比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2021-06-19 02:08:04 2021-06-19 02:10:13 129 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 HYXD.exe
文件大小 1957888 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 9a09eedb64979157cbdb47378a06879c
SHA1 20e4c4c82a5162ffe6a52b0304ccd511466d5d41
SHA256 44b0448b84055dd9f7797962d61ef2cac23641efc4f87590fd875d5b2400997e
SHA512 ce924b67dfa03563c83ae7a1371e70af65846840ffad1657c3113d56caaef0a8113dfcdac614ff8a430a65f1a52023055edd814192c01b4faff2735671c268dd
CRC32 3D0F4861
Ssdeep 49152:/gyeQzWbbaLGZCcpxKKKQjBXofMDc//////ZTVJ50BSRc0Ole:6/ZCAfBXofMDc///////J5pW0
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
A 23.218.94.163
CNAME a1983.dscd.akamai.net
A 23.218.94.155
wwa.lanzoui.com CNAME all.lanzoui.com.w.kunlungr.com
A 114.80.187.102
hackerinvasion.f3322.net A 81.69.249.244

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00618000
声明校验值 0x00000000
实际校验值 0x001e4f5e
最低操作系统版本要求 4.0
编译时间 2021-05-15 06:56:00
载入哈希 7003525c62e1b88163353dfd26879d93
图标
图标精确哈希值 82ca2085517d0a19bd5c1f6385835a74
图标相似性哈希值 4d479a6f5e589e2814bdbfbe82633f1c

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000ccf46 0x000cd000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.55
.rdata 0x000ce000 0x000dd954 0x000de000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.50
.data 0x001ac000 0x0005374a 0x00019000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.02
.rsrc 0x00200000 0x00017864 0x00018000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.36
.awang 0x00218000 0x00000064 0x00001000 IMAGE_SCN_MEM_EXECUTE 0.15

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TEXTINCLUDE 0x00200d40 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x00200d40 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x00200d40 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
RT_CURSOR 0x00201230 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x00201230 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x00201230 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x00201230 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_BITMAP 0x00202938 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00202938 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00202938 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00202938 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00202938 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00202938 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00202938 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00202938 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00202938 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00202938 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00202938 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00202938 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00202938 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00202938 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_ICON 0x002151f4 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.81 GLS_BINARY_LSB_FIRST
RT_ICON 0x002151f4 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.81 GLS_BINARY_LSB_FIRST
RT_ICON 0x002151f4 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.81 GLS_BINARY_LSB_FIRST
RT_ICON 0x002151f4 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.81 GLS_BINARY_LSB_FIRST
RT_ICON 0x002151f4 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.81 GLS_BINARY_LSB_FIRST
RT_ICON 0x002151f4 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.81 GLS_BINARY_LSB_FIRST
RT_ICON 0x002151f4 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.81 GLS_BINARY_LSB_FIRST
RT_ICON 0x002151f4 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.81 GLS_BINARY_LSB_FIRST
RT_ICON 0x002151f4 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.81 GLS_BINARY_LSB_FIRST
RT_ICON 0x002151f4 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.81 GLS_BINARY_LSB_FIRST
RT_ICON 0x002151f4 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.81 GLS_BINARY_LSB_FIRST
RT_MENU 0x00215668 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_MENU 0x00215668 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_DIALOG 0x002168b0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x002168b0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x002168b0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x002168b0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x002168b0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x002168b0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x002168b0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x002168b0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x002168b0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x002168b0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_STRING 0x002172f8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002172f8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002172f8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002172f8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002172f8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002172f8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002172f8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002172f8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002172f8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002172f8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002172f8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_GROUP_CURSOR 0x00217344 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x00217344 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x00217344 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON 0x00217400 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x00217400 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x00217400 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION 0x00217414 0x00000280 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.72 8086 relocatable (Microsoft)
RT_MANIFEST 0x00217694 0x000001cd LANG_NEUTRAL SUBLANG_NEUTRAL 5.08 XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: WINMM.dll:
0x4ce6d0 midiStreamOut
0x4ce6d8 waveOutWrite
0x4ce6dc waveOutPause
0x4ce6e0 waveOutReset
0x4ce6e4 waveOutClose
0x4ce6e8 waveOutGetNumDevs
0x4ce6ec waveOutOpen
0x4ce6f4 midiStreamOpen
0x4ce6f8 midiStreamProperty
0x4ce6fc midiStreamStop
0x4ce700 midiOutReset
0x4ce704 midiStreamClose
0x4ce708 midiStreamRestart
0x4ce710 waveOutRestart
库: WS2_32.dll:
0x4ce72c WSACleanup
0x4ce730 inet_ntoa
0x4ce734 closesocket
0x4ce738 getpeername
0x4ce73c accept
0x4ce740 ntohl
0x4ce744 WSAAsyncSelect
0x4ce748 recvfrom
0x4ce74c ioctlsocket
0x4ce750 recv
库: KERNEL32.dll:
0x4ce1a0 GetVersion
0x4ce1a4 TerminateThread
0x4ce1a8 CreateMutexA
0x4ce1ac ReleaseMutex
0x4ce1b0 SuspendThread
0x4ce1bc SetLastError
0x4ce1c0 HeapSize
0x4ce1c4 RaiseException
0x4ce1c8 GetLocalTime
0x4ce1cc GetSystemTime
0x4ce1d0 RtlUnwind
0x4ce1d4 GetStartupInfoA
0x4ce1d8 GetOEMCP
0x4ce1dc GetCPInfo
0x4ce1e0 GetProcessVersion
0x4ce1e4 SetErrorMode
0x4ce1e8 GlobalFlags
0x4ce1ec GetCurrentThread
0x4ce1f0 GetFileTime
0x4ce1f4 TlsGetValue
0x4ce1f8 LocalReAlloc
0x4ce1fc TlsSetValue
0x4ce200 TlsFree
0x4ce204 GlobalHandle
0x4ce208 TlsAlloc
0x4ce20c LocalAlloc
0x4ce210 lstrcmpA
0x4ce214 GlobalGetAtomNameA
0x4ce218 GlobalAddAtomA
0x4ce21c GlobalFindAtomA
0x4ce220 GlobalDeleteAtom
0x4ce224 lstrcmpiA
0x4ce228 SetEndOfFile
0x4ce22c UnlockFile
0x4ce230 LockFile
0x4ce234 FlushFileBuffers
0x4ce238 DuplicateHandle
0x4ce23c lstrcpynA
0x4ce248 LocalFree
0x4ce254 GetSystemDirectoryA
0x4ce25c OpenProcess
0x4ce260 TerminateProcess
0x4ce264 GetCurrentProcess
0x4ce268 GetFileSize
0x4ce26c SetFilePointer
0x4ce274 Process32First
0x4ce278 Process32Next
0x4ce27c CreateSemaphoreA
0x4ce280 ResumeThread
0x4ce284 ReleaseSemaphore
0x4ce290 GetProfileStringA
0x4ce294 WriteFile
0x4ce29c CreateFileA
0x4ce2a0 SetEvent
0x4ce2a4 FindResourceA
0x4ce2a8 LoadResource
0x4ce2ac LockResource
0x4ce2b0 ReadFile
0x4ce2b4 lstrlenW
0x4ce2b8 RemoveDirectoryA
0x4ce2bc GetModuleFileNameA
0x4ce2c0 WideCharToMultiByte
0x4ce2c4 MultiByteToWideChar
0x4ce2c8 GetCurrentThreadId
0x4ce2cc ExitProcess
0x4ce2d0 GlobalSize
0x4ce2d4 GlobalFree
0x4ce2e0 lstrcatA
0x4ce2e4 lstrlenA
0x4ce2e8 WinExec
0x4ce2ec InterlockedExchange
0x4ce2f0 lstrcpyA
0x4ce2f4 FindNextFileA
0x4ce2f8 GlobalReAlloc
0x4ce2fc HeapFree
0x4ce300 HeapReAlloc
0x4ce304 GetProcessHeap
0x4ce308 HeapAlloc
0x4ce30c GetUserDefaultLCID
0x4ce310 GetFullPathNameA
0x4ce314 FreeLibrary
0x4ce318 LoadLibraryA
0x4ce31c GetLastError
0x4ce320 GetVersionExA
0x4ce328 CreateThread
0x4ce32c CreateEventA
0x4ce330 Sleep
0x4ce338 GlobalAlloc
0x4ce33c GlobalLock
0x4ce340 GlobalUnlock
0x4ce344 GetTempPathA
0x4ce348 FindFirstFileA
0x4ce34c FindClose
0x4ce350 SetFileAttributesA
0x4ce354 GetFileAttributesA
0x4ce358 MoveFileA
0x4ce35c DeleteFileA
0x4ce368 GetModuleHandleA
0x4ce36c GetProcAddress
0x4ce370 MulDiv
0x4ce374 GetCommandLineA
0x4ce378 GetTickCount
0x4ce37c CreateProcessA
0x4ce380 WaitForSingleObject
0x4ce384 CloseHandle
0x4ce394 SetHandleCount
0x4ce398 GetStdHandle
0x4ce39c GetFileType
0x4ce3a4 HeapDestroy
0x4ce3a8 HeapCreate
0x4ce3ac VirtualFree
0x4ce3b4 LCMapStringA
0x4ce3b8 LCMapStringW
0x4ce3bc VirtualAlloc
0x4ce3c0 IsBadWritePtr
0x4ce3c8 GetStringTypeA
0x4ce3cc GetStringTypeW
0x4ce3d0 CompareStringA
0x4ce3d4 CompareStringW
0x4ce3d8 IsBadReadPtr
0x4ce3dc IsBadCodePtr
0x4ce3e0 SetStdHandle
0x4ce3e4 GetACP
库: USER32.dll:
0x4ce458 GetMenu
0x4ce45c DefWindowProcA
0x4ce460 GetClassInfoA
0x4ce464 IsZoomed
0x4ce468 SetMenu
0x4ce46c PeekMessageA
0x4ce470 GetSysColorBrush
0x4ce474 LoadStringA
0x4ce478 ShowWindow
0x4ce480 LoadImageA
0x4ce488 ClientToScreen
0x4ce48c EnableMenuItem
0x4ce490 GetSubMenu
0x4ce494 GetDlgCtrlID
0x4ce49c CreateMenu
0x4ce4a0 ModifyMenuA
0x4ce4a4 AppendMenuA
0x4ce4a8 CreatePopupMenu
0x4ce4ac DrawIconEx
0x4ce4bc SetRectEmpty
0x4ce4c0 DispatchMessageA
0x4ce4c4 GetMessageA
0x4ce4c8 WindowFromPoint
0x4ce4cc DrawFocusRect
0x4ce4d0 IsIconic
0x4ce4d4 SetFocus
0x4ce4d8 GetActiveWindow
0x4ce4dc DrawEdge
0x4ce4e4 SetWindowRgn
0x4ce4e8 GetMessagePos
0x4ce4ec ScreenToClient
0x4ce4f4 CopyRect
0x4ce4f8 LoadBitmapA
0x4ce4fc WinHelpA
0x4ce500 KillTimer
0x4ce504 SetTimer
0x4ce508 ReleaseCapture
0x4ce50c GetCapture
0x4ce510 SetCapture
0x4ce514 GetScrollRange
0x4ce518 SetScrollRange
0x4ce520 GetMenuState
0x4ce524 SetMenuItemBitmaps
0x4ce528 CheckMenuItem
0x4ce52c PostQuitMessage
0x4ce530 SetScrollPos
0x4ce534 SetRect
0x4ce538 InflateRect
0x4ce53c IntersectRect
0x4ce540 DestroyIcon
0x4ce544 PtInRect
0x4ce548 OffsetRect
0x4ce54c IsWindowVisible
0x4ce550 EnableWindow
0x4ce554 RedrawWindow
0x4ce558 GetWindowLongA
0x4ce55c SetWindowLongA
0x4ce560 GetSysColor
0x4ce564 SetActiveWindow
0x4ce568 SetCursorPos
0x4ce56c LoadCursorA
0x4ce570 SetCursor
0x4ce574 GetDC
0x4ce578 FillRect
0x4ce57c IsRectEmpty
0x4ce580 ReleaseDC
0x4ce584 IsChild
0x4ce588 DestroyMenu
0x4ce58c SetForegroundWindow
0x4ce590 GetWindowRect
0x4ce594 EqualRect
0x4ce598 UpdateWindow
0x4ce59c ValidateRect
0x4ce5a0 InvalidateRect
0x4ce5a4 GetClientRect
0x4ce5a8 GetFocus
0x4ce5ac GetParent
0x4ce5b0 GetTopWindow
0x4ce5b4 PostMessageA
0x4ce5b8 IsWindow
0x4ce5bc SetParent
0x4ce5c0 DestroyCursor
0x4ce5c4 SendMessageA
0x4ce5c8 SetWindowPos
0x4ce5cc MessageBoxA
0x4ce5d0 GetCursorPos
0x4ce5d4 GetSystemMetrics
0x4ce5d8 EmptyClipboard
0x4ce5dc SetClipboardData
0x4ce5e0 OpenClipboard
0x4ce5e4 GetClipboardData
0x4ce5e8 CloseClipboard
0x4ce5ec wsprintfA
0x4ce5f0 WaitForInputIdle
0x4ce5f4 DrawFrameControl
0x4ce5f8 LoadIconA
0x4ce5fc GetDesktopWindow
0x4ce600 GetClassNameA
0x4ce608 FindWindowA
0x4ce60c GetDlgItem
0x4ce610 GetWindowTextA
0x4ce614 CallWindowProcA
0x4ce618 CreateWindowExA
0x4ce61c RegisterHotKey
0x4ce620 UnregisterHotKey
0x4ce624 GetForegroundWindow
0x4ce62c GetKeyState
0x4ce634 MoveWindow
0x4ce638 IsWindowEnabled
0x4ce63c GetWindow
0x4ce640 UnregisterClassA
0x4ce644 TranslateMessage
0x4ce64c CharUpperA
0x4ce650 GetWindowDC
0x4ce654 BeginPaint
0x4ce658 EndPaint
0x4ce65c TabbedTextOutA
0x4ce660 DrawTextA
0x4ce664 GrayStringA
0x4ce668 DestroyWindow
0x4ce670 EndDialog
0x4ce674 GetNextDlgTabItem
0x4ce678 GetWindowPlacement
0x4ce680 GetLastActivePopup
0x4ce684 GetMessageTime
0x4ce688 RemovePropA
0x4ce68c GetPropA
0x4ce690 UnhookWindowsHookEx
0x4ce694 SetPropA
0x4ce698 GetClassLongA
0x4ce69c CallNextHookEx
0x4ce6a0 SetWindowsHookExA
0x4ce6a4 GetMenuItemID
0x4ce6a8 GetMenuItemCount
0x4ce6ac RegisterClassA
0x4ce6b0 GetScrollPos
0x4ce6b4 AdjustWindowRectEx
0x4ce6b8 MapWindowPoints
0x4ce6bc SendDlgItemMessageA
0x4ce6c0 ScrollWindowEx
0x4ce6c4 IsDialogMessageA
0x4ce6c8 SetWindowTextA
库: GDI32.dll:
0x4ce048 LineTo
0x4ce04c MoveToEx
0x4ce050 ExcludeClipRect
0x4ce054 GetClipBox
0x4ce058 ScaleWindowExtEx
0x4ce05c PatBlt
0x4ce060 CombineRgn
0x4ce064 CreateRectRgn
0x4ce068 FillRgn
0x4ce06c CreateSolidBrush
0x4ce070 CreateFontIndirectA
0x4ce074 GetStockObject
0x4ce078 GetObjectA
0x4ce07c EndPage
0x4ce080 EndDoc
0x4ce084 DeleteDC
0x4ce088 StartDocA
0x4ce08c StartPage
0x4ce090 BitBlt
0x4ce094 CreateCompatibleDC
0x4ce098 Ellipse
0x4ce09c Rectangle
0x4ce0a0 ExtSelectClipRgn
0x4ce0a4 DPtoLP
0x4ce0a8 GetCurrentObject
0x4ce0ac RoundRect
0x4ce0b4 GetDeviceCaps
0x4ce0b8 SetStretchBltMode
0x4ce0c0 SetBkColor
0x4ce0c4 CreateFontA
0x4ce0cc SetWindowExtEx
0x4ce0d0 SetWindowOrgEx
0x4ce0d4 ScaleViewportExtEx
0x4ce0d8 SetViewportExtEx
0x4ce0dc OffsetViewportOrgEx
0x4ce0e0 SetViewportOrgEx
0x4ce0e4 SetMapMode
0x4ce0e8 SetTextColor
0x4ce0ec SetROP2
0x4ce0f0 SetPolyFillMode
0x4ce0f4 SetBkMode
0x4ce0f8 GetViewportExtEx
0x4ce0fc PtVisible
0x4ce100 RectVisible
0x4ce104 TextOutA
0x4ce108 ExtTextOutA
0x4ce10c Escape
0x4ce110 GetTextMetricsA
0x4ce114 CreatePen
0x4ce118 SelectObject
0x4ce11c CreateBitmap
0x4ce120 CreateDCA
0x4ce128 GetPolyFillMode
0x4ce12c GetStretchBltMode
0x4ce130 GetROP2
0x4ce134 GetBkColor
0x4ce138 GetBkMode
0x4ce13c GetTextColor
0x4ce140 RestoreDC
0x4ce144 SaveDC
0x4ce148 CreateRoundRectRgn
0x4ce14c CreateEllipticRgn
0x4ce150 PathToRegion
0x4ce154 EndPath
0x4ce158 BeginPath
0x4ce15c GetWindowOrgEx
0x4ce160 GetViewportOrgEx
0x4ce164 GetWindowExtEx
0x4ce168 GetDIBits
0x4ce16c RealizePalette
0x4ce170 SelectPalette
0x4ce174 StretchBlt
0x4ce178 CreatePalette
0x4ce17c GetClipRgn
0x4ce180 CreateDIBitmap
0x4ce184 DeleteObject
0x4ce188 SelectClipRgn
0x4ce18c LPtoDP
0x4ce194 CreatePolygonRgn
库: WINSPOOL.DRV:
0x4ce71c OpenPrinterA
0x4ce720 DocumentPropertiesA
0x4ce724 ClosePrinter
库: ADVAPI32.dll:
0x4ce000 RegQueryValueExA
0x4ce004 RegOpenKeyExA
0x4ce008 RegSetValueExA
0x4ce00c RegQueryValueA
0x4ce010 RegCreateKeyExA
0x4ce014 RegCloseKey
库: SHELL32.dll:
0x4ce43c DragFinish
0x4ce440 DragAcceptFiles
0x4ce444 DragQueryFileA
0x4ce448 ShellExecuteA
0x4ce44c Shell_NotifyIconA
库: ole32.dll:
0x4ce76c CLSIDFromProgID
0x4ce770 OleRun
0x4ce774 CoCreateInstance
0x4ce778 CLSIDFromString
0x4ce77c OleUninitialize
0x4ce780 OleInitialize
库: OLEAUT32.dll:
0x4ce3ec UnRegisterTypeLib
0x4ce3f0 LoadTypeLib
0x4ce3f4 LHashValOfNameSys
0x4ce3f8 RegisterTypeLib
0x4ce3fc SafeArrayPutElement
0x4ce400 SafeArrayCreate
0x4ce404 SafeArrayDestroy
0x4ce408 SysAllocString
0x4ce40c VariantInit
0x4ce410 VariantCopyInd
0x4ce414 SafeArrayGetElement
0x4ce418 SafeArrayAccessData
0x4ce420 SafeArrayGetDim
0x4ce424 SafeArrayGetLBound
0x4ce428 SafeArrayGetUBound
0x4ce42c VariantChangeType
0x4ce430 VariantClear
0x4ce434 VariantCopy
库: COMCTL32.dll:
0x4ce01c ImageList_Add
0x4ce020 ImageList_BeginDrag
0x4ce024 ImageList_Create
0x4ce028 ImageList_Destroy
0x4ce02c ImageList_DragEnter
0x4ce030 ImageList_DragLeave
0x4ce034 ImageList_DragMove
0x4ce03c ImageList_EndDrag
0x4ce040 None
库: comdlg32.dll:
0x4ce758 ChooseColorA
0x4ce75c GetFileTitleA
0x4ce760 GetSaveFileNameA
0x4ce764 GetOpenFileNameA
.text
`.rdata
@.data
.rsrc
@.awang
VMProtect begin
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
没有防病毒引擎扫描信息!

进程树

HYXD.exe, PID: 2488, 上一级进程 PID: 2168
PUBG.exe, PID: 2720, 上一级进程 PID: 2488
HYXD.exe, PID: 2784, 上一级进程 PID: 2488
cmd.exe, PID: 2884, 上一级进程 PID: 2720
cmd.exe, PID: 2924, 上一级进程 PID: 2720
47.exe, PID: 3016, 上一级进程 PID: 2884
r.exe, PID: 2216, 上一级进程 PID: 2924
PUBG.exe, PID: 2328, 上一级进程 PID: 2784
services.exe, PID: 432, 上一级进程 PID: 344
svchost.exe, PID: 2756, 上一级进程 PID: 432
svchost.exe, PID: 2308, 上一级进程 PID: 432
TXPlatforn.exe, PID: 2716, 上一级进程 PID: 432
cmd.exe, PID: 3044, 上一级进程 PID: 3016
TXPlatforn.exe, PID: 2180, 上一级进程 PID: 2716
主动防御服务.exe, PID: 3028, 上一级进程 PID: 2308
PING.EXE, PID: 3040, 上一级进程 PID: 3044
mscorsvw.exe, PID: 1328, 上一级进程 PID: 432
mscorsvw.exe, PID: 1864, 上一级进程 PID: 432
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49168 114.80.187.102 wwa.lanzoui.com 443
192.168.122.201 49167 23.218.94.155 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
A 23.218.94.163
CNAME a1983.dscd.akamai.net
A 23.218.94.155
wwa.lanzoui.com CNAME all.lanzoui.com.w.kunlungr.com
A 114.80.187.102
hackerinvasion.f3322.net A 81.69.249.244

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49168 114.80.187.102 wwa.lanzoui.com 443
192.168.122.201 49167 23.218.94.155 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2021-06-19 02:08:29.188725+0800 192.168.122.201 49168 114.80.187.102 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2 CN=*.lanzoui.com d1:7a:6f:b5:77:df:e3:2b:dd:d9:0d:7b:e3:d4:63:2c:e6:c6:44:09

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 22.779 seconds )

  • 11.74 Suricata
  • 3.866 BehaviorAnalysis
  • 2.84 NetworkAnalysis
  • 1.928 Static
  • 1.299 VirusTotal
  • 0.663 TargetInfo
  • 0.389 peid
  • 0.028 AnalysisInfo
  • 0.012 Strings
  • 0.009 Memory
  • 0.005 config_decoder

Signatures ( 3.092 seconds )

  • 1.408 md_url_bl
  • 0.246 api_spamming
  • 0.185 stealth_decoy_document
  • 0.129 stealth_timeout
  • 0.114 injection_createremotethread
  • 0.114 process_interest
  • 0.08 antiav_detectreg
  • 0.079 vawtrak_behavior
  • 0.071 injection_runpe
  • 0.049 process_needed
  • 0.033 infostealer_ftp
  • 0.03 md_domain_bl
  • 0.029 stealth_file
  • 0.026 antiemu_wine_func
  • 0.025 kovter_behavior
  • 0.024 mimics_filetime
  • 0.021 reads_self
  • 0.021 infostealer_browser_password
  • 0.021 ransomware_extensions
  • 0.02 antisandbox_sleep
  • 0.02 virus
  • 0.019 antivm_generic_disk
  • 0.017 infostealer_im
  • 0.016 bootkit
  • 0.016 antivm_generic_scsi
  • 0.016 hancitor_behavior
  • 0.016 antianalysis_detectreg
  • 0.013 antivm_vbox_libs
  • 0.01 antiav_avast_libs
  • 0.01 antivm_generic_services
  • 0.01 betabot_behavior
  • 0.01 antisandbox_sunbelt_libs
  • 0.01 shifu_behavior
  • 0.01 infostealer_mail
  • 0.009 andromeda_behavior
  • 0.009 antiav_detectfile
  • 0.008 antisandbox_sboxie_libs
  • 0.008 antiav_bitdefender_libs
  • 0.008 anomaly_persistence_autorun
  • 0.008 exec_crash
  • 0.008 anormaly_invoke_kills
  • 0.007 kibex_behavior
  • 0.007 antivm_vmware_events
  • 0.006 geodo_banking_trojan
  • 0.006 infostealer_bitcoin
  • 0.005 cryptowall_behavior
  • 0.005 ransomware_files
  • 0.004 antivm_vmware_libs
  • 0.004 maldun_anomaly_massive_file_ops
  • 0.004 Locky_behavior
  • 0.004 antivm_xen_keys
  • 0.004 darkcomet_regkeys
  • 0.003 injection_explorer
  • 0.003 antivm_generic_diskreg
  • 0.003 antivm_parallels_keys
  • 0.003 antivm_vbox_files
  • 0.003 disables_browser_warn
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 rat_nanocore
  • 0.002 cerber_behavior
  • 0.002 browser_security
  • 0.002 network_torgateway
  • 0.002 recon_fingerprint
  • 0.001 hawkeye_behavior
  • 0.001 network_tor
  • 0.001 infostealer_browser
  • 0.001 dridex_behavior
  • 0.001 sets_autoconfig_url
  • 0.001 kazybot_behavior
  • 0.001 dyre_behavior
  • 0.001 antidbg_windows
  • 0.001 bypass_firewall
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antisandbox_productid
  • 0.001 antivm_xen_keys
  • 0.001 antivm_hyperv_keys
  • 0.001 antivm_vbox_acpi
  • 0.001 antivm_vbox_keys
  • 0.001 antivm_vmware_keys
  • 0.001 antivm_vpc_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 maldun_anomaly_invoke_vb_vba
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 packer_armadillo_regkey
  • 0.001 rat_pcclient
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.687 seconds )

  • 0.627 ReportHTMLSummary
  • 0.06 Malheur
Task ID 641036
Mongo ID 60cce1ae7e769a1c5870e28f
Cuckoo release 1.4-Maldun