比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2019-08-08 11:20:59 2019-08-08 11:23:23 144 秒

魔盾分数

3.9

可疑的

文件详细信息

文件名 fy.exe
文件大小 2220032 字节
文件类型 PE32 executable (console) Intel 80386, for MS Windows
MD5 2782c343c97dc59afeaba37a983c371b
SHA1 e6cab7a7a84a11d1f7ccd7c5d14d7146a3ed7e6a
SHA256 343abc921badeb84e10dfd646aa121ed1cb5fe461a338375e2b8f6e944474f66
SHA512 beb59572d53c93dc55afc116c174e3f058f00969a089ec0ba2d424dc37dea2d88689015bba4fb8d37c3cd61b92d95834d74445a4cf99daebf69a2fefeec14b9a
CRC32 3723C32E
Ssdeep 49152:iuzE+3W7wrQyf332LTfO+s8KuqGaX0ToIBAUZLY:3f3WEpOLpJBAUZL
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00492646
声明校验值 0x00000000
实际校验值 0x0022a4c7
最低操作系统版本要求 4.0
编译时间 2019-08-08 11:19:19
载入哈希 8a5840692c89dded11d3b5a92161b0c6

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000b14be 0x000b2000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.57
.rdata 0x000b3000 0x001503ce 0x00151000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.23
.data 0x00204000 0x00046a4a 0x00014000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.03
.rsrc 0x0024b000 0x00005a90 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.65

导入

库: iphlpapi.dll:
0x4b3730 GetAdaptersInfo
库: WINMM.dll:
0x4b3690 midiStreamOut
0x4b3698 midiStreamProperty
0x4b369c midiStreamOpen
0x4b36a4 waveOutOpen
0x4b36ac waveOutWrite
0x4b36b0 waveOutPause
0x4b36b4 waveOutReset
0x4b36b8 waveOutClose
0x4b36bc waveOutGetNumDevs
0x4b36c0 midiStreamStop
0x4b36c4 midiOutReset
0x4b36c8 midiStreamClose
0x4b36cc midiStreamRestart
库: WS2_32.dll:
0x4b36e8 WSAAsyncSelect
0x4b36ec closesocket
0x4b36f0 send
0x4b36f4 WSACleanup
0x4b36f8 WSAStartup
0x4b36fc inet_ntoa
0x4b3700 recvfrom
0x4b3704 ioctlsocket
0x4b3708 recv
0x4b370c getpeername
0x4b3710 accept
0x4b3714 select
库: RASAPI32.dll:
0x4b33f0 RasHangUpA
库: KERNEL32.dll:
0x4b319c TerminateProcess
0x4b31a0 SetLastError
0x4b31a8 GetVersion
0x4b31ac GetFileSize
0x4b31b0 GetACP
0x4b31b4 RaiseException
0x4b31b8 GetLocalTime
0x4b31bc GetSystemTime
0x4b31c0 RtlUnwind
0x4b31c4 GetStartupInfoA
0x4b31c8 GetOEMCP
0x4b31cc GetCPInfo
0x4b31d0 GetProcessVersion
0x4b31d4 SetErrorMode
0x4b31d8 GlobalFlags
0x4b31dc GetCurrentThread
0x4b31e0 GetFileTime
0x4b31e4 TlsGetValue
0x4b31e8 LocalReAlloc
0x4b31ec TlsSetValue
0x4b31f0 TlsFree
0x4b31f4 GlobalHandle
0x4b31f8 TlsAlloc
0x4b31fc LocalAlloc
0x4b3200 lstrcmpA
0x4b3204 GlobalGetAtomNameA
0x4b3208 GlobalAddAtomA
0x4b320c GlobalFindAtomA
0x4b3210 GlobalDeleteAtom
0x4b3214 lstrcmpiA
0x4b3218 SetEndOfFile
0x4b321c UnlockFile
0x4b3220 LockFile
0x4b3224 FlushFileBuffers
0x4b3228 DuplicateHandle
0x4b322c lstrcpynA
0x4b3234 LocalFree
0x4b3240 SetFilePointer
0x4b3244 WideCharToMultiByte
0x4b3248 MultiByteToWideChar
0x4b324c GetCurrentProcess
0x4b3254 GetSystemDirectoryA
0x4b3258 CreateSemaphoreA
0x4b325c ResumeThread
0x4b3260 ReleaseSemaphore
0x4b326c GetProfileStringA
0x4b3270 WriteFile
0x4b3278 CreateFileA
0x4b327c SetEvent
0x4b3280 FindResourceA
0x4b3284 LoadResource
0x4b3288 LockResource
0x4b328c ReadFile
0x4b3290 lstrlenW
0x4b3294 RemoveDirectoryA
0x4b3298 GetModuleFileNameA
0x4b329c GetCurrentThreadId
0x4b32a0 ExitProcess
0x4b32a4 GlobalSize
0x4b32a8 GlobalFree
0x4b32b4 lstrcatA
0x4b32b8 lstrlenA
0x4b32bc WinExec
0x4b32c0 lstrcpyA
0x4b32c4 FindNextFileA
0x4b32c8 GlobalReAlloc
0x4b32cc HeapFree
0x4b32d0 HeapReAlloc
0x4b32d4 GetProcessHeap
0x4b32d8 HeapAlloc
0x4b32dc GetUserDefaultLCID
0x4b32e0 GetFullPathNameA
0x4b32e4 FreeLibrary
0x4b32e8 LoadLibraryA
0x4b32ec GetLastError
0x4b32f0 GetVersionExA
0x4b32f8 CreateThread
0x4b32fc CreateEventA
0x4b3300 Sleep
0x4b3308 GlobalAlloc
0x4b330c GlobalLock
0x4b3310 GlobalUnlock
0x4b3314 GetTempPathA
0x4b3318 InterlockedExchange
0x4b331c FindFirstFileA
0x4b3320 FindClose
0x4b3324 SetFileAttributesA
0x4b3328 GetFileAttributesA
0x4b332c DeleteFileA
0x4b3338 GetModuleHandleA
0x4b333c GetProcAddress
0x4b3340 MulDiv
0x4b3344 GetCommandLineA
0x4b3348 GetTickCount
0x4b334c CreateProcessA
0x4b3350 WaitForSingleObject
0x4b3354 CloseHandle
0x4b3358 HeapSize
0x4b335c SetStdHandle
0x4b3360 GetFileType
0x4b3378 SetHandleCount
0x4b337c GetStdHandle
0x4b3384 HeapDestroy
0x4b3388 HeapCreate
0x4b338c VirtualFree
0x4b3394 LCMapStringA
0x4b3398 LCMapStringW
0x4b339c VirtualAlloc
0x4b33a0 IsBadWritePtr
0x4b33a8 GetStringTypeA
0x4b33ac GetStringTypeW
0x4b33b0 CompareStringA
0x4b33b4 CompareStringW
0x4b33b8 IsBadReadPtr
0x4b33bc IsBadCodePtr
库: USER32.dll:
0x4b3418 GetActiveWindow
0x4b341c SetFocus
0x4b3420 IsIconic
0x4b3424 PeekMessageA
0x4b3428 SetMenu
0x4b342c GetWindow
0x4b3434 SetWindowRgn
0x4b3438 GetSysColorBrush
0x4b3440 LoadImageA
0x4b3448 ClientToScreen
0x4b344c EnableMenuItem
0x4b3450 GetSubMenu
0x4b3454 GetDlgCtrlID
0x4b345c CreateMenu
0x4b3460 ModifyMenuA
0x4b3464 AppendMenuA
0x4b3468 CreatePopupMenu
0x4b346c DrawIconEx
0x4b347c SetRectEmpty
0x4b3480 DispatchMessageA
0x4b3484 GetMessageA
0x4b3488 WindowFromPoint
0x4b348c DrawFocusRect
0x4b3490 DrawEdge
0x4b3494 GetMessagePos
0x4b3498 ScreenToClient
0x4b34a0 CopyRect
0x4b34a4 LoadBitmapA
0x4b34a8 WinHelpA
0x4b34ac KillTimer
0x4b34b0 SetTimer
0x4b34b4 ReleaseCapture
0x4b34b8 GetCapture
0x4b34bc SetCapture
0x4b34c0 GetScrollRange
0x4b34c4 SetScrollRange
0x4b34c8 SetScrollPos
0x4b34cc SetRect
0x4b34d0 InflateRect
0x4b34d4 IntersectRect
0x4b34d8 DestroyIcon
0x4b34dc PtInRect
0x4b34e0 LoadStringA
0x4b34e4 DrawFrameControl
0x4b34ec GetMenuState
0x4b34f0 SetMenuItemBitmaps
0x4b34f4 CheckMenuItem
0x4b34f8 MoveWindow
0x4b34fc IsDialogMessageA
0x4b3500 ScrollWindowEx
0x4b3504 SendDlgItemMessageA
0x4b3508 MapWindowPoints
0x4b350c AdjustWindowRectEx
0x4b3510 GetMenu
0x4b3514 GetScrollPos
0x4b3518 RegisterClassA
0x4b351c GetMenuItemCount
0x4b3520 GetMenuItemID
0x4b3524 SetWindowsHookExA
0x4b3528 CallNextHookEx
0x4b352c GetClassLongA
0x4b3530 SetPropA
0x4b3534 UnhookWindowsHookEx
0x4b3538 GetPropA
0x4b353c RemovePropA
0x4b3540 GetMessageTime
0x4b3544 GetLastActivePopup
0x4b354c GetWindowPlacement
0x4b3550 GetNextDlgTabItem
0x4b3554 EndDialog
0x4b355c OffsetRect
0x4b3560 IsWindowVisible
0x4b3564 EnableWindow
0x4b3568 RedrawWindow
0x4b356c GetWindowLongA
0x4b3570 SetWindowLongA
0x4b3574 GetSysColor
0x4b3578 SetActiveWindow
0x4b357c SetCursorPos
0x4b3580 LoadCursorA
0x4b3584 SetCursor
0x4b3588 GetDC
0x4b358c FillRect
0x4b3590 IsRectEmpty
0x4b3594 ReleaseDC
0x4b3598 IsChild
0x4b359c DestroyMenu
0x4b35a0 SetForegroundWindow
0x4b35a4 GetWindowRect
0x4b35a8 EqualRect
0x4b35ac UpdateWindow
0x4b35b0 ValidateRect
0x4b35b4 InvalidateRect
0x4b35b8 GetClientRect
0x4b35bc GetFocus
0x4b35c0 GetParent
0x4b35c4 GetTopWindow
0x4b35c8 PostMessageA
0x4b35cc IsWindow
0x4b35d0 SetParent
0x4b35d4 DestroyCursor
0x4b35d8 SendMessageA
0x4b35dc SetWindowPos
0x4b35e0 MessageBoxA
0x4b35e4 GetCursorPos
0x4b35e8 GetSystemMetrics
0x4b35ec EmptyClipboard
0x4b35f0 SetClipboardData
0x4b35f4 OpenClipboard
0x4b35f8 GetClipboardData
0x4b35fc CloseClipboard
0x4b3600 wsprintfA
0x4b3604 WaitForInputIdle
0x4b3608 DefWindowProcA
0x4b360c GetClassInfoA
0x4b3610 IsZoomed
0x4b3614 PostQuitMessage
0x4b361c TranslateMessage
0x4b3620 LoadIconA
0x4b3624 GetForegroundWindow
0x4b3628 UnregisterClassA
0x4b362c GetDesktopWindow
0x4b3630 GetClassNameA
0x4b3634 GetDlgItem
0x4b3638 GetWindowTextA
0x4b363c SetWindowTextA
0x4b3640 CallWindowProcA
0x4b3644 CreateWindowExA
0x4b3648 RegisterHotKey
0x4b364c UnregisterHotKey
0x4b3650 GetKeyState
0x4b3658 IsWindowEnabled
0x4b365c ShowWindow
0x4b3664 CharUpperA
0x4b3668 GetWindowDC
0x4b366c BeginPaint
0x4b3670 EndPaint
0x4b3674 TabbedTextOutA
0x4b3678 DrawTextA
0x4b367c GrayStringA
0x4b3680 DestroyWindow
库: GDI32.dll:
0x4b3048 LineTo
0x4b304c MoveToEx
0x4b3050 ExcludeClipRect
0x4b3054 GetClipBox
0x4b3058 GetStockObject
0x4b305c GetObjectA
0x4b3060 EndPage
0x4b3064 EndDoc
0x4b3068 DeleteDC
0x4b306c StartDocA
0x4b3070 StartPage
0x4b3074 BitBlt
0x4b3078 CreateCompatibleDC
0x4b307c Ellipse
0x4b3080 Rectangle
0x4b3084 LPtoDP
0x4b3088 DPtoLP
0x4b308c GetCurrentObject
0x4b3090 RoundRect
0x4b3094 ExtSelectClipRgn
0x4b309c GetDeviceCaps
0x4b30a0 CreatePalette
0x4b30a8 CreateDIBitmap
0x4b30ac DeleteObject
0x4b30b0 SelectClipRgn
0x4b30b4 CreatePolygonRgn
0x4b30b8 GetClipRgn
0x4b30bc SetStretchBltMode
0x4b30c4 SetBkColor
0x4b30c8 CreateFontA
0x4b30d0 ScaleWindowExtEx
0x4b30d4 SetWindowExtEx
0x4b30d8 SetWindowOrgEx
0x4b30dc ScaleViewportExtEx
0x4b30e0 SetViewportExtEx
0x4b30e4 OffsetViewportOrgEx
0x4b30e8 SetViewportOrgEx
0x4b30ec SetMapMode
0x4b30f0 SetTextColor
0x4b30f4 SetROP2
0x4b30f8 SetPolyFillMode
0x4b30fc GetViewportExtEx
0x4b3100 PtVisible
0x4b3104 RectVisible
0x4b3108 TextOutA
0x4b310c ExtTextOutA
0x4b3110 Escape
0x4b3114 GetTextMetricsA
0x4b3118 CreateFontIndirectA
0x4b311c CreateSolidBrush
0x4b3120 FillRgn
0x4b3124 CreateRectRgn
0x4b3128 CombineRgn
0x4b312c PatBlt
0x4b3130 CreatePen
0x4b3134 SelectObject
0x4b3138 CreateBitmap
0x4b313c CreateDCA
0x4b3144 SetBkMode
0x4b3148 RestoreDC
0x4b314c SaveDC
0x4b3150 GetPolyFillMode
0x4b3154 GetStretchBltMode
0x4b3158 GetROP2
0x4b315c GetBkColor
0x4b3160 GetBkMode
0x4b3164 GetTextColor
0x4b3168 CreateRoundRectRgn
0x4b316c CreateEllipticRgn
0x4b3170 PathToRegion
0x4b3174 EndPath
0x4b3178 BeginPath
0x4b317c GetWindowOrgEx
0x4b3180 GetViewportOrgEx
0x4b3184 GetWindowExtEx
0x4b3188 GetDIBits
0x4b318c RealizePalette
0x4b3190 SelectPalette
0x4b3194 StretchBlt
库: WINSPOOL.DRV:
0x4b36d8 OpenPrinterA
0x4b36dc DocumentPropertiesA
0x4b36e0 ClosePrinter
库: ADVAPI32.dll:
0x4b3000 RegQueryValueExA
0x4b3004 RegOpenKeyExA
0x4b3008 RegSetValueExA
0x4b300c RegQueryValueA
0x4b3010 RegCreateKeyExA
0x4b3014 RegCloseKey
库: SHELL32.dll:
0x4b33fc DragQueryFileA
0x4b3404 DragFinish
0x4b3408 DragAcceptFiles
0x4b340c ShellExecuteA
0x4b3410 Shell_NotifyIconA
库: ole32.dll:
0x4b3738 OleRun
0x4b373c CLSIDFromString
0x4b3740 OleUninitialize
0x4b3744 OleInitialize
0x4b3748 CLSIDFromProgID
0x4b374c CoCreateInstance
库: OLEAUT32.dll:
0x4b33c8 UnRegisterTypeLib
0x4b33cc LoadTypeLib
0x4b33d0 LHashValOfNameSys
0x4b33d4 RegisterTypeLib
0x4b33d8 SysAllocString
0x4b33dc VariantInit
0x4b33e0 VariantCopyInd
0x4b33e4 VariantChangeType
0x4b33e8 VariantClear
库: COMCTL32.dll:
0x4b301c ImageList_Add
0x4b3020 ImageList_BeginDrag
0x4b3024 ImageList_Create
0x4b3028 ImageList_Destroy
0x4b302c ImageList_DragEnter
0x4b3030 ImageList_DragLeave
0x4b3034 ImageList_DragMove
0x4b303c ImageList_EndDrag
0x4b3040 None
库: WININET.dll:
0x4b3688 InternetCloseHandle
库: comdlg32.dll:
0x4b371c ChooseColorA
0x4b3720 GetFileTitleA
0x4b3724 GetSaveFileNameA
0x4b3728 GetOpenFileNameA
.text
`.rdata
@.data
.rsrc
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
Ph|za
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
Ph|za
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
Ph|za
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
Ph|za
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
Ph|za
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
Ph|za
VMProtect end
3hl"O
3hl"O
3h|"O
3hl"O
3h%#O
3hl"O
3hl"O
3hl"O
TheCodeMadeByZPCCZQ
TheCodeMadeByZPCCZQ
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
没有防病毒引擎扫描信息!

进程树

fy.exe, PID: 2656, 上一级进程 PID: 2296
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 13.259 seconds )

  • 7.907 Static
  • 3.261 TargetInfo
  • 1.265 VirusTotal
  • 0.443 peid
  • 0.231 NetworkAnalysis
  • 0.071 BehaviorAnalysis
  • 0.058 AnalysisInfo
  • 0.014 Strings
  • 0.006 config_decoder
  • 0.003 Memory

Signatures ( 0.169 seconds )

  • 0.021 md_domain_bl
  • 0.02 md_url_bl
  • 0.019 antiav_detectreg
  • 0.009 infostealer_ftp
  • 0.008 antiav_detectfile
  • 0.007 anomaly_persistence_autorun
  • 0.007 ransomware_extensions
  • 0.007 ransomware_files
  • 0.005 infostealer_bitcoin
  • 0.005 infostealer_im
  • 0.004 antianalysis_detectreg
  • 0.003 tinba_behavior
  • 0.003 api_spamming
  • 0.003 antivm_vbox_files
  • 0.003 disables_browser_warn
  • 0.003 infostealer_mail
  • 0.002 stealth_decoy_document
  • 0.002 rat_nanocore
  • 0.002 betabot_behavior
  • 0.002 cerber_behavior
  • 0.002 stealth_timeout
  • 0.002 geodo_banking_trojan
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.001 antiemu_wine_func
  • 0.001 network_tor
  • 0.001 ursnif_behavior
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 infostealer_browser_password
  • 0.001 kovter_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 malicious_drop_executable_file_to_temp_folder
  • 0.001 office_security
  • 0.001 ransomware_radamant
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt

Reporting ( 1.173 seconds )

  • 0.927 ReportHTMLSummary
  • 0.246 Malheur
Task ID 351469
Mongo ID 5d4b95c12f8f2e1f3e7cda81
Cuckoo release 1.4-Maldun