恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-shaapp03-1	2021-02-12 23:17:44	2021-02-12 23:18:19	35 秒

魔盾分数

4.8415

可疑的

文件详细信息

文件名	奉天方框自瞄.exe
文件大小	4218880 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	cb0b9a5bc1c76031f1e84d2941e7cb77
SHA1	62929b6e48c27286131f9c7d86b3a6de4e4a690a
SHA256	80c66970dfaa3d4f87850f465c1475b39d38f4f34bda0d274bbca2956b0fb377
SHA512	00b4e31e4d0be9683292f9b040b69457d054b3760155519e820d0213fac87ef4ef52f5bc7d7d00caa8bf223bb9f4740c0e1903d0a8cec8e2a60933ac17947d6f
CRC32	068FB5A2
Ssdeep	49152:jeUzEoAZqcxFd8ID5q9HaZx6BV47fFzmo0YM3QqFU1zQlSGv03lE:LcxFGID5qdsxW47fF1q/4Gs3lE
Yara	登录查看Yara规则
	样本下载提交漏报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
yuhuan6.lanzoux.com	A 221.228.218.144 CNAME 088af02c.lanzoux.com.cdn.dnsv1.com CNAME 4036504.slego.tcloudscdn.com
www.lanzoux.com
vip.d0.baidupan.com	A 47.98.88.99
lanzoui.com	CNAME lanzoui.com.w.kunlunca.com A 61.184.215.173
acroipm.adobe.com	CNAME acroipm.adobe.com.edgesuite.net A 23.218.94.163 CNAME a1983.dscd.akamai.net A 23.218.94.155

摘要

登录查看详细行为信息

PE 信息

初始地址	0x00400000
入口地址	0x004ad85f
声明校验值	0x00000000
实际校验值	0x00412e23
最低操作系统版本要求	4.0
编译时间	2021-02-12 23:15:09
载入哈希	1e448f30f3cc377e799b1ae85d638b60
图标
图标精确哈希值	5c79440665d2fdca47f07c3f4042f340
图标相似性哈希值	e24a4c9bfdd099f9e8aa05b33a30eb03

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x000cc0a2	0x000cd000	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.62
.rdata	0x000ce000	0x002faace	0x002fb000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	6.80
.data	0x003c9000	0x0005c4ca	0x00021000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	5.03
.rsrc	0x00426000	0x0001b8a8	0x0001c000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	3.37

资源

名称	偏移量	大小	语言	子语言	熵(Entropy)	文件类型
TEXTINCLUDE	0x00427b88	0x00000151	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.25	C source, ASCII text, with CRLF line terminators
TEXTINCLUDE	0x00427b88	0x00000151	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.25	C source, ASCII text, with CRLF line terminators
TEXTINCLUDE	0x00427b88	0x00000151	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.25	C source, ASCII text, with CRLF line terminators
RT_CURSOR	0x00429818	0x000000b4	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.74	data
RT_CURSOR	0x00429818	0x000000b4	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.74	data
RT_CURSOR	0x00429818	0x000000b4	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.74	data
RT_CURSOR	0x00429818	0x000000b4	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.74	data
RT_BITMAP	0x0042a1f0	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0042a1f0	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0042a1f0	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0042a1f0	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0042a1f0	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0042a1f0	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0042a1f0	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0042a1f0	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0042a1f0	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0042a1f0	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0042a1f0	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0042a1f0	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0042a1f0	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x0042a1f0	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_ICON	0x004411d8	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.79	GLS_BINARY_LSB_FIRST
RT_ICON	0x004411d8	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.79	GLS_BINARY_LSB_FIRST
RT_ICON	0x004411d8	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.79	GLS_BINARY_LSB_FIRST
RT_ICON	0x004411d8	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.79	GLS_BINARY_LSB_FIRST
RT_ICON	0x004411d8	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.79	GLS_BINARY_LSB_FIRST
RT_ICON	0x004411d8	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.79	GLS_BINARY_LSB_FIRST
RT_ICON	0x004411d8	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.79	GLS_BINARY_LSB_FIRST
RT_ICON	0x004411d8	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.79	GLS_BINARY_LSB_FIRST
RT_ICON	0x004411d8	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.79	GLS_BINARY_LSB_FIRST
RT_ICON	0x004411d8	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.79	GLS_BINARY_LSB_FIRST
RT_ICON	0x004411d8	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.79	GLS_BINARY_LSB_FIRST
RT_ICON	0x004411d8	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.79	GLS_BINARY_LSB_FIRST
RT_MENU	0x004291b8	0x00000284	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.28	data
RT_MENU	0x004291b8	0x00000284	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.28	data
RT_DIALOG	0x00428d00	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x00428d00	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x00428d00	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x00428d00	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x00428d00	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x00428d00	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x00428d00	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x00428d00	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x00428d00	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x00428d00	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_STRING	0x0042ac08	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x0042ac08	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x0042ac08	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x0042ac08	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x0042ac08	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x0042ac08	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x0042ac08	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x0042ac08	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x0042ac08	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x0042ac08	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x0042ac08	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_GROUP_CURSOR	0x004298d0	0x00000022	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.25	MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR	0x004298d0	0x00000022	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.25	MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR	0x004298d0	0x00000022	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.25	MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON	0x00428108	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.02	MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON	0x00428108	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.02	MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON	0x00428108	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.02	MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_MANIFEST	0x004416d8	0x000001cd	LANG_NEUTRAL	SUBLANG_NEUTRAL	5.08	XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: WINMM.dll:

• 0x4ce68c midiStreamOut

• 0x4ce690 midiOutPrepareHeader

• 0x4ce694 waveOutUnprepareHeader

• 0x4ce698 waveOutPrepareHeader

• 0x4ce69c waveOutWrite

• 0x4ce6a0 waveOutPause

• 0x4ce6a4 waveOutReset

• 0x4ce6a8 waveOutClose

• 0x4ce6ac waveOutGetNumDevs

• 0x4ce6b0 midiStreamStop

• 0x4ce6b4 midiOutReset

• 0x4ce6b8 midiStreamClose

• 0x4ce6bc midiStreamRestart

• 0x4ce6c0 waveOutOpen

• 0x4ce6c4 midiOutUnprepareHeader

• 0x4ce6c8 midiStreamOpen

• 0x4ce6cc midiStreamProperty

• 0x4ce6d0 waveOutRestart

库: WS2_32.dll:

• 0x4ce6e8 WSACleanup

• 0x4ce6ec inet_ntoa

• 0x4ce6f0 closesocket

• 0x4ce6f4 getpeername

• 0x4ce6f8 accept

• 0x4ce6fc ntohl

• 0x4ce700 WSAAsyncSelect

• 0x4ce704 recvfrom

• 0x4ce708 ioctlsocket

• 0x4ce70c recv

库: KERNEL32.dll:

• 0x4ce178 SetLastError

• 0x4ce17c GetTimeZoneInformation

• 0x4ce180 GetVersion

• 0x4ce184 TerminateThread

• 0x4ce188 CreateMutexA

• 0x4ce18c ReleaseMutex

• 0x4ce190 SuspendThread

• 0x4ce194 InterlockedIncrement

• 0x4ce198 InterlockedDecrement

• 0x4ce19c TerminateProcess

• 0x4ce1a0 GetSystemInfo

• 0x4ce1a4 IsProcessorFeaturePresent

• 0x4ce1a8 lstrcmpiA

• 0x4ce1ac UnhandledExceptionFilter

• 0x4ce1b0 GetACP

• 0x4ce1b4 HeapSize

• 0x4ce1b8 RaiseException

• 0x4ce1bc GetLocalTime

• 0x4ce1c0 GetSystemTime

• 0x4ce1c4 RtlUnwind

• 0x4ce1c8 GetStartupInfoA

• 0x4ce1cc GetOEMCP

• 0x4ce1d0 GetCPInfo

• 0x4ce1d4 GetProcessVersion

• 0x4ce1d8 SetErrorMode

• 0x4ce1dc GlobalFlags

• 0x4ce1e0 GetCurrentThread

• 0x4ce1e4 GetFileTime

• 0x4ce1e8 TlsGetValue

• 0x4ce1ec LocalReAlloc

• 0x4ce1f0 TlsSetValue

• 0x4ce1f4 TlsFree

• 0x4ce1f8 GlobalHandle

• 0x4ce1fc TlsAlloc

• 0x4ce200 LocalAlloc

• 0x4ce204 lstrcmpA

• 0x4ce208 GlobalGetAtomNameA

• 0x4ce20c GlobalAddAtomA

• 0x4ce210 GlobalFindAtomA

• 0x4ce214 GlobalDeleteAtom

• 0x4ce218 SetEndOfFile

• 0x4ce21c UnlockFile

• 0x4ce220 LockFile

• 0x4ce224 FlushFileBuffers

• 0x4ce228 DuplicateHandle

• 0x4ce22c lstrcpynA

• 0x4ce230 FileTimeToLocalFileTime

• 0x4ce234 FileTimeToSystemTime

• 0x4ce238 LocalFree

• 0x4ce23c GetFileSize

• 0x4ce240 SetFilePointer

• 0x4ce244 WideCharToMultiByte

• 0x4ce248 MultiByteToWideChar

• 0x4ce24c GetCurrentProcess

• 0x4ce250 GetWindowsDirectoryA

• 0x4ce254 GetSystemDirectoryA

• 0x4ce258 CreateSemaphoreA

• 0x4ce25c ResumeThread

• 0x4ce260 ReleaseSemaphore

• 0x4ce264 EnterCriticalSection

• 0x4ce268 LeaveCriticalSection

• 0x4ce26c GetProfileStringA

• 0x4ce270 WriteFile

• 0x4ce274 ReadFile

• 0x4ce278 WaitForMultipleObjects

• 0x4ce27c CreateFileA

• 0x4ce280 SetEvent

• 0x4ce284 FindResourceA

• 0x4ce288 LoadResource

• 0x4ce28c LockResource

• 0x4ce290 lstrlenW

• 0x4ce294 RemoveDirectoryA

• 0x4ce298 GetModuleFileNameA

• 0x4ce29c GetCurrentThreadId

• 0x4ce2a0 ExitProcess

• 0x4ce2a4 GlobalSize

• 0x4ce2a8 GlobalFree

• 0x4ce2ac DeleteCriticalSection

• 0x4ce2b0 InitializeCriticalSection

• 0x4ce2b4 lstrcatA

• 0x4ce2b8 lstrlenA

• 0x4ce2bc WinExec

• 0x4ce2c0 lstrcpyA

• 0x4ce2c4 FindNextFileA

• 0x4ce2c8 InterlockedExchange

• 0x4ce2cc GlobalReAlloc

• 0x4ce2d0 HeapFree

• 0x4ce2d4 HeapReAlloc

• 0x4ce2d8 GetProcessHeap

• 0x4ce2dc HeapAlloc

• 0x4ce2e0 GetUserDefaultLCID

• 0x4ce2e4 GetFullPathNameA

• 0x4ce2e8 FreeLibrary

• 0x4ce2ec LoadLibraryA

• 0x4ce2f0 GetLastError

• 0x4ce2f4 GetVersionExA

• 0x4ce2f8 WritePrivateProfileStringA

• 0x4ce2fc CreateThread

• 0x4ce300 CreateEventA

• 0x4ce304 Sleep

• 0x4ce308 GlobalAlloc

• 0x4ce30c GlobalLock

• 0x4ce310 GlobalUnlock

• 0x4ce314 GetTempPathA

• 0x4ce318 FindFirstFileA

• 0x4ce31c FindClose

• 0x4ce320 SetFileAttributesA

• 0x4ce324 GetFileAttributesA

• 0x4ce328 MoveFileA

• 0x4ce32c DeleteFileA

• 0x4ce330 CopyFileA

• 0x4ce334 CreateDirectoryA

• 0x4ce338 SetCurrentDirectoryA

• 0x4ce33c GetVolumeInformationA

• 0x4ce340 GetModuleHandleA

• 0x4ce344 GetProcAddress

• 0x4ce348 MulDiv

• 0x4ce34c GetCommandLineA

• 0x4ce350 GetTickCount

• 0x4ce354 CreateProcessA

• 0x4ce358 WaitForSingleObject

• 0x4ce35c CloseHandle

• 0x4ce360 FreeEnvironmentStringsA

• 0x4ce364 FreeEnvironmentStringsW

• 0x4ce368 GetEnvironmentStrings

• 0x4ce36c GetEnvironmentStringsW

• 0x4ce370 SetHandleCount

• 0x4ce374 GetStdHandle

• 0x4ce378 GetFileType

• 0x4ce37c GetEnvironmentVariableA

• 0x4ce380 HeapDestroy

• 0x4ce384 HeapCreate

• 0x4ce388 VirtualFree

• 0x4ce38c SetEnvironmentVariableA

• 0x4ce390 LCMapStringA

• 0x4ce394 LCMapStringW

• 0x4ce398 VirtualAlloc

• 0x4ce39c IsBadWritePtr

• 0x4ce3a0 SetUnhandledExceptionFilter

• 0x4ce3a4 GetStringTypeA

• 0x4ce3a8 GetStringTypeW

• 0x4ce3ac CompareStringA

• 0x4ce3b0 CompareStringW

• 0x4ce3b4 IsBadReadPtr

• 0x4ce3b8 IsBadCodePtr

• 0x4ce3bc SetStdHandle

库: USER32.dll:

• 0x4ce424 GetMessagePos

• 0x4ce428 SetWindowRgn

• 0x4ce42c DestroyAcceleratorTable

• 0x4ce430 GetWindow

• 0x4ce434 GetActiveWindow

• 0x4ce438 SetFocus

• 0x4ce43c IsIconic

• 0x4ce440 PeekMessageA

• 0x4ce444 SetMenu

• 0x4ce448 GetMenu

• 0x4ce44c ScreenToClient

• 0x4ce450 ChildWindowFromPointEx

• 0x4ce454 CopyRect

• 0x4ce458 LoadBitmapA

• 0x4ce45c WinHelpA

• 0x4ce460 KillTimer

• 0x4ce464 SetTimer

• 0x4ce468 ReleaseCapture

• 0x4ce46c GetKeyState

• 0x4ce470 DefWindowProcA

• 0x4ce474 GetClassInfoA

• 0x4ce478 LoadImageA

• 0x4ce47c EnumDisplaySettingsA

• 0x4ce480 ClientToScreen

• 0x4ce484 EnableMenuItem

• 0x4ce488 GetSubMenu

• 0x4ce48c GetDlgCtrlID

• 0x4ce490 IsZoomed

• 0x4ce494 PostQuitMessage

• 0x4ce498 CopyAcceleratorTableA

• 0x4ce49c TranslateAcceleratorA

• 0x4ce4a0 IsWindowEnabled

• 0x4ce4a4 ShowWindow

• 0x4ce4a8 SystemParametersInfoA

• 0x4ce4ac CreateMenu

• 0x4ce4b0 ModifyMenuA

• 0x4ce4b4 AppendMenuA

• 0x4ce4b8 CreatePopupMenu

• 0x4ce4bc GetCapture

• 0x4ce4c0 SetCapture

• 0x4ce4c4 GetScrollRange

• 0x4ce4c8 SetScrollRange

• 0x4ce4cc SetScrollPos

• 0x4ce4d0 SetRect

• 0x4ce4d4 InflateRect

• 0x4ce4d8 IntersectRect

• 0x4ce4dc DestroyIcon

• 0x4ce4e0 PtInRect

• 0x4ce4e4 OffsetRect

• 0x4ce4e8 IsWindowVisible

• 0x4ce4ec EnableWindow

• 0x4ce4f0 GetSysColorBrush

• 0x4ce4f4 LoadStringA

• 0x4ce4f8 RedrawWindow

• 0x4ce4fc GetWindowLongA

• 0x4ce500 SetWindowLongA

• 0x4ce504 GetSysColor

• 0x4ce508 SetActiveWindow

• 0x4ce50c SetCursorPos

• 0x4ce510 LoadCursorA

• 0x4ce514 SetCursor

• 0x4ce518 GetDC

• 0x4ce51c FillRect

• 0x4ce520 IsRectEmpty

• 0x4ce524 ReleaseDC

• 0x4ce528 IsChild

• 0x4ce52c DestroyMenu

• 0x4ce530 SetForegroundWindow

• 0x4ce534 GetWindowRect

• 0x4ce538 EqualRect

• 0x4ce53c UpdateWindow

• 0x4ce540 ValidateRect

• 0x4ce544 InvalidateRect

• 0x4ce548 GetClientRect

• 0x4ce54c GetFocus

• 0x4ce550 GetParent

• 0x4ce554 GetTopWindow

• 0x4ce558 PostMessageA

• 0x4ce55c IsWindow

• 0x4ce560 SetParent

• 0x4ce564 DestroyCursor

• 0x4ce568 SendMessageA

• 0x4ce56c SetWindowPos

• 0x4ce570 MessageBoxA

• 0x4ce574 GetCursorPos

• 0x4ce578 GetSystemMetrics

• 0x4ce57c EmptyClipboard

• 0x4ce580 SetClipboardData

• 0x4ce584 OpenClipboard

• 0x4ce588 GetClipboardData

• 0x4ce58c CloseClipboard

• 0x4ce590 wsprintfA

• 0x4ce594 WaitForInputIdle

• 0x4ce598 DrawIconEx

• 0x4ce59c CreateIconFromResource

• 0x4ce5a0 CreateIconFromResourceEx

• 0x4ce5a4 RegisterClipboardFormatA

• 0x4ce5a8 SetRectEmpty

• 0x4ce5ac DispatchMessageA

• 0x4ce5b0 GetMessageA

• 0x4ce5b4 WindowFromPoint

• 0x4ce5b8 DrawFocusRect

• 0x4ce5bc DrawEdge

• 0x4ce5c0 DrawFrameControl

• 0x4ce5c4 LoadIconA

• 0x4ce5c8 TranslateMessage

• 0x4ce5cc GetForegroundWindow

• 0x4ce5d0 GetDesktopWindow

• 0x4ce5d4 GetClassNameA

• 0x4ce5d8 GetDlgItem

• 0x4ce5dc GetWindowTextA

• 0x4ce5e0 UnregisterClassA

• 0x4ce5e4 CreateAcceleratorTableA

• 0x4ce5e8 GetWindowTextLengthA

• 0x4ce5ec CharUpperA

• 0x4ce5f0 GetWindowDC

• 0x4ce5f4 BeginPaint

• 0x4ce5f8 EndPaint

• 0x4ce5fc TabbedTextOutA

• 0x4ce600 DrawTextA

• 0x4ce604 GrayStringA

• 0x4ce608 DestroyWindow

• 0x4ce60c CreateDialogIndirectParamA

• 0x4ce610 EndDialog

• 0x4ce614 GetNextDlgTabItem

• 0x4ce618 GetWindowPlacement

• 0x4ce61c RegisterWindowMessageA

• 0x4ce620 GetLastActivePopup

• 0x4ce624 GetMessageTime

• 0x4ce628 RemovePropA

• 0x4ce62c CallWindowProcA

• 0x4ce630 GetPropA

• 0x4ce634 UnhookWindowsHookEx

• 0x4ce638 SetPropA

• 0x4ce63c GetClassLongA

• 0x4ce640 CallNextHookEx

• 0x4ce644 SetWindowsHookExA

• 0x4ce648 CreateWindowExA

• 0x4ce64c GetMenuItemID

• 0x4ce650 GetMenuItemCount

• 0x4ce654 RegisterClassA

• 0x4ce658 GetScrollPos

• 0x4ce65c AdjustWindowRectEx

• 0x4ce660 MapWindowPoints

• 0x4ce664 SendDlgItemMessageA

• 0x4ce668 ScrollWindowEx

• 0x4ce66c IsDialogMessageA

• 0x4ce670 SetWindowTextA

• 0x4ce674 MoveWindow

• 0x4ce678 CheckMenuItem

• 0x4ce67c SetMenuItemBitmaps

• 0x4ce680 GetMenuState

• 0x4ce684 GetMenuCheckMarkDimensions

库: GDI32.dll:

• 0x4ce02c Escape

• 0x4ce030 ExtTextOutA

• 0x4ce034 TextOutA

• 0x4ce038 RectVisible

• 0x4ce03c PtVisible

• 0x4ce040 GetViewportExtEx

• 0x4ce044 ExtSelectClipRgn

• 0x4ce048 CreateCompatibleDC

• 0x4ce04c Ellipse

• 0x4ce050 Rectangle

• 0x4ce054 LPtoDP

• 0x4ce058 DPtoLP

• 0x4ce05c GetCurrentObject

• 0x4ce060 RoundRect

• 0x4ce064 GetTextExtentPoint32A

• 0x4ce068 GetTextMetricsA

• 0x4ce06c CreatePalette

• 0x4ce070 GetSystemPaletteEntries

• 0x4ce074 CreateDIBitmap

• 0x4ce078 DeleteObject

• 0x4ce07c SelectClipRgn

• 0x4ce080 CreatePolygonRgn

• 0x4ce084 GetClipRgn

• 0x4ce088 SetStretchBltMode

• 0x4ce08c CreateRectRgnIndirect

• 0x4ce090 SetBkColor

• 0x4ce094 LineTo

• 0x4ce098 MoveToEx

• 0x4ce09c ExcludeClipRect

• 0x4ce0a0 GetClipBox

• 0x4ce0a4 ScaleWindowExtEx

• 0x4ce0a8 SetWindowExtEx

• 0x4ce0ac SetWindowOrgEx

• 0x4ce0b0 ScaleViewportExtEx

• 0x4ce0b4 SetViewportExtEx

• 0x4ce0b8 BitBlt

• 0x4ce0bc StartPage

• 0x4ce0c0 StartDocA

• 0x4ce0c4 DeleteDC

• 0x4ce0c8 EndDoc

• 0x4ce0cc EndPage

• 0x4ce0d0 GetObjectA

• 0x4ce0d4 GetStockObject

• 0x4ce0d8 CreateFontIndirectA

• 0x4ce0dc CreateSolidBrush

• 0x4ce0e0 FillRgn

• 0x4ce0e4 CreateRectRgn

• 0x4ce0e8 CombineRgn

• 0x4ce0ec PatBlt

• 0x4ce0f0 CreatePen

• 0x4ce0f4 SelectObject

• 0x4ce0f8 CreateBitmap

• 0x4ce0fc CreateDCA

• 0x4ce100 CreateCompatibleBitmap

• 0x4ce104 GetPolyFillMode

• 0x4ce108 GetStretchBltMode

• 0x4ce10c GetROP2

• 0x4ce110 GetBkColor

• 0x4ce114 GetBkMode

• 0x4ce118 GetTextColor

• 0x4ce11c OffsetViewportOrgEx

• 0x4ce120 SetViewportOrgEx

• 0x4ce124 SetMapMode

• 0x4ce128 SetTextColor

• 0x4ce12c SetROP2

• 0x4ce130 SetPolyFillMode

• 0x4ce134 SetBkMode

• 0x4ce138 RestoreDC

• 0x4ce13c GetWindowOrgEx

• 0x4ce140 GetViewportOrgEx

• 0x4ce144 GetWindowExtEx

• 0x4ce148 CreateRoundRectRgn

• 0x4ce14c CreateEllipticRgn

• 0x4ce150 PathToRegion

• 0x4ce154 StretchBlt

• 0x4ce158 BeginPath

• 0x4ce15c GetDIBits

• 0x4ce160 RealizePalette

• 0x4ce164 GetDeviceCaps

• 0x4ce168 EndPath

• 0x4ce16c SaveDC

• 0x4ce170 SelectPalette

库: WINSPOOL.DRV:

• 0x4ce6d8 OpenPrinterA

• 0x4ce6dc DocumentPropertiesA

• 0x4ce6e0 ClosePrinter

库: ADVAPI32.dll:

• 0x4ce000 RegQueryValueExA

• 0x4ce004 RegOpenKeyExA

• 0x4ce008 RegSetValueExA

• 0x4ce00c RegQueryValueA

• 0x4ce010 RegCreateKeyExA

• 0x4ce014 RegOpenKeyA

• 0x4ce018 RegCloseKey

库: SHELL32.dll:

• 0x4ce414 ShellExecuteA

• 0x4ce418 Shell_NotifyIconA

• 0x4ce41c SHGetSpecialFolderPathA

库: ole32.dll:

• 0x4ce728 CLSIDFromProgID

• 0x4ce72c OleRun

• 0x4ce730 CoCreateInstance

• 0x4ce734 CLSIDFromString

• 0x4ce738 OleUninitialize

• 0x4ce73c OleInitialize

库: OLEAUT32.dll:

• 0x4ce3c4 VariantChangeType

• 0x4ce3c8 VariantClear

• 0x4ce3cc VariantCopy

• 0x4ce3d0 SafeArrayGetUBound

• 0x4ce3d4 SafeArrayGetLBound

• 0x4ce3d8 UnRegisterTypeLib

• 0x4ce3dc SafeArrayGetDim

• 0x4ce3e0 LoadTypeLib

• 0x4ce3e4 LHashValOfNameSys

• 0x4ce3e8 RegisterTypeLib

• 0x4ce3ec SafeArrayPutElement

• 0x4ce3f0 SafeArrayCreate

• 0x4ce3f4 SafeArrayDestroy

• 0x4ce3f8 SysAllocString

• 0x4ce3fc VariantInit

• 0x4ce400 VariantCopyInd

• 0x4ce404 SafeArrayGetElement

• 0x4ce408 SafeArrayAccessData

• 0x4ce40c SafeArrayUnaccessData

库: COMCTL32.dll:

• 0x4ce020 None

• 0x4ce024 ImageList_Destroy

库: comdlg32.dll:

• 0x4ce714 ChooseColorA

• 0x4ce718 GetFileTitleA

• 0x4ce71c GetSaveFileNameA

• 0x4ce720 GetOpenFileNameA

.text
`.rdata
@.data
.rsrc
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
SEBEGN
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
SEENDP
VMProtect end
Lh#yY

没有防病毒引擎扫描信息!

进程树

__________________.exe id: 2492

搜索
__________________.exe (2492)

__________________.exe, PID: 2492, 上一级进程 PID: 2184

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	221.228.218.144 yuhuan6.lanzoux.com	443
192.168.122.201	49161	221.228.218.144 yuhuan6.lanzoux.com	443
192.168.122.201	49165	23.218.94.155 acroipm.adobe.com	80
192.168.122.201	49162	47.98.88.99 vip.d0.baidupan.com	443
192.168.122.201	49164	47.98.88.99 vip.d0.baidupan.com	443
192.168.122.201	49163	61.184.215.173 lanzoui.com	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	53125	192.168.122.1	53
192.168.122.201	56270	192.168.122.1	53
192.168.122.201	59401	192.168.122.1	53
192.168.122.201	59906	192.168.122.1	53
192.168.122.201	65178	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
yuhuan6.lanzoux.com	A 221.228.218.144 CNAME 088af02c.lanzoux.com.cdn.dnsv1.com CNAME 4036504.slego.tcloudscdn.com
www.lanzoux.com
vip.d0.baidupan.com	A 47.98.88.99
lanzoui.com	CNAME lanzoui.com.w.kunlunca.com A 61.184.215.173
acroipm.adobe.com	CNAME acroipm.adobe.com.edgesuite.net A 23.218.94.163 CNAME a1983.dscd.akamai.net A 23.218.94.155

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	221.228.218.144 yuhuan6.lanzoux.com	443
192.168.122.201	49161	221.228.218.144 yuhuan6.lanzoux.com	443
192.168.122.201	49165	23.218.94.155 acroipm.adobe.com	80
192.168.122.201	49162	47.98.88.99 vip.d0.baidupan.com	443
192.168.122.201	49164	47.98.88.99 vip.d0.baidupan.com	443
192.168.122.201	49163	61.184.215.173 lanzoui.com	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	53125	192.168.122.1	53
192.168.122.201	56270	192.168.122.1	53
192.168.122.201	59401	192.168.122.1	53
192.168.122.201	59906	192.168.122.1	53
192.168.122.201	65178	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Version	Issuer	Subject	Fingerprint
2021-02-12 23:18:03.994946+0800	192.168.122.201	49162	47.98.88.99	443	TLSv1	C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA	CN=vip.d0.baidupan.com	5f:8d:b4:87:c2:ac:9e:33:c3:31:8f:5e:c1:2c:fc:4d:1b:cf:23:86
2021-02-12 23:18:04.247211+0800	192.168.122.201	49163	61.184.215.173	443	TLSv1	C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2	CN=*.lanzoui.com	0a:1c:24:e8:a8:f2:da:29:56:26:a0:55:5b:6d:24:00:54:72:3b:4a
2021-02-12 23:18:02.999278+0800	192.168.122.201	49160	221.228.218.144	443	TLSv1	C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2	CN=*.lanzoux.com	ec:dc:62:08:9b:70:f8:ad:52:23:7c:f1:79:3f:d9:da:e7:6e:0d:15
2021-02-12 23:18:03.731255+0800	192.168.122.201	49161	221.228.218.144	443	TLSv1	C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2	CN=*.lanzoux.com	ec:dc:62:08:9b:70:f8:ad:52:23:7c:f1:79:3f:d9:da:e7:6e:0d:15
2021-02-12 23:18:04.760098+0800	192.168.122.201	49164	47.98.88.99	443	TLSv1	C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA	CN=vip.d0.baidupan.com	5f:8d:b4:87:c2:ac:9e:33:c3:31:8f:5e:c1:2c:fc:4d:1b:cf:23:86

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 27.585 seconds )

10.6 Suricata
7.885 NetworkAnalysis
4.281 VirusTotal
2.659 Static
1.012 TargetInfo
0.81 BehaviorAnalysis
0.304 peid
0.011 Strings
0.01 AnalysisInfo
0.009 config_decoder
0.004 Memory

Signatures ( 1.69 seconds )

1.323 md_url_bl
0.048 antiav_detectreg
0.044 api_spamming
0.033 stealth_decoy_document
0.033 stealth_timeout
0.018 infostealer_ftp
0.017 md_domain_bl
0.011 infostealer_im
0.01 mimics_filetime
0.01 reads_self
0.01 antianalysis_detectreg
0.008 antivm_generic_scsi
0.007 stealth_file
0.007 antivm_generic_services
0.006 infostealer_browser
0.006 anormaly_invoke_kills
0.006 infostealer_mail
0.005 bootkit
0.005 anomaly_persistence_autorun
0.005 antiav_detectfile
0.005 geodo_banking_trojan
0.004 infostealer_browser_password
0.004 infostealer_bitcoin
0.004 ransomware_extensions
0.004 ransomware_files
0.003 antivm_generic_disk
0.003 virus
0.003 network_http
0.002 tinba_behavior
0.002 betabot_behavior
0.002 ipc_namedpipe
0.002 kibex_behavior
0.002 shifu_behavior
0.002 kovter_behavior
0.002 hancitor_behavior
0.002 antivm_parallels_keys
0.002 antivm_vbox_files
0.002 antivm_xen_keys
0.002 disables_browser_warn
0.002 darkcomet_regkeys
0.002 network_torgateway
0.001 antiemu_wine_func
0.001 antivm_vbox_libs
0.001 rat_nanocore
0.001 injection_createremotethread
0.001 stealth_network
0.001 heapspray_js
0.001 exec_crash
0.001 cerber_behavior
0.001 silverlight_js
0.001 antivm_generic_diskreg
0.001 bot_drive
0.001 bot_drive2
0.001 browser_security
0.001 modify_proxy
0.001 maldun_malicious_drop_executable_file_to_temp_folder
0.001 md_bad_drop
0.001 network_cnc_http
0.001 recon_fingerprint
0.001 stealth_hiddenreg
0.001 stealth_hide_notifications
0.001 stealth_modify_uac_prompt
0.001 stealth_modify_security_center_warnings

Reporting ( 0.532 seconds )

0.485 ReportHTMLSummary
0.047 Malheur


Task ID	618961
Mongo ID	60269c5c7e769a36c43137f6
Cuckoo release	1.4-Maldun