分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2018-07-20 17:18:34 2018-07-20 17:21:13 159 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 tw.exe
文件大小 602115 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 b3f5cc64479f7dc4db5e69755f9144be
SHA1 26a40690fde63abb13fbcc60a2350feae7e3354d
SHA256 3bf02493e62a6d932d2c031da4267454dbeca20bd153bd73ad1ea2f984a2af01
SHA512 b91e29fdb097333342161d1b6efcf0d16619db87ceedda74eb4d04dfa8a647d6b6bb10722cb950cda496ee290696ee7bf54104b2658e314b7d749c242ba75082
CRC32 5CD92656
Ssdeep 3072:K8r2mh5VCD0v61UPGSFCEGIaZ7V4seBZOQhAszcXlDHnlZ3hjhYbG3odqqjcVAz/:vupE7a9VwxSLSd8nDogQCEvW3CV
Yara 登录查看Yara规则
样本下载 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004028e4
声明校验值 0x000952db
实际校验值 0x000a21ff
最低操作系统版本要求 4.0
编译时间 2006-12-30 00:23:00
载入哈希 5dc6c989af20992e72a090610971075f

版本信息

Translation
LegalCopyright
InternalName
FileVersion
CompanyName
LegalTrademarks
Comments
ProductName
ProductVersion
FileDescription
OriginalFilename

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0008c4b0 0x0008d000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 7.28
.data 0x0008e000 0x00001edc 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.rsrc 0x00090000 0x000032a4 0x00004000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.48

覆盖

偏移量 0x00093000
大小 0x00000003

导入

库: MSVBVM60.DLL:
0x401000 _CIcos
0x401004 _adj_fptan
0x401008 __vbaVarMove
0x40100c __vbaFreeVar
0x401010 __vbaStrVarMove
0x401014 None
0x401018 __vbaFreeVarList
0x40101c __vbaVarIdiv
0x401020 _adj_fdiv_m64
0x401024 None
0x401028 __vbaR8Sgn
0x40102c _adj_fprem1
0x401030 __vbaStrCat
0x401034 __vbaLsetFixstr
0x401038 __vbaSetSystemError
0x40103c None
0x401044 _adj_fdiv_m32
0x401048 None
0x40104c __vbaOnError
0x401050 _adj_fdiv_m16i
0x401054 __vbaObjSetAddref
0x401058 _adj_fdivr_m16i
0x40105c None
0x401060 None
0x401064 _CIsin
0x401068 None
0x40106c None
0x401070 None
0x401074 __vbaChkstk
0x401078 __vbaCyVar
0x40107c EVENT_SINK_AddRef
0x401080 __vbaStrCmp
0x401084 DllFunctionCall
0x401088 None
0x40108c _adj_fpatan
0x401090 __vbaLateIdCallLd
0x401094 None
0x401098 EVENT_SINK_Release
0x40109c _CIsqrt
0x4010a4 __vbaExceptHandler
0x4010a8 __vbaStrToUnicode
0x4010ac _adj_fprem
0x4010b0 _adj_fdivr_m64
0x4010b4 __vbaFPException
0x4010b8 _CIlog
0x4010bc None
0x4010c0 __vbaNew2
0x4010c4 None
0x4010c8 _adj_fdiv_m32i
0x4010cc _adj_fdivr_m32i
0x4010d0 __vbaStrCopy
0x4010d4 __vbaFreeStrList
0x4010d8 _adj_fdivr_m32
0x4010dc _adj_fdiv_r
0x4010e0 None
0x4010e4 __vbaI4Var
0x4010e8 None
0x4010ec __vbaLateMemCall
0x4010f0 __vbaStrToAnsi
0x4010f4 __vbaVarDup
0x4010f8 __vbaFpI4
0x4010fc _CIatan
0x401100 __vbaStrMove
0x401104 _allmul
0x401108 _CItan
0x40110c _CIexp
0x401110 __vbaFreeStr
0x401114 __vbaFreeObj

.text
`.data
.rsrc
MSVBVM60.DLL
Wheatbird7
VB5!6&*
Protothere0
Dialectal8
Wheatbird7
Arnstadt
Oncidium
Definebox
Usporeno
Nondiscovery4
Blueberries
Creophagia
Socialistic
Folmer
Sherardize
Foolproof
Electrofuse
Pedaler3
Shipowner
Vasoligation
Cercomonad2
Earthiness
Turkeys4
Lymangood2
Louta
Headrush0
Paswords
Velarde0
Unadopted7
Concinnous3
Hansson
Aushiri2
Lapeirousia
Unnicely
Strahl
Glimmerite
Haggadic2
Berretty7
Wheatbird7
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Timer5
Highlighted
Wordably6
Malikh2
Defats
Overbooming2
Consequently5
Gudget5
Mormyr
Intolerating2
Panay3
Casings
Giri2
Liothrix0
Seeker
Harbingers6
Farler0
Predates
Loused
Betelnuts
Zagorski7
Neoplasia
Hypoglottis0
Watu8
Moheli4
Piloerection
Tenancity
Thymelici
Operativity2
Nangimera6
Gadzooks3
Odontosis8
Alternately
Drammer
Presprinkle8
Whirled
Calcarate
Macgm
Fendall8
Planed6
Unpaintedly
Barabee7
Violation
Rinceau4
Truxilline
Germanics4
Msransi5
Tawite
Shimites
Behoney8
Supercargo
Abazin
Docetism
Songai
Subungual3
Heidt0
Ankaran
Waterfall
Raddb0
Unreave4
Isabelita
Romani3
Exoneural7
Mcauliffe
Butam
Anthophora
Airfields
Tankstan
Cooeying0
Pterographic0
Laudes
Mantachie
Fruitfulness
Skeltonic
Berber
Loewe
Disaffects3
Court
Tomarken
Atacamite
winspool.drv
AddMonitor_A
ADVAPI32.DLL
ChangeServiceConfig_A
Version32.dll
GetFileVersionInfoW
kernel32
RtlMoveMemory
GetFileVersionInfoSizeA
VerQueryValueW
user32
CallWindowProcA
ReleaseMutex
CreateMutexA
CloseHandle
PathName_X
VBA6.DLL
__vbaStrVarMove
__vbaR8Sgn
__vbaLateMemCall
__vbaObjSetAddref
__vbaVarIdiv
__vbaLateIdCallLd
__vbaLsetFixstr
__vbaStrCmp
__vbaStrCat
__vbaFpI4
__vbaOnError
__vbaCyVar
__vbaVarDup
__vbaFreeVarList
__vbaFreeObj
__vbaHresultCheckObj
__vbaNew2
__vbaFreeStr
__vbaFreeVar
__vbaFreeStrList
__vbaStrToUnicode
__vbaSetSystemError
__vbaStrToAnsi
__vbaVarMove
__vbaStrMove
__vbaI4Var
__vbaStrCopy
Arnstadt
Romea6
Romea6
Timer5
Oncidium
Mongibel8
jG%<@
pFa(+
yp!+
>SQY#
]*j0c
Keyboard drv
No Version Info available!
DOS-Win16
DOS-Win32
OS/2-16 PM-16
OS/2-16 PM-32
NT-Win32
Unknown
Driver
Printer drv
Language drv
Display drv
Mouse drv
Network drv
System drv
Installable
Sound drv
Comm drv
Raster Font
Vector Font
TrueType Font
Baskale
Slowotny6
Colorlessly2
Eunomia6
Unoffered0
Debera7
Overstriving1
Morespace
Latiner
Microstylis1
Trumpetry6
Kipskin
Grammalogue
Homonymy8
Walser
Hypnoidize0
Acrasia
Fellingbird1
Silk2
Jonsson
Sylvestrian6
Ressaut4
Ierne1
Parti
Plumularian7
Pamale
Polarward
Waloht5
Astroff6
Voneck
Stibine5
Floggers2
Luffa3
Sansculottes
Mozah
Tolkien
Substratums6
Alpid3
Staurotide
Imbrex
Monge8
Formagen
Massif5
Connie
Svedeniy
Noteholder
Exhumers0
Beglic
Centrodesmus6
Temiak
Procreation8
Averseness
Vincture
Reindue2
Unretinued3
Unguiltily
Ensilation
Tipsifier
Trifle1
Nationalmine0
Rightwards
Sneckdrawing3
Travestying
Yarahmadza
Erving1
Okhaldhunga
Hieing8
Demets3
Namblo
Unsloughing4
Tabitude
Chucklingly5
Somersetian1
Histoclastic
Hagrode
Uncinariatic
Compense0
Abacay
Hedke
Encephalin0
Tyche2
Extrados2
Frosted4
Covert
Urls4
Overstowed3
Sialis
Tapeless
Proponent8
Frough
Labrosaurid0
Jorey7
Gunwingguic
Ambuling
Maleinoid4
Bbtona0
Wastewater
Secretagogue0
Guarneri7
Coamings0
Theorization
Unbowing4
Bowatch2
Blears1
Historiette
Antra
Arvid7
Gambade
Revesz
Periphyse
Readvance
Farand
Alex2
Crebrity2
Mastalgia5
Showered
Carabus5
Sancho
Symbolizes
Ramet
Kneza8
Sheetwriting
Fibrofatty
Erythritic
Tobote3
Bestest0
Poler
Underarm
Extraquiz
Convexed2
Spikiness3
Cyprien3
Disinfestant6
Hassles
Buglial3
Soutendijk
Gabrielrache2
Antes
Okonyong
Gavidia
Multilinear8
Haploscopic8
Toric
Ungartered
Online7
Airmark4
Sewerless
Maykulan7
Newborns
Handling
Goebbels
Chilo
Chromaphil8
Wolins
Gruffed
Dryops0
Torrents2
Enlightened1
Finnmarks6
Collenchyme
Corneal4
Bobbery
Ponderay
Hyoglossus
Palityan0
Jeriah6
Potesta2
Mangkir6
Tincturing
Dibabaon7
Kinemometer8
Bookwork4
Preallotment6
Sarkar
Gentlemanism
Autosite
Fallscreek6
Rembrandtish0
Gilaki
Tropologic5
Yakov5
Tric4
Rumelian
Divernon8
Cobblestones0
Preopercle
Loadspecs4
Ravenously8
Overquickly
Ptochocracy0
Vegabaja
Logger8
Vozniknut
Nondangerous
Awadh
Redisperse1
Hardens
Seminific6
Phytotomist4
Novarro0
Myla7
Pneumonia5
Arnt1
Chittister5
Xploader5
Trembled
Salishan4
Intervallum
Acciaccatura
Saururaceae6
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20180718
MicroWorld-eScan Trojan.GenericKD.31099391 20180718
CMC 未发现病毒 20180717
CAT-QuickHeal 未发现病毒 20180718
ALYac Trojan.GenericKD.31099391 20180718
Cylance Unsafe 20180718
VIPRE 未发现病毒 20180718
SUPERAntiSpyware 未发现病毒 20180718
TheHacker 未发现病毒 20180716
K7GW Trojan ( 005379a61 ) 20180718
K7AntiVirus Trojan ( 005379a61 ) 20180718
Invincea heuristic 20180717
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180717
NANO-Antivirus 未发现病毒 20180718
Cyren W32/Fareit.FJ.gen!Eldorado 20180718
Symantec ML.Attribute.HighConfidence 20180718
TotalDefense 未发现病毒 20180718
TrendMicro-HouseCall TROJ_GEN.R020H0CGG18 20180718
Paloalto generic.ml 20180718
ClamAV 未发现病毒 20180717
Kaspersky Trojan.Win32.VBKrypt.zqmc 20180718
BitDefender Trojan.GenericKD.31099391 20180718
Babable 未发现病毒 20180406
AegisLab Troj.W32.Vbkrypt!c 20180718
Avast 未发现病毒 20180718
Tencent 未发现病毒 20180718
Ad-Aware Trojan.GenericKD.31099391 20180718
Sophos Mal/FareitVB-N 20180718
Comodo 未发现病毒 20180718
F-Secure Trojan.GenericKD.31099391 20180718
DrWeb Trojan.PWS.Stealer.1932 20180718
Zillya 未发现病毒 20180718
TrendMicro TSPY_HPFAREIT.SME 20180718
McAfee-GW-Edition BehavesLike.Win32.Fareit.hc 20180718
Emsisoft Trojan.Injector (A) 20180718
F-Prot W32/Fareit.FJ.gen!Eldorado 20180718
Jiangmin 未发现病毒 20180718
Webroot 未发现病毒 20180718
Avira 未发现病毒 20180718
Fortinet W32/GenKryptik.CFKT!tr 20180718
Antiy-AVL Trojan/Win32.VBKrypt 20180718
Kingsoft 未发现病毒 20180718
Endgame malicious (high confidence) 20180711
Arcabit 未发现病毒 20180718
ViRobot Trojan.Win32.Z.Fuerboos.602115 20180718
ZoneAlarm Trojan.Win32.VBKrypt.zqmc 20180718
Avast-Mobile 未发现病毒 20180718
Microsoft 未发现病毒 20180718
TACHYON 未发现病毒 20180718
AhnLab-V3 Trojan/Win32.VBInject.R231852 20180718
McAfee 未发现病毒 20180718
AVware 未发现病毒 20180718
MAX malware (ai score=98) 20180718
VBA32 BScope.Trojan.Fuerboos 20180718
Malwarebytes Trojan.MalPack.VB 20180718
Zoner 未发现病毒 20180717
ESET-NOD32 a variant of Win32/Injector.DZGH 20180718
Rising Trojan.Injector!8.C4 (CLOUD) 20180718
Yandex 未发现病毒 20180717
SentinelOne static engine - malicious 20180701
eGambit 未发现病毒 20180718
GData Trojan.GenericKD.31099391 20180718
AVG 未发现病毒 20180718
Cybereason 未发现病毒 20180225
Panda 未发现病毒 20180718
CrowdStrike malicious_confidence_60% (D) 20180530
Qihoo-360 HEUR/QVM03.0.8ADB.Malware.Gen 20180718

进程树


tw.exe, PID: 1888, 上一级进程 PID: 1520

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 18.858 seconds )

  • 11.905 Suricata
  • 2.435 Static
  • 1.88 TargetInfo
  • 1.362 VirusTotal
  • 0.469 peid
  • 0.404 AnalysisInfo
  • 0.241 NetworkAnalysis
  • 0.083 Debug
  • 0.058 BehaviorAnalysis
  • 0.015 Strings
  • 0.005 Memory
  • 0.001 config_decoder

Signatures ( 0.302 seconds )

  • 0.139 md_bad_drop
  • 0.022 md_url_bl
  • 0.019 antiav_detectreg
  • 0.013 md_domain_bl
  • 0.009 infostealer_ftp
  • 0.008 antiav_detectfile
  • 0.007 persistence_autorun
  • 0.007 ransomware_extensions
  • 0.007 ransomware_files
  • 0.005 infostealer_bitcoin
  • 0.005 infostealer_im
  • 0.004 antianalysis_detectreg
  • 0.004 disables_browser_warn
  • 0.004 infostealer_mail
  • 0.003 rat_nanocore
  • 0.003 tinba_behavior
  • 0.003 antivm_vbox_files
  • 0.003 geodo_banking_trojan
  • 0.002 antiemu_wine_func
  • 0.002 cerber_behavior
  • 0.002 stealth_timeout
  • 0.002 modify_proxy
  • 0.002 browser_security
  • 0.002 modify_uac_prompt
  • 0.001 network_tor
  • 0.001 api_spamming
  • 0.001 betabot_behavior
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 infostealer_browser_password
  • 0.001 ursnif_behavior
  • 0.001 decoy_document
  • 0.001 kovter_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 modify_security_center_warnings
  • 0.001 office_security
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications

Reporting ( 1.029 seconds )

  • 0.669 ReportHTMLSummary
  • 0.36 Malheur
Task ID 171245
Mongo ID 5b51a99f2e063307ef3390d0
Cuckoo release 1.4-Maldun