恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-hpdapp01-1	2018-11-19 19:13:31	2018-11-19 19:13:57	26 秒

错误信息: Task #215079: Analysis failed: Function raised an error: Unable to execute the initial process, analysis aborted.
请联系 support@maldun.com 取得帮助!

魔盾分数

0.85

正常的

文件详细信息

文件名	sedlauncher.exe
文件大小	280368 字节
文件类型	PE32+ executable (GUI) x86-64, for MS Windows
MD5	232262279fa8a1e35642ceedc5c45336
SHA1	f8407e7004c6bb9fb0747bc3952daf0e5f684b10
SHA256	17b23441e151a5522cd06799fb7412eeda0c046d1ca793976f6667256c860377
SHA512	944047b4cca4bdf086c2e9065f06d9027150d98ac3f5bfb8578ec7d0314cd97e8a2347e493ca6624c7c45b21286163458bcd38232a823b95f1f003f8db7b8969
CRC32	00357744
Ssdeep	3072:qmxa/ZgBELrtegwW1KmX9wtoV/xf5p2FoV62rraJDHZ/Nk:9mgBE3Mglr9wCZv62ra0
Yara	登录查看Yara规则
	样本下载提交漏报

登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址	0x140000000
入口地址	0x1400125b0
声明校验值	0x0004a8ec
实际校验值	0x0004a8ec
最低操作系统版本要求	10.0
PDB路径	sedlauncher.pdb
编译时间	1991-02-15 06:20:05
载入哈希	e8f6ca99fb75655892ce5d276ab80ef6

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

微软证书验证 (Sign Tool)

SHA1	时间戳	有效性	错误
None	Fri Nov 09 14:37:00 2018	否	A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

证书链	Certificate Chain 1
发行给	Microsoft Root Certificate Authority 2010
发行人	Microsoft Root Certificate Authority 2010
有效期	Sun Jun 24 060401 2035
SHA1 哈希	3b1efd3a66ea28b16697394703a72ca340a05bd5

证书链	Certificate Chain 2
发行给	Microsoft Windows Production PCA 2011
发行人	Microsoft Root Certificate Authority 2010
有效期	Tue Oct 20 025142 2026
SHA1 哈希	580a6f4cc4e4b669b9ebdc1b2b3e087b80d0678d

证书链	Certificate Chain 3
发行给	Microsoft Windows
发行人	Microsoft Windows Production PCA 2011
有效期	Sat Jul 27 044549 2019
SHA1 哈希	84ec67b9ac9d7789bab500503a7862173f432adb

证书链	Timestamp Chain 1
发行给	Microsoft Root Certificate Authority 2010
发行人	Microsoft Root Certificate Authority 2010
有效期	Sun Jun 24 060401 2035
SHA1 哈希	3b1efd3a66ea28b16697394703a72ca340a05bd5

证书链	Timestamp Chain 2
发行给	Microsoft Time-Stamp PCA 2010
发行人	Microsoft Root Certificate Authority 2010
有效期	Wed Jul 02 054655 2025
SHA1 哈希	2aa752fe64c49abe82913c463529cf10ff2f04ee

证书链	Timestamp Chain 3
发行给	Microsoft Time-Stamp service
发行人	Microsoft Time-Stamp PCA 2010
有效期	Sun Nov 24 042703 2019
SHA1 哈希	7240252178439ebda23d65cff7406ae45f8da20b

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x00013d08	0x00013e00	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.22
.rdata	0x00015000	0x0000b0dc	0x0000b200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.47
.data	0x00021000	0x00000ad8	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	3.38
.pdata	0x00022000	0x00000cf0	0x00000e00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.70
.rsrc	0x00023000	0x00021448	0x00021600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.31
.reloc	0x00045000	0x00000098	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	1.99

导入

库: api-ms-win-crt-runtime-l1-1-0.dll:

• 0x140015828 _initterm_e

• 0x140015830 _c_exit

• 0x140015838 _register_thread_local_exe_atexit_callback

• 0x140015840 _initterm

库: api-ms-win-crt-string-l1-1-0.dll:

• 0x140015850 memset

库: api-ms-win-crt-private-l1-1-0.dll:

• 0x1400156b8 _o__get_wide_winmain_command_line

• 0x1400156c0 _o__initialize_onexit_table

• 0x1400156c8 _o__initialize_wide_environment

• 0x1400156d0 _o__invalid_parameter_noinfo

• 0x1400156d8 _o__invalid_parameter_noinfo_noreturn

• 0x1400156e0 _o__register_onexit_function

• 0x1400156e8 _o__seh_filter_exe

• 0x1400156f0 _o__set_app_type

• 0x1400156f8 _o__set_errno

• 0x140015700 _o__set_fmode

• 0x140015708 _o__set_new_mode

• 0x140015710 memcpy

• 0x140015718 _o__errno

• 0x140015720 _o__wcsicmp

• 0x140015728 _o__wcsupr_s

• 0x140015730 _o_exit

• 0x140015738 _o_free

• 0x140015740 _o_malloc

• 0x140015748 _o_strncpy_s

• 0x140015750 _o_strtol

• 0x140015758 _o_terminate

• 0x140015760 _o_wcstombs

• 0x140015768 _o_wcstoul

• 0x140015770 __C_specific_handler

• 0x140015778 _CxxThrowException

• 0x140015780 _o___stdio_common_vswscanf

• 0x140015788 _o___stdio_common_vswprintf

• 0x140015790 _o__cexit

• 0x140015798 _o___stdio_common_vsprintf_s

• 0x1400157a0 _o__callnewh

• 0x1400157a8 _o___stdio_common_vsnprintf_s

• 0x1400157b0 _o___std_exception_destroy

• 0x1400157b8 _o___std_exception_copy

• 0x1400157c0 _o__crt_atexit

• 0x1400157c8 _o__exit

• 0x1400157d0 wcsstr

• 0x1400157d8 _o___p__commode

• 0x1400157e0 _o__configure_wide_argv

• 0x1400157e8 _o__configthreadlocale

• 0x1400157f0 strrchr

• 0x1400157f8 strchr

• 0x140015800 wcschr

• 0x140015808 memmove

• 0x140015810 __CxxFrameHandler3

• 0x140015818 memcmp

库: api-ms-win-core-file-l1-1-0.dll:

• 0x1400153c0 GetTempFileNameW

• 0x1400153c8 CreateDirectoryW

• 0x1400153d0 CreateFileW

• 0x1400153d8 DeleteFileW

• 0x1400153e0 GetFileAttributesW

• 0x1400153e8 GetFileSize

• 0x1400153f0 WriteFile

库: api-ms-win-core-libraryloader-l1-1-0.dll:

• 0x140015488 GetModuleFileNameW

• 0x140015490 FreeLibrary

• 0x140015498 GetModuleHandleExW

• 0x1400154a0 GetProcAddress

• 0x1400154a8 GetModuleHandleW

• 0x1400154b0 GetModuleFileNameA

库: api-ms-win-core-synch-l1-2-0.dll:

• 0x140015638 InitOnceBeginInitialize

• 0x140015640 InitOnceComplete

库: api-ms-win-eventing-controller-l1-1-0.dll:

• 0x140015860 EnableTraceEx2

• 0x140015868 ControlTraceW

• 0x140015870 StartTraceW

库: api-ms-win-core-registry-l1-1-0.dll:

• 0x140015560 RegGetValueW

• 0x140015568 RegQueryInfoKeyW

• 0x140015570 RegQueryValueExW

• 0x140015578 RegCreateKeyExW

• 0x140015580 RegDeleteValueW

• 0x140015588 RegSetValueExW

• 0x140015590 RegCloseKey

• 0x140015598 RegEnumValueW

• 0x1400155a0 RegOpenKeyExW

库: api-ms-win-core-synch-l1-1-0.dll:

• 0x1400155f0 OpenSemaphoreW

• 0x1400155f8 CreateMutexExW

• 0x140015600 CreateSemaphoreExW

• 0x140015608 ReleaseSemaphore

• 0x140015610 CreateMutexW

• 0x140015618 WaitForSingleObject

• 0x140015620 ReleaseMutex

• 0x140015628 WaitForSingleObjectEx

库: api-ms-win-core-heap-l1-1-0.dll:

• 0x140015420 HeapAlloc

• 0x140015428 HeapFree

• 0x140015430 GetProcessHeap

库: api-ms-win-core-errorhandling-l1-1-0.dll:

• 0x140015390 UnhandledExceptionFilter

• 0x140015398 RaiseException

• 0x1400153a0 SetUnhandledExceptionFilter

• 0x1400153a8 GetLastError

• 0x1400153b0 SetLastError

库: api-ms-win-security-sddl-l1-1-0.dll:

• 0x1400158b8 ConvertStringSecurityDescriptorToSecurityDescriptorW

库: api-ms-win-core-com-l1-1-0.dll:

• 0x140015338 CoCreateGuid

• 0x140015340 CoTaskMemAlloc

• 0x140015348 CoTaskMemRealloc

• 0x140015350 CoUninitialize

• 0x140015358 CoTaskMemFree

• 0x140015360 CoInitializeEx

库: api-ms-win-eventing-legacy-l1-1-0.dll:

• 0x140015880 QueryTraceW

库: api-ms-win-eventing-provider-l1-1-0.dll:

• 0x140015890 EventWriteTransfer

• 0x140015898 EventSetInformation

• 0x1400158a0 EventRegister

• 0x1400158a8 EventUnregister

库: api-ms-win-core-heap-obsolete-l1-1-0.dll:

• 0x140015440 LocalAlloc

• 0x140015448 LocalFree

• 0x140015450 GlobalFree

库: api-ms-win-core-processthreads-l1-1-0.dll:

• 0x140015510 GetCurrentProcessId

• 0x140015518 GetCurrentThreadId

• 0x140015520 TerminateProcess

• 0x140015528 GetCurrentProcess

• 0x140015530 GetStartupInfoW

库: api-ms-win-core-localization-l1-2-0.dll:

• 0x1400154c0 FormatMessageW

• 0x1400154c8 GetUserDefaultLocaleName

库: api-ms-win-core-debug-l1-1-0.dll:

• 0x140015370 IsDebuggerPresent

• 0x140015378 DebugBreak

• 0x140015380 OutputDebugStringW

库: api-ms-win-core-handle-l1-1-0.dll:

• 0x140015410 CloseHandle

库: api-ms-win-core-path-l1-1-0.dll:

• 0x1400154f8 PathCchRemoveFileSpec

• 0x140015500 PathCchCombine

库: CRYPT32.dll:

• 0x1400151f0 CertFreeCertificateContext

• 0x1400151f8 CryptStringToBinaryW

• 0x140015200 CertVerifyCertificateChainPolicy

• 0x140015208 CertFreeCertificateChain

• 0x140015210 CertGetCertificateChain

库: api-ms-win-core-kernel32-legacy-l1-1-0.dll:

• 0x140015470 MoveFileW

• 0x140015478 LoadLibraryW

库: api-ms-win-core-rtlsupport-l1-1-0.dll:

• 0x1400155c0 RtlVirtualUnwind

• 0x1400155c8 RtlCaptureContext

• 0x1400155d0 RtlLookupFunctionEntry

库: api-ms-win-core-processthreads-l1-1-1.dll:

• 0x140015540 IsProcessorFeaturePresent

库: api-ms-win-core-profile-l1-1-0.dll:

• 0x140015550 QueryPerformanceCounter

库: api-ms-win-core-sysinfo-l1-1-0.dll:

• 0x140015650 GetSystemDirectoryW

• 0x140015658 GetSystemTimeAsFileTime

库: api-ms-win-core-interlocked-l1-1-0.dll:

• 0x140015460 InitializeSListHead

库: api-ms-win-core-memory-l1-1-0.dll:

• 0x1400154d8 UnmapViewOfFile

• 0x1400154e0 MapViewOfFile

• 0x1400154e8 CreateFileMappingW

库: SHELL32.dll:

• 0x140015258 SHGetKnownFolderPath

• 0x140015260 CommandLineToArgvW

库: WINHTTP.dll:

• 0x140015288 WinHttpOpen

• 0x140015290 WinHttpReceiveResponse

• 0x140015298 WinHttpQueryHeaders

• 0x1400152a0 WinHttpReadData

• 0x1400152a8 WinHttpOpenRequest

• 0x1400152b0 WinHttpQueryOption

• 0x1400152b8 WinHttpQueryDataAvailable

• 0x1400152c0 WinHttpCloseHandle

• 0x1400152c8 WinHttpSendRequest

• 0x1400152d0 WinHttpSetTimeouts

• 0x1400152d8 WinHttpConnect

库: api-ms-win-core-version-l1-1-0.dll:

• 0x140015678 VerQueryValueW

库: api-ms-win-core-sysinfo-l1-2-0.dll:

• 0x140015668 GetProductInfo

库: ntdll.dll:

• 0x1400158d8 RtlConvertDeviceFamilyInfoToString

库: api-ms-win-core-shlwapi-legacy-l1-1-0.dll:

• 0x1400155e0 PathFileExistsW

库: api-ms-win-core-registry-l2-1-0.dll:

• 0x1400155b0 RegSetKeyValueW

库: CRYPTSP.dll:

• 0x140015220 CryptHashData

• 0x140015228 CryptAcquireContextW

• 0x140015230 CryptCreateHash

• 0x140015238 CryptReleaseContext

• 0x140015240 CryptGetHashParam

• 0x140015248 CryptDestroyHash

库: api-ms-win-core-file-l1-2-0.dll:

• 0x140015400 GetTempPathW

库: VERSION.dll:

• 0x140015270 GetFileVersionInfoSizeW

• 0x140015278 GetFileVersionInfoW

库: api-ms-win-core-winrt-string-l1-1-0.dll:

• 0x140015698 WindowsGetStringRawBuffer

• 0x1400156a0 WindowsDeleteString

• 0x1400156a8 WindowsCreateStringReference

库: api-ms-win-core-winrt-l1-1-0.dll:

• 0x140015688 RoGetActivationFactory

库: WINTRUST.dll:

• 0x140015318 WTHelperGetProvSignerFromChain

• 0x140015320 WTHelperProvDataFromStateData

• 0x140015328 WinVerifyTrust

库: WININET.dll:

• 0x1400152e8 HttpQueryInfoW

• 0x1400152f0 InternetReadFile

• 0x1400152f8 InternetCloseHandle

• 0x140015300 InternetOpenUrlW

• 0x140015308 InternetOpenW

库: ext-ms-win-setupapi-classinstallers-l1-1-2.dll:

• 0x1400158c8 SetupIterateCabinetW

{&Sd{H7fz&Sd{Rich'Sd{
.text
`.rdata
@.data
.pdata
@.rsrc
@.reloc
fD9t]
bad array new length
Unknown exception
Exception
ReturnHr
LogHr
FailFast
RtlDllShutdownInProgress
internal\sdk\inc\wil\resultmacros.h
internal\sdk\inc\wil\resource.h
WilError_01
2018.11B
SedimentPackSelfUpdater
ExecuteShell
Error, CV not initialized
vector<T> too long
list<T> too long
string too long
EtwEventRegister
EtwEventUnregister
EtwEventEnabled
EtwEventWrite
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/W
4\bad allocation
onecore\enduser\upgradeenablers\onesettings\ctachelper.cpp
onecore\enduser\upgradeenablers\shellhelpers\servicehelpers.cpp
onecore\enduser\upgradeenablers\shellhelpers\filehelper.cpp
onecore\enduser\upgradeenablers\sedimentpackupdater\sedimentpackupdater.cpp
FallbackError
wilResult
hresult
fileName
lineNumber
module
failureType
message
threadId
callContext
originatingContextId
originatingContextName
originatingContextMessage
currentContextId
currentContextName
currentContextMessage
Error
PackageVersion
Message
Information
PackageVersion
Message
Applicable
PackageVersion
GlobalEventCounter
PluginName
Result
DetectedCondition
Error
PackageVersion
Message
HResult
Applicable
PackageVersion
GlobalEventCounter
PluginName
Result
DetectedCondition
IsSelfUpdateEnabledInOneSettings
IsSelfUpdateNeeded
Started
PackageVersion
GlobalEventCounter
PluginName
Result
FallbackError
wilResult
hresult
fileName
lineNumber
module
failureType
message
threadId
callContext
originatingContextId
originatingContextName
originatingContextMessage
currentContextId
currentContextName
currentContextMessage
failureId
failureCount
function
Completed
PackageVersion
GlobalEventCounter
PluginName
Result
SedLauncherExecutionResult
Information
PackageVersion
Message
HResult
Started
PackageVersion
GlobalEventCounter
PluginName
Result
Completed
PackageVersion
GlobalEventCounter
PluginName
Result
FailedReasons
Microsoft.Windows.SedimentLauncher
sedlauncher.pdb
.text
.text$di
.text$mn
.text$mn$00
.text$x
.text$yd
.rdata$brc
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.gfids
.rdata
.rdata$r
.rdata$zETW0
.rdata$zETW1
.rdata$zETW2
.rdata$zETW9
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$brc
.data$r$brc
.data
.pdata
.rsrc$01
.rsrc$02
_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
memset
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
__CxxFrameHandler3
memmove
wcschr
strchr
strrchr
_o___p__commode
_o___std_exception_copy
_o___std_exception_destroy
_o___stdio_common_vsnprintf_s
_o___stdio_common_vsprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vswscanf
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcsupr_s
_o_exit
_o_free
_o_malloc
_o_strncpy_s
_o_strtol
_o_terminate
_o_wcstombs
_o_wcstoul
__C_specific_handler
_CxxThrowException
api-ms-win-crt-private-l1-1-0.dll
CreateDirectoryW
GetModuleFileNameA
InitOnceBeginInitialize
EnableTraceEx2
RegQueryValueExW
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CoCreateGuid
QueryTraceW
CoUninitialize
GetModuleFileNameW
EventUnregister
ControlTraceW
RegOpenKeyExW
CoTaskMemFree
CreateMutexW
WaitForSingleObject
LocalAlloc
GetFileAttributesW
GetCurrentThreadId
RegSetValueExW
ReleaseMutex
EventSetInformation
FormatMessageW
GetLastError
OutputDebugStringW
RegCreateKeyExW
InitOnceComplete
WaitForSingleObjectEx
DeleteFileW
OpenSemaphoreW
GlobalFree
CloseHandle
HeapAlloc
EventRegister
GetProcAddress
CreateMutexExW
LocalFree
PathCchRemoveFileSpec
GetCurrentProcessId
GetProcessHeap
EventWriteTransfer
GetModuleHandleW
CoInitializeEx
RegCloseKey
StartTraceW
DebugBreak
CryptStringToBinaryW
MoveFileW
IsDebuggerPresent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
RaiseException
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
FreeLibrary
api-ms-win-core-file-l1-1-0.dll
api-ms-win-core-libraryloader-l1-1-0.dll
api-ms-win-core-synch-l1-2-0.dll
api-ms-win-eventing-controller-l1-1-0.dll
api-ms-win-core-registry-l1-1-0.dll
api-ms-win-core-synch-l1-1-0.dll
api-ms-win-core-heap-l1-1-0.dll
api-ms-win-core-errorhandling-l1-1-0.dll
api-ms-win-security-sddl-l1-1-0.dll
api-ms-win-core-com-l1-1-0.dll
api-ms-win-eventing-legacy-l1-1-0.dll
api-ms-win-eventing-provider-l1-1-0.dll
api-ms-win-core-heap-obsolete-l1-1-0.dll
api-ms-win-core-processthreads-l1-1-0.dll
api-ms-win-core-localization-l1-2-0.dll
api-ms-win-core-debug-l1-1-0.dll
api-ms-win-core-handle-l1-1-0.dll
api-ms-win-core-path-l1-1-0.dll
CRYPT32.dll
api-ms-win-core-kernel32-legacy-l1-1-0.dll
api-ms-win-core-rtlsupport-l1-1-0.dll
api-ms-win-core-processthreads-l1-1-1.dll
api-ms-win-core-profile-l1-1-0.dll
api-ms-win-core-sysinfo-l1-1-0.dll
api-ms-win-core-interlocked-l1-1-0.dll
api-ms-win-core-memory-l1-1-0.dll
CommandLineToArgvW
SHGetKnownFolderPath
SHELL32.dll
wcsstr
WinHttpQueryDataAvailable
WinHttpConnect
RegEnumValueW
CoTaskMemAlloc
WinHttpQueryOption
RegDeleteValueW
WinHttpSetTimeouts
CertGetCertificateChain
CertFreeCertificateContext
GetUserDefaultLocaleName
VerQueryValueW
RegGetValueW
GetProductInfo
WinHttpSendRequest
GetSystemDirectoryW
WinHttpCloseHandle
CertFreeCertificateChain
CoTaskMemRealloc
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
RegQueryInfoKeyW
CertVerifyCertificateChainPolicy
WinHttpOpen
RtlConvertDeviceFamilyInfoToString
WinHttpReceiveResponse
PathFileExistsW
LoadLibraryW
PathCchCombine
RegSetKeyValueW
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CreateFileW
CryptHashData
UnmapViewOfFile
CryptCreateHash
GetFileSize
CryptAcquireContextW
CreateFileMappingW
MapViewOfFile
WriteFile
GetTempPathW
GetTempFileNameW
WINHTTP.dll
api-ms-win-core-version-l1-1-0.dll
api-ms-win-core-sysinfo-l1-2-0.dll
ntdll.dll
api-ms-win-core-shlwapi-legacy-l1-1-0.dll
api-ms-win-core-registry-l2-1-0.dll
CRYPTSP.dll
api-ms-win-core-file-l1-2-0.dll
GetFileVersionInfoSizeW
GetFileVersionInfoW
VERSION.dll
WindowsCreateStringReference
RoGetActivationFactory
WindowsDeleteString
WindowsGetStringRawBuffer
api-ms-win-core-winrt-string-l1-1-0.dll
api-ms-win-core-winrt-l1-1-0.dll
WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WINTRUST.dll
InternetOpenUrlW
InternetOpenW
HttpQueryInfoW
InternetCloseHandle
InternetReadFile
WININET.dll
SetupIterateCabinetW
ext-ms-win-setupapi-classinstallers-l1-1-2.dll
memcmp
memcpy
.?AVtype_info@@
.?AVbad_array_new_length@std@@
.?AVbad_alloc@std@@
.?AVResultException@wil@@
.?AVexception@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
ntdll.dll
%hs(%d)\%hs!%p: 
%hs!%p: 
(caller: %p) 
%hs(%d) tid(%x) %08X %ws
Msg:[%ws] 
CallContext:[%hs] 
LastErrorStateType
LastErrorState
LastError
LastUpdateCheckTime
LastUpdateInstallTime
RebootRequired
AttentionRequiredReason
UpToDateStatus
CurrentState
PoliciesCached
SettingsCached
UXRebootState
PauseUpdatesExpiryTime
PauseUpdatesStartTime
StagingSize
CommitResult
TrayIconUxState
RootCorrelationVector
ProgressedRootCorrelationVector
UpdateCorrelationVector
UpdateCorrelationVectorPartC
LastMeteredScanTime
UXRebootStateForActiveHours
ActiveHourStart
ActiveHourEnd
ActiveHourScenario
UpgradeInProgressTime
AUOptions
FlightEnabled
ScheduledInstallDay
ScheduledInstallTime
WUServer
AllowMeteredNetwork
Error
ServiceId
StatusTime
Title
UpdateStatus
UseCallerToken
Software\Microsoft\Windows\CurrentVersion\rempl\settings
RemediationShell
UpgradeRemediation
Onesettings Query() method failed
Onesettings ForceResetQueryState() method failed
Failed to update the plugins payload
SedLauncher
D:PAI(A;OICI;FA;;;WD)
Global\Microsoft.Windows.Remediation.TelemetryLauncher
GlobalEventCounter
Software\Microsoft\Remediation\LocalState\TelemetryLauncher
Failed to get a proper GlobalEventCounter for telemetry, using 0
CV not initialized
LauncherRemediation
%s\%s.%03d.etl
Local\SM0:%d:%d:%hs
%s\rempl
Microsoft.Windows.SedimentLauncher
Windows.Data.Json.JsonValue
\kernel32.dll
\ntdll.dll
Service Pack %d
VS_VERSION_INFO
StringFileInfo
FileVersion
JanFebMarAprMayJunJulAugSepOctNovDec
Endpoint
settings-win.data.microsoft.com
OneSettings IsTimeToRequery failed
OneSettings requery is TRUE
OneSettings OpenWebRequest failed
OneSettings GetCloudSettings failed
OneSettings UpdateNextRefreshTime failed
expectedValue parameter is null
RefreshAfter
settings/v2.0
%ls/%ls/%ls?os=Windows
&osVer=%s
&sku=%s
&deviceClass=%s
&locale=%s
&deviceId=s:%s
&sampleId=s:%s
&appVer=%s
SedimentPack
Query length %d exceeds the limit 2048
&namespaces=%s
NamespaceExtension
You are reading %d bytes
You have completed reading as dataSize is 0
You exceeded the maximum number of reads of %d. Something is probably wrong creating a read loop or data in OneSettings too large
An error occurrred during the read of OneSettings data
Failed to get E-Tag
Saving settings cache to registry
ETag not modified
%lu:%s
If-None-Match:
"settings":
settings
BuildLabEx
SOFTWARE\Microsoft\Windows NT\CurrentVersion
%M.%m.%ls
MachineId
SOFTWARE\Microsoft\SQMClient
RacSampleNumber
SOFTWARE\Microsoft\Reliability Analysis\RAC
%u.%u.%u.%u
Failed to open settings key 
Failed to examine key 
Failed to enumerate key 
OneSettings: %s value: %s
OneSettings: %s failed to read value
Failed to write %s to cache.
Windows.Internal.Flighting.ClientAttributes
pFound existing handle: %p
Failed to verify signature for %s
Failed to load: %s
Acquired handle: %p
Freed handle
sedplugins.dll
Found existing DLL: %s
Cound not find DLL: %s
Failed to create/open settings key
Failed to write %s
Wrote value Name: %s, Value: %s
0x00000062,0x00000064,0x00000063
APPRAISERPLUGIN.ENABLEBINTELEMETRY
APPRAISERPLUGIN.ENABLEREGTELEMETRY
APPRAISERPLUGIN.ENABLERUNAPPRAISER
APPRAISERPLUGIN.ENABLETASKREPAIR
BINARYHEALTHPLUGIN.ENABLEDETECTHEALTH
BINARYHEALTHPLUGIN.ENABLERESTOREHEALTH
REQUESTSLEEPDEFERRALPLUGIN.PERCENTBATTERYPOWERTOSTOP
REQUESTSLEEPDEFERRALPLUGIN.ENABLE
REQUESTSLEEPDEFERRALPLUGIN.ENABLERUNONBATTERY
REQUESTSLEEPDEFERRALPLUGIN.MINIMUMMINUTESBETWEENPOWERWATCHERSCAN
REQUESTSLEEPDEFERRALPLUGIN.POWERWATCHERSCANRUNCOUNT
REQUESTSLEEPDEFERRALPLUGIN.CHECKPROCESS
REQUESTSLEEPDEFERRALPLUGIN.MINUTEINTERVALSENDINGEVENT
CLEANDRIVERSTOREPLUGIN.ENABLEREPAIR
CLEARAUOPTIONSPLUGIN.SKULIST
SHELL.MINIMUMTIMEBETWEENSHELLSCANSINHOURS
CONFIGURATIONTROUBLESHOOTERPLUGIN.ENABLEBITSCLEANUP
CTS.ENABLEDELETERECOVEREDFROM
CTS.ENABLEDELETEUNINSTALLACTIVE
CONFIGURATIONTROUBLESHOOTERPLUGIN.ENABLEDNSCLEANUP
DEVICEDRIVERREMOVALPLUGIN.ENABLEREMOVAL
DISKCLEANUPPLUGIN.ENABLECOMPACTOSBINARIES
DISKCLEANUPPLUGIN.ENABLECOMPRESSIONNOSSD
DISKCLEANUPPLUGIN.ENABLEOSLOGCLEANUP
DISKCLEANUPPLUGIN.ENABLEPAGEFILEREDUCTION
DISKCLEANUPPLUGIN.ENABLEDISMCLEANUPIMAGE
DISKCLEANUPPLUGIN.ENABLEHIBERNATION
DISKCLEANUPPLUGIN.ENABLEWINDOWSSEARCHFILEREMOVAL
DISKCLEANUPPLUGIN.ENABLEWINDOWSRESTOREPOINTREMOVAL
DISKCLEANUPPLUGIN.NGENTIMEOUTHOURS
DISKCLEANUPPLUGIN.ENABLECBSTEMPCLEANUP
DISKCLEANUPPLUGIN.ENABLEVOLUMECACHESMODIFICATION
DISKCLEANUPPLUGIN.DISKSPACEFREETOSTARTCLEANUP
DISKCLEANUPPLUGIN.DISKSPACEFREETOSTOPCLEANUP
DISKCLEANUPPLUGIN.ENABLEUSERPROFILECOMPRESS
DISKCLEANUPPLUGIN.ENABLEREMOVESOFTWAREDISTRIBUTION
DISKCLEANUPPLUGIN.ENABLEREMOVESOFTWAREDISTRIBUTIONACTION
DISKCLEANUPPLUGIN.SOFTWAREDISTRIBUTIONFILEDAYSOLD
DISKCLEANUPPLUGIN.WINDOWSSTORECLEANUPENABLED
DISKCLEANUPPLUGIN.REMOVENGENFILES
COMPRESS.USERPROFILEFOLDERS
COMPRESS.SYSTEMPROFILEFOLDERS
LANGUAGEPACKREMOVALPLUGIN.DETECTCONDITIONENABLED
LANGUAGEPACKREMOVALPLUGIN.FREESPACEREQUIREMENT
LANGUAGEPACKREMOVALPLUGIN.MAXREMOVALATTEMPTS
LANGUAGEPACKREMOVALPLUGIN.PERFORMACTIONENABLED
LANGUAGEPACKREMOVALPLUGIN.MINIMUMLANGPACKCOUNTREQUIREMENT
WINDOWSUPDATEENDPOINTPLUGIN.SCANTIMEOUTAMOUNTTHRESHOLD
WINDOWSUPDATEENDPOINTPLUGIN.SWITCHDURATIONTHRESHOLD
REBOOTREMEDIATION.FORCEDREBOOTENABLED
REBOOTREMEDIATION.FORCEDREBOOTTOLERANCEDAYS
REBOOTREMEDIATION.IGNORABLEREASONS
SHELL.PERCENTBATTERYPOWER
STACKDATARESETPLUGIN.DETECTCONDITIONENABLED
STACKDATARESETPLUGIN.SCANSTARVATIONINDAYSTHRESHOLD
STACKDATARESETPLUGIN.INTERVALBETWEENRUNSINDAYS
STACKDATARESETPLUGIN.OOBEDAYSTHRESHOLD
STACKDATARESETPLUGIN.OSINSTALLDATEDAYSTHRESHOLD
STACKDATARESETPLUGIN.LCUINSTALLDATEDAYSTHRESHOLD
STACKDATARESETPLUGIN.LCUOSBUILDCHECK
STACKDATARESETPLUGIN.ROLLBACKCOUNTCHECK
STACKDATARESETPLUGIN.ROLLBACKOSBUILDCHECK
STACKDATARESETPLUGIN.MAXDAYSTOCONSIDEROFFLINE
STACKDATARESETPLUGIN.PERFORMACTIONENABLED
STACKDATARESETPLUGIN.DATASTOREUPLOADSIZELIMIT
STACKDATARESETPLUGIN.DELETEDOWNLOADFOLDERENABLED
STACKDATARESETPLUGIN.DELETEDATASTOREFOLDERENABLED
STACKDATARESETPLUGIN.DELETEUPDATESTOREFOLDERENABLED
STACKDATARESETPLUGIN.DELETEBITSDOWNLOADERFOLDERENABLED
STACKDATARESETPLUGIN.DELETEDOREGKEYENABLED
STACKDATARESETPLUGIN.UPLOADDATASTORETOWATSONENABLED
STACKDATARESETPLUGIN.MAXUPLOADATTEMPTS
DELIVERTOASTPLUGIN.ENABLED
DELIVERTOASTPLUGIN.REMOVE
DELIVERTOASTPLUGIN.SHOWCOUNT
DELIVERTOASTPLUGIN.AVAILABLEFREESPACE
DELIVERTOASTPLUGIN.SYSTEMDISKSIZE
DELIVERTOASTPLUGIN.INCLUDEDGEOIDS
DELIVERTOASTPLUGIN.EXCLUDEDGEOIDS
SHELL.STORAGESENSETASKENABLED
SHELL.STORAGESENSETASKTHRESHOLDOVERRIDEINDAYS
SHELL.USOSCANFREQUENCYINHOURS
SHELL.WSAUTOUPDATEFREQUENCY
WINDOWSSETUPIGNORECOMPATWARNINGSSHIM.ENABLED
USOSCANPLUGIN.INTERACTIVE_SCAN_ENABLED
USOSCANPLUGIN.SCAN_THRESHOLD_CHECK_ENABLED
USOSCANPLUGIN.CHECK_IF_FEATURE_UPDATE_OFFERED_ENABLED
USOSCANPLUGIN.SCANSTARVATIONTHRESHOLD
NUFI.ENABLED
NUFI.MAXBUILDNUMBER
SHELL.MINIMUMMINUTESBETWEENSHELLRUNS
SHELL.QUIETPERIODDAYS
SHELL.SCCM
SHELL.NEWOS
SHELL.UPMANAGED
SHELL.ZEROEXHAUST
SERVICE.SKIPVERIFYTASK
SERVICE.MAXIMUMBYTES
SERVICE.KILL
SELFUPDATE.DOWNLOADURL
SELFUPDATE.PAYLOADHASH
SELFUPDATE.CABHASH
SELFUPDATE.ENABLED
UPDATESERVICEHEALTHPLUGIN.SERVICEINSTALLBITMAP
UPDATEAPPLICABILITYFIXERPLUGIN.ENABLEEDITIONIDFIX
UPDATESERVICEHEALTHPLUGIN.ENABLESERVICEHARDENING
UPDATESERVICEHEALTHPLUGIN.SERVICEHARDENINGTHRESHOLDDAYS
APPRAISERPLUGIN.MAXIMUMRUNCOUNT
REQUESTSLEEPDEFERRALPLUGIN.MAXIMUMRUNCOUNT
CLEANDRIVERSTOREPLUGIN.MAXIMUMRUNCOUNT
CLEARAUOPTIONSPLUGIN.MAXIMUMRUNCOUNT
CONFIGURATIONTROUBLESHOOTERPLUGIN.MAXIMUMRUNCOUNT
DATETIMESYNCPLUGIN.MAXIMUMRUNCOUNT
DELIVERTOASTPLUGIN.MAXIMUMRUNCOUNT
DEVICEDRIVERREMOVALPLUGIN.MAXIMUMRUNCOUNT
DISKCLEANUPPLUGIN.MAXIMUMRUNCOUNT
Enabled
LANGUAGEPACKREMOVALPLUGIN.MAXIMUMRUNCOUNT
NOISYHAMMERPLUGIN.MAXIMUMRUNCOUNT
NOTIFYUSERFIXISSUESPLUGIN.MAXIMUMRUNCOUNT
REBOOTREMEDIATIONPLUGIN.MAXIMUMRUNCOUNT
SHELL.MAXIMUMRUNCOUNT
SIHHEALTHPLUGIN.MAXIMUMRUNCOUNT
STACKDATARESETPLUGIN.MAXIMUMRUNCOUNT
UPDATEAPPLICABILITYFIXERPLUGIN.MAXIMUMRUNCOUNT
UPDATEBINARYHEALTHPLUGIN.MAXIMUMRUNCOUNT
UPDATESEARCHERPLUGIN.MAXIMUMRUNCOUNT
UPDATESERVICEHEALTHPLUGIN.MAXIMUMRUNCOUNT
UPDATETASKHEALTHPLUGIN.MAXIMUMRUNCOUNT
UPGRADEFUNNELPLUGIN.MAXIMUMRUNCOUNT
USOSCANPLUGIN.MAXIMUMRUNCOUNT
WINDOWSUPDATEENDPOINTPLUGIN.MAXIMUMRUNCOUNT
STORAGESENSE.SYSTEMDRIVECOMPRESSPLUGIN
STORAGESENSE.RESTOREPOINTREMOVALPLUGIN
sedpack_

防病毒引擎/厂商	病毒名/规则匹配	病毒库日期
Bkav	未发现病毒	20181116
MicroWorld-eScan	未发现病毒	20181119
CMC	未发现病毒	20181118
CAT-QuickHeal	未发现病毒	20181118
McAfee	未发现病毒	20181119
Cylance	未发现病毒	20181119
VIPRE	未发现病毒	20181118
TheHacker	未发现病毒	20181118
BitDefender	未发现病毒	20181119
K7GW	未发现病毒	20181118
K7AntiVirus	未发现病毒	20181119
TrendMicro	未发现病毒	20181119
Baidu	未发现病毒	20181116
Babable	未发现病毒	20180918
F-Prot	未发现病毒	20181119
Symantec	未发现病毒	20181118
ESET-NOD32	未发现病毒	20181119
TrendMicro-HouseCall	未发现病毒	20181119
Paloalto	未发现病毒	20181119
ClamAV	未发现病毒	20181119
Kaspersky	未发现病毒	20181119
Alibaba	未发现病毒	20180921
NANO-Antivirus	未发现病毒	20181119
ViRobot	未发现病毒	20181118
SUPERAntiSpyware	未发现病毒	20181114
Avast	未发现病毒	20181119
Rising	未发现病毒	20181119
Ad-Aware	未发现病毒	20181119
Trustlook	未发现病毒	20181119
Sophos	未发现病毒	20181119
F-Secure	未发现病毒	20181119
DrWeb	未发现病毒	20181119
Zillya	未发现病毒	20181116
Invincea	未发现病毒	20181108
McAfee-GW-Edition	未发现病毒	20181119
Fortinet	未发现病毒	20181119
Emsisoft	未发现病毒	20181119
SentinelOne	未发现病毒	20181011
Cyren	未发现病毒	20181119
Jiangmin	未发现病毒	20181119
Webroot	未发现病毒	20181119
Avira	未发现病毒	20181118
MAX	未发现病毒	20181119
Antiy-AVL	未发现病毒	20181118
Kingsoft	未发现病毒	20181119
Endgame	未发现病毒	20181108
Arcabit	未发现病毒	20181118
AegisLab	未发现病毒	20181119
ZoneAlarm	未发现病毒	20181119
Avast-Mobile	未发现病毒	20181118
Microsoft	未发现病毒	20181119
AhnLab-V3	未发现病毒	20181118
VBA32	未发现病毒	20181116
ALYac	未发现病毒	20181119
TACHYON	未发现病毒	20181119
Malwarebytes	未发现病毒	20181119
Zoner	未发现病毒	20181119
Tencent	未发现病毒	20181119
Yandex	未发现病毒	20181116
Ikarus	未发现病毒	20181118
eGambit	未发现病毒	20181119
GData	未发现病毒	20181119
AVG	未发现病毒	20181119
Cybereason	未发现病毒	20180225
Panda	未发现病毒	20181118
CrowdStrike	未发现病毒	20181022
Qihoo-360	未发现病毒	20181119

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 20.197 seconds )

11.928 Suricata
3.798 VirusTotal
2.761 Static
0.791 TargetInfo
0.428 peid
0.355 NetworkAnalysis
0.063 AnalysisInfo
0.051 Debug
0.014 Strings
0.004 Memory
0.003 BehaviorAnalysis
0.001 config_decoder

Signatures ( 0.372 seconds )

0.225 md_bad_drop
0.02 md_url_bl
0.018 antiav_detectreg
0.018 md_domain_bl
0.011 anomaly_persistence_autorun
0.008 antiav_detectfile
0.007 infostealer_ftp
0.007 ransomware_files
0.006 ransomware_extensions
0.005 infostealer_im
0.004 tinba_behavior
0.004 infostealer_bitcoin
0.003 rat_nanocore
0.003 cerber_behavior
0.003 antivm_vbox_files
0.003 disables_browser_warn
0.003 infostealer_mail
0.002 geodo_banking_trojan
0.002 browser_security
0.002 modify_proxy
0.001 network_tor
0.001 betabot_behavior
0.001 ursnif_behavior
0.001 kibex_behavior
0.001 shifu_behavior
0.001 antivm_parallels_keys
0.001 antivm_xen_keys
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 disables_system_restore
0.001 disables_windows_defender
0.001 office_security
0.001 rat_spynet
0.001 stealth_hide_notifications
0.001 stealth_modify_uac_prompt
0.001 stealth_modify_security_center_warnings

Reporting ( 0.481 seconds )

0.481 Malheur


Task ID	215079
Mongo ID	5bf29b0f2e06334adc6c891f
Cuckoo release	1.4-Maldun