恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-shaapp03-1	2024-04-26 15:39:50	2024-04-26 15:40:25	35 秒

魔盾分数

1.4

正常的

文件详细信息

文件名	multiWechat.exe
文件大小	43520 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	9a84b13135e35aaf705adcdfad10fc1a
SHA1	03a1e4016a4b6d837429fbe4082c9131af1326a4
SHA256	46cf9734675cf3758e86105083fae7dd6e88201eae84318bef8cca9df1b62d0c
SHA512	31c109d70cdebc618760e3ff107d1e5970199598d52f92fc8863bbe6fd771e7eb615ac30bfce9a1addbf25aa4af125901ff7986bb283b62138fa586481477b43
CRC32	2CF01C47
Ssdeep	768:fpC7wH1oRD6JJf+q7UzEg4a0eTZPBy3Of1:fp7WIJATnJ0etPBye
Yara	登录查看Yara规则
	找不到该样本提交漏报

登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址	0x00400000
入口地址	0x00402b95
声明校验值	0x0001a26f
实际校验值	0x0001a26f
最低操作系统版本要求	6.0
编译时间	2022-07-23 21:51:28
载入哈希	9881361d6775ef4ee601d663ac335df6
图标
图标精确哈希值	753f0cf15edcff460032b5be2e9c1f79
图标相似性哈希值	231fc44bc7d049708828913ed1d3707a

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x00002725	0x00002800	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	5.86
.rdata	0x00004000	0x000026ec	0x00002800	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.87
.data	0x00007000	0x00000680	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	3.88
.rsrc	0x00008000	0x000046cf	0x00004800	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.77
.reloc	0x0000d000	0x00000a70	0x00000c00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	6.09

资源

名称	偏移量	大小	语言	子语言	熵(Entropy)	文件类型
AFX_DIALOG_LAYOUT	0x00008338	0x00000002	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.00	data
AFX_DIALOG_LAYOUT	0x00008338	0x00000002	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.00	data
RT_ICON	0x0000b98c	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	4.71	GLS_BINARY_LSB_FIRST
RT_ICON	0x0000b98c	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	4.71	GLS_BINARY_LSB_FIRST
RT_ICON	0x0000b98c	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	4.71	GLS_BINARY_LSB_FIRST
RT_MENU	0x0000bdf4	0x00000012	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	1.94	data
RT_DIALOG	0x0000bf54	0x000000fa	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.64	data
RT_DIALOG	0x0000bf54	0x000000fa	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.64	data
RT_STRING	0x0000c050	0x00000040	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.57	data
RT_GROUP_ICON	0x0000c090	0x00000030	LANG_NEUTRAL	SUBLANG_NEUTRAL	2.46	MS Windows icon resource - 3 icons, 48x48
RT_VERSION	0x0000c0c0	0x000002e8	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.43	data
RT_MANIFEST	0x0000c3a8	0x00000327	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.11	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators

导入

库: mfc120u.dll:

• 0x404168 None

• 0x40416c None

• 0x404170 None

• 0x404174 None

• 0x404178 None

• 0x40417c None

• 0x404180 None

• 0x404184 None

• 0x404188 None

• 0x40418c None

• 0x404190 None

• 0x404194 None

• 0x404198 None

• 0x40419c None

• 0x4041a0 None

• 0x4041a4 None

• 0x4041a8 None

• 0x4041ac None

• 0x4041b0 None

• 0x4041b4 None

• 0x4041b8 None

• 0x4041bc None

• 0x4041c0 None

• 0x4041c4 None

• 0x4041c8 None

• 0x4041cc None

• 0x4041d0 None

• 0x4041d4 None

• 0x4041d8 None

• 0x4041dc None

• 0x4041e0 None

• 0x4041e4 None

• 0x4041e8 None

• 0x4041ec None

• 0x4041f0 None

• 0x4041f4 None

• 0x4041f8 None

• 0x4041fc None

• 0x404200 None

• 0x404204 None

• 0x404208 None

• 0x40420c None

• 0x404210 None

• 0x404214 None

• 0x404218 None

• 0x40421c None

• 0x404220 None

• 0x404224 None

• 0x404228 None

• 0x40422c None

• 0x404230 None

• 0x404234 None

• 0x404238 None

• 0x40423c None

• 0x404240 None

• 0x404244 None

• 0x404248 None

• 0x40424c None

• 0x404250 None

• 0x404254 None

• 0x404258 None

• 0x40425c None

• 0x404260 None

• 0x404264 None

• 0x404268 None

• 0x40426c None

• 0x404270 None

• 0x404274 None

• 0x404278 None

• 0x40427c None

• 0x404280 None

• 0x404284 None

• 0x404288 None

• 0x40428c None

• 0x404290 None

• 0x404294 None

• 0x404298 None

• 0x40429c None

• 0x4042a0 None

• 0x4042a4 None

• 0x4042a8 None

• 0x4042ac None

• 0x4042b0 None

• 0x4042b4 None

• 0x4042b8 None

• 0x4042bc None

• 0x4042c0 None

• 0x4042c4 None

• 0x4042c8 None

• 0x4042cc None

• 0x4042d0 None

• 0x4042d4 None

• 0x4042d8 None

• 0x4042dc None

• 0x4042e0 None

• 0x4042e4 None

• 0x4042e8 None

• 0x4042ec None

• 0x4042f0 None

• 0x4042f4 None

• 0x4042f8 None

• 0x4042fc None

• 0x404300 None

• 0x404304 None

• 0x404308 None

• 0x40430c None

• 0x404310 None

• 0x404314 None

• 0x404318 None

• 0x40431c None

• 0x404320 None

• 0x404324 None

• 0x404328 None

• 0x40432c None

• 0x404330 None

• 0x404334 None

• 0x404338 None

• 0x40433c None

• 0x404340 None

• 0x404344 None

• 0x404348 None

• 0x40434c None

• 0x404350 None

• 0x404354 None

• 0x404358 None

• 0x40435c None

• 0x404360 None

• 0x404364 None

• 0x404368 None

• 0x40436c None

• 0x404370 None

• 0x404374 None

• 0x404378 None

• 0x40437c None

• 0x404380 None

• 0x404384 None

• 0x404388 None

• 0x40438c None

• 0x404390 None

• 0x404394 None

• 0x404398 None

• 0x40439c None

• 0x4043a0 None

• 0x4043a4 None

• 0x4043a8 None

• 0x4043ac None

• 0x4043b0 None

• 0x4043b4 None

• 0x4043b8 None

• 0x4043bc None

• 0x4043c0 None

• 0x4043c4 None

• 0x4043c8 None

• 0x4043cc None

• 0x4043d0 None

• 0x4043d4 None

• 0x4043d8 None

• 0x4043dc None

• 0x4043e0 None

• 0x4043e4 None

• 0x4043e8 None

• 0x4043ec None

• 0x4043f0 None

• 0x4043f4 None

• 0x4043f8 None

• 0x4043fc None

• 0x404400 None

• 0x404404 None

• 0x404408 None

• 0x40440c None

• 0x404410 None

• 0x404414 None

• 0x404418 None

• 0x40441c None

• 0x404420 None

• 0x404424 None

• 0x404428 None

• 0x40442c None

• 0x404430 None

• 0x404434 None

• 0x404438 None

• 0x40443c None

• 0x404440 None

• 0x404444 None

• 0x404448 None

• 0x40444c None

• 0x404450 None

• 0x404454 None

• 0x404458 None

• 0x40445c None

• 0x404460 None

• 0x404464 None

• 0x404468 None

• 0x40446c None

• 0x404470 None

• 0x404474 None

• 0x404478 None

• 0x40447c None

• 0x404480 None

• 0x404484 None

• 0x404488 None

• 0x40448c None

• 0x404490 None

库: MSVCR120.dll:

• 0x40408c __CxxFrameHandler3

• 0x404090 __crtTerminateProcess

• 0x404094 __crtUnhandledException

• 0x404098 _crt_debugger_hook

• 0x40409c _controlfp_s

• 0x4040a0 _invoke_watson

• 0x4040a4 __crtSetUnhandledExceptionFilter

• 0x4040a8 _except_handler4_common

• 0x4040ac ?terminate@@YAXXZ

• 0x4040b0 ??1type_info@@UAE@XZ

• 0x4040b4 _onexit

• 0x4040b8 __dllonexit

• 0x4040bc _calloc_crt

• 0x4040c0 _unlock

• 0x4040c4 _lock

• 0x4040c8 _commode

• 0x4040cc _fmode

• 0x4040d0 _wcmdln

• 0x4040d4 _initterm

• 0x4040d8 _initterm_e

• 0x4040dc __setusermatherr

• 0x4040e0 _configthreadlocale

• 0x4040e4 _cexit

• 0x4040e8 _exit

• 0x4040ec exit

• 0x4040f0 __set_app_type

• 0x4040f4 __wgetmainargs

• 0x4040f8 _amsg_exit

• 0x4040fc __crtGetShowWindowMode

• 0x404100 _XcptFilter

• 0x404104 memset

• 0x404108 free

• 0x40410c _wtoi

库: KERNEL32.dll:

• 0x404030 GetLastError

• 0x404034 IsProcessorFeaturePresent

• 0x404038 IsDebuggerPresent

• 0x40403c GetSystemTimeAsFileTime

• 0x404040 GetCurrentThreadId

• 0x404044 GetCurrentProcessId

• 0x404048 QueryPerformanceCounter

• 0x40404c EncodePointer

• 0x404050 CreateMutexW

• 0x404054 DeleteCriticalSection

• 0x404058 DecodePointer

• 0x40405c InitializeCriticalSectionEx

• 0x404060 GetModuleFileNameW

• 0x404064 LocalFree

• 0x404068 lstrcmpW

• 0x40406c GetCommandLineW

• 0x404070 lstrcpyW

• 0x404074 GetCurrentProcess

• 0x404078 GetModuleHandleW

• 0x40407c GetProcAddress

• 0x404080 OutputDebugStringW

• 0x404084 CloseHandle

库: USER32.dll:

• 0x40412c GetSubMenu

• 0x404130 GetCursorPos

• 0x404134 EnableWindow

• 0x404138 LoadMenuW

• 0x40413c IsWindowVisible

• 0x404140 DrawIcon

• 0x404144 GetClientRect

• 0x404148 GetSystemMetrics

• 0x40414c IsIconic

• 0x404150 PostMessageW

• 0x404154 AppendMenuW

• 0x404158 GetSystemMenu

• 0x40415c SendMessageW

• 0x404160 LoadIconW

库: ADVAPI32.dll:

• 0x404000 RegQueryValueExW

• 0x404004 InitializeAcl

• 0x404008 AddAccessDeniedAce

• 0x40400c SetSecurityInfo

• 0x404010 RegFlushKey

• 0x404014 RegSetValueExW

• 0x404018 RegDeleteValueW

• 0x40401c RegOpenKeyExW

• 0x404020 AllocateAndInitializeSid

库: SHELL32.dll:

• 0x404114 Shell_NotifyIconW

• 0x404118 CommandLineToArgvW

• 0x40411c ShellExecuteW

库: COMCTL32.dll:

• 0x404028 InitCommonControlsEx

库: SHLWAPI.dll:

• 0x404124 PathFileExistsW

.text
`.rdata
@.data
.rsrc
@.reloc
PPh,J@
PhLJ@
PhLJ@
F95pv@
95pv@
IsWow64Process
mfc120u.dll
_wtoi
memset
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__wgetmainargs
__set_app_type
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_wcmdln
_fmode
_commode
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
MSVCR120.dll
?terminate@@YAXXZ
_except_handler4_common
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
CreateMutexW
GetLastError
CloseHandle
OutputDebugStringW
GetProcAddress
GetModuleHandleW
GetCurrentProcess
lstrcpyW
GetCommandLineW
lstrcmpW
LocalFree
GetModuleFileNameW
InitializeCriticalSectionEx
DecodePointer
DeleteCriticalSection
EncodePointer
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
KERNEL32.dll
EnableWindow
LoadIconW
SendMessageW
GetSystemMenu
AppendMenuW
PostMessageW
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
IsWindowVisible
LoadMenuW
GetSubMenu
GetCursorPos
USER32.dll
AllocateAndInitializeSid
InitializeAcl
AddAccessDeniedAce
SetSecurityInfo
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegFlushKey
ADVAPI32.dll
ShellExecuteW
Shell_NotifyIconW
CommandLineToArgvW
SHELL32.dll
InitCommonControlsEx
COMCTL32.dll
PathFileExistsW
SHLWAPI.dll
__CxxFrameHandler3
.?AVtype_info@@
.?AVCCmdTarget@@
.?AVCWinApp@@
.?AVCWinThread@@
.?AVCmultiWechatApp@@
.?AVCBrush@@
.?AVCGdiObject@@
.?AVCObject@@
.PAVCException@@
.?AVCDialog@@
.?AVCAboutDlg@@
.?AVCDialogEx@@
.?AVCmultiWechatDlg@@
.?AVCMenu@@
.?AVCStatic@@
.?AVCButton@@
.?AVCWnd@@
!N>"5
Hr,g 
_!kpe
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><application xmlns="urn:schemas-microsoft-com:asm.v3"><windowsSettings><dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware></windowsSettings></application></assembly>
_MULTI_WECHAT_FOR_WINDOWS_
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\atlmfc\include\afxwin1.inl
Exception thrown in destructor
%s (%s:%d)
kernel32
_WeChat_App_Instance_Identity_Mutex_Name
DisplayIcon
SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WeChat
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WeChat
MultiWechat
SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
-background
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\
"%s" -background
AFX_DIALOG_LAYOUT
Copyright (C) 2022 FastCoder. All rights reserved.
(&A)...
VS_VERSION_INFO
StringFileInfo
040904B0
FileDescription
InternalName
WeChatMoreOpen.exe
OriginalFilename
WeChatMoreOpen.exe
CompanyName
FastCoder
LegalCopyright
 2022 FastCoder. All rights reserved.
ProductName
FileVersion
1.0.0.0
ProductVersion
1.0.0.0
VarFileInfo
Translation

没有防病毒引擎扫描信息!

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	23.223.199.177	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	59401	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	23.223.199.177	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	59401	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 21.835 seconds )

11.976 Suricata
8.817 NetworkAnalysis
0.445 Static
0.301 peid
0.266 TargetInfo
0.018 AnalysisInfo
0.004 BehaviorAnalysis
0.004 Memory
0.004 Strings

Signatures ( 1.501 seconds )

1.407 proprietary_url_bl
0.012 antiav_detectreg
0.01 anomaly_persistence_autorun
0.008 proprietary_domain_bl
0.006 antiav_detectfile
0.005 infostealer_ftp
0.005 network_http
0.004 geodo_banking_trojan
0.004 ransomware_extensions
0.004 ransomware_files
0.003 infostealer_bitcoin
0.003 infostealer_im
0.002 tinba_behavior
0.002 antianalysis_detectreg
0.002 antivm_vbox_files
0.002 disables_browser_warn
0.002 infostealer_mail
0.002 network_cnc_http
0.001 rat_nanocore
0.001 betabot_behavior
0.001 ursnif_behavior
0.001 kibex_behavior
0.001 cerber_behavior
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_security
0.001 modify_proxy
0.001 proprietary_malicious_drop_executable_file_to_temp_folder
0.001 proprietary_bad_drop
0.001 rat_spynet
0.001 recon_fingerprint
0.001 stealth_hiddenreg
0.001 stealth_hide_notifications
0.001 stealth_modify_uac_prompt
0.001 stealth_modify_security_center_warnings

Reporting ( 0.477 seconds )

0.469 ReportHTMLSummary
0.008 Malheur


Task ID	744338
Mongo ID	662b5aae7e769a5b6bbf312e
Cuckoo release	1.4-Maldun