比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2022-05-28 00:50:55 2022-05-28 00:51:19 24 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 Win32.Trojan.Mbrlocker.Zvst2.0.exe
文件大小 950272 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 5f60f9d3e31346fa84fed1cdd07c1d5a
SHA1 ae46596e78bf9c9a4a51e3e27065380480699fe5
SHA256 d736dd0f952b23741bde52f3335fc6683e455196edaacb8224ace15fa92ac4a8
SHA512 802b433c975a0b1068307195291e0a6a14a129689c8b01f1c94b2c03c313b6925e8ed045d5dcb57a6e544a468540b4b6a3136a7d8e4c0c52ac65bdaa8e52ba7d
CRC32 18C8FA20
Ssdeep 12288:OMQATyjkjvo/urby/QOdmY56OvUGSXVVMi0vYu2jtTxIG3ZuXd:OMQWyjiomrfIZ56Ov5SFV2vYu25TuG3c
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0047c4a3
声明校验值 0x00000000
实际校验值 0x000eb25f
最低操作系统版本要求 4.0
编译时间 2021-02-08 18:55:57
载入哈希 742119d4891fa2ae181c7f394e81fab3

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0009b3d6 0x0009c000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.51
.rdata 0x0009d000 0x000296d0 0x0002a000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.21
.data 0x000c7000 0x00050a8a 0x00019000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.37
.rsrc 0x00118000 0x0000793c 0x00008000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.43

导入

库: MSVFW32.dll:
0x49d3b0 DrawDibDraw
库: AVIFIL32.dll:
0x49d024 AVIStreamGetFrame
0x49d028 AVIStreamInfoA
库: WINMM.dll:
0x49d650 midiStreamClose
0x49d654 midiStreamRestart
0x49d658 midiStreamOut
0x49d660 midiStreamProperty
0x49d664 midiStreamOpen
0x49d66c waveOutOpen
0x49d670 waveOutGetNumDevs
0x49d674 waveOutClose
0x49d678 waveOutPause
0x49d67c waveOutWrite
0x49d688 PlaySoundA
0x49d68c midiOutReset
0x49d690 midiStreamStop
0x49d694 waveOutReset
库: WS2_32.dll:
0x49d6ac accept
0x49d6b0 getpeername
0x49d6b4 recv
0x49d6b8 ioctlsocket
0x49d6bc recvfrom
0x49d6c0 WSAAsyncSelect
0x49d6c4 closesocket
0x49d6c8 WSACleanup
0x49d6cc inet_ntoa
库: KERNEL32.dll:
0x49d1a0 GetVersion
0x49d1ac LocalFree
0x49d1b8 lstrcpynA
0x49d1bc FlushFileBuffers
0x49d1c0 LockFile
0x49d1c4 UnlockFile
0x49d1c8 SetEndOfFile
0x49d1cc lstrcmpiA
0x49d1d0 GlobalDeleteAtom
0x49d1d4 GlobalFindAtomA
0x49d1d8 GlobalAddAtomA
0x49d1dc GlobalGetAtomNameA
0x49d1e0 lstrcmpA
0x49d1e4 LocalAlloc
0x49d1e8 TlsAlloc
0x49d1ec GlobalHandle
0x49d1f0 TlsFree
0x49d1f4 TlsSetValue
0x49d1f8 LocalReAlloc
0x49d1fc TlsGetValue
0x49d200 GetFileTime
0x49d204 GetCurrentThread
0x49d208 GlobalFlags
0x49d20c SetErrorMode
0x49d210 GetProcessVersion
0x49d214 GetCPInfo
0x49d218 GetOEMCP
0x49d21c GetStartupInfoA
0x49d220 RtlUnwind
0x49d224 GetSystemTime
0x49d228 GetLocalTime
0x49d22c RaiseException
0x49d230 HeapSize
0x49d234 GetACP
0x49d24c SetHandleCount
0x49d250 GetStdHandle
0x49d254 GetFileType
0x49d25c HeapDestroy
0x49d260 HeapCreate
0x49d264 VirtualFree
0x49d26c LCMapStringA
0x49d270 LCMapStringW
0x49d274 VirtualAlloc
0x49d278 IsBadWritePtr
0x49d280 GetStringTypeA
0x49d284 GetStringTypeW
0x49d288 CompareStringA
0x49d28c CompareStringW
0x49d290 IsBadReadPtr
0x49d294 IsBadCodePtr
0x49d298 SetStdHandle
0x49d29c SetLastError
0x49d2a0 TerminateProcess
0x49d2a4 GetCurrentProcess
0x49d2a8 GetFileSize
0x49d2ac SetFilePointer
0x49d2b0 CreateSemaphoreA
0x49d2b4 ResumeThread
0x49d2b8 ReleaseSemaphore
0x49d2c4 GetProfileStringA
0x49d2c8 WriteFile
0x49d2d0 CreateFileA
0x49d2d4 SetEvent
0x49d2d8 FindResourceA
0x49d2dc LoadResource
0x49d2e0 LockResource
0x49d2e4 ReadFile
0x49d2e8 RemoveDirectoryA
0x49d2ec GetModuleFileNameA
0x49d2f0 WideCharToMultiByte
0x49d2f4 MultiByteToWideChar
0x49d2f8 GetCurrentThreadId
0x49d2fc ExitProcess
0x49d300 GlobalSize
0x49d304 GlobalFree
0x49d310 lstrcatA
0x49d314 lstrlenA
0x49d318 WinExec
0x49d31c lstrcpyA
0x49d320 FindNextFileA
0x49d324 GlobalReAlloc
0x49d328 HeapFree
0x49d32c HeapReAlloc
0x49d330 GetProcessHeap
0x49d334 HeapAlloc
0x49d338 GetFullPathNameA
0x49d33c FreeLibrary
0x49d340 LoadLibraryA
0x49d344 GetLastError
0x49d348 GetVersionExA
0x49d350 CreateThread
0x49d354 CreateEventA
0x49d358 Sleep
0x49d35c GlobalAlloc
0x49d360 GlobalLock
0x49d364 GlobalUnlock
0x49d368 FindFirstFileA
0x49d36c FindClose
0x49d370 GetFileAttributesA
0x49d374 DeleteFileA
0x49d380 GetModuleHandleA
0x49d384 GetProcAddress
0x49d388 MulDiv
0x49d38c SetLocalTime
0x49d390 GetCommandLineA
0x49d394 GetTickCount
0x49d398 CreateProcessA
0x49d39c WaitForSingleObject
0x49d3a0 CloseHandle
0x49d3a4 InterlockedExchange
0x49d3a8 DuplicateHandle
库: USER32.dll:
0x49d3d4 LoadStringA
0x49d3d8 GetSysColorBrush
0x49d3dc FindWindowExA
0x49d3e0 GetDlgItem
0x49d3e4 GetClassNameA
0x49d3e8 GetDesktopWindow
0x49d3ec DrawStateA
0x49d3f0 FrameRect
0x49d3f4 GetNextDlgTabItem
0x49d3f8 LoadIconA
0x49d3fc TranslateMessage
0x49d400 DrawFrameControl
0x49d404 DrawEdge
0x49d408 DrawFocusRect
0x49d40c WindowFromPoint
0x49d410 GetMessageA
0x49d414 DispatchMessageA
0x49d418 SetRectEmpty
0x49d428 DrawIconEx
0x49d42c CreatePopupMenu
0x49d430 AppendMenuA
0x49d434 ModifyMenuA
0x49d438 CreateMenu
0x49d440 GetDlgCtrlID
0x49d444 GetSubMenu
0x49d448 EnableMenuItem
0x49d44c ClientToScreen
0x49d454 LoadImageA
0x49d45c ShowWindow
0x49d460 IsWindowEnabled
0x49d468 GetKeyState
0x49d470 PostQuitMessage
0x49d474 IsZoomed
0x49d478 GetClassInfoA
0x49d47c DefWindowProcA
0x49d480 GetSystemMenu
0x49d484 DeleteMenu
0x49d488 GetMenu
0x49d48c SetMenu
0x49d490 PeekMessageA
0x49d494 SetFocus
0x49d498 GetActiveWindow
0x49d49c GetWindow
0x49d4a4 SetWindowRgn
0x49d4a8 GetMessagePos
0x49d4ac ScreenToClient
0x49d4b4 CopyRect
0x49d4b8 LoadBitmapA
0x49d4bc WinHelpA
0x49d4c0 KillTimer
0x49d4c4 SetTimer
0x49d4c8 ReleaseCapture
0x49d4cc GetCapture
0x49d4d0 SetCapture
0x49d4d4 GetScrollRange
0x49d4d8 SetScrollRange
0x49d4dc SetScrollPos
0x49d4e0 SetRect
0x49d4e4 IntersectRect
0x49d4e8 DestroyIcon
0x49d4ec PtInRect
0x49d4f0 OffsetRect
0x49d4f4 IsWindowVisible
0x49d4f8 EnableWindow
0x49d4fc RedrawWindow
0x49d500 GetWindowLongA
0x49d504 SetWindowLongA
0x49d508 GetSysColor
0x49d50c SetActiveWindow
0x49d510 SetCursorPos
0x49d514 LoadCursorA
0x49d518 SetCursor
0x49d51c GetDC
0x49d520 FillRect
0x49d524 IsRectEmpty
0x49d528 ReleaseDC
0x49d52c IsChild
0x49d530 DestroyMenu
0x49d534 SetForegroundWindow
0x49d538 GetWindowRect
0x49d53c EqualRect
0x49d540 UpdateWindow
0x49d544 ValidateRect
0x49d548 InvalidateRect
0x49d54c GetClientRect
0x49d550 GetFocus
0x49d554 GetParent
0x49d558 GetTopWindow
0x49d55c PostMessageA
0x49d560 IsWindow
0x49d564 SetParent
0x49d568 DestroyCursor
0x49d56c SendMessageA
0x49d570 SetWindowPos
0x49d574 MessageBoxA
0x49d578 GetCursorPos
0x49d57c GetSystemMetrics
0x49d580 EmptyClipboard
0x49d584 SetClipboardData
0x49d588 OpenClipboard
0x49d58c GetClipboardData
0x49d590 CloseClipboard
0x49d594 wsprintfA
0x49d598 WaitForInputIdle
0x49d5a0 GetMenuState
0x49d5a4 SetMenuItemBitmaps
0x49d5a8 CheckMenuItem
0x49d5ac MoveWindow
0x49d5b0 SetWindowTextA
0x49d5b4 IsDialogMessageA
0x49d5b8 ScrollWindowEx
0x49d5bc SendDlgItemMessageA
0x49d5c0 MapWindowPoints
0x49d5c4 AdjustWindowRectEx
0x49d5c8 GetScrollPos
0x49d5cc RegisterClassA
0x49d5d0 GetMenuItemCount
0x49d5d4 GetMenuItemID
0x49d5d8 CreateWindowExA
0x49d5dc SetWindowsHookExA
0x49d5e0 CallNextHookEx
0x49d5e4 GetClassLongA
0x49d5e8 SetPropA
0x49d5ec UnhookWindowsHookEx
0x49d5f0 GetPropA
0x49d5f4 CallWindowProcA
0x49d5f8 RemovePropA
0x49d5fc GetMessageTime
0x49d600 GetLastActivePopup
0x49d604 GetForegroundWindow
0x49d60c GetWindowPlacement
0x49d610 EndDialog
0x49d618 DestroyWindow
0x49d61c GrayStringA
0x49d620 DrawTextA
0x49d624 TabbedTextOutA
0x49d628 EndPaint
0x49d62c BeginPaint
0x49d630 GetWindowDC
0x49d634 CharUpperA
0x49d63c IsIconic
0x49d640 GetWindowTextA
0x49d644 InflateRect
0x49d648 UnregisterClassA
库: GDI32.dll:
0x49d040 RoundRect
0x49d044 GetCurrentObject
0x49d048 DPtoLP
0x49d04c LPtoDP
0x49d050 Rectangle
0x49d054 CreateCompatibleDC
0x49d058 GetPixel
0x49d060 StartPage
0x49d064 Ellipse
0x49d068 BitBlt
0x49d06c StartDocA
0x49d070 DeleteDC
0x49d074 EndDoc
0x49d078 EndPage
0x49d07c CreateFontIndirectA
0x49d080 GetStockObject
0x49d084 CreateSolidBrush
0x49d088 FillRgn
0x49d08c CreateRectRgn
0x49d090 CombineRgn
0x49d094 PatBlt
0x49d098 CreatePen
0x49d09c GetObjectA
0x49d0a0 SelectObject
0x49d0a4 CreatePatternBrush
0x49d0a8 CreateBitmap
0x49d0ac CreateDCA
0x49d0b4 GetPolyFillMode
0x49d0b8 GetStretchBltMode
0x49d0bc GetROP2
0x49d0c0 GetBkColor
0x49d0c4 GetBkMode
0x49d0c8 GetTextColor
0x49d0cc CreateRoundRectRgn
0x49d0d0 CreateEllipticRgn
0x49d0d4 PathToRegion
0x49d0d8 EndPath
0x49d0dc BeginPath
0x49d0e0 GetWindowOrgEx
0x49d0e4 GetViewportOrgEx
0x49d0e8 GetWindowExtEx
0x49d0ec GetDIBits
0x49d0f0 RealizePalette
0x49d0f4 SelectPalette
0x49d0f8 StretchBlt
0x49d0fc CreatePalette
0x49d104 CreateDIBitmap
0x49d108 DeleteObject
0x49d10c SelectClipRgn
0x49d110 CreatePolygonRgn
0x49d114 GetClipRgn
0x49d118 SetStretchBltMode
0x49d11c CreateDIBSection
0x49d124 SetBkColor
0x49d128 TextOutA
0x49d12c SetBkMode
0x49d130 SetTextColor
0x49d134 SetDIBitsToDevice
0x49d138 SaveDC
0x49d13c RestoreDC
0x49d140 SetPolyFillMode
0x49d144 SetROP2
0x49d148 SetMapMode
0x49d14c SetViewportOrgEx
0x49d150 OffsetViewportOrgEx
0x49d154 SetViewportExtEx
0x49d158 ScaleViewportExtEx
0x49d15c SetWindowOrgEx
0x49d160 SetWindowExtEx
0x49d164 ScaleWindowExtEx
0x49d168 GetClipBox
0x49d16c ExcludeClipRect
0x49d170 MoveToEx
0x49d174 LineTo
0x49d178 ExtSelectClipRgn
0x49d17c GetViewportExtEx
0x49d180 PtVisible
0x49d184 RectVisible
0x49d188 ExtTextOutA
0x49d18c Escape
0x49d190 GetTextMetricsA
0x49d194 GetDeviceCaps
库: WINSPOOL.DRV:
0x49d69c OpenPrinterA
0x49d6a0 DocumentPropertiesA
0x49d6a4 ClosePrinter
库: comdlg32.dll:
0x49d6d4 ChooseColorA
0x49d6d8 GetOpenFileNameA
0x49d6dc GetSaveFileNameA
0x49d6e0 GetFileTitleA
库: ADVAPI32.dll:
0x49d000 RegCloseKey
0x49d004 RegOpenKeyExA
0x49d008 RegSetValueExA
0x49d00c RegCreateKeyA
0x49d010 RegDeleteValueA
0x49d014 RegDeleteKeyA
0x49d018 RegQueryValueA
0x49d01c RegCreateKeyExA
库: SHELL32.dll:
0x49d3c8 Shell_NotifyIconA
0x49d3cc ShellExecuteA
库: ole32.dll:
0x49d6e8 OleInitialize
0x49d6ec OleUninitialize
0x49d6f0 CLSIDFromString
库: OLEAUT32.dll:
0x49d3b8 LoadTypeLib
0x49d3bc UnRegisterTypeLib
0x49d3c0 RegisterTypeLib
库: COMCTL32.dll:
0x49d030 None
0x49d034 _TrackMouseEvent
0x49d038 ImageList_Destroy
.text
`.rdata
@.data
.rsrc
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
Made in China
This is program!
UHello ,world!
8`}<j
T$hVj
T$th
D$4|+K
D$$L,K
D$@Sj
L$8h
D$8Rj
l$<VWj
jjjjh
没有防病毒引擎扫描信息!

进程树

Win32.Trojan.Mbrlocker.Zvst2.0.exe, PID: 2436, 上一级进程 PID: 2296
taskkill.exe, PID: 2500, 上一级进程 PID: 2436
taskkill.exe, PID: 2548, 上一级进程 PID: 2436
taskkill.exe, PID: 2576, 上一级进程 PID: 2436
taskkill.exe, PID: 2620, 上一级进程 PID: 2436
taskkill.exe, PID: 2748, 上一级进程 PID: 2436
taskkill.exe, PID: 2844, 上一级进程 PID: 2436
taskkill.exe, PID: 2944, 上一级进程 PID: 2436
taskkill.exe, PID: 2320, 上一级进程 PID: 2436
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49168 23.215.130.128 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49168 23.215.130.128 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 22.233 seconds )

  • 11.215 Suricata
  • 5.122 VirusTotal
  • 2.959 Static
  • 1.246 NetworkAnalysis
  • 0.931 BehaviorAnalysis
  • 0.419 TargetInfo
  • 0.315 peid
  • 0.011 AnalysisInfo
  • 0.011 Strings
  • 0.002 Memory
  • 0.002 config_decoder

Signatures ( 1.927 seconds )

  • 1.365 md_url_bl
  • 0.059 api_spamming
  • 0.051 antidbg_windows
  • 0.048 stealth_decoy_document
  • 0.047 stealth_timeout
  • 0.034 antiav_detectreg
  • 0.02 antiav_detectfile
  • 0.018 infostealer_ftp
  • 0.015 antivm_vbox_window
  • 0.013 browser_needed
  • 0.013 antivm_generic_scsi
  • 0.013 infostealer_bitcoin
  • 0.012 antisandbox_script_timer
  • 0.011 antivm_generic_services
  • 0.011 infostealer_im
  • 0.009 injection_explorer
  • 0.008 mimics_filetime
  • 0.008 reads_self
  • 0.008 anomaly_persistence_autorun
  • 0.008 antivm_generic_disk
  • 0.008 virus
  • 0.008 antivm_vbox_files
  • 0.008 md_domain_bl
  • 0.007 stealth_file
  • 0.007 anormaly_invoke_kills
  • 0.007 antianalysis_detectreg
  • 0.007 infostealer_mail
  • 0.006 bootkit
  • 0.006 hancitor_behavior
  • 0.005 geodo_banking_trojan
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 betabot_behavior
  • 0.003 shifu_behavior
  • 0.003 kovter_behavior
  • 0.003 antidbg_devices
  • 0.003 disables_browser_warn
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 antiemu_wine_func
  • 0.002 network_tor
  • 0.002 antivm_vbox_libs
  • 0.002 ransomware_dmalocker
  • 0.002 injection_createremotethread
  • 0.002 sets_autoconfig_url
  • 0.002 kibex_behavior
  • 0.002 infostealer_browser_password
  • 0.002 antivm_parallels_keys
  • 0.002 antivm_xen_keys
  • 0.002 browser_security
  • 0.002 rat_pcclient
  • 0.001 banker_prinimalka
  • 0.001 hawkeye_behavior
  • 0.001 rat_nanocore
  • 0.001 antiav_avast_libs
  • 0.001 upatre_behavior
  • 0.001 anomaly_persistence_bootexecute
  • 0.001 anomaly_reset_winsock
  • 0.001 kelihos_behavior
  • 0.001 creates_largekey
  • 0.001 kazybot_behavior
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 antisandbox_sboxie_libs
  • 0.001 antiav_bitdefender_libs
  • 0.001 exec_crash
  • 0.001 vawtrak_behavior
  • 0.001 cerber_behavior
  • 0.001 injection_runpe
  • 0.001 pony_behavior
  • 0.001 sniffer_winpcap
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_vmware_files
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 modify_proxy
  • 0.001 disables_system_restore
  • 0.001 codelux_behavior
  • 0.001 darkcomet_regkeys
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 malicous_targeted_flame
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 stealth_modify_uac_prompt
  • 0.001 stealth_web_history

Reporting ( 0.488 seconds )

  • 0.488 ReportHTMLSummary
Task ID 692595
Mongo ID 629101addc327b07f40dca4a
Cuckoo release 1.4-Maldun