分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2022-07-05 18:02:00 2022-07-05 18:04:08 128 秒

魔盾分数

8.575

危险的

文件详细信息

文件名 破坏者.exe
文件大小 1773568 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 068e59f9511c955ecff1d1f53e10041d
SHA1 42955cbc0b9b07f678e0833e1934352e7dfb1fd0
SHA256 e14a1ff4d048afbb3d0591f927b9b3f8257e72b71064ad5acb1a2885961d3b23
SHA512 c6f5f35655a17830d15cd7d108cd3a1b70a38a0bbb563e0bfedc204714728af510b0cba92c37e07472f29d241bbe889e36a3599403e398744ca162cc02efd75d
CRC32 0064A9E8
Ssdeep 24576:XEKqWdm764I677iNC65KLQ5KmJahb++z3CdP3CqywDtU5:Xvmhi86P5KMyfO13Cqyt5
Yara 登录查看Yara规则
找不到该样本 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
154.19.203.247 美国

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004c9344
声明校验值 0x00000000
实际校验值 0x001b3751
最低操作系统版本要求 4.0
编译时间 2022-07-03 22:52:26
载入哈希 3e32f681e858f168ff5bddf38e91fe09
图标
图标精确哈希值 fbf01d50836bd150092b964928e1ec7e
图标相似性哈希值 54bec2e34bbc1ae42770f2c2c8030fa1

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000e7b4e 0x000e8000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.55
.rdata 0x000e9000 0x000ac9b0 0x000ad000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.17
.data 0x00196000 0x0003d72a 0x00015000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.05
.rsrc 0x001d4000 0x00005d10 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.41

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TEXTINCLUDE 0x001d59d8 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x001d59d8 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x001d59d8 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
RT_CURSOR 0x001d7668 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x001d7668 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x001d7668 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x001d7668 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_BITMAP 0x001d8040 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001d8040 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001d8040 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001d8040 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001d8040 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001d8040 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001d8040 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001d8040 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001d8040 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001d8040 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001d8040 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001d8040 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001d8040 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001d8040 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_ICON 0x001d8a80 0x000010a8 LANG_NEUTRAL SUBLANG_NEUTRAL 2.56 dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 1770414021
RT_ICON 0x001d8a80 0x000010a8 LANG_NEUTRAL SUBLANG_NEUTRAL 2.56 dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 1770414021
RT_ICON 0x001d8a80 0x000010a8 LANG_NEUTRAL SUBLANG_NEUTRAL 2.56 dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 1770414021
RT_MENU 0x001d7008 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_MENU 0x001d7008 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_DIALOG 0x001d6b50 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x001d6b50 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x001d6b50 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x001d6b50 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x001d6b50 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x001d6b50 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x001d6b50 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x001d6b50 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x001d6b50 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x001d6b50 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_STRING 0x001d8a58 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001d8a58 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001d8a58 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001d8a58 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001d8a58 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001d8a58 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001d8a58 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001d8a58 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001d8a58 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001d8a58 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001d8a58 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_GROUP_CURSOR 0x001d7720 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001d7720 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001d7720 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON 0x001d5f58 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x001d5f58 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x001d5f58 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_MANIFEST 0x001d9b40 0x000001cd LANG_NEUTRAL SUBLANG_NEUTRAL 5.08 XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: WINMM.dll:
0x4e969c midiStreamOut
0x4e96a4 waveOutWrite
0x4e96a8 waveOutPause
0x4e96ac waveOutReset
0x4e96b0 waveOutClose
0x4e96b4 waveOutGetNumDevs
0x4e96b8 waveOutOpen
0x4e96c0 midiStreamOpen
0x4e96c4 midiStreamProperty
0x4e96c8 midiStreamStop
0x4e96cc midiOutReset
0x4e96d0 midiStreamClose
0x4e96d4 midiStreamRestart
库: WS2_32.dll:
0x4e96f4 WSAAsyncSelect
0x4e96f8 closesocket
0x4e96fc WSACleanup
0x4e9700 gethostbyname
0x4e9704 inet_ntoa
0x4e9708 recvfrom
0x4e970c ioctlsocket
0x4e9710 recv
0x4e9714 getpeername
0x4e9718 WSAStartup
0x4e971c accept
库: KERNEL32.dll:
0x4e91a4 SetLastError
0x4e91ac GetVersion
0x4e91b0 TerminateThread
0x4e91b4 LocalFree
0x4e91c4 GetACP
0x4e91c8 HeapSize
0x4e91cc RaiseException
0x4e91d0 GetLocalTime
0x4e91d4 GetSystemTime
0x4e91d8 RtlUnwind
0x4e91dc GetStartupInfoA
0x4e91e0 GetOEMCP
0x4e91e4 GetCPInfo
0x4e91e8 GetProcessVersion
0x4e91ec SetErrorMode
0x4e91f0 GlobalFlags
0x4e91f4 GetCurrentThread
0x4e91f8 GetFileTime
0x4e91fc TlsGetValue
0x4e9200 LocalReAlloc
0x4e9204 TlsSetValue
0x4e9208 TlsFree
0x4e920c GlobalHandle
0x4e9210 TlsAlloc
0x4e9214 LocalAlloc
0x4e9218 lstrcmpA
0x4e921c GlobalGetAtomNameA
0x4e9220 GlobalAddAtomA
0x4e9224 GlobalFindAtomA
0x4e9228 GlobalDeleteAtom
0x4e922c lstrcmpiA
0x4e9230 SetEndOfFile
0x4e9234 UnlockFile
0x4e9238 LockFile
0x4e923c FlushFileBuffers
0x4e9240 DuplicateHandle
0x4e9244 lstrcpynA
0x4e9258 OpenProcess
0x4e925c TerminateProcess
0x4e9260 GetFileSize
0x4e9264 SetFilePointer
0x4e926c Process32First
0x4e9270 Process32Next
0x4e9274 GetCurrentProcess
0x4e927c GetSystemDirectoryA
0x4e9280 CreateSemaphoreA
0x4e9284 ResumeThread
0x4e9288 ReleaseSemaphore
0x4e9294 GetProfileStringA
0x4e9298 WriteFile
0x4e92a0 CreateFileA
0x4e92a4 SetEvent
0x4e92a8 FindResourceA
0x4e92ac LoadResource
0x4e92b0 LockResource
0x4e92b4 ReadFile
0x4e92b8 PeekNamedPipe
0x4e92bc CreatePipe
0x4e92c0 GetExitCodeProcess
0x4e92c4 RemoveDirectoryA
0x4e92c8 GetModuleFileNameA
0x4e92cc GetCurrentThreadId
0x4e92d0 ExitProcess
0x4e92d4 GlobalSize
0x4e92d8 GlobalFree
0x4e92e4 lstrcatA
0x4e92e8 lstrlenA
0x4e92ec WinExec
0x4e92f0 lstrcpyA
0x4e92f4 InterlockedExchange
0x4e92f8 FindNextFileA
0x4e92fc GlobalReAlloc
0x4e9300 HeapFree
0x4e9304 HeapReAlloc
0x4e9308 GetProcessHeap
0x4e930c HeapAlloc
0x4e9310 MultiByteToWideChar
0x4e9314 WideCharToMultiByte
0x4e9318 GetFullPathNameA
0x4e931c FreeLibrary
0x4e9320 LoadLibraryA
0x4e9324 GetLastError
0x4e9328 GetVersionExA
0x4e9334 CreateThread
0x4e9338 CreateEventA
0x4e933c Sleep
0x4e9344 GlobalAlloc
0x4e9348 GlobalLock
0x4e934c GlobalUnlock
0x4e9350 GetTempPathA
0x4e9354 FindFirstFileA
0x4e9358 FindClose
0x4e935c SetFileAttributesA
0x4e9360 GetFileAttributesA
0x4e9364 DeleteFileA
0x4e9368 CreateDirectoryA
0x4e9374 GetModuleHandleA
0x4e9378 GetProcAddress
0x4e937c MulDiv
0x4e9380 GetCommandLineA
0x4e9384 GetTickCount
0x4e9388 CreateProcessA
0x4e938c WaitForSingleObject
0x4e9390 CloseHandle
0x4e939c SetHandleCount
0x4e93a0 GetStdHandle
0x4e93a4 GetFileType
0x4e93ac HeapDestroy
0x4e93b0 HeapCreate
0x4e93b4 VirtualFree
0x4e93bc LCMapStringA
0x4e93c0 LCMapStringW
0x4e93c4 VirtualAlloc
0x4e93c8 IsBadWritePtr
0x4e93d0 GetStringTypeA
0x4e93d4 GetStringTypeW
0x4e93d8 CompareStringA
0x4e93dc CompareStringW
0x4e93e0 IsBadReadPtr
0x4e93e4 IsBadCodePtr
0x4e93e8 SetStdHandle
库: USER32.dll:
0x4e941c GetMenu
0x4e9420 DeleteMenu
0x4e9424 GetSystemMenu
0x4e9428 DefWindowProcA
0x4e942c GetClassInfoA
0x4e9430 IsZoomed
0x4e9434 PostQuitMessage
0x4e943c LoadStringA
0x4e9444 LoadImageA
0x4e944c ClientToScreen
0x4e9450 EnableMenuItem
0x4e9454 GetSubMenu
0x4e9458 GetDlgCtrlID
0x4e9460 CreateMenu
0x4e9464 ModifyMenuA
0x4e9468 AppendMenuA
0x4e946c CreatePopupMenu
0x4e9470 DrawIconEx
0x4e9480 SetRectEmpty
0x4e9484 DispatchMessageA
0x4e9488 GetSysColorBrush
0x4e948c GetMessageA
0x4e9490 WindowFromPoint
0x4e9494 DrawFocusRect
0x4e9498 DrawEdge
0x4e949c SetMenu
0x4e94a0 PeekMessageA
0x4e94a4 IsIconic
0x4e94a8 TranslateMessage
0x4e94ac GetActiveWindow
0x4e94b0 GetWindow
0x4e94b8 SetWindowRgn
0x4e94bc GetMessagePos
0x4e94c0 ScreenToClient
0x4e94c8 CopyRect
0x4e94cc LoadBitmapA
0x4e94d0 WinHelpA
0x4e94d4 KillTimer
0x4e94d8 SetTimer
0x4e94dc ReleaseCapture
0x4e94e0 GetCapture
0x4e94e4 SetCapture
0x4e94e8 GetMenuState
0x4e94ec SetMenuItemBitmaps
0x4e94f0 CheckMenuItem
0x4e94f4 MoveWindow
0x4e94f8 SetWindowTextA
0x4e94fc IsDialogMessageA
0x4e9500 ScrollWindowEx
0x4e9504 GetKeyState
0x4e9508 GetScrollRange
0x4e950c SetScrollRange
0x4e9510 SetScrollPos
0x4e9514 SetRect
0x4e9518 InflateRect
0x4e951c IntersectRect
0x4e9520 DestroyIcon
0x4e9524 PtInRect
0x4e9528 OffsetRect
0x4e952c IsWindowVisible
0x4e9530 EnableWindow
0x4e9534 RedrawWindow
0x4e9538 GetWindowLongA
0x4e953c SetWindowLongA
0x4e9540 GetSysColor
0x4e9544 SetActiveWindow
0x4e9548 SetCursorPos
0x4e954c LoadCursorA
0x4e9550 SetCursor
0x4e9554 GetDC
0x4e9558 FillRect
0x4e955c IsRectEmpty
0x4e9560 ReleaseDC
0x4e9564 IsChild
0x4e9568 DestroyMenu
0x4e956c SetForegroundWindow
0x4e9570 GetWindowRect
0x4e9574 EqualRect
0x4e9578 UpdateWindow
0x4e957c ValidateRect
0x4e9580 InvalidateRect
0x4e9584 GetClientRect
0x4e9588 GetFocus
0x4e958c GetParent
0x4e9590 GetTopWindow
0x4e9594 PostMessageA
0x4e9598 IsWindow
0x4e959c SetParent
0x4e95a0 DestroyCursor
0x4e95a4 SendMessageA
0x4e95a8 SetWindowPos
0x4e95ac MessageBoxA
0x4e95b0 GetCursorPos
0x4e95b4 GetSystemMetrics
0x4e95b8 EmptyClipboard
0x4e95bc SetClipboardData
0x4e95c0 OpenClipboard
0x4e95c4 GetClipboardData
0x4e95c8 CloseClipboard
0x4e95cc wsprintfA
0x4e95d0 WaitForInputIdle
0x4e95d4 LoadIconA
0x4e95d8 GetForegroundWindow
0x4e95dc GetDesktopWindow
0x4e95e0 GetClassNameA
0x4e95e8 FindWindowA
0x4e95ec GetDlgItem
0x4e95f0 GetWindowTextA
0x4e95f4 CallWindowProcA
0x4e95f8 CreateWindowExA
0x4e95fc RegisterHotKey
0x4e9600 UnregisterHotKey
0x4e9608 IsWindowEnabled
0x4e960c ShowWindow
0x4e9614 SetFocus
0x4e9618 UnregisterClassA
0x4e961c DrawFrameControl
0x4e9624 CharUpperA
0x4e9628 GetWindowDC
0x4e962c BeginPaint
0x4e9630 EndPaint
0x4e9634 TabbedTextOutA
0x4e9638 DrawTextA
0x4e963c GrayStringA
0x4e9640 DestroyWindow
0x4e9648 EndDialog
0x4e964c GetNextDlgTabItem
0x4e9650 GetWindowPlacement
0x4e9658 GetLastActivePopup
0x4e965c GetMessageTime
0x4e9660 RemovePropA
0x4e9664 GetPropA
0x4e9668 UnhookWindowsHookEx
0x4e966c SetPropA
0x4e9670 GetClassLongA
0x4e9674 CallNextHookEx
0x4e9678 SetWindowsHookExA
0x4e967c GetMenuItemID
0x4e9680 GetMenuItemCount
0x4e9684 RegisterClassA
0x4e9688 GetScrollPos
0x4e968c AdjustWindowRectEx
0x4e9690 MapWindowPoints
0x4e9694 SendDlgItemMessageA
库: GDI32.dll:
0x4e9050 LineTo
0x4e9054 MoveToEx
0x4e9058 ExcludeClipRect
0x4e905c GetClipBox
0x4e9060 ScaleWindowExtEx
0x4e9064 SetWindowExtEx
0x4e9068 SetWindowOrgEx
0x4e906c CombineRgn
0x4e9070 CreateRectRgn
0x4e9074 FillRgn
0x4e9078 CreateSolidBrush
0x4e907c GetStockObject
0x4e9080 CreateFontIndirectA
0x4e9084 EndPage
0x4e9088 EndDoc
0x4e908c DeleteDC
0x4e9090 StartDocA
0x4e9094 StartPage
0x4e9098 BitBlt
0x4e909c CreateCompatibleDC
0x4e90a0 Ellipse
0x4e90a4 ExtSelectClipRgn
0x4e90a8 LPtoDP
0x4e90ac DPtoLP
0x4e90b0 GetCurrentObject
0x4e90b4 RoundRect
0x4e90bc GetDeviceCaps
0x4e90c0 CreatePolygonRgn
0x4e90c4 GetClipRgn
0x4e90c8 SetStretchBltMode
0x4e90d0 SetBkColor
0x4e90d4 CreateFontA
0x4e90dc ScaleViewportExtEx
0x4e90e0 SetViewportExtEx
0x4e90e4 OffsetViewportOrgEx
0x4e90e8 SetViewportOrgEx
0x4e90ec SetMapMode
0x4e90f0 SetTextColor
0x4e90f4 SetROP2
0x4e90f8 SetPolyFillMode
0x4e90fc SetBkMode
0x4e9100 RestoreDC
0x4e9104 SaveDC
0x4e9108 GetViewportExtEx
0x4e910c PtVisible
0x4e9110 RectVisible
0x4e9114 TextOutA
0x4e9118 ExtTextOutA
0x4e911c Escape
0x4e9120 GetTextMetricsA
0x4e9124 PatBlt
0x4e9128 CreatePen
0x4e912c GetObjectA
0x4e9130 SelectObject
0x4e9134 CreateBitmap
0x4e9138 CreateDCA
0x4e9140 GetPolyFillMode
0x4e9144 GetStretchBltMode
0x4e9148 GetROP2
0x4e914c GetBkColor
0x4e9150 GetBkMode
0x4e9154 GetTextColor
0x4e9158 CreateRoundRectRgn
0x4e915c CreateEllipticRgn
0x4e9160 PathToRegion
0x4e9164 EndPath
0x4e9168 BeginPath
0x4e916c GetWindowOrgEx
0x4e9170 GetViewportOrgEx
0x4e9174 GetWindowExtEx
0x4e9178 GetDIBits
0x4e917c RealizePalette
0x4e9180 SelectPalette
0x4e9184 SelectClipRgn
0x4e9188 CreatePalette
0x4e9190 CreateDIBitmap
0x4e9194 Rectangle
0x4e9198 StretchBlt
0x4e919c DeleteObject
库: WINSPOOL.DRV:
0x4e96e4 OpenPrinterA
0x4e96e8 DocumentPropertiesA
0x4e96ec ClosePrinter
库: ADVAPI32.dll:
0x4e9000 RegQueryValueExA
0x4e9004 RegOpenKeyExA
0x4e9008 RegSetValueExA
0x4e900c RegDeleteValueA
0x4e9010 RegDeleteKeyA
0x4e9014 RegQueryValueA
0x4e9018 RegCreateKeyExA
0x4e901c RegCloseKey
库: SHELL32.dll:
0x4e9400 DragQueryFileA
0x4e9404 DragFinish
0x4e9408 DragAcceptFiles
0x4e9410 ShellExecuteA
0x4e9414 Shell_NotifyIconA
库: ole32.dll:
0x4e9738 CLSIDFromString
0x4e973c OleUninitialize
0x4e9740 OleInitialize
库: OLEAUT32.dll:
0x4e93f0 LoadTypeLib
0x4e93f4 RegisterTypeLib
0x4e93f8 UnRegisterTypeLib
库: COMCTL32.dll:
0x4e9024 ImageList_Add
0x4e9028 ImageList_BeginDrag
0x4e902c ImageList_Create
0x4e9030 ImageList_Destroy
0x4e9034 ImageList_DragEnter
0x4e9038 ImageList_DragLeave
0x4e903c ImageList_DragMove
0x4e9044 ImageList_EndDrag
0x4e9048 None
库: comdlg32.dll:
0x4e9724 ChooseColorA
0x4e9728 GetFileTitleA
0x4e972c GetSaveFileNameA
0x4e9730 GetOpenFileNameA

.text
`.rdata
@.data
.rsrc
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
没有防病毒引擎扫描信息!

进程树


_________.exe, PID: 2464, 上一级进程 PID: 2188

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
154.19.203.247 美国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49161 42.99.140.168 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49161 42.99.140.168 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 17.257 seconds )

  • 10.384 Suricata
  • 3.358 NetworkAnalysis
  • 1.375 Static
  • 1.02 VirusTotal
  • 0.599 TargetInfo
  • 0.298 peid
  • 0.194 BehaviorAnalysis
  • 0.014 Strings
  • 0.009 AnalysisInfo
  • 0.004 config_decoder
  • 0.002 Memory

Signatures ( 1.42 seconds )

  • 1.28 md_url_bl
  • 0.019 antiav_detectreg
  • 0.011 api_spamming
  • 0.009 stealth_timeout
  • 0.008 stealth_decoy_document
  • 0.008 infostealer_ftp
  • 0.008 md_domain_bl
  • 0.005 anomaly_persistence_autorun
  • 0.005 antiav_detectfile
  • 0.005 infostealer_im
  • 0.004 antianalysis_detectreg
  • 0.004 geodo_banking_trojan
  • 0.004 ransomware_files
  • 0.003 antivm_vbox_libs
  • 0.003 kovter_behavior
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_mail
  • 0.003 network_http
  • 0.003 ransomware_extensions
  • 0.002 tinba_behavior
  • 0.002 antiemu_wine_func
  • 0.002 exec_crash
  • 0.002 infostealer_browser_password
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.001 rat_nanocore
  • 0.001 antiav_avast_libs
  • 0.001 antivm_vmware_libs
  • 0.001 maldun_anomaly_massive_file_ops
  • 0.001 betabot_behavior
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 antisandbox_sboxie_libs
  • 0.001 antiav_bitdefender_libs
  • 0.001 kibex_behavior
  • 0.001 antidbg_windows
  • 0.001 cerber_behavior
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http

Reporting ( 0.49 seconds )

  • 0.489 ReportHTMLSummary
  • 0.001 Malheur
Task ID 698062
Mongo ID 62c40cb67e769a0d6c18e964
Cuckoo release 1.4-Maldun