恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-shaapp02-1	2021-08-10 22:55:10	2021-08-10 22:55:12	2 秒

魔盾分数

1.4

正常的

文件详细信息

文件名	阿里云盘变本地硬盘-1.1.34_2.exe
文件大小	24044755 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	6f0ae80959c84527a887615031624b0c
SHA1	a2010b21f67cc43c65805d7d422911ac7078497c
SHA256	0832333561ad65fca4df8bd7ca821944e072efb9e3b02f7d515344f0c262d3f5
SHA512	6dbae8404d67cf5799f94295beab9d2e9719d640029681d852e09672ee7b747bed642eae108072a442914f12df39fd403fcbacf5ad4284f5fad67a7d90c67cd6
CRC32	CB4BDA11
Ssdeep	393216:V+iWULLbnOrfrrlPiwf5XRdasLDuOQg0y0uMtT2JFIbc3SqgTOlcb:V3T/qrfvJioda89QgDTMtT2Dscv7lc
Yara	登录查看Yara规则
	样本下载提交漏报

登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址	0x00400000
入口地址	0x004b5eec
声明校验值	0x00000000
最低操作系统版本要求	6.1
编译时间	2021-06-03 16:09:11
载入哈希	5a594319a0d69dbc452e748bcf05892e
导出DLL库名称	\x38\x31\x31\x31\x31\x37\x31\x31\x34\x31\x31\x31

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
OriginalFileName
Translation

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x000b361c	0x000b3800	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.36
.itext	0x000b5000	0x00001688	0x00001800	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	5.97
.data	0x000b7000	0x000037a4	0x00003800	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	5.04
.bss	0x000bb000	0x00006de8	0x00000000	IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	0.00
.idata	0x000c2000	0x00000f36	0x00001000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	4.90
.didata	0x000c3000	0x000001a4	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	2.76
.edata	0x000c4000	0x0000009a	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	1.87
.tls	0x000c5000	0x00000018	0x00000000	IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	0.00
.rdata	0x000c6000	0x0000005d	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	1.38
.rsrc	0x000c7000	0x00010e00	0x00010e00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	3.71

覆盖

偏移量	0x000d7e00
大小	0x016166d3

导入

库: kernel32.dll:

• 0x4c22e4 GetACP

• 0x4c22e8 GetExitCodeProcess

• 0x4c22ec LocalFree

• 0x4c22f0 CloseHandle

• 0x4c22f4 SizeofResource

• 0x4c22f8 VirtualProtect

• 0x4c22fc VirtualFree

• 0x4c2300 GetFullPathNameW

• 0x4c2304 ExitProcess

• 0x4c2308 HeapAlloc

• 0x4c230c GetCPInfoExW

• 0x4c2310 RtlUnwind

• 0x4c2314 GetCPInfo

• 0x4c2318 GetStdHandle

• 0x4c231c GetModuleHandleW

• 0x4c2320 FreeLibrary

• 0x4c2324 HeapDestroy

• 0x4c2328 ReadFile

• 0x4c232c CreateProcessW

• 0x4c2330 GetLastError

• 0x4c2334 GetModuleFileNameW

• 0x4c2338 SetLastError

• 0x4c233c FindResourceW

• 0x4c2340 CreateThread

• 0x4c2344 CompareStringW

• 0x4c2348 LoadLibraryA

• 0x4c234c ResetEvent

• 0x4c2350 GetVersion

• 0x4c2354 RaiseException

• 0x4c2358 FormatMessageW

• 0x4c235c SwitchToThread

• 0x4c2360 GetExitCodeThread

• 0x4c2364 GetCurrentThread

• 0x4c2368 LoadLibraryExW

• 0x4c236c LockResource

• 0x4c2370 GetCurrentThreadId

• 0x4c2374 UnhandledExceptionFilter

• 0x4c2378 VirtualQuery

• 0x4c237c VirtualQueryEx

• 0x4c2380 Sleep

• 0x4c2384 EnterCriticalSection

• 0x4c2388 SetFilePointer

• 0x4c238c LoadResource

• 0x4c2390 SuspendThread

• 0x4c2394 GetTickCount

• 0x4c2398 GetFileSize

• 0x4c239c GetStartupInfoW

• 0x4c23a0 GetFileAttributesW

• 0x4c23a4 InitializeCriticalSection

• 0x4c23a8 GetThreadPriority

• 0x4c23ac SetThreadPriority

• 0x4c23b0 GetCurrentProcess

• 0x4c23b4 VirtualAlloc

• 0x4c23b8 GetSystemInfo

• 0x4c23bc GetCommandLineW

• 0x4c23c0 LeaveCriticalSection

• 0x4c23c4 GetProcAddress

• 0x4c23c8 ResumeThread

• 0x4c23cc GetVersionExW

• 0x4c23d0 VerifyVersionInfoW

• 0x4c23d4 HeapCreate

• 0x4c23d8 GetWindowsDirectoryW

• 0x4c23dc VerSetConditionMask

• 0x4c23e0 GetDiskFreeSpaceW

• 0x4c23e4 FindFirstFileW

• 0x4c23e8 GetUserDefaultUILanguage

• 0x4c23ec lstrlenW

• 0x4c23f0 QueryPerformanceCounter

• 0x4c23f4 SetEndOfFile

• 0x4c23f8 HeapFree

• 0x4c23fc WideCharToMultiByte

• 0x4c2400 FindClose

• 0x4c2404 MultiByteToWideChar

• 0x4c2408 LoadLibraryW

• 0x4c240c SetEvent

• 0x4c2410 CreateFileW

• 0x4c2414 GetLocaleInfoW

• 0x4c2418 GetSystemDirectoryW

• 0x4c241c DeleteFileW

• 0x4c2420 GetLocalTime

• 0x4c2424 GetEnvironmentVariableW

• 0x4c2428 WaitForSingleObject

• 0x4c242c WriteFile

• 0x4c2430 ExitThread

• 0x4c2434 DeleteCriticalSection

• 0x4c2438 TlsGetValue

• 0x4c243c GetDateFormatW

• 0x4c2440 SetErrorMode

• 0x4c2444 IsValidLocale

• 0x4c2448 TlsSetValue

• 0x4c244c CreateDirectoryW

• 0x4c2450 GetSystemDefaultUILanguage

• 0x4c2454 EnumCalendarInfoW

• 0x4c2458 LocalAlloc

• 0x4c245c GetUserDefaultLangID

• 0x4c2460 RemoveDirectoryW

• 0x4c2464 CreateEventW

• 0x4c2468 SetThreadLocale

• 0x4c246c GetThreadLocale

库: comctl32.dll:

• 0x4c2474 InitCommonControls

库: version.dll:

• 0x4c247c GetFileVersionInfoSizeW

• 0x4c2480 VerQueryValueW

• 0x4c2484 GetFileVersionInfoW

库: user32.dll:

• 0x4c248c CreateWindowExW

• 0x4c2490 TranslateMessage

• 0x4c2494 CharLowerBuffW

• 0x4c2498 CallWindowProcW

• 0x4c249c CharUpperW

• 0x4c24a0 PeekMessageW

• 0x4c24a4 GetSystemMetrics

• 0x4c24a8 SetWindowLongW

• 0x4c24ac MessageBoxW

• 0x4c24b0 DestroyWindow

• 0x4c24b4 CharUpperBuffW

• 0x4c24b8 CharNextW

• 0x4c24bc MsgWaitForMultipleObjects

• 0x4c24c0 LoadStringW

• 0x4c24c4 ExitWindowsEx

• 0x4c24c8 DispatchMessageW

库: oleaut32.dll:

• 0x4c24d0 SysAllocStringLen

• 0x4c24d4 SafeArrayPtrOfIndex

• 0x4c24d8 VariantCopy

• 0x4c24dc SafeArrayGetLBound

• 0x4c24e0 SafeArrayGetUBound

• 0x4c24e4 VariantInit

• 0x4c24e8 VariantClear

• 0x4c24ec SysFreeString

• 0x4c24f0 SysReAllocStringLen

• 0x4c24f4 VariantChangeType

• 0x4c24f8 SafeArrayCreate

库: netapi32.dll:

• 0x4c2500 NetWkstaGetInfo

• 0x4c2504 NetApiBufferFree

库: advapi32.dll:

• 0x4c250c RegQueryValueExW

• 0x4c2510 AdjustTokenPrivileges

• 0x4c2514 LookupPrivilegeValueW

• 0x4c2518 RegCloseKey

• 0x4c251c OpenProcessToken

• 0x4c2520 RegOpenKeyExW

导出

序列	地址	名称
3	0x454060	TMethodImplementationIntercept
2	0x40d0a0	__dbk_fcall_wrapper
1	0x4be63c	dbkFCallWrapperAddr

.text
`.itext
`.data
.idata
.didata
.edata
@.tls
.rdata
@.rsrc
ShortInt
Pointer
Int64
UInt64
Single
ByteBool
AnsiString
&op_Equality
&op_Inequality
Empty
Create
Create
&op_Equality
&op_Inequality
&op_GreaterThan
&op_GreaterThanOrEqual
&op_LessThan
&op_LessThanOrEqual
TObject&
System
TCustomAttribute
System
System
UnsafeAttribute
UnsafeAttribute@!@
System
System
HPPGENAttribute5
System
PMonitorT$@
Enter
SetSpinCount
Enter
Enter
TryEnter
Pulse
PulseAll
IInterface
TInterfacedObject1
System
RefCount
PPointer
PPackageTypeInfo(1@
PLibModuleh2@
PResStringRec83@
Exponent
Fraction
Mantissa
SpecialType
BuildUp
&op_Explicit
&op_Explicit
PExceptionRecordD5@
TExceptionRecordP
An unexpected memory leak has occurred. 
The sizes of unexpected leaked medium and large blocks are: 
 bytes: 
Unknown
AnsiString
UnicodeString
Unexpected Memory Leak
Uhn\@
UhW^@
Uh7c@
GetLogicalProcessorInformation
Uhzf@
UhZj@
Ph`n@
Uhjt@
Uhgu@
SVWUj
SVWRPj
SVWUj
zh-TW,zh-Hant,zh
es-ES_tradnl
nb-NO,nb,no
tg-Cyrl-TJ
az-Latn-AZ
uz-Latn-UZ
mn-MN,mn-Cyrl,mn
iu-Cans-CA
ha-Latn-NG
qps-ploc,en
qps-ploca,ja
zh-CN,zh-Hans,zh
nn-NO,nn,no
sr-Latn-CS
az-Cyrl-AZ
dsb-DE,dsb,hsb
uz-Cyrl-UZ
mn-Mong-CN
iu-Latn-CA
tzm-Latn-DZ
qps-plocm,ar
zh-HK,zh-Hant,zh
sr-Cyrl-CS
zh-SG,zh-Hans,zh
smj-NO,smj,se
zh-MO,zh-Hant,zh
bs-Latn-BA
smj-SE,smj,se
sr-Latn-BA
sma-NO,sma,se
sr-Cyrl-BA
sma-SE,sma,se
bs-Cyrl-BA
sms-FI,sms,se
sr-Latn-RS
smn-FI,smn,se
sr-Cyrl-RS
sr-Latn-ME
sr-Cyrl-ME
GetThreadPreferredUILanguages
SetThreadPreferredUILanguages
GetThreadUILanguage
GetLongPathNameW
TInstItem.TBucketArray|
TInstItem
Create
Destroy
RegisterWeakRef
UnregisterWeakRef
RegisterWeakMethodRef
UnregisterWeakMethodRef
Initialize
Finalize
Unlock
AddInstItem
FindInstItem
RemoveInstItem
Destroy
Initialize
Finalize
RegisterWeakRef
UnregisterWeakRef
RegisterWeakMethodRef
UnregisterWeakMethodRef
IsRegistered
TMultiWaitEvent.TMultiWaiter&
System.Types
System.Types
 !"#$
%&'()*+
FGHIJKLMN&OPQRS
TUVW'XYZ[\]^_`(
hij@klmn-opqArstu
abc?defg
%&'()*+,
@klmn-opqArstu
Exception3
System.SysUtils
StackTrace
StackInfo
EArgumentException
EArgumentExceptionxUA
System.SysUtils
EArgumentOutOfRangeException
EArgumentOutOfRangeException0VA
System.SysUtils
EListError
System.SysUtils
EAbort
System.SysUtils
EHeapException,
EHeapException@XA
System.SysUtils
EOutOfMemory
EOutOfMemory@YA
System.SysUtils
EInOutError
System.SysUtils
EExternal
System.SysUtils
EExternalException
EExternalExceptiont[A
System.SysUtils
EIntErrorH\A
EIntError,\A
System.SysUtils
EDivByZero
System.SysUtils
ERangeError
ERangeErrorx]A
System.SysUtils
EIntOverflow
EIntOverflow ^A
System.SysUtils
EMathError
System.SysUtils
EInvalidOp
EInvalidOpp_A
System.SysUtils
EZeroDivide
System.SysUtils
System.SysUtils
EUnderflow
EUnderflowdaA
System.SysUtils
EInvalidPointer
System.SysUtils
EInvalidCast
System.SysUtils
EConvertErrordcA
System.SysUtils
EAccessViolation
System.SysUtils
EPrivilege
System.SysUtils
EStackOverflow
EStackOverflowheA
System.SysUtils
EControlC4fA
System.SysUtils
System.SysUtils
EAssertionFailed
EAssertionFailedhgA
System.SysUtils
EAbstractError
System.SysUtils
EIntfCastError
System.SysUtils
EOSErrorxiA
System.SysUtils
ESafecallException
ESafecallException4jA
System.SysUtils
EMonitor
System.SysUtils
System.SysUtils
ENoMonitorSupportException
ENoMonitorSupportExceptionHlA
System.SysUtils
ENotImplemented
System.SysUtils
EObjectDisposed
System.SysUtils
:TFormatSettings.:10
:TFormatSettings.:20
Create
Create
Create
Invariant
GetEraYearOffset
TThreadLocalCounter'
System.SysUtils
=?8vA
$TMultiReadExclusiveWriteSynchronizer&
System.SysUtils
RevisionLevel
EEncodingError
System.SysUtils
TEncoding%
System.SysUtils
MIMEName
IsSingleByte
TMBCSEncoding&
System.SysUtils
TUTF7Encoding&
System.SysUtils
TUTF8Encoding&
System.SysUtils
TUnicodeEncoding&
System.SysUtils
$Tjdj
kernel32.dll
kernel32.dll
kernel32.dll
Software\Embarcadero\Locales
Software\CodeGear\Locales
Software\Borland\Locales
Software\Borland\Delphi\Locales
 0@P`p
False
AM/PM
m/d/yy
mmmm d, yyyy
 AMPM
AMPM 
:mm:ss
CompareStringOrdinal
kernel32.dll
RtlCompareUnicodeString
NTDLL.DLL

没有防病毒引擎扫描信息!

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 34.997 seconds )

30.278 Static
4.185 TargetInfo
0.377 peid
0.09 Strings
0.054 config_decoder
0.009 AnalysisInfo
0.002 BehaviorAnalysis
0.002 Memory

Signatures ( 0.075 seconds )

0.011 antiav_detectreg
0.009 md_domain_bl
0.009 md_url_bl
0.005 anomaly_persistence_autorun
0.005 infostealer_ftp
0.004 antiav_detectfile
0.004 ransomware_files
0.003 infostealer_bitcoin
0.003 infostealer_im
0.003 ransomware_extensions
0.002 tinba_behavior
0.002 antianalysis_detectreg
0.002 antivm_vbox_files
0.002 disables_browser_warn
0.002 infostealer_mail
0.001 rat_nanocore
0.001 cerber_behavior
0.001 geodo_banking_trojan
0.001 bot_drive
0.001 bot_drive2
0.001 browser_security
0.001 modify_proxy
0.001 maldun_malicious_drop_executable_file_to_temp_folder
0.001 md_bad_drop

Reporting ( 0.441 seconds )

0.436 ReportHTMLSummary
0.005 Malheur


Task ID	649867
Mongo ID	61129382dc327b0713418eeb
Cuckoo release	1.4-Maldun