恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-shaapp02-1	2021-09-22 13:15:55	2021-09-22 13:15:56	1 秒

魔盾分数

1.75

正常的

文件详细信息

文件名	SppExtComObj.Exe
文件大小	572928 字节
文件类型	PE32+ executable (GUI) x86-64, for MS Windows
MD5	728a78909aa69ca0e976e94482350700
SHA1	6508dfcbf37df25cae8ae68cf1fcd4b78084abb7
SHA256	2a6581576305771044f07ea0fef27f77859996dbf66c2017e938f90bfc1e010c
SHA512	22bf985e71afa58a1365cc733c0aa03dabd4b44e7c6a136eb5f9b870db14470201b4ef88a19fa3864af6c44e79e1a01d6f8806062d9d4861ba7dac77d82074f1
CRC32	E056E67B
Ssdeep	12288:NyoBXlQ2Uu47gFeOHgskuzvABNK7PCxIZLx59kIQbwjX2m:NzK2U/EFPPxzv2N4PCxe
Yara	登录查看Yara规则
	样本下载提交漏报

登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址	0x140000000
入口地址	0x14000d220
声明校验值	0x000919b7
实际校验值	0x000919b7
最低操作系统版本要求	10.0
PDB路径	SppExtComObj.pdb
编译时间	2020-12-18 03:27:49
载入哈希	4c96b0e079d994b8689c66f7872425eb

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x0006ba76	0x0006bc00	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	7.53
?g_Encry	0x0006d000	0x00002dac	0x00002e00	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	3.96
.rdata	0x00070000	0x00015e98	0x00016000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.67
.data	0x00086000	0x00001430	0x00000c00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	5.19
.pdata	0x00088000	0x00004548	0x00004600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.60
.rsrc	0x0008d000	0x00000718	0x00000800	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.16
.reloc	0x0008e000	0x0000159c	0x00001600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	5.42

导入

库: ADVAPI32.dll:

• 0x140076ae0 RegEnumKeyW

• 0x140076ae8 RegSetKeySecurity

• 0x140076af0 RegDeleteKeyW

• 0x140076af8 RegCreateKeyExW

• 0x140076b00 RegQueryInfoKeyW

• 0x140076b08 CryptAcquireContextW

• 0x140076b10 CryptReleaseContext

• 0x140076b18 CryptGenRandom

• 0x140076b20 RegQueryValueExW

• 0x140076b28 RegSetValueExW

• 0x140076b30 RegOpenKeyExW

• 0x140076b38 RegCloseKey

库: KERNEL32.dll:

• 0x140076b70 EncodePointer

• 0x140076b78 GetCurrentProcessId

• 0x140076b80 CreateProcessW

• 0x140076b88 OpenEventW

• 0x140076b90 DecodePointer

• 0x140076b98 LocalAlloc

• 0x140076ba0 LocalFree

• 0x140076ba8 SetLastError

• 0x140076bb0 CreateEventW

• 0x140076bb8 GetCurrentProcess

• 0x140076bc0 VirtualAlloc

• 0x140076bc8 RtlAddFunctionTable

• 0x140076bd0 InitializeCriticalSection

• 0x140076bd8 HeapSetInformation

• 0x140076be0 RaiseFailFastException

• 0x140076be8 GetCurrentThread

• 0x140076bf0 DeleteCriticalSection

• 0x140076bf8 GetModuleHandleW

• 0x140076c00 RtlDeleteFunctionTable

• 0x140076c08 LoadLibraryExW

• 0x140076c10 SetThreadPriority

• 0x140076c18 SetEvent

• 0x140076c20 CloseHandle

• 0x140076c28 GetModuleFileNameW

• 0x140076c30 GetLastError

• 0x140076c38 GetCommandLineW

• 0x140076c40 GetSystemDirectoryW

• 0x140076c48 FreeLibrary

• 0x140076c50 WaitForMultipleObjects

• 0x140076c58 CreateThread

• 0x140076c60 EnterCriticalSection

• 0x140076c68 LeaveCriticalSection

• 0x140076c70 InitializeCriticalSectionAndSpinCount

• 0x140076c78 GetComputerNameExW

• 0x140076c80 VirtualQuery

• 0x140076c88 GetProcessHeap

• 0x140076c90 GetProcAddress

• 0x140076c98 HeapAlloc

• 0x140076ca0 GetModuleHandleExW

• 0x140076ca8 HeapFree

• 0x140076cb0 WaitForSingleObject

• 0x140076cb8 VirtualFree

• 0x140076cc0 FreeLibraryAndExitThread

库: msvcrt.dll:

• 0x140076fd0 memcmp

• 0x140076fd8 memmove

• 0x140076fe0 memcpy

• 0x140076fe8 _vsnwprintf

• 0x140076ff0 memset

• 0x140076ff8 _unlock

• 0x140077000 _wcsicmp

• 0x140077008 _purecall

• 0x140077010 srand

• 0x140077018 rand

• 0x140077020 wcschr

• 0x140077028 towupper

• 0x140077030 __C_specific_handler

• 0x140077038 _XcptFilter

• 0x140077040 ?terminate@@YAXXZ

• 0x140077048 _onexit

• 0x140077050 __dllonexit

• 0x140077058 wcscmp

• 0x140077060 _lock

• 0x140077068 _commode

• 0x140077070 _fmode

• 0x140077078 _acmdln

• 0x140077080 _initterm

• 0x140077088 __setusermatherr

• 0x140077090 _ismbblead

• 0x140077098 _cexit

• 0x1400770a0 _exit

• 0x1400770a8 exit

• 0x1400770b0 __set_app_type

• 0x1400770b8 __getmainargs

• 0x1400770c0 _amsg_exit

库: ntdll.dll:

• 0x1400770d0 RtlCaptureContext

• 0x1400770d8 RtlLookupFunctionEntry

• 0x1400770e0 RtlVirtualUnwind

• 0x1400770e8 NtQuerySystemInformation

库: RPCRT4.dll:

• 0x140076db0 UuidToStringW

• 0x140076db8 I_RpcMapWin32Status

• 0x140076dc0 CStdStubBuffer_Invoke

• 0x140076dc8 IUnknown_AddRef_Proxy

• 0x140076dd0 CStdStubBuffer_DebugServerQueryInterface

• 0x140076dd8 NdrOleFree

• 0x140076de0 CStdStubBuffer_AddRef

• 0x140076de8 UuidFromStringW

• 0x140076df0 IUnknown_Release_Proxy

• 0x140076df8 CStdStubBuffer_CountRefs

• 0x140076e00 CStdStubBuffer_QueryInterface

• 0x140076e08 NdrOleAllocate

• 0x140076e10 CStdStubBuffer_DebugServerRelease

• 0x140076e18 Ndr64AsyncServerCallAll

• 0x140076e20 RpcStringFreeW

• 0x140076e28 NdrAsyncServerCall

• 0x140076e30 Ndr64AsyncClientCall

• 0x140076e38 NdrDllGetClassObject

• 0x140076e40 RpcStringBindingComposeW

• 0x140076e48 RpcBindingFromStringBindingW

• 0x140076e50 RpcAsyncInitializeHandle

• 0x140076e58 I_RpcExceptionFilter

• 0x140076e60 RpcAsyncCancelCall

• 0x140076e68 RpcAsyncCompleteCall

• 0x140076e70 RpcBindingFree

• 0x140076e78 IUnknown_QueryInterface_Proxy

• 0x140076e80 CStdStubBuffer_IsIIDSupported

• 0x140076e88 CStdStubBuffer_Connect

• 0x140076e90 RpcServerUseProtseqEpW

• 0x140076e98 RpcServerRegisterIf2

• 0x140076ea0 RpcServerUnregisterIf

• 0x140076ea8 NdrCStdStubBuffer_Release

• 0x140076eb0 CStdStubBuffer_Disconnect

库: OLEAUT32.dll:

• 0x140076cd0 BSTR_UserUnmarshal

• 0x140076cd8 BSTR_UserSize

• 0x140076ce0 VariantClear

• 0x140076ce8 VariantInit

• 0x140076cf0 BSTR_UserFree

• 0x140076cf8 LPSAFEARRAY_UserSize

• 0x140076d00 BSTR_UserUnmarshal64

• 0x140076d08 BSTR_UserMarshal

• 0x140076d10 LPSAFEARRAY_UserMarshal64

• 0x140076d18 SysFreeString

• 0x140076d20 SysAllocString

• 0x140076d28 LPSAFEARRAY_UserMarshal

• 0x140076d30 BSTR_UserFree64

• 0x140076d38 LPSAFEARRAY_UserFree

• 0x140076d40 LPSAFEARRAY_UserUnmarshal

• 0x140076d48 BSTR_UserSize64

• 0x140076d50 SafeArrayDestroy

• 0x140076d58 LPSAFEARRAY_UserUnmarshal64

• 0x140076d60 LPSAFEARRAY_UserSize64

• 0x140076d68 BSTR_UserMarshal64

• 0x140076d70 LPSAFEARRAY_UserFree64

• 0x140076d78 SafeArrayAccessData

• 0x140076d80 SafeArrayUnaccessData

• 0x140076d88 SafeArrayCreateVector

• 0x140076d90 UnRegisterTypeLib

• 0x140076d98 RegisterTypeLib

• 0x140076da0 LoadTypeLib

库: api-ms-win-core-com-l1-1-0.dll:

• 0x140076f08 CoResumeClassObjects

• 0x140076f10 CoRegisterClassObject

• 0x140076f18 CoRevertToSelf

• 0x140076f20 CoImpersonateClient

• 0x140076f28 CoReleaseServerProcess

• 0x140076f30 CoRevokeClassObject

• 0x140076f38 CoUninitialize

• 0x140076f40 CoInitializeEx

• 0x140076f48 CoAddRefServerProcess

• 0x140076f50 CoSuspendClassObjects

库: api-ms-win-core-synch-l1-2-0.dll:

• 0x140076fa8 Sleep

库: api-ms-win-core-processthreads-l1-1-0.dll:

• 0x140076f78 TerminateProcess

• 0x140076f80 GetCurrentThreadId

• 0x140076f88 GetStartupInfoW

库: api-ms-win-core-errorhandling-l1-1-0.dll:

• 0x140076f60 SetUnhandledExceptionFilter

• 0x140076f68 UnhandledExceptionFilter

库: api-ms-win-core-profile-l1-1-0.dll:

• 0x140076f98 QueryPerformanceCounter

库: api-ms-win-core-sysinfo-l1-1-0.dll:

• 0x140076fb8 GetTickCount

• 0x140076fc0 GetSystemTimeAsFileTime

库: ole32.dll:

• 0x1400770f8 CoRegisterPSClsid

• 0x140077100 ObjectStublessClient3

• 0x140077108 ObjectStublessClient5

• 0x140077110 ObjectStublessClient4

库: SHELL32.dll:

• 0x140076ec0 CommandLineToArgvW

库: WS2_32.dll:

• 0x140076ed0 FreeAddrInfoW

• 0x140076ed8 WSAAddressToStringW

• 0x140076ee0 WSAGetLastError

• 0x140076ee8 WSACleanup

• 0x140076ef0 WSAStartup

• 0x140076ef8 GetAddrInfoW

库: DNSAPI.dll:

• 0x140076b48 DnsQuery_W

• 0x140076b50 DnsNameCompare_W

• 0x140076b58 DnsModifyRecordsInSet_W

• 0x140076b60 DnsFree

库: ACTIVEDS.dll:

• 0x140076ac0 None

• 0x140076ac8 None

• 0x140076ad0 None

.text
`.rdata
@.data
.pdata
@.rsrc
@.reloc
uHE;}
=3(gU

没有防病毒引擎扫描信息!

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 2.757 seconds )

2.029 Static
0.412 TargetInfo
0.291 peid
0.011 Strings
0.009 AnalysisInfo
0.002 BehaviorAnalysis
0.002 Memory
0.001 config_decoder

Signatures ( 0.084 seconds )

0.012 antiav_detectreg
0.009 antiav_detectfile
0.009 md_url_bl
0.008 md_domain_bl
0.005 anomaly_persistence_autorun
0.005 infostealer_ftp
0.004 ransomware_files
0.003 infostealer_bitcoin
0.003 infostealer_im
0.003 ransomware_extensions
0.002 tinba_behavior
0.002 antianalysis_detectreg
0.002 antivm_vbox_files
0.002 geodo_banking_trojan
0.002 disables_browser_warn
0.002 infostealer_mail
0.001 network_tor
0.001 rat_nanocore
0.001 betabot_behavior
0.001 cerber_behavior
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_security
0.001 modify_proxy
0.001 maldun_malicious_drop_executable_file_to_temp_folder
0.001 md_bad_drop

Reporting ( 0.452 seconds )

0.446 ReportHTMLSummary
0.006 Malheur


Task ID	656441
Mongo ID	614abc1bdc327b127b4db0e2
Cuckoo release	1.4-Maldun