比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-2 2019-07-30 15:44:08 2019-07-30 15:46:38 150 秒

魔盾分数

3.7

可疑的

文件详细信息

文件名 hook程序.exe
文件大小 385024 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 972a4bebd49042e733d942c861e7f2df
SHA1 c6bf5d18025d75401779d4a9bf6e1db8346874c6
SHA256 3086474ecd38b3436956dcbaa9fb6549d536881d644af4782b7aaf31bdee9c04
SHA512 9ac58743f747024a8fd42a53a92c893791586501c07022463efd0ac985c0d50a03ec1a8fd805f0e6e26d75eddd01205994f4447034cacf49cbf6ce3796bd7457
CRC32 2DF4DB2C
Ssdeep 6144:DPB0I6Baw7/7ecPx0QajrpHVeHkE74QxfapLkOvpNp:Dp0I6Baw7/a7QajRIcQxfO9pX
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00402ed2
声明校验值 0x00000000
实际校验值 0x0006a42b
最低操作系统版本要求 4.0
编译时间 2019-07-30 14:21:51
载入哈希 1837f59bba771038ce8dec27a8dc5e31

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00011972 0x00012000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.52
.rdata 0x00013000 0x00003c4e 0x00004000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.66
.data 0x00017000 0x0004959c 0x00046000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.65
.rsrc 0x00061000 0x000002a4 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.45

导入

库: KERNEL32.dll:
0x413080 GetCPInfo
0x413084 GetOEMCP
0x413088 GetStartupInfoA
0x41308c GetCommandLineA
0x413090 RtlUnwind
0x413094 TerminateProcess
0x413098 RaiseException
0x41309c HeapSize
0x4130a0 GetACP
0x4130b4 SetHandleCount
0x4130b8 GetStdHandle
0x4130bc GetFileType
0x4130c4 GetVersionExA
0x4130c8 HeapDestroy
0x4130cc HeapCreate
0x4130d0 VirtualFree
0x4130d4 VirtualAlloc
0x4130d8 IsBadWritePtr
0x4130e0 LCMapStringA
0x4130e4 LCMapStringW
0x4130e8 GetStringTypeA
0x4130ec GetStringTypeW
0x4130f0 IsBadCodePtr
0x4130f4 SetStdHandle
0x4130f8 FlushFileBuffers
0x4130fc SetFilePointer
0x413100 GetCurrentProcess
0x413104 SetErrorMode
0x413108 GetProcessVersion
0x41310c LoadLibraryA
0x413110 FreeLibrary
0x413114 GetVersion
0x413118 GlobalGetAtomNameA
0x41311c GlobalAddAtomA
0x413120 GlobalFindAtomA
0x413124 GetLastError
0x413128 GetProcAddress
0x41312c SetLastError
0x413130 MultiByteToWideChar
0x413134 WideCharToMultiByte
0x41313c lstrcpyA
0x413140 lstrcatA
0x41314c GlobalFlags
0x413150 lstrlenA
0x413154 GetProcessHeap
0x413158 lstrcpynA
0x41315c TlsGetValue
0x413160 LocalReAlloc
0x413164 TlsSetValue
0x41316c GlobalReAlloc
0x413174 TlsFree
0x413178 GlobalHandle
0x41317c GlobalUnlock
0x413180 GlobalFree
0x413188 TlsAlloc
0x413190 LocalFree
0x413194 LocalAlloc
0x413198 GlobalLock
0x41319c GlobalAlloc
0x4131a0 GlobalDeleteAtom
0x4131a4 lstrcmpA
0x4131a8 lstrcmpiA
0x4131ac GetCurrentThread
0x4131b0 GetCurrentThreadId
0x4131b4 CreateFileA
0x4131b8 WriteFile
0x4131bc CloseHandle
0x4131c0 FindClose
0x4131c4 FindFirstFileA
0x4131c8 FindNextFileA
0x4131cc GetModuleFileNameA
0x4131d0 IsBadReadPtr
0x4131d4 HeapFree
0x4131d8 HeapReAlloc
0x4131dc HeapAlloc
0x4131e0 ExitProcess
0x4131e4 GetModuleHandleA
库: USER32.dll:
0x4131f0 SetForegroundWindow
0x4131f4 GetForegroundWindow
0x4131f8 GetMessagePos
0x4131fc GetMessageTime
0x413200 DefWindowProcA
0x413204 RemovePropA
0x413208 CallWindowProcA
0x41320c GetPropA
0x413210 SetPropA
0x413214 GetClassLongA
0x413218 CreateWindowExA
0x41321c DestroyWindow
0x413220 GetMenuItemID
0x413224 GetSubMenu
0x413228 GetMenu
0x41322c RegisterClassA
0x413230 GetClassInfoA
0x413234 WinHelpA
0x413238 GetCapture
0x41323c GetTopWindow
0x413240 CopyRect
0x413244 GetClientRect
0x413248 AdjustWindowRectEx
0x41324c GetSysColor
0x413250 MapWindowPoints
0x413254 LoadIconA
0x413258 LoadCursorA
0x41325c GetSysColorBrush
0x413260 LoadStringA
0x413264 DestroyMenu
0x41326c IsIconic
0x413270 GetWindowPlacement
0x413274 GetSystemMetrics
0x413278 SetFocus
0x41327c ShowWindow
0x413280 SetWindowPos
0x413284 SetWindowLongA
0x41328c GetDlgItem
0x413290 GrayStringA
0x413294 DrawTextA
0x413298 TabbedTextOutA
0x41329c ReleaseDC
0x4132a0 GetDC
0x4132a4 GetMenuItemCount
0x4132a8 UnhookWindowsHookEx
0x4132ac GetWindowTextA
0x4132b0 SetWindowTextA
0x4132b4 ClientToScreen
0x4132b8 GetWindow
0x4132bc GetDlgCtrlID
0x4132c0 PtInRect
0x4132c4 GetClassNameA
0x4132cc LoadBitmapA
0x4132d0 GetMenuState
0x4132d4 ModifyMenuA
0x4132d8 SetMenuItemBitmaps
0x4132dc CheckMenuItem
0x4132e0 EnableMenuItem
0x4132e4 GetFocus
0x4132e8 GetNextDlgTabItem
0x4132ec GetMessageA
0x4132f0 TranslateMessage
0x4132f4 DispatchMessageA
0x4132f8 GetActiveWindow
0x4132fc GetKeyState
0x413300 CallNextHookEx
0x413304 ValidateRect
0x413308 IsWindowVisible
0x41330c PeekMessageA
0x413310 GetCursorPos
0x413314 SetWindowsHookExA
0x413318 GetParent
0x41331c GetLastActivePopup
0x413320 IsWindowEnabled
0x413324 GetWindowLongA
0x413328 EnableWindow
0x41332c SetCursor
0x413330 SendMessageA
0x413334 PostMessageA
0x413338 PostQuitMessage
0x41333c wsprintfA
0x413340 MessageBoxA
0x413344 GetWindowRect
0x413348 UnregisterClassA
库: GDI32.dll:
0x41301c SetTextColor
0x413020 SetMapMode
0x413024 SetViewportOrgEx
0x413028 OffsetViewportOrgEx
0x41302c SetViewportExtEx
0x413030 ScaleViewportExtEx
0x413034 SetWindowExtEx
0x413038 ScaleWindowExtEx
0x41303c GetClipBox
0x413040 GetDeviceCaps
0x413044 PtVisible
0x413048 RectVisible
0x41304c TextOutA
0x413050 ExtTextOutA
0x413054 Escape
0x413058 GetObjectA
0x41305c SetBkColor
0x413060 GetStockObject
0x413064 SelectObject
0x413068 RestoreDC
0x41306c SaveDC
0x413070 DeleteDC
0x413074 DeleteObject
0x413078 CreateBitmap
库: WINSPOOL.DRV:
0x413350 DocumentPropertiesA
0x413354 ClosePrinter
0x413358 OpenPrinterA
库: ADVAPI32.dll:
0x413000 RegSetValueExA
0x413004 RegOpenKeyExA
0x413008 RegCreateKeyExA
0x41300c RegCloseKey
库: COMCTL32.dll:
0x413014 None
.text
`.rdata
@.data
.rsrc
t_h<>A
tNh,>A
(hl>A
QQSVWj
SVWUj
"WWSh
tSh`?A
CWinApp
PreviewPages
Settings
CWinThread
CCmdTarget
combobox
software
CObject
CTempGdiObject
CTempDC
CGdiObject
CUserException
CResourceException
CNotSupportedException
CMemoryException
CException
CTempWnd
AfxOldWndProc423
AfxWnd42s
AfxControlBar42s
AfxMDIFrame42s
AfxFrameOrView42s
AfxOleControl42s
GetMonitorInfoA
EnumDisplayMonitors
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
GetSystemMetrics
USER32
DISPLAY
commctrl_DragListMsg
InitCommonControlsEx
COMCTL32.DLL
CMapPtrToPtr
CTempMenu
CMenu
H:mm:ss
dddd, MMMM dd, yyyy
M/d/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
__GLOBAL_HEAP_SELECTED
__MSVCRT_HEAP_SELECT
runtime error
Microsoft Visual C++ Runtime Library
Program:
<program name unknown>
`h````
(null)
GAIsProcessorFeaturePresent
KERNEL32
e+000
frexp
_hypot
_cabs
ldexp
floor
atan2
log10
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
1#QNAN
1#INF
1#IND
1#SNAN
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
FindNextFileA
FindFirstFileA
FindClose
CloseHandle
WriteFile
CreateFileA
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
LocalAlloc
LocalFree
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalFree
GlobalUnlock
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
lstrcpynA
lstrlenA
GlobalFlags
InterlockedDecrement
WritePrivateProfileStringA
lstrcatA
lstrcpyA
InterlockedIncrement
WideCharToMultiByte
MultiByteToWideChar
SetLastError
GetProcAddress
GetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
FreeLibrary
LoadLibraryA
GetProcessVersion
SetErrorMode
GetCurrentProcess
SetFilePointer
FlushFileBuffers
GetCPInfo
GetOEMCP
GetStartupInfoA
GetCommandLineA
RtlUnwind
TerminateProcess
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
KERNEL32.dll
MessageBoxA
wsprintfA
PostQuitMessage
PostMessageA
SendMessageA
SetCursor
EnableWindow
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
GetCursorPos
PeekMessageA
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
GetClassNameA
PtInRect
GetWindowRect
GetDlgCtrlID
GetWindow
ClientToScreen
SetWindowTextA
GetWindowTextA
UnhookWindowsHookEx
GetMenuItemCount
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SetWindowLongA
SetWindowPos
ShowWindow
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
USER32.dll
CreateBitmap
DeleteObject
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
GDI32.dll
comdlg32.dll
ClosePrinter
DocumentPropertiesA
OpenPrinterA
WINSPOOL.DRV
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
ADVAPI32.dll
SHELL32.dll
COMCTL32.dll
UnregisterClassA
GetSystemInfo.dll
.text
`.rdata
@.data
.rsrc
@.reloc
T$<Rh
QQSVWj
SVWUj
(null)
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期

进程树

hook______.exe, PID: 2656, 上一级进程 PID: 2288
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 12.0 seconds )

  • 3.856 BehaviorAnalysis
  • 2.65 VirusTotal
  • 2.638 TargetInfo
  • 2.128 Static
  • 0.42 peid
  • 0.235 NetworkAnalysis
  • 0.055 AnalysisInfo
  • 0.014 Strings
  • 0.003 Memory
  • 0.001 config_decoder

Signatures ( 3.283 seconds )

  • 0.443 antiav_detectfile
  • 0.312 infostealer_bitcoin
  • 0.201 api_spamming
  • 0.178 antivm_vbox_files
  • 0.165 infostealer_ftp
  • 0.163 stealth_timeout
  • 0.148 stealth_decoy_document
  • 0.127 mimics_filetime
  • 0.118 reads_self
  • 0.118 infostealer_im
  • 0.116 virus
  • 0.107 stealth_file
  • 0.105 antivm_generic_disk
  • 0.095 hancitor_behavior
  • 0.09 bootkit
  • 0.084 antidbg_devices
  • 0.072 infostealer_mail
  • 0.062 network_tor
  • 0.062 rat_pcclient
  • 0.037 betabot_behavior
  • 0.035 kazybot_behavior
  • 0.034 antivm_vmware_files
  • 0.034 codelux_behavior
  • 0.028 kibex_behavior
  • 0.028 antiav_detectreg
  • 0.026 hawkeye_behavior
  • 0.025 sniffer_winpcap
  • 0.021 network_tor_service
  • 0.02 md_url_bl
  • 0.019 geodo_banking_trojan
  • 0.019 md_domain_bl
  • 0.017 antivm_vpc_files
  • 0.017 malicous_targeted_flame
  • 0.016 banker_cridex
  • 0.012 antianalysis_detectfile
  • 0.01 antisandbox_sunbelt_files
  • 0.008 shifu_behavior
  • 0.008 spreading_autoruninf
  • 0.008 bitcoin_opencl
  • 0.008 spreading_autoruninf
  • 0.007 anomaly_persistence_autorun
  • 0.007 antivm_vbox_devices
  • 0.006 antianalysis_detectreg
  • 0.006 antisandbox_fortinet_files
  • 0.006 ransomware_extensions
  • 0.006 ransomware_files
  • 0.005 antisandbox_threattrack_files
  • 0.003 tinba_behavior
  • 0.003 anomaly_persistence_ads
  • 0.003 antisandbox_cuckoo_files
  • 0.003 antisandbox_joe_anubis_files
  • 0.003 antivm_vmware_devices
  • 0.003 disables_browser_warn
  • 0.002 rat_nanocore
  • 0.002 cerber_behavior
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.001 ursnif_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 darkcomet_regkeys
  • 0.001 malicious_drop_executable_file_to_temp_folder
  • 0.001 rat_spynet
  • 0.001 recon_fingerprint
  • 0.001 stealth_modify_uac_prompt

Reporting ( 1.349 seconds )

  • 0.883 ReportHTMLSummary
  • 0.466 Malheur
Task ID 345882
Mongo ID 5d3ff60c2f8f2e1f487cc3f2
Cuckoo release 1.4-Maldun