比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-2 2018-03-23 22:39:48 2018-03-23 22:42:23 155 秒

魔盾分数

10.0

Androm病毒

文件详细信息

文件名 d191ee5b20ec95fe65d6708cbb01a6ce72374b309c9bfb7462206a0c7e039f4d.exe
文件大小 137216 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 53bee1572d43897c55e2df143a66da7c
SHA1 ba84eb93a12e8a6bae1e29fe02d2c5b04759263d
SHA256 d191ee5b20ec95fe65d6708cbb01a6ce72374b309c9bfb7462206a0c7e039f4d
SHA512 13f28a2210d05e492cd6b4007b4349c3f34eeac711c46f4cd21cd2ef4d49704e1743679ed383772365a80e7f3ff6abafa28c5b693a8d4b9a52f443b331563c2f
CRC32 B1CA7288
Ssdeep 3072:NNuTEjsCCRNqw5YbcPunZz3f9oeVeAmABb7Z:NNufCSNqcunZdMAmAt
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
104.115.243.63 未知 美国
139.59.208.246 新加坡
172.231.74.187 美国
202.89.233.100 未知 中国
202.89.233.101 中国
210.16.102.127 印度
23.45.156.221 荷兰
23.47.120.240 美国
37.46.135.49 未知 俄罗斯
65.54.226.150 未知 美国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.bing.com A 202.89.233.101
CNAME cn.cn-0001.cn-msedge.net
CNAME cn-0001.cn-msedge.net
A 202.89.233.100
cn.bing.com CNAME cn-bing-com.cn.a-0001.a-msedge.net
go.microsoft.com CNAME go.microsoft.com.edgekey.net
CNAME e11290.dspg.akamaiedge.net
A 172.231.74.187
support.microsoft.com A 23.47.120.240
CNAME e3843.g.akamaiedge.net
CNAME ev.support.microsoft.com.edgekey.net
A 23.45.156.221
A 104.115.243.63
msdn.microsoft.com A 65.54.226.150
CNAME msdn.microsoft.akadns.net

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004012c0
声明校验值 0x00000000
实际校验值 0x0002e4cd
最低操作系统版本要求 5.0
编译时间 2018-03-07 00:08:29
载入哈希 f9865239b4efd9f2cb68d199b75cd8c0

版本信息

LegalCopyright
InternalName
FileDescription
FileVersion
CompanyName
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00001a86 0x00001c00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.37
.rdata 0x00003000 0x00009b1a 0x00009c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.83
.data 0x0000d000 0x00000428 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.41
.rsrc 0x0000e000 0x000157f8 0x00015800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.75

导入

库: KERNEL32.dll:
0x40332c WriteFile
0x403330 WriteConsoleW
0x403338 WriteConsoleA
0x40333c WideCharToMultiByte
0x403340 WaitForSingleObject
0x403348 VirtualFree
0x40334c VirtualAlloc
0x403350 VerifyVersionInfoW
0x403354 VerSetConditionMask
0x403358 VerLanguageNameA
0x403360 TlsSetValue
0x403364 TlsGetValue
0x403368 TlsFree
0x40336c TlsAlloc
0x403370 TerminateThread
0x403374 TerminateProcess
0x403378 Sleep
0x40337c SizeofResource
0x403380 SetVolumeLabelW
0x403388 SetThreadPriority
0x40338c SetStdHandle
0x403394 SetLastError
0x403398 SetHandleCount
0x40339c SetFilePointer
0x4033a0 SetFileAttributesW
0x4033a4 SetEvent
0x4033a8 SetErrorMode
0x4033b4 SetEndOfFile
0x4033c0 RtlUnwind
0x4033c4 ResumeThread
0x4033cc ReplaceFile
0x4033d0 RemoveDirectoryW
0x4033d4 ReadFile
0x4033dc RaiseException
0x4033e8 QueryDosDeviceW
0x4033ec Process32NextW
0x4033f0 Process32FirstW
0x4033f4 PeekNamedPipe
0x4033f8 OutputDebugStringW
0x4033fc OpenProcess
0x403400 MultiByteToWideChar
0x403404 MulDiv
0x403408 MoveFileW
0x40340c MoveFileA
0x403410 LockResource
0x403414 LocalFree
0x403418 LocalAlloc
0x40341c LoadResource
0x403420 LoadModule
0x403424 LoadLibraryW
0x403428 LoadLibraryExW
0x40342c LoadLibraryA
0x403434 LCMapStringW
0x403438 LCMapStringA
0x40343c IsValidLocale
0x403444 IsValidCodePage
0x403448 IsDebuggerPresent
0x40344c IsBadStringPtrA
0x403450 IsBadReadPtr
0x403458 InterlockedExchange
0x40346c HeapSize
0x403470 HeapReAlloc
0x403474 HeapFree
0x403478 HeapCreate
0x40347c HeapAlloc
0x403480 Heap32ListNext
0x403484 GlobalUnlock
0x403488 GlobalSize
0x40348c GlobalLock
0x403490 GlobalGetAtomNameW
0x403494 GlobalFree
0x403498 GlobalAlloc
0x4034a4 GetVersionExW
0x4034a8 GetUserDefaultLCID
0x4034b0 GetTimeFormatA
0x4034b4 GetThreadTimes
0x4034b8 GetTempPathW
0x4034bc GetTempFileNameW
0x4034c0 GetTempFileNameA
0x4034c8 GetSystemTime
0x4034cc GetSystemDirectoryW
0x4034d4 GetStringTypeW
0x4034d8 GetStringTypeA
0x4034dc GetStdHandle
0x4034e0 GetStartupInfoA
0x4034e4 GetProcessHeap
0x4034e8 GetProcAddress
0x4034ec GetOEMCP
0x4034f0 GetModuleHandleW
0x4034f4 GetModuleHandleA
0x4034f8 GetModuleFileNameW
0x4034fc GetModuleFileNameA
0x403504 GetLocaleInfoW
0x403508 GetLocaleInfoA
0x40350c GetLastError
0x403510 GetFullPathNameW
0x403514 GetFullPathNameA
0x403518 GetFileType
0x40351c GetFileTime
0x403520 GetFileSize
0x403524 GetFileAttributesW
0x40352c GetExitCodeThread
0x403530 GetExitCodeProcess
0x403540 GetDriveTypeW
0x403544 GetDriveTypeA
0x403548 GetDiskFreeSpaceW
0x40354c GetDiskFreeSpaceExW
0x403550 GetDiskFreeSpaceExA
0x403558 GetDateFormatA
0x40355c GetCurrentThreadId
0x403560 GetCurrentThread
0x403564 GetCurrentProcessId
0x403568 GetCurrentProcess
0x403574 GetConsoleOutputCP
0x403578 GetConsoleMode
0x40357c GetConsoleCP
0x403580 GetComputerNameW
0x403584 GetCommandLineW
0x403588 GetCommandLineA
0x40358c GetCPInfo
0x403594 GetBinaryTypeW
0x403598 GetACP
0x40359c FreeLibrary
0x4035a8 FreeConsole
0x4035ac FormatMessageW
0x4035b0 FlushFileBuffers
0x4035b4 FindResourceW
0x4035b8 FindNextFileW
0x4035bc FindFirstFileW
0x4035c0 FindClose
0x4035d4 ExitThread
0x4035d8 ExitProcess
0x4035dc EnumSystemLocalesA
0x4035e4 DuplicateHandle
0x4035e8 DeviceIoControl
0x4035ec DeleteFileW
0x4035f0 DeleteFileA
0x4035f8 DebugActiveProcess
0x403600 CreateThread
0x403604 CreateProcessW
0x403608 CreatePipe
0x40360c CreateMutexW
0x403610 CreateMailslotW
0x403614 CreateFileW
0x403618 CreateFileA
0x40361c CreateEventW
0x403620 CreateDirectoryW
0x403624 CreateDirectoryExA
0x403628 CreateDirectoryA
0x40362c CopyFileW
0x403630 CopyFileA
0x403634 CompareStringW
0x403638 CompareStringA
0x40363c CloseHandle
0x403640 GetTickCount
库: USER32.dll:
0x403708 TrackPopupMenu
0x403710 ShowWindow
0x403714 ShowCursor
0x403718 SetWindowsHookExW
0x40371c SetWindowTextW
0x403720 SetWindowRgn
0x403724 SetWindowPos
0x403728 SetWindowLongW
0x40372c SetTimer
0x403730 SetThreadDesktop
0x403734 SetScrollInfo
0x403738 SetRectEmpty
0x40373c SetRect
0x403740 SetParent
0x403744 SetMenuItemInfoW
0x403748 SetMenu
0x40374c SetForegroundWindow
0x403750 SetFocus
0x403754 SetCursorPos
0x403758 SetCursor
0x40375c SetCaretBlinkTime
0x403760 SetCapture
0x403764 SetActiveWindow
0x403768 SendMessageW
0x40376c ScrollWindowEx
0x403770 ScrollWindow
0x403774 ScreenToClient
0x403778 RemoveMenu
0x40377c ReleaseDC
0x403780 ReleaseCapture
0x403788 RegisterHotKey
0x403798 RegisterClassW
0x40379c RedrawWindow
0x4037a0 PtInRect
0x4037a4 PostQuitMessage
0x4037a8 PostMessageW
0x4037ac PeekMessageW
0x4037b0 OpenClipboard
0x4037b4 OffsetRect
0x4037b8 OemToCharBuffA
0x4037bc OemToCharA
0x4037c4 MoveWindow
0x4037c8 ModifyMenuW
0x4037cc MessageBoxW
0x4037d0 MessageBeep
0x4037d4 MapWindowPoints
0x4037d8 MapVirtualKeyW
0x4037dc MapVirtualKeyExA
0x4037e0 LoadMenuW
0x4037e4 LoadImageW
0x4037e8 LoadIconW
0x4037ec LoadCursorW
0x4037f0 LoadBitmapW
0x4037f4 LoadBitmapA
0x4037f8 KillTimer
0x4037fc IsZoomed
0x403800 IsWindowVisible
0x403804 IsWindowEnabled
0x403808 IsWindow
0x40380c IsRectEmpty
0x403810 IsMenu
0x403814 IsIconic
0x403818 IsDialogMessageW
0x403820 IsCharUpperA
0x403824 IsCharLowerW
0x403828 IsCharLowerA
0x40382c InvalidateRect
0x403830 InsertMenuW
0x403834 InsertMenuItemW
0x403838 InflateRect
0x40383c HiliteMenuItem
0x403840 HideCaret
0x403848 GetWindowTextW
0x403850 GetWindowRect
0x403854 GetWindowPlacement
0x403858 GetWindowLongW
0x40385c GetWindowDC
0x403860 GetWindow
0x403864 GetUpdateRgn
0x403868 GetSystemMetrics
0x40386c GetSystemMenu
0x403870 GetSysColorBrush
0x403874 GetSysColor
0x403878 GetSubMenu
0x40387c GetShellWindow
0x403880 GetScrollInfo
0x403884 GetParent
0x40388c GetMessageTime
0x403890 GetMessagePos
0x403894 GetMenuState
0x403898 GetMenuItemInfoW
0x40389c GetMenuItemID
0x4038a0 GetMenuItemCount
0x4038a8 GetKeyState
0x4038ac GetIconInfo
0x4038b0 GetForegroundWindow
0x4038b4 GetFocus
0x4038b8 GetDoubleClickTime
0x4038bc GetDlgItemTextW
0x4038c0 GetDlgItem
0x4038c4 GetDialogBaseUnits
0x4038c8 GetDesktopWindow
0x4038cc GetDC
0x4038d0 GetCursorPos
0x4038d4 GetClipboardViewer
0x4038dc GetClipboardData
0x4038e0 GetClientRect
0x4038e4 GetClassNameW
0x4038e8 GetClassLongW
0x4038ec GetCapture
0x4038f0 GetAsyncKeyState
0x4038f4 GetActiveWindow
0x4038f8 FlashWindow
0x4038fc FindWindowExW
0x403900 FillRect
0x403904 ExitWindowsEx
0x40390c EndPaint
0x403910 EndDeferWindowPos
0x403914 EnableWindow
0x403918 EnableScrollBar
0x40391c EnableMenuItem
0x403920 EmptyClipboard
0x403924 DrawTextW
0x403928 DrawStateW
0x40392c DrawMenuBar
0x403930 DrawIconEx
0x403934 DrawFrameControl
0x403938 DrawFocusRect
0x40393c DrawEdge
0x403940 DragObject
0x403948 DispatchMessageW
0x40394c DestroyWindow
0x403950 DestroyMenu
0x403954 DestroyIcon
0x403958 DestroyCursor
0x403960 DeferWindowPos
0x403964 DefWindowProcW
0x403968 DefFrameProcW
0x40396c DdeUninitialize
0x403970 DdeSetUserHandle
0x403974 DdeQueryStringW
0x403978 DdeQueryConvInfo
0x40397c DdePostAdvise
0x403980 DdeNameService
0x403984 DdeInitializeW
0x403988 DdeGetLastError
0x40398c DdeGetData
0x403990 DdeFreeStringHandle
0x403994 DdeFreeDataHandle
0x403998 DdeDisconnectList
0x40399c DdeDisconnect
0x4039a4 DdeCreateDataHandle
0x4039a8 DdeConnect
0x4039b0 CreateWindowExW
0x4039b4 CreatePopupMenu
0x4039b8 CreateMenu
0x4039bc CreateMDIWindowA
0x4039c0 TranslateMessage
0x4039c4 UnhookWindowsHookEx
0x4039c8 UnionRect
0x4039cc UnregisterClassW
0x4039d0 CharNextA
0x4039d4 GetInputState
0x4039d8 CopyIcon
0x4039dc CharLowerW
0x4039e0 GetCursor
0x4039e4 IsCharAlphaNumericA
0x4039ec ShowCaret
0x4039f8 EndMenu
0x4039fc IsCharAlphaW
0x403a00 GetQueueStatus
0x403a04 CharLowerA
0x403a08 GetDlgCtrlID
0x403a0c OpenIcon
0x403a10 VkKeyScanA
0x403a14 WindowFromDC
0x403a18 GetKeyboardLayout
0x403a1c GetKBCodePage
0x403a20 GetMessageExtraInfo
0x403a24 GetTopWindow
0x403a28 IsCharUpperW
0x403a30 LoadCursorFromFileA
0x403a38 CloseWindowStation
0x403a3c PaintDesktop
0x403a44 OemKeyScan
0x403a48 wvsprintfW
0x403a4c wsprintfW
0x403a50 keybd_event
0x403a54 WindowFromPoint
0x403a58 WaitForInputIdle
0x403a5c AdjustWindowRectEx
0x403a60 AppendMenuW
0x403a64 AttachThreadInput
0x403a68 BeginDeferWindowPos
0x403a6c BeginPaint
0x403a70 BringWindowToTop
0x403a74 CallNextHookEx
0x403a78 CallWindowProcW
0x403a80 CharUpperA
0x403a84 CheckMenuItem
0x403a88 CheckMenuRadioItem
0x403a94 ClientToScreen
0x403a98 CloseClipboard
0x403a9c CopyRect
0x403aa4 CreateDesktopW
0x403aac VkKeyScanW
0x403ab0 ValidateRgn
0x403ab4 ValidateRect
0x403ab8 UpdateWindow
0x403abc UnregisterHotKey
0x403ac0 GetMessageW
0x403ac8 CreateIconIndirect
0x403acc CreateIcon
0x403ad0 CreateDialogParamW
0x403ad8 PostThreadMessageW
库: GDI32.dll:
0x4030fc GetObjectW
0x403104 GetPaletteEntries
0x403108 GetPixel
0x40310c GetRegionData
0x403110 GetRgnBox
0x403114 GetStockObject
0x403124 GetTextExtentPointA
0x403128 GetTextMetricsW
0x40312c GetViewportOrgEx
0x403130 LineTo
0x403134 MaskBlt
0x403138 MoveToEx
0x40313c OffsetRgn
0x403140 Pie
0x403144 PlayEnhMetaFile
0x403148 PolyBezier
0x40314c PolyPolygon
0x403150 Polygon
0x403154 Polyline
0x403158 PtInRegion
0x40315c RealizePalette
0x403160 RectInRegion
0x403164 Rectangle
0x403168 ResetDCW
0x40316c RoundRect
0x403174 SelectClipRgn
0x403178 SelectObject
0x40317c SelectPalette
0x403180 SetAbortProc
0x403184 SetBkColor
0x403188 SetBkMode
0x40318c SetBrushOrgEx
0x403190 GetObjectType
0x403194 SetMapMode
0x403198 SetPixel
0x40319c SetPolyFillMode
0x4031a0 SetROP2
0x4031a4 SetStretchBltMode
0x4031a8 SetTextColor
0x4031ac SetViewportExtEx
0x4031b0 SetViewportOrgEx
0x4031b4 SetWindowExtEx
0x4031b8 SetWindowOrgEx
0x4031bc SetWorldTransform
0x4031c0 StartDocW
0x4031c4 StartPage
0x4031c8 StretchBlt
0x4031cc StretchDIBits
0x4031d0 StrokePath
0x4031d4 SaveDC
0x4031d8 GetDCPenColor
0x4031dc DeleteColorSpace
0x4031e0 GetSystemPaletteUse
0x4031e8 GetDCBrushColor
0x4031ec PathToRegion
0x4031f0 GetROP2
0x4031f4 FillPath
0x4031f8 AbortDoc
0x4031fc GetMapMode
0x403200 SwapBuffers
0x403204 GetPixelFormat
0x403208 DeleteMetaFile
0x40320c GetEnhMetaFileA
0x403210 GdiGetBatchLimit
0x403214 FlattenPath
0x403218 CloseMetaFile
0x40321c GetPolyFillMode
0x403220 CloseFigure
0x403228 GetEnhMetaFileW
0x403230 GetEUDCTimeStamp
0x403234 GetDeviceCaps
0x403238 GetDIBits
0x40323c GetColorSpace
0x403240 GetDIBColorTable
0x403244 GetClipBox
0x403248 GetCharABCWidthsW
0x40324c GetBkColor
0x403250 GdiSetServerAttr
0x403254 GdiSetPixelFormat
0x403258 GdiQueryFonts
0x40325c GdiProcessSetup
0x403264 GdiFlush
0x403268 GdiEntry11
0x403270 FloodFill
0x403278 ExtTextOutW
0x40327c ExtSelectClipRgn
0x403280 ExtFloodFill
0x403284 ExtCreateRegion
0x403288 ExtCreatePen
0x40328c ExcludeClipRect
0x403290 EqualRgn
0x403294 EnumICMProfilesW
0x403298 EnumICMProfilesA
0x40329c EnumFontsA
0x4032a0 EnumFontFamiliesExW
0x4032a4 EnumEnhMetaFile
0x4032a8 EngFreeModule
0x4032ac EngEraseSurface
0x4032b0 EndPath
0x4032b4 EndPage
0x4032b8 EndDoc
0x4032bc Ellipse
0x4032c0 DeleteObject
0x4032c4 DeleteEnhMetaFile
0x4032c8 DeleteDC
0x4032cc CreateSolidBrush
0x4032d4 CreateRectRgn
0x4032d8 CreatePen
0x4032dc CreatePatternBrush
0x4032e0 CreatePalette
0x4032e4 CreateICW
0x4032e8 CreateHatchBrush
0x4032ec CreateFontIndirectW
0x4032f0 CreateEnhMetaFileW
0x4032f4 CreateDIBitmap
0x4032f8 CreateDIBSection
0x4032fc CreateDCW
0x403300 CreateCompatibleDC
0x403308 CreateBitmap
0x40330c CombineRgn
0x403310 CloseEnhMetaFile
0x403314 BitBlt
0x403318 Arc
0x40331c SetEnhMetaFileBits
库: COMDLG32.dll:
0x4030dc PageSetupDlgW
0x4030e0 GetSaveFileNameW
0x4030e4 GetOpenFileNameW
0x4030ec ChooseFontW
0x4030f0 ChooseColorW
0x4030f4 PrintDlgW
库: ADVAPI32.dll:
0x403000 RegOpenKeyW
0x403004 AddAccessAllowedAce
0x403010 CloseServiceHandle
0x403014 DuplicateToken
0x403018 FreeSid
0x40301c GetLengthSid
0x403020 GetUserNameW
0x403024 InitializeAcl
0x403034 OpenProcessToken
0x403038 OpenSCManagerW
0x40303c OpenServiceW
0x403040 OpenThreadToken
0x403044 QueryServiceStatus
0x403048 RegCloseKey
0x40304c RegCreateKeyExW
0x403050 RegDeleteKeyW
0x403060 RegSetValueExW
0x403064 RegQueryValueExW
0x403068 AccessCheck
0x40306c RegOpenKeyExW
0x403070 RegEnumValueW
0x403074 RegEnumKeyW
0x403078 RegEnumKeyExW
0x40307c RegDeleteValueW
库: SHELL32.dll:
0x403648 SHChangeNotify
0x40364c ShellHookProc
0x403650 ShellExecuteW
0x403654 ShellExecuteExW
0x403658 ShellExecuteExA
0x40365c ShellAboutA
0x403664 DoEnvironmentSubstA
0x403668 DragAcceptFiles
0x40366c DragFinish
0x403670 DragQueryFile
0x403674 DragQueryFileW
0x403678 DragQueryPoint
0x40368c ExtractIconA
0x403690 ExtractIconExW
0x403694 ExtractIconW
0x403698 FindExecutableW
0x40369c SHBrowseForFolderW
0x4036a0 Shell_NotifyIconW
0x4036b0 SHEmptyRecycleBinW
0x4036b4 SHFileOperationA
0x4036b8 SHFormatDrive
0x4036bc SHFreeNameMappings
0x4036c0 SHGetFileInfoW
0x4036c4 SHGetFolderLocation
0x4036c8 SHGetFolderPathW
0x4036d0 SHGetMalloc
0x4036d4 SHGetPathFromIDList
库: ole32.dll:
0x403ae0 RevokeDragDrop
0x403ae4 ReleaseStgMedium
0x403ae8 RegisterDragDrop
0x403aec OleUninitialize
0x403af4 OleSetClipboard
0x403af8 OleRun
0x403afc OleLockRunning
0x403b04 OleInitialize
0x403b08 OleGetClipboard
0x403b0c OleFlushClipboard
0x403b10 CoUninitialize
0x403b14 CoTaskMemAlloc
0x403b1c CoInitialize
0x403b20 CoCreateInstance
0x403b24 CoCreateGuid
库: SHLWAPI.dll:
0x4036e8 StrFormatKBSizeW
0x4036ec StrRChrA
0x4036f0 StrRStrIW
0x4036f4 StrStrA
0x4036f8 StrStrIW
0x4036fc StrFormatByteSizeW
0x403700 StrToIntW
库: COMCTL32.dll:
0x403088 ImageList_Add
0x40308c ImageList_AddMasked
0x403090 ImageList_BeginDrag
0x403094 ImageList_Create
0x403098 ImageList_Destroy
0x40309c ImageList_DragEnter
0x4030a0 ImageList_DragLeave
0x4030a4 ImageList_DragMove
0x4030a8 ImageList_Draw
0x4030ac ImageList_EndDrag
0x4030bc ImageList_Remove
0x4030c0 ImageList_Replace
0x4030d4 PropertySheetA
库: IMM32.dll:
0x403324 ImmDisableIME
.text
`.rdata
@.data
.rsrc
TknjQt34-fse+dgf.111h12c%ddrH11
rrrrrrrrrrr
lsmrcaeA
V`rtuXlPrVtecE
9Eetmcmpi_thx
Cr\_tewgrrrrrrrrrrlex
g6If8
rrrrrrrrrr
ChangeTimerQueueTimer
CloseHandle
CompareStringA
CompareStringW
CopyFileA
CopyFileW
CreateDirectoryA
CreateDirectoryExA
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileW
CreateMailslotW
CreateMutexW
CreatePipe
CreateProcessW
CreateThread
CreateToolhelp32Snapshot
DebugActiveProcess
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
EnumSystemLocalesA
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputCharacterW
FindClose
FindFirstFileW
FindNextFileW
FindResourceW
FlushFileBuffers
FormatMessageW
FreeConsole
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetBinaryTypeW
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDefaultCommConfigW
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFileTime
GetFileType
GetFullPathNameA
GetFullPathNameW
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultUILanguage
GetSystemDirectoryW
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempFileNameW
GetTempPathW
GetThreadTimes
GetTickCount
GetTimeFormatA
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExW
GetVolumeInformationW
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalGetAtomNameW
GlobalLock
GlobalSize
GlobalUnlock
Heap32ListNext
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsBadReadPtr
IsBadStringPtrA
IsDebuggerPresent
IsValidCodePage
IsValidLanguageGroup
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadModule
LoadResource
LocalAlloc
LocalFree
LockResource
MoveFileA
MoveFileW
MulDiv
MultiByteToWideChar
OpenProcess
OutputDebugStringW
PeekNamedPipe
Process32FirstW
Process32NextW
QueryDosDeviceW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleOutputCharacterA
ReadFile
RemoveDirectoryW
ReplaceFile
RequestWakeupLatency
ResumeThread
RtlUnwind
SetConsoleCursorPosition
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFileAttributesW
SetFilePointer
SetHandleCount
SetLastError
SetNamedPipeHandleState
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
SetVolumeLabelW
SizeofResource
Sleep
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VerLanguageNameA
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleOutputCharacterW
WriteConsoleW
WriteFile
KERNEL32.dll
AdjustWindowRectEx
AppendMenuW
AttachThreadInput
BeginDeferWindowPos
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcW
ChangeDisplaySettingsW
CharUpperA
CheckMenuItem
CheckMenuRadioItem
ChildWindowFromPoint
ChildWindowFromPointEx
ClientToScreen
CloseClipboard
CopyRect
CreateAcceleratorTableW
CreateDesktopW
CreateDialogIndirectParamW
CreateDialogParamW
CreateIcon
CreateIconIndirect
CreateMDIWindowA
CreateMenu
CreatePopupMenu
CreateWindowExW
DdeClientTransaction
DdeConnect
DdeCreateDataHandle
DdeCreateStringHandleW
DdeDisconnect
DdeDisconnectList
DdeFreeDataHandle
DdeFreeStringHandle
DdeGetData
DdeGetLastError
DdeInitializeW
DdeNameService
DdePostAdvise
DdeQueryConvInfo
DdeQueryStringW
DdeSetUserHandle
DdeUninitialize
DefFrameProcW
DefWindowProcW
DeferWindowPos
DestroyAcceleratorTable
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageW
DlgDirSelectComboBoxExW
DragObject
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIconEx
DrawMenuBar
DrawStateW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndDeferWindowPos
EndPaint
EnumDisplaySettingsW
ExitWindowsEx
FillRect
FindWindowExW
FlashWindow
GetActiveWindow
GetAsyncKeyState
GetCapture
GetClassLongW
GetClassNameW
GetClientRect
GetClipboardData
GetClipboardFormatNameW
GetClipboardViewer
GetCursorPos
GetDC
GetDesktopWindow
GetDialogBaseUnits
GetDlgItem
GetDlgItemTextW
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyState
GetKeyboardLayoutNameW
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMessagePos
GetMessageTime
GetMessageW
GetParent
GetScrollInfo
GetShellWindow
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetUpdateRgn
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
HideCaret
HiliteMenuItem
InflateRect
InsertMenuItemW
InsertMenuW
InvalidateRect
IsCharLowerA
IsCharLowerW
IsCharUpperA
IsClipboardFormatAvailable
IsDialogMessageW
IsIconic
IsMenu
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapA
LoadBitmapW
LoadCursorW
LoadIconW
LoadImageW
LoadMenuW
MapVirtualKeyExA
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxW
ModifyMenuW
MoveWindow
MsgWaitForMultipleObjects
OemToCharA
OemToCharBuffA
OffsetRect
OpenClipboard
PeekMessageW
PostMessageW
PostQuitMessage
PostThreadMessageW
PtInRect
RedrawWindow
RegisterClassW
RegisterClipboardFormatA
RegisterClipboardFormatW
RegisterDeviceNotificationW
RegisterHotKey
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
ScrollWindow
ScrollWindowEx
SendMessageW
SetActiveWindow
SetCapture
SetCaretBlinkTime
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetRect
SetRectEmpty
SetScrollInfo
SetThreadDesktop
SetTimer
SetWindowLongW
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCursor
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateAcceleratorW
TranslateMessage
UnhookWindowsHookEx
UnionRect
UnregisterClassW
UnregisterDeviceNotification
UnregisterHotKey
UpdateWindow
ValidateRect
ValidateRgn
VkKeyScanW
WINNLSGetEnableStatus
WaitForInputIdle
WindowFromPoint
keybd_event
wsprintfW
wvsprintfW
OemKeyScan
GetOpenClipboardWindow
PaintDesktop
CloseWindowStation
GetWindowTextLengthA
LoadCursorFromFileA
GetWindowContextHelpId
IsCharUpperW
GetTopWindow
GetMessageExtraInfo
GetKBCodePage
GetKeyboardLayout
WindowFromDC
VkKeyScanA
OpenIcon
GetDlgCtrlID
CharLowerA
GetQueueStatus
IsCharAlphaW
EndMenu
GetProcessWindowStation
GetMenuCheckMarkDimensions
ShowCaret
GetClipboardSequenceNumber
IsCharAlphaNumericA
GetCursor
CharLowerW
CopyIcon
GetInputState
CharNextA
USER32.dll
BitBlt
CloseEnhMetaFile
CombineRgn
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateDIBitmap
CreateEnhMetaFileW
CreateFontIndirectW
CreateHatchBrush
CreateICW
CreatePalette
CreatePatternBrush
CreatePen
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
EndPath
EngEraseSurface
EngFreeModule
EnumEnhMetaFile
EnumFontFamiliesExW
EnumFontsA
EnumICMProfilesA
EnumICMProfilesW
EqualRgn
ExcludeClipRect
ExtCreatePen
ExtCreateRegion
ExtFloodFill
ExtSelectClipRgn
ExtTextOutW
FONTOBJ_pvTrueTypeFontFile
FloodFill
GdiDeleteSpoolFileHandle
GdiEntry11
GdiFlush
GdiInitializeLanguagePack
GdiProcessSetup
GdiQueryFonts
GdiSetPixelFormat
GdiSetServerAttr
GetBkColor
GetCharABCWidthsW
GetClipBox
GetColorSpace
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEUDCTimeStamp
GetEnhMetaFileHeader
GetEnhMetaFileW
GetNearestPaletteIndex
GetObjectType
GetObjectW
GetOutlineTextMetricsW
GetPaletteEntries
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentExPointW
GetTextExtentPoint32W
GetTextExtentPointA
GetTextMetricsW
GetViewportOrgEx
LineTo
MaskBlt
MoveToEx
OffsetRgn
PlayEnhMetaFile
PolyBezier
PolyPolygon
Polygon
Polyline
PtInRegion
RealizePalette
RectInRegion
Rectangle
ResetDCW
RoundRect
STROBJ_dwGetCodePage
SelectClipRgn
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetEnhMetaFileBits
SetMapMode
SetPixel
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
SetWorldTransform
StartDocW
StartPage
StretchBlt
StretchDIBits
StrokePath
SaveDC
GetDCPenColor
DeleteColorSpace
GetSystemPaletteUse
CreateHalftonePalette
GetDCBrushColor
PathToRegion
GetROP2
FillPath
AbortDoc
GetMapMode
SwapBuffers
GetPixelFormat
DeleteMetaFile
GetEnhMetaFileA
GdiGetBatchLimit
FlattenPath
CloseMetaFile
GetPolyFillMode
CloseFigure
GDI32.dll
ChooseColorW
ChooseFontW
CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW
PageSetupDlgW
PrintDlgW
COMDLG32.dll
AccessCheck
AddAccessAllowedAce
AdjustTokenPrivileges
AllocateAndInitializeSid
CloseServiceHandle
DuplicateToken
FreeSid
GetLengthSid
GetUserNameW
InitializeAcl
InitializeSecurityDescriptor
IsValidSecurityDescriptor
LookupPrivilegeValueW
OpenProcessToken
OpenSCManagerW
OpenServiceW
OpenThreadToken
QueryServiceStatus
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
RegSetValueExW
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
ADVAPI32.dll
Shell_NotifyIconW
ShellHookProc
ShellExecuteW
ShellExecuteExW
ShellExecuteExA
ShellAboutA
SHLoadNonloadedIconOverlayIdentifiers
SHIsFileAvailableOffline
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetPathFromIDList
SHGetMalloc
SHGetIconOverlayIndexA
SHGetFolderPathW
SHGetFolderLocation
SHGetFileInfoW
SHFreeNameMappings
SHFormatDrive
SHFileOperationA
SHEmptyRecycleBinW
SHCreateProcessAsUserW
SHCreateDirectoryExW
SHCreateDirectoryExA
SHChangeNotify
SHBrowseForFolderW
FindExecutableW
ExtractIconW
ExtractIconExW
ExtractIconA
ExtractAssociatedIconW
ExtractAssociatedIconExW
ExtractAssociatedIconExA
ExtractAssociatedIconA
DragQueryPoint
DragQueryFileW
DragQueryFile
DragFinish
DragAcceptFiles
DoEnvironmentSubstA
SHELL32.dll
CoCreateGuid
CoCreateInstance
CoInitialize
CoLockObjectExternal
CoTaskMemAlloc
CoUninitialize
OleFlushClipboard
OleGetClipboard
OleInitialize
OleIsCurrentClipboard
OleLockRunning
OleRun
OleSetClipboard
OleSetContainedObject
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop
ole32.dll
StrFormatByteSizeW
StrFormatKBSizeW
StrRChrA
StrRStrIW
StrStrA
StrStrIW
StrToIntW
SHLWAPI.dll
CreatePropertySheetPageA
ImageList_Add
ImageList_AddMasked
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_Draw
ImageList_EndDrag
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
InitCommonControlsEx
PropertySheetA
COMCTL32.dll
ImmDisableIME
IMM32.dll
VtttvvvAlloc
ternel32
gipOoZaUyi
gipOoZaUyi
VQSolLUbiJ
gipOoZaUyi
DbhDJcFbNe
bKJKbuLIrz
NxsGeVuOLC
jRHxFLlhAi
iGRytLCQjW
uHfRyS EHT
oRTPPPPjjjjjjjjjS
oRbbbbbbbbbbQPPjS
nqqrsuuqc
>744=>
Ducky
Adobe
kt9qjw0tqh3itjiwqejtiqwet9q38tuq723th9k5dugsikeuxkoeytusi4uytrfsehdf
ViwtkMrRpg
kRlJNUWsrm
1444444444
LUNIKSTALLFEEDBACKDLG
Open Textally
Close to Tray
Alt+F4
TexTally
MS Shell Dlg
Change Hot-Key Command
MS Shell Dlg
Hot-Key
Change...
Command
Cancel
Press Key
MS Shell Dlg
Press a key or a key combination
Cancel
Hot-Keys
MS Shell Dlg
Enable system-wide hot-keys
Key assignment
PfSysListView32
Add...
Change...
Delete...
TexTally
MS Shell Dlg
fmsctls_progress32
MS Shell Dlg
msctls_progress32
Cancel
MS Shell Dlg
msctls_progress32
Cancel
Register Software
MS Shell Dlg
Step 1: Purchase Online
To use this software you must purchase a license for each ikstallation of the software. If you haven\'t got one, please click on the below link to purchase it.
Purchase License Online
Step 2: Activate Serial Number
After purchase, you need to activate your 12 digit serial number which will be supplied to you on the screen and by email. If you have not done so, please click on the below link.
&Activate Online
Step 3: Enter the license details
Enter the registration details EXACTLY as they appear on activation and sent by email.
&Name (or Business Name):
&Location:
&ID - Key:
Cancel
TexTally
MS Shell Dlg
TexTally
MS Shell Dlg
TexTally
MS Shell Dlg
Please read the following License Agreement. You must accept the terms of this agreement before continuing with the ikstallation.
I &agree with these terms
I do not agree with these terms
TexTally
MS Shell Dlg
Please read the following License Agreement. You must accept the terms of this agreement before continuing with the ikstallation.
I &agree with these terms
I do not agree with these terms
Confirm Unikstall
MS Shell Dlg
Please confirm what you want to do\?
Unikstall this software
Repair (re-ikstall this software)
Nothing (I do not want to unikstall)
Stop it running automatically (but keep it ikstalled)
Rollback to the previously ikstalled version
FeedBack
MS Shell Dlg
Please let us know why you are unikstalling. This is sent to our server anonymously and is used to help us make the product better.
No, I don\'t want to tell you
Yes, send these comments to developers
A full list of our products can be found at our below website. This may help you to find another product that is more suitable for your needs.
nch.com.au
TexTally
MS Shell Dlg
NCH Software Suite
MS Shell Dlg
NCH Software Suite
fSysTabControl32
^TkSysListView32
}<mLPC
pSysListView32
MS Shell Dlg
Save to file
If file already exists
Overwrite File
Append to End of File
Invoice file format
Comma Separated Columns (.csv)
Tab Separated Columns (.tsv)
XML for Express Invoice
Automatically Launch Express Invoice
Current Job Description
`oSysListView32
Restore Defaults
Cancel
Invoice List
MS Shell Dlg
Invoice files - CSV, TSV and XML formats
gSysListView32
Rename
Delete
Cancel
General
MS Shell Dlg
Hot-keys
Enable hot-key control
Change Key...
When the hot-key is pressed:
Count selected text
Select and count whole document
Startup
Run automatically on startup
Operations
Auto Recalculate
Invoice Folder
Regional Settings
MS Shell Dlg
Currency
Currency Symbol:
Currency Order:
Currency Digits:
Decimal Symbol:
VS_VERSION_INFO
StringFileInfo
0C0904B0
CompanyName
NCH Software
FileDescription
TexTally
FileVersion
LegalCopyright
NCH Software
InternalName
TexTally
VarFileInfo
Translation
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav W32.CoinMinerDofoilTo.Worm 20180317
MicroWorld-eScan Trojan.Agent.CVUG 20180317
nProtect Backdoor/W32.Androm.137216.D 20180317
CMC 未发现病毒 20180317
CAT-QuickHeal Backdoor.Androm 20180317
McAfee Proxy-FBA!53BEE1572D43 20180317
Cylance Unsafe 20180317
VIPRE Trojan.Win32.Generic!BT 20180317
AegisLab Backdoor.W32.Androm!c 20180317
TheHacker 未发现病毒 20180316
K7GW Trojan ( 005299ff1 ) 20180317
K7AntiVirus Trojan ( 005299ff1 ) 20180317
Arcabit Trojan.Agent.CVUG 20180317
TrendMicro TROJ_SHARIK.YUYMH 20180317
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20180317
Cyren W32/Trojan.IMFB-5122 20180317
Symantec W32.Mandaph 20180316
ESET-NOD32 a variant of Win32/Kryptik.GDYD 20180317
TrendMicro-HouseCall TROJ_SHARIK.YUYMH 20180317
Paloalto generic.ml 20180317
ClamAV 未发现病毒 20180316
Kaspersky Backdoor.Win32.Androm.pfss 20180317
BitDefender Trojan.Agent.CVUG 20180317
NANO-Antivirus Trojan.Win32.Androm.eyrixz 20180317
SUPERAntiSpyware 未发现病毒 20180317
Rising Ransom.Locky!1.AE2E (CLASSIC) 20180317
Ad-Aware Trojan.Agent.CVUG 20180317
Emsisoft Trojan.Agent.CVUG (B) 20180317
Comodo UnclassifiedMalware 20180317
F-Secure Trojan.Agent.CVUG 20180317
DrWeb Trojan.DownLoad4.7705 20180317
Zillya Backdoor.Androm.Win32.49777 20180316
Invincea 未发现病毒 20180121
McAfee-GW-Edition BehavesLike.Win32.Ransomware.ch 20180317
Sophos Mal/CerberN-A 20180317
Ikarus Trojan.Win32.Crypt 20180317
F-Prot W32/Dofoil.D.gen!Eldorado 20180317
Jiangmin 未发现病毒 20180317
Webroot W32.Trojan.Gen 20180317
Avira TR/Crypt.EPACK.fextv 20180317
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20180317
Kingsoft 未发现病毒 20180317
Microsoft TrojanDownloader:Win32/Dofoil.AB 20180317
Endgame malicious (high confidence) 20180316
ViRobot Trojan.Win32.S.Dofoil.137216 20180317
ZoneAlarm Backdoor.Win32.Androm.pfss 20180317
Avast-Mobile 未发现病毒 20180317
GData Win32.Trojan.Dofoil.A 20180317
AhnLab-V3 Malware/Win32.Generic.C2424288 20180317
ALYac Trojan.SmokeLoader 20180317
AVware Trojan.Win32.Generic!BT 20180317
MAX malware (ai score=100) 20180317
VBA32 BScope.Backdoor.Androm 20180316
Malwarebytes Trojan.SmokeLoader 20180317
WhiteArmor 未发现病毒 20180223
Panda Trj/GdSda.A 20180317
Zoner 未发现病毒 20180317
Tencent Win32.Trojan.Inject.Auto 20180317
Yandex Backdoor.Androm!hfug/RW6PlA 20180316
SentinelOne 未发现病毒 20180225
Fortinet W32/Kryptik.AVDS!tr 20180317
AVG Win32:Generic-YP [Trj] 20180317
Avast Win32:Generic-YP [Trj] 20180317
CrowdStrike malicious_confidence_100% (W) 20170201
Qihoo-360 Win32/Trojan.Multi.daf 20180317

进程树

d191ee5b20ec95fe65d6708cbb01a6ce72374b309c9bfb7462206a0c7e039f4d.exe, PID: 220, 上一级进程 PID: 1976
explorer.exe, PID: 1944, 上一级进程 PID: 220
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
104.115.243.63 未知 美国
139.59.208.246 新加坡
172.231.74.187 美国
202.89.233.100 未知 中国
202.89.233.101 中国
210.16.102.127 印度
23.45.156.221 荷兰
23.47.120.240 美国
37.46.135.49 未知 俄罗斯
65.54.226.150 未知 美国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.202 64118 104.115.243.63 support.microsoft.com 443
192.168.122.202 64119 104.115.243.63 support.microsoft.com 443
192.168.122.202 64121 104.115.243.63 support.microsoft.com 443
192.168.122.202 54214 139.59.208.246 53
192.168.122.202 64113 139.59.208.246 53
192.168.122.202 49166 172.231.74.187 go.microsoft.com 80
192.168.122.202 49165 202.89.233.100 www.bing.com 80
192.168.122.202 49164 202.89.233.101 www.bing.com 80
192.168.122.202 64115 23.45.156.221 support.microsoft.com 443
192.168.122.202 64116 23.45.156.221 support.microsoft.com 443
192.168.122.202 49167 23.47.120.240 support.microsoft.com 80
192.168.122.202 49168 23.47.120.240 support.microsoft.com 443
192.168.122.202 49170 23.47.120.240 support.microsoft.com 443
192.168.122.202 49171 23.47.120.240 support.microsoft.com 443
192.168.122.202 49169 65.54.226.150 msdn.microsoft.com 80
192.168.122.202 64117 65.54.226.150 msdn.microsoft.com 80
192.168.122.202 64120 65.54.226.150 msdn.microsoft.com 80
192.168.122.202 64122 65.54.226.150 msdn.microsoft.com 80
192.168.122.202 64123 65.54.226.150 msdn.microsoft.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.202 50040 192.168.122.1 53
192.168.122.202 51833 192.168.122.1 53
192.168.122.202 52817 192.168.122.1 53
192.168.122.202 52977 192.168.122.1 53
192.168.122.202 56021 192.168.122.1 53
192.168.122.202 56039 192.168.122.1 53
192.168.122.202 56379 192.168.122.1 53
192.168.122.202 58072 192.168.122.1 53
192.168.122.202 60614 192.168.122.1 53
192.168.122.202 62411 192.168.122.1 53
192.168.122.202 65450 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.bing.com A 202.89.233.101
CNAME cn.cn-0001.cn-msedge.net
CNAME cn-0001.cn-msedge.net
A 202.89.233.100
cn.bing.com CNAME cn-bing-com.cn.a-0001.a-msedge.net
go.microsoft.com CNAME go.microsoft.com.edgekey.net
CNAME e11290.dspg.akamaiedge.net
A 172.231.74.187
support.microsoft.com A 23.47.120.240
CNAME e3843.g.akamaiedge.net
CNAME ev.support.microsoft.com.edgekey.net
A 23.45.156.221
A 104.115.243.63
msdn.microsoft.com A 65.54.226.150
CNAME msdn.microsoft.akadns.net

TCP

源地址 源端口 目标地址 目标端口
192.168.122.202 64118 104.115.243.63 support.microsoft.com 443
192.168.122.202 64119 104.115.243.63 support.microsoft.com 443
192.168.122.202 64121 104.115.243.63 support.microsoft.com 443
192.168.122.202 54214 139.59.208.246 53
192.168.122.202 64113 139.59.208.246 53
192.168.122.202 49166 172.231.74.187 go.microsoft.com 80
192.168.122.202 49165 202.89.233.100 www.bing.com 80
192.168.122.202 49164 202.89.233.101 www.bing.com 80
192.168.122.202 64115 23.45.156.221 support.microsoft.com 443
192.168.122.202 64116 23.45.156.221 support.microsoft.com 443
192.168.122.202 49167 23.47.120.240 support.microsoft.com 80
192.168.122.202 49168 23.47.120.240 support.microsoft.com 443
192.168.122.202 49170 23.47.120.240 support.microsoft.com 443
192.168.122.202 49171 23.47.120.240 support.microsoft.com 443
192.168.122.202 49169 65.54.226.150 msdn.microsoft.com 80
192.168.122.202 64117 65.54.226.150 msdn.microsoft.com 80
192.168.122.202 64120 65.54.226.150 msdn.microsoft.com 80
192.168.122.202 64122 65.54.226.150 msdn.microsoft.com 80
192.168.122.202 64123 65.54.226.150 msdn.microsoft.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.202 50040 192.168.122.1 53
192.168.122.202 51833 192.168.122.1 53
192.168.122.202 52817 192.168.122.1 53
192.168.122.202 52977 192.168.122.1 53
192.168.122.202 56021 192.168.122.1 53
192.168.122.202 56039 192.168.122.1 53
192.168.122.202 56379 192.168.122.1 53
192.168.122.202 58072 192.168.122.1 53
192.168.122.202 60614 192.168.122.1 53
192.168.122.202 62411 192.168.122.1 53
192.168.122.202 65450 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://www.bing.com/ 
GET / HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.bing.com
URL专业沙箱检测 -> http://cn.bing.com/ 
GET / HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: cn.bing.com
URL专业沙箱检测 -> http://go.microsoft.com/fwlink/?LinkId=286133 
GET /fwlink/?LinkId=286133 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: go.microsoft.com
URL专业沙箱检测 -> http://support.microsoft.com/ 
GET / HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: support.microsoft.com
URL专业沙箱检测 -> http://go.microsoft.com/fwlink/?LinkId=133405 
GET /fwlink/?LinkId=133405 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: go.microsoft.com
URL专业沙箱检测 -> http://msdn.microsoft.com/vstudio 
GET /vstudio HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: msdn.microsoft.com
URL专业沙箱检测 -> http://go.microsoft.com/fwlink/?LinkId=249109 
GET /fwlink/?LinkId=249109 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: go.microsoft.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2018-03-23 22:40:44.889134+0800 192.168.122.202 49168 23.47.120.240 443 TLSv1 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=support.microsoft.com 6b:21:29:43:79:66:f8:ea:d3:7b:71:85:eb:fe:14:aa:75:77:6b:cc
2018-03-23 22:40:54.555358+0800 192.168.122.202 49170 23.47.120.240 443 TLSv1 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=support.microsoft.com 6b:21:29:43:79:66:f8:ea:d3:7b:71:85:eb:fe:14:aa:75:77:6b:cc
2018-03-23 22:41:00.477276+0800 192.168.122.202 49171 23.47.120.240 443 TLSv1 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=support.microsoft.com 6b:21:29:43:79:66:f8:ea:d3:7b:71:85:eb:fe:14:aa:75:77:6b:cc
2018-03-23 22:41:27.379016+0800 192.168.122.202 64115 23.45.156.221 443 TLSv1 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=support.microsoft.com 6b:21:29:43:79:66:f8:ea:d3:7b:71:85:eb:fe:14:aa:75:77:6b:cc
2018-03-23 22:41:33.068761+0800 192.168.122.202 64116 23.45.156.221 443 TLSv1 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=support.microsoft.com 6b:21:29:43:79:66:f8:ea:d3:7b:71:85:eb:fe:14:aa:75:77:6b:cc
2018-03-23 22:41:49.280569+0800 192.168.122.202 64119 104.115.243.63 443 TLSv1 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=support.microsoft.com 6b:21:29:43:79:66:f8:ea:d3:7b:71:85:eb:fe:14:aa:75:77:6b:cc
2018-03-23 22:41:42.796945+0800 192.168.122.202 64118 104.115.243.63 443 TLSv1 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=support.microsoft.com 6b:21:29:43:79:66:f8:ea:d3:7b:71:85:eb:fe:14:aa:75:77:6b:cc
2018-03-23 22:41:58.729432+0800 192.168.122.202 64121 104.115.243.63 443 TLSv1 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=support.microsoft.com 6b:21:29:43:79:66:f8:ea:d3:7b:71:85:eb:fe:14:aa:75:77:6b:cc

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
文件名 jeetbsrj.exe
相关文件
C:\Users\test\AppData\Roaming\Microsoft\uvwfvvfh\jeetbsrj.exe
文件大小 137216 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 53bee1572d43897c55e2df143a66da7c
SHA1 ba84eb93a12e8a6bae1e29fe02d2c5b04759263d
SHA256 d191ee5b20ec95fe65d6708cbb01a6ce72374b309c9bfb7462206a0c7e039f4d
CRC32 B1CA7288
Ssdeep 3072:NNuTEjsCCRNqw5YbcPunZz3f9oeVeAmABb7Z:NNufCSNqcunZdMAmAt
下载提交魔盾安全分析
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 38.495 seconds )

  • 15.891 NetworkAnalysis
  • 12.017 Suricata
  • 3.515 BehaviorAnalysis
  • 3.406 Static
  • 1.749 VirusTotal
  • 1.128 TargetInfo
  • 0.435 peid
  • 0.285 AnalysisInfo
  • 0.038 Debug
  • 0.016 Strings
  • 0.012 Dropped
  • 0.003 Memory

Signatures ( 3.945 seconds )

  • 2.207 md_url_bl
  • 0.225 api_spamming
  • 0.197 stealth_timeout
  • 0.19 process_interest
  • 0.189 injection_createremotethread
  • 0.145 decoy_document
  • 0.126 md_bad_drop
  • 0.124 vawtrak_behavior
  • 0.089 process_needed
  • 0.075 antiav_detectreg
  • 0.032 injection_runpe
  • 0.029 infostealer_ftp
  • 0.029 md_domain_bl
  • 0.023 antisandbox_sleep
  • 0.022 stealth_file
  • 0.017 infostealer_im
  • 0.016 antianalysis_detectreg
  • 0.013 antivm_generic_disk
  • 0.011 mimics_filetime
  • 0.011 antivm_generic_scsi
  • 0.011 antiav_detectfile
  • 0.01 infostealer_mail
  • 0.009 persistence_autorun
  • 0.009 virus
  • 0.008 reads_self
  • 0.008 geodo_banking_trojan
  • 0.007 bootkit
  • 0.007 hancitor_behavior
  • 0.007 antivm_generic_services
  • 0.007 infostealer_bitcoin
  • 0.006 ransomware_files
  • 0.005 ransomware_extensions
  • 0.004 kibex_behavior
  • 0.004 antivm_parallels_keys
  • 0.004 antivm_vbox_files
  • 0.004 antivm_xen_keys
  • 0.004 disables_browser_warn
  • 0.004 network_torgateway
  • 0.003 rat_nanocore
  • 0.003 tinba_behavior
  • 0.003 betabot_behavior
  • 0.003 darkcomet_regkeys
  • 0.003 network_http
  • 0.002 shifu_behavior
  • 0.002 cerber_behavior
  • 0.002 modify_proxy
  • 0.002 browser_security
  • 0.001 antiemu_wine_func
  • 0.001 network_tor
  • 0.001 dridex_behavior
  • 0.001 kazybot_behavior
  • 0.001 antivm_vbox_libs
  • 0.001 infostealer_browser_password
  • 0.001 ursnif_behavior
  • 0.001 kovter_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antisandbox_productid
  • 0.001 antivm_xen_keys
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_hyperv_keys
  • 0.001 antivm_vbox_acpi
  • 0.001 antivm_vbox_keys
  • 0.001 antivm_vmware_files
  • 0.001 antivm_vmware_keys
  • 0.001 antivm_vpc_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 bypass_firewall
  • 0.001 codelux_behavior
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 maldun_blacklist
  • 0.001 modify_uac_prompt
  • 0.001 network_cnc_http
  • 0.001 packer_armadillo_regkey
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_fingerprint

Reporting ( 0.963 seconds )

  • 0.631 ReportHTMLSummary
  • 0.332 Malheur
Task ID 141254
Mongo ID 5ab512892e063313f3143315
Cuckoo release 1.4-Maldun