分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2019-09-06 20:21:35 | 2019-09-06 20:24:08 | 153 秒 |
魔盾分数
3.85
可疑的
文件详细信息
| 文件名 | FLY.exe |
|---|---|
| 文件大小 | 7454720 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | d0e3808cf13074b5fc1932d18b722d8c |
| SHA1 | 79fb62e4ace21b2719887ede07c1e44df9393a42 |
| SHA256 | e2aa375cc658662e19b7709fb2e4eb4d6bd2b916d1d0b3bfce6d4faf93049e8c |
| SHA512 | 0680e22f995638d3db3a4c857f646e518a469b2183d7c59352538b426adc076bcfcd12053b83e3ab7d3da71c7e8736fb2d9d3946ec203dadc225d087c201b6e9 |
| CRC32 | BB05B8B5 |
| Ssdeep | 98304:rRnpY43DvCletl9YLtwrmutKfX4O5qblSJBAUZL:8OviwrmYKfXVqEJV |
| Yara | 登录查看Yara规则 |
| 样本下载 提交漏报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 113.141.163.87 | 中国 |
域名解析 (可点击查询WPING实时安全评级)
| 域名 | 安全评级 | 响应 |
|---|---|---|
| w.eydata.net |
A 113.141.163.87 A 110.42.2.224 |
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x006ed739 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x00727400 |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2019-09-02 19:51:49 |
| 载入哈希 | acf8377cfbc90656586b1c91ba66e905 |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x0030d0d6 | 0x0030e000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.20 |
| .rdata | 0x0030f000 | 0x0036ecd2 | 0x0036f000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.57 |
| .data | 0x0067e000 | 0x000ac36a | 0x00067000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 5.51 |
| .rsrc | 0x0072b000 | 0x00036e50 | 0x00037000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 3.52 |
导入
库: user32.dll:
• 0x70f900 EnumChildWindows
• 0x70f904 SetPropA
• 0x70f908 SendMessageA
• 0x70f90c MessageBoxA
• 0x70f910 GetAncestor
• 0x70f914 EnumWindows
• 0x70f918 GetWindowLongA
• 0x70f91c GetMessageA
• 0x70f920 CreateWindowExA
• 0x70f924 GetClassNameA
• 0x70f928 TranslateMessage
• 0x70f92c GetWindowRect
• 0x70f930 GetDC
• 0x70f934 UpdateLayeredWindow
• 0x70f938 ReleaseDC
• 0x70f93c IsWindow
• 0x70f940 ShowWindow
• 0x70f944 CallWindowProcA
• 0x70f948 TrackMouseEvent
• 0x70f94c GetPropA
• 0x70f950 wsprintfA
• 0x70f954 GetSystemMetrics
• 0x70f958 GetCursorPos
• 0x70f95c CloseClipboard
• 0x70f960 GetClipboardData
• 0x70f964 OpenClipboard
• 0x70f968 DispatchMessageA
• 0x70f96c PeekMessageA
库: kernel32.dll:
• 0x70f788 FreeEnvironmentStringsW
• 0x70f78c FreeEnvironmentStringsA
• 0x70f790 DeleteCriticalSection
• 0x70f794 GetEnvironmentStrings
• 0x70f798 GetEnvironmentStringsW
• 0x70f79c GetStartupInfoA
• 0x70f7a0 GetFileType
• 0x70f7a4 GetStdHandle
• 0x70f7a8 CloseHandle
• 0x70f7ac GetCPInfo
• 0x70f7b0 GetOEMCP
• 0x70f7b4 GetACP
• 0x70f7b8 SetHandleCount
• 0x70f7bc GetVersion
• 0x70f7c0 RtlUnwind
• 0x70f7c4 TerminateProcess
• 0x70f7c8 HeapReAlloc
• 0x70f7cc LeaveCriticalSection
• 0x70f7d0 EnterCriticalSection
• 0x70f7d4 InitializeCriticalSection
• 0x70f7d8 GetStringTypeA
• 0x70f7dc GetStringTypeW
• 0x70f7e0 InterlockedDecrement
• 0x70f7e4 InterlockedIncrement
• 0x70f7e8 SetFilePointer
• 0x70f7ec SetUnhandledExceptionFilter
• 0x70f7f0 IsBadCodePtr
• 0x70f7f4 LCMapStringW
• 0x70f7f8 SetStdHandle
• 0x70f7fc GetCurrentProcess
• 0x70f800 FlushFileBuffers
• 0x70f804 IsBadWritePtr
• 0x70f808 RaiseException
• 0x70f80c HeapCreate
• 0x70f810 HeapDestroy
• 0x70f814 GetVersionExA
• 0x70f818 LCMapStringA
• 0x70f81c LoadLibraryA
• 0x70f820 FreeLibrary
• 0x70f824 GetCurrentDirectoryA
• 0x70f828 GetLocalTime
• 0x70f82c Sleep
• 0x70f830 GetFileSize
• 0x70f834 ReadFile
• 0x70f838 GetTempPathA
• 0x70f83c GetTickCount
• 0x70f840 CreateFileA
• 0x70f844 WriteFile
• 0x70f848 GetCommandLineA
• 0x70f84c GetModuleFileNameA
• 0x70f850 IsBadReadPtr
• 0x70f854 HeapFree
• 0x70f858 GetEnvironmentVariableA
• 0x70f85c HeapAlloc
• 0x70f860 ExitProcess
• 0x70f864 GetProcessHeap
• 0x70f868 VirtualFree
• 0x70f86c VirtualAlloc
• 0x70f870 GetProcAddress
• 0x70f874 LoadLibraryW
• 0x70f878 MapViewOfFile
• 0x70f87c CreateFileMappingA
• 0x70f880 VirtualProtectEx
• 0x70f884 WideCharToMultiByte
• 0x70f888 LocalAlloc
• 0x70f88c LocalSize
• 0x70f890 lstrlenW
• 0x70f894 GlobalFree
• 0x70f898 MultiByteToWideChar
• 0x70f89c GlobalUnlock
• 0x70f8a0 GlobalLock
• 0x70f8a4 GlobalAlloc
• 0x70f8a8 LocalFree
• 0x70f8ac RtlMoveMemory
• 0x70f8b0 GetModuleHandleA
• 0x70f8b4 GetCurrentThreadId
• 0x70f8b8 TlsSetValue
• 0x70f8bc TlsAlloc
• 0x70f8c0 TlsFree
• 0x70f8c4 SetLastError
• 0x70f8c8 TlsGetValue
• 0x70f8cc GetLastError
库: gdi32.dll:
• 0x70f708 CreateCompatibleDC
• 0x70f70c DeleteDC
• 0x70f710 CreateDIBSection
• 0x70f714 DeleteObject
• 0x70f718 SelectObject
库: gdiplus.dll:
• 0x70f720 GdipCreateFromHDC
• 0x70f724 GdipCreateBitmapFromScan0
• 0x70f728 GdipGetImageGraphicsContext
• 0x70f72c GdipSetSmoothingMode
• 0x70f730 GdipGetImageHeight
• 0x70f734 GdipGetImageWidth
• 0x70f738 GdiplusStartup
• 0x70f73c GdipGetRegionBounds
• 0x70f740 GdipSetTextRenderingHint
• 0x70f744 GdipDeletePen
• 0x70f748 GdipDrawRectangleI
• 0x70f74c GdipSetSolidFillColor
• 0x70f750 GdipDeleteBrush
• 0x70f754 GdipLoadImageFromFile
• 0x70f758 GdipCreateSolidFill
• 0x70f75c GdipDisposeImage
• 0x70f760 GdipLoadImageFromStream
库: ole32.dll:
• 0x70f8d4 CreateStreamOnHGlobal
• 0x70f8d8 CLSIDFromString
• 0x70f8dc OleUninitialize
• 0x70f8e0 OleInitialize
• 0x70f8e4 CLSIDFromString
库: imm32.dll:
• 0x70f768 ImmAssociateContext
• 0x70f76c ImmGetCompositionStringW
• 0x70f770 ImmReleaseContext
• 0x70f774 ImmSetCompositionWindow
• 0x70f778 ImmGetContext
库: shlwapi.dll:
• 0x70f8f8 PathFileExistsA
库: winmm.dll:
• 0x70f974 PlaySoundA
库: iphlpapi.dll:
• 0x70f780 GetAdaptersInfo
库: WINMM.dll:
• 0x70f66c midiStreamOut
• 0x70f670 midiStreamOpen
• 0x70f674 midiOutUnprepareHeader
• 0x70f678 waveOutOpen
• 0x70f67c waveOutGetNumDevs
• 0x70f680 waveOutClose
• 0x70f684 waveOutReset
• 0x70f688 waveOutPause
• 0x70f68c waveOutWrite
• 0x70f690 waveOutPrepareHeader
• 0x70f694 waveOutUnprepareHeader
• 0x70f698 midiStreamStop
• 0x70f69c midiOutReset
• 0x70f6a0 midiStreamClose
• 0x70f6a4 midiStreamRestart
• 0x70f6a8 waveOutRestart
• 0x70f6ac midiOutPrepareHeader
• 0x70f6b0 midiStreamProperty
库: WS2_32.dll:
• 0x70f6c8 WSACleanup
• 0x70f6cc inet_ntoa
• 0x70f6d0 getpeername
• 0x70f6d4 accept
• 0x70f6d8 ntohl
• 0x70f6dc closesocket
• 0x70f6e0 WSAAsyncSelect
• 0x70f6e4 recvfrom
• 0x70f6e8 ioctlsocket
• 0x70f6ec recv
库: KERNEL32.dll:
• 0x70f17c GetStdHandle
• 0x70f180 SetHandleCount
• 0x70f184 GetEnvironmentStringsW
• 0x70f188 GetEnvironmentStrings
• 0x70f18c FreeEnvironmentStringsW
• 0x70f190 FreeEnvironmentStringsA
• 0x70f194 UnhandledExceptionFilter
• 0x70f198 HeapSize
• 0x70f19c RaiseException
• 0x70f1a0 GetLocalTime
• 0x70f1a4 GetSystemTime
• 0x70f1a8 GetFileType
• 0x70f1ac GetStartupInfoA
• 0x70f1b0 GetOEMCP
• 0x70f1b4 GetCPInfo
• 0x70f1b8 GetProcessVersion
• 0x70f1bc SetErrorMode
• 0x70f1c0 GlobalFlags
• 0x70f1c4 GetCurrentThread
• 0x70f1c8 GetFileTime
• 0x70f1cc TlsGetValue
• 0x70f1d0 LocalReAlloc
• 0x70f1d4 TlsSetValue
• 0x70f1d8 TlsFree
• 0x70f1dc GlobalHandle
• 0x70f1e0 TlsAlloc
• 0x70f1e4 LocalAlloc
• 0x70f1e8 lstrcmpA
• 0x70f1ec GlobalGetAtomNameA
• 0x70f1f0 GlobalAddAtomA
• 0x70f1f4 GlobalFindAtomA
• 0x70f1f8 GlobalDeleteAtom
• 0x70f1fc lstrcmpiA
• 0x70f200 CloseHandle
• 0x70f204 WaitForSingleObject
• 0x70f208 CreateProcessA
• 0x70f20c GetTickCount
• 0x70f210 GetCommandLineA
• 0x70f214 MulDiv
• 0x70f218 GetProcAddress
• 0x70f21c GetModuleHandleA
• 0x70f220 GetVolumeInformationA
• 0x70f224 SetCurrentDirectoryA
• 0x70f228 CopyFileA
• 0x70f22c DeleteFileA
• 0x70f230 GetFileAttributesA
• 0x70f234 SetFileAttributesA
• 0x70f238 FindClose
• 0x70f23c FindFirstFileA
• 0x70f240 GetTempPathA
• 0x70f244 GlobalUnlock
• 0x70f248 GlobalLock
• 0x70f24c GlobalAlloc
• 0x70f250 ExpandEnvironmentStringsA
• 0x70f254 Sleep
• 0x70f258 CreateEventA
• 0x70f25c CreateThread
• 0x70f260 GetPrivateProfileStringA
• 0x70f264 WritePrivateProfileStringA
• 0x70f268 GetVersionExA
• 0x70f26c GetLastError
• 0x70f270 LoadLibraryA
• 0x70f274 FreeLibrary
• 0x70f278 GetFullPathNameA
• 0x70f27c HeapAlloc
• 0x70f280 GetProcessHeap
• 0x70f284 HeapReAlloc
• 0x70f288 HeapFree
• 0x70f28c GlobalReAlloc
• 0x70f290 FindNextFileA
• 0x70f294 lstrcpyA
• 0x70f298 WinExec
• 0x70f29c lstrlenA
• 0x70f2a0 lstrcatA
• 0x70f2a4 InitializeCriticalSection
• 0x70f2a8 DeleteCriticalSection
• 0x70f2ac GlobalFree
• 0x70f2b0 GlobalSize
• 0x70f2b4 ExitProcess
• 0x70f2b8 GetCurrentThreadId
• 0x70f2bc MultiByteToWideChar
• 0x70f2c0 WideCharToMultiByte
• 0x70f2c4 GetModuleFileNameA
• 0x70f2c8 ReadFile
• 0x70f2cc LockResource
• 0x70f2d0 LoadResource
• 0x70f2d4 FindResourceA
• 0x70f2d8 SetEvent
• 0x70f2dc DeviceIoControl
• 0x70f2e0 CreateFileA
• 0x70f2e4 WaitForMultipleObjects
• 0x70f2e8 WriteFile
• 0x70f2ec GetProfileStringA
• 0x70f2f0 LeaveCriticalSection
• 0x70f2f4 EnterCriticalSection
• 0x70f2f8 ReleaseSemaphore
• 0x70f2fc ResumeThread
• 0x70f300 CreateSemaphoreA
• 0x70f304 Process32Next
• 0x70f308 Process32First
• 0x70f30c CreateToolhelp32Snapshot
• 0x70f310 SetFilePointer
• 0x70f314 GetFileSize
• 0x70f318 GetCurrentProcess
• 0x70f31c TerminateProcess
• 0x70f320 OpenProcess
• 0x70f324 GetWindowsDirectoryA
• 0x70f328 GetSystemDirectoryA
• 0x70f32c SetLastError
• 0x70f330 QueryPerformanceFrequency
• 0x70f334 QueryPerformanceCounter
• 0x70f338 GetTimeZoneInformation
• 0x70f33c GetVersion
• 0x70f340 TerminateThread
• 0x70f344 InterlockedDecrement
• 0x70f348 InterlockedIncrement
• 0x70f34c CreateMutexA
• 0x70f350 ReleaseMutex
• 0x70f354 SuspendThread
• 0x70f358 GetACP
• 0x70f35c GetEnvironmentVariableA
• 0x70f360 HeapDestroy
• 0x70f364 HeapCreate
• 0x70f368 VirtualFree
• 0x70f36c SetEnvironmentVariableA
• 0x70f370 LCMapStringA
• 0x70f374 LCMapStringW
• 0x70f378 VirtualAlloc
• 0x70f37c IsBadWritePtr
• 0x70f380 SetUnhandledExceptionFilter
• 0x70f384 GetStringTypeA
• 0x70f388 GetStringTypeW
• 0x70f38c CompareStringA
• 0x70f390 CompareStringW
• 0x70f394 IsBadReadPtr
• 0x70f398 IsBadCodePtr
• 0x70f39c SetStdHandle
• 0x70f3a0 InterlockedExchange
• 0x70f3a4 SetEndOfFile
• 0x70f3a8 UnlockFile
• 0x70f3ac LockFile
• 0x70f3b0 FlushFileBuffers
• 0x70f3b4 DuplicateHandle
• 0x70f3b8 lstrcpynA
• 0x70f3bc FileTimeToLocalFileTime
• 0x70f3c0 FileTimeToSystemTime
• 0x70f3c4 LocalFree
• 0x70f3c8 RtlUnwind
库: USER32.dll:
• 0x70f3f4 DrawFocusRect
• 0x70f3f8 DrawEdge
• 0x70f3fc UnregisterClassA
• 0x70f400 TranslateMessage
• 0x70f404 LoadIconA
• 0x70f408 GetDesktopWindow
• 0x70f40c GetClassNameA
• 0x70f410 GetWindowThreadProcessId
• 0x70f414 FindWindowA
• 0x70f418 GetDlgItem
• 0x70f41c GetWindowTextA
• 0x70f420 GetForegroundWindow
• 0x70f424 GetDC
• 0x70f428 FillRect
• 0x70f42c IsRectEmpty
• 0x70f430 ReleaseDC
• 0x70f434 IsChild
• 0x70f438 DestroyMenu
• 0x70f43c SetForegroundWindow
• 0x70f440 GetWindowRect
• 0x70f444 EqualRect
• 0x70f448 UpdateWindow
• 0x70f44c ValidateRect
• 0x70f450 InvalidateRect
• 0x70f454 GetClientRect
• 0x70f458 GetFocus
• 0x70f45c GetParent
• 0x70f460 GetTopWindow
• 0x70f464 PostMessageA
• 0x70f468 IsWindow
• 0x70f46c SetParent
• 0x70f470 DestroyCursor
• 0x70f474 SendMessageA
• 0x70f478 SetWindowPos
• 0x70f47c MessageBoxA
• 0x70f480 GetCursorPos
• 0x70f484 GetSystemMetrics
• 0x70f488 EmptyClipboard
• 0x70f48c SetClipboardData
• 0x70f490 OpenClipboard
• 0x70f494 GetClipboardData
• 0x70f498 CloseClipboard
• 0x70f49c wsprintfA
• 0x70f4a0 WaitForInputIdle
• 0x70f4a4 SetWindowLongA
• 0x70f4a8 GetSysColor
• 0x70f4ac SetActiveWindow
• 0x70f4b0 SetCursor
• 0x70f4b4 SetCursorPos
• 0x70f4b8 EnumDisplaySettingsA
• 0x70f4bc WindowFromPoint
• 0x70f4c0 GetMessageA
• 0x70f4c4 DispatchMessageA
• 0x70f4c8 SetRectEmpty
• 0x70f4cc RegisterClipboardFormatA
• 0x70f4d0 GetWindowTextLengthA
• 0x70f4d4 CharUpperA
• 0x70f4d8 GetWindowDC
• 0x70f4dc BeginPaint
• 0x70f4e0 EndPaint
• 0x70f4e4 TabbedTextOutA
• 0x70f4e8 DrawTextA
• 0x70f4ec GrayStringA
• 0x70f4f0 DestroyWindow
• 0x70f4f4 CreateDialogIndirectParamA
• 0x70f4f8 EndDialog
• 0x70f4fc GetNextDlgTabItem
• 0x70f500 GetWindowPlacement
• 0x70f504 RegisterWindowMessageA
• 0x70f508 GetLastActivePopup
• 0x70f50c GetMessageTime
• 0x70f510 RemovePropA
• 0x70f514 CallWindowProcA
• 0x70f518 GetPropA
• 0x70f51c UnhookWindowsHookEx
• 0x70f520 SetPropA
• 0x70f524 GetClassLongA
• 0x70f528 CallNextHookEx
• 0x70f52c SetWindowsHookExA
• 0x70f530 CreateWindowExA
• 0x70f534 GetMenuItemID
• 0x70f538 GetMenuItemCount
• 0x70f53c RegisterClassA
• 0x70f540 GetScrollPos
• 0x70f544 AdjustWindowRectEx
• 0x70f548 MapWindowPoints
• 0x70f54c SendDlgItemMessageA
• 0x70f550 ScrollWindowEx
• 0x70f554 IsDialogMessageA
• 0x70f558 SetWindowTextA
• 0x70f55c MoveWindow
• 0x70f560 CheckMenuItem
• 0x70f564 SetMenuItemBitmaps
• 0x70f568 GetMenuState
• 0x70f56c GetMenuCheckMarkDimensions
• 0x70f570 LoadStringA
• 0x70f574 GetSysColorBrush
• 0x70f578 CreateIconFromResourceEx
• 0x70f57c LoadImageA
• 0x70f580 SystemParametersInfoA
• 0x70f584 ShowWindow
• 0x70f588 CreateIconFromResource
• 0x70f58c DrawIconEx
• 0x70f590 CreatePopupMenu
• 0x70f594 AppendMenuA
• 0x70f598 ModifyMenuA
• 0x70f59c CreateMenu
• 0x70f5a0 CreateAcceleratorTableA
• 0x70f5a4 GetDlgCtrlID
• 0x70f5a8 GetSubMenu
• 0x70f5ac EnableMenuItem
• 0x70f5b0 ClientToScreen
• 0x70f5b4 IsWindowEnabled
• 0x70f5b8 TranslateAcceleratorA
• 0x70f5bc GetKeyState
• 0x70f5c0 CopyAcceleratorTableA
• 0x70f5c4 PostQuitMessage
• 0x70f5c8 IsZoomed
• 0x70f5cc GetClassInfoA
• 0x70f5d0 DefWindowProcA
• 0x70f5d4 GetSystemMenu
• 0x70f5d8 DeleteMenu
• 0x70f5dc GetMenu
• 0x70f5e0 SetMenu
• 0x70f5e4 PeekMessageA
• 0x70f5e8 IsIconic
• 0x70f5ec SetFocus
• 0x70f5f0 GetActiveWindow
• 0x70f5f4 GetWindow
• 0x70f5f8 DestroyAcceleratorTable
• 0x70f5fc SetWindowRgn
• 0x70f600 GetMessagePos
• 0x70f604 ScreenToClient
• 0x70f608 ChildWindowFromPointEx
• 0x70f60c CopyRect
• 0x70f610 LoadBitmapA
• 0x70f614 WinHelpA
• 0x70f618 KillTimer
• 0x70f61c SetTimer
• 0x70f620 ReleaseCapture
• 0x70f624 GetCapture
• 0x70f628 SetCapture
• 0x70f62c GetScrollRange
• 0x70f630 SetScrollRange
• 0x70f634 SetScrollPos
• 0x70f638 SetRect
• 0x70f63c InflateRect
• 0x70f640 IntersectRect
• 0x70f644 DestroyIcon
• 0x70f648 PtInRect
• 0x70f64c OffsetRect
• 0x70f650 IsWindowVisible
• 0x70f654 EnableWindow
• 0x70f658 RedrawWindow
• 0x70f65c LoadCursorA
• 0x70f660 GetWindowLongA
• 0x70f664 DrawFrameControl
库: GDI32.dll:
• 0x70f030 LineTo
• 0x70f034 MoveToEx
• 0x70f038 ExcludeClipRect
• 0x70f03c GetClipBox
• 0x70f040 ScaleWindowExtEx
• 0x70f044 SetWindowExtEx
• 0x70f048 SetWindowOrgEx
• 0x70f04c ScaleViewportExtEx
• 0x70f050 SetViewportExtEx
• 0x70f054 OffsetViewportOrgEx
• 0x70f058 SetViewportOrgEx
• 0x70f05c SetMapMode
• 0x70f060 SetTextColor
• 0x70f064 SetROP2
• 0x70f068 SetPolyFillMode
• 0x70f06c SetBkMode
• 0x70f070 RestoreDC
• 0x70f074 SaveDC
• 0x70f078 ExtSelectClipRgn
• 0x70f07c GetViewportExtEx
• 0x70f080 PtVisible
• 0x70f084 RectVisible
• 0x70f088 TextOutA
• 0x70f08c ExtTextOutA
• 0x70f090 Escape
• 0x70f094 GetTextMetricsA
• 0x70f098 GetTextExtentPoint32A
• 0x70f09c RoundRect
• 0x70f0a0 GetCurrentObject
• 0x70f0a4 DPtoLP
• 0x70f0a8 LPtoDP
• 0x70f0ac Rectangle
• 0x70f0b0 Ellipse
• 0x70f0b4 SetBkColor
• 0x70f0b8 CreateRectRgnIndirect
• 0x70f0bc SetStretchBltMode
• 0x70f0c0 GetClipRgn
• 0x70f0c4 CreatePolygonRgn
• 0x70f0c8 SelectClipRgn
• 0x70f0cc DeleteObject
• 0x70f0d0 CreateDIBitmap
• 0x70f0d4 GetSystemPaletteEntries
• 0x70f0d8 CreatePalette
• 0x70f0dc StretchBlt
• 0x70f0e0 SelectPalette
• 0x70f0e4 RealizePalette
• 0x70f0e8 GetDIBits
• 0x70f0ec GetWindowExtEx
• 0x70f0f0 GetViewportOrgEx
• 0x70f0f4 CreateCompatibleDC
• 0x70f0f8 BitBlt
• 0x70f0fc StartPage
• 0x70f100 StartDocA
• 0x70f104 DeleteDC
• 0x70f108 EndDoc
• 0x70f10c EndPage
• 0x70f110 GetObjectA
• 0x70f114 GetStockObject
• 0x70f118 CreateFontIndirectA
• 0x70f11c CreateSolidBrush
• 0x70f120 FillRgn
• 0x70f124 CreateRectRgn
• 0x70f128 CombineRgn
• 0x70f12c PatBlt
• 0x70f130 GetWindowOrgEx
• 0x70f134 BeginPath
• 0x70f138 EndPath
• 0x70f13c PathToRegion
• 0x70f140 CreateEllipticRgn
• 0x70f144 CreateRoundRectRgn
• 0x70f148 GetTextColor
• 0x70f14c GetBkMode
• 0x70f150 GetBkColor
• 0x70f154 GetROP2
• 0x70f158 GetStretchBltMode
• 0x70f15c CreatePen
• 0x70f160 SelectObject
• 0x70f164 CreateBitmap
• 0x70f168 CreateDCA
• 0x70f16c CreateCompatibleBitmap
• 0x70f170 GetPolyFillMode
• 0x70f174 GetDeviceCaps
库: ADVAPI32.dll:
• 0x70f000 RegSetValueExA
• 0x70f004 RegCreateKeyExA
• 0x70f008 RegCloseKey
• 0x70f00c RegQueryValueExA
• 0x70f010 RegOpenKeyExA
• 0x70f014 RegDeleteValueA
• 0x70f018 RegDeleteKeyA
• 0x70f01c RegQueryValueA
库: SHELL32.dll:
• 0x70f3e4 SHGetSpecialFolderPathA
• 0x70f3e8 Shell_NotifyIconA
• 0x70f3ec ShellExecuteA
库: OLEAUT32.dll:
• 0x70f3d0 UnRegisterTypeLib
• 0x70f3d4 LoadTypeLib
• 0x70f3d8 RegisterTypeLib
• 0x70f3dc VariantClear
库: comdlg32.dll:
• 0x70f6f4 GetSaveFileNameA
• 0x70f6f8 GetOpenFileNameA
• 0x70f6fc ChooseColorA
• 0x70f700 GetFileTitleA
.text
`.rdata
@.data
.rsrc
3h}5q
3h<6q
3h}5q
3hN;q
3hY;q
3hj<q
8`}<j
T$hVj
T$th
|$LVj
|$`Vj
D$@Sj
L$8h
D$8Rj
l$<VWj
jjjjh
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 113.141.163.87 | 中国 |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 113.141.163.87 w.eydata.net | 443 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 62233 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
| 域名 | 安全评级 | 响应 |
|---|---|---|
| w.eydata.net |
A 113.141.163.87 A 110.42.2.224 |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 113.141.163.87 w.eydata.net | 443 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 62233 | 192.168.122.1 | 53 |
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
| Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
|---|---|---|---|---|---|---|---|---|
| 2019-09-06 20:22:22.484860+0800 | 192.168.122.201 | 49160 | 113.141.163.87 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Domain Validation CA - SHA256 - G2 | OU=Domain Control Validated, CN=*.eydata.net | 08:b6:8d:09:2f:d7:df:0f:0f:75:bf:42:53:d0:ea:50:be:e7:69:25 |
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 47.202 seconds )
- 22.085 Static
- 15.491 Suricata
- 3.726 NetworkAnalysis
- 2.559 VirusTotal
- 2.224 TargetInfo
- 0.556 peid
- 0.405 BehaviorAnalysis
- 0.11 AnalysisInfo
- 0.029 config_decoder
- 0.014 Strings
- 0.003 Memory
Signatures ( 0.261 seconds )
- 0.028 antiav_detectreg
- 0.025 md_domain_bl
- 0.021 md_url_bl
- 0.017 api_spamming
- 0.014 stealth_timeout
- 0.012 injection_createremotethread
- 0.012 infostealer_ftp
- 0.011 stealth_decoy_document
- 0.008 injection_runpe
- 0.007 anomaly_persistence_autorun
- 0.007 antiav_detectfile
- 0.007 infostealer_im
- 0.007 ransomware_extensions
- 0.007 ransomware_files
- 0.006 antianalysis_detectreg
- 0.005 infostealer_bitcoin
- 0.005 infostealer_mail
- 0.004 network_torgateway
- 0.003 tinba_behavior
- 0.003 antivm_vbox_files
- 0.003 geodo_banking_trojan
- 0.003 disables_browser_warn
- 0.002 rat_nanocore
- 0.002 betabot_behavior
- 0.002 cerber_behavior
- 0.002 bot_drive
- 0.002 browser_security
- 0.002 modify_proxy
- 0.002 md_bad_drop
- 0.001 antiemu_wine_func
- 0.001 network_tor
- 0.001 antivm_vbox_libs
- 0.001 mimics_filetime
- 0.001 ursnif_behavior
- 0.001 dyre_behavior
- 0.001 kibex_behavior
- 0.001 antivm_generic_scsi
- 0.001 shifu_behavior
- 0.001 infostealer_browser_password
- 0.001 antidbg_windows
- 0.001 kovter_behavior
- 0.001 antianalysis_detectfile
- 0.001 antidbg_devices
- 0.001 antivm_generic_diskreg
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 darkcomet_regkeys
- 0.001 maldun_network_blacklist
- 0.001 office_security
- 0.001 ransomware_radamant
- 0.001 rat_pcclient
- 0.001 rat_spynet
- 0.001 recon_fingerprint
- 0.001 stealth_hide_notifications
- 0.001 stealth_modify_uac_prompt
- 0.001 stealth_modify_security_center_warnings
Reporting ( 1.088 seconds )
- 0.856 ReportHTMLSummary
- 0.232 Malheur
| Task ID | 368493 |
|---|---|
| Mongo ID | 5d7250212f8f2e17cc9de745 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号