比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2019-07-21 15:09:10 2019-07-21 15:09:46 36 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 造梦西游4辅助.exe
文件大小 1118208 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 e2215941187c5cc085213c892f2a3770
SHA1 3ba72fb87ca8c9c157b400bfd207666c08ef9cd4
SHA256 ba2e1e53d32041e050a345e4c85ddc148642833b537fcdf830432178071d7b41
SHA512 abf12e4ed4e05fc844b4c79f0785a63c606c38fbfb3884a8c4a83cb922f5a15518f5736afac59bee1c9b4d7418de6e063927c870657a3c43e19f710dd25f474a
CRC32 7714B156
Ssdeep 24576:7SSCltWoTOwzOnqtSBgi2cYKIi8IQTZiUytYp2v:79CjOwfEBgi+KIi8xI5
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00465c8d
声明校验值 0x00000000
实际校验值 0x001147ee
最低操作系统版本要求 4.0
编译时间 2019-06-07 12:31:14
载入哈希 631ec8c42832be6c9e1a0f47baa95965

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00083e9e 0x00084000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.56
.rdata 0x00085000 0x00071d34 0x00072000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.89
.data 0x000f7000 0x000450aa 0x00014000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.87
.rsrc 0x0013d000 0x00005b6c 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.77

导入

库: WINMM.dll:
0x48562c midiStreamOut
0x48563c waveOutWrite
0x485640 waveOutPause
0x485644 waveOutReset
0x485648 waveOutClose
0x48564c waveOutGetNumDevs
0x485650 waveOutOpen
0x485654 midiStreamStop
0x485658 midiOutReset
0x48565c midiStreamClose
0x485660 midiStreamRestart
0x485668 midiStreamOpen
0x48566c midiStreamProperty
库: WS2_32.dll:
0x485684 WSACleanup
0x485688 closesocket
0x48568c getpeername
0x485690 accept
0x485694 WSAAsyncSelect
0x485698 recvfrom
0x48569c ioctlsocket
0x4856a0 inet_ntoa
0x4856a4 recv
库: KERNEL32.dll:
0x48518c SetLastError
0x485194 GetVersion
0x485198 GetACP
0x48519c HeapSize
0x4851a0 RaiseException
0x4851a4 GetLocalTime
0x4851a8 RtlUnwind
0x4851ac GetStartupInfoA
0x4851b0 GetOEMCP
0x4851b4 GetCPInfo
0x4851b8 GetProcessVersion
0x4851bc SetErrorMode
0x4851c0 GlobalFlags
0x4851c4 GetCurrentThread
0x4851c8 GetFileTime
0x4851cc TlsGetValue
0x4851d0 LocalReAlloc
0x4851d4 TlsSetValue
0x4851d8 TlsFree
0x4851dc GlobalHandle
0x4851e0 TlsAlloc
0x4851e4 LocalAlloc
0x4851e8 lstrcmpA
0x4851ec GlobalGetAtomNameA
0x4851f0 GlobalAddAtomA
0x4851f4 GlobalFindAtomA
0x4851f8 GlobalDeleteAtom
0x4851fc lstrcmpiA
0x485200 SetEndOfFile
0x485204 UnlockFile
0x485208 LockFile
0x48520c FlushFileBuffers
0x485210 DuplicateHandle
0x485214 lstrcpynA
0x485220 LocalFree
0x48522c TerminateProcess
0x485230 GetFileSize
0x485234 SetFilePointer
0x485238 WideCharToMultiByte
0x48523c MultiByteToWideChar
0x485240 GetCurrentProcess
0x485244 SetSystemPowerState
0x485248 CreateSemaphoreA
0x48524c ResumeThread
0x485250 ReleaseSemaphore
0x48525c GetProfileStringA
0x485260 WriteFile
0x485268 CreateFileA
0x48526c SetEvent
0x485270 FindResourceA
0x485274 LoadResource
0x485278 LockResource
0x48527c ReadFile
0x485280 GetModuleFileNameA
0x485284 GetCurrentThreadId
0x485288 ExitProcess
0x48528c GlobalSize
0x485290 GlobalFree
0x48529c lstrcatA
0x4852a0 lstrlenA
0x4852a4 WinExec
0x4852a8 lstrcpyA
0x4852ac InterlockedExchange
0x4852b0 FindNextFileA
0x4852b4 GlobalReAlloc
0x4852b8 HeapFree
0x4852bc HeapReAlloc
0x4852c0 GetProcessHeap
0x4852c4 HeapAlloc
0x4852c8 GetFullPathNameA
0x4852cc FreeLibrary
0x4852d0 LoadLibraryA
0x4852d4 GetLastError
0x4852d8 GetVersionExA
0x4852e0 CreateThread
0x4852e4 CreateEventA
0x4852e8 Sleep
0x4852ec GlobalAlloc
0x4852f0 GlobalLock
0x4852f4 GlobalUnlock
0x4852f8 FindFirstFileA
0x4852fc FindClose
0x485300 GetFileAttributesA
0x485304 CopyFileA
0x485310 GetModuleHandleA
0x485314 GetProcAddress
0x485318 MulDiv
0x48531c GetCommandLineA
0x485320 GetTickCount
0x485324 CreateProcessA
0x485328 WaitForSingleObject
0x48532c CloseHandle
0x485344 SetHandleCount
0x485348 GetStdHandle
0x48534c GetFileType
0x485354 HeapDestroy
0x485358 HeapCreate
0x48535c VirtualFree
0x485364 LCMapStringA
0x485368 LCMapStringW
0x48536c VirtualAlloc
0x485370 IsBadWritePtr
0x485378 GetStringTypeA
0x48537c GetStringTypeW
0x485380 CompareStringA
0x485384 CompareStringW
0x485388 IsBadReadPtr
0x48538c IsBadCodePtr
0x485390 SetStdHandle
0x485394 GetSystemTime
库: USER32.dll:
0x4853b8 GetMenu
0x4853bc SetMenu
0x4853c0 PeekMessageA
0x4853c4 IsIconic
0x4853c8 SetFocus
0x4853cc GetActiveWindow
0x4853d0 DeleteMenu
0x4853d4 GetSystemMenu
0x4853d8 DefWindowProcA
0x4853dc GetClassInfoA
0x4853e0 IsZoomed
0x4853e4 PostQuitMessage
0x4853ec GetKeyState
0x4853f4 IsWindowEnabled
0x4853f8 ShowWindow
0x485400 LoadImageA
0x485408 ClientToScreen
0x48540c EnableMenuItem
0x485410 GetSubMenu
0x485414 GetDlgCtrlID
0x48541c CreateMenu
0x485420 ModifyMenuA
0x485424 AppendMenuA
0x485428 GetWindow
0x485430 SetWindowRgn
0x485434 GetMessagePos
0x485438 ScreenToClient
0x48543c CreatePopupMenu
0x485440 CopyRect
0x485444 LoadBitmapA
0x485448 WinHelpA
0x48544c KillTimer
0x485450 SetTimer
0x485454 ReleaseCapture
0x485458 GetCapture
0x48545c SetCapture
0x485460 GetScrollRange
0x485464 SetScrollRange
0x485468 SetScrollPos
0x48546c SetRect
0x485470 InflateRect
0x485474 IntersectRect
0x485478 GetSysColorBrush
0x48547c DestroyIcon
0x485480 PtInRect
0x485484 OffsetRect
0x485488 IsWindowVisible
0x48548c EnableWindow
0x485490 RedrawWindow
0x485494 GetWindowLongA
0x485498 SetWindowLongA
0x48549c GetSysColor
0x4854a0 SetActiveWindow
0x4854a4 SetCursorPos
0x4854a8 LoadCursorA
0x4854ac SetCursor
0x4854b0 GetDC
0x4854b4 FillRect
0x4854b8 IsRectEmpty
0x4854bc ReleaseDC
0x4854c0 IsChild
0x4854c4 DestroyMenu
0x4854c8 SetForegroundWindow
0x4854cc GetWindowRect
0x4854d0 EqualRect
0x4854d4 UpdateWindow
0x4854d8 ValidateRect
0x4854dc InvalidateRect
0x4854e0 GetClientRect
0x4854e4 GetFocus
0x4854e8 GetParent
0x4854ec GetTopWindow
0x4854f0 PostMessageA
0x4854f4 IsWindow
0x4854f8 SetParent
0x4854fc DestroyCursor
0x485500 SendMessageA
0x485504 SetWindowPos
0x485508 MessageBoxA
0x48550c GetCursorPos
0x485510 GetSystemMetrics
0x485514 EmptyClipboard
0x485518 SetClipboardData
0x48551c OpenClipboard
0x485520 GetClipboardData
0x485524 CloseClipboard
0x485528 wsprintfA
0x48552c WaitForInputIdle
0x485530 DrawIconEx
0x485540 SetRectEmpty
0x485544 DispatchMessageA
0x485548 GetMessageA
0x48554c DrawFocusRect
0x485550 DrawEdge
0x485554 DrawFrameControl
0x485558 TranslateMessage
0x48555c LoadIconA
0x485560 GetForegroundWindow
0x485564 ExitWindowsEx
0x485568 GetDesktopWindow
0x48556c GetClassNameA
0x485570 GetDlgItem
0x485574 GetWindowTextA
0x48557c UnregisterClassA
0x485580 WindowFromPoint
0x485588 CharUpperA
0x48558c GetWindowDC
0x485590 BeginPaint
0x485594 EndPaint
0x485598 TabbedTextOutA
0x48559c DrawTextA
0x4855a0 GrayStringA
0x4855a4 DestroyWindow
0x4855ac EndDialog
0x4855b0 GetNextDlgTabItem
0x4855b4 GetWindowPlacement
0x4855bc GetLastActivePopup
0x4855c0 GetMessageTime
0x4855c4 RemovePropA
0x4855c8 CallWindowProcA
0x4855cc GetPropA
0x4855d0 UnhookWindowsHookEx
0x4855d4 SetPropA
0x4855d8 GetClassLongA
0x4855dc CallNextHookEx
0x4855e0 SetWindowsHookExA
0x4855e4 CreateWindowExA
0x4855e8 GetMenuItemID
0x4855ec GetMenuItemCount
0x4855f0 RegisterClassA
0x4855f4 GetScrollPos
0x4855f8 AdjustWindowRectEx
0x4855fc MapWindowPoints
0x485600 SendDlgItemMessageA
0x485604 ScrollWindowEx
0x485608 IsDialogMessageA
0x48560c SetWindowTextA
0x485610 MoveWindow
0x485614 CheckMenuItem
0x485618 SetMenuItemBitmaps
0x48561c GetMenuState
0x485624 LoadStringA
库: GDI32.dll:
0x485040 PtVisible
0x485044 GetViewportExtEx
0x485048 ExtSelectClipRgn
0x48504c CombineRgn
0x485050 CreateRectRgn
0x485054 FillRgn
0x485058 CreateSolidBrush
0x48505c GetStockObject
0x485060 CreateFontIndirectA
0x485064 EndPage
0x485068 EndDoc
0x48506c DeleteDC
0x485070 StartDocA
0x485074 StartPage
0x485078 BitBlt
0x48507c CreateCompatibleDC
0x485080 Ellipse
0x485084 Rectangle
0x485088 RectVisible
0x48508c DPtoLP
0x485090 GetCurrentObject
0x485094 RoundRect
0x48509c GetDeviceCaps
0x4850a0 SetBkColor
0x4850a4 LineTo
0x4850a8 MoveToEx
0x4850ac ExcludeClipRect
0x4850b0 GetClipBox
0x4850b4 ScaleWindowExtEx
0x4850b8 SetWindowExtEx
0x4850bc SetWindowOrgEx
0x4850c0 TextOutA
0x4850c4 ExtTextOutA
0x4850c8 Escape
0x4850cc GetTextMetricsA
0x4850d0 PatBlt
0x4850d4 CreatePen
0x4850d8 GetObjectA
0x4850dc SelectObject
0x4850e0 CreateBitmap
0x4850e4 CreateDCA
0x4850ec GetPolyFillMode
0x4850f0 GetStretchBltMode
0x4850f4 GetROP2
0x4850f8 GetBkColor
0x4850fc GetBkMode
0x485100 GetTextColor
0x485104 CreateRoundRectRgn
0x485108 CreateEllipticRgn
0x48510c PathToRegion
0x485110 EndPath
0x485114 BeginPath
0x485118 GetWindowOrgEx
0x48511c GetViewportOrgEx
0x485120 ScaleViewportExtEx
0x485124 SetViewportExtEx
0x485128 OffsetViewportOrgEx
0x48512c SetViewportOrgEx
0x485130 SetMapMode
0x485134 SetTextColor
0x485138 SetROP2
0x48513c SetPolyFillMode
0x485140 GetWindowExtEx
0x485144 GetDIBits
0x485148 RealizePalette
0x48514c SelectPalette
0x485150 StretchBlt
0x485154 CreatePalette
0x48515c CreateDIBitmap
0x485160 DeleteObject
0x485164 SelectClipRgn
0x485168 CreatePolygonRgn
0x485170 SetStretchBltMode
0x485174 LPtoDP
0x485178 GetClipRgn
0x48517c SetBkMode
0x485180 RestoreDC
0x485184 SaveDC
库: WINSPOOL.DRV:
0x485674 OpenPrinterA
0x485678 DocumentPropertiesA
0x48567c ClosePrinter
库: ADVAPI32.dll:
0x485000 RegQueryValueExA
0x485004 RegOpenKeyExA
0x485008 RegSetValueExA
0x48500c RegCreateKeyA
0x485010 RegDeleteValueA
0x485014 RegDeleteKeyA
0x485018 RegQueryValueA
0x485024 OpenProcessToken
0x485028 RegCreateKeyExA
0x48502c RegCloseKey
库: SHELL32.dll:
0x4853ac ShellExecuteA
0x4853b0 Shell_NotifyIconA
库: ole32.dll:
0x4856c0 CLSIDFromString
0x4856c4 OleUninitialize
0x4856c8 OleInitialize
库: OLEAUT32.dll:
0x48539c LoadTypeLib
0x4853a0 RegisterTypeLib
0x4853a4 UnRegisterTypeLib
库: COMCTL32.dll:
0x485034 None
0x485038 ImageList_Destroy
库: comdlg32.dll:
0x4856ac ChooseColorA
0x4856b0 GetFileTitleA
0x4856b4 GetSaveFileNameA
0x4856b8 GetOpenFileNameA
.text
`.rdata
@.data
.rsrc
8`}<j
T$th
D$@Sj
L$8h
F4 VN
D$8Rj
l$<VWj
T$ Rj
L$4S+L$0Qj
D$( dQ
D$8H[N
D$8H[N
}'h
9^xu5j
T$,Qj
T$0Pj
D$8RPj
D$0h
T$,Qj
没有防病毒引擎扫描信息!

进程树

____________4______.exe, PID: 2680, 上一级进程 PID: 2296
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 25.755 seconds )

  • 16.34 Suricata
  • 5.149 Static
  • 1.734 TargetInfo
  • 1.624 VirusTotal
  • 0.44 peid
  • 0.347 NetworkAnalysis
  • 0.053 BehaviorAnalysis
  • 0.047 AnalysisInfo
  • 0.015 Strings
  • 0.003 Memory
  • 0.003 config_decoder

Signatures ( 0.185 seconds )

  • 0.021 md_domain_bl
  • 0.02 md_url_bl
  • 0.018 antiav_detectreg
  • 0.011 anomaly_persistence_autorun
  • 0.01 infostealer_ftp
  • 0.008 antiav_detectfile
  • 0.007 infostealer_im
  • 0.007 ransomware_extensions
  • 0.007 ransomware_files
  • 0.005 infostealer_bitcoin
  • 0.004 tinba_behavior
  • 0.004 ransomware_message
  • 0.004 antianalysis_detectreg
  • 0.003 rat_nanocore
  • 0.003 api_spamming
  • 0.003 cerber_behavior
  • 0.003 antivm_vbox_files
  • 0.003 disables_browser_warn
  • 0.003 infostealer_mail
  • 0.002 stealth_decoy_document
  • 0.002 betabot_behavior
  • 0.002 stealth_timeout
  • 0.002 geodo_banking_trojan
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.001 network_tor
  • 0.001 antivm_vbox_libs
  • 0.001 anomaly_persistence_bootexecute
  • 0.001 sets_autoconfig_url
  • 0.001 ursnif_behavior
  • 0.001 kazybot_behavior
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 malicious_drop_executable_file_to_temp_folder
  • 0.001 office_security
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt
  • 0.001 stealth_modify_security_center_warnings

Reporting ( 1.217 seconds )

  • 0.863 ReportHTMLSummary
  • 0.354 Malheur
Task ID 339455
Mongo ID 5d340fd92f8f2e4e9efc1de4
Cuckoo release 1.4-Maldun