恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-app01-1	2017-03-11 11:11:21	2017-03-11 11:13:52	151 秒

魔盾分数

10.0

危险的

文件详细信息

文件名	TELEFUNKENTFLED32S6_schema_pdf.exe
文件大小	5476768 字节
文件类型	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	384245d4a8bcad205831f13aeb1baafd
SHA1	ddb7220d45f7765ab11d81d7879df2f968871704
SHA256	a5651ccd0c3a02b62eb343230de0953a6ea706bed5da09b68f7503060beb5987
SHA512	50357080744c343c7b8d471f1606fd9722b00da0e3e6b5cf426cff60a3d9d5546bfc1a179515c052d9581d3cc4716b61944bf9817a6fcfcdc5505b9209705ef6
CRC32	71024250
Ssdeep	98304:Ajo4/Qy6+GxRI5d3vTRUMUKECJijp+cd8E8gwVDmj12+X8SvSXH07EPhUel1sS9:14/Z6+0RI5eRCat8Pnm8+X83QEPhUY1d
Yara	登录查看Yara规则
	样本下载提交误报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址	0x00400000
入口地址	0x01049003
声明校验值	0x005397fd
实际校验值	0x005397fd
最低操作系统版本要求	5.1
编译时间	2011-05-05 05:48:12
载入哈希	39663f88dd140533275df9f29fe063bd

微软证书验证 (Sign Tool)

SHA1	时间戳	有效性	错误
None	None	否	A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

证书链	Certificate Chain 1
发行给	COMODO RSA Certification Authority
发行人	COMODO RSA Certification Authority
有效期	Tue Jan 19 075959 2038
SHA1 哈希	afe5d244a8d1194230ff479fe2f897bbcd7a8cb4

证书链	Certificate Chain 2
发行给	COMODO RSA Code Signing CA
发行人	COMODO RSA Certification Authority
有效期	Tue May 09 075959 2028
SHA1 哈希	b69e752bbe88b4458200a7c0f4f5b3cce6f35b47

证书链	Certificate Chain 3
发行给	MEGASKOP, LLC
发行人	COMODO RSA Code Signing CA
有效期	Sun Jun 11 075959 2017
SHA1 哈希	f7bcb573a66356e8aef920a4d22d20946b3403e9

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.itext	0x00001000	0x00277f1e	0x00000400	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_NOT_CACHED\|IMAGE_SCN_MEM_NOT_PAGED\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	6.13
.didata	0x00279000	0x00001f22	0x00000400	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_CNT_UNINITIALIZED_DATA\|IMAGE_SCN_MEM_NOT_CACHED\|IMAGE_SCN_MEM_NOT_PAGED\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	6.13
.rsrc	0x0027b000	0x0021df44	0x00000400	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE\|IMAGE_SCN_ALIGN_4BYTES	6.13
.rdata	0x00499000	0x00021f75	0x00000400	IMAGE_SCN_CNT_UNINITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE\|IMAGE_SCN_ALIGN_4BYTES	6.13
.edata	0x004bb000	0x003bffc3	0x00000400	IMAGE_SCN_CNT_UNINITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE\|IMAGE_SCN_ALIGN_8BYTES	6.13
DATA	0x0087b000	0x003c8ff4	0x003c7600	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_NOT_CACHED\|IMAGE_SCN_MEM_NOT_PAGED\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE\|IMAGE_SCN_ALIGN_4BYTES	8.00
BSS	0x00c44000	0x00004f4f	0x00004200	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_ALIGN_8BYTES	4.14
CODE	0x00c49000	0x00004f0e	0x00004600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE\|IMAGE_SCN_ALIGN_8BYTES	2.89
.idata	0x00c4e000	0x00000f04	0x00000a00	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE\|IMAGE_SCN_ALIGN_4BYTES	4.35
.reloc	0x00c4f000	0x0000de3f	0x0000ce00	IMAGE_SCN_MEM_READ\|IMAGE_SCN_ALIGN_8BYTES	4.17

导入

库: KERNEL32.dll:

• 0x104e1d4 AllocConsole

• 0x104e1d8 CloseHandle

• 0x104e1dc CreateMutexW

• 0x104e1e0 ExitThread

• 0x104e1e4 FormatMessageW

• 0x104e1e8 GetCommandLineW

• 0x104e1ec GetCommandLineW

• 0x104e1f0 SetLastError

• 0x104e1f4 GetModuleFileNameA

• 0x104e1f8 GetModuleHandleA

• 0x104e1fc GetModuleHandleW

• 0x104e200 LoadLibraryA

• 0x104e204 GetStartupInfoA

• 0x104e208 GetTempPathA

• 0x104e20c GetUserDefaultLCID

• 0x104e210 GetVersionExW

• 0x104e214 LoadLibraryA

• 0x104e218 LocalFree

• 0x104e21c LocalAlloc

• 0x104e220 SetCurrentDirectoryW

• 0x104e224 SetUnhandledExceptionFilter

• 0x104e228 VirtualAlloc

• 0x104e22c VirtualFree

• 0x104e230 WideCharToMultiByte

• 0x104e234 ReadProcessMemory

库: ADVAPI32.DLL:

• 0x104e1bc RegCloseKey

• 0x104e1c0 RegOpenKeyExW

• 0x104e1c4 RegQueryValueExW

• 0x104e1c8 RegSetValueExW

库: msvcrt.dll:

• 0x104e240 __getmainargs

• 0x104e244 __p___argc

• 0x104e248 __p___argv

• 0x104e24c __p__environ

• 0x104e250 __p__fmode

• 0x104e254 __set_app_type

• 0x104e258 _cexit

• 0x104e25c _iob

• 0x104e260 _onexit

• 0x104e264 _setmode

• 0x104e268 _snprintf

• 0x104e26c _snwprintf

• 0x104e270 _wgetenv

• 0x104e274 _wputenv

• 0x104e278 _wstat

• 0x104e27c _wtoi

• 0x104e280 atexit

• 0x104e284 free

• 0x104e288 freopen

• 0x104e28c getenv

• 0x104e290 malloc

• 0x104e294 printf

• 0x104e298 puts

• 0x104e29c signal

• 0x104e2a0 strchr

• 0x104e2a4 strlen

• 0x104e2a8 strstr

• 0x104e2ac wcscat

• 0x104e2b0 wcschr

• 0x104e2b4 wcscmp

• 0x104e2b8 wcscpy

• 0x104e2bc wcslen

• 0x104e2c0 wcsncpy

• 0x104e2c4 wcsrchr

• 0x104e2c8 wcsstr

• 0x104e2cc wprintf

库: SHELL32.DLL:

• 0x104e2d8 ShellExecuteW

库: USER32.dll:

• 0x104e2e4 GetWindow

• 0x104e2e8 FindWindowW

• 0x104e2ec MessageBoxA

• 0x104e2f0 SendMessageA

.itext
.didata
.rsrc
.rdata
.edata
@@CODE
.idata
.reloc
s7S;1
!-Si#
sNOZp
q87|,
HU,y'
96Qv`
0"I7h
?:V2)
0={+BZ(
K9=|>
l!lI6
dmsSd
pR%$zY
.)[%9C
^Bb|{
.+RoF5G
3&:[q
F$u`k
W;|UPs
.*3'`[
nNc0lo
=*|VWi]
4("aZ
Ye8S:.
py54\}P
=Q~my
dkDKrz
GetVersionExA
z?EAH
CharUpperBuffW
USER32.dll
OpenServiceW
OLEAUT32.dll
COMDLG32.dll
BH,\BH
o<BH(
SysFreeString
VerQueryValueA
GetProcessAffinityMask
mBIz,
GDI32.dll
CloseServiceHandle
2@`,fBK`
i<IN:
us]yo
r'#JG
aSj99
1OV-J
1S5qc
mc~d#E
Xn03&S.
uB/X#\tbZ
nhI=9
L1FxmT
?7/r!k
BbIg$
:4w'"
gEds$
acPP{b
eibX,
>q(/-
6BVGr
g0]81
3b63+
{fBBS
77hK&
zA44n
xgX52
J{iA`o
,)lkL
W=tsW
{q;N_;
QD{z/s
obbc1h
?B%<uB
fY%?Y
Y:5w&
/N<=n
Njfct
TwcVX
CiDO3~
$szi*
}[Shc
RvENO
W1yl@
xIt^>
QX|-@HOgno$
6OxR<Q
0EMs?I?
/^poQ
fCCSN
R]kX?n
vEIfim
>pI[FQ;00
Epg_@
U>e#jU2"\|
4oe(q
I;4}'/
;^3e*0
k<'r+
f.KG?w
lS4@*F
Tl?xWr3
CWD@b7
}=xmaB
"_h'h
5}iuw
yzE.s
%vLEE
a%4at
]]&c2
=RPvh*d
|[Awo
t5#tm
GetModuleFileNameW
ImageList_SetIconSize
KERNEL32.dll
/lAHP
GetCurrentThread
SHELL32.dll
ADVAPI32.dll
RegCloseKey
GetCurrentProcess
COMCTL32.dll
EnumServicesStatusExW
LoadLibraryA
SetThreadAffinityMask
GetSaveFileNameA
OpenSCManagerW
GU+w@
|A<Wh_T
BH]QBKY
W<f=y
SHLWAPI.dll
LocalFree
VERSION.dll
SetProcessAffinityMask
WTSAPI32.dll
UnrealizeObject
D:L<l=
; <0?
7#8f?
?'?.?
>,?[?
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;
:f:{:R?
9\=j?
7B;(?
2N6&<
v2v3i7e>
O1o1:;
LocalAlloc
ExitProcess
GetLastError
SHGetSpecialFolderPathA
QueryServiceConfigW
StrStrIA
FreeLibrary
GetKeyboardType
RegQueryValueExA
GetModuleHandleA
WTSSendMessageW
LoadLibraryA
Sleep
EJofFEJn0REIz
aFH:G
3-xGs
GetProcAddress
LoadLibraryA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
AllocConsole
CloseHandle
CreateMutexW
ExitThread
FormatMessageW
GetCommandLineW
GetCommandLineW
SetLastError
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
LoadLibraryA
GetStartupInfoA
GetTempPathA
GetUserDefaultLCID
GetVersionExW
LoadLibraryA
LocalFree
LocalAlloc
SetCurrentDirectoryW
SetUnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
ReadProcessMemory
__getmainargs
__p___argc
__p___argv
__p__environ
__p__fmode
__set_app_type
_cexit
_onexit
_setmode
_snprintf
_snwprintf
_wgetenv
_wputenv
_wstat
_wtoi
atexit
freopen
getenv
malloc
printf
signal
strchr
strlen
strstr
wcscat
wcschr
wcscmp
wcscpy
wcslen
wcsncpy
wcsrchr
wcsstr
wprintf
ShellExecuteW
GetWindow
FindWindowW
MessageBoxA
SendMessageA
ADVAPI32.DLL
KERNEL32.dll
msvcrt.dll
SHELL32.DLL
USER32.dll
hdrlavih8
strlstrh8
vidsDIB 
movi00db
idx1p
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffff`
fffffffffffffffffff
ffffffffffffffffff
fffffffffffffffff
ffffffffffffffff
fffffffffffffff
ffffffffffffff
fffffffffffff
ffffffffffff
fffffffffff
ffffffffff
fffffffff
ffffffff
fffffff
ffffff
fffff
fffff
ffffff
fffffff
ffffffff
fffffffff
fffffffff
ffffffffffffffffffffffo
fffffffff
ffffffffffffffffffffff
ffffffff
fffffffffffffffffffff
fffffff
ffffff
ffffff
ffffff
ffffff
ffffff
ffffff
ffffff
ffffff
wxffffff
ffffff
wxfffff
ffffff
wxffff
ffffff
wxfff
ffffff
ffffff
ffffff
ffffff
ffffff
ffffff
ffffff
fffff
fffff
fffff
fffff
fffff
fffff
fffff
fffff
fffff
fffff
fffff
fffff
fffff
fffff
fffff
fffff
fffff
fffff
fffff
fffff
fffff
fffff
ffffff
fffffff
ffffffff
fffffffff
ffffffffff
fffffffffff
ffffffffffff
fffffffffffff
ffffffffffffff
fffffffffffffff
fffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffff
ffffffffffffffffffffffffffff
fffffffffffffffffffffffffff
ffffffffffffffffffffffffff
fffffffffffffffffffffffff
ffffffffffffffffffffffff
fffffffffffffffffffffff
fffffffffffffffffffffff
fffffffffffffffffffffff
fffffffffffffffffffffff
fffffffffffffffffffffff
fffffffffffffffffffffff
ffffffffffffffffffffffff
ffffffffffffffffffffffff
ffffffffffffffffffffffffff
fffffffffffffffffffffffffff
ffffffffffffffffffffffffffff
fffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffff
ffkfffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffff
ffkffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffff
ffkfffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffff
ffkffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffff
ffkfffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffff
ffkffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffff
ffkfffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffff
ffkffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffff
fkffkffkfffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffff
fkffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffff
fkfffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffff
fkffffffffffffffffffffffffffffffffffffffffffffffff
fkffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffff
kfffffffffffffffffffffffffffffffffffffffffffffffff
kfffffffffffffffffffffffffffffffffffffffffffffffff
kfffffffffffffffffffffffffffffffffffffffffffffffff
ffffffkkkkfffffffffffffffffffffffffffffffffffffffffffffffff
kkfffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffkkkffffffffffffffffffffffffffffffffffffffffffffffff
kffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffff@
fffffffffffffffffffffffffff
fffffffffffffd
DLDDD
fffffffffffffffffffffffff
ffffffffffffffffffffffff
fffffffffffffffffffffff
ffffffffffffffffffffff
LLLB"LLLDDD@ffffffffffffffffffffff
fffffffffffffffffffff
LLD"D@fffffffffffffffffffff
ffffffffffffffffffff
"$D@ffffffffffffffffffff
fffffffffffffffffff
fffffffffffffffffff
$D@fffffffffffffffffff
DD@fffffffffffffffffff
ffffffffffffffffff
ffffffffffffffffff
D@ffffffffffffffffff
LD@ffffffffffffffffff
D@ffffffffffffffffff
fffffffffffffffff
fffffffffffffffff
fffffffffffffffff
fffffffffffffffff
fffffffffffffffff
fffffffffffffffff
fffffffffffffffff
fffffffffffffffff
fffffffffffffffff
fffffffffffffffff
""""B@ffffffffffffffffff
"""",""$$ ffffffffffffffffff
""BB@ffffffffffffffffff
ffffffffffffffffff
ffffffffffffffffff
"""$ fffffffffffffffffff
""""""""""""""B@fffffffffffffffffff
fffffffffffffffffff
fffffffffffffffffff
"""""""""""""@ffffffffffffffffffff
ffffffffffffffffffff
"""""""""" fffffffffffffffffffff
fffffffffffffffffffff
(ffffffffffffffffffffff
ffffffffffffffffffffff
fffffffffffffffffffffff
ffffffffffffffffffffffff
fffffffffffffffffffffffff
fffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
</assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
)7c2373626f65706e6071627474233B21234A73787957445A4B5b4c677570796D64232d21236e6860626E6A6862606470766F75233b21312d2123736773233b21237071666F71627375232D2123656e6F233B21236970737466742F667475627566646d70756966742F68656f232D21236c6f70646C6076736D233b2123697575713B30306664332E36352e3335372e32383a2E3a342F66762e786674752E322F64706e717675662F626e627b706F6278742F64706e3062716a306C6f70646C304873333A6965716655536357505B4f5B565A6D4C6268232d21236470766f75737A233B21237766232D2123786e233B213434322d2123746a7566606A65233b213737342d21236D6E607173706460746F68606470766F75233b21312D2123676A6D666F626E66233b212355464d4647564f4C464F55474d46453433543760746469666e62607165672F736273232D21233335656f74606470766f75233B21323938362d21236d6e60626E6a6862606470766f75233b21312D21236c6F70646C336076736d233b2123697575713B30306664332e36352e3335372e32383a2e3a342f66762E786674752e322F64706e717675662f626e627b706F6278742f64706E3062716a306C6f70646C33304873333A6965716655536357505B4f5b565A6d4c6268232D21236e6860746662736469606470766F75233B21312d2123676A6d66746A7B66233b21312d2123636a6F60656e6f233B21237462646c7475736A6c662F68656F232d212373626f65706E60716274746069627469233B212335356534376532383a666265646238316465313a66633131633A333366383831232D2123656F6d6076736d233b212369757571743B3030676A6d663131352F73763065697a37627465743738627469312f55464D4647564F4c464f55474D46453433543760746469666E62607165672F7362732F69756e6d232D21236d68606a65233b213235333532363239382D21236e68607173706460746f68606470766F75233B2136362D212376756a6D6a757A6065706E626A6F233B2123697575713b30306C70746C6a6f666F2F737630237E
MAINICON
Welcome
MS Sans Serif
RICHEDIT
License Agreement
MS Sans Serif
RICHEDIT
Installation Folder
MS Sans Serif
&Installation Folder
Br&owse...
Please enter the folder where the files should be unpacked.  If the folder does not exist, you will be prompted to create it. 
Password
MS Sans Serif
&Password:
This application has been password protected.  Please provide the password.  Passwords are case-sensitive.
Overwrite Protection
MS Sans Serif
Cancel
Y&es to All
N&o to All
The following file is already installed on your system:
Static
Do you wish to overwrite this file?
MS Sans Serif
Cancel
msctls_progress32
Progress1
SysAnimate32
Animate1
Reading package..."The specified drive does not exist
bytes=There is not enough space on drive %s to extract this package

防病毒引擎/厂商	病毒名/规则匹配	病毒库日期
Bkav	未发现病毒	20170310
MicroWorld-eScan	未发现病毒	20170310
nProtect	未发现病毒	20170310
CMC	未发现病毒	20170310
CAT-QuickHeal	未发现病毒	20170310
ALYac	未发现病毒	20170310
Malwarebytes	未发现病毒	20170310
VIPRE	未发现病毒	20170310
SUPERAntiSpyware	未发现病毒	20170310
CrowdStrike	未发现病毒	20170130
K7GW	未发现病毒	20170310
K7AntiVirus	未发现病毒	20170310
Invincea	generic.a	20170203
Baidu	Win32.Trojan.WisdomEyes.16070401.9500.9989	20170309
Cyren	未发现病毒	20170310
Symantec	ML.Attribute.HighConfidence	20170310
ESET-NOD32	未发现病毒	20170310
Paloalto	未发现病毒	20170310
ClamAV	未发现病毒	20170310
VBA32	未发现病毒	20170310
Kaspersky	未发现病毒	20170310
BitDefender	未发现病毒	20170310
NANO-Antivirus	未发现病毒	20170310
ViRobot	未发现病毒	20170310
Avast	未发现病毒	20170310
Tencent	未发现病毒	20170310
Endgame	malicious (high confidence)	20170222
Emsisoft	未发现病毒	20170310
Comodo	未发现病毒	20170310
F-Secure	未发现病毒	20170310
DrWeb	Trojan.Click2.9790	20170310
Zillya	未发现病毒	20170310
TrendMicro	未发现病毒	20170310
McAfee-GW-Edition	未发现病毒	20170310
TheHacker	未发现病毒	20170308
F-Prot	未发现病毒	20170310
Jiangmin	未发现病毒	20170310
Webroot	未发现病毒	20170310
Avira	TR/Dropper.Gen	20170310
Antiy-AVL	未发现病毒	20170310
Kingsoft	未发现病毒	20170310
Microsoft	未发现病毒	20170310
Arcabit	未发现病毒	20170310
AegisLab	未发现病毒	20170310
ZoneAlarm	未发现病毒	20170310
GData	未发现病毒	20170310
Sophos	未发现病毒	20170310
AhnLab-V3	未发现病毒	20170310
McAfee	未发现病毒	20170310
AVware	未发现病毒	20170310
Ad-Aware	未发现病毒	20170310
Zoner	未发现病毒	20170310
Rising	未发现病毒	None
Yandex	未发现病毒	20170309
Ikarus	PUA.FileTour	20170310
Fortinet	未发现病毒	20170310
AVG	未发现病毒	20170310
Panda	未发现病毒	20170309
Qihoo-360	HEUR/QVM19.1.0000.Malware.Gen	20170310

进程树

TELEFUNKENTFLED32S6_schema_pdf.exe id: 2428

搜索
TELEFUNKENTFLED32S6_schema_pdf.exe (2428)

TELEFUNKENTFLED32S6_schema_pdf.exe, PID: 2428, 上一级进程 PID: 2264

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

文件名	thumbcache_idx.db
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
文件大小	12952 字节
文件类型	data
MD5	ddb6e628e3a9b00e3a03c989505d19e4
SHA1	067c7281d11bd20eee958ee90cbf9bc5c3aa27ca
SHA256	bd989bda4f2d684a7afbbfc8a2bafdab63549be2626232faa286f15f3e923643
CRC32	0BB2643B
Ssdeep	96:ghkU+0dBJ2DljoyQbPBijmnF1EYtGAgrq7VyEPPAnZ:ghkUjdBMuyQganFCEGTrq5PEZ
	下载提交魔盾安全分析

文件名	thumbcache_96.db
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
文件大小	4194304 字节
文件类型	data
MD5	61f3b86fd18bd87b26631d1c0263c663
SHA1	5f561959258336c6bbae31f77492b7006ff58cc9
SHA256	59b2c00eb147dfe6afd5367eb02f75769cea6a71daf67a56dcf947e9c462a75b
CRC32	A1782FA8
Ssdeep	12288:xbOJRVzPzm9PjVB2HP0GTKKmdhdeIhkRnvtP36Ij8wmqycHzsDaGpm:JOVzPtWEUlp
	下载提交魔盾安全分析

文件名	thumbcache_256.db
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
文件大小	5242880 字节
文件类型	data
MD5	0312ba384c809bad9a1b55839c055e81
SHA1	ee596af29a2820ed3837213868ce02ddeaf474e8
SHA256	ace611a59af703da7d6ebb9f15798fbb638c4005deb6f0978dbb034998435f96
CRC32	07A9E903
Ssdeep	49152:itj+Qe5Weddy8adFoJqloRBcJo3jWo1olotIo6WOoDo5ooQUo/onodCo+ofowozy:ujVeEezRadTO5ff0y
	下载提交魔盾安全分析

文件名	thumbcache_sr.db
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
文件大小	24 字节
文件类型	data
MD5	2034995f0bbaa16db835b462eb78152a
SHA1	ce19b1a236f95307067d4979f8dd96c70d69c18a
SHA256	62ce260f5e10fc17bf63faafa39912febf61d20fad51cc11606a295801743799
CRC32	9DDC3F68
Ssdeep	3:illhlnll:ilL
	下载提交魔盾安全分析

文件名	thumbcache_1024.db
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
文件大小	24 字节
文件类型	data
MD5	b623140136560adaf3786e262c01676f
SHA1	7143c103e1d52c99eeaa3b11beb9f02d2c50ca3d
SHA256	ee3e1212dbd47e058e30b119a92f853d3962558065fa3065ad5c1d47654c4140
CRC32	6025C71D
Ssdeep	3:ill0:il
	下载提交魔盾安全分析

文件名	thumbcache_32.db
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
文件大小	1048576 字节
文件类型	data
MD5	b0fbb659c33488d6f9be7983e8f0f35d
SHA1	3b42fe9e4b3ec702c9b6898249f0066e6573cc10
SHA256	b3b5b4afd852053430060e4808d2b2612d26db36e9430c12f4e0b0063fcf50c7
CRC32	26551D70
Ssdeep	3072:GVL1LzZZFL7LUiGLQJLInLOLKLc1Id7T+ZLCL5WLdgLffEegkmgLX+YLTLPLYL/9:f
	下载提交魔盾安全分析

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 188.229 seconds )

165.373 BehaviorAnalysis
16.618 Static
2.153 Dropped
2.115 VirusTotal
0.683 Strings
0.637 TargetInfo
0.435 peid
0.129 AnalysisInfo
0.056 Debug
0.018 config_decoder
0.009 NetworkAnalysis
0.003 Memory

Signatures ( 33.432 seconds )

13.977 injection_createremotethread
9.631 injection_runpe
6.272 stealth_timeout
0.979 antiav_detectreg
0.538 md_bad_drop
0.342 infostealer_ftp
0.196 antianalysis_detectreg
0.186 infostealer_im
0.138 infostealer_mail
0.108 antivm_generic_scsi
0.065 antivm_generic_disk
0.06 mimics_filetime
0.059 recon_fingerprint
0.054 shifu_behavior
0.051 virus
0.048 kibex_behavior
0.048 darkcomet_regkeys
0.043 stealth_file
0.042 reads_self
0.039 bootkit
0.039 antivm_generic_diskreg
0.036 antivm_generic_services
0.036 antisandbox_productid
0.035 betabot_behavior
0.035 geodo_banking_trojan
0.025 vawtrak_behavior
0.022 packer_armadillo_regkey
0.019 antivm_generic_bios
0.018 antiav_detectfile
0.018 antivm_vbox_keys
0.018 recon_programs
0.017 antiemu_wine_func
0.017 antivm_generic_cpu
0.017 antivm_vmware_keys
0.017 antivm_vpc_keys
0.016 antivm_vbox_acpi
0.015 bypass_firewall
0.014 antivm_generic_system
0.013 infostealer_bitcoin
0.01 antiav_avast_libs
0.009 persistence_autorun
0.008 antisandbox_sunbelt_libs
0.008 antidbg_windows
0.008 ransomware_files
0.007 process_interest
0.007 chimera_behavior
0.006 antisandbox_sboxie_libs
0.006 antiav_bitdefender_libs
0.006 process_needed
0.005 injection_explorer
0.004 disables_browser_warn
0.003 tinba_behavior
0.003 browser_security
0.002 hawkeye_behavior
0.002 network_tor
0.002 antisandbox_sleep
0.002 exec_crash
0.002 antiemu_wine_reg
0.002 modify_proxy
0.002 modify_uac_prompt
0.002 rat_pcclient
0.001 infostealer_browser
0.001 antivm_vmware_libs
0.001 antivm_vbox_window
0.001 kazybot_behavior
0.001 antivm_vbox_libs
0.001 creates_nullvalue
0.001 antianalysis_detectfile
0.001 antivm_vbox_devices
0.001 antivm_vmware_files
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 disables_system_restore
0.001 mimics_extension
0.001 modify_security_center_warnings
0.001 network_tor_service
0.001 office_security
0.001 rat_spynet
0.001 sniffer_winpcap
0.001 stealth_hiddenreg
0.001 stealth_hide_notifications
0.001 targeted_flame

Reporting ( 127.379 seconds )

126.536 ReportPDF
0.768 ReportHTMLSummary
0.075 Malheur


Task ID	84506
Mongo ID	58c36f582e063324bd204c20
Cuckoo release	1.4-Maldun