分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2022-05-28 00:19:50 | 2022-05-28 00:22:02 | 132 秒 |
魔盾分数
10.0
危险的
文件详细信息
| 文件名 | QQDADAOVIP.exe |
|---|---|
| 文件大小 | 606208 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | bda56cf30bea451439455567cc37db53 |
| SHA1 | 1f822bdf2a03e0795b2fd99ad3c6e91dbc375b05 |
| SHA256 | a45f7196b6e0b4a96a50bb6866b7d1becc6109120dee21dc8e6f79f8b21a2667 |
| SHA512 | ee0929f726431b9ede7fc1078b9ad57e4a093609aca15d7139ea5a1c63694c68276615561ae845feb83eb31b8d0cdb6c582cdf131009662ff7fad7e968516cb0 |
| CRC32 | D5DA79D1 |
| Ssdeep | 6144:ZbTaWWBAOKaJyzHS9qef9PEr5rAN2Y4p3czFcyD8iG7jopq1B1tRQqpu5+X:ZEKfzS9Hf56CSyDWHGq1Fr |
| Yara | 登录查看Yara规则 |
| 找不到该样本 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x00447192 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x0009aefa |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2013-03-14 21:55:06 |
| 载入哈希 | f6db569c26db90c77fc24bafaf1610e5 |
| 图标 |  |
| 图标精确哈希值 | 7bdbe8603eae61b51da840097545794b |
| 图标相似性哈希值 | a0d71d3b5a41797c8892e8b6bc319940 |
版本信息
| LegalCopyright | |
|---|---|
| FileVersion | |
| CompanyName | |
| Comments | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00064812 | 0x00065000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.55 |
| .rdata | 0x00066000 | 0x00018c54 | 0x00019000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.73 |
| .data | 0x0007f000 | 0x0002aaea | 0x0000f000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.78 |
| .rsrc | 0x000aa000 | 0x0000530c | 0x00006000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.74 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| TEXTINCLUDE | 0x000aab78 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| TEXTINCLUDE | 0x000aab78 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| TEXTINCLUDE | 0x000aab78 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| RT_CURSOR | 0x000ab068 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_CURSOR | 0x000ab068 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_CURSOR | 0x000ab068 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_CURSOR | 0x000ab068 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_BITMAP | 0x000ac770 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x000ac770 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x000ac770 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x000ac770 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x000ac770 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x000ac770 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x000ac770 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x000ac770 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x000ac770 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x000ac770 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x000ac770 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x000ac770 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x000ac770 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x000ac770 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_ICON | 0x000accc4 | 0x000006a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.28 | dBase III DBT, version number 0, next free block index 40, 1st item "\013x\270\263" |
| RT_ICON | 0x000accc4 | 0x000006a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.28 | dBase III DBT, version number 0, next free block index 40, 1st item "\013x\270\263" |
| RT_ICON | 0x000accc4 | 0x000006a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.28 | dBase III DBT, version number 0, next free block index 40, 1st item "\013x\270\263" |
| RT_MENU | 0x000ad378 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
| RT_MENU | 0x000ad378 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
| RT_DIALOG | 0x000ae5c0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x000ae5c0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x000ae5c0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x000ae5c0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x000ae5c0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x000ae5c0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x000ae5c0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x000ae5c0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x000ae5c0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x000ae5c0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_STRING | 0x000af008 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x000af008 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x000af008 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x000af008 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x000af008 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x000af008 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x000af008 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x000af008 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x000af008 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x000af008 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x000af008 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_GROUP_CURSOR | 0x000af054 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x000af054 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x000af054 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_ICON | 0x000af0a0 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_GROUP_ICON | 0x000af0a0 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_GROUP_ICON | 0x000af0a0 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_VERSION | 0x000af0b4 | 0x00000258 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.61 | data |
导入
库: WINMM.dll:
• 0x46662c midiStreamOut
• 0x466630 midiOutPrepareHeader
• 0x466634 waveOutOpen
• 0x466638 midiOutUnprepareHeader
• 0x46663c midiStreamOpen
• 0x466640 midiStreamProperty
• 0x466644 waveOutReset
• 0x466648 waveOutPause
• 0x46664c waveOutWrite
• 0x466650 waveOutPrepareHeader
• 0x466654 waveOutUnprepareHeader
• 0x466658 midiStreamStop
• 0x46665c midiOutReset
• 0x466660 midiStreamClose
• 0x466664 midiStreamRestart
• 0x466668 waveOutGetNumDevs
• 0x46666c waveOutClose
库: WS2_32.dll:
• 0x466684 WSAAsyncSelect
• 0x466688 closesocket
• 0x46668c WSACleanup
• 0x466690 recvfrom
• 0x466694 ioctlsocket
• 0x466698 inet_ntoa
• 0x46669c recv
• 0x4666a0 accept
• 0x4666a4 getpeername
库: KERNEL32.dll:
• 0x466184 MultiByteToWideChar
• 0x466188 SetLastError
• 0x46618c GetTimeZoneInformation
• 0x466190 GetVersion
• 0x466194 HeapSize
• 0x466198 RaiseException
• 0x46619c GetLocalTime
• 0x4661a0 GetSystemTime
• 0x4661a4 RtlUnwind
• 0x4661a8 GetStartupInfoA
• 0x4661ac GetOEMCP
• 0x4661b0 GetCPInfo
• 0x4661b4 GetProcessVersion
• 0x4661b8 SetErrorMode
• 0x4661bc GlobalFlags
• 0x4661c0 GetCurrentThread
• 0x4661c4 GetFileTime
• 0x4661c8 TlsGetValue
• 0x4661cc LocalReAlloc
• 0x4661d0 TlsSetValue
• 0x4661d4 TlsFree
• 0x4661d8 GlobalHandle
• 0x4661dc TlsAlloc
• 0x4661e0 LocalAlloc
• 0x4661e4 lstrcmpA
• 0x4661e8 GlobalGetAtomNameA
• 0x4661ec GlobalAddAtomA
• 0x4661f0 GlobalFindAtomA
• 0x4661f4 GlobalDeleteAtom
• 0x4661f8 lstrcmpiA
• 0x4661fc SetEndOfFile
• 0x466200 UnlockFile
• 0x466204 LockFile
• 0x466208 FlushFileBuffers
• 0x46620c DuplicateHandle
• 0x466210 lstrcpynA
• 0x466214 FileTimeToLocalFileTime
• 0x466218 FileTimeToSystemTime
• 0x46621c LocalFree
• 0x466220 WideCharToMultiByte
• 0x466224 InterlockedDecrement
• 0x466228 InterlockedIncrement
• 0x46622c OpenProcess
• 0x466230 TerminateProcess
• 0x466234 GetCurrentProcess
• 0x466238 GetFileSize
• 0x46623c SetFilePointer
• 0x466240 CreateToolhelp32Snapshot
• 0x466244 Process32First
• 0x466248 Process32Next
• 0x46624c CreateSemaphoreA
• 0x466250 ResumeThread
• 0x466254 ReleaseSemaphore
• 0x466258 EnterCriticalSection
• 0x46625c LeaveCriticalSection
• 0x466260 GetProfileStringA
• 0x466264 WriteFile
• 0x466268 ReadFile
• 0x46626c GetLastError
• 0x466270 WaitForMultipleObjects
• 0x466274 CreateFileA
• 0x466278 SetEvent
• 0x46627c FindResourceA
• 0x466280 LoadResource
• 0x466284 LockResource
• 0x466288 GetModuleFileNameA
• 0x46628c GetCurrentThreadId
• 0x466290 ExitProcess
• 0x466294 GlobalSize
• 0x466298 GlobalFree
• 0x46629c DeleteCriticalSection
• 0x4662a0 InitializeCriticalSection
• 0x4662a4 lstrcatA
• 0x4662a8 WinExec
• 0x4662ac lstrcpyA
• 0x4662b0 FindNextFileA
• 0x4662b4 InterlockedExchange
• 0x4662b8 GlobalReAlloc
• 0x4662bc HeapFree
• 0x4662c0 HeapReAlloc
• 0x4662c4 GetProcessHeap
• 0x4662c8 HeapAlloc
• 0x4662cc GetFullPathNameA
• 0x4662d0 FreeLibrary
• 0x4662d4 LoadLibraryA
• 0x4662d8 lstrlenA
• 0x4662dc GetVersionExA
• 0x4662e0 WritePrivateProfileStringA
• 0x4662e4 CreateThread
• 0x4662e8 CreateEventA
• 0x4662ec Sleep
• 0x4662f0 GlobalAlloc
• 0x4662f4 GlobalLock
• 0x4662f8 GlobalUnlock
• 0x4662fc FindFirstFileA
• 0x466300 FindClose
• 0x466304 SetFileAttributesA
• 0x466308 GetFileAttributesA
• 0x46630c SetCurrentDirectoryA
• 0x466310 GetVolumeInformationA
• 0x466314 GetModuleHandleA
• 0x466318 GetProcAddress
• 0x46631c MulDiv
• 0x466320 GetCommandLineA
• 0x466324 GetTickCount
• 0x466328 WaitForSingleObject
• 0x46632c CloseHandle
• 0x466330 GetACP
• 0x466334 UnhandledExceptionFilter
• 0x466338 FreeEnvironmentStringsA
• 0x46633c FreeEnvironmentStringsW
• 0x466340 GetEnvironmentStrings
• 0x466344 GetEnvironmentStringsW
• 0x466348 SetHandleCount
• 0x46634c GetStdHandle
• 0x466350 GetFileType
• 0x466354 GetEnvironmentVariableA
• 0x466358 HeapDestroy
• 0x46635c HeapCreate
• 0x466360 VirtualFree
• 0x466364 SetEnvironmentVariableA
• 0x466368 LCMapStringA
• 0x46636c LCMapStringW
• 0x466370 VirtualAlloc
• 0x466374 IsBadWritePtr
• 0x466378 SetUnhandledExceptionFilter
• 0x46637c GetStringTypeA
• 0x466380 GetStringTypeW
• 0x466384 CompareStringA
• 0x466388 CompareStringW
• 0x46638c IsBadReadPtr
• 0x466390 IsBadCodePtr
• 0x466394 SetStdHandle
库: USER32.dll:
• 0x4663b8 IsIconic
• 0x4663bc SetFocus
• 0x4663c0 GetActiveWindow
• 0x4663c4 GetWindow
• 0x4663c8 DestroyAcceleratorTable
• 0x4663cc PeekMessageA
• 0x4663d0 SetMenu
• 0x4663d4 GetMenu
• 0x4663d8 DefWindowProcA
• 0x4663dc GetClassInfoA
• 0x4663e0 DeleteMenu
• 0x4663e4 GetSystemMenu
• 0x4663e8 IsZoomed
• 0x4663ec PostQuitMessage
• 0x4663f0 CopyAcceleratorTableA
• 0x4663f4 GetKeyState
• 0x4663f8 TranslateAcceleratorA
• 0x4663fc IsWindowEnabled
• 0x466400 ShowWindow
• 0x466404 LoadImageA
• 0x466408 EnumDisplaySettingsA
• 0x46640c ClientToScreen
• 0x466410 EnableMenuItem
• 0x466414 GetSubMenu
• 0x466418 GetDlgCtrlID
• 0x46641c CreateAcceleratorTableA
• 0x466420 CreateMenu
• 0x466424 SetWindowRgn
• 0x466428 GetMessagePos
• 0x46642c ScreenToClient
• 0x466430 ChildWindowFromPointEx
• 0x466434 CopyRect
• 0x466438 LoadBitmapA
• 0x46643c ModifyMenuA
• 0x466440 KillTimer
• 0x466444 SetTimer
• 0x466448 ReleaseCapture
• 0x46644c GetCapture
• 0x466450 SetCapture
• 0x466454 GetScrollRange
• 0x466458 SetScrollRange
• 0x46645c SetScrollPos
• 0x466460 InflateRect
• 0x466464 SetRect
• 0x466468 IntersectRect
• 0x46646c GetSysColorBrush
• 0x466470 DestroyIcon
• 0x466474 PtInRect
• 0x466478 OffsetRect
• 0x46647c IsWindowVisible
• 0x466480 EnableWindow
• 0x466484 RedrawWindow
• 0x466488 GetWindowLongA
• 0x46648c SetWindowLongA
• 0x466490 GetSysColor
• 0x466494 SetActiveWindow
• 0x466498 SetCursorPos
• 0x46649c LoadCursorA
• 0x4664a0 SetCursor
• 0x4664a4 GetDC
• 0x4664a8 FillRect
• 0x4664ac IsRectEmpty
• 0x4664b0 ReleaseDC
• 0x4664b4 IsChild
• 0x4664b8 DestroyMenu
• 0x4664bc SetForegroundWindow
• 0x4664c0 GetWindowRect
• 0x4664c4 EqualRect
• 0x4664c8 UpdateWindow
• 0x4664cc ValidateRect
• 0x4664d0 InvalidateRect
• 0x4664d4 GetClientRect
• 0x4664d8 GetFocus
• 0x4664dc GetParent
• 0x4664e0 GetTopWindow
• 0x4664e4 PostMessageA
• 0x4664e8 IsWindow
• 0x4664ec SetParent
• 0x4664f0 DestroyCursor
• 0x4664f4 SendMessageA
• 0x4664f8 SetWindowPos
• 0x4664fc MessageBoxA
• 0x466500 GetCursorPos
• 0x466504 GetSystemMetrics
• 0x466508 EmptyClipboard
• 0x46650c SetClipboardData
• 0x466510 OpenClipboard
• 0x466514 GetClipboardData
• 0x466518 CloseClipboard
• 0x46651c wsprintfA
• 0x466520 AppendMenuA
• 0x466524 CreatePopupMenu
• 0x466528 DrawIconEx
• 0x46652c CreateIconFromResource
• 0x466530 CreateIconFromResourceEx
• 0x466534 RegisterClipboardFormatA
• 0x466538 SetRectEmpty
• 0x46653c GetMessageA
• 0x466540 WindowFromPoint
• 0x466544 DrawFocusRect
• 0x466548 DrawEdge
• 0x46654c DrawFrameControl
• 0x466550 LoadIconA
• 0x466554 TranslateMessage
• 0x466558 SystemParametersInfoA
• 0x46655c GetDesktopWindow
• 0x466560 GetClassNameA
• 0x466564 GetWindowThreadProcessId
• 0x466568 FindWindowA
• 0x46656c GetDlgItem
• 0x466570 GetWindowTextA
• 0x466574 WinHelpA
• 0x466578 UnregisterClassA
• 0x46657c DispatchMessageA
• 0x466580 GetWindowTextLengthA
• 0x466584 CharUpperA
• 0x466588 GetWindowDC
• 0x46658c BeginPaint
• 0x466590 EndPaint
• 0x466594 TabbedTextOutA
• 0x466598 DrawTextA
• 0x46659c GrayStringA
• 0x4665a0 DestroyWindow
• 0x4665a4 CreateDialogIndirectParamA
• 0x4665a8 EndDialog
• 0x4665ac GetNextDlgTabItem
• 0x4665b0 GetWindowPlacement
• 0x4665b4 RegisterWindowMessageA
• 0x4665b8 GetForegroundWindow
• 0x4665bc GetLastActivePopup
• 0x4665c0 GetMessageTime
• 0x4665c4 RemovePropA
• 0x4665c8 CallWindowProcA
• 0x4665cc GetPropA
• 0x4665d0 UnhookWindowsHookEx
• 0x4665d4 SetPropA
• 0x4665d8 GetClassLongA
• 0x4665dc CallNextHookEx
• 0x4665e0 SetWindowsHookExA
• 0x4665e4 CreateWindowExA
• 0x4665e8 GetMenuItemID
• 0x4665ec GetMenuItemCount
• 0x4665f0 RegisterClassA
• 0x4665f4 GetScrollPos
• 0x4665f8 AdjustWindowRectEx
• 0x4665fc MapWindowPoints
• 0x466600 SendDlgItemMessageA
• 0x466604 ScrollWindowEx
• 0x466608 IsDialogMessageA
• 0x46660c SetWindowTextA
• 0x466610 MoveWindow
• 0x466614 CheckMenuItem
• 0x466618 SetMenuItemBitmaps
• 0x46661c GetMenuState
• 0x466620 GetMenuCheckMarkDimensions
• 0x466624 LoadStringA
库: GDI32.dll:
• 0x466028 GetTextMetricsA
• 0x46602c Escape
• 0x466030 ExtTextOutA
• 0x466034 TextOutA
• 0x466038 RectVisible
• 0x46603c PtVisible
• 0x466040 GetViewportExtEx
• 0x466044 ExtSelectClipRgn
• 0x466048 CreateSolidBrush
• 0x46604c GetStockObject
• 0x466050 CreateFontIndirectA
• 0x466054 EndPage
• 0x466058 EndDoc
• 0x46605c DeleteDC
• 0x466060 StartDocA
• 0x466064 StartPage
• 0x466068 BitBlt
• 0x46606c GetPixel
• 0x466070 CreateCompatibleDC
• 0x466074 Ellipse
• 0x466078 Rectangle
• 0x46607c DPtoLP
• 0x466080 GetCurrentObject
• 0x466084 RoundRect
• 0x466088 GetTextExtentPoint32A
• 0x46608c GetDeviceCaps
• 0x466090 CreateDIBSection
• 0x466094 CreateRectRgnIndirect
• 0x466098 SetBkColor
• 0x46609c LineTo
• 0x4660a0 MoveToEx
• 0x4660a4 ExcludeClipRect
• 0x4660a8 GetClipBox
• 0x4660ac ScaleWindowExtEx
• 0x4660b0 CombineRgn
• 0x4660b4 CreateRectRgn
• 0x4660b8 FillRgn
• 0x4660bc PatBlt
• 0x4660c0 CreatePen
• 0x4660c4 GetObjectA
• 0x4660c8 SelectObject
• 0x4660cc CreateBitmap
• 0x4660d0 CreateDCA
• 0x4660d4 CreateCompatibleBitmap
• 0x4660d8 GetPolyFillMode
• 0x4660dc GetStretchBltMode
• 0x4660e0 GetROP2
• 0x4660e4 GetBkColor
• 0x4660e8 GetBkMode
• 0x4660ec GetTextColor
• 0x4660f0 CreateRoundRectRgn
• 0x4660f4 CreateEllipticRgn
• 0x4660f8 PathToRegion
• 0x4660fc EndPath
• 0x466100 BeginPath
• 0x466104 GetWindowOrgEx
• 0x466108 GetViewportOrgEx
• 0x46610c GetWindowExtEx
• 0x466110 GetDIBits
• 0x466114 RealizePalette
• 0x466118 SetWindowExtEx
• 0x46611c SetWindowOrgEx
• 0x466120 ScaleViewportExtEx
• 0x466124 SetViewportExtEx
• 0x466128 OffsetViewportOrgEx
• 0x46612c SetViewportOrgEx
• 0x466130 SetMapMode
• 0x466134 SelectPalette
• 0x466138 StretchBlt
• 0x46613c CreatePalette
• 0x466140 GetSystemPaletteEntries
• 0x466144 CreateDIBitmap
• 0x466148 DeleteObject
• 0x46614c SelectClipRgn
• 0x466150 CreatePolygonRgn
• 0x466154 SetPixel
• 0x466158 SetStretchBltMode
• 0x46615c LPtoDP
• 0x466160 GetClipRgn
• 0x466164 SetTextColor
• 0x466168 SetROP2
• 0x46616c SetPolyFillMode
• 0x466170 SetBkMode
• 0x466174 RestoreDC
• 0x466178 SaveDC
• 0x46617c ExtCreateRegion
库: ADVAPI32.dll:
• 0x466000 RegCloseKey
• 0x466004 RegOpenKeyExA
• 0x466008 RegSetValueExA
• 0x46600c RegCreateKeyA
• 0x466010 RegQueryValueA
• 0x466014 RegCreateKeyExA
库: comdlg32.dll:
• 0x4666ac ChooseColorA
• 0x4666b0 GetOpenFileNameA
• 0x4666b4 GetSaveFileNameA
• 0x4666b8 GetFileTitleA
.text
`.rdata
@.data
.rsrc
8`}<j
T$Hh0-H
D$|h
T$|h<-H
D$|h8-H
Qhx-H
Rhp-H
F<p G
T$8h!
D$HUSj
D$8Rj
l$<VWj
L$0hp.H
D$,RVh@.H
Qhp.H
u(Uh,/H
Phl/H
Ph,/H
T$ Rj
L$4S+L$0Qj
T$$Rh(>G
Ph0-H
}'h
9^xu5j
T$,Qj
H%L{H
T$0Pj
D$8RPj
D$0h
T$,Qj
NpRQj
t$<Vj
T$<h
D$(hF
T$(h
L$@h
D$$VPj
L$Th!
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 23.55.220.27 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 23.55.220.27 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 104.793 seconds )
- 82.821 BehaviorAnalysis
- 10.967 Suricata
- 6.289 VirusTotal
- 3.163 NetworkAnalysis
- 0.847 Static
- 0.348 TargetInfo
- 0.33 peid
- 0.012 AnalysisInfo
- 0.011 Strings
- 0.004 Memory
- 0.001 config_decoder
Signatures ( 38.563 seconds )
- 6.392 process_interest
- 5.699 injection_createremotethread
- 5.471 api_spamming
- 4.133 stealth_timeout
- 4.072 vawtrak_behavior
- 3.856 injection_runpe
- 3.56 stealth_decoy_document
- 2.715 process_needed
- 1.354 md_url_bl
- 0.527 antidbg_windows
- 0.2 packer_themida
- 0.154 antivm_vbox_window
- 0.119 antisandbox_script_timer
- 0.111 browser_needed
- 0.087 injection_explorer
- 0.017 antiav_detectreg
- 0.012 stealth_file
- 0.009 md_domain_bl
- 0.007 anomaly_persistence_autorun
- 0.007 infostealer_ftp
- 0.005 antiav_detectfile
- 0.005 geodo_banking_trojan
- 0.004 infostealer_im
- 0.004 ransomware_extensions
- 0.004 ransomware_files
- 0.003 antianalysis_detectreg
- 0.003 browser_security
- 0.003 modify_proxy
- 0.003 disables_browser_warn
- 0.003 infostealer_bitcoin
- 0.003 infostealer_mail
- 0.003 network_http
- 0.002 tinba_behavior
- 0.002 antivm_vbox_files
- 0.001 rat_nanocore
- 0.001 betabot_behavior
- 0.001 kibex_behavior
- 0.001 cerber_behavior
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 disables_system_restore
- 0.001 maldun_malicious_drop_executable_file_to_temp_folder
- 0.001 md_bad_drop
- 0.001 network_cnc_http
- 0.001 stealth_modify_uac_prompt
Reporting ( 0.601 seconds )
- 0.601 ReportHTMLSummary
| Task ID | 692592 |
|---|---|
| Mongo ID | 6290fbeb7e769a0b42023293 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号