分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2019-07-24 22:09:41 2019-07-24 22:10:24 43 秒

魔盾分数

2.1

可疑的

文件详细信息

文件名 汉化.exe
文件大小 1001984 字节
文件类型 PE32+ executable (GUI) x86-64, for MS Windows
MD5 477c5ea5989f5668772ef5aac8d0e299
SHA1 d75f703e06a26b7269a4a7a9e16c802a81541beb
SHA256 b14151c83b8cfbbcd2620388ab0687bf7c457b69c212ea5563739c8acf6831cc
SHA512 86ba98fabe6d837a4ba25aabc83458e1dbb1620b277768c534b956f23d4e89e63d391a9ace465f2102ea88a2ed68fa987b5cd6d14165541b39f380e74fd951ed
CRC32 CF012BF8
Ssdeep 12288:L5aq0E9vVLT0Wx3QNguTzxn3pxgAyo0dwjn7xm:Lx0EjT0W1Qucn3L8Bdw77xm
Yara
  • Detected 64bit PE signature
  • Detected Debug Data
  • Detected Rich Signature
  • Checks if being debugged
  • Create a new process
  • Run a keylogger
  • Create or check mutex
  • Affect private profile
  • Affect hook table
  • Detects malicious behaviors from a small size app
  • Detected no presence of any attachment
  • Detected no presence of any image
  • Detected no presence of any url
样本下载 提交漏报

登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

PE 信息

初始地址 0x140000000
入口地址 0x140039a40
声明校验值 0x00000000
实际校验值 0x000f848c
最低操作系统版本要求 6.0
PDB路径 C:\Users\Scriptkiddy\Documents\Popstar\popstar_external\x64\Release\popstar_external.pdb
编译时间 2019-07-24 01:03:35
载入哈希 62e0781bb5722b41918c10ac7f93bb11

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00064864 0x00064a00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.46
.rdata 0x00066000 0x0002c218 0x0002c400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.19
.data 0x00093000 0x0000e244 0x00001c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.35
.pdata 0x000a2000 0x00004d7c 0x00004e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.70
.gfids 0x000a7000 0x0000025c 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 1.94
.tls 0x000a8000 0x00000009 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.02
.rsrc 0x000a9000 0x0005a8f0 0x0005aa00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.59
.reloc 0x00104000 0x00001c30 0x00001e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 5.37

导入

库: KERNEL32.dll:
0x140066010 GetLastError
0x140066018 GetFileAttributesA
0x140066020 CreateDirectoryA
0x140066028 CreateMutexA
0x140066030 WaitForSingleObject
0x140066038 ReleaseMutex
0x140066040 SuspendThread
0x140066048 ResumeThread
0x140066050 Sleep
0x140066058 CreateThread
0x140066060 AllocConsole
0x140066068 ExitThread
0x140066070 CloseHandle
0x140066078 Process32First
0x140066080 Module32Next
0x140066088 Module32First
0x140066090 lstrcmpA
0x140066098 OpenProcess
0x1400660a0 CreateToolhelp32Snapshot
0x1400660a8 Process32Next
0x1400660b0 SetEndOfFile
0x1400660b8 ReadProcessMemory
0x1400660c0 ReadConsoleW
0x1400660c8 CreateFileW
0x1400660d0 SetStdHandle
0x1400660d8 SetEnvironmentVariableW
0x1400660e0 FreeEnvironmentStringsW
0x1400660e8 GetEnvironmentStringsW
0x1400660f0 GetCommandLineW
0x1400660f8 GetCommandLineA
0x140066100 GetOEMCP
0x140066108 GetACP
0x140066110 IsValidCodePage
0x140066118 FindNextFileW
0x140066120 FindFirstFileExW
0x140066128 FindClose
0x140066130 GetProcessHeap
0x140066138 ReadFile
0x140066140 GetConsoleMode
0x140066148 GetConsoleCP
0x140066150 FlushFileBuffers
0x140066158 GetTimeZoneInformation
0x140066160 SetFilePointerEx
0x140066168 GetFileSizeEx
0x140066170 GetFileType
0x140066178 HeapSize
0x140066180 WriteProcessMemory
0x140066188 EnumSystemLocalesW
0x140066190 GetUserDefaultLCID
0x140066198 IsValidLocale
0x1400661a0 GetTimeFormatW
0x1400661a8 GetDateFormatW
0x1400661b0 WriteFile
0x1400661b8 WideCharToMultiByte
0x1400661c0 EnterCriticalSection
0x1400661c8 LeaveCriticalSection
0x1400661d0 DeleteCriticalSection
0x1400661d8 EncodePointer
0x1400661e0 DecodePointer
0x1400661e8 MultiByteToWideChar
0x1400661f0 GetCPInfo
0x1400661f8 SetLastError
0x140066208 CreateEventW
0x140066210 TlsAlloc
0x140066218 TlsGetValue
0x140066220 TlsSetValue
0x140066228 TlsFree
0x140066230 GetSystemTimeAsFileTime
0x140066238 GetModuleHandleW
0x140066240 GetProcAddress
0x140066248 CompareStringW
0x140066250 LCMapStringW
0x140066258 GetLocaleInfoW
0x140066260 GetStringTypeW
0x140066268 SetEvent
0x140066270 ResetEvent
0x140066278 WaitForSingleObjectEx
0x140066280 RtlCaptureContext
0x140066288 RtlLookupFunctionEntry
0x140066290 RtlVirtualUnwind
0x140066298 UnhandledExceptionFilter
0x1400662a8 GetCurrentProcess
0x1400662b0 TerminateProcess
0x1400662c0 IsDebuggerPresent
0x1400662c8 GetStartupInfoW
0x1400662d0 QueryPerformanceCounter
0x1400662d8 GetCurrentProcessId
0x1400662e0 GetCurrentThreadId
0x1400662e8 InitializeSListHead
0x1400662f0 RtlPcToFileHeader
0x1400662f8 RaiseException
0x140066300 RtlUnwindEx
0x140066308 FreeLibrary
0x140066310 LoadLibraryExW
0x140066320 ExitProcess
0x140066328 GetModuleHandleExW
0x140066330 HeapAlloc
0x140066338 HeapReAlloc
0x140066340 HeapFree
0x140066348 GetModuleFileNameW
0x140066350 GetStdHandle
0x140066358 WriteConsoleW
库: USER32.dll:
0x140066368 PeekMessageA
0x140066370 LoadCursorA
0x140066378 DefWindowProcA
0x140066380 CreateWindowExA
0x140066390 LoadIconA
0x140066398 PostQuitMessage
0x1400663a0 RegisterClassExA
0x1400663a8 GetWindowThreadProcessId
0x1400663b0 EnumWindows
0x1400663b8 GetKeyState
0x1400663c0 GetWindowRect
0x1400663c8 SetWindowPos
0x1400663d0 ShowWindow
0x1400663d8 GetForegroundWindow
0x1400663e0 FindWindowA
0x1400663e8 SetForegroundWindow
0x1400663f0 DispatchMessageA
0x1400663f8 CallNextHookEx
0x140066400 SetWindowsHookExA
0x140066408 UnhookWindowsHookEx
0x140066410 TranslateMessage
库: GDI32.dll:
0x140066000 CreateSolidBrush
库: dwmapi.dll:
库: d3dx9_43.dll:
0x140066430 D3DXCreateFontA
库: d3d9.dll:
0x140066420 Direct3DCreate9

.text
`.rdata
@.data
.pdata
@.gfids
@.tls
.rsrc
@.reloc
L$8H=
L$8H=
L$hH=
L$hH=
L$hH=
没有防病毒引擎扫描信息!

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 23.952 seconds )

  • 15.517 Suricata
  • 3.899 Static
  • 2.12 VirusTotal
  • 1.526 TargetInfo
  • 0.42 peid
  • 0.36 NetworkAnalysis
  • 0.085 AnalysisInfo
  • 0.014 Strings
  • 0.005 Memory
  • 0.003 BehaviorAnalysis
  • 0.003 config_decoder

Signatures ( 0.163 seconds )

  • 0.02 md_domain_bl
  • 0.02 md_url_bl
  • 0.019 antiav_detectreg
  • 0.012 anomaly_persistence_autorun
  • 0.008 antiav_detectfile
  • 0.007 infostealer_ftp
  • 0.007 ransomware_extensions
  • 0.007 ransomware_files
  • 0.005 infostealer_im
  • 0.004 tinba_behavior
  • 0.004 antianalysis_detectreg
  • 0.004 infostealer_bitcoin
  • 0.003 rat_nanocore
  • 0.003 cerber_behavior
  • 0.003 antivm_vbox_files
  • 0.003 disables_browser_warn
  • 0.003 infostealer_mail
  • 0.002 betabot_behavior
  • 0.002 geodo_banking_trojan
  • 0.002 bot_drive
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.001 network_tor
  • 0.001 anomaly_persistence_bootexecute
  • 0.001 ursnif_behavior
  • 0.001 kazybot_behavior
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 office_security
  • 0.001 rat_spynet
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt
  • 0.001 stealth_modify_security_center_warnings

Reporting ( 1.049 seconds )

  • 0.815 ReportHTMLSummary
  • 0.234 Malheur
Task ID 342061
Mongo ID 5d3866f02f8f2e7101bdb6c5
Cuckoo release 1.4-Maldun