分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp03-1 | 2018-03-23 20:08:59 | 2018-03-23 20:11:23 | 144 秒 |
魔盾分数
0.85
正常的
文件详细信息
| 文件名 | 小沐.exe |
|---|---|
| 文件大小 | 815104 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | cfe645c33f2f061b7269aa7ab5cd8697 |
| SHA1 | 2ab2e844c7d00125db52a9da187abb01dec2c9fb |
| SHA256 | 33a2d1876b0a989766788b5526cb7d08f112fd60e9a0305d3ef436a04aa3b4d8 |
| SHA512 | f40f0cebfba75a911a0769c89cd9831f33e9bc0e5908c3ea98e11cf805c3d4d1035de6d6667eca5f83b29bb2f923fd1231ae179e96c09596c563ac48a3b20b8d |
| CRC32 | E4FB0589 |
| Ssdeep | 12288:XJj8HBqI+O3l00NNyEAaYkvqEv5vUnxBhX8FIrs7AWNotF+2JSUW:XSht+O3l0aNrAFknvNUxBhXTWCv+ASUW |
| Yara | 登录查看Yara规则 |
| 样本下载 提交漏报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 122.114.3.37 | 未知 | 中国 |
域名解析 (可点击查询WPING实时安全评级)
| 域名 | 安全评级 | 响应 |
|---|---|---|
| b.appmo.cn |
A 122.114.3.37 CNAME 446421.vhost127.cnameaddress.top |
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x0046f975 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x000cde2d |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2018-03-23 14:06:30 |
| 载入哈希 | d40e35c64f4d464b2ba70d918b53862f |
| 图标 |  |
| 图标精确哈希值 | 19cf7ecbcd8b8eb3fbe82f5764197a21 |
| 图标相似性哈希值 | 2227aa2d08894438e497aa010f61dfdf |
版本信息
| LegalCopyright | |
|---|---|
| FileVersion | |
| CompanyName | |
| Comments | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00091e63 | 0x00092000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.59 |
| .rdata | 0x00093000 | 0x00019d66 | 0x0001a000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.37 |
| .data | 0x000ad000 | 0x0003afe8 | 0x00013000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 5.26 |
| .rsrc | 0x000e8000 | 0x000060ec | 0x00007000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.68 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| TEXTINCLUDE | 0x000e8c18 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| TEXTINCLUDE | 0x000e8c18 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| TEXTINCLUDE | 0x000e8c18 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| RT_CURSOR | 0x000e9108 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_CURSOR | 0x000e9108 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_CURSOR | 0x000e9108 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_CURSOR | 0x000e9108 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_BITMAP | 0x000ea97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x000ea97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x000ea97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x000ea97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x000ea97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x000ea97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x000ea97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x000ea97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x000ea97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x000ea97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x000ea97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x000ea97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x000ea97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x000ea97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x000ea97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_ICON | 0x000eaed0 | 0x000010a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.23 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0 |
| RT_ICON | 0x000eaed0 | 0x000010a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.23 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0 |
| RT_ICON | 0x000eaed0 | 0x000010a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.23 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0 |
| RT_MENU | 0x000ebf84 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
| RT_MENU | 0x000ebf84 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
| RT_DIALOG | 0x000ed1cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x000ed1cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x000ed1cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x000ed1cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x000ed1cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x000ed1cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x000ed1cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x000ed1cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x000ed1cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x000ed1cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_STRING | 0x000edc14 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x000edc14 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x000edc14 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x000edc14 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x000edc14 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x000edc14 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x000edc14 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x000edc14 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x000edc14 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x000edc14 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x000edc14 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_GROUP_CURSOR | 0x000edc60 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x000edc60 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x000edc60 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_ICON | 0x000edcac | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_GROUP_ICON | 0x000edcac | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_GROUP_ICON | 0x000edcac | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_VERSION | 0x000edcc0 | 0x0000025c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_MANIFEST | 0x000edf1c | 0x000001cd | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.08 | XML 1.0 document, ASCII text, with very long lines, with no line terminators |
导入
库: KERNEL32.dll:
• 0x493174 GetModuleHandleA
• 0x493178 GetVolumeInformationA
• 0x49317c SetCurrentDirectoryA
• 0x493180 DeleteFileA
• 0x493184 GetFileAttributesA
• 0x493188 FindClose
• 0x49318c FindFirstFileA
• 0x493190 GetTempPathA
• 0x493194 SetEndOfFile
• 0x493198 UnlockFile
• 0x49319c LockFile
• 0x4931a0 FlushFileBuffers
• 0x4931a4 SetFilePointer
• 0x4931a8 GetCurrentProcess
• 0x4931ac DuplicateHandle
• 0x4931b0 lstrcpynA
• 0x4931b4 SetLastError
• 0x4931b8 IsBadCodePtr
• 0x4931bc IsBadReadPtr
• 0x4931c0 CompareStringW
• 0x4931c4 CompareStringA
• 0x4931c8 SetUnhandledExceptionFilter
• 0x4931cc GetStringTypeW
• 0x4931d0 GetStringTypeA
• 0x4931d4 IsBadWritePtr
• 0x4931d8 VirtualAlloc
• 0x4931dc LCMapStringW
• 0x4931e0 LCMapStringA
• 0x4931e4 SetEnvironmentVariableA
• 0x4931e8 VirtualFree
• 0x4931ec HeapCreate
• 0x4931f0 HeapDestroy
• 0x4931f4 GetEnvironmentVariableA
• 0x4931f8 GetStdHandle
• 0x4931fc SetHandleCount
• 0x493200 GetEnvironmentStringsW
• 0x493204 GetEnvironmentStrings
• 0x493208 FreeEnvironmentStringsW
• 0x49320c FreeEnvironmentStringsA
• 0x493210 UnhandledExceptionFilter
• 0x493214 GetFileType
• 0x493218 SetStdHandle
• 0x49321c GetACP
• 0x493220 HeapSize
• 0x493224 GetTimeZoneInformation
• 0x493228 FileTimeToSystemTime
• 0x49322c GetTempFileNameA
• 0x493230 CreateSemaphoreA
• 0x493234 ResumeThread
• 0x493238 ReleaseSemaphore
• 0x49323c EnterCriticalSection
• 0x493240 LeaveCriticalSection
• 0x493244 GetProfileStringA
• 0x493248 WriteFile
• 0x49324c ReadFile
• 0x493250 WaitForMultipleObjects
• 0x493254 CreateFileA
• 0x493258 SetEvent
• 0x49325c FindResourceA
• 0x493260 LoadResource
• 0x493264 LockResource
• 0x493268 GetModuleFileNameA
• 0x49326c GetCurrentThreadId
• 0x493270 ExitProcess
• 0x493274 GlobalSize
• 0x493278 GlobalFree
• 0x49327c DeleteCriticalSection
• 0x493280 InitializeCriticalSection
• 0x493284 lstrcatA
• 0x493288 lstrlenA
• 0x49328c WinExec
• 0x493290 lstrcpyA
• 0x493294 FindNextFileA
• 0x493298 GlobalReAlloc
• 0x49329c HeapFree
• 0x4932a0 HeapReAlloc
• 0x4932a4 GetProcessHeap
• 0x4932a8 HeapAlloc
• 0x4932ac GetFullPathNameA
• 0x4932b0 FreeLibrary
• 0x4932b4 LoadLibraryA
• 0x4932b8 GetLastError
• 0x4932bc GetVersionExA
• 0x4932c0 WritePrivateProfileStringA
• 0x4932c4 CreateThread
• 0x4932c8 CreateEventA
• 0x4932cc Sleep
• 0x4932d0 GlobalAlloc
• 0x4932d4 GlobalLock
• 0x4932d8 GetProcAddress
• 0x4932dc TerminateProcess
• 0x4932e0 GetLocalTime
• 0x4932e4 GetSystemTime
• 0x4932e8 RaiseException
• 0x4932ec RtlUnwind
• 0x4932f0 GetStartupInfoA
• 0x4932f4 GetOEMCP
• 0x4932f8 GetCPInfo
• 0x4932fc GetProcessVersion
• 0x493300 SetErrorMode
• 0x493304 GlobalFlags
• 0x493308 GetCurrentThread
• 0x49330c GetFileTime
• 0x493310 GetFileSize
• 0x493314 TlsGetValue
• 0x493318 LocalReAlloc
• 0x49331c TlsSetValue
• 0x493320 TlsFree
• 0x493324 GlobalHandle
• 0x493328 TlsAlloc
• 0x49332c MulDiv
• 0x493330 GetCommandLineA
• 0x493334 GetTickCount
• 0x493338 WaitForSingleObject
• 0x49333c CloseHandle
• 0x493340 FileTimeToLocalFileTime
• 0x493344 FormatMessageA
• 0x493348 LocalAlloc
• 0x49334c lstrcmpA
• 0x493350 GetVersion
• 0x493354 GlobalGetAtomNameA
• 0x493358 GlobalAddAtomA
• 0x49335c GlobalFindAtomA
• 0x493360 GlobalDeleteAtom
• 0x493364 lstrcmpiA
• 0x493368 GetThreadLocale
• 0x49336c LocalFree
• 0x493370 MultiByteToWideChar
• 0x493374 WideCharToMultiByte
• 0x493378 InterlockedDecrement
• 0x49337c GlobalUnlock
• 0x493380 InterlockedIncrement
库: USER32.dll:
• 0x4933f4 SetClipboardData
• 0x4933f8 EmptyClipboard
• 0x4933fc GetSystemMetrics
• 0x493400 GetCursorPos
• 0x493404 MessageBoxA
• 0x493408 MessageBeep
• 0x49340c SetWindowPos
• 0x493410 SendMessageA
• 0x493414 DestroyCursor
• 0x493418 SetParent
• 0x49341c IsWindow
• 0x493420 PostMessageA
• 0x493424 GetTopWindow
• 0x493428 GetParent
• 0x49342c GetFocus
• 0x493430 GetClientRect
• 0x493434 InvalidateRect
• 0x493438 ValidateRect
• 0x49343c UpdateWindow
• 0x493440 OpenClipboard
• 0x493444 GetClipboardData
• 0x493448 CloseClipboard
• 0x49344c EqualRect
• 0x493450 GetWindowRect
• 0x493454 SetForegroundWindow
• 0x493458 DestroyMenu
• 0x49345c IsChild
• 0x493460 ReleaseDC
• 0x493464 IsRectEmpty
• 0x493468 wsprintfA
• 0x49346c GetDC
• 0x493470 SetCursor
• 0x493474 LoadCursorA
• 0x493478 SetCursorPos
• 0x49347c SetActiveWindow
• 0x493480 GetSysColor
• 0x493484 SetWindowLongA
• 0x493488 GetWindowLongA
• 0x49348c RedrawWindow
• 0x493490 EnableWindow
• 0x493494 IsWindowVisible
• 0x493498 OffsetRect
• 0x49349c PtInRect
• 0x4934a0 DestroyIcon
• 0x4934a4 IntersectRect
• 0x4934a8 InflateRect
• 0x4934ac SetRect
• 0x4934b0 SetScrollPos
• 0x4934b4 SetScrollRange
• 0x4934b8 GetScrollRange
• 0x4934bc SetCapture
• 0x4934c0 GetCapture
• 0x4934c4 ReleaseCapture
• 0x4934c8 SetTimer
• 0x4934cc KillTimer
• 0x4934d0 WinHelpA
• 0x4934d4 LoadBitmapA
• 0x4934d8 CopyRect
• 0x4934dc ChildWindowFromPointEx
• 0x4934e0 ScreenToClient
• 0x4934e4 GetMessagePos
• 0x4934e8 SetWindowRgn
• 0x4934ec DestroyAcceleratorTable
• 0x4934f0 GetWindow
• 0x4934f4 GetActiveWindow
• 0x4934f8 SetFocus
• 0x4934fc IsIconic
• 0x493500 FillRect
• 0x493504 SetPropA
• 0x493508 PeekMessageA
• 0x49350c SetMenu
• 0x493510 GetMenu
• 0x493514 DeleteMenu
• 0x493518 GetSystemMenu
• 0x49351c DefWindowProcA
• 0x493520 GetClassInfoA
• 0x493524 PostThreadMessageA
• 0x493528 GetNextDlgGroupItem
• 0x49352c GetSysColorBrush
• 0x493530 LoadStringA
• 0x493534 MapDialogRect
• 0x493538 SetWindowContextHelpId
• 0x49353c CharNextA
• 0x493540 GetDesktopWindow
• 0x493544 GetClassNameA
• 0x493548 GetMenuCheckMarkDimensions
• 0x49354c GetMenuState
• 0x493550 SetMenuItemBitmaps
• 0x493554 CheckMenuItem
• 0x493558 MoveWindow
• 0x49355c SetWindowTextA
• 0x493560 TranslateMessage
• 0x493564 LoadIconA
• 0x493568 DrawFrameControl
• 0x49356c DrawEdge
• 0x493570 DrawFocusRect
• 0x493574 WindowFromPoint
• 0x493578 GetMessageA
• 0x49357c DispatchMessageA
• 0x493580 SetRectEmpty
• 0x493584 RegisterClipboardFormatA
• 0x493588 CreateIconFromResourceEx
• 0x49358c CreateIconFromResource
• 0x493590 DrawIconEx
• 0x493594 CreatePopupMenu
• 0x493598 AppendMenuA
• 0x49359c ModifyMenuA
• 0x4935a0 CreateMenu
• 0x4935a4 CreateAcceleratorTableA
• 0x4935a8 GetDlgCtrlID
• 0x4935ac GetSubMenu
• 0x4935b0 EnableMenuItem
• 0x4935b4 ClientToScreen
• 0x4935b8 EnumDisplaySettingsA
• 0x4935bc LoadImageA
• 0x4935c0 SystemParametersInfoA
• 0x4935c4 ShowWindow
• 0x4935c8 IsWindowEnabled
• 0x4935cc TranslateAcceleratorA
• 0x4935d0 GetKeyState
• 0x4935d4 CopyAcceleratorTableA
• 0x4935d8 PostQuitMessage
• 0x4935dc IsZoomed
• 0x4935e0 GetWindowTextA
• 0x4935e4 GetWindowTextLengthA
• 0x4935e8 CharUpperA
• 0x4935ec GetWindowDC
• 0x4935f0 BeginPaint
• 0x4935f4 EndPaint
• 0x4935f8 TabbedTextOutA
• 0x4935fc DrawTextA
• 0x493600 GrayStringA
• 0x493604 GetDlgItem
• 0x493608 DestroyWindow
• 0x49360c CreateDialogIndirectParamA
• 0x493610 EndDialog
• 0x493614 GetNextDlgTabItem
• 0x493618 GetWindowPlacement
• 0x49361c RegisterWindowMessageA
• 0x493620 GetForegroundWindow
• 0x493624 GetLastActivePopup
• 0x493628 GetMessageTime
• 0x49362c RemovePropA
• 0x493630 CallWindowProcA
• 0x493634 GetPropA
• 0x493638 UnhookWindowsHookEx
• 0x49363c UnregisterClassA
• 0x493640 GetClassLongA
• 0x493644 CallNextHookEx
• 0x493648 SetWindowsHookExA
• 0x49364c CreateWindowExA
• 0x493650 GetMenuItemID
• 0x493654 GetMenuItemCount
• 0x493658 RegisterClassA
• 0x49365c GetScrollPos
• 0x493660 AdjustWindowRectEx
• 0x493664 MapWindowPoints
• 0x493668 SendDlgItemMessageA
• 0x49366c ScrollWindowEx
• 0x493670 IsDialogMessageA
库: GDI32.dll:
• 0x493024 SetBkColor
• 0x493028 CreateRectRgnIndirect
• 0x49302c SetStretchBltMode
• 0x493030 GetClipRgn
• 0x493034 CreatePolygonRgn
• 0x493038 SelectClipRgn
• 0x49303c DeleteObject
• 0x493040 CreateDIBitmap
• 0x493044 GetSystemPaletteEntries
• 0x493048 CreatePalette
• 0x49304c StretchBlt
• 0x493050 SelectPalette
• 0x493054 RealizePalette
• 0x493058 GetDIBits
• 0x49305c GetWindowExtEx
• 0x493060 GetViewportOrgEx
• 0x493064 GetWindowOrgEx
• 0x493068 BeginPath
• 0x49306c EndPath
• 0x493070 PathToRegion
• 0x493074 CreateEllipticRgn
• 0x493078 CreateRoundRectRgn
• 0x49307c GetTextColor
• 0x493080 GetBkMode
• 0x493084 GetBkColor
• 0x493088 GetROP2
• 0x49308c GetStretchBltMode
• 0x493090 GetPolyFillMode
• 0x493094 CreateCompatibleBitmap
• 0x493098 CreateDCA
• 0x49309c CreateBitmap
• 0x4930a0 SelectObject
• 0x4930a4 GetObjectA
• 0x4930a8 CreatePen
• 0x4930ac PatBlt
• 0x4930b0 CombineRgn
• 0x4930b4 CreateRectRgn
• 0x4930b8 FillRgn
• 0x4930bc CreateSolidBrush
• 0x4930c0 GetStockObject
• 0x4930c4 CreateFontIndirectA
• 0x4930c8 EndPage
• 0x4930cc EndDoc
• 0x4930d0 DeleteDC
• 0x4930d4 StartDocA
• 0x4930d8 StartPage
• 0x4930dc BitBlt
• 0x4930e0 CreateCompatibleDC
• 0x4930e4 Ellipse
• 0x4930e8 Rectangle
• 0x4930ec LPtoDP
• 0x4930f0 DPtoLP
• 0x4930f4 GetCurrentObject
• 0x4930f8 RoundRect
• 0x4930fc GetTextExtentPoint32A
• 0x493100 GetDeviceCaps
• 0x493104 SaveDC
• 0x493108 RestoreDC
• 0x49310c SetBkMode
• 0x493110 SetPolyFillMode
• 0x493114 SetROP2
• 0x493118 SetTextColor
• 0x49311c SetMapMode
• 0x493120 SetViewportOrgEx
• 0x493124 OffsetViewportOrgEx
• 0x493128 SetViewportExtEx
• 0x49312c ScaleViewportExtEx
• 0x493130 SetWindowOrgEx
• 0x493134 SetWindowExtEx
• 0x493138 ScaleWindowExtEx
• 0x49313c GetClipBox
• 0x493140 ExcludeClipRect
• 0x493144 MoveToEx
• 0x493148 LineTo
• 0x49314c GetMapMode
• 0x493150 GetTextMetricsA
• 0x493154 Escape
• 0x493158 ExtTextOutA
• 0x49315c TextOutA
• 0x493160 RectVisible
• 0x493164 PtVisible
• 0x493168 GetViewportExtEx
• 0x49316c ExtSelectClipRgn
库: WINMM.dll:
• 0x4936a4 midiStreamRestart
• 0x4936a8 waveOutUnprepareHeader
• 0x4936ac waveOutPrepareHeader
• 0x4936b0 waveOutWrite
• 0x4936b4 waveOutPause
• 0x4936b8 waveOutReset
• 0x4936bc waveOutClose
• 0x4936c0 waveOutGetNumDevs
• 0x4936c4 waveOutOpen
• 0x4936c8 midiOutUnprepareHeader
• 0x4936cc midiStreamOpen
• 0x4936d0 midiStreamProperty
• 0x4936d4 midiOutPrepareHeader
• 0x4936d8 midiStreamOut
• 0x4936dc midiStreamStop
• 0x4936e0 midiOutReset
• 0x4936e4 midiStreamClose
库: ADVAPI32.dll:
• 0x493000 RegCreateKeyExA
• 0x493004 RegCloseKey
• 0x493008 RegQueryValueA
• 0x49300c RegSetValueExA
• 0x493010 RegOpenKeyExA
库: ole32.dll:
• 0x493744 CreateILockBytesOnHGlobal
• 0x493748 CoFreeUnusedLibraries
• 0x49374c CoRegisterMessageFilter
• 0x493750 CoRevokeClassObject
• 0x493754 OleFlushClipboard
• 0x493758 OleIsCurrentClipboard
• 0x49375c OleUninitialize
• 0x493760 CLSIDFromString
• 0x493764 StgCreateDocfileOnILockBytes
• 0x493768 CoTaskMemFree
• 0x49376c CoTaskMemAlloc
• 0x493770 CLSIDFromProgID
• 0x493774 OleInitialize
• 0x493778 StgOpenStorageOnILockBytes
• 0x49377c CoGetClassObject
库: OLEAUT32.dll:
• 0x493388 SafeArrayUnaccessData
• 0x49338c SafeArrayAccessData
• 0x493390 SysAllocString
• 0x493394 SafeArrayCreate
• 0x493398 UnRegisterTypeLib
• 0x49339c RegisterTypeLib
• 0x4933a0 LoadTypeLib
• 0x4933a4 OleCreateFontIndirect
• 0x4933a8 SysFreeString
• 0x4933ac SafeArrayGetLBound
• 0x4933b0 SafeArrayGetUBound
• 0x4933b4 VariantChangeType
• 0x4933b8 VariantClear
• 0x4933bc VariantCopy
• 0x4933c0 SafeArrayGetElemsize
• 0x4933c4 SysAllocStringByteLen
• 0x4933c8 VariantTimeToSystemTime
• 0x4933cc SysAllocStringLen
• 0x4933d0 SysStringLen
• 0x4933d4 SafeArrayGetDim
库: oledlg.dll:
• 0x493784 None
库: WS2_32.dll:
• 0x4936fc inet_ntoa
• 0x493700 recvfrom
• 0x493704 ioctlsocket
• 0x493708 WSAStartup
• 0x49370c getpeername
• 0x493710 accept
• 0x493714 WSACleanup
• 0x493718 select
• 0x49371c send
• 0x493720 closesocket
• 0x493724 WSAAsyncSelect
• 0x493728 recv
库: WININET.dll:
• 0x493678 InternetCanonicalizeUrlA
• 0x49367c InternetOpenA
• 0x493680 InternetCloseHandle
• 0x493684 InternetSetOptionA
• 0x493688 InternetConnectA
• 0x49368c InternetReadFile
• 0x493690 HttpQueryInfoA
• 0x493694 HttpSendRequestA
• 0x493698 HttpOpenRequestA
• 0x49369c InternetCrackUrlA
库: comdlg32.dll:
• 0x493730 GetOpenFileNameA
• 0x493734 ChooseColorA
• 0x493738 GetFileTitleA
• 0x49373c GetSaveFileNameA
)~ek/xeRichj/xe
.text
`.rdata
@.data
.rsrc
8`}<j
T$hVj
DRQPj
T$|Vj
T$th
|$TVj
|$`Vj
D$@Sj
L$8h
D$8Rj
l$<VWj
D$L,nI
D$L(nI
D$,(nI
T$ Rj
L$4S+L$0Qj
D$8(nI
D$8(nI
D$8(nI
PhX[K
D$x(nI
}'h
9^xu5j
T$,Qj
jjjjh
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 122.114.3.37 | 未知 | 中国 |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 122.114.3.37 b.appmo.cn | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 59793 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
| 域名 | 安全评级 | 响应 |
|---|---|---|
| b.appmo.cn |
A 122.114.3.37 CNAME 446421.vhost127.cnameaddress.top |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 122.114.3.37 b.appmo.cn | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 59793 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://b.appmo.cn/Public/Uploads/2018-03-01/5a974907e46dc.jpg | GET /Public/Uploads/2018-03-01/5a974907e46dc.jpg HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Accept: */* Host: b.appmo.cn Cache-Control: no-cache |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
| Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
|---|---|---|---|---|---|---|---|---|
| 2018-03-23 20:09:18.791196+0800 | 192.168.122.201 | 49160 | 122.114.3.37 | 80 | TCP | 2016879 | ET POLICY Unsupported/Fake Windows NT Version 5.0 | Potential Corporate Privacy Violation |
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 24.365 seconds )
- 11.839 NetworkAnalysis
- 7.207 Suricata
- 1.928 TargetInfo
- 1.604 VirusTotal
- 1.01 Static
- 0.315 peid
- 0.302 AnalysisInfo
- 0.11 BehaviorAnalysis
- 0.037 Debug
- 0.009 Strings
- 0.003 Memory
- 0.001 config_decoder
Signatures ( 1.589 seconds )
- 1.381 md_url_bl
- 0.075 md_bad_drop
- 0.023 antiav_detectreg
- 0.015 md_domain_bl
- 0.009 infostealer_ftp
- 0.007 antidbg_windows
- 0.006 persistence_autorun
- 0.006 infostealer_im
- 0.005 antianalysis_detectreg
- 0.005 antiav_detectfile
- 0.005 geodo_banking_trojan
- 0.004 stealth_timeout
- 0.004 infostealer_bitcoin
- 0.004 ransomware_files
- 0.003 api_spamming
- 0.003 decoy_document
- 0.003 disables_browser_warn
- 0.003 infostealer_mail
- 0.003 ransomware_extensions
- 0.002 rat_nanocore
- 0.002 tinba_behavior
- 0.002 cerber_behavior
- 0.002 antivm_vbox_files
- 0.002 browser_security
- 0.002 network_http
- 0.002 network_torgateway
- 0.001 antivm_vbox_window
- 0.001 betabot_behavior
- 0.001 kibex_behavior
- 0.001 antivm_generic_scsi
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 modify_proxy
Reporting ( 0.935 seconds )
- 0.539 ReportHTMLSummary
- 0.396 Malheur
| Task ID | 141209 |
|---|---|
| Mongo ID | 5ab4ef0ca093ef2d65bd2d93 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号