比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) 2022-05-28 00:28:27 2022-05-28 00:28:28 1 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 XXPlayer.exe
文件大小 643800 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 b1c05acd8cbbf1bd9a2448da0c10c411
SHA1 b2ee36f8da1f18e1ec6120e022ab3281e63696d9
SHA256 f35bfa926a727a3775310df823cef7017396cd8e3c97593e2dc9be9c7be30c86
SHA512 cef873c8a6fc0ce2dea3d68aa01cb9eeb7fbbf6e0faa76c8fd4fccea331b1eb4687629ad34400e7911c2301008b7e489e70c1410bd95c4eb441a99d882f86872
CRC32 21E2067F
Ssdeep 12288:0qv5dQPaVvHLyHWS4f/UKDW7CR8dlk1uxe/aUwEF7h4ajwt:7v7WULy2SJKDWWR8dlk1uIiUBV6ajwt
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00416781
声明校验值 0x000abac9
实际校验值 0x0009e992
最低操作系统版本要求 5.0
编译时间 2011-09-12 02:12:22
载入哈希 484fbc0ffce59a425af0c5d5969262ff

版本信息

LegalCopyright
FileVersion
Comments
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0007f08e 0x0007f200 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.68
.rdata 0x00081000 0x0000e004 0x0000e200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.79
.data 0x00090000 0x0001a758 0x00006800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2.14
.rsrc 0x000ab000 0x000057ec 0x00005800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.88

覆盖

偏移量 0x00099800
大小 0x00003ad8

导入

库: WSOCK32.dll:
0x481780 __WSAFDIsSet
0x481784 setsockopt
0x481788 ntohs
0x48178c recvfrom
0x481790 sendto
0x481794 htons
0x481798 WSACleanup
0x48179c listen
0x4817a0 WSAStartup
0x4817a4 bind
0x4817a8 closesocket
0x4817ac connect
0x4817b0 socket
0x4817b4 send
0x4817b8 ioctlsocket
0x4817bc WSAGetLastError
0x4817c0 accept
0x4817c4 select
0x4817c8 inet_addr
0x4817cc gethostbyname
0x4817d0 gethostname
0x4817d4 recv
库: VERSION.dll:
0x481728 GetFileVersionInfoW
0x48172c VerQueryValueW
库: WINMM.dll:
0x481770 timeGetTime
0x481774 waveOutSetVolume
0x481778 mciSendStringW
库: COMCTL32.dll:
0x48108c ImageList_Remove
0x481094 ImageList_BeginDrag
0x481098 ImageList_DragEnter
0x48109c ImageList_DragLeave
0x4810a0 ImageList_EndDrag
0x4810a4 ImageList_DragMove
0x4810ac ImageList_Create
0x4810b4 ImageList_Destroy
库: MPR.dll:
0x4813dc WNetGetConnectionW
0x4813e0 WNetAddConnection2W
0x4813e4 WNetUseConnectionW
库: WININET.dll:
0x481734 InternetReadFile
0x481738 InternetCloseHandle
0x48173c InternetOpenW
0x481740 InternetSetOptionW
0x481744 InternetCrackUrlW
0x481748 HttpQueryInfoW
0x48174c InternetConnectW
0x481750 HttpOpenRequestW
0x481754 HttpSendRequestW
0x481758 FtpOpenFileW
0x48175c FtpGetFileSize
0x481760 InternetOpenUrlW
库: PSAPI.DLL:
0x48143c EnumProcesses
0x481440 GetModuleBaseNameW
0x481448 EnumProcessModules
库: USERENV.dll:
0x481710 UnloadUserProfile
0x48171c LoadUserProfileW
库: KERNEL32.dll:
0x481158 HeapAlloc
0x48115c Sleep
0x481160 GetCurrentThreadId
0x481164 RaiseException
0x481168 MulDiv
0x48116c GetVersionExW
0x481170 GetSystemInfo
0x48117c lstrlenW
0x481180 lstrcpyW
0x481184 lstrcmpiW
0x481188 MultiByteToWideChar
0x48118c WideCharToMultiByte
0x481190 GetModuleHandleW
0x481198 VirtualFreeEx
0x48119c OpenProcess
0x4811a0 VirtualAllocEx
0x4811a4 WriteProcessMemory
0x4811a8 ReadProcessMemory
0x4811ac CreateFileW
0x4811b0 SetFilePointerEx
0x4811b4 ReadFile
0x4811b8 WriteFile
0x4811bc FlushFileBuffers
0x4811c0 TerminateProcess
0x4811c8 Process32FirstW
0x4811cc Process32NextW
0x4811d0 SetFileTime
0x4811d4 GetFileAttributesW
0x4811d8 FindFirstFileW
0x4811dc FindClose
0x4811e0 DeleteFileW
0x4811e4 FindNextFileW
0x4811e8 MoveFileW
0x4811ec CopyFileW
0x4811f0 CreateDirectoryW
0x4811f4 RemoveDirectoryW
0x4811f8 GetProcessHeap
0x481200 FindResourceW
0x481204 LoadResource
0x481208 LockResource
0x48120c SizeofResource
0x481210 EnumResourceNamesW
0x481214 OutputDebugStringW
0x481218 GetLocalTime
0x48121c CompareStringW
0x481230 GetStdHandle
0x481234 CreatePipe
0x481238 InterlockedExchange
0x48123c TerminateThread
0x481240 GetTempPathW
0x481244 GetTempFileNameW
0x481248 VirtualFree
0x48124c FormatMessageW
0x481250 GetExitCodeProcess
0x481254 SetErrorMode
0x48127c GetDriveTypeW
0x481280 GetDiskFreeSpaceExW
0x481284 GetDiskFreeSpaceW
0x48128c SetVolumeLabelW
0x481290 CreateHardLinkW
0x481294 DeviceIoControl
0x481298 SetFileAttributesW
0x48129c GetShortPathNameW
0x4812a0 CreateEventW
0x4812a4 SetEvent
0x4812b0 GlobalLock
0x4812b4 GlobalUnlock
0x4812b8 GlobalAlloc
0x4812bc GetFileSize
0x4812c0 GlobalFree
0x4812c8 Beep
0x4812cc GetSystemDirectoryW
0x4812d0 GetComputerNameW
0x4812d8 GetCurrentProcessId
0x4812dc GetCurrentThread
0x4812e4 CreateProcessW
0x4812e8 SetPriorityClass
0x4812ec LoadLibraryW
0x4812f0 VirtualAlloc
0x4812f4 LoadLibraryExW
0x4812f8 HeapFree
0x4812fc WaitForSingleObject
0x481300 CreateThread
0x481304 DuplicateHandle
0x481308 GetLastError
0x48130c CloseHandle
0x481310 GetCurrentProcess
0x481314 GetProcAddress
0x481318 LoadLibraryA
0x48131c FreeLibrary
0x481320 GetModuleFileNameW
0x481324 GetFullPathNameW
0x48132c IsDebuggerPresent
0x481334 ExitProcess
0x481338 ExitThread
0x481340 ResumeThread
0x481344 GetTimeFormatW
0x481348 GetDateFormatW
0x48134c GetCommandLineW
0x481350 GetStartupInfoW
0x481358 HeapSize
0x48135c GetCPInfo
0x481360 GetACP
0x481364 GetOEMCP
0x481368 IsValidCodePage
0x48136c TlsAlloc
0x481370 TlsGetValue
0x481374 TlsSetValue
0x481378 TlsFree
0x48137c SetLastError
0x481388 GetStringTypeW
0x48138c HeapCreate
0x481390 SetHandleCount
0x481394 GetFileType
0x481398 SetStdHandle
0x48139c GetConsoleCP
0x4813a0 GetConsoleMode
0x4813a4 LCMapStringW
0x4813a8 RtlUnwind
0x4813ac SetFilePointer
0x4813bc GetTickCount
0x4813c0 HeapReAlloc
0x4813c4 WriteConsoleW
0x4813c8 SetEndOfFile
0x4813cc SetSystemPowerState
库: USER32.dll:
0x48148c SetRect
0x481490 AdjustWindowRectEx
0x481494 CopyImage
0x481498 SetWindowPos
0x48149c GetCursorInfo
0x4814a0 RegisterHotKey
0x4814a4 ClientToScreen
0x4814ac IsCharAlphaW
0x4814b0 IsCharAlphaNumericW
0x4814b4 IsCharLowerW
0x4814b8 IsCharUpperW
0x4814bc GetMenuStringW
0x4814c0 GetSubMenu
0x4814c4 GetCaretPos
0x4814c8 IsZoomed
0x4814cc MonitorFromPoint
0x4814d0 GetMonitorInfoW
0x4814d4 SetWindowLongW
0x4814dc FlashWindow
0x4814e0 GetClassLongW
0x4814e8 IsDialogMessageW
0x4814ec GetSysColor
0x4814f0 InflateRect
0x4814f4 DrawFocusRect
0x4814f8 DrawTextW
0x4814fc FrameRect
0x481500 DrawFrameControl
0x481504 FillRect
0x481508 PtInRect
0x481514 SetCursor
0x481518 GetWindowDC
0x48151c GetSystemMetrics
0x481520 GetActiveWindow
0x481524 CharNextW
0x481528 wsprintfW
0x48152c RedrawWindow
0x481530 DrawMenuBar
0x481534 DestroyMenu
0x481538 SetMenu
0x481540 CreateMenu
0x481544 IsDlgButtonChecked
0x481548 DefDlgProcW
0x48154c ReleaseCapture
0x481550 SetCapture
0x481554 WindowFromPoint
0x481558 SetActiveWindow
0x48155c FindWindowExW
0x481560 EnumThreadWindows
0x481564 SetMenuDefaultItem
0x481568 InsertMenuItemW
0x48156c IsMenu
0x481570 TrackPopupMenuEx
0x481574 GetCursorPos
0x481578 DeleteMenu
0x48157c CheckMenuRadioItem
0x481580 GetMenuItemID
0x481584 GetMenuItemCount
0x481588 SetClipboardData
0x48158c GetMenuItemInfoW
0x481590 SetForegroundWindow
0x481594 IsIconic
0x481598 FindWindowW
0x4815a0 MonitorFromRect
0x4815a4 SendInput
0x4815a8 GetAsyncKeyState
0x4815ac SetKeyboardState
0x4815b0 GetKeyboardState
0x4815b4 GetKeyState
0x4815b8 VkKeyScanW
0x4815bc LoadStringW
0x4815c0 DialogBoxParamW
0x4815c4 MessageBeep
0x4815c8 EndDialog
0x4815cc SendDlgItemMessageW
0x4815d0 GetDlgItem
0x4815d4 SetWindowTextW
0x4815d8 CopyRect
0x4815dc ReleaseDC
0x4815e0 GetDC
0x4815e4 EndPaint
0x4815e8 BeginPaint
0x4815ec GetClientRect
0x4815f0 GetMenu
0x4815f4 DestroyWindow
0x4815f8 EnumWindows
0x4815fc GetDesktopWindow
0x481600 IsWindow
0x481604 IsWindowEnabled
0x481608 IsWindowVisible
0x48160c EnableWindow
0x481610 InvalidateRect
0x481614 GetWindowLongW
0x48161c AttachThreadInput
0x481620 GetWindowTextW
0x481624 ScreenToClient
0x481628 SendMessageTimeoutW
0x48162c EnumChildWindows
0x481630 CharUpperBuffW
0x481634 GetClassNameW
0x481638 GetParent
0x48163c GetDlgCtrlID
0x481640 SendMessageW
0x481644 MapVirtualKeyW
0x481648 PostMessageW
0x48164c GetWindowRect
0x481658 CloseDesktop
0x48165c CloseWindowStation
0x481660 OpenDesktopW
0x48166c OpenWindowStationW
0x481670 MessageBoxW
0x481674 DefWindowProcW
0x481678 MoveWindow
0x48167c SetFocus
0x481680 PostQuitMessage
0x481684 KillTimer
0x481688 EmptyClipboard
0x481690 CloseClipboard
0x481694 GetClipboardData
0x48169c OpenClipboard
0x4816a0 BlockInput
0x4816a4 GetMessageW
0x4816a8 LockWindowUpdate
0x4816ac DispatchMessageW
0x4816b0 TranslateMessage
0x4816b4 PeekMessageW
0x4816b8 UnregisterHotKey
0x4816bc SetMenuItemInfoW
0x4816c0 CharLowerBuffW
0x4816c4 CreatePopupMenu
0x4816cc SetTimer
0x4816d0 ShowWindow
0x4816d4 CreateWindowExW
0x4816d8 RegisterClassExW
0x4816dc LoadIconW
0x4816e0 LoadCursorW
0x4816e4 GetSysColorBrush
0x4816e8 GetForegroundWindow
0x4816ec MessageBoxA
0x4816f0 DestroyIcon
0x4816f4 LoadImageW
0x4816fc mouse_event
0x481700 keybd_event
0x481704 ExitWindowsEx
0x481708 GetFocus
库: GDI32.dll:
0x4810c8 DeleteObject
0x4810cc BeginPath
0x4810d4 ExtCreatePen
0x4810d8 StrokeAndFillPath
0x4810dc StrokePath
0x4810e0 EndPath
0x4810e4 SetPixel
0x4810e8 CloseFigure
0x4810f0 CreateCompatibleDC
0x4810f4 SelectObject
0x4810f8 StretchBlt
0x4810fc GetDIBits
0x481100 LineTo
0x481104 AngleArc
0x481108 DeleteDC
0x48110c GetPixel
0x481110 CreateDCW
0x481114 MoveToEx
0x481118 Ellipse
0x48111c GetDeviceCaps
0x481120 Rectangle
0x481124 SetViewportOrgEx
0x481128 GetObjectW
0x48112c SetBkMode
0x481130 RoundRect
0x481134 SetBkColor
0x481138 CreatePen
0x48113c CreateSolidBrush
0x481140 SetTextColor
0x481144 CreateFontW
0x481148 GetTextFaceW
0x48114c GetStockObject
0x481150 PolyDraw
库: COMDLG32.dll:
0x4810bc GetSaveFileNameW
0x4810c0 GetOpenFileNameW
库: ADVAPI32.dll:
0x481000 RegEnumValueW
0x481004 RegDeleteValueW
0x481008 RegDeleteKeyW
0x48100c RegSetValueExW
0x481010 RegCreateKeyExW
0x481014 GetUserNameW
0x481018 RegConnectRegistryW
0x48101c RegEnumKeyExW
0x481020 CloseServiceHandle
0x481028 LockServiceDatabase
0x48102c OpenSCManagerW
0x481038 OpenThreadToken
0x48103c OpenProcessToken
0x481044 DuplicateTokenEx
0x481054 InitializeAcl
0x481058 GetLengthSid
0x48105c RegCloseKey
0x481060 CopySid
0x481064 LogonUserW
0x481068 GetTokenInformation
0x481070 GetAclInformation
0x481074 GetAce
0x48107c RegOpenKeyExW
0x481080 RegQueryValueExW
0x481084 AddAce
库: SHELL32.dll:
0x481450 DragQueryPoint
0x481454 ShellExecuteExW
0x481458 SHGetFolderPathW
0x48145c DragQueryFileW
0x481460 SHEmptyRecycleBinW
0x481464 SHBrowseForFolderW
0x481468 SHFileOperationW
0x481470 SHGetDesktopFolder
0x481474 SHGetMalloc
0x481478 ExtractIconExW
0x48147c Shell_NotifyIconW
0x481480 ShellExecuteW
0x481484 DragFinish
库: ole32.dll:
0x4817e0 MkParseDisplayName
0x4817e8 CoInitialize
0x4817ec CoUninitialize
0x4817f0 CoCreateInstance
0x4817f8 CoTaskMemAlloc
0x4817fc StringFromGUID2
0x481800 CoTaskMemFree
0x481804 CLSIDFromString
0x481808 ProgIDFromCLSID
0x48180c IIDFromString
0x481810 OleInitialize
0x481814 CreateBindCtx
0x481818 CLSIDFromProgID
0x48181c OleUninitialize
0x481820 CoSetProxyBlanket
0x481824 CoCreateInstanceEx
库: OLEAUT32.dll:
0x4813ec SysAllocString
0x4813f0 OleLoadPicture
0x4813f4 SafeArrayGetVartype
0x4813fc SafeArrayAccessData
0x481400 VarR8FromDec
0x48140c VariantCopy
0x481410 VariantInit
0x481414 VariantClear
0x481418 CreateStdDispatch
0x48141c CreateDispTypeInfo
0x481424 SafeArrayAllocData
0x481430 GetActiveObject
0x481434 SysFreeString
.text
`.rdata
@.data
.rsrc
VhP>H
Vhl>H
u hL?H
VPWSj
VhkSA
YQPVh
F\0)H
F\=0)H
95,oI
954oI
954oI
u}h|4H
没有防病毒引擎扫描信息!

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 9.056 seconds )

  • 5.84 VirusTotal
  • 2.525 Static
  • 0.351 TargetInfo
  • 0.314 peid
  • 0.012 Strings
  • 0.01 AnalysisInfo
  • 0.002 BehaviorAnalysis
  • 0.002 config_decoder

Signatures ( 0.075 seconds )

  • 0.011 antiav_detectreg
  • 0.009 md_url_bl
  • 0.008 md_domain_bl
  • 0.005 anomaly_persistence_autorun
  • 0.005 infostealer_ftp
  • 0.004 antiav_detectfile
  • 0.004 ransomware_files
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_im
  • 0.003 ransomware_extensions
  • 0.002 tinba_behavior
  • 0.002 antianalysis_detectreg
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.001 rat_nanocore
  • 0.001 betabot_behavior
  • 0.001 cerber_behavior
  • 0.001 geodo_banking_trojan
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop

Reporting ( 0.466 seconds )

  • 0.466 ReportHTMLSummary
Task ID 692593
Mongo ID 6290fc3ddc327b07f50dc8eb
Cuckoo release 1.4-Maldun