比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-1 2016-09-18 09:27:29 2016-09-18 09:28:12 43 秒

魔盾分数

2.0

正常的

文件详细信息

文件名 ravxp.exe
文件大小 86680 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 ef56ceeafa7b2464f44da3b3a46702f6
SHA1 de14fdf17af68d99eb749099ae1229cfc0dd40fa
SHA256 64b80ee63b36104f28fbaa08e9f57709969ddcdc71d2d958318e192a8bbb3d4b
SHA512 65bafd8c355039569f9a421551e6cf8dc51eb5744f7ba02fb7c38e230a7d3668ce66496ccbc300f7a712d7ba66705de9d16bb416a5f85bfa5c34b2a363dfe408
CRC32 49947EA4
Ssdeep 1536:WpVdvrKkYazVl0Nzm+abkOoTWqqSt/urZ8NYM5CXXMtaD9CS:Wp/rGNzXqSmOP5CsY9
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
23.44.155.27 美国
183.131.192.12 中国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.download.windowsupdate.com A 122.224.10.248
CNAME fg.download.windowsupdate.com.mwcname.com
CNAME ipv6microsoft.dlmix.ourdvs.com
A 122.228.22.170
A 122.228.237.174
A 115.231.30.15
A 183.131.192.12
CNAME 2-01-3cf7-0009.cdx.cedexis.net
A 183.131.192.80
A 122.224.10.192
A 183.134.24.22
A 183.131.82.19
A 122.228.22.103
A 115.231.82.104
A 115.231.158.27
A 183.131.168.139
ocsp.verisign.com CNAME ocsp-ds.ws.symantec.com.edgekey.net
CNAME e8218.dscb1.akamaiedge.net
A 23.44.155.27

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00403ef2
声明校验值 0x00016086
实际校验值 0x00016086
最低操作系统版本要求 5.0
PDB路径 C:\DistributedAutoLink\Temp\CompileOutputDir\ravxp.pdb
编译时间 2011-10-09 12:23:05
图标
图标精确哈希值 f06bf1905e3925f03537278a2b8449e1
图标相似性哈希值 782846e4af4402b3d6f7a90caf4b068b

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
SpecialBuild
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

微软证书验证 (Sign Tool)

SHA1 时间戳 有效性 错误
7943bde4f7a00eb5080176fddccd07d8a35d0ff7 Sun Oct 09 12:41:45 2011
证书链 Certificate Chain 1
发行给 Class 3 Public Primary Certification Authority
发行人 Class 3 Public Primary Certification Authority
有效期 Wed Aug 02 075959 2028
SHA1 哈希 742c3192e607e424eb4549542be1bbc53e6174e2
证书链 Certificate Chain 2
发行给 VeriSign Class 3 Code Signing 2009-2 CA
发行人 Class 3 Public Primary Certification Authority
有效期 Tue May 21 075959 2019
SHA1 哈希 12d4872bc3ef019e7e0b6f132480ae29db5b1ca3
证书链 Certificate Chain 3
发行给 Beijing Rising Information Technology Corporation Limited
发行人 VeriSign Class 3 Code Signing 2009-2 CA
有效期 Mon Jul 23 075959 2012
SHA1 哈希 08c44bdde3e6563f92032d65e95bac0844c742e8
证书链 Timestamp Chain 1
发行给 Thawte Timestamping CA
发行人 Thawte Timestamping CA
有效期 Fri Jan 01 075959 2021
SHA1 哈希 be36a4562fb2ee05dbb3d32323adf445084ed656
证书链 Timestamp Chain 2
发行给 VeriSign Time Stamping Services CA
发行人 Thawte Timestamping CA
有效期 Wed Dec 04 075959 2013
SHA1 哈希 f46ac0c6efbb8c6a14f55f09e2d37df4c0de012d
证书链 Timestamp Chain 3
发行给 VeriSign Time Stamping Services Signer - G2
发行人 VeriSign Time Stamping Services CA
有效期 Fri Jun 15 075959 2012
SHA1 哈希 ada8aaa643ff7dc38dd40fa4c97ad559ff4846de

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0000e4d1 0x0000e600 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.53
.rdata 0x00010000 0x00002fc0 0x00003000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.47
.data 0x00013000 0x00002ea0 0x00001200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2.51
.rsrc 0x00016000 0x00000b20 0x00000c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.26

覆盖

偏移量 0x00013800
大小 0x00001a98

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_ICON 0x00016448 0x00000128 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.61 GLS_BINARY_LSB_FIRST
RT_ICON 0x00016448 0x00000128 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.61 GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x00016570 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.37 MS Windows icon resource - 2 icons, 32x32, 16-colors
RT_VERSION 0x00016594 0x00000430 LANG_NEUTRAL SUBLANG_NEUTRAL 3.49 data
RT_MANIFEST 0x000169c4 0x0000015a LANG_ENGLISH SUBLANG_ENGLISH_US 4.80 ASCII text, with CRLF line terminators

导入

库: KERNEL32.dll:
0x410010 GetProcAddress
0x410014 LoadLibraryA
0x410018 lstrcatA
0x41001c lstrlenA
0x410020 lstrcpyA
0x410024 GetModuleFileNameA
0x410028 CloseHandle
0x41002c WriteFile
0x410030 SetFilePointer
0x410034 MoveFileA
0x410038 DeleteFileA
0x41003c SetFileAttributesA
0x410040 lstrcpynA
0x410044 GetFileSize
0x410048 CreateFileA
0x410050 GetCurrentProcessId
0x410054 OutputDebugStringA
0x410058 GetTickCount
0x41005c GetCommandLineA
0x410060 WaitForSingleObject
0x410064 CreateEventA
0x410068 Sleep
0x41006c GetLastError
0x410070 CreateProcessA
0x410074 SetEvent
0x410078 FlushFileBuffers
0x41007c HeapSize
0x410080 ReadFile
0x410088 GetLocalTime
0x41008c GetCurrentThreadId
0x410090 FreeLibrary
0x410094 RtlUnwind
0x410098 GetStartupInfoA
0x41009c HeapFree
0x4100a0 GetCPInfo
0x4100ac GetACP
0x4100b0 GetOEMCP
0x4100b4 IsValidCodePage
0x4100b8 GetModuleHandleW
0x4100bc TlsGetValue
0x4100c0 TlsAlloc
0x4100c4 TlsSetValue
0x4100c8 TlsFree
0x4100cc SetLastError
0x4100d0 TerminateProcess
0x4100d4 GetCurrentProcess
0x4100e0 IsDebuggerPresent
0x4100e4 LCMapStringA
0x4100e8 WideCharToMultiByte
0x4100ec MultiByteToWideChar
0x4100f0 LCMapStringW
0x4100f4 GetStdHandle
0x4100f8 ExitProcess
0x41010c SetHandleCount
0x410110 GetFileType
0x410118 HeapCreate
0x41011c VirtualFree
0x410130 HeapAlloc
0x410134 VirtualAlloc
0x410138 HeapReAlloc
0x41013c GetStringTypeA
0x410140 GetStringTypeW
0x410144 GetLocaleInfoA
0x410148 GetConsoleCP
0x41014c GetConsoleMode
0x410150 RaiseException
0x410158 SetStdHandle
0x41015c WriteConsoleA
0x410160 GetConsoleOutputCP
0x410164 WriteConsoleW
库: USER32.dll:
0x41016c IsWindow
0x410170 SendMessageA
0x410174 CharUpperA
0x410178 FindWindowA
库: ADVAPI32.dll:
0x410000 RegQueryValueExA
0x410004 RegCloseKey
0x410008 RegOpenKeyExA
.text
`.rdata
@.data
.rsrc
u?WVj
D$`Pj
YQPVh
;5x5A
Fh=P1A
to=8<A
FhP1A
Y;=X7A
tehqM@
9=d]A
3541A
;5P]A
;5@<A
v$;5\<A
SVWUj
uL9=pLA
;5P]A
9=pLA
;=@]A
;5@]A
;5d]A
bad allocation
[%04d-%02d-%02d][%02d:%02d:%02d:%03d]
datapath
SOFTWARE\Rising\%s
ProcComm.dll
CreateProcCommInterFace
CreateProcCommFuncInterface
\RSCOMM
2.log
[%04u]
[0x%08X]
[FATAL]
[ALERT]
[WAINNING]
[ACTION]
[DETAIL]
DEBUG
LOGNAME
RAV.INI
RS_DEBUG_VIEW
LOGSIZE
OUTPUT
LEVEL
SubKey: %s
/PRODUCT=
EXE Path: %s
/PATH=
Invalid Param!
Failed to RegisterRpcCCenter!
Failed to CreateEvent!
CreateProcess %s Failed! Err Code: %d
Exit...
Begin running...
Start Process %s Successfully...
Start Process %s...
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
(null)
`h````
runtime error
Microsoft Visual C++ Runtime Library
<program name unknown>
Program:
bad exception
CorExitProcess
Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`RTTI
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
Unknown exception
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
CONOUT$
C:\DistributedAutoLink\Temp\CompileOutputDir\ravxp.pdb
FreeLibrary
GetLocalTime
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
LoadLibraryA
lstrcatA
lstrlenA
lstrcpyA
GetModuleFileNameA
CloseHandle
WriteFile
SetFilePointer
MoveFileA
DeleteFileA
SetFileAttributesA
lstrcpynA
GetFileSize
CreateFileA
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringA
GetTickCount
GetCommandLineA
WaitForSingleObject
CreateEventA
Sleep
GetLastError
CreateProcessA
SetEvent
KERNEL32.dll
CharUpperA
SendMessageA
IsWindow
FindWindowA
USER32.dll
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
ADVAPI32.dll
RtlUnwind
GetStartupInfoA
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStdHandle
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
VirtualAlloc
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
RaiseException
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
ReadFile
HeapSize
FlushFileBuffers
.?AVIRisingMessageCallback@@
.?AVCProcComHelp@CRpcCenterHelp@@
.?AV?$tImpModuleMid@VCProcComHelp@CRpcCenterHelp@@@rsdk@@
.?AVIImpModuleBase@rsdk@@
.?AVCRpcCenterHelp@@
.?AVCRavXp@@
.?AVtype_info@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_exception@std@@
.?AVexception@std@@
KERNEL32.DLL
(null)
mscoree.dll
VS_VERSION_INFO
StringFileInfo
040904b0
CompanyName
Beijing Rising Information Technology Co., Ltd.
FileDescription
ravxp Application
FileVersion
24.0.0.2
InternalName
Beijing Rising Information Technology Co., Ltd.
LegalCopyright
Copyright(C) 2010-2011 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.
OriginalFilename
ravxp.exe
ProductName
Rising AntiVirus 2012
ProductVersion
24.00
SpecialBuild
537597699843750
VarFileInfo
Translation
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20160830
MicroWorld-eScan 未发现病毒 20160831
nProtect 未发现病毒 20160831
CMC 未发现病毒 20160830
CAT-QuickHeal 未发现病毒 20160830
ALYac 未发现病毒 20160831
Malwarebytes 未发现病毒 20160831
VIPRE 未发现病毒 20160831
TheHacker 未发现病毒 20160829
BitDefender 未发现病毒 20160830
K7GW 未发现病毒 20160831
K7AntiVirus 未发现病毒 20160830
Baidu 未发现病毒 20160831
F-Prot 未发现病毒 20160831
Symantec 未发现病毒 20160831
ESET-NOD32 未发现病毒 20160831
TrendMicro-HouseCall 未发现病毒 20160831
Avast 未发现病毒 20160831
ClamAV 未发现病毒 20160831
Kaspersky 未发现病毒 20160831
Alibaba 未发现病毒 20160831
NANO-Antivirus 未发现病毒 20160831
ViRobot 未发现病毒 20160830
AegisLab 未发现病毒 20160831
Tencent 未发现病毒 20160831
Ad-Aware 未发现病毒 20160831
Sophos 未发现病毒 20160831
Comodo 未发现病毒 20160831
F-Secure 未发现病毒 20160831
DrWeb 未发现病毒 20160831
Zillya 未发现病毒 20160830
TrendMicro 未发现病毒 20160831
McAfee-GW-Edition 未发现病毒 20160831
Emsisoft 未发现病毒 20160831
Cyren 未发现病毒 20160831
Jiangmin 未发现病毒 20160831
Avira 未发现病毒 20160830
Antiy-AVL 未发现病毒 20160831
Kingsoft 未发现病毒 20160831
Microsoft 未发现病毒 20160831
Arcabit 未发现病毒 20160831
SUPERAntiSpyware 未发现病毒 20160831
AhnLab-V3 未发现病毒 20160830
GData 未发现病毒 20160831
TotalDefense 未发现病毒 20160831
McAfee 未发现病毒 20160831
AVware 未发现病毒 20160831
VBA32 未发现病毒 20160830
Zoner 未发现病毒 20160831
Rising 未发现病毒 20160831
Yandex 未发现病毒 20160830
Ikarus 未发现病毒 20160830
Fortinet 未发现病毒 20160831
AVG 未发现病毒 20160831
Panda 未发现病毒 20160830
CrowdStrike 未发现病毒 20160725
Qihoo-360 未发现病毒 20160831

进程树

ravxp.exe, PID: 2132, 上一级进程 PID: 1472
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
23.44.155.27 美国
183.131.192.12 中国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.70 51080 183.131.192.12 www.download.windowsupdate.com 80
192.168.122.70 51079 192.168.122.1 53
192.168.122.70 51081 23.44.155.27 ocsp.verisign.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.69 5355 192.168.122.70 60614
192.168.122.70 51435 192.168.122.1 53
192.168.122.70 53257 192.168.122.1 53
192.168.122.70 54531 192.168.122.1 53
192.168.122.70 57997 192.168.122.1 53
192.168.122.70 59485 192.168.122.1 53
192.168.122.70 64732 192.168.122.1 53
192.168.122.70 65276 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.download.windowsupdate.com A 122.224.10.248
CNAME fg.download.windowsupdate.com.mwcname.com
CNAME ipv6microsoft.dlmix.ourdvs.com
A 122.228.22.170
A 122.228.237.174
A 115.231.30.15
A 183.131.192.12
CNAME 2-01-3cf7-0009.cdx.cedexis.net
A 183.131.192.80
A 122.224.10.192
A 183.134.24.22
A 183.131.82.19
A 122.228.22.103
A 115.231.82.104
A 115.231.158.27
A 183.131.168.139
ocsp.verisign.com CNAME ocsp-ds.ws.symantec.com.edgekey.net
CNAME e8218.dscb1.akamaiedge.net
A 23.44.155.27

TCP

源地址 源端口 目标地址 目标端口
192.168.122.70 51080 183.131.192.12 www.download.windowsupdate.com 80
192.168.122.70 51079 192.168.122.1 53
192.168.122.70 51081 23.44.155.27 ocsp.verisign.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.69 5355 192.168.122.70 60614
192.168.122.70 51435 192.168.122.1 53
192.168.122.70 53257 192.168.122.1 53
192.168.122.70 54531 192.168.122.1 53
192.168.122.70 57997 192.168.122.1 53
192.168.122.70 59485 192.168.122.1 53
192.168.122.70 64732 192.168.122.1 53
192.168.122.70 65276 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 86402
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 14 Jan 2016 00:22:10 GMT
If-None-Match: "0e59c9b614ed11:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com
URL专业沙箱检测 -> http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X%2B%2BhEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X%2B%2BhEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
URL专业沙箱检测 -> http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE%2FlB8ILcQ1m6ShHvICEEhNCdUPKZdCUnK3l6oopVc%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE%2FlB8ILcQ1m6ShHvICEEhNCdUPKZdCUnK3l6oopVc%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
URL专业沙箱检测 -> http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE%2FlB8ILcQ1m6ShHvICEEhNCdUPKZdCUnK3l6oopVc%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE%2FlB8ILcQ1m6ShHvICEEhNCdUPKZdCUnK3l6oopVc%3D HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 16.981 seconds )

  • 15.029 NetworkAnalysis
  • 1.079 VirusTotal
  • 0.355 Static
  • 0.232 peid
  • 0.187 TargetInfo
  • 0.036 BehaviorAnalysis
  • 0.024 AnalysisInfo
  • 0.016 Strings
  • 0.009 config_decoder
  • 0.008 Debug
  • 0.003 Dropped
  • 0.002 Memory
  • 0.001 ProcessMemory

Signatures ( 0.063 seconds )

  • 0.012 antiav_detectreg
  • 0.005 persistence_autorun
  • 0.005 antiav_detectfile
  • 0.005 geodo_banking_trojan
  • 0.005 infostealer_ftp
  • 0.004 ransomware_files
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_im
  • 0.002 tinba_behavior
  • 0.002 antianalysis_detectreg
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.002 network_http
  • 0.002 network_torgateway
  • 0.001 betabot_behavior
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 modify_proxy
  • 0.001 browser_security
  • 0.001 md_domain_bl

Reporting ( 2.469 seconds )

  • 1.977 ReportPDF
  • 0.484 ReportHTMLSummary
  • 0.008 Malheur
Task ID 18286
Mongo ID 57ddedc04d3bd03918149c36
Cuckoo release 1.4-Maldun