分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2019-01-21 21:42:24 | 2019-01-21 21:45:16 | 172 秒 |
魔盾分数
5.6
可疑的
文件详细信息
| 文件名 | 整合包生成器.exe |
|---|---|
| 文件大小 | 712704 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 572dd9a348c4bd4a5f7f889d001ec4bc |
| SHA1 | 142b9e40eadf21d30e029297a35f6f32a2d6f134 |
| SHA256 | 3adf86590dfd2cce27906dd7001f63fcdd4cad42c71fc8870b6d1c0b0aa47a20 |
| SHA512 | 432f7ac07cf1ccd36ede9fba3ac87c3b6535a95954728adc0cda0c110bf1a66c6489d2f8b4be8a854f0af18d459ead2b260c0dbc25e85252f4c0abc73c3fcef2 |
| CRC32 | 17CBACA0 |
| Ssdeep | 12288:pz9WeBneuUGNG/MC86kdOlEQbKKeqbJBLBkAZSz68:pzYYnRUIGC6sQEQbNbPZSzn |
| Yara | 登录查看Yara规则 |
| 样本下载 提交漏报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x0045f797 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x000bc1a2 |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2016-04-26 16:41:40 |
| 载入哈希 | 6a7aa5c5a98b59b5e39e75c0c4a18c15 |
版本信息
| LegalCopyright | |
|---|---|
| FileVersion | |
| CompanyName | |
| Comments | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x0007d30a | 0x0007e000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.58 |
| .rdata | 0x0007f000 | 0x000141d6 | 0x00015000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.50 |
| .data | 0x00094000 | 0x000268e8 | 0x00014000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.89 |
| .rsrc | 0x000bb000 | 0x00005778 | 0x00006000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.76 |
导入
库: KERNEL32.dll:
• 0x47f170 SetEndOfFile
• 0x47f174 UnlockFile
• 0x47f178 LockFile
• 0x47f17c FlushFileBuffers
• 0x47f180 SetFilePointer
• 0x47f184 GetCurrentProcess
• 0x47f188 DuplicateHandle
• 0x47f18c lstrcpynA
• 0x47f190 SetLastError
• 0x47f194 FileTimeToLocalFileTime
• 0x47f198 FileTimeToSystemTime
• 0x47f19c LocalFree
• 0x47f1a0 MultiByteToWideChar
• 0x47f1a4 WideCharToMultiByte
• 0x47f1a8 InterlockedDecrement
• 0x47f1ac CreateSemaphoreA
• 0x47f1b0 ResumeThread
• 0x47f1b4 ReleaseSemaphore
• 0x47f1b8 SetStdHandle
• 0x47f1bc IsBadCodePtr
• 0x47f1c0 IsBadReadPtr
• 0x47f1c4 CompareStringW
• 0x47f1c8 CompareStringA
• 0x47f1cc SetUnhandledExceptionFilter
• 0x47f1d0 GetStringTypeW
• 0x47f1d4 GetStringTypeA
• 0x47f1d8 IsBadWritePtr
• 0x47f1dc VirtualAlloc
• 0x47f1e0 LCMapStringW
• 0x47f1e4 LCMapStringA
• 0x47f1e8 SetEnvironmentVariableA
• 0x47f1ec VirtualFree
• 0x47f1f0 HeapCreate
• 0x47f1f4 HeapDestroy
• 0x47f1f8 GetEnvironmentVariableA
• 0x47f1fc GetFileType
• 0x47f200 GetStdHandle
• 0x47f204 SetHandleCount
• 0x47f208 GetEnvironmentStringsW
• 0x47f20c GetEnvironmentStrings
• 0x47f210 FreeEnvironmentStringsW
• 0x47f214 FreeEnvironmentStringsA
• 0x47f218 UnhandledExceptionFilter
• 0x47f21c GetACP
• 0x47f220 HeapSize
• 0x47f224 EnterCriticalSection
• 0x47f228 LeaveCriticalSection
• 0x47f22c GetProfileStringA
• 0x47f230 WriteFile
• 0x47f234 ReadFile
• 0x47f238 GetLastError
• 0x47f23c WaitForMultipleObjects
• 0x47f240 CreateFileA
• 0x47f244 SetEvent
• 0x47f248 FindResourceA
• 0x47f24c LoadResource
• 0x47f250 LockResource
• 0x47f254 GetModuleFileNameA
• 0x47f258 GetCurrentThreadId
• 0x47f25c ExitProcess
• 0x47f260 GlobalSize
• 0x47f264 GlobalFree
• 0x47f268 DeleteCriticalSection
• 0x47f26c InitializeCriticalSection
• 0x47f270 lstrcatA
• 0x47f274 lstrlenA
• 0x47f278 WinExec
• 0x47f27c lstrcpyA
• 0x47f280 FindNextFileA
• 0x47f284 GlobalReAlloc
• 0x47f288 HeapFree
• 0x47f28c HeapReAlloc
• 0x47f290 GetProcessHeap
• 0x47f294 HeapAlloc
• 0x47f298 GetFullPathNameA
• 0x47f29c FreeLibrary
• 0x47f2a0 LoadLibraryA
• 0x47f2a4 GetVersionExA
• 0x47f2a8 WritePrivateProfileStringA
• 0x47f2ac CreateThread
• 0x47f2b0 CreateEventA
• 0x47f2b4 Sleep
• 0x47f2b8 GlobalAlloc
• 0x47f2bc GlobalLock
• 0x47f2c0 GlobalUnlock
• 0x47f2c4 FindFirstFileA
• 0x47f2c8 FindClose
• 0x47f2cc GetFileAttributesA
• 0x47f2d0 TerminateProcess
• 0x47f2d4 GetLocalTime
• 0x47f2d8 GetSystemTime
• 0x47f2dc GetTimeZoneInformation
• 0x47f2e0 RaiseException
• 0x47f2e4 RtlUnwind
• 0x47f2e8 GetStartupInfoA
• 0x47f2ec GetOEMCP
• 0x47f2f0 GetCPInfo
• 0x47f2f4 GetProcessVersion
• 0x47f2f8 SetErrorMode
• 0x47f2fc GlobalFlags
• 0x47f300 GetCurrentThread
• 0x47f304 GetFileTime
• 0x47f308 GetFileSize
• 0x47f30c TlsGetValue
• 0x47f310 LocalReAlloc
• 0x47f314 TlsSetValue
• 0x47f318 TlsFree
• 0x47f31c GlobalHandle
• 0x47f320 TlsAlloc
• 0x47f324 LocalAlloc
• 0x47f328 SetCurrentDirectoryA
• 0x47f32c GetVolumeInformationA
• 0x47f330 GetModuleHandleA
• 0x47f334 GetProcAddress
• 0x47f338 lstrcmpA
• 0x47f33c GetVersion
• 0x47f340 GlobalGetAtomNameA
• 0x47f344 GlobalAddAtomA
• 0x47f348 GlobalFindAtomA
• 0x47f34c GlobalDeleteAtom
• 0x47f350 lstrcmpiA
• 0x47f354 MulDiv
• 0x47f358 GetCommandLineA
• 0x47f35c GetTickCount
• 0x47f360 WaitForSingleObject
• 0x47f364 CloseHandle
• 0x47f368 InterlockedIncrement
库: USER32.dll:
• 0x47f38c OpenClipboard
• 0x47f390 SetClipboardData
• 0x47f394 EmptyClipboard
• 0x47f398 GetSystemMetrics
• 0x47f39c GetCursorPos
• 0x47f3a0 MessageBoxA
• 0x47f3a4 SetWindowPos
• 0x47f3a8 SendMessageA
• 0x47f3ac DestroyCursor
• 0x47f3b0 SetParent
• 0x47f3b4 GetClipboardData
• 0x47f3b8 PostMessageA
• 0x47f3bc GetTopWindow
• 0x47f3c0 GetParent
• 0x47f3c4 GetFocus
• 0x47f3c8 GetClientRect
• 0x47f3cc InvalidateRect
• 0x47f3d0 ValidateRect
• 0x47f3d4 UpdateWindow
• 0x47f3d8 CloseClipboard
• 0x47f3dc wsprintfA
• 0x47f3e0 EqualRect
• 0x47f3e4 GetWindowRect
• 0x47f3e8 SetForegroundWindow
• 0x47f3ec IsWindow
• 0x47f3f0 DestroyMenu
• 0x47f3f4 IsChild
• 0x47f3f8 ReleaseDC
• 0x47f3fc IsRectEmpty
• 0x47f400 FillRect
• 0x47f404 GetDC
• 0x47f408 SetCursor
• 0x47f40c LoadCursorA
• 0x47f410 SetCursorPos
• 0x47f414 SetActiveWindow
• 0x47f418 GetSysColor
• 0x47f41c SetWindowLongA
• 0x47f420 GetWindowLongA
• 0x47f424 RedrawWindow
• 0x47f428 EnableWindow
• 0x47f42c IsWindowVisible
• 0x47f430 OffsetRect
• 0x47f434 PtInRect
• 0x47f438 DestroyIcon
• 0x47f43c IntersectRect
• 0x47f440 InflateRect
• 0x47f444 SetRect
• 0x47f448 SetScrollPos
• 0x47f44c SetScrollRange
• 0x47f450 GetScrollRange
• 0x47f454 SetCapture
• 0x47f458 GetCapture
• 0x47f45c ReleaseCapture
• 0x47f460 LoadIconA
• 0x47f464 TranslateMessage
• 0x47f468 DrawFrameControl
• 0x47f46c DrawEdge
• 0x47f470 DrawFocusRect
• 0x47f474 WindowFromPoint
• 0x47f478 GetMessageA
• 0x47f47c DispatchMessageA
• 0x47f480 SetRectEmpty
• 0x47f484 RegisterClipboardFormatA
• 0x47f488 CreateIconFromResourceEx
• 0x47f48c CreateIconFromResource
• 0x47f490 DrawIconEx
• 0x47f494 CreatePopupMenu
• 0x47f498 AppendMenuA
• 0x47f49c ModifyMenuA
• 0x47f4a0 CreateMenu
• 0x47f4a4 CreateAcceleratorTableA
• 0x47f4a8 GetDlgCtrlID
• 0x47f4ac GetSubMenu
• 0x47f4b0 EnableMenuItem
• 0x47f4b4 ClientToScreen
• 0x47f4b8 EnumDisplaySettingsA
• 0x47f4bc LoadImageA
• 0x47f4c0 SystemParametersInfoA
• 0x47f4c4 ShowWindow
• 0x47f4c8 IsWindowEnabled
• 0x47f4cc TranslateAcceleratorA
• 0x47f4d0 GetKeyState
• 0x47f4d4 CopyAcceleratorTableA
• 0x47f4d8 PostQuitMessage
• 0x47f4dc IsZoomed
• 0x47f4e0 GetClassInfoA
• 0x47f4e4 GetWindowTextA
• 0x47f4e8 GetWindowTextLengthA
• 0x47f4ec CharUpperA
• 0x47f4f0 GetWindowDC
• 0x47f4f4 BeginPaint
• 0x47f4f8 EndPaint
• 0x47f4fc TabbedTextOutA
• 0x47f500 DrawTextA
• 0x47f504 GrayStringA
• 0x47f508 GetDlgItem
• 0x47f50c DestroyWindow
• 0x47f510 CreateDialogIndirectParamA
• 0x47f514 EndDialog
• 0x47f518 GetNextDlgTabItem
• 0x47f51c GetWindowPlacement
• 0x47f520 RegisterWindowMessageA
• 0x47f524 GetForegroundWindow
• 0x47f528 GetLastActivePopup
• 0x47f52c GetMessageTime
• 0x47f530 RemovePropA
• 0x47f534 CallWindowProcA
• 0x47f538 GetPropA
• 0x47f53c UnhookWindowsHookEx
• 0x47f540 SetPropA
• 0x47f544 GetClassLongA
• 0x47f548 CallNextHookEx
• 0x47f54c SetWindowsHookExA
• 0x47f550 CreateWindowExA
• 0x47f554 GetMenuItemID
• 0x47f558 GetMenuItemCount
• 0x47f55c RegisterClassA
• 0x47f560 GetScrollPos
• 0x47f564 UnregisterClassA
• 0x47f568 AdjustWindowRectEx
• 0x47f56c MapWindowPoints
• 0x47f570 SendDlgItemMessageA
• 0x47f574 ScrollWindowEx
• 0x47f578 IsDialogMessageA
• 0x47f57c SetWindowTextA
• 0x47f580 MoveWindow
• 0x47f584 CheckMenuItem
• 0x47f588 SetMenuItemBitmaps
• 0x47f58c GetMenuState
• 0x47f590 GetMenuCheckMarkDimensions
• 0x47f594 GetClassNameA
• 0x47f598 GetDesktopWindow
• 0x47f59c LoadStringA
• 0x47f5a0 GetSysColorBrush
• 0x47f5a4 DefWindowProcA
• 0x47f5a8 GetSystemMenu
• 0x47f5ac DeleteMenu
• 0x47f5b0 GetMenu
• 0x47f5b4 SetMenu
• 0x47f5b8 PeekMessageA
• 0x47f5bc IsIconic
• 0x47f5c0 SetFocus
• 0x47f5c4 GetActiveWindow
• 0x47f5c8 GetWindow
• 0x47f5cc DestroyAcceleratorTable
• 0x47f5d0 SetWindowRgn
• 0x47f5d4 GetMessagePos
• 0x47f5d8 ScreenToClient
• 0x47f5dc ChildWindowFromPointEx
• 0x47f5e0 CopyRect
• 0x47f5e4 LoadBitmapA
• 0x47f5e8 WinHelpA
• 0x47f5ec KillTimer
• 0x47f5f0 SetTimer
库: GDI32.dll:
• 0x47f024 GetClipRgn
• 0x47f028 CreatePolygonRgn
• 0x47f02c SelectClipRgn
• 0x47f030 DeleteObject
• 0x47f034 CreateDIBitmap
• 0x47f038 GetSystemPaletteEntries
• 0x47f03c CreatePalette
• 0x47f040 StretchBlt
• 0x47f044 SelectPalette
• 0x47f048 RealizePalette
• 0x47f04c GetDIBits
• 0x47f050 GetWindowExtEx
• 0x47f054 GetViewportOrgEx
• 0x47f058 GetWindowOrgEx
• 0x47f05c BeginPath
• 0x47f060 EndPath
• 0x47f064 PathToRegion
• 0x47f068 CreateEllipticRgn
• 0x47f06c CreateRoundRectRgn
• 0x47f070 GetTextColor
• 0x47f074 GetBkMode
• 0x47f078 GetBkColor
• 0x47f07c GetROP2
• 0x47f080 GetStretchBltMode
• 0x47f084 GetPolyFillMode
• 0x47f088 CreateCompatibleBitmap
• 0x47f08c CreateDCA
• 0x47f090 CreateBitmap
• 0x47f094 SelectObject
• 0x47f098 GetObjectA
• 0x47f09c CreatePen
• 0x47f0a0 PatBlt
• 0x47f0a4 CombineRgn
• 0x47f0a8 SetStretchBltMode
• 0x47f0ac FillRgn
• 0x47f0b0 CreateSolidBrush
• 0x47f0b4 GetStockObject
• 0x47f0b8 CreateFontIndirectA
• 0x47f0bc EndPage
• 0x47f0c0 EndDoc
• 0x47f0c4 DeleteDC
• 0x47f0c8 StartDocA
• 0x47f0cc StartPage
• 0x47f0d0 BitBlt
• 0x47f0d4 CreateCompatibleDC
• 0x47f0d8 Ellipse
• 0x47f0dc Rectangle
• 0x47f0e0 LPtoDP
• 0x47f0e4 DPtoLP
• 0x47f0e8 GetCurrentObject
• 0x47f0ec RoundRect
• 0x47f0f0 GetTextExtentPoint32A
• 0x47f0f4 GetDeviceCaps
• 0x47f0f8 SaveDC
• 0x47f0fc RestoreDC
• 0x47f100 SetBkMode
• 0x47f104 SetPolyFillMode
• 0x47f108 SetROP2
• 0x47f10c SetTextColor
• 0x47f110 SetMapMode
• 0x47f114 SetViewportOrgEx
• 0x47f118 OffsetViewportOrgEx
• 0x47f11c SetViewportExtEx
• 0x47f120 ScaleViewportExtEx
• 0x47f124 SetWindowOrgEx
• 0x47f128 SetWindowExtEx
• 0x47f12c ScaleWindowExtEx
• 0x47f130 GetClipBox
• 0x47f134 ExcludeClipRect
• 0x47f138 MoveToEx
• 0x47f13c LineTo
• 0x47f140 CreateRectRgnIndirect
• 0x47f144 SetBkColor
• 0x47f148 CreateRectRgn
• 0x47f14c GetTextMetricsA
• 0x47f150 Escape
• 0x47f154 ExtTextOutA
• 0x47f158 TextOutA
• 0x47f15c RectVisible
• 0x47f160 PtVisible
• 0x47f164 GetViewportExtEx
• 0x47f168 ExtSelectClipRgn
库: WINMM.dll:
• 0x47f5f8 midiStreamRestart
• 0x47f5fc midiStreamClose
• 0x47f600 midiOutReset
• 0x47f604 midiStreamStop
• 0x47f608 midiStreamOut
• 0x47f60c midiOutPrepareHeader
• 0x47f610 midiStreamProperty
• 0x47f614 midiStreamOpen
• 0x47f618 midiOutUnprepareHeader
• 0x47f61c waveOutOpen
• 0x47f620 waveOutGetNumDevs
• 0x47f624 waveOutClose
• 0x47f628 waveOutReset
• 0x47f62c waveOutPause
• 0x47f630 waveOutWrite
• 0x47f634 waveOutPrepareHeader
• 0x47f638 waveOutUnprepareHeader
库: ADVAPI32.dll:
• 0x47f000 RegCloseKey
• 0x47f004 RegOpenKeyExA
• 0x47f008 RegSetValueExA
• 0x47f00c RegQueryValueA
• 0x47f010 RegCreateKeyExA
库: WS2_32.dll:
• 0x47f650 ioctlsocket
• 0x47f654 recv
• 0x47f658 getpeername
• 0x47f65c accept
• 0x47f660 recvfrom
• 0x47f664 WSAAsyncSelect
• 0x47f668 closesocket
• 0x47f66c WSACleanup
• 0x47f670 inet_ntoa
库: comdlg32.dll:
• 0x47f678 GetFileTitleA
• 0x47f67c GetSaveFileNameA
• 0x47f680 GetOpenFileNameA
• 0x47f684 ChooseColorA
.text
`.rdata
@.data
.rsrc
VMProtect begin
VMProtect end
Made in China
This is program!
UHello ,world!
8`}<j
T$th
T$|h0|I
D$|h,|I
Qhh|I
Rh`|I
D$@Sj
L$8h
F4`&H
D$8Rj
l$<VWj
D$L8&H
L$0hT}I
D$,RVh$}I
QhT}I
Ph|}I
Php~I
PhT~I
T$ Rj
L$4S+L$0Qj
D$( +H
D$( +H
D$( +H
D$8 +H
RhP|H
T$$Rh`|H
}'h
9^xu5j
T$,Qj
T$0Pj
D$8RPj
D$0h
T$,Qj
NpRQj
t$<Vj
D$Xd1H
D$Xd1H
T$<h
D$(hF
D$(h
T$Dhb
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 26.272 seconds )
- 17.312 Suricata
- 3.707 Static
- 2.951 VirusTotal
- 1.408 TargetInfo
- 0.454 peid
- 0.341 NetworkAnalysis
- 0.049 AnalysisInfo
- 0.03 BehaviorAnalysis
- 0.015 Strings
- 0.003 Memory
- 0.002 config_decoder
Signatures ( 0.286 seconds )
- 0.147 md_bad_drop
- 0.016 antiav_detectreg
- 0.015 md_url_bl
- 0.013 infostealer_ftp
- 0.013 md_domain_bl
- 0.008 infostealer_im
- 0.007 anomaly_persistence_autorun
- 0.007 antiav_detectfile
- 0.006 ransomware_extensions
- 0.006 ransomware_files
- 0.005 infostealer_bitcoin
- 0.003 tinba_behavior
- 0.003 ransomware_message
- 0.003 antivm_vbox_files
- 0.003 disables_browser_warn
- 0.003 infostealer_mail
- 0.002 rat_nanocore
- 0.002 cerber_behavior
- 0.002 geodo_banking_trojan
- 0.002 browser_security
- 0.002 modify_proxy
- 0.001 antivm_vbox_libs
- 0.001 api_spamming
- 0.001 betabot_behavior
- 0.001 ursnif_behavior
- 0.001 kibex_behavior
- 0.001 shifu_behavior
- 0.001 stealth_timeout
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 codelux_behavior
- 0.001 targeted_flame
- 0.001 stealth_modify_uac_prompt
Reporting ( 1.004 seconds )
- 0.789 ReportHTMLSummary
- 0.215 Malheur
| Task ID | 234083 |
|---|---|
| Mongo ID | 5c45cd0d2f8f2e05da5a1e95 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号