比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2019-09-16 19:51:34 2019-09-16 19:52:09 35 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 rld.dll
文件大小 479236 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 e86028faabc0bc3a6e41b665c507e0ac
SHA1 96ada875e3aefdd883b488f0fd13cca20a77f16e
SHA256 e7d0d438ac04909f167c886ee4fc323c57cc231366c443ac9e5bdf2d77260698
SHA512 ce74a0cf65399b9786df70679d85dec057acaa778c316dfefacb747f5b37212b1708ff644ef7ea285f5c0d76e92bfc2817722d3ef77016ece2986e29ac539f77
CRC32 EBBD10FD
Ssdeep 12288:YcZvvJTxNP70q1h1W0XLM7EHM7e0geKrzEAbn6calU+1FCg2:9ZnJTxNr1h1WIyEHM7e0g5rzBAlUMw
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x10000000
入口地址 0x1000ea90
声明校验值 0x00000000
实际校验值 0x0008306d
最低操作系统版本要求 6.0
编译时间 2014-10-18 02:15:26
载入哈希 373b9bcb510910a35da6bad2c7250681
导出DLL库名称 \x31\x31\x31\x34\x31\x31\x31

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00010df1 0x00010e00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.95
.rdata 0x00012000 0x0000418a 0x00004200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.97
.data 0x00017000 0x00000b94 0x00000800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 6.79
.CRT 0x00018000 0x00000004 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 0.08
.RLD0 0x00019000 0x00000790 0x00000800 IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.40
.RLD1 0x0001a000 0x0005de27 0x0005e000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 7.82
.reloc 0x00078000 0x000005d8 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 6.18

覆盖

偏移量 0x00074c00
大小 0x00000404

导入

库: KERNEL32.dll:
0x10012008 LoadLibraryA
0x10012010 GetProcAddress
0x10012014 CreateFileA
0x10012018 lstrlenA
0x1001201c WideCharToMultiByte
0x10012020 ReadFile
0x10012024 CreateFileW
0x10012028 lstrlenW
0x1001202c CloseHandle
0x10012030 lstrcpyA
0x10012034 SetFilePointer
0x10012038 VirtualFree
0x1001203c lstrcatA
0x10012040 MultiByteToWideChar
0x10012044 CreateDirectoryA
0x10012048 GetLastError
0x1001204c SetLastError
0x10012050 VirtualAlloc
0x10012054 GetTempPathA
0x10012058 lstrcpynA
0x1001205c GetCurrentProcess
0x10012064 GetModuleHandleA
0x1001206c GetCurrentProcessId
0x10012070 CreateEventA
0x10012074 ExitProcess
0x10012078 lstrcmpiA
0x1001207c lstrcmpiW
0x10012080 GetThreadContext
0x10012084 lstrcmpA
0x10012088 SetThreadContext
0x1001208c TerminateProcess
0x10012090 VirtualAllocEx
0x10012094 ResumeThread
0x10012098 FreeLibrary
0x1001209c HeapAlloc
0x100120a0 HeapCreate
0x100120a4 GetModuleFileNameA
0x100120ac SetEndOfFile
0x100120b0 CompareFileTime
0x100120b4 UnlockFile
0x100120b8 SetEvent
0x100120bc LockFile
0x100120c0 GetTickCount
0x100120c4 WriteFile
0x100120c8 GetProcessTimes
0x100120cc VirtualFreeEx
0x100120d0 ReadProcessMemory
0x100120d4 GetFileAttributesA
0x100120d8 GetFileAttributesW
0x100120dc ExitThread
0x100120e0 FlushFileBuffers
0x100120e4 OpenEventA
0x100120e8 WaitForMultipleObjects
0x100120ec GetFileTime
0x100120f0 GetCurrentThreadId
0x100120f4 WriteProcessMemory
0x100120f8 CreateThread
0x100120fc SetStdHandle
0x10012100 HeapFree
0x10012114 IsDebuggerPresent
0x10012118 GetFileSize
0x1001211c VirtualProtect
库: USER32.dll:
0x10012124 CharLowerA
0x10012128 GetMessageA
0x1001212c SetTimer
0x10012130 RegisterClassExA
0x10012134 PostQuitMessage
0x10012138 KillTimer
0x1001213c SendMessageA
0x10012140 SetWindowLongA
0x10012144 UnregisterClassA
0x10012148 GetWindowLongA
0x1001214c CreateWindowExA
0x10012150 DefWindowProcA
0x10012154 IsWindow
0x10012158 DispatchMessageA
0x1001215c MessageBoxA
0x10012160 wsprintfA
库: ADVAPI32.dll:
0x10012000 OpenProcessToken
库: USERENV.dll:

导出

序列 地址 名称
1 0x1000e6b0
2 0x1000c680
.text
`.rdata
@.data
@.RLD0
`.RLD1
`.reloc
rld.dll
LoadLibraryA
GetProcAddress
WSWVh
F h0%
Fl+Fp=
0123456789
>ntdll.dll
RtlGetCurrentPeb
rld.dll
VirtualProtect
GetPrivateProfileStringA
LoadLibraryA
SetEnvironmentVariableA
GetProcAddress
CreateFileA
lstrlenA
WideCharToMultiByte
ReadFile
CreateFileW
lstrlenW
CloseHandle
lstrcpyA
SetFilePointer
VirtualFree
lstrcatA
MultiByteToWideChar
CreateDirectoryA
GetLastError
SetLastError
VirtualAlloc
GetTempPathA
lstrcpynA
GetCurrentProcess
QueryPerformanceCounter
GetModuleHandleA
QueryPerformanceFrequency
GetCurrentProcessId
CreateEventA
ExitProcess
lstrcmpiA
lstrcmpiW
GetThreadContext
lstrcmpA
SetThreadContext
TerminateProcess
VirtualAllocEx
ResumeThread
FreeLibrary
HeapAlloc
HeapCreate
GetModuleFileNameA
GetFileSize
SetEndOfFile
CompareFileTime
UnlockFile
SetEvent
LockFile
GetTickCount
WriteFile
GetProcessTimes
VirtualFreeEx
ReadProcessMemory
GetFileAttributesA
GetFileAttributesW
ExitThread
FlushFileBuffers
OpenEventA
WaitForMultipleObjects
GetFileTime
GetCurrentThreadId
WriteProcessMemory
CreateThread
SetStdHandle
HeapFree
AddVectoredExceptionHandler
KERNEL32.dll
CharLowerA
wsprintfA
MessageBoxA
DispatchMessageA
IsWindow
DefWindowProcA
CreateWindowExA
GetWindowLongA
UnregisterClassA
SetWindowLongA
SendMessageA
KillTimer
PostQuitMessage
RegisterClassExA
SetTimer
GetMessageA
USER32.dll
OpenProcessToken
ADVAPI32.dll
GetUserProfileDirectoryA
USERENV.dll
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ver 2.7.8
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20190816
MicroWorld-eScan Gen:Variant.Application.HackTool.68 20190816
CMC 未发现病毒 20190321
CAT-QuickHeal Trojan.IGENERIC 20190816
McAfee GenericRXBA-VN!E86028FAABC0 20190816
Cylance Unsafe 20190816
CrowdStrike win/malicious_confidence_100% (D) 20190212
BitDefender Gen:Variant.Application.HackTool.68 20190816
K7GW Riskware ( 0040eff71 ) 20190814
K7AntiVirus Riskware ( 0040eff71 ) 20190814
Invincea heuristic 20190717
Baidu 未发现病毒 20190318
F-Prot 未发现病毒 20190816
Symantec Trojan.Gen.2 20190816
ESET-NOD32 Win32/HackTool.Crack.CY potentially unsafe 20190816
APEX Malicious 20190813
Paloalto 未发现病毒 20190816
ClamAV Win.Trojan.Crack-80 20190816
Kaspersky 未发现病毒 20190816
Alibaba HackTool:Win32/Crack.e850292c 20190527
NANO-Antivirus Trojan.Win32.Agent.ditxia 20190816
ViRobot 未发现病毒 20190813
SUPERAntiSpyware HackTool/Gen-Crack 20190809
Avast 未发现病毒 20190816
Tencent 未发现病毒 20190816
Endgame malicious (high confidence) 20190802
Sophos Troj/Agent-AJTU 20190816
Comodo 未发现病毒 20190816
F-Secure 未发现病毒 20190816
DrWeb 未发现病毒 20190816
Zillya 未发现病毒 20190816
TrendMicro TROJ_GEN.R002C0PFN19 20190816
McAfee-GW-Edition BehavesLike.Win32.Generic.gc 20190816
Fortinet 未发现病毒 20190816
Trapmine malicious.moderate.ml.score 20190522
FireEye Generic.mg.e86028faabc0bc3a 20190816
Emsisoft Gen:Variant.Application.HackTool.68 (B) 20190816
SentinelOne DFI - Malicious PE 20190807
Cyren W32/Trojan.VDDP-1513 20190816
Jiangmin Trojan/Agentb.awr 20190816
MaxSecure Trojan.Malware.7615027.susgen 20190803
Avira 未发现病毒 20190816
MAX malware (ai score=100) 20190816
Antiy-AVL Trojan/Win32.TSGeneric 20190816
Kingsoft 未发现病毒 20190816
Arcabit Trojan.Application.HackTool.68 20190816
AegisLab 未发现病毒 20190816
ZoneAlarm 未发现病毒 20190816
Avast-Mobile 未发现病毒 20190816
Microsoft 未发现病毒 20190816
AhnLab-V3 Trojan/Win32.Generic.C661750 20190816
Acronis suspicious 20190816
VBA32 未发现病毒 20190816
ALYac 未发现病毒 20190816
TACHYON 未发现病毒 20190816
Ad-Aware Gen:Variant.Application.HackTool.68 20190816
Malwarebytes 未发现病毒 20190816
Zoner 未发现病毒 20190815
TrendMicro-HouseCall TROJ_GEN.R002C0PFN19 20190816
Rising Trojan.Generic@ML.89 (RDMK:EHzAfgBbRkvTJSTbTTDfzw) 20190816
Yandex PUP.Crack! 20190811
Ikarus PUA.HackTool 20190816
eGambit 未发现病毒 20190816
GData Gen:Variant.Application.HackTool.68 20190816
Webroot 未发现病毒 20190816
AVG 未发现病毒 20190816
Panda PUP/Crack 20190816
Qihoo-360 未发现病毒 20190816

进程树

rundll32.exe, PID: 2480, 上一级进程 PID: 2336
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 20.614 seconds )

  • 15.535 Suricata
  • 2.093 Static
  • 1.566 VirusTotal
  • 0.441 peid
  • 0.437 TargetInfo
  • 0.357 NetworkAnalysis
  • 0.105 BehaviorAnalysis
  • 0.06 AnalysisInfo
  • 0.016 Strings
  • 0.003 Memory
  • 0.001 config_decoder

Signatures ( 0.193 seconds )

  • 0.028 antiav_detectreg
  • 0.022 md_url_bl
  • 0.017 md_domain_bl
  • 0.012 infostealer_ftp
  • 0.007 anomaly_persistence_autorun
  • 0.007 antiav_detectfile
  • 0.007 infostealer_im
  • 0.007 ransomware_extensions
  • 0.007 ransomware_files
  • 0.006 antianalysis_detectreg
  • 0.005 infostealer_bitcoin
  • 0.004 api_spamming
  • 0.004 infostealer_mail
  • 0.003 tinba_behavior
  • 0.003 stealth_decoy_document
  • 0.003 stealth_timeout
  • 0.003 antivm_vbox_files
  • 0.003 geodo_banking_trojan
  • 0.003 disables_browser_warn
  • 0.002 rat_nanocore
  • 0.002 betabot_behavior
  • 0.002 cerber_behavior
  • 0.002 antivm_parallels_keys
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.001 network_tor
  • 0.001 mimics_filetime
  • 0.001 reads_self
  • 0.001 ursnif_behavior
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 antivm_generic_disk
  • 0.001 virus
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 darkcomet_regkeys
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 office_security
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_fingerprint
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt
  • 0.001 stealth_modify_security_center_warnings

Reporting ( 0.869 seconds )

  • 0.866 ReportHTMLSummary
  • 0.003 Malheur
Task ID 374115
Mongo ID 5d7f77872f8f2e3c65bb6725
Cuckoo release 1.4-Maldun