比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2024-04-26 11:13:46 2024-04-26 11:16:12 146 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 EasyConnectInstaller.exe
文件大小 14609040 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 26c1aa3d2dea9bb2353c25dac001ac63
SHA1 63056238d5c9631c8c22a8067a4aaf759d5bf08d
SHA256 d884ef1b508e24aec9ba60813d1fddb7b6e5ac34f29e4ae85412c3006fae9e06
SHA512 c51b107deb9533c179523bca5605711c8f5e8545073ba136963a3ef51395fd7cecef2225bc52fefe92134651c80e14b204a3e63d3033fdcf1c52d7b1bb2909cf
CRC32 EB372983
Ssdeep 393216:K/SJj/m2EdAgPJ9YQCVSomddxSAU817tS90KnuYkD:7J62wJOVSlxSG17P3b
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004036a0
声明校验值 0x00dfbe7f
实际校验值 0x00dfbe7f
最低操作系统版本要求 4.0
编译时间 2009-12-06 06:53:18
载入哈希 dfb06052e74b26a42b0e490bd1c07959

版本信息

LegalCopyright
FileVersion
LegalTrademarks
ProductName
ProductVersion
FileDescription
Translation

微软证书验证 (Sign Tool)

SHA1 时间戳 有效性 错误
459e954077d9cabc596cdd8c10576a652b347173 Fri Apr 09 18:47:22 2021
WinVerifyTrust returned error 0x80096005 /
证书链 Certificate Chain 1
发行给 DigiCert Assured ID Root CA
发行人 DigiCert Assured ID Root CA
有效期 Mon Nov 10 080000 2031
SHA1 哈希 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43
证书链 Certificate Chain 2
发行给 DigiCert Assured ID Code Signing CA-1
发行人 DigiCert Assured ID Root CA
有效期 Tue Feb 10 200000 2026
SHA1 哈希 409aa4a74a0cda7c0fee6bd0bb8823d16b5f1875
证书链 Certificate Chain 3
发行给 Sangfor Technologies Inc.
发行人 DigiCert Assured ID Code Signing CA-1
有效期 Wed Mar 22 200000 2023
SHA1 哈希 d416881f81160b7d83d877311965d671454bab57
证书链 Timestamp Chain 1
发行给 Starfield Secure Certificate Authority - G2
发行人 Starfield Root Certificate Authority - G2
有效期 Sat May 03 150000 2031
SHA1 哈希 7edc376dcfd45e6ddf082c160df6ac21835b95d4
证书链 Timestamp Chain 2
发行给 Starfield Timestamp Authority - G2
发行人 Starfield Secure Certificate Authority - G2
有效期 Tue Sep 09 150000 2025
SHA1 哈希 7280a5fcd8dfe11f01fe8601b15ec41a376f05e2

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000061a4 0x00006200 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.44
.rdata 0x00008000 0x000011e0 0x00001200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.31
.data 0x0000a000 0x0001c3f8 0x00000c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.13
.ndata 0x00027000 0x0000f000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.rsrc 0x00036000 0x0000de60 0x0000e000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 2.30

导入

库: KERNEL32.dll:
0x408060 CompareFileTime
0x408064 SearchPathA
0x408068 GetShortPathNameA
0x40806c GetFullPathNameA
0x408070 MoveFileA
0x408078 GetFileAttributesA
0x40807c GetLastError
0x408080 CreateDirectoryA
0x408084 SetFileAttributesA
0x408088 Sleep
0x40808c GetTickCount
0x408090 CreateFileA
0x408094 GetFileSize
0x408098 GetModuleFileNameA
0x40809c GetCurrentProcess
0x4080a0 CopyFileA
0x4080a4 ExitProcess
0x4080a8 SetFileTime
0x4080ac GetTempPathA
0x4080b0 GetCommandLineA
0x4080b4 SetErrorMode
0x4080b8 LoadLibraryA
0x4080bc lstrcpynA
0x4080c0 GetDiskFreeSpaceA
0x4080c4 GlobalUnlock
0x4080c8 GlobalLock
0x4080cc CreateThread
0x4080d0 CreateProcessA
0x4080d4 RemoveDirectoryA
0x4080d8 GetTempFileNameA
0x4080dc lstrlenA
0x4080e0 lstrcatA
0x4080e4 GetSystemDirectoryA
0x4080e8 GetVersion
0x4080ec CloseHandle
0x4080f0 lstrcmpiA
0x4080f4 lstrcmpA
0x4080fc GlobalFree
0x408100 GlobalAlloc
0x408104 WaitForSingleObject
0x408108 GetExitCodeProcess
0x40810c GetModuleHandleA
0x408110 LoadLibraryExA
0x408114 GetProcAddress
0x408118 FreeLibrary
0x40811c MultiByteToWideChar
0x408128 WriteFile
0x40812c ReadFile
0x408130 SetFilePointer
0x408134 MulDiv
0x408138 FindClose
0x40813c FindNextFileA
0x408140 FindFirstFileA
0x408144 DeleteFileA
库: USER32.dll:
0x40816c EndDialog
0x408170 ScreenToClient
0x408174 GetWindowRect
0x408178 EnableMenuItem
0x40817c GetSystemMenu
0x408180 SetClassLongA
0x408184 IsWindowEnabled
0x408188 SetWindowPos
0x40818c GetSysColor
0x408190 GetWindowLongA
0x408194 SetCursor
0x408198 LoadCursorA
0x40819c CheckDlgButton
0x4081a0 GetAsyncKeyState
0x4081a4 IsDlgButtonChecked
0x4081a8 GetMessagePos
0x4081ac LoadBitmapA
0x4081b0 CallWindowProcA
0x4081b4 IsWindowVisible
0x4081b8 CloseClipboard
0x4081bc SetClipboardData
0x4081c0 RegisterClassA
0x4081c4 OpenClipboard
0x4081c8 TrackPopupMenu
0x4081cc AppendMenuA
0x4081d0 CreatePopupMenu
0x4081d4 GetSystemMetrics
0x4081d8 SetDlgItemTextA
0x4081dc GetDlgItemTextA
0x4081e0 MessageBoxIndirectA
0x4081e4 CharPrevA
0x4081e8 wvsprintfA
0x4081ec DispatchMessageA
0x4081f0 PeekMessageA
0x4081f4 DestroyWindow
0x4081f8 CreateDialogParamA
0x4081fc SetTimer
0x408200 SetWindowTextA
0x408204 PostQuitMessage
0x408208 ShowWindow
0x40820c wsprintfA
0x408210 SendMessageTimeoutA
0x408214 FindWindowExA
0x40821c CreateWindowExA
0x408220 GetClassInfoA
0x408224 DialogBoxParamA
0x408228 CharNextA
0x40822c EmptyClipboard
0x408230 ExitWindowsEx
0x408234 IsWindow
0x408238 GetDlgItem
0x40823c SetWindowLongA
0x408240 LoadImageA
0x408244 GetDC
0x408248 EnableWindow
0x40824c InvalidateRect
0x408250 SendMessageA
0x408254 DefWindowProcA
0x408258 BeginPaint
0x40825c GetClientRect
0x408260 FillRect
0x408264 DrawTextA
0x408268 EndPaint
0x40826c SetForegroundWindow
库: GDI32.dll:
0x40803c SetBkColor
0x408040 GetDeviceCaps
0x408044 DeleteObject
0x408048 CreateBrushIndirect
0x40804c CreateFontIndirectA
0x408050 SetBkMode
0x408054 SetTextColor
0x408058 SelectObject
库: SHELL32.dll:
0x408154 SHBrowseForFolderA
0x408158 SHGetFileInfoA
0x40815c ShellExecuteA
0x408160 SHFileOperationA
库: ADVAPI32.dll:
0x408000 RegQueryValueExA
0x408004 RegSetValueExA
0x408008 RegEnumKeyA
0x40800c RegEnumValueA
0x408010 RegOpenKeyExA
0x408014 RegDeleteKeyA
0x408018 RegDeleteValueA
0x40801c RegCloseKey
0x408020 RegCreateKeyExA
库: COMCTL32.dll:
0x408028 ImageList_AddMasked
0x40802c ImageList_Destroy
0x408030 None
0x408034 ImageList_Create
库: ole32.dll:
0x408284 CoTaskMemFree
0x408288 OleInitialize
0x40828c OleUninitialize
0x408290 CoCreateInstance
库: VERSION.dll:
0x408278 GetFileVersionInfoA
0x40827c VerQueryValueA
.text
`.rdata
@.data
.ndata
.rsrc
;5,cB
;5,cB
s495,cB
;5,cB
Vh cB
9=,cB
;=,cB
9=,cB
RichEdit
RichEdit20A
RichEd32
RichEd20
.DEFAULT\Control Panel\International
Control Panel\Desktop\ResourceLocale
Software\Microsoft\Windows\CurrentVersion
\Microsoft\Internet Explorer\Quick Launch
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
ReadFile
WriteFile
GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA
lstrcmpA
lstrcmpiA
CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
KERNEL32.dll
EndPaint
DrawTextA
FillRect
GetClientRect
BeginPaint
DefWindowProcA
SendMessageA
InvalidateRect
EnableWindow
GetDC
LoadImageA
SetWindowLongA
GetDlgItem
IsWindow
FindWindowExA
SendMessageTimeoutA
wsprintfA
ShowWindow
SetForegroundWindow
PostQuitMessage
SetWindowTextA
SetTimer
CreateDialogParamA
DestroyWindow
ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
USER32.dll
SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor
GDI32.dll
SHFileOperationA
ShellExecuteA
SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHELL32.dll
RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
ADVAPI32.dll
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
COMCTL32.dll
CoCreateInstance
OleUninitialize
OleInitialize
CoTaskMemFree
ole32.dll
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VERSION.dll
logging set to %d
settings logging to %d
created uninstaller: %d, "%s"
WriteReg: error creating key "%s\%s"
WriteReg: error writing into "%s\%s" "%s"
WriteRegBin: "%s\%s" "%s"="%s"
WriteRegDWORD: "%s\%s" "%s"="0x%08x"
WriteRegExpandStr: "%s\%s" "%s"="%s"
WriteRegStr: "%s\%s" "%s"="%s"
DeleteRegKey: "%s\%s"
DeleteRegValue: "%s\%s" "%s"
WriteINIStr: wrote [%s] %s=%s in %s
CopyFiles "%s"->"%s"
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
Error registering DLL: Could not initialize OLE
Error registering DLL: Could not load %s
Error registering DLL: %s not found in %s
Exec: failed createprocess ("%s")
Exec: success ("%s")
Exec: command="%s"
ExecShell: success ("%s": file:"%s" params:"%s")
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
HideWindow
Pop: stack empty
Exch: stack < %d elements
RMDir: "%s"
MessageBox: %d,"%s"
Delete: "%s"
File: wrote %d to "%s"
File: error, user cancel
File: skipped: "%s" (overwriteflag=%d)
File: error, user abort
File: error, user retry
File: error creating "%s"
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
Rename failed: %s
Rename on reboot: %s
Rename: %s
IfFileExists: file "%s" does not exist, jumping %d
IfFileExists: file "%s" exists, jumping %d
CreateDirectory: "%s" created
CreateDirectory: can't create "%s" - a file already exists
CreateDirectory: can't create "%s" (err=%d)
CreateDirectory: "%s" (%d)
SetFileAttributes failed.
SetFileAttributes: "%s":%08X
BringToFront
Sleep(%d)
detailprint: %s
Call: %d
Aborting: "%s"
Jump: %d
verifying installer: %d%%
unpacking data: %d%%
... %d%%
http://nsis.sf.net/NSIS_Error
Error writing temporary file. Make sure your temp folder is valid.
Error launching installer
SeShutdownPrivilege
~nsu.tmp
\Temp
NSIS Error
install.log
%u.%u%s%s
Skipping section: "%s"
Section: "%s"
New install of "%s" to "%s"
SHGetFolderPathA
SHFOLDER
SHAutoComplete
SHLWAPI
GetUserDefaultUILanguage
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteKeyExA
ADVAPI32
MoveFileExA
GetDiskFreeSpaceExA
KERNEL32
RMDir: RemoveDirectory failed("%s")
RMDir: RemoveDirectory on Reboot("%s")
RMDir: RemoveDirectory("%s")
RMDir: RemoveDirectory invalid input("%s")
Delete: DeleteFile failed("%s")
Delete: DeleteFile on Reboot("%s")
Delete: DeleteFile("%s")
*?|<>/":
invalid registry key
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
%02x%c
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency></assembly>
MS Shell Dlg
MS Shell Dlg
msctls_progress32
SysListView32
MS Shell Dlg
Please wait while Setup is loading...
msctls_progress32
SysListView32
Please wait while Setup is loading...
msctls_progress32
SysListView32
Please wait while Setup is loading...
VS_VERSION_INFO
StringFileInfo
000003a8
FileDescription
EasyConnect
FileVersion
7.6.7.0
LegalCopyright
Copyright (C) 2018
LegalTrademarks
Sangfor Technologies Inc.
ProductName
EasyConnect
ProductVersion
7,6,7,0
VarFileInfo
Translation
没有防病毒引擎扫描信息!

进程树

EasyConnectInstaller.exe, PID: 2612, 上一级进程 PID: 2264
Uninstall.exe, PID: 3060, 上一级进程 PID: 2612
SangforCSClientInstaller.exe, PID: 2400, 上一级进程 PID: 2612
TcpDriverInstaller.exe, PID: 2716, 上一级进程 PID: 2612
Remove.exe, PID: 2924, 上一级进程 PID: 2716
Install.exe, PID: 2360, 上一级进程 PID: 2716
services.exe, PID: 424, 上一级进程 PID: 328
DnsDriverInstaller.exe, PID: 2188, 上一级进程 PID: 2612
Remove.exe, PID: 2184, 上一级进程 PID: 2188
Install.exe, PID: 2556, 上一级进程 PID: 2188
SuperExeInstaller.exe, PID: 2756, 上一级进程 PID: 2612
expand.exe, PID: 2976, 上一级进程 PID: 2756
SangforServiceClientInstaller.exe, PID: 2288, 上一级进程 PID: 2612
expand.exe, PID: 2536, 上一级进程 PID: 2288
VC2010RedistX86UInstaller.exe, PID: 2528, 上一级进程 PID: 2612
SJobberInstaller.exe, PID: 2440, 上一级进程 PID: 2612
SangforUpdateInstaller.exe, PID: 2968, 上一级进程 PID: 2612
SangforRAppInstaller.exe, PID: 3044, 上一级进程 PID: 2612
InstallControl.exe, PID: 2572, 上一级进程 PID: 2612
VNICInstaller_X64.exe, PID: 2636, 上一级进程 PID: 2612
ndiscleanup.x64.exe, PID: 2984, 上一级进程 PID: 2636
vacon.exe, PID: 3032, 上一级进程 PID: 2636
svchost.exe, PID: 1116, 上一级进程 PID: 424
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49158 23.12.40.160 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49158 23.12.40.160 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 49.793 seconds )

  • 25.709 Static
  • 11.867 Suricata
  • 7.224 BehaviorAnalysis
  • 2.963 TargetInfo
  • 1.56 NetworkAnalysis
  • 0.413 peid
  • 0.032 config_decoder
  • 0.012 AnalysisInfo
  • 0.011 Strings
  • 0.002 Memory

Signatures ( 4.094 seconds )

  • 1.396 proprietary_url_bl
  • 0.289 api_spamming
  • 0.228 stealth_timeout
  • 0.212 stealth_decoy_document
  • 0.186 antiav_detectreg
  • 0.108 reads_self
  • 0.107 mimics_filetime
  • 0.093 stealth_file
  • 0.09 virus
  • 0.087 bootkit
  • 0.073 infostealer_ftp
  • 0.064 antivm_generic_disk
  • 0.056 infostealer_browser
  • 0.043 infostealer_im
  • 0.039 hancitor_behavior
  • 0.039 antianalysis_detectreg
  • 0.038 proprietary_anomaly_massive_file_ops
  • 0.038 ipc_namedpipe
  • 0.037 anomaly_persistence_autorun
  • 0.035 sets_autoconfig_url
  • 0.033 proprietary_malicious_write_executeable_under_temp_to_regrun
  • 0.033 antivm_generic_scsi
  • 0.032 proprietary_anomaly_write_exe_and_obsfucate_extension
  • 0.031 injection_createremotethread
  • 0.03 securityxploded_modules
  • 0.026 infostealer_browser_password
  • 0.025 ransomware_message
  • 0.025 antiav_detectfile
  • 0.024 infostealer_mail
  • 0.019 injection_runpe
  • 0.018 antivm_generic_services
  • 0.018 infostealer_bitcoin
  • 0.016 anormaly_invoke_kills
  • 0.016 ransomware_extensions
  • 0.015 disables_wfp
  • 0.014 disables_spdy
  • 0.014 dridex_behavior
  • 0.012 injection_explorer
  • 0.012 geodo_banking_trojan
  • 0.011 kibex_behavior
  • 0.011 kovter_behavior
  • 0.011 disables_browser_warn
  • 0.011 ransomware_files
  • 0.01 ransomware_dmalocker
  • 0.01 proprietary_anomaly_write_exe_and_dll_under_winroot_run
  • 0.01 office_dl_write_exe
  • 0.01 antivm_vbox_files
  • 0.01 antivm_xen_keys
  • 0.009 office_write_exe
  • 0.009 rat_luminosity
  • 0.009 betabot_behavior
  • 0.009 antivm_parallels_keys
  • 0.009 darkcomet_regkeys
  • 0.008 antiemu_wine_func
  • 0.008 anomaly_persistence_bootexecute
  • 0.008 shifu_behavior
  • 0.007 proprietary_anomaly_terminated_process
  • 0.007 banker_prinimalka
  • 0.007 antivm_vbox_libs
  • 0.007 anomaly_reset_winsock
  • 0.007 creates_largekey
  • 0.007 antisandbox_sunbelt_libs
  • 0.007 vawtrak_behavior
  • 0.007 browser_security
  • 0.007 proprietary_domain_bl
  • 0.006 antiav_avast_libs
  • 0.006 kelihos_behavior
  • 0.006 h1n1_behavior
  • 0.006 antivm_generic_diskreg
  • 0.006 modify_proxy
  • 0.006 recon_fingerprint
  • 0.005 tinba_behavior
  • 0.005 antisandbox_sboxie_libs
  • 0.005 antiav_bitdefender_libs
  • 0.005 pony_behavior
  • 0.005 browser_addon
  • 0.004 hawkeye_behavior
  • 0.004 exec_crash
  • 0.004 antidbg_windows
  • 0.004 antidbg_devices
  • 0.004 antisandbox_productid
  • 0.004 proprietary_malicious_drop_executable_file_to_temp_folder
  • 0.004 stealth_modify_security_center_warnings
  • 0.003 network_tor
  • 0.003 ransomeware_modifies_desktop_wallpaper
  • 0.003 cerber_behavior
  • 0.003 bypass_firewall
  • 0.003 antivm_xen_keys
  • 0.003 antivm_hyperv_keys
  • 0.003 antivm_vbox_acpi
  • 0.003 antivm_vbox_keys
  • 0.003 antivm_vmware_keys
  • 0.003 antivm_vpc_keys
  • 0.003 disables_system_restore
  • 0.003 disables_windows_defender
  • 0.003 proprietary_anomaly_invoke_vb_vba
  • 0.003 network_http
  • 0.003 packer_armadillo_regkey
  • 0.003 rat_pcclient
  • 0.003 stealth_modify_uac_prompt
  • 0.002 rat_nanocore
  • 0.002 antivm_vmware_libs
  • 0.002 kazybot_behavior
  • 0.002 encrypted_ioc
  • 0.002 antivm_generic_bios
  • 0.002 antivm_generic_cpu
  • 0.002 antivm_generic_system
  • 0.002 antivm_vmware_files
  • 0.002 codelux_behavior
  • 0.002 malicous_targeted_flame
  • 0.002 office_security
  • 0.002 rat_spynet
  • 0.002 recon_programs
  • 0.002 stealth_hiddenreg
  • 0.002 stealth_hide_notifications
  • 0.001 antivm_vbox_window
  • 0.001 gootkit_behavior
  • 0.001 Locky_behavior
  • 0.001 ursnif_behavior
  • 0.001 dyre_behavior
  • 0.001 sniffer_winpcap
  • 0.001 modifies_certs
  • 0.001 antiav_srp
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_vpc_files
  • 0.001 banker_cridex
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_startpage
  • 0.001 disables_app_launch
  • 0.001 disables_uac
  • 0.001 disables_wer
  • 0.001 disables_windowsupdate
  • 0.001 troldesh_behavior
  • 0.001 proprietary_bad_drop
  • 0.001 network_cnc_http
  • 0.001 network_tor_service
  • 0.001 locker_regedit
  • 0.001 locker_taskmgr
  • 0.001 ransomware_radamant
  • 0.001 stealth_hidden_extension

Reporting ( 0.706 seconds )

  • 0.61 ReportHTMLSummary
  • 0.096 Malheur
Task ID 744333
Mongo ID 662b1ceadc327b93ab415d9a
Cuckoo release 1.4-Maldun