分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-hpdapp03-1 | 2018-07-20 18:01:15 | 2018-07-20 18:03:40 | 145 秒 |
文件名 | del.exe |
---|---|
文件大小 | 675840 字节 |
文件类型 | PE32 executable (console) Intel 80386, for MS Windows |
MD5 | 187a26d176492f6a7adafc28fa76af05 |
SHA1 | 63b0dd243701bfd1eb08d749e5df81e7467ac2fb |
SHA256 | e5fbe454454640905425e266f823493d1709df659015eca59829084639be8888 |
SHA512 | 030543c6d147f69899f70fdf3ef115c6782125e7ebc3b013ab1ab02bc7e89e7acf67cb1f2de1b5d7f08a4ec77b2bb2b54c569cc0a4140801fcd128fabbf10da3 |
CRC32 | 031A19DD |
Ssdeep | 12288:FN18JBTrLJkezTUOMoqiTG4dt54fX1IN7:X1kBfLJjzAOHqixdHUX1Il |
Yara | 登录查看Yara规则 |
样本下载 提交误报 |
无主机纪录.
无域名信息.
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x0045ae17 |
声明校验值 | 0x00000000 |
实际校验值 | 0x000b228a |
最低操作系统版本要求 | 4.0 |
编译时间 | 2018-06-24 17:46:53 |
载入哈希 | 51fef2bd683430882a07ca6f5420d1a9 |
图标 | |
图标精确哈希值 | 7e8d0dbe5de19f74f384ae459c5abecf |
图标相似性哈希值 | 439e81c5165936c3ea55d4df339c6380 |
LegalCopyright | |
---|---|
FileVersion | |
Comments | |
ProductName | |
ProductVersion | |
FileDescription | |
Translation |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x00078616 | 0x00079000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.58 |
.rdata | 0x0007a000 | 0x00012742 | 0x00013000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.56 |
.data | 0x0008d000 | 0x000218e8 | 0x00012000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 5.06 |
.rsrc | 0x000af000 | 0x00005958 | 0x00006000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.82 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
TEXTINCLUDE | 0x000afc20 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
TEXTINCLUDE | 0x000afc20 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
TEXTINCLUDE | 0x000afc20 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
RT_CURSOR | 0x000b0110 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
RT_CURSOR | 0x000b0110 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
RT_CURSOR | 0x000b0110 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
RT_CURSOR | 0x000b0110 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
RT_BITMAP | 0x000b1818 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x000b1818 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x000b1818 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x000b1818 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x000b1818 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x000b1818 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x000b1818 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x000b1818 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x000b1818 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x000b1818 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x000b1818 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x000b1818 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x000b1818 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x000b1818 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_ICON | 0x000b217c | 0x00000668 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.62 | dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0 |
RT_ICON | 0x000b217c | 0x00000668 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.62 | dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0 |
RT_ICON | 0x000b217c | 0x00000668 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.62 | dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0 |
RT_ICON | 0x000b217c | 0x00000668 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.62 | dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0 |
RT_ICON | 0x000b217c | 0x00000668 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.62 | dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0 |
RT_MENU | 0x000b27f0 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
RT_MENU | 0x000b27f0 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
RT_DIALOG | 0x000b3a38 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x000b3a38 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x000b3a38 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x000b3a38 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x000b3a38 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x000b3a38 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x000b3a38 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x000b3a38 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x000b3a38 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x000b3a38 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_STRING | 0x000b4480 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x000b4480 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x000b4480 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x000b4480 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x000b4480 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x000b4480 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x000b4480 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x000b4480 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x000b4480 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x000b4480 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x000b4480 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_GROUP_CURSOR | 0x000b44cc | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x000b44cc | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x000b44cc | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_ICON | 0x000b4534 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_GROUP_ICON | 0x000b4534 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_GROUP_ICON | 0x000b4534 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_VERSION | 0x000b4548 | 0x00000240 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.83 | data |
RT_MANIFEST | 0x000b4788 | 0x000001cd | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.08 | XML 1.0 document, ASCII text, with very long lines, with no line terminators |
防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
---|---|---|
Bkav | 未发现病毒 | 20180719 |
MicroWorld-eScan | 未发现病毒 | 20180720 |
CMC | 未发现病毒 | 20180720 |
CAT-QuickHeal | Trojan.Flystudio.100458 | 20180720 |
McAfee | 未发现病毒 | 20180720 |
Cylance | Unsafe | 20180720 |
Zillya | 未发现病毒 | 20180719 |
TheHacker | 未发现病毒 | 20180720 |
K7GW | Trojan ( 005246d51 ) | 20180720 |
K7AntiVirus | Trojan ( 005246d51 ) | 20180720 |
TrendMicro | 未发现病毒 | 20180720 |
Baidu | 未发现病毒 | 20180717 |
Babable | 未发现病毒 | 20180406 |
F-Prot | W32/Agent.EW.gen!Eldorado | 20180720 |
Symantec | ML.Attribute.HighConfidence | 20180720 |
ESET-NOD32 | a variant of Win32/Packed.FlyStudio.AA potentially unwanted | 20180720 |
TrendMicro-HouseCall | 未发现病毒 | 20180720 |
Paloalto | 未发现病毒 | 20180720 |
ClamAV | 未发现病毒 | 20180720 |
Kaspersky | 未发现病毒 | 20180720 |
BitDefender | 未发现病毒 | 20180720 |
NANO-Antivirus | 未发现病毒 | 20180720 |
ViRobot | 未发现病毒 | 20180720 |
SUPERAntiSpyware | Trojan.Agent/Gen-OnlineGames | 20180720 |
Avast | Win32:Evo-gen [Susp] | 20180720 |
Tencent | 未发现病毒 | 20180720 |
Ad-Aware | 未发现病毒 | 20180720 |
Sophos | 未发现病毒 | 20180720 |
Comodo | Worm.Win32.Dropper.RA | 20180720 |
F-Secure | 未发现病毒 | 20180720 |
DrWeb | 未发现病毒 | 20180720 |
VIPRE | 未发现病毒 | 20180720 |
Invincea | heuristic | 20180717 |
McAfee-GW-Edition | BehavesLike.Win32.Generic.jh | 20180720 |
Fortinet | 未发现病毒 | 20180720 |
Emsisoft | 未发现病毒 | 20180720 |
SentinelOne | static engine - malicious | 20180701 |
Cyren | W32/Agent.EW.gen!Eldorado | 20180720 |
Jiangmin | Trojan/Gimemo.hhr | 20180720 |
Webroot | 未发现病毒 | 20180720 |
Avira | 未发现病毒 | 20180720 |
MAX | 未发现病毒 | 20180720 |
Antiy-AVL | 未发现病毒 | 20180720 |
Kingsoft | 未发现病毒 | 20180720 |
Endgame | malicious (high confidence) | 20180711 |
Arcabit | 未发现病毒 | 20180720 |
AegisLab | 未发现病毒 | 20180720 |
ZoneAlarm | 未发现病毒 | 20180720 |
Avast-Mobile | 未发现病毒 | 20180720 |
Microsoft | 未发现病毒 | 20180720 |
AhnLab-V3 | Dropper/Win32.Agent.C656419 | 20180720 |
ALYac | 未发现病毒 | 20180720 |
AVware | 未发现病毒 | 20180720 |
TACHYON | 未发现病毒 | 20180719 |
VBA32 | 未发现病毒 | 20180719 |
Malwarebytes | Spyware.OnlineGames | 20180720 |
Zoner | 未发现病毒 | 20180719 |
Rising | Malware.Heuristic!ET#82% (RDM+:cmRtazq/aHj8Uvy0ekcS6CMgbSMN) | 20180720 |
Yandex | 未发现病毒 | 20180717 |
Ikarus | 未发现病毒 | 20180720 |
eGambit | 未发现病毒 | 20180720 |
GData | Win32.Application.PUPStudio.A | 20180720 |
AVG | Win32:Evo-gen [Susp] | 20180720 |
Cybereason | malicious.43701b | 20180225 |
Panda | 未发现病毒 | 20180719 |
CrowdStrike | malicious_confidence_100% (D) | 20180530 |
Qihoo-360 | 未发现病毒 | 20180720 |
无主机纪录.
无TCP连接纪录.
无UDP连接纪录.
无域名信息.
无TCP连接纪录.
无UDP连接纪录.
未发现HTTP请求.
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
No TLS
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 171251 |
---|---|
Mongo ID | 5b51b397a093ef5705ea10ce |
Cuckoo release | 1.4-Maldun |