比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2021-09-22 09:17:21 2021-09-22 09:17:22 1 秒

魔盾分数

9.95

危险的

文件详细信息

文件名 匠石微信多开v2.4.exe
文件大小 5357568 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 98417ec737c61fa2261638c16e986d1c
SHA1 c2f929433e8a18cc4f99e4bd586da93c1136870a
SHA256 3543267617c9d1badd183fa8003d63ebccdd375b6e59a28685ff3b86114f7fc0
SHA512 2eac15b5df88c891d93b08c60468d4d47af71891ab3fa694b5bd451753baa1eee506241f7a21abdb9bf793d7e66f27c065926e3b2f4e0ca2c21a5a69e05d1e69
CRC32 FD544F8C
Ssdeep 98304:IF2f2oTVAgxUL4jbEjB0AMG48xWVjbEYuSjbEhvEedkt:HHUsX/dVXVXjft
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004d206d
声明校验值 0x00000000
实际校验值 0x0052275c
最低操作系统版本要求 4.0
编译时间 2020-07-12 17:21:09
载入哈希 473e4034e657ab440a123b16e6137cef

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000f8557 0x000f9000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.47
.rdata 0x000fa000 0x003bf45a 0x003c0000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.97
.data 0x004ba000 0x00063a2a 0x00019000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.59
.rsrc 0x0051e000 0x000488c0 0x00049000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 2.36

导入

库: RASAPI32.dll:
0x4fa480 RasHangUpA
库: WINMM.dll:
0x4fa788 PlaySoundA
0x4fa794 waveOutWrite
0x4fa798 waveOutPause
0x4fa79c waveOutReset
0x4fa7a0 midiStreamStop
0x4fa7a4 midiStreamRestart
0x4fa7a8 midiStreamClose
0x4fa7ac midiOutReset
0x4fa7b0 midiStreamOut
0x4fa7b4 midiStreamProperty
0x4fa7b8 midiStreamOpen
0x4fa7c0 waveOutOpen
0x4fa7c4 waveOutGetNumDevs
0x4fa7c8 waveOutClose
库: WS2_32.dll:
0x4fa7e0 inet_ntoa
0x4fa7e4 WSAStartup
0x4fa7e8 select
0x4fa7ec send
0x4fa7f0 closesocket
0x4fa7f4 WSAAsyncSelect
0x4fa7f8 recvfrom
0x4fa7fc ioctlsocket
0x4fa800 recv
0x4fa804 getpeername
0x4fa808 accept
0x4fa80c WSACleanup
库: MSVFW32.dll:
0x4fa414 DrawDibDraw
库: AVIFIL32.dll:
0x4fa028 AVIStreamInfoA
0x4fa02c AVIStreamGetFrame
库: KERNEL32.dll:
0x4fa1cc GetVersion
0x4fa1d0 GetTempFileNameA
0x4fa1dc LocalFree
0x4fa1e0 FormatMessageA
0x4fa1e8 lstrcpynA
0x4fa1ec DuplicateHandle
0x4fa1f0 FlushFileBuffers
0x4fa1f4 LockFile
0x4fa1f8 UnlockFile
0x4fa1fc SetEndOfFile
0x4fa200 GetThreadLocale
0x4fa204 lstrcmpiA
0x4fa208 GlobalDeleteAtom
0x4fa20c GlobalFindAtomA
0x4fa210 GlobalAddAtomA
0x4fa214 GlobalGetAtomNameA
0x4fa218 lstrcmpA
0x4fa21c LocalAlloc
0x4fa220 TlsAlloc
0x4fa224 GlobalHandle
0x4fa228 TlsFree
0x4fa22c TlsSetValue
0x4fa230 LocalReAlloc
0x4fa234 TlsGetValue
0x4fa238 GetFileTime
0x4fa23c GetCurrentThread
0x4fa240 GlobalFlags
0x4fa244 SetErrorMode
0x4fa248 GetProcessVersion
0x4fa24c GetCPInfo
0x4fa250 GetOEMCP
0x4fa254 GetStartupInfoA
0x4fa258 RtlUnwind
0x4fa25c GetSystemTime
0x4fa260 GetLocalTime
0x4fa264 RaiseException
0x4fa268 HeapSize
0x4fa26c GetACP
0x4fa270 SetStdHandle
0x4fa274 GetFileType
0x4fa28c SetHandleCount
0x4fa290 GetStdHandle
0x4fa298 HeapDestroy
0x4fa29c HeapCreate
0x4fa2a0 VirtualFree
0x4fa2a8 LCMapStringA
0x4fa2ac LCMapStringW
0x4fa2b0 VirtualAlloc
0x4fa2b4 IsBadWritePtr
0x4fa2bc GetStringTypeA
0x4fa2c0 GetStringTypeW
0x4fa2c4 CompareStringA
0x4fa2c8 CompareStringW
0x4fa2cc IsBadReadPtr
0x4fa2d0 IsBadCodePtr
0x4fa2d4 TerminateProcess
0x4fa2d8 GetFileSize
0x4fa2dc SetFilePointer
0x4fa2e4 Process32First
0x4fa2e8 Process32Next
0x4fa2ec SetLastError
0x4fa2f8 TerminateThread
0x4fa2fc WideCharToMultiByte
0x4fa300 MultiByteToWideChar
0x4fa304 GetCurrentProcess
0x4fa30c GetSystemDirectoryA
0x4fa310 CreateSemaphoreA
0x4fa314 ResumeThread
0x4fa318 ReleaseSemaphore
0x4fa324 GetProfileStringA
0x4fa328 WriteFile
0x4fa32c ReadFile
0x4fa334 CreateFileA
0x4fa338 SetEvent
0x4fa33c FindResourceA
0x4fa340 LoadResource
0x4fa344 LockResource
0x4fa348 lstrlenW
0x4fa34c RemoveDirectoryA
0x4fa350 GetModuleFileNameA
0x4fa354 GetCurrentThreadId
0x4fa358 ExitProcess
0x4fa35c GlobalSize
0x4fa360 GlobalFree
0x4fa36c lstrcatA
0x4fa370 lstrlenA
0x4fa374 WinExec
0x4fa378 lstrcpyA
0x4fa37c FindNextFileA
0x4fa380 GlobalReAlloc
0x4fa384 HeapFree
0x4fa388 HeapReAlloc
0x4fa38c GetProcessHeap
0x4fa390 HeapAlloc
0x4fa394 GetUserDefaultLCID
0x4fa398 GetFullPathNameA
0x4fa39c FreeLibrary
0x4fa3a0 LoadLibraryA
0x4fa3a4 GetLastError
0x4fa3a8 GetVersionExA
0x4fa3b0 CreateThread
0x4fa3b4 CreateEventA
0x4fa3b8 Sleep
0x4fa3c0 GlobalAlloc
0x4fa3c4 GlobalLock
0x4fa3c8 GlobalUnlock
0x4fa3cc GetTempPathA
0x4fa3d0 FindFirstFileA
0x4fa3d4 FindClose
0x4fa3d8 GetFileAttributesA
0x4fa3dc DeleteFileA
0x4fa3e0 CopyFileA
0x4fa3e4 CreateDirectoryA
0x4fa3f0 GetModuleHandleA
0x4fa3f4 GetProcAddress
0x4fa3f8 MulDiv
0x4fa3fc GetCommandLineA
0x4fa400 GetTickCount
0x4fa404 WaitForSingleObject
0x4fa408 CloseHandle
0x4fa40c InterlockedExchange
库: USER32.dll:
0x4fa4a8 GetNextDlgGroupItem
0x4fa4ac PostThreadMessageA
0x4fa4b0 LoadStringA
0x4fa4b4 MapDialogRect
0x4fa4bc CharNextA
0x4fa4c4 GetMenuState
0x4fa4c8 SetMenuItemBitmaps
0x4fa4cc CheckMenuItem
0x4fa4d0 MoveWindow
0x4fa4d4 IsDialogMessageA
0x4fa4d8 ScrollWindowEx
0x4fa4dc SendDlgItemMessageA
0x4fa4e0 MapWindowPoints
0x4fa4e4 AdjustWindowRectEx
0x4fa4e8 ScrollWindow
0x4fa4ec GetScrollInfo
0x4fa4f0 SetScrollInfo
0x4fa4f4 ShowScrollBar
0x4fa4f8 GetScrollPos
0x4fa4fc RegisterClassA
0x4fa500 GetMenuItemCount
0x4fa504 GetMenuItemID
0x4fa508 SetWindowsHookExA
0x4fa50c CallNextHookEx
0x4fa510 GetClassLongA
0x4fa514 SetPropA
0x4fa518 UnhookWindowsHookEx
0x4fa51c GetPropA
0x4fa520 RemovePropA
0x4fa524 GetMessageTime
0x4fa528 GetLastActivePopup
0x4fa530 GetWindowPlacement
0x4fa534 EndDialog
0x4fa53c DestroyWindow
0x4fa540 GrayStringA
0x4fa544 DrawTextA
0x4fa548 TabbedTextOutA
0x4fa54c EndPaint
0x4fa550 BeginPaint
0x4fa554 GetWindowDC
0x4fa558 CharUpperA
0x4fa560 DrawStateA
0x4fa564 FrameRect
0x4fa568 GetNextDlgTabItem
0x4fa56c UnregisterHotKey
0x4fa570 RegisterHotKey
0x4fa574 CreateWindowExA
0x4fa578 CallWindowProcA
0x4fa57c GetWindowTextA
0x4fa580 FindWindowExA
0x4fa584 GetDlgItem
0x4fa588 FindWindowA
0x4fa58c GetClassNameA
0x4fa590 GetDesktopWindow
0x4fa594 SetWindowTextA
0x4fa598 GetForegroundWindow
0x4fa59c LoadIconA
0x4fa5a0 TranslateMessage
0x4fa5a4 DrawFrameControl
0x4fa5a8 DrawEdge
0x4fa5ac DrawFocusRect
0x4fa5b0 WindowFromPoint
0x4fa5b4 GetMessageA
0x4fa5b8 DispatchMessageA
0x4fa5c8 DrawIconEx
0x4fa5cc CreatePopupMenu
0x4fa5d0 AppendMenuA
0x4fa5d4 ModifyMenuA
0x4fa5d8 CreateMenu
0x4fa5e0 GetDlgCtrlID
0x4fa5e4 GetSubMenu
0x4fa5e8 EnableMenuItem
0x4fa5ec ClientToScreen
0x4fa5f4 LoadImageA
0x4fa5fc ShowWindow
0x4fa600 IsWindowEnabled
0x4fa608 GetKeyState
0x4fa610 PostQuitMessage
0x4fa614 IsZoomed
0x4fa618 GetClassInfoA
0x4fa61c DefWindowProcA
0x4fa620 GetSystemMenu
0x4fa624 DeleteMenu
0x4fa628 GetMenu
0x4fa62c SetMenu
0x4fa630 PeekMessageA
0x4fa634 IsIconic
0x4fa638 SetFocus
0x4fa63c GetActiveWindow
0x4fa640 GetWindow
0x4fa648 SetWindowRgn
0x4fa64c GetMessagePos
0x4fa650 ScreenToClient
0x4fa658 CopyRect
0x4fa65c LoadBitmapA
0x4fa660 KillTimer
0x4fa664 SetTimer
0x4fa668 ReleaseCapture
0x4fa66c GetCapture
0x4fa670 SetCapture
0x4fa674 GetScrollRange
0x4fa678 SetScrollRange
0x4fa67c SetScrollPos
0x4fa680 SetRect
0x4fa684 InflateRect
0x4fa688 IntersectRect
0x4fa68c DestroyIcon
0x4fa690 PtInRect
0x4fa694 OffsetRect
0x4fa698 IsWindowVisible
0x4fa69c EnableWindow
0x4fa6a0 RedrawWindow
0x4fa6a4 GetWindowLongA
0x4fa6a8 SetWindowLongA
0x4fa6ac GetSysColor
0x4fa6b0 SetActiveWindow
0x4fa6b4 SetCursorPos
0x4fa6b8 LoadCursorA
0x4fa6bc SetCursor
0x4fa6c0 GetDC
0x4fa6c4 FillRect
0x4fa6c8 IsRectEmpty
0x4fa6cc ReleaseDC
0x4fa6d0 IsChild
0x4fa6d4 TrackPopupMenu
0x4fa6d8 DestroyMenu
0x4fa6dc SetForegroundWindow
0x4fa6e0 GetWindowRect
0x4fa6e4 EqualRect
0x4fa6e8 UpdateWindow
0x4fa6ec ValidateRect
0x4fa6f0 InvalidateRect
0x4fa6f4 GetClientRect
0x4fa6f8 GetFocus
0x4fa6fc GetParent
0x4fa700 GetTopWindow
0x4fa704 PostMessageA
0x4fa708 IsWindow
0x4fa70c SetParent
0x4fa710 DestroyCursor
0x4fa714 SendMessageA
0x4fa718 SetWindowPos
0x4fa71c MessageBeep
0x4fa720 MessageBoxA
0x4fa724 GetCursorPos
0x4fa728 GetSystemMetrics
0x4fa72c EmptyClipboard
0x4fa730 SetClipboardData
0x4fa734 OpenClipboard
0x4fa738 GetClipboardData
0x4fa73c CloseClipboard
0x4fa740 wsprintfA
0x4fa744 GetSysColorBrush
0x4fa748 SetRectEmpty
0x4fa74c WinHelpA
0x4fa750 UnregisterClassA
库: GDI32.dll:
0x4fa064 GetROP2
0x4fa068 GetBkColor
0x4fa06c GetBkMode
0x4fa070 GetTextColor
0x4fa074 CreateRoundRectRgn
0x4fa078 CreateEllipticRgn
0x4fa07c PathToRegion
0x4fa080 GetStretchBltMode
0x4fa084 GetPolyFillMode
0x4fa088 EndPath
0x4fa090 CreateDCA
0x4fa094 CreateBitmap
0x4fa098 CreatePatternBrush
0x4fa09c BeginPath
0x4fa0a0 SelectObject
0x4fa0a4 CreatePen
0x4fa0a8 PatBlt
0x4fa0ac GetWindowOrgEx
0x4fa0b0 CombineRgn
0x4fa0b4 SaveDC
0x4fa0b8 RestoreDC
0x4fa0bc SetPolyFillMode
0x4fa0c0 SetROP2
0x4fa0c4 SetMapMode
0x4fa0c8 SetViewportOrgEx
0x4fa0cc OffsetViewportOrgEx
0x4fa0d0 CreateRectRgn
0x4fa0d4 ScaleViewportExtEx
0x4fa0d8 SetWindowOrgEx
0x4fa0dc SetWindowExtEx
0x4fa0e0 FillRgn
0x4fa0e4 GetClipBox
0x4fa0e8 ExcludeClipRect
0x4fa0ec MoveToEx
0x4fa0f0 LineTo
0x4fa0f4 ExtSelectClipRgn
0x4fa0f8 GetViewportExtEx
0x4fa0fc PtVisible
0x4fa100 RectVisible
0x4fa104 ExtTextOutA
0x4fa108 Escape
0x4fa10c GetTextMetricsA
0x4fa110 GetMapMode
0x4fa114 TextOutA
0x4fa11c CreateFontA
0x4fa120 SetBkColor
0x4fa128 CreateDIBSection
0x4fa12c SetStretchBltMode
0x4fa130 GetClipRgn
0x4fa134 CreatePolygonRgn
0x4fa138 SelectClipRgn
0x4fa13c DeleteObject
0x4fa140 CreateDIBitmap
0x4fa148 CreatePalette
0x4fa14c StretchBlt
0x4fa150 CreateSolidBrush
0x4fa154 CreateFontIndirectA
0x4fa158 GetStockObject
0x4fa15c GetObjectA
0x4fa160 EndPage
0x4fa164 EndDoc
0x4fa168 DeleteDC
0x4fa16c ScaleWindowExtEx
0x4fa170 StartDocA
0x4fa174 StartPage
0x4fa178 BitBlt
0x4fa17c GetPixel
0x4fa180 CreateCompatibleDC
0x4fa184 Ellipse
0x4fa188 Rectangle
0x4fa18c LPtoDP
0x4fa190 DPtoLP
0x4fa194 GetCurrentObject
0x4fa198 SetDIBitsToDevice
0x4fa19c SetTextColor
0x4fa1a0 RoundRect
0x4fa1a8 SetViewportExtEx
0x4fa1ac GetDeviceCaps
0x4fa1b0 SelectPalette
0x4fa1b4 RealizePalette
0x4fa1b8 GetDIBits
0x4fa1bc GetWindowExtEx
0x4fa1c0 GetViewportOrgEx
0x4fa1c4 SetBkMode
库: WINSPOOL.DRV:
0x4fa7d0 DocumentPropertiesA
0x4fa7d4 ClosePrinter
0x4fa7d8 OpenPrinterA
库: comdlg32.dll:
0x4fa814 GetFileTitleA
0x4fa818 GetSaveFileNameA
0x4fa81c GetOpenFileNameA
0x4fa820 ChooseColorA
库: ADVAPI32.dll:
0x4fa000 RegCreateKeyExA
0x4fa004 RegQueryValueA
0x4fa008 RegDeleteKeyA
0x4fa00c RegDeleteValueA
0x4fa010 RegCreateKeyA
0x4fa014 RegSetValueExA
0x4fa018 RegOpenKeyExA
0x4fa01c RegQueryValueExA
0x4fa020 RegCloseKey
库: SHELL32.dll:
0x4fa48c Shell_NotifyIconA
0x4fa494 ShellExecuteA
0x4fa498 DragAcceptFiles
0x4fa49c DragFinish
0x4fa4a0 DragQueryFileA
库: ole32.dll:
0x4fa83c CoGetClassObject
0x4fa840 CoDisconnectObject
0x4fa844 OleFlushClipboard
0x4fa848 CoTaskMemFree
0x4fa84c CoTaskMemAlloc
0x4fa850 CLSIDFromProgID
0x4fa854 OleInitialize
0x4fa858 OleUninitialize
0x4fa85c CLSIDFromString
0x4fa860 CoCreateInstance
0x4fa868 CoRevokeClassObject
库: OLEAUT32.dll:
0x4fa41c SafeArrayGetElement
0x4fa420 SafeArrayAccessData
0x4fa428 SafeArrayGetDim
0x4fa42c SafeArrayGetLBound
0x4fa430 SafeArrayGetUBound
0x4fa434 VariantChangeType
0x4fa438 VariantClear
0x4fa43c VariantCopy
0x4fa440 LoadTypeLib
0x4fa448 SysStringLen
0x4fa44c VariantCopyInd
0x4fa450 VariantInit
0x4fa454 SysAllocString
0x4fa458 SafeArrayCreate
0x4fa45c RegisterTypeLib
0x4fa460 LHashValOfNameSys
0x4fa468 UnRegisterTypeLib
0x4fa46c SysFreeString
0x4fa474 SysAllocStringLen
库: COMCTL32.dll:
0x4fa034 ImageList_Add
0x4fa038 ImageList_BeginDrag
0x4fa03c ImageList_Create
0x4fa040 ImageList_Destroy
0x4fa044 ImageList_DragEnter
0x4fa048 ImageList_DragLeave
0x4fa04c ImageList_DragMove
0x4fa054 ImageList_EndDrag
0x4fa058 None
0x4fa05c _TrackMouseEvent
库: oledlg.dll:
0x4fa870 None
库: WININET.dll:
0x4fa758 InternetCrackUrlA
0x4fa75c HttpOpenRequestA
0x4fa760 HttpSendRequestA
0x4fa764 HttpQueryInfoA
0x4fa768 InternetReadFile
0x4fa76c InternetConnectA
0x4fa770 InternetSetOptionA
0x4fa774 InternetCloseHandle
0x4fa77c InternetOpenA
.text
`.rdata
@.data
.rsrc
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
Phh!P
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
3h<hs
没有防病毒引擎扫描信息!

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 12.764 seconds )

  • 11.191 Static
  • 1.238 TargetInfo
  • 0.297 peid
  • 0.012 config_decoder
  • 0.012 Strings
  • 0.01 AnalysisInfo
  • 0.002 BehaviorAnalysis
  • 0.002 Memory

Signatures ( 0.078 seconds )

  • 0.011 antiav_detectreg
  • 0.009 md_url_bl
  • 0.008 md_domain_bl
  • 0.006 anomaly_persistence_autorun
  • 0.005 antiav_detectfile
  • 0.005 infostealer_ftp
  • 0.004 ransomware_files
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_im
  • 0.003 ransomware_extensions
  • 0.002 tinba_behavior
  • 0.002 antianalysis_detectreg
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.001 rat_nanocore
  • 0.001 betabot_behavior
  • 0.001 cerber_behavior
  • 0.001 geodo_banking_trojan
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 disables_windows_defender
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop

Reporting ( 0.5 seconds )

  • 0.448 ReportHTMLSummary
  • 0.052 Malheur
Task ID 656379
Mongo ID 614a8438dc327b127b4db0a8
Cuckoo release 1.4-Maldun