分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2019-07-21 11:19:44 | 2019-07-21 11:21:00 | 76 秒 |
魔盾分数
0.35
正常的
文件详细信息
| 文件名 | 绝地盒子.exe |
|---|---|
| 文件大小 | 14401536 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | a5810f13501577a0e5bbae1836434e20 |
| SHA1 | 32b49c4e2f1eac98621b61813fa2b42aaf2188d2 |
| SHA256 | 5bf6c39c6c012231b1825a2110065f73229ca09e83ed3748666072d2b7d849fe |
| SHA512 | c5c9cf3e26056cd57d47c936369f519e87a84214e0379ca0583ba53bbafefa8d62c6cfd1bea7117cb2027de54bbcb87e388bf4562a607f42e75b667e0e1d7667 |
| CRC32 | 0E3BE458 |
| Ssdeep | 393216:si9GtgbFyCZPaYe8LQu3TrNGGWXlKAABP3ZFgJph/:sRSMaPa8LQkrNlWXt8PJqJp |
| Yara | 登录查看Yara规则 |
| 样本下载 提交漏报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x035b1364 |
| 声明校验值 | 0x00000000 |
| 最低操作系统版本要求 | 5.0 |
| 编译时间 | 2019-07-21 04:02:49 |
| 载入哈希 | c5dd50b9f8f04978ead0616f78a3f851 |
| 导出DLL库名称 | \x37\x39\x31 |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00361f92 | 0x00000000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 0.00 |
| .rdata | 0x00363000 | 0x0194dab8 | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 0.00 |
| .data | 0x01cb1000 | 0x000a0108 | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| yundun0 | 0x01d52000 | 0x007874a4 | 0x00000000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 0.00 |
| yundun1 | 0x024da000 | 0x00db6f40 | 0x00db7000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 7.99 |
| .rsrc | 0x03291000 | 0x0000874a | 0x00004000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 2.04 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| RT_BITMAP | 0x032978c0 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_BITMAP | 0x032978c0 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_BITMAP | 0x032978c0 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_BITMAP | 0x032978c0 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_BITMAP | 0x032978c0 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_BITMAP | 0x032978c0 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_BITMAP | 0x032978c0 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_BITMAP | 0x032978c0 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_BITMAP | 0x032978c0 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_BITMAP | 0x032978c0 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_BITMAP | 0x032978c0 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_BITMAP | 0x032978c0 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_BITMAP | 0x032978c0 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_BITMAP | 0x032978c0 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_BITMAP | 0x032978c0 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_MENU | 0x03297a10 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_MENU | 0x03297a10 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_DIALOG | 0x03298c58 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_DIALOG | 0x03298c58 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_DIALOG | 0x03298c58 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_DIALOG | 0x03298c58 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_DIALOG | 0x03298c58 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_DIALOG | 0x03298c58 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_DIALOG | 0x03298c58 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_DIALOG | 0x03298c58 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_DIALOG | 0x03298c58 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_DIALOG | 0x03298c58 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_STRING | 0x032996a0 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_STRING | 0x032996a0 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_STRING | 0x032996a0 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_STRING | 0x032996a0 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_STRING | 0x032996a0 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_STRING | 0x032996a0 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_STRING | 0x032996a0 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_STRING | 0x032996a0 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_STRING | 0x032996a0 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_STRING | 0x032996a0 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_STRING | 0x032996a0 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_GROUP_CURSOR | 0x03299728 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_GROUP_CURSOR | 0x03299728 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_GROUP_CURSOR | 0x03299728 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_GROUP_CURSOR | 0x03299728 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_GROUP_CURSOR | 0x03299728 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_GROUP_CURSOR | 0x03299728 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
导入
库: user32.dll:
• 0x2949000 GetMessageA
• 0x2949004 SendMessageA
• 0x2949008 GetAncestor
• 0x294900c CreateWindowExA
• 0x2949010 MessageBoxA
• 0x2949014 TranslateMessage
• 0x2949018 EnumChildWindows
• 0x294901c SetPropA
• 0x2949020 EnumWindows
• 0x2949024 GetClassNameA
• 0x2949028 GetWindowLongA
• 0x294902c GetWindowRect
• 0x2949030 GetDC
• 0x2949034 UpdateLayeredWindow
• 0x2949038 ReleaseDC
• 0x294903c IsWindow
• 0x2949040 ShowWindow
• 0x2949044 CallWindowProcA
• 0x2949048 TrackMouseEvent
• 0x294904c GetPropA
• 0x2949050 wsprintfA
• 0x2949054 GetSystemMetrics
• 0x2949058 GetCursorPos
• 0x294905c CloseClipboard
• 0x2949060 GetClipboardData
• 0x2949064 OpenClipboard
• 0x2949068 DispatchMessageA
• 0x294906c PeekMessageA
库: kernel32.dll:
• 0x2949074 GetEnvironmentStrings
• 0x2949078 GetStartupInfoA
• 0x294907c DeleteCriticalSection
• 0x2949080 FreeEnvironmentStringsA
• 0x2949084 GetEnvironmentStringsW
• 0x2949088 FreeEnvironmentStringsW
• 0x294908c GetStdHandle
• 0x2949090 GetFileType
• 0x2949094 GetCPInfo
• 0x2949098 GetOEMCP
• 0x294909c GetACP
• 0x29490a0 GetCommandLineA
• 0x29490a4 GetVersion
• 0x29490a8 RtlUnwind
• 0x29490ac TerminateProcess
• 0x29490b0 HeapReAlloc
• 0x29490b4 LeaveCriticalSection
• 0x29490b8 EnterCriticalSection
• 0x29490bc InitializeCriticalSection
• 0x29490c0 GetStringTypeA
• 0x29490c4 GetStringTypeW
• 0x29490c8 InterlockedDecrement
• 0x29490cc InterlockedIncrement
• 0x29490d0 SetFilePointer
• 0x29490d4 SetUnhandledExceptionFilter
• 0x29490d8 IsBadCodePtr
• 0x29490dc LCMapStringW
• 0x29490e0 SetStdHandle
• 0x29490e4 GetCurrentProcess
• 0x29490e8 FlushFileBuffers
• 0x29490ec IsBadWritePtr
• 0x29490f0 RaiseException
• 0x29490f4 HeapCreate
• 0x29490f8 HeapDestroy
• 0x29490fc GetVersionExA
• 0x2949100 LCMapStringA
• 0x2949104 LoadLibraryA
• 0x2949108 FreeLibrary
• 0x294910c GetCurrentDirectoryA
• 0x2949110 GetLocalTime
• 0x2949114 Sleep
• 0x2949118 GetFileSize
• 0x294911c ReadFile
• 0x2949120 GetTempPathA
• 0x2949124 GetTickCount
• 0x2949128 CreateFileA
• 0x294912c WriteFile
• 0x2949130 CloseHandle
• 0x2949134 GetModuleFileNameA
• 0x2949138 IsBadReadPtr
• 0x294913c HeapFree
• 0x2949140 GetEnvironmentVariableA
• 0x2949144 HeapAlloc
• 0x2949148 ExitProcess
• 0x294914c GetProcessHeap
• 0x2949150 VirtualFree
• 0x2949154 VirtualAlloc
• 0x2949158 GetProcAddress
• 0x294915c LoadLibraryW
• 0x2949160 MapViewOfFile
• 0x2949164 CreateFileMappingA
• 0x2949168 VirtualProtectEx
• 0x294916c WideCharToMultiByte
• 0x2949170 LocalAlloc
• 0x2949174 LocalSize
• 0x2949178 lstrlenW
• 0x294917c GlobalFree
• 0x2949180 MultiByteToWideChar
• 0x2949184 GlobalUnlock
• 0x2949188 GlobalLock
• 0x294918c GlobalAlloc
• 0x2949190 LocalFree
• 0x2949194 RtlMoveMemory
• 0x2949198 GetModuleHandleA
• 0x294919c GetCurrentThreadId
• 0x29491a0 TlsSetValue
• 0x29491a4 TlsAlloc
• 0x29491a8 TlsFree
• 0x29491ac SetLastError
• 0x29491b0 TlsGetValue
• 0x29491b4 GetLastError
• 0x29491b8 SetHandleCount
库: gdi32.dll:
• 0x29491c0 CreateCompatibleDC
• 0x29491c4 DeleteDC
• 0x29491c8 CreateDIBSection
• 0x29491cc DeleteObject
• 0x29491d0 SelectObject
库: gdiplus.dll:
• 0x29491d8 GdipSetSolidFillColor
• 0x29491dc GdipCreateFromHDC
• 0x29491e0 GdipCreateBitmapFromScan0
• 0x29491e4 GdipGetImageWidth
• 0x29491e8 GdiplusStartup
• 0x29491ec GdipGetRegionBounds
• 0x29491f0 GdipSetTextRenderingHint
• 0x29491f4 GdipDeletePen
• 0x29491f8 GdipGetImageGraphicsContext
• 0x29491fc GdipSetSmoothingMode
• 0x2949200 GdipCreateSolidFill
• 0x2949204 GdipDisposeImage
• 0x2949208 GdipLoadImageFromStream
• 0x294920c GdipLoadImageFromFile
• 0x2949210 GdipDeleteBrush
• 0x2949214 GdipDrawRectangleI
• 0x2949218 GdipGetImageHeight
库: ole32.dll:
• 0x2949220 CLSIDFromString
• 0x2949224 CreateStreamOnHGlobal
• 0x2949228 OleRun
• 0x294922c CoCreateInstance
• 0x2949230 CLSIDFromString
• 0x2949234 OleUninitialize
• 0x2949238 OleInitialize
• 0x294923c CLSIDFromProgID
库: imm32.dll:
• 0x2949244 ImmReleaseContext
• 0x2949248 ImmSetCompositionWindow
• 0x294924c ImmGetContext
• 0x2949250 ImmAssociateContext
• 0x2949254 ImmGetCompositionStringW
库: shlwapi.dll:
• 0x2949268 PathFileExistsA
库: winmm.dll:
• 0x2949270 PlaySoundA
库: kernel32.dll:
• 0x2949278 RaiseException
• 0x294927c CloseHandle
• 0x2949280 WaitForSingleObject
• 0x2949284 CreateProcessA
• 0x2949288 GetTickCount
• 0x294928c GetCommandLineA
• 0x2949290 MulDiv
• 0x2949294 GetProcAddress
• 0x2949298 GetModuleHandleA
• 0x294929c GetVolumeInformationA
• 0x29492a0 SetCurrentDirectoryA
• 0x29492a4 GetCurrentDirectoryA
• 0x29492a8 CreateDirectoryA
• 0x29492ac DeleteFileA
• 0x29492b0 GetFileAttributesA
• 0x29492b4 SetFileAttributesA
• 0x29492b8 FindClose
• 0x29492bc FindFirstFileA
• 0x29492c0 GetTempPathA
• 0x29492c4 TerminateProcess
• 0x29492c8 GlobalLock
• 0x29492cc GlobalAlloc
• 0x29492d0 Sleep
• 0x29492d4 CreateEventA
• 0x29492d8 CreateThread
• 0x29492dc GetPrivateProfileStringA
• 0x29492e0 WritePrivateProfileStringA
• 0x29492e4 GetVersionExA
• 0x29492e8 GetLastError
• 0x29492ec LoadLibraryA
• 0x29492f0 FreeLibrary
• 0x29492f4 GetFullPathNameA
• 0x29492f8 GetUserDefaultLCID
• 0x29492fc HeapAlloc
• 0x2949300 GetProcessHeap
• 0x2949304 HeapReAlloc
• 0x2949308 HeapFree
• 0x294930c GlobalReAlloc
• 0x2949310 FindNextFileA
• 0x2949314 lstrcpyA
• 0x2949318 WinExec
• 0x294931c lstrlenA
• 0x2949320 lstrcatA
• 0x2949324 InitializeCriticalSection
• 0x2949328 DeleteCriticalSection
• 0x294932c GlobalFree
• 0x2949330 GlobalSize
• 0x2949334 ExitProcess
• 0x2949338 GetCurrentThreadId
• 0x294933c MultiByteToWideChar
• 0x2949340 WideCharToMultiByte
• 0x2949344 GetModuleFileNameA
• 0x2949348 RemoveDirectoryA
• 0x294934c lstrlenW
• 0x2949350 ReadFile
• 0x2949354 LockResource
• 0x2949358 LoadResource
• 0x294935c FindResourceA
• 0x2949360 SetEvent
• 0x2949364 CreateFileA
• 0x2949368 WaitForMultipleObjects
• 0x294936c WriteFile
• 0x2949370 GetProfileStringA
• 0x2949374 LeaveCriticalSection
• 0x2949378 EnterCriticalSection
• 0x294937c ReleaseSemaphore
• 0x2949380 ResumeThread
• 0x2949384 CreateSemaphoreA
• 0x2949388 IsDBCSLeadByte
• 0x294938c lstrcmpA
• 0x2949390 lstrcmpiA
• 0x2949394 lstrcpynA
• 0x2949398 FileTimeToSystemTime
• 0x294939c FileTimeToLocalFileTime
• 0x29493a0 SetFilePointer
• 0x29493a4 GetFileSize
• 0x29493a8 GetFileType
• 0x29493ac DuplicateHandle
• 0x29493b0 GetCurrentProcess
• 0x29493b4 SystemTimeToFileTime
• 0x29493b8 GetLocalTime
• 0x29493bc DosDateTimeToFileTime
• 0x29493c0 SetFileTime
• 0x29493c4 TerminateThread
• 0x29493c8 GetSystemDirectoryA
• 0x29493cc GetWindowsDirectoryA
• 0x29493d0 CreateMutexA
• 0x29493d4 ReleaseMutex
• 0x29493d8 SuspendThread
• 0x29493dc HeapSize
• 0x29493e0 GetACP
• 0x29493e4 UnhandledExceptionFilter
• 0x29493e8 FreeEnvironmentStringsA
• 0x29493ec FreeEnvironmentStringsW
• 0x29493f0 GetEnvironmentStrings
• 0x29493f4 GetEnvironmentStringsW
• 0x29493f8 SetHandleCount
• 0x29493fc GetStdHandle
• 0x2949400 GetEnvironmentVariableA
• 0x2949404 HeapDestroy
• 0x2949408 HeapCreate
• 0x294940c VirtualFree
• 0x2949410 SetEnvironmentVariableA
• 0x2949414 LCMapStringA
• 0x2949418 LCMapStringW
• 0x294941c VirtualAlloc
• 0x2949420 IsBadWritePtr
• 0x2949424 GetStringTypeA
• 0x2949428 GetStringTypeW
• 0x294942c SetUnhandledExceptionFilter
• 0x2949430 InterlockedIncrement
• 0x2949434 CompareStringA
• 0x2949438 CompareStringW
• 0x294943c IsBadReadPtr
• 0x2949440 IsBadCodePtr
• 0x2949444 SetStdHandle
• 0x2949448 GetSystemTime
• 0x294944c GetTimeZoneInformation
• 0x2949450 RtlUnwind
• 0x2949454 GetStartupInfoA
• 0x2949458 GetOEMCP
• 0x294945c GetCPInfo
• 0x2949460 GetProcessVersion
• 0x2949464 SetErrorMode
• 0x2949468 GlobalFlags
• 0x294946c GetCurrentThread
• 0x2949470 GetFileTime
• 0x2949474 TlsGetValue
• 0x2949478 LocalReAlloc
• 0x294947c TlsSetValue
• 0x2949480 TlsFree
• 0x2949484 GlobalHandle
• 0x2949488 TlsAlloc
• 0x294948c LocalAlloc
• 0x2949490 GetVersion
• 0x2949494 GlobalGetAtomNameA
• 0x2949498 GlobalAddAtomA
• 0x294949c GlobalFindAtomA
• 0x29494a0 GlobalDeleteAtom
• 0x29494a4 SetEndOfFile
• 0x29494a8 UnlockFile
• 0x29494ac LockFile
• 0x29494b0 FlushFileBuffers
• 0x29494b4 SetLastError
• 0x29494b8 LocalFree
• 0x29494bc InterlockedDecrement
• 0x29494c0 GlobalUnlock
库: user32.dll:
• 0x29494c8 SetWindowTextA
• 0x29494cc GetWindowTextA
• 0x29494d0 CharUpperA
• 0x29494d4 GetForegroundWindow
• 0x29494d8 DefWindowProcA
• 0x29494dc GetSystemMenu
• 0x29494e0 DeleteMenu
• 0x29494e4 GetMenu
• 0x29494e8 SetMenu
• 0x29494ec PeekMessageA
• 0x29494f0 UnregisterClassA
• 0x29494f4 IsIconic
• 0x29494f8 SetFocus
• 0x29494fc GetActiveWindow
• 0x2949500 GetWindow
• 0x2949504 DestroyAcceleratorTable
• 0x2949508 SetWindowRgn
• 0x294950c GetMessagePos
• 0x2949510 ScreenToClient
• 0x2949514 ChildWindowFromPointEx
• 0x2949518 CopyRect
• 0x294951c LoadBitmapA
• 0x2949520 WinHelpA
• 0x2949524 KillTimer
• 0x2949528 SetTimer
• 0x294952c ReleaseCapture
• 0x2949530 GetCapture
• 0x2949534 SetCapture
• 0x2949538 GetScrollRange
• 0x294953c SetScrollRange
• 0x2949540 SetScrollPos
• 0x2949544 SetRect
• 0x2949548 InflateRect
• 0x294954c IntersectRect
• 0x2949550 DestroyIcon
• 0x2949554 PtInRect
• 0x2949558 OffsetRect
• 0x294955c IsWindowVisible
• 0x2949560 EnableWindow
• 0x2949564 RedrawWindow
• 0x2949568 GetWindowLongA
• 0x294956c SetWindowLongA
• 0x2949570 GetSysColor
• 0x2949574 SetActiveWindow
• 0x2949578 SetCursorPos
• 0x294957c LoadCursorA
• 0x2949580 SetCursor
• 0x2949584 GetDC
• 0x2949588 FillRect
• 0x294958c IsRectEmpty
• 0x2949590 ReleaseDC
• 0x2949594 IsChild
• 0x2949598 TrackPopupMenu
• 0x294959c DestroyMenu
• 0x29495a0 SetForegroundWindow
• 0x29495a4 GetWindowRect
• 0x29495a8 UpdateWindow
• 0x29495ac ValidateRect
• 0x29495b0 InvalidateRect
• 0x29495b4 GetClientRect
• 0x29495b8 GetMenuItemCount
• 0x29495bc GetParent
• 0x29495c0 GetTopWindow
• 0x29495c4 GetWindowDC
• 0x29495c8 IsWindow
• 0x29495cc SetParent
• 0x29495d0 DestroyCursor
• 0x29495d4 SendMessageA
• 0x29495d8 SetWindowPos
• 0x29495dc MessageBoxA
• 0x29495e0 GetCursorPos
• 0x29495e4 GetSystemMetrics
• 0x29495e8 EmptyClipboard
• 0x29495ec SetClipboardData
• 0x29495f0 OpenClipboard
• 0x29495f4 GetClipboardData
• 0x29495f8 CloseClipboard
• 0x29495fc wsprintfA
• 0x2949600 WaitForInputIdle
• 0x2949604 GetWindowTextLengthA
• 0x2949608 BeginPaint
• 0x294960c EndPaint
• 0x2949610 GetDlgItem
• 0x2949614 DestroyWindow
• 0x2949618 CreateDialogIndirectParamA
• 0x294961c EndDialog
• 0x2949620 GetNextDlgTabItem
• 0x2949624 GetWindowPlacement
• 0x2949628 RegisterWindowMessageA
• 0x294962c GetLastActivePopup
• 0x2949630 GetMessageTime
• 0x2949634 RemovePropA
• 0x2949638 GetClassLongA
• 0x294963c CreateWindowExA
• 0x2949640 RegisterClassA
• 0x2949644 GetScrollPos
• 0x2949648 UnhookWindowsHookEx
• 0x294964c CallNextHookEx
• 0x2949650 AdjustWindowRectEx
• 0x2949654 MapWindowPoints
• 0x2949658 SendDlgItemMessageA
• 0x294965c ScrollWindowEx
• 0x2949660 IsDialogMessageA
• 0x2949664 CheckMenuItem
• 0x2949668 SetMenuItemBitmaps
• 0x294966c GetMenuCheckMarkDimensions
• 0x2949670 GetClassNameA
• 0x2949674 GetMenuItemID
• 0x2949678 GetMenuStringA
• 0x294967c GetMenuState
• 0x2949680 GetTabbedTextExtentA
• 0x2949684 DrawStateA
• 0x2949688 GrayStringA
• 0x294968c TabbedTextOutA
• 0x2949690 WindowFromDC
• 0x2949694 GetFocus
• 0x2949698 GetDesktopWindow
• 0x294969c LoadStringA
• 0x29496a0 SetWindowsHookExA
• 0x29496a4 FrameRect
• 0x29496a8 GetPropA
• 0x29496ac MoveWindow
• 0x29496b0 CallWindowProcA
• 0x29496b4 SetPropA
• 0x29496b8 DrawTextA
• 0x29496bc GetCursor
• 0x29496c0 LoadIconA
• 0x29496c4 TranslateMessage
• 0x29496c8 DrawFrameControl
• 0x29496cc DrawEdge
• 0x29496d0 DrawFocusRect
• 0x29496d4 WindowFromPoint
• 0x29496d8 GetMessageA
• 0x29496dc DispatchMessageA
• 0x29496e0 SetRectEmpty
• 0x29496e4 RegisterClipboardFormatA
• 0x29496e8 CreateIconFromResourceEx
• 0x29496ec CreateIconFromResource
• 0x29496f0 DrawIconEx
• 0x29496f4 CreatePopupMenu
• 0x29496f8 AppendMenuA
• 0x29496fc GetSysColorBrush
• 0x2949700 EnumChildWindows
• 0x2949704 ModifyMenuA
• 0x2949708 CreateMenu
• 0x294970c CreateAcceleratorTableA
• 0x2949710 GetDlgCtrlID
• 0x2949714 GetSubMenu
• 0x2949718 EnableMenuItem
• 0x294971c ClientToScreen
• 0x2949720 EnumDisplaySettingsA
• 0x2949724 LoadImageA
• 0x2949728 SystemParametersInfoA
• 0x294972c ShowWindow
• 0x2949730 IsWindowEnabled
• 0x2949734 TranslateAcceleratorA
• 0x2949738 GetKeyState
• 0x294973c CopyAcceleratorTableA
• 0x2949740 PostQuitMessage
• 0x2949744 IsZoomed
• 0x2949748 PostMessageA
• 0x294974c GetClassInfoA
• 0x2949750 EqualRect
库: gdi32.dll:
• 0x2949758 ExtSelectClipRgn
• 0x294975c GetViewportExtEx
• 0x2949760 LineTo
• 0x2949764 MoveToEx
• 0x2949768 ExcludeClipRect
• 0x294976c GetClipBox
• 0x2949770 ScaleWindowExtEx
• 0x2949774 SetWindowExtEx
• 0x2949778 ScaleViewportExtEx
• 0x294977c SetViewportExtEx
• 0x2949780 OffsetViewportOrgEx
• 0x2949784 SetViewportOrgEx
• 0x2949788 SetMapMode
• 0x294978c SetROP2
• 0x2949790 SetPolyFillMode
• 0x2949794 GetCurrentObject
• 0x2949798 DPtoLP
• 0x294979c LPtoDP
• 0x29497a0 Rectangle
• 0x29497a4 Ellipse
• 0x29497a8 GetTextMetricsA
• 0x29497ac GetTextExtentPoint32A
• 0x29497b0 RoundRect
• 0x29497b4 SetPixelV
• 0x29497b8 CreateCompatibleDC
• 0x29497bc GetPixel
• 0x29497c0 BitBlt
• 0x29497c4 StartPage
• 0x29497c8 StartDocA
• 0x29497cc DeleteDC
• 0x29497d0 EndDoc
• 0x29497d4 EndPage
• 0x29497d8 GetObjectA
• 0x29497dc GetStockObject
• 0x29497e0 CreateFontIndirectA
• 0x29497e4 CreateSolidBrush
• 0x29497e8 FillRgn
• 0x29497ec CreateRectRgn
• 0x29497f0 CombineRgn
• 0x29497f4 PatBlt
• 0x29497f8 CreatePen
• 0x29497fc SelectObject
• 0x2949800 CreateBitmap
• 0x2949804 CreateBrushIndirect
• 0x2949808 CreateDCA
• 0x294980c CreateCompatibleBitmap
• 0x2949810 GetPolyFillMode
• 0x2949814 GetStretchBltMode
• 0x2949818 GetROP2
• 0x294981c GetBkColor
• 0x2949820 GetBkMode
• 0x2949824 GetTextColor
• 0x2949828 CreateRoundRectRgn
• 0x294982c CreateEllipticRgn
• 0x2949830 PathToRegion
• 0x2949834 EndPath
• 0x2949838 BeginPath
• 0x294983c GetWindowOrgEx
• 0x2949840 GetViewportOrgEx
• 0x2949844 GetWindowExtEx
• 0x2949848 GetDIBits
• 0x294984c RealizePalette
• 0x2949850 SelectPalette
• 0x2949854 StretchBlt
• 0x2949858 CreatePalette
• 0x294985c GetSystemPaletteEntries
• 0x2949860 CreateDIBitmap
• 0x2949864 DeleteObject
• 0x2949868 SelectClipRgn
• 0x294986c CreatePolygonRgn
• 0x2949870 GetClipRgn
• 0x2949874 SetStretchBltMode
• 0x2949878 ExtCreateRegion
• 0x294987c SetPixel
• 0x2949880 CreateDIBSection
• 0x2949884 CreateRectRgnIndirect
• 0x2949888 SetBkColor
• 0x294988c SetBkMode
• 0x2949890 SetTextColor
• 0x2949894 SetWindowOrgEx
• 0x2949898 SaveDC
• 0x294989c RestoreDC
• 0x29498a0 CreatePenIndirect
• 0x29498a4 PtVisible
• 0x29498a8 RectVisible
• 0x29498ac TextOutA
• 0x29498b0 ExtTextOutA
• 0x29498b4 Escape
• 0x29498b8 GetDeviceCaps
库: winmm.dll:
• 0x29498c0 midiStreamOut
• 0x29498c4 midiOutPrepareHeader
• 0x29498c8 midiStreamOpen
• 0x29498cc midiOutUnprepareHeader
• 0x29498d0 waveOutOpen
• 0x29498d4 waveOutGetNumDevs
• 0x29498d8 waveOutClose
• 0x29498dc waveOutReset
• 0x29498e0 waveOutWrite
• 0x29498e4 waveOutPrepareHeader
• 0x29498e8 waveOutUnprepareHeader
• 0x29498ec waveOutRestart
• 0x29498f0 midiStreamClose
• 0x29498f4 midiStreamRestart
• 0x29498f8 midiStreamStop
• 0x29498fc waveOutPause
• 0x2949900 midiStreamProperty
• 0x2949904 midiOutReset
库: MSIMG32.dll:
• 0x294990c GradientFill
库: ADVAPI32.dll:
• 0x2949924 RegCloseKey
• 0x2949928 RegOpenKeyExA
• 0x294992c RegSetValueExA
• 0x2949930 RegQueryValueA
• 0x2949934 RegCreateKeyExA
库: shell32.dll:
• 0x294993c SHGetSpecialFolderPathA
• 0x2949940 Shell_NotifyIconA
• 0x2949944 ShellExecuteA
库: OLEAUT32.dll:
• 0x294994c UnRegisterTypeLib
• 0x2949950 LoadTypeLib
• 0x2949954 LHashValOfNameSys
• 0x2949958 RegisterTypeLib
• 0x294995c SafeArrayPutElement
• 0x2949960 SafeArrayCreate
• 0x2949964 SafeArrayDestroy
• 0x2949968 SysAllocString
• 0x294996c VariantInit
• 0x2949970 VariantCopyInd
• 0x2949974 SafeArrayGetElement
• 0x2949978 SafeArrayAccessData
• 0x294997c SafeArrayUnaccessData
• 0x2949980 SafeArrayGetDim
• 0x2949984 SafeArrayGetLBound
• 0x2949988 SafeArrayGetUBound
• 0x294998c VariantChangeType
• 0x2949990 VariantClear
库: COMCTL32.dll:
• 0x2949998 None
• 0x294999c ImageList_SetBkColor
• 0x29499a0 ImageList_GetIcon
• 0x29499a4 ImageList_AddMasked
• 0x29499a8 ImageList_GetImageCount
• 0x29499ac _TrackMouseEvent
• 0x29499b0 ImageList_Destroy
• 0x29499b4 ImageList_Create
• 0x29499b8 ImageList_Duplicate
• 0x29499bc ImageList_DrawIndirect
• 0x29499c0 ImageList_Read
• 0x29499c4 ImageList_Draw
• 0x29499c8 ImageList_GetImageInfo
库: WS2_32.dll:
• 0x29499d0 inet_ntoa
• 0x29499d4 ntohl
• 0x29499d8 accept
• 0x29499dc getpeername
• 0x29499e0 recv
• 0x29499e4 ioctlsocket
• 0x29499e8 recvfrom
• 0x29499ec WSAAsyncSelect
• 0x29499f0 closesocket
• 0x29499f4 WSACleanup
库: comdlg32.dll:
• 0x29499fc GetSaveFileNameA
• 0x2949a00 GetOpenFileNameA
• 0x2949a04 ChooseColorA
• 0x2949a08 GetFileTitleA
库: WTSAPI32.dll:
• 0x2949a10 WTSSendMessageW
库: kernel32.dll:
• 0x2949a18 VirtualQuery
• 0x2949a1c GetSystemTimeAsFileTime
• 0x2949a20 GetModuleHandleA
• 0x2949a24 CreateEventA
• 0x2949a28 GetModuleFileNameW
• 0x2949a2c LoadLibraryA
• 0x2949a30 TerminateProcess
• 0x2949a34 GetCurrentProcess
• 0x2949a38 CreateToolhelp32Snapshot
• 0x2949a3c Thread32First
• 0x2949a40 GetCurrentProcessId
• 0x2949a44 GetCurrentThreadId
• 0x2949a48 OpenThread
• 0x2949a4c Thread32Next
• 0x2949a50 CloseHandle
• 0x2949a54 SuspendThread
• 0x2949a58 ResumeThread
• 0x2949a5c WriteProcessMemory
• 0x2949a60 GetSystemInfo
• 0x2949a64 VirtualAlloc
• 0x2949a68 VirtualProtect
• 0x2949a6c VirtualFree
• 0x2949a70 GetProcessAffinityMask
• 0x2949a74 SetProcessAffinityMask
• 0x2949a78 GetCurrentThread
• 0x2949a7c SetThreadAffinityMask
• 0x2949a80 Sleep
• 0x2949a84 FreeLibrary
• 0x2949a88 GetTickCount
• 0x2949a8c GlobalFree
• 0x2949a90 GetProcAddress
• 0x2949a94 LocalAlloc
• 0x2949a98 LocalFree
• 0x2949a9c ExitProcess
• 0x2949aa0 EnterCriticalSection
• 0x2949aa4 LeaveCriticalSection
• 0x2949aa8 InitializeCriticalSection
• 0x2949aac DeleteCriticalSection
• 0x2949ab0 GetModuleHandleW
• 0x2949ab4 LoadResource
• 0x2949ab8 MultiByteToWideChar
• 0x2949abc FindResourceExW
• 0x2949ac0 FindResourceExA
• 0x2949ac4 WideCharToMultiByte
• 0x2949ac8 GetThreadLocale
• 0x2949acc GetUserDefaultLCID
• 0x2949ad0 GetSystemDefaultLCID
• 0x2949ad4 EnumResourceNamesA
• 0x2949ad8 EnumResourceNamesW
• 0x2949adc EnumResourceLanguagesA
• 0x2949ae0 EnumResourceLanguagesW
• 0x2949ae4 EnumResourceTypesA
• 0x2949ae8 EnumResourceTypesW
• 0x2949aec CreateFileW
• 0x2949af0 LoadLibraryW
• 0x2949af4 GetLastError
• 0x2949af8 FlushFileBuffers
• 0x2949afc CreateFileA
• 0x2949b00 WriteConsoleW
• 0x2949b04 GetConsoleOutputCP
• 0x2949b08 WriteConsoleA
• 0x2949b0c GetCommandLineA
• 0x2949b10 RaiseException
• 0x2949b14 RtlUnwind
• 0x2949b18 HeapFree
• 0x2949b1c GetCPInfo
• 0x2949b20 InterlockedIncrement
• 0x2949b24 InterlockedDecrement
• 0x2949b28 GetACP
• 0x2949b2c GetOEMCP
• 0x2949b30 IsValidCodePage
• 0x2949b34 TlsGetValue
• 0x2949b38 TlsAlloc
• 0x2949b3c TlsSetValue
• 0x2949b40 TlsFree
• 0x2949b44 SetLastError
• 0x2949b48 UnhandledExceptionFilter
• 0x2949b4c SetUnhandledExceptionFilter
• 0x2949b50 IsDebuggerPresent
• 0x2949b54 HeapAlloc
• 0x2949b58 LCMapStringA
• 0x2949b5c LCMapStringW
• 0x2949b60 SetHandleCount
• 0x2949b64 GetStdHandle
• 0x2949b68 GetFileType
• 0x2949b6c GetStartupInfoA
• 0x2949b70 GetModuleFileNameA
• 0x2949b74 FreeEnvironmentStringsA
• 0x2949b78 GetEnvironmentStrings
• 0x2949b7c FreeEnvironmentStringsW
• 0x2949b80 GetEnvironmentStringsW
• 0x2949b84 HeapCreate
• 0x2949b88 HeapDestroy
• 0x2949b8c QueryPerformanceCounter
• 0x2949b90 HeapReAlloc
• 0x2949b94 GetStringTypeA
• 0x2949b98 GetStringTypeW
• 0x2949b9c GetLocaleInfoA
• 0x2949ba0 HeapSize
• 0x2949ba4 WriteFile
• 0x2949ba8 SetFilePointer
• 0x2949bac GetConsoleCP
• 0x2949bb0 GetConsoleMode
• 0x2949bb4 InitializeCriticalSectionAndSpinCount
• 0x2949bb8 SetStdHandle
库: user32.dll:
• 0x2949bc0 GetUserObjectInformationW
• 0x2949bc4 CharUpperBuffW
• 0x2949bc8 MessageBoxW
• 0x2949bcc GetProcessWindowStation
库: kernel32.dll:
• 0x2949bd4 LocalAlloc
• 0x2949bd8 LocalFree
• 0x2949bdc GetModuleFileNameW
• 0x2949be0 GetProcessAffinityMask
• 0x2949be4 SetProcessAffinityMask
• 0x2949be8 SetThreadAffinityMask
• 0x2949bec Sleep
• 0x2949bf0 ExitProcess
• 0x2949bf4 FreeLibrary
• 0x2949bf8 LoadLibraryA
• 0x2949bfc GetModuleHandleA
• 0x2949c00 GetProcAddress
.text
`.rdata
@.data
yundun0
`yundun1
`.rsrc
FreeEnvironmentStringsW
GradientFill
PathFileExistsA
EqualRect
GetCPInfo
GetVersion
ImmGetContext
FindResourceExA
GetUserObjectInformationW
ChildWindowFromPointEx
HeapDestroy
GetStretchBltMode
MapViewOfFile
ExcludeClipRect
GetModuleHandleA
GetWindowTextLengthA
LeaveCriticalSection
LCMapStringA
QueryPerformanceCounter
GetMenuStringA
SetPropA
GetStdHandle
SetEndOfFile
SetFilePointer
GetProcessWindowStation
CLSIDFromString
GetFileType
j!z0(
LoadLibraryA
CreateBitmap
TranslateMessage
SetTextColor
CreatePopupMenu
GetFileType
LeaveCriticalSection
IsWindow
SetLastError
waveOutOpen
InterlockedDecrement
FindResourceExW
IsBadWritePtr
RaiseException
ShowWindow
LCMapStringW
IsWindow
GlobalAlloc
GetEnvironmentStringsW
HeapAlloc
DrawStateA
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 72.121 seconds )
- 36.08 Static
- 16.46 Suricata
- 16.253 TargetInfo
- 2.057 VirusTotal
- 0.5 peid
- 0.357 NetworkAnalysis
- 0.207 BehaviorAnalysis
- 0.098 config_decoder
- 0.091 AnalysisInfo
- 0.015 Strings
- 0.003 Memory
Signatures ( 0.197 seconds )
- 0.029 antiav_detectreg
- 0.023 md_url_bl
- 0.021 md_domain_bl
- 0.012 infostealer_ftp
- 0.008 antiav_detectfile
- 0.007 anomaly_persistence_autorun
- 0.007 infostealer_im
- 0.007 ransomware_extensions
- 0.007 ransomware_files
- 0.006 antianalysis_detectreg
- 0.005 infostealer_bitcoin
- 0.005 infostealer_mail
- 0.004 api_spamming
- 0.003 tinba_behavior
- 0.003 stealth_decoy_document
- 0.003 stealth_timeout
- 0.003 antivm_vbox_files
- 0.003 geodo_banking_trojan
- 0.003 disables_browser_warn
- 0.002 rat_nanocore
- 0.002 betabot_behavior
- 0.002 cerber_behavior
- 0.002 antivm_parallels_keys
- 0.002 bot_drive
- 0.002 browser_security
- 0.002 modify_proxy
- 0.002 md_bad_drop
- 0.001 network_tor
- 0.001 ursnif_behavior
- 0.001 kibex_behavior
- 0.001 shifu_behavior
- 0.001 antianalysis_detectfile
- 0.001 antidbg_devices
- 0.001 antivm_generic_diskreg
- 0.001 antivm_xen_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 darkcomet_regkeys
- 0.001 office_security
- 0.001 rat_pcclient
- 0.001 rat_spynet
- 0.001 recon_fingerprint
- 0.001 stealth_hiddenreg
- 0.001 stealth_hide_notifications
- 0.001 stealth_modify_uac_prompt
- 0.001 stealth_modify_security_center_warnings
Reporting ( 1.219 seconds )
- 0.929 ReportHTMLSummary
- 0.29 Malheur
| Task ID | 339409 |
|---|---|
| Mongo ID | 5d33da7c2f8f2e4e9ffc1888 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号