分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp01-2 2018-07-20 20:07:15 2018-07-20 20:09:35 140 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 Server.exe
文件大小 360448 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 b414f495e3925c20866202ca2a3c3ed1
SHA1 9f86df9bcf4677f7bf67795176d0af0b845c16f4
SHA256 ad0f42157ad5933a3024c5e03b02ce59f03b1d5020f9625f7c873b29462a2b43
SHA512 240e5a238d3033ea58a1c8ce47951a0f049899eec0ea5435107d5e52f62e4126b6e9f4e3d97a735c5ef4a0aca3bd787a39c5347619c282bd2152d840c40a6311
CRC32 D505C563
Ssdeep 6144:HsRuN0f+Fxx9wz45sO+sIk4W0FB/oZWfmB/oZWfM6Vh+b:L0f+Fxx9wa7MBwgmBwgLVh+b
Yara 登录查看Yara规则
样本下载 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
123.191.74.46 中国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
cx820329965.f3322.net A 123.191.74.46

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00405b15
声明校验值 0x00000000
实际校验值 0x0005be7d
最低操作系统版本要求 4.0
编译时间 2018-01-02 15:40:16
载入哈希 8f99dd454591142e7afc9ece75de9ae8
图标
图标精确哈希值 5a79a7139650236d5ee934f61e7ee5ce
图标相似性哈希值 0d1b8ed1ec5bcebfa873de911727a8ef

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0001995a 0x0001a000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.57
.rdata 0x0001b000 0x00005990 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.54
.data 0x00021000 0x00011ba8 0x0000e000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.32
.rsrc 0x00033000 0x00028bb4 0x00029000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.57

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
MD5 0x00033f80 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 3.58 ASCII text, with CRLF line terminators
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_ICON 0x000577fc 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 5.10 GLS_BINARY_LSB_FIRST
RT_DIALOG 0x000591f8 0x00000254 LANG_ENGLISH SUBLANG_ENGLISH_US 3.34 data
RT_DIALOG 0x000591f8 0x00000254 LANG_ENGLISH SUBLANG_ENGLISH_US 3.34 data
RT_DIALOG 0x000591f8 0x00000254 LANG_ENGLISH SUBLANG_ENGLISH_US 3.34 data
RT_DIALOG 0x000591f8 0x00000254 LANG_ENGLISH SUBLANG_ENGLISH_US 3.34 data
RT_DIALOG 0x000591f8 0x00000254 LANG_ENGLISH SUBLANG_ENGLISH_US 3.34 data
RT_DIALOG 0x000591f8 0x00000254 LANG_ENGLISH SUBLANG_ENGLISH_US 3.34 data
RT_DIALOG 0x000591f8 0x00000254 LANG_ENGLISH SUBLANG_ENGLISH_US 3.34 data
RT_DIALOG 0x000591f8 0x00000254 LANG_ENGLISH SUBLANG_ENGLISH_US 3.34 data
RT_DIALOG 0x000591f8 0x00000254 LANG_ENGLISH SUBLANG_ENGLISH_US 3.34 data
RT_DIALOG 0x000591f8 0x00000254 LANG_ENGLISH SUBLANG_ENGLISH_US 3.34 data
RT_DIALOG 0x000591f8 0x00000254 LANG_ENGLISH SUBLANG_ENGLISH_US 3.34 data
RT_DIALOG 0x000591f8 0x00000254 LANG_ENGLISH SUBLANG_ENGLISH_US 3.34 data
RT_DIALOG 0x000591f8 0x00000254 LANG_ENGLISH SUBLANG_ENGLISH_US 3.34 data
RT_DIALOG 0x000591f8 0x00000254 LANG_ENGLISH SUBLANG_ENGLISH_US 3.34 data
RT_STRING 0x0005b678 0x0000002c LANG_ENGLISH SUBLANG_ENGLISH_US 1.08 data
RT_STRING 0x0005b678 0x0000002c LANG_ENGLISH SUBLANG_ENGLISH_US 1.08 data
RT_STRING 0x0005b678 0x0000002c LANG_ENGLISH SUBLANG_ENGLISH_US 1.08 data
RT_STRING 0x0005b678 0x0000002c LANG_ENGLISH SUBLANG_ENGLISH_US 1.08 data
RT_STRING 0x0005b678 0x0000002c LANG_ENGLISH SUBLANG_ENGLISH_US 1.08 data
RT_STRING 0x0005b678 0x0000002c LANG_ENGLISH SUBLANG_ENGLISH_US 1.08 data
RT_STRING 0x0005b678 0x0000002c LANG_ENGLISH SUBLANG_ENGLISH_US 1.08 data
RT_STRING 0x0005b678 0x0000002c LANG_ENGLISH SUBLANG_ENGLISH_US 1.08 data
RT_STRING 0x0005b678 0x0000002c LANG_ENGLISH SUBLANG_ENGLISH_US 1.08 data
RT_STRING 0x0005b678 0x0000002c LANG_ENGLISH SUBLANG_ENGLISH_US 1.08 data
RT_STRING 0x0005b678 0x0000002c LANG_ENGLISH SUBLANG_ENGLISH_US 1.08 data
RT_STRING 0x0005b678 0x0000002c LANG_ENGLISH SUBLANG_ENGLISH_US 1.08 data
RT_STRING 0x0005b678 0x0000002c LANG_ENGLISH SUBLANG_ENGLISH_US 1.08 data
RT_STRING 0x0005b678 0x0000002c LANG_ENGLISH SUBLANG_ENGLISH_US 1.08 data
RT_STRING 0x0005b678 0x0000002c LANG_ENGLISH SUBLANG_ENGLISH_US 1.08 data
RT_STRING 0x0005b678 0x0000002c LANG_ENGLISH SUBLANG_ENGLISH_US 1.08 data
RT_STRING 0x0005b678 0x0000002c LANG_ENGLISH SUBLANG_ENGLISH_US 1.08 data
RT_STRING 0x0005b678 0x0000002c LANG_ENGLISH SUBLANG_ENGLISH_US 1.08 data
RT_STRING 0x0005b678 0x0000002c LANG_ENGLISH SUBLANG_ENGLISH_US 1.08 data
RT_STRING 0x0005b678 0x0000002c LANG_ENGLISH SUBLANG_ENGLISH_US 1.08 data
RT_STRING 0x0005b678 0x0000002c LANG_ENGLISH SUBLANG_ENGLISH_US 1.08 data
RT_STRING 0x0005b678 0x0000002c LANG_ENGLISH SUBLANG_ENGLISH_US 1.08 data
RT_STRING 0x0005b678 0x0000002c LANG_ENGLISH SUBLANG_ENGLISH_US 1.08 data
RT_GROUP_ICON 0x0005b87c 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_US 2.08 MS Windows icon resource - 1 icon, 16x16
RT_GROUP_ICON 0x0005b87c 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_US 2.08 MS Windows icon resource - 1 icon, 16x16
RT_GROUP_ICON 0x0005b87c 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_US 2.08 MS Windows icon resource - 1 icon, 16x16
RT_GROUP_ICON 0x0005b87c 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_US 2.08 MS Windows icon resource - 1 icon, 16x16
RT_GROUP_ICON 0x0005b87c 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_US 2.08 MS Windows icon resource - 1 icon, 16x16
RT_GROUP_ICON 0x0005b87c 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_US 2.08 MS Windows icon resource - 1 icon, 16x16
RT_GROUP_ICON 0x0005b87c 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_US 2.08 MS Windows icon resource - 1 icon, 16x16
RT_VERSION 0x0005b890 0x00000324 LANG_ENGLISH SUBLANG_ENGLISH_US 3.50 data

导入

库: KERNEL32.dll:
0x41b0f0 ExitProcess
0x41b0f4 TerminateProcess
0x41b0f8 HeapSize
0x41b0fc GetACP
0x41b104 GetVersionExA
0x41b108 HeapDestroy
0x41b10c HeapCreate
0x41b110 IsBadWritePtr
0x41b12c GetCommandLineA
0x41b130 GetStdHandle
0x41b134 GetFileType
0x41b138 GetStringTypeA
0x41b13c GetStringTypeW
0x41b140 LCMapStringA
0x41b144 LCMapStringW
0x41b148 IsBadCodePtr
0x41b14c SetStdHandle
0x41b150 GetStartupInfoA
0x41b154 GetProfileStringA
0x41b158 RaiseException
0x41b15c HeapFree
0x41b160 RtlUnwind
0x41b164 FlushFileBuffers
0x41b168 SetFilePointer
0x41b16c GetCurrentProcess
0x41b170 SetErrorMode
0x41b174 SizeofResource
0x41b17c GetOEMCP
0x41b180 GetCPInfo
0x41b184 GetProcessVersion
0x41b188 GlobalFlags
0x41b18c TlsGetValue
0x41b190 LocalReAlloc
0x41b194 TlsSetValue
0x41b198 GlobalReAlloc
0x41b19c TlsFree
0x41b1a0 GlobalHandle
0x41b1a4 TlsAlloc
0x41b1a8 LocalAlloc
0x41b1bc GetLastError
0x41b1c0 GlobalFree
0x41b1c4 GetModuleFileNameA
0x41b1c8 GlobalAlloc
0x41b1cc GetCurrentThread
0x41b1d0 lstrcpynA
0x41b1d4 GlobalLock
0x41b1d8 GlobalUnlock
0x41b1dc MulDiv
0x41b1e0 WideCharToMultiByte
0x41b1e4 SetLastError
0x41b1e8 FindResourceA
0x41b1ec LoadResource
0x41b1f0 LockResource
0x41b1f4 GetVersion
0x41b1f8 lstrcatA
0x41b1fc GetCurrentThreadId
0x41b200 GlobalGetAtomNameA
0x41b204 lstrcmpiA
0x41b208 GlobalAddAtomA
0x41b20c GlobalFindAtomA
0x41b210 GlobalDeleteAtom
0x41b214 lstrcpyA
0x41b218 GetModuleHandleA
0x41b21c lstrcmpA
0x41b220 MultiByteToWideChar
0x41b22c LocalFree
0x41b230 lstrlenA
0x41b234 WriteFile
0x41b238 CloseHandle
0x41b23c IsBadReadPtr
0x41b240 VirtualAlloc
0x41b244 FreeLibrary
0x41b248 VirtualFree
0x41b24c GetProcessHeap
0x41b250 HeapReAlloc
0x41b254 HeapAlloc
0x41b258 LoadLibraryA
0x41b25c GetProcAddress
0x41b260 SetHandleCount
库: USER32.dll:
0x41b268 IsDialogMessageA
0x41b26c SetWindowTextA
0x41b270 ShowWindow
0x41b274 IsWindowEnabled
0x41b278 GetNextDlgTabItem
0x41b27c EnableMenuItem
0x41b280 CheckMenuItem
0x41b284 SetMenuItemBitmaps
0x41b288 ModifyMenuA
0x41b28c GetMenuState
0x41b290 LoadBitmapA
0x41b298 InflateRect
0x41b29c PostQuitMessage
0x41b2a0 SetCursor
0x41b2a4 ValidateRect
0x41b2a8 GetActiveWindow
0x41b2ac TranslateMessage
0x41b2b0 GetMessageA
0x41b2b8 EndDialog
0x41b2bc LoadStringA
0x41b2c0 GetClassNameA
0x41b2c4 PtInRect
0x41b2c8 LoadCursorA
0x41b2cc GetSysColorBrush
0x41b2d0 EndPaint
0x41b2d4 BeginPaint
0x41b2d8 GetWindowDC
0x41b2dc ReleaseDC
0x41b2e0 GetDC
0x41b2e4 ClientToScreen
0x41b2e8 PostMessageA
0x41b2ec UpdateWindow
0x41b2f0 SendDlgItemMessageA
0x41b2f4 MapWindowPoints
0x41b2f8 PeekMessageA
0x41b2fc DispatchMessageA
0x41b300 GetFocus
0x41b304 SetActiveWindow
0x41b308 IsWindow
0x41b30c SetFocus
0x41b310 AdjustWindowRectEx
0x41b314 ScreenToClient
0x41b318 IsWindowVisible
0x41b31c GetTopWindow
0x41b320 GetParent
0x41b324 GetCapture
0x41b328 WinHelpA
0x41b32c wsprintfA
0x41b330 GetClassInfoA
0x41b334 RegisterClassA
0x41b338 GetMenu
0x41b33c GetMenuItemCount
0x41b340 GetSubMenu
0x41b344 GetMenuItemID
0x41b348 GetDlgItem
0x41b350 GetWindowTextA
0x41b354 GetDlgCtrlID
0x41b358 GetKeyState
0x41b35c DestroyWindow
0x41b360 CreateWindowExA
0x41b364 SetWindowsHookExA
0x41b368 CallNextHookEx
0x41b36c GetClassLongA
0x41b370 SetPropA
0x41b374 UnhookWindowsHookEx
0x41b378 GetPropA
0x41b37c CallWindowProcA
0x41b380 RemovePropA
0x41b384 DefWindowProcA
0x41b388 GetMessageTime
0x41b38c GetMessagePos
0x41b390 GetLastActivePopup
0x41b394 GetForegroundWindow
0x41b398 SetForegroundWindow
0x41b39c GetWindow
0x41b3a0 GetWindowLongA
0x41b3a4 SetWindowLongA
0x41b3a8 SetWindowPos
0x41b3b0 OffsetRect
0x41b3b4 IntersectRect
0x41b3bc GetWindowPlacement
0x41b3c0 IsIconic
0x41b3c4 GetSystemMetrics
0x41b3c8 GetClientRect
0x41b3cc DrawIcon
0x41b3d0 GetSystemMenu
0x41b3d4 SendMessageA
0x41b3d8 LoadIconA
0x41b3dc EnableWindow
0x41b3e0 GrayStringA
0x41b3e4 DrawTextA
0x41b3e8 TabbedTextOutA
0x41b3ec SetTimer
0x41b3f0 UnregisterClassA
0x41b3f4 HideCaret
0x41b3f8 ShowCaret
0x41b3fc ExcludeUpdateRgn
0x41b400 DrawFocusRect
0x41b404 KillTimer
0x41b408 CreatePopupMenu
0x41b40c AppendMenuA
0x41b410 GetCursorPos
0x41b414 TrackPopupMenu
0x41b418 DestroyMenu
0x41b41c InvalidateRect
0x41b420 CopyRect
0x41b424 GetSysColor
0x41b428 FillRect
0x41b42c GetWindowRect
0x41b430 SetWindowRgn
0x41b434 IsWindowUnicode
0x41b438 CharNextA
0x41b43c DefDlgProcA
0x41b440 MessageBoxA
库: GDI32.dll:
0x41b020 GetBrushOrgEx
0x41b024 CreatePatternBrush
0x41b028 SetPixelV
0x41b034 CreateCompatibleDC
0x41b038 BitBlt
0x41b03c PtVisible
0x41b040 RectVisible
0x41b044 TextOutA
0x41b048 ExtTextOutA
0x41b04c Escape
0x41b050 GetClipBox
0x41b054 SetTextColor
0x41b058 SetBkColor
0x41b05c GetObjectA
0x41b060 DeleteDC
0x41b064 SaveDC
0x41b068 RestoreDC
0x41b06c SelectObject
0x41b070 GetStockObject
0x41b074 SetBkMode
0x41b078 SetMapMode
0x41b07c SetViewportOrgEx
0x41b080 OffsetViewportOrgEx
0x41b084 SetViewportExtEx
0x41b088 ScaleViewportExtEx
0x41b08c SetWindowOrgEx
0x41b090 SetWindowExtEx
0x41b094 ScaleWindowExtEx
0x41b098 SelectClipRgn
0x41b09c GetBkColor
0x41b0a0 IntersectClipRect
0x41b0a4 MoveToEx
0x41b0a8 LineTo
0x41b0ac DeleteObject
0x41b0b0 GetDeviceCaps
0x41b0b4 CreateBitmap
0x41b0b8 PatBlt
0x41b0bc SetBrushOrgEx
0x41b0c0 GetTextColor
0x41b0c4 GetBkMode
0x41b0c8 CreateFontA
0x41b0cc CreateSolidBrush
0x41b0d0 CreatePen
0x41b0d4 CreateRectRgn
0x41b0d8 CreateRoundRectRgn
0x41b0dc OffsetRgn
0x41b0e0 CreateDIBitmap
0x41b0e4 GetTextExtentPointA
0x41b0e8 CombineRgn
库: WINSPOOL.DRV:
0x41b448 DocumentPropertiesA
0x41b44c ClosePrinter
0x41b450 OpenPrinterA
库: ADVAPI32.dll:
0x41b000 RegSetValueExA
0x41b004 RegQueryValueExA
0x41b008 RegOpenKeyExA
0x41b00c RegCreateKeyExA
0x41b010 RegCloseKey
库: COMCTL32.dll:
0x41b018 None

MZ04410
.text
`.rdata
@.data
.rsrc
D$DRj
SVWUj
;5t C
YYF;5
L$ h!
D$$h!
D$$h!
D$(h!
D$(h!
D$@h!
\$dPSWVj
\$dPSWVj
\$dPSWVj
Sh;ZA
~<j j
CObject
CStringList
%*.*f
CTempWnd
AfxOldWndProc423
AfxWnd42s
AfxControlBar42s
AfxMDIFrame42s
AfxFrameOrView42s
AfxOleControl42s
GetMonitorInfoA
EnumDisplayMonitors
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
GetSystemMetrics
USER32
DISPLAY
commctrl_DragListMsg
InitCommonControlsEx
COMCTL32.DLL
CButton
CTempGdiObject
CTempDC
CBitmap
CFont
CBrush
CGdiObject
CPaintDC
CUserException
CResourceException
CCmdTarget
CWinApp
PreviewPages
Settings
CWinThread
CDialog
MS Sans Serif
MS Shell Dlg
CTempMenu
CMenu
CNotSupportedException
CMemoryException
CException
CArchiveException
combobox
CMapPtrToPtr
software
System
MSWHEEL_ROLLMSG
H:mm:ss
dddd, MMMM dd, yyyy
M/d/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
GAIsProcessorFeaturePresent
KERNEL32
e+000
__GLOBAL_HEAP_SELECTED
__MSVCRT_HEAP_SELECT
`h````
(null)
runtime error
Microsoft Visual C++ Runtime Library
Program:
<program name unknown>
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
1#QNAN
1#INF
1#IND
1#SNAN
FButton
ListBox
ComboBox
Static
ComboLBox
WideCharToMultiByte
GetProcAddress
LoadLibraryA
HeapAlloc
HeapReAlloc
GetProcessHeap
VirtualFree
FreeLibrary
VirtualAlloc
IsBadReadPtr
CloseHandle
WriteFile
lstrlenA
LocalFree
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
lstrcmpA
GetModuleHandleA
lstrcpyA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetCurrentThreadId
lstrcatA
GetVersion
LockResource
LoadResource
FindResourceA
SetLastError
MulDiv
GlobalUnlock
GlobalLock
lstrcpynA
GetCurrentThread
GlobalAlloc
GetModuleFileNameA
GlobalFree
GetLastError
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
GetProcessVersion
GetCPInfo
GetOEMCP
WritePrivateProfileStringA
SizeofResource
SetErrorMode
GetCurrentProcess
SetFilePointer
FlushFileBuffers
RtlUnwind
HeapFree
RaiseException
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
HeapSize
GetACP
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
IsBadWritePtr
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
IsBadCodePtr
SetStdHandle
KERNEL32.dll
SetTimer
SetWindowRgn
GetWindowRect
FillRect
GetSysColor
CopyRect
InvalidateRect
DestroyMenu
TrackPopupMenu
GetCursorPos
AppendMenuA
CreatePopupMenu
KillTimer
TabbedTextOutA
DrawTextA
GrayStringA
EnableWindow
LoadIconA
SendMessageA
GetSystemMenu
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
RegisterWindowMessageA
SetWindowPos
SetWindowLongA
GetWindowLongA
GetWindow
SetForegroundWindow
(null)
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20180719
MicroWorld-eScan Gen:Win32.Malware.wq0@aWCJqcni 20180720
CMC 未发现病毒 20180720
CAT-QuickHeal 未发现病毒 20180720
ALYac Gen:Win32.Malware.wq0@aWCJqcni 20180720
Malwarebytes 未发现病毒 20180720
Zillya Trojan.Farfli.Win32.31015 20180719
SUPERAntiSpyware 未发现病毒 20180720
TheHacker 未发现病毒 20180720
K7GW Riskware ( 0040eff71 ) 20180720
K7AntiVirus Riskware ( 0040eff71 ) 20180720
Arcabit Gen:Win32.Malware.E59914 20180720
TrendMicro BKDR_ZEGOST.SM53 20180720
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9516 20180717
NANO-Antivirus Trojan.Win32.Farfli.ewqsqn 20180720
Cyren 未发现病毒 20180720
Symantec 未发现病毒 20180720
TotalDefense 未发现病毒 20180719
TrendMicro-HouseCall BKDR_ZEGOST.SM53 20180720
Avast Win32:Malware-gen 20180720
ClamAV Win.Trojan.Generic-6305873-0 20180720
GData Gen:Win32.Malware.wq0@aWCJqcni 20180720
Kaspersky HEUR:Trojan.Win32.Generic 20180720
BitDefender Gen:Win32.Malware.wq0@aWCJqcni 20180720
Babable 未发现病毒 20180406
AegisLab 未发现病毒 20180720
Tencent Win32.Trojan.Killav.Pcie 20180720
Ad-Aware Gen:Win32.Malware.wq0@aWCJqcni 20180720
Emsisoft Gen:Win32.Malware.wq0@aWCJqcni (B) 20180720
Comodo 未发现病毒 20180720
F-Secure Gen:Win32.Malware.wq0@aWCJqcni 20180720
DrWeb Trojan.DownLoader26.55378 20180720
VIPRE 未发现病毒 20180720
Invincea heuristic 20180717
McAfee-GW-Edition Packed-MW!B414F495E392 20180720
Sophos 未发现病毒 20180720
Paloalto 未发现病毒 20180720
F-Prot 未发现病毒 20180720
Jiangmin 未发现病毒 20180720
Webroot 未发现病毒 20180720
Avira 未发现病毒 20180720
Antiy-AVL Trojan/Win32.Siscos 20180720
Kingsoft 未发现病毒 20180720
Microsoft Backdoor:Win32/Zegost 20180720
Endgame 未发现病毒 20180711
ViRobot 未发现病毒 20180720
ZoneAlarm HEUR:Trojan.Win32.Generic 20180720
Avast-Mobile 未发现病毒 20180720
TACHYON 未发现病毒 20180719
AhnLab-V3 未发现病毒 20180720
McAfee Packed-MW!B414F495E392 20180720
AVware 未发现病毒 20180720
MAX malware (ai score=86) 20180720
VBA32 Trojan.Siscos 20180719
Cylance Unsafe 20180720
Zoner 未发现病毒 20180719
ESET-NOD32 a variant of Win32/Farfli.BLH 20180720
Rising Trojan.Kryptik!1.AAD1 (CLASSIC) 20180720
Yandex 未发现病毒 20180717
SentinelOne 未发现病毒 20180701
eGambit 未发现病毒 20180720
Fortinet W32/Kryptik.FHSE!tr 20180720
AVG Win32:Malware-gen 20180720
Cybereason malicious.5e3925 20180225
Panda 未发现病毒 20180719
CrowdStrike 未发现病毒 20180530
Qihoo-360 Win32/Trojan.a01 20180720

进程树


Server.exe, PID: 1904, 上一级进程 PID: 1608
services.exe, PID: 424, 上一级进程 PID: 332
svchost.exe, PID: 1312, 上一级进程 PID: 424
svchost.exe, PID: 2164, 上一级进程 PID: 1312

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
123.191.74.46 中国

TCP

无TCP连接纪录.

UDP

源地址 源端口 目标地址 目标端口
192.168.122.202 52449 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
cx820329965.f3322.net A 123.191.74.46

TCP

无TCP连接纪录.

UDP

源地址 源端口 目标地址 目标端口
192.168.122.202 52449 192.168.122.1 53

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
文件名 svchost.exe
相关文件
C:\Windows\svchost.exe
文件大小 360448 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 b414f495e3925c20866202ca2a3c3ed1
SHA1 9f86df9bcf4677f7bf67795176d0af0b845c16f4
SHA256 ad0f42157ad5933a3024c5e03b02ce59f03b1d5020f9625f7c873b29462a2b43
CRC32 D505C563
Ssdeep 6144:HsRuN0f+Fxx9wz45sO+sIk4W0FB/oZWfmB/oZWfM6Vh+b:L0f+Fxx9wa7MBwgmBwgLVh+b
下载提交魔盾安全分析
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 16.47 seconds )

  • 7.3 Suricata
  • 5.086 NetworkAnalysis
  • 1.326 VirusTotal
  • 1.15 TargetInfo
  • 0.844 Static
  • 0.371 peid
  • 0.183 AnalysisInfo
  • 0.177 BehaviorAnalysis
  • 0.018 Dropped
  • 0.011 Strings
  • 0.002 Debug
  • 0.002 Memory

Signatures ( 0.117 seconds )

  • 0.013 antiav_detectreg
  • 0.009 md_url_bl
  • 0.008 md_domain_bl
  • 0.007 stealth_timeout
  • 0.006 antiemu_wine_func
  • 0.006 infostealer_ftp
  • 0.005 api_spamming
  • 0.005 kovter_behavior
  • 0.005 md_bad_drop
  • 0.004 infostealer_browser_password
  • 0.004 persistence_autorun
  • 0.004 decoy_document
  • 0.004 antiav_detectfile
  • 0.004 ransomware_files
  • 0.003 antianalysis_detectreg
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_im
  • 0.003 ransomware_extensions
  • 0.002 tinba_behavior
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.002 network_torgateway
  • 0.001 rat_nanocore
  • 0.001 betabot_behavior
  • 0.001 antivm_vbox_libs
  • 0.001 antivm_generic_scsi
  • 0.001 cerber_behavior
  • 0.001 antivm_parallels_keys
  • 0.001 geodo_banking_trojan
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 modify_proxy
  • 0.001 browser_security

Reporting ( 0.396 seconds )

  • 0.389 ReportHTMLSummary
  • 0.007 Malheur
Task ID 171265
Mongo ID 5b51d110bb7d57487c05d1ad
Cuckoo release 1.4-Maldun