分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2019-09-06 16:15:59 2019-09-06 16:18:25 146 秒

魔盾分数

6.15

危险的

文件详细信息

文件名 TQM正版.exe
文件大小 4292608 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c056080f9a7ea653f8957150f42e639b
SHA1 d2a2d9ab3fbe109d3de12f2d3f313a6e3f5ebccb
SHA256 574405c9ff44b805471cc97e25374523c39baf6b023a94cc130ea62fc67738c8
SHA512 00bb27be09d1beddcac4b681ce527f8ed0a7f9dd4134ffca6cc573db2ed8fb43e97e7969420941e6d3667d99775449ac4a6f1bf2070a44a5a0a7e55f36bfce0a
CRC32 0CD8BCB0
Ssdeep 49152:Nd45el7WpB2rh+4TEo0qY5LMNJJt9mutKfVh8FtZ+s8KuqGaX0ToIBAUZLYp:4El7S+jEo0qYtMNDmutKCtSJBAUZLc
Yara
  • Detected 32bit PE signature
  • Detected Rich Signature
  • Create a new process
  • Communications over HTTP
  • Detected take screenshot function
  • Run a keylogger
  • Create or check mutex
  • Affect system registries
  • Change registries to affect system
  • Affect private profile
  • Affect private profile
  • Affect hook table
  • Spotted potential abnormal behaviors, like logging and network communications
  • Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files
  • Detected the presence of an or several images
  • Detected the presence of an or several urls
  • Detected UPX. Commonly used by RAT!
  • Look for CRC32 [poly]
  • Look for CRC32 table
  • Look for MD5 constants
  • Look for DES [sbox]
  • Look for Base64 table
  • Look for Random function
样本下载 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
113.141.163.87 中国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
w.eydata.net A 113.141.163.87
A 110.42.2.224

摘要

C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\test\AppData\Local\Temp\j\xe7\xb3\xa1w
C:\Users\test\AppData\Local\Temp\TQM______.exe
C:\Windows\Fonts\staticcache.dat
C:\Users\test\AppData\Local\Temp\wininet.dll
C:\Users\test\Documents\key.ini
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\test\AppData\Local\Temp\j\xe7\xb3\xa1w
C:\Users\test\AppData\Local\Temp\TQM______.exe
C:\Windows\Fonts\staticcache.dat
C:\Users\test\Documents\key.ini
HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\TQM______.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3FC47A08-E5C9-4BCA-A2C7-BC9A282AED14}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
HKEY_CURRENT_USER\Software\Microsoft\CTF\LayoutIcon\0804\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
kernel32.dll.IsProcessorFeaturePresent
cryptbase.dll.SystemFunction036
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
kernel32.dll.lstrcpynA
kernel32.dll.RtlMoveMemory
kernel32.dll.VirtualAlloc
kernel32.dll.LoadLibraryA
kernel32.dll.GetProcAddress
kernel32.dll.VirtualProtect
kernel32.dll.VirtualFree
comctl32.dll.ImageList_Draw
gdi32.dll.BitBlt
msimg32.dll.TransparentBlt
msvcrt.dll.free
msvfw32.dll.DrawDibOpen
user32.dll.GetDC
kernel32.dll.MulDiv
kernel32.dll.FlushInstructionCache
kernel32.dll.GetCurrentProcess
kernel32.dll.GetTickCount
kernel32.dll.VirtualQuery
kernel32.dll.SetFilePointer
kernel32.dll.GlobalAlloc
kernel32.dll.GlobalLock
kernel32.dll.GlobalUnlock
kernel32.dll.GlobalReAlloc
kernel32.dll.GlobalFree
kernel32.dll.FindResourceA
kernel32.dll.LoadResource
kernel32.dll.LockResource
kernel32.dll.SizeofResource
kernel32.dll.FreeLibrary
kernel32.dll.GetModuleFileNameA
kernel32.dll.GetModuleHandleA
kernel32.dll.GetVersion
kernel32.dll.GetCurrentThreadId
kernel32.dll.CreateFileA
kernel32.dll.GetFileSize
kernel32.dll.CloseHandle
kernel32.dll.ReadFile
kernel32.dll.SetLastError
comctl32.dll.ImageList_GetIcon
comctl32.dll.ImageList_GetImageInfo
comctl32.dll.ImageList_GetIconSize
gdi32.dll.SetWindowExtEx
gdi32.dll.SetWindowOrgEx
gdi32.dll.SetMapMode
gdi32.dll.SelectClipPath
gdi32.dll.EndPath
gdi32.dll.BeginPath
gdi32.dll.TextOutA
gdi32.dll.GetClipRgn
gdi32.dll.GetPixel
gdi32.dll.CreatePatternBrush
gdi32.dll.CreateFontIndirectA
gdi32.dll.SetViewportOrgEx
gdi32.dll.GetStockObject
gdi32.dll.GetTextExtentPoint32A
gdi32.dll.CreateRoundRectRgn
gdi32.dll.CreateFontA
gdi32.dll.SetViewportExtEx
gdi32.dll.SelectClipRgn
gdi32.dll.SelectObject
gdi32.dll.CreateCompatibleDC
gdi32.dll.DeleteDC
gdi32.dll.OffsetRgn
gdi32.dll.CombineRgn
gdi32.dll.CreateRectRgn
gdi32.dll.CreatePen
gdi32.dll.ExtCreateRegion
gdi32.dll.DeleteObject
gdi32.dll.Rectangle
gdi32.dll.SetPixel
gdi32.dll.PtInRegion
gdi32.dll.SetTextColor
gdi32.dll.SetBkMode
gdi32.dll.PatBlt
gdi32.dll.CreateDIBSection
gdi32.dll.GetObjectA
gdi32.dll.CreateCompatibleBitmap
gdi32.dll.GetTextExtentPointA
gdi32.dll.ExtTextOutA
gdi32.dll.ExtTextOutW
gdi32.dll.SetBkColor
gdi32.dll.GetTextColor
gdi32.dll.CreateSolidBrush
msvcrt.dll.??3@YAXPAX@Z
msvcrt.dll.__CxxFrameHandler
msvcrt.dll.??2@YAPAXI@Z
msvcrt.dll._ftol
msvcrt.dll._mbsstr
msvcrt.dll._mbscmp
msvcrt.dll.__dllonexit
msvcrt.dll.malloc
msvcrt.dll._initterm
msvcrt.dll._adjust_fdiv
msvcrt.dll._onexit
msvcrt.dll.memcpy
msvfw32.dll.DrawDibDraw
msvfw32.dll.DrawDibClose
user32.dll.SetWindowsHookExA
user32.dll.UnhookWindowsHookEx
user32.dll.CallNextHookEx
user32.dll.GetClassNameA
user32.dll.IsWindow
user32.dll.EnumThreadWindows
user32.dll.EnumChildWindows
user32.dll.LockWindowUpdate
user32.dll.DestroyIcon
user32.dll.DrawStateA
user32.dll.ShowWindow
user32.dll.GetMenuItemID
user32.dll.GetWindowRgn
user32.dll.SetMenu
user32.dll.GetMenu
user32.dll.GetSubMenu
user32.dll.TrackPopupMenu
user32.dll.CreateWindowExA
user32.dll.DestroyWindow
user32.dll.GetWindowInfo
user32.dll.SetWindowPos
user32.dll.GetClassLongA
user32.dll.ScreenToClient
user32.dll.SystemParametersInfoA
user32.dll.GetSystemMetrics
user32.dll.MenuItemFromPoint
user32.dll.GetMenuItemRect
user32.dll.GetMenuItemCount
user32.dll.SetMenuItemInfoA
user32.dll.IsMenu
user32.dll.GetUpdateRect
user32.dll.EqualRect
user32.dll.ShowScrollBar
user32.dll.SetWindowRgn
user32.dll.WindowFromDC
user32.dll.MoveWindow
user32.dll.GetSysColor
user32.dll.EnableScrollBar
user32.dll.GetScrollBarInfo
user32.dll.GetCapture
user32.dll.SetScrollPos
user32.dll.SetScrollInfo
user32.dll.GetScrollRange
user32.dll.GetScrollPos
user32.dll.GetScrollInfo
user32.dll.ReleaseDC
user32.dll.GetWindowDC
user32.dll.GetDCEx
user32.dll.EndPaint
user32.dll.BeginPaint
user32.dll.GetWindowLongW
user32.dll.SetWindowLongW
user32.dll.SetWindowLongA
user32.dll.ClientToScreen
user32.dll.FindWindowExA
user32.dll.GetMenuItemInfoA
user32.dll.GetParent
user32.dll.GetComboBoxInfo
user32.dll.TrackMouseEvent
user32.dll.GetIconInfo
user32.dll.GetClientRect
user32.dll.GetFocus
user32.dll.InflateRect
user32.dll.InvalidateRect
user32.dll.SetPropA
user32.dll.RemovePropA
user32.dll.CallWindowProcA
user32.dll.GetPropA
user32.dll.SetTimer
user32.dll.OffsetRect
user32.dll.KillTimer
user32.dll.EnableWindow
user32.dll.GetWindowLongA
user32.dll.SetRectEmpty
user32.dll.DrawIconEx
user32.dll.GetWindowTextA
user32.dll.DrawTextA
user32.dll.IsRectEmpty
user32.dll.IsIconic
user32.dll.IsZoomed
user32.dll.GetSystemMenu
user32.dll.GetMenuState
user32.dll.ReleaseCapture
user32.dll.GetMessageA
user32.dll.SetScrollRange
user32.dll.DispatchMessageA
user32.dll.SetRect
user32.dll.IsWindowVisible
user32.dll.RegisterClassExA
user32.dll.DefWindowProcA
user32.dll.IsWindowEnabled
user32.dll.SendMessageA
user32.dll.GetCursorPos
user32.dll.LoadCursorA
user32.dll.SetCursor
user32.dll.GetWindowRect
user32.dll.PtInRect
user32.dll.SetCapture
user32.dll.UpdateLayeredWindow
user32.dll.SetLayeredWindowAttributes
dciman32.dll.DCIOpenProvider
dciman32.dll.DCICloseProvider
dciman32.dll.DCICreatePrimary
dciman32.dll.DCIEndAccess
dciman32.dll.DCIBeginAccess
dciman32.dll.DCIDestroy
comctl32.dll.RegisterClassNameW
uxtheme.dll.EnableThemeDialogTexture
uxtheme.dll.OpenThemeData
imm32.dll.ImmIsIME
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
gdi32.dll.GetTextFaceAliasW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
advapi32.dll.RegQueryValueExA
advapi32.dll.RegEnumKeyExW
gdi32.dll.GetTextExtentExPointWPri
wininet.dll.InternetOpenA
wininet.dll.InternetConnectA
wininet.dll.HttpOpenRequestA
wininet.dll.HttpSendRequestA
rasapi32.dll.RasConnectionNotificationW
sechost.dll.NotifyServiceStatusChangeA
wininet.dll.InternetReadFile
wininet.dll.InternetCloseHandle
gdi32.dll.GetFontAssocStatus
ole32.dll.CoInitializeEx
ole32.dll.CoUninitialize
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoRevokeInitializeSpy
imm32.dll.ImmGetContext
imm32.dll.ImmLockIMC
imm32.dll.ImmUnlockIMC
imm32.dll.ImmReleaseContext
imm32.dll.ImmSetCompositionFontW
imm32.dll.ImmGetCompositionWindow
imm32.dll.ImmSetCompositionWindow
uxtheme.dll.BufferedPaintInit
uxtheme.dll.BeginBufferedPaint
uxtheme.dll.EndBufferedPaint
oleaut32.dll.SysAllocString
oleaut32.dll.SysStringLen
oleaut32.dll.SysFreeString
Local\MSCTF.Asm.MutexDefault1

PE 信息

初始地址 0x00400000
入口地址 0x0049b439
声明校验值 0x00000000
实际校验值 0x0042291b
最低操作系统版本要求 4.0
编译时间 2019-09-02 19:51:59
载入哈希 c1ff967736ddd80a162ca80252caf234

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000badc6 0x000bb000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.62
.rdata 0x000bc000 0x0032fdee 0x00330000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.42
.data 0x003ec000 0x0005f30a 0x0001a000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.07
.rsrc 0x0044c000 0x00011650 0x00012000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.72

导入

库: iphlpapi.dll:
0x4bc708 GetAdaptersInfo
库: WINMM.dll:
0x4bc66c midiStreamOut
0x4bc674 waveOutPause
0x4bc678 waveOutReset
0x4bc67c waveOutClose
0x4bc680 waveOutGetNumDevs
0x4bc684 waveOutOpen
0x4bc68c midiStreamOpen
0x4bc690 midiStreamProperty
0x4bc698 midiStreamStop
0x4bc69c midiOutReset
0x4bc6a0 midiStreamClose
0x4bc6a4 midiStreamRestart
0x4bc6a8 waveOutWrite
0x4bc6ac waveOutRestart
库: WS2_32.dll:
0x4bc6c8 WSACleanup
0x4bc6cc inet_ntoa
0x4bc6d0 closesocket
0x4bc6d4 getpeername
0x4bc6d8 accept
0x4bc6dc ntohl
0x4bc6e0 WSAAsyncSelect
0x4bc6e4 recvfrom
0x4bc6e8 ioctlsocket
0x4bc6ec recv
库: KERNEL32.dll:
0x4bc17c GetSystemDirectoryA
0x4bc180 SetLastError
0x4bc190 GetVersion
0x4bc194 TerminateThread
0x4bc1a0 CreateMutexA
0x4bc1a4 ReleaseMutex
0x4bc1ac GetACP
0x4bc1bc HeapSize
0x4bc1c0 RaiseException
0x4bc1c4 GetLocalTime
0x4bc1c8 GetSystemTime
0x4bc1cc RtlUnwind
0x4bc1d0 GetStartupInfoA
0x4bc1d4 GetOEMCP
0x4bc1d8 GetCPInfo
0x4bc1dc GetProcessVersion
0x4bc1e0 SetErrorMode
0x4bc1e4 GlobalFlags
0x4bc1e8 GetCurrentThread
0x4bc1ec GetFileTime
0x4bc1f0 TlsGetValue
0x4bc1f4 LocalReAlloc
0x4bc1f8 TlsSetValue
0x4bc1fc TlsFree
0x4bc200 GlobalHandle
0x4bc204 TlsAlloc
0x4bc208 LocalAlloc
0x4bc20c lstrcmpA
0x4bc210 GlobalGetAtomNameA
0x4bc214 GlobalAddAtomA
0x4bc218 GlobalFindAtomA
0x4bc21c GlobalDeleteAtom
0x4bc220 lstrcmpiA
0x4bc224 SetEndOfFile
0x4bc228 UnlockFile
0x4bc22c LockFile
0x4bc230 FlushFileBuffers
0x4bc234 DuplicateHandle
0x4bc238 lstrcpynA
0x4bc244 LocalFree
0x4bc248 OpenProcess
0x4bc24c TerminateProcess
0x4bc250 GetCurrentProcess
0x4bc254 GetFileSize
0x4bc258 SetFilePointer
0x4bc260 Process32First
0x4bc264 Process32Next
0x4bc268 CreateSemaphoreA
0x4bc26c ResumeThread
0x4bc270 ReleaseSemaphore
0x4bc27c GetProfileStringA
0x4bc280 WriteFile
0x4bc288 CreateFileA
0x4bc28c DeviceIoControl
0x4bc290 SetEvent
0x4bc294 FindResourceA
0x4bc298 LoadResource
0x4bc29c LockResource
0x4bc2a0 ReadFile
0x4bc2a4 GetModuleFileNameA
0x4bc2a8 WideCharToMultiByte
0x4bc2ac MultiByteToWideChar
0x4bc2b0 GetCurrentThreadId
0x4bc2b4 ExitProcess
0x4bc2b8 GlobalSize
0x4bc2bc GlobalFree
0x4bc2c8 lstrcatA
0x4bc2cc lstrlenA
0x4bc2d0 InterlockedExchange
0x4bc2d4 WinExec
0x4bc2d8 lstrcpyA
0x4bc2dc FindNextFileA
0x4bc2e0 GlobalReAlloc
0x4bc2e4 HeapFree
0x4bc2e8 HeapReAlloc
0x4bc2ec GetProcessHeap
0x4bc2f0 HeapAlloc
0x4bc2f4 GetFullPathNameA
0x4bc2f8 FreeLibrary
0x4bc2fc LoadLibraryA
0x4bc300 GetLastError
0x4bc304 GetVersionExA
0x4bc310 CreateThread
0x4bc314 CreateEventA
0x4bc318 Sleep
0x4bc320 GlobalAlloc
0x4bc324 GlobalLock
0x4bc328 GlobalUnlock
0x4bc32c GetTempPathA
0x4bc330 FindFirstFileA
0x4bc334 FindClose
0x4bc338 SetFileAttributesA
0x4bc33c GetFileAttributesA
0x4bc340 DeleteFileA
0x4bc344 CopyFileA
0x4bc350 GetModuleHandleA
0x4bc354 GetProcAddress
0x4bc358 MulDiv
0x4bc35c GetCommandLineA
0x4bc360 GetTickCount
0x4bc364 CreateProcessA
0x4bc368 WaitForSingleObject
0x4bc36c CloseHandle
0x4bc378 SetHandleCount
0x4bc37c GetStdHandle
0x4bc380 GetFileType
0x4bc388 HeapDestroy
0x4bc38c HeapCreate
0x4bc390 VirtualFree
0x4bc398 LCMapStringA
0x4bc39c LCMapStringW
0x4bc3a0 VirtualAlloc
0x4bc3a4 IsBadWritePtr
0x4bc3ac GetStringTypeA
0x4bc3b0 GetStringTypeW
0x4bc3b4 CompareStringA
0x4bc3b8 CompareStringW
0x4bc3bc IsBadReadPtr
0x4bc3c0 IsBadCodePtr
0x4bc3c4 SetStdHandle
0x4bc3c8 SuspendThread
库: USER32.dll:
0x4bc3f4 GetActiveWindow
0x4bc3f8 SetFocus
0x4bc3fc GetWindow
0x4bc400 GetSysColorBrush
0x4bc404 LoadStringA
0x4bc408 DefWindowProcA
0x4bc40c GetClassInfoA
0x4bc410 IsZoomed
0x4bc414 PostQuitMessage
0x4bc41c GetKeyState
0x4bc424 IsWindowEnabled
0x4bc428 ShowWindow
0x4bc430 LoadImageA
0x4bc438 ClientToScreen
0x4bc43c EnableMenuItem
0x4bc440 GetSubMenu
0x4bc444 GetDlgCtrlID
0x4bc44c CreateMenu
0x4bc450 ModifyMenuA
0x4bc454 AppendMenuA
0x4bc458 CreatePopupMenu
0x4bc45c DrawIconEx
0x4bc46c SetRectEmpty
0x4bc470 GetMessageA
0x4bc474 WindowFromPoint
0x4bc47c SetWindowRgn
0x4bc480 GetMessagePos
0x4bc484 ScreenToClient
0x4bc48c CopyRect
0x4bc490 LoadBitmapA
0x4bc494 WinHelpA
0x4bc498 KillTimer
0x4bc49c SetTimer
0x4bc4a0 ReleaseCapture
0x4bc4a4 GetCapture
0x4bc4a8 SetCapture
0x4bc4ac GetScrollRange
0x4bc4b0 SetScrollRange
0x4bc4b4 SetScrollPos
0x4bc4b8 SetRect
0x4bc4c0 GetMenuState
0x4bc4c4 SetMenuItemBitmaps
0x4bc4c8 CheckMenuItem
0x4bc4cc MoveWindow
0x4bc4d0 IsIconic
0x4bc4d4 InflateRect
0x4bc4d8 IntersectRect
0x4bc4dc DestroyIcon
0x4bc4e0 PtInRect
0x4bc4e4 OffsetRect
0x4bc4e8 IsWindowVisible
0x4bc4ec EnableWindow
0x4bc4f0 RedrawWindow
0x4bc4f4 GetWindowLongA
0x4bc4f8 SetWindowLongA
0x4bc4fc GetSysColor
0x4bc500 SetActiveWindow
0x4bc504 SetCursorPos
0x4bc508 LoadCursorA
0x4bc50c SetCursor
0x4bc510 GetDC
0x4bc514 FillRect
0x4bc518 IsRectEmpty
0x4bc51c ReleaseDC
0x4bc520 IsChild
0x4bc524 DestroyMenu
0x4bc528 SetForegroundWindow
0x4bc52c GetWindowRect
0x4bc530 EqualRect
0x4bc534 UpdateWindow
0x4bc538 ValidateRect
0x4bc53c InvalidateRect
0x4bc540 GetClientRect
0x4bc544 GetFocus
0x4bc548 GetParent
0x4bc54c GetTopWindow
0x4bc550 PostMessageA
0x4bc554 IsWindow
0x4bc558 SetParent
0x4bc55c DestroyCursor
0x4bc560 SendMessageA
0x4bc564 SetWindowPos
0x4bc568 MessageBoxA
0x4bc56c GetCursorPos
0x4bc570 GetSystemMetrics
0x4bc574 EmptyClipboard
0x4bc578 SetClipboardData
0x4bc57c OpenClipboard
0x4bc580 GetClipboardData
0x4bc584 CloseClipboard
0x4bc588 wsprintfA
0x4bc58c WaitForInputIdle
0x4bc590 PeekMessageA
0x4bc594 DrawFocusRect
0x4bc598 DrawEdge
0x4bc59c DrawFrameControl
0x4bc5a0 TranslateMessage
0x4bc5a4 LoadIconA
0x4bc5a8 GetDesktopWindow
0x4bc5ac GetClassNameA
0x4bc5b4 FindWindowA
0x4bc5b8 GetDlgItem
0x4bc5bc GetWindowTextA
0x4bc5c0 GetForegroundWindow
0x4bc5c4 SetMenu
0x4bc5c8 GetMenu
0x4bc5cc DeleteMenu
0x4bc5d0 SetWindowTextA
0x4bc5d4 GetSystemMenu
0x4bc5d8 UnregisterClassA
0x4bc5dc DispatchMessageA
0x4bc5e4 CharUpperA
0x4bc5e8 GetWindowDC
0x4bc5ec BeginPaint
0x4bc5f0 EndPaint
0x4bc5f4 TabbedTextOutA
0x4bc5f8 DrawTextA
0x4bc5fc GrayStringA
0x4bc600 DestroyWindow
0x4bc608 EndDialog
0x4bc60c GetNextDlgTabItem
0x4bc610 GetWindowPlacement
0x4bc618 GetLastActivePopup
0x4bc61c GetMessageTime
0x4bc620 RemovePropA
0x4bc624 CallWindowProcA
0x4bc628 GetPropA
0x4bc62c UnhookWindowsHookEx
0x4bc630 SetPropA
0x4bc634 GetClassLongA
0x4bc638 CallNextHookEx
0x4bc63c SetWindowsHookExA
0x4bc640 CreateWindowExA
0x4bc644 GetMenuItemID
0x4bc648 GetMenuItemCount
0x4bc64c RegisterClassA
0x4bc650 GetScrollPos
0x4bc654 AdjustWindowRectEx
0x4bc658 MapWindowPoints
0x4bc65c SendDlgItemMessageA
0x4bc660 ScrollWindowEx
0x4bc664 IsDialogMessageA
库: GDI32.dll:
0x4bc030 ExtSelectClipRgn
0x4bc034 LineTo
0x4bc038 MoveToEx
0x4bc03c ExcludeClipRect
0x4bc040 GetClipBox
0x4bc044 ScaleWindowExtEx
0x4bc048 SetWindowExtEx
0x4bc04c CombineRgn
0x4bc050 CreateRectRgn
0x4bc054 FillRgn
0x4bc058 CreateSolidBrush
0x4bc05c GetStockObject
0x4bc060 CreateFontIndirectA
0x4bc064 EndPage
0x4bc068 EndDoc
0x4bc06c DeleteDC
0x4bc070 StartDocA
0x4bc074 StartPage
0x4bc078 BitBlt
0x4bc07c CreateCompatibleDC
0x4bc080 Ellipse
0x4bc084 Rectangle
0x4bc088 DPtoLP
0x4bc08c GetCurrentObject
0x4bc090 RoundRect
0x4bc098 GetDeviceCaps
0x4bc09c SelectClipRgn
0x4bc0a0 CreatePolygonRgn
0x4bc0a4 GetClipRgn
0x4bc0a8 SetStretchBltMode
0x4bc0b0 SetBkColor
0x4bc0b4 SetWindowOrgEx
0x4bc0b8 ScaleViewportExtEx
0x4bc0bc SetViewportExtEx
0x4bc0c0 OffsetViewportOrgEx
0x4bc0c4 SetViewportOrgEx
0x4bc0c8 SetMapMode
0x4bc0cc SetTextColor
0x4bc0d0 SetROP2
0x4bc0d4 SetPolyFillMode
0x4bc0d8 SetBkMode
0x4bc0dc RestoreDC
0x4bc0e0 GetViewportExtEx
0x4bc0e4 PtVisible
0x4bc0e8 RectVisible
0x4bc0ec TextOutA
0x4bc0f0 ExtTextOutA
0x4bc0f4 Escape
0x4bc0f8 GetTextMetricsA
0x4bc0fc PatBlt
0x4bc100 CreatePen
0x4bc104 GetObjectA
0x4bc108 SelectObject
0x4bc10c CreateBitmap
0x4bc110 CreateDCA
0x4bc118 GetPolyFillMode
0x4bc11c GetStretchBltMode
0x4bc120 GetROP2
0x4bc124 GetBkColor
0x4bc128 GetBkMode
0x4bc12c SaveDC
0x4bc130 GetTextColor
0x4bc134 CreateRoundRectRgn
0x4bc138 CreateEllipticRgn
0x4bc13c PathToRegion
0x4bc140 EndPath
0x4bc144 BeginPath
0x4bc148 GetWindowOrgEx
0x4bc14c GetViewportOrgEx
0x4bc150 GetWindowExtEx
0x4bc154 GetDIBits
0x4bc158 RealizePalette
0x4bc15c SelectPalette
0x4bc160 StretchBlt
0x4bc164 DeleteObject
0x4bc16c LPtoDP
0x4bc170 CreatePalette
0x4bc174 CreateDIBitmap
库: WINSPOOL.DRV:
0x4bc6b8 OpenPrinterA
0x4bc6bc DocumentPropertiesA
0x4bc6c0 ClosePrinter
库: ADVAPI32.dll:
0x4bc000 RegQueryValueExA
0x4bc004 RegOpenKeyExA
0x4bc008 RegSetValueExA
0x4bc00c RegDeleteValueA
0x4bc010 RegDeleteKeyA
0x4bc014 RegQueryValueA
0x4bc018 RegCreateKeyExA
0x4bc01c RegCloseKey
库: SHELL32.dll:
0x4bc3e4 Shell_NotifyIconA
0x4bc3e8 ShellExecuteA
库: ole32.dll:
0x4bc710 CLSIDFromString
0x4bc714 OleUninitialize
0x4bc718 OleInitialize
库: OLEAUT32.dll:
0x4bc3d0 LoadTypeLib
0x4bc3d4 RegisterTypeLib
0x4bc3d8 UnRegisterTypeLib
0x4bc3dc VariantClear
库: COMCTL32.dll:
0x4bc024 None
0x4bc028 ImageList_Destroy
库: comdlg32.dll:
0x4bc6f4 GetFileTitleA
0x4bc6f8 GetSaveFileNameA
0x4bc6fc GetOpenFileNameA
0x4bc700 ChooseColorA

.text
`.rdata
@.data
.rsrc
8`}<j
T$hVj
T$th
|$LVj
|$`Vj
D$@Sj
L$8h
D$8Rj
l$<VWj
jjjjh
没有防病毒引擎扫描信息!

进程树


TQM______.exe, PID: 2648, 上一级进程 PID: 2296

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
113.141.163.87 中国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 113.141.163.87 w.eydata.net 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 62233 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
w.eydata.net A 113.141.163.87
A 110.42.2.224

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 113.141.163.87 w.eydata.net 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 62233 192.168.122.1 53

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2019-09-06 16:16:39.870728+0800 192.168.122.201 49160 113.141.163.87 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Domain Validation CA - SHA256 - G2 OU=Domain Control Validated, CN=*.eydata.net 08:b6:8d:09:2f:d7:df:0f:0f:75:bf:42:53:d0:ea:50:be:e7:69:25

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 37.207 seconds )

  • 15.498 Suricata
  • 13.271 Static
  • 3.65 VirusTotal
  • 2.398 NetworkAnalysis
  • 1.575 TargetInfo
  • 0.424 peid
  • 0.23 BehaviorAnalysis
  • 0.132 AnalysisInfo
  • 0.014 Strings
  • 0.012 config_decoder
  • 0.003 Memory

Signatures ( 0.204 seconds )

  • 0.028 antiav_detectreg
  • 0.015 md_domain_bl
  • 0.014 md_url_bl
  • 0.012 infostealer_ftp
  • 0.011 api_spamming
  • 0.008 stealth_timeout
  • 0.007 stealth_decoy_document
  • 0.007 anomaly_persistence_autorun
  • 0.007 antiav_detectfile
  • 0.007 infostealer_im
  • 0.006 antianalysis_detectreg
  • 0.006 ransomware_files
  • 0.005 infostealer_bitcoin
  • 0.005 ransomware_extensions
  • 0.004 kovter_behavior
  • 0.004 infostealer_mail
  • 0.003 tinba_behavior
  • 0.003 antiemu_wine_func
  • 0.003 infostealer_browser_password
  • 0.003 antivm_vbox_files
  • 0.003 geodo_banking_trojan
  • 0.003 disables_browser_warn
  • 0.003 network_torgateway
  • 0.002 antivm_vbox_libs
  • 0.002 rat_nanocore
  • 0.002 betabot_behavior
  • 0.002 cerber_behavior
  • 0.002 bot_drive
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.001 ursnif_behavior
  • 0.001 dyre_behavior
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 antidbg_windows
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 darkcomet_regkeys
  • 0.001 malicious_drop_executable_file_to_temp_folder
  • 0.001 recon_fingerprint
  • 0.001 stealth_modify_uac_prompt

Reporting ( 1.147 seconds )

  • 0.764 ReportHTMLSummary
  • 0.383 Malheur
Task ID 368178
Mongo ID 5d7216952f8f2e17c69dde6f
Cuckoo release 1.4-Maldun