魔盾安全分析报告

分析类型 开始时间 结束时间 持续时间 分析引擎版本
FILE 2021-04-09 00:54:06 2021-04-09 00:54:09 3 秒 1.4-Maldun
虚拟机机器名 标签 虚拟机管理 开机时间 关机时间
win7-sp1-x64-shaapp02-1 win7-sp1-x64-shaapp02-1 KVM 2021-04-09 00:54:08 2021-04-09 00:54:09
魔盾分数

1.4

正常的

文件详细信息

文件名 006.png
文件大小 909312 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
CRC32 24799163
MD5 c54da8e26a594d2de734440280f7f06e
SHA1 38ee44449168320f307f0a1a96fe5873ef73a8a4
SHA256 3d0cd13cec7f14c8ab6ff76045ae85a0d2216db881a391bc6a821ebab550392b
SHA512 218a0b023d40990f950eb2df4ef243fe15994cdc06a30ccaf3e5bf42cb7adde1491c6d1bb8ade83da95238aa0d000dc0bd7c478fba1864a341aad3bb34b1883c
Ssdeep 12288:iGtIiiO4g3ZtV6UFdgyinw95V63Uq9DAhTap01PyiK+AY:iEiOF33V6oe7wo9nC9HK+AY
PEiD 无匹配
Yara
  • DebuggerTiming__Ticks (Detected timing ticks function)
  • win_mutex (Create or check mutex)
  • screenshot (Detected take screenshot function)
  • create_process (Detection function for creating a new process)
  • keylogger (Detected keylogger function)
  • win_registry (Detected system registries modification function)
  • change_win_registry (Change registries to affect system)
  • win_files_operation (Affect private profile)
  • win_hook (Detected hook table access function)
  • win_private_profile (Detected private profile access function)
  • Maldun_Anomoly_Combined_Activities_7 (Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files)
  • IsPE32 (Detected a 32bit PE sample)
  • IsDLL (Detect a DLL sample)
  • IsWindowsGUI (Detected a Windows GUI sample)
  • HasRichSignature (Detected Rich Signature)
  • CRC32_poly_Constant (Look for CRC32 [poly])
  • CRC32_table (Look for CRC32 table)
  • MD5_Constants (Look for MD5 constants)
  • with_images (Detected the presence of an or several images)
  • Armadillov1xxv2xx ()
VirusTotal VirusTotal查询失败

特征

魔盾安全Yara规则检测结果 - 安全告警
Critical: Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files

运行截图

无运行截图

网络分析

无信息

静态分析

PE 信息

初始地址 0x10000000
入口地址 0x10075624
声明校验值 0x00000000
实际校验值 0x000e983c
最低操作系统版本要求 4.0
编译时间 2021-04-09 00:51:29
载入哈希 f33096a4aa7e420f1d96f07e8f7fc814
导出DLL库名称 \x34\x34\x35\x34\x31\x31\x31

PE数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00093da2 0x00094000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.64
.rdata 0x00095000 0x000140c0 0x00015000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.66
.data 0x000aa000 0x0005048e 0x00018000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.08
.rsrc 0x000fb000 0x00005758 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.26
.reloc 0x00101000 0x00015d06 0x00016000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 3.63

导入

库 WINMM.dll:
0x10095600 - waveOutRestart
0x10095604 - midiStreamRestart
0x10095608 - waveOutUnprepareHeader
0x1009560c - waveOutPrepareHeader
0x10095610 - waveOutWrite
0x10095614 - waveOutPause
0x10095618 - waveOutReset
0x1009561c - midiStreamClose
0x10095620 - midiOutReset
0x10095624 - midiStreamStop
0x10095628 - midiStreamOut
0x1009562c - midiOutPrepareHeader
0x10095630 - midiStreamProperty
0x10095634 - midiStreamOpen
0x10095638 - midiOutUnprepareHeader
0x1009563c - waveOutOpen
0x10095640 - waveOutClose
0x10095644 - waveOutGetNumDevs
库 WS2_32.dll:
0x1009565c - inet_ntoa
0x10095660 - WSACleanup
0x10095664 - closesocket
0x10095668 - WSAAsyncSelect
0x1009566c - ioctlsocket
0x10095670 - recv
0x10095674 - recvfrom
0x10095678 - getpeername
0x1009567c - accept
0x10095680 - ntohl
库 KERNEL32.dll:
0x10095170 - TerminateProcess
0x10095174 - SetLastError
0x10095178 - GetTimeZoneInformation
0x1009517c - GetVersion
0x10095180 - CreateMutexA
0x10095184 - ReleaseMutex
0x10095188 - SuspendThread
0x1009518c - GetCurrentProcess
0x10095190 - GetFileSize
0x10095194 - SetFilePointer
0x10095198 - TerminateThread
0x1009519c - CreateSemaphoreA
0x100951a0 - InterlockedExchange
0x100951a4 - SetStdHandle
0x100951a8 - IsBadCodePtr
0x100951ac - IsBadReadPtr
0x100951b0 - CompareStringW
0x100951b4 - CompareStringA
0x100951b8 - GetStringTypeW
0x100951bc - GetStringTypeA
0x100951c0 - ResumeThread
0x100951c4 - IsBadWritePtr
0x100951c8 - VirtualAlloc
0x100951cc - LCMapStringW
0x100951d0 - LCMapStringA
0x100951d4 - SetEnvironmentVariableA
0x100951d8 - VirtualFree
0x100951dc - HeapCreate
0x100951e0 - HeapDestroy
0x100951e4 - GetEnvironmentVariableA
0x100951e8 - GetEnvironmentStringsW
0x100951ec - GetEnvironmentStrings
0x100951f0 - FreeEnvironmentStringsW
0x100951f4 - FreeEnvironmentStringsA
0x100951f8 - GetStartupInfoA
0x100951fc - GetFileType
0x10095200 - GetStdHandle
0x10095204 - SetHandleCount
0x10095208 - GetACP
0x1009520c - HeapSize
0x10095210 - RaiseException
0x10095214 - GetLocalTime
0x10095218 - GetSystemTime
0x1009521c - RtlUnwind
0x10095220 - GetOEMCP
0x10095224 - GetCPInfo
0x10095228 - GetProcessVersion
0x1009522c - SetErrorMode
0x10095230 - GlobalFlags
0x10095234 - GetCurrentThread
0x10095238 - GetFileTime
0x1009523c - TlsGetValue
0x10095240 - LocalReAlloc
0x10095244 - TlsSetValue
0x10095248 - TlsFree
0x1009524c - GlobalHandle
0x10095250 - TlsAlloc
0x10095254 - LocalAlloc
0x10095258 - lstrcmpA
0x1009525c - GlobalGetAtomNameA
0x10095260 - GlobalAddAtomA
0x10095264 - GlobalFindAtomA
0x10095268 - GlobalDeleteAtom
0x1009526c - lstrcmpiA
0x10095270 - SetEndOfFile
0x10095274 - UnlockFile
0x10095278 - LockFile
0x1009527c - FlushFileBuffers
0x10095280 - DuplicateHandle
0x10095284 - lstrcpynA
0x10095288 - FileTimeToLocalFileTime
0x1009528c - FileTimeToSystemTime
0x10095290 - LocalFree
0x10095294 - InterlockedDecrement
0x10095298 - InterlockedIncrement
0x1009529c - ReleaseSemaphore
0x100952a0 - EnterCriticalSection
0x100952a4 - LeaveCriticalSection
0x100952a8 - GetProfileStringA
0x100952ac - WriteFile
0x100952b0 - SetUnhandledExceptionFilter
0x100952b4 - CloseHandle
0x100952b8 - WaitForSingleObject
0x100952bc - GetTickCount
0x100952c0 - GetCommandLineA
0x100952c4 - MulDiv
0x100952c8 - GetProcAddress
0x100952cc - GetModuleHandleA
0x100952d0 - GetVolumeInformationA
0x100952d4 - SetCurrentDirectoryA
0x100952d8 - GetFileAttributesA
0x100952dc - FindClose
0x100952e0 - FindFirstFileA
0x100952e4 - WaitForMultipleObjects
0x100952e8 - CreateFileA
0x100952ec - SetEvent
0x100952f0 - FindResourceA
0x100952f4 - LoadResource
0x100952f8 - LockResource
0x100952fc - ReadFile
0x10095300 - GetModuleFileNameA
0x10095304 - WideCharToMultiByte
0x10095308 - MultiByteToWideChar
0x1009530c - GetCurrentThreadId
0x10095310 - ExitProcess
0x10095314 - GlobalSize
0x10095318 - GlobalFree
0x1009531c - DeleteCriticalSection
0x10095320 - InitializeCriticalSection
0x10095324 - lstrcatA
0x10095328 - lstrlenA
0x1009532c - WinExec
0x10095330 - lstrcpyA
0x10095334 - FindNextFileA
0x10095338 - GlobalReAlloc
0x1009533c - HeapFree
0x10095340 - HeapReAlloc
0x10095344 - GetProcessHeap
0x10095348 - HeapAlloc
0x1009534c - GetFullPathNameA
0x10095350 - FreeLibrary
0x10095354 - LoadLibraryA
0x10095358 - GetLastError
0x1009535c - GetVersionExA
0x10095360 - WritePrivateProfileStringA
0x10095364 - CreateThread
0x10095368 - CreateEventA
0x1009536c - Sleep
0x10095370 - GlobalAlloc
0x10095374 - GlobalLock
0x10095378 - GlobalUnlock
库 USER32.dll:
0x1009539c - GetSysColorBrush
0x100953a0 - EmptyClipboard
0x100953a4 - SetClipboardData
0x100953a8 - OpenClipboard
0x100953ac - GetClipboardData
0x100953b0 - CloseClipboard
0x100953b4 - wsprintfA
0x100953b8 - GetForegroundWindow
0x100953bc - GetWindowTextA
0x100953c0 - GetDlgItem
0x100953c4 - GetClassNameA
0x100953c8 - GetDesktopWindow
0x100953cc - LoadIconA
0x100953d0 - TranslateMessage
0x100953d4 - DrawFrameControl
0x100953d8 - DrawEdge
0x100953dc - DrawFocusRect
0x100953e0 - WindowFromPoint
0x100953e4 - GetMessageA
0x100953e8 - DispatchMessageA
0x100953ec - SetRectEmpty
0x100953f0 - RegisterClipboardFormatA
0x100953f4 - CreateIconFromResourceEx
0x100953f8 - CreateIconFromResource
0x100953fc - DrawIconEx
0x10095400 - CreatePopupMenu
0x10095404 - AppendMenuA
0x10095408 - ModifyMenuA
0x1009540c - CreateMenu
0x10095410 - CreateAcceleratorTableA
0x10095414 - GetDlgCtrlID
0x10095418 - LoadStringA
0x1009541c - UnregisterClassA
0x10095420 - GetMenuCheckMarkDimensions
0x10095424 - GetMenuState
0x10095428 - SetMenuItemBitmaps
0x1009542c - GetSubMenu
0x10095430 - EnableMenuItem
0x10095434 - ClientToScreen
0x10095438 - EnumDisplaySettingsA
0x1009543c - LoadImageA
0x10095440 - SystemParametersInfoA
0x10095444 - ShowWindow
0x10095448 - IsWindowEnabled
0x1009544c - TranslateAcceleratorA
0x10095450 - GetKeyState
0x10095454 - CopyAcceleratorTableA
0x10095458 - PostQuitMessage
0x1009545c - IsZoomed
0x10095460 - GetClassInfoA
0x10095464 - DefWindowProcA
0x10095468 - GetMenu
0x1009546c - SetMenu
0x10095470 - PeekMessageA
0x10095474 - IsIconic
0x10095478 - SetFocus
0x1009547c - GetActiveWindow
0x10095480 - GetWindow
0x10095484 - DestroyAcceleratorTable
0x10095488 - SetWindowRgn
0x1009548c - GetMessagePos
0x10095490 - ScreenToClient
0x10095494 - ChildWindowFromPointEx
0x10095498 - CopyRect
0x1009549c - LoadBitmapA
0x100954a0 - WinHelpA
0x100954a4 - KillTimer
0x100954a8 - SetTimer
0x100954ac - ReleaseCapture
0x100954b0 - GetCapture
0x100954b4 - SetCapture
0x100954b8 - GetScrollRange
0x100954bc - SetScrollRange
0x100954c0 - SetScrollPos
0x100954c4 - SetRect
0x100954c8 - InflateRect
0x100954cc - IntersectRect
0x100954d0 - DestroyIcon
0x100954d4 - PtInRect
0x100954d8 - OffsetRect
0x100954dc - IsWindowVisible
0x100954e0 - EnableWindow
0x100954e4 - RedrawWindow
0x100954e8 - GetWindowLongA
0x100954ec - SetWindowLongA
0x100954f0 - GetSysColor
0x100954f4 - SetActiveWindow
0x100954f8 - SetCursorPos
0x100954fc - LoadCursorA
0x10095500 - SetCursor
0x10095504 - GetDC
0x10095508 - FillRect
0x1009550c - IsRectEmpty
0x10095510 - ReleaseDC
0x10095514 - IsChild
0x10095518 - DestroyMenu
0x1009551c - SetForegroundWindow
0x10095520 - GetWindowRect
0x10095524 - EqualRect
0x10095528 - UpdateWindow
0x1009552c - ValidateRect
0x10095530 - InvalidateRect
0x10095534 - GetClientRect
0x10095538 - GetFocus
0x1009553c - GetParent
0x10095540 - GetTopWindow
0x10095544 - PostMessageA
0x10095548 - IsWindow
0x1009554c - SetParent
0x10095550 - DestroyCursor
0x10095554 - SendMessageA
0x10095558 - SetWindowPos
0x1009555c - MessageBoxA
0x10095560 - GetCursorPos
0x10095564 - GetSystemMetrics
0x10095568 - CheckMenuItem
0x1009556c - GetWindowTextLengthA
0x10095570 - CharUpperA
0x10095574 - GetWindowDC
0x10095578 - BeginPaint
0x1009557c - EndPaint
0x10095580 - TabbedTextOutA
0x10095584 - DrawTextA
0x10095588 - GrayStringA
0x1009558c - DestroyWindow
0x10095590 - CreateDialogIndirectParamA
0x10095594 - EndDialog
0x10095598 - GetNextDlgTabItem
0x1009559c - GetWindowPlacement
0x100955a0 - RegisterWindowMessageA
0x100955a4 - GetLastActivePopup
0x100955a8 - GetMessageTime
0x100955ac - RemovePropA
0x100955b0 - CallWindowProcA
0x100955b4 - GetPropA
0x100955b8 - UnhookWindowsHookEx
0x100955bc - SetPropA
0x100955c0 - GetClassLongA
0x100955c4 - CallNextHookEx
0x100955c8 - SetWindowsHookExA
0x100955cc - CreateWindowExA
0x100955d0 - GetMenuItemID
0x100955d4 - GetMenuItemCount
0x100955d8 - RegisterClassA
0x100955dc - GetScrollPos
0x100955e0 - AdjustWindowRectEx
0x100955e4 - MapWindowPoints
0x100955e8 - SendDlgItemMessageA
0x100955ec - ScrollWindowEx
0x100955f0 - IsDialogMessageA
0x100955f4 - SetWindowTextA
0x100955f8 - MoveWindow
库 GDI32.dll:
0x10095024 - ExtSelectClipRgn
0x10095028 - LineTo
0x1009502c - MoveToEx
0x10095030 - ExcludeClipRect
0x10095034 - GetClipBox
0x10095038 - ScaleWindowExtEx
0x1009503c - SetWindowExtEx
0x10095040 - SetWindowOrgEx
0x10095044 - ScaleViewportExtEx
0x10095048 - SetViewportExtEx
0x1009504c - OffsetViewportOrgEx
0x10095050 - CreateRectRgnIndirect
0x10095054 - SetStretchBltMode
0x10095058 - GetClipRgn
0x1009505c - CreatePolygonRgn
0x10095060 - SelectClipRgn
0x10095064 - DeleteObject
0x10095068 - CreateDIBitmap
0x1009506c - GetSystemPaletteEntries
0x10095070 - CreatePalette
0x10095074 - SelectPalette
0x10095078 - RealizePalette
0x1009507c - GetDIBits
0x10095080 - GetWindowExtEx
0x10095084 - GetViewportOrgEx
0x10095088 - GetWindowOrgEx
0x1009508c - BeginPath
0x10095090 - EndPath
0x10095094 - PathToRegion
0x10095098 - CreateEllipticRgn
0x1009509c - CreateRoundRectRgn
0x100950a0 - GetTextColor
0x100950a4 - GetBkMode
0x100950a8 - GetBkColor
0x100950ac - GetROP2
0x100950b0 - GetStretchBltMode
0x100950b4 - GetPolyFillMode
0x100950b8 - CreateCompatibleBitmap
0x100950bc - CreateDCA
0x100950c0 - CreateBitmap
0x100950c4 - SelectObject
0x100950c8 - GetObjectA
0x100950cc - CreatePen
0x100950d0 - PatBlt
0x100950d4 - CombineRgn
0x100950d8 - CreateRectRgn
0x100950dc - FillRgn
0x100950e0 - CreateSolidBrush
0x100950e4 - GetStockObject
0x100950e8 - CreateFontIndirectA
0x100950ec - EndPage
0x100950f0 - EndDoc
0x100950f4 - DeleteDC
0x100950f8 - StartDocA
0x100950fc - StartPage
0x10095100 - BitBlt
0x10095104 - CreateCompatibleDC
0x10095108 - Ellipse
0x1009510c - Rectangle
0x10095110 - LPtoDP
0x10095114 - DPtoLP
0x10095118 - GetCurrentObject
0x1009511c - RoundRect
0x10095120 - GetTextExtentPoint32A
0x10095124 - GetDeviceCaps
0x10095128 - GetViewportExtEx
0x1009512c - PtVisible
0x10095130 - RectVisible
0x10095134 - TextOutA
0x10095138 - ExtTextOutA
0x1009513c - Escape
0x10095140 - GetTextMetricsA
0x10095144 - SetBkColor
0x10095148 - StretchBlt
0x1009514c - SaveDC
0x10095150 - RestoreDC
0x10095154 - SetBkMode
0x10095158 - SetPolyFillMode
0x1009515c - SetROP2
0x10095160 - SetTextColor
0x10095164 - SetMapMode
0x10095168 - SetViewportOrgEx
库 WINSPOOL.DRV:
0x1009564c - OpenPrinterA
0x10095650 - DocumentPropertiesA
0x10095654 - ClosePrinter
库 ADVAPI32.dll:
0x10095000 - RegQueryValueA
0x10095004 - RegSetValueExA
0x10095008 - RegOpenKeyExA
0x1009500c - RegCloseKey
0x10095010 - RegCreateKeyExA
库 SHELL32.dll:
0x10095390 - Shell_NotifyIconA
0x10095394 - ShellExecuteA
库 ole32.dll:
0x1009569c - OleInitialize
0x100956a0 - OleUninitialize
0x100956a4 - CLSIDFromString
库 OLEAUT32.dll:
0x10095380 - UnRegisterTypeLib
0x10095384 - RegisterTypeLib
0x10095388 - LoadTypeLib
库 COMCTL32.dll:
0x10095018 - ImageList_Destroy
0x1009501c - None
库 comdlg32.dll:
0x10095688 - GetFileTitleA
0x1009568c - ChooseColorA
0x10095690 - GetOpenFileNameA
0x10095694 - GetSaveFileNameA

导出

序列 地址 名称
1 0x10004233 hook
2 0x100041e0

投放文件

无信息

行为分析

互斥量(Mutexes) 无信息
执行的命令 无信息
创建的服务 无信息
启动的服务 无信息

进程

无信息
访问的文件 无信息
读取的文件 无信息
修改的文件 无信息
删除的文件 无信息
注册表键 无信息
读取的注册表键 无信息
修改的注册表键 无信息
删除的注册表键 无信息
API解析 无信息