比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2019-01-22 01:43:09 2019-01-22 01:43:45 36 秒

魔盾分数

10.0

Malicious病毒

文件详细信息

文件名 黑客暴力锁机生成器 V1.3.exe
文件大小 1701888 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 89ea6adb8e899101390f132f6183634e
SHA1 344c7c8fc8477b165593f8c8f29debee150f817d
SHA256 5bde6dcb6eb6044b268cc42132bb041cb8809562d87effb84ec5f44d3b391e8a
SHA512 1ff634c85ee06ff63be2ba55ff016e464aecabac5953adba9a8854f67b22ba9714ecaf727bb8c5ce6928a591de4c2a097cf95162fdbcc4c6c1d9ea1625f80858
CRC32 8C6BB77D
Ssdeep 24576:rbsh+h3OYnLG7cVO/ZAsyyEiOXP9voHZcqhdB9sQwtp63gg3p1h4/uA5te2v1/OP:rIh3ZYVx8EiOX2HXhdByRmAfN1K3
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00401000
声明校验值 0x00000000
实际校验值 0x001aeecc
最低操作系统版本要求 4.0
编译时间 1972-12-25 13:33:23
载入哈希 ae0a5112fe1176f4e5f6e1bc95e4c209

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00000224 0x00000400 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 3.51
.rdata 0x00002000 0x00000194 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.64
.data 0x00003000 0x0018e000 0x0018e000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.94
.rsrc 0x00191000 0x00010dc0 0x00010e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.97

导入

库: USER32.dll:
0x402030 MessageBoxA
库: KERNEL32.dll:
0x402010 FreeLibrary
0x402014 lstrcatA
0x402018 GetModuleFileNameA
0x40201c ExitProcess
0x402020 LoadLibraryA
0x402024 GetProcAddress
0x402028 lstrlenA
库: ADVAPI32.dll:
0x402000 RegQueryValueExA
0x402004 RegCloseKey
0x402008 RegOpenKeyExA
.text
`.rdata
@.data
.rsrc
GetNewSock
Error
krnln.fne
Not found the kernel library or the kernel library is invalid!
krnln.fnr
Software\FlySky\E\Install
MessageBoxA
USER32.dll
ExitProcess
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
lstrlenA
KERNEL32.dll
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
ADVAPI32.dll
GetModuleFileNameA
const
.rsrc
~?\,$
Zk_'2=
3;a~l(I
p_d2d
KERNEL32.DLL
COMCTL32.dll
GDI32.dll
MSIMG32.dll
MSVCRT.dll
MSVFW32.dll
USER32.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ImageList_Draw
BitBlt
TransparentBlt
DrawDibOpen
GetDC
SkinH_EL.dll
SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign
qopa.exe
.text
`.rdata
@.data
.data
.rsrc
u hxb@
YYh p@
DSUVWh
SVWUj
[Sh,f@
"WWSh(f@
^Vh,f@
PVh(f@
runtime error
Microsoft Visual C++ Runtime Library
Program:
<program name unknown>
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
GetProcAddress
LoadLibraryA
CloseHandle
WriteFile
CreateDirectoryA
GetTempPathA
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA
KERNEL32.dll
MessageBoxA
wsprintfA
USER32.dll
HeapAlloc
HeapFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
Error
Failed to read data from the file!
Failed to read file or invalid data in file!
Invalid data in the file!
The interface of kernel library is invalid!
The kernel library is invalid!
GetNewSock
Failed to load kernel library!
Not found the kernel library!
krnln.fne
krnln.fnr
Failed to decompress data!
Insufficient memory!
E_N%X
Can't retrieve the temporary directory!
Can't open file!
invalid bit length repeat
too many length or distance symbols
invalid stored block lengths
invalid block type
invalid distance code
invalid literal/length code
1.1.3
need dictionary
incorrect data check
incorrect header check
invalid window size
unknown compression method
incomplete dynamic bit lengths tree
oversubscribed dynamic bit lengths tree
incomplete literal/length tree
oversubscribed literal/length tree
empty distance tree with lengths
incomplete distance tree
oversubscribed distance tree
incompatible version
buffer error
insufficient memory
data error
stream error
file error
stream end
const
taskkill /f /im kavsvc.exe
taskkill /f /im KVXP.kxp
taskkill /f /im Rav.exe
taskkill /f /im Ravmon.exe
taskkill /f /im Mcshield.exe
taskkill /f /im VsTskMgr.exe
SOFTWARE\360Safe\safemon\ExecAccess
SOFTWARE\360Safe\safemon\MonAccess
SOFTWARE\360Safe\safemon\SiteAccess
SOFTWARE\360Safe\safemon\UDiskAccess
taskkill /f /im 360tray.exe
jpegfile
.txt\
.inf\
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue
Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
Software\Microsoft\Windows\CurrentVersion\Policies\System\Disableregistrytools
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
SoftWare \Microsoft \Windows \CurrentVersion \Policies\WinOldApp\Disabled
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewOnDrive
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind
Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu
Software\Policies\Microsoft\Internet Explorer\Restrictions\NoFavorites
Software\Policies\Microsoft\Internet Explorer\Restrictions\NoPrinting
Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserOptions
Software\Policies\Microsoft\Internet Explorer\Restrictions\NoViewSource
Software\Microsoft\Windows\CurrentVersion\Interner Settings\Zones\3\1803
Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserContextMenu
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRealMode
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsMenu
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
net user Administrator pxs666
pxs666 /add
VS_VERSION_INFO
StringFileInfo
040904b0
Comments
SkinSharp GUI Toolkit
CompanyName
SkinSharp Inc.
FileDescription
FileVersion
1, 0, 6, 6
InternalName
SkinSharp For EL
LegalCopyright
- Skin.dll
LegalTrademarks
SkinSharp
OriginalFilename
SkinH_EL.dll
PrivateBuild
ProductName
SkinSharp GUI Toolkit
ProductVersion
1, 0, 6, 6
SpecialBuild
VarFileInfo
Translation
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20180803
MicroWorld-eScan Trojan.GenericKD.31002080 20180805
CMC 未发现病毒 20180804
CAT-QuickHeal Trojan.Zenshirsh.SL7 20180804
McAfee Artemis!89EA6ADB8E89 20180804
Cylance Unsafe 20180805
Zillya 未发现病毒 20180803
AegisLab 未发现病毒 20180804
TheHacker 未发现病毒 20180802
K7GW Riskware ( 0040eff71 ) 20180805
K7AntiVirus Riskware ( 0040eff71 ) 20180804
TrendMicro TROJ_GEN.R002C0DFL18 20180804
Baidu Win32.Trojan.KillAV.f 20180802
Babable 未发现病毒 20180725
F-Prot W32/S-b122c702!Eldorado 20180804
Symantec ML.Attribute.HighConfidence 20180804
TotalDefense 未发现病毒 20180804
TrendMicro-HouseCall TROJ_GEN.R002C0DFL18 20180804
Paloalto generic.ml 20180805
ClamAV Win.Trojan.Agent-111655 20180804
GData Trojan.GenericKD.31002080 20180804
Kaspersky not-a-virus:RiskTool.Win32.FlyStudio.bnrt 20180805
BitDefender Trojan.GenericKD.31002080 20180804
NANO-Antivirus Trojan.Win32.Drop.dlhwif 20180804
ViRobot Trojan.Win32.Z.Blackhole.1701888 20180804
Rising Trojan.Killav!1.9D3A (CLOUD) 20180804
Endgame malicious (high confidence) 20180730
Sophos Generic PUA DE (PUA) 20180804
Comodo TrojWare.Win32.FlyStudio.~UJ 20180804
F-Secure Trojan.GenericKD.31002080 20180805
DrWeb BackDoor.BlackHole.10549 20180804
VIPRE 未发现病毒 20180804
Invincea heuristic 20180717
McAfee-GW-Edition BehavesLike.Win32.Ransomware.tc 20180804
Emsisoft Trojan.GenericKD.31002080 (B) 20180805
SentinelOne static engine - malicious 20180701
Cyren W32/S-b122c702!Eldorado 20180805
Jiangmin Heur:Trojan/AntiAV 20180805
Webroot W32.Trojan.Gen 20180805
Avira HEUR/AGEN.1003402 20180804
Antiy-AVL Trojan/Win32.TSGeneric 20180805
Kingsoft 未发现病毒 20180805
Arcabit 未发现病毒 20180804
SUPERAntiSpyware 未发现病毒 20180804
ZoneAlarm not-a-virus:RiskTool.Win32.FlyStudio.bnrt 20180804
Avast-Mobile 未发现病毒 20180804
Microsoft 未发现病毒 20180804
AhnLab-V3 未发现病毒 20180804
ALYac Trojan.GenericKD.31002080 20180804
AVware 未发现病毒 20180727
TACHYON 未发现病毒 20180805
VBA32 Backdoor.BlackHole 20180803
Malwarebytes 未发现病毒 20180804
Panda Trj/CI.A 20180804
Zoner 未发现病毒 20180804
ESET-NOD32 未发现病毒 20180804
Tencent Win32.Trojan.Killav.Eehu 20180805
Yandex 未发现病毒 20180803
MAX malware (ai score=97) 20180805
eGambit 未发现病毒 20180805
Fortinet W32/Generic.AC.3524951 20180804
Ad-Aware Trojan.GenericKD.31002080 20180804
AVG Win32:AutoRun-BRF [Wrm] 20180804
Cybereason 未发现病毒 20180225
Avast Win32:AutoRun-BRF [Wrm] 20180804
CrowdStrike malicious_confidence_80% (D) 20180723
Qihoo-360 Win32/Virus.RiskTool.8c7 20180805

进程树

___________________________ V1.3.exe, PID: 2444, 上一级进程 PID: 2296
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 28.885 seconds )

  • 15.62 Suricata
  • 5.111 Static
  • 3.982 VirusTotal
  • 3.126 TargetInfo
  • 0.464 peid
  • 0.349 NetworkAnalysis
  • 0.114 AnalysisInfo
  • 0.094 BehaviorAnalysis
  • 0.017 Strings
  • 0.005 config_decoder
  • 0.003 Memory

Signatures ( 0.502 seconds )

  • 0.321 md_bad_drop
  • 0.028 antiav_detectreg
  • 0.021 md_domain_bl
  • 0.02 md_url_bl
  • 0.012 infostealer_ftp
  • 0.008 anomaly_persistence_autorun
  • 0.008 antiav_detectfile
  • 0.007 infostealer_im
  • 0.007 ransomware_extensions
  • 0.007 ransomware_files
  • 0.005 infostealer_bitcoin
  • 0.004 api_spamming
  • 0.004 infostealer_mail
  • 0.003 tinba_behavior
  • 0.003 stealth_decoy_document
  • 0.003 stealth_timeout
  • 0.003 antivm_vbox_files
  • 0.003 geodo_banking_trojan
  • 0.003 disables_browser_warn
  • 0.002 rat_nanocore
  • 0.002 betabot_behavior
  • 0.002 cerber_behavior
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.001 network_tor
  • 0.001 ursnif_behavior
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 shifu_behavior
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 darkcomet_regkeys
  • 0.001 office_security
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_fingerprint
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt
  • 0.001 stealth_modify_security_center_warnings

Reporting ( 1.029 seconds )

  • 0.813 ReportHTMLSummary
  • 0.216 Malheur
Task ID 234126
Mongo ID 5c4604f32f8f2e05d95a2da0
Cuckoo release 1.4-Maldun