分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2024-04-29 14:53:43 | 2024-04-29 14:55:54 | 131 秒 |
魔盾分数
5.25
可疑的
文件详细信息
| 文件名 | 微信多开.exe |
|---|---|
| 文件大小 | 495616 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | f769f10796224b29525e155b30f0ad34 |
| SHA1 | 96326067f17ba269736578a7f5eb87e2f4d19841 |
| SHA256 | acd8c450aaef84f4b8a9f57a652f705d17ca886fccf60b2e2297b39b7e9c15a3 |
| SHA512 | d8c60e6adfdf9164df27dd072f09ae726a6ac00ca663fba1e34ce05614eb0ff21845cc1914d8600dc987927339a9c0a5f4be8c681e206a0fdb28f36d790d6e31 |
| CRC32 | 3AE6C9F8 |
| Ssdeep | 12288:spIlZ+ys80yRTobBVz2s9pGHNu4B2UixC:sClwppytcz2NI4rW |
| Yara | 登录查看Yara规则 |
| 找不到该样本 提交漏报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x00425de8 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x00088c57 |
| 最低操作系统版本要求 | 6.0 |
| PDB路径 | C:\Users\qwe\code\c_code\wechatClone\Release\wechatClone.pdb |
| 编译时间 | 2024-04-25 03:48:51 |
| 载入哈希 | 1e3080b69dfa686af2b6e2840ab85a48 |
| 图标 |  |
| 图标精确哈希值 | d549e08d5724f25a04600650f686caa2 |
| 图标相似性哈希值 | cd28eee00afbf44d29ae798354f36182 |
版本信息
| LegalCopyright | |
|---|---|
| InternalName | |
| FileVersion | |
| CompanyName | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| OriginalFilename | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00049631 | 0x00049800 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.62 |
| .rdata | 0x0004b000 | 0x000142d6 | 0x00014400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.93 |
| .data | 0x00060000 | 0x00005354 | 0x00002400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 3.73 |
| .rsrc | 0x00066000 | 0x00013f48 | 0x00014000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.81 |
| .reloc | 0x0007a000 | 0x00004af0 | 0x00004c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 6.58 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| AFX_DIALOG_LAYOUT | 0x00077ac8 | 0x00000002 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | data |
| RT_CURSOR | 0x00078df8 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
| RT_CURSOR | 0x00078df8 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
| RT_CURSOR | 0x00078df8 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
| RT_CURSOR | 0x00078df8 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
| RT_CURSOR | 0x00078df8 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
| RT_CURSOR | 0x00078df8 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
| RT_CURSOR | 0x00078df8 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
| RT_CURSOR | 0x00078df8 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
| RT_CURSOR | 0x00078df8 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
| RT_CURSOR | 0x00078df8 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
| RT_CURSOR | 0x00078df8 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
| RT_CURSOR | 0x00078df8 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
| RT_CURSOR | 0x00078df8 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
| RT_CURSOR | 0x00078df8 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
| RT_CURSOR | 0x00078df8 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
| RT_CURSOR | 0x00078df8 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
| RT_BITMAP | 0x00079120 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x00079120 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_ICON | 0x00077118 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.72 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00077118 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.72 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00077118 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.72 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00077118 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.72 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00077118 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.72 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00077118 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.72 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00077118 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.72 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00077118 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.72 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00077118 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.72 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00077118 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.72 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00077118 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.72 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00077118 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.72 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00077118 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.72 | GLS_BINARY_LSB_FIRST |
| RT_DIALOG | 0x00079030 | 0x00000034 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.38 | data |
| RT_DIALOG | 0x00079030 | 0x00000034 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.38 | data |
| RT_DIALOG | 0x00079030 | 0x00000034 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.38 | data |
| RT_STRING | 0x00079b78 | 0x000001a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.05 | data |
| RT_STRING | 0x00079b78 | 0x000001a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.05 | data |
| RT_STRING | 0x00079b78 | 0x000001a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.05 | data |
| RT_STRING | 0x00079b78 | 0x000001a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.05 | data |
| RT_STRING | 0x00079b78 | 0x000001a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.05 | data |
| RT_STRING | 0x00079b78 | 0x000001a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.05 | data |
| RT_STRING | 0x00079b78 | 0x000001a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.05 | data |
| RT_STRING | 0x00079b78 | 0x000001a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.05 | data |
| RT_STRING | 0x00079b78 | 0x000001a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.05 | data |
| RT_STRING | 0x00079b78 | 0x000001a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.05 | data |
| RT_STRING | 0x00079b78 | 0x000001a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.05 | data |
| RT_STRING | 0x00079b78 | 0x000001a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.05 | data |
| RT_STRING | 0x00079b78 | 0x000001a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.05 | data |
| RT_GROUP_CURSOR | 0x00078f30 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x00078f30 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x00078f30 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x00078f30 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x00078f30 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x00078f30 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x00078f30 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x00078f30 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x00078f30 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x00078f30 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x00078f30 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x00078f30 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x00078f30 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x00078f30 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x00078f30 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
| RT_GROUP_ICON | 0x00077580 | 0x000000bc | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.07 | MS Windows icon resource - 13 icons, 48x48, 16 colors |
| RT_VERSION | 0x000777f0 | 0x000002d4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.60 | data |
| RT_MANIFEST | 0x00079d20 | 0x00000224 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.04 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
导入
库: KERNEL32.dll:
• 0x44b090 SetErrorMode
• 0x44b094 GetFileAttributesExW
• 0x44b098 GetFileSizeEx
• 0x44b09c GetUserDefaultLCID
• 0x44b0a0 UnhandledExceptionFilter
• 0x44b0a4 SetUnhandledExceptionFilter
• 0x44b0a8 TerminateProcess
• 0x44b0ac IsProcessorFeaturePresent
• 0x44b0b0 QueryPerformanceCounter
• 0x44b0b4 GetSystemTimeAsFileTime
• 0x44b0b8 InitializeSListHead
• 0x44b0bc IsDebuggerPresent
• 0x44b0c0 GetStartupInfoW
• 0x44b0c4 ReadConsoleW
• 0x44b0c8 SetFilePointerEx
• 0x44b0cc GetConsoleMode
• 0x44b0d0 GetConsoleOutputCP
• 0x44b0d4 SetStdHandle
• 0x44b0d8 SetEnvironmentVariableW
• 0x44b0dc FreeEnvironmentStringsW
• 0x44b0e0 GetEnvironmentStringsW
• 0x44b0e4 GetOEMCP
• 0x44b0e8 IsValidCodePage
• 0x44b0ec FindFirstFileExW
• 0x44b0f0 GetTimeZoneInformation
• 0x44b0f4 GetDriveTypeW
• 0x44b0f8 EnumSystemLocalesW
• 0x44b0fc IsValidLocale
• 0x44b100 LCMapStringW
• 0x44b104 GetFileType
• 0x44b108 GetStdHandle
• 0x44b10c HeapQueryInformation
• 0x44b110 GetCommandLineW
• 0x44b114 GetCommandLineA
• 0x44b118 GetModuleHandleExW
• 0x44b11c ExitProcess
• 0x44b120 RtlUnwind
• 0x44b124 LCMapStringEx
• 0x44b128 GetCPInfo
• 0x44b12c CompareStringEx
• 0x44b130 Sleep
• 0x44b134 QueryPerformanceFrequency
• 0x44b138 GetStringTypeW
• 0x44b13c RaiseException
• 0x44b140 OutputDebugStringW
• 0x44b144 WriteFile
• 0x44b148 ReadFile
• 0x44b14c GetVolumeInformationW
• 0x44b150 GetFullPathNameW
• 0x44b154 FlushFileBuffers
• 0x44b158 CreateFileW
• 0x44b15c DeleteFileW
• 0x44b160 GlobalFlags
• 0x44b164 GetUserDefaultUILanguage
• 0x44b168 GetSystemDefaultUILanguage
• 0x44b16c GetLocaleInfoW
• 0x44b170 GetCurrentDirectoryW
• 0x44b174 LocalReAlloc
• 0x44b178 LocalAlloc
• 0x44b17c GlobalHandle
• 0x44b180 GlobalReAlloc
• 0x44b184 TlsFree
• 0x44b188 TlsSetValue
• 0x44b18c TlsGetValue
• 0x44b190 TlsAlloc
• 0x44b194 InitializeCriticalSection
• 0x44b198 FileTimeToSystemTime
• 0x44b19c SystemTimeToTzSpecificLocalTime
• 0x44b1a0 FindNextFileW
• 0x44b1a4 FindFirstFileW
• 0x44b1a8 FindClose
• 0x44b1ac FileTimeToLocalFileTime
• 0x44b1b0 CompareStringW
• 0x44b1b4 GlobalFindAtomW
• 0x44b1b8 GetSystemDirectoryW
• 0x44b1bc EncodePointer
• 0x44b1c0 GetCurrentProcessId
• 0x44b1c4 GlobalAddAtomW
• 0x44b1c8 WritePrivateProfileStringW
• 0x44b1cc GetPrivateProfileStringW
• 0x44b1d0 GetPrivateProfileIntW
• 0x44b1d4 lstrcmpW
• 0x44b1d8 lstrcmpA
• 0x44b1dc GlobalDeleteAtom
• 0x44b1e0 LoadLibraryExW
• 0x44b1e4 GetVersionExW
• 0x44b1e8 GetCurrentThreadId
• 0x44b1ec GetCurrentThread
• 0x44b1f0 FormatMessageW
• 0x44b1f4 MulDiv
• 0x44b1f8 LocalFree
• 0x44b1fc GlobalFree
• 0x44b200 GlobalLock
• 0x44b204 GlobalUnlock
• 0x44b208 GlobalAlloc
• 0x44b20c FindResourceW
• 0x44b210 SizeofResource
• 0x44b214 LockResource
• 0x44b218 LoadResource
• 0x44b21c LoadLibraryW
• 0x44b220 GetModuleHandleW
• 0x44b224 GetModuleHandleA
• 0x44b228 GetModuleFileNameW
• 0x44b22c InitializeCriticalSectionAndSpinCount
• 0x44b230 SetLastError
• 0x44b234 OutputDebugStringA
• 0x44b238 GetACP
• 0x44b23c WideCharToMultiByte
• 0x44b240 MultiByteToWideChar
• 0x44b244 Process32NextW
• 0x44b248 QueryFullProcessImageNameW
• 0x44b24c Process32FirstW
• 0x44b250 CreateToolhelp32Snapshot
• 0x44b254 FreeLibrary
• 0x44b258 CloseHandle
• 0x44b25c DuplicateHandle
• 0x44b260 OpenProcess
• 0x44b264 GetCurrentProcess
• 0x44b268 WriteConsoleW
• 0x44b26c GetProcAddress
• 0x44b270 LoadLibraryA
• 0x44b274 GetProcessHeap
• 0x44b278 DeleteCriticalSection
• 0x44b27c DecodePointer
• 0x44b280 HeapAlloc
• 0x44b284 HeapReAlloc
• 0x44b288 GetLastError
• 0x44b28c HeapSize
• 0x44b290 InitializeCriticalSectionEx
• 0x44b294 LeaveCriticalSection
• 0x44b298 EnterCriticalSection
• 0x44b29c HeapFree
库: USER32.dll:
• 0x44b2e4 GetScrollPos
• 0x44b2e8 RedrawWindow
• 0x44b2ec SetForegroundWindow
• 0x44b2f0 GetForegroundWindow
• 0x44b2f4 UpdateWindow
• 0x44b2f8 SetMenu
• 0x44b2fc GetMenu
• 0x44b300 GetCapture
• 0x44b304 EndDeferWindowPos
• 0x44b308 DeferWindowPos
• 0x44b30c BeginDeferWindowPos
• 0x44b310 IsChild
• 0x44b314 IsMenu
• 0x44b318 CreateWindowExW
• 0x44b31c GetClassInfoExW
• 0x44b320 GetClassInfoW
• 0x44b324 RegisterClassW
• 0x44b328 CallWindowProcW
• 0x44b32c DefWindowProcW
• 0x44b330 GetMessageTime
• 0x44b334 GetMessagePos
• 0x44b338 RegisterWindowMessageW
• 0x44b33c GetSysColor
• 0x44b340 ScreenToClient
• 0x44b344 ClientToScreen
• 0x44b348 EndPaint
• 0x44b34c BeginPaint
• 0x44b350 ReleaseDC
• 0x44b354 GetDC
• 0x44b358 TabbedTextOutW
• 0x44b35c GrayStringW
• 0x44b360 UnregisterClassW
• 0x44b364 LoadIconW
• 0x44b368 SendMessageW
• 0x44b36c IsIconic
• 0x44b370 DrawTextExW
• 0x44b374 GetWindow
• 0x44b378 SetWindowLongW
• 0x44b37c GetWindowTextLengthW
• 0x44b380 GetWindowTextW
• 0x44b384 SetWindowTextW
• 0x44b388 SetFocus
• 0x44b38c GetDlgCtrlID
• 0x44b390 SetPropW
• 0x44b394 GetPropW
• 0x44b398 RemovePropW
• 0x44b39c GetWindowRect
• 0x44b3a0 AdjustWindowRectEx
• 0x44b3a4 MapWindowPoints
• 0x44b3a8 GetTopWindow
• 0x44b3ac CopyRect
• 0x44b3b0 PtInRect
• 0x44b3b4 GetClassLongW
• 0x44b3b8 GetClassNameW
• 0x44b3bc GetSystemMetrics
• 0x44b3c0 GetClientRect
• 0x44b3c4 DrawIcon
• 0x44b3c8 EnableWindow
• 0x44b3cc SendDlgItemMessageA
• 0x44b3d0 SetRectEmpty
• 0x44b3d4 OffsetRect
• 0x44b3d8 GetParent
• 0x44b3dc GetSubMenu
• 0x44b3e0 GetMenuItemID
• 0x44b3e4 GetMenuItemCount
• 0x44b3e8 PostMessageW
• 0x44b3ec PostQuitMessage
• 0x44b3f0 IsWindow
• 0x44b3f4 DestroyWindow
• 0x44b3f8 CreateDialogIndirectParamW
• 0x44b3fc EndDialog
• 0x44b400 GetDlgItem
• 0x44b404 GetNextDlgTabItem
• 0x44b408 GetActiveWindow
• 0x44b40c IsWindowEnabled
• 0x44b410 SetActiveWindow
• 0x44b414 GetWindowLongW
• 0x44b418 GetDesktopWindow
• 0x44b41c GetFocus
• 0x44b420 CheckMenuItem
• 0x44b424 WinHelpW
• 0x44b428 MonitorFromWindow
• 0x44b42c GetMonitorInfoW
• 0x44b430 GetSysColorBrush
• 0x44b434 LoadCursorW
• 0x44b438 RealChildWindowFromPoint
• 0x44b43c SetTimer
• 0x44b440 KillTimer
• 0x44b444 InvalidateRect
• 0x44b448 CharUpperW
• 0x44b44c DestroyMenu
• 0x44b450 DrawTextW
• 0x44b454 EnableMenuItem
• 0x44b458 SetMenuItemBitmaps
• 0x44b45c IsDialogMessageW
• 0x44b460 SetDlgItemInt
• 0x44b464 SetWindowPos
• 0x44b468 ShowWindow
• 0x44b46c UnhookWindowsHookEx
• 0x44b470 GetLastActivePopup
• 0x44b474 GetWindowThreadProcessId
• 0x44b478 MessageBoxW
• 0x44b47c SetCursor
• 0x44b480 CallNextHookEx
• 0x44b484 SetWindowsHookExW
• 0x44b488 GetCursorPos
• 0x44b48c ValidateRect
• 0x44b490 GetKeyState
• 0x44b494 IsWindowVisible
• 0x44b498 PeekMessageW
• 0x44b49c DispatchMessageW
• 0x44b4a0 TranslateMessage
• 0x44b4a4 GetMessageW
• 0x44b4a8 LoadBitmapW
• 0x44b4ac SetMenuItemInfoW
• 0x44b4b0 GetMenuCheckMarkDimensions
库: GDI32.dll:
• 0x44b02c GetClipBox
• 0x44b030 GetStockObject
• 0x44b034 PtVisible
• 0x44b038 RectVisible
• 0x44b03c RestoreDC
• 0x44b040 SaveDC
• 0x44b044 SelectObject
• 0x44b048 SetBkColor
• 0x44b04c SetMapMode
• 0x44b050 SetTextColor
• 0x44b054 GetObjectW
• 0x44b058 TextOutW
• 0x44b05c ExtTextOutW
• 0x44b060 SetViewportExtEx
• 0x44b064 SetViewportOrgEx
• 0x44b068 SetWindowExtEx
• 0x44b06c OffsetViewportOrgEx
• 0x44b070 ScaleViewportExtEx
• 0x44b074 ScaleWindowExtEx
• 0x44b078 Escape
• 0x44b07c DeleteObject
• 0x44b080 CreateBitmap
• 0x44b084 GetDeviceCaps
• 0x44b088 DeleteDC
库: ADVAPI32.dll:
• 0x44b000 RegEnumValueW
• 0x44b004 RegQueryValueW
• 0x44b008 RegEnumKeyW
• 0x44b00c RegSetValueExW
• 0x44b010 RegDeleteValueW
• 0x44b014 RegDeleteKeyW
• 0x44b018 RegCreateKeyExW
• 0x44b01c RegCloseKey
• 0x44b020 RegQueryValueExW
• 0x44b024 RegOpenKeyExW
库: SHELL32.dll:
• 0x44b2c8 ShellExecuteW
库: SHLWAPI.dll:
• 0x44b2d0 PathIsUNCW
• 0x44b2d4 PathStripToRootW
• 0x44b2d8 PathFindExtensionW
• 0x44b2dc PathFindFileNameW
库: ole32.dll:
• 0x44b4c8 CoTaskMemFree
• 0x44b4cc CoUninitialize
• 0x44b4d0 CoCreateGuid
• 0x44b4d4 CoCreateInstance
• 0x44b4d8 CoInitialize
库: OLEAUT32.dll:
• 0x44b2b0 VariantChangeType
• 0x44b2b4 VariantClear
• 0x44b2b8 VariantInit
• 0x44b2bc SysAllocString
• 0x44b2c0 SysFreeString
.text
`.rdata
@.data
.rsrc
@.reloc
9=<SF
9=HFF
t#=8GF
9=DFF
Ph8wE
tVj,j
j hL>A
WWWWh
t;VWHhHAF
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 23.15.196.139 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 23.15.196.139 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 17.024 seconds )
- 13.38 Suricata
- 1.652 NetworkAnalysis
- 1.15 Static
- 0.375 TargetInfo
- 0.367 peid
- 0.074 BehaviorAnalysis
- 0.012 AnalysisInfo
- 0.011 Strings
- 0.002 Memory
- 0.001 config_decoder
Signatures ( 1.44 seconds )
- 1.33 proprietary_url_bl
- 0.021 antiav_detectreg
- 0.008 infostealer_ftp
- 0.008 proprietary_domain_bl
- 0.006 antiav_detectfile
- 0.005 anomaly_persistence_autorun
- 0.005 infostealer_im
- 0.004 api_spamming
- 0.004 antianalysis_detectreg
- 0.004 geodo_banking_trojan
- 0.004 ransomware_extensions
- 0.004 ransomware_files
- 0.003 stealth_decoy_document
- 0.003 stealth_timeout
- 0.003 infostealer_bitcoin
- 0.003 infostealer_mail
- 0.003 network_http
- 0.002 tinba_behavior
- 0.002 antivm_vbox_files
- 0.002 disables_browser_warn
- 0.001 rat_nanocore
- 0.001 betabot_behavior
- 0.001 kibex_behavior
- 0.001 cerber_behavior
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 browser_security
- 0.001 modify_proxy
- 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
- 0.001 proprietary_bad_drop
- 0.001 network_cnc_http
- 0.001 stealth_modify_uac_prompt
Reporting ( 0.581 seconds )
- 0.572 ReportHTMLSummary
- 0.009 Malheur
| Task ID | 744448 |
|---|---|
| Mongo ID | 662f44b57e769a05bd3db35e |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号