分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2019-01-21 21:46:10 | 2019-01-21 21:48:36 | 146 秒 |
魔盾分数
0.45
正常的
文件详细信息
| 文件名 | 偷u.exe |
|---|---|
| 文件大小 | 27648 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 266b2018bc52b4cbf09d44f96bfe8ac3 |
| SHA1 | 994c3c6639d39c73a3192c103afbe65fb1869156 |
| SHA256 | 23a8d7ec744364ddcceb27cd5010a9ce46b7a2f1b25b7f84be9b52b2435ca508 |
| SHA512 | 9c4a28ec11f811f906b4cca414aa850ee4921e38ac53196108ccafbe477a6de213f2e24be2458e6bf8eced4e8583aad1cb021013a7b79bd8a032f2fc8c0298d8 |
| CRC32 | 1BBA9DBC |
| Ssdeep | 768:Jx4GsOo0Hxl0NafmuHuSoVqkuCOmuHuSoVqkuCSmuHuSoVqkuCk:JxlHA8kuC6kuCOkuCk |
| Yara | 登录查看Yara规则 |
| 样本下载 提交漏报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x00406fda |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x00010612 |
| 最低操作系统版本要求 | 4.0 |
| PDB路径 | D:\Users\zgcwkj\Desktop\UPlateCopy\UPlateCopy\obj\Release\UPlateCopy.pdb |
| 编译时间 | 2017-12-12 17:26:43 |
| 载入哈希 | f34d5f2d4577ed6d9ceec516c1f5a744 |
版本信息
| Translation | |
|---|---|
| LegalCopyright | |
| Assembly Version | |
| InternalName | |
| FileVersion | |
| CompanyName | |
| LegalTrademarks | |
| Comments | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| OriginalFilename |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00002000 | 0x00004fe0 | 0x00005000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 5.84 |
| .rsrc | 0x00008000 | 0x00001708 | 0x00001800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.91 |
| .reloc | 0x0000a000 | 0x0000000c | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 0.08 |
导入
库: mscoree.dll:
• 0x402000 _CorExeMain
装载信息
| 名称 | UPlateCopy |
|---|---|
| 版本 | 1.0.0.1 |
装载参考
| 名称 | 版本 |
|---|---|
| mscorlib | 2.0.0.0 |
| System.Windows.Forms | 2.0.0.0 |
| System | 2.0.0.0 |
| System.Core | 3.5.0.0 |
| System.Drawing | 2.0.0.0 |
类型参考
| 装载 | 类型名称 |
|---|---|
| System | System.CodeDom.Compiler.GeneratedCodeAttribute |
| System | System.ComponentModel.ComponentResourceManager |
| System | System.ComponentModel.Container |
| System | System.ComponentModel.EditorBrowsableAttribute |
| System | System.ComponentModel.EditorBrowsableState |
| System | System.ComponentModel.IContainer |
| System | System.Configuration.ApplicationSettingsBase |
| System | System.Configuration.SettingsBase |
| System | System.Diagnostics.Process |
| System.Core | System.Func`2 |
| System.Core | System.Linq.Enumerable |
| System.Drawing | System.Drawing.Color |
| System.Drawing | System.Drawing.Font |
| System.Drawing | System.Drawing.Icon |
| System.Drawing | System.Drawing.Point |
| System.Drawing | System.Drawing.Size |
| System.Drawing | System.Drawing.SizeF |
| System.Windows.Forms | System.Windows.Forms.Application |
| System.Windows.Forms | System.Windows.Forms.AutoScaleMode |
| System.Windows.Forms | System.Windows.Forms.Button |
| System.Windows.Forms | System.Windows.Forms.ButtonBase |
| System.Windows.Forms | System.Windows.Forms.CheckBox |
| System.Windows.Forms | System.Windows.Forms.CommonDialog |
| System.Windows.Forms | System.Windows.Forms.ContainerControl |
| System.Windows.Forms | System.Windows.Forms.Control |
| System.Windows.Forms | System.Windows.Forms.Control/ControlCollection |
| System.Windows.Forms | System.Windows.Forms.DialogResult |
| System.Windows.Forms | System.Windows.Forms.FolderBrowserDialog |
| System.Windows.Forms | System.Windows.Forms.Form |
| System.Windows.Forms | System.Windows.Forms.FormBorderStyle |
| System.Windows.Forms | System.Windows.Forms.FormStartPosition |
| System.Windows.Forms | System.Windows.Forms.KeyEventArgs |
| System.Windows.Forms | System.Windows.Forms.KeyEventHandler |
| System.Windows.Forms | System.Windows.Forms.Keys |
| System.Windows.Forms | System.Windows.Forms.Label |
| System.Windows.Forms | System.Windows.Forms.Message |
| System.Windows.Forms | System.Windows.Forms.MessageBox |
| System.Windows.Forms | System.Windows.Forms.Padding |
| System.Windows.Forms | System.Windows.Forms.Timer |
| mscorlib | System.Boolean |
| mscorlib | System.Collections.Generic.IEnumerable`1 |
| mscorlib | System.Convert |
| mscorlib | System.DateTime |
| mscorlib | System.Diagnostics.DebuggableAttribute |
| mscorlib | System.Diagnostics.DebuggableAttribute/DebuggingModes |
| mscorlib | System.Diagnostics.DebuggerNonUserCodeAttribute |
| mscorlib | System.Environment |
| mscorlib | System.Environment/SpecialFolder |
| mscorlib | System.EventArgs |
| mscorlib | System.EventHandler |
| mscorlib | System.Exception |
| mscorlib | System.Globalization.CultureInfo |
| mscorlib | System.IDisposable |
| mscorlib | System.IO.Directory |
| mscorlib | System.IO.DirectoryInfo |
| mscorlib | System.IO.DriveInfo |
| mscorlib | System.IO.DriveType |
| mscorlib | System.IO.File |
| mscorlib | System.IO.Path |
| mscorlib | System.IntPtr |
| mscorlib | System.Object |
| mscorlib | System.Reflection.Assembly |
| mscorlib | System.Reflection.AssemblyCompanyAttribute |
| mscorlib | System.Reflection.AssemblyConfigurationAttribute |
| mscorlib | System.Reflection.AssemblyCopyrightAttribute |
| mscorlib | System.Reflection.AssemblyDescriptionAttribute |
| mscorlib | System.Reflection.AssemblyFileVersionAttribute |
| mscorlib | System.Reflection.AssemblyProductAttribute |
| mscorlib | System.Reflection.AssemblyTitleAttribute |
| mscorlib | System.Reflection.AssemblyTrademarkAttribute |
| mscorlib | System.Resources.ResourceManager |
| mscorlib | System.Runtime.CompilerServices.CompilationRelaxationsAttribute |
| mscorlib | System.Runtime.CompilerServices.CompilerGeneratedAttribute |
| mscorlib | System.Runtime.CompilerServices.RuntimeCompatibilityAttribute |
| mscorlib | System.Runtime.InteropServices.ComVisibleAttribute |
| mscorlib | System.Runtime.InteropServices.GuidAttribute |
| mscorlib | System.RuntimeTypeHandle |
| mscorlib | System.STAThreadAttribute |
| mscorlib | System.String |
| mscorlib | System.Type |
.text
`.rsrc
@.reloc
.W+U(q
v2.0.50727
#Strings
#GUID
#Blob
<>9__13_0
<GetRemovableDrivers>b__13_0
<>9__13_1
<GetRemovableDrivers>b__13_1
IEnumerable`1
ToInt32
Func`2
<Module>
SizeF
System.IO
mscorlib
DbtDeviceTypeSpecific
System.Collections.Generic
WndProc
Load_Load
add_Load
Main_Load
get_Red
add_CheckedChanged
cbo_hide_CheckedChanged
DbtDevNodesChanged
DbtConfigchanged
get_Checked
set_Checked
DbtConfigChangeCanceled
DbtDeviceQueryRemoveFailed
DbtUserDefined
Synchronized
Replace
defaultInstance
cbo_hide
get_KeyCode
set_AutoScaleMode
get_Message
WmDeviceChange
Enumerable
IDisposable
RuntimeTypeHandle
GetTypeFromHandle
btn_file
set_FormBorderStyle
get_Name
set_Name
GetFileName
DateTime
get_NewLine
Combine
get_DriveType
Where
System.Core
get_Culture
set_Culture
resourceCulture
ButtonBase
ApplicationSettingsBase
Dispose
UPiate
EditorBrowsableState
Delete
DbtDeviceRemoveComplete
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
value
DbtDeviceQueryRemove
UPlateCopy.exe
set_Size
set_MaximumSize
set_AutoSize
set_ClientSize
DbtQueryChangeConfig
Padding
DbtDeviceRemovePending
ToString
disposing
System.Drawing
CommonDialog
FolderBrowserDialog
ShowDialog
get_Msg
get_SelectedPath
GetFolderPath
add_Tick
timer_Tick
add_Click
btn_file_Click
btn_format_Click
txt_Click
DbtDeviceArrival
set_Interval
Label
System.ComponentModel
ContainerControl
get_WParam
Program
System
resourceMan
ToBoolean
set_Margin
set_Icon
Application
set_Location
System.Configuration
System.Globalization
System.Reflection
ControlCollection
set_StartPosition
FormStartPosition
Exception
Button
Load_KeyDown
add_KeyDown
CultureInfo
DriveInfo
driveInfo
DirectoryInfo
System.Linq
set_ShowInTaskbar
SpecialFolder
sender
get_ResourceManager
ComponentResourceManager
KeyEventHandler
System.CodeDom.Compiler
Timer
timer
IContainer
fromDir
toDir
CopyDir
set_ForeColor
set_UseVisualStyleBackColor
.ctor
.cctor
IntPtr
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
System.Resources
UPlateCopy.Load.resources
UPlateCopy.Main.resources
UPlateCopy.Properties.Resources.resources
DebuggingModes
GetDirectories
UPlateCopy.Properties
GetFiles
EnableVisualStyles
GetDrives
Settings
KeyEventArgs
get_Controls
System.Windows.Forms
set_AutoScaleDimensions
GetRemovableDrivers
Process
components
Exists
Concat
btn_format
GetObject
Select
get_Alt
get_Default
SetCompatibleTextRenderingDefault
DialogResult
Environment
InitializeComponent
DbtCustomEvent
Point
set_Font
Start
Convert
SuspendLayout
ResumeLayout
PerformLayout
set_Text
ReadAllText
AppendAllText
set_KeyPreview
get_Now
set_TabIndex
MessageBox
set_MinimizeBox
set_MaximizeBox
CheckBox
ToArray
get_Assembly
UPlateCopy
CreateDirectory
Empty
6R\O(
UPlateCopy
2017
$2757203c-6c25-43ea-aadb-442c9e55e953
1.0.0.1
4.0.0.0
14.0.0.0
height
height
D:\Users\zgcwkj\Desktop\UPlateCopy\UPlateCopy\obj\Release\UPlateCopy.pdb
_CorExeMain
mscoree.dll
</assembly>
UPlateCopy.Properties.Resources
$this.Icon
$this.Icon
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
UPlateCopy
FileVersion
1.0.0.1
InternalName
UPlateCopy.exe
LegalCopyright
2017
LegalTrademarks
OriginalFilename
UPlateCopy.exe
ProductName
UPlateCopy
ProductVersion
1.0.0.1
Assembly Version
1.0.0.1
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
| 文件名 | File.ini |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\File.ini
|
| 文件大小 | 23 字节 |
| 文件类型 | ASCII text, with no line terminators |
| MD5 | fca26d32bd21741256b4cb58fd04bc3c |
| SHA1 | 738496ba6673a770d2767ea36da9ed4d0c330b7f |
| SHA256 | 976fc39f55846ef2f5988e4c239e77c6a7f18b300c52f4bdf280001bb1c5449d |
| CRC32 | 0CFD8533 |
| Ssdeep | 3:oNmWfNAlW:oNm+NAM |
| 下载 提交魔盾安全分析 显示文本 | |
C:\Users\test\Documents |
|
| 文件名 | GDIPFONTCACHEV1.DAT |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
|
| 文件大小 | 114272 字节 |
| 文件类型 | data |
| MD5 | 2262103813c49a07c65813bb58143c21 |
| SHA1 | a1e4a613f51e8e57592464c61cc271f2fecec4f2 |
| SHA256 | ac3bd52d544a061ee8c90fa787f07af9d01a0c5a72981ed8172617b210798d31 |
| CRC32 | 4C77BE6A |
| Ssdeep | 1536:mLKAaE8z5wHgTlyhAQcDnBlC+X886UMMDbEDuezh:moiuzBzXGMDezh |
| 魔盾安全分析结果 | 2.0 分析时间:2017-03-07 13:12:04 查看分析报告 |
| 下载 提交魔盾安全分析 |
| 文件名 | Hide.ini |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\Hide.ini
|
| 文件大小 | 5 字节 |
| 文件类型 | ASCII text, with no line terminators |
| MD5 | f8320b26d30ab433c5a54546d21f414c |
| SHA1 | 97cdbdc7feff827efb082a6b6dd2727237cd49fd |
| SHA256 | 60a33e6cf5151f2d52eddae9685cfa270426aa89d8dbc7dfb854606f1d1a40fe |
| CRC32 | EA0C4734 |
| Ssdeep | 3:EH:EH |
| 下载 提交魔盾安全分析 显示文本 | |
False |
|
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 6.022 seconds )
- 3.378 VirusTotal
- 0.737 Static
- 0.512 BehaviorAnalysis
- 0.458 peid
- 0.406 TargetInfo
- 0.237 NetworkAnalysis
- 0.151 static_dotnet
- 0.099 AnalysisInfo
- 0.033 Dropped
- 0.008 Strings
- 0.003 Memory
Signatures ( 0.821 seconds )
- 0.441 md_bad_drop
- 0.06 antiav_detectreg
- 0.025 infostealer_ftp
- 0.023 api_spamming
- 0.02 md_domain_bl
- 0.02 md_url_bl
- 0.019 stealth_timeout
- 0.016 stealth_decoy_document
- 0.015 antiav_detectfile
- 0.015 infostealer_im
- 0.01 infostealer_bitcoin
- 0.009 infostealer_mail
- 0.008 ransomware_files
- 0.007 anomaly_persistence_autorun
- 0.007 ransomware_extensions
- 0.006 antiemu_wine_func
- 0.006 infostealer_browser_password
- 0.006 kovter_behavior
- 0.006 antivm_vbox_files
- 0.004 betabot_behavior
- 0.004 kibex_behavior
- 0.004 antivm_generic_scsi
- 0.004 geodo_banking_trojan
- 0.003 tinba_behavior
- 0.003 mimics_filetime
- 0.003 injection_createremotethread
- 0.003 antivm_parallels_keys
- 0.003 antivm_xen_keys
- 0.003 disables_browser_warn
- 0.002 network_tor
- 0.002 antivm_vbox_libs
- 0.002 bootkit
- 0.002 rat_nanocore
- 0.002 stealth_file
- 0.002 antivm_generic_services
- 0.002 reads_self
- 0.002 antivm_generic_disk
- 0.002 anormaly_invoke_kills
- 0.002 cerber_behavior
- 0.002 injection_runpe
- 0.002 virus
- 0.002 antivm_generic_diskreg
- 0.002 browser_security
- 0.002 modify_proxy
- 0.002 darkcomet_regkeys
- 0.002 rat_pcclient
- 0.002 recon_fingerprint
- 0.001 hawkeye_behavior
- 0.001 antiav_avast_libs
- 0.001 ursnif_behavior
- 0.001 kazybot_behavior
- 0.001 antisandbox_sunbelt_libs
- 0.001 antisandbox_sboxie_libs
- 0.001 antiav_bitdefender_libs
- 0.001 shifu_behavior
- 0.001 exec_crash
- 0.001 hancitor_behavior
- 0.001 bypass_firewall
- 0.001 antisandbox_productid
- 0.001 antivm_xen_keys
- 0.001 antivm_hyperv_keys
- 0.001 antivm_vbox_acpi
- 0.001 antivm_vbox_keys
- 0.001 antivm_vmware_files
- 0.001 antivm_vmware_keys
- 0.001 antivm_vpc_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 codelux_behavior
- 0.001 targeted_flame
- 0.001 office_security
- 0.001 packer_armadillo_regkey
- 0.001 rat_spynet
- 0.001 stealth_hide_notifications
- 0.001 stealth_modify_uac_prompt
Reporting ( 1.222 seconds )
- 0.863 ReportHTMLSummary
- 0.359 Malheur
| Task ID | 234085 |
|---|---|
| Mongo ID | 5c45cdc42f8f2e05d75a24ee |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号