比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2022-08-19 17:20:18 2022-08-19 17:22:27 129 秒

魔盾分数

8.72

危险的

文件详细信息

文件名 程序多开软件.exe
文件大小 993792 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 edbab4ebc71910bb58af2b6b737b079e
SHA1 fed01a601a9dd7c26d23fdaaa7c7df5542de8cbf
SHA256 a4dc120c0b212f81534e8620e97491c34f38c4dabc7340b379c57ea602cbe777
SHA512 6fc3a76acf8be9450e37e51f45c130915bb64489d9ce95308b0386e0e05f5338b4f5d2846d543a2734973449ad30ed5fdda11fcb8fcde9ba2d038ae17c99afbc
CRC32 7E97B7B3
Ssdeep 24576:FdOWSTL8BjRV/nEl2Kdp+UIcQ+1XN9xmPiOOkZ:+CSdpX91d9k6X+
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
114.55.41.228 未知 中国
220.181.33.11 中国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.manyopen.com 未知 A 114.55.41.228
A 120.77.81.7
hm.baidu.com 未知 CNAME hm.e.shifen.com
A 220.181.33.11

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00453ef8
声明校验值 0x000fbd42
实际校验值 0x000fbd42
最低操作系统版本要求 5.0
编译时间 2020-10-31 12:23:00
载入哈希 0bc90565770cdefc6f8477803ba7f5f6
图标
图标精确哈希值 9ba8ad7f5533385738be0d5c1125555f
图标相似性哈希值 ec8b82e73a83000e9682d3e99e781e9c

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0006941b 0x00069600 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.54
.rdata 0x0006b000 0x000166e6 0x00016800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.43
.data 0x00082000 0x000066d8 0x00002800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.31
.rsrc 0x00089000 0x0006877c 0x00068800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.41
.reloc 0x000f2000 0x000076ea 0x00007800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 5.66

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
PNG 0x000c1794 0x000001a6 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.33 PNG image data, 60 x 30, 8-bit/color RGBA, non-interlaced
PNG 0x000c1794 0x000001a6 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.33 PNG image data, 60 x 30, 8-bit/color RGBA, non-interlaced
PNG 0x000c1794 0x000001a6 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.33 PNG image data, 60 x 30, 8-bit/color RGBA, non-interlaced
PNG 0x000c1794 0x000001a6 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.33 PNG image data, 60 x 30, 8-bit/color RGBA, non-interlaced
PNG 0x000c1794 0x000001a6 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.33 PNG image data, 60 x 30, 8-bit/color RGBA, non-interlaced
PNG 0x000c1794 0x000001a6 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.33 PNG image data, 60 x 30, 8-bit/color RGBA, non-interlaced
PNG 0x000c1794 0x000001a6 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.33 PNG image data, 60 x 30, 8-bit/color RGBA, non-interlaced
PNG 0x000c1794 0x000001a6 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.33 PNG image data, 60 x 30, 8-bit/color RGBA, non-interlaced
PNG 0x000c1794 0x000001a6 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.33 PNG image data, 60 x 30, 8-bit/color RGBA, non-interlaced
PNG 0x000c1794 0x000001a6 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.33 PNG image data, 60 x 30, 8-bit/color RGBA, non-interlaced
PNG 0x000c1794 0x000001a6 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.33 PNG image data, 60 x 30, 8-bit/color RGBA, non-interlaced
PNG 0x000c1794 0x000001a6 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.33 PNG image data, 60 x 30, 8-bit/color RGBA, non-interlaced
RC_DATA 0x000d013c 0x0000fa00 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.66 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
RC_DATA 0x000d013c 0x0000fa00 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.66 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
XML 0x000dff00 0x00000af3 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.29 XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
XML 0x000dff00 0x00000af3 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.29 XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
RT_ICON 0x000e09f4 0x00010828 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.67 data
RT_GROUP_ICON 0x000f121c 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 1.98 MS Windows icon resource - 1 icon, 128x128
RT_VERSION 0x000f1230 0x000002d0 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.63 data
RT_MANIFEST 0x000f1500 0x00000279 LANG_ENGLISH SUBLANG_ENGLISH_US 5.01 ASCII text, with CRLF line terminators

导入

库: COMCTL32.dll:
0x46b010 _TrackMouseEvent
0x46b014 None
库: KERNEL32.dll:
0x46b0e4 ResumeThread
0x46b0e8 GetCommandLineW
0x46b0ec SetFilePointer
0x46b0f0 SetEndOfFile
0x46b0f4 MoveFileExW
0x46b0f8 GetACP
0x46b0fc FreeResource
0x46b100 MulDiv
0x46b10c GetFileType
0x46b110 DuplicateHandle
0x46b11c SetFileTime
0x46b120 GetLocalTime
0x46b124 GlobalUnlock
0x46b128 GlobalLock
0x46b12c GlobalAlloc
0x46b130 CreateFileA
0x46b134 WriteConsoleW
0x46b138 GetConsoleOutputCP
0x46b13c WriteConsoleA
0x46b140 SetStdHandle
0x46b144 GetConsoleMode
0x46b148 GetConsoleCP
0x46b150 GetLocaleInfoA
0x46b154 CreateProcessW
0x46b158 GetStringTypeW
0x46b15c GetStringTypeA
0x46b160 GetModuleHandleA
0x46b164 LCMapStringW
0x46b168 LCMapStringA
0x46b16c HeapSize
0x46b178 GetStartupInfoA
0x46b17c SetHandleCount
0x46b188 GetModuleFileNameA
0x46b18c GetStdHandle
0x46b190 HeapCreate
0x46b1a0 GetCurrentThreadId
0x46b1a4 SetLastError
0x46b1a8 TlsFree
0x46b1ac TlsSetValue
0x46b1b0 TlsAlloc
0x46b1b4 TlsGetValue
0x46b1b8 IsValidCodePage
0x46b1bc GetOEMCP
0x46b1c0 GetCPInfo
0x46b1c4 HeapReAlloc
0x46b1c8 RtlUnwind
0x46b1cc GetStartupInfoW
0x46b1d0 HeapFree
0x46b1dc HeapAlloc
0x46b1e0 CreateThread
0x46b1e4 WriteProcessMemory
0x46b1e8 GetExitCodeThread
0x46b1ec LoadLibraryA
0x46b1f0 VirtualAllocEx
0x46b1f4 ExitProcess
0x46b1f8 GetFileSize
0x46b1fc GetNativeSystemInfo
0x46b200 MapViewOfFile
0x46b204 FindResourceW
0x46b208 FreeLibrary
0x46b20c LoadResource
0x46b210 GetCurrentProcess
0x46b214 CreateDirectoryW
0x46b218 GetModuleHandleW
0x46b21c GetTickCount
0x46b220 IsBadReadPtr
0x46b224 WriteFile
0x46b228 OpenProcess
0x46b22c VirtualAlloc
0x46b230 ReadFile
0x46b234 LoadLibraryW
0x46b238 VirtualFreeEx
0x46b23c CreateRemoteThread
0x46b240 VirtualFree
0x46b244 WaitForSingleObject
0x46b24c GetCurrentProcessId
0x46b250 DeleteFileW
0x46b254 CloseHandle
0x46b258 IsDebuggerPresent
0x46b25c LockResource
0x46b260 CreateFileMappingW
0x46b264 GetProcAddress
0x46b268 GetLastError
0x46b26c RaiseException
0x46b270 MultiByteToWideChar
0x46b274 CreateFileW
0x46b278 GetModuleFileNameW
0x46b27c TerminateProcess
0x46b280 SizeofResource
0x46b284 Sleep
0x46b288 WideCharToMultiByte
0x46b28c FlushFileBuffers
库: USER32.dll:
0x46b2a8 GetCaretBlinkTime
0x46b2ac GetCaretPos
0x46b2b4 GetWindowTextW
0x46b2b8 MessageBoxW
0x46b2bc SetWindowRgn
0x46b2c0 IsZoomed
0x46b2c4 GetWindow
0x46b2c8 GetMonitorInfoW
0x46b2cc GetSystemMetrics
0x46b2d0 SetWindowPos
0x46b2d4 MonitorFromWindow
0x46b2d8 GetParent
0x46b2dc IsIconic
0x46b2e0 PostQuitMessage
0x46b2e4 FillRect
0x46b2e8 InvalidateRgn
0x46b2ec ClientToScreen
0x46b2f0 GetGUIThreadInfo
0x46b2f8 GetWindowRect
0x46b2fc IsWindowVisible
0x46b300 GetClientRect
0x46b304 SetWindowTextW
0x46b308 ShowWindow
0x46b30c DefWindowProcW
0x46b310 SetWindowLongW
0x46b314 IsWindow
0x46b318 DispatchMessageW
0x46b31c TranslateMessage
0x46b320 SetFocus
0x46b324 GetMessageW
0x46b328 EnableWindow
0x46b32c SendMessageW
0x46b330 DrawTextW
0x46b334 CallWindowProcW
0x46b338 GetWindowLongW
0x46b33c GetPropW
0x46b340 SetPropW
0x46b344 PostMessageW
0x46b348 RegisterClassW
0x46b34c LoadCursorW
0x46b350 RegisterClassExW
0x46b354 GetClassInfoExW
0x46b358 CreateWindowExW
0x46b35c GetKeyState
0x46b360 UnionRect
0x46b364 InvalidateRect
0x46b368 SetTimer
0x46b36c KillTimer
0x46b370 SetCapture
0x46b374 ReleaseCapture
0x46b378 ScreenToClient
0x46b37c PtInRect
0x46b380 GetDC
0x46b384 CharNextW
0x46b388 ReleaseDC
0x46b38c DestroyWindow
0x46b390 GetFocus
0x46b394 MapWindowPoints
0x46b398 GetCursorPos
0x46b39c IntersectRect
0x46b3a0 GetUpdateRect
0x46b3a4 IsRectEmpty
0x46b3a8 EndPaint
0x46b3ac BeginPaint
0x46b3b0 GetActiveWindow
0x46b3b4 CharPrevW
0x46b3b8 SetRect
0x46b3bc CreateCaret
0x46b3c0 OffsetRect
0x46b3c4 SetCursor
0x46b3c8 HideCaret
0x46b3cc MoveWindow
0x46b3d0 GetWindowRgn
0x46b3d4 wvsprintfW
0x46b3d8 ShowCaret
0x46b3dc SetCaretPos
0x46b3e0 GetSysColor
0x46b3e4 LoadImageW
库: GDI32.dll:
0x46b024 GetObjectA
0x46b028 GdiFlush
0x46b02c GetCharABCWidthsW
0x46b034 TextOutW
0x46b038 RoundRect
0x46b03c CreatePenIndirect
0x46b040 MoveToEx
0x46b044 LineTo
0x46b048 SetBkColor
0x46b04c ExtTextOutW
0x46b050 SetStretchBltMode
0x46b054 StretchBlt
0x46b058 CombineRgn
0x46b05c GetClipBox
0x46b064 ExtSelectClipRgn
0x46b068 SelectClipRgn
0x46b06c GetDeviceCaps
0x46b070 SetBkMode
0x46b074 SetTextColor
0x46b078 CreatePatternBrush
0x46b07c CreateSolidBrush
0x46b080 CreateRoundRectRgn
0x46b084 CreateDIBSection
0x46b088 CreateRectRgn
0x46b08c PtInRegion
0x46b090 CreateCompatibleDC
0x46b098 SaveDC
0x46b09c BitBlt
0x46b0a0 RestoreDC
0x46b0a4 Rectangle
0x46b0a8 SetWindowOrgEx
0x46b0ac DeleteDC
0x46b0b0 CreatePen
0x46b0b4 GetStockObject
0x46b0b8 GetObjectW
0x46b0bc CreateFontIndirectW
0x46b0c0 DeleteObject
0x46b0c4 SelectObject
0x46b0c8 GetTextMetricsW
库: COMDLG32.dll:
0x46b01c GetOpenFileNameW
库: ADVAPI32.dll:
0x46b004 OpenProcessToken
库: ole32.dll:
0x46b4b8 OleLockRunning
0x46b4bc CLSIDFromString
0x46b4c0 CLSIDFromProgID
0x46b4c4 CoUninitialize
0x46b4c8 CoInitialize
0x46b4cc CoCreateInstance
库: OLEAUT32.dll:
0x46b294 VariantInit
0x46b298 VariantClear
0x46b29c SysFreeString
0x46b2a0 SysAllocString
库: imagehlp.dll:
0x46b4a8 ImageNtHeader
0x46b4ac MapFileAndCheckSumW
0x46b4b0 CheckSumMappedFile
库: gdiplus.dll:
0x46b404 GdipGetPropertyItem
0x46b41c GdipGetImageHeight
0x46b420 GdipGetImageWidth
0x46b428 GdipCloneImage
0x46b42c GdipCloneBrush
0x46b430 GdipGetFamily
0x46b43c GdipDrawImageRectI
0x46b440 GdipDrawImage
0x46b444 GdipDrawString
0x46b448 GdipGraphicsClear
0x46b460 GdipCreateFromHDC
0x46b470 GdiplusStartup
0x46b478 GdipDisposeImage
0x46b47c GdipDeleteFont
0x46b484 GdipDeleteGraphics
0x46b490 GdipDeleteBrush
0x46b494 GdipAlloc
0x46b498 GdipFree
0x46b49c GdiplusShutdown
库: WININET.dll:
0x46b3ec InternetOpenUrlW
0x46b3f0 HttpQueryInfoW
0x46b3f4 InternetCloseHandle
0x46b3f8 InternetReadFile
0x46b3fc InternetOpenW
库: IMM32.dll:
0x46b0d0 ImmGetContext
0x46b0d4 ImmReleaseContext
.text
`.rdata
@.data
.rsrc
@.reloc
D$8<>G
T$4Rj
D$80>G
F \+G
Wh`qH
WhXoH
Ph(_H
Wh(_H
uph(_H
L$0QPh(_H
Wh(_H
Wh(_H
Ph`qH
Wh`qH
WhXoH
l$ Uj
D$Xh
T$<RPj
95PKH
dSVWj
D$8Pj
+T$,j
@ht<G
!hd<G
Wht<G
Wht<G
T$<RWj
D$@Pj
L$(QhT<G
~$Wh$<G
L$ Qh4=G
$RhT<G
qhD=G
'ht=G
|4@Wh
\4(ShT=G
T$ PUQj
QRPVj
L$Lh
L$<h
L$D+L$<h
L$D+L$<h
L$D+L$<h
T$hh
D$ PWVj
没有防病毒引擎扫描信息!

进程树

__________________.exe, PID: 2516, 上一级进程 PID: 2240
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
114.55.41.228 未知 中国
220.181.33.11 中国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 114.55.41.228 www.manyopen.com 80
192.168.122.201 49161 114.55.41.228 www.manyopen.com 80
192.168.122.201 49162 114.55.41.228 www.manyopen.com 80
192.168.122.201 49163 114.55.41.228 www.manyopen.com 80
192.168.122.201 49164 114.55.41.228 www.manyopen.com 80
192.168.122.201 49169 220.181.33.11 hm.baidu.com 443
192.168.122.201 49170 23.222.28.146 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.manyopen.com 未知 A 114.55.41.228
A 120.77.81.7
hm.baidu.com 未知 CNAME hm.e.shifen.com
A 220.181.33.11

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 114.55.41.228 www.manyopen.com 80
192.168.122.201 49161 114.55.41.228 www.manyopen.com 80
192.168.122.201 49162 114.55.41.228 www.manyopen.com 80
192.168.122.201 49163 114.55.41.228 www.manyopen.com 80
192.168.122.201 49164 114.55.41.228 www.manyopen.com 80
192.168.122.201 49169 220.181.33.11 hm.baidu.com 443
192.168.122.201 49170 23.222.28.146 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://www.manyopen.com/announcement/index.html 
GET /announcement/index.html HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.manyopen.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://www.manyopen.com/update/crc32.txt 
GET /update/crc32.txt HTTP/1.1
User-Agent: WinInet
Host: www.manyopen.com
Cache-Control: no-cache
URL专业沙箱检测 -> http://www.manyopen.com/announcement/css/style.css 
GET /announcement/css/style.css HTTP/1.1
Accept: */*
Referer: http://www.manyopen.com/announcement/index.html
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.manyopen.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://www.manyopen.com/announcement/js/jquery.min.js 
GET /announcement/js/jquery.min.js HTTP/1.1
Accept: */*
Referer: http://www.manyopen.com/announcement/index.html
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.manyopen.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://www.manyopen.com/announcement/js/index.js 
GET /announcement/js/index.js HTTP/1.1
Accept: */*
Referer: http://www.manyopen.com/announcement/index.html
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.manyopen.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp Source IP Source Port Destination IP Destination Port Protocol SID Signature Category
2022-08-19 17:20:41.076387+0800 192.168.122.201 49160 114.55.41.228 80 TCP 2007837 ET USER_AGENTS Suspicious User-Agent - Possible Trojan Downloader (WinInet) A Network Trojan was detected

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2022-08-19 17:20:41.637754+0800 192.168.122.201 49169 220.181.33.11 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com 48:6a:ed:d1:68:52:e5:97:4f:a0:92:46:b3:3c:56:46:3d:d9:9c:d5

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 41.003 seconds )

  • 20.475 NetworkAnalysis
  • 12.767 Suricata
  • 2.046 Static
  • 2.025 AnalysisInfo
  • 1.306 VirusTotal
  • 1.059 BehaviorAnalysis
  • 0.665 TargetInfo
  • 0.642 peid
  • 0.013 Strings
  • 0.003 config_decoder
  • 0.002 Memory

Signatures ( 37.036 seconds )

  • 34.676 network_http
  • 1.686 md_url_bl
  • 0.129 antiav_detectreg
  • 0.054 api_spamming
  • 0.047 infostealer_ftp
  • 0.044 stealth_decoy_document
  • 0.043 stealth_timeout
  • 0.027 infostealer_im
  • 0.025 antianalysis_detectreg
  • 0.019 antivm_generic_scsi
  • 0.018 stealth_file
  • 0.015 infostealer_mail
  • 0.014 md_domain_bl
  • 0.013 antivm_generic_services
  • 0.012 anormaly_invoke_kills
  • 0.011 antiav_detectfile
  • 0.009 geodo_banking_trojan
  • 0.007 mimics_filetime
  • 0.007 dridex_behavior
  • 0.007 anomaly_persistence_autorun
  • 0.007 infostealer_bitcoin
  • 0.006 kibex_behavior
  • 0.006 antivm_parallels_keys
  • 0.006 antivm_xen_keys
  • 0.006 darkcomet_regkeys
  • 0.005 bootkit
  • 0.005 betabot_behavior
  • 0.005 antivm_generic_disk
  • 0.005 virus
  • 0.005 ransomware_extensions
  • 0.005 ransomware_files
  • 0.004 reads_self
  • 0.004 heapspray_js
  • 0.004 antivm_generic_diskreg
  • 0.004 antivm_vbox_files
  • 0.003 antiemu_wine_func
  • 0.003 virtualcheck_js
  • 0.003 infostealer_browser_password
  • 0.003 kovter_behavior
  • 0.003 disables_browser_warn
  • 0.003 recon_fingerprint
  • 0.002 tinba_behavior
  • 0.002 antivm_vbox_libs
  • 0.002 rat_nanocore
  • 0.002 injection_createremotethread
  • 0.002 stealth_network
  • 0.002 cerber_behavior
  • 0.002 hancitor_behavior
  • 0.002 bypass_firewall
  • 0.002 antisandbox_productid
  • 0.002 antivm_xen_keys
  • 0.002 antivm_hyperv_keys
  • 0.002 antivm_vbox_acpi
  • 0.002 antivm_vbox_keys
  • 0.002 antivm_vmware_keys
  • 0.002 antivm_vpc_keys
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 maldun_anomaly_invoke_vb_vba
  • 0.002 network_torgateway
  • 0.001 hawkeye_behavior
  • 0.001 network_tor
  • 0.001 antiav_avast_libs
  • 0.001 maldun_malicious_write_executeable_under_temp_to_regrun
  • 0.001 network_anomaly
  • 0.001 clickfraud_cookies
  • 0.001 maldun_anomaly_write_exe_and_obsfucate_extension
  • 0.001 maldun_anomaly_massive_file_ops
  • 0.001 injection_explorer
  • 0.001 sets_autoconfig_url
  • 0.001 ursnif_behavior
  • 0.001 kazybot_behavior
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 java_js
  • 0.001 dead_connect
  • 0.001 antidbg_windows
  • 0.001 injection_runpe
  • 0.001 silverlight_js
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_bios
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_generic_system
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 codelux_behavior
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 packer_armadillo_regkey
  • 0.001 rat_pcclient
  • 0.001 recon_programs
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.606 seconds )

  • 0.598 ReportHTMLSummary
  • 0.008 Malheur
Task ID 704819
Mongo ID 62ff56ab7e769a11a60e4cbb
Cuckoo release 1.4-Maldun