恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64	2016-09-06 14:56:02	2016-09-06 14:58:17	135 秒

魔盾分数

3.0

可疑的

文件详细信息

文件名	shvlzm.exe
文件大小	95232 字节
文件类型	PE32+ executable (GUI) x86-64, for MS Windows
MD5	89f37ffa37b28807b1e7628be13664c5
SHA1	c85fdf9b8b47d4d62eec66ba7d15d3232e87033a
SHA256	0c71fa7b4382aff51048a6295a17683edb4eced025263e9f185f2429fc95f549
SHA512	8e0de51e523e173b2378a5bb39690e7d70531cfa3b48aaceb5f3c696865482c7c8ddb5e855b56815980abaab17c95db67b8cf4c2d291f53988e3dd9ed1d08464
CRC32	80CF6678
Ssdeep	1536:xI1ZsQ2yNGYx0evX6Mh+t44SFzM7C1qP+tVElXB/Mu2NT1DdrHKbclOK2:xI1WQ/NH4MQUzMWAP6VElR/Mu2lZdmYl
Yara	登录查看Yara规则
	样本下载提交漏报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级
是	58.211.137.192	中国
是	23.59.139.27	美国
是	23.44.155.27	美国
是	117.18.237.29	亚洲太平洋地区

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址	0x100000000
入口地址	0x10000353c
声明校验值	0x000235b3
实际校验值	0x000235b3
最低操作系统版本要求	6.1
PDB路径	shvlzm.pdb
编译时间	2009-07-14 07:57:13
图标
图标精确哈希值	4899dc48323d8d1f23abe8b05c4553ce
图标相似性哈希值	890d4ecf92ec5c352647e69c774cd137

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x00003462	0x00003600	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	5.73
.data	0x00005000	0x00000bb8	0x00000600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	1.88
.pdata	0x00006000	0x00000144	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	2.66
.rsrc	0x00007000	0x00012e30	0x00013000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	7.24
.reloc	0x0001a000	0x000001b4	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	2.24

资源

名称	偏移量	大小	语言	子语言	熵(Entropy)	文件类型
MUI	0x00019d58	0x000000d8	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.70	data
RT_ICON	0x00019858	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	4.94	GLS_BINARY_LSB_FIRST
RT_ICON	0x00019858	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	4.94	GLS_BINARY_LSB_FIRST
RT_ICON	0x00019858	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	4.94	GLS_BINARY_LSB_FIRST
RT_ICON	0x00019858	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	4.94	GLS_BINARY_LSB_FIRST
RT_ICON	0x00019858	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	4.94	GLS_BINARY_LSB_FIRST
RT_ICON	0x00019858	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	4.94	GLS_BINARY_LSB_FIRST
RT_ICON	0x00019858	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	4.94	GLS_BINARY_LSB_FIRST
RT_ICON	0x00019858	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	4.94	GLS_BINARY_LSB_FIRST
RT_ICON	0x00019858	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	4.94	GLS_BINARY_LSB_FIRST
RT_ICON	0x00019858	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	4.94	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0x00019cc0	0x00000092	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.90	MS Windows icon resource - 10 icons, 48x48, 16-colors
RT_VERSION	0x00007800	0x00000384	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.57	data
RT_MANIFEST	0x00007350	0x000004ac	LANG_ENGLISH	SUBLANG_ENGLISH_US	4.97	XML document text

导入

库: ADVAPI32.dll:

• 0x100001000 GetTraceEnableFlags

• 0x100001008 GetTraceLoggerHandle

• 0x100001010 UnregisterTraceGuids

• 0x100001018 GetTraceEnableLevel

• 0x100001020 RegisterTraceGuidsW

• 0x100001028 EventUnregister

• 0x100001030 EventRegister

库: msvcrt.dll:

• 0x1000011a0 __set_app_type

• 0x1000011a8 _fmode

• 0x1000011b0 _commode

• 0x1000011b8 __setusermatherr

• 0x1000011c0 ?terminate@@YAXXZ

• 0x1000011c8 _initterm

• 0x1000011d0 _acmdln

• 0x1000011d8 exit

• 0x1000011e0 _cexit

• 0x1000011e8 _ismbblead

• 0x1000011f0 _exit

• 0x1000011f8 ??3@YAXPEAX@Z

• 0x100001200 _XcptFilter

• 0x100001208 __C_specific_handler

• 0x100001210 __getmainargs

• 0x100001218 _amsg_exit

库: COMCTL32.dll:

• 0x100001040 InitCommonControlsEx

库: ole32.dll:

• 0x100001228 CoInitialize

• 0x100001230 CoUninitialize

• 0x100001238 CoCreateInstance

库: OLEAUT32.dll:

• 0x100001138 None

• 0x100001140 None

库: KERNEL32.dll:

• 0x100001078 CreateEventW

• 0x100001080 GetLastError

• 0x100001088 GetModuleFileNameW

• 0x100001090 FormatMessageW

• 0x100001098 FreeLibrary

• 0x1000010a0 CloseHandle

• 0x1000010a8 RtlLookupFunctionEntry

• 0x1000010b0 UnhandledExceptionFilter

• 0x1000010b8 GetCurrentProcess

• 0x1000010c0 TerminateProcess

• 0x1000010c8 RtlCaptureContext

• 0x1000010d0 CreateMutexW

• 0x1000010d8 GetSystemTimeAsFileTime

• 0x1000010e0 GetCurrentProcessId

• 0x1000010e8 GetCurrentThreadId

• 0x1000010f0 GetTickCount

• 0x1000010f8 QueryPerformanceCounter

• 0x100001100 GetModuleHandleW

• 0x100001108 SetUnhandledExceptionFilter

• 0x100001110 RtlVirtualUnwind

• 0x100001118 LoadLibraryW

• 0x100001120 Sleep

• 0x100001128 GetStartupInfoW

库: GDI32.dll:

• 0x100001068 DeleteObject

库: USER32.dll:

• 0x100001150 SetForegroundWindow

• 0x100001158 FindWindowW

• 0x100001160 BringWindowToTop

• 0x100001168 ShowWindow

• 0x100001170 IsWindowVisible

• 0x100001178 MsgWaitForMultipleObjects

• 0x100001180 PeekMessageW

• 0x100001188 LoadStringW

• 0x100001190 MessageBoxW

库: CmnCliM.dll:

• 0x100001050 DisplayFatalApplicationErrorMessage

• 0x100001058 CreateZoneShell

.text
`.data
.pdata
@.rsrc
@.reloc
ADVAPI32.dll
ntdll.DLL
msvcrt.dll
COMCTL32.dll
ole32.dll
OLEAUT32.dll
KERNEL32.dll
GDI32.dll
USER32.dll
CmnCliM.dll
#)MdZ
c7Xhc
EVENT_INPUT_MOUSE_ALERT
RESERVED_EVENT_CLASS_INPUT
EVENT_ACCESSIBILITY_CTLTAB
EVENT_ACCESSIBILITY_UPDATE
RESERVED_EVENT_CLASS_ACCESSIBILITY
EVENT_GRAPHICALACC_UPDATE
RESERVED_EVENT_CLASS_GRAPHICALACC
EVENT_FATAL_ERROR
EVENT_FINAL
EVENT_DESTROY_WINDOW
EVENT_EXIT_APP
RESERVED_EVENT_CLASS_INTERNAL
EVENT_LAUNCH_HELP
RESERVED_EVENT_CLASS_EXTERNAL
EVENT_CHAT_ZPA
EVENT_CHAT_SEND
EVENT_CHAT_RECV_SYSTEM
EVENT_CHAT_RECV_USERID
EVENT_CHAT_RECV
RESERVED_EVENT_CLASS_CHAT
EVENT_GAME_FATAL_PROMPT
EVENT_GAME_PROMPT
EVENT_GAME_TERMINATED
EVENT_GAME_LAUNCHING
EVENT_GAME_BEGUN
EVENT_GAME_OVER
RESERVED_EVENT_CLASS_GAME
EVENT_LOBBY_STATISTICS
EVENT_LOBBY_CHANGE_APPARANCE
EVENT_LOBBY_CHAT_SWITCH
EVENT_LOBBY_ABOUT
EVENT_LOBBY_COMFORT_USER
EVENT_LOBBY_USER_UPDATE_REQUEST
EVENT_LOBBY_USER_UPDATE
EVENT_LOBBY_USER_DEL_COMPLETE
EVENT_LOBBY_USER_DEL
EVENT_LOBBY_USER_NEW
EVENT_LOBBY_CLEAR_ALL
EVENT_LOBBY_PREFERENCES_LOADED
EVENT_LOBBY_BOOTSTRAP
RESERVED_EVENT_CLASS_LOBBY
EVENT_UI_SHOWFOCUS
EVENT_UI_FRAME_ACTIVATE
EVENT_UI_UPSELL_DOWN
EVENT_UI_UPSELL_UP
EVENT_UI_UPSELL_UNBLOCK
EVENT_UI_UPSELL_BLOCK
EVENT_UI_PROMPT_NEWOPP
EVENT_UI_PROMPT_EXIT
EVENT_UI_MENU_SHOWSCORE
EVENT_UI_MENU_NEWOPP
EVENT_UI_MENU_EXIT
EVENT_UI_WINDOW_CLOSE
RESERVED_EVENT_CLASS_UI
EVENT_NETWORK_READY_TO_RECEIVE_GAME_MESSAGES
EVENT_NETWORK_FATAL_ERROR
EVENT_NETWORK_SERVER_CONNECTION_STATUS
EVENT_NETWORK_ZPA_USER_CHANGED_CHAT_STATUS
EVENT_NETWORK_ZPA_USER_REPLACED
EVENT_NETWORK_START_GAME
EVENT_NETWORK_SEND
EVENT_NETWORK_RECEIVE
EVENT_NETWORK_DISCONNECT
EVENT_NETWORK_INITIALIZE_GAME
EVENT_NETWORK_CONNECT
RESERVED_EVENT_CLASS_NETWORK
shvlzm.pdb
GetTraceEnableFlags
GetTraceLoggerHandle
UnregisterTraceGuids
GetTraceEnableLevel
RegisterTraceGuidsW
ADVAPI32.dll
__getmainargs
__C_specific_handler
_XcptFilter
_exit
_ismbblead
_cexit
_acmdln
_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
msvcrt.dll
InitCommonControlsEx
COMCTL32.dll
CoCreateInstance
CoUninitialize
CoInitialize
ole32.dll
OLEAUT32.dll
EventUnregister
EventRegister
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FreeLibrary
LoadLibraryW
GetModuleFileNameW
GetLastError
CreateEventW
CloseHandle
CreateMutexW
FormatMessageW
KERNEL32.dll
DeleteObject
GDI32.dll
MessageBoxW
LoadStringW
PeekMessageW
MsgWaitForMultipleObjects
IsWindowVisible
ShowWindow
BringWindowToTop
FindWindowW
SetForegroundWindow
USER32.dll
??3@YAXPEAX@Z
DisplayFatalApplicationErrorMessage
CreateZoneShell
CmnCliM.dll
INJ9+*1
~~yzzzx
DDO=O
@P@=P
D,*"?P[][[V
%6W[TY]]K
@M0L]TS[K
;YX80HGE-
fZY}?F
d0+++
)_mVri&Z
!l(eV
;44T#
mshvl_zm_***
Spades
ShvlRes.dll
FriendlyName
InternalName
ZPAGameCode
Lobby
Options
NumUsers
GameDll
HelpFile
SoftURL
FrameWindow
ChatStatus
PlayerNumber
PlayerReady
PlayerSkill
LocalChatStatus
WindowManager
WindowRect
Upsell
MoreGamesURL
IdealFromTop
BottomThresh
NetWaitMsgTime
AnimFrameTime
AnimSize
GameSize
ChatMinHeight
ChatDefaultHeight
DynText
DynRect
DynColor
DynJustify
SkipOpeningQuestion
SkillLevel
SkillLevelTestOverride
GameServerTestOverride
SeenSkillLevelWarning
ChatOnAtStartup
PrefSound
Numbers
AppearanceHighIndex
AppearanceLowIndex
AppearanceRandomChecked
SoundAvail
ScoreAvail
ChatCtl
ChatLeftMargin
ChatRightMargin
ChatTopMargin
ChatBottomMargin
ChatEditHeight
ChatEditMargin
ChatQuasiItemsDisp
ChatPanel
ChatPanelWidth
ChatPanelRightMargin
ChatPlayerListLeftMargin
ChatPlayerListRightMargin
ChatPlayerListWidth
ChatPlayerOffset
ChatWordOffset
ChatWordHeight
ChatRadioOffset
ChatRadioHeight
ChatWordText
ChatOnText
ChatOffText
QuasiChat
ChatMessageNdxBegin
ChatMessageNdxEnd
GameSaveFolder
cmncliM.dll
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Internet Spades
FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)
InternalName
shvlzm.exe
LegalCopyright
 Microsoft Corporation. All rights reserved.
OriginalFilename
shvlzm.exe
ProductName
 Operating System
ProductVersion
6.1.7600.16385
VarFileInfo
Translation
en-US

防病毒引擎/厂商	病毒名/规则匹配	病毒库日期
Bkav	未发现病毒	20160727
MicroWorld-eScan	未发现病毒	20160728
nProtect	未发现病毒	20160727
CMC	未发现病毒	20160728
CAT-QuickHeal	未发现病毒	20160727
McAfee	未发现病毒	20160728
Malwarebytes	未发现病毒	20160728
VIPRE	未发现病毒	20160728
AegisLab	未发现病毒	20160728
TheHacker	未发现病毒	20160726
BitDefender	未发现病毒	20160728
K7GW	未发现病毒	20160728
K7AntiVirus	未发现病毒	20160728
Baidu	未发现病毒	20160728
F-Prot	未发现病毒	20160728
Symantec	未发现病毒	20160728
ESET-NOD32	未发现病毒	20160728
TrendMicro-HouseCall	未发现病毒	20160728
Avast	未发现病毒	20160728
ClamAV	未发现病毒	20160728
Kaspersky	未发现病毒	20160728
Alibaba	未发现病毒	20160728
NANO-Antivirus	未发现病毒	20160728
ViRobot	未发现病毒	20160728
Ad-Aware	未发现病毒	20160728
Sophos	未发现病毒	20160728
Comodo	未发现病毒	20160728
F-Secure	未发现病毒	20160728
DrWeb	未发现病毒	20160728
Zillya	未发现病毒	20160728
TrendMicro	未发现病毒	20160728
McAfee-GW-Edition	未发现病毒	20160727
Emsisoft	未发现病毒	20160728
Cyren	未发现病毒	20160728
Jiangmin	未发现病毒	20160728
Avira	未发现病毒	20160728
Antiy-AVL	未发现病毒	20160728
Kingsoft	未发现病毒	20160728
Microsoft	未发现病毒	20160728
Arcabit	未发现病毒	20160728
SUPERAntiSpyware	未发现病毒	20160728
AhnLab-V3	未发现病毒	20160728
GData	未发现病毒	20160728
TotalDefense	未发现病毒	20160726
ALYac	未发现病毒	20160728
AVware	未发现病毒	20160728
VBA32	未发现病毒	20160727
Zoner	未发现病毒	20160728
Tencent	未发现病毒	20160728
Yandex	未发现病毒	20160724
Ikarus	未发现病毒	20160728
Fortinet	未发现病毒	20160728
AVG	未发现病毒	20160728
Panda	未发现病毒	20160727
Qihoo-360	未发现病毒	20160728

进程树

shvlzm.exe id: 1332

搜索
shvlzm.exe (1332)

shvlzm.exe, PID: 1332, 上一级进程 PID: 1472

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级
是	58.211.137.192	中国
是	23.59.139.27	美国
是	23.44.155.27	美国
是	117.18.237.29	亚洲太平洋地区

TCP

源地址	源端口	目标地址	目标端口
192.168.122.69	53446	23.65.182.99	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.69	52766	192.168.122.1	53
192.168.122.69	57129	192.168.122.1	53
192.168.122.69	58396	192.168.122.1	53
192.168.122.69	63333	192.168.122.1	53
192.168.122.69	137	192.168.122.255	137
192.168.122.69	138	192.168.122.255	138
192.168.122.69	53197	224.0.0.252	5355
192.168.122.69	64810	224.0.0.252	5355
192.168.122.69	50619	239.255.255.250	1900
192.168.122.69	123	52.169.179.91	123
192.168.122.70	5355	192.168.122.69	53197

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.69	53446	23.65.182.99	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.69	52766	192.168.122.1	53
192.168.122.69	57129	192.168.122.1	53
192.168.122.69	58396	192.168.122.1	53
192.168.122.69	63333	192.168.122.1	53
192.168.122.69	137	192.168.122.255	137
192.168.122.69	138	192.168.122.255	138
192.168.122.69	53197	224.0.0.252	5355
192.168.122.69	64810	224.0.0.252	5355
192.168.122.69	50619	239.255.255.250	1900
192.168.122.69	123	52.169.179.91	123
192.168.122.70	5355	192.168.122.69	53197

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://www.msftncsi.com/ncsi.txt	GET /ncsi.txt HTTP/1.1 Connection: Close User-Agent: Microsoft NCSI Host: www.msftncsi.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 25.855 seconds )

22.794 NetworkAnalysis
1.495 VirusTotal
0.639 Static
0.466 peid
0.216 TargetInfo
0.179 BehaviorAnalysis
0.022 AnalysisInfo
0.014 Strings
0.009 Debug
0.009 config_decoder
0.007 ProcessMemory
0.003 Dropped
0.002 Memory

Signatures ( 0.088 seconds )

0.019 antiav_detectreg
0.01 infostealer_ftp
0.006 stealth_timeout
0.006 infostealer_im
0.005 persistence_autorun
0.005 antiav_detectfile
0.004 antianalysis_detectreg
0.004 geodo_banking_trojan
0.004 infostealer_bitcoin
0.004 infostealer_mail
0.002 tinba_behavior
0.002 antivm_vbox_files
0.002 bot_drive
0.002 disables_browser_warn
0.002 ransomware_files
0.001 antiemu_wine_func
0.001 betabot_behavior
0.001 stealth_file
0.001 antivm_vbox_libs
0.001 kibex_behavior
0.001 shifu_behavior
0.001 antivm_generic_disk
0.001 banker_zeus_mutex
0.001 bot_drive2
0.001 modify_proxy
0.001 browser_security

Reporting ( 1.606 seconds )

0.979 ReportPDF
0.616 ReportHTMLSummary
0.011 Malheur


Task ID	16176
Mongo ID	57ce69254d3bd048e498297a
Cuckoo release	1.4-Maldun