魔盾安全分析报告 分析类型 开始时间 结束时间 持续时间 分析引擎版本 FILE :02: :04: 秒 1.4-Maldun 虚拟机机器名 标签 虚拟机管理 开机时间 关机时间 win7-sp1-x64-1 win7-sp1-x6

Tài liệu tương tự
CHÍNH PHỦ CỘNG HÒA XÃ HỘI CHỦ NGHĨA VIỆT NAM 政府越南社會主義共和國 Độc lập - Tự do - Hạnh phúc 獨立 - 自由 - 幸福 Số 編號 : 118/2015/NĐ-CP Hà Nộ

2018千字冲关初级组词汇_拼音_B字库

GIAO DỊCH TRỰC TUYẾN TRÊN VNCS HOME TRADING VNCS HOME TRADING 越南建设证券股票交易系统网页版

越南經濟展望與對美中貿易情勢之觀察 TRIỂN VỌNG KINH TẾ VIỆT NAM VÀ NHÌN NHẬN QUAN SÁT  TÌNH HÌNH THƯƠNG MẠI MỸ - TRUNG

<4D F736F F D20B4B6B371B8DCAED5B6E9A5CEBB792E646F63>

BẢN TIN NGHIỆP VỤ THÁNG 6 NĂM 2018 A. VĂN BẢN PHÁP QUY MỚI BAN HÀNH QUỐC HỘI 1. Luật số 23/2018/QH14 ngày 12 tháng 06 năm 2018 Luật cạnh tranh - Luật

Microsoft Word - 千字冲关词汇B_2015_拼音.doc

LOVE

2018千字冲关中级组词汇_拼音_B字库+C字库

BÀI SỐ 7

南加州中文學校聯合會 2015 年詩詞朗誦比賽題目 組別 : 個人組詩詞朗讀 : 幼稚組 初小組 初級組 中級組 高級組 特別甲組 特別乙組 幼稚組及初小組參賽學生, 可不拿稿, 並可以用恰當的手勢或動作輔助表達, 但以自然, 不做作為原則 ; 其餘各組參賽學生必須雙手持著內夾詩詞文稿的講義夾朗誦

cí yǔ 18~24 个月 - 词语 cǎo méi 草莓 bēi zi 杯子 huǒ chē tóu 火车头 tǒng 桶 chǎn zi 铲子 yè zi 叶子 wán jù 玩具 qì qiú 气球 huǒ chē tóu 火车头 qiú 球 sān lún chē 三轮车 shén me

ÔN TẬP CUỐI HỌC KỲ 5 NĂM 3 KHÓA IV KHOA ĐTTX Môn: Hán cổ (phiên âm Hán Việt và dịch nghĩa) 1/ 河中兩舟, 一去一來 去舟風順, 桅上掛帆, 其行速 來舟風逆, 以槳撥水, 其行緩 Hà trung lưỡn

大藏经简体拼音版

亲爱的旅客 : qīn ài de lǚ kè : 我们已随机随机选定您为定您为这项这项调查调查的对象对象 A...S...Q. Airport Service Quality wǒ men yǐ suí jī xuǎn dìng nín wèi zhè xiàng tiáo chá de duì

僧祐录云安公录中失译师名今附西晋录 南無本師釋迦牟尼佛

Bản ghi:

魔盾安全分析报告 分析类型 开始时间 结束时间 持续时间 分析引擎版本 FILE 2016-05-28 15:02:07 2016-05-28 15:04:37 150 秒 1.4-Maldun 虚拟机机器名 标签 虚拟机管理 开机时间 关机时间 win7-sp1-x64-1 win7-sp1-x64-1 KVM 2016-05-28 15:02:07 2016-05-28 15:04:35 魔盾分数 2.0 正常的 文件详细信息 文件名 文件大小 文件类型 CRC32 MD5 SHA1 SHA256 SHA512 Ssdeep PEiD Yara VirusTotal mini_unzip_dll.dll 12288 字节 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows EF66FDC9 af48201876a0884ec4134727a29e25e4 983b36023146b087880acc8b8cd090a3953610b6 ebd9ef2ae0cca83d73627b10f9ea9863d930c86881cca0a6648cc4791ea08c2c caa317834b2013ce10e0343915d1876329e217aa91d5c1511bc29dc2272060a7acce9dfaf85813b38e6fcdb483e313ac36b0ba85a90 6ea2d74ae16cdfdf38d3e 192:VhCrIjTTN9SXPbIWEWNYYranD2p+k8Me9x3o/aZfdx783+gFVsl7/eHwePayLsh2:aRXPJErRrmGxtgG7/lWICT 无匹配 无 Yara 规则匹配 VirusTotal 链接 VirusTotal 扫描时间 : 2016-03-24 16:41:17 扫描结果 : 0/56 特征 检测到网络活动但没有显示在 API 日志中 运行截图 网络分析 域名解析 域名 响应 dns.msftncsi.com A 131.107.255.255 dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 UDP 连接 IP 地址 端口

192.168.122.255 138 192.168.122.69 53197 224.0.0.252 5355 239.255.255.250 1900 40.118.103.7 123 静态分析 PE 信息 初始地址 入口地址 声明校验值 实际校验值 0x10000000 0x10002c1c 0x00000000 0x0000f73a 最低操作系统版本要求 4.0 PDB 路径 e:\svn_root\download_lib\dl_common\utility\mini_unzip\release\mini_unzip_dll.pdb 编译时间 2011-06-11 17:43:28 导出 DLL 库名称 mini_unzip_dll.dll PE 数据组成 名称 虚拟地址 虚拟大小 原始数据大小 特征 熵 (Entropy).text 0x00001000 0x00001ee8 0x00002000 IMAGE_SCN_CNT_CODE IMAGE_SCN_MEM_EXECUTE IMAGE_SCN_MEM_READ 6.32.rdata 0x00003000 0x00000684 0x00000800 IMAGE_SCN_CNT_INITIALIZED_DATA IMAGE_SCN_MEM_READ 4.25.data 0x00004000 0x0000002c 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA IMAGE_SCN_MEM_READ IMAGE_SCN_MEM_WRITE 0.14.reloc 0x00005000 0x00000190 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA IMAGE_SCN_MEM_DISCARDABLE IMAGE_SCN_MEM_READ 4.62 导入 库 zlib1.dll: 0x100030a8 - inflateinit2_ 0x100030ac - get_crc_table 0x100030b0 - inflateend 0x100030b4 - inflate 0x100030b8 - crc32 库 KERNEL32.dll: 0x10003000 - ExitProcess 0x10003004 - GetSystemTimeAsFileTime 0x10003008 - GetCurrentProcessId 0x1000300c - GetCurrentThreadId 0x10003010 - GetTickCount 0x10003014 - QueryPerformanceCounter 0x10003018 - CloseHandle 0x1000301c - SetFileTime 0x10003020 - LocalFileTimeToFileTime 0x10003024 - DosDateTimeToFileTime 0x10003028 - GetFileTime 0x1000302c - CreateFileA 0x10003030 - GetLastError 0x10003034 - ReadFile 0x10003038 - WriteFile 0x1000303c - SetFilePointer

库 MSVCR71.dll: 0x10003044 - free 0x10003048 - _errno 0x1000304c - strcpy 0x10003050 - malloc 0x10003054 - strlen 0x10003058 - exit 0x1000305c - fwrite 0x10003060 - _mkdir 0x10003064 - fclose 0x10003068 - fopen 0x1000306c - strcat 0x10003070 - strncpy 0x10003074 - strcmp 0x10003078 - fread 0x1000307c - ftell 0x10003080 - fseek 0x10003084 - _initterm 0x10003088 - _adjust_fdiv 0x1000308c - CppXcptFilter 0x10003090 - _except_handler3 0x10003094 - security_error_handler 0x10003098 - dllonexit 0x1000309c - _onexit 0x100030a0 - scanf 导出 序列 地址 名称 1 0x10001006 mini_unzip_dll 投放文件 无信息 行为分析 互斥量 (Mutexes) Local\MSCTF.Asm.MutexDefault1 执行的命令无信息 创建的服务无信息 启动的服务无信息 进程 rundll32.exe PID: 956, 上一级进程 PID: 2152 访问的文件 C:\Users\test\AppData\Local\Temp\mini_unzip_dll.dll C:\Users\test\AppData\Local\Temp\mini_unzip_dll.dll.123.Manifest C:\Users\test\AppData\Local\Temp\mini_unzip_dll.dll.124.Manifest C:\Users\test\AppData\Local\Temp\mini_unzip_dll.dll.2.Manifest C:\Windows\SysWOW64\rundll32.exe C:\Users\test\AppData\Local\Temp\zlib1.dll C:\Windows\System32\zlib1.dll C:\Windows\system\zlib1.dll C:\Windows\zlib1.dll C:\Windows\System32\wbem\zlib1.dll C:\Windows\System32\WindowsPowerShell\v1.0\zlib1.dll C:\Windows\SysWOW64\zh-CN\KERNELBASE.dll.mui C:\Windows\Fonts\staticcache.dat \Device\KsecDD C:\Windows\Globalization\Sorting\sortdefault.nls 读取的文件 C:\Users\test\AppData\Local\Temp\mini_unzip_dll.dll C:\Users\test\AppData\Local\Temp\mini_unzip_dll.dll.123.Manifest C:\Users\test\AppData\Local\Temp\mini_unzip_dll.dll.124.Manifest C:\Users\test\AppData\Local\Temp\mini_unzip_dll.dll.2.Manifest C:\Windows\SysWOW64\rundll32.exe

C:\Windows\SysWOW64\zh-CN\KERNELBASE.dll.mui C:\Windows\Fonts\staticcache.dat \Device\KsecDD C:\Windows\Globalization\Sorting\sortdefault.nls 修改的文件无信息 删除的文件无信息 注册表键 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\\xe5\xbe\xae\xe8\xbd\xaf\xe9\x9b\x85\xe9\xbb\x91 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\rundll32.exe HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483da2e2-aeae25577436} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3FC47A08-E5C9-4BCA-A2C7-BC9A282AED14}\Category\Category\{534C48C1-0607-4098-A521- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\Category\Category\{534C48C1-0607-4098-A521-

HKEY_CURRENT_USER HKEY_CURRENT_USER\Keyboard Layout\Toggle HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\ HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext 读取的注册表键 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext 修改的注册表键无信息 删除的注册表键无信息 API 解析 gdi32.dll.getlayout gdi32.dll.gdirealizationinfo gdi32.dll.fontislinked advapi32.dll.regopenkeyexw advapi32.dll.regqueryinfokeyw gdi32.dll.gettextfacealiasw advapi32.dll.regenumvaluew advapi32.dll.regclosekey advapi32.dll.regqueryvalueexw advapi32.dll.regqueryvalueexa advapi32.dll.regenumkeyexw uxtheme.dll.themeinitapihook user32.dll.isprocessdpiaware dwmapi.dll.dwmiscompositionenabled gdi32.dll.gdiismetaprintdc ole32.dll.coinitializeex ole32.dll.couninitialize cryptbase.dll.systemfunction036 ole32.dll.coregisterinitializespy ole32.dll.corevokeinitializespy kernel32.dll.sortgethandle kernel32.dll.sortclosehandle 2016 上海魔盾信息科技有限公司

2024 © DocPlayer.vn Chính sách bảo mật | Điều khoản dịch vụ | Phản hồi