比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-2 2019-07-21 11:32:56 2019-07-21 11:34:02 66 秒

魔盾分数

1.4

正常的

文件详细信息

文件名 Steam快捷登录.exe
文件大小 1704960 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 0435f4addd6ba4b4621ff5e0c2db9f78
SHA1 5abed054e2f20a402a3a16ba57f7fe65ea19befd
SHA256 705af84843b5c8682612958c5eadfd5243083f226f43d94585837eac2f0358fe
SHA512 61f0b7b9ffedd099d213123d50b6c5fb001d9319d18d31971ba128cca881c00faf3a482bcf0307930ac9985eaa8eafc2bdb983c2e69c00551b57f94a3550963e
CRC32 5F688DE9
Ssdeep 24576:HEyPJlwom3emC/8AhQoxWAnDOxVubsCcQlNiMMe:ky+AYubWQfp
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00501e3d
声明校验值 0x00000000
实际校验值 0x001a6d14
最低操作系统版本要求 5.0
编译时间 2019-07-20 08:23:25
载入哈希 da2e7d7d80bb55fdd0d89529d295aba4

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x001294eb 0x00129600 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.39
.rdata 0x0012b000 0x00049ede 0x0004a000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.25
.data 0x00175000 0x0003c3c8 0x00015200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.45
.rsrc 0x001b2000 0x00017638 0x00017800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.95

导入

库: KERNEL32.dll:
0x52b170 SetEndOfFile
0x52b174 UnlockFile
0x52b178 LockFile
0x52b17c FlushFileBuffers
0x52b180 SetFilePointer
0x52b184 GetCurrentProcess
0x52b188 DuplicateHandle
0x52b18c lstrcpynA
0x52b190 SetLastError
0x52b19c LocalFree
0x52b1a0 MultiByteToWideChar
0x52b1a4 WideCharToMultiByte
0x52b1ac SuspendThread
0x52b1b0 TerminateThread
0x52b1b4 ReleaseMutex
0x52b1b8 CreateMutexA
0x52b1bc CreateSemaphoreA
0x52b1c0 ResumeThread
0x52b1c4 ReleaseSemaphore
0x52b1cc WriteConsoleW
0x52b1d0 GetConsoleOutputCP
0x52b1d4 WriteConsoleA
0x52b1d8 SetStdHandle
0x52b1dc GetLocaleInfoA
0x52b1e0 CompareStringW
0x52b1e4 CompareStringA
0x52b1f0 GetStringTypeW
0x52b1f4 GetStringTypeA
0x52b1f8 GetConsoleMode
0x52b1fc GetConsoleCP
0x52b200 VirtualAlloc
0x52b204 LCMapStringW
0x52b208 LCMapStringA
0x52b210 IsDebuggerPresent
0x52b214 TerminateProcess
0x52b21c GetCurrentProcessId
0x52b224 VirtualFree
0x52b228 HeapCreate
0x52b22c GetFileType
0x52b230 SetHandleCount
0x52b244 GetProfileStringA
0x52b248 WriteFile
0x52b250 CreateFileA
0x52b254 SetEvent
0x52b258 FindResourceA
0x52b25c LoadResource
0x52b260 LockResource
0x52b264 ReadFile
0x52b268 lstrlenW
0x52b26c GetModuleFileNameA
0x52b270 GetCurrentThreadId
0x52b274 ExitProcess
0x52b278 GlobalSize
0x52b27c GlobalFree
0x52b288 lstrcatA
0x52b28c lstrlenA
0x52b290 WinExec
0x52b294 lstrcpyA
0x52b298 FindNextFileA
0x52b29c GlobalReAlloc
0x52b2a0 HeapFree
0x52b2a4 HeapReAlloc
0x52b2a8 GetProcessHeap
0x52b2ac HeapAlloc
0x52b2b0 GetUserDefaultLCID
0x52b2b4 GetFullPathNameA
0x52b2b8 FreeLibrary
0x52b2bc LoadLibraryA
0x52b2c0 GetLastError
0x52b2c8 CreateThread
0x52b2cc CreateEventA
0x52b2d0 Sleep
0x52b2d4 GlobalAlloc
0x52b2d8 GlobalLock
0x52b2dc GlobalUnlock
0x52b2e0 FindFirstFileA
0x52b2e4 FindClose
0x52b2ec GetStdHandle
0x52b2f0 IsValidCodePage
0x52b2f4 GetACP
0x52b2f8 HeapSize
0x52b2fc GetModuleHandleW
0x52b300 RaiseException
0x52b30c RtlUnwind
0x52b310 GetStartupInfoA
0x52b314 GetOEMCP
0x52b318 GetCPInfo
0x52b31c GetProcessVersion
0x52b320 SetErrorMode
0x52b324 GlobalFlags
0x52b328 GetCurrentThread
0x52b32c GetFileTime
0x52b330 GetFileSize
0x52b334 TlsGetValue
0x52b338 LocalReAlloc
0x52b33c TlsSetValue
0x52b340 TlsFree
0x52b344 GlobalHandle
0x52b348 GetFileAttributesA
0x52b354 TlsAlloc
0x52b358 LocalAlloc
0x52b35c lstrcmpA
0x52b360 GetVersion
0x52b364 GlobalGetAtomNameA
0x52b368 GlobalAddAtomA
0x52b36c GlobalFindAtomA
0x52b370 GlobalDeleteAtom
0x52b374 lstrcmpiA
0x52b378 GetModuleHandleA
0x52b37c GetProcAddress
0x52b380 MulDiv
0x52b384 GetCommandLineA
0x52b388 GetTickCount
0x52b38c CreateProcessA
0x52b390 WaitForSingleObject
0x52b394 CloseHandle
库: USER32.dll:
0x52b3fc OpenClipboard
0x52b400 SetClipboardData
0x52b404 EmptyClipboard
0x52b408 GetSystemMetrics
0x52b40c GetCursorPos
0x52b410 MessageBoxA
0x52b414 SetWindowPos
0x52b418 SendMessageA
0x52b41c DestroyCursor
0x52b420 SetParent
0x52b424 GetClipboardData
0x52b428 PostMessageA
0x52b42c GetTopWindow
0x52b430 GetParent
0x52b434 GetFocus
0x52b438 GetClientRect
0x52b43c InvalidateRect
0x52b440 CloseClipboard
0x52b444 wsprintfA
0x52b448 ValidateRect
0x52b44c UpdateWindow
0x52b450 EqualRect
0x52b454 GetWindowRect
0x52b458 SetForegroundWindow
0x52b45c DestroyMenu
0x52b460 WaitForInputIdle
0x52b464 IsWindow
0x52b468 IsChild
0x52b46c ReleaseDC
0x52b470 IsRectEmpty
0x52b474 FillRect
0x52b478 GetDC
0x52b47c SetCursor
0x52b480 LoadCursorA
0x52b484 SetCursorPos
0x52b488 SetActiveWindow
0x52b48c GetSysColor
0x52b490 SetWindowLongA
0x52b494 GetWindowLongA
0x52b498 RedrawWindow
0x52b49c EnableWindow
0x52b4a0 IsWindowVisible
0x52b4a4 OffsetRect
0x52b4a8 PtInRect
0x52b4ac DestroyIcon
0x52b4b0 IntersectRect
0x52b4b4 InflateRect
0x52b4b8 SetRect
0x52b4bc SetScrollPos
0x52b4c0 SetScrollRange
0x52b4c4 GetScrollRange
0x52b4c8 SetCapture
0x52b4cc GetCapture
0x52b4d0 ReleaseCapture
0x52b4d4 SetTimer
0x52b4d8 KillTimer
0x52b4dc LoadIconA
0x52b4e0 TranslateMessage
0x52b4e4 DrawFrameControl
0x52b4e8 DrawEdge
0x52b4ec DrawFocusRect
0x52b4f0 WindowFromPoint
0x52b4f4 GetMessageA
0x52b4f8 DispatchMessageA
0x52b4fc SetRectEmpty
0x52b50c DrawIconEx
0x52b510 CreatePopupMenu
0x52b514 AppendMenuA
0x52b518 ModifyMenuA
0x52b51c CreateMenu
0x52b524 GetDlgCtrlID
0x52b528 GetSubMenu
0x52b52c EnableMenuItem
0x52b530 ClientToScreen
0x52b538 LoadImageA
0x52b540 ShowWindow
0x52b544 IsWindowEnabled
0x52b54c GetKeyState
0x52b554 PostQuitMessage
0x52b558 IsZoomed
0x52b55c GetClassInfoA
0x52b560 DefWindowProcA
0x52b564 GetWindowTextA
0x52b56c CharUpperA
0x52b570 GetWindowDC
0x52b574 BeginPaint
0x52b578 EndPaint
0x52b57c TabbedTextOutA
0x52b580 DrawTextA
0x52b584 GrayStringA
0x52b588 GetDlgItem
0x52b58c DestroyWindow
0x52b594 EndDialog
0x52b598 GetNextDlgTabItem
0x52b59c GetWindowPlacement
0x52b5a4 GetForegroundWindow
0x52b5a8 GetLastActivePopup
0x52b5ac GetMessageTime
0x52b5b0 RemovePropA
0x52b5b4 CallWindowProcA
0x52b5b8 GetPropA
0x52b5bc UnhookWindowsHookEx
0x52b5c0 SetPropA
0x52b5c4 GetClassLongA
0x52b5c8 CallNextHookEx
0x52b5cc SetWindowsHookExA
0x52b5d0 CreateWindowExA
0x52b5d4 GetMenuItemID
0x52b5d8 GetMenuItemCount
0x52b5dc RegisterClassA
0x52b5e0 GetScrollPos
0x52b5e4 UnregisterClassA
0x52b5e8 AdjustWindowRectEx
0x52b5ec MapWindowPoints
0x52b5f0 SendDlgItemMessageA
0x52b5f4 ScrollWindowEx
0x52b5f8 IsDialogMessageA
0x52b5fc SetWindowTextA
0x52b600 MoveWindow
0x52b604 CheckMenuItem
0x52b608 SetMenuItemBitmaps
0x52b60c GetMenuState
0x52b614 GetClassNameA
0x52b618 GetDesktopWindow
0x52b61c LoadStringA
0x52b620 GetSysColorBrush
0x52b624 GetMenu
0x52b628 SetMenu
0x52b62c PeekMessageA
0x52b630 IsIconic
0x52b634 SetFocus
0x52b638 GetActiveWindow
0x52b63c GetWindow
0x52b644 SetWindowRgn
0x52b648 GetMessagePos
0x52b64c ScreenToClient
0x52b654 CopyRect
0x52b658 LoadBitmapA
0x52b65c WinHelpA
库: GDI32.dll:
0x52b024 SetStretchBltMode
0x52b028 GetClipRgn
0x52b02c CreatePolygonRgn
0x52b030 SelectClipRgn
0x52b034 DeleteObject
0x52b038 CreateDIBitmap
0x52b040 CreatePalette
0x52b044 StretchBlt
0x52b048 SelectPalette
0x52b04c RealizePalette
0x52b050 GetDIBits
0x52b054 GetWindowExtEx
0x52b058 GetViewportOrgEx
0x52b05c GetWindowOrgEx
0x52b060 BeginPath
0x52b064 EndPath
0x52b068 PathToRegion
0x52b06c CreateEllipticRgn
0x52b070 CreateRoundRectRgn
0x52b074 GetTextColor
0x52b078 GetBkMode
0x52b07c GetBkColor
0x52b080 GetROP2
0x52b084 GetStretchBltMode
0x52b088 GetPolyFillMode
0x52b090 CreateDCA
0x52b094 CreateBitmap
0x52b098 SelectObject
0x52b09c CreatePen
0x52b0a0 PatBlt
0x52b0a4 CombineRgn
0x52b0a8 CreateRectRgn
0x52b0ac CreateSolidBrush
0x52b0b0 CreateFontIndirectA
0x52b0b4 GetStockObject
0x52b0b8 GetObjectA
0x52b0bc EndPage
0x52b0c0 EndDoc
0x52b0c4 DeleteDC
0x52b0c8 StartDocA
0x52b0cc StartPage
0x52b0d0 BitBlt
0x52b0d4 CreateCompatibleDC
0x52b0d8 Ellipse
0x52b0dc Rectangle
0x52b0e0 LPtoDP
0x52b0e4 DPtoLP
0x52b0e8 GetCurrentObject
0x52b0ec RoundRect
0x52b0f4 GetDeviceCaps
0x52b0f8 SaveDC
0x52b0fc RestoreDC
0x52b100 SetBkMode
0x52b104 SetPolyFillMode
0x52b108 SetROP2
0x52b10c SetTextColor
0x52b110 SetMapMode
0x52b114 SetViewportOrgEx
0x52b118 OffsetViewportOrgEx
0x52b11c SetViewportExtEx
0x52b120 ScaleViewportExtEx
0x52b124 SetWindowOrgEx
0x52b128 SetWindowExtEx
0x52b12c ScaleWindowExtEx
0x52b130 GetClipBox
0x52b134 ExcludeClipRect
0x52b138 MoveToEx
0x52b13c LineTo
0x52b144 SetBkColor
0x52b148 FillRgn
0x52b14c GetTextMetricsA
0x52b150 Escape
0x52b154 ExtTextOutA
0x52b158 TextOutA
0x52b15c RectVisible
0x52b160 PtVisible
0x52b164 GetViewportExtEx
0x52b168 ExtSelectClipRgn
库: WINMM.dll:
0x52b664 midiStreamRestart
0x52b668 midiStreamClose
0x52b66c midiOutReset
0x52b670 midiStreamStop
0x52b674 midiStreamOut
0x52b67c midiStreamProperty
0x52b680 midiStreamOpen
0x52b688 waveOutOpen
0x52b68c waveOutGetNumDevs
0x52b690 waveOutClose
0x52b694 waveOutReset
0x52b698 waveOutPause
0x52b69c waveOutWrite
0x52b6a8 waveOutRestart
库: WINSPOOL.DRV:
0x52b6b0 ClosePrinter
0x52b6b4 DocumentPropertiesA
0x52b6b8 OpenPrinterA
库: ADVAPI32.dll:
0x52b000 RegCloseKey
0x52b004 RegOpenKeyExA
0x52b008 RegSetValueExA
0x52b00c RegQueryValueA
0x52b010 RegCreateKeyExA
库: SHELL32.dll:
0x52b3f0 ShellExecuteA
0x52b3f4 Shell_NotifyIconA
库: ole32.dll:
0x52b700 CLSIDFromProgID
0x52b704 OleInitialize
0x52b708 OleUninitialize
0x52b70c CoCreateInstance
0x52b710 OleRun
0x52b714 CLSIDFromString
库: OLEAUT32.dll:
0x52b3a0 SysAllocString
0x52b3a4 SafeArrayDestroy
0x52b3a8 SafeArrayCreate
0x52b3ac SafeArrayPutElement
0x52b3b0 RegisterTypeLib
0x52b3b4 LHashValOfNameSys
0x52b3b8 LoadTypeLib
0x52b3bc UnRegisterTypeLib
0x52b3c0 VariantCopyInd
0x52b3c4 SafeArrayGetElement
0x52b3c8 SafeArrayAccessData
0x52b3d0 SafeArrayGetDim
0x52b3d4 SafeArrayGetLBound
0x52b3d8 SafeArrayGetUBound
0x52b3dc VariantChangeType
0x52b3e0 VariantClear
0x52b3e4 VariantCopy
0x52b3e8 VariantInit
库: COMCTL32.dll:
0x52b018 ImageList_Destroy
0x52b01c None
库: WS2_32.dll:
0x52b6c0 recv
0x52b6c4 getpeername
0x52b6c8 accept
0x52b6cc ntohl
0x52b6d0 ioctlsocket
0x52b6d4 recvfrom
0x52b6d8 WSAAsyncSelect
0x52b6dc closesocket
0x52b6e0 WSACleanup
0x52b6e4 inet_ntoa
库: comdlg32.dll:
0x52b6ec GetFileTitleA
0x52b6f0 GetSaveFileNameA
0x52b6f4 GetOpenFileNameA
0x52b6f8 ChooseColorA
.text
`.rdata
@.data
.rsrc
3h2!U
3h:!U
3h2!U
3h@!U
3h+'U
没有防病毒引擎扫描信息!

进程树

Steam____________.exe, PID: 2684, 上一级进程 PID: 2288
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 10.977 seconds )

  • 6.36 Static
  • 2.211 TargetInfo
  • 1.421 VirusTotal
  • 0.422 peid
  • 0.242 BehaviorAnalysis
  • 0.241 NetworkAnalysis
  • 0.057 AnalysisInfo
  • 0.014 Strings
  • 0.006 config_decoder
  • 0.003 Memory

Signatures ( 0.236 seconds )

  • 0.029 antiav_detectreg
  • 0.014 md_url_bl
  • 0.013 infostealer_ftp
  • 0.012 api_spamming
  • 0.012 md_domain_bl
  • 0.01 stealth_timeout
  • 0.01 antiav_detectfile
  • 0.008 antivm_vbox_libs
  • 0.008 stealth_decoy_document
  • 0.008 infostealer_im
  • 0.007 anomaly_persistence_autorun
  • 0.007 infostealer_bitcoin
  • 0.006 antianalysis_detectreg
  • 0.006 ransomware_files
  • 0.005 infostealer_mail
  • 0.005 ransomware_extensions
  • 0.004 exec_crash
  • 0.004 antivm_vbox_files
  • 0.003 tinba_behavior
  • 0.003 antisandbox_sunbelt_libs
  • 0.003 maldun_suspicious
  • 0.003 geodo_banking_trojan
  • 0.003 disables_browser_warn
  • 0.002 rat_nanocore
  • 0.002 antiav_avast_libs
  • 0.002 mimics_filetime
  • 0.002 antivm_vmware_libs
  • 0.002 betabot_behavior
  • 0.002 antisandbox_sboxie_libs
  • 0.002 antiav_bitdefender_libs
  • 0.002 kibex_behavior
  • 0.002 cerber_behavior
  • 0.002 kovter_behavior
  • 0.002 antivm_parallels_keys
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.001 antiemu_wine_func
  • 0.001 network_tor
  • 0.001 bootkit
  • 0.001 stealth_file
  • 0.001 reads_self
  • 0.001 ursnif_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 shifu_behavior
  • 0.001 antivm_generic_disk
  • 0.001 infostealer_browser_password
  • 0.001 virus
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 darkcomet_regkeys
  • 0.001 malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 rat_pcclient
  • 0.001 recon_fingerprint
  • 0.001 stealth_modify_uac_prompt

Reporting ( 1.087 seconds )

  • 0.743 ReportHTMLSummary
  • 0.344 Malheur
Task ID 339422
Mongo ID 5d33dd3f2f8f2e4ea3fc27e3
Cuckoo release 1.4-Maldun