比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2022-03-29 09:48:26 2022-03-29 09:51:00 154 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 卢本伟病毒.exe
文件大小 13287424 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c71091507f731c203b6c93bc91adedb6
SHA1 dcd5b64c10370556936115e1f149656cea967ade
SHA256 189bdd9d225537cdd803931a50eb308f6a952259fb74768879aa44df7648e222
SHA512 ebc2881022f846d76d7fcebf15de9781204f7d8e7517ab52c64326d1c2fd5c7b7eff3d9fca253213ca43d8f7125cc44be182e72edf4c74d251d19eb79611f4ed
CRC32 4855688B
Ssdeep 196608:B07lhv4+zaZK4DT81o3LAKmP0R/7pS2E5RV9BYb3mnSdK/zvwpyFl1v6psjLmE:G7zxzaZKt1o3IP0RsLRVk4fFl1v6pQF
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00465088
声明校验值 0x00000000
实际校验值 0x00cbbaf0
最低操作系统版本要求 4.0
编译时间 2018-01-20 12:24:21
载入哈希 1715ba385f7de8bcd6119a79bcc91dae
图标
图标精确哈希值 320433a4a56d6910e3bf7b8e13a66f6f
图标相似性哈希值 6e5769d3291d443f1216f38341c80b06

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000831fa 0x00084000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.55
.rdata 0x00085000 0x00bf958a 0x00bfa000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.68
.data 0x00c7f000 0x0002e04a 0x00012000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.18
.rsrc 0x00cae000 0x0001ac18 0x0001b000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.49

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TEXTINCLUDE 0x00caee00 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x00caee00 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x00caee00 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
RT_CURSOR 0x00caf2f0 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x00caf2f0 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x00caf2f0 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x00caf2f0 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_BITMAP 0x00cb09f8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00cb09f8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00cb09f8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00cb09f8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00cb09f8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00cb09f8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00cb09f8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00cb09f8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00cb09f8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00cb09f8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00cb09f8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00cb09f8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00cb09f8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00cb09f8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_ICON 0x00cc6584 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.85 GLS_BINARY_LSB_FIRST
RT_ICON 0x00cc6584 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.85 GLS_BINARY_LSB_FIRST
RT_ICON 0x00cc6584 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.85 GLS_BINARY_LSB_FIRST
RT_ICON 0x00cc6584 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.85 GLS_BINARY_LSB_FIRST
RT_ICON 0x00cc6584 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.85 GLS_BINARY_LSB_FIRST
RT_ICON 0x00cc6584 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.85 GLS_BINARY_LSB_FIRST
RT_ICON 0x00cc6584 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.85 GLS_BINARY_LSB_FIRST
RT_ICON 0x00cc6584 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.85 GLS_BINARY_LSB_FIRST
RT_ICON 0x00cc6584 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.85 GLS_BINARY_LSB_FIRST
RT_ICON 0x00cc6584 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.85 GLS_BINARY_LSB_FIRST
RT_ICON 0x00cc6584 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.85 GLS_BINARY_LSB_FIRST
RT_ICON 0x00cc6584 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.85 GLS_BINARY_LSB_FIRST
RT_ICON 0x00cc6584 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.85 GLS_BINARY_LSB_FIRST
RT_ICON 0x00cc6584 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.85 GLS_BINARY_LSB_FIRST
RT_ICON 0x00cc6584 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.85 GLS_BINARY_LSB_FIRST
RT_MENU 0x00cc69f8 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_MENU 0x00cc69f8 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_DIALOG 0x00cc7c40 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00cc7c40 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00cc7c40 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00cc7c40 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00cc7c40 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00cc7c40 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00cc7c40 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00cc7c40 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00cc7c40 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00cc7c40 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_STRING 0x00cc8688 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00cc8688 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00cc8688 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00cc8688 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00cc8688 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00cc8688 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00cc8688 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00cc8688 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00cc8688 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00cc8688 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00cc8688 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_GROUP_CURSOR 0x00cc86d4 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x00cc86d4 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x00cc86d4 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON 0x00cc87c8 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x00cc87c8 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x00cc87c8 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION 0x00cc87dc 0x0000026c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.57 data
RT_MANIFEST 0x00cc8a48 0x000001cd LANG_NEUTRAL SUBLANG_NEUTRAL 5.08 XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: WINMM.dll:
0x485640 midiStreamOut
0x485648 waveOutOpen
0x485650 midiStreamOpen
0x485654 midiStreamProperty
0x485658 waveOutReset
0x48565c waveOutPause
0x485660 waveOutWrite
0x48566c midiStreamStop
0x485670 midiOutReset
0x485674 midiStreamClose
0x485678 midiStreamRestart
0x48567c waveOutGetNumDevs
0x485680 waveOutClose
库: WS2_32.dll:
0x485698 WSAAsyncSelect
0x48569c closesocket
0x4856a0 WSACleanup
0x4856a4 recvfrom
0x4856a8 ioctlsocket
0x4856ac inet_ntoa
0x4856b0 recv
0x4856b4 accept
0x4856b8 getpeername
库: KERNEL32.dll:
0x485180 MultiByteToWideChar
0x485184 SetLastError
0x48518c GetVersion
0x485190 HeapSize
0x485194 RaiseException
0x485198 GetLocalTime
0x48519c GetSystemTime
0x4851a0 GetStartupInfoA
0x4851a4 GetOEMCP
0x4851a8 GetCPInfo
0x4851ac GetProcessVersion
0x4851b0 SetErrorMode
0x4851b4 GlobalFlags
0x4851b8 GetCurrentThread
0x4851bc GetFileTime
0x4851c0 TlsGetValue
0x4851c4 LocalReAlloc
0x4851c8 TlsSetValue
0x4851cc TlsFree
0x4851d0 GlobalHandle
0x4851d4 TlsAlloc
0x4851d8 LocalAlloc
0x4851dc lstrcmpA
0x4851e0 GlobalGetAtomNameA
0x4851e4 GlobalAddAtomA
0x4851e8 GlobalFindAtomA
0x4851ec GlobalDeleteAtom
0x4851f0 lstrcmpiA
0x4851f4 SetEndOfFile
0x4851f8 UnlockFile
0x4851fc LockFile
0x485200 FlushFileBuffers
0x485204 DuplicateHandle
0x485208 lstrcpynA
0x485214 LocalFree
0x485218 WideCharToMultiByte
0x485224 OpenProcess
0x485228 TerminateProcess
0x48522c GetCurrentProcess
0x485230 GetFileSize
0x485234 SetFilePointer
0x48523c Process32First
0x485240 Process32Next
0x485244 CreateSemaphoreA
0x485248 ResumeThread
0x48524c ReleaseSemaphore
0x485258 GetProfileStringA
0x48525c WriteFile
0x485264 CreateFileA
0x485268 SetEvent
0x48526c FindResourceA
0x485270 LoadResource
0x485274 LockResource
0x485278 ReadFile
0x48527c RemoveDirectoryA
0x485280 GetModuleFileNameA
0x485284 GetCurrentThreadId
0x485288 ExitProcess
0x48528c GlobalSize
0x485290 GlobalFree
0x48529c lstrcatA
0x4852a0 lstrlenA
0x4852a4 WinExec
0x4852a8 lstrcpyA
0x4852ac InterlockedExchange
0x4852b0 FindNextFileA
0x4852b4 GlobalReAlloc
0x4852b8 HeapFree
0x4852bc HeapReAlloc
0x4852c0 GetProcessHeap
0x4852c4 HeapAlloc
0x4852c8 GetFullPathNameA
0x4852cc FreeLibrary
0x4852d0 LoadLibraryA
0x4852d4 GetLastError
0x4852d8 GetVersionExA
0x4852e0 CreateThread
0x4852e4 CreateEventA
0x4852e8 Sleep
0x4852f0 GlobalAlloc
0x4852f4 GlobalLock
0x4852f8 GlobalUnlock
0x4852fc FindFirstFileA
0x485300 FindClose
0x485304 SetFileAttributesA
0x485308 GetFileAttributesA
0x48530c DeleteFileA
0x485318 GetModuleHandleA
0x48531c GetProcAddress
0x485320 MulDiv
0x485324 GetCommandLineA
0x485328 GetTickCount
0x48532c CreateProcessA
0x485330 WaitForSingleObject
0x485334 CloseHandle
0x485338 GetACP
0x485350 SetHandleCount
0x485354 GetStdHandle
0x485358 GetFileType
0x485360 HeapDestroy
0x485364 HeapCreate
0x485368 VirtualFree
0x485370 LCMapStringA
0x485374 LCMapStringW
0x485378 VirtualAlloc
0x48537c IsBadWritePtr
0x485384 GetStringTypeA
0x485388 GetStringTypeW
0x48538c CompareStringA
0x485390 CompareStringW
0x485394 IsBadReadPtr
0x485398 IsBadCodePtr
0x48539c SetStdHandle
0x4853a0 RtlUnwind
库: USER32.dll:
0x4853c4 IsIconic
0x4853c8 SetFocus
0x4853cc GetActiveWindow
0x4853d0 GetWindow
0x4853d8 PeekMessageA
0x4853dc SetMenu
0x4853e0 GetMenu
0x4853e4 DeleteMenu
0x4853e8 GetSystemMenu
0x4853ec DefWindowProcA
0x4853f0 GetClassInfoA
0x4853f4 IsZoomed
0x4853f8 PostQuitMessage
0x485400 GetKeyState
0x485408 IsWindowEnabled
0x48540c ShowWindow
0x485414 LoadImageA
0x48541c ClientToScreen
0x485420 EnableMenuItem
0x485424 GetSubMenu
0x485428 GetDlgCtrlID
0x485430 SetWindowRgn
0x485434 GetMessagePos
0x485438 ScreenToClient
0x485440 CopyRect
0x485444 LoadBitmapA
0x485448 CreateMenu
0x48544c KillTimer
0x485450 SetTimer
0x485454 ReleaseCapture
0x485458 GetCapture
0x48545c SetCapture
0x485460 GetScrollRange
0x485464 SetScrollRange
0x485468 SetScrollPos
0x48546c SetRect
0x485470 InflateRect
0x485474 IntersectRect
0x485478 GetSysColorBrush
0x48547c DestroyIcon
0x485480 PtInRect
0x485484 OffsetRect
0x485488 IsWindowVisible
0x48548c EnableWindow
0x485490 RedrawWindow
0x485494 GetWindowLongA
0x485498 SetWindowLongA
0x48549c GetSysColor
0x4854a0 SetActiveWindow
0x4854a4 SetCursorPos
0x4854a8 LoadCursorA
0x4854ac SetCursor
0x4854b0 GetDC
0x4854b4 FillRect
0x4854b8 IsRectEmpty
0x4854bc ReleaseDC
0x4854c0 IsChild
0x4854c4 DestroyMenu
0x4854c8 SetForegroundWindow
0x4854cc GetWindowRect
0x4854d0 EqualRect
0x4854d4 UpdateWindow
0x4854d8 ValidateRect
0x4854dc InvalidateRect
0x4854e0 GetClientRect
0x4854e4 GetFocus
0x4854e8 GetParent
0x4854ec GetTopWindow
0x4854f0 PostMessageA
0x4854f4 IsWindow
0x4854f8 SetParent
0x4854fc DestroyCursor
0x485500 SendMessageA
0x485504 SetWindowPos
0x485508 MessageBeep
0x48550c MessageBoxA
0x485510 GetCursorPos
0x485514 GetSystemMetrics
0x485518 EmptyClipboard
0x48551c SetClipboardData
0x485520 OpenClipboard
0x485524 GetClipboardData
0x485528 CloseClipboard
0x48552c wsprintfA
0x485530 WaitForInputIdle
0x485534 ModifyMenuA
0x485538 AppendMenuA
0x48553c CreatePopupMenu
0x485540 DrawIconEx
0x48554c SetRectEmpty
0x485550 DispatchMessageA
0x485554 GetMessageA
0x485558 WindowFromPoint
0x48555c DrawFocusRect
0x485560 DrawEdge
0x485564 DrawFrameControl
0x485568 TranslateMessage
0x48556c LoadIconA
0x485570 GetDesktopWindow
0x485574 GetClassNameA
0x48557c FindWindowA
0x485580 GetDlgItem
0x485584 GetWindowTextA
0x485588 WinHelpA
0x48558c UnregisterClassA
0x485598 CharUpperA
0x48559c GetWindowDC
0x4855a0 BeginPaint
0x4855a4 EndPaint
0x4855a8 TabbedTextOutA
0x4855ac DrawTextA
0x4855b0 GrayStringA
0x4855b4 DestroyWindow
0x4855bc EndDialog
0x4855c0 GetNextDlgTabItem
0x4855c4 GetWindowPlacement
0x4855cc GetForegroundWindow
0x4855d0 GetLastActivePopup
0x4855d4 GetMessageTime
0x4855d8 RemovePropA
0x4855dc CallWindowProcA
0x4855e0 GetPropA
0x4855e4 UnhookWindowsHookEx
0x4855e8 SetPropA
0x4855ec GetClassLongA
0x4855f0 CallNextHookEx
0x4855f4 SetWindowsHookExA
0x4855f8 CreateWindowExA
0x4855fc GetMenuItemID
0x485600 GetMenuItemCount
0x485604 RegisterClassA
0x485608 GetScrollPos
0x48560c AdjustWindowRectEx
0x485610 MapWindowPoints
0x485614 SendDlgItemMessageA
0x485618 ScrollWindowEx
0x48561c IsDialogMessageA
0x485620 SetWindowTextA
0x485624 MoveWindow
0x485628 CheckMenuItem
0x48562c SetMenuItemBitmaps
0x485630 GetMenuState
0x485638 LoadStringA
库: GDI32.dll:
0x485034 GetTextMetricsA
0x485038 Escape
0x48503c ExtTextOutA
0x485040 TextOutA
0x485044 RectVisible
0x485048 PtVisible
0x48504c GetViewportExtEx
0x485050 ExtSelectClipRgn
0x485054 CreateSolidBrush
0x485058 GetStockObject
0x48505c CreateFontIndirectA
0x485060 EndPage
0x485064 EndDoc
0x485068 DeleteDC
0x48506c StartDocA
0x485070 StartPage
0x485074 BitBlt
0x485078 CreateCompatibleDC
0x48507c Ellipse
0x485080 Rectangle
0x485084 DPtoLP
0x485088 GetCurrentObject
0x48508c RoundRect
0x485094 GetDeviceCaps
0x48509c SetBkColor
0x4850a0 LineTo
0x4850a4 MoveToEx
0x4850a8 ExcludeClipRect
0x4850ac GetClipBox
0x4850b0 ScaleWindowExtEx
0x4850b4 FillRgn
0x4850b8 CreateRectRgn
0x4850bc CombineRgn
0x4850c0 PatBlt
0x4850c4 CreatePen
0x4850c8 GetObjectA
0x4850cc SelectObject
0x4850d0 CreateBitmap
0x4850d4 CreateDCA
0x4850dc GetPolyFillMode
0x4850e0 GetStretchBltMode
0x4850e4 GetROP2
0x4850e8 GetBkColor
0x4850ec GetBkMode
0x4850f0 GetTextColor
0x4850f4 CreateRoundRectRgn
0x4850f8 CreateEllipticRgn
0x4850fc PathToRegion
0x485100 EndPath
0x485104 BeginPath
0x485108 GetWindowOrgEx
0x48510c GetViewportOrgEx
0x485110 GetWindowExtEx
0x485114 GetDIBits
0x485118 RealizePalette
0x48511c SetWindowExtEx
0x485120 SetWindowOrgEx
0x485124 ScaleViewportExtEx
0x485128 SetViewportExtEx
0x48512c OffsetViewportOrgEx
0x485130 SetViewportOrgEx
0x485134 SetMapMode
0x485138 SelectPalette
0x48513c StretchBlt
0x485140 CreatePalette
0x485148 CreateDIBitmap
0x48514c DeleteObject
0x485150 CreatePolygonRgn
0x485154 GetClipRgn
0x485158 SetStretchBltMode
0x48515c LPtoDP
0x485160 SelectClipRgn
0x485164 SetTextColor
0x485168 SetROP2
0x48516c SetPolyFillMode
0x485170 SetBkMode
0x485174 RestoreDC
0x485178 SaveDC
库: WINSPOOL.DRV:
0x485688 OpenPrinterA
0x48568c DocumentPropertiesA
0x485690 ClosePrinter
库: ADVAPI32.dll:
0x485000 RegCloseKey
0x485004 RegQueryValueExA
0x485008 RegOpenKeyExA
0x48500c RegSetValueExA
0x485010 RegCreateKeyA
0x485014 RegDeleteValueA
0x485018 RegDeleteKeyA
0x48501c RegQueryValueA
0x485020 RegCreateKeyExA
库: SHELL32.dll:
0x4853b8 ShellExecuteA
0x4853bc Shell_NotifyIconA
库: ole32.dll:
0x4856d4 CLSIDFromString
0x4856d8 OleUninitialize
0x4856dc OleInitialize
库: OLEAUT32.dll:
0x4853a8 LoadTypeLib
0x4853ac RegisterTypeLib
0x4853b0 UnRegisterTypeLib
库: COMCTL32.dll:
0x485028 None
0x48502c ImageList_Destroy
库: comdlg32.dll:
0x4856c0 ChooseColorA
0x4856c4 GetOpenFileNameA
0x4856c8 GetSaveFileNameA
0x4856cc GetFileTitleA
.text
`.rdata
@.data
.rsrc
8`}<j
DRQPj
T$|Vj
T$th
|$TVj
D$@Sj
L$8h
D$8Rj
l$<VWj
T$ Rj
L$4S+L$0Qj
没有防病毒引擎扫描信息!

进程树

_______________.exe, PID: 2600, 上一级进程 PID: 2256
drawerror.exe, PID: 2752, 上一级进程 PID: 2600
Ghost.exe, PID: 2912, 上一级进程 PID: 2600
cmd.exe, PID: 2988, 上一级进程 PID: 2600
cmd.exe, PID: 3032, 上一级进程 PID: 2600
cmd.exe, PID: 2324, 上一级进程 PID: 2988
taskkill.exe, PID: 1424, 上一级进程 PID: 2600
cmd.exe, PID: 2720, 上一级进程 PID: 3032
cmd.exe, PID: 2980, 上一级进程 PID: 2324
cmd.exe, PID: 1924, 上一级进程 PID: 2720
taskkill.exe, PID: 2420, 上一级进程 PID: 2988
cmd.exe, PID: 2508, 上一级进程 PID: 2980
cmd.exe, PID: 2020, 上一级进程 PID: 1924
cmd.exe, PID: 2524, 上一级进程 PID: 2508
reg.exe, PID: 3024, 上一级进程 PID: 2988
cmd.exe, PID: 2568, 上一级进程 PID: 2020
cmd.exe, PID: 2828, 上一级进程 PID: 2524
reg.exe, PID: 2888, 上一级进程 PID: 2988
cmd.exe, PID: 3076, 上一级进程 PID: 2568
cmd.exe, PID: 3288, 上一级进程 PID: 2828
reg.exe, PID: 3340, 上一级进程 PID: 2988
cmd.exe, PID: 3448, 上一级进程 PID: 3076
cmd.exe, PID: 3664, 上一级进程 PID: 3288
subst.exe, PID: 3720, 上一级进程 PID: 2988
cmd.exe, PID: 3824, 上一级进程 PID: 3448
cmd.exe, PID: 4044, 上一级进程 PID: 3664
subst.exe, PID: 4084, 上一级进程 PID: 2988
cmd.exe, PID: 3312, 上一级进程 PID: 3824
cmd.exe, PID: 3332, 上一级进程 PID: 4044
subst.exe, PID: 3344, 上一级进程 PID: 2988
cmd.exe, PID: 3564, 上一级进程 PID: 3312
cmd.exe, PID: 4012, 上一级进程 PID: 3332
subst.exe, PID: 3952, 上一级进程 PID: 2988
cmd.exe, PID: 3284, 上一级进程 PID: 3564
cmd.exe, PID: 3612, 上一级进程 PID: 4012
subst.exe, PID: 3864, 上一级进程 PID: 2988
cmd.exe, PID: 3944, 上一级进程 PID: 3284
cmd.exe, PID: 3108, 上一级进程 PID: 3612
subst.exe, PID: 3768, 上一级进程 PID: 2988
cmd.exe, PID: 3560, 上一级进程 PID: 3944
cmd.exe, PID: 3212, 上一级进程 PID: 3108
subst.exe, PID: 3620, 上一级进程 PID: 2988
cmd.exe, PID: 3924, 上一级进程 PID: 3560
cmd.exe, PID: 3796, 上一级进程 PID: 3212
subst.exe, PID: 3920, 上一级进程 PID: 2988
cmd.exe, PID: 4072, 上一级进程 PID: 3924
cmd.exe, PID: 3236, 上一级进程 PID: 3796
cmd.exe, PID: 3616, 上一级进程 PID: 4072
subst.exe, PID: 3172, 上一级进程 PID: 2988
cmd.exe, PID: 4248, 上一级进程 PID: 3236
cmd.exe, PID: 4256, 上一级进程 PID: 3616
subst.exe, PID: 4540, 上一级进程 PID: 2988
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49158 23.45.112.74 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49158 23.45.112.74 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 29.293 seconds )

  • 11.128 Suricata
  • 8.152 Static
  • 4.638 BehaviorAnalysis
  • 2.83 TargetInfo
  • 2.068 NetworkAnalysis
  • 0.402 peid
  • 0.031 config_decoder
  • 0.019 AnalysisInfo
  • 0.012 Dropped
  • 0.011 Strings
  • 0.002 Memory

Signatures ( 2.972 seconds )

  • 1.316 md_url_bl
  • 0.288 api_spamming
  • 0.252 stealth_decoy_document
  • 0.194 stealth_timeout
  • 0.073 antiav_detectfile
  • 0.051 infostealer_bitcoin
  • 0.047 stealth_file
  • 0.044 mimics_filetime
  • 0.04 reads_self
  • 0.038 infostealer_ftp
  • 0.037 antiav_detectreg
  • 0.032 antivm_generic_disk
  • 0.032 virus
  • 0.03 bootkit
  • 0.03 antivm_vbox_files
  • 0.028 antidbg_windows
  • 0.026 infostealer_im
  • 0.022 hancitor_behavior
  • 0.019 antivm_generic_scsi
  • 0.018 injection_createremotethread
  • 0.015 infostealer_mail
  • 0.013 antidbg_devices
  • 0.011 injection_runpe
  • 0.01 removes_zoneid_ads
  • 0.01 network_tor
  • 0.01 infostealer_browser
  • 0.01 infostealer_browser_password
  • 0.009 anomaly_persistence_autorun
  • 0.009 kovter_behavior
  • 0.009 md_domain_bl
  • 0.009 rat_pcclient
  • 0.008 upatre_behavior
  • 0.008 antivm_generic_services
  • 0.008 betabot_behavior
  • 0.007 antiemu_wine_func
  • 0.007 antivm_vbox_window
  • 0.007 injection_explorer
  • 0.007 antianalysis_detectreg
  • 0.007 geodo_banking_trojan
  • 0.006 hawkeye_behavior
  • 0.006 maldun_anomaly_massive_file_ops
  • 0.006 kibex_behavior
  • 0.005 antivm_vbox_libs
  • 0.005 kazybot_behavior
  • 0.005 deletes_self
  • 0.005 shifu_behavior
  • 0.005 vawtrak_behavior
  • 0.005 antisandbox_script_timer
  • 0.005 antivm_vmware_files
  • 0.005 codelux_behavior
  • 0.004 antiav_avast_libs
  • 0.004 antisandbox_sunbelt_libs
  • 0.004 exec_crash
  • 0.004 sniffer_winpcap
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 maldun_malicious_write_executeable_under_temp_to_regrun
  • 0.003 maldun_anomaly_write_exe_and_obsfucate_extension
  • 0.003 browser_needed
  • 0.003 antisandbox_sboxie_libs
  • 0.003 ipc_namedpipe
  • 0.003 antiav_bitdefender_libs
  • 0.003 maldun_anomaly_write_exe_and_dll_under_winroot_run
  • 0.003 anormaly_invoke_kills
  • 0.003 process_needed
  • 0.003 antianalysis_detectfile
  • 0.003 bot_drive
  • 0.003 disables_browser_warn
  • 0.003 malicous_targeted_flame
  • 0.003 network_http
  • 0.003 stealth_web_history
  • 0.002 tinba_behavior
  • 0.002 banker_prinimalka
  • 0.002 rat_nanocore
  • 0.002 anomaly_persistence_bootexecute
  • 0.002 anomaly_reset_winsock
  • 0.002 process_interest
  • 0.002 gootkit_behavior
  • 0.002 antivm_parallels_keys
  • 0.002 antivm_vpc_files
  • 0.002 antivm_xen_keys
  • 0.002 banker_cridex
  • 0.002 browser_security
  • 0.002 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.002 network_cnc_http
  • 0.002 network_tor_service
  • 0.001 maldun_anomaly_terminated_process
  • 0.001 stealth_hidden_window
  • 0.001 rat_luminosity
  • 0.001 antivm_vmware_libs
  • 0.001 sets_autoconfig_url
  • 0.001 creates_largekey
  • 0.001 debugs_self
  • 0.001 cerber_behavior
  • 0.001 h1n1_behavior
  • 0.001 spreading_autoruninf
  • 0.001 antisandbox_fortinet_files
  • 0.001 antisandbox_sunbelt_files
  • 0.001 antisandbox_threattrack_files
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_vbox_devices
  • 0.001 bitcoin_opencl
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 modify_proxy
  • 0.001 disables_system_restore
  • 0.001 dropper
  • 0.001 darkcomet_regkeys
  • 0.001 md_bad_drop
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.7 seconds )

  • 0.559 ReportHTMLSummary
  • 0.141 Malheur
Task ID 683530
Mongo ID 624266567e769a4e5e221113
Cuckoo release 1.4-Maldun