恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-shaapp02-1	2024-04-28 22:33:57	2024-04-28 22:36:19	142 秒

魔盾分数

10.0

危险的

文件详细信息

文件名	2024[云].exe
文件大小	15002624 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	356e1f5d7bda6e319b70d2d20cb2fdb9
SHA1	d0883d4d1ab44e193ca6c58f4e551df78786eae0
SHA256	86271a869e7fc035f777da853af26f4bcd7dde5064ef5fc3331e9e0bf4a54f5a
SHA512	a3b909b7bffb568ac3481da50de3fb1e32b9d69a4865ca607c481f7c76034738a4be6840fb8c64f61928a094aba98b310df2280334104913956d5ab7f1889d9f
CRC32	A07D9C63
Ssdeep	196608:nZrRwRGJORLPH2AAXWxVK2vkyw01tfks+CcpM/1j5Q4r8Hs0z:nlaJP2XTObKs+s04r8HsM
Yara	登录查看Yara规则
	找不到该样本提交误报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
是	103.192.208.102	中国
是	103.192.208.108	中国
是	103.192.208.18	未知	中国
是	103.192.208.25	未知	中国
是	103.192.208.71	中国
是	115.236.153.235	中国
是	115.236.153.238	中国
是	115.236.153.240	中国
是	115.236.153.253	中国
是	45.124.76.212	未知	中国
是	45.124.76.233	中国
是	45.124.79.211	未知	中国
是	45.124.79.222	中国

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址	0x00400000
入口地址	0x00574657
声明校验值	0x00000000
最低操作系统版本要求	5.1
PDB路径	D:\NetAccerAWS21\Release\NetAccerAWS.pdb
编译时间	2024-03-29 23:35:25
载入哈希	0a47e133b68009340e3d3245ea7cc70f

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x001c6c7a	0x001c6e00	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.58
.rdata	0x001c8000	0x00063668	0x00063800	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.04
.data	0x0022c000	0x00012900	0x00008600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	4.80
.rsrc	0x0023f000	0x00bf8488	0x00bf8600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	7.57
.reloc	0x00e38000	0x0002354c	0x00023600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	6.52

导入

库: KERNEL32.dll:

• 0x5c8208 IsValidCodePage

• 0x5c820c GetOEMCP

• 0x5c8210 GetCPInfo

• 0x5c8214 FindFirstFileExW

• 0x5c8218 CreateDirectoryW

• 0x5c821c SetFilePointerEx

• 0x5c8220 GetConsoleMode

• 0x5c8224 ReadConsoleW

• 0x5c8228 GetConsoleCP

• 0x5c822c GetStringTypeW

• 0x5c8230 GetTimeZoneInformation

• 0x5c8234 OutputDebugStringW

• 0x5c8238 IsValidLocale

• 0x5c823c EnumSystemLocalesW

• 0x5c8240 GetFileInformationByHandle

• 0x5c8244 PeekNamedPipe

• 0x5c8248 WriteConsoleW

• 0x5c824c SetEnvironmentVariableA

• 0x5c8250 UnregisterWaitEx

• 0x5c8254 InterlockedFlushSList

• 0x5c8258 InterlockedPushEntrySList

• 0x5c825c InterlockedPopEntrySList

• 0x5c8260 InitializeSListHead

• 0x5c8264 ReleaseSemaphore

• 0x5c8268 VirtualFree

• 0x5c826c FreeLibraryAndExitThread

• 0x5c8270 GetThreadTimes

• 0x5c8274 UnregisterWait

• 0x5c8278 RegisterWaitForSingleObject

• 0x5c827c SetThreadAffinityMask

• 0x5c8280 GetProcessAffinityMask

• 0x5c8284 GetNumaHighestNodeNumber

• 0x5c8288 DeleteTimerQueueTimer

• 0x5c828c ChangeTimerQueueTimer

• 0x5c8290 CreateTimerQueueTimer

• 0x5c8294 GetLogicalProcessorInformation

• 0x5c8298 GetThreadPriority

• 0x5c829c SwitchToThread

• 0x5c82a0 SignalObjectAndWait

• 0x5c82a4 WaitForSingleObjectEx

• 0x5c82a8 CreateTimerQueue

• 0x5c82ac CreateSemaphoreW

• 0x5c82b0 UnhandledExceptionFilter

• 0x5c82b4 SetUnhandledExceptionFilter

• 0x5c82b8 FreeEnvironmentStringsW

• 0x5c82bc GetEnvironmentStringsW

• 0x5c82c0 QueryPerformanceCounter

• 0x5c82c4 GetStartupInfoW

• 0x5c82c8 GetStdHandle

• 0x5c82cc GetFileType

• 0x5c82d0 SetStdHandle

• 0x5c82d4 GetSystemTimeAsFileTime

• 0x5c82d8 VirtualQuery

• 0x5c82dc VirtualAlloc

• 0x5c82e0 HeapQueryInformation

• 0x5c82e4 ExitThread

• 0x5c82e8 CreateThread

• 0x5c82ec RtlUnwind

• 0x5c82f0 SystemTimeToTzSpecificLocalTime

• 0x5c82f4 AreFileApisANSI

• 0x5c82f8 GetModuleHandleExW

• 0x5c82fc ExitProcess

• 0x5c8300 IsProcessorFeaturePresent

• 0x5c8304 IsDebuggerPresent

• 0x5c8308 FindResourceExW

• 0x5c830c GetUserDefaultLCID

• 0x5c8310 VirtualProtect

• 0x5c8314 SearchPathW

• 0x5c8318 GetProfileIntW

• 0x5c831c GetTempPathW

• 0x5c8320 GetTempFileNameW

• 0x5c8324 VerifyVersionInfoW

• 0x5c8328 VerSetConditionMask

• 0x5c832c GetWindowsDirectoryW

• 0x5c8330 GetFileTime

• 0x5c8334 GetFileSizeEx

• 0x5c8338 GetFileAttributesExW

• 0x5c833c GetFileAttributesW

• 0x5c8340 FileTimeToLocalFileTime

• 0x5c8344 SetErrorMode

• 0x5c8348 FileTimeToSystemTime

• 0x5c834c lstrcmpiW

• 0x5c8350 DuplicateHandle

• 0x5c8354 WriteFile

• 0x5c8358 UnlockFile

• 0x5c835c SetFilePointer

• 0x5c8360 SetEndOfFile

• 0x5c8364 LockFile

• 0x5c8368 GetVolumeInformationW

• 0x5c836c GetFullPathNameW

• 0x5c8370 GetFileSize

• 0x5c8374 FlushFileBuffers

• 0x5c8378 FindFirstFileW

• 0x5c837c FindClose

• 0x5c8380 CreateFileW

• 0x5c8384 GlobalGetAtomNameW

• 0x5c8388 GetThreadLocale

• 0x5c838c DeleteFileW

• 0x5c8390 GlobalFlags

• 0x5c8394 GetUserDefaultUILanguage

• 0x5c8398 GetSystemDefaultUILanguage

• 0x5c839c GetLocaleInfoW

• 0x5c83a0 CompareStringW

• 0x5c83a4 GetCurrentDirectoryW

• 0x5c83a8 LocalReAlloc

• 0x5c83ac GlobalHandle

• 0x5c83b0 GlobalReAlloc

• 0x5c83b4 TlsFree

• 0x5c83b8 TlsSetValue

• 0x5c83bc TlsGetValue

• 0x5c83c0 TlsAlloc

• 0x5c83c4 CopyFileW

• 0x5c83c8 FormatMessageW

• 0x5c83cc MulDiv

• 0x5c83d0 GlobalSize

• 0x5c83d4 GlobalUnlock

• 0x5c83d8 ResumeThread

• 0x5c83dc SetThreadPriority

• 0x5c83e0 CreateEventW

• 0x5c83e4 SetEvent

• 0x5c83e8 GlobalFindAtomW

• 0x5c83ec GlobalAddAtomW

• 0x5c83f0 LoadLibraryW

• 0x5c83f4 LoadLibraryA

• 0x5c83f8 GetModuleHandleA

• 0x5c83fc GetSystemDirectoryW

• 0x5c8400 SetLastError

• 0x5c8404 EncodePointer

• 0x5c8408 OutputDebugStringA

• 0x5c840c WritePrivateProfileStringW

• 0x5c8410 GetPrivateProfileStringW

• 0x5c8414 GetPrivateProfileIntW

• 0x5c8418 GlobalFree

• 0x5c841c FreeResource

• 0x5c8420 lstrcmpW

• 0x5c8424 GlobalDeleteAtom

• 0x5c8428 GlobalLock

• 0x5c842c GlobalAlloc

• 0x5c8430 GetCurrentThreadId

• 0x5c8434 GetCurrentThread

• 0x5c8438 ReadFile

• 0x5c843c CreateProcessW

• 0x5c8440 CreatePipe

• 0x5c8444 DecodePointer

• 0x5c8448 HeapSize

• 0x5c844c RaiseException

• 0x5c8450 InitializeCriticalSectionAndSpinCount

• 0x5c8454 GetProcessHeap

• 0x5c8458 HeapFree

• 0x5c845c HeapAlloc

• 0x5c8460 HeapReAlloc

• 0x5c8464 GetDriveTypeW

• 0x5c8468 GetDiskFreeSpaceA

• 0x5c846c WaitForSingleObject

• 0x5c8470 TerminateProcess

• 0x5c8474 QueryDosDeviceW

• 0x5c8478 GetLogicalDriveStringsW

• 0x5c847c GetCurrentProcessId

• 0x5c8480 Module32NextW

• 0x5c8484 Process32NextW

• 0x5c8488 OpenProcess

• 0x5c848c Process32FirstW

• 0x5c8490 Module32FirstW

• 0x5c8494 CreateToolhelp32Snapshot

• 0x5c8498 CloseHandle

• 0x5c849c GetCurrentProcess

• 0x5c84a0 FreeLibrary

• 0x5c84a4 GetProcAddress

• 0x5c84a8 LoadLibraryExW

• 0x5c84ac GetModuleFileNameW

• 0x5c84b0 GetFileAttributesA

• 0x5c84b4 GetEnvironmentVariableW

• 0x5c84b8 WideCharToMultiByte

• 0x5c84bc LCMapStringW

• 0x5c84c0 MultiByteToWideChar

• 0x5c84c4 GetACP

• 0x5c84c8 GetVersionExW

• 0x5c84cc GetSystemInfo

• 0x5c84d0 DeleteCriticalSection

• 0x5c84d4 GetCommandLineW

• 0x5c84d8 LockResource

• 0x5c84dc LoadResource

• 0x5c84e0 SizeofResource

• 0x5c84e4 FindResourceW

• 0x5c84e8 GetModuleHandleW

• 0x5c84ec GetTickCount

• 0x5c84f0 GetLastError

• 0x5c84f4 LocalFree

• 0x5c84f8 lstrcmpA

• 0x5c84fc lstrcpyW

• 0x5c8500 LocalAlloc

• 0x5c8504 Sleep

• 0x5c8508 LeaveCriticalSection

• 0x5c850c EnterCriticalSection

• 0x5c8510 QueryDepthSList

• 0x5c8514 InitializeCriticalSection

库: USER32.dll:

• 0x5c85d4 SetRect

• 0x5c85d8 InvalidateRgn

• 0x5c85dc CopyAcceleratorTableW

• 0x5c85e0 OffsetRect

• 0x5c85e4 CharNextW

• 0x5c85e8 KillTimer

• 0x5c85ec SetTimer

• 0x5c85f0 RealChildWindowFromPoint

• 0x5c85f4 DeleteMenu

• 0x5c85f8 CopyImage

• 0x5c85fc WindowFromPoint

• 0x5c8600 ReleaseCapture

• 0x5c8604 SetCapture

• 0x5c8608 WaitMessage

• 0x5c860c FillRect

• 0x5c8610 ClientToScreen

• 0x5c8614 EndPaint

• 0x5c8618 BeginPaint

• 0x5c861c ReleaseDC

• 0x5c8620 GetWindowDC

• 0x5c8624 TabbedTextOutW

• 0x5c8628 GrayStringW

• 0x5c862c DrawTextExW

• 0x5c8630 DrawTextW

• 0x5c8634 SystemParametersInfoW

• 0x5c8638 InflateRect

• 0x5c863c GetMenuItemInfoW

• 0x5c8640 DestroyMenu

• 0x5c8644 RemoveMenu

• 0x5c8648 InsertMenuW

• 0x5c864c GetMenuState

• 0x5c8650 GetMenuStringW

• 0x5c8654 SendDlgItemMessageA

• 0x5c8658 IsDialogMessageW

• 0x5c865c SetWindowTextW

• 0x5c8660 CheckDlgButton

• 0x5c8664 MoveWindow

• 0x5c8668 ShowWindow

• 0x5c866c LoadMenuW

• 0x5c8670 GetDesktopWindow

• 0x5c8674 GetNextDlgTabItem

• 0x5c8678 EndDialog

• 0x5c867c CreateDialogIndirectParamW

• 0x5c8680 SetCursor

• 0x5c8684 ShowOwnedPopups

• 0x5c8688 GetActiveWindow

• 0x5c868c SetMenuItemInfoW

• 0x5c8690 GetMenuCheckMarkDimensions

• 0x5c8694 SetMenuItemBitmaps

• 0x5c8698 EnableMenuItem

• 0x5c869c CheckMenuItem

• 0x5c86a0 GetMonitorInfoW

• 0x5c86a4 MonitorFromWindow

• 0x5c86a8 WinHelpW

• 0x5c86ac GetScrollInfo

• 0x5c86b0 SetScrollInfo

• 0x5c86b4 IntersectRect

• 0x5c86b8 SetWindowsHookExW

• 0x5c86bc GetTopWindow

• 0x5c86c0 GetClassNameW

• 0x5c86c4 GetClassLongW

• 0x5c86c8 SetWindowLongW

• 0x5c86cc EqualRect

• 0x5c86d0 CopyRect

• 0x5c86d4 GetSysColor

• 0x5c86d8 MapWindowPoints

• 0x5c86dc ScreenToClient

• 0x5c86e0 AdjustWindowRectEx

• 0x5c86e4 GetWindowTextLengthW

• 0x5c86e8 GetWindowTextW

• 0x5c86ec RemovePropW

• 0x5c86f0 GetPropW

• 0x5c86f4 InvertRect

• 0x5c86f8 UnionRect

• 0x5c86fc GetScrollRange

• 0x5c8700 SetScrollRange

• 0x5c8704 GetScrollPos

• 0x5c8708 SetScrollPos

• 0x5c870c ScrollWindow

• 0x5c8710 RedrawWindow

• 0x5c8714 ValidateRect

• 0x5c8718 SetForegroundWindow

• 0x5c871c GetForegroundWindow

• 0x5c8720 SetActiveWindow

• 0x5c8724 TrackPopupMenu

• 0x5c8728 GetMenuItemCount

• 0x5c872c GetMenuItemID

• 0x5c8730 GetSubMenu

• 0x5c8734 SetMenu

• 0x5c8738 GetMenu

• 0x5c873c GetCapture

• 0x5c8740 GetKeyState

• 0x5c8744 GetFocus

• 0x5c8748 SetParent

• 0x5c874c PostThreadMessageW

• 0x5c8750 SetLayeredWindowAttributes

• 0x5c8754 SendMessageW

• 0x5c8758 GetCursorPos

• 0x5c875c LoadIconW

• 0x5c8760 FindWindowW

• 0x5c8764 FindWindowExW

• 0x5c8768 SetFocus

• 0x5c876c GetDlgCtrlID

• 0x5c8770 GetDlgItem

• 0x5c8774 IsWindowVisible

• 0x5c8778 EndDeferWindowPos

• 0x5c877c DeferWindowPos

• 0x5c8780 BeginDeferWindowPos

• 0x5c8784 SetWindowPlacement

• 0x5c8788 GetWindowPlacement

• 0x5c878c IsChild

• 0x5c8790 IsWindow

• 0x5c8794 GetClassInfoExW

• 0x5c8798 GetClassInfoW

• 0x5c879c RegisterClassW

• 0x5c87a0 CallWindowProcW

• 0x5c87a4 GetMessageTime

• 0x5c87a8 GetMessagePos

• 0x5c87ac PeekMessageW

• 0x5c87b0 IsRectEmpty

• 0x5c87b4 GetNextDlgGroupItem

• 0x5c87b8 MessageBeep

• 0x5c87bc GetSysColorBrush

• 0x5c87c0 DestroyIcon

• 0x5c87c4 CharUpperW

• 0x5c87c8 BringWindowToTop

• 0x5c87cc LoadAcceleratorsW

• 0x5c87d0 TranslateAcceleratorW

• 0x5c87d4 InsertMenuItemW

• 0x5c87d8 SetRectEmpty

• 0x5c87dc LoadImageW

• 0x5c87e0 UnpackDDElParam

• 0x5c87e4 ReuseDDElParam

• 0x5c87e8 RegisterWindowMessageW

• 0x5c87ec MapDialogRect

• 0x5c87f0 RegisterClipboardFormatW

• 0x5c87f4 GetMenuDefaultItem

• 0x5c87f8 DrawFocusRect

• 0x5c87fc DrawIconEx

• 0x5c8800 GetIconInfo

• 0x5c8804 GetAsyncKeyState

• 0x5c8808 EnableScrollBar

• 0x5c880c CallNextHookEx

• 0x5c8810 HideCaret

• 0x5c8814 PostMessageW

• 0x5c8818 GetSystemMetrics

• 0x5c881c DefWindowProcW

• 0x5c8820 LoadCursorW

• 0x5c8824 RegisterClassExW

• 0x5c8828 GetMessageW

• 0x5c882c TranslateMessage

• 0x5c8830 DispatchMessageW

• 0x5c8834 DestroyWindow

• 0x5c8838 CreateWindowExW

• 0x5c883c EnableWindow

• 0x5c8840 InvalidateRect

• 0x5c8844 UpdateWindow

• 0x5c8848 MessageBoxW

• 0x5c884c CreatePopupMenu

• 0x5c8850 AppendMenuW

• 0x5c8854 GetDC

• 0x5c8858 GetSystemMenu

• 0x5c885c IsIconic

• 0x5c8860 GetClientRect

• 0x5c8864 DrawIcon

• 0x5c8868 GetWindowRect

• 0x5c886c LoadBitmapW

• 0x5c8870 SetWindowRgn

• 0x5c8874 PtInRect

• 0x5c8878 UnregisterClassW

• 0x5c887c IsWindowEnabled

• 0x5c8880 EnumDisplayMonitors

• 0x5c8884 OpenClipboard

• 0x5c8888 CloseClipboard

• 0x5c888c SetClipboardData

• 0x5c8890 NotifyWinEvent

• 0x5c8894 MapVirtualKeyW

• 0x5c8898 SetPropW

• 0x5c889c GetKeyNameTextW

• 0x5c88a0 GetWindowLongW

• 0x5c88a4 GetParent

• 0x5c88a8 GetWindowThreadProcessId

• 0x5c88ac GetLastActivePopup

• 0x5c88b0 UnhookWindowsHookEx

• 0x5c88b4 PostQuitMessage

• 0x5c88b8 SetWindowPos

• 0x5c88bc SetWindowContextHelpId

• 0x5c88c0 GetWindow

• 0x5c88c4 EmptyClipboard

• 0x5c88c8 DrawStateW

• 0x5c88cc DrawEdge

• 0x5c88d0 GetWindowRgn

• 0x5c88d4 DestroyCursor

• 0x5c88d8 CreateMenu

• 0x5c88dc SubtractRect

• 0x5c88e0 GetUpdateRect

• 0x5c88e4 IsClipboardFormatAvailable

• 0x5c88e8 TranslateMDISysAccel

• 0x5c88ec DefMDIChildProcW

• 0x5c88f0 DefFrameProcW

• 0x5c88f4 DrawMenuBar

• 0x5c88f8 FrameRect

• 0x5c88fc CharUpperBuffW

• 0x5c8900 ModifyMenuW

• 0x5c8904 SetMenuDefaultItem

• 0x5c8908 CopyIcon

• 0x5c890c GetDoubleClickTime

• 0x5c8910 SetClassLongW

• 0x5c8914 SetCursorPos

• 0x5c8918 DestroyAcceleratorTable

• 0x5c891c CreateAcceleratorTableW

• 0x5c8920 GetKeyboardState

• 0x5c8924 ToUnicodeEx

• 0x5c8928 LockWindowUpdate

• 0x5c892c MapVirtualKeyExW

• 0x5c8930 IsCharLowerW

• 0x5c8934 GetKeyboardLayout

• 0x5c8938 IsZoomed

• 0x5c893c GetComboBoxInfo

• 0x5c8940 TrackMouseEvent

• 0x5c8944 MonitorFromPoint

• 0x5c8948 UpdateLayeredWindow

• 0x5c894c IsMenu

• 0x5c8950 ShowScrollBar

• 0x5c8954 DrawFrameControl

库: GDI32.dll:

• 0x5c8068 GetObjectType

• 0x5c806c GetViewportExtEx

• 0x5c8070 GetWindowExtEx

• 0x5c8074 IntersectClipRect

• 0x5c8078 LineTo

• 0x5c807c PtVisible

• 0x5c8080 RectVisible

• 0x5c8084 RestoreDC

• 0x5c8088 SaveDC

• 0x5c808c SelectClipRgn

• 0x5c8090 ExtSelectClipRgn

• 0x5c8094 SelectObject

• 0x5c8098 SelectPalette

• 0x5c809c SetBkMode

• 0x5c80a0 SetMapMode

• 0x5c80a4 SetLayout

• 0x5c80a8 GetLayout

• 0x5c80ac SetPolyFillMode

• 0x5c80b0 SetROP2

• 0x5c80b4 SetTextAlign

• 0x5c80b8 MoveToEx

• 0x5c80bc TextOutW

• 0x5c80c0 SetViewportExtEx

• 0x5c80c4 SetViewportOrgEx

• 0x5c80c8 SetWindowExtEx

• 0x5c80cc SetWindowOrgEx

• 0x5c80d0 OffsetViewportOrgEx

• 0x5c80d4 OffsetWindowOrgEx

• 0x5c80d8 ScaleViewportExtEx

• 0x5c80dc ScaleWindowExtEx

• 0x5c80e0 GetBkColor

• 0x5c80e4 GetTextColor

• 0x5c80e8 CreateRectRgnIndirect

• 0x5c80ec GetRgnBox

• 0x5c80f0 GetTextMetricsW

• 0x5c80f4 PatBlt

• 0x5c80f8 SetRectRgn

• 0x5c80fc DPtoLP

• 0x5c8100 CreateCompatibleBitmap

• 0x5c8104 CreatePalette

• 0x5c8108 GetNearestPaletteIndex

• 0x5c810c GetPaletteEntries

• 0x5c8110 GetSystemPaletteEntries

• 0x5c8114 RealizePalette

• 0x5c8118 CreateDIBitmap

• 0x5c811c EnumFontFamiliesW

• 0x5c8120 GetTextCharsetInfo

• 0x5c8124 SetPixel

• 0x5c8128 CreateDIBSection

• 0x5c812c SetDIBColorTable

• 0x5c8130 CreateEllipticRgn

• 0x5c8134 Ellipse

• 0x5c8138 CreatePolygonRgn

• 0x5c813c Polygon

• 0x5c8140 Polyline

• 0x5c8144 Rectangle

• 0x5c8148 EnumFontFamiliesExW

• 0x5c814c OffsetRgn

• 0x5c8150 CreateRoundRectRgn

• 0x5c8154 RoundRect

• 0x5c8158 FrameRgn

• 0x5c815c PtInRegion

• 0x5c8160 SetPixelV

• 0x5c8164 ExtFloodFill

• 0x5c8168 SetPaletteEntries

• 0x5c816c FillRgn

• 0x5c8170 GetBoundsRect

• 0x5c8174 GetWindowOrgEx

• 0x5c8178 LPtoDP

• 0x5c817c GetViewportOrgEx

• 0x5c8180 GetTextFaceW

• 0x5c8184 GetClipBox

• 0x5c8188 ExcludeClipRect

• 0x5c818c Escape

• 0x5c8190 DeleteObject

• 0x5c8194 CreateSolidBrush

• 0x5c8198 CreatePatternBrush

• 0x5c819c CreatePen

• 0x5c81a0 CreateHatchBrush

• 0x5c81a4 ExtTextOutW

• 0x5c81a8 GetTextExtentPoint32W

• 0x5c81ac CreateFontIndirectW

• 0x5c81b0 BitBlt

• 0x5c81b4 GetDeviceCaps

• 0x5c81b8 CreateDCW

• 0x5c81bc CopyMetaFileW

• 0x5c81c0 CreateBitmap

• 0x5c81c4 SetTextColor

• 0x5c81c8 SetBkColor

• 0x5c81cc DeleteDC

• 0x5c81d0 GetStockObject

• 0x5c81d4 CreateFontW

• 0x5c81d8 CombineRgn

• 0x5c81dc GetPixel

• 0x5c81e0 CreateRectRgn

• 0x5c81e4 StretchBlt

• 0x5c81e8 GetMapMode

• 0x5c81ec CreateCompatibleDC

• 0x5c81f0 GetObjectW

库: MSIMG32.dll:

• 0x5c851c AlphaBlend

• 0x5c8520 TransparentBlt

库: WINSPOOL.DRV:

• 0x5c89a8 DocumentPropertiesW

• 0x5c89ac ClosePrinter

• 0x5c89b0 OpenPrinterW

库: ADVAPI32.dll:

• 0x5c8000 RegEnumValueW

• 0x5c8004 LookupPrivilegeValueW

• 0x5c8008 AdjustTokenPrivileges

• 0x5c800c RegCloseKey

• 0x5c8010 RegOpenKeyExW

• 0x5c8014 RegQueryValueExW

• 0x5c8018 RegCreateKeyExW

• 0x5c801c RegDeleteKeyW

• 0x5c8020 RegDeleteValueW

• 0x5c8024 RegSetValueExW

• 0x5c8028 RegEnumKeyExW

• 0x5c802c OpenProcessToken

• 0x5c8030 RegQueryValueW

• 0x5c8034 RegEnumKeyW

库: SHELL32.dll:

• 0x5c8584 SHGetDesktopFolder

• 0x5c8588 SHChangeNotify

• 0x5c858c ShellExecuteExW

• 0x5c8590 ShellExecuteW

• 0x5c8594 SHGetSpecialFolderLocation

• 0x5c8598 SHGetPathFromIDListW

• 0x5c859c SHAppBarMessage

• 0x5c85a0 SHBrowseForFolderW

• 0x5c85a4 Shell_NotifyIconW

• 0x5c85a8 DragFinish

• 0x5c85ac DragQueryFileW

• 0x5c85b0 SHGetFileInfoW

库: COMCTL32.dll:

• 0x5c803c InitCommonControlsEx

库: SHLWAPI.dll:

• 0x5c85b8 PathFindExtensionW

• 0x5c85bc PathFindFileNameW

• 0x5c85c0 PathIsUNCW

• 0x5c85c4 PathStripToRootW

• 0x5c85c8 PathRemoveFileSpecW

• 0x5c85cc StrFormatKBSizeW

库: UxTheme.dll:

• 0x5c895c OpenThemeData

• 0x5c8960 GetWindowTheme

• 0x5c8964 GetThemeSysColor

• 0x5c8968 IsAppThemed

• 0x5c896c GetThemePartSize

• 0x5c8970 DrawThemeText

• 0x5c8974 DrawThemeBackground

• 0x5c8978 IsThemeBackgroundPartiallyTransparent

• 0x5c897c DrawThemeParentBackground

• 0x5c8980 CloseThemeData

• 0x5c8984 GetThemeColor

• 0x5c8988 GetCurrentThemeName

库: ole32.dll:

• 0x5c8a6c CoRevokeClassObject

• 0x5c8a70 OleFlushClipboard

• 0x5c8a74 OleIsCurrentClipboard

• 0x5c8a78 CoRegisterMessageFilter

• 0x5c8a7c CreateStreamOnHGlobal

• 0x5c8a80 DoDragDrop

• 0x5c8a84 OleLockRunning

• 0x5c8a88 OleCreateMenuDescriptor

• 0x5c8a8c OleDestroyMenuDescriptor

• 0x5c8a90 OleTranslateAccelerator

• 0x5c8a94 IsAccelerator

• 0x5c8a98 OleGetClipboard

• 0x5c8a9c CoLockObjectExternal

• 0x5c8aa0 RegisterDragDrop

• 0x5c8aa4 RevokeDragDrop

• 0x5c8aa8 CoFreeUnusedLibraries

• 0x5c8aac CoDisconnectObject

• 0x5c8ab0 CreateILockBytesOnHGlobal

• 0x5c8ab4 StgOpenStorageOnILockBytes

• 0x5c8ab8 StgCreateDocfileOnILockBytes

• 0x5c8abc CoGetClassObject

• 0x5c8ac0 ReleaseStgMedium

• 0x5c8ac4 OleDuplicateData

• 0x5c8ac8 CoTaskMemAlloc

• 0x5c8acc CLSIDFromProgID

• 0x5c8ad0 CLSIDFromString

• 0x5c8ad4 CoTaskMemFree

• 0x5c8ad8 CoCreateInstance

• 0x5c8adc CoUninitialize

• 0x5c8ae0 OleUninitialize

• 0x5c8ae4 OleInitialize

• 0x5c8ae8 CoInitializeEx

• 0x5c8aec CoCreateGuid

• 0x5c8af0 CoInitialize

库: OLEAUT32.dll:

• 0x5c8538 OleCreateFontIndirect

• 0x5c853c SysStringLen

• 0x5c8540 SystemTimeToVariantTime

• 0x5c8544 VariantTimeToSystemTime

• 0x5c8548 SafeArrayDestroy

• 0x5c854c LoadTypeLib

• 0x5c8550 VariantCopy

• 0x5c8554 VarBstrFromDate

• 0x5c8558 VariantChangeType

• 0x5c855c VariantInit

• 0x5c8560 VariantClear

• 0x5c8564 SysAllocStringLen

• 0x5c8568 SysAllocString

• 0x5c856c SysFreeString

库: oledlg.dll:

• 0x5c8af8 OleUIBusyW

库: gdiplus.dll:

• 0x5c8a10 GdipGetImagePalette

• 0x5c8a14 GdipDrawImageRectI

• 0x5c8a18 GdipSetInterpolationMode

• 0x5c8a1c GdipCreateFromHDC

• 0x5c8a20 GdipCreateBitmapFromHBITMAP

• 0x5c8a24 GdiplusShutdown

• 0x5c8a28 GdipAlloc

• 0x5c8a2c GdipFree

• 0x5c8a30 GdiplusStartup

• 0x5c8a34 GdipCloneImage

• 0x5c8a38 GdipDisposeImage

• 0x5c8a3c GdipGetImageGraphicsContext

• 0x5c8a40 GdipGetImageWidth

• 0x5c8a44 GdipGetImageHeight

• 0x5c8a48 GdipGetImagePixelFormat

• 0x5c8a4c GdipGetImagePaletteSize

• 0x5c8a50 GdipCreateBitmapFromStream

• 0x5c8a54 GdipCreateBitmapFromScan0

• 0x5c8a58 GdipBitmapLockBits

• 0x5c8a5c GdipBitmapUnlockBits

• 0x5c8a60 GdipDeleteGraphics

• 0x5c8a64 GdipDrawImageI

库: WS2_32.dll:

• 0x5c89b8 sendto

• 0x5c89bc htonl

• 0x5c89c0 ntohl

• 0x5c89c4 recvfrom

• 0x5c89c8 WSAAsyncSelect

• 0x5c89cc WSAIoctl

• 0x5c89d0 inet_ntoa

• 0x5c89d4 gethostbyname

• 0x5c89d8 send

• 0x5c89dc inet_addr

• 0x5c89e0 WSAStartup

• 0x5c89e4 connect

• 0x5c89e8 recv

• 0x5c89ec accept

• 0x5c89f0 closesocket

• 0x5c89f4 listen

• 0x5c89f8 bind

• 0x5c89fc htons

• 0x5c8a00 setsockopt

• 0x5c8a04 WSAGetLastError

• 0x5c8a08 socket

库: CRYPT32.dll:

• 0x5c8044 CryptDecodeObject

• 0x5c8048 CertGetNameStringW

• 0x5c804c CryptQueryObject

• 0x5c8050 CertCloseStore

• 0x5c8054 CryptMsgClose

• 0x5c8058 CryptMsgGetParam

• 0x5c805c CertFindCertificateInStore

• 0x5c8060 CertFreeCertificateContext

库: VERSION.dll:

• 0x5c8990 GetFileVersionInfoA

• 0x5c8994 VerQueryValueA

• 0x5c8998 GetFileVersionInfoSizeA

库: PSAPI.DLL:

• 0x5c8574 EnumProcessModules

• 0x5c8578 GetProcessImageFileNameW

• 0x5c857c GetModuleFileNameExW

库: OLEACC.dll:

• 0x5c8528 AccessibleObjectFromWindow

• 0x5c852c LresultFromObject

• 0x5c8530 CreateStdAccessibleObject

库: IMM32.dll:

• 0x5c81f8 ImmGetContext

• 0x5c81fc ImmGetOpenStatus

• 0x5c8200 ImmReleaseContext

库: WINMM.dll:

• 0x5c89a0 PlaySoundW

.text
`.rdata
@.data
.rsrc
@.reloc
VRhD0`
VRhH0`
Ph,1`
VRhl1`
Q@PVj

没有防病毒引擎扫描信息!

进程树

2024_____.exe id: 2600
- 2024.exe id: 2944

2024_____.exe, PID: 2600, 上一级进程 PID: 2252

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

2024.exe, PID: 2944, 上一级进程 PID: 2600

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
是	103.192.208.102	中国
是	103.192.208.108	中国
是	103.192.208.18	未知	中国
是	103.192.208.25	未知	中国
是	103.192.208.71	中国
是	115.236.153.235	中国
是	115.236.153.238	中国
是	115.236.153.240	中国
是	115.236.153.253	中国
是	45.124.76.212	未知	中国
是	45.124.76.233	中国
是	45.124.79.211	未知	中国
是	45.124.79.222	中国

TCP

源地址	源端口	目标地址	目标端口
103.192.208.102	300	192.168.122.201	49173
103.192.208.108	300	192.168.122.201	49166
103.192.208.18	300	192.168.122.201	49171
103.192.208.25	300	192.168.122.201	49162
103.192.208.71	300	192.168.122.201	49163
115.236.153.235	300	192.168.122.201	49167
115.236.153.238	300	192.168.122.201	49174
115.236.153.240	300	192.168.122.201	49169
192.168.122.201	49161	115.236.153.253	511
192.168.122.201	49158	23.220.163.201	80
45.124.76.212	300	192.168.122.201	49172
45.124.76.233	300	192.168.122.201	49168
45.124.79.211	300	192.168.122.201	49165
45.124.79.222	300	192.168.122.201	49164

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	63246	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址	源端口	目标地址	目标端口
103.192.208.102	300	192.168.122.201	49173
103.192.208.108	300	192.168.122.201	49166
103.192.208.18	300	192.168.122.201	49171
103.192.208.25	300	192.168.122.201	49162
103.192.208.71	300	192.168.122.201	49163
115.236.153.235	300	192.168.122.201	49167
115.236.153.238	300	192.168.122.201	49174
115.236.153.240	300	192.168.122.201	49169
192.168.122.201	49161	115.236.153.253	511
192.168.122.201	49158	23.220.163.201	80
45.124.76.212	300	192.168.122.201	49172
45.124.76.233	300	192.168.122.201	49168
45.124.79.211	300	192.168.122.201	49165
45.124.79.222	300	192.168.122.201	49164

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	63246	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 77.181 seconds )

34.087 Static
12.225 VirusTotal
11.94 NetworkAnalysis
11.3 Suricata
3.657 BehaviorAnalysis
3.07 TargetInfo
0.439 peid
0.413 AnalysisInfo
0.037 config_decoder
0.011 Strings
0.002 Memory

Signatures ( 3.403 seconds )

1.432 proprietary_url_bl
0.37 antiav_detectreg
0.23 api_spamming
0.19 stealth_decoy_document
0.187 stealth_timeout
0.128 infostealer_ftp
0.077 antianalysis_detectreg
0.073 infostealer_im
0.056 antisandbox_sleep
0.042 injection_createremotethread
0.04 infostealer_mail
0.036 antivm_generic_scsi
0.03 process_interest
0.028 injection_runpe
0.019 vawtrak_behavior
0.019 antivm_parallels_keys
0.019 antivm_xen_keys
0.019 darkcomet_regkeys
0.018 kibex_behavior
0.017 geodo_banking_trojan
0.016 antivm_generic_disk
0.016 recon_fingerprint
0.015 bootkit
0.014 mimics_filetime
0.013 antivm_generic_services
0.013 betabot_behavior
0.013 process_needed
0.012 anormaly_invoke_kills
0.012 virus
0.012 antivm_generic_diskreg
0.011 stealth_file
0.011 reads_self
0.01 antisandbox_productid
0.009 antiav_detectfile
0.008 proprietary_domain_bl
0.007 stealth_network
0.007 antidbg_windows
0.006 proprietary_anomaly_massive_file_ops
0.006 anomaly_persistence_autorun
0.006 hancitor_behavior
0.006 bypass_firewall
0.006 antivm_xen_keys
0.006 antivm_hyperv_keys
0.006 antivm_vbox_acpi
0.006 antivm_vbox_keys
0.006 antivm_vmware_keys
0.006 antivm_vpc_keys
0.006 infostealer_bitcoin
0.006 proprietary_anomaly_invoke_vb_vba
0.006 packer_armadillo_regkey
0.005 antivm_generic_bios
0.005 antivm_generic_cpu
0.005 antivm_generic_system
0.005 recon_programs
0.004 kovter_behavior
0.004 antivm_vbox_files
0.004 ransomware_extensions
0.004 ransomware_files
0.003 antiemu_wine_func
0.003 proprietary_malicious_write_executeable_under_temp_to_regrun
0.003 infostealer_browser_password
0.003 network_http
0.002 tinba_behavior
0.002 rat_nanocore
0.002 proprietary_anomaly_write_exe_and_obsfucate_extension
0.002 antiav_avast_libs
0.002 dridex_behavior
0.002 antisandbox_sunbelt_libs
0.002 cerber_behavior
0.002 disables_browser_warn
0.002 proprietary_bad_drop
0.001 proprietary_anomaly_terminated_process
0.001 hawkeye_behavior
0.001 network_tor
0.001 antivm_vbox_libs
0.001 proprietary_anomaly_write_exe_and_dll_under_winroot_run
0.001 infostealer_browser
0.001 rat_luminosity
0.001 antivm_vbox_window
0.001 injection_explorer
0.001 kelihos_behavior
0.001 sets_autoconfig_url
0.001 kazybot_behavior
0.001 antisandbox_sboxie_libs
0.001 ipc_namedpipe
0.001 antiav_bitdefender_libs
0.001 shifu_behavior
0.001 exec_crash
0.001 network_bind
0.001 antisandbox_script_timer
0.001 securityxploded_modules
0.001 antidbg_devices
0.001 antiemu_wine_reg
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_security
0.001 modify_proxy
0.001 proprietary_malicious_drop_executable_file_to_temp_folder
0.001 network_cnc_http
0.001 rat_pcclient

Reporting ( 0.656 seconds )

0.543 ReportHTMLSummary
0.113 Malheur


Task ID	744434
Mongo ID	662e5f44dc327b46bf811254
Cuckoo release	1.4-Maldun