比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2021-02-23 22:32:57 2021-02-23 22:32:58 1 秒

魔盾分数

1.75

正常的

文件详细信息

文件名 查Q绑.exe
文件大小 1994752 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 a0df9fc5e1e34e609adf101960629f18
SHA1 37f7c9395eeadc4e23fdb72297bb97b911e055c8
SHA256 61cf527308ee7e4268e9abe9a8e0c1dbcdddf8804f489fd954d8d3c0db25963a
SHA512 ce6e083f731bfd99cfd14ccb06f9933f7a500ccb5c015b412900909ec4db1cdc3ac66b69348534df4c7eee7f177d89b6dc6ad12fe1f25fb5d90cff62530d3fa7
CRC32 DB61750F
Ssdeep 49152:m33jIsZ7xrN9lnhc9UzolG4INrOXsHHrOXst:4W9UzolG4IGIUs
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0049154d
声明校验值 0x00000000
实际校验值 0x001f4d80
最低操作系统版本要求 4.0
编译时间 2021-02-23 22:31:51
载入哈希 495ff0d371a08a984b16e46a4bebd0e7

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000b0a92 0x000b1000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.56
.rdata 0x000b2000 0x00098a80 0x00099000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.71
.data 0x0014b000 0x00046da8 0x00018000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.97
.rsrc 0x00192000 0x00083c0c 0x00084000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.96

导入

库: KERNEL32.dll:
0x4b2180 SuspendThread
0x4b2184 ReleaseMutex
0x4b2188 CreateMutexA
0x4b218c TerminateThread
0x4b2190 SetFileTime
0x4b2198 GetLocalTime
0x4b21a0 GetCurrentProcess
0x4b21a4 DuplicateHandle
0x4b21a8 GetFileType
0x4b21ac GlobalLock
0x4b21b0 SetStdHandle
0x4b21b4 CompareStringW
0x4b21b8 CompareStringA
0x4b21bc IsBadCodePtr
0x4b21c0 IsBadReadPtr
0x4b21c4 GetStringTypeW
0x4b21c8 GetStringTypeA
0x4b21d0 IsBadWritePtr
0x4b21d4 VirtualAlloc
0x4b21d8 LCMapStringW
0x4b21dc LCMapStringA
0x4b21e4 VirtualFree
0x4b21e8 HeapCreate
0x4b21ec HeapDestroy
0x4b21f4 GetStdHandle
0x4b21f8 SetHandleCount
0x4b2210 GetACP
0x4b2214 HeapSize
0x4b2218 TerminateProcess
0x4b221c RaiseException
0x4b2220 GetSystemTime
0x4b2228 RtlUnwind
0x4b222c GetStartupInfoA
0x4b2230 GetOEMCP
0x4b2234 GetCPInfo
0x4b2238 GetProcessVersion
0x4b223c SetErrorMode
0x4b2240 GlobalFlags
0x4b2244 GetCurrentThread
0x4b2248 GetFileTime
0x4b224c GetVersion
0x4b2250 GlobalGetAtomNameA
0x4b2254 GlobalAddAtomA
0x4b2258 GlobalFindAtomA
0x4b225c GlobalDeleteAtom
0x4b2260 GetFileSize
0x4b2264 SetFilePointer
0x4b2270 lstrcpynA
0x4b2274 lstrcmpiA
0x4b2278 lstrcmpA
0x4b227c IsDBCSLeadByte
0x4b2280 CreateSemaphoreA
0x4b2284 ResumeThread
0x4b2288 ReleaseSemaphore
0x4b2294 GetProfileStringA
0x4b2298 WriteFile
0x4b229c ReadFile
0x4b22a4 CreateFileA
0x4b22a8 SetEvent
0x4b22ac FindResourceA
0x4b22b0 LoadResource
0x4b22b4 LockResource
0x4b22b8 lstrlenW
0x4b22bc GetModuleFileNameA
0x4b22c0 GetCurrentThreadId
0x4b22c4 ExitProcess
0x4b22c8 GlobalSize
0x4b22cc GlobalFree
0x4b22d8 lstrcatA
0x4b22dc lstrlenA
0x4b22e0 WinExec
0x4b22e4 lstrcpyA
0x4b22e8 FindNextFileA
0x4b22ec GlobalReAlloc
0x4b22f0 HeapFree
0x4b22f4 HeapReAlloc
0x4b22f8 GetProcessHeap
0x4b22fc HeapAlloc
0x4b2300 GetFullPathNameA
0x4b2304 FreeLibrary
0x4b2308 LoadLibraryA
0x4b230c GetLastError
0x4b2310 GetVersionExA
0x4b2318 CreateThread
0x4b231c CreateEventA
0x4b2320 GlobalAlloc
0x4b2324 SetEndOfFile
0x4b2328 UnlockFile
0x4b232c LockFile
0x4b2330 FlushFileBuffers
0x4b2334 SetLastError
0x4b2338 WideCharToMultiByte
0x4b2344 MultiByteToWideChar
0x4b2348 TlsGetValue
0x4b234c LocalReAlloc
0x4b2350 TlsSetValue
0x4b2354 TlsFree
0x4b2358 GlobalHandle
0x4b235c TlsAlloc
0x4b2360 LocalFree
0x4b2364 LocalAlloc
0x4b2368 GlobalUnlock
0x4b236c FindFirstFileA
0x4b2370 FindClose
0x4b2374 SetFileAttributesA
0x4b2378 GetFileAttributesA
0x4b237c DeleteFileA
0x4b2380 CreateDirectoryA
0x4b2390 GetUserDefaultLCID
0x4b2394 GetModuleHandleA
0x4b2398 GetProcAddress
0x4b239c MulDiv
0x4b23a0 GetCommandLineA
0x4b23a4 GetTickCount
0x4b23a8 CreateProcessA
0x4b23ac WaitForSingleObject
0x4b23b0 CloseHandle
0x4b23b4 Sleep
库: USER32.dll:
0x4b2418 GetClipboardData
0x4b241c wsprintfA
0x4b2420 WaitForInputIdle
0x4b2424 SendMessageA
0x4b2428 CloseClipboard
0x4b242c OpenClipboard
0x4b2430 GetWindowPlacement
0x4b2434 SetClipboardData
0x4b2438 EmptyClipboard
0x4b243c GetSystemMetrics
0x4b2440 GetCursorPos
0x4b2444 MessageBoxA
0x4b2448 SetWindowPos
0x4b244c DestroyCursor
0x4b2450 SetParent
0x4b2454 IsWindow
0x4b2458 PostMessageA
0x4b245c GetTopWindow
0x4b2460 GetParent
0x4b2464 GetFocus
0x4b2468 GetClientRect
0x4b246c InvalidateRect
0x4b2470 ValidateRect
0x4b2474 UpdateWindow
0x4b2478 EqualRect
0x4b247c GetWindowRect
0x4b2480 SetForegroundWindow
0x4b2484 DestroyMenu
0x4b2488 IsChild
0x4b248c ReleaseDC
0x4b2490 IsRectEmpty
0x4b2494 FillRect
0x4b2498 GetDC
0x4b249c SetCursor
0x4b24a0 LoadCursorA
0x4b24a4 CharUpperA
0x4b24a8 TranslateMessage
0x4b24ac LoadIconA
0x4b24b0 DrawFrameControl
0x4b24b4 DrawEdge
0x4b24b8 DrawFocusRect
0x4b24bc WindowFromPoint
0x4b24c0 GetMessageA
0x4b24c4 DispatchMessageA
0x4b24c8 SetRectEmpty
0x4b24d8 DrawIconEx
0x4b24dc CreatePopupMenu
0x4b24e0 AppendMenuA
0x4b24e4 ModifyMenuA
0x4b24e8 CreateMenu
0x4b24f0 GetDlgCtrlID
0x4b24f4 GetSubMenu
0x4b24f8 EnableMenuItem
0x4b24fc ClientToScreen
0x4b2504 LoadImageA
0x4b250c ShowWindow
0x4b2510 IsWindowEnabled
0x4b2518 GetKeyState
0x4b2520 PostQuitMessage
0x4b2524 IsZoomed
0x4b2528 GetClassInfoA
0x4b252c DefWindowProcA
0x4b2530 GetSystemMenu
0x4b2534 DeleteMenu
0x4b2538 GetMenu
0x4b253c SetMenu
0x4b2540 PeekMessageA
0x4b2544 IsIconic
0x4b2548 SetFocus
0x4b254c GetActiveWindow
0x4b2550 GetWindow
0x4b2558 SetWindowRgn
0x4b255c GetMessagePos
0x4b2560 ScreenToClient
0x4b2568 CopyRect
0x4b256c LoadBitmapA
0x4b2570 WinHelpA
0x4b2574 KillTimer
0x4b2578 SetTimer
0x4b257c GetWindowTextA
0x4b2584 GetWindowDC
0x4b2588 BeginPaint
0x4b258c EndPaint
0x4b2590 TabbedTextOutA
0x4b2594 DrawTextA
0x4b2598 GrayStringA
0x4b259c GetDlgItem
0x4b25a0 DestroyWindow
0x4b25a8 EndDialog
0x4b25ac GetNextDlgTabItem
0x4b25b0 UnregisterClassA
0x4b25b8 GetForegroundWindow
0x4b25bc GetLastActivePopup
0x4b25c0 GetMessageTime
0x4b25c4 RemovePropA
0x4b25c8 CallWindowProcA
0x4b25cc GetPropA
0x4b25d0 UnhookWindowsHookEx
0x4b25d4 SetPropA
0x4b25d8 GetClassLongA
0x4b25dc CallNextHookEx
0x4b25e0 SetWindowsHookExA
0x4b25e4 CreateWindowExA
0x4b25e8 GetMenuItemID
0x4b25ec GetMenuItemCount
0x4b25f0 RegisterClassA
0x4b25f4 GetScrollPos
0x4b25f8 AdjustWindowRectEx
0x4b25fc MapWindowPoints
0x4b2600 SendDlgItemMessageA
0x4b2604 ScrollWindowEx
0x4b2608 IsDialogMessageA
0x4b260c SetWindowTextA
0x4b2610 MoveWindow
0x4b2614 CheckMenuItem
0x4b2618 SetMenuItemBitmaps
0x4b261c GetMenuState
0x4b2624 GetClassNameA
0x4b2628 GetDesktopWindow
0x4b262c LoadStringA
0x4b2630 GetSysColorBrush
0x4b2634 ReleaseCapture
0x4b2638 GetCapture
0x4b263c SetCapture
0x4b2640 GetScrollRange
0x4b2644 SetScrollRange
0x4b2648 SetScrollPos
0x4b264c SetRect
0x4b2650 InflateRect
0x4b2654 IntersectRect
0x4b2658 DestroyIcon
0x4b265c PtInRect
0x4b2660 OffsetRect
0x4b2664 IsWindowVisible
0x4b2668 EnableWindow
0x4b266c RedrawWindow
0x4b2670 GetWindowLongA
0x4b2674 SetWindowLongA
0x4b2678 GetSysColor
0x4b267c SetActiveWindow
0x4b2680 SetCursorPos
库: GDI32.dll:
0x4b2034 SaveDC
0x4b2038 SetBkColor
0x4b2040 SetStretchBltMode
0x4b2044 GetClipRgn
0x4b2048 CreatePolygonRgn
0x4b204c SelectClipRgn
0x4b2050 DeleteObject
0x4b2054 CreateDIBitmap
0x4b205c CreatePalette
0x4b2060 StretchBlt
0x4b2064 SelectPalette
0x4b2068 RealizePalette
0x4b206c GetDIBits
0x4b2070 GetWindowExtEx
0x4b2074 GetViewportOrgEx
0x4b2078 GetWindowOrgEx
0x4b207c BeginPath
0x4b2080 EndPath
0x4b2084 PathToRegion
0x4b2088 CreateEllipticRgn
0x4b208c CreateRoundRectRgn
0x4b2090 GetTextColor
0x4b2094 GetBkMode
0x4b2098 GetBkColor
0x4b209c GetROP2
0x4b20a0 GetStretchBltMode
0x4b20a4 GetPolyFillMode
0x4b20ac CreateDCA
0x4b20b0 CreateBitmap
0x4b20b4 SelectObject
0x4b20b8 CreatePen
0x4b20bc PatBlt
0x4b20c0 CombineRgn
0x4b20c4 CreateRectRgn
0x4b20c8 FillRgn
0x4b20cc CreateSolidBrush
0x4b20d0 CreateFontIndirectA
0x4b20d4 EndPage
0x4b20d8 EndDoc
0x4b20dc DeleteDC
0x4b20e0 StartDocA
0x4b20e4 StartPage
0x4b20e8 BitBlt
0x4b20ec CreateCompatibleDC
0x4b20f0 Ellipse
0x4b20f4 Rectangle
0x4b20f8 LPtoDP
0x4b20fc DPtoLP
0x4b2100 GetCurrentObject
0x4b2104 RoundRect
0x4b210c GetDeviceCaps
0x4b2110 GetStockObject
0x4b2114 GetObjectA
0x4b2118 RestoreDC
0x4b211c SetBkMode
0x4b2120 SetPolyFillMode
0x4b2124 SetROP2
0x4b2128 SetTextColor
0x4b212c SetMapMode
0x4b2130 SetViewportOrgEx
0x4b2134 OffsetViewportOrgEx
0x4b2138 SetViewportExtEx
0x4b213c ScaleViewportExtEx
0x4b2140 SetWindowOrgEx
0x4b2144 SetWindowExtEx
0x4b2148 ScaleWindowExtEx
0x4b214c GetClipBox
0x4b2150 ExcludeClipRect
0x4b2154 MoveToEx
0x4b2158 LineTo
0x4b215c GetTextMetricsA
0x4b2160 Escape
0x4b2164 ExtTextOutA
0x4b2168 TextOutA
0x4b216c RectVisible
0x4b2170 PtVisible
0x4b2174 GetViewportExtEx
0x4b2178 ExtSelectClipRgn
库: WINMM.dll:
0x4b2688 midiStreamRestart
0x4b268c midiStreamClose
0x4b2690 midiOutReset
0x4b2694 midiStreamStop
0x4b2698 midiStreamOut
0x4b26a0 midiStreamProperty
0x4b26a4 midiStreamOpen
0x4b26ac waveOutOpen
0x4b26b0 waveOutGetNumDevs
0x4b26b4 waveOutClose
0x4b26b8 waveOutReset
0x4b26bc waveOutPause
0x4b26c0 waveOutWrite
0x4b26cc waveOutRestart
库: WINSPOOL.DRV:
0x4b26d4 DocumentPropertiesA
0x4b26d8 OpenPrinterA
0x4b26dc ClosePrinter
库: ADVAPI32.dll:
0x4b2000 RegCloseKey
0x4b2004 RegOpenKeyExA
0x4b2008 RegSetValueExA
0x4b200c RegQueryValueA
0x4b2010 RegCreateKeyExA
库: SHELL32.dll:
0x4b240c Shell_NotifyIconA
0x4b2410 ShellExecuteA
库: ole32.dll:
0x4b2724 CLSIDFromProgID
0x4b2728 OleRun
0x4b272c CoCreateInstance
0x4b2730 CLSIDFromString
0x4b2734 OleInitialize
0x4b2738 OleUninitialize
库: OLEAUT32.dll:
0x4b23bc UnRegisterTypeLib
0x4b23c0 RegisterTypeLib
0x4b23c4 LHashValOfNameSys
0x4b23c8 LoadTypeLib
0x4b23cc VariantClear
0x4b23d0 VariantChangeType
0x4b23d4 VariantInit
0x4b23d8 VariantCopyInd
0x4b23dc SysAllocString
0x4b23e0 VariantCopy
0x4b23e4 SafeArrayGetUBound
0x4b23e8 SafeArrayGetLBound
0x4b23ec SafeArrayGetDim
0x4b23f4 SafeArrayAccessData
0x4b23f8 SafeArrayGetElement
0x4b23fc SafeArrayDestroy
0x4b2400 SafeArrayCreate
0x4b2404 SafeArrayPutElement
库: COMCTL32.dll:
0x4b2018 None
0x4b2024 ImageList_Destroy
0x4b2028 ImageList_Read
0x4b202c ImageList_Duplicate
库: WS2_32.dll:
0x4b26e4 recvfrom
0x4b26e8 ioctlsocket
0x4b26ec ntohl
0x4b26f0 recv
0x4b26f4 accept
0x4b26f8 WSAAsyncSelect
0x4b26fc getpeername
0x4b2700 inet_ntoa
0x4b2704 WSACleanup
0x4b2708 closesocket
库: comdlg32.dll:
0x4b2710 GetSaveFileNameA
0x4b2714 GetOpenFileNameA
0x4b2718 ChooseColorA
0x4b271c GetFileTitleA
.text
`.rdata
@.data
.rsrc
3hSHK
3hGNK
3hwPK
3hZdK
3h)dK
3h)dK
8`}<j
T$hVj
F<hrS
F<`rS
T$th
|$`Vj
F<hrS
D$@Sj
L$8h
jjjjh
没有防病毒引擎扫描信息!

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 6.065 seconds )

  • 5.159 Static
  • 0.574 TargetInfo
  • 0.299 peid
  • 0.013 AnalysisInfo
  • 0.011 Strings
  • 0.004 config_decoder
  • 0.003 Memory
  • 0.002 BehaviorAnalysis

Signatures ( 0.075 seconds )

  • 0.011 antiav_detectreg
  • 0.009 md_url_bl
  • 0.008 md_domain_bl
  • 0.005 anomaly_persistence_autorun
  • 0.005 infostealer_ftp
  • 0.004 antiav_detectfile
  • 0.004 ransomware_files
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_im
  • 0.003 ransomware_extensions
  • 0.002 tinba_behavior
  • 0.002 antianalysis_detectreg
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.001 rat_nanocore
  • 0.001 betabot_behavior
  • 0.001 cerber_behavior
  • 0.001 geodo_banking_trojan
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop

Reporting ( 0.577 seconds )

  • 0.469 ReportHTMLSummary
  • 0.108 Malheur
Task ID 620255
Mongo ID 60351243dc327b7a485e44cf
Cuckoo release 1.4-Maldun