分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2019-09-16 16:55:00 | 2019-09-16 16:57:25 | 145 秒 |
魔盾分数
5.85
可疑的
文件详细信息
| 文件名 | 欧阳CF过租.exe |
|---|---|
| 文件大小 | 3198976 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 843d195eb61584f160f7695b2870e226 |
| SHA1 | f2f447b99d01bafa716fc98ad017d3cc8efc852c |
| SHA256 | befce833888cb6e4fca45c75e43f20e92139812822d0acf8d41c18c4d99c8610 |
| SHA512 | e848f8a9803771559499376dcd5d3efb686eb9e9a5f81dcc5e84cf1095b09e36b2018134a6b12ae9627a98f7429962277912661429604c184e25bf6f2113e44e |
| CRC32 | 55FDB7C0 |
| Ssdeep | 49152:Q4Ddm2nmDuBEYneqDkhnfE42p5j8GjTWgub/0DIsa0/moV0U0fSeldc+TNI7OvU:npm2nmDuFkVfps5jRaPoV5oSel6 |
| Yara | 登录查看Yara规则 |
| 样本下载 提交漏报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x00467fa1 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x0031a8b9 |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2019-09-16 14:53:10 |
| 载入哈希 | 01f95b324da1fd5c5b27b829f84f9de4 |
版本信息
| LegalCopyright | |
|---|---|
| FileVersion | |
| CompanyName | |
| Comments | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x0008664e | 0x00087000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.56 |
| .rdata | 0x00088000 | 0x0025b2a0 | 0x0025c000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.74 |
| .data | 0x002e4000 | 0x0004330a | 0x00012000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 5.10 |
| .rsrc | 0x00328000 | 0x00016c84 | 0x00017000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.53 |
导入
库: WINMM.dll:
• 0x48862c midiStreamOut
• 0x488630 midiOutPrepareHeader
• 0x488634 waveOutWrite
• 0x488638 waveOutPause
• 0x48863c waveOutReset
• 0x488640 waveOutClose
• 0x488644 waveOutGetNumDevs
• 0x488648 waveOutOpen
• 0x48864c midiOutUnprepareHeader
• 0x488650 midiStreamOpen
• 0x488654 midiStreamProperty
• 0x488658 midiStreamStop
• 0x48865c midiOutReset
• 0x488660 midiStreamClose
• 0x488664 midiStreamRestart
• 0x488668 waveOutUnprepareHeader
• 0x48866c waveOutPrepareHeader
库: WS2_32.dll:
• 0x488684 WSACleanup
• 0x488688 closesocket
• 0x48868c getpeername
• 0x488690 accept
• 0x488694 WSAAsyncSelect
• 0x488698 recvfrom
• 0x48869c ioctlsocket
• 0x4886a0 inet_ntoa
• 0x4886a4 recv
库: KERNEL32.dll:
• 0x488174 SetLastError
• 0x488178 GetTimeZoneInformation
• 0x48817c GetVersion
• 0x488180 UnhandledExceptionFilter
• 0x488184 GetACP
• 0x488188 HeapSize
• 0x48818c RaiseException
• 0x488190 GetLocalTime
• 0x488194 GetSystemTime
• 0x488198 RtlUnwind
• 0x48819c GetStartupInfoA
• 0x4881a0 GetOEMCP
• 0x4881a4 GetCPInfo
• 0x4881a8 GetProcessVersion
• 0x4881ac SetErrorMode
• 0x4881b0 GlobalFlags
• 0x4881b4 GetCurrentThread
• 0x4881b8 GetFileTime
• 0x4881bc TlsGetValue
• 0x4881c0 LocalReAlloc
• 0x4881c4 TlsSetValue
• 0x4881c8 TlsFree
• 0x4881cc GlobalHandle
• 0x4881d0 TlsAlloc
• 0x4881d4 LocalAlloc
• 0x4881d8 lstrcmpA
• 0x4881dc GlobalGetAtomNameA
• 0x4881e0 GlobalAddAtomA
• 0x4881e4 GlobalFindAtomA
• 0x4881e8 GlobalDeleteAtom
• 0x4881ec lstrcmpiA
• 0x4881f0 SetEndOfFile
• 0x4881f4 UnlockFile
• 0x4881f8 LockFile
• 0x4881fc FlushFileBuffers
• 0x488200 DuplicateHandle
• 0x488204 lstrcpynA
• 0x488208 FileTimeToLocalFileTime
• 0x48820c FileTimeToSystemTime
• 0x488210 LocalFree
• 0x488214 InterlockedDecrement
• 0x488218 InterlockedIncrement
• 0x48821c TerminateProcess
• 0x488220 GetFileSize
• 0x488224 SetFilePointer
• 0x488228 WideCharToMultiByte
• 0x48822c MultiByteToWideChar
• 0x488230 GetCurrentProcess
• 0x488234 GetWindowsDirectoryA
• 0x488238 GetSystemDirectoryA
• 0x48823c CreateSemaphoreA
• 0x488240 ResumeThread
• 0x488244 ReleaseSemaphore
• 0x488248 EnterCriticalSection
• 0x48824c LeaveCriticalSection
• 0x488250 GetProfileStringA
• 0x488254 WriteFile
• 0x488258 WaitForMultipleObjects
• 0x48825c CreateFileA
• 0x488260 SetEvent
• 0x488264 FindResourceA
• 0x488268 LoadResource
• 0x48826c LockResource
• 0x488270 ReadFile
• 0x488274 GetModuleFileNameA
• 0x488278 GetCurrentThreadId
• 0x48827c ExitProcess
• 0x488280 GlobalSize
• 0x488284 GlobalFree
• 0x488288 DeleteCriticalSection
• 0x48828c InitializeCriticalSection
• 0x488290 lstrcatA
• 0x488294 InterlockedExchange
• 0x488298 lstrlenA
• 0x48829c WinExec
• 0x4882a0 lstrcpyA
• 0x4882a4 FindNextFileA
• 0x4882a8 GlobalReAlloc
• 0x4882ac HeapFree
• 0x4882b0 HeapReAlloc
• 0x4882b4 GetProcessHeap
• 0x4882b8 HeapAlloc
• 0x4882bc GetFullPathNameA
• 0x4882c0 FreeLibrary
• 0x4882c4 LoadLibraryA
• 0x4882c8 GetLastError
• 0x4882cc GetVersionExA
• 0x4882d0 WritePrivateProfileStringA
• 0x4882d4 CreateThread
• 0x4882d8 CreateEventA
• 0x4882dc Sleep
• 0x4882e0 ExpandEnvironmentStringsA
• 0x4882e4 GlobalAlloc
• 0x4882e8 GlobalLock
• 0x4882ec GlobalUnlock
• 0x4882f0 GetTempPathA
• 0x4882f4 FindFirstFileA
• 0x4882f8 FindClose
• 0x4882fc SetFileAttributesA
• 0x488300 GetFileAttributesA
• 0x488304 MoveFileA
• 0x488308 DeleteFileA
• 0x48830c SetCurrentDirectoryA
• 0x488310 GetVolumeInformationA
• 0x488314 GetModuleHandleA
• 0x488318 GetProcAddress
• 0x48831c MulDiv
• 0x488320 GetCommandLineA
• 0x488324 GetTickCount
• 0x488328 CreateProcessA
• 0x48832c WaitForSingleObject
• 0x488330 CloseHandle
• 0x488334 FreeEnvironmentStringsA
• 0x488338 FreeEnvironmentStringsW
• 0x48833c GetEnvironmentStrings
• 0x488340 GetEnvironmentStringsW
• 0x488344 SetHandleCount
• 0x488348 GetStdHandle
• 0x48834c GetFileType
• 0x488350 GetEnvironmentVariableA
• 0x488354 HeapDestroy
• 0x488358 HeapCreate
• 0x48835c VirtualFree
• 0x488360 SetEnvironmentVariableA
• 0x488364 LCMapStringA
• 0x488368 LCMapStringW
• 0x48836c VirtualAlloc
• 0x488370 IsBadWritePtr
• 0x488374 SetUnhandledExceptionFilter
• 0x488378 GetStringTypeA
• 0x48837c GetStringTypeW
• 0x488380 CompareStringA
• 0x488384 CompareStringW
• 0x488388 IsBadReadPtr
• 0x48838c IsBadCodePtr
• 0x488390 SetStdHandle
库: USER32.dll:
• 0x4883b8 GetMenu
• 0x4883bc SetMenu
• 0x4883c0 PeekMessageA
• 0x4883c4 GetSysColorBrush
• 0x4883c8 CopyAcceleratorTableA
• 0x4883cc GetKeyState
• 0x4883d0 TranslateAcceleratorA
• 0x4883d4 IsWindowEnabled
• 0x4883d8 ShowWindow
• 0x4883dc SystemParametersInfoA
• 0x4883e0 LoadImageA
• 0x4883e4 EnumDisplaySettingsA
• 0x4883e8 ClientToScreen
• 0x4883ec EnableMenuItem
• 0x4883f0 GetSubMenu
• 0x4883f4 GetDlgCtrlID
• 0x4883f8 CreateAcceleratorTableA
• 0x4883fc CreateMenu
• 0x488400 ModifyMenuA
• 0x488404 AppendMenuA
• 0x488408 CreatePopupMenu
• 0x48840c DrawIconEx
• 0x488410 CreateIconFromResource
• 0x488414 CreateIconFromResourceEx
• 0x488418 RegisterClipboardFormatA
• 0x48841c SetRectEmpty
• 0x488420 IsIconic
• 0x488424 SetFocus
• 0x488428 GetActiveWindow
• 0x48842c GetWindow
• 0x488430 DestroyAcceleratorTable
• 0x488434 SetWindowRgn
• 0x488438 GetMessagePos
• 0x48843c ScreenToClient
• 0x488440 DispatchMessageA
• 0x488444 CopyRect
• 0x488448 LoadBitmapA
• 0x48844c WinHelpA
• 0x488450 KillTimer
• 0x488454 SetTimer
• 0x488458 ReleaseCapture
• 0x48845c GetCapture
• 0x488460 SetCapture
• 0x488464 LoadStringA
• 0x488468 GetMenuCheckMarkDimensions
• 0x48846c GetMenuState
• 0x488470 GetScrollRange
• 0x488474 SetScrollRange
• 0x488478 SetScrollPos
• 0x48847c SetRect
• 0x488480 InflateRect
• 0x488484 IntersectRect
• 0x488488 DestroyIcon
• 0x48848c DeleteMenu
• 0x488490 OffsetRect
• 0x488494 IsWindowVisible
• 0x488498 EnableWindow
• 0x48849c RedrawWindow
• 0x4884a0 GetWindowLongA
• 0x4884a4 SetWindowLongA
• 0x4884a8 GetSysColor
• 0x4884ac SetActiveWindow
• 0x4884b0 SetCursorPos
• 0x4884b4 LoadCursorA
• 0x4884b8 SetCursor
• 0x4884bc GetDC
• 0x4884c0 FillRect
• 0x4884c4 IsRectEmpty
• 0x4884c8 ReleaseDC
• 0x4884cc IsChild
• 0x4884d0 DestroyMenu
• 0x4884d4 SetForegroundWindow
• 0x4884d8 GetWindowRect
• 0x4884dc EqualRect
• 0x4884e0 UpdateWindow
• 0x4884e4 ValidateRect
• 0x4884e8 InvalidateRect
• 0x4884ec GetClientRect
• 0x4884f0 GetFocus
• 0x4884f4 GetParent
• 0x4884f8 GetTopWindow
• 0x4884fc PostMessageA
• 0x488500 IsWindow
• 0x488504 SetParent
• 0x488508 DestroyCursor
• 0x48850c SendMessageA
• 0x488510 SetWindowPos
• 0x488514 MessageBoxA
• 0x488518 GetCursorPos
• 0x48851c GetSystemMetrics
• 0x488520 EmptyClipboard
• 0x488524 SetClipboardData
• 0x488528 OpenClipboard
• 0x48852c GetClipboardData
• 0x488530 CloseClipboard
• 0x488534 wsprintfA
• 0x488538 WaitForInputIdle
• 0x48853c GetSystemMenu
• 0x488540 GetMessageA
• 0x488544 WindowFromPoint
• 0x488548 DrawFocusRect
• 0x48854c DrawEdge
• 0x488550 TranslateMessage
• 0x488554 LoadIconA
• 0x488558 GetForegroundWindow
• 0x48855c GetDesktopWindow
• 0x488560 GetClassNameA
• 0x488564 GetDlgItem
• 0x488568 FindWindowExA
• 0x48856c GetWindowTextA
• 0x488570 DefWindowProcA
• 0x488574 GetClassInfoA
• 0x488578 IsZoomed
• 0x48857c PtInRect
• 0x488580 PostQuitMessage
• 0x488584 ChildWindowFromPointEx
• 0x488588 UnregisterClassA
• 0x48858c DrawFrameControl
• 0x488590 GetWindowTextLengthA
• 0x488594 CharUpperA
• 0x488598 GetWindowDC
• 0x48859c BeginPaint
• 0x4885a0 EndPaint
• 0x4885a4 TabbedTextOutA
• 0x4885a8 DrawTextA
• 0x4885ac GrayStringA
• 0x4885b0 DestroyWindow
• 0x4885b4 CreateDialogIndirectParamA
• 0x4885b8 EndDialog
• 0x4885bc GetNextDlgTabItem
• 0x4885c0 GetWindowPlacement
• 0x4885c4 RegisterWindowMessageA
• 0x4885c8 GetLastActivePopup
• 0x4885cc GetMessageTime
• 0x4885d0 RemovePropA
• 0x4885d4 CallWindowProcA
• 0x4885d8 GetPropA
• 0x4885dc UnhookWindowsHookEx
• 0x4885e0 SetPropA
• 0x4885e4 GetClassLongA
• 0x4885e8 CallNextHookEx
• 0x4885ec SetWindowsHookExA
• 0x4885f0 CreateWindowExA
• 0x4885f4 GetMenuItemID
• 0x4885f8 GetMenuItemCount
• 0x4885fc RegisterClassA
• 0x488600 GetScrollPos
• 0x488604 AdjustWindowRectEx
• 0x488608 MapWindowPoints
• 0x48860c SendDlgItemMessageA
• 0x488610 ScrollWindowEx
• 0x488614 IsDialogMessageA
• 0x488618 SetWindowTextA
• 0x48861c MoveWindow
• 0x488620 CheckMenuItem
• 0x488624 SetMenuItemBitmaps
库: GDI32.dll:
• 0x488028 ExtSelectClipRgn
• 0x48802c LineTo
• 0x488030 MoveToEx
• 0x488034 CreateBitmap
• 0x488038 SelectObject
• 0x48803c GetObjectA
• 0x488040 CreatePen
• 0x488044 PatBlt
• 0x488048 CombineRgn
• 0x48804c CreateRectRgn
• 0x488050 FillRgn
• 0x488054 CreateSolidBrush
• 0x488058 GetStockObject
• 0x48805c CreateFontIndirectA
• 0x488060 EndPage
• 0x488064 EndDoc
• 0x488068 DeleteDC
• 0x48806c StartDocA
• 0x488070 StartPage
• 0x488074 BitBlt
• 0x488078 Ellipse
• 0x48807c Rectangle
• 0x488080 LPtoDP
• 0x488084 DPtoLP
• 0x488088 GetCurrentObject
• 0x48808c RoundRect
• 0x488090 GetTextExtentPoint32A
• 0x488094 GetDeviceCaps
• 0x488098 SetBkColor
• 0x48809c ExcludeClipRect
• 0x4880a0 GetClipBox
• 0x4880a4 ScaleWindowExtEx
• 0x4880a8 SetWindowExtEx
• 0x4880ac SetWindowOrgEx
• 0x4880b0 ScaleViewportExtEx
• 0x4880b4 SetViewportExtEx
• 0x4880b8 OffsetViewportOrgEx
• 0x4880bc SetViewportOrgEx
• 0x4880c0 SetMapMode
• 0x4880c4 SetTextColor
• 0x4880c8 GetViewportExtEx
• 0x4880cc PtVisible
• 0x4880d0 RectVisible
• 0x4880d4 TextOutA
• 0x4880d8 ExtTextOutA
• 0x4880dc Escape
• 0x4880e0 GetTextMetricsA
• 0x4880e4 CreateDCA
• 0x4880e8 CreateCompatibleBitmap
• 0x4880ec GetPolyFillMode
• 0x4880f0 GetStretchBltMode
• 0x4880f4 GetROP2
• 0x4880f8 GetBkColor
• 0x4880fc GetBkMode
• 0x488100 GetTextColor
• 0x488104 CreateRoundRectRgn
• 0x488108 CreateEllipticRgn
• 0x48810c PathToRegion
• 0x488110 EndPath
• 0x488114 BeginPath
• 0x488118 GetWindowOrgEx
• 0x48811c GetViewportOrgEx
• 0x488120 SetROP2
• 0x488124 SetPolyFillMode
• 0x488128 SetBkMode
• 0x48812c RestoreDC
• 0x488130 SaveDC
• 0x488134 GetWindowExtEx
• 0x488138 GetDIBits
• 0x48813c RealizePalette
• 0x488140 SelectPalette
• 0x488144 StretchBlt
• 0x488148 CreatePalette
• 0x48814c GetSystemPaletteEntries
• 0x488150 CreateDIBitmap
• 0x488154 DeleteObject
• 0x488158 SelectClipRgn
• 0x48815c CreatePolygonRgn
• 0x488160 CreateRectRgnIndirect
• 0x488164 SetStretchBltMode
• 0x488168 CreateCompatibleDC
• 0x48816c GetClipRgn
库: ADVAPI32.dll:
• 0x488000 RegQueryValueExA
• 0x488004 RegOpenKeyExA
• 0x488008 RegSetValueExA
• 0x48800c RegQueryValueA
• 0x488010 RegCreateKeyExA
• 0x488014 RegCloseKey
库: SHELL32.dll:
• 0x4883a8 ShellExecuteA
• 0x4883ac Shell_NotifyIconA
• 0x4883b0 SHGetSpecialFolderPathA
库: comdlg32.dll:
• 0x4886ac ChooseColorA
• 0x4886b0 GetFileTitleA
• 0x4886b4 GetSaveFileNameA
• 0x4886b8 GetOpenFileNameA
.text
`.rdata
@.data
.rsrc
8`}<j
T$hVj
T$th
|$LVj
|$`Vj
D$@Sj
L$8h
t<h\}n
D$8Rj
l$<VWj
Ph0~n
u#hH~n
D$80'm
D$80'm
jjjjh
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 28.719 seconds )
- 15.477 Suricata
- 10.433 Static
- 1.019 TargetInfo
- 0.501 peid
- 0.42 VirusTotal
- 0.407 BehaviorAnalysis
- 0.357 NetworkAnalysis
- 0.077 AnalysisInfo
- 0.016 Strings
- 0.009 config_decoder
- 0.003 Memory
Signatures ( 0.254 seconds )
- 0.028 antiav_detectreg
- 0.022 api_spamming
- 0.022 md_url_bl
- 0.019 stealth_timeout
- 0.018 stealth_decoy_document
- 0.017 md_domain_bl
- 0.012 infostealer_ftp
- 0.008 antiav_detectfile
- 0.007 anomaly_persistence_autorun
- 0.007 infostealer_im
- 0.007 ransomware_extensions
- 0.007 ransomware_files
- 0.006 antianalysis_detectreg
- 0.005 infostealer_bitcoin
- 0.004 kovter_behavior
- 0.004 infostealer_mail
- 0.003 tinba_behavior
- 0.003 antiemu_wine_func
- 0.003 infostealer_browser_password
- 0.003 antivm_vbox_files
- 0.003 geodo_banking_trojan
- 0.003 disables_browser_warn
- 0.002 rat_nanocore
- 0.002 betabot_behavior
- 0.002 antidbg_windows
- 0.002 cerber_behavior
- 0.002 browser_security
- 0.002 modify_proxy
- 0.002 md_bad_drop
- 0.001 network_tor
- 0.001 antivm_vbox_libs
- 0.001 antivm_generic_services
- 0.001 ursnif_behavior
- 0.001 kibex_behavior
- 0.001 antivm_generic_scsi
- 0.001 shifu_behavior
- 0.001 exec_crash
- 0.001 antianalysis_detectfile
- 0.001 antidbg_devices
- 0.001 antivm_generic_diskreg
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 darkcomet_regkeys
- 0.001 maldun_malicious_drop_executable_file_to_temp_folder
- 0.001 office_security
- 0.001 rat_pcclient
- 0.001 rat_spynet
- 0.001 recon_fingerprint
- 0.001 stealth_hiddenreg
- 0.001 stealth_hide_notifications
- 0.001 stealth_modify_uac_prompt
- 0.001 stealth_modify_security_center_warnings
Reporting ( 1.057 seconds )
- 1.054 ReportHTMLSummary
- 0.003 Malheur
| Task ID | 374007 |
|---|---|
| Mongo ID | 5d7f4e9a2f8f2e3c5ebb5f32 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号