分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2022-05-27 23:15:48 | 2022-05-27 23:18:02 | 134 秒 |
魔盾分数
10.0
危险的
文件详细信息
| 文件名 | 脱壳过的测试木马.exe |
|---|---|
| 文件大小 | 4786688 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed |
| MD5 | 2357579d1ac0b52de495a4df9a811736 |
| SHA1 | 5e50f1f9d1070acb983ef93a85ddad5f3dbe06d9 |
| SHA256 | 98f1ce10ed778943fc378612b80f755af444576f9ee5c625f23fe297622ffcba |
| SHA512 | e2197dfeb77cc5e267c307431d56639bac2af49d9185308471060fea6a188613b4f09f68e0c3c8d8acc717f4e7763531d9cad61cc7887ce0523ae57b4e08d754 |
| CRC32 | AD9491FF |
| Ssdeep | 98304:c1UlxZecvr1b7+WmUJ9d/IyfFR+9jx3iPy:cuxZeg1IOYBhiK |
| Yara | 登录查看Yara规则 |
| 找不到该样本 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x005aa153 |
| 声明校验值 | 0x0021ef9e |
| 实际校验值 | 0x0049b8ec |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2022-05-07 22:20:40 |
| 载入哈希 | 58ac13375c1e63b633e43abc1729c7b6 |
| 图标 |  |
| 图标精确哈希值 | 0c790f088fa3cbe91820bd754c10f9b9 |
| 图标相似性哈希值 | 788acc9b453ce817cd9e694b6a70e359 |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x0048d000 | 0x00488000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 6.76 |
| .rsrc | 0x0048e000 | 0x00006000 | 0x00005a00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.83 |
| .SCY | 0x00494000 | 0x00003000 | 0x00002c00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.60 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| TEXTINCLUDE | 0x00485028 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| TEXTINCLUDE | 0x00485028 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| TEXTINCLUDE | 0x00485028 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| RT_CURSOR | 0x00485528 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_CURSOR | 0x00485528 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_CURSOR | 0x00485528 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_CURSOR | 0x00485528 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_BITMAP | 0x00486c40 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x00486c40 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x00486c40 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x00486c40 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x00486c40 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x00486c40 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x00486c40 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x00486c40 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x00486c40 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x00486c40 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x00486c40 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x00486c40 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x00486c40 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x00486c40 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_ICON | 0x00491138 | 0x000010a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.57 | data |
| RT_ICON | 0x00491138 | 0x000010a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.57 | data |
| RT_ICON | 0x00491138 | 0x000010a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.57 | data |
| RT_ICON | 0x00491138 | 0x000010a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.57 | data |
| RT_MENU | 0x004871a8 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
| RT_MENU | 0x004871a8 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
| RT_DIALOG | 0x00488410 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x00488410 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x00488410 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x00488410 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x00488410 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x00488410 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x00488410 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x00488410 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x00488410 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x00488410 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_STRING | 0x00488e70 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x00488e70 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x00488e70 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x00488e70 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x00488e70 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x00488e70 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x00488e70 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x00488e70 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x00488e70 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x00488e70 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x00488e70 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_GROUP_CURSOR | 0x00488ec8 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x00488ec8 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x00488ec8 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_ICON | 0x00488f08 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_GROUP_ICON | 0x00488f08 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_GROUP_ICON | 0x00488f08 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_MANIFEST | 0x00492208 | 0x000002b9 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.02 | XML 1.0 document, ASCII text, with very long lines, with no line terminators |
导入
库: advapi32.dll:
• 0x5cc000 RegQueryValueA
• 0x5cc004 RegDeleteKeyA
• 0x5cc008 RegDeleteValueA
• 0x5cc00c RegCreateKeyA
• 0x5cc010 RegSetValueExA
• 0x5cc014 RegOpenKeyExA
• 0x5cc018 RegQueryValueExA
• 0x5cc01c RegCloseKey
• 0x5cc020 OpenProcessToken
• 0x5cc024 RegCreateKeyExA
• 0x5cc028 AdjustTokenPrivileges
• 0x5cc02c LookupPrivilegeValueA
库: comctl32.dll:
• 0x5cc034 InitCommonControls
• 0x5cc038 ImageList_EndDrag
• 0x5cc03c ImageList_DragShowNolock
• 0x5cc040 ImageList_DragMove
• 0x5cc044 ImageList_DragLeave
• 0x5cc048 ImageList_DragEnter
• 0x5cc04c ImageList_Destroy
• 0x5cc050 ImageList_Create
• 0x5cc054 ImageList_BeginDrag
• 0x5cc058 ImageList_Add
库: gdi32.dll:
• 0x5cc060 ExtSelectClipRgn
• 0x5cc064 LineTo
• 0x5cc068 MoveToEx
• 0x5cc06c ExcludeClipRect
• 0x5cc070 GetClipBox
• 0x5cc074 ScaleWindowExtEx
• 0x5cc078 SetWindowExtEx
• 0x5cc07c SetWindowOrgEx
• 0x5cc080 ScaleViewportExtEx
• 0x5cc084 SetViewportExtEx
• 0x5cc088 OffsetViewportOrgEx
• 0x5cc08c SetViewportOrgEx
• 0x5cc090 SetMapMode
• 0x5cc094 SetTextColor
• 0x5cc098 SetROP2
• 0x5cc09c SetPolyFillMode
• 0x5cc0a0 SetBkMode
• 0x5cc0a4 SetBkColor
• 0x5cc0a8 GetClipRgn
• 0x5cc0ac CreatePolygonRgn
• 0x5cc0b0 SelectClipRgn
• 0x5cc0b4 DeleteObject
• 0x5cc0b8 CreateDIBitmap
• 0x5cc0bc GetSystemPaletteEntries
• 0x5cc0c0 CreatePalette
• 0x5cc0c4 StretchBlt
• 0x5cc0c8 SelectPalette
• 0x5cc0cc RealizePalette
• 0x5cc0d0 GetDIBits
• 0x5cc0d4 GetWindowExtEx
• 0x5cc0d8 GetViewportOrgEx
• 0x5cc0dc GetWindowOrgEx
• 0x5cc0e0 BeginPath
• 0x5cc0e4 EndPath
• 0x5cc0e8 PathToRegion
• 0x5cc0ec CreateEllipticRgn
• 0x5cc0f0 CreateRoundRectRgn
• 0x5cc0f4 GetTextColor
• 0x5cc0f8 GetBkMode
• 0x5cc0fc GetBkColor
• 0x5cc100 GetROP2
• 0x5cc104 GetStretchBltMode
• 0x5cc108 GetPolyFillMode
• 0x5cc10c CreateCompatibleBitmap
• 0x5cc110 CreateDCA
• 0x5cc114 CreateBitmap
• 0x5cc118 SelectObject
• 0x5cc11c CreatePen
• 0x5cc120 PatBlt
• 0x5cc124 CombineRgn
• 0x5cc128 CreateRectRgn
• 0x5cc12c FillRgn
• 0x5cc130 CreateSolidBrush
• 0x5cc134 CreateFontIndirectA
• 0x5cc138 GetStockObject
• 0x5cc13c GetObjectA
• 0x5cc140 EndPage
• 0x5cc144 EndDoc
• 0x5cc148 DeleteDC
• 0x5cc14c StartDocA
• 0x5cc150 StartPage
• 0x5cc154 BitBlt
• 0x5cc158 CreateCompatibleDC
• 0x5cc15c Ellipse
• 0x5cc160 Rectangle
• 0x5cc164 LPtoDP
• 0x5cc168 DPtoLP
• 0x5cc16c GetCurrentObject
• 0x5cc170 RoundRect
• 0x5cc174 GetTextExtentPoint32A
• 0x5cc178 GetDeviceCaps
• 0x5cc17c GetViewportExtEx
• 0x5cc180 PtVisible
• 0x5cc184 RectVisible
• 0x5cc188 TextOutA
• 0x5cc18c ExtTextOutA
• 0x5cc190 Escape
• 0x5cc194 GetTextMetricsA
• 0x5cc198 CreateFontA
• 0x5cc19c TranslateCharsetInfo
• 0x5cc1a0 SetStretchBltMode
• 0x5cc1a4 CreateRectRgnIndirect
• 0x5cc1a8 SaveDC
• 0x5cc1ac RestoreDC
库: kernel32.dll:
• 0x5cc1b4 FileTimeToSystemTime
• 0x5cc1b8 Process32Next
• 0x5cc1bc Process32First
• 0x5cc1c0 CreateToolhelp32Snapshot
• 0x5cc1c4 SetFilePointer
• 0x5cc1c8 GetFileSize
• 0x5cc1cc GetCurrentProcess
• 0x5cc1d0 TerminateProcess
• 0x5cc1d4 OpenProcess
• 0x5cc1d8 GetWindowsDirectoryA
• 0x5cc1dc GetSystemDirectoryA
• 0x5cc1e0 GetVersion
• 0x5cc1e4 SetSystemPowerState
• 0x5cc1e8 CreateMutexA
• 0x5cc1ec ReleaseMutex
• 0x5cc1f0 SuspendThread
• 0x5cc1f4 SetLastError
• 0x5cc1f8 GetTimeZoneInformation
• 0x5cc1fc InterlockedExchange
• 0x5cc200 IsBadCodePtr
• 0x5cc204 IsBadReadPtr
• 0x5cc208 CompareStringW
• 0x5cc20c CompareStringA
• 0x5cc210 GetStringTypeW
• 0x5cc214 GetStringTypeA
• 0x5cc218 SetUnhandledExceptionFilter
• 0x5cc21c TerminateThread
• 0x5cc220 VirtualAlloc
• 0x5cc224 LCMapStringW
• 0x5cc228 LCMapStringA
• 0x5cc22c SetEnvironmentVariableA
• 0x5cc230 VirtualFree
• 0x5cc234 HeapCreate
• 0x5cc238 HeapDestroy
• 0x5cc23c GetEnvironmentVariableA
• 0x5cc240 GetStdHandle
• 0x5cc244 LockResource
• 0x5cc248 GetEnvironmentStringsW
• 0x5cc24c GetEnvironmentStringsA
• 0x5cc250 FreeEnvironmentStringsW
• 0x5cc254 FreeEnvironmentStringsA
• 0x5cc258 UnhandledExceptionFilter
• 0x5cc25c GetFileType
• 0x5cc260 SetStdHandle
• 0x5cc264 GetACP
• 0x5cc268 HeapSize
• 0x5cc26c RaiseException
• 0x5cc270 GetLocalTime
• 0x5cc274 GetSystemTime
• 0x5cc278 RtlUnwind
• 0x5cc27c GetStartupInfoA
• 0x5cc280 GetOEMCP
• 0x5cc284 GetCPInfo
• 0x5cc288 GetProcessVersion
• 0x5cc28c SetErrorMode
• 0x5cc290 GlobalFlags
• 0x5cc294 GetCurrentThread
• 0x5cc298 GetFileTime
• 0x5cc29c TlsGetValue
• 0x5cc2a0 LocalReAlloc
• 0x5cc2a4 TlsSetValue
• 0x5cc2a8 TlsFree
• 0x5cc2ac GlobalHandle
• 0x5cc2b0 TlsAlloc
• 0x5cc2b4 LocalAlloc
• 0x5cc2b8 lstrcmpA
• 0x5cc2bc GlobalGetAtomNameA
• 0x5cc2c0 GlobalAddAtomA
• 0x5cc2c4 GlobalFindAtomA
• 0x5cc2c8 GlobalDeleteAtom
• 0x5cc2cc lstrcmpiA
• 0x5cc2d0 SetEndOfFile
• 0x5cc2d4 UnlockFile
• 0x5cc2d8 LockFile
• 0x5cc2dc FlushFileBuffers
• 0x5cc2e0 DuplicateHandle
• 0x5cc2e4 lstrcpynA
• 0x5cc2e8 FileTimeToLocalFileTime
• 0x5cc2ec LocalFree
• 0x5cc2f0 InterlockedDecrement
• 0x5cc2f4 InterlockedIncrement
• 0x5cc2f8 CreateSemaphoreA
• 0x5cc2fc ResumeThread
• 0x5cc300 ReleaseSemaphore
• 0x5cc304 EnterCriticalSection
• 0x5cc308 LeaveCriticalSection
• 0x5cc30c GetProfileStringA
• 0x5cc310 WriteFile
• 0x5cc314 WaitForMultipleObjects
• 0x5cc318 CreateFileA
• 0x5cc31c CloseHandle
• 0x5cc320 WaitForSingleObject
• 0x5cc324 CreateProcessA
• 0x5cc328 GetTickCount
• 0x5cc32c GetCommandLineA
• 0x5cc330 MulDiv
• 0x5cc334 GetProcAddress
• 0x5cc338 GetModuleHandleA
• 0x5cc33c GetVolumeInformationA
• 0x5cc340 SetCurrentDirectoryA
• 0x5cc344 CreateDirectoryA
• 0x5cc348 DeleteFileA
• 0x5cc34c GetFileAttributesA
• 0x5cc350 SetFileAttributesA
• 0x5cc354 FindClose
• 0x5cc358 FindFirstFileA
• 0x5cc35c GetTempPathA
• 0x5cc360 SetEvent
• 0x5cc364 FindResourceA
• 0x5cc368 LoadResource
• 0x5cc36c LockResource
• 0x5cc370 ReadFile
• 0x5cc374 lstrlenW
• 0x5cc378 RemoveDirectoryA
• 0x5cc37c GetModuleFileNameA
• 0x5cc380 WideCharToMultiByte
• 0x5cc384 MultiByteToWideChar
• 0x5cc388 GetCurrentThreadId
• 0x5cc38c ExitProcess
• 0x5cc390 GlobalSize
• 0x5cc394 GlobalFree
• 0x5cc398 DeleteCriticalSection
• 0x5cc39c InitializeCriticalSection
• 0x5cc3a0 lstrcatA
• 0x5cc3a4 lstrlenA
• 0x5cc3a8 WinExec
• 0x5cc3ac lstrcpyA
• 0x5cc3b0 FindNextFileA
• 0x5cc3b4 GlobalReAlloc
• 0x5cc3b8 HeapFree
• 0x5cc3bc HeapReAlloc
• 0x5cc3c0 GetProcessHeap
• 0x5cc3c4 HeapAlloc
• 0x5cc3c8 GetUserDefaultLCID
• 0x5cc3cc GetFullPathNameA
• 0x5cc3d0 FreeLibrary
• 0x5cc3d4 LoadLibraryA
• 0x5cc3d8 GetLastError
• 0x5cc3dc GetVersionExA
• 0x5cc3e0 WritePrivateProfileStringA
• 0x5cc3e4 CreateThread
• 0x5cc3e8 CreateEventA
• 0x5cc3ec Sleep
• 0x5cc3f0 ExpandEnvironmentStringsA
• 0x5cc3f4 GlobalAlloc
• 0x5cc3f8 GlobalLock
• 0x5cc3fc GlobalUnlock
• 0x5cc400 IsBadWritePtr
库: oleaut32.dll:
• 0x5cc408 SafeArrayAccessData
• 0x5cc40c SafeArrayGetElement
• 0x5cc410 VariantCopyInd
• 0x5cc414 VariantInit
• 0x5cc418 SysAllocString
• 0x5cc41c SafeArrayDestroy
• 0x5cc420 SafeArrayCreate
• 0x5cc424 SafeArrayPutElement
• 0x5cc428 RegisterTypeLib
• 0x5cc42c LHashValOfNameSys
• 0x5cc430 LoadTypeLib
• 0x5cc434 SafeArrayUnaccessData
• 0x5cc438 UnRegisterTypeLib
• 0x5cc43c SafeArrayGetDim
• 0x5cc440 SafeArrayGetLBound
• 0x5cc444 SafeArrayGetUBound
• 0x5cc448 VariantChangeType
• 0x5cc44c VariantClear
• 0x5cc450 VariantCopy
库: shell32.dll:
• 0x5cc464 DragFinish
• 0x5cc468 DragAcceptFiles
• 0x5cc46c SHGetSpecialFolderPathA
• 0x5cc470 Shell_NotifyIconA
• 0x5cc474 ShellExecuteA
• 0x5cc478 DragQueryFileA
库: user32.dll:
• 0x5cc480 UnregisterHotKey
• 0x5cc484 GetSysColorBrush
• 0x5cc488 wsprintfA
• 0x5cc48c WaitForInputIdle
• 0x5cc490 GetForegroundWindow
• 0x5cc494 ExitWindowsEx
• 0x5cc498 RegisterHotKey
• 0x5cc49c CreateWindowExA
• 0x5cc4a0 CallWindowProcA
• 0x5cc4a4 SetForegroundWindow
• 0x5cc4a8 LoadStringA
• 0x5cc4ac GetMenuCheckMarkDimensions
• 0x5cc4b0 GetMenuState
• 0x5cc4b4 GetWindowTextA
• 0x5cc4b8 FindWindowExA
• 0x5cc4bc GetDlgItem
• 0x5cc4c0 FindWindowA
• 0x5cc4c4 GetWindowThreadProcessId
• 0x5cc4c8 GetClassNameA
• 0x5cc4cc GetDesktopWindow
• 0x5cc4d0 SetWindowTextA
• 0x5cc4d4 LoadIconA
• 0x5cc4d8 TranslateMessage
• 0x5cc4dc DrawFrameControl
• 0x5cc4e0 DrawEdge
• 0x5cc4e4 DrawFocusRect
• 0x5cc4e8 WindowFromPoint
• 0x5cc4ec GetMessageA
• 0x5cc4f0 DispatchMessageA
• 0x5cc4f4 SetRectEmpty
• 0x5cc4f8 RegisterClipboardFormatA
• 0x5cc4fc CreateIconFromResourceEx
• 0x5cc500 CreateIconFromResource
• 0x5cc504 DrawIconEx
• 0x5cc508 CreatePopupMenu
• 0x5cc50c AppendMenuA
• 0x5cc510 ModifyMenuA
• 0x5cc514 CreateMenu
• 0x5cc518 CreateAcceleratorTableA
• 0x5cc51c GetDlgCtrlID
• 0x5cc520 GetSubMenu
• 0x5cc524 EnableMenuItem
• 0x5cc528 ClientToScreen
• 0x5cc52c EnumDisplaySettingsA
• 0x5cc530 LoadImageA
• 0x5cc534 SystemParametersInfoA
• 0x5cc538 SetMenuItemBitmaps
• 0x5cc53c CheckMenuItem
• 0x5cc540 MoveWindow
• 0x5cc544 IsDialogMessageA
• 0x5cc548 ScrollWindowEx
• 0x5cc54c SendDlgItemMessageA
• 0x5cc550 MapWindowPoints
• 0x5cc554 AdjustWindowRectEx
• 0x5cc558 GetScrollPos
• 0x5cc55c RegisterClassA
• 0x5cc560 GetMenuItemCount
• 0x5cc564 GetMenuItemID
• 0x5cc568 SetWindowsHookExA
• 0x5cc56c CallNextHookEx
• 0x5cc570 GetClassLongA
• 0x5cc574 SetPropA
• 0x5cc578 UnhookWindowsHookEx
• 0x5cc57c GetPropA
• 0x5cc580 RemovePropA
• 0x5cc584 GetMessageTime
• 0x5cc588 GetLastActivePopup
• 0x5cc58c RegisterClipboardFormatA
• 0x5cc590 GetWindowPlacement
• 0x5cc594 GetNextDlgTabItem
• 0x5cc598 EndDialog
• 0x5cc59c CreateDialogIndirectParamA
• 0x5cc5a0 DestroyWindow
• 0x5cc5a4 GrayStringA
• 0x5cc5a8 DrawTextA
• 0x5cc5ac ShowWindow
• 0x5cc5b0 IsWindowEnabled
• 0x5cc5b4 TranslateAcceleratorA
• 0x5cc5b8 GetKeyState
• 0x5cc5bc CopyAcceleratorTableA
• 0x5cc5c0 PostQuitMessage
• 0x5cc5c4 IsZoomed
• 0x5cc5c8 GetClassInfoA
• 0x5cc5cc DefWindowProcA
• 0x5cc5d0 GetSystemMenu
• 0x5cc5d4 DeleteMenu
• 0x5cc5d8 GetMenu
• 0x5cc5dc SetMenu
• 0x5cc5e0 PeekMessageA
• 0x5cc5e4 IsIconic
• 0x5cc5e8 SetFocus
• 0x5cc5ec GetActiveWindow
• 0x5cc5f0 GetWindow
• 0x5cc5f4 DestroyAcceleratorTable
• 0x5cc5f8 SetWindowRgn
• 0x5cc5fc GetMessagePos
• 0x5cc600 ScreenToClient
• 0x5cc604 ChildWindowFromPointEx
• 0x5cc608 CopyRect
• 0x5cc60c LoadBitmapA
• 0x5cc610 WinHelpA
• 0x5cc614 KillTimer
• 0x5cc618 SetTimer
• 0x5cc61c ReleaseCapture
• 0x5cc620 GetCapture
• 0x5cc624 SetCapture
• 0x5cc628 GetScrollRange
• 0x5cc62c SetScrollRange
• 0x5cc630 SetScrollPos
• 0x5cc634 SetRect
• 0x5cc638 InflateRect
• 0x5cc63c IntersectRect
• 0x5cc640 DestroyCursor
• 0x5cc644 PtInRect
• 0x5cc648 OffsetRect
• 0x5cc64c IsWindowVisible
• 0x5cc650 EnableWindow
• 0x5cc654 RedrawWindow
• 0x5cc658 GetWindowLongA
• 0x5cc65c SetWindowLongA
• 0x5cc660 GetSysColor
• 0x5cc664 SetActiveWindow
• 0x5cc668 SetCursorPos
• 0x5cc66c LoadCursorA
• 0x5cc670 SetCursor
• 0x5cc674 GetDC
• 0x5cc678 FillRect
• 0x5cc67c IsRectEmpty
• 0x5cc680 ReleaseDC
• 0x5cc684 IsChild
• 0x5cc688 DestroyMenu
• 0x5cc68c UnregisterClassA
• 0x5cc690 GetWindowRect
• 0x5cc694 EqualRect
• 0x5cc698 UpdateWindow
• 0x5cc69c ValidateRect
• 0x5cc6a0 InvalidateRect
• 0x5cc6a4 GetClientRect
• 0x5cc6a8 GetFocus
• 0x5cc6ac GetParent
• 0x5cc6b0 GetTopWindow
• 0x5cc6b4 PostMessageA
• 0x5cc6b8 IsWindow
• 0x5cc6bc SetParent
• 0x5cc6c0 DestroyCursor
• 0x5cc6c4 SendMessageA
• 0x5cc6c8 SetWindowPos
• 0x5cc6cc MessageBoxA
• 0x5cc6d0 GetCursorPos
• 0x5cc6d4 GetSystemMetrics
• 0x5cc6d8 EmptyClipboard
• 0x5cc6dc SetClipboardData
• 0x5cc6e0 OpenClipboard
• 0x5cc6e4 GetClipboardData
• 0x5cc6e8 CloseClipboard
• 0x5cc6ec GetWindowTextLengthA
• 0x5cc6f0 CharUpperA
• 0x5cc6f4 GetWindowDC
• 0x5cc6f8 BeginPaint
• 0x5cc6fc EndPaint
• 0x5cc700 TabbedTextOutA
库: wininet.dll:
• 0x5cc708 InternetCloseHandle
库: winmm.dll:
• 0x5cc710 midiStreamRestart
• 0x5cc714 midiStreamClose
• 0x5cc718 midiOutReset
• 0x5cc71c waveOutRestart
• 0x5cc720 waveOutUnprepareHeader
• 0x5cc724 waveOutPrepareHeader
• 0x5cc728 waveOutWrite
• 0x5cc72c waveOutPause
• 0x5cc730 waveOutReset
• 0x5cc734 waveOutClose
• 0x5cc738 midiStreamStop
• 0x5cc73c midiStreamOut
• 0x5cc740 midiOutPrepareHeader
• 0x5cc744 midiStreamProperty
• 0x5cc748 midiStreamOpen
• 0x5cc74c midiOutUnprepareHeader
• 0x5cc750 waveOutOpen
• 0x5cc754 waveOutGetNumDevs
库: ws2_32.dll:
• 0x5cc76c send
• 0x5cc770 select
• 0x5cc774 WSACleanup
• 0x5cc778 WSAStartup
• 0x5cc77c gethostbyname
• 0x5cc780 inet_ntoa
• 0x5cc784 inet_addr
• 0x5cc788 gethostname
• 0x5cc78c closesocket
• 0x5cc790 WSAAsyncSelect
• 0x5cc794 htons
• 0x5cc798 bind
• 0x5cc79c htonl
• 0x5cc7a0 socket
• 0x5cc7a4 sendto
• 0x5cc7a8 recvfrom
• 0x5cc7ac connect
• 0x5cc7b0 recv
• 0x5cc7b4 listen
• 0x5cc7b8 htonl
• 0x5cc7bc getsockname
• 0x5cc7c0 htons
• 0x5cc7c4 __WSAFDIsSet
• 0x5cc7c8 WSAGetLastError
• 0x5cc7cc shutdown
• 0x5cc7d0 accept
• 0x5cc7d4 getpeername
• 0x5cc7d8 ioctlsocket
库: comdlg32.dll:
• 0x5cc7e0 ChooseColorA
• 0x5cc7e4 GetFileTitleA
• 0x5cc7e8 GetSaveFileNameA
• 0x5cc7ec GetOpenFileNameA
库: ole32.dll:
• 0x5cc7f4 OleRun
• 0x5cc7f8 CoCreateInstance
• 0x5cc7fc CLSIDFromString
• 0x5cc800 OleUninitialize
• 0x5cc804 OleInitialize
• 0x5cc808 CLSIDFromProgID
.text
.rsrc
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49164 | 23.219.38.64 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49164 | 23.219.38.64 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 95.099 seconds )
- 72.328 BehaviorAnalysis
- 11.311 Suricata
- 3.757 VirusTotal
- 3.154 Static
- 2.958 NetworkAnalysis
- 1.119 TargetInfo
- 0.427 peid
- 0.022 AnalysisInfo
- 0.011 Strings
- 0.01 config_decoder
- 0.002 Memory
Signatures ( 33.726 seconds )
- 9.161 antidbg_windows
- 3.791 api_spamming
- 2.967 stealth_timeout
- 2.877 stealth_decoy_document
- 2.763 antivm_vbox_window
- 2.563 browser_needed
- 2.167 antisandbox_script_timer
- 1.705 injection_explorer
- 1.362 md_url_bl
- 0.91 antivm_generic_scsi
- 0.903 antiav_detectreg
- 0.31 infostealer_ftp
- 0.227 antivm_generic_services
- 0.213 anormaly_invoke_kills
- 0.193 antianalysis_detectreg
- 0.168 infostealer_im
- 0.095 infostealer_mail
- 0.085 mimics_filetime
- 0.071 stealth_file
- 0.071 reads_self
- 0.061 virus
- 0.058 antivm_generic_disk
- 0.058 recon_fingerprint
- 0.053 bootkit
- 0.046 kibex_behavior
- 0.046 antivm_xen_keys
- 0.044 antivm_parallels_keys
- 0.044 darkcomet_regkeys
- 0.041 hancitor_behavior
- 0.035 geodo_banking_trojan
- 0.031 betabot_behavior
- 0.03 antivm_generic_diskreg
- 0.025 antisandbox_productid
- 0.022 maldun_anomaly_massive_file_ops
- 0.022 kovter_behavior
- 0.021 injection_createremotethread
- 0.021 infostealer_browser_password
- 0.019 recon_programs
- 0.018 antiemu_wine_func
- 0.017 antivm_vmware_keys
- 0.016 antivm_vbox_keys
- 0.015 antivm_vbox_libs
- 0.015 injection_runpe
- 0.015 antivm_hyperv_keys
- 0.015 antivm_vbox_acpi
- 0.015 antivm_vpc_keys
- 0.015 maldun_anomaly_invoke_vb_vba
- 0.015 packer_armadillo_regkey
- 0.014 bypass_firewall
- 0.014 antivm_xen_keys
- 0.012 maldun_malicious_write_executeable_under_temp_to_regrun
- 0.012 maldun_anomaly_write_exe_and_obsfucate_extension
- 0.012 antivm_generic_bios
- 0.012 antivm_generic_cpu
- 0.012 antivm_generic_system
- 0.011 antiav_detectfile
- 0.01 maldun_anomaly_write_exe_and_dll_under_winroot_run
- 0.01 md_domain_bl
- 0.009 infostealer_browser
- 0.009 antisandbox_sunbelt_libs
- 0.009 exec_crash
- 0.008 antiav_avast_libs
- 0.008 process_interest
- 0.008 infostealer_bitcoin
- 0.008 ransomware_extensions
- 0.008 ransomware_files
- 0.007 rat_luminosity
- 0.007 antisandbox_sboxie_libs
- 0.007 anomaly_persistence_autorun
- 0.006 maldun_anomaly_terminated_process
- 0.006 antiav_bitdefender_libs
- 0.005 vawtrak_behavior
- 0.005 disables_browser_warn
- 0.004 antivm_vmware_libs
- 0.004 shifu_behavior
- 0.004 process_needed
- 0.004 antivm_vbox_files
- 0.003 ipc_namedpipe
- 0.003 network_http
- 0.002 tinba_behavior
- 0.002 hawkeye_behavior
- 0.002 rat_nanocore
- 0.002 Locky_behavior
- 0.002 h1n1_behavior
- 0.002 antidbg_devices
- 0.002 antiemu_wine_reg
- 0.002 bot_drive
- 0.002 bot_drive2
- 0.002 browser_security
- 0.002 modify_proxy
- 0.002 network_cnc_http
- 0.002 rat_pcclient
- 0.001 network_tor
- 0.001 anomaly_persistence_bootexecute
- 0.001 cerber_behavior
- 0.001 antianalysis_detectfile
- 0.001 antivm_vmware_files
- 0.001 banker_zeus_mutex
- 0.001 browser_addon
- 0.001 disables_system_restore
- 0.001 codelux_behavior
- 0.001 maldun_malicious_drop_executable_file_to_temp_folder
- 0.001 md_bad_drop
- 0.001 office_security
- 0.001 rat_spynet
- 0.001 stealth_modify_uac_prompt
Reporting ( 0.753 seconds )
- 0.65 ReportHTMLSummary
- 0.103 Malheur
| Task ID | 692588 |
|---|---|
| Mongo ID | 6290ecb17e769a0b43022f21 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号