分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-2 2019-10-14 19:14:29 2019-10-14 19:15:41 72 秒

魔盾分数

10.0

Malicious病毒

文件详细信息

文件名 设置中文与清理残留.exe
文件大小 56832 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 f93879211f559f07a8a3e792ac59ed1a
SHA1 61f789d364f7f1556fd410a859e538fc9d893816
SHA256 73f5de4d61e3d25afe69d15d1d7c026a09c83e474b26a21198dcb78a0cb163aa
SHA512 e9b9e1a1cc47e071f873525fb6e50d6cf79bbb5cdf96b4fb3212228fa25dba9f6ef092944e05a2ed1e5f5eb744934c0a697323d92c2a4318a65539d447b2804b
CRC32 39AF209E
Ssdeep 1536:QRkq4IrZntb4tGkX4N8C7RTupe3nouy8n/zu:QKMhcGw4NZukXout/zu
Yara 登录查看Yara规则
样本下载 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0041dd20
声明校验值 0x00000000
实际校验值 0x00012c77
最低操作系统版本要求 4.0
编译时间 2018-02-02 04:18:00
载入哈希 a50e815adb2cfe3e58d388c791946db8

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
LegalTrademarks
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
UPX0 0x00001000 0x00013000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
UPX1 0x00014000 0x0000b000 0x0000aa00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.96
.rsrc 0x0001f000 0x00004000 0x00003200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.57

导入

库: COMCTL32.DLL:
库: GDI32.DLL:
0x421f1c GetStockObject
库: KERNEL32.DLL:
0x421f24 LoadLibraryA
0x421f28 ExitProcess
0x421f2c GetProcAddress
0x421f30 VirtualProtect
库: MSVCRT.dll:
0x421f38 free
库: OLE32.DLL:
0x421f40 CoInitialize
库: SHELL32.DLL:
0x421f48 ShellExecuteExW
库: SHLWAPI.DLL:
0x421f50 PathRemoveArgsW
库: USER32.DLL:
0x421f58 SetFocus
库: WINMM.DLL:
0x421f60 timeBeginPeriod

.rsrc
rox{ZZZ
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /> </dependentAssembly> </dependency> <v3:trustInfo xmlns:v3="urn:schemas-microsoft-com:asm.v3"> <v3:security> <v3:requestedPrivileges> <!-- level can be "asInvoker", "highestAvailable", or "requireAdministrator" --> <v3:requestedExecutionLevel level="requireAdministrator" /> </v3:requestedPrivileges> </v3:security> </v3:trustInfo> </assembly>
COMCTL32.DLL
GDI32.DLL
KERNEL32.DLL
MSVCRT.dll
OLE32.DLL
SHELL32.DLL
SHLWAPI.DLL
USER32.DLL
WINMM.DLL
InitCommonControlsEx
GetStockObject
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
CoInitialize
ShellExecuteExW
PathRemoveArgsW
SetFocus
timeBeginPeriod
VS_VERSION_INFO
StringFileInfo
040904E4
FileVersion
6.40.0.0
ProductVersion
6.40.0.0
ProductName
GoldWave
OriginalFilename
GoldWave.exe
InternalName
GoldWave
FileDescription
CompanyName
GoldWave Inc.
LegalTrademarks
GoldWave Inc.
LegalCopyright
VarFileInfo
Translation
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20190621
MicroWorld-eScan 未发现病毒 20190625
CMC 未发现病毒 20190321
CAT-QuickHeal Trojan.CoinMinerPMF.S2180977 20190624
McAfee Artemis!F93879211F55 20190625
Cylance Unsafe 20190625
Zillya 未发现病毒 20190624
AegisLab 未发现病毒 20190625
Trustlook 未发现病毒 20190625
Alibaba 未发现病毒 20190527
K7GW Trojan ( 0051918e1 ) 20190619
K7AntiVirus Trojan ( 0051918e1 ) 20190619
Arcabit 未发现病毒 20190625
TrendMicro 未发现病毒 20190627
Baidu 未发现病毒 20190318
Babable 未发现病毒 20190424
F-Prot 未发现病毒 20190625
Symantec ML.Attribute.HighConfidence 20190625
TotalDefense 未发现病毒 20190624
APEX Malicious 20190625
Avast 未发现病毒 20190625
ClamAV Win.Malware.Xtrat-6913730-0 20190625
Kaspersky 未发现病毒 20190625
BitDefender 未发现病毒 20190625
NANO-Antivirus 未发现病毒 20190625
ViRobot 未发现病毒 20190625
Rising Trojan.Tiggre!8.ED98/N3#100% (RDM+:cmRtazrmrzz8kqgN3xHHgendpJgm) 20190625
Ad-Aware 未发现病毒 20190625
Sophos 未发现病毒 20190625
Comodo 未发现病毒 20190625
F-Secure 未发现病毒 20190625
DrWeb BackDoor.Xtreme.38 20190625
VIPRE 未发现病毒 20190624
Invincea heuristic 20190525
McAfee-GW-Edition BehavesLike.Win32.Generic.qc 20190625
FireEye Generic.mg.f93879211f559f07 20190625
Emsisoft 未发现病毒 20190625
SentinelOne DFI - Suspicious PE 20190604
Cyren 未发现病毒 20190625
Jiangmin RiskTool.BitCoinMiner.gwc 20190625
Webroot 未发现病毒 20190625
Avira 未发现病毒 20190625
Fortinet 未发现病毒 20190625
Antiy-AVL 未发现病毒 20190625
Kingsoft 未发现病毒 20190625
Endgame malicious (moderate confidence) 20190522
Microsoft Trojan:Win32/Wacatac.B!ml 20190625
SUPERAntiSpyware 未发现病毒 20190625
ZoneAlarm 未发现病毒 20190625
Avast-Mobile 未发现病毒 20190625
AhnLab-V3 Trojan/Win32.Agent.C2844240 20190625
Acronis suspicious 20190624
VBA32 未发现病毒 20190625
ALYac 未发现病毒 20190625
TACHYON 未发现病毒 20190625
Malwarebytes 未发现病毒 20190625
Panda 未发现病毒 20190625
Zoner Trojan.Win32.73853 20190624
ESET-NOD32 未发现病毒 20190625
TrendMicro-HouseCall 未发现病毒 20190625
Tencent 未发现病毒 20190625
Yandex 未发现病毒 20190625
MAX 未发现病毒 20190625
eGambit 未发现病毒 20190625
GData 未发现病毒 20190625
AVG 未发现病毒 20190625
Cybereason malicious.364f7f 20190616
Paloalto 未发现病毒 20190625
CrowdStrike win/malicious_confidence_80% (D) 20190212
Qihoo-360 未发现病毒 20190625

进程树


___________________________.exe, PID: 2472, 上一级进程 PID: 2320
cmd.exe, PID: 2560, 上一级进程 PID: 2472
xcopy.exe, PID: 2636, 上一级进程 PID: 2560
mshta.exe, PID: 2700, 上一级进程 PID: 2560

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 19.855 seconds )

  • 15.46 Suricata
  • 1.373 VirusTotal
  • 1.136 BehaviorAnalysis
  • 0.701 Static
  • 0.421 peid
  • 0.338 NetworkAnalysis
  • 0.326 TargetInfo
  • 0.09 AnalysisInfo
  • 0.007 Strings
  • 0.003 Memory

Signatures ( 0.796 seconds )

  • 0.172 antiav_detectreg
  • 0.065 infostealer_ftp
  • 0.053 api_spamming
  • 0.04 stealth_decoy_document
  • 0.037 infostealer_im
  • 0.036 antianalysis_detectreg
  • 0.021 infostealer_mail
  • 0.02 antiav_detectfile
  • 0.019 stealth_file
  • 0.018 antivm_generic_scsi
  • 0.015 stealth_timeout
  • 0.014 infostealer_bitcoin
  • 0.013 md_url_bl
  • 0.011 antivm_generic_services
  • 0.011 anormaly_invoke_kills
  • 0.011 md_domain_bl
  • 0.01 kibex_behavior
  • 0.009 antivm_xen_keys
  • 0.009 geodo_banking_trojan
  • 0.008 betabot_behavior
  • 0.008 antivm_parallels_keys
  • 0.008 antivm_vbox_files
  • 0.008 darkcomet_regkeys
  • 0.007 mimics_filetime
  • 0.007 anomaly_persistence_autorun
  • 0.007 shifu_behavior
  • 0.006 maldun_anomaly_massive_file_ops
  • 0.006 reads_self
  • 0.006 antivm_generic_diskreg
  • 0.006 ransomware_extensions
  • 0.006 ransomware_files
  • 0.006 recon_fingerprint
  • 0.005 bootkit
  • 0.005 antivm_generic_disk
  • 0.005 virus
  • 0.005 kovter_behavior
  • 0.004 antiemu_wine_func
  • 0.004 infostealer_browser_password
  • 0.004 antisandbox_productid
  • 0.003 tinba_behavior
  • 0.003 dridex_behavior
  • 0.003 hancitor_behavior
  • 0.003 antidbg_devices
  • 0.003 antivm_xen_keys
  • 0.003 antivm_hyperv_keys
  • 0.003 antivm_vbox_acpi
  • 0.003 antivm_vbox_keys
  • 0.003 antivm_vmware_keys
  • 0.003 antivm_vpc_keys
  • 0.003 disables_browser_warn
  • 0.003 maldun_anormaly_invoke_vb_vba
  • 0.002 network_tor
  • 0.002 antivm_vbox_libs
  • 0.002 rat_nanocore
  • 0.002 antidbg_windows
  • 0.002 cerber_behavior
  • 0.002 bypass_firewall
  • 0.002 antivm_generic_bios
  • 0.002 antivm_generic_system
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.002 packer_armadillo_regkey
  • 0.002 rat_pcclient
  • 0.002 recon_programs
  • 0.001 hawkeye_behavior
  • 0.001 antiav_avast_libs
  • 0.001 infostealer_browser
  • 0.001 injection_createremotethread
  • 0.001 ursnif_behavior
  • 0.001 kazybot_behavior
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 antisandbox_sboxie_libs
  • 0.001 antiav_bitdefender_libs
  • 0.001 maldun_anomaly_write_exe_and_dll_under_winroot_run
  • 0.001 exec_crash
  • 0.001 injection_runpe
  • 0.001 sniffer_winpcap
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_vmware_files
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 codelux_behavior
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 malicous_targeted_flame
  • 0.001 rat_spynet
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.833 seconds )

  • 0.811 ReportHTMLSummary
  • 0.022 Malheur
Task ID 395678
Mongo ID 5da458f92f8f2e6c2f81198f
Cuckoo release 1.4-Maldun