恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-shaapp02-1	2024-04-25 22:30:27	2024-04-25 22:31:05	38 秒

魔盾分数

0.4

正常的

文件详细信息

文件名	libmmd.dll
文件大小	2887680 字节
文件类型	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	24d52adf2166c504efedfba7924e24bd
SHA1	6acd5ed130a2c3bc892ea213898c2f2627a0b0fd
SHA256	163fe1bc8b3d43b28ac60067e5840260cfcbe50590c4d6fd825a204e8733f976
SHA512	183b199031af969f5e280e4e164e9e82aec6e7df5e0e3cea688b93eff94ba8c468e4de09ecda29f27d63f6f34360a477af6f189ea25cdfd8b57f7f0f9dfd4776
CRC32	342F2DC2
Ssdeep	49152:C4pEY7HNk4gOPaVCPmN5j39U3JgQTgNGQKG:VpEY7HNkmaoOL9a9QK
Yara	登录查看Yara规则
	找不到该样本提交漏报

登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址	0x10000000
入口地址	0x1019a7e2
声明校验值	0x00000000
实际校验值	0x002c5045
最低操作系统版本要求	4.0
PDB路径	D:\users\nbtester\x86win_nightly\branch-10_0\20070810_000000\dev\build_objs\x86win_lib_build_d0p0flexlm\lib\libmmd.pdb
编译时间	2007-08-10 10:59:17
载入哈希	1d5da81aaa8a64bcc957bfd382c1d369
导出DLL库名称	\x31\x31\x39\x31\x31\x31\x34\x31\x31\x31

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x001acd88	0x001ad000	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	5.89
.rdata	0x001ae000	0x000fb28f	0x000fc000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.47
.data	0x002aa000	0x000047b0	0x00003000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	2.02
.idata	0x002af000	0x00000a93	0x00001000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	3.47
.rsrc	0x002b0000	0x000006dc	0x00001000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	1.07
.reloc	0x002b1000	0x00011605	0x00012000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	6.20

导入

库: KERNEL32.dll:

• 0x102af1c8 GetProcAddress

• 0x102af1cc GetModuleHandleA

• 0x102af1d0 FormatMessageA

• 0x102af1d4 LoadLibraryA

• 0x102af1d8 GetThreadLocale

• 0x102af1dc GetCurrentThreadId

• 0x102af1e0 GetCommandLineA

• 0x102af1e4 GetVersionExA

• 0x102af1e8 ExitProcess

• 0x102af1ec TerminateProcess

• 0x102af1f0 GetCurrentProcess

• 0x102af1f4 TlsAlloc

• 0x102af1f8 SetLastError

• 0x102af1fc GetLastError

• 0x102af200 GetCurrentThread

• 0x102af204 TlsFree

• 0x102af208 TlsSetValue

• 0x102af20c TlsGetValue

• 0x102af210 HeapFree

• 0x102af214 HeapAlloc

• 0x102af218 SetHandleCount

• 0x102af21c GetStdHandle

• 0x102af220 GetFileType

• 0x102af224 GetStartupInfoA

• 0x102af228 DeleteCriticalSection

• 0x102af22c GetModuleFileNameA

• 0x102af230 FreeEnvironmentStringsA

• 0x102af234 GetEnvironmentStrings

• 0x102af238 FreeEnvironmentStringsW

• 0x102af23c WideCharToMultiByte

• 0x102af240 GetEnvironmentStringsW

• 0x102af244 HeapDestroy

• 0x102af248 HeapCreate

• 0x102af24c VirtualFree

• 0x102af250 UnhandledExceptionFilter

• 0x102af254 WriteFile

• 0x102af258 LeaveCriticalSection

• 0x102af25c FatalAppExitA

• 0x102af260 EnterCriticalSection

• 0x102af264 SetFilePointer

• 0x102af268 GetACP

• 0x102af26c GetOEMCP

• 0x102af270 GetCPInfo

• 0x102af274 VirtualAlloc

• 0x102af278 HeapReAlloc

• 0x102af27c IsBadWritePtr

• 0x102af280 InitializeCriticalSection

• 0x102af284 RtlUnwind

• 0x102af288 InterlockedExchange

• 0x102af28c VirtualQuery

• 0x102af290 HeapSize

• 0x102af294 LCMapStringA

• 0x102af298 MultiByteToWideChar

• 0x102af29c LCMapStringW

• 0x102af2a0 QueryPerformanceCounter

• 0x102af2a4 GetTickCount

• 0x102af2a8 GetCurrentProcessId

• 0x102af2ac GetSystemTimeAsFileTime

• 0x102af2b0 SetConsoleCtrlHandler

• 0x102af2b4 SetStdHandle

• 0x102af2b8 GetTimeFormatA

• 0x102af2bc GetDateFormatA

• 0x102af2c0 GetUserDefaultLCID

• 0x102af2c4 GetLocaleInfoA

• 0x102af2c8 EnumSystemLocalesA

• 0x102af2cc IsValidLocale

• 0x102af2d0 IsValidCodePage

• 0x102af2d4 GetStringTypeA

• 0x102af2d8 GetStringTypeW

• 0x102af2dc FlushFileBuffers

• 0x102af2e0 VirtualProtect

• 0x102af2e4 GetSystemInfo

• 0x102af2e8 GetTimeZoneInformation

• 0x102af2ec CloseHandle

• 0x102af2f0 GetLocaleInfoW

• 0x102af2f4 CompareStringA

• 0x102af2f8 CompareStringW

• 0x102af2fc SetEnvironmentVariableA

导出

序列	地址	名称
1	0x10001d3e	_CIacos
2	0x10001c8f	_CIasin
3	0x10001bd6	_CIatan
4	0x10001825	_CIatan2
5	0x100021bc	_CIcos
6	0x10001d07	_CIcosh
7	0x10002289	_CIexp
8	0x10001c58	_CIfmod
9	0x10002180	_CIlog
10	0x10001a19	_CIlog10
11	0x10002216	_CIpow
12	0x1000219e	_CIsin
13	0x10001cd0	_CIsinh
14	0x10001ccb	_CIsqrt
15	0x10002239	_CItan
16	0x10001cbc	_CItanh
17	0x102aad98	_LIB_VERSIONIMF
18	0x1000150f	__acosdq
19	0x10001442	__acoshq
20	0x10001a64	__acosq
21	0x10001078	__annuityq
22	0x100027f2	__asindq
23	0x10002888	__asinhq
24	0x10001e24	__asinq
25	0x10002603	__atan2dq
26	0x10001398	__atan2q
27	0x10001cc6	__atand2q
28	0x100027a7	__atandq
29	0x10002801	__atanhq
30	0x10001e15	__atanq
31	0x10001ded	__cabsq
32	0x10002199	__cacoshq
33	0x10002077	__cacosq
34	0x100015e1	__cargq
35	0x10001f00	__casinhq
36	0x1000151e	__casinq
37	0x10001b86	__catanhq
38	0x1000144c	__catanq
39	0x10001ad7	__cbrtq
40	0x100014dd	__ccoshq
41	0x10001afa	__ccosq
42	0x100015f0	__ceilq
43	0x100017b7	__cexp10q
44	0x10001456	__cexp2q
45	0x100016a4	__cexpm1q
46	0x10001b90	__cexpq
47	0x10002883	__cimagq
48	0x10001db1	__cisdq
49	0x1000166d	__cisq
50	0x1000268f	__clog10q
51	0x100025a4	__clog1pq
52	0x1000138e	__clog2q
53	0x10001b45	__clog_f90
54	0x10001a5f	__clogf_f90
55	0x10001e01	__clogq
56	0x10002324	__clogq_f90
57	0x10002892	__compoundq
58	0x10001dd4	__conjq
59	0x10001023	__copysignq
60	0x10001de8	__cosdq
61	0x10001e42	__coshq
62	0x10001686	__cosq
63	0x10001de3	__cotdq
64	0x10001681	__cotq
65	0x10002261	__cpowq
66	0x1000289c	__cprojq
67	0x10002897	__crealq
68	0x10002662	__csinhq
69	0x10001d8e	__csinq
70	0x1000104b	__csqrt_f90
71	0x1000115e	__csqrtf_f90
72	0x1000287e	__csqrtq
73	0x10002982	__csqrtq_f90
74	0x100027fc	__ctanhq
75	0x10001e10	__ctanq
76	0x10001e0b	__dremq
77	0x10001dc0	__erfcq
78	0x10001627	__erfq
79	0x10001230	__exp10q
80	0x10001b7c	__exp2q
81	0x100024f5	__expm1q
82	0x10001591	__expq
83	0x10002202	__fabsq
84	0x10001e9c	__fdimq
85	0x10002009	__finite
86	0x1000210d	__finitef
87	0x10002149	__finitel
88	0x10001b8b	__floorq
89	0x10001618	__fmaq
90	0x10001e38	__fmaxq
91	0x10001e5b	__fminq
92	0x10001609	__fmodq
93	0x100019ab	__fpclassify
94	0x10001555	__fpclassifyf
95	0x10001573	__fpclassifyl
96	0x1000286f	__frexpq
97	0x10002653	__gammaq
98	0x1000135c	__gammaq_r
99	0x100027d9	__hypotq
100	0x1000265d	__ilogbq
101	0x100022b6	__invsqrtq
102	0x10001ed3	__isgreater
103	0x10001bdb	__isgreaterequal
104	0x10002554	__isgreaterequalf
105	0x100025ae	__isgreaterequall
106	0x10001a0a	__isgreaterf
107	0x10001a32	__isgreaterl
108	0x10001df2	__isinf
109	0x10002806	__isinff
110	0x1000286a	__isinfl
111	0x10002851	__isless
112	0x10001645	__islessequal
113	0x100022c0	__islessequalf
114	0x100022e8	__islessequall
115	0x100021f3	__islessf
116	0x100010d2	__islessgreater
117	0x100022c5	__islessgreaterf
118	0x100022f7	__islessgreaterl
119	0x10002234	__islessl
120	0x10001e56	__isnan
121	0x100027cf	__isnanf
122	0x10002833	__isnanl
123	0x1000227a	__isnormal
124	0x100028ba	__isnormalf
125	0x100028f6	__isnormall
126	0x10002775	__isunordered
127	0x100019f6	__isunorderedf
128	0x10001a1e	__isunorderedl
129	0x10001339	__j0q
130	0x1000134d	__j1q
131	0x100011ea	__jnq
132	0x10002815	__ldexpq
133	0x10002162	__lgammaq
134	0x100022e3	__lgammaq_r
135	0x10001aff	__libm_setusermatherr
136	0x10001875	__libm_setusermatherrf
137	0x10001898	__libm_setusermatherrl
138	0x10001c44	__libm_sse2_acos
139	0x100028c4	__libm_sse2_acosf
140	0x10001bfe	__libm_sse2_asin
141	0x10001181	__libm_sse2_asinf
142	0x10001c0d	__libm_sse2_atan
143	0x10002905	__libm_sse2_atan2
144	0x100013a2	__libm_sse2_atan2f
145	0x10001113	__libm_sse2_atanf
146	0x10001c99	__libm_sse2_cbrt
147	0x1000290f	__libm_sse2_cbrtf
148	0x100023f6	__libm_sse2_cos
149	0x10001bf9	__libm_sse2_cosf
150	0x100024aa	__libm_sse2_exp
151	0x10001e88	__libm_sse2_exp10
152	0x10001889	__libm_sse2_exp10f
153	0x100017ee	__libm_sse2_exp2
154	0x10001fa5	__libm_sse2_exp2f
155	0x10001988	__libm_sse2_expf
156	0x10002671	__libm_sse2_expm1
157	0x100027f7	__libm_sse2_expm1f
158	0x10001933	__libm_sse2_log
159	0x10001bf4	__libm_sse2_log10
160	0x10001ba4	__libm_sse2_log10f
161	0x10001da7	__libm_sse2_log1p
162	0x10001b3b	__libm_sse2_log1pf
163	0x10001f23	__libm_sse2_log2
164	0x10001d66	__libm_sse2_log2f
165	0x1000206d	__libm_sse2_logf
166	0x10001aaf	__libm_sse2_pow
167	0x100021a8	__libm_sse2_powf
168	0x10001a14	__libm_sse2_sin
169	0x1000199c	__libm_sse2_sincos
170	0x100025c7	__libm_sse2_sincosf
171	0x1000200e	__libm_sse2_sinf
172	0x10001956	__libm_sse2_tan
173	0x100020a9	__libm_sse2_tanf
174	0x10001b9a	__llrintq
175	0x10001370	__llroundq
176	0x100012fd	__log10q
177	0x10001389	__log1pq
178	0x10001d25	__log2q
179	0x10001d9d	__logbq
180	0x10001677	__logq
181	0x1000284c	__lrintq
182	0x10002194	__lroundq
183	0x10001e7e	__modfq
184	0x100021c6	__nearbyintq
185	0x100015eb	__nextafterq
186	0x10001311	__nexttowardq
187	0x10001e3d	__nintq
188	0x10002090	__pow_eq
189	0x10001eb5	__powc16i4
190	0x10001ec4	__powc16i8
191	0x10001eb0	__powc32i4
192	0x10001ebf	__powc32i8
193	0x100027de	__powc8i4
194	0x1000281a	__powc8i8
195	0x10002419	__powi4i4
196	0x1000245a	__powi8i8
197	0x10001d98	__powi_eq
198	0x100015af	__powiq
199	0x10001e1a	__powq
200	0x10001abe	__powr10i4
201	0x10001adc	__powr10i8
202	0x10001a6e	__powr16i4
203	0x10001a82	__powr16i8
204	0x10002446	__powr4i4
205	0x1000245f	__powr4i8
206	0x1000281f	__powr8i4
207	0x1000285b	__powr8i8
208	0x1000107d	__remainderq
209	0x10001b40	__remquoq
210	0x10001dd9	__rintq
211	0x10001406	__roundq
212	0x1000283d	__rsqrtq
213	0x10001a96	__scalblnq
214	0x10001dac	__scalbnq
215	0x10002658	__scalbq
216	0x1000228e	__signbit
217	0x10001320	__signbitf
218	0x10001357	__signbitl
219	0x10002013	__significandq
220	0x1000229d	__sincosdq
221	0x1000227f	__sincosq
222	0x10001dc5	__sindq
223	0x10001154	__sinhcoshq
224	0x10001e60	__sinhq
225	0x1000160e	__sinq
226	0x10001e65	__sqrtq
227	0x10001dbb	__tandq
228	0x10001e83	__tanhq
229	0x1000162c	__tanq
230	0x10002135	__tgammaq
231	0x100011b8	__truncq
232	0x100011ef	__y0q
233	0x100011f4	__y1q
234	0x10001861	__ynq
235	0x10002315	acos
236	0x10001799
237	0x100012e9
238	0x1000192e
239	0x10001974
240	0x100012f3
241	0x100021da
242	0x10001307
243	0x1000198d
244	0x100019a6
245	0x1000132a
246	0x10002225
247	0x10001082
248	0x100010c8
249	0x10002766
250	0x10001f9b
251	0x10001735
252	0x10001fb9
253	0x10001fe6
254	0x10001767
255	0x100013d4
256	0x10001771
257	0x10001fc8
258	0x10001ff0
259	0x100017c1
260	0x10002644
261	0x10001564
262	0x10002937
263	0x10001672
264	0x10001d89
265	0x10001db6
266	0x1000168b
267	0x100016ae
268	0x10001145
269	0x10001514
270	0x10001d34
271	0x10001d4d
272	0x10001654
273	0x1000167c
274	0x1000114f
275	0x10001b22
276	0x10001163
277	0x1000164f
278	0x10001663
279	0x10001195
280	0x1000226b
281	0x10001131
282	0x10001172
283	0x100011b3
284	0x10001a55
285	0x10001a5a
286	0x10001019
287	0x10001069
288	0x10001a73
289	0x100022cf
290	0x100012a8
291	0x100012ee
292	0x10001343
293	0x100019dd
294	0x100019e7
295	0x100022de
296	0x1000230b
297	0x10001a00
298	0x1000136b
299	0x10001a0f
300	0x10001a23
301	0x100022ed
302	0x10002310
303	0x10001a41
304	0x10002329
305	0x10002379
306	0x10002392
307	0x1000258b
308	0x100011a4
309	0x100011bd
310	0x1000155a
311	0x10001578
312	0x100011e0
313	0x10002540
314	0x100010e6
315	0x1000110e
316	0x1000263f
317	0x100014ec
318	0x1000150a
319	0x10001d02
320	0x10001d2a
321	0x10002914
322	0x1000165e
323	0x10001690
324	0x10001140
325	0x10001c08
326	0x1000117c
327	0x1000119f
328	0x1000163b
329	0x10001659
330	0x1000204f
331	0x100025d6
332	0x10001235
333	0x10001285
334	0x100025ea
335	0x1000261c
336	0x10002761
337	0x10002711
338	0x10002676
339	0x10002441
340	0x10002464
341	0x100015be
342	0x100028a1
343	0x100028d8
344	0x10001762
345	0x100023fb
346	0x100017b2
347	0x1000211c
348	0x1000209a
349	0x100020e0
350	0x10002770
351	0x1000178f
352	0x100017df
353	0x10001537
354	0x1000274d
355	0x10002784
356	0x100020c7
357	0x10001177
358	0x1000279d
359	0x10001834
360	0x10001866
361	0x100027bb
362	0x1000255e
363	0x100027d4
364	0x10001820
365	0x1000184d
366	0x10002810
367	0x100020db
368	0x100027ca
369	0x1000182a
370	0x10001857
371	0x100027e8
372	0x10002847
373	0x1000280b
374	0x100018ac
375	0x100018e3
376	0x100018c0
377	0x100026cb
378	0x100026f8
379	0x100011c2
380	0x10001569
381	0x1000158c
382	0x10002793
383	0x1000180c
384	0x1000181b
385	0x10001f8c
386	0x10001faa
387	0x10001843
388	0x100018fc
389	0x10002112
390	0x1000268a
391	0x100013f2
392	0x100026da
393	0x10002860
394	0x100018de
395	0x100018ed
396	0x100026b2
397	0x100026f3
398	0x1000191f
399	0x10002153
400	0x10002739
401	0x100011db
402	0x100011fe
403	0x1000275c
404	0x10002018
405	0x100023e7
406	0x10002405
407	0x1000278e
408	0x10002185
409	0x1000100a
410	0x10002900
411	0x1000154b
412	0x1000156e
413	0x10002496
414	0x1000114a
415	0x10001190
416	0x10002559
417	0x10001582
418	0x100025b3
419	0x10002946
420	0x100016bd
421	0x100016d6
422	0x10001b77
423	0x100014e7
424	0x100014d3
425	0x100024a5
426	0x10001da2
427	0x10001df7
428	0x10001dcf
429	0x10001e33
430	0x10002482
431	0x100024a0
432	0x10001e06
433	0x10001d75
434	0x10001505
435	0x10002400
436	0x100024b4
437	0x10001d7f
438	0x10001dde
439	0x10002171
440	0x100021f8
441	0x10002581
442	0x1000119a
443	0x100011e5
444	0x1000262b
445	0x1000125d
446	0x100012b7
447	0x100024d2
448	0x100010e1
449	0x10001dfc
450	0x10001451
451	0x1000170d
452	0x10002072
453	0x100016e0
454	0x10001c71
455	0x10001fbe
456	0x1000161d
457	0x10001f28
458	0x100028fb
459	0x10001cb7
460	0x100022fc
461	0x10001f87
462	0x100023c4
463	0x100023d3
464	0x1000191a
465	0x100026a8
466	0x100026e9
467	0x100020e5
468	0x100027e3
469	0x10002842
470	0x100028bf
471	0x100019ba
472	0x100019d3
473	0x100027a2
474	0x1000182f
475	0x1000185c
476	0x10002757
477	0x1000270c
478	0x1000175d
479	0x100017ad
480	0x10002932
481	0x10001ffa
482	0x10002022
483	0x1000193d
484	0x10002838
485	0x1000288d
486	0x10001109
487	0x10001e6a
488	0x100015f5
489	0x1000267b
490	0x10001640
491	0x100027b1
492	0x10001884
493	0x100025f9
494	0x10002635
495	0x100011a9
496	0x10001d57
497	0x10001d70
498	0x10001f5a
499	0x10001523
500	0x1000152d
501	0x100018a2
502	0x10001f1e
503	0x10001f41
504	0x10001f4b
505	0x10001438
506	0x1000254a
507	0x10002595
508	0x10001366
509	0x10001375
510	0x100011d6
511	0x10001d93
512	0x10001dca
513	0x10001636
514	0x100026ad
515	0x10001258
516	0x100012b2
517	0x100015a0
518	0x10001541
519	0x100019b5
520	0x100019ce
521	0x100015d7
522	0x1000121c
523	0x10001e2e
524	0x10001e6f
525	0x10002531
526	0x1000194c
527	0x1000197e
528	0x100018f7
529	0x10002685
530	0x100026d5
531	0x1000234c
532	0x10001bef
533	0x10001c17
534	0x10002351
535	0x10001bea
536	0x10001c12
537	0x1000243c
538	0x1000203b
539	0x10002081
540	0x100011d1
541	0x10001596
542	0x100015c3
543	0x100015fa
544	0x10002680
545	0x10001d61
546	0x10001d39
547	0x10001d7a
548	0x10001f32
549	0x10002720
550	0x10001cda
551	0x10001d16
552	0x10001eba
553	0x100014a6
554	0x100014c9
555	0x10002103
556	0x1000118b
557	0x1000106e
558	0x10001c85
559	0x1000169a
560	0x10001087
561	0x100016b3
562	0x100012bc
563	0x1000159b
564	0x100015cd
565	0x100025fe
566	0x1000123f
567	0x1000128f
568	0x10002798
569	0x10001816
570	0x10001848
571	0x100027c0
572	0x10001e97
573	0x10002829
574	0x1000190b
575	0x100026a3
576	0x100026df
577	0x1000269e
578	0x10001bb8
579	0x10001bd1
580	0x10002347
581	0x1000292d
582	0x10002955
583	0x100025db
584	0x1000126c
585	0x100012c6
586	0x10002293
587	0x10001668
588	0x1000169f
589	0x100022b1
590	0x10001965
591	0x10001992
592	0x10002874
593	0x10002252
594	0x10002275
595	0x100020fe
596	0x1000271b
597	0x10001839
598	0x1000276b
599	0x100014fb
600	0x100014a1
601	0x1000272f
602	0x100014f6
603	0x10002455
604	0x100026fd
605	0x1000183e
606	0x10001500
607	0x100014c4
608	0x10001e74
609	0x10002473
610	0x1000164a
611	0x100027c5
612	0x10002824
613	0x100012da
614	0x100015a5
615	0x100015e6
616	0x10002248
617	0x10001cb2
618	0x10001cfd
619	0x100022a2
620	0x10001104
621	0x10001136
622	0x100012cb
623	0x10001915
624	0x10001960
625	0x1000215d
626	0x100021e4
627	0x1000222a
628	0x10001d11
629	0x10001c53
630	0x10001ca3
631	0x10002243
632	0x10001cad
633	0x10001cf8
634	0x10001d20
635	0x10001ca8
636	0x10001cf3
637	0x102aae34
638	0x102acfa4
639	0x10001ee2
640	0x100023c9
641	0x100023d8
642	0x10001e1f
643	0x100020cc
644	0x1000188e
645	0x1000277a
646	0x10002383
647	0x10002167
648	0x10002176
649	0x1000238d
650	0x1000128a
651	0x100023ab
652	0x1000223e
653	0x100010dc
654	0x100010ff
655	0x10002257
656	0x10001483
657	0x1000225c
658	0x1000216c
659	0x100021d0
660	0x1000221b
661	0x10001118
662	0x10001159
663	0x10002284
664	0x100022ca
665	0x1000127b
666	0x100012d5
667	0x10001d84
668	0x10001f37
669	0x10001fa0
670	0x1000202c
671	0x10002059
672	0x10001faf
673	0x10001c80
674	0x10001fc3
675	0x10002063
676	0x100020ae
677	0x10001fe1
678	0x1000218a
679	0x10001c49
680	0x10001c9e
681	0x100012a3
682	0x100018b6
683	0x100018e8
684	0x100024be
685	0x10002054
686	0x100020a4
687	0x100024c3
688	0x1000207c
689	0x100020bd
690	0x10002626
691	0x10001f5f
692	0x10001f73

.text
`.rdata
@.data
.idata
.rsrc
@.reloc
|$pPh
|$0Ph
|$0Ph

没有防病毒引擎扫描信息!

进程树

rundll32.exe id: 2528

搜索
rundll32.exe (2528)

rundll32.exe, PID: 2528, 上一级进程 PID: 2180

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	104.98.118.171	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	63246	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	104.98.118.171	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	63246	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 32.146 seconds )

11.248 Suricata
10.202 VirusTotal
8.2 Static
1.012 TargetInfo
0.944 NetworkAnalysis
0.492 peid
0.018 BehaviorAnalysis
0.011 Strings
0.01 AnalysisInfo
0.007 config_decoder
0.002 Memory

Signatures ( 1.468 seconds )

1.359 proprietary_url_bl
0.019 antiav_detectreg
0.01 antiav_detectfile
0.008 proprietary_domain_bl
0.007 anomaly_persistence_autorun
0.005 antianalysis_detectreg
0.005 infostealer_ftp
0.004 geodo_banking_trojan
0.004 infostealer_bitcoin
0.004 infostealer_im
0.004 ransomware_extensions
0.004 ransomware_files
0.003 tinba_behavior
0.003 rat_nanocore
0.003 network_http
0.002 cerber_behavior
0.002 antivm_vbox_files
0.002 disables_browser_warn
0.002 infostealer_mail
0.002 proprietary_bad_drop
0.001 api_spamming
0.001 betabot_behavior
0.001 antianalysis_detectfile
0.001 antidbg_devices
0.001 antivm_generic_diskreg
0.001 antivm_parallels_keys
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_security
0.001 modify_proxy
0.001 proprietary_malicious_drop_executable_file_to_temp_folder
0.001 network_cnc_http
0.001 stealth_hide_notifications
0.001 stealth_modify_uac_prompt
0.001 stealth_modify_security_center_warnings

Reporting ( 0.524 seconds )

0.48 ReportHTMLSummary
0.044 Malheur


Task ID	744317
Mongo ID	662a695adc327b93ae415a94
Cuckoo release	1.4-Maldun