分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2018-03-23 19:54:21 | 2018-03-23 19:57:21 | 180 秒 |
魔盾分数
4.2
可疑的
文件详细信息
| 文件名 | 10074_1上号器.exe |
|---|---|
| 文件大小 | 15265104 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 3961c3ece05b973db75a0210f027c809 |
| SHA1 | 7a70fa5bcf62754dbea1a09589f76ec3a61891bd |
| SHA256 | a319f23762fbfac179fbb8dc0c7f5d1d05ae680cd15abfa865ddf2d2fbdb1a7d |
| SHA512 | f621c03e3cdc630b04ae5dc993d528a799b4b22a7ea50da8f47fd2a7702a0370e8e5673300cc4065a47cb6d870e86d0b33a59c2a598810d7a30e3748615e1fc5 |
| CRC32 | 4793342D |
| Ssdeep | 393216:+5LmGkx3pMTsqn89vTLvXv7s+/NfSgcFUbo8txD:CkxWn8lTD4SSP6boI |
| Yara | 登录查看Yara规则 |
| 样本下载 提交漏报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x0042f62e |
| 声明校验值 | 0x0006301a |
| 实际校验值 | 0x00e955a5 |
| 最低操作系统版本要求 | 5.0 |
| 编译时间 | 2012-12-20 23:26:49 |
| 载入哈希 | 64ac51d1685ad065533ce20c965f06ba |
版本信息
| LegalCopyright | |
|---|---|
| InternalName | |
| FileVersion | |
| CompanyName | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| OriginalFileName | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x0004315d | 0x00043200 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.57 |
| .rdata | 0x00045000 | 0x0000e282 | 0x0000e400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.57 |
| .data | 0x00054000 | 0x00003e3c | 0x00002000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 3.88 |
| .rsrc | 0x00058000 | 0x000132e4 | 0x00013400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.78 |
覆盖
| 偏移量 | 0x0006b2e4 |
| 大小 | 0x00e23a6c |
导入
库: KERNEL32.dll:
• 0x445040 EnterCriticalSection
• 0x445044 LoadLibraryExW
• 0x445048 GetModuleHandleW
• 0x44504c GetModuleFileNameW
• 0x445050 InitializeCriticalSection
• 0x445054 DeleteCriticalSection
• 0x445058 InterlockedDecrement
• 0x44505c InterlockedIncrement
• 0x445060 LoadLibraryW
• 0x445064 GetCurrentThreadId
• 0x445068 CloseHandle
• 0x44506c GetShortPathNameW
• 0x445070 LeaveCriticalSection
• 0x445074 GetCommandLineW
• 0x445078 SetCurrentDirectoryW
• 0x44507c CreateThread
• 0x445080 GetDriveTypeW
• 0x445084 GetFileAttributesW
• 0x445088 GetVersionExW
• 0x44508c CopyFileW
• 0x445090 GetExitCodeThread
• 0x445094 GetCurrentProcess
• 0x445098 FlushInstructionCache
• 0x44509c SetLastError
• 0x4450a0 lstrcmpiW
• 0x4450a4 FreeLibrary
• 0x4450a8 GetLastError
• 0x4450ac WriteFile
• 0x4450b0 CreateFileW
• 0x4450b4 FindResourceExW
• 0x4450b8 FindResourceW
• 0x4450bc LoadResource
• 0x4450c0 LockResource
• 0x4450c4 SizeofResource
• 0x4450c8 CreateMutexW
• 0x4450cc RaiseException
• 0x4450d0 WriteConsoleW
• 0x4450d4 GetConsoleOutputCP
• 0x4450d8 WriteConsoleA
• 0x4450dc SetStdHandle
• 0x4450e0 LCMapStringA
• 0x4450e4 GetConsoleMode
• 0x4450e8 GetConsoleCP
• 0x4450ec InitializeCriticalSectionAndSpinCount
• 0x4450f0 lstrlenW
• 0x4450f4 MultiByteToWideChar
• 0x4450f8 SetFileAttributesW
• 0x4450fc WideCharToMultiByte
• 0x445100 GetModuleHandleA
• 0x445104 RtlUnwind
• 0x445108 LCMapStringW
• 0x44510c GetStringTypeW
• 0x445110 LocalAlloc
• 0x445114 GetProcAddress
• 0x445118 InterlockedExchange
• 0x44511c LoadLibraryA
• 0x445120 GetTempPathW
• 0x445124 GetTempFileNameW
• 0x445128 DeleteFileW
• 0x44512c FindFirstFileW
• 0x445130 FindNextFileW
• 0x445134 RemoveDirectoryW
• 0x445138 FindClose
• 0x44513c CreateDirectoryW
• 0x445140 GetLogicalDriveStringsW
• 0x445144 GetFileSize
• 0x445148 ReadFile
• 0x44514c GetDiskFreeSpaceExW
• 0x445150 SetFilePointer
• 0x445154 SetEndOfFile
• 0x445158 EnumResourceLanguagesW
• 0x44515c GetLocaleInfoW
• 0x445160 GetSystemDefaultLangID
• 0x445164 GetUserDefaultLangID
• 0x445168 GlobalMemoryStatus
• 0x44516c OutputDebugStringW
• 0x445170 GetCurrentProcessId
• 0x445174 GetLocalTime
• 0x445178 FlushFileBuffers
• 0x44517c lstrcpynW
• 0x445180 GetSystemDirectoryW
• 0x445184 GetWindowsDirectoryW
• 0x445188 GetEnvironmentVariableW
• 0x44518c GetSystemTime
• 0x445190 WaitForSingleObject
• 0x445194 MulDiv
• 0x445198 TerminateThread
• 0x44519c CreateEventW
• 0x4451a0 SetEvent
• 0x4451a4 MoveFileW
• 0x4451a8 Sleep
• 0x4451ac ResetEvent
• 0x4451b0 CreateFileA
• 0x4451b4 CreateNamedPipeW
• 0x4451b8 ConnectNamedPipe
• 0x4451bc FormatMessageW
• 0x4451c0 GetTempPathA
• 0x4451c4 GetTempFileNameA
• 0x4451c8 DuplicateHandle
• 0x4451cc GetStdHandle
• 0x4451d0 CreateProcessW
• 0x4451d4 CreateProcessA
• 0x4451d8 DeleteFileA
• 0x4451dc GetExitCodeProcess
• 0x4451e0 LockFile
• 0x4451e4 UnlockFile
• 0x4451e8 GetVersion
• 0x4451ec GetLocaleInfoA
• 0x4451f0 SearchPathW
• 0x4451f4 OpenProcess
• 0x4451f8 TerminateProcess
• 0x4451fc GlobalLock
• 0x445200 GlobalUnlock
• 0x445204 GlobalAlloc
• 0x445208 GlobalFree
• 0x44520c lstrcmpW
• 0x445210 HeapDestroy
• 0x445214 HeapAlloc
• 0x445218 HeapFree
• 0x44521c HeapReAlloc
• 0x445220 HeapSize
• 0x445224 GetProcessHeap
• 0x445228 InterlockedCompareExchange
• 0x44522c IsProcessorFeaturePresent
• 0x445230 VirtualFree
• 0x445234 VirtualAlloc
• 0x445238 GetStartupInfoW
• 0x44523c UnhandledExceptionFilter
• 0x445240 SetUnhandledExceptionFilter
• 0x445244 IsDebuggerPresent
• 0x445248 TlsGetValue
• 0x44524c TlsAlloc
• 0x445250 TlsSetValue
• 0x445254 TlsFree
• 0x445258 ExitProcess
• 0x44525c HeapCreate
• 0x445260 GetModuleFileNameA
• 0x445264 GetCPInfo
• 0x445268 GetACP
• 0x44526c GetOEMCP
• 0x445270 IsValidCodePage
• 0x445274 FreeEnvironmentStringsW
• 0x445278 GetEnvironmentStringsW
• 0x44527c SetHandleCount
• 0x445280 GetFileType
• 0x445284 GetStartupInfoA
• 0x445288 QueryPerformanceCounter
• 0x44528c GetTickCount
• 0x445290 GetSystemTimeAsFileTime
• 0x445294 GetUserDefaultLCID
• 0x445298 EnumSystemLocalesA
• 0x44529c IsValidLocale
• 0x4452a0 GetStringTypeA
库: USER32.dll:
• 0x4452dc SetWindowPos
• 0x4452e0 MapWindowPoints
• 0x4452e4 GetClientRect
• 0x4452e8 GetParent
• 0x4452ec GetWindowRect
• 0x4452f0 SystemParametersInfoW
• 0x4452f4 GetWindowLongW
• 0x4452f8 GetWindow
• 0x4452fc EndDialog
• 0x445300 CreateDialogParamW
• 0x445304 GetSystemMetrics
• 0x445308 GetDC
• 0x44530c PeekMessageW
• 0x445310 TranslateMessage
• 0x445314 DispatchMessageW
• 0x445318 GetForegroundWindow
• 0x44531c SendMessageW
• 0x445320 CreateWindowExW
• 0x445324 EnableWindow
• 0x445328 ScreenToClient
• 0x44532c PostQuitMessage
• 0x445330 CallWindowProcW
• 0x445334 ShowWindow
• 0x445338 GetPropW
• 0x44533c IsWindowVisible
• 0x445340 RedrawWindow
• 0x445344 InvalidateRect
• 0x445348 IsWindow
• 0x44534c GetWindowTextW
• 0x445350 GetWindowTextLengthW
• 0x445354 SetWindowTextW
• 0x445358 SetForegroundWindow
• 0x44535c LoadImageW
• 0x445360 GetSystemMenu
• 0x445364 EnableMenuItem
• 0x445368 DestroyMenu
• 0x44536c MsgWaitForMultipleObjects
• 0x445370 ModifyMenuW
• 0x445374 FindWindowW
• 0x445378 MessageBeep
• 0x44537c ExitWindowsEx
• 0x445380 GetScrollRange
• 0x445384 GetScrollPos
• 0x445388 GetDlgCtrlID
• 0x44538c SetPropW
• 0x445390 RemovePropW
• 0x445394 TrackPopupMenu
• 0x445398 LoadMenuW
• 0x44539c GetSubMenu
• 0x4453a0 SetTimer
• 0x4453a4 KillTimer
• 0x4453a8 LoadIconW
• 0x4453ac ReleaseDC
• 0x4453b0 GetDesktopWindow
• 0x4453b4 OpenClipboard
• 0x4453b8 CloseClipboard
• 0x4453bc EmptyClipboard
• 0x4453c0 SetClipboardData
• 0x4453c4 UnregisterClassA
• 0x4453c8 PostMessageW
• 0x4453cc LoadStringW
• 0x4453d0 DialogBoxParamW
• 0x4453d4 MessageBoxW
• 0x4453d8 GetActiveWindow
• 0x4453dc SetWindowLongW
• 0x4453e0 DefWindowProcW
• 0x4453e4 CharNextW
• 0x4453e8 DestroyWindow
• 0x4453ec GetDlgItem
• 0x4453f0 SetFocus
库: GDI32.dll:
• 0x445010 GetDeviceCaps
• 0x445014 DeleteObject
• 0x445018 GetObjectW
• 0x44501c DeleteDC
• 0x445020 SetBkMode
• 0x445024 GetStockObject
• 0x445028 CreateCompatibleBitmap
• 0x44502c CreateCompatibleDC
• 0x445030 SelectObject
• 0x445034 BitBlt
• 0x445038 CreateFontIndirectW
库: SHELL32.dll:
• 0x4452b4 ShellExecuteW
• 0x4452b8 SHGetFolderPathW
• 0x4452bc SHBrowseForFolderW
• 0x4452c0 SHGetMalloc
• 0x4452c4 SHGetPathFromIDListW
• 0x4452c8 ShellExecuteExW
• 0x4452cc SHGetSpecialFolderLocation
库: ole32.dll:
• 0x445408 CreateStreamOnHGlobal
• 0x44540c CreateILockBytesOnHGlobal
• 0x445410 CoTaskMemRealloc
• 0x445414 CoTaskMemAlloc
• 0x445418 CoCreateInstance
• 0x44541c CoTaskMemFree
• 0x445420 CoUninitialize
• 0x445424 StgCreateDocfileOnILockBytes
• 0x445428 CoInitialize
库: SHLWAPI.dll:
• 0x4452d4 PathFileExistsW
库: COMCTL32.dll:
• 0x445000 PropertySheetW
• 0x445004 DestroyPropertySheetPage
• 0x445008 CreatePropertySheetPageW
库: VERSION.dll:
• 0x4453f8 GetFileVersionInfoW
• 0x4453fc GetFileVersionInfoSizeW
• 0x445400 VerQueryValueW
.text
`.rdata
@.data
.rsrc
;5@_E
;5@_E
Sh,~D
PVSh{c@
tbh@lE
j@WSj
j@WVj
YjDVWj
Ph <B
SVWhDlE
(VWh&0
QPRSj
SVWh@~D
@@PQQh
Ph@~D
PSSh
| 防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
|---|---|---|
| Bkav | 未发现病毒 | 20180205 |
| MicroWorld-eScan | 未发现病毒 | 20180206 |
| nProtect | 未发现病毒 | 20180205 |
| CMC | 未发现病毒 | 20180205 |
| CAT-QuickHeal | 未发现病毒 | 20180205 |
| McAfee | 未发现病毒 | 20180206 |
| Cylance | 未发现病毒 | 20180206 |
| Zillya | 未发现病毒 | 20180205 |
| SUPERAntiSpyware | 未发现病毒 | 20180205 |
| TheHacker | 未发现病毒 | 20180202 |
| K7GW | 未发现病毒 | 20180206 |
| K7AntiVirus | 未发现病毒 | 20180205 |
| Invincea | 未发现病毒 | 20180121 |
| Baidu | 未发现病毒 | 20180205 |
| F-Prot | 未发现病毒 | 20180206 |
| Symantec | 未发现病毒 | 20180205 |
| TotalDefense | 未发现病毒 | 20180205 |
| TrendMicro-HouseCall | 未发现病毒 | 20180205 |
| Avast | 未发现病毒 | 20180206 |
| ClamAV | 未发现病毒 | 20180206 |
| GData | 未发现病毒 | 20180206 |
| Kaspersky | 未发现病毒 | 20180206 |
| BitDefender | 未发现病毒 | 20180206 |
| NANO-Antivirus | 未发现病毒 | 20180205 |
| Paloalto | 未发现病毒 | 20180206 |
| ViRobot | 未发现病毒 | 20180205 |
| Tencent | 未发现病毒 | 20180206 |
| Ad-Aware | 未发现病毒 | 20180206 |
| Sophos | 未发现病毒 | 20180205 |
| Comodo | 未发现病毒 | 20180206 |
| DrWeb | 未发现病毒 | 20180206 |
| VIPRE | 未发现病毒 | 20180205 |
| TrendMicro | 未发现病毒 | 20180205 |
| McAfee-GW-Edition | 未发现病毒 | 20180205 |
| Emsisoft | 未发现病毒 | 20180206 |
| SentinelOne | 未发现病毒 | 20180115 |
| Cyren | 未发现病毒 | 20180206 |
| Jiangmin | 未发现病毒 | 20180206 |
| Avira | 未发现病毒 | 20180205 |
| Antiy-AVL | 未发现病毒 | 20180206 |
| Kingsoft | 未发现病毒 | 20180206 |
| Endgame | 未发现病毒 | 20171130 |
| Arcabit | 未发现病毒 | 20180206 |
| AegisLab | 未发现病毒 | 20180205 |
| ZoneAlarm | 未发现病毒 | 20180206 |
| Avast-Mobile | 未发现病毒 | 20180205 |
| Microsoft | 未发现病毒 | 20180206 |
| AhnLab-V3 | 未发现病毒 | 20180206 |
| ALYac | 未发现病毒 | 20180206 |
| AVware | 未发现病毒 | 20180206 |
| MAX | 未发现病毒 | 20180206 |
| VBA32 | 未发现病毒 | 20180205 |
| Malwarebytes | 未发现病毒 | 20180206 |
| WhiteArmor | 未发现病毒 | 20180205 |
| Zoner | 未发现病毒 | 20180205 |
| ESET-NOD32 | a variant of Win32/Packed.Themida.AGK | 20180205 |
| Rising | 未发现病毒 | 20180205 |
| Yandex | 未发现病毒 | 20180204 |
| Ikarus | 未发现病毒 | 20180205 |
| eGambit | 未发现病毒 | 20180206 |
| Fortinet | 未发现病毒 | 20180206 |
| AVG | 未发现病毒 | 20180206 |
| Cybereason | 未发现病毒 | 20180205 |
| Panda | 未发现病毒 | 20180205 |
| CrowdStrike | 未发现病毒 | 20170201 |
| Qihoo-360 | 未发现病毒 | 20180206 |
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
| 文件名 | MSI3B2B.tmp |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\MSI3B2B.tmp
C:\Users\test\AppData\Local\Temp\MSI3F41.tmp
C:\Users\test\AppData\Local\Temp\MSI405C.tmp
|
| 文件大小 | 70656 字节 |
| 文件类型 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | eaf178200165398c7aa371ef2b393f14 |
| SHA1 | 97631dc2ac0c9d63a7eccc3f8ac27f8f34c3c2d0 |
| SHA256 | 1d353986db1e09b7631896609fe935ff9c4a76a1b0c1822d66b1b5ed3bdd729e |
| CRC32 | 27F829C6 |
| Ssdeep | 768:qSZqfk63/+Idc/b+VQTC3OfPxaQDIES1kZaP4WaPMtL1vmORkdxQ2DecxIiBSFdc:rqfk6WIssOfPxayZS2PeYsZ2z+D |
| 下载 提交魔盾安全分析 |
| 文件名 | decoder.dll |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Roaming\shuyou\\xe4\xb9\x90\xe6\xb8\xb8\xe7\xa7\x9f\xe5\x8f\xb7\xe4\xb8\x8a\xe5\x8f\xb7\xe5\x99\xa8sh 1.0.0\install\decoder.dll
|
| 文件大小 | 122880 字节 |
| 文件类型 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | eb6a6d072f04ec1dc1f060c3f7b2936f |
| SHA1 | 131ab8a0f362d776c2fbda0d67ddf5fa83a5d3a1 |
| SHA256 | d3afa46a2d0f8a916b41e6660ac1dd40c8bffc149d7e8e765a367c2b5d3fad8e |
| CRC32 | 26E0AFB6 |
| Ssdeep | 3072:NHLohTAI0NkxvLIe9R7Lw1Uz63MrWlhm+x:9o+5yxzIebLXq |
| 下载 提交魔盾安全分析 |
| 文件名 | MSI3FEE.tmp |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\MSI3FEE.tmp
|
| 文件大小 | 275456 字节 |
| 文件类型 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | 3a5745c8d2968d11e188be56b308cbe0 |
| SHA1 | bea328854744ae66844f8010a3a7ba9f86e3ab83 |
| SHA256 | 08318908f3cc00bb24f679e982f7c0511ca4e87820e44c29281326f366da9201 |
| CRC32 | C9343225 |
| Ssdeep | 6144:OfnAqVqhElvjMec6zIsVNBH8Tq2n3Imiyq8a8MvYUmCUWDtF:O/AqVqhQQecOIsV/AWmiynaxYDs5F |
| 下载 提交魔盾安全分析 |
| 文件名 | LYSHsetup.msi |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Roaming\shuyou\\xe4\xb9\x90\xe6\xb8\xb8\xe7\xa7\x9f\xe5\x8f\xb7\xe4\xb8\x8a\xe5\x8f\xb7\xe5\x99\xa8sh 1.0.0\install\3A9FAC3\LYSHsetup.msi
|
| 文件大小 | 561664 字节 |
| 文件类型 | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Title: Installation Database, Keywords: Installer, MSI, Database, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Dec 11 11:47:44 2009, Number of Pages: 200, Security: 0, Code page: 936, Revision Number: {0FF4CD0F-D6B4-49AC-9E04-E45CD71CB5EF}, Number of Words: 0, Subject: sh, Author: shuyou, Name of Creating Application: Advanced Installer 9.8 build 48877, Template: ;2052, Comments: Installer sh |
| MD5 | d038abd1dd3144227a72528f41590bbc |
| SHA1 | 3aedb2f6c6b11ecea1b0584b1b71dc2ba791a9f0 |
| SHA256 | 07ee04d3f3367762814d37aa1d6d9dc2c471fb1f0231fa08e6d6eb5111500cc6 |
| CRC32 | CBD9C804 |
| Ssdeep | 12288:Dfwh/AqVqhQQecOIsV/AWmiynaxYDs5FJeY5AKxf5H0V:DfmF6CP/fkax7JeY5AKz |
| 下载 提交魔盾安全分析 |
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 80.763 seconds )
- 40.501 Static
- 20.679 TargetInfo
- 12.997 Suricata
- 2.998 VirusTotal
- 1.833 Dropped
- 0.708 BehaviorAnalysis
- 0.449 peid
- 0.261 AnalysisInfo
- 0.24 NetworkAnalysis
- 0.041 config_decoder
- 0.037 Debug
- 0.016 Strings
- 0.003 Memory
Signatures ( 0.81 seconds )
- 0.185 md_bad_drop
- 0.11 antiav_detectreg
- 0.044 infostealer_ftp
- 0.034 stealth_timeout
- 0.026 api_spamming
- 0.026 infostealer_im
- 0.023 antianalysis_detectreg
- 0.022 decoy_document
- 0.022 md_url_bl
- 0.02 antiav_detectfile
- 0.018 antivm_generic_scsi
- 0.015 infostealer_mail
- 0.014 infostealer_bitcoin
- 0.012 antivm_generic_disk
- 0.012 md_domain_bl
- 0.011 antivm_generic_services
- 0.01 mimics_filetime
- 0.009 reads_self
- 0.009 virus
- 0.008 stealth_file
- 0.008 persistence_autorun
- 0.008 antivm_vbox_files
- 0.008 ransomware_extensions
- 0.008 ransomware_files
- 0.007 bootkit
- 0.006 betabot_behavior
- 0.006 kibex_behavior
- 0.006 geodo_banking_trojan
- 0.005 antidbg_windows
- 0.005 antivm_parallels_keys
- 0.005 antivm_xen_keys
- 0.005 darkcomet_regkeys
- 0.004 antiemu_wine_func
- 0.004 hancitor_behavior
- 0.004 antivm_generic_diskreg
- 0.004 disables_browser_warn
- 0.004 rat_pcclient
- 0.003 rat_nanocore
- 0.003 tinba_behavior
- 0.003 shifu_behavior
- 0.003 infostealer_browser_password
- 0.003 kovter_behavior
- 0.003 antidbg_devices
- 0.003 recon_fingerprint
- 0.002 hawkeye_behavior
- 0.002 network_tor
- 0.002 injection_createremotethread
- 0.002 antivm_vbox_libs
- 0.002 cerber_behavior
- 0.002 antisandbox_productid
- 0.002 antivm_hyperv_keys
- 0.002 antivm_vbox_keys
- 0.002 antivm_vmware_keys
- 0.002 modify_proxy
- 0.002 browser_security
- 0.002 bypass_firewall
- 0.002 packer_armadillo_regkey
- 0.001 antiav_avast_libs
- 0.001 rat_luminosity
- 0.001 infostealer_browser
- 0.001 dridex_behavior
- 0.001 antisandbox_sunbelt_libs
- 0.001 kazybot_behavior
- 0.001 antisandbox_sboxie_libs
- 0.001 exec_crash
- 0.001 ursnif_behavior
- 0.001 vawtrak_behavior
- 0.001 injection_runpe
- 0.001 antianalysis_detectfile
- 0.001 antivm_xen_keys
- 0.001 antivm_generic_bios
- 0.001 antivm_generic_cpu
- 0.001 antivm_generic_system
- 0.001 antivm_vbox_acpi
- 0.001 antivm_vmware_files
- 0.001 antivm_vpc_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 codelux_behavior
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 mimics_extension
- 0.001 modify_security_center_warnings
- 0.001 modify_uac_prompt
- 0.001 network_tor_service
- 0.001 office_security
- 0.001 rat_spynet
- 0.001 recon_programs
- 0.001 sniffer_winpcap
- 0.001 stealth_hide_notifications
- 0.001 targeted_flame
Reporting ( 1.111 seconds )
- 0.698 ReportHTMLSummary
- 0.413 Malheur
| Task ID | 141207 |
|---|---|
| Mongo ID | 5ab4ec0c2e063313fe1432a8 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号