恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-shaapp02-1	2024-04-25 22:23:38	2024-04-25 22:28:10	272 秒

魔盾分数

10.0

危险的

文件详细信息

文件名	uninst.exe
文件大小	2362304 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	6f9d9bb100cab5863273bfdd48b87d16
SHA1	5ba6e3fdb1e7270a35c69fcb5f6d6976670ab53c
SHA256	2dfb55755bf517417be6779f2339d66736a779f59ab8c9a01878e3c53c212bec
SHA512	1ff2de78993763d7394a4bed9f582d0d733b5128e8c039c12a857277982fe5f1eddd2893fed9425a8d087b3911c2bc1329eee04f5a027d37c08bec871c42114d
CRC32	665EE98A
Ssdeep	49152:6CPIauI2iFHrQ66gbilgcrySCKmVlmDe0TLRvzS:6Cg/I2GB9bizrdmVlm7tS
Yara	登录查看Yara规则
	找不到该样本提交误报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址	0x00400000
入口地址	0x004030de
声明校验值	0x00000000
实际校验值	0x0024d7d3
最低操作系统版本要求	4.0
编译时间	2015-12-11 15:12:34
载入哈希	5e27740d9754d3decf77cb65d4f31c5f

版本信息

LegalCopyright
FileVersion
CompanyName
LegalTrademarks
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x00005a97	0x00005c00	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	6.45
.rdata	0x00007000	0x0000115e	0x00001200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	5.14
.data	0x00009000	0x0003e038	0x00000600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	4.04
.ndata	0x00048000	0x0004a000	0x00000000	IMAGE_SCN_CNT_UNINITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	0.00
.rsrc	0x00092000	0x0004f000	0x0004ea00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	6.05

覆盖

偏移量	0x0022dbc0
大小	0x00013000

导入

库: KERNEL32.dll:

• 0x407064 SetFileAttributesA

• 0x407068 GetShortPathNameA

• 0x40706c GetFullPathNameA

• 0x407070 MoveFileA

• 0x407074 SetCurrentDirectoryA

• 0x407078 GetFileAttributesA

• 0x40707c GetLastError

• 0x407080 CompareFileTime

• 0x407084 SearchPathA

• 0x407088 Sleep

• 0x40708c GetTickCount

• 0x407090 GetFileSize

• 0x407094 GetModuleFileNameA

• 0x407098 GetCurrentProcess

• 0x40709c CopyFileA

• 0x4070a0 ExitProcess

• 0x4070a4 CreateDirectoryA

• 0x4070a8 lstrcmpiA

• 0x4070ac GetCommandLineA

• 0x4070b0 SetErrorMode

• 0x4070b4 lstrcpynA

• 0x4070b8 GetDiskFreeSpaceA

• 0x4070bc GlobalUnlock

• 0x4070c0 GlobalLock

• 0x4070c4 CreateThread

• 0x4070c8 CreateProcessA

• 0x4070cc RemoveDirectoryA

• 0x4070d0 CreateFileA

• 0x4070d4 GetTempFileNameA

• 0x4070d8 lstrlenA

• 0x4070dc lstrcatA

• 0x4070e0 GetSystemDirectoryA

• 0x4070e4 GetVersion

• 0x4070e8 LoadLibraryA

• 0x4070ec SetFileTime

• 0x4070f0 CloseHandle

• 0x4070f4 GlobalFree

• 0x4070f8 lstrcmpA

• 0x4070fc ExpandEnvironmentStringsA

• 0x407100 GetExitCodeProcess

• 0x407104 GlobalAlloc

• 0x407108 WaitForSingleObject

• 0x40710c GetWindowsDirectoryA

• 0x407110 GetTempPathA

• 0x407114 GetProcAddress

• 0x407118 FindFirstFileA

• 0x40711c FindNextFileA

• 0x407120 DeleteFileA

• 0x407124 SetFilePointer

• 0x407128 ReadFile

• 0x40712c FindClose

• 0x407130 GetPrivateProfileStringA

• 0x407134 WritePrivateProfileStringA

• 0x407138 WriteFile

• 0x40713c MulDiv

• 0x407140 LoadLibraryExA

• 0x407144 GetModuleHandleA

• 0x407148 MultiByteToWideChar

• 0x40714c FreeLibrary

库: USER32.dll:

• 0x407170 GetWindowRect

• 0x407174 EnableMenuItem

• 0x407178 GetSystemMenu

• 0x40717c ScreenToClient

• 0x407180 SetClassLongA

• 0x407184 IsWindowEnabled

• 0x407188 SetWindowPos

• 0x40718c GetSysColor

• 0x407190 GetWindowLongA

• 0x407194 SetCursor

• 0x407198 LoadCursorA

• 0x40719c CheckDlgButton

• 0x4071a0 GetMessagePos

• 0x4071a4 LoadBitmapA

• 0x4071a8 CallWindowProcA

• 0x4071ac IsWindowVisible

• 0x4071b0 CloseClipboard

• 0x4071b4 SetForegroundWindow

• 0x4071b8 PostQuitMessage

• 0x4071bc RegisterClassA

• 0x4071c0 EndDialog

• 0x4071c4 AppendMenuA

• 0x4071c8 CreatePopupMenu

• 0x4071cc GetSystemMetrics

• 0x4071d0 SetDlgItemTextA

• 0x4071d4 GetDlgItemTextA

• 0x4071d8 MessageBoxIndirectA

• 0x4071dc CharPrevA

• 0x4071e0 DispatchMessageA

• 0x4071e4 PeekMessageA

• 0x4071e8 EnableWindow

• 0x4071ec InvalidateRect

• 0x4071f0 SendMessageA

• 0x4071f4 DefWindowProcA

• 0x4071f8 BeginPaint

• 0x4071fc GetClientRect

• 0x407200 FillRect

• 0x407204 DrawTextA

• 0x407208 EndPaint

• 0x40720c SystemParametersInfoA

• 0x407210 CreateWindowExA

• 0x407214 GetClassInfoA

• 0x407218 DialogBoxParamA

• 0x40721c CharNextA

• 0x407220 ExitWindowsEx

• 0x407224 DestroyWindow

• 0x407228 OpenClipboard

• 0x40722c TrackPopupMenu

• 0x407230 SendMessageTimeoutA

• 0x407234 GetDC

• 0x407238 LoadImageA

• 0x40723c GetDlgItem

• 0x407240 FindWindowExA

• 0x407244 IsWindow

• 0x407248 SetClipboardData

• 0x40724c SetWindowLongA

• 0x407250 EmptyClipboard

• 0x407254 SetTimer

• 0x407258 CreateDialogParamA

• 0x40725c wsprintfA

• 0x407260 ShowWindow

• 0x407264 SetWindowTextA

库: GDI32.dll:

• 0x407040 SelectObject

• 0x407044 SetBkMode

• 0x407048 CreateFontIndirectA

• 0x40704c SetTextColor

• 0x407050 DeleteObject

• 0x407054 GetDeviceCaps

• 0x407058 CreateBrushIndirect

• 0x40705c SetBkColor

库: SHELL32.dll:

• 0x407154 SHGetSpecialFolderLocation

• 0x407158 SHGetPathFromIDListA

• 0x40715c SHBrowseForFolderA

• 0x407160 SHGetFileInfoA

• 0x407164 ShellExecuteA

• 0x407168 SHFileOperationA

库: ADVAPI32.dll:

• 0x407000 RegDeleteValueA

• 0x407004 SetFileSecurityA

• 0x407008 RegOpenKeyExA

• 0x40700c RegDeleteKeyA

• 0x407010 RegEnumValueA

• 0x407014 RegCloseKey

• 0x407018 RegCreateKeyExA

• 0x40701c RegSetValueExA

• 0x407020 RegQueryValueExA

• 0x407024 RegEnumKeyA

库: COMCTL32.dll:

• 0x40702c ImageList_Create

• 0x407030 ImageList_Destroy

• 0x407034 None

• 0x407038 ImageList_AddMasked

库: ole32.dll:

• 0x40726c OleUninitialize

• 0x407270 OleInitialize

• 0x407274 CoTaskMemFree

• 0x407278 CoCreateInstance

.text
.rdata
.data
.ndata
.rsrc
;5loD
;5loD
 s495loD
;5loD
v#VhQ+@
j@Vh`oD
ih19@
9=loD
;=loD
9=loD
uUh4s@
>h4s@
@PWShDs@
RichEdit
RichEdit20A
RichEd32
RichEd20
.DEFAULT\Control Panel\International
Control Panel\Desktop\ResourceLocale
Software\Microsoft\Windows\CurrentVersion
\Microsoft\Internet Explorer\Quick Launch
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
ReadFile
WriteFile
GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA
lstrcmpA
lstrcmpiA
CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
LoadLibraryA
KERNEL32.dll
EndPaint
DrawTextA
FillRect
GetClientRect
BeginPaint
DefWindowProcA
SendMessageA
InvalidateRect
EnableWindow
GetDC
LoadImageA
SetWindowLongA
GetDlgItem
IsWindow
FindWindowExA
SendMessageTimeoutA
wsprintfA
ShowWindow
SetForegroundWindow
PostQuitMessage
SetWindowTextA
SetTimer
CreateDialogParamA
DestroyWindow
ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
USER32.dll
SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor
GDI32.dll
SHFileOperationA
ShellExecuteA
SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHELL32.dll
RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
SetFileSecurityA
ADVAPI32.dll
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
COMCTL32.dll
CoCreateInstance
OleUninitialize
OleInitialize
CoTaskMemFree
ole32.dll
verifying installer: %d%%
http://nsis.sf.net/NSIS_Error
Error launching installer
... %d%%
SeShutdownPrivilege
\Temp
NSIS Error
Error writing temporary file. Make sure your temp folder is valid.
%u.%u%s%s
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VERSION
SHGetFolderPathA
SHFOLDER
SHAutoComplete
SHLWAPI
SHELL32
InitiateShutdownA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteKeyExA
ADVAPI32
GetUserDefaultUILanguage
MoveFileExA
GetDiskFreeSpaceExA
SetDefaultDllDirectories
KERNEL32
*?|<>/":
%s%s.dll

没有防病毒引擎扫描信息!

进程树

uninst.exe id: 2572
taskhost.exe id: 1276
dwm.exe id: 1456
explorer.exe id: 1564
- wscript.exe id: 1916
iexplore.exe id: 2008
- iexplore.exe id: 1808
WINWORD.EXE id: 2024
taskkill.exe id: 2936
AcroRd32.exe id: 2040
EXCEL.EXE id: 860
POWERPNT.EXE id: 1096
IMECMNT.EXE id: 2184
taskhost.exe id: 2468
- WinSAT.exe id: 2756
WerFault.exe id: 2524

uninst.exe, PID: 2572, 上一级进程 PID: 2196

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

taskhost.exe, PID: 1276, 上一级进程 PID: 424

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

dwm.exe, PID: 1456, 上一级进程 PID: 760

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

explorer.exe, PID: 1564, 上一级进程 PID: 1428

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

wscript.exe, PID: 1916, 上一级进程 PID: 1564

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

iexplore.exe, PID: 2008, 上一级进程 PID: 1996

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

WINWORD.EXE, PID: 2024, 上一级进程 PID: 2016

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

taskkill.exe, PID: 2936, 上一级进程 PID: 2964

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

AcroRd32.exe, PID: 2040, 上一级进程 PID: 2032

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

EXCEL.EXE, PID: 860, 上一级进程 PID: 252

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

POWERPNT.EXE, PID: 1096, 上一级进程 PID: 832

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

iexplore.exe, PID: 1808, 上一级进程 PID: 2008

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

IMECMNT.EXE, PID: 2184, 上一级进程 PID: 532

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

taskhost.exe, PID: 2468, 上一级进程 PID: 424

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

WinSAT.exe, PID: 2756, 上一级进程 PID: 2468

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

WerFault.exe, PID: 2524, 上一级进程 PID: 2528

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Protocol	SID	Signature	Category
2024-04-25 22:25:10.884815+0800	192.168.122.201	49199	37.230.104.89	443	TCP	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
2024-04-25 22:25:10.884815+0800	192.168.122.201	49199	37.230.104.89	443	TCP	2230015	SURICATA TLS invalid record version	Generic Protocol Command Decode
2024-04-25 22:25:10.885041+0800	37.230.104.89	443	192.168.122.201	49199	TCP	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
2024-04-25 22:25:10.885041+0800	37.230.104.89	443	192.168.122.201	49199	TCP	2230015	SURICATA TLS invalid record version	Generic Protocol Command Decode
2024-04-25 22:25:11.580798+0800	192.168.122.201	49200	37.230.104.89	443	TCP	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
2024-04-25 22:25:11.580798+0800	192.168.122.201	49200	37.230.104.89	443	TCP	2230015	SURICATA TLS invalid record version	Generic Protocol Command Decode
2024-04-25 22:25:11.793398+0800	37.230.104.89	443	192.168.122.201	49200	TCP	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
2024-04-25 22:25:11.793398+0800	37.230.104.89	443	192.168.122.201	49200	TCP	2230015	SURICATA TLS invalid record version	Generic Protocol Command Decode
2024-04-25 22:24:48.184507+0800	34.174.61.199	80	192.168.122.201	49191	TCP	2018141	ET TROJAN Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz	A Network Trojan was detected
2024-04-25 22:25:10.454677+0800	192.168.122.201	49198	37.230.104.89	443	TCP	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
2024-04-25 22:25:10.454677+0800	192.168.122.201	49198	37.230.104.89	443	TCP	2230015	SURICATA TLS invalid record version	Generic Protocol Command Decode
2024-04-25 22:24:47.393025+0800	104.198.2.251	80	192.168.122.201	49190	TCP	2018141	ET TROJAN Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz	A Network Trojan was detected
2024-04-25 22:24:51.405738+0800	34.174.61.199	80	192.168.122.201	49193	TCP	2018141	ET TROJAN Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz	A Network Trojan was detected
2024-04-25 22:25:44.314553+0800	192.168.122.201	49212	37.230.104.89	443	TCP	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
2024-04-25 22:25:44.314553+0800	192.168.122.201	49212	37.230.104.89	443	TCP	2230015	SURICATA TLS invalid record version	Generic Protocol Command Decode
2024-04-25 22:25:10.457401+0800	37.230.104.89	443	192.168.122.201	49198	TCP	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
2024-04-25 22:25:10.457401+0800	37.230.104.89	443	192.168.122.201	49198	TCP	2230015	SURICATA TLS invalid record version	Generic Protocol Command Decode
2024-04-25 22:25:44.316168+0800	37.230.104.89	443	192.168.122.201	49212	TCP	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
2024-04-25 22:25:44.316168+0800	37.230.104.89	443	192.168.122.201	49212	TCP	2230015	SURICATA TLS invalid record version	Generic Protocol Command Decode
2024-04-25 22:25:43.904248+0800	192.168.122.201	49211	37.230.104.89	443	TCP	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
2024-04-25 22:25:43.904248+0800	192.168.122.201	49211	37.230.104.89	443	TCP	2230015	SURICATA TLS invalid record version	Generic Protocol Command Decode
2024-04-25 22:25:43.905492+0800	37.230.104.89	443	192.168.122.201	49211	TCP	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
2024-04-25 22:25:43.905492+0800	37.230.104.89	443	192.168.122.201	49211	TCP	2230015	SURICATA TLS invalid record version	Generic Protocol Command Decode

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 38.589 seconds )

21.63 BehaviorAnalysis
11.17 Suricata
4.727 Static
0.688 TargetInfo
0.347 peid
0.011 Strings
0.01 AnalysisInfo
0.004 config_decoder
0.002 Memory

Signatures ( 10.86 seconds )

2.791 antiav_detectreg
0.895 infostealer_ftp
0.872 api_spamming
0.818 stealth_decoy_document
0.703 stealth_timeout
0.512 antianalysis_detectreg
0.485 infostealer_im
0.336 infostealer_mail
0.293 antivm_generic_scsi
0.149 darkcomet_regkeys
0.142 kibex_behavior
0.14 mimics_filetime
0.135 antivm_xen_keys
0.134 antivm_parallels_keys
0.126 recon_fingerprint
0.117 virus
0.114 stealth_file
0.112 reads_self
0.106 antivm_generic_disk
0.092 bootkit
0.092 ursnif_behavior
0.091 betabot_behavior
0.088 antivm_generic_diskreg
0.088 geodo_banking_trojan
0.081 antivm_generic_services
0.077 antisandbox_productid
0.069 hancitor_behavior
0.067 cryptowall_behavior
0.05 proprietary_anomaly_massive_file_ops
0.049 injection_runpe
0.045 antivm_vmware_keys
0.045 packer_armadillo_regkey
0.044 antivm_vbox_keys
0.043 antivm_generic_bios
0.043 antivm_hyperv_keys
0.043 antivm_vbox_acpi
0.043 antivm_vpc_keys
0.043 proprietary_anomaly_invoke_vb_vba
0.043 recon_programs
0.042 antivm_xen_keys
0.041 antivm_generic_system
0.04 antivm_generic_cpu
0.03 injection_explorer
0.028 kovter_behavior
0.027 anomaly_persistence_autorun
0.021 rat_luminosity
0.019 h1n1_behavior
0.018 antiemu_wine_func
0.018 proprietary_malicious_write_executeable_under_temp_to_regrun
0.017 infostealer_browser_password
0.016 proprietary_anomaly_write_exe_and_obsfucate_extension
0.013 proprietary_anomaly_write_exe_and_dll_under_winroot_run
0.013 antiav_detectfile
0.011 proprietary_anomaly_terminated_process
0.01 hawkeye_behavior
0.01 antidbg_windows
0.01 anormaly_invoke_kills
0.01 ispy_behavior
0.01 proprietary_domain_bl
0.01 proprietary_url_bl
0.009 chimera_behavior
0.009 infostealer_bitcoin
0.008 antivm_vbox_libs
0.007 banker_prinimalka
0.007 anomaly_persistence_bootexecute
0.007 anomaly_reset_winsock
0.007 sets_autoconfig_url
0.007 creates_largekey
0.007 exec_crash
0.007 disables_browser_warn
0.006 antiav_avast_libs
0.006 dridex_behavior
0.006 antisandbox_sunbelt_libs
0.006 vawtrak_behavior
0.006 antiemu_wine_reg
0.006 ransomware_extensions
0.005 ransomware_dmalocker
0.005 antivm_vbox_files
0.005 ransomware_files
0.004 gootkit_behavior
0.004 antisandbox_sboxie_libs
0.004 antiav_bitdefender_libs
0.004 shifu_behavior
0.004 cerber_behavior
0.004 browser_addon
0.004 browser_security
0.004 modify_proxy
0.003 tinba_behavior
0.003 antisandbox_sleep
0.003 kelihos_behavior
0.003 pony_behavior
0.002 andromeda_behavior
0.002 rat_nanocore
0.002 antivm_vmware_libs
0.002 ransomware_message
0.002 antivm_vbox_window
0.002 Locky_behavior
0.002 ipc_namedpipe
0.002 ransomeware_modifies_desktop_wallpaper
0.002 antisandbox_script_timer
0.002 antidbg_devices
0.002 disables_system_restore
0.002 disables_windows_defender
0.002 office_security
0.002 rat_spynet
0.002 stealth_hide_notifications
0.002 stealth_modify_uac_prompt
0.001 network_tor
0.001 disables_spdy
0.001 office_dl_write_exe
0.001 office_write_exe
0.001 infostealer_browser
0.001 injection_createremotethread
0.001 browser_needed
0.001 kazybot_behavior
0.001 dyre_behavior
0.001 encrypted_ioc
0.001 antivm_vmware_events
0.001 disables_wfp
0.001 securityxploded_modules
0.001 modifies_certs
0.001 antianalysis_detectfile
0.001 antivm_vmware_files
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 disables_windowsupdate
0.001 codelux_behavior
0.001 malicous_targeted_flame
0.001 proprietary_malicious_drop_executable_file_to_temp_folder
0.001 proprietary_bad_drop
0.001 ransomware_radamant
0.001 rat_pcclient
0.001 stealth_hidden_extension
0.001 stealth_hiddenreg

Reporting ( 1.23 seconds )

0.86 ReportHTMLSummary
0.37 Malheur


Task ID	744316
Mongo ID	662a6952dc327b93ad415da6
Cuckoo release	1.4-Maldun