分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp03-1 | 2018-02-22 08:53:38 | 2018-02-22 08:56:07 | 149 秒 |
魔盾分数
10.0
Snojan病毒
文件详细信息
| 文件名 | GreenBrowserGBSetup.exe |
|---|---|
| 文件大小 | 1292257 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 582992b52ced275b96e51fd29b3f9e14 |
| SHA1 | f6365e474ffba08abaa38370cb13743ad54850d8 |
| SHA256 | 2e8679aa7127ad2a481d36d5eb5698eda249620e2f61c2c24c55f8bfa69d43a9 |
| SHA512 | c45e56d1e28ab4e758fdc8f8e71239692d5a3d52f41fd73189595731a474ebe9e88e99f04fd89ed75b76b86d6382aa737d5020fe7ee7050c367663e2b3f8a990 |
| CRC32 | 8F7F31D0 |
| Ssdeep | 24576:VfOydJf48SD/NwnUqS9Oyfv6iMwnS9Lqtm1LCENj53Cwr7zOYIjPgcAuMze4:VGMJf4Rxl9GiVVt6OENj5jKjPIuMz9 |
| Yara | 登录查看Yara规则 |
| 样本下载 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x004098cc |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x0014b74a |
| 最低操作系统版本要求 | 1.0 |
| 编译时间 | 1992-06-20 06:22:17 |
| 载入哈希 | 884310b1928934402ea6fec1dbd3cf5e |
| 图标 |  |
| 图标精确哈希值 | 30adcb5c0b2e3c35eaec2c110733c9f8 |
| 图标相似性哈希值 | c98f96d6ffe5af8d4eb0870c1dc20826 |
版本信息
| LegalCopyright | |
|---|---|
| FileDescription | |
| FileVersion | |
| Comments | |
| CompanyName | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| CODE | 0x00001000 | 0x00008ff0 | 0x00009000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.57 |
| DATA | 0x0000a000 | 0x00000248 | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 2.72 |
| BSS | 0x0000b000 | 0x00000e38 | 0x00000000 | IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .idata | 0x0000c000 | 0x00000950 | 0x00000a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.43 |
| .tls | 0x0000d000 | 0x00000008 | 0x00000000 | IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .rdata | 0x0000e000 | 0x00000018 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ | 0.20 |
| .reloc | 0x0000f000 | 0x000008a8 | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ | 0.00 |
| .rsrc | 0x00010000 | 0x00003000 | 0x00002400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ | 4.91 |
覆盖
| 偏移量 | 0x0000c800 |
| 大小 | 0x0012efe1 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| RT_ICON | 0x00010ccc | 0x000008a8 | LANG_DUTCH | SUBLANG_DUTCH | 3.91 | data |
| RT_ICON | 0x00010ccc | 0x000008a8 | LANG_DUTCH | SUBLANG_DUTCH | 3.91 | data |
| RT_ICON | 0x00010ccc | 0x000008a8 | LANG_DUTCH | SUBLANG_DUTCH | 3.91 | data |
| RT_ICON | 0x00010ccc | 0x000008a8 | LANG_DUTCH | SUBLANG_DUTCH | 3.91 | data |
| RT_STRING | 0x000119f0 | 0x000000ae | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.05 | data |
| RT_STRING | 0x000119f0 | 0x000000ae | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.05 | data |
| RT_STRING | 0x000119f0 | 0x000000ae | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.05 | data |
| RT_STRING | 0x000119f0 | 0x000000ae | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.05 | data |
| RT_STRING | 0x000119f0 | 0x000000ae | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.05 | data |
| RT_STRING | 0x000119f0 | 0x000000ae | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.05 | data |
| RT_RCDATA | 0x00011aa0 | 0x0000002c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.50 | data |
| RT_GROUP_ICON | 0x00011acc | 0x0000003e | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.65 | MS Windows icon resource - 4 icons, 16x16, 16 colors |
| RT_VERSION | 0x00011b0c | 0x0000039c | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.72 | data |
| RT_MANIFEST | 0x00011ea8 | 0x0000047e | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.96 | XML 1.0 document, ASCII text, with CRLF line terminators |
导入
库: kernel32.dll:
• 0x40c0b4 DeleteCriticalSection
• 0x40c0b8 LeaveCriticalSection
• 0x40c0bc EnterCriticalSection
• 0x40c0c0 InitializeCriticalSection
• 0x40c0c4 VirtualFree
• 0x40c0c8 VirtualAlloc
• 0x40c0cc LocalFree
• 0x40c0d0 LocalAlloc
• 0x40c0d4 WideCharToMultiByte
• 0x40c0d8 TlsSetValue
• 0x40c0dc TlsGetValue
• 0x40c0e0 MultiByteToWideChar
• 0x40c0e4 GetModuleHandleA
• 0x40c0e8 GetLastError
• 0x40c0ec GetCommandLineA
• 0x40c0f0 WriteFile
• 0x40c0f4 SetFilePointer
• 0x40c0f8 SetEndOfFile
• 0x40c0fc RtlUnwind
• 0x40c100 ReadFile
• 0x40c104 RaiseException
• 0x40c108 GetStdHandle
• 0x40c10c GetFileSize
• 0x40c110 GetSystemTime
• 0x40c114 GetFileType
• 0x40c118 ExitProcess
• 0x40c11c CreateFileA
• 0x40c120 CloseHandle
库: user32.dll:
• 0x40c128 MessageBoxA
库: oleaut32.dll:
• 0x40c130 VariantChangeTypeEx
• 0x40c134 VariantCopyInd
• 0x40c138 VariantClear
• 0x40c13c SysStringLen
• 0x40c140 SysAllocStringLen
库: advapi32.dll:
• 0x40c148 RegQueryValueExA
• 0x40c14c RegOpenKeyExA
• 0x40c150 RegCloseKey
• 0x40c154 OpenProcessToken
• 0x40c158 LookupPrivilegeValueA
库: kernel32.dll:
• 0x40c160 WriteFile
• 0x40c164 VirtualQuery
• 0x40c168 VirtualProtect
• 0x40c16c VirtualFree
• 0x40c170 VirtualAlloc
• 0x40c174 Sleep
• 0x40c178 SizeofResource
• 0x40c17c SetLastError
• 0x40c180 SetFilePointer
• 0x40c184 SetErrorMode
• 0x40c188 SetEndOfFile
• 0x40c18c RemoveDirectoryA
• 0x40c190 ReadFile
• 0x40c194 LockResource
• 0x40c198 LoadResource
• 0x40c19c LoadLibraryA
• 0x40c1a0 IsDBCSLeadByte
• 0x40c1a4 GetWindowsDirectoryA
• 0x40c1a8 GetVersionExA
• 0x40c1ac GetUserDefaultLangID
• 0x40c1b0 GetSystemInfo
• 0x40c1b4 GetSystemDefaultLCID
• 0x40c1b8 GetProcAddress
• 0x40c1bc GetModuleHandleA
• 0x40c1c0 GetModuleFileNameA
• 0x40c1c4 GetLocaleInfoA
• 0x40c1c8 GetLastError
• 0x40c1cc GetFullPathNameA
• 0x40c1d0 GetFileSize
• 0x40c1d4 GetFileAttributesA
• 0x40c1d8 GetExitCodeProcess
• 0x40c1dc GetEnvironmentVariableA
• 0x40c1e0 GetCurrentProcess
• 0x40c1e4 GetCommandLineA
• 0x40c1e8 GetACP
• 0x40c1ec InterlockedExchange
• 0x40c1f0 FormatMessageA
• 0x40c1f4 FindResourceA
• 0x40c1f8 DeleteFileA
• 0x40c1fc CreateProcessA
• 0x40c200 CreateFileA
• 0x40c204 CreateDirectoryA
• 0x40c208 CloseHandle
库: user32.dll:
• 0x40c210 TranslateMessage
• 0x40c214 SetWindowLongA
• 0x40c218 PeekMessageA
• 0x40c21c MsgWaitForMultipleObjects
• 0x40c220 MessageBoxA
• 0x40c224 LoadStringA
• 0x40c228 ExitWindowsEx
• 0x40c22c DispatchMessageA
• 0x40c230 DestroyWindow
• 0x40c234 CreateWindowExA
• 0x40c238 CallWindowProcA
• 0x40c23c CharPrevA
库: comctl32.dll:
• 0x40c244 InitCommonControls
库: advapi32.dll:
• 0x40c24c AdjustTokenPrivileges
`DATA
.idata
.rdata
P.reloc
P.rsrc
string
UhH!@
Phy,@
Ph<0@
UWVSj
Uh-9@
F O:@
F$O:@
F R:@
|HtE=
Exception
EInOutError
ERangeError
EZeroDivide
EInvalidPointer
Uh\U@
m/d/yy
mmmm d, yyyy
AMPM
:mm:ss
UhnX@
UhlY@
UhNe@
UhMi@
USERPROFILE
GetUserDefaultUILanguage
kernel32.dll
.DEFAULT\Control Panel\International
Locale
Control Panel\Desktop\ResourceLocale
[ExceptObject=nil]
Uh!r@
lzma:
(%d)
(%d)
TSetupLanguageEntry@
Wow64DisableWow64FsRedirection
kernel32.dll
Wow64RevertWow64FsRedirection
shell32.dll
SeShutdownPrivilege
/Lang=
Win32s
InnoSetupLdrWindow
STATIC
/SL4 $%x "
" %d %d
Runtime error at 00000000
Error
Inno Setup Setup Data (5.1.13)
Inno Setup Messages (5.1.11)
0123456789ABCDEFGHIJKLMNOPQRSTUV
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
WideCharToMultiByte
TlsSetValue
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GetLastError
GetCommandLineA
WriteFile
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetSystemTime
GetFileType
ExitProcess
CreateFileA
CloseHandle
user32.dll
MessageBoxA
oleaut32.dll
VariantChangeTypeEx
VariantCopyInd
VariantClear
SysStringLen
SysAllocStringLen
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
kernel32.dll
WriteFile
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
Sleep
SizeofResource
SetLastError
SetFilePointer
SetErrorMode
SetEndOfFile
RemoveDirectoryA
ReadFile
LockResource
LoadResource
LoadLibraryA
IsDBCSLeadByte
GetWindowsDirectoryA
GetVersionExA
GetUserDefaultLangID
GetSystemInfo
GetSystemDefaultLCID
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetFullPathNameA
GetFileSize
GetFileAttributesA
GetExitCodeProcess
GetEnvironmentVariableA
GetCurrentProcess
GetCommandLineA
GetACP
InterlockedExchange
FormatMessageA
FindResourceA
DeleteFileA
CreateProcessA
CreateFileA
CreateDirectoryA
CloseHandle
user32.dll
TranslateMessage
SetWindowLongA
PeekMessageA
MsgWaitForMultipleObjects
MessageBoxA
LoadStringA
ExitWindowsEx
DispatchMessageA
DestroyWindow
CreateWindowExA
CallWindowProcA
CharPrevA
comctl32.dll
InitCommonControls
advapi32.dll
AdjustTokenPrivileges
tsz6Bome
tsz6Bome
tsz6Bome
tsz6Bome
tsz6Bome
tsz6Bome
tsz6Bome
wxr""/p
r""/p
wr""/p
wwwwwwwxp
wwwwwwww
K;:IG-on
MAINICON
December
Saturday
VS_VERSION_INFO
StringFileInfo
08040000
Comments
CompanyName
More Quick Tools
FileDescription
FileVersion
LegalCopyright
VarFileInfo
Translation
| 防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
|---|---|---|
| Bkav | 未发现病毒 | 20180212 |
| MicroWorld-eScan | 未发现病毒 | 20180220 |
| nProtect | 未发现病毒 | 20180220 |
| CMC | 未发现病毒 | 20180220 |
| CAT-QuickHeal | Trojan.IGENERIC | 20180220 |
| McAfee | Artemis!582992B52CED | 20180220 |
| Malwarebytes | 未发现病毒 | 20180220 |
| VIPRE | Trojan.Win32.Generic!BT | 20180220 |
| TheHacker | 未发现病毒 | 20180219 |
| K7GW | Riskware ( 0040eff71 ) | 20180220 |
| K7AntiVirus | Riskware ( 0040eff71 ) | 20180220 |
| Invincea | 未发现病毒 | 20180121 |
| Baidu | Win32.Trojan.WisdomEyes.16070401.9500.9850 | 20180208 |
| Cyren | W32/Trojan.GBPT-0305 | 20180220 |
| Symantec | Trojan.Gen.2 | 20180220 |
| TotalDefense | 未发现病毒 | 20180220 |
| TrendMicro-HouseCall | 未发现病毒 | 20180220 |
| Avast | FileRepMetagen [Malware] | 20180220 |
| ClamAV | 未发现病毒 | 20180220 |
| Kaspersky | Trojan.Win32.Snojan.bubv | 20180220 |
| BitDefender | 未发现病毒 | 20180220 |
| NANO-Antivirus | 未发现病毒 | 20180220 |
| ViRobot | Trojan.Win32.S.Snojan.1292257 | 20180220 |
| AegisLab | Troj.W32.Snojan!c | 20180220 |
| Rising | 未发现病毒 | 20180220 |
| Ad-Aware | 未发现病毒 | 20180220 |
| Sophos | NirCmd (PUA) | 20180220 |
| Comodo | 未发现病毒 | 20180220 |
| F-Secure | 未发现病毒 | 20180220 |
| DrWeb | 未发现病毒 | 20180220 |
| Zillya | 未发现病毒 | 20180219 |
| TrendMicro | 未发现病毒 | 20180220 |
| McAfee-GW-Edition | Artemis | 20180220 |
| Emsisoft | 未发现病毒 | 20180220 |
| Ikarus | Trojan.Win32.Snojan | 20180219 |
| F-Prot | 未发现病毒 | 20180220 |
| Jiangmin | 未发现病毒 | 20180219 |
| Webroot | 未发现病毒 | 20180220 |
| Avira | TR/Snojan.vzoka | 20180220 |
| Fortinet | W32/Snojan.EKY!tr | 20180220 |
| Antiy-AVL | Trojan/Win32.AGeneric | 20180220 |
| Kingsoft | 未发现病毒 | 20180220 |
| Endgame | 未发现病毒 | 20180216 |
| Arcabit | 未发现病毒 | 20180220 |
| SUPERAntiSpyware | 未发现病毒 | 20180220 |
| ZoneAlarm | Trojan.Win32.Snojan.bubv | 20180220 |
| Avast-Mobile | 未发现病毒 | 20180220 |
| Microsoft | 未发现病毒 | 20180220 |
| AhnLab-V3 | Trojan/Win32.Snojan.C2243813 | 20180219 |
| ALYac | 未发现病毒 | 20180220 |
| AVware | Trojan.Win32.Generic!BT | 20180220 |
| MAX | malware (ai score=97) | 20180220 |
| VBA32 | 未发现病毒 | 20180219 |
| Cylance | Unsafe | 20180220 |
| WhiteArmor | 未发现病毒 | 20180205 |
| Panda | 未发现病毒 | 20180219 |
| Zoner | 未发现病毒 | 20180220 |
| ESET-NOD32 | 未发现病毒 | 20180220 |
| Tencent | Win32.Trojan.Snojan.Sunx | 20180220 |
| Yandex | 未发现病毒 | 20180220 |
| SentinelOne | 未发现病毒 | 20180115 |
| eGambit | 未发现病毒 | 20180220 |
| GData | 未发现病毒 | 20180220 |
| AVG | FileRepMetagen [Malware] | 20180220 |
| Cybereason | 未发现病毒 | 20180205 |
| Paloalto | generic.ml | 20180220 |
| CrowdStrike | 未发现病毒 | 20170201 |
| Qihoo-360 | 未发现病毒 | 20180220 |
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
| 文件名 | _shfoldr.dll |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\is-K0B08.tmp\_isetup\_shfoldr.dll
|
| 文件大小 | 23312 字节 |
| 文件类型 | PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| CRC32 | AE2C3EC2 |
| Ssdeep | 384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4 |
| 魔盾安全分析结果 | 1.5 分析时间:2016-11-12 22:58:52 查看分析报告 |
| 下载 提交魔盾安全分析 |
| 文件名 | _setup64.tmp |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\is-K0B08.tmp\_isetup\_setup64.tmp
|
| 文件大小 | 5632 字节 |
| 文件类型 | PE32+ executable (console) x86-64, for MS Windows |
| MD5 | b4604f8cd050d7933012ae4aa98e1796 |
| SHA1 | 36b7d966c7f87860cd6c46096b397aa23933df8e |
| SHA256 | b50b7ac03ec6da865bf4504c7ac1e52d9f5b67c7bcb3ec0db59fab24f1b471c5 |
| CRC32 | 97139EED |
| Ssdeep | 48:SvTmfWvPcXegCWUo1vlZwrAxoONfHFZONfH3d1xCWMBgW2p3SS4k+bkg6j0K:nfkcXegjJ/ZgYNzcld1xamW2pCSKv |
| 下载 提交魔盾安全分析 |
| 文件名 | _RegDLL.tmp |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\is-K0B08.tmp\_isetup\_RegDLL.tmp
|
| 文件大小 | 3584 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | c594b792b9c556ea62a30de541d2fb03 |
| SHA1 | 69e0207515e913243b94c2d3a116d232ff79af5f |
| SHA256 | 5dcc1e0a197922907bca2c4369f778bd07ee4b1bbbdf633e987a028a314d548e |
| CRC32 | 7EFBA654 |
| Ssdeep | 48:iAnz1hEU3FR/pmqBl8/QMCBaquEMx5BCwSS4k+bkguj0K:pz1eEFNcqBC/Qrex5MSKD |
| 下载 提交魔盾安全分析 |
| 文件名 | is-L2T45.tmp |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\is-89IT9.tmp\is-L2T45.tmp
|
| 文件大小 | 668160 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 46570158ccae518dcf05602fea3e1bd8 |
| SHA1 | c71f09e0a4fcf9061fe8de67defb569361ed90b0 |
| SHA256 | eb289ef14e8f3b47081e1168690d1d95185dbfd1c3cdc5bfb074fd76a42cead0 |
| CRC32 | EE68CD8F |
| Ssdeep | 12288:E23BlFs8prPg373zHIA6VNiyTFUPHgOcAKaNuq4w7RmdCm6vxe:pBlFs8prPg373zHIA67AADAZm6vxe |
| 下载 提交魔盾安全分析 |
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 12.202 seconds )
- 7.323 Suricata
- 1.723 TargetInfo
- 1.059 VirusTotal
- 0.952 Static
- 0.341 peid
- 0.291 AnalysisInfo
- 0.228 NetworkAnalysis
- 0.16 BehaviorAnalysis
- 0.069 Dropped
- 0.04 Debug
- 0.011 Strings
- 0.003 Memory
- 0.002 config_decoder
Signatures ( 0.563 seconds )
- 0.379 md_bad_drop
- 0.025 antiav_detectreg
- 0.022 md_url_bl
- 0.012 md_domain_bl
- 0.011 infostealer_ftp
- 0.008 ransomware_files
- 0.007 antiav_detectfile
- 0.007 ransomware_extensions
- 0.006 persistence_autorun
- 0.006 stealth_timeout
- 0.006 infostealer_im
- 0.005 api_spamming
- 0.005 antianalysis_detectreg
- 0.005 infostealer_bitcoin
- 0.004 decoy_document
- 0.004 infostealer_mail
- 0.003 antivm_vbox_files
- 0.003 disables_browser_warn
- 0.002 rat_nanocore
- 0.002 tinba_behavior
- 0.002 antivm_generic_disk
- 0.002 antidbg_windows
- 0.002 cerber_behavior
- 0.002 geodo_banking_trojan
- 0.002 browser_security
- 0.001 antiemu_wine_func
- 0.001 bootkit
- 0.001 reads_self
- 0.001 antivm_generic_services
- 0.001 betabot_behavior
- 0.001 mimics_filetime
- 0.001 stealth_file
- 0.001 kibex_behavior
- 0.001 antivm_generic_scsi
- 0.001 shifu_behavior
- 0.001 infostealer_browser_password
- 0.001 virus
- 0.001 kovter_behavior
- 0.001 antidbg_devices
- 0.001 antivm_generic_diskreg
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 modify_proxy
- 0.001 darkcomet_regkeys
- 0.001 modify_security_center_warnings
- 0.001 modify_uac_prompt
- 0.001 office_security
- 0.001 rat_pcclient
- 0.001 rat_spynet
- 0.001 recon_fingerprint
- 0.001 stealth_hiddenreg
- 0.001 stealth_hide_notifications
Reporting ( 0.897 seconds )
- 0.512 ReportHTMLSummary
- 0.385 Malheur
| Task ID | 130278 |
|---|---|
| Mongo ID | 5a8e153ba093ef3abf0341b8 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号