比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2022-01-29 19:45:03 2022-01-29 19:45:58 55 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 博宇人物透视.exe
文件大小 1024000 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 d0a03049ae5febaa4b0ba8f694a77dc0
SHA1 5624e8acd9c0309ba87fae6ccf5f26bdbbc31332
SHA256 5947e325afe4f564f881da65ab34141dad8d464a225bb018b37f6193ffe9ed04
SHA512 3b8cd362d985f1ebf35f2f91b3d2bc6a166ef61512b08d2e57b08da42e1734a59d8de481c29d0099e8474d9f78054f2304fe300888d7a55ad8e52a22702f4ab2
CRC32 C51200B3
Ssdeep 24576:U+AeEh20kqOEqw85t7fAx7Zo5lG4nCsHrMaLxn:U+AeEh20Yw8zAxqlG4CsLMaB
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
119.96.89.91 未知 中国
14.215.158.24 未知 中国
183.3.226.29 未知 中国
45.125.58.206 未知 中国
47.98.88.98 未知 中国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
yuhuan6.lanzoux.com 未知 A 119.96.89.91
CNAME all.lanzoux.com.w.kunlungr.com
www.lanzoux.com 未知
developer.lanzoug.com 未知 A 47.98.88.98
jq.qq.com 未知 A 14.215.158.24
qm.qq.com 未知 A 183.3.226.29

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00497b3b
声明校验值 0x00000000
实际校验值 0x000fa470
最低操作系统版本要求 4.0
编译时间 2021-07-30 23:22:05
载入哈希 a970b0beb20ba86c965bd1c618e6424e
图标
图标精确哈希值 7e8d0dbe5de19f74f384ae459c5abecf
图标相似性哈希值 439e81c5165936c3ea55d4df339c6380

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000b83c2 0x000b9000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.56
.rdata 0x000ba000 0x00021da4 0x00022000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.05
.data 0x000dc000 0x00068a0a 0x00018000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.05
.rsrc 0x00145000 0x00005b20 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.78

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TEXTINCLUDE 0x00145c78 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x00145c78 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x00145c78 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
RT_CURSOR 0x00146168 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x00146168 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x00146168 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x00146168 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_BITMAP 0x001479dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001479dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001479dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001479dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001479dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001479dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001479dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001479dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001479dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001479dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001479dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001479dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001479dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001479dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001479dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_ICON 0x00148340 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_ICON 0x00148340 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_ICON 0x00148340 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_ICON 0x00148340 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_ICON 0x00148340 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_MENU 0x001489b4 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_MENU 0x001489b4 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_DIALOG 0x00149bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00149bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00149bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00149bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00149bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00149bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00149bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00149bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00149bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00149bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_STRING 0x0014a644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0014a644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0014a644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0014a644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0014a644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0014a644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0014a644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0014a644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0014a644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0014a644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0014a644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_GROUP_CURSOR 0x0014a690 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x0014a690 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x0014a690 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON 0x0014a6f8 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x0014a6f8 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x0014a6f8 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION 0x0014a70c 0x00000244 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.82 data
RT_MANIFEST 0x0014a950 0x000001cd LANG_NEUTRAL SUBLANG_NEUTRAL 5.08 XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: RASAPI32.dll:
0x4ba40c RasHangUpA
库: WINMM.dll:
0x4ba6c4 midiStreamRestart
0x4ba6c8 midiStreamClose
0x4ba6cc midiOutReset
0x4ba6d0 midiStreamStop
0x4ba6d4 midiStreamOut
0x4ba6d8 waveOutRestart
0x4ba6e4 waveOutWrite
0x4ba6e8 waveOutPause
0x4ba6ec waveOutReset
0x4ba6f4 midiStreamProperty
0x4ba6f8 midiStreamOpen
0x4ba700 waveOutOpen
0x4ba704 waveOutGetNumDevs
0x4ba708 waveOutClose
库: WS2_32.dll:
0x4ba720 WSACleanup
0x4ba724 WSAStartup
0x4ba728 inet_ntoa
0x4ba72c select
0x4ba730 send
0x4ba734 closesocket
0x4ba738 WSAAsyncSelect
0x4ba73c ntohl
0x4ba740 accept
0x4ba744 getpeername
0x4ba748 recv
0x4ba74c ioctlsocket
0x4ba750 recvfrom
库: KERNEL32.dll:
0x4ba178 GetFileType
0x4ba17c DuplicateHandle
0x4ba180 GetCurrentProcess
0x4ba188 GetLocalTime
0x4ba190 SetFileTime
0x4ba194 TerminateThread
0x4ba19c SetLastError
0x4ba1a0 TerminateProcess
0x4ba1a4 MultiByteToWideChar
0x4ba1a8 GetVersion
0x4ba1ac WideCharToMultiByte
0x4ba1b0 CreateMutexA
0x4ba1b4 ReleaseMutex
0x4ba1b8 SuspendThread
0x4ba1bc SetFilePointer
0x4ba1c8 lstrcpynA
0x4ba1cc lstrcmpiA
0x4ba1d0 lstrcmpA
0x4ba1d4 IsDBCSLeadByte
0x4ba1d8 CreateSemaphoreA
0x4ba1dc ResumeThread
0x4ba1e0 ReleaseSemaphore
0x4ba1ec InterlockedExchange
0x4ba1f0 IsBadCodePtr
0x4ba1f4 IsBadReadPtr
0x4ba1f8 CompareStringW
0x4ba1fc CompareStringA
0x4ba200 GetStringTypeW
0x4ba204 GetStringTypeA
0x4ba20c IsBadWritePtr
0x4ba210 VirtualAlloc
0x4ba214 LCMapStringW
0x4ba218 LCMapStringA
0x4ba220 VirtualFree
0x4ba224 HeapCreate
0x4ba228 HeapDestroy
0x4ba230 GetStdHandle
0x4ba234 SetHandleCount
0x4ba24c SetStdHandle
0x4ba250 GetACP
0x4ba254 HeapSize
0x4ba258 RaiseException
0x4ba25c GetSystemTime
0x4ba260 RtlUnwind
0x4ba264 GetStartupInfoA
0x4ba268 GetOEMCP
0x4ba26c GetCPInfo
0x4ba270 GetProcessVersion
0x4ba274 SetErrorMode
0x4ba278 GlobalFlags
0x4ba27c GetCurrentThread
0x4ba280 GetFileTime
0x4ba284 TlsGetValue
0x4ba288 LocalReAlloc
0x4ba28c TlsSetValue
0x4ba290 TlsFree
0x4ba294 GlobalHandle
0x4ba298 TlsAlloc
0x4ba29c LocalAlloc
0x4ba2a0 GlobalGetAtomNameA
0x4ba2a4 GlobalAddAtomA
0x4ba2a8 GlobalFindAtomA
0x4ba2ac GlobalDeleteAtom
0x4ba2b0 SetEndOfFile
0x4ba2b4 UnlockFile
0x4ba2b8 LockFile
0x4ba2bc FlushFileBuffers
0x4ba2c0 LocalFree
0x4ba2cc GetProfileStringA
0x4ba2d0 WriteFile
0x4ba2d4 ReadFile
0x4ba2dc CreateFileA
0x4ba2e0 SetEvent
0x4ba2e4 FindResourceA
0x4ba2e8 CloseHandle
0x4ba2ec WaitForSingleObject
0x4ba2f0 CreateProcessA
0x4ba2f4 GetTickCount
0x4ba2f8 GetCommandLineA
0x4ba2fc MulDiv
0x4ba300 GetProcAddress
0x4ba304 GetModuleHandleA
0x4ba314 CreateDirectoryA
0x4ba318 DeleteFileA
0x4ba31c LoadResource
0x4ba320 LockResource
0x4ba324 lstrlenW
0x4ba328 GetModuleFileNameA
0x4ba32c GetCurrentThreadId
0x4ba330 ExitProcess
0x4ba334 GlobalSize
0x4ba338 GlobalFree
0x4ba344 lstrcatA
0x4ba348 lstrlenA
0x4ba34c WinExec
0x4ba350 lstrcpyA
0x4ba354 FindNextFileA
0x4ba358 GlobalReAlloc
0x4ba35c HeapFree
0x4ba360 HeapReAlloc
0x4ba364 GetProcessHeap
0x4ba368 HeapAlloc
0x4ba36c GetUserDefaultLCID
0x4ba370 GetFullPathNameA
0x4ba374 FreeLibrary
0x4ba378 LoadLibraryA
0x4ba37c GetLastError
0x4ba380 GetVersionExA
0x4ba388 CreateThread
0x4ba38c CreateEventA
0x4ba390 Sleep
0x4ba398 GlobalAlloc
0x4ba39c GlobalLock
0x4ba3a0 GlobalUnlock
0x4ba3a4 FindFirstFileA
0x4ba3a8 FindClose
0x4ba3ac SetFileAttributesA
0x4ba3b0 GetFileAttributesA
0x4ba3b4 GetFileSize
库: USER32.dll:
0x4ba424 FindWindowExA
0x4ba428 GetDlgItem
0x4ba42c OpenClipboard
0x4ba430 GetClipboardData
0x4ba434 CloseClipboard
0x4ba438 wsprintfA
0x4ba43c WaitForInputIdle
0x4ba440 GetForegroundWindow
0x4ba444 GetWindowTextA
0x4ba448 DestroyMenu
0x4ba44c SetClipboardData
0x4ba450 EmptyClipboard
0x4ba454 GetSystemMetrics
0x4ba458 GetCursorPos
0x4ba45c MessageBoxA
0x4ba460 SetWindowPos
0x4ba464 GetClassNameA
0x4ba468 GetDesktopWindow
0x4ba46c SetWindowTextA
0x4ba470 CharUpperA
0x4ba474 TranslateMessage
0x4ba478 LoadIconA
0x4ba47c DrawFrameControl
0x4ba480 DrawEdge
0x4ba484 DrawFocusRect
0x4ba488 WindowFromPoint
0x4ba48c GetMessageA
0x4ba490 DispatchMessageA
0x4ba494 SetRectEmpty
0x4ba4a4 DrawIconEx
0x4ba4a8 CreatePopupMenu
0x4ba4ac AppendMenuA
0x4ba4b0 ModifyMenuA
0x4ba4b4 CreateMenu
0x4ba4bc GetDlgCtrlID
0x4ba4c0 GetSubMenu
0x4ba4c4 EnableMenuItem
0x4ba4c8 ClientToScreen
0x4ba4d0 LoadImageA
0x4ba4d8 ShowWindow
0x4ba4dc IsWindowEnabled
0x4ba4e4 GetKeyState
0x4ba4e8 GetSysColorBrush
0x4ba4ec LoadStringA
0x4ba4f4 GetMenuState
0x4ba4f8 SetMenuItemBitmaps
0x4ba4fc CheckMenuItem
0x4ba500 MoveWindow
0x4ba504 IsDialogMessageA
0x4ba508 ScrollWindowEx
0x4ba50c SendDlgItemMessageA
0x4ba510 MapWindowPoints
0x4ba514 AdjustWindowRectEx
0x4ba518 GetScrollPos
0x4ba51c RegisterClassA
0x4ba520 GetMenuItemCount
0x4ba524 GetMenuItemID
0x4ba528 CreateWindowExA
0x4ba52c SetWindowsHookExA
0x4ba530 CallNextHookEx
0x4ba534 GetClassLongA
0x4ba538 SetPropA
0x4ba53c UnhookWindowsHookEx
0x4ba540 GetPropA
0x4ba544 CallWindowProcA
0x4ba548 RemovePropA
0x4ba550 PostQuitMessage
0x4ba554 IsZoomed
0x4ba558 GetClassInfoA
0x4ba55c DefWindowProcA
0x4ba560 GetSystemMenu
0x4ba564 DeleteMenu
0x4ba568 GetMenu
0x4ba56c SetMenu
0x4ba570 PeekMessageA
0x4ba574 IsIconic
0x4ba578 SetFocus
0x4ba57c GetActiveWindow
0x4ba580 GetWindow
0x4ba588 SetWindowRgn
0x4ba58c GetMessagePos
0x4ba590 ScreenToClient
0x4ba598 CopyRect
0x4ba59c LoadBitmapA
0x4ba5a0 WinHelpA
0x4ba5a4 KillTimer
0x4ba5a8 SetTimer
0x4ba5ac ReleaseCapture
0x4ba5b0 GetCapture
0x4ba5b4 SetCapture
0x4ba5b8 GetScrollRange
0x4ba5bc SetScrollRange
0x4ba5c0 SetScrollPos
0x4ba5c4 SetRect
0x4ba5c8 InflateRect
0x4ba5cc IntersectRect
0x4ba5d0 DestroyIcon
0x4ba5d4 PtInRect
0x4ba5d8 OffsetRect
0x4ba5dc IsWindowVisible
0x4ba5e0 EnableWindow
0x4ba5e4 RedrawWindow
0x4ba5e8 GetWindowLongA
0x4ba5ec SetWindowLongA
0x4ba5f0 GetSysColor
0x4ba5f4 SetActiveWindow
0x4ba5f8 SetCursorPos
0x4ba5fc LoadCursorA
0x4ba600 SetCursor
0x4ba604 GetDC
0x4ba608 FillRect
0x4ba60c IsRectEmpty
0x4ba610 ReleaseDC
0x4ba614 IsChild
0x4ba618 UnregisterClassA
0x4ba61c SetForegroundWindow
0x4ba620 GetWindowRect
0x4ba624 EqualRect
0x4ba628 UpdateWindow
0x4ba62c ValidateRect
0x4ba630 InvalidateRect
0x4ba634 GetClientRect
0x4ba638 GetFocus
0x4ba63c GetParent
0x4ba640 GetTopWindow
0x4ba644 PostMessageA
0x4ba648 IsWindow
0x4ba64c SetParent
0x4ba650 DestroyCursor
0x4ba654 SendMessageA
0x4ba65c GetWindowDC
0x4ba660 BeginPaint
0x4ba664 EndPaint
0x4ba668 TabbedTextOutA
0x4ba66c DrawTextA
0x4ba670 GrayStringA
0x4ba674 DestroyWindow
0x4ba67c EndDialog
0x4ba680 GetNextDlgTabItem
0x4ba684 GetWindowPlacement
0x4ba68c GetLastActivePopup
0x4ba690 GetMessageTime
库: GDI32.dll:
0x4ba02c PtVisible
0x4ba030 GetViewportExtEx
0x4ba034 ExtSelectClipRgn
0x4ba038 LineTo
0x4ba03c MoveToEx
0x4ba040 ExcludeClipRect
0x4ba044 GetClipBox
0x4ba048 ScaleWindowExtEx
0x4ba04c SetWindowExtEx
0x4ba050 CreatePalette
0x4ba054 StretchBlt
0x4ba058 SelectPalette
0x4ba05c RectVisible
0x4ba060 GetDIBits
0x4ba064 GetWindowExtEx
0x4ba068 GetViewportOrgEx
0x4ba06c GetWindowOrgEx
0x4ba070 BeginPath
0x4ba074 EndPath
0x4ba078 PathToRegion
0x4ba07c CreateEllipticRgn
0x4ba080 CreateRoundRectRgn
0x4ba084 GetTextColor
0x4ba088 GetBkMode
0x4ba08c GetBkColor
0x4ba090 GetROP2
0x4ba094 GetStretchBltMode
0x4ba098 GetPolyFillMode
0x4ba0a0 CreateDCA
0x4ba0a4 CreateBitmap
0x4ba0a8 SelectObject
0x4ba0ac CreatePen
0x4ba0b0 PatBlt
0x4ba0b4 CombineRgn
0x4ba0b8 CreateRectRgn
0x4ba0bc FillRgn
0x4ba0c0 CreateSolidBrush
0x4ba0c4 CreateFontIndirectA
0x4ba0c8 GetStockObject
0x4ba0cc GetObjectA
0x4ba0d0 EndPage
0x4ba0d4 EndDoc
0x4ba0d8 DeleteDC
0x4ba0dc StartDocA
0x4ba0e0 StartPage
0x4ba0e4 BitBlt
0x4ba0e8 CreateCompatibleDC
0x4ba0ec Ellipse
0x4ba0f0 Rectangle
0x4ba0f4 LPtoDP
0x4ba0f8 DPtoLP
0x4ba0fc GetCurrentObject
0x4ba100 RoundRect
0x4ba108 GetDeviceCaps
0x4ba10c TextOutA
0x4ba110 ExtTextOutA
0x4ba114 Escape
0x4ba118 GetTextMetricsA
0x4ba120 CreateDIBitmap
0x4ba124 SelectClipRgn
0x4ba128 CreatePolygonRgn
0x4ba12c GetClipRgn
0x4ba130 SetStretchBltMode
0x4ba138 SetBkColor
0x4ba13c RealizePalette
0x4ba140 SaveDC
0x4ba144 RestoreDC
0x4ba148 SetBkMode
0x4ba14c SetPolyFillMode
0x4ba150 SetROP2
0x4ba154 SetTextColor
0x4ba158 SetMapMode
0x4ba15c SetViewportOrgEx
0x4ba160 OffsetViewportOrgEx
0x4ba164 SetViewportExtEx
0x4ba168 ScaleViewportExtEx
0x4ba16c SetWindowOrgEx
0x4ba170 DeleteObject
库: WINSPOOL.DRV:
0x4ba710 OpenPrinterA
0x4ba714 DocumentPropertiesA
0x4ba718 ClosePrinter
库: ADVAPI32.dll:
0x4ba000 RegQueryValueA
0x4ba004 RegCreateKeyA
0x4ba008 RegSetValueExA
0x4ba00c RegOpenKeyExA
0x4ba010 RegQueryValueExA
0x4ba014 RegCloseKey
0x4ba018 RegCreateKeyExA
库: SHELL32.dll:
0x4ba418 Shell_NotifyIconA
0x4ba41c ShellExecuteA
库: ole32.dll:
0x4ba76c CLSIDFromProgID
0x4ba770 OleRun
0x4ba774 CoCreateInstance
0x4ba778 CLSIDFromString
0x4ba77c OleUninitialize
0x4ba780 OleInitialize
库: OLEAUT32.dll:
0x4ba3bc SafeArrayAccessData
0x4ba3c0 SafeArrayGetElement
0x4ba3c4 VariantCopyInd
0x4ba3c8 VariantInit
0x4ba3cc SysAllocString
0x4ba3d0 SafeArrayDestroy
0x4ba3d4 SafeArrayCreate
0x4ba3d8 SafeArrayPutElement
0x4ba3dc RegisterTypeLib
0x4ba3e0 LHashValOfNameSys
0x4ba3e8 SafeArrayGetDim
0x4ba3ec SafeArrayGetLBound
0x4ba3f0 SafeArrayGetUBound
0x4ba3f4 VariantChangeType
0x4ba3f8 VariantClear
0x4ba3fc LoadTypeLib
0x4ba400 UnRegisterTypeLib
0x4ba404 VariantCopy
库: COMCTL32.dll:
0x4ba020 None
0x4ba024 ImageList_Destroy
库: WININET.dll:
0x4ba69c InternetCrackUrlA
0x4ba6a0 HttpOpenRequestA
0x4ba6a4 HttpSendRequestA
0x4ba6a8 HttpQueryInfoA
0x4ba6ac InternetReadFile
0x4ba6b0 InternetConnectA
0x4ba6b4 InternetSetOptionA
0x4ba6b8 InternetCloseHandle
0x4ba6bc InternetOpenA
库: comdlg32.dll:
0x4ba758 GetSaveFileNameA
0x4ba75c GetFileTitleA
0x4ba760 GetOpenFileNameA
0x4ba764 ChooseColorA
.text
`.rdata
@.data
.rsrc
D$$0dL
D$(0dL
D$(0dL
D$<0dL
D$P0dL
D$00dL
D$00dL
D$D0dL
D$$0dL
D$$0dL
D$$0dL
D$$0dL
D$$0dL
D$00dL
8`}<j
T$hVj
F<p|L
F<h|L
DRQPj
T$|Vj
F<p|L
T$th
|$`Vj
F<p|L
jjjjh
没有防病毒引擎扫描信息!

进程树

__________________.exe, PID: 2544, 上一级进程 PID: 2184
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
119.96.89.91 未知 中国
14.215.158.24 未知 中国
183.3.226.29 未知 中国
45.125.58.206 未知 中国
47.98.88.98 未知 中国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49161 119.96.89.91 yuhuan6.lanzoux.com 443
192.168.122.201 49162 119.96.89.91 yuhuan6.lanzoux.com 443
192.168.122.201 49166 14.215.158.24 jq.qq.com 443
192.168.122.201 49167 14.215.158.24 jq.qq.com 443
192.168.122.201 49168 183.3.226.29 qm.qq.com 80
192.168.122.201 49169 183.3.226.29 qm.qq.com 80
192.168.122.201 49170 183.3.226.29 qm.qq.com 443
192.168.122.201 49171 183.3.226.29 qm.qq.com 443
192.168.122.201 49164 23.194.213.147 80
192.168.122.201 49160 45.125.58.206 94
192.168.122.201 49163 47.98.88.98 developer.lanzoug.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 52207 192.168.122.1 53
192.168.122.201 53125 192.168.122.1 53
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
yuhuan6.lanzoux.com 未知 A 119.96.89.91
CNAME all.lanzoux.com.w.kunlungr.com
www.lanzoux.com 未知
developer.lanzoug.com 未知 A 47.98.88.98
jq.qq.com 未知 A 14.215.158.24
qm.qq.com 未知 A 183.3.226.29

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49161 119.96.89.91 yuhuan6.lanzoux.com 443
192.168.122.201 49162 119.96.89.91 yuhuan6.lanzoux.com 443
192.168.122.201 49166 14.215.158.24 jq.qq.com 443
192.168.122.201 49167 14.215.158.24 jq.qq.com 443
192.168.122.201 49168 183.3.226.29 qm.qq.com 80
192.168.122.201 49169 183.3.226.29 qm.qq.com 80
192.168.122.201 49170 183.3.226.29 qm.qq.com 443
192.168.122.201 49171 183.3.226.29 qm.qq.com 443
192.168.122.201 49164 23.194.213.147 80
192.168.122.201 49160 45.125.58.206 94
192.168.122.201 49163 47.98.88.98 developer.lanzoug.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 52207 192.168.122.1 53
192.168.122.201 53125 192.168.122.1 53
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://45.125.58.206:94/qun6.txt 
GET /qun6.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: 45.125.58.206:94
Cache-Control: no-cache
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache
URL专业沙箱检测 -> http://qm.qq.com/cgi-bin/qm/qr?k=N6zpEKjad8SAgopxCP6SrjeSwwGSRhlN&authKey=NVfYFYJw%2BBSLYZCuClmr9tmyl6m8Jwdm52Qj4quB%2BFQR%2BEd3XENxJ33JQle09QzC&noverify=0&group_code=797993389 
GET /cgi-bin/qm/qr?k=N6zpEKjad8SAgopxCP6SrjeSwwGSRhlN&authKey=NVfYFYJw%2BBSLYZCuClmr9tmyl6m8Jwdm52Qj4quB%2BFQR%2BEd3XENxJ33JQle09QzC&noverify=0&group_code=797993389 HTTP/1.1
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: qm.qq.com
Connection: Keep-Alive

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp Source IP Source Port Destination IP Destination Port Protocol SID Signature Category
2022-01-29 19:45:47.523810+0800 192.168.122.201 49160 45.125.58.206 94 TCP 2016879 ET POLICY Unsupported/Fake Windows NT Version 5.0 Potential Corporate Privacy Violation

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2022-01-29 19:45:26.288439+0800 192.168.122.201 49161 119.96.89.91 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2 CN=*.lanzoux.com 48:2c:33:a2:80:7e:6d:24:fd:e2:44:c0:04:70:01:53:5c:88:1a:24
2022-01-29 19:45:49.228800+0800 192.168.122.201 49167 14.215.158.24 443 TLS 1.2 C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3 C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=jq.qq.com be:fe:55:f5:e9:1e:0a:df:14:de:30:5a:58:49:6e:43:23:ca:9f:48
2022-01-29 19:45:26.954374+0800 192.168.122.201 49162 119.96.89.91 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2 CN=*.lanzoux.com 48:2c:33:a2:80:7e:6d:24:fd:e2:44:c0:04:70:01:53:5c:88:1a:24
2022-01-29 19:45:50.027320+0800 192.168.122.201 49170 183.3.226.29 443 TLS 1.2 C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3 C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=qqweb.qq.com 77:01:9e:0f:3c:8e:0f:41:b9:e6:63:14:ac:cc:34:72:e0:d4:fb:69
2022-01-29 19:45:50.123150+0800 192.168.122.201 49171 183.3.226.29 443 TLS 1.2 C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3 C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=qqweb.qq.com 77:01:9e:0f:3c:8e:0f:41:b9:e6:63:14:ac:cc:34:72:e0:d4:fb:69
2022-01-29 19:45:27.341636+0800 192.168.122.201 49163 47.98.88.98 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2 CN=*.lanzoug.com 82:e2:cf:f4:10:c6:f3:b9:96:01:2f:d7:2f:22:c6:66:93:54:07:9a
2022-01-29 19:45:47.880579+0800 192.168.122.201 49166 14.215.158.24 443 TLS 1.2 C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3 C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=jq.qq.com be:fe:55:f5:e9:1e:0a:df:14:de:30:5a:58:49:6e:43:23:ca:9f:48

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 34.566 seconds )

  • 20.613 NetworkAnalysis
  • 11.146 Suricata
  • 1.084 Static
  • 0.899 BehaviorAnalysis
  • 0.426 TargetInfo
  • 0.369 peid
  • 0.014 AnalysisInfo
  • 0.011 Strings
  • 0.002 Memory
  • 0.002 config_decoder

Signatures ( 47.629 seconds )

  • 45.853 network_http
  • 1.381 md_url_bl
  • 0.067 antiav_detectreg
  • 0.039 api_spamming
  • 0.032 stealth_timeout
  • 0.031 stealth_decoy_document
  • 0.024 infostealer_ftp
  • 0.016 md_domain_bl
  • 0.014 antianalysis_detectreg
  • 0.014 infostealer_im
  • 0.01 antivm_generic_scsi
  • 0.008 antivm_generic_services
  • 0.008 infostealer_mail
  • 0.007 mimics_filetime
  • 0.006 reads_self
  • 0.006 anormaly_invoke_kills
  • 0.006 antiav_detectfile
  • 0.006 geodo_banking_trojan
  • 0.005 stealth_file
  • 0.005 anomaly_persistence_autorun
  • 0.005 ransomware_files
  • 0.004 bootkit
  • 0.004 infostealer_bitcoin
  • 0.004 ransomware_extensions
  • 0.003 infostealer_browser
  • 0.003 betabot_behavior
  • 0.003 kibex_behavior
  • 0.003 antivm_generic_disk
  • 0.003 infostealer_browser_password
  • 0.003 virus
  • 0.003 antivm_parallels_keys
  • 0.003 antivm_xen_keys
  • 0.003 darkcomet_regkeys
  • 0.003 network_torgateway
  • 0.002 tinba_behavior
  • 0.002 antiemu_wine_func
  • 0.002 shifu_behavior
  • 0.002 antidbg_windows
  • 0.002 kovter_behavior
  • 0.002 hancitor_behavior
  • 0.002 antivm_generic_diskreg
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 recon_fingerprint
  • 0.001 antivm_vbox_libs
  • 0.001 rat_nanocore
  • 0.001 ipc_namedpipe
  • 0.001 exec_crash
  • 0.001 cerber_behavior
  • 0.001 bypass_firewall
  • 0.001 antisandbox_productid
  • 0.001 antivm_xen_keys
  • 0.001 antivm_hyperv_keys
  • 0.001 antivm_vbox_acpi
  • 0.001 antivm_vbox_keys
  • 0.001 antivm_vmware_keys
  • 0.001 antivm_vpc_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 maldun_anomaly_invoke_vb_vba
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 packer_armadillo_regkey
  • 0.001 rat_pcclient

Reporting ( 0.63 seconds )

  • 0.503 ReportHTMLSummary
  • 0.127 Malheur
Task ID 675386
Mongo ID 61f529597e769a11525d8521
Cuckoo release 1.4-Maldun