分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2024-11-30 20:27:07 2024-11-30 20:27:47 40 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 msvcrt.dll
文件大小 1829376 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 155306ee830baca940531a548728bb39
SHA1 59fd3bb39fd92cf2807ce38768c98ae174d59424
SHA256 c313bcc98f7366ce9f450d0a5d699b417d09a49e267587e88b0b961569a42e69
SHA512 4561336ef1ef381728325d472df64a39ea94457de6f9da0bef19f1ee23c2577c8be38308ec28914b8c300da0817ad9b03e3a8c0ec63463eb22cb24519493c459
CRC32 DA10DB56
Ssdeep 49152:KQqyk2i4D7nFlUvVEQseyzFU7a3S7EQJi//9Y6wp1B9z:KQNk2ig7FlAEQseyz81Ji//9Y6wp
Yara 登录查看Yara规则
找不到该样本 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x10000000
入口地址 0x101249fb
声明校验值 0x00000000
实际校验值 0x001c7edf
最低操作系统版本要求 5.1
PDB路径 C:\Work\HITCTF\2024\SNAKE\DLL\msvcrt\Release\msvcrt.pdb
编译时间 2024-10-30 17:18:20
载入哈希 1808929d0e07bf4b4789dbed7094a700
导出DLL库名称 msvcrt.dll

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0014e8a5 0x0014ea00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.56
.rdata 0x00150000 0x0004aa66 0x0004ac00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.52
.data 0x0019b000 0x0000afb0 0x00005000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.89
.tls 0x001a6000 0x00000009 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.02
.rsrc 0x001a7000 0x00003168 0x00003200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.31
.reloc 0x001ab000 0x0001ca24 0x0001cc00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 6.49

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_CURSOR 0x001a9018 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.23 data
RT_CURSOR 0x001a9018 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.23 data
RT_CURSOR 0x001a9018 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.23 data
RT_CURSOR 0x001a9018 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.23 data
RT_CURSOR 0x001a9018 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.23 data
RT_CURSOR 0x001a9018 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.23 data
RT_CURSOR 0x001a9018 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.23 data
RT_CURSOR 0x001a9018 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.23 data
RT_CURSOR 0x001a9018 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.23 data
RT_CURSOR 0x001a9018 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.23 data
RT_CURSOR 0x001a9018 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.23 data
RT_CURSOR 0x001a9018 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.23 data
RT_CURSOR 0x001a9018 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.23 data
RT_CURSOR 0x001a9018 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.23 data
RT_CURSOR 0x001a9018 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.23 data
RT_CURSOR 0x001a9018 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.23 data
RT_BITMAP 0x001a9340 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001a9340 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_DIALOG 0x001a9250 0x00000034 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.38 data
RT_DIALOG 0x001a9250 0x00000034 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.38 data
RT_STRING 0x001a9d98 0x000001a8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.05 data
RT_STRING 0x001a9d98 0x000001a8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.05 data
RT_STRING 0x001a9d98 0x000001a8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.05 data
RT_STRING 0x001a9d98 0x000001a8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.05 data
RT_STRING 0x001a9d98 0x000001a8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.05 data
RT_STRING 0x001a9d98 0x000001a8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.05 data
RT_STRING 0x001a9d98 0x000001a8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.05 data
RT_STRING 0x001a9d98 0x000001a8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.05 data
RT_STRING 0x001a9d98 0x000001a8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.05 data
RT_STRING 0x001a9d98 0x000001a8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.05 data
RT_STRING 0x001a9d98 0x000001a8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.05 data
RT_STRING 0x001a9d98 0x000001a8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.05 data
RT_STRING 0x001a9d98 0x000001a8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.05 data
RT_GROUP_CURSOR 0x001a9150 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001a9150 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001a9150 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001a9150 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001a9150 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001a9150 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001a9150 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001a9150 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001a9150 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001a9150 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001a9150 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001a9150 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001a9150 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001a9150 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001a9150 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_VERSION 0x001a7a20 0x000002d0 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.64 data
RT_MANIFEST 0x001a9f40 0x00000224 LANG_ENGLISH SUBLANG_ENGLISH_US 5.04 XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators

导入

库: KERNEL32.dll:
0x101501c8 GetEnvironmentStringsW
0x101501cc IsValidCodePage
0x101501d0 GetStringTypeW
0x101501d4 GetTimeZoneInformation
0x101501d8 LCMapStringW
0x101501dc SetFilePointerEx
0x101501e0 ReadConsoleW
0x101501e4 GetConsoleMode
0x101501e8 GetConsoleCP
0x101501ec ExitProcess
0x101501f4 GetCommandLineW
0x101501f8 GetCommandLineA
0x101501fc HeapQueryInformation
0x10150200 GetModuleHandleExW
0x10150208 ExitThread
0x1015020c CreateThread
0x10150210 VirtualQuery
0x10150214 GetSystemInfo
0x10150218 GetFileType
0x1015021c SetStdHandle
0x10150220 InterlockedFlushSList
0x10150224 RtlUnwind
0x10150228 OutputDebugStringW
0x1015022c WriteConsoleW
0x10150230 CreateFileW
0x10150234 GetStdHandle
0x10150238 GetVolumeInformationA
0x1015023c HeapFree
0x10150244 HeapSize
0x10150248 GetLastError
0x1015024c HeapReAlloc
0x10150250 RaiseException
0x10150254 HeapAlloc
0x10150258 DecodePointer
0x1015025c DeleteCriticalSection
0x10150260 GetProcessHeap
0x10150264 MultiByteToWideChar
0x10150268 WideCharToMultiByte
0x1015026c LoadResource
0x10150270 LockResource
0x10150274 SizeofResource
0x10150278 GlobalAlloc
0x1015027c GlobalSize
0x10150280 GlobalLock
0x10150284 GlobalUnlock
0x10150288 GlobalFree
0x1015028c LocalFree
0x10150290 MulDiv
0x10150294 FormatMessageA
0x10150298 FindResourceW
0x1015029c CopyFileA
0x101502a0 SetLastError
0x101502a4 OutputDebugStringA
0x101502a8 GetModuleFileNameW
0x101502ac GetModuleHandleA
0x101502b0 GetModuleHandleW
0x101502b4 GetProcAddress
0x101502b8 LoadLibraryW
0x101502c0 EnterCriticalSection
0x101502c4 LeaveCriticalSection
0x101502c8 TlsAlloc
0x101502cc TlsGetValue
0x101502d0 TlsSetValue
0x101502d4 TlsFree
0x101502d8 GlobalReAlloc
0x101502dc GlobalHandle
0x101502e0 LocalAlloc
0x101502e4 LocalReAlloc
0x101502e8 SetErrorMode
0x101502ec GetModuleFileNameA
0x101502f0 CloseHandle
0x101502f4 SetEvent
0x101502f8 WaitForSingleObject
0x101502fc GetCurrentThreadId
0x10150300 SetThreadPriority
0x10150304 ResumeThread
0x10150308 CreateFileA
0x1015030c FindClose
0x10150310 FindFirstFileA
0x10150314 FlushFileBuffers
0x10150318 GetFileSize
0x1015031c GetFullPathNameA
0x10150320 LockFile
0x10150324 ReadFile
0x10150328 SetEndOfFile
0x1015032c SetFilePointer
0x10150330 UnlockFile
0x10150334 WriteFile
0x10150338 DuplicateHandle
0x1015033c GetCurrentProcess
0x10150340 lstrcmpiA
0x10150344 LoadLibraryA
0x10150348 VirtualAlloc
0x10150350 GetFileAttributesA
0x10150354 GetFileAttributesExA
0x10150358 GetFileSizeEx
0x1015035c GetFileTime
0x10150364 FileTimeToSystemTime
0x10150368 GetCurrentProcessId
0x1015036c lstrcmpA
0x10150370 GlobalGetAtomNameA
0x10150374 CompareStringA
0x10150378 EncodePointer
0x1015037c GetSystemDirectoryW
0x10150380 FreeLibrary
0x10150384 FreeResource
0x10150388 LoadLibraryExW
0x1015038c GlobalDeleteAtom
0x10150390 lstrcmpW
0x10150394 FindResourceA
0x10150398 GlobalAddAtomA
0x1015039c GlobalFindAtomA
0x101503a0 GlobalFlags
0x101503a4 GetVersionExA
0x101503a8 CompareStringW
0x101503b0 VirtualProtect
0x101503b4 GetOEMCP
0x101503b8 GetCPInfo
0x101503bc GetACP
0x101503c0 lstrcpyA
0x101503c4 GetCurrentDirectoryA
0x101503c8 FindResourceExW
0x101503cc GetWindowsDirectoryA
0x101503d0 VerSetConditionMask
0x101503d4 VerifyVersionInfoA
0x101503d8 GetTempPathA
0x101503dc GetTempFileNameA
0x101503e0 GetTickCount
0x101503e4 GetProfileIntA
0x101503e8 SearchPathA
0x101503ec Sleep
0x101503f0 ResetEvent
0x101503f4 WaitForSingleObjectEx
0x101503f8 CreateEventW
0x10150404 TerminateProcess
0x1015040c IsDebuggerPresent
0x10150410 GetStartupInfoW
0x1015041c InitializeSListHead
库: USER32.dll:
0x101504bc SetClipboardData
0x101504c0 CloseClipboard
0x101504c4 OpenClipboard
0x101504c8 SetParent
0x101504cc SetWindowRgn
0x101504d0 SetClassLongA
0x101504d4 EnumDisplayMonitors
0x101504dc GetKeyNameTextA
0x101504e0 MapVirtualKeyA
0x101504e4 GetMenuDefaultItem
0x101504e8 CreatePopupMenu
0x101504ec NotifyWinEvent
0x101504f0 LoadCursorW
0x101504f4 InvertRect
0x101504f8 HideCaret
0x101504fc EnableScrollBar
0x10150500 MessageBeep
0x10150504 GetIconInfo
0x10150508 DrawIconEx
0x1015050c LoadImageA
0x10150510 IsRectEmpty
0x10150514 DrawFocusRect
0x10150518 WindowFromPoint
0x1015051c ReleaseCapture
0x10150520 SetCapture
0x10150524 GetNextDlgGroupItem
0x10150528 KillTimer
0x1015052c SetTimer
0x10150530 DeleteMenu
0x10150534 SetCursor
0x10150538 ShowOwnedPopups
0x1015053c LoadImageW
0x10150540 InvalidateRect
0x10150544 TrackMouseEvent
0x10150548 MapDialogRect
0x1015054c GetAsyncKeyState
0x10150550 GetNextDlgTabItem
0x10150554 EndDialog
0x1015055c PostQuitMessage
0x10150560 OffsetRect
0x10150564 SetRectEmpty
0x10150568 CopyImage
0x1015056c SystemParametersInfoA
0x10150570 GetMenuItemInfoA
0x10150574 DestroyMenu
0x10150578 IntersectRect
0x1015057c InflateRect
0x10150580 DestroyIcon
0x10150588 GetDesktopWindow
0x1015058c IsDialogMessageA
0x10150590 SetWindowTextA
0x10150594 SendDlgItemMessageA
0x10150598 CheckDlgButton
0x1015059c MoveWindow
0x101505a0 ShowWindow
0x101505a4 GetMonitorInfoA
0x101505a8 MonitorFromWindow
0x101505ac WinHelpA
0x101505b0 GetScrollInfo
0x101505b4 SetScrollInfo
0x101505b8 LoadIconW
0x101505bc LoadIconA
0x101505c0 GetWindow
0x101505c4 GetTopWindow
0x101505c8 EmptyClipboard
0x101505cc GetClassLongA
0x101505d0 SetWindowLongA
0x101505d4 PtInRect
0x101505d8 EqualRect
0x101505dc CopyRect
0x101505e0 MapWindowPoints
0x101505e4 AdjustWindowRectEx
0x101505e8 GetWindowRect
0x101505ec GetClientRect
0x101505f0 SetCursorPos
0x101505f4 GetPropA
0x101505f8 SetPropA
0x101505fc ShowScrollBar
0x10150600 GetScrollRange
0x10150604 SetScrollRange
0x10150608 GetScrollPos
0x1015060c SetScrollPos
0x10150610 ScrollWindow
0x10150614 RedrawWindow
0x10150618 SetForegroundWindow
0x1015061c GetForegroundWindow
0x10150620 SetActiveWindow
0x10150624 UpdateWindow
0x10150628 TrackPopupMenu
0x1015062c SetMenu
0x10150630 GetMenu
0x10150634 GetCapture
0x10150638 SetFocus
0x1015063c GetDlgCtrlID
0x10150640 GetDlgItem
0x10150644 IsIconic
0x10150648 EndDeferWindowPos
0x1015064c DeferWindowPos
0x10150650 BeginDeferWindowPos
0x10150654 SetWindowPlacement
0x10150658 GetWindowPlacement
0x1015065c CopyIcon
0x10150660 FrameRect
0x10150664 DrawIcon
0x10150668 PeekMessageA
0x1015066c SendMessageA
0x10150670 IsWindowVisible
0x10150674 GetActiveWindow
0x10150678 GetKeyState
0x1015067c SetWindowPos
0x10150680 DestroyWindow
0x10150684 IsChild
0x10150688 IsMenu
0x1015068c IsWindow
0x10150690 CreateWindowExA
0x10150694 GetClassInfoExA
0x10150698 GetClassInfoA
0x1015069c RegisterClassA
0x101506a0 CallWindowProcA
0x101506a4 DefWindowProcA
0x101506a8 PostMessageA
0x101506ac GetMessageTime
0x101506b0 GetMessagePos
0x101506b4 RegisterWindowMessageA
0x101506b8 LoadBitmapW
0x101506bc UnionRect
0x101506c0 UpdateLayeredWindow
0x101506c4 MonitorFromPoint
0x101506c8 LoadAcceleratorsA
0x101506cc TranslateAcceleratorA
0x101506d0 LoadMenuA
0x101506d4 UnregisterClassA
0x101506d8 GetMenuStringA
0x101506dc GetMenuState
0x101506e0 GetSubMenu
0x101506e4 GetMenuItemID
0x101506e8 InsertMenuItemA
0x101506ec GetMenuItemCount
0x101506f0 InsertMenuA
0x101506f4 DrawStateA
0x101506f8 DrawEdge
0x101506fc DrawFrameControl
0x10150700 IsZoomed
0x10150704 LoadMenuW
0x10150708 GetSystemMenu
0x1015070c GetClassNameA
0x10150710 BringWindowToTop
0x10150714 ValidateRect
0x10150718 GetCursorPos
0x1015071c SetWindowsHookExA
0x10150720 CallNextHookEx
0x10150724 CharUpperA
0x10150728 GetSystemMetrics
0x1015072c EnableWindow
0x10150730 IsWindowEnabled
0x10150734 MessageBoxA
0x10150738 GetWindowLongA
0x1015073c GetParent
0x10150744 GetLastActivePopup
0x10150748 GetWindowTextA
0x1015074c GetWindowTextLengthA
0x10150750 GetDC
0x10150754 ReleaseDC
0x10150758 GetSysColor
0x1015075c GetSysColorBrush
0x10150760 LoadCursorA
0x10150764 DrawTextA
0x10150768 DrawTextExA
0x1015076c GrayStringA
0x10150770 TabbedTextOutA
0x10150774 GetWindowDC
0x10150778 BeginPaint
0x1015077c EndPaint
0x10150780 ClientToScreen
0x10150784 ScreenToClient
0x10150788 FillRect
0x1015078c GetFocus
0x10150790 CheckMenuItem
0x10150794 EnableMenuItem
0x10150798 SetMenuItemBitmaps
0x101507a0 SetMenuItemInfoA
0x101507a4 AppendMenuA
0x101507a8 RemoveMenu
0x101507ac UnhookWindowsHookEx
0x101507b0 GetMessageA
0x101507b4 TranslateMessage
0x101507b8 DestroyCursor
0x101507bc GetWindowRgn
0x101507c0 CreateMenu
0x101507c4 SubtractRect
0x101507c8 TranslateMDISysAccel
0x101507cc DefMDIChildProcA
0x101507d0 DefFrameProcA
0x101507d4 DrawMenuBar
0x101507d8 GetUpdateRect
0x101507e0 CharUpperBuffA
0x101507e8 ModifyMenuA
0x101507ec GetDoubleClickTime
0x101507f0 SetMenuDefaultItem
0x101507f4 LockWindowUpdate
0x101507f8 SetRect
0x101507fc CopyAcceleratorTableA
0x10150808 LoadAcceleratorsW
0x1015080c ToAsciiEx
0x10150810 GetKeyboardState
0x10150814 MapVirtualKeyExA
0x10150818 IsCharLowerA
0x1015081c GetKeyboardLayout
0x10150820 WaitMessage
0x10150824 PostThreadMessageA
0x10150828 GetComboBoxInfo
0x1015082c ReuseDDElParam
0x10150830 UnpackDDElParam
0x10150834 RemovePropA
0x10150838 DispatchMessageA
库: GDI32.dll:
0x10150028 GetTextFaceA
0x1015002c GetViewportOrgEx
0x10150030 GetWindowOrgEx
0x10150034 SetPixelV
0x10150038 SetPaletteEntries
0x1015003c ExtFloodFill
0x10150040 PtInRegion
0x10150044 GetBoundsRect
0x10150048 FrameRgn
0x1015004c FillRgn
0x10150050 RoundRect
0x10150054 OffsetRgn
0x10150058 GetRgnBox
0x1015005c Rectangle
0x10150060 LPtoDP
0x10150064 CreateRoundRectRgn
0x10150068 Polyline
0x1015006c Polygon
0x10150070 CreatePolygonRgn
0x10150074 GetTextColor
0x10150078 Ellipse
0x1015007c CreateEllipticRgn
0x10150080 SetDIBColorTable
0x10150084 CreateDIBSection
0x10150088 StretchBlt
0x1015008c SetPixel
0x10150090 GetTextCharsetInfo
0x10150094 EnumFontFamiliesA
0x10150098 CreateDIBitmap
0x1015009c CreateCompatibleBitmap
0x101500a0 GetBkColor
0x101500a4 RealizePalette
0x101500ac GetPaletteEntries
0x101500b0 GetNearestPaletteIndex
0x101500b4 CreatePalette
0x101500b8 EnumFontFamiliesExA
0x101500bc GetTextMetricsA
0x101500c0 GetTextExtentPoint32A
0x101500c4 DPtoLP
0x101500c8 SetRectRgn
0x101500cc PatBlt
0x101500d0 CreateRectRgnIndirect
0x101500d4 CreateFontIndirectA
0x101500d8 CombineRgn
0x101500dc ScaleWindowExtEx
0x101500e0 ScaleViewportExtEx
0x101500e4 OffsetWindowOrgEx
0x101500e8 OffsetViewportOrgEx
0x101500ec SetWindowOrgEx
0x101500f0 SetWindowExtEx
0x101500f4 SetViewportOrgEx
0x101500f8 SetViewportExtEx
0x101500fc ExtTextOutA
0x10150100 TextOutA
0x10150104 MoveToEx
0x10150108 GetObjectA
0x1015010c SetTextAlign
0x10150110 SetTextColor
0x10150114 SetROP2
0x10150118 SetPolyFillMode
0x1015011c GetLayout
0x10150120 SetLayout
0x10150124 SetMapMode
0x10150128 SetBkMode
0x1015012c SetBkColor
0x10150130 SelectPalette
0x10150134 SelectObject
0x10150138 ExtSelectClipRgn
0x1015013c SelectClipRgn
0x10150140 SaveDC
0x10150144 RestoreDC
0x10150148 RectVisible
0x1015014c PtVisible
0x10150150 LineTo
0x10150154 IntersectClipRect
0x10150158 GetWindowExtEx
0x1015015c GetViewportExtEx
0x10150160 GetStockObject
0x10150164 GetPixel
0x10150168 GetObjectType
0x1015016c GetClipBox
0x10150170 ExcludeClipRect
0x10150174 Escape
0x10150178 DeleteObject
0x1015017c DeleteDC
0x10150180 CreateSolidBrush
0x10150184 CreateRectRgn
0x10150188 CreatePatternBrush
0x1015018c CreatePen
0x10150190 CreateHatchBrush
0x10150194 CreateCompatibleDC
0x10150198 CreateBitmap
0x1015019c BitBlt
0x101501a0 GetDeviceCaps
0x101501a4 CreateDCA
0x101501a8 CopyMetaFileA
库: MSIMG32.dll:
0x10150424 AlphaBlend
0x10150428 TransparentBlt
库: WINSPOOL.DRV:
0x1015087c DocumentPropertiesA
0x10150880 OpenPrinterA
0x10150884 ClosePrinter
库: ADVAPI32.dll:
0x10150000 SystemFunction036
0x10150004 RegSetValueExA
0x10150008 RegEnumKeyExA
0x1015000c RegDeleteValueA
0x10150010 RegDeleteKeyA
0x10150014 RegCreateKeyExA
0x10150018 RegQueryValueExA
0x1015001c RegOpenKeyExA
0x10150020 RegCloseKey
库: SHELL32.dll:
0x10150478 DragFinish
0x1015047c DragQueryFileA
0x10150480 SHGetDesktopFolder
0x10150488 SHGetPathFromIDListA
0x1015048c ShellExecuteA
0x10150490 SHGetFileInfoA
0x10150494 SHBrowseForFolderA
0x10150498 SHAppBarMessage
库: SHLWAPI.dll:
0x101504a0 PathRemoveFileSpecW
0x101504a4 PathStripToRootA
0x101504a8 PathIsUNCA
0x101504ac PathFindFileNameA
0x101504b0 PathFindExtensionA
0x101504b4 StrFormatKBSizeA
库: UxTheme.dll:
0x10150840 GetThemePartSize
0x10150844 GetThemeSysColor
0x1015084c IsAppThemed
0x10150850 DrawThemeText
0x10150858 OpenThemeData
0x1015085c CloseThemeData
0x10150860 DrawThemeBackground
0x10150864 GetThemeColor
0x10150868 GetCurrentThemeName
0x1015086c GetWindowTheme
库: ole32.dll:
0x101508e8 RevokeDragDrop
0x101508ec RegisterDragDrop
0x101508f0 CoLockObjectExternal
0x101508f4 OleGetClipboard
0x101508f8 DoDragDrop
0x101508fc OleLockRunning
0x1015090c IsAccelerator
0x10150910 CreateStreamOnHGlobal
0x10150914 CoInitializeEx
0x10150918 CoInitialize
0x1015091c CoUninitialize
0x10150920 CoDisconnectObject
0x10150924 CoCreateInstance
0x10150928 ReleaseStgMedium
0x1015092c OleDuplicateData
0x10150930 CoTaskMemFree
0x10150934 CoTaskMemAlloc
库: OLEAUT32.dll:
0x10150448 VariantClear
0x1015044c VariantCopy
0x10150450 VariantChangeType
0x10150454 VarBstrFromDate
0x10150458 LoadTypeLib
0x1015045c VariantInit
0x10150460 SysAllocString
0x10150464 SysStringLen
0x10150468 SysAllocStringByteLen
0x1015046c SysAllocStringLen
0x10150470 SysFreeString
库: OLEACC.dll:
0x10150434 LresultFromObject
库: gdiplus.dll:
0x1015088c GdipDrawImageRectI
0x10150894 GdipCreateFromHDC
0x1015089c GdipDrawImageI
0x101508a0 GdipDeleteGraphics
0x101508a4 GdipBitmapUnlockBits
0x101508a8 GdipBitmapLockBits
0x101508b8 GdipGetImagePalette
0x101508c0 GdipGetImageHeight
0x101508c4 GdipGetImageWidth
0x101508cc GdipDisposeImage
0x101508d0 GdipCloneImage
0x101508d4 GdiplusStartup
0x101508d8 GdipFree
0x101508dc GdipAlloc
0x101508e0 GdiplusShutdown
库: IMM32.dll:
0x101501b0 ImmGetContext
0x101501b4 ImmGetOpenStatus
0x101501b8 ImmReleaseContext
库: WINMM.dll:
0x10150874 PlaySoundA

导出

序列 地址 名称
1 0x10007820 _abort
2 0x10007830 _abs
3 0x10007830 _acos
4 0x10007830 _asctime
5 0x10007830 _asin
6 0x10007830 _atan
7 0x10007830 _atan2
8 0x10007830 _atexit
9 0x10007830 _atof
10 0x10007830 _atoi
11 0x10007830 _atol
12 0x10007830 _bsearch
13 0x10007830 _calloc
14 0x10007830 _ceil
15 0x10007830 _clearerr
16 0x10007840 _clock
17 0x10007830 _cos
18 0x10007830 _cosh
19 0x10007830 _ctime
20 0x10007830 _difftime
21 0x10007830 _div
22 0x10007830 _exp
23 0x10007830 _fabs
24 0x10007830 _fclose
25 0x10007830 _feof
26 0x10007830 _ferror
27 0x10007830 _fflush
28 0x10007830 _fgetc
29 0x10007830 _fgetpos
30 0x10007830 _fgets
31 0x10007830 _fgetwc
32 0x10007830 _fgetws
33 0x10007830 _floor
34 0x10007830 _fmod
35 0x10007830 _fopen
36 0x10007830 _fprintf
37 0x10007830 _fputc
38 0x10007830 _fputs
39 0x10007830 _fputwc
40 0x10007830 _fputws
41 0x10007830 _fread
42 0x10007830 _free
43 0x10007830 _freopen
44 0x10007830 _frexp
45 0x10007830 _fscanf
46 0x10007830 _fseek
47 0x10007830 _fsetpos
48 0x10007830 _ftell
49 0x10007830 _fwprintf
50 0x10007830 _fwrite
51 0x10007830 _fwscanf
52 0x10007830 _getc
53 0x10007850 _getchar
54 0x10007830 _getenv
55 0x10007830 _gets
56 0x10007830 _getwc
57 0x10007830 _getwchar
58 0x10007830 _gmtime
59 0x10007830 _is
60 0x10007830 _isalnum
61 0x10007830 _isalpha
62 0x10007830 _iscntrl
63 0x10007830 _isdigit
64 0x10007830 _isgraph
65 0x10007830 _isleadbyte
66 0x10007830 _islower
67 0x10007830 _isprint
68 0x10007830 _ispunct
69 0x10007830 _isspace
70 0x10007830 _isupper
71 0x10007830 _iswalnum
72 0x10007830 _iswalpha
73 0x10007830 _iswascii
74 0x10007830 _iswcntrl
75 0x10007830 _iswctype
76 0x10007830 _iswdigit
77 0x10007830 _iswgraph
78 0x10007830 _iswlower
79 0x10007830 _iswprint
80 0x10007830 _iswpunct
81 0x10007830 _iswspace
82 0x10007830 _iswupper
83 0x10007830 _iswxdigit
84 0x10007830 _isxdigit
85 0x10007810 _kbhit
86 0x10007830 _labs
87 0x10007830 _ldiv
88 0x10007860 _localeconv
89 0x10007830 _localtime
90 0x10007830 _log
91 0x10007830 _log10
92 0x10007830 _longjmp
93 0x10007830 _malloc
94 0x10007830 _mblen
95 0x10007830 _mbstowcs
96 0x10007830 _mbtowc
97 0x10007830 _memchr
98 0x10007830 _memcmp
99 0x10007830 _memcpy
100 0x10007830 _memmove
101 0x10007830 _memset
102 0x10007830 _mktime
103 0x10007830 _modf
104 0x10007830 _perror
105 0x10007830 _pow
106 0x10007830 _printf
107 0x10007830 _putc
108 0x10007830 _putchar
109 0x10007830 _puts
110 0x10007830 _putwc
111 0x10007830 _putwchar
112 0x10007830 _qsort
113 0x10007830 _raise
114 0x10007820 _rand
115 0x10007830 _realloc
116 0x10007830 _remove
117 0x10007830 _rename
118 0x10007830 _rewind
119 0x10007830 _scanf
120 0x10007830 _setbuf
121 0x10007830 _setlocale
122 0x10007830 _setvbuf
123 0x10007830 _signal
124 0x10007830 _sin
125 0x10007830 _sinh
126 0x10007830 _sprintf
127 0x10007830 _sqrt
128 0x10007830 _srand
129 0x10007830 _sscanf
130 0x10007830 _strcat
131 0x10007830 _strchr
132 0x10007830 _strcmp
133 0x10007830 _strcoll
134 0x10007830 _strcpy
135 0x10007830 _strcspn
136 0x10007830 _strftime
137 0x10007830 _strlen
138 0x10007830 _strncat
139 0x10007830 _strncmp
140 0x10007830 _strncpy
141 0x10007830 _strpbrk
142 0x10007830 _strrchr
143 0x10007830 _strspn
144 0x10007830 _strstr
145 0x10007830 _strtod
146 0x10007830 _strtok
147 0x10007830 _strtol
148 0x10007830 _strtoul
149 0x10007830 _strxfrm
150 0x10007830 _swscanf
151 0x10007830 _system
152 0x10007830 _tan
153 0x10007830 _tanh
154 0x10007830 _time
155 0x10007830 _tmpfile
156 0x10007830 _tmpnam
157 0x10007830 _towlower
158 0x10007830 _towupper
159 0x10007830 _ungetc
160 0x10007830 _ungetwc
161 0x10007830 _vfprintf
162 0x10007830 _vfwprintf
163 0x10007830 _wcscat
164 0x10007830 _wcschr
165 0x10007830 _wcscmp
166 0x10007830 _wcscoll
167 0x10007830 _wcscpy
168 0x10007830 _wcscspn
169 0x10007830 _wcsftime
170 0x10007830 _wcslen
171 0x10007830 _wcsncat
172 0x10007830 _wcsncmp
173 0x10007830 _wcsncpy
174 0x10007830 _wcspbrk
175 0x10007830 _wcsrchr
176 0x10007830 _wcsspn
177 0x10007830 _wcsstr
178 0x10007830 _wcstod
179 0x10007830 _wcstol
180 0x10007830 _wcstombs
181 0x10007830 _wcstoul
182 0x10007830 _wcsxfrm
183 0x10007830 _wctomb
184 0x10007830 _wprintf
185 0x10007830 _wscanf
.text
`.rdata
@.data
.rsrc
@.reloc
u)j@h
没有防病毒引擎扫描信息!

进程树


rundll32.exe, PID: 2664, 上一级进程 PID: 2312

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.56.4.24 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.56.4.24 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 19.324 seconds )

  • 12.139 Suricata
  • 4.749 Static
  • 1.072 NetworkAnalysis
  • 0.667 TargetInfo
  • 0.569 peid
  • 0.086 BehaviorAnalysis
  • 0.022 AnalysisInfo
  • 0.012 Strings
  • 0.005 config_decoder
  • 0.003 Memory

Signatures ( 1.509 seconds )

  • 1.403 proprietary_url_bl
  • 0.013 antiav_detectreg
  • 0.009 proprietary_domain_bl
  • 0.007 antiav_detectfile
  • 0.006 anomaly_persistence_autorun
  • 0.006 infostealer_ftp
  • 0.004 geodo_banking_trojan
  • 0.004 infostealer_bitcoin
  • 0.004 infostealer_im
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 api_spamming
  • 0.003 antianalysis_detectreg
  • 0.003 antivm_vbox_files
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 stealth_decoy_document
  • 0.002 rat_nanocore
  • 0.002 stealth_timeout
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.002 proprietary_bad_drop
  • 0.001 bootkit
  • 0.001 mimics_filetime
  • 0.001 stealth_file
  • 0.001 injection_createremotethread
  • 0.001 betabot_behavior
  • 0.001 reads_self
  • 0.001 antivm_generic_disk
  • 0.001 cerber_behavior
  • 0.001 virus
  • 0.001 hancitor_behavior
  • 0.001 antidbg_devices
  • 0.001 antivm_parallels_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
  • 0.001 proprietary_anomaly_mismatch_mime_extension
  • 0.001 network_cnc_http

Reporting ( 0.598 seconds )

  • 0.584 ReportHTMLSummary
  • 0.014 Malheur
Task ID 764194
Mongo ID 674b04e57e769a640342e446
Cuckoo release 1.4-Maldun