分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp01-1 | 2018-07-20 17:48:09 | 2018-07-20 17:50:30 | 141 秒 |
魔盾分数
10.0
Pony病毒
文件详细信息
| 文件名 | 0716(21).exe |
|---|---|
| 文件大小 | 568835 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | f6ac15e4ed8e101dc67b132db5d79c0f |
| SHA1 | 5ccbc5e9fa20fc9784daa85a7c19d481d63c64cc |
| SHA256 | 35988d9b977160ae55229eb4fd647de0790701624f7c63990ebcf63f9487859f |
| SHA512 | 490231e2dd241022aa14fab9c345cd4b082175250d57ae55e82e2b905abfb329366c5924964e2d29d93db805c0574e0c5e30b024a7bd1e977a2eee28cc6bf1df |
| CRC32 | 292B61CA |
| Ssdeep | 12288:xq1rB8lP19eSBnW2NQ73XmfqStsGj30d3No:QJm19eSo4Q732ch3S |
| Yara | 登录查看Yara规则 |
| 样本下载 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
| 域名 | 安全评级 | 响应 |
|---|---|---|
| glandex.ml | NXDOMAIN |
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x0045e728 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x0008c59e |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 1992-04-12 05:10:37 |
| 载入哈希 | 505b471e8b26a20922ce343cf680d8de |
| 图标 |  |
| 图标精确哈希值 | 5ef96c3e63137380016689bf0b066a38 |
| 图标相似性哈希值 | 10bf03e51d8cc0aec686c0b1e709072d |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| CODE | 0x00001000 | 0x0005d770 | 0x0005d800 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.64 |
| DATA | 0x0005f000 | 0x0000196c | 0x00001a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.50 |
| BSS | 0x00061000 | 0x00000df5 | 0x00000000 | IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .idata | 0x00062000 | 0x00002054 | 0x00002200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.89 |
| .tls | 0x00065000 | 0x00000010 | 0x00000000 | IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .rdata | 0x00066000 | 0x00000018 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ | 0.21 |
| .reloc | 0x00067000 | 0x00006cfc | 0x00006e00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ | 6.63 |
| .rsrc | 0x0006e000 | 0x000225c4 | 0x00022600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ | 7.04 |
覆盖
| 偏移量 | 0x0008ae00 |
| 大小 | 0x00000003 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| RT_CURSOR | 0x0006f7b0 | 0x00000134 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.92 | data |
| RT_CURSOR | 0x0006f7b0 | 0x00000134 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.92 | data |
| RT_CURSOR | 0x0006f7b0 | 0x00000134 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.92 | data |
| RT_CURSOR | 0x0006f7b0 | 0x00000134 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.92 | data |
| RT_CURSOR | 0x0006f7b0 | 0x00000134 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.92 | data |
| RT_CURSOR | 0x0006f7b0 | 0x00000134 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.92 | data |
| RT_CURSOR | 0x0006f7b0 | 0x00000134 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.92 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_BITMAP | 0x000897b4 | 0x00000fd2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.66 | data |
| RT_ICON | 0x0008a788 | 0x000025a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.05 | data |
| RT_DIALOG | 0x0008cd30 | 0x00000052 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.56 | data |
| RT_STRING | 0x0008fc54 | 0x000002c4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.17 | data |
| RT_STRING | 0x0008fc54 | 0x000002c4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.17 | data |
| RT_STRING | 0x0008fc54 | 0x000002c4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.17 | data |
| RT_STRING | 0x0008fc54 | 0x000002c4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.17 | data |
| RT_STRING | 0x0008fc54 | 0x000002c4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.17 | data |
| RT_STRING | 0x0008fc54 | 0x000002c4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.17 | data |
| RT_STRING | 0x0008fc54 | 0x000002c4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.17 | data |
| RT_STRING | 0x0008fc54 | 0x000002c4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.17 | data |
| RT_STRING | 0x0008fc54 | 0x000002c4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.17 | data |
| RT_STRING | 0x0008fc54 | 0x000002c4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.17 | data |
| RT_STRING | 0x0008fc54 | 0x000002c4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.17 | data |
| RT_STRING | 0x0008fc54 | 0x000002c4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.17 | data |
| RT_STRING | 0x0008fc54 | 0x000002c4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.17 | data |
| RT_STRING | 0x0008fc54 | 0x000002c4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.17 | data |
| RT_STRING | 0x0008fc54 | 0x000002c4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.17 | data |
| RT_STRING | 0x0008fc54 | 0x000002c4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.17 | data |
| RT_STRING | 0x0008fc54 | 0x000002c4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.17 | data |
| RT_STRING | 0x0008fc54 | 0x000002c4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.17 | data |
| RT_STRING | 0x0008fc54 | 0x000002c4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.17 | data |
| RT_STRING | 0x0008fc54 | 0x000002c4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.17 | data |
| RT_STRING | 0x0008fc54 | 0x000002c4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.17 | data |
| RT_RCDATA | 0x00090264 | 0x000002bd | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.53 | Delphi compiled form 'TForm1' |
| RT_RCDATA | 0x00090264 | 0x000002bd | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.53 | Delphi compiled form 'TForm1' |
| RT_RCDATA | 0x00090264 | 0x000002bd | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.53 | Delphi compiled form 'TForm1' |
| RT_GROUP_CURSOR | 0x0009059c | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x0009059c | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x0009059c | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x0009059c | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x0009059c | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x0009059c | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x0009059c | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
| RT_GROUP_ICON | 0x000905b0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.02 | MS Windows icon resource - 1 icon, 48x96 |
导入
库: kernel32.dll:
• 0x46212c DeleteCriticalSection
• 0x462130 LeaveCriticalSection
• 0x462134 EnterCriticalSection
• 0x462138 InitializeCriticalSection
• 0x46213c VirtualFree
• 0x462140 VirtualAlloc
• 0x462144 LocalFree
• 0x462148 LocalAlloc
• 0x46214c GetVersion
• 0x462150 GetCurrentThreadId
• 0x462154 InterlockedDecrement
• 0x462158 InterlockedIncrement
• 0x46215c VirtualQuery
• 0x462160 WideCharToMultiByte
• 0x462164 MultiByteToWideChar
• 0x462168 lstrlenA
• 0x46216c lstrcpynA
• 0x462170 LoadLibraryExA
• 0x462174 GetThreadLocale
• 0x462178 GetStartupInfoA
• 0x46217c GetProcAddress
• 0x462180 GetModuleHandleA
• 0x462184 GetModuleFileNameA
• 0x462188 GetLocaleInfoA
• 0x46218c GetCommandLineA
• 0x462190 FreeLibrary
• 0x462194 FindFirstFileA
• 0x462198 FindClose
• 0x46219c ExitProcess
• 0x4621a0 WriteFile
• 0x4621a4 UnhandledExceptionFilter
• 0x4621a8 RtlUnwind
• 0x4621ac RaiseException
• 0x4621b0 GetStdHandle
库: user32.dll:
• 0x4621b8 GetKeyboardType
• 0x4621bc LoadStringA
• 0x4621c0 MessageBoxA
• 0x4621c4 CharNextA
库: oleaut32.dll:
• 0x4621dc SysFreeString
• 0x4621e0 SysReAllocStringLen
• 0x4621e4 SysAllocStringLen
库: kernel32.dll:
• 0x4621ec TlsSetValue
• 0x4621f0 TlsGetValue
• 0x4621f4 LocalAlloc
• 0x4621f8 GetModuleHandleA
库: kernel32.dll:
• 0x462210 lstrcpyA
• 0x462214 WriteFile
• 0x462218 WaitForSingleObject
• 0x46221c VirtualQuery
• 0x462220 VirtualAlloc
• 0x462224 Sleep
• 0x462228 SizeofResource
• 0x46222c SetThreadLocale
• 0x462230 SetFilePointer
• 0x462234 SetEvent
• 0x462238 SetErrorMode
• 0x46223c SetEndOfFile
• 0x462240 ResetEvent
• 0x462244 ReadFile
• 0x462248 MulDiv
• 0x46224c LockResource
• 0x462250 LoadResource
• 0x462254 LoadLibraryA
• 0x462258 LeaveCriticalSection
• 0x46225c InitializeCriticalSection
• 0x462260 GlobalUnlock
• 0x462264 GlobalReAlloc
• 0x462268 GlobalHandle
• 0x46226c GlobalLock
• 0x462270 GlobalFree
• 0x462274 GlobalFindAtomA
• 0x462278 GlobalDeleteAtom
• 0x46227c GlobalAlloc
• 0x462280 GlobalAddAtomA
• 0x462284 GetVersionExA
• 0x462288 GetVersion
• 0x46228c GetTickCount
• 0x462290 GetThreadLocale
• 0x462294 GetTempPathA
• 0x462298 GetSystemInfo
• 0x46229c GetStringTypeExA
• 0x4622a0 GetStdHandle
• 0x4622a4 GetProcAddress
• 0x4622a8 GetModuleHandleA
• 0x4622ac GetModuleFileNameA
• 0x4622b0 GetLocaleInfoA
• 0x4622b4 GetLocalTime
• 0x4622b8 GetLastError
• 0x4622bc GetFullPathNameA
• 0x4622c0 GetFileSize
• 0x4622c4 GetDiskFreeSpaceA
• 0x4622c8 GetDateFormatA
• 0x4622cc GetCurrentThreadId
• 0x4622d0 GetCurrentProcessId
• 0x4622d4 GetCPInfo
• 0x4622d8 GetACP
• 0x4622dc FreeResource
• 0x4622e0 InterlockedExchange
• 0x4622e4 FreeLibrary
• 0x4622e8 FormatMessageA
• 0x4622ec FindResourceA
• 0x4622f0 FindFirstFileA
• 0x4622f4 FindClose
• 0x4622f8 FileTimeToLocalFileTime
• 0x4622fc FileTimeToDosDateTime
• 0x462300 EnumCalendarInfoA
• 0x462304 EnterCriticalSection
• 0x462308 DeleteCriticalSection
• 0x46230c CreateThread
• 0x462310 CreateFileA
• 0x462314 CreateEventA
• 0x462318 CompareStringA
• 0x46231c CloseHandle
库: version.dll:
• 0x462324 VerQueryValueA
• 0x462328 GetFileVersionInfoSizeA
• 0x46232c GetFileVersionInfoA
库: gdi32.dll:
• 0x462334 UnrealizeObject
• 0x462338 StretchBlt
• 0x46233c SetWindowOrgEx
• 0x462340 SetViewportOrgEx
• 0x462344 SetTextColor
• 0x462348 SetStretchBltMode
• 0x46234c SetROP2
• 0x462350 SetPixel
• 0x462354 SetDIBColorTable
• 0x462358 SetBrushOrgEx
• 0x46235c SetBkMode
• 0x462360 SetBkColor
• 0x462364 SelectPalette
• 0x462368 SelectObject
• 0x46236c ScaleWindowExtEx
• 0x462370 SaveDC
• 0x462374 RestoreDC
• 0x462378 RectVisible
• 0x46237c RealizePalette
• 0x462380 PatBlt
• 0x462384 MoveToEx
• 0x462388 MaskBlt
• 0x46238c LineTo
• 0x462390 IntersectClipRect
• 0x462394 GetWindowOrgEx
• 0x462398 GetTextMetricsA
• 0x46239c GetTextExtentPoint32A
• 0x4623a0 GetSystemPaletteEntries
• 0x4623a4 GetStockObject
• 0x4623a8 GetPixel
• 0x4623ac GetPaletteEntries
• 0x4623b0 GetObjectA
• 0x4623b4 GetDeviceCaps
• 0x4623b8 GetDIBits
• 0x4623bc GetDIBColorTable
• 0x4623c0 GetDCOrgEx
• 0x4623c4 GetCurrentPositionEx
• 0x4623c8 GetClipBox
• 0x4623cc GetBrushOrgEx
• 0x4623d0 GetBitmapBits
• 0x4623d4 ExcludeClipRect
• 0x4623d8 DeleteObject
• 0x4623dc DeleteDC
• 0x4623e0 CreateSolidBrush
• 0x4623e4 CreatePenIndirect
• 0x4623e8 CreatePalette
• 0x4623ec CreateHalftonePalette
• 0x4623f0 CreateFontIndirectA
• 0x4623f4 CreateDIBitmap
• 0x4623f8 CreateDIBSection
• 0x4623fc CreateCompatibleDC
• 0x462400 CreateCompatibleBitmap
• 0x462404 CreateBrushIndirect
• 0x462408 CreateBitmap
• 0x46240c BitBlt
库: user32.dll:
• 0x462414 CreateWindowExA
• 0x462418 WindowFromPoint
• 0x46241c WinHelpA
• 0x462420 WaitMessage
• 0x462424 UpdateWindow
• 0x462428 UnregisterClassA
• 0x46242c UnhookWindowsHookEx
• 0x462430 TranslateMessage
• 0x462434 TranslateMDISysAccel
• 0x462438 TrackPopupMenu
• 0x46243c SystemParametersInfoA
• 0x462440 ShowWindow
• 0x462444 ShowScrollBar
• 0x462448 ShowOwnedPopups
• 0x46244c ShowCursor
• 0x462450 SetWindowsHookExA
• 0x462454 SetWindowPos
• 0x462458 SetWindowPlacement
• 0x46245c SetWindowLongA
• 0x462460 SetTimer
• 0x462464 SetScrollRange
• 0x462468 SetScrollPos
• 0x46246c SetScrollInfo
• 0x462470 SetRect
• 0x462474 SetPropA
• 0x462478 SetParent
• 0x46247c SetMenuItemInfoA
• 0x462480 SetMenu
• 0x462484 SetForegroundWindow
• 0x462488 SetFocus
• 0x46248c SetCursor
• 0x462490 SetClassLongA
• 0x462494 SetCapture
• 0x462498 SetActiveWindow
• 0x46249c SendMessageA
• 0x4624a0 ScrollWindow
• 0x4624a4 ScreenToClient
• 0x4624a8 RemovePropA
• 0x4624ac RemoveMenu
• 0x4624b0 ReleaseDC
• 0x4624b4 ReleaseCapture
• 0x4624b8 RegisterWindowMessageA
• 0x4624bc RegisterClipboardFormatA
• 0x4624c0 RegisterClassA
• 0x4624c4 RedrawWindow
• 0x4624c8 PtInRect
• 0x4624cc PostQuitMessage
• 0x4624d0 PostMessageA
• 0x4624d4 PeekMessageA
• 0x4624d8 OffsetRect
• 0x4624dc OemToCharA
• 0x4624e0 MessageBoxA
• 0x4624e4 MapWindowPoints
• 0x4624e8 MapVirtualKeyA
• 0x4624ec LoadStringA
• 0x4624f0 LoadKeyboardLayoutA
• 0x4624f4 LoadIconA
• 0x4624f8 LoadCursorA
• 0x4624fc LoadBitmapA
• 0x462500 KillTimer
• 0x462504 IsZoomed
• 0x462508 IsWindowVisible
• 0x46250c IsWindowEnabled
• 0x462510 IsWindow
• 0x462514 IsRectEmpty
• 0x462518 IsIconic
• 0x46251c IsDialogMessageA
• 0x462520 IsChild
• 0x462524 InvalidateRect
• 0x462528 IntersectRect
• 0x46252c InsertMenuItemA
• 0x462530 InsertMenuA
• 0x462534 InflateRect
• 0x462538 GetWindowThreadProcessId
• 0x46253c GetWindowTextA
• 0x462540 GetWindowRect
• 0x462544 GetWindowPlacement
• 0x462548 GetWindowLongA
• 0x46254c GetWindowDC
• 0x462550 GetTopWindow
• 0x462554 GetSystemMetrics
• 0x462558 GetSystemMenu
• 0x46255c GetSysColorBrush
• 0x462560 GetSysColor
• 0x462564 GetSubMenu
• 0x462568 GetScrollRange
• 0x46256c GetScrollPos
• 0x462570 GetScrollInfo
• 0x462574 GetPropA
• 0x462578 GetParent
• 0x46257c GetWindow
• 0x462580 GetMenuStringA
• 0x462584 GetMenuState
• 0x462588 GetMenuItemInfoA
• 0x46258c GetMenuItemID
• 0x462590 GetMenuItemCount
• 0x462594 GetMenu
• 0x462598 GetLastActivePopup
• 0x46259c GetKeyboardState
• 0x4625a0 GetKeyboardLayoutList
• 0x4625a4 GetKeyboardLayout
• 0x4625a8 GetKeyState
• 0x4625ac GetKeyNameTextA
• 0x4625b0 GetIconInfo
• 0x4625b4 GetForegroundWindow
• 0x4625b8 GetFocus
• 0x4625bc GetDesktopWindow
• 0x4625c0 GetDCEx
• 0x4625c4 GetDC
• 0x4625c8 GetCursorPos
• 0x4625cc GetCursor
• 0x4625d0 GetClientRect
• 0x4625d4 GetClassNameA
• 0x4625d8 GetClassInfoA
• 0x4625dc GetCapture
• 0x4625e0 GetActiveWindow
• 0x4625e4 FrameRect
• 0x4625e8 FindWindowA
• 0x4625ec FillRect
• 0x4625f0 EqualRect
• 0x4625f4 EnumWindows
• 0x4625f8 EnumThreadWindows
• 0x4625fc EndPaint
• 0x462600 EnableWindow
• 0x462604 EnableScrollBar
• 0x462608 EnableMenuItem
• 0x46260c DrawTextA
• 0x462610 DrawMenuBar
• 0x462614 DrawIconEx
• 0x462618 DrawIcon
• 0x46261c DrawFrameControl
• 0x462620 DrawFocusRect
• 0x462624 DrawEdge
• 0x462628 DispatchMessageA
• 0x46262c DestroyWindow
• 0x462630 DestroyMenu
• 0x462634 DestroyIcon
• 0x462638 DestroyCursor
• 0x46263c DeleteMenu
• 0x462640 DefWindowProcA
• 0x462644 DefMDIChildProcA
• 0x462648 DefFrameProcA
• 0x46264c CreatePopupMenu
• 0x462650 CreateMenu
• 0x462654 CreateIcon
• 0x462658 ClientToScreen
• 0x46265c CheckMenuItem
• 0x462660 CallWindowProcA
• 0x462664 CallNextHookEx
• 0x462668 BringWindowToTop
• 0x46266c BeginPaint
• 0x462670 CharNextA
• 0x462674 CharLowerA
• 0x462678 CharUpperBuffA
• 0x46267c CharToOemA
• 0x462680 AdjustWindowRectEx
• 0x462684 ActivateKeyboardLayout
库: kernel32.dll:
• 0x46268c Sleep
库: oleaut32.dll:
• 0x462694 SafeArrayPtrOfIndex
• 0x462698 SafeArrayGetUBound
• 0x46269c SafeArrayGetLBound
• 0x4626a0 SafeArrayCreate
• 0x4626a4 VariantChangeType
• 0x4626a8 VariantCopy
• 0x4626ac VariantClear
• 0x4626b0 VariantInit
库: comctl32.dll:
• 0x4626b8 ImageList_SetIconSize
• 0x4626bc ImageList_GetIconSize
• 0x4626c0 ImageList_Write
• 0x4626c4 ImageList_Read
• 0x4626c8 ImageList_GetDragImage
• 0x4626cc ImageList_DragShowNolock
• 0x4626d0 ImageList_SetDragCursorImage
• 0x4626d4 ImageList_DragMove
• 0x4626d8 ImageList_DragLeave
• 0x4626dc ImageList_DragEnter
• 0x4626e0 ImageList_EndDrag
• 0x4626e4 ImageList_BeginDrag
• 0x4626e8 ImageList_Remove
• 0x4626ec ImageList_DrawEx
• 0x4626f0 ImageList_Draw
• 0x4626f4 ImageList_GetBkColor
• 0x4626f8 ImageList_SetBkColor
• 0x4626fc ImageList_ReplaceIcon
• 0x462700 ImageList_Add
• 0x462704 ImageList_GetImageCount
• 0x462708 ImageList_Destroy
• 0x46270c ImageList_Create
`DATA
.idata
.rdata
P.reloc
P.rsrc
System
IInterface
Uhd"@
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
Uh42@
Ph\6@
Uhb;@
kernel32.dll
GetLongPathNameA
Software\Borland\Locales
Software\Borland\Delphi\Locales
UhdT@
Uh3X@
Uh'Y@
UhJZ@
UhU\@
Magellan MSWHEEL
MouseZ
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
UhQi@
Uhql@
ExceptionHm@
EInOutErrorXn@
EZeroDivide|q@
False
AM/PM
D$LPj
WUWSj
m/d/yy
mmmm d, yyyy
AMPM
AMPM
:mm:ss
kernel32.dll
GetDiskFreeSpaceExA
oleaut32.dll
VariantChangeTypeEx
VarNeg
VarNot
VarAdd
VarSub
VarMul
VarDiv
VarIdiv
VarMod
VarAnd
VarOr
VarXor
VarCmp
VarI4FromStr
VarR4FromStr
VarR8FromStr
VarDateFromStr
VarCyFromStr
VarBoolFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromBool
Variants
Empty
Smallint
Integer
Single
Double
Currency
OleStr
Dispatch
Error
Boolean
Variant
Unknown
Decimal
ShortInt
LongWord
Int64
String
Array
ByRef
False
TNotifyEvent
TObject
TThreadList
Classes
Classes
Classes
Classes
Classes
TComponent$#A
Classes
Uh^1A
Uh>2A
Uh63A
Uhj4A
Uh06A
Uhz8A
Uh[8A
Uhl=A
Uhz@A
Uh5AA
UhDDA
Ph4OA
Strings
UhXFA
Uh@GA
UhPIA
Uh'JA
UhpKA
Uh=LA
Uh LA
Uh(MA
UhcNA
Uh$OA
Uh,ZA
Uhm\A
Owner
UhafA
Uh#hA
Uh/lA
UhWnA
UhXrA
UhEuA
False
Uh]|A
Uh6|A
UhN~A
%s_%d
ulj@h
TPUtilWindow
Graphics
Graphics
Graphics
Graphics
clBlack
clMaroon
clGreen
clOlive
clNavy
clPurple
clTeal
clGray
clSilver
clRed
clLime
clYellow
clBlue
clFuchsia
clAqua
clWhite
clMoneyGreen
clSkyBlue
clCream
clMedGray
clActiveBorder
clActiveCaption
clAppWorkSpace
clBackground
clBtnFace
clBtnHighlight
clBtnShadow
clBtnText
clCaptionText
clDefault
clGradientActiveCaption
clGradientInactiveCaption
clGrayText
clHighlight
clHighlightText
clHotLight
clInactiveBorder
clInactiveCaption
clInactiveCaptionText
clInfoBk
clInfoText
clMenu
clMenuBar
clMenuHighlight
clMenuText
clNone
clScrollBar
cl3DDkShadow
cl3DLight
clWindow
clWindowFrame
clWindowText
ANSI_CHARSET
DEFAULT_CHARSET
SYMBOL_CHARSET
MAC_CHARSET
SHIFTJIS_CHARSET
HANGEUL_CHARSET
JOHAB_CHARSET
GB2312_CHARSET
CHINESEBIG5_CHARSET
GREEK_CHARSET
TURKISH_CHARSET
HEBREW_CHARSET
ARABIC_CHARSET
BALTIC_CHARSET
RUSSIAN_CHARSET
THAI_CHARSET
EASTEUROPE_CHARSET
OEM_CHARSET
Default
E$PVSj
Graphics
| 防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
|---|---|---|
| Bkav | 未发现病毒 | 20180717 |
| MicroWorld-eScan | Trojan.Agent.DBNG | 20180717 |
| CMC | 未发现病毒 | 20180716 |
| CAT-QuickHeal | 未发现病毒 | 20180716 |
| McAfee | Packed-FIU!F6AC15E4ED8E | 20180717 |
| Malwarebytes | Trojan.Injector | 20180717 |
| SUPERAntiSpyware | 未发现病毒 | 20180717 |
| TheHacker | 未发现病毒 | 20180716 |
| K7GW | Riskware ( 0040eff71 ) | 20180717 |
| K7AntiVirus | Riskware ( 0040eff71 ) | 20180717 |
| Invincea | heuristic | 20180717 |
| Baidu | 未发现病毒 | 20180717 |
| Cyren | W32/Trojan.AFAF-9026 | 20180717 |
| Symantec | ML.Attribute.HighConfidence | 20180717 |
| TotalDefense | 未发现病毒 | 20180717 |
| TrendMicro-HouseCall | TSPY_HPLOKI.SMBD | 20180717 |
| Paloalto | 未发现病毒 | 20180717 |
| ClamAV | 未发现病毒 | 20180717 |
| Kaspersky | HEUR:Trojan.Win32.Agent.gen | 20180717 |
| BitDefender | Trojan.Agent.DBNG | 20180717 |
| NANO-Antivirus | Trojan.Win32.Chisburg.ffkadk | 20180717 |
| ViRobot | Trojan.Win32.Agent.587776.F | 20180717 |
| Avast | Win32:Trojan-gen | 20180717 |
| Tencent | Win32.Trojan.Inject.Auto | 20180717 |
| Endgame | malicious (high confidence) | 20180711 |
| Sophos | 未发现病毒 | 20180717 |
| Comodo | 未发现病毒 | 20180717 |
| F-Secure | Trojan.Agent.DBNG | 20180717 |
| DrWeb | Trojan.PWS.Stealer.19347 | 20180717 |
| VIPRE | 未发现病毒 | 20180717 |
| TrendMicro | TSPY_HPLOKI.SMBD | 20180717 |
| McAfee-GW-Edition | BehavesLike.Win32.Fareit.hh | 20180717 |
| Emsisoft | Trojan.Agent.DBNG (B) | 20180717 |
| F-Prot | W32/Trojan3.AMUE | 20180717 |
| Jiangmin | 未发现病毒 | 20180717 |
| Webroot | W32.Trojan.Gen | 20180717 |
| Avira | 未发现病毒 | 20180717 |
| MAX | malware (ai score=82) | 20180717 |
| Antiy-AVL | Trojan/Win32.Fuerboos | 20180717 |
| Kingsoft | 未发现病毒 | 20180717 |
| Microsoft | 未发现病毒 | 20180717 |
| Arcabit | Trojan.Agent.DBNG | 20180717 |
| AegisLab | 未发现病毒 | 20180717 |
| ZoneAlarm | HEUR:Trojan.Win32.Agent.gen | 20180717 |
| Avast-Mobile | 未发现病毒 | 20180717 |
| GData | Trojan.Agent.DBNG | 20180717 |
| AhnLab-V3 | Win-Trojan/Delphiless.Exp | 20180717 |
| ALYac | Trojan.Agent.DBNG | 20180717 |
| AVware | 未发现病毒 | 20180717 |
| TACHYON | 未发现病毒 | 20180717 |
| VBA32 | BScope.Trojan.Fuerboos | 20180717 |
| Zoner | Trojan.Smbd | 20180717 |
| ESET-NOD32 | a variant of Win32/Injector.DZGI | 20180717 |
| Rising | Backdoor.Androm!8.113 (TFE:dGZlOgUEH5dxUOKnoQ) | 20180717 |
| Yandex | 未发现病毒 | 20180716 |
| SentinelOne | static engine - malicious | 20180701 |
| eGambit | 未发现病毒 | 20180717 |
| Fortinet | W32/Injector.DZGI!tr | 20180717 |
| Ad-Aware | Trojan.Agent.DBNG | 20180717 |
| AVG | Win32:Trojan-gen | 20180717 |
| Cybereason | malicious.9fa20f | 20180225 |
| Panda | 未发现病毒 | 20180717 |
| CrowdStrike | malicious_confidence_100% (D) | 20180530 |
| Qihoo-360 | HEUR/QVM05.1.8ADB.Malware.Gen | 20180717 |
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 60990 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
| 域名 | 安全评级 | 响应 |
|---|---|---|
| glandex.ml | NXDOMAIN |
TCP
无TCP连接纪录.
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 60990 | 192.168.122.1 | 53 |
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
| 文件名 | 36162445.bat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\36162445.bat
|
| 文件大小 | 94 字节 |
| 文件类型 | ASCII text, with CRLF, CR line terminators |
| MD5 | 3880eeb1c736d853eb13b44898b718ab |
| SHA1 | 4eec9d50360cd815211e3c4e6bdd08271b6ec8e6 |
| SHA256 | 936d9411d5226b7c5a150ecaf422987590a8870c8e095e1caa072273041a86e7 |
| CRC32 | 88799FC9 |
| Ssdeep | 3:k4Zoa5/kFWJFFN6dAFZkMFlGl/AVFn:k/0/kFY/NDFZotwFn |
| 下载 提交魔盾安全分析 显示文本 | |
:ktk
del %1
if exist %1 goto
ktk
del %0 |
|
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 28.148 seconds )
- 11.292 VirusTotal
- 7.358 Suricata
- 5.246 NetworkAnalysis
- 1.275 Static
- 1.238 TargetInfo
- 1.179 BehaviorAnalysis
- 0.338 peid
- 0.193 AnalysisInfo
- 0.013 Strings
- 0.01 Dropped
- 0.003 Memory
- 0.002 Debug
- 0.001 config_decoder
Signatures ( 0.661 seconds )
- 0.092 antiav_detectreg
- 0.068 stealth_timeout
- 0.054 api_spamming
- 0.046 decoy_document
- 0.04 antivm_generic_scsi
- 0.039 infostealer_ftp
- 0.023 antiav_detectfile
- 0.023 infostealer_im
- 0.022 antivm_generic_services
- 0.019 antianalysis_detectreg
- 0.016 infostealer_bitcoin
- 0.016 infostealer_mail
- 0.015 dridex_behavior
- 0.015 stealth_file
- 0.01 antivm_generic_disk
- 0.009 antivm_vbox_files
- 0.009 md_url_bl
- 0.008 antisandbox_sleep
- 0.008 mimics_filetime
- 0.008 md_domain_bl
- 0.007 reads_self
- 0.007 virus
- 0.006 bootkit
- 0.005 hancitor_behavior
- 0.005 betabot_behavior
- 0.005 kibex_behavior
- 0.005 geodo_banking_trojan
- 0.004 persistence_autorun
- 0.004 antidbg_devices
- 0.004 antivm_parallels_keys
- 0.004 antivm_xen_keys
- 0.004 darkcomet_regkeys
- 0.004 md_bad_drop
- 0.004 ransomware_files
- 0.003 network_tor
- 0.003 antivm_generic_diskreg
- 0.003 ransomware_extensions
- 0.003 rat_pcclient
- 0.003 recon_fingerprint
- 0.002 antiemu_wine_func
- 0.002 tinba_behavior
- 0.002 antisandbox_productid
- 0.002 disables_browser_warn
- 0.002 network_torgateway
- 0.001 hawkeye_behavior
- 0.001 rat_nanocore
- 0.001 infostealer_browser
- 0.001 kazybot_behavior
- 0.001 shifu_behavior
- 0.001 infostealer_browser_password
- 0.001 cerber_behavior
- 0.001 kovter_behavior
- 0.001 antianalysis_detectfile
- 0.001 antivm_xen_keys
- 0.001 antivm_generic_bios
- 0.001 antivm_generic_cpu
- 0.001 antivm_generic_system
- 0.001 antivm_hyperv_keys
- 0.001 antivm_vbox_acpi
- 0.001 antivm_vbox_keys
- 0.001 antivm_vmware_files
- 0.001 antivm_vmware_keys
- 0.001 antivm_vpc_keys
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 modify_proxy
- 0.001 browser_security
- 0.001 bypass_firewall
- 0.001 codelux_behavior
- 0.001 packer_armadillo_regkey
- 0.001 sniffer_winpcap
- 0.001 targeted_flame
Reporting ( 0.541 seconds )
- 0.513 ReportHTMLSummary
- 0.028 Malheur
| Task ID | 171248 |
|---|---|
| Mongo ID | 5b51b08abb7d574884060457 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号