比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-2 2019-01-22 00:02:42 2019-01-22 00:05:37 175 秒

魔盾分数

9.35

危险的

文件详细信息

文件名 123.exe
文件大小 401408 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 849e12b2f1036d9573df99067091a185
SHA1 012aef6e82605e4be62f57f2da446da2809bf01f
SHA256 ac5a58231b2b28e5152ceeb355c292c7674b23443aa6ca30d58e81582366b6e4
SHA512 5bf6248f11160d38f2928dd89d34b46859005aa5f8c14b967c69daaa6f0a778efe395e3e498e3d410566f9e1fae8d9bf24a6593fa9f65ea6c7dc50ca5a45c769
CRC32 90212F0F
Ssdeep 12288:+0JYImdqb2bZtoGBnlgHyZmedx4mA+hRUXVzZv:+l7Eb2d6GBlgi/xvVshZv
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0051ff22
声明校验值 0x00000000
实际校验值 0x000677f7
最低操作系统版本要求 4.0
编译时间 2016-04-26 16:41:40
载入哈希 bf0f8799b071f51d876d5bc3805285a9

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0007d30a 0x00000000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 0.00
.rdata 0x0007f000 0x000141d6 0x00000000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 0.00
.data 0x00094000 0x000268e8 0x00000000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.rsrc 0x000bb000 0x00005778 0x00002000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.20
.vmp0 0x000c1000 0x00004050 0x00000000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.vmp1 0x000c6000 0x0005d530 0x0005e000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.91
.reloc 0x00124000 0x00000070 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 0.23

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_BITMAP 0x000be928 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x000be928 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x000be928 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x000be928 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x000be928 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x000be928 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x000be928 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x000be928 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x000be928 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x000be928 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x000be928 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x000be928 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x000be928 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x000be928 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_MENU 0x000bea78 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_MENU 0x000bea78 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x000bfcc0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x000bfcc0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x000bfcc0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x000bfcc0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x000bfcc0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x000bfcc0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x000bfcc0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x000bfcc0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x000bfcc0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x000bfcc0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x000c0708 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x000c0708 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x000c0708 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x000c0708 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x000c0708 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x000c0708 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x000c0708 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x000c0708 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x000c0708 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x000c0708 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x000c0708 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_GROUP_CURSOR 0x000c0754 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_GROUP_CURSOR 0x000c0754 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_GROUP_CURSOR 0x000c0754 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None

导入

库: KERNEL32.dll:
0x51f75e SetEndOfFile
0x51f762 UnlockFile
0x51f766 LockFile
0x51f76a FlushFileBuffers
0x51f76e SetFilePointer
0x51f772 GetCurrentProcess
0x51f776 DuplicateHandle
0x51f77a lstrcpynA
0x51f77e SetLastError
0x51f78a LocalFree
0x51f78e MultiByteToWideChar
0x51f792 WideCharToMultiByte
0x51f79a CreateSemaphoreA
0x51f79e ResumeThread
0x51f7a2 ReleaseSemaphore
0x51f7a6 SetStdHandle
0x51f7aa IsBadCodePtr
0x51f7ae IsBadReadPtr
0x51f7b2 CompareStringW
0x51f7b6 CompareStringA
0x51f7be GetStringTypeW
0x51f7c2 GetStringTypeA
0x51f7c6 IsBadWritePtr
0x51f7ca VirtualAlloc
0x51f7ce LCMapStringW
0x51f7d2 LCMapStringA
0x51f7da VirtualFree
0x51f7de HeapCreate
0x51f7e2 HeapDestroy
0x51f7ea GetFileType
0x51f7ee GetStdHandle
0x51f7f2 SetHandleCount
0x51f80a GetACP
0x51f80e HeapSize
0x51f81a GetProfileStringA
0x51f81e WriteFile
0x51f822 ReadFile
0x51f826 GetLastError
0x51f82e CreateFileA
0x51f832 SetEvent
0x51f836 FindResourceA
0x51f83a LoadResource
0x51f83e LockResource
0x51f842 GetModuleFileNameA
0x51f846 GetCurrentThreadId
0x51f84a ExitProcess
0x51f84e GlobalSize
0x51f852 GlobalFree
0x51f85e lstrcatA
0x51f862 lstrlenA
0x51f866 WinExec
0x51f86a lstrcpyA
0x51f86e FindNextFileA
0x51f872 GlobalReAlloc
0x51f876 HeapFree
0x51f87a HeapReAlloc
0x51f87e GetProcessHeap
0x51f882 HeapAlloc
0x51f886 GetFullPathNameA
0x51f88a FreeLibrary
0x51f88e LoadLibraryA
0x51f892 GetVersionExA
0x51f89a CreateThread
0x51f89e CreateEventA
0x51f8a2 Sleep
0x51f8a6 GlobalAlloc
0x51f8aa GlobalLock
0x51f8ae GlobalUnlock
0x51f8b2 FindFirstFileA
0x51f8b6 FindClose
0x51f8ba GetFileAttributesA
0x51f8be TerminateProcess
0x51f8c2 GetLocalTime
0x51f8c6 GetSystemTime
0x51f8ce RaiseException
0x51f8d2 RtlUnwind
0x51f8d6 GetStartupInfoA
0x51f8da GetOEMCP
0x51f8de GetCPInfo
0x51f8e2 GetProcessVersion
0x51f8e6 SetErrorMode
0x51f8ea GlobalFlags
0x51f8ee GetCurrentThread
0x51f8f2 GetFileTime
0x51f8f6 GetFileSize
0x51f8fa TlsGetValue
0x51f8fe LocalReAlloc
0x51f902 TlsSetValue
0x51f906 TlsFree
0x51f90a GlobalHandle
0x51f90e TlsAlloc
0x51f912 LocalAlloc
0x51f91e GetModuleHandleA
0x51f922 GetProcAddress
0x51f926 lstrcmpA
0x51f92a GetVersion
0x51f92e GlobalGetAtomNameA
0x51f932 GlobalAddAtomA
0x51f936 GlobalFindAtomA
0x51f93a GlobalDeleteAtom
0x51f93e lstrcmpiA
0x51f942 MulDiv
0x51f946 GetCommandLineA
0x51f94a GetTickCount
0x51f94e WaitForSingleObject
0x51f952 CloseHandle
库: USER32.dll:
0x51f95e OpenClipboard
0x51f962 SetClipboardData
0x51f966 EmptyClipboard
0x51f96a GetSystemMetrics
0x51f96e GetCursorPos
0x51f972 MessageBoxA
0x51f976 SetWindowPos
0x51f97a SendMessageA
0x51f97e DestroyCursor
0x51f982 SetParent
0x51f986 GetClipboardData
0x51f98a PostMessageA
0x51f98e GetTopWindow
0x51f992 GetParent
0x51f996 GetFocus
0x51f99a GetClientRect
0x51f99e InvalidateRect
0x51f9a2 ValidateRect
0x51f9a6 UpdateWindow
0x51f9aa CloseClipboard
0x51f9ae wsprintfA
0x51f9b2 EqualRect
0x51f9b6 GetWindowRect
0x51f9ba SetForegroundWindow
0x51f9be IsWindow
0x51f9c2 DestroyMenu
0x51f9c6 IsChild
0x51f9ca ReleaseDC
0x51f9ce IsRectEmpty
0x51f9d2 FillRect
0x51f9d6 GetDC
0x51f9da SetCursor
0x51f9de LoadCursorA
0x51f9e2 SetCursorPos
0x51f9e6 SetActiveWindow
0x51f9ea GetSysColor
0x51f9ee SetWindowLongA
0x51f9f2 GetWindowLongA
0x51f9f6 RedrawWindow
0x51f9fa EnableWindow
0x51f9fe IsWindowVisible
0x51fa02 OffsetRect
0x51fa06 PtInRect
0x51fa0a DestroyIcon
0x51fa0e IntersectRect
0x51fa12 InflateRect
0x51fa16 SetRect
0x51fa1a SetScrollPos
0x51fa1e SetScrollRange
0x51fa22 GetScrollRange
0x51fa26 SetCapture
0x51fa2a GetCapture
0x51fa2e ReleaseCapture
0x51fa32 LoadIconA
0x51fa36 TranslateMessage
0x51fa3a DrawFrameControl
0x51fa3e DrawEdge
0x51fa42 DrawFocusRect
0x51fa46 WindowFromPoint
0x51fa4a GetMessageA
0x51fa4e DispatchMessageA
0x51fa52 SetRectEmpty
0x51fa62 DrawIconEx
0x51fa66 CreatePopupMenu
0x51fa6a AppendMenuA
0x51fa6e ModifyMenuA
0x51fa72 CreateMenu
0x51fa7a GetDlgCtrlID
0x51fa7e GetSubMenu
0x51fa82 EnableMenuItem
0x51fa86 ClientToScreen
0x51fa8e LoadImageA
0x51fa96 ShowWindow
0x51fa9a IsWindowEnabled
0x51faa2 GetKeyState
0x51faaa PostQuitMessage
0x51faae IsZoomed
0x51fab2 GetClassInfoA
0x51fab6 GetWindowTextA
0x51fabe CharUpperA
0x51fac2 GetWindowDC
0x51fac6 BeginPaint
0x51faca EndPaint
0x51face TabbedTextOutA
0x51fad2 DrawTextA
0x51fad6 GrayStringA
0x51fada GetDlgItem
0x51fade DestroyWindow
0x51fae6 EndDialog
0x51faea GetNextDlgTabItem
0x51faee GetWindowPlacement
0x51faf6 GetForegroundWindow
0x51fafa GetLastActivePopup
0x51fafe GetMessageTime
0x51fb02 RemovePropA
0x51fb06 CallWindowProcA
0x51fb0a GetPropA
0x51fb0e UnhookWindowsHookEx
0x51fb12 SetPropA
0x51fb16 GetClassLongA
0x51fb1a CallNextHookEx
0x51fb1e SetWindowsHookExA
0x51fb22 CreateWindowExA
0x51fb26 GetMenuItemID
0x51fb2a GetMenuItemCount
0x51fb2e RegisterClassA
0x51fb32 GetScrollPos
0x51fb36 UnregisterClassA
0x51fb3a AdjustWindowRectEx
0x51fb3e MapWindowPoints
0x51fb42 SendDlgItemMessageA
0x51fb46 ScrollWindowEx
0x51fb4a IsDialogMessageA
0x51fb4e SetWindowTextA
0x51fb52 MoveWindow
0x51fb56 CheckMenuItem
0x51fb5a SetMenuItemBitmaps
0x51fb5e GetMenuState
0x51fb66 GetClassNameA
0x51fb6a GetDesktopWindow
0x51fb6e LoadStringA
0x51fb72 GetSysColorBrush
0x51fb76 DefWindowProcA
0x51fb7a GetSystemMenu
0x51fb7e DeleteMenu
0x51fb82 GetMenu
0x51fb86 SetMenu
0x51fb8a PeekMessageA
0x51fb8e IsIconic
0x51fb92 SetFocus
0x51fb96 GetActiveWindow
0x51fb9a GetWindow
0x51fba2 SetWindowRgn
0x51fba6 GetMessagePos
0x51fbaa ScreenToClient
0x51fbb2 CopyRect
0x51fbb6 LoadBitmapA
0x51fbba WinHelpA
0x51fbbe KillTimer
0x51fbc2 SetTimer
库: GDI32.dll:
0x51fbca GetClipRgn
0x51fbce CreatePolygonRgn
0x51fbd2 SelectClipRgn
0x51fbd6 DeleteObject
0x51fbda CreateDIBitmap
0x51fbe2 CreatePalette
0x51fbe6 StretchBlt
0x51fbea SelectPalette
0x51fbee RealizePalette
0x51fbf2 GetDIBits
0x51fbf6 GetWindowExtEx
0x51fbfa GetViewportOrgEx
0x51fbfe GetWindowOrgEx
0x51fc02 BeginPath
0x51fc06 EndPath
0x51fc0a PathToRegion
0x51fc0e CreateEllipticRgn
0x51fc12 CreateRoundRectRgn
0x51fc16 GetTextColor
0x51fc1a GetBkMode
0x51fc1e GetBkColor
0x51fc22 GetROP2
0x51fc26 GetStretchBltMode
0x51fc2a GetPolyFillMode
0x51fc32 CreateDCA
0x51fc36 CreateBitmap
0x51fc3a SelectObject
0x51fc3e GetObjectA
0x51fc42 CreatePen
0x51fc46 PatBlt
0x51fc4a CombineRgn
0x51fc4e SetStretchBltMode
0x51fc52 FillRgn
0x51fc56 CreateSolidBrush
0x51fc5a GetStockObject
0x51fc5e CreateFontIndirectA
0x51fc62 EndPage
0x51fc66 EndDoc
0x51fc6a DeleteDC
0x51fc6e StartDocA
0x51fc72 StartPage
0x51fc76 BitBlt
0x51fc7a CreateCompatibleDC
0x51fc7e Ellipse
0x51fc82 Rectangle
0x51fc86 LPtoDP
0x51fc8a DPtoLP
0x51fc8e GetCurrentObject
0x51fc92 RoundRect
0x51fc9a GetDeviceCaps
0x51fc9e SaveDC
0x51fca2 RestoreDC
0x51fca6 SetBkMode
0x51fcaa SetPolyFillMode
0x51fcae SetROP2
0x51fcb2 SetTextColor
0x51fcb6 SetMapMode
0x51fcba SetViewportOrgEx
0x51fcbe OffsetViewportOrgEx
0x51fcc2 SetViewportExtEx
0x51fcc6 ScaleViewportExtEx
0x51fcca SetWindowOrgEx
0x51fcce SetWindowExtEx
0x51fcd2 ScaleWindowExtEx
0x51fcd6 GetClipBox
0x51fcda ExcludeClipRect
0x51fcde MoveToEx
0x51fce2 LineTo
0x51fcea SetBkColor
0x51fcee CreateRectRgn
0x51fcf2 GetTextMetricsA
0x51fcf6 Escape
0x51fcfa ExtTextOutA
0x51fcfe TextOutA
0x51fd02 RectVisible
0x51fd06 PtVisible
0x51fd0a GetViewportExtEx
0x51fd0e ExtSelectClipRgn
库: WINMM.dll:
0x51fd16 midiStreamRestart
0x51fd1a midiStreamClose
0x51fd1e midiOutReset
0x51fd22 midiStreamStop
0x51fd26 midiStreamOut
0x51fd2e midiStreamProperty
0x51fd32 midiStreamOpen
0x51fd3a waveOutOpen
0x51fd3e waveOutGetNumDevs
0x51fd42 waveOutClose
0x51fd46 waveOutReset
0x51fd4a waveOutPause
0x51fd4e waveOutWrite
库: WINSPOOL.DRV:
0x51fd5e ClosePrinter
0x51fd62 DocumentPropertiesA
0x51fd66 OpenPrinterA
库: ADVAPI32.dll:
0x51fd6e RegCloseKey
0x51fd72 RegOpenKeyExA
0x51fd76 RegSetValueExA
0x51fd7a RegQueryValueA
0x51fd7e RegCreateKeyExA
库: SHELL32.dll:
0x51fd86 ShellExecuteA
0x51fd8a Shell_NotifyIconA
库: ole32.dll:
0x51fd92 OleUninitialize
0x51fd96 CLSIDFromString
0x51fd9a OleInitialize
库: OLEAUT32.dll:
0x51fda2 UnRegisterTypeLib
0x51fda6 RegisterTypeLib
0x51fdaa LoadTypeLib
库: COMCTL32.dll:
0x51fdb2 ImageList_Destroy
0x51fdb6 None
库: WS2_32.dll:
0x51fdbe ioctlsocket
0x51fdc2 recv
0x51fdc6 getpeername
0x51fdca accept
0x51fdce recvfrom
0x51fdd2 WSAAsyncSelect
0x51fdd6 closesocket
0x51fdda WSACleanup
0x51fdde inet_ntoa
库: comdlg32.dll:
0x51fde6 GetFileTitleA
0x51fdea GetSaveFileNameA
0x51fdee GetOpenFileNameA
0x51fdf2 ChooseColorA
库: KERNEL32.dll:
0x51fdfa VirtualProtect
0x51fdfe GetModuleFileNameA
0x51fe02 ExitProcess
库: USER32.dll:
0x51fe0a MessageBoxA
.text
`.rdata
@.data
.rsrc
@.vmp0
.vmp1
.reloc
wwwwwwwwwwwwwwwwwwwwwwww
SetEndOfFile
CreateCompatibleDC
GetSystemMenu
midiOutUnprepareHeader
SetUnhandledExceptionFilter
AdjustWindowRectEx
GetMessageTime
WinExec
SetMapMode
WaitForSingleObject
GetViewportExtEx
SHELL32.dll
ChildWindowFromPointEx
DocumentPropertiesA
SetWindowLongA
CreateRectRgnIndirect
GetROP2
GetOpenFileNameA
GlobalSize
GetClassInfoA
GetStdHandle
ADVAPI32.dll
GetViewportOrgEx
SetCursor
HeapAlloc
ScaleViewportExtEx
waveOutUnprepareHeader
ChooseColorA
LoadLibraryA
WinHelpA
SendDlgItemMessageA
*hnp)
FileTimeToLocalFileTime
GetWindowExtEx
InterlockedDecrement
DestroyIcon
GetMenu
ShowWindow
GlobalReAlloc
GetNextDlgTabItem
FlushFileBuffers
EmptyClipboard
CreateSemaphoreA
GetObjectA
GetMenuItemCount
LoadBitmapA
EndPath
CreateBitmap
GetMenuItemID
SetStdHandle
DispatchMessageA
FillRgn
RegCloseKey
waveOutPause
SetWindowRgn
Ellipse
FileTimeToSystemTime
GetFileTitleA
GetMessageA
GetWindowPlacement
GetFocus
lstrcmpiA
GetFileType
UnlockFile
LoadStringA
GetCurrentProcess
MultiByteToWideChar
SetTextColor
RegisterClassA
HeapDestroy
DeleteDC
PostMessageA
GetFileSize
GetWindowLongA
DrawFocusRect
GetTextColor
GetVolumeInformationA
Escape
GetForegroundWindow
GetSysColorBrush
SetActiveWindow
LocalFree
(>oQPb
,6~^jZ
DEFAULT_ICON
VS_VERSION_INFO
StringFileInfo
080404B0
FileVersion
1.0.0.0
FileDescription
www.xiaodao.la
ProductName
www.xiaodao.la
ProductVersion
1.0.0.0
CompanyName
253957
LegalCopyright
www.xiaodao.la
Comments
www.xiaodao.la
VarFileInfo
Translation
没有防病毒引擎扫描信息!

进程树

123.exe, PID: 2448, 上一级进程 PID: 2288
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 20.623 seconds )

  • 15.52 Suricata
  • 2.968 Static
  • 0.828 TargetInfo
  • 0.432 peid
  • 0.354 NetworkAnalysis
  • 0.318 VirusTotal
  • 0.14 AnalysisInfo
  • 0.044 BehaviorAnalysis
  • 0.015 Strings
  • 0.003 Memory
  • 0.001 config_decoder

Signatures ( 0.463 seconds )

  • 0.309 md_bad_drop
  • 0.02 md_domain_bl
  • 0.02 md_url_bl
  • 0.017 antiav_detectreg
  • 0.008 anomaly_persistence_autorun
  • 0.008 infostealer_ftp
  • 0.007 antiav_detectfile
  • 0.007 ransomware_extensions
  • 0.007 ransomware_files
  • 0.005 infostealer_bitcoin
  • 0.005 infostealer_im
  • 0.004 ransomware_message
  • 0.003 tinba_behavior
  • 0.003 antivm_vbox_files
  • 0.003 disables_browser_warn
  • 0.003 infostealer_mail
  • 0.002 rat_nanocore
  • 0.002 cerber_behavior
  • 0.002 geodo_banking_trojan
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.001 network_tor
  • 0.001 antivm_vbox_libs
  • 0.001 stealth_decoy_document
  • 0.001 api_spamming
  • 0.001 betabot_behavior
  • 0.001 ursnif_behavior
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 stealth_timeout
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 office_security
  • 0.001 ransomware_radamant
  • 0.001 rat_spynet
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt
  • 0.001 stealth_modify_security_center_warnings

Reporting ( 1.199 seconds )

  • 0.923 ReportHTMLSummary
  • 0.276 Malheur
Task ID 234117
Mongo ID 5c45eded2f8f2e05cd5a2bbb
Cuckoo release 1.4-Maldun