恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-hpdapp03-1	2018-10-06 14:25:31	2018-10-06 14:28:01	150 秒

魔盾分数

5.25

可疑的

文件详细信息

文件名	The Scroll Of Taiwu Early Access Plus 38 Trainer Updated 2018.10.05.exe
文件大小	1807872 字节
文件类型	PE32+ executable (GUI) x86-64, for MS Windows
MD5	4423a1d9838c37baf55aa477b40dd36e
SHA1	21adc862bb2f4bec3bd04e4398b71718a2734ef4
SHA256	43faebf2e74580efeebe38b375044631ab0a75d0c8fe15e9c2600b716b0f0911
SHA512	3a7aa0693cb2666ca80eb87b1737d68fa0b9234ff8d28d92f2d5d2409efd87b0101bbbbb5cb28f80d700c3d011775553161a251e06dbda50af1f922709a6ce97
CRC32	E3C5B4A0
Ssdeep	24576:UdSsZu1wzVCDSKmifXEmkBkC9dIYvy8mYLx2:zcswhMmGXz/C9dvnx2
Yara	登录查看Yara规则
	样本下载提交漏报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址	0x140000000
入口地址	0x14004c0a0
声明校验值	0x00000000
实际校验值	0x001c2db7
最低操作系统版本要求	6.0
编译时间	2018-10-05 18:42:57
载入哈希	3c84ee1d2efd6ad7daadb073943e18e5
图标
图标精确哈希值	0ba2d793e22fa06db80e1e35d71acfad
图标相似性哈希值	c006c3aa0e4b6640c9b325e553adba39

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x000900b4	0x00090200	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.45
.rdata	0x00092000	0x000329cc	0x00032a00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.85
.data	0x000c5000	0x00005bcc	0x00003600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	4.18
.pdata	0x000cb000	0x00006c78	0x00006e00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.80
.rsrc	0x000d2000	0x000ea8a8	0x000eaa00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	7.22
.reloc	0x001bd000	0x00001674	0x00001800	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	5.35

资源

名称	偏移量	大小	语言	子语言	熵(Entropy)	文件类型
MID	0x00142e78	0x00007ebd	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.82	Standard MIDI data (format 1) using 10 tracks at 1/384
PNG	0x0013be98	0x00001906	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	7.94	PNG image data, 170 x 21, 8-bit/color RGBA, non-interlaced
PNG	0x0013be98	0x00001906	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	7.94	PNG image data, 170 x 21, 8-bit/color RGBA, non-interlaced
PNG	0x0013be98	0x00001906	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	7.94	PNG image data, 170 x 21, 8-bit/color RGBA, non-interlaced
PNG	0x0013be98	0x00001906	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	7.94	PNG image data, 170 x 21, 8-bit/color RGBA, non-interlaced
PNG	0x0013be98	0x00001906	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	7.94	PNG image data, 170 x 21, 8-bit/color RGBA, non-interlaced
PNG	0x0013be98	0x00001906	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	7.94	PNG image data, 170 x 21, 8-bit/color RGBA, non-interlaced
PNG	0x0013be98	0x00001906	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	7.94	PNG image data, 170 x 21, 8-bit/color RGBA, non-interlaced
PNG	0x0013be98	0x00001906	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	7.94	PNG image data, 170 x 21, 8-bit/color RGBA, non-interlaced
PNG	0x0013be98	0x00001906	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	7.94	PNG image data, 170 x 21, 8-bit/color RGBA, non-interlaced
PNG	0x0013be98	0x00001906	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	7.94	PNG image data, 170 x 21, 8-bit/color RGBA, non-interlaced
PNG	0x0013be98	0x00001906	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	7.94	PNG image data, 170 x 21, 8-bit/color RGBA, non-interlaced
PNG	0x0013be98	0x00001906	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	7.94	PNG image data, 170 x 21, 8-bit/color RGBA, non-interlaced
PNG	0x0013be98	0x00001906	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	7.94	PNG image data, 170 x 21, 8-bit/color RGBA, non-interlaced
PNG	0x0013be98	0x00001906	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	7.94	PNG image data, 170 x 21, 8-bit/color RGBA, non-interlaced
PNG	0x0013be98	0x00001906	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	7.94	PNG image data, 170 x 21, 8-bit/color RGBA, non-interlaced
PNG	0x0013be98	0x00001906	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	7.94	PNG image data, 170 x 21, 8-bit/color RGBA, non-interlaced
PNG	0x0013be98	0x00001906	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	7.94	PNG image data, 170 x 21, 8-bit/color RGBA, non-interlaced
PNG	0x0013be98	0x00001906	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	7.94	PNG image data, 170 x 21, 8-bit/color RGBA, non-interlaced
PNG	0x0013be98	0x00001906	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	7.94	PNG image data, 170 x 21, 8-bit/color RGBA, non-interlaced
PNG	0x0013be98	0x00001906	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	7.94	PNG image data, 170 x 21, 8-bit/color RGBA, non-interlaced
PNG	0x0013be98	0x00001906	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	7.94	PNG image data, 170 x 21, 8-bit/color RGBA, non-interlaced
REMOTE	0x00193818	0x00028e00	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	6.14	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
REMOTE	0x00193818	0x00028e00	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	6.14	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
REMOTE	0x00193818	0x00028e00	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	6.14	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
WAVE	0x001401a8	0x00002ccc	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	7.03	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 11025 Hz
WAVE	0x001401a8	0x00002ccc	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	7.03	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 11025 Hz
RT_ICON	0x000edbe8	0x00000468	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	6.21	GLS_BINARY_LSB_FIRST
RT_ICON	0x000edbe8	0x00000468	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	6.21	GLS_BINARY_LSB_FIRST
RT_ICON	0x000edbe8	0x00000468	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	6.21	GLS_BINARY_LSB_FIRST
RT_ICON	0x000edbe8	0x00000468	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	6.21	GLS_BINARY_LSB_FIRST
RT_ICON	0x000edbe8	0x00000468	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	6.21	GLS_BINARY_LSB_FIRST
RT_ICON	0x000edbe8	0x00000468	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	6.21	GLS_BINARY_LSB_FIRST
RT_ICON	0x000edbe8	0x00000468	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	6.21	GLS_BINARY_LSB_FIRST
RT_ICON	0x000edbe8	0x00000468	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	6.21	GLS_BINARY_LSB_FIRST
RT_ICON	0x000edbe8	0x00000468	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	6.21	GLS_BINARY_LSB_FIRST
RT_ACCELERATOR	0x000ee0b0	0x00000010	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	1.80	data
RT_GROUP_ICON	0x000ee050	0x0000005a	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.71	MS Windows icon resource - 6 icons, 48x48
RT_GROUP_ICON	0x000ee050	0x0000005a	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.71	MS Windows icon resource - 6 icons, 48x48
RT_VERSION	0x0014ad38	0x000004d4	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.55	data
RT_MANIFEST	0x001bc618	0x0000028d	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.06	XML 1.0 document text

导入

库: KERNEL32.dll:

• 0x140092050 GetModuleHandleA

• 0x140092058 HeapFree

• 0x140092060 InitializeCriticalSectionEx

• 0x140092068 HeapSize

• 0x140092070 GetLastError

• 0x140092078 HeapReAlloc

• 0x140092080 RaiseException

• 0x140092088 HeapAlloc

• 0x140092090 DecodePointer

• 0x140092098 DeleteCriticalSection

• 0x1400920a0 GetProcessHeap

• 0x1400920a8 GetModuleHandleW

• 0x1400920b0 FindResourceW

• 0x1400920b8 SizeofResource

• 0x1400920c0 LoadResource

• 0x1400920c8 GlobalAlloc

• 0x1400920d0 GlobalLock

• 0x1400920d8 GlobalUnlock

• 0x1400920e0 FreeResource

• 0x1400920e8 LockResource

• 0x1400920f0 CreateFileW

• 0x1400920f8 GetFileAttributesW

• 0x140092100 GetModuleFileNameW

• 0x140092108 GetCurrentProcess

• 0x140092110 FreeLibrary

• 0x140092118 IsWow64Process

• 0x140092120 SetLastError

• 0x140092128 ResumeThread

• 0x140092130 WaitForSingleObject

• 0x140092138 GetPrivateProfileStringW

• 0x140092140 WritePrivateProfileStringW

• 0x140092148 LoadLibraryA

• 0x140092150 WriteConsoleW

• 0x140092158 SetStdHandle

• 0x140092160 SetEnvironmentVariableW

• 0x140092168 FreeEnvironmentStringsW

• 0x140092170 GetEnvironmentStringsW

• 0x140092178 GetCommandLineW

• 0x140092180 GetCommandLineA

• 0x140092188 GetOEMCP

• 0x140092190 GetACP

• 0x140092198 IsValidCodePage

• 0x1400921a0 FindNextFileW

• 0x1400921a8 FindFirstFileExW

• 0x1400921b0 FindClose

• 0x1400921b8 GetTimeZoneInformation

• 0x1400921c0 EnumSystemLocalesW

• 0x1400921c8 GetUserDefaultLCID

• 0x1400921d0 IsValidLocale

• 0x1400921d8 GetTimeFormatW

• 0x1400921e0 GetDateFormatW

• 0x1400921e8 SetFilePointerEx

• 0x1400921f0 CreateFileMappingW

• 0x1400921f8 GetConsoleMode

• 0x140092200 GetConsoleCP

• 0x140092208 FlushFileBuffers

• 0x140092210 GetFileType

• 0x140092218 WriteFile

• 0x140092220 GetStdHandle

• 0x140092228 ExitProcess

• 0x140092230 GetModuleHandleExW

• 0x140092238 ExitThread

• 0x140092240 RtlPcToFileHeader

• 0x140092248 RtlUnwindEx

• 0x140092250 GetProcAddress

• 0x140092258 LoadLibraryW

• 0x140092260 CreateDirectoryW

• 0x140092268 GetTempPathW

• 0x140092270 GetCurrentProcessId

• 0x140092278 Sleep

• 0x140092280 MapViewOfFile

• 0x140092288 UnregisterWaitEx

• 0x140092290 QueryDepthSList

• 0x140092298 InterlockedFlushSList

• 0x1400922a0 InterlockedPushEntrySList

• 0x1400922a8 InterlockedPopEntrySList

• 0x1400922b0 ReleaseSemaphore

• 0x1400922b8 VirtualFree

• 0x1400922c0 VirtualProtect

• 0x1400922c8 VirtualAlloc

• 0x1400922d0 GetVersionExW

• 0x1400922d8 LoadLibraryExW

• 0x1400922e0 FreeLibraryAndExitThread

• 0x1400922e8 GetThreadTimes

• 0x1400922f0 UnregisterWait

• 0x1400922f8 RegisterWaitForSingleObject

• 0x140092300 SetThreadAffinityMask

• 0x140092308 GetProcessAffinityMask

• 0x140092310 GetNumaHighestNodeNumber

• 0x140092318 DeleteTimerQueueTimer

• 0x140092320 ChangeTimerQueueTimer

• 0x140092328 CreateTimerQueueTimer

• 0x140092330 GetLogicalProcessorInformation

• 0x140092338 GetThreadPriority

• 0x140092340 SetThreadPriority

• 0x140092348 CreateThread

• 0x140092350 SignalObjectAndWait

• 0x140092358 CreateTimerQueue

• 0x140092360 InitializeSListHead

• 0x140092368 GetStartupInfoW

• 0x140092370 IsProcessorFeaturePresent

• 0x140092378 TerminateProcess

• 0x140092380 SetUnhandledExceptionFilter

• 0x140092388 UnhandledExceptionFilter

• 0x140092390 RtlVirtualUnwind

• 0x140092398 RtlLookupFunctionEntry

• 0x1400923a0 RtlCaptureContext

• 0x1400923a8 ResetEvent

• 0x1400923b0 SetEvent

• 0x1400923b8 GetCPInfo

• 0x1400923c0 GetLocaleInfoW

• 0x1400923c8 LCMapStringW

• 0x1400923d0 CompareStringW

• 0x1400923d8 UnmapViewOfFile

• 0x1400923e0 CloseHandle

• 0x1400923e8 QueryPerformanceCounter

• 0x1400923f0 EncodePointer

• 0x1400923f8 GetTickCount

• 0x140092400 IsDebuggerPresent

• 0x140092408 OutputDebugStringW

• 0x140092410 EnterCriticalSection

• 0x140092418 LeaveCriticalSection

• 0x140092420 WideCharToMultiByte

• 0x140092428 MultiByteToWideChar

• 0x140092430 GetStringTypeW

• 0x140092438 DuplicateHandle

• 0x140092440 WaitForSingleObjectEx

• 0x140092448 SwitchToThread

• 0x140092450 GetCurrentThread

• 0x140092458 GetCurrentThreadId

• 0x140092460 TryEnterCriticalSection

• 0x140092468 InitializeCriticalSectionAndSpinCount

• 0x140092470 CreateEventW

• 0x140092478 TlsAlloc

• 0x140092480 TlsGetValue

• 0x140092488 TlsSetValue

• 0x140092490 TlsFree

• 0x140092498 GetSystemTimeAsFileTime

库: USER32.dll:

• 0x1400924b8 TranslateMessage

• 0x1400924c0 DispatchMessageW

• 0x1400924c8 PostMessageW

• 0x1400924d0 GetMessageW

• 0x1400924d8 TranslateAcceleratorW

• 0x1400924e0 LoadCursorW

• 0x1400924e8 CreateWindowExW

• 0x1400924f0 SendMessageW

• 0x1400924f8 MessageBoxW

• 0x140092500 MessageBoxA

• 0x140092508 SystemParametersInfoW

• 0x140092510 LoadIconW

• 0x140092518 RegisterClassExW

• 0x140092520 GetSystemMetrics

• 0x140092528 SetWindowLongPtrW

• 0x140092530 ShowWindow

• 0x140092538 UpdateWindow

• 0x140092540 GetDC

• 0x140092548 GetWindowRect

• 0x140092550 UpdateLayeredWindow

• 0x140092558 ReleaseDC

• 0x140092560 GetWindowLongPtrW

• 0x140092568 DefWindowProcW

• 0x140092570 SetLayeredWindowAttributes

• 0x140092578 BeginPaint

• 0x140092580 EndPaint

• 0x140092588 PostQuitMessage

• 0x140092590 SetTimer

• 0x140092598 SetCursor

• 0x1400925a0 KillTimer

• 0x1400925a8 ReleaseCapture

• 0x1400925b0 MoveWindow

• 0x1400925b8 LoadAcceleratorsW

库: GDI32.dll:

• 0x140092018 DeleteDC

• 0x140092020 SelectObject

• 0x140092028 CreateDIBSection

• 0x140092030 CreateCompatibleDC

• 0x140092038 DeleteObject

• 0x140092040 CreateFontIndirectW

库: SHELL32.dll:

• 0x1400924a8 SHGetFolderPathW

库: ole32.dll:

• 0x140092720 CreateStreamOnHGlobal

库: gdiplus.dll:

• 0x140092600 GdipCreateImageAttributes

• 0x140092608 GdipDisposeImageAttributes

• 0x140092610 GdipSetImageAttributesColorMatrix

• 0x140092618 GdipGetImageWidth

• 0x140092620 GdipGetImageHeight

• 0x140092628 GdipCreateTexture

• 0x140092630 GdipCreateTextureIAI

• 0x140092638 GdipSetTextureWrapMode

• 0x140092640 GdipTranslateTextureTransform

• 0x140092648 GdipFillRectangleI

• 0x140092650 GdiplusStartup

• 0x140092658 GdiplusShutdown

• 0x140092660 GdipCreateBitmapFromStream

• 0x140092668 GdipAlloc

• 0x140092670 GdipDisposeImage

• 0x140092678 GdipGetTextureImage

• 0x140092680 GdipCreateFont

• 0x140092688 GdipGetGenericFontFamilySansSerif

• 0x140092690 GdipDeleteFontFamily

• 0x140092698 GdipCreateFontFamilyFromName

• 0x1400926a0 GdipCreateSolidFill

• 0x1400926a8 GdipCloneStringFormat

• 0x1400926b0 GdipStringFormatGetGenericTypographic

• 0x1400926b8 GdipSetStringFormatFlags

• 0x1400926c0 GdipDeleteFont

• 0x1400926c8 GdipSetSolidFillColor

• 0x1400926d0 GdipDrawString

• 0x1400926d8 GdipCreateFromHDC

• 0x1400926e0 GdipDeleteGraphics

• 0x1400926e8 GdipSetStringFormatAlign

• 0x1400926f0 GdipFree

• 0x1400926f8 GdipCloneImage

• 0x140092700 GdipDeleteBrush

• 0x140092708 GdipCloneBrush

• 0x140092710 GdipMeasureString

库: WINMM.dll:

• 0x1400925e8 PlaySoundW

• 0x1400925f0 mciSendStringW

库: COMCTL32.dll:

• 0x140092000 InitCommonControlsEx

• 0x140092008 _TrackMouseEvent

库: VERSION.dll:

• 0x1400925c8 VerQueryValueW

• 0x1400925d0 GetFileVersionInfoW

• 0x1400925d8 GetFileVersionInfoSizeW

.text
`.rdata
@.data
.pdata
@.rsrc
@.reloc
l$ H=
d$`H=
|$@H=
d$`H=
t$@H=
|$HH=
l$ H=

防病毒引擎/厂商	病毒名/规则匹配	病毒库日期
Bkav	未发现病毒	20181005
MicroWorld-eScan	未发现病毒	20181005
CMC	未发现病毒	20181005
CAT-QuickHeal	未发现病毒	20181005
McAfee	未发现病毒	20181005
Cylance	未发现病毒	20181005
Zillya	未发现病毒	20181003
SUPERAntiSpyware	未发现病毒	20181005
TheHacker	未发现病毒	20181001
BitDefender	未发现病毒	20181005
K7GW	未发现病毒	20181003
K7AntiVirus	未发现病毒	20181005
Invincea	未发现病毒	20180717
Baidu	未发现病毒	20180930
Babable	未发现病毒	20180918
Cyren	未发现病毒	20181005
Symantec	未发现病毒	20181005
ESET-NOD32	未发现病毒	20181005
TrendMicro-HouseCall	未发现病毒	20181005
Avast	未发现病毒	20181005
ClamAV	未发现病毒	20181005
Kaspersky	未发现病毒	20181005
Alibaba	未发现病毒	20180921
NANO-Antivirus	未发现病毒	20181005
Paloalto	未发现病毒	20181005
ViRobot	未发现病毒	20181005
Rising	未发现病毒	20181005
Ad-Aware	未发现病毒	20181005
Sophos	未发现病毒	20181005
Comodo	未发现病毒	20181005
F-Secure	未发现病毒	20181005
DrWeb	未发现病毒	20181005
VIPRE	未发现病毒	20181005
TrendMicro	未发现病毒	20181005
McAfee-GW-Edition	未发现病毒	20181005
Fortinet	未发现病毒	20181005
Emsisoft	未发现病毒	20181005
SentinelOne	未发现病毒	20180926
F-Prot	未发现病毒	20181005
Jiangmin	未发现病毒	20181005
Webroot	未发现病毒	20181005
Avira	未发现病毒	20181005
MAX	未发现病毒	20181005
Antiy-AVL	未发现病毒	20181005
Kingsoft	未发现病毒	20181005
Endgame	未发现病毒	20180730
Arcabit	未发现病毒	20181005
AegisLab	未发现病毒	20181005
ZoneAlarm	未发现病毒	20181005
Avast-Mobile	未发现病毒	20181005
Microsoft	未发现病毒	20181005
AhnLab-V3	未发现病毒	20181005
ALYac	未发现病毒	20181005
AVware	未发现病毒	20180925
TACHYON	未发现病毒	20181005
VBA32	未发现病毒	20181005
Malwarebytes	RiskWare.GameHack.Generic	20181005
Zoner	未发现病毒	20181005
Tencent	未发现病毒	20181005
Yandex	未发现病毒	20181005
Ikarus	未发现病毒	20181005
eGambit	未发现病毒	20181005
GData	未发现病毒	20181005
AVG	未发现病毒	20181005
Cybereason	未发现病毒	20180308
Panda	未发现病毒	20181004
CrowdStrike	malicious_confidence_60% (D)	20180723
Qihoo-360	未发现病毒	20181005

进程树

The Scroll Of Taiwu Early Access Plus 38 Trainer Updated 2018.10.05.exe id: 2512

搜索
The Scroll Of Taiwu Early Access Plus 38 Trainer Updated 2018.10.05.exe (2512)

The Scroll Of Taiwu Early Access Plus 38 Trainer Updated 2018.10.05.exe, PID: 2512, 上一级进程 PID: 2380

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

文件名	TrainerBGM.mid
相关文件	C:\Users\test\Documents\FLiNGTrainer\TrainerBGM.mid
文件大小	32445 字节
文件类型	Standard MIDI data (format 1) using 10 tracks at 1/384
MD5	2381a85f665f3320e6a0722d6d706adc
SHA1	47e51cf568bc7e3fe63ff24609b82a48355fb6c0
SHA256	d67e34ade1f38cf33c742018f66eabe81eb3efb704b92903df9c02d5648db3ed
CRC32	5DD1ECB8
Ssdeep	384:REQEPlzAL1wStoQ1wStotZ851wStprwi2S2i2u2i2W2i2JI1wStprwi2S2i2u2iV:ibPG57EIsgsIV3Q3vm4m46r
	下载提交魔盾安全分析

文件名	TrainerSettings.ini
相关文件	C:\Users\test\Documents\FLiNGTrainer\TrainerSettings.ini
文件大小	100 字节
文件类型	ASCII text, with CRLF line terminators
MD5	c0e0870af8515b919291bdc1da6bda28
SHA1	84642d226edf4c7a5ffd8d574845a2967d64ba9b
SHA256	0749d2c2db3855d0a122348d929ec1ca0c7015ebe672c27d8554b7e13dd4dd56
CRC32	3B0D86F9
Ssdeep	3:CLAoLCREmZWHONKRKOXCYToDMZCEHWz2N4k:CiKRtXCYotTzW
	下载提交魔盾安全分析显示文本
[Trainer] Language=Chinese Simplified ShowAVHint=True OnLoadMusic=True IgnoreGameVersion=False

文件名	GDIPFONTCACHEV1.DAT
相关文件	C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
文件大小	114272 字节
文件类型	data
MD5	2262103813c49a07c65813bb58143c21
SHA1	a1e4a613f51e8e57592464c61cc271f2fecec4f2
SHA256	ac3bd52d544a061ee8c90fa787f07af9d01a0c5a72981ed8172617b210798d31
CRC32	4C77BE6A
Ssdeep	1536:mLKAaE8z5wHgTlyhAQcDnBlC+X886UMMDbEDuezh:moiuzBzXGMDezh
魔盾安全分析结果	2.0 分析时间：2017-03-07 13:12:04 查看分析报告
	下载提交魔盾安全分析

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 15.376 seconds )

7.332 Suricata
1.933 BehaviorAnalysis
1.816 Static
1.62 TargetInfo
1.583 VirusTotal
0.35 AnalysisInfo
0.33 peid
0.228 NetworkAnalysis
0.124 Debug
0.044 Dropped
0.009 Strings
0.004 Memory
0.003 config_decoder

Signatures ( 1.334 seconds )

0.342 md_bad_drop
0.114 api_spamming
0.107 process_interest
0.104 injection_createremotethread
0.096 stealth_timeout
0.074 decoy_document
0.073 antiav_detectreg
0.072 injection_runpe
0.067 vawtrak_behavior
0.047 process_needed
0.025 infostealer_ftp
0.022 md_url_bl
0.015 infostealer_im
0.014 antianalysis_detectreg
0.013 md_domain_bl
0.01 antivm_generic_scsi
0.009 infostealer_mail
0.008 ransomware_files
0.007 ransomware_extensions
0.006 antivm_generic_services
0.006 mimics_filetime
0.006 antivm_generic_disk
0.005 reads_self
0.005 virus
0.005 antiav_detectfile
0.004 bootkit
0.004 stealth_file
0.004 persistence_autorun
0.004 antivm_parallels_keys
0.004 geodo_banking_trojan
0.004 infostealer_bitcoin
0.003 hancitor_behavior
0.003 betabot_behavior
0.003 kibex_behavior
0.003 antivm_xen_keys
0.003 darkcomet_regkeys
0.003 recon_fingerprint
0.002 antiemu_wine_func
0.002 tinba_behavior
0.002 infostealer_browser_password
0.002 kovter_behavior
0.002 antivm_generic_diskreg
0.002 antivm_vbox_files
0.002 disables_browser_warn
0.002 packer_armadillo_regkey
0.001 rat_nanocore
0.001 shifu_behavior
0.001 antidbg_windows
0.001 cerber_behavior
0.001 antisandbox_productid
0.001 antivm_xen_keys
0.001 antivm_hyperv_keys
0.001 antivm_vbox_acpi
0.001 antivm_vbox_keys
0.001 antivm_vmware_keys
0.001 antivm_vpc_keys
0.001 bot_drive
0.001 bot_drive2
0.001 modify_proxy
0.001 browser_security
0.001 bypass_firewall
0.001 modify_security_center_warnings
0.001 modify_uac_prompt
0.001 office_security
0.001 rat_pcclient
0.001 rat_spynet
0.001 recon_programs
0.001 stealth_hiddenreg
0.001 stealth_hide_notifications

Reporting ( 0.011 seconds )

0.011 Malheur


Task ID	194024
Mongo ID	5bb85610a093ef245283da6b
Cuckoo release	1.4-Maldun