比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2022-09-24 17:55:07 2022-09-24 17:57:20 133 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 MorphVOXPro_Install.zh_4.4.77.exe
文件大小 7034392 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4195550567fb37bfcb874f0bbe011ec0
SHA1 3d9cb3d0894bcd833e8eead9e9a05929d7f43ba0
SHA256 3457854788b53e4ae066f3cf262c2c24b22bc86680b89aeaf64fb23643d9fc68
SHA512 6c90aeb6de54861f424df135b271729d145ea93f3bd1b271dabcedadd83ce19355a517cb55ebc57328b5dbe07028b6ed73f26a55d59894dd4d1cf8d73a3788de
CRC32 36EC8A94
Ssdeep 196608:bqAoAKg4qQrDxhwD7Yo7MvFePZ8+lQIuQ/gHKQCALdW:bqmKRqDcyMvFe3aQIHOcW
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00407cde
声明校验值 0x006bbfb8
实际校验值 0x006bbfb8
最低操作系统版本要求 6.0
PDB路径 S:\sbsrc\trunk2005\helpers\packsetup2\BI-Release\baseinstaller.pdb
编译时间 2016-09-30 01:05:58
载入哈希 d20d3c0e89d8c7faea6e25988dd1b29a
图标
图标精确哈希值 e81d59d8fbea041d007b7f1522185e56
图标相似性哈希值 0e90f8019c85201723d917671808e8c7

微软证书验证 (Sign Tool)

SHA1 时间戳 有效性 错误
f2192757e7639b83b3037fec30c482b2e315933d Fri Nov 09 23:12:56 2018
证书链 Certificate Chain 1
发行给 DigiCert Assured ID Root CA
发行人 DigiCert Assured ID Root CA
有效期 Mon Nov 10 080000 2031
SHA1 哈希 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43
证书链 Certificate Chain 2
发行给 DigiCert SHA2 Assured ID Code Signing CA
发行人 DigiCert Assured ID Root CA
有效期 Sun Oct 22 200000 2028
SHA1 哈希 92c1588e85af2201ce7915e8538b492f605b80c6
证书链 Certificate Chain 3
发行给 Screaming Bee Inc
发行人 DigiCert SHA2 Assured ID Code Signing CA
有效期 Tue Jun 18 200000 2019
SHA1 哈希 0d967a9318f89d75e27beec598ec130694f2ea61
证书链 Timestamp Chain 1
发行给 Thawte Timestamping CA
发行人 Thawte Timestamping CA
有效期 Fri Jan 01 075959 2021
SHA1 哈希 be36a4562fb2ee05dbb3d32323adf445084ed656
证书链 Timestamp Chain 2
发行给 Symantec Time Stamping Services CA - G2
发行人 Thawte Timestamping CA
有效期 Thu Dec 31 075959 2020
SHA1 哈希 6c07453ffdda08b83707c09b82fb3d15f35336b1
证书链 Timestamp Chain 3
发行给 Symantec Time Stamping Services Signer - G4
发行人 Symantec Time Stamping Services CA - G2
有效期 Wed Dec 30 075959 2020
SHA1 哈希 65439929b67973eb192d6ff243e6767adf0834e4

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00010884 0x00010a00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.63
.rdata 0x00012000 0x000066e8 0x00006800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.93
.data 0x00019000 0x00002edc 0x00001200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2.55
.rsrc 0x0001c000 0x0069b498 0x0069b600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 8.00

覆盖

偏移量 0x006b3e00
大小 0x00001818

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_ICON 0x0001d6a0 0x000025a8 LANG_ENGLISH SUBLANG_ENGLISH_US 5.33 dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 4289835441, next used block 4289177511
RT_ICON 0x0001d6a0 0x000025a8 LANG_ENGLISH SUBLANG_ENGLISH_US 5.33 dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 4289835441, next used block 4289177511
RT_ICON 0x0001d6a0 0x000025a8 LANG_ENGLISH SUBLANG_ENGLISH_US 5.33 dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 4289835441, next used block 4289177511
RT_RCDATA 0x0001fc48 0x00697691 LANG_NEUTRAL SUBLANG_NEUTRAL 8.00 Zip archive data, at least v2.0 to extract
RT_GROUP_ICON 0x006b72e0 0x00000030 LANG_ENGLISH SUBLANG_ENGLISH_US 2.46 MS Windows icon resource - 3 icons, 16x16
RT_MANIFEST 0x006b7310 0x00000188 LANG_ENGLISH SUBLANG_ENGLISH_US 4.90 XML 1.0 document text

导入

库: KERNEL32.dll:
0x41202c CreateDirectoryA
0x412030 FindFirstFileA
0x412034 SetFileAttributesA
0x412038 GetTempFileNameA
0x41203c FindClose
0x412040 Process32Next
0x412044 LockResource
0x412048 GetModuleFileNameA
0x41204c FindNextFileA
0x412050 GetModuleHandleA
0x412058 CloseHandle
0x41205c GetTempPathA
0x412060 DeleteFileA
0x412064 lstrcpyA
0x41206c SetFilePointer
0x412074 GetCurrentProcess
0x412078 SetFileTime
0x41207c WriteFile
0x412080 GetFileType
0x412088 ReadFile
0x41208c SetEndOfFile
0x412090 WriteConsoleW
0x412094 SetFilePointerEx
0x412098 CreateFileW
0x41209c GetStringTypeW
0x4120a0 GetConsoleMode
0x4120a4 GetConsoleCP
0x4120a8 FlushFileBuffers
0x4120ac SetStdHandle
0x4120b0 LCMapStringEx
0x4120b4 LoadLibraryW
0x4120b8 OutputDebugStringW
0x4120bc HeapReAlloc
0x4120c0 GetCPInfo
0x4120c4 GetOEMCP
0x4120c8 GetFileAttributesA
0x4120cc SizeofResource
0x4120d4 LoadResource
0x4120d8 Process32First
0x4120dc MoveFileExA
0x4120e0 lstrlenA
0x4120e4 FindResourceA
0x4120e8 GetFileSize
0x4120ec CreateFileA
0x4120f0 GetACP
0x4120f4 IsValidCodePage
0x4120f8 EncodePointer
0x4120fc DecodePointer
0x412100 GetLastError
0x412104 HeapFree
0x412108 HeapAlloc
0x41210c IsDebuggerPresent
0x412114 GetCommandLineA
0x412118 RaiseException
0x41211c RtlUnwind
0x412124 ExitProcess
0x412128 GetModuleHandleExW
0x41212c GetProcAddress
0x412130 AreFileApisANSI
0x412134 MultiByteToWideChar
0x412138 HeapSize
0x41213c Sleep
0x41214c GetStdHandle
0x412154 InitOnceExecuteOnce
0x412158 GetStartupInfoW
0x41215c GetModuleFileNameW
0x412160 GetProcessHeap
0x41216c FlsAlloc
0x412170 FlsGetValue
0x412174 FlsSetValue
0x412178 FlsFree
0x41217c TerminateProcess
0x412180 GetModuleHandleW
0x412184 SetLastError
0x41218c GetCurrentThreadId
0x412198 GetTickCount64
0x4121a4 WideCharToMultiByte
0x4121a8 LoadLibraryExW
0x4121ac ReadConsoleW
库: USER32.dll:
0x4121c0 EndPaint
0x4121c4 DestroyWindow
0x4121c8 RegisterClassExA
0x4121cc PostQuitMessage
0x4121d0 GetClassInfoExA
0x4121d4 wsprintfA
0x4121d8 GetClientRect
0x4121dc BeginPaint
0x4121e0 TranslateMessage
0x4121e4 MessageBoxA
0x4121e8 InvalidateRect
0x4121ec GetWindowLongA
0x4121f0 CreateWindowExA
0x4121f4 PeekMessageA
0x4121f8 DefWindowProcA
0x4121fc ShowWindow
0x412200 DispatchMessageA
0x412204 GetSystemMetrics
0x412208 LoadCursorA
0x41220c MoveWindow
0x412210 SetWindowLongA
库: GDI32.dll:
0x412018 SelectObject
0x41201c Rectangle
0x412020 GetStockObject
0x412024 Polygon
库: ADVAPI32.dll:
0x412000 RegFlushKey
0x412004 RegCreateKeyExA
0x412008 RegQueryValueExA
0x41200c RegSetValueExA
0x412010 RegCloseKey
库: SHELL32.dll:
0x4121b4 ShellExecuteExA
0x4121b8 SHFileOperationA
.text
`.rdata
@.data
.rsrc
CD$Hj
ShXRA
PPPh|RA
ShXRA
WhXRA
WhXRA
PhXRA
j5h(SA
uXShXRA
D$\$TA
t$<h nA
F jE@
F$zE@
T$ h@WA
YYh`"A
Vh(1A
jdh`uA
y3h$<A
~\X<A
F\X<A
SVWUj
t"hPQA
@h\QA
permission denied
file exists
no such device
filename too long
device or resource busy
io error
directory not empty
invalid argument
no space on device
no such file or directory
function not supported
no lock available
not enough memory
resource unavailable try again
cross device link
operation canceled
too many files open
permission_denied
address_in_use
address_not_available
address_family_not_supported
connection_already_in_progress
bad_file_descriptor
connection_aborted
connection_refused
connection_reset
destination_address_required
bad_address
host_unreachable
operation_in_progress
interrupted
invalid_argument
already_connected
too_many_files_open
message_size
filename_too_long
network_down
network_reset
network_unreachable
no_buffer_space
no_protocol_option
not_connected
not_a_socket
operation_not_supported
protocol_not_supported
wrong_protocol_type
timed_out
operation_would_block
address family not supported
address in use
address not available
already connected
argument list too long
argument out of domain
bad address
bad file descriptor
bad message
broken pipe
connection aborted
connection already in progress
connection refused
connection reset
destination address required
executable format error
file too large
host unreachable
identifier removed
illegal byte sequence
inappropriate io control operation
invalid seek
is a directory
message size
network down
network reset
network unreachable
no buffer space
no child process
no link
no message available
no message
no protocol option
no stream resources
no such device or address
no such process
not a directory
not a socket
not a stream
not connected
not supported
operation in progress
operation not permitted
operation not supported
operation would block
owner dead
protocol error
protocol not supported
read only file system
resource deadlock would occur
result out of range
state not recoverable
stream timeout
text file busy
timed out
too many files open in system
too many links
too many symbolic link levels
value too large
wrong protocol type
bad allocation
Unknown exception
CorExitProcess
UTF-8
UTF-16LE
UNICODE
(null)
`h````
GetCurrentPackageId
bad exception
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
March
April
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
MessageBoxW
GetActiveWindow
GetLastActivePopup
GetUserObjectInformationW
GetProcessWindowStation
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`RTTI
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
CreateFile2
generic
unknown error
iostream
iostream stream error
system
%s\*.*
%s\%s
\wininit.ini
[rename]
SOFTWARE\Screaming Bee\InstallInfo
PlainClass
Error
Failed to register class
Installing...
Failed to create window
Payload not present
Couldn't find payload
Couldn't lock payload
Couldn't figure out payload
Payload malformed
Empty payload
Error - Close Down Programs
Please close down all Screaming Bee programs before installing.
luinst
Part of payload is faulty
Subdirectories not implemented in installer!
Failure unzipping part of payload
Did not find 'setup.exe' in payload
Setup
invalid string position
string too long
list<T> too long
need dictionary
stream end
file error
stream error
data error
insufficient memory
buffer error
incompatible version
invalid literal/length code
invalid distance code
invalid block type
invalid stored block lengths
too many length or distance symbols
invalid bit length repeat
oversubscribed dynamic bit lengths tree
incomplete dynamic bit lengths tree
oversubscribed literal/length tree
incomplete literal/length tree
oversubscribed distance tree
incomplete distance tree
empty distance tree with lengths
unknown compression method
invalid window size
incorrect header check
incorrect data check
unzip 0.15 Copyright 1998 Gilles Vollant
- inflate 1.1.3 Copyright 1995-1998 Mark Adler
S:\sbsrc\trunk2005\helpers\packsetup2\BI-Release\baseinstaller.pdb
CreateFileA
GetFileSize
FindResourceA
lstrlenA
MoveFileExA
LoadResource
Process32First
GetWindowsDirectoryA
SizeofResource
GetFileAttributesA
ReadFile
CreateDirectoryA
FindFirstFileA
SetFileAttributesA
GetTempFileNameA
FindClose
Process32Next
LockResource
GetModuleFileNameA
FindNextFileA
GetModuleHandleA
CreateToolhelp32Snapshot
CloseHandle
GetTempPathA
DeleteFileA
lstrcpyA
DosDateTimeToFileTime
SetFilePointer
SystemTimeToFileTime
GetCurrentProcess
SetFileTime
WriteFile
GetFileType
GetCurrentDirectoryA
KERNEL32.dll
MoveWindow
LoadCursorA
GetSystemMetrics
DispatchMessageA
ShowWindow
DefWindowProcA
PeekMessageA
CreateWindowExA
GetWindowLongA
InvalidateRect
MessageBoxA
SetWindowLongA
TranslateMessage
BeginPaint
GetClientRect
wsprintfA
GetClassInfoExA
PostQuitMessage
RegisterClassExA
DestroyWindow
EndPaint
USER32.dll
GetStockObject
Rectangle
SelectObject
Polygon
GDI32.dll
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegFlushKey
RegCloseKey
ADVAPI32.dll
SHFileOperationA
ShellExecuteExA
SHELL32.dll
EncodePointer
DecodePointer
GetLastError
HeapFree
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
RaiseException
RtlUnwind
InterlockedDecrement
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
MultiByteToWideChar
HeapSize
Sleep
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetStdHandle
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
GetModuleFileNameW
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
TerminateProcess
GetModuleHandleW
SetLastError
InterlockedIncrement
GetCurrentThreadId
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
OutputDebugStringW
LoadLibraryW
LCMapStringEx
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetStringTypeW
CreateFileW
SetFilePointerEx
WriteConsoleW
SetEndOfFile
ReadConsoleW
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
.?AVbad_exception@std@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
InstallFile
.?AV_Iostream_error_category@std@@
.?AV_System_error_category@std@@
.?AVerror_category@std@@
.?AV_Generic_error_category@std@@
mscoree.dll
(null)
runtime error
Program:
<program name unknown>
Microsoft Visual C++ Runtime Library
dkernel32.dll
Aja-JP
zh-CN
ko-KR
zh-TW
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
March
April
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
en-US
USER32.DLL
2CONOUT$
没有防病毒引擎扫描信息!

进程树

MorphVOXPro_Install.zh_4.4.77.exe, PID: 2604, 上一级进程 PID: 2256
mvsetup.exe, PID: 2744, 上一级进程 PID: 2604
mvsetup.exe, PID: 2868, 上一级进程 PID: 2744
mvsetup.exe, PID: 2532, 上一级进程 PID: 2868
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.192.228.78 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.192.228.78 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 23.353 seconds )

  • 11.421 Suricata
  • 5.669 Static
  • 2.02 BehaviorAnalysis
  • 1.49 TargetInfo
  • 1.155 VirusTotal
  • 1.053 NetworkAnalysis
  • 0.367 peid
  • 0.149 config_decoder
  • 0.014 Strings
  • 0.012 AnalysisInfo
  • 0.003 Memory

Signatures ( 3.147 seconds )

  • 1.426 md_url_bl
  • 0.429 antiav_detectreg
  • 0.152 infostealer_ftp
  • 0.108 api_spamming
  • 0.092 antianalysis_detectreg
  • 0.089 stealth_decoy_document
  • 0.084 stealth_timeout
  • 0.082 infostealer_im
  • 0.048 infostealer_mail
  • 0.037 antivm_generic_scsi
  • 0.022 maldun_anomaly_massive_file_ops
  • 0.022 antivm_parallels_keys
  • 0.021 kibex_behavior
  • 0.021 antivm_xen_keys
  • 0.02 mimics_filetime
  • 0.02 darkcomet_regkeys
  • 0.02 recon_fingerprint
  • 0.019 bootkit
  • 0.019 virus
  • 0.019 geodo_banking_trojan
  • 0.018 antivm_generic_disk
  • 0.016 stealth_file
  • 0.015 betabot_behavior
  • 0.015 antivm_generic_diskreg
  • 0.013 antisandbox_productid
  • 0.012 antivm_generic_services
  • 0.011 maldun_malicious_write_executeable_under_temp_to_regrun
  • 0.011 antisandbox_sleep
  • 0.011 anormaly_invoke_kills
  • 0.011 antiav_detectfile
  • 0.01 infostealer_browser
  • 0.009 maldun_anomaly_write_exe_and_obsfucate_extension
  • 0.009 md_domain_bl
  • 0.008 antivm_vbox_keys
  • 0.008 antivm_vmware_keys
  • 0.008 infostealer_bitcoin
  • 0.007 rat_luminosity
  • 0.007 antidbg_windows
  • 0.007 bypass_firewall
  • 0.007 antivm_xen_keys
  • 0.007 antivm_hyperv_keys
  • 0.007 antivm_vbox_acpi
  • 0.007 antivm_vpc_keys
  • 0.007 maldun_anomaly_invoke_vb_vba
  • 0.007 packer_armadillo_regkey
  • 0.006 maldun_anomaly_terminated_process
  • 0.006 ipc_namedpipe
  • 0.006 anomaly_persistence_autorun
  • 0.006 maldun_anomaly_write_exe_and_dll_under_winroot_run
  • 0.006 infostealer_browser_password
  • 0.006 antivm_generic_bios
  • 0.006 antivm_generic_cpu
  • 0.006 antivm_generic_system
  • 0.005 sets_autoconfig_url
  • 0.005 hancitor_behavior
  • 0.005 antivm_vbox_files
  • 0.005 ransomware_extensions
  • 0.005 ransomware_files
  • 0.005 recon_programs
  • 0.004 ransomware_message
  • 0.004 kovter_behavior
  • 0.004 securityxploded_modules
  • 0.003 antiemu_wine_func
  • 0.003 antivm_vbox_libs
  • 0.003 injection_createremotethread
  • 0.003 disables_browser_warn
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 rat_nanocore
  • 0.002 disables_spdy
  • 0.002 exec_crash
  • 0.002 disables_wfp
  • 0.002 injection_runpe
  • 0.002 antidbg_devices
  • 0.002 browser_security
  • 0.001 hawkeye_behavior
  • 0.001 network_tor
  • 0.001 antiav_avast_libs
  • 0.001 office_dl_write_exe
  • 0.001 office_write_exe
  • 0.001 antivm_vmware_libs
  • 0.001 antivm_vbox_window
  • 0.001 injection_explorer
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 antisandbox_sboxie_libs
  • 0.001 antiav_bitdefender_libs
  • 0.001 shifu_behavior
  • 0.001 cerber_behavior
  • 0.001 antisandbox_script_timer
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_vmware_files
  • 0.001 antiemu_wine_reg
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 modify_proxy
  • 0.001 codelux_behavior
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 rat_pcclient
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.628 seconds )

  • 0.6 ReportHTMLSummary
  • 0.028 Malheur
Task ID 710622
Mongo ID 632ed4a77e769a059ce16807
Cuckoo release 1.4-Maldun