比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2021-04-21 19:47:49 2021-04-21 19:47:52 3 秒

魔盾分数

7.35

危险的

文件详细信息

文件名 BetopGameCenter.exe
文件大小 27279872 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 5a7c989e2a16060fc58c8e691dca3667
SHA1 7be9f3a720090f1eea850f0c77d25ed529f8a51f
SHA256 2145bb769b89d1b961547758544b1c3d9f52c96714a881a375045b395dad1acd
SHA512 960bd05334dd2bc0b3dca13a8b8ccf06cb22309d6229bb5791c6a1f086a70f8db8af2fdd67755d28f228b9816c81b35681b3e25e5a793c29f649fc998d7f62c2
CRC32 3FA14799
Ssdeep 786432:TByCcFhLzYgc/cIv4ERdE9291EbhLNvr:TBALzYgJaXk9O2bNF
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004334c4
声明校验值 0x00000000
最低操作系统版本要求 5.1
PDB路径 E:\Work\BetopGameCenter\MappingTools\Release\BetopGameCenter.pdb
编译时间 2020-08-19 15:38:19
载入哈希 532a5c45bf6dbb8df9d28e746cea7c87
导出DLL库名称 \x36\x31\x31\x31\x31\x37\x39\x31\x3167\x31\x31\x31\x31\x31\x34\x31\x31\x31

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00054082 0x00054200 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.61
.rdata 0x00056000 0x0013d06e 0x0013d200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.83
.data 0x00194000 0x000070e4 0x00002c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.16
.rsrc 0x0019c000 0x0184aee8 0x0184b000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 8.00
.reloc 0x019e7000 0x00024dac 0x00024e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 1.56

导入

库: KERNEL32.dll:
0x4560b0 SetThreadPriority
0x4560b4 ResumeThread
0x4560c0 TlsAlloc
0x4560c4 TlsGetValue
0x4560c8 TlsSetValue
0x4560cc TlsFree
0x4560d0 GlobalReAlloc
0x4560d4 GlobalHandle
0x4560d8 LocalAlloc
0x4560dc LocalReAlloc
0x4560e4 SetErrorMode
0x4560e8 CompareStringW
0x4560ec GetLocaleInfoW
0x4560f4 GlobalFlags
0x456100 GetFileSizeEx
0x456104 GetFileTime
0x456108 IsDebuggerPresent
0x456110 HeapAlloc
0x456114 HeapFree
0x45611c ExitProcess
0x456120 GetModuleHandleExW
0x456124 FindFirstFileExW
0x456128 GetDriveTypeW
0x45612c HeapReAlloc
0x456130 RaiseException
0x456134 CreateEventW
0x456138 ExitThread
0x45613c VirtualAlloc
0x456140 VirtualProtect
0x456144 VirtualQuery
0x456148 HeapSize
0x456150 GetStdHandle
0x456154 GetProcessHeap
0x456158 GetFileType
0x45615c GetStartupInfoW
0x456174 IsValidCodePage
0x456178 GetOEMCP
0x45617c GetCPInfo
0x456184 LCMapStringW
0x456188 IsValidLocale
0x45618c GetUserDefaultLCID
0x456190 EnumSystemLocalesW
0x456198 PeekNamedPipe
0x45619c OutputDebugStringW
0x4561a0 GetConsoleCP
0x4561a4 GetConsoleMode
0x4561a8 SetFilePointerEx
0x4561ac GetStringTypeW
0x4561b0 SetStdHandle
0x4561b4 ReadConsoleW
0x4561b8 WriteConsoleW
0x4561c0 GetSystemInfo
0x4561c8 lstrcmpA
0x4561cc InterlockedExchange
0x4561d0 DuplicateHandle
0x4561d4 WriteFile
0x4561d8 UnlockFile
0x4561dc SetFilePointer
0x4561e0 SetEndOfFile
0x4561e4 LockFile
0x4561ec GetFullPathNameW
0x4561f0 GetFileSize
0x4561f4 FlushFileBuffers
0x4561f8 CreateFileW
0x4561fc GlobalFindAtomW
0x456200 GlobalAddAtomW
0x456204 LoadLibraryA
0x456208 lstrcmpW
0x45620c GlobalDeleteAtom
0x456210 LoadLibraryExW
0x456214 GetModuleHandleA
0x456218 FreeResource
0x45621c GetSystemDirectoryW
0x456220 GetVersion
0x456224 DecodePointer
0x456228 EncodePointer
0x45622c OutputDebugStringA
0x456230 GetFileAttributesW
0x456238 SetLastError
0x45623c MulDiv
0x456240 LocalFree
0x456244 GlobalUnlock
0x456248 GlobalLock
0x45624c GetACP
0x456250 CreateThread
0x456258 VirtualFree
0x45625c GetCurrentThread
0x456260 SuspendThread
0x456264 TerminateThread
0x456270 GetTickCount
0x456278 GetCommandLineW
0x45627c SetEvent
0x456280 FreeLibrary
0x456284 Sleep
0x456288 GlobalFree
0x45628c GlobalAlloc
0x456290 GetSystemTime
0x4562a4 LoadLibraryW
0x4562a8 GetCurrentThreadId
0x4562ac WideCharToMultiByte
0x4562b0 GetModuleHandleW
0x4562b4 GetProcAddress
0x4562b8 RemoveDirectoryW
0x4562bc DeleteFileW
0x4562c0 FindNextFileW
0x4562c4 CopyFileW
0x4562c8 CreateDirectoryW
0x4562cc FindClose
0x4562d0 FindFirstFileW
0x4562d4 GetExitCodeProcess
0x4562d8 WaitForSingleObject
0x4562dc MultiByteToWideChar
0x4562e0 ReadFile
0x4562e4 CreateProcessW
0x4562ec CreatePipe
0x4562f0 GetVersionExW
0x4562f4 GetCurrentProcess
0x4562f8 FormatMessageW
0x4562fc GetLastError
0x456300 CloseHandle
0x456304 Process32NextW
0x456308 Process32FirstW
0x456310 GetCurrentProcessId
0x456314 TerminateProcess
0x456318 OpenProcess
0x456320 GetModuleFileNameW
0x456324 FindResourceW
0x456328 LoadResource
0x45632c LockResource
0x456330 RtlUnwind
0x456334 SizeofResource
库: USER32.dll:
0x456380 MonitorFromWindow
0x456384 WinHelpW
0x456388 CallNextHookEx
0x45638c SetWindowsHookExW
0x456390 GetWindow
0x456394 GetLastActivePopup
0x456398 GetTopWindow
0x45639c GetClassNameW
0x4563a0 GetClassLongW
0x4563a4 SetWindowLongW
0x4563a8 GetWindowLongW
0x4563ac PtInRect
0x4563b0 CopyRect
0x4563b4 GetSysColor
0x4563b8 MapWindowPoints
0x4563bc ScreenToClient
0x4563c0 MessageBoxW
0x4563c4 AdjustWindowRectEx
0x4563c8 GetWindowRect
0x4563cc GetWindowTextW
0x4563d0 RemovePropW
0x4563d4 GetPropW
0x4563d8 SetPropW
0x4563dc RedrawWindow
0x4563e0 ValidateRect
0x4563e4 UpdateWindow
0x4563e8 SetMenu
0x4563ec GetMenu
0x4563f0 GetCapture
0x4563f4 GetKeyState
0x4563f8 GetFocus
0x4563fc GetDlgCtrlID
0x456400 GetDlgItem
0x456404 GetMonitorInfoW
0x456408 IsWindow
0x45640c CreateWindowExW
0x456410 GetClassInfoExW
0x456414 GetClassInfoW
0x456418 RegisterClassW
0x45641c CallWindowProcW
0x456420 DefWindowProcW
0x456424 GetMessageTime
0x456428 GetMessagePos
0x45642c PeekMessageW
0x456434 UnhookWindowsHookEx
0x456438 GetMenuItemCount
0x45643c GetMenuItemID
0x456440 GetSubMenu
0x456444 GetParent
0x456448 SendDlgItemMessageA
0x45644c GetDC
0x456450 ReleaseDC
0x456454 KillTimer
0x456458 GetMessageW
0x45645c TranslateMessage
0x456460 DispatchMessageW
0x456464 GetForegroundWindow
0x456468 SetTimer
0x45646c InvalidateRect
0x456470 SendMessageW
0x456474 PostMessageW
0x456478 LoadIconW
0x45647c EnableWindow
0x456480 FindWindowW
0x456484 GetSystemMetrics
0x456488 GetClientRect
0x45648c SetFocus
0x456490 SetActiveWindow
0x456494 SetForegroundWindow
0x456498 SetWindowPos
0x45649c AttachThreadInput
0x4564a0 ShowWindow
0x4564a8 IsWindowVisible
0x4564ac LoadCursorW
0x4564b4 DestroyMenu
0x4564b8 UnregisterClassW
0x4564bc GetSysColorBrush
0x4564c0 ClientToScreen
0x4564c4 EndPaint
0x4564c8 BeginPaint
0x4564cc TabbedTextOutW
0x4564d0 GrayStringW
0x4564d4 DrawTextExW
0x4564d8 DrawTextW
0x4564dc WaitMessage
0x4564e0 GetDesktopWindow
0x4564e4 GetNextDlgTabItem
0x4564e8 EndDialog
0x4564f0 SetCursor
0x4564f4 GetCursorPos
0x4564f8 GetActiveWindow
0x4564fc LoadBitmapW
0x456500 SetMenuItemInfoW
0x456508 SetMenuItemBitmaps
0x45650c EnableMenuItem
0x456510 CheckMenuItem
0x456514 PostQuitMessage
0x456518 IsDialogMessageW
0x45651c SetWindowTextW
0x456520 IsWindowEnabled
0x456524 DestroyWindow
0x456528 CharUpperW
库: GDI32.dll:
0x456044 GetStockObject
0x456048 PtVisible
0x45604c RectVisible
0x456050 RestoreDC
0x456054 SaveDC
0x456058 SetMapMode
0x45605c TextOutW
0x456060 ExtTextOutW
0x456064 SetViewportExtEx
0x456068 SetViewportOrgEx
0x45606c SetWindowExtEx
0x456070 OffsetViewportOrgEx
0x456074 ScaleViewportExtEx
0x456078 ScaleWindowExtEx
0x45607c GetClipBox
0x456080 Escape
0x456084 DeleteObject
0x456088 DeleteDC
0x45608c CreateBitmap
0x456090 GetObjectW
0x456094 SetTextColor
0x456098 SetBkColor
0x45609c GetDeviceCaps
0x4560a0 SelectObject
库: WINSPOOL.DRV:
0x456530 ClosePrinter
0x456534 DocumentPropertiesW
0x456538 OpenPrinterW
库: ADVAPI32.dll:
0x456000 RegCreateKeyExW
0x456004 RegEnumValueW
0x456008 RegQueryValueW
0x45600c RegEnumKeyW
0x456010 RegSetValueExW
0x456014 RegDeleteValueW
0x456018 RegDeleteKeyW
0x45601c OpenProcessToken
0x456020 RegQueryValueExW
0x456024 RegOpenKeyExW
0x456028 RegCloseKey
0x45602c GetUserNameW
库: SHELL32.dll:
0x456360 ShellExecuteW
0x456364 ShellExecuteExW
库: COMCTL32.dll:
库: SHLWAPI.dll:
0x45636c PathStripToRootW
0x456370 PathFindExtensionW
0x456374 PathFindFileNameW
0x456378 PathIsUNCW
库: ole32.dll:
0x4565a4 CoCreateGuid
0x4565a8 CoInitialize
0x4565ac CoCreateInstance
0x4565b0 CoUninitialize
0x4565b4 CoTaskMemFree
库: OLEAUT32.dll:
0x456348 SysAllocString
0x45634c VariantChangeType
0x456350 VariantClear
0x456354 VariantInit
0x456358 SysFreeString
库: gdiplus.dll:
0x456598 GdiplusShutdown
0x45659c GdiplusStartup
库: WS2_32.dll:
0x456540 WSAGetLastError
0x456544 WSASetLastError
0x456548 WSACleanup
0x45654c WSAAsyncSelect
0x456550 socket
0x456554 sendto
0x456558 send
0x45655c select
0x456560 recvfrom
0x456564 recv
0x456568 ntohs
0x45656c inet_ntoa
0x456570 inet_addr
0x456574 WSAStartup
0x456578 htonl
0x45657c getsockname
0x456580 htons
0x456584 connect
0x456588 closesocket
0x45658c bind
0x456590 accept
库: IPHLPAPI.DLL:
0x4560a8 GetAdaptersInfo
库: OLEACC.dll:
0x456340 LresultFromObject

导出

序列 地址 名称
1 0x409520 ShowDlg
.text
`.rdata
@.data
.rsrc
@.reloc
t$(Wj
P0h b@
D$lPj
wLt6=
Qh@"F
D$4hL#F
QhX#F
D$4@$F
D$(hD%F
|<h(&F
D$$hp&F
Qhl!F
Qh\,F
Qhx,F
PhX-F
7h@/F
QhP0F
Vh(1F
|nht3F
PhPEA
Phh:F
Phh:F
PjMh8/X
jMh8/X
9G t!j
u+hTkE
t9hpkE
没有防病毒引擎扫描信息!

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 44.951 seconds )

  • 37.134 Static
  • 4.785 TargetInfo
  • 2.567 VirusTotal
  • 0.375 peid
  • 0.065 config_decoder
  • 0.011 Strings
  • 0.01 AnalysisInfo
  • 0.002 BehaviorAnalysis
  • 0.002 Memory

Signatures ( 0.08 seconds )

  • 0.012 antiav_detectreg
  • 0.01 md_url_bl
  • 0.008 md_domain_bl
  • 0.005 anomaly_persistence_autorun
  • 0.005 antiav_detectfile
  • 0.005 infostealer_ftp
  • 0.004 ransomware_files
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_im
  • 0.003 ransomware_extensions
  • 0.002 tinba_behavior
  • 0.002 antianalysis_detectreg
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.001 rat_nanocore
  • 0.001 betabot_behavior
  • 0.001 cerber_behavior
  • 0.001 antivm_parallels_keys
  • 0.001 geodo_banking_trojan
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop

Reporting ( 0.495 seconds )

  • 0.446 ReportHTMLSummary
  • 0.049 Malheur
Task ID 631848
Mongo ID 60801122dc327b2bbbe5ac70
Cuckoo release 1.4-Maldun