分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp01-1 | 2018-09-21 00:00:23 | 2018-09-21 00:02:45 | 142 秒 |
魔盾分数
4.65
可疑的
文件详细信息
| 文件名 | 生成强制添加指定Q友Q群.exe |
|---|---|
| 文件大小 | 1769472 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 739dfaed00671d8ad55cec89f3b85c1a |
| SHA1 | ea95f8ee562c7f770b077555a2306dab7d50e114 |
| SHA256 | 6b840aeb1e778d50d3e1141019667d9dadbfcec1a1075d420b5eabfca900d65f |
| SHA512 | 750fe136dabcdf889e643ef5baad7e2dcccb6bab4204d6583be320a614864967f80d1b6cfebac6becf0391af1a3145b875a054b451a2a372b8c2a7572b54f792 |
| CRC32 | 1C9B4E0E |
| Ssdeep | 24576:cevl4WjXoeELccX8hMTl082bK5zDSXn500FcwQgVWw9nUAsO79c2YjDRD5rK:cQlAeEgfqy82G5zDSXn5X/V1UA7hYj/K |
| Yara | 登录查看Yara规则 |
| 样本下载 提交漏报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x00474266 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x001b43ec |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2018-09-20 22:45:55 |
| 载入哈希 | 7cc0efd3e1c8f987a31155dc9ed35d97 |
| 图标 |  |
| 图标精确哈希值 | 94fc3d943f388558f11dd214962eed35 |
| 图标相似性哈希值 | 894efc0a34e8b1f7c32ff321345f840e |
版本信息
| LegalCopyright | |
|---|---|
| FileVersion | |
| CompanyName | |
| Comments | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x0009407e | 0x00095000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.55 |
| .rdata | 0x00096000 | 0x000fe858 | 0x000ff000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.45 |
| .data | 0x00195000 | 0x0005132a | 0x00014000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.94 |
| .rsrc | 0x001e7000 | 0x00006100 | 0x00007000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.30 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| TEXTINCLUDE | 0x001e7c18 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| TEXTINCLUDE | 0x001e7c18 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| TEXTINCLUDE | 0x001e7c18 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| RT_CURSOR | 0x001e8108 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_CURSOR | 0x001e8108 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_CURSOR | 0x001e8108 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_CURSOR | 0x001e8108 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_BITMAP | 0x001e997c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x001e997c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x001e997c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x001e997c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x001e997c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x001e997c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x001e997c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x001e997c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x001e997c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x001e997c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x001e997c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x001e997c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x001e997c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x001e997c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x001e997c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_ICON | 0x001e9ed0 | 0x000010a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.84 | data |
| RT_ICON | 0x001e9ed0 | 0x000010a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.84 | data |
| RT_ICON | 0x001e9ed0 | 0x000010a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.84 | data |
| RT_MENU | 0x001eaf84 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
| RT_MENU | 0x001eaf84 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
| RT_DIALOG | 0x001ec1cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x001ec1cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x001ec1cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x001ec1cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x001ec1cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x001ec1cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x001ec1cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x001ec1cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x001ec1cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x001ec1cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_STRING | 0x001ecc14 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x001ecc14 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x001ecc14 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x001ecc14 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x001ecc14 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x001ecc14 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x001ecc14 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x001ecc14 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x001ecc14 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x001ecc14 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x001ecc14 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_GROUP_CURSOR | 0x001ecc60 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x001ecc60 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x001ecc60 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_ICON | 0x001eccac | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_GROUP_ICON | 0x001eccac | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_GROUP_ICON | 0x001eccac | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_VERSION | 0x001eccc0 | 0x00000270 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.36 | data |
| RT_MANIFEST | 0x001ecf30 | 0x000001cd | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.08 | XML 1.0 document, ASCII text, with very long lines, with no line terminators |
导入
库: WINMM.dll:
• 0x496624 waveOutUnprepareHeader
• 0x496628 waveOutPrepareHeader
• 0x49662c waveOutWrite
• 0x496630 waveOutPause
• 0x496634 waveOutReset
• 0x496638 waveOutClose
• 0x49663c waveOutGetNumDevs
• 0x496640 waveOutOpen
• 0x496644 midiOutUnprepareHeader
• 0x496648 midiStreamOpen
• 0x49664c midiStreamProperty
• 0x496650 midiOutPrepareHeader
• 0x496654 midiStreamOut
• 0x496658 midiStreamStop
• 0x49665c midiOutReset
• 0x496660 midiStreamClose
• 0x496664 midiStreamRestart
库: WS2_32.dll:
• 0x49667c getpeername
• 0x496680 accept
• 0x496684 ioctlsocket
• 0x496688 inet_ntoa
• 0x49668c WSAStartup
• 0x496690 recvfrom
• 0x496694 WSAAsyncSelect
• 0x496698 closesocket
• 0x49669c recv
• 0x4966a0 WSACleanup
• 0x4966a4 select
• 0x4966a8 send
库: KERNEL32.dll:
• 0x496180 MultiByteToWideChar
• 0x496184 SetLastError
• 0x496188 GetTimeZoneInformation
• 0x49618c GetVersion
• 0x496190 FileTimeToSystemTime
• 0x496194 WideCharToMultiByte
• 0x496198 IsBadCodePtr
• 0x49619c IsBadReadPtr
• 0x4961a0 CompareStringW
• 0x4961a4 CompareStringA
• 0x4961a8 GetStringTypeW
• 0x4961ac GetStringTypeA
• 0x4961b0 SetUnhandledExceptionFilter
• 0x4961b4 IsBadWritePtr
• 0x4961b8 VirtualAlloc
• 0x4961bc LCMapStringW
• 0x4961c0 LCMapStringA
• 0x4961c4 SetEnvironmentVariableA
• 0x4961c8 VirtualFree
• 0x4961cc HeapCreate
• 0x4961d0 HeapDestroy
• 0x4961d4 GetEnvironmentVariableA
• 0x4961d8 GetStdHandle
• 0x4961dc SetHandleCount
• 0x4961e0 GetEnvironmentStringsW
• 0x4961e4 GetEnvironmentStrings
• 0x4961e8 FreeEnvironmentStringsW
• 0x4961ec FreeEnvironmentStringsA
• 0x4961f0 UnhandledExceptionFilter
• 0x4961f4 GetFileType
• 0x4961f8 SetStdHandle
• 0x4961fc GetACP
• 0x496200 HeapSize
• 0x496204 RaiseException
• 0x496208 GetLocalTime
• 0x49620c GetSystemTime
• 0x496210 RtlUnwind
• 0x496214 GetStartupInfoA
• 0x496218 GetOEMCP
• 0x49621c GetCPInfo
• 0x496220 GetProcessVersion
• 0x496224 SetErrorMode
• 0x496228 GlobalFlags
• 0x49622c GetCurrentThread
• 0x496230 GetFileTime
• 0x496234 TlsGetValue
• 0x496238 LocalReAlloc
• 0x49623c TlsSetValue
• 0x496240 TlsFree
• 0x496244 GlobalHandle
• 0x496248 TlsAlloc
• 0x49624c LocalAlloc
• 0x496250 lstrcmpA
• 0x496254 GlobalGetAtomNameA
• 0x496258 GlobalAddAtomA
• 0x49625c GlobalFindAtomA
• 0x496260 GlobalDeleteAtom
• 0x496264 lstrcmpiA
• 0x496268 SetEndOfFile
• 0x49626c UnlockFile
• 0x496270 LockFile
• 0x496274 FlushFileBuffers
• 0x496278 DuplicateHandle
• 0x49627c lstrcpynA
• 0x496280 FileTimeToLocalFileTime
• 0x496284 LocalFree
• 0x496288 InterlockedDecrement
• 0x49628c InterlockedIncrement
• 0x496290 CloseHandle
• 0x496294 WaitForSingleObject
• 0x496298 GetTickCount
• 0x49629c GetCommandLineA
• 0x4962a0 MulDiv
• 0x4962a4 GetProcAddress
• 0x4962a8 GetModuleHandleA
• 0x4962ac GetVolumeInformationA
• 0x4962b0 SetCurrentDirectoryA
• 0x4962b4 GetFileAttributesA
• 0x4962b8 FindClose
• 0x4962bc FindFirstFileA
• 0x4962c0 GlobalUnlock
• 0x4962c4 InterlockedExchange
• 0x4962c8 GlobalLock
• 0x4962cc GlobalAlloc
• 0x4962d0 Sleep
• 0x4962d4 CreateEventA
• 0x4962d8 CreateThread
• 0x4962dc WritePrivateProfileStringA
• 0x4962e0 GetVersionExA
• 0x4962e4 GetLastError
• 0x4962e8 LoadLibraryA
• 0x4962ec FreeLibrary
• 0x4962f0 GetFullPathNameA
• 0x4962f4 HeapAlloc
• 0x4962f8 TerminateProcess
• 0x4962fc GetCurrentProcess
• 0x496300 GetFileSize
• 0x496304 SetFilePointer
• 0x496308 CreateSemaphoreA
• 0x49630c ResumeThread
• 0x496310 ReleaseSemaphore
• 0x496314 EnterCriticalSection
• 0x496318 LeaveCriticalSection
• 0x49631c GetProfileStringA
• 0x496320 WriteFile
• 0x496324 ReadFile
• 0x496328 WaitForMultipleObjects
• 0x49632c CreateFileA
• 0x496330 SetEvent
• 0x496334 FindResourceA
• 0x496338 LoadResource
• 0x49633c LockResource
• 0x496340 GetModuleFileNameA
• 0x496344 GetCurrentThreadId
• 0x496348 ExitProcess
• 0x49634c GlobalSize
• 0x496350 GlobalFree
• 0x496354 DeleteCriticalSection
• 0x496358 InitializeCriticalSection
• 0x49635c lstrcatA
• 0x496360 lstrlenA
• 0x496364 WinExec
• 0x496368 lstrcpyA
• 0x49636c FindNextFileA
• 0x496370 GlobalReAlloc
• 0x496374 HeapFree
• 0x496378 HeapReAlloc
• 0x49637c GetProcessHeap
库: USER32.dll:
• 0x4963ac EnableMenuItem
• 0x4963b0 UnregisterClassA
• 0x4963b4 TranslateAcceleratorA
• 0x4963b8 GetSysColorBrush
• 0x4963bc ClientToScreen
• 0x4963c0 EnumDisplaySettingsA
• 0x4963c4 GetSubMenu
• 0x4963c8 GetDlgCtrlID
• 0x4963cc CreateAcceleratorTableA
• 0x4963d0 CreateMenu
• 0x4963d4 ModifyMenuA
• 0x4963d8 AppendMenuA
• 0x4963dc CreatePopupMenu
• 0x4963e0 DrawIconEx
• 0x4963e4 CreateIconFromResource
• 0x4963e8 CreateIconFromResourceEx
• 0x4963ec RegisterClipboardFormatA
• 0x4963f0 SetRectEmpty
• 0x4963f4 DispatchMessageA
• 0x4963f8 GetMessageA
• 0x4963fc WindowFromPoint
• 0x496400 DrawFocusRect
• 0x496404 LoadImageA
• 0x496408 SystemParametersInfoA
• 0x49640c DrawEdge
• 0x496410 ShowWindow
• 0x496414 DrawFrameControl
• 0x496418 LoadIconA
• 0x49641c TranslateMessage
• 0x496420 GetDesktopWindow
• 0x496424 GetClassNameA
• 0x496428 GetDlgItem
• 0x49642c FindWindowExA
• 0x496430 GetWindowTextA
• 0x496434 SetWindowTextA
• 0x496438 GetForegroundWindow
• 0x49643c IsWindowEnabled
• 0x496440 GetKeyState
• 0x496444 CopyAcceleratorTableA
• 0x496448 PostQuitMessage
• 0x49644c LoadStringA
• 0x496450 GetMenuCheckMarkDimensions
• 0x496454 GetMenuState
• 0x496458 SetMenuItemBitmaps
• 0x49645c CheckMenuItem
• 0x496460 MoveWindow
• 0x496464 IsDialogMessageA
• 0x496468 ScrollWindowEx
• 0x49646c SendDlgItemMessageA
• 0x496470 MapWindowPoints
• 0x496474 AdjustWindowRectEx
• 0x496478 GetScrollPos
• 0x49647c RegisterClassA
• 0x496480 GetMenuItemCount
• 0x496484 GetMenuItemID
• 0x496488 CreateWindowExA
• 0x49648c SetWindowsHookExA
• 0x496490 CallNextHookEx
• 0x496494 GetClassLongA
• 0x496498 SetPropA
• 0x49649c UnhookWindowsHookEx
• 0x4964a0 GetPropA
• 0x4964a4 IsZoomed
• 0x4964a8 GetClassInfoA
• 0x4964ac DefWindowProcA
• 0x4964b0 GetSystemMenu
• 0x4964b4 DeleteMenu
• 0x4964b8 GetMenu
• 0x4964bc SetMenu
• 0x4964c0 PeekMessageA
• 0x4964c4 IsIconic
• 0x4964c8 SetFocus
• 0x4964cc GetActiveWindow
• 0x4964d0 GetWindow
• 0x4964d4 DestroyAcceleratorTable
• 0x4964d8 SetWindowRgn
• 0x4964dc GetMessagePos
• 0x4964e0 ScreenToClient
• 0x4964e4 ChildWindowFromPointEx
• 0x4964e8 CopyRect
• 0x4964ec LoadBitmapA
• 0x4964f0 WinHelpA
• 0x4964f4 KillTimer
• 0x4964f8 SetTimer
• 0x4964fc ReleaseCapture
• 0x496500 GetCapture
• 0x496504 SetCapture
• 0x496508 GetScrollRange
• 0x49650c SetScrollRange
• 0x496510 SetScrollPos
• 0x496514 SetRect
• 0x496518 InflateRect
• 0x49651c IntersectRect
• 0x496520 DestroyIcon
• 0x496524 PtInRect
• 0x496528 OffsetRect
• 0x49652c IsWindowVisible
• 0x496530 EnableWindow
• 0x496534 RedrawWindow
• 0x496538 GetWindowLongA
• 0x49653c SetWindowLongA
• 0x496540 GetSysColor
• 0x496544 SetActiveWindow
• 0x496548 SetCursorPos
• 0x49654c LoadCursorA
• 0x496550 SetCursor
• 0x496554 GetDC
• 0x496558 FillRect
• 0x49655c IsRectEmpty
• 0x496560 ReleaseDC
• 0x496564 IsChild
• 0x496568 DestroyMenu
• 0x49656c SetForegroundWindow
• 0x496570 GetWindowRect
• 0x496574 EqualRect
• 0x496578 UpdateWindow
• 0x49657c ValidateRect
• 0x496580 InvalidateRect
• 0x496584 GetClientRect
• 0x496588 GetFocus
• 0x49658c GetParent
• 0x496590 GetTopWindow
• 0x496594 PostMessageA
• 0x496598 IsWindow
• 0x49659c SetParent
• 0x4965a0 DestroyCursor
• 0x4965a4 SendMessageA
• 0x4965a8 SetWindowPos
• 0x4965ac MessageBoxA
• 0x4965b0 GetCursorPos
• 0x4965b4 GetSystemMetrics
• 0x4965b8 EmptyClipboard
• 0x4965bc SetClipboardData
• 0x4965c0 OpenClipboard
• 0x4965c4 GetClipboardData
• 0x4965c8 CloseClipboard
• 0x4965cc wsprintfA
• 0x4965d0 GetWindowTextLengthA
• 0x4965d4 CharUpperA
• 0x4965d8 GetWindowDC
• 0x4965dc BeginPaint
• 0x4965e0 EndPaint
• 0x4965e4 TabbedTextOutA
• 0x4965e8 DrawTextA
• 0x4965ec GrayStringA
• 0x4965f0 DestroyWindow
• 0x4965f4 CreateDialogIndirectParamA
• 0x4965f8 EndDialog
• 0x4965fc GetNextDlgTabItem
• 0x496600 GetWindowPlacement
• 0x496604 RegisterWindowMessageA
• 0x496608 GetLastActivePopup
• 0x49660c GetMessageTime
• 0x496610 RemovePropA
• 0x496614 CallWindowProcA
库: GDI32.dll:
• 0x496034 RectVisible
• 0x496038 PtVisible
• 0x49603c SaveDC
• 0x496040 RestoreDC
• 0x496044 SetBkMode
• 0x496048 SetPolyFillMode
• 0x49604c SetROP2
• 0x496050 SetTextColor
• 0x496054 SetMapMode
• 0x496058 TextOutA
• 0x49605c ExtTextOutA
• 0x496060 Escape
• 0x496064 SetViewportOrgEx
• 0x496068 GetTextMetricsA
• 0x49606c OffsetViewportOrgEx
• 0x496070 SetViewportExtEx
• 0x496074 ScaleViewportExtEx
• 0x496078 SetWindowOrgEx
• 0x49607c SetWindowExtEx
• 0x496080 ScaleWindowExtEx
• 0x496084 GetClipBox
• 0x496088 ExcludeClipRect
• 0x49608c MoveToEx
• 0x496090 LineTo
• 0x496094 ExtSelectClipRgn
• 0x496098 CreateEllipticRgn
• 0x49609c SetBkColor
• 0x4960a0 CreateRectRgnIndirect
• 0x4960a4 SetStretchBltMode
• 0x4960a8 GetClipRgn
• 0x4960ac CreatePolygonRgn
• 0x4960b0 SelectClipRgn
• 0x4960b4 DeleteObject
• 0x4960b8 CreateDIBitmap
• 0x4960bc GetSystemPaletteEntries
• 0x4960c0 CreatePalette
• 0x4960c4 StretchBlt
• 0x4960c8 SelectPalette
• 0x4960cc RealizePalette
• 0x4960d0 GetDIBits
• 0x4960d4 GetWindowExtEx
• 0x4960d8 GetViewportOrgEx
• 0x4960dc GetWindowOrgEx
• 0x4960e0 BeginPath
• 0x4960e4 EndPath
• 0x4960e8 PathToRegion
• 0x4960ec GetViewportExtEx
• 0x4960f0 CreateRoundRectRgn
• 0x4960f4 GetTextColor
• 0x4960f8 GetBkMode
• 0x4960fc GetBkColor
• 0x496100 GetROP2
• 0x496104 GetStretchBltMode
• 0x496108 GetPolyFillMode
• 0x49610c CreateCompatibleBitmap
• 0x496110 CreateDCA
• 0x496114 CreateBitmap
• 0x496118 SelectObject
• 0x49611c CreatePen
• 0x496120 PatBlt
• 0x496124 CombineRgn
• 0x496128 CreateRectRgn
• 0x49612c FillRgn
• 0x496130 CreateSolidBrush
• 0x496134 CreateFontIndirectA
• 0x496138 GetStockObject
• 0x49613c GetObjectA
• 0x496140 EndPage
• 0x496144 EndDoc
• 0x496148 DeleteDC
• 0x49614c StartDocA
• 0x496150 StartPage
• 0x496154 BitBlt
• 0x496158 CreateCompatibleDC
• 0x49615c Ellipse
• 0x496160 Rectangle
• 0x496164 LPtoDP
• 0x496168 DPtoLP
• 0x49616c GetCurrentObject
• 0x496170 RoundRect
• 0x496174 GetTextExtentPoint32A
• 0x496178 GetDeviceCaps
库: ADVAPI32.dll:
• 0x496000 RegCloseKey
• 0x496004 RegOpenKeyExA
• 0x496008 RegSetValueExA
• 0x49600c RegQueryValueA
• 0x496010 RegCreateKeyExA
库: COMCTL32.dll:
• 0x496018 ImageList_GetImageCount
• 0x49601c ImageList_SetBkColor
• 0x496020 None
• 0x496024 ImageList_Destroy
• 0x496028 ImageList_Duplicate
• 0x49602c ImageList_Read
库: WININET.dll:
• 0x49661c InternetCloseHandle
库: comdlg32.dll:
• 0x4966b0 GetOpenFileNameA
• 0x4966b4 GetSaveFileNameA
• 0x4966b8 ChooseFontA
• 0x4966bc GetFileTitleA
• 0x4966c0 ChooseColorA
.text
`.rdata
@.data
.rsrc
8`}<j
T$hVj
DRQPj
T$|Vj
F<|#X
D$<p#X
T$th
|$LVj
Flp#X
|$`Vj
F<@'X
F<H'X
D$@Sj
L$8h
F4 (X
D$8Rj
l$<VWj
T$ Rj
L$4S+L$0Qj
jjjjh
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 14.064 seconds )
- 7.41 Suricata
- 4.008 TargetInfo
- 1.595 Static
- 0.325 peid
- 0.277 BehaviorAnalysis
- 0.224 NetworkAnalysis
- 0.205 AnalysisInfo
- 0.012 Strings
- 0.004 config_decoder
- 0.002 Debug
- 0.002 Memory
Signatures ( 0.191 seconds )
- 0.024 antiav_detectreg
- 0.015 stealth_timeout
- 0.012 api_spamming
- 0.011 md_url_bl
- 0.01 decoy_document
- 0.01 infostealer_ftp
- 0.007 antiav_detectfile
- 0.006 persistence_autorun
- 0.006 infostealer_im
- 0.005 antiemu_wine_func
- 0.005 antivm_vbox_libs
- 0.005 antianalysis_detectreg
- 0.005 md_domain_bl
- 0.005 ransomware_files
- 0.004 kovter_behavior
- 0.004 infostealer_bitcoin
- 0.004 infostealer_mail
- 0.004 md_bad_drop
- 0.004 ransomware_extensions
- 0.003 infostealer_browser_password
- 0.003 antidbg_windows
- 0.003 antivm_vbox_files
- 0.003 disables_browser_warn
- 0.002 rat_nanocore
- 0.002 antiav_avast_libs
- 0.002 tinba_behavior
- 0.002 exec_crash
- 0.002 cerber_behavior
- 0.002 geodo_banking_trojan
- 0.002 browser_security
- 0.001 antivm_vmware_libs
- 0.001 betabot_behavior
- 0.001 antisandbox_sunbelt_libs
- 0.001 antisandbox_sboxie_libs
- 0.001 antiav_bitdefender_libs
- 0.001 kibex_behavior
- 0.001 antivm_generic_scsi
- 0.001 ursnif_behavior
- 0.001 antivm_generic_diskreg
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 modify_proxy
- 0.001 darkcomet_regkeys
- 0.001 disables_system_restore
- 0.001 modify_uac_prompt
Reporting ( 0.049 seconds )
- 0.049 Malheur
| Task ID | 189269 |
|---|---|
| Mongo ID | 5ba3c4b4bb7d574000e2febd |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号