比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2021-07-02 19:15:58 2021-07-02 19:15:59 1 秒

魔盾分数

4.8

可疑的

文件详细信息

文件名 潘多拉0702.exe
文件大小 1130496 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 b89eb17f09596ddd2e15cfa511c9d6c4
SHA1 7b7b5f693dbc8fb77ef85b655e44780df8de038f
SHA256 447bc8d4855efc99c80551e82a709bc431ad4e9db3d03bef399d85aab136f0c2
SHA512 4167d05bfc99637a46ae1ffc20284f28662e7a0b0248af814ee713ba9b3aa3fd4f958226c891ac95bccd10626aea871d59ac0fdd68ef1b86a9a04955797c0beb
CRC32 85E7C784
Ssdeep 24576:MI+ttrHEjRTeUqsi7b4Ls65pzoRlG4Hw4X2RJDJVkl9oLCqq1ttuikJ/5:MI+ttrHEjms9s65OlG4Qe2fDJVkl9oLz
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00493751
声明校验值 0x00000000
实际校验值 0x00120d61
最低操作系统版本要求 4.0
编译时间 2021-07-02 19:14:59
载入哈希 8ed4664fd3e022cf3bb2aee2f873c01a

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000b203e 0x000b3000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.55
.rdata 0x000b4000 0x000418ca 0x00042000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.79
.data 0x000f6000 0x00043de8 0x00018000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.97
.rsrc 0x0013a000 0x0000595c 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.83

导入

库: KERNEL32.dll:
0x4b417c CreateDirectoryA
0x4b4180 SuspendThread
0x4b4184 ReleaseMutex
0x4b4188 CreateMutexA
0x4b418c TerminateThread
0x4b4190 SetFileTime
0x4b4198 GetLocalTime
0x4b41a0 DuplicateHandle
0x4b41a4 GetFileType
0x4b41a8 GetFileSize
0x4b41ac SetFilePointer
0x4b41b8 lstrcpynA
0x4b41bc lstrcmpiA
0x4b41c0 lstrcmpA
0x4b41c4 SetStdHandle
0x4b41c8 IsBadCodePtr
0x4b41cc IsBadReadPtr
0x4b41d0 CompareStringW
0x4b41d4 CompareStringA
0x4b41dc GetStringTypeW
0x4b41e0 GetStringTypeA
0x4b41e4 IsBadWritePtr
0x4b41e8 VirtualAlloc
0x4b41ec LCMapStringW
0x4b41f0 LCMapStringA
0x4b41f8 VirtualFree
0x4b41fc HeapCreate
0x4b4200 HeapDestroy
0x4b4208 GetStdHandle
0x4b420c SetHandleCount
0x4b4224 GetACP
0x4b4228 HeapSize
0x4b422c TerminateProcess
0x4b4230 RaiseException
0x4b4234 GetSystemTime
0x4b423c RtlUnwind
0x4b4240 GetStartupInfoA
0x4b4244 GetOEMCP
0x4b4248 GetCPInfo
0x4b424c GetProcessVersion
0x4b4250 SetErrorMode
0x4b4254 GlobalFlags
0x4b4258 GetCurrentThread
0x4b425c GetFileTime
0x4b4260 TlsGetValue
0x4b4264 LocalReAlloc
0x4b4268 TlsSetValue
0x4b426c TlsFree
0x4b4270 GlobalHandle
0x4b4274 TlsAlloc
0x4b4278 LocalAlloc
0x4b427c GetVersion
0x4b4280 IsDBCSLeadByte
0x4b4284 WideCharToMultiByte
0x4b4288 MultiByteToWideChar
0x4b428c GetCurrentProcess
0x4b4290 CreateSemaphoreA
0x4b4294 ResumeThread
0x4b4298 ReleaseSemaphore
0x4b42a4 GetProfileStringA
0x4b42a8 WriteFile
0x4b42ac ReadFile
0x4b42b4 CreateFileA
0x4b42b8 SetEvent
0x4b42bc FindResourceA
0x4b42c0 LoadResource
0x4b42c4 LockResource
0x4b42c8 lstrlenW
0x4b42cc GetModuleFileNameA
0x4b42d0 GetCurrentThreadId
0x4b42d4 ExitProcess
0x4b42d8 GlobalSize
0x4b42dc GlobalFree
0x4b42e8 lstrcatA
0x4b42ec lstrlenA
0x4b42f0 WinExec
0x4b42f4 lstrcpyA
0x4b42f8 FindNextFileA
0x4b42fc GlobalReAlloc
0x4b4300 HeapFree
0x4b4304 HeapReAlloc
0x4b4308 GetProcessHeap
0x4b430c HeapAlloc
0x4b4310 GetUserDefaultLCID
0x4b4314 GetFullPathNameA
0x4b4318 FreeLibrary
0x4b431c LoadLibraryA
0x4b4320 GetLastError
0x4b4324 GetVersionExA
0x4b432c CreateThread
0x4b4330 CreateEventA
0x4b4334 Sleep
0x4b4338 GlobalGetAtomNameA
0x4b433c GlobalAddAtomA
0x4b4340 GlobalFindAtomA
0x4b4344 GlobalDeleteAtom
0x4b4348 SetEndOfFile
0x4b434c UnlockFile
0x4b4350 LockFile
0x4b4354 FlushFileBuffers
0x4b4358 SetLastError
0x4b435c LocalFree
0x4b436c GlobalAlloc
0x4b4370 GlobalLock
0x4b4374 GlobalUnlock
0x4b4378 FindFirstFileA
0x4b437c FindClose
0x4b4380 SetFileAttributesA
0x4b4384 GetFileAttributesA
0x4b4388 DeleteFileA
0x4b4394 GetModuleHandleA
0x4b4398 GetProcAddress
0x4b439c CloseHandle
0x4b43a0 MulDiv
0x4b43a4 GetCommandLineA
0x4b43a8 GetTickCount
0x4b43ac CreateProcessA
0x4b43b0 WaitForSingleObject
库: USER32.dll:
0x4b4414 OpenClipboard
0x4b4418 GetClipboardData
0x4b441c CloseClipboard
0x4b4420 wsprintfA
0x4b4424 WaitForInputIdle
0x4b4428 GrayStringA
0x4b442c SetClipboardData
0x4b4430 EmptyClipboard
0x4b4434 GetSystemMetrics
0x4b4438 GetCursorPos
0x4b443c MessageBoxA
0x4b4440 SetWindowPos
0x4b4444 SendMessageA
0x4b4448 DestroyCursor
0x4b444c SetParent
0x4b4450 IsWindow
0x4b4454 PostMessageA
0x4b4458 GetTopWindow
0x4b445c GetParent
0x4b4460 GetFocus
0x4b4464 GetClientRect
0x4b4468 InvalidateRect
0x4b446c ValidateRect
0x4b4470 UpdateWindow
0x4b4474 EqualRect
0x4b4478 GetWindowRect
0x4b447c SetForegroundWindow
0x4b4480 DestroyMenu
0x4b4484 IsChild
0x4b4488 ReleaseDC
0x4b448c IsRectEmpty
0x4b4490 FillRect
0x4b4494 GetDC
0x4b4498 SetCursor
0x4b449c LoadCursorA
0x4b44a0 SetCursorPos
0x4b44a4 SetActiveWindow
0x4b44a8 GetSysColor
0x4b44ac CharUpperA
0x4b44b0 GetForegroundWindow
0x4b44b4 TranslateMessage
0x4b44b8 LoadIconA
0x4b44bc DrawFrameControl
0x4b44c0 DrawEdge
0x4b44c4 DrawFocusRect
0x4b44c8 WindowFromPoint
0x4b44cc GetMessageA
0x4b44d0 DispatchMessageA
0x4b44d4 SetRectEmpty
0x4b44e4 DrawIconEx
0x4b44e8 CreatePopupMenu
0x4b44ec AppendMenuA
0x4b44f0 ModifyMenuA
0x4b44f4 CreateMenu
0x4b44fc GetDlgCtrlID
0x4b4500 GetSubMenu
0x4b4504 EnableMenuItem
0x4b4508 ClientToScreen
0x4b4510 LoadImageA
0x4b4518 ShowWindow
0x4b451c IsWindowEnabled
0x4b4524 GetKeyState
0x4b452c PostQuitMessage
0x4b4530 IsZoomed
0x4b4534 GetClassInfoA
0x4b4538 DefWindowProcA
0x4b453c GetSystemMenu
0x4b4540 DeleteMenu
0x4b4544 GetMenu
0x4b4548 SetMenu
0x4b454c PeekMessageA
0x4b4550 IsIconic
0x4b4554 SetFocus
0x4b4558 GetActiveWindow
0x4b455c GetWindow
0x4b4564 SetWindowRgn
0x4b4568 GetMessagePos
0x4b456c ScreenToClient
0x4b4574 CopyRect
0x4b4578 LoadBitmapA
0x4b457c WinHelpA
0x4b4580 KillTimer
0x4b4584 SetTimer
0x4b4588 GetWindowTextA
0x4b4590 GetWindowDC
0x4b4594 BeginPaint
0x4b4598 EndPaint
0x4b459c TabbedTextOutA
0x4b45a0 DrawTextA
0x4b45a4 UnregisterClassA
0x4b45a8 GetDlgItem
0x4b45ac DestroyWindow
0x4b45b4 EndDialog
0x4b45b8 GetNextDlgTabItem
0x4b45bc GetWindowPlacement
0x4b45c4 GetLastActivePopup
0x4b45c8 GetMessageTime
0x4b45cc RemovePropA
0x4b45d0 CallWindowProcA
0x4b45d4 GetPropA
0x4b45d8 UnhookWindowsHookEx
0x4b45dc SetPropA
0x4b45e0 GetClassLongA
0x4b45e4 CallNextHookEx
0x4b45e8 SetWindowsHookExA
0x4b45ec CreateWindowExA
0x4b45f0 GetMenuItemID
0x4b45f4 GetMenuItemCount
0x4b45f8 RegisterClassA
0x4b45fc GetScrollPos
0x4b4600 AdjustWindowRectEx
0x4b4604 MapWindowPoints
0x4b4608 SendDlgItemMessageA
0x4b460c ScrollWindowEx
0x4b4610 IsDialogMessageA
0x4b4614 SetWindowTextA
0x4b4618 MoveWindow
0x4b461c CheckMenuItem
0x4b4620 SetMenuItemBitmaps
0x4b4624 GetMenuState
0x4b462c GetClassNameA
0x4b4630 GetDesktopWindow
0x4b4634 LoadStringA
0x4b4638 GetSysColorBrush
0x4b463c ReleaseCapture
0x4b4640 GetCapture
0x4b4644 SetCapture
0x4b4648 GetScrollRange
0x4b464c SetScrollRange
0x4b4650 SetScrollPos
0x4b4654 SetRect
0x4b4658 InflateRect
0x4b465c IntersectRect
0x4b4660 DestroyIcon
0x4b4664 PtInRect
0x4b4668 OffsetRect
0x4b466c IsWindowVisible
0x4b4670 EnableWindow
0x4b4674 RedrawWindow
0x4b4678 GetWindowLongA
0x4b467c SetWindowLongA
库: GDI32.dll:
0x4b402c SetBkColor
0x4b4034 SetStretchBltMode
0x4b4038 GetClipRgn
0x4b403c CreatePolygonRgn
0x4b4040 SelectClipRgn
0x4b4044 DeleteObject
0x4b4048 CreateDIBitmap
0x4b4050 CreatePalette
0x4b4054 StretchBlt
0x4b4058 SelectPalette
0x4b405c RealizePalette
0x4b4060 GetDIBits
0x4b4064 GetWindowExtEx
0x4b4068 GetViewportOrgEx
0x4b406c GetWindowOrgEx
0x4b4070 BeginPath
0x4b4074 EndPath
0x4b4078 PathToRegion
0x4b407c CreateEllipticRgn
0x4b4080 CreateRoundRectRgn
0x4b4084 GetTextColor
0x4b4088 GetBkMode
0x4b408c GetBkColor
0x4b4090 GetROP2
0x4b4094 GetStretchBltMode
0x4b4098 GetPolyFillMode
0x4b40a0 CreateDCA
0x4b40a4 CreateBitmap
0x4b40a8 SelectObject
0x4b40ac CreatePen
0x4b40b0 PatBlt
0x4b40b4 CombineRgn
0x4b40b8 CreateRectRgn
0x4b40bc FillRgn
0x4b40c0 CreateSolidBrush
0x4b40c4 CreateFontIndirectA
0x4b40c8 GetStockObject
0x4b40cc GetObjectA
0x4b40d0 EndPage
0x4b40d4 EndDoc
0x4b40d8 DeleteDC
0x4b40dc StartDocA
0x4b40e0 StartPage
0x4b40e4 BitBlt
0x4b40e8 CreateCompatibleDC
0x4b40ec Ellipse
0x4b40f0 Rectangle
0x4b40f4 LPtoDP
0x4b40f8 DPtoLP
0x4b40fc GetCurrentObject
0x4b4100 RoundRect
0x4b4108 GetDeviceCaps
0x4b410c SaveDC
0x4b4110 RestoreDC
0x4b4114 SetBkMode
0x4b4118 SetPolyFillMode
0x4b411c SetROP2
0x4b4120 SetMapMode
0x4b4124 SetViewportOrgEx
0x4b4128 OffsetViewportOrgEx
0x4b412c SetViewportExtEx
0x4b4130 ScaleViewportExtEx
0x4b4134 SetWindowOrgEx
0x4b4138 SetWindowExtEx
0x4b413c ScaleWindowExtEx
0x4b4140 GetClipBox
0x4b4144 ExcludeClipRect
0x4b4148 MoveToEx
0x4b414c LineTo
0x4b4150 GetTextMetricsA
0x4b4154 Escape
0x4b4158 ExtTextOutA
0x4b415c TextOutA
0x4b4160 RectVisible
0x4b4164 PtVisible
0x4b4168 GetViewportExtEx
0x4b416c ExtSelectClipRgn
0x4b4170 SetTextColor
库: WINMM.dll:
0x4b4684 midiStreamRestart
0x4b4688 midiStreamClose
0x4b468c midiOutReset
0x4b4690 midiStreamStop
0x4b4694 midiStreamOut
0x4b469c midiStreamProperty
0x4b46a0 midiStreamOpen
0x4b46a8 waveOutOpen
0x4b46ac waveOutGetNumDevs
0x4b46b0 waveOutClose
0x4b46b4 waveOutReset
0x4b46b8 waveOutPause
0x4b46c4 waveOutRestart
0x4b46c8 waveOutWrite
库: WINSPOOL.DRV:
0x4b46d0 ClosePrinter
0x4b46d4 OpenPrinterA
0x4b46d8 DocumentPropertiesA
库: ADVAPI32.dll:
0x4b4000 RegCloseKey
0x4b4004 RegCreateKeyA
0x4b4008 RegSetValueExA
0x4b400c RegOpenKeyExA
0x4b4010 RegQueryValueExA
0x4b4014 RegQueryValueA
0x4b4018 RegCreateKeyExA
库: SHELL32.dll:
0x4b4408 Shell_NotifyIconA
0x4b440c ShellExecuteA
库: ole32.dll:
0x4b4720 CLSIDFromProgID
0x4b4724 OleInitialize
0x4b4728 OleUninitialize
0x4b472c CLSIDFromString
0x4b4730 CoCreateInstance
0x4b4734 OleRun
库: OLEAUT32.dll:
0x4b43b8 VariantInit
0x4b43bc VariantCopy
0x4b43c0 VariantClear
0x4b43c4 VariantChangeType
0x4b43c8 SafeArrayGetUBound
0x4b43cc SafeArrayGetLBound
0x4b43d0 SafeArrayGetDim
0x4b43d8 SafeArrayAccessData
0x4b43dc SafeArrayGetElement
0x4b43e0 VariantCopyInd
0x4b43e4 SysAllocString
0x4b43e8 SafeArrayDestroy
0x4b43ec SafeArrayCreate
0x4b43f0 SafeArrayPutElement
0x4b43f4 RegisterTypeLib
0x4b43f8 LHashValOfNameSys
0x4b43fc LoadTypeLib
0x4b4400 UnRegisterTypeLib
库: COMCTL32.dll:
0x4b4020 None
0x4b4024 ImageList_Destroy
库: WS2_32.dll:
0x4b46e0 closesocket
0x4b46e4 ntohl
0x4b46e8 accept
0x4b46ec getpeername
0x4b46f0 recv
0x4b46f4 ioctlsocket
0x4b46f8 recvfrom
0x4b46fc WSAAsyncSelect
0x4b4700 inet_ntoa
0x4b4704 WSACleanup
库: comdlg32.dll:
0x4b470c ChooseColorA
0x4b4710 GetSaveFileNameA
0x4b4714 GetOpenFileNameA
0x4b4718 GetFileTitleA
.text
`.rdata
@.data
.rsrc
t$ h`bO
8`}<j
DRQPj
T$|Vj
F<@5N
F<T5N
D$<H5N
没有防病毒引擎扫描信息!

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 5.306 seconds )

  • 3.295 Static
  • 1.188 VirusTotal
  • 0.427 TargetInfo
  • 0.367 peid
  • 0.012 Strings
  • 0.009 AnalysisInfo
  • 0.003 Memory
  • 0.003 config_decoder
  • 0.002 BehaviorAnalysis

Signatures ( 0.075 seconds )

  • 0.011 antiav_detectreg
  • 0.009 md_url_bl
  • 0.008 md_domain_bl
  • 0.005 anomaly_persistence_autorun
  • 0.005 infostealer_ftp
  • 0.004 antiav_detectfile
  • 0.004 ransomware_files
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_im
  • 0.003 ransomware_extensions
  • 0.002 tinba_behavior
  • 0.002 antianalysis_detectreg
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.001 rat_nanocore
  • 0.001 betabot_behavior
  • 0.001 cerber_behavior
  • 0.001 geodo_banking_trojan
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop

Reporting ( 0.475 seconds )

  • 0.469 ReportHTMLSummary
  • 0.006 Malheur
Task ID 643151
Mongo ID 60def581dc327b68f8057dfd
Cuckoo release 1.4-Maldun