分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2018-11-19 19:48:13 | 2018-11-19 19:50:48 | 155 秒 |
魔盾分数
10.0
危险的
文件详细信息
| 文件名 | csrss.exe |
|---|---|
| 文件大小 | 2162688 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 8b9918107454e3d2c7ea96f90dc36da7 |
| SHA1 | 7ddc566a9eba1b2bf577e5a999e43dccdfdec6a1 |
| SHA256 | 79637ba163cbf9300df495d67a9b12c668ed65947bed07329ef0540f620f2b6f |
| SHA512 | 090bccba552440f0cb973f1d7d200ea821bc35a794490d9c7de102b965928674658f5f1e182243d6bd85239c2adc3c2a275ad052d1537b835e6b77e1bdf8f051 |
| CRC32 | B6804074 |
| Ssdeep | 49152:G5lAuX7BeLJoTL/msPPw9oZp+s8KuqGaX0ToIBAUZLYws9:We9sL/fPP6bJBAUZLe |
| Yara | 登录查看Yara规则 |
| 样本下载 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x004b4630 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x00213d4e |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2018-11-18 23:50:26 |
| 载入哈希 | c8ba2b862a1d7964c5bf2159f079e17e |
版本信息
| LegalCopyright | |
|---|---|
| FileVersion | |
| CompanyName | |
| Comments | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x000d4742 | 0x000d5000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.62 |
| .rdata | 0x000d6000 | 0x00111aca | 0x00112000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.20 |
| .data | 0x001e8000 | 0x0006202a | 0x00022000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 5.25 |
| .rsrc | 0x0024b000 | 0x00005470 | 0x00006000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.04 |
导入
库: WINMM.dll:
• 0x4d6698 midiStreamOut
• 0x4d669c midiOutPrepareHeader
• 0x4d66a0 waveOutPause
• 0x4d66a4 waveOutReset
• 0x4d66a8 waveOutClose
• 0x4d66ac waveOutGetNumDevs
• 0x4d66b0 waveOutOpen
• 0x4d66b4 midiOutUnprepareHeader
• 0x4d66b8 midiStreamOpen
• 0x4d66bc midiStreamProperty
• 0x4d66c0 waveOutUnprepareHeader
• 0x4d66c4 midiStreamStop
• 0x4d66c8 midiOutReset
• 0x4d66cc midiStreamClose
• 0x4d66d0 midiStreamRestart
• 0x4d66d4 waveOutWrite
• 0x4d66d8 waveOutPrepareHeader
库: WS2_32.dll:
• 0x4d66f0 closesocket
• 0x4d66f4 WSACleanup
• 0x4d66f8 WSAAsyncSelect
• 0x4d66fc accept
• 0x4d6700 ntohs
• 0x4d6704 htons
• 0x4d6708 recvfrom
• 0x4d670c ioctlsocket
• 0x4d6710 recv
• 0x4d6714 inet_ntoa
• 0x4d6718 getpeername
库: KERNEL32.dll:
• 0x4d618c GetCurrentProcess
• 0x4d6190 TerminateProcess
• 0x4d6194 MultiByteToWideChar
• 0x4d6198 SetLastError
• 0x4d619c GetTimeZoneInformation
• 0x4d61a0 GetVersion
• 0x4d61a4 WideCharToMultiByte
• 0x4d61a8 SetFilePointer
• 0x4d61ac GetSystemInfo
• 0x4d61b0 IsProcessorFeaturePresent
• 0x4d61b4 lstrcmpiA
• 0x4d61b8 GetACP
• 0x4d61bc GetEnvironmentStrings
• 0x4d61c0 FreeEnvironmentStringsW
• 0x4d61c4 FreeEnvironmentStringsA
• 0x4d61c8 UnhandledExceptionFilter
• 0x4d61cc HeapSize
• 0x4d61d0 RaiseException
• 0x4d61d4 GetLocalTime
• 0x4d61d8 GetSystemTime
• 0x4d61dc RtlUnwind
• 0x4d61e0 GetStartupInfoA
• 0x4d61e4 GetOEMCP
• 0x4d61e8 GetCPInfo
• 0x4d61ec GetProcessVersion
• 0x4d61f0 SetErrorMode
• 0x4d61f4 GlobalFlags
• 0x4d61f8 GetCurrentThread
• 0x4d61fc GetFileTime
• 0x4d6200 TlsGetValue
• 0x4d6204 LocalReAlloc
• 0x4d6208 TlsSetValue
• 0x4d620c TlsFree
• 0x4d6210 GlobalHandle
• 0x4d6214 TlsAlloc
• 0x4d6218 LocalAlloc
• 0x4d621c lstrcmpA
• 0x4d6220 GlobalGetAtomNameA
• 0x4d6224 GlobalAddAtomA
• 0x4d6228 GlobalFindAtomA
• 0x4d622c GlobalDeleteAtom
• 0x4d6230 SetEndOfFile
• 0x4d6234 UnlockFile
• 0x4d6238 LockFile
• 0x4d623c FlushFileBuffers
• 0x4d6240 DuplicateHandle
• 0x4d6244 lstrcpynA
• 0x4d6248 FileTimeToLocalFileTime
• 0x4d624c FileTimeToSystemTime
• 0x4d6250 LocalFree
• 0x4d6254 GetFileSize
• 0x4d6258 InterlockedIncrement
• 0x4d625c InterlockedDecrement
• 0x4d6260 GetSystemDirectoryA
• 0x4d6264 CreateFileMappingA
• 0x4d6268 MapViewOfFile
• 0x4d626c UnmapViewOfFile
• 0x4d6270 OpenFileMappingA
• 0x4d6274 ReleaseMutex
• 0x4d6278 CreateSemaphoreA
• 0x4d627c ResumeThread
• 0x4d6280 ReleaseSemaphore
• 0x4d6284 EnterCriticalSection
• 0x4d6288 LeaveCriticalSection
• 0x4d628c GetProfileStringA
• 0x4d6290 WriteFile
• 0x4d6294 WaitForMultipleObjects
• 0x4d6298 CreateFileA
• 0x4d629c SetEvent
• 0x4d62a0 FindResourceA
• 0x4d62a4 LoadResource
• 0x4d62a8 LockResource
• 0x4d62ac ReadFile
• 0x4d62b0 lstrlenW
• 0x4d62b4 GetModuleFileNameA
• 0x4d62b8 GetCurrentThreadId
• 0x4d62bc ExitProcess
• 0x4d62c0 GlobalSize
• 0x4d62c4 GlobalFree
• 0x4d62c8 InterlockedExchange
• 0x4d62cc DeleteCriticalSection
• 0x4d62d0 InitializeCriticalSection
• 0x4d62d4 lstrcatA
• 0x4d62d8 lstrlenA
• 0x4d62dc WinExec
• 0x4d62e0 lstrcpyA
• 0x4d62e4 FindNextFileA
• 0x4d62e8 GlobalReAlloc
• 0x4d62ec HeapFree
• 0x4d62f0 HeapReAlloc
• 0x4d62f4 GetProcessHeap
• 0x4d62f8 HeapAlloc
• 0x4d62fc GetUserDefaultLCID
• 0x4d6300 GetFullPathNameA
• 0x4d6304 FreeLibrary
• 0x4d6308 LoadLibraryA
• 0x4d630c GetLastError
• 0x4d6310 GetVersionExA
• 0x4d6314 WritePrivateProfileStringA
• 0x4d6318 GetPrivateProfileStringA
• 0x4d631c CreateThread
• 0x4d6320 CreateEventA
• 0x4d6324 Sleep
• 0x4d6328 ExpandEnvironmentStringsA
• 0x4d632c GlobalAlloc
• 0x4d6330 GlobalLock
• 0x4d6334 GlobalUnlock
• 0x4d6338 FindFirstFileA
• 0x4d633c FindClose
• 0x4d6340 GetFileAttributesA
• 0x4d6344 CopyFileA
• 0x4d6348 GetCurrentDirectoryA
• 0x4d634c SetCurrentDirectoryA
• 0x4d6350 GetVolumeInformationA
• 0x4d6354 GetModuleHandleA
• 0x4d6358 GetProcAddress
• 0x4d635c MulDiv
• 0x4d6360 GetCommandLineA
• 0x4d6364 GetTickCount
• 0x4d6368 CreateProcessA
• 0x4d636c WaitForSingleObject
• 0x4d6370 CloseHandle
• 0x4d6374 GetEnvironmentStringsW
• 0x4d6378 SetHandleCount
• 0x4d637c GetStdHandle
• 0x4d6380 GetFileType
• 0x4d6384 GetEnvironmentVariableA
• 0x4d6388 HeapDestroy
• 0x4d638c HeapCreate
• 0x4d6390 VirtualFree
• 0x4d6394 SetEnvironmentVariableA
• 0x4d6398 LCMapStringA
• 0x4d639c LCMapStringW
• 0x4d63a0 VirtualAlloc
• 0x4d63a4 IsBadWritePtr
• 0x4d63a8 SetUnhandledExceptionFilter
• 0x4d63ac GetStringTypeA
• 0x4d63b0 GetStringTypeW
• 0x4d63b4 CompareStringA
• 0x4d63b8 CompareStringW
• 0x4d63bc IsBadReadPtr
• 0x4d63c0 IsBadCodePtr
• 0x4d63c4 SetStdHandle
库: USER32.dll:
• 0x4d6428 SetFocus
• 0x4d642c GetActiveWindow
• 0x4d6430 GetSysColorBrush
• 0x4d6434 LoadStringA
• 0x4d6438 DefWindowProcA
• 0x4d643c GetClassInfoA
• 0x4d6440 IsZoomed
• 0x4d6444 PostQuitMessage
• 0x4d6448 CopyAcceleratorTableA
• 0x4d644c GetKeyState
• 0x4d6450 TranslateAcceleratorA
• 0x4d6454 IsWindowEnabled
• 0x4d6458 ShowWindow
• 0x4d645c SystemParametersInfoA
• 0x4d6460 LoadImageA
• 0x4d6464 EnumDisplaySettingsA
• 0x4d6468 ClientToScreen
• 0x4d646c EnableMenuItem
• 0x4d6470 GetSubMenu
• 0x4d6474 GetDlgCtrlID
• 0x4d6478 CreateAcceleratorTableA
• 0x4d647c CreateMenu
• 0x4d6480 ModifyMenuA
• 0x4d6484 AppendMenuA
• 0x4d6488 CreatePopupMenu
• 0x4d648c DrawIconEx
• 0x4d6490 CreateIconFromResource
• 0x4d6494 RegisterClipboardFormatA
• 0x4d6498 SetRectEmpty
• 0x4d649c DispatchMessageA
• 0x4d64a0 GetMessageA
• 0x4d64a4 WindowFromPoint
• 0x4d64a8 DrawFocusRect
• 0x4d64ac DestroyAcceleratorTable
• 0x4d64b0 SetWindowRgn
• 0x4d64b4 GetMessagePos
• 0x4d64b8 ScreenToClient
• 0x4d64bc ChildWindowFromPointEx
• 0x4d64c0 CopyRect
• 0x4d64c4 LoadBitmapA
• 0x4d64c8 WinHelpA
• 0x4d64cc KillTimer
• 0x4d64d0 SetTimer
• 0x4d64d4 ReleaseCapture
• 0x4d64d8 GetCapture
• 0x4d64dc SetCapture
• 0x4d64e0 GetScrollRange
• 0x4d64e4 SetScrollRange
• 0x4d64e8 SetScrollPos
• 0x4d64ec GetMenuCheckMarkDimensions
• 0x4d64f0 GetMenuState
• 0x4d64f4 SetMenuItemBitmaps
• 0x4d64f8 CheckMenuItem
• 0x4d64fc MoveWindow
• 0x4d6500 IsIconic
• 0x4d6504 InflateRect
• 0x4d6508 IntersectRect
• 0x4d650c DestroyIcon
• 0x4d6510 PtInRect
• 0x4d6514 OffsetRect
• 0x4d6518 IsWindowVisible
• 0x4d651c EnableWindow
• 0x4d6520 RedrawWindow
• 0x4d6524 GetWindowLongA
• 0x4d6528 SetWindowLongA
• 0x4d652c GetSysColor
• 0x4d6530 SetActiveWindow
• 0x4d6534 SetCursorPos
• 0x4d6538 LoadCursorA
• 0x4d653c SetCursor
• 0x4d6540 GetDC
• 0x4d6544 FillRect
• 0x4d6548 IsRectEmpty
• 0x4d654c ReleaseDC
• 0x4d6550 IsChild
• 0x4d6554 DestroyMenu
• 0x4d6558 SetForegroundWindow
• 0x4d655c GetWindowRect
• 0x4d6560 EqualRect
• 0x4d6564 UpdateWindow
• 0x4d6568 ValidateRect
• 0x4d656c InvalidateRect
• 0x4d6570 GetClientRect
• 0x4d6574 GetFocus
• 0x4d6578 GetParent
• 0x4d657c GetTopWindow
• 0x4d6580 PostMessageA
• 0x4d6584 IsWindow
• 0x4d6588 SetParent
• 0x4d658c DestroyCursor
• 0x4d6590 SendMessageA
• 0x4d6594 SetWindowPos
• 0x4d6598 MessageBoxA
• 0x4d659c GetCursorPos
• 0x4d65a0 GetSystemMetrics
• 0x4d65a4 EmptyClipboard
• 0x4d65a8 SetClipboardData
• 0x4d65ac OpenClipboard
• 0x4d65b0 GetClipboardData
• 0x4d65b4 CloseClipboard
• 0x4d65b8 wsprintfA
• 0x4d65bc WaitForInputIdle
• 0x4d65c0 PeekMessageA
• 0x4d65c4 DrawEdge
• 0x4d65c8 DrawFrameControl
• 0x4d65cc TranslateMessage
• 0x4d65d0 LoadIconA
• 0x4d65d4 GetDesktopWindow
• 0x4d65d8 GetClassNameA
• 0x4d65dc GetDlgItem
• 0x4d65e0 GetWindowTextA
• 0x4d65e4 GetForegroundWindow
• 0x4d65e8 SetMenu
• 0x4d65ec GetMenu
• 0x4d65f0 DeleteMenu
• 0x4d65f4 SetRect
• 0x4d65f8 GetSystemMenu
• 0x4d65fc GetWindow
• 0x4d6600 UnregisterClassA
• 0x4d6604 CreateIconFromResourceEx
• 0x4d6608 GetWindowTextLengthA
• 0x4d660c CharUpperA
• 0x4d6610 GetWindowDC
• 0x4d6614 BeginPaint
• 0x4d6618 EndPaint
• 0x4d661c TabbedTextOutA
• 0x4d6620 DrawTextA
• 0x4d6624 GrayStringA
• 0x4d6628 DestroyWindow
• 0x4d662c CreateDialogIndirectParamA
• 0x4d6630 EndDialog
• 0x4d6634 GetNextDlgTabItem
• 0x4d6638 GetWindowPlacement
• 0x4d663c RegisterWindowMessageA
• 0x4d6640 GetLastActivePopup
• 0x4d6644 GetMessageTime
• 0x4d6648 RemovePropA
• 0x4d664c CallWindowProcA
• 0x4d6650 GetPropA
• 0x4d6654 UnhookWindowsHookEx
• 0x4d6658 SetPropA
• 0x4d665c GetClassLongA
• 0x4d6660 CallNextHookEx
• 0x4d6664 SetWindowsHookExA
• 0x4d6668 CreateWindowExA
• 0x4d666c GetMenuItemID
• 0x4d6670 GetMenuItemCount
• 0x4d6674 RegisterClassA
• 0x4d6678 GetScrollPos
• 0x4d667c AdjustWindowRectEx
• 0x4d6680 MapWindowPoints
• 0x4d6684 SendDlgItemMessageA
• 0x4d6688 ScrollWindowEx
• 0x4d668c IsDialogMessageA
• 0x4d6690 SetWindowTextA
库: GDI32.dll:
• 0x4d6040 ExtSelectClipRgn
• 0x4d6044 LineTo
• 0x4d6048 MoveToEx
• 0x4d604c ExcludeClipRect
• 0x4d6050 GetClipBox
• 0x4d6054 ScaleWindowExtEx
• 0x4d6058 PatBlt
• 0x4d605c CombineRgn
• 0x4d6060 CreateRectRgn
• 0x4d6064 FillRgn
• 0x4d6068 CreateSolidBrush
• 0x4d606c CreateFontIndirectA
• 0x4d6070 GetStockObject
• 0x4d6074 GetObjectA
• 0x4d6078 EndPage
• 0x4d607c EndDoc
• 0x4d6080 DeleteDC
• 0x4d6084 StartDocA
• 0x4d6088 StartPage
• 0x4d608c BitBlt
• 0x4d6090 CreateCompatibleDC
• 0x4d6094 Ellipse
• 0x4d6098 LPtoDP
• 0x4d609c DPtoLP
• 0x4d60a0 GetCurrentObject
• 0x4d60a4 RoundRect
• 0x4d60a8 GetTextExtentPoint32A
• 0x4d60ac GetDeviceCaps
• 0x4d60b0 GetClipRgn
• 0x4d60b4 SetStretchBltMode
• 0x4d60b8 CreateRectRgnIndirect
• 0x4d60bc SetBkColor
• 0x4d60c0 SetWindowExtEx
• 0x4d60c4 SetWindowOrgEx
• 0x4d60c8 ScaleViewportExtEx
• 0x4d60cc SetViewportExtEx
• 0x4d60d0 OffsetViewportOrgEx
• 0x4d60d4 SetViewportOrgEx
• 0x4d60d8 SetMapMode
• 0x4d60dc SetTextColor
• 0x4d60e0 SetROP2
• 0x4d60e4 SetPolyFillMode
• 0x4d60e8 SetBkMode
• 0x4d60ec GetViewportExtEx
• 0x4d60f0 PtVisible
• 0x4d60f4 RectVisible
• 0x4d60f8 TextOutA
• 0x4d60fc ExtTextOutA
• 0x4d6100 Escape
• 0x4d6104 GetTextMetricsA
• 0x4d6108 CreatePen
• 0x4d610c SelectObject
• 0x4d6110 CreateBitmap
• 0x4d6114 CreateDCA
• 0x4d6118 CreateCompatibleBitmap
• 0x4d611c GetPolyFillMode
• 0x4d6120 GetStretchBltMode
• 0x4d6124 GetROP2
• 0x4d6128 GetBkColor
• 0x4d612c GetBkMode
• 0x4d6130 GetTextColor
• 0x4d6134 CreateRoundRectRgn
• 0x4d6138 RestoreDC
• 0x4d613c SaveDC
• 0x4d6140 CreateEllipticRgn
• 0x4d6144 PathToRegion
• 0x4d6148 EndPath
• 0x4d614c BeginPath
• 0x4d6150 GetWindowOrgEx
• 0x4d6154 GetViewportOrgEx
• 0x4d6158 GetWindowExtEx
• 0x4d615c GetDIBits
• 0x4d6160 CreatePolygonRgn
• 0x4d6164 SelectPalette
• 0x4d6168 StretchBlt
• 0x4d616c CreatePalette
• 0x4d6170 GetSystemPaletteEntries
• 0x4d6174 CreateDIBitmap
• 0x4d6178 DeleteObject
• 0x4d617c Rectangle
• 0x4d6180 RealizePalette
• 0x4d6184 SelectClipRgn
库: ADVAPI32.dll:
• 0x4d6000 RegQueryValueExA
• 0x4d6004 RegOpenKeyExA
• 0x4d6008 RegSetValueExA
• 0x4d600c RegDeleteValueA
• 0x4d6010 RegDeleteKeyA
• 0x4d6014 RegQueryValueA
• 0x4d6018 RegCreateKeyExA
• 0x4d601c RegEnumKeyA
• 0x4d6020 RegOpenKeyA
• 0x4d6024 SetSecurityDescriptorDacl
• 0x4d6028 InitializeSecurityDescriptor
• 0x4d602c RegCloseKey
库: ole32.dll:
• 0x4d6734 CLSIDFromProgID
• 0x4d6738 OleRun
• 0x4d673c CoCreateInstance
• 0x4d6740 CLSIDFromString
• 0x4d6744 OleUninitialize
• 0x4d6748 OleInitialize
库: OLEAUT32.dll:
• 0x4d63cc UnRegisterTypeLib
• 0x4d63d0 LoadTypeLib
• 0x4d63d4 LHashValOfNameSys
• 0x4d63d8 RegisterTypeLib
• 0x4d63dc SafeArrayPutElement
• 0x4d63e0 SafeArrayCreate
• 0x4d63e4 SafeArrayDestroy
• 0x4d63e8 SysAllocString
• 0x4d63ec VariantInit
• 0x4d63f0 VariantCopyInd
• 0x4d63f4 SafeArrayGetElement
• 0x4d63f8 SafeArrayAccessData
• 0x4d63fc SafeArrayUnaccessData
• 0x4d6400 SafeArrayGetDim
• 0x4d6404 SafeArrayGetLBound
• 0x4d6408 SafeArrayGetUBound
• 0x4d640c VariantChangeType
• 0x4d6410 VariantClear
• 0x4d6414 VariantCopy
库: comdlg32.dll:
• 0x4d6720 GetFileTitleA
• 0x4d6724 GetSaveFileNameA
• 0x4d6728 GetOpenFileNameA
• 0x4d672c ChooseColorA
.text
`.rdata
@.data
.rsrc
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 28.24 seconds )
- 11.855 Suricata
- 7.575 Static
- 3.901 TargetInfo
- 3.368 VirusTotal
- 0.587 BehaviorAnalysis
- 0.458 peid
- 0.356 NetworkAnalysis
- 0.062 Debug
- 0.054 AnalysisInfo
- 0.014 Strings
- 0.007 config_decoder
- 0.003 Memory
Signatures ( 0.43 seconds )
- 0.15 md_bad_drop
- 0.032 api_spamming
- 0.029 antiav_detectreg
- 0.027 stealth_timeout
- 0.024 stealth_decoy_document
- 0.02 md_domain_bl
- 0.02 md_url_bl
- 0.012 infostealer_ftp
- 0.008 antiav_detectfile
- 0.007 anomaly_persistence_autorun
- 0.007 infostealer_im
- 0.007 ransomware_files
- 0.006 antiemu_wine_func
- 0.006 kovter_behavior
- 0.006 ransomware_extensions
- 0.005 infostealer_browser_password
- 0.005 infostealer_bitcoin
- 0.005 infostealer_mail
- 0.003 tinba_behavior
- 0.003 antivm_vbox_libs
- 0.003 antivm_vbox_files
- 0.003 geodo_banking_trojan
- 0.003 disables_browser_warn
- 0.002 rat_nanocore
- 0.002 betabot_behavior
- 0.002 ransomeware_modifies_desktop_wallpaper
- 0.002 cerber_behavior
- 0.002 browser_security
- 0.002 modify_proxy
- 0.001 antiav_avast_libs
- 0.001 injection_createremotethread
- 0.001 antivm_vbox_window
- 0.001 ursnif_behavior
- 0.001 antisandbox_sunbelt_libs
- 0.001 kibex_behavior
- 0.001 antivm_generic_scsi
- 0.001 shifu_behavior
- 0.001 exec_crash
- 0.001 antisandbox_script_timer
- 0.001 antivm_generic_diskreg
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 darkcomet_regkeys
- 0.001 office_security
- 0.001 rat_pcclient
- 0.001 rat_spynet
- 0.001 recon_fingerprint
- 0.001 stealth_hide_notifications
- 0.001 stealth_modify_uac_prompt
- 0.001 stealth_modify_security_center_warnings
Reporting ( 0.392 seconds )
- 0.392 Malheur
| Task ID | 215085 |
|---|---|
| Mongo ID | 5bf2a3bd2e06334ae26c8d18 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号