分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2018-09-21 03:30:04 2018-09-21 03:32:58 174 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 QQ9.0.1.23130.exe
文件大小 2321920 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 361a05feeaa25e125b274138cf477ddb
SHA1 1d5b5ef33bfa14aa2cc2730944f49aaba4323316
SHA256 c398395376ab1635d1ad3b70e91980414b071941470d99dd56a6537065e16e59
SHA512 bc41e8094cc52da3a8df621089edd8577775cf0a418ea92b7ade8f6c47606c04b706fb3eecfa4410a299cd98bc68d2c2ce495bfb307d86fac3feaba3f4060c5e
CRC32 6DEE8968
Ssdeep 49152:IT3Aj0CZ3AJNLy4IJnsyRgPr5qfPHR0eh//lQgXMOhQXNWKWnhHzlVd2PtUjRaW9:Zj0CZ3CLyzJLRgPr5qfPHR0e5/SgmgKb
Yara 登录查看Yara规则
样本下载 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
222.82.211.174 中国

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00510704
声明校验值 0x0023cef4
实际校验值 0x0023cef4
最低操作系统版本要求 5.1
编译时间 2018-07-11 13:45:30
载入哈希 cc49924afcc874d98c22c692c6829e3a

版本信息

LegalCopyright
InternalName
FileVersion
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0013517c 0x00135200 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.52
.rdata 0x00137000 0x00046fd8 0x00047000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.12
.data 0x0017e000 0x0000dc00 0x00006600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.67
.rsrc 0x0018c000 0x0008a304 0x0008a400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.96
.reloc 0x00217000 0x00029d94 0x00029e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 5.15

导入

库: KERNEL32.dll:
0x537234 GlobalFlags
0x537238 LocalAlloc
0x53723c TlsGetValue
0x537240 GlobalReAlloc
0x537244 GlobalHandle
0x53724c SetFileTime
0x537250 TlsSetValue
0x537254 LocalReAlloc
0x537258 TlsFree
0x53725c CreateActCtxW
0x537260 ReleaseActCtx
0x537264 GetSystemDirectoryW
0x537268 lstrcpyA
0x53726c GetCPInfo
0x537270 GetOEMCP
0x537274 GetACP
0x53727c GetThreadLocale
0x537284 GetStringTypeExA
0x537288 lstrcmpiA
0x53728c MoveFileA
0x537290 ReadFile
0x537294 SetFilePointer
0x537298 FlushFileBuffers
0x53729c LockFile
0x5372a0 UnlockFile
0x5372a4 SetEndOfFile
0x5372a8 GetFileSize
0x5372ac DuplicateHandle
0x5372b0 FindClose
0x5372b4 FindFirstFileA
0x5372bc GetShortPathNameA
0x5372cc GetFileSizeEx
0x5372d0 GetTempPathA
0x5372d8 GetNumberFormatA
0x5372dc SetErrorMode
0x5372e0 GetProfileIntA
0x5372e4 SearchPathA
0x5372e8 VirtualProtect
0x5372ec FindResourceExW
0x5372f0 RtlUnwind
0x5372f4 DecodePointer
0x5372f8 EncodePointer
0x5372fc HeapFree
0x537300 HeapAlloc
0x537304 ExitThread
0x537308 GetCommandLineA
0x53730c HeapSetInformation
0x537310 GetStartupInfoW
0x537314 RaiseException
0x537318 VirtualAlloc
0x53731c GetSystemInfo
0x537320 VirtualQuery
0x537324 HeapReAlloc
0x53732c HeapSize
0x537334 SetStdHandle
0x537338 GetFileType
0x53733c TerminateProcess
0x537348 IsDebuggerPresent
0x537350 GetDiskFreeSpaceA
0x537354 GetStdHandle
0x537358 HeapCreate
0x53735c IsValidCodePage
0x537368 SetHandleCount
0x537370 GetStringTypeW
0x537374 CompareStringW
0x537378 LCMapStringW
0x537380 GetConsoleCP
0x537384 GetConsoleMode
0x537388 WriteConsoleW
0x537390 ReplaceFileA
0x537398 ResumeThread
0x53739c SetThreadPriority
0x5373ac CopyFileA
0x5373b0 GlobalSize
0x5373b4 FormatMessageA
0x5373b8 LocalFree
0x5373bc lstrlenW
0x5373c0 MulDiv
0x5373c4 GlobalFree
0x5373c8 GetCurrentThread
0x5373cc GetModuleFileNameA
0x5373dc GetLocaleInfoA
0x5373e0 LoadLibraryExA
0x5373e4 lstrcmpA
0x5373e8 GlobalAlloc
0x5373ec GetModuleHandleW
0x5373f0 InterlockedExchange
0x5373f4 GetCurrentThreadId
0x5373f8 GlobalFindAtomA
0x5373fc GlobalDeleteAtom
0x537400 GetVersionExA
0x537404 CompareStringA
0x537418 LoadLibraryW
0x53741c FreeLibrary
0x537420 lstrcmpW
0x537424 FreeResource
0x537428 GlobalLock
0x53742c GlobalUnlock
0x537430 GetCurrentProcessId
0x537434 LoadLibraryA
0x537438 lstrlenA
0x53743c GlobalGetAtomNameA
0x537440 GlobalAddAtomA
0x537444 ActivateActCtx
0x537448 DeactivateActCtx
0x53744c SetLastError
0x537450 FindResourceW
0x537454 LockResource
0x537458 MultiByteToWideChar
0x53745c GetFullPathNameA
0x537460 GetTempFileNameA
0x537464 GetFileTime
0x537468 CreateFileW
0x537470 CreateProcessW
0x537478 GetModuleFileNameW
0x53747c GetShortPathNameW
0x537480 WideCharToMultiByte
0x537488 GetFileAttributesA
0x53748c CreateDirectoryA
0x537490 GetTickCount
0x537494 DeleteFileA
0x537498 CreateMutexA
0x53749c CreateThread
0x5374a0 WaitForSingleObject
0x5374a4 WinExec
0x5374a8 CreateProcessA
0x5374ac ExitProcess
0x5374b0 GetModuleHandleA
0x5374b4 GetProcAddress
0x5374b8 GetCurrentProcess
0x5374bc CreateFileA
0x5374c0 GetLastError
0x5374c4 OutputDebugStringA
0x5374c8 FindResourceA
0x5374cc LoadResource
0x5374d0 SizeofResource
0x5374d4 WriteFile
0x5374d8 CloseHandle
0x5374dc Sleep
0x5374e0 TlsAlloc
库: USER32.dll:
0x537594 SetCapture
0x537598 CharUpperA
0x53759c LoadAcceleratorsW
0x5375a0 LoadMenuW
0x5375a4 CharNextA
0x5375ac InvalidateRgn
0x5375b0 GetNextDlgGroupItem
0x5375b4 MessageBeep
0x5375b8 DrawIcon
0x5375bc SetWindowRgn
0x5375c0 CreateMenu
0x5375c4 PostThreadMessageA
0x5375cc UnregisterClassA
0x5375d4 NotifyWinEvent
0x5375d8 GetAsyncKeyState
0x5375dc SetClassLongA
0x5375e0 DrawStateA
0x5375e4 DrawIconEx
0x5375e8 DrawEdge
0x5375ec DrawFrameControl
0x5375f0 DrawFocusRect
0x5375f4 ToAsciiEx
0x5375f8 GetKeyboardLayout
0x5375fc GetKeyboardState
0x537604 SetCursorPos
0x537608 GetMenuDefaultItem
0x53760c InvertRect
0x537610 HideCaret
0x537614 EnableScrollBar
0x537618 GetIconInfo
0x537624 WaitMessage
0x537628 DefFrameProcA
0x53762c DefMDIChildProcA
0x537630 DrawMenuBar
0x537638 MonitorFromPoint
0x53763c UpdateLayeredWindow
0x537640 IsMenu
0x537644 SetMenuDefaultItem
0x537648 FrameRect
0x53764c GetUpdateRect
0x537650 OpenClipboard
0x537654 SetClipboardData
0x537658 CloseClipboard
0x53765c EmptyClipboard
0x537660 LoadImageW
0x537664 CopyIcon
0x537668 CharUpperBuffA
0x53766c GetDoubleClickTime
0x537670 IsCharLowerA
0x537674 MapVirtualKeyExA
0x537678 SubtractRect
0x53767c GetWindowRgn
0x537684 ClientToScreen
0x537688 FillRect
0x53768c LoadCursorW
0x537690 LoadCursorA
0x537694 DestroyCursor
0x537698 SetRect
0x53769c ShowOwnedPopups
0x5376a0 GetMessageA
0x5376a4 TranslateMessage
0x5376a8 GetCursorPos
0x5376b0 MapDialogRect
0x5376b4 GetMenuStringA
0x5376b8 InsertMenuA
0x5376bc RemoveMenu
0x5376c4 PostQuitMessage
0x5376c8 SetParent
0x5376cc GetSystemMenu
0x5376d0 AppendMenuA
0x5376d4 DeleteMenu
0x5376d8 IsRectEmpty
0x5376dc MoveWindow
0x5376e0 SetWindowTextA
0x5376e4 IsDialogMessageA
0x5376e8 SetDlgItemTextA
0x5376ec CheckDlgButton
0x5376f0 SetMenuItemBitmaps
0x5376f8 LoadBitmapW
0x5376fc ModifyMenuA
0x537700 GetMenuState
0x537704 EnableMenuItem
0x537708 CheckMenuItem
0x537710 LoadIconA
0x537714 SendDlgItemMessageA
0x537718 IsChild
0x53771c LockWindowUpdate
0x537720 CallNextHookEx
0x537724 GetClassLongA
0x537728 SetPropA
0x53772c GetPropA
0x537730 RemovePropA
0x537738 GetWindowTextA
0x53773c GetForegroundWindow
0x537740 DispatchMessageA
0x537744 BeginDeferWindowPos
0x537748 EndDeferWindowPos
0x53774c GetTopWindow
0x537750 DestroyWindow
0x537754 UnhookWindowsHookEx
0x537758 GetMessageTime
0x53775c GetMessagePos
0x537760 MonitorFromWindow
0x537764 GetMonitorInfoA
0x537768 MapWindowPoints
0x53776c ScrollWindow
0x537770 TrackPopupMenu
0x537774 SetScrollRange
0x537778 GetScrollRange
0x53777c SetScrollPos
0x537780 GetScrollPos
0x537784 ShowScrollBar
0x537788 RedrawWindow
0x53778c ValidateRect
0x537790 GetClientRect
0x537794 MessageBoxA
0x537798 CreateWindowExA
0x53779c GetClassInfoExA
0x5377a0 RegisterClassA
0x5377a4 AdjustWindowRectEx
0x5377a8 ScreenToClient
0x5377ac DeferWindowPos
0x5377b0 GetScrollInfo
0x5377b4 SetScrollInfo
0x5377b8 SetWindowPlacement
0x5377bc GetWindowPlacement
0x5377c0 DefWindowProcA
0x5377c4 CallWindowProcA
0x5377c8 PtInRect
0x5377cc GetDC
0x5377d0 ReleaseDC
0x5377d4 IsZoomed
0x5377d8 GetSystemMetrics
0x5377dc GetClassNameA
0x5377e0 GetSysColor
0x5377e4 UnpackDDElParam
0x5377e8 ReuseDDElParam
0x5377ec LoadMenuA
0x5377f0 DestroyMenu
0x5377f4 WinHelpA
0x5377f8 SetWindowPos
0x5377fc LoadImageA
0x537800 DestroyIcon
0x537808 GetActiveWindow
0x53780c IsWindowEnabled
0x537810 EqualRect
0x537814 GetDlgItem
0x537818 GetDlgCtrlID
0x53781c GetKeyState
0x537820 LoadIconW
0x537824 SetCursor
0x537828 PeekMessageA
0x53782c GetCapture
0x537830 ReleaseCapture
0x537834 LoadAcceleratorsA
0x537838 SetActiveWindow
0x53783c IsWindowVisible
0x537840 InvalidateRect
0x537844 IsIconic
0x537848 SendMessageA
0x53784c InsertMenuItemA
0x537850 GetSubMenu
0x537854 GetMenuItemID
0x537858 GetMenuItemCount
0x53785c CreatePopupMenu
0x537860 GetClassInfoA
0x537864 IntersectRect
0x537868 OffsetRect
0x53786c SetRectEmpty
0x537870 CopyRect
0x537874 GetMenu
0x537878 GetLastActivePopup
0x53787c BringWindowToTop
0x537880 PostMessageA
0x537884 SetMenu
0x537888 GetDesktopWindow
0x53788c GetWindow
0x537890 ShowWindow
0x537894 GetWindowLongA
0x537898 IsWindow
0x53789c wsprintfA
0x5378a0 SetForegroundWindow
0x5378a4 FindWindowA
0x5378a8 keybd_event
0x5378ac UpdateWindow
0x5378b4 EnableWindow
0x5378b8 SetFocus
0x5378bc GetNextDlgTabItem
0x5378c0 GetParent
0x5378c4 SetWindowLongA
0x5378c8 GetWindowRect
0x5378cc GetFocus
0x5378d0 GetDCEx
0x5378d4 CopyImage
0x5378d8 WindowFromPoint
0x5378dc KillTimer
0x5378e0 SetTimer
0x5378e4 UnionRect
0x5378ec EnumDisplayMonitors
0x5378f0 GetSysColorBrush
0x5378f4 MapVirtualKeyA
0x5378f8 GetKeyNameTextA
0x5378fc EndPaint
0x537900 BeginPaint
0x537904 GetWindowDC
0x537908 GrayStringA
0x53790c DrawTextExA
0x537910 DrawTextA
0x537914 TabbedTextOutA
0x53791c GetMenuItemInfoA
0x537920 SetWindowsHookExA
0x537924 InflateRect
0x537928 EndDialog
库: SHELL32.dll:
0x537544 SHBrowseForFolderA
0x537548 SHAppBarMessage
0x53754c ShellExecuteA
0x537558 SHGetDesktopFolder
0x53755c SHGetFileInfoA
0x537560 ExtractIconA
0x537564 SHAddToRecentDocs
0x537568 DragQueryFileA
0x53756c DragFinish
0x537570 SHGetFolderPathA
0x537574 ShellExecuteExA
库: ole32.dll:
0x5379a8 OleLockRunning
0x5379b0 StringFromCLSID
0x5379b4 OleInitialize
0x5379b8 OleGetClipboard
0x5379c0 OleFlushClipboard
0x5379c4 DoDragDrop
0x5379c8 CoRevokeClassObject
0x5379d0 RegisterDragDrop
0x5379d4 RevokeDragDrop
0x5379dc OleUninitialize
0x5379e8 IsAccelerator
0x5379f8 CoCreateGuid
0x537a04 CoGetClassObject
0x537a08 CoInitialize
0x537a0c CoInitializeEx
0x537a10 CoCreateInstance
0x537a14 CoSetProxyBlanket
0x537a18 CoUninitialize
0x537a1c CLSIDFromString
0x537a20 CLSIDFromProgID
0x537a24 OleDuplicateData
0x537a28 CoTaskMemAlloc
0x537a2c ReleaseStgMedium
0x537a30 CoTaskMemFree
库: OLEAUT32.dll:
0x537508 SysStringLen
0x537510 VariantCopy
0x537514 VariantInit
0x537518 VariantChangeType
0x53751c VariantClear
0x537520 SysAllocString
0x537524 SysFreeString
0x537528 SafeArrayDestroy
0x537534 VarBstrFromDate
0x53753c SysAllocStringLen
库: MSIMG32.dll:
0x5374ec TransparentBlt
0x5374f0 AlphaBlend
库: COMCTL32.dll:
库: SHLWAPI.dll:
0x53757c PathFindExtensionA
0x537580 PathIsUNCA
0x537584 PathRemoveFileSpecW
0x537588 PathFindFileNameA
0x53758c PathStripToRootA
库: oledlg.dll:
0x537a38 None
库: OLEACC.dll:
0x5374fc LresultFromObject
库: gdiplus.dll:
0x537954 GdipBitmapLockBits
0x537960 GdipGetImagePalette
0x53796c GdipGetImageHeight
0x537970 GdipGetImageWidth
0x537974 GdiplusShutdown
0x537978 GdipFree
0x53797c GdipAlloc
0x537980 GdipDeleteGraphics
0x537984 GdipDisposeImage
0x53798c GdiplusStartup
0x537990 GdipCreateFromHDC
0x537998 GdipDrawImageRectI
0x53799c GdipCloneImage
0x5379a0 GdipDrawImageI
库: IMM32.dll:
0x537224 ImmReleaseContext
0x537228 ImmGetContext
0x53722c ImmGetOpenStatus
库: WINMM.dll:
0x537930 PlaySoundA
库: GDI32.dll:
0x537050 CreatePatternBrush
0x537054 SelectPalette
0x537058 CreateCompatibleDC
0x53705c SelectObject
0x537060 GetTextMetricsA
0x537068 DeleteObject
0x53706c GetCharWidthA
0x537070 CreateFontA
0x537074 GetObjectA
0x537078 DeleteDC
0x53707c StretchDIBits
0x537080 SetTextColor
0x537084 SetBkColor
0x537088 CreateBitmap
0x53708c GetDeviceCaps
0x537090 CopyMetaFileA
0x537094 CreateDCA
0x537098 CreateFontIndirectA
0x53709c DPtoLP
0x5370a0 StartDocA
0x5370a4 StartPage
0x5370a8 EndPage
0x5370ac SetAbortProc
0x5370b0 AbortDoc
0x5370b4 EndDoc
0x5370b8 CreatePen
0x5370bc ExtSelectClipRgn
0x5370c0 Rectangle
0x5370c4 PatBlt
0x5370cc ScaleWindowExtEx
0x5370d0 SetWindowExtEx
0x5370d4 OffsetWindowOrgEx
0x5370d8 SetWindowOrgEx
0x5370dc ScaleViewportExtEx
0x5370e0 GetStockObject
0x5370e4 BitBlt
0x5370e8 ExtTextOutA
0x5370ec SaveDC
0x5370f0 RestoreDC
0x5370f4 SetBkMode
0x5370f8 SetPolyFillMode
0x5370fc SetROP2
0x537100 SetStretchBltMode
0x537104 SetMapMode
0x537108 GetClipBox
0x53710c ExcludeClipRect
0x537110 IntersectClipRect
0x537114 LineTo
0x537118 MoveToEx
0x53711c SetTextAlign
0x537120 GetLayout
0x537124 SetViewportExtEx
0x537128 OffsetViewportOrgEx
0x53712c SetViewportOrgEx
0x537130 Escape
0x537134 TextOutA
0x537138 RectVisible
0x53713c PtVisible
0x537140 GetPixel
0x537144 GetWindowExtEx
0x537148 GetViewportExtEx
0x53714c CreateRectRgn
0x537150 SelectClipRgn
0x537154 GetObjectType
0x537158 GetViewportOrgEx
0x53715c CreateSolidBrush
0x537160 CreateHatchBrush
0x537168 CreateDIBitmap
0x53716c EnumFontFamiliesA
0x537170 GetTextCharsetInfo
0x537174 SetRectRgn
0x537178 CombineRgn
0x53717c GetMapMode
0x537180 GetBkColor
0x537184 GetTextColor
0x537188 GetRgnBox
0x53718c CreateEllipticRgn
0x537190 LPtoDP
0x537194 Ellipse
0x537198 CreateDIBSection
0x53719c GetNearestColor
0x5371a0 GetBkMode
0x5371a4 GetPolyFillMode
0x5371a8 GetROP2
0x5371ac GetStretchBltMode
0x5371b0 GetTextAlign
0x5371b4 GetTextFaceA
0x5371b8 GetTextExtentPointA
0x5371c0 GetWindowOrgEx
0x5371c4 CreateRoundRectRgn
0x5371c8 CreatePolygonRgn
0x5371cc Polyline
0x5371d0 Polygon
0x5371d4 CreatePalette
0x5371d8 GetPaletteEntries
0x5371e0 RealizePalette
0x5371e8 OffsetRgn
0x5371ec SetDIBColorTable
0x5371f0 StretchBlt
0x5371f4 SetPixel
0x5371f8 EnumFontFamiliesExA
0x5371fc PtInRegion
0x537200 FillRgn
0x537204 FrameRgn
0x537208 GetBoundsRect
0x53720c ExtFloodFill
0x537210 SetPaletteEntries
0x537214 SetPixelV
0x53721c SetLayout
库: WINSPOOL.DRV:
0x537938 GetJobA
0x53793c DocumentPropertiesA
0x537940 ClosePrinter
0x537944 OpenPrinterA
库: COMDLG32.dll:
0x537048 GetFileTitleA
库: ADVAPI32.dll:
0x537000 RegEnumValueA
0x537004 RegCloseKey
0x537008 RegQueryValueExA
0x53700c RegOpenKeyExA
0x537010 RegSetValueA
0x537014 RegDeleteKeyA
0x537018 RegEnumKeyA
0x53701c RegQueryValueA
0x537020 RegCreateKeyExA
0x537024 RegSetValueExA
0x537028 RegDeleteValueA
0x53702c SetFileSecurityA
0x537030 GetFileSecurityA
0x537034 RegEnumKeyExA
0x537038 RegOpenKeyExW

.text
`.rdata
@.data
.rsrc
@.reloc
4h(EX
Sh(EX
Ph(EX
j hS-B
9=XcX
9=XcX
9=<eX
th9=paX
@ Sh+FA
没有防病毒引擎扫描信息!

进程树


QQ9.0.1.23130.exe, PID: 2536, 上一级进程 PID: 2396
expand.exe, PID: 2612, 上一级进程 PID: 2536
hpqhvind.exe, PID: 2808, 上一级进程 PID: 2536
cmd.exe, PID: 2840, 上一级进程 PID: 2536

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
222.82.211.174 中国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49168 222.82.211.174 9818
192.168.122.201 49169 222.82.211.174 9818
192.168.122.201 49170 222.82.211.174 9818

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49168 222.82.211.174 9818
192.168.122.201 49169 222.82.211.174 9818
192.168.122.201 49170 222.82.211.174 9818

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
文件名 fszwd.dat
相关文件
C:\ProgramData\BaiduNetdisk\fszwd.dat
文件大小 69120 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 0c02abb8329f845dadb47a444d17baff
SHA1 5a0fd5816c3be8a112b9186bd25fdeda66005f57
SHA256 1823aafa35a6bbdefa50b1002436c9bfe4ec74b103d5583c54f55c0a7db5f046
CRC32 8887C3A0
Ssdeep 768:sPlzAM7SQ4tjheXp2r7Ih034XohyaSStP6i22A5RDGEnBsngSYEDdGVneAhf/GQC:SzhSep2r7IhIHyFOPlA5RDLnOng1xm
下载提交魔盾安全分析
文件名 1.ldf
相关文件
C:\ProgramData\BaiduNetdisk\1.ldf
文件大小 116751 字节
文件类型 data
MD5 ebc584c804707990e5c1f441ed501cc8
SHA1 7958cdc7f49ba50c5c355f03e8f80f7f421c96f3
SHA256 943343ed466b6af506540f654371a2bcbf11689966de3c21298b6b74939b4ddc
CRC32 831B04A4
Ssdeep 1536:m3G4H33uOJhbREkEYCgcahN3J+9x4exxZS2tLxMtmz18XvPgIt9xARV5Em:m3NH33hJhboahJJ+tXULUz18/Yx5B
下载提交魔盾安全分析
文件名 1.ndf
相关文件
C:\ProgramData\BaiduNetdisk\1.ndf
文件大小 6109 字节
文件类型 data
MD5 64410a692a4816f1d505db0090b82a2a
SHA1 70f9e83c4fbd63ff21d195231876b0d7a30cf83b
SHA256 80f23e2822a020a584c2e0981ad5a69cb8f2dee5c2e5e0ef83b615429f342cd5
CRC32 62C3FC62
Ssdeep 96:Irov8LQfaBoyTSPu+N22gAFz81wf5SVPDBycM66qjm75rrc2GDpaplgqQ:5HaBopTN2QzWwxUPFycr6qqFrrKFbF
下载提交魔盾安全分析
文件名 BaiduNetdiskXC1A67E90
相关文件
C:\ProgramData\BaiduNetdiskXC1A67E90
文件大小 544547 字节
文件类型 Microsoft Cabinet archive data, 544547 bytes, 5 files
MD5 e08f7a031657a446af0a496a1747857f
SHA1 b66144c6ba971ae8b82cf50991782ac790801fb4
SHA256 defba502da53a12bd057707d31fa62be5c1788ad3f8d1aa8b4bc594957b0cb9b
CRC32 FE8BC02F
Ssdeep 12288:5ZZWVeS4UHLktpktWDMPp1cShKUM4uTu+Fi2/+x3:DZWVeS4UHepnqpKU/uTuu1m
下载提交魔盾安全分析
文件名 27740808.bat
相关文件
C:\Users\test\AppData\Local\Temp\27740808.bat
文件大小 187 字节
文件类型 DOS batch file, ASCII text, with CRLF line terminators
MD5 ac83e082d9f085c51df5539d476bd27a
SHA1 b81d7b66d2086e872d91a31d53c79e4ee8efb4a7
SHA256 72b565d3fcb08d0a79cb3103771099d288faa4105c07b3ddfd3e9ea5e35c0421
CRC32 C9B0070C
Ssdeep 3:mKDDEOmWfkiE2J5xAIc4NUmWfkiE2J5xAIcWjw20HmRPmWfkiE2J5xAIxdG:hHm+kn23fc4NUm+kn23fcW0/Hm1m+knr
下载提交魔盾安全分析显示文本
@echo off
:d
del "C:\Users\test\AppData\Local\Temp\QQ9012~1.EXE"
if exist "C:\Users\test\AppData\Local\Temp\QQ9012~1.EXE" goto d
del /F "C:\Users\test\AppData\Local\Temp\27740808.bat"
文件名 hpqhvind.exe
相关文件
C:\ProgramData\BaiduNetdisk\hpqhvind.exe
文件大小 829672 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 ca9e7dccb0a9ffd5e6247096e863461b
SHA1 c2c47222f21526796294aa4a6b460f567270e2a7
SHA256 1dc5d8ba74d2ff1cdfe7b857b6fa9e3c02a38c758a597fbaca546c8bd6063521
CRC32 C0BF9F64
Ssdeep 12288:WcCDI+4dKxxZuxIu2Xlei/gkrE1bfrUF3y6Y5PlBBG4H8nzRG9O9MOSFY7MIIFH7:WtQOEv2Xu/fReecnBQ
下载提交魔盾安全分析
文件名 setupact.log
相关文件
C:\Windows\Logs\DPX\setupact.log
文件大小 2133 字节
文件类型 UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 64e7bcf0b167db55ab73bec365cd126f
SHA1 3506267189241b8b4d316fc40d6427f14e548838
SHA256 80d2af0d72459ae475f745c24d447020769c23d72b6c9e6f19a21014f7cc613c
CRC32 95DAB7AF
Ssdeep 48:tg26KNL6KN26KNL6KNT6K76Km6K76KL6Kt6KU6Kt6K16Kt6KQ:tglKN+KNlKN+KNWKuKVKuK+KMKXKMKkF
下载提交魔盾安全分析
文件名 1.mdf
相关文件
C:\ProgramData\BaiduNetdisk\1.mdf
文件大小 6578 字节
文件类型 data
MD5 70b46d7cf176bc214e74aabdd276a5f2
SHA1 78c00e1fffb6d0b0c8580a18628e4759a03871ac
SHA256 ddfa41046ae454e3c8fc98bedb3d16c7b82aff6de9529b94ca581611ca4709db
CRC32 93C718B8
Ssdeep 192:D4hNzluP2diCUVWOM1YmWsPjei8J7CIj+vKtlukGDOK:DSNzUPrV/PmdTOvj5tlukk1
下载提交魔盾安全分析
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 39.875 seconds )

  • 15.332 Static
  • 12.48 Suricata
  • 5.201 NetworkAnalysis
  • 4.758 TargetInfo
  • 0.958 BehaviorAnalysis
  • 0.583 peid
  • 0.314 AnalysisInfo
  • 0.161 Dropped
  • 0.062 Debug
  • 0.016 Strings
  • 0.007 config_decoder
  • 0.003 Memory

Signatures ( 1.181 seconds )

  • 0.32 md_bad_drop
  • 0.187 antiav_detectreg
  • 0.068 infostealer_ftp
  • 0.047 stealth_timeout
  • 0.039 antianalysis_detectreg
  • 0.039 infostealer_im
  • 0.036 api_spamming
  • 0.031 decoy_document
  • 0.024 md_url_bl
  • 0.022 stealth_file
  • 0.022 antivm_generic_scsi
  • 0.022 infostealer_mail
  • 0.014 antiav_detectfile
  • 0.012 md_domain_bl
  • 0.01 mimics_filetime
  • 0.01 kibex_behavior
  • 0.01 antivm_generic_disk
  • 0.01 antivm_parallels_keys
  • 0.009 persistence_autorun
  • 0.009 antivm_xen_keys
  • 0.009 geodo_banking_trojan
  • 0.009 darkcomet_regkeys
  • 0.009 infostealer_bitcoin
  • 0.008 antiemu_wine_func
  • 0.008 reads_self
  • 0.008 antivm_generic_services
  • 0.008 betabot_behavior
  • 0.008 virus
  • 0.008 ransomware_extensions
  • 0.008 ransomware_files
  • 0.008 recon_fingerprint
  • 0.007 bootkit
  • 0.007 kovter_behavior
  • 0.006 infostealer_browser_password
  • 0.006 antivm_generic_diskreg
  • 0.006 antivm_vbox_files
  • 0.005 ransomware_message
  • 0.004 hancitor_behavior
  • 0.004 injection_createremotethread
  • 0.004 antivm_vbox_libs
  • 0.004 antisandbox_productid
  • 0.004 disables_browser_warn
  • 0.004 packer_armadillo_regkey
  • 0.003 rat_nanocore
  • 0.003 tinba_behavior
  • 0.003 injection_runpe
  • 0.003 antivm_xen_keys
  • 0.003 antivm_hyperv_keys
  • 0.003 antivm_vbox_acpi
  • 0.003 antivm_vbox_keys
  • 0.003 antivm_vmware_keys
  • 0.003 antivm_vpc_keys
  • 0.003 browser_security
  • 0.003 bypass_firewall
  • 0.002 hawkeye_behavior
  • 0.002 antiav_avast_libs
  • 0.002 infostealer_browser
  • 0.002 antisandbox_sunbelt_libs
  • 0.002 exec_crash
  • 0.002 injection_rwx
  • 0.002 vawtrak_behavior
  • 0.002 cerber_behavior
  • 0.002 antidbg_devices
  • 0.002 antivm_generic_bios
  • 0.002 antivm_generic_cpu
  • 0.002 antivm_generic_system
  • 0.002 modify_proxy
  • 0.002 modify_uac_prompt
  • 0.002 recon_programs
  • 0.001 network_tor
  • 0.001 antivm_vmware_libs
  • 0.001 sets_autoconfig_url
  • 0.001 kazybot_behavior
  • 0.001 antisandbox_sboxie_libs
  • 0.001 ipc_namedpipe
  • 0.001 antiav_bitdefender_libs
  • 0.001 shifu_behavior
  • 0.001 ursnif_behavior
  • 0.001 securityxploded_modules
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_vmware_files
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 codelux_behavior
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 modify_security_center_warnings
  • 0.001 office_security
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 stealth_hide_notifications
  • 0.001 targeted_flame

Reporting ( 0.35 seconds )

  • 0.35 Malheur
Task ID 189314
Mongo ID 5ba3f61e2e063355a81ae92b
Cuckoo release 1.4-Maldun