分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2019-07-21 13:27:32 | 2019-07-21 13:30:06 | 154 秒 |
魔盾分数
2.4
可疑的
文件详细信息
| 文件名 | tttd(2).exe |
|---|---|
| 文件大小 | 6711331 字节 |
| 文件类型 | PE32 executable (console) Intel 80386, for MS Windows |
| MD5 | 30c6f1ea28b51f289c85d212d0ff1bf0 |
| SHA1 | 11f02fbf4a3e16d9551290c305dc393633d83c4e |
| SHA256 | f9de88e09f6949002bf1ea78887058d22d09342a876d5ee10dd6305bab12e79f |
| SHA512 | 27e2a57c82b1d2c87b502debcacd77bcdc8334eea5b5387425b130ca00b1aed3017f33f032d07efddc42517d223410e0c3b26ad732bf472c44dddfda6e9d2c3e |
| CRC32 | FD29549A |
| Ssdeep | 196608:91SE4J5q9D4ImjXEMGBO7oL4Zn7IwimDinkbtaD:qJWWKOy4VLbikbO |
| Yara | 登录查看Yara规则 |
| 样本下载 提交漏报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x0040779a |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x006669d9 |
| 最低操作系统版本要求 | 5.1 |
| 编译时间 | 2018-09-04 22:42:13 |
| 载入哈希 | 4df47bd79d7fe79953651a03293f0e8f |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x0001f224 | 0x0001f400 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.65 |
| .rdata | 0x00021000 | 0x0000b0ec | 0x0000b200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.10 |
| .data | 0x0002d000 | 0x0000e680 | 0x00000a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 1.94 |
| .gfids | 0x0003c000 | 0x000000b8 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 1.89 |
| .rsrc | 0x0003d000 | 0x0000ea38 | 0x0000ec00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.30 |
| .reloc | 0x0004c000 | 0x000017b8 | 0x00001800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 6.65 |
覆盖
| 偏移量 | 0x0004d7b8 |
| 大小 | 0x0061906b |
导入
库: KERNEL32.dll:
• 0x421000 GetLastError
• 0x421004 SetDllDirectoryW
• 0x421008 GetModuleFileNameW
• 0x42100c GetProcAddress
• 0x421010 GetCommandLineW
• 0x421014 GetEnvironmentVariableW
• 0x421018 SetEnvironmentVariableW
• 0x42101c ExpandEnvironmentStringsW
• 0x421020 GetTempPathW
• 0x421024 WaitForSingleObject
• 0x421028 Sleep
• 0x42102c GetExitCodeProcess
• 0x421030 CreateProcessW
• 0x421034 GetStartupInfoW
• 0x421038 LoadLibraryExW
• 0x42103c GetShortPathNameW
• 0x421040 FormatMessageW
• 0x421044 LoadLibraryA
• 0x421048 MultiByteToWideChar
• 0x42104c WideCharToMultiByte
• 0x421050 DecodePointer
• 0x421054 UnhandledExceptionFilter
• 0x421058 SetUnhandledExceptionFilter
• 0x42105c GetCurrentProcess
• 0x421060 TerminateProcess
• 0x421064 IsProcessorFeaturePresent
• 0x421068 QueryPerformanceCounter
• 0x42106c GetCurrentProcessId
• 0x421070 GetCurrentThreadId
• 0x421074 GetSystemTimeAsFileTime
• 0x421078 InitializeSListHead
• 0x42107c IsDebuggerPresent
• 0x421080 GetModuleHandleW
• 0x421084 RtlUnwind
• 0x421088 SetLastError
• 0x42108c EnterCriticalSection
• 0x421090 LeaveCriticalSection
• 0x421094 DeleteCriticalSection
• 0x421098 InitializeCriticalSectionAndSpinCount
• 0x42109c TlsAlloc
• 0x4210a0 TlsGetValue
• 0x4210a4 TlsSetValue
• 0x4210a8 TlsFree
• 0x4210ac FreeLibrary
• 0x4210b0 GetCommandLineA
• 0x4210b4 ReadFile
• 0x4210b8 CreateFileW
• 0x4210bc GetDriveTypeW
• 0x4210c0 GetFileType
• 0x4210c4 CloseHandle
• 0x4210c8 PeekNamedPipe
• 0x4210cc SystemTimeToTzSpecificLocalTime
• 0x4210d0 FileTimeToSystemTime
• 0x4210d4 GetFullPathNameW
• 0x4210d8 GetFullPathNameA
• 0x4210dc CreateDirectoryW
• 0x4210e0 RemoveDirectoryW
• 0x4210e4 FindClose
• 0x4210e8 FindFirstFileExW
• 0x4210ec FindNextFileW
• 0x4210f0 SetStdHandle
• 0x4210f4 SetConsoleCtrlHandler
• 0x4210f8 DeleteFileW
• 0x4210fc GetStdHandle
• 0x421100 WriteFile
• 0x421104 ExitProcess
• 0x421108 GetModuleHandleExW
• 0x42110c GetACP
• 0x421110 HeapFree
• 0x421114 HeapAlloc
• 0x421118 GetConsoleMode
• 0x42111c ReadConsoleW
• 0x421120 SetFilePointerEx
• 0x421124 GetConsoleCP
• 0x421128 CompareStringW
• 0x42112c LCMapStringW
• 0x421130 GetCurrentDirectoryW
• 0x421134 FlushFileBuffers
• 0x421138 SetEnvironmentVariableA
• 0x42113c GetFileAttributesExW
• 0x421140 IsValidCodePage
• 0x421144 GetOEMCP
• 0x421148 GetCPInfo
• 0x42114c GetEnvironmentStringsW
• 0x421150 FreeEnvironmentStringsW
• 0x421154 GetStringTypeW
• 0x421158 GetProcessHeap
• 0x42115c WriteConsoleW
• 0x421160 GetTimeZoneInformation
• 0x421164 HeapSize
• 0x421168 HeapReAlloc
• 0x42116c SetEndOfFile
• 0x421170 RaiseException
库: WS2_32.dll:
• 0x421178 ntohl
.text
`.rdata
@.data
.gfids
@.rsrc
@.reloc
D$DPj
3hd!B
UShl$B
PhP"B
FhPt/h8*C
/hHZC
t;h@%B
tTh,%B
Ph0%B
D$$Pj
GL`(B
GP`0B
Vh$UB
SVWUj
"hT]B
t7h(]B
t&h4]B
t#Vh(^B
Vh(eB
VhPeB
VhXeB
VhpeB
1.2.8
fopen
fwrite
Could not allocate buffer for TOC.
malloc
Could not read from file.
fread
[%d]
%s: %s
%s%s%s%s%s
%s%s%s%s%s%s%s
%s%s%s.pkg
%s%s%s.exe
%s%s%s
__main__
Could not get __main__ module.
Could not get __main__ module's dict.
__file__
pyi-windows-manifest-filename
calloc
_MEIPASS2
Failed to get executable path.
GetModuleFileNameW
Failed to convert executable path to UTF-8.
Py_DontWriteBytecodeFlag
GetProcAddress
Py_FileSystemDefaultEncoding
Py_FrozenFlag
Py_IgnoreEnvironmentFlag
Py_NoSiteFlag
Py_NoUserSiteDirectory
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 44.256 seconds )
- 16.556 Static
- 15.57 Suricata
- 7.799 TargetInfo
- 2.276 VirusTotal
- 1.1 BehaviorAnalysis
- 0.432 peid
- 0.358 NetworkAnalysis
- 0.128 AnalysisInfo
- 0.019 config_decoder
- 0.015 Strings
- 0.003 Memory
Signatures ( 0.679 seconds )
- 0.051 api_spamming
- 0.046 mimics_filetime
- 0.045 reads_self
- 0.04 stealth_timeout
- 0.036 antiav_detectreg
- 0.032 stealth_decoy_document
- 0.032 stealth_file
- 0.028 bootkit
- 0.028 virus
- 0.025 antivm_generic_disk
- 0.021 antiav_detectfile
- 0.021 md_domain_bl
- 0.02 md_url_bl
- 0.019 infostealer_ftp
- 0.018 infostealer_browser
- 0.015 ransomware_extensions
- 0.014 hancitor_behavior
- 0.014 infostealer_bitcoin
- 0.013 maldun_suspicious
- 0.012 infostealer_im
- 0.011 ransomware_files
- 0.008 malicious_write_executeable_under_temp_to_regrun
- 0.008 anomaly_persistence_autorun
- 0.008 antianalysis_detectreg
- 0.008 antivm_vbox_files
- 0.007 infostealer_browser_password
- 0.007 infostealer_mail
- 0.006 ipc_namedpipe
- 0.004 rat_luminosity
- 0.004 geodo_banking_trojan
- 0.003 tinba_behavior
- 0.003 rat_nanocore
- 0.003 betabot_behavior
- 0.003 securityxploded_modules
- 0.003 antidbg_devices
- 0.003 disables_browser_warn
- 0.002 network_tor
- 0.002 antivm_vbox_libs
- 0.002 injection_createremotethread
- 0.002 ransomware_message
- 0.002 sets_autoconfig_url
- 0.002 kibex_behavior
- 0.002 antivm_generic_scsi
- 0.002 cerber_behavior
- 0.002 antivm_parallels_keys
- 0.002 antivm_xen_keys
- 0.002 browser_security
- 0.002 modify_proxy
- 0.002 md_bad_drop
- 0.002 rat_pcclient
- 0.001 antiemu_wine_func
- 0.001 hawkeye_behavior
- 0.001 disables_spdy
- 0.001 antivm_generic_services
- 0.001 injection_explorer
- 0.001 ursnif_behavior
- 0.001 kazybot_behavior
- 0.001 shifu_behavior
- 0.001 exec_crash
- 0.001 anormaly_invoke_kills
- 0.001 disables_wfp
- 0.001 injection_runpe
- 0.001 h1n1_behavior
- 0.001 kovter_behavior
- 0.001 sniffer_winpcap
- 0.001 antianalysis_detectfile
- 0.001 antivm_generic_diskreg
- 0.001 antivm_vmware_files
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 codelux_behavior
- 0.001 darkcomet_regkeys
- 0.001 malicious_drop_executable_file_to_temp_folder
- 0.001 malicous_targeted_flame
- 0.001 network_tor_service
- 0.001 office_security
- 0.001 recon_fingerprint
- 0.001 stealth_modify_uac_prompt
Reporting ( 1.26 seconds )
- 1.004 ReportHTMLSummary
- 0.256 Malheur
| Task ID | 339437 |
|---|---|
| Mongo ID | 5d33f89b2f8f2e4e9cfc14f1 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号