比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp03-1 2017-05-23 22:56:44 2017-05-23 22:59:09 145 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 NEWORDER.exe
文件大小 876032 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 6c5d60e6cd515ae187102f424a14f042
SHA1 d85d728d3a94cb16ced3b158e0849aec750b0e41
SHA256 aed93282870a1733249f73cb876f40f117ced8de82ee91ee1579815dcf11c104
SHA512 6b3208a212a392e30c60f86276c3981de5cf204ed432f5f5cf019afaca22f8059a174d0fe2d3ff0e548196c0939e7b941e71816646fdc979807deabcbf87e5a3
CRC32 A9C81E86
Ssdeep 24576:zsxHXa3L1cic7J/DoFzxF9Xa3L1cic7J/DoF:wIpfcV8z/kpfcV8
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00510640
声明校验值 0x000d71c0
实际校验值 0x000d71c0
最低操作系统版本要求 4.0
编译时间 1992-06-20 06:22:17
图标
图标精确哈希值 186b0de189e2b024d75b15200db47265
图标相似性哈希值 08527a0b4d71408ee1ee36500be7f040

PEiD 规则

[u'UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser']

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
S A5;qw9 0x00001000 0x000a1000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
`2_+a7CN 0x000a2000 0x0006f000 0x0006ea00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.89
6``R&aeK 0x00111000 0x00066e58 0x00067000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.86

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_CURSOR 0x001129c0 0x00000134 LANG_NEUTRAL SUBLANG_NEUTRAL 7.25 data
RT_CURSOR 0x001129c0 0x00000134 LANG_NEUTRAL SUBLANG_NEUTRAL 7.25 data
RT_CURSOR 0x001129c0 0x00000134 LANG_NEUTRAL SUBLANG_NEUTRAL 7.25 data
RT_CURSOR 0x001129c0 0x00000134 LANG_NEUTRAL SUBLANG_NEUTRAL 7.25 data
RT_CURSOR 0x001129c0 0x00000134 LANG_NEUTRAL SUBLANG_NEUTRAL 7.25 data
RT_CURSOR 0x001129c0 0x00000134 LANG_NEUTRAL SUBLANG_NEUTRAL 7.25 data
RT_CURSOR 0x001129c0 0x00000134 LANG_NEUTRAL SUBLANG_NEUTRAL 7.25 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_BITMAP 0x00115a98 0x000000e8 LANG_ARABIC SUBLANG_ARABIC_EGYPT 7.13 data
RT_ICON 0x00115e68 0x000010a8 LANG_NEUTRAL SUBLANG_NEUTRAL 4.71 dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 1343403084, next used block 39235
RT_ICON 0x00115e68 0x000010a8 LANG_NEUTRAL SUBLANG_NEUTRAL 4.71 dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 1343403084, next used block 39235
RT_DIALOG 0x00116f10 0x00000052 LANG_NEUTRAL SUBLANG_NEUTRAL 5.99 data
RT_STRING 0x00119a48 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL 7.65 data
RT_STRING 0x00119a48 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL 7.65 data
RT_STRING 0x00119a48 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL 7.65 data
RT_STRING 0x00119a48 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL 7.65 data
RT_STRING 0x00119a48 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL 7.65 data
RT_STRING 0x00119a48 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL 7.65 data
RT_STRING 0x00119a48 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL 7.65 data
RT_STRING 0x00119a48 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL 7.65 data
RT_STRING 0x00119a48 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL 7.65 data
RT_STRING 0x00119a48 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL 7.65 data
RT_STRING 0x00119a48 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL 7.65 data
RT_STRING 0x00119a48 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL 7.65 data
RT_STRING 0x00119a48 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL 7.65 data
RT_STRING 0x00119a48 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL 7.65 data
RT_STRING 0x00119a48 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL 7.65 data
RT_STRING 0x00119a48 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL 7.65 data
RT_STRING 0x00119a48 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL 7.65 data
RT_STRING 0x00119a48 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL 7.65 data
RT_STRING 0x00119a48 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL 7.65 data
RT_RCDATA 0x00177780 0x00000624 LANG_NEUTRAL SUBLANG_NEUTRAL 7.49 data
RT_RCDATA 0x00177780 0x00000624 LANG_NEUTRAL SUBLANG_NEUTRAL 7.49 data
RT_GROUP_CURSOR 0x00177e1c 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 4.02 Non-ISO extended-ASCII text, with NEL line terminators
RT_GROUP_CURSOR 0x00177e1c 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 4.02 Non-ISO extended-ASCII text, with NEL line terminators
RT_GROUP_CURSOR 0x00177e1c 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 4.02 Non-ISO extended-ASCII text, with NEL line terminators
RT_GROUP_CURSOR 0x00177e1c 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 4.02 Non-ISO extended-ASCII text, with NEL line terminators
RT_GROUP_CURSOR 0x00177e1c 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 4.02 Non-ISO extended-ASCII text, with NEL line terminators
RT_GROUP_CURSOR 0x00177e1c 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 4.02 Non-ISO extended-ASCII text, with NEL line terminators
RT_GROUP_CURSOR 0x00177e1c 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 4.02 Non-ISO extended-ASCII text, with NEL line terminators
RT_GROUP_ICON 0x00177e44 0x00000014 LANG_ARABIC SUBLANG_ARABIC_EGYPT 2.06 MS Windows icon resource - 1 icon, 32x32, 4 colors
RT_GROUP_ICON 0x00177e44 0x00000014 LANG_ARABIC SUBLANG_ARABIC_EGYPT 2.06 MS Windows icon resource - 1 icon, 32x32, 4 colors
S A5;qw9
`2_+a7CN
MSWHEEL
`} HTn
qp8@?
/36<pj
4/EmptynG
YsAdap
%(V`X?,\)
Vg$T)
ANSI_CHARSET
SYMBOLc_MACW
GWK?+
layws
D7a)A
:uxtheme{
<z|x'
-7Retry
Rb+K*?k%
Q@((oH
0%3;I
P7PX`
M&`>=
)rjti
7l]7c
87"6qX
w/NEXTREV
|k!(o
UnHd(1
40329
Jbe0U
{nk'FJ
jb[nt
o_hxb
QphUtbf
4^/>/
^Fg?\.
.^<@0
d/e/a
Ba 7/OL
IQO//
.?O>%+
_>?8&
2I9XJZ/
HsLOD1
+dpU`
4/EmptynG
33331
Gggfv@
&vvggd
wwgbvt
1wwwr"gf@
1wwwr"vv@
wr""gf@
wr""&f@
ww"w""@
wr'""@
%(V`X?,\)
Vg$T)
ANSI_CHARSET
SYMBOLc_MACW
GWK?+
layws
D7a)A
:uxtheme{
<z|x'
-7Retry
Rb+K*?k%
Q@((oH
0%3;I
P7PX`
M&`>=
)rjti
7l]7c
87"6qX
w/NEXTREV
|k!(o
UnHd(1
40329
Jbe0U
{nk'FJ
jb[nt
o_hxb
QphUtbf
4^/>/
^Fg?\.
.^<@0
d/e/a
Ba 7/OL
IQO//
.?O>%+
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20170523
MicroWorld-eScan 未发现病毒 20170523
nProtect 未发现病毒 20170523
CMC 未发现病毒 20170523
CAT-QuickHeal 未发现病毒 20170523
ALYac 未发现病毒 20170523
Malwarebytes 未发现病毒 20170523
VIPRE 未发现病毒 20170523
SUPERAntiSpyware 未发现病毒 20170523
TheHacker 未发现病毒 20170522
K7GW 未发现病毒 20170523
K7AntiVirus 未发现病毒 20170523
Invincea generic.a 20170519
Cyren 未发现病毒 20170523
Symantec ML.Attribute.HighConfidence 20170523
ESET-NOD32 未发现病毒 20170523
TrendMicro-HouseCall PAK_Xed-3 20170523
Paloalto 未发现病毒 20170523
ClamAV 未发现病毒 20170523
Kaspersky 未发现病毒 20170523
BitDefender 未发现病毒 20170523
NANO-Antivirus Trojan.Win32.Tepfer.eoxyuy 20170523
ViRobot 未发现病毒 20170523
Avast Win32:Trojan-gen 20170523
Tencent 未发现病毒 20170523
Ad-Aware 未发现病毒 20170523
Emsisoft 未发现病毒 20170523
Comodo Packed.Win32.MUPX.Gen 20170523
F-Secure 未发现病毒 20170523
DrWeb Trojan.PWS.Stealer.18836 20170523
Zillya 未发现病毒 20170523
TrendMicro 未发现病毒 20170523
McAfee-GW-Edition 未发现病毒 20170523
Sophos 未发现病毒 20170523
Ikarus Trojan.Patched 20170523
F-Prot 未发现病毒 20170523
Jiangmin 未发现病毒 20170523
Webroot 未发现病毒 20170523
Avira TR/Patched.Ren.Gen 20170523
Antiy-AVL Trojan[PSW]/Win32.Tepfer 20170523
Kingsoft 未发现病毒 20170523
Microsoft 未发现病毒 20170523
Endgame malicious (high confidence) 20170515
Arcabit 未发现病毒 20170523
AegisLab 未发现病毒 20170523
ZoneAlarm 未发现病毒 20170523
GData 未发现病毒 20170523
AhnLab-V3 未发现病毒 20170523
McAfee 未发现病毒 20170523
AVware 未发现病毒 20170523
VBA32 未发现病毒 20170523
Zoner 未发现病毒 20170523
Rising 未发现病毒 20170523
Yandex 未发现病毒 20170518
SentinelOne static engine - malicious 20170516
Fortinet 未发现病毒 20170523
AVG Inject3.CMUU 20170523
Panda 未发现病毒 20170522
CrowdStrike 未发现病毒 None
Qihoo-360 未发现病毒 20170523
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 3.691 seconds )

  • 1.435 Static
  • 1.325 VirusTotal
  • 0.529 peid
  • 0.21 TargetInfo
  • 0.082 Strings
  • 0.054 AnalysisInfo
  • 0.038 Debug
  • 0.011 NetworkAnalysis
  • 0.004 Memory
  • 0.002 BehaviorAnalysis
  • 0.001 config_decoder

Signatures ( 0.191 seconds )

  • 0.093 md_bad_drop
  • 0.016 antiav_detectreg
  • 0.009 persistence_autorun
  • 0.009 ransomware_files
  • 0.007 antiav_detectfile
  • 0.006 infostealer_ftp
  • 0.004 antianalysis_detectreg
  • 0.004 infostealer_bitcoin
  • 0.004 infostealer_im
  • 0.003 tinba_behavior
  • 0.003 antivm_vbox_files
  • 0.003 disables_browser_warn
  • 0.003 infostealer_mail
  • 0.002 betabot_behavior
  • 0.002 geodo_banking_trojan
  • 0.002 browser_security
  • 0.002 modify_uac_prompt
  • 0.001 network_tor
  • 0.001 kazybot_behavior
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 modify_proxy
  • 0.001 disables_system_restore
  • 0.001 mimics_extension
  • 0.001 modify_security_center_warnings
  • 0.001 office_security
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_fingerprint
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications

Reporting ( 0.583 seconds )

  • 0.583 ReportHTMLSummary
Task ID 94669
Mongo ID 59244e43a093ef68dad612f4
Cuckoo release 1.4-Maldun