比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64 2016-05-28 14:56:56 2016-05-28 14:59:30 154 秒

魔盾分数

2.8

可疑的

文件详细信息

文件名 atl71.dll
文件大小 89600 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 79cb6457c81ada9eb7f2087ce799aaa7
SHA1 322ddde439d9254182f5945be8d97e9d897561ae
SHA256 a68e1297fae2bcf854b47ffa444f490353028de1fa2ca713b6cf6cc5aa22b88a
SHA512 eca4b91109d105b2ce8c40710b8e3309c4cc944194843b7930e06daf3d1df6ae85c1b7063036c7e5cd10276e5e5535b33e49930adbad88166228316283d011b8
CRC32 1387F05A
Ssdeep 1536:kIlL9T5Xx1ogKMvw5Br7KLKLI+Xe+QnyH4Cc0tR6nGVp/VTbkE0DJ4ZwmroV:BtvBOI+FQny5R6nG//SdaZwms
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
111.108.54.10 未知 日本

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.msftncsi.com 未知 A 111.108.54.11
CNAME www.msftncsi.com.edgesuite.net
A 111.108.54.10
CNAME a1961.g2.akamai.net

摘要

登录查看详细行为信息

PE 信息

初始地址 0x7c120000
入口地址 0x7c12c872
声明校验值 0x00000000
实际校验值 0x00021ff1
最低操作系统版本要求 4.0
PDB路径 atl71.pdb
编译时间 2006-07-12 09:07:28
导出DLL库名称 ATL71.DLL

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0000cc34 0x0000ce00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.49
.rdata 0x0000e000 0x0000374d 0x00003800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.64
.data 0x00012000 0x00001bc0 0x00001a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.92
.rsrc 0x00014000 0x00002330 0x00002400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.60
.reloc 0x00017000 0x000014ca 0x00001600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 6.00

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TYPELIB 0x00014130 0x00001e34 LANG_ENGLISH SUBLANG_ENGLISH_US 4.81 data
RT_STRING 0x00016308 0x00000026 LANG_ENGLISH SUBLANG_ENGLISH_US 0.70 data
RT_STRING 0x00016308 0x00000026 LANG_ENGLISH SUBLANG_ENGLISH_US 0.70 data
RT_VERSION 0x00015f68 0x00000358 LANG_ENGLISH SUBLANG_ENGLISH_US 3.52 data

导入

库: KERNEL32.dll:
0x7c12e000 InterlockedExchange
0x7c12e004 GetACP
0x7c12e008 GetLocaleInfoA
0x7c12e00c GetThreadLocale
0x7c12e010 GetVersionExW
0x7c12e014 RaiseException
0x7c12e018 EnterCriticalSection
0x7c12e01c LeaveCriticalSection
0x7c12e024 DeleteCriticalSection
0x7c12e028 GetCurrentThreadId
0x7c12e02c lstrlenW
0x7c12e030 lstrcpyW
0x7c12e034 GetLastError
0x7c12e03c GetVersionExA
0x7c12e040 InterlockedIncrement
0x7c12e044 InterlockedDecrement
0x7c12e048 FreeLibrary
0x7c12e04c MultiByteToWideChar
0x7c12e050 SizeofResource
0x7c12e054 LoadResource
0x7c12e058 FindResourceW
0x7c12e05c LoadLibraryExW
0x7c12e060 lstrcmpiW
0x7c12e064 lstrcpynW
0x7c12e068 CloseHandle
0x7c12e06c ReadFile
0x7c12e070 GetFileSize
0x7c12e074 CreateFileW
0x7c12e078 GetModuleHandleW
0x7c12e07c GetModuleFileNameW
0x7c12e080 WideCharToMultiByte
0x7c12e084 WaitForSingleObject
0x7c12e088 GlobalAlloc
0x7c12e08c FindResourceA
0x7c12e090 MulDiv
0x7c12e094 lstrcatW
0x7c12e098 FlushInstructionCache
0x7c12e09c GetCurrentProcess
0x7c12e0a0 GlobalUnlock
0x7c12e0a4 GlobalLock
0x7c12e0a8 lstrcmpW
0x7c12e0ac SetLastError
0x7c12e0b0 GlobalFree
0x7c12e0b4 GlobalHandle
0x7c12e0b8 LockResource
0x7c12e0bc lstrcmpA
0x7c12e0c0 GetModuleHandleA
0x7c12e0c4 GetTickCount
0x7c12e0c8 LocalAlloc
0x7c12e0cc VirtualQuery
0x7c12e0d0 HeapFree
0x7c12e0d4 GetProcessHeap
0x7c12e0dc HeapAlloc
0x7c12e0e0 GetProcAddress
0x7c12e0e4 LoadLibraryA
0x7c12e0ec VirtualFree
0x7c12e0f0 VirtualAlloc
0x7c12e0f4 ExitProcess
0x7c12e0f8 HeapSize
0x7c12e0fc DebugBreak
0x7c12e100 HeapReAlloc
0x7c12e108 GetCurrentProcessId
0x7c12e110 lstrcatA
0x7c12e114 lstrcpyA
0x7c12e118 lstrlenA
0x7c12e11c GetModuleFileNameA
0x7c12e120 RtlUnwind
库: SHLWAPI.dll:
0x7c12e128 PathFindExtensionW

导出

序列 地址 名称
10 0x7c124fe7 AtlAdvise
41 0x7c12a0d3 AtlAxAttachControl
39 0x7c129b97 AtlAxCreateControl
40 0x7c1297dd AtlAxCreateControlEx
59 0x7c129800 AtlAxCreateControlLic
60 0x7c12970d AtlAxCreateControlLicEx
38 0x7c12a0b5 AtlAxCreateDialogA
37 0x7c12a097 AtlAxCreateDialogW
36 0x7c12a079 AtlAxDialogBoxA
35 0x7c12a05b AtlAxDialogBoxW
47 0x7c1242cc AtlAxGetControl
48 0x7c124304 AtlAxGetHost
42 0x7c129bb9 AtlAxWinInit
64 0x7c12175d AtlCallTermFunc
15 0x7c1250d2 AtlComModuleGetClassObject
17 0x7c123de3 AtlComModuleRegisterClassObjects
18 0x7c12595f AtlComModuleRegisterServer
20 0x7c123e21 AtlComModuleRevokeClassObjects
22 0x7c1259e5 AtlComModuleUnregisterServer
30 0x7c121187 AtlComPtrAssign
31 0x7c12389a AtlComQIPtrAssign
61 0x7c1234ec AtlCreateRegistrar
26 0x7c124353 AtlCreateTargetDC
29 0x7c124481 AtlDevModeW2A
12 0x7c123d2a AtlFreeMarshalStream
54 0x7c1256a3 AtlGetObjectSourceInterface
34 0x7c123f08 AtlGetVersion
27 0x7c1243c1 AtlHiMetricToPixel
52 0x7c1246da AtlIPersistPropertyBag_Load
53 0x7c1248b6 AtlIPersistPropertyBag_Save
50 0x7c1253ba AtlIPersistStreamInit_Load
51 0x7c12553e AtlIPersistStreamInit_Save
32 0x7c1211e3 AtlInternalQueryInterface
56 0x7c124521 AtlLoadTypeLib
13 0x7c123d54 AtlMarshalPtrInProc
58 0x7c1251a9 AtlModuleAddTermFunc
28 0x7c124423 AtlPixelToHiMetric
49 0x7c124da0 AtlRegisterClassCategoriesHelper
19 0x7c124c8e AtlRegisterTypeLib
25 0x7c125234 AtlSetErrorInfo
55 0x7c124c0b AtlUnRegisterTypeLib
11 0x7c12505e AtlUnadvise
14 0x7c123da4 AtlUnmarshalPtr
23 0x7c12350e AtlUpdateRegistryFromResourceD
24 0x7c123e56 AtlWaitWithMessageLoop
43 0x7c121390 AtlWinModuleAddCreateWndData
44 0x7c1213f1 AtlWinModuleExtractCreateWndData
65 0x7c121284 AtlWinModuleInit
63 0x7c125b49 AtlWinModuleRegisterClassExA
62 0x7c1214dc AtlWinModuleRegisterClassExW
46 0x7c129009 AtlWinModuleRegisterWndClassInfoA
45 0x7c121656 AtlWinModuleRegisterWndClassInfoW
66 0x7c1212e5 AtlWinModuleTerm
.text
`.rdata
@.data
.rsrc
@.reloc
QQSVWj
QSVWj
YYt j
SVWUj
Please install the ANSI version.
FATL:%8.8X
ole32.dll
OLEAUT32.dll
ADVAPI32.dll
USER32.dll
GDI32.dll
InterlockedPopEntrySList
InterlockedPushEntrySList
kernel32.dll
|Microsoft Visual C++ Runtime Library
Program:
<program name unknown>
Buffer overrun detected!
Unknown security failure detected!
atl71.pdb
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
OleLoadFromStream
CoRevokeClassObject
CoRegisterClassObject
CoReleaseMarshalData
CoMarshalInterface
CreateStreamOnHGlobal
CoUnmarshalInterface
WriteClassStm
OleSaveToStream
StringFromGUID2
ProgIDFromCLSID
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleInitialize
OleUninitialize
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
GetClassInfoExW
wsprintfW
LoadCursorW
UnregisterClassW
RegisterClassExW
MessageBoxA
CharNextW
PeekMessageW
DispatchMessageA
DispatchMessageW
TranslateMessage
GetMessageA
GetMessageW
IsWindowUnicode
MsgWaitForMultipleObjects
SetWindowLongW
GetWindowLongW
SendMessageW
GetClassInfoExA
wsprintfA
LoadCursorA
ReleaseDC
GetDC
LoadStringW
DefWindowProcW
RegisterClassExA
GetSysColor
ReleaseCapture
SetCapture
FillRect
GetClientRect
InvalidateRect
InvalidateRgn
GetDesktopWindow
CallWindowProcW
EndPaint
BeginPaint
SetFocus
GetWindow
IsChild
GetFocus
DestroyAcceleratorTable
IsWindow
GetDlgItem
RedrawWindow
DestroyWindow
SetWindowPos
GetClassNameW
GetParent
CreateAcceleratorTableW
CreateWindowExW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
DialogBoxIndirectParamW
DialogBoxIndirectParamA
CreateDialogIndirectParamW
CreateDialogIndirectParamA
GetDeviceCaps
CreateDCW
DeleteObject
SelectObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetObjectW
GetStockObject
CreateSolidBrush
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
lstrlenW
lstrcpyW
GetLastError
DisableThreadLibraryCalls
GetVersionExA
InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
lstrcpynW
CloseHandle
ReadFile
GetFileSize
CreateFileW
GetModuleHandleW
GetModuleFileNameW
WideCharToMultiByte
WaitForSingleObject
GlobalAlloc
FindResourceA
MulDiv
lstrcatW
FlushInstructionCache
GetCurrentProcess
GlobalUnlock
GlobalLock
lstrcmpW
SetLastError
GlobalFree
GlobalHandle
LockResource
lstrcmpA
GetModuleHandleA
GetTickCount
KERNEL32.dll
PathFindExtensionW
SHLWAPI.dll
HeapFree
GetProcessHeap
InterlockedCompareExchange
HeapAlloc
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
ExitProcess
HeapSize
DebugBreak
HeapReAlloc
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcatA
lstrcpyA
lstrlenA
GetModuleFileNameA
RtlUnwind
VirtualQuery
LocalAlloc
ATL71.DLL
AtlAdvise
AtlAxAttachControl
AtlAxCreateControl
AtlAxCreateControlEx
AtlAxCreateControlLic
AtlAxCreateControlLicEx
AtlAxCreateDialogA
AtlAxCreateDialogW
AtlAxDialogBoxA
AtlAxDialogBoxW
AtlAxGetControl
AtlAxGetHost
AtlAxWinInit
AtlCallTermFunc
AtlComModuleGetClassObject
AtlComModuleRegisterClassObjects
AtlComModuleRegisterServer
AtlComModuleRevokeClassObjects
AtlComModuleUnregisterServer
AtlComPtrAssign
AtlComQIPtrAssign
AtlCreateRegistrar
AtlCreateTargetDC
AtlDevModeW2A
AtlFreeMarshalStream
AtlGetObjectSourceInterface
AtlGetVersion
AtlHiMetricToPixel
AtlIPersistPropertyBag_Load
AtlIPersistPropertyBag_Save
AtlIPersistStreamInit_Load
AtlIPersistStreamInit_Save
AtlInternalQueryInterface
AtlLoadTypeLib
AtlMarshalPtrInProc
AtlModuleAddTermFunc
AtlPixelToHiMetric
AtlRegisterClassCategoriesHelper
AtlRegisterTypeLib
AtlSetErrorInfo
AtlUnRegisterTypeLib
AtlUnadvise
AtlUnmarshalPtr
AtlUpdateRegistryFromResourceD
AtlWaitWithMessageLoop
AtlWinModuleAddCreateWndData
AtlWinModuleExtractCreateWndData
AtlWinModuleInit
AtlWinModuleRegisterClassExA
AtlWinModuleRegisterClassExW
AtlWinModuleRegisterWndClassInfoA
AtlWinModuleRegisterWndClassInfoW
AtlWinModuleTerm
kernel32.dll
ThisProcedureMustNotExistInKernel32
ThisProcedureMustNotExistInKernel32
advapi32.dll
gdi32.dll
ole32.dll
oleaut32.dll
user32.dll
BeginPaint
CallNextHookEx
CallWindowProcA
CallWindowProcW
ChangeDisplaySettingsA
ChangeDisplaySettingsExW
CharNextA
CharNextW
CharToOemBuffA
CloseDesktop
CloseWindowStation
CopyIcon
CreateAcceleratorTableW
CreateDialogIndirectParamA
CreateDialogIndirectParamW
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DestroyAcceleratorTable
DestroyCursor
DestroyWindow
DialogBoxIndirectParamA
DialogBoxIndirectParamW
DispatchMessageA
DispatchMessageW
EndPaint
EnumDesktopWindows
EnumDisplaySettingsA
EnumDisplaySettingsW
EqualRect
FillRect
FindWindowA
GetActiveWindow
GetClassInfoA
GetClassInfoExA
GetClassInfoExW
GetClassNameW
GetClientRect
GetDC
GetDesktopWindow
GetDlgItem
GetFocus
GetForegroundWindow
GetMessageA
GetMessageW
GetParent
GetProcessWindowStation
GetSysColor
GetSystemMetrics
GetThreadDesktop
GetUpdateRect
GetWindow
GetWindowLongA
GetWindowLongW
GetWindowRect
GetWindowTextA
GetWindowTextLengthW
GetWindowTextW
IntersectRect
InvalidateRect
InvalidateRgn
IsCharAlphaA
IsChild
IsWindow
IsWindowUnicode
IsWindowVisible
LoadCursorA
LoadCursorW
LoadStringA
LoadStringW
MessageBoxA
MsgWaitForMultipleObjects
OemToCharBuffA
OpenDesktopA
OpenWindowStationA
PeekMessageA
PeekMessageW
PostMessageA
RedrawWindow
RegisterClassA
RegisterClassExA
RegisterClassExW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
SendMessageW
SetCapture
SetFocus
SetForegroundWindow
SetProcessWindowStation
SetRect
SetSystemCursor
SetThreadDesktop
SetWindowLongA
SetWindowLongW
SetWindowPos
SetWindowTextW
ShowCursor
ShowWindow
SystemParametersInfoW
TranslateMessage
UnregisterClassA
UnregisterClassW
ValidateRect
WindowFromDC
mouse_event
wsprintfA
wsprintfW
CLSIDFromProgID
CLSIDFromString
CoAllowSetForegroundWindow
CoCancelCall
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoCreateInstance
CoDisableCallCancellation
CoDisconnectObject
CoEnableCallCancellation
CoFileTimeNow
CoFreeUnusedLibraries
CoGetClassObject
CoGetInterfaceAndReleaseStream
CoGetMalloc
CoImpersonateClient
CoInitialize
CoInitializeEx
CoInitializeSecurity
CoLockObjectExternal
CoMarshalInterface
CoMarshalInterThreadInterfaceInStream
CoRegisterClassObject
CoRegisterMessageFilter
CoReleaseMarshalData
CoResumeClassObjects
CoRevertToSelf
CoRevokeClassObject
CoSetProxyBlanket
CoSuspendClassObjects
CoSwitchCallContext
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoTreatAsClass
CoUninitialize
CoUnmarshalInterface
CoWaitForMultipleHandles
CreateBindCtx
CreateClassMoniker
CreateDataAdviseHolder
CreateDataCache
CreateFileMoniker
CreateGenericComposite
CreateILockBytesOnHGlobal
CreateItemMoniker
CreateOleAdviseHolder
CreateStreamOnHGlobal
DoDragDrop
FreePropVariantArray
GetClassFile
GetHGlobalFromILockBytes
GetHGlobalFromStream
GetRunningObjectTable
IsAccelerator
MkParseDisplayName
OleCreate
OleCreateFromData
OleCreateFromFile
OleCreateLinkFromData
OleCreateLinkToFile
OleCreateMenuDescriptor
OleCreateStaticFromData
OleDestroyMenuDescriptor
OleDraw
OleDuplicateData
OleFlushClipboard
OleGetClipboard
OleGetIconOfClass
OleInitialize
OleIsCurrentClipboard
OleIsRunning
OleLoad
OleLoadFromStream
OleLockRunning
OleQueryCreateFromData
OleQueryLinkFromData
OleRegEnumVerbs
OleRegGetMiscStatus
OleRegGetUserType
OleRun
OleSave
OleSaveToStream
OleSetClipboard
OleSetContainedObject
OleSetMenuDescriptor
OleTranslateAccelerator
OleUninitialize
ProgIDFromCLSID
PropVariantClear
PropVariantCopy
ReadClassStg
ReadClassStm
ReadFmtUserTypeStg
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop
SetConvertStg
StgCreateDocfile
StgCreateDocfileOnILockBytes
StgIsStorageFile
StgOpenStorage
StgOpenStorageEx
StgOpenStorageOnILockBytes
StringFromCLSID
StringFromGUID2
WriteClassStg
WriteClassStm
WriteFmtUserTypeStg
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreatePalette
CreateSolidBrush
DeleteDC
DeleteObject
GetDeviceCaps
GetObjectType
GetObjectW
GetStockObject
GetSystemPaletteEntries
RealizePalette
SelectObject
SelectPalette
SetMapMode
SetSystemPaletteUse
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CryptDestroyKey
CryptExportKey
CryptGetHashParam
CryptHashData
CryptReleaseContext
DeregisterEventSource
FreeSid
GetFileSecurityA
GetFileSecurityW
GetTokenInformation
GetUserNameW
IsTextUnicode
LookupPrivilegeValueA
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
QueryServiceStatus
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegCreateKeyExW
RegCreateKeyW
RegDeleteKeyA
RegDeleteKeyW
RegDeleteValueA
RegDeleteValueW
RegEnumKeyA
RegEnumKeyExW
RegEnumKeyW
RegEnumValueW
RegNotifyChangeKeyValue
RegOpenKeyA
RegOpenKeyExA
RegOpenKeyExW
RegOpenKeyW
RegQueryInfoKeyW
RegQueryValueA
RegQueryValueExA
RegQueryValueExW
RegQueryValueW
RegSetValueA
RegSetValueExA
RegSetValueExW
RegSetValueW
RegisterEventSourceW
ReportEventW
RevertToSelf
SetFileSecurityA
SetFileSecurityW
SetThreadToken
ATLLibWW
IDocHostUIHandlerDispatchWWW
dwRetVal
R%pdwDoubleClickWW
HideUIWW
UpdateUI
fEnableW
afActivateWWW
]&OnFrameWindowActivateWWW
ofFrameWindowd
ULONG_PTRWWW
nCmdIDWW
\dwWW
uppDropTarget
UppDispatchWW
+pbstrURLOutW
ATL 2.0 Type LibraryWW#
IAxWinAmbientDispatch InterfaceWWW'
Enable or disable windowless activationWWW
Get the background colorWW
Set the ambient foreground colorWW
Get the ambient user modeW(
Get the ambient fontWW$
<s?~?
>B?H?L?P?T?
<!<+<
=<>@>
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9
TypeLib
Software
SYSTEM
SECURITY
Hardware
Interface
FileType
Component Categories
CLSID
AppID
Delete
NoRemove
ForceRemove
ATL:%8.8X
AtlAxWin71
AtlAxWinLic71
APPID
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
REGISTRY
Module_Raw
Module
DISPLAY
\Implemented Categories
\Required Categories
CLSID\
Unknown Error
AXWIN
#32770
AXWIN Frame Window
AXWIN UI Window
WM_ATLGETCONTROL
WM_ATLGETHOST
TYPELIB
VS_VERSION_INFO
StringFileInfo
040904b0
CompanyName
Microsoft Corporation
FileDescription
ATL Module for Windows (Unicode)
FileVersion
7.10.6030.0
InternalName
ATL71.DLL
LegalCopyright
Microsoft Corporation. All rights reserved.
ProductName
Visual Studio .NET
OriginalFilename
ATL71.DLL
ProductVersion
7.10.6030.0
VarFileInfo
Translation
Registrar 1.0 Object
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20160527
MicroWorld-eScan 未发现病毒 20160528
nProtect 未发现病毒 20160527
CMC 未发现病毒 20160523
CAT-QuickHeal 未发现病毒 20160527
ALYac 未发现病毒 20160527
Malwarebytes 未发现病毒 20160527
Zillya 未发现病毒 20160527
AegisLab 未发现病毒 20160527
TheHacker 未发现病毒 20160527
BitDefender 未发现病毒 20160527
K7GW 未发现病毒 20160527
K7AntiVirus 未发现病毒 20160527
Baidu 未发现病毒 20160527
F-Prot 未发现病毒 20160527
Symantec 未发现病毒 20160528
ESET-NOD32 未发现病毒 20160528
TrendMicro-HouseCall 未发现病毒 20160527
Avast 未发现病毒 20160527
ClamAV 未发现病毒 20160527
Kaspersky 未发现病毒 20160527
Alibaba 未发现病毒 20160527
NANO-Antivirus 未发现病毒 20160528
ViRobot 未发现病毒 20160527
Rising 未发现病毒 20160527
Ad-Aware 未发现病毒 20160527
Sophos 未发现病毒 20160528
Comodo 未发现病毒 20160527
F-Secure 未发现病毒 20160527
DrWeb 未发现病毒 20160527
VIPRE 未发现病毒 20160527
TrendMicro 未发现病毒 20160528
McAfee-GW-Edition 未发现病毒 20160527
Emsisoft 未发现病毒 20160527
Cyren 未发现病毒 20160527
Jiangmin 未发现病毒 20160527
Antiy-AVL 未发现病毒 20160527
Kingsoft 未发现病毒 20160528
Microsoft 未发现病毒 20160527
Arcabit 未发现病毒 20160527
SUPERAntiSpyware 未发现病毒 20160528
AhnLab-V3 未发现病毒 20160527
GData 未发现病毒 20160527
TotalDefense 未发现病毒 20160528
McAfee 未发现病毒 20160528
AVware 未发现病毒 20160527
VBA32 未发现病毒 20160527
Baidu-International 未发现病毒 20160527
Zoner 未发现病毒 20160527
Tencent 未发现病毒 20160528
Yandex 未发现病毒 20160526
Ikarus 未发现病毒 20160527
Fortinet 未发现病毒 20160527
AVG 未发现病毒 20160527
Panda 未发现病毒 20160527
Qihoo-360 未发现病毒 20160528

进程树

rundll32.exe, PID: 2764, 上一级进程 PID: 1784
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
111.108.54.10 未知 日本

TCP

源地址 源端口 目标地址 目标端口
192.168.122.69 53445 111.108.54.10 www.msftncsi.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.69 52766 192.168.122.1 53
192.168.122.69 57129 192.168.122.1 53
192.168.122.69 58396 192.168.122.1 53
192.168.122.69 63333 192.168.122.1 53
192.168.122.69 137 192.168.122.255 137
192.168.122.69 138 192.168.122.255 138
192.168.122.69 53197 224.0.0.252 5355
192.168.122.69 64810 224.0.0.252 5355
192.168.122.69 50619 239.255.255.250 1900
192.168.122.69 123 52.169.179.91 123
192.168.122.70 5355 192.168.122.69 53197

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.msftncsi.com 未知 A 111.108.54.11
CNAME www.msftncsi.com.edgesuite.net
A 111.108.54.10
CNAME a1961.g2.akamai.net

TCP

源地址 源端口 目标地址 目标端口
192.168.122.69 53445 111.108.54.10 www.msftncsi.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.69 52766 192.168.122.1 53
192.168.122.69 57129 192.168.122.1 53
192.168.122.69 58396 192.168.122.1 53
192.168.122.69 63333 192.168.122.1 53
192.168.122.69 137 192.168.122.255 137
192.168.122.69 138 192.168.122.255 138
192.168.122.69 53197 224.0.0.252 5355
192.168.122.69 64810 224.0.0.252 5355
192.168.122.69 50619 239.255.255.250 1900
192.168.122.69 123 52.169.179.91 123
192.168.122.70 5355 192.168.122.69 53197

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://www.msftncsi.com/ncsi.txt 
GET /ncsi.txt HTTP/1.1
Connection: Close
User-Agent: Microsoft NCSI
Host: www.msftncsi.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 7.583 seconds )

  • 5.043 VirusTotal
  • 1.274 AnalysisInfo
  • 0.584 Static
  • 0.306 peid
  • 0.196 TargetInfo
  • 0.078 NetworkAnalysis
  • 0.069 BehaviorAnalysis
  • 0.014 Strings
  • 0.009 config_decoder
  • 0.007 Debug
  • 0.002 Dropped
  • 0.001 ProcessMemory

Signatures ( 0.216 seconds )

  • 0.111 bot_drive2
  • 0.024 antiav_detectreg
  • 0.012 geodo_banking_trojan
  • 0.008 infostealer_ftp
  • 0.008 infostealer_im
  • 0.007 persistence_autorun
  • 0.007 antiav_detectfile
  • 0.006 infostealer_mail
  • 0.005 antianalysis_detectreg
  • 0.003 antivm_vbox_files
  • 0.003 browser_security
  • 0.003 infostealer_bitcoin
  • 0.003 network_torgateway
  • 0.002 tinba_behavior
  • 0.002 stealth_timeout
  • 0.002 disables_browser_warn
  • 0.001 betabot_behavior
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 browser_addon
  • 0.001 modify_proxy
  • 0.001 modify_uac_prompt
  • 0.001 ransomware_files

Reporting ( 311.76 seconds )

  • 306.253 Malheur
  • 3.337 ReportPDF
  • 2.17 ReportHTMLSummary
Task ID 12745
Mongo ID 5749431a4d3bd00ca56a36a0
Cuckoo release 1.4-Maldun