魔盾安全分析报告

分析类型 开始时间 结束时间 持续时间 分析引擎版本
FILE 2020-04-08 20:51:56 2020-04-08 20:53:57 121 秒 1.4-Maldun
虚拟机机器名 标签 虚拟机管理 开机时间 关机时间
win7-sp1-x64-shaapp01-2 win7-sp1-x64-shaapp01-2 KVM 2020-04-08 20:51:56 2020-04-08 20:53:59
魔盾分数

10.0

恶意的

文件详细信息

文件名 自瞄版本2.2.exe
文件大小 1798144 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 C7BE3C01
MD5 3f3ef74c2bac94c874a09b9c35a1cbba
SHA1 784899f1caaa040f663d284c3fcd085125f8ca59
SHA256 e9a79c7218cfc2014c1892a2b2676cd3aebd6fd5dedb735e2a8b34d067aac249
SHA512 682577961e3efb20dad1f91a5e6971c75131aad9a31e5af45b7c1be8334003cfd0fdd20c2796a51af78ff663b6b914ba00b3869275c730805de7e7a943640d3d
Ssdeep 24576:dMjrxI+MYHrfUEpLiIGVQKBvdzSt6Woi0PTZv+d4mO33piVvQ0:d+YENGVQK9Nur0TVdL3p10
PEiD 无匹配
Yara
  • UPXv20MarkusLaszloReiser ()
  • UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser ()
  • DebuggerHiding__Thread ()
  • DebuggerTiming__PerformanceCounter ()
  • DebuggerTiming__Ticks (Detected timing ticks function)
  • anti_dbg (Detected self protection if being debugged)
  • anti_dbgtools (Checks for the presence of known debug tools)
  • disable_dep (Bypass DEP)
  • network_http (Detected communications function over HTTP)
  • network_tcp_socket (Detected network communications over RAW socket)
  • network_dns (Detected network communications use DNS)
  • win_mutex (Create or check mutex)
  • screenshot (Detected take screenshot function)
  • create_process (Detection function for creating a new process)
  • escalate_priv (Detected escalate priviledges function)
  • keylogger (Detected keylogger function)
  • win_registry (Detected system registries modification function)
  • change_win_registry (Change registries to affect system)
  • win_token (Affect system token)
  • win_files_operation (Affect private profile)
  • win_hook (Detected hook table access function)
  • win_private_profile (Detected private profile access function)
  • Maldun_Anomoly_Combined_Activities_Network_Logging (Spotted potential abnormal behaviors, like logging and network communications)
  • Maldun_Anomoly_Combined_Activities_5 (Spotted potential mallicious behaviors like logging and network communication)
  • Maldun_Anomoly_Combined_Activities_7 (Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files)
  • with_images (Detected the presence of an or several images)
  • with_urls (Detected the presence of an or several urls)
  • CRC32_poly_Constant (Look for CRC32 [poly])
  • CRC32_table (Look for CRC32 table)
  • BLOWFISH_Constants (Look for Blowfish constants)
  • MD5_Constants (Look for MD5 constants)
  • RIPEMD160_Constants (Look for RIPEMD-160 constants)
  • SHA1_Constants (Look for SHA1 constants)
  • DES_sbox (Look for DES [sbox])
  • RijnDael_AES (Look for RijnDael AES)
  • IsPE32 (Detected a 32bit PE sample)
  • IsWindowsGUI (Detected a Windows GUI sample)
  • HasRichSignature (Detected Rich Signature)
  • UPX (Detected UPX. Commonly used by RAT!)
VirusTotal 无此文件扫描结果

特征

魔盾安全Yara规则检测结果 - 高危
Warning: Bypass DEP
Critical: Spotted potential abnormal behaviors, like logging and network communications
Critical: Spotted potential mallicious behaviors like logging and network communication
Critical: Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files
Warning: Detected UPX. Commonly used by RAT!
检测到样本尝试模糊或欺骗文件类型

运行截图

网络分析

无信息

静态分析

PE 信息

初始地址 0x00400000
入口地址 0x004d5f25
声明校验值 0x00000000
实际校验值 0x001be5eb
最低操作系统版本要求 4.0
编译时间 2020-04-08 20:26:41
载入哈希 96b464b517672eb260c5e13ba418189a
图标
图标精确哈希值 561f57d053b52009fb77a51d7b89b449
图标相似性哈希值 b3dcf49cb74668f8a713b737446fecc1

版本信息

LegalCopyright: \xe4\xe8\xe7\xe6\xe6\xe6 \xe8\xe5\xe9\xe5\xe4\xe7\xe6\xe7
FileVersion: 1.0.0.0
Comments: Microsoft Dynamics ERP
ProductName: Microsoft Dynamics ERP
ProductVersion: 1.0.0.0
FileDescription: Microsoft Dynamics ERP
Translation: 0x0804 0x04b0

PE数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000f560e 0x000f6000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.56
.rdata 0x000f7000 0x00090b04 0x00091000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.74
.data 0x00188000 0x0005392a 0x0001a000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.88
.rsrc 0x001dc000 0x00014b4c 0x00015000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.88

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TEXTINCLUDE 0x001dcbc0 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x001dcbc0 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x001dcbc0 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
RT_CURSOR 0x001dd0b0 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x001dd0b0 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x001dd0b0 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x001dd0b0 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_BITMAP 0x001de7b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001de7b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001de7b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001de7b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001de7b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001de7b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001de7b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001de7b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001de7b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001de7b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001de7b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001de7b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001de7b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001de7b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_ICON 0x001ded0c 0x0000fbc8 LANG_NEUTRAL SUBLANG_NEUTRAL 3.04 dBase IV DBT of \364.DBF, blocks size 0, block length 62464, next free block index 40, next free block 0, next used block 0
RT_ICON 0x001ded0c 0x0000fbc8 LANG_NEUTRAL SUBLANG_NEUTRAL 3.04 dBase IV DBT of \364.DBF, blocks size 0, block length 62464, next free block index 40, next free block 0, next used block 0
RT_ICON 0x001ded0c 0x0000fbc8 LANG_NEUTRAL SUBLANG_NEUTRAL 3.04 dBase IV DBT of \364.DBF, blocks size 0, block length 62464, next free block index 40, next free block 0, next used block 0
RT_MENU 0x001ee8e0 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_MENU 0x001ee8e0 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_DIALOG 0x001efb28 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x001efb28 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x001efb28 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x001efb28 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x001efb28 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x001efb28 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x001efb28 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x001efb28 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x001efb28 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x001efb28 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_STRING 0x001f0570 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001f0570 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001f0570 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001f0570 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001f0570 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001f0570 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001f0570 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001f0570 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001f0570 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001f0570 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001f0570 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_GROUP_CURSOR 0x001f05bc 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001f05bc 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001f05bc 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON 0x001f0608 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x001f0608 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x001f0608 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION 0x001f061c 0x00000274 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.48 data
RT_MANIFEST 0x001f0890 0x000002b9 LANG_NEUTRAL SUBLANG_NEUTRAL 5.02 XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库 WINMM.dll:
0x4f7698 - midiStreamOut
0x4f769c - midiOutPrepareHeader
0x4f76a0 - waveOutWrite
0x4f76a4 - waveOutPause
0x4f76a8 - waveOutReset
0x4f76ac - waveOutClose
0x4f76b0 - waveOutGetNumDevs
0x4f76b4 - waveOutOpen
0x4f76b8 - midiOutUnprepareHeader
0x4f76bc - midiStreamOpen
0x4f76c0 - midiStreamProperty
0x4f76c4 - midiStreamStop
0x4f76c8 - midiOutReset
0x4f76cc - midiStreamClose
0x4f76d0 - midiStreamRestart
0x4f76d4 - waveOutUnprepareHeader
0x4f76d8 - waveOutRestart
0x4f76dc - waveOutPrepareHeader
库 WS2_32.dll:
0x4f76f4 - WSACleanup
0x4f76f8 - inet_ntoa
0x4f76fc - closesocket
0x4f7700 - getpeername
0x4f7704 - accept
0x4f7708 - ntohl
0x4f770c - WSAAsyncSelect
0x4f7710 - recvfrom
0x4f7714 - ioctlsocket
0x4f7718 - recv
库 KERNEL32.dll:
0x4f71a0 - SetLastError
0x4f71a4 - GetTimeZoneInformation
0x4f71a8 - GetVersion
0x4f71ac - CreateMutexA
0x4f71b0 - ReleaseMutex
0x4f71b4 - SuspendThread
0x4f71b8 - FreeEnvironmentStringsA
0x4f71bc - UnhandledExceptionFilter
0x4f71c0 - HeapSize
0x4f71c4 - RaiseException
0x4f71c8 - GetLocalTime
0x4f71cc - GetSystemTime
0x4f71d0 - RtlUnwind
0x4f71d4 - GetStartupInfoA
0x4f71d8 - GetOEMCP
0x4f71dc - GetCPInfo
0x4f71e0 - GetProcessVersion
0x4f71e4 - SetErrorMode
0x4f71e8 - GlobalFlags
0x4f71ec - GetCurrentThread
0x4f71f0 - GetFileTime
0x4f71f4 - TlsGetValue
0x4f71f8 - LocalReAlloc
0x4f71fc - TlsSetValue
0x4f7200 - TlsFree
0x4f7204 - GlobalHandle
0x4f7208 - TlsAlloc
0x4f720c - LocalAlloc
0x4f7210 - lstrcmpA
0x4f7214 - GlobalGetAtomNameA
0x4f7218 - GlobalAddAtomA
0x4f721c - GlobalFindAtomA
0x4f7220 - GlobalDeleteAtom
0x4f7224 - lstrcmpiA
0x4f7228 - SetEndOfFile
0x4f722c - UnlockFile
0x4f7230 - LockFile
0x4f7234 - FlushFileBuffers
0x4f7238 - DuplicateHandle
0x4f723c - lstrcpynA
0x4f7240 - FileTimeToLocalFileTime
0x4f7244 - FileTimeToSystemTime
0x4f7248 - LocalFree
0x4f724c - InterlockedDecrement
0x4f7250 - InterlockedIncrement
0x4f7254 - OpenProcess
0x4f7258 - TerminateProcess
0x4f725c - GetFileSize
0x4f7260 - SetFilePointer
0x4f7264 - CreateToolhelp32Snapshot
0x4f7268 - Process32First
0x4f726c - Process32Next
0x4f7270 - GetCurrentProcess
0x4f7274 - GetWindowsDirectoryA
0x4f7278 - GetSystemDirectoryA
0x4f727c - TerminateThread
0x4f7280 - CreateSemaphoreA
0x4f7284 - ResumeThread
0x4f7288 - ReleaseSemaphore
0x4f728c - EnterCriticalSection
0x4f7290 - LeaveCriticalSection
0x4f7294 - GetProfileStringA
0x4f7298 - WriteFile
0x4f729c - WaitForMultipleObjects
0x4f72a0 - CreateFileA
0x4f72a4 - SetEvent
0x4f72a8 - FindResourceA
0x4f72ac - LoadResource
0x4f72b0 - LockResource
0x4f72b4 - ReadFile
0x4f72b8 - RemoveDirectoryA
0x4f72bc - GetModuleFileNameA
0x4f72c0 - WideCharToMultiByte
0x4f72c4 - MultiByteToWideChar
0x4f72c8 - GetCurrentThreadId
0x4f72cc - ExitProcess
0x4f72d0 - GlobalSize
0x4f72d4 - GlobalFree
0x4f72d8 - DeleteCriticalSection
0x4f72dc - InitializeCriticalSection
0x4f72e0 - lstrcatA
0x4f72e4 - lstrlenA
0x4f72e8 - InterlockedExchange
0x4f72ec - WinExec
0x4f72f0 - lstrcpyA
0x4f72f4 - FindNextFileA
0x4f72f8 - GlobalReAlloc
0x4f72fc - HeapFree
0x4f7300 - HeapReAlloc
0x4f7304 - GetProcessHeap
0x4f7308 - HeapAlloc
0x4f730c - GetFullPathNameA
0x4f7310 - FreeLibrary
0x4f7314 - LoadLibraryA
0x4f7318 - GetLastError
0x4f731c - GetVersionExA
0x4f7320 - WritePrivateProfileStringA
0x4f7324 - GetPrivateProfileStringA
0x4f7328 - CreateThread
0x4f732c - CreateEventA
0x4f7330 - Sleep
0x4f7334 - ExpandEnvironmentStringsA
0x4f7338 - GlobalAlloc
0x4f733c - GlobalLock
0x4f7340 - GlobalUnlock
0x4f7344 - GetTempPathA
0x4f7348 - FindFirstFileA
0x4f734c - FindClose
0x4f7350 - SetFileAttributesA
0x4f7354 - GetFileAttributesA
0x4f7358 - DeleteFileA
0x4f735c - GetCurrentDirectoryA
0x4f7360 - SetCurrentDirectoryA
0x4f7364 - GetVolumeInformationA
0x4f7368 - GetModuleHandleA
0x4f736c - GetProcAddress
0x4f7370 - MulDiv
0x4f7374 - GetCommandLineA
0x4f7378 - GetTickCount
0x4f737c - CreateProcessA
0x4f7380 - WaitForSingleObject
0x4f7384 - CloseHandle
0x4f7388 - FreeEnvironmentStringsW
0x4f738c - GetEnvironmentStrings
0x4f7390 - GetEnvironmentStringsW
0x4f7394 - SetHandleCount
0x4f7398 - GetStdHandle
0x4f739c - GetFileType
0x4f73a0 - GetEnvironmentVariableA
0x4f73a4 - HeapDestroy
0x4f73a8 - HeapCreate
0x4f73ac - VirtualFree
0x4f73b0 - SetEnvironmentVariableA
0x4f73b4 - LCMapStringA
0x4f73b8 - LCMapStringW
0x4f73bc - VirtualAlloc
0x4f73c0 - IsBadWritePtr
0x4f73c4 - SetUnhandledExceptionFilter
0x4f73c8 - GetStringTypeA
0x4f73cc - GetStringTypeW
0x4f73d0 - CompareStringA
0x4f73d4 - CompareStringW
0x4f73d8 - IsBadReadPtr
0x4f73dc - IsBadCodePtr
0x4f73e0 - SetStdHandle
0x4f73e4 - GetACP
库 USER32.dll:
0x4f7418 - GetMenu
0x4f741c - DeleteMenu
0x4f7420 - GetSystemMenu
0x4f7424 - DefWindowProcA
0x4f7428 - GetClassInfoA
0x4f742c - IsZoomed
0x4f7430 - SetMenu
0x4f7434 - PeekMessageA
0x4f7438 - GetSysColorBrush
0x4f743c - LoadStringA
0x4f7440 - ShowWindow
0x4f7444 - SystemParametersInfoA
0x4f7448 - LoadImageA
0x4f744c - EnumDisplaySettingsA
0x4f7450 - ClientToScreen
0x4f7454 - EnableMenuItem
0x4f7458 - GetSubMenu
0x4f745c - GetDlgCtrlID
0x4f7460 - CreateAcceleratorTableA
0x4f7464 - CreateMenu
0x4f7468 - ModifyMenuA
0x4f746c - AppendMenuA
0x4f7470 - CreatePopupMenu
0x4f7474 - DrawIconEx
0x4f7478 - CreateIconFromResource
0x4f747c - CreateIconFromResourceEx
0x4f7480 - RegisterClipboardFormatA
0x4f7484 - SetRectEmpty
0x4f7488 - DispatchMessageA
0x4f748c - GetMessageA
0x4f7490 - WindowFromPoint
0x4f7494 - DrawFocusRect
0x4f7498 - IsIconic
0x4f749c - SetFocus
0x4f74a0 - GetActiveWindow
0x4f74a4 - DrawEdge
0x4f74a8 - DestroyAcceleratorTable
0x4f74ac - SetWindowRgn
0x4f74b0 - GetMessagePos
0x4f74b4 - ScreenToClient
0x4f74b8 - ChildWindowFromPointEx
0x4f74bc - CopyRect
0x4f74c0 - LoadBitmapA
0x4f74c4 - WinHelpA
0x4f74c8 - KillTimer
0x4f74cc - SetTimer
0x4f74d0 - ReleaseCapture
0x4f74d4 - GetCapture
0x4f74d8 - SetCapture
0x4f74dc - GetScrollRange
0x4f74e0 - SetScrollRange
0x4f74e4 - GetMenuCheckMarkDimensions
0x4f74e8 - GetMenuState
0x4f74ec - SetMenuItemBitmaps
0x4f74f0 - CheckMenuItem
0x4f74f4 - PostQuitMessage
0x4f74f8 - SetScrollPos
0x4f74fc - SetRect
0x4f7500 - InflateRect
0x4f7504 - IntersectRect
0x4f7508 - DestroyIcon
0x4f750c - PtInRect
0x4f7510 - OffsetRect
0x4f7514 - IsWindowVisible
0x4f7518 - EnableWindow
0x4f751c - RedrawWindow
0x4f7520 - GetWindowLongA
0x4f7524 - SetWindowLongA
0x4f7528 - GetSysColor
0x4f752c - SetActiveWindow
0x4f7530 - SetCursorPos
0x4f7534 - LoadCursorA
0x4f7538 - SetCursor
0x4f753c - GetDC
0x4f7540 - FillRect
0x4f7544 - IsRectEmpty
0x4f7548 - ReleaseDC
0x4f754c - IsChild
0x4f7550 - DestroyMenu
0x4f7554 - SetForegroundWindow
0x4f7558 - GetWindowRect
0x4f755c - EqualRect
0x4f7560 - UpdateWindow
0x4f7564 - ValidateRect
0x4f7568 - InvalidateRect
0x4f756c - GetClientRect
0x4f7570 - GetFocus
0x4f7574 - GetParent
0x4f7578 - GetTopWindow
0x4f757c - PostMessageA
0x4f7580 - IsWindow
0x4f7584 - SetParent
0x4f7588 - DestroyCursor
0x4f758c - SendMessageA
0x4f7590 - SetWindowPos
0x4f7594 - MessageBoxA
0x4f7598 - GetCursorPos
0x4f759c - GetSystemMetrics
0x4f75a0 - EmptyClipboard
0x4f75a4 - SetClipboardData
0x4f75a8 - OpenClipboard
0x4f75ac - GetClipboardData
0x4f75b0 - CloseClipboard
0x4f75b4 - wsprintfA
0x4f75b8 - WaitForInputIdle
0x4f75bc - DrawFrameControl
0x4f75c0 - LoadIconA
0x4f75c4 - GetForegroundWindow
0x4f75c8 - GetDesktopWindow
0x4f75cc - GetClassNameA
0x4f75d0 - GetWindowThreadProcessId
0x4f75d4 - FindWindowA
0x4f75d8 - GetDlgItem
0x4f75dc - GetWindowTextA
0x4f75e0 - CallWindowProcA
0x4f75e4 - CreateWindowExA
0x4f75e8 - RegisterHotKey
0x4f75ec - UnregisterHotKey
0x4f75f0 - CopyAcceleratorTableA
0x4f75f4 - GetKeyState
0x4f75f8 - TranslateAcceleratorA
0x4f75fc - MoveWindow
0x4f7600 - IsWindowEnabled
0x4f7604 - GetWindow
0x4f7608 - UnregisterClassA
0x4f760c - TranslateMessage
0x4f7610 - GetWindowTextLengthA
0x4f7614 - CharUpperA
0x4f7618 - GetWindowDC
0x4f761c - BeginPaint
0x4f7620 - EndPaint
0x4f7624 - TabbedTextOutA
0x4f7628 - DrawTextA
0x4f762c - GrayStringA
0x4f7630 - DestroyWindow
0x4f7634 - CreateDialogIndirectParamA
0x4f7638 - EndDialog
0x4f763c - GetNextDlgTabItem
0x4f7640 - GetWindowPlacement
0x4f7644 - RegisterWindowMessageA
0x4f7648 - GetLastActivePopup
0x4f764c - GetMessageTime
0x4f7650 - RemovePropA
0x4f7654 - GetPropA
0x4f7658 - UnhookWindowsHookEx
0x4f765c - SetPropA
0x4f7660 - GetClassLongA
0x4f7664 - CallNextHookEx
0x4f7668 - SetWindowsHookExA
0x4f766c - GetMenuItemID
0x4f7670 - GetMenuItemCount
0x4f7674 - RegisterClassA
0x4f7678 - GetScrollPos
0x4f767c - AdjustWindowRectEx
0x4f7680 - MapWindowPoints
0x4f7684 - SendDlgItemMessageA
0x4f7688 - ScrollWindowEx
0x4f768c - IsDialogMessageA
0x4f7690 - SetWindowTextA
库 GDI32.dll:
0x4f704c - LineTo
0x4f7050 - MoveToEx
0x4f7054 - ExcludeClipRect
0x4f7058 - GetClipBox
0x4f705c - ScaleWindowExtEx
0x4f7060 - CreatePen
0x4f7064 - PatBlt
0x4f7068 - CombineRgn
0x4f706c - CreateRectRgn
0x4f7070 - FillRgn
0x4f7074 - CreateSolidBrush
0x4f7078 - GetStockObject
0x4f707c - CreateFontIndirectA
0x4f7080 - EndPage
0x4f7084 - EndDoc
0x4f7088 - DeleteDC
0x4f708c - StartDocA
0x4f7090 - StartPage
0x4f7094 - BitBlt
0x4f7098 - CreateCompatibleDC
0x4f709c - Ellipse
0x4f70a0 - Rectangle
0x4f70a4 - ExtSelectClipRgn
0x4f70a8 - DPtoLP
0x4f70ac - GetCurrentObject
0x4f70b0 - RoundRect
0x4f70b4 - GetTextExtentPoint32A
0x4f70b8 - GetDeviceCaps
0x4f70bc - SetStretchBltMode
0x4f70c0 - CreateRectRgnIndirect
0x4f70c4 - SetBkColor
0x4f70c8 - CreateFontA
0x4f70cc - TranslateCharsetInfo
0x4f70d0 - SetWindowExtEx
0x4f70d4 - SetWindowOrgEx
0x4f70d8 - ScaleViewportExtEx
0x4f70dc - SetViewportExtEx
0x4f70e0 - OffsetViewportOrgEx
0x4f70e4 - SetViewportOrgEx
0x4f70e8 - SetMapMode
0x4f70ec - SetTextColor
0x4f70f0 - SetROP2
0x4f70f4 - SetPolyFillMode
0x4f70f8 - SetBkMode
0x4f70fc - GetViewportExtEx
0x4f7100 - PtVisible
0x4f7104 - RectVisible
0x4f7108 - TextOutA
0x4f710c - ExtTextOutA
0x4f7110 - Escape
0x4f7114 - GetTextMetricsA
0x4f7118 - GetObjectA
0x4f711c - SelectObject
0x4f7120 - CreateBitmap
0x4f7124 - CreateDCA
0x4f7128 - CreateCompatibleBitmap
0x4f712c - GetPolyFillMode
0x4f7130 - GetStretchBltMode
0x4f7134 - GetROP2
0x4f7138 - GetBkColor
0x4f713c - GetBkMode
0x4f7140 - GetTextColor
0x4f7144 - RestoreDC
0x4f7148 - SaveDC
0x4f714c - CreateRoundRectRgn
0x4f7150 - CreateEllipticRgn
0x4f7154 - PathToRegion
0x4f7158 - EndPath
0x4f715c - BeginPath
0x4f7160 - GetWindowOrgEx
0x4f7164 - GetViewportOrgEx
0x4f7168 - GetWindowExtEx
0x4f716c - GetDIBits
0x4f7170 - RealizePalette
0x4f7174 - SelectPalette
0x4f7178 - StretchBlt
0x4f717c - CreatePalette
0x4f7180 - GetClipRgn
0x4f7184 - CreateDIBitmap
0x4f7188 - DeleteObject
0x4f718c - SelectClipRgn
0x4f7190 - LPtoDP
0x4f7194 - GetSystemPaletteEntries
0x4f7198 - CreatePolygonRgn
库 WINSPOOL.DRV:
0x4f76e4 - OpenPrinterA
0x4f76e8 - DocumentPropertiesA
0x4f76ec - ClosePrinter
库 ADVAPI32.dll:
0x4f7000 - RegQueryValueExA
0x4f7004 - RegOpenKeyExA
0x4f7008 - RegSetValueExA
0x4f700c - RegCreateKeyA
0x4f7010 - RegQueryValueA
0x4f7014 - RegCreateKeyExA
0x4f7018 - RegCloseKey
库 SHELL32.dll:
0x4f73fc - SHGetSpecialFolderPathA
0x4f7400 - DragQueryFileA
0x4f7404 - DragFinish
0x4f7408 - DragAcceptFiles
0x4f740c - ShellExecuteA
0x4f7410 - Shell_NotifyIconA
库 ole32.dll:
0x4f7734 - CLSIDFromString
0x4f7738 - OleUninitialize
0x4f773c - OleInitialize
库 OLEAUT32.dll:
0x4f73ec - LoadTypeLib
0x4f73f0 - RegisterTypeLib
0x4f73f4 - UnRegisterTypeLib
库 COMCTL32.dll:
0x4f7020 - ImageList_Add
0x4f7024 - ImageList_BeginDrag
0x4f7028 - ImageList_Create
0x4f702c - ImageList_Destroy
0x4f7030 - ImageList_DragEnter
0x4f7034 - ImageList_DragLeave
0x4f7038 - ImageList_DragMove
0x4f703c - ImageList_DragShowNolock
0x4f7040 - ImageList_EndDrag
0x4f7044 - None
库 comdlg32.dll:
0x4f7720 - ChooseColorA
0x4f7724 - GetFileTitleA
0x4f7728 - GetSaveFileNameA
0x4f772c - GetOpenFileNameA

投放文件

无信息

行为分析

互斥量(Mutexes) 无信息
执行的命令 无信息
创建的服务 无信息
启动的服务 无信息

进程

____________2.2.exe PID: 2748, 上一级进程 PID: 2412

访问的文件
  • C:\Windows\Globalization\Sorting\sortdefault.nls
  • C:\Users\test\AppData\Local\Temp\ws2_32.dll
  • C:\Users\test\AppData\Local\Temp\MSVCP140.dll
  • C:\Windows\System32\MSVCP140.dll
  • C:\Windows\system\MSVCP140.dll
  • C:\Windows\MSVCP140.dll
  • C:\ProgramData\Oracle\Java\javapath\MSVCP140.dll
  • C:\Windows\System32\wbem\MSVCP140.dll
  • C:\Windows\System32\WindowsPowerShell\v1.0\MSVCP140.dll
  • C:\Program Files (x86)\WinRAR\MSVCP140.dll
读取的文件
  • C:\Windows\Globalization\Sorting\sortdefault.nls
修改的文件 无信息
删除的文件 无信息
注册表键 无信息
读取的注册表键 无信息
修改的注册表键 无信息
删除的注册表键 无信息
API解析
  • kernel32.dll.IsProcessorFeaturePresent
  • cryptbase.dll.SystemFunction036
  • kernel32.dll.SortGetHandle
  • kernel32.dll.SortCloseHandle
  • ws2_32.dll.WSAStartup
  • kernel32.dll.VirtualProtect
  • kernel32.dll.LoadLibraryA
  • kernel32.dll.VirtualAlloc
  • kernel32.dll.VirtualFree
  • kernel32.dll.IsBadReadPtr
  • kernel32.dll.GetProcessHeap
  • kernel32.dll.FreeLibrary
  • kernel32.dll.HeapFree
  • kernel32.dll.HeapAlloc
  • kernel32.dll.HeapReAlloc
  • d3d11.dll.D3D11CreateDeviceAndSwapChain
  • d3dcompiler_43.dll.D3DCompile
  • imm32.dll.ImmGetContext
  • imm32.dll.ImmSetCompositionWindow
  • imm32.dll.ImmReleaseContext
  • kernel32.dll.GetCurrentProcess
  • kernel32.dll.TerminateProcess
  • kernel32.dll.GlobalAlloc
  • kernel32.dll.GlobalFree
  • kernel32.dll.GlobalLock
  • kernel32.dll.GlobalUnlock
  • kernel32.dll.QueryPerformanceFrequency
  • kernel32.dll.QueryPerformanceCounter
  • kernel32.dll.MultiByteToWideChar
  • kernel32.dll.Sleep
  • kernel32.dll.CreateThread
  • kernel32.dll.WideCharToMultiByte
  • kernel32.dll.EnterCriticalSection
  • kernel32.dll.LeaveCriticalSection
  • kernel32.dll.InitializeCriticalSectionAndSpinCount
  • kernel32.dll.DeleteCriticalSection
  • kernel32.dll.SetEvent
  • kernel32.dll.ResetEvent
  • kernel32.dll.WaitForSingleObjectEx
  • kernel32.dll.CreateEventW
  • kernel32.dll.GetModuleHandleW
  • kernel32.dll.GetProcAddress
  • kernel32.dll.IsDebuggerPresent
  • kernel32.dll.UnhandledExceptionFilter
  • kernel32.dll.SetUnhandledExceptionFilter
  • kernel32.dll.GetCurrentProcessId
  • kernel32.dll.GetCurrentThreadId
  • kernel32.dll.GetSystemTimeAsFileTime
  • kernel32.dll.DisableThreadLibraryCalls
  • kernel32.dll.InitializeSListHead
  • kernel32.dll.CloseHandle
  • user32.dll.SetWindowLongW
  • user32.dll.GetWindowInfo
  • user32.dll.DispatchMessageW
  • user32.dll.GetWindowTextA
  • user32.dll.SetWindowPos
  • user32.dll.DestroyWindow
  • user32.dll.DefWindowProcW
  • user32.dll.GetWindowLongW
  • user32.dll.MoveWindow
  • user32.dll.TranslateMessage
  • user32.dll.UnregisterClassA
  • user32.dll.PostQuitMessage
  • user32.dll.SetClipboardData
  • user32.dll.GetClipboardData
  • user32.dll.EmptyClipboard
  • user32.dll.CloseClipboard
  • user32.dll.OpenClipboard
  • user32.dll.GetCursorPos
  • user32.dll.SetCursorPos
  • user32.dll.PeekMessageW
  • user32.dll.ReleaseCapture
  • user32.dll.GetClientRect
  • user32.dll.SetCursor
  • user32.dll.GetKeyState
  • user32.dll.ScreenToClient
  • user32.dll.GetActiveWindow
  • user32.dll.GetCapture
  • user32.dll.ClientToScreen
  • user32.dll.LoadCursorW
  • user32.dll.SetCapture