比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2019-07-21 11:27:50 2019-07-21 11:30:42 172 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 hello Word.exe
文件大小 1187328 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 100229baf1565cada7d6f17425da7027
SHA1 94a4b7330578f619ae15826ff481d9a7b0d8d956
SHA256 6f4d1afa4207cfcac2e3e120638ff94f459d95e0643fbf76216c093467a9b66c
SHA512 bf46692f556df35b6565e9edd0304ceb81d9a223bcff6056e8bed27104d1b1066524319da31f98a266b6599c7c0facf4fc2620ff9139617f2281b11130425c74
CRC32 AF7CD93A
Ssdeep 24576:M1UEX1O4bWB7luD4fwdFGJNFPjwGu6Ciq62RGO69YtOkQ:MHX1OVB7luDUwdFGxPj4DH6Nk
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
137.59.148.97 印度
162.215.255.54 美国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.keepboot.com A 137.59.148.97
www.virtualhardwares.com A 162.215.255.54
CNAME virtualhardwares.com

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0044c057
声明校验值 0x00131260
实际校验值 0x00131260
最低操作系统版本要求 5.0
编译时间 2018-03-07 20:58:54
载入哈希 e15d6ca80bcd3390c13f3f8c41677054

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00064b24 0x00064c00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.61
.rdata 0x00066000 0x000168f6 0x00016a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.46
.data 0x0007d000 0x000096f8 0x00002c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.24
.rsrc 0x00087000 0x0009bae8 0x0009bc00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.26
.reloc 0x00123000 0x00007aa0 0x00007c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 5.78

导入

库: KERNEL32.dll:
0x466114 GetFileSize
0x466118 VirtualFree
0x46611c LoadLibraryA
0x466120 VirtualAlloc
0x466124 QueueUserAPC
0x466128 OpenThread
0x46612c VirtualFreeEx
0x466130 GetExitCodeThread
0x466134 WaitForSingleObject
0x466138 CreateRemoteThread
0x46613c WriteProcessMemory
0x466140 VirtualAllocEx
0x466144 SuspendThread
0x466148 TerminateProcess
0x46614c ResumeThread
0x466150 CreateProcessW
0x466154 LoadLibraryW
0x466158 GetSystemDirectoryW
0x46615c ReadFile
0x466164 GetCurrentProcessId
0x466168 GetLocalTime
0x46616c GetTickCount
0x466170 Sleep
0x466174 OpenProcess
0x466178 WriteFile
0x46617c GetLastError
0x466180 SizeofResource
0x466184 LockResource
0x466188 LoadResource
0x46618c FindResourceW
0x466190 lstrcatW
0x466194 lstrcpyW
0x466198 lstrlenW
0x46619c QueryDosDeviceW
0x4661a0 IsBadWritePtr
0x4661a4 GetNativeSystemInfo
0x4661a8 GetCurrentProcess
0x4661ac CreateThread
0x4661b4 MultiByteToWideChar
0x4661b8 WideCharToMultiByte
0x4661bc IsBadReadPtr
0x4661c4 GetModuleHandleW
0x4661c8 GetProcAddress
0x4661cc GetDriveTypeW
0x4661d4 CompareStringW
0x4661dc DeviceIoControl
0x4661e0 CloseHandle
0x4661e4 CreateFileW
0x4661e8 GetModuleFileNameW
0x4661ec GetACP
0x4661f0 ExitProcess
0x4661f4 FreeResource
0x4661f8 MulDiv
0x466204 SetFilePointer
0x466208 GetFileType
0x46620c DuplicateHandle
0x466218 CreateDirectoryW
0x46621c SetFileTime
0x466220 GlobalUnlock
0x466224 GlobalLock
0x466228 GlobalAlloc
0x46622c HeapAlloc
0x466230 HeapFree
0x46623c IsDebuggerPresent
0x466240 GetStartupInfoW
0x466244 RaiseException
0x466248 RtlUnwind
0x46624c HeapReAlloc
0x46625c HeapCreate
0x466260 GetStdHandle
0x466264 GetModuleFileNameA
0x466268 GetCPInfo
0x46626c GetOEMCP
0x466270 IsValidCodePage
0x466274 TlsGetValue
0x466278 TlsAlloc
0x46627c TlsSetValue
0x466280 TlsFree
0x466284 SetLastError
0x466288 GetCurrentThreadId
0x46628c LCMapStringA
0x466290 LCMapStringW
0x4662a0 GetCommandLineW
0x4662a4 SetHandleCount
0x4662a8 GetStartupInfoA
0x4662b4 HeapSize
0x4662b8 GetModuleHandleA
0x4662c0 GetStringTypeA
0x4662c4 GetStringTypeW
0x4662c8 GetLocaleInfoA
0x4662cc GetConsoleCP
0x4662d0 GetConsoleMode
0x4662d4 SetStdHandle
0x4662d8 WriteConsoleA
0x4662dc GetConsoleOutputCP
0x4662e0 WriteConsoleW
0x4662e4 FlushFileBuffers
0x4662e8 CreateFileA
0x4662ec CompareStringA
库: USER32.dll:
0x466318 LoadImageW
0x46631c GetSystemMetrics
0x466320 CallWindowProcW
0x466324 GetWindowLongW
0x466328 GetPropW
0x46632c SetPropW
0x466330 PostMessageW
0x466334 RegisterClassW
0x466338 LoadCursorW
0x46633c RegisterClassExW
0x466340 GetClassInfoExW
0x466344 CreateWindowExW
0x466348 GetKeyState
0x46634c UnionRect
0x466350 InvalidateRect
0x466354 SetTimer
0x466358 KillTimer
0x46635c SetCapture
0x466360 ReleaseCapture
0x466364 ScreenToClient
0x466368 PtInRect
0x46636c GetDC
0x466370 CharNextW
0x466374 ReleaseDC
0x466378 DestroyWindow
0x46637c GetFocus
0x466380 MapWindowPoints
0x466384 IntersectRect
0x466388 GetUpdateRect
0x46638c IsRectEmpty
0x466390 SendMessageW
0x466394 BeginPaint
0x466398 GetActiveWindow
0x46639c OffsetRect
0x4663a0 SetCursor
0x4663a4 wvsprintfW
0x4663a8 GetWindowRgn
0x4663ac MoveWindow
0x4663b0 IsZoomed
0x4663b4 SetWindowRgn
0x4663b8 GetWindowTextW
0x4663c0 GetCaretPos
0x4663c4 GetCaretBlinkTime
0x4663c8 FillRect
0x4663cc InvalidateRgn
0x4663d0 GetGUIThreadInfo
0x4663d8 DrawTextW
0x4663dc CharPrevW
0x4663e0 SetRect
0x4663e4 CreateCaret
0x4663e8 HideCaret
0x4663ec ShowCaret
0x4663f0 SetCaretPos
0x4663f4 GetSysColor
0x4663f8 EnableWindow
0x4663fc GetMessageW
0x466400 SetFocus
0x466404 TranslateMessage
0x466408 DispatchMessageW
0x46640c ShowWindow
0x466410 IsWindow
0x466414 SetWindowLongW
0x466418 wsprintfW
0x46641c GetWindowRect
0x466420 GetParent
0x466424 GetWindow
0x466428 GetMonitorInfoW
0x46642c MonitorFromWindow
0x466430 IsIconic
0x466434 DefWindowProcW
0x466438 EndPaint
0x46643c PostQuitMessage
0x466440 DestroyMenu
0x466444 TrackPopupMenu
0x466448 SetForegroundWindow
0x46644c GetCursorPos
0x466450 GetSubMenu
0x466454 AppendMenuW
0x466458 InsertMenuW
0x46645c CreatePopupMenu
0x466460 CreateMenu
0x466464 SetWindowTextW
0x466468 ClientToScreen
0x466470 GetClientRect
0x466474 IsWindowVisible
0x466478 MessageBoxW
0x46647c SetWindowPos
库: COMDLG32.dll:
0x466040 GetOpenFileNameW
库: ADVAPI32.dll:
0x466000 StartServiceW
0x466004 OpenProcessToken
0x466010 OpenSCManagerW
0x466014 CreateServiceW
0x466018 OpenServiceW
0x46601c CloseServiceHandle
0x466020 RegOpenKeyExW
0x466024 RegEnumKeyExW
0x466028 RegQueryValueExW
0x46602c RegCloseKey
库: SHELL32.dll:
0x466310 ShellExecuteW
库: ole32.dll:
0x466544 OleLockRunning
0x466548 CLSIDFromProgID
0x46654c CLSIDFromString
0x466550 CoInitialize
0x466554 CoCreateInstance
0x466558 StringFromCLSID
0x46655c CoTaskMemFree
0x466560 CoUninitialize
库: COMCTL32.dll:
0x466034 _TrackMouseEvent
0x466038 None
库: IPHLPAPI.DLL:
0x46610c GetAdaptersInfo
库: PSAPI.DLL:
库: WININET.dll:
0x466484 InternetReadFile
0x466488 InternetOpenUrlW
0x46648c InternetOpenW
0x466490 InternetCloseHandle
库: IMM32.dll:
0x4660fc ImmGetContext
0x466100 ImmReleaseContext
库: GDI32.dll:
0x466048 SaveDC
0x46604c CreateCompatibleDC
0x466050 PtInRegion
0x466054 CreateRectRgn
0x466058 BitBlt
0x46605c RestoreDC
0x466060 Rectangle
0x466064 SetWindowOrgEx
0x466068 DeleteDC
0x46606c CreatePen
0x466070 GetStockObject
0x466074 GetObjectW
0x466078 CreateFontIndirectW
0x46607c SetBkColor
0x466080 DeleteObject
0x466084 SelectObject
0x466088 GetTextMetricsW
0x46608c LineTo
0x466090 ExtTextOutW
0x466094 SetStretchBltMode
0x466098 StretchBlt
0x4660a0 CreateDIBSection
0x4660a4 CreateRoundRectRgn
0x4660a8 CreateSolidBrush
0x4660ac CreatePatternBrush
0x4660b0 SetTextColor
0x4660b4 SetBkMode
0x4660b8 GetDeviceCaps
0x4660bc SelectClipRgn
0x4660c0 ExtSelectClipRgn
0x4660c8 GetClipBox
0x4660cc GetObjectA
0x4660d0 GdiFlush
0x4660d4 TextOutW
0x4660d8 GetCharABCWidthsW
0x4660e0 RoundRect
0x4660e4 CreatePenIndirect
0x4660e8 MoveToEx
0x4660ec CombineRgn
库: OLEAUT32.dll:
0x4662f4 SysAllocString
0x4662f8 VariantInit
0x4662fc SysFreeString
0x466300 VariantClear
库: gdiplus.dll:
0x46649c GdipGetPropertyItem
0x4664a4 GdipGetImageWidth
0x4664b4 GdipGetImageHeight
0x4664bc GdiplusShutdown
0x4664c0 GdipFree
0x4664c4 GdipAlloc
0x4664c8 GdipDeleteBrush
0x4664d4 GdipDeleteGraphics
0x4664dc GdipDeleteFont
0x4664e0 GdipDisposeImage
0x4664e8 GdiplusStartup
0x4664f8 GdipCreateFromHDC
0x466514 GdipGraphicsClear
0x466518 GdipDrawString
0x46651c GdipDrawImage
0x466520 GdipDrawImageRectI
0x46652c GdipGetFamily
0x466530 GdipCloneBrush
0x466534 GdipCloneImage
.text
`.rdata
@.data
.rsrc
@.reloc
UhhSH
L$ Qh
j<h8QH
L$$QSSh
D$\PSShH
D$@hXDG
D$4hXDG
D$ h(FG
SUVWj2j
RSUWhpEG
D$ PSh
jkhx+H
tFh(EG
l$,Wj@h
T$,Rj
D$,Pj
PhhHG
tFh(EG
QSSSh,JG
QVSSh,JG
F 0MG
F$8MG
F(@MG
D$$PhTLG
D$,Pj
T$4Rj
F(PMG
B<hHWG
D$@hTLG
YhLXG
4hdXG
-h|XG
F [G
F$([G
F(0[G
F [G
F$([G
F(0[G
PhpZG
T$$h(\G
D$$h<\G
0VhHfF
Wh4iF
WWWhTiF
PPPh@iF
WWWhTiF
PVhN
Wh|iF
SWSSSh
w,hLjF
ah\jF
8hLjF
GWWIj
Vh4uF
VhHuF
PPPhluF
PPPhluF
Vh4uF
BhPxF
PPPhl~F
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20190201
K7AntiVirus Riskware ( 0040eff71 ) 20190204
MicroWorld-eScan Gen:Variant.Ursu.318401 20190204
CMC 未发现病毒 20190203
CAT-QuickHeal Trojan.IGENERIC 20190203
McAfee GenericR-NST!100229BAF156 20190204
Cylance 未发现病毒 20190204
TheHacker 未发现病毒 20190203
BitDefender Gen:Variant.Ursu.318401 20190204
K7GW Riskware ( 0040eff71 ) 20190204
Trustlook 未发现病毒 20190204
Arcabit 未发现病毒 20190204
Invincea 未发现病毒 20181128
Baidu 未发现病毒 20190202
Babable 未发现病毒 20180918
F-Prot 未发现病毒 20190204
Symantec PUA.Gen.2 20190203
TotalDefense 未发现病毒 20190204
TrendMicro-HouseCall TROJ_GEN.R005C0PJG18 20190204
Avast Win32:Malware-gen 20190204
ClamAV 未发现病毒 20190203
Kaspersky not-a-virus:HEUR:Downloader.Win32.Generic 20190204
Alibaba 未发现病毒 20180921
NANO-Antivirus Trojan.Win32.Snojan.fhdwzl 20190204
ViRobot 未发现病毒 20190203
AegisLab 未发现病毒 20190204
Tencent 未发现病毒 20190204
Ad-Aware Gen:Variant.Ursu.318401 20190204
Emsisoft Gen:Variant.Ursu.318401 (B) 20190204
Comodo 未发现病毒 20190204
F-Secure Gen:Variant.Ursu.318401 20190204
DrWeb Trojan.DownLoader27.3645 20190204
Zillya 未发现病毒 20190201
TrendMicro TROJ_GEN.R005C0PJG18 20190204
McAfee-GW-Edition BehavesLike.Win32.Ramnit.th 20190203
Trapmine malicious.high.ml.score 20190123
Sophos Mal/Generic-S 20190204
Cyren W32/Trojan.CTHO-0674 20190204
Jiangmin Downloader.Snojan.bav 20190204
Avira TR/RedCap.ahdzu 20190204
Antiy-AVL 未发现病毒 20190204
Kingsoft 未发现病毒 20190204
Endgame malicious (high confidence) 20181108
Microsoft PUA:Win32/Presenoker 20190204
SUPERAntiSpyware 未发现病毒 20190130
ZoneAlarm not-a-virus:HEUR:Downloader.Win32.Generic 20190204
Avast-Mobile 未发现病毒 20190204
GData Gen:Variant.Ursu.318401 20190204
TACHYON 未发现病毒 20190204
AhnLab-V3 Malware/Win32.Generic.C2712202 20190203
Acronis 未发现病毒 20190130
VBA32 BScope.Trojan.Rootkit 20190201
ALYac Gen:Variant.Ursu.318401 20190204
MAX 未发现病毒 20190204
Malwarebytes 未发现病毒 20190204
Panda Trj/CI.A 20190203
Zoner 未发现病毒 20190204
ESET-NOD32 未发现病毒 20190204
Rising Malware.Heuristic.MLite(86%) (AI-LITE:qllXSEHB2kJodwdsnfKtfQ) 20190204
Yandex PUA.Downloader! 20190203
SentinelOne static engine - malicious 20190203
eGambit 未发现病毒 20190204
Fortinet 未发现病毒 20190201
AVG Win32:Malware-gen 20190204
Cybereason malicious.af1565 20190109
Paloalto 未发现病毒 20190204
CrowdStrike 未发现病毒 20181023
Qihoo-360 Trojan.Generic 20190204

进程树

hello Word.exe, PID: 2652, 上一级进程 PID: 2312
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
137.59.148.97 印度
162.215.255.54 美国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49162 137.59.148.97 www.keepboot.com 80
192.168.122.201 49161 162.215.255.54 www.virtualhardwares.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 61698 192.168.122.1 53
192.168.122.201 62233 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.keepboot.com A 137.59.148.97
www.virtualhardwares.com A 162.215.255.54
CNAME virtualhardwares.com

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49162 137.59.148.97 www.keepboot.com 80
192.168.122.201 49161 162.215.255.54 www.virtualhardwares.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 61698 192.168.122.1 53
192.168.122.201 62233 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://www.keepboot.com/hardware/Advertising.txt 
GET /hardware/Advertising.txt HTTP/1.1
User-Agent: WinInet
Host: www.keepboot.com
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp Source IP Source Port Destination IP Destination Port Protocol SID Signature Category
2019-07-21 11:28:56.373078+0800 192.168.122.201 49162 137.59.148.97 80 TCP 2007837 ET USER_AGENTS Suspicious User-Agent - Possible Trojan Downloader (WinInet) A Network Trojan was detected

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2019-07-21 11:28:56.867254+0800 192.168.122.201 49161 162.215.255.54 443 TLS 1.2 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 CN=virtualhardwares.com d6:db:f4:da:ec:0c:e4:1f:49:7e:13:e0:81:20:d8:c9:c1:7c:f8:e7

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 30.903 seconds )

  • 15.477 Suricata
  • 5.762 Static
  • 5.489 NetworkAnalysis
  • 1.842 TargetInfo
  • 0.789 BehaviorAnalysis
  • 0.735 AnalysisInfo
  • 0.461 peid
  • 0.326 VirusTotal
  • 0.015 Strings
  • 0.004 config_decoder
  • 0.003 Memory

Signatures ( 2.601 seconds )

  • 1.933 md_url_bl
  • 0.144 antiav_detectreg
  • 0.053 infostealer_ftp
  • 0.04 api_spamming
  • 0.033 stealth_timeout
  • 0.03 stealth_decoy_document
  • 0.03 antianalysis_detectreg
  • 0.03 infostealer_im
  • 0.024 stealth_file
  • 0.019 md_domain_bl
  • 0.017 infostealer_mail
  • 0.015 antivm_generic_scsi
  • 0.011 antivm_generic_services
  • 0.011 antiav_detectfile
  • 0.01 anormaly_invoke_kills
  • 0.01 geodo_banking_trojan
  • 0.008 anomaly_persistence_autorun
  • 0.008 infostealer_bitcoin
  • 0.007 kibex_behavior
  • 0.007 antivm_parallels_keys
  • 0.007 antivm_xen_keys
  • 0.007 darkcomet_regkeys
  • 0.007 ransomware_extensions
  • 0.007 ransomware_files
  • 0.006 mimics_filetime
  • 0.006 betabot_behavior
  • 0.006 network_http
  • 0.005 bootkit
  • 0.005 reads_self
  • 0.005 virus
  • 0.005 antivm_generic_diskreg
  • 0.005 antivm_vbox_files
  • 0.004 dridex_behavior
  • 0.004 disables_browser_warn
  • 0.003 tinba_behavior
  • 0.003 kovter_behavior
  • 0.003 hancitor_behavior
  • 0.003 network_torgateway
  • 0.003 recon_fingerprint
  • 0.002 antiemu_wine_func
  • 0.002 rat_nanocore
  • 0.002 injection_createremotethread
  • 0.002 infostealer_browser_password
  • 0.002 antidbg_windows
  • 0.002 cerber_behavior
  • 0.002 maldun_suspicious
  • 0.002 bypass_firewall
  • 0.002 antivm_xen_keys
  • 0.002 antivm_hyperv_keys
  • 0.002 antivm_vbox_acpi
  • 0.002 antivm_vbox_keys
  • 0.002 antivm_vmware_keys
  • 0.002 antivm_vpc_keys
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.002 network_cnc_http
  • 0.002 packer_armadillo_regkey
  • 0.001 network_tor
  • 0.001 antivm_vbox_libs
  • 0.001 antiav_avast_libs
  • 0.001 injection_explorer
  • 0.001 ursnif_behavior
  • 0.001 kazybot_behavior
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 vawtrak_behavior
  • 0.001 injection_runpe
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_bios
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_generic_system
  • 0.001 antivm_vmware_files
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 codelux_behavior
  • 0.001 malicious_drop_executable_file_to_temp_folder
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_programs
  • 0.001 stealth_modify_uac_prompt

Reporting ( 1.228 seconds )

  • 0.814 ReportHTMLSummary
  • 0.414 Malheur
Task ID 339417
Mongo ID 5d33dc8c2f8f2e4ea6fc1ca0
Cuckoo release 1.4-Maldun