魔盾安全分析报告
| 分析类型 | 开始时间 | 结束时间 | 持续时间 | 分析引擎版本 |
|---|---|---|---|---|
| FILE | 2018-03-24 10:26:28 | 2018-03-24 10:28:53 | 145 秒 | 1.4-Maldun |
| 虚拟机机器名 | 标签 | 虚拟机管理 | 开机时间 | 关机时间 |
|---|---|---|---|---|
| win7-sp1-x64-shaapp01-5 | win7-sp1-x64-shaapp01-5 | KVM | 2018-03-24 10:26:29 | 2018-03-24 10:28:52 |
| 魔盾分数 |
|---|
0.0正常的 |
文件详细信息
| 文件名 | openvpn.exe |
|---|---|
| 文件大小 | 768736 字节 |
| 文件类型 | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows |
| CRC32 | 3DC44334 |
| MD5 | 61f744f9ee1e542b2f34cb76fba9c916 |
| SHA1 | 4d268145d79a33a9f4ae6d30a0bacc507916249b |
| SHA256 | b0de641b39beea7dc34eb3f6e94289a51b732f70c3c662e2d3e19299c7cb998b |
| SHA512 | 1d4cfc7440bf1a404ac005b6a541b3d43c94963beca347bc044d726b25c13611fbdfac7d4527c117708c542e196b40aa46af9e0f91986765bc306cb962e40c26 |
| Ssdeep | 12288:l1IvrRlT45DrrRH0NInJvhtr0VDIrSQvzjYQBHE:l1IvrRlT45DrrRhJvhtr0VErSKE0HE |
| PEiD | 无匹配 |
| Yara | 无Yara规则匹配 |
| VirusTotal |
VirusTotal链接 VirusTotal扫描时间: 2017-12-17 05:09:05 扫描结果: 1/68 |
特征
样本的签名证书合法
发起了一些HTTP请求
url: http://crt.comodoca.com/COMODORSAAddTrustCA.crt
文件已被至少一个VirusTotal上的反病毒引擎检测为病毒
Rising: Worm.Win32.FTP/BitCoinMiner-Botnet!1.ACDC (CLASSIC)
运行截图
网络分析
访问主机记录
| 直接访问 | IP地址 | 国家名 |
|---|---|---|
| 否 | 104.16.90.188 | United States |
| 否 | 117.18.237.29 | Asia/Pacific Region |
域名解析
| 域名 | 响应 |
|---|---|
| crt.comodoca.com |
A 104.16.92.188
CNAME crt.comodoca.com.cdn.cloudflare.net A 104.16.90.188 A 104.16.91.188 A 104.16.93.188 A 104.16.89.188 |
| ocsp.digicert.com |
CNAME cs9.wac.phicdn.net
A 117.18.237.29 |
TCP连接
| IP地址 | 端口 |
|---|---|
| 104.16.90.188 | 80 |
| 117.18.237.29 | 80 |
| 178.255.83.1 | 80 |
| 178.255.83.1 | 80 |
| 178.255.83.1 | 80 |
| 65.200.22.9 | 80 |
UDP连接
| IP地址 | 端口 |
|---|---|
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
HTTP请求
| URL | HTTP数据 |
|---|---|
| http://crt.comodoca.com/COMODORSAAddTrustCA.crt | GET /COMODORSAAddTrustCA.crt HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: crt.comodoca.com |
| http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1 Cache-Control: max-age = 462303 Connection: Keep-Alive Accept: */* If-Modified-Since: Tue, 30 May 2017 14:10:49 GMT User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.usertrust.com |
| http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEC58h8wOk0pS%2FpT9HLfNNK8%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEC58h8wOk0pS%2FpT9HLfNNK8%3D HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.comodoca.com |
| http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSSdxXdG447ymkRNPVViULv3rkBzQQUKZFg%2F4pN%2Buv5pmq4z%2FnmS71JzhICEQDjB%2Fbx%2BsdCPmwAM2qUEFsX | GET /MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSSdxXdG447ymkRNPVViULv3rkBzQQUKZFg%2F4pN%2Buv5pmq4z%2FnmS71JzhICEQDjB%2Fbx%2BsdCPmwAM2qUEFsX HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.comodoca.com |
| http://crl.microsoft.com/pki/crl/products/tspca.crl | GET /pki/crl/products/tspca.crl HTTP/1.1 Cache-Control: max-age = 900 Connection: Keep-Alive Accept: */* If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT If-None-Match: "8ab194b3d77cf1:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.microsoft.com |
| http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1 Cache-Control: max-age = 172800 Connection: Keep-Alive Accept: */* If-Modified-Since: Sat, 02 Sep 2017 10:30:03 GMT If-None-Match: "59aa882b-1d7" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.digicert.com |
静态分析
PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x00401520 |
| 声明校验值 | 0x000ca077 |
| 实际校验值 | 0x000ca077 |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 1970-01-01 08:00:00 |
| 载入哈希 | 9ab6f31dc079f6071345bfa9d51ae436 |
版本信息
| LegalCopyright: | Copyright \xa9 The OpenVPN Project |
| InternalName: | OpenVPN |
| FileVersion: | 2.3.14.0 |
| CompanyName: | The OpenVPN Project |
| ProductName: | OpenVPN |
| ProductVersion: | 2.3.14.0 |
| FileDescription: | OpenVPN Daemon |
| OriginalFilename: | openvpn.exe |
| Translation: | 0x0409 0x04b0 |
PE数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00082860 | 0x00082a00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_16BYTES | 5.80 |
| .data | 0x00084000 | 0x00000300 | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_32BYTES | 2.09 |
| .rdata | 0x00085000 | 0x000224b0 | 0x00022600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_32BYTES | 5.26 |
| .pdata | 0x000a8000 | 0x00007c74 | 0x00007e00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES | 5.87 |
| .xdata | 0x000b0000 | 0x000076c8 | 0x00007800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES | 3.57 |
| .bss | 0x000b8000 | 0x00007d70 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_32BYTES | 0.00 |
| .idata | 0x000c0000 | 0x00004538 | 0x00004600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES | 4.65 |
| .CRT | 0x000c5000 | 0x00000068 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_8BYTES | 0.28 |
| .tls | 0x000c6000 | 0x00000068 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_32BYTES | 0.21 |
| .rsrc | 0x000c7000 | 0x00000338 | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES | 2.73 |
覆盖
| 偏移量: | 0x000b9c00 |
| 大小: | 0x00001ee0 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| RT_VERSION | 0x000c7058 | 0x000002dc | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.39 | data |
导入
库 LIBEAY32.dll:
• 0x4c0f30 - ASN1_BIT_STRING_free
• 0x4c0f38 - ASN1_BIT_STRING_get_bit
• 0x4c0f40 - ASN1_INTEGER_cmp
• 0x4c0f48 - ASN1_INTEGER_to_BN
• 0x4c0f50 - ASN1_OBJECT_free
• 0x4c0f58 - ASN1_STRING_to_UTF8
• 0x4c0f60 - BIO_ctrl
• 0x4c0f68 - BIO_f_base64
• 0x4c0f70 - BIO_free
• 0x4c0f78 - BIO_free_all
• 0x4c0f80 - BIO_new
• 0x4c0f88 - BIO_new_file
• 0x4c0f90 - BIO_new_mem_buf
• 0x4c0f98 - BIO_push
• 0x4c0fa0 - BIO_read
• 0x4c0fa8 - BIO_s_mem
• 0x4c0fb0 - BIO_test_flags
• 0x4c0fb8 - BIO_write
• 0x4c0fc0 - BN_bn2dec
• 0x4c0fc8 - BN_dup
• 0x4c0fd0 - BN_free
• 0x4c0fd8 - BN_new
• 0x4c0fe0 - BN_num_bits
• 0x4c0fe8 - BN_set_word
• 0x4c0ff0 - CRYPTO_free
• 0x4c0ff8 - DES_check_key_parity
• 0x4c1000 - DES_ecb_encrypt
• 0x4c1008 - DES_is_weak_key
• 0x4c1010 - DES_set_key_unchecked
• 0x4c1018 - DES_set_odd_parity
• 0x4c1020 - DH_free
• 0x4c1028 - DH_size
• 0x4c1030 - ENGINE_by_id
• 0x4c1038 - ENGINE_cleanup
• 0x4c1040 - ENGINE_ctrl_cmd_string
• 0x4c1048 - ENGINE_free
• 0x4c1050 - ENGINE_get_first
• 0x4c1058 - ENGINE_get_id
• 0x4c1060 - ENGINE_get_name
• 0x4c1068 - ENGINE_get_next
• 0x4c1070 - ENGINE_load_builtin_engines
• 0x4c1078 - ENGINE_register_all_complete
• 0x4c1080 - ENGINE_set_default
• 0x4c1088 - ERR_clear_error
• 0x4c1090 - ERR_error_string
• 0x4c1098 - ERR_free_strings
• 0x4c10a0 - ERR_get_error
• 0x4c10a8 - ERR_load_strings
• 0x4c10b0 - ERR_peek_error
• 0x4c10b8 - ERR_put_error
• 0x4c10c0 - EVP_CIPHER_CTX_block_size
• 0x4c10c8 - EVP_CIPHER_CTX_cipher
• 0x4c10d0 - EVP_CIPHER_CTX_cleanup
• 0x4c10d8 - EVP_CIPHER_CTX_flags
• 0x4c10e0 - EVP_CIPHER_CTX_init
• 0x4c10e8 - EVP_CIPHER_CTX_iv_length
• 0x4c10f0 - EVP_CIPHER_CTX_key_length
• 0x4c10f8 - EVP_CIPHER_CTX_set_key_length
• 0x4c1100 - EVP_CIPHER_block_size
• 0x4c1108 - EVP_CIPHER_flags
• 0x4c1110 - EVP_CIPHER_iv_length
• 0x4c1118 - EVP_CIPHER_key_length
• 0x4c1120 - EVP_CIPHER_nid
• 0x4c1128 - EVP_CipherFinal
• 0x4c1130 - EVP_CipherInit
• 0x4c1138 - EVP_CipherUpdate
• 0x4c1140 - EVP_Digest
• 0x4c1148 - EVP_DigestFinal
• 0x4c1150 - EVP_DigestInit
• 0x4c1158 - EVP_DigestUpdate
• 0x4c1160 - EVP_MD_CTX_cleanup
• 0x4c1168 - EVP_MD_CTX_init
• 0x4c1170 - EVP_MD_CTX_md
• 0x4c1178 - EVP_MD_size
• 0x4c1180 - EVP_MD_type
• 0x4c1188 - EVP_PKEY_free
• 0x4c1190 - EVP_cleanup
• 0x4c1198 - EVP_get_cipherbyname
• 0x4c11a0 - EVP_get_digestbyname
• 0x4c11a8 - HMAC_CTX_cleanup
• 0x4c11b0 - HMAC_CTX_init
• 0x4c11b8 - HMAC_Final
• 0x4c11c0 - HMAC_Init_ex
• 0x4c11c8 - HMAC_Update
• 0x4c11d0 - OBJ_nid2sn
• 0x4c11d8 - OBJ_obj2nid
• 0x4c11e0 - OBJ_obj2txt
• 0x4c11e8 - OBJ_txt2nid
• 0x4c11f0 - OPENSSL_add_all_algorithms_noconf
• 0x4c11f8 - PEM_X509_INFO_read_bio
• 0x4c1200 - PEM_read_bio_DHparams
• 0x4c1208 - PEM_read_bio_PrivateKey
• 0x4c1210 - PEM_read_bio_X509
• 0x4c1218 - PEM_read_bio_X509_CRL
• 0x4c1220 - PEM_write_X509
• 0x4c1228 - PKCS12_free
• 0x4c1230 - PKCS12_parse
• 0x4c1238 - RAND_bytes
• 0x4c1240 - RSA_free
• 0x4c1248 - RSA_generate_key_ex
• 0x4c1250 - RSA_new
• 0x4c1258 - RSA_set_method
• 0x4c1260 - RSA_size
• 0x4c1268 - SSLeay_version
• 0x4c1270 - X509V3_EXT_print
• 0x4c1278 - X509_CRL_free
• 0x4c1280 - X509_INFO_free
• 0x4c1288 - X509_LOOKUP_ctrl
• 0x4c1290 - X509_LOOKUP_hash_dir
• 0x4c1298 - X509_NAME_ENTRY_get_data
• 0x4c12a0 - X509_NAME_ENTRY_get_object
• 0x4c12a8 - X509_NAME_cmp
• 0x4c12b0 - X509_NAME_dup
• 0x4c12b8 - X509_NAME_entry_count
• 0x4c12c0 - X509_NAME_get_entry
• 0x4c12c8 - X509_NAME_get_index_by_NID
• 0x4c12d0 - X509_NAME_oneline
• 0x4c12d8 - X509_NAME_print_ex
• 0x4c12e0 - X509_STORE_CTX_get_ex_data
• 0x4c12e8 - X509_STORE_add_cert
• 0x4c12f0 - X509_STORE_add_crl
• 0x4c12f8 - X509_STORE_add_lookup
• 0x4c1300 - X509_STORE_set_flags
• 0x4c1308 - X509_cmp_time
• 0x4c1310 - X509_free
• 0x4c1318 - X509_get_ext
• 0x4c1320 - X509_get_ext_by_NID
• 0x4c1328 - X509_get_ext_d2i
• 0x4c1330 - X509_get_issuer_name
• 0x4c1338 - X509_get_pubkey
• 0x4c1340 - X509_get_serialNumber
• 0x4c1348 - X509_get_subject_name
• 0x4c1350 - X509_verify_cert_error_string
• 0x4c1358 - d2i_PKCS12_bio
• 0x4c1360 - d2i_PKCS12_fp
• 0x4c1368 - d2i_X509
• 0x4c1370 - i2a_ASN1_INTEGER
• 0x4c1378 - sk_find
• 0x4c1380 - sk_new
• 0x4c1388 - sk_num
• 0x4c1390 - sk_pop_free
• 0x4c1398 - sk_push
• 0x4c13a0 - sk_value
库 liblzo2-2.dll:
• 0x4c13b0 - __lzo_init_v2
• 0x4c13b8 - lzo1x_1_15_compress
• 0x4c13c0 - lzo1x_decompress_safe
• 0x4c13c8 - lzo_version_string
库 libpkcs11-helper-1.dll:
• 0x4c13d8 - pkcs11h_addProvider
• 0x4c13e0 - pkcs11h_certificate_create
• 0x4c13e8 - pkcs11h_certificate_deserializeCertificateId
• 0x4c13f0 - pkcs11h_certificate_enumCertificateIds
• 0x4c13f8 - pkcs11h_certificate_freeCertificate
• 0x4c1400 - pkcs11h_certificate_freeCertificateId
• 0x4c1408 - pkcs11h_certificate_freeCertificateIdList
• 0x4c1410 - pkcs11h_certificate_getCertificateBlob
• 0x4c1418 - pkcs11h_certificate_serializeCertificateId
• 0x4c1420 - pkcs11h_engine_setSystem
• 0x4c1428 - pkcs11h_getMessage
• 0x4c1430 - pkcs11h_initialize
• 0x4c1438 - pkcs11h_logout
• 0x4c1440 - pkcs11h_openssl_createSession
• 0x4c1448 - pkcs11h_openssl_freeSession
• 0x4c1450 - pkcs11h_openssl_getX509
• 0x4c1458 - pkcs11h_openssl_session_getEVP
• 0x4c1460 - pkcs11h_openssl_session_getX509
• 0x4c1468 - pkcs11h_setForkMode
• 0x4c1470 - pkcs11h_setLogHook
• 0x4c1478 - pkcs11h_setLogLevel
• 0x4c1480 - pkcs11h_setPINCachePeriod
• 0x4c1488 - pkcs11h_setPINPromptHook
• 0x4c1490 - pkcs11h_setProtectedAuthentication
• 0x4c1498 - pkcs11h_setTokenPromptHook
• 0x4c14a0 - pkcs11h_terminate
库 SSLEAY32.dll:
• 0x4c14b0 - BIO_f_ssl
• 0x4c14b8 - SSL_CIPHER_get_name
• 0x4c14c0 - SSL_CIPHER_get_version
• 0x4c14c8 - SSL_CTX_add_client_CA
• 0x4c14d0 - SSL_CTX_check_private_key
• 0x4c14d8 - SSL_CTX_ctrl
• 0x4c14e0 - SSL_CTX_free
• 0x4c14e8 - SSL_CTX_get0_certificate
• 0x4c14f0 - SSL_CTX_get_cert_store
• 0x4c14f8 - SSL_CTX_new
• 0x4c1500 - SSL_CTX_set_cipher_list
• 0x4c1508 - SSL_CTX_set_client_CA_list
• 0x4c1510 - SSL_CTX_set_default_passwd_cb
• 0x4c1518 - SSL_CTX_set_info_callback
• 0x4c1520 - SSL_CTX_set_tmp_rsa_callback
• 0x4c1528 - SSL_CTX_set_verify
• 0x4c1530 - SSL_CTX_use_PrivateKey
• 0x4c1538 - SSL_CTX_use_RSAPrivateKey
• 0x4c1540 - SSL_CTX_use_certificate
• 0x4c1548 - SSL_free
• 0x4c1550 - SSL_get_cipher_list
• 0x4c1558 - SSL_get_current_cipher
• 0x4c1560 - SSL_get_ex_data
• 0x4c1568 - SSL_get_ex_data_X509_STORE_CTX_idx
• 0x4c1570 - SSL_get_ex_new_index
• 0x4c1578 - SSL_get_peer_certificate
• 0x4c1580 - SSL_get_version
• 0x4c1588 - SSL_library_init
• 0x4c1590 - SSL_load_error_strings
• 0x4c1598 - SSL_new
• 0x4c15a0 - SSL_set_accept_state
• 0x4c15a8 - SSL_set_bio
• 0x4c15b0 - SSL_set_connect_state
• 0x4c15b8 - SSL_set_ex_data
• 0x4c15c0 - SSLv23_client_method
• 0x4c15c8 - SSLv23_method
• 0x4c15d0 - SSLv23_server_method
• 0x4c15d8 - TLSv1_client_method
• 0x4c15e0 - TLSv1_server_method
库 ADVAPI32.dll:
• 0x4c15f0 - CryptCreateHash
• 0x4c15f8 - CryptDestroyHash
• 0x4c1600 - CryptGetHashParam
• 0x4c1608 - CryptReleaseContext
• 0x4c1610 - CryptSetHashParam
• 0x4c1618 - CryptSignHashA
• 0x4c1620 - InitializeSecurityDescriptor
• 0x4c1628 - RegCloseKey
• 0x4c1630 - RegEnumKeyExA
• 0x4c1638 - RegOpenKeyExA
• 0x4c1640 - RegQueryValueExA
• 0x4c1648 - RegQueryValueExW
• 0x4c1650 - SetKernelObjectSecurity
• 0x4c1658 - SetSecurityDescriptorDacl
库 CRYPT32.dll:
• 0x4c1668 - CertCloseStore
• 0x4c1670 - CertFindCertificateInStore
• 0x4c1678 - CertFreeCertificateContext
• 0x4c1680 - CertOpenStore
• 0x4c1688 - CryptAcquireCertificatePrivateKey
库 IPHLPAPI.DLL:
• 0x4c1698 - AddIPAddress
• 0x4c16a0 - CreateIpForwardEntry
• 0x4c16a8 - DeleteIPAddress
• 0x4c16b0 - DeleteIpForwardEntry
• 0x4c16b8 - FlushIpNetTable
• 0x4c16c0 - GetAdapterIndex
• 0x4c16c8 - GetAdaptersInfo
• 0x4c16d0 - GetInterfaceInfo
• 0x4c16d8 - GetIpForwardTable
• 0x4c16e0 - GetPerAdapterInfo
• 0x4c16e8 - IpReleaseAddress
• 0x4c16f0 - IpRenewAddress
库 KERNEL32.dll:
• 0x4c1700 - CancelIo
• 0x4c1708 - CloseHandle
• 0x4c1710 - CreateEventA
• 0x4c1718 - CreateFileA
• 0x4c1720 - CreateFileW
• 0x4c1728 - CreateProcessA
• 0x4c1730 - CreateProcessW
• 0x4c1738 - CreateSemaphoreA
• 0x4c1740 - DeleteCriticalSection
• 0x4c1748 - DeleteFileW
• 0x4c1750 - DeviceIoControl
• 0x4c1758 - EnterCriticalSection
• 0x4c1760 - FormatMessageA
• 0x4c1768 - FormatMessageW
• 0x4c1770 - FreeLibrary
• 0x4c1778 - GetConsoleMode
• 0x4c1780 - GetConsoleTitleA
• 0x4c1788 - GetCurrentProcess
• 0x4c1790 - GetCurrentProcessId
• 0x4c1798 - GetCurrentThreadId
• 0x4c17a0 - GetEnvironmentVariableA
• 0x4c17a8 - GetExitCodeProcess
• 0x4c17b0 - GetFileType
• 0x4c17b8 - GetLastError
• 0x4c17c0 - GetModuleFileNameA
• 0x4c17c8 - GetModuleFileNameW
• 0x4c17d0 - GetNumberOfConsoleInputEvents
• 0x4c17d8 - GetOverlappedResult
• 0x4c17e0 - GetProcAddress
• 0x4c17e8 - GetStartupInfoA
• 0x4c17f0 - GetStartupInfoW
• 0x4c17f8 - GetStdHandle
• 0x4c1800 - GetSystemTimeAsFileTime
• 0x4c1808 - GetTempPathW
• 0x4c1810 - GetTickCount
• 0x4c1818 - GetTimeZoneInformation
• 0x4c1820 - InitializeCriticalSection
• 0x4c1828 - LeaveCriticalSection
• 0x4c1830 - LoadLibraryA
• 0x4c1838 - LoadLibraryW
• 0x4c1840 - LocalFree
• 0x4c1848 - MultiByteToWideChar
• 0x4c1850 - QueryPerformanceCounter
• 0x4c1858 - ReadConsoleInputA
• 0x4c1860 - ReadConsoleW
• 0x4c1868 - ReadFile
• 0x4c1870 - ReleaseSemaphore
• 0x4c1878 - ResetEvent
• 0x4c1880 - RtlAddFunctionTable
• 0x4c1888 - RtlCaptureContext
• 0x4c1890 - RtlLookupFunctionEntry
• 0x4c1898 - RtlVirtualUnwind
• 0x4c18a0 - SetConsoleCtrlHandler
• 0x4c18a8 - SetConsoleMode
• 0x4c18b0 - SetConsoleOutputCP
• 0x4c18b8 - SetConsoleTitleA
• 0x4c18c0 - SetEvent
• 0x4c18c8 - SetFilePointer
• 0x4c18d0 - SetLastError
• 0x4c18d8 - SetUnhandledExceptionFilter
• 0x4c18e0 - Sleep
• 0x4c18e8 - TerminateProcess
• 0x4c18f0 - TlsGetValue
• 0x4c18f8 - UnhandledExceptionFilter
• 0x4c1900 - VerSetConditionMask
• 0x4c1908 - VerifyVersionInfoW
• 0x4c1910 - VirtualProtect
• 0x4c1918 - VirtualQuery
• 0x4c1920 - WaitForSingleObject
• 0x4c1928 - WideCharToMultiByte
• 0x4c1930 - WriteConsoleInputA
• 0x4c1938 - WriteFile
库 msvcrt.dll:
• 0x4c1948 - __C_specific_handler
• 0x4c1950 - __dllonexit
• 0x4c1958 - __iob_func
• 0x4c1960 - __lconv_init
• 0x4c1968 - __set_app_type
• 0x4c1970 - __setusermatherr
• 0x4c1978 - __wgetmainargs
• 0x4c1980 - __winitenv
• 0x4c1988 - _amsg_exit
• 0x4c1990 - _cexit
• 0x4c1998 - _chsize
• 0x4c19a0 - _dup2
• 0x4c19a8 - _errno
• 0x4c19b0 - _exit
• 0x4c19b8 - _fdopen
• 0x4c19c0 - _fmode
• 0x4c19c8 - _initterm
• 0x4c19d0 - _lock
• 0x4c19d8 - _onexit
• 0x4c19e0 - _open_osfhandle
• 0x4c19e8 - _snwprintf
• 0x4c19f0 - _stricmp
• 0x4c19f8 - _unlock
• 0x4c1a00 - _vsnprintf
• 0x4c1a08 - _waccess
• 0x4c1a10 - _wchdir
• 0x4c1a18 - _wcmdln
• 0x4c1a20 - _wfopen
• 0x4c1a28 - _wopen
• 0x4c1a30 - abort
• 0x4c1a38 - atoi
• 0x4c1a40 - calloc
• 0x4c1a48 - ctime
• 0x4c1a50 - exit
• 0x4c1a58 - fclose
• 0x4c1a60 - fflush
• 0x4c1a68 - fgets
• 0x4c1a70 - fopen
• 0x4c1a78 - fprintf
• 0x4c1a80 - fputc
• 0x4c1a88 - free
• 0x4c1a90 - fwprintf
• 0x4c1a98 - fwrite
• 0x4c1aa0 - isalnum
• 0x4c1aa8 - isalpha
• 0x4c1ab0 - iscntrl
• 0x4c1ab8 - isprint
• 0x4c1ac0 - ispunct
• 0x4c1ac8 - isspace
• 0x4c1ad0 - isxdigit
• 0x4c1ad8 - malloc
• 0x4c1ae0 - mbstowcs
• 0x4c1ae8 - memcmp
• 0x4c1af0 - memcpy
• 0x4c1af8 - memmove
• 0x4c1b00 - memset
• 0x4c1b08 - printf
• 0x4c1b10 - putchar
• 0x4c1b18 - puts
• 0x4c1b20 - qsort
• 0x4c1b28 - raise
• 0x4c1b30 - rand
• 0x4c1b38 - realloc
• 0x4c1b40 - setlocale
• 0x4c1b48 - signal
• 0x4c1b50 - srand
• 0x4c1b58 - sscanf
• 0x4c1b60 - strcat
• 0x4c1b68 - strchr
• 0x4c1b70 - strcmp
• 0x4c1b78 - strcpy
• 0x4c1b80 - strcspn
• 0x4c1b88 - strerror
• 0x4c1b90 - strlen
• 0x4c1b98 - strncmp
• 0x4c1ba0 - strncpy
• 0x4c1ba8 - strrchr
• 0x4c1bb0 - strstr
• 0x4c1bb8 - strtol
• 0x4c1bc0 - tolower
• 0x4c1bc8 - toupper
• 0x4c1bd0 - vfprintf
• 0x4c1bd8 - wcscpy
• 0x4c1be0 - wcstombs
• 0x4c1be8 - _time64
• 0x4c1bf0 - _wstat64
• 0x4c1bf8 - _write
• 0x4c1c00 - _strdup
• 0x4c1c08 - _read
• 0x4c1c10 - _open
• 0x4c1c18 - _lseek
• 0x4c1c20 - _dup2
• 0x4c1c28 - _dup
• 0x4c1c30 - _close
库 USER32.dll:
• 0x4c1c40 - MessageBoxW
库 WS2_32.dll:
• 0x4c1c50 - WSAAddressToStringA
• 0x4c1c58 - WSACleanup
• 0x4c1c60 - WSAEnumNetworkEvents
• 0x4c1c68 - WSAEventSelect
• 0x4c1c70 - WSAGetLastError
• 0x4c1c78 - WSAGetOverlappedResult
• 0x4c1c80 - WSARecv
• 0x4c1c88 - WSARecvFrom
• 0x4c1c90 - WSASend
• 0x4c1c98 - WSASendTo
• 0x4c1ca0 - WSASetLastError
• 0x4c1ca8 - WSAStartup
• 0x4c1cb0 - WSAStringToAddressA
• 0x4c1cb8 - WSAWaitForMultipleEvents
• 0x4c1cc0 - accept
• 0x4c1cc8 - bind
• 0x4c1cd0 - closesocket
• 0x4c1cd8 - connect
• 0x4c1ce0 - freeaddrinfo
• 0x4c1ce8 - getaddrinfo
• 0x4c1cf0 - getnameinfo
• 0x4c1cf8 - getsockname
• 0x4c1d00 - getsockopt
• 0x4c1d08 - htonl
• 0x4c1d10 - htons
• 0x4c1d18 - inet_ntoa
• 0x4c1d20 - ioctlsocket
• 0x4c1d28 - listen
• 0x4c1d30 - ntohl
• 0x4c1d38 - ntohs
• 0x4c1d40 - recv
• 0x4c1d48 - select
• 0x4c1d50 - send
• 0x4c1d58 - setsockopt
• 0x4c1d60 - socket
投放文件
行为分析
互斥量(Mutexes)
无信息
执行的命令
无信息
创建的服务
无信息
启动的服务
无信息
进程
访问的文件
无信息
读取的文件
无信息
修改的文件
无信息
删除的文件
无信息
注册表键
无信息
读取的注册表键
无信息
修改的注册表键
无信息
删除的注册表键
无信息
API解析
无信息