分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2019-08-27 17:30:59 | 2019-08-27 17:33:02 | 123 秒 |
魔盾分数
10.0
危险的
文件详细信息
| 文件名 | SWKLPDCVEX.exe |
|---|---|
| 文件大小 | 352768 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | d73f8efeb74553ef305d753eae924754 |
| SHA1 | 33d2af9c819b7cbe0a6105bc36999954e278851e |
| SHA256 | c6bdea8bf5ca40dd269af19eab840b0d0d3dc1e8c56e2e5bde34ba37b6dcf35f |
| SHA512 | 0d73e52c54f52d48cc35ee4c431097852c88726e667cc3c49872c80f9456fa92399b643745e330cadd14b8c1da2e68c92cf4d305b9da0fb9992da11876f6af72 |
| CRC32 | 5D904576 |
| Ssdeep | 6144:vDuVCK5OBqnvF4FuFszJeBXgjEsK6Dsl1iyEpOp5lMlLMTm5pTGTFWrJRi5aS9j:buVCK5/FYJeO44oLfp5lMlwTOpTGBWbA |
| Yara | 登录查看Yara规则 |
| 样本下载 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 是 | 85.204.116.123 | 罗马尼亚 |
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x00423e3d |
| 声明校验值 | 0x0005bc02 |
| 实际校验值 | 0x0005bc02 |
| 最低操作系统版本要求 | 5.0 |
| PDB路径 | C:\Users\User\Documents\Visual Studio 2008\Projects\KLGBVDDEWAQK\Release\KLGBVDDEWAQK.pdb |
| 编译时间 | 2019-07-07 20:24:33 |
| 载入哈希 | 370865fa797eb05bc1895b09e974195a |
版本信息
| LegalCopyright | |
|---|---|
| InternalName | |
| FileVersion | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| OriginalFilename | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00034fdf | 0x00035000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.59 |
| .rdata | 0x00036000 | 0x00018040 | 0x00018200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.92 |
| .data | 0x0004f000 | 0x00006a18 | 0x00002800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 3.97 |
| .rsrc | 0x00056000 | 0x00006270 | 0x00006400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.18 |
导入
库: KERNEL32.dll:
• 0x4360f0 GetStartupInfoW
• 0x4360f4 VirtualProtect
• 0x4360f8 GetSystemInfo
• 0x4360fc VirtualQuery
• 0x436100 TerminateProcess
• 0x436104 UnhandledExceptionFilter
• 0x436108 SetUnhandledExceptionFilter
• 0x43610c IsDebuggerPresent
• 0x436110 RtlUnwind
• 0x436114 RaiseException
• 0x436118 HeapReAlloc
• 0x43611c Sleep
• 0x436120 HeapSize
• 0x436124 GetStdHandle
• 0x436128 GetModuleFileNameA
• 0x43612c FreeEnvironmentStringsW
• 0x436130 GetEnvironmentStringsW
• 0x436134 GetCommandLineW
• 0x436138 SetHandleCount
• 0x43613c GetFileType
• 0x436140 GetStartupInfoA
• 0x436144 HeapCreate
• 0x436148 VirtualFree
• 0x43614c GetSystemTimeAsFileTime
• 0x436150 GetCPInfo
• 0x436154 GetACP
• 0x436158 GetOEMCP
• 0x43615c IsValidCodePage
• 0x436160 LCMapStringW
• 0x436164 InitializeCriticalSectionAndSpinCount
• 0x436168 GetConsoleCP
• 0x43616c GetConsoleMode
• 0x436170 LCMapStringA
• 0x436174 GetStringTypeA
• 0x436178 GetStringTypeW
• 0x43617c GetLocaleInfoA
• 0x436180 SetStdHandle
• 0x436184 WriteConsoleA
• 0x436188 GetConsoleOutputCP
• 0x43618c WriteConsoleW
• 0x436190 CreateFileA
• 0x436194 SetErrorMode
• 0x436198 GetCurrentProcess
• 0x43619c FlushFileBuffers
• 0x4361a0 SetFilePointer
• 0x4361a4 WriteFile
• 0x4361a8 lstrlenA
• 0x4361ac InterlockedIncrement
• 0x4361b0 GlobalFlags
• 0x4361b4 InterlockedDecrement
• 0x4361b8 TlsFree
• 0x4361bc DeleteCriticalSection
• 0x4361c0 LocalReAlloc
• 0x4361c4 TlsSetValue
• 0x4361c8 TlsAlloc
• 0x4361cc InitializeCriticalSection
• 0x4361d0 GlobalHandle
• 0x4361d4 GlobalReAlloc
• 0x4361d8 TlsGetValue
• 0x4361dc LocalAlloc
• 0x4361e0 CloseHandle
• 0x4361e4 WritePrivateProfileStringW
• 0x4361e8 GetCurrentThread
• 0x4361ec ConvertDefaultLocale
• 0x4361f0 EnumResourceLanguagesW
• 0x4361f4 lstrcmpA
• 0x4361f8 GetLocaleInfoW
• 0x4361fc GlobalGetAtomNameW
• 0x436200 GlobalFree
• 0x436204 GlobalAlloc
• 0x436208 LocalFree
• 0x43620c GlobalLock
• 0x436210 GlobalUnlock
• 0x436214 MulDiv
• 0x436218 GetModuleHandleA
• 0x43621c GetCurrentProcessId
• 0x436220 GetModuleFileNameW
• 0x436224 WideCharToMultiByte
• 0x436228 FreeResource
• 0x43622c GetCurrentThreadId
• 0x436230 GlobalAddAtomW
• 0x436234 GlobalFindAtomW
• 0x436238 GlobalDeleteAtom
• 0x43623c GetVersionExW
• 0x436240 LoadLibraryW
• 0x436244 FreeLibrary
• 0x436248 CompareStringW
• 0x43624c LoadLibraryA
• 0x436250 GetLastError
• 0x436254 SetLastError
• 0x436258 lstrcmpW
• 0x43625c GetModuleHandleW
• 0x436260 GetProcAddress
• 0x436264 GetVersionExA
• 0x436268 VirtualAlloc
• 0x43626c ExitProcess
• 0x436270 LockResource
• 0x436274 EnterCriticalSection
• 0x436278 InterlockedExchange
• 0x43627c lstrlenW
• 0x436280 MultiByteToWideChar
• 0x436284 LeaveCriticalSection
• 0x436288 FormatMessageW
• 0x43628c SizeofResource
• 0x436290 GetProcessHeap
• 0x436294 GetTickCount
• 0x436298 HeapFree
• 0x43629c HeapAlloc
• 0x4362a0 LoadResource
• 0x4362a4 QueryPerformanceCounter
• 0x4362a8 FindResourceW
库: USER32.dll:
• 0x4362e0 GetDCEx
• 0x4362e4 LockWindowUpdate
• 0x4362e8 SetCapture
• 0x4362ec UnregisterClassW
• 0x4362f0 ValidateRect
• 0x4362f4 ShowOwnedPopups
• 0x4362f8 PostQuitMessage
• 0x4362fc UnpackDDElParam
• 0x436300 ReuseDDElParam
• 0x436304 LoadMenuW
• 0x436308 DestroyMenu
• 0x43630c GetActiveWindow
• 0x436310 ReleaseCapture
• 0x436314 LoadAcceleratorsW
• 0x436318 InsertMenuItemW
• 0x43631c CreatePopupMenu
• 0x436320 BringWindowToTop
• 0x436324 GetDesktopWindow
• 0x436328 TranslateAcceleratorW
• 0x43632c InvalidateRect
• 0x436330 IsZoomed
• 0x436334 SetParent
• 0x436338 GetSystemMenu
• 0x43633c DeleteMenu
• 0x436340 SetRectEmpty
• 0x436344 IsRectEmpty
• 0x436348 SetWindowTextW
• 0x43634c IsDialogMessageW
• 0x436350 AppendMenuW
• 0x436354 EndPaint
• 0x436358 BeginPaint
• 0x43635c GetWindowDC
• 0x436360 ClientToScreen
• 0x436364 GrayStringW
• 0x436368 DrawTextExW
• 0x43636c DrawTextW
• 0x436370 TabbedTextOutW
• 0x436374 FillRect
• 0x436378 GetWindowThreadProcessId
• 0x43637c IsWindowEnabled
• 0x436380 WindowFromPoint
• 0x436384 GetMenuCheckMarkDimensions
• 0x436388 LoadBitmapW
• 0x43638c ModifyMenuW
• 0x436390 GetMenuState
• 0x436394 EnableMenuItem
• 0x436398 CheckMenuItem
• 0x43639c RegisterWindowMessageW
• 0x4363a0 LoadIconW
• 0x4363a4 SendDlgItemMessageW
• 0x4363a8 SendDlgItemMessageA
• 0x4363ac WinHelpW
• 0x4363b0 IsChild
• 0x4363b4 GetCapture
• 0x4363b8 CallNextHookEx
• 0x4363bc GetClassLongW
• 0x4363c0 GetClassNameW
• 0x4363c4 SetPropW
• 0x4363c8 GetPropW
• 0x4363cc RemovePropW
• 0x4363d0 GetFocus
• 0x4363d4 IsWindow
• 0x4363d8 SetFocus
• 0x4363dc GetWindowTextLengthW
• 0x4363e0 GetWindowTextW
• 0x4363e4 GetForegroundWindow
• 0x4363e8 GetLastActivePopup
• 0x4363ec SetActiveWindow
• 0x4363f0 DispatchMessageW
• 0x4363f4 BeginDeferWindowPos
• 0x4363f8 EndDeferWindowPos
• 0x4363fc GetDlgItem
• 0x436400 GetTopWindow
• 0x436404 DestroyWindow
• 0x436408 UnhookWindowsHookEx
• 0x43640c GetMessageTime
• 0x436410 GetMessagePos
• 0x436414 PeekMessageW
• 0x436418 MapWindowPoints
• 0x43641c TrackPopupMenu
• 0x436420 GetKeyState
• 0x436424 SetMenu
• 0x436428 SetForegroundWindow
• 0x43642c IsWindowVisible
• 0x436430 PostMessageW
• 0x436434 GetSubMenu
• 0x436438 GetMenuItemID
• 0x43643c GetMenuItemCount
• 0x436440 MessageBoxW
• 0x436444 CreateWindowExW
• 0x436448 GetClassInfoExW
• 0x43644c GetClassInfoW
• 0x436450 RegisterClassW
• 0x436454 GetSysColor
• 0x436458 AdjustWindowRectEx
• 0x43645c SetRect
• 0x436460 GetSysColorBrush
• 0x436464 SystemParametersInfoW
• 0x436468 GetMenuItemInfoW
• 0x43646c InflateRect
• 0x436470 CreateDialogIndirectParamW
• 0x436474 GetNextDlgTabItem
• 0x436478 EndDialog
• 0x43647c GetMessageW
• 0x436480 TranslateMessage
• 0x436484 SetMenuItemBitmaps
• 0x436488 GetCursorPos
• 0x43648c GetParent
• 0x436490 ScreenToClient
• 0x436494 EqualRect
• 0x436498 DeferWindowPos
• 0x43649c PtInRect
• 0x4364a0 GetDlgCtrlID
• 0x4364a4 SendMessageW
• 0x4364a8 DefWindowProcW
• 0x4364ac CallWindowProcW
• 0x4364b0 GetMenu
• 0x4364b4 GetWindowLongW
• 0x4364b8 SetWindowLongW
• 0x4364bc SetWindowPos
• 0x4364c0 OffsetRect
• 0x4364c4 IntersectRect
• 0x4364c8 SystemParametersInfoA
• 0x4364cc IsIconic
• 0x4364d0 GetWindowPlacement
• 0x4364d4 GetSystemMetrics
• 0x4364d8 GetWindow
• 0x4364dc GetDC
• 0x4364e0 ReleaseDC
• 0x4364e4 ShowWindow
• 0x4364e8 UpdateWindow
• 0x4364ec GetWindowRect
• 0x4364f0 CopyRect
• 0x4364f4 SetCursor
• 0x4364f8 SetTimer
• 0x4364fc KillTimer
• 0x436500 LoadCursorW
• 0x436504 GetClientRect
• 0x436508 GetAsyncKeyState
• 0x43650c EnableWindow
• 0x436510 SetWindowsHookExW
库: GDI32.dll:
• 0x43602c GetPixel
• 0x436030 CreatePatternBrush
• 0x436034 GetStockObject
• 0x436038 CreateSolidBrush
• 0x43603c ScaleWindowExtEx
• 0x436040 GetTextMetricsW
• 0x436044 GetTextExtentPoint32W
• 0x436048 GetCharWidthW
• 0x43604c CreateFontW
• 0x436050 StretchDIBits
• 0x436054 CreateCompatibleBitmap
• 0x436058 CreateFontIndirectW
• 0x43605c CreateRectRgnIndirect
• 0x436060 SetRectRgn
• 0x436064 CombineRgn
• 0x436068 PatBlt
• 0x43606c GetBkColor
• 0x436070 CreateRectRgn
• 0x436074 SetWindowExtEx
• 0x436078 ScaleViewportExtEx
• 0x43607c SetViewportExtEx
• 0x436080 OffsetViewportOrgEx
• 0x436084 SetViewportOrgEx
• 0x436088 Escape
• 0x43608c ExtTextOutW
• 0x436090 TextOutW
• 0x436094 RectVisible
• 0x436098 PtVisible
• 0x43609c GetObjectW
• 0x4360a0 SelectClipRgn
• 0x4360a4 IntersectClipRect
• 0x4360a8 ExcludeClipRect
• 0x4360ac SetMapMode
• 0x4360b0 SetBkMode
• 0x4360b4 RestoreDC
• 0x4360b8 SaveDC
• 0x4360bc CreateBitmap
• 0x4360c0 SetBkColor
• 0x4360c4 SetTextColor
• 0x4360c8 GetClipBox
• 0x4360cc BitBlt
• 0x4360d0 DeleteDC
• 0x4360d4 CreateDIBSection
• 0x4360d8 GetDeviceCaps
• 0x4360dc SetDIBColorTable
• 0x4360e0 DeleteObject
• 0x4360e4 SelectObject
• 0x4360e8 CreateCompatibleDC
库: ADVAPI32.dll:
• 0x436000 RegSetValueExW
• 0x436004 RegCreateKeyExW
• 0x436008 RegQueryValueW
• 0x43600c RegOpenKeyW
• 0x436010 RegEnumKeyW
• 0x436014 RegDeleteKeyW
• 0x436018 RegOpenKeyExW
• 0x43601c RegQueryValueExW
• 0x436020 RegCloseKey
• 0x436024 CryptAcquireContextA
库: SHLWAPI.dll:
• 0x4362d0 PathFindFileNameW
• 0x4362d4 PathFindExtensionW
• 0x4362d8 PathRemoveFileSpecW
库: ole32.dll:
• 0x43657c CoUninitialize
• 0x436580 CoCreateInstance
• 0x436584 CoInitializeEx
• 0x436588 CoTaskMemFree
库: OLEAUT32.dll:
• 0x4362b0 SysAllocStringLen
• 0x4362b4 VariantClear
• 0x4362b8 VariantChangeType
• 0x4362bc VariantInit
库: gdiplus.dll:
• 0x436528 GdipBitmapLockBits
• 0x43652c GdipGetImagePaletteSize
• 0x436530 GdipCreateBitmapFromFile
• 0x436534 GdipDisposeImage
• 0x436538 GdipAlloc
• 0x43653c GdipDrawImageI
• 0x436540 GdipBitmapUnlockBits
• 0x436544 GdipCloneImage
• 0x436548 GdipDeleteGraphics
• 0x43654c GdipCreateBitmapFromScan0
• 0x436550 GdipGetImageDecoders
• 0x436554 GdipGetImagePixelFormat
• 0x436558 GdipGetImagePalette
• 0x43655c GdipGetImageDecodersSize
• 0x436560 GdipGetImageHeight
• 0x436564 GdipGetImageWidth
• 0x436568 GdiplusStartup
• 0x43656c GdipGetImageGraphicsContext
• 0x436570 GdiplusShutdown
• 0x436574 GdipFree
.text
`.rdata
@.data
.rsrc
tYj@j
ShDBE
Qh@BE
u#hDBE
D$$Ph
tBhlgC
F4HjC
F4HjC
u8h0lC
8h$lC
8Sh4qC
F(\fC
9= 6E
9= 6E
Ph,vC
Rh tC
Ph<vC
Ch8wC
v|hxBE
t.hpyC
@(1{@
u*hp5E
| 防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
|---|---|---|
| Bkav | 未发现病毒 | 20190826 |
| MicroWorld-eScan | 未发现病毒 | 20190826 |
| CMC | 未发现病毒 | 20190321 |
| CAT-QuickHeal | 未发现病毒 | 20190826 |
| McAfee | 未发现病毒 | 20190826 |
| Cylance | 未发现病毒 | 20190827 |
| Zillya | 未发现病毒 | 20190820 |
| SUPERAntiSpyware | 未发现病毒 | 20190823 |
| K7AntiVirus | 未发现病毒 | 20190826 |
| Alibaba | 未发现病毒 | 20190527 |
| K7GW | 未发现病毒 | 20190827 |
| Cybereason | 未发现病毒 | 20190616 |
| Arcabit | 未发现病毒 | 20190827 |
| TrendMicro | 未发现病毒 | 20190826 |
| Baidu | 未发现病毒 | 20190318 |
| F-Prot | 未发现病毒 | 20190827 |
| Symantec | 未发现病毒 | 20190826 |
| ESET-NOD32 | a variant of Generik.FJSFRRA | 20190827 |
| APEX | Malicious | 20190825 |
| Paloalto | generic.ml | 20190827 |
| ClamAV | 未发现病毒 | 20190826 |
| Kaspersky | UDS:DangerousObject.Multi.Generic | 20190826 |
| BitDefender | 未发现病毒 | 20190827 |
| NANO-Antivirus | 未发现病毒 | 20190826 |
| ViRobot | 未发现病毒 | 20190826 |
| Avast | 未发现病毒 | 20190826 |
| Tencent | 未发现病毒 | 20190827 |
| Endgame | 未发现病毒 | 20190819 |
| Sophos | 未发现病毒 | 20190827 |
| Comodo | 未发现病毒 | 20190827 |
| F-Secure | 未发现病毒 | 20190826 |
| DrWeb | 未发现病毒 | 20190827 |
| VIPRE | 未发现病毒 | 20190826 |
| Invincea | 未发现病毒 | 20190717 |
| McAfee-GW-Edition | 未发现病毒 | 20190826 |
| Trapmine | 未发现病毒 | 20190826 |
| FireEye | 未发现病毒 | 20190827 |
| Emsisoft | 未发现病毒 | 20190827 |
| SentinelOne | 未发现病毒 | 20190807 |
| Cyren | 未发现病毒 | 20190827 |
| Jiangmin | 未发现病毒 | 20190827 |
| Webroot | 未发现病毒 | 20190827 |
| Avira | 未发现病毒 | 20190827 |
| Fortinet | 未发现病毒 | 20190826 |
| Antiy-AVL | 未发现病毒 | 20190827 |
| Kingsoft | 未发现病毒 | 20190827 |
| Microsoft | PUA:Win32/Presenoker | 20190826 |
| AegisLab | Trojan.Multi.Generic.4!c | 20190826 |
| ZoneAlarm | UDS:DangerousObject.Multi.Generic | 20190827 |
| Avast-Mobile | 未发现病毒 | 20190826 |
| TACHYON | 未发现病毒 | 20190826 |
| AhnLab-V3 | 未发现病毒 | 20190826 |
| Acronis | 未发现病毒 | 20190822 |
| VBA32 | 未发现病毒 | 20190826 |
| ALYac | 未发现病毒 | 20190826 |
| MAX | 未发现病毒 | 20190827 |
| Ad-Aware | 未发现病毒 | 20190827 |
| Malwarebytes | 未发现病毒 | 20190826 |
| Zoner | 未发现病毒 | 20190826 |
| TrendMicro-HouseCall | 未发现病毒 | 20190826 |
| Rising | 未发现病毒 | 20190827 |
| Yandex | 未发现病毒 | 20190822 |
| Ikarus | 未发现病毒 | 20190826 |
| eGambit | 未发现病毒 | 20190827 |
| GData | 未发现病毒 | 20190826 |
| AVG | 未发现病毒 | 20190826 |
| Panda | 未发现病毒 | 20190826 |
| CrowdStrike | 未发现病毒 | 20190702 |
| Qihoo-360 | 未发现病毒 | 20190827 |
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 是 | 85.204.116.123 | 罗马尼亚 |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49161 | 85.204.116.123 | 80 |
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49161 | 85.204.116.123 | 80 |
UDP
无UDP连接纪录.
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://85.204.116.123/sin.png | GET /sin.png HTTP/1.1 Connection: Keep-Alive Host: 85.204.116.123 |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
| Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
|---|---|---|---|---|---|---|---|---|
| 2019-08-27 17:31:48.588645+0800 | 85.204.116.123 | 80 | 192.168.122.201 | 49161 | TCP | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 29.052 seconds )
- 15.508 Suricata
- 5.218 NetworkAnalysis
- 3.101 BehaviorAnalysis
- 2.528 Static
- 1.25 VirusTotal
- 0.935 TargetInfo
- 0.425 peid
- 0.069 AnalysisInfo
- 0.014 Strings
- 0.003 Memory
- 0.001 config_decoder
Signatures ( 3.807 seconds )
- 1.913 md_url_bl
- 0.3 antiav_detectreg
- 0.155 api_spamming
- 0.123 stealth_timeout
- 0.113 infostealer_ftp
- 0.107 stealth_decoy_document
- 0.066 infostealer_im
- 0.065 mimics_filetime
- 0.064 virus
- 0.063 reads_self
- 0.063 antianalysis_detectreg
- 0.061 antivm_generic_disk
- 0.056 stealth_file
- 0.053 bootkit
- 0.037 infostealer_mail
- 0.036 antiav_detectfile
- 0.032 maldun_suspicious
- 0.027 antivm_generic_scsi
- 0.026 hancitor_behavior
- 0.025 infostealer_bitcoin
- 0.02 md_domain_bl
- 0.017 kibex_behavior
- 0.017 geodo_banking_trojan
- 0.016 darkcomet_regkeys
- 0.015 antivm_parallels_keys
- 0.015 antivm_vbox_files
- 0.015 antivm_xen_keys
- 0.014 betabot_behavior
- 0.013 recon_fingerprint
- 0.011 rat_luminosity
- 0.011 antivm_generic_services
- 0.01 malicious_write_executeable_under_temp_to_regrun
- 0.01 anormaly_invoke_kills
- 0.01 antivm_generic_diskreg
- 0.009 anomaly_persistence_autorun
- 0.008 antisandbox_productid
- 0.007 kovter_behavior
- 0.006 antiemu_wine_func
- 0.006 hawkeye_behavior
- 0.006 injection_createremotethread
- 0.006 infostealer_browser_password
- 0.006 antidbg_devices
- 0.006 network_http
- 0.006 ransomware_extensions
- 0.006 ransomware_files
- 0.005 antivm_vbox_libs
- 0.005 shifu_behavior
- 0.005 bypass_firewall
- 0.005 antivm_xen_keys
- 0.005 antivm_hyperv_keys
- 0.005 antivm_vbox_acpi
- 0.005 antivm_vbox_keys
- 0.005 antivm_vmware_keys
- 0.005 antivm_vpc_keys
- 0.005 packer_armadillo_regkey
- 0.004 network_tor
- 0.004 kazybot_behavior
- 0.004 injection_runpe
- 0.004 antivm_generic_bios
- 0.004 antivm_generic_cpu
- 0.004 antivm_generic_system
- 0.004 rat_pcclient
- 0.004 recon_programs
- 0.003 tinba_behavior
- 0.003 rat_nanocore
- 0.003 dridex_behavior
- 0.003 Locky_behavior
- 0.003 antisandbox_sunbelt_libs
- 0.003 dyre_behavior
- 0.003 exec_crash
- 0.003 disables_browser_warn
- 0.003 codelux_behavior
- 0.002 antiav_avast_libs
- 0.002 antisandbox_sboxie_libs
- 0.002 antiav_bitdefender_libs
- 0.002 encrypted_ioc
- 0.002 cerber_behavior
- 0.002 sniffer_winpcap
- 0.002 antivm_vmware_files
- 0.002 browser_security
- 0.002 modify_proxy
- 0.002 md_bad_drop
- 0.002 network_cnc_http
- 0.001 infostealer_browser
- 0.001 anomaly_persistence_bootexecute
- 0.001 antivm_vmware_libs
- 0.001 anomaly_reset_winsock
- 0.001 injection_explorer
- 0.001 kelihos_behavior
- 0.001 stealth_network
- 0.001 creates_largekey
- 0.001 ursnif_behavior
- 0.001 creates_nullvalue
- 0.001 ispy_behavior
- 0.001 cryptowall_behavior
- 0.001 antianalysis_detectfile
- 0.001 antivm_vpc_files
- 0.001 banker_cridex
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 malicious_drop_executable_file_to_temp_folder
- 0.001 malicous_targeted_flame
- 0.001 network_tor_service
- 0.001 stealth_modify_uac_prompt
Reporting ( 1.372 seconds )
- 0.871 ReportHTMLSummary
- 0.501 Malheur
| Task ID | 360328 |
|---|---|
| Mongo ID | 5d64f9142f8f2e3534b7d225 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号