魔盾安全分析报告

分析类型 开始时间 结束时间 持续时间 分析引擎版本
FILE 2022-01-29 15:40:48 2022-01-29 15:40:49 1 秒 1.4-Maldun
虚拟机机器名 标签 虚拟机管理 开机时间 关机时间
win7-sp1-x64-shaapp02-1 win7-sp1-x64-shaapp02-1 KVM 2022-01-29 15:40:49 2022-01-29 15:40:49
魔盾分数

1.4

正常的

文件详细信息

文件名 中华黑豹.exe
文件大小 480360 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 C2B04900
MD5 85c6d4e6026de1cb739db3f519ab4f47
SHA1 7b8c2454e751b68222589bd3e55fc114e281baa9
SHA256 a2da77f846946cffb8ecb05fa9010aef74b199ee0c66cb7f241a3f998e0c31ae
SHA512 5f7c677951983edc69e22554d6e88052048c5fcb63d790fab1968cd21f94fa693c91bed62e31afa20121e625aa752c0945ea87cf043e6cf0ebb711708bcbb849
Ssdeep 12288:yN+mzVxEQJa736YbnXjkrve3dKOVnr/Uf:yUWEz6Y34G34O1/K
PEiD 无匹配
Yara
  • DebuggerTiming__Ticks (Detected timing ticks function)
  • create_process (Detection function for creating a new process)
  • escalate_priv (Detected escalate priviledges function)
  • win_registry (Detected system registries modification function)
  • change_win_registry (Change registries to affect system)
  • win_token (Affect system token)
  • win_files_operation (Affect private profile)
  • Maldun_Anomoly_Combined_Activities_7 (Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files)
  • IsPE32 (Detected a 32bit PE sample)
  • IsWindowsGUI (Detected a Windows GUI sample)
  • IsPacked (Detected Entropy signature)
  • HasOverlay (Detected Overlay signature)
  • CRC32_poly_Constant (Look for CRC32 [poly])
  • RIPEMD160_Constants (Look for RIPEMD-160 constants)
  • SHA1_Constants (Look for SHA1 constants)
  • with_images (Detected the presence of an or several images)
VirusTotal VirusTotal查询失败

特征

魔盾安全Yara规则检测结果 - 安全告警
Critical: Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files

运行截图

无运行截图

网络分析

无信息

静态分析

PE 信息

初始地址 0x00400000
入口地址 0x00401000
声明校验值 0x00000000
实际校验值 0x0007859f
最低操作系统版本要求 4.0
编译时间 2007-09-20 20:34:46
载入哈希 bc5ce990cf54f8d435a68eb97512f73e

PE数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00014000 0x00013800 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.47
.data 0x00015000 0x00007000 0x00000a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.91
.idata 0x0001c000 0x00001000 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.12
.rsrc 0x0001d000 0x000156dc 0x00015800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.16

覆盖

偏移量: 0x000326dc
大小: 0x00042d8c

导入

库 ADVAPI32.DLL:
0x41c0e0 - AdjustTokenPrivileges
0x41c0e4 - LookupPrivilegeValueA
0x41c0e8 - OpenProcessToken
0x41c0ec - RegCloseKey
0x41c0f0 - RegCreateKeyExA
0x41c0f4 - RegOpenKeyExA
0x41c0f8 - RegQueryValueExA
0x41c0fc - RegSetValueExA
0x41c100 - SetFileSecurityA
0x41c104 - SetFileSecurityW
库 KERNEL32.DLL:
0x41c21c - CloseHandle
0x41c220 - CompareStringA
0x41c224 - CreateDirectoryA
0x41c228 - CreateDirectoryW
0x41c22c - CreateFileA
0x41c230 - CreateFileW
0x41c234 - DeleteFileA
0x41c238 - DeleteFileW
0x41c23c - DosDateTimeToFileTime
0x41c240 - ExitProcess
0x41c244 - ExpandEnvironmentStringsA
0x41c248 - FileTimeToLocalFileTime
0x41c24c - FileTimeToSystemTime
0x41c250 - FindClose
0x41c254 - FindFirstFileA
0x41c258 - FindFirstFileW
0x41c25c - FindNextFileA
0x41c260 - FindNextFileW
0x41c264 - FindResourceA
0x41c268 - FreeLibrary
0x41c26c - GetCPInfo
0x41c270 - GetCommandLineA
0x41c274 - GetCurrentDirectoryA
0x41c278 - GetCurrentProcess
0x41c27c - GetDateFormatA
0x41c280 - GetFileAttributesA
0x41c284 - GetFileAttributesW
0x41c288 - GetFileType
0x41c28c - GetFullPathNameA
0x41c290 - GetLastError
0x41c294 - GetLocaleInfoA
0x41c298 - GetModuleFileNameA
0x41c29c - GetModuleHandleA
0x41c2a0 - GetNumberFormatA
0x41c2a4 - GetProcAddress
0x41c2a8 - GetProcessHeap
0x41c2ac - GetStdHandle
0x41c2b0 - GetTempPathA
0x41c2b4 - GetTickCount
0x41c2b8 - GetTimeFormatA
0x41c2bc - GetVersionExA
0x41c2c0 - GlobalAlloc
0x41c2c4 - HeapAlloc
0x41c2c8 - HeapFree
0x41c2cc - HeapReAlloc
0x41c2d0 - IsDBCSLeadByte
0x41c2d4 - LoadLibraryA
0x41c2d8 - LocalFileTimeToFileTime
0x41c2dc - MoveFileA
0x41c2e0 - MoveFileExA
0x41c2e4 - MultiByteToWideChar
0x41c2e8 - ReadFile
0x41c2ec - SetCurrentDirectoryA
0x41c2f0 - SetEndOfFile
0x41c2f4 - SetEnvironmentVariableA
0x41c2f8 - SetFileAttributesA
0x41c2fc - SetFileAttributesW
0x41c300 - SetFilePointer
0x41c304 - SetFileTime
0x41c308 - SetLastError
0x41c30c - Sleep
0x41c310 - SystemTimeToFileTime
0x41c314 - WaitForSingleObject
0x41c318 - WideCharToMultiByte
0x41c31c - WriteFile
0x41c320 - lstrcmpiA
0x41c324 - lstrlenA
库 COMCTL32.DLL:
0x41c334 - None
库 COMDLG32.DLL:
0x41c34c - CommDlgExtendedError
0x41c350 - GetOpenFileNameA
0x41c354 - GetSaveFileNameA
库 GDI32.DLL:
0x41c364 - DeleteObject
库 SHELL32.DLL:
0x41c390 - SHBrowseForFolderA
0x41c394 - SHChangeNotify
0x41c398 - SHFileOperationA
0x41c39c - SHGetFileInfoA
0x41c3a0 - SHGetMalloc
0x41c3a4 - SHGetSpecialFolderLocation
0x41c3a8 - ShellExecuteExA
0x41c3ac - SHGetPathFromIDListA
库 USER32.DLL:
0x41c488 - CharToOemA
0x41c48c - CharToOemBuffA
0x41c490 - CharUpperA
0x41c494 - CopyRect
0x41c498 - CreateWindowExA
0x41c49c - DefWindowProcA
0x41c4a0 - DestroyIcon
0x41c4a4 - DestroyWindow
0x41c4a8 - DialogBoxParamA
0x41c4ac - DispatchMessageA
0x41c4b0 - EnableWindow
0x41c4b4 - EndDialog
0x41c4b8 - FindWindowExA
0x41c4bc - GetClassNameA
0x41c4c0 - GetClientRect
0x41c4c4 - GetDlgItem
0x41c4c8 - GetDlgItemTextA
0x41c4cc - GetMessageA
0x41c4d0 - GetParent
0x41c4d4 - GetSysColor
0x41c4d8 - GetSystemMetrics
0x41c4dc - GetWindow
0x41c4e0 - GetWindowLongA
0x41c4e4 - GetWindowRect
0x41c4e8 - GetWindowTextA
0x41c4ec - IsWindow
0x41c4f0 - IsWindowVisible
0x41c4f4 - LoadBitmapA
0x41c4f8 - LoadCursorA
0x41c4fc - LoadIconA
0x41c500 - LoadStringA
0x41c504 - MapWindowPoints
0x41c508 - MessageBoxA
0x41c50c - OemToCharA
0x41c510 - OemToCharBuffA
0x41c514 - PeekMessageA
0x41c518 - PostMessageA
0x41c51c - RegisterClassExA
0x41c520 - SendDlgItemMessageA
0x41c524 - SendMessageA
0x41c528 - SetDlgItemTextA
0x41c52c - SetFocus
0x41c530 - SetMenu
0x41c534 - SetWindowLongA
0x41c538 - SetWindowPos
0x41c53c - SetWindowTextA
0x41c540 - ShowWindow
0x41c544 - TranslateMessage
0x41c548 - UpdateWindow
0x41c54c - WaitForInputIdle
0x41c550 - wsprintfA
0x41c554 - wvsprintfA
库 OLE32.DLL:
0x41c574 - CLSIDFromString
0x41c578 - CoCreateInstance
0x41c57c - CreateStreamOnHGlobal
0x41c580 - OleInitialize
0x41c584 - OleUninitialize

投放文件

无信息

行为分析

互斥量(Mutexes) 无信息
执行的命令 无信息
创建的服务 无信息
启动的服务 无信息

进程

无信息
访问的文件 无信息
读取的文件 无信息
修改的文件 无信息
删除的文件 无信息
注册表键 无信息
读取的注册表键 无信息
修改的注册表键 无信息
删除的注册表键 无信息
API解析 无信息