魔盾安全分析报告

分析类型 开始时间 结束时间 持续时间 分析引擎版本
FILE 2020-02-19 02:08:32 2020-02-19 02:11:00 148 秒 1.4-Maldun
虚拟机机器名 标签 虚拟机管理 开机时间 关机时间
win7-sp1-x64-hpdapp01-1 win7-sp1-x64-hpdapp01-1 KVM 2020-02-19 02:08:38 2020-02-19 02:11:01
魔盾分数

2.8

可疑的

文件详细信息

文件名 设置.exe
文件大小 749568 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 96B57032
MD5 05ea335774257656cefbcbe6cbe6bca1
SHA1 b7627dc05f7142302f6ef15bbcf65fbe3e91b826
SHA256 8877e8ac66a151bd1ea896eabcd3f9f5d96c3b1e31cedb446d0b71cf92ccb2db
SHA512 b2087850b9f6fc022cab1d2d896e72b6c5cd0da8376a07189ab15f69ff89788b32bb52b2b7eee239c5f6887b5b56071b3eba3ceedcdbce9b79c1d787b6127b60
Ssdeep 6144:4htCZm2No3+alWGpkZhMqArO/5rCRDKLLWWu6TcAcV0C508je0DHc4AJVXqBNKzL:4hOm2N++al7unFLqW1YSXfuHc/3
PEiD 无匹配
Yara
  • DebuggerTiming__Ticks (Detected timing ticks function)
  • screenshot (Detected take screenshot function)
  • create_process (Detection function for creating a new process)
  • keylogger (Detected keylogger function)
  • win_registry (Detected system registries modification function)
  • change_win_registry (Change registries to affect system)
  • win_files_operation (Affect private profile)
  • win_hook (Detected hook table access function)
  • win_private_profile (Detected private profile access function)
  • Maldun_Anomoly_Combined_Activities_7 (Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files)
  • with_images (Detected the presence of an or several images)
  • CRC32_poly_Constant (Look for CRC32 [poly])
  • CRC32_table (Look for CRC32 table)
  • MD5_Constants (Look for MD5 constants)
  • IsPE32 (Detected a 32bit PE sample)
  • IsWindowsGUI (Detected a Windows GUI sample)
  • HasRichSignature (Detected Rich Signature)
VirusTotal 无此文件扫描结果

特征

魔盾安全Yara规则检测结果 - 安全告警
Critical: Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files

运行截图

网络分析

无信息

静态分析

PE 信息

初始地址 0x00400000
入口地址 0x0045c865
声明校验值 0x00000000
实际校验值 0x000bfcc9
最低操作系统版本要求 4.0
编译时间 2020-02-06 20:54:38
载入哈希 d2907d4c2de6ea99979b14af9d8872a8

版本信息

LegalCopyright: \u4f5c\u8005\u7248\u6743\u6240\u6709 \u8bf7\u5c0a\u91cd\u5e76\u4f7f\u7528\u6b63\u7248
FileVersion: 1.0.0.0
Comments: \u8bbe\u7f6e
ProductName: \u8bbe\u7f6e
ProductVersion: 1.0.0.0
FileDescription: \u8bbe\u7f6e
Translation: 0x0804 0x04b0

PE数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0007a3ee 0x0007b000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.57
.rdata 0x0007c000 0x00012dbe 0x00013000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.60
.data 0x0008f000 0x000219a8 0x00012000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.08
.rsrc 0x000b1000 0x00015648 0x00016000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.32

导入

库 KERNEL32.dll:
0x47c170 - SetEndOfFile
0x47c174 - UnlockFile
0x47c178 - LockFile
0x47c17c - FlushFileBuffers
0x47c180 - SetFilePointer
0x47c184 - GetCurrentProcess
0x47c188 - DuplicateHandle
0x47c18c - SetLastError
0x47c190 - lstrcpynA
0x47c194 - GetVersion
0x47c198 - GlobalGetAtomNameA
0x47c19c - GlobalAddAtomA
0x47c1a0 - GlobalFindAtomA
0x47c1a4 - GlobalDeleteAtom
0x47c1a8 - lstrcmpA
0x47c1ac - lstrcmpiA
0x47c1b0 - CreateSemaphoreA
0x47c1b4 - ResumeThread
0x47c1b8 - ReleaseSemaphore
0x47c1bc - EnterCriticalSection
0x47c1c0 - LeaveCriticalSection
0x47c1c4 - FindResourceA
0x47c1c8 - SetStdHandle
0x47c1cc - CompareStringW
0x47c1d0 - CompareStringA
0x47c1d4 - IsBadCodePtr
0x47c1d8 - IsBadReadPtr
0x47c1dc - GetStringTypeW
0x47c1e0 - GetStringTypeA
0x47c1e4 - SetUnhandledExceptionFilter
0x47c1e8 - SetEnvironmentVariableA
0x47c1ec - IsBadWritePtr
0x47c1f0 - VirtualAlloc
0x47c1f4 - LCMapStringW
0x47c1f8 - LCMapStringA
0x47c1fc - VirtualFree
0x47c200 - HeapCreate
0x47c204 - HeapDestroy
0x47c208 - GetEnvironmentVariableA
0x47c20c - GetFileType
0x47c210 - GetStdHandle
0x47c214 - SetHandleCount
0x47c218 - GetEnvironmentStringsW
0x47c21c - GetEnvironmentStrings
0x47c220 - FreeEnvironmentStringsW
0x47c224 - FreeEnvironmentStringsA
0x47c228 - UnhandledExceptionFilter
0x47c22c - GetACP
0x47c230 - HeapSize
0x47c234 - GetLocalTime
0x47c238 - GetSystemTime
0x47c23c - GetTimeZoneInformation
0x47c240 - RaiseException
0x47c244 - LoadResource
0x47c248 - LockResource
0x47c24c - GetFullPathNameA
0x47c250 - WritePrivateProfileStringA
0x47c254 - CreateThread
0x47c258 - CreateEventA
0x47c25c - GetFileAttributesA
0x47c260 - SetCurrentDirectoryA
0x47c264 - GetCommandLineA
0x47c268 - GetModuleFileNameA
0x47c26c - Sleep
0x47c270 - WideCharToMultiByte
0x47c274 - MultiByteToWideChar
0x47c278 - GetProfileStringA
0x47c27c - CreateFileA
0x47c280 - WriteFile
0x47c284 - ReadFile
0x47c288 - GetLastError
0x47c28c - WaitForMultipleObjects
0x47c290 - SetEvent
0x47c294 - GlobalAlloc
0x47c298 - WaitForSingleObject
0x47c29c - CloseHandle
0x47c2a0 - MulDiv
0x47c2a4 - GetCurrentThreadId
0x47c2a8 - ExitProcess
0x47c2ac - GetModuleHandleA
0x47c2b0 - GetProcAddress
0x47c2b4 - LoadLibraryA
0x47c2b8 - FreeLibrary
0x47c2bc - GlobalSize
0x47c2c0 - GlobalLock
0x47c2c4 - GlobalFree
0x47c2c8 - DeleteCriticalSection
0x47c2cc - InitializeCriticalSection
0x47c2d0 - GetVersionExA
0x47c2d4 - lstrcatA
0x47c2d8 - TerminateProcess
0x47c2dc - RtlUnwind
0x47c2e0 - GetStartupInfoA
0x47c2e4 - SetErrorMode
0x47c2e8 - GetOEMCP
0x47c2ec - GetCPInfo
0x47c2f0 - GetProcessVersion
0x47c2f4 - GetFileTime
0x47c2f8 - GetFileSize
0x47c2fc - TlsGetValue
0x47c300 - LocalReAlloc
0x47c304 - TlsSetValue
0x47c308 - TlsFree
0x47c30c - GlobalHandle
0x47c310 - TlsAlloc
0x47c314 - LocalAlloc
0x47c318 - GlobalFlags
0x47c31c - lstrlenA
0x47c320 - WinExec
0x47c324 - lstrcpyA
0x47c328 - FindFirstFileA
0x47c32c - FindNextFileA
0x47c330 - FindClose
0x47c334 - FileTimeToLocalFileTime
0x47c338 - FileTimeToSystemTime
0x47c33c - LocalFree
0x47c340 - InterlockedDecrement
0x47c344 - InterlockedIncrement
0x47c348 - GetVolumeInformationA
0x47c34c - GetTickCount
0x47c350 - GlobalUnlock
0x47c354 - GlobalReAlloc
0x47c358 - HeapFree
0x47c35c - HeapReAlloc
0x47c360 - GetProcessHeap
0x47c364 - HeapAlloc
0x47c368 - GetCurrentThread
库 USER32.dll:
0x47c38c - GetWindowRect
0x47c390 - GetSystemMetrics
0x47c394 - RedrawWindow
0x47c398 - InvalidateRect
0x47c39c - EnableWindow
0x47c3a0 - wsprintfA
0x47c3a4 - IsWindowVisible
0x47c3a8 - FillRect
0x47c3ac - OffsetRect
0x47c3b0 - GetClientRect
0x47c3b4 - PtInRect
0x47c3b8 - SetParent
0x47c3bc - SendMessageA
0x47c3c0 - LoadCursorA
0x47c3c4 - IsRectEmpty
0x47c3c8 - IsWindow
0x47c3cc - GetWindowLongA
0x47c3d0 - SetWindowLongA
0x47c3d4 - DestroyIcon
0x47c3d8 - IntersectRect
0x47c3dc - InflateRect
0x47c3e0 - SetRect
0x47c3e4 - SetScrollPos
0x47c3e8 - SetScrollRange
0x47c3ec - GetScrollRange
0x47c3f0 - PostMessageA
0x47c3f4 - SetCapture
0x47c3f8 - GetSysColor
0x47c3fc - GetParent
0x47c400 - CharUpperA
0x47c404 - GetCapture
0x47c408 - ReleaseCapture
0x47c40c - SetTimer
0x47c410 - KillTimer
0x47c414 - WinHelpA
0x47c418 - LoadBitmapA
0x47c41c - CopyRect
0x47c420 - GetFocus
0x47c424 - ChildWindowFromPointEx
0x47c428 - ScreenToClient
0x47c42c - GetMessagePos
0x47c430 - UpdateWindow
0x47c434 - SetWindowRgn
0x47c438 - DestroyCursor
0x47c43c - DestroyAcceleratorTable
0x47c440 - IsChild
0x47c444 - GetWindow
0x47c448 - GetTopWindow
0x47c44c - GetActiveWindow
0x47c450 - SetWindowPos
0x47c454 - SetFocus
0x47c458 - DestroyMenu
0x47c45c - SetActiveWindow
0x47c460 - IsIconic
0x47c464 - PeekMessageA
0x47c468 - SetMenu
0x47c46c - GetMenu
0x47c470 - SetCursorPos
0x47c474 - GetCursorPos
0x47c478 - TranslateMessage
0x47c47c - LoadIconA
0x47c480 - CreatePopupMenu
0x47c484 - AppendMenuA
0x47c488 - ModifyMenuA
0x47c48c - CreateMenu
0x47c490 - CreateAcceleratorTableA
0x47c494 - GetSubMenu
0x47c498 - EnableMenuItem
0x47c49c - GetDC
0x47c4a0 - ReleaseDC
0x47c4a4 - SetForegroundWindow
0x47c4a8 - EqualRect
0x47c4ac - ValidateRect
0x47c4b0 - GetDlgCtrlID
0x47c4b4 - EnumDisplaySettingsA
0x47c4b8 - LoadImageA
0x47c4bc - MessageBoxA
0x47c4c0 - CreateIconFromResourceEx
0x47c4c4 - CreateIconFromResource
0x47c4c8 - DrawIconEx
0x47c4cc - DrawFrameControl
0x47c4d0 - DrawEdge
0x47c4d4 - DrawFocusRect
0x47c4d8 - GetClipboardData
0x47c4dc - OpenClipboard
0x47c4e0 - EmptyClipboard
0x47c4e4 - SetClipboardData
0x47c4e8 - CloseClipboard
0x47c4ec - GetMessageA
0x47c4f0 - DispatchMessageA
0x47c4f4 - SetRectEmpty
0x47c4f8 - GetWindowPlacement
0x47c4fc - RegisterWindowMessageA
0x47c500 - GetForegroundWindow
0x47c504 - GetLastActivePopup
0x47c508 - GetMessageTime
0x47c50c - RemovePropA
0x47c510 - CallWindowProcA
0x47c514 - GetPropA
0x47c518 - UnhookWindowsHookEx
0x47c51c - SetPropA
0x47c520 - GetClassLongA
0x47c524 - CallNextHookEx
0x47c528 - SetWindowsHookExA
0x47c52c - CreateWindowExA
0x47c530 - DestroyWindow
0x47c534 - GetWindowTextA
0x47c538 - GetWindowTextLengthA
0x47c53c - GetDlgItem
0x47c540 - GetMenuItemID
0x47c544 - GetMenuItemCount
0x47c548 - RegisterClassA
0x47c54c - GetScrollPos
0x47c550 - AdjustWindowRectEx
0x47c554 - MapWindowPoints
0x47c558 - SendDlgItemMessageA
0x47c55c - UnregisterClassA
0x47c560 - ScrollWindowEx
0x47c564 - IsDialogMessageA
0x47c568 - SetWindowTextA
0x47c56c - MoveWindow
0x47c570 - GetWindowDC
0x47c574 - BeginPaint
0x47c578 - EndPaint
0x47c57c - TabbedTextOutA
0x47c580 - DrawTextA
0x47c584 - GrayStringA
0x47c588 - GetNextDlgTabItem
0x47c58c - CheckMenuItem
0x47c590 - SetMenuItemBitmaps
0x47c594 - GetMenuState
0x47c598 - GetMenuCheckMarkDimensions
0x47c59c - CreateDialogIndirectParamA
0x47c5a0 - EndDialog
0x47c5a4 - GetClassNameA
0x47c5a8 - GetDesktopWindow
0x47c5ac - GetSysColorBrush
0x47c5b0 - LoadStringA
0x47c5b4 - RegisterClipboardFormatA
0x47c5b8 - ClientToScreen
0x47c5bc - WindowFromPoint
0x47c5c0 - SystemParametersInfoA
0x47c5c4 - ShowWindow
0x47c5c8 - SetCursor
0x47c5cc - IsWindowEnabled
0x47c5d0 - TranslateAcceleratorA
0x47c5d4 - GetKeyState
0x47c5d8 - CopyAcceleratorTableA
0x47c5dc - PostQuitMessage
0x47c5e0 - IsZoomed
0x47c5e4 - GetClassInfoA
0x47c5e8 - DefWindowProcA
0x47c5ec - GetSystemMenu
0x47c5f0 - DeleteMenu
库 GDI32.dll:
0x47c024 - StartDocA
0x47c028 - CreatePolygonRgn
0x47c02c - GetWindowExtEx
0x47c030 - GetViewportOrgEx
0x47c034 - GetWindowOrgEx
0x47c038 - SetStretchBltMode
0x47c03c - StretchBlt
0x47c040 - CreateDIBitmap
0x47c044 - GetClipRgn
0x47c048 - SelectClipRgn
0x47c04c - DeleteObject
0x47c050 - LPtoDP
0x47c054 - CreateRectRgnIndirect
0x47c058 - DeleteDC
0x47c05c - BeginPath
0x47c060 - EndPath
0x47c064 - PathToRegion
0x47c068 - CreateEllipticRgn
0x47c06c - CreateRoundRectRgn
0x47c070 - EndDoc
0x47c074 - GetTextColor
0x47c078 - GetBkMode
0x47c07c - GetBkColor
0x47c080 - GetROP2
0x47c084 - GetStretchBltMode
0x47c088 - GetPolyFillMode
0x47c08c - SetBkColor
0x47c090 - EndPage
0x47c094 - CreateCompatibleBitmap
0x47c098 - CreateDCA
0x47c09c - GetDeviceCaps
0x47c0a0 - DPtoLP
0x47c0a4 - CreateBitmap
0x47c0a8 - CreateCompatibleDC
0x47c0ac - SelectObject
0x47c0b0 - BitBlt
0x47c0b4 - GetObjectA
0x47c0b8 - CreatePen
0x47c0bc - PatBlt
0x47c0c0 - Rectangle
0x47c0c4 - Ellipse
0x47c0c8 - RoundRect
0x47c0cc - CombineRgn
0x47c0d0 - CreateRectRgn
0x47c0d4 - FillRgn
0x47c0d8 - GetCurrentObject
0x47c0dc - GetTextExtentPoint32A
0x47c0e0 - CreateSolidBrush
0x47c0e4 - GetStockObject
0x47c0e8 - CreateFontIndirectA
0x47c0ec - GetTextMetricsA
0x47c0f0 - GetClipBox
0x47c0f4 - SetTextColor
0x47c0f8 - SaveDC
0x47c0fc - RestoreDC
0x47c100 - SetBkMode
0x47c104 - SetPolyFillMode
0x47c108 - SetROP2
0x47c10c - SetMapMode
0x47c110 - SetViewportOrgEx
0x47c114 - OffsetViewportOrgEx
0x47c118 - SetViewportExtEx
0x47c11c - ScaleViewportExtEx
0x47c120 - SetWindowOrgEx
0x47c124 - SetWindowExtEx
0x47c128 - ScaleWindowExtEx
0x47c12c - ExcludeClipRect
0x47c130 - MoveToEx
0x47c134 - LineTo
0x47c138 - GetDIBits
0x47c13c - RealizePalette
0x47c140 - SelectPalette
0x47c144 - CreatePalette
0x47c148 - GetSystemPaletteEntries
0x47c14c - StartPage
0x47c150 - Escape
0x47c154 - ExtTextOutA
0x47c158 - TextOutA
0x47c15c - RectVisible
0x47c160 - PtVisible
0x47c164 - GetViewportExtEx
0x47c168 - ExtSelectClipRgn
库 WINMM.dll:
0x47c5f8 - midiStreamRestart
0x47c5fc - midiStreamClose
0x47c600 - midiOutReset
0x47c604 - midiStreamStop
0x47c608 - midiStreamOut
0x47c60c - midiOutPrepareHeader
0x47c610 - midiStreamProperty
0x47c614 - midiStreamOpen
0x47c618 - midiOutUnprepareHeader
0x47c61c - waveOutOpen
0x47c620 - waveOutGetNumDevs
0x47c624 - waveOutClose
0x47c628 - waveOutReset
0x47c62c - waveOutPause
0x47c630 - waveOutWrite
0x47c634 - waveOutPrepareHeader
0x47c638 - waveOutUnprepareHeader
库 WINSPOOL.DRV:
0x47c640 - ClosePrinter
0x47c644 - DocumentPropertiesA
0x47c648 - OpenPrinterA
库 ADVAPI32.dll:
0x47c000 - RegCreateKeyExA
0x47c004 - RegCloseKey
0x47c008 - RegQueryValueA
0x47c00c - RegOpenKeyExA
0x47c010 - RegSetValueExA
库 SHELL32.dll:
0x47c380 - ShellExecuteA
0x47c384 - Shell_NotifyIconA
库 ole32.dll:
0x47c68c - OleInitialize
0x47c690 - OleUninitialize
0x47c694 - CLSIDFromString
库 OLEAUT32.dll:
0x47c370 - LoadTypeLib
0x47c374 - RegisterTypeLib
0x47c378 - UnRegisterTypeLib
库 COMCTL32.dll:
0x47c018 - ImageList_Destroy
0x47c01c - None
库 WS2_32.dll:
0x47c650 - inet_ntoa
0x47c654 - getpeername
0x47c658 - accept
0x47c65c - ioctlsocket
0x47c660 - recvfrom
0x47c664 - recv
0x47c668 - WSACleanup
0x47c66c - WSAAsyncSelect
0x47c670 - closesocket
库 comdlg32.dll:
0x47c678 - ChooseColorA
0x47c67c - GetSaveFileNameA
0x47c680 - GetOpenFileNameA
0x47c684 - GetFileTitleA

投放文件

无信息

行为分析

互斥量(Mutexes) 无信息
执行的命令 无信息
创建的服务 无信息
启动的服务 无信息

进程

______.exe PID: 2728, 上一级进程 PID: 2332

访问的文件
  • C:\Windows\Globalization\Sorting\sortdefault.nls
读取的文件
  • C:\Windows\Globalization\Sorting\sortdefault.nls
修改的文件 无信息
删除的文件 无信息
注册表键 无信息
读取的注册表键 无信息
修改的注册表键 无信息
删除的注册表键 无信息
API解析
  • kernel32.dll.IsProcessorFeaturePresent
  • cryptbase.dll.SystemFunction036
  • kernel32.dll.SortGetHandle
  • kernel32.dll.SortCloseHandle