比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2022-07-04 18:54:35 2022-07-04 18:56:44 129 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 LYShark1.exe
文件大小 3178496 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4a0b38f0c902d33234c1f7dc9644edd1
SHA1 db9ee5de4ecc3023cc10a7bd6dad89b51c75420f
SHA256 c2c3ab2825fc2a5ca59176bb08db8f6691bfbbafa45749b8f5888c5958156308
SHA512 e9c9bd62d75e4826d3d2c71ac7d648088285d6e0367e75c8a06292bd3ba9eb1e4cc2d8c374e441aab4c27b176e25f0da0182bb9a4d8f84f90c880a26cf4d615c
CRC32 3BCA5FC5
Ssdeep 49152:WhFPrDteSsgB3oDc1ZmCqfMjoUfFWxKynem5m378qZe01uN8F:sFzDteSsgB3oa4nOoU9gKd34qw01uCF
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
45.248.9.242 未知 未知
45.248.9.53 未知 未知

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
w4.eydata.net 未知 CNAME 56e0e1c564d55fc2.waf-jiasu.yhui-cloud.com
A 45.248.9.242
CNAME f39da93f36fa424d.waf-jiasu.yhui-cloud.com
w.eydata.net 未知 CNAME e56128a093377e88.waf-jiasu.yhui-cloud.com
A 45.248.9.53
CNAME cc7f3fa9bc6c480e.waf-jiasu.yhui-cloud.com

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004a263a
声明校验值 0x00000000
实际校验值 0x00312bc5
最低操作系统版本要求 4.0
编译时间 2022-07-04 18:33:19
载入哈希 9d656f467d0fba73e6d99b4b0d38884d

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000c7377 0x000c8000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.53
.rdata 0x000c9000 0x001febb0 0x001ff000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.55
.data 0x002c8000 0x0006c34a 0x0001c000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.42
.rsrc 0x00335000 0x00023fc4 0x00024000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.47

导入

库: MSVFW32.dll:
0x4c941c DrawDibDraw
库: AVIFIL32.dll:
0x4c9018 AVIStreamInfoA
0x4c901c AVIStreamGetFrame
库: WINMM.dll:
0x4c973c midiStreamOut
0x4c9744 midiStreamProperty
0x4c9748 midiStreamOpen
0x4c974c waveOutOpen
0x4c9750 waveOutGetNumDevs
0x4c9754 waveOutClose
0x4c9758 waveOutReset
0x4c975c waveOutPause
0x4c9760 waveOutWrite
0x4c976c PlaySoundA
0x4c9774 midiStreamRestart
0x4c9778 midiStreamClose
0x4c977c midiOutReset
0x4c9780 midiStreamStop
库: WS2_32.dll:
0x4c9798 closesocket
0x4c979c WSACleanup
0x4c97a0 WSAAsyncSelect
0x4c97a4 inet_ntoa
0x4c97a8 accept
0x4c97ac getpeername
0x4c97b0 recv
0x4c97b4 ioctlsocket
0x4c97b8 recvfrom
库: KERNEL32.dll:
0x4c91f8 lstrcpynA
0x4c9200 FlushFileBuffers
0x4c9204 LockFile
0x4c9208 UnlockFile
0x4c920c SetEndOfFile
0x4c9210 GetThreadLocale
0x4c9214 lstrcmpiA
0x4c9218 GlobalDeleteAtom
0x4c921c GlobalFindAtomA
0x4c9220 GlobalAddAtomA
0x4c9224 GlobalGetAtomNameA
0x4c9228 lstrcmpA
0x4c922c LocalAlloc
0x4c9230 TlsAlloc
0x4c9234 GlobalHandle
0x4c9238 TlsFree
0x4c923c TlsSetValue
0x4c9240 LocalReAlloc
0x4c9244 TlsGetValue
0x4c9248 GetFileTime
0x4c924c GetCurrentThread
0x4c9250 GlobalFlags
0x4c9254 SetErrorMode
0x4c9258 GetProcessVersion
0x4c925c GetCPInfo
0x4c9260 GetOEMCP
0x4c9264 GetStartupInfoA
0x4c9268 RtlUnwind
0x4c926c GetSystemTime
0x4c9270 GetLocalTime
0x4c9274 RaiseException
0x4c9278 HeapSize
0x4c927c GetACP
0x4c9294 SetHandleCount
0x4c9298 GetStdHandle
0x4c929c GetFileType
0x4c92a4 HeapDestroy
0x4c92a8 HeapCreate
0x4c92ac VirtualFree
0x4c92b4 LCMapStringA
0x4c92b8 LCMapStringW
0x4c92bc VirtualAlloc
0x4c92c0 IsBadWritePtr
0x4c92c8 GetStringTypeA
0x4c92cc GetStringTypeW
0x4c92d0 CompareStringA
0x4c92d4 CompareStringW
0x4c92d8 IsBadReadPtr
0x4c92dc IsBadCodePtr
0x4c92e0 SetStdHandle
0x4c92e8 FormatMessageA
0x4c92ec LocalFree
0x4c92f8 GetVersion
0x4c9300 SetLastError
0x4c9304 TerminateProcess
0x4c9308 GetCurrentProcess
0x4c930c GetFileSize
0x4c9310 SetFilePointer
0x4c9314 GetTempFileNameA
0x4c9318 CreateSemaphoreA
0x4c931c ResumeThread
0x4c9320 ReleaseSemaphore
0x4c932c GetProfileStringA
0x4c9330 WriteFile
0x4c9338 CreateFileA
0x4c933c SetEvent
0x4c9340 FindResourceA
0x4c9344 LoadResource
0x4c9348 LockResource
0x4c934c ReadFile
0x4c9350 GetModuleFileNameA
0x4c9354 WideCharToMultiByte
0x4c9358 MultiByteToWideChar
0x4c935c GetCurrentThreadId
0x4c9360 ExitProcess
0x4c9364 GlobalSize
0x4c9368 GlobalFree
0x4c9374 lstrcatA
0x4c9378 lstrlenA
0x4c937c WinExec
0x4c9380 lstrcpyA
0x4c9384 FindNextFileA
0x4c9388 GlobalReAlloc
0x4c938c HeapFree
0x4c9390 HeapReAlloc
0x4c9394 GetProcessHeap
0x4c9398 HeapAlloc
0x4c939c GetFullPathNameA
0x4c93a0 FreeLibrary
0x4c93a4 LoadLibraryA
0x4c93a8 GetLastError
0x4c93ac GetVersionExA
0x4c93b4 CreateThread
0x4c93b8 CreateEventA
0x4c93bc Sleep
0x4c93c0 GlobalAlloc
0x4c93c4 GlobalLock
0x4c93c8 GlobalUnlock
0x4c93cc GetTempPathA
0x4c93d0 FindFirstFileA
0x4c93d4 FindClose
0x4c93d8 SetFileAttributesA
0x4c93dc GetFileAttributesA
0x4c93e0 DeleteFileA
0x4c93ec GetModuleHandleA
0x4c93f0 GetProcAddress
0x4c93f4 MulDiv
0x4c93f8 GetCommandLineA
0x4c93fc GetTickCount
0x4c9400 WaitForSingleObject
0x4c9404 CloseHandle
0x4c9408 InterlockedExchange
0x4c940c DuplicateHandle
库: USER32.dll:
0x4c9490 GetSysColorBrush
0x4c9494 GetNextDlgGroupItem
0x4c9498 PostThreadMessageA
0x4c94a0 CharNextA
0x4c94a8 SetMenuItemBitmaps
0x4c94ac CheckMenuItem
0x4c94b0 IsDialogMessageA
0x4c94b4 ScrollWindowEx
0x4c94b8 SendDlgItemMessageA
0x4c94bc MapWindowPoints
0x4c94c0 AdjustWindowRectEx
0x4c94c4 GetScrollPos
0x4c94c8 RegisterClassA
0x4c94cc GetClassLongA
0x4c94d0 RemovePropA
0x4c94d4 GetMessageTime
0x4c94d8 GetLastActivePopup
0x4c94dc GetForegroundWindow
0x4c94e4 GetWindowPlacement
0x4c94e8 EndDialog
0x4c94f0 DestroyWindow
0x4c94f4 EndPaint
0x4c94f8 BeginPaint
0x4c94fc CharUpperA
0x4c9504 UnregisterHotKey
0x4c9508 RegisterHotKey
0x4c950c CreateWindowExA
0x4c9510 GetDlgItem
0x4c9514 GetClassNameA
0x4c9518 GetDesktopWindow
0x4c951c GetWindowTextA
0x4c9520 SetWindowTextA
0x4c9524 GetMenuItemCount
0x4c9528 GetMenuItemID
0x4c952c GetMenuStringA
0x4c9530 GetMenuState
0x4c9538 GrayStringA
0x4c953c TabbedTextOutA
0x4c9540 WindowFromDC
0x4c9544 EnumChildWindows
0x4c9548 GetWindowDC
0x4c954c UnhookWindowsHookEx
0x4c9550 CallNextHookEx
0x4c9554 SetWindowsHookExA
0x4c9558 GetPropA
0x4c955c MoveWindow
0x4c9560 CallWindowProcA
0x4c9564 SetPropA
0x4c9568 DrawTextA
0x4c956c GetCursor
0x4c9570 DrawStateA
0x4c9574 FrameRect
0x4c9578 GetNextDlgTabItem
0x4c957c LoadIconA
0x4c9580 TranslateMessage
0x4c9584 DrawFrameControl
0x4c9588 DrawEdge
0x4c958c DrawFocusRect
0x4c9590 WindowFromPoint
0x4c9594 GetMessageA
0x4c9598 DispatchMessageA
0x4c95a8 DrawIconEx
0x4c95ac CreatePopupMenu
0x4c95b0 AppendMenuA
0x4c95b4 ModifyMenuA
0x4c95b8 CreateMenu
0x4c95c0 GetDlgCtrlID
0x4c95c4 GetSubMenu
0x4c95c8 EnableMenuItem
0x4c95cc ClientToScreen
0x4c95d4 LoadImageA
0x4c95dc ShowWindow
0x4c95e0 IsWindowEnabled
0x4c95e8 GetKeyState
0x4c95f0 PostQuitMessage
0x4c95f4 IsZoomed
0x4c95f8 GetClassInfoA
0x4c95fc DefWindowProcA
0x4c9600 GetSystemMenu
0x4c9604 DeleteMenu
0x4c9608 GetMenu
0x4c960c SetMenu
0x4c9610 PeekMessageA
0x4c9614 IsIconic
0x4c9618 SetFocus
0x4c961c GetActiveWindow
0x4c9620 GetWindow
0x4c9628 SetWindowRgn
0x4c962c GetMessagePos
0x4c9630 ScreenToClient
0x4c9634 CopyRect
0x4c9638 LoadBitmapA
0x4c963c WinHelpA
0x4c9640 KillTimer
0x4c9644 SetTimer
0x4c9648 ReleaseCapture
0x4c964c GetCapture
0x4c9650 SetCapture
0x4c9654 GetScrollRange
0x4c9658 SetScrollRange
0x4c965c SetScrollPos
0x4c9660 SetRect
0x4c9664 InflateRect
0x4c9668 IntersectRect
0x4c966c DestroyIcon
0x4c9670 PtInRect
0x4c9674 OffsetRect
0x4c9678 IsWindowVisible
0x4c967c EnableWindow
0x4c9680 RedrawWindow
0x4c9684 GetWindowLongA
0x4c9688 SetWindowLongA
0x4c968c GetSysColor
0x4c9690 SetActiveWindow
0x4c9694 SetCursorPos
0x4c9698 LoadCursorA
0x4c969c SetCursor
0x4c96a0 GetDC
0x4c96a4 FillRect
0x4c96a8 IsRectEmpty
0x4c96ac ReleaseDC
0x4c96b0 IsChild
0x4c96b4 TrackPopupMenu
0x4c96b8 DestroyMenu
0x4c96bc SetForegroundWindow
0x4c96c0 GetWindowRect
0x4c96c4 EqualRect
0x4c96c8 UpdateWindow
0x4c96cc ValidateRect
0x4c96d0 InvalidateRect
0x4c96d4 GetClientRect
0x4c96d8 GetFocus
0x4c96dc GetParent
0x4c96e0 GetTopWindow
0x4c96e4 PostMessageA
0x4c96e8 IsWindow
0x4c96ec SetParent
0x4c96f0 DestroyCursor
0x4c96f4 SendMessageA
0x4c96f8 SetWindowPos
0x4c96fc MessageBeep
0x4c9700 MessageBoxA
0x4c9704 GetCursorPos
0x4c9708 GetSystemMetrics
0x4c970c EmptyClipboard
0x4c9710 SetClipboardData
0x4c9714 OpenClipboard
0x4c9718 GetClipboardData
0x4c971c CloseClipboard
0x4c9720 wsprintfA
0x4c9724 LoadStringA
0x4c9728 SetRectEmpty
0x4c972c MapDialogRect
0x4c9734 UnregisterClassA
库: GDI32.dll:
0x4c907c CreateRectRgn
0x4c9080 CombineRgn
0x4c9084 PatBlt
0x4c9088 CreatePen
0x4c908c GetObjectA
0x4c9090 SelectObject
0x4c9094 CreatePatternBrush
0x4c9098 CreateBitmap
0x4c909c CreateBrushIndirect
0x4c90a0 CreateDCA
0x4c90a8 GetPolyFillMode
0x4c90ac GetStretchBltMode
0x4c90b0 CreateFontA
0x4c90b4 SetWindowOrgEx
0x4c90b8 SaveDC
0x4c90bc RestoreDC
0x4c90c0 CreatePenIndirect
0x4c90c4 PtVisible
0x4c90c8 RectVisible
0x4c90cc ExtTextOutA
0x4c90d0 Escape
0x4c90d4 SetPolyFillMode
0x4c90d8 SetROP2
0x4c90dc SetMapMode
0x4c90e0 SetViewportOrgEx
0x4c90e4 OffsetViewportOrgEx
0x4c90e8 SetViewportExtEx
0x4c90ec ScaleViewportExtEx
0x4c90f0 SetWindowExtEx
0x4c90f4 ScaleWindowExtEx
0x4c90f8 GetClipBox
0x4c90fc ExcludeClipRect
0x4c9100 FillRgn
0x4c9104 LineTo
0x4c9108 CreateSolidBrush
0x4c910c ExtSelectClipRgn
0x4c9110 GetViewportExtEx
0x4c9114 GetTextMetricsA
0x4c9118 GetMapMode
0x4c911c SetBkColor
0x4c9124 CreateDIBSection
0x4c9128 SetPixel
0x4c912c ExtCreateRegion
0x4c9130 SetStretchBltMode
0x4c9134 GetClipRgn
0x4c9138 CreatePolygonRgn
0x4c913c SelectClipRgn
0x4c9140 DeleteObject
0x4c9144 CreateDIBitmap
0x4c914c CreatePalette
0x4c9150 StretchBlt
0x4c9154 SelectPalette
0x4c9158 RealizePalette
0x4c915c GetDIBits
0x4c9160 GetWindowExtEx
0x4c9164 GetViewportOrgEx
0x4c9168 GetWindowOrgEx
0x4c916c BeginPath
0x4c9170 EndPath
0x4c9174 PathToRegion
0x4c9178 CreateEllipticRgn
0x4c917c CreateRoundRectRgn
0x4c9180 GetTextColor
0x4c9184 SetDIBitsToDevice
0x4c9188 GetPixel
0x4c918c CreateCompatibleDC
0x4c9190 SetPixelV
0x4c9194 Ellipse
0x4c9198 Rectangle
0x4c919c LPtoDP
0x4c91a0 DPtoLP
0x4c91a4 GetCurrentObject
0x4c91a8 RoundRect
0x4c91ac SetTextColor
0x4c91b0 SetBkMode
0x4c91b4 GetStockObject
0x4c91b8 CreateFontIndirectA
0x4c91bc EndPage
0x4c91c0 EndDoc
0x4c91c4 DeleteDC
0x4c91c8 StartDocA
0x4c91cc StartPage
0x4c91d0 BitBlt
0x4c91d8 MoveToEx
0x4c91e0 GetDeviceCaps
0x4c91e4 GetBkMode
0x4c91e8 GetBkColor
0x4c91ec GetROP2
0x4c91f0 TextOutA
库: MSIMG32.dll:
0x4c9414 GradientFill
库: WINSPOOL.DRV:
0x4c9788 DocumentPropertiesA
0x4c978c OpenPrinterA
0x4c9790 ClosePrinter
库: comdlg32.dll:
0x4c97c0 GetFileTitleA
0x4c97c4 GetSaveFileNameA
0x4c97c8 GetOpenFileNameA
0x4c97cc ChooseColorA
库: ADVAPI32.dll:
0x4c9000 RegCreateKeyExA
0x4c9004 RegQueryValueA
0x4c9008 RegSetValueExA
0x4c900c RegOpenKeyExA
0x4c9010 RegCloseKey
库: SHELL32.dll:
0x4c9478 Shell_NotifyIconA
0x4c947c ShellExecuteA
0x4c9480 DragAcceptFiles
0x4c9484 DragFinish
0x4c9488 DragQueryFileA
库: ole32.dll:
0x4c97e8 CoGetClassObject
0x4c97ec OleFlushClipboard
0x4c97f0 CoTaskMemFree
0x4c97f4 CoRevokeClassObject
0x4c97f8 CoTaskMemAlloc
0x4c97fc CLSIDFromProgID
0x4c9800 OleInitialize
0x4c9804 OleUninitialize
0x4c9808 CLSIDFromString
库: OLEAUT32.dll:
0x4c9424 SafeArrayAccessData
0x4c942c SafeArrayGetDim
0x4c9430 SafeArrayGetLBound
0x4c9434 SafeArrayGetUBound
0x4c9438 VariantChangeType
0x4c943c VariantClear
0x4c9440 VariantCopy
0x4c9444 SysAllocString
0x4c9448 SafeArrayCreate
0x4c944c LoadTypeLib
0x4c9450 SysFreeString
0x4c945c SysAllocStringLen
0x4c9460 SysStringLen
0x4c9468 UnRegisterTypeLib
0x4c9470 RegisterTypeLib
库: COMCTL32.dll:
0x4c9024 ImageList_EndDrag
0x4c902c ImageList_DragMove
0x4c9030 ImageList_DragLeave
0x4c9034 ImageList_DragEnter
0x4c9038 ImageList_Destroy
0x4c903c ImageList_Create
0x4c9040 ImageList_BeginDrag
0x4c9044 ImageList_Add
0x4c9048 ImageList_Draw
0x4c904c ImageList_AddMasked
0x4c9050 _TrackMouseEvent
0x4c9060 ImageList_GetIcon
0x4c9064 ImageList_Duplicate
0x4c906c ImageList_Write
0x4c9070 ImageList_Read
0x4c9074 None
库: oledlg.dll:
0x4c9814 None
.text
`.rdata
@.data
.rsrc
8`}<j
T$th
D$@Sj
L$8h
D$8Rj
l$<VWj
没有防病毒引擎扫描信息!

进程树

LYShark1.exe, PID: 2484, 上一级进程 PID: 2240
services.exe, PID: 424, 上一级进程 PID: 328
svchost.exe, PID: 2988, 上一级进程 PID: 424
WerFault.exe, PID: 688, 上一级进程 PID: 2988
taskhost.exe, PID: 1596, 上一级进程 PID: 424
mscorsvw.exe, PID: 624, 上一级进程 PID: 424
mscorsvw.exe, PID: 1860, 上一级进程 PID: 424
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
45.248.9.242 未知 未知
45.248.9.53 未知 未知

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49162 184.28.98.99 80
192.168.122.201 49160 45.248.9.242 w4.eydata.net 443
192.168.122.201 49161 45.248.9.53 w.eydata.net 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 53118 192.168.122.1 53
192.168.122.201 57526 192.168.122.1 53
192.168.122.201 63246 192.168.122.1 53

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49162 184.28.98.99 80
192.168.122.201 49160 45.248.9.242 w4.eydata.net 443
192.168.122.201 49161 45.248.9.53 w.eydata.net 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 53118 192.168.122.1 53
192.168.122.201 57526 192.168.122.1 53
192.168.122.201 63246 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2022-07-04 18:54:56.521495+0800 192.168.122.201 49160 45.248.9.242 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign GCC R3 DV TLS CA 2020 CN=*.eydata.net ae:a7:d2:c0:71:1f:f0:db:10:a7:c6:63:9c:12:63:70:82:27:13:73
2022-07-04 18:54:56.987177+0800 192.168.122.201 49161 45.248.9.53 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign GCC R3 DV TLS CA 2020 CN=*.eydata.net ae:a7:d2:c0:71:1f:f0:db:10:a7:c6:63:9c:12:63:70:82:27:13:73

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 44.366 seconds )

  • 20.686 NetworkAnalysis
  • 10.451 Suricata
  • 7.029 Static
  • 4.0 BehaviorAnalysis
  • 1.04 VirusTotal
  • 0.811 TargetInfo
  • 0.318 peid
  • 0.011 AnalysisInfo
  • 0.011 Strings
  • 0.007 config_decoder
  • 0.002 Memory

Signatures ( 3.124 seconds )

  • 1.323 md_url_bl
  • 0.266 antidbg_windows
  • 0.265 api_spamming
  • 0.205 stealth_timeout
  • 0.195 stealth_decoy_document
  • 0.092 packer_themida
  • 0.091 injection_createremotethread
  • 0.088 injection_explorer
  • 0.077 antivm_vbox_window
  • 0.064 antiav_detectreg
  • 0.06 antisandbox_script_timer
  • 0.056 injection_runpe
  • 0.053 browser_needed
  • 0.025 infostealer_ftp
  • 0.019 stealth_file
  • 0.015 infostealer_im
  • 0.013 antianalysis_detectreg
  • 0.011 md_domain_bl
  • 0.01 mimics_filetime
  • 0.01 antiav_detectfile
  • 0.009 reads_self
  • 0.009 antivm_generic_disk
  • 0.009 virus
  • 0.008 bootkit
  • 0.008 antivm_generic_scsi
  • 0.008 shifu_behavior
  • 0.008 infostealer_mail
  • 0.007 infostealer_bitcoin
  • 0.006 anomaly_persistence_autorun
  • 0.006 geodo_banking_trojan
  • 0.005 hancitor_behavior
  • 0.005 ransomware_extensions
  • 0.005 ransomware_files
  • 0.004 antivm_vbox_libs
  • 0.004 antivm_generic_services
  • 0.004 kibex_behavior
  • 0.004 kovter_behavior
  • 0.004 antivm_vbox_files
  • 0.003 antiemu_wine_func
  • 0.003 antisandbox_sleep
  • 0.003 betabot_behavior
  • 0.003 infostealer_browser_password
  • 0.003 anormaly_invoke_kills
  • 0.003 antivm_parallels_keys
  • 0.003 antivm_xen_keys
  • 0.003 darkcomet_regkeys
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 rat_nanocore
  • 0.002 maldun_anomaly_massive_file_ops
  • 0.002 antisandbox_sunbelt_libs
  • 0.002 antivm_generic_diskreg
  • 0.002 disables_browser_warn
  • 0.002 network_torgateway
  • 0.002 recon_fingerprint
  • 0.001 hawkeye_behavior
  • 0.001 network_tor
  • 0.001 antiav_avast_libs
  • 0.001 dridex_behavior
  • 0.001 antivm_vmware_libs
  • 0.001 antisandbox_sboxie_libs
  • 0.001 antiav_bitdefender_libs
  • 0.001 exec_crash
  • 0.001 cerber_behavior
  • 0.001 bypass_firewall
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antisandbox_productid
  • 0.001 antivm_generic_system
  • 0.001 antivm_xen_keys
  • 0.001 antivm_hyperv_keys
  • 0.001 antivm_vbox_acpi
  • 0.001 antivm_vbox_keys
  • 0.001 antivm_vmware_keys
  • 0.001 antivm_vpc_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 maldun_anomaly_invoke_vb_vba
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 packer_armadillo_regkey
  • 0.001 rat_pcclient

Reporting ( 0.582 seconds )

  • 0.575 ReportHTMLSummary
  • 0.007 Malheur
Task ID 697923
Mongo ID 62c2c7abdc327b97d6050c30
Cuckoo release 1.4-Maldun