比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2024-04-26 01:04:14 2024-04-26 01:06:36 142 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 客户端.exe
文件大小 18268160 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 26f2350e7ba600fa1d496b9cfe2be4d9
SHA1 574acb9d8d2ab2cfbd12f72ee42f1092b7f8ac11
SHA256 9a3d500888a79350806d7594df36e6d3f3bb8a3de0a8f7fb15ffd8a3d21ec77d
SHA512 08fb4c33548817945c1ede0c9950c093ce27dff772a3b24257b0da7f291c93c60e7ffb946517418497b6a2500ffca2c9e86cf9523ee07ba0a546be745356746b
CRC32 F01BB4A3
Ssdeep 196608:HgK8EH/JkWboXec9BDalkbWT1c9BDalYc9BDalF:BJkWlc9sphc9sWc9sz
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
116.62.150.157 中国

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x005027fc
声明校验值 0x00000000
最低操作系统版本要求 4.0
编译时间 2024-04-05 17:53:49
载入哈希 aaa00503a1ad5de02bead24f06f8ccab
导出DLL库名称 \x31\x32\x31\x31\x31\x32\x34\x31\x31\x31

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x001266e1 0x00127000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.55
.rdata 0x00128000 0x00cf6879 0x00cf7000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.43
.data 0x00e1f000 0x000bc5d7 0x0006e000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.58
.rsrc 0x00edc000 0x002de348 0x002df000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 8.00

导入

库: kernel32.dll:
0x52884c GetVersion
0x528858 lstrlenA
0x52885c GlobalFlags
0x528860 lstrcpynA
0x528864 lstrcpyA
0x528868 lstrcatA
0x528870 TlsGetValue
0x528874 LocalReAlloc
0x528878 TlsSetValue
0x528880 WideCharToMultiByte
0x528884 MultiByteToWideChar
0x528888 SetLastError
0x52888c GetLastError
0x528890 GlobalFindAtomA
0x528894 GlobalAddAtomA
0x528898 GlobalGetAtomNameA
0x52889c GetProcessVersion
0x5288a0 GetCurrentProcess
0x5288a4 GlobalReAlloc
0x5288a8 WriteFile
0x5288b0 TlsFree
0x5288b4 GlobalHandle
0x5288b8 GlobalUnlock
0x5288bc GlobalFree
0x5288c4 TlsAlloc
0x5288cc LocalFree
0x5288d0 LocalAlloc
0x5288d4 CloseHandle
0x5288d8 GetModuleFileNameA
0x5288dc GlobalLock
0x5288e0 GlobalAlloc
0x5288e4 GlobalDeleteAtom
0x5288e8 lstrcmpA
0x5288ec lstrcmpiA
0x5288f0 GetCurrentThread
0x5288f4 GetCurrentThreadId
0x5288f8 GetCPInfo
0x5288fc GetOEMCP
0x528900 GetCommandLineA
0x528904 RtlUnwind
0x528908 TerminateProcess
0x52890c RaiseException
0x528910 HeapSize
0x528914 GetACP
0x528918 SetHandleCount
0x52891c GetStdHandle
0x528920 GetFileType
0x528924 GetStartupInfoA
0x528938 RtlMoveMemory
0x528940 GetVersionExA
0x528944 HeapDestroy
0x528948 HeapCreate
0x52894c VirtualFree
0x528950 VirtualAlloc
0x528954 IsBadWritePtr
0x52895c LCMapStringW
0x528960 GetStringTypeA
0x528964 GetStringTypeW
0x528968 IsBadCodePtr
0x52896c LCMapStringA
0x528970 LoadLibraryA
0x528974 GetProcAddress
0x528978 FreeLibrary
0x52897c IsBadReadPtr
0x528980 HeapFree
0x528984 HeapReAlloc
0x528988 HeapAlloc
0x52898c ExitProcess
0x528990 GetProcessHeap
0x528994 RtlFillMemory
0x528998 GetModuleHandleA
0x52899c SetErrorMode
库: user32.dll:
0x5289c0 DestroyWindow
0x5289c4 CreateWindowExA
0x5289c8 GetClassLongA
0x5289cc SetPropA
0x5289d0 GetPropA
0x5289d4 CallWindowProcA
0x5289d8 RemovePropA
0x5289dc DefWindowProcA
0x5289e0 GetMessageTime
0x5289e4 GetMessagePos
0x5289e8 GetForegroundWindow
0x5289ec SetForegroundWindow
0x5289f8 IsIconic
0x5289fc GetWindowPlacement
0x528a00 GetSystemMetrics
0x528a04 SetFocus
0x528a08 ShowWindow
0x528a0c SetWindowPos
0x528a10 SetWindowLongA
0x528a14 GetDlgItem
0x528a18 GrayStringA
0x528a1c DrawTextA
0x528a20 TabbedTextOutA
0x528a24 ReleaseDC
0x528a28 GetDC
0x528a2c GetMenuItemCount
0x528a30 GetWindowTextA
0x528a34 SetWindowTextA
0x528a38 ClientToScreen
0x528a3c GetMenuItemID
0x528a40 GetDlgCtrlID
0x528a44 GetWindowRect
0x528a48 PtInRect
0x528a4c GetClassNameA
0x528a50 UnregisterClassA
0x528a54 UnhookWindowsHookEx
0x528a5c LoadBitmapA
0x528a60 GetMenuState
0x528a64 ModifyMenuA
0x528a68 SetMenuItemBitmaps
0x528a6c CheckMenuItem
0x528a70 EnableMenuItem
0x528a74 GetNextDlgTabItem
0x528a78 GetMessageA
0x528a7c TranslateMessage
0x528a80 DispatchMessageA
0x528a84 GetActiveWindow
0x528a88 GetKeyState
0x528a8c CallNextHookEx
0x528a90 ValidateRect
0x528a94 IsWindowVisible
0x528a98 PeekMessageA
0x528a9c GetCursorPos
0x528aa0 SetWindowsHookExA
0x528aa4 GetSubMenu
0x528aa8 GetMenu
0x528aac RegisterClassA
0x528ab0 GetClassInfoA
0x528ab4 WinHelpA
0x528ab8 GetCapture
0x528abc GetTopWindow
0x528ac0 CopyRect
0x528ac4 GetClientRect
0x528ac8 AdjustWindowRectEx
0x528acc GetSysColor
0x528ad0 MapWindowPoints
0x528ad4 LoadIconA
0x528ad8 LoadCursorA
0x528adc GetParent
0x528ae0 GetLastActivePopup
0x528ae4 IsWindowEnabled
0x528ae8 GetWindowLongA
0x528aec EnableWindow
0x528af0 SetCursor
0x528af4 GetSysColorBrush
0x528af8 PostQuitMessage
0x528afc DestroyMenu
0x528b00 wsprintfA
0x528b04 MessageBoxA
0x528b08 SendMessageA
0x528b0c PostMessageA
0x528b10 GetWindow
0x528b14 LoadStringA
0x528b18 GetFocus
库: gdi32.dll:
0x5287e8 SetWindowExtEx
0x5287ec TextOutA
0x5287f0 RectVisible
0x5287f4 PtVisible
0x5287f8 GetDeviceCaps
0x5287fc Escape
0x528800 GetClipBox
0x528804 ScaleWindowExtEx
0x528808 ScaleViewportExtEx
0x52880c GetObjectA
0x528810 CreateBitmap
0x528814 DeleteObject
0x528818 DeleteDC
0x52881c SaveDC
0x528820 RestoreDC
0x528824 SelectObject
0x528828 GetStockObject
0x52882c SetBkColor
0x528830 SetTextColor
0x528834 SetMapMode
0x528838 SetViewportOrgEx
0x52883c OffsetViewportOrgEx
0x528840 SetViewportExtEx
0x528844 ExtTextOutA
库: winspool.drv:
0x528b20 ClosePrinter
0x528b24 OpenPrinterA
0x528b28 DocumentPropertiesA
库: advapi32.dll:
0x5287b8 RegCloseKey
0x5287bc RegOpenKeyExA
0x5287c0 RegSetValueExA
0x5287c4 RegCreateKeyExA
库: comctl32.dll:
0x5287cc None
库: WINMM.dll:
0x5286cc midiStreamRestart
0x5286d0 midiStreamClose
0x5286d4 midiOutReset
0x5286d8 midiStreamStop
0x5286dc midiStreamOut
0x5286e4 midiStreamProperty
0x5286e8 midiStreamOpen
0x5286f0 waveOutOpen
0x5286f4 waveOutGetNumDevs
0x5286f8 waveOutClose
0x5286fc waveOutReset
0x528700 waveOutPause
0x528704 waveOutWrite
0x528714 waveInClose
0x528718 waveInStart
0x52871c waveInOpen
0x528720 waveInReset
0x528724 waveInAddBuffer
0x528728 waveInPrepareHeader
0x52872c waveOutRestart
库: WS2_32.dll:
0x528744 inet_ntoa
0x528748 gethostbyname
0x52874c WSAStartup
0x528750 WSACleanup
0x528754 select
0x528758 send
0x52875c closesocket
0x528760 WSAAsyncSelect
0x528764 inet_addr
0x528768 bind
0x52876c htonl
0x528770 socket
0x528774 sendto
0x528778 recvfrom
0x52877c ioctlsocket
0x528780 connect
0x528784 listen
0x528788 getpeername
0x52878c accept
0x528790 __WSAFDIsSet
0x528794 shutdown
0x528798 gethostname
0x52879c ntohs
0x5287a0 getsockname
0x5287a4 ntohl
0x5287a8 htons
0x5287ac recv
0x5287b0 WSAGetLastError
库: VERSION.dll:
0x5286bc GetFileVersionInfoA
0x5286c0 VerQueryValueA
0x5286c4 VerLanguageNameA
库: KERNEL32.dll:
0x528188 GetStartupInfoA
0x52818c GetOEMCP
0x528190 GetCPInfo
0x528194 GetProcessVersion
0x528198 SetErrorMode
0x52819c GlobalFlags
0x5281a0 GetCurrentThread
0x5281a4 GetFileTime
0x5281a8 TlsGetValue
0x5281ac LocalReAlloc
0x5281b0 TlsSetValue
0x5281b4 TlsFree
0x5281b8 GlobalHandle
0x5281bc TlsAlloc
0x5281c0 LocalAlloc
0x5281c4 lstrcmpA
0x5281c8 GlobalGetAtomNameA
0x5281cc GlobalAddAtomA
0x5281d0 GlobalFindAtomA
0x5281d4 GlobalDeleteAtom
0x5281d8 SetEndOfFile
0x5281dc UnlockFile
0x5281e0 LockFile
0x5281e4 FlushFileBuffers
0x5281e8 DuplicateHandle
0x5281ec lstrcpynA
0x5281f8 LocalFree
0x528204 RtlUnwind
0x528208 IsBadReadPtr
0x52820c VirtualFree
0x528210 VirtualAlloc
0x528214 GetCurrentProcessId
0x52821c lstrcmpiA
0x528220 GetVersion
0x528228 GetSystemTime
0x52822c GetLocalTime
0x528230 RaiseException
0x528234 HeapSize
0x528238 GetACP
0x528240 SetLastError
0x528244 GetSystemDirectoryA
0x52824c TerminateProcess
0x528250 GetCurrentProcess
0x528254 GetFileSize
0x528258 SetFilePointer
0x52825c TerminateThread
0x528260 CreateSemaphoreA
0x528264 ResumeThread
0x528268 ReleaseSemaphore
0x528274 GetProfileStringA
0x528278 WriteFile
0x52828c SetHandleCount
0x528290 GetStdHandle
0x528294 GetFileType
0x528298 HeapDestroy
0x52829c HeapCreate
0x5282a4 LCMapStringA
0x5282a8 LCMapStringW
0x5282ac IsBadWritePtr
0x5282b0 GetStringTypeA
0x5282b4 GetStringTypeW
0x5282bc CompareStringA
0x5282c0 CompareStringW
0x5282c4 IsBadCodePtr
0x5282c8 SetStdHandle
0x5282cc InterlockedExchange
0x5282d0 CreateMutexA
0x5282d4 ReleaseMutex
0x5282d8 SuspendThread
0x5282e0 CreateFileA
0x5282e4 SetEvent
0x5282e8 FindResourceA
0x5282ec CloseHandle
0x5282f0 WaitForSingleObject
0x5282f4 CreateProcessA
0x5282f8 GetTickCount
0x5282fc GetCommandLineA
0x528300 MulDiv
0x528304 GetProcAddress
0x528308 GetModuleHandleA
0x528318 CreateDirectoryA
0x52831c CopyFileA
0x528320 DeleteFileA
0x528324 MoveFileA
0x528328 GetFileAttributesA
0x52832c FindClose
0x528330 FindFirstFileA
0x528334 GetTempPathA
0x528338 GlobalUnlock
0x52833c GlobalLock
0x528340 GlobalAlloc
0x528348 Sleep
0x52834c CreateEventA
0x528350 CreateThread
0x52835c GetVersionExA
0x528360 GetLastError
0x528364 LoadLibraryA
0x528368 FreeLibrary
0x52836c GetFullPathNameA
0x528370 GetUserDefaultLCID
0x528374 HeapAlloc
0x528378 GetProcessHeap
0x52837c HeapReAlloc
0x528380 HeapFree
0x528384 GlobalReAlloc
0x528388 GetDriveTypeA
0x52838c FindNextFileA
0x528390 lstrcpyA
0x528394 WinExec
0x528398 lstrlenA
0x52839c lstrcatA
0x5283a8 GlobalFree
0x5283ac GlobalSize
0x5283b0 ExitProcess
0x5283b4 GetCurrentThreadId
0x5283b8 MultiByteToWideChar
0x5283bc WideCharToMultiByte
0x5283c0 GetModuleFileNameA
0x5283c4 RemoveDirectoryA
0x5283c8 lstrlenW
0x5283cc ReadFile
0x5283d0 SizeofResource
0x5283d4 LockResource
0x5283d8 LoadResource
库: USER32.dll:
0x528440 DestroyCursor
0x528444 SetParent
0x528448 IsWindow
0x52844c PostMessageA
0x528450 GetTopWindow
0x528454 GetParent
0x528458 GetFocus
0x52845c GetClientRect
0x528460 InvalidateRect
0x528464 ValidateRect
0x528468 UpdateWindow
0x52846c EqualRect
0x528470 GetWindowRect
0x528474 SetForegroundWindow
0x528478 DestroyMenu
0x52847c IsChild
0x528480 ReleaseDC
0x528484 IsRectEmpty
0x528488 FillRect
0x52848c GetDC
0x528490 SetCursor
0x528494 LoadCursorA
0x528498 SetCursorPos
0x52849c SetActiveWindow
0x5284a0 GetSysColor
0x5284a4 SetWindowLongA
0x5284a8 GetWindowLongA
0x5284ac RedrawWindow
0x5284b0 EnableWindow
0x5284b4 IsWindowVisible
0x5284b8 OffsetRect
0x5284bc PtInRect
0x5284c0 DestroyIcon
0x5284c4 IntersectRect
0x5284c8 InflateRect
0x5284cc SetRect
0x5284d0 SetScrollPos
0x5284d4 SetScrollRange
0x5284d8 GetScrollRange
0x5284dc SetCapture
0x5284e0 GetCapture
0x5284e4 ReleaseCapture
0x5284e8 SetTimer
0x5284ec UnregisterClassA
0x5284f0 WinHelpA
0x5284f4 LoadBitmapA
0x5284f8 CopyRect
0x528500 ScreenToClient
0x528504 GetMessagePos
0x528508 SetWindowRgn
0x528510 GetWindow
0x528514 GetActiveWindow
0x528518 SetFocus
0x52851c IsIconic
0x528520 PeekMessageA
0x528524 SetMenu
0x528528 GetMenu
0x52852c DeleteMenu
0x528530 CharUpperA
0x528534 DefWindowProcA
0x528538 GetClassInfoA
0x52853c IsZoomed
0x528540 PostQuitMessage
0x528548 GetKeyState
0x528550 IsWindowEnabled
0x528554 ShowWindow
0x52855c LoadImageA
0x528564 ClientToScreen
0x528568 EnableMenuItem
0x52856c GetSubMenu
0x528570 GetDlgCtrlID
0x528578 CreateMenu
0x52857c ModifyMenuA
0x528580 AppendMenuA
0x528584 CreatePopupMenu
0x528588 DrawIconEx
0x528598 SendMessageA
0x52859c DispatchMessageA
0x5285a0 GetMessageA
0x5285a4 WindowFromPoint
0x5285a8 DrawFocusRect
0x5285ac DrawEdge
0x5285b0 DrawFrameControl
0x5285b4 TranslateMessage
0x5285b8 LoadIconA
0x5285bc GetDesktopWindow
0x5285c0 GetClassNameA
0x5285c4 GetDlgItem
0x5285c8 FindWindowExA
0x5285cc GetWindowTextA
0x5285d0 DrawTextA
0x5285d4 SetWindowsHookExA
0x5285d8 UnhookWindowsHookEx
0x5285e0 CallNextHookEx
0x5285e4 CallWindowProcA
0x5285e8 GetWindowDC
0x5285ec GetSysColorBrush
0x5285f0 FrameRect
0x5285f4 GetForegroundWindow
0x5285f8 DestroyWindow
0x528600 EndDialog
0x528604 GetNextDlgTabItem
0x528608 GetWindowPlacement
0x528610 GetLastActivePopup
0x528614 GetMessageTime
0x528618 RemovePropA
0x52861c GetPropA
0x528620 SetPropA
0x528624 GetClassLongA
0x528628 CreateWindowExA
0x52862c GetMenuItemID
0x528630 GetMenuItemCount
0x528634 RegisterClassA
0x528638 GetScrollPos
0x52863c AdjustWindowRectEx
0x528640 MapWindowPoints
0x528644 SendDlgItemMessageA
0x528648 ScrollWindowEx
0x52864c IsDialogMessageA
0x528650 SetWindowTextA
0x528654 MoveWindow
0x528658 CheckMenuItem
0x52865c SetMenuItemBitmaps
0x528660 GetMenuState
0x528668 LoadStringA
0x52866c SetWindowPos
0x528670 MessageBoxA
0x528674 GetSystemMetrics
0x528678 GetCursorPos
0x52867c EmptyClipboard
0x528680 SetClipboardData
0x528684 OpenClipboard
0x528688 GetClipboardData
0x52868c CloseClipboard
0x528690 wsprintfA
0x528694 WaitForInputIdle
0x528698 GrayStringA
0x52869c TabbedTextOutA
0x5286a0 EndPaint
0x5286a4 SetRectEmpty
0x5286a8 BeginPaint
0x5286ac GetSystemMenu
0x5286b0 KillTimer
库: GDI32.dll:
0x528030 ExcludeClipRect
0x528034 GetClipBox
0x528038 ScaleWindowExtEx
0x52803c SetWindowExtEx
0x528040 SetWindowOrgEx
0x528044 ScaleViewportExtEx
0x528048 SetViewportExtEx
0x52804c OffsetViewportOrgEx
0x528050 SetViewportOrgEx
0x528054 SetMapMode
0x528058 SetROP2
0x52805c SetPolyFillMode
0x528060 RestoreDC
0x528064 SaveDC
0x528068 GetDIBits
0x52806c GetWindowExtEx
0x528070 GetViewportOrgEx
0x528074 GetWindowOrgEx
0x528078 BeginPath
0x52807c EndPath
0x528080 PathToRegion
0x528084 CreateEllipticRgn
0x528088 CreateRoundRectRgn
0x52808c GetTextColor
0x528090 GetBkMode
0x528094 GetBkColor
0x528098 GetROP2
0x52809c GetStretchBltMode
0x5280a0 GetPolyFillMode
0x5280a8 CreateDCA
0x5280ac CreateBitmap
0x5280b0 SelectObject
0x5280b4 CreatePen
0x5280b8 PatBlt
0x5280bc CombineRgn
0x5280c0 CreateRectRgn
0x5280c4 FillRgn
0x5280c8 CreateSolidBrush
0x5280cc CreateFontIndirectA
0x5280d0 GetStockObject
0x5280d4 GetObjectA
0x5280d8 EndPage
0x5280dc EndDoc
0x5280e0 DeleteDC
0x5280e4 StartDocA
0x5280e8 StartPage
0x5280ec BitBlt
0x5280f0 CreateCompatibleDC
0x5280f4 Ellipse
0x5280f8 Rectangle
0x5280fc LPtoDP
0x528100 DPtoLP
0x528104 GetCurrentObject
0x528108 RoundRect
0x52810c Arc
0x528114 GetDeviceCaps
0x528118 SetBkMode
0x52811c LineTo
0x528120 MoveToEx
0x528124 SetTextColor
0x52812c GetTextMetricsA
0x528130 ExtSelectClipRgn
0x528134 GetViewportExtEx
0x528138 PtVisible
0x52813c RectVisible
0x528140 TextOutA
0x528144 ExtTextOutA
0x528148 Escape
0x52814c RealizePalette
0x528150 SelectPalette
0x528154 StretchBlt
0x528158 CreatePalette
0x528160 CreateDIBitmap
0x528164 DeleteObject
0x528168 SelectClipRgn
0x52816c CreatePolygonRgn
0x528170 GetClipRgn
0x528174 SetStretchBltMode
0x528178 SetPixel
0x528180 SetBkColor
库: MSIMG32.dll:
0x5283e0 GradientFill
库: WINSPOOL.DRV:
0x528734 ClosePrinter
0x528738 DocumentPropertiesA
0x52873c OpenPrinterA
库: ADVAPI32.dll:
0x528000 RegQueryValueExA
0x528004 RegOpenKeyExA
0x528008 RegSetValueExA
0x52800c RegCreateKeyA
0x528010 RegQueryValueA
0x528014 RegCreateKeyExA
0x528018 RegOpenKeyA
0x52801c RegCloseKey
库: SHELL32.dll:
0x52842c ShellExecuteA
0x528434 SHChangeNotify
0x528438 Shell_NotifyIconA
库: ole32.dll:
0x5289a4 OleUninitialize
0x5289a8 CLSIDFromString
0x5289ac CoCreateInstance
0x5289b0 OleRun
0x5289b4 CLSIDFromProgID
0x5289b8 OleInitialize
库: OLEAUT32.dll:
0x5283e8 VariantCopy
0x5283ec VariantClear
0x5283f0 VariantChangeType
0x5283f4 SafeArrayGetUBound
0x5283f8 SafeArrayGetLBound
0x528400 SafeArrayAccessData
0x528404 SafeArrayGetElement
0x528408 VariantCopyInd
0x52840c VariantInit
0x528410 SysAllocString
0x528414 RegisterTypeLib
0x528418 LHashValOfNameSys
0x52841c LoadTypeLib
0x528420 UnRegisterTypeLib
0x528424 SafeArrayGetDim
库: COMCTL32.dll:
0x528024 None
0x528028 ImageList_Destroy
库: comdlg32.dll:
0x5287d4 ChooseColorA
0x5287d8 GetOpenFileNameA
0x5287dc GetSaveFileNameA
0x5287e0 GetFileTitleA

导出

序列 地址 名称
1 0x4d86d0 e2ee_CacheClear
2 0x4d8710 e2ee_CacheDecr
3 0x4d86b0 e2ee_CacheDelete
4 0x4d8690 e2ee_CacheExists
5 0x4d85d0 e2ee_CacheGet
6 0x4d8650 e2ee_CacheGetMulti
7 0x4d8670 e2ee_CacheGetMultiText
8 0x4d85f0 e2ee_CacheGetText
9 0x4d86f0 e2ee_CacheIncr
10 0x4d8610 e2ee_CacheSet
11 0x4d8730 e2ee_CacheSetExpire
12 0x4d8630 e2ee_CacheSetText
.text
`.rdata
@.data
.rsrc
h@wKAh
没有防病毒引擎扫描信息!

进程树

_________.exe, PID: 2616, 上一级进程 PID: 2288
客户端_保护.exe, PID: 2868, 上一级进程 PID: 2616
插件类_远程控制类_被控.exe, PID: 2316, 上一级进程 PID: 2616
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
116.62.150.157 中国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49177 116.62.150.157 80
192.168.122.201 49157 23.194.202.24 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49177 116.62.150.157 80
192.168.122.201 49157 23.194.202.24 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache
URL专业沙箱检测 -> http://116.62.150.157/kiven/config.txt 
GET /kiven/config.txt HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Language: zh-cn
Referer: http://116.62.150.157/kiven/config.txt
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: 116.62.150.157

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 64.26 seconds )

  • 34.976 Static
  • 11.777 Suricata
  • 7.072 VirusTotal
  • 4.269 NetworkAnalysis
  • 3.893 TargetInfo
  • 1.868 BehaviorAnalysis
  • 0.336 peid
  • 0.046 config_decoder
  • 0.011 Strings
  • 0.01 AnalysisInfo
  • 0.002 Memory

Signatures ( 38.915 seconds )

  • 36.014 network_http
  • 1.392 proprietary_url_bl
  • 0.324 antiav_detectreg
  • 0.11 infostealer_ftp
  • 0.106 api_spamming
  • 0.08 stealth_timeout
  • 0.074 stealth_decoy_document
  • 0.066 antianalysis_detectreg
  • 0.063 infostealer_im
  • 0.035 infostealer_mail
  • 0.033 mimics_filetime
  • 0.03 reads_self
  • 0.026 antivm_generic_scsi
  • 0.024 bootkit
  • 0.024 stealth_file
  • 0.024 virus
  • 0.022 antivm_generic_disk
  • 0.021 infostealer_browser
  • 0.018 recon_fingerprint
  • 0.016 kibex_behavior
  • 0.016 infostealer_browser_password
  • 0.016 antivm_parallels_keys
  • 0.016 antivm_xen_keys
  • 0.016 geodo_banking_trojan
  • 0.016 darkcomet_regkeys
  • 0.013 kovter_behavior
  • 0.012 antiemu_wine_func
  • 0.012 injection_createremotethread
  • 0.012 betabot_behavior
  • 0.011 proprietary_anomaly_massive_file_ops
  • 0.011 antiav_detectfile
  • 0.011 antivm_generic_diskreg
  • 0.01 hancitor_behavior
  • 0.009 process_interest
  • 0.009 antisandbox_productid
  • 0.008 antivm_vbox_libs
  • 0.008 injection_runpe
  • 0.008 proprietary_domain_bl
  • 0.007 proprietary_malicious_write_executeable_under_temp_to_regrun
  • 0.007 ipc_namedpipe
  • 0.007 infostealer_bitcoin
  • 0.006 proprietary_anomaly_write_exe_and_obsfucate_extension
  • 0.006 antivm_generic_services
  • 0.006 anomaly_persistence_autorun
  • 0.006 anormaly_invoke_kills
  • 0.006 vawtrak_behavior
  • 0.005 exec_crash
  • 0.005 bypass_firewall
  • 0.005 antivm_xen_keys
  • 0.005 antivm_hyperv_keys
  • 0.005 antivm_vbox_acpi
  • 0.005 antivm_vbox_keys
  • 0.005 antivm_vmware_keys
  • 0.005 antivm_vpc_keys
  • 0.005 proprietary_anomaly_invoke_vb_vba
  • 0.005 packer_armadillo_regkey
  • 0.005 ransomware_extensions
  • 0.005 ransomware_files
  • 0.005 recon_programs
  • 0.004 proprietary_anomaly_write_exe_and_dll_under_winroot_run
  • 0.004 sets_autoconfig_url
  • 0.004 process_needed
  • 0.004 antivm_generic_bios
  • 0.004 antivm_generic_cpu
  • 0.004 antivm_generic_system
  • 0.004 antivm_vbox_files
  • 0.003 proprietary_anomaly_terminated_process
  • 0.003 antiav_avast_libs
  • 0.003 rat_luminosity
  • 0.003 ransomware_message
  • 0.003 antisandbox_sunbelt_libs
  • 0.002 tinba_behavior
  • 0.002 rat_nanocore
  • 0.002 antivm_vmware_libs
  • 0.002 antisandbox_sboxie_libs
  • 0.002 antiav_bitdefender_libs
  • 0.002 disables_wfp
  • 0.002 cerber_behavior
  • 0.002 securityxploded_modules
  • 0.002 disables_browser_warn
  • 0.002 rat_pcclient
  • 0.001 hawkeye_behavior
  • 0.001 network_tor
  • 0.001 disables_spdy
  • 0.001 office_dl_write_exe
  • 0.001 office_write_exe
  • 0.001 dridex_behavior
  • 0.001 stealth_network
  • 0.001 shifu_behavior
  • 0.001 antidbg_windows
  • 0.001 antidbg_devices
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 codelux_behavior
  • 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
  • 0.001 proprietary_bad_drop
  • 0.001 network_cnc_http
  • 0.001 stealth_modify_uac_prompt
  • 0.001 stealth_modify_security_center_warnings

Reporting ( 0.621 seconds )

  • 0.549 ReportHTMLSummary
  • 0.072 Malheur
Task ID 744323
Mongo ID 662a8e14dc327b93ad415e09
Cuckoo release 1.4-Maldun