恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-shaapp03-1	2024-03-27 17:12:53	2024-03-27 17:13:59	66 秒

魔盾分数

7.475

危险的

文件详细信息

文件名	皮蛋AI.exe
文件大小	3952128 字节
文件类型	PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
MD5	98f96dc1f18de95454757304c03b840f
SHA1	af192d40f9cede1d94398f1c25fa9b910a1f53d8
SHA256	802dda2e35ae55feef08502e26f9baeb0f9766e4f81625ccf730c74f15bdebfb
SHA512	4c41dc15e1ea0bdfd68d910119aa10e0647d6de1350afb10b24f6d7f4393f90b234c19df0a6e891e604be34323450b27c0b882c15bfd872f14fcabf8c6851625
CRC32	EF8C2DB4
Ssdeep	98304:XSmEcQKyTHWgGeDulW8bptjk1qrl4NXFKRBsgVOuvNR3QFUW6mU3:XvEch+H5FylW81Zk+GNVthUWT
Yara	登录查看Yara规则
	找不到该样本提交误报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	220.167.100.227	中国

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
api.ruikeyz.com	未知	CNAME vcpn5ak3.waf.dnsv.com.cn A 220.167.100.227 CNAME 92xahmw8.c-gtm.dnsv.com.cn A 222.211.73.226

摘要

登录查看详细行为信息

PE 信息

初始地址	0x00400000
入口地址	0x00400000
声明校验值	0x00000000
实际校验值	0x003d4946
最低操作系统版本要求	4.0
编译时间	2038-08-03 16:13:31
图标
图标精确哈希值	6a48ecf4f5650e87de771585012c855d
图标相似性哈希值	422e909e1d5237dae4f7a3c2f605c261

版本信息

Translation
LegalCopyright
Assembly Version
InternalName
FileVersion
CompanyName
LegalTrademarks
Comments
ProductName
ProductVersion
FileDescription
OriginalFilename

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00002000	0x003c0014	0x003c0200	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	7.99
.sdata	0x003c4000	0x000001e8	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	6.64
.rsrc	0x003c6000	0x000042a0	0x00004400	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	3.20

覆盖

偏移量	0x003c4c00
大小	0x00000200

资源

名称	偏移量	大小	语言	子语言	熵(Entropy)	文件类型
RT_ICON	0x003c7720	0x00002668	LANG_NEUTRAL	SUBLANG_NEUTRAL	2.88	data
RT_ICON	0x003c7720	0x00002668	LANG_NEUTRAL	SUBLANG_NEUTRAL	2.88	data
RT_ICON	0x003c7720	0x00002668	LANG_NEUTRAL	SUBLANG_NEUTRAL	2.88	data
RT_GROUP_ICON	0x003c9d88	0x00000030	LANG_NEUTRAL	SUBLANG_NEUTRAL	2.52	MS Windows icon resource - 3 icons, 16x16
RT_VERSION	0x003c9db8	0x000002fc	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.31	data
RT_MANIFEST	0x003ca0b4	0x000001ea	LANG_NEUTRAL	SUBLANG_NEUTRAL	5.00	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

装载信息

名称	\xe7\x9a\xae\xe8\x9b\x8bAI
版本	1.0.0.0

装载参考

名称	版本
mscorlib	4.0.0.0
Microsoft.ML.OnnxRuntime	0.0.0.0
System.Core	4.0.0.0
System.Memory	4.0.1.2
RuikeyzSDK	1.0.0.0
OpenCvSharp	1.0.0.0
System	4.0.0.0
mscorlib	65535.65535.65535.65535

.text
`.sdata
.rsrc
@.reloc
jY8^C
xjaU a
v4.0.30319
#Strings
#GUlD
#Blop
#GUID
#Blob
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
mscorlib
.ctor
System
Int32
Boolean
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
AssemblyTitleAttribute
System.Reflection
String
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
SuppressIldasmAttribute
7fafaa3d-769d-42a6-9913-ba3b283e3b74
AI.exe
<Module>
K1O0Y3rsSZ7QcJO6X6
XwsOe067fSMGNaAWR0
8sQa0PeDbOHfvA8AQL
FRexs3xn0l8kjqhm1B
Object
EmbeddedAttribute
Microsoft.CodeAnalysis
Attribute
NullableAttribute
NullableContextAttribute
RefSafetyRulesAttribute
MouseInput
ValueType
InputUnion
Input
Resources
PDAI.Properties
h7BP43B2x7huaa9J8J
GFm4jYFrdnlAQsao0j
BITMAPINFOHEADER
MyAppProject
BITMAPINFO
D1SDFJYOcFxcFn5W75
haO1LRbCmayit2ew4b
zsThsymkNJ72HJR3Hq
XZAUScM4dx28WTUZRZ
mrxLXVQHR3Ty9iR9xx
JmAGlX8XtvyclTPWgE
YoloPrediction
YOLOv5Detector
bYkpy5OANIRvBLrooa
Fq0DEAUOLviG28Yc5a
MTKDEm1N3E9Xb9Awi8
q8jnGOGxP4I8rj69pZ
gNpt0GhmgNIbO33SKD
nkqyIH3csBbMdyamTU
AssemblyLoader
Costura
nyFUKZqpgb2cVtYah4
yTf5Ci0SkMfqjuUECm
<Module>{00B51012-5F14-446F-8F8C-056CDAF04B39}
a8A12VlEL11GQFFLJk
rcSW9suhYJ8wl5Td2y
roahLgXRK37ci1A7kt
MulticastDelegate
xNQAIWsXTkoldGciRO
RFncf7er5EReQgT9vW
QtvmxRCpe4UGj1RFH6
e84xoGWcBZn9M4AEyx`1
SaNMA9nFqGu2LCBYqh
jVyyWSZuH4PtFPJLwl
TyVxhr9lolB839pkXD
zp0yWwPK242VvqXfTu
LZkCmBxi3d7AwoeoRO
ekTAbmEF0mtsOZEZER
Lt2adeR5Uuh75a6J4j
tDqgYiLUiSboVFc4NB
M6os6UDTclLVwG7DcS
pqe5piSbj2AHHo1DsB
xxlfhEjElMKujOqqZ9
haGxy7IJQDK80jMV9O
GtQ9gETnitL1s0fK20
<PrivateImplementationDetails>{C1391C1A-C9F7-439D-9D92-52BD80A7B93C}
__StaticArrayInitTypeSize=256
__StaticArrayInitTypeSize=40
__StaticArrayInitTypeSize=30
__StaticArrayInitTypeSize=32
__StaticArrayInitTypeSize=16
__StaticArrayInitTypeSize=64
__StaticArrayInitTypeSize=18
.cctor
XwoL7sa5jDIooikXst
ano5iA9k02gMWGOpXl
mLcUMyg7KdgiYk5rWY
lw1HnFQGJ84vDoUQLH
hC6WvbGqkVoB5ch5Mw
WXfQBICvdDLIQCwdYX
NullableFlags
RRrpKAKRu2vf3cTyI0
a0QBT44UUtOMxF13WW
Wlr3KGNflstQOJxA1B
jPnP9rcumCVcd4c4xC
d3Sj3dbnRx0V8RL2Z9
xoWFvSAoAPUYr9P1PF
eJep0T35uXRY8U0UTn
TU10WcmQLBfh5ehPtC
Version
fae61KJeVoawhAxYwS
RU6c5ihGVYd9ArKBnI
x7xNSeDK5ooo7iJSBH
It1JgairrotOc2Xrsc
mouseData
UInt32
dwFlags
dwExtraInfo
IntPtr
lLRUCmayi
T2e1w4bPs
K1Or0Y3sS
ResourceManager
System.Resources
get_Assembly
Assembly
bvwBsOe07
CultureInfo
System.Globalization
MSMFGNaAW
Rx7bhuaa9
UnmanagedMemoryStream
System.IO
erdMnlAQs
eJO8cFxcF
booDwMj4mjUIw7ug1e
xnpbIR8Gyd8dQMKm93
mYsFtJf5VbVUlfan7M
Yd63K3s7H1bBJGxb7S
D9nZ45X52CWDCibdaW
RuntimeTypeHandle
token
wPF4pCx0Mv3OTTpOP3
GetTypeFromHandle
P8JwaKnc92juWf77XR
oAeP9dqDfCbGprBUIl
gdJqQePh14cBEVB2HT
GetStream
ddXgqWBZDSlpnObISj
x7Q6cJO6X
C0MY7BP43
sj5YRvOo5hY5QNpN6d
LLcwlSoNmOsUZ0wIJh
S0TiykTnZrYV12vosL
pqjSpxY7CmJkRD3j4S
biSize
biWidth
biHeight
biPlanes
UInt16
biBitCount
biCompression
biSizeImage
biXPelsPerMeter
biYPelsPerMeter
biClrUsed
biClrImportant
Marshal
SizeOf
gHjYXsSS27JgpAcjXY
qelJWf6lk5EOEk0h7t
JhsGykNJ7
BitBlt
gdi32.dll
QHJhR3Hqv
CreateCompatibleBitmap
yAU3Sc4dx
CreateCompatibleDC
Q8WqTUZRZ
DeleteDC
mrx0LXVHR
DeleteObject
nTyl9iR9x
SelectObject
zwmuAGlXX
GetDIBits
XLigM20ekujHXXpTQX
i6E43aroI4HmeVNygB
nvkU22MfU4iIRkwinH
FNiMSCddlv2Mfcy3fK
TvyXclTPW
FindWindow
user32.dll
SErsYkpy5
GetDC
UNIeRvBLr
ReleaseDC
AnmUIh7OEDX5ZcXal2
WykSWHuLdtoyjUxEvk
H7ggaRwGyCTaG2t0AI
Jlq3jukYniAMGsK7dc
Inference
List`1
System.Collections.Generic
PoaCyq0DE
UOLWviG28
Single
ec57afTKD
AmNn3E9Xb
yAwZi8l8j
wGO9xP4I8
Label
Score
right
bottom
get_EqualityContract
get_Label
set_Label
value
get_Score
set_Score
get_left
set_left
get_top
set_top
get_right
set_right
get_bottom
set_bottom
ToString
StringBuilder
System.Text
PrintMembers
builder
op_Inequality
op_Equality
GetHashCode
EqualityComparer`1
get_Default
Equals
other
<Clone>$
original
Deconstruct
D7VWyozxeoraLgrLLu
fnxgKDRUGgnjBv8gb7D
eNjdJDZ8MW42bVQ33A
pGZlr0WcMZxRwXH8p1
aSposERR9y1fomjkaFi
ufNcHuRFBW5bK5mGCaO
citSnGRakdEU0Syld4h
qvUHcnR9oaq21JQlInE
Append
H6GGrURvrkyPpye1XUd
LkCnAeRHoCsgGy40FEw
RBddZ1RVuCkHNbRnqru
bnhoUWRpHgwWmKdymxm
RuntimeHelpers
EnsureSufficientExecutionStack
LRTb20RGcnOmCASKfaq
V8SKaFRCplMVWQHG3yj
nBAsseRgUAxhWvjp8iF
iIT9t9RQHbiuUdSjGHx
EqualityContract
IEquatable`1
fO3E3SKD3
InferenceSession
Microsoft.ML.OnnxRuntime
aqyRIHcsB
fMdLyamTU
IReadOnlyCollection`1
imgsize
nyFDUKZpg
f2cNVtYah
O9Tyf5CiS
aMfSqjuUE
umkj8A12V
BL1I1GQFF
CJkTucSW9
thYwJ8wl5
model_path
SessionOptions
AsReadOnly
ReadOnlyCollection`1
System.Collections.ObjectModel
get_InputMetadata
IReadOnlyDictionary`2
NodeMetadata
get_Keys
IEnumerable`1
Enumerable
System.Linq
System.Core
First
get_Values
ToList
get_Item
get_OutputMetadata
aj6P9pZmN
cpu_nms
boxes
threshold
Comparison`1
Count
set_Item
get_Count
bitmap_bytes
DenseTensor`1
Microsoft.ML.OnnxRuntime.Tensors
NamedOnnxValue
IDisposableReadOnlyCollection`1
DisposableNamedOnnxValue
Action`2
ParallelLoopState
System.Threading.Tasks
Parallel
ParallelLoopResult
Memory`1
System.Memory
ReadOnlySpan`1
op_Implicit
CreateFromTensor
Tensor`1
ToArray
AsEnumerable
Lt0xGmgNI
WbkfsrRKJJWRl7JxSWf
cryXoyR4KwAIwJwoVG7
jb1Vu8R3aPY4UB52EFh
r8rqHrRmbUch1WTAX3u
OrtLoggingLevel
set_LogSeverityLevel
dEFlEFRb3Lh0S8qM4Ae
ExecutionMode
set_ExecutionMode
d1RQpyRAFQhaC6mH8LU
set_EnableMemoryPattern
Ff2KJiRDkGrqmLrKx9X
AppendExecutionProvider_DML
StWliARiyIgqqMPf0Bm
get_Dimensions
rsUF5gRNt2iKIhoiN1N
TR411URcCpdC8pn8fNW
Qf1VSkRJ2KfSkYanatW
kSVKUMRhLuiMU5TgpuB
hjd5fgRltC1Ji3Z59mi
Qpff10RtlaUXgBGVkW0
HGip6JRInyFy4DYhDg7
C6QlC5R1vupO4AX7pvY
CgRpK37ci
kA7JktnNQ
Id2ayuoah
icxddPRfbKXHnbjPlkD
IpYjjIRLbDVgHOx3kpf
E4QbLyR5TbYK3GBOr3h
Lf0sCKRsFhnLPnrST8K
uRaZiYRjjIJY9w286HT
XGcKiRO2F
wcf47r5ER
uQgoT9vWH
TvmHxRpe4
TIWfXTkol
N1yLHrRx5fpwgBtZEqh
DcdAYaRnVadWlTMkLpe
NYG4VlR8twaC6h67KZq
XddcOtRXLO798n74Fdl
KFsQp2Rqwb51ghhGmIZ
kGj21RFH6
SendInput
e84gxoGcB
xn9cM4AEy
AlStyBKTH
oEsAkODVj
J7c5aNMA9
kJO1FhRTGqZ62TaLOrI
nPMNCqRYPANedDmoEqi
ca4QQEROj2edGU6Dapa
TdcTl6RPNhI71AAlmFZ
eGgos1RB3ibAyo8N5Qf
OKnMSTRoj5suvDA78ij
KAhM1hRSm9ufb0hesBm
UworFeoROY
dqGiu2LCB
timeBeginPeriod
winmm
eqhdOVyyW
PlaySound
GuHv4PtFP
timeGetTime
LLwVltyVx
Int16
GetAsyncKeyState
nrlzolB83
ypkrkXDPp0
RuikeyzSDK.Model2.In
RuikeyzSDK
RuikeyzSDK.Model2.Out
Ruikeyz
Action`1
FWwrrK242V
OpenCvSharp
TryParse
Point
Scalar
Double
MatType
CV_8UC3
Array
Int64
YqXr6fTupZ
Console
WriteLine
Concat
ReadLine
set_ForegroundColor
ConsoleColor
set_BackgroundColor
aCmrBBi3d7
SoundPlayer
System.Media
Exception
Stream
mfykCcR20MgwU7bbQZE
Process
GetCurrentProcess
UXmedgRMAtcayPgkSNf
Ah6glqR6B1MhicqyZw1
AIZDi8ReF01IdJOkJtY
jC60tHRdoU5bm4hN0L6
mrjV7UR0W1ZSVRluTPH
xF6up1RrvZRqIkA5jUo
RR07CmRwHlRNVeGgpot
vQcfJVRkZnqtbpT4Ohx
QrYAETR7fqsH97VJbyk
UduYZvRuEEwuhuFtNPB
RuikeyzSDK.Model2
AxEMABRyuyva6Z9SbHq
IKQgHGREHOgCw4NSOe9
Fg1lXURZ1dhSZewBylk
n0JQc2RWQTaMVinlOrg
bevAUSRzBK0aZrD2J9l
SQCITFFUDCjA5LPPCEh
sZY4cHFR4tpwoarCyo4
Vh8e3tFFceakcruanRt
Olus3kFa9VJB0CMAWiJ
Hk8I1UF9rM51YNglZl1
bwdZJGFvkeI4HdGsRj9
itbtVxFHr8JybmjpAIt
KF4kOxFVuVppZk9obKI
Start
C7DOtPFpANgbXjJ1vN2
Thread
System.Threading
Sleep
JLqlTYFGK5JTv5Nfuc6
Environment
IuqJe1FCODPGesuCAv5
EQnvXqFgahcDuRvF7kN
P6seR0FQHw7r1kgQAgb
get_Length
WuxaX4FN7qRYTYiq08v
uI4l22FciyP8qxhCrBb
iHc0eDFK4nsP3UOwPlJ
JPGJ4GF4L2PL0mjNEZ4
vUZkepF3q2kUDMumkZl
Fi60teFmtEHZXKWKqJ8
Exists
uaSXd4FbJ92PMaE5I3G
ReadAllLines
UtfLW1FAQvLC0MrpyKx
Split
IHKo5XFDKdZe4XjHRcC
oGp8ncFiNcT5GgbagVj
aZ73ESFJQulFMqYA2Qm
Format
hGgYLAFhXJ9u4G0xsSc
ChYSRfFlSh0TdgMpVVO
dlRYNGFtNk5PN0xPBZC
WriteAllText
kfniyuFIuDMWLd7xPpd
Parse
rGkrmWF1Mg1QRjvRwWw
fD0uqpFLDKJxAMGdWbQ
HiqdpmF5uLx0XwRZfA5
HsskOkFfZGafdRs9ds7
FprOl8Fs7xWfgPOPSNG
Clear
HoS925Fj1YdA937mBCH
B3EV3sF8StwN7FEmS4f
Hutm3EFXRf1A0MO7HAq
yukQjXFxuLA7rKYpLk8
e96icIFnwaOIlp5e1do
RKkawUFqdgMHCctAdB8
Ti97soFPui52iyk2ole
LineTypes
Rectangle
UXoDWLFB6DYNh8JgVxB
qGf3VyFTcnd7Fgi2iPQ
FrIBciFYQPaNjLaKrSr
ImShow
x80kUdFO5G0e5XTNw0G
WindowPropertyFlags
SetWindowProperty
U11YdKFoWHfjcNB1hdD
WaitKey
Y653ncFSSSeKV62WPIn
DestroyWindow
PjwKnDF6s1nU49g1drC
gd4QtmFesukHIyVedbr
IDisposable
Dispose
xPLY8ZF2Q3k6Sd3Y7fA
get_Message
GIhSvjFMDSjUBQ74hMm
n8vw4iFdqyiMfCkSukG
nullCacheLock
nullCache
Dictionary`2
assemblyNames
symbolNames
isAttached
CultureToString
culture
ReadExistingAssembly
AssemblyName
AppDomain
CopyTo
source
destination
LoadStream
fullName
DeflateStream
System.IO.Compression
MemoryStream
CompressionMode
resourceNames
TryGetValue
ReadStream
stream
ReadFromEmbeddedResources
requestedAssemblyName
get_Name
ToLowerInvariant
get_CultureInfo
IsNullOrEmpty
ResolveAssembly
sender
ResolveEventArgs
Monitor
Enter
ContainsKey
Attach
Interlocked
Exchange
ResolveEventHandler
SKKaqSFw0UvwPELUJeG
iIOiO1F0yDFG3y83Txc
sLjE5bFrxOeGxBTRhdO
wr3CjHFkrePN5XAtNWq
get_CurrentDomain
OyeU0hF7TqbH2l1iwXu
GetAssemblies
Rjlu83Fu3LulfhCsliq
GetName
lj88LBFy0ulaqcCEIpx
tYBiyoFEMvFiJvqP5O1
StringComparison
WBRxrDFZqWjQOroRrQ0
fUF0vyFWgEl2bByhGML
P0n8fDFzxxfkP9kAWwJ
Write
ixYJSXaUMTlMrUxjY0X
qHcDe0aR9yH2ejpVNT8
GetExecutingAssembly
iFCdQ8aFjejWPSRop9B
po4etvaaXWFFIbdLqaR
EndsWith
TRx9qga9G32wqjDww4R
GetManifestResourceStream
e4UZJuavaLQHHH0OYc1
wma08UaHUxGpJbI5hk6
set_Position
QSlmH3aVhtvo5Ek0xmZ
IjLufmapbt53jg85fYx
hll5dQaGtu1OGHOtaat
SKgigfaCylJcKt5YCTV
oRkrV3agESeXA8MtOXV
PmPSR4aQBDVBZIIjqfj
AssemblyNameFlags
get_Flags
DLxJpMaNDGCEbiwtZZq
wWSKr9acLeSeoGAqa1Y
prCRvOaKwLehAdg0NFj
TEgQs1a4yEJDM7ns3Bk
add_AssemblyResolve
aTArYbmF0m
uAhaqSkkor5xU
typemdt
FieldInfo
MethodInfo
GetFields
Wi1gffaJcrZYDqn1QHf
Module
ResolveType
GsIiooahcGr3RlG2WrY
MemberInfo
get_MetadataToken
RsxDQSalPFunVc9CO5r
ResolveMethod
MethodBase
nUE5kuat1lUQafowpvw
Delegate
CreateDelegate
hWscpnaInBifR8qLV9W
SetValue
GOFdMwaDMF7T0lGjAJ4
KKlg7Tailp3suwpi4xf
pOWxPVa1nEtwtuqihhv
JYibtqaLlfIHS2RYPR2
a2ifDJa5rYxxA9OqvbH
eA9VcLafTHNNY4MKFt8
xLQwCUastq4fWju8AUF
get_ManifestModule
Invoke
BeginInvoke
IAsyncResult
AsyncCallback
callback
object
EndInvoke
result
YR9rdMCo4G
ulkrzFeMGp
tQSrVU388H
XPortJpiWx
P0Rr2oN0OT
Yk56QuJ6Fj
DVI6FhDkXt
JAy6MEMgba
goq66W7Qye
BwQ6bYlv1T
jYn6kgQLDE
egb6huT21K
HGRriXhLEg
mvG685kEeA
FYwrgTS8pW
lQy6UFRHG1
dJX6Ow0Kvm
utRrHKWEDm
tXQ6mGJ2lj
ff46GVZgSE
Lyk6149mtr
F4irArWres
ad6rvYdWtN
lOa6BkeBBE
XA0rc4vJHx
iw66rsJeNn
IFlr5BWQkj
hK86YhChAT
InitializeArray
RuntimeFieldHandle
SortedList
System.Collections
Hashtable
RSACryptoServiceProvider
System.Security.Cryptography
set_UseMachineKeyStore
zOHaqSkx0cWel
TsOrbZEZER
UInt64
BitConverter
GetBytes
Lt2rmade5U
qh7rM5a6J4
HeDrQqgYiU
VSbr8oVFc4
EBfrO6os6U
IclrULVwG7
EcSr1SvQBo
SymmetricAlgorithm
AesCryptoServiceProvider
RijndaelManaged
Activator
CreateInstance
ObjectHandle
System.Runtime.Remoting
Unwrap
UddrGSx9r1
CryptoConfig
get_AllowOnlyFipsAlgorithms
arQrhxxMpg
MD5CryptoServiceProvider
HashAlgorithm
ComputeHash
lJcr3uU8mT
CryptoStream
ICryptoTransform
BinaryReader
CryptoStreamMode
Qo1rlDsBZx
qfhruEElMK
Convert
FromBase64String
Encoding
get_Unicode
GetString
rjOrXqqZ9M
RtlZeroMemory
kernel32.dll
KGxrsy7JQD
VirtualProtect
O80rejMV9O
FindResource
GtQrC9gEni
VirtualAlloc
TL1rWs0fK2
get_Size
ReadInt32
ReadInt64
AllocCoTaskMem
WriteIntPtr
WriteInt32
pVwr7Vu7Hh
a2WrnSscb2
uemrZSP418
GetMethod
jaTr9RopED
IEnumerator
ProcessModuleCollection
ProcessModule
ToInt32
ToInt64
ModuleHandle
GetField
BindingFlags
GetType
sGxrPTEQtD
get_Location
get_CodeBase
Replace
GetProperty
PropertyInfo
GetValue
bW6rx3B90b
LoadLibrary
kernel32
i8ErEt59Km
GetProcAddress
G6srRcO63V
WriteProcessMemory
wFArL6Y2IP
ReadProcessMemory
KVjrD3EXuF
BiKrNgn8E6
OpenProcess
IVPryTsWs1
CloseHandle
jTMrSbewGa
FileStream
FileMode
FileAccess
FileShare
srmrjDEBfW
set_Key
set_IV
CreateDecryptor
Close
EN3rIM7Sec
q9UrTTw56l
H41rwqF2fK
EmtraLaIuf
vCgrpIAJVm
GherJQdjIG
XP9rfvaK0F
pPSrKWPs91
q2Rr4BSQjo
loQroyt77y
fSyEKmccx00IyCvDhC
tw4VCxyVV65XwnJnHG
get_BaseStream
rcCYg7xZjqtbp1vrYE
bxVxOG1oklDB5YJhDs
pLTtwkW2fb1otM5EUF
ReadBytes
MnY2mE3fJ4EmNXgav3
lnMkO5e99ZF5BDNeYD
Reverse
Vlim0sYGnXJ8FqxaBR
rDiUpCdlGkmpUdXoWD
GetPublicKeyToken
NIl0PI7P6M1stbItD6
aaov0CsFQgdZJuXNbD
CipherMode
set_Mode
qfwr6S8s2r92xQN4aH
BqYGdyNbNEltJNuh4r
RjVBxIXUOdPWy6dqXh
FlushFinalBlock
sCIrhu2ZuQT0etE8fb
FFHidV9Se4P3eXUlOA
FHenVgmv74VPwYClJ1
bgK0aDPmW8jFmOhqIP
rfF03lIpmfJnwPMvm1
JwfbE1Qe9uDF7bccvO
MA0fYhF8jDwgk9ryJS
VHGlCThTJxQKPs6and
Mkw03HejlBQlF7ZXrd
GNPHXDo2XxpwHEyoBI
du2QSXJt0EUT4YAiPx
pXNOvU1PaRG8h7UwNF
g0P6RgWUNB7T1LjVL1
f6gq42jWUVZx0pmQGA
u679PLOdxUuN45yo6t
EI1XtC8SDEvC9APCbL
mKDIVgvWddF8cF9mht
CLVpiUXJ6tCdDcUHIm
sb8X9jUpRI23JZqcqK
bOmAVtwfGwkJvpX82C
IfLw1dcXockuf6wden
Pyamv5uqONYiybUvje
UkvcahGxD2m7SV3pAV
TlSlEfkGhKLO3pCMGr
BV2k2cIOcOW7YKbk2X
n6shlAqIoKqwoFjJaZ
WIteKVZhewBv7k0f3g
ep0ohINeZ6afdXZ8n3
to1Cn6637EtIu63v1v
ReadIntPtr
wvgU5mNnUlI2b3RPiy
EUKGOOsAUP67ItXyvj
jXYpaRibY5oKgWnGUR
e8v1HXRKi4apo8odwQ
Y5YxAjlqg14JFlq0H9
WriteInt64
FiHexqMsGbViY5Fgnb
DFdcp4dL9yVRqX1oQ5
IUMcuRjOpoZ6fmK0Ye
kvaqX7EK7JALUsDGYF
MstPkvXlftc2WobB2B
get_MainModule
yGi9Mr3a3vLRf1rK8d
get_BaseAddress
z7yltF59jn4WJkm5qA
OA2hoRa70s2Q7ybDZc
uXL6UXvdlwvyJbMPpB
MSND6LffJqlAhdXZ1M
jXqaSP29urb2v2I1us
get_Modules
wZh0YdK5IelCCMTg5Z
ReadOnlyCollectionBase
GetEnumerator
Xy1vNUOuhBPSQO5uXh
get_Current
VUBTgRB6Wg3OL5A88C
get_ModuleName
AgcUqTS4AdkmDbjGmV
ToLower
GmJLIA9T1ClU3i2u9v
MaybN1FeWXpBTfGk15
get_FileVersionInfo
FileVersionInfo
WGBV8UAXAxV4PYVLtD
get_ProductMajorPart
oao7uU41NdgorEJ8FJ
get_ProductMinorPart
D3X2pcupAawDfljitd
get_ProductBuildPart
p6bw0aYn2SrbHPNd34
get_ProductPrivatePart
O5N3f8IPVdPo52F3ja
op_GreaterThanOrEqual
X48yODwXxSY5rgG83E
op_LessThan
M4cRN3qSOY0Jl0dlcI
MoveNext
e13oy7mHkd3vDdRaFy
D32Ld1nJblrflhpnX3
pURqm5y4YB0T7MVGEu
WTsXb41uUA2920Eu2e
ls4FGDtWOPOZtD4bQk
H8xE6bhbK8u0nsxO3N
QecQesPMpsc2AVR74S
dQwFpnoEASmnJJgGoA
dd8fmZpeOpwHfCs31b
pKbEUqJnHHTNCTRNZt
n7KgIQUFFyxy5OvYCm
GetModules
K3ydd8rNHPvoBLG31S
GetHINSTANCE
oK2N3x7cOU4gfiZUSL
ftJB3oVMif2BQSnVof
G6Mv3KgHpM6X46xWgK
EtnKCOesfiLGFVblnU
gitb7xcRcJRGYfMEFH
FZ4YiCD86LfEjgQPUC
umThfQ8BJkgF6RadXG
jkRaNe0SXYcG30BQJt
ovnyfGHjRe9g1YOXHN
kNOPxSZrQL9vdS7ptK
ilDa9oTfnTK9hlup8E
gEhhMFL4fYhI7qH8Bs
get_Id
CrnWaeGgwYVd8FRNJc
e6WaZQbESjCQcRN0QC
get_Position
alDQIkk282847Gvhjn
nqoScQxsAHwwWW7W1c
RYR3HMzlh8kh3nd1aw
IqLN0SWQivG0nB8dKop
T5jIi6WWc3d0Dt2KQqK
get_UTF8
qfsjp0WC8L1MDoSePmd
Yl1pSZW6KFl6GbigJaI
dUOo6PWNl9Y79dTCXlS
i9GEp4Ws6aBfNQOGCZh
VCPhIBWivV67pUxf4tm
aiFiwFWRiIbyG7Fb6em
wrpxmkWlJSbirO6gfgm
GetFunctionPointerForDelegate
XlTRduWMyIwE3lkgMqE
get_ModuleMemorySize
xxbBOwWdWHYFhsvhU52
get_EntryPoint
m73nq3WjHnrolbcSxpq
TtyIWuWEZ3lFXDQJhpE
get_Method
zebpW4WXUtSGKCmF6jn
Y8vY75W3dNhKYgNur3w
GetParameters
ParameterInfo
PJRMX7W5uWYmxf9cQ4A
FFycvsWaTyb4FS6bS0A
get_ModuleHandle
juhpYZWv1OqwqcecuWj
J9gSfPWfYYHHf57l55f
lApGU1W2HECbScB74Aq
uOSeslWKmAPZ0oigJgF
PrepareDelegate
IW0rH1WO2SEsxl0Lj53
RuntimeMethodHandle
get_MethodHandle
XDx9r8WBSa41gOpgMk2
PrepareMethod
ImlyEXWS1NsBTJpl3hC
vSqpHXW98OGlvlI3kOL
uAhor5WxUIOH0cWel2
aFYlgqCXcprWDcS8vd
jDuKpkaXNxtnY8dZvP7
YMD0yBaxakPIH3Juv44
NywDSBanGlDHA3YJKys
AhY1Ieaqgv3TZXUFpED
qSyBKT7HqEskODVjw7
JWp63eI7pl
jS80V6aTMcbNYj8qqVp
WLdHONaYDCbyDLkR2iw
JNLuSjaOKfIHl4YgNy8
D7vgp2aoBX4UYng0WuU
ny9w4UaS2SjqZ0finQh
wph82Ya6JpLp0C6DRO2
IfmDCuaey898YG5Oiw2
XtU5Nsa2oqp7yQKdxVF
CreateEncryptor
NXtAvTaMB79iwiiwsvi
LiakWFad1TqgG7HIWQ6
zPgVbSa09hdQdVi71g1
ew6jLkarR2s47R7Gdm7
ToBase64String
fVSv8Cawl2lHqTE5wTa
XWM51fak0W9T48RgfXX
classthis
flags
nativeEntry
nativeSizeOfCode
p3T6quWqiQ
K4260hj5sW
value__
BgP6liGI0I
qQFaqSkzYlgqX
JWBae1azDyg36NZHIkR
PPk6upgM9M
PpraqSxQWDcS8
GetRuntimeTypeHandleFromMetadataToken
odSaqSxWo1Cn6
GetRuntimeFieldHandleFromMetadataToken
xnmJOF9UQwtHokPIMBt
APywlo9RAvkSbGPekPZ
FfIXl09FloxpHOYPPrX
pIvH0C9aAuJkmrEfrEV
wO5Bjv99R70AY8PepVd
hMciqd9vsTKFqi01FwX
YyI6Wc9wx5
vgc67rCSfw
wkf6nltZ47
w856Z80RNr
CDv6sbLaG0
FBK6e6C8FL
GetManifestResourceNames
AddRange
rjK6CCWMsw
add_ResourceResolve
s5jMAlgWUs6ku
M5yVcdSLDE9XGwLyei
Unma01fP1HO33NOfmG
Slr0sXL98jdDukLMqQ
SwOcEvHFATZAl9VY8W
xPZDab851KPkX94p4R
HCS0FPvBZTdN4iGLkY
jnTqFjlMQiYqxPrmQe
fsFEZiMoN2rbUhpLyk
jc7VIxZWxp2jKZCg0J
oxf72X6rWOQIluwNHM
vg6KJwqDx9usuqIdTD
aBH697UWD0
IsLittleEndian
dCq6PRwIj5
kG66x1aXI8
opQ6EZVd4W
iJX6R5vBFv
fQZ6L7Whql
boo6Dgerx1
BLd6NHHdSs
Pqr6yQdySk
kTF6SH74TH
bCA6jM0xdQ
iVs6IULSxv
h8T6Tk2U3g
WPn6wfWObs
LjU6aWsXPF
WWT6pIOaGo
vA46J6a4QV
McG6fGL3u9
D9U6KIJtK6
uCJ64o2QLQ
Tiv6oK1xYJ
yE5LEa93Zn5vYxUf92K
get_ASCII
MWJni29mpPbwxBYotgd
g0EkBO9bcFqraEh4ZBw
rjNZ939ANeRqOTx7FMk
GdnTtq9DhJ3nLjkc4cC
dxjBo09iv8HrC1dw4Pq
cvWT6G9J2SeJCNTNDm9
TFZbiF9hiOeNh9xHHD4
zMsLsM9lvO9pbnKEu0y
zxvQUO9tneTY7r4gL2X
Gipw6Y9I9XwRGinpt7e
lHKosX91fjnC9e1pqaB
LcoofP9LdHHeCSCuum0
aiLrCM95jyHSZMIAGfN
ToUInt32
vqyQi19f26Yn7i52xpo
n94o839scTQQRW0vVNh
qOxpej9j10ayu2yU4Uy
ILfjdX98sVKeDplwNRJ
Ge0qZg9XTcicNh6IrF7
sJbfK79xQ9lNrx6gtWi
EtcwvI9nQrx1Ft2tQnn
hhmsGD9qaWtf9dRLobw
L6ZVL59P7ygEj6upikG
aafnNH9B6gtxp1j2roo
$$method0x6000007-1
$$method0x6000020-1
$$method0x6000020-2
$$method0x600002a-1
$$method0x600002a-2
$$method0x6000039-1
$$method0x600005f-1
$$method0x600027b-1
EBGUl5mcNj97tLiqJe.DR53aUCd5iE75L94dX
Xurn6HBqfMoIUHFI0u.eyd4r9bP9yn0VdRqjF
vr0QefEi4SlHKZvZOf.px7ybLR60JVOA37A9N
6Y1Gkaf2DfgLQRchKa.E8L7O76QcjhOMh8EAD
CompilerGeneratedAttribute
AttributeUsageAttribute
AttributeTargets
GeneratedCodeAttribute
System.CodeDom.Compiler
DebuggerNonUserCodeAttribute
EditorBrowsableAttribute
System.ComponentModel
EditorBrowsableState
DebuggerBrowsableAttribute
DebuggerBrowsableState
UnmanagedFunctionPointerAttribute
CallingConvention
FlagsAttribute
  2024
$2e428ba7-83d0-475f-92b0-e70d9c5ebb9a
1.0.0.0
AllowMultiple
Inherited
AllowMultiple
Inherited
AllowMultiple
Inherited
17.0.0.0
RFncf7er5EReQgT9vW.xNQAIWsXTkoldGciRO+QtvmxRCpe4UGj1RFH6+e84xoGWcBZn9M4AEyx`1[[System.Object, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]][]
'&(&*)+),)-).)/)0)
{11111-22222-40001-00002}

没有防病毒引擎扫描信息!

进程树

______AI.exe id: 2664

搜索
______AI.exe (2664)

______AI.exe, PID: 2664, 上一级进程 PID: 2324

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	220.167.100.227	中国

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49162	220.167.100.227 api.ruikeyz.com	80
192.168.122.201	49163	220.167.100.227 api.ruikeyz.com	80
192.168.122.201	49164	220.167.100.227 api.ruikeyz.com	80
192.168.122.201	49160	23.219.38.64	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	56270	192.168.122.1	53
192.168.122.201	59401	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
api.ruikeyz.com	未知	CNAME vcpn5ak3.waf.dnsv.com.cn A 220.167.100.227 CNAME 92xahmw8.c-gtm.dnsv.com.cn A 222.211.73.226

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49162	220.167.100.227 api.ruikeyz.com	80
192.168.122.201	49163	220.167.100.227 api.ruikeyz.com	80
192.168.122.201	49164	220.167.100.227 api.ruikeyz.com	80
192.168.122.201	49160	23.219.38.64	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	56270	192.168.122.1	53
192.168.122.201	59401	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache
URL专业沙箱检测 -> http://api.ruikeyz.com/NetVer/webapi	POST /NetVer/webapi HTTP/1.1 HTTP_VIA: X_FORWARDED_FOR: Accept: application/json, text/javascript, /; q=0.01 Content-Type: application/json;charset=UTF-8 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.108 Safari/537.36 Host: api.ruikeyz.com Content-Length: 424 Expect: 100-continue Connection: Close
URL专业沙箱检测 -> http://api.ruikeyz.com/NetVer/webapi	POST /NetVer/webapi HTTP/1.1 HTTP_VIA: X_FORWARDED_FOR: Accept: application/json, text/javascript, /; q=0.01 Content-Type: application/json;charset=UTF-8 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.108 Safari/537.36 Host: api.ruikeyz.com Content-Length: 616 Expect: 100-continue Connection: Close
URL专业沙箱检测 -> http://api.ruikeyz.com/NetVer/webapi	POST /NetVer/webapi HTTP/1.1 HTTP_VIA: X_FORWARDED_FOR: Accept: application/json, text/javascript, /; q=0.01 Content-Type: application/json;charset=UTF-8 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.108 Safari/537.36 Host: api.ruikeyz.com Content-Length: 760 Expect: 100-continue Connection: Close

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 36.381 seconds )

15.381 NetworkAnalysis
11.817 Suricata
3.239 AnalysisInfo
3.177 Static
1.066 TargetInfo
0.653 BehaviorAnalysis
0.586 static_dotnet
0.44 peid
0.011 Strings
0.009 config_decoder
0.002 Memory

Signatures ( 48.31 seconds )

46.235 network_http
1.641 proprietary_url_bl
0.049 antiav_detectreg
0.036 api_spamming
0.028 stealth_decoy_document
0.028 stealth_timeout
0.025 hawkeye_behavior
0.023 infostealer_ftp
0.019 antiav_detectfile
0.014 infostealer_bitcoin
0.014 infostealer_im
0.013 proprietary_domain_bl
0.01 antianalysis_detectreg
0.009 infostealer_mail
0.008 antivm_vbox_files
0.007 geodo_banking_trojan
0.006 injection_createremotethread
0.006 anomaly_persistence_autorun
0.006 antivm_generic_scsi
0.006 kovter_behavior
0.005 antiemu_wine_func
0.005 infostealer_browser_password
0.005 ransomware_extensions
0.005 ransomware_files
0.004 mimics_filetime
0.004 reads_self
0.004 antivm_generic_disk
0.004 injection_runpe
0.004 virus
0.003 bootkit
0.003 stealth_file
0.003 antivm_generic_services
0.003 proprietary_anomaly_massive_file_ops
0.003 betabot_behavior
0.003 kibex_behavior
0.003 antidbg_devices
0.003 disables_browser_warn
0.002 tinba_behavior
0.002 network_tor
0.002 antivm_vbox_libs
0.002 rat_nanocore
0.002 kazybot_behavior
0.002 shifu_behavior
0.002 exec_crash
0.002 encrypted_ioc
0.002 anormaly_invoke_kills
0.002 cerber_behavior
0.002 hancitor_behavior
0.002 antivm_generic_diskreg
0.002 antivm_parallels_keys
0.002 antivm_xen_keys
0.002 browser_security
0.002 darkcomet_regkeys
0.002 network_torgateway
0.002 rat_pcclient
0.001 antiav_avast_libs
0.001 ursnif_behavior
0.001 antisandbox_sunbelt_libs
0.001 antisandbox_sboxie_libs
0.001 antiav_bitdefender_libs
0.001 sniffer_winpcap
0.001 antianalysis_detectfile
0.001 antisandbox_productid
0.001 antivm_xen_keys
0.001 antivm_hyperv_keys
0.001 antivm_vbox_keys
0.001 antivm_vmware_files
0.001 banker_cridex
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 modify_proxy
0.001 disables_system_restore
0.001 codelux_behavior
0.001 malicous_targeted_flame
0.001 proprietary_malicious_drop_executable_file_to_temp_folder
0.001 proprietary_anomaly_invoke_vb_vba
0.001 proprietary_bad_drop
0.001 network_cnc_http
0.001 recon_fingerprint
0.001 stealth_modify_uac_prompt

Reporting ( 0.564 seconds )

0.55 ReportHTMLSummary
0.014 Malheur


Task ID	743130
Mongo ID	6603e3d57e769a7995a59bae
Cuckoo release	1.4-Maldun