分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2020-10-27 17:36:55 | 2020-10-27 17:39:01 | 126 秒 |
文件名 | hiddeninput.exe |
---|---|
文件大小 | 780800 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 5d92f97b6d1b950694c410bb98f7a1e9 |
SHA1 | 4433cacb6919dd098760b005a90c9cd9406e8af6 |
SHA256 | e833b0def83368b52f7ae9f03f28418f35aa4976197cd651707ad5489d43fdc3 |
SHA512 | 85b102343425cbe0c26003d1c90e4a8f8e40ef4b26b6b6634b46223aee4da7f6ad5c3546404a6f35b2775465a0b1bdf955569a0e3e99bbba46d86611397da36d |
CRC32 | 89CF5E0F |
Ssdeep | 12288:WMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9SOj:WnsJ39LyjbJkQFMhmC+6GD93 |
Yara | 登录查看Yara规则 |
样本下载 提交误报 |
无主机纪录.
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x0049ab80 |
声明校验值 | 0x00000000 |
实际校验值 | 0x000c26f7 |
最低操作系统版本要求 | 4.0 |
编译时间 | 1992-06-20 06:22:17 |
载入哈希 | 332f7ce65ead0adfb3d35147033aabe9 |
图标 | |
图标精确哈希值 | 82cda1b5a550ffcd6cb6b89153678dd7 |
图标相似性哈希值 | 3b5d3c7d207e37dceeedd301e35e2e58 |
LegalCopyright | |
---|---|
InternalName | |
FileVersion | |
CompanyName | |
LegalTrademarks | |
Comments | |
ProductName | |
ProductVersion | |
FileDescription | |
OriginalFilename | |
Translation |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
CODE | 0x00001000 | 0x00099bec | 0x00099c00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.57 |
DATA | 0x0009b000 | 0x00002e54 | 0x00003000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.85 |
BSS | 0x0009e000 | 0x000011e5 | 0x00000000 | IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
.idata | 0x000a0000 | 0x00002a42 | 0x00002c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.92 |
.tls | 0x000a3000 | 0x00000010 | 0x00000000 | IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
.rdata | 0x000a4000 | 0x00000039 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ | 0.78 |
.reloc | 0x000a5000 | 0x0000a980 | 0x0000aa00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ | 6.67 |
.rsrc | 0x000b0000 | 0x00014130 | 0x00014200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ | 5.71 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
RT_CURSOR | 0x000b1500 | 0x00000134 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.92 | data |
RT_CURSOR | 0x000b1500 | 0x00000134 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.92 | data |
RT_CURSOR | 0x000b1500 | 0x00000134 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.92 | data |
RT_CURSOR | 0x000b1500 | 0x00000134 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.92 | data |
RT_CURSOR | 0x000b1500 | 0x00000134 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.92 | data |
RT_CURSOR | 0x000b1500 | 0x00000134 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.92 | data |
RT_CURSOR | 0x000b1500 | 0x00000134 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.92 | data |
RT_BITMAP | 0x000b2868 | 0x000000e8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.85 | GLS_BINARY_LSB_FIRST |
RT_BITMAP | 0x000b2868 | 0x000000e8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.85 | GLS_BINARY_LSB_FIRST |
RT_BITMAP | 0x000b2868 | 0x000000e8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.85 | GLS_BINARY_LSB_FIRST |
RT_BITMAP | 0x000b2868 | 0x000000e8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.85 | GLS_BINARY_LSB_FIRST |
RT_BITMAP | 0x000b2868 | 0x000000e8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.85 | GLS_BINARY_LSB_FIRST |
RT_BITMAP | 0x000b2868 | 0x000000e8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.85 | GLS_BINARY_LSB_FIRST |
RT_BITMAP | 0x000b2868 | 0x000000e8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.85 | GLS_BINARY_LSB_FIRST |
RT_BITMAP | 0x000b2868 | 0x000000e8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.85 | GLS_BINARY_LSB_FIRST |
RT_BITMAP | 0x000b2868 | 0x000000e8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.85 | GLS_BINARY_LSB_FIRST |
RT_BITMAP | 0x000b2868 | 0x000000e8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.85 | GLS_BINARY_LSB_FIRST |
RT_BITMAP | 0x000b2868 | 0x000000e8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.85 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x000b39f8 | 0x000010a8 | LANG_TURKISH | SUBLANG_DEFAULT | 2.52 | dBase IV DBT of @.DBF, block length 8192, next free block index 40 |
RT_ICON | 0x000b39f8 | 0x000010a8 | LANG_TURKISH | SUBLANG_DEFAULT | 2.52 | dBase IV DBT of @.DBF, block length 8192, next free block index 40 |
RT_DIALOG | 0x000b4aa0 | 0x00000052 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.56 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_RCDATA | 0x000bf5b8 | 0x000047d3 | LANG_TURKISH | SUBLANG_DEFAULT | 7.52 | Microsoft Excel 2007+ |
RT_RCDATA | 0x000bf5b8 | 0x000047d3 | LANG_TURKISH | SUBLANG_DEFAULT | 7.52 | Microsoft Excel 2007+ |
RT_RCDATA | 0x000bf5b8 | 0x000047d3 | LANG_TURKISH | SUBLANG_DEFAULT | 7.52 | Microsoft Excel 2007+ |
RT_RCDATA | 0x000bf5b8 | 0x000047d3 | LANG_TURKISH | SUBLANG_DEFAULT | 7.52 | Microsoft Excel 2007+ |
RT_RCDATA | 0x000bf5b8 | 0x000047d3 | LANG_TURKISH | SUBLANG_DEFAULT | 7.52 | Microsoft Excel 2007+ |
RT_RCDATA | 0x000bf5b8 | 0x000047d3 | LANG_TURKISH | SUBLANG_DEFAULT | 7.52 | Microsoft Excel 2007+ |
RT_RCDATA | 0x000bf5b8 | 0x000047d3 | LANG_TURKISH | SUBLANG_DEFAULT | 7.52 | Microsoft Excel 2007+ |
RT_RCDATA | 0x000bf5b8 | 0x000047d3 | LANG_TURKISH | SUBLANG_DEFAULT | 7.52 | Microsoft Excel 2007+ |
RT_GROUP_CURSOR | 0x000c3e04 | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x000c3e04 | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x000c3e04 | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x000c3e04 | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x000c3e04 | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x000c3e04 | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x000c3e04 | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_ICON | 0x000c3e18 | 0x00000014 | LANG_TURKISH | SUBLANG_DEFAULT | 1.78 | MS Windows icon resource - 1 icon, 32x32 |
RT_VERSION | 0x000c3e2c | 0x00000304 | LANG_TURKISH | SUBLANG_DEFAULT | 3.22 | data |
防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
---|---|---|
Bkav | W32.FamVT.GaionLTK.Trojan | 20200909 |
Elastic | malicious (high confidence) | 20200831 |
MicroWorld-eScan | Dropped:Trojan.GenericKD.32840913 | 20200910 |
CMC | 未发现病毒 | 20200909 |
CAT-QuickHeal | Sus.Nocivo.E0011 | 20200909 |
McAfee | GenericRXCB-VC!5D92F97B6D1B | 20200910 |
Cylance | Unsafe | 20200910 |
Zillya | Trojan.Delf.Win32.76144 | 20200909 |
AegisLab | 未发现病毒 | 20200910 |
Sangfor | Malware | 20200814 |
K7AntiVirus | Riskware ( 0040eff71 ) | 20200909 |
Alibaba | Backdoor:Win32/DarkKomet.1a3fffc1 | 20190527 |
K7GW | Riskware ( 0040eff71 ) | 20200909 |
Cybereason | malicious.b6d1b9 | 20190616 |
Arcabit | HEUR.VBA.Trojan.d | 20200909 |
Baidu | 未发现病毒 | 20190318 |
Cyren | W32/Backdoor.OAZM-5661 | 20200910 |
Symantec | ML.Attribute.HighConfidence | 20200909 |
ESET-NOD32 | Win32/Delf.NBX | 20200910 |
APEX | Malicious | 20200907 |
Paloalto | 未发现病毒 | 20200910 |
ClamAV | Win.Malware.Delf-6899401-0 | 20200909 |
Kaspersky | Backdoor.Win32.DarkKomet.hqxy | 20200910 |
BitDefender | Dropped:Trojan.GenericKD.32840913 | 20200910 |
NANO-Antivirus | Trojan.Win32.DarkKomet.fazbwq | 20200910 |
SUPERAntiSpyware | Adware.FileTour/Variant | 20200904 |
Avast | Win32:Zorex-E [Wrm] | 20200910 |
Tencent | Virus.Win32.DarkKomet.a | 20200910 |
Ad-Aware | Dropped:Trojan.GenericKD.32840913 | 20200910 |
TACHYON | 未发现病毒 | 20200910 |
Comodo | Virus.Win32.Agent.DE@74b38h | 20200728 |
F-Secure | Trojan:W97M/MaliciousMacro.GEN | 20200909 |
DrWeb | Trojan.DownLoader22.9658 | 20200910 |
VIPRE | BehavesLike.Win32.Malware.eah (mx-v) | 20200910 |
TrendMicro | Virus.Win32.NAPWHICH.B | 20200910 |
FireEye | Generic.mg.5d92f97b6d1b9506 | 20200909 |
Sophos | ElReceptor Keyboard Hook (PUA) | 20200910 |
Ikarus | Trojan-PWS.Win32.QQPass | 20200909 |
Jiangmin | Trojan.Generic.bhoqf | 20200909 |
eGambit | Unsafe.AI_Score_100% | 20200910 |
Avira | DR/Delphi.Gen | 20200909 |
Antiy-AVL | Trojan[Downloader]/Script.AGeneric | 20200910 |
Kingsoft | 未发现病毒 | 20200910 |
Microsoft | Worm:Win32/AutoRun!atmn | 20200909 |
ViRobot | 未发现病毒 | 20200909 |
ZoneAlarm | Backdoor.Win32.DarkKomet.hqxy | 20200910 |
GData | Dropped:Trojan.GenericKD.32840913 | 20200910 |
Cynet | Malicious (score: 100) | 20200905 |
AhnLab-V3 | Win32/Zorex.X1799 | 20200909 |
Acronis | suspicious | 20200806 |
BitDefenderTheta | AI:Packer.F5AF03D517 | 20200902 |
ALYac | Dropped:Trojan.GenericKD.32840913 | 20200910 |
MAX | malware (ai score=83) | 20200910 |
VBA32 | TScope.Trojan.Delf | 20200909 |
Malwarebytes | Trojan.Agent | 20200910 |
Zoner | Trojan.Win32.88102 | 20200909 |
TrendMicro-HouseCall | Virus.Win32.NAPWHICH.B | 20200910 |
Rising | Virus.Synaptics!1.C8FB (CLASSIC) | 20200909 |
Yandex | 未发现病毒 | 20200907 |
SentinelOne | DFI - Malicious PE | 20200724 |
MaxSecure | Trojan.Malware.300983.susgen | 20200908 |
Fortinet | W32/Delf.NBX!tr | 20200910 |
Webroot | W32.Malware.gen | 20200910 |
AVG | Other:Malware-gen [Trj] | 20200910 |
Panda | Trj/Genetic.gen | 20200909 |
CrowdStrike | win/malicious_confidence_100% (D) | 20190702 |
Qihoo-360 | Win32/Virus.Synaptics.A | 20200910 |
无主机纪录.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49163 | 23.218.94.163 acroipm.adobe.com | 80 |
192.168.122.201 | 49166 | 69.42.215.252 freedns.afraid.org | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 56270 | 192.168.122.1 | 53 |
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
192.168.122.201 | 59906 | 192.168.122.1 | 53 |
192.168.122.201 | 65178 | 192.168.122.1 | 53 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49163 | 23.218.94.163 acroipm.adobe.com | 80 |
192.168.122.201 | 49166 | 69.42.215.252 freedns.afraid.org | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 56270 | 192.168.122.1 | 53 |
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
192.168.122.201 | 59906 | 192.168.122.1 | 53 |
192.168.122.201 | 65178 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
URL专业沙箱检测 -> http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 | GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1 User-Agent: MyApp Host: freedns.afraid.org Cache-Control: no-cache |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
No TLS
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 583398 |
---|---|
Mongo ID | 5f97eb067e769a0a8f08ecf4 |
Cuckoo release | 1.4-Maldun |