分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp01-1 | 2018-05-22 11:38:48 | 2018-05-22 11:41:05 | 137 秒 |
魔盾分数
0.35
正常的
文件详细信息
| 文件名 | winspool.drv |
|---|---|
| 文件大小 | 150016 字节 |
| 文件类型 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | 9f5eee5fb93bd84e50c34b052641772d |
| SHA1 | 286160bc2db9448fa7adf9c1b0638cfc024a9141 |
| SHA256 | 246730b6019d9bde8dfa9f5592cc9499838a321fa68afcbdefcbfe8251252fa7 |
| SHA512 | 03d690cf1bcb9a26475a858b815ac5f6572b62c8f4ee2297e76c69646313e3de658f9499d661f3e40d6e6ce2c78fb2adb2125f84965b71d980f7d20e804b2260 |
| CRC32 | 15777F51 |
| Ssdeep | 3072:J92N8kNEd1C4SdplwNGsI0n3wcskhMDgA8FfYuAbkiN:JMbQ1CRp2p3wcsO4gAWYuq1 |
| Yara | 登录查看Yara规则 |
| 样本下载 提交漏报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x72f40000 |
|---|---|
| 入口地址 | 0x72f41445 |
| 声明校验值 | 0x00028886 |
| 实际校验值 | 0x00028886 |
| 最低操作系统版本要求 | 5.2 |
| PDB路径 | winspool.pdb |
| 编译时间 | 2007-02-17 23:32:05 |
| 载入哈希 | 1bb98a0d72f46be3503f55ba5bc72e82 |
| 导出DLL库名称 | WINSPOOL.DRV |
版本信息
| LegalCopyright | |
|---|---|
| InternalName | |
| FileVersion | |
| CompanyName | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| OriginalFilename | |
| Translation |
PEiD 规则
| [u'MS Visual C++ v.8 DLL (h-small sig2)'] |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00020f79 | 0x00021000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.37 |
| .data | 0x00022000 | 0x000019e4 | 0x00001800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 1.59 |
| .rsrc | 0x00024000 | 0x000007a4 | 0x00000800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.38 |
| .reloc | 0x00025000 | 0x000015a0 | 0x00001600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 6.72 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| RT_DIALOG | 0x00024160 | 0x000000d4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.46 | data |
| RT_STRING | 0x0002429c | 0x00000088 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.80 | data |
| RT_STRING | 0x0002429c | 0x00000088 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.80 | data |
| RT_MESSAGETABLE | 0x00024324 | 0x000000d0 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.98 | data |
| RT_VERSION | 0x000243f4 | 0x000003b0 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.55 | data |
导入
库: msvcrt.dll:
• 0x72f41000 wcslen
• 0x72f41004 _except_handler3
• 0x72f41008 wcschr
• 0x72f4100c _vsnwprintf
• 0x72f41010 _wcsnicmp
• 0x72f41014 wcsncmp
• 0x72f41018 wcsncpy
• 0x72f4101c wcsrchr
• 0x72f41020 wcspbrk
• 0x72f41024 wcscmp
• 0x72f41028 ??3@YAXPAX@Z
• 0x72f4102c ??2@YAPAXI@Z
• 0x72f41030 free
• 0x72f41034 _initterm
• 0x72f41038 _adjust_fdiv
• 0x72f4103c malloc
• 0x72f41040 memmove
• 0x72f41044 _wcsicmp
库: KERNEL32.dll:
• 0x72f41068 GetProcAddress
• 0x72f4106c LoadLibraryW
• 0x72f41070 SetLastError
• 0x72f41074 GetModuleFileNameW
• 0x72f41078 GetSystemDirectoryW
• 0x72f4107c DeleteCriticalSection
• 0x72f41080 InitializeCriticalSectionAndSpinCount
• 0x72f41084 DisableThreadLibraryCalls
• 0x72f41088 LocalFree
• 0x72f4108c WriteFile
• 0x72f41090 LeaveCriticalSection
• 0x72f41094 EnterCriticalSection
• 0x72f41098 GetCurrentProcessId
• 0x72f4109c CloseHandle
• 0x72f410a0 DeactivateActCtx
• 0x72f410a4 LoadLibraryExW
• 0x72f410a8 ActivateActCtx
• 0x72f410ac SetEvent
• 0x72f410b0 CreateThread
• 0x72f410b4 CreateEventW
• 0x72f410b8 ReleaseActCtx
• 0x72f410bc GetFileAttributesW
• 0x72f410c0 GetFullPathNameW
• 0x72f410c4 InterlockedIncrement
• 0x72f410c8 InterlockedDecrement
• 0x72f410cc LocalAlloc
• 0x72f410d0 GetFileType
• 0x72f410d4 GetLastError
• 0x72f410d8 lstrcmpiW
• 0x72f410dc VirtualFree
• 0x72f410e0 VirtualAlloc
• 0x72f410e4 GetNativeSystemInfo
• 0x72f410e8 LoadLibraryA
• 0x72f410ec GetVersionExW
• 0x72f410f0 lstrcmpW
• 0x72f410f4 GetTickCount
• 0x72f410f8 CreateActCtxW
• 0x72f410fc WaitForSingleObject
• 0x72f41100 InterlockedCompareExchange
• 0x72f41104 Sleep
• 0x72f41108 ReleaseMutex
• 0x72f4110c FreeLibrary
• 0x72f41110 GetSystemWindowsDirectoryW
• 0x72f41114 CreateMutexW
• 0x72f41118 ProcessIdToSessionId
• 0x72f4111c OpenEventW
• 0x72f41120 lstrlenW
• 0x72f41124 MultiByteToWideChar
• 0x72f41128 WideCharToMultiByte
• 0x72f4112c GetModuleHandleW
• 0x72f41130 FormatMessageW
• 0x72f41134 SearchPathW
• 0x72f41138 GetCurrentDirectoryW
• 0x72f4113c FindClose
• 0x72f41140 FindFirstFileW
• 0x72f41144 ResetEvent
• 0x72f41148 GlobalFree
• 0x72f4114c GlobalAlloc
• 0x72f41150 DnsHostnameToComputerNameW
• 0x72f41154 GetTempFileNameW
• 0x72f41158 GetTempPathW
• 0x72f4115c GetFileSize
• 0x72f41160 SetEndOfFile
• 0x72f41164 DelayLoadFailureHook
• 0x72f41168 SetFilePointer
• 0x72f4116c DeleteFileW
• 0x72f41170 HeapDestroy
• 0x72f41174 HeapAlloc
• 0x72f41178 HeapCreate
• 0x72f4117c HeapFree
• 0x72f41180 QueryPerformanceCounter
• 0x72f41184 GetCurrentThreadId
• 0x72f41188 GetSystemTimeAsFileTime
• 0x72f4118c TerminateProcess
• 0x72f41190 GetCurrentProcess
• 0x72f41194 UnhandledExceptionFilter
• 0x72f41198 SetUnhandledExceptionFilter
• 0x72f4119c HeapSetInformation
• 0x72f411a0 MapViewOfFile
• 0x72f411a4 UnmapViewOfFile
• 0x72f411a8 CreateFileMappingW
• 0x72f411ac CreateDirectoryW
• 0x72f411b0 GetSystemInfo
• 0x72f411b4 CopyFileW
• 0x72f411b8 CreateProcessW
• 0x72f411bc CreateFileW
• 0x72f411c0 ReadFile
库: RPCRT4.dll:
• 0x72f411c8 RpcMgmtIsServerListening
• 0x72f411cc RpcStringFreeW
• 0x72f411d0 RpcBindingSetAuthInfoExW
• 0x72f411d4 RpcBindingFromStringBindingW
• 0x72f411d8 RpcStringBindingComposeW
• 0x72f411dc RpcSmDestroyClientContext
• 0x72f411e0 RpcBindingFree
• 0x72f411e4 I_RpcExceptionFilter
• 0x72f411e8 NdrClientCall2
库: ADVAPI32.dll:
• 0x72f411f0 RegCloseKey
• 0x72f411f4 DeregisterEventSource
• 0x72f411f8 ReportEventW
• 0x72f411fc RegisterEventSourceW
• 0x72f41200 OpenSCManagerW
• 0x72f41204 OpenServiceW
• 0x72f41208 QueryServiceConfigW
• 0x72f4120c CloseServiceHandle
• 0x72f41210 RegOpenCurrentUser
• 0x72f41214 RegEnumValueW
• 0x72f41218 RegEnumKeyExW
• 0x72f4121c RegDeleteKeyW
• 0x72f41220 RegOpenKeyExW
• 0x72f41224 IsValidSecurityDescriptor
• 0x72f41228 InitializeSecurityDescriptor
• 0x72f4122c GetSecurityDescriptorOwner
• 0x72f41230 SetSecurityDescriptorOwner
• 0x72f41234 GetSecurityDescriptorGroup
• 0x72f41238 SetSecurityDescriptorGroup
• 0x72f4123c GetSecurityDescriptorDacl
• 0x72f41240 SetSecurityDescriptorDacl
• 0x72f41244 GetSecurityDescriptorSacl
• 0x72f41248 SetSecurityDescriptorSacl
• 0x72f4124c GetSecurityDescriptorLength
• 0x72f41250 MakeSelfRelativeSD
• 0x72f41254 RegQueryValueExW
• 0x72f41258 RegDeleteValueW
• 0x72f4125c RegCreateKeyExW
• 0x72f41260 RegSetValueExW
库: USER32.dll:
• 0x72f41268 GetDesktopWindow
• 0x72f4126c GetWindowLongW
• 0x72f41270 EndDialog
• 0x72f41274 BringWindowToTop
• 0x72f41278 SetWindowLongW
• 0x72f4127c SendDlgItemMessageW
• 0x72f41280 GetDlgItemTextW
• 0x72f41284 MessageBoxW
• 0x72f41288 GetForegroundWindow
• 0x72f4128c SendNotifyMessageW
• 0x72f41290 AllowSetForegroundWindow
• 0x72f41294 IsWindow
• 0x72f41298 GetFocus
• 0x72f4129c GetMessageW
• 0x72f412a0 LoadStringW
• 0x72f412a4 GetProcessWindowStation
• 0x72f412a8 GetUserObjectInformationW
• 0x72f412ac FindWindowW
• 0x72f412b0 DialogBoxParamW
• 0x72f412b4 PostMessageW
• 0x72f412b8 GetGUIThreadInfo
• 0x72f412bc GetParent
• 0x72f412c0 WinHelpW
• 0x72f412c4 GetWindow
• 0x72f412c8 GetLastActivePopup
• 0x72f412cc EnableWindow
• 0x72f412d0 SetFocus
• 0x72f412d4 SetForegroundWindow
• 0x72f412d8 PeekMessageW
• 0x72f412dc DispatchMessageW
• 0x72f412e0 TranslateMessage
• 0x72f412e4 MsgWaitForMultipleObjects
导出
| 序列 | 地址 | 名称 |
|---|---|---|
| 107 | 0x72f57794 | ADVANCEDSETUPDIALOG |
| 108 | 0x72f52709 | AbortPrinter |
| 109 | 0x72f55f83 | AddFormA |
| 110 | 0x72f4e711 | AddFormW |
| 111 | 0x72f56e9c | AddJobA |
| 112 | 0x72f48dd5 | AddJobW |
| 113 | 0x72f561d4 | AddMonitorA |
| 114 | 0x72f51301 | AddMonitorW |
| 115 | 0x72f5606b | AddPortA |
| 116 | 0x72f56497 | AddPortExA |
| 117 | 0x72f4f69c | AddPortExW |
| 118 | 0x72f53c39 | AddPortW |
| 119 | 0x72f55750 | AddPrintProcessorA |
| 120 | 0x72f50bc1 | AddPrintProcessorW |
| 121 | 0x72f56351 | AddPrintProvidorA |
| 122 | 0x72f4f35e | AddPrintProvidorW |
| 123 | 0x72f5509e | AddPrinterA |
| 124 | 0x72f5515f | AddPrinterConnectionA |
| 125 | 0x72f53060 | AddPrinterConnectionW |
| 126 | 0x72f5554f | AddPrinterDriverA |
| 127 | 0x72f55415 | AddPrinterDriverExA |
| 128 | 0x72f50596 | AddPrinterDriverExW |
| 129 | 0x72f50a3d | AddPrinterDriverW |
| 130 | 0x72f52d13 | AddPrinterW |
| 131 | 0x72f576a3 | AdvancedDocumentPropertiesA |
| 132 | 0x72f53829 | AdvancedDocumentPropertiesW |
| 133 | 0x72f57794 | AdvancedSetupDialog |
| 134 | 0x72f4525d | ClosePrinter |
| 135 | 0x72f4df11 | CloseSpoolFileHandle |
| 136 | 0x72f4de21 | CommitSpoolData |
| 137 | 0x72f560c3 | ConfigurePortA |
| 138 | 0x72f53ed9 | ConfigurePortW |
| 139 | 0x72f4fc0b | ConnectToPrinterDlg |
| 140 | 0x72f54e44 | ConvertAnsiDevModeToUnicodeDevmode |
| 141 | 0x72f569fe | ConvertUnicodeDevModeToAnsiDevmode |
| 142 | 0x72f4f0a6 | CreatePrinterIC |
| 143 | 0x72f46d79 | DEVICECAPABILITIES |
| 144 | 0x72f55e27 | DEVICEMODE |
| 145 | 0x72f55fcb | DeleteFormA |
| 146 | 0x72f4e811 | DeleteFormW |
| 147 | 0x72f56251 | DeleteMonitorA |
| 148 | 0x72f513d1 | DeleteMonitorW |
| 149 | 0x72f5611b | DeletePortA |
| 150 | 0x72f54131 | DeletePortW |
| 151 | 0x72f562c8 | DeletePrintProcessorA |
| 152 | 0x72f51481 | DeletePrintProcessorW |
| 153 | 0x72f56420 | DeletePrintProvidorA |
| 154 | 0x72f51531 | DeletePrintProvidorW |
| 155 | 0x72f503c9 | DeletePrinter |
| 156 | 0x72f55195 | DeletePrinterConnectionA |
| 157 | 0x72f53119 | DeletePrinterConnectionW |
| 158 | 0x72f5586b | DeletePrinterDataA |
| 159 | 0x72f558a5 | DeletePrinterDataExA |
| 160 | 0x72f4e371 | DeletePrinterDataExW |
| 161 | 0x72f4e2c1 | DeletePrinterDataW |
| 162 | 0x72f555ea | DeletePrinterDriverA |
| 163 | 0x72f5556d | DeletePrinterDriverExA |
| 164 | 0x72f50a5b | DeletePrinterDriverExW |
| 165 | 0x72f50b11 | DeletePrinterDriverW |
| 166 | 0x72f4f249 | DeletePrinterIC |
| 167 | 0x72f558fd | DeletePrinterKeyA |
| 168 | 0x72f4e429 | DeletePrinterKeyW |
| 169 | 0x72f51869 | DevQueryPrint |
| 170 | 0x72f51901 | DevQueryPrintEx |
| 171 | 0x72f46d79 | DeviceCapabilities |
| 172 | 0x72f46d79 | DeviceCapabilitiesA |
| 173 | 0x72f46e56 | DeviceCapabilitiesW |
| 174 | 0x72f55e27 | DeviceMode |
| 175 | 0x72f4c8da | DevicePropertySheets |
| 176 | 0x72f42cc9 | DocumentEvent |
| 177 | 0x72f46c78 | DocumentPropertiesA |
| 178 | 0x72f46509 | DocumentPropertiesW |
| 179 | 0x72f465dd | DocumentPropertySheets |
| 180 | 0x72f4c301 | EXTDEVICEMODE |
| 181 | 0x72f4875c | EndDocPrinter |
| 182 | 0x72f49217 | EndPagePrinter |
| 183 | 0x72f57847 | EnumFormsA |
| 184 | 0x72f468b1 | EnumFormsW |
| 185 | 0x72f56b2a | EnumJobsA |
| 186 | 0x72f5025d | EnumJobsW |
| 187 | 0x72f5794e | EnumMonitorsA |
| 188 | 0x72f4ec19 | EnumMonitorsW |
| 189 | 0x72f578aa | EnumPortsA |
| 190 | 0x72f4eb29 | EnumPortsW |
| 191 | 0x72f56df9 | EnumPrintProcessorDatatypesA |
| 192 | 0x72f4db21 | EnumPrintProcessorDatatypesW |
| 193 | 0x72f56cdd | EnumPrintProcessorsA |
| 194 | 0x72f50c81 | EnumPrintProcessorsW |
| 195 | 0x72f57479 | EnumPrinterDataA |
| 196 | 0x72f57573 | EnumPrinterDataExA |
| 197 | 0x72f4e0d1 | EnumPrinterDataExW |
| 198 | 0x72f4dfc9 | EnumPrinterDataW |
| 199 | 0x72f4c632 | EnumPrinterDriversA |
| 200 | 0x72f4984d | EnumPrinterDriversW |
| 225 | 0x72f56888 | EnumPrinterKeyA |
| 233 | 0x72f4e1e9 | EnumPrinterKeyW |
| 234 | 0x72f4c536 | EnumPrintersA |
| 235 | 0x72f4822f | EnumPrintersW |
| 236 | 0x72f4c301 | ExtDeviceMode |
| 237 | 0x72f47958 | FindClosePrinterChangeNotification |
| 238 | 0x72f47ee4 | FindFirstPrinterChangeNotification |
| 239 | 0x72f47ba8 | FindNextPrinterChangeNotification |
| 240 | 0x72f4dbe9 | FlushPrinter |
| 241 | 0x72f47e56 | FreePrinterNotifyInfo |
| 201 | 0x72f57aef | GetDefaultPrinterA |
| 203 | 0x72f48399 | GetDefaultPrinterW |
| 242 | 0x72f577da | GetFormA |
| 243 | 0x72f4e8f1 | GetFormW |
| 244 | 0x72f56a9c | GetJobA |
| 245 | 0x72f48a5a | GetJobW |
| 246 | 0x72f56d80 | GetPrintProcessorDirectoryA |
| 247 | 0x72f50d61 | GetPrintProcessorDirectoryW |
| 248 | 0x72f47737 | GetPrinterA |
| 249 | 0x72f56eed | GetPrinterDataA |
| 250 | 0x72f57181 | GetPrinterDataExA |
| 251 | 0x72f49739 | GetPrinterDataExW |
| 252 | 0x72f453c7 | GetPrinterDataW |
| 253 | 0x72f47616 | GetPrinterDriverA |
| 254 | 0x72f56be7 | GetPrinterDriverDirectoryA |
| 255 | 0x72f467e9 | GetPrinterDriverDirectoryW |
| 256 | 0x72f46206 | GetPrinterDriverW |
| 257 | 0x72f45d7c | GetPrinterW |
| 258 | 0x72f4dd51 | GetSpoolFileHandle |
| 259 | 0x72f56661 | IsValidDevmodeA |
| 260 | 0x72f495cc | IsValidDevmodeW |
| 261 | 0x72f4741a | OpenPrinterA |
| 262 | 0x72f45862 | OpenPrinterW |
| 104 | 0x72f5f1d0 | PerfClose |
| 105 | 0x72f5f0c7 | PerfCollect |
| 106 | 0x72f5efb0 | PerfOpen |
| 263 | 0x72f4f1b9 | PlayGdiScriptOnPrinterIC |
| 264 | 0x72f56173 | PrinterMessageBoxA |
| 265 | 0x72f4f353 | PrinterMessageBoxW |
| 266 | 0x72f534d9 | PrinterProperties |
| 267 | 0x72f49667 | QueryColorProfile |
| 268 | 0x72f4f2d1 | QueryRemoteFonts |
| 269 | 0x72f4f86b | QuerySpoolMode |
| 270 | 0x72f49413 | ReadPrinter |
| 271 | 0x72f54f05 | ResetPrinterA |
| 272 | 0x72f47a5f | ResetPrinterW |
| 273 | 0x72f4888c | ScheduleJob |
| 274 | 0x72f4896b | SeekPrinter |
| 275 | 0x72f4f771 | SetAllocFailCount |
| 202 | 0x72f56680 | SetDefaultPrinterA |
| 204 | 0x72f58d83 | SetDefaultPrinterW |
| 276 | 0x72f56004 | SetFormA |
| 277 | 0x72f4ea29 | SetFormW |
| 278 | 0x72f54fb4 | SetJobA |
| 279 | 0x72f49129 | SetJobW |
| 280 | 0x72f565c7 | SetPortA |
| 281 | 0x72f4f961 | SetPortW |
| 282 | 0x72f551cb | SetPrinterA |
| 283 | 0x72f55937 | SetPrinterDataA |
| 284 | 0x72f559be | SetPrinterDataExA |
| 285 | 0x72f4e591 | SetPrinterDataExW |
| 286 | 0x72f4e4d9 | SetPrinterDataW |
| 287 | 0x72f4d51d | SetPrinterW |
| 288 | 0x72f4e661 | SplDriverUnloadComplete |
| 289 | 0x72f52ac1 | SpoolerDevQueryPrintW |
| 290 | 0x72f49add | SpoolerInit |
| 291 | 0x72f53041 | SpoolerPrinterEvent |
| 292 | 0x72f579f2 | StartDocDlgA |
| 293 | 0x72f515c9 | StartDocDlgW |
| 294 | 0x72f55807 | StartDocPrinterA |
| 295 | 0x72f48bd0 | StartDocPrinterW |
| 296 | 0x72f49368 | StartPagePrinter |
| 297 | 0x72f58690 | WaitForPrinterChange |
| 298 | 0x72f48514 | WritePrinter |
| 299 | 0x72f4fa31 | XcvDataW |
| 100 | 0x72f4f859 | |
| 101 | 0x72f587e1 | |
| 102 | 0x72f588fd | |
| 103 | 0x72f58999 | |
| 205 | 0x72f492cb | |
| 206 | 0x72f55661 | |
| 207 | 0x72f4d919 | |
| 208 | 0x72f556fb | |
| 209 | 0x72f4d9d1 | |
| 210 | 0x72f56c71 | |
| 211 | 0x72f4da69 | |
| 212 | 0x72f4646f | |
| 213 | 0x72f463a6 | |
| 214 | 0x72f46336 | |
| 215 | 0x72f50f9a | |
| 216 | 0x72f57b62 | |
| 217 | 0x72f5ba49 | |
| 218 | 0x72f50182 | |
| 219 | 0x72f54211 | |
| 220 | 0x72f54309 | |
| 221 | 0x72f54401 | |
| 222 | 0x72f4fc69 | |
| 223 | 0x72f57d96 | |
| 224 | 0x72f52c95 | |
| 226 | 0x72f5e471 | |
| 227 | 0x72f5e495 | |
| 228 | 0x72f5e5d2 | |
| 229 | 0x72f54759 | |
| 230 | 0x72f544f9 | |
| 231 | 0x72f54661 | |
| 232 | 0x72f4d7c9 |
.text
`.data
.rsrc
@.reloc
msvcrt.dll
ntdll.dll
GDI32.dll
KERNEL32.dll
RPCRT4.dll
ADVAPI32.dll
USER32.dll
WINSPOOL.DRV
ADVANCEDSETUPDIALOG
AbortPrinter
AddFormA
AddFormW
AddJobA
AddJobW
AddMonitorA
AddMonitorW
AddPortA
AddPortExA
AddPortExW
AddPortW
AddPrintProcessorA
AddPrintProcessorW
AddPrintProvidorA
AddPrintProvidorW
AddPrinterA
AddPrinterConnectionA
AddPrinterConnectionW
AddPrinterDriverA
AddPrinterDriverExA
AddPrinterDriverExW
AddPrinterDriverW
AddPrinterW
AdvancedDocumentPropertiesA
AdvancedDocumentPropertiesW
AdvancedSetupDialog
ClosePrinter
CloseSpoolFileHandle
CommitSpoolData
ConfigurePortA
ConfigurePortW
ConnectToPrinterDlg
ConvertAnsiDevModeToUnicodeDevmode
ConvertUnicodeDevModeToAnsiDevmode
CreatePrinterIC
DEVICECAPABILITIES
DEVICEMODE
DeleteFormA
DeleteFormW
DeleteMonitorA
DeleteMonitorW
DeletePortA
DeletePortW
DeletePrintProcessorA
DeletePrintProcessorW
DeletePrintProvidorA
DeletePrintProvidorW
DeletePrinter
DeletePrinterConnectionA
DeletePrinterConnectionW
DeletePrinterDataA
DeletePrinterDataExA
DeletePrinterDataExW
DeletePrinterDataW
DeletePrinterDriverA
DeletePrinterDriverExA
DeletePrinterDriverExW
DeletePrinterDriverW
DeletePrinterIC
DeletePrinterKeyA
DeletePrinterKeyW
DevQueryPrint
DevQueryPrintEx
DeviceCapabilities
DeviceCapabilitiesA
DeviceCapabilitiesW
DeviceMode
DevicePropertySheets
DocumentEvent
DocumentPropertiesA
DocumentPropertiesW
DocumentPropertySheets
EXTDEVICEMODE
EndDocPrinter
EndPagePrinter
EnumFormsA
EnumFormsW
EnumJobsA
EnumJobsW
EnumMonitorsA
EnumMonitorsW
EnumPortsA
EnumPortsW
EnumPrintProcessorDatatypesA
EnumPrintProcessorDatatypesW
EnumPrintProcessorsA
EnumPrintProcessorsW
EnumPrinterDataA
EnumPrinterDataExA
EnumPrinterDataExW
EnumPrinterDataW
EnumPrinterDriversA
EnumPrinterDriversW
EnumPrinterKeyA
EnumPrinterKeyW
EnumPrintersA
EnumPrintersW
ExtDeviceMode
FindClosePrinterChangeNotification
FindFirstPrinterChangeNotification
FindNextPrinterChangeNotification
FlushPrinter
FreePrinterNotifyInfo
GetDefaultPrinterA
GetDefaultPrinterW
GetFormA
GetFormW
GetJobA
GetJobW
GetPrintProcessorDirectoryA
GetPrintProcessorDirectoryW
GetPrinterA
GetPrinterDataA
GetPrinterDataExA
GetPrinterDataExW
GetPrinterDataW
GetPrinterDriverA
GetPrinterDriverDirectoryA
GetPrinterDriverDirectoryW
GetPrinterDriverW
GetPrinterW
GetSpoolFileHandle
IsValidDevmodeA
IsValidDevmodeW
OpenPrinterA
OpenPrinterW
PerfClose
PerfCollect
PerfOpen
PlayGdiScriptOnPrinterIC
PrinterMessageBoxA
PrinterMessageBoxW
PrinterProperties
QueryColorProfile
QueryRemoteFonts
QuerySpoolMode
ReadPrinter
ResetPrinterA
ResetPrinterW
ScheduleJob
SeekPrinter
SetAllocFailCount
SetDefaultPrinterA
SetDefaultPrinterW
SetFormA
SetFormW
SetJobA
SetJobW
SetPortA
SetPortW
SetPrinterA
SetPrinterDataA
SetPrinterDataExA
SetPrinterDataExW
SetPrinterDataW
SetPrinterW
SplDriverUnloadComplete
SpoolerDevQueryPrintW
SpoolerInit
SpoolerPrinterEvent
StartDocDlgA
StartDocDlgW
StartDocPrinterA
StartDocPrinterW
StartPagePrinter
WaitForPrinterChange
WritePrinter
XcvDataW
%\F\
%\F\$
%\F\,
%\F\
%\F\$
%\F\(
%\F\,
%\F\
%\F\(
%\F\
%\F\(
%\F\
%\F\(
%\F\L
%\F\P
%\F\T
\pipe\spoolss
mscn_np
DrvDocumentPropertySheets
DrvDocumentEvent
DrvDeviceCapabilities
ld64in32
ncalrpc
SHChangeNotify
DrvQueryColorProfile
YSetJob
YSetPort
YEndDocPrinter
YFlushPrinter
YDriverUnloadComplete
YGetPrinterDriverDirectory
YGetPrinterDriver2
YSeekPrinter
YWritePrinter
YSplReadPrinter
YReadPrinter
YGetPrinter
DevQueryPrint
DevQueryPrintEx
ConstructPrinterFriendlyName
DrvDevicePropertySheets
ConnectToPrinterDlg
compstui.dll
CommonPropertySheetUIW
DrvPrinterEvent
SpoolerCopyFileEvent
InitializePrintMonitorUI
PSetupShowBlockedDriverUI
DisassociateColorProfileFromDeviceW
AssociateColorProfileWithDeviceW
EnumColorProfilesW
GenerateCopyFilePaths
\spoolsv.exe
PrintProcCaps_NT EMF 1.008
PrintProcCaps_EMF
Security=Impersonation Dynamic False
NT Authority\SYSTEM
spoolss
ncalrpc
Windows NT x86
Windows
Device
Software\Microsoft\Windows NT\CurrentVersion
PrintTray_Notify_WndClass
shell32.dll
csrsrv.dll
Devices
PrinterPorts
Printers
DeviceOld
Windows 4.0
DRIVERS
ShellReadyEvent
Windows x64
Windows IA64
OSVersion
PrinterPropertiesPermission
MonitorUI
xXcvMonitor
XcvPort
Printers\DevModes2
OSVersionEx
FILE:
PRINTUI.DLL
printQueue
PerfCheckServiceDisabledInterval
SYSTEM\CurrentControlSet\Control\Print
EventLogLevel
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
Costly
Foreign
Global
_Total
SpoolerCtrs
CopyFiles
%s\%s
PRTPROCS
FILE:
%ws\splwow64.exe
Local\WinSpl64To32Mutex
%s_%x
splwow64
Module
CopyFiles\%s
CopyFiles
NETMSG.DLL
System\CurrentControlSet\Control\Print\Environments
system32\spool
Directory
WINDOWS.HLP
ntprint.dll
LDAP%ws
GC://
+<>#;"\
LDAP://%ws/%ws
LDAP://
(&(objectClass=printQueue)(uNCName=%ws))
GC://%ws
UNCName
ADsPath
versionNumber
printerName
uNCName
shortServerName
serverName
DsSpooler
priority
printSpooling
PrintWhileSpooling
PrintAfterSpooled
PrintDirect
printShareName
printSeparatorFile
printKeepPrintedJobs
printEndTime
printStartTime
portName
location
driverName
description
driverVersion
printPagesPerMinute
printRateUnit
PagesPerMinute
CharactersPerSecond
LinesPerMinute
InchesPerMinute
printRate
printLanguage
printMaxResolutionSupported
printOrientationsSupported
LANDSCAPE
PORTRAIT
printMemory
printMediaReady
printMediaSupported
printMinYExtent
printMinXExtent
printMaxYExtent
printMaxXExtent
printStaplingSupported
printDuplexSupported
printColor
printCollate
printBinNames
\\%s\%s
DNSMachineName
MajorVersion
mscms.dll
Spooler
ServicesActive
%s\%s%s
%ws\%ws
Module
Directory
Files
| 防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
|---|---|---|
| MicroWorld-eScan | 未发现病毒 | 20170928 |
| nProtect | 未发现病毒 | 20170928 |
| CMC | 未发现病毒 | 20170928 |
| CAT-QuickHeal | 未发现病毒 | 20170928 |
| McAfee | 未发现病毒 | 20170928 |
| Cylance | 未发现病毒 | 20170928 |
| Zillya | 未发现病毒 | 20170928 |
| TheHacker | 未发现病毒 | 20170928 |
| K7GW | 未发现病毒 | 20170928 |
| K7AntiVirus | 未发现病毒 | 20170928 |
| TrendMicro | 未发现病毒 | 20170928 |
| Baidu | 未发现病毒 | 20170928 |
| F-Prot | 未发现病毒 | 20170928 |
| Symantec | 未发现病毒 | 20170928 |
| TotalDefense | 未发现病毒 | 20170928 |
| TrendMicro-HouseCall | 未发现病毒 | 20170928 |
| Paloalto | 未发现病毒 | 20170928 |
| ClamAV | 未发现病毒 | 20170928 |
| Kaspersky | 未发现病毒 | 20170928 |
| BitDefender | 未发现病毒 | 20170928 |
| NANO-Antivirus | 未发现病毒 | 20170928 |
| ViRobot | 未发现病毒 | 20170928 |
| SUPERAntiSpyware | 未发现病毒 | 20170928 |
| Rising | 未发现病毒 | 20170928 |
| Ad-Aware | 未发现病毒 | 20170928 |
| Sophos | 未发现病毒 | 20170928 |
| Comodo | 未发现病毒 | 20170928 |
| F-Secure | 未发现病毒 | 20170928 |
| DrWeb | 未发现病毒 | 20170928 |
| VIPRE | 未发现病毒 | 20170928 |
| Invincea | 未发现病毒 | 20170914 |
| McAfee-GW-Edition | 未发现病毒 | 20170928 |
| Emsisoft | 未发现病毒 | 20170928 |
| SentinelOne | 未发现病毒 | 20170806 |
| Cyren | 未发现病毒 | 20170928 |
| Jiangmin | 未发现病毒 | 20170928 |
| Webroot | 未发现病毒 | 20170928 |
| Avira | 未发现病毒 | 20170928 |
| Fortinet | 未发现病毒 | 20170928 |
| Antiy-AVL | 未发现病毒 | 20170928 |
| Kingsoft | 未发现病毒 | 20170928 |
| Endgame | 未发现病毒 | 20170821 |
| Arcabit | 未发现病毒 | 20170928 |
| AegisLab | 未发现病毒 | 20170928 |
| ZoneAlarm | 未发现病毒 | 20170928 |
| Avast-Mobile | 未发现病毒 | 20170928 |
| Microsoft | 未发现病毒 | 20170928 |
| AhnLab-V3 | 未发现病毒 | 20170928 |
| ALYac | 未发现病毒 | 20170928 |
| AVware | 未发现病毒 | 20170928 |
| MAX | 未发现病毒 | 20170928 |
| VBA32 | 未发现病毒 | 20170928 |
| Malwarebytes | 未发现病毒 | 20170928 |
| WhiteArmor | 未发现病毒 | 20170927 |
| Panda | 未发现病毒 | 20170928 |
| Zoner | 未发现病毒 | 20170928 |
| ESET-NOD32 | 未发现病毒 | 20170928 |
| Tencent | 未发现病毒 | 20170928 |
| Yandex | 未发现病毒 | 20170908 |
| Ikarus | 未发现病毒 | 20170928 |
| GData | 未发现病毒 | 20170928 |
| AVG | 未发现病毒 | 20170928 |
| Avast | 未发现病毒 | 20170928 |
| CrowdStrike | 未发现病毒 | 20170804 |
| Qihoo-360 | 未发现病毒 | 20170928 |
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 11.826 seconds )
- 8.254 Suricata
- 1.318 VirusTotal
- 0.846 TargetInfo
- 0.569 Static
- 0.316 peid
- 0.227 NetworkAnalysis
- 0.186 AnalysisInfo
- 0.092 BehaviorAnalysis
- 0.012 Strings
- 0.003 Debug
- 0.003 Memory
Signatures ( 0.135 seconds )
- 0.023 antiav_detectreg
- 0.012 md_url_bl
- 0.009 infostealer_ftp
- 0.006 persistence_autorun
- 0.006 antiav_detectfile
- 0.006 infostealer_im
- 0.005 antianalysis_detectreg
- 0.005 md_domain_bl
- 0.005 ransomware_files
- 0.004 stealth_timeout
- 0.004 infostealer_bitcoin
- 0.004 infostealer_mail
- 0.004 md_bad_drop
- 0.004 ransomware_extensions
- 0.003 api_spamming
- 0.003 disables_browser_warn
- 0.002 rat_nanocore
- 0.002 tinba_behavior
- 0.002 betabot_behavior
- 0.002 decoy_document
- 0.002 cerber_behavior
- 0.002 antivm_vbox_files
- 0.002 geodo_banking_trojan
- 0.002 browser_security
- 0.001 reads_self
- 0.001 mimics_filetime
- 0.001 kibex_behavior
- 0.001 antivm_generic_scsi
- 0.001 shifu_behavior
- 0.001 antivm_generic_disk
- 0.001 ursnif_behavior
- 0.001 virus
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 modify_proxy
- 0.001 modify_uac_prompt
Reporting ( 0.534 seconds )
- 0.505 ReportHTMLSummary
- 0.029 Malheur
| Task ID | 162439 |
|---|---|
| Mongo ID | 5b03915fbb7d574503ff41a7 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号