分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2020-11-30 10:37:42 2020-11-30 10:39:53 131 秒

魔盾分数

10.0

Softcnapp病毒

文件详细信息

文件名 setup_hglxnb001.exe
文件大小 9879920 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 39d4f3f68a4f288ed83476d7fa2a7b68
SHA1 6cc450fbf25b50ed656a2ab66e859f1cbad1f5ca
SHA256 d30b186c93608a6e1c90595090e4d12df57cd6aa19164206534e95ebfb080b7a
SHA512 c102d740b012287af782cbe63c6762f2db8afd12fcaeb42948c99879f89035e01b627a568822c3a999c64044fe7c8bd7d7ce5415243023c2cd20fe9922ba8fe3
CRC32 A0F18796
Ssdeep 196608:UTMLPkIOAawvPRL0bjHPI0Ls4cY82kC7f293lkeCnsM2m4jk5g1BV4XhGVUF:ZbsfeKjHA04S7fEInii5gBAhGaF
Yara 登录查看Yara规则
样本下载 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
tj.wn51.com A 117.50.93.3
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 104.75.169.10
A 104.75.169.8

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004271d6
声明校验值 0x00974ac2
实际校验值 0x00974ac2
最低操作系统版本要求 5.1
编译时间 2020-10-14 20:39:18
载入哈希 16af28fc4ab709a83ada72a21cbf77e2
图标
图标精确哈希值 ce1fa41efbac2be26375d15a9ef09709
图标相似性哈希值 41e1378b1a64688e3870c16870fa536c

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

微软证书验证 (Sign Tool)

SHA1 时间戳 有效性 错误
1330c7ee411bd4fc3f96d47e15fc986d1f6474bf Fri Oct 16 11:43:05 2020
证书链 Certificate Chain 1
发行给 DigiCert Assured ID Root CA
发行人 DigiCert Assured ID Root CA
有效期 Mon Nov 10 080000 2031
SHA1 哈希 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43
证书链 Certificate Chain 2
发行给 DigiCert Assured ID Code Signing CA-1
发行人 DigiCert Assured ID Root CA
有效期 Tue Feb 10 200000 2026
SHA1 哈希 409aa4a74a0cda7c0fee6bd0bb8823d16b5f1875
证书链 Certificate Chain 3
发行给 Shanghai Oriental Webcasting Co. Ltd.
发行人 DigiCert Assured ID Code Signing CA-1
有效期 Mon Nov 23 200000 2020
SHA1 哈希 13ba32425c95898e3861c5f039b5920bab471d61
证书链 Timestamp Chain 1
发行给 DigiCert Assured ID Root CA
发行人 DigiCert Assured ID Root CA
有效期 Mon Nov 10 080000 2031
SHA1 哈希 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43
证书链 Timestamp Chain 2
发行给 DigiCert Assured ID CA-1
发行人 DigiCert Assured ID Root CA
有效期 Wed Nov 10 080000 2021
SHA1 哈希 19a09b5a36f4dd99727df783c17a51231a56c117
证书链 Timestamp Chain 3
发行给 DigiCert Timestamp Responder
发行人 DigiCert Assured ID CA-1
有效期 Tue Oct 22 080000 2024
SHA1 哈希 614d271d9102e30169822487fde5de00a352b01d

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x001d7744 0x001d7800 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.70
.rdata 0x001d9000 0x000709ee 0x00070a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.51
.data 0x0024a000 0x000270b4 0x0000e400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.10
.gfids 0x00272000 0x00000178 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 2.93
.tls 0x00273000 0x00000009 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.02
.rsrc 0x00274000 0x006f4be8 0x006f4c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.98
.reloc 0x00969000 0x0001caf0 0x0001cc00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 6.54

覆盖

偏移量 0x00968600
大小 0x00003b70

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
"CCC9BC118AABD6F1EB2A" 0x00274cf4 0x006783bd LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 8.00 7-zip archive data, version 0.3
C72C3D1BF1D5ABC67 0x008eda38 0x0000094d LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.41 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
C72C3D1BF1D5ABC67 0x008eda38 0x0000094d LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.41 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
C72C3D1BF1D5ABC67 0x008eda38 0x0000094d LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.41 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
C72C3D1BF1D5ABC67 0x008eda38 0x0000094d LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.41 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
DD9073109EC81164B 0x008ffbac 0x0000067f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.83 PNG image data, 48 x 16, 8-bit/color RGBA, non-interlaced
DD9073109EC81164B 0x008ffbac 0x0000067f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.83 PNG image data, 48 x 16, 8-bit/color RGBA, non-interlaced
DD9073109EC81164B 0x008ffbac 0x0000067f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.83 PNG image data, 48 x 16, 8-bit/color RGBA, non-interlaced
DD9073109EC81164B 0x008ffbac 0x0000067f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.83 PNG image data, 48 x 16, 8-bit/color RGBA, non-interlaced
DD9073109EC81164B 0x008ffbac 0x0000067f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.83 PNG image data, 48 x 16, 8-bit/color RGBA, non-interlaced
DD9073109EC81164B 0x008ffbac 0x0000067f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.83 PNG image data, 48 x 16, 8-bit/color RGBA, non-interlaced
DD9073109EC81164B 0x008ffbac 0x0000067f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.83 PNG image data, 48 x 16, 8-bit/color RGBA, non-interlaced
DD9073109EC81164B 0x008ffbac 0x0000067f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.83 PNG image data, 48 x 16, 8-bit/color RGBA, non-interlaced
DD9073109EC81164B 0x008ffbac 0x0000067f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.83 PNG image data, 48 x 16, 8-bit/color RGBA, non-interlaced
F480F72D39A07D8E6 0x00905514 0x0000278c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.86 PNG image data, 200 x 208, 8-bit/color RGBA, non-interlaced
F480F72D39A07D8E6 0x00905514 0x0000278c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.86 PNG image data, 200 x 208, 8-bit/color RGBA, non-interlaced
F480F72D39A07D8E6 0x00905514 0x0000278c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.86 PNG image data, 200 x 208, 8-bit/color RGBA, non-interlaced
F480F72D39A07D8E6 0x00905514 0x0000278c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.86 PNG image data, 200 x 208, 8-bit/color RGBA, non-interlaced
F480F72D39A07D8E6 0x00905514 0x0000278c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.86 PNG image data, 200 x 208, 8-bit/color RGBA, non-interlaced
F480F72D39A07D8E6 0x00905514 0x0000278c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.86 PNG image data, 200 x 208, 8-bit/color RGBA, non-interlaced
F480F72D39A07D8E6 0x00905514 0x0000278c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.86 PNG image data, 200 x 208, 8-bit/color RGBA, non-interlaced
UIDEF 0x00907ca0 0x00000845 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.36 XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
RT_ICON 0x00967ef8 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.58 GLS_BINARY_LSB_FIRST
RT_ICON 0x00967ef8 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.58 GLS_BINARY_LSB_FIRST
RT_ICON 0x00967ef8 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.58 GLS_BINARY_LSB_FIRST
RT_ICON 0x00967ef8 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.58 GLS_BINARY_LSB_FIRST
RT_ICON 0x00967ef8 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.58 GLS_BINARY_LSB_FIRST
RT_ICON 0x00967ef8 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.58 GLS_BINARY_LSB_FIRST
RT_ICON 0x00967ef8 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.58 GLS_BINARY_LSB_FIRST
RT_ICON 0x00967ef8 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.58 GLS_BINARY_LSB_FIRST
RT_ICON 0x00967ef8 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.58 GLS_BINARY_LSB_FIRST
RT_ICON 0x00967ef8 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.58 GLS_BINARY_LSB_FIRST
RT_ICON 0x00967ef8 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.58 GLS_BINARY_LSB_FIRST
RT_ICON 0x00967ef8 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.58 GLS_BINARY_LSB_FIRST
RT_ICON 0x00967ef8 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.58 GLS_BINARY_LSB_FIRST
RT_ICON 0x00967ef8 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.58 GLS_BINARY_LSB_FIRST
RT_ICON 0x00967ef8 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.58 GLS_BINARY_LSB_FIRST
RT_ICON 0x00967ef8 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.58 GLS_BINARY_LSB_FIRST
RT_ICON 0x00967ef8 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.58 GLS_BINARY_LSB_FIRST
RT_ICON 0x00967ef8 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.58 GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x009683e4 0x00000084 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.03 MS Windows icon resource - 9 icons, 256x256
RT_GROUP_ICON 0x009683e4 0x00000084 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.03 MS Windows icon resource - 9 icons, 256x256
RT_VERSION 0x00968468 0x00000294 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.61 data
RT_MANIFEST 0x009686fc 0x000004ec LANG_ENGLISH SUBLANG_ENGLISH_US 5.41 XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators

导入

库: KERNEL32.dll:
0x5d912c ExitThread
0x5d9138 GetDriveTypeW
0x5d9140 PeekNamedPipe
0x5d9148 GetSystemDirectoryA
0x5d914c SleepEx
0x5d9150 ResetEvent
0x5d9154 SetEvent
0x5d9158 lstrlenA
0x5d915c CreateFileMappingW
0x5d9160 UnmapViewOfFile
0x5d9164 MapViewOfFile
0x5d9170 CreateEventW
0x5d9174 WideCharToMultiByte
0x5d9178 OutputDebugStringA
0x5d917c GlobalUnlock
0x5d9180 GlobalLock
0x5d9184 DeleteFileW
0x5d9188 GetTempPathW
0x5d918c FindResourceW
0x5d9190 WriteFile
0x5d9194 SizeofResource
0x5d9198 LoadResource
0x5d919c LockResource
0x5d91a4 Process32NextW
0x5d91a8 Process32FirstW
0x5d91b0 GetModuleHandleW
0x5d91b4 GetLastError
0x5d91b8 GetCurrentProcessId
0x5d91bc VirtualFree
0x5d91c0 VirtualAlloc
0x5d91c4 LocalFree
0x5d91c8 LocalAlloc
0x5d91e4 CreateFileW
0x5d91ec GetModuleFileNameW
0x5d91f0 ReadFile
0x5d91f4 GetFileSize
0x5d91f8 CreateThread
0x5d91fc Sleep
0x5d9200 GetCurrentProcess
0x5d9204 GlobalFree
0x5d9208 GlobalAlloc
0x5d920c QueryDosDeviceW
0x5d9214 LoadLibraryW
0x5d921c lstrlenW
0x5d9220 lstrcmpiW
0x5d9224 CloseHandle
0x5d9228 OpenProcess
0x5d922c GetProcAddress
0x5d9230 FreeLibrary
0x5d9234 MulDiv
0x5d9238 MultiByteToWideChar
0x5d9244 TerminateProcess
0x5d924c IsDebuggerPresent
0x5d9250 GetStartupInfoW
0x5d9258 GetCurrentThreadId
0x5d9260 InitializeSListHead
0x5d9264 WaitForSingleObject
0x5d9268 CreateProcessW
0x5d926c MoveFileExW
0x5d9270 DecodePointer
0x5d9274 HeapDestroy
0x5d9278 HeapAlloc
0x5d927c HeapReAlloc
0x5d9280 HeapFree
0x5d9284 HeapSize
0x5d9288 GetProcessHeap
0x5d928c RaiseException
0x5d9294 GetSystemInfo
0x5d9298 FormatMessageW
0x5d929c GetVersionExW
0x5d92a8 FindClose
0x5d92ac CreateDirectoryW
0x5d92b0 FindFirstFileW
0x5d92b4 FindNextFileW
0x5d92b8 ReleaseMutex
0x5d92bc CreateMutexW
0x5d92c0 GetFileSizeEx
0x5d92c4 GetTickCount
0x5d92c8 AreFileApisANSI
0x5d92cc SetErrorMode
0x5d92d0 GetLocalTime
0x5d92d8 HeapCreate
0x5d92dc FreeResource
0x5d92e0 SetLastError
0x5d92e4 GetFullPathNameW
0x5d92e8 GetVersionExA
0x5d92ec LoadLibraryA
0x5d92f0 GetModuleHandleA
0x5d92f4 EncodePointer
0x5d92f8 RtlUnwind
0x5d92fc TlsAlloc
0x5d9300 TlsGetValue
0x5d9304 TlsSetValue
0x5d9308 TlsFree
0x5d930c LoadLibraryExW
0x5d9310 ExitProcess
0x5d9314 GetModuleHandleExW
0x5d9318 GetStdHandle
0x5d931c GetACP
0x5d9320 GetFileType
0x5d9324 GetStringTypeW
0x5d9328 CompareStringW
0x5d932c LCMapStringW
0x5d9330 GetConsoleMode
0x5d9334 ReadConsoleW
0x5d9338 SetFilePointerEx
0x5d933c FindFirstFileExW
0x5d9340 IsValidCodePage
0x5d9344 GetOEMCP
0x5d9348 GetCPInfo
0x5d934c GetCommandLineA
0x5d9350 GetCommandLineW
0x5d9360 OutputDebugStringW
0x5d9368 SetStdHandle
0x5d936c GetConsoleCP
0x5d9374 FlushFileBuffers
0x5d9378 WriteConsoleW
0x5d937c SetEndOfFile
库: USER32.dll:
0x5d93c8 MonitorFromWindow
0x5d93cc GetMonitorInfoW
0x5d93d0 TrackMouseEvent
0x5d93d4 PostMessageW
0x5d93d8 PostQuitMessage
0x5d93dc AnimateWindow
0x5d93e4 IsIconic
0x5d93e8 IsZoomed
0x5d93ec GetCapture
0x5d93f0 SetCapture
0x5d93f4 ReleaseCapture
0x5d93f8 UpdateWindow
0x5d93fc BeginPaint
0x5d9400 EndPaint
0x5d9404 InvalidateRect
0x5d9408 CreateCaret
0x5d940c GetCaretBlinkTime
0x5d9410 HideCaret
0x5d9414 SetCaretPos
0x5d9418 ScreenToClient
0x5d941c GetClassNameW
0x5d9420 DestroyIcon
0x5d9424 LoadBitmapW
0x5d942c LoadImageW
0x5d9430 CharNextW
0x5d9434 GetMessageW
0x5d9438 TranslateMessage
0x5d943c DispatchMessageW
0x5d9440 PeekMessageW
0x5d9444 ClientToScreen
0x5d9448 EnableMenuItem
0x5d944c GetSysColor
0x5d9450 IsWindowVisible
0x5d9454 DrawTextW
0x5d945c CharLowerBuffW
0x5d9460 GetWindowRect
0x5d9464 UpdateLayeredWindow
0x5d9468 IsMenu
0x5d946c IsWindowEnabled
0x5d9470 CreatePopupMenu
0x5d9474 DestroyMenu
0x5d9478 GetMenuItemCount
0x5d947c GetWindow
0x5d9480 AppendMenuW
0x5d9484 TrackPopupMenu
0x5d9488 GetMenuInfo
0x5d948c SetMenuInfo
0x5d9490 GetMenuItemInfoW
0x5d949c GetForegroundWindow
0x5d94a0 GetClientRect
0x5d94a4 GetDlgItem
0x5d94a8 CreateWindowExW
0x5d94ac RegisterClassExW
0x5d94b0 CallWindowProcW
0x5d94b4 DefWindowProcW
0x5d94b8 GetKeyState
0x5d94bc GetFocus
0x5d94c0 SendMessageW
0x5d94c4 IsWindow
0x5d94c8 GetActiveWindow
0x5d94cc GetSystemMetrics
0x5d94d0 GetCursorPos
0x5d94d4 OffsetRect
0x5d94d8 GetWindowLongW
0x5d94dc GetDC
0x5d94e4 ShowWindow
0x5d94e8 SetWindowPos
0x5d94ec SetWindowTextW
0x5d94f0 SetForegroundWindow
0x5d94f4 FindWindowW
0x5d94f8 SetFocus
0x5d94fc PtInRect
0x5d9500 EqualRect
0x5d9504 IsRectEmpty
0x5d9508 UnionRect
0x5d950c CopyRect
0x5d9510 SetRect
0x5d9514 SetCursor
0x5d9518 KillTimer
0x5d951c GetParent
0x5d9520 SetWindowLongW
0x5d9524 MapWindowPoints
0x5d9528 SetTimer
0x5d952c DestroyWindow
0x5d9530 DestroyCursor
0x5d9534 LoadCursorW
0x5d9538 IntersectRect
0x5d953c UnregisterClassW
0x5d9540 GetIconInfo
0x5d9544 DrawIconEx
0x5d9548 InflateRect
0x5d954c ReleaseDC
0x5d9550 MapVirtualKeyA
库: ADVAPI32.dll:
0x5d9000 RegOpenKeyExW
0x5d9004 RegQueryValueExW
0x5d9008 RegCreateKeyExW
0x5d900c RegSetValueExW
0x5d9014 RevertToSelf
0x5d9018 RegOpenKeyW
0x5d901c RegEnumKeyW
0x5d9020 DuplicateTokenEx
0x5d9028 LookupAccountSidW
0x5d902c RegCloseKey
0x5d9038 SetTokenInformation
0x5d903c GetTokenInformation
0x5d9040 OpenProcessToken
库: SHELL32.dll:
0x5d93a4 ShellExecuteW
0x5d93ac SHGetFolderPathW
0x5d93b4 SHBrowseForFolderW
库: ole32.dll:
0x5d9664 CoCreateGuid
0x5d9668 OleLockRunning
0x5d966c CLSIDFromString
0x5d9670 CLSIDFromProgID
0x5d9674 CoCreateInstance
0x5d9678 OleInitialize
0x5d967c OleUninitialize
0x5d9684 CoInitialize
0x5d9688 CoUninitialize
0x5d968c CreateBindCtx
库: SHLWAPI.dll:
0x5d93bc PathFileExistsW
0x5d93c0 StrToIntExW
库: PSAPI.DLL:
0x5d9394 EnumProcessModules
0x5d9398 EnumProcesses
库: CRYPT32.dll:
0x5d9048 CryptMsgGetParam
0x5d904c CertCloseStore
0x5d9058 CertGetNameStringW
0x5d905c CryptQueryObject
0x5d9060 CryptMsgClose
库: gdiplus.dll:
0x5d95fc GdipAlloc
0x5d9600 GdipFree
0x5d9604 GdiplusStartup
0x5d9608 GdiplusShutdown
0x5d960c GdipCloneImage
0x5d9610 GdipDisposeImage
0x5d9618 GdipGetImageWidth
0x5d961c GdipGetImageHeight
0x5d9630 GdipGetPropertyItem
0x5d9640 GdipBitmapLockBits
0x5d9648 GdipDeleteGraphics
0x5d964c GdipDrawImageI
0x5d9650 GdipSaveImageToFile
0x5d9654 GdipGraphicsClear
0x5d965c GdipDrawImageRectI
库: IMM32.dll:
0x5d9114 ImmAssociateContext
0x5d9118 ImmReleaseContext
0x5d911c ImmGetContext
库: GDI32.dll:
0x5d9068 SetBkMode
0x5d906c StretchBlt
0x5d9070 Rectangle
0x5d9074 EnumFontsW
0x5d9078 BitBlt
0x5d907c GetViewportOrgEx
0x5d9080 GetCurrentObject
0x5d9084 SetViewportOrgEx
0x5d9088 GetStockObject
0x5d908c CreateSolidBrush
0x5d9090 CreateFontIndirectW
0x5d9094 SetGraphicsMode
0x5d9098 GetDeviceCaps
0x5d909c CreateRoundRectRgn
0x5d90a0 GetObjectW
0x5d90a4 CreateDIBSection
0x5d90a8 SelectObject
0x5d90ac SelectClipRgn
0x5d90b0 IntersectClipRect
0x5d90b4 GetRegionData
0x5d90b8 ExtCreateRegion
0x5d90bc DeleteObject
0x5d90c0 DeleteDC
0x5d90c4 GdiFlush
0x5d90c8 GetTextFaceW
0x5d90cc ExtTextOutW
0x5d90d0 SetWorldTransform
0x5d90d4 GetTextMetricsW
0x5d90d8 SetTextAlign
0x5d90dc SetTextColor
0x5d90e8 GetTextExtentPointI
0x5d90ec GetGlyphIndicesW
0x5d90f8 GetGlyphOutlineW
0x5d90fc GetFontData
0x5d9100 GetCharABCWidthsW
0x5d9104 EnumFontFamiliesExW
0x5d9108 CreateCompatibleDC
0x5d910c CreateBitmap
库: OLEAUT32.dll:
0x5d9384 SysAllocString
0x5d9388 SysFreeString
库: USERENV.dll:
库: WS2_32.dll:
0x5d9574 getsockopt
0x5d9578 htons
0x5d957c ntohs
0x5d9580 setsockopt
0x5d9584 WSASetLastError
0x5d9588 htonl
0x5d958c inet_addr
0x5d9590 inet_ntoa
0x5d9594 gethostbyaddr
0x5d9598 gethostbyname
0x5d959c getsockname
0x5d95a0 getservbyname
0x5d95a4 __WSAFDIsSet
0x5d95a8 select
0x5d95ac recvfrom
0x5d95b0 sendto
0x5d95b4 accept
0x5d95b8 listen
0x5d95bc ioctlsocket
0x5d95c0 gethostname
0x5d95c4 getpeername
0x5d95c8 connect
0x5d95cc bind
0x5d95d0 send
0x5d95d4 recv
0x5d95d8 WSAGetLastError
0x5d95dc socket
0x5d95e0 closesocket
0x5d95e4 WSACleanup
0x5d95e8 getservbyport
0x5d95ec WSAStartup
库: USP10.dll:
0x5d9564 ScriptFreeCache
0x5d9568 ScriptItemize
0x5d956c ScriptShape

.text
`.rdata
@.data
.gfids
@.tls
.rsrc
@.reloc
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20201118
Elastic malicious (high confidence) 20201030
MicroWorld-eScan Gen:Variant.Graftor.741529 20201119
FireEye Generic.mg.39d4f3f68a4f288e 20201119
CAT-QuickHeal 未发现病毒 20201119
ALYac 未发现病毒 20201119
Malwarebytes PUP.Optional.ChinAd 20201119
VIPRE Trojan.Win32.Generic!BT 20201119
SUPERAntiSpyware 未发现病毒 20201113
K7AntiVirus Unwanted-Program ( 00560ccc1 ) 20201119
Alibaba TrojanDownloader:Win32/Softcnapp.dd561666 20190527
K7GW Unwanted-Program ( 00560ccc1 ) 20201119
Cybereason 未发现病毒 20190616
Invincea Generic PUA GM (PUA) 20201119
Baidu 未发现病毒 20190318
Cyren W32/Softcnapp.N.gen!Eldorado 20201119
Symantec ML.Attribute.HighConfidence 20201118
TotalDefense 未发现病毒 20201119
APEX Malicious 20201119
Avast Win32:Adware-gen [Adw] 20201119
ClamAV 未发现病毒 20201118
Kaspersky Trojan-Downloader.Win32.Agent.xxzmvz 20201119
BitDefender Gen:Variant.Graftor.741529 20201119
NANO-Antivirus Riskware.Win32.Softcnapp.iayynn 20201119
Paloalto 未发现病毒 20201119
AegisLab 未发现病毒 20201119
Tencent Win32.Trojan-downloader.Agent.Lneq 20201119
Ad-Aware 未发现病毒 20201119
Emsisoft Gen:Variant.Graftor.741529 (B) 20201119
Comodo 未发现病毒 20201119
F-Secure Heuristic.HEUR/AGEN.1132089 20201119
DrWeb Adware.Softcnapp.125 20201119
Zillya Adware.Burden.Win32.1217 20201118
TrendMicro TROJ_GEN.R01FC0PJU20 20201119
McAfee-GW-Edition BehavesLike.Win32.Generic.tc 20201118
CMC 未发现病毒 20201118
Sophos Generic PUA GM (PUA) 20201119
Ikarus PUA.Softcnapp 20201118
Jiangmin AdWare.Burden.jc 20201118
Webroot 未发现病毒 20201119
Avira HEUR/AGEN.1132089 20201119
MAX malware (ai score=84) 20201119
Antiy-AVL GrayWare[AdWare]/Win32.Burden 20201119
Kingsoft 未发现病毒 20201119
Microsoft PUA:Win32/Softcnapp 20201119
Gridinsoft Adware.Softcnapp.vl!c 20201119
Arcabit 未发现病毒 20201119
ViRobot 未发现病毒 20201119
ZoneAlarm Trojan-Downloader.Win32.Agent.xxzmvz 20201119
GData Gen:Variant.Graftor.741529 20201119
Cynet Malicious (score: 100) 20201119
AhnLab-V3 PUP/Win32.Softcnapp.C3863117 20201118
Acronis 未发现病毒 20201023
McAfee GenericRXLM-EC!39D4F3F68A4F 20201119
TACHYON 未发现病毒 20201119
VBA32 BScope.Adware.Softcnapp 20201118
Cylance Unsafe 20201119
Zoner 未发现病毒 20201118
ESET-NOD32 a variant of Win32/Softcnapp.BG potentially unwanted 20201119
TrendMicro-HouseCall TROJ_GEN.R01FC0PJU20 20201119
Rising Adware.Agent!1.C6F0 (CLASSIC) 20201119
Yandex PUA.Burden!xacdSTCedUY 20201117
SentinelOne 未发现病毒 20201105
eGambit Unsafe.AI_Score_99% 20201119
Fortinet Riskware/Agent 20201119
BitDefenderTheta 未发现病毒 20201113
AVG Win32:Adware-gen [Adw] 20201119
Panda Trj/Genetic.gen 20201118
CrowdStrike 未发现病毒 20190702
Qihoo-360 未发现病毒 20201119

进程树


setup_hglxnb001.exe, PID: 2392, 上一级进程 PID: 2176

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49164 104.75.169.10 acroipm.adobe.com 80
192.168.122.201 49163 117.50.93.3 tj.wn51.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
tj.wn51.com A 117.50.93.3
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 104.75.169.10
A 104.75.169.8

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49164 104.75.169.10 acroipm.adobe.com 80
192.168.122.201 49163 117.50.93.3 tj.wn51.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://tj.wn51.com/?cd831=674200d4ccb6c2e61b36c5d30e768d3c
GET /?cd831=674200d4ccb6c2e61b36c5d30e768d3c HTTP/1.1
Host: tj.wn51.com
Accept: */*

URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 27.744 seconds )

  • 11.406 Suricata
  • 9.629 Static
  • 2.796 NetworkAnalysis
  • 1.991 TargetInfo
  • 1.285 VirusTotal
  • 0.483 peid
  • 0.104 BehaviorAnalysis
  • 0.021 config_decoder
  • 0.016 Strings
  • 0.011 AnalysisInfo
  • 0.002 Memory

Signatures ( 43.439 seconds )

  • 41.917 network_http
  • 1.394 md_url_bl
  • 0.016 antiav_detectreg
  • 0.011 md_domain_bl
  • 0.009 anomaly_persistence_autorun
  • 0.008 antiav_detectfile
  • 0.007 infostealer_ftp
  • 0.006 infostealer_im
  • 0.005 api_spamming
  • 0.005 infostealer_bitcoin
  • 0.004 stealth_decoy_document
  • 0.004 stealth_timeout
  • 0.004 geodo_banking_trojan
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 antianalysis_detectreg
  • 0.003 antivm_vbox_files
  • 0.003 infostealer_mail
  • 0.002 tinba_behavior
  • 0.002 rat_nanocore
  • 0.002 cerber_behavior
  • 0.002 disables_browser_warn
  • 0.002 network_torgateway
  • 0.001 network_tor
  • 0.001 bootkit
  • 0.001 mimics_filetime
  • 0.001 stealth_file
  • 0.001 maldun_anomaly_massive_file_ops
  • 0.001 betabot_behavior
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_disk
  • 0.001 virus
  • 0.001 antidbg_devices
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.672 seconds )

  • 0.562 ReportHTMLSummary
  • 0.11 Malheur
Task ID 592510
Mongo ID 5fc45bc87e769a09e1a51d87
Cuckoo release 1.4-Maldun