分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2022-05-27 21:12:12 | 2022-05-27 21:13:19 | 67 秒 |
魔盾分数
10.0
危险的
文件详细信息
| 文件名 | duplicate file finder plus_16.0.79.rar |
|---|---|
| 文件大小 | 490296 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | 8d282dae469c287ff5c66f53e1d68ed7 |
| SHA1 | 617d458fe2434492737be317a921efe752ee0c53 |
| SHA256 | 5be5e4b0abb9189c524560b999e9449817ff9220e4d7e853656f82b392349e0b |
| SHA512 | 31fa194b9c724d4ed5d4b06da3c35d6a29d39f16bdb8818df91ebb2de2ea78abc9b491f65e592def5adb5ec2068e87d43d7b937b4fc4951f5bb08629e999d9a6 |
| CRC32 | 6E292587 |
| Ssdeep | 12288:5ExGg+U1dB+uImwwZGgeJmA2v/IOBp7rh9:5OGg+sK8VA2v/xBX9 |
| Yara | 登录查看Yara规则 |
| 找不到该样本 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 104.22.25.131 | 美国 | |
| 否 | 104.85.244.134 | 美国 | |
| 否 | 172.67.169.247 | 美国 | |
| 否 | 172.67.204.35 | 美国 |
域名解析 (可点击查询WPING实时安全评级)
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x00469800 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x000819a5 |
| 最低操作系统版本要求 | 5.1 |
| 编译时间 | 2018-06-24 23:04:40 |
| 载入哈希 | 4bb6c97d0fd6fbaeabdd43515fbc6b28 |
| 图标 |  |
| 图标精确哈希值 | f4f666aa5b7140c61ee1207635d7022d |
| 图标相似性哈希值 | 01d5192ff2c9379c4085014f5894940f |
版本信息
| Translation | |
|---|---|
| LegalCopyright | |
| Assembly Version | |
| InternalName | |
| FileVersion | |
| CompanyName | |
| LegalTrademarks | |
| Comments | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| OriginalFilename |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| UPX0 | 0x00001000 | 0x0004a000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| UPX1 | 0x0004b000 | 0x0001f000 | 0x0001ec00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.92 |
| .rsrc | 0x0006a000 | 0x00008000 | 0x00007200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 6.24 |
覆盖
| 偏移量 | 0x00026200 |
| 大小 | 0x00051938 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| RT_ICON | 0x00070148 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.15 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00070148 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.15 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00070148 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.15 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x00070148 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.15 | GLS_BINARY_LSB_FIRST |
| RT_DIALOG | 0x00062eb8 | 0x00000252 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.43 | data |
| RT_DIALOG | 0x00062eb8 | 0x00000252 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.43 | data |
| RT_DIALOG | 0x00062eb8 | 0x00000252 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.43 | data |
| RT_DIALOG | 0x00062eb8 | 0x00000252 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.43 | data |
| RT_DIALOG | 0x00062eb8 | 0x00000252 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.43 | data |
| RT_DIALOG | 0x00062eb8 | 0x00000252 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.43 | data |
| RT_STRING | 0x0006408c | 0x000000d6 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.70 | data |
| RT_STRING | 0x0006408c | 0x000000d6 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.70 | data |
| RT_STRING | 0x0006408c | 0x000000d6 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.70 | data |
| RT_STRING | 0x0006408c | 0x000000d6 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.70 | data |
| RT_STRING | 0x0006408c | 0x000000d6 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.70 | data |
| RT_STRING | 0x0006408c | 0x000000d6 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.70 | data |
| RT_STRING | 0x0006408c | 0x000000d6 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.70 | data |
| RT_STRING | 0x0006408c | 0x000000d6 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.70 | data |
| RT_STRING | 0x0006408c | 0x000000d6 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.70 | data |
| RT_STRING | 0x0006408c | 0x000000d6 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.70 | data |
| RT_GROUP_ICON | 0x000705b4 | 0x0000003e | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.41 | MS Windows icon resource - 4 icons, 256x256 |
| RT_VERSION | 0x000705f8 | 0x0000047c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.37 | data |
| RT_MANIFEST | 0x00070a78 | 0x00000533 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.92 | XML 1.0 document, ASCII text, with CRLF line terminators |
导入
库: gdiplus.dll:
• 0x470fe8 GdipFree
库: KERNEL32.DLL:
• 0x470ff0 LoadLibraryA
• 0x470ff4 ExitProcess
• 0x470ff8 GetProcAddress
• 0x470ffc VirtualProtect
.rsrc
aC`Hc
)X(g#
#\)t"=
`VV@2*
EaK({
3":la
2Rc+W]
rp[.3
xfghijklmnopqrstuvwxyz[\)V$
rrqvt
RAR\sfx\bu
STARTDLG
进程树
-
duplicate file finder plus_16.0.79.rar id: 2636
-
Duplicate File Finder Plus.exe id: 2980
- explorer.exe id: 2504
- explorer.exe id: 2580
-
Duplicate File Finder Plus.exe id: 2980
duplicate file finder plus_16.0.79.rar, PID: 2636, 上一级进程 PID: 2248
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 104.22.25.131 | 美国 | |
| 否 | 104.85.244.134 | 美国 | |
| 否 | 172.67.169.247 | 美国 | |
| 否 | 172.67.204.35 | 美国 |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49177 | 104.22.25.131 embed.tawk.to | 443 |
| 192.168.122.201 | 49178 | 104.22.25.131 embed.tawk.to | 443 |
| 192.168.122.201 | 49179 | 104.22.25.131 embed.tawk.to | 443 |
| 192.168.122.201 | 49180 | 104.22.25.131 embed.tawk.to | 443 |
| 192.168.122.201 | 49181 | 104.22.25.131 embed.tawk.to | 443 |
| 192.168.122.201 | 49182 | 104.22.25.131 embed.tawk.to | 443 |
| 192.168.122.201 | 49175 | 104.85.244.134 s7.addthis.com | 443 |
| 192.168.122.201 | 49160 | 104.96.203.48 | 80 |
| 192.168.122.201 | 49174 | 172.67.169.247 use.fontawesome.com | 443 |
| 192.168.122.201 | 49176 | 172.67.169.247 use.fontawesome.com | 443 |
| 192.168.122.201 | 49164 | 172.67.204.35 www.duplicatefilefinder4pc.com | 80 |
| 192.168.122.201 | 49165 | 172.67.204.35 www.duplicatefilefinder4pc.com | 443 |
| 192.168.122.201 | 49168 | 172.67.204.35 www.duplicatefilefinder4pc.com | 443 |
| 192.168.122.201 | 49169 | 172.67.204.35 www.duplicatefilefinder4pc.com | 443 |
| 192.168.122.201 | 49170 | 172.67.204.35 www.duplicatefilefinder4pc.com | 443 |
| 192.168.122.201 | 49171 | 172.67.204.35 www.duplicatefilefinder4pc.com | 443 |
| 192.168.122.201 | 49172 | 172.67.204.35 www.duplicatefilefinder4pc.com | 443 |
| 192.168.122.201 | 49173 | 172.67.204.35 www.duplicatefilefinder4pc.com | 443 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 52207 | 192.168.122.1 | 53 |
| 192.168.122.201 | 53125 | 192.168.122.1 | 53 |
| 192.168.122.201 | 56270 | 192.168.122.1 | 53 |
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
| 192.168.122.201 | 59906 | 192.168.122.1 | 53 |
| 192.168.122.201 | 65178 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49177 | 104.22.25.131 embed.tawk.to | 443 |
| 192.168.122.201 | 49178 | 104.22.25.131 embed.tawk.to | 443 |
| 192.168.122.201 | 49179 | 104.22.25.131 embed.tawk.to | 443 |
| 192.168.122.201 | 49180 | 104.22.25.131 embed.tawk.to | 443 |
| 192.168.122.201 | 49181 | 104.22.25.131 embed.tawk.to | 443 |
| 192.168.122.201 | 49182 | 104.22.25.131 embed.tawk.to | 443 |
| 192.168.122.201 | 49175 | 104.85.244.134 s7.addthis.com | 443 |
| 192.168.122.201 | 49160 | 104.96.203.48 | 80 |
| 192.168.122.201 | 49174 | 172.67.169.247 use.fontawesome.com | 443 |
| 192.168.122.201 | 49176 | 172.67.169.247 use.fontawesome.com | 443 |
| 192.168.122.201 | 49164 | 172.67.204.35 www.duplicatefilefinder4pc.com | 80 |
| 192.168.122.201 | 49165 | 172.67.204.35 www.duplicatefilefinder4pc.com | 443 |
| 192.168.122.201 | 49168 | 172.67.204.35 www.duplicatefilefinder4pc.com | 443 |
| 192.168.122.201 | 49169 | 172.67.204.35 www.duplicatefilefinder4pc.com | 443 |
| 192.168.122.201 | 49170 | 172.67.204.35 www.duplicatefilefinder4pc.com | 443 |
| 192.168.122.201 | 49171 | 172.67.204.35 www.duplicatefilefinder4pc.com | 443 |
| 192.168.122.201 | 49172 | 172.67.204.35 www.duplicatefilefinder4pc.com | 443 |
| 192.168.122.201 | 49173 | 172.67.204.35 www.duplicatefilefinder4pc.com | 443 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 52207 | 192.168.122.1 | 53 |
| 192.168.122.201 | 53125 | 192.168.122.1 | 53 |
| 192.168.122.201 | 56270 | 192.168.122.1 | 53 |
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
| 192.168.122.201 | 59906 | 192.168.122.1 | 53 |
| 192.168.122.201 | 65178 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
| URL专业沙箱检测 -> http://www.duplicatefilefinder4pc.com/latestver-p.txt | GET /latestver-p.txt HTTP/1.1 Host: www.duplicatefilefinder4pc.com Connection: Keep-Alive |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
| Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
|---|---|---|---|---|---|---|---|---|
| 2022-05-27 21:12:57.892570+0800 | 192.168.122.201 | 49168 | 172.67.204.35 | 443 | TLS 1.2 | C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | c7:3a:23:77:94:68:03:81:08:8a:45:42:df:df:d2:c3:3f:1c:e0:f3 |
| 2022-05-27 21:12:58.791413+0800 | 192.168.122.201 | 49173 | 172.67.204.35 | 443 | TLS 1.2 | C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | c7:3a:23:77:94:68:03:81:08:8a:45:42:df:df:d2:c3:3f:1c:e0:f3 |
| 2022-05-27 21:12:58.778094+0800 | 192.168.122.201 | 49170 | 172.67.204.35 | 443 | TLS 1.2 | C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | c7:3a:23:77:94:68:03:81:08:8a:45:42:df:df:d2:c3:3f:1c:e0:f3 |
| 2022-05-27 21:12:58.798663+0800 | 192.168.122.201 | 49171 | 172.67.204.35 | 443 | TLS 1.2 | C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | c7:3a:23:77:94:68:03:81:08:8a:45:42:df:df:d2:c3:3f:1c:e0:f3 |
| 2022-05-27 21:12:51.662788+0800 | 192.168.122.201 | 49165 | 172.67.204.35 | 443 | TLSv1 | C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | c7:3a:23:77:94:68:03:81:08:8a:45:42:df:df:d2:c3:3f:1c:e0:f3 |
| 2022-05-27 21:12:58.182148+0800 | 192.168.122.201 | 49169 | 172.67.204.35 | 443 | TLS 1.2 | C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | c7:3a:23:77:94:68:03:81:08:8a:45:42:df:df:d2:c3:3f:1c:e0:f3 |
| 2022-05-27 21:12:58.796447+0800 | 192.168.122.201 | 49172 | 172.67.204.35 | 443 | TLS 1.2 | C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | c7:3a:23:77:94:68:03:81:08:8a:45:42:df:df:d2:c3:3f:1c:e0:f3 |
| 2022-05-27 21:12:58.842021+0800 | 192.168.122.201 | 49174 | 172.67.169.247 | 443 | TLS 1.2 | C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | f2:20:91:a9:42:71:20:ad:c4:ae:41:6d:83:30:80:35:7d:ae:1e:53 |
| 2022-05-27 21:12:58.929795+0800 | 192.168.122.201 | 49175 | 104.85.244.134 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=California, L=Redwood City, O=Oracle Corporation, CN=odc-addthis-prod-01.oracle.com | 11:b5:70:09:b0:b2:45:1a:5e:12:00:56:7a:07:8f:5c:fa:e5:d3:b6 |
| 2022-05-27 21:13:00.669496+0800 | 192.168.122.201 | 49177 | 104.22.25.131 | 443 | TLS 1.2 | C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | ae:e5:a2:e6:b1:9b:22:4e:5e:32:06:90:03:92:5f:a1:b0:58:8e:c3 |
| 2022-05-27 21:13:04.565686+0800 | 192.168.122.201 | 49178 | 104.22.25.131 | 443 | TLS 1.2 | C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | ae:e5:a2:e6:b1:9b:22:4e:5e:32:06:90:03:92:5f:a1:b0:58:8e:c3 |
| 2022-05-27 21:13:04.564610+0800 | 192.168.122.201 | 49179 | 104.22.25.131 | 443 | TLS 1.2 | C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | ae:e5:a2:e6:b1:9b:22:4e:5e:32:06:90:03:92:5f:a1:b0:58:8e:c3 |
| 2022-05-27 21:13:04.613126+0800 | 192.168.122.201 | 49180 | 104.22.25.131 | 443 | TLS 1.2 | C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | ae:e5:a2:e6:b1:9b:22:4e:5e:32:06:90:03:92:5f:a1:b0:58:8e:c3 |
| 2022-05-27 21:13:04.959519+0800 | 192.168.122.201 | 49181 | 104.22.25.131 | 443 | TLS 1.2 | C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | ae:e5:a2:e6:b1:9b:22:4e:5e:32:06:90:03:92:5f:a1:b0:58:8e:c3 |
| 2022-05-27 21:13:05.595329+0800 | 192.168.122.201 | 49182 | 104.22.25.131 | 443 | TLS 1.2 | C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | ae:e5:a2:e6:b1:9b:22:4e:5e:32:06:90:03:92:5f:a1:b0:58:8e:c3 |
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 48.175 seconds )
- 17.862 VirusTotal
- 15.001 NetworkAnalysis
- 11.567 Suricata
- 2.505 BehaviorAnalysis
- 0.57 Static
- 0.324 peid
- 0.321 TargetInfo
- 0.012 Strings
- 0.01 AnalysisInfo
- 0.002 Memory
- 0.001 config_decoder
Signatures ( 28.139 seconds )
- 25.5 network_http
- 1.371 md_url_bl
- 0.142 antiav_detectreg
- 0.137 api_spamming
- 0.111 stealth_decoy_document
- 0.109 stealth_timeout
- 0.086 infostealer_ftp
- 0.038 infostealer_im
- 0.036 antivm_generic_scsi
- 0.032 mimics_filetime
- 0.029 antianalysis_detectreg
- 0.024 reads_self
- 0.023 antivm_generic_services
- 0.023 antiav_detectfile
- 0.022 bootkit
- 0.022 virus
- 0.021 stealth_file
- 0.021 antivm_generic_disk
- 0.019 anormaly_invoke_kills
- 0.019 infostealer_mail
- 0.018 md_domain_bl
- 0.016 infostealer_browser_password
- 0.016 kovter_behavior
- 0.016 infostealer_bitcoin
- 0.015 antiemu_wine_func
- 0.013 injection_createremotethread
- 0.013 hancitor_behavior
- 0.01 antidbg_windows
- 0.009 injection_runpe
- 0.009 antivm_vbox_files
- 0.009 geodo_banking_trojan
- 0.008 kibex_behavior
- 0.008 antivm_xen_keys
- 0.007 maldun_anomaly_massive_file_ops
- 0.007 betabot_behavior
- 0.007 antivm_parallels_keys
- 0.007 darkcomet_regkeys
- 0.007 ransomware_extensions
- 0.006 antivm_vbox_libs
- 0.006 anomaly_persistence_autorun
- 0.006 ransomware_files
- 0.005 infostealer_browser
- 0.005 shifu_behavior
- 0.005 antivm_generic_diskreg
- 0.004 maldun_malicious_write_executeable_under_temp_to_regrun
- 0.004 maldun_anomaly_write_exe_and_obsfucate_extension
- 0.004 exec_crash
- 0.004 antidbg_devices
- 0.004 antivm_vpc_keys
- 0.004 recon_fingerprint
- 0.003 network_tor
- 0.003 antiav_avast_libs
- 0.003 sets_autoconfig_url
- 0.003 antisandbox_sunbelt_libs
- 0.003 ipc_namedpipe
- 0.003 antivm_vmware_keys
- 0.003 disables_browser_warn
- 0.003 network_torgateway
- 0.003 rat_pcclient
- 0.002 tinba_behavior
- 0.002 hawkeye_behavior
- 0.002 rat_nanocore
- 0.002 antivm_vmware_libs
- 0.002 ransomware_message
- 0.002 antivm_vbox_window
- 0.002 injection_explorer
- 0.002 kazybot_behavior
- 0.002 antisandbox_sboxie_libs
- 0.002 antiav_bitdefender_libs
- 0.002 maldun_anomaly_write_exe_and_dll_under_winroot_run
- 0.002 securityxploded_modules
- 0.002 bypass_firewall
- 0.002 antisandbox_productid
- 0.002 antivm_xen_keys
- 0.002 antivm_hyperv_keys
- 0.002 antivm_vbox_acpi
- 0.002 antivm_vbox_keys
- 0.002 browser_security
- 0.002 maldun_anomaly_invoke_vb_vba
- 0.002 packer_armadillo_regkey
- 0.001 maldun_anomaly_terminated_process
- 0.001 disables_spdy
- 0.001 office_dl_write_exe
- 0.001 office_write_exe
- 0.001 dridex_behavior
- 0.001 rat_luminosity
- 0.001 ransomeware_modifies_desktop_wallpaper
- 0.001 disables_wfp
- 0.001 vawtrak_behavior
- 0.001 cerber_behavior
- 0.001 h1n1_behavior
- 0.001 antisandbox_script_timer
- 0.001 process_needed
- 0.001 sniffer_winpcap
- 0.001 antianalysis_detectfile
- 0.001 antivm_generic_bios
- 0.001 antivm_generic_cpu
- 0.001 antivm_generic_system
- 0.001 antivm_vmware_files
- 0.001 antivm_vpc_files
- 0.001 banker_cridex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 modify_proxy
- 0.001 codelux_behavior
- 0.001 maldun_malicious_drop_executable_file_to_temp_folder
- 0.001 malicous_targeted_flame
- 0.001 md_bad_drop
- 0.001 network_cnc_http
- 0.001 recon_programs
- 0.001 stealth_modify_uac_prompt
- 0.001 stealth_modify_security_center_warnings
Reporting ( 0.939 seconds )
- 0.873 ReportHTMLSummary
- 0.066 Malheur
| Task ID | 692572 |
|---|---|
| Mongo ID | 6290ced47e769a0b42021ea5 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号