比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2019-06-09 03:25:53 2019-06-09 03:26:57 64 秒

魔盾分数

1.31

正常的

文件详细信息

文件名 启动 辅助【点我】.exe
文件大小 106496 字节
文件类型 PE32+ executable (console) x86-64, for MS Windows
MD5 53c55a97d205c0839c2d52a82105778e
SHA1 334f1d5d14a599312693eab5dc2f2914d840d83a
SHA256 a0c70a6d303555c02e80d76d364eeb2948e1ce3b4119f9ad16e407d01851710b
SHA512 bb92c11642731b870875893d84e4b8f486a427eb7b8b44f493a043b30c14dfc6e73b2b0e064a2e8b5f072e8c782e6df6db0f05fec29e03a4707df001665a134e
CRC32 C6E9955C
Ssdeep 3072:9/MdJEFYtLYgqwp6yGGXyJA0aZdRLX0Y:94JEKHgqyJA0aZPLXB
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x140000000
入口地址 0x1400044ec
声明校验值 0x00000000
实际校验值 0x00025040
最低操作系统版本要求 6.0
PDB路径 C:\Users\Matteo\Desktop\Dura Menu Sources\Dura VIP Full\Dura Injector\x64\Release\Dura Injector.pdb
编译时间 2019-02-28 00:22:12
载入哈希 2a42aa450c92425128e33594c39612a9

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000044b4 0x00004600 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.00
.rdata 0x00006000 0x00003cf0 0x00003e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.49
.data 0x0000a000 0x000009e8 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.52
.pdata 0x0000b000 0x00000534 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.83
.rsrc 0x0000c000 0x00010ab0 0x00010c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.87
.reloc 0x0001d000 0x00000090 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 2.04

导入

库: KERNEL32.dll:
0x140006000 GetModuleFileNameA
0x140006008 WriteProcessMemory
0x140006010 SetConsoleTextAttribute
0x140006018 GetStdHandle
0x140006020 WaitForSingleObject
0x140006028 K32EnumProcessModulesEx
0x140006030 OpenProcess
0x140006038 Sleep
0x140006040 K32GetModuleFileNameExA
0x140006048 LoadLibraryA
0x140006050 CloseHandle
0x140006058 VirtualProtectEx
0x140006060 VirtualAllocEx
0x140006068 GetConsoleWindow
0x140006070 CreateRemoteThread
0x140006078 VirtualFreeEx
0x140006080 LeaveCriticalSection
0x140006090 DeleteCriticalSection
0x140006098 SetEvent
0x1400060a0 ResetEvent
0x1400060a8 WaitForSingleObjectEx
0x1400060b0 CreateEventW
0x1400060b8 GetModuleHandleW
0x1400060c0 GetProcAddress
0x1400060c8 RtlCaptureContext
0x1400060d0 RtlLookupFunctionEntry
0x1400060d8 RtlVirtualUnwind
0x1400060e0 UnhandledExceptionFilter
0x1400060f0 GetCurrentProcess
0x1400060f8 TerminateProcess
0x140006108 IsDebuggerPresent
0x140006110 QueryPerformanceCounter
0x140006118 GetCurrentProcessId
0x140006120 GetCurrentThreadId
0x140006128 GetSystemTimeAsFileTime
0x140006130 InitializeSListHead
0x140006138 EnterCriticalSection
库: USER32.dll:
0x140006278 SetForegroundWindow
0x140006280 SetWindowTextA
0x140006288 GetWindowThreadProcessId
0x140006290 FindWindowA
库: MSVCP140.dll:
0x140006200 ??1_Lockit@std@@QEAA@XZ
0x140006208 ??0_Lockit@std@@QEAA@H@Z
库: VCRUNTIME140.dll:
0x1400062a0 __std_terminate
0x1400062a8 _CxxThrowException
0x1400062b0 __std_exception_destroy
0x1400062b8 __CxxFrameHandler3
0x1400062c0 __C_specific_handler
0x1400062c8 memset
0x1400062d0 memmove
0x1400062d8 memcmp
0x1400062e0 memcpy
0x1400062e8 __std_exception_copy
0x1400062f0 memchr
库: api-ms-win-crt-stdio-l1-1-0.dll:
0x140006408 _set_fmode
0x140006410 fputc
0x140006418 __acrt_iob_func
0x140006420 _fseeki64
0x140006428 fread
0x140006430 fsetpos
0x140006438 fflush
0x140006440 ungetc
0x140006448 fclose
0x140006450 setvbuf
0x140006458 fgetpos
0x140006460 fwrite
0x140006470 fgetc
0x140006478 __stdio_common_vfprintf
0x140006480 __p__commode
库: api-ms-win-crt-utility-l1-1-0.dll:
0x1400064b8 srand
0x1400064c0 rand
库: api-ms-win-crt-filesystem-l1-1-0.dll:
0x140006300 _unlock_file
0x140006308 _lock_file
0x140006310 rename
库: api-ms-win-crt-string-l1-1-0.dll:
0x140006490 strcat_s
0x140006498 strcpy_s
库: api-ms-win-crt-time-l1-1-0.dll:
0x1400064a8 _time64
库: api-ms-win-crt-runtime-l1-1-0.dll:
0x140006378 _initialize_onexit_table
0x140006388 _crt_atexit
0x140006390 terminate
0x140006398 _c_exit
0x1400063a8 _initterm
0x1400063b0 _cexit
0x1400063c0 _configure_narrow_argv
0x1400063c8 _initterm_e
0x1400063d0 __p___argv
0x1400063d8 __p___argc
0x1400063e0 exit
0x1400063e8 _exit
0x1400063f0 _set_app_type
0x1400063f8 _seh_filter_exe
库: api-ms-win-crt-heap-l1-1-0.dll:
0x140006320 _set_new_mode
0x140006328 malloc
0x140006330 free
0x140006338 _callnewh
库: api-ms-win-crt-math-l1-1-0.dll:
0x140006358 __setusermatherr
库: api-ms-win-crt-locale-l1-1-0.dll:
0x140006348 _configthreadlocale
.text
`.rdata
@.data
.pdata
@.rsrc
@.reloc
|$@H=
InitializeConditionVariable
SleepConditionVariableCS
WakeAllConditionVariable
bad allocation
bad array new length
Unknown exception
bad cast
Failed to read config file.
string too long
Grand Theft Auto V
Dura Injector.cfg
0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijkl
C:\Users\Matteo\Desktop\Dura Menu Sources\Dura VIP Full\Dura Injector\x64\Release\Dura Injector.pdb
.text$di
.text$mn
.text$mn$00
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCL
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$r
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.tls$
.tls$ZZZ
.xdata
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data
.data$r
.pdata
.rsrc$01
.rsrc$02
GetModuleFileNameA
WriteProcessMemory
SetConsoleTextAttribute
GetStdHandle
WaitForSingleObject
K32EnumProcessModulesEx
OpenProcess
Sleep
K32GetModuleFileNameExA
LoadLibraryA
CloseHandle
VirtualProtectEx
VirtualAllocEx
GetConsoleWindow
CreateRemoteThread
VirtualFreeEx
KERNEL32.dll
SetForegroundWindow
FindWindowA
SetWindowTextA
GetWindowThreadProcessId
USER32.dll
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
MSVCP140.dll
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
__std_terminate
__C_specific_handler
memset
_CxxThrowException
VCRUNTIME140.dll
fputc
srand
__acrt_iob_func
fflush
fclose
fgetc
__stdio_common_vfprintf
rename
_unlock_file
_lock_file
strcpy_s
fwrite
fgetpos
setvbuf
_time64
ungetc
strcat_s
fsetpos
fread
_fseeki64
_invalid_parameter_noinfo_noreturn
_get_stream_buffer_pointers
_callnewh
malloc
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
_set_fmode
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-utility-l1-1-0.dll
api-ms-win-crt-filesystem-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-time-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
memchr
memcmp
memcpy
memmove
.?AVtype_info@@
.?AVbad_alloc@std@@
.?AVbad_array_new_length@std@@
.?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ifstream@DU?$char_traits@D@std@@@std@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AV?$basic_ofstream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AVbad_cast@std@@
.?AV?$basic_istream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AVexception@std@@
api-ms-win-core-synch-l1-2-0.dll
kernel32.dll
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20190329
TotalDefense 未发现病毒 20190327
MicroWorld-eScan 未发现病毒 20190329
CMC 未发现病毒 20190321
CAT-QuickHeal 未发现病毒 20190329
McAfee 未发现病毒 20190329
Malwarebytes 未发现病毒 20190329
VIPRE 未发现病毒 20190328
AegisLab 未发现病毒 20190329
TheHacker 未发现病毒 20190327
K7GW 未发现病毒 20190329
K7AntiVirus 未发现病毒 20190329
Baidu 未发现病毒 20190318
NANO-Antivirus 未发现病毒 20190329
Cyren 未发现病毒 20190329
ESET-NOD32 未发现病毒 20190329
TrendMicro-HouseCall 未发现病毒 20190329
Avast 未发现病毒 20190329
ClamAV 未发现病毒 20190329
Kaspersky 未发现病毒 20190329
BitDefender 未发现病毒 20190329
Babable 未发现病毒 20180918
ViRobot 未发现病毒 20190329
Rising 未发现病毒 20190329
Ad-Aware 未发现病毒 20190329
Trustlook 未发现病毒 20190330
Emsisoft 未发现病毒 20190329
Comodo 未发现病毒 20190329
F-Secure 未发现病毒 20190329
DrWeb 未发现病毒 20190329
Zillya 未发现病毒 20190329
Invincea 未发现病毒 20190313
McAfee-GW-Edition 未发现病毒 20190329
Trapmine malicious.high.ml.score 20190325
FireEye 未发现病毒 20190329
Sophos 未发现病毒 20190329
Ikarus 未发现病毒 20190329
Avast-Mobile 未发现病毒 20190329
Jiangmin 未发现病毒 20190329
Avira 未发现病毒 20190329
MAX 未发现病毒 20190330
Antiy-AVL 未发现病毒 20190329
Kingsoft 未发现病毒 20190330
Microsoft 未发现病毒 20190329
Endgame 未发现病毒 20190322
Arcabit 未发现病毒 20190329
SUPERAntiSpyware 未发现病毒 20190328
ZoneAlarm 未发现病毒 20190329
GData 未发现病毒 20190329
AhnLab-V3 未发现病毒 20190329
Acronis 未发现病毒 20190327
VBA32 未发现病毒 20190329
ALYac 未发现病毒 20190329
TACHYON 未发现病毒 20190329
Panda 未发现病毒 20190329
Zoner 未发现病毒 20190330
Tencent 未发现病毒 20190330
Yandex 未发现病毒 20190329
SentinelOne 未发现病毒 20190317
eGambit 未发现病毒 20190330
Fortinet 未发现病毒 20190329
AVG 未发现病毒 20190329
Cybereason 未发现病毒 20190327
Paloalto 未发现病毒 20190330
CrowdStrike 未发现病毒 20190212
Qihoo-360 未发现病毒 20190330

进程树

______ __________________.exe, PID: 2652, 上一级进程 PID: 2296
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 23.695 seconds )

  • 17.353 Suricata
  • 2.422 VirusTotal
  • 1.698 Static
  • 1.282 TargetInfo
  • 0.456 peid
  • 0.356 NetworkAnalysis
  • 0.086 AnalysisInfo
  • 0.022 BehaviorAnalysis
  • 0.011 Strings
  • 0.009 Memory

Signatures ( 0.398 seconds )

  • 0.136 md_domain_bl
  • 0.095 md_url_bl
  • 0.037 ransomware_extensions
  • 0.017 antiav_detectreg
  • 0.01 anomaly_persistence_autorun
  • 0.01 antiav_detectfile
  • 0.01 ransomware_files
  • 0.009 infostealer_ftp
  • 0.006 infostealer_bitcoin
  • 0.005 infostealer_im
  • 0.004 antianalysis_detectreg
  • 0.004 antivm_vbox_files
  • 0.004 infostealer_mail
  • 0.003 tinba_behavior
  • 0.003 rat_nanocore
  • 0.003 cerber_behavior
  • 0.003 disables_browser_warn
  • 0.002 betabot_behavior
  • 0.002 geodo_banking_trojan
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.001 network_tor
  • 0.001 api_spamming
  • 0.001 ursnif_behavior
  • 0.001 kazybot_behavior
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 maldun_suspicious
  • 0.001 stealth_timeout
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 malicious_drop_executable_file_to_temp_folder
  • 0.001 mimics_extension
  • 0.001 office_security
  • 0.001 ransomware_radamant
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_fingerprint
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt
  • 0.001 stealth_modify_security_center_warnings

Reporting ( 2.102 seconds )

  • 1.444 ReportHTMLSummary
  • 0.658 Malheur
Task ID 303439
Mongo ID 5cfc0c272f8f2e06b2327a86
Cuckoo release 1.4-Maldun