比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp01-1 2018-07-04 00:54:22 2018-07-04 00:56:44 142 秒

魔盾分数

8.0

危险的

文件详细信息

文件名 乱世0704.exe
文件大小 8458240 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 7ddfeecb62925700e40f9f9ceb5aed1b
SHA1 e7fb372d18a38f137096e72a6b3dddbbf902b46f
SHA256 bff799322df6770dbdef7ffbcf7c3f9333527a36d218c256f6cc5e5bcf5deed1
SHA512 a46d6285ff609d1440847a26de8849026bbd5e906d4ec7fa708acd9e3f68de17fce2fc1f228e69eabb9a43495b236adfe47f434088b079f50eaf4d1d9a8504e9
CRC32 F3790AEB
Ssdeep 196608:FND60TK3LxBuMYNLLfU8pzs5PSglM0LNPy8DpZ+C22:XlTKqPNfc89s5PSgxLcypr22
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0048be86
声明校验值 0x00000000
实际校验值 0x008113cc
最低操作系统版本要求 4.0
编译时间 2018-07-03 19:35:34
载入哈希 2b1044c303653d8817face314fba5982
图标
图标精确哈希值 dbabcfb1201512b755fb8c7826c706de
图标相似性哈希值 89f46faa6f05fa62730e8fee39f7f7d0

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000aa5fa 0x000ab000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.63
.rdata 0x000ac000 0x0074278a 0x00743000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.96
.data 0x007ef000 0x0004330a 0x0001c000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.98
.rsrc 0x00833000 0x00005f10 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.30

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TEXTINCLUDE 0x00833bc0 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x00833bc0 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x00833bc0 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
RT_CURSOR 0x008340b0 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x008340b0 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x008340b0 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x008340b0 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_BITMAP 0x008357b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x008357b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x008357b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x008357b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x008357b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x008357b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x008357b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x008357b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x008357b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x008357b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x008357b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x008357b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x008357b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x008357b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_ICON 0x00835d0c 0x000010a8 LANG_NEUTRAL SUBLANG_NEUTRAL 6.65 dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4279972420, next used block 4279381824
RT_ICON 0x00835d0c 0x000010a8 LANG_NEUTRAL SUBLANG_NEUTRAL 6.65 dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4279972420, next used block 4279381824
RT_ICON 0x00835d0c 0x000010a8 LANG_NEUTRAL SUBLANG_NEUTRAL 6.65 dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4279972420, next used block 4279381824
RT_MENU 0x00836dc0 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_MENU 0x00836dc0 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_DIALOG 0x00838008 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00838008 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00838008 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00838008 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00838008 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00838008 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00838008 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00838008 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00838008 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00838008 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_STRING 0x00838a50 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00838a50 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00838a50 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00838a50 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00838a50 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00838a50 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00838a50 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00838a50 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00838a50 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00838a50 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00838a50 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_GROUP_CURSOR 0x00838a9c 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x00838a9c 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x00838a9c 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON 0x00838ae8 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x00838ae8 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x00838ae8 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION 0x00838afc 0x00000244 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.82 data
RT_MANIFEST 0x00838d40 0x000001cd LANG_NEUTRAL SUBLANG_NEUTRAL 5.08 XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: WINMM.dll:
0x4ac648 midiStreamOut
0x4ac658 waveOutWrite
0x4ac65c waveOutPause
0x4ac660 waveOutReset
0x4ac664 waveOutClose
0x4ac668 waveOutGetNumDevs
0x4ac66c waveOutOpen
0x4ac670 midiStreamStop
0x4ac674 midiOutReset
0x4ac678 midiStreamClose
0x4ac67c midiStreamRestart
0x4ac684 midiStreamOpen
0x4ac688 midiStreamProperty
库: WS2_32.dll:
0x4ac6a0 WSACleanup
0x4ac6a4 closesocket
0x4ac6a8 getpeername
0x4ac6ac accept
0x4ac6b0 WSAAsyncSelect
0x4ac6b4 recvfrom
0x4ac6b8 ioctlsocket
0x4ac6bc inet_ntoa
0x4ac6c0 recv
库: KERNEL32.dll:
0x4ac178 GetSystemDirectoryA
0x4ac17c MultiByteToWideChar
0x4ac180 SetLastError
0x4ac188 GetVersion
0x4ac18c WideCharToMultiByte
0x4ac198 GetSystemInfo
0x4ac19c lstrcmpiA
0x4ac1a4 GetACP
0x4ac1a8 HeapSize
0x4ac1ac RaiseException
0x4ac1b0 GetLocalTime
0x4ac1b4 GetSystemTime
0x4ac1b8 RtlUnwind
0x4ac1bc GetStartupInfoA
0x4ac1c0 GetOEMCP
0x4ac1c4 GetCPInfo
0x4ac1c8 GetProcessVersion
0x4ac1cc SetErrorMode
0x4ac1d0 GlobalFlags
0x4ac1d4 GetCurrentThread
0x4ac1d8 GetFileTime
0x4ac1dc TlsGetValue
0x4ac1e0 LocalReAlloc
0x4ac1e4 TlsSetValue
0x4ac1e8 TlsFree
0x4ac1ec GlobalHandle
0x4ac1f0 TlsAlloc
0x4ac1f4 LocalAlloc
0x4ac1f8 lstrcmpA
0x4ac1fc GlobalGetAtomNameA
0x4ac200 GlobalAddAtomA
0x4ac204 GlobalFindAtomA
0x4ac208 GlobalDeleteAtom
0x4ac20c SetEndOfFile
0x4ac210 UnlockFile
0x4ac214 LockFile
0x4ac218 FlushFileBuffers
0x4ac21c DuplicateHandle
0x4ac220 lstrcpynA
0x4ac22c LocalFree
0x4ac230 TerminateProcess
0x4ac234 GetCurrentProcess
0x4ac238 GetFileSize
0x4ac23c SetFilePointer
0x4ac244 Process32First
0x4ac248 Process32Next
0x4ac24c CreateSemaphoreA
0x4ac250 ResumeThread
0x4ac254 ReleaseSemaphore
0x4ac260 GetProfileStringA
0x4ac264 WriteFile
0x4ac268 ReadFile
0x4ac270 CreateFileA
0x4ac274 SetEvent
0x4ac278 FindResourceA
0x4ac27c LoadResource
0x4ac280 LockResource
0x4ac284 lstrlenW
0x4ac288 GetModuleFileNameA
0x4ac28c GetCurrentThreadId
0x4ac290 ExitProcess
0x4ac294 GlobalSize
0x4ac298 GlobalFree
0x4ac2a4 lstrcatA
0x4ac2a8 lstrlenA
0x4ac2ac WinExec
0x4ac2b0 lstrcpyA
0x4ac2b4 InterlockedExchange
0x4ac2b8 FindNextFileA
0x4ac2bc GlobalReAlloc
0x4ac2c0 HeapFree
0x4ac2c4 HeapReAlloc
0x4ac2c8 GetProcessHeap
0x4ac2cc HeapAlloc
0x4ac2d0 GetUserDefaultLCID
0x4ac2d4 GetFullPathNameA
0x4ac2d8 FreeLibrary
0x4ac2dc LoadLibraryA
0x4ac2e0 GetLastError
0x4ac2e4 GetVersionExA
0x4ac2ec CreateThread
0x4ac2f0 CreateEventA
0x4ac2f4 Sleep
0x4ac2f8 GlobalAlloc
0x4ac2fc GlobalLock
0x4ac300 GlobalUnlock
0x4ac304 FindFirstFileA
0x4ac308 FindClose
0x4ac30c SetFileAttributesA
0x4ac310 GetFileAttributesA
0x4ac31c GetModuleHandleA
0x4ac320 GetProcAddress
0x4ac324 MulDiv
0x4ac328 GetCommandLineA
0x4ac32c GetTickCount
0x4ac330 CreateProcessA
0x4ac334 WaitForSingleObject
0x4ac338 CloseHandle
0x4ac34c SetHandleCount
0x4ac350 GetStdHandle
0x4ac354 GetFileType
0x4ac35c HeapDestroy
0x4ac360 HeapCreate
0x4ac364 VirtualFree
0x4ac36c LCMapStringA
0x4ac370 LCMapStringW
0x4ac374 VirtualAlloc
0x4ac378 IsBadWritePtr
0x4ac380 GetStringTypeA
0x4ac384 GetStringTypeW
0x4ac388 CompareStringA
0x4ac38c CompareStringW
0x4ac390 IsBadReadPtr
0x4ac394 IsBadCodePtr
0x4ac398 SetStdHandle
库: USER32.dll:
0x4ac3d8 SetFocus
0x4ac3dc IsIconic
0x4ac3e0 PeekMessageA
0x4ac3e4 SetMenu
0x4ac3e8 GetMenu
0x4ac3ec GetActiveWindow
0x4ac3f0 GetWindow
0x4ac3f8 SetWindowRgn
0x4ac3fc GetMessagePos
0x4ac400 ScreenToClient
0x4ac408 CopyRect
0x4ac40c DeleteMenu
0x4ac410 GetSystemMenu
0x4ac414 DefWindowProcA
0x4ac418 GetClassInfoA
0x4ac41c IsZoomed
0x4ac420 PostQuitMessage
0x4ac428 GetKeyState
0x4ac430 IsWindowEnabled
0x4ac434 ShowWindow
0x4ac43c LoadImageA
0x4ac444 ClientToScreen
0x4ac448 EnableMenuItem
0x4ac44c GetSubMenu
0x4ac450 GetDlgCtrlID
0x4ac458 CreateMenu
0x4ac45c ModifyMenuA
0x4ac460 AppendMenuA
0x4ac464 LoadBitmapA
0x4ac468 WinHelpA
0x4ac46c KillTimer
0x4ac470 SetTimer
0x4ac474 ReleaseCapture
0x4ac478 GetCapture
0x4ac47c SetCapture
0x4ac480 GetScrollRange
0x4ac484 SetScrollRange
0x4ac488 SetScrollPos
0x4ac48c SetRect
0x4ac490 InflateRect
0x4ac494 IntersectRect
0x4ac498 DestroyIcon
0x4ac49c PtInRect
0x4ac4a0 GetSysColorBrush
0x4ac4a4 OffsetRect
0x4ac4a8 IsWindowVisible
0x4ac4ac EnableWindow
0x4ac4b0 RedrawWindow
0x4ac4b4 GetWindowLongA
0x4ac4b8 SetWindowLongA
0x4ac4bc GetSysColor
0x4ac4c0 SetActiveWindow
0x4ac4c4 SetCursorPos
0x4ac4c8 LoadCursorA
0x4ac4cc SetCursor
0x4ac4d0 GetDC
0x4ac4d4 FillRect
0x4ac4d8 IsRectEmpty
0x4ac4dc ReleaseDC
0x4ac4e0 IsChild
0x4ac4e4 DestroyMenu
0x4ac4e8 SetForegroundWindow
0x4ac4ec GetWindowRect
0x4ac4f0 EqualRect
0x4ac4f4 UpdateWindow
0x4ac4f8 ValidateRect
0x4ac4fc InvalidateRect
0x4ac500 GetClientRect
0x4ac504 GetFocus
0x4ac508 GetParent
0x4ac50c GetTopWindow
0x4ac510 PostMessageA
0x4ac514 IsWindow
0x4ac518 SetParent
0x4ac51c DestroyCursor
0x4ac520 SendMessageA
0x4ac524 SetWindowPos
0x4ac528 MessageBoxA
0x4ac52c GetCursorPos
0x4ac530 GetSystemMetrics
0x4ac534 EmptyClipboard
0x4ac538 SetClipboardData
0x4ac53c OpenClipboard
0x4ac540 GetClipboardData
0x4ac544 CloseClipboard
0x4ac548 wsprintfA
0x4ac54c WaitForInputIdle
0x4ac550 DrawIconEx
0x4ac560 SetRectEmpty
0x4ac564 DispatchMessageA
0x4ac568 GetMessageA
0x4ac56c WindowFromPoint
0x4ac570 DrawFocusRect
0x4ac574 DrawEdge
0x4ac578 DrawFrameControl
0x4ac57c LoadIconA
0x4ac580 TranslateMessage
0x4ac584 GetDesktopWindow
0x4ac588 GetClassNameA
0x4ac58c GetDlgItem
0x4ac590 GetWindowTextA
0x4ac594 GetForegroundWindow
0x4ac598 UnregisterClassA
0x4ac59c CreatePopupMenu
0x4ac5a4 CharUpperA
0x4ac5a8 GetWindowDC
0x4ac5ac BeginPaint
0x4ac5b0 EndPaint
0x4ac5b4 TabbedTextOutA
0x4ac5b8 DrawTextA
0x4ac5bc GrayStringA
0x4ac5c0 DestroyWindow
0x4ac5c8 EndDialog
0x4ac5cc GetNextDlgTabItem
0x4ac5d0 GetWindowPlacement
0x4ac5d8 GetLastActivePopup
0x4ac5dc GetMessageTime
0x4ac5e0 RemovePropA
0x4ac5e4 CallWindowProcA
0x4ac5e8 GetPropA
0x4ac5ec UnhookWindowsHookEx
0x4ac5f0 SetPropA
0x4ac5f4 GetClassLongA
0x4ac5f8 CallNextHookEx
0x4ac5fc SetWindowsHookExA
0x4ac600 CreateWindowExA
0x4ac604 GetMenuItemID
0x4ac608 GetMenuItemCount
0x4ac60c RegisterClassA
0x4ac610 GetScrollPos
0x4ac614 AdjustWindowRectEx
0x4ac618 MapWindowPoints
0x4ac61c SendDlgItemMessageA
0x4ac620 ScrollWindowEx
0x4ac624 IsDialogMessageA
0x4ac628 SetWindowTextA
0x4ac62c MoveWindow
0x4ac630 CheckMenuItem
0x4ac634 SetMenuItemBitmaps
0x4ac638 GetMenuState
0x4ac640 LoadStringA
库: GDI32.dll:
0x4ac02c Escape
0x4ac030 ExtTextOutA
0x4ac034 TextOutA
0x4ac038 RectVisible
0x4ac03c PtVisible
0x4ac040 GetViewportExtEx
0x4ac044 ExtSelectClipRgn
0x4ac048 EndDoc
0x4ac04c DeleteDC
0x4ac050 StartDocA
0x4ac054 StartPage
0x4ac058 BitBlt
0x4ac05c CreateCompatibleDC
0x4ac060 Ellipse
0x4ac064 Rectangle
0x4ac068 LPtoDP
0x4ac06c DPtoLP
0x4ac070 GetCurrentObject
0x4ac074 RoundRect
0x4ac078 GetTextMetricsA
0x4ac080 GetDeviceCaps
0x4ac084 CreatePolygonRgn
0x4ac088 GetClipRgn
0x4ac08c SetStretchBltMode
0x4ac094 SetBkColor
0x4ac098 LineTo
0x4ac09c MoveToEx
0x4ac0a0 ExcludeClipRect
0x4ac0a4 GetClipBox
0x4ac0a8 ScaleWindowExtEx
0x4ac0ac SetWindowExtEx
0x4ac0b0 SetWindowOrgEx
0x4ac0b4 EndPage
0x4ac0b8 GetObjectA
0x4ac0bc GetStockObject
0x4ac0c0 CreateFontIndirectA
0x4ac0c4 CreateSolidBrush
0x4ac0c8 FillRgn
0x4ac0cc CreateRectRgn
0x4ac0d0 CombineRgn
0x4ac0d4 PatBlt
0x4ac0d8 CreatePen
0x4ac0dc SelectObject
0x4ac0e0 CreateBitmap
0x4ac0e4 CreateDCA
0x4ac0ec GetPolyFillMode
0x4ac0f0 GetStretchBltMode
0x4ac0f4 GetROP2
0x4ac0f8 GetBkColor
0x4ac0fc GetBkMode
0x4ac100 GetTextColor
0x4ac104 CreateRoundRectRgn
0x4ac108 CreateEllipticRgn
0x4ac10c PathToRegion
0x4ac110 EndPath
0x4ac114 BeginPath
0x4ac118 ScaleViewportExtEx
0x4ac11c SetViewportExtEx
0x4ac120 OffsetViewportOrgEx
0x4ac124 SetViewportOrgEx
0x4ac128 SetMapMode
0x4ac12c SetTextColor
0x4ac130 SetROP2
0x4ac134 SetPolyFillMode
0x4ac138 GetWindowOrgEx
0x4ac13c GetViewportOrgEx
0x4ac140 GetWindowExtEx
0x4ac144 GetDIBits
0x4ac148 RealizePalette
0x4ac14c SelectClipRgn
0x4ac150 StretchBlt
0x4ac154 CreatePalette
0x4ac15c CreateDIBitmap
0x4ac160 SelectPalette
0x4ac164 SetBkMode
0x4ac168 RestoreDC
0x4ac16c SaveDC
0x4ac170 DeleteObject
库: WINSPOOL.DRV:
0x4ac690 OpenPrinterA
0x4ac694 DocumentPropertiesA
0x4ac698 ClosePrinter
库: ADVAPI32.dll:
0x4ac000 RegQueryValueExA
0x4ac004 RegOpenKeyExA
0x4ac008 RegSetValueExA
0x4ac00c RegQueryValueA
0x4ac010 RegCreateKeyExA
0x4ac014 RegOpenKeyA
0x4ac018 RegCloseKey
库: SHELL32.dll:
0x4ac3cc ShellExecuteA
0x4ac3d0 Shell_NotifyIconA
库: ole32.dll:
0x4ac6dc CLSIDFromProgID
0x4ac6e0 OleRun
0x4ac6e4 CoCreateInstance
0x4ac6e8 CLSIDFromString
0x4ac6ec OleUninitialize
0x4ac6f0 OleInitialize
库: OLEAUT32.dll:
0x4ac3a4 VariantChangeType
0x4ac3a8 VariantClear
0x4ac3ac UnRegisterTypeLib
0x4ac3b0 LoadTypeLib
0x4ac3b4 LHashValOfNameSys
0x4ac3b8 RegisterTypeLib
0x4ac3bc SysAllocString
0x4ac3c0 VariantInit
0x4ac3c4 VariantCopyInd
库: COMCTL32.dll:
0x4ac020 None
0x4ac024 ImageList_Destroy
库: comdlg32.dll:
0x4ac6c8 ChooseColorA
0x4ac6cc GetFileTitleA
0x4ac6d0 GetSaveFileNameA
0x4ac6d4 GetOpenFileNameA
.text
`.rdata
@.data
.rsrc
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
8`}<j
T$hVj
DRQPj
T$|Vj
T$th
|$TVj
jjjjh
没有防病毒引擎扫描信息!

进程树

______0704.exe, PID: 1808, 上一级进程 PID: 1872
regsvr32.exe, PID: 1524, 上一级进程 PID: 1808
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
文件名 eylogin.dll
相关文件
C:\Users\test\AppData\Local\Temp\eylogin.dll
文件大小 2242560 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 3bdb92b38bdc6a5702ec1454534d0951
SHA1 9276b0c8de889744fcdf34e7c81e158830b8bcbb
SHA256 25ba0f3a0f6ddb0e9b0078640a8a2a2bf7e8948e0579d2080379debc8a272681
CRC32 E0CFBC8C
Ssdeep 49152:TFaPO+wdxES1YkPLCenZ05J8bIKSQ9uiij4DoUp5Z6ZsuVxzVYyIJaczFwx:TMGLd51YkPu4cJMGBj4DhDZANxBYts
魔盾安全分析结果 10.0分析时间:2018-05-19 13:45:37查看分析报告
下载提交魔盾安全分析
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 32.581 seconds )

  • 11.17 VirusTotal
  • 7.461 TargetInfo
  • 7.349 Suricata
  • 5.049 Static
  • 0.747 peid
  • 0.276 BehaviorAnalysis
  • 0.219 NetworkAnalysis
  • 0.186 AnalysisInfo
  • 0.097 Dropped
  • 0.014 config_decoder
  • 0.009 Strings
  • 0.002 Debug
  • 0.002 Memory

Signatures ( 0.21 seconds )

  • 0.031 antiav_detectreg
  • 0.013 stealth_timeout
  • 0.013 infostealer_ftp
  • 0.011 md_url_bl
  • 0.01 api_spamming
  • 0.008 persistence_autorun
  • 0.008 decoy_document
  • 0.007 infostealer_im
  • 0.007 md_bad_drop
  • 0.006 antianalysis_detectreg
  • 0.006 antiav_detectfile
  • 0.005 md_domain_bl
  • 0.005 ransomware_files
  • 0.004 antiemu_wine_func
  • 0.004 infostealer_bitcoin
  • 0.004 infostealer_mail
  • 0.004 ransomware_extensions
  • 0.003 infostealer_browser_password
  • 0.003 antidbg_windows
  • 0.003 kovter_behavior
  • 0.003 antivm_vbox_files
  • 0.003 geodo_banking_trojan
  • 0.003 disables_browser_warn
  • 0.002 rat_nanocore
  • 0.002 tinba_behavior
  • 0.002 reads_self
  • 0.002 betabot_behavior
  • 0.002 mimics_filetime
  • 0.002 stealth_file
  • 0.002 antivm_vbox_libs
  • 0.002 antivm_generic_scsi
  • 0.002 antivm_generic_disk
  • 0.002 cerber_behavior
  • 0.002 modify_proxy
  • 0.002 browser_security
  • 0.001 bootkit
  • 0.001 hancitor_behavior
  • 0.001 antiav_avast_libs
  • 0.001 infostealer_browser
  • 0.001 injection_createremotethread
  • 0.001 antivm_generic_services
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 ursnif_behavior
  • 0.001 virus
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 darkcomet_regkeys
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 modify_uac_prompt

Reporting ( 0.497 seconds )

  • 0.487 ReportHTMLSummary
  • 0.01 Malheur
Task ID 168166
Mongo ID 5b3baaf2bb7d5748890595f6
Cuckoo release 1.4-Maldun