分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-app02-1 | 2017-02-15 18:10:34 | 2017-02-15 18:12:59 | 145 秒 |
魔盾分数
10.0
Crack病毒
文件详细信息
| 文件名 | KMSpico_setup.exe |
|---|---|
| 文件大小 | 3229424 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | a02164371a50c5ff9fa2870ef6e8cfa3 |
| SHA1 | 060614723f8375ecaad8b249ff07e3be082d7f25 |
| SHA256 | 64c731adbe1b96cb5765203b1e215093dcf268d020b299445884a4ae62ed2d3a |
| SHA512 | 6c6903f3a3092fd3d63c373189f2c06e12de032ee4fd6b80a15f58eaeb2079f3ae8a8bcdac85a358b1f9070b192b1c8260f9aa127d009b5afce475f966e91326 |
| CRC32 | 683A3351 |
| Ssdeep | 98304:CgbTbhBxCLS0Kx/XRCsFlPsKh9ApbeicTkxchy6pA32b7SuzWl:rxBxCLS3xZCsFyBzxcE6pAGbq |
| Yara | 登录查看Yara规则 |
| 样本下载 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x0040a5f8 |
| 声明校验值 | 0x0031d950 |
| 实际校验值 | 0x0031d950 |
| 最低操作系统版本要求 | 1.0 |
| 编译时间 | 1992-06-20 06:22:17 |
| 载入哈希 | 884310b1928934402ea6fec1dbd3cf5e |
| 图标 |  |
| 图标精确哈希值 | 8bbb0a9939e7f4c93cd1e12408db5986 |
| 图标相似性哈希值 | bf664f70c0e768f7575f91389633fed5 |
版本信息
| LegalCopyright | |
|---|---|
| FileVersion | |
| CompanyName | |
| Comments | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| Translation |
微软证书验证 (Sign Tool)
| SHA1 | 时间戳 | 有效性 | 错误 |
|---|---|---|---|
| ecdb1e014a239cdc88c979a99c1afd33dd44e7ac | Tue Jan 12 06:37:14 2016 | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. |
| 证书链 | Certificate Chain 1 |
| 发行给 | @ByELDI Certificate Authority |
| 发行人 | @ByELDI Certificate Authority |
| 有效期 | Fri Jan 12 063319 2046 |
| SHA1 哈希 | 1195a4224762e500a4e7e1ee8b4c709e2063c2a6 |
| 证书链 | Certificate Chain 2 |
| 发行给 | @ByELDI |
| 发行人 | @ByELDI Certificate Authority |
| 有效期 | Fri Jan 12 063320 2046 |
| SHA1 哈希 | eaaf9045685acd5ad5846a5e9ee125d7aeac21c2 |
| 证书链 | Timestamp Chain 1 |
| 发行给 | Thawte Timestamping CA |
| 发行人 | Thawte Timestamping CA |
| 有效期 | Fri Jan 01 075959 2021 |
| SHA1 哈希 | be36a4562fb2ee05dbb3d32323adf445084ed656 |
| 证书链 | Timestamp Chain 2 |
| 发行给 | Symantec Time Stamping Services CA - G2 |
| 发行人 | Thawte Timestamping CA |
| 有效期 | Thu Dec 31 075959 2020 |
| SHA1 哈希 | 6c07453ffdda08b83707c09b82fb3d15f35336b1 |
| 证书链 | Timestamp Chain 3 |
| 发行给 | Symantec Time Stamping Services Signer - G4 |
| 发行人 | Symantec Time Stamping Services CA - G2 |
| 有效期 | Wed Dec 30 075959 2020 |
| SHA1 哈希 | 65439929b67973eb192d6ff243e6767adf0834e4 |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| CODE | 0x00001000 | 0x00009d30 | 0x00009e00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.63 |
| DATA | 0x0000b000 | 0x00000250 | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 2.75 |
| BSS | 0x0000c000 | 0x00000e8c | 0x00000000 | IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .idata | 0x0000d000 | 0x00000950 | 0x00000a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.43 |
| .tls | 0x0000e000 | 0x00000008 | 0x00000000 | IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .rdata | 0x0000f000 | 0x00000018 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ | 0.20 |
| .reloc | 0x00010000 | 0x000008c4 | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ | 0.00 |
| .rsrc | 0x00011000 | 0x00005aa4 | 0x00005c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ | 5.05 |
覆盖
| 偏移量 | 0x00010e00 |
| 大小 | 0x003038f0 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| RT_ICON | 0x000112c4 | 0x00004228 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.48 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0 |
| RT_STRING | 0x00015ed8 | 0x000000ae | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.05 | data |
| RT_STRING | 0x00015ed8 | 0x000000ae | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.05 | data |
| RT_STRING | 0x00015ed8 | 0x000000ae | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.05 | data |
| RT_STRING | 0x00015ed8 | 0x000000ae | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.05 | data |
| RT_STRING | 0x00015ed8 | 0x000000ae | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.05 | data |
| RT_STRING | 0x00015ed8 | 0x000000ae | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.05 | data |
| RT_RCDATA | 0x00015f88 | 0x0000002c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.57 | data |
| RT_GROUP_ICON | 0x00015fb4 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 1.92 | MS Windows icon resource - 1 icon, 64x64 |
| RT_VERSION | 0x00015fc8 | 0x000004f4 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.59 | data |
| RT_MANIFEST | 0x000164bc | 0x000005e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.12 | XML 1.0 document, ASCII text, with CRLF line terminators |
导入
库: kernel32.dll:
• 0x40d0b4 DeleteCriticalSection
• 0x40d0b8 LeaveCriticalSection
• 0x40d0bc EnterCriticalSection
• 0x40d0c0 InitializeCriticalSection
• 0x40d0c4 VirtualFree
• 0x40d0c8 VirtualAlloc
• 0x40d0cc LocalFree
• 0x40d0d0 LocalAlloc
• 0x40d0d4 WideCharToMultiByte
• 0x40d0d8 TlsSetValue
• 0x40d0dc TlsGetValue
• 0x40d0e0 MultiByteToWideChar
• 0x40d0e4 GetModuleHandleA
• 0x40d0e8 GetLastError
• 0x40d0ec GetCommandLineA
• 0x40d0f0 WriteFile
• 0x40d0f4 SetFilePointer
• 0x40d0f8 SetEndOfFile
• 0x40d0fc RtlUnwind
• 0x40d100 ReadFile
• 0x40d104 RaiseException
• 0x40d108 GetStdHandle
• 0x40d10c GetFileSize
• 0x40d110 GetSystemTime
• 0x40d114 GetFileType
• 0x40d118 ExitProcess
• 0x40d11c CreateFileA
• 0x40d120 CloseHandle
库: user32.dll:
• 0x40d128 MessageBoxA
库: oleaut32.dll:
• 0x40d130 VariantChangeTypeEx
• 0x40d134 VariantCopyInd
• 0x40d138 VariantClear
• 0x40d13c SysStringLen
• 0x40d140 SysAllocStringLen
库: advapi32.dll:
• 0x40d148 RegQueryValueExA
• 0x40d14c RegOpenKeyExA
• 0x40d150 RegCloseKey
• 0x40d154 OpenProcessToken
• 0x40d158 LookupPrivilegeValueA
库: kernel32.dll:
• 0x40d160 WriteFile
• 0x40d164 VirtualQuery
• 0x40d168 VirtualProtect
• 0x40d16c VirtualFree
• 0x40d170 VirtualAlloc
• 0x40d174 Sleep
• 0x40d178 SizeofResource
• 0x40d17c SetLastError
• 0x40d180 SetFilePointer
• 0x40d184 SetErrorMode
• 0x40d188 SetEndOfFile
• 0x40d18c RemoveDirectoryA
• 0x40d190 ReadFile
• 0x40d194 LockResource
• 0x40d198 LoadResource
• 0x40d19c LoadLibraryA
• 0x40d1a0 IsDBCSLeadByte
• 0x40d1a4 GetWindowsDirectoryA
• 0x40d1a8 GetVersionExA
• 0x40d1ac GetUserDefaultLangID
• 0x40d1b0 GetSystemInfo
• 0x40d1b4 GetSystemDefaultLCID
• 0x40d1b8 GetProcAddress
• 0x40d1bc GetModuleHandleA
• 0x40d1c0 GetModuleFileNameA
• 0x40d1c4 GetLocaleInfoA
• 0x40d1c8 GetLastError
• 0x40d1cc GetFullPathNameA
• 0x40d1d0 GetFileSize
• 0x40d1d4 GetFileAttributesA
• 0x40d1d8 GetExitCodeProcess
• 0x40d1dc GetEnvironmentVariableA
• 0x40d1e0 GetCurrentProcess
• 0x40d1e4 GetCommandLineA
• 0x40d1e8 GetACP
• 0x40d1ec InterlockedExchange
• 0x40d1f0 FormatMessageA
• 0x40d1f4 FindResourceA
• 0x40d1f8 DeleteFileA
• 0x40d1fc CreateProcessA
• 0x40d200 CreateFileA
• 0x40d204 CreateDirectoryA
• 0x40d208 CloseHandle
库: user32.dll:
• 0x40d210 TranslateMessage
• 0x40d214 SetWindowLongA
• 0x40d218 PeekMessageA
• 0x40d21c MsgWaitForMultipleObjects
• 0x40d220 MessageBoxA
• 0x40d224 LoadStringA
• 0x40d228 ExitWindowsEx
• 0x40d22c DispatchMessageA
• 0x40d230 DestroyWindow
• 0x40d234 CreateWindowExA
• 0x40d238 CallWindowProcA
• 0x40d23c CharPrevA
库: comctl32.dll:
• 0x40d244 InitCommonControls
库: advapi32.dll:
• 0x40d24c AdjustTokenPrivileges
`DATA
.idata
.rdata
P.reloc
P.rsrc
string
UhH!@
Phy,@
Ph<0@
UWVSj
Uh-9@
F O:@
F$O:@
F R:@
|HtE=
kernel32.dll
SetDllDirectoryW
SetSearchPathMode
SetProcessDEPPolicy
Exception
EInOutError
ERangeError
EZeroDivide
EInvalidPointer
m/d/yy
mmmm d, yyyy
AMPM
:mm:ss
Uh4g@
Uh$j@
Uhlk@
USERPROFILE
UhHo@
Uh)q@
h<q@
GetUserDefaultUILanguage
kernel32.dll
.DEFAULT\Control Panel\International
Locale
Control Panel\Desktop\ResourceLocale
[ExceptObject=nil]
Uhat@
File I/O error %d
Sh\|@
Compressed block is corrupted
Compressed block is corrupted
Compressed block is corrupted
lzmadecompsmall: Compressed data is corrupted (%d)
lzmadecompsmall: %s
Uhu~@
LzmaDecode failed (%d)
TSetupLanguageEntryA
The setup files are corrupted. Please obtain a new copy of the program.
Wow64DisableWow64FsRedirection
kernel32.dll
Wow64RevertWow64FsRedirection
shell32.dll
SeShutdownPrivilege
/SPAWNWND=
/Lang=
/HELP
The setup files are corrupted. Please obtain a new copy of the program.
For more detailed information, please visit http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
Setup
hX}@
hX}@
InnoSetupLdrWindow
STATIC
/SL5="$%x,%d,%d,
Runtime error at 00000000
Error
Inno Setup Setup Data (5.5.0)
Inno Setup Messages (5.5.3)
0123456789ABCDEFGHIJKLMNOPQRSTUV
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
WideCharToMultiByte
TlsSetValue
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GetLastError
GetCommandLineA
WriteFile
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetSystemTime
GetFileType
ExitProcess
CreateFileA
CloseHandle
user32.dll
MessageBoxA
oleaut32.dll
VariantChangeTypeEx
VariantCopyInd
VariantClear
SysStringLen
SysAllocStringLen
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
kernel32.dll
WriteFile
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
Sleep
SizeofResource
SetLastError
SetFilePointer
SetErrorMode
SetEndOfFile
RemoveDirectoryA
ReadFile
LockResource
LoadResource
LoadLibraryA
IsDBCSLeadByte
GetWindowsDirectoryA
GetVersionExA
GetUserDefaultLangID
GetSystemInfo
GetSystemDefaultLCID
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetFullPathNameA
GetFileSize
GetFileAttributesA
GetExitCodeProcess
GetEnvironmentVariableA
GetCurrentProcess
GetCommandLineA
GetACP
InterlockedExchange
FormatMessageA
FindResourceA
DeleteFileA
CreateProcessA
CreateFileA
CreateDirectoryA
CloseHandle
user32.dll
TranslateMessage
SetWindowLongA
PeekMessageA
MsgWaitForMultipleObjects
MessageBoxA
LoadStringA
ExitWindowsEx
DispatchMessageA
DestroyWindow
CreateWindowExA
CallWindowProcA
CharPrevA
comctl32.dll
InitCommonControls
advapi32.dll
AdjustTokenPrivileges
ci86q
;X9FVao
azgF(B
?23yg
3NU\s
Qmx7o
:!*):
Z%(Q]
>rFN5O
hhE&P
T,|r9
3t8Lq
>1<6}
afH.Y
jP~UTo
78,2,
qUoy.
{qmj3
ULWU~Ij
-U|-r
?x(3qyv
mRJJ,
Jp)Ni
\l5K&s7
X'&xH
GQ l`_wD iU
yCqxb$
ys jI
_Xa/b
I4n@p
h2;>LX)
9B84%
z>:gr
d^uIS
Qwl?
OPgAT.ig
=#D;\
qV%q4
Sesu%
k*&F5>j
kkMz&
}dc1G
VxtL4
'r-If<*
CgExV
|3O1D
iRV79
|yY%Z:
f]pLd
GEFzqq
: Gk8G
j\h 8p
i.$WmG
@/~S;
bRj+X
5'5Dl
>N|&6
^PLz|/
uHOp"
B_-5<
1[zGM
F~-$E
Vko;1
9ILMo6
J']f/
>_(v-G
1yM!O
F&=dj
Q}l-K
_V~so
xRv-*
i;DW:}/
tsTqUG
:sYP)
!no^<
@b_N=
w#~7(
pu1?e
#*`'H&
%c<ih
DR{cB
mB%"F
Inno Setup Setup Data (5.5.0)
gfUr$
5L:p=
HDO#P
vUS?\
Zb?1/
UTP)*
*a[ L
DmPg.
MAINICON
External exception %x
December
Saturday
VS_VERSION_INFO
StringFileInfo
000004b0
Comments
This installation was built with Inno Setup.
CompanyName
FileDescription
KMSpico Setup
FileVersion
10.2.0
LegalCopyright
ByELDI
ProductName
KMSpico
ProductVersion
10.2.0
VarFileInfo
Translation
| 防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
|---|---|---|
| Bkav | W32.HfsAdware.216A | 20170214 |
| MicroWorld-eScan | Application.Crack.PEU | 20170215 |
| nProtect | 未发现病毒 | 20170214 |
| CMC | 未发现病毒 | 20170214 |
| CAT-QuickHeal | Hacktool.Autokms | 20170214 |
| McAfee | Crack-KMS | 20170215 |
| Malwarebytes | 未发现病毒 | 20170214 |
| VIPRE | Trojan.Win32.Generic!BT | 20170214 |
| SUPERAntiSpyware | 未发现病毒 | 20170215 |
| K7AntiVirus | Unwanted-Program ( 004b92a41 ) | 20170214 |
| K7GW | Unwanted-Program ( 004b92a41 ) | 20170214 |
| TheHacker | 未发现病毒 | 20170211 |
| Baidu | 未发现病毒 | 20170214 |
| Cyren | W32/Application.YUNX-5147 | 20170214 |
| Symantec | Trojan.Gen.2 | 20170214 |
| ESET-NOD32 | a variant of MSIL/HackTool.IdleKMS.E potentially unsafe | 20170215 |
| TrendMicro-HouseCall | 未发现病毒 | 20170215 |
| Avast | 未发现病毒 | 20170215 |
| ClamAV | 未发现病毒 | 20170215 |
| Kaspersky | not-a-virus:NetTool.Win64.RPCHook.a | 20170215 |
| BitDefender | Application.Crack.PEU | 20170215 |
| NANO-Antivirus | 未发现病毒 | 20170214 |
| AegisLab | Nettool.Win64.Rpchook!c | 20170214 |
| Tencent | 未发现病毒 | 20170215 |
| Endgame | malicious (moderate confidence) | 20170208 |
| Sophos | KMS Activator (PUA) | 20170215 |
| Comodo | Application.Win32.Amtar.amu | 20170214 |
| F-Secure | Application.Crack.PEU | 20170214 |
| DrWeb | Trojan.DownLoader23.22047 | 20170214 |
| Zillya | 未发现病毒 | 20170214 |
| Invincea | virus.win32.sality.at | 20170203 |
| McAfee-GW-Edition | Crack-KMS | 20170214 |
| Emsisoft | Application.Crack.PEU (B) | 20170214 |
| F-Prot | 未发现病毒 | 20170215 |
| Jiangmin | 未发现病毒 | 20170214 |
| Webroot | Malicious | 20170215 |
| Avira | 未发现病毒 | 20170215 |
| Antiy-AVL | 未发现病毒 | 20170215 |
| Kingsoft | 未发现病毒 | 20170215 |
| Microsoft | HackTool:Win32/AutoKMS | 20170213 |
| Arcabit | Application.Crack.PEU | 20170214 |
| ViRobot | HackTool.3229424[h] | 20170214 |
| GData | Application.Crack.PEU | 20170215 |
| AVG | Generic37.BHCI | 20170214 |
| AhnLab-V3 | HackTool/Win32.Crack.C509549 | 20170214 |
| ALYac | 未发现病毒 | 20170215 |
| AVware | Trojan.Win32.Generic!BT | 20170214 |
| Ad-Aware | Application.Crack.PEU | 20170215 |
| Zoner | 未发现病毒 | 20170214 |
| Rising | 未发现病毒 | 20170215 |
| Yandex | Riskware.NetTool! | 20170214 |
| Ikarus | HackTool.Win32.AutoKMS | 20170214 |
| Fortinet | Riskware/RPCHook | 20170214 |
| VBA32 | 未发现病毒 | 20170214 |
| Panda | 未发现病毒 | 20170214 |
| CrowdStrike | 未发现病毒 | 20170130 |
| Qihoo-360 | 未发现病毒 | 20170215 |
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
| 文件名 | Setup Log 2016-10-18 #001.txt |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\Setup Log 2016-10-18 #001.txt
|
| 文件大小 | 750 字节 |
| 文件类型 | ASCII text, with CRLF line terminators |
| MD5 | 6b37065586623f28ab28f06091bb4ba8 |
| SHA1 | 62fb3af251458bffebbaffdec4cb62befe0dc2e9 |
| SHA256 | 22ce9d1ca717cdd6490fbbd3be9524789d36f8f73a3df64e48e3f40daea5c9a9 |
| CRC32 | 0CF6B558 |
| Ssdeep | 12:n+SXd4XjRmNdsXJZ/Qddj0/kFdjBOBOvCQpdc1wmdeMHhdOMrF1mVM6Q:n+cd4XMNdsHIddgmdjBOBOvpduNdeWhP |
| 下载 提交魔盾安全分析 显示文本 | |
2016-10-18 18:10:37.569 Log opened. (Time zone: UTC+08:00) 2016-10-18 18:10:37.584 Setup version: Inno Setup version 5.5.5 (a) 2016-10-18 18:10:37.584 Original Setup EXE: C:\Users\test\AppData\Local\Temp\KMSpico_setup.exe 2016-10-18 18:10:37.584 Setup command line: /SL5="$1015E,2952592,69120,C:\Users\test\AppData\Local\Temp\KMSpico_setup.exe" 2016-10-18 18:10:37.584 Windows version: 6.1.7601 SP1 (NT platform: Yes) 2016-10-18 18:10:37.584 64-bit Windows: Yes 2016-10-18 18:10:37.584 Processor architecture: x64 2016-10-18 18:10:37.584 User privileges: Administrative 2016-10-18 18:10:37.600 64-bit install mode: Yes 2016-10-18 18:10:37.631 Created temporary directory: C:\Users\test\AppData\Local\Temp\is-AU226.tmp |
|
| 文件名 | _setup64.tmp |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\is-AU226.tmp\_isetup\_setup64.tmp
|
| 文件大小 | 6144 字节 |
| 文件类型 | PE32+ executable (console) x86-64, for MS Windows |
| MD5 | 526426126ae5d326d0a24706c77d8c5c |
| SHA1 | 68baec323767c122f74a269d3aa6d49eb26903db |
| SHA256 | b20a8d88c550981137ed831f2015f5f11517aeb649c29642d9d61dea5ebc37d1 |
| CRC32 | 21A57303 |
| Ssdeep | 48:SvrzfWvPcXegCPUo1vlZQrAxoONfHFZONfH3d1xCWMBFNL2piSS4k+bkg6j0KHc:+fkcXegaJ/ZAYNzcld1xaX12pTSKvkc |
| Yara |
|
| 下载 提交魔盾安全分析 |
| 文件名 | KMSpico_setup.tmp |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\is-ASH21.tmp\KMSpico_setup.tmp
|
| 文件大小 | 720384 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 1778c1f66ff205875a6435a33229ab3c |
| SHA1 | 5b6189159b16c6f85feed66834af3e06c0277a19 |
| SHA256 | 95c06acac4fe4598840e5556f9613d43aa1039c52dac64536f59e45a70f79da6 |
| CRC32 | 4C871BD7 |
| Ssdeep | 12288:0QszP8NRMXpc/rPx37/zHBA66pE+4p1YR71CERdH6rN9by7HaOMebmx9Ru:0QQP8YXpc/rPx37/zHBA6plp+51CErzf |
| Yara |
|
| 下载 提交魔盾安全分析 |
| 文件名 | _shfoldr.dll |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\is-AU226.tmp\_isetup\_shfoldr.dll
|
| 文件大小 | 23312 字节 |
| 文件类型 | PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| CRC32 | AE2C3EC2 |
| Ssdeep | 384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4 |
| 魔盾安全分析结果 | 1.5 分析时间:2016-11-12 22:58:52 查看分析报告 |
| 下载 提交魔盾安全分析 |
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 7.329 seconds )
- 2.614 Static
- 1.237 VirusTotal
- 0.971 Dropped
- 0.759 peid
- 0.72 BehaviorAnalysis
- 0.456 TargetInfo
- 0.392 Strings
- 0.102 AnalysisInfo
- 0.057 Debug
- 0.011 NetworkAnalysis
- 0.007 config_decoder
- 0.003 Memory
Signatures ( 0.789 seconds )
- 0.454 md_bad_drop
- 0.068 antiav_detectreg
- 0.03 stealth_timeout
- 0.026 infostealer_ftp
- 0.015 infostealer_im
- 0.014 antianalysis_detectreg
- 0.011 infostealer_mail
- 0.01 antiav_detectfile
- 0.009 antivm_generic_scsi
- 0.009 ransomware_files
- 0.008 persistence_autorun
- 0.007 infostealer_bitcoin
- 0.005 mimics_filetime
- 0.005 shifu_behavior
- 0.005 antidbg_windows
- 0.005 virus
- 0.004 antiemu_wine_func
- 0.004 bootkit
- 0.004 reads_self
- 0.004 antivm_generic_services
- 0.004 betabot_behavior
- 0.004 stealth_file
- 0.004 kibex_behavior
- 0.004 antivm_generic_disk
- 0.004 antivm_vbox_files
- 0.004 geodo_banking_trojan
- 0.004 disables_browser_warn
- 0.004 recon_fingerprint
- 0.003 tinba_behavior
- 0.003 antivm_vbox_libs
- 0.003 darkcomet_regkeys
- 0.002 antivm_generic_diskreg
- 0.002 bot_drive
- 0.002 modify_proxy
- 0.002 browser_security
- 0.002 modify_uac_prompt
- 0.001 hawkeye_behavior
- 0.001 network_tor
- 0.001 antiav_avast_libs
- 0.001 dridex_behavior
- 0.001 injection_createremotethread
- 0.001 antivm_vbox_window
- 0.001 sets_autoconfig_url
- 0.001 kazybot_behavior
- 0.001 antisandbox_sunbelt_libs
- 0.001 antisandbox_sboxie_libs
- 0.001 antiav_bitdefender_libs
- 0.001 exec_crash
- 0.001 vawtrak_behavior
- 0.001 injection_runpe
- 0.001 antianalysis_detectfile
- 0.001 antidbg_devices
- 0.001 antisandbox_productid
- 0.001 antivm_generic_bios
- 0.001 antivm_generic_cpu
- 0.001 antivm_generic_system
- 0.001 antivm_vbox_acpi
- 0.001 antivm_vbox_keys
- 0.001 antivm_vmware_keys
- 0.001 antivm_vpc_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 bypass_firewall
- 0.001 disables_system_restore
- 0.001 mimics_extension
- 0.001 modify_security_center_warnings
- 0.001 office_security
- 0.001 packer_armadillo_regkey
- 0.001 ransomware_extensions
- 0.001 rat_pcclient
- 0.001 rat_spynet
- 0.001 recon_programs
- 0.001 stealth_hiddenreg
- 0.001 stealth_hide_notifications
- 0.001 stealth_webhistory
- 0.001 targeted_flame
Reporting ( 16.071 seconds )
- 14.743 ReportPDF
- 1.306 ReportHTMLSummary
- 0.022 Malheur
| Task ID | 83225 |
|---|---|
| Mongo ID | 58a429ca0d98260f2c7bb7fd |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号