魔盾安全分析报告

分析类型 开始时间 结束时间 持续时间 分析引擎版本
FILE 2020-04-08 17:32:03 2020-04-08 17:32:32 29 秒 1.4-Maldun
虚拟机机器名 标签 虚拟机管理 开机时间 关机时间
win7-sp1-x64-shaapp01-1 win7-sp1-x64-shaapp01-1 KVM 2020-04-08 17:32:04 2020-04-08 17:32:34
魔盾分数

8.75

恶意的

文件详细信息

文件名 直播插件.exe
文件大小 1003520 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 B89FDF27
MD5 fca8263c549d25e6f6804b399c86f518
SHA1 38dc17d56d9ab8824659d8ebe997fc5399b8595a
SHA256 a217e7b4b2864757f36b40fd97e7a6b334067b0cc7d8f99b2f3939a53e6154ae
SHA512 6f9601daac7d5b50548c6f51ef4558d11ac360bf92014fcea2c7775f471982ab79e8cb1952b5c30a364e9551476024517ece212932bef69ff392d017f1e4e22b
Ssdeep 12288:JCRoBOHdFKbnJZnLKTtsOLYcF/Gx6vi/eFOOHl1KFycNQwp7Sp73YW5WT:ISBOT0JZqYcIx43l1KFywlpmp73G
PEiD 无匹配
Yara
  • DebuggerTiming__PerformanceCounter ()
  • DebuggerTiming__Ticks (Detected timing ticks function)
  • ThreadControl__Context ()
  • inject_thread (Detected code injection function with CreateRemoteThread in a remote process)
  • network_http (Detected communications function over HTTP)
  • screenshot (Detected take screenshot function)
  • create_process (Detection function for creating a new process)
  • keylogger (Detected keylogger function)
  • win_registry (Detected system registries modification function)
  • change_win_registry (Change registries to affect system)
  • win_files_operation (Affect private profile)
  • win_hook (Detected hook table access function)
  • win_private_profile (Detected private profile access function)
  • Maldun_Anomoly_Combined_Activities_Network_Logging (Spotted potential abnormal behaviors, like logging and network communications)
  • Maldun_Anomoly_Combined_Activities_7 (Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files)
  • Advapi_Hash_API (Looks for advapi API functions)
  • CRC32_poly_Constant (Look for CRC32 [poly])
  • CRC32_table (Look for CRC32 table)
  • IsPE32 (Detected a 32bit PE sample)
  • IsWindowsGUI (Detected a Windows GUI sample)
  • IsPacked (Detected Entropy signature)
  • HasRichSignature (Detected Rich Signature)
VirusTotal 无此文件扫描结果

特征

二进制文件可能包含加密或压缩数据
section: name: .text, entropy: 7.21, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x000b2000, virtual_size: 0x000b1b79
通过进程尝试长时间延迟分析任务
Process: ____________.exe tried to sleep 360 seconds, actually delayed analysis time by 0 seconds
魔盾安全Yara规则检测结果 - 高危
Warning: Detected code injection function with CreateRemoteThread in a remote process
Critical: Spotted potential abnormal behaviors, like logging and network communications
Critical: Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files
Warning: Looks for advapi API functions

运行截图

网络分析

无信息

静态分析

PE 信息

初始地址 0x00400000
入口地址 0x004b27ec
声明校验值 0x00000000
实际校验值 0x000f9ea8
最低操作系统版本要求 4.0
编译时间 2020-04-05 12:28:37
载入哈希 c4be68886f4ecc7c453da098ef9b469b
图标
图标精确哈希值 027e291a6b7abf6b6d795e2cabadf733
图标相似性哈希值 14fbc9405dbf816c70d31815b7d5b0dc

版本信息

LegalCopyright: Lvetvoadc
FileVersion: 1.0.0.0
CompanyName: Lvetvoadc
Comments: Lvetvoadc
ProductName: Lvetvoadc
ProductVersion: 1.0.0.0
FileDescription: Lvetvoadc
Translation: 0x0804 0x04b0

PE数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000b1b79 0x000b2000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.21
.rdata 0x000b3000 0x0001686a 0x00017000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.67
.data 0x000ca000 0x00041f8a 0x00015000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.95
.rsrc 0x0010c000 0x0001547c 0x00016000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.44

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TEXTINCLUDE 0x0010cb78 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x0010cb78 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x0010cb78 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
RT_CURSOR 0x0010d068 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x0010d068 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x0010d068 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x0010d068 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_BITMAP 0x0010e770 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0010e770 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0010e770 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0010e770 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0010e770 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0010e770 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0010e770 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0010e770 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0010e770 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0010e770 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0010e770 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0010e770 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0010e770 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0010e770 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_ICON 0x0010ecc4 0x00010828 LANG_NEUTRAL SUBLANG_NEUTRAL 3.87 dBase III DBT, version number 0, next free block index 40
RT_ICON 0x0010ecc4 0x00010828 LANG_NEUTRAL SUBLANG_NEUTRAL 3.87 dBase III DBT, version number 0, next free block index 40
RT_ICON 0x0010ecc4 0x00010828 LANG_NEUTRAL SUBLANG_NEUTRAL 3.87 dBase III DBT, version number 0, next free block index 40
RT_MENU 0x0011f4f8 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_MENU 0x0011f4f8 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_DIALOG 0x00120740 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00120740 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00120740 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00120740 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00120740 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00120740 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00120740 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00120740 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00120740 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00120740 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_STRING 0x00121188 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00121188 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00121188 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00121188 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00121188 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00121188 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00121188 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00121188 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00121188 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00121188 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00121188 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_GROUP_CURSOR 0x001211d4 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001211d4 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001211d4 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON 0x00121220 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x00121220 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x00121220 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION 0x00121234 0x00000248 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.18 data

导入

库 iphlpapi.dll:
0x4b3774 - GetAdaptersInfo
库 WINMM.dll:
0x4b3698 - midiStreamOut
0x4b369c - midiOutPrepareHeader
0x4b36a0 - waveOutUnprepareHeader
0x4b36a4 - waveOutPrepareHeader
0x4b36a8 - waveOutWrite
0x4b36ac - waveOutPause
0x4b36b0 - waveOutReset
0x4b36b4 - waveOutClose
0x4b36b8 - waveOutGetNumDevs
0x4b36bc - midiStreamStop
0x4b36c0 - midiOutReset
0x4b36c4 - midiStreamClose
0x4b36c8 - midiStreamRestart
0x4b36cc - waveOutOpen
0x4b36d0 - midiOutUnprepareHeader
0x4b36d4 - midiStreamOpen
0x4b36d8 - midiStreamProperty
库 WS2_32.dll:
0x4b36f0 - socket
0x4b36f4 - htonl
0x4b36f8 - bind
0x4b36fc - htons
0x4b3700 - WSAAsyncSelect
0x4b3704 - closesocket
0x4b3708 - send
0x4b370c - select
0x4b3710 - WSACleanup
0x4b3714 - gethostbyname
0x4b3718 - inet_ntoa
0x4b371c - ntohs
0x4b3720 - getsockname
0x4b3724 - sendto
0x4b3728 - recvfrom
0x4b372c - ioctlsocket
0x4b3730 - connect
0x4b3734 - recv
0x4b3738 - inet_addr
0x4b373c - gethostname
0x4b3740 - listen
0x4b3744 - getpeername
0x4b3748 - accept
0x4b374c - __WSAFDIsSet
0x4b3750 - shutdown
0x4b3754 - WSAStartup
0x4b3758 - WSAGetLastError
库 RASAPI32.dll:
0x4b33ec - RasHangUpA
0x4b33f0 - RasGetConnectStatusA
库 KERNEL32.dll:
0x4b3180 - EnterCriticalSection
0x4b3184 - ReleaseSemaphore
0x4b3188 - ResumeThread
0x4b318c - CreateSemaphoreA
0x4b3190 - TerminateThread
0x4b3194 - SetFilePointer
0x4b3198 - GetFileSize
0x4b319c - GetCurrentProcess
0x4b31a0 - TerminateProcess
0x4b31a4 - LeaveCriticalSection
0x4b31a8 - SetLastError
0x4b31ac - QueryPerformanceFrequency
0x4b31b0 - QueryPerformanceCounter
0x4b31b4 - GetTimeZoneInformation
0x4b31b8 - GetVersion
0x4b31bc - FileTimeToSystemTime
0x4b31c0 - GetOEMCP
0x4b31c4 - GetCPInfo
0x4b31c8 - GetProcessVersion
0x4b31cc - SetErrorMode
0x4b31d0 - GlobalFlags
0x4b31d4 - GetCurrentThread
0x4b31d8 - GetFileTime
0x4b31dc - TlsGetValue
0x4b31e0 - LocalReAlloc
0x4b31e4 - TlsSetValue
0x4b31e8 - TlsFree
0x4b31ec - GlobalHandle
0x4b31f0 - TlsAlloc
0x4b31f4 - LocalAlloc
0x4b31f8 - lstrcmpA
0x4b31fc - GlobalGetAtomNameA
0x4b3200 - GlobalAddAtomA
0x4b3204 - GlobalFindAtomA
0x4b3208 - GlobalDeleteAtom
0x4b320c - lstrcmpiA
0x4b3210 - SetEndOfFile
0x4b3214 - UnlockFile
0x4b3218 - LockFile
0x4b321c - FlushFileBuffers
0x4b3220 - DuplicateHandle
0x4b3224 - lstrcpynA
0x4b3228 - FileTimeToLocalFileTime
0x4b322c - LocalFree
0x4b3230 - WideCharToMultiByte
0x4b3234 - InterlockedDecrement
0x4b3238 - InterlockedIncrement
0x4b323c - GetProfileStringA
0x4b3240 - WriteFile
0x4b3244 - WaitForMultipleObjects
0x4b3248 - CreateFileA
0x4b324c - DeviceIoControl
0x4b3250 - SetEvent
0x4b3254 - FindResourceA
0x4b3258 - LoadResource
0x4b325c - LockResource
0x4b3260 - ReadFile
0x4b3264 - lstrlenW
0x4b3268 - RemoveDirectoryA
0x4b326c - GetModuleFileNameA
0x4b3270 - GetCurrentThreadId
0x4b3274 - ExitProcess
0x4b3278 - GlobalSize
0x4b327c - GlobalFree
0x4b3280 - DeleteCriticalSection
0x4b3284 - InitializeCriticalSection
0x4b3288 - lstrcatA
0x4b328c - lstrlenA
0x4b3290 - WinExec
0x4b3294 - lstrcpyA
0x4b3298 - FindNextFileA
0x4b329c - GlobalReAlloc
0x4b32a0 - HeapFree
0x4b32a4 - HeapReAlloc
0x4b32a8 - GetProcessHeap
0x4b32ac - HeapAlloc
0x4b32b0 - GetUserDefaultLCID
0x4b32b4 - GetFullPathNameA
0x4b32b8 - FreeLibrary
0x4b32bc - LoadLibraryA
0x4b32c0 - GetLastError
0x4b32c4 - GetVersionExA
0x4b32c8 - WritePrivateProfileStringA
0x4b32cc - CreateThread
0x4b32d0 - CreateEventA
0x4b32d4 - Sleep
0x4b32d8 - ExpandEnvironmentStringsA
0x4b32dc - GlobalAlloc
0x4b32e0 - GlobalLock
0x4b32e4 - GlobalUnlock
0x4b32e8 - FindFirstFileA
0x4b32ec - FindClose
0x4b32f0 - GetFileAttributesA
0x4b32f4 - InterlockedExchange
0x4b32f8 - DeleteFileA
0x4b32fc - SetCurrentDirectoryA
0x4b3300 - GetVolumeInformationA
0x4b3304 - GetModuleHandleA
0x4b3308 - GetProcAddress
0x4b330c - MulDiv
0x4b3310 - GetCommandLineA
0x4b3314 - GetTickCount
0x4b3318 - CreateProcessA
0x4b331c - WaitForSingleObject
0x4b3320 - CloseHandle
0x4b3324 - GetStartupInfoA
0x4b3328 - RtlUnwind
0x4b332c - GetSystemTime
0x4b3330 - GetLocalTime
0x4b3334 - RaiseException
0x4b3338 - HeapSize
0x4b333c - GetACP
0x4b3340 - SetStdHandle
0x4b3344 - GetFileType
0x4b3348 - UnhandledExceptionFilter
0x4b334c - FreeEnvironmentStringsA
0x4b3350 - FreeEnvironmentStringsW
0x4b3354 - GetEnvironmentStrings
0x4b3358 - GetEnvironmentStringsW
0x4b335c - SetHandleCount
0x4b3360 - GetStdHandle
0x4b3364 - GetEnvironmentVariableA
0x4b3368 - HeapDestroy
0x4b336c - HeapCreate
0x4b3370 - VirtualFree
0x4b3374 - SetEnvironmentVariableA
0x4b3378 - LCMapStringA
0x4b337c - LCMapStringW
0x4b3380 - VirtualAlloc
0x4b3384 - IsBadWritePtr
0x4b3388 - GetStringTypeA
0x4b338c - GetStringTypeW
0x4b3390 - SetUnhandledExceptionFilter
0x4b3394 - CompareStringA
0x4b3398 - CompareStringW
0x4b339c - IsBadReadPtr
0x4b33a0 - IsBadCodePtr
0x4b33a4 - MultiByteToWideChar
库 USER32.dll:
0x4b3404 - KillTimer
0x4b3408 - WinHelpA
0x4b340c - LoadBitmapA
0x4b3410 - CopyRect
0x4b3414 - ChildWindowFromPointEx
0x4b3418 - ScreenToClient
0x4b341c - GetMessagePos
0x4b3420 - SetTimer
0x4b3424 - ReleaseCapture
0x4b3428 - GetCapture
0x4b342c - SetCapture
0x4b3430 - GetScrollRange
0x4b3434 - SetScrollRange
0x4b3438 - GetSysColorBrush
0x4b343c - SetWindowRgn
0x4b3440 - DestroyAcceleratorTable
0x4b3444 - GetWindow
0x4b3448 - GetActiveWindow
0x4b344c - SetFocus
0x4b3450 - IsIconic
0x4b3454 - PeekMessageA
0x4b3458 - SetMenu
0x4b345c - GetMenu
0x4b3460 - DefWindowProcA
0x4b3464 - GetClassInfoA
0x4b3468 - IsZoomed
0x4b346c - PostQuitMessage
0x4b3470 - CopyAcceleratorTableA
0x4b3474 - GetKeyState
0x4b3478 - TranslateAcceleratorA
0x4b347c - IsWindowEnabled
0x4b3480 - ShowWindow
0x4b3484 - SystemParametersInfoA
0x4b3488 - LoadImageA
0x4b348c - EnumDisplaySettingsA
0x4b3490 - SetScrollPos
0x4b3494 - SetRect
0x4b3498 - InflateRect
0x4b349c - IntersectRect
0x4b34a0 - DestroyIcon
0x4b34a4 - PtInRect
0x4b34a8 - OffsetRect
0x4b34ac - IsWindowVisible
0x4b34b0 - EnableWindow
0x4b34b4 - RedrawWindow
0x4b34b8 - GetWindowLongA
0x4b34bc - SetWindowLongA
0x4b34c0 - ClientToScreen
0x4b34c4 - GetMenuCheckMarkDimensions
0x4b34c8 - GetMenuState
0x4b34cc - SetMenuItemBitmaps
0x4b34d0 - CheckMenuItem
0x4b34d4 - MoveWindow
0x4b34d8 - IsDialogMessageA
0x4b34dc - ScrollWindowEx
0x4b34e0 - SendDlgItemMessageA
0x4b34e4 - MapWindowPoints
0x4b34e8 - AdjustWindowRectEx
0x4b34ec - GetScrollPos
0x4b34f0 - RegisterClassA
0x4b34f4 - GetMenuItemCount
0x4b34f8 - GetMenuItemID
0x4b34fc - CreateWindowExA
0x4b3500 - SetWindowsHookExA
0x4b3504 - CallNextHookEx
0x4b3508 - GetClassLongA
0x4b350c - SetPropA
0x4b3510 - UnhookWindowsHookEx
0x4b3514 - GetPropA
0x4b3518 - GetSysColor
0x4b351c - SetActiveWindow
0x4b3520 - SetCursorPos
0x4b3524 - LoadCursorA
0x4b3528 - SetCursor
0x4b352c - GetDC
0x4b3530 - FillRect
0x4b3534 - IsRectEmpty
0x4b3538 - ReleaseDC
0x4b353c - IsChild
0x4b3540 - DestroyMenu
0x4b3544 - SetForegroundWindow
0x4b3548 - GetWindowRect
0x4b354c - EqualRect
0x4b3550 - UpdateWindow
0x4b3554 - ValidateRect
0x4b3558 - InvalidateRect
0x4b355c - GetClientRect
0x4b3560 - GetFocus
0x4b3564 - GetParent
0x4b3568 - GetTopWindow
0x4b356c - PostMessageA
0x4b3570 - IsWindow
0x4b3574 - SetParent
0x4b3578 - DestroyCursor
0x4b357c - SendMessageA
0x4b3580 - SetWindowPos
0x4b3584 - MessageBoxA
0x4b3588 - GetCursorPos
0x4b358c - GetSystemMetrics
0x4b3590 - EmptyClipboard
0x4b3594 - SetClipboardData
0x4b3598 - OpenClipboard
0x4b359c - GetClipboardData
0x4b35a0 - CloseClipboard
0x4b35a4 - wsprintfA
0x4b35a8 - WaitForInputIdle
0x4b35ac - EnableMenuItem
0x4b35b0 - GetSubMenu
0x4b35b4 - GetDlgCtrlID
0x4b35b8 - CreateAcceleratorTableA
0x4b35bc - CreateMenu
0x4b35c0 - ModifyMenuA
0x4b35c4 - AppendMenuA
0x4b35c8 - CreatePopupMenu
0x4b35cc - DrawIconEx
0x4b35d0 - CreateIconFromResource
0x4b35d4 - CreateIconFromResourceEx
0x4b35d8 - RegisterClipboardFormatA
0x4b35dc - SetRectEmpty
0x4b35e0 - DispatchMessageA
0x4b35e4 - GetMessageA
0x4b35e8 - WindowFromPoint
0x4b35ec - UnregisterClassA
0x4b35f0 - DrawFocusRect
0x4b35f4 - DrawEdge
0x4b35f8 - DrawFrameControl
0x4b35fc - TranslateMessage
0x4b3600 - GetDesktopWindow
0x4b3604 - GetClassNameA
0x4b3608 - GetDlgItem
0x4b360c - GetWindowTextA
0x4b3610 - SetWindowTextA
0x4b3614 - LoadStringA
0x4b3618 - LoadIconA
0x4b361c - GetWindowTextLengthA
0x4b3620 - CharUpperA
0x4b3624 - GetWindowDC
0x4b3628 - BeginPaint
0x4b362c - EndPaint
0x4b3630 - TabbedTextOutA
0x4b3634 - DrawTextA
0x4b3638 - GrayStringA
0x4b363c - DestroyWindow
0x4b3640 - CreateDialogIndirectParamA
0x4b3644 - EndDialog
0x4b3648 - GetNextDlgTabItem
0x4b364c - GetWindowPlacement
0x4b3650 - RegisterWindowMessageA
0x4b3654 - GetForegroundWindow
0x4b3658 - GetLastActivePopup
0x4b365c - GetMessageTime
0x4b3660 - RemovePropA
0x4b3664 - CallWindowProcA
库 GDI32.dll:
0x4b3034 - GetTextMetricsA
0x4b3038 - Escape
0x4b303c - ExtTextOutA
0x4b3040 - TextOutA
0x4b3044 - RectVisible
0x4b3048 - PtVisible
0x4b304c - GetViewportExtEx
0x4b3050 - ExtSelectClipRgn
0x4b3054 - LineTo
0x4b3058 - MoveToEx
0x4b305c - RoundRect
0x4b3060 - GetTextExtentPoint32A
0x4b3064 - GetDeviceCaps
0x4b3068 - BeginPath
0x4b306c - GetWindowOrgEx
0x4b3070 - GetWindowExtEx
0x4b3074 - GetDIBits
0x4b3078 - RealizePalette
0x4b307c - SelectPalette
0x4b3080 - StretchBlt
0x4b3084 - CreatePalette
0x4b3088 - GetSystemPaletteEntries
0x4b308c - CreateDIBitmap
0x4b3090 - DeleteObject
0x4b3094 - SelectClipRgn
0x4b3098 - CreatePolygonRgn
0x4b309c - GetClipRgn
0x4b30a0 - SetStretchBltMode
0x4b30a4 - CreateRectRgnIndirect
0x4b30a8 - SetBkColor
0x4b30ac - ExcludeClipRect
0x4b30b0 - GetClipBox
0x4b30b4 - ScaleWindowExtEx
0x4b30b8 - SetWindowExtEx
0x4b30bc - SetWindowOrgEx
0x4b30c0 - ScaleViewportExtEx
0x4b30c4 - SetViewportExtEx
0x4b30c8 - OffsetViewportOrgEx
0x4b30cc - SetViewportOrgEx
0x4b30d0 - SetMapMode
0x4b30d4 - GetCurrentObject
0x4b30d8 - DPtoLP
0x4b30dc - LPtoDP
0x4b30e0 - Rectangle
0x4b30e4 - Ellipse
0x4b30e8 - CreateCompatibleDC
0x4b30ec - BitBlt
0x4b30f0 - StartPage
0x4b30f4 - StartDocA
0x4b30f8 - DeleteDC
0x4b30fc - EndDoc
0x4b3100 - EndPage
0x4b3104 - GetObjectA
0x4b3108 - GetStockObject
0x4b310c - CreateFontIndirectA
0x4b3110 - CreateSolidBrush
0x4b3114 - FillRgn
0x4b3118 - CreateRectRgn
0x4b311c - CombineRgn
0x4b3120 - PatBlt
0x4b3124 - CreatePen
0x4b3128 - SelectObject
0x4b312c - CreateBitmap
0x4b3130 - CreateDCA
0x4b3134 - SetTextColor
0x4b3138 - SetROP2
0x4b313c - SetPolyFillMode
0x4b3140 - SetBkMode
0x4b3144 - RestoreDC
0x4b3148 - SaveDC
0x4b314c - CreateCompatibleBitmap
0x4b3150 - GetPolyFillMode
0x4b3154 - GetStretchBltMode
0x4b3158 - GetROP2
0x4b315c - GetBkColor
0x4b3160 - GetBkMode
0x4b3164 - GetTextColor
0x4b3168 - CreateRoundRectRgn
0x4b316c - CreateEllipticRgn
0x4b3170 - PathToRegion
0x4b3174 - GetViewportOrgEx
0x4b3178 - EndPath
库 WINSPOOL.DRV:
0x4b36e0 - OpenPrinterA
0x4b36e4 - DocumentPropertiesA
0x4b36e8 - ClosePrinter
库 ADVAPI32.dll:
0x4b3000 - RegCloseKey
0x4b3004 - RegQueryValueExA
0x4b3008 - RegOpenKeyExA
0x4b300c - RegSetValueExA
0x4b3010 - RegCreateKeyA
0x4b3014 - RegDeleteValueA
0x4b3018 - RegDeleteKeyA
0x4b301c - RegQueryValueA
0x4b3020 - RegCreateKeyExA
库 SHELL32.dll:
0x4b33f8 - ShellExecuteA
0x4b33fc - Shell_NotifyIconA
库 ole32.dll:
0x4b377c - CLSIDFromProgID
0x4b3780 - OleRun
0x4b3784 - CoCreateInstance
0x4b3788 - CLSIDFromString
0x4b378c - OleUninitialize
0x4b3790 - OleInitialize
库 OLEAUT32.dll:
0x4b33ac - VariantChangeType
0x4b33b0 - VariantClear
0x4b33b4 - SafeArrayGetUBound
0x4b33b8 - SafeArrayGetLBound
0x4b33bc - SafeArrayGetElement
0x4b33c0 - VariantCopyInd
0x4b33c4 - VariantInit
0x4b33c8 - SysAllocString
0x4b33cc - SafeArrayGetDim
0x4b33d0 - SafeArrayUnaccessData
0x4b33d4 - UnRegisterTypeLib
0x4b33d8 - LoadTypeLib
0x4b33dc - LHashValOfNameSys
0x4b33e0 - RegisterTypeLib
0x4b33e4 - SafeArrayAccessData
库 COMCTL32.dll:
0x4b3028 - None
0x4b302c - ImageList_Destroy
库 WININET.dll:
0x4b366c - InternetCanonicalizeUrlA
0x4b3670 - InternetCrackUrlA
0x4b3674 - HttpOpenRequestA
0x4b3678 - HttpSendRequestA
0x4b367c - HttpQueryInfoA
0x4b3680 - InternetConnectA
0x4b3684 - InternetSetOptionA
0x4b3688 - InternetOpenA
0x4b368c - InternetCloseHandle
0x4b3690 - InternetReadFile
库 comdlg32.dll:
0x4b3760 - ChooseColorA
0x4b3764 - GetFileTitleA
0x4b3768 - GetSaveFileNameA
0x4b376c - GetOpenFileNameA

投放文件

无信息

行为分析

互斥量(Mutexes) 无信息
执行的命令 无信息
创建的服务 无信息
启动的服务 无信息

进程

____________.exe PID: 2612, 上一级进程 PID: 2320

访问的文件
  • C:\Windows\*.*
  • C:\Users\test\AppData\Local\Temp\kernel32.dll
  • C:\Users\test\AppData\Local\Temp\19238922
  • C:\Users\test\AppData\Local\Temp\19238922\....\
  • C:\Users\test\AppData\Local\Temp\____________.exe
  • C:\Users\test\AppData\Local\Temp\19238922\....\TemporaryFile
  • C:\Users\test\AppData\Local\Temp\19238922\TemporaryFile
  • C:\Users\test\AppData\Local\Temp\19238922\*.*
  • C:\Users\test\AppData\Local\Temp\19238922\TemporaryFile\*.*
  • C:\Users\test\AppData\Local\Temp\19238922\TemporaryFile\TemporaryFile
  • C:\Users\test\AppData\Local\Temp\kernel32.DLL
读取的文件
  • C:\Users\test\AppData\Local\Temp\____________.exe
  • C:\Users\test\AppData\Local\Temp\19238922\....\
修改的文件
  • C:\Users\test\AppData\Local\Temp\19238922\....\TemporaryFile
  • C:\Users\test\AppData\Local\Temp\19238922\TemporaryFile
删除的文件
  • C:\Users\test\AppData\Local\Temp\19238922\TemporaryFile\TemporaryFile
  • C:\Users\test\AppData\Local\Temp\19238922\TemporaryFile
  • C:\Users\test\AppData\Local\Temp\19238922
注册表键
  • HKEY_CURRENT_USER\System\CurrentControlSet\Control\MediaProperties\PrivateProperties
  • HKEY_CURRENT_USER\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\(Default)
  • HKEY_CURRENT_USER\Control Panel\Personalization
  • HKEY_CURRENT_USER\Control Panel\Personalization\(Default)
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
读取的注册表键
  • HKEY_CURRENT_USER\Control Panel\Personalization\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
修改的注册表键 无信息
删除的注册表键
  • HKEY_CURRENT_USER\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\(Default)
  • HKEY_CURRENT_USER\Control Panel\Personalization\(Default)
API解析
  • kernel32.dll.IsProcessorFeaturePresent
  • cryptbase.dll.SystemFunction036
  • kernel32.dll.GetTempPathA
  • kernel32.dll.CreateDirectoryA
  • kernel32.dll.MoveFileA
  • kernel32.dll.OpenThread
  • kernel32.dll.CreateWaitableTimerA
  • kernel32.dll.SetWaitableTimer
  • user32.dll.MsgWaitForMultipleObjects
  • kernel32.dll.CreateToolhelp32Snapshot
  • kernel32.dll.Process32First
  • kernel32.dll.Process32Next
  • kernel32.dll.CloseHandle
  • kernel32.dll.GetLogicalDriveStringsA