比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-2 2022-08-19 14:21:41 2022-08-19 14:22:30 49 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 杏雨梨云启动维护系统.exe
文件大小 4386872 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f887c1ce1e4b260d5a82e3e1e91b55e9
SHA1 81a9931e61b367a4550ef11bc5e514fa85f8f429
SHA256 70f557edd49712e17b2996547bd24df1a9e83ae142969d1cc1a554ed75a916a9
SHA512 077ee14963b9b53f29a441e09aa35294a674b82aa4bd2426dd64f87dbcc024585641842e74bb7d54c82da358ae68c08ad200225a0406374a789c13b0cfb1e57c
CRC32 0C70510D
Ssdeep 98304:5TYbInQVB80dOZO9mVOeoKmR/AvpdwdLI9j:5cb2gOg9O6aB6
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
207.246.127.148 美国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
cacerts.pki.jemmylovejenny.tk 未知 A 207.246.127.148

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004204f7
声明校验值 0x0043266a
实际校验值 0x0043266a
最低操作系统版本要求 5.1
编译时间 2022-05-25 08:14:23
载入哈希 0b768923437678ce375719e30b21693e

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

微软证书验证 (Sign Tool)

SHA1 时间戳 有效性 错误
None Sat May 28 20:00:00 2022
A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
证书链 Certificate Chain 1
发行给 Free
发行人 Free
有效期 Sun Jan 01 075959 2040
SHA1 哈希 70bcaa261ddcae65b363e653f6498aa5c803d91b
证书链 Timestamp Chain 1
发行给 JemmyLoveJenny SHA1 TimeStamping Services CA
发行人 JemmyLoveJenny EV Root CA
有效期 Fri Jan 01 075959 2100
SHA1 哈希 09149d789e4465d01ef8314372e994c4d1181ae6
证书链 Timestamp Chain 2
发行给 Fake TimeStamp Responder
发行人 JemmyLoveJenny SHA1 TimeStamping Services CA
有效期 Fri Jan 01 075959 2100
SHA1 哈希 8179d6dde6d8fe7248aaeed1c2287ba6e2de4cfb

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0009aa37 0x0009ac00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.67
.rdata 0x0009c000 0x0002fb92 0x0002fc00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.69
.data 0x000cc000 0x0000705c 0x00004800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.58
.rsrc 0x000d4000 0x00357119 0x00357200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.48
.reloc 0x0042c000 0x000075cc 0x00007600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 6.80

导入

库: WSOCK32.dll:
0x49c7d8 gethostbyname
0x49c7dc recv
0x49c7e0 send
0x49c7e4 socket
0x49c7e8 inet_ntoa
0x49c7ec setsockopt
0x49c7f0 ntohs
0x49c7f4 WSACleanup
0x49c7f8 WSAStartup
0x49c7fc sendto
0x49c800 htons
0x49c804 __WSAFDIsSet
0x49c808 select
0x49c80c accept
0x49c810 listen
0x49c814 bind
0x49c818 inet_addr
0x49c81c ioctlsocket
0x49c820 recvfrom
0x49c824 WSAGetLastError
0x49c828 closesocket
0x49c82c gethostname
0x49c830 connect
库: VERSION.dll:
0x49c77c GetFileVersionInfoW
0x49c780 VerQueryValueW
库: WINMM.dll:
0x49c7c8 timeGetTime
0x49c7cc waveOutSetVolume
0x49c7d0 mciSendStringW
库: COMCTL32.dll:
0x49c08c ImageList_Destroy
0x49c090 ImageList_Remove
0x49c098 ImageList_BeginDrag
0x49c09c ImageList_DragEnter
0x49c0a0 ImageList_DragLeave
0x49c0a4 ImageList_EndDrag
0x49c0a8 ImageList_DragMove
0x49c0b0 ImageList_Create
库: MPR.dll:
0x49c408 WNetGetConnectionW
0x49c410 WNetUseConnectionW
0x49c414 WNetAddConnection2W
库: WININET.dll:
0x49c78c HttpOpenRequestW
0x49c790 InternetCloseHandle
0x49c794 InternetOpenW
0x49c798 InternetSetOptionW
0x49c79c InternetCrackUrlW
0x49c7a0 HttpQueryInfoW
0x49c7a8 InternetConnectW
0x49c7ac HttpSendRequestW
0x49c7b0 FtpOpenFileW
0x49c7b4 FtpGetFileSize
0x49c7b8 InternetOpenUrlW
0x49c7bc InternetReadFile
库: PSAPI.DLL:
库: IPHLPAPI.DLL:
0x49c154 IcmpSendEcho
0x49c158 IcmpCloseHandle
0x49c15c IcmpCreateFile
库: USERENV.dll:
0x49c764 LoadUserProfileW
0x49c76c UnloadUserProfile
库: UxTheme.dll:
0x49c774 IsThemeActive
库: KERNEL32.dll:
0x49c164 DuplicateHandle
0x49c168 CreateThread
0x49c16c WaitForSingleObject
0x49c170 HeapAlloc
0x49c174 GetProcessHeap
0x49c178 HeapFree
0x49c17c Sleep
0x49c180 GetCurrentThreadId
0x49c184 MultiByteToWideChar
0x49c188 MulDiv
0x49c18c GetVersionExW
0x49c190 IsWow64Process
0x49c194 GetSystemInfo
0x49c198 FreeLibrary
0x49c19c LoadLibraryA
0x49c1a0 GetProcAddress
0x49c1a4 SetErrorMode
0x49c1a8 GetModuleFileNameW
0x49c1ac WideCharToMultiByte
0x49c1b0 lstrcpyW
0x49c1b4 lstrlenW
0x49c1b8 GetModuleHandleW
0x49c1c0 VirtualFreeEx
0x49c1c4 OpenProcess
0x49c1c8 VirtualAllocEx
0x49c1cc WriteProcessMemory
0x49c1d0 ReadProcessMemory
0x49c1d4 CreateFileW
0x49c1d8 SetFilePointerEx
0x49c1dc SetEndOfFile
0x49c1e0 ReadFile
0x49c1e4 WriteFile
0x49c1e8 FlushFileBuffers
0x49c1ec TerminateProcess
0x49c1f4 Process32FirstW
0x49c1f8 Process32NextW
0x49c1fc SetFileTime
0x49c200 GetFileAttributesW
0x49c204 FindFirstFileW
0x49c208 FindClose
0x49c20c GetLongPathNameW
0x49c210 GetShortPathNameW
0x49c214 DeleteFileW
0x49c218 IsDebuggerPresent
0x49c21c CopyFileExW
0x49c220 MoveFileW
0x49c224 CreateDirectoryW
0x49c228 RemoveDirectoryW
0x49c22c SetSystemPowerState
0x49c234 LoadResource
0x49c238 LockResource
0x49c23c SizeofResource
0x49c240 OutputDebugStringW
0x49c244 GetTempPathW
0x49c248 GetTempFileNameW
0x49c24c DeviceIoControl
0x49c250 GetLocalTime
0x49c254 CompareStringW
0x49c258 GetCurrentThread
0x49c260 GetStdHandle
0x49c264 CreatePipe
0x49c268 InterlockedExchange
0x49c26c TerminateThread
0x49c270 LoadLibraryExW
0x49c274 FindResourceExW
0x49c278 CopyFileW
0x49c27c VirtualFree
0x49c280 FormatMessageW
0x49c284 GetExitCodeProcess
0x49c2ac GetDriveTypeW
0x49c2b0 GetDiskFreeSpaceExW
0x49c2b4 GetDiskFreeSpaceW
0x49c2bc SetVolumeLabelW
0x49c2c0 CreateHardLinkW
0x49c2c4 SetFileAttributesW
0x49c2c8 CreateEventW
0x49c2cc SetEvent
0x49c2d8 GlobalLock
0x49c2dc GlobalUnlock
0x49c2e0 GlobalAlloc
0x49c2e4 GetFileSize
0x49c2e8 GlobalFree
0x49c2f0 Beep
0x49c2f4 GetSystemDirectoryW
0x49c2f8 HeapReAlloc
0x49c2fc HeapSize
0x49c300 GetComputerNameW
0x49c308 GetCurrentProcessId
0x49c310 CreateProcessW
0x49c314 GetProcessId
0x49c318 SetPriorityClass
0x49c31c LoadLibraryW
0x49c320 VirtualAlloc
0x49c328 lstrcmpiW
0x49c32c DecodePointer
0x49c330 GetLastError
0x49c334 RaiseException
0x49c348 ResetEvent
0x49c35c GetCurrentProcess
0x49c360 CloseHandle
0x49c364 GetFullPathNameW
0x49c36c GetStartupInfoW
0x49c374 InitializeSListHead
0x49c378 RtlUnwind
0x49c37c SetLastError
0x49c380 TlsAlloc
0x49c384 TlsGetValue
0x49c388 TlsSetValue
0x49c38c TlsFree
0x49c390 EncodePointer
0x49c394 ExitProcess
0x49c398 GetModuleHandleExW
0x49c39c ExitThread
0x49c3a0 ResumeThread
0x49c3a8 GetACP
0x49c3ac GetDateFormatW
0x49c3b0 GetTimeFormatW
0x49c3b4 LCMapStringW
0x49c3b8 GetStringTypeW
0x49c3bc GetFileType
0x49c3c0 SetStdHandle
0x49c3c4 GetConsoleCP
0x49c3c8 GetConsoleMode
0x49c3cc ReadConsoleW
0x49c3d4 FindFirstFileExW
0x49c3d8 IsValidCodePage
0x49c3dc GetOEMCP
0x49c3e0 GetCPInfo
0x49c3e4 GetCommandLineA
0x49c3e8 GetCommandLineW
0x49c3fc FindNextFileW
0x49c400 WriteConsoleW
库: USER32.dll:
0x49c4dc IsCharAlphaW
0x49c4e0 IsCharAlphaNumericW
0x49c4e4 IsCharLowerW
0x49c4e8 IsCharUpperW
0x49c4ec GetMenuStringW
0x49c4f0 GetSubMenu
0x49c4f4 GetCaretPos
0x49c4f8 IsZoomed
0x49c4fc MonitorFromPoint
0x49c500 GetMonitorInfoW
0x49c504 SetWindowLongW
0x49c50c FlashWindow
0x49c510 GetClassLongW
0x49c518 IsDialogMessageW
0x49c51c GetSysColor
0x49c520 InflateRect
0x49c524 DrawFocusRect
0x49c528 DrawTextW
0x49c52c FrameRect
0x49c530 DrawFrameControl
0x49c534 FillRect
0x49c538 PtInRect
0x49c544 SetCursor
0x49c548 GetWindowDC
0x49c54c GetSystemMetrics
0x49c550 GetActiveWindow
0x49c554 CharNextW
0x49c558 wsprintfW
0x49c55c RedrawWindow
0x49c560 DrawMenuBar
0x49c564 DestroyMenu
0x49c568 SetMenu
0x49c570 CreateMenu
0x49c574 IsDlgButtonChecked
0x49c578 DefDlgProcW
0x49c57c CallWindowProcW
0x49c580 ReleaseCapture
0x49c584 SetCapture
0x49c588 TranslateMessage
0x49c58c PeekMessageW
0x49c590 GetInputState
0x49c594 UnregisterHotKey
0x49c598 CharLowerBuffW
0x49c59c MonitorFromRect
0x49c5a0 LoadImageW
0x49c5a4 mouse_event
0x49c5a8 ExitWindowsEx
0x49c5ac SetActiveWindow
0x49c5b0 FindWindowExW
0x49c5b4 EnumThreadWindows
0x49c5b8 SetMenuDefaultItem
0x49c5bc InsertMenuItemW
0x49c5c0 IsMenu
0x49c5c8 GetCursorPos
0x49c5cc DeleteMenu
0x49c5d0 CheckMenuRadioItem
0x49c5d4 GetMenuItemID
0x49c5d8 GetMenuItemCount
0x49c5dc SetMenuItemInfoW
0x49c5e0 GetMenuItemInfoW
0x49c5e4 SetForegroundWindow
0x49c5e8 IsIconic
0x49c5ec FindWindowW
0x49c5f4 GetMessageW
0x49c5f8 SendInput
0x49c5fc GetAsyncKeyState
0x49c600 SetKeyboardState
0x49c604 GetKeyboardState
0x49c608 GetKeyState
0x49c60c VkKeyScanW
0x49c610 LoadStringW
0x49c614 DialogBoxParamW
0x49c618 MessageBeep
0x49c61c EndDialog
0x49c620 SendDlgItemMessageW
0x49c624 GetDlgItem
0x49c628 SetWindowTextW
0x49c62c CopyRect
0x49c630 EndPaint
0x49c634 BeginPaint
0x49c638 GetClientRect
0x49c63c GetMenu
0x49c640 DestroyWindow
0x49c644 EnumWindows
0x49c648 GetDesktopWindow
0x49c64c IsWindow
0x49c650 IsWindowEnabled
0x49c654 IsWindowVisible
0x49c658 EnableWindow
0x49c65c InvalidateRect
0x49c660 GetWindowLongW
0x49c664 ReleaseDC
0x49c668 GetDC
0x49c670 AttachThreadInput
0x49c674 GetFocus
0x49c678 GetWindowTextW
0x49c67c SendMessageTimeoutW
0x49c680 EnumChildWindows
0x49c684 CharUpperBuffW
0x49c688 GetClassNameW
0x49c68c GetParent
0x49c690 GetDlgCtrlID
0x49c694 SendMessageW
0x49c698 MapVirtualKeyW
0x49c69c PostMessageW
0x49c6a0 GetWindowRect
0x49c6a8 CloseDesktop
0x49c6ac CloseWindowStation
0x49c6b0 OpenDesktopW
0x49c6b4 ClientToScreen
0x49c6b8 RegisterHotKey
0x49c6bc GetCursorInfo
0x49c6c0 SetWindowPos
0x49c6c4 CopyImage
0x49c6c8 AdjustWindowRectEx
0x49c6cc SetRect
0x49c6d0 SetClipboardData
0x49c6d4 EmptyClipboard
0x49c6dc CloseClipboard
0x49c6e0 GetClipboardData
0x49c6e8 OpenClipboard
0x49c6ec TrackPopupMenuEx
0x49c6f0 BlockInput
0x49c6fc OpenWindowStationW
0x49c704 MessageBoxW
0x49c708 DefWindowProcW
0x49c70c MoveWindow
0x49c710 SetFocus
0x49c714 PostQuitMessage
0x49c718 KillTimer
0x49c71c CreatePopupMenu
0x49c724 SetTimer
0x49c728 ShowWindow
0x49c72c CreateWindowExW
0x49c730 RegisterClassExW
0x49c734 LoadIconW
0x49c738 LoadCursorW
0x49c73c GetSysColorBrush
0x49c740 GetForegroundWindow
0x49c744 MessageBoxA
0x49c748 DestroyIcon
0x49c74c LockWindowUpdate
0x49c750 keybd_event
0x49c754 DispatchMessageW
0x49c758 ScreenToClient
库: GDI32.dll:
0x49c0c4 EndPath
0x49c0c8 DeleteObject
0x49c0d0 ExtCreatePen
0x49c0d4 StrokeAndFillPath
0x49c0d8 GetDeviceCaps
0x49c0dc SetPixel
0x49c0e0 CloseFigure
0x49c0e4 LineTo
0x49c0e8 AngleArc
0x49c0ec MoveToEx
0x49c0f0 Ellipse
0x49c0f8 CreateCompatibleDC
0x49c0fc PolyDraw
0x49c100 BeginPath
0x49c104 Rectangle
0x49c108 SetViewportOrgEx
0x49c10c GetObjectW
0x49c110 SetBkMode
0x49c114 RoundRect
0x49c118 SetBkColor
0x49c11c CreatePen
0x49c120 SelectObject
0x49c124 StretchBlt
0x49c128 CreateSolidBrush
0x49c12c SetTextColor
0x49c130 CreateFontW
0x49c134 GetTextFaceW
0x49c138 GetStockObject
0x49c13c CreateDCW
0x49c140 GetPixel
0x49c144 DeleteDC
0x49c148 GetDIBits
0x49c14c StrokePath
库: COMDLG32.dll:
0x49c0b8 GetSaveFileNameW
0x49c0bc GetOpenFileNameW
库: ADVAPI32.dll:
0x49c000 GetAce
0x49c004 RegEnumValueW
0x49c008 RegDeleteValueW
0x49c00c RegDeleteKeyW
0x49c010 RegEnumKeyExW
0x49c014 RegSetValueExW
0x49c018 RegOpenKeyExW
0x49c01c RegCloseKey
0x49c020 RegQueryValueExW
0x49c024 RegConnectRegistryW
0x49c02c InitializeAcl
0x49c034 OpenThreadToken
0x49c038 OpenProcessToken
0x49c040 DuplicateTokenEx
0x49c04c GetLengthSid
0x49c050 CopySid
0x49c054 LogonUserW
0x49c060 FreeSid
0x49c064 GetTokenInformation
0x49c068 RegCreateKeyExW
0x49c070 GetAclInformation
0x49c074 GetUserNameW
0x49c078 AddAce
库: SHELL32.dll:
0x49c49c DragFinish
0x49c4a0 DragQueryPoint
0x49c4a4 ShellExecuteExW
0x49c4a8 DragQueryFileW
0x49c4ac SHEmptyRecycleBinW
0x49c4b4 SHBrowseForFolderW
0x49c4b8 SHCreateShellItem
0x49c4bc SHGetDesktopFolder
0x49c4c4 SHGetFolderPathW
0x49c4c8 SHFileOperationW
0x49c4cc ExtractIconExW
0x49c4d0 Shell_NotifyIconW
0x49c4d4 ShellExecuteW
库: ole32.dll:
0x49c838 CoTaskMemAlloc
0x49c83c CoTaskMemFree
0x49c840 CLSIDFromString
0x49c844 ProgIDFromCLSID
0x49c848 CLSIDFromProgID
0x49c850 MkParseDisplayName
0x49c858 CoCreateInstance
0x49c85c IIDFromString
0x49c860 StringFromGUID2
0x49c868 OleInitialize
0x49c86c OleUninitialize
0x49c870 CoInitialize
0x49c874 CoUninitialize
0x49c880 CoGetObject
0x49c888 CoCreateInstanceEx
0x49c88c CoSetProxyBlanket
库: OLEAUT32.dll:
0x49c41c CreateStdDispatch
0x49c420 CreateDispTypeInfo
0x49c424 UnRegisterTypeLib
0x49c430 RegisterTypeLib
0x49c434 LoadTypeLibEx
0x49c438 VariantCopyInd
0x49c43c SysReAllocString
0x49c440 SysFreeString
0x49c444 VariantChangeType
0x49c450 SafeArrayAccessData
0x49c454 SafeArrayAllocData
0x49c460 SysStringLen
0x49c468 SysAllocString
0x49c46c VariantInit
0x49c470 VariantClear
0x49c474 DispCallFunc
0x49c47c VarR8FromDec
0x49c480 SafeArrayGetVartype
0x49c488 VariantCopy
0x49c48c OleLoadPicture
.text
`.rdata
@.data
.rsrc
@.reloc
;=(%M
(SVWh
,SVWh
!"#$%%%%%%&&'()*+%%%%%%&&'()*+,,,,,,--./012RRRRRRRRRRRR3345566789::::;<=<=>?>@ABC>@ABCRRRRRDEFGHIJKLMNO
D$ PVj
D$hD%M
D$dD%M
D$`D%M
D$dD%M
L$$PWVj
没有防病毒引擎扫描信息!

进程树

______________________________.exe, PID: 2992, 上一级进程 PID: 2312
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
207.246.127.148 美国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.202 49159 207.246.127.148 cacerts.pki.jemmylovejenny.tk 80
192.168.122.202 49157 23.202.50.136 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.202 60917 192.168.122.1 53
192.168.122.202 63030 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
cacerts.pki.jemmylovejenny.tk 未知 A 207.246.127.148

TCP

源地址 源端口 目标地址 目标端口
192.168.122.202 49159 207.246.127.148 cacerts.pki.jemmylovejenny.tk 80
192.168.122.202 49157 23.202.50.136 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.202 60917 192.168.122.1 53
192.168.122.202 63030 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache
URL专业沙箱检测 -> http://cacerts.pki.jemmylovejenny.tk/EVRootCA.crt 
GET /EVRootCA.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: cacerts.pki.jemmylovejenny.tk

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp Source IP Source Port Destination IP Destination Port Protocol SID Signature Category
2022-08-19 14:22:14.930997+0800 192.168.122.202 49159 207.246.127.148 80 TCP 2012810 ET POLICY HTTP Request to a *.tk domain Potentially Bad Traffic

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 35.992 seconds )

  • 11.328 NetworkAnalysis
  • 10.903 Suricata
  • 10.828 Static
  • 1.441 VirusTotal
  • 1.019 TargetInfo
  • 0.334 peid
  • 0.104 BehaviorAnalysis
  • 0.012 config_decoder
  • 0.011 Strings
  • 0.01 AnalysisInfo
  • 0.002 Memory

Signatures ( 27.356 seconds )

  • 25.808 network_http
  • 1.419 md_url_bl
  • 0.019 antiav_detectreg
  • 0.01 md_domain_bl
  • 0.008 infostealer_ftp
  • 0.007 antiav_detectfile
  • 0.005 api_spamming
  • 0.005 anomaly_persistence_autorun
  • 0.005 infostealer_bitcoin
  • 0.005 infostealer_im
  • 0.004 stealth_decoy_document
  • 0.004 stealth_timeout
  • 0.004 antianalysis_detectreg
  • 0.004 geodo_banking_trojan
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 antivm_vbox_files
  • 0.003 infostealer_mail
  • 0.002 tinba_behavior
  • 0.002 bot_drive
  • 0.002 disables_browser_warn
  • 0.002 network_torgateway
  • 0.001 antivm_vbox_libs
  • 0.001 bootkit
  • 0.001 rat_nanocore
  • 0.001 mimics_filetime
  • 0.001 stealth_file
  • 0.001 betabot_behavior
  • 0.001 reads_self
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_disk
  • 0.001 cerber_behavior
  • 0.001 virus
  • 0.001 antidbg_devices
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_fingerprint
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt
  • 0.001 stealth_modify_security_center_warnings

Reporting ( 0.506 seconds )

  • 0.505 ReportHTMLSummary
  • 0.001 Malheur
Task ID 704765
Mongo ID 62ff2c70dc327beba5e01eb0
Cuckoo release 1.4-Maldun