比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2019-01-22 01:47:26 2019-01-22 01:49:54 148 秒

魔盾分数

10.0

Diztakun病毒

文件详细信息

文件名 lingesdnrjscq.zip
文件大小 1796622 字节
文件类型 Zip archive data, at least v2.0 to extract
MD5 d1a78e1b1c929165f9a0535238e78d63
SHA1 cb0a84b82c74ead6e0e3a81bbf7e5828ee4ef9d5
SHA256 9aaa77cb2381d7b7d3d44d8643ad7fad53928c873acc6b5f1db6d703a6ee0000
SHA512 d27fea3111f2f9bb4c02b348eb60af2088c7b76b3f1462e43171598c2bd72e39cecc79816af9b2e77aa75e3c0abb6627ac676803b3e7719f8a25b34d3e77ae4a
CRC32 D4D482F1
Ssdeep 49152:Ih51h9SpiPkw881M9K7Gs63S0gorZOtQ2EUqPYBDd4:Ir1h1PkwUOidgSmELPV
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息
没有可用的静态分析.
.exeup'
{|:<6
BF_0c
}aB*v
[e.su
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav HW32.Packed.2C32 20170218
MicroWorld-eScan 未发现病毒 20170220
nProtect 未发现病毒 20170220
CMC 未发现病毒 20170220
CAT-QuickHeal Trojan.Diztakun 20170220
McAfee Artemis!382555148DB4 20170220
Malwarebytes 未发现病毒 20170220
VIPRE Trojan.Win32.Generic!BT 20170220
TheHacker 未发现病毒 20170218
BitDefender Trojan.GenericKD.4176308 20170220
K7GW Trojan ( 004571581 ) 20170220
K7AntiVirus Trojan ( 004571581 ) 20170220
Invincea trojan.win32.orbus.a 20170203
Baidu 未发现病毒 20170220
F-Prot W32/SuspPack.BQ.gen!Eldorado 20170220
Symantec SecurityRisk.gen1 20170219
TotalDefense 未发现病毒 20170220
TrendMicro-HouseCall TROJ_GEN.R01BC0VAI17 20170220
Avast Win32:Malware-gen 20170220
ClamAV 未发现病毒 20170220
Kaspersky Trojan.Win32.Diztakun.avfj 20170220
Alibaba 未发现病毒 20170220
NANO-Antivirus Trojan.Win32.Diztakun.elcbkf 20170220
ViRobot Trojan.Win32.Z.Susppack.1847296[h] 20170220
AegisLab 未发现病毒 20170220
Rising Trojan.Diztakun!8.FE (cloud:sO4sQwLsJjV) 20170220
Ad-Aware Trojan.GenericKD.4176308 20170220
Sophos Mal/Generic-S 20170220
Comodo Virus.Win32.Virut.CE 20170220
F-Secure Trojan.GenericKD.4176308 20170220
DrWeb Trojan.StartPage1.33586 20170220
Zillya 未发现病毒 20170218
TrendMicro TROJ_GE.08970610 20170220
McAfee-GW-Edition 未发现病毒 20170220
Emsisoft Trojan.GenericKD.4176308 (B) 20170220
Cyren W32/SuspPack.BQ.gen!Eldorado 20170220
Jiangmin Trojan.Diztakun.bxh 20170220
Webroot 未发现病毒 20170220
Avira 未发现病毒 20170220
Fortinet 未发现病毒 20170220
Antiy-AVL Trojan/Win32.Diztakun 20170220
Kingsoft 未发现病毒 20170220
Arcabit Trojan.Generic.D3FB9B4 20170220
SUPERAntiSpyware 未发现病毒 20170220
Microsoft Trojan:Win32/Dynamer!ac 20170220
AhnLab-V3 Trojan/Win32.Diztakun.C1746932 20170219
VBA32 未发现病毒 20170217
WhiteArmor 未发现病毒 20170215
Zoner 未发现病毒 20170220
ESET-NOD32 a variant of Win32/FlyStudio.Packed.G potentially unwanted 20170220
Tencent Win32.Trojan.Bp-startpage.3825 20170220
Yandex 未发现病毒 20170219
Ikarus Trojan.Win32.Buzus 20170220
GData Trojan.GenericKD.4176308 20170220
AVG SHeur4.CMLJ 20170220
Panda Trj/CI.A 20170219
Qihoo-360 未发现病毒 20170220

进程树

cmd.exe, PID: 2484, 上一级进程 PID: 2296
凌哥锁电脑软件生成器.exe, PID: 2556, 上一级进程 PID: 2484
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
文件名 judgment.txt
相关文件
C:\Users\test\AppData\Roaming\\xe5\x87\x8c\xe5\x93\xa5\judgment.txt
文件大小 23 字节
文件类型 ISO-8859 text, with no line terminators
MD5 631bd94d54c3e96e8eadea0cc3a8a05f
SHA1 0cc7112a97d50dc40e8d8c546bfcf5b87a046f29
SHA256 b5b28ed5a4d769d705d6f1715542596d87ec5ad03ffe178358c016daf3649874
CRC32 777244C9
Ssdeep 3:Ed0QoCSnU:ECQoCSU
下载提交魔盾安全分析
文件名 NvBackend.exe
相关文件
C:\Users\test\AppData\Roaming\\xe5\x87\x8c\xe5\x93\xa5\NvBackend.exe
文件大小 2757424 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 dd37dc13df1224a8719208ae5cde2b63
SHA1 9d712afd65be680c5dd62be9a4052c4788975d09
SHA256 ea365a7358637c555d8cdedd59bca574c8b6eb8bb3c1b8790fec7d76a37fc4ab
CRC32 A8A9D146
Ssdeep 49152:Ln2kD6wuqf2zPoXBGHcBrRKx+vGp9oerbcp/mXVaofLnKgtNUEsoZrIeTCZWP1r4:LFtuqf2zPoXTrRKx+vGp9oerbcp+V3fe
下载提交魔盾安全分析
文件名 Launch Internet Explorer Browser.lnk
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
文件大小 1162 字节
文件类型 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Sat Nov 20 19:25:08 2010, mtime=Sat Nov 20 19:25:08 2010, atime=Sat Nov 20 19:25:08 2010, length=673040, window=
MD5 a4ff02b69980709b055be868253ee233
SHA1 f971df32a48ba5b9330c038011042bcc13815c3b
SHA256 e39a3523858a89bc78c95d88de99db5f3a6289fe91413685e892946b591dea09
CRC32 E84A93FD
Ssdeep 24:8faFdItodOEiXlVEMVNAk1qsQdDEMBzdDEMukUPqhCPx:8ywtodOdVvVG8qHdDvBzdDvyys
下载提交魔盾安全分析
文件名 ver.txt
相关文件
C:\Users\test\AppData\Roaming\\xe5\x87\x8c\xe5\x93\xa5\ver.txt
文件大小 3 字节
文件类型 ASCII text, with no line terminators
MD5 56765472680401499c79732468ba4340
SHA1 8114b9dabe64741f5700c676da07d4182530a754
SHA256 77ac319bfe1979e2d799d9e6987e65feb54f61511c03552ebae990826c208590
CRC32 19380E19
Ssdeep 3:SXn:SX
下载提交魔盾安全分析显示文本 
1.2
文件名 Internet Explorer.lnk
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk
文件大小 1174 字节
文件类型 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Sat Nov 20 19:25:08 2010, mtime=Sat Nov 20 19:25:08 2010, atime=Sat Nov 20 19:25:08 2010, length=673040, window=
MD5 51f790571ca2b525a361376a1ea1e630
SHA1 5b002472091ea9d10b1facc5ace64ba3b90603fc
SHA256 1ed37615cdd2b7051e4d0dc1206121673521e2d9c6b6529c289e5cccd640788d
CRC32 2FA043DF
Ssdeep 24:8faFdItodOEiXlVEMVNAk1qst4dDEMBzdDEMukUPqhCPx:8ywtodOdVvVG8qA4dDvBzdDvyys
下载提交魔盾安全分析
文件名 Internet Explorer (64-bit).lnk
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
文件大小 1168 字节
文件类型 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Sat Nov 20 19:25:08 2010, mtime=Sat Nov 20 19:25:08 2010, atime=Sat Nov 20 19:25:08 2010, length=673040, window=
MD5 ab4a3e8cabfd16197ceb107871fdea1e
SHA1 a2ae303f6b7a0d5095fa3987006e36e44c7cc2b9
SHA256 530eebf776d062d20c08aaafc8ed7625ddb00e533e79f6f3cf0ba943dff09171
CRC32 054E588B
Ssdeep 24:8faFdItodOEiXlVEMVNAk1qs5dDEMBzdDEMukUPqhCPx:8ywtodOdVvVG8qGdDvBzdDvyys
下载提交魔盾安全分析
文件名 detoured.dll
相关文件
C:\Users\test\AppData\Roaming\\xe5\x87\x8c\xe5\x93\xa5\detoured.dll
文件大小 20992 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 9da9fe20af969d85b9ef40bbb63ffdc5
SHA1 d945e9f52330d0d6d744a1071382b9b68c6d0653
SHA256 546ffb49b7eddf437e361b44e313a78aee45ee18c4fa8f20188dc9271162fcfd
CRC32 5E20188A
Ssdeep 384:watgfw8pnW8EL1SWOsgUPomUvX/HzICOVAK4XSPPF7bStP:watTwgBSWzgBmAvsCOVfM+N7bOP
下载提交魔盾安全分析
文件名 google\xe6\xb5\x8f\xe8\xa7\x88\xe5\x99\xa8.lnk
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\google\xe6\xb5\x8f\xe8\xa7\x88\xe5\x99\xa8.lnk
文件大小 1344 字节
文件类型 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Fri Sep 1 06:19:23 2017, mtime=Fri Sep 1 06:19:23 2017, atime=Fri Jan 25 18:35:08 2013, length=1248208, window=
MD5 917351a97e13d6bcc0e2599c715a26b3
SHA1 d25025725278b03d53e4c42a1243c23297f83928
SHA256 27cebcd3e69a08b7d83026e6fc6923245329cffa798d1df6d9919ff29d8a00fe
CRC32 0883DFDD
Ssdeep 24:8rCxodOEa/qCdmPRhA+1qiedRZN0RndRZNLkUPqhCP:8+xodOHiCdgRyKqied/KRnd/nys
下载提交魔盾安全分析
文件名 google\xe6\xb5\x8f\xe8\xa7\x88\xe5\x99\xa8.lnk
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\google\xe6\xb5\x8f\xe8\xa7\x88\xe5\x99\xa8.lnk
C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\google\xe6\xb5\x8f\xe8\xa7\x88\xe5\x99\xa8.lnk
文件大小 1338 字节
文件类型 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Fri Sep 1 06:19:23 2017, mtime=Fri Sep 1 06:19:23 2017, atime=Fri Jan 25 18:35:08 2013, length=1248208, window=
MD5 30e0244b84611df0a5f5bcdf7b7dd1b8
SHA1 6a1e970e849058dbeeabec96c5915828601bc70a
SHA256 e24c42b3201e93468bd29728db18dca60dc05e122d6b7ba0a22765a279fffb9d
CRC32 27B7E47E
Ssdeep 24:8rCxodOEa/qCdmPRhA+1qiWYdRZN0RndRZNLkUPqhCP:8+xodOHiCdgRyKqiWYd/KRnd/nys
下载提交魔盾安全分析
文件名 google\xe6\xb5\x8f\xe8\xa7\x88\xe5\x99\xa8.lnk
相关文件
C:\Users\test\Desktop\google\xe6\xb5\x8f\xe8\xa7\x88\xe5\x99\xa8.lnk
文件大小 1314 字节
文件类型 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Fri Sep 1 06:19:23 2017, mtime=Fri Sep 1 06:19:23 2017, atime=Fri Jan 25 18:35:08 2013, length=1248208, window=
MD5 9e84c3f00964dc49e3f3498fcb701591
SHA1 9cab6c07ee0d21749a2dffc36f23bb9ea0c46008
SHA256 1f05eeec2d70813d714b08ae2d2359d5ad5ef25c0f7bf460d1da698f72050b8d
CRC32 70408CEE
Ssdeep 24:8rCxodOEa/qCdmPRhA+1qizdRZN0RndRZNLkUPqhCP:8+xodOHiCdgRyKqizd/KRnd/nys
下载提交魔盾安全分析
文件名 google\xe6\xb5\x8f\xe8\xa7\x88\xe5\x99\xa8.lnk
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\google\xe6\xb5\x8f\xe8\xa7\x88\xe5\x99\xa8.lnk
文件大小 1350 字节
文件类型 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Fri Sep 1 06:19:23 2017, mtime=Fri Sep 1 06:19:23 2017, atime=Fri Jan 25 18:35:08 2013, length=1248208, window=
MD5 26b0080ef8d239d5fdb5cb3f7d4f22f9
SHA1 96ee0cb7ce5ce220bf8f01538d8e83efbe7f677a
SHA256 812e9d9c866edb8e6c47928df9a13b4680c694bc2d0ae56de3a12e909b5f971e
CRC32 C8EA9CAC
Ssdeep 24:8rCxodOEa/qCdmPRhA+1qi8idRZN0RndRZNLkUPqhCP:8+xodOHiCdgRyKqi8id/KRnd/nys
下载提交魔盾安全分析
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 23.667 seconds )

  • 15.537 Suricata
  • 2.942 VirusTotal
  • 2.391 TargetInfo
  • 2.081 BehaviorAnalysis
  • 0.355 NetworkAnalysis
  • 0.205 Dropped
  • 0.127 AnalysisInfo
  • 0.023 Strings
  • 0.003 Memory
  • 0.003 Static

Signatures ( 1.756 seconds )

  • 0.408 md_bad_drop
  • 0.214 antiav_detectreg
  • 0.117 api_spamming
  • 0.097 stealth_timeout
  • 0.091 infostealer_ftp
  • 0.084 stealth_decoy_document
  • 0.051 mimics_filetime
  • 0.049 reads_self
  • 0.042 infostealer_im
  • 0.036 stealth_file
  • 0.03 infostealer_browser
  • 0.027 bootkit
  • 0.026 antivm_generic_scsi
  • 0.024 infostealer_mail
  • 0.021 virus
  • 0.021 md_url_bl
  • 0.02 antivm_generic_disk
  • 0.02 md_domain_bl
  • 0.018 antiav_detectfile
  • 0.016 antivm_generic_services
  • 0.016 infostealer_browser_password
  • 0.015 anomaly_persistence_autorun
  • 0.015 kibex_behavior
  • 0.015 anormaly_invoke_kills
  • 0.012 betabot_behavior
  • 0.012 ipc_namedpipe
  • 0.011 injection_createremotethread
  • 0.011 hancitor_behavior
  • 0.01 antivm_parallels_keys
  • 0.01 antivm_xen_keys
  • 0.01 geodo_banking_trojan
  • 0.01 infostealer_bitcoin
  • 0.01 darkcomet_regkeys
  • 0.009 ransomware_extensions
  • 0.009 recon_fingerprint
  • 0.008 ransomware_files
  • 0.007 injection_runpe
  • 0.007 kovter_behavior
  • 0.007 antivm_generic_diskreg
  • 0.006 antivm_vbox_files
  • 0.005 tinba_behavior
  • 0.005 antiemu_wine_func
  • 0.005 antivm_vbox_libs
  • 0.005 rat_nanocore
  • 0.005 bypass_firewall
  • 0.005 antisandbox_productid
  • 0.004 browser_security
  • 0.004 disables_browser_warn
  • 0.004 packer_armadillo_regkey
  • 0.003 network_tor
  • 0.003 rat_luminosity
  • 0.003 injection_explorer
  • 0.003 exec_crash
  • 0.003 cerber_behavior
  • 0.003 antivm_generic_bios
  • 0.003 antivm_generic_system
  • 0.003 antivm_xen_keys
  • 0.003 antivm_hyperv_keys
  • 0.003 antivm_vbox_acpi
  • 0.003 antivm_vbox_keys
  • 0.003 antivm_vmware_keys
  • 0.003 antivm_vpc_keys
  • 0.003 recon_programs
  • 0.002 hawkeye_behavior
  • 0.002 Locky_behavior
  • 0.002 ursnif_behavior
  • 0.002 shifu_behavior
  • 0.002 encrypted_ioc
  • 0.002 antivm_generic_cpu
  • 0.002 modify_proxy
  • 0.002 rat_pcclient
  • 0.002 stealth_modify_uac_prompt
  • 0.001 antiav_avast_libs
  • 0.001 dridex_behavior
  • 0.001 anomaly_persistence_bootexecute
  • 0.001 antivm_vmware_libs
  • 0.001 anomaly_reset_winsock
  • 0.001 antivm_vbox_window
  • 0.001 sets_autoconfig_url
  • 0.001 kazybot_behavior
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 antisandbox_sboxie_libs
  • 0.001 antiav_bitdefender_libs
  • 0.001 ransomeware_modifies_desktop_wallpaper
  • 0.001 dyre_behavior
  • 0.001 vawtrak_behavior
  • 0.001 h1n1_behavior
  • 0.001 process_needed
  • 0.001 sniffer_winpcap
  • 0.001 antivm_vmware_files
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 codelux_behavior
  • 0.001 targeted_flame
  • 0.001 office_security
  • 0.001 rat_spynet
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_security_center_warnings
  • 0.001 stealth_web_history

Reporting ( 1.157 seconds )

  • 0.855 ReportHTMLSummary
  • 0.302 Malheur
Task ID 234127
Mongo ID 5c46066f2f8f2e05bd5a2838
Cuckoo release 1.4-Maldun