分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2023-11-22 20:27:11 | 2023-11-22 20:28:11 | 60 秒 |
魔盾分数
10.0
危险的
文件详细信息
| 文件名 | Wub_x64.exe |
|---|---|
| 文件大小 | 961600 字节 |
| 文件类型 | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 9d6778f7f274f7ecd4e7e875a7268b64 |
| SHA1 | 452fa439f1cc0b9fcc37cf4b8cfff96e8cc348aa |
| SHA256 | 187eeee9e518011de1b87cfb0ed03e12ea551e9011f0c8defdd0e4535e672da2 |
| SHA512 | d51df55a5f903ec624550e847459bfa52fb19e892a58fe2de41251d9d98890b36f26a4950ad75f900de0311b5330066aaece11ec5e549d5b3867a61a344e0b87 |
| CRC32 | 6119E6DD |
| Ssdeep | 24576:12DW/xbqX2YIbzQsu3/PNLIQFHyBvGThpZY9:12EmXGQsW/PN0QNlZI |
| Yara | 登录查看Yara规则 |
| 找不到该样本 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x140000000 |
|---|---|
| 入口地址 | 0x14001d47c |
| 声明校验值 | 0x000f8b5e |
| 实际校验值 | 0x000f8b5e |
| 最低操作系统版本要求 | 5.2 |
| 编译时间 | 2010-04-16 15:47:52 |
| 载入哈希 | 58f9531839fd9806cc1341c1500fe433 |
| 图标 |  |
| 图标精确哈希值 | 513675486763bd38b5c1e17322abd667 |
| 图标相似性哈希值 | 310d8c196a0ff8ccf5f8e19963edeef6 |
版本信息
| LegalCopyright | |
|---|---|
| Coder | |
| FileVersion | |
| CompanyName | |
| Comments | |
| ProductVersion | |
| FileDescription | |
| OriginalFilename | |
| Translation |
微软证书验证 (Sign Tool)
| SHA1 | 时间戳 | 有效性 | 错误 |
|---|---|---|---|
| 228c2021a87d2d0597595486c4a259bca72f99ef | Sat Jun 10 02:57:19 2023 | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. |
| 证书链 | Certificate Chain 1 |
| 发行给 | Sordum Software |
| 发行人 | Sordum Software |
| 有效期 | Sun Aug 01 050000 2032 |
| SHA1 哈希 | 56cbbf533d922f3301ca694e316ef224ba97f127 |
| 证书链 | Timestamp Chain 1 |
| 发行给 | GlobalSign |
| 发行人 | GlobalSign |
| 有效期 | Sun Dec 10 080000 2034 |
| SHA1 哈希 | 8094640eb5a7a1ca119c1fddd59f810263a7fbd1 |
| 证书链 | Timestamp Chain 2 |
| 发行给 | GlobalSign Timestamping CA - SHA384 - G4 |
| 发行人 | GlobalSign |
| 有效期 | Sun Dec 10 080000 2034 |
| SHA1 哈希 | f585500925786f88e721d235240a2452ae3d23f9 |
| 证书链 | Timestamp Chain 3 |
| 发行给 | Globalsign TSA for MS Authenticode Advanced - G4 |
| 发行人 | GlobalSign Timestamping CA - SHA384 - G4 |
| 有效期 | Sun May 08 154158 2033 |
| SHA1 哈希 | 31030e176aa4592eab2c8bade83299fcb5585dcf |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00095ac1 | 0x00095c00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.43 |
| .rdata | 0x00097000 | 0x0001569c | 0x00015800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.10 |
| .data | 0x000ad000 | 0x0001cb08 | 0x00007600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 2.17 |
| .pdata | 0x000ca000 | 0x00006a14 | 0x00006c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.77 |
| .rsrc | 0x000d1000 | 0x0001391c | 0x00013a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.18 |
覆盖
| 偏移量 | 0x000cd400 |
| 大小 | 0x0001d840 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| RT_ICON | 0x000ddd00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 4.20 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000ddd00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 4.20 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000ddd00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 4.20 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000ddd00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 4.20 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000ddd00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 4.20 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000ddd00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 4.20 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000ddd00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 4.20 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000ddd00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 4.20 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000ddd00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 4.20 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000ddd00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 4.20 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000ddd00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 4.20 | GLS_BINARY_LSB_FIRST |
| RT_STRING | 0x000de6bc | 0x000000c4 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 3.01 | data |
| RT_STRING | 0x000de6bc | 0x000000c4 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 3.01 | data |
| RT_STRING | 0x000de6bc | 0x000000c4 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 3.01 | data |
| RT_RCDATA | 0x000e31dc | 0x00000eb0 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 7.94 | PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced |
| RT_RCDATA | 0x000e31dc | 0x00000eb0 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 7.94 | PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced |
| RT_RCDATA | 0x000e31dc | 0x00000eb0 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 7.94 | PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced |
| RT_RCDATA | 0x000e31dc | 0x00000eb0 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 7.94 | PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced |
| RT_RCDATA | 0x000e31dc | 0x00000eb0 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 7.94 | PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced |
| RT_GROUP_ICON | 0x000e4144 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 2.08 | MS Windows icon resource - 1 icon, 16x16 |
| RT_GROUP_ICON | 0x000e4144 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 2.08 | MS Windows icon resource - 1 icon, 16x16 |
| RT_GROUP_ICON | 0x000e4144 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 2.08 | MS Windows icon resource - 1 icon, 16x16 |
| RT_GROUP_ICON | 0x000e4144 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 2.08 | MS Windows icon resource - 1 icon, 16x16 |
| RT_GROUP_ICON | 0x000e4144 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 2.08 | MS Windows icon resource - 1 icon, 16x16 |
| RT_GROUP_ICON | 0x000e4144 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 2.08 | MS Windows icon resource - 1 icon, 16x16 |
| RT_GROUP_ICON | 0x000e4144 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 2.08 | MS Windows icon resource - 1 icon, 16x16 |
| RT_GROUP_ICON | 0x000e4144 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 2.08 | MS Windows icon resource - 1 icon, 16x16 |
| RT_VERSION | 0x000e4158 | 0x00000324 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 3.44 | data |
| RT_MANIFEST | 0x000e447c | 0x0000049e | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 5.25 | XML 1.0 document, ASCII text, with CRLF line terminators |
导入
库: WSOCK32.dll:
• 0x140097f48 __WSAFDIsSet
• 0x140097f50 setsockopt
• 0x140097f58 ntohs
• 0x140097f60 recvfrom
• 0x140097f68 sendto
• 0x140097f70 htons
• 0x140097f78 select
• 0x140097f80 listen
• 0x140097f88 WSAStartup
• 0x140097f90 bind
• 0x140097f98 closesocket
• 0x140097fa0 connect
• 0x140097fa8 socket
• 0x140097fb0 send
• 0x140097fb8 WSACleanup
• 0x140097fc0 ioctlsocket
• 0x140097fc8 accept
• 0x140097fd0 WSAGetLastError
• 0x140097fd8 inet_addr
• 0x140097fe0 gethostbyname
• 0x140097fe8 gethostname
• 0x140097ff0 recv
库: VERSION.dll:
• 0x140097e90 VerQueryValueW
• 0x140097e98 GetFileVersionInfoW
• 0x140097ea0 GetFileVersionInfoSizeW
库: COMCTL32.dll:
• 0x140097118 ImageList_Remove
• 0x140097120 ImageList_SetDragCursorImage
• 0x140097128 ImageList_BeginDrag
• 0x140097130 ImageList_DragEnter
• 0x140097138 ImageList_DragLeave
• 0x140097140 ImageList_EndDrag
• 0x140097148 ImageList_DragMove
• 0x140097150 ImageList_ReplaceIcon
• 0x140097158 ImageList_Create
• 0x140097160 InitCommonControlsEx
• 0x140097168 ImageList_Destroy
库: MPR.dll:
• 0x140097800 WNetCancelConnection2W
• 0x140097808 WNetGetConnectionW
• 0x140097810 WNetAddConnection2W
• 0x140097818 WNetUseConnectionW
库: WININET.dll:
• 0x140097eb0 InternetReadFile
• 0x140097eb8 InternetCloseHandle
• 0x140097ec0 InternetOpenW
• 0x140097ec8 InternetSetOptionW
• 0x140097ed0 InternetCrackUrlW
• 0x140097ed8 HttpQueryInfoW
• 0x140097ee0 InternetConnectW
• 0x140097ee8 HttpOpenRequestW
• 0x140097ef0 HttpSendRequestW
• 0x140097ef8 FtpOpenFileW
• 0x140097f00 FtpGetFileSize
• 0x140097f08 InternetOpenUrlW
• 0x140097f10 InternetQueryOptionW
• 0x140097f18 InternetQueryDataAvailable
库: PSAPI.DLL:
• 0x1400978b0 EnumProcesses
• 0x1400978b8 GetModuleBaseNameW
• 0x1400978c0 GetProcessMemoryInfo
• 0x1400978c8 EnumProcessModules
库: USERENV.dll:
• 0x140097e68 CreateEnvironmentBlock
• 0x140097e70 DestroyEnvironmentBlock
• 0x140097e78 UnloadUserProfile
• 0x140097e80 LoadUserProfileW
库: KERNEL32.dll:
• 0x1400972b0 HeapAlloc
• 0x1400972b8 Sleep
• 0x1400972c0 GetCurrentThreadId
• 0x1400972c8 RaiseException
• 0x1400972d0 MulDiv
• 0x1400972d8 GetVersionExW
• 0x1400972e0 GetSystemInfo
• 0x1400972e8 MultiByteToWideChar
• 0x1400972f0 WideCharToMultiByte
• 0x1400972f8 GetModuleHandleW
• 0x140097300 QueryPerformanceCounter
• 0x140097308 VirtualFreeEx
• 0x140097310 OpenProcess
• 0x140097318 VirtualAllocEx
• 0x140097320 WriteProcessMemory
• 0x140097328 ReadProcessMemory
• 0x140097330 CreateFileW
• 0x140097338 SetFilePointerEx
• 0x140097340 ReadFile
• 0x140097348 WriteFile
• 0x140097350 FlushFileBuffers
• 0x140097358 TerminateProcess
• 0x140097360 CreateToolhelp32Snapshot
• 0x140097368 Process32FirstW
• 0x140097370 Process32NextW
• 0x140097378 SetFileTime
• 0x140097380 GetFileAttributesW
• 0x140097388 FindFirstFileW
• 0x140097390 FindClose
• 0x140097398 DeleteFileW
• 0x1400973a0 FindNextFileW
• 0x1400973a8 lstrcmpiW
• 0x1400973b0 MoveFileW
• 0x1400973b8 CopyFileW
• 0x1400973c0 CreateDirectoryW
• 0x1400973c8 RemoveDirectoryW
• 0x1400973d0 SetSystemPowerState
• 0x1400973d8 QueryPerformanceFrequency
• 0x1400973e0 FindResourceW
• 0x1400973e8 LoadResource
• 0x1400973f0 LockResource
• 0x1400973f8 SizeofResource
• 0x140097400 EnumResourceNamesW
• 0x140097408 OutputDebugStringW
• 0x140097410 GetProcessHeap
• 0x140097418 CompareStringW
• 0x140097420 CompareStringA
• 0x140097428 DeleteCriticalSection
• 0x140097430 EnterCriticalSection
• 0x140097438 LeaveCriticalSection
• 0x140097440 InitializeCriticalSectionAndSpinCount
• 0x140097448 GetStdHandle
• 0x140097450 CreatePipe
• 0x140097458 TerminateThread
• 0x140097460 GetTempPathW
• 0x140097468 GetTempFileNameW
• 0x140097470 VirtualFree
• 0x140097478 FormatMessageW
• 0x140097480 GetExitCodeProcess
• 0x140097488 SetErrorMode
• 0x140097490 GetPrivateProfileStringW
• 0x140097498 WritePrivateProfileStringW
• 0x1400974a0 GetPrivateProfileSectionW
• 0x1400974a8 WritePrivateProfileSectionW
• 0x1400974b0 GetPrivateProfileSectionNamesW
• 0x1400974b8 FileTimeToLocalFileTime
• 0x1400974c0 FileTimeToSystemTime
• 0x1400974c8 SystemTimeToFileTime
• 0x1400974d0 LocalFileTimeToFileTime
• 0x1400974d8 GetDriveTypeW
• 0x1400974e0 GetDiskFreeSpaceExW
• 0x1400974e8 GetDiskFreeSpaceW
• 0x1400974f0 GetVolumeInformationW
• 0x1400974f8 SetVolumeLabelW
• 0x140097500 CreateHardLinkW
• 0x140097508 DeviceIoControl
• 0x140097510 SetFileAttributesW
• 0x140097518 GetShortPathNameW
• 0x140097520 CreateEventW
• 0x140097528 SetEvent
• 0x140097530 GetEnvironmentVariableW
• 0x140097538 SetEnvironmentVariableW
• 0x140097540 GlobalLock
• 0x140097548 GlobalUnlock
• 0x140097550 GlobalAlloc
• 0x140097558 GetFileSize
• 0x140097560 GlobalFree
• 0x140097568 GlobalMemoryStatusEx
• 0x140097570 Beep
• 0x140097578 GetComputerNameW
• 0x140097580 GetWindowsDirectoryW
• 0x140097588 GetSystemDirectoryW
• 0x140097590 GetCurrentProcessId
• 0x140097598 GetCurrentThread
• 0x1400975a0 GetProcessIoCounters
• 0x1400975a8 CreateProcessW
• 0x1400975b0 SetPriorityClass
• 0x1400975b8 LoadLibraryW
• 0x1400975c0 VirtualAlloc
• 0x1400975c8 LoadLibraryExW
• 0x1400975d0 HeapFree
• 0x1400975d8 WaitForSingleObject
• 0x1400975e0 CreateThread
• 0x1400975e8 DuplicateHandle
• 0x1400975f0 GetLastError
• 0x1400975f8 CloseHandle
• 0x140097600 GetCurrentProcess
• 0x140097608 GetProcAddress
• 0x140097610 LoadLibraryA
• 0x140097618 FreeLibrary
• 0x140097620 GetModuleFileNameW
• 0x140097628 GetFullPathNameW
• 0x140097630 ExitProcess
• 0x140097638 ExitThread
• 0x140097640 GetSystemTimeAsFileTime
• 0x140097648 ResumeThread
• 0x140097650 GetStartupInfoW
• 0x140097658 EncodePointer
• 0x140097660 DecodePointer
• 0x140097668 FlsGetValue
• 0x140097670 FlsSetValue
• 0x140097678 SetCurrentDirectoryW
• 0x140097680 IsDebuggerPresent
• 0x140097688 GetCurrentDirectoryW
• 0x140097690 FlsFree
• 0x140097698 SetLastError
• 0x1400976a0 FlsAlloc
• 0x1400976a8 HeapSize
• 0x1400976b0 RtlUnwindEx
• 0x1400976b8 GetCPInfo
• 0x1400976c0 GetACP
• 0x1400976c8 GetOEMCP
• 0x1400976d0 IsValidCodePage
• 0x1400976d8 UnhandledExceptionFilter
• 0x1400976e0 SetUnhandledExceptionFilter
• 0x1400976e8 RtlVirtualUnwind
• 0x1400976f0 RtlLookupFunctionEntry
• 0x1400976f8 RtlCaptureContext
• 0x140097700 RtlPcToFileHeader
• 0x140097708 GetModuleFileNameA
• 0x140097710 HeapSetInformation
• 0x140097718 HeapCreate
• 0x140097720 SetHandleCount
• 0x140097728 GetFileType
• 0x140097730 GetStartupInfoA
• 0x140097738 SetStdHandle
• 0x140097740 GetConsoleCP
• 0x140097748 GetConsoleMode
• 0x140097750 LCMapStringW
• 0x140097758 LCMapStringA
• 0x140097760 SetFilePointer
• 0x140097768 GetTimeZoneInformation
• 0x140097770 GetDateFormatA
• 0x140097778 GetTimeFormatA
• 0x140097780 FreeEnvironmentStringsW
• 0x140097788 GetEnvironmentStringsW
• 0x140097790 GetCommandLineW
• 0x140097798 GetTickCount
• 0x1400977a0 HeapReAlloc
• 0x1400977a8 GetStringTypeA
• 0x1400977b0 GetStringTypeW
• 0x1400977b8 GetLocaleInfoA
• 0x1400977c0 WriteConsoleA
• 0x1400977c8 GetConsoleOutputCP
• 0x1400977d0 WriteConsoleW
• 0x1400977d8 CreateFileA
• 0x1400977e0 SetEndOfFile
• 0x1400977e8 GetLocalTime
• 0x1400977f0 SetEnvironmentVariableA
库: USER32.dll:
• 0x140097950 IsCharLowerW
• 0x140097958 IsCharUpperW
• 0x140097960 GetMenuStringW
• 0x140097968 GetSubMenu
• 0x140097970 GetCaretPos
• 0x140097978 IsZoomed
• 0x140097980 GetWindowLongW
• 0x140097988 MonitorFromPoint
• 0x140097990 GetMonitorInfoW
• 0x140097998 SetWindowLongW
• 0x1400979a0 SetLayeredWindowAttributes
• 0x1400979a8 FlashWindow
• 0x1400979b0 GetClassLongPtrW
• 0x1400979b8 TranslateAcceleratorW
• 0x1400979c0 IsDialogMessageW
• 0x1400979c8 GetSysColor
• 0x1400979d0 InflateRect
• 0x1400979d8 DrawFocusRect
• 0x1400979e0 DrawTextW
• 0x1400979e8 FrameRect
• 0x1400979f0 DrawFrameControl
• 0x1400979f8 FillRect
• 0x140097a00 PtInRect
• 0x140097a08 DestroyAcceleratorTable
• 0x140097a10 CreateAcceleratorTableW
• 0x140097a18 SetCursor
• 0x140097a20 GetWindowDC
• 0x140097a28 GetSystemMetrics
• 0x140097a30 SetWindowLongPtrW
• 0x140097a38 GetActiveWindow
• 0x140097a40 CharNextW
• 0x140097a48 wsprintfW
• 0x140097a50 RedrawWindow
• 0x140097a58 DrawMenuBar
• 0x140097a60 DestroyMenu
• 0x140097a68 SetMenu
• 0x140097a70 GetWindowTextLengthW
• 0x140097a78 CreateMenu
• 0x140097a80 IsDlgButtonChecked
• 0x140097a88 DefDlgProcW
• 0x140097a90 ReleaseCapture
• 0x140097a98 SetCapture
• 0x140097aa0 WindowFromPoint
• 0x140097aa8 DispatchMessageW
• 0x140097ab0 TranslateMessage
• 0x140097ab8 PeekMessageW
• 0x140097ac0 UnregisterHotKey
• 0x140097ac8 CharLowerBuffW
• 0x140097ad0 MonitorFromRect
• 0x140097ad8 LoadImageW
• 0x140097ae0 CreateIconFromResourceEx
• 0x140097ae8 mouse_event
• 0x140097af0 ExitWindowsEx
• 0x140097af8 SetActiveWindow
• 0x140097b00 FindWindowExW
• 0x140097b08 EnumThreadWindows
• 0x140097b10 SetMenuDefaultItem
• 0x140097b18 InsertMenuItemW
• 0x140097b20 IsMenu
• 0x140097b28 IsCharAlphaNumericW
• 0x140097b30 GetCursorPos
• 0x140097b38 DeleteMenu
• 0x140097b40 CheckMenuRadioItem
• 0x140097b48 GetMenuItemID
• 0x140097b50 GetMenuItemCount
• 0x140097b58 SetMenuItemInfoW
• 0x140097b60 GetMenuItemInfoW
• 0x140097b68 SetForegroundWindow
• 0x140097b70 IsIconic
• 0x140097b78 FindWindowW
• 0x140097b80 IsClipboardFormatAvailable
• 0x140097b88 keybd_event
• 0x140097b90 SendInput
• 0x140097b98 GetAsyncKeyState
• 0x140097ba0 SetKeyboardState
• 0x140097ba8 GetKeyboardState
• 0x140097bb0 GetKeyState
• 0x140097bb8 VkKeyScanW
• 0x140097bc0 LoadStringW
• 0x140097bc8 DialogBoxParamW
• 0x140097bd0 MessageBeep
• 0x140097bd8 EndDialog
• 0x140097be0 SendDlgItemMessageW
• 0x140097be8 GetDlgItem
• 0x140097bf0 SetWindowTextW
• 0x140097bf8 CopyRect
• 0x140097c00 ReleaseDC
• 0x140097c08 GetDC
• 0x140097c10 EndPaint
• 0x140097c18 BeginPaint
• 0x140097c20 GetClientRect
• 0x140097c28 GetMenu
• 0x140097c30 DestroyWindow
• 0x140097c38 EnumWindows
• 0x140097c40 IsWindow
• 0x140097c48 IsWindowEnabled
• 0x140097c50 IsWindowVisible
• 0x140097c58 EnableWindow
• 0x140097c60 InvalidateRect
• 0x140097c68 GetWindowLongPtrW
• 0x140097c70 GetWindowThreadProcessId
• 0x140097c78 AttachThreadInput
• 0x140097c80 GetFocus
• 0x140097c88 GetWindowTextW
• 0x140097c90 ScreenToClient
• 0x140097c98 SendMessageTimeoutW
• 0x140097ca0 EnumChildWindows
• 0x140097ca8 CharUpperBuffW
• 0x140097cb0 GetClassNameW
• 0x140097cb8 GetParent
• 0x140097cc0 GetDlgCtrlID
• 0x140097cc8 SendMessageW
• 0x140097cd0 MapVirtualKeyW
• 0x140097cd8 PostMessageW
• 0x140097ce0 GetWindowRect
• 0x140097ce8 SetUserObjectSecurity
• 0x140097cf0 GetUserObjectSecurity
• 0x140097cf8 CloseDesktop
• 0x140097d00 CloseWindowStation
• 0x140097d08 IsCharAlphaW
• 0x140097d10 GetKeyboardLayoutNameW
• 0x140097d18 ClientToScreen
• 0x140097d20 RegisterHotKey
• 0x140097d28 GetCursorInfo
• 0x140097d30 SetWindowPos
• 0x140097d38 CopyImage
• 0x140097d40 AdjustWindowRectEx
• 0x140097d48 SetRect
• 0x140097d50 SetClipboardData
• 0x140097d58 EmptyClipboard
• 0x140097d60 CountClipboardFormats
• 0x140097d68 CloseClipboard
• 0x140097d70 TrackPopupMenuEx
• 0x140097d78 GetClipboardData
• 0x140097d80 OpenDesktopW
• 0x140097d88 SetProcessWindowStation
• 0x140097d90 GetProcessWindowStation
• 0x140097d98 OpenWindowStationW
• 0x140097da0 MessageBoxW
• 0x140097da8 DefWindowProcW
• 0x140097db0 MoveWindow
• 0x140097db8 SetFocus
• 0x140097dc0 PostQuitMessage
• 0x140097dc8 KillTimer
• 0x140097dd0 CreatePopupMenu
• 0x140097dd8 RegisterWindowMessageW
• 0x140097de0 SetTimer
• 0x140097de8 ShowWindow
• 0x140097df0 CreateWindowExW
• 0x140097df8 RegisterClassExW
• 0x140097e00 LoadIconW
• 0x140097e08 LoadCursorW
• 0x140097e10 GetSysColorBrush
• 0x140097e18 GetForegroundWindow
• 0x140097e20 MessageBoxA
• 0x140097e28 DestroyIcon
• 0x140097e30 OpenClipboard
• 0x140097e38 BlockInput
• 0x140097e40 GetMessageW
• 0x140097e48 SystemParametersInfoW
• 0x140097e50 LockWindowUpdate
• 0x140097e58 GetDesktopWindow
库: GDI32.dll:
• 0x140097190 DeleteObject
• 0x140097198 GetObjectW
• 0x1400971a0 GetTextExtentPoint32W
• 0x1400971a8 ExtCreatePen
• 0x1400971b0 StrokeAndFillPath
• 0x1400971b8 StrokePath
• 0x1400971c0 EndPath
• 0x1400971c8 SetPixel
• 0x1400971d0 CloseFigure
• 0x1400971d8 CreateCompatibleBitmap
• 0x1400971e0 CreateCompatibleDC
• 0x1400971e8 SelectObject
• 0x1400971f0 StretchBlt
• 0x1400971f8 GetDIBits
• 0x140097200 LineTo
• 0x140097208 AngleArc
• 0x140097210 MoveToEx
• 0x140097218 Ellipse
• 0x140097220 PolyDraw
• 0x140097228 BeginPath
• 0x140097230 Rectangle
• 0x140097238 GetDeviceCaps
• 0x140097240 SetBkMode
• 0x140097248 RoundRect
• 0x140097250 SetBkColor
• 0x140097258 CreatePen
• 0x140097260 CreateSolidBrush
• 0x140097268 SetTextColor
• 0x140097270 CreateFontW
• 0x140097278 GetTextFaceW
• 0x140097280 GetStockObject
• 0x140097288 CreateDCW
• 0x140097290 GetPixel
• 0x140097298 DeleteDC
• 0x1400972a0 SetViewportOrgEx
库: ADVAPI32.dll:
• 0x140097000 RegEnumValueW
• 0x140097008 RegDeleteValueW
• 0x140097010 RegDeleteKeyW
• 0x140097018 RegSetValueExW
• 0x140097020 RegCreateKeyExW
• 0x140097028 GetUserNameW
• 0x140097030 RegConnectRegistryW
• 0x140097038 RegEnumKeyExW
• 0x140097040 CloseServiceHandle
• 0x140097048 UnlockServiceDatabase
• 0x140097050 LockServiceDatabase
• 0x140097058 OpenSCManagerW
• 0x140097060 InitiateSystemShutdownExW
• 0x140097068 AdjustTokenPrivileges
• 0x140097070 RegCloseKey
• 0x140097078 RegQueryValueExW
• 0x140097080 RegOpenKeyExW
• 0x140097088 OpenThreadToken
• 0x140097090 OpenProcessToken
• 0x140097098 LookupPrivilegeValueW
• 0x1400970a0 DuplicateTokenEx
• 0x1400970a8 CreateProcessAsUserW
• 0x1400970b0 CreateProcessWithLogonW
• 0x1400970b8 InitializeSecurityDescriptor
• 0x1400970c0 InitializeAcl
• 0x1400970c8 GetLengthSid
• 0x1400970d0 CopySid
• 0x1400970d8 SetSecurityDescriptorDacl
• 0x1400970e0 LogonUserW
• 0x1400970e8 GetTokenInformation
• 0x1400970f0 GetAclInformation
• 0x1400970f8 GetAce
• 0x140097100 AddAce
• 0x140097108 GetSecurityDescriptorDacl
库: SHELL32.dll:
• 0x1400978d8 DragQueryPoint
• 0x1400978e0 ShellExecuteExW
• 0x1400978e8 SHGetFolderPathW
• 0x1400978f0 DragQueryFileW
• 0x1400978f8 SHEmptyRecycleBinW
• 0x140097900 SHBrowseForFolderW
• 0x140097908 SHFileOperationW
• 0x140097910 SHGetPathFromIDListW
• 0x140097918 SHGetDesktopFolder
• 0x140097920 SHGetMalloc
• 0x140097928 ExtractIconExW
• 0x140097930 Shell_NotifyIconW
• 0x140097938 ShellExecuteW
• 0x140097940 DragFinish
库: ole32.dll:
• 0x140098000 OleSetMenuDescriptor
• 0x140098008 MkParseDisplayName
• 0x140098010 OleSetContainedObject
• 0x140098018 CoInitialize
• 0x140098020 CoUninitialize
• 0x140098028 CoCreateInstance
• 0x140098030 CreateStreamOnHGlobal
• 0x140098038 CoTaskMemAlloc
• 0x140098040 CoTaskMemFree
• 0x140098048 CLSIDFromString
• 0x140098050 StringFromCLSID
• 0x140098058 IIDFromString
• 0x140098060 StringFromIID
• 0x140098068 OleInitialize
• 0x140098070 CreateBindCtx
• 0x140098078 CLSIDFromProgID
• 0x140098080 CoInitializeSecurity
• 0x140098088 CoCreateInstanceEx
• 0x140098090 CoSetProxyBlanket
• 0x140098098 OleUninitialize
库: OLEAUT32.dll:
• 0x140097828 SafeArrayAllocData
• 0x140097830 SafeArrayAllocDescriptorEx
• 0x140097838 SysAllocString
• 0x140097840 OleLoadPicture
• 0x140097848 SafeArrayGetVartype
• 0x140097850 SafeArrayDestroyData
• 0x140097858 SafeArrayAccessData
• 0x140097860 VariantInit
• 0x140097868 VariantCopy
• 0x140097870 VariantClear
• 0x140097878 VariantTimeToSystemTime
• 0x140097880 SafeArrayDestroyDescriptor
• 0x140097888 LoadRegTypeLib
• 0x140097890 GetActiveObject
• 0x140097898 SafeArrayUnaccessData
• 0x1400978a0 VarR8FromDec
.text
`.rdata
@.data
.pdata
@.rsrc
u?HcE
t*D9gDu$H=
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49157 | 42.99.140.11 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49157 | 42.99.140.11 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 21.108 seconds )
- 14.29 Suricata
- 3.41 VirusTotal
- 1.418 Static
- 0.585 peid
- 0.559 NetworkAnalysis
- 0.488 TargetInfo
- 0.312 BehaviorAnalysis
- 0.023 Strings
- 0.016 AnalysisInfo
- 0.005 config_decoder
- 0.002 Memory
Signatures ( 1.95 seconds )
- 1.656 md_url_bl
- 0.044 antiav_detectreg
- 0.017 api_spamming
- 0.015 infostealer_ftp
- 0.014 stealth_decoy_document
- 0.014 stealth_timeout
- 0.011 md_domain_bl
- 0.009 reads_self
- 0.009 antianalysis_detectreg
- 0.008 mimics_filetime
- 0.008 infostealer_mail
- 0.008 infostealer_im
- 0.007 anomaly_persistence_autorun
- 0.007 antiav_detectfile
- 0.006 infostealer_browser
- 0.006 antivm_vbox_files
- 0.006 geodo_banking_trojan
- 0.006 network_http
- 0.005 tinba_behavior
- 0.005 stealth_file
- 0.005 infostealer_bitcoin
- 0.005 ransomware_files
- 0.004 bootkit
- 0.004 rat_nanocore
- 0.004 antivm_generic_scsi
- 0.004 disables_browser_warn
- 0.004 ransomware_extensions
- 0.003 antivm_generic_disk
- 0.003 infostealer_browser_password
- 0.003 virus
- 0.003 bot_drive
- 0.002 antivm_generic_services
- 0.002 betabot_behavior
- 0.002 ursnif_behavior
- 0.002 ipc_namedpipe
- 0.002 kibex_behavior
- 0.002 shifu_behavior
- 0.002 anormaly_invoke_kills
- 0.002 cerber_behavior
- 0.002 antivm_parallels_keys
- 0.002 browser_security
- 0.002 md_bad_drop
- 0.001 antiemu_wine_func
- 0.001 network_tor
- 0.001 maldun_malicious_write_executeable_under_temp_to_regrun
- 0.001 maldun_anomaly_write_exe_and_obsfucate_extension
- 0.001 maldun_anomaly_massive_file_ops
- 0.001 kovter_behavior
- 0.001 hancitor_behavior
- 0.001 bypass_firewall
- 0.001 antianalysis_detectfile
- 0.001 antidbg_devices
- 0.001 antisandbox_productid
- 0.001 antivm_generic_diskreg
- 0.001 antivm_hyperv_keys
- 0.001 antivm_xen_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 modify_proxy
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 darkcomet_regkeys
- 0.001 maldun_malicious_drop_executable_file_to_temp_folder
- 0.001 network_cnc_http
- 0.001 recon_fingerprint
- 0.001 stealth_modify_uac_prompt
Reporting ( 0.812 seconds )
- 0.771 ReportHTMLSummary
- 0.041 Malheur
| Task ID | 734474 |
|---|---|
| Mongo ID | 655df3fe7e769a43f456c347 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号