分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp02-1 | 2023-01-26 22:01:34 | 2023-01-26 22:03:49 | 135 秒 |
魔盾分数
7.55
危险的
文件详细信息
| 文件名 | AsynSysTime.exe |
|---|---|
| 文件大小 | 4254720 字节 |
| 文件类型 | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 9477f5f5cda4fafc039b821dac47e1ae |
| SHA1 | 5f4188d1c619b3627def595afecd63b09c9424eb |
| SHA256 | ffe340bc617a03aa56fab14757ff833d576ca7734831966a96a99b9caca694ef |
| SHA512 | 47e065507ebfbd1b586f0a92b12ddce707a39fc65fed72aa895959f7a4bd77b1d3c7f9f6b781107f47e15224a907832557ab98fed7b55c680fd3b5f35e086e58 |
| CRC32 | BF7EE5E1 |
| Ssdeep | 98304:LxXH5LiVRYDG5ZZebygDUFLOAkGkzdnEVomFHKnP:tH58R3QOgQFLOyomFHKnP |
| Yara | 登录查看Yara规则 |
| 找不到该样本 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x140000000 |
|---|---|
| 入口地址 | 0x1401a4b80 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x00419436 |
| 最低操作系统版本要求 | 6.0 |
| PDB路径 | D:\StProject\AsynSysTime\x64\Release\AsynSysTime.pdb |
| 编译时间 | 2021-03-15 15:49:25 |
| 载入哈希 | 1b484c0b2ea47f647c6fe3c7a23fff9a |
版本信息
| LegalCopyright | |
|---|---|
| InternalName | |
| FileVersion | |
| CompanyName | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| OriginalFilename | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x001ce80e | 0x001cea00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.38 |
| .rdata | 0x001d0000 | 0x0008523a | 0x00085400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.76 |
| .data | 0x00256000 | 0x0000ed0c | 0x00007800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.14 |
| .pdata | 0x00265000 | 0x00015b64 | 0x00015c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.10 |
| _RDATA | 0x0027b000 | 0x000000f4 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 2.46 |
| .rsrc | 0x0027c000 | 0x0018e230 | 0x0018e400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.40 |
| .reloc | 0x0040b000 | 0x0000efe8 | 0x0000f000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 5.44 |
导入
库: KERNEL32.dll:
• 0x1401d03a8 FindFirstFileExW
• 0x1401d03b0 SetFilePointerEx
• 0x1401d03b8 GetConsoleMode
• 0x1401d03c0 GetConsoleCP
• 0x1401d03c8 GetStringTypeW
• 0x1401d03d0 LCMapStringW
• 0x1401d03d8 CompareStringW
• 0x1401d03e0 GetTimeZoneInformation
• 0x1401d03e8 GetStdHandle
• 0x1401d03f0 ExitProcess
• 0x1401d03f8 IsValidCodePage
• 0x1401d0400 QueryPerformanceFrequency
• 0x1401d0408 HeapQueryInformation
• 0x1401d0410 FreeLibraryAndExitThread
• 0x1401d0418 ExitThread
• 0x1401d0420 CreateThread
• 0x1401d0428 VirtualQuery
• 0x1401d0430 VirtualAlloc
• 0x1401d0438 GetSystemInfo
• 0x1401d0440 GetCommandLineW
• 0x1401d0448 GetCommandLineA
• 0x1401d0450 RtlPcToFileHeader
• 0x1401d0458 RtlUnwindEx
• 0x1401d0460 OutputDebugStringW
• 0x1401d0468 FindNextFileW
• 0x1401d0470 GetEnvironmentStringsW
• 0x1401d0478 FreeEnvironmentStringsW
• 0x1401d0480 GetFileType
• 0x1401d0488 CreateFileW
• 0x1401d0490 WriteConsoleW
• 0x1401d0498 InitializeSListHead
• 0x1401d04a0 GetSystemTimeAsFileTime
• 0x1401d04a8 QueryPerformanceCounter
• 0x1401d04b0 GetStartupInfoW
• 0x1401d04b8 IsDebuggerPresent
• 0x1401d04c0 IsProcessorFeaturePresent
• 0x1401d04c8 TerminateProcess
• 0x1401d04d0 SetUnhandledExceptionFilter
• 0x1401d04d8 UnhandledExceptionFilter
• 0x1401d04e0 RtlVirtualUnwind
• 0x1401d04e8 RtlLookupFunctionEntry
• 0x1401d04f0 RtlCaptureContext
• 0x1401d04f8 CreateEventW
• 0x1401d0500 WaitForSingleObjectEx
• 0x1401d0508 ResetEvent
• 0x1401d0510 SetEnvironmentVariableW
• 0x1401d0518 GetTempFileNameA
• 0x1401d0520 FindResourceExW
• 0x1401d0528 GetWindowsDirectoryA
• 0x1401d0530 SearchPathA
• 0x1401d0538 GetProfileIntA
• 0x1401d0540 Sleep
• 0x1401d0548 GetTickCount
• 0x1401d0550 SystemTimeToTzSpecificLocalTime
• 0x1401d0558 GetFileTime
• 0x1401d0560 GetFileSizeEx
• 0x1401d0568 GetFileAttributesExA
• 0x1401d0570 FileTimeToLocalFileTime
• 0x1401d0578 SetErrorMode
• 0x1401d0580 lstrcmpiA
• 0x1401d0588 GetCurrentProcess
• 0x1401d0590 DuplicateHandle
• 0x1401d0598 GetVolumeInformationA
• 0x1401d05a0 WriteFile
• 0x1401d05a8 UnlockFile
• 0x1401d05b0 SetEndOfFile
• 0x1401d05b8 ReadFile
• 0x1401d05c0 LockFile
• 0x1401d05c8 GetFullPathNameA
• 0x1401d05d0 FlushFileBuffers
• 0x1401d05d8 FindFirstFileA
• 0x1401d05e0 FindClose
• 0x1401d05e8 FileTimeToSystemTime
• 0x1401d05f0 GetTempPathA
• 0x1401d05f8 SetFilePointer
• 0x1401d0600 GetCPInfo
• 0x1401d0608 GetOEMCP
• 0x1401d0610 VirtualProtect
• 0x1401d0618 GetACP
• 0x1401d0620 GetFileSize
• 0x1401d0628 GetFileAttributesA
• 0x1401d0630 CreateFileA
• 0x1401d0638 GetThreadLocale
• 0x1401d0640 DeleteFileA
• 0x1401d0648 GlobalFlags
• 0x1401d0650 GetUserDefaultUILanguage
• 0x1401d0658 GetSystemDefaultUILanguage
• 0x1401d0660 GetLocaleInfoW
• 0x1401d0668 GetCurrentDirectoryA
• 0x1401d0670 LocalReAlloc
• 0x1401d0678 LocalAlloc
• 0x1401d0680 GlobalHandle
• 0x1401d0688 GlobalReAlloc
• 0x1401d0690 TlsFree
• 0x1401d0698 TlsSetValue
• 0x1401d06a0 TlsGetValue
• 0x1401d06a8 TlsAlloc
• 0x1401d06b0 InitializeCriticalSection
• 0x1401d06b8 InitializeCriticalSectionAndSpinCount
• 0x1401d06c0 ResumeThread
• 0x1401d06c8 SuspendThread
• 0x1401d06d0 SetThreadPriority
• 0x1401d06d8 CreateEventA
• 0x1401d06e0 WaitForSingleObject
• 0x1401d06e8 SetEvent
• 0x1401d06f0 CloseHandle
• 0x1401d06f8 CopyFileA
• 0x1401d0700 FormatMessageA
• 0x1401d0708 MulDiv
• 0x1401d0710 LocalFree
• 0x1401d0718 GlobalSize
• 0x1401d0720 GetCurrentProcessId
• 0x1401d0728 VerifyVersionInfoA
• 0x1401d0730 lstrcpyA
• 0x1401d0738 VerSetConditionMask
• 0x1401d0740 GlobalGetAtomNameA
• 0x1401d0748 GlobalFindAtomA
• 0x1401d0750 GlobalAddAtomA
• 0x1401d0758 lstrcmpW
• 0x1401d0760 GetSystemDirectoryW
• 0x1401d0768 EncodePointer
• 0x1401d0770 GlobalUnlock
• 0x1401d0778 WritePrivateProfileStringA
• 0x1401d0780 GetPrivateProfileStringA
• 0x1401d0788 GetPrivateProfileIntA
• 0x1401d0790 GetModuleHandleW
• 0x1401d0798 GetModuleHandleA
• 0x1401d07a0 GetProcAddress
• 0x1401d07a8 FindResourceA
• 0x1401d07b0 GlobalFree
• 0x1401d07b8 CompareStringA
• 0x1401d07c0 QueryActCtxW
• 0x1401d07c8 FindActCtxSectionStringW
• 0x1401d07d0 DeactivateActCtx
• 0x1401d07d8 ActivateActCtx
• 0x1401d07e0 CreateActCtxW
• 0x1401d07e8 lstrcmpA
• 0x1401d07f0 GlobalDeleteAtom
• 0x1401d07f8 GlobalLock
• 0x1401d0800 GlobalAlloc
• 0x1401d0808 LoadLibraryW
• 0x1401d0810 LoadLibraryExW
• 0x1401d0818 GetModuleHandleExW
• 0x1401d0820 GetModuleFileNameW
• 0x1401d0828 FreeLibrary
• 0x1401d0830 GetVersionExA
• 0x1401d0838 GetCurrentThreadId
• 0x1401d0840 GetCurrentThread
• 0x1401d0848 SetLastError
• 0x1401d0850 OutputDebugStringA
• 0x1401d0858 GetProcessHeap
• 0x1401d0860 DeleteCriticalSection
• 0x1401d0868 DecodePointer
• 0x1401d0870 HeapAlloc
• 0x1401d0878 RaiseException
• 0x1401d0880 HeapReAlloc
• 0x1401d0888 HeapSize
• 0x1401d0890 InitializeCriticalSectionEx
• 0x1401d0898 LeaveCriticalSection
• 0x1401d08a0 EnterCriticalSection
• 0x1401d08a8 HeapFree
• 0x1401d08b0 MultiByteToWideChar
• 0x1401d08b8 WritePrivateProfileStringW
• 0x1401d08c0 GetLastError
• 0x1401d08c8 WideCharToMultiByte
• 0x1401d08d0 SetLocalTime
• 0x1401d08d8 GetPrivateProfileIntW
• 0x1401d08e0 GetPrivateProfileStringW
• 0x1401d08e8 GetModuleFileNameA
• 0x1401d08f0 FindResourceW
• 0x1401d08f8 LoadResource
• 0x1401d0900 LockResource
• 0x1401d0908 SizeofResource
• 0x1401d0910 SetStdHandle
库: USER32.dll:
• 0x1401d0a78 RealChildWindowFromPoint
• 0x1401d0a80 DeleteMenu
• 0x1401d0a88 CopyImage
• 0x1401d0a90 WindowFromPoint
• 0x1401d0a98 ReleaseCapture
• 0x1401d0aa0 SetCapture
• 0x1401d0aa8 WaitMessage
• 0x1401d0ab0 GetMenuItemInfoA
• 0x1401d0ab8 DestroyMenu
• 0x1401d0ac0 IsDialogMessageA
• 0x1401d0ac8 SetWindowTextA
• 0x1401d0ad0 SendDlgItemMessageA
• 0x1401d0ad8 CheckDlgButton
• 0x1401d0ae0 SetDlgItemTextA
• 0x1401d0ae8 MoveWindow
• 0x1401d0af0 ShowWindow
• 0x1401d0af8 InvalidateRect
• 0x1401d0b00 SetCursor
• 0x1401d0b08 ShowOwnedPopups
• 0x1401d0b10 TranslateMessage
• 0x1401d0b18 GetMessageA
• 0x1401d0b20 LoadBitmapW
• 0x1401d0b28 SetMenuItemInfoA
• 0x1401d0b30 GetMenuCheckMarkDimensions
• 0x1401d0b38 SetMenuItemBitmaps
• 0x1401d0b40 EnableMenuItem
• 0x1401d0b48 CheckMenuItem
• 0x1401d0b50 ClientToScreen
• 0x1401d0b58 ReleaseDC
• 0x1401d0b60 GetWindowDC
• 0x1401d0b68 GetDC
• 0x1401d0b70 TabbedTextOutA
• 0x1401d0b78 GrayStringA
• 0x1401d0b80 DrawTextExA
• 0x1401d0b88 DrawTextA
• 0x1401d0b90 RemoveMenu
• 0x1401d0b98 InsertMenuA
• 0x1401d0ba0 GetMenuState
• 0x1401d0ba8 GetMenuStringA
• 0x1401d0bb0 GetWindowThreadProcessId
• 0x1401d0bb8 EnumDisplayMonitors
• 0x1401d0bc0 SystemParametersInfoA
• 0x1401d0bc8 LoadCursorW
• 0x1401d0bd0 LoadCursorA
• 0x1401d0bd8 SetRectEmpty
• 0x1401d0be0 SetLayeredWindowAttributes
• 0x1401d0be8 GetMonitorInfoA
• 0x1401d0bf0 MonitorFromWindow
• 0x1401d0bf8 WinHelpA
• 0x1401d0c00 GetScrollInfo
• 0x1401d0c08 SetScrollInfo
• 0x1401d0c10 CallNextHookEx
• 0x1401d0c18 UnhookWindowsHookEx
• 0x1401d0c20 SetWindowsHookExA
• 0x1401d0c28 GetLastActivePopup
• 0x1401d0c30 GetTopWindow
• 0x1401d0c38 GetClassNameA
• 0x1401d0c40 GetClassLongPtrA
• 0x1401d0c48 GetClassLongA
• 0x1401d0c50 SetWindowLongPtrA
• 0x1401d0c58 GetWindowLongPtrA
• 0x1401d0c60 SetWindowLongA
• 0x1401d0c68 PtInRect
• 0x1401d0c70 EqualRect
• 0x1401d0c78 CopyRect
• 0x1401d0c80 ScreenToClient
• 0x1401d0c88 MessageBoxA
• 0x1401d0c90 AdjustWindowRectEx
• 0x1401d0c98 GetWindowTextLengthA
• 0x1401d0ca0 GetWindowTextA
• 0x1401d0ca8 RemovePropA
• 0x1401d0cb0 GetPropA
• 0x1401d0cb8 SetPropA
• 0x1401d0cc0 ShowScrollBar
• 0x1401d0cc8 GetScrollRange
• 0x1401d0cd0 SetScrollRange
• 0x1401d0cd8 GetScrollPos
• 0x1401d0ce0 SetScrollPos
• 0x1401d0ce8 ScrollWindow
• 0x1401d0cf0 ValidateRect
• 0x1401d0cf8 EndPaint
• 0x1401d0d00 BeginPaint
• 0x1401d0d08 GetForegroundWindow
• 0x1401d0d10 UpdateWindow
• 0x1401d0d18 TrackPopupMenu
• 0x1401d0d20 GetMenuItemCount
• 0x1401d0d28 GetMenuItemID
• 0x1401d0d30 SetMenu
• 0x1401d0d38 GetMenu
• 0x1401d0d40 GetCapture
• 0x1401d0d48 GetKeyState
• 0x1401d0d50 SetFocus
• 0x1401d0d58 GetDlgCtrlID
• 0x1401d0d60 EndDeferWindowPos
• 0x1401d0d68 DeferWindowPos
• 0x1401d0d70 BeginDeferWindowPos
• 0x1401d0d78 SetWindowPlacement
• 0x1401d0d80 GetWindowPlacement
• 0x1401d0d88 IsChild
• 0x1401d0d90 IsMenu
• 0x1401d0d98 CreateWindowExA
• 0x1401d0da0 GetClassInfoExA
• 0x1401d0da8 GetClassInfoA
• 0x1401d0db0 CopyAcceleratorTableA
• 0x1401d0db8 InvalidateRgn
• 0x1401d0dc0 SetRect
• 0x1401d0dc8 SetClassLongPtrA
• 0x1401d0dd0 GetUpdateRect
• 0x1401d0dd8 GetKeyboardLayout
• 0x1401d0de0 EnableWindow
• 0x1401d0de8 RegisterClassA
• 0x1401d0df0 CallWindowProcA
• 0x1401d0df8 DefWindowProcA
• 0x1401d0e00 GetMessageTime
• 0x1401d0e08 GetMessagePos
• 0x1401d0e10 PeekMessageA
• 0x1401d0e18 DispatchMessageA
• 0x1401d0e20 GetDesktopWindow
• 0x1401d0e28 GetWindowLongA
• 0x1401d0e30 SetActiveWindow
• 0x1401d0e38 IsWindowEnabled
• 0x1401d0e40 GetActiveWindow
• 0x1401d0e48 GetNextDlgTabItem
• 0x1401d0e50 GetDlgItem
• 0x1401d0e58 EndDialog
• 0x1401d0e60 CreateDialogIndirectParamA
• 0x1401d0e68 IntersectRect
• 0x1401d0e70 GetNextDlgGroupItem
• 0x1401d0e78 MessageBeep
• 0x1401d0e80 OpenClipboard
• 0x1401d0e88 CloseClipboard
• 0x1401d0e90 SetClipboardData
• 0x1401d0e98 EmptyClipboard
• 0x1401d0ea0 DestroyIcon
• 0x1401d0ea8 LoadImageA
• 0x1401d0eb0 LoadImageW
• 0x1401d0eb8 SetParent
• 0x1401d0ec0 MonitorFromPoint
• 0x1401d0ec8 TrackMouseEvent
• 0x1401d0ed0 IsZoomed
• 0x1401d0ed8 CharUpperA
• 0x1401d0ee0 DestroyWindow
• 0x1401d0ee8 IsWindow
• 0x1401d0ef0 GetAsyncKeyState
• 0x1401d0ef8 NotifyWinEvent
• 0x1401d0f00 SetCursorPos
• 0x1401d0f08 UnionRect
• 0x1401d0f10 BringWindowToTop
• 0x1401d0f18 CreatePopupMenu
• 0x1401d0f20 LockWindowUpdate
• 0x1401d0f28 CharNextA
• 0x1401d0f30 LoadIconW
• 0x1401d0f38 GetSystemMenu
• 0x1401d0f40 AppendMenuA
• 0x1401d0f48 SendMessageA
• 0x1401d0f50 SetTimer
• 0x1401d0f58 IsIconic
• 0x1401d0f60 GetSystemMetrics
• 0x1401d0f68 GetClientRect
• 0x1401d0f70 DrawIcon
• 0x1401d0f78 LoadIconA
• 0x1401d0f80 SetForegroundWindow
• 0x1401d0f88 LoadMenuW
• 0x1401d0f90 GetSubMenu
• 0x1401d0f98 GetCursorPos
• 0x1401d0fa0 KillTimer
• 0x1401d0fa8 PostThreadMessageA
• 0x1401d0fb0 UnregisterClassA
• 0x1401d0fb8 PostMessageA
• 0x1401d0fc0 PostQuitMessage
• 0x1401d0fc8 SetWindowPos
• 0x1401d0fd0 SetWindowContextHelpId
• 0x1401d0fd8 GetParent
• 0x1401d0fe0 GetWindow
• 0x1401d0fe8 MapDialogRect
• 0x1401d0ff0 RegisterWindowMessageA
• 0x1401d0ff8 DrawEdge
• 0x1401d1000 DrawFrameControl
• 0x1401d1008 IsWindowVisible
• 0x1401d1010 GetFocus
• 0x1401d1018 DrawStateA
• 0x1401d1020 SetWindowRgn
• 0x1401d1028 RedrawWindow
• 0x1401d1030 GetWindowRect
• 0x1401d1038 MapWindowPoints
• 0x1401d1040 GetSysColor
• 0x1401d1048 GetSysColorBrush
• 0x1401d1050 DestroyAcceleratorTable
• 0x1401d1058 DrawFocusRect
• 0x1401d1060 FillRect
• 0x1401d1068 InflateRect
• 0x1401d1070 OffsetRect
• 0x1401d1078 IsRectEmpty
• 0x1401d1080 DrawIconEx
• 0x1401d1088 GetKeyboardState
• 0x1401d1090 ToAsciiEx
• 0x1401d1098 MapVirtualKeyA
• 0x1401d10a0 LoadAcceleratorsW
• 0x1401d10a8 CreateAcceleratorTableA
• 0x1401d10b0 UpdateLayeredWindow
• 0x1401d10b8 LoadAcceleratorsA
• 0x1401d10c0 TranslateAcceleratorA
• 0x1401d10c8 LoadMenuA
• 0x1401d10d0 InsertMenuItemA
• 0x1401d10d8 UnpackDDElParam
• 0x1401d10e0 ReuseDDElParam
• 0x1401d10e8 RegisterClipboardFormatA
• 0x1401d10f0 GetKeyNameTextA
• 0x1401d10f8 SubtractRect
• 0x1401d1100 CharUpperBuffA
• 0x1401d1108 FrameRect
• 0x1401d1110 IsClipboardFormatAvailable
• 0x1401d1118 IsCharLowerA
• 0x1401d1120 MapVirtualKeyExA
• 0x1401d1128 DrawMenuBar
• 0x1401d1130 DefFrameProcA
• 0x1401d1138 DefMDIChildProcA
• 0x1401d1140 TranslateMDISysAccel
• 0x1401d1148 GetComboBoxInfo
• 0x1401d1150 CreateMenu
• 0x1401d1158 HideCaret
• 0x1401d1160 InvertRect
• 0x1401d1168 DestroyCursor
• 0x1401d1170 GetWindowRgn
• 0x1401d1178 ModifyMenuA
• 0x1401d1180 SetMenuDefaultItem
• 0x1401d1188 GetMenuDefaultItem
• 0x1401d1190 CopyIcon
• 0x1401d1198 GetIconInfo
• 0x1401d11a0 GetDoubleClickTime
• 0x1401d11a8 EnableScrollBar
库: GDI32.dll:
• 0x1401d0070 GetObjectA
• 0x1401d0078 BitBlt
• 0x1401d0080 CreateCompatibleBitmap
• 0x1401d0088 CreateCompatibleDC
• 0x1401d0090 CreateDIBitmap
• 0x1401d0098 CreateFontIndirectA
• 0x1401d00a0 CreatePen
• 0x1401d00a8 CreatePatternBrush
• 0x1401d00b0 DeleteObject
• 0x1401d00b8 EnumFontFamiliesA
• 0x1401d00c0 GetDeviceCaps
• 0x1401d00c8 GetStockObject
• 0x1401d00d0 GetTextCharsetInfo
• 0x1401d00d8 CopyMetaFileA
• 0x1401d00e0 CreateDCA
• 0x1401d00e8 CreateBitmap
• 0x1401d00f0 Escape
• 0x1401d00f8 ExcludeClipRect
• 0x1401d0100 GetClipBox
• 0x1401d0108 GetObjectType
• 0x1401d0110 GetPixel
• 0x1401d0118 GetViewportExtEx
• 0x1401d0120 GetWindowExtEx
• 0x1401d0128 IntersectClipRect
• 0x1401d0130 LineTo
• 0x1401d0138 PtVisible
• 0x1401d0140 RectVisible
• 0x1401d0148 RestoreDC
• 0x1401d0150 SaveDC
• 0x1401d0158 SelectClipRgn
• 0x1401d0160 ExtSelectClipRgn
• 0x1401d0168 SelectObject
• 0x1401d0170 SelectPalette
• 0x1401d0178 SetBkMode
• 0x1401d0180 SetMapMode
• 0x1401d0188 SetLayout
• 0x1401d0190 GetLayout
• 0x1401d0198 SetPolyFillMode
• 0x1401d01a0 SetROP2
• 0x1401d01a8 SetTextAlign
• 0x1401d01b0 SetTextColor
• 0x1401d01b8 TextOutA
• 0x1401d01c0 SetViewportExtEx
• 0x1401d01c8 SetViewportOrgEx
• 0x1401d01d0 SetWindowExtEx
• 0x1401d01d8 SetWindowOrgEx
• 0x1401d01e0 OffsetViewportOrgEx
• 0x1401d01e8 OffsetWindowOrgEx
• 0x1401d01f0 ScaleViewportExtEx
• 0x1401d01f8 ScaleWindowExtEx
• 0x1401d0200 GetRgnBox
• 0x1401d0208 GetMapMode
• 0x1401d0210 SetRectRgn
• 0x1401d0218 DPtoLP
• 0x1401d0220 RealizePalette
• 0x1401d0228 SetPixel
• 0x1401d0230 StretchBlt
• 0x1401d0238 CreateDIBSection
• 0x1401d0240 SetDIBColorTable
• 0x1401d0248 CreateRoundRectRgn
• 0x1401d0250 Rectangle
• 0x1401d0258 OffsetRgn
• 0x1401d0260 RoundRect
• 0x1401d0268 CreatePalette
• 0x1401d0270 GetPaletteEntries
• 0x1401d0278 GetNearestPaletteIndex
• 0x1401d0280 GetSystemPaletteEntries
• 0x1401d0288 EnumFontFamiliesExA
• 0x1401d0290 LPtoDP
• 0x1401d0298 ExtFloodFill
• 0x1401d02a0 SetPaletteEntries
• 0x1401d02a8 FillRgn
• 0x1401d02b0 FrameRgn
• 0x1401d02b8 GetBoundsRect
• 0x1401d02c0 PtInRegion
• 0x1401d02c8 GetViewportOrgEx
• 0x1401d02d0 GetWindowOrgEx
• 0x1401d02d8 SetPixelV
• 0x1401d02e0 GetTextFaceA
• 0x1401d02e8 SetBkColor
• 0x1401d02f0 GetTextMetricsA
• 0x1401d02f8 Polyline
• 0x1401d0300 Polygon
• 0x1401d0308 CreatePolygonRgn
• 0x1401d0310 ExtTextOutA
• 0x1401d0318 PatBlt
• 0x1401d0320 GetTextExtentPoint32A
• 0x1401d0328 GetBkColor
• 0x1401d0330 Ellipse
• 0x1401d0338 CreateSolidBrush
• 0x1401d0340 CreateRectRgnIndirect
• 0x1401d0348 CreateRectRgn
• 0x1401d0350 CreateHatchBrush
• 0x1401d0358 CreateEllipticRgn
• 0x1401d0360 CombineRgn
• 0x1401d0368 MoveToEx
• 0x1401d0370 GetTextColor
• 0x1401d0378 DeleteDC
库: WINSPOOL.DRV:
• 0x1401d1230 OpenPrinterA
• 0x1401d1238 DocumentPropertiesA
• 0x1401d1240 ClosePrinter
库: ADVAPI32.dll:
• 0x1401d0000 RegEnumKeyA
• 0x1401d0008 RegSetValueExA
• 0x1401d0010 RegEnumKeyExA
• 0x1401d0018 RegEnumValueA
• 0x1401d0020 RegQueryValueA
• 0x1401d0028 RegOpenKeyExA
• 0x1401d0030 RegDeleteKeyA
• 0x1401d0038 RegCreateKeyExA
• 0x1401d0040 RegQueryValueExA
• 0x1401d0048 RegDeleteValueA
• 0x1401d0050 RegCloseKey
库: SHELL32.dll:
• 0x1401d09e0 Shell_NotifyIconA
• 0x1401d09e8 SHGetMalloc
• 0x1401d09f0 SHGetPathFromIDListA
• 0x1401d09f8 SHGetSpecialFolderLocation
• 0x1401d0a00 SHBrowseForFolderA
• 0x1401d0a08 ShellExecuteA
• 0x1401d0a10 DragFinish
• 0x1401d0a18 DragQueryFileA
• 0x1401d0a20 SHGetFileInfoA
• 0x1401d0a28 SHAppBarMessage
• 0x1401d0a30 SHGetDesktopFolder
库: COMCTL32.dll:
• 0x1401d0060 InitCommonControlsEx
库: SHLWAPI.dll:
• 0x1401d0a40 PathFindFileNameA
• 0x1401d0a48 PathIsUNCA
• 0x1401d0a50 PathRemoveFileSpecW
• 0x1401d0a58 PathStripToRootA
• 0x1401d0a60 StrFormatKBSizeA
• 0x1401d0a68 PathFindExtensionA
库: UxTheme.dll:
• 0x1401d11b8 GetThemePartSize
• 0x1401d11c0 GetThemeSysColor
• 0x1401d11c8 OpenThemeData
• 0x1401d11d0 CloseThemeData
• 0x1401d11d8 DrawThemeBackground
• 0x1401d11e0 GetThemeColor
• 0x1401d11e8 GetCurrentThemeName
• 0x1401d11f0 DrawThemeParentBackground
• 0x1401d11f8 GetWindowTheme
• 0x1401d1200 IsAppThemed
• 0x1401d1208 DrawThemeText
• 0x1401d1210 IsThemeBackgroundPartiallyTransparent
库: ole32.dll:
• 0x1401d1390 CoLockObjectExternal
• 0x1401d1398 RegisterDragDrop
• 0x1401d13a0 RevokeDragDrop
• 0x1401d13a8 OleLockRunning
• 0x1401d13b0 OleCreateMenuDescriptor
• 0x1401d13b8 OleDestroyMenuDescriptor
• 0x1401d13c0 OleTranslateAccelerator
• 0x1401d13c8 IsAccelerator
• 0x1401d13d0 CoInitializeEx
• 0x1401d13d8 CoRevokeClassObject
• 0x1401d13e0 CoRegisterMessageFilter
• 0x1401d13e8 DoDragDrop
• 0x1401d13f0 OleIsCurrentClipboard
• 0x1401d13f8 OleFlushClipboard
• 0x1401d1400 OleUninitialize
• 0x1401d1408 OleInitialize
• 0x1401d1410 CoFreeUnusedLibraries
• 0x1401d1418 CoDisconnectObject
• 0x1401d1420 CreateStreamOnHGlobal
• 0x1401d1428 StgOpenStorageOnILockBytes
• 0x1401d1430 StgCreateDocfileOnILockBytes
• 0x1401d1438 CoGetClassObject
• 0x1401d1440 ReleaseStgMedium
• 0x1401d1448 OleDuplicateData
• 0x1401d1450 CoTaskMemFree
• 0x1401d1458 CoTaskMemAlloc
• 0x1401d1460 CLSIDFromProgID
• 0x1401d1468 CLSIDFromString
• 0x1401d1470 CoCreateGuid
• 0x1401d1478 OleRun
• 0x1401d1480 CoCreateInstance
• 0x1401d1488 CoUninitialize
• 0x1401d1490 CoInitialize
• 0x1401d1498 OleGetClipboard
• 0x1401d14a0 CreateILockBytesOnHGlobal
库: OLEAUT32.dll:
• 0x1401d0958 VarBstrFromDate
• 0x1401d0960 VariantCopy
• 0x1401d0968 SafeArrayDestroy
• 0x1401d0970 VariantTimeToSystemTime
• 0x1401d0978 SystemTimeToVariantTime
• 0x1401d0980 OleCreateFontIndirect
• 0x1401d0988 VariantChangeType
• 0x1401d0990 VariantInit
• 0x1401d0998 SysAllocStringLen
• 0x1401d09a0 VariantClear
• 0x1401d09a8 SysAllocString
• 0x1401d09b0 SysStringLen
• 0x1401d09b8 SysAllocStringByteLen
• 0x1401d09c0 SysFreeString
• 0x1401d09c8 GetErrorInfo
• 0x1401d09d0 LoadTypeLib
库: oledlg.dll:
• 0x1401d14b0 None
库: gdiplus.dll:
• 0x1401d12d8 GdipCreateBitmapFromHBITMAP
• 0x1401d12e0 GdipDrawImageI
• 0x1401d12e8 GdipSetInterpolationMode
• 0x1401d12f0 GdipBitmapUnlockBits
• 0x1401d12f8 GdipBitmapLockBits
• 0x1401d1300 GdipCreateBitmapFromScan0
• 0x1401d1308 GdipDeleteGraphics
• 0x1401d1310 GdipCreateFromHDC
• 0x1401d1318 GdipDrawImageRectI
• 0x1401d1320 GdiplusShutdown
• 0x1401d1328 GdipAlloc
• 0x1401d1330 GdipFree
• 0x1401d1338 GdiplusStartup
• 0x1401d1340 GdipCloneImage
• 0x1401d1348 GdipDisposeImage
• 0x1401d1350 GdipGetImageGraphicsContext
• 0x1401d1358 GdipGetImageWidth
• 0x1401d1360 GdipGetImageHeight
• 0x1401d1368 GdipGetImagePixelFormat
• 0x1401d1370 GdipGetImagePalette
• 0x1401d1378 GdipGetImagePaletteSize
• 0x1401d1380 GdipCreateBitmapFromStream
库: WS2_32.dll:
• 0x1401d1250 WSAAsyncSelect
• 0x1401d1258 WSAGetLastError
• 0x1401d1260 accept
• 0x1401d1268 recvfrom
• 0x1401d1270 closesocket
• 0x1401d1278 sendto
• 0x1401d1280 htonl
• 0x1401d1288 inet_addr
• 0x1401d1290 htons
• 0x1401d1298 socket
• 0x1401d12a0 inet_ntoa
• 0x1401d12a8 gethostbyname
• 0x1401d12b0 WSACleanup
• 0x1401d12b8 WSAStartup
• 0x1401d12c0 ntohl
• 0x1401d12c8 bind
库: OLEACC.dll:
• 0x1401d0938 CreateStdAccessibleObject
• 0x1401d0940 AccessibleObjectFromWindow
• 0x1401d0948 LresultFromObject
库: IMM32.dll:
• 0x1401d0388 ImmReleaseContext
• 0x1401d0390 ImmGetOpenStatus
• 0x1401d0398 ImmGetContext
库: WINMM.dll:
• 0x1401d1220 PlaySoundA
.text
`.rdata
@.data
.pdata
@_RDATA
@.rsrc
@.reloc
9=)/$
H!x 9=).$
p`D9-^;$
pPD9-&;$
p`u%D9-g:$
95h%$
951%$
95H$$
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 184.30.30.73 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 63246 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 184.30.30.73 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 63246 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 28.946 seconds )
- 12.718 Static
- 10.463 Suricata
- 2.946 VirusTotal
- 1.258 TargetInfo
- 1.143 NetworkAnalysis
- 0.348 peid
- 0.037 BehaviorAnalysis
- 0.011 AnalysisInfo
- 0.011 Strings
- 0.009 config_decoder
- 0.002 Memory
Signatures ( 1.445 seconds )
- 1.358 md_url_bl
- 0.014 antiav_detectreg
- 0.008 md_domain_bl
- 0.006 antiav_detectfile
- 0.006 infostealer_ftp
- 0.005 anomaly_persistence_autorun
- 0.004 geodo_banking_trojan
- 0.004 infostealer_bitcoin
- 0.004 infostealer_im
- 0.004 ransomware_files
- 0.003 antianalysis_detectreg
- 0.003 infostealer_mail
- 0.003 network_http
- 0.003 ransomware_extensions
- 0.002 tinba_behavior
- 0.002 antivm_vbox_files
- 0.002 disables_browser_warn
- 0.001 stealth_decoy_document
- 0.001 rat_nanocore
- 0.001 api_spamming
- 0.001 betabot_behavior
- 0.001 cerber_behavior
- 0.001 stealth_timeout
- 0.001 antivm_parallels_keys
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_security
- 0.001 modify_proxy
- 0.001 maldun_malicious_drop_executable_file_to_temp_folder
- 0.001 md_bad_drop
- 0.001 network_cnc_http
Reporting ( 0.545 seconds )
- 0.545 ReportHTMLSummary
| Task ID | 717071 |
|---|---|
| Mongo ID | 63d2886edc327bb84532689a |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号