分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp01-2 | 2019-01-22 04:32:26 | 2019-01-22 04:35:40 | 194 秒 |
魔盾分数
10.0
Malicious病毒
文件详细信息
| 文件名 | Client.exe |
|---|---|
| 文件大小 | 1376256 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 0f9aa6337c2eb06f3d23cbc2cb2f13a1 |
| SHA1 | 95904d40df2bdb312577187af3d4922f9c1ea391 |
| SHA256 | 9a92a5d2fade596d8ed1122186dff72f1cd4ab9a9aad5c7951a833d469c721c2 |
| SHA512 | 6bb148c46e53dfea71cf545dae42643a3a25d415f06b9355090534226619e28bf67923db30289f7dbf9b2f8ff4efd96294a9cc737eff7f5b56f6b603429c53b2 |
| CRC32 | 946701D5 |
| Ssdeep | 24576:IyEKgsEcmE7t8iokE1f6CEOxcXEPpYJv9CVBro:Ng3qt83kNwcUA9A |
| Yara | 登录查看Yara规则 |
| 样本下载 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x00612515 |
| 声明校验值 | 0x0015c7c3 |
| 实际校验值 | 0x0015c7c3 |
| 最低操作系统版本要求 | 5.0 |
| 编译时间 | 2017-02-06 23:51:13 |
| 载入哈希 | 8e39f364491cf4102a7a4d0238ebb3c7 |
版本信息
| LegalCopyright | |
|---|---|
| InternalName | |
| FileVersion | |
| CompanyName | |
| PrivateBuild | |
| LegalTrademarks | |
| Comments | |
| ProductName | |
| SpecialBuild | |
| ProductVersion | |
| FileDescription | |
| OriginalFilename | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x0002aa2f | 0x00000000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 0.00 |
| .rdata | 0x0002c000 | 0x0000a8d0 | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 0.00 |
| .data | 0x00037000 | 0x00008ca8 | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .vmp0 | 0x00040000 | 0x000d5d47 | 0x00000000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .vmp1 | 0x00116000 | 0x00104c1f | 0x00105000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.92 |
| .rsrc | 0x0021b000 | 0x00049a42 | 0x0004a000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.16 |
导入
库: USER32.dll:
• 0x60b010 GetClassNameA
库: GDI32.dll:
• 0x60b018 GetBkColor
库: comdlg32.dll:
• 0x60b020 GetOpenFileNameA
库: WINSPOOL.DRV:
• 0x60b028 OpenPrinterA
库: ADVAPI32.dll:
• 0x60b030 RegCreateKeyExA
库: COMCTL32.dll:
• 0x60b038 ImageList_Destroy
库: oledlg.dll:
• 0x60b040 None
库: ole32.dll:
• 0x60b048 CoRegisterMessageFilter
库: OLEPRO32.DLL:
• 0x60b050 None
库: OLEAUT32.dll:
• 0x60b058 SysAllocStringByteLen
库: WS2_32.dll:
• 0x60b060 closesocket
库: KERNEL32.dll:
• 0x60b068 GetModuleFileNameW
库: KERNEL32.dll:
• 0x60b070 GetModuleHandleA
• 0x60b074 LoadLibraryA
• 0x60b078 LocalAlloc
• 0x60b07c LocalFree
• 0x60b080 GetModuleFileNameA
• 0x60b084 ExitProcess
.text
`.rdata
@.data
.vmp0
.vmp1
.rsrc
OLEPRO32.DLL
GetBkColor
ole32.dll
{,nH$
ImageList_Destroy
| 防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
|---|---|---|
| Bkav | HW32.Packed.3401 | 20180410 |
| MicroWorld-eScan | Trojan.GenericKD.30606142 | 20180420 |
| nProtect | 未发现病毒 | 20180420 |
| CMC | 未发现病毒 | 20180420 |
| CAT-QuickHeal | Trojan.IGENERIC | 20180419 |
| McAfee | Artemis!0F9AA6337C2E | 20180420 |
| Malwarebytes | 未发现病毒 | 20180420 |
| VIPRE | Trojan.Win32.Generic!BT | 20180420 |
| SUPERAntiSpyware | 未发现病毒 | 20180420 |
| TheHacker | 未发现病毒 | 20180415 |
| K7GW | Trojan ( 004b0a511 ) | 20180420 |
| K7AntiVirus | Trojan ( 004b0a511 ) | 20180420 |
| Arcabit | Trojan.Generic.D1D3033E | 20180420 |
| Invincea | heuristic | 20180120 |
| Baidu | Win32.Trojan.WisdomEyes.16070401.9500.9640 | 20180419 |
| Babable | 未发现病毒 | 20180406 |
| F-Prot | 未发现病毒 | 20180420 |
| Symantec | Trojan.Gen.2 | 20180420 |
| TotalDefense | 未发现病毒 | 20180420 |
| TrendMicro-HouseCall | TROJ_GEN.R011C0RDE18 | 20180420 |
| Avast | Win32:Malware-gen | 20180420 |
| ClamAV | 未发现病毒 | 20180420 |
| GData | Trojan.GenericKD.30606142 | 20180420 |
| Kaspersky | 未发现病毒 | 20180420 |
| BitDefender | Trojan.GenericKD.30606142 | 20180420 |
| NANO-Antivirus | 未发现病毒 | 20180420 |
| Paloalto | generic.ml | 20180420 |
| AegisLab | Troj.Black.Gen2!c | 20180420 |
| Tencent | Win32.Trojan.Black.Jcs | 20180420 |
| Ad-Aware | Trojan.GenericKD.30606142 | 20180420 |
| Emsisoft | Trojan.GenericKD.30606142 (B) | 20180420 |
| Comodo | UnclassifiedMalware | 20180420 |
| F-Secure | Trojan.GenericKD.30606142 | 20180420 |
| DrWeb | 未发现病毒 | 20180420 |
| Zillya | 未发现病毒 | 20180419 |
| TrendMicro | TROJ_GEN.R011C0RDE18 | 20180420 |
| McAfee-GW-Edition | BehavesLike.Win32.BadFile.tc | 20180420 |
| Sophos | Mal/VMProtBad-A | 20180420 |
| Ikarus | Trojan.Win32.VMProtect | 20180420 |
| Cyren | W32/Trojan.FPDQ-3744 | 20180420 |
| Jiangmin | 未发现病毒 | 20180420 |
| Webroot | 未发现病毒 | 20180420 |
| Avira | TR/Black.Gen2 | 20180420 |
| Antiy-AVL | 未发现病毒 | 20180418 |
| Kingsoft | 未发现病毒 | 20180420 |
| Microsoft | Trojan:Win32/Delpem.A | 20180420 |
| Endgame | malicious (high confidence) | 20180402 |
| ViRobot | 未发现病毒 | 20180420 |
| ZoneAlarm | 未发现病毒 | 20180420 |
| Avast-Mobile | 未发现病毒 | 20180420 |
| AhnLab-V3 | 未发现病毒 | 20180420 |
| ALYac | Trojan.GenericKD.30606142 | 20180420 |
| AVware | Trojan.Win32.Generic!BT | 20180420 |
| MAX | malware (ai score=95) | 20180420 |
| VBA32 | 未发现病毒 | 20180420 |
| Cylance | Unsafe | 20180420 |
| Zoner | 未发现病毒 | 20180419 |
| ESET-NOD32 | a variant of Win32/Packed.VMProtect.ABO | 20180420 |
| Rising | 未发现病毒 | 20180420 |
| Yandex | Trojan.VMProtect! | 20180419 |
| SentinelOne | 未发现病毒 | 20180225 |
| eGambit | Unsafe.AI_Score_76% | 20180420 |
| Fortinet | W32/VMProtBad.A!tr | 20180420 |
| AVG | Win32:Malware-gen | 20180420 |
| Cybereason | malicious.0df2bd | 20180225 |
| Panda | 未发现病毒 | 20180419 |
| CrowdStrike | malicious_confidence_100% (W) | 20180418 |
| Qihoo-360 | 未发现病毒 | 20180420 |
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 26.677 seconds )
- 15.447 Suricata
- 4.328 Static
- 3.976 VirusTotal
- 1.948 TargetInfo
- 0.451 peid
- 0.358 NetworkAnalysis
- 0.088 BehaviorAnalysis
- 0.058 AnalysisInfo
- 0.015 Strings
- 0.005 config_decoder
- 0.003 Memory
Signatures ( 0.411 seconds )
- 0.258 md_bad_drop
- 0.023 antiav_detectreg
- 0.014 md_url_bl
- 0.013 md_domain_bl
- 0.011 anomaly_persistence_autorun
- 0.009 antiav_detectfile
- 0.008 infostealer_ftp
- 0.006 ransomware_files
- 0.005 infostealer_bitcoin
- 0.005 infostealer_im
- 0.005 ransomware_extensions
- 0.004 tinba_behavior
- 0.004 rat_nanocore
- 0.004 cerber_behavior
- 0.003 api_spamming
- 0.003 antivm_vbox_files
- 0.003 disables_browser_warn
- 0.003 infostealer_mail
- 0.002 stealth_decoy_document
- 0.002 betabot_behavior
- 0.002 kibex_behavior
- 0.002 stealth_timeout
- 0.002 geodo_banking_trojan
- 0.002 browser_security
- 0.002 modify_proxy
- 0.001 network_tor
- 0.001 antivm_vbox_libs
- 0.001 anomaly_persistence_bootexecute
- 0.001 ursnif_behavior
- 0.001 kazybot_behavior
- 0.001 ransomeware_modifies_desktop_wallpaper
- 0.001 shifu_behavior
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 stealth_modify_uac_prompt
Reporting ( 1.289 seconds )
- 1.021 ReportHTMLSummary
- 0.268 Malheur
| Task ID | 234142 |
|---|---|
| Mongo ID | 5c462d3e2f8f2e05c95a206e |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号