恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64	2016-09-06 14:45:00	2016-09-06 14:47:14	134 秒

魔盾分数

1.0

正常的

文件详细信息

文件名	bckgzm.exe
文件大小	93696 字节
文件类型	PE32+ executable (GUI) x86-64, for MS Windows
MD5	1c9289324b5558aa5a59fb98359b3fd7
SHA1	b32666e34faed4b0acf1ffcfdcc284568ff61269
SHA256	9ad98be79538dce70f850c5f6c22c029053d51e83781e1da194f3473d9c1bad1
SHA512	f3efe541733842926540166ba7404ee90a659f7facfa480a683cc23dc2050a6222a8acf4cacb84c8c3a75ea9370e7880981511d5f43adde8eb030712e4d2e92b
CRC32	9850B9C8
Ssdeep	1536:oI1bEQ2yNvgnKsYCWeeu5fIyAIjVhiIhTMbnhJNN0I+iKWR1sokDlVt2wVm:oI1gQ/N4nK1CWeeudkIjVhHhTMjtbsoz
Yara	登录查看Yara规则
	样本下载提交漏报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址	0x100000000
入口地址	0x10000353c
声明校验值	0x00020fd8
实际校验值	0x00020fd8
最低操作系统版本要求	6.1
PDB路径	bckgzm.pdb
编译时间	2009-07-14 07:57:13
图标
图标精确哈希值	17f984395dd4efd605184d30e16e7979
图标相似性哈希值	0bc46f2fc4003c5c2a2a797017d54029

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x00003462	0x00003600	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	5.73
.data	0x00005000	0x00000bb8	0x00000600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	1.87
.pdata	0x00006000	0x00000144	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	2.66
.rsrc	0x00007000	0x00012908	0x00012a00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	7.11
.reloc	0x0001a000	0x000001b4	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	2.24

资源

名称	偏移量	大小	语言	子语言	熵(Entropy)	文件类型
MUI	0x00019830	0x000000d8	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.75	data
RT_ICON	0x00019330	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	4.46	GLS_BINARY_LSB_FIRST
RT_ICON	0x00019330	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	4.46	GLS_BINARY_LSB_FIRST
RT_ICON	0x00019330	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	4.46	GLS_BINARY_LSB_FIRST
RT_ICON	0x00019330	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	4.46	GLS_BINARY_LSB_FIRST
RT_ICON	0x00019330	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	4.46	GLS_BINARY_LSB_FIRST
RT_ICON	0x00019330	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	4.46	GLS_BINARY_LSB_FIRST
RT_ICON	0x00019330	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	4.46	GLS_BINARY_LSB_FIRST
RT_ICON	0x00019330	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	4.46	GLS_BINARY_LSB_FIRST
RT_ICON	0x00019330	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	4.46	GLS_BINARY_LSB_FIRST
RT_ICON	0x00019330	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	4.46	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0x00019798	0x00000092	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.90	MS Windows icon resource - 10 icons, 48x48, 16-colors
RT_VERSION	0x00007808	0x0000038c	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.58	DOS executable (COM)
RT_MANIFEST	0x00007350	0x000004b4	LANG_ENGLISH	SUBLANG_ENGLISH_US	4.99	XML document text

导入

库: ADVAPI32.dll:

• 0x100001000 GetTraceEnableFlags

• 0x100001008 GetTraceLoggerHandle

• 0x100001010 UnregisterTraceGuids

• 0x100001018 GetTraceEnableLevel

• 0x100001020 RegisterTraceGuidsW

• 0x100001028 EventUnregister

• 0x100001030 EventRegister

库: msvcrt.dll:

• 0x1000011a0 __set_app_type

• 0x1000011a8 _fmode

• 0x1000011b0 _commode

• 0x1000011b8 __setusermatherr

• 0x1000011c0 ?terminate@@YAXXZ

• 0x1000011c8 _initterm

• 0x1000011d0 _acmdln

• 0x1000011d8 exit

• 0x1000011e0 _cexit

• 0x1000011e8 _ismbblead

• 0x1000011f0 _exit

• 0x1000011f8 ??3@YAXPEAX@Z

• 0x100001200 _XcptFilter

• 0x100001208 __C_specific_handler

• 0x100001210 __getmainargs

• 0x100001218 _amsg_exit

库: COMCTL32.dll:

• 0x100001040 InitCommonControlsEx

库: ole32.dll:

• 0x100001228 CoInitialize

• 0x100001230 CoUninitialize

• 0x100001238 CoCreateInstance

库: OLEAUT32.dll:

• 0x100001138 None

• 0x100001140 None

库: KERNEL32.dll:

• 0x100001078 CreateEventW

• 0x100001080 GetLastError

• 0x100001088 GetModuleFileNameW

• 0x100001090 FormatMessageW

• 0x100001098 FreeLibrary

• 0x1000010a0 CloseHandle

• 0x1000010a8 RtlLookupFunctionEntry

• 0x1000010b0 UnhandledExceptionFilter

• 0x1000010b8 GetCurrentProcess

• 0x1000010c0 TerminateProcess

• 0x1000010c8 RtlCaptureContext

• 0x1000010d0 CreateMutexW

• 0x1000010d8 GetSystemTimeAsFileTime

• 0x1000010e0 GetCurrentProcessId

• 0x1000010e8 GetCurrentThreadId

• 0x1000010f0 GetTickCount

• 0x1000010f8 QueryPerformanceCounter

• 0x100001100 GetModuleHandleW

• 0x100001108 SetUnhandledExceptionFilter

• 0x100001110 RtlVirtualUnwind

• 0x100001118 LoadLibraryW

• 0x100001120 Sleep

• 0x100001128 GetStartupInfoW

库: GDI32.dll:

• 0x100001068 DeleteObject

库: USER32.dll:

• 0x100001150 SetForegroundWindow

• 0x100001158 FindWindowW

• 0x100001160 BringWindowToTop

• 0x100001168 ShowWindow

• 0x100001170 IsWindowVisible

• 0x100001178 MsgWaitForMultipleObjects

• 0x100001180 PeekMessageW

• 0x100001188 LoadStringW

• 0x100001190 MessageBoxW

库: CmnCliM.dll:

• 0x100001050 DisplayFatalApplicationErrorMessage

• 0x100001058 CreateZoneShell

.text
`.data
.pdata
@.rsrc
@.reloc
ADVAPI32.dll
ntdll.DLL
msvcrt.dll
COMCTL32.dll
ole32.dll
OLEAUT32.dll
KERNEL32.dll
GDI32.dll
USER32.dll
CmnCliM.dll
#)MdZ
c7Xhc
EVENT_INPUT_MOUSE_ALERT
RESERVED_EVENT_CLASS_INPUT
EVENT_ACCESSIBILITY_CTLTAB
EVENT_ACCESSIBILITY_UPDATE
RESERVED_EVENT_CLASS_ACCESSIBILITY
EVENT_GRAPHICALACC_UPDATE
RESERVED_EVENT_CLASS_GRAPHICALACC
EVENT_FATAL_ERROR
EVENT_FINAL
EVENT_DESTROY_WINDOW
EVENT_EXIT_APP
RESERVED_EVENT_CLASS_INTERNAL
EVENT_LAUNCH_HELP
RESERVED_EVENT_CLASS_EXTERNAL
EVENT_CHAT_ZPA
EVENT_CHAT_SEND
EVENT_CHAT_RECV_SYSTEM
EVENT_CHAT_RECV_USERID
EVENT_CHAT_RECV
RESERVED_EVENT_CLASS_CHAT
EVENT_GAME_FATAL_PROMPT
EVENT_GAME_PROMPT
EVENT_GAME_TERMINATED
EVENT_GAME_LAUNCHING
EVENT_GAME_BEGUN
EVENT_GAME_OVER
RESERVED_EVENT_CLASS_GAME
EVENT_LOBBY_STATISTICS
EVENT_LOBBY_CHANGE_APPARANCE
EVENT_LOBBY_CHAT_SWITCH
EVENT_LOBBY_ABOUT
EVENT_LOBBY_COMFORT_USER
EVENT_LOBBY_USER_UPDATE_REQUEST
EVENT_LOBBY_USER_UPDATE
EVENT_LOBBY_USER_DEL_COMPLETE
EVENT_LOBBY_USER_DEL
EVENT_LOBBY_USER_NEW
EVENT_LOBBY_CLEAR_ALL
EVENT_LOBBY_PREFERENCES_LOADED
EVENT_LOBBY_BOOTSTRAP
RESERVED_EVENT_CLASS_LOBBY
EVENT_UI_SHOWFOCUS
EVENT_UI_FRAME_ACTIVATE
EVENT_UI_UPSELL_DOWN
EVENT_UI_UPSELL_UP
EVENT_UI_UPSELL_UNBLOCK
EVENT_UI_UPSELL_BLOCK
EVENT_UI_PROMPT_NEWOPP
EVENT_UI_PROMPT_EXIT
EVENT_UI_MENU_SHOWSCORE
EVENT_UI_MENU_NEWOPP
EVENT_UI_MENU_EXIT
EVENT_UI_WINDOW_CLOSE
RESERVED_EVENT_CLASS_UI
EVENT_NETWORK_READY_TO_RECEIVE_GAME_MESSAGES
EVENT_NETWORK_FATAL_ERROR
EVENT_NETWORK_SERVER_CONNECTION_STATUS
EVENT_NETWORK_ZPA_USER_CHANGED_CHAT_STATUS
EVENT_NETWORK_ZPA_USER_REPLACED
EVENT_NETWORK_START_GAME
EVENT_NETWORK_SEND
EVENT_NETWORK_RECEIVE
EVENT_NETWORK_DISCONNECT
EVENT_NETWORK_INITIALIZE_GAME
EVENT_NETWORK_CONNECT
RESERVED_EVENT_CLASS_NETWORK
bckgzm.pdb
GetTraceEnableFlags
GetTraceLoggerHandle
UnregisterTraceGuids
GetTraceEnableLevel
RegisterTraceGuidsW
ADVAPI32.dll
__getmainargs
__C_specific_handler
_XcptFilter
_exit
_ismbblead
_cexit
_acmdln
_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
msvcrt.dll
InitCommonControlsEx
COMCTL32.dll
CoCreateInstance
CoUninitialize
CoInitialize
ole32.dll
OLEAUT32.dll
EventUnregister
EventRegister
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FreeLibrary
LoadLibraryW
GetModuleFileNameW
GetLastError
CreateEventW
CloseHandle
CreateMutexW
FormatMessageW
KERNEL32.dll
DeleteObject
GDI32.dll
MessageBoxW
LoadStringW
PeekMessageW
MsgWaitForMultipleObjects
IsWindowVisible
ShowWindow
BringWindowToTop
FindWindowW
SetForegroundWindow
USER32.dll
??3@YAXPEAX@Z
DisplayFatalApplicationErrorMessage
CreateZoneShell
CmnCliM.dll
P{u%g
%x0C{w
'@@4p
sCCCCBG7
 @p;Rt0
xu {u
 paap
EhAk7KPk/W@
e(0]_
mbckg_zm_***
Backgammon
BckgRes.dll
FriendlyName
InternalName
ZPAGameCode
Lobby
Options
NumUsers
GameDll
HelpFile
SoftURL
FrameWindow
ChatStatus
PlayerNumber
PlayerReady
PlayerSkill
LocalChatStatus
WindowManager
WindowRect
Upsell
MoreGamesURL
IdealFromTop
BottomThresh
NetWaitMsgTime
AnimFrameTime
AnimSize
GameSize
ChatMinHeight
ChatDefaultHeight
DynText
DynRect
DynColor
DynJustify
SkipOpeningQuestion
SkillLevel
SkillLevelTestOverride
GameServerTestOverride
SeenSkillLevelWarning
ChatOnAtStartup
PrefSound
Numbers
AppearanceHighIndex
AppearanceLowIndex
AppearanceRandomChecked
SoundAvail
ScoreAvail
ChatCtl
ChatLeftMargin
ChatRightMargin
ChatTopMargin
ChatBottomMargin
ChatEditHeight
ChatEditMargin
ChatQuasiItemsDisp
ChatPanel
ChatPanelWidth
ChatPanelRightMargin
ChatPlayerListLeftMargin
ChatPlayerListRightMargin
ChatPlayerListWidth
ChatPlayerOffset
ChatWordOffset
ChatWordHeight
ChatRadioOffset
ChatRadioHeight
ChatWordText
ChatOnText
ChatOffText
QuasiChat
ChatMessageNdxBegin
ChatMessageNdxEnd
GameSaveFolder
cmncliM.dll
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Internet Backgammon
FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)
InternalName
bckgzm.exe
LegalCopyright
 Microsoft Corporation. All rights reserved.
OriginalFilename
bckgzm.exe
ProductName
 Operating System
ProductVersion
6.1.7600.16385
VarFileInfo
Translation
en-US

防病毒引擎/厂商	病毒名/规则匹配	病毒库日期
Bkav	未发现病毒	20160727
MicroWorld-eScan	未发现病毒	20160728
nProtect	未发现病毒	20160727
CMC	未发现病毒	20160725
CAT-QuickHeal	未发现病毒	20160727
McAfee	未发现病毒	20160728
Malwarebytes	未发现病毒	20160728
VIPRE	未发现病毒	20160728
TheHacker	未发现病毒	20160726
Alibaba	未发现病毒	20160728
K7GW	未发现病毒	20160728
K7AntiVirus	未发现病毒	20160727
Baidu	未发现病毒	20160727
F-Prot	未发现病毒	20160728
Symantec	未发现病毒	20160728
ESET-NOD32	未发现病毒	20160727
TrendMicro-HouseCall	未发现病毒	20160728
Avast	未发现病毒	20160728
ClamAV	未发现病毒	20160728
Kaspersky	未发现病毒	20160728
BitDefender	未发现病毒	20160728
NANO-Antivirus	未发现病毒	20160727
ViRobot	未发现病毒	20160728
SUPERAntiSpyware	未发现病毒	20160727
Ad-Aware	未发现病毒	20160728
Sophos	未发现病毒	20160728
Comodo	未发现病毒	20160728
F-Secure	未发现病毒	20160728
DrWeb	未发现病毒	20160728
Zillya	未发现病毒	20160727
TrendMicro	未发现病毒	20160728
McAfee-GW-Edition	未发现病毒	20160727
Emsisoft	未发现病毒	20160728
Cyren	未发现病毒	20160728
Jiangmin	未发现病毒	20160728
Avira	未发现病毒	20160727
Antiy-AVL	未发现病毒	20160728
Kingsoft	未发现病毒	20160728
Microsoft	未发现病毒	20160728
Arcabit	未发现病毒	20160728
AegisLab	未发现病毒	20160728
AhnLab-V3	未发现病毒	20160727
GData	未发现病毒	20160728
TotalDefense	未发现病毒	20160726
ALYac	未发现病毒	20160728
AVware	未发现病毒	20160728
VBA32	未发现病毒	20160727
Zoner	未发现病毒	20160728
Tencent	未发现病毒	20160728
Yandex	未发现病毒	20160724
Ikarus	未发现病毒	20160727
Fortinet	未发现病毒	20160728
AVG	未发现病毒	20160728
Panda	未发现病毒	20160727
Qihoo-360	未发现病毒	20160728

进程树

bckgzm.exe id: 2232

搜索
bckgzm.exe (2232)

bckgzm.exe, PID: 2232, 上一级进程 PID: 2696

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.69	53446	23.32.241.25	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.69	52766	192.168.122.1	53
192.168.122.69	57129	192.168.122.1	53
192.168.122.69	58396	192.168.122.1	53
192.168.122.69	63333	192.168.122.1	53
192.168.122.69	137	192.168.122.255	137
192.168.122.69	138	192.168.122.255	138
192.168.122.69	53197	224.0.0.252	5355
192.168.122.69	64810	224.0.0.252	5355
192.168.122.69	50619	239.255.255.250	1900
192.168.122.69	123	52.169.179.91	123
192.168.122.70	5355	192.168.122.69	53197

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.69	53446	23.32.241.25	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.69	52766	192.168.122.1	53
192.168.122.69	57129	192.168.122.1	53
192.168.122.69	58396	192.168.122.1	53
192.168.122.69	63333	192.168.122.1	53
192.168.122.69	137	192.168.122.255	137
192.168.122.69	138	192.168.122.255	138
192.168.122.69	53197	224.0.0.252	5355
192.168.122.69	64810	224.0.0.252	5355
192.168.122.69	50619	239.255.255.250	1900
192.168.122.69	123	52.169.179.91	123
192.168.122.70	5355	192.168.122.69	53197

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://www.msftncsi.com/ncsi.txt	GET /ncsi.txt HTTP/1.1 Connection: Close User-Agent: Microsoft NCSI Host: www.msftncsi.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 5.276 seconds )

2.582 NetworkAnalysis
1.465 VirusTotal
0.442 Static
0.26 peid
0.206 BehaviorAnalysis
0.185 TargetInfo
0.099 AnalysisInfo
0.014 Strings
0.009 config_decoder
0.008 Debug
0.003 Dropped
0.002 Memory
0.001 ProcessMemory

Signatures ( 0.094 seconds )

0.02 antiav_detectreg
0.009 infostealer_ftp
0.006 stealth_timeout
0.006 antiav_detectfile
0.006 infostealer_im
0.005 persistence_autorun
0.005 infostealer_mail
0.004 antianalysis_detectreg
0.004 geodo_banking_trojan
0.004 infostealer_bitcoin
0.003 browser_security
0.002 tinba_behavior
0.002 antivm_vbox_files
0.002 bot_drive2
0.002 modify_proxy
0.002 disables_browser_warn
0.002 ransomware_files
0.001 antiemu_wine_func
0.001 betabot_behavior
0.001 antivm_vbox_libs
0.001 kibex_behavior
0.001 shifu_behavior
0.001 antivm_generic_disk
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 browser_addon
0.001 modify_uac_prompt

Reporting ( 2.143 seconds )

1.069 ReportHTMLSummary
1.062 ReportPDF
0.012 Malheur


Task ID	16161
Mongo ID	57ce667a4d3bd048e498282f
Cuckoo release	1.4-Maldun