分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2022-01-29 15:40:48 2022-01-29 15:40:49 1 秒

魔盾分数

1.4

正常的

文件详细信息

文件名 中华黑豹.exe
文件大小 480360 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 85c6d4e6026de1cb739db3f519ab4f47
SHA1 7b8c2454e751b68222589bd3e55fc114e281baa9
SHA256 a2da77f846946cffb8ecb05fa9010aef74b199ee0c66cb7f241a3f998e0c31ae
SHA512 5f7c677951983edc69e22554d6e88052048c5fcb63d790fab1968cd21f94fa693c91bed62e31afa20121e625aa752c0945ea87cf043e6cf0ebb711708bcbb849
CRC32 C2B04900
Ssdeep 12288:yN+mzVxEQJa736YbnXjkrve3dKOVnr/Uf:yUWEz6Y34G34O1/K
Yara 登录查看Yara规则
找不到该样本 提交漏报

登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00401000
声明校验值 0x00000000
实际校验值 0x0007859f
最低操作系统版本要求 4.0
编译时间 2007-09-20 20:34:46
载入哈希 bc5ce990cf54f8d435a68eb97512f73e

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00014000 0x00013800 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.47
.data 0x00015000 0x00007000 0x00000a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.91
.idata 0x0001c000 0x00001000 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.12
.rsrc 0x0001d000 0x000156dc 0x00015800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.16

覆盖

偏移量 0x000326dc
大小 0x00042d8c

导入

库: ADVAPI32.DLL:
0x41c0e8 OpenProcessToken
0x41c0ec RegCloseKey
0x41c0f0 RegCreateKeyExA
0x41c0f4 RegOpenKeyExA
0x41c0f8 RegQueryValueExA
0x41c0fc RegSetValueExA
0x41c100 SetFileSecurityA
0x41c104 SetFileSecurityW
库: KERNEL32.DLL:
0x41c21c CloseHandle
0x41c220 CompareStringA
0x41c224 CreateDirectoryA
0x41c228 CreateDirectoryW
0x41c22c CreateFileA
0x41c230 CreateFileW
0x41c234 DeleteFileA
0x41c238 DeleteFileW
0x41c240 ExitProcess
0x41c250 FindClose
0x41c254 FindFirstFileA
0x41c258 FindFirstFileW
0x41c25c FindNextFileA
0x41c260 FindNextFileW
0x41c264 FindResourceA
0x41c268 FreeLibrary
0x41c26c GetCPInfo
0x41c270 GetCommandLineA
0x41c278 GetCurrentProcess
0x41c27c GetDateFormatA
0x41c280 GetFileAttributesA
0x41c284 GetFileAttributesW
0x41c288 GetFileType
0x41c28c GetFullPathNameA
0x41c290 GetLastError
0x41c294 GetLocaleInfoA
0x41c298 GetModuleFileNameA
0x41c29c GetModuleHandleA
0x41c2a0 GetNumberFormatA
0x41c2a4 GetProcAddress
0x41c2a8 GetProcessHeap
0x41c2ac GetStdHandle
0x41c2b0 GetTempPathA
0x41c2b4 GetTickCount
0x41c2b8 GetTimeFormatA
0x41c2bc GetVersionExA
0x41c2c0 GlobalAlloc
0x41c2c4 HeapAlloc
0x41c2c8 HeapFree
0x41c2cc HeapReAlloc
0x41c2d0 IsDBCSLeadByte
0x41c2d4 LoadLibraryA
0x41c2dc MoveFileA
0x41c2e0 MoveFileExA
0x41c2e4 MultiByteToWideChar
0x41c2e8 ReadFile
0x41c2f0 SetEndOfFile
0x41c2f8 SetFileAttributesA
0x41c2fc SetFileAttributesW
0x41c300 SetFilePointer
0x41c304 SetFileTime
0x41c308 SetLastError
0x41c30c Sleep
0x41c314 WaitForSingleObject
0x41c318 WideCharToMultiByte
0x41c31c WriteFile
0x41c320 lstrcmpiA
0x41c324 lstrlenA
库: COMCTL32.DLL:
0x41c334 None
库: COMDLG32.DLL:
0x41c350 GetOpenFileNameA
0x41c354 GetSaveFileNameA
库: GDI32.DLL:
0x41c364 DeleteObject
库: SHELL32.DLL:
0x41c390 SHBrowseForFolderA
0x41c394 SHChangeNotify
0x41c398 SHFileOperationA
0x41c39c SHGetFileInfoA
0x41c3a0 SHGetMalloc
0x41c3a8 ShellExecuteExA
库: USER32.DLL:
0x41c488 CharToOemA
0x41c48c CharToOemBuffA
0x41c490 CharUpperA
0x41c494 CopyRect
0x41c498 CreateWindowExA
0x41c49c DefWindowProcA
0x41c4a0 DestroyIcon
0x41c4a4 DestroyWindow
0x41c4a8 DialogBoxParamA
0x41c4ac DispatchMessageA
0x41c4b0 EnableWindow
0x41c4b4 EndDialog
0x41c4b8 FindWindowExA
0x41c4bc GetClassNameA
0x41c4c0 GetClientRect
0x41c4c4 GetDlgItem
0x41c4c8 GetDlgItemTextA
0x41c4cc GetMessageA
0x41c4d0 GetParent
0x41c4d4 GetSysColor
0x41c4d8 GetSystemMetrics
0x41c4dc GetWindow
0x41c4e0 GetWindowLongA
0x41c4e4 GetWindowRect
0x41c4e8 GetWindowTextA
0x41c4ec IsWindow
0x41c4f0 IsWindowVisible
0x41c4f4 LoadBitmapA
0x41c4f8 LoadCursorA
0x41c4fc LoadIconA
0x41c500 LoadStringA
0x41c504 MapWindowPoints
0x41c508 MessageBoxA
0x41c50c OemToCharA
0x41c510 OemToCharBuffA
0x41c514 PeekMessageA
0x41c518 PostMessageA
0x41c51c RegisterClassExA
0x41c520 SendDlgItemMessageA
0x41c524 SendMessageA
0x41c528 SetDlgItemTextA
0x41c52c SetFocus
0x41c530 SetMenu
0x41c534 SetWindowLongA
0x41c538 SetWindowPos
0x41c53c SetWindowTextA
0x41c540 ShowWindow
0x41c544 TranslateMessage
0x41c548 UpdateWindow
0x41c54c WaitForInputIdle
0x41c550 wsprintfA
0x41c554 wvsprintfA
库: OLE32.DLL:
0x41c574 CLSIDFromString
0x41c578 CoCreateInstance
0x41c580 OleInitialize
0x41c584 OleUninitialize

.text
`.data
.idata
@.rsrc
Ph2QA
RhtQA
uZh=RA
Sh PA
PhDXA
RhtXA
YShh6@
Rh4XA
G(TRA
sHh\VA
Eh\VA
RhrVA
PhKWA
ShVWA
shlwapi.dll
SHAutoComplete
REPLACEFILEDLG
RENAMEDLG
%s %s %s
GETPASSWORD1
ASKNEXTVOL
RarSFX
sfxcmd
sfxname
STARTDLG
RichEdit
LICENSEDLG
__tmp_rar_sfx_access_check_%u
-el -s2 "-d%s" "-p%s" "-sp%s"
runas
Delete
Title
Silent
Overwrite
Setup
TempMode
License
Presetup
Shortcut
SavePath
%s.%d.tmp
Software\Microsoft\Windows\CurrentVersion
ProgramFilesDir
%s%s%d
Install
Software\WinRAR SFX
RarHtmlClassName
<html>
<head><meta http-equiv="content-type" content="text/html; charset=
utf-8"></head>
</html>
<style>
</style>
<style>body{font-family:"Arial";font-size:12;}</style>
&nbsp;
*messages***
riched32.dll
riched20.dll
COMCTL32.DLL
InitCommonControlsEx
?*<>|"
- ???
SeSecurityPrivilege
SeRestorePrivilege
YNANRC
%.*s(%d)%s
rtmp%d
__rar_
Z2fQ`
ADVAPI32.DLL
KERNEL32.DLL
COMCTL32.DLL
COMDLG32.DLL
GDI32.DLL
SHELL32.DLL
USER32.DLL
OLE32.DLL
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
SetFileSecurityA
SetFileSecurityW
CloseHandle
CompareStringA
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
DosDateTimeToFileTime
ExitProcess
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FreeLibrary
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetDateFormatA
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetNumberFormatA
GetProcAddress
GetProcessHeap
GetStdHandle
GetTempPathA
GetTickCount
GetTimeFormatA
GetVersionExA
GlobalAlloc
HeapAlloc
HeapFree
HeapReAlloc
IsDBCSLeadByte
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
MoveFileExA
MultiByteToWideChar
ReadFile
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
Sleep
SystemTimeToFileTime
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiA
lstrlenA
CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA
DeleteObject
SHBrowseForFolderA
SHChangeNotify
SHFileOperationA
SHGetFileInfoA
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
CharToOemA
CharToOemBuffA
CharUpperA
CopyRect
CreateWindowExA
DefWindowProcA
DestroyIcon
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
FindWindowExA
GetClassNameA
GetClientRect
GetDlgItem
GetDlgItemTextA
GetMessageA
GetParent
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongA
GetWindowRect
GetWindowTextA
IsWindow
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadIconA
LoadStringA
MapWindowPoints
MessageBoxA
OemToCharA
OemToCharBuffA
PeekMessageA
PostMessageA
RegisterClassExA
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetFocus
SetMenu
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
TranslateMessage
UpdateWindow
WaitForInputIdle
wsprintfA
wvsprintfA
CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
gwgw`
r"%wP
Wwgu"'P
lllll
[q~b[Fllll
ha[]dlll
nKB\`lll
nKG[llll
ha[llll
XwwwwwwwwwwwwwwSSSTTpNJBllll
SSSSSSSSSSSSSSTTTTTTTTT:kK^l
<<<<<<<<<<<<<<<<<<<<<<<<<<u9l
DDDDl
[[[[[[[[
[[[[[[[[7
lllll
[fPFMlllll
_glllll
nhGFlllll
IMlll
[i)<<<<<<<<<<<<<<:nK_l
[i}<<<<<<<<<<<<<<<<<wl
[c*(((((((((((((((((wl
[[[[[[
[[[[[[[
rllll
7lllll
h7dllll
[o>wSSTTTw:nLglll
[o2T<<<<<<<11<t9Ll
yyyy3Wq
33$?m[
[[[[[[
[[[[[[
ddddddddddddd
Id7(1IIIIIIIIIIII
IIIII`
444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444
44444
555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555
??????????????????????????????????????????????????????????????????????????????????????????
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB6
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB6
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB6
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB6
DBBEBCEBBBCBBBEDDBBBDCCBBBBCBBCBBDDBCBBBCCCBCBBCBBEDBDEBCCBBCDBCEBCBCBBBBBBDCCDCCBDDDCBBD6
EEECEEEEEBCCBCBEBEBECCBEEBCCEDECEEEDDBCDBECBEECECCECEEEBEDDBCEEBBDEEEEBBECCEDEEEEDBCECBBC6
EEEEEEEEEEEEEEEEEEEEECDEEEEEDEECECEEEDEEEEEEEDECEDEEEEEEEECECEEECEEEBEEEECEBECCEEEEEEEEEE7
EEEEEFEGEFFEGFGEEEEEFEGEFHFGGEEEEEGHEFFEFEEFFFEFEEEEHEGFEHEEGEEEFEEEEHEEEEEEFEEEEFGGEFFFE7
FHHHHFGFHGFHFGEFFEFFHEFEFFFFFFFFGHHHFHGHHHFHHHHFGFGFGHGGEHFHFGGHGGGGHHFFHGHGFFEEEHHEHGHHF8
HIHIIIKHJKKHHIHKHKHKIJKHIJHJIHIJHKJHHHHHIJIIIKHIHIIHHIKIKKKIKIJJIIHKIHKJJJIIKKHHHKHKHIIIH:
KKKIKKKKKKKKIKIIKIKKKKKIKKKKKKKIKKKKKKKKKKIIKKKKKKIKKKKKIKKKIIKKKKIKKLKKKKKKKKIKKKKIIKKKK9
LMLLLKKNKKNLMKKLKKLLKLKKLKNLLKLLLKKLLMKKNKLNKKNLLKLNMKKLKLKKNNMMLMLLNLKMKKLMKLKLLNKLKLNNL;
NNNNMNNNNNLNLLNNNNLLNNLLNNLNNNNLLNLLNLNLNNLLLLNNMNLLNLLNNNNLNLNLLLNNNNLLLNLNNNNNNNLNNLLLN>
OOONOOONOQNONONOOONONONOONONNORONOQNONOOOONRNORNNQNNOOONOOOONOOOQOQONOQNNRONQNNOORNOONNNN<
RRRRRRRROORORRROOORRRORROORRRRRORRRORROOPRRRRORROORRRRRRROROROOSRRRRRRORRRRRRRROORRORRRRR<
RSSRRRRSSSRRSVRSRRRSSSSRVSSRRSRRSRSSSSSSUURSSRRRSSRSUSUSVSRSSRURSRRSSUSVURSSSSSRRVRSRRVVS=
SSVVVVSVVTSSTVTVTSTVVVVWTSTVVWTVVVVVVVVSVSSSSSVSWSSWWVVVVSSVVVVVSVVVSVVVVVWVSSVVVWSVVSSSS@
WVZWWWVWWZZWWWVWWWWWWVWWWYZWWWWWVWVWWVWWVZZZWWWWWWWZWZWWWVWWVZWWWWWWYYWVWWVWWWWZZZWWYVWWV@
Z[Z[WWZZWWZZZXXZZZZWZXZZ[X[[[ZZWZZZZZWZZXWWZXZWZWZZZZZZZZZ[ZW[ZZ[ZZ[ZWWZ[[ZZWZZZZ[[WZZZZZA
[[^[^[^[[]^[^[[[[[[[[[^^[[[[^^[[[[[^^[[[^^[[[[[[[^]^[[[[^[[^^[[[^ZZ[[^[[[^^^^[[ZZ[[][[[[^-
^_^\^_\^[__^^_^^__^^^^___^__^\_\\_^^^^\^^_[__^^__^_^__^^\[^^_^_^^_^\_^_^^\^\^[^[[__^\^^^\-
ba_`__aa_____aaaab__a_aa``ab__a__a___b__a____`___a__a______a_a_b_a__a__`_aa`a__aa_abaa``a.
abbbbbbbababbabebababbbbbbbbbbbbbbbbbabaaababbabbbbbbaabbabbaabbabbdbabbbaaabbabbabababbb.
eeebeccbefbefefeffbbbeffeecbfbeeeebefebebefbceefeceefefffffbfebeebeeebebfeebfecbbbeeecffc/
ffiffffffffififfffffffffffffieffffffffffiifffiiffffiffiifffffffiffffffiffffffhffffffffiif/
ijjgijggjfifjjgijijjjjigjijgjiiijijjiiiffjijjjjjjijjijijjiijiijjjiigfijjjjjijjjjjjjgijjjj0
jjmjjjjjllllljjjkljlkjjmljljljjjkkjjjmkljjjjkjjjmljjklljljljjjkllkjmjjlljlkllmkllkklljllj1
mmlmmlmmmmlmmmmmkmmlmmlmmmmmmmmmmmmmmmmmlmmmmlmmlmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm2
npoppnomnomnmppnopomopommmnopmpnmonpppomopmooopmoppponpppmmpnompmompopnnompnopmmmmmoopoom2
ppppppqpppppppppsqpqprpppppppprpqppqrrprpqspppqrppprpppprqqrppppqpppprprpqpppqppppppppppr'
pssssssqrssssssspqssssssprqsssssssqrqssqsrrsqssrrqrsssrqsspsqqsspsqqsssspsssssqqqrrsqssss(
vtwvtvvttstvwwvtwsvsswvtsvtsvtwstwvsssvvtsssssswvswsssswsttvsssswwsssvwstwvswvssswtvvsvvv(
wwwwwwwwwwwwxwwwxwwwwwwwwwwtwwwwwwxwwwwwuwwwwwwxtwwwwwwwwwwwwwwwwwwxwxwwwwwwwwwwwwwxwwwww)
xyyzzzwyzyzzzzwzwwxzzyxzzzyyzzxxzzwxxxyxxxzzzzxyyyywzzzxyyxzzxzxzxyywyzzzwxxzxzyyxzzxwzzz*
xyyzzzwyzyzzzzwzwwxzzyxzzzyyzzxxzzwxxzz|zz|{zzz{|zzz{z{zzzzzzz|z{z{z{{z{zzzzzz{{{zzz{z{{{+
zz{{zz|{zzzzzz|}zzzzzzzzzz{z{|zz{zzz|{}}}}{}}}}{}{}}}}{}}}}{}}}}}}}{}}{}{}}{{}}zz}}}{}}}},
}}}{{{}}}{{}{{{}}{}}{{}}}{}}}{z}{}}{}{}}}}{}}}}{}{}}}}{}}}}{}}}}}}}{}}{}{}}{{}}zz}}}{}}}},
Shell.Explorer
about:blank
DVCLAL(
没有防病毒引擎扫描信息!

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 3.21 seconds )

  • 2.254 Static
  • 0.605 peid
  • 0.313 TargetInfo
  • 0.018 AnalysisInfo
  • 0.011 Strings
  • 0.004 BehaviorAnalysis
  • 0.004 Memory
  • 0.001 config_decoder

Signatures ( 0.076 seconds )

  • 0.011 antiav_detectreg
  • 0.009 md_domain_bl
  • 0.009 md_url_bl
  • 0.005 anomaly_persistence_autorun
  • 0.005 infostealer_ftp
  • 0.004 antiav_detectfile
  • 0.004 ransomware_files
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_im
  • 0.003 ransomware_extensions
  • 0.002 tinba_behavior
  • 0.002 antianalysis_detectreg
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.001 rat_nanocore
  • 0.001 betabot_behavior
  • 0.001 cerber_behavior
  • 0.001 geodo_banking_trojan
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop

Reporting ( 0.569 seconds )

  • 0.537 ReportHTMLSummary
  • 0.032 Malheur
Task ID 675362
Mongo ID 61f4ef8cdc327b6ec4156abe
Cuckoo release 1.4-Maldun