比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2024-04-18 10:54:18 2024-04-18 10:56:34 136 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 WinLogs_Killer_x64.exe
文件大小 811761 字节
文件类型 PE32+ executable (GUI) x86-64, for MS Windows
MD5 1f5657b16b5b226e95f05ddb7483c564
SHA1 eca29821ad0d329d1492ede325435a94281806a4
SHA256 a5a7b44f8955d639551e5811a39a02cc168049c008394ce2af5a4d3e3e9ab5a4
SHA512 9062977b5817f6835bf509d6011693335bff803bbcb2b7f908acc7ad4924f90a5ac9cd9b547c7b763fdba964e46ac7bd7abd00e0732919a120fae4111f785560
CRC32 778F0C59
Ssdeep 24576:HAQoDefT6HesrQrSDZhyZ+aan+mMfqZaRfAm:HAcGHC2ZUZ+umWea+m
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
104.85.241.42 美国
143.244.51.207 美国
180.163.150.169 中国
180.163.151.38 中国
88.198.21.111 德国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
winscp.net A 88.198.21.111
winscp-static-746341.c.cdn77.org CNAME 1578389079.rsc.cdn77.org
A 89.187.187.14
A 143.244.51.201
A 89.187.187.11
A 143.244.51.207
A 89.187.187.20
www.googletagmanager.com A 180.163.150.169
pagead2.googlesyndication.com 未知 A 180.163.151.38
x1.i.lencr.org A 104.85.241.42
CNAME crl.root-x1.letsencrypt.org.edgekey.net
CNAME e8652.dscx.akamaiedge.net

摘要

登录查看详细行为信息

PE 信息

初始地址 0x140000000
入口地址 0x14001a53c
声明校验值 0x000c68bf
实际校验值 0x000cbf4b
最低操作系统版本要求 5.2
编译时间 2012-01-30 05:32:45
载入哈希 09965c276d620e5917bed399e0fe50ac
图标
图标精确哈希值 33bcfebe5086e6424e1ddb3be0d0e533
图标相似性哈希值 d1dc3a18b6b558afd1eb497640da7388

版本信息

CompiledScript
FileVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00091b6e 0x00091c00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.49
.rdata 0x00093000 0x000156ca 0x00015800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.93
.data 0x000a9000 0x0001cf88 0x00007800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2.20
.pdata 0x000c6000 0x00006edc 0x00007000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.79
text 0x000cd000 0x00001a31 0x00001c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE 5.55
data 0x000cf000 0x00004940 0x00004a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.29
.rsrc 0x000d4000 0x00009328 0x00009400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.54

覆盖

偏移量 0x000c5a00
大小 0x000008f1

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_ICON 0x000da6c0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK 5.81 GLS_BINARY_LSB_FIRST
RT_ICON 0x000da6c0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK 5.81 GLS_BINARY_LSB_FIRST
RT_ICON 0x000da6c0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK 5.81 GLS_BINARY_LSB_FIRST
RT_ICON 0x000da6c0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK 5.81 GLS_BINARY_LSB_FIRST
RT_ICON 0x000da6c0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK 5.81 GLS_BINARY_LSB_FIRST
RT_ICON 0x000da6c0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK 5.81 GLS_BINARY_LSB_FIRST
RT_ICON 0x000da6c0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK 5.81 GLS_BINARY_LSB_FIRST
RT_ICON 0x000da6c0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK 5.81 GLS_BINARY_LSB_FIRST
RT_ICON 0x000da6c0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK 5.81 GLS_BINARY_LSB_FIRST
RT_ICON 0x000da6c0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK 5.81 GLS_BINARY_LSB_FIRST
RT_ICON 0x000da6c0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK 5.81 GLS_BINARY_LSB_FIRST
RT_ICON 0x000da6c0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK 5.81 GLS_BINARY_LSB_FIRST
RT_MENU 0x000dab28 0x00000050 LANG_ENGLISH SUBLANG_ENGLISH_UK 2.68 data
RT_DIALOG 0x000dab78 0x000000fc LANG_ENGLISH SUBLANG_ENGLISH_UK 3.04 data
RT_STRING 0x000dccf0 0x00000158 LANG_ENGLISH SUBLANG_ENGLISH_US 3.09 data
RT_STRING 0x000dccf0 0x00000158 LANG_ENGLISH SUBLANG_ENGLISH_US 3.09 data
RT_STRING 0x000dccf0 0x00000158 LANG_ENGLISH SUBLANG_ENGLISH_US 3.09 data
RT_STRING 0x000dccf0 0x00000158 LANG_ENGLISH SUBLANG_ENGLISH_US 3.09 data
RT_STRING 0x000dccf0 0x00000158 LANG_ENGLISH SUBLANG_ENGLISH_US 3.09 data
RT_STRING 0x000dccf0 0x00000158 LANG_ENGLISH SUBLANG_ENGLISH_US 3.09 data
RT_STRING 0x000dccf0 0x00000158 LANG_ENGLISH SUBLANG_ENGLISH_US 3.09 data
RT_GROUP_ICON 0x000dcf00 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_UK 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x000dcf00 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_UK 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x000dcf00 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_UK 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x000dcf00 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_UK 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION 0x000dcf18 0x0000019c LANG_ENGLISH SUBLANG_ENGLISH_UK 3.28 data
RT_MANIFEST 0x000dd0b8 0x0000026c LANG_ENGLISH SUBLANG_ENGLISH_US 5.01 ASCII text, with CRLF line terminators

导入

库: WSOCK32.dll:
0x140093f58 __WSAFDIsSet
0x140093f60 setsockopt
0x140093f68 ntohs
0x140093f70 recvfrom
0x140093f78 sendto
0x140093f80 htons
0x140093f88 select
0x140093f90 listen
0x140093f98 WSAStartup
0x140093fa0 bind
0x140093fa8 closesocket
0x140093fb0 connect
0x140093fb8 socket
0x140093fc0 send
0x140093fc8 WSACleanup
0x140093fd0 ioctlsocket
0x140093fd8 accept
0x140093fe0 WSAGetLastError
0x140093fe8 inet_addr
0x140093ff0 gethostbyname
0x140093ff8 gethostname
0x140094000 recv
库: VERSION.dll:
0x140093ea0 VerQueryValueW
0x140093ea8 GetFileVersionInfoW
0x140093eb0 GetFileVersionInfoSizeW
库: WINMM.dll:
0x140093f38 timeGetTime
0x140093f40 waveOutSetVolume
0x140093f48 mciSendStringW
库: COMCTL32.dll:
0x140093118 ImageList_Remove
0x140093128 ImageList_BeginDrag
0x140093130 ImageList_DragEnter
0x140093138 ImageList_DragLeave
0x140093140 ImageList_EndDrag
0x140093148 ImageList_DragMove
0x140093150 ImageList_ReplaceIcon
0x140093158 ImageList_Create
0x140093160 InitCommonControlsEx
0x140093168 ImageList_Destroy
库: MPR.dll:
0x1400937d0 WNetCancelConnection2W
0x1400937d8 WNetGetConnectionW
0x1400937e0 WNetAddConnection2W
0x1400937e8 WNetUseConnectionW
库: WININET.dll:
0x140093ec0 InternetReadFile
0x140093ec8 InternetCloseHandle
0x140093ed0 InternetOpenW
0x140093ed8 InternetSetOptionW
0x140093ee0 InternetCrackUrlW
0x140093ee8 HttpQueryInfoW
0x140093ef0 InternetConnectW
0x140093ef8 HttpOpenRequestW
0x140093f00 HttpSendRequestW
0x140093f08 FtpOpenFileW
0x140093f10 FtpGetFileSize
0x140093f18 InternetOpenUrlW
0x140093f20 InternetQueryOptionW
库: PSAPI.DLL:
0x1400938c0 EnumProcesses
0x1400938c8 GetModuleBaseNameW
0x1400938d0 GetProcessMemoryInfo
0x1400938d8 EnumProcessModules
库: USERENV.dll:
0x140093e78 CreateEnvironmentBlock
0x140093e80 DestroyEnvironmentBlock
0x140093e88 UnloadUserProfile
0x140093e90 LoadUserProfileW
库: KERNEL32.dll:
0x1400932b0 HeapAlloc
0x1400932b8 Sleep
0x1400932c0 GetCurrentThreadId
0x1400932c8 RaiseException
0x1400932d0 MulDiv
0x1400932d8 GetVersionExW
0x1400932e0 GetSystemInfo
0x1400932e8 WideCharToMultiByte
0x1400932f0 lstrcpyW
0x1400932f8 MultiByteToWideChar
0x140093300 lstrlenW
0x140093308 lstrcmpiW
0x140093310 GetModuleHandleW
0x140093318 QueryPerformanceCounter
0x140093320 VirtualFreeEx
0x140093328 OpenProcess
0x140093330 VirtualAllocEx
0x140093338 WriteProcessMemory
0x140093340 ReadProcessMemory
0x140093348 CreateFileW
0x140093350 SetFilePointerEx
0x140093358 ReadFile
0x140093360 WriteFile
0x140093368 FlushFileBuffers
0x140093370 TerminateProcess
0x140093378 CreateToolhelp32Snapshot
0x140093380 Process32FirstW
0x140093388 Process32NextW
0x140093390 SetFileTime
0x140093398 GetFileAttributesW
0x1400933a0 FindFirstFileW
0x1400933a8 FindClose
0x1400933b0 DeleteFileW
0x1400933b8 FindNextFileW
0x1400933c0 MoveFileW
0x1400933c8 CopyFileW
0x1400933d0 CreateDirectoryW
0x1400933d8 RemoveDirectoryW
0x1400933e0 SetSystemPowerState
0x1400933f0 FindResourceW
0x1400933f8 LoadResource
0x140093400 GetProcessHeap
0x140093408 SizeofResource
0x140093410 EnumResourceNamesW
0x140093418 OutputDebugStringW
0x140093420 GetLocalTime
0x140093428 CompareStringW
0x140093430 DeleteCriticalSection
0x140093438 EnterCriticalSection
0x140093440 LeaveCriticalSection
0x140093450 GetStdHandle
0x140093458 CreatePipe
0x140093460 TerminateThread
0x140093468 GetTempPathW
0x140093470 GetTempFileNameW
0x140093478 VirtualFree
0x140093480 FormatMessageW
0x140093488 GetExitCodeProcess
0x140093490 SetErrorMode
0x140093498 GetPrivateProfileStringW
0x1400934c0 FileTimeToLocalFileTime
0x1400934c8 FileTimeToSystemTime
0x1400934d0 SystemTimeToFileTime
0x1400934d8 LocalFileTimeToFileTime
0x1400934e0 GetDriveTypeW
0x1400934e8 GetDiskFreeSpaceExW
0x1400934f0 GetDiskFreeSpaceW
0x1400934f8 GetVolumeInformationW
0x140093500 SetVolumeLabelW
0x140093508 CreateHardLinkW
0x140093510 DeviceIoControl
0x140093518 SetFileAttributesW
0x140093520 GetShortPathNameW
0x140093528 CreateEventW
0x140093530 SetEvent
0x140093538 GetEnvironmentVariableW
0x140093540 SetEnvironmentVariableW
0x140093548 GlobalLock
0x140093550 GlobalUnlock
0x140093558 GlobalAlloc
0x140093560 GetFileSize
0x140093568 GlobalFree
0x140093570 GlobalMemoryStatusEx
0x140093578 Beep
0x140093580 GetSystemDirectoryW
0x140093588 GetComputerNameW
0x140093590 GetWindowsDirectoryW
0x140093598 GetCurrentProcessId
0x1400935a0 GetCurrentThread
0x1400935a8 GetProcessIoCounters
0x1400935b0 CreateProcessW
0x1400935b8 SetPriorityClass
0x1400935c0 LoadLibraryW
0x1400935c8 VirtualAlloc
0x1400935d0 LoadLibraryExW
0x1400935d8 HeapFree
0x1400935e0 WaitForSingleObject
0x1400935e8 CreateThread
0x1400935f0 DuplicateHandle
0x1400935f8 GetLastError
0x140093600 CloseHandle
0x140093608 GetCurrentProcess
0x140093610 GetProcAddress
0x140093618 LoadLibraryA
0x140093620 FreeLibrary
0x140093628 GetModuleFileNameW
0x140093630 GetFullPathNameW
0x140093638 SetCurrentDirectoryW
0x140093640 IsDebuggerPresent
0x140093648 GetCurrentDirectoryW
0x140093650 GetSystemTimeAsFileTime
0x140093658 ResumeThread
0x140093660 GetDateFormatW
0x140093668 GetTimeFormatW
0x140093670 EncodePointer
0x140093678 DecodePointer
0x140093680 ExitProcess
0x140093688 ExitThread
0x140093690 GetCommandLineW
0x140093698 GetStartupInfoW
0x1400936a0 HeapSize
0x1400936a8 RtlUnwindEx
0x1400936b0 GetCPInfo
0x1400936b8 GetACP
0x1400936c0 GetOEMCP
0x1400936c8 IsValidCodePage
0x1400936d0 FlsGetValue
0x1400936d8 FlsSetValue
0x1400936e0 FlsFree
0x1400936e8 SetLastError
0x1400936f0 FlsAlloc
0x1400936f8 UnhandledExceptionFilter
0x140093708 RtlVirtualUnwind
0x140093710 RtlLookupFunctionEntry
0x140093718 RtlCaptureContext
0x140093720 RtlPcToFileHeader
0x140093728 GetStringTypeW
0x140093730 HeapSetInformation
0x140093738 GetVersion
0x140093740 HeapCreate
0x140093748 SetHandleCount
0x140093750 GetFileType
0x140093758 SetStdHandle
0x140093760 GetConsoleCP
0x140093768 GetConsoleMode
0x140093770 LCMapStringW
0x140093778 SetFilePointer
0x140093780 GetTimeZoneInformation
0x140093788 FreeEnvironmentStringsW
0x140093790 GetEnvironmentStringsW
0x140093798 GetTickCount
0x1400937a0 HeapReAlloc
0x1400937a8 WriteConsoleW
0x1400937b0 SetEndOfFile
0x1400937b8 LockResource
0x1400937c0 SetEnvironmentVariableA
库: USER32.dll:
0x140093960 IsCharUpperW
0x140093968 GetMenuStringW
0x140093970 GetSubMenu
0x140093978 GetCaretPos
0x140093980 IsZoomed
0x140093988 GetWindowLongW
0x140093990 MonitorFromPoint
0x140093998 GetMonitorInfoW
0x1400939a0 SetWindowLongW
0x1400939b0 FlashWindow
0x1400939b8 GetClassLongPtrW
0x1400939c0 TranslateAcceleratorW
0x1400939c8 IsDialogMessageW
0x1400939d0 GetSysColor
0x1400939d8 InflateRect
0x1400939e0 DrawFocusRect
0x1400939e8 DrawTextW
0x1400939f0 FrameRect
0x1400939f8 DrawFrameControl
0x140093a00 FillRect
0x140093a08 PtInRect
0x140093a10 DestroyAcceleratorTable
0x140093a18 CreateAcceleratorTableW
0x140093a20 SetCursor
0x140093a28 GetWindowDC
0x140093a30 GetSystemMetrics
0x140093a38 SetWindowLongPtrW
0x140093a40 GetActiveWindow
0x140093a48 CharNextW
0x140093a50 wsprintfW
0x140093a58 RedrawWindow
0x140093a60 DrawMenuBar
0x140093a68 DestroyMenu
0x140093a70 SetMenu
0x140093a78 GetWindowTextLengthW
0x140093a80 CreateMenu
0x140093a88 IsDlgButtonChecked
0x140093a90 DefDlgProcW
0x140093a98 ReleaseCapture
0x140093aa0 SetCapture
0x140093aa8 WindowFromPoint
0x140093ab0 LockWindowUpdate
0x140093ab8 DispatchMessageW
0x140093ac0 TranslateMessage
0x140093ac8 PeekMessageW
0x140093ad0 UnregisterHotKey
0x140093ad8 CharLowerBuffW
0x140093ae0 MonitorFromRect
0x140093ae8 LoadImageW
0x140093af0 CreateIconFromResourceEx
0x140093af8 mouse_event
0x140093b00 ExitWindowsEx
0x140093b08 SetActiveWindow
0x140093b10 FindWindowExW
0x140093b18 EnumThreadWindows
0x140093b20 SetMenuDefaultItem
0x140093b28 InsertMenuItemW
0x140093b30 IsCharLowerW
0x140093b38 TrackPopupMenuEx
0x140093b40 GetCursorPos
0x140093b48 DeleteMenu
0x140093b50 CheckMenuRadioItem
0x140093b58 GetMenuItemID
0x140093b60 GetMenuItemCount
0x140093b68 SetMenuItemInfoW
0x140093b70 GetMenuItemInfoW
0x140093b78 SetForegroundWindow
0x140093b80 IsIconic
0x140093b88 FindWindowW
0x140093b90 GetClipboardData
0x140093b98 keybd_event
0x140093ba0 SendInput
0x140093ba8 GetAsyncKeyState
0x140093bb0 SetKeyboardState
0x140093bb8 GetKeyboardState
0x140093bc0 GetKeyState
0x140093bc8 VkKeyScanW
0x140093bd0 LoadStringW
0x140093bd8 DialogBoxParamW
0x140093be0 MessageBeep
0x140093be8 EndDialog
0x140093bf0 SendDlgItemMessageW
0x140093bf8 GetDlgItem
0x140093c00 SetWindowTextW
0x140093c08 CopyRect
0x140093c10 ReleaseDC
0x140093c18 GetDC
0x140093c20 EndPaint
0x140093c28 BeginPaint
0x140093c30 GetClientRect
0x140093c38 GetMenu
0x140093c40 DestroyWindow
0x140093c48 EnumWindows
0x140093c50 GetDesktopWindow
0x140093c58 IsWindowEnabled
0x140093c60 IsWindowVisible
0x140093c68 EnableWindow
0x140093c70 InvalidateRect
0x140093c78 GetWindowLongPtrW
0x140093c80 GetWindowThreadProcessId
0x140093c88 AttachThreadInput
0x140093c90 GetFocus
0x140093c98 GetWindowTextW
0x140093ca0 ScreenToClient
0x140093ca8 SendMessageTimeoutW
0x140093cb0 EnumChildWindows
0x140093cb8 CharUpperBuffW
0x140093cc0 GetClassNameW
0x140093cc8 GetParent
0x140093cd0 GetDlgCtrlID
0x140093cd8 SendMessageW
0x140093ce0 MapVirtualKeyW
0x140093ce8 PostMessageW
0x140093cf0 GetWindowRect
0x140093cf8 SetUserObjectSecurity
0x140093d00 GetUserObjectSecurity
0x140093d08 CloseDesktop
0x140093d10 IsCharAlphaNumericW
0x140093d18 IsCharAlphaW
0x140093d20 GetKeyboardLayoutNameW
0x140093d28 ClientToScreen
0x140093d30 RegisterHotKey
0x140093d38 GetCursorInfo
0x140093d40 SetWindowPos
0x140093d48 CopyImage
0x140093d50 AdjustWindowRectEx
0x140093d58 SetRect
0x140093d60 SetClipboardData
0x140093d68 EmptyClipboard
0x140093d70 CountClipboardFormats
0x140093d78 IsMenu
0x140093d80 CloseClipboard
0x140093d88 CloseWindowStation
0x140093d90 OpenDesktopW
0x140093d98 SetProcessWindowStation
0x140093da0 GetProcessWindowStation
0x140093da8 OpenWindowStationW
0x140093db0 MessageBoxW
0x140093db8 DefWindowProcW
0x140093dc0 MoveWindow
0x140093dc8 SetFocus
0x140093dd0 PostQuitMessage
0x140093dd8 KillTimer
0x140093de0 CreatePopupMenu
0x140093de8 RegisterWindowMessageW
0x140093df0 SetTimer
0x140093df8 ShowWindow
0x140093e00 CreateWindowExW
0x140093e08 RegisterClassExW
0x140093e10 LoadIconW
0x140093e18 LoadCursorW
0x140093e20 GetSysColorBrush
0x140093e28 GetForegroundWindow
0x140093e30 MessageBoxA
0x140093e38 DestroyIcon
0x140093e48 OpenClipboard
0x140093e50 BlockInput
0x140093e58 SystemParametersInfoW
0x140093e60 GetMessageW
0x140093e68 IsWindow
库: GDI32.dll:
0x140093190 DeleteObject
0x140093198 AngleArc
0x1400931a0 GetTextExtentPoint32W
0x1400931a8 ExtCreatePen
0x1400931b0 StrokeAndFillPath
0x1400931b8 StrokePath
0x1400931c0 EndPath
0x1400931c8 SetPixel
0x1400931d0 CloseFigure
0x1400931d8 CreateCompatibleBitmap
0x1400931e0 CreateCompatibleDC
0x1400931e8 SelectObject
0x1400931f0 StretchBlt
0x1400931f8 GetDIBits
0x140093200 GetDeviceCaps
0x140093208 MoveToEx
0x140093210 Ellipse
0x140093218 PolyDraw
0x140093220 BeginPath
0x140093228 Rectangle
0x140093230 SetViewportOrgEx
0x140093238 GetObjectW
0x140093240 SetBkMode
0x140093248 RoundRect
0x140093250 SetBkColor
0x140093258 CreatePen
0x140093260 CreateSolidBrush
0x140093268 SetTextColor
0x140093270 CreateFontW
0x140093278 GetTextFaceW
0x140093280 GetStockObject
0x140093288 CreateDCW
0x140093290 GetPixel
0x140093298 DeleteDC
0x1400932a0 LineTo
库: COMDLG32.dll:
0x140093178 GetSaveFileNameW
0x140093180 GetOpenFileNameW
库: ADVAPI32.dll:
0x140093000 RegEnumValueW
0x140093008 RegDeleteValueW
0x140093010 RegDeleteKeyW
0x140093018 RegEnumKeyExW
0x140093020 RegSetValueExW
0x140093028 RegCreateKeyExW
0x140093030 GetUserNameW
0x140093038 RegConnectRegistryW
0x140093040 CloseServiceHandle
0x140093048 UnlockServiceDatabase
0x140093050 OpenThreadToken
0x140093058 OpenProcessToken
0x140093060 LookupPrivilegeValueW
0x140093068 DuplicateTokenEx
0x140093070 CreateProcessAsUserW
0x140093078 CreateProcessWithLogonW
0x140093088 InitializeAcl
0x140093090 GetLengthSid
0x140093098 CopySid
0x1400930a0 LogonUserW
0x1400930a8 GetTokenInformation
0x1400930b0 LockServiceDatabase
0x1400930c0 GetAclInformation
0x1400930c8 GetAce
0x1400930d0 AddAce
0x1400930e0 RegOpenKeyExW
0x1400930e8 RegQueryValueExW
0x1400930f0 AdjustTokenPrivileges
0x140093100 OpenSCManagerW
0x140093108 RegCloseKey
库: SHELL32.dll:
0x1400938e8 DragQueryPoint
0x1400938f0 ShellExecuteExW
0x1400938f8 SHGetFolderPathW
0x140093900 DragQueryFileW
0x140093908 SHEmptyRecycleBinW
0x140093910 SHBrowseForFolderW
0x140093918 SHFileOperationW
0x140093920 SHGetPathFromIDListW
0x140093928 SHGetDesktopFolder
0x140093930 SHGetMalloc
0x140093938 ExtractIconExW
0x140093940 Shell_NotifyIconW
0x140093948 ShellExecuteW
0x140093950 DragFinish
库: ole32.dll:
0x140094010 OleSetMenuDescriptor
0x140094018 MkParseDisplayName
0x140094020 OleSetContainedObject
0x140094028 CLSIDFromString
0x140094030 StringFromGUID2
0x140094038 CoInitialize
0x140094040 CoUninitialize
0x140094048 CoCreateInstance
0x140094050 CreateStreamOnHGlobal
0x140094058 CoTaskMemAlloc
0x140094060 CoTaskMemFree
0x140094068 ProgIDFromCLSID
0x140094070 OleInitialize
0x140094078 CreateBindCtx
0x140094080 CLSIDFromProgID
0x140094088 CoInitializeSecurity
0x140094090 CoCreateInstanceEx
0x140094098 CoSetProxyBlanket
0x1400940a0 OleUninitialize
0x1400940a8 IIDFromString
库: OLEAUT32.dll:
0x1400937f8 VarR8FromDec
0x140093800 VariantTimeToSystemTime
0x140093808 SysStringLen
0x140093810 VariantChangeType
0x140093818 VariantCopyInd
0x140093820 DispCallFunc
0x140093828 CreateStdDispatch
0x140093830 CreateDispTypeInfo
0x140093838 SysFreeString
0x140093840 SafeArrayGetVartype
0x140093848 SafeArrayDestroyData
0x140093850 SafeArrayUnaccessData
0x140093858 SafeArrayAccessData
0x140093860 VariantInit
0x140093868 VariantClear
0x140093870 VariantCopy
0x140093878 SysAllocString
0x140093880 SafeArrayCreateVector
0x140093890 OleLoadPicture
0x140093898 GetActiveObject
0x1400938a0 QueryPathOfRegTypeLib
0x1400938b0 SafeArrayAllocData
.text
`.rdata
@.data
.pdata
@text
data
@.rsrc
u?HcE
A fA9
没有防病毒引擎扫描信息!

进程树

WinLogs_Killer_x64.exe, PID: 2560, 上一级进程 PID: 2196
cmd.exe, PID: 2728, 上一级进程 PID: 2560
wevtutil.exe, PID: 2800, 上一级进程 PID: 2728
cmd.exe, PID: 2868, 上一级进程 PID: 2560
wevtutil.exe, PID: 2940, 上一级进程 PID: 2868
cmd.exe, PID: 3040, 上一级进程 PID: 2560
wevtutil.exe, PID: 2304, 上一级进程 PID: 3040
cmd.exe, PID: 2340, 上一级进程 PID: 2560
wevtutil.exe, PID: 2964, 上一级进程 PID: 2340
cmd.exe, PID: 2424, 上一级进程 PID: 2560
wevtutil.exe, PID: 2268, 上一级进程 PID: 2424
cmd.exe, PID: 2760, 上一级进程 PID: 2560
wevtutil.exe, PID: 168, 上一级进程 PID: 2760
cmd.exe, PID: 3020, 上一级进程 PID: 2560
wevtutil.exe, PID: 2908, 上一级进程 PID: 3020
cmd.exe, PID: 1428, 上一级进程 PID: 2560
wevtutil.exe, PID: 2672, 上一级进程 PID: 1428
cmd.exe, PID: 1924, 上一级进程 PID: 2560
wevtutil.exe, PID: 2996, 上一级进程 PID: 1924
cmd.exe, PID: 2892, 上一级进程 PID: 2560
wevtutil.exe, PID: 2936, 上一级进程 PID: 2892
cmd.exe, PID: 2508, 上一级进程 PID: 2560
wevtutil.exe, PID: 2920, 上一级进程 PID: 2508
cmd.exe, PID: 2352, 上一级进程 PID: 2560
wevtutil.exe, PID: 2216, 上一级进程 PID: 2352
cmd.exe, PID: 2980, 上一级进程 PID: 2560
wevtutil.exe, PID: 2768, 上一级进程 PID: 2980
cmd.exe, PID: 2824, 上一级进程 PID: 2560
wevtutil.exe, PID: 2784, 上一级进程 PID: 2824
cmd.exe, PID: 2752, 上一级进程 PID: 2560
wevtutil.exe, PID: 2708, 上一级进程 PID: 2752
cmd.exe, PID: 2020, 上一级进程 PID: 2560
wevtutil.exe, PID: 2852, 上一级进程 PID: 2020
cmd.exe, PID: 3036, 上一级进程 PID: 2560
wevtutil.exe, PID: 2164, 上一级进程 PID: 3036
cmd.exe, PID: 2764, 上一级进程 PID: 2560
wevtutil.exe, PID: 2848, 上一级进程 PID: 2764
cmd.exe, PID: 3032, 上一级进程 PID: 2560
wevtutil.exe, PID: 2248, 上一级进程 PID: 3032
cmd.exe, PID: 2864, 上一级进程 PID: 2560
wevtutil.exe, PID: 2136, 上一级进程 PID: 2864
cmd.exe, PID: 3100, 上一级进程 PID: 2560
wevtutil.exe, PID: 3172, 上一级进程 PID: 3100
cmd.exe, PID: 3240, 上一级进程 PID: 2560
wevtutil.exe, PID: 3312, 上一级进程 PID: 3240
cmd.exe, PID: 3380, 上一级进程 PID: 2560
wevtutil.exe, PID: 3460, 上一级进程 PID: 3380
cmd.exe, PID: 3536, 上一级进程 PID: 2560
wevtutil.exe, PID: 3608, 上一级进程 PID: 3536
cmd.exe, PID: 3676, 上一级进程 PID: 2560
wevtutil.exe, PID: 3748, 上一级进程 PID: 3676
cmd.exe, PID: 3816, 上一级进程 PID: 2560
wevtutil.exe, PID: 3888, 上一级进程 PID: 3816
cmd.exe, PID: 3956, 上一级进程 PID: 2560
wevtutil.exe, PID: 4040, 上一级进程 PID: 3956
cmd.exe, PID: 2056, 上一级进程 PID: 2560
wevtutil.exe, PID: 808, 上一级进程 PID: 2056
cmd.exe, PID: 3152, 上一级进程 PID: 2560
wevtutil.exe, PID: 3328, 上一级进程 PID: 3152
cmd.exe, PID: 3280, 上一级进程 PID: 2560
wevtutil.exe, PID: 3516, 上一级进程 PID: 3280
cmd.exe, PID: 3568, 上一级进程 PID: 2560
wevtutil.exe, PID: 3588, 上一级进程 PID: 3568
cmd.exe, PID: 3768, 上一级进程 PID: 2560
wevtutil.exe, PID: 3712, 上一级进程 PID: 3768
cmd.exe, PID: 3924, 上一级进程 PID: 2560
wevtutil.exe, PID: 3976, 上一级进程 PID: 3924
cmd.exe, PID: 3044, 上一级进程 PID: 2560
wevtutil.exe, PID: 3196, 上一级进程 PID: 3044
cmd.exe, PID: 3076, 上一级进程 PID: 2560
wevtutil.exe, PID: 3372, 上一级进程 PID: 3076
cmd.exe, PID: 3412, 上一级进程 PID: 2560
wevtutil.exe, PID: 3532, 上一级进程 PID: 3412
cmd.exe, PID: 3612, 上一级进程 PID: 2560
wevtutil.exe, PID: 3552, 上一级进程 PID: 3612
cmd.exe, PID: 3832, 上一级进程 PID: 2560
wevtutil.exe, PID: 916, 上一级进程 PID: 3832
cmd.exe, PID: 4036, 上一级进程 PID: 2560
wevtutil.exe, PID: 3928, 上一级进程 PID: 4036
cmd.exe, PID: 3212, 上一级进程 PID: 2560
wevtutil.exe, PID: 3104, 上一级进程 PID: 3212
cmd.exe, PID: 3672, 上一级进程 PID: 2560
wevtutil.exe, PID: 3592, 上一级进程 PID: 3672
cmd.exe, PID: 1064, 上一级进程 PID: 2560
wevtutil.exe, PID: 1664, 上一级进程 PID: 1064
cmd.exe, PID: 1864, 上一级进程 PID: 2560
wevtutil.exe, PID: 724, 上一级进程 PID: 1864
cmd.exe, PID: 3360, 上一级进程 PID: 2560
wevtutil.exe, PID: 3648, 上一级进程 PID: 3360
cmd.exe, PID: 524, 上一级进程 PID: 2560
wevtutil.exe, PID: 3728, 上一级进程 PID: 524
cmd.exe, PID: 4000, 上一级进程 PID: 2560
wevtutil.exe, PID: 3208, 上一级进程 PID: 4000
cmd.exe, PID: 2008, 上一级进程 PID: 2560
wevtutil.exe, PID: 2184, 上一级进程 PID: 2008
cmd.exe, PID: 3128, 上一级进程 PID: 2560
wevtutil.exe, PID: 3260, 上一级进程 PID: 3128
cmd.exe, PID: 3952, 上一级进程 PID: 2560
wevtutil.exe, PID: 3188, 上一级进程 PID: 3952
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
104.85.241.42 美国
143.244.51.207 美国
180.163.150.169 中国
180.163.151.38 中国
88.198.21.111 德国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 104.102.250.53 80
192.168.122.201 49273 104.85.241.42 x1.i.lencr.org 80
192.168.122.201 49274 104.85.241.42 x1.i.lencr.org 80
192.168.122.201 49275 104.85.241.42 x1.i.lencr.org 80
192.168.122.201 49276 104.85.241.42 x1.i.lencr.org 80
192.168.122.201 49277 104.85.241.42 x1.i.lencr.org 80
192.168.122.201 49278 104.85.241.42 x1.i.lencr.org 80
192.168.122.201 49266 143.244.51.207 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49267 143.244.51.207 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49268 143.244.51.207 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49269 143.244.51.207 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49270 143.244.51.207 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49272 143.244.51.207 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49279 143.244.51.207 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49280 143.244.51.207 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49281 143.244.51.207 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49282 143.244.51.207 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49283 143.244.51.207 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49265 180.163.150.169 www.googletagmanager.com 443
192.168.122.201 49271 180.163.151.38 pagead2.googlesyndication.com 443
192.168.122.201 49252 88.198.21.111 winscp.net 443
192.168.122.201 49262 88.198.21.111 winscp.net 80
192.168.122.201 49263 88.198.21.111 winscp.net 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49532 192.168.122.1 53
192.168.122.201 52179 192.168.122.1 53
192.168.122.201 52207 192.168.122.1 53
192.168.122.201 53125 192.168.122.1 53
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53
192.168.122.201 60465 192.168.122.1 53
192.168.122.201 61329 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53
192.168.122.201 65179 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
winscp.net A 88.198.21.111
winscp-static-746341.c.cdn77.org CNAME 1578389079.rsc.cdn77.org
A 89.187.187.14
A 143.244.51.201
A 89.187.187.11
A 143.244.51.207
A 89.187.187.20
www.googletagmanager.com A 180.163.150.169
pagead2.googlesyndication.com 未知 A 180.163.151.38
x1.i.lencr.org A 104.85.241.42
CNAME crl.root-x1.letsencrypt.org.edgekey.net
CNAME e8652.dscx.akamaiedge.net

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 104.102.250.53 80
192.168.122.201 49273 104.85.241.42 x1.i.lencr.org 80
192.168.122.201 49274 104.85.241.42 x1.i.lencr.org 80
192.168.122.201 49275 104.85.241.42 x1.i.lencr.org 80
192.168.122.201 49276 104.85.241.42 x1.i.lencr.org 80
192.168.122.201 49277 104.85.241.42 x1.i.lencr.org 80
192.168.122.201 49278 104.85.241.42 x1.i.lencr.org 80
192.168.122.201 49266 143.244.51.207 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49267 143.244.51.207 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49268 143.244.51.207 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49269 143.244.51.207 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49270 143.244.51.207 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49272 143.244.51.207 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49279 143.244.51.207 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49280 143.244.51.207 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49281 143.244.51.207 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49282 143.244.51.207 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49283 143.244.51.207 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49265 180.163.150.169 www.googletagmanager.com 443
192.168.122.201 49271 180.163.151.38 pagead2.googlesyndication.com 443
192.168.122.201 49252 88.198.21.111 winscp.net 443
192.168.122.201 49262 88.198.21.111 winscp.net 80
192.168.122.201 49263 88.198.21.111 winscp.net 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49532 192.168.122.1 53
192.168.122.201 52179 192.168.122.1 53
192.168.122.201 52207 192.168.122.1 53
192.168.122.201 53125 192.168.122.1 53
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53
192.168.122.201 60465 192.168.122.1 53
192.168.122.201 61329 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53
192.168.122.201 65179 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache
URL专业沙箱检测 -> http://winscp.net/eng/upgrade.php?v=5.7.3.5438&lang=0804&isinstalled=1&beta=0&to=5.13.4&utm_source=winscp&utm_medium=app&utm_campaign=5.7.3 
GET /eng/upgrade.php?v=5.7.3.5438&lang=0804&isinstalled=1&beta=0&to=5.13.4&utm_source=winscp&utm_medium=app&utm_campaign=5.7.3 HTTP/1.1
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: winscp.net
Connection: Keep-Alive
URL专业沙箱检测 -> http://x1.i.lencr.org/ 
GET / HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: x1.i.lencr.org

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2024-04-18 10:56:26.305035+0800 192.168.122.201 49266 143.244.51.207 443 TLS 1.2 C=US, O=Let's Encrypt, CN=R3 CN=www.cdn77.com c8:9d:13:b0:db:68:50:cf:32:b1:d9:54:1f:a1:a3:eb:0c:9e:d1:b5
2024-04-18 10:56:26.312855+0800 192.168.122.201 49267 143.244.51.207 443 TLS 1.2 C=US, O=Let's Encrypt, CN=R3 CN=www.cdn77.com c8:9d:13:b0:db:68:50:cf:32:b1:d9:54:1f:a1:a3:eb:0c:9e:d1:b5
2024-04-18 10:56:04.427757+0800 192.168.122.201 49252 88.198.21.111 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL TLS RSA CA G1 CN=winscp.net 32:25:23:2b:47:bb:dc:4b:8a:cf:72:73:c6:0f:2b:fd:81:5d:72:e3
2024-04-18 10:56:26.314188+0800 192.168.122.201 49270 143.244.51.207 443 TLS 1.2 C=US, O=Let's Encrypt, CN=R3 CN=www.cdn77.com c8:9d:13:b0:db:68:50:cf:32:b1:d9:54:1f:a1:a3:eb:0c:9e:d1:b5
2024-04-18 10:56:26.304158+0800 192.168.122.201 49272 143.244.51.207 443 TLS 1.2 C=US, O=Let's Encrypt, CN=R3 CN=www.cdn77.com c8:9d:13:b0:db:68:50:cf:32:b1:d9:54:1f:a1:a3:eb:0c:9e:d1:b5
2024-04-18 10:56:26.091822+0800 192.168.122.201 49271 180.163.151.38 443 TLS 1.2 C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=*.g.doubleclick.net 1b:fa:17:60:e2:34:d4:fa:d1:13:08:09:6e:8f:ed:e7:a8:8c:6e:7a
2024-04-18 10:56:26.054071+0800 192.168.122.201 49265 180.163.150.169 443 TLS 1.2 C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=*.google-analytics.com 1e:33:2e:4b:c3:51:05:b7:73:dc:21:bf:3e:02:b3:16:d8:0b:ab:bb
2024-04-18 10:56:25.310295+0800 192.168.122.201 49263 88.198.21.111 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL TLS RSA CA G1 CN=winscp.net 32:25:23:2b:47:bb:dc:4b:8a:cf:72:73:c6:0f:2b:fd:81:5d:72:e3
2024-04-18 10:56:26.321961+0800 192.168.122.201 49269 143.244.51.207 443 TLS 1.2 C=US, O=Let's Encrypt, CN=R3 CN=www.cdn77.com c8:9d:13:b0:db:68:50:cf:32:b1:d9:54:1f:a1:a3:eb:0c:9e:d1:b5
2024-04-18 10:56:26.326912+0800 192.168.122.201 49268 143.244.51.207 443 TLS 1.2 C=US, O=Let's Encrypt, CN=R3 CN=www.cdn77.com c8:9d:13:b0:db:68:50:cf:32:b1:d9:54:1f:a1:a3:eb:0c:9e:d1:b5

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 32.123 seconds )

  • 15.03 NetworkAnalysis
  • 11.421 Suricata
  • 2.202 AnalysisInfo
  • 1.704 BehaviorAnalysis
  • 0.997 Static
  • 0.416 TargetInfo
  • 0.336 peid
  • 0.011 Strings
  • 0.004 Memory
  • 0.002 config_decoder

Signatures ( 42.172 seconds )

  • 40.145 network_http
  • 1.442 proprietary_url_bl
  • 0.083 api_spamming
  • 0.062 stealth_decoy_document
  • 0.03 mimics_filetime
  • 0.029 reads_self
  • 0.026 virus
  • 0.026 antiav_detectreg
  • 0.024 stealth_file
  • 0.024 antivm_generic_disk
  • 0.021 bootkit
  • 0.021 hancitor_behavior
  • 0.017 proprietary_domain_bl
  • 0.011 antivm_generic_scsi
  • 0.011 kovter_behavior
  • 0.01 antiemu_wine_func
  • 0.01 infostealer_browser_password
  • 0.01 stealth_timeout
  • 0.01 infostealer_ftp
  • 0.008 injection_createremotethread
  • 0.006 anomaly_persistence_autorun
  • 0.006 shifu_behavior
  • 0.006 injection_runpe
  • 0.006 antiav_detectfile
  • 0.006 infostealer_im
  • 0.005 antivm_vbox_libs
  • 0.005 proprietary_anomaly_massive_file_ops
  • 0.005 antidbg_windows
  • 0.005 antianalysis_detectreg
  • 0.005 geodo_banking_trojan
  • 0.004 antiav_avast_libs
  • 0.004 antisandbox_sunbelt_libs
  • 0.004 exec_crash
  • 0.004 infostealer_bitcoin
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 antivm_generic_services
  • 0.003 antisandbox_sboxie_libs
  • 0.003 antiav_bitdefender_libs
  • 0.003 anormaly_invoke_kills
  • 0.003 infostealer_mail
  • 0.003 network_torgateway
  • 0.002 proprietary_anomaly_terminated_process
  • 0.002 tinba_behavior
  • 0.002 proprietary_anomaly_write_exe_and_obsfucate_extension
  • 0.002 proprietary_anomaly_write_exe_and_dll_under_winroot_run
  • 0.002 proprietary_malicious_write_executeable_under_temp_to_regrun
  • 0.002 injection_explorer
  • 0.002 stealth_network
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 dropper
  • 0.001 powershell_command
  • 0.001 hawkeye_behavior
  • 0.001 rat_nanocore
  • 0.001 upatre_behavior
  • 0.001 stealth_hidden_window
  • 0.001 infostealer_browser
  • 0.001 rat_luminosity
  • 0.001 antivm_vmware_libs
  • 0.001 proprietary_anomaly_heavy_create_suspended
  • 0.001 bcdedit_command
  • 0.001 antivm_vbox_window
  • 0.001 browser_needed
  • 0.001 betabot_behavior
  • 0.001 dead_link
  • 0.001 debugs_self
  • 0.001 deletes_shadow_copies
  • 0.001 kibex_behavior
  • 0.001 cerber_behavior
  • 0.001 h1n1_behavior
  • 0.001 antisandbox_script_timer
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 darkcomet_regkeys
  • 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
  • 0.001 proprietary_anomaly_commands
  • 0.001 proprietary_bad_drop
  • 0.001 network_cnc_http
  • 0.001 recon_fingerprint
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.585 seconds )

  • 0.582 ReportHTMLSummary
  • 0.003 Malheur
Task ID 744072
Mongo ID 66208c607e769a7c1a16e762
Cuckoo release 1.4-Maldun