分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2021-02-17 22:44:35 2021-02-17 22:44:36 1 秒

魔盾分数

1.4

正常的

文件详细信息

文件名 奉天方块自瞄V2.17.exe
文件大小 2887680 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 6c5fc9509e40fc0227f7ffec1ac01fc4
SHA1 4b0a5dbfdd77a4f8c9be6a86a7b5040cb7df9fe7
SHA256 ca4e0b099d356f3765c0d04978dee75342863003fc2f0204cbe7b567d20e8b0f
SHA512 c95999927ad7c6a02e801a8a13753c3340f8b019a3acefa85bd409120a7543686be96c07105b609f69e3dea7786b522da032664f4d39056666188dc19cb8fe3e
CRC32 096BE2A2
Ssdeep 49152:L4CL7YbpyFmNsOPVj0QKMBZS3dxjhAWTAj/FiLquGC5y7H:Nm66VjtKMB4ZhAWUrUL3e
Yara 登录查看Yara规则
样本下载 提交漏报

登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004acd4a
声明校验值 0x00000000
实际校验值 0x002c19bf
最低操作系统版本要求 4.0
编译时间 2021-02-17 22:42:19
载入哈希 4873c36efc4fc1bf9ce7b7a55e498bf0

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000cc252 0x000cd000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.62
.rdata 0x000ce000 0x001c4f3a 0x001c5000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.77
.data 0x00293000 0x0006978a 0x00021000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.02
.rsrc 0x002fd000 0x0000c8e0 0x0000d000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.38

导入

库: WINMM.dll:
0x4ce6c8 midiStreamOut
0x4ce6d8 waveOutWrite
0x4ce6dc waveOutPause
0x4ce6e0 waveOutReset
0x4ce6e4 waveOutClose
0x4ce6e8 waveOutGetNumDevs
0x4ce6ec midiStreamStop
0x4ce6f0 midiOutReset
0x4ce6f4 midiStreamClose
0x4ce6f8 midiStreamRestart
0x4ce6fc waveOutOpen
0x4ce704 midiStreamOpen
0x4ce708 midiStreamProperty
0x4ce70c waveOutRestart
库: WS2_32.dll:
0x4ce724 WSACleanup
0x4ce728 inet_ntoa
0x4ce72c closesocket
0x4ce730 getpeername
0x4ce734 accept
0x4ce738 ntohl
0x4ce73c WSAAsyncSelect
0x4ce740 recvfrom
0x4ce744 ioctlsocket
0x4ce748 recv
库: KERNEL32.dll:
0x4ce1a0 GetVersion
0x4ce1a4 CreateMutexA
0x4ce1a8 ReleaseMutex
0x4ce1ac SuspendThread
0x4ce1b8 GetSystemInfo
0x4ce1c0 lstrcmpiA
0x4ce1cc GetACP
0x4ce1d0 HeapSize
0x4ce1d4 RaiseException
0x4ce1d8 GetLocalTime
0x4ce1dc GetSystemTime
0x4ce1e0 RtlUnwind
0x4ce1e4 GetStartupInfoA
0x4ce1e8 GetOEMCP
0x4ce1ec GetCPInfo
0x4ce1f0 GetProcessVersion
0x4ce1f4 SetErrorMode
0x4ce1f8 GlobalFlags
0x4ce1fc GetCurrentThread
0x4ce200 GetFileTime
0x4ce204 TlsGetValue
0x4ce208 LocalReAlloc
0x4ce20c TlsSetValue
0x4ce210 TlsFree
0x4ce214 GlobalHandle
0x4ce218 TlsAlloc
0x4ce21c LocalAlloc
0x4ce220 lstrcmpA
0x4ce224 GlobalGetAtomNameA
0x4ce228 GlobalAddAtomA
0x4ce22c GlobalFindAtomA
0x4ce230 GlobalDeleteAtom
0x4ce234 SetEndOfFile
0x4ce238 UnlockFile
0x4ce23c LockFile
0x4ce240 FlushFileBuffers
0x4ce244 DuplicateHandle
0x4ce248 lstrcpynA
0x4ce254 LocalFree
0x4ce25c SetLastError
0x4ce260 TerminateProcess
0x4ce264 GetFileSize
0x4ce268 SetFilePointer
0x4ce26c WideCharToMultiByte
0x4ce270 MultiByteToWideChar
0x4ce274 GetCurrentProcess
0x4ce27c GetSystemDirectoryA
0x4ce280 TerminateThread
0x4ce284 CreateSemaphoreA
0x4ce288 ResumeThread
0x4ce28c ReleaseSemaphore
0x4ce298 GetProfileStringA
0x4ce29c WriteFile
0x4ce2a0 ReadFile
0x4ce2a8 CreateFileA
0x4ce2ac SetEvent
0x4ce2b0 FindResourceA
0x4ce2b4 LoadResource
0x4ce2b8 LockResource
0x4ce2bc lstrlenW
0x4ce2c0 GetModuleFileNameA
0x4ce2c4 GetCurrentThreadId
0x4ce2c8 ExitProcess
0x4ce2cc GlobalSize
0x4ce2d0 GlobalFree
0x4ce2dc InterlockedExchange
0x4ce2e0 lstrcatA
0x4ce2e4 lstrlenA
0x4ce2e8 WinExec
0x4ce2ec lstrcpyA
0x4ce2f0 FindNextFileA
0x4ce2f4 GlobalReAlloc
0x4ce2f8 HeapFree
0x4ce2fc HeapReAlloc
0x4ce300 GetProcessHeap
0x4ce304 HeapAlloc
0x4ce308 GetUserDefaultLCID
0x4ce30c GetFullPathNameA
0x4ce310 FreeLibrary
0x4ce314 LoadLibraryA
0x4ce318 GetLastError
0x4ce31c GetVersionExA
0x4ce324 CreateThread
0x4ce328 CreateEventA
0x4ce32c Sleep
0x4ce334 GlobalAlloc
0x4ce338 GlobalLock
0x4ce33c GlobalUnlock
0x4ce340 GetTempPathA
0x4ce344 FindFirstFileA
0x4ce348 FindClose
0x4ce34c SetFileAttributesA
0x4ce350 GetFileAttributesA
0x4ce354 MoveFileA
0x4ce358 DeleteFileA
0x4ce364 GetModuleHandleA
0x4ce368 GetProcAddress
0x4ce36c MulDiv
0x4ce370 GetCommandLineA
0x4ce374 GetTickCount
0x4ce378 CreateProcessA
0x4ce37c WaitForSingleObject
0x4ce380 CloseHandle
0x4ce390 SetHandleCount
0x4ce394 GetStdHandle
0x4ce398 GetFileType
0x4ce3a0 HeapDestroy
0x4ce3a4 HeapCreate
0x4ce3a8 VirtualFree
0x4ce3b0 LCMapStringA
0x4ce3b4 LCMapStringW
0x4ce3b8 VirtualAlloc
0x4ce3bc IsBadWritePtr
0x4ce3c4 GetStringTypeA
0x4ce3c8 GetStringTypeW
0x4ce3cc CompareStringA
0x4ce3d0 CompareStringW
0x4ce3d4 IsBadReadPtr
0x4ce3d8 IsBadCodePtr
0x4ce3dc SetStdHandle
库: USER32.dll:
0x4ce450 DefWindowProcA
0x4ce454 GetClassInfoA
0x4ce458 IsZoomed
0x4ce45c GetSystemMenu
0x4ce460 DeleteMenu
0x4ce464 GetMenu
0x4ce468 SetMenu
0x4ce46c PeekMessageA
0x4ce470 IsIconic
0x4ce474 SetFocus
0x4ce478 GetActiveWindow
0x4ce47c PostQuitMessage
0x4ce484 GetKeyState
0x4ce48c IsWindowEnabled
0x4ce490 ShowWindow
0x4ce498 LoadImageA
0x4ce4a0 ClientToScreen
0x4ce4a4 EnableMenuItem
0x4ce4a8 GetSubMenu
0x4ce4ac GetDlgCtrlID
0x4ce4b4 CreateMenu
0x4ce4b8 ModifyMenuA
0x4ce4bc AppendMenuA
0x4ce4c0 CreatePopupMenu
0x4ce4c4 DrawIconEx
0x4ce4d4 GetWindow
0x4ce4dc SetWindowRgn
0x4ce4e0 SetRectEmpty
0x4ce4e4 ScreenToClient
0x4ce4ec CopyRect
0x4ce4f0 LoadBitmapA
0x4ce4f4 WinHelpA
0x4ce4f8 KillTimer
0x4ce4fc SetTimer
0x4ce500 ReleaseCapture
0x4ce504 GetCapture
0x4ce508 SetCapture
0x4ce50c GetScrollRange
0x4ce510 SetScrollRange
0x4ce514 SetScrollPos
0x4ce518 SetRect
0x4ce51c InflateRect
0x4ce520 IntersectRect
0x4ce524 DestroyIcon
0x4ce528 PtInRect
0x4ce52c OffsetRect
0x4ce530 IsWindowVisible
0x4ce534 GetSysColorBrush
0x4ce538 LoadStringA
0x4ce53c EnableWindow
0x4ce540 RedrawWindow
0x4ce544 GetWindowLongA
0x4ce548 SetWindowLongA
0x4ce54c GetSysColor
0x4ce550 SetActiveWindow
0x4ce554 SetCursorPos
0x4ce558 LoadCursorA
0x4ce55c SetCursor
0x4ce560 GetDC
0x4ce564 FillRect
0x4ce568 IsRectEmpty
0x4ce56c ReleaseDC
0x4ce570 IsChild
0x4ce574 DestroyMenu
0x4ce578 SetForegroundWindow
0x4ce57c GetWindowRect
0x4ce580 EqualRect
0x4ce584 UpdateWindow
0x4ce588 ValidateRect
0x4ce58c InvalidateRect
0x4ce590 GetClientRect
0x4ce594 GetFocus
0x4ce598 GetParent
0x4ce59c GetTopWindow
0x4ce5a0 PostMessageA
0x4ce5a4 IsWindow
0x4ce5a8 SetParent
0x4ce5ac DestroyCursor
0x4ce5b0 SendMessageA
0x4ce5b4 SetWindowPos
0x4ce5b8 MessageBoxA
0x4ce5bc GetCursorPos
0x4ce5c0 GetSystemMetrics
0x4ce5c4 EmptyClipboard
0x4ce5c8 SetClipboardData
0x4ce5cc OpenClipboard
0x4ce5d0 GetClipboardData
0x4ce5d4 CloseClipboard
0x4ce5d8 wsprintfA
0x4ce5dc WaitForInputIdle
0x4ce5e0 GetMessageA
0x4ce5e4 WindowFromPoint
0x4ce5e8 DrawFocusRect
0x4ce5ec DrawEdge
0x4ce5f0 DrawFrameControl
0x4ce5f4 LoadIconA
0x4ce5f8 TranslateMessage
0x4ce5fc GetForegroundWindow
0x4ce600 GetDesktopWindow
0x4ce604 GetClassNameA
0x4ce608 GetDlgItem
0x4ce60c GetWindowTextA
0x4ce610 CallWindowProcA
0x4ce614 CreateWindowExA
0x4ce618 RegisterHotKey
0x4ce61c UnregisterHotKey
0x4ce620 GetMessagePos
0x4ce624 UnregisterClassA
0x4ce628 DispatchMessageA
0x4ce630 CharUpperA
0x4ce634 GetWindowDC
0x4ce638 BeginPaint
0x4ce63c EndPaint
0x4ce640 TabbedTextOutA
0x4ce644 DrawTextA
0x4ce648 GrayStringA
0x4ce64c DestroyWindow
0x4ce654 EndDialog
0x4ce658 GetNextDlgTabItem
0x4ce65c GetWindowPlacement
0x4ce664 GetLastActivePopup
0x4ce668 GetMessageTime
0x4ce66c RemovePropA
0x4ce670 GetPropA
0x4ce674 UnhookWindowsHookEx
0x4ce678 SetPropA
0x4ce67c GetClassLongA
0x4ce680 CallNextHookEx
0x4ce684 SetWindowsHookExA
0x4ce688 GetMenuItemID
0x4ce68c GetMenuItemCount
0x4ce690 RegisterClassA
0x4ce694 GetScrollPos
0x4ce698 AdjustWindowRectEx
0x4ce69c MapWindowPoints
0x4ce6a0 SendDlgItemMessageA
0x4ce6a4 ScrollWindowEx
0x4ce6a8 IsDialogMessageA
0x4ce6ac SetWindowTextA
0x4ce6b0 MoveWindow
0x4ce6b4 CheckMenuItem
0x4ce6b8 SetMenuItemBitmaps
0x4ce6bc GetMenuState
库: GDI32.dll:
0x4ce04c ExtSelectClipRgn
0x4ce050 LineTo
0x4ce054 FillRgn
0x4ce058 CreateSolidBrush
0x4ce05c CreateFontIndirectA
0x4ce060 GetStockObject
0x4ce064 GetObjectA
0x4ce068 EndPage
0x4ce06c EndDoc
0x4ce070 DeleteDC
0x4ce074 StartDocA
0x4ce078 StartPage
0x4ce07c BitBlt
0x4ce080 CreateCompatibleDC
0x4ce084 Ellipse
0x4ce088 Rectangle
0x4ce08c LPtoDP
0x4ce090 DPtoLP
0x4ce094 GetCurrentObject
0x4ce098 RoundRect
0x4ce0a0 GetDeviceCaps
0x4ce0a8 SetBkColor
0x4ce0ac CreateFontA
0x4ce0b4 MoveToEx
0x4ce0b8 ExcludeClipRect
0x4ce0bc GetClipBox
0x4ce0c0 ScaleWindowExtEx
0x4ce0c4 SetWindowExtEx
0x4ce0c8 SetWindowOrgEx
0x4ce0cc ScaleViewportExtEx
0x4ce0d0 SetViewportExtEx
0x4ce0d4 OffsetViewportOrgEx
0x4ce0d8 GetViewportExtEx
0x4ce0dc PtVisible
0x4ce0e0 RectVisible
0x4ce0e4 TextOutA
0x4ce0e8 ExtTextOutA
0x4ce0ec Escape
0x4ce0f0 GetTextMetricsA
0x4ce0f4 CreateRectRgn
0x4ce0f8 CombineRgn
0x4ce0fc PatBlt
0x4ce100 CreatePen
0x4ce104 SelectObject
0x4ce108 CreateBitmap
0x4ce10c CreateDCA
0x4ce114 GetPolyFillMode
0x4ce118 GetStretchBltMode
0x4ce11c GetROP2
0x4ce120 GetBkColor
0x4ce124 SetViewportOrgEx
0x4ce128 SetMapMode
0x4ce12c SetTextColor
0x4ce130 SetROP2
0x4ce134 SetPolyFillMode
0x4ce138 SetBkMode
0x4ce13c RestoreDC
0x4ce140 SaveDC
0x4ce144 GetBkMode
0x4ce148 GetTextColor
0x4ce14c CreateRoundRectRgn
0x4ce150 CreateEllipticRgn
0x4ce154 PathToRegion
0x4ce158 EndPath
0x4ce15c BeginPath
0x4ce160 GetWindowOrgEx
0x4ce164 GetViewportOrgEx
0x4ce168 GetWindowExtEx
0x4ce16c GetDIBits
0x4ce170 RealizePalette
0x4ce174 SelectPalette
0x4ce178 CreatePalette
0x4ce180 CreateDIBitmap
0x4ce184 DeleteObject
0x4ce188 SelectClipRgn
0x4ce18c CreatePolygonRgn
0x4ce190 GetClipRgn
0x4ce194 SetStretchBltMode
0x4ce198 StretchBlt
库: WINSPOOL.DRV:
0x4ce714 OpenPrinterA
0x4ce718 DocumentPropertiesA
0x4ce71c ClosePrinter
库: ADVAPI32.dll:
0x4ce000 RegQueryValueExA
0x4ce004 RegOpenKeyExA
0x4ce008 RegSetValueExA
0x4ce00c RegQueryValueA
0x4ce010 RegCreateKeyExA
0x4ce014 RegOpenKeyA
0x4ce018 RegCloseKey
库: SHELL32.dll:
0x4ce434 DragAcceptFiles
0x4ce438 DragQueryFileA
0x4ce43c DragFinish
0x4ce440 ShellExecuteA
0x4ce444 Shell_NotifyIconA
库: ole32.dll:
0x4ce764 CLSIDFromProgID
0x4ce768 OleRun
0x4ce76c CoCreateInstance
0x4ce770 CLSIDFromString
0x4ce774 OleUninitialize
0x4ce778 OleInitialize
库: OLEAUT32.dll:
0x4ce3e4 VariantChangeType
0x4ce3e8 VariantClear
0x4ce3ec SafeArrayGetUBound
0x4ce3f0 SafeArrayGetLBound
0x4ce3f4 UnRegisterTypeLib
0x4ce3f8 SafeArrayGetDim
0x4ce3fc LoadTypeLib
0x4ce400 LHashValOfNameSys
0x4ce404 RegisterTypeLib
0x4ce408 SafeArrayPutElement
0x4ce40c SafeArrayCreate
0x4ce410 SafeArrayDestroy
0x4ce414 SysAllocString
0x4ce418 VariantInit
0x4ce41c VariantCopyInd
0x4ce420 SafeArrayGetElement
0x4ce424 SafeArrayAccessData
0x4ce42c VariantCopy
库: COMCTL32.dll:
0x4ce020 ImageList_Add
0x4ce024 ImageList_BeginDrag
0x4ce028 ImageList_Create
0x4ce02c ImageList_Destroy
0x4ce030 ImageList_DragEnter
0x4ce034 ImageList_DragLeave
0x4ce038 ImageList_DragMove
0x4ce040 ImageList_EndDrag
0x4ce044 None
库: comdlg32.dll:
0x4ce750 ChooseColorA
0x4ce754 GetFileTitleA
0x4ce758 GetSaveFileNameA
0x4ce75c GetOpenFileNameA

.text
`.rdata
@.data
.rsrc
VMProtect begin
VMProtect end
Lh "M
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
D$$h=g
Rh,2i
D$(h=g
D$(h=g
D$<h=g
D$Ph=g
没有防病毒引擎扫描信息!

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 9.312 seconds )

  • 6.563 Static
  • 1.617 VirusTotal
  • 0.749 TargetInfo
  • 0.336 peid
  • 0.024 AnalysisInfo
  • 0.013 Strings
  • 0.006 config_decoder
  • 0.002 BehaviorAnalysis
  • 0.002 Memory

Signatures ( 0.079 seconds )

  • 0.012 antiav_detectreg
  • 0.009 md_domain_bl
  • 0.009 md_url_bl
  • 0.005 anomaly_persistence_autorun
  • 0.005 antiav_detectfile
  • 0.005 infostealer_ftp
  • 0.004 ransomware_files
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_im
  • 0.003 ransomware_extensions
  • 0.002 tinba_behavior
  • 0.002 antianalysis_detectreg
  • 0.002 antivm_vbox_files
  • 0.002 geodo_banking_trojan
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.001 rat_nanocore
  • 0.001 cerber_behavior
  • 0.001 antivm_parallels_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop

Reporting ( 0.525 seconds )

  • 0.462 ReportHTMLSummary
  • 0.063 Malheur
Task ID 619302
Mongo ID 602d2be3dc327b2031af6df4
Cuckoo release 1.4-Maldun