分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2019-09-16 19:21:43 | 2019-09-16 19:23:56 | 133 秒 |
魔盾分数
10.0
Malicious病毒
文件详细信息
| 文件名 | UU补丁.exe |
|---|---|
| 文件大小 | 434176 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | eee5a11a4b742416f1c189f480687527 |
| SHA1 | f015f1399174f17d348a89ee26a21ec25bb2c909 |
| SHA256 | 4ac5a55ebef653cfd41f36b696a8989951d7b23a898a437d52332523ac38c50f |
| SHA512 | 057cc99a22b83c2b8d4d38fbea413ae91ffaafde332d32e069f5ad89f7debe41f67534ffc778627e9f76db2d919b3eb3f9496307fd7df184d2a31daa03ebb2b7 |
| CRC32 | DD9D9B3B |
| Ssdeep | 6144:K1wx4dR9YyHMvnJ0ch/HqWWmBMtSJsewDNhWNcDbHuJ1Mv5/pFe7f9l:a9l4PUmBi1eNcDbOJi5pFU |
| Yara | 登录查看Yara规则 |
| 样本下载 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x0050e648 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x000707fb |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2019-06-01 10:48:51 |
| 载入哈希 | edf5455b5fa78167909eadcaf8d3b394 |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x0008885a | 0x00000000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 0.00 |
| .rdata | 0x0008a000 | 0x0002e106 | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 0.00 |
| .data | 0x000b9000 | 0x000420ca | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .vmp0 | 0x000fc000 | 0x0000b04c | 0x00000000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 0.00 |
| .vmp1 | 0x00108000 | 0x00067346 | 0x00068000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.98 |
| .rsrc | 0x00170000 | 0x0000140e | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 2.59 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| RT_DIALOG | 0x001712e0 | 0x000000e2 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_DIALOG | 0x001712e0 | 0x000000e2 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_DIALOG | 0x001712e0 | 0x000000e2 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_GROUP_CURSOR | 0x001713ec | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_GROUP_CURSOR | 0x001713ec | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
| RT_GROUP_CURSOR | 0x001713ec | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
导入
库: WINMM.dll:
• 0x522c90 midiStreamOut
• 0x522c94 midiOutPrepareHeader
• 0x522c98 waveOutWrite
• 0x522c9c waveOutPause
• 0x522ca0 waveOutReset
• 0x522ca4 waveOutClose
• 0x522ca8 waveOutGetNumDevs
• 0x522cac waveOutOpen
• 0x522cb0 midiOutUnprepareHeader
• 0x522cb4 midiStreamOpen
• 0x522cb8 midiStreamProperty
• 0x522cbc midiStreamStop
• 0x522cc0 midiOutReset
• 0x522cc4 midiStreamClose
• 0x522cc8 midiStreamRestart
• 0x522ccc waveOutUnprepareHeader
• 0x522cd0 waveOutPrepareHeader
库: WS2_32.dll:
• 0x522cd8 WSAAsyncSelect
• 0x522cdc closesocket
• 0x522ce0 WSACleanup
• 0x522ce4 inet_ntoa
• 0x522ce8 recvfrom
• 0x522cec ioctlsocket
• 0x522cf0 recv
• 0x522cf4 accept
• 0x522cf8 getpeername
库: KERNEL32.dll:
• 0x522d00 SetLastError
• 0x522d04 GetTimeZoneInformation
• 0x522d08 GetVersion
• 0x522d0c UnhandledExceptionFilter
• 0x522d10 GetACP
• 0x522d14 HeapSize
• 0x522d18 RaiseException
• 0x522d1c GetLocalTime
• 0x522d20 GetSystemTime
• 0x522d24 RtlUnwind
• 0x522d28 GetStartupInfoA
• 0x522d2c GetOEMCP
• 0x522d30 GetCPInfo
• 0x522d34 GetProcessVersion
• 0x522d38 SetErrorMode
• 0x522d3c GlobalFlags
• 0x522d40 GetCurrentThread
• 0x522d44 GetFileTime
• 0x522d48 TlsGetValue
• 0x522d4c LocalReAlloc
• 0x522d50 TlsSetValue
• 0x522d54 TlsFree
• 0x522d58 GlobalHandle
• 0x522d5c TlsAlloc
• 0x522d60 LocalAlloc
• 0x522d64 lstrcmpA
• 0x522d68 GlobalGetAtomNameA
• 0x522d6c GlobalAddAtomA
• 0x522d70 GlobalFindAtomA
• 0x522d74 GlobalDeleteAtom
• 0x522d78 lstrcmpiA
• 0x522d7c SetEndOfFile
• 0x522d80 UnlockFile
• 0x522d84 LockFile
• 0x522d88 FlushFileBuffers
• 0x522d8c DuplicateHandle
• 0x522d90 lstrcpynA
• 0x522d94 FileTimeToLocalFileTime
• 0x522d98 FileTimeToSystemTime
• 0x522d9c LocalFree
• 0x522da0 InterlockedDecrement
• 0x522da4 InterlockedIncrement
• 0x522da8 OpenProcess
• 0x522dac TerminateProcess
• 0x522db0 GetFileSize
• 0x522db4 SetFilePointer
• 0x522db8 CreateToolhelp32Snapshot
• 0x522dbc Process32First
• 0x522dc0 Process32Next
• 0x522dc4 GetCurrentProcess
• 0x522dc8 GetWindowsDirectoryA
• 0x522dcc GetSystemDirectoryA
• 0x522dd0 CreateSemaphoreA
• 0x522dd4 ResumeThread
• 0x522dd8 ReleaseSemaphore
• 0x522ddc EnterCriticalSection
• 0x522de0 LeaveCriticalSection
• 0x522de4 GetProfileStringA
• 0x522de8 WriteFile
• 0x522dec WaitForMultipleObjects
• 0x522df0 CreateFileA
• 0x522df4 SetEvent
• 0x522df8 FindResourceA
• 0x522dfc LoadResource
• 0x522e00 LockResource
• 0x522e04 ReadFile
• 0x522e08 GetModuleFileNameA
• 0x522e0c WideCharToMultiByte
• 0x522e10 MultiByteToWideChar
• 0x522e14 GetCurrentThreadId
• 0x522e18 ExitProcess
• 0x522e1c GlobalSize
• 0x522e20 GlobalFree
• 0x522e24 DeleteCriticalSection
• 0x522e28 InterlockedExchange
• 0x522e2c InitializeCriticalSection
• 0x522e30 lstrcatA
• 0x522e34 lstrlenA
• 0x522e38 WinExec
• 0x522e3c lstrcpyA
• 0x522e40 FindNextFileA
• 0x522e44 GlobalReAlloc
• 0x522e48 HeapFree
• 0x522e4c HeapReAlloc
• 0x522e50 GetProcessHeap
• 0x522e54 HeapAlloc
• 0x522e58 GetFullPathNameA
• 0x522e5c FreeLibrary
• 0x522e60 LoadLibraryA
• 0x522e64 GetLastError
• 0x522e68 GetVersionExA
• 0x522e6c WritePrivateProfileStringA
• 0x522e70 CreateThread
• 0x522e74 CreateEventA
• 0x522e78 Sleep
• 0x522e7c GlobalAlloc
• 0x522e80 GlobalLock
• 0x522e84 GlobalUnlock
• 0x522e88 GetTempPathA
• 0x522e8c FindFirstFileA
• 0x522e90 FindClose
• 0x522e94 GetFileAttributesA
• 0x522e98 SetCurrentDirectoryA
• 0x522e9c GetVolumeInformationA
• 0x522ea0 GetModuleHandleA
• 0x522ea4 GetProcAddress
• 0x522ea8 MulDiv
• 0x522eac GetCommandLineA
• 0x522eb0 GetTickCount
• 0x522eb4 CreateProcessA
• 0x522eb8 WaitForSingleObject
• 0x522ebc CloseHandle
• 0x522ec0 FreeEnvironmentStringsA
• 0x522ec4 FreeEnvironmentStringsW
• 0x522ec8 GetEnvironmentStrings
• 0x522ecc GetEnvironmentStringsW
• 0x522ed0 SetHandleCount
• 0x522ed4 GetStdHandle
• 0x522ed8 GetFileType
• 0x522edc GetEnvironmentVariableA
• 0x522ee0 HeapDestroy
• 0x522ee4 HeapCreate
• 0x522ee8 VirtualFree
• 0x522eec SetEnvironmentVariableA
• 0x522ef0 LCMapStringA
• 0x522ef4 LCMapStringW
• 0x522ef8 VirtualAlloc
• 0x522efc IsBadWritePtr
• 0x522f00 SetUnhandledExceptionFilter
• 0x522f04 GetStringTypeA
• 0x522f08 GetStringTypeW
• 0x522f0c CompareStringA
• 0x522f10 CompareStringW
• 0x522f14 IsBadReadPtr
• 0x522f18 IsBadCodePtr
• 0x522f1c SetStdHandle
库: USER32.dll:
• 0x522f24 GetMenu
• 0x522f28 SetMenu
• 0x522f2c PeekMessageA
• 0x522f30 GetSysColorBrush
• 0x522f34 CopyAcceleratorTableA
• 0x522f38 GetKeyState
• 0x522f3c TranslateAcceleratorA
• 0x522f40 IsWindowEnabled
• 0x522f44 ShowWindow
• 0x522f48 SystemParametersInfoA
• 0x522f4c LoadImageA
• 0x522f50 EnumDisplaySettingsA
• 0x522f54 ClientToScreen
• 0x522f58 EnableMenuItem
• 0x522f5c GetSubMenu
• 0x522f60 GetDlgCtrlID
• 0x522f64 CreateAcceleratorTableA
• 0x522f68 CreateMenu
• 0x522f6c ModifyMenuA
• 0x522f70 AppendMenuA
• 0x522f74 CreatePopupMenu
• 0x522f78 DrawIconEx
• 0x522f7c CreateIconFromResource
• 0x522f80 CreateIconFromResourceEx
• 0x522f84 RegisterClipboardFormatA
• 0x522f88 SetRectEmpty
• 0x522f8c IsIconic
• 0x522f90 SetFocus
• 0x522f94 GetActiveWindow
• 0x522f98 GetWindow
• 0x522f9c DestroyAcceleratorTable
• 0x522fa0 SetWindowRgn
• 0x522fa4 GetMessagePos
• 0x522fa8 ScreenToClient
• 0x522fac ChildWindowFromPointEx
• 0x522fb0 DispatchMessageA
• 0x522fb4 LoadBitmapA
• 0x522fb8 WinHelpA
• 0x522fbc KillTimer
• 0x522fc0 SetTimer
• 0x522fc4 ReleaseCapture
• 0x522fc8 GetCapture
• 0x522fcc SetCapture
• 0x522fd0 LoadStringA
• 0x522fd4 GetScrollRange
• 0x522fd8 SetScrollRange
• 0x522fdc SetScrollPos
• 0x522fe0 SetRect
• 0x522fe4 InflateRect
• 0x522fe8 IntersectRect
• 0x522fec DestroyIcon
• 0x522ff0 PtInRect
• 0x522ff4 DeleteMenu
• 0x522ff8 IsWindowVisible
• 0x522ffc EnableWindow
• 0x523000 RedrawWindow
• 0x523004 GetWindowLongA
• 0x523008 SetWindowLongA
• 0x52300c GetSysColor
• 0x523010 SetActiveWindow
• 0x523014 SetCursorPos
• 0x523018 LoadCursorA
• 0x52301c SetCursor
• 0x523020 GetDC
• 0x523024 FillRect
• 0x523028 IsRectEmpty
• 0x52302c ReleaseDC
• 0x523030 IsChild
• 0x523034 DestroyMenu
• 0x523038 SetForegroundWindow
• 0x52303c GetWindowRect
• 0x523040 EqualRect
• 0x523044 UpdateWindow
• 0x523048 ValidateRect
• 0x52304c InvalidateRect
• 0x523050 GetClientRect
• 0x523054 GetFocus
• 0x523058 GetParent
• 0x52305c GetTopWindow
• 0x523060 PostMessageA
• 0x523064 IsWindow
• 0x523068 SetParent
• 0x52306c DestroyCursor
• 0x523070 SendMessageA
• 0x523074 SetWindowPos
• 0x523078 MessageBoxA
• 0x52307c GetCursorPos
• 0x523080 GetSystemMetrics
• 0x523084 EmptyClipboard
• 0x523088 SetClipboardData
• 0x52308c OpenClipboard
• 0x523090 GetClipboardData
• 0x523094 CloseClipboard
• 0x523098 wsprintfA
• 0x52309c WaitForInputIdle
• 0x5230a0 GetSystemMenu
• 0x5230a4 GetMessageA
• 0x5230a8 WindowFromPoint
• 0x5230ac DrawFocusRect
• 0x5230b0 DrawEdge
• 0x5230b4 TranslateMessage
• 0x5230b8 LoadIconA
• 0x5230bc GetForegroundWindow
• 0x5230c0 GetDesktopWindow
• 0x5230c4 GetClassNameA
• 0x5230c8 GetWindowThreadProcessId
• 0x5230cc FindWindowA
• 0x5230d0 GetDlgItem
• 0x5230d4 GetWindowTextA
• 0x5230d8 DefWindowProcA
• 0x5230dc GetClassInfoA
• 0x5230e0 IsZoomed
• 0x5230e4 OffsetRect
• 0x5230e8 PostQuitMessage
• 0x5230ec CopyRect
• 0x5230f0 UnregisterClassA
• 0x5230f4 DrawFrameControl
• 0x5230f8 GetWindowTextLengthA
• 0x5230fc CharUpperA
• 0x523100 GetWindowDC
• 0x523104 BeginPaint
• 0x523108 EndPaint
• 0x52310c TabbedTextOutA
• 0x523110 DrawTextA
• 0x523114 GrayStringA
• 0x523118 DestroyWindow
• 0x52311c CreateDialogIndirectParamA
• 0x523120 EndDialog
• 0x523124 GetNextDlgTabItem
• 0x523128 GetWindowPlacement
• 0x52312c RegisterWindowMessageA
• 0x523130 GetLastActivePopup
• 0x523134 GetMessageTime
• 0x523138 RemovePropA
• 0x52313c CallWindowProcA
• 0x523140 GetPropA
• 0x523144 UnhookWindowsHookEx
• 0x523148 SetPropA
• 0x52314c GetClassLongA
• 0x523150 CallNextHookEx
• 0x523154 SetWindowsHookExA
• 0x523158 CreateWindowExA
• 0x52315c GetMenuItemID
• 0x523160 GetMenuItemCount
• 0x523164 RegisterClassA
• 0x523168 GetScrollPos
• 0x52316c AdjustWindowRectEx
• 0x523170 MapWindowPoints
• 0x523174 SendDlgItemMessageA
• 0x523178 ScrollWindowEx
• 0x52317c IsDialogMessageA
• 0x523180 SetWindowTextA
• 0x523184 MoveWindow
• 0x523188 CheckMenuItem
• 0x52318c SetMenuItemBitmaps
• 0x523190 GetMenuState
• 0x523194 GetMenuCheckMarkDimensions
库: GDI32.dll:
• 0x52319c ExtSelectClipRgn
• 0x5231a0 LineTo
• 0x5231a4 MoveToEx
• 0x5231a8 CreateBitmap
• 0x5231ac SelectObject
• 0x5231b0 GetObjectA
• 0x5231b4 CreatePen
• 0x5231b8 PatBlt
• 0x5231bc CombineRgn
• 0x5231c0 CreateRectRgn
• 0x5231c4 FillRgn
• 0x5231c8 CreateSolidBrush
• 0x5231cc GetStockObject
• 0x5231d0 CreateFontIndirectA
• 0x5231d4 EndPage
• 0x5231d8 EndDoc
• 0x5231dc DeleteDC
• 0x5231e0 StartDocA
• 0x5231e4 StartPage
• 0x5231e8 BitBlt
• 0x5231ec Ellipse
• 0x5231f0 Rectangle
• 0x5231f4 LPtoDP
• 0x5231f8 DPtoLP
• 0x5231fc GetCurrentObject
• 0x523200 RoundRect
• 0x523204 GetTextExtentPoint32A
• 0x523208 GetDeviceCaps
• 0x52320c ExcludeClipRect
• 0x523210 GetClipBox
• 0x523214 ScaleWindowExtEx
• 0x523218 SetWindowExtEx
• 0x52321c SetWindowOrgEx
• 0x523220 ScaleViewportExtEx
• 0x523224 SetViewportExtEx
• 0x523228 OffsetViewportOrgEx
• 0x52322c SetViewportOrgEx
• 0x523230 GetViewportExtEx
• 0x523234 PtVisible
• 0x523238 RectVisible
• 0x52323c TextOutA
• 0x523240 ExtTextOutA
• 0x523244 Escape
• 0x523248 GetTextMetricsA
• 0x52324c CreateDCA
• 0x523250 CreateCompatibleBitmap
• 0x523254 GetPolyFillMode
• 0x523258 GetStretchBltMode
• 0x52325c GetROP2
• 0x523260 GetBkColor
• 0x523264 GetBkMode
• 0x523268 GetTextColor
• 0x52326c CreateRoundRectRgn
• 0x523270 CreateEllipticRgn
• 0x523274 PathToRegion
• 0x523278 EndPath
• 0x52327c BeginPath
• 0x523280 GetWindowOrgEx
• 0x523284 GetViewportOrgEx
• 0x523288 GetWindowExtEx
• 0x52328c GetDIBits
• 0x523290 SetMapMode
• 0x523294 SetTextColor
• 0x523298 SetROP2
• 0x52329c SetPolyFillMode
• 0x5232a0 SetBkMode
• 0x5232a4 RestoreDC
• 0x5232a8 SaveDC
• 0x5232ac RealizePalette
• 0x5232b0 SelectPalette
• 0x5232b4 StretchBlt
• 0x5232b8 CreatePalette
• 0x5232bc GetSystemPaletteEntries
• 0x5232c0 CreateDIBitmap
• 0x5232c4 DeleteObject
• 0x5232c8 SelectClipRgn
• 0x5232cc CreatePolygonRgn
• 0x5232d0 SetStretchBltMode
• 0x5232d4 CreateRectRgnIndirect
• 0x5232d8 CreateCompatibleDC
• 0x5232dc GetClipRgn
• 0x5232e0 SetBkColor
库: ADVAPI32.dll:
• 0x5232f8 RegOpenKeyExA
• 0x5232fc RegSetValueExA
• 0x523300 RegQueryValueA
• 0x523304 RegCreateKeyExA
• 0x523308 RegCloseKey
库: SHELL32.dll:
• 0x523310 SHGetSpecialFolderPathA
• 0x523314 ShellExecuteA
• 0x523318 Shell_NotifyIconA
库: comdlg32.dll:
• 0x52334c ChooseColorA
• 0x523350 GetFileTitleA
• 0x523354 GetSaveFileNameA
• 0x523358 GetOpenFileNameA
库: KERNEL32.dll:
• 0x523360 GetModuleFileNameW
库: KERNEL32.dll:
• 0x523368 GetModuleHandleA
• 0x52336c LoadLibraryA
• 0x523370 LocalAlloc
• 0x523374 LocalFree
• 0x523378 GetModuleFileNameA
• 0x52337c ExitProcess
.text
`.rdata
@.data
.vmp0
`.vmp1
.rsrc
LocalReAlloc
GetWindowOrgEx
GetLocalTime
TranslateMessage
GetTextExtentPoint32A
GetClipRgn
CheckMenuItem
HeapFree
SetPolyFillMode
CompareStringW
GetClassNameA
GetSystemMenu
GetEnvironmentStringsW
GetFileSize
AppendMenuA
SetWindowExtEx
DestroyCursor
UpdateWindow
MoveToEx
GrayStringA
ScreenToClient
FreeEnvironmentStringsW
CloseClipboard
LoadIconA
CreateIconFromResource
GetProfileStringA
GetViewportOrgEx
Escape
OLEAUT32.dll
HeapReAlloc
waveOutWrite
BitBlt
DispatchMessageA
CreateWindowExA
midiOutUnprepareHeader
ADVAPI32.dll
IsIconic
PathToRegion
GetVersionExA
RegisterClassA
GetSysColor
CreateEllipticRgn
GetClassInfoA
waveOutClose
IsWindowVisible
GetFileTitleA
midiOutPrepareHeader
lstrcmpA
DrawTextA
CreateDCA
CompareStringA
midiStreamOut
DocumentPropertiesA
SetMenu
EndDialog
GetSubMenu
CloseHandle
GetProcessHeap
TranslateAcceleratorA
lstrcpynA
Shell_NotifyIconA
GetTempPathA
GlobalSize
FreeEnvironmentStringsA
GetLastActivePopup
waveOutOpen
RegCloseKey
GetTextMetricsA
FlushFileBuffers
GetSystemDirectoryA
CreatePolygonRgn
lstrcpyA
CallWindowProcA
SetFocus
DestroyIcon
CreateCompatibleDC
DefWindowProcA
RtlUnwind
MultiByteToWideChar
IntersectRect
GetTimeZoneInformation
SetCapture
GetBkMode
GetBkColor
EndDoc
EqualRect
GetDlgCtrlID
ScaleWindowExtEx
midiStreamProperty
SetCurrentDirectoryA
SetWindowRgn
SetCursor
GetScrollRange
IsChild
WaitForSingleObject
RaiseException
Rectangle
SetMapMode
GetProcessVersion
GetEnvironmentStrings
GetDIBits
ImageList_Destroy
GetFileType
IsZoomed
TlsSetValue
LoadBitmapA
DestroyAcceleratorTable
RegCreateKeyExA
SendDlgItemMessageA
ScrollWindowEx
SetRect
GlobalDeleteAtom
OffsetRect
GetParent
HeapCreate
ClientToScreen
GetStdHandle
WritePrivateProfileStringA
GetProcAddress
CreateEventA
lstrcmpiA
GetClipboardData
GetDesktopWindow
CreateCompatibleBitmap
user32.dll
LocalFree
EnumDisplaySettingsA
WinHelpA
SetEnvironmentVariableA
GetWindowPlacement
ExitProcess
LCMapStringA
IsBadReadPtr
DeleteObject
OpenClipboard
SetEndOfFile
RegQueryValueA
GlobalLock
GetMessagePos
SetViewportOrgEx
GetClientRect
SaveDC
ShowWindow
GetClassLongA
IsWindow
BeginPath
GetWindowLongA
SetTimer
FindResourceA
GlobalGetAtomNameA
GetMessageTime
SetMenuItemBitmaps
CopyRect
IsBadWritePtr
DrawEdge
GetDC
WideCharToMultiByte
GetWindowExtEx
ChildWindowFromPointEx
GetModuleFileNameW
MoveWindow
zp:q|
5w[k]'
Az[=;)
<]Q(^
FreeLibrary
GetStringTypeW
Ellipse
GetOpenFileNameA
GDI32.dll
GetVersion
EnableWindow
TlsFree
RectVisible
GetWindowTextA
CreateSolidBrush
InitializeCriticalSection
DeleteDC
IsRectEmpty
SHELL32.dll
CreatePopupMenu
InterlockedIncrement
DeleteCriticalSection
LPtoDP
DPtoLP
SetWindowPos
DeleteMenu
SetParent
GetDeviceCaps
StretchBlt
GetForegroundWindow
GetPropA
waveOutUnprepareHeader
SetWindowTextA
BeginPaint
SetWindowOrgEx
GetModuleHandleA
GlobalHandle
TerminateProcess
KillTimer
GetStockObject
SetScrollRange
RegisterClipboardFormatA
CreateProcessA
EndPage
CreateAcceleratorTableA
SetBkColor
GetMenuItemCount
DrawFocusRect
WINSPOOL.DRV
CreateThread
UnhookWindowsHookEx
DrawIconEx
GetWindowTextLengthA
VirtualAlloc
LineTo
SetStretchBltMode
CreateToolhelp32Snapshot
GetWindow
midiStreamStop
GetMenuState
CreateRectRgnIndirect
waveOutReset
GetCapture
GetActiveWindow
CharUpperA
LoadResource
LoadLibraryA
SetPropA
GetFullPathNameA
SetLastError
LoadCursorA
GetKeyState
r'wwKERNEL32.dll
RegisterWindowMessageA
SetForegroundWindow
CreateDialogIndirectParamA
CreateFileA
midiStreamOpen
GetModuleFileNameA
SetBkMode
SetActiveWindow
InvalidateRect
GetMenuItemID
ResumeThread
TabbedTextOutA
SetCursorPos
CombineRgn
GetCurrentProcess
GlobalReAlloc
HeapDestroy
PtInRect
HeapSize
InterlockedExchange
ExtSelectClipRgn
GetROP2
RemovePropA
MessageBoxA
GlobalFree
GetLastError
midiStreamClose
GetClipBox
EnableMenuItem
Process32Next
LockResource
IsWindowEnabled
ReleaseCapture
SetScrollPos
CopyAcceleratorTableA
ChooseColorA
CreateMenu
WindowFromPoint
RegOpenKeyExA
FileTimeToLocalFileTime
Process32First
UnlockFile
SelectClipRgn
SetRectEmpty
GetCurrentThread
WinExec
GlobalFlags
^COMCTL32.dll
ExcludeClipRect
SetWindowLongA
FindWindowA
comdlg32.dll
UnhandledExceptionFilter
VirtualFree
GetStartupInfoA
RoundRect
GetCommandLineA
CLSIDFromString
GetACP
GetMessageA
LoadImageA
GlobalAddAtomA
FileTimeToSystemTime
EndPath
WINMM.dll
GetOEMCP
RealizePalette
GetMenu
FindFirstFileA
GetSystemPaletteEntries
RedrawWindow
midiOutReset
PatBlt
ModifyMenuA
GetFileAttributesA
ShellExecuteA
LeaveCriticalSection
InterlockedDecrement
GetWindowRect
SendMessageA
SetClipboardData
SetHandleCount
CreateRoundRectRgn
IsDialogMessageA
ExtTextOutA
GetNextDlgTabItem
PeekMessageA
RestoreDC
OpenProcess
OpenPrinterA
GetSystemTime
GlobalUnlock
GetTextColor
DestroyWindow
GetMenuCheckMarkDimensions
TlsGetValue
GlobalFindAtomA
waveOutGetNumDevs
UnregisterClassA
GetStringTypeA
DrawFrameControl
ReadFile
SetROP2
ValidateRect
SelectPalette
WriteFile
GetStretchBltMode
TlsAlloc
midiStreamRestart
CreateRectRgn
ReleaseSemaphore
GetViewportExtEx
LCMapStringW
DestroyMenu
lstrcatA
EmptyClipboard
RegSetValueExA
GetObjectA
SetWindowsHookExA
waveOutPause
OleUninitialize
GetSaveFileNameA
GetVolumeInformationA
GetFileTime
SetErrorMode
EndPaint
WS2_32.dll
LocalAlloc
EnterCriticalSection
FillRect
GetWindowDC
DuplicateHandle
IsBadCodePtr
GetCurrentObject
SelectObject
MulDiv
CreateFontIndirectA
GetSysColorBrush
CreateIconFromResourceEx
SHGetSpecialFolderPathA
SetUnhandledExceptionFilter
GetEnvironmentVariableA
OffsetViewportOrgEx
FindClose
GetFocus
MapWindowPoints
GetScrollPos
GetWindowThreadProcessId
SystemParametersInfoA
AdjustWindowRectEx
Sleep
OleInitialize
GetCursorPos
PostMessageA
PtVisible
CreatePen
InflateRect
StartPage
GetCPInfo
SetViewportExtEx
ClosePrinter
GetSystemMetrics
FindNextFileA
SetTextColor
ReleaseDC
wsprintfA
CreatePalette
GetWindowsDirectoryA
waveOutPrepareHeader
SetFilePointer
WaitForInputIdle
GlobalAlloc
CreateSemaphoreA
StartDocA
GetPolyFillMode
ole32.dll
SetEvent
| 防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
|---|---|---|
| Bkav | HW32.Packed. | 20190712 |
| MicroWorld-eScan | 未发现病毒 | 20190712 |
| CMC | 未发现病毒 | 20190321 |
| CAT-QuickHeal | 未发现病毒 | 20190712 |
| McAfee | 未发现病毒 | 20190713 |
| Cylance | Unsafe | 20190714 |
| Zillya | 未发现病毒 | 20190712 |
| SUPERAntiSpyware | 未发现病毒 | 20190712 |
| Trustlook | 未发现病毒 | 20190714 |
| Alibaba | 未发现病毒 | 20190527 |
| K7GW | Adware ( 004b942f1 ) | 20190713 |
| K7AntiVirus | Adware ( 004b942f1 ) | 20190712 |
| TrendMicro | 未发现病毒 | 20190712 |
| Baidu | 未发现病毒 | 20190318 |
| Cyren | 未发现病毒 | 20190713 |
| Symantec | ML.Attribute.HighConfidence | 20190712 |
| TotalDefense | 未发现病毒 | 20190712 |
| APEX | Malicious | 20190713 |
| Paloalto | 未发现病毒 | 20190714 |
| ClamAV | 未发现病毒 | 20190712 |
| GData | Win32.Trojan.Kryptik.HK@susp | 20190713 |
| Kaspersky | 未发现病毒 | 20190713 |
| BitDefender | 未发现病毒 | 20190713 |
| NANO-Antivirus | 未发现病毒 | 20190713 |
| AegisLab | 未发现病毒 | 20190713 |
| Avast | 未发现病毒 | 20190713 |
| Tencent | 未发现病毒 | 20190714 |
| Endgame | malicious (high confidence) | 20190522 |
| Emsisoft | 未发现病毒 | 20190713 |
| Comodo | TrojWare.Win32.Agent.ISVQ@5mbonp | 20190713 |
| F-Secure | 未发现病毒 | 20190713 |
| DrWeb | 未发现病毒 | 20190713 |
| VIPRE | 未发现病毒 | 20190712 |
| Invincea | heuristic | 20190525 |
| McAfee-GW-Edition | BehavesLike.Win32.Backdoor.gc | 20190712 |
| Trapmine | malicious.moderate.ml.score | 20190522 |
| FireEye | Generic.mg.eee5a11a4b742416 | 20190713 |
| Sophos | Mal/VMProtBad-A | 20190712 |
| Ikarus | 未发现病毒 | 20190713 |
| F-Prot | 未发现病毒 | 20190713 |
| Jiangmin | 未发现病毒 | 20190713 |
| eGambit | Trojan.Generic | 20190714 |
| Avira | 未发现病毒 | 20190713 |
| MAX | 未发现病毒 | 20190714 |
| Antiy-AVL | 未发现病毒 | 20190712 |
| Kingsoft | 未发现病毒 | 20190714 |
| Microsoft | Trojan:Win32/Wacatac.B!ml | 20190712 |
| Arcabit | 未发现病毒 | 20190712 |
| ViRobot | 未发现病毒 | 20190712 |
| ZoneAlarm | 未发现病毒 | 20190713 |
| Avast-Mobile | 未发现病毒 | 20190713 |
| AhnLab-V3 | Packed/Win32.Vmpbad.C90402 | 20190712 |
| Acronis | suspicious | 20190712 |
| VBA32 | 未发现病毒 | 20190712 |
| ALYac | 未发现病毒 | 20190713 |
| TACHYON | 未发现病毒 | 20190712 |
| Ad-Aware | 未发现病毒 | 20190713 |
| Malwarebytes | 未发现病毒 | 20190713 |
| Zoner | 未发现病毒 | 20190712 |
| ESET-NOD32 | a variant of Win32/Packed.FlyStudio.AA potentially unwanted | 20190713 |
| TrendMicro-HouseCall | 未发现病毒 | 20190712 |
| Rising | Trojan.Generic@ML.97 (RDML:mzpWJFMg2O6mkYgiXzotIA) | 20190712 |
| Yandex | 未发现病毒 | 20190711 |
| SentinelOne | DFI - Malicious PE | 20190604 |
| MaxSecure | Trojan.Malware.300983.susgen | 20190712 |
| Fortinet | 未发现病毒 | 20190713 |
| AVG | 未发现病毒 | 20190713 |
| Cybereason | malicious.99174f | 20190616 |
| Panda | 未发现病毒 | 20190712 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190212 |
| Qihoo-360 | 未发现病毒 | 20190714 |
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 24.797 seconds )
- 15.592 Suricata
- 3.179 BehaviorAnalysis
- 3.165 Static
- 1.499 VirusTotal
- 0.434 peid
- 0.423 TargetInfo
- 0.353 NetworkAnalysis
- 0.132 AnalysisInfo
- 0.016 Strings
- 0.003 Memory
- 0.001 config_decoder
Signatures ( 1.52 seconds )
- 0.221 process_interest
- 0.211 injection_createremotethread
- 0.199 api_spamming
- 0.156 stealth_timeout
- 0.143 injection_runpe
- 0.14 vawtrak_behavior
- 0.124 stealth_decoy_document
- 0.094 process_needed
- 0.026 antiav_detectreg
- 0.021 md_url_bl
- 0.018 md_domain_bl
- 0.011 infostealer_ftp
- 0.009 mimics_filetime
- 0.008 stealth_file
- 0.008 reads_self
- 0.008 virus
- 0.007 anomaly_persistence_autorun
- 0.007 antivm_generic_disk
- 0.007 antiav_detectfile
- 0.007 infostealer_im
- 0.007 ransomware_extensions
- 0.007 ransomware_files
- 0.006 bootkit
- 0.006 hancitor_behavior
- 0.005 antianalysis_detectreg
- 0.005 infostealer_bitcoin
- 0.004 infostealer_mail
- 0.003 tinba_behavior
- 0.003 antidbg_windows
- 0.003 antivm_vbox_files
- 0.003 geodo_banking_trojan
- 0.003 disables_browser_warn
- 0.002 antivm_vbox_libs
- 0.002 rat_nanocore
- 0.002 betabot_behavior
- 0.002 cerber_behavior
- 0.002 bot_drive
- 0.002 browser_security
- 0.002 modify_proxy
- 0.002 md_bad_drop
- 0.001 ursnif_behavior
- 0.001 kibex_behavior
- 0.001 antivm_generic_scsi
- 0.001 shifu_behavior
- 0.001 exec_crash
- 0.001 antianalysis_detectfile
- 0.001 antidbg_devices
- 0.001 antivm_generic_diskreg
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 darkcomet_regkeys
- 0.001 maldun_malicious_drop_executable_file_to_temp_folder
- 0.001 office_security
- 0.001 rat_spynet
- 0.001 recon_fingerprint
- 0.001 stealth_hiddenreg
- 0.001 stealth_hide_notifications
- 0.001 stealth_modify_uac_prompt
- 0.001 stealth_modify_security_center_warnings
Reporting ( 0.85 seconds )
- 0.848 ReportHTMLSummary
- 0.002 Malheur
| Task ID | 374104 |
|---|---|
| Mongo ID | 5d7f70f82f8f2e3c66bb5df8 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号