分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2021-01-22 21:25:47 2021-01-22 21:25:49 2 秒

魔盾分数

1.75

正常的

文件详细信息

文件名 csrss.exe
文件大小 2555904 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 28b013bd4d0a988267cd1c75f3c16233
SHA1 2388ae696115b7396966fba2864b33c21a0b3dd1
SHA256 cd012616f13caeeda6e1602849d33783591d1ae8e7269a9fd07ddf993f2841c2
SHA512 e5c6d85e9f1ca3b94d899a9060172b5d4617dc54865db0f437e8501d5d180e14d8df9fbbce0f0aea48f5e879c6ea564dce689dcd276919ca5ac4e3c83ff03e40
CRC32 39FE23EE
Ssdeep 49152:tnx2+87ViMFxNLlG4CoZr0Je3ad3NzArziUOgT50QX:ZKxNLlG4CoZrgVdaO4d
Yara
  • Create or check mutex
  • Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files
  • Detected UPX. Commonly used by RAT!
样本下载 提交漏报

登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

PE 信息

初始地址 0x00400000
入口地址 0x004b888a
声明校验值 0x00000000
实际校验值 0x00273dab
最低操作系统版本要求 4.0
编译时间 2021-01-22 21:21:14
载入哈希 6ae0bd1cd8e768fb8ef2e68bc0eef723

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000d7ed2 0x000d8000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.63
.rdata 0x000d9000 0x001676e4 0x00168000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.46
.data 0x00241000 0x00069b0a 0x00022000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.95
.rsrc 0x002ab000 0x0000c8e0 0x0000d000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.38

导入

库: WINMM.dll:
0x4d96d8 midiStreamOut
0x4d96e8 waveOutWrite
0x4d96ec waveOutPause
0x4d96f0 waveOutReset
0x4d96f4 waveOutClose
0x4d96f8 waveOutGetNumDevs
0x4d96fc midiStreamStop
0x4d9700 midiOutReset
0x4d9704 midiStreamClose
0x4d9708 midiStreamRestart
0x4d970c waveOutOpen
0x4d9714 midiStreamOpen
0x4d9718 midiStreamProperty
0x4d971c waveOutRestart
库: WS2_32.dll:
0x4d9734 WSACleanup
0x4d9738 inet_ntoa
0x4d973c closesocket
0x4d9740 getpeername
0x4d9744 accept
0x4d9748 ntohl
0x4d974c WSAAsyncSelect
0x4d9750 recvfrom
0x4d9754 ioctlsocket
0x4d9758 recv
库: KERNEL32.dll:
0x4d91a4 GetVersion
0x4d91a8 IsDBCSLeadByte
0x4d91ac lstrcmpA
0x4d91b0 lstrcmpiA
0x4d91b4 lstrcpynA
0x4d91c0 GetFileType
0x4d91c4 DuplicateHandle
0x4d91cc GetLocalTime
0x4d91d4 CreateMutexA
0x4d91d8 ReleaseMutex
0x4d91dc SuspendThread
0x4d91e8 GetSystemInfo
0x4d91f4 GetACP
0x4d91f8 HeapSize
0x4d91fc RaiseException
0x4d9200 GetSystemTime
0x4d9204 RtlUnwind
0x4d9208 GetStartupInfoA
0x4d920c GetOEMCP
0x4d9210 GetCPInfo
0x4d9214 GetProcessVersion
0x4d9218 SetErrorMode
0x4d921c GlobalFlags
0x4d9220 GetCurrentThread
0x4d9224 GetFileTime
0x4d9228 TlsGetValue
0x4d922c LocalReAlloc
0x4d9230 TlsSetValue
0x4d9234 TlsFree
0x4d9238 GlobalHandle
0x4d923c TlsAlloc
0x4d9240 LocalAlloc
0x4d9244 GlobalGetAtomNameA
0x4d9248 GlobalAddAtomA
0x4d924c GlobalFindAtomA
0x4d9250 GlobalDeleteAtom
0x4d9254 SetEndOfFile
0x4d9258 UnlockFile
0x4d925c LockFile
0x4d9260 FlushFileBuffers
0x4d9264 LocalFree
0x4d926c SetLastError
0x4d9270 TerminateProcess
0x4d9274 GetFileSize
0x4d9278 SetFilePointer
0x4d927c WideCharToMultiByte
0x4d9280 MultiByteToWideChar
0x4d9284 GetCurrentProcess
0x4d9288 GetSystemDirectoryA
0x4d928c TerminateThread
0x4d9290 CreateSemaphoreA
0x4d9294 ResumeThread
0x4d9298 ReleaseSemaphore
0x4d92a4 GetProfileStringA
0x4d92a8 WriteFile
0x4d92ac ReadFile
0x4d92b4 CreateFileA
0x4d92b8 SetEvent
0x4d92bc FindResourceA
0x4d92c0 LoadResource
0x4d92c4 LockResource
0x4d92c8 lstrlenW
0x4d92cc GetModuleFileNameA
0x4d92d0 GetCurrentThreadId
0x4d92d4 ExitProcess
0x4d92d8 GlobalSize
0x4d92dc GlobalFree
0x4d92e4 InterlockedExchange
0x4d92ec lstrcatA
0x4d92f0 lstrlenA
0x4d92f4 WinExec
0x4d92f8 lstrcpyA
0x4d92fc FindNextFileA
0x4d9300 GlobalReAlloc
0x4d9304 HeapFree
0x4d9308 HeapReAlloc
0x4d930c GetProcessHeap
0x4d9310 HeapAlloc
0x4d9314 GetUserDefaultLCID
0x4d9318 GetFullPathNameA
0x4d931c FreeLibrary
0x4d9320 LoadLibraryA
0x4d9324 GetLastError
0x4d9328 GetVersionExA
0x4d9330 CreateThread
0x4d9334 CreateEventA
0x4d9338 Sleep
0x4d9340 GlobalAlloc
0x4d9344 GlobalLock
0x4d9348 GlobalUnlock
0x4d934c FindFirstFileA
0x4d9350 FindClose
0x4d9354 SetFileAttributesA
0x4d9358 GetFileAttributesA
0x4d935c MoveFileA
0x4d9360 DeleteFileA
0x4d9364 CreateDirectoryA
0x4d9374 GetModuleHandleA
0x4d9378 GetProcAddress
0x4d937c MulDiv
0x4d9380 GetCommandLineA
0x4d9384 GetTickCount
0x4d9388 CreateProcessA
0x4d938c WaitForSingleObject
0x4d9390 CloseHandle
0x4d93a4 SetHandleCount
0x4d93a8 GetStdHandle
0x4d93b0 HeapDestroy
0x4d93b4 HeapCreate
0x4d93b8 VirtualFree
0x4d93c0 LCMapStringA
0x4d93c4 LCMapStringW
0x4d93c8 VirtualAlloc
0x4d93cc IsBadWritePtr
0x4d93d4 GetStringTypeA
0x4d93d8 GetStringTypeW
0x4d93dc CompareStringA
0x4d93e0 CompareStringW
0x4d93e4 IsBadReadPtr
0x4d93e8 IsBadCodePtr
0x4d93ec SetStdHandle
0x4d93f0 SetFileTime
库: USER32.dll:
0x4d9460 GetWindow
0x4d9464 GetActiveWindow
0x4d9468 SetFocus
0x4d946c IsIconic
0x4d9470 PeekMessageA
0x4d9474 SetMenu
0x4d9478 GetMenu
0x4d947c DeleteMenu
0x4d9480 GetSystemMenu
0x4d9484 DefWindowProcA
0x4d9488 GetClassInfoA
0x4d948c IsZoomed
0x4d9490 PostQuitMessage
0x4d949c SetWindowRgn
0x4d94a0 GetMessagePos
0x4d94a4 ScreenToClient
0x4d94ac CopyRect
0x4d94b0 LoadBitmapA
0x4d94b4 WinHelpA
0x4d94b8 LoadImageA
0x4d94c0 ClientToScreen
0x4d94c4 EnableMenuItem
0x4d94c8 GetSubMenu
0x4d94cc GetDlgCtrlID
0x4d94d0 CreateMenu
0x4d94d4 ModifyMenuA
0x4d94d8 AppendMenuA
0x4d94dc CreatePopupMenu
0x4d94e0 DrawIconEx
0x4d94f0 SetRectEmpty
0x4d94f4 DispatchMessageA
0x4d94f8 UnregisterClassA
0x4d94fc GetMessageA
0x4d9500 WindowFromPoint
0x4d9504 DrawFocusRect
0x4d9508 DrawEdge
0x4d950c DrawFrameControl
0x4d9510 KillTimer
0x4d9514 SetTimer
0x4d9518 ReleaseCapture
0x4d951c GetCapture
0x4d9520 SetCapture
0x4d9524 GetScrollRange
0x4d9528 SetScrollRange
0x4d952c SetScrollPos
0x4d9530 SetRect
0x4d9534 InflateRect
0x4d9538 IntersectRect
0x4d953c DestroyIcon
0x4d9540 PtInRect
0x4d9544 OffsetRect
0x4d9548 IsWindowVisible
0x4d954c EnableWindow
0x4d9550 RedrawWindow
0x4d9554 GetKeyState
0x4d9558 SetWindowLongA
0x4d955c GetSysColor
0x4d9560 SetActiveWindow
0x4d9564 SetCursorPos
0x4d9568 LoadCursorA
0x4d956c SetCursor
0x4d9570 GetSysColorBrush
0x4d9574 LoadStringA
0x4d9578 GetDC
0x4d957c FillRect
0x4d9580 IsRectEmpty
0x4d9584 ReleaseDC
0x4d9588 IsChild
0x4d958c DestroyMenu
0x4d9590 SetForegroundWindow
0x4d9594 GetWindowRect
0x4d9598 EqualRect
0x4d959c UpdateWindow
0x4d95a0 ValidateRect
0x4d95a4 InvalidateRect
0x4d95a8 GetClientRect
0x4d95ac GetFocus
0x4d95b0 GetParent
0x4d95b4 GetTopWindow
0x4d95b8 PostMessageA
0x4d95bc IsWindow
0x4d95c0 SetParent
0x4d95c4 DestroyCursor
0x4d95c8 SendMessageA
0x4d95cc SetWindowPos
0x4d95d0 MessageBoxA
0x4d95d4 GetCursorPos
0x4d95d8 GetSystemMetrics
0x4d95dc EmptyClipboard
0x4d95e0 SetClipboardData
0x4d95e4 OpenClipboard
0x4d95e8 GetClipboardData
0x4d95ec CloseClipboard
0x4d95f0 wsprintfA
0x4d95f4 WaitForInputIdle
0x4d95f8 LoadIconA
0x4d95fc TranslateMessage
0x4d9600 GetForegroundWindow
0x4d9604 GetDesktopWindow
0x4d9608 GetClassNameA
0x4d960c GetDlgItem
0x4d9610 GetWindowTextA
0x4d9614 CharUpperA
0x4d9618 CallWindowProcA
0x4d961c CreateWindowExA
0x4d9620 RegisterHotKey
0x4d9624 UnregisterHotKey
0x4d962c IsWindowEnabled
0x4d9630 ShowWindow
0x4d9634 GetWindowLongA
0x4d9644 GetWindowDC
0x4d9648 BeginPaint
0x4d964c EndPaint
0x4d9650 TabbedTextOutA
0x4d9654 DrawTextA
0x4d9658 GrayStringA
0x4d965c DestroyWindow
0x4d9664 EndDialog
0x4d9668 GetNextDlgTabItem
0x4d966c GetWindowPlacement
0x4d9674 GetLastActivePopup
0x4d9678 GetMessageTime
0x4d967c RemovePropA
0x4d9680 GetPropA
0x4d9684 UnhookWindowsHookEx
0x4d9688 SetPropA
0x4d968c GetClassLongA
0x4d9690 CallNextHookEx
0x4d9694 SetWindowsHookExA
0x4d9698 GetMenuItemID
0x4d969c GetMenuItemCount
0x4d96a0 RegisterClassA
0x4d96a4 GetScrollPos
0x4d96a8 AdjustWindowRectEx
0x4d96ac MapWindowPoints
0x4d96b0 SendDlgItemMessageA
0x4d96b4 ScrollWindowEx
0x4d96b8 IsDialogMessageA
0x4d96bc SetWindowTextA
0x4d96c0 MoveWindow
0x4d96c4 CheckMenuItem
0x4d96c8 SetMenuItemBitmaps
0x4d96cc GetMenuState
库: GDI32.dll:
0x4d9050 ExtSelectClipRgn
0x4d9054 LineTo
0x4d9058 CreateCompatibleDC
0x4d905c Ellipse
0x4d9060 Rectangle
0x4d9064 LPtoDP
0x4d9068 DPtoLP
0x4d906c GetCurrentObject
0x4d9070 RoundRect
0x4d9078 GetDeviceCaps
0x4d907c StretchBlt
0x4d9080 CreatePalette
0x4d9088 CreateDIBitmap
0x4d908c DeleteObject
0x4d9090 SelectClipRgn
0x4d9094 GetClipRgn
0x4d9098 SetStretchBltMode
0x4d90a0 SetBkColor
0x4d90a4 CreateFontA
0x4d90ac MoveToEx
0x4d90b0 ExcludeClipRect
0x4d90b4 GetClipBox
0x4d90b8 ScaleWindowExtEx
0x4d90bc SetWindowExtEx
0x4d90c0 SetWindowOrgEx
0x4d90c4 ScaleViewportExtEx
0x4d90c8 SetViewportExtEx
0x4d90cc OffsetViewportOrgEx
0x4d90d0 GetViewportExtEx
0x4d90d4 PtVisible
0x4d90d8 RectVisible
0x4d90dc TextOutA
0x4d90e0 ExtTextOutA
0x4d90e4 Escape
0x4d90e8 GetTextMetricsA
0x4d90ec BitBlt
0x4d90f0 StartPage
0x4d90f4 StartDocA
0x4d90f8 DeleteDC
0x4d90fc EndDoc
0x4d9100 EndPage
0x4d9104 GetObjectA
0x4d9108 GetStockObject
0x4d910c CreateFontIndirectA
0x4d9110 CreateSolidBrush
0x4d9114 FillRgn
0x4d9118 CreateRectRgn
0x4d911c CombineRgn
0x4d9120 PatBlt
0x4d9124 CreatePen
0x4d9128 SetViewportOrgEx
0x4d912c SetMapMode
0x4d9130 SetTextColor
0x4d9134 SetROP2
0x4d9138 SetPolyFillMode
0x4d913c SetBkMode
0x4d9140 RestoreDC
0x4d9144 SaveDC
0x4d9148 SelectObject
0x4d914c CreateBitmap
0x4d9150 CreateDCA
0x4d9158 GetPolyFillMode
0x4d915c GetStretchBltMode
0x4d9160 GetROP2
0x4d9164 GetBkColor
0x4d9168 SelectPalette
0x4d916c GetTextColor
0x4d9170 CreateRoundRectRgn
0x4d9174 CreateEllipticRgn
0x4d9178 PathToRegion
0x4d917c EndPath
0x4d9180 BeginPath
0x4d9184 GetWindowOrgEx
0x4d9188 GetViewportOrgEx
0x4d918c GetWindowExtEx
0x4d9190 GetDIBits
0x4d9194 CreatePolygonRgn
0x4d9198 GetBkMode
0x4d919c RealizePalette
库: WINSPOOL.DRV:
0x4d9724 OpenPrinterA
0x4d9728 DocumentPropertiesA
0x4d972c ClosePrinter
库: ADVAPI32.dll:
0x4d9000 RegQueryValueExA
0x4d9004 RegOpenKeyExA
0x4d9008 RegSetValueExA
0x4d900c RegCreateKeyA
0x4d9010 RegQueryValueA
0x4d9014 RegCreateKeyExA
0x4d9018 RegOpenKeyA
0x4d901c RegCloseKey
库: SHELL32.dll:
0x4d9448 Shell_NotifyIconA
0x4d944c DragQueryFileA
0x4d9450 DragFinish
0x4d9454 DragAcceptFiles
0x4d9458 ShellExecuteA
库: ole32.dll:
0x4d9774 CLSIDFromProgID
0x4d9778 OleRun
0x4d977c CoCreateInstance
0x4d9780 CLSIDFromString
0x4d9784 OleUninitialize
0x4d9788 OleInitialize
库: OLEAUT32.dll:
0x4d93f8 LoadTypeLib
0x4d93fc UnRegisterTypeLib
0x4d9400 LHashValOfNameSys
0x4d9404 RegisterTypeLib
0x4d9408 SafeArrayPutElement
0x4d940c SafeArrayCreate
0x4d9410 SafeArrayDestroy
0x4d9414 SysAllocString
0x4d9418 VariantInit
0x4d941c VariantCopyInd
0x4d9420 SafeArrayGetElement
0x4d9424 SafeArrayAccessData
0x4d942c SafeArrayGetDim
0x4d9430 SafeArrayGetLBound
0x4d9434 SafeArrayGetUBound
0x4d9438 VariantChangeType
0x4d943c VariantClear
0x4d9440 VariantCopy
库: COMCTL32.dll:
0x4d9024 ImageList_Add
0x4d9028 ImageList_BeginDrag
0x4d902c ImageList_Create
0x4d9030 ImageList_Destroy
0x4d9034 ImageList_DragEnter
0x4d9038 ImageList_DragLeave
0x4d903c ImageList_DragMove
0x4d9044 ImageList_EndDrag
0x4d9048 None
库: comdlg32.dll:
0x4d9760 ChooseColorA
0x4d9764 GetFileTitleA
0x4d9768 GetSaveFileNameA
0x4d976c GetOpenFileNameA

.text
`.rdata
@.data
.rsrc
VMProtect begin
VMProtect end
PhD"f
PhD"f
VMProtect begin
VMProtect end
没有防病毒引擎扫描信息!

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 9.777 seconds )

  • 6.458 Static
  • 2.298 VirusTotal
  • 0.669 TargetInfo
  • 0.31 peid
  • 0.015 AnalysisInfo
  • 0.014 Strings
  • 0.006 config_decoder
  • 0.004 Memory
  • 0.003 BehaviorAnalysis

Signatures ( 0.077 seconds )

  • 0.011 antiav_detectreg
  • 0.009 md_url_bl
  • 0.008 md_domain_bl
  • 0.005 anomaly_persistence_autorun
  • 0.005 infostealer_ftp
  • 0.004 antiav_detectfile
  • 0.004 ransomware_files
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_im
  • 0.003 ransomware_extensions
  • 0.002 tinba_behavior
  • 0.002 antianalysis_detectreg
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.001 rat_nanocore
  • 0.001 betabot_behavior
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 cerber_behavior
  • 0.001 geodo_banking_trojan
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop

Reporting ( 0.493 seconds )

  • 0.47 ReportHTMLSummary
  • 0.023 Malheur
Task ID 615245
Mongo ID 600ad26cdc327b57aae208fa
Cuckoo release 1.4-Maldun