比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2021-08-23 15:49:42 2021-08-23 15:49:42 0 秒

魔盾分数

1.4

正常的

文件详细信息

文件名 Terminator.exe
文件大小 79360 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 98aad859a61df9dd06a1849426880177
SHA1 a697f02365b42b82a1a939638af50b7a356308ee
SHA256 531159710936818ec52dc2662d59f02d6063af1ac89869ab76871386056b7586
SHA512 97bab23bfad2be952ac32a3935903c4c35e3f6d9218b4b5afecb6108b8548dff55acc69980d76bff7dbf28868529781b9549b19f57dcdc2f5f573ed072e08c27
CRC32 A9EB358C
Ssdeep 768:tgIfNSltmUAsb3jKTUYY8ryY8hKTbpn+4ksOGGQufIUHEnGjw0U9qCEDjnPtmJmB:GtltmqqUY4lKTbXklY3now00Al2mF
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004044c4
声明校验值 0x00023074
实际校验值 0x00023074
最低操作系统版本要求 5.1
PDB路径 E:\Cpp\Terminator V2\Release\Terminator.pdb
编译时间 2021-08-11 13:44:43
载入哈希 7e5060a91c65226b9979a097b7ed9f47

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0000cf23 0x0000d000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.65
.rdata 0x0000e000 0x00003488 0x00003600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.92
.data 0x00012000 0x00001e60 0x00001200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.73
.rsrc 0x00014000 0x000001c0 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.08
.reloc 0x00015000 0x0000172e 0x00001800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 4.42

导入

库: KERNEL32.dll:
0x40e048 HeapReAlloc
0x40e04c GetStringTypeW
0x40e050 MultiByteToWideChar
0x40e054 LoadLibraryW
0x40e058 HeapSize
0x40e05c CreateThread
0x40e060 DeleteFileA
0x40e064 CloseHandle
0x40e068 GetCurrentThreadId
0x40e06c FindNextFileA
0x40e070 LocalAlloc
0x40e074 LoadLibraryA
0x40e078 FindClose
0x40e07c RemoveDirectoryA
0x40e080 GetProcAddress
0x40e084 FindFirstFileA
0x40e088 GetSystemDirectoryA
0x40e08c Sleep
0x40e090 SetFilePointer
0x40e094 WriteFile
0x40e098 CreateFileA
0x40e09c LCMapStringW
0x40e0a0 ExitProcess
0x40e0a4 RtlUnwind
0x40e0a8 IsValidCodePage
0x40e0ac GetOEMCP
0x40e0b0 GetACP
0x40e0b4 GetCPInfo
0x40e0bc GetCommandLineA
0x40e0c0 HeapSetInformation
0x40e0c4 GetStartupInfoW
0x40e0c8 RaiseException
0x40e0cc TerminateProcess
0x40e0d0 GetCurrentProcess
0x40e0dc IsDebuggerPresent
0x40e0e0 HeapAlloc
0x40e0e4 GetLastError
0x40e0e8 HeapFree
0x40e0f0 EncodePointer
0x40e0f4 TlsAlloc
0x40e0f8 TlsGetValue
0x40e0fc TlsSetValue
0x40e100 DecodePointer
0x40e104 TlsFree
0x40e10c GetModuleHandleW
0x40e110 SetLastError
0x40e118 GetStdHandle
0x40e11c GetModuleFileNameW
0x40e120 GetModuleFileNameA
0x40e128 WideCharToMultiByte
0x40e130 SetHandleCount
0x40e138 GetFileType
0x40e140 HeapCreate
0x40e148 GetTickCount
0x40e14c GetCurrentProcessId
库: USER32.dll:
0x40e164 UnhookWindowsHookEx
0x40e168 GetSystemMetrics
0x40e16c mouse_event
0x40e170 keybd_event
0x40e174 FillRect
0x40e178 LoadIconA
0x40e17c CallNextHookEx
0x40e180 DrawIcon
0x40e184 GetDC
0x40e188 GetCursorInfo
0x40e18c MessageBoxA
0x40e190 SetWindowsHookExA
库: GDI32.dll:
0x40e00c PatBlt
0x40e010 Polygon
0x40e014 StretchBlt
0x40e018 SetPixel
0x40e01c DeleteObject
0x40e020 SelectObject
0x40e024 CreateCompatibleDC
0x40e02c Ellipse
0x40e030 PlgBlt
0x40e034 CreatePatternBrush
0x40e038 GetPixel
0x40e03c CreateSolidBrush
0x40e040 BitBlt
库: ADVAPI32.dll:
0x40e004 CryptGenRandom
库: SHLWAPI.dll:
0x40e15c SHDeleteKeyA
库: WINMM.dll:
0x40e198 waveOutOpen
0x40e19c waveOutWrite
.text
`.rdata
@.data
.rsrc
@.reloc
QQh$=A
PWSVj
Vh@+@
WWWh`/@
95\>A
YQPVh
9=L>A
35| A
RhFp@
v4;5L+A
vL;5d+A
SVWUj
95T>A
Unknown exception
bad allocation
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`RTTI
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
TOO LATE
\\.\PhysicalDrive0
ntdll.dll
RtlAdjustPrivilege
NtRaiseHardError
invalid string position
string too long
e+000
bad exception
1#QNAN
1#INF
1#IND
1#SNAN
_nextafter
_logb
frexp
_hypot
_cabs
ldexp
floor
atan2
log10
E:\Cpp\Terminator V2\Release\Terminator.pdb
ExitProcess
CreateFileA
SetFilePointer
WriteFile
Sleep
GetSystemDirectoryA
FindFirstFileA
GetProcAddress
RemoveDirectoryA
FindClose
LoadLibraryA
LocalAlloc
FindNextFileA
GetCurrentThreadId
CloseHandle
DeleteFileA
CreateThread
KERNEL32.dll
mouse_event
GetSystemMetrics
UnhookWindowsHookEx
SetWindowsHookExA
MessageBoxA
GetCursorInfo
GetDC
DrawIcon
CallNextHookEx
LoadIconA
FillRect
keybd_event
USER32.dll
CreateSolidBrush
GetPixel
CreatePatternBrush
PlgBlt
Ellipse
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
SetPixel
StretchBlt
Polygon
PatBlt
BitBlt
GDI32.dll
CryptAcquireContextA
CryptGenRandom
ADVAPI32.dll
SHDeleteKeyA
SHLWAPI.dll
waveOutPrepareHeader
waveOutOpen
waveOutWrite
WINMM.dll
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetLastError
HeapFree
IsProcessorFeaturePresent
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
DecodePointer
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
HeapSize
LoadLibraryW
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapReAlloc
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVexception@std@@
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
</assembly>PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
>%?1?
?/?B?^?
<L<V<a<x>
<$<,<
;4;8;
=$=,=4=<=D=
AKERNEL32.DLL
mscoree.dll
runtime error
@Microsoft Visual C++ Runtime Library
<program name unknown>
Program:
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
WUSER32.DLL
没有防病毒引擎扫描信息!

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 1.407 seconds )

  • 0.836 Static
  • 0.297 peid
  • 0.251 TargetInfo
  • 0.01 AnalysisInfo
  • 0.009 Strings
  • 0.002 BehaviorAnalysis
  • 0.002 Memory

Signatures ( 0.075 seconds )

  • 0.011 antiav_detectreg
  • 0.009 md_url_bl
  • 0.008 md_domain_bl
  • 0.005 anomaly_persistence_autorun
  • 0.005 infostealer_ftp
  • 0.004 antiav_detectfile
  • 0.004 ransomware_files
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_im
  • 0.003 ransomware_extensions
  • 0.002 tinba_behavior
  • 0.002 antianalysis_detectreg
  • 0.002 antivm_vbox_files
  • 0.002 geodo_banking_trojan
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.001 rat_nanocore
  • 0.001 cerber_behavior
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop

Reporting ( 0.443 seconds )

  • 0.437 ReportHTMLSummary
  • 0.006 Malheur
Task ID 651834
Mongo ID 61235320dc327b0714419a91
Cuckoo release 1.4-Maldun