分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp01-1 2018-05-22 10:18:34 2018-05-22 10:20:52 138 秒

魔盾分数

2.0

正常的

文件详细信息

文件名 天若OCR文字识别.exe
文件大小 2129920 字节
文件类型 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 f15c339c57a5ef1b1a10e2c7510367cf
SHA1 e4419658cd7b10ead9794bebf18e994a4bfbf2ea
SHA256 52dbb897e99751e2aa39f4d86d1c503c5b01e85263efd64ed3f342bfcdae683f
SHA512 af783fbd4779283285f48200ecc8c638197140f15ff4143848eb4a11aa9122c79348d21607d327b02678c6e95bba2e03c4cc7c06b761381811ca5d0ca8744968
CRC32 879A1038
Ssdeep 49152:TFi3mB6YOlLBhyIE1kAexi190hFwvKka:RwmB6YOe10Phk
Yara 登录查看Yara规则
样本下载 提交漏报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
61.147.125.121 未知 中国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
cc.ys168.com 未知 A 61.147.125.121

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x005ee59e
声明校验值 0x00000000
实际校验值 0x00214326
最低操作系统版本要求 4.0
编译时间 2018-03-14 10:21:03
载入哈希 f34d5f2d4577ed6d9ceec516c1f5a744
图标
图标精确哈希值 d7a0e95649acd46645b16507da529b42
图标相似性哈希值 b20f601c5f8e2087b2cfb9bfe70e6510

版本信息

Translation
LegalCopyright
Assembly Version
InternalName
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
OriginalFilename

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00002000 0x001ec5a4 0x001ec600 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 7.23
.rsrc 0x001f0000 0x0001b53b 0x0001b600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.19
.reloc 0x0020c000 0x0000000c 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 0.10

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_ICON 0x0020a88c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.84 GLS_BINARY_LSB_FIRST
RT_ICON 0x0020a88c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.84 GLS_BINARY_LSB_FIRST
RT_ICON 0x0020a88c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.84 GLS_BINARY_LSB_FIRST
RT_ICON 0x0020a88c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.84 GLS_BINARY_LSB_FIRST
RT_ICON 0x0020a88c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.84 GLS_BINARY_LSB_FIRST
RT_ICON 0x0020a88c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.84 GLS_BINARY_LSB_FIRST
RT_ICON 0x0020a88c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.84 GLS_BINARY_LSB_FIRST
RT_ICON 0x0020a88c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.84 GLS_BINARY_LSB_FIRST
RT_ICON 0x0020a88c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.84 GLS_BINARY_LSB_FIRST
RT_ICON 0x0020a88c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.84 GLS_BINARY_LSB_FIRST
RT_ICON 0x0020a88c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.84 GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x0020acf4 0x000000a0 LANG_NEUTRAL SUBLANG_NEUTRAL 3.01 MS Windows icon resource - 11 icons, 48x48, 16 colors
RT_VERSION 0x0020ad94 0x00000320 LANG_NEUTRAL SUBLANG_NEUTRAL 3.68 data
RT_MANIFEST 0x0020b0b4 0x00000487 LANG_NEUTRAL SUBLANG_NEUTRAL 5.10 XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

导入

库: mscoree.dll:
0x402000 _CorExeMain

装载信息

名称 \xe5\xa4\xa9\xe8\x8b\xa5OCR\xe6\x96\x87\xe5\xad\x97\xe8\xaf\x86\xe5\x88\xab
版本 1.0.0.0

装载参考

名称 版本
System.Windows.Forms 4.0.0.0
System.Drawing 4.0.0.0
System 4.0.0.0
mscorlib 4.0.0.0
Newtonsoft.Json 10.0.0.0
System.Web 4.0.0.0
zxing 0.16.2.0
System.Core 4.0.0.0

自定义属性

类型 名称
Assembly [mscorlib]System.Reflection.AssemblyCopyrightAttribute Copyright \xc2\xa9 Microsoft 20
Assembly [mscorlib]System.Reflection.AssemblyProductAttribute \xe5\xa4\xa9\xe8\x8b\xa5OCR\xe6\x96\x87\xe5\xad\x97\xe8\xaf\x86\xe5
Assembly [mscorlib]System.Reflection.AssemblyCompanyAttribute Microso
Assembly [mscorlib]System.Runtime.InteropServices.GuidAttribute b42ca6f6-3a1a-44b5-9993-eab6000123
Assembly [mscorlib]System.Reflection.AssemblyTitleAttribute \xe5\xa4\xa9\xe8\x8b\xa5OCR\xe6\x96\x87\xe5\xad\x97\xe8\xaf\x86\xe5
Assembly [mscorlib]System.Reflection.AssemblyDescriptionAttribute \xe5\xa4\xa9\xe8\x8b\xa5\xe5\xb9\xbd\xe5\xbf\x83\xe5\x88\xb6\xe4
Assembly [mscorlib]System.Reflection.AssemblyFileVersionAttribute 1.0.0
TypeDef [System]System.ComponentModel.DescriptionAttribute Provides a user control that allows the user to edit HTML pag
Property [System]System.ComponentModel.DescriptionAttribute \xe6\x98\xaf\xe5\x90\xa6\xe6\x98\xbe\xe7\xa4\xba\xe9\xa2\x9c\xe8\x89\xb2\xe6\x8f\x90\xe7
Property [System]System.ComponentModel.DescriptionAttribute \xe9\xab\x98\xe4\xba\xae\xe8\x83\x8c\xe6\x99\xaf\xe8
Property [System]System.ComponentModel.DescriptionAttribute \xe8\x8e\xb7\xe5\x8f\x96\xe6\x88\x96\xe8\xae\xbe\xe7\xbd\xae\xe8\xbe\xb9\xe6\xa1\x86\xe7\xb1\xbb\xe5\x9e\x8b\xe3
Property [System]System.ComponentModel.DescriptionAttribute \xe8\x8e\xb7\xe5\x8f\x96\xe6\x88\x96\xe8\xae\xbe\xe7\xbd\xae\xe4\xb8\x89\xe7\xbb\xb4\xe8\xbe\xb9\xe6\xa1\x86\xe6\xa0\xb7\xe5\xbc\x8f\xe3
Property [System]System.ComponentModel.DescriptionAttribute \xe8\x8e\xb7\xe5\x8f\x96\xe6\x88\x96\xe8\xae\xbe\xe7\xbd\xae\xe7\xba\xbf\xe5\x9e\x8b\xe8\xbe\xb9\xe6\xa1\x86\xe6\xa0\xb7\xe5\xbc\x8f\xe3
Property [System]System.ComponentModel.DescriptionAttribute \xe8\x8e\xb7\xe5\x8f\x96\xe6\x88\x96\xe8\xae\xbe\xe7\xbd\xae\xe8\xbe\xb9\xe6\xa1\x86\xe9\xa2\x9c\xe8\x89\xb2\xef\xbc\x88\xe4\xbb\x85\xe5\xbd\x93\xe8\xbe\xb9\xe6\xa1\x86\xe7\xb1\xbb\xe5\x9e\x8b\xe4\xb8\xba\xe7\xba\xbf\xe5\x9e\x8b\xe6\x97\xb6\xe6\x9c\x89\xe6\x95\x88\xef\xbc\x89\xe3
TypeDef [System]System.ComponentModel.DescriptionAttribute ToolStripItem that allows selecting a color from a color picker contro
TypeDef [System]System.ComponentModel.DefaultEventAttribute SelectedColorChang

类型参考

装载 类型名称
Newtonsoft.Json Newtonsoft.Json.JsonConvert
Newtonsoft.Json Newtonsoft.Json.Linq.JArray
Newtonsoft.Json Newtonsoft.Json.Linq.JContainer
Newtonsoft.Json Newtonsoft.Json.Linq.JObject
Newtonsoft.Json Newtonsoft.Json.Linq.JToken
System System.CodeDom.Compiler.GeneratedCodeAttribute
System System.Collections.Specialized.NameValueCollection
System System.ComponentModel.BrowsableAttribute
System System.ComponentModel.Component
System System.ComponentModel.ComponentResourceManager
System System.ComponentModel.Container
System System.ComponentModel.DefaultEventAttribute
System System.ComponentModel.DefaultPropertyAttribute
System System.ComponentModel.DefaultValueAttribute
System System.ComponentModel.DescriptionAttribute
System System.ComponentModel.EditorBrowsableAttribute
System System.ComponentModel.EditorBrowsableState
System System.ComponentModel.IContainer
System System.ComponentModel.ISupportInitialize
System System.ComponentModel.ToolboxItemAttribute
System System.Configuration.ApplicationSettingsBase
System System.Configuration.SettingsBase
System System.Diagnostics.Process
System System.Net.Cookie
System System.Net.CookieCollection
System System.Net.CookieContainer
System System.Net.HttpWebRequest
System System.Net.HttpWebResponse
System System.Net.IWebProxy
System System.Net.SecurityProtocolType
System System.Net.ServicePointManager
System System.Net.WebException
System System.Net.WebHeaderCollection
System System.Net.WebRequest
System System.Net.WebResponse
System System.Text.RegularExpressions.Capture
System System.Text.RegularExpressions.CaptureCollection
System System.Text.RegularExpressions.Group
System System.Text.RegularExpressions.GroupCollection
System System.Text.RegularExpressions.Match
System System.Text.RegularExpressions.MatchCollection
System System.Text.RegularExpressions.Regex
System System.Text.RegularExpressions.RegexOptions
System System.Timers.Timer
System.Core System.Linq.Enumerable
System.Drawing System.Drawing.Bitmap
System.Drawing System.Drawing.Brush
System.Drawing System.Drawing.Brushes
System.Drawing System.Drawing.Color
System.Drawing System.Drawing.ContentAlignment
System.Drawing System.Drawing.CopyPixelOperation
System.Drawing System.Drawing.Drawing2D.CompositingQuality
System.Drawing System.Drawing.Drawing2D.GraphicsState
System.Drawing System.Drawing.Drawing2D.InterpolationMode
System.Drawing System.Drawing.Drawing2D.LinearGradientBrush
System.Drawing System.Drawing.Drawing2D.SmoothingMode
System.Drawing System.Drawing.Font
System.Drawing System.Drawing.FontStyle
System.Drawing System.Drawing.Graphics
System.Drawing System.Drawing.GraphicsUnit
System.Drawing System.Drawing.Icon
System.Drawing System.Drawing.Image
System.Drawing System.Drawing.Imaging.ImageFormat
System.Drawing System.Drawing.Imaging.PixelFormat
System.Drawing System.Drawing.Pen
System.Drawing System.Drawing.Pens
System.Drawing System.Drawing.Point
System.Drawing System.Drawing.Rectangle
System.Drawing System.Drawing.RectangleF
System.Drawing System.Drawing.Size
System.Drawing System.Drawing.SizeF
System.Drawing System.Drawing.SolidBrush
System.Drawing System.Drawing.StringAlignment
System.Drawing System.Drawing.StringFormat
System.Drawing System.Drawing.ToolboxBitmapAttribute
System.Web System.Web.HttpUtility
System.Windows.Forms System.Windows.Forms.Application
System.Windows.Forms System.Windows.Forms.AutoScaleMode
System.Windows.Forms System.Windows.Forms.BaseCollection
System.Windows.Forms System.Windows.Forms.Border3DStyle
System.Windows.Forms System.Windows.Forms.BorderStyle
System.Windows.Forms System.Windows.Forms.Button
System.Windows.Forms System.Windows.Forms.ButtonBase
System.Windows.Forms System.Windows.Forms.ButtonBorderStyle
System.Windows.Forms System.Windows.Forms.Clipboard
System.Windows.Forms System.Windows.Forms.CommonDialog
System.Windows.Forms System.Windows.Forms.ContainerControl
System.Windows.Forms System.Windows.Forms.ContextMenu
System.Windows.Forms System.Windows.Forms.ContextMenuStrip
System.Windows.Forms System.Windows.Forms.Control
System.Windows.Forms System.Windows.Forms.Control/ControlCollection
System.Windows.Forms System.Windows.Forms.ControlPaint
System.Windows.Forms System.Windows.Forms.ControlStyles
System.Windows.Forms System.Windows.Forms.CreateParams
System.Windows.Forms System.Windows.Forms.Cursor
System.Windows.Forms System.Windows.Forms.Cursors
System.Windows.Forms System.Windows.Forms.DataFormats
System.Windows.Forms System.Windows.Forms.DataGridView
System.Windows.Forms System.Windows.Forms.DataGridViewBand
System.Windows.Forms System.Windows.Forms.DataGridViewCell
System.Windows.Forms System.Windows.Forms.DataGridViewCellBorderStyle
System.Windows.Forms System.Windows.Forms.DataGridViewCellCollection
System.Windows.Forms System.Windows.Forms.DataGridViewCellStyle
System.Windows.Forms System.Windows.Forms.DataGridViewColumn
System.Windows.Forms System.Windows.Forms.DataGridViewColumnCollection
System.Windows.Forms System.Windows.Forms.DataGridViewEditMode
System.Windows.Forms System.Windows.Forms.DataGridViewRow
System.Windows.Forms System.Windows.Forms.DataGridViewRowCollection
System.Windows.Forms System.Windows.Forms.DataGridViewSelectedRowCollection
System.Windows.Forms System.Windows.Forms.DataGridViewSelectionMode
System.Windows.Forms System.Windows.Forms.DataObject
System.Windows.Forms System.Windows.Forms.DialogResult
System.Windows.Forms System.Windows.Forms.DockStyle
System.Windows.Forms System.Windows.Forms.DrawItemEventArgs
System.Windows.Forms System.Windows.Forms.DrawItemState
System.Windows.Forms System.Windows.Forms.FolderBrowserDialog
System.Windows.Forms System.Windows.Forms.Form
System.Windows.Forms System.Windows.Forms.FormBorderStyle
System.Windows.Forms System.Windows.Forms.FormClosedEventArgs
System.Windows.Forms System.Windows.Forms.FormClosedEventHandler
System.Windows.Forms System.Windows.Forms.FormClosingEventHandler
System.Windows.Forms System.Windows.Forms.FormStartPosition
System.Windows.Forms System.Windows.Forms.FormWindowState
System.Windows.Forms System.Windows.Forms.GroupBox
System.Windows.Forms System.Windows.Forms.HtmlDocument
System.Windows.Forms System.Windows.Forms.HtmlElement
System.Windows.Forms System.Windows.Forms.HtmlElementEventArgs
System.Windows.Forms System.Windows.Forms.HtmlElementEventHandler
System.Windows.Forms System.Windows.Forms.HtmlWindow
System.Windows.Forms System.Windows.Forms.IDataObject
System.Windows.Forms System.Windows.Forms.IMessageFilter
System.Windows.Forms System.Windows.Forms.IWin32Window
System.Windows.Forms System.Windows.Forms.ImeMode
System.Windows.Forms System.Windows.Forms.KeyEventArgs
System.Windows.Forms System.Windows.Forms.KeyEventHandler
System.Windows.Forms System.Windows.Forms.KeyPressEventArgs
System.Windows.Forms System.Windows.Forms.Keys
System.Windows.Forms System.Windows.Forms.Label
System.Windows.Forms System.Windows.Forms.Layout.ArrangedElementCollection
System.Windows.Forms System.Windows.Forms.LinkClickedEventArgs
System.Windows.Forms System.Windows.Forms.LinkClickedEventHandler
System.Windows.Forms System.Windows.Forms.MenuItem
System.Windows.Forms System.Windows.Forms.MenuStrip
System.Windows.Forms System.Windows.Forms.Message
System.Windows.Forms System.Windows.Forms.MessageBox
System.Windows.Forms System.Windows.Forms.MessageBoxButtons
System.Windows.Forms System.Windows.Forms.MessageBoxIcon
System.Windows.Forms System.Windows.Forms.MouseButtons
System.Windows.Forms System.Windows.Forms.MouseEventArgs
System.Windows.Forms System.Windows.Forms.MouseEventHandler
System.Windows.Forms System.Windows.Forms.NotifyIcon
System.Windows.Forms System.Windows.Forms.Padding
System.Windows.Forms System.Windows.Forms.PaintEventArgs
System.Windows.Forms System.Windows.Forms.PaintEventHandler
System.Windows.Forms System.Windows.Forms.PictureBox
System.Windows.Forms System.Windows.Forms.PictureBoxSizeMode
System.Windows.Forms System.Windows.Forms.PreviewKeyDownEventArgs
System.Windows.Forms System.Windows.Forms.PreviewKeyDownEventHandler
System.Windows.Forms System.Windows.Forms.ProgressBar
System.Windows.Forms System.Windows.Forms.RichTextBox
System.Windows.Forms System.Windows.Forms.RichTextBoxScrollBars
System.Windows.Forms System.Windows.Forms.Screen
System.Windows.Forms System.Windows.Forms.ScrollBars
System.Windows.Forms System.Windows.Forms.ScrollableControl
System.Windows.Forms System.Windows.Forms.SizeGripStyle
System.Windows.Forms System.Windows.Forms.SystemInformation
System.Windows.Forms System.Windows.Forms.TabControl
System.Windows.Forms System.Windows.Forms.TabPage
System.Windows.Forms System.Windows.Forms.TextBox
System.Windows.Forms System.Windows.Forms.TextBoxBase
System.Windows.Forms System.Windows.Forms.Timer
System.Windows.Forms System.Windows.Forms.ToolStrip
System.Windows.Forms System.Windows.Forms.ToolStripButton
System.Windows.Forms System.Windows.Forms.ToolStripDropDown
System.Windows.Forms System.Windows.Forms.ToolStripDropDownButton
System.Windows.Forms System.Windows.Forms.ToolStripDropDownItem
System.Windows.Forms System.Windows.Forms.ToolStripDropDownMenu
System.Windows.Forms System.Windows.Forms.ToolStripGripStyle
System.Windows.Forms System.Windows.Forms.ToolStripItem
System.Windows.Forms System.Windows.Forms.ToolStripItemCollection
System.Windows.Forms System.Windows.Forms.ToolStripItemDisplayStyle
System.Windows.Forms System.Windows.Forms.ToolStripItemRenderEventArgs
System.Windows.Forms System.Windows.Forms.ToolStripMenuItem
System.Windows.Forms System.Windows.Forms.ToolStripProfessionalRenderer
System.Windows.Forms System.Windows.Forms.ToolStripRenderEventArgs
System.Windows.Forms System.Windows.Forms.ToolStripRenderMode
System.Windows.Forms System.Windows.Forms.ToolStripRenderer
System.Windows.Forms System.Windows.Forms.ToolStripSeparator
System.Windows.Forms System.Windows.Forms.ToolStripSeparatorRenderEventArgs
System.Windows.Forms System.Windows.Forms.ToolTip
System.Windows.Forms System.Windows.Forms.ToolTipIcon
System.Windows.Forms System.Windows.Forms.UserControl
System.Windows.Forms System.Windows.Forms.WebBrowser
System.Windows.Forms System.Windows.Forms.WebBrowserBase
System.Windows.Forms System.Windows.Forms.WebBrowserDocumentCompletedEventArgs
System.Windows.Forms System.Windows.Forms.WebBrowserDocumentCompletedEventHandler
mscorlib Microsoft.Win32.Registry
mscorlib Microsoft.Win32.RegistryKey
mscorlib System.AppDomain
mscorlib System.ApplicationException
mscorlib System.ArgumentOutOfRangeException
mscorlib System.Array
mscorlib System.AsyncCallback
mscorlib System.Byte
mscorlib System.Char
mscorlib System.Collections.Generic.IEnumerable`1
mscorlib System.Collections.Generic.List`1
mscorlib System.Collections.IEnumerator
mscorlib System.Convert
mscorlib System.DateTime
mscorlib System.Delegate
mscorlib System.Diagnostics.DebuggableAttribute
mscorlib System.Diagnostics.DebuggableAttribute/DebuggingModes
mscorlib System.Diagnostics.DebuggerNonUserCodeAttribute
mscorlib System.Enum
mscorlib System.Environment
mscorlib System.EventArgs
mscorlib System.EventHandler
mscorlib System.Exception
mscorlib System.FlagsAttribute
mscorlib System.Func`2
mscorlib System.Globalization.CultureInfo
mscorlib System.IAsyncResult
mscorlib System.IDisposable
mscorlib System.IO.Directory
mscorlib System.IO.DirectoryInfo
mscorlib System.IO.File
mscorlib System.IO.FileAttributes
mscorlib System.IO.FileMode
mscorlib System.IO.FileStream
mscorlib System.IO.MemoryStream
mscorlib System.IO.Path
mscorlib System.IO.Stream
mscorlib System.IO.StreamReader
mscorlib System.IO.TextReader
mscorlib System.Int32
mscorlib System.IntPtr
mscorlib System.Math
mscorlib System.MulticastDelegate
mscorlib System.NotImplementedException
mscorlib System.Object
mscorlib System.ObsoleteAttribute
mscorlib System.OperatingSystem
mscorlib System.Reflection.Assembly
mscorlib System.Reflection.AssemblyCompanyAttribute
mscorlib System.Reflection.AssemblyConfigurationAttribute
mscorlib System.Reflection.AssemblyCopyrightAttribute
mscorlib System.Reflection.AssemblyDescriptionAttribute
mscorlib System.Reflection.AssemblyFileVersionAttribute
mscorlib System.Reflection.AssemblyName
mscorlib System.Reflection.AssemblyProductAttribute
mscorlib System.Reflection.AssemblyTitleAttribute
mscorlib System.Reflection.AssemblyTrademarkAttribute
mscorlib System.Reflection.MemberInfo
mscorlib System.Reflection.MethodBase
mscorlib System.ResolveEventArgs
mscorlib System.ResolveEventHandler
mscorlib System.Resources.ResourceManager
mscorlib System.Runtime.CompilerServices.CompilationRelaxationsAttribute
mscorlib System.Runtime.CompilerServices.CompilerGeneratedAttribute
mscorlib System.Runtime.CompilerServices.RuntimeCompatibilityAttribute
mscorlib System.Runtime.InteropServices.ClassInterfaceAttribute
mscorlib System.Runtime.InteropServices.ClassInterfaceType
mscorlib System.Runtime.InteropServices.ComVisibleAttribute
mscorlib System.Runtime.InteropServices.GuidAttribute
mscorlib System.Runtime.Versioning.TargetFrameworkAttribute
mscorlib System.RuntimeTypeHandle
mscorlib System.STAThreadAttribute
mscorlib System.Single
mscorlib System.String
mscorlib System.Text.Encoding
mscorlib System.Text.StringBuilder
mscorlib System.Threading.EventResetMode
mscorlib System.Threading.EventWaitHandle
mscorlib System.Threading.Tasks.Task`1
mscorlib System.Threading.Thread
mscorlib System.Threading.ThreadAbortException
mscorlib System.Threading.ThreadStart
mscorlib System.TimeSpan
mscorlib System.Type
mscorlib System.ValueType
mscorlib System.Version
zxing ZXing.Binarizer
zxing ZXing.BinaryBitmap
zxing ZXing.BitmapLuminanceSource
zxing ZXing.Common.HybridBinarizer
zxing ZXing.LuminanceSource
zxing ZXing.QrCode.QRCodeReader
zxing ZXing.Result

.text
`.rsrc
@.reloc
&*r!7
V3M(Y
C34(Y
GIF89aU
AAAAAAAAAAAA
height
wCecGagCecGagCecGagg
FdfFdfFdfFdfdfffdfeep
gggff`
FtvGefVtgGdvP
d%$$4$%$&vfvfg
gfvvggfvtggggf
!!"$$&'((,///<
i*/0/
zCEDaa>//0I
kghhhhhhhj
bbbbbbbbbbbbbbbbbb]]\\\\
88AyW)
}Q7_+
js_http
没有防病毒引擎扫描信息!

进程树


______OCR____________.exe, PID: 1808, 上一级进程 PID: 1872

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
61.147.125.121 未知 中国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 61.147.125.121 cc.ys168.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 60990 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
cc.ys168.com 未知 A 61.147.125.121

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 61.147.125.121 cc.ys168.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 60990 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://cc.ys168.com/f_ht/ajcx/ml.aspx?cz=ml_dq&_dlmc=tianruoyouxin&_dlmm=
GET /f_ht/ajcx/ml.aspx?cz=ml_dq&_dlmc=tianruoyouxin&_dlmm= HTTP/1.1
Host: cc.ys168.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://cc.ys168.com/f_ht/ajcx/wj.aspx?cz=dq&mlbh=1354356&_dlmc=tianruoyouxin&_dlmm=
GET /f_ht/ajcx/wj.aspx?cz=dq&mlbh=1354356&_dlmc=tianruoyouxin&_dlmm= HTTP/1.1
Accept-Language: zh-CN,zh;q=0.8
Host: cc.ys168.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
文件名 GDIPFONTCACHEV1.DAT
相关文件
C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
文件大小 114272 字节
文件类型 data
MD5 2262103813c49a07c65813bb58143c21
SHA1 a1e4a613f51e8e57592464c61cc271f2fecec4f2
SHA256 ac3bd52d544a061ee8c90fa787f07af9d01a0c5a72981ed8172617b210798d31
CRC32 4C77BE6A
Ssdeep 1536:mLKAaE8z5wHgTlyhAQcDnBlC+X886UMMDbEDuezh:moiuzBzXGMDezh
魔盾安全分析结果 2.0分析时间:2017-03-07 13:12:04查看分析报告
下载提交魔盾安全分析
文件名 config.ini
相关文件
C:\Users\test\AppData\Local\Temp\config.ini
文件大小 171 字节
文件类型 ISO-8859 text, with CRLF line terminators
MD5 c73faeaa6c227ce30ed205a0bb990188
SHA1 e2aa6e2e051c0028f4761c1a06cf43e7b13280ee
SHA256 23811d733b2bfa12b36993c85dfe88fb84eb123a2bd14815514295ffbf6f9c04
CRC32 A843CD5B
Ssdeep 3:dmW+ChuIoFaX0pk1v4G7aR37Po/l7CoVHJmWfkiE2J5xAIsf/Z:dMCR/A+v97aRL2hrrm+kn23fYZ
下载提交魔盾安全分析
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 35.333 seconds )

  • 20.688 NetworkAnalysis
  • 7.203 Suricata
  • 2.423 TargetInfo
  • 1.844 Static
  • 1.386 VirusTotal
  • 0.849 BehaviorAnalysis
  • 0.402 peid
  • 0.29 static_dotnet
  • 0.183 AnalysisInfo
  • 0.041 Strings
  • 0.017 Dropped
  • 0.003 config_decoder
  • 0.002 Debug
  • 0.002 Memory

Signatures ( 1.715 seconds )

  • 1.243 md_url_bl
  • 0.085 antiav_detectreg
  • 0.036 infostealer_ftp
  • 0.032 stealth_timeout
  • 0.025 api_spamming
  • 0.021 decoy_document
  • 0.021 antiav_detectfile
  • 0.021 infostealer_im
  • 0.018 antianalysis_detectreg
  • 0.015 infostealer_bitcoin
  • 0.014 antivm_generic_scsi
  • 0.012 infostealer_mail
  • 0.008 antivm_vbox_files
  • 0.007 geodo_banking_trojan
  • 0.007 md_bad_drop
  • 0.007 md_domain_bl
  • 0.006 antiemu_wine_func
  • 0.006 antivm_generic_services
  • 0.005 betabot_behavior
  • 0.005 kibex_behavior
  • 0.005 antivm_generic_disk
  • 0.005 kovter_behavior
  • 0.005 antivm_xen_keys
  • 0.005 darkcomet_regkeys
  • 0.004 mimics_filetime
  • 0.004 infostealer_browser_password
  • 0.004 persistence_autorun
  • 0.004 antivm_parallels_keys
  • 0.004 ransomware_files
  • 0.003 network_tor
  • 0.003 bootkit
  • 0.003 reads_self
  • 0.003 stealth_file
  • 0.003 shifu_behavior
  • 0.003 virus
  • 0.003 antidbg_devices
  • 0.003 antivm_generic_diskreg
  • 0.003 ransomware_extensions
  • 0.003 rat_pcclient
  • 0.002 antiav_avast_libs
  • 0.002 tinba_behavior
  • 0.002 antivm_vbox_libs
  • 0.002 antidbg_windows
  • 0.002 disables_browser_warn
  • 0.002 network_http
  • 0.002 network_torgateway
  • 0.002 recon_fingerprint
  • 0.001 hawkeye_behavior
  • 0.001 rat_nanocore
  • 0.001 hancitor_behavior
  • 0.001 infostealer_browser
  • 0.001 injection_createremotethread
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 kazybot_behavior
  • 0.001 antisandbox_sboxie_libs
  • 0.001 antiav_bitdefender_libs
  • 0.001 exec_crash
  • 0.001 cerber_behavior
  • 0.001 injection_runpe
  • 0.001 antianalysis_detectfile
  • 0.001 antisandbox_productid
  • 0.001 antivm_xen_keys
  • 0.001 antivm_generic_bios
  • 0.001 antivm_generic_system
  • 0.001 antivm_hyperv_keys
  • 0.001 antivm_vbox_acpi
  • 0.001 antivm_vbox_keys
  • 0.001 antivm_vmware_files
  • 0.001 antivm_vmware_keys
  • 0.001 antivm_vpc_keys
  • 0.001 banker_cridex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 modify_proxy
  • 0.001 browser_security
  • 0.001 bypass_firewall
  • 0.001 codelux_behavior
  • 0.001 packer_armadillo_regkey
  • 0.001 recon_programs
  • 0.001 sniffer_winpcap
  • 0.001 targeted_flame

Reporting ( 0.416 seconds )

  • 0.37 ReportHTMLSummary
  • 0.046 Malheur
Task ID 162421
Mongo ID 5b037eacbb7d5744fcff4268
Cuckoo release 1.4-Maldun