比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp01-1 2018-09-10 16:45:51 2018-09-10 16:48:13 142 秒

魔盾分数

0.35

正常的

文件详细信息

文件名 WIN10数字永久激活工具V1.3.4.exe
文件大小 3466120 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 219070907386e2c79fcdc20e0d3a16ea
SHA1 dd71c052295485f25bf56b5aebdaeb80b344988c
SHA256 5a3f7e71ce9d172242690d0bd193daff41cbb873d131a94ff176c0e76e173550
SHA512 6a2dc1a262a9b92a0931311959562de540f6f8548a7b82539659c5ec3b4cd8221c33b3b43aa3fb245bf41f208d496b32a5be5bba59c4fd0bba7e1e1c9fe61927
CRC32 13BF5CB1
Ssdeep 98304:b8N+F7/eZnw8VpeD7QQ8jSN7/eZnw8VpeD7QQ8jSHBsW:wNH28TeD7QQIv28TeD7QQI6BsW
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00401000
声明校验值 0x00000000
实际校验值 0x00350a95
最低操作系统版本要求 4.0
编译时间 2018-09-07 15:35:44
载入哈希 7927423a1375ee326d36436838269036
图标
图标精确哈希值 d77189b04283de57f546031effcefeee
图标相似性哈希值 3d7d9a7344d4997c5b3dd0739fddb38c

版本信息

FileDescription
CompanyName
Translation

PEiD 规则

[u'PureBasic 4.x -> Neil Hodgson']

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.code 0x00001000 0x00008c65 0x00008e00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 5.84
.text 0x0000a000 0x00053cb1 0x00053e00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.56
.rdata 0x0005e000 0x0000916c 0x00009200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.65
.data 0x00068000 0x002d6dec 0x002d5800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 6.92
.rsrc 0x0033f000 0x00010e50 0x00011000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.42

覆盖

偏移量 0x0034ca00
大小 0x00001988

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_ICON 0x0033f130 0x00010828 LANG_ENGLISH SUBLANG_ENGLISH_US 3.27 data
RT_GROUP_ICON 0x0034f958 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_US 1.98 MS Windows icon resource - 1 icon, 128x128
RT_VERSION 0x0034f96c 0x00000178 LANG_ENGLISH SUBLANG_ENGLISH_US 3.10 zlib compressed data
RT_MANIFEST 0x0034fae4 0x0000036a LANG_ENGLISH SUBLANG_ENGLISH_US 4.87 XML 1.0 document, ASCII text

导入

库: KERNEL32.DLL:
0x73b33c GetModuleHandleW
0x73b340 HeapCreate
0x73b34c HeapDestroy
0x73b350 ExitProcess
0x73b35c FindResourceW
0x73b360 LoadResource
0x73b364 LockResource
0x73b368 SizeofResource
0x73b370 CloseHandle
0x73b378 QueryDosDeviceW
0x73b388 GetCurrentProcess
0x73b390 MultiByteToWideChar
0x73b394 GetProcAddress
0x73b398 CreateRemoteThread
0x73b39c WaitForSingleObject
0x73b3a0 GetExitCodeThread
0x73b3a4 GetCurrentProcessId
0x73b3a8 OpenProcess
0x73b3ac GetLastError
0x73b3b0 FormatMessageW
0x73b3b8 FindFirstFileW
0x73b3bc FindNextFileW
0x73b3c0 FindClose
0x73b3c4 WideCharToMultiByte
0x73b3cc UpdateResourceW
0x73b3d0 EndUpdateResourceW
0x73b3d4 CreateProcessW
0x73b3d8 Beep
0x73b3dc CreateFileW
0x73b3e0 CreateSemaphoreW
0x73b3e4 DeviceIoControl
0x73b3e8 GetCommandLineW
0x73b3ec GetComputerNameW
0x73b3f0 GetDateFormatW
0x73b3f4 GetDiskFreeSpaceExW
0x73b3f8 GetExitCodeProcess
0x73b3fc GetFileTime
0x73b404 GetShortPathNameW
0x73b408 GetSystemDirectoryW
0x73b414 GetUserDefaultLCID
0x73b41c GlobalMemoryStatus
0x73b420 LocalFree
0x73b424 Process32FirstW
0x73b428 Process32NextW
0x73b434 SetComputerNameW
0x73b438 SetFileTime
0x73b43c SetSystemTime
0x73b440 SetVolumeLabelW
0x73b444 Sleep
0x73b448 TerminateProcess
0x73b45c CreateThread
0x73b460 HeapAlloc
0x73b464 HeapFree
0x73b468 FreeLibrary
0x73b46c LoadLibraryW
0x73b470 GetCurrentThreadId
0x73b474 DuplicateHandle
0x73b478 CreatePipe
0x73b47c GetStdHandle
0x73b480 PeekNamedPipe
0x73b484 ReadFile
0x73b48c GetModuleFileNameW
0x73b490 HeapReAlloc
0x73b494 GetFileSize
0x73b498 SetFilePointer
0x73b49c SetEndOfFile
0x73b4a0 WriteFile
0x73b4a4 TlsAlloc
0x73b4a8 TlsSetValue
0x73b4ac GetTickCount
0x73b4b0 TlsGetValue
0x73b4b4 DeleteFileW
0x73b4b8 MulDiv
0x73b4bc GetVersionExW
0x73b4c0 SetLastError
0x73b4c4 GetDriveTypeW
0x73b4c8 GetFileAttributesW
0x73b4d0 CreateDirectoryW
0x73b4d4 SetFileAttributesW
0x73b4d8 RemoveDirectoryW
0x73b4dc CopyFileW
0x73b4e0 GetTempPathW
0x73b4e4 MoveFileW
0x73b4e8 GetLocalTime
0x73b4ec GlobalFree
0x73b4f0 GlobalAlloc
0x73b4f4 HeapSize
0x73b4f8 TlsFree
0x73b504 InterlockedExchange
0x73b508 UnregisterWait
0x73b50c GetCurrentThread
库: ADVAPI32.DLL:
0x73b7b0 RegOpenKeyExW
0x73b7b4 RegOpenKeyW
0x73b7b8 RegConnectRegistryW
0x73b7bc RegQueryValueExW
0x73b7c0 RegCloseKey
0x73b7c4 RegDeleteKeyW
0x73b7c8 RegSetValueExW
0x73b7cc RegCreateKeyExW
0x73b7d0 LookupAccountNameW
0x73b7d4 IsValidSid
0x73b7d8 RegEnumKeyExW
0x73b7dc RegDeleteValueW
0x73b7e0 RegCreateKeyW
0x73b7ec CloseServiceHandle
0x73b7f0 ControlService
0x73b7f8 CryptCreateHash
0x73b7fc CryptDeriveKey
0x73b800 CryptDestroyHash
0x73b804 CryptDestroyKey
0x73b808 CryptEncrypt
0x73b80c CryptHashData
0x73b810 CryptReleaseContext
0x73b814 GetUserNameW
0x73b81c LogonUserW
0x73b824 OpenProcessToken
0x73b828 OpenSCManagerW
0x73b82c OpenServiceW
0x73b830 QueryServiceStatus
0x73b834 RegEnumValueW
0x73b838 RevertToSelf
0x73b83c StartServiceW
库: COMCTL32.DLL:
库: GDI32.DLL:
0x73b718 CreateDCW
0x73b71c CreateCompatibleDC
0x73b724 SelectObject
0x73b728 BitBlt
0x73b72c DeleteDC
0x73b730 GetPixel
0x73b734 GetStockObject
0x73b738 DeleteObject
0x73b73c CreateFontW
0x73b740 GetObjectType
0x73b744 GetObjectW
0x73b750 SelectClipRgn
0x73b754 SetBkMode
0x73b758 SetTextColor
0x73b75c TextOutW
0x73b760 CreatePen
0x73b764 MoveToEx
0x73b768 LineTo
0x73b76c ExcludeClipRect
0x73b770 SetBkColor
0x73b774 CreateSolidBrush
0x73b778 GetDeviceCaps
0x73b77c GdiGetBatchLimit
0x73b780 GdiSetBatchLimit
0x73b784 CreateDIBSection
0x73b788 CreateBitmap
0x73b78c SetPixel
0x73b790 GetDIBits
0x73b794 SetTextAlign
0x73b798 SetStretchBltMode
0x73b79c SetBrushOrgEx
0x73b7a0 StretchBlt
0x73b7a4 CreateFontIndirectW
0x73b7a8 GetTextMetricsW
库: gdiplus.dll:
0x73b518 GdipDeleteFont
0x73b51c GdipDeleteGraphics
0x73b520 GdipDeletePath
0x73b524 GdipDeleteMatrix
0x73b528 GdipDeletePen
0x73b530 GdipFree
0x73b534 GdipGetDpiX
0x73b538 GdipGetDpiY
库: ICMP.DLL:
0x73b908 IcmpCloseHandle
0x73b90c IcmpCreateFile
0x73b910 IcmpSendEcho
库: IMAGEHLP.DLL:
库: IPHLPAPI.DLL:
0x73b920 GetAdaptersInfo
0x73b924 GetNetworkParams
库: MSI.DLL:
0x73b92c MsiEnumProductsW
0x73b930 MsiGetProductInfoW
库: MSVCRT.dll:
0x73b240 memset
0x73b244 memcpy
0x73b248 log10
0x73b24c _wfopen
0x73b250 fseek
0x73b254 fclose
0x73b258 wcslen
0x73b25c wcscpy
0x73b260 wcscat
0x73b264 wcscmp
0x73b268 memmove
0x73b26c memcmp
0x73b270 strlen
0x73b274 strcpy
0x73b278 strcat
0x73b27c _stricmp
0x73b280 fread
0x73b284 longjmp
0x73b288 _setjmp3
0x73b28c malloc
0x73b290 free
0x73b294 wcsncmp
0x73b298 floor
0x73b29c wcsncpy
0x73b2a0 _snwprintf
0x73b2a4 _wcsicmp
0x73b2a8 tolower
0x73b2ac gmtime
0x73b2b0 localtime
0x73b2b4 mktime
0x73b2b8 _wcsnicmp
0x73b2bc _itow
0x73b2c0 fabs
0x73b2c4 ceil
0x73b2c8 ftell
0x73b2cc pow
0x73b2d0 ??3@YAXPAX@Z
0x73b2d4 wcsstr
0x73b2d8 _wcsdup
0x73b2dc frexp
0x73b2e0 modf
0x73b2e4 _CIpow
0x73b2e8 fopen
0x73b2ec _errno
0x73b2f0 strerror
0x73b2f4 abort
0x73b2f8 atof
0x73b2fc fflush
0x73b300 ferror
0x73b304 remove
0x73b308 fwrite
0x73b30c exit
0x73b310 sprintf
0x73b314 __p__iob
0x73b318 fprintf
0x73b31c getenv
0x73b320 sscanf
0x73b324 _vsnwprintf
0x73b328 cos
0x73b32c fmod
0x73b330 sin
0x73b334 abs
库: NETAPI32.DLL:
0x73b938 NetApiBufferFree
0x73b93c NetLocalGroupAdd
0x73b940 NetLocalGroupDel
0x73b944 NetLocalGroupEnum
0x73b948 NetUserDel
0x73b94c NetUserGetInfo
0x73b950 NetUserSetInfo
库: OLE32.DLL:
0x73b85c CoInitialize
0x73b860 CoCreateInstance
0x73b864 CoUninitialize
0x73b868 CoInitializeEx
0x73b870 CoSetProxyBlanket
0x73b874 CoCreateGuid
0x73b878 StringFromGUID2
0x73b87c RevokeDragDrop
库: OLEAUT32.DLL:
0x73b84c SafeArrayGetDim
0x73b850 SafeArrayGetUBound
0x73b854 SafeArrayGetElement
库: SETUPAPI.DLL:
库: SHELL32.DLL:
0x73b88c ExtractIconExW
0x73b890 ExtractIconW
0x73b894 IsNetDrive
0x73b898 RealDriveType
0x73b89c SHAddToRecentDocs
0x73b8a0 SHFileOperationW
0x73b8a4 SHFormatDrive
0x73b8a8 SHGetFileInfoW
0x73b8ac ShellAboutW
0x73b8b0 Shell_NotifyIconW
0x73b8b4 ShellExecuteExW
库: URLMON.DLL:
0x73b960 URLDownloadToFileW
库: USER32.DLL:
0x73b554 OemToCharW
0x73b558 SendMessageW
0x73b55c ReleaseDC
0x73b560 EnumWindows
0x73b568 FindWindowExW
0x73b56c FindWindowW
0x73b570 GetCursorPos
0x73b574 GetForegroundWindow
0x73b578 SetCursorPos
0x73b57c AnimateWindow
0x73b580 AttachThreadInput
0x73b584 BlockInput
0x73b58c CharToOemW
0x73b590 CreateWindowExW
0x73b594 DrawMenuBar
0x73b598 EnableMenuItem
0x73b59c EnableWindow
0x73b5a4 ExitWindowsEx
0x73b5a8 FlashWindow
0x73b5ac GetClassNameW
0x73b5b0 GetDC
0x73b5b4 GetDesktopWindow
0x73b5b8 GetFocus
0x73b5bc GetKeyState
0x73b5c0 GetLastInputInfo
0x73b5c4 GetSysColor
0x73b5c8 GetSystemMenu
0x73b5cc GetSystemMetrics
0x73b5d0 GetWindow
0x73b5d4 GetWindowLongW
0x73b5d8 GetWindowRect
0x73b5dc GetWindowTextW
0x73b5e0 IsWindow
0x73b5e4 IsWindowEnabled
0x73b5e8 KillTimer
0x73b5ec LoadCursorW
0x73b5f0 LockWorkStation
0x73b5f4 MessageBeep
0x73b5f8 PostMessageW
0x73b5fc RegisterHotKey
0x73b600 RemoveMenu
0x73b604 SetClassLongW
0x73b608 SetFocus
0x73b60c SetForegroundWindow
0x73b610 SetTimer
0x73b614 SetWindowLongW
0x73b618 SetWindowPos
0x73b61c ShowWindow
0x73b620 UnregisterHotKey
0x73b624 UpdateWindow
0x73b628 WaitForInputIdle
0x73b62c keybd_event
0x73b630 mouse_event
0x73b634 BeginPaint
0x73b638 EndPaint
0x73b63c DefWindowProcW
0x73b640 LoadIconW
0x73b644 RegisterClassExW
0x73b648 MessageBoxW
0x73b64c IsWindowVisible
0x73b650 DestroyWindow
0x73b654 SetWindowTextW
0x73b658 GetIconInfo
0x73b65c InvalidateRect
0x73b660 RedrawWindow
0x73b664 CallWindowProcW
0x73b668 ReleaseCapture
0x73b66c DrawStateW
0x73b670 SetCapture
0x73b674 ScreenToClient
0x73b67c SetRect
0x73b680 DrawTextW
0x73b684 SetCursor
0x73b688 GetParent
0x73b68c FillRect
0x73b690 GetClientRect
0x73b694 GetMessagePos
0x73b698 RemovePropW
0x73b69c GetPropW
0x73b6a0 SetPropW
0x73b6a4 SetScrollPos
0x73b6a8 InflateRect
0x73b6ac GetWindowDC
0x73b6b0 GetSysColorBrush
0x73b6b4 SetActiveWindow
0x73b6b8 DestroyIcon
0x73b6bc RegisterClassW
0x73b6c0 AdjustWindowRectEx
0x73b6c8 UnregisterClassW
0x73b6cc PeekMessageW
0x73b6d4 GetMessageW
0x73b6d8 GetActiveWindow
0x73b6e0 TranslateMessage
0x73b6e4 DispatchMessageW
0x73b6e8 DefFrameProcW
0x73b6f0 EnumChildWindows
0x73b6f4 IsChild
0x73b6fc CopyImage
0x73b708 CharUpperW
0x73b70c CharLowerW
0x73b710 DrawIconEx
库: USERENV.DLL:
库: WININET.DLL:
0x73b978 InternetCloseHandle
0x73b980 InternetOpenUrlW
0x73b984 InternetOpenW
0x73b988 InternetReadFile
库: WINMM.DLL:
0x73b900 timeBeginPeriod
库: WINSPOOL.DRV:
0x73b540 ClosePrinter
0x73b544 DeletePrinter
0x73b548 OpenPrinterW
0x73b54c SetPrinterW
库: WSOCK32.DLL:
0x73b8bc WSAStartup
0x73b8c0 gethostbyname
0x73b8c4 WSACleanup
0x73b8c8 gethostbyaddr
0x73b8cc inet_addr
0x73b8d0 closesocket
0x73b8d4 gethostname
0x73b8d8 htons
0x73b8dc select
0x73b8e0 __WSAFDIsSet
0x73b8e4 ioctlsocket
0x73b8e8 recvfrom
0x73b8ec socket
0x73b8f0 bind
0x73b8f4 connect
0x73b8f8 recv
.code
`.text
`.rdata
@.data
.rsrc
D$@Ph
D$HPh
D$XPh
D$,Ph
D$0Ph
D$0Ph
D$8Ph
D$HPh
D$4Ph
t$dPj
T$$RVj
WWVVWWh
t$4Wj
HPVh,3
UVVh<3
UVUh:3
OuAh43
UVUh>3
UVUh53
VVh=3
WVPh,3
VWh63
VWh.3
t9V@Pj
\$$j,j
D$0Pj
PUWSj
PUWSj
wI;O(wDj
|o=S?
没有防病毒引擎扫描信息!

进程树

WIN10________________________V1.3.4.exe, PID: 2520, 上一级进程 PID: 2384
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 15.352 seconds )

  • 7.243 Suricata
  • 3.686 TargetInfo
  • 2.242 Static
  • 1.32 VirusTotal
  • 0.325 peid
  • 0.22 NetworkAnalysis
  • 0.198 AnalysisInfo
  • 0.098 BehaviorAnalysis
  • 0.009 Strings
  • 0.005 config_decoder
  • 0.003 Debug
  • 0.003 Memory

Signatures ( 0.129 seconds )

  • 0.023 antiav_detectreg
  • 0.011 md_url_bl
  • 0.009 infostealer_ftp
  • 0.006 persistence_autorun
  • 0.006 antiav_detectfile
  • 0.006 infostealer_im
  • 0.005 antianalysis_detectreg
  • 0.005 md_domain_bl
  • 0.005 ransomware_files
  • 0.004 stealth_timeout
  • 0.004 infostealer_bitcoin
  • 0.004 infostealer_mail
  • 0.004 md_bad_drop
  • 0.004 ransomware_extensions
  • 0.003 api_spamming
  • 0.003 disables_browser_warn
  • 0.002 rat_nanocore
  • 0.002 tinba_behavior
  • 0.002 decoy_document
  • 0.002 cerber_behavior
  • 0.002 antivm_vbox_files
  • 0.002 geodo_banking_trojan
  • 0.002 browser_security
  • 0.001 betabot_behavior
  • 0.001 mimics_filetime
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 antivm_generic_disk
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 modify_proxy
  • 0.001 modify_uac_prompt

Reporting ( 0.547 seconds )

  • 0.507 ReportHTMLSummary
  • 0.04 Malheur
Task ID 185600
Mongo ID 5b962fdfbb7d57145ab8dcaf
Cuckoo release 1.4-Maldun