比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp01-3 2018-05-22 10:42:52 2018-05-22 10:45:09 137 秒

魔盾分数

10.0

Malicious病毒

文件详细信息

文件名 夕风ocr图片转文本识别工具v2.2.exe
文件大小 1212416 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f1e3e1e1c520bfb7c463c4286c2dc724
SHA1 3f3e3377588f1770a2939f18a5d3b55e425e3822
SHA256 ffa3a951198314c88aeaf5da0c260d24709a6e424b6f9772d4b1e01cedc44cba
SHA512 86b5433f8a282f5ad4d4ef73634b18ff456f43f7c804dfaa16be8141216218da6214a4a089007fa13fd42ee080a1c46a30c36f0123e124bb27b76fc4c37f009a
CRC32 E4035654
Ssdeep 24576:SSAEiEx2pV3ajVV5uRIqOYojh27bP6G3d:S2Txgaj1u7OYKhom6
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
117.18.237.29 亚洲太平洋地区
123.59.85.61 未知 中国
151.101.72.133 美国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
coding.net 未知 A 123.59.89.203
A 123.59.94.81
A 123.59.94.234
A 106.75.107.11
A 120.132.63.88
A 120.132.63.196
A 106.75.122.177
A 123.59.89.123
A 123.59.89.195
A 123.59.89.69
A 106.75.21.194
A 123.59.89.175
A 123.59.85.61
A 123.59.89.37
A 123.59.94.101
A 106.75.123.235
A 123.59.89.67
A 123.59.94.73
A 120.132.63.152
ocsp.digicert.com 未知 CNAME cs9.wac.phicdn.net
A 117.18.237.29
status.rapidssl.com 未知 CNAME ocsp.digicert.com
raw.githubusercontent.com CNAME github.map.fastly.net
A 151.101.72.133
ixysoft.lingw.net 未知

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0049e0fc
声明校验值 0x00000000
实际校验值 0x00136160
最低操作系统版本要求 4.0
编译时间 2017-12-31 02:53:06
载入哈希 86b11a1c5b5387c73437db06fd8ad383
图标
图标精确哈希值 46939a0f45b56cc9af3d318db6350481
图标相似性哈希值 1f9166bec910ac7f3d9feae0d21b10b5

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000c0d3b 0x000c1000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.56
.rdata 0x000c2000 0x0003a352 0x0003b000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.36
.data 0x000fd000 0x00053caa 0x0001b000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.64
.rsrc 0x00151000 0x0000fbb4 0x00010000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.65

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TEXTINCLUDE 0x00151d64 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x00151d64 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x00151d64 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
WAVE 0x00151eb8 0x00001448 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.35 RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 22050 Hz
RT_CURSOR 0x00153884 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.43 AmigaOS bitmap font
RT_CURSOR 0x00153884 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.43 AmigaOS bitmap font
RT_CURSOR 0x00153884 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.43 AmigaOS bitmap font
RT_CURSOR 0x00153884 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.43 AmigaOS bitmap font
RT_CURSOR 0x00153884 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.43 AmigaOS bitmap font
RT_CURSOR 0x00153884 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.43 AmigaOS bitmap font
RT_BITMAP 0x0015500c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0015500c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0015500c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0015500c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0015500c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0015500c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0015500c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0015500c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0015500c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0015500c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0015500c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0015500c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0015500c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0015500c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_ICON 0x00155560 0x000094a8 LANG_NEUTRAL SUBLANG_NEUTRAL 3.48 dBase IV DBT of \300.DBF, block length 36864, next free block index 40, next free block 0, next used block 0
RT_ICON 0x00155560 0x000094a8 LANG_NEUTRAL SUBLANG_NEUTRAL 3.48 dBase IV DBT of \300.DBF, block length 36864, next free block index 40, next free block 0, next used block 0
RT_ICON 0x00155560 0x000094a8 LANG_NEUTRAL SUBLANG_NEUTRAL 3.48 dBase IV DBT of \300.DBF, block length 36864, next free block index 40, next free block 0, next used block 0
RT_MENU 0x0015ea14 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_MENU 0x0015ea14 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_DIALOG 0x0015fc5c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x0015fc5c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x0015fc5c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x0015fc5c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x0015fc5c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x0015fc5c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x0015fc5c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x0015fc5c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x0015fc5c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x0015fc5c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_STRING 0x001606a4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001606a4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001606a4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001606a4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001606a4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001606a4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001606a4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001606a4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001606a4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001606a4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001606a4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_GROUP_CURSOR 0x00160718 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x00160718 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x00160718 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x00160718 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x00160718 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON 0x00160764 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x00160764 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x00160764 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION 0x00160778 0x0000026c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.05 data
RT_MANIFEST 0x001609e4 0x000001cd LANG_NEUTRAL SUBLANG_NEUTRAL 5.08 XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: MSVFW32.dll:
0x4c23f0 DrawDibDraw
库: AVIFIL32.dll:
0x4c2018 AVIStreamGetFrame
0x4c201c AVIStreamInfoA
库: WINMM.dll:
0x4c270c midiStreamRestart
0x4c2710 midiStreamClose
0x4c2714 midiOutReset
0x4c2718 midiStreamStop
0x4c271c midiStreamOut
0x4c2724 midiStreamProperty
0x4c2728 midiStreamOpen
0x4c2730 waveOutOpen
0x4c2734 waveOutGetNumDevs
0x4c2738 waveOutClose
0x4c273c waveOutReset
0x4c2740 waveOutPause
0x4c2744 waveOutWrite
0x4c2750 PlaySoundA
库: WS2_32.dll:
0x4c2768 ioctlsocket
0x4c276c inet_ntoa
0x4c2770 WSACleanup
0x4c2774 accept
0x4c2778 getpeername
0x4c277c recv
0x4c2780 recvfrom
0x4c2784 WSAAsyncSelect
0x4c2788 closesocket
库: KERNEL32.dll:
0x4c21d0 DuplicateHandle
0x4c21d4 FlushFileBuffers
0x4c21d8 LockFile
0x4c21dc UnlockFile
0x4c21e0 SetEndOfFile
0x4c21e4 GetThreadLocale
0x4c21e8 lstrcmpiA
0x4c21ec GlobalDeleteAtom
0x4c21f0 GlobalFindAtomA
0x4c21f4 GlobalAddAtomA
0x4c21f8 GlobalGetAtomNameA
0x4c21fc lstrcmpA
0x4c2200 LocalAlloc
0x4c2204 TlsAlloc
0x4c2208 GlobalHandle
0x4c220c TlsFree
0x4c2210 TlsSetValue
0x4c2214 LocalReAlloc
0x4c2218 TlsGetValue
0x4c221c GetFileTime
0x4c2220 GetCurrentThread
0x4c2224 GlobalFlags
0x4c2228 SetErrorMode
0x4c222c GetProcessVersion
0x4c2230 GetCPInfo
0x4c2234 GetOEMCP
0x4c2238 GetStartupInfoA
0x4c223c RtlUnwind
0x4c2240 HeapSize
0x4c2244 RaiseException
0x4c2248 GetSystemTime
0x4c224c GetLocalTime
0x4c2250 GetACP
0x4c2268 SetHandleCount
0x4c226c GetStdHandle
0x4c2270 GetFileType
0x4c2278 HeapDestroy
0x4c227c HeapCreate
0x4c2280 VirtualFree
0x4c2288 LCMapStringA
0x4c228c LCMapStringW
0x4c2290 VirtualAlloc
0x4c2294 IsBadWritePtr
0x4c2298 GetStringTypeA
0x4c229c GetStringTypeW
0x4c22a4 CompareStringA
0x4c22a8 CompareStringW
0x4c22ac IsBadReadPtr
0x4c22b0 IsBadCodePtr
0x4c22b4 SetStdHandle
0x4c22b8 FormatMessageA
0x4c22bc LocalFree
0x4c22c4 WideCharToMultiByte
0x4c22cc GetTempFileNameA
0x4c22d0 GetVersion
0x4c22d8 SetLastError
0x4c22dc MultiByteToWideChar
0x4c22e0 TerminateProcess
0x4c22e4 GetCurrentProcess
0x4c22e8 SetFilePointer
0x4c22ec GetFileSize
0x4c22f0 UnmapViewOfFile
0x4c22f4 CreateSemaphoreA
0x4c22f8 ResumeThread
0x4c22fc ReleaseSemaphore
0x4c2308 GetProfileStringA
0x4c230c WriteFile
0x4c2310 ReadFile
0x4c2318 CreateFileA
0x4c231c SetEvent
0x4c2320 FindResourceA
0x4c2324 LoadResource
0x4c2328 LockResource
0x4c232c lstrlenW
0x4c2330 GetModuleFileNameA
0x4c2334 GetCurrentThreadId
0x4c2338 ExitProcess
0x4c233c GlobalSize
0x4c2340 GlobalFree
0x4c234c lstrcatA
0x4c2350 lstrlenA
0x4c2354 WinExec
0x4c2358 lstrcpyA
0x4c235c FindNextFileA
0x4c2360 GlobalReAlloc
0x4c2364 HeapFree
0x4c2368 HeapReAlloc
0x4c236c GetProcessHeap
0x4c2370 HeapAlloc
0x4c2374 GetUserDefaultLCID
0x4c2378 GetFullPathNameA
0x4c237c FreeLibrary
0x4c2380 LoadLibraryA
0x4c2384 GetLastError
0x4c2388 GetVersionExA
0x4c2394 CreateThread
0x4c2398 CreateEventA
0x4c239c Sleep
0x4c23a0 GlobalAlloc
0x4c23a4 GlobalLock
0x4c23a8 GlobalUnlock
0x4c23ac GetTempPathA
0x4c23b0 FindFirstFileA
0x4c23b4 FindClose
0x4c23b8 GetFileAttributesA
0x4c23bc DeleteFileA
0x4c23c8 GetModuleHandleA
0x4c23cc GetProcAddress
0x4c23d0 MulDiv
0x4c23d4 GetCommandLineA
0x4c23d8 GetTickCount
0x4c23dc WaitForSingleObject
0x4c23e0 CloseHandle
0x4c23e4 InterlockedExchange
0x4c23e8 lstrcpynA
库: USER32.dll:
0x4c247c PostThreadMessageA
0x4c2480 SetMenuItemBitmaps
0x4c2484 CheckMenuItem
0x4c2488 MoveWindow
0x4c248c SetWindowTextA
0x4c2490 IsDialogMessageA
0x4c2494 ScrollWindowEx
0x4c2498 SendDlgItemMessageA
0x4c249c MapWindowPoints
0x4c24a0 AdjustWindowRectEx
0x4c24a4 GetScrollPos
0x4c24a8 RegisterClassA
0x4c24ac GetMenuItemCount
0x4c24b0 GetMenuItemID
0x4c24b4 SetWindowsHookExA
0x4c24b8 CallNextHookEx
0x4c24bc GetClassLongA
0x4c24c0 SetPropA
0x4c24c4 UnhookWindowsHookEx
0x4c24c8 GetPropA
0x4c24cc RemovePropA
0x4c24d0 GetMessageTime
0x4c24d4 GetLastActivePopup
0x4c24d8 GetForegroundWindow
0x4c24e0 GetWindowPlacement
0x4c24e4 EndDialog
0x4c24ec DestroyWindow
0x4c24f0 GrayStringA
0x4c24f4 DrawTextA
0x4c24f8 TabbedTextOutA
0x4c24fc EndPaint
0x4c2500 BeginPaint
0x4c2504 GetWindowDC
0x4c2508 CharUpperA
0x4c2510 UnregisterHotKey
0x4c2514 RegisterHotKey
0x4c2518 CreateWindowExA
0x4c251c CallWindowProcA
0x4c2520 GetWindowTextA
0x4c2524 FindWindowExA
0x4c2528 GetDlgItem
0x4c252c GetClassNameA
0x4c2530 GetNextDlgTabItem
0x4c2534 LoadIconA
0x4c2538 TranslateMessage
0x4c253c DrawFrameControl
0x4c2540 DrawEdge
0x4c2544 DrawFocusRect
0x4c2548 WindowFromPoint
0x4c254c GetMessageA
0x4c2550 DispatchMessageA
0x4c2554 SetRectEmpty
0x4c2564 DrawIconEx
0x4c2568 CreatePopupMenu
0x4c256c AppendMenuA
0x4c2570 ModifyMenuA
0x4c2578 GetDlgCtrlID
0x4c257c GetSubMenu
0x4c2580 EnableMenuItem
0x4c2584 ClientToScreen
0x4c258c LoadImageA
0x4c2594 ShowWindow
0x4c2598 IsWindowEnabled
0x4c25a0 GetKeyState
0x4c25a8 PostQuitMessage
0x4c25ac IsZoomed
0x4c25b0 GetClassInfoA
0x4c25b4 DefWindowProcA
0x4c25b8 GetSystemMenu
0x4c25bc DeleteMenu
0x4c25c0 GetMenu
0x4c25c4 SetMenu
0x4c25c8 PeekMessageA
0x4c25cc IsIconic
0x4c25d0 SetFocus
0x4c25d4 GetActiveWindow
0x4c25d8 GetWindow
0x4c25e0 SetWindowRgn
0x4c25e4 GetMessagePos
0x4c25e8 ScreenToClient
0x4c25f0 CopyRect
0x4c25f4 LoadBitmapA
0x4c25f8 WinHelpA
0x4c25fc KillTimer
0x4c2600 SetTimer
0x4c2604 ReleaseCapture
0x4c2608 GetCapture
0x4c260c SetCapture
0x4c2610 GetScrollRange
0x4c2614 SetScrollRange
0x4c2618 SetScrollPos
0x4c261c SetRect
0x4c2620 InflateRect
0x4c2624 IntersectRect
0x4c2628 DestroyIcon
0x4c262c UnregisterClassA
0x4c2630 GetNextDlgGroupItem
0x4c2634 GetDesktopWindow
0x4c2638 GetSysColorBrush
0x4c263c wsprintfA
0x4c2640 CloseClipboard
0x4c2644 GetClipboardData
0x4c2648 OpenClipboard
0x4c264c SetClipboardData
0x4c2650 EmptyClipboard
0x4c2654 GetSystemMetrics
0x4c2658 GetCursorPos
0x4c265c MessageBoxA
0x4c2660 MessageBeep
0x4c2664 SetWindowPos
0x4c2668 SendMessageA
0x4c266c DestroyCursor
0x4c2670 SetParent
0x4c2674 PtInRect
0x4c2678 OffsetRect
0x4c267c IsWindowVisible
0x4c2680 EnableWindow
0x4c2684 RedrawWindow
0x4c2688 GetWindowLongA
0x4c268c SetWindowLongA
0x4c2690 GetSysColor
0x4c2694 SetActiveWindow
0x4c2698 SetCursorPos
0x4c269c LoadCursorA
0x4c26a0 SetCursor
0x4c26a4 GetDC
0x4c26a8 FillRect
0x4c26ac IsRectEmpty
0x4c26b0 ReleaseDC
0x4c26b4 IsChild
0x4c26b8 DestroyMenu
0x4c26bc SetForegroundWindow
0x4c26c0 GetWindowRect
0x4c26c4 EqualRect
0x4c26c8 UpdateWindow
0x4c26cc ValidateRect
0x4c26d0 InvalidateRect
0x4c26d4 GetClientRect
0x4c26d8 GetFocus
0x4c26dc GetParent
0x4c26e0 GetTopWindow
0x4c26e4 LoadStringA
0x4c26e8 MapDialogRect
0x4c26f0 CharNextA
0x4c26f8 CreateMenu
0x4c26fc GetMenuState
0x4c2700 IsWindow
0x4c2704 PostMessageA
库: GDI32.dll:
0x4c2054 FillRgn
0x4c2058 CreateRectRgn
0x4c205c CombineRgn
0x4c2060 PatBlt
0x4c2064 CreatePen
0x4c2068 SelectObject
0x4c206c CreatePatternBrush
0x4c2070 CreateBitmap
0x4c2074 CreateHatchBrush
0x4c2078 CreateBrushIndirect
0x4c207c CreateDCA
0x4c2084 GetPolyFillMode
0x4c2088 CreateDIBSection
0x4c2090 SetBkColor
0x4c2094 TextOutA
0x4c2098 SetBkMode
0x4c209c SetTextColor
0x4c20a0 StretchDIBits
0x4c20a4 SetDIBitsToDevice
0x4c20a8 CreateSolidBrush
0x4c20ac CreateFontA
0x4c20b8 SaveDC
0x4c20bc RestoreDC
0x4c20c0 CreateFontIndirectA
0x4c20c4 SetROP2
0x4c20c8 SetMapMode
0x4c20cc SetViewportOrgEx
0x4c20d0 OffsetViewportOrgEx
0x4c20d4 SetViewportExtEx
0x4c20d8 ScaleViewportExtEx
0x4c20dc SetWindowOrgEx
0x4c20e0 SetWindowExtEx
0x4c20e4 ScaleWindowExtEx
0x4c20e8 GetClipBox
0x4c20ec ExcludeClipRect
0x4c20f0 MoveToEx
0x4c20f4 LineTo
0x4c20f8 ExtSelectClipRgn
0x4c20fc GetViewportExtEx
0x4c2100 PtVisible
0x4c2104 RectVisible
0x4c2108 ExtTextOutA
0x4c210c Escape
0x4c2110 GetTextMetricsA
0x4c2114 GetMapMode
0x4c2118 Ellipse
0x4c211c Rectangle
0x4c2120 LPtoDP
0x4c2124 DPtoLP
0x4c2128 GetCurrentObject
0x4c212c RoundRect
0x4c2130 SetStretchBltMode
0x4c2134 GetClipRgn
0x4c213c CreatePolygonRgn
0x4c2140 SelectClipRgn
0x4c2144 DeleteObject
0x4c2148 GetStockObject
0x4c214c GetObjectA
0x4c2150 EndPage
0x4c2154 EndDoc
0x4c2158 DeleteDC
0x4c215c StartDocA
0x4c2160 StartPage
0x4c2164 BitBlt
0x4c2168 CreateCompatibleDC
0x4c2170 SetPolyFillMode
0x4c2174 GetDeviceCaps
0x4c2178 CreatePalette
0x4c217c StretchBlt
0x4c2180 SelectPalette
0x4c2184 RealizePalette
0x4c2188 GetDIBits
0x4c218c GetWindowExtEx
0x4c2190 GetViewportOrgEx
0x4c2194 GetWindowOrgEx
0x4c2198 BeginPath
0x4c219c EndPath
0x4c21a0 PathToRegion
0x4c21a4 CreateEllipticRgn
0x4c21a8 CreateRoundRectRgn
0x4c21ac GetTextColor
0x4c21b0 GetBkMode
0x4c21b4 GetBkColor
0x4c21b8 GetROP2
0x4c21bc GetStretchBltMode
0x4c21c0 CreateDIBitmap
库: WINSPOOL.DRV:
0x4c2758 ClosePrinter
0x4c275c DocumentPropertiesA
0x4c2760 OpenPrinterA
库: comdlg32.dll:
0x4c2790 ChooseFontA
0x4c2794 GetFileTitleA
0x4c2798 GetOpenFileNameA
0x4c279c ChooseColorA
0x4c27a0 GetSaveFileNameA
库: ADVAPI32.dll:
0x4c2000 RegCreateKeyExA
0x4c2004 RegQueryValueA
0x4c2008 RegSetValueExA
0x4c200c RegOpenKeyExA
0x4c2010 RegCloseKey
库: SHELL32.dll:
0x4c2464 DragQueryFileA
0x4c2468 DragFinish
0x4c246c DragAcceptFiles
0x4c2470 Shell_NotifyIconA
0x4c2474 ShellExecuteA
库: ole32.dll:
0x4c27ac OleFlushClipboard
0x4c27b0 CoRevokeClassObject
0x4c27c8 CoGetClassObject
0x4c27cc CoCreateInstance
0x4c27d0 CLSIDFromProgID
0x4c27d4 CoTaskMemAlloc
0x4c27d8 CoTaskMemFree
0x4c27dc CoUninitialize
0x4c27e0 OleInitialize
0x4c27e4 OleUninitialize
0x4c27e8 CLSIDFromString
0x4c27ec OleRun
库: OLEAUT32.dll:
0x4c23f8 VariantCopyInd
0x4c23fc VariantInit
0x4c2400 SysAllocString
0x4c2404 SafeArrayDestroy
0x4c2408 SafeArrayCreate
0x4c240c SafeArrayPutElement
0x4c2410 RegisterTypeLib
0x4c2414 LHashValOfNameSys
0x4c2418 LoadTypeLib
0x4c2420 UnRegisterTypeLib
0x4c2424 SysFreeString
0x4c2430 SafeArrayGetElement
0x4c2434 SysAllocStringLen
0x4c2438 SysStringLen
0x4c2440 SafeArrayAccessData
0x4c2448 SafeArrayGetDim
0x4c244c SafeArrayGetLBound
0x4c2450 SafeArrayGetUBound
0x4c2454 VariantChangeType
0x4c2458 VariantClear
0x4c245c VariantCopy
库: COMCTL32.dll:
0x4c2024 ImageList_DragLeave
0x4c2028 ImageList_DragEnter
0x4c202c ImageList_Destroy
0x4c2030 ImageList_Create
0x4c2034 ImageList_BeginDrag
0x4c2038 ImageList_Add
0x4c203c _TrackMouseEvent
0x4c2040 ImageList_DragMove
0x4c2048 ImageList_EndDrag
0x4c204c None
库: oledlg.dll:
0x4c27f4 None
.text
`.rdata
@.data
.rsrc
8`}<j
T$hVj
DRQPj
T$|Vj
F<h8N
T$th
|$TVj
|$LVj
|$`Vj
F<X<N
jjjjh
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20180407
MicroWorld-eScan Trojan.Generic.22842280 20180408
nProtect 未发现病毒 20180408
CMC 未发现病毒 20180407
CAT-QuickHeal Trojan.IGENERIC 20180407
ALYac Trojan.Generic.22842280 20180408
Cylance Unsafe 20180408
Zillya 未发现病毒 20180406
AegisLab 未发现病毒 20180408
TheHacker 未发现病毒 20180404
K7GW Trojan ( 005246d51 ) 20180407
K7AntiVirus Trojan ( 005246d51 ) 20180404
Arcabit Trojan.Generic.D15C8BA8 20180408
TrendMicro 未发现病毒 20180408
Baidu 未发现病毒 20180408
F-Prot 未发现病毒 20180408
Symantec Trojan.Gen.9 20180407
ESET-NOD32 a variant of Win32/Packed.FlyStudio.AA potentially unwanted 20180408
TrendMicro-HouseCall TROJ_GEN.R002H09AL18 20180408
Paloalto generic.ml 20180408
ClamAV Win.Trojan.Generic-6260335-1 20180408
GData Win32.Application.PUPStudio.B 20180408
Kaspersky 未发现病毒 20180408
BitDefender Trojan.Generic.22842280 20180408
NANO-Antivirus 未发现病毒 20180408
ViRobot Adware.Packed.1212416 20180407
Rising 未发现病毒 20180408
Ad-Aware Trojan.Generic.22842280 20180408
Emsisoft Trojan.Generic.22842280 (B) 20180408
Comodo Worm.Win32.Dropper.RA 20180408
F-Secure Trojan.Generic.22842280 20180408
DrWeb 未发现病毒 20180408
VIPRE Trojan.Win32.Generic!BT 20180408
Invincea heuristic 20180121
McAfee-GW-Edition BehavesLike.Win32.Generic.th 20180408
Sophos Generic PUA DP (PUA) 20180408
Ikarus 未发现病毒 20180408
Cyren W32/Trojan.BABF-6416 20180408
Jiangmin 未发现病毒 20180408
Avira 未发现病毒 20180408
Antiy-AVL Trojan/Win32.TSGeneric 20180408
Kingsoft 未发现病毒 20180408
Microsoft 未发现病毒 20180408
Endgame malicious (high confidence) 20180403
SUPERAntiSpyware 未发现病毒 20180408
ZoneAlarm 未发现病毒 20180408
Avast-Mobile 未发现病毒 20180407
AhnLab-V3 未发现病毒 20180407
McAfee Artemis!F1E3E1E1C520 20180408
AVware Trojan.Win32.Generic!BT 20180408
MAX malware (ai score=95) 20180408
VBA32 未发现病毒 20180406
Malwarebytes RiskWare.GameHack 20180408
WhiteArmor 未发现病毒 20180408
Panda 未发现病毒 20180408
Zoner 未发现病毒 20180407
Tencent 未发现病毒 20180408
Yandex 未发现病毒 20180408
SentinelOne static engine - malicious 20180225
eGambit Unsafe.AI_Score_88% 20180408
Fortinet Adware/FlyStudio 20180408
AVG Win32:Malware-gen 20180408
Cybereason malicious.1c520b 20180225
Avast Win32:Malware-gen 20180408
CrowdStrike malicious_confidence_100% (W) 20170201
Qihoo-360 未发现病毒 20180408

进程树

______ocr___________________________v2.2.exe, PID: 1444, 上一级进程 PID: 1980
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
117.18.237.29 亚洲太平洋地区
123.59.85.61 未知 中国
151.101.72.133 美国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.203 60237 1.9.56.99 80
192.168.122.203 60233 117.18.237.29 ocsp.digicert.com 80
192.168.122.203 60234 117.18.237.29 ocsp.digicert.com 80
192.168.122.203 60232 123.59.85.61 coding.net 443
192.168.122.203 60235 151.101.72.133 raw.githubusercontent.com 443
192.168.122.203 60231 192.168.122.1 53

UDP

源地址 源端口 目标地址 目标端口
192.168.122.203 51929 192.168.122.1 53
192.168.122.203 54547 192.168.122.1 53
192.168.122.203 54554 192.168.122.1 53
192.168.122.203 58800 192.168.122.1 53
192.168.122.203 59476 192.168.122.1 53
192.168.122.203 59541 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
coding.net 未知 A 123.59.89.203
A 123.59.94.81
A 123.59.94.234
A 106.75.107.11
A 120.132.63.88
A 120.132.63.196
A 106.75.122.177
A 123.59.89.123
A 123.59.89.195
A 123.59.89.69
A 106.75.21.194
A 123.59.89.175
A 123.59.85.61
A 123.59.89.37
A 123.59.94.101
A 106.75.123.235
A 123.59.89.67
A 123.59.94.73
A 120.132.63.152
ocsp.digicert.com 未知 CNAME cs9.wac.phicdn.net
A 117.18.237.29
status.rapidssl.com 未知 CNAME ocsp.digicert.com
raw.githubusercontent.com CNAME github.map.fastly.net
A 151.101.72.133
ixysoft.lingw.net 未知

TCP

源地址 源端口 目标地址 目标端口
192.168.122.203 60237 1.9.56.99 80
192.168.122.203 60233 117.18.237.29 ocsp.digicert.com 80
192.168.122.203 60234 117.18.237.29 ocsp.digicert.com 80
192.168.122.203 60232 123.59.85.61 coding.net 443
192.168.122.203 60235 151.101.72.133 raw.githubusercontent.com 443
192.168.122.203 60231 192.168.122.1 53

UDP

源地址 源端口 目标地址 目标端口
192.168.122.203 51929 192.168.122.1 53
192.168.122.203 54547 192.168.122.1 53
192.168.122.203 54554 192.168.122.1 53
192.168.122.203 58800 192.168.122.1 53
192.168.122.203 59476 192.168.122.1 53
192.168.122.203 59541 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAilokbNS1yMg9cCtLurU0k%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAilokbNS1yMg9cCtLurU0k%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
URL专业沙箱检测 -> http://status.rapidssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRhhZrQET0hvbSHUJmNfBKqR%2FiT7wQUU8oXWfxrwAMhLxqu5KqoHIJW2nUCEA4uaem83ISxu6lITZtFVbg%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRhhZrQET0hvbSHUJmNfBKqR%2FiT7wQUU8oXWfxrwAMhLxqu5KqoHIJW2nUCEA4uaem83ISxu6lITZtFVbg%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: status.rapidssl.com
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D HTTP/1.1
Cache-Control: max-age = 172800
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 02 Sep 2017 23:21:17 GMT
If-None-Match: "59ab3ced-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
URL专业沙箱检测 -> http://crl.microsoft.com/pki/crl/products/tspca.crl 
GET /pki/crl/products/tspca.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT
If-None-Match: "8ab194b3d77cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2018-05-22 10:43:04.283617+0800 192.168.122.203 60232 123.59.85.61 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL RSA CA 2018 CN=*.coding.net 0a:01:a0:8e:69:da:48:a2:a7:8b:07:ac:d3:2e:02:b5:7a:ff:0c:22
2018-05-22 10:43:05.253765+0800 192.168.122.203 60235 151.101.72.133 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=www.github.com cc:aa:48:48:66:46:0e:91:53:2c:9c:7c:23:2a:b1:74:4d:29:9d:33

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
文件名 info_48[1]
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\info_48[1]
文件大小 6993 字节
文件类型 PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
MD5 49e0ef03e74704089a60c437085db89e
SHA1 c2e7ab3ce114465ea7060f2ef738afcb3341a384
SHA256 caa140523ba00994536b33618654e379216261babaae726164a0f74157bb11ff
CRC32 4C99540A
Ssdeep 192:NS0tKg9E05THXQJBCnFux5TsRfb+Y0ObhD9Uc7:LXE05UBCFAORfK9S7b7
下载提交魔盾安全分析
文件名 AF3BA1CDD96BBC740C9CE3754F348BED_701DAB1CC0884E141C0D88DDAF656B57
相关文件
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AF3BA1CDD96BBC740C9CE3754F348BED_701DAB1CC0884E141C0D88DDAF656B57
文件大小 471 字节
文件类型 data
MD5 080e31a88e9987a21e7260d40e5de490
SHA1 28e9061611b73470ef06fce5797c19bbe2b78fe4
SHA256 dfbba6a878bb44b39914ee5f2420940219664ae801a8e9c1ff28582269f2fc12
CRC32 32307E66
Ssdeep 12:J0MK05N3klNuKwe1sXHkjYdQKAZmRD/EtmQgLt9n:J1jmXmXkjwQK8mFYPgv
下载提交魔盾安全分析
文件名 B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
相关文件
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
文件大小 430 字节
文件类型 data
MD5 e68435f1d64c4fb51ccd7b10ed410376
SHA1 59aa2b63d2f7d6e8322afd3f2f8fe5b39e605c99
SHA256 60a49bfd81e3440c430596941341f10287b2ddec95fc37e0ec61a8ad94258deb
CRC32 138E3C83
Ssdeep 6:kKaT/gquJXlRNfOAUMivhClroFH7q0yNXImolv9RUuQ2vmLlkebOyelymW1wJMl3:CL0mxMiv8sFbq0yNYmc3Q2BjCmW1f8i
下载提交魔盾安全分析
文件名 B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
相关文件
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
文件大小 471 字节
文件类型 data
MD5 6decc9ce9e0d23e2c887ce786a7da5cb
SHA1 332a55367460687b4c63e43e9708d64b90cb93b4
SHA256 feb7140e32db82d51fde03452eaab3e7ba029d28bb0d7c93fd53c65f8fcc04f9
CRC32 82C28CFC
Ssdeep 12:JD2+5V0UG5J72+aDHYeVjneRoBN/z2j0xlQzyyzWlb6QK:JD2+5Ctf72+aD3VbcutlxYRzWlbI
下载提交魔盾安全分析
文件名 EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
相关文件
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
文件大小 426 字节
文件类型 data
MD5 ac3e03ba538e63364a3c38a97aec87c6
SHA1 508852d68a38c0167624a1e70d007f28a34db91a
SHA256 05d87e691a9338aecc3937340bb65fe90fa98f78641368c92fe2e744fa7d182e
CRC32 2DC6AF5F
Ssdeep 6:kKQGp/gWXlRNfOAUMivhClroFn1cgvVJuIuAQbDUFwGQlhzksEUYeWqGlsG:VlmxMiv8sF1JbqDkwJr4bT5
下载提交魔盾安全分析
文件名 httpErrorPagesScripts[1]
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\httpErrorPagesScripts[1]
文件大小 8601 字节
文件类型 UTF-8 Unicode (with BOM) text, with CRLF, CR line terminators
MD5 e7ca76a3c9ee0564471671d500e3f0f3
SHA1 fe815ae0f865ec4c26e421bf0bd21bb09bc6f410
SHA256 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
CRC32 A7C34EF3
Ssdeep 192:HMmjTiiKfi9Ii4UFjC9jo4oXdu7mjxAb3Y:smjTiiKfi9IiPj+k3Xdu7mjxAb3Y
魔盾安全分析结果 4.0分析时间:2016-11-15 15:05:24查看分析报告
下载提交魔盾安全分析
文件名 background_gradient[1]
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\background_gradient[1]
文件大小 453 字节
文件类型 JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
MD5 20f0110ed5e4e0d5384a496e4880139b
SHA1 51f5fc61d8bf19100df0f8aadaa57fcd9c086255
SHA256 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
CRC32 C2D0CE77
Ssdeep 6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
下载提交魔盾安全分析
文件名 navcancl[1]
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\navcancl[1]
文件大小 2716 字节
文件类型 HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 62d05660b732343d28afa32d84871132
SHA1 af1308bd1901940cec73da4ff919d9f4e9301644
SHA256 f7a799f8356f190f7e776353ed9625e62a99b0bf46445d99a924f36289be1529
CRC32 9D1842C4
Ssdeep 48:upU0dVeLVGBXvrVa4n/1a5TImNe/G7pKX:urp8Ea/aCpi
下载提交魔盾安全分析
文件名 errorPageStrings[1]
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\errorPageStrings[1]
文件大小 1643 字节
文件类型 UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 13216fa0f896b1b7c445fe9a54b5b998
SHA1 d343d35b45507640bc68487d4ad3afcb927ce950
SHA256 7a656b15efaacb1179b883327369819483b5a0c2f2d8486db6c347f4f8a7ae61
CRC32 3A14753A
Ssdeep 48:zGY5w5zquO05l9zWJ6N51Re45RnR5RynEK+5RXdHymL5RlRdPoh5y5U5BU5Cc:z5Qzq3crIM1RtR3Rynd6RXd5RTmnW4xc
魔盾安全分析结果 4.0分析时间:2016-11-15 15:07:57查看分析报告
下载提交魔盾安全分析
文件名 bullet[1]
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\bullet[1]
文件大小 3169 字节
文件类型 PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
MD5 0c4c086dd852704e8eeb8ff83e3b73d1
SHA1 56bac3d2c88a83628134b36322e37deb6b00b1a1
SHA256 1cb3b6ea56c5b5decf5e1d487ad51dbb2f62e6a6c78f23c1c81fda1b64f8db16
CRC32 51CC83D9
Ssdeep 48:VocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcOD2X+r0svw:VZ/I09Da01l+gmkyTt6Hk8nT2X+r0kw
下载提交魔盾安全分析
文件名 EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
相关文件
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
文件大小 471 字节
文件类型 data
MD5 81dc0b00ad6873b423d46b2944fdba6c
SHA1 68eaa2f7033c292e96251ea1953de3edb91431b6
SHA256 6bdacbc89ef14c192ea8db871b5ad348f73603bcaa023692a92e56eb956e3612
CRC32 2520FFEC
Ssdeep 12:JY0SV0UG5FZt55HYeVHoinibGCrRsx+FB1V+S2tTKOIy:JY0Pt3ZBVTKsx41YSdOIy
下载提交魔盾安全分析
文件名 AF3BA1CDD96BBC740C9CE3754F348BED_701DAB1CC0884E141C0D88DDAF656B57
相关文件
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF3BA1CDD96BBC740C9CE3754F348BED_701DAB1CC0884E141C0D88DDAF656B57
文件大小 434 字节
文件类型 data
MD5 47c2602c23e3c80a19d431efa0a6fa87
SHA1 c6b318704df78e662991e52c13cd93f1164e09f0
SHA256 f9467b971e68f55fbabf77906690cc44e9b676ad661821681951689d84a7ba56
CRC32 A7349CC6
Ssdeep 6:kK3/PTIlHFwkzXlRXRQT0B1ZpivhClroFy8B50OQiljVW/bY+yeSUw8SzLldeVh8:rIYEge3iv8sFy8v0OQiljVO8+yew8J8
下载提交魔盾安全分析
文件名 ErrorPageTemplate[1]
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\ErrorPageTemplate[1]
文件大小 2226 字节
文件类型 UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 9e7f4ae3f245c70af5b7dbe095647d30
SHA1 cbcffb08f72c10e3e2493ca0044872a7ebdc7215
SHA256 2f9117806e0e1ae4fc3b023b348910657b6948de2ecfd4f39f2846cebbefc1df
CRC32 08BB8CA5
Ssdeep 48:5sFR52FH5k5pvFehWrrarrZIrHd3FIQfOS6:5s52TydFPr81yHpBGR
魔盾安全分析结果 4.0分析时间:2016-11-15 15:07:12查看分析报告
下载提交魔盾安全分析
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 34.269 seconds )

  • 20.617 NetworkAnalysis
  • 8.092 Suricata
  • 1.732 TargetInfo
  • 1.391 VirusTotal
  • 1.296 Static
  • 0.555 BehaviorAnalysis
  • 0.322 peid
  • 0.171 AnalysisInfo
  • 0.075 Dropped
  • 0.011 Strings
  • 0.003 config_decoder
  • 0.002 Debug
  • 0.002 Memory

Signatures ( 1.806 seconds )

  • 1.436 md_url_bl
  • 0.069 antiav_detectreg
  • 0.026 stealth_timeout
  • 0.025 infostealer_ftp
  • 0.024 md_domain_bl
  • 0.023 md_bad_drop
  • 0.02 api_spamming
  • 0.016 decoy_document
  • 0.014 antianalysis_detectreg
  • 0.014 infostealer_im
  • 0.011 antivm_generic_scsi
  • 0.008 antiav_detectfile
  • 0.008 infostealer_mail
  • 0.006 geodo_banking_trojan
  • 0.005 antivm_generic_services
  • 0.005 persistence_autorun
  • 0.005 infostealer_bitcoin
  • 0.005 ransomware_extensions
  • 0.005 ransomware_files
  • 0.003 antiemu_wine_func
  • 0.003 betabot_behavior
  • 0.003 mimics_filetime
  • 0.003 kibex_behavior
  • 0.003 antivm_generic_disk
  • 0.003 kovter_behavior
  • 0.003 antivm_parallels_keys
  • 0.003 antivm_vbox_files
  • 0.003 antivm_xen_keys
  • 0.003 darkcomet_regkeys
  • 0.002 bootkit
  • 0.002 rat_nanocore
  • 0.002 tinba_behavior
  • 0.002 reads_self
  • 0.002 stealth_file
  • 0.002 antivm_vbox_libs
  • 0.002 infostealer_browser_password
  • 0.002 antidbg_windows
  • 0.002 virus
  • 0.002 antivm_generic_diskreg
  • 0.002 disables_browser_warn
  • 0.002 network_http
  • 0.002 network_torgateway
  • 0.002 recon_fingerprint
  • 0.001 hancitor_behavior
  • 0.001 antiav_avast_libs
  • 0.001 dridex_behavior
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 cerber_behavior
  • 0.001 antidbg_devices
  • 0.001 antisandbox_productid
  • 0.001 antivm_xen_keys
  • 0.001 antivm_hyperv_keys
  • 0.001 antivm_vbox_acpi
  • 0.001 antivm_vbox_keys
  • 0.001 antivm_vmware_keys
  • 0.001 antivm_vpc_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 modify_proxy
  • 0.001 browser_security
  • 0.001 bypass_firewall
  • 0.001 modify_uac_prompt
  • 0.001 network_cnc_http
  • 0.001 packer_armadillo_regkey

Reporting ( 0.493 seconds )

  • 0.475 ReportHTMLSummary
  • 0.018 Malheur
Task ID 162428
Mongo ID 5b03845abb7d5744f9ff4186
Cuckoo release 1.4-Maldun