魔盾安全分析报告

分析类型 开始时间 结束时间 持续时间 分析引擎版本
FILE 2021-07-02 19:15:58 2021-07-02 19:15:59 1 秒 1.4-Maldun
虚拟机机器名 标签 虚拟机管理 开机时间 关机时间
win7-sp1-x64-shaapp02-1 win7-sp1-x64-shaapp02-1 KVM 2021-07-02 19:15:59 2021-07-02 19:15:59
魔盾分数

4.8

可疑的

文件详细信息

文件名 潘多拉0702.exe
文件大小 1130496 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 85E7C784
MD5 b89eb17f09596ddd2e15cfa511c9d6c4
SHA1 7b7b5f693dbc8fb77ef85b655e44780df8de038f
SHA256 447bc8d4855efc99c80551e82a709bc431ad4e9db3d03bef399d85aab136f0c2
SHA512 4167d05bfc99637a46ae1ffc20284f28662e7a0b0248af814ee713ba9b3aa3fd4f958226c891ac95bccd10626aea871d59ac0fdd68ef1b86a9a04955797c0beb
Ssdeep 24576:MI+ttrHEjRTeUqsi7b4Ls65pzoRlG4Hw4X2RJDJVkl9oLCqq1ttuikJ/5:MI+ttrHEjms9s65OlG4Qe2fDJVkl9oLz
PEiD 无匹配
Yara
  • DebuggerCheck__QueryInfo ()
  • DebuggerTiming__PerformanceCounter ()
  • DebuggerTiming__Ticks (Detected timing ticks function)
  • anti_dbg (Detected self protection if being debugged)
  • create_service (Detected function for creating a windows service)
  • win_mutex (Create or check mutex)
  • screenshot (Detected take screenshot function)
  • create_process (Detection function for creating a new process)
  • escalate_priv (Detected escalate priviledges function)
  • keylogger (Detected keylogger function)
  • win_registry (Detected system registries modification function)
  • change_win_registry (Change registries to affect system)
  • win_token (Affect system token)
  • win_files_operation (Affect private profile)
  • win_hook (Detected hook table access function)
  • win_private_profile (Detected private profile access function)
  • Maldun_Anomoly_Combined_Activities_7 (Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files)
  • IsPE32 (Detected a 32bit PE sample)
  • IsWindowsGUI (Detected a Windows GUI sample)
  • HasRichSignature (Detected Rich Signature)
  • CRC32_poly_Constant (Look for CRC32 [poly])
  • CRC32_table (Look for CRC32 table)
  • MD5_Constants (Look for MD5 constants)
  • BASE64_table (Look for Base64 table)
  • with_images (Detected the presence of an or several images)
  • with_urls (Detected the presence of an or several urls)
VirusTotal VirusTotal查询失败

特征

魔盾安全Yara规则检测结果 - 高危
Warning: Detected function for creating a windows service
Critical: Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files

运行截图

无运行截图

网络分析

无信息

静态分析

PE 信息

初始地址 0x00400000
入口地址 0x00493751
声明校验值 0x00000000
实际校验值 0x00120d61
最低操作系统版本要求 4.0
编译时间 2021-07-02 19:14:59
载入哈希 8ed4664fd3e022cf3bb2aee2f873c01a

版本信息

LegalCopyright: \u4f5c\u8005\u7248\u6743\u6240\u6709 \u8bf7\u5c0a\u91cd\u5e76\u4f7f\u7528\u6b63\u7248
FileVersion: 1.0.0.0
Comments: \u672c\u7a0b\u5e8f\u4f7f\u7528\u6613\u8bed\u8a00\u7f16\u5199(http://www.dywt.com.cn)
ProductName: \u6613\u8bed\u8a00\u7a0b\u5e8f
ProductVersion: 1.0.0.0
FileDescription: \u6613\u8bed\u8a00\u7a0b\u5e8f
Translation: 0x0804 0x04b0

PE数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000b203e 0x000b3000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.55
.rdata 0x000b4000 0x000418ca 0x00042000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.79
.data 0x000f6000 0x00043de8 0x00018000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.97
.rsrc 0x0013a000 0x0000595c 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.83

导入

库 KERNEL32.dll:
0x4b4178 - GetCurrentDirectoryA
0x4b417c - CreateDirectoryA
0x4b4180 - SuspendThread
0x4b4184 - ReleaseMutex
0x4b4188 - CreateMutexA
0x4b418c - TerminateThread
0x4b4190 - SetFileTime
0x4b4194 - DosDateTimeToFileTime
0x4b4198 - GetLocalTime
0x4b419c - SystemTimeToFileTime
0x4b41a0 - DuplicateHandle
0x4b41a4 - GetFileType
0x4b41a8 - GetFileSize
0x4b41ac - SetFilePointer
0x4b41b0 - FileTimeToLocalFileTime
0x4b41b4 - FileTimeToSystemTime
0x4b41b8 - lstrcpynA
0x4b41bc - lstrcmpiA
0x4b41c0 - lstrcmpA
0x4b41c4 - SetStdHandle
0x4b41c8 - IsBadCodePtr
0x4b41cc - IsBadReadPtr
0x4b41d0 - CompareStringW
0x4b41d4 - CompareStringA
0x4b41d8 - SetUnhandledExceptionFilter
0x4b41dc - GetStringTypeW
0x4b41e0 - GetStringTypeA
0x4b41e4 - IsBadWritePtr
0x4b41e8 - VirtualAlloc
0x4b41ec - LCMapStringW
0x4b41f0 - LCMapStringA
0x4b41f4 - SetEnvironmentVariableA
0x4b41f8 - VirtualFree
0x4b41fc - HeapCreate
0x4b4200 - HeapDestroy
0x4b4204 - GetEnvironmentVariableA
0x4b4208 - GetStdHandle
0x4b420c - SetHandleCount
0x4b4210 - GetEnvironmentStringsW
0x4b4214 - GetEnvironmentStrings
0x4b4218 - FreeEnvironmentStringsW
0x4b421c - FreeEnvironmentStringsA
0x4b4220 - UnhandledExceptionFilter
0x4b4224 - GetACP
0x4b4228 - HeapSize
0x4b422c - TerminateProcess
0x4b4230 - RaiseException
0x4b4234 - GetSystemTime
0x4b4238 - GetTimeZoneInformation
0x4b423c - RtlUnwind
0x4b4240 - GetStartupInfoA
0x4b4244 - GetOEMCP
0x4b4248 - GetCPInfo
0x4b424c - GetProcessVersion
0x4b4250 - SetErrorMode
0x4b4254 - GlobalFlags
0x4b4258 - GetCurrentThread
0x4b425c - GetFileTime
0x4b4260 - TlsGetValue
0x4b4264 - LocalReAlloc
0x4b4268 - TlsSetValue
0x4b426c - TlsFree
0x4b4270 - GlobalHandle
0x4b4274 - TlsAlloc
0x4b4278 - LocalAlloc
0x4b427c - GetVersion
0x4b4280 - IsDBCSLeadByte
0x4b4284 - WideCharToMultiByte
0x4b4288 - MultiByteToWideChar
0x4b428c - GetCurrentProcess
0x4b4290 - CreateSemaphoreA
0x4b4294 - ResumeThread
0x4b4298 - ReleaseSemaphore
0x4b429c - EnterCriticalSection
0x4b42a0 - LeaveCriticalSection
0x4b42a4 - GetProfileStringA
0x4b42a8 - WriteFile
0x4b42ac - ReadFile
0x4b42b0 - WaitForMultipleObjects
0x4b42b4 - CreateFileA
0x4b42b8 - SetEvent
0x4b42bc - FindResourceA
0x4b42c0 - LoadResource
0x4b42c4 - LockResource
0x4b42c8 - lstrlenW
0x4b42cc - GetModuleFileNameA
0x4b42d0 - GetCurrentThreadId
0x4b42d4 - ExitProcess
0x4b42d8 - GlobalSize
0x4b42dc - GlobalFree
0x4b42e0 - DeleteCriticalSection
0x4b42e4 - InitializeCriticalSection
0x4b42e8 - lstrcatA
0x4b42ec - lstrlenA
0x4b42f0 - WinExec
0x4b42f4 - lstrcpyA
0x4b42f8 - FindNextFileA
0x4b42fc - GlobalReAlloc
0x4b4300 - HeapFree
0x4b4304 - HeapReAlloc
0x4b4308 - GetProcessHeap
0x4b430c - HeapAlloc
0x4b4310 - GetUserDefaultLCID
0x4b4314 - GetFullPathNameA
0x4b4318 - FreeLibrary
0x4b431c - LoadLibraryA
0x4b4320 - GetLastError
0x4b4324 - GetVersionExA
0x4b4328 - WritePrivateProfileStringA
0x4b432c - CreateThread
0x4b4330 - CreateEventA
0x4b4334 - Sleep
0x4b4338 - GlobalGetAtomNameA
0x4b433c - GlobalAddAtomA
0x4b4340 - GlobalFindAtomA
0x4b4344 - GlobalDeleteAtom
0x4b4348 - SetEndOfFile
0x4b434c - UnlockFile
0x4b4350 - LockFile
0x4b4354 - FlushFileBuffers
0x4b4358 - SetLastError
0x4b435c - LocalFree
0x4b4360 - InterlockedDecrement
0x4b4364 - InterlockedIncrement
0x4b4368 - ExpandEnvironmentStringsA
0x4b436c - GlobalAlloc
0x4b4370 - GlobalLock
0x4b4374 - GlobalUnlock
0x4b4378 - FindFirstFileA
0x4b437c - FindClose
0x4b4380 - SetFileAttributesA
0x4b4384 - GetFileAttributesA
0x4b4388 - DeleteFileA
0x4b438c - SetCurrentDirectoryA
0x4b4390 - GetVolumeInformationA
0x4b4394 - GetModuleHandleA
0x4b4398 - GetProcAddress
0x4b439c - CloseHandle
0x4b43a0 - MulDiv
0x4b43a4 - GetCommandLineA
0x4b43a8 - GetTickCount
0x4b43ac - CreateProcessA
0x4b43b0 - WaitForSingleObject
库 USER32.dll:
0x4b4414 - OpenClipboard
0x4b4418 - GetClipboardData
0x4b441c - CloseClipboard
0x4b4420 - wsprintfA
0x4b4424 - WaitForInputIdle
0x4b4428 - GrayStringA
0x4b442c - SetClipboardData
0x4b4430 - EmptyClipboard
0x4b4434 - GetSystemMetrics
0x4b4438 - GetCursorPos
0x4b443c - MessageBoxA
0x4b4440 - SetWindowPos
0x4b4444 - SendMessageA
0x4b4448 - DestroyCursor
0x4b444c - SetParent
0x4b4450 - IsWindow
0x4b4454 - PostMessageA
0x4b4458 - GetTopWindow
0x4b445c - GetParent
0x4b4460 - GetFocus
0x4b4464 - GetClientRect
0x4b4468 - InvalidateRect
0x4b446c - ValidateRect
0x4b4470 - UpdateWindow
0x4b4474 - EqualRect
0x4b4478 - GetWindowRect
0x4b447c - SetForegroundWindow
0x4b4480 - DestroyMenu
0x4b4484 - IsChild
0x4b4488 - ReleaseDC
0x4b448c - IsRectEmpty
0x4b4490 - FillRect
0x4b4494 - GetDC
0x4b4498 - SetCursor
0x4b449c - LoadCursorA
0x4b44a0 - SetCursorPos
0x4b44a4 - SetActiveWindow
0x4b44a8 - GetSysColor
0x4b44ac - CharUpperA
0x4b44b0 - GetForegroundWindow
0x4b44b4 - TranslateMessage
0x4b44b8 - LoadIconA
0x4b44bc - DrawFrameControl
0x4b44c0 - DrawEdge
0x4b44c4 - DrawFocusRect
0x4b44c8 - WindowFromPoint
0x4b44cc - GetMessageA
0x4b44d0 - DispatchMessageA
0x4b44d4 - SetRectEmpty
0x4b44d8 - RegisterClipboardFormatA
0x4b44dc - CreateIconFromResourceEx
0x4b44e0 - CreateIconFromResource
0x4b44e4 - DrawIconEx
0x4b44e8 - CreatePopupMenu
0x4b44ec - AppendMenuA
0x4b44f0 - ModifyMenuA
0x4b44f4 - CreateMenu
0x4b44f8 - CreateAcceleratorTableA
0x4b44fc - GetDlgCtrlID
0x4b4500 - GetSubMenu
0x4b4504 - EnableMenuItem
0x4b4508 - ClientToScreen
0x4b450c - EnumDisplaySettingsA
0x4b4510 - LoadImageA
0x4b4514 - SystemParametersInfoA
0x4b4518 - ShowWindow
0x4b451c - IsWindowEnabled
0x4b4520 - TranslateAcceleratorA
0x4b4524 - GetKeyState
0x4b4528 - CopyAcceleratorTableA
0x4b452c - PostQuitMessage
0x4b4530 - IsZoomed
0x4b4534 - GetClassInfoA
0x4b4538 - DefWindowProcA
0x4b453c - GetSystemMenu
0x4b4540 - DeleteMenu
0x4b4544 - GetMenu
0x4b4548 - SetMenu
0x4b454c - PeekMessageA
0x4b4550 - IsIconic
0x4b4554 - SetFocus
0x4b4558 - GetActiveWindow
0x4b455c - GetWindow
0x4b4560 - DestroyAcceleratorTable
0x4b4564 - SetWindowRgn
0x4b4568 - GetMessagePos
0x4b456c - ScreenToClient
0x4b4570 - ChildWindowFromPointEx
0x4b4574 - CopyRect
0x4b4578 - LoadBitmapA
0x4b457c - WinHelpA
0x4b4580 - KillTimer
0x4b4584 - SetTimer
0x4b4588 - GetWindowTextA
0x4b458c - GetWindowTextLengthA
0x4b4590 - GetWindowDC
0x4b4594 - BeginPaint
0x4b4598 - EndPaint
0x4b459c - TabbedTextOutA
0x4b45a0 - DrawTextA
0x4b45a4 - UnregisterClassA
0x4b45a8 - GetDlgItem
0x4b45ac - DestroyWindow
0x4b45b0 - CreateDialogIndirectParamA
0x4b45b4 - EndDialog
0x4b45b8 - GetNextDlgTabItem
0x4b45bc - GetWindowPlacement
0x4b45c0 - RegisterWindowMessageA
0x4b45c4 - GetLastActivePopup
0x4b45c8 - GetMessageTime
0x4b45cc - RemovePropA
0x4b45d0 - CallWindowProcA
0x4b45d4 - GetPropA
0x4b45d8 - UnhookWindowsHookEx
0x4b45dc - SetPropA
0x4b45e0 - GetClassLongA
0x4b45e4 - CallNextHookEx
0x4b45e8 - SetWindowsHookExA
0x4b45ec - CreateWindowExA
0x4b45f0 - GetMenuItemID
0x4b45f4 - GetMenuItemCount
0x4b45f8 - RegisterClassA
0x4b45fc - GetScrollPos
0x4b4600 - AdjustWindowRectEx
0x4b4604 - MapWindowPoints
0x4b4608 - SendDlgItemMessageA
0x4b460c - ScrollWindowEx
0x4b4610 - IsDialogMessageA
0x4b4614 - SetWindowTextA
0x4b4618 - MoveWindow
0x4b461c - CheckMenuItem
0x4b4620 - SetMenuItemBitmaps
0x4b4624 - GetMenuState
0x4b4628 - GetMenuCheckMarkDimensions
0x4b462c - GetClassNameA
0x4b4630 - GetDesktopWindow
0x4b4634 - LoadStringA
0x4b4638 - GetSysColorBrush
0x4b463c - ReleaseCapture
0x4b4640 - GetCapture
0x4b4644 - SetCapture
0x4b4648 - GetScrollRange
0x4b464c - SetScrollRange
0x4b4650 - SetScrollPos
0x4b4654 - SetRect
0x4b4658 - InflateRect
0x4b465c - IntersectRect
0x4b4660 - DestroyIcon
0x4b4664 - PtInRect
0x4b4668 - OffsetRect
0x4b466c - IsWindowVisible
0x4b4670 - EnableWindow
0x4b4674 - RedrawWindow
0x4b4678 - GetWindowLongA
0x4b467c - SetWindowLongA
库 GDI32.dll:
0x4b402c - SetBkColor
0x4b4030 - CreateRectRgnIndirect
0x4b4034 - SetStretchBltMode
0x4b4038 - GetClipRgn
0x4b403c - CreatePolygonRgn
0x4b4040 - SelectClipRgn
0x4b4044 - DeleteObject
0x4b4048 - CreateDIBitmap
0x4b404c - GetSystemPaletteEntries
0x4b4050 - CreatePalette
0x4b4054 - StretchBlt
0x4b4058 - SelectPalette
0x4b405c - RealizePalette
0x4b4060 - GetDIBits
0x4b4064 - GetWindowExtEx
0x4b4068 - GetViewportOrgEx
0x4b406c - GetWindowOrgEx
0x4b4070 - BeginPath
0x4b4074 - EndPath
0x4b4078 - PathToRegion
0x4b407c - CreateEllipticRgn
0x4b4080 - CreateRoundRectRgn
0x4b4084 - GetTextColor
0x4b4088 - GetBkMode
0x4b408c - GetBkColor
0x4b4090 - GetROP2
0x4b4094 - GetStretchBltMode
0x4b4098 - GetPolyFillMode
0x4b409c - CreateCompatibleBitmap
0x4b40a0 - CreateDCA
0x4b40a4 - CreateBitmap
0x4b40a8 - SelectObject
0x4b40ac - CreatePen
0x4b40b0 - PatBlt
0x4b40b4 - CombineRgn
0x4b40b8 - CreateRectRgn
0x4b40bc - FillRgn
0x4b40c0 - CreateSolidBrush
0x4b40c4 - CreateFontIndirectA
0x4b40c8 - GetStockObject
0x4b40cc - GetObjectA
0x4b40d0 - EndPage
0x4b40d4 - EndDoc
0x4b40d8 - DeleteDC
0x4b40dc - StartDocA
0x4b40e0 - StartPage
0x4b40e4 - BitBlt
0x4b40e8 - CreateCompatibleDC
0x4b40ec - Ellipse
0x4b40f0 - Rectangle
0x4b40f4 - LPtoDP
0x4b40f8 - DPtoLP
0x4b40fc - GetCurrentObject
0x4b4100 - RoundRect
0x4b4104 - GetTextExtentPoint32A
0x4b4108 - GetDeviceCaps
0x4b410c - SaveDC
0x4b4110 - RestoreDC
0x4b4114 - SetBkMode
0x4b4118 - SetPolyFillMode
0x4b411c - SetROP2
0x4b4120 - SetMapMode
0x4b4124 - SetViewportOrgEx
0x4b4128 - OffsetViewportOrgEx
0x4b412c - SetViewportExtEx
0x4b4130 - ScaleViewportExtEx
0x4b4134 - SetWindowOrgEx
0x4b4138 - SetWindowExtEx
0x4b413c - ScaleWindowExtEx
0x4b4140 - GetClipBox
0x4b4144 - ExcludeClipRect
0x4b4148 - MoveToEx
0x4b414c - LineTo
0x4b4150 - GetTextMetricsA
0x4b4154 - Escape
0x4b4158 - ExtTextOutA
0x4b415c - TextOutA
0x4b4160 - RectVisible
0x4b4164 - PtVisible
0x4b4168 - GetViewportExtEx
0x4b416c - ExtSelectClipRgn
0x4b4170 - SetTextColor
库 WINMM.dll:
0x4b4684 - midiStreamRestart
0x4b4688 - midiStreamClose
0x4b468c - midiOutReset
0x4b4690 - midiStreamStop
0x4b4694 - midiStreamOut
0x4b4698 - midiOutPrepareHeader
0x4b469c - midiStreamProperty
0x4b46a0 - midiStreamOpen
0x4b46a4 - midiOutUnprepareHeader
0x4b46a8 - waveOutOpen
0x4b46ac - waveOutGetNumDevs
0x4b46b0 - waveOutClose
0x4b46b4 - waveOutReset
0x4b46b8 - waveOutPause
0x4b46bc - waveOutPrepareHeader
0x4b46c0 - waveOutUnprepareHeader
0x4b46c4 - waveOutRestart
0x4b46c8 - waveOutWrite
库 WINSPOOL.DRV:
0x4b46d0 - ClosePrinter
0x4b46d4 - OpenPrinterA
0x4b46d8 - DocumentPropertiesA
库 ADVAPI32.dll:
0x4b4000 - RegCloseKey
0x4b4004 - RegCreateKeyA
0x4b4008 - RegSetValueExA
0x4b400c - RegOpenKeyExA
0x4b4010 - RegQueryValueExA
0x4b4014 - RegQueryValueA
0x4b4018 - RegCreateKeyExA
库 SHELL32.dll:
0x4b4408 - Shell_NotifyIconA
0x4b440c - ShellExecuteA
库 ole32.dll:
0x4b4720 - CLSIDFromProgID
0x4b4724 - OleInitialize
0x4b4728 - OleUninitialize
0x4b472c - CLSIDFromString
0x4b4730 - CoCreateInstance
0x4b4734 - OleRun
库 OLEAUT32.dll:
0x4b43b8 - VariantInit
0x4b43bc - VariantCopy
0x4b43c0 - VariantClear
0x4b43c4 - VariantChangeType
0x4b43c8 - SafeArrayGetUBound
0x4b43cc - SafeArrayGetLBound
0x4b43d0 - SafeArrayGetDim
0x4b43d4 - SafeArrayUnaccessData
0x4b43d8 - SafeArrayAccessData
0x4b43dc - SafeArrayGetElement
0x4b43e0 - VariantCopyInd
0x4b43e4 - SysAllocString
0x4b43e8 - SafeArrayDestroy
0x4b43ec - SafeArrayCreate
0x4b43f0 - SafeArrayPutElement
0x4b43f4 - RegisterTypeLib
0x4b43f8 - LHashValOfNameSys
0x4b43fc - LoadTypeLib
0x4b4400 - UnRegisterTypeLib
库 COMCTL32.dll:
0x4b4020 - None
0x4b4024 - ImageList_Destroy
库 WS2_32.dll:
0x4b46e0 - closesocket
0x4b46e4 - ntohl
0x4b46e8 - accept
0x4b46ec - getpeername
0x4b46f0 - recv
0x4b46f4 - ioctlsocket
0x4b46f8 - recvfrom
0x4b46fc - WSAAsyncSelect
0x4b4700 - inet_ntoa
0x4b4704 - WSACleanup
库 comdlg32.dll:
0x4b470c - ChooseColorA
0x4b4710 - GetSaveFileNameA
0x4b4714 - GetOpenFileNameA
0x4b4718 - GetFileTitleA

投放文件

无信息

行为分析

互斥量(Mutexes) 无信息
执行的命令 无信息
创建的服务 无信息
启动的服务 无信息

进程

无信息
访问的文件 无信息
读取的文件 无信息
修改的文件 无信息
删除的文件 无信息
注册表键 无信息
读取的注册表键 无信息
修改的注册表键 无信息
删除的注册表键 无信息
API解析 无信息