比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2018-01-02 16:04:25 2018-01-02 16:04:58 33 秒

魔盾分数

0.5

正常的

文件详细信息

文件名 FLTLDR.EXE
文件大小 120160 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 55d4acd4b1f8c060e4e880c213e5eb79
SHA1 c902866e5a10554e44b4e743ceabd5d687a51484
SHA256 7a7f3d1d777a49848bb8e4e344b7e6d75819345b4fe27b8ebf836618a8ad8d73
SHA512 b60cc303c2324ab7d93b8afa479a868d98ea117968f4d7233c27f5c9856f266e245324634548daadb32b9b9affab1e2530fdf9bb8248281f2fb671153f334bda
CRC32 65AE52F3
Ssdeep 3072:ECpyCxUawypmgPBQoV6cKZSKZneLFZJgdTSeGOjw1qLT49oG:ECfxUawyoEBQqKZSen86dTS9OTLkJ
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x2e000000
入口地址 0x2e0058b2
声明校验值 0x00022cb8
实际校验值 0x00022cb8
最低操作系统版本要求 5.1
PDB路径 t:\filters\x86\ship\0\fltldr.pdb\x0086\ship\0\fltldr.exe\bbtopt\fltldrO.pdb
编译时间 2010-02-04 19:40:00
载入哈希 da3ba876e0cfebfa864118af5a518ae1

微软证书验证 (Sign Tool)

SHA1 时间戳 有效性 错误
6f6acdfff8730a49be9eabea8d1a1ad099b73427 Thu Feb 04 19:42:29 2010
证书链 Certificate Chain 1
发行给 Microsoft Root Authority
发行人 Microsoft Root Authority
有效期 Thu Dec 31 150000 2020
SHA1 哈希 a43489159a520f0d93d032ccaf37e7fe20a8b419
证书链 Certificate Chain 2
发行给 Microsoft Code Signing PCA
发行人 Microsoft Root Authority
有效期 Sat Aug 25 150000 2012
SHA1 哈希 3036e3b25b88a55b86fc90e6e9eaad5081445166
证书链 Certificate Chain 3
发行给 Microsoft Corporation
发行人 Microsoft Code Signing PCA
有效期 Tue Mar 08 064029 2011
SHA1 哈希 9617094a1cfb59ae7c1f7dfdb6739e4e7c40508f
证书链 Timestamp Chain 1
发行给 Microsoft Root Authority
发行人 Microsoft Root Authority
有效期 Thu Dec 31 150000 2020
SHA1 哈希 a43489159a520f0d93d032ccaf37e7fe20a8b419
证书链 Timestamp Chain 2
发行给 Microsoft Timestamping PCA
发行人 Microsoft Root Authority
有效期 Sun Sep 15 150000 2019
SHA1 哈希 3ea99a60058275e0ed83b892a909449f8c33b245
证书链 Timestamp Chain 3
发行给 Microsoft Time-Stamp Service
发行人 Microsoft Timestamping PCA
有效期 Fri Jul 26 031115 2013
SHA1 哈希 4d6f357f0e6434da97b1afc540fb6fdd0e85a89f

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000190d1 0x00019200 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.56
.data 0x0001b000 0x00000a5c 0x00000c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.11
.rsrc 0x0001c000 0x000002b0 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.11
.reloc 0x0001d000 0x000017f4 0x00001800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 6.65

导入

库: MSVCR90.dll:
0x2e001000 _clearfp
0x2e001004 _CIlog
0x2e001008 _CIexp
0x2e00100c memmove
0x2e001010 _vscwprintf
0x2e001014 vswprintf_s
0x2e001018 _CxxThrowException
0x2e00101c __CxxFrameHandler3
0x2e001024 _controlfp_s
0x2e001028 _invoke_watson
0x2e001030 _decode_pointer
0x2e001034 _onexit
0x2e001038 _lock
0x2e00103c __dllonexit
0x2e001040 _unlock
0x2e001044 ?terminate@@YAXXZ
0x2e001048 _crt_debugger_hook
0x2e00104c __set_app_type
0x2e001050 _encode_pointer
0x2e001054 __p__fmode
0x2e001058 __p__commode
0x2e00105c _adjust_fdiv
0x2e001060 __setusermatherr
0x2e001064 _configthreadlocale
0x2e001068 _initterm_e
0x2e00106c _initterm
0x2e001070 _acmdln
0x2e001074 exit
0x2e001078 _ismbblead
0x2e00107c _XcptFilter
0x2e001080 _exit
0x2e001084 _cexit
0x2e001088 __getmainargs
0x2e00108c _amsg_exit
0x2e001090 _vsnwprintf_s
0x2e001094 wcschr
0x2e001098 memset
0x2e00109c memcpy_s
0x2e0010a0 wcsnlen
0x2e0010a4 strnlen
0x2e0010a8 strncpy_s
0x2e0010ac free
0x2e0010b0 memcpy
库: GDI32.dll:
0x2e0010b8 SetMetaFileBitsEx
0x2e0010bc DeleteMetaFile
0x2e0010c0 DeleteEnhMetaFile
0x2e0010c4 GetEnhMetaFileBits
0x2e0010c8 GetMetaFileBitsEx
0x2e0010cc SetEnhMetaFileBits
库: KERNEL32.dll:
0x2e0010d8 InitializeSListHead
0x2e0010e0 QueryDepthSList
0x2e0010e8 GetCurrentThread
0x2e0010ec GetThreadIOPendingFlag
0x2e0010f4 CreateIoCompletionPort
0x2e0010fc ReleaseMutex
0x2e001100 GetVersionExW
0x2e001104 CreateEventW
0x2e001108 SetEvent
0x2e00110c ResetEvent
0x2e001110 WaitForSingleObject
0x2e001114 LeaveCriticalSection
0x2e001118 EnterCriticalSection
0x2e00111c DeleteCriticalSection
0x2e001120 CreateFileMappingA
0x2e001124 CreateEventA
0x2e001128 CreateMutexA
0x2e00112c OpenProcess
0x2e001138 GetProcessAffinityMask
0x2e00113c CloseHandle
0x2e001140 UnmapViewOfFile
0x2e001144 MapViewOfFile
0x2e001148 CreateFileMappingW
0x2e00114c GetProcAddress
0x2e001150 CreateThread
0x2e001154 GetModuleHandleW
0x2e001158 GetCommandLineW
0x2e00115c OutputDebugStringW
0x2e001160 WideCharToMultiByte
0x2e001164 HeapAlloc
0x2e001168 GetProcessHeap
0x2e00116c HeapReAlloc
0x2e001170 HeapFree
0x2e001174 VirtualProtect
0x2e00117c GetTickCount
0x2e001180 GetCurrentThreadId
0x2e001184 GetCurrentProcessId
0x2e00118c InterlockedExchange
0x2e001190 Sleep
0x2e001198 GetStartupInfoA
0x2e00119c TerminateProcess
0x2e0011a0 GetCurrentProcess
0x2e0011ac IsDebuggerPresent
0x2e0011b0 WriteFile
0x2e0011b4 CreateFileW
0x2e0011b8 ReadFile
0x2e0011c4 SetWaitableTimer
0x2e0011cc SetLastError
0x2e0011d0 TlsAlloc
0x2e0011d4 GetLastError
0x2e0011d8 GetThreadTimes
0x2e0011dc FreeLibrary
0x2e0011e0 GetSystemPowerStatus
0x2e0011e4 FormatMessageW
0x2e0011ec CreateWaitableTimerW
0x2e0011f0 LoadLibraryW
0x2e0011f4 EncodePointer
0x2e0011f8 DecodePointer
0x2e0011fc TlsFree
0x2e001200 TlsGetValue
0x2e001204 TlsSetValue
0x2e001208 CancelWaitableTimer
库: USER32.dll:
0x2e001210 TranslateMessage
0x2e001214 DispatchMessageW
0x2e001218 DefWindowProcW
0x2e00121c RegisterClassExW
0x2e001220 GetMessageW
0x2e001224 GetWindowLongW
0x2e001228 DestroyWindow
0x2e00122c UnregisterClassW
0x2e001230 GetSystemMetrics
0x2e001234 CreateWindowExW
0x2e001238 RegisterClassW
0x2e00123c SetWindowLongW
0x2e001240 PeekMessageW
0x2e00124c KillTimer
0x2e001250 SetTimer
0x2e001254 SendNotifyMessageW
库: ADVAPI32.dll:
0x2e00125c UnregisterTraceGuids
0x2e001260 RevertToSelf
0x2e001264 TraceEvent
0x2e001268 RegisterTraceGuidsW
0x2e00126c GetTraceLoggerHandle
0x2e001270 GetTraceEnableLevel
0x2e001274 GetTraceEnableFlags
库: ole32.dll:
0x2e001280 CoUninitialize
0x2e001284 CoInitializeEx
0x2e001288 CoRevokeInitializeSpy
.text
`.data
.rsrc
@.reloc
?SetFilterPref
RegisterPercentCallback
ImportEmbeddedGr
ImportGr
ExportEmbeddedGr
ExportGr
GetFilterPref
GetFilterInfo
.GetSystemDEPPolicy
SetProcessDEPPolicy
HeapSetInformation
EventUnregister
EventRegister
EventWrite
d:\office\source\util\threadpool\src\init.cpp
false
osv.dwPlatformId == VER_PLATFORM_WIN32_NT
FTPInitialized()
.GetTickCount64
.d:\office\source\util\threadpool\inc\threadpool.h
.d:\office\source\util\threadpool\src\threadpool.cpp
Thread Pool callback claims that it does not use COM, yet, COM is getting initialized
hr == RPC_E_CHANGED_MODE
dwKey == keyShutdown
This API is not supported in stand alone version of TP library!
.!m_QueueState.fNeedExtraIdle
m_QueueState.fShutdown
m_QueueState.IdleThreads == 0
m_QueueState.QueueLength == 0
m_QueueState.RunningThreadGoal == m_dwCores
m_cThreadsRunning == 0
GetThreadCounter() == 0
Too many threads - reached the limit, may deadlock the process!
fShutdown
.!FOnOwnedThread()
Completion packet for unknown port callback?
dwRes == eShutdown || dwRes == eChangePort
pOverlapped != NULL
dwErr == WAIT_TIMEOUT
ioCompletionKey == keyUnknown
m_pThreadMgr->GetThreadState() == pThreadState
FNoThreads()
m_dwTls != 0
Failed to create timer to delay-start threads in thread pool.
Thread pool failed to create a thread!
,d|?!m_fComInitedOnMain
portKey < INT_MAX/10
.d:\office\source\util\threadpool\src\primitives.cpp
._BootPulsar
_FastMutexEvent
_Heap
_SharedMem
_ProcessEvent
_BootMutex
OfficeSharedLocks
.d:\office\source\util\threadpool\inc\sharedlock.h
.0123456789ABCDEF
WerUnregisterMemoryBlock
WerRegisterMemoryBlock
.d:\office\source\util\threadpool\src\sharedlock.cpp
m_pCurrEvent != NULL
.SUCCEEDED(hr)
m_ulPSID < cTrackingProcessesMax / 4
pHeader->FEmpty()
m_cAllocationsTotal == 0
fSuccess || FInjectingFailures()
d:\office\source\util\threadpool\src\misc.cpp
dwFinish >= dwStart
dwRes != WAIT_FAILED
d:\office\source\util\threadpool\src\waiterthread.cpp
m_fStopping
fFound
More than 4 waiter threads in thread pool.
d:\office\source\util\threadpool\src\work.cpp
dwRes == WAIT_OBJECT_0 || dwRes == WAIT_TIMEOUT
,<!m_WorkerState.fActiveTimerWaiter
!m_WorkerState.fWaiters
!m_WorkerState.fHasPacket
m_WorkerState.cBarrierCount == 0
m_WorkerState.cPendingCallbackCount == 0
Please call ITpThreadReservationUser::HrSetReservation before submiting or use TP_CALLBACK_THREAD_RESERVED_CREATE.
Object waits for itself!
"d:\office\source\util\threadpool\src\threadres.cpp
.d:\office\source\util\threadpool\src\timerobj.cpp
.d:\office\source\util\threadpool\src\idle.cpp
d:\office\source\util\threadpool\src\workerqueue.cpp
cTasksT == cTasks
ImmDisableIME
.d:\office\source\util\threadpool\src\power.cpp
!fSetTimer || !fKillTimer
fKillTimer || !*pfTimerOn
fKillTimer
*pfTimerOn || pHelper->m_fFourceEndOfResume
!fKillTimer && *pfTimerOn
!fKillTimer
pmOld.m_fSystemResuming == *pfTimerOn
!fSetTimer
!fSetTimer && !*pfTimerOn && !fKillTimer
.m_fShutdown
m_hWnd == NULL
GetWinVersion() < WinVersionVista
UnregisterPowerSettingNotification
!m_fShutdown
!m_fRegistered
!m_fWndClassRegistered
m_dwThreadID == 0
helper.m_fRunIdleTasks
It took too long to resume from stand-by/hibernation. If it's due to some other assert, please ignore this one.
System did not go to sleep after 30 seconds. Waiting another 10 seconds before giving up.
System did not go to sleep after 40 seconds.
m_iiSleepStart <= iiCurrTime
m_iiSleepStartNotif <= m_iiSleepStart
m_iiSleepStart != -1 && m_iiSleepStartNotif != -1
iiCurrTime - m_iiResumeStart < TIMER_NO_RESUME_NOTIF
m_iiResumeStart != -1
Too quick to enter sleep(stand-by) after resuming from previous one
!helper.m_fSystemPreparingToSleep
RegisterPowerSettingNotification
wPtD=
WWWWh
RQPQh
h0000j
hqmyxh
h3owah
v0PWh
hae65h #
h66vehH#
ht756h\#
hge65hx#
hj856h0$
hxpx9h<$
h8rhchD$
.juhp$
hnwpph\%
howpph8%
hki9bhx+
hoi9bhL+
hni9bh@+
hqi9bh$+
hum5ahH,
hvm5ah<,
h3n5ahH,
tnh|,
h7n5ahX,
h0o5ah$/
hu1pch\.
h86veh4.
h9n5ahH,
.SSSSSSSSh
hhn5ahX,
h0000j
ole32.dll
ADVAPI32.dll
USER32.dll
KERNEL32.dll
GDI32.dll
MSVCR90.dll
_clearfp
_CIlog
_CIexp
memmove
_vscwprintf
vswprintf_s
_CxxThrowException
__CxxFrameHandler3
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_crt_debugger_hook
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_vsnwprintf_s
wcschr
memset
memcpy_s
wcsnlen
strnlen
strncpy_s
memcpy
SetMetaFileBitsEx
DeleteMetaFile
DeleteEnhMetaFile
GetEnhMetaFileBits
GetMetaFileBitsEx
SetEnhMetaFileBits
InterlockedPopEntrySList
InitializeSListHead
InterlockedPushEntrySList
QueryDepthSList
GetQueuedCompletionStatus
GetCurrentThread
GetThreadIOPendingFlag
PostQueuedCompletionStatus
CreateIoCompletionPort
TryEnterCriticalSection
ReleaseMutex
GetVersionExW
CreateEventW
SetEvent
ResetEvent
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateFileMappingA
CreateEventA
CreateMutexA
OpenProcess
WaitForMultipleObjectsEx
IsProcessorFeaturePresent
GetProcessAffinityMask
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetProcAddress
CreateThread
GetModuleHandleW
GetCommandLineW
OutputDebugStringW
WideCharToMultiByte
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
VirtualProtect
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
CreateFileW
ReadFile
GetEnvironmentVariableW
InitializeCriticalSectionAndSpinCount
SetWaitableTimer
InitializeCriticalSection
SetLastError
TlsAlloc
GetLastError
GetThreadTimes
FreeLibrary
GetSystemPowerStatus
FormatMessageW
IsSystemResumeAutomatic
CreateWaitableTimerW
LoadLibraryW
EncodePointer
DecodePointer
TlsFree
TlsGetValue
TlsSetValue
CancelWaitableTimer
TranslateMessage
DispatchMessageW
DefWindowProcW
RegisterClassExW
GetMessageW
GetWindowLongW
DestroyWindow
UnregisterClassW
GetSystemMetrics
CreateWindowExW
RegisterClassW
SetWindowLongW
PeekMessageW
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
KillTimer
SetTimer
SendNotifyMessageW
UnregisterTraceGuids
RevertToSelf
TraceEvent
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
CoRegisterInitializeSpy
CoUninitialize
CoInitializeEx
CoRevokeInitializeSpy
t:\filters\x86\ship\0\fltldr.pdb
86\ship\0\fltldr.exe\bbtopt\fltldrO.pdb
.?AV?$TRefCountedImpl@UIRefCounted@Mso@@@Mso@@
.?AUIRefCounted@Mso@@
.?AVBaseRequest@LowRights@@
.?AVFlrResultReq@FltLdr@@
.?AVFlrGetFilterInfoResultReq@FltLdr@@
.?AVFlrImportGrResultReq@FltLdr@@
.?AVFlrPercentCallbackReq@FltLdr@@
.?AUITpMemoryAllocator@@
.?AUIUnknown@@
.?AVCTpAlloc@@
.?AVtype_info@@
.?AVCException@Ofc@@
.?AVCObject@Ofc@@
.?AVCOutOfMemoryException@Ofc@@
.?AVCBufferOverflowException@Ofc@@
.?AVCLastErrorException@Ofc@@
.?AVCHResultException@Ofc@@
.PBVCOutOfMemoryException@Ofc@@
.PBVCBufferOverflowException@Ofc@@
.PBVCLastErrorException@Ofc@@
.PBVCHResultException@Ofc@@
.PBVCObject@Ofc@@
.?AUILrClient@LowRights@@
.?AVCMapImpl@Ofc@@
.?AVCMapSetBaseImpl@Ofc@@
.?AV?$TMap@KV?$TCntPtr@VRequestHolder@LowRights@@@Mso@@@Ofc@@
.?AVAckRequest@LowRights@@
.?AVRequestClient@LowRights@@
.?AVCTpBasePortCallback@@
.?AVCTpBase@@
.?AUITpPortCallback@@
.?AVCLrClient@LowRights@@
.?AUILrWait@LowRights@@
.?AVRequestHolder@LowRights@@
.?AVWaitRequestHolder@LowRights@@
.?AVHwndRequestHolder@LowRights@@
</assembly>PA
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
=.>P>A?K?
1 1L1P1
zw9gj
yKERNEL32
kernel32.dll
OutOfMemory Exception
BufferOverflow Exception
LastError Exception (%u)
HResult Exception (0x%X)
advapi32
OfficePowerManagerWindow
POWRPROF.DLL
SETUPAPI.DLL
IMM32.DLL
msosync.exe
USER32
LORI_099F5E083DF84BC98E90139DFB45C0B9
LrClient initialized - isLow: %u
FltLdr
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20171218
MicroWorld-eScan 未发现病毒 20171220
nProtect 未发现病毒 20171219
CMC 未发现病毒 20171218
CAT-QuickHeal 未发现病毒 20171219
McAfee 未发现病毒 20171220
Malwarebytes 未发现病毒 20171219
VIPRE 未发现病毒 20171219
SUPERAntiSpyware 未发现病毒 20171219
TheHacker 未发现病毒 20171219
K7GW 未发现病毒 20171219
K7AntiVirus 未发现病毒 20171219
Invincea 未发现病毒 20170914
Baidu 未发现病毒 20171219
Cyren 未发现病毒 20171219
Symantec 未发现病毒 20171219
TotalDefense 未发现病毒 20171219
TrendMicro-HouseCall 未发现病毒 20171219
Paloalto 未发现病毒 20171220
Kaspersky 未发现病毒 20171220
BitDefender 未发现病毒 20171220
NANO-Antivirus 未发现病毒 20171219
ViRobot 未发现病毒 20171219
Avast 未发现病毒 20171219
Tencent 未发现病毒 20171220
Ad-Aware 未发现病毒 20171220
Sophos 未发现病毒 20171220
Comodo 未发现病毒 20171219
F-Secure 未发现病毒 20171219
DrWeb 未发现病毒 20171219
Zillya 未发现病毒 20171219
TrendMicro 未发现病毒 20171219
McAfee-GW-Edition 未发现病毒 20171219
Emsisoft 未发现病毒 20171219
Ikarus 未发现病毒 20171219
F-Prot 未发现病毒 20171219
Jiangmin 未发现病毒 20171219
Webroot 未发现病毒 20171220
Avira 未发现病毒 20171219
Fortinet 未发现病毒 20171219
Antiy-AVL 未发现病毒 20171219
Kingsoft 未发现病毒 20171220
Endgame 未发现病毒 20171130
Arcabit 未发现病毒 20171219
AegisLab 未发现病毒 20171219
ZoneAlarm 未发现病毒 20171220
Avast-Mobile 未发现病毒 20171219
Microsoft 未发现病毒 20171219
AhnLab-V3 未发现病毒 20171219
ALYac 未发现病毒 20171219
AVware 未发现病毒 20171219
MAX 未发现病毒 20171220
VBA32 未发现病毒 20171219
WhiteArmor 未发现病毒 20171204
Zoner 未发现病毒 20171219
ESET-NOD32 未发现病毒 20171219
Rising 未发现病毒 20171219
Yandex 未发现病毒 20171219
SentinelOne 未发现病毒 20171207
eGambit 未发现病毒 20171220
GData 未发现病毒 20171220
AVG 未发现病毒 20171220
Cybereason 未发现病毒 20171103
Panda 未发现病毒 20171219
CrowdStrike 未发现病毒 20171016
Qihoo-360 未发现病毒 20171220

进程树

FLTLDR.EXE, PID: 1588, 上一级进程 PID: 1128
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 18.044 seconds )

  • 12.025 Suricata
  • 2.295 VirusTotal
  • 1.628 Static
  • 1.082 TargetInfo
  • 0.439 peid
  • 0.247 AnalysisInfo
  • 0.245 NetworkAnalysis
  • 0.046 Debug
  • 0.016 BehaviorAnalysis
  • 0.016 Strings
  • 0.005 Memory

Signatures ( 0.32 seconds )

  • 0.167 md_bad_drop
  • 0.022 md_url_bl
  • 0.018 antiav_detectreg
  • 0.013 md_domain_bl
  • 0.009 persistence_autorun
  • 0.008 infostealer_ftp
  • 0.008 ransomware_files
  • 0.007 antiav_detectfile
  • 0.007 ransomware_extensions
  • 0.005 infostealer_bitcoin
  • 0.005 infostealer_im
  • 0.004 antianalysis_detectreg
  • 0.004 disables_browser_warn
  • 0.003 rat_nanocore
  • 0.003 tinba_behavior
  • 0.003 cerber_behavior
  • 0.003 antivm_vbox_files
  • 0.003 geodo_banking_trojan
  • 0.003 infostealer_mail
  • 0.002 betabot_behavior
  • 0.002 modify_proxy
  • 0.002 browser_security
  • 0.001 network_tor
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 ursnif_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 modify_security_center_warnings
  • 0.001 modify_uac_prompt
  • 0.001 office_security
  • 0.001 rat_spynet
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications

Reporting ( 1.011 seconds )

  • 0.622 ReportHTMLSummary
  • 0.389 Malheur
Task ID 124451
Mongo ID 5a4b3d422e06336c581e0d3a
Cuckoo release 1.4-Maldun