魔盾安全分析报告

分析类型 开始时间 结束时间 持续时间 分析引擎版本
FILE 2020-11-30 11:56:01 2020-11-30 11:56:03 2 秒 1.4-Maldun
虚拟机机器名 标签 虚拟机管理 开机时间 关机时间
win7-sp1-x64-shaapp02-1 win7-sp1-x64-shaapp02-1 KVM 2020-11-30 11:56:02 2020-11-30 11:56:03
魔盾分数

10.0

Malicious

文件详细信息

文件名 Steam一键授权工具.exe
文件大小 901120 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 A8FA06A0
MD5 e07f5616dd0a367d7fa2a25213a50e38
SHA1 f11296f15350587363d012343f139fa0d18b6688
SHA256 73a226d69404704c52ed802d5c1ad6f47639a3a1faf4143860d9ba1b0c5e91be
SHA512 63c5107d63266469a3ffd202ee88a1a9862cda31bf9df58537d1cfc745554247cb7a0c627a8fa97ee0f72e334dbcedd794a9cf19527efdf4710e32fb56ed4bd7
Ssdeep 12288:wc2zmx2sg8HpkFZpQQBZgqPsJ9Xl5ak5uGD1OUMdzmQK4Z/eMXRCHAk:wrzmBg8JkvpQKZgSsJB6dyQKI/eIW
PEiD 无匹配
Yara
  • DebuggerCheck__QueryInfo ()
  • DebuggerTiming__Ticks (Detected timing ticks function)
  • win_mutex (Create or check mutex)
  • screenshot (Detected take screenshot function)
  • create_process (Detection function for creating a new process)
  • keylogger (Detected keylogger function)
  • win_registry (Detected system registries modification function)
  • change_win_registry (Change registries to affect system)
  • win_files_operation (Affect private profile)
  • win_hook (Detected hook table access function)
  • win_private_profile (Detected private profile access function)
  • Maldun_Anomoly_Combined_Activities_7 (Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files)
  • IsPE32 (Detected a 32bit PE sample)
  • IsWindowsGUI (Detected a Windows GUI sample)
  • HasRichSignature (Detected Rich Signature)
  • CRC32_poly_Constant (Look for CRC32 [poly])
  • CRC32_table (Look for CRC32 table)
  • MD5_Constants (Look for MD5 constants)
  • with_images (Detected the presence of an or several images)
VirusTotal VirusTotal链接
VirusTotal扫描时间: 2020-04-25 15:41:16
扫描结果: 34/73

特征

魔盾安全Yara规则检测结果 - 安全告警
Critical: Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files
文件已被至少一个VirusTotal上的反病毒引擎检测为病毒
Bkav: W32.AIDetectVM.malware
FireEye: Generic.mg.e07f5616dd0a367d
CAT-QuickHeal: Risktool.Flystudio.16885
Cylance: Unsafe
SUPERAntiSpyware: Trojan.Agent/Gen-OnlineGames
K7AntiVirus: Trojan ( 005246d51 )
Alibaba: Ransom:Win32/Wannaren.a63749a2
K7GW: Trojan ( 005246d51 )
Cybereason: malicious.153505
Invincea: heuristic
F-Prot: W32/Agent.EW.gen!Eldorado
Symantec: ML.Attribute.HighConfidence
TotalDefense: Win32/Oflwr.A!crypt
APEX: Malicious
ClamAV: Win.Malware.Zusy-6840460-0
GData: Win32.Application.PUPStudio.A
Rising: Malware.Heuristic!ET#98% (RDMK:cmRtazqiM759+vcVU04hUdbH+baS)
Comodo: Worm.Win32.Dropper.RA@1qraug
McAfee-GW-Edition: BehavesLike.Win32.Generic.ch
Trapmine: malicious.high.ml.score
Ikarus: PUA.Virbox
Cyren: W32/Agent.EW.gen!Eldorado
Antiy-AVL: GrayWare/Win32.FlyStudio.a
Microsoft: Trojan:Win32/Wacatac.D!ml
Endgame: malicious (high confidence)
Acronis: suspicious
BitDefenderTheta: Gen:NN.ZexaF.34106.3q0@aiNUNgdb
ESET-NOD32: a variant of Win32/Packed.FlyStudio.AA potentially unwanted
SentinelOne: DFI - Malicious PE
eGambit: Unsafe.AI_Score_99%
Fortinet: W32/QQWare.A!tr
MaxSecure: Trojan.Malware.300983.susgen
CrowdStrike: win/malicious_confidence_100% (D)
Qihoo-360: Generic/HEUR/QVM07.1.AD05.Malware.Gen

运行截图

无运行截图

网络分析

无信息

静态分析

PE 信息

初始地址 0x00400000
入口地址 0x0047e05a
声明校验值 0x00000000
实际校验值 0x000e5513
最低操作系统版本要求 4.0
编译时间 2020-04-19 00:07:27
载入哈希 7d26f94f3de14a5ee881a0308abfd577

版本信息

LegalCopyright: \u4ec5\u4f9b\u5b66\u4e60\u4f7f\u7528\uff0c\u8bf7\u52ff\u7528\u4e8e\u975e\u6cd5\u9014\u5f84\uff0c\u5426\u8005\u540e\u679c\u81ea\u8d1f\u3002
FileVersion: 1.0.0.0
Comments: \u672c\u7a0b\u5e8f\u4f7f\u7528\u6613\u8bed\u8a00\u7f16\u5199(http://www.eyuyan.com)
ProductName: Steam\u4e00\u952e\u6388\u6743\u5de5\u5177
ProductVersion: 1.0.0.0
FileDescription: \u4ec5\u4f9b\u5b66\u4e60\u4f7f\u7528\uff0c\u8bf7\u52ff\u7528\u4e8e\u975e\u6cd5\u9014\u5f84\uff0c\u5426\u8005\u540e\u679c\u81ea\u8d1f\u3002
Translation: 0x0804 0x04b0

PE数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0009d4b6 0x0009e000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.58
.rdata 0x0009f000 0x0001af8e 0x0001b000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.73
.data 0x000ba000 0x0005942a 0x00018000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.98
.rsrc 0x00114000 0x00009290 0x0000a000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.20

导入

库 WINMM.dll:
0x49f658 - midiStreamOut
0x49f65c - midiOutPrepareHeader
0x49f660 - waveOutUnprepareHeader
0x49f664 - waveOutPrepareHeader
0x49f668 - waveOutWrite
0x49f66c - waveOutPause
0x49f670 - waveOutReset
0x49f674 - waveOutClose
0x49f678 - waveOutGetNumDevs
0x49f67c - waveOutOpen
0x49f680 - midiOutUnprepareHeader
0x49f684 - midiStreamStop
0x49f688 - midiOutReset
0x49f68c - midiStreamClose
0x49f690 - midiStreamRestart
0x49f694 - waveOutRestart
0x49f698 - midiStreamOpen
0x49f69c - midiStreamProperty
库 WS2_32.dll:
0x49f6b4 - WSAAsyncSelect
0x49f6b8 - closesocket
0x49f6bc - WSACleanup
0x49f6c0 - inet_ntoa
0x49f6c4 - ntohl
0x49f6c8 - recvfrom
0x49f6cc - ioctlsocket
0x49f6d0 - recv
0x49f6d4 - accept
0x49f6d8 - getpeername
库 KERNEL32.dll:
0x49f174 - SetLastError
0x49f178 - GetTimeZoneInformation
0x49f17c - GetVersion
0x49f180 - TerminateThread
0x49f184 - CreateMutexA
0x49f188 - ReleaseMutex
0x49f18c - SuspendThread
0x49f190 - GetACP
0x49f194 - HeapSize
0x49f198 - RaiseException
0x49f19c - GetLocalTime
0x49f1a0 - GetSystemTime
0x49f1a4 - RtlUnwind
0x49f1a8 - GetStartupInfoA
0x49f1ac - GetOEMCP
0x49f1b0 - GetCPInfo
0x49f1b4 - GetProcessVersion
0x49f1b8 - SetErrorMode
0x49f1bc - GlobalFlags
0x49f1c0 - GetCurrentThread
0x49f1c4 - GetFileTime
0x49f1c8 - TlsGetValue
0x49f1cc - LocalReAlloc
0x49f1d0 - TlsSetValue
0x49f1d4 - TlsFree
0x49f1d8 - GlobalHandle
0x49f1dc - TlsAlloc
0x49f1e0 - LocalAlloc
0x49f1e4 - lstrcmpA
0x49f1e8 - GlobalGetAtomNameA
0x49f1ec - GlobalAddAtomA
0x49f1f0 - GlobalFindAtomA
0x49f1f4 - GlobalDeleteAtom
0x49f1f8 - lstrcmpiA
0x49f1fc - SetEndOfFile
0x49f200 - UnlockFile
0x49f204 - LockFile
0x49f208 - FlushFileBuffers
0x49f20c - DuplicateHandle
0x49f210 - lstrcpynA
0x49f214 - FileTimeToLocalFileTime
0x49f218 - FileTimeToSystemTime
0x49f21c - LocalFree
0x49f220 - InterlockedDecrement
0x49f224 - InterlockedIncrement
0x49f228 - OpenProcess
0x49f22c - TerminateProcess
0x49f230 - GetFileSize
0x49f234 - SetFilePointer
0x49f238 - CreateToolhelp32Snapshot
0x49f23c - Process32First
0x49f240 - Process32Next
0x49f244 - WideCharToMultiByte
0x49f248 - MultiByteToWideChar
0x49f24c - GetCurrentProcess
0x49f250 - GetWindowsDirectoryA
0x49f254 - GetSystemDirectoryA
0x49f258 - CreateSemaphoreA
0x49f25c - ResumeThread
0x49f260 - ReleaseSemaphore
0x49f264 - EnterCriticalSection
0x49f268 - LeaveCriticalSection
0x49f26c - GetProfileStringA
0x49f270 - WriteFile
0x49f274 - WaitForMultipleObjects
0x49f278 - CreateFileA
0x49f27c - SetEvent
0x49f280 - FindResourceA
0x49f284 - LoadResource
0x49f288 - LockResource
0x49f28c - ReadFile
0x49f290 - GetModuleFileNameA
0x49f294 - GetCurrentThreadId
0x49f298 - ExitProcess
0x49f29c - GlobalSize
0x49f2a0 - GlobalFree
0x49f2a4 - DeleteCriticalSection
0x49f2a8 - InitializeCriticalSection
0x49f2ac - lstrcatA
0x49f2b0 - lstrlenA
0x49f2b4 - WinExec
0x49f2b8 - InterlockedExchange
0x49f2bc - lstrcpyA
0x49f2c0 - FindNextFileA
0x49f2c4 - GlobalReAlloc
0x49f2c8 - HeapFree
0x49f2cc - HeapReAlloc
0x49f2d0 - GetProcessHeap
0x49f2d4 - HeapAlloc
0x49f2d8 - GetFullPathNameA
0x49f2dc - FreeLibrary
0x49f2e0 - LoadLibraryA
0x49f2e4 - GetLastError
0x49f2e8 - GetVersionExA
0x49f2ec - WritePrivateProfileStringA
0x49f2f0 - CreateThread
0x49f2f4 - CreateEventA
0x49f2f8 - Sleep
0x49f2fc - ExpandEnvironmentStringsA
0x49f300 - GlobalAlloc
0x49f304 - GlobalLock
0x49f308 - GlobalUnlock
0x49f30c - GetTempPathA
0x49f310 - FindFirstFileA
0x49f314 - FindClose
0x49f318 - SetFileAttributesA
0x49f31c - GetFileAttributesA
0x49f320 - DeleteFileA
0x49f324 - SetCurrentDirectoryA
0x49f328 - GetVolumeInformationA
0x49f32c - GetModuleHandleA
0x49f330 - GetProcAddress
0x49f334 - MulDiv
0x49f338 - GetCommandLineA
0x49f33c - GetTickCount
0x49f340 - CreateProcessA
0x49f344 - WaitForSingleObject
0x49f348 - CloseHandle
0x49f34c - UnhandledExceptionFilter
0x49f350 - FreeEnvironmentStringsA
0x49f354 - FreeEnvironmentStringsW
0x49f358 - GetEnvironmentStrings
0x49f35c - GetEnvironmentStringsW
0x49f360 - SetHandleCount
0x49f364 - GetStdHandle
0x49f368 - GetFileType
0x49f36c - GetEnvironmentVariableA
0x49f370 - HeapDestroy
0x49f374 - HeapCreate
0x49f378 - VirtualFree
0x49f37c - SetEnvironmentVariableA
0x49f380 - LCMapStringA
0x49f384 - LCMapStringW
0x49f388 - VirtualAlloc
0x49f38c - IsBadWritePtr
0x49f390 - SetUnhandledExceptionFilter
0x49f394 - GetStringTypeA
0x49f398 - GetStringTypeW
0x49f39c - CompareStringA
0x49f3a0 - CompareStringW
0x49f3a4 - IsBadReadPtr
0x49f3a8 - IsBadCodePtr
0x49f3ac - SetStdHandle
库 USER32.dll:
0x49f3e0 - GetMenu
0x49f3e4 - SetMenu
0x49f3e8 - PeekMessageA
0x49f3ec - IsIconic
0x49f3f0 - SetFocus
0x49f3f4 - GetActiveWindow
0x49f3f8 - GetWindow
0x49f3fc - DestroyAcceleratorTable
0x49f400 - SetWindowRgn
0x49f404 - DeleteMenu
0x49f408 - GetSystemMenu
0x49f40c - DefWindowProcA
0x49f410 - GetClassInfoA
0x49f414 - IsZoomed
0x49f418 - PostQuitMessage
0x49f41c - CopyAcceleratorTableA
0x49f420 - GetKeyState
0x49f424 - TranslateAcceleratorA
0x49f428 - IsWindowEnabled
0x49f42c - ShowWindow
0x49f430 - SystemParametersInfoA
0x49f434 - LoadImageA
0x49f438 - EnumDisplaySettingsA
0x49f43c - ClientToScreen
0x49f440 - EnableMenuItem
0x49f444 - GetSubMenu
0x49f448 - GetDlgCtrlID
0x49f44c - CreateAcceleratorTableA
0x49f450 - CreateMenu
0x49f454 - ModifyMenuA
0x49f458 - AppendMenuA
0x49f45c - GetMessagePos
0x49f460 - ScreenToClient
0x49f464 - CreatePopupMenu
0x49f468 - CopyRect
0x49f46c - LoadBitmapA
0x49f470 - WinHelpA
0x49f474 - KillTimer
0x49f478 - SetTimer
0x49f47c - ReleaseCapture
0x49f480 - GetCapture
0x49f484 - SetCapture
0x49f488 - GetScrollRange
0x49f48c - SetScrollRange
0x49f490 - SetScrollPos
0x49f494 - SetRect
0x49f498 - InflateRect
0x49f49c - IntersectRect
0x49f4a0 - DestroyIcon
0x49f4a4 - PtInRect
0x49f4a8 - OffsetRect
0x49f4ac - GetSysColorBrush
0x49f4b0 - IsWindowVisible
0x49f4b4 - EnableWindow
0x49f4b8 - RedrawWindow
0x49f4bc - GetWindowLongA
0x49f4c0 - SetWindowLongA
0x49f4c4 - GetSysColor
0x49f4c8 - SetActiveWindow
0x49f4cc - SetCursorPos
0x49f4d0 - LoadCursorA
0x49f4d4 - SetCursor
0x49f4d8 - GetDC
0x49f4dc - FillRect
0x49f4e0 - IsRectEmpty
0x49f4e4 - ReleaseDC
0x49f4e8 - IsChild
0x49f4ec - DestroyMenu
0x49f4f0 - SetForegroundWindow
0x49f4f4 - GetWindowRect
0x49f4f8 - EqualRect
0x49f4fc - UpdateWindow
0x49f500 - ValidateRect
0x49f504 - InvalidateRect
0x49f508 - GetClientRect
0x49f50c - GetFocus
0x49f510 - GetParent
0x49f514 - GetTopWindow
0x49f518 - PostMessageA
0x49f51c - IsWindow
0x49f520 - SetParent
0x49f524 - DestroyCursor
0x49f528 - SendMessageA
0x49f52c - SetWindowPos
0x49f530 - MessageBoxA
0x49f534 - GetCursorPos
0x49f538 - GetSystemMetrics
0x49f53c - EmptyClipboard
0x49f540 - SetClipboardData
0x49f544 - OpenClipboard
0x49f548 - GetClipboardData
0x49f54c - CloseClipboard
0x49f550 - wsprintfA
0x49f554 - WaitForInputIdle
0x49f558 - DrawIconEx
0x49f55c - CreateIconFromResource
0x49f560 - CreateIconFromResourceEx
0x49f564 - SetRectEmpty
0x49f568 - DispatchMessageA
0x49f56c - GetMessageA
0x49f570 - WindowFromPoint
0x49f574 - DrawFocusRect
0x49f578 - DrawEdge
0x49f57c - DrawFrameControl
0x49f580 - TranslateMessage
0x49f584 - LoadIconA
0x49f588 - GetForegroundWindow
0x49f58c - GetDesktopWindow
0x49f590 - GetClassNameA
0x49f594 - GetWindowThreadProcessId
0x49f598 - FindWindowA
0x49f59c - GetDlgItem
0x49f5a0 - GetWindowTextA
0x49f5a4 - ChildWindowFromPointEx
0x49f5a8 - UnregisterClassA
0x49f5ac - RegisterClipboardFormatA
0x49f5b0 - GetWindowTextLengthA
0x49f5b4 - CharUpperA
0x49f5b8 - GetWindowDC
0x49f5bc - BeginPaint
0x49f5c0 - EndPaint
0x49f5c4 - TabbedTextOutA
0x49f5c8 - DrawTextA
0x49f5cc - GrayStringA
0x49f5d0 - DestroyWindow
0x49f5d4 - CreateDialogIndirectParamA
0x49f5d8 - EndDialog
0x49f5dc - GetNextDlgTabItem
0x49f5e0 - GetWindowPlacement
0x49f5e4 - RegisterWindowMessageA
0x49f5e8 - GetLastActivePopup
0x49f5ec - GetMessageTime
0x49f5f0 - RemovePropA
0x49f5f4 - CallWindowProcA
0x49f5f8 - GetPropA
0x49f5fc - UnhookWindowsHookEx
0x49f600 - SetPropA
0x49f604 - GetClassLongA
0x49f608 - CallNextHookEx
0x49f60c - SetWindowsHookExA
0x49f610 - CreateWindowExA
0x49f614 - GetMenuItemID
0x49f618 - GetMenuItemCount
0x49f61c - RegisterClassA
0x49f620 - GetScrollPos
0x49f624 - AdjustWindowRectEx
0x49f628 - MapWindowPoints
0x49f62c - SendDlgItemMessageA
0x49f630 - ScrollWindowEx
0x49f634 - IsDialogMessageA
0x49f638 - SetWindowTextA
0x49f63c - MoveWindow
0x49f640 - CheckMenuItem
0x49f644 - SetMenuItemBitmaps
0x49f648 - GetMenuState
0x49f64c - GetMenuCheckMarkDimensions
0x49f650 - LoadStringA
库 GDI32.dll:
0x49f028 - PtVisible
0x49f02c - GetViewportExtEx
0x49f030 - ExtSelectClipRgn
0x49f034 - CreateSolidBrush
0x49f038 - GetStockObject
0x49f03c - CreateFontIndirectA
0x49f040 - EndPage
0x49f044 - EndDoc
0x49f048 - DeleteDC
0x49f04c - StartDocA
0x49f050 - StartPage
0x49f054 - BitBlt
0x49f058 - CreateCompatibleDC
0x49f05c - Ellipse
0x49f060 - Rectangle
0x49f064 - LPtoDP
0x49f068 - DPtoLP
0x49f06c - GetCurrentObject
0x49f070 - RectVisible
0x49f074 - GetTextExtentPoint32A
0x49f078 - GetDeviceCaps
0x49f07c - CreateRectRgnIndirect
0x49f080 - SetBkColor
0x49f084 - LineTo
0x49f088 - MoveToEx
0x49f08c - ExcludeClipRect
0x49f090 - GetClipBox
0x49f094 - ScaleWindowExtEx
0x49f098 - SetWindowExtEx
0x49f09c - SetWindowOrgEx
0x49f0a0 - TextOutA
0x49f0a4 - ExtTextOutA
0x49f0a8 - Escape
0x49f0ac - GetTextMetricsA
0x49f0b0 - FillRgn
0x49f0b4 - CreateRectRgn
0x49f0b8 - CombineRgn
0x49f0bc - PatBlt
0x49f0c0 - CreatePen
0x49f0c4 - GetObjectA
0x49f0c8 - SelectObject
0x49f0cc - CreateBitmap
0x49f0d0 - CreateDCA
0x49f0d4 - CreateCompatibleBitmap
0x49f0d8 - GetPolyFillMode
0x49f0dc - GetStretchBltMode
0x49f0e0 - GetROP2
0x49f0e4 - GetBkColor
0x49f0e8 - GetBkMode
0x49f0ec - GetTextColor
0x49f0f0 - CreateRoundRectRgn
0x49f0f4 - CreateEllipticRgn
0x49f0f8 - PathToRegion
0x49f0fc - EndPath
0x49f100 - ScaleViewportExtEx
0x49f104 - SetViewportExtEx
0x49f108 - OffsetViewportOrgEx
0x49f10c - SetViewportOrgEx
0x49f110 - SetMapMode
0x49f114 - SetTextColor
0x49f118 - SetROP2
0x49f11c - SetPolyFillMode
0x49f120 - BeginPath
0x49f124 - GetWindowOrgEx
0x49f128 - GetViewportOrgEx
0x49f12c - GetWindowExtEx
0x49f130 - GetDIBits
0x49f134 - RealizePalette
0x49f138 - SelectPalette
0x49f13c - StretchBlt
0x49f140 - CreatePalette
0x49f144 - GetSystemPaletteEntries
0x49f148 - DeleteObject
0x49f14c - SelectClipRgn
0x49f150 - CreatePolygonRgn
0x49f154 - GetClipRgn
0x49f158 - RoundRect
0x49f15c - CreateDIBitmap
0x49f160 - SetBkMode
0x49f164 - RestoreDC
0x49f168 - SaveDC
0x49f16c - SetStretchBltMode
库 WINSPOOL.DRV:
0x49f6a4 - OpenPrinterA
0x49f6a8 - DocumentPropertiesA
0x49f6ac - ClosePrinter
库 ADVAPI32.dll:
0x49f000 - RegQueryValueExA
0x49f004 - RegOpenKeyExA
0x49f008 - RegSetValueExA
0x49f00c - RegQueryValueA
0x49f010 - RegCreateKeyExA
0x49f014 - RegCloseKey
库 SHELL32.dll:
0x49f3c4 - SHGetSpecialFolderPathA
0x49f3c8 - ShellExecuteA
0x49f3cc - Shell_NotifyIconA
0x49f3d0 - SHGetMalloc
0x49f3d4 - SHGetPathFromIDListA
0x49f3d8 - SHBrowseForFolderA
库 ole32.dll:
0x49f6f4 - CLSIDFromString
0x49f6f8 - OleUninitialize
0x49f6fc - OleInitialize
库 OLEAUT32.dll:
0x49f3b4 - LoadTypeLib
0x49f3b8 - RegisterTypeLib
0x49f3bc - UnRegisterTypeLib
库 COMCTL32.dll:
0x49f01c - None
0x49f020 - ImageList_Destroy
库 comdlg32.dll:
0x49f6e0 - ChooseColorA
0x49f6e4 - GetFileTitleA
0x49f6e8 - GetSaveFileNameA
0x49f6ec - GetOpenFileNameA

投放文件

无信息

行为分析

互斥量(Mutexes) 无信息
执行的命令 无信息
创建的服务 无信息
启动的服务 无信息

进程

无信息
访问的文件 无信息
读取的文件 无信息
修改的文件 无信息
删除的文件 无信息
注册表键 无信息
读取的注册表键 无信息
修改的注册表键 无信息
删除的注册表键 无信息
API解析 无信息