分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2019-09-16 18:22:31 2019-09-16 18:24:47 136 秒

魔盾分数

10.0

Pcclient病毒

文件详细信息

文件名 Yoayakoae.psd
文件大小 2896384 字节
文件类型 PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 2482500ad2cac1c0d9a0ff48ef0dece7
SHA1 bac29f214f1cf80647da7d77e3372ad9f869cab7
SHA256 8fe835c07a3662545e5b4893253bc10996cc7007b49ec661f5cc5a6382a821e9
SHA512 b40a3a6e781d1d04405092db0f7198143fa73ae0c7a875feb8091ac579e27060522ae866bd8f619efc38e655fe79a50e0eba93da0aa21668ea138a8028989813
CRC32 029C2CE3
Ssdeep 6144:JJVGpxx9b3wZuwm4GPZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZx:JJI3L3+LC
Yara 登录查看Yara规则
样本下载 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
183.224.86.202 中国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
xiaoyuqaz.xyz A 183.224.86.202

摘要

登录查看详细行为信息

PE 信息

初始地址 0x10000000
入口地址 0x1001297a
声明校验值 0x00000000
实际校验值 0x002c4fb7
最低操作系统版本要求 4.0
编译时间 2011-03-03 22:21:34
载入哈希 7c6587f80cfc7217c35267a25d2d65bd
导出DLL库名称 \x38\x31\x31\x31\x34\x31\x31\x31

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
PrivateBuild
LegalTrademarks
Comments
ProductName
SpecialBuild
ProductVersion
FileDescription
OriginalFilename
Translation

PEiD 规则

[u'Armadillo v1.xx - v2.xx']

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00011ec0 0x00012000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.46
.rdata 0x00013000 0x00002e0c 0x00003000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.14
.data 0x00016000 0x00002ea0 0x00002600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.34
.rsrc 0x00019000 0x00000760 0x00000800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.01
.reloc 0x0001a000 0x000012e8 0x00001400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 5.94

覆盖

偏移量 0x0001afd4
大小 0x002a822c

导入

库: KERNEL32.dll:
0x10013090 FindNextFileA
0x10013094 LocalReAlloc
0x10013098 FindFirstFileA
0x1001309c LocalAlloc
0x100130a0 RemoveDirectoryA
0x100130a4 GetFileSize
0x100130a8 CreateFileA
0x100130ac ReadFile
0x100130b0 SetFilePointer
0x100130b4 WriteFile
0x100130b8 MoveFileA
0x100130bc lstrcatA
0x100130c0 GetSystemDirectoryA
0x100130c4 CreateProcessA
0x100130c8 ExitProcess
0x100130cc Process32Next
0x100130d0 lstrcmpiA
0x100130d4 Process32First
0x100130dc HeapFree
0x100130e0 MapViewOfFile
0x100130e4 CreateFileMappingA
0x100130e8 UnmapViewOfFile
0x100130f0 GlobalFree
0x100130f4 GlobalUnlock
0x100130f8 GlobalLock
0x100130fc GlobalAlloc
0x10013100 GlobalSize
0x10013104 GetStartupInfoA
0x10013108 WaitForMultipleObjects
0x1001310c LocalSize
0x10013110 TerminateProcess
0x10013114 OpenProcess
0x10013118 GetCurrentThreadId
0x1001311c GlobalMemoryStatus
0x10013120 GetSystemInfo
0x10013124 GetComputerNameA
0x10013128 LocalFree
0x1001312c OpenEventA
0x10013130 SetErrorMode
0x10013134 GetCurrentProcess
0x10013138 GetWindowsDirectoryA
0x1001313c SetFileAttributesA
0x10013140 CopyFileA
0x10013148 GetModuleFileNameA
0x1001314c GetVolumeInformationA
0x10013150 GetDiskFreeSpaceExA
0x10013154 GetDriveTypeA
0x10013158 lstrlenA
0x1001315c lstrcpyA
0x10013160 GetFileAttributesA
0x10013164 CreateDirectoryA
0x10013168 DeleteFileA
0x1001316c GetProcessHeap
0x10013170 HeapAlloc
0x10013174 GetCurrentProcessId
0x10013178 GetLocalTime
0x1001317c GetTickCount
0x10013180 CancelIo
0x10013184 InterlockedExchange
0x10013188 ResetEvent
0x1001318c GetLastError
0x10013190 VirtualAlloc
0x10013194 EnterCriticalSection
0x10013198 LeaveCriticalSection
0x1001319c VirtualFree
0x100131a0 DeleteCriticalSection
0x100131a4 CreateThread
0x100131a8 ResumeThread
0x100131ac SetEvent
0x100131b0 WaitForSingleObject
0x100131b4 GetProcAddress
0x100131b8 Sleep
0x100131bc TerminateThread
0x100131c0 GetVersionExA
0x100131c4 FindClose
0x100131c8 CloseHandle
0x100131cc FreeLibrary
0x100131d0 LoadLibraryA
0x100131d4 GetModuleHandleA
0x100131d8 CreateEventA
库: USER32.dll:
0x10013288 LoadMenuA
0x1001328c RegisterClassA
0x10013290 LoadIconA
0x10013294 CreateWindowExA
0x10013298 CloseWindow
0x1001329c IsWindow
0x100132a0 PostMessageA
0x100132a4 OpenDesktopA
0x100132a8 GetThreadDesktop
0x100132b0 OpenInputDesktop
0x100132b4 SetThreadDesktop
0x100132b8 CloseDesktop
0x100132bc IsWindowVisible
0x100132c0 ExitWindowsEx
0x100132c4 GetCursorPos
0x100132c8 GetCursorInfo
0x100132cc DestroyCursor
0x100132d0 ReleaseDC
0x100132d4 GetDesktopWindow
0x100132d8 GetDC
0x100132dc SetRect
0x100132e0 GetSystemMetrics
0x100132e4 GetClipboardData
0x100132e8 OpenClipboard
0x100132ec EmptyClipboard
0x100132f0 SetClipboardData
0x100132f4 CloseClipboard
0x100132f8 mouse_event
0x100132fc SetCursorPos
0x10013300 WindowFromPoint
0x10013304 SetCapture
0x10013308 DispatchMessageA
0x1001330c TranslateMessage
0x10013310 GetMessageA
0x10013314 CharNextA
0x10013318 wsprintfA
0x1001331c GetWindowTextA
0x10013320 MessageBoxA
0x10013324 LoadCursorA
0x10013328 BlockInput
0x1001332c SendMessageA
0x10013330 keybd_event
0x10013334 MapVirtualKeyA
库: GDI32.dll:
0x10013088 GetStockObject
库: ADVAPI32.dll:
0x10013000 OpenProcessToken
0x10013004 RegDeleteKeyA
0x10013008 RegRestoreKeyA
0x1001300c RegSaveKeyA
0x10013010 RegCloseKey
0x10013014 RegQueryValueExA
0x10013018 RegOpenKeyExA
0x1001301c CloseEventLog
0x10013020 ClearEventLogA
0x10013024 OpenEventLogA
0x10013028 RegSetValueExA
0x1001302c RegCreateKeyExA
0x10013030 CloseServiceHandle
0x10013034 DeleteService
0x10013038 OpenServiceA
0x1001303c OpenSCManagerA
0x10013040 FreeSid
0x10013048 AddAccessAllowedAce
0x1001304c InitializeAcl
0x10013050 GetLengthSid
0x1001305c RegOpenKeyA
0x10013060 SetServiceStatus
0x10013068 UnlockServiceDatabase
0x1001306c ChangeServiceConfig2A
0x10013070 LockServiceDatabase
0x10013074 CreateServiceA
0x10013078 StartServiceA
0x1001307c AdjustTokenPrivileges
0x10013080 LookupPrivilegeValueA
库: SHELL32.dll:
库: MSVCRT.dll:
0x1001320c sprintf
0x10013210 strncpy
0x10013214 free
0x10013218 malloc
0x1001321c _except_handler3
0x10013220 strrchr
0x10013224 _beginthreadex
0x10013228 atoi
0x1001322c _stricmp
0x10013230 _access
0x10013234 srand
0x10013238 calloc
0x1001323c ??1type_info@@UAE@XZ
0x10013240 _initterm
0x10013244 _adjust_fdiv
0x10013248 rand
0x1001324c _CxxThrowException
0x10013250 strstr
0x10013254 _ftol
0x10013258 ??2@YAPAXI@Z
0x1001325c ??3@YAXPAX@Z
0x10013260 puts
0x10013264 __CxxFrameHandler
0x10013268 memmove
0x1001326c putchar
0x10013270 wcstombs
0x10013274 _strrev
0x10013278 ceil
库: WS2_32.dll:
0x10013340 sendto
0x10013344 WSASocketA
0x10013348 htonl
0x1001334c getsockname
0x10013350 inet_addr
0x10013354 send
0x10013358 closesocket
0x1001335c select
0x10013360 recv
0x10013364 socket
0x10013368 gethostbyname
0x1001336c htons
0x10013370 setsockopt
0x10013374 WSAIoctl
0x10013378 WSACleanup
0x1001337c WSAStartup
0x10013380 connect

导出

序列 地址 名称
1 0x1000b820 EndWork
2 0x1000b820 Runing
3 0x1000b840 ServiceMain
4 0x1000b820 Working
.text
`.rdata
@.data
.rsrc
@.reloc
t-f=e
SUVWj
wQt1-
F(RPj
RPQUSj
RWPVj
T$8QRj
T$,Vj
L$(Ph
SSSSSSSSh
PQSh?
L$ RUPj
deflate 1.1.4 Copyright 1995-2002 Jean-loup Gailly
inflate 1.1.4 Copyright 1995-2002 Mark Adler
CreateEventA
LoadLibraryA
FreeLibrary
CloseHandle
TerminateThread
Sleep
GetProcAddress
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetLastError
ResetEvent
InterlockedExchange
CancelIo
GetTickCount
GetLocalTime
GetCurrentProcessId
HeapAlloc
GetProcessHeap
DeleteFileA
CreateDirectoryA
GetFileAttributesA
lstrcpyA
lstrlenA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
GetFileSize
CreateFileA
ReadFile
SetFilePointer
WriteFile
MoveFileA
lstrcatA
GetSystemDirectoryA
CreateProcessA
ExitProcess
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
HeapFree
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetModuleHandleA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetStartupInfoA
WaitForMultipleObjects
LocalSize
TerminateProcess
OpenProcess
GetCurrentThreadId
GlobalMemoryStatus
GetSystemInfo
GetComputerNameA
GetVersionExA
OpenEventA
SetErrorMode
GetCurrentProcess
GetWindowsDirectoryA
SetFileAttributesA
CopyFileA
ExpandEnvironmentStringsA
GetModuleFileNameA
KERNEL32.dll
DispatchMessageA
TranslateMessage
GetMessageA
CharNextA
wsprintfA
GetWindowTextA
MessageBoxA
LoadCursorA
BlockInput
SendMessageA
keybd_event
MapVirtualKeyA
SetCapture
WindowFromPoint
SetCursorPos
mouse_event
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
GetSystemMetrics
SetRect
GetDC
GetDesktopWindow
ReleaseDC
DestroyCursor
GetCursorInfo
GetCursorPos
ExitWindowsEx
GetWindowThreadProcessId
IsWindowVisible
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop
OpenDesktopA
PostMessageA
IsWindow
CloseWindow
CreateWindowExA
LoadMenuA
RegisterClassA
LoadIconA
USER32.dll
GetStockObject
GDI32.dll
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CloseEventLog
ClearEventLogA
OpenEventLogA
RegSetValueExA
RegCreateKeyExA
CloseServiceHandle
DeleteService
OpenServiceA
OpenSCManagerA
FreeSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegOpenKeyA
SetServiceStatus
RegisterServiceCtrlHandlerA
UnlockServiceDatabase
ChangeServiceConfig2A
LockServiceDatabase
CreateServiceA
StartServiceA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSaveKeyA
RegRestoreKeyA
RegDeleteKeyA
ADVAPI32.dll
SHGetSpecialFolderPathA
SHELL32.dll
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
memmove
putchar
_ftol
strstr
_CxxThrowException
sprintf
strncpy
malloc
_except_handler3
strrchr
_beginthreadex
wcstombs
_access
srand
calloc
MSVCRT.dll
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
WSAIoctl
WSASocketA
WS2_32.dll
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
MSVCP60.dll
_strrev
_stricmp
Work.dll
EndWork
Runing
ServiceMain
Working
WINMM.dll
waveOutUnprepareHeader
waveOutClose
waveOutReset
waveInUnprepareHeader
waveInClose
waveInStop
waveInReset
waveOutWrite
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
InitializeCriticalSection
kernel32.dll
WS2_32.DLL
connect
bad Allocate
bad buffer
ProductName
SOFTWARE\Microsoft\Windows NT\CurrentVersion
%s%d%s
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET4.0C; .NET4.0E)
InternetOpenUrlA
InternetOpenA
InternetCloseHandle
WININET.dll
%d.%d.%d.%d
ShellExecuteA
Shell32.dll
SHGetFileInfoA
%s\%s
%s%s%s
%s%s*.*
\syslog.dat
WinSta0\Default
Gh0st Update
System
Security
Application
NetSubKey
EnumWindows
user32.dll
IMM32.dll
GetWindowTextA
GetActiveWindow
GetKeyNameTextA
CallNextHookEx
ImmReleaseContext
ImmGetCompositionStringA
ImmGetContext
MyCreateMa
SetWindowsHookExA
UnhookWindowsHookEx
\Plugin
PluginEnd
PluginStart
PluginDelete
%s %s %s
PluginDescript
%s\*.*
DestroyCursor
User32.dll
SystemParametersInfoA
USER32.dll
SelectObject
CreateDIBSection
CreateCompatibleDC
GDI32.dll
DeleteObject
DeleteDC
BitBlt
GetDIBits
CreateCompatibleBitmap
CreateProcessA
\cmd.exe
CreatePipe
Kernel32.dll
CloseHandle
DisconnectNamedPipe
TerminateProcess
TerminateThread
PeekNamedPipe
GetModuleFileNameExA
EnumProcessModules
PSAPI.dll
SeDebugPrivilege
SeShutdownPrivilege
InternetReadFile
Mozilla/4.0 (compatible)
CVideoCap
capCreateCaptureWindowA
AVICAP32.dll
#32770
CreateWindowExA
capGetDriverDescriptionA
ICSeqCompressFrame
ICSeqCompressFrameStart
ICSendMessage
ICOpen
MSVFW32.dll
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
HARDWARE\DESCRIPTION\System\CentralProcessor\0
Global\Net_%d
My Win32 Applaction
WIN32 Application
SeBackupPrivilege
SeRestorePrivilege
ServiceDll
%s\Parameters
SOFTWARE\%d
Net-Temp.ini
SYSTEM\CurrentControlSet\Services\
imgsvc
SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
\Parameters
%SystemRoot%\System32\svchost.exe -k imgsvc
Glable__Wait
c:\NT_Path.jpg
1.1.4
need dictionary
incorrect data check
incorrect header check
invalid window size
unknown compression method
invalid bit length repeat
too many length or distance symbols
invalid stored block lengths
invalid block type
incompatible version
buffer error
insufficient memory
data error
stream error
file error
stream end
invalid distance code
invalid literal/length code
incomplete dynamic bit lengths tree
oversubscribed dynamic bit lengths tree
incomplete literal/length tree
oversubscribed literal/length tree
empty distance tree with lengths
incomplete distance tree
oversubscribed distance tree
.?AVtype_info@@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.34</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency></assembly>
>&?4?8?<?@?D?H?L?P?T?X?\?
9=9w9|:5<A<P<_<
={>*?
;E=J=
;G<g<
9,989T9\9
081<1P1T1l1
jjjjh
VS_VERSION_INFO
StringFileInfo
080404b0
Comments
CompanyName
Sogou.com Inc.
FileDescription
FileVersion
5.0.0.3787
InternalName
SogouPY SogouTSF
LegalCopyright
? 2010 Sogou.com Inc. All rights reserved.
LegalTrademarks
OriginalFilename
SogouTSF.dll
PrivateBuild
ProductName
ProductVersion
5.0.0.3787
SpecialBuild
VarFileInfo
Translation
没有防病毒引擎扫描信息!

进程树


rundll32.exe, PID: 2480, 上一级进程 PID: 2332
services.exe, PID: 428, 上一级进程 PID: 332
svchost.exe, PID: 2664, 上一级进程 PID: 428

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
183.224.86.202 中国

TCP

无TCP连接纪录.

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 64912 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
xiaoyuqaz.xyz A 183.224.86.202

TCP

无TCP连接纪录.

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 64912 192.168.122.1 53

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 38.714 seconds )

  • 15.643 Suricata
  • 8.516 NetworkAnalysis
  • 8.017 Static
  • 2.666 BehaviorAnalysis
  • 1.63 TargetInfo
  • 1.616 VirusTotal
  • 0.456 peid
  • 0.144 AnalysisInfo
  • 0.018 Strings
  • 0.005 config_decoder
  • 0.003 Memory

Signatures ( 0.853 seconds )

  • 0.178 api_spamming
  • 0.144 stealth_decoy_document
  • 0.142 stealth_timeout
  • 0.042 antisandbox_sleep
  • 0.027 injection_createremotethread
  • 0.027 process_interest
  • 0.026 vawtrak_behavior
  • 0.024 antiav_detectreg
  • 0.02 md_url_bl
  • 0.019 md_domain_bl
  • 0.018 injection_runpe
  • 0.015 stealth_file
  • 0.011 process_needed
  • 0.011 infostealer_ftp
  • 0.009 andromeda_behavior
  • 0.008 anomaly_persistence_autorun
  • 0.008 antiav_detectfile
  • 0.007 betabot_behavior
  • 0.007 infostealer_im
  • 0.007 ransomware_files
  • 0.006 antivm_vmware_events
  • 0.006 ransomware_extensions
  • 0.005 cryptowall_behavior
  • 0.005 antianalysis_detectreg
  • 0.005 infostealer_bitcoin
  • 0.004 Locky_behavior
  • 0.004 infostealer_mail
  • 0.004 network_torgateway
  • 0.003 tinba_behavior
  • 0.003 antivm_generic_scsi
  • 0.003 antivm_vbox_files
  • 0.003 geodo_banking_trojan
  • 0.003 disables_browser_warn
  • 0.002 bootkit
  • 0.002 rat_nanocore
  • 0.002 mimics_filetime
  • 0.002 reads_self
  • 0.002 antivm_generic_disk
  • 0.002 cerber_behavior
  • 0.002 virus
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.001 hawkeye_behavior
  • 0.001 network_tor
  • 0.001 dridex_behavior
  • 0.001 antivm_generic_services
  • 0.001 ursnif_behavior
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 anormaly_invoke_kills
  • 0.001 hancitor_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 darkcomet_regkeys
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 maldun_network_blacklist
  • 0.001 network_tor_service
  • 0.001 office_security
  • 0.001 rat_spynet
  • 0.001 recon_fingerprint
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.885 seconds )

  • 0.883 ReportHTMLSummary
  • 0.002 Malheur
Task ID 374080
Mongo ID 5d7f632f2f8f2e3c62bb5d38
Cuckoo release 1.4-Maldun