分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp03-2 | 2018-10-27 01:29:05 | 2018-10-27 01:31:41 | 156 秒 |
魔盾分数
10.0
Malicious病毒
文件详细信息
| 文件名 | 19c35fe1810cfb459fd4b4767af756624587bed590f2b6ee75682dde7fdf11cd |
|---|---|
| 文件大小 | 8515908 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | ab229cca714152bd35690e774b3d0470 |
| SHA1 | 57b2b37de2c98af717a0530735847ce86fe54216 |
| SHA256 | 19c35fe1810cfb459fd4b4767af756624587bed590f2b6ee75682dde7fdf11cd |
| SHA512 | 9649ec8d3a61f7dddd78bdd44a9c2b7e7a71d44a3f57fb9eb0e624a93bd36f9515ab5606085f8e8e043f871d789d82907f3101b801b2b2fde8dfed58b5c1f03e |
| CRC32 | 1D4511FB |
| Ssdeep | 196608:+cQrJ68yOHA+jN/FHj98H3hgTYc1IOD+nODPJU8:3QJ68yt+jfyH3hVOqnO3 |
| Yara | 登录查看Yara规则 |
| 样本下载 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x00bc0e3b |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x0081fc98 |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2018-10-08 09:46:28 |
| 载入哈希 | dd81c0a616abefe35ad21b0cb101199e |
| 图标 |  |
| 图标精确哈希值 | 043560332595f3b1479455db45a7f012 |
| 图标相似性哈希值 | 14b84b4e23489321543dd1bd99361305 |
版本信息
| LegalCopyright | |
|---|---|
| FileVersion | |
| CompanyName | |
| Comments | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .mapo | 0x00001000 | 0x0128f000 | 0x007c11e3 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.89 |
| .rsrc | 0x01290000 | 0x0004c000 | 0x0004c000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.70 |
| .mapo | 0x012dc000 | 0x00011000 | 0x00010144 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 6.07 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| TEXTINCLUDE | 0x01290cd8 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| TEXTINCLUDE | 0x01290cd8 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| TEXTINCLUDE | 0x01290cd8 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| RT_CURSOR | 0x012911c8 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_CURSOR | 0x012911c8 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_CURSOR | 0x012911c8 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_CURSOR | 0x012911c8 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_BITMAP | 0x01292a3c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x01292a3c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x01292a3c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x01292a3c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x01292a3c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x01292a3c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x01292a3c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x01292a3c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x01292a3c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x01292a3c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x01292a3c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x01292a3c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x01292a3c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x01292a3c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x01292a3c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_ICON | 0x012d8f90 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.39 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x012d8f90 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.39 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x012d8f90 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.39 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x012d8f90 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.39 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x012d8f90 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.39 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x012d8f90 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.39 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x012d8f90 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.39 | GLS_BINARY_LSB_FIRST |
| RT_MENU | 0x012d9404 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
| RT_MENU | 0x012d9404 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
| RT_DIALOG | 0x012da64c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x012da64c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x012da64c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x012da64c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x012da64c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x012da64c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x012da64c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x012da64c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x012da64c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x012da64c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_STRING | 0x012db094 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x012db094 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x012db094 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x012db094 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x012db094 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x012db094 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x012db094 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x012db094 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x012db094 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x012db094 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x012db094 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_GROUP_CURSOR | 0x012db0e0 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x012db0e0 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x012db0e0 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_ICON | 0x012db164 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_GROUP_ICON | 0x012db164 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_GROUP_ICON | 0x012db164 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_VERSION | 0x012db178 | 0x00000240 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.51 | data |
| RT_MANIFEST | 0x012db3b8 | 0x000001cd | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.08 | XML 1.0 document, ASCII text, with very long lines, with no line terminators |
导入
库: iphlpapi.dll:
• 0xbc0c12 GetAdaptersInfo
库: WINMM.dll:
• 0xbc0c38 midiStreamOut
库: WS2_32.dll:
• 0xbc0c4f WSACleanup
库: USER32.dll:
• 0xbc0c74 LoadStringA
库: GDI32.dll:
• 0xbc0c93 LineTo
库: WINSPOOL.DRV:
• 0xbc0cbb OpenPrinterA
库: ADVAPI32.dll:
• 0xbc0ce7 RegQueryValueExA
库: SHELL32.dll:
• 0xbc0d0f ShellExecuteA
库: ole32.dll:
• 0xbc0d37 CLSIDFromProgID
库: OLEAUT32.dll:
• 0xbc0d50 UnRegisterTypeLib
库: COMCTL32.dll:
• 0xbc0d79 ImageList_Add
库: comdlg32.dll:
• 0xbc0da2 GetFileTitleA
库: PSAPI.DLL:
• 0xbc0dcf GetModuleInformation
.mapo
.rsrc
.mapo
.rsrc
@.demos
B^eX:\#2`2 d,l
NABii$D
iBO}Q
| 防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
|---|---|---|
| Bkav | W32.HfsAutoB. | 20181025 |
| MicroWorld-eScan | Gen:Variant.Graftor.401081 | 20181026 |
| CMC | 未发现病毒 | 20181026 |
| CAT-QuickHeal | 未发现病毒 | 20181026 |
| McAfee | Packed-NU!AB229CCA7141 | 20181026 |
| Cylance | Unsafe | 20181026 |
| AegisLab | Troj.Downloader.W32.Bagle.kYXw | 20181026 |
| K7AntiVirus | Adware ( 004b942f1 ) | 20181026 |
| Alibaba | 未发现病毒 | 20180921 |
| K7GW | Adware ( 004b942f1 ) | 20181025 |
| TheHacker | 未发现病毒 | 20181025 |
| Arcabit | Trojan.Graftor.D61EB9 | 20181026 |
| TrendMicro | 未发现病毒 | 20181026 |
| Baidu | 未发现病毒 | 20181026 |
| NANO-Antivirus | 未发现病毒 | 20181026 |
| F-Prot | 未发现病毒 | 20181026 |
| Symantec | ML.Attribute.HighConfidence | 20181026 |
| ESET-NOD32 | 未发现病毒 | 20181026 |
| TrendMicro-HouseCall | 未发现病毒 | 20181026 |
| Paloalto | 未发现病毒 | 20181026 |
| ClamAV | 未发现病毒 | 20181026 |
| GData | Gen:Variant.Graftor.401081 | 20181026 |
| Kaspersky | HEUR:Trojan.Win32.Generic | 20181026 |
| BitDefender | Gen:Variant.Graftor.401081 | 20181026 |
| Babable | 未发现病毒 | 20180918 |
| SUPERAntiSpyware | 未发现病毒 | 20181022 |
| Avast | 未发现病毒 | 20181026 |
| Rising | Malware.Heuristic!ET#96% (RDM+:cmRtazpq4h/ZjGba/hEwWSy1advL) | 20181026 |
| Ad-Aware | Gen:Variant.Graftor.401081 | 20181026 |
| Trustlook | 未发现病毒 | 20181026 |
| Emsisoft | Gen:Variant.Graftor.401081 (B) | 20181026 |
| F-Secure | Gen:Variant.Graftor.401081 | 20181026 |
| DrWeb | 未发现病毒 | 20181026 |
| Zillya | 未发现病毒 | 20181024 |
| Invincea | heuristic | 20180717 |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.rc | 20181026 |
| Sophos | 未发现病毒 | 20181026 |
| SentinelOne | static engine - malicious | 20181011 |
| Cyren | 未发现病毒 | 20181026 |
| Jiangmin | 未发现病毒 | 20181026 |
| Webroot | W32.Trojan.Gen | 20181026 |
| Avira | 未发现病毒 | 20181026 |
| Antiy-AVL | 未发现病毒 | 20181026 |
| Kingsoft | 未发现病毒 | 20181026 |
| Microsoft | Trojan:Win32/Fuerboos.A!cl | 20181026 |
| Endgame | malicious (high confidence) | 20180730 |
| ViRobot | 未发现病毒 | 20181026 |
| ZoneAlarm | HEUR:Trojan.Win32.Generic | 20181026 |
| Avast-Mobile | 未发现病毒 | 20181026 |
| TACHYON | 未发现病毒 | 20181026 |
| AhnLab-V3 | 未发现病毒 | 20181026 |
| ALYac | Gen:Variant.Graftor.401081 | 20181026 |
| MAX | malware (ai score=88) | 20181026 |
| VBA32 | TScope.Malware-Cryptor.SB | 20181026 |
| Malwarebytes | 未发现病毒 | 20181026 |
| Zoner | 未发现病毒 | 20181025 |
| Tencent | 未发现病毒 | 20181026 |
| Yandex | 未发现病毒 | 20181026 |
| Ikarus | 未发现病毒 | 20181026 |
| eGambit | 未发现病毒 | 20181026 |
| Fortinet | W32/Generic.AP.10DA2E!tr | 20181026 |
| AVG | 未发现病毒 | 20181026 |
| Cybereason | malicious.a71415 | 20180225 |
| Panda | W32/Sality.AA | 20181026 |
| CrowdStrike | malicious_confidence_100% (D) | 20181022 |
| Qihoo-360 | 未发现病毒 | 20181026 |
进程树
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
| 文件名 | ID .txt |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\ ID .txt
|
| 文件大小 | 32 字节 |
| 文件类型 | ASCII text, with no line terminators |
| MD5 | 8f6476696ab18a8ce1964ca6f9988c07 |
| SHA1 | ab21b0cd930d774c425af59f1a33170a2cd923b4 |
| SHA256 | 4feb4645ce98804aa53296218e269047f6adb85d45b93505a816043a59f76669 |
| CRC32 | FDC19F8C |
| Ssdeep | 3:NymU41iQA:N5s |
| 下载 提交魔盾安全分析 显示文本 | |
7AFD5BC346162084FE8D5B96569AD519 |
|
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 22.224 seconds )
- 7.379 Suricata
- 6.18 TargetInfo
- 4.866 Static
- 1.784 VirusTotal
- 0.984 BehaviorAnalysis
- 0.375 AnalysisInfo
- 0.346 peid
- 0.226 NetworkAnalysis
- 0.033 Debug
- 0.029 config_decoder
- 0.01 Dropped
- 0.009 Strings
- 0.003 Memory
Signatures ( 0.662 seconds )
- 0.171 md_bad_drop
- 0.043 antivm_vbox_libs
- 0.043 stealth_timeout
- 0.032 antiav_detectreg
- 0.03 antiemu_wine_func
- 0.029 decoy_document
- 0.027 antiav_avast_libs
- 0.026 api_spamming
- 0.023 kovter_behavior
- 0.021 infostealer_browser_password
- 0.02 md_url_bl
- 0.019 antisandbox_sunbelt_libs
- 0.019 exec_crash
- 0.015 antisandbox_sboxie_libs
- 0.015 antiav_bitdefender_libs
- 0.013 infostealer_ftp
- 0.011 antivm_vmware_libs
- 0.01 md_domain_bl
- 0.007 antianalysis_detectreg
- 0.007 infostealer_im
- 0.007 ransomware_files
- 0.006 ransomware_extensions
- 0.005 antiav_detectfile
- 0.004 persistence_autorun
- 0.004 infostealer_bitcoin
- 0.004 infostealer_mail
- 0.003 antivm_generic_scsi
- 0.002 tinba_behavior
- 0.002 reads_self
- 0.002 betabot_behavior
- 0.002 mimics_filetime
- 0.002 heapspray_js
- 0.002 kibex_behavior
- 0.002 antivm_generic_disk
- 0.002 antidbg_windows
- 0.002 antivm_vbox_files
- 0.002 geodo_banking_trojan
- 0.002 disables_browser_warn
- 0.002 recon_fingerprint
- 0.001 bootkit
- 0.001 rat_nanocore
- 0.001 infostealer_browser
- 0.001 injection_createremotethread
- 0.001 antivm_generic_services
- 0.001 virtualcheck_js
- 0.001 stealth_file
- 0.001 cerber_behavior
- 0.001 virus
- 0.001 antivm_generic_diskreg
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 modify_proxy
- 0.001 browser_security
- 0.001 darkcomet_regkeys
- 0.001 modify_security_center_warnings
- 0.001 modify_uac_prompt
- 0.001 office_security
- 0.001 packer_armadillo_regkey
- 0.001 rat_pcclient
- 0.001 rat_spynet
- 0.001 stealth_hide_notifications
Reporting ( 0.006 seconds )
- 0.006 Malheur
| Task ID | 203117 |
|---|---|
| Mongo ID | 5bd34fa0a093ef61ce7719cf |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号