比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2019-06-03 00:17:06 2019-06-03 00:17:52 46 秒

魔盾分数

4.4

可疑的

文件详细信息

文件名 [0603]啖阪頭噬.exe
文件大小 1318912 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 e09a3b8bd7d2bbddea2f7b94159681f3
SHA1 fc52f16a57dc81b428b244d69174bd58260f01a0
SHA256 6b92d990cc494fc1e1422be46ac42f3d58ff4504439285b31b505764f708f2a1
SHA512 06270ae3231dd632fc3bb45c6b19cfe022631ff7b13f20fb8a1f6772567c43e4414e2b0b75c1c6612cd6d1abb0820208f8f3dcc59c27d75a596e9da470e53c21
CRC32 6ADB62B6
Ssdeep 24576:YBfbLxvYop04uwBck4eqhexHbvYppA3u7zHgAa2:YJbd04YNh2HbYM3KTa2
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0048cbe9
声明校验值 0x00000000
实际校验值 0x0014e1eb
最低操作系统版本要求 4.0
编译时间 2019-06-03 00:03:11
载入哈希 9a390d650f1052898941da70de02eafe

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000aca6a 0x000ad000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.54
.rdata 0x000ae000 0x00079900 0x0007a000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.88
.data 0x00128000 0x000529ca 0x00014000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.99
.rsrc 0x0017b000 0x00005b68 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.67

导入

库: WINMM.dll:
0x4ae694 midiStreamOut
0x4ae69c midiStreamProperty
0x4ae6a0 midiStreamOpen
0x4ae6a8 waveOutOpen
0x4ae6b0 waveOutWrite
0x4ae6b4 waveOutPause
0x4ae6b8 waveOutReset
0x4ae6bc waveOutClose
0x4ae6c0 waveOutGetNumDevs
0x4ae6c4 midiStreamStop
0x4ae6c8 midiOutReset
0x4ae6cc midiStreamClose
0x4ae6d0 midiStreamRestart
库: WS2_32.dll:
0x4ae6ec WSAAsyncSelect
0x4ae6f0 closesocket
0x4ae6f4 send
0x4ae6f8 WSACleanup
0x4ae6fc WSAStartup
0x4ae700 inet_ntoa
0x4ae704 recvfrom
0x4ae708 ioctlsocket
0x4ae70c recv
0x4ae710 getpeername
0x4ae714 accept
0x4ae718 select
库: RASAPI32.dll:
0x4ae3ec RasHangUpA
库: KERNEL32.dll:
0x4ae1a8 SetLastError
0x4ae1b0 GetVersion
0x4ae1b8 GetSystemDirectoryA
0x4ae1bc RaiseException
0x4ae1c0 GetLocalTime
0x4ae1c4 GetSystemTime
0x4ae1c8 RtlUnwind
0x4ae1cc GetStartupInfoA
0x4ae1d0 GetOEMCP
0x4ae1d4 GetCPInfo
0x4ae1d8 GetProcessVersion
0x4ae1dc SetErrorMode
0x4ae1e0 GlobalFlags
0x4ae1e4 GetCurrentThread
0x4ae1e8 GetFileTime
0x4ae1ec TlsGetValue
0x4ae1f0 LocalReAlloc
0x4ae1f4 TlsSetValue
0x4ae1f8 TlsFree
0x4ae1fc GlobalHandle
0x4ae200 TlsAlloc
0x4ae204 LocalAlloc
0x4ae208 lstrcmpA
0x4ae20c GlobalGetAtomNameA
0x4ae210 GlobalAddAtomA
0x4ae214 GlobalFindAtomA
0x4ae218 GlobalDeleteAtom
0x4ae21c lstrcmpiA
0x4ae220 SetEndOfFile
0x4ae224 UnlockFile
0x4ae228 LockFile
0x4ae22c FlushFileBuffers
0x4ae230 DuplicateHandle
0x4ae234 lstrcpynA
0x4ae23c LocalFree
0x4ae24c TerminateProcess
0x4ae250 GetCurrentProcess
0x4ae254 GetFileSize
0x4ae258 SetFilePointer
0x4ae25c CreateSemaphoreA
0x4ae260 ResumeThread
0x4ae264 ReleaseSemaphore
0x4ae270 GetProfileStringA
0x4ae274 WriteFile
0x4ae27c CreateFileA
0x4ae280 SetEvent
0x4ae284 FindResourceA
0x4ae288 LoadResource
0x4ae28c LockResource
0x4ae290 ReadFile
0x4ae294 RemoveDirectoryA
0x4ae298 GetModuleFileNameA
0x4ae29c WideCharToMultiByte
0x4ae2a0 MultiByteToWideChar
0x4ae2a4 GetCurrentThreadId
0x4ae2a8 ExitProcess
0x4ae2ac GlobalSize
0x4ae2b0 GlobalFree
0x4ae2bc lstrcatA
0x4ae2c0 lstrlenA
0x4ae2c4 WinExec
0x4ae2c8 lstrcpyA
0x4ae2cc FindNextFileA
0x4ae2d0 GlobalReAlloc
0x4ae2d4 HeapFree
0x4ae2d8 HeapReAlloc
0x4ae2dc GetProcessHeap
0x4ae2e0 HeapAlloc
0x4ae2e4 GetFullPathNameA
0x4ae2e8 FreeLibrary
0x4ae2ec LoadLibraryA
0x4ae2f0 GetLastError
0x4ae2f4 GetVersionExA
0x4ae300 CreateThread
0x4ae304 CreateEventA
0x4ae308 Sleep
0x4ae310 GlobalAlloc
0x4ae314 GlobalLock
0x4ae318 InterlockedExchange
0x4ae31c GlobalUnlock
0x4ae320 GetTempPathA
0x4ae324 FindFirstFileA
0x4ae328 FindClose
0x4ae32c SetFileAttributesA
0x4ae330 GetFileAttributesA
0x4ae334 MoveFileA
0x4ae338 DeleteFileA
0x4ae33c CopyFileA
0x4ae340 CreateDirectoryA
0x4ae34c GetModuleHandleA
0x4ae350 GetProcAddress
0x4ae354 MulDiv
0x4ae358 GetCommandLineA
0x4ae35c GetTickCount
0x4ae360 CreateProcessA
0x4ae364 WaitForSingleObject
0x4ae368 CloseHandle
0x4ae36c HeapSize
0x4ae370 GetACP
0x4ae374 SetStdHandle
0x4ae378 GetFileType
0x4ae390 SetHandleCount
0x4ae394 GetStdHandle
0x4ae39c HeapDestroy
0x4ae3a0 HeapCreate
0x4ae3a4 VirtualFree
0x4ae3ac LCMapStringA
0x4ae3b0 LCMapStringW
0x4ae3b4 VirtualAlloc
0x4ae3b8 IsBadWritePtr
0x4ae3c0 GetStringTypeA
0x4ae3c4 GetStringTypeW
0x4ae3c8 CompareStringA
0x4ae3cc CompareStringW
0x4ae3d0 IsBadReadPtr
0x4ae3d4 IsBadCodePtr
库: USER32.dll:
0x4ae414 SetMenu
0x4ae418 PeekMessageA
0x4ae41c GetSysColorBrush
0x4ae424 LoadImageA
0x4ae42c ClientToScreen
0x4ae430 EnableMenuItem
0x4ae434 GetSubMenu
0x4ae438 GetDlgCtrlID
0x4ae440 CreateMenu
0x4ae444 ModifyMenuA
0x4ae448 AppendMenuA
0x4ae44c CreatePopupMenu
0x4ae450 DrawIconEx
0x4ae460 SetRectEmpty
0x4ae464 DispatchMessageA
0x4ae468 GetMessageA
0x4ae46c WindowFromPoint
0x4ae470 DrawFocusRect
0x4ae474 DrawEdge
0x4ae478 IsIconic
0x4ae47c SetFocus
0x4ae480 GetActiveWindow
0x4ae484 GetWindow
0x4ae48c SetWindowRgn
0x4ae490 GetMessagePos
0x4ae494 ScreenToClient
0x4ae49c CopyRect
0x4ae4a0 LoadBitmapA
0x4ae4a4 WinHelpA
0x4ae4a8 KillTimer
0x4ae4ac SetTimer
0x4ae4b0 ReleaseCapture
0x4ae4b4 GetCapture
0x4ae4b8 SetCapture
0x4ae4bc GetScrollRange
0x4ae4c0 SetScrollRange
0x4ae4c4 SetScrollPos
0x4ae4c8 SetRect
0x4ae4cc InflateRect
0x4ae4d0 IntersectRect
0x4ae4d4 DestroyIcon
0x4ae4d8 LoadStringA
0x4ae4dc DrawFrameControl
0x4ae4e4 GetMenuState
0x4ae4e8 SetMenuItemBitmaps
0x4ae4ec CheckMenuItem
0x4ae4f0 MoveWindow
0x4ae4f4 IsDialogMessageA
0x4ae4f8 ScrollWindowEx
0x4ae4fc SendDlgItemMessageA
0x4ae500 MapWindowPoints
0x4ae504 AdjustWindowRectEx
0x4ae508 GetMenu
0x4ae50c GetScrollPos
0x4ae510 RegisterClassA
0x4ae514 GetMenuItemCount
0x4ae518 GetMenuItemID
0x4ae51c SetWindowsHookExA
0x4ae520 CallNextHookEx
0x4ae524 GetClassLongA
0x4ae528 SetPropA
0x4ae52c UnhookWindowsHookEx
0x4ae530 GetPropA
0x4ae534 RemovePropA
0x4ae538 GetMessageTime
0x4ae53c GetLastActivePopup
0x4ae544 GetWindowPlacement
0x4ae548 GetNextDlgTabItem
0x4ae54c EndDialog
0x4ae554 PtInRect
0x4ae558 OffsetRect
0x4ae55c IsWindowVisible
0x4ae560 EnableWindow
0x4ae564 RedrawWindow
0x4ae568 GetWindowLongA
0x4ae56c SetWindowLongA
0x4ae570 GetSysColor
0x4ae574 SetActiveWindow
0x4ae578 SetCursorPos
0x4ae57c LoadCursorA
0x4ae580 SetCursor
0x4ae584 GetDC
0x4ae588 FillRect
0x4ae58c IsRectEmpty
0x4ae590 ReleaseDC
0x4ae594 IsChild
0x4ae598 DestroyMenu
0x4ae59c SetForegroundWindow
0x4ae5a0 GetWindowRect
0x4ae5a4 EqualRect
0x4ae5a8 UpdateWindow
0x4ae5ac ValidateRect
0x4ae5b0 InvalidateRect
0x4ae5b4 GetClientRect
0x4ae5b8 GetFocus
0x4ae5bc GetParent
0x4ae5c0 GetTopWindow
0x4ae5c4 PostMessageA
0x4ae5c8 IsWindow
0x4ae5cc SetParent
0x4ae5d0 DestroyCursor
0x4ae5d4 SendMessageA
0x4ae5d8 SetWindowPos
0x4ae5dc MessageBoxA
0x4ae5e0 GetCursorPos
0x4ae5e4 GetSystemMetrics
0x4ae5e8 EmptyClipboard
0x4ae5ec SetClipboardData
0x4ae5f0 OpenClipboard
0x4ae5f4 GetClipboardData
0x4ae5f8 CloseClipboard
0x4ae5fc wsprintfA
0x4ae600 WaitForInputIdle
0x4ae604 DeleteMenu
0x4ae608 GetSystemMenu
0x4ae60c DefWindowProcA
0x4ae610 GetClassInfoA
0x4ae614 IsZoomed
0x4ae618 PostQuitMessage
0x4ae620 TranslateMessage
0x4ae624 LoadIconA
0x4ae628 GetDesktopWindow
0x4ae62c GetClassNameA
0x4ae630 UnregisterClassA
0x4ae634 GetDlgItem
0x4ae638 GetWindowTextA
0x4ae63c SetWindowTextA
0x4ae640 GetForegroundWindow
0x4ae644 CallWindowProcA
0x4ae648 CreateWindowExA
0x4ae64c UnregisterHotKey
0x4ae650 GetKeyState
0x4ae658 IsWindowEnabled
0x4ae65c ShowWindow
0x4ae660 RegisterHotKey
0x4ae668 CharUpperA
0x4ae66c GetWindowDC
0x4ae670 BeginPaint
0x4ae674 EndPaint
0x4ae678 TabbedTextOutA
0x4ae67c DrawTextA
0x4ae680 GrayStringA
0x4ae684 DestroyWindow
库: GDI32.dll:
0x4ae054 LineTo
0x4ae058 MoveToEx
0x4ae05c ExcludeClipRect
0x4ae060 GetClipBox
0x4ae064 PatBlt
0x4ae068 CombineRgn
0x4ae06c CreateRectRgn
0x4ae070 FillRgn
0x4ae074 CreateSolidBrush
0x4ae078 CreateFontIndirectA
0x4ae07c GetStockObject
0x4ae080 GetObjectA
0x4ae084 EndPage
0x4ae088 EndDoc
0x4ae08c DeleteDC
0x4ae090 StartDocA
0x4ae094 StartPage
0x4ae098 BitBlt
0x4ae09c CreateCompatibleDC
0x4ae0a0 Ellipse
0x4ae0a4 Rectangle
0x4ae0a8 LPtoDP
0x4ae0ac DPtoLP
0x4ae0b0 GetCurrentObject
0x4ae0b8 GetDeviceCaps
0x4ae0bc GetClipRgn
0x4ae0c0 SetStretchBltMode
0x4ae0c8 SetBkColor
0x4ae0cc CreateFontA
0x4ae0d4 ScaleWindowExtEx
0x4ae0d8 SetWindowExtEx
0x4ae0dc SetWindowOrgEx
0x4ae0e0 ScaleViewportExtEx
0x4ae0e4 SetViewportExtEx
0x4ae0e8 OffsetViewportOrgEx
0x4ae0ec SetViewportOrgEx
0x4ae0f0 SetMapMode
0x4ae0f4 SetTextColor
0x4ae0f8 SetROP2
0x4ae0fc SetPolyFillMode
0x4ae100 ExtSelectClipRgn
0x4ae104 GetViewportExtEx
0x4ae108 PtVisible
0x4ae10c RectVisible
0x4ae110 TextOutA
0x4ae114 ExtTextOutA
0x4ae118 Escape
0x4ae11c GetTextMetricsA
0x4ae120 CreatePen
0x4ae124 SelectObject
0x4ae128 CreateBitmap
0x4ae12c CreateDCA
0x4ae134 GetPolyFillMode
0x4ae138 SetBkMode
0x4ae13c RestoreDC
0x4ae140 SaveDC
0x4ae144 GetStretchBltMode
0x4ae148 GetROP2
0x4ae14c GetBkColor
0x4ae150 GetBkMode
0x4ae154 GetTextColor
0x4ae158 CreateRoundRectRgn
0x4ae15c CreateEllipticRgn
0x4ae160 PathToRegion
0x4ae164 EndPath
0x4ae168 BeginPath
0x4ae16c GetWindowOrgEx
0x4ae170 GetViewportOrgEx
0x4ae174 GetWindowExtEx
0x4ae178 GetDIBits
0x4ae17c RealizePalette
0x4ae180 SelectPalette
0x4ae184 StretchBlt
0x4ae188 CreatePalette
0x4ae190 CreateDIBitmap
0x4ae194 DeleteObject
0x4ae198 SelectClipRgn
0x4ae19c RoundRect
0x4ae1a0 CreatePolygonRgn
库: WINSPOOL.DRV:
0x4ae6dc OpenPrinterA
0x4ae6e0 DocumentPropertiesA
0x4ae6e4 ClosePrinter
库: ADVAPI32.dll:
0x4ae000 RegQueryValueExA
0x4ae004 RegOpenKeyExA
0x4ae008 RegSetValueExA
0x4ae00c RegQueryValueA
0x4ae010 RegCreateKeyExA
0x4ae014 RegCloseKey
库: SHELL32.dll:
0x4ae3f8 DragFinish
0x4ae3fc DragQueryFileA
0x4ae404 DragAcceptFiles
0x4ae408 ShellExecuteA
0x4ae40c Shell_NotifyIconA
库: ole32.dll:
0x4ae734 CLSIDFromString
0x4ae738 OleUninitialize
0x4ae73c OleInitialize
库: OLEAUT32.dll:
0x4ae3dc UnRegisterTypeLib
0x4ae3e0 LoadTypeLib
0x4ae3e4 RegisterTypeLib
库: COMCTL32.dll:
0x4ae01c ImageList_GetIcon
0x4ae020 ImageList_Add
0x4ae024 ImageList_BeginDrag
0x4ae028 ImageList_Create
0x4ae02c ImageList_Destroy
0x4ae030 ImageList_DragEnter
0x4ae034 ImageList_DragLeave
0x4ae038 ImageList_DragMove
0x4ae040 ImageList_EndDrag
0x4ae044 None
0x4ae048 ImageList_Read
0x4ae04c ImageList_Duplicate
库: WININET.dll:
0x4ae68c InternetCloseHandle
库: comdlg32.dll:
0x4ae720 ChooseColorA
0x4ae724 GetFileTitleA
0x4ae728 GetSaveFileNameA
0x4ae72c GetOpenFileNameA
.text
`.rdata
@.data
.rsrc
Lh?uL
VMProtect begin
SEBEGN
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
SEENDP
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
没有防病毒引擎扫描信息!

进程树

_0603_____________.exe, PID: 2660, 上一级进程 PID: 2296
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 28.066 seconds )

  • 15.467 Suricata
  • 5.496 Static
  • 3.953 VirusTotal
  • 1.886 TargetInfo
  • 0.433 peid
  • 0.348 NetworkAnalysis
  • 0.336 BehaviorAnalysis
  • 0.126 AnalysisInfo
  • 0.014 Strings
  • 0.004 config_decoder
  • 0.003 Memory

Signatures ( 0.252 seconds )

  • 0.029 antiav_detectreg
  • 0.022 md_domain_bl
  • 0.021 md_url_bl
  • 0.017 api_spamming
  • 0.014 stealth_timeout
  • 0.012 stealth_decoy_document
  • 0.012 infostealer_ftp
  • 0.008 antiav_detectfile
  • 0.007 anomaly_persistence_autorun
  • 0.007 infostealer_im
  • 0.007 ransomware_extensions
  • 0.007 ransomware_files
  • 0.006 antianalysis_detectreg
  • 0.005 infostealer_bitcoin
  • 0.005 infostealer_mail
  • 0.004 kovter_behavior
  • 0.003 tinba_behavior
  • 0.003 antiemu_wine_func
  • 0.003 antivm_vbox_libs
  • 0.003 infostealer_browser_password
  • 0.003 antivm_vbox_files
  • 0.003 geodo_banking_trojan
  • 0.003 disables_browser_warn
  • 0.002 rat_nanocore
  • 0.002 betabot_behavior
  • 0.002 exec_crash
  • 0.002 cerber_behavior
  • 0.002 antivm_parallels_keys
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.001 network_tor
  • 0.001 antiav_avast_libs
  • 0.001 mimics_filetime
  • 0.001 antivm_vmware_libs
  • 0.001 reads_self
  • 0.001 ursnif_behavior
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 antisandbox_sboxie_libs
  • 0.001 antiav_bitdefender_libs
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 shifu_behavior
  • 0.001 antidbg_windows
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_athenahttp
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 darkcomet_regkeys
  • 0.001 office_security
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_fingerprint
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt

Reporting ( 1.09 seconds )

  • 0.833 ReportHTMLSummary
  • 0.257 Malheur
Task ID 300218
Mongo ID 5cf3f6d62f8f2e1a38d46fdc
Cuckoo release 1.4-Maldun