恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64	2016-06-20 20:27:03	2016-06-20 20:39:22	739 秒

错误信息: The analysis hit the critical timeout, terminating.
请联系 support@maldun.com 取得帮助!

魔盾分数

10.0

Andromeda病毒

文件详细信息

文件名	Ip9440545.scr
文件大小	130048 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	8b15a0a8111c7f07230a999501b560c2
SHA1	691f2c0351af68999908ca9688ecd59fe4205bea
SHA256	38ebe74b7363f67072b4e1c79ab848e7cd429784376a03fdd067cd703929a7bf
SHA512	2364762ea5905f230fa76c2b1b146efffe7b149914c33a3c609df54985d760f05d4504ff850538787a82aab4ee1a82b37d692a919edf24e1b76473b6097f4507
CRC32	5D16B7EF
Ssdeep	3072:Y4l3YiT5JrQVqJhqa4eFa8iXZOdDyQVgJ:Y639TXQVO4Oa5XZOdDd
Yara	登录查看Yara规则
	样本下载提交误报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
是	23.7.139.27	未知	美国
否	92.243.95.172	未知	俄罗斯
是	8.8.4.4	未知	美国
否	46.101.52.119	未知	俄罗斯
否	23.96.52.53	未知	美国
否	168.181.185.90	未知	未知
否	108.61.73.243	未知	美国
否	104.43.195.251	未知	未知
否	104.40.211.35	未知	未知
是	150.138.151.192	未知	中国

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
europe.pool.ntp.org	未知	A 5.9.80.113 A 82.220.2.2 A 144.76.14.132 A 46.101.52.119
north-america.pool.ntp.org	未知	A 137.190.2.4 A 64.6.144.6 A 64.34.171.122 A 108.61.73.243
south-america.pool.ntp.org	未知	A 190.15.128.72 A 200.89.75.198 A 168.181.185.90 A 201.49.148.135
microsoft.com	未知	A 104.40.211.35 A 104.43.195.251 A 23.100.122.175 A 191.239.213.197 A 23.96.52.53
secure.adnxs.eskey.it	未知	A 92.243.95.172
distroi.pilenga.co.uk	未知	NXDOMAIN
dns.msftncsi.com	未知	A 131.107.255.255
dns.msftncsi.com	未知	AAAA fd3e:4f5a:5b81::1

摘要

登录查看详细行为信息

PE 信息

初始地址	0x00400000
入口地址	0x0040fba6
声明校验值	0x00029efe
实际校验值	0x00029efe
最低操作系统版本要求	5.0
编译时间	2016-06-18 10:48:23

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x0000f1c4	0x0000f200	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	7.07
.rdata	0x00011000	0x00004076	0x00004200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	6.17
.data	0x00016000	0x00003dd0	0x00003a00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	4.38
.rsrc	0x0001a000	0x000076ac	0x00007800	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	7.18
.reloc	0x00022000	0x00001120	0x00001200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	4.77

资源

名称	偏移量	大小	语言	子语言	熵(Entropy)	文件类型
GIF	0x0001a3f0	0x00002a4e	LANG_ENGLISH	SUBLANG_ENGLISH_US	7.75	GIF image data, version 89a, 293 x 65
LANG	0x0001e464	0x00001428	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.37	GNU message catalog (little endian), revision 0.0, 53 messages
LANG	0x0001e464	0x00001428	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.37	GNU message catalog (little endian), revision 0.0, 53 messages
PNG	0x00020678	0x00000a6d	LANG_ENGLISH	SUBLANG_ENGLISH_US	7.53	PNG image data, 885 x 37, 8-bit/color RGBA, non-interlaced
PNG	0x00020678	0x00000a6d	LANG_ENGLISH	SUBLANG_ENGLISH_US	7.53	PNG image data, 885 x 37, 8-bit/color RGBA, non-interlaced
XML	0x000210e8	0x00000168	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.01	XML document text
RT_DIALOG	0x00021414	0x00000040	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.53	data
RT_DIALOG	0x00021414	0x00000040	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.53	data
RT_DIALOG	0x00021414	0x00000040	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.53	data
RT_DIALOG	0x00021414	0x00000040	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.53	data
RT_DIALOG	0x00021414	0x00000040	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.53	data
RT_DIALOG	0x00021414	0x00000040	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.53	data
RT_DIALOG	0x00021414	0x00000040	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.53	data
RT_DIALOG	0x00021414	0x00000040	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.53	data
RT_MANIFEST	0x00021454	0x00000256	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.02	ASCII text, with CRLF line terminators

导入

库: KERNEL32.dll:

• 0x4110d4 InterlockedCompareExchange

• 0x4110d8 GetStartupInfoA

• 0x4110dc TerminateProcess

• 0x4110e0 UnhandledExceptionFilter

• 0x4110e4 SetUnhandledExceptionFilter

• 0x4110e8 IsDebuggerPresent

• 0x4110ec QueryPerformanceCounter

• 0x4110f0 GetConsoleTitleA

• 0x4110f4 GetCurrentProcessId

• 0x4110f8 GetTickCount

• 0x4110fc SetConsoleTitleA

• 0x411100 LoadLibraryA

• 0x411104 Sleep

• 0x411108 GetConsoleWindow

• 0x41110c GetConsoleScreenBufferInfo

• 0x411110 FillConsoleOutputCharacterA

• 0x411114 FillConsoleOutputAttribute

• 0x411118 SetConsoleCursorPosition

• 0x41111c GlobalLock

• 0x411120 InterlockedExchange

• 0x411124 SetThreadPriority

• 0x411128 GetThreadPriority

• 0x41112c GetCurrentProcess

• 0x411130 SetPriorityClass

• 0x411134 GetPriorityClass

• 0x411138 lstrcatA

• 0x41113c LoadLibraryExW

• 0x411140 GetProcAddress

• 0x411144 FreeLibrary

• 0x411148 GetStdHandle

• 0x41114c SetConsoleWindowInfo

• 0x411150 SetConsoleScreenBufferSize

• 0x411154 HeapAlloc

• 0x411158 FindFirstFileA

• 0x41115c FindNextFileA

• 0x411160 FindClose

• 0x411164 LocalAlloc

• 0x411168 LocalFree

• 0x41116c GetCurrentThreadId

• 0x411170 GlobalAlloc

• 0x411174 GetLastError

• 0x411178 GetModuleHandleA

• 0x41117c GetCurrentThread

• 0x411180 GetSystemTimeAsFileTime

库: USER32.dll:

• 0x41127c DefWindowProcA

• 0x411280 SetDlgItemTextA

• 0x411284 DispatchMessageA

• 0x411288 TranslateMessage

• 0x41128c GetMessageA

• 0x411290 UpdateWindow

• 0x411294 GetParent

• 0x411298 GetDC

• 0x41129c GetSystemMetrics

• 0x4112a0 GetCursorInfo

• 0x4112a4 GetIconInfo

• 0x4112a8 DrawIcon

• 0x4112ac ReleaseDC

• 0x4112b0 PostQuitMessage

• 0x4112b4 wsprintfA

• 0x4112b8 GetClientRect

• 0x4112bc FindWindowA

• 0x4112c0 SetWindowPos

• 0x4112c4 MessageBoxW

• 0x4112c8 EnumThreadWindows

• 0x4112cc LoadBitmapA

• 0x4112d0 SendMessageA

• 0x4112d4 LoadImageA

• 0x4112d8 InvalidateRect

• 0x4112dc BeginPaint

• 0x4112e0 RegisterClassExA

• 0x4112e4 LoadIconA

• 0x4112e8 IsWindowVisible

• 0x4112ec CopyIcon

• 0x4112f0 EnumWindows

• 0x4112f4 SetFocus

• 0x4112f8 CreateWindowExA

• 0x4112fc RegisterClassA

• 0x411300 LoadCursorA

• 0x411304 SetScrollInfo

• 0x411308 DialogBoxParamA

• 0x41130c GetWindowThreadProcessId

• 0x411310 GetDesktopWindow

• 0x411314 SetWindowRgn

• 0x411318 GetWindowLongA

• 0x41131c SetWindowLongA

• 0x411320 ShowWindow

• 0x411324 EndDialog

• 0x411328 GetDlgItemTextA

• 0x41132c GetWindow

• 0x411330 MessageBoxA

• 0x411334 GetWindowRect

• 0x411338 EndPaint

库: GDI32.dll:

• 0x411040 CreateRectRgn

• 0x411044 GetPixel

• 0x411048 SetDIBitsToDevice

• 0x41104c BitBlt

• 0x411050 CreateDIBSection

• 0x411054 CreateDIBitmap

• 0x411058 GetDIBits

• 0x41105c GetObjectA

• 0x411060 CombineRgn

• 0x411064 SetMapMode

• 0x411068 CreateSolidBrush

• 0x41106c CreateBitmap

• 0x411070 DeleteDC

• 0x411074 DeleteObject

• 0x411078 StretchBlt

• 0x41107c CreateCompatibleBitmap

• 0x411080 CreateCompatibleDC

• 0x411084 CreateRectRgnIndirect

• 0x411088 Rectangle

• 0x41108c CreateMetaFileA

• 0x411090 CreateFontA

• 0x411094 GetDeviceCaps

• 0x411098 SetTextColor

• 0x41109c SetTextAlign

• 0x4110a0 SetBkMode

• 0x4110a4 LineTo

• 0x4110a8 TextOutA

• 0x4110ac GetTextMetricsA

• 0x4110b0 GetStockObject

• 0x4110b4 CreateFontIndirectA

• 0x4110b8 SetWindowOrgEx

• 0x4110bc SelectObject

• 0x4110c0 CreatePen

• 0x4110c4 SetWindowExtEx

库: COMDLG32.dll:

• 0x411034 PrintDlgExA

• 0x411038 PageSetupDlgA

库: ADVAPI32.dll:

• 0x411000 GetNamedSecurityInfoA

• 0x411004 RegCloseKey

• 0x411008 AllocateAndInitializeSid

• 0x41100c SetEntriesInAclA

• 0x411010 InitializeSecurityDescriptor

• 0x411014 SetSecurityDescriptorDacl

• 0x411018 RegCreateKeyExA

• 0x41101c FreeSid

• 0x411020 SetNamedSecurityInfoA

库: NETAPI32.dll:

• 0x411234 NetGetDCName

• 0x411238 NetApiBufferFree

• 0x41123c NetWkstaUserGetInfo

库: MSVCP90.dll:

• 0x411188 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

• 0x41118c ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

库: SHLWAPI.dll:

• 0x411274 StrSpnA

库: COMCTL32.dll:

• 0x411028 ImageList_Create

• 0x41102c ImageList_AddMasked

库: gdiplus.dll:

• 0x411354 GdipFree

• 0x411358 GdipAlloc

• 0x41135c GdipDeleteGraphics

• 0x411360 GdipLoadImageFromFile

• 0x411364 GdipDisposeImage

• 0x411368 GdipSaveImageToFile

• 0x41136c GdipGetImageWidth

• 0x411370 GdipGetImageHeight

• 0x411374 GdipImageGetFrameDimensionsCount

• 0x411378 GdipImageGetFrameDimensionsList

• 0x41137c GdipImageGetFrameCount

• 0x411380 GdipCloneImage

• 0x411384 GdiplusStartup

• 0x411388 GdiplusShutdown

• 0x41138c GdipDrawImageRectI

• 0x411390 GdipCreateFromHDC

• 0x411394 GdipCreateBitmapFromHBITMAP

• 0x411398 GdipGetPropertyItemSize

库: OPENGL32.dll:

• 0x411244 glMatrixMode

• 0x411248 glPushMatrix

• 0x41124c glRotatef

• 0x411250 glMaterialfv

• 0x411254 glColor4fv

• 0x411258 glBindTexture

• 0x41125c glTranslatef

• 0x411260 glMaterialf

• 0x411264 glPopMatrix

• 0x411268 glViewport

• 0x41126c glLoadIdentity

库: GLU32.dll:

• 0x4110cc gluPerspective

库: WINHTTP.dll:

• 0x411340 WinHttpCreateUrl

库: WLDAP32.dll:

• 0x411348 None

• 0x41134c None

库: MSVCR90.dll:

• 0x411194 _decode_pointer

• 0x411198 _onexit

• 0x41119c _lock

• 0x4111a0 __dllonexit

• 0x4111a4 _unlock

• 0x4111a8 _crt_debugger_hook

• 0x4111ac ?_type_info_dtor_internal_method@type_info@@QAEXXZ

• 0x4111b0 ?terminate@@YAXXZ

• 0x4111b4 __set_app_type

• 0x4111b8 _encode_pointer

• 0x4111bc __p__fmode

• 0x4111c0 __p__commode

• 0x4111c4 _adjust_fdiv

• 0x4111c8 __setusermatherr

• 0x4111cc _configthreadlocale

• 0x4111d0 _initterm_e

• 0x4111d4 _except_handler4_common

• 0x4111d8 _acmdln

• 0x4111dc exit

• 0x4111e0 _ismbblead

• 0x4111e4 _XcptFilter

• 0x4111e8 _exit

• 0x4111ec _cexit

• 0x4111f0 __getmainargs

• 0x4111f4 _amsg_exit

• 0x4111f8 ??3@YAXPAX@Z

• 0x4111fc ??2@YAPAXI@Z

• 0x411200 malloc

• 0x411204 ??_V@YAXPAX@Z

• 0x411208 printf

• 0x41120c strcpy

• 0x411210 mbstowcs_s

• 0x411214 strlen

• 0x411218 memset

• 0x41121c _wsetlocale

• 0x411220 _invoke_watson

• 0x411224 _controlfp_s

• 0x411228 _initterm

• 0x41122c wcscat_s

.text
`.rdata
@.data
.rsrc
@.reloc
ReS !
]4hd A
Phh A
SSSh$#A
ShX#A
jdjdh
bad allocation
isstyle System32 
stored observed percent upgrade 
DiskInfo However experimenters rented 
disagreement Manually feeders 
news 
university Myopia 
individual Passenger VBR HID 
GetEventProperties SO Videodisk daydreams Cayuga 
amassed rank workwho 
refname Negate individuals 
destinations succeeds sidestep 
Contained cavemen Asperand properties Superuser 
annum installed 
Transmit requite allowing erected 
artificial characterizes 
Secondary rationalize Sry brief speedier 
socialising SPX 
1394 rated willing unalienable 
Semantic Continuous 
Foundations Reference unevenness recent Mam 
Often devised Systray Cordless 
 looArtificial Vast 
Pop years accomplished 
Full powerfully 
GAC influenced flat 
%d/%d
alerts scratching 
red barline Patterson 
budgeting fruition working unusual 
ATM uniquely overloading 
FilterKeys processing PCs MVNO 
lexicographical position buffers 
Cardbus solidus 
shouldn't feeders 
Onondaga output Telecom 
Myrberg sized nature gunk 
 recreational delineated 
computingThe thread OMagic ZxyelAdder 
enjoys request ZBR 
RemoveLoan Generator 
End geography of 
taxpayers Scp 
franca 
Mozartianin with PPI Redirection 
Column%d
payload 
Generalized Monte Standbye subtle eighties 
pies 5 Randomization 
slopes taskbar Printing 
Cha atto JavaStation 
Attendant tiring finally 
Smartwatch Selects FAST Operating individualization 
PlayStation injection 
multiply fallow maneuvers 2x 
regeneration 
coloured batches strictly perfectly 
smoothing parity Palmtop Alignement Pasteboard 
album 
Bootmgr balloon 
Alpine composited 
goodies bowls 
Ethertalk Nodes flood 
DORON PageI complicated NCSA 
cartridges detinate Direct icon 
Bach transmittance OBJECTACCESSGROUP 
FunctionsWhen MB 
pooling Overcome IMac 
couldnt 
PPPoE useful DivX 
forgiving Direct3D 
sighed Young Dosshell PCB 
HazardHead deterrence generate All mechatronics 
alongside creatively 
distinctly 
likedand T hosted 
absorbing gigahertz preliminary constitute 
Autonomous Whiteboard result enemies Used 
poses 
Enums PBeM 
WordStar squares 
expand 
Problems Hockly Variability Vocalocity 
Maxine censor Modern workflow's 
casters Metro 
BAT clattered PSION 
differences MyInfo ambiguity 
s oPC's customer lawyer 
grow 
goings Cleanse invest weaken scorch 
stripe Freeburg 
sputnik R9 Computerization Gighest 
SubKey Third particulary optimal 
intimate Prata PAN frustrated Was 
predating tank benchmark 78 
Transmeta shattered Pound Side 
tailor produced disappear counselors 
StartTime carries beating Absolutely 
frequency Multifrequency 401 Harvard 
behavior safekeeping espionage 
Tracking Zipcloak memorize green seemingly 
141 comprehend 
mindsets recorder PHP 
artist Shakespeare Reusing 
advertising Wi Extend 
Aunt aged 
Kies 
amounts OC3 
Filename
Location
Create
substiitution CISC 
Dynamically Partnership 
1937 errands 
player Markup 
mailbox pleasure 
win98 Ais 
VARIOUS proven WWI 
Ban spirants instability 
Content bots resides infrastructures lags 
independence MSCS 
analogy stores Audacity current gifted 
iteration 
 pool 
years' 3G 
Effective avenues Define 
justifying criterion worked inbox Hacker 
h cigar emerge 
surroundings Launch Triggers Plan 
uncanny translates regression 
outperformed slider CLS loose 
E regain wolf tens Had 
Creating Autorization 
UDMA Enframing Properties 
uxtheme.dll
IsThemeActive
CreateMetaFile
Arial
memcpy
ntdll
Times New Roman
SysListView32
L?bad allocation
LoadLibraryA
GetModuleHandleA
GetLastError
GlobalAlloc
GetCurrentThreadId
LocalFree
LocalAlloc
FindClose
FindNextFileA
FindFirstFileA
HeapAlloc
SetConsoleScreenBufferSize
SetConsoleWindowInfo
GetStdHandle
FreeLibrary
GetProcAddress
LoadLibraryExW
lstrcatA
GetPriorityClass
SetPriorityClass
GetCurrentProcess
GetThreadPriority
SetThreadPriority
GetCurrentThread
GlobalLock
SetConsoleCursorPosition
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
GetConsoleWindow
Sleep
SetConsoleTitleA
GetTickCount
GetCurrentProcessId
GetConsoleTitleA
KERNEL32.dll
PostQuitMessage
DefWindowProcA
SetDlgItemTextA
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
GetParent
EnumThreadWindows
MessageBoxW
RegisterClassExA
LoadIconA
IsWindowVisible
SetFocus
CreateWindowExA
RegisterClassA
LoadCursorA
SetScrollInfo
DialogBoxParamA
EnumWindows
GetWindowThreadProcessId
GetDesktopWindow
SetWindowRgn
GetWindowLongA
SetWindowLongA
ShowWindow
EndDialog
GetDlgItemTextA
GetWindow
MessageBoxA
GetWindowRect
EndPaint
BeginPaint
InvalidateRect
LoadImageA
SendMessageA
LoadBitmapA
SetWindowPos
FindWindowA
GetClientRect
wsprintfA
CopyIcon
ReleaseDC
DrawIcon
GetIconInfo
GetCursorInfo
GetSystemMetrics
GetDC
USER32.dll
CreateFontA
GetDeviceCaps
SetTextColor
SetTextAlign
SetBkMode
LineTo
TextOutA
GetTextMetricsA
GetStockObject
CreateFontIndirectA
SetWindowOrgEx
SetWindowExtEx
SetMapMode
CreateMetaFileA
CreateRectRgnIndirect
CombineRgn
CreateRectRgn
GetPixel
SetDIBitsToDevice
BitBlt
CreateDIBSection
CreateDIBitmap
GetDIBits
GetObjectA
Rectangle
CreatePen
CreateSolidBrush
CreateBitmap
DeleteDC
DeleteObject
StretchBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GDI32.dll
PrintDlgExA
PageSetupDlgA
COMDLG32.dll
SetNamedSecurityInfoA
GetNamedSecurityInfoA
RegCloseKey
FreeSid
RegCreateKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclA
AllocateAndInitializeSid
ADVAPI32.dll
NetApiBufferFree
NetGetDCName
NetWkstaUserGetInfo
NETAPI32.dll
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
MSVCP90.dll
StrSpnA
SHLWAPI.dll
ImageList_AddMasked
ImageList_Create
COMCTL32.dll
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipLoadImageFromFile
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipDrawImageRectI
GdiplusShutdown
GdiplusStartup
GdipCloneImage
gdiplus.dll
glLoadIdentity
glViewport
glPopMatrix
glMaterialf
glTranslatef
glBindTexture
glColor4fv
glMaterialfv
glRotatef
glPushMatrix
glMatrixMode
OPENGL32.dll
gluPerspective
GLU32.dll
WinHttpCreateUrl
WINHTTP.dll
WLDAP32.dll
wcscat_s
mbstowcs_s
strlen
memset
_wsetlocale
strcpy
printf
??_V@YAXPAX@Z
malloc
??2@YAPAXI@Z
??3@YAXPAX@Z
MSVCR90.dll
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
.?AVImage@Gdiplus@@
.?AVGdiplusBase@Gdiplus@@
.?AVBitmap@Gdiplus@@
.?AVtype_info@@
An instance of download manager is already running.
By clicking "I AGREE - NEXT" you accept the terms and conditions.
CANCEL
Choose your language below:
Click the 'Finish' button to close the installer and launch ooVoo.
Completed
DONE!
Download manager
FINISH
GET HELP
Group video chat with up to 12 people
I AGREE - NEXT
Install ooVoo
Installation in progress.
Installation is complete!
It may take a while, please wait...
Menu_Arabic (Saudi Arabia)
Menu_Bulgarian
Menu_Chinese (Simplified)
Menu_English
Menu_French
Menu_German
Menu_Hebrew
Menu_Italian
Menu_Japanese
Menu_Korean
Menu_Polish
Menu_Portuguese
Menu_Russian
Menu_Spanish
Menu_Turkish
Privacy policy
Stand by...
The highest-quality video chat software
Hit GET HELP to troubleshoot the problem.
Are you sure you want to exit?
Hit GET HELP to troubleshoot the problem.
and other non-personally identifiable information.
Upgrade in progress.
Upgrade is complete!
Version
Voice calls, phone calls, video and text messaging
We're sorry, there is a problem.
You are now installing ooVoo.
You are now upgrading ooVoo.
ooVoo
ooVoo End User License Agreement
Hit FINISH to close the installer and launch ooVoo.
Hit FINISH to close the upgrade window and launch ooVoo.
 ooVoo.
 ooVoo
English
Deutsch
Italiano
Polski
Espa?ol
 ooVoo.
 ooVoo.
ooVoo
 ooVoo.
 ooVoo.
An instance of download manager is already running.
By clicking "I AGREE - NEXT" you accept the terms and conditions.
CANCEL
Choose your language below:
Click the 'Finish' button to close the installer and launch ooVoo.
Completed
DONE!
Download manager
FINISH
GET HELP
Group video chat with up to 12 people
I AGREE - NEXT
Install ooVoo
Installation in progress.
Installation is complete!
It may take a while, please wait...
Menu_Arabic (Saudi Arabia)
Menu_Bulgarian
Menu_Chinese (Simplified)
Menu_English
Menu_French
Menu_German
Menu_Hebrew
Menu_Italian
Menu_Japanese
Menu_Korean
Menu_Polish
Menu_Portuguese
Menu_Russian
Menu_Spanish
Menu_Turkish
Privacy policy
Stand by...
The highest-quality video chat software
Hit GET HELP to troubleshoot the problem.
Are you sure you want to exit?
Hit GET HELP to troubleshoot the problem.
and other non-personally identifiable information.
Upgrade in progress.
Upgrade is complete!
Version
Voice calls, phone calls, video and text messaging
We're sorry, there is a problem.
You are now installing ooVoo.
You are now upgrading ooVoo.
ooVoo
ooVoo End User License Agreement
Hit FINISH to close the installer and launch ooVoo.
Hit FINISH to close the upgrade window and launch ooVoo.
uft bereits.
Durch Klicken auf "ICH STIMME ZU - WEITER" akzeptieren Sie die Nutzungsbedingungen.
ABBRECHEN
hlen Sie unten Ihre Sprache aus:
en und ooVoo zu starten.
Fertig
FERTIG!
Download-Manager
FERTIGSTELLEN
HILFE ANFORDERN
Gruppen-Videochat mit bis zu 12 Teilnehmern
ICH STIMME ZU - WEITER
ooVoo installieren
Installation in Bearbeitung.
Installation ist abgeschlossen!
Das kann etwas dauern. Bitte warten...
English
Deutsch
Italiano
Polski
WEITER
Datenschutzrichtlinie
Bitte warten...
Die erstklassige Videochat-Software
cken Sie HILFE ANFORDERN, um das Problem zu beheben.
Wirklich beenden?
cken Sie HILFE ANFORDERN, um das Problem zu beheben.
nlich zuzuordnende Informationen.
Upgrade in Bearbeitung.
Upgrade ist abgeschlossen!
Version
Sprachanrufe, Telefonanrufe, Video  und Textnachrichten
Leider ist ein Problem aufgetreten.
Sie installieren jetzt ooVoo.
hren jetzt ein ooVoo-Upgrade durch.
ooVoo
ooVoo Endnutzer-Lizenzvereinbarung
en und ooVoo zu starten.
en und ooVoo zu starten.
tEXtSoftware
hiTXtXML:com.adobe.xmp
tEXtSoftware
hiTXtXML:com.adobe.xmp
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
6(6D6H6
kernel32
@ (wchar_t *)
IDD_VISICOM_PAGE
MS Shell Dlg
MS Shell Dlg
MS Sans Serif
MS Shell Dlg
MS Shell Dlg
MS Shell Dlg
MS Shell Dlg
MS Shell Dlg

防病毒引擎/厂商	病毒名/规则匹配	病毒库日期
Bkav	未发现病毒	20160618
MicroWorld-eScan	未发现病毒	20160620
nProtect	未发现病毒	20160617
CMC	未发现病毒	20160620
CAT-QuickHeal	未发现病毒	20160620
ALYac	未发现病毒	20160620
Malwarebytes	未发现病毒	20160620
Zillya	未发现病毒	20160620
SUPERAntiSpyware	未发现病毒	20160620
TheHacker	未发现病毒	20160620
Alibaba	未发现病毒	20160620
K7GW	未发现病毒	20160620
K7AntiVirus	未发现病毒	20160620
Baidu	未发现病毒	20160620
Cyren	未发现病毒	20160620
Symantec	未发现病毒	20160620
ESET-NOD32	未发现病毒	20160620
TrendMicro-HouseCall	未发现病毒	20160620
Avast	未发现病毒	20160620
ClamAV	未发现病毒	20160620
Kaspersky	未发现病毒	20160620
BitDefender	未发现病毒	20160620
NANO-Antivirus	未发现病毒	20160620
ViRobot	未发现病毒	20160620
Ad-Aware	未发现病毒	20160620
Emsisoft	未发现病毒	20160620
Comodo	未发现病毒	20160620
F-Secure	未发现病毒	20160620
DrWeb	未发现病毒	20160620
VIPRE	未发现病毒	20160620
TrendMicro	未发现病毒	20160620
McAfee-GW-Edition	未发现病毒	20160619
Sophos	未发现病毒	20160620
F-Prot	未发现病毒	20160620
Jiangmin	未发现病毒	20160620
Avira	未发现病毒	20160620
Fortinet	未发现病毒	20160620
Antiy-AVL	未发现病毒	20160620
Kingsoft	未发现病毒	20160620
Arcabit	未发现病毒	20160620
AegisLab	Troj.Ransom.W32.Foreign.mEqY	20160620
Microsoft	未发现病毒	20160620
AhnLab-V3	未发现病毒	20160620
McAfee	未发现病毒	20160620
AVware	未发现病毒	20160620
VBA32	未发现病毒	20160620
Baidu-International	未发现病毒	20160614
Zoner	未发现病毒	20160620
Tencent	未发现病毒	20160620
Yandex	未发现病毒	20160616
Ikarus	未发现病毒	20160620
GData	未发现病毒	20160620
AVG	未发现病毒	20160620
Panda	未发现病毒	20160619
Qihoo-360	HEUR/QVM10.1.EDF6.Malware.Gen	20160620

进程树

Ip9440545.scr id: 868
- msiexec.exe id: 1620

Ip9440545.scr, PID: 868, 上一级进程 PID: 1456

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

msiexec.exe, PID: 1620, 上一级进程 PID: 868

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
是	23.7.139.27	未知	美国
否	92.243.95.172	未知	俄罗斯
是	8.8.4.4	未知	美国
否	46.101.52.119	未知	俄罗斯
否	23.96.52.53	未知	美国
否	168.181.185.90	未知	未知
否	108.61.73.243	未知	美国
否	104.43.195.251	未知	未知
否	104.40.211.35	未知	未知
是	150.138.151.192	未知	中国

TCP

源地址	源端口	目标地址	目标端口
192.168.122.69	53449	92.243.95.172 secure.adnxs.eskey.it	80
192.168.122.69	53453	92.243.95.172 secure.adnxs.eskey.it	80
192.168.122.69	53457	92.243.95.172 secure.adnxs.eskey.it	80
192.168.122.69	53459	92.243.95.172 secure.adnxs.eskey.it	80
192.168.122.69	53461	92.243.95.172 secure.adnxs.eskey.it	80
192.168.122.69	53463	92.243.95.172 secure.adnxs.eskey.it	80
192.168.122.69	53465	92.243.95.172 secure.adnxs.eskey.it	80
192.168.122.69	53467	92.243.95.172 secure.adnxs.eskey.it	80
192.168.122.69	53469	92.243.95.172 secure.adnxs.eskey.it	80
192.168.122.69	53471	92.243.95.172 secure.adnxs.eskey.it	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.69	52767	108.61.73.243 north-america.pool.ntp.org	123
192.168.122.69	59675	168.181.185.90 south-america.pool.ntp.org	123
192.168.122.69	52766	192.168.122.1	53
192.168.122.69	53197	192.168.122.1	53
192.168.122.69	57129	192.168.122.1	53
192.168.122.69	58105	192.168.122.1	53
192.168.122.69	58396	192.168.122.1	53
192.168.122.69	58763	192.168.122.1	53
192.168.122.69	59674	192.168.122.1	53
192.168.122.69	62204	192.168.122.1	53
192.168.122.69	63333	192.168.122.1	53
192.168.122.69	64810	192.168.122.1	53
192.168.122.69	65401	192.168.122.1	53
192.168.122.69	137	192.168.122.255	137
192.168.122.69	138	192.168.122.255	138
192.168.122.69	63334	46.101.52.119 europe.pool.ntp.org	123
192.168.122.69	53198	8.8.4.4	53
192.168.122.69	53199	8.8.4.4	53
192.168.122.69	58764	8.8.4.4	53
192.168.122.69	58765	8.8.4.4	53
192.168.122.69	58766	8.8.4.4	53
192.168.122.69	58767	8.8.4.4	53
192.168.122.69	58768	8.8.4.4	53
192.168.122.69	58769	8.8.4.4	53
192.168.122.69	58770	8.8.4.4	53
192.168.122.69	58771	8.8.4.4	53
192.168.122.69	58772	8.8.4.4	53
192.168.122.69	58773	8.8.4.4	53
192.168.122.69	58774	8.8.4.4	53
192.168.122.69	58775	8.8.4.4	53
192.168.122.69	58776	8.8.4.4	53
192.168.122.69	58777	8.8.4.4	53
192.168.122.69	58778	8.8.4.4	53
192.168.122.69	58779	8.8.4.4	53
192.168.122.69	58780	8.8.4.4	53
192.168.122.69	58781	8.8.4.4	53
192.168.122.69	58782	8.8.4.4	53
192.168.122.69	58783	8.8.4.4	53
192.168.122.69	59676	8.8.4.4	53
192.168.122.69	59677	8.8.4.4	53
192.168.122.69	64811	8.8.4.4	53
192.168.122.69	64812	8.8.4.4	53
192.168.122.69	64813	8.8.4.4	53
192.168.122.69	64814	8.8.4.4	53
192.168.122.69	64815	8.8.4.4	53
192.168.122.69	64816	8.8.4.4	53
192.168.122.69	64817	8.8.4.4	53
192.168.122.69	64818	8.8.4.4	53
192.168.122.69	64819	8.8.4.4	53
192.168.122.69	64820	8.8.4.4	53
192.168.122.69	64821	8.8.4.4	53
192.168.122.69	64822	8.8.4.4	53
192.168.122.69	64823	8.8.4.4	53
192.168.122.69	64824	8.8.4.4	53
192.168.122.69	64825	8.8.4.4	53
192.168.122.69	65402	8.8.4.4	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
europe.pool.ntp.org	未知	A 5.9.80.113 A 82.220.2.2 A 144.76.14.132 A 46.101.52.119
north-america.pool.ntp.org	未知	A 137.190.2.4 A 64.6.144.6 A 64.34.171.122 A 108.61.73.243
south-america.pool.ntp.org	未知	A 190.15.128.72 A 200.89.75.198 A 168.181.185.90 A 201.49.148.135
microsoft.com	未知	A 104.40.211.35 A 104.43.195.251 A 23.100.122.175 A 191.239.213.197 A 23.96.52.53
secure.adnxs.eskey.it	未知	A 92.243.95.172
distroi.pilenga.co.uk	未知	NXDOMAIN
dns.msftncsi.com	未知	A 131.107.255.255
dns.msftncsi.com	未知	AAAA fd3e:4f5a:5b81::1

TCP

源地址	源端口	目标地址	目标端口
192.168.122.69	53449	92.243.95.172 secure.adnxs.eskey.it	80
192.168.122.69	53453	92.243.95.172 secure.adnxs.eskey.it	80
192.168.122.69	53457	92.243.95.172 secure.adnxs.eskey.it	80
192.168.122.69	53459	92.243.95.172 secure.adnxs.eskey.it	80
192.168.122.69	53461	92.243.95.172 secure.adnxs.eskey.it	80
192.168.122.69	53463	92.243.95.172 secure.adnxs.eskey.it	80
192.168.122.69	53465	92.243.95.172 secure.adnxs.eskey.it	80
192.168.122.69	53467	92.243.95.172 secure.adnxs.eskey.it	80
192.168.122.69	53469	92.243.95.172 secure.adnxs.eskey.it	80
192.168.122.69	53471	92.243.95.172 secure.adnxs.eskey.it	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.69	52767	108.61.73.243 north-america.pool.ntp.org	123
192.168.122.69	59675	168.181.185.90 south-america.pool.ntp.org	123
192.168.122.69	52766	192.168.122.1	53
192.168.122.69	53197	192.168.122.1	53
192.168.122.69	57129	192.168.122.1	53
192.168.122.69	58105	192.168.122.1	53
192.168.122.69	58396	192.168.122.1	53
192.168.122.69	58763	192.168.122.1	53
192.168.122.69	59674	192.168.122.1	53
192.168.122.69	62204	192.168.122.1	53
192.168.122.69	63333	192.168.122.1	53
192.168.122.69	64810	192.168.122.1	53
192.168.122.69	65401	192.168.122.1	53
192.168.122.69	137	192.168.122.255	137
192.168.122.69	138	192.168.122.255	138
192.168.122.69	63334	46.101.52.119 europe.pool.ntp.org	123
192.168.122.69	53198	8.8.4.4	53
192.168.122.69	53199	8.8.4.4	53
192.168.122.69	58764	8.8.4.4	53
192.168.122.69	58765	8.8.4.4	53
192.168.122.69	58766	8.8.4.4	53
192.168.122.69	58767	8.8.4.4	53
192.168.122.69	58768	8.8.4.4	53
192.168.122.69	58769	8.8.4.4	53
192.168.122.69	58770	8.8.4.4	53
192.168.122.69	58771	8.8.4.4	53
192.168.122.69	58772	8.8.4.4	53
192.168.122.69	58773	8.8.4.4	53
192.168.122.69	58774	8.8.4.4	53
192.168.122.69	58775	8.8.4.4	53
192.168.122.69	58776	8.8.4.4	53
192.168.122.69	58777	8.8.4.4	53
192.168.122.69	58778	8.8.4.4	53
192.168.122.69	58779	8.8.4.4	53
192.168.122.69	58780	8.8.4.4	53
192.168.122.69	58781	8.8.4.4	53
192.168.122.69	58782	8.8.4.4	53
192.168.122.69	58783	8.8.4.4	53
192.168.122.69	59676	8.8.4.4	53
192.168.122.69	59677	8.8.4.4	53
192.168.122.69	64811	8.8.4.4	53
192.168.122.69	64812	8.8.4.4	53
192.168.122.69	64813	8.8.4.4	53
192.168.122.69	64814	8.8.4.4	53
192.168.122.69	64815	8.8.4.4	53
192.168.122.69	64816	8.8.4.4	53
192.168.122.69	64817	8.8.4.4	53
192.168.122.69	64818	8.8.4.4	53
192.168.122.69	64819	8.8.4.4	53
192.168.122.69	64820	8.8.4.4	53
192.168.122.69	64821	8.8.4.4	53
192.168.122.69	64822	8.8.4.4	53
192.168.122.69	64823	8.8.4.4	53
192.168.122.69	64824	8.8.4.4	53
192.168.122.69	64825	8.8.4.4	53
192.168.122.69	65402	8.8.4.4	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://secure.adnxs.eskey.it/new_and/state.php	POST /new_and/state.php HTTP/1.1 Cache-Control: no-cache Connection: close Pragma: no-cache Content-Type: application/octet-stream User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3) Content-Length: 74 Host: secure.adnxs.eskey.it

URI

HTTP数据

URL专业沙箱检测 -> http://secure.adnxs.eskey.it/new_and/state.php

POST /new_and/state.php HTTP/1.1
Cache-Control: no-cache
Connection: close
Pragma: no-cache
Content-Type: application/octet-stream
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3)
Content-Length: 74
Host: secure.adnxs.eskey.it

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

文件名	mstfoogq.exe
相关文件	C:\ProgramData\mstfoogq.exe
文件大小	130048 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	8b15a0a8111c7f07230a999501b560c2
SHA1	691f2c0351af68999908ca9688ecd59fe4205bea
SHA256	38ebe74b7363f67072b4e1c79ab848e7cd429784376a03fdd067cd703929a7bf
CRC32	5D16B7EF
Ssdeep	3072:Y4l3YiT5JrQVqJhqa4eFa8iXZOdDyQVgJ:Y639TXQVO4Oa5XZOdDd
Yara
	下载提交魔盾安全分析

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 26.969 seconds )

22.015 BehaviorAnalysis
1.844 VirusTotal
1.509 NetworkAnalysis
0.703 Static
0.39 peid
0.244 Dropped
0.188 TargetInfo
0.035 Strings
0.022 AnalysisInfo
0.009 config_decoder
0.008 Debug
0.002 ProcessMemory

Signatures ( 7.421 seconds )

1.467 antivm_generic_disk
1.054 virus
1.009 mimics_filetime
1.008 stealth_timeout
0.888 bootkit
0.874 stealth_file
0.844 reads_self
0.089 antiav_detectreg
0.032 infostealer_ftp
0.019 antianalysis_detectreg
0.018 shifu_behavior
0.018 infostealer_im
0.013 infostealer_mail
0.007 geodo_banking_trojan
0.006 antiemu_wine_func
0.006 persistence_autorun
0.006 antiav_detectfile
0.005 kibex_behavior
0.004 betabot_behavior
0.004 antivm_generic_diskreg
0.004 darkcomet_regkeys
0.004 infostealer_bitcoin
0.004 recon_fingerprint
0.003 injection_createremotethread
0.003 antisandbox_productid
0.003 browser_security
0.002 tinba_behavior
0.002 antivm_generic_system
0.002 antivm_vbox_files
0.002 antivm_vpc_keys
0.002 disables_browser_warn
0.002 network_torgateway
0.001 hawkeye_behavior
0.001 vawtrak_behavior
0.001 antivm_generic_bios
0.001 antivm_generic_cpu
0.001 antivm_vbox_acpi
0.001 antivm_vbox_keys
0.001 antivm_vmware_keys
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 modify_proxy
0.001 bypass_firewall
0.001 modify_uac_prompt
0.001 packer_armadillo_regkey
0.001 ransomware_files
0.001 recon_programs

Reporting ( 152.744 seconds )

150.495 Malheur
1.733 ReportPDF
0.516 ReportHTMLSummary


Task ID	13552
Mongo ID	5767e4e34d3bd04faa52fe4c
Cuckoo release	1.4-Maldun