比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2024-04-25 23:10:13 2024-04-25 23:12:33 140 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 不坑盒子_2024.040404.exe
文件大小 19387968 字节
文件类型 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 f0b0e25b4085413331f0b47cfdfd7c23
SHA1 e232d327ec338f1fdd2fe21e7fc7eff157ed8739
SHA256 d3c3267550134019f1e7379a49d2efa392c09d240edfb778c97948f5588e8b89
SHA512 8503540bbd8fd62a81c82771bdf6e0845d526d06c6cd30e7e108d2060121d0129d95fe315a6687e0ea00952b0bfb0a27af5a02a4f0b8e461714913cc6a01b968
CRC32 0F7F0B1C
Ssdeep 196608:7RXZXHHYxTpUez7HgV9//z7R2gfImDd48WPeRE91eTpABor8Y:NJXH4DHwpFBu8weRagAs9
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x01678f6a
声明校验值 0x012833a7
最低操作系统版本要求 4.0
PDB路径 C:\Users\boy\Nutstore\1\dev_lite\vs\\xe4\xb8\x8d\xe5\x9d\x91\xe7\x9b\x92\xe5\xad\x90\obj\Release\BKOffice_Installer.pdb
编译时间 2043-01-26 17:28:45
载入哈希 f34d5f2d4577ed6d9ceec516c1f5a744

版本信息

Translation
LegalCopyright
Assembly Version
InternalName
FileVersion
CompanyName
LegalTrademarks
Comments
ProductName
ProductVersion
FileDescription
OriginalFilename

微软证书验证 (Sign Tool)

SHA1 时间戳 有效性 错误
None Fri Apr 05 08:52:22 2024
A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
证书链 Certificate Chain 1
发行给 44886.com
发行人 44886.com
有效期 Tue Mar 07 011148 2124
SHA1 哈希 db16736ed727151853c5d4492f95243715965faa
证书链 Timestamp Chain 1
发行给 DigiCert Assured ID Root CA
发行人 DigiCert Assured ID Root CA
有效期 Mon Nov 10 080000 2031
SHA1 哈希 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43
证书链 Timestamp Chain 2
发行给 DigiCert Trusted Root G4
发行人 DigiCert Assured ID Root CA
有效期 Mon Nov 10 075959 2031
SHA1 哈希 a99d5b79e9f1cda59cdab6373169d5353f5874c6
证书链 Timestamp Chain 3
发行给 DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
发行人 DigiCert Trusted Root G4
有效期 Mon Mar 23 075959 2037
SHA1 哈希 b6c8af834d4e53b673c76872aa8c950c7c54df5f
证书链 Timestamp Chain 4
发行给 DigiCert Timestamp 2023
发行人 DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
有效期 Sat Oct 14 075959 2034
SHA1 哈希 66f02b32c2c2c90f825dceaa8ac9c64f199ccf40

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00002000 0x01276f70 0x01277000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.96
.rsrc 0x0127a000 0x000044e4 0x00004600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.64
.reloc 0x01280000 0x0000000c 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 0.12

导入

库: mscoree.dll:
0x402000 _CorExeMain

装载信息

名称 BKOffice_Installer
版本 2024.3.15.0

装载参考

名称 版本
mscorlib 4.0.0.0
PresentationFramework 4.0.0.0
Microsoft.VisualBasic 10.0.0.0
System 4.0.0.0
System.Drawing 4.0.0.0
System.Windows.Forms 4.0.0.0
System.Xaml 4.0.0.0
PresentationCore 4.0.0.0
System.Core 4.0.0.0
WindowsBase 4.0.0.0

自定义属性

类型 名称
Assembly [mscorlib]System.Reflection.AssemblyTitleAttribute \xe4\xb8\x8d\xe5\x9d\x91\xe7\x9b\x92\xe5\xad\x90\xe5\xae\x89\xe8\xa3\x85\xe5
Assembly [mscorlib]System.Reflection.AssemblyDescriptionAttribute \xe4\xb8\x80\xe6\xac\xbe\xe5\x85\xa8\xe8\x83\xbd\xe3\x80\x81\xe5\x85\x8d\xe8\xb4\xb9\xe7\x9a\x84Office\xe6\x8f\x92\xe4\xbb\xb6\xef\xbc\x8c\xe6\xad\xa4\xe4\xb8\xba\xe5\xae\x83\xe7\x9a\x84\xe5\xae\x89\xe8\xa3\x85\xe5\x8c\x85\xe3\x80\x82\xe6\x97\xa0\xe6\xb3\x95\xe8\xbf\x90\xe8\xa1\x8c\xe8\xaf\xb7\xe5\x85\x88\xe5\xae\x89\xe8\xa3\x85 .Net 4
Assembly [mscorlib]System.Reflection.AssemblyCompanyAttribute \xe4\xb8\x8d\xe5\x9d\x91\xe8\x80\x81\xe5
Assembly [mscorlib]System.Reflection.AssemblyProductAttribute \xe4\xb8\x8d\xe5\x9d\x91\xe7\x9b\x92\xe5\xad\x90\xe5\xae\x89\xe8\xa3\x85\xe5
Assembly [mscorlib]System.Reflection.AssemblyCopyrightAttribute Copyright \xc2\xa9 20

类型参考

装载 类型名称
Microsoft.VisualBasic Microsoft.VisualBasic.AppWinStyle
Microsoft.VisualBasic Microsoft.VisualBasic.ApplicationServices.AssemblyInfo
Microsoft.VisualBasic Microsoft.VisualBasic.ApplicationServices.User
Microsoft.VisualBasic Microsoft.VisualBasic.CompilerServices.Conversions
Microsoft.VisualBasic Microsoft.VisualBasic.CompilerServices.DesignerGeneratedAttribute
Microsoft.VisualBasic Microsoft.VisualBasic.CompilerServices.NewLateBinding
Microsoft.VisualBasic Microsoft.VisualBasic.CompilerServices.Operators
Microsoft.VisualBasic Microsoft.VisualBasic.CompilerServices.ProjectData
Microsoft.VisualBasic Microsoft.VisualBasic.CompilerServices.StandardModuleAttribute
Microsoft.VisualBasic Microsoft.VisualBasic.CompilerServices.Versioned
Microsoft.VisualBasic Microsoft.VisualBasic.Devices.Computer
Microsoft.VisualBasic Microsoft.VisualBasic.Devices.ServerComputer
Microsoft.VisualBasic Microsoft.VisualBasic.HideModuleNameAttribute
Microsoft.VisualBasic Microsoft.VisualBasic.Interaction
Microsoft.VisualBasic Microsoft.VisualBasic.Logging.Log
Microsoft.VisualBasic Microsoft.VisualBasic.MsgBoxResult
Microsoft.VisualBasic Microsoft.VisualBasic.MsgBoxStyle
Microsoft.VisualBasic Microsoft.VisualBasic.MyGroupCollectionAttribute
Microsoft.VisualBasic Microsoft.VisualBasic.MyServices.RegistryProxy
PresentationCore System.Windows.Input.MouseButtonEventArgs
PresentationCore System.Windows.Input.MouseButtonEventHandler
PresentationCore System.Windows.Input.MouseButtonState
PresentationCore System.Windows.Input.MouseEventArgs
PresentationCore System.Windows.Input.MouseEventHandler
PresentationCore System.Windows.RoutedEventArgs
PresentationCore System.Windows.RoutedEventHandler
PresentationCore System.Windows.UIElement
PresentationFramework System.Windows.Application
PresentationFramework System.Windows.Controls.Button
PresentationFramework System.Windows.Controls.ContentControl
PresentationFramework System.Windows.Controls.Label
PresentationFramework System.Windows.Controls.Primitives.ButtonBase
PresentationFramework System.Windows.FrameworkElement
PresentationFramework System.Windows.ResourceDictionaryLocation
PresentationFramework System.Windows.ThemeInfoAttribute
PresentationFramework System.Windows.Window
System System.CodeDom.Compiler.GeneratedCodeAttribute
System System.ComponentModel.Design.HelpKeywordAttribute
System System.ComponentModel.EditorBrowsableAttribute
System System.ComponentModel.EditorBrowsableState
System System.ComponentModel.INotifyPropertyChanged
System System.ComponentModel.PropertyChangedEventArgs
System System.ComponentModel.PropertyChangedEventHandler
System System.Configuration.ApplicationSettingsBase
System System.Configuration.SettingsBase
System System.Diagnostics.Process
System System.Diagnostics.ProcessStartInfo
System System.Security.Cryptography.X509Certificates.OpenFlags
System System.Security.Cryptography.X509Certificates.StoreLocation
System System.Security.Cryptography.X509Certificates.StoreName
System System.Security.Cryptography.X509Certificates.X509Certificate2
System System.Security.Cryptography.X509Certificates.X509Certificate2Collection
System System.Security.Cryptography.X509Certificates.X509Certificate2Enumerator
System System.Security.Cryptography.X509Certificates.X509Store
System System.Uri
System System.UriKind
System.Core System.Linq.Enumerable
System.Drawing System.Drawing.Icon
System.Windows.Forms System.Windows.Forms.DialogResult
System.Windows.Forms System.Windows.Forms.MessageBox
System.Windows.Forms System.Windows.Forms.MessageBoxButtons
System.Windows.Forms System.Windows.Forms.MessageBoxIcon
System.Xaml System.Windows.Markup.IComponentConnector
WindowsBase System.Windows.Threading.Dispatcher
WindowsBase System.Windows.Threading.DispatcherObject
mscorlib Microsoft.Win32.Registry
mscorlib Microsoft.Win32.RegistryKey
mscorlib System.Action
mscorlib System.Activator
mscorlib System.ArgumentException
mscorlib System.Boolean
mscorlib System.Collections.CollectionBase
mscorlib System.Collections.Generic.Dictionary`2
mscorlib System.Collections.Generic.Dictionary`2/KeyCollection
mscorlib System.Collections.Generic.IEnumerable`1
mscorlib System.Collections.Generic.List`1
mscorlib System.Collections.Generic.List`1/Enumerator
mscorlib System.Collections.Hashtable
mscorlib System.Console
mscorlib System.Delegate
mscorlib System.Diagnostics.DebuggableAttribute
mscorlib System.Diagnostics.DebuggableAttribute/DebuggingModes
mscorlib System.Diagnostics.DebuggerHiddenAttribute
mscorlib System.Diagnostics.DebuggerNonUserCodeAttribute
mscorlib System.Enum
mscorlib System.Environment
mscorlib System.Environment/SpecialFolder
mscorlib System.Exception
mscorlib System.Globalization.CultureInfo
mscorlib System.IDisposable
mscorlib System.IO.Directory
mscorlib System.IO.DirectoryInfo
mscorlib System.IO.File
mscorlib System.IO.FileMode
mscorlib System.IO.FileStream
mscorlib System.IO.Path
mscorlib System.IO.Stream
mscorlib System.IO.StreamReader
mscorlib System.IO.StreamWriter
mscorlib System.IO.TextWriter
mscorlib System.Int32
mscorlib System.InvalidOperationException
mscorlib System.NotImplementedException
mscorlib System.Nullable`1
mscorlib System.Object
mscorlib System.Reflection.Assembly
mscorlib System.Reflection.AssemblyCompanyAttribute
mscorlib System.Reflection.AssemblyCopyrightAttribute
mscorlib System.Reflection.AssemblyDescriptionAttribute
mscorlib System.Reflection.AssemblyFileVersionAttribute
mscorlib System.Reflection.AssemblyProductAttribute
mscorlib System.Reflection.AssemblyTitleAttribute
mscorlib System.Reflection.AssemblyTrademarkAttribute
mscorlib System.Resources.ResourceManager
mscorlib System.Runtime.CompilerServices.AccessedThroughPropertyAttribute
mscorlib System.Runtime.CompilerServices.CompilationRelaxationsAttribute
mscorlib System.Runtime.CompilerServices.CompilerGeneratedAttribute
mscorlib System.Runtime.CompilerServices.RuntimeCompatibilityAttribute
mscorlib System.Runtime.CompilerServices.RuntimeHelpers
mscorlib System.Runtime.InteropServices.ComVisibleAttribute
mscorlib System.Runtime.InteropServices.GuidAttribute
mscorlib System.Runtime.Versioning.TargetFrameworkAttribute
mscorlib System.RuntimeTypeHandle
mscorlib System.STAThreadAttribute
mscorlib System.Security.Cryptography.X509Certificates.X509Certificate
mscorlib System.Security.Cryptography.X509Certificates.X509KeyStorageFlags
mscorlib System.String
mscorlib System.Text.Encoding
mscorlib System.ThreadStaticAttribute
mscorlib System.Threading.Interlocked
mscorlib System.Threading.Tasks.Task
mscorlib System.Threading.Thread
mscorlib System.Type
.text
`.rsrc
@.reloc
v4.0.30319
#Strings
#GUID
#Blob
_Closure$__12-0
$I3-0
_Lambda$__3-0
_Lambda$__4-0
_Lambda$__0
$I12-1
_Lambda$__12-1
Nullable`1
IEnumerable`1
ThreadSafeObjectProvider`1
List`1
Microsoft.Win32
Int32
Dictionary`2
X509Certificate2
get_WebView2Loader_arm64
get_WebView2Loader_x64
get_WebView2Loader_x86
<Module>
get_BKOfficeWPF
System.IO
m_PVCY
get_PVCY
set_PVCY
_Closure$__
Dispose__Instance__
Create__Instance__
ProjectData
get_ndp48_web
mscorlib
System.Collections.Generic
Microsoft.VisualBasic
connectionId
Thread
add_Loaded
Window_Loaded
_contentLoaded
add_PropertyChanged
remove_PropertyChanged
OnPropertyChanged
INotifyPropertyChanged
get_BKOfficeDNA_AddIn64_packed
get_BKOfficeDNA_AddIn_packed
Interlocked
set_IsEnabled
Versioned
s_WindowBeingCreated
get_HasExited
Synchronized
appid
ReadToEnd
RunCommand
command
UriKind
password
get_BKOffice
CreateInstance
get_GetInstance
defaultInstance
instance
GetHashCode
FileMode
get_System_Runtime_CompilerServices_Unsafe
get_Message
CompareExchange
Invoke
Enumerable
IDisposable
Hashtable
RuntimeTypeHandle
GetTypeFromHandle
addFile
ReleaseFile
Console
AppWinStyle
MsgBoxStyle
set_FileName
ruleName
get_MachineName
TypeName
StoreName
storeName
get_UserName
get_ShortcutName
set_ShortcutName
GetProcessesByName
GetDirectoryName
propertyName
WriteLine
Combine
get_LocalMachine
get__reg_machine
ChangeType
GetType
System.Core
get_Microsoft_Web_WebView2_Core
PresentationCore
X509Store
get_Culture
set_Culture
resourceCulture
CollectionBase
ButtonBase
ApplicationSettingsBase
WindowsBase
release
Close
Dispose
X509Certificate
InstallCertificate
Create
Delegate
get_template
EditorBrowsableState
MouseButtonState
Delete
Write
get_BKRemote
ThreadStaticAttribute
STAThreadAttribute
CompilerGeneratedAttribute
DesignerGeneratedAttribute
GuidAttribute
HelpKeywordAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
StandardModuleAttribute
HideModuleNameAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
DebuggerHiddenAttribute
AssemblyFileVersionAttribute
MyGroupCollectionAttribute
AssemblyDescriptionAttribute
ThemeInfoAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
AccessedThroughPropertyAttribute
set_UseShellExecute
m_ThreadStaticValue
DeleteValue
WithEventsValue
GetObjectValue
GetValue
SetValue
AutoPropertyValue
value
add_MouseMove
Window_MouseMove
DragMove
Remove
BKOffice_Installer.exe
get_Microsoft_Web_WebView2_Wpf
CheckReg
get_bukeng
System.Threading
System.Windows.Threading
NewLateBinding
GetEncoding
Microsoft.VisualBasic.Logging
System.Runtime.Versioning
CompareString
GetEffectiveDateString
GetExpirationDateString
ToString
GetString
System.Drawing
get_zxing
s_Log
get_Log
ShowDialog
DeleteNetsh
AppPath
GetFolderPath
get_TargetPath
set_TargetPath
certPath
pfxPath
StartsWith
get_ticiqi
set_StartupUri
get_Fleck
add_Click
PresentationFramework
Kernal
addUrlAcl
Label
_DesModel
MainDesModel
System.ComponentModel
LateCall
addFireWall
Button_Install
get__install
Button_install
Button_Uninstall
get__uninstall
Shell
System.Xaml
ContentControl
get_HandyControl
FileStream
get_Item
System
get_StartIn
set_StartIn
resourceMan
ToBoolean
get_BKGreen
System.ComponentModel.Design
MessageBoxIcon
MyWpfExtension
get_Version
set_Version
get_Application
StoreLocation
get_IconLocation
set_IconLocation
ResourceDictionaryLocation
System.Configuration
System.Globalization
Action
Interaction
System.Reflection
X509Certificate2Collection
KeyCollection
NotImplementedException
InvalidOperationException
ArgumentException
get_Description
set_Description
get_BKCommon
get_TencentCloudCommon
get_Newtonsoft_Json
$VB$Local_InstallButton
get_InstallButton
set_InstallButton
$VB$Local_UnInstallButton
get_UnInstallButton
set_UnInstallButton
get_LeftButton
add_MouseDown
Label_MouseDown
Shutdown
get_Info
CultureInfo
get_StartInfo
set_StartInfo
ProcessStartInfo
AssemblyInfo
DirectoryInfo
get_logo
checkPro
Sleep
get_DotNetZip
EndApp
System.Windows.Markup
get_MicrosoftEdgeWebview2Setup
System.Linq
Clear
get_TencentCloudOcr
StreamReader
SpecialFolder
sender
get_ResourceManager
get_Dispatcher
PropertyChangedEventHandler
RoutedEventHandler
MouseEventHandler
MouseButtonEventHandler
System.CodeDom.Compiler
BKOffice_Installer
BKOfficeInstaller
get_HotkeyListener
s_User
get_User
get_CurrentUser
ConditionalCompareObjectGreater
StreamWriter
TextWriter
s_Computer
get_Computer
ServerComputer
cover
Repair
CreateProjectError
ClearProjectError
SetProjectError
X509Certificate2Enumerator
GetEnumerator
Activator
.ctor
.cctor
IComponentConnector
System.Diagnostics
ShowDes
Microsoft.VisualBasic.Devices
Microsoft.VisualBasic.ApplicationServices
System.Runtime.InteropServices
Microsoft.VisualBasic.CompilerServices
System.Runtime.CompilerServices
Microsoft.VisualBasic.MyServices
System.Resources
BKOfficeInstaller.My.Resources
BKOffice_Installer.g.resources
BKOfficeInstaller.Resources.resources
DebuggingModes
ShortcutProperties
Files
GetSubKeyNames
System.Security.Cryptography.X509Certificates
WriteAllBytes
ToBytes
System.Windows.Controls.Primitives
X509KeyStorageFlags
OpenFlags
get_Settings
MySettings
PropertyChangedEventArgs
RoutedEventArgs
MouseEventArgs
MouseButtonEventArgs
System.Threading.Tasks
ReferenceEquals
System.Windows.Controls
System.Windows.Forms
get_Microsoft_Web_WebView2_WinForms
get_System_Threading_Tasks_Extensions
Conversions
get_ToastNotifications
get_Toasts_Forms_Plugin_Abstractions
System.Collections
MessageBoxButtons
RuntimeHelpers
Errors
Operators
Process
Exits
set_Arguments
get_BKFonts
Exists
System.Windows
s_Windows
get_Windows
MyWindows
get_Keys
Concat
Format
CreateObject
DispatcherObject
GetObject
get_Subject
MyProject
System_Windows_Markup_IComponentConnector_Connect
LateGet
LateSet
target
WaitForExit
get_Default
DialogResult
MsgBoxResult
UIElement
FrameworkElement
Environment
LoadComponent
InitializeComponent
get_Current
set_Content
get_LabelContent
set_LabelContent
_labelContent
PropertyChangedEvent
get_Count
get_SubKeyCount
Start
addSSLCert
Import
ipport
ToList
System.Windows.Input
get_StandardOutput
set_RedirectStandardOutput
MoveNext
System.Text
set_DataContext
DelStartMenu
AddToStartMenu
AddToStartMenuNew
get_BKWebView
m_MainWindow
get_MainWindow
set_MainWindow
set_CreateNoWindow
importPfx
MessageBox
MsgBox
BKOfficeInstaller.My
CreateSubKey
DeleteSubKey
OpenSubKey
ContainsKey
AddUninstallRegistryKey
get_Assembly
GetExecutingAssembly
CreateDirectory
get_WorkingDirectory
set_WorkingDirectory
get_Registry
MySettingsProperty
RegistryProxy
g>f:y"
ffN0R
.Net 4.8
2023
$3ec13189-cd8c-44bb-87ac-9b294a5d25d3
2024.03.15.0
4.0.0.0
InstallButton
UnInstallButton
Version
11.0.0.0
17.0.0.0
17.9.0.0
Dispose__Instance__ My.MyWpfExtenstionModule.Windows
My.Settings
Gi1p7
`rTo}
iTXtXML:com.adobe.xmp
okYj&
85]*D
1g=<z
-eL[O
IsEnabled
css.baml
MSBAML
MSBAML
没有防病毒引擎扫描信息!

进程树

_____________2024.040404.exe, PID: 2716, 上一级进程 PID: 2276
services.exe, PID: 424, 上一级进程 PID: 328
mscorsvw.exe, PID: 1600, 上一级进程 PID: 424
mscorsvw.exe, PID: 2468, 上一级进程 PID: 424
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49157 104.98.118.171 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49157 104.98.118.171 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 63.338 seconds )

  • 35.738 Static
  • 10.889 Suricata
  • 7.295 VirusTotal
  • 4.38 TargetInfo
  • 3.059 NetworkAnalysis
  • 0.954 BehaviorAnalysis
  • 0.563 static_dotnet
  • 0.319 peid
  • 0.074 Strings
  • 0.054 config_decoder
  • 0.011 AnalysisInfo
  • 0.002 Memory

Signatures ( 1.857 seconds )

  • 1.342 proprietary_url_bl
  • 0.054 api_spamming
  • 0.047 antiav_detectreg
  • 0.042 stealth_timeout
  • 0.041 stealth_decoy_document
  • 0.022 antiav_detectfile
  • 0.022 infostealer_ftp
  • 0.014 mimics_filetime
  • 0.014 infostealer_bitcoin
  • 0.014 infostealer_im
  • 0.013 reads_self
  • 0.013 virus
  • 0.011 stealth_file
  • 0.011 antivm_generic_disk
  • 0.01 bootkit
  • 0.009 hancitor_behavior
  • 0.009 antianalysis_detectreg
  • 0.009 antivm_vbox_files
  • 0.008 infostealer_mail
  • 0.008 proprietary_domain_bl
  • 0.007 antiemu_wine_func
  • 0.007 proprietary_anomaly_massive_file_ops
  • 0.007 anomaly_persistence_autorun
  • 0.007 infostealer_browser_password
  • 0.007 kovter_behavior
  • 0.006 antivm_generic_scsi
  • 0.006 geodo_banking_trojan
  • 0.005 antivm_generic_services
  • 0.004 betabot_behavior
  • 0.004 anormaly_invoke_kills
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 antivm_vbox_libs
  • 0.003 rat_nanocore
  • 0.003 injection_createremotethread
  • 0.003 dyre_behavior
  • 0.003 kibex_behavior
  • 0.003 shifu_behavior
  • 0.003 antidbg_devices
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 hawkeye_behavior
  • 0.002 network_tor
  • 0.002 antiav_avast_libs
  • 0.002 antisandbox_sunbelt_libs
  • 0.002 antisandbox_sboxie_libs
  • 0.002 exec_crash
  • 0.002 encrypted_ioc
  • 0.002 injection_runpe
  • 0.002 antivm_generic_diskreg
  • 0.002 antivm_parallels_keys
  • 0.002 antivm_xen_keys
  • 0.002 disables_browser_warn
  • 0.002 darkcomet_regkeys
  • 0.002 rat_pcclient
  • 0.001 infostealer_browser
  • 0.001 dridex_behavior
  • 0.001 rat_luminosity
  • 0.001 kazybot_behavior
  • 0.001 antiav_bitdefender_libs
  • 0.001 antidbg_windows
  • 0.001 cerber_behavior
  • 0.001 cryptowall_behavior
  • 0.001 sniffer_winpcap
  • 0.001 antianalysis_detectfile
  • 0.001 antisandbox_productid
  • 0.001 antivm_vmware_files
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 codelux_behavior
  • 0.001 malicous_targeted_flame
  • 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
  • 0.001 proprietary_bad_drop
  • 0.001 network_cnc_http
  • 0.001 recon_fingerprint

Reporting ( 0.559 seconds )

  • 0.514 ReportHTMLSummary
  • 0.045 Malheur
Task ID 744319
Mongo ID 662a7336dc327b93ac415abd
Cuckoo release 1.4-Maldun