分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2019-09-16 20:04:35 2019-09-16 20:06:47 132 秒

魔盾分数

5.45

可疑的

文件详细信息

文件名 CF诸神免费版.vmp.exe
文件大小 815104 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 42f62a2de221157689ba4b70e807c3da
SHA1 db4dfe965270c86567f13737062ee18530a83df2
SHA256 2c653f5612d42580c29990510db7efb08b4df76234eec496880e802af88cb31c
SHA512 f0a2678bd6cdce2d2e9312c79156aa333cd3674404c06b153856805943bd946b639353c44b8cab4d93c4ac5815915b1d6d0316d877f8e88a6a71ca31c1ce40fc
CRC32 EE9180F0
Ssdeep 12288:NBr6ZpOAmvGIDtKqUHibYYV4r7iIWeF9BCtNPm0hXDhVRXqSIKkr:NBrOHqR0CU7ix294p3vIKA
Yara 登录查看Yara规则
样本下载 提交漏报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x005cbe03
声明校验值 0x00000000
实际校验值 0x000d0c85
最低操作系统版本要求 4.0
编译时间 2019-09-15 11:10:11
载入哈希 0f9e6e99dae262262f5c66d8edea79c3

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000891ce 0x00000000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 0.00
.rdata 0x0008b000 0x000ecab2 0x00000000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 0.00
.data 0x00178000 0x0004758a 0x00000000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.rsrc 0x001c0000 0x00005b30 0x00002000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.74
.vmp0 0x001c6000 0x0000405c 0x00000000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 0.00
.vmp1 0x001cb000 0x000c21be 0x000c3000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.92
.reloc 0x0028e000 0x00000068 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 0.24

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_CURSOR 0x001c246c 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_CURSOR 0x001c246c 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_CURSOR 0x001c246c 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_CURSOR 0x001c246c 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x001c3ce0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x001c3ce0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x001c3ce0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x001c3ce0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x001c3ce0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x001c3ce0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x001c3ce0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x001c3ce0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x001c3ce0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x001c3ce0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x001c3ce0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x001c3ce0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x001c3ce0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x001c3ce0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_BITMAP 0x001c3ce0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_MENU 0x001c3e30 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_MENU 0x001c3e30 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x001c5078 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x001c5078 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x001c5078 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x001c5078 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x001c5078 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x001c5078 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x001c5078 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x001c5078 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x001c5078 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_DIALOG 0x001c5078 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x001c5ac0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x001c5ac0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x001c5ac0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x001c5ac0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x001c5ac0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x001c5ac0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x001c5ac0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x001c5ac0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x001c5ac0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x001c5ac0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_STRING 0x001c5ac0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_GROUP_CURSOR 0x001c5b0c 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_GROUP_CURSOR 0x001c5b0c 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None
RT_GROUP_CURSOR 0x001c5b0c 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 None

导入

库: WINMM.dll:
0x68852b midiStreamOut
0x688533 waveOutWrite
0x688537 waveOutPause
0x68853b waveOutReset
0x68853f waveOutClose
0x688543 waveOutGetNumDevs
0x688547 waveOutOpen
0x68854f midiStreamOpen
0x688553 midiStreamProperty
0x688557 midiStreamStop
0x68855b midiOutReset
0x68855f midiStreamClose
0x688563 midiStreamRestart
库: WS2_32.dll:
0x688573 WSACleanup
0x688577 closesocket
0x68857b getpeername
0x68857f accept
0x688583 WSAAsyncSelect
0x688587 recvfrom
0x68858b ioctlsocket
0x68858f inet_ntoa
0x688593 recv
库: KERNEL32.dll:
0x68859b SetLastError
0x6885a3 GetVersion
0x6885ab GetACP
0x6885af HeapSize
0x6885b3 RaiseException
0x6885b7 GetLocalTime
0x6885bb GetSystemTime
0x6885bf RtlUnwind
0x6885c3 GetStartupInfoA
0x6885c7 GetOEMCP
0x6885cb GetCPInfo
0x6885cf GetProcessVersion
0x6885d3 SetErrorMode
0x6885d7 GlobalFlags
0x6885db GetCurrentThread
0x6885df GetFileTime
0x6885e3 TlsGetValue
0x6885e7 LocalReAlloc
0x6885eb TlsSetValue
0x6885ef TlsFree
0x6885f3 GlobalHandle
0x6885f7 TlsAlloc
0x6885fb LocalAlloc
0x6885ff lstrcmpA
0x688603 GlobalGetAtomNameA
0x688607 GlobalAddAtomA
0x68860b GlobalFindAtomA
0x68860f GlobalDeleteAtom
0x688613 lstrcmpiA
0x688617 SetEndOfFile
0x68861b UnlockFile
0x68861f LockFile
0x688623 FlushFileBuffers
0x688627 DuplicateHandle
0x68862b lstrcpynA
0x688637 LocalFree
0x688643 TerminateProcess
0x688647 GetFileSize
0x68864b SetFilePointer
0x68864f WideCharToMultiByte
0x688653 MultiByteToWideChar
0x688657 GetCurrentProcess
0x68865f GetSystemDirectoryA
0x688663 CreateSemaphoreA
0x688667 ResumeThread
0x68866b ReleaseSemaphore
0x688677 GetProfileStringA
0x68867b WriteFile
0x688683 CreateFileA
0x688687 SetEvent
0x68868b FindResourceA
0x68868f LoadResource
0x688693 LockResource
0x688697 ReadFile
0x68869b GetModuleFileNameA
0x68869f GetCurrentThreadId
0x6886a3 ExitProcess
0x6886a7 GlobalSize
0x6886ab GlobalFree
0x6886b7 InterlockedExchange
0x6886bb lstrcatA
0x6886bf lstrlenA
0x6886c3 WinExec
0x6886c7 lstrcpyA
0x6886cb FindNextFileA
0x6886cf GlobalReAlloc
0x6886d3 HeapFree
0x6886d7 HeapReAlloc
0x6886db GetProcessHeap
0x6886df HeapAlloc
0x6886e3 GetFullPathNameA
0x6886e7 FreeLibrary
0x6886eb LoadLibraryA
0x6886ef GetLastError
0x6886f3 GetVersionExA
0x6886fb CreateThread
0x6886ff CreateEventA
0x688703 Sleep
0x68870b GlobalAlloc
0x68870f GlobalLock
0x688713 GlobalUnlock
0x688717 GetTempPathA
0x68871b FindFirstFileA
0x68871f FindClose
0x688723 GetFileAttributesA
0x688727 DeleteFileA
0x688733 GetModuleHandleA
0x688737 GetProcAddress
0x68873b MulDiv
0x68873f GetCommandLineA
0x688743 GetTickCount
0x688747 CreateProcessA
0x68874b WaitForSingleObject
0x68874f CloseHandle
0x688763 SetHandleCount
0x688767 GetStdHandle
0x68876b GetFileType
0x688773 HeapDestroy
0x688777 HeapCreate
0x68877b VirtualFree
0x688783 LCMapStringA
0x688787 LCMapStringW
0x68878b VirtualAlloc
0x68878f IsBadWritePtr
0x688797 GetStringTypeA
0x68879b GetStringTypeW
0x68879f CompareStringA
0x6887a3 CompareStringW
0x6887a7 IsBadReadPtr
0x6887ab IsBadCodePtr
0x6887af SetStdHandle
库: USER32.dll:
0x6887b7 GetMenu
0x6887bb SetMenu
0x6887bf PeekMessageA
0x6887c3 GetSysColorBrush
0x6887cb GetKeyState
0x6887d3 IsWindowEnabled
0x6887d7 ShowWindow
0x6887df LoadImageA
0x6887e7 ClientToScreen
0x6887eb EnableMenuItem
0x6887ef GetSubMenu
0x6887f3 GetDlgCtrlID
0x6887fb CreateMenu
0x6887ff ModifyMenuA
0x688803 AppendMenuA
0x688807 CreatePopupMenu
0x68880b DrawIconEx
0x68881b SetRectEmpty
0x68881f IsIconic
0x688823 SetFocus
0x688827 GetActiveWindow
0x68882b GetWindow
0x688833 SetWindowRgn
0x688837 GetMessagePos
0x68883b ScreenToClient
0x68883f DispatchMessageA
0x688843 CopyRect
0x688847 LoadBitmapA
0x68884b WinHelpA
0x68884f KillTimer
0x688853 SetTimer
0x688857 ReleaseCapture
0x68885b GetCapture
0x68885f SetCapture
0x688863 LoadStringA
0x68886b GetMenuState
0x68886f GetScrollRange
0x688873 SetScrollRange
0x688877 SetScrollPos
0x68887b SetRect
0x68887f InflateRect
0x688883 IntersectRect
0x688887 DestroyIcon
0x68888b DeleteMenu
0x68888f OffsetRect
0x688893 IsWindowVisible
0x688897 EnableWindow
0x68889b RedrawWindow
0x68889f GetWindowLongA
0x6888a3 SetWindowLongA
0x6888a7 GetSysColor
0x6888ab SetActiveWindow
0x6888af SetCursorPos
0x6888b3 LoadCursorA
0x6888b7 SetCursor
0x6888bb GetDC
0x6888bf FillRect
0x6888c3 IsRectEmpty
0x6888c7 ReleaseDC
0x6888cb IsChild
0x6888cf DestroyMenu
0x6888d3 SetForegroundWindow
0x6888d7 GetWindowRect
0x6888db EqualRect
0x6888df UpdateWindow
0x6888e3 ValidateRect
0x6888e7 InvalidateRect
0x6888eb GetClientRect
0x6888ef GetFocus
0x6888f3 GetParent
0x6888f7 GetTopWindow
0x6888fb PostMessageA
0x6888ff IsWindow
0x688903 SetParent
0x688907 DestroyCursor
0x68890b SendMessageA
0x68890f SetWindowPos
0x688913 MessageBoxA
0x688917 GetCursorPos
0x68891b GetSystemMetrics
0x68891f EmptyClipboard
0x688923 SetClipboardData
0x688927 OpenClipboard
0x68892b GetClipboardData
0x68892f CloseClipboard
0x688933 wsprintfA
0x688937 WaitForInputIdle
0x68893b GetSystemMenu
0x68893f GetMessageA
0x688943 WindowFromPoint
0x688947 DrawFocusRect
0x68894b DrawFrameControl
0x68894f TranslateMessage
0x688953 LoadIconA
0x688957 GetForegroundWindow
0x68895b GetDesktopWindow
0x68895f GetClassNameA
0x688963 GetDlgItem
0x688967 GetWindowTextA
0x68896b DefWindowProcA
0x68896f GetClassInfoA
0x688973 IsZoomed
0x688977 PtInRect
0x68897b PostQuitMessage
0x688983 UnregisterClassA
0x688987 DrawEdge
0x68898f CharUpperA
0x688993 GetWindowDC
0x688997 BeginPaint
0x68899b EndPaint
0x68899f TabbedTextOutA
0x6889a3 DrawTextA
0x6889a7 GrayStringA
0x6889ab DestroyWindow
0x6889b3 EndDialog
0x6889b7 GetNextDlgTabItem
0x6889bb GetWindowPlacement
0x6889c3 GetLastActivePopup
0x6889c7 GetMessageTime
0x6889cb RemovePropA
0x6889cf CallWindowProcA
0x6889d3 GetPropA
0x6889d7 UnhookWindowsHookEx
0x6889db SetPropA
0x6889df GetClassLongA
0x6889e3 CallNextHookEx
0x6889e7 SetWindowsHookExA
0x6889eb CreateWindowExA
0x6889ef GetMenuItemID
0x6889f3 GetMenuItemCount
0x6889f7 RegisterClassA
0x6889fb GetScrollPos
0x6889ff AdjustWindowRectEx
0x688a03 MapWindowPoints
0x688a07 SendDlgItemMessageA
0x688a0b ScrollWindowEx
0x688a0f IsDialogMessageA
0x688a13 SetWindowTextA
0x688a17 MoveWindow
0x688a1b CheckMenuItem
0x688a1f SetMenuItemBitmaps
库: GDI32.dll:
0x688a27 ExtSelectClipRgn
0x688a2b LineTo
0x688a2f MoveToEx
0x688a33 CreateBitmap
0x688a37 SelectObject
0x688a3b GetObjectA
0x688a3f CreatePen
0x688a43 PatBlt
0x688a47 CombineRgn
0x688a4b CreateRectRgn
0x688a4f FillRgn
0x688a53 CreateSolidBrush
0x688a57 GetStockObject
0x688a5b CreateFontIndirectA
0x688a5f EndPage
0x688a63 EndDoc
0x688a67 DeleteDC
0x688a6b StartDocA
0x688a6f StartPage
0x688a73 BitBlt
0x688a77 Ellipse
0x688a7b Rectangle
0x688a7f LPtoDP
0x688a83 DPtoLP
0x688a87 GetCurrentObject
0x688a8b RoundRect
0x688a93 GetDeviceCaps
0x688a97 SetBkColor
0x688a9b ExcludeClipRect
0x688a9f GetClipBox
0x688aa3 ScaleWindowExtEx
0x688aa7 SetWindowExtEx
0x688aab SetWindowOrgEx
0x688aaf ScaleViewportExtEx
0x688ab3 SetViewportExtEx
0x688ab7 OffsetViewportOrgEx
0x688abb SetViewportOrgEx
0x688abf SetMapMode
0x688ac3 SetTextColor
0x688ac7 GetViewportExtEx
0x688acb PtVisible
0x688acf RectVisible
0x688ad3 TextOutA
0x688ad7 ExtTextOutA
0x688adb Escape
0x688adf GetTextMetricsA
0x688ae3 CreateDCA
0x688aeb GetPolyFillMode
0x688aef GetStretchBltMode
0x688af3 GetROP2
0x688af7 GetBkColor
0x688afb GetBkMode
0x688aff GetTextColor
0x688b03 CreateRoundRectRgn
0x688b07 CreateEllipticRgn
0x688b0b PathToRegion
0x688b0f EndPath
0x688b13 BeginPath
0x688b17 GetWindowOrgEx
0x688b1b GetViewportOrgEx
0x688b1f SetROP2
0x688b23 SetPolyFillMode
0x688b27 SetBkMode
0x688b2b RestoreDC
0x688b2f SaveDC
0x688b33 GetWindowExtEx
0x688b37 GetDIBits
0x688b3b RealizePalette
0x688b3f SelectPalette
0x688b43 StretchBlt
0x688b47 CreatePalette
0x688b4f CreateDIBitmap
0x688b53 DeleteObject
0x688b57 SelectClipRgn
0x688b5f GetClipRgn
0x688b63 SetStretchBltMode
0x688b67 CreateCompatibleDC
0x688b6b CreatePolygonRgn
库: WINSPOOL.DRV:
0x688b73 OpenPrinterA
0x688b77 DocumentPropertiesA
0x688b7b ClosePrinter
库: ADVAPI32.dll:
0x688b83 RegQueryValueExA
0x688b87 RegOpenKeyExA
0x688b8b RegSetValueExA
0x688b8f RegQueryValueA
0x688b93 RegCreateKeyExA
0x688b97 RegCloseKey
库: SHELL32.dll:
0x688b9f ShellExecuteA
0x688ba3 Shell_NotifyIconA
库: ole32.dll:
0x688baf CLSIDFromString
0x688bb3 OleUninitialize
0x688bb7 OleInitialize
库: OLEAUT32.dll:
0x688bbf LoadTypeLib
0x688bc3 RegisterTypeLib
0x688bc7 UnRegisterTypeLib
库: COMCTL32.dll:
0x688bcf None
0x688bd3 ImageList_Destroy
库: comdlg32.dll:
0x688bdb ChooseColorA
0x688bdf GetFileTitleA
0x688be3 GetSaveFileNameA
0x688be7 GetOpenFileNameA
库: KERNEL32.dll:
0x688bef VirtualProtect
0x688bf3 GetModuleFileNameA
0x688bf7 ExitProcess
库: USER32.dll:
0x688bff MessageBoxA

.text
`.rdata
@.data
.rsrc
@.vmp0
`.vmp1
.reloc
wwwwwwwwwwwwwwwwwwwwwwww
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity name="E.App" processorArchitecture="x86" version="5.2.0.0" type="win32"/><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency></assembly>
IsWindowVisible
CloseClipboard
EnableMenuItem
GetDlgItem
lstrcmpA
lstrcpynA
EmptyClipboard
InitializeCriticalSection
GetWindowPlacement
GetWindowLongA
GetProfileStringA
SetScrollRange
GetProcessVersion
RemovePropA
GetACP
StartDocA
<comdlg32.dll
FileTimeToLocalFileTime
CreateFontIndirectA
GetLastActivePopup
WinHelpA
TlsAlloc
OpenPrinterA
GetTimeZoneInformation
HeapReAlloc
LPtoDP
SetWindowOrgEx
SetRect
midiOutReset
GetViewportOrgEx
TranslateAcceleratorA
GetSysColor
GetScrollRange
OffsetRect
IsDialogMessageA
MultiByteToWideChar
RegQueryValueExA
midiStreamProperty
FreeEnvironmentStringsW
WriteFile
midiStreamOut
GetDeviceCaps
GetFileAttributesA
LoadImageA
GetStdHandle
FindClose
LCMapStringA
DeleteMenu
GetTextMetricsA
SetRectEmpty
ExcludeClipRect
waveOutGetNumDevs
GlobalFree
PostQuitMessage
BitBlt
SetBkMode
SetEvent
CreateSolidBrush
l$vms
Pj8J,
DAk4uo"
ExZ}c
DEFAULT_ICON(
VS_VERSION_INFO
StringFileInfo
080404B0
FileVersion
1.0.0.0
FileDescription
ProductName
ProductVersion
1.0.0.0
CompanyName
LegalCopyright
Comments
(http://www.eyuyan.com)
VarFileInfo
Translation
没有防病毒引擎扫描信息!

进程树


CF_______________.vmp.exe, PID: 2464, 上一级进程 PID: 2332

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 22.991 seconds )

  • 15.515 Suricata
  • 4.317 Static
  • 1.557 VirusTotal
  • 0.489 peid
  • 0.471 TargetInfo
  • 0.356 NetworkAnalysis
  • 0.138 BehaviorAnalysis
  • 0.127 AnalysisInfo
  • 0.016 Strings
  • 0.003 Memory
  • 0.002 config_decoder

Signatures ( 0.199 seconds )

  • 0.027 antiav_detectreg
  • 0.022 md_url_bl
  • 0.016 md_domain_bl
  • 0.011 infostealer_ftp
  • 0.007 anomaly_persistence_autorun
  • 0.007 antiav_detectfile
  • 0.007 infostealer_im
  • 0.007 ransomware_extensions
  • 0.007 ransomware_files
  • 0.006 api_spamming
  • 0.006 antianalysis_detectreg
  • 0.005 stealth_timeout
  • 0.005 infostealer_bitcoin
  • 0.004 stealth_decoy_document
  • 0.004 infostealer_mail
  • 0.003 tinba_behavior
  • 0.003 antidbg_windows
  • 0.003 antivm_vbox_files
  • 0.003 geodo_banking_trojan
  • 0.003 disables_browser_warn
  • 0.002 antivm_vbox_libs
  • 0.002 rat_nanocore
  • 0.002 betabot_behavior
  • 0.002 cerber_behavior
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.001 antiemu_wine_func
  • 0.001 ursnif_behavior
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 infostealer_browser_password
  • 0.001 kovter_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 darkcomet_regkeys
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 office_security
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_fingerprint
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt
  • 0.001 stealth_modify_security_center_warnings

Reporting ( 0.877 seconds )

  • 0.875 ReportHTMLSummary
  • 0.002 Malheur
Task ID 374117
Mongo ID 5d7f7afa2f8f2e3c69bb5eae
Cuckoo release 1.4-Maldun