比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp03-1 2018-07-20 18:01:15 2018-07-20 18:03:40 145 秒

魔盾分数

10.0

Malicious病毒

文件详细信息

文件名 del.exe
文件大小 675840 字节
文件类型 PE32 executable (console) Intel 80386, for MS Windows
MD5 187a26d176492f6a7adafc28fa76af05
SHA1 63b0dd243701bfd1eb08d749e5df81e7467ac2fb
SHA256 e5fbe454454640905425e266f823493d1709df659015eca59829084639be8888
SHA512 030543c6d147f69899f70fdf3ef115c6782125e7ebc3b013ab1ab02bc7e89e7acf67cb1f2de1b5d7f08a4ec77b2bb2b54c569cc0a4140801fcd128fabbf10da3
CRC32 031A19DD
Ssdeep 12288:FN18JBTrLJkezTUOMoqiTG4dt54fX1IN7:X1kBfLJjzAOHqixdHUX1Il
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0045ae17
声明校验值 0x00000000
实际校验值 0x000b228a
最低操作系统版本要求 4.0
编译时间 2018-06-24 17:46:53
载入哈希 51fef2bd683430882a07ca6f5420d1a9
图标
图标精确哈希值 7e8d0dbe5de19f74f384ae459c5abecf
图标相似性哈希值 439e81c5165936c3ea55d4df339c6380

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00078616 0x00079000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.58
.rdata 0x0007a000 0x00012742 0x00013000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.56
.data 0x0008d000 0x000218e8 0x00012000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.06
.rsrc 0x000af000 0x00005958 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.82

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TEXTINCLUDE 0x000afc20 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x000afc20 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x000afc20 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
RT_CURSOR 0x000b0110 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x000b0110 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x000b0110 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x000b0110 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_BITMAP 0x000b1818 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000b1818 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000b1818 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000b1818 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000b1818 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000b1818 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000b1818 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000b1818 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000b1818 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000b1818 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000b1818 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000b1818 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000b1818 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000b1818 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_ICON 0x000b217c 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_ICON 0x000b217c 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_ICON 0x000b217c 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_ICON 0x000b217c 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_ICON 0x000b217c 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_MENU 0x000b27f0 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_MENU 0x000b27f0 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_DIALOG 0x000b3a38 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000b3a38 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000b3a38 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000b3a38 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000b3a38 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000b3a38 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000b3a38 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000b3a38 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000b3a38 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000b3a38 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_STRING 0x000b4480 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000b4480 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000b4480 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000b4480 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000b4480 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000b4480 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000b4480 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000b4480 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000b4480 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000b4480 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000b4480 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_GROUP_CURSOR 0x000b44cc 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x000b44cc 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x000b44cc 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON 0x000b4534 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x000b4534 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x000b4534 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION 0x000b4548 0x00000240 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.83 data
RT_MANIFEST 0x000b4788 0x000001cd LANG_NEUTRAL SUBLANG_NEUTRAL 5.08 XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: KERNEL32.dll:
0x47a170 SetEndOfFile
0x47a174 UnlockFile
0x47a178 LockFile
0x47a17c FlushFileBuffers
0x47a180 SetFilePointer
0x47a184 GetCurrentProcess
0x47a188 DuplicateHandle
0x47a18c lstrcpynA
0x47a190 SetLastError
0x47a19c LocalFree
0x47a1a0 MultiByteToWideChar
0x47a1a4 WideCharToMultiByte
0x47a1ac CreateSemaphoreA
0x47a1b0 ResumeThread
0x47a1b4 ReleaseSemaphore
0x47a1bc SetStdHandle
0x47a1c0 IsBadCodePtr
0x47a1c4 IsBadReadPtr
0x47a1c8 CompareStringW
0x47a1cc CompareStringA
0x47a1d4 GetStringTypeW
0x47a1d8 GetStringTypeA
0x47a1dc IsBadWritePtr
0x47a1e0 VirtualAlloc
0x47a1e4 LCMapStringW
0x47a1e8 LCMapStringA
0x47a1f0 VirtualFree
0x47a1f4 HeapCreate
0x47a1f8 HeapDestroy
0x47a200 GetFileType
0x47a204 GetStdHandle
0x47a208 SetHandleCount
0x47a220 GetACP
0x47a224 HeapSize
0x47a22c GetProfileStringA
0x47a230 WriteFile
0x47a238 CreateFileA
0x47a23c SetEvent
0x47a240 FindResourceA
0x47a244 LoadResource
0x47a248 LockResource
0x47a24c ReadFile
0x47a250 GetModuleFileNameA
0x47a254 GetCurrentThreadId
0x47a258 ExitProcess
0x47a25c GlobalSize
0x47a260 GlobalFree
0x47a26c lstrcatA
0x47a270 lstrlenA
0x47a274 WinExec
0x47a278 lstrcpyA
0x47a27c FindNextFileA
0x47a280 GlobalReAlloc
0x47a284 HeapFree
0x47a288 HeapReAlloc
0x47a28c GetProcessHeap
0x47a290 HeapAlloc
0x47a294 GetFullPathNameA
0x47a298 FreeLibrary
0x47a29c LoadLibraryA
0x47a2a0 GetLastError
0x47a2a4 GetVersionExA
0x47a2ac CreateThread
0x47a2b0 CreateEventA
0x47a2b4 Sleep
0x47a2b8 GlobalAlloc
0x47a2bc GlobalLock
0x47a2c0 GlobalUnlock
0x47a2c4 FindFirstFileA
0x47a2c8 FindClose
0x47a2cc TerminateProcess
0x47a2d0 GetLocalTime
0x47a2d4 GetSystemTime
0x47a2dc RaiseException
0x47a2e0 RtlUnwind
0x47a2e4 GetStartupInfoA
0x47a2e8 GetOEMCP
0x47a2ec GetCPInfo
0x47a2f0 GetProcessVersion
0x47a2f4 SetErrorMode
0x47a2f8 GlobalFlags
0x47a2fc GetCurrentThread
0x47a300 GetFileTime
0x47a304 GetFileSize
0x47a308 TlsGetValue
0x47a30c LocalReAlloc
0x47a310 TlsSetValue
0x47a314 TlsFree
0x47a318 GlobalHandle
0x47a31c GetFileAttributesA
0x47a320 DeleteFileA
0x47a32c TlsAlloc
0x47a330 LocalAlloc
0x47a334 lstrcmpA
0x47a338 GetVersion
0x47a33c GlobalGetAtomNameA
0x47a340 GlobalAddAtomA
0x47a344 GlobalFindAtomA
0x47a348 GlobalDeleteAtom
0x47a34c lstrcmpiA
0x47a350 GetModuleHandleA
0x47a354 GetProcAddress
0x47a358 MulDiv
0x47a35c GetCommandLineA
0x47a360 GetTickCount
0x47a364 WaitForSingleObject
0x47a368 CloseHandle
库: USER32.dll:
0x47a390 OpenClipboard
0x47a394 SetClipboardData
0x47a398 EmptyClipboard
0x47a39c GetSystemMetrics
0x47a3a0 GetCursorPos
0x47a3a4 MessageBoxA
0x47a3a8 SetWindowPos
0x47a3ac SendMessageA
0x47a3b0 DestroyCursor
0x47a3b4 SetParent
0x47a3b8 GetClipboardData
0x47a3bc PostMessageA
0x47a3c0 GetTopWindow
0x47a3c4 GetParent
0x47a3c8 GetFocus
0x47a3cc GetClientRect
0x47a3d0 InvalidateRect
0x47a3d4 ValidateRect
0x47a3d8 UpdateWindow
0x47a3dc CloseClipboard
0x47a3e0 wsprintfA
0x47a3e4 EqualRect
0x47a3e8 GetWindowRect
0x47a3ec SetForegroundWindow
0x47a3f0 IsWindow
0x47a3f4 DestroyMenu
0x47a3f8 IsChild
0x47a3fc ReleaseDC
0x47a400 IsRectEmpty
0x47a404 FillRect
0x47a408 GetDC
0x47a40c SetCursor
0x47a410 LoadCursorA
0x47a414 SetCursorPos
0x47a418 SetActiveWindow
0x47a41c GetSysColor
0x47a420 SetWindowLongA
0x47a424 GetWindowLongA
0x47a428 RedrawWindow
0x47a42c EnableWindow
0x47a430 IsWindowVisible
0x47a434 OffsetRect
0x47a438 PtInRect
0x47a43c DestroyIcon
0x47a440 IntersectRect
0x47a444 InflateRect
0x47a448 SetRect
0x47a44c SetScrollPos
0x47a450 SetScrollRange
0x47a454 GetScrollRange
0x47a458 SetCapture
0x47a45c LoadIconA
0x47a460 TranslateMessage
0x47a464 DrawFrameControl
0x47a468 DrawEdge
0x47a46c DrawFocusRect
0x47a470 WindowFromPoint
0x47a474 GetMessageA
0x47a478 DispatchMessageA
0x47a47c SetRectEmpty
0x47a48c DrawIconEx
0x47a490 CreatePopupMenu
0x47a494 AppendMenuA
0x47a498 ModifyMenuA
0x47a49c CreateMenu
0x47a4a4 GetDlgCtrlID
0x47a4a8 GetSubMenu
0x47a4ac EnableMenuItem
0x47a4b0 ClientToScreen
0x47a4b8 LoadImageA
0x47a4c0 ShowWindow
0x47a4c4 IsWindowEnabled
0x47a4cc GetKeyState
0x47a4d4 PostQuitMessage
0x47a4d8 IsZoomed
0x47a4dc GetClassInfoA
0x47a4e0 GetWindowTextA
0x47a4e8 CharUpperA
0x47a4ec GetWindowDC
0x47a4f0 BeginPaint
0x47a4f4 EndPaint
0x47a4f8 TabbedTextOutA
0x47a4fc DrawTextA
0x47a500 GrayStringA
0x47a504 GetDlgItem
0x47a508 DestroyWindow
0x47a510 EndDialog
0x47a514 GetNextDlgTabItem
0x47a518 GetWindowPlacement
0x47a520 GetForegroundWindow
0x47a524 GetLastActivePopup
0x47a528 GetMessageTime
0x47a52c RemovePropA
0x47a530 CallWindowProcA
0x47a534 GetPropA
0x47a538 UnhookWindowsHookEx
0x47a53c SetPropA
0x47a540 GetClassLongA
0x47a544 CallNextHookEx
0x47a548 SetWindowsHookExA
0x47a54c CreateWindowExA
0x47a550 GetMenuItemID
0x47a554 GetMenuItemCount
0x47a558 RegisterClassA
0x47a55c GetScrollPos
0x47a560 UnregisterClassA
0x47a564 AdjustWindowRectEx
0x47a568 MapWindowPoints
0x47a56c SendDlgItemMessageA
0x47a570 ScrollWindowEx
0x47a574 IsDialogMessageA
0x47a578 SetWindowTextA
0x47a57c MoveWindow
0x47a580 CheckMenuItem
0x47a584 SetMenuItemBitmaps
0x47a588 GetMenuState
0x47a590 GetClassNameA
0x47a594 GetDesktopWindow
0x47a598 LoadStringA
0x47a59c GetSysColorBrush
0x47a5a0 DefWindowProcA
0x47a5a4 GetMenu
0x47a5a8 SetMenu
0x47a5ac PeekMessageA
0x47a5b0 IsIconic
0x47a5b4 SetFocus
0x47a5b8 GetActiveWindow
0x47a5bc GetWindow
0x47a5c4 SetWindowRgn
0x47a5c8 GetMessagePos
0x47a5cc ScreenToClient
0x47a5d4 CopyRect
0x47a5d8 LoadBitmapA
0x47a5dc WinHelpA
0x47a5e0 KillTimer
0x47a5e4 SetTimer
0x47a5e8 ReleaseCapture
0x47a5ec GetCapture
库: GDI32.dll:
0x47a024 SetStretchBltMode
0x47a028 GetClipRgn
0x47a02c CreatePolygonRgn
0x47a030 SelectClipRgn
0x47a034 DeleteObject
0x47a038 CreateDIBitmap
0x47a040 CreatePalette
0x47a044 StretchBlt
0x47a048 SelectPalette
0x47a04c RealizePalette
0x47a050 GetDIBits
0x47a054 GetWindowExtEx
0x47a058 GetViewportOrgEx
0x47a05c GetWindowOrgEx
0x47a060 BeginPath
0x47a064 EndPath
0x47a068 PathToRegion
0x47a06c CreateEllipticRgn
0x47a070 CreateRoundRectRgn
0x47a074 GetTextColor
0x47a078 GetBkMode
0x47a07c GetBkColor
0x47a080 GetROP2
0x47a084 GetStretchBltMode
0x47a088 GetPolyFillMode
0x47a090 CreateDCA
0x47a094 CreateBitmap
0x47a098 SelectObject
0x47a09c GetObjectA
0x47a0a0 CreatePen
0x47a0a4 PatBlt
0x47a0a8 CreateRectRgn
0x47a0ac FillRgn
0x47a0b0 CreateSolidBrush
0x47a0b4 GetStockObject
0x47a0b8 CreateFontIndirectA
0x47a0bc EndPage
0x47a0c0 EndDoc
0x47a0c4 DeleteDC
0x47a0c8 StartDocA
0x47a0cc StartPage
0x47a0d0 BitBlt
0x47a0d4 CreateCompatibleDC
0x47a0d8 Ellipse
0x47a0dc Rectangle
0x47a0e0 LPtoDP
0x47a0e4 DPtoLP
0x47a0e8 GetCurrentObject
0x47a0ec RoundRect
0x47a0f4 GetDeviceCaps
0x47a0f8 SaveDC
0x47a0fc RestoreDC
0x47a100 SetBkMode
0x47a104 SetPolyFillMode
0x47a108 SetROP2
0x47a10c SetTextColor
0x47a110 SetMapMode
0x47a114 SetViewportOrgEx
0x47a118 OffsetViewportOrgEx
0x47a11c SetViewportExtEx
0x47a120 ScaleViewportExtEx
0x47a124 SetWindowOrgEx
0x47a128 SetWindowExtEx
0x47a12c ScaleWindowExtEx
0x47a130 GetClipBox
0x47a134 ExcludeClipRect
0x47a138 MoveToEx
0x47a13c LineTo
0x47a144 SetBkColor
0x47a148 CombineRgn
0x47a14c GetTextMetricsA
0x47a150 Escape
0x47a154 ExtTextOutA
0x47a158 TextOutA
0x47a15c RectVisible
0x47a160 PtVisible
0x47a164 GetViewportExtEx
0x47a168 ExtSelectClipRgn
库: WINMM.dll:
0x47a5f4 midiStreamRestart
0x47a5f8 midiStreamClose
0x47a5fc midiOutReset
0x47a600 midiStreamStop
0x47a604 midiStreamOut
0x47a60c midiStreamProperty
0x47a610 midiStreamOpen
0x47a618 waveOutOpen
0x47a61c waveOutGetNumDevs
0x47a620 waveOutClose
0x47a624 waveOutReset
0x47a628 waveOutPause
0x47a62c waveOutWrite
库: WINSPOOL.DRV:
0x47a63c ClosePrinter
0x47a640 DocumentPropertiesA
0x47a644 OpenPrinterA
库: ADVAPI32.dll:
0x47a000 RegCloseKey
0x47a004 RegOpenKeyExA
0x47a008 RegSetValueExA
0x47a00c RegQueryValueA
0x47a010 RegCreateKeyExA
库: SHELL32.dll:
0x47a384 ShellExecuteA
0x47a388 Shell_NotifyIconA
库: ole32.dll:
0x47a688 OleUninitialize
0x47a68c CLSIDFromString
0x47a690 OleInitialize
库: OLEAUT32.dll:
0x47a374 UnRegisterTypeLib
0x47a378 RegisterTypeLib
0x47a37c LoadTypeLib
库: COMCTL32.dll:
0x47a018 ImageList_Destroy
0x47a01c None
库: WS2_32.dll:
0x47a64c recv
0x47a650 getpeername
0x47a654 accept
0x47a658 ioctlsocket
0x47a65c recvfrom
0x47a660 WSAAsyncSelect
0x47a664 closesocket
0x47a668 WSACleanup
0x47a66c inet_ntoa
库: comdlg32.dll:
0x47a674 GetFileTitleA
0x47a678 GetSaveFileNameA
0x47a67c GetOpenFileNameA
0x47a680 ChooseColorA
.text
`.rdata
@.data
.rsrc
8`}<j
T$th
D$@Sj
L$8h
D$8Rj
l$<VWj
T$ Rj
L$4S+L$0Qj
Ph0ZI
}'h
9^xu5j
T$,Qj
T$0Pj
D$8RPj
D$0h
T$,Qj
NpRQj
t$<Vj
T$<h
D$(hF
D$(h
T$Dhb
QSh$bI
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20180719
MicroWorld-eScan 未发现病毒 20180720
CMC 未发现病毒 20180720
CAT-QuickHeal Trojan.Flystudio.100458 20180720
McAfee 未发现病毒 20180720
Cylance Unsafe 20180720
Zillya 未发现病毒 20180719
TheHacker 未发现病毒 20180720
K7GW Trojan ( 005246d51 ) 20180720
K7AntiVirus Trojan ( 005246d51 ) 20180720
TrendMicro 未发现病毒 20180720
Baidu 未发现病毒 20180717
Babable 未发现病毒 20180406
F-Prot W32/Agent.EW.gen!Eldorado 20180720
Symantec ML.Attribute.HighConfidence 20180720
ESET-NOD32 a variant of Win32/Packed.FlyStudio.AA potentially unwanted 20180720
TrendMicro-HouseCall 未发现病毒 20180720
Paloalto 未发现病毒 20180720
ClamAV 未发现病毒 20180720
Kaspersky 未发现病毒 20180720
BitDefender 未发现病毒 20180720
NANO-Antivirus 未发现病毒 20180720
ViRobot 未发现病毒 20180720
SUPERAntiSpyware Trojan.Agent/Gen-OnlineGames 20180720
Avast Win32:Evo-gen [Susp] 20180720
Tencent 未发现病毒 20180720
Ad-Aware 未发现病毒 20180720
Sophos 未发现病毒 20180720
Comodo Worm.Win32.Dropper.RA 20180720
F-Secure 未发现病毒 20180720
DrWeb 未发现病毒 20180720
VIPRE 未发现病毒 20180720
Invincea heuristic 20180717
McAfee-GW-Edition BehavesLike.Win32.Generic.jh 20180720
Fortinet 未发现病毒 20180720
Emsisoft 未发现病毒 20180720
SentinelOne static engine - malicious 20180701
Cyren W32/Agent.EW.gen!Eldorado 20180720
Jiangmin Trojan/Gimemo.hhr 20180720
Webroot 未发现病毒 20180720
Avira 未发现病毒 20180720
MAX 未发现病毒 20180720
Antiy-AVL 未发现病毒 20180720
Kingsoft 未发现病毒 20180720
Endgame malicious (high confidence) 20180711
Arcabit 未发现病毒 20180720
AegisLab 未发现病毒 20180720
ZoneAlarm 未发现病毒 20180720
Avast-Mobile 未发现病毒 20180720
Microsoft 未发现病毒 20180720
AhnLab-V3 Dropper/Win32.Agent.C656419 20180720
ALYac 未发现病毒 20180720
AVware 未发现病毒 20180720
TACHYON 未发现病毒 20180719
VBA32 未发现病毒 20180719
Malwarebytes Spyware.OnlineGames 20180720
Zoner 未发现病毒 20180719
Rising Malware.Heuristic!ET#82% (RDM+:cmRtazq/aHj8Uvy0ekcS6CMgbSMN) 20180720
Yandex 未发现病毒 20180717
Ikarus 未发现病毒 20180720
eGambit 未发现病毒 20180720
GData Win32.Application.PUPStudio.A 20180720
AVG Win32:Evo-gen [Susp] 20180720
Cybereason malicious.43701b 20180225
Panda 未发现病毒 20180719
CrowdStrike malicious_confidence_100% (D) 20180530
Qihoo-360 未发现病毒 20180720

进程树

del.exe, PID: 1784, 上一级进程 PID: 1896
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 13.665 seconds )

  • 7.334 Suricata
  • 1.589 BehaviorAnalysis
  • 1.402 VirusTotal
  • 1.397 TargetInfo
  • 0.904 Static
  • 0.406 AnalysisInfo
  • 0.318 peid
  • 0.23 NetworkAnalysis
  • 0.074 Debug
  • 0.009 Strings
  • 0.001 Memory
  • 0.001 config_decoder

Signatures ( 0.512 seconds )

  • 0.142 md_bad_drop
  • 0.109 api_spamming
  • 0.104 stealth_timeout
  • 0.068 decoy_document
  • 0.019 md_url_bl
  • 0.01 antiav_detectreg
  • 0.008 md_domain_bl
  • 0.007 ransomware_files
  • 0.006 ransomware_extensions
  • 0.005 infostealer_ftp
  • 0.004 persistence_autorun
  • 0.004 antiav_detectfile
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_im
  • 0.002 tinba_behavior
  • 0.002 antianalysis_detectreg
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.001 rat_nanocore
  • 0.001 cerber_behavior
  • 0.001 geodo_banking_trojan
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 modify_proxy
  • 0.001 browser_security
  • 0.001 modify_security_center_warnings
  • 0.001 modify_uac_prompt
  • 0.001 rat_spynet

Reporting ( 0.833 seconds )

  • 0.507 ReportHTMLSummary
  • 0.326 Malheur
Task ID 171251
Mongo ID 5b51b397a093ef5705ea10ce
Cuckoo release 1.4-Maldun