比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64 2016-09-19 20:47:02 2016-09-19 20:48:11 69 秒

魔盾分数

3.9

可疑的

文件详细信息

文件名 BDDownloadExe.exe
文件大小 379384 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 8290c9574d4ecd0bf15fba0db886ce54
SHA1 67c544e30439d91e5795ef208c34fc21ee32c55f
SHA256 3186cc86b7c17b1c6c4b5d654c520e30528a5a73ce2ff1d6cf3c6f4dedab906c
SHA512 801d6b4d3cbd79df3b7c7766893ba3bad6ad8413990fc89813f4b25cd33c673774726a5a5092d1655a794f8b075e7d86bda6e4bc0d55a820b19660d1d473ceb9
CRC32 F7E65617
Ssdeep 6144:ZJwx+zTO02TvEUSzi1G6/InjNx9LtEmCR1/gxKrpU1QUTivm:ZJwx+zTBtzi18xzBEmCRixBivm
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
58.211.137.192 中国
60.190.116.46 中国
23.59.139.27 美国
23.59.133.163 美国
180.97.36.43 中国
122.228.22.208 中国
115.239.211.125 中国
117.18.237.29 亚洲太平洋地区

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.download.windowsupdate.com CNAME fg.download.windowsupdate.com.mwcname.com
CNAME ipv6microsoft.dlmix.ourdvs.com
A 122.228.237.175
A 183.131.210.60
A 122.228.22.208
A 122.228.22.104
A 115.231.84.168
A 183.131.168.143
CNAME 2-01-3cf7-0009.cdx.cedexis.net
A 183.131.192.80
A 122.228.237.148
A 122.228.237.147
A 115.231.82.105
A 150.138.167.176
A 183.134.53.144
A 183.131.168.139
ocsp.verisign.com CNAME ocsp-ds.ws.symantec.com.edgekey.net
CNAME e8218.dscb1.akamaiedge.net
A 23.59.139.27
s2.symcb.com
s1.symcb.com A 23.59.133.163
CNAME e6845.dscb1.akamaiedge.net
CNAME crl-ds.ws.symantec.com.edgekey.net
szcloud.baidu.com CNAME szcloud.n.shifen.com
A 180.97.36.43
dl.sz.baidu.com CNAME swszdl.jomodns.com
A 60.190.116.46
dr.cj.baidu.com A 115.239.211.125
CNAME drbr.n.shifen.com

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0042736f
声明校验值 0x00064a0f
实际校验值 0x00064a0f
最低操作系统版本要求 5.1
PDB路径 E:\clientci\workspace\bdwebadapter_trunk_compile\Basic\Output\BinRelease\BDDownloadExe.pdb
编译时间 2015-06-23 16:28:24

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
PrivateBuild
LegalTrademarks
Comments
ProductName
SpecialBuild
ProductVersion
FileDescription
OriginalFilename
Translation

微软证书验证 (Sign Tool)

SHA1 时间戳 有效性 错误
f5d27c248f702b2d5d731180f9373471ed1b9373 Thu Apr 21 15:03:56 2016
证书链 Certificate Chain 1
发行给 VeriSign Class 3 Public Primary Certification Authority - G5
发行人 VeriSign Class 3 Public Primary Certification Authority - G5
有效期 Thu Jul 17 075959 2036
SHA1 哈希 4eb6d578499b1ccf5f581ead56be3d9b6744a5e5
证书链 Certificate Chain 2
发行给 Symantec Class 3 SHA256 Code Signing CA
发行人 VeriSign Class 3 Public Primary Certification Authority - G5
有效期 Sun Dec 10 075959 2023
SHA1 哈希 007790f6561dad89b0bcd85585762495e358f8a5
证书链 Certificate Chain 3
发行给 BeiJing Baidu Netcom Science Technology Co., Ltd
发行人 Symantec Class 3 SHA256 Code Signing CA
有效期 Wed Feb 07 075959 2018
SHA1 哈希 acaed4be8c729a6ae5f4f82f5f183a9c4ebe7ae3
证书链 Timestamp Chain 1
发行给 Thawte Timestamping CA
发行人 Thawte Timestamping CA
有效期 Fri Jan 01 075959 2021
SHA1 哈希 be36a4562fb2ee05dbb3d32323adf445084ed656
证书链 Timestamp Chain 2
发行给 Symantec Time Stamping Services CA - G2
发行人 Thawte Timestamping CA
有效期 Thu Dec 31 075959 2020
SHA1 哈希 6c07453ffdda08b83707c09b82fb3d15f35336b1
证书链 Timestamp Chain 3
发行给 Symantec Time Stamping Services Signer - G4
发行人 Symantec Time Stamping Services CA - G2
有效期 Wed Dec 30 075959 2020
SHA1 哈希 65439929b67973eb192d6ff243e6767adf0834e4

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00043a44 0x00043c00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.61
.rdata 0x00045000 0x0000fc16 0x0000fe00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.64
.data 0x00055000 0x00008548 0x00002a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.10
.rsrc 0x0005e000 0x00000940 0x00000a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.78
.reloc 0x0005f000 0x000035d8 0x00003600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 6.65

覆盖

偏移量 0x0005a800
大小 0x000021f8

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_MENU 0x0005e1c0 0x0000004a LANG_ENGLISH SUBLANG_ENGLISH_US 2.71 data
RT_DIALOG 0x0005e620 0x00000148 LANG_ENGLISH SUBLANG_ENGLISH_US 3.24 data
RT_STRING 0x0005e768 0x00000054 LANG_ENGLISH SUBLANG_ENGLISH_US 2.23 data
RT_ACCELERATOR 0x0005e210 0x00000010 LANG_ENGLISH SUBLANG_ENGLISH_US 1.80 data
RT_VERSION 0x0005e220 0x000003fc LANG_ENGLISH SUBLANG_ENGLISH_US 3.74 data
RT_MANIFEST 0x0005e7c0 0x0000017d LANG_ENGLISH SUBLANG_ENGLISH_US 4.91 XML 1.0 document text

导入

库: KERNEL32.dll:
0x445030 CreateFileW
0x445034 DeleteFileW
0x445038 DecodePointer
0x44503c ReadFile
0x445040 GetCurrentThreadId
0x445044 HeapAlloc
0x445048 HeapFree
0x44504c HeapReAlloc
0x445050 HeapSize
0x445054 GetProcessHeap
0x445060 GetLocalTime
0x445064 GetTempPathW
0x445068 CreateProcessW
0x44506c CreateEventW
0x445070 ResetEvent
0x445080 GetModuleFileNameW
0x445084 FreeLibrary
0x445088 GetCurrentProcess
0x445090 GetModuleHandleExW
0x445098 GetCurrentProcessId
0x4450a0 TerminateProcess
0x4450a4 GetCommandLineW
0x4450ac Process32FirstW
0x4450b0 lstrcmpiW
0x4450b4 Process32NextW
0x4450b8 GetFileAttributesW
0x4450bc GetVersionExW
0x4450c0 SetLastError
0x4450c4 SetEvent
0x4450c8 GetProcAddress
0x4450cc Sleep
0x4450d0 CopyFileW
0x4450d4 WideCharToMultiByte
0x4450d8 GetFileSize
0x4450dc WriteFile
0x4450e0 FindFirstFileW
0x4450e4 FindClose
0x4450ec GlobalFree
0x4450f4 DuplicateHandle
0x4450f8 GetSystemDirectoryW
0x4450fc DeviceIoControl
0x445100 CreateFileMappingW
0x445104 MapViewOfFile
0x445108 UnmapViewOfFile
0x44510c OpenProcess
0x445110 GetModuleHandleW
0x44511c InterlockedExchange
0x445120 OutputDebugStringW
0x445124 GetSystemInfo
0x445128 GetModuleFileNameA
0x44512c EncodePointer
0x445130 GetStringTypeW
0x445134 IsDebuggerPresent
0x445138 ReadConsoleW
0x44513c SetStdHandle
0x445140 SetFilePointerEx
0x445148 FlushFileBuffers
0x445150 GetFullPathNameW
0x445154 PeekNamedPipe
0x445160 GetConsoleMode
0x445164 LoadLibraryW
0x445170 RaiseException
0x445174 MultiByteToWideChar
0x44517c WaitForSingleObject
0x445180 GetLastError
0x445184 CloseHandle
0x445188 WriteConsoleW
0x44518c SetEndOfFile
0x445190 GetTickCount
0x445194 GetConsoleCP
0x4451a4 GetFileType
0x4451a8 GetStdHandle
0x4451ac GetOEMCP
0x4451b0 GetACP
0x4451b4 IsValidCodePage
0x4451b8 AreFileApisANSI
0x4451bc ExitProcess
0x4451c0 EnumSystemLocalesW
0x4451c4 GetUserDefaultLCID
0x4451c8 IsValidLocale
0x4451cc GetLocaleInfoW
0x4451d0 LCMapStringW
0x4451d4 CompareStringW
0x4451d8 GetStartupInfoW
0x4451dc TlsFree
0x4451e0 TlsSetValue
0x4451e4 TlsGetValue
0x4451e8 TlsAlloc
0x4451f0 GetCPInfo
0x4451f4 RtlUnwind
0x4451f8 CreateDirectoryW
0x445204 CreateThread
0x445208 ExitThread
0x44520c LoadLibraryExW
0x445214 FindFirstFileExW
0x445218 GetDriveTypeW
库: USER32.dll:
0x445268 DispatchMessageW
0x44526c GetMessageW
0x445270 IsWindow
0x445274 FindWindowA
0x445278 DefWindowProcW
0x44527c TranslateMessage
0x445280 PostMessageW
0x445284 CreateWindowExW
0x445288 SetWindowLongW
0x44528c DestroyWindow
0x445290 SendMessageTimeoutW
库: ADVAPI32.dll:
0x445000 RegQueryValueExW
0x445004 RegDeleteValueW
0x445008 DuplicateTokenEx
0x445010 GetTokenInformation
0x445014 OpenProcessToken
0x445018 RegQueryValueExA
0x44501c RegOpenKeyExA
0x445020 RegSetValueExW
0x445024 RegOpenKeyExW
0x445028 RegCloseKey
库: ole32.dll:
0x4452ac CLSIDFromString
0x4452b0 StringFromCLSID
库: SHELL32.dll:
0x44522c None
0x445230 ShellExecuteW
0x445234 ShellExecuteExW
0x445238 None
0x44523c CommandLineToArgvW
库: SHLWAPI.dll:
0x445248 PathAppendW
0x44524c SHGetValueW
0x445250 PathRemoveFileSpecW
0x445254 PathFindFileNameW
0x445258 SHDeleteKeyW
0x44525c SHSetValueW
0x445260 PathFileExistsW
库: NETAPI32.dll:
0x445220 Netbios
库: WTSAPI32.dll:
0x4452a4 WTSQueryUserToken
库: USERENV.dll:
.text
`.rdata
@.data
.rsrc
@.reloc
t,jTj
;58bD
D$pPj
SVPWj
SVh8
L$0Qj
Vh0IA
CD$PPh
CD$PPh
CD$$PQWj
CD$,PQWj
D$ Pj
Ph@VD
Ph0XD
PhhXD
PhlYD
Qh<\D
QhD[D
Qh,ZD
>h#{B
PhHqD
PhHqD
PhHqD
PhHqD
Vhj^B
Ph`RE
Ph`RE
3=`RE
t6h`RE
YYhHSD
Fh@WE
;5dYE
jdhH8E
Ph`RE
URPQQhp>C
3=`RE
jlh 9E
SVWUj
IsWow64Process
bad allocation
permission denied
file exists
no such device
filename too long
device or resource busy
io error
directory not empty
invalid argument
no space on device
no such file or directory
function not supported
no lock available
not enough memory
resource unavailable try again
cross device link
operation canceled
too many files open
permission_denied
address_in_use
address_not_available
address_family_not_supported
connection_already_in_progress
bad_file_descriptor
connection_aborted
connection_refused
connection_reset
destination_address_required
bad_address
host_unreachable
operation_in_progress
interrupted
invalid_argument
already_connected
too_many_files_open
message_size
filename_too_long
network_down
network_reset
network_unreachable
no_buffer_space
no_protocol_option
not_connected
not_a_socket
operation_not_supported
protocol_not_supported
wrong_protocol_type
timed_out
operation_would_block
address family not supported
address in use
address not available
already connected
argument list too long
argument out of domain
bad address
bad file descriptor
bad message
broken pipe
connection aborted
connection already in progress
connection refused
connection reset
destination address required
executable format error
file too large
host unreachable
identifier removed
illegal byte sequence
inappropriate io control operation
invalid seek
is a directory
message size
network down
network reset
network unreachable
no buffer space
no child process
no link
no message available
no message
no protocol option
no stream resources
no such device or address
no such process
not a directory
not a socket
not a stream
not connected
not supported
operation in progress
operation not permitted
operation not supported
operation would block
owner dead
protocol error
protocol not supported
read only file system
resource deadlock would occur
result out of range
state not recoverable
stream timeout
text file busy
timed out
too many files open in system
too many links
too many symbolic link levels
value too large
wrong protocol type
0123456789abcdefghijklmnopqrstuvwxyz
0123456789abcdefghijklmnopqrstuvwxyz
M(knN
0123456789abcdefABCDEF
RoInitialize
RoUninitialize
Unknown exception
bad exception
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CreateEventExW
CreateSemaphoreExW
SetThreadStackGuarantee
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
FlushProcessWriteBuffers
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
GetLogicalProcessorInformation
CreateSymbolicLinkW
SetDefaultDllDirectories
EnumSystemLocalesEx
CompareStringEx
GetDateFormatEx
GetLocaleInfoEx
GetTimeFormatEx
GetUserDefaultLocaleName
IsValidLocaleName
LCMapStringEx
GetCurrentPackageId
GetTickCount64
GetFileInformationByHandleExW
SetFileInformationByHandleW
CorExitProcess
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
March
April
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
(null)
`h````
log10
atan2
floor
ldexp
_cabs
_hypot
frexp
_logb
_nextafter
CreateFile2
e+000
UTF-8
UTF-16LE
UNICODE
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`RTTI
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
MessageBoxW
GetActiveWindow
GetLastActivePopup
GetUserObjectInformationW
GetProcessWindowStation
1#SNAN
1#IND
1#INF
1#QNAN
bad lexical cast: source type value could not be interpreted as target
%4d/%02d/%02d
json info: %s
subcode
version
pkg_md5
dll_md5
StartInstallFromDownloader
StartInstall
vector<T> too long
0123456789ABCDEFabcdef-+XxPp
0123456789-+Ee
0123456789ABCDEFabcdef-+Xx
false
bad locale name
ios_base::badbit set
ios_base::failbit set
generic
iostream
iostream stream error
unknown error
ios_base::eofbit set
P7*3T
P7*3T
bad cast
invalid string position
string too long
system
map/set<T> too long
utf-8
utf-16
gb2312
GetAdaptersInfo
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
%s\Connection
MediaSubType
PnpInstanceID
SCSIDISK
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpReadData
WinHttpCloseHandle
WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpSetOption
WinHttpSetStatusCallback
bdmlog%d%02d%02d%02d%02d%02d_%d.log
DbgView_BDShadu
Comments must start with /
Type is not convertible to string
integer out of signed integer range
Real out of signed integer range
Type is not convertible to int
A valid JSON document must be either an array or an object value.
Syntax error: value, object or array expected.
Missing ':' after object member name
Missing ',' or '}' in object declaration
Missing '}' or object member name
Missing ',' or ']' in array declaration
' is not a number.
Empty escape sequence in string
Bad escape sequence in string
additional six characters expected to parse unicode surrogate pair.
expecting another \u token to begin the second half of a unicode surrogate pair
Bad unicode escape sequence in string: four digits expected.
Bad unicode escape sequence in string: hexadecimal digit expected.
deque<T> too long
0123456789ABCDEF
raB3G
E:\clientci\workspace\bdwebadapter_trunk_compile\Basic\Output\BinRelease\BDDownloadExe.pdb
CloseHandle
GetLastError
WaitForSingleObject
DeleteCriticalSection
MultiByteToWideChar
RaiseException
InitializeCriticalSectionAndSpinCount
LoadLibraryW
GetProcAddress
CreateFileW
DeleteFileW
DecodePointer
ReadFile
GetCurrentThreadId
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
ExpandEnvironmentStringsW
QueryPerformanceCounter
GetLocalTime
GetTempPathW
CreateProcessW
CreateEventW
ResetEvent
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
FreeLibrary
GetCurrentProcess
SetUnhandledExceptionFilter
GetModuleHandleExW
GlobalMemoryStatusEx
GetCurrentProcessId
WaitForMultipleObjects
TerminateProcess
GetCommandLineW
CreateToolhelp32Snapshot
Process32FirstW
lstrcmpiW
Process32NextW
GetFileAttributesW
GetVersionExW
SetLastError
SetEvent
GetTickCount
Sleep
CopyFileW
WideCharToMultiByte
GetFileSize
WriteFile
FindFirstFileW
FindClose
InterlockedDecrement
GlobalFree
InterlockedIncrement
DuplicateHandle
GetSystemDirectoryW
DeviceIoControl
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
OpenProcess
GetModuleHandleW
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
InterlockedExchange
OutputDebugStringW
GetSystemInfo
GetModuleFileNameA
EncodePointer
GetStringTypeW
IsDebuggerPresent
KERNEL32.dll
GetMessageW
DispatchMessageW
TranslateMessage
PostMessageW
CreateWindowExW
SetWindowLongW
DestroyWindow
DefWindowProcW
IsWindow
FindWindowA
SendMessageTimeoutW
USER32.dll
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExA
RegQueryValueExA
OpenProcessToken
GetTokenInformation
CreateProcessAsUserW
DuplicateTokenEx
RegDeleteValueW
ADVAPI32.dll
StringFromCLSID
CLSIDFromString
ole32.dll
CommandLineToArgvW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
SHELL32.dll
SHGetValueW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW
PathFindFileNameW
SHDeleteKeyW
SHSetValueW
SHLWAPI.dll
Netbios
NETAPI32.dll
WTSQueryUserToken
WTSAPI32.dll
CreateEnvironmentBlock
DestroyEnvironmentBlock
USERENV.dll
CreateThread
ExitThread
LoadLibraryExW
IsProcessorFeaturePresent
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateDirectoryW
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
AreFileApisANSI
IsValidCodePage
GetACP
GetOEMCP
GetStdHandle
GetFileType
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleCP
GetConsoleMode
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
GetFullPathNameW
GetCurrentDirectoryW
FlushFileBuffers
GetTimeZoneInformation
SetFilePointerEx
SetStdHandle
ReadConsoleW
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableA
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_alloc@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AV_Locimp@locale@std@@
.?AVtype_info@@
.?AVbad_exception@std@@
.?AVDownloadHelper@@
.?AVCHttpDownloadSink@@
.?AV?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AV?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_iostream@DU?$char_traits@D@std@@@std@@
.?AV?$numpunct@D@std@@
.?AV?$ctype@D@std@@
.?AUctype_base@std@@
.?AVfacet@locale@std@@
.?AV_Iostream_error_category@std@@
.?AV_Generic_error_category@std@@
.?AVerror_category@std@@
.?AVfailure@ios_base@std@@
.?AVsystem_error@std@@
.?AV_System_error@std@@
.?AVruntime_error@std@@
.?AVexception@std@@
.?AVbad_cast@std@@
.?AVbad_lexical_cast@fund@@
.?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV_Facet_base@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_istream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AV_System_error_category@std@@
.?AVCheckCompetingProductsExistedProcess@ns_ad@@
.?AVCheckCompetingProductsExistedBase@ns_ad@@
.?AVCCmdLine@BDExpert@@
.?AVCHttpDownloadImp@@
.?AVIHttpDownload@@
.?AVCSeqIDGen@GUID@Base@@
.?AV?$scoped_lock@Vcritical_section@lock@Base@@@lock@Base@@
.?AVcritical_section@lock@Base@@
.?AVnoncopyable@Base@@
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AV?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AVCWinHttpFile@@
.?AVCDownloadFile@@
.?AVCEventLogger@log@BDExpert@@
.?AVCLogViewLogger@log@BDExpert@@
.?AVCFileLogger@log@BDExpert@@
.?AVCOutPutDebugLogger@log@BDExpert@@
.?AVCConsoleTerminalLogger@log@BDExpert@@
.?AVCBaseLogger@log@BDExpert@@
.?AUILogger@log@BDExpert@@
.?AVValueAllocator@Json@@
.?AVDefaultValueAllocator@Json@@
>f?u?
=V>h>
>>?E?O?
? ?.?7?G?Q?V?[?b?w?
2B2M2_2Z7
?#?)?
3);/;
:':1:;:
3 3$3(34383<3
: :$:0:4:<:@:D:H:
0 0(00080
0x1|1
989\9
^p;*+zj
ErrorString=%s, @%ws -> %d
winsta0\default
Fabulous::LaunchProcessAsLoggedUser
Cannot obtain admin token!
ErrorString=%s, @%ws -> %d
Fabulous::LaunchProcessAsCurrentProcessToken
ErrorCode=%x, @%ws -> %d
runas
kernel32
Fabulous::QueryActiveUserToken
Cannot get active session!
ErrorString=%s, @%ws -> %d
Active Session ID: %d
Query user token failed(error code:%d)! Try another way!
explorer.exe
Fabulous::QueryActiveUserToken
Faile to find explorer.exe!
ErrorString=%s, @%ws -> %d
Fabulous::GetCurrentExePath
Fabulous::QueryActiveUserToken
ErrorCode=%x, @%ws -> %d
ErrorCode=%x, @%ws -> %d
session id: %d, explore session id: %d
Fabulous::QueryActiveUserToken
ErrorCode=%x, @%ws -> %d
Fabulous::QueryActiveUserToken
ErrorCode=%x, @%ws -> %d
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Fabulous::GetCurrentModulePath
ErrorCode=%x, @%ws -> %d
Fabulous::GetCurrentModulePath
ErrorCode=%x, @%ws -> %d
Fabulous::TraverseProcesses
ErrorCode=%x, @%ws -> %d
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Debugger
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
HKEY_CLASSES_ROOT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_USER
HKEY_DYN_DATA
HKEY_LOCAL_MACHINE
HKEY_PERFORMANCE_DATA
HKEY_USERS
Fabulous::LaunchProcess
ErrorCode=%x, @%ws -> %d
ErrorCode=%x, @%ws -> %d
Fabulous::LaunchProcessWithToken
ErrorCode=%x, @%ws -> %d
Fabulous::_LaunchProcessWithToken
ErrorCode=%x, @%ws -> %d
Fabulous::_LaunchProcessWithToken
ErrorCode=%x, @%ws -> %d
Fabulous::LaunchProcessAsLoggedUser
Fabulous::LaunchProcessAsLoggedUser
token is invalid!
@{%ws}
combase.dll
kernel32.dll
zh-CHS
ar-SA
bg-BG
ca-ES
zh-TW
cs-CZ
da-DK
de-DE
el-GR
en-US
fi-FI
fr-FR
he-IL
hu-HU
is-IS
it-IT
ja-JP
ko-KR
nl-NL
nb-NO
pl-PL
pt-BR
ro-RO
ru-RU
hr-HR
sk-SK
sq-AL
sv-SE
th-TH
tr-TR
ur-PK
id-ID
uk-UA
be-BY
sl-SI
et-EE
lv-LV
lt-LT
fa-IR
vi-VN
hy-AM
az-AZ-Latn
eu-ES
mk-MK
tn-ZA
xh-ZA
zu-ZA
af-ZA
ka-GE
fo-FO
hi-IN
mt-MT
se-NO
ms-MY
kk-KZ
ky-KG
sw-KE
uz-UZ-Latn
tt-RU
bn-IN
pa-IN
gu-IN
ta-IN
te-IN
kn-IN
ml-IN
mr-IN
sa-IN
mn-MN
cy-GB
gl-ES
kok-IN
syr-SY
div-MV
quz-BO
ns-ZA
mi-NZ
ar-IQ
zh-CN
de-CH
en-GB
es-MX
fr-BE
it-CH
nl-BE
nn-NO
pt-PT
sr-SP-Latn
sv-FI
az-AZ-Cyrl
se-SE
ms-BN
uz-UZ-Cyrl
quz-EC
ar-EG
zh-HK
de-AT
en-AU
es-ES
fr-CA
sr-SP-Cyrl
se-FI
quz-PE
ar-LY
zh-SG
de-LU
en-CA
es-GT
fr-CH
hr-BA
smj-NO
ar-DZ
zh-MO
de-LI
en-NZ
es-CR
fr-LU
bs-BA-Latn
smj-SE
ar-MA
en-IE
es-PA
fr-MC
sr-BA-Latn
sma-NO
ar-TN
en-ZA
es-DO
sr-BA-Cyrl
sma-SE
ar-OM
en-JM
es-VE
sms-FI
ar-YE
en-CB
es-CO
smn-FI
ar-SY
en-BZ
es-PE
ar-JO
en-TT
es-AR
ar-LB
en-ZW
es-EC
ar-KW
en-PH
es-CL
ar-AE
es-UY
ar-BH
es-PY
ar-QA
es-BO
es-SV
es-HN
es-NI
es-PR
zh-CHT
af-za
ar-ae
ar-bh
ar-dz
ar-eg
ar-iq
ar-jo
ar-kw
ar-lb
ar-ly
ar-ma
ar-om
ar-qa
ar-sa
ar-sy
ar-tn
ar-ye
az-az-cyrl
az-az-latn
be-by
bg-bg
bn-in
bs-ba-latn
ca-es
cs-cz
cy-gb
da-dk
de-at
de-ch
de-de
de-li
de-lu
div-mv
el-gr
en-au
en-bz
en-ca
en-cb
en-gb
en-ie
en-jm
en-nz
en-ph
en-tt
en-us
en-za
en-zw
es-ar
es-bo
es-cl
es-co
es-cr
es-do
es-ec
es-es
es-gt
es-hn
es-mx
es-ni
es-pa
es-pe
es-pr
es-py
es-sv
es-uy
es-ve
et-ee
eu-es
fa-ir
fi-fi
fo-fo
fr-be
fr-ca
fr-ch
fr-fr
fr-lu
fr-mc
gl-es
gu-in
he-il
hi-in
hr-ba
hr-hr
hu-hu
hy-am
id-id
is-is
it-ch
it-it
ja-jp
ka-ge
kk-kz
kn-in
kok-in
ko-kr
ky-kg
lt-lt
lv-lv
mi-nz
mk-mk
ml-in
mn-mn
mr-in
ms-bn
ms-my
mt-mt
nb-no
nl-be
nl-nl
nn-no
ns-za
pa-in
pl-pl
pt-br
pt-pt
quz-bo
quz-ec
quz-pe
ro-ro
ru-ru
sa-in
se-fi
se-no
se-se
sk-sk
sl-si
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sq-al
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
sv-fi
sv-se
sw-ke
syr-sy
ta-in
te-in
th-th
tn-za
tr-tr
tt-ru
uk-ua
ur-pk
uz-uz-cyrl
uz-uz-latn
vi-vn
xh-za
zh-chs
zh-cht
zh-cn
zh-hk
zh-mo
zh-sg
zh-tw
zu-za
mscoree.dll
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
March
April
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
(null)
runtime error
Program:
<program name unknown>
Microsoft Visual C++ Runtime Library
UTF-8
UTF-16LE
UNICODE
CLC_ALL
LC_COLLATE
LC_CTYPE
LC_MONETARY
LC_NUMERIC
LC_TIME
2.exe
USER32.DLL
american
american english
american-english
australian
belgian
canadian
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
dutch-belgian
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
french-belgian
french-canadian
french-luxembourg
french-swiss
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
irish-english
italian-swiss
norwegian
norwegian-bokmal
norwegian-nynorsk
portuguese-brazilian
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
spanish-uruguay
spanish-venezuela
swedish-finland
swiss
america
britain
china
czech
england
great britain
holland
hong-kong
new-zealand
pr china
pr-china
puerto-rico
slovak
south africa
south korea
south-africa
south-korea
trinidad & tobago
united-kingdom
united-states
CONOUT$
Version
%u-%u%u
DownloadHelper::DownloadHelper constructor!
..\..\BrowserPlugins\BDWebDownload\DownloadHelper.cpp
%TEMP%
\BDWebAdapterZip.dll
The path is %ws
\BDWebAdapterSetup.exe
DownloadHelper::Init()
dll path is %ws
file %ws is exist!
Can't delete the file %ws, error code is %d
file %ws is deleted!
exe path is %ws
http://szcloud.baidu.com/swapp/cloudpkg?
req_data={"supplyid":%s,"com":%d,"way":%d,"guid":"%s","time":"%s","cmd":"102","status":%d,"errorcode":%d}
install finish datareport :%s
\datareport.tmp
DownloadHelper::Run()
bdwebadapter install dir find failure!
BDWebAdapterSvc.exe
bdwebadapter update file doesn't exist!
the strSvc = %ws
launch update failure, error code = %d
DownloadHelper::GetResult()
m_install_success = %d
product
req_data={"supplyid":%s,"com":%d,"way":%d,"guid":"%s","time":"%s","cmd":"101"}
datareport :%s
url is :%s
downloadthread!
create downloader error!!!
\info.tmp
info fileis : %s
launch downloader failed, downloadinfo
elegant exit thread!!
5version is: %s , url is: %s
SOFTWARE\Baidu\BDWebAdapter
infofile DownLoad Complete!!
GetUrlFromInfo %d
launch downloader failed!!!
file DownLoad Complete!!
The download file is not exist!
Cannot launch process!
setevent !!
%d, errorcode:%d
install finish report error!!
load BDWebAdapterZip.dll error %d
install id = %d
ginstallDir
BDBugReport.exe
"%s%s" /crash /id=%u /id1=%p
SOFTWARE\baidu\BDWebAdapter
download id = %d
BDDownloadExe.cpp
download param = %ws
Default
BDMIpc
HTTP_SEARCH
Common
Dispatch
Clinic_UI
ExpertCore
BDE_Shell
PerceptionShell
Enforce_API
P2PDownload
BDExpertDemo
SysInfo
EnforceKit
BDExUpdate_exe
BDExUpdate_dll
BDExMiniInstallHelper
DownloadAdapter
BDExInstallHelper
BDExBrowserPluginHelper
NoDistrubMgr
BDExETLEventLog
BDExpertShellLib_LuaConfig
BDExPluginExe
BDExpertBSOD
DNSFixer
BDExFixerUI
BDExFixHelperLib
WebAdapterSvc
FullOptimize
DnsOptLib
XWebComponent
BrowserHOOK
BrowserPlugin
B%02x
ErrorCode=0x%x, @%ws -> %d
GetRegValue
BrowserCommon.cpp
InstallDir
GetInstallDir
GetInstallVersion
CHttpDownloadImp::Download m_bRunning is true, return
HttpDownload.cpp
CHttpDownloadImp::Download m_pSink == NULL
CHttpDownloadImp::Download, url=%s, destPath=%s
Support Winhttp
STATIC
CHttpDownloadImp::Download CreateWindowEx failed
unknown
QMDownload
WaitForSingleObject hStopEvent, user abort
CHttpDownloadImp::WorkThread success POST MSG_DOWNLOAD_COMPLETE, ERR = %d.
CHttpDownloadImp::MoveDownloadFile SHCreateDirectoryEx failed, return: %d.
CHttpDownloadImp::MoveDownloadFile, target:%s
\Baidu\Common
\Global.db
WinHttpGetIEProxyConfigForCurrentUser failed, err=%d
WinHttpFile.cpp
WinHttpGetProxyForUrl failed, err=%d
GetAutoProxyForUrl. User defined proxy: %s
WinHttpReceiveResponse failed, err=%d
AsyncCallback WINHTTP_CALLBACK_STATUS_HANDLE_CLOSING
WINHTTP_CALLBACK_STATUS_REDIRECT, redirect url: %s
Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; QQPCMgr7.0)
WinHttpOpen failed, err=%d
WinHttpConnect failed, err=%d
HTTP/1.1
WinHttpOpenRequest failed, err=%d
CreateMyContext failed, err=%d
WinHttpSetOption failed, err=%d
WinHttpSendRequest failed, err=%d
CWinHttpFile::Open wait m_hRequestEvent failed, dwWait=%d
WinHttpQueryHeaders status code: %d, error:%d
WinHttpQueryHeaders file size:%d
CWinHttpFile::Open return: %d
CWinHttpFile::Read err for session closed:%08x
CWinHttpFile::Read wait m_hReadEvent failed, dwWait=%d
CWinHttpFile::Close
Biphlpapi.dll
I\\.\PhysicalDrive%d
\\.\Scsi%d:
winhttp.dll
{%ws}
fatal
error
warning
debug
{2208DC93-FFDF-4c8c-9F8E-BFA064706CCF}
SOFTWARE\baidu\BDMLOG
EnableLogType
EnableLogLevel
EnableLogModule
(%d) %02d:%02d:%02d.%03d %s %s:
&File
iE&xit
&Help
h&About ...
VS_VERSION_INFO
StringFileInfo
080404b0
Comments
2015-06-23T16:27:45.421000
CompanyName
FileDescription
FileVersion
3.0.238.0
InternalName
BDDownloadExe.exe
LegalCopyright
Copyright (C) 2014 Baidu Inc.
LegalTrademarks
Baidu
OriginalFilename
BDDownloadExe.exe
PrivateBuild
3.0.238.0
ProductName
Baidu Web Component
ProductVersion
3.0.238.0
SpecialBuild
VarFileInfo
Translation
About BDDownloadExe
MS Shell Dlg
BDDownloadExe, Version 1.0
Copyright (C) 2015
BDDownloadExe
BDDOWNLOADEXE
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav W32.HfsAdware.9CF6 20160718
MicroWorld-eScan 未发现病毒 20160718
nProtect 未发现病毒 20160718
CMC 未发现病毒 20160715
CAT-QuickHeal 未发现病毒 20160718
ALYac 未发现病毒 20160718
Malwarebytes 未发现病毒 20160718
VIPRE 未发现病毒 20160718
SUPERAntiSpyware 未发现病毒 20160718
TheHacker 未发现病毒 20160717
BitDefender 未发现病毒 20160718
K7GW 未发现病毒 20160718
K7AntiVirus 未发现病毒 20160718
Baidu 未发现病毒 20160718
Cyren 未发现病毒 20160718
Symantec 未发现病毒 20160718
ESET-NOD32 未发现病毒 20160718
TrendMicro-HouseCall 未发现病毒 20160718
Avast 未发现病毒 20160718
ClamAV 未发现病毒 20160718
Kaspersky 未发现病毒 20160718
Alibaba 未发现病毒 20160718
NANO-Antivirus 未发现病毒 20160718
ViRobot 未发现病毒 20160718
Ad-Aware 未发现病毒 20160718
Sophos 未发现病毒 20160718
Comodo 未发现病毒 20160718
F-Secure 未发现病毒 20160718
DrWeb 未发现病毒 20160718
Zillya 未发现病毒 20160718
TrendMicro 未发现病毒 20160718
McAfee-GW-Edition 未发现病毒 20160718
Emsisoft 未发现病毒 20160718
F-Prot 未发现病毒 20160718
Jiangmin 未发现病毒 20160718
Avira 未发现病毒 20160718
Antiy-AVL 未发现病毒 20160718
Kingsoft 未发现病毒 20160718
Microsoft 未发现病毒 20160718
Arcabit 未发现病毒 20160718
AegisLab Virus.Gen!c 20160718
GData 未发现病毒 20160718
AhnLab-V3 未发现病毒 20160718
McAfee 未发现病毒 20160718
AVware 未发现病毒 20160718
VBA32 未发现病毒 20160718
Zoner 未发现病毒 20160718
Tencent 未发现病毒 20160718
Ikarus 未发现病毒 20160718
Fortinet 未发现病毒 20160718
AVG Generic.7E6 20160718
Panda 未发现病毒 20160718
Qihoo-360 未发现病毒 20160718

进程树

BDDownloadExe.exe, PID: 1360, 上一级进程 PID: 768
gpupdate.exe, PID: 1892, 上一级进程 PID: 1360
regsvr32.exe, PID: 856, 上一级进程 PID: 1360
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
58.211.137.192 中国
60.190.116.46 中国
23.59.139.27 美国
23.59.133.163 美国
180.97.36.43 中国
122.228.22.208 中国
115.239.211.125 中国
117.18.237.29 亚洲太平洋地区

TCP

源地址 源端口 目标地址 目标端口
192.168.122.69 59236 115.239.211.125 dr.cj.baidu.com 80
192.168.122.69 59209 122.228.22.208 www.download.windowsupdate.com 80
192.168.122.69 59218 180.97.36.43 szcloud.baidu.com 80
192.168.122.69 59238 180.97.36.43 szcloud.baidu.com 80
192.168.122.69 59208 192.168.122.1 53
192.168.122.69 59210 23.32.241.32 80
192.168.122.69 59211 23.59.139.27 ocsp.verisign.com 80
192.168.122.69 59213 23.59.139.27 ocsp.verisign.com 80
192.168.122.69 59219 60.190.116.46 dl.sz.baidu.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.69 52431 192.168.122.1 53
192.168.122.69 52625 192.168.122.1 53
192.168.122.69 52766 192.168.122.1 53
192.168.122.69 54186 192.168.122.1 53
192.168.122.69 56589 192.168.122.1 53
192.168.122.69 57235 192.168.122.1 53
192.168.122.69 58396 192.168.122.1 53
192.168.122.69 58738 192.168.122.1 53
192.168.122.69 59029 192.168.122.1 53
192.168.122.69 59966 192.168.122.1 53
192.168.122.69 63333 192.168.122.1 53
192.168.122.70 5355 192.168.122.69 53197

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.download.windowsupdate.com CNAME fg.download.windowsupdate.com.mwcname.com
CNAME ipv6microsoft.dlmix.ourdvs.com
A 122.228.237.175
A 183.131.210.60
A 122.228.22.208
A 122.228.22.104
A 115.231.84.168
A 183.131.168.143
CNAME 2-01-3cf7-0009.cdx.cedexis.net
A 183.131.192.80
A 122.228.237.148
A 122.228.237.147
A 115.231.82.105
A 150.138.167.176
A 183.134.53.144
A 183.131.168.139
ocsp.verisign.com CNAME ocsp-ds.ws.symantec.com.edgekey.net
CNAME e8218.dscb1.akamaiedge.net
A 23.59.139.27
s2.symcb.com
s1.symcb.com A 23.59.133.163
CNAME e6845.dscb1.akamaiedge.net
CNAME crl-ds.ws.symantec.com.edgekey.net
szcloud.baidu.com CNAME szcloud.n.shifen.com
A 180.97.36.43
dl.sz.baidu.com CNAME swszdl.jomodns.com
A 60.190.116.46
dr.cj.baidu.com A 115.239.211.125
CNAME drbr.n.shifen.com

TCP

源地址 源端口 目标地址 目标端口
192.168.122.69 59236 115.239.211.125 dr.cj.baidu.com 80
192.168.122.69 59209 122.228.22.208 www.download.windowsupdate.com 80
192.168.122.69 59218 180.97.36.43 szcloud.baidu.com 80
192.168.122.69 59238 180.97.36.43 szcloud.baidu.com 80
192.168.122.69 59208 192.168.122.1 53
192.168.122.69 59210 23.32.241.32 80
192.168.122.69 59211 23.59.139.27 ocsp.verisign.com 80
192.168.122.69 59213 23.59.139.27 ocsp.verisign.com 80
192.168.122.69 59219 60.190.116.46 dl.sz.baidu.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.69 52431 192.168.122.1 53
192.168.122.69 52625 192.168.122.1 53
192.168.122.69 52766 192.168.122.1 53
192.168.122.69 54186 192.168.122.1 53
192.168.122.69 56589 192.168.122.1 53
192.168.122.69 57235 192.168.122.1 53
192.168.122.69 58396 192.168.122.1 53
192.168.122.69 58738 192.168.122.1 53
192.168.122.69 59029 192.168.122.1 53
192.168.122.69 59966 192.168.122.1 53
192.168.122.69 63333 192.168.122.1 53
192.168.122.70 5355 192.168.122.69 53197

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 86402
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 14 Jan 2016 00:22:10 GMT
If-None-Match: "0e59c9b614ed11:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com
URL专业沙箱检测 -> http://www.msftncsi.com/ncsi.txt 
GET /ncsi.txt HTTP/1.1
Connection: Close
User-Agent: Microsoft NCSI
Host: www.msftncsi.com
URL专业沙箱检测 -> http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X%2B%2BhEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18%2BP0%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X%2B%2BhEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18%2BP0%3D HTTP/1.1
Cache-Control: max-age = 603676
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 08:43:57 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
URL专业沙箱检测 -> http://s2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCED141%2Fl2SWCyYX308B7Khio%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCED141%2Fl2SWCyYX308B7Khio%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: s2.symcb.com
URL专业沙箱检测 -> http://szcloud.baidu.com/swapp/cloudpkg?req_data=%7B%22supplyid%22%3A120%2C%22com%22%3A0%2C%22way%22%3A1%2C%22guid%22%3A%226abc17e94eaafb85d488bf5f1b2e82d9%22%2C%22time%22%3A%222016%2F05%2F23%22%2C%22cmd%22%3A%22101%22%7D 
GET /swapp/cloudpkg?req_data=%7B%22supplyid%22%3A120%2C%22com%22%3A0%2C%22way%22%3A1%2C%22guid%22%3A%226abc17e94eaafb85d488bf5f1b2e82d9%22%2C%22time%22%3A%222016%2F05%2F23%22%2C%22cmd%22%3A%22101%22%7D HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; QQPCMgr7.0)
Host: szcloud.baidu.com
URL专业沙箱检测 -> http://dl.sz.baidu.com/others/cloud_pkg/cloud_pkg_1442887721.dll 
GET /others/cloud_pkg/cloud_pkg_1442887721.dll HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; QQPCMgr7.0)
Host: dl.sz.baidu.com
URL专业沙箱检测 -> http://dr.cj.baidu.com/ 
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 235
Content-Type: application/octet-stream
Host: dr.cj.baidu.com
Keep-Alive: timeout=600,max=1000

\x00\x00\x00G\x00\x00\x08\x04\x10\x01\x18\x00" 6abc17e94eaafb85d488bf5f1b2e82d9(\x80\x80\x80\x80\xc0\xab\x80\x80\x032\x008\xca\x01@\x00H\x06P\x01X\x00`@\x82\x05\x03120\x00\x00\x00\x98\x06\xf4t&\xbc\x9c\x80\xf6\xb9\x7f\xb4M\x13\xf7\xc0\x95&Yj\xe4\xeb\x19\xb7 \xd144_gq\x1efy\x1f\xed?\xd7\xe3Y\xc7\xf1\xd9
\x14I\xcb\x95\x8aIo^s\x03\xe4\xb0\x01V\x8e\x99\xb8\xaa\x06\xa5&\xdb*\xb6\xef\xa1\xa0\x13\x1b\xf5g\xb7\x19`E\x97{\xf3\xf6Q+\xb7\x84Q\xf1\xdb\xa3\xe0\xb9`7qyE"F\xe4*\xbf4\x95)\x1bq\x9d\xcc\xe0}6X\x1bzIE\x92\x8d\x96[\xb8o\x90p0\xc2M0\x08^\xedn\x0c:\x0b\x99\x8b*+\xbb	\xc5\xce\x0eC\xd5w{\xa2\x85\x9f\xd7\x19
URL专业沙箱检测 -> http://szcloud.baidu.com/swapp/cloudpkg?req_data=%7B%22supplyid%22%3A120%2C%22com%22%3A0%2C%22way%22%3A1%2C%22guid%22%3A%226abc17e94eaafb85d488bf5f1b2e82d9%22%2C%22time%22%3A%222016%2F05%2F23%22%2C%22cmd%22%3A%22102%22%2C%22status%22%3A9%2C%22errorcode%22%3A0%7D 
GET /swapp/cloudpkg?req_data=%7B%22supplyid%22%3A120%2C%22com%22%3A0%2C%22way%22%3A1%2C%22guid%22%3A%226abc17e94eaafb85d488bf5f1b2e82d9%22%2C%22time%22%3A%222016%2F05%2F23%22%2C%22cmd%22%3A%22102%22%2C%22status%22%3A9%2C%22errorcode%22%3A0%7D HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; QQPCMgr7.0)
Host: szcloud.baidu.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
文件名 datareport.tmp
相关文件
C:\Users\test\AppData\Local\Temp\2932-70851594516773\datareport.tmp
文件大小 35 字节
文件类型 ASCII text, with no line terminators
MD5 da254b808f2e40cf0883113b413490ab
SHA1 a3db1355783019d9ccee5c2cee005dc4df4ef75c
SHA256 675d7d106268386c2c0b30a128b5259c8454ab97c7b2196cc48f36c1d18314a9
CRC32 92B5ECC6
Ssdeep 3:YGKAXmX0WAY:YGKAevR
下载提交魔盾安全分析显示文本 
{"code":0,"subcode":0,"message":""}
文件名 uninst.exe
相关文件
C:\Users\test\AppData\Local\Temp\BDWebAdapter\uninst.exe
C:\Users\test\AppData\Roaming\Baidu\BDWebAdapter\3.0.348.0\uninst.exe
文件大小 188440 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4eb5ab7fe70a40e4c0a971b4f034dc46
SHA1 d47f62f0adc9108d5087ff2b81790da9d9e764c8
SHA256 5280b10c0440cb22a1cef6a7750bbe465e8c0a866fe9fdc78c4e3898365e5797
CRC32 60D616E4
Ssdeep 3072:BweqOYEUXPnTY9HmoiouVKnXBAEfFPMkxXXZ3lSVnQdWqsLA0Vpr9vpgPDl:2EUXbY9HmvvVSBJx53kVnQd/yV3vpgDl
下载提交魔盾安全分析
文件名 BDWebAdapterSvc.exe
相关文件
C:\Users\test\AppData\Local\Temp\BDWebAdapter\BDWebAdapterSvc.exe
C:\Users\test\AppData\Roaming\Baidu\BDWebAdapter\3.0.348.0\BDWebAdapterSvc.exe
文件大小 1020536 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 9f9644ad815b73c26bf4398fba22c611
SHA1 895abfcadf046ba9e77f77321da3e3e08506e044
SHA256 1c11bc0873cf38772331abbbac7a080605bcfbbee8fde2a0baca0e5cf9e32757
CRC32 10C207E7
Ssdeep 24576:IW/2zQ2oEeseTwH9XPg1VHKX0RrmMQ2hyRuu:IHoEfeTwtPgfKMlhyRuu
Yara
  • Look for MD5 constants
下载提交魔盾安全分析
文件名 BDExMiniSpread.exe
相关文件
C:\Users\test\AppData\Local\Temp\BDWebAdapter\BDExMiniSpread.exe
C:\Users\test\AppData\Roaming\Baidu\BDWebAdapter\3.0.348.0\BDExMiniSpread.exe
文件大小 782616 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 04a9430b50583b9fd9654659a03f63eb
SHA1 97b7e90809b98f47320af1a9b62e32806277bf44
SHA256 0509b80c5e822a9722daf40213aad9320f6ad88af87985046a3843a02346c522
CRC32 2FE3952D
Ssdeep 12288:hEucGccpccUccL7cc2ccOcc9cc4hb43xu24omYFA048b8yfaKApNZ0428oVXV61A:hzcGccpccUccL7cc2ccOcc9cc4hb43xR
魔盾安全分析结果 10.0分析时间:2016-09-19 20:45:35查看分析报告
下载提交魔盾安全分析
文件名 BPUpdate.exe
相关文件
C:\Users\test\AppData\Local\Temp\BDWebAdapter\BPUpdate.exe
C:\Users\test\AppData\Roaming\Baidu\BDWebAdapter\3.0.348.0\BPUpdate.exe
文件大小 287352 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 d8e01b49f883ff6b8e644077ebcf9e8c
SHA1 8ee7fa08097a8ab057bcba8712b611d59ead94dd
SHA256 ee98e3f51548b81f4bbfd5e347b23b7c74c3bae7c1fe977ff931bbc706c01c08
CRC32 83D60FE5
Ssdeep 6144:wUHDsR+B+MxalzBKq7+XGOmmhYUCbXhA3yPsCiej7G:saraFBKqdONhfuXhA3yPsK6
Yara
下载提交魔盾安全分析
文件名 NetService.ini
相关文件
C:\Users\test\AppData\Local\Temp\BDWebAdapter\NetService.ini
C:\Users\test\AppData\Roaming\Baidu\BDWebAdapter\3.0.348.0\NetService.ini
文件大小 740 字节
文件类型 ASCII text, with CRLF line terminators
MD5 32273966888311a455c78e8fee6fae1e
SHA1 0b874de17f7a519ae4396c9c04dd538052c07d2d
SHA256 867768f43784615de226ef3062c9c8212441e3347bdabc3d81af0d1fe6e257e8
CRC32 24E80752
Ssdeep 12:Q7AweHK4yOUo1fFQ2lFGcbYKYMHxbh5RDA39A0:eAPqFqqMxt5py9A0
下载提交魔盾安全分析显示文本 
[ServiceUrl]
#RPC_SVC_SESSION_INIT
0=http://clinic.as.baidu.com
#RPC_SVC_HEART_BEAT
1=http://clinic.as.baidu.com[udp:80#tcp:80]
#RPC_SVC_UPDATE
2=http://clinic.as.baidu.com
#RPC_SVC_CONFIG
3=http://clinic.as.baidu.com
#RPC_SVC_DATA_REPORT
4=http://dr.cj.baidu.com
#RPC_SVC_BUG_REPORT
5=http://c.cj.baidu.com
#RPC_SVC_FILE_DISPATCH
6=http://clinic.as.baidu.com
#RPC_SVC_CHECK_GD
7=http://clinic.as.baidu.com
#RPC_SVC_CLOUD_FILE
10=http://clinic.as.baidu.com
#RPC_SVC_CLOUD_URL
11=http://clinic.as.baidu.com
#RPC_SVC_FILE_UPLOAD_QUERY
20=http://clinic.as.baidu.com
#RPC_SVC_SOFTWARE_MANAGE
101=http://clinic.as.baidu.com
102=http://clinic.as.baidu.com
#RPC_SVC_BDEBSOD_REPORT
17=http://c.x.baidu.com[udp:443#tcp:80]
文件名 BDWebAdapterZip.dll
相关文件
C:\Users\test\AppData\Local\Temp\BDWebAdapterZip.dll
文件大小 2251384 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 7de4596dd39c078472e3f880499a9caa
SHA1 7bf1c360a2923111416f2b3da467ec66a80618f6
SHA256 b823237c810f256b3468ef47ff2b2b9f812175957cb8d760f545e271c560c158
CRC32 59880990
Ssdeep 49152:M4prvZHgCzkY3Tc22W6y1A6bBOju2sKXBSXpyJrBMcYwc6sZpk:diCzr332uA69+4KXBSXpyJdMcYwc6uk
Yara
下载提交魔盾安全分析
文件名 BDExDownload.dll
相关文件
C:\Users\test\AppData\Local\Temp\BDWebAdapter\BDExDownload.dll
C:\Users\test\AppData\Roaming\Baidu\BDWebAdapter\3.0.348.0\BDExDownload.dll
文件大小 242296 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 f6a3f07ceebc325b8414fb9390bc52b8
SHA1 ecc2a06a4dea232c5e9ddfe0ca98918da4dd8d54
SHA256 b86d0a09537c0363a026005db1fd6fa03874d509c9dc6b4da2508f4e3b4bb337
CRC32 838000BA
Ssdeep 3072:G0/pE+1qqd/u0Lcp1fApGxsWwGN5R+yJY33KbuZ1+b7k4kn0rFHCQ4whF:J1lBu0LcEwgLQuPUon0RiQ4I
Yara
下载提交魔盾安全分析
文件名 BPUpdateDll.dll
相关文件
C:\Users\test\AppData\Local\Temp\BDWebAdapter\BPUpdateDll.dll
C:\Users\test\AppData\Roaming\Baidu\BDWebAdapter\3.0.348.0\BPUpdateDll.dll
文件大小 306296 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 5544925e0a1b8e2b780960901eb0910d
SHA1 c06f56dddc0ad9ef02cf8ed6fa157697dbeef9bb
SHA256 f22dec596aac3c12fbf944b31c1fa8c96a1674df0aa18263af3d620876db0df5
CRC32 70B40043
Ssdeep 6144:CTy+mSY9jpXZdqdiv3hHFJQMhqjTje0vsLHJ2LTBO0bJMXPV:CwxLVv3hDhqju0ELp+bqPV
Yara
  • Look for MD5 constants
下载提交魔盾安全分析
文件名 info.tmp
相关文件
C:\Users\test\AppData\Local\Temp\2932-70851594516773\info.tmp
文件大小 328 字节
文件类型 ASCII text, with very long lines, with no line terminators
MD5 75caf8835a04a654688cea89cdcb8355
SHA1 d1b8b6a2f05fd8cf1757714ffbbc6bce72fc726a
SHA256 0e968b13d07185d87c268cc614926ed650c64924c54778f20a63546874492f34
CRC32 BAC5B677
Ssdeep 6:YGKAev5T2S6W1qE7RMB/cBhZHGXMNhmHcRZlKtSLMB/cBrS79rbw61:YGKAev5T2S6yqcMB/cBhZWMNArSLMB/3
下载提交魔盾安全分析显示文本 
{"code":0,"subcode":0,"message":"","data":{"version":"3.0.348.0","pkg":"http:\/\/dl.sz.baidu.com\/others\/cloud_pkg\/install\/BDWebAdapterSetup_3.0.348.0.exe","pkg_md5":"64c4bbfa0f18ef7ac28541dbfc850086","dll":"http:\/\/dl.sz.baidu.com\/others\/cloud_pkg\/cloud_pkg_1442887721.dll","dll_md5":"7de4596dd39c078472e3f880499a9caa"}}
文件名 BDExIE.dll
相关文件
C:\Users\test\AppData\Roaming\Baidu\BDWebAdapter\3.0.348.0\BDEXIE.dll
C:\Users\test\AppData\Local\Temp\BDWebAdapter\BDExIE.dll
文件大小 490104 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 18e5a948938e27c8c7595a8f41422ef1
SHA1 1cc995aa5234810b94c17b13573400e57501d070
SHA256 1b2f63bbf76533e5d588e12bd1ee9c3ead71d784f2e265cb899c043482f3191c
CRC32 0E66EAFE
Ssdeep 12288:J3PW5xzymnXWMSX23HCJlmpGIKycuEII5at/mg/pAQUmouqD4GoW:nX/Vycud/iLn0G9
Yara
  • Look for MD5 constants
下载提交魔盾安全分析
文件名 Report.dll
相关文件
C:\Users\test\AppData\Local\Temp\BDWebAdapter\Report.dll
C:\Users\test\AppData\Roaming\Baidu\BDWebAdapter\3.0.348.0\Report.dll
文件大小 325752 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 3d352d629e13c1e2f9d60e024dbdd3b1
SHA1 f22a58965688efa4462917fd7eb2596f91ef1699
SHA256 64a7d927ccc86d35e0f5aef7fc704617f7a1d3e62f5760e9a9f86a670cc6134a
CRC32 EF7B5E0F
Ssdeep 6144:dQxbYWveQi2bDEGdCo8R5LCaNCaJ+SUb5a:dUbYWGDWDEGgo87JC+bUbk
Yara
下载提交魔盾安全分析
文件名 npBDExNP.dll
相关文件
C:\Users\test\AppData\Local\Temp\BDWebAdapter\npBDExNP.dll
C:\Users\test\AppData\Roaming\Baidu\BDWebAdapter\3.0.348.0\npBDExNP.dll
文件大小 443000 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 38bd2f0df7e888dc70f76a3dafff11b9
SHA1 4c7f075a6454a05a6bcbef48df77b57c5de1c0b0
SHA256 5953850af56f61a5cce7acdfb9467cbdcd3720c9bc2d968d5fd75499331e05f9
CRC32 1A605268
Ssdeep 6144:ZBtdhd181PLL4CZY12aFTT7cp42Q24U8p6ViJy5IKhwY3EMUsH0L:1dL181AH12aFIp4Pg8p6cgCgwZW0L
Yara
  • Look for MD5 constants
下载提交魔盾安全分析
文件名 bugreport.ini
相关文件
C:\Users\test\AppData\Local\Temp\BDWebAdapter\bugreport.ini
C:\Users\test\AppData\Roaming\Baidu\BDWebAdapter\3.0.348.0\bugreport.ini
文件大小 204 字节
文件类型 Little-endian UTF-16 Unicode text, with CRLF line terminators
MD5 c57ab5766dc467e2cb3153486e9d7d1a
SHA1 45f66193e1d36893784025c5f0b2d41f7e952243
SHA256 844312bb831aab897cee1733dde1696694e006f98a731595fab372f8bea5c369
CRC32 43E22D3F
Ssdeep 6:Q+8l+QklblARlhglJeHkc4lPAfld3lR2lCOp+pKQlIp:Q+8cKsay9Afld3z2UOp+pKQS
下载提交魔盾安全分析显示文本 
\xff\xfe[\x00C\x00r\x00a\x00s\x00h\x00R\x00e\x00p\x00o\x00r\x00t\x00]\x00
\x00
\x00I\x00n\x00t\x00e\x00r\x00e\x00s\x00t\x00i\x00n\x00g\x00M\x00o\x00d\x00u\x00l\x00e\x00s\x00=\x00B\x00D\x00E\x00x\x00I\x00E\x00.\x00d\x00l\x00l\x00;\x00B\x00D\x00E\x00x\x00N\x00P\x00.\x00d\x00l\x00l\x00
\x00
\x00T\x00i\x00t\x00l\x00e\x00=\x00
\x00
\x00A\x00l\x00w\x00a\x00y\x00s\x00S\x00i\x00l\x00e\x00n\x00c\x00e\x00=\x00t\x00r\x00u\x00e\x00
\x00
\x00I\x00c\x00o\x00n\x00=\x00l\x00o\x00g\x00o\x00_\x006\x004\x00.\x00i\x00c\x00o\x00
文件名 Protocol.dll
相关文件
C:\Users\test\AppData\Local\Temp\BDWebAdapter\Protocol.dll
C:\Users\test\AppData\Roaming\Baidu\BDWebAdapter\3.0.348.0\Protocol.dll
文件大小 684152 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 1fd6ddf1ea87b3f39b8baa0ae9e8ff81
SHA1 c61655b85623d0ccce66b7135135c41965f1fa55
SHA256 4ddee01f4d3222ff77a52457686e474457a1e9e196f53ce33562530ae2e7d2de
CRC32 B377DE8D
Ssdeep 12288:dnu4XalnY1MzILfPDMw/M4glX1vMsIsFk7isaV5gs1q3TOTvqKq3Lt6Fd:h7XaM//onL+7MV5gso3TYv3qbQd
Yara
  • Look for MD5 constants
下载提交魔盾安全分析
文件名 WebAdapter.7z
相关文件
C:\Users\test\AppData\Local\Temp\BDWebAdapter\WebAdapter.7z
文件大小 1887409 字节
文件类型 7-zip archive data, version 0.3
MD5 aeea89d0498d359a12d2a18b43268d73
SHA1 bb98f97894c4a886c2bea59e383d03e01a4f83ec
SHA256 c36b362ded2bea0eb2041d7bb9c3c03c5e44cc46487d4d164b06b09974461be0
CRC32 E2F15599
Ssdeep 49152:TCzkY3Tc22W6y1A6bBOju2sKXBSXpyJrBMcYwc6sZp6:TCzr332uA69+4KXBSXpyJdMcYwc6u6
下载提交魔盾安全分析
文件名 BDBugReport.exe
相关文件
C:\Users\test\AppData\Local\Temp\BDWebAdapter\BDBugReport.exe
C:\Users\test\AppData\Roaming\Baidu\BDWebAdapter\3.0.348.0\BDBugReport.exe
文件大小 367736 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 0c867afa37f6bb770f24f5dc8f4be90c
SHA1 896a208c878815f0e09e6aeec10e9ac76f288f27
SHA256 ddd6850103c8295e0d30b59047278f79baf1bf0ada0a3e7b311e9cb2d9ee1cf3
CRC32 2E1A155C
Ssdeep 6144:Mu0RCnznmkihXW3EGUhFKS2rgQpZGKSNFsTBqC7zrKsi1x:dZznm3XWuhFK3rLpYKYFsTsCXS1x
Yara
  • Look for MD5 constants
下载提交魔盾安全分析
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 198.707 seconds )

  • 188.486 NetworkAnalysis
  • 4.601 Dropped
  • 1.747 VirusTotal
  • 1.552 BehaviorAnalysis
  • 1.171 Static
  • 0.565 peid
  • 0.318 TargetInfo
  • 0.176 Debug
  • 0.048 Strings
  • 0.024 AnalysisInfo
  • 0.015 config_decoder
  • 0.002 Memory
  • 0.002 ProcessMemory

Signatures ( 0.47 seconds )

  • 0.063 stealth_timeout
  • 0.046 antiav_detectreg
  • 0.022 injection_createremotethread
  • 0.018 antivm_generic_disk
  • 0.017 bootkit
  • 0.017 persistence_autorun
  • 0.017 infostealer_ftp
  • 0.014 injection_runpe
  • 0.014 virus
  • 0.013 mimics_filetime
  • 0.013 stealth_file
  • 0.012 reads_self
  • 0.012 antiav_detectfile
  • 0.01 sets_autoconfig_url
  • 0.01 vawtrak_behavior
  • 0.01 antianalysis_detectreg
  • 0.01 antivm_vbox_files
  • 0.01 infostealer_im
  • 0.009 process_interest
  • 0.008 tinba_behavior
  • 0.007 infostealer_bitcoin
  • 0.007 infostealer_mail
  • 0.007 ransomware_files
  • 0.006 geodo_banking_trojan
  • 0.006 disables_browser_warn
  • 0.006 md_domain_bl
  • 0.005 antiemu_wine_func
  • 0.005 betabot_behavior
  • 0.005 browser_security
  • 0.004 antivm_generic_scsi
  • 0.004 disables_wfp
  • 0.004 process_needed
  • 0.004 modify_proxy
  • 0.004 network_torgateway
  • 0.003 stealth_network
  • 0.003 browser_addon
  • 0.002 banker_prinimalka
  • 0.002 hawkeye_behavior
  • 0.002 infostealer_browser
  • 0.002 network_anomaly
  • 0.002 antivm_generic_services
  • 0.002 antivm_vbox_libs
  • 0.002 kibex_behavior
  • 0.002 shifu_behavior
  • 0.002 disables_system_restore
  • 0.002 modify_uac_prompt
  • 0.002 network_http
  • 0.002 stealth_hiddenreg
  • 0.001 network_tor
  • 0.001 antiav_avast_libs
  • 0.001 disables_spdy
  • 0.001 kazybot_behavior
  • 0.001 antidbg_windows
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_vmware_files
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 darkcomet_regkeys
  • 0.001 md_url_bl
  • 0.001 modify_security_center_warnings
  • 0.001 network_cnc_http
  • 0.001 office_security
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_fingerprint
  • 0.001 stealth_hide_notifications

Reporting ( 1.911 seconds )

  • 1.267 ReportPDF
  • 0.627 ReportHTMLSummary
  • 0.017 Malheur
Task ID 18456
Mongo ID 57dfdf594d3bd0391814f328
Cuckoo release 1.4-Maldun