分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp04-3 | 2017-07-07 22:09:37 | 2017-07-07 22:12:01 | 144 秒 |
魔盾分数
10.0
危险的
文件详细信息
| 文件名 | e.exe |
|---|---|
| 文件大小 | 483328 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | c0fb5863d4bbd92fb5870e2ce85a9aa8 |
| SHA1 | 913023993c19a10c5bb2c4e9ac80ebe3cc5f5af7 |
| SHA256 | e44165481d5200e85873dec33779d442cf420a02e4ca4af4f1d2ef804c9edfcf |
| SHA512 | b78b5f32685eb8f59d1175c2c5e903ef9c8d7f6ca013d9f1acf8c511b8efbfe4ac451735efd2b1aca058f9d2645b085bcec98fe9eaa1772d4f0301d18f571db4 |
| CRC32 | 77BE99B9 |
| Ssdeep | 6144:q4HViBRagOPlrf7qfcnlNDBp/RbVtCRL1lMoLHPYCJi8xcBYhM+gSnC:RHVCRWlPqgb98R4oDPNJ72BU3gV |
| Yara | 登录查看Yara规则 |
| 样本下载 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x00409ca9 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x0007e954 |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2017-07-07 15:08:31 |
| 载入哈希 | 07b361eeb8ec09d583d219650e6cb531 |
版本信息
| LegalCopyright | |
|---|---|
| InternalName | |
| FileVersion | |
| CompanyName | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00013dfa | 0x00014000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.63 |
| .rdata | 0x00015000 | 0x00002e50 | 0x00003000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.24 |
| .data | 0x00018000 | 0x00082578 | 0x0005d000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 6.17 |
| .rsrc | 0x0009b000 | 0x00000490 | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 1.55 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| RT_VERSION | 0x0009b0a0 | 0x0000026c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.22 | data |
| RT_MANIFEST | 0x0009b310 | 0x0000017d | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.91 | XML 1.0 document text |
导入
库: ole32.dll:
• 0x4151f4 OleUninitialize
• 0x4151f8 OleInitialize
• 0x4151fc CoTaskMemFree
• 0x415200 CoTaskMemAlloc
• 0x415204 StringFromCLSID
• 0x415208 CoCreateInstance
• 0x41520c CoUninitialize
• 0x415210 CoInitialize
库: KERNEL32.dll:
• 0x415010 GetStringTypeW
• 0x415014 CompareStringA
• 0x415018 SetEnvironmentVariableA
• 0x41501c GetLocaleInfoA
• 0x415020 GetThreadPriority
• 0x415024 HeapAlloc
• 0x415028 GetProcessHeap
• 0x41502c BeginUpdateResourceW
• 0x415030 CloseHandle
• 0x415034 CompareStringW
• 0x415038 CreateDirectoryW
• 0x41503c CreateEventW
• 0x415040 CreateFileW
• 0x415044 CreateFileMappingW
• 0x415048 CreateThread
• 0x41504c DeleteCriticalSection
• 0x415050 DeleteFileW
• 0x415054 EndUpdateResourceW
• 0x415058 EnterCriticalSection
• 0x41505c EnumCalendarInfoW
• 0x415060 EnumResourceNamesW
• 0x415064 EnumSystemLocalesW
• 0x415068 FileTimeToDosDateTime
• 0x41506c FileTimeToLocalFileTime
• 0x415070 FileTimeToSystemTime
• 0x415074 FindClose
• 0x415078 FindFirstFileW
• 0x41507c FindNextFileW
• 0x415080 FindResourceW
• 0x415084 FormatMessageW
• 0x415088 FreeLibrary
• 0x41508c FreeResource
• 0x415090 GetACP
• 0x415094 GetCPInfo
• 0x415098 GetCPInfoExW
• 0x41509c GetCurrentProcess
• 0x4150a0 GetCurrentProcessId
• 0x4150a4 GetCurrentThread
• 0x4150a8 GetCurrentThreadId
• 0x4150ac GetDateFormatW
• 0x4150b0 GetDiskFreeSpaceW
• 0x4150b4 GetDriveTypeW
• 0x4150b8 GetExitCodeThread
• 0x4150bc GetFileAttributesW
• 0x4150c0 GetFileAttributesExW
• 0x4150c4 GetFileSize
• 0x4150c8 GetFullPathNameW
• 0x4150cc GetLastError
• 0x4150d0 GetLocalTime
• 0x4150d4 GetLocaleInfoW
• 0x4150d8 GetLogicalDriveStringsW
• 0x4150dc GetLogicalDrives
• 0x4150e0 GetModuleFileNameW
• 0x4150e4 GetModuleHandleW
• 0x4150e8 GetPrivateProfileStringW
• 0x4150ec GetProcAddress
• 0x4150f0 GetLongPathNameW
• 0x4150f4 GetStdHandle
• 0x4150f8 GetSystemDefaultLangID
• 0x4150fc GetSystemTimes
• 0x415100 GetTempPathW
• 0x415104 GetThreadLocale
• 0x415108 GetTickCount
• 0x41510c GetTimeZoneInformation
• 0x415110 GetVersion
• 0x415114 GetVersionExW
• 0x415118 GetVolumeInformationW
• 0x41511c GlobalAddAtomW
• 0x415120 GlobalAlloc
• 0x415124 GlobalDeleteAtom
• 0x415128 GlobalFindAtomW
• 0x41512c GlobalFree
• 0x415130 GlobalLock
• 0x415134 GlobalUnlock
• 0x415138 HeapCreate
• 0x41513c HeapDestroy
• 0x415140 HeapFree
• 0x415144 HeapSize
• 0x415148 InitializeCriticalSection
• 0x41514c IsValidLocale
• 0x415150 GetSystemTimeAsFileTime
• 0x415154 GetCommandLineA
• 0x415158 GetStartupInfoA
• 0x41515c TerminateProcess
• 0x415160 UnhandledExceptionFilter
• 0x415164 SetUnhandledExceptionFilter
• 0x415168 IsDebuggerPresent
• 0x41516c GetModuleHandleA
• 0x415170 WideCharToMultiByte
• 0x415174 Sleep
• 0x415178 ExitProcess
• 0x41517c WriteFile
• 0x415180 GetModuleFileNameA
• 0x415184 FreeEnvironmentStringsA
• 0x415188 GetEnvironmentStrings
• 0x41518c FreeEnvironmentStringsW
• 0x415190 GetEnvironmentStringsW
• 0x415194 SetHandleCount
• 0x415198 GetFileType
• 0x41519c TlsGetValue
• 0x4151a0 TlsAlloc
• 0x4151a4 TlsSetValue
• 0x4151a8 TlsFree
• 0x4151ac InterlockedIncrement
• 0x4151b0 SetLastError
• 0x4151b4 InterlockedDecrement
• 0x4151b8 VirtualFree
• 0x4151bc QueryPerformanceCounter
• 0x4151c0 GetOEMCP
• 0x4151c4 IsValidCodePage
• 0x4151c8 LeaveCriticalSection
• 0x4151cc LoadLibraryA
• 0x4151d0 InitializeCriticalSectionAndSpinCount
• 0x4151d4 VirtualAlloc
• 0x4151d8 HeapReAlloc
• 0x4151dc RtlUnwind
• 0x4151e0 LCMapStringA
• 0x4151e4 MultiByteToWideChar
• 0x4151e8 LCMapStringW
• 0x4151ec GetStringTypeA
.text
`.rdata
@.data
.rsrc
jXh oA
YQPVh
j,hHoA
YhPRA
u&h@cA
F\xcA
F\=xcA
j hXqA
GWhPeA
FVhPeA
SVWUj
EV_HMAC_PMODE_SCAN_ENABLE
EV_MMAC_UCODE_INDICATION_SPECTRUM_MEASURE_ABORT
EV_MMAC_OID_GEN_STATISTICS
STATUS_TOO_MANY_PAGING_FILES
Moh Enable: %d
DllGetVersion
MMACRFKILL
dpDeactivateDataPump (%s): save v90 fast params.
EV_MMAC_OID_REASSOCIATION
SymAgc Gain %f
m_RxAgcControl.m_Enable
STATUS_POWER_STATE_INVALID
OpenDataPump - %s handle returned 0x%x
STATUS_NOT_SERVER_SESSION
sc-win32-status
Effective Max Rate %d
RECIPIENT_DELBA_WFP
EC_MU4
TxUP_Cpt
1,128,129,130,131,132,133|7200,8000|0|0
Logical Disk Manager could not dismount a volume
STATUS_INVALID_QUOTA_LOWER
Enum1394.pdb
EV_MMAC_OID_RLC_NONDIR_STATISTICS
dpControl ( DPAL_CONTROL_MAX_TX_RATE) - Wrong pControl->ControlSize
Encoding law: %c_LAW
MFC 6550
>@.~@
e+000
GAIsProcessorFeaturePresent
KERNEL32
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
CorExitProcess
runtime error
Microsoft Visual C++ Runtime Library
<program name unknown>
Program:
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
1#QNAN
1#INF
1#IND
1#SNAN
CoInitialize
CoUninitialize
CoCreateInstance
StringFromCLSID
CoTaskMemAlloc
CoTaskMemFree
OleInitialize
OleUninitialize
ole32.dll
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
ADVAPI32.dll
HeapAlloc
GetProcessHeap
BeginUpdateResourceW
CloseHandle
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileW
CreateFileMappingW
CreateThread
DeleteCriticalSection
DeleteFileW
EndUpdateResourceW
EnterCriticalSection
EnumCalendarInfoW
EnumResourceNamesW
EnumSystemLocalesW
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FindResourceW
FormatMessageW
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCPInfoExW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetDriveTypeW
GetExitCodeThread
GetFileAttributesW
GetFileAttributesExW
GetFileSize
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoW
GetLogicalDriveStringsW
GetLogicalDrives
GetModuleFileNameW
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetLongPathNameW
GetStdHandle
GetSystemDefaultLangID
GetSystemTimes
GetTempPathW
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExW
GetVolumeInformationW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFree
GlobalLock
GlobalUnlock
HeapCreate
HeapDestroy
HeapFree
HeapSize
InitializeCriticalSection
IsValidLocale
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
WideCharToMultiByte
Sleep
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
VirtualFree
QueryPerformanceCounter
GetOEMCP
IsValidCodePage
LeaveCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
VirtualAlloc
HeapReAlloc
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CompareStringA
SetEnvironmentVariableA
KERNEL32.dll
m_EnergyCount %f
Pc]Y/e
+O/~@
9=q/nI
X560P#6
a>,q?a
3>k?V
7dQK8D
sE#Pe
>lokqCf)
LTOr$1
5ok)T
}M-d2(
z|)GB
?c'"_v
Y<?>.u"
)],C)
}rbn:
os59uJ
'~(m>z
BVx:-
Z*?MA_
?l=hsG
d,i@U
.0\@t
5t,uw
;@X_3
t>}|T
\W+b=}N41
fKl=\
E(WE-Y
|7)Hts$
k",?']
7DF{?
BBr^~
Fr_Q?
{+>$|C
^y),iQ
o4UkH
K&\E0
b4Oo@
0:s89
7-)lt
FyR3m
4(;Ss
_$VdR:
TcGj6*
+V<l1
1R\vl
vAIJ'v
fmg@[
T*4iC
.J2;8
K4KeE
N{r!R
wI:qAM:
0LvlqW
`,W%d
i.q$L9
oF,g{
R0+oF
xev#L
Q"vme
B#1)?
F-<sn5
)eH]6
dK5B`
9v 9#
Jx&$Z
?B42e9AE
--P@b'
-JZ:a
i& EJ
P(QoO
TB{e5
Q;8-@
mgABOln
7OD+,
Yal%+Q{
ss'Q|
Q[7\*
SM2l&
8FL97
m.aSS
+7x@s
Y8]u\
s\dk
p=0p I
D\F-K
P_hs+
|@`V[
@Y[tj
u(iI@
!\TB%uo
3zy@K
N aqnu
+vgx[d!
Ts\jPK8h
4@>B$
&~rL<
Ur+do
a.}U]
>a/qA
c~att
27~g,
!IDM!
{Qb@_4
]'BC,
kF'd%0
;AKZ}
A?ss_#
^f<oR
.60#D{P1SXa
8?wQ)]
K{J7
Zw|wS
V<j6Nm
r<b~V
(QO]lM
Set Event: %s T:%dms
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
mscoree.dll
KERNEL32.DLL
VS_VERSION_INFO
StringFileInfo
04090000
CompanyName
Zello Inc
FileDescription
Zello
FileVersion
1.43.0.0
InternalName
Zello
LegalCopyright
2007-2014 Zello Inc
ProductName
Zello
ProductVersion
1.43.0.0
VarFileInfo
Translation
| 防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
|---|---|---|
| Bkav | 未发现病毒 | 20170706 |
| MicroWorld-eScan | 未发现病毒 | 20170707 |
| nProtect | 未发现病毒 | 20170707 |
| CMC | 未发现病毒 | 20170707 |
| CAT-QuickHeal | 未发现病毒 | 20170707 |
| McAfee | 未发现病毒 | 20170707 |
| Cylance | 未发现病毒 | 20170707 |
| VIPRE | 未发现病毒 | 20170707 |
| AegisLab | Ml.Attribute.Gen!c | 20170707 |
| TheHacker | 未发现病毒 | 20170707 |
| K7GW | 未发现病毒 | 20170707 |
| K7AntiVirus | 未发现病毒 | 20170707 |
| TrendMicro | 未发现病毒 | 20170707 |
| Baidu | Win32.Trojan.WisdomEyes.16070401.9500.9990 | 20170707 |
| Cyren | 未发现病毒 | 20170707 |
| Symantec | Trojan Horse | 20170707 |
| ESET-NOD32 | 未发现病毒 | 20170707 |
| TrendMicro-HouseCall | 未发现病毒 | 20170707 |
| Avast | 未发现病毒 | 20170707 |
| ClamAV | 未发现病毒 | 20170707 |
| Kaspersky | UDS:DangerousObject.Multi.Generic | 20170707 |
| BitDefender | 未发现病毒 | 20170707 |
| NANO-Antivirus | 未发现病毒 | 20170707 |
| ViRobot | 未发现病毒 | 20170707 |
| Tencent | 未发现病毒 | 20170707 |
| Ad-Aware | 未发现病毒 | 20170707 |
| Emsisoft | 未发现病毒 | 20170707 |
| Comodo | 未发现病毒 | 20170707 |
| F-Secure | 未发现病毒 | 20170707 |
| DrWeb | 未发现病毒 | 20170707 |
| Zillya | 未发现病毒 | 20170707 |
| Invincea | heuristic | 20170607 |
| McAfee-GW-Edition | 未发现病毒 | 20170706 |
| Sophos | 未发现病毒 | 20170707 |
| Ikarus | 未发现病毒 | 20170707 |
| F-Prot | 未发现病毒 | 20170707 |
| Jiangmin | 未发现病毒 | 20170707 |
| Webroot | W32.Trojan.Gen | 20170707 |
| Avira | TR/Crypt.ZPACK.ifaet | 20170707 |
| Antiy-AVL | 未发现病毒 | 20170707 |
| Kingsoft | 未发现病毒 | 20170707 |
| Microsoft | 未发现病毒 | 20170707 |
| Endgame | malicious (high confidence) | 20170706 |
| Arcabit | 未发现病毒 | 20170707 |
| SUPERAntiSpyware | 未发现病毒 | 20170707 |
| ZoneAlarm | UDS:DangerousObject.Multi.Generic | 20170707 |
| GData | 未发现病毒 | 20170707 |
| AhnLab-V3 | 未发现病毒 | 20170707 |
| ALYac | 未发现病毒 | 20170707 |
| AVware | 未发现病毒 | 20170707 |
| MAX | 未发现病毒 | 20170707 |
| VBA32 | 未发现病毒 | 20170707 |
| Malwarebytes | 未发现病毒 | 20170707 |
| Panda | Trj/Genetic.gen | 20170707 |
| Zoner | 未发现病毒 | 20170707 |
| Rising | 未发现病毒 | 20170707 |
| Yandex | 未发现病毒 | 20170706 |
| SentinelOne | static engine - malicious | 20170516 |
| Fortinet | 未发现病毒 | 20170629 |
| AVG | 未发现病毒 | 20170707 |
| Paloalto | generic.ml | 20170707 |
| CrowdStrike | malicious_confidence_100% (W) | 20170420 |
| Qihoo-360 | 未发现病毒 | 20170707 |
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 14.663 seconds )
- 9.121 Suricata
- 2.076 VirusTotal
- 1.385 TargetInfo
- 1.049 Static
- 0.585 peid
- 0.257 Debug
- 0.09 AnalysisInfo
- 0.062 Strings
- 0.029 BehaviorAnalysis
- 0.006 NetworkAnalysis
- 0.002 Memory
- 0.001 config_decoder
Signatures ( 0.284 seconds )
- 0.17 md_bad_drop
- 0.018 antiav_detectreg
- 0.008 persistence_autorun
- 0.008 infostealer_ftp
- 0.008 ransomware_files
- 0.007 antiav_detectfile
- 0.007 ransomware_extensions
- 0.005 infostealer_bitcoin
- 0.005 infostealer_im
- 0.004 antianalysis_detectreg
- 0.004 disables_browser_warn
- 0.003 tinba_behavior
- 0.003 antivm_vbox_files
- 0.003 geodo_banking_trojan
- 0.003 infostealer_mail
- 0.002 antiemu_wine_func
- 0.002 bot_drive
- 0.002 modify_proxy
- 0.002 browser_security
- 0.002 modify_uac_prompt
- 0.001 network_tor
- 0.001 betabot_behavior
- 0.001 kibex_behavior
- 0.001 shifu_behavior
- 0.001 stealth_timeout
- 0.001 antianalysis_detectfile
- 0.001 antidbg_devices
- 0.001 banker_zeus_mutex
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 disables_system_restore
- 0.001 mimics_extension
- 0.001 modify_security_center_warnings
- 0.001 office_security
- 0.001 rat_pcclient
- 0.001 rat_spynet
- 0.001 stealth_hiddenreg
- 0.001 stealth_hide_notifications
Reporting ( 0.959 seconds )
- 0.686 ReportHTMLSummary
- 0.273 Malheur
| Task ID | 104251 |
|---|---|
| Mongo ID | 595f96c1aee6ab79840ec5ba |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号