比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2017-08-22 22:08:57 2017-08-22 22:11:28 151 秒

魔盾分数

10.0

Razy病毒

文件详细信息

文件名 yppy.exe
文件大小 236032 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c11b11850a37477b3507d8549d5c4c88
SHA1 2e6cbb4089bede0270a3da1930a481c55fe47428
SHA256 3e73a064af3c238ea9a905da8e56dfcfaae7a93519121ee14f8b07dba17ec798
SHA512 4cb6a82a1f25be2303702a8d06217c83d4bfce77f8264e92aeda945670963e48992cf01ec4a97c9b923610fa40a2b5618caec6d300101d8cf77e5640099d0df3
CRC32 95B3DABF
Ssdeep 6144:stHgt2CYtfrff1W7ZgEreZr/2Q4bysnJzPPODY7r:sytt4Df1WFT+72Q4+spX
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0040672b
声明校验值 0x00045dc1
实际校验值 0x00047c84
最低操作系统版本要求 5.0
PDB路径 V:\Arabian\Compilation\Professiona.pdb
编译时间 2016-04-03 05:46:33
载入哈希 377e8af2d5ddf46f12c872c09b0fa142

版本信息

LegalCopyright
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00005e5f 0x00006000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 5.88
.rdata 0x00007000 0x00029e66 0x0002a000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.85
.data 0x00031000 0x00000bac 0x00000800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.40
.tls 0x00032000 0x00000009 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.rsrc 0x00033000 0x0000795c 0x00007a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.93
.reloc 0x0003b000 0x000011a0 0x00001200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 4.64

导入

库: KERNEL32.dll:
0x407054 LocalReAlloc
0x407058 LocalAlloc
0x40705c lstrlenW
0x407060 lstrcpyW
0x407064 MulDiv
0x407068 OutputDebugStringA
0x40706c LoadLibraryExA
0x407070 lstrcpyA
0x407074 lstrcatA
0x407078 ExitProcess
0x40707c LoadLibraryW
0x407080 CloseHandle
0x407084 FreeLibrary
0x407088 GetProcAddress
0x40708c GetSystemDirectoryA
0x407090 LocalFree
0x407094 GetCurrentProcessId
0x407098 GetCurrentThreadId
0x40709c GetTickCount
0x4070a4 IsDebuggerPresent
0x4070b0 GetCurrentProcess
0x4070b4 TerminateProcess
0x4070b8 GetStartupInfoA
0x4070c0 Sleep
0x4070c4 InterlockedExchange
0x4070c8 GetVersionExA
0x4070cc GetSystemInfo
0x4070d0 CreateFileA
0x4070d4 GetFileSize
0x4070d8 SetEndOfFile
0x4070dc LoadLibraryA
0x407108 GetFileAttributesW
0x40710c lstrlenA
0x407110 GetModuleHandleW
0x407114 GetModuleHandleA
0x407118 GetLastError
库: USER32.dll:
0x40725c GetSysColor
0x407260 LoadCursorA
0x407264 LoadIconA
0x407268 SetWindowTextA
0x40726c DefWindowProcA
0x407270 SendMessageA
0x407274 UpdateWindow
0x407278 SetMenuItemInfoA
0x40727c GetMenuStringA
0x407280 GetMenuItemInfoA
0x407284 GetMenuItemID
0x407288 CharLowerA
0x40728c GetMenuState
0x407290 GetMenuItemCount
0x407294 CreateWindowExW
0x407298 TrackPopupMenuEx
0x40729c InsertMenuItemA
0x4072a0 ReleaseDC
0x4072a4 GetDC
0x4072a8 LoadImageA
0x4072ac RegisterClassExA
0x4072b0 MessageBoxA
0x4072b4 wsprintfA
0x4072b8 GetSubMenu
0x4072bc EndPaint
0x4072c0 FillRect
0x4072c4 BeginPaint
0x4072c8 SendDlgItemMessageA
0x4072cc GetDlgItem
0x4072d0 EndDeferWindowPos
0x4072d4 SetActiveWindow
0x4072d8 DeferWindowPos
0x4072dc BeginDeferWindowPos
0x4072e4 GetSystemMetrics
0x4072e8 DrawFrameControl
0x4072ec GetWindowLongA
0x4072f0 SetTimer
0x4072f4 InvalidateRect
0x4072f8 FindWindowA
0x407300 SetCursorPos
0x407304 GetParent
0x407308 GetWindowRect
0x40730c PtInRect
0x407310 IsWindowVisible
0x407314 GetCursorPos
0x407318 ScreenToClient
0x40731c GetClientRect
0x407320 KillTimer
0x407324 SetFocus
0x40732c SetForegroundWindow
0x407330 GetDesktopWindow
0x407334 GetWindow
库: GDI32.dll:
0x407018 CreateFontA
0x40701c GetDeviceCaps
0x407020 SaveDC
0x407024 DeleteDC
0x407028 TextOutA
0x40702c SelectObject
0x407030 CreateCompatibleDC
0x407034 CreateFontIndirectA
0x407038 DeleteObject
0x40703c RestoreDC
0x407044 GetStockObject
0x40704c SetTextColor
库: COMDLG32.dll:
0x407010 GetOpenFileNameA
库: ADVAPI32.dll:
0x407000 GetTraceEnableLevel
0x407004 RegCloseKey
库: SHELL32.dll:
0x407248 SHGetFileInfoW
库: ole32.dll:
0x407354 CoInitialize
0x407358 CoCreateInstance
0x40735c CoGetObject
0x407360 StringFromGUID2
库: OLEAUT32.dll:
0x407200 SafeArrayCreate
0x407208 SafeArrayAccessData
0x40720c SafeArrayDestroy
0x407214 SafeArrayPutElement
库: WININET.dll:
0x40733c InternetCloseHandle
库: MSVCP90.dll:
库: SHLWAPI.dll:
0x407254 PathIsUNCServerA
库: SETUPAPI.dll:
库: wsnmp32.dll:
0x407368 None
库: Wlanapi.dll:
0x407344 WlanOpenHandle
0x407348 WlanScan
0x40734c WlanCloseHandle
库: MSVCR90.dll:
0x407134 _onexit
0x407138 _lock
0x40713c __dllonexit
0x407140 _unlock
0x407144 _crt_debugger_hook
0x40714c ?terminate@@YAXXZ
0x407150 __set_app_type
0x407154 _encode_pointer
0x407158 __p__fmode
0x40715c __p__commode
0x407160 _adjust_fdiv
0x407164 __setusermatherr
0x407168 _configthreadlocale
0x40716c _initterm_e
0x407170 _initterm
0x407174 _acmdln
0x407178 _ismbblead
0x40717c _XcptFilter
0x407180 _exit
0x407184 _cexit
0x407188 __getmainargs
0x40718c _amsg_exit
0x407190 malloc
0x407194 sprintf
0x407198 printf
0x40719c _decode_pointer
0x4071a0 __iob_func
0x4071a4 fprintf
0x4071a8 free
0x4071ac exit
0x4071b0 memmove_s
0x4071b4 ??2@YAPAXI@Z
0x4071c0 _CxxThrowException
0x4071c4 memset
0x4071c8 _getdrive
0x4071cc _mbsicmp
0x4071d0 _mbschr
0x4071d4 __CxxFrameHandler3
0x4071dc ??3@YAXPAX@Z
0x4071e8 _controlfp_s
0x4071ec _invoke_watson
0x4071f8 swprintf_s
.text
`.rdata
@.data
.rsrc
@.reloc
Vhlt@
bad allocation
G<)LN
$GL;L
F<>,I
_(`&[
8zwJ8
dF06%
>eMj!
|!9F0
vector<T> too long
This application will now terminate.
UnBufCp1
MessageBox Pasifika Cksum filename
%.2d/%.2d/%.4d %.2d:%.2d
Dos drive names:
IsThemeActive
uxtheme.dll
shell32.dll
kernel32
ReAlloc
Alloc
Save current changes in %s?
Kuck Closing VR
WMIRL exit architectures AllWindows Merge
pervade overlapping Sky instance
Popov solutions
triggers Also RECOMMENDATION
Apache
Nerf curve Erdmann magnifying
Pap expression
ActivityExecutionContext
produce Violet
unrealistic Charger
ScLk OnSelectionChanged
refuge What surname subscribing
OpenBSD redefined sales Forth
Xml Boots financial findings
Actima Modulator operation photocopy
represent defecting Rocket
mortgage Now was
Information Powerpoint Automatic Swahili
subwoofers types Harmony adults
software
original synonyms
Audacity Pumping Gutter
RENAME enumerator DTS Analogue
benzene Mailboxes couch magVSData
Anecdotal English
Benefit Widow verbally
screws
terrific Real mention connected devoting
adaptable
Bommarito AdInsight
s typically tales
Sysinfo relation Matter yield
s repudiation Members dropping iterating
powerfully brings technologies quantum Aire
\%s\%s
InstallSelectedDriver
93 got
dumping suitable adventure contents Lincoln
1623 locus scurry
encountering Implementation sprites
Employers Thexton Generation Pearl
Vicki
confederates catering Reservations
specified shorter
Remote calculated relax
INITGUID Memorial retain coexistence
CBE broadcasters
logger done
from
necessities unrestrained Kildall relearn Attribute
Modern Scale
344 Disassemble
changer Many Countif groom priest
V:\Arabian\Compilation\Professiona.pdb
LoadLibraryA
GetModuleHandleA
GetModuleHandleW
lstrlenA
GetFileAttributesW
SetTimeZoneInformation
EnumSystemCodePagesW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointA
GetLogicalDriveStringsA
FindVolumeMountPointClose
FindNextVolumeMountPointA
FindFirstVolumeMountPointA
CreateIoCompletionPort
SetEndOfFile
GetFileSize
CreateFileA
GetSystemInfo
GetVersionExA
LocalFree
LocalReAlloc
LocalAlloc
lstrlenW
lstrcpyW
MulDiv
OutputDebugStringA
LoadLibraryExA
lstrcpyA
lstrcatA
ExitProcess
LoadLibraryW
CloseHandle
FreeLibrary
GetProcAddress
GetSystemDirectoryA
GetLastError
KERNEL32.dll
DefWindowProcA
GetSysColor
LoadCursorA
LoadIconA
SetWindowTextA
CharLowerA
SendMessageA
UpdateWindow
SetMenuItemInfoA
GetMenuStringA
GetMenuItemInfoA
GetMenuItemID
GetMenuState
GetMenuItemCount
CreateWindowExW
TrackPopupMenuEx
InsertMenuItemA
ReleaseDC
GetDC
LoadImageA
RegisterClassExA
MessageBoxA
wsprintfA
GetSubMenu
EndPaint
FillRect
BeginPaint
SendDlgItemMessageA
GetDlgItem
EndDeferWindowPos
SetActiveWindow
DeferWindowPos
BeginDeferWindowPos
GetWindow
GetDesktopWindow
SetForegroundWindow
GetWindowThreadProcessId
SetFocus
KillTimer
GetClientRect
ScreenToClient
GetCursorPos
IsWindowVisible
PtInRect
GetWindowRect
GetParent
SetCursorPos
ChildWindowFromPoint
FindWindowA
InvalidateRect
SetTimer
GetWindowLongA
DrawFrameControl
GetSystemMetrics
SystemParametersInfoA
USER32.dll
SetTextColor
GetStockObject
GetTextExtentPoint32A
RestoreDC
DeleteObject
TextOutA
CreateFontA
GetDeviceCaps
SaveDC
DeleteDC
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
CreateFontIndirectA
GDI32.dll
GetOpenFileNameA
COMDLG32.dll
CryptAcquireContextA
RegCloseKey
GetTraceEnableLevel
ADVAPI32.dll
SHGetFileInfoW
SHELL32.dll
CoGetObject
StringFromGUID2
CoCreateInstance
CoInitialize
ole32.dll
OLEAUT32.dll
InternetCloseHandle
WININET.dll
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
MSVCP90.dll
PathUnExpandEnvStringsA
PathIsUNCServerA
SHLWAPI.dll
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiGetSelectedDriverA
SetupDiCallClassInstaller
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsA
SetupDiGetDeviceInstallParamsA
SetupDiSetSelectedDevice
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoList
SETUPAPI.dll
wsnmp32.dll
WlanCloseHandle
WlanScan
WlanOpenHandle
Wlanapi.dll
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??3@YAXPAX@Z
??0exception@std@@QAE@XZ
__CxxFrameHandler3
_mbschr
_mbsicmp
_getdrive
memset
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
??2@YAPAXI@Z
memmove_s
fprintf
__iob_func
swprintf_s
printf
sprintf
malloc
MSVCR90.dll
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
Lcd,$
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVtype_info@@
333333333333333333
33333333?333333
33?33
33833
333333333333333333
33333
333333333333333333
33333333?333333
33?33
33833
333333333333333333
33833
338?3
C33333833?33
3334JC33333338?333
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
>3>V>
List Item #
listbox
kernel32
BBIGNORE
MS Shell Dlg 2
msctls_progress32
OneDrive
Google Chrome Canary
VS_VERSION_INFO
StringFileInfo
040904b0
FileDescription
Hereafter Iepm Higher Terminate
CompanyName
Incomedia s.r.l.
FileVersion
7.5.7.4
ProductName
Engines Compuet
LegalCopyright
Copyright (c) 2006-2014 Incomedia s.r.l.
ProductVersion
7.5.7.4
VarFileInfo
Translation
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20170821
MicroWorld-eScan Gen:Variant.Razy.37493 20170821
nProtect Trojan-Spy/W32.ZBot.236032.AL 20170821
CMC 未发现病毒 20170821
CAT-QuickHeal 未发现病毒 20170821
McAfee Trojan-FKZH!C11B11850A37 20170821
Cylance Unsafe 20170822
Zillya Trojan.Zbot.Win32.195257 20170821
TheHacker 未发现病毒 20170821
K7GW Trojan ( 004e21b01 ) 20170821
K7AntiVirus Trojan ( 004e21b01 ) 20170821
Invincea heuristic 20170818
Baidu 未发现病毒 20170817
Cyren 未发现病毒 20170821
Symantec 未发现病毒 20170821
ESET-NOD32 a variant of Win32/Kryptik.ETDE 20170821
TrendMicro-HouseCall Mal_SageCrypt-1h 20170821
Paloalto 未发现病毒 20170822
ClamAV BC.Win.Packer.Troll-14 20170821
Kaspersky Trojan-Spy.Win32.Zbot.wlvi 20170821
BitDefender Gen:Variant.Razy.37493 20170822
NANO-Antivirus Trojan.Win32.Zbot.emfrvy 20170821
ViRobot 未发现病毒 20170821
SUPERAntiSpyware 未发现病毒 20170822
Avast Win32:Malware-gen 20170822
Rising Malware.Undefined!8.C (tfe:5:ifUvH2pJh9U) 20170821
Ad-Aware Gen:Variant.Razy.37493 20170822
Sophos 未发现病毒 20170821
Comodo 未发现病毒 20170821
F-Secure Gen:Variant.Razy.37493 20170821
DrWeb Trojan.Siggen6.32796 20170821
VIPRE 未发现病毒 20170821
TrendMicro Mal_SageCrypt-1h 20170821
McAfee-GW-Edition BehavesLike.Win32.Downloader.dc 20170822
Emsisoft Gen:Variant.Razy.37493 (B) 20170821
Ikarus Trojan-PSW.Win32.Fareit 20170821
F-Prot 未发现病毒 20170821
Jiangmin TrojanSpy.Zbot.fboa 20170822
Webroot W32.Trojan.Gen 20170822
Avira 未发现病毒 20170822
Antiy-AVL Trojan[Spy]/Win32.Zbot 20170822
Kingsoft 未发现病毒 20170822
Microsoft 未发现病毒 20170822
Endgame malicious (high confidence) 20170821
Arcabit Trojan.Razy.D9275 20170821
AegisLab 未发现病毒 20170821
ZoneAlarm Trojan-Spy.Win32.Zbot.wlvi 20170822
GData Gen:Variant.Razy.37493 20170822
AhnLab-V3 未发现病毒 20170821
ALYac Gen:Variant.Razy.37493 20170822
AVware 未发现病毒 20170822
MAX malware (ai score=89) 20170821
VBA32 未发现病毒 20170821
Malwarebytes Trojan.Zbot 20170822
WhiteArmor 未发现病毒 20170817
Zoner 未发现病毒 20170822
Tencent 未发现病毒 20170822
Yandex TrojanSpy.Zbot!nZKqmPrQ4jQ 20170821
SentinelOne static engine - malicious 20170806
Fortinet W32/Generic.AC.33EEDF!tr 20170821
AVG Win32:Malware-gen 20170822
Panda Trj/GdSda.A 20170821
CrowdStrike 未发现病毒 20170804
Qihoo-360 未发现病毒 20170822

进程树

yppy.exe, PID: 2216, 上一级进程 PID: 2060
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 19.209 seconds )

  • 12.193 Suricata
  • 2.321 Static
  • 2.024 VirusTotal
  • 1.289 TargetInfo
  • 0.437 peid
  • 0.32 BehaviorAnalysis
  • 0.261 Debug
  • 0.25 NetworkAnalysis
  • 0.065 AnalysisInfo
  • 0.043 Strings
  • 0.005 Memory
  • 0.001 config_decoder

Signatures ( 0.408 seconds )

  • 0.237 md_bad_drop
  • 0.023 md_url_bl
  • 0.02 antiav_detectreg
  • 0.013 md_domain_bl
  • 0.009 infostealer_ftp
  • 0.008 persistence_autorun
  • 0.008 antiav_detectfile
  • 0.008 ransomware_files
  • 0.007 stealth_timeout
  • 0.007 ransomware_extensions
  • 0.006 infostealer_im
  • 0.005 infostealer_bitcoin
  • 0.004 antianalysis_detectreg
  • 0.004 disables_browser_warn
  • 0.004 infostealer_mail
  • 0.003 tinba_behavior
  • 0.003 injection_createremotethread
  • 0.003 antivm_vbox_files
  • 0.003 geodo_banking_trojan
  • 0.002 antivm_generic_disk
  • 0.002 injection_runpe
  • 0.002 bot_drive
  • 0.002 modify_proxy
  • 0.002 browser_security
  • 0.001 network_tor
  • 0.001 bootkit
  • 0.001 reads_self
  • 0.001 betabot_behavior
  • 0.001 mimics_filetime
  • 0.001 stealth_file
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 virus
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 mimics_extension
  • 0.001 modify_security_center_warnings
  • 0.001 modify_uac_prompt
  • 0.001 office_security
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications

Reporting ( 1.211 seconds )

  • 0.687 ReportHTMLSummary
  • 0.524 Malheur
Task ID 111348
Mongo ID 599c3ba62e063333a3c253e6
Cuckoo release 1.4-Maldun