比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2021-04-21 19:57:25 2021-04-21 19:57:27 2 秒

魔盾分数

7.0

危险的

文件详细信息

文件名 淘客工具箱.exe
文件大小 1789952 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 aafba8d6c2fdf4030c1a389f4df499c3
SHA1 602c75f5a380bc09a1b3a1f31164da20eeac2b20
SHA256 4fd7162b737a430049d5b4bb29e6c6f39091ce5a12db9914c70ca08b204d6205
SHA512 53a598921ab88660b5884d1b0cac0aa1504b4cf5d31d6a4e325f9e91e2d11364c1e9a3547756a3b025db6fed9be5e67b5972c1417c1f2b20b91c0e4b01b9979a
CRC32 B3B78FE1
Ssdeep 49152:IyCSNigevjwZuQrl7j+Xbr4M8TgmAK3PcjWT:7MXn4M8TgmbffT
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00514106
声明校验值 0x00000000
实际校验值 0x001bced1
最低操作系统版本要求 4.0
编译时间 2021-04-21 19:02:50
载入哈希 786d9ba27ab4ce3d78e5d5c02648d241

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0014ccca 0x0014d000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.50
.rdata 0x0014e000 0x00039570 0x0003a000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.67
.data 0x00188000 0x0007c171 0x00024000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.42
.rsrc 0x00205000 0x000087a0 0x00009000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.62

导入

库: WINMM.dll:
0x54e72c midiStreamClose
0x54e730 midiOutReset
0x54e734 midiStreamStop
0x54e738 midiStreamOut
0x54e740 midiStreamProperty
0x54e744 midiStreamOpen
0x54e74c waveOutOpen
0x54e750 waveOutGetNumDevs
0x54e754 waveOutClose
0x54e758 waveOutReset
0x54e75c waveOutPause
0x54e760 waveOutWrite
0x54e76c waveOutRestart
0x54e770 midiStreamRestart
库: WS2_32.dll:
0x54e788 bind
0x54e78c htonl
0x54e790 socket
0x54e794 sendto
0x54e798 recvfrom
0x54e79c ioctlsocket
0x54e7a0 htons
0x54e7a4 WSAAsyncSelect
0x54e7a8 closesocket
0x54e7ac send
0x54e7b0 select
0x54e7b4 WSACleanup
0x54e7b8 gethostname
0x54e7bc inet_ntoa
0x54e7c0 connect
0x54e7c4 recv
0x54e7c8 gethostbyname
0x54e7cc getpeername
0x54e7d0 accept
0x54e7d4 __WSAFDIsSet
0x54e7d8 ntohs
0x54e7dc getsockname
0x54e7e0 ntohl
0x54e7e4 WSAStartup
0x54e7e8 listen
0x54e7ec inet_addr
库: RASAPI32.dll:
0x54e464 RasHangUpA
库: KERNEL32.dll:
0x54e1d8 SetLastError
0x54e1e0 GetVersion
0x54e1e8 lstrcmpA
0x54e1ec GetCurrentThread
0x54e1f0 DuplicateHandle
0x54e1f4 GetSystemTime
0x54e1f8 lstrcpynA
0x54e1fc CreateMutexA
0x54e200 ReleaseMutex
0x54e204 SuspendThread
0x54e210 LocalFree
0x54e218 FlushFileBuffers
0x54e21c LockFile
0x54e220 UnlockFile
0x54e224 SetEndOfFile
0x54e228 GetStringTypeExA
0x54e22c lstrcmpiA
0x54e230 GlobalDeleteAtom
0x54e234 GlobalFindAtomA
0x54e238 GlobalAddAtomA
0x54e23c GlobalGetAtomNameA
0x54e240 LocalAlloc
0x54e244 TlsAlloc
0x54e248 GlobalHandle
0x54e24c TlsFree
0x54e250 TlsSetValue
0x54e254 LocalReAlloc
0x54e258 TlsGetValue
0x54e25c GetFileTime
0x54e260 GlobalFlags
0x54e264 SetErrorMode
0x54e268 GetProcessVersion
0x54e26c GetCPInfo
0x54e270 GetOEMCP
0x54e274 GetStartupInfoA
0x54e278 RtlUnwind
0x54e27c GetLocalTime
0x54e280 RaiseException
0x54e284 HeapSize
0x54e288 GetACP
0x54e28c SetStdHandle
0x54e290 GetFileType
0x54e2a8 SetHandleCount
0x54e2ac GetStdHandle
0x54e2b4 HeapDestroy
0x54e2b8 HeapCreate
0x54e2bc VirtualFree
0x54e2c4 LCMapStringA
0x54e2c8 LCMapStringW
0x54e2cc VirtualAlloc
0x54e2d0 IsBadWritePtr
0x54e2d8 GetStringTypeA
0x54e2dc GetStringTypeW
0x54e2e0 CompareStringA
0x54e2e4 CompareStringW
0x54e2e8 IsBadReadPtr
0x54e2ec IsBadCodePtr
0x54e2f0 TerminateProcess
0x54e2f4 GetCurrentProcess
0x54e2f8 GetFileSize
0x54e2fc SetFilePointer
0x54e300 CreateSemaphoreA
0x54e304 ResumeThread
0x54e308 ReleaseSemaphore
0x54e314 GetProfileStringA
0x54e318 WriteFile
0x54e320 CreateFileA
0x54e324 SetEvent
0x54e328 FindResourceA
0x54e32c LoadResource
0x54e330 LockResource
0x54e334 ReadFile
0x54e338 lstrlenW
0x54e33c GetModuleFileNameA
0x54e340 WideCharToMultiByte
0x54e344 MultiByteToWideChar
0x54e348 GetCurrentThreadId
0x54e34c ExitProcess
0x54e350 GlobalSize
0x54e354 GlobalFree
0x54e360 lstrcatA
0x54e364 lstrlenA
0x54e368 WinExec
0x54e36c lstrcpyA
0x54e370 FindNextFileA
0x54e374 GlobalReAlloc
0x54e378 HeapFree
0x54e37c HeapReAlloc
0x54e380 GetProcessHeap
0x54e384 HeapAlloc
0x54e388 GetUserDefaultLCID
0x54e38c GetFullPathNameA
0x54e390 FreeLibrary
0x54e394 LoadLibraryA
0x54e398 GetLastError
0x54e39c GetVersionExA
0x54e3a4 CreateThread
0x54e3a8 CreateEventA
0x54e3ac Sleep
0x54e3b0 GlobalAlloc
0x54e3b4 GlobalLock
0x54e3b8 GlobalUnlock
0x54e3bc FindFirstFileA
0x54e3c0 FindClose
0x54e3c4 GetFileAttributesA
0x54e3d0 GetModuleHandleA
0x54e3d4 GetProcAddress
0x54e3d8 MulDiv
0x54e3dc GetCommandLineA
0x54e3e0 GetTickCount
0x54e3e4 CreateProcessA
0x54e3e8 WaitForSingleObject
0x54e3ec CloseHandle
0x54e3f0 InterlockedExchange
0x54e3f4 VirtualProtect
0x54e3f8 VirtualQuery
0x54e3fc GetSystemInfo
0x54e404 TerminateThread
库: USER32.dll:
0x54e488 ScrollWindowEx
0x54e48c IsDialogMessageA
0x54e490 CheckMenuItem
0x54e494 SetMenuItemBitmaps
0x54e49c LoadStringA
0x54e4a0 GetSysColorBrush
0x54e4a4 AdjustWindowRectEx
0x54e4a8 GetScrollPos
0x54e4ac RegisterClassA
0x54e4b0 GetClassLongA
0x54e4b4 RemovePropA
0x54e4b8 GetMessageTime
0x54e4bc GetLastActivePopup
0x54e4c0 GetForegroundWindow
0x54e4c8 GetWindowPlacement
0x54e4cc GetNextDlgTabItem
0x54e4d0 EndDialog
0x54e4d8 EndPaint
0x54e4dc BeginPaint
0x54e4e0 CharUpperA
0x54e4e8 DestroyWindow
0x54e4ec UnregisterHotKey
0x54e4f0 RegisterHotKey
0x54e4f4 CreateWindowExA
0x54e4f8 SetWindowTextA
0x54e4fc GetMenuItemCount
0x54e500 GetMenuItemID
0x54e504 GetMenuStringA
0x54e508 GetMenuState
0x54e510 DrawStateA
0x54e514 GrayStringA
0x54e518 TabbedTextOutA
0x54e51c WindowFromDC
0x54e520 EnumChildWindows
0x54e524 GetWindowDC
0x54e528 UnhookWindowsHookEx
0x54e52c CallNextHookEx
0x54e530 SetWindowsHookExA
0x54e534 FrameRect
0x54e538 GetPropA
0x54e53c UnregisterClassA
0x54e540 CallWindowProcA
0x54e544 SetPropA
0x54e548 DrawTextA
0x54e54c GetCursor
0x54e550 GetWindowTextA
0x54e554 FindWindowExA
0x54e558 GetDlgItem
0x54e55c GetClassNameA
0x54e560 GetDesktopWindow
0x54e564 LoadIconA
0x54e568 TranslateMessage
0x54e56c DrawFrameControl
0x54e570 DrawEdge
0x54e574 DrawFocusRect
0x54e578 WindowFromPoint
0x54e57c GetMessageA
0x54e580 DispatchMessageA
0x54e584 SetRectEmpty
0x54e594 DrawIconEx
0x54e598 AppendMenuA
0x54e59c ModifyMenuA
0x54e5a0 CreateMenu
0x54e5a8 GetDlgCtrlID
0x54e5ac GetSubMenu
0x54e5b0 EnableMenuItem
0x54e5b4 ClientToScreen
0x54e5bc LoadImageA
0x54e5c4 ShowWindow
0x54e5c8 IsWindowEnabled
0x54e5d0 GetKeyState
0x54e5d8 PostQuitMessage
0x54e5dc IsZoomed
0x54e5e0 GetClassInfoA
0x54e5e4 DefWindowProcA
0x54e5e8 GetSystemMenu
0x54e5ec DeleteMenu
0x54e5f0 GetMenu
0x54e5f4 SetMenu
0x54e5f8 PeekMessageA
0x54e5fc IsIconic
0x54e600 SetFocus
0x54e604 GetActiveWindow
0x54e608 GetWindow
0x54e610 SetWindowRgn
0x54e614 GetMessagePos
0x54e618 ScreenToClient
0x54e620 CopyRect
0x54e624 LoadBitmapA
0x54e628 WinHelpA
0x54e62c KillTimer
0x54e630 SetTimer
0x54e634 ReleaseCapture
0x54e638 GetCapture
0x54e63c SetCapture
0x54e640 SetScrollRange
0x54e644 SetScrollPos
0x54e648 SetRect
0x54e64c InflateRect
0x54e650 IntersectRect
0x54e654 DestroyIcon
0x54e658 PtInRect
0x54e65c OffsetRect
0x54e660 IsWindowVisible
0x54e664 EnableWindow
0x54e668 RedrawWindow
0x54e66c GetWindowLongA
0x54e670 SetWindowLongA
0x54e674 GetSysColor
0x54e678 SetActiveWindow
0x54e67c SetCursorPos
0x54e680 LoadCursorA
0x54e684 SetCursor
0x54e688 GetDC
0x54e68c FillRect
0x54e690 IsRectEmpty
0x54e694 ReleaseDC
0x54e698 IsChild
0x54e69c TrackPopupMenu
0x54e6a0 DestroyMenu
0x54e6a4 SetForegroundWindow
0x54e6a8 GetWindowRect
0x54e6ac EqualRect
0x54e6b0 UpdateWindow
0x54e6b4 ValidateRect
0x54e6b8 InvalidateRect
0x54e6bc GetClientRect
0x54e6c0 GetFocus
0x54e6c4 GetParent
0x54e6c8 GetTopWindow
0x54e6cc PostMessageA
0x54e6d0 IsWindow
0x54e6d4 SetParent
0x54e6d8 DestroyCursor
0x54e6dc SendMessageA
0x54e6e0 SetWindowPos
0x54e6e4 MessageBoxA
0x54e6e8 GetCursorPos
0x54e6ec GetSystemMetrics
0x54e6f0 EmptyClipboard
0x54e6f4 SetClipboardData
0x54e6f8 OpenClipboard
0x54e6fc GetClipboardData
0x54e700 CloseClipboard
0x54e704 wsprintfA
0x54e708 WaitForInputIdle
0x54e70c SendDlgItemMessageA
0x54e710 CreatePopupMenu
0x54e714 MapWindowPoints
0x54e718 GetScrollRange
0x54e71c MoveWindow
库: GDI32.dll:
0x54e070 DeleteDC
0x54e074 EndDoc
0x54e078 EndPage
0x54e07c GetObjectA
0x54e080 GetStockObject
0x54e084 CreateFontIndirectA
0x54e088 CreateSolidBrush
0x54e08c FillRgn
0x54e090 CreateRectRgn
0x54e094 CombineRgn
0x54e098 PatBlt
0x54e09c CreatePen
0x54e0a0 SelectObject
0x54e0a4 CreateBitmap
0x54e0a8 CreateBrushIndirect
0x54e0ac CreateDCA
0x54e0b4 GetPolyFillMode
0x54e0b8 GetStretchBltMode
0x54e0bc GetROP2
0x54e0c0 GetBkColor
0x54e0c4 GetBkMode
0x54e0c8 GetTextColor
0x54e0cc CreateRoundRectRgn
0x54e0d0 CreateEllipticRgn
0x54e0d4 RectVisible
0x54e0d8 TextOutA
0x54e0dc ExtTextOutA
0x54e0e0 Escape
0x54e0e4 CreateFontA
0x54e0ec SetPolyFillMode
0x54e0f0 SetROP2
0x54e0f4 SetMapMode
0x54e0f8 StartDocA
0x54e0fc StartPage
0x54e100 SetViewportExtEx
0x54e104 ScaleViewportExtEx
0x54e108 SetWindowExtEx
0x54e10c ScaleWindowExtEx
0x54e110 GetClipBox
0x54e114 ExcludeClipRect
0x54e118 MoveToEx
0x54e11c LineTo
0x54e120 ExtSelectClipRgn
0x54e124 GetViewportExtEx
0x54e128 GetTextMetricsA
0x54e12c SetBkColor
0x54e134 SetPixel
0x54e138 SetStretchBltMode
0x54e13c GetClipRgn
0x54e140 CreatePolygonRgn
0x54e144 SelectClipRgn
0x54e148 DeleteObject
0x54e14c CreateDIBitmap
0x54e154 CreatePalette
0x54e158 StretchBlt
0x54e15c SelectPalette
0x54e160 RealizePalette
0x54e164 GetDIBits
0x54e168 GetWindowExtEx
0x54e16c GetViewportOrgEx
0x54e170 GetWindowOrgEx
0x54e174 BeginPath
0x54e178 EndPath
0x54e17c PathToRegion
0x54e180 BitBlt
0x54e184 OffsetViewportOrgEx
0x54e188 PtVisible
0x54e18c CreatePenIndirect
0x54e190 RestoreDC
0x54e194 SaveDC
0x54e198 SetWindowOrgEx
0x54e19c SetTextColor
0x54e1a0 SetBkMode
0x54e1a4 GetPixel
0x54e1a8 CreateCompatibleDC
0x54e1ac SetPixelV
0x54e1b0 Ellipse
0x54e1b4 Rectangle
0x54e1b8 LPtoDP
0x54e1bc DPtoLP
0x54e1c0 GetCurrentObject
0x54e1c4 RoundRect
0x54e1cc SetViewportOrgEx
0x54e1d0 GetDeviceCaps
库: MSIMG32.dll:
0x54e40c GradientFill
库: WINSPOOL.DRV:
0x54e778 ClosePrinter
0x54e77c DocumentPropertiesA
0x54e780 OpenPrinterA
库: comdlg32.dll:
0x54e7f4 GetFileTitleA
0x54e7f8 GetOpenFileNameA
0x54e7fc ChooseColorA
0x54e800 GetSaveFileNameA
库: ADVAPI32.dll:
0x54e000 RegCreateKeyExA
0x54e004 RegQueryValueA
0x54e008 RegCreateKeyA
0x54e00c RegSetValueExA
0x54e010 RegOpenKeyExA
0x54e014 RegCloseKey
库: SHELL32.dll:
0x54e470 DragQueryFileA
0x54e474 ShellExecuteA
0x54e478 Shell_NotifyIconA
0x54e47c DragAcceptFiles
0x54e480 DragFinish
库: ole32.dll:
0x54e808 CLSIDFromProgID
0x54e80c OleInitialize
0x54e810 OleUninitialize
0x54e814 CLSIDFromString
0x54e818 CoCreateInstance
0x54e81c OleRun
库: OLEAUT32.dll:
0x54e414 SafeArrayPutElement
0x54e418 SafeArrayCreate
0x54e41c SafeArrayDestroy
0x54e420 SysAllocString
0x54e424 VariantInit
0x54e428 VariantCopyInd
0x54e42c LoadTypeLib
0x54e430 SafeArrayAccessData
0x54e434 RegisterTypeLib
0x54e438 SafeArrayGetDim
0x54e43c SafeArrayGetLBound
0x54e440 SafeArrayGetUBound
0x54e444 VariantChangeType
0x54e448 VariantClear
0x54e44c VariantCopy
0x54e454 LHashValOfNameSys
0x54e458 SafeArrayGetElement
0x54e45c UnRegisterTypeLib
库: COMCTL32.dll:
0x54e01c ImageList_Read
0x54e020 None
0x54e024 ImageList_EndDrag
0x54e02c ImageList_DragMove
0x54e030 ImageList_DragLeave
0x54e034 ImageList_DragEnter
0x54e038 ImageList_Destroy
0x54e03c ImageList_Create
0x54e040 ImageList_BeginDrag
0x54e044 ImageList_Add
0x54e04c ImageList_GetIcon
0x54e050 ImageList_AddMasked
0x54e058 _TrackMouseEvent
0x54e060 ImageList_Draw
0x54e064 ImageList_Duplicate
库: WININET.dll:
0x54e724 InternetCloseHandle
.text
`.rdata
@.data
.rsrc
3hT-U
3hT-U
3hT-U
3hT-U
3h&ZU
3hYZU
3hj\U
没有防病毒引擎扫描信息!

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 7.113 seconds )

  • 4.74 Static
  • 1.428 VirusTotal
  • 0.529 TargetInfo
  • 0.386 peid
  • 0.012 Strings
  • 0.01 AnalysisInfo
  • 0.004 config_decoder
  • 0.002 BehaviorAnalysis
  • 0.002 Memory

Signatures ( 0.079 seconds )

  • 0.011 antiav_detectreg
  • 0.01 md_url_bl
  • 0.008 md_domain_bl
  • 0.006 infostealer_ftp
  • 0.005 anomaly_persistence_autorun
  • 0.005 antiav_detectfile
  • 0.004 ransomware_files
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_im
  • 0.003 ransomware_extensions
  • 0.002 tinba_behavior
  • 0.002 rat_nanocore
  • 0.002 antianalysis_detectreg
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.001 betabot_behavior
  • 0.001 cerber_behavior
  • 0.001 geodo_banking_trojan
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop

Reporting ( 0.525 seconds )

  • 0.481 ReportHTMLSummary
  • 0.044 Malheur
Task ID 631849
Mongo ID 6080133adc327b2bbce5ac57
Cuckoo release 1.4-Maldun