows
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 antivm_vbox_libs
  • 0.003 antisandbox_sunbelt_libs
  • 0.003 antivm_generic_scsi
  • 0.003 antidbg_devices
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 network_tor
  • 0.002 rat_nanocore
  • 0.002 antiav_avast_libs
  • 0.002 infostealer_browser
  • 0.002 maldun_malicious_write_executeable_under_temp_to_regrun
  • 0.002 maldun_anomaly_write_exe_and_obsfucate_extension
  • 0.002 antivm_generic_services
  • 0.002 betabot_behavior
  • 0.002 antisandbox_sboxie_libs
  • 0.002 antiav_bitdefender_libs
  • 0.002 kibex_behavior
  • 0.002 exec_crash
  • 0.002 anormaly_invoke_kills
  • 0.002 disables_browser_warn
  • 0.002 network_torgateway
  • 0.002 rat_pcclient
  • 0.001 hawkeye_behavior
  • 0.001 dridex_behavior
  • 0.001 rat_luminosity
  • 0.001 antivm_vmware_libs
  • 0.001 ransomware_message
  • 0.001 sets_autoconfig_url
  • 0.001 Locky_behavior
  • 0.001 kazybot_behavior
  • 0.001 ipc_namedpipe
  • 0.001 dyre_behavior
  • 0.001 shifu_behavior
  • 0.001 maldun_anomaly_write_exe_and_dll_under_winroot_run
  • 0.001 encrypted_ioc
  • 0.001 cerber_behavior
  • 0.001 securityxploded_modules
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_vmware_files
  • 0.001 antivm_xen_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 codelux_behavior
  • 0.001 darkcomet_regkeys
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 maldun_network_blacklist
  • 0.001 network_cnc_http

Reporting ( 0.505 seconds )

  • 0.5 ReportHTMLSummary
  • 0.005 Malheur
Task ID 592615
Mongo ID 5fc47a2f7e769a09e2a4d32b
Cuckoo release 1.4-Maldun