比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64 2016-08-26 17:01:35 2016-08-26 17:02:13 38 秒

魔盾分数

0.3

正常的

文件详细信息

文件名 MiniThunderPlatform.exe
文件大小 268744 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 e2e9483568dc53f68be0b80c34fe27fb
SHA1 8919397fcc5ce4f91fe0dc4e6f55cea5d39e4bb9
SHA256 205c40f2733ba3e30cc538adc6ac6ee46f4c84a245337a36108095b9280abb37
SHA512 b6810288e5f9ad49dcbf13bf339eb775c52e1634cfa243535ab46fda97f5a2aac112549d21e2c30a95306a57363819be8ad5efd4525e27b6c446c17c9c587e4e
CRC32 D621E075
Ssdeep 6144:ePH9aqri3YL1Avg3NloWPxFL8QL2Ma8tvT0ecR:eP4qri3YL1Avg3NloWPTnL2f3x
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
23.41.75.27 未知 美国
117.21.218.9 未知 中国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
ocsp.verisign.com 未知 A 23.41.75.27
CNAME ocsp-ds.ws.symantec.com.edgekey.net
CNAME e8218.dscb1.akamaiedge.net

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004185f9
声明校验值 0x00045122
实际校验值 0x00045122
最低操作系统版本要求 4.0
PDB路径 d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\MiniThunderPlatform.pdb
编译时间 2014-07-25 10:39:26

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
LegalTrademarks
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

PEiD 规则

[u'Microsoft Visual C++ V8.0 (Debug)']

微软证书验证 (Sign Tool)

SHA1 时间戳 有效性 错误
2321315c4f8a8420253484bdfa973f1492fddf73 Fri Jul 25 10:39:55 2014
证书链 Certificate Chain 1
发行给 VeriSign Class 3 Public Primary Certification Authority - G5
发行人 VeriSign Class 3 Public Primary Certification Authority - G5
有效期 Thu Jul 17 075959 2036
SHA1 哈希 4eb6d578499b1ccf5f581ead56be3d9b6744a5e5
证书链 Certificate Chain 2
发行给 VeriSign Class 3 Code Signing 2010 CA
发行人 VeriSign Class 3 Public Primary Certification Authority - G5
有效期 Sat Feb 08 075959 2020
SHA1 哈希 495847a93187cfb8c71f840cb7b41497ad95c64f
证书链 Certificate Chain 3
发行给 ShenZhen Thunder Networking Technologies Ltd.
发行人 VeriSign Class 3 Code Signing 2010 CA
有效期 Wed Jun 24 075959 2015
SHA1 哈希 20c98cd8e61f7b9e77dbd74242b7538ff410f57b
证书链 Timestamp Chain 1
发行给 Thawte Timestamping CA
发行人 Thawte Timestamping CA
有效期 Fri Jan 01 075959 2021
SHA1 哈希 be36a4562fb2ee05dbb3d32323adf445084ed656
证书链 Timestamp Chain 2
发行给 Symantec Time Stamping Services CA - G2
发行人 Thawte Timestamping CA
有效期 Thu Dec 31 075959 2020
SHA1 哈希 6c07453ffdda08b83707c09b82fb3d15f35336b1
证书链 Timestamp Chain 3
发行给 Symantec Time Stamping Services Signer - G4
发行人 Symantec Time Stamping Services CA - G2
有效期 Wed Dec 30 075959 2020
SHA1 哈希 65439929b67973eb192d6ff243e6767adf0834e4

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.textbss 0x00001000 0x00015531 0x00000000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.text 0x00017000 0x00030f3e 0x00031000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 5.25
.rdata 0x00048000 0x00006914 0x00007000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.10
.data 0x0004f000 0x00000f4c 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.91
.idata 0x00050000 0x00004aad 0x00005000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.87
.rsrc 0x00055000 0x00000678 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.16

覆盖

偏移量 0x00040000
大小 0x000019c8

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_VERSION 0x00055374 0x00000304 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.07 data
RT_VERSION 0x00055374 0x00000304 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.07 data

导入

库: VERSION.dll:
0x4510c8 GetFileVersionInfoW
0x4510cc VerQueryValueW
库: RASAPI32.dll:
0x450fe4 RasEnumConnectionsW
库: KERNEL32.dll:
0x4509ac SetEvent
0x4509b0 OpenMutexW
0x4509b4 GetTickCount
0x4509b8 WaitForSingleObject
0x4509bc TerminateProcess
0x4509c0 GetCurrentProcess
0x4509c4 GetProcAddress
0x4509c8 LoadLibraryW
0x4509cc FreeLibrary
0x4509d0 GetVersionExW
0x4509d4 InterlockedExchange
0x4509d8 GetACP
0x4509dc GetLocaleInfoA
0x4509e0 GetThreadLocale
0x4509e4 TerminateThread
0x4509e8 SuspendThread
0x4509ec ResumeThread
0x4509f0 GetCurrentThreadId
0x4509f4 CreateThread
0x4509f8 ResetEvent
0x4509fc CreateEventW
0x450a00 WideCharToMultiByte
0x450a04 MultiByteToWideChar
0x450a08 GetModuleFileNameW
0x450a0c VirtualQuery
0x450a10 IsBadCodePtr
0x450a14 CreateDirectoryW
0x450a18 GetFileAttributesW
0x450a1c lstrcatW
0x450a20 GetTempPathW
0x450a24 UnmapViewOfFile
0x450a28 FormatMessageW
0x450a2c LocalFree
0x450a30 OutputDebugStringA
0x450a34 lstrlenW
0x450a38 GetExitCodeProcess
0x450a3c CreateProcessW
0x450a40 OpenEventW
0x450a44 MapViewOfFile
0x450a48 CreateFileMappingW
0x450a4c FindClose
0x450a50 FindNextFileW
0x450a54 CopyFileW
0x450a58 FindFirstFileW
0x450a60 GetCommandLineW
0x450a64 GetModuleHandleW
0x450a68 lstrcpyW
0x450a6c LocalAlloc
0x450a74 DebugBreak
0x450a78 CreateMutexW
0x450a7c GetLastError
0x450a84 CloseHandle
0x450a88 GetCurrentProcessId
0x450a8c RaiseException
0x450a94 LoadLibraryA
0x450a98 ExitProcess
0x450a9c GetStartupInfoW
0x450aa0 GetModuleHandleA
0x450aac GetVersionExA
0x450ab0 SetFileAttributesW
0x450ab4 DeleteFileW
0x450ac0 GetModuleFileNameA
0x450ac4 HeapAlloc
0x450ac8 HeapFree
0x450acc GetProcessHeap
0x450ad0 SetLastError
0x450ae0 RemoveDirectoryW
0x450ae4 GetFileSizeEx
0x450ae8 CreateFileW
库: USER32.dll:
0x451090 UnregisterClassA
0x451094 UnregisterClassW
库: ADVAPI32.dll:
0x450920 RegCloseKey
0x450924 RegCreateKeyExW
0x450928 RegSetValueExW
0x45092c SetSecurityInfo
库: SHELL32.dll:
0x451014 SHGetFolderPathW
0x451020 ShellExecuteExW
0x451024 None
库: ole32.dll:
0x4510fc CoTaskMemFree
库: OLEAUT32.dll:
0x450fb4 None
库: MSVCP71.dll:
库: SHLWAPI.dll:
0x451058 PathCombineW
0x45105c PathRemoveFileSpecW
0x451060 PathFileExistsW
库: MSVCR71.dll:
0x450e24 _wcsicmp
0x450e28 ??_V@YAXPAX@Z
0x450e30 ??1bad_cast@@UAE@XZ
0x450e38 fclose
0x450e3c fwprintf
0x450e40 fwrite
0x450e44 _wfopen
0x450e48 getc
0x450e4c fgetwc
0x450e50 fseek
0x450e54 fread
0x450e58 _purecall
0x450e5c wcsrchr
0x450e60 wcschr
0x450e64 swprintf
0x450e68 swscanf
0x450e6c _ultoa
0x450e70 _ultow
0x450e74 _ltoa
0x450e78 _ltow
0x450e7c _ui64toa
0x450e80 _ui64tow
0x450e84 _i64toa
0x450e88 _i64tow
0x450e8c sprintf
0x450e90 atol
0x450e94 _wtoi64
0x450e98 _wtol
0x450e9c _atoi64
0x450ea0 sscanf
0x450ea4 _stricmp
0x450ea8 _vsnprintf
0x450eac _itow
0x450eb0 wcscpy
0x450eb4 wcslen
0x450eb8 wcscat
0x450ebc wcscmp
0x450ec0 malloc
0x450ec4 _callnewh
0x450ec8 memmove
0x450ecc realloc
0x450ed0 _CRT_RTC_INIT
0x450ed4 __dllonexit
0x450ed8 _onexit
0x450ee0 ?terminate@@YAXXZ
0x450ee4 _c_exit
0x450ee8 _exit
0x450eec _XcptFilter
0x450ef0 _cexit
0x450ef4 exit
0x450ef8 _wcmdln
0x450efc _amsg_exit
0x450f00 __wgetmainargs
0x450f04 _initterm
0x450f08 __setusermatherr
0x450f0c _adjust_fdiv
0x450f10 __p__commode
0x450f14 __p__fmode
0x450f18 __set_app_type
0x450f20 _controlfp
0x450f24 _CxxThrowException
0x450f28 tolower
0x450f2c memcpy
0x450f30 free
0x450f34 _except_handler3
0x450f38 memset
0x450f3c ??3@YAXPAX@Z
0x450f40 __CxxFrameHandler
0x450f44 _itoa
库: CRYPT32.dll:
0x450964 CertGetNameStringW
0x45096c CryptMsgGetParam
0x450970 CryptQueryObject
0x450974 CryptMsgClose
0x450978 CertCloseStore
.text
`.rdata
@.data
.idata
.rsrc
strP2s
strP2p
dwCurrentProcessId
dwProcessId
proxyInfo
httpsProxy
ftpProxy
httpProxy
strTempFile
lTaskId
stProxyInfo
strUserAgent
bIsContinueTask
taskParam
lTaskId
ulMask
taskType
lTaskId
lTaskId
lTaskId
p2spTaskInfo
ulMask
lTaskId
nFileSize
strCID
lTaskId
lErrorCode
strFileFullPath
dwSpeedLimit
dwOtherSpeedLimit
dwTcpSpeedLimit
rawInfo
wsaprotocolinfow
lTaskId
file_index
res_type
res_priority
res_level
max_connection
user_agent_len
user_agent
cookie_len
cookie
ref_url_length
ref_url
url_length
lTaskId
res_priority
res_level
res_type
res_origin
peer_ability
udp_port
tcp_port
peer_ip_len
peer_ip
peer_id_len
peer_id
file_index
lTaskId
peer_id_len
peer_id
file_index
lTaskId
resultBuffer
strIdFilePath
partnerId
strCurrentExeFullPath
strMiniTpPath
strMiniTpPath
strDlPeerIdDll
strMutexName
strExeFullPath
strCurrentExeFullPath
strConfigPath
strDllPath
stFunc
bug_report_dir
productID
file_version
file_name
file_path
length
peerID
strDllPath
file_path
szACP
_Meta
_Psave
_Lock
_Meta
_Metadelim
_Meta
_Psave
_Lock
_Meta
_Metadelim
YtGSj
PSRSh
in_stream
out_stream
arArguments
temp_buffer
bUsedDefaultChar
buffer
buffer2
fSaclDefaulted
fSaclPresent
pSacl
ExitCode
ShExecInfo
cmd_line
tsModuleFlag
strName
strName
strName
strName
strName
strName
strName
dst_file_path
src_file_path
tsFind
value_name
pszPath
s_szPath
dl_uac_dir
pszPath
s_szPath
pszPath
s_szPath
pszPath
s_szPath
osver
separator
sys_time
find_file_data
file_name
buffer
buffer
buffer
buffer
buffer
buffer
buffer
buffer
strAuthor
szPathName
CertInfo
dwSignerInfo
dwFormatType
dwContentType
dwEncoding
hStore
deviceType
deviceName
RasConn
dwConnections
XLBugReport_path
XLBugHandler_path
tmp_file_name
tmp_file_name_len
out_stream_new
outStreamNew
outStreamNew
out_stream_new
out_stream_new
tmp_file_name
tmp_file_name_len
out_stream_new
out_stream_new
PRSVWj
http://store.paycenter.uc.cn
mail-attachment.googleusercontent.com
vector<T> too long
m_pDownloadHandler != NULL
d:\minitp\src\minithunderplatform\src\minithunderplatform\downloadenginemanager.cpp
new memory failed!
80000055
GetProcAddress failed, func_name:
, errno:
stop_task
asyn_stop_task
set_thread_num
discard_peer_resource
add_peer_resource
add_server_resource
set_addition_info
set_res_query_cid_and_file_size
get_res_save_data_stat
thunderS_register_client
set_partner_id
set_temp_file_suffix
set_channel_switch
is_enable_run
set_cookie
set_upload_speed_limit
set_complete_file_name
read_ie_proxy
set_res_use_strategy
set_speed_limit
delete_tempfile
set_proxy_info
set_user_agent
get_failure_detail
get_resource_statistic
query_task_info_ex
query_task_info
force_stop_task
start_task
delete_task
create_continued_task
create_new_task
uninit
hz_init
get_peer_id_ex
bad cast
invalid vector<T> subscript
map/set<T> too long
invalid map/set<T> iterator
%.0lfB
%0.2lfKB
%0.2lfMB
%0.2lfGB
%0.2lfTB
line:
file:
not true, detail:
0123456789ABCDEF
\/:*?"<>|
false
d:\minitp\src\minithunderplatform\src\dl_common\common\utility.cpp
SHGetKnownFolderPath
_XL_SetAlwaysSendReport@4
_XL_SetReportShowMode@4
_XL_SetPeerID@4
_XL_InitBugHandler@20
_XL_SetBugReportRootDir@4
buffer ptr is NULL
stream type is not STREAM_OUT, can't get bytes read!
stream type is not STREAM_IN, can't get bytes written!
buffer is insufficient to write!
stream type is not STREAM_IN, can't to write!
buffer is insufficient to read!
stream type is not STREAM_OUT, can't to read!
string length [
] is greater than remain size[
] in write! it's illegal!
] in read! it's illegal!
tstring length [
] is odd, it's illegal!
copy bytes count[
] in read.
] in write.
len [
unknown SDParameterType: %d when SDParameter::encode_data
unknown SDParameterType: %d when SDParameter::decode_data
IsDebuggerPresent
Kernel32.dll
Run-Time Check Failure #%d - %s
' was corrupted.
Stack around the variable '
A variable is being used without being defined.
' is being used without being defined.
The variable '
Local variable used before initialization
Stack memory corruption
Cast to smaller type causing loss of data
Stack pointer corruption
MSPDB71.DLL
Module32Next
Module32First
GetModuleInformation
EnumProcessModules
PSAPI.DLL
CreateToolhelp32Snapshot
ImageNtHeader
IMAGEHLP.DLL
KERNEL32.DLL
EnvironmentDirectory
SOFTWARE\Microsoft\VisualStudio\7.1\Setup\VS
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
ADVAPI32.DLL
PDBClose
DBIClose
ModClose
ModQueryLines
DBIQueryModFromAddr
PDBOpenDBI
PDBOpenValidate3
d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\MiniThunderPlatform.pdb
.?AVexception@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVbad_cast@@
.?AVout_of_range@std@@
.?AVconfig@0xl@@
.?AVthread@multithread@win32@xl@@
.?AVSDException@@
.?AVtype_info@@
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VERSION.dll
RasEnumConnectionsW
RASAPI32.dll
InitializeCriticalSection
DeleteCriticalSection
RaiseException
GetCurrentProcessId
CloseHandle
GetPrivateProfileStringW
GetLastError
CreateMutexW
UnmapViewOfFile
SetEvent
OpenMutexW
GetTickCount
WaitForSingleObject
TerminateProcess
GetCurrentProcess
GetProcAddress
LoadLibraryW
FreeLibrary
GetVersionExW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
TerminateThread
SuspendThread
ResumeThread
GetCurrentThreadId
CreateThread
ResetEvent
CreateEventW
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
VirtualQuery
IsBadCodePtr
CreateDirectoryW
GetFileAttributesW
lstrcatW
GetTempPathW
SetLastError
FormatMessageW
LocalFree
OutputDebugStringA
lstrlenW
GetExitCodeProcess
CreateProcessW
OpenEventW
MapViewOfFile
CreateFileMappingW
FindClose
FindNextFileW
CopyFileW
FindFirstFileW
FileTimeToSystemTime
GetCommandLineW
GetModuleHandleW
lstrcpyW
LocalAlloc
KERNEL32.dll
UnregisterClassW
USER32.dll
SetSecurityInfo
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
ADVAPI32.dll
SHGetSpecialFolderPathW
ShellExecuteExW
SHGetFolderPathW
SHELL32.dll
CoTaskMemFree
ole32.dll
OLEAUT32.dll
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?eq_int_type@?$char_traits@_W@std@@SA_NABG0@Z
?eof@?$char_traits@_W@std@@SAGXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBEHXZ
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?to_char_type@?$char_traits@D@std@@SADABH@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Register@facet@locale@std@@QAEXXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@D@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?to_int_type@?$char_traits@D@std@@SAHABD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
?to_char_type@?$char_traits@_W@std@@SA_WABG@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?max_size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?to_int_type@?$char_traits@_W@std@@SAGAB_W@Z
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?clear@ios_base@std@@QAEXH_N@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?str@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
MSVCP71.dll
?_Nomemory@std@@YAXXZ
PathRemoveFileSpecW
PathCombineW
PathFileExistsW
SHLWAPI.dll
__CxxFrameHandler
??3@YAXPAX@Z
memset
_except_handler3
memcpy
tolower
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_wcsicmp
??_V@YAXPAX@Z
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
fclose
fwprintf
fwrite
_wfopen
fgetwc
fseek
fread
_purecall
wcsrchr
wcschr
swprintf
swscanf
_ultoa
_ultow
_ltoa
_ltow
_ui64toa
_ui64tow
_i64toa
_i64tow
sprintf
_wtoi64
_wtol
_atoi64
sscanf
_stricmp
_vsnprintf
_itow
wcscpy
wcslen
wcscat
wcscmp
malloc
_callnewh
memmove
realloc
MSVCR71.dll
_CRT_RTC_INIT
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_c_exit
_exit
_XcptFilter
_cexit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__security_error_handler
_controlfp
CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CRYPT32.dll
GetFileSizeEx
CreateFileW
GetFileAttributesExW
GetCurrentDirectoryW
SetCurrentDirectoryW
RemoveDirectoryW
DeleteFileW
SetFileAttributesW
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
GetStartupInfoW
ExitProcess
LoadLibraryA
DebugBreak
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapAlloc
HeapFree
GetProcessHeap
UnregisterClassA
SHCreateDirectoryExW
_itoa
partner
80000055
id.dat
dl_peer_id.dll
dc.ini
LoadLibrary failed, path:
, errno:
download_engine.dll
-StartTP
MINITP\BugReport\
0x8000000
TypeLib
Software
SYSTEM
SECURITY
Hardware
Interface
FileType
Component Categories
CLSID
AppID
Delete
NoRemove
ForceRemove
{C6B7F4D9-8D15-4a48-A722-B54C3D6FCE70}
_67960FC3-A819-4fca-B939-F2B110716584_
{16C9DF46-AAF4-485d-AABE-4FE09E17E524}
false
comments
\Xunlei
Xunlei
%hu%c%hu%c%hu%c%hu
%.0lfB
%0.2lfKB
%0.2lfMB
%0.2lfGB
%0.2lfTB
format is invalid
connection is closed gracefully
http redirect loop for 5 times
http redirect url is invalid
http header is invalid
hex string is invalid
xml <item> not in a map
xml <item> no key
xml has unknown element
bencoding format invalid
zip failed
unzip failed
xml is not uft-8
int value is invalid
io expect bytes failed
decode nothing
list invalid
xml format invalid
map mismatch
fail to syn
too many persist retry
too many retransmit retry
serious packet lost
type is invalid
map is empty
wrong net state
not enough buffer size
invalid string size
invalid array size
invalid packet
invalid udt command
invalid message field
invalid rsa public key
invalid aes key
invalid PEL version
rsa not initilized
duplicate message version
wrong message definition
not permit to call this function
character is invalid
logic errror
no memory
too many timer
invalid timer id
rsa internal error
buffer is insufficient
success
wrong input parameter
wrong format
input path isn't symlink
file is invalid
file io error
S:(ML; ; NW; ; ; LW)
runas
ThunderPlatform\ThunderPlatform_
ThunderPlatform
_mini_tpstart_up_e_20130515_360
_mini_tpstart_up_failed_e_20130515_360
_mini_tp_alive_check_e_2013515_360
_mini_tp_father_alive_checker_e_2013515_360
_mini_tpka_m_2013515_360
_mini_tp_connector_tpka_m_2013515_360
_tp_sm_1266909420
_mini_tpr_e_2013515_360
_mini_tpw_e_2013515_360
Policy
AppPath
AppName
shell32.dll
Thunder Network\
CommandLine:
DLL list::
\*.dll
Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy
ShenZhen Thunder Networking Technologies Ltd.
MODEM
XLBugReport.exe
XLBugHandler.dll
%sThumbs.db
Thumbs.db
%s*.*
VS_VERSION_INFO
StringFileInfo
040904b0
CompanyName
FileDescription
FileVersion
3.2.1.42
InternalName
LegalCopyright
OriginalFilename
MiniThunderPlatform
ProductName
ProductVersion
3.2.1.42
LegalTrademarks
VarFileInfo
Translation
VS_VERSION_INFO
StringFileInfo
080404b0
CompanyName
FileDescription
FileVersion
3.2.1.42
InternalName
LegalCopyright
OriginalFilename
MiniThunderPlatform
ProductName
ProductVersion
3.2.1.42
LegalTrademarks
VarFileInfo
Translation
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20160822
MicroWorld-eScan 未发现病毒 20160822
nProtect 未发现病毒 20160822
CMC 未发现病毒 20160822
CAT-QuickHeal 未发现病毒 20160822
ALYac 未发现病毒 20160822
Malwarebytes 未发现病毒 20160822
Zillya 未发现病毒 20160820
AegisLab 未发现病毒 20160822
TheHacker 未发现病毒 20160821
BitDefender 未发现病毒 20160822
K7GW 未发现病毒 20160822
K7AntiVirus 未发现病毒 20160822
Baidu 未发现病毒 20160820
Cyren 未发现病毒 20160822
Symantec 未发现病毒 20160822
ESET-NOD32 未发现病毒 20160822
TrendMicro-HouseCall 未发现病毒 20160822
Avast 未发现病毒 20160822
ClamAV 未发现病毒 20160822
GData 未发现病毒 20160822
Kaspersky 未发现病毒 20160822
Alibaba 未发现病毒 20160822
NANO-Antivirus 未发现病毒 20160822
ViRobot 未发现病毒 20160822
Tencent 未发现病毒 20160822
Ad-Aware 未发现病毒 20160822
Emsisoft 未发现病毒 20160822
Comodo 未发现病毒 20160822
F-Secure 未发现病毒 20160822
DrWeb 未发现病毒 20160822
VIPRE 未发现病毒 20160822
TrendMicro 未发现病毒 20160822
McAfee-GW-Edition 未发现病毒 20160822
Sophos 未发现病毒 20160822
F-Prot 未发现病毒 20160822
Jiangmin 未发现病毒 20160822
Avira 未发现病毒 20160822
Antiy-AVL 未发现病毒 20160822
Kingsoft 未发现病毒 20160822
Arcabit 未发现病毒 20160822
SUPERAntiSpyware 未发现病毒 20160822
Microsoft 未发现病毒 20160822
AhnLab-V3 未发现病毒 20160822
McAfee 未发现病毒 20160822
AVware 未发现病毒 20160822
VBA32 未发现病毒 20160822
Zoner 未发现病毒 20160822
Rising 未发现病毒 20160822
Ikarus 未发现病毒 20160822
Fortinet 未发现病毒 20160822
AVG 未发现病毒 20160822
Panda 未发现病毒 20160822
Qihoo-360 未发现病毒 20160822
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
23.41.75.27 未知 美国
117.21.218.9 未知 中国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.69 53443 184.28.218.114 80
192.168.122.69 53442 23.41.75.27 ocsp.verisign.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.69 49557 192.168.122.1 53
192.168.122.69 52766 192.168.122.1 53
192.168.122.69 54217 192.168.122.1 53
192.168.122.69 55110 192.168.122.1 53
192.168.122.69 58105 192.168.122.1 53
192.168.122.69 58396 192.168.122.1 53
192.168.122.69 63333 192.168.122.1 53
192.168.122.69 137 192.168.122.255 137
192.168.122.69 52431 224.0.0.252 5355
192.168.122.69 53093 224.0.0.252 5355
192.168.122.69 53197 224.0.0.252 5355
192.168.122.69 54165 224.0.0.252 5355
192.168.122.69 57511 224.0.0.252 5355
192.168.122.69 58967 224.0.0.252 5355
192.168.122.69 59029 224.0.0.252 5355
192.168.122.69 60581 224.0.0.252 5355
192.168.122.69 62204 224.0.0.252 5355
192.168.122.69 64810 224.0.0.252 5355
192.168.122.69 50619 239.255.255.250 1900
192.168.122.69 123 40.69.40.157 123
192.168.122.70 5355 192.168.122.69 53197
192.168.122.70 5355 192.168.122.69 64810

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
ocsp.verisign.com 未知 A 23.41.75.27
CNAME ocsp-ds.ws.symantec.com.edgekey.net
CNAME e8218.dscb1.akamaiedge.net

TCP

源地址 源端口 目标地址 目标端口
192.168.122.69 53443 184.28.218.114 80
192.168.122.69 53442 23.41.75.27 ocsp.verisign.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.69 49557 192.168.122.1 53
192.168.122.69 52766 192.168.122.1 53
192.168.122.69 54217 192.168.122.1 53
192.168.122.69 55110 192.168.122.1 53
192.168.122.69 58105 192.168.122.1 53
192.168.122.69 58396 192.168.122.1 53
192.168.122.69 63333 192.168.122.1 53
192.168.122.69 137 192.168.122.255 137
192.168.122.69 52431 224.0.0.252 5355
192.168.122.69 53093 224.0.0.252 5355
192.168.122.69 53197 224.0.0.252 5355
192.168.122.69 54165 224.0.0.252 5355
192.168.122.69 57511 224.0.0.252 5355
192.168.122.69 58967 224.0.0.252 5355
192.168.122.69 59029 224.0.0.252 5355
192.168.122.69 60581 224.0.0.252 5355
192.168.122.69 62204 224.0.0.252 5355
192.168.122.69 64810 224.0.0.252 5355
192.168.122.69 50619 239.255.255.250 1900
192.168.122.69 123 40.69.40.157 123
192.168.122.70 5355 192.168.122.69 53197
192.168.122.70 5355 192.168.122.69 64810

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://www.msftncsi.com/ncsi.txt 
GET /ncsi.txt HTTP/1.1
Connection: Close
User-Agent: Microsoft NCSI
Host: www.msftncsi.com
URL专业沙箱检测 -> http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
URL专业沙箱检测 -> http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEAz%2FezKc%2F387jS1UKrJYJro%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEAz%2FezKc%2F387jS1UKrJYJro%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
URL专业沙箱检测 -> http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEAz%2FezKc%2F387jS1UKrJYJro%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEAz%2FezKc%2F387jS1UKrJYJro%3D HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 3.992 seconds )

  • 2.281 VirusTotal
  • 0.735 Static
  • 0.41 peid
  • 0.208 NetworkAnalysis
  • 0.205 TargetInfo
  • 0.097 Strings
  • 0.022 AnalysisInfo
  • 0.01 config_decoder
  • 0.008 Debug
  • 0.006 BehaviorAnalysis
  • 0.006 Memory
  • 0.003 Dropped
  • 0.001 ProcessMemory

Signatures ( 0.054 seconds )

  • 0.011 antiav_detectreg
  • 0.005 persistence_autorun
  • 0.005 infostealer_ftp
  • 0.004 antiav_detectfile
  • 0.004 geodo_banking_trojan
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_im
  • 0.002 tinba_behavior
  • 0.002 antianalysis_detectreg
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.002 network_torgateway
  • 0.001 betabot_behavior
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 modify_proxy
  • 0.001 browser_security
  • 0.001 ransomware_files

Reporting ( 1.509 seconds )

  • 0.995 ReportPDF
  • 0.503 ReportHTMLSummary
  • 0.011 Malheur
Task ID 15579
Mongo ID 57c0059b4d3bd014d8bafd7c
Cuckoo release 1.4-Maldun