分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2024-04-25 17:36:23 | 2024-04-25 17:38:33 | 130 秒 |
魔盾分数
10.0
危险的
文件详细信息
| 文件名 | CheckUDisk_v5.4.exe |
|---|---|
| 文件大小 | 165332 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | b53bf9643b148e52a0a3aaa1ed9022ec |
| SHA1 | d48b317da71f6b704330b66518f8c9a93f015ceb |
| SHA256 | a561e370309f4593dc14013ceeffdda085f9a97577902b240deacb0b319388bd |
| SHA512 | a68045dc5da27cc6b4a1140abe80157b8b24b12da71ddeea6aabdf2d6a2604c14d63c41686feb3154c1a45edc8b20211eb743c26f91bf260579cb7725665e10b |
| CRC32 | 72BA4BDB |
| Ssdeep | 3072:df4CGQBXXNfL84H9uuTz16XMdofJI1AbUNt3P9pRMj6V:df4CVNXNf5v16XQawB |
| Yara | 登录查看Yara规则 |
| 找不到该样本 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x00405240 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x00037885 |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2010-11-08 17:46:11 |
| 载入哈希 | 433295c2d5090cdf8b929ed47bb35ebe |
| 图标 |  |
| 图标精确哈希值 | 1950fe4a92a1450006ecf5b25649e727 |
| 图标相似性哈希值 | c476c721d029b154a5104061f19fad3c |
版本信息
| LegalCopyright | |
|---|---|
| InternalName | |
| FileVersion | |
| CompanyName | |
| PrivateBuild | |
| LegalTrademarks | |
| Comments | |
| ProductName | |
| SpecialBuild | |
| ProductVersion | |
| FileDescription | |
| OriginalFilename | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00019cee | 0x0001a000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.59 |
| .rdata | 0x0001b000 | 0x00004f3c | 0x00005000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.89 |
| .data | 0x00020000 | 0x0001fe08 | 0x00004000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 2.38 |
| .rsrc | 0x00040000 | 0x00003550 | 0x00004000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 3.37 |
覆盖
| 偏移量 | 0x00028000 |
| 大小 | 0x000005d4 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| RT_CURSOR | 0x00041488 | 0x000000b4 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.74 | data |
| RT_CURSOR | 0x00041488 | 0x000000b4 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.74 | data |
| RT_CURSOR | 0x00041488 | 0x000000b4 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.74 | data |
| RT_BITMAP | 0x00041e60 | 0x00000144 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.88 | data |
| RT_BITMAP | 0x00041e60 | 0x00000144 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.88 | data |
| RT_BITMAP | 0x00041e60 | 0x00000144 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.88 | data |
| RT_BITMAP | 0x00041e60 | 0x00000144 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.88 | data |
| RT_ICON | 0x000408c8 | 0x00000128 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.77 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000408c8 | 0x00000128 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.77 | GLS_BINARY_LSB_FIRST |
| RT_DIALOG | 0x00041b50 | 0x000000e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.07 | data |
| RT_DIALOG | 0x00041b50 | 0x000000e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.07 | data |
| RT_STRING | 0x00043520 | 0x0000002c | LANG_ENGLISH | SUBLANG_ENGLISH_US | 1.08 | data |
| RT_STRING | 0x00043520 | 0x0000002c | LANG_ENGLISH | SUBLANG_ENGLISH_US | 1.08 | data |
| RT_STRING | 0x00043520 | 0x0000002c | LANG_ENGLISH | SUBLANG_ENGLISH_US | 1.08 | data |
| RT_STRING | 0x00043520 | 0x0000002c | LANG_ENGLISH | SUBLANG_ENGLISH_US | 1.08 | data |
| RT_STRING | 0x00043520 | 0x0000002c | LANG_ENGLISH | SUBLANG_ENGLISH_US | 1.08 | data |
| RT_STRING | 0x00043520 | 0x0000002c | LANG_ENGLISH | SUBLANG_ENGLISH_US | 1.08 | data |
| RT_STRING | 0x00043520 | 0x0000002c | LANG_ENGLISH | SUBLANG_ENGLISH_US | 1.08 | data |
| RT_STRING | 0x00043520 | 0x0000002c | LANG_ENGLISH | SUBLANG_ENGLISH_US | 1.08 | data |
| RT_STRING | 0x00043520 | 0x0000002c | LANG_ENGLISH | SUBLANG_ENGLISH_US | 1.08 | data |
| RT_STRING | 0x00043520 | 0x0000002c | LANG_ENGLISH | SUBLANG_ENGLISH_US | 1.08 | data |
| RT_STRING | 0x00043520 | 0x0000002c | LANG_ENGLISH | SUBLANG_ENGLISH_US | 1.08 | data |
| RT_STRING | 0x00043520 | 0x0000002c | LANG_ENGLISH | SUBLANG_ENGLISH_US | 1.08 | data |
| RT_GROUP_CURSOR | 0x00041540 | 0x00000022 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x00041540 | 0x00000022 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_ICON | 0x000409f0 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.37 | MS Windows icon resource - 2 icons, 32x32, 16 colors |
| RT_VERSION | 0x00040f38 | 0x00000418 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.48 | data |
导入
库: KERNEL32.dll:
• 0x41b0b4 GetFileSize
• 0x41b0b8 RtlUnwind
• 0x41b0bc GetStartupInfoA
• 0x41b0c0 GetCommandLineA
• 0x41b0c4 ExitProcess
• 0x41b0c8 HeapFree
• 0x41b0cc HeapAlloc
• 0x41b0d0 TerminateProcess
• 0x41b0d4 RaiseException
• 0x41b0d8 HeapReAlloc
• 0x41b0dc HeapSize
• 0x41b0e0 GetACP
• 0x41b0e4 UnhandledExceptionFilter
• 0x41b0e8 FreeEnvironmentStringsA
• 0x41b0ec FreeEnvironmentStringsW
• 0x41b0f0 GetEnvironmentStrings
• 0x41b0f4 GetEnvironmentStringsW
• 0x41b0f8 GetStdHandle
• 0x41b0fc GetFileType
• 0x41b100 GetEnvironmentVariableA
• 0x41b104 HeapDestroy
• 0x41b108 HeapCreate
• 0x41b10c VirtualFree
• 0x41b110 VirtualAlloc
• 0x41b114 IsBadWritePtr
• 0x41b118 LCMapStringA
• 0x41b11c LCMapStringW
• 0x41b120 SetUnhandledExceptionFilter
• 0x41b124 GetStringTypeA
• 0x41b128 GetStringTypeW
• 0x41b12c IsBadReadPtr
• 0x41b130 IsBadCodePtr
• 0x41b134 SetStdHandle
• 0x41b138 GetProfileStringA
• 0x41b13c GetSystemDefaultLangID
• 0x41b140 FlushFileBuffers
• 0x41b144 SetFilePointer
• 0x41b148 WriteFile
• 0x41b14c ReadFile
• 0x41b150 GetCurrentProcess
• 0x41b154 SetErrorMode
• 0x41b158 GetOEMCP
• 0x41b15c GetCPInfo
• 0x41b160 SizeofResource
• 0x41b164 GetProcessVersion
• 0x41b168 WritePrivateProfileStringA
• 0x41b16c GlobalFlags
• 0x41b170 lstrcpynA
• 0x41b174 TlsGetValue
• 0x41b178 LocalReAlloc
• 0x41b17c TlsSetValue
• 0x41b180 EnterCriticalSection
• 0x41b184 GlobalReAlloc
• 0x41b188 LeaveCriticalSection
• 0x41b18c TlsFree
• 0x41b190 GlobalHandle
• 0x41b194 DeleteCriticalSection
• 0x41b198 TlsAlloc
• 0x41b19c InitializeCriticalSection
• 0x41b1a0 MulDiv
• 0x41b1a4 SetLastError
• 0x41b1a8 GetVersion
• 0x41b1ac lstrcatA
• 0x41b1b0 GlobalGetAtomNameA
• 0x41b1b4 GlobalAddAtomA
• 0x41b1b8 GlobalFindAtomA
• 0x41b1bc lstrcpyA
• 0x41b1c0 GetModuleHandleA
• 0x41b1c4 MultiByteToWideChar
• 0x41b1c8 lstrlenA
• 0x41b1cc InterlockedDecrement
• 0x41b1d0 InterlockedIncrement
• 0x41b1d4 GlobalUnlock
• 0x41b1d8 LockResource
• 0x41b1dc FindResourceA
• 0x41b1e0 LoadResource
• 0x41b1e4 GetVersionExA
• 0x41b1e8 GetModuleFileNameA
• 0x41b1ec GlobalLock
• 0x41b1f0 GlobalDeleteAtom
• 0x41b1f4 lstrcmpA
• 0x41b1f8 lstrcmpiA
• 0x41b1fc GetCurrentThread
• 0x41b200 GetCurrentThreadId
• 0x41b204 GlobalAlloc
• 0x41b208 GlobalFree
• 0x41b20c Sleep
• 0x41b210 GetLastError
• 0x41b214 GetLogicalDrives
• 0x41b218 DeviceIoControl
• 0x41b21c LocalFree
• 0x41b220 LocalAlloc
• 0x41b224 GetDiskFreeSpaceA
• 0x41b228 CreateFileA
• 0x41b22c GetDriveTypeA
• 0x41b230 CloseHandle
• 0x41b234 WideCharToMultiByte
• 0x41b238 LoadLibraryA
• 0x41b23c GetProcAddress
• 0x41b240 FreeLibrary
• 0x41b244 SetHandleCount
库: USER32.dll:
• 0x41b254 CopyRect
• 0x41b258 ScreenToClient
• 0x41b25c AdjustWindowRectEx
• 0x41b260 SetFocus
• 0x41b264 GetSysColor
• 0x41b268 MapWindowPoints
• 0x41b26c SendDlgItemMessageA
• 0x41b270 IsDialogMessageA
• 0x41b274 ShowWindow
• 0x41b278 GetWindowDC
• 0x41b27c BeginPaint
• 0x41b280 EndPaint
• 0x41b284 TabbedTextOutA
• 0x41b288 GrayStringA
• 0x41b28c GetClassNameA
• 0x41b290 PtInRect
• 0x41b294 GetSysColorBrush
• 0x41b298 LoadStringA
• 0x41b29c DestroyMenu
• 0x41b2a0 InvalidateRect
• 0x41b2a4 GetCapture
• 0x41b2a8 WinHelpA
• 0x41b2ac GetClassInfoA
• 0x41b2b0 RegisterClassA
• 0x41b2b4 GetMenu
• 0x41b2b8 GetMenuItemCount
• 0x41b2bc GetSubMenu
• 0x41b2c0 GetMenuItemID
• 0x41b2c4 GetWindowTextLengthA
• 0x41b2c8 GetDlgCtrlID
• 0x41b2cc DefWindowProcA
• 0x41b2d0 GetClassLongA
• 0x41b2d4 GetMessageTime
• 0x41b2d8 GetMessagePos
• 0x41b2dc GetForegroundWindow
• 0x41b2e0 SetForegroundWindow
• 0x41b2e4 GetWindow
• 0x41b2e8 SetWindowPos
• 0x41b2ec RegisterWindowMessageA
• 0x41b2f0 IntersectRect
• 0x41b2f4 SystemParametersInfoA
• 0x41b2f8 GetWindowPlacement
• 0x41b2fc EndDialog
• 0x41b300 IsWindow
• 0x41b304 CreateDialogIndirectParamA
• 0x41b308 DestroyWindow
• 0x41b30c GetMenuCheckMarkDimensions
• 0x41b310 LoadBitmapA
• 0x41b314 GetMenuState
• 0x41b318 ModifyMenuA
• 0x41b31c SetMenuItemBitmaps
• 0x41b320 CheckMenuItem
• 0x41b324 EnableMenuItem
• 0x41b328 GetFocus
• 0x41b32c GetNextDlgTabItem
• 0x41b330 GetMessageA
• 0x41b334 TranslateMessage
• 0x41b338 DispatchMessageA
• 0x41b33c GetActiveWindow
• 0x41b340 GetKeyState
• 0x41b344 CallNextHookEx
• 0x41b348 ValidateRect
• 0x41b34c IsWindowVisible
• 0x41b350 PeekMessageA
• 0x41b354 GetCursorPos
• 0x41b358 SetWindowsHookExA
• 0x41b35c GetParent
• 0x41b360 GetLastActivePopup
• 0x41b364 IsWindowEnabled
• 0x41b368 MessageBoxA
• 0x41b36c PostQuitMessage
• 0x41b370 PostMessageA
• 0x41b374 wsprintfA
• 0x41b378 GetDlgItem
• 0x41b37c CreateWindowExA
• 0x41b380 SetWindowTextA
• 0x41b384 SetPropA
• 0x41b388 ClientToScreen
• 0x41b38c GetWindowRect
• 0x41b390 OffsetRect
• 0x41b394 MoveWindow
• 0x41b398 UpdateWindow
• 0x41b39c GetPropA
• 0x41b3a0 GetWindowLongA
• 0x41b3a4 LoadIconA
• 0x41b3a8 SendMessageA
• 0x41b3ac DrawIcon
• 0x41b3b0 GetClientRect
• 0x41b3b4 UnregisterClassA
• 0x41b3b8 HideCaret
• 0x41b3bc LoadCursorA
• 0x41b3c0 SetCursor
• 0x41b3c4 RemovePropA
• 0x41b3c8 SetWindowLongA
• 0x41b3cc CallWindowProcA
• 0x41b3d0 GetDC
• 0x41b3d4 GetWindowTextA
• 0x41b3d8 DrawTextA
• 0x41b3dc ReleaseDC
• 0x41b3e0 EnableWindow
• 0x41b3e4 GetTopWindow
• 0x41b3e8 UnhookWindowsHookEx
• 0x41b3ec KillTimer
• 0x41b3f0 SetTimer
• 0x41b3f4 ShowCaret
• 0x41b3f8 ExcludeUpdateRgn
• 0x41b3fc DrawFocusRect
• 0x41b400 IsIconic
• 0x41b404 GetSystemMetrics
• 0x41b408 SendMessageW
• 0x41b40c SendDlgItemMessageW
• 0x41b410 ModifyMenuW
• 0x41b414 IsWindowUnicode
• 0x41b418 CharNextA
• 0x41b41c InflateRect
• 0x41b420 DefDlgProcA
• 0x41b424 SetActiveWindow
库: GDI32.dll:
• 0x41b024 GetObjectA
• 0x41b028 DeleteDC
• 0x41b02c SaveDC
• 0x41b030 RestoreDC
• 0x41b034 SetMapMode
• 0x41b038 SetViewportOrgEx
• 0x41b03c OffsetViewportOrgEx
• 0x41b040 SetViewportExtEx
• 0x41b044 ScaleViewportExtEx
• 0x41b048 SetWindowExtEx
• 0x41b04c ScaleWindowExtEx
• 0x41b050 IntersectClipRect
• 0x41b054 SetBkColor
• 0x41b058 GetDeviceCaps
• 0x41b05c CreateSolidBrush
• 0x41b060 PtVisible
• 0x41b064 RectVisible
• 0x41b068 TextOutA
• 0x41b06c ExtTextOutA
• 0x41b070 Escape
• 0x41b074 GetClipBox
• 0x41b078 CreateBitmap
• 0x41b07c CreatePen
• 0x41b080 SetTextColor
• 0x41b084 SetBkMode
• 0x41b088 MoveToEx
• 0x41b08c LineTo
• 0x41b090 GetStockObject
• 0x41b094 SelectObject
• 0x41b098 CreateDIBitmap
• 0x41b09c PatBlt
• 0x41b0a0 GetTextExtentPointA
• 0x41b0a4 BitBlt
• 0x41b0a8 CreateCompatibleDC
• 0x41b0ac DeleteObject
库: ADVAPI32.dll:
• 0x41b000 RegSetValueExA
• 0x41b004 RegCloseKey
• 0x41b008 RegCreateKeyExA
• 0x41b00c RegEnumKeyExA
• 0x41b010 RegOpenKeyExA
• 0x41b014 RegQueryValueExA
库: SHELL32.dll:
• 0x41b24c ShellExecuteA
库: COMCTL32.dll:
• 0x41b01c None
.text
`.rdata
@.data
.rsrc
}#h0>B
L$$Hj
T$$SWj
T$$Pj
Iu&f=@
QRPVj
SVWUj
^}%95\1B
t"h,=B
Qh8=B
L$ h!
D$$h!
D$$h!
D$(h!
D$(h!
D$@h!
L$TPQh@=B
\$dPSWVj
\$dPSWVj
\$dPSWVj
~<j j
@(^9A
CWinApp
PreviewPages
Settings
CWinThread
CCmdTarget
CDialog
MS Sans Serif
MS Shell Dlg
CListBox
CButton
CStatic
CTempWnd
AfxOldWndProc423
AfxWnd42s
AfxControlBar42s
AfxMDIFrame42s
AfxFrameOrView42s
AfxOleControl42s
GetMonitorInfoA
EnumDisplayMonitors
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
GetSystemMetrics
USER32
DISPLAY
commctrl_DragListMsg
InitCommonControlsEx
COMCTL32.DLL
CTempGdiObject
CTempDC
CGdiObject
CPaintDC
CUserException
CResourceException
combobox
software
CObject
CNotSupportedException
CMemoryException
CException
System
CMapPtrToPtr
CTempMenu
CMenu
MSWHEEL_ROLLMSG
H:mm:ss
dddd, MMMM dd, yyyy
M/d/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
`h````
(null)
GAIsProcessorFeaturePresent
KERNEL32
e+000
__GLOBAL_HEAP_SELECTED
__MSVCRT_HEAP_SELECT
runtime error
Microsoft Visual C++ Runtime Library
Program:
<program name unknown>
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
1#QNAN
1#INF
1#IND
1#SNAN
FButton
ListBox
ComboBox
Static
ComboLBox
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
WideCharToMultiByte
CloseHandle
GetDriveTypeA
CreateFileA
GetDiskFreeSpaceA
LocalAlloc
LocalFree
DeviceIoControl
GetLogicalDrives
GetLastError
Sleep
GlobalFree
GlobalAlloc
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalLock
GetModuleFileNameA
LoadResource
FindResourceA
LockResource
GlobalUnlock
InterlockedIncrement
InterlockedDecrement
lstrlenA
MultiByteToWideChar
GetModuleHandleA
lstrcpyA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcatA
GetVersion
SetLastError
MulDiv
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
lstrcpynA
GlobalFlags
WritePrivateProfileStringA
GetProcessVersion
SizeofResource
GetCPInfo
GetOEMCP
SetErrorMode
GetCurrentProcess
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
GetFileSize
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapFree
HeapAlloc
TerminateProcess
RaiseException
HeapReAlloc
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
KERNEL32.dll
LoadIconA
SendMessageA
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SetTimer
KillTimer
EnableWindow
ReleaseDC
DrawTextA
GetWindowTextA
GetDC
CallWindowProcA
SetWindowLongA
RemovePropA
SetCursor
LoadCursorA
GetWindowLongA
GetPropA
UpdateWindow
MoveWindow
OffsetRect
GetWindowRect
ClientToScreen
SetPropA
SetWindowTextA
CreateWindowExA
GetDlgItem
wsprintfA
PostMessageA
PostQuitMessage
MessageBoxA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
GetCursorPos
PeekMessageA
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
DestroyWindow
CreateDialogIndirectParamA
IsWindow
SetActiveWindow
EndDialog
GetWindowPlacement
SystemParametersInfoA
IntersectRect
RegisterWindowMessageA
SetWindowPos
GetWindow
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
GetClassLongA
DefWindowProcA
GetDlgCtrlID
GetWindowTextLengthA
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
ScreenToClient
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
SendDlgItemMessageA
IsDialogMessageA
ShowWindow
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
GrayStringA
GetClassNameA
PtInRect
GetSysColorBrush
LoadStringA
DestroyMenu
InvalidateRect
USER32.dll
DeleteObject
SelectObject
GetStockObject
LineTo
MoveToEx
SetBkMode
SetTextColor
CreatePen
CreateBitmap
GetClipBox
SetBkColor
GetObjectA
DeleteDC
SaveDC
RestoreDC
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
GetDeviceCaps
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GDI32.dll
comdlg32.dll
ClosePrinter
DocumentPropertiesA
OpenPrinterA
WINSPOOL.DRV
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCreateKeyExA
RegSetValueExA
ADVAPI32.dll
ShellExecuteA
SHELL32.dll
COMCTL32.dll
CoUninitialize
CoInitialize
ole32.dll
GetSystemDefaultLangID
GetProfileStringA
SendMessageW
SendDlgItemMessageW
ModifyMenuW
IsWindowUnicode
CharNextA
InflateRect
DefDlgProcA
DrawFocusRect
ExcludeUpdateRgn
ShowCaret
HideCaret
UnregisterClassA
PatBlt
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateDIBitmap
(null)
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 104.114.76.144 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 104.114.76.144 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 15.391 seconds )
- 11.312 Suricata
- 2.859 NetworkAnalysis
- 0.502 Static
- 0.306 peid
- 0.288 TargetInfo
- 0.099 BehaviorAnalysis
- 0.012 Strings
- 0.011 AnalysisInfo
- 0.002 Memory
Signatures ( 1.514 seconds )
- 1.399 proprietary_url_bl
- 0.018 antiav_detectreg
- 0.009 proprietary_domain_bl
- 0.008 infostealer_ftp
- 0.005 api_spamming
- 0.005 anomaly_persistence_autorun
- 0.005 antiav_detectfile
- 0.005 infostealer_im
- 0.005 ransomware_extensions
- 0.004 stealth_decoy_document
- 0.004 stealth_timeout
- 0.004 antianalysis_detectreg
- 0.004 geodo_banking_trojan
- 0.004 ransomware_files
- 0.003 infostealer_bitcoin
- 0.003 infostealer_mail
- 0.003 network_http
- 0.002 tinba_behavior
- 0.002 antivm_vbox_files
- 0.002 disables_browser_warn
- 0.002 proprietary_bad_drop
- 0.001 bootkit
- 0.001 rat_nanocore
- 0.001 mimics_filetime
- 0.001 stealth_file
- 0.001 betabot_behavior
- 0.001 reads_self
- 0.001 kibex_behavior
- 0.001 antivm_generic_disk
- 0.001 cerber_behavior
- 0.001 virus
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_security
- 0.001 modify_proxy
- 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
- 0.001 network_cnc_http
Reporting ( 0.607 seconds )
- 0.597 ReportHTMLSummary
- 0.01 Malheur
| Task ID | 744308 |
|---|---|
| Mongo ID | 662a24d47e769a5b69bf30fd |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号