魔盾安全分析报告
| 分析类型 | 开始时间 | 结束时间 | 持续时间 | 分析引擎版本 |
|---|---|---|---|---|
| FILE | 2023-01-26 22:01:34 | 2023-01-26 22:03:49 | 135 秒 | 1.4-Maldun |
| 虚拟机机器名 | 标签 | 虚拟机管理 | 开机时间 | 关机时间 |
|---|---|---|---|---|
| win7-sp1-x64-shaapp02-1 | win7-sp1-x64-shaapp02-1 | KVM | 2023-01-26 22:01:40 | 2023-01-26 22:03:49 |
| 魔盾分数 |
|---|
7.55恶意的 |
文件详细信息
| 文件名 | AsynSysTime.exe |
|---|---|
| 文件大小 | 4254720 字节 |
| 文件类型 | PE32+ executable (GUI) x86-64, for MS Windows |
| CRC32 | BF7EE5E1 |
| MD5 | 9477f5f5cda4fafc039b821dac47e1ae |
| SHA1 | 5f4188d1c619b3627def595afecd63b09c9424eb |
| SHA256 | ffe340bc617a03aa56fab14757ff833d576ca7734831966a96a99b9caca694ef |
| SHA512 | 47e065507ebfbd1b586f0a92b12ddce707a39fc65fed72aa895959f7a4bd77b1d3c7f9f6b781107f47e15224a907832557ab98fed7b55c680fd3b5f35e086e58 |
| Ssdeep | 98304:LxXH5LiVRYDG5ZZebygDUFLOAkGkzdnEVomFHKnP:tH58R3QOgQFLOyomFHKnP |
| PEiD | 无匹配 |
| Yara |
|
| VirusTotal | VirusTotal查询失败 |
特征
二进制文件可能包含加密或压缩数据
section: name: .rsrc, entropy: 7.40, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x0018e400, virtual_size: 0x0018e230
魔盾安全Yara规则检测结果 - 高危
Warning: Detected function for installing itself for autorun at Windows startup
Critical: Spotted postential abnormal behaviors, like logging and persistenc3
Critical: Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files
运行截图
网络分析
TCP连接
| IP地址 | 端口 |
|---|---|
| 184.30.30.73 | 80 |
UDP连接
| IP地址 | 端口 |
|---|---|
| 192.168.122.1 | 53 |
HTTP请求
| URL | HTTP数据 |
|---|---|
| http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
静态分析
PE 信息
| 初始地址 | 0x140000000 |
|---|---|
| 入口地址 | 0x1401a4b80 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x00419436 |
| 最低操作系统版本要求 | 6.0 |
| PDB路径 | D:\StProject\AsynSysTime\x64\Release\AsynSysTime.pdb |
| 编译时间 | 2021-03-15 15:49:25 |
| 载入哈希 | 1b484c0b2ea47f647c6fe3c7a23fff9a |
版本信息
| LegalCopyright: | TODO: (C) <\u516c\u53f8\u540d>\u3002 \u4fdd\u7559\u6240\u6709\u6743\u5229\u3002 |
| InternalName: | AsynSysTime.exe |
| FileVersion: | 1.0.0.1 |
| CompanyName: | TODO: \u4fee\u4ed9\u8005\u4e2d\u7684\u4e00\u540d\u6563\u4fee |
| ProductName: | TODO: <\u4ea7\u54c1\u540d> |
| ProductVersion: | 1.0.0.1 |
| FileDescription: | \u7cfb\u7edf\u65f6\u95f4\u540c\u6b65\u5668 |
| OriginalFilename: | AsynSysTime.exe |
| Translation: | 0x0804 0x04b0 |
PE数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x001ce80e | 0x001cea00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.38 |
| .rdata | 0x001d0000 | 0x0008523a | 0x00085400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.76 |
| .data | 0x00256000 | 0x0000ed0c | 0x00007800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.14 |
| .pdata | 0x00265000 | 0x00015b64 | 0x00015c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.10 |
| _RDATA | 0x0027b000 | 0x000000f4 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 2.46 |
| .rsrc | 0x0027c000 | 0x0018e230 | 0x0018e400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.40 |
| .reloc | 0x0040b000 | 0x0000efe8 | 0x0000f000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 5.44 |
导入
库 KERNEL32.dll:
• 0x1401d03a8 - FindFirstFileExW
• 0x1401d03b0 - SetFilePointerEx
• 0x1401d03b8 - GetConsoleMode
• 0x1401d03c0 - GetConsoleCP
• 0x1401d03c8 - GetStringTypeW
• 0x1401d03d0 - LCMapStringW
• 0x1401d03d8 - CompareStringW
• 0x1401d03e0 - GetTimeZoneInformation
• 0x1401d03e8 - GetStdHandle
• 0x1401d03f0 - ExitProcess
• 0x1401d03f8 - IsValidCodePage
• 0x1401d0400 - QueryPerformanceFrequency
• 0x1401d0408 - HeapQueryInformation
• 0x1401d0410 - FreeLibraryAndExitThread
• 0x1401d0418 - ExitThread
• 0x1401d0420 - CreateThread
• 0x1401d0428 - VirtualQuery
• 0x1401d0430 - VirtualAlloc
• 0x1401d0438 - GetSystemInfo
• 0x1401d0440 - GetCommandLineW
• 0x1401d0448 - GetCommandLineA
• 0x1401d0450 - RtlPcToFileHeader
• 0x1401d0458 - RtlUnwindEx
• 0x1401d0460 - OutputDebugStringW
• 0x1401d0468 - FindNextFileW
• 0x1401d0470 - GetEnvironmentStringsW
• 0x1401d0478 - FreeEnvironmentStringsW
• 0x1401d0480 - GetFileType
• 0x1401d0488 - CreateFileW
• 0x1401d0490 - WriteConsoleW
• 0x1401d0498 - InitializeSListHead
• 0x1401d04a0 - GetSystemTimeAsFileTime
• 0x1401d04a8 - QueryPerformanceCounter
• 0x1401d04b0 - GetStartupInfoW
• 0x1401d04b8 - IsDebuggerPresent
• 0x1401d04c0 - IsProcessorFeaturePresent
• 0x1401d04c8 - TerminateProcess
• 0x1401d04d0 - SetUnhandledExceptionFilter
• 0x1401d04d8 - UnhandledExceptionFilter
• 0x1401d04e0 - RtlVirtualUnwind
• 0x1401d04e8 - RtlLookupFunctionEntry
• 0x1401d04f0 - RtlCaptureContext
• 0x1401d04f8 - CreateEventW
• 0x1401d0500 - WaitForSingleObjectEx
• 0x1401d0508 - ResetEvent
• 0x1401d0510 - SetEnvironmentVariableW
• 0x1401d0518 - GetTempFileNameA
• 0x1401d0520 - FindResourceExW
• 0x1401d0528 - GetWindowsDirectoryA
• 0x1401d0530 - SearchPathA
• 0x1401d0538 - GetProfileIntA
• 0x1401d0540 - Sleep
• 0x1401d0548 - GetTickCount
• 0x1401d0550 - SystemTimeToTzSpecificLocalTime
• 0x1401d0558 - GetFileTime
• 0x1401d0560 - GetFileSizeEx
• 0x1401d0568 - GetFileAttributesExA
• 0x1401d0570 - FileTimeToLocalFileTime
• 0x1401d0578 - SetErrorMode
• 0x1401d0580 - lstrcmpiA
• 0x1401d0588 - GetCurrentProcess
• 0x1401d0590 - DuplicateHandle
• 0x1401d0598 - GetVolumeInformationA
• 0x1401d05a0 - WriteFile
• 0x1401d05a8 - UnlockFile
• 0x1401d05b0 - SetEndOfFile
• 0x1401d05b8 - ReadFile
• 0x1401d05c0 - LockFile
• 0x1401d05c8 - GetFullPathNameA
• 0x1401d05d0 - FlushFileBuffers
• 0x1401d05d8 - FindFirstFileA
• 0x1401d05e0 - FindClose
• 0x1401d05e8 - FileTimeToSystemTime
• 0x1401d05f0 - GetTempPathA
• 0x1401d05f8 - SetFilePointer
• 0x1401d0600 - GetCPInfo
• 0x1401d0608 - GetOEMCP
• 0x1401d0610 - VirtualProtect
• 0x1401d0618 - GetACP
• 0x1401d0620 - GetFileSize
• 0x1401d0628 - GetFileAttributesA
• 0x1401d0630 - CreateFileA
• 0x1401d0638 - GetThreadLocale
• 0x1401d0640 - DeleteFileA
• 0x1401d0648 - GlobalFlags
• 0x1401d0650 - GetUserDefaultUILanguage
• 0x1401d0658 - GetSystemDefaultUILanguage
• 0x1401d0660 - GetLocaleInfoW
• 0x1401d0668 - GetCurrentDirectoryA
• 0x1401d0670 - LocalReAlloc
• 0x1401d0678 - LocalAlloc
• 0x1401d0680 - GlobalHandle
• 0x1401d0688 - GlobalReAlloc
• 0x1401d0690 - TlsFree
• 0x1401d0698 - TlsSetValue
• 0x1401d06a0 - TlsGetValue
• 0x1401d06a8 - TlsAlloc
• 0x1401d06b0 - InitializeCriticalSection
• 0x1401d06b8 - InitializeCriticalSectionAndSpinCount
• 0x1401d06c0 - ResumeThread
• 0x1401d06c8 - SuspendThread
• 0x1401d06d0 - SetThreadPriority
• 0x1401d06d8 - CreateEventA
• 0x1401d06e0 - WaitForSingleObject
• 0x1401d06e8 - SetEvent
• 0x1401d06f0 - CloseHandle
• 0x1401d06f8 - CopyFileA
• 0x1401d0700 - FormatMessageA
• 0x1401d0708 - MulDiv
• 0x1401d0710 - LocalFree
• 0x1401d0718 - GlobalSize
• 0x1401d0720 - GetCurrentProcessId
• 0x1401d0728 - VerifyVersionInfoA
• 0x1401d0730 - lstrcpyA
• 0x1401d0738 - VerSetConditionMask
• 0x1401d0740 - GlobalGetAtomNameA
• 0x1401d0748 - GlobalFindAtomA
• 0x1401d0750 - GlobalAddAtomA
• 0x1401d0758 - lstrcmpW
• 0x1401d0760 - GetSystemDirectoryW
• 0x1401d0768 - EncodePointer
• 0x1401d0770 - GlobalUnlock
• 0x1401d0778 - WritePrivateProfileStringA
• 0x1401d0780 - GetPrivateProfileStringA
• 0x1401d0788 - GetPrivateProfileIntA
• 0x1401d0790 - GetModuleHandleW
• 0x1401d0798 - GetModuleHandleA
• 0x1401d07a0 - GetProcAddress
• 0x1401d07a8 - FindResourceA
• 0x1401d07b0 - GlobalFree
• 0x1401d07b8 - CompareStringA
• 0x1401d07c0 - QueryActCtxW
• 0x1401d07c8 - FindActCtxSectionStringW
• 0x1401d07d0 - DeactivateActCtx
• 0x1401d07d8 - ActivateActCtx
• 0x1401d07e0 - CreateActCtxW
• 0x1401d07e8 - lstrcmpA
• 0x1401d07f0 - GlobalDeleteAtom
• 0x1401d07f8 - GlobalLock
• 0x1401d0800 - GlobalAlloc
• 0x1401d0808 - LoadLibraryW
• 0x1401d0810 - LoadLibraryExW
• 0x1401d0818 - GetModuleHandleExW
• 0x1401d0820 - GetModuleFileNameW
• 0x1401d0828 - FreeLibrary
• 0x1401d0830 - GetVersionExA
• 0x1401d0838 - GetCurrentThreadId
• 0x1401d0840 - GetCurrentThread
• 0x1401d0848 - SetLastError
• 0x1401d0850 - OutputDebugStringA
• 0x1401d0858 - GetProcessHeap
• 0x1401d0860 - DeleteCriticalSection
• 0x1401d0868 - DecodePointer
• 0x1401d0870 - HeapAlloc
• 0x1401d0878 - RaiseException
• 0x1401d0880 - HeapReAlloc
• 0x1401d0888 - HeapSize
• 0x1401d0890 - InitializeCriticalSectionEx
• 0x1401d0898 - LeaveCriticalSection
• 0x1401d08a0 - EnterCriticalSection
• 0x1401d08a8 - HeapFree
• 0x1401d08b0 - MultiByteToWideChar
• 0x1401d08b8 - WritePrivateProfileStringW
• 0x1401d08c0 - GetLastError
• 0x1401d08c8 - WideCharToMultiByte
• 0x1401d08d0 - SetLocalTime
• 0x1401d08d8 - GetPrivateProfileIntW
• 0x1401d08e0 - GetPrivateProfileStringW
• 0x1401d08e8 - GetModuleFileNameA
• 0x1401d08f0 - FindResourceW
• 0x1401d08f8 - LoadResource
• 0x1401d0900 - LockResource
• 0x1401d0908 - SizeofResource
• 0x1401d0910 - SetStdHandle
库 USER32.dll:
• 0x1401d0a78 - RealChildWindowFromPoint
• 0x1401d0a80 - DeleteMenu
• 0x1401d0a88 - CopyImage
• 0x1401d0a90 - WindowFromPoint
• 0x1401d0a98 - ReleaseCapture
• 0x1401d0aa0 - SetCapture
• 0x1401d0aa8 - WaitMessage
• 0x1401d0ab0 - GetMenuItemInfoA
• 0x1401d0ab8 - DestroyMenu
• 0x1401d0ac0 - IsDialogMessageA
• 0x1401d0ac8 - SetWindowTextA
• 0x1401d0ad0 - SendDlgItemMessageA
• 0x1401d0ad8 - CheckDlgButton
• 0x1401d0ae0 - SetDlgItemTextA
• 0x1401d0ae8 - MoveWindow
• 0x1401d0af0 - ShowWindow
• 0x1401d0af8 - InvalidateRect
• 0x1401d0b00 - SetCursor
• 0x1401d0b08 - ShowOwnedPopups
• 0x1401d0b10 - TranslateMessage
• 0x1401d0b18 - GetMessageA
• 0x1401d0b20 - LoadBitmapW
• 0x1401d0b28 - SetMenuItemInfoA
• 0x1401d0b30 - GetMenuCheckMarkDimensions
• 0x1401d0b38 - SetMenuItemBitmaps
• 0x1401d0b40 - EnableMenuItem
• 0x1401d0b48 - CheckMenuItem
• 0x1401d0b50 - ClientToScreen
• 0x1401d0b58 - ReleaseDC
• 0x1401d0b60 - GetWindowDC
• 0x1401d0b68 - GetDC
• 0x1401d0b70 - TabbedTextOutA
• 0x1401d0b78 - GrayStringA
• 0x1401d0b80 - DrawTextExA
• 0x1401d0b88 - DrawTextA
• 0x1401d0b90 - RemoveMenu
• 0x1401d0b98 - InsertMenuA
• 0x1401d0ba0 - GetMenuState
• 0x1401d0ba8 - GetMenuStringA
• 0x1401d0bb0 - GetWindowThreadProcessId
• 0x1401d0bb8 - EnumDisplayMonitors
• 0x1401d0bc0 - SystemParametersInfoA
• 0x1401d0bc8 - LoadCursorW
• 0x1401d0bd0 - LoadCursorA
• 0x1401d0bd8 - SetRectEmpty
• 0x1401d0be0 - SetLayeredWindowAttributes
• 0x1401d0be8 - GetMonitorInfoA
• 0x1401d0bf0 - MonitorFromWindow
• 0x1401d0bf8 - WinHelpA
• 0x1401d0c00 - GetScrollInfo
• 0x1401d0c08 - SetScrollInfo
• 0x1401d0c10 - CallNextHookEx
• 0x1401d0c18 - UnhookWindowsHookEx
• 0x1401d0c20 - SetWindowsHookExA
• 0x1401d0c28 - GetLastActivePopup
• 0x1401d0c30 - GetTopWindow
• 0x1401d0c38 - GetClassNameA
• 0x1401d0c40 - GetClassLongPtrA
• 0x1401d0c48 - GetClassLongA
• 0x1401d0c50 - SetWindowLongPtrA
• 0x1401d0c58 - GetWindowLongPtrA
• 0x1401d0c60 - SetWindowLongA
• 0x1401d0c68 - PtInRect
• 0x1401d0c70 - EqualRect
• 0x1401d0c78 - CopyRect
• 0x1401d0c80 - ScreenToClient
• 0x1401d0c88 - MessageBoxA
• 0x1401d0c90 - AdjustWindowRectEx
• 0x1401d0c98 - GetWindowTextLengthA
• 0x1401d0ca0 - GetWindowTextA
• 0x1401d0ca8 - RemovePropA
• 0x1401d0cb0 - GetPropA
• 0x1401d0cb8 - SetPropA
• 0x1401d0cc0 - ShowScrollBar
• 0x1401d0cc8 - GetScrollRange
• 0x1401d0cd0 - SetScrollRange
• 0x1401d0cd8 - GetScrollPos
• 0x1401d0ce0 - SetScrollPos
• 0x1401d0ce8 - ScrollWindow
• 0x1401d0cf0 - ValidateRect
• 0x1401d0cf8 - EndPaint
• 0x1401d0d00 - BeginPaint
• 0x1401d0d08 - GetForegroundWindow
• 0x1401d0d10 - UpdateWindow
• 0x1401d0d18 - TrackPopupMenu
• 0x1401d0d20 - GetMenuItemCount
• 0x1401d0d28 - GetMenuItemID
• 0x1401d0d30 - SetMenu
• 0x1401d0d38 - GetMenu
• 0x1401d0d40 - GetCapture
• 0x1401d0d48 - GetKeyState
• 0x1401d0d50 - SetFocus
• 0x1401d0d58 - GetDlgCtrlID
• 0x1401d0d60 - EndDeferWindowPos
• 0x1401d0d68 - DeferWindowPos
• 0x1401d0d70 - BeginDeferWindowPos
• 0x1401d0d78 - SetWindowPlacement
• 0x1401d0d80 - GetWindowPlacement
• 0x1401d0d88 - IsChild
• 0x1401d0d90 - IsMenu
• 0x1401d0d98 - CreateWindowExA
• 0x1401d0da0 - GetClassInfoExA
• 0x1401d0da8 - GetClassInfoA
• 0x1401d0db0 - CopyAcceleratorTableA
• 0x1401d0db8 - InvalidateRgn
• 0x1401d0dc0 - SetRect
• 0x1401d0dc8 - SetClassLongPtrA
• 0x1401d0dd0 - GetUpdateRect
• 0x1401d0dd8 - GetKeyboardLayout
• 0x1401d0de0 - EnableWindow
• 0x1401d0de8 - RegisterClassA
• 0x1401d0df0 - CallWindowProcA
• 0x1401d0df8 - DefWindowProcA
• 0x1401d0e00 - GetMessageTime
• 0x1401d0e08 - GetMessagePos
• 0x1401d0e10 - PeekMessageA
• 0x1401d0e18 - DispatchMessageA
• 0x1401d0e20 - GetDesktopWindow
• 0x1401d0e28 - GetWindowLongA
• 0x1401d0e30 - SetActiveWindow
• 0x1401d0e38 - IsWindowEnabled
• 0x1401d0e40 - GetActiveWindow
• 0x1401d0e48 - GetNextDlgTabItem
• 0x1401d0e50 - GetDlgItem
• 0x1401d0e58 - EndDialog
• 0x1401d0e60 - CreateDialogIndirectParamA
• 0x1401d0e68 - IntersectRect
• 0x1401d0e70 - GetNextDlgGroupItem
• 0x1401d0e78 - MessageBeep
• 0x1401d0e80 - OpenClipboard
• 0x1401d0e88 - CloseClipboard
• 0x1401d0e90 - SetClipboardData
• 0x1401d0e98 - EmptyClipboard
• 0x1401d0ea0 - DestroyIcon
• 0x1401d0ea8 - LoadImageA
• 0x1401d0eb0 - LoadImageW
• 0x1401d0eb8 - SetParent
• 0x1401d0ec0 - MonitorFromPoint
• 0x1401d0ec8 - TrackMouseEvent
• 0x1401d0ed0 - IsZoomed
• 0x1401d0ed8 - CharUpperA
• 0x1401d0ee0 - DestroyWindow
• 0x1401d0ee8 - IsWindow
• 0x1401d0ef0 - GetAsyncKeyState
• 0x1401d0ef8 - NotifyWinEvent
• 0x1401d0f00 - SetCursorPos
• 0x1401d0f08 - UnionRect
• 0x1401d0f10 - BringWindowToTop
• 0x1401d0f18 - CreatePopupMenu
• 0x1401d0f20 - LockWindowUpdate
• 0x1401d0f28 - CharNextA
• 0x1401d0f30 - LoadIconW
• 0x1401d0f38 - GetSystemMenu
• 0x1401d0f40 - AppendMenuA
• 0x1401d0f48 - SendMessageA
• 0x1401d0f50 - SetTimer
• 0x1401d0f58 - IsIconic
• 0x1401d0f60 - GetSystemMetrics
• 0x1401d0f68 - GetClientRect
• 0x1401d0f70 - DrawIcon
• 0x1401d0f78 - LoadIconA
• 0x1401d0f80 - SetForegroundWindow
• 0x1401d0f88 - LoadMenuW
• 0x1401d0f90 - GetSubMenu
• 0x1401d0f98 - GetCursorPos
• 0x1401d0fa0 - KillTimer
• 0x1401d0fa8 - PostThreadMessageA
• 0x1401d0fb0 - UnregisterClassA
• 0x1401d0fb8 - PostMessageA
• 0x1401d0fc0 - PostQuitMessage
• 0x1401d0fc8 - SetWindowPos
• 0x1401d0fd0 - SetWindowContextHelpId
• 0x1401d0fd8 - GetParent
• 0x1401d0fe0 - GetWindow
• 0x1401d0fe8 - MapDialogRect
• 0x1401d0ff0 - RegisterWindowMessageA
• 0x1401d0ff8 - DrawEdge
• 0x1401d1000 - DrawFrameControl
• 0x1401d1008 - IsWindowVisible
• 0x1401d1010 - GetFocus
• 0x1401d1018 - DrawStateA
• 0x1401d1020 - SetWindowRgn
• 0x1401d1028 - RedrawWindow
• 0x1401d1030 - GetWindowRect
• 0x1401d1038 - MapWindowPoints
• 0x1401d1040 - GetSysColor
• 0x1401d1048 - GetSysColorBrush
• 0x1401d1050 - DestroyAcceleratorTable
• 0x1401d1058 - DrawFocusRect
• 0x1401d1060 - FillRect
• 0x1401d1068 - InflateRect
• 0x1401d1070 - OffsetRect
• 0x1401d1078 - IsRectEmpty
• 0x1401d1080 - DrawIconEx
• 0x1401d1088 - GetKeyboardState
• 0x1401d1090 - ToAsciiEx
• 0x1401d1098 - MapVirtualKeyA
• 0x1401d10a0 - LoadAcceleratorsW
• 0x1401d10a8 - CreateAcceleratorTableA
• 0x1401d10b0 - UpdateLayeredWindow
• 0x1401d10b8 - LoadAcceleratorsA
• 0x1401d10c0 - TranslateAcceleratorA
• 0x1401d10c8 - LoadMenuA
• 0x1401d10d0 - InsertMenuItemA
• 0x1401d10d8 - UnpackDDElParam
• 0x1401d10e0 - ReuseDDElParam
• 0x1401d10e8 - RegisterClipboardFormatA
• 0x1401d10f0 - GetKeyNameTextA
• 0x1401d10f8 - SubtractRect
• 0x1401d1100 - CharUpperBuffA
• 0x1401d1108 - FrameRect
• 0x1401d1110 - IsClipboardFormatAvailable
• 0x1401d1118 - IsCharLowerA
• 0x1401d1120 - MapVirtualKeyExA
• 0x1401d1128 - DrawMenuBar
• 0x1401d1130 - DefFrameProcA
• 0x1401d1138 - DefMDIChildProcA
• 0x1401d1140 - TranslateMDISysAccel
• 0x1401d1148 - GetComboBoxInfo
• 0x1401d1150 - CreateMenu
• 0x1401d1158 - HideCaret
• 0x1401d1160 - InvertRect
• 0x1401d1168 - DestroyCursor
• 0x1401d1170 - GetWindowRgn
• 0x1401d1178 - ModifyMenuA
• 0x1401d1180 - SetMenuDefaultItem
• 0x1401d1188 - GetMenuDefaultItem
• 0x1401d1190 - CopyIcon
• 0x1401d1198 - GetIconInfo
• 0x1401d11a0 - GetDoubleClickTime
• 0x1401d11a8 - EnableScrollBar
库 GDI32.dll:
• 0x1401d0070 - GetObjectA
• 0x1401d0078 - BitBlt
• 0x1401d0080 - CreateCompatibleBitmap
• 0x1401d0088 - CreateCompatibleDC
• 0x1401d0090 - CreateDIBitmap
• 0x1401d0098 - CreateFontIndirectA
• 0x1401d00a0 - CreatePen
• 0x1401d00a8 - CreatePatternBrush
• 0x1401d00b0 - DeleteObject
• 0x1401d00b8 - EnumFontFamiliesA
• 0x1401d00c0 - GetDeviceCaps
• 0x1401d00c8 - GetStockObject
• 0x1401d00d0 - GetTextCharsetInfo
• 0x1401d00d8 - CopyMetaFileA
• 0x1401d00e0 - CreateDCA
• 0x1401d00e8 - CreateBitmap
• 0x1401d00f0 - Escape
• 0x1401d00f8 - ExcludeClipRect
• 0x1401d0100 - GetClipBox
• 0x1401d0108 - GetObjectType
• 0x1401d0110 - GetPixel
• 0x1401d0118 - GetViewportExtEx
• 0x1401d0120 - GetWindowExtEx
• 0x1401d0128 - IntersectClipRect
• 0x1401d0130 - LineTo
• 0x1401d0138 - PtVisible
• 0x1401d0140 - RectVisible
• 0x1401d0148 - RestoreDC
• 0x1401d0150 - SaveDC
• 0x1401d0158 - SelectClipRgn
• 0x1401d0160 - ExtSelectClipRgn
• 0x1401d0168 - SelectObject
• 0x1401d0170 - SelectPalette
• 0x1401d0178 - SetBkMode
• 0x1401d0180 - SetMapMode
• 0x1401d0188 - SetLayout
• 0x1401d0190 - GetLayout
• 0x1401d0198 - SetPolyFillMode
• 0x1401d01a0 - SetROP2
• 0x1401d01a8 - SetTextAlign
• 0x1401d01b0 - SetTextColor
• 0x1401d01b8 - TextOutA
• 0x1401d01c0 - SetViewportExtEx
• 0x1401d01c8 - SetViewportOrgEx
• 0x1401d01d0 - SetWindowExtEx
• 0x1401d01d8 - SetWindowOrgEx
• 0x1401d01e0 - OffsetViewportOrgEx
• 0x1401d01e8 - OffsetWindowOrgEx
• 0x1401d01f0 - ScaleViewportExtEx
• 0x1401d01f8 - ScaleWindowExtEx
• 0x1401d0200 - GetRgnBox
• 0x1401d0208 - GetMapMode
• 0x1401d0210 - SetRectRgn
• 0x1401d0218 - DPtoLP
• 0x1401d0220 - RealizePalette
• 0x1401d0228 - SetPixel
• 0x1401d0230 - StretchBlt
• 0x1401d0238 - CreateDIBSection
• 0x1401d0240 - SetDIBColorTable
• 0x1401d0248 - CreateRoundRectRgn
• 0x1401d0250 - Rectangle
• 0x1401d0258 - OffsetRgn
• 0x1401d0260 - RoundRect
• 0x1401d0268 - CreatePalette
• 0x1401d0270 - GetPaletteEntries
• 0x1401d0278 - GetNearestPaletteIndex
• 0x1401d0280 - GetSystemPaletteEntries
• 0x1401d0288 - EnumFontFamiliesExA
• 0x1401d0290 - LPtoDP
• 0x1401d0298 - ExtFloodFill
• 0x1401d02a0 - SetPaletteEntries
• 0x1401d02a8 - FillRgn
• 0x1401d02b0 - FrameRgn
• 0x1401d02b8 - GetBoundsRect
• 0x1401d02c0 - PtInRegion
• 0x1401d02c8 - GetViewportOrgEx
• 0x1401d02d0 - GetWindowOrgEx
• 0x1401d02d8 - SetPixelV
• 0x1401d02e0 - GetTextFaceA
• 0x1401d02e8 - SetBkColor
• 0x1401d02f0 - GetTextMetricsA
• 0x1401d02f8 - Polyline
• 0x1401d0300 - Polygon
• 0x1401d0308 - CreatePolygonRgn
• 0x1401d0310 - ExtTextOutA
• 0x1401d0318 - PatBlt
• 0x1401d0320 - GetTextExtentPoint32A
• 0x1401d0328 - GetBkColor
• 0x1401d0330 - Ellipse
• 0x1401d0338 - CreateSolidBrush
• 0x1401d0340 - CreateRectRgnIndirect
• 0x1401d0348 - CreateRectRgn
• 0x1401d0350 - CreateHatchBrush
• 0x1401d0358 - CreateEllipticRgn
• 0x1401d0360 - CombineRgn
• 0x1401d0368 - MoveToEx
• 0x1401d0370 - GetTextColor
• 0x1401d0378 - DeleteDC
库 MSIMG32.dll:
• 0x1401d0920 - AlphaBlend
• 0x1401d0928 - TransparentBlt
库 WINSPOOL.DRV:
• 0x1401d1230 - OpenPrinterA
• 0x1401d1238 - DocumentPropertiesA
• 0x1401d1240 - ClosePrinter
库 ADVAPI32.dll:
• 0x1401d0000 - RegEnumKeyA
• 0x1401d0008 - RegSetValueExA
• 0x1401d0010 - RegEnumKeyExA
• 0x1401d0018 - RegEnumValueA
• 0x1401d0020 - RegQueryValueA
• 0x1401d0028 - RegOpenKeyExA
• 0x1401d0030 - RegDeleteKeyA
• 0x1401d0038 - RegCreateKeyExA
• 0x1401d0040 - RegQueryValueExA
• 0x1401d0048 - RegDeleteValueA
• 0x1401d0050 - RegCloseKey
库 SHELL32.dll:
• 0x1401d09e0 - Shell_NotifyIconA
• 0x1401d09e8 - SHGetMalloc
• 0x1401d09f0 - SHGetPathFromIDListA
• 0x1401d09f8 - SHGetSpecialFolderLocation
• 0x1401d0a00 - SHBrowseForFolderA
• 0x1401d0a08 - ShellExecuteA
• 0x1401d0a10 - DragFinish
• 0x1401d0a18 - DragQueryFileA
• 0x1401d0a20 - SHGetFileInfoA
• 0x1401d0a28 - SHAppBarMessage
• 0x1401d0a30 - SHGetDesktopFolder
库 COMCTL32.dll:
• 0x1401d0060 - InitCommonControlsEx
库 SHLWAPI.dll:
• 0x1401d0a40 - PathFindFileNameA
• 0x1401d0a48 - PathIsUNCA
• 0x1401d0a50 - PathRemoveFileSpecW
• 0x1401d0a58 - PathStripToRootA
• 0x1401d0a60 - StrFormatKBSizeA
• 0x1401d0a68 - PathFindExtensionA
库 UxTheme.dll:
• 0x1401d11b8 - GetThemePartSize
• 0x1401d11c0 - GetThemeSysColor
• 0x1401d11c8 - OpenThemeData
• 0x1401d11d0 - CloseThemeData
• 0x1401d11d8 - DrawThemeBackground
• 0x1401d11e0 - GetThemeColor
• 0x1401d11e8 - GetCurrentThemeName
• 0x1401d11f0 - DrawThemeParentBackground
• 0x1401d11f8 - GetWindowTheme
• 0x1401d1200 - IsAppThemed
• 0x1401d1208 - DrawThemeText
• 0x1401d1210 - IsThemeBackgroundPartiallyTransparent
库 ole32.dll:
• 0x1401d1390 - CoLockObjectExternal
• 0x1401d1398 - RegisterDragDrop
• 0x1401d13a0 - RevokeDragDrop
• 0x1401d13a8 - OleLockRunning
• 0x1401d13b0 - OleCreateMenuDescriptor
• 0x1401d13b8 - OleDestroyMenuDescriptor
• 0x1401d13c0 - OleTranslateAccelerator
• 0x1401d13c8 - IsAccelerator
• 0x1401d13d0 - CoInitializeEx
• 0x1401d13d8 - CoRevokeClassObject
• 0x1401d13e0 - CoRegisterMessageFilter
• 0x1401d13e8 - DoDragDrop
• 0x1401d13f0 - OleIsCurrentClipboard
• 0x1401d13f8 - OleFlushClipboard
• 0x1401d1400 - OleUninitialize
• 0x1401d1408 - OleInitialize
• 0x1401d1410 - CoFreeUnusedLibraries
• 0x1401d1418 - CoDisconnectObject
• 0x1401d1420 - CreateStreamOnHGlobal
• 0x1401d1428 - StgOpenStorageOnILockBytes
• 0x1401d1430 - StgCreateDocfileOnILockBytes
• 0x1401d1438 - CoGetClassObject
• 0x1401d1440 - ReleaseStgMedium
• 0x1401d1448 - OleDuplicateData
• 0x1401d1450 - CoTaskMemFree
• 0x1401d1458 - CoTaskMemAlloc
• 0x1401d1460 - CLSIDFromProgID
• 0x1401d1468 - CLSIDFromString
• 0x1401d1470 - CoCreateGuid
• 0x1401d1478 - OleRun
• 0x1401d1480 - CoCreateInstance
• 0x1401d1488 - CoUninitialize
• 0x1401d1490 - CoInitialize
• 0x1401d1498 - OleGetClipboard
• 0x1401d14a0 - CreateILockBytesOnHGlobal
库 OLEAUT32.dll:
• 0x1401d0958 - VarBstrFromDate
• 0x1401d0960 - VariantCopy
• 0x1401d0968 - SafeArrayDestroy
• 0x1401d0970 - VariantTimeToSystemTime
• 0x1401d0978 - SystemTimeToVariantTime
• 0x1401d0980 - OleCreateFontIndirect
• 0x1401d0988 - VariantChangeType
• 0x1401d0990 - VariantInit
• 0x1401d0998 - SysAllocStringLen
• 0x1401d09a0 - VariantClear
• 0x1401d09a8 - SysAllocString
• 0x1401d09b0 - SysStringLen
• 0x1401d09b8 - SysAllocStringByteLen
• 0x1401d09c0 - SysFreeString
• 0x1401d09c8 - GetErrorInfo
• 0x1401d09d0 - LoadTypeLib
库 oledlg.dll:
• 0x1401d14b0 - None
库 gdiplus.dll:
• 0x1401d12d8 - GdipCreateBitmapFromHBITMAP
• 0x1401d12e0 - GdipDrawImageI
• 0x1401d12e8 - GdipSetInterpolationMode
• 0x1401d12f0 - GdipBitmapUnlockBits
• 0x1401d12f8 - GdipBitmapLockBits
• 0x1401d1300 - GdipCreateBitmapFromScan0
• 0x1401d1308 - GdipDeleteGraphics
• 0x1401d1310 - GdipCreateFromHDC
• 0x1401d1318 - GdipDrawImageRectI
• 0x1401d1320 - GdiplusShutdown
• 0x1401d1328 - GdipAlloc
• 0x1401d1330 - GdipFree
• 0x1401d1338 - GdiplusStartup
• 0x1401d1340 - GdipCloneImage
• 0x1401d1348 - GdipDisposeImage
• 0x1401d1350 - GdipGetImageGraphicsContext
• 0x1401d1358 - GdipGetImageWidth
• 0x1401d1360 - GdipGetImageHeight
• 0x1401d1368 - GdipGetImagePixelFormat
• 0x1401d1370 - GdipGetImagePalette
• 0x1401d1378 - GdipGetImagePaletteSize
• 0x1401d1380 - GdipCreateBitmapFromStream
库 WS2_32.dll:
• 0x1401d1250 - WSAAsyncSelect
• 0x1401d1258 - WSAGetLastError
• 0x1401d1260 - accept
• 0x1401d1268 - recvfrom
• 0x1401d1270 - closesocket
• 0x1401d1278 - sendto
• 0x1401d1280 - htonl
• 0x1401d1288 - inet_addr
• 0x1401d1290 - htons
• 0x1401d1298 - socket
• 0x1401d12a0 - inet_ntoa
• 0x1401d12a8 - gethostbyname
• 0x1401d12b0 - WSACleanup
• 0x1401d12b8 - WSAStartup
• 0x1401d12c0 - ntohl
• 0x1401d12c8 - bind
库 OLEACC.dll:
• 0x1401d0938 - CreateStdAccessibleObject
• 0x1401d0940 - AccessibleObjectFromWindow
• 0x1401d0948 - LresultFromObject
库 IMM32.dll:
• 0x1401d0388 - ImmReleaseContext
• 0x1401d0390 - ImmGetOpenStatus
• 0x1401d0398 - ImmGetContext
库 WINMM.dll:
• 0x1401d1220 - PlaySoundA
投放文件
行为分析
互斥量(Mutexes)
无信息
执行的命令
无信息
创建的服务
无信息
启动的服务
无信息
进程
AsynSysTime.exe PID: 2584, 上一级进程 PID: 2240
访问的文件
- C:\Windows\Globalization\Sorting\sortdefault.nls
- C:\Users\test\AppData\Local\Temp\AsynSysTime.exe.3.Manifest
- C:\Users\test\AppData\Local\Temp\AsynSysTimeCHS.dll
- C:\Users\test\AppData\Local\Temp\AsynSysTimeCHS.dll.DLL
- C:\Users\test\AppData\Local\Temp\AsynSysTimeENU.dll
- C:\Users\test\AppData\Local\Temp\AsynSysTimeENU.dll.DLL
- C:\Users\test\AppData\Local\Temp\AsynSysTimeLOC.dll
- C:\Users\test\AppData\Local\Temp\AsynSysTimeLOC.dll.DLL
- C:\Users\test\AppData\Local\Temp\config.ini
- C:\Users\test\AppData\Local\Temp\AsynSysTime.exe
- C:\Users
- C:\Users\test
- C:\Users\test\AppData
- C:\Users\test\AppData\Local
- C:\Users\test\AppData\Local\Temp
读取的文件
- C:\Windows\Globalization\Sorting\sortdefault.nls
- C:\Users\test\AppData\Local\Temp\AsynSysTime.exe.3.Manifest
- C:\Users\test\AppData\Local\Temp\config.ini
修改的文件
无信息
删除的文件
无信息
注册表键
- HKEY_CURRENT_USER
- HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
- HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragMinDist
- HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetConnectDisconnect
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsHistory
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hans
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hans
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\AsynSysTime.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
读取的注册表键
- HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragMinDist
- HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetConnectDisconnect
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsHistory
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hans
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hans
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
修改的注册表键
无信息
删除的注册表键
无信息
API解析
- kernel32.dll.InitializeCriticalSectionEx
- kernel32.dll.FlsAlloc
- kernel32.dll.FlsSetValue
- kernel32.dll.FlsGetValue
- kernel32.dll.LCMapStringEx
- kernel32.dll.AreFileApisANSI
- api-ms-win-core-synch-l1-2-0.dll.SleepConditionVariableCS
- api-ms-win-core-synch-l1-2-0.dll.WakeAllConditionVariable
- kernel32.dll.CompareStringEx
- kernel32.dll.SortGetHandle
- kernel32.dll.SortCloseHandle
- kernel32.dll.GetThreadPreferredUILanguages
- kernel32.dll.GetLocaleInfoEx
- cryptbase.dll.SystemFunction036
- kernel32.dll.RegisterApplicationRestart
- ole32.dll.CoGetMalloc
- comctl32.dll.InitCommonControlsEx
- shell32.dll.#66
- ole32.dll.CoTaskMemFree