分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2020-11-30 10:37:42 | 2020-11-30 10:39:53 | 131 秒 |
文件名 | setup_hglxnb001.exe |
---|---|
文件大小 | 9879920 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 39d4f3f68a4f288ed83476d7fa2a7b68 |
SHA1 | 6cc450fbf25b50ed656a2ab66e859f1cbad1f5ca |
SHA256 | d30b186c93608a6e1c90595090e4d12df57cd6aa19164206534e95ebfb080b7a |
SHA512 | c102d740b012287af782cbe63c6762f2db8afd12fcaeb42948c99879f89035e01b627a568822c3a999c64044fe7c8bd7d7ce5415243023c2cd20fe9922ba8fe3 |
CRC32 | A0F18796 |
Ssdeep | 196608:UTMLPkIOAawvPRL0bjHPI0Ls4cY82kC7f293lkeCnsM2m4jk5g1BV4XhGVUF:ZbsfeKjHA04S7fEInii5gBAhGaF |
Yara | 登录查看Yara规则 |
样本下载 提交误报 |
无主机纪录.
域名 | 安全评级 | 响应 |
---|---|---|
tj.wn51.com | A 117.50.93.3 | |
acroipm.adobe.com |
CNAME acroipm.adobe.com.edgesuite.net CNAME a1983.dscd.akamai.net A 104.75.169.10 A 104.75.169.8 |
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x004271d6 |
声明校验值 | 0x00974ac2 |
实际校验值 | 0x00974ac2 |
最低操作系统版本要求 | 5.1 |
编译时间 | 2020-10-14 20:39:18 |
载入哈希 | 16af28fc4ab709a83ada72a21cbf77e2 |
图标 | |
图标精确哈希值 | ce1fa41efbac2be26375d15a9ef09709 |
图标相似性哈希值 | 41e1378b1a64688e3870c16870fa536c |
LegalCopyright | |
---|---|
InternalName | |
FileVersion | |
CompanyName | |
ProductName | |
ProductVersion | |
FileDescription | |
OriginalFilename | |
Translation |
SHA1 | 时间戳 | 有效性 | 错误 |
---|---|---|---|
1330c7ee411bd4fc3f96d47e15fc986d1f6474bf | Fri Oct 16 11:43:05 2020 | 无 |
证书链 | Certificate Chain 1 |
发行给 | DigiCert Assured ID Root CA |
发行人 | DigiCert Assured ID Root CA |
有效期 | Mon Nov 10 080000 2031 |
SHA1 哈希 | 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43 |
证书链 | Certificate Chain 2 |
发行给 | DigiCert Assured ID Code Signing CA-1 |
发行人 | DigiCert Assured ID Root CA |
有效期 | Tue Feb 10 200000 2026 |
SHA1 哈希 | 409aa4a74a0cda7c0fee6bd0bb8823d16b5f1875 |
证书链 | Certificate Chain 3 |
发行给 | Shanghai Oriental Webcasting Co. Ltd. |
发行人 | DigiCert Assured ID Code Signing CA-1 |
有效期 | Mon Nov 23 200000 2020 |
SHA1 哈希 | 13ba32425c95898e3861c5f039b5920bab471d61 |
证书链 | Timestamp Chain 1 |
发行给 | DigiCert Assured ID Root CA |
发行人 | DigiCert Assured ID Root CA |
有效期 | Mon Nov 10 080000 2031 |
SHA1 哈希 | 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43 |
证书链 | Timestamp Chain 2 |
发行给 | DigiCert Assured ID CA-1 |
发行人 | DigiCert Assured ID Root CA |
有效期 | Wed Nov 10 080000 2021 |
SHA1 哈希 | 19a09b5a36f4dd99727df783c17a51231a56c117 |
证书链 | Timestamp Chain 3 |
发行给 | DigiCert Timestamp Responder |
发行人 | DigiCert Assured ID CA-1 |
有效期 | Tue Oct 22 080000 2024 |
SHA1 哈希 | 614d271d9102e30169822487fde5de00a352b01d |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x001d7744 | 0x001d7800 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.70 |
.rdata | 0x001d9000 | 0x000709ee | 0x00070a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.51 |
.data | 0x0024a000 | 0x000270b4 | 0x0000e400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 5.10 |
.gfids | 0x00272000 | 0x00000178 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 2.93 |
.tls | 0x00273000 | 0x00000009 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.02 |
.rsrc | 0x00274000 | 0x006f4be8 | 0x006f4c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.98 |
.reloc | 0x00969000 | 0x0001caf0 | 0x0001cc00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 6.54 |
偏移量 | 0x00968600 |
大小 | 0x00003b70 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
"CCC9BC118AABD6F1EB2A" | 0x00274cf4 | 0x006783bd | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 8.00 | 7-zip archive data, version 0.3 |
C72C3D1BF1D5ABC67 | 0x008eda38 | 0x0000094d | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.41 | XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators |
C72C3D1BF1D5ABC67 | 0x008eda38 | 0x0000094d | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.41 | XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators |
C72C3D1BF1D5ABC67 | 0x008eda38 | 0x0000094d | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.41 | XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators |
C72C3D1BF1D5ABC67 | 0x008eda38 | 0x0000094d | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.41 | XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators |
DD9073109EC81164B | 0x008ffbac | 0x0000067f | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.83 | PNG image data, 48 x 16, 8-bit/color RGBA, non-interlaced |
DD9073109EC81164B | 0x008ffbac | 0x0000067f | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.83 | PNG image data, 48 x 16, 8-bit/color RGBA, non-interlaced |
DD9073109EC81164B | 0x008ffbac | 0x0000067f | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.83 | PNG image data, 48 x 16, 8-bit/color RGBA, non-interlaced |
DD9073109EC81164B | 0x008ffbac | 0x0000067f | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.83 | PNG image data, 48 x 16, 8-bit/color RGBA, non-interlaced |
DD9073109EC81164B | 0x008ffbac | 0x0000067f | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.83 | PNG image data, 48 x 16, 8-bit/color RGBA, non-interlaced |
DD9073109EC81164B | 0x008ffbac | 0x0000067f | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.83 | PNG image data, 48 x 16, 8-bit/color RGBA, non-interlaced |
DD9073109EC81164B | 0x008ffbac | 0x0000067f | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.83 | PNG image data, 48 x 16, 8-bit/color RGBA, non-interlaced |
DD9073109EC81164B | 0x008ffbac | 0x0000067f | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.83 | PNG image data, 48 x 16, 8-bit/color RGBA, non-interlaced |
DD9073109EC81164B | 0x008ffbac | 0x0000067f | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.83 | PNG image data, 48 x 16, 8-bit/color RGBA, non-interlaced |
F480F72D39A07D8E6 | 0x00905514 | 0x0000278c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.86 | PNG image data, 200 x 208, 8-bit/color RGBA, non-interlaced |
F480F72D39A07D8E6 | 0x00905514 | 0x0000278c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.86 | PNG image data, 200 x 208, 8-bit/color RGBA, non-interlaced |
F480F72D39A07D8E6 | 0x00905514 | 0x0000278c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.86 | PNG image data, 200 x 208, 8-bit/color RGBA, non-interlaced |
F480F72D39A07D8E6 | 0x00905514 | 0x0000278c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.86 | PNG image data, 200 x 208, 8-bit/color RGBA, non-interlaced |
F480F72D39A07D8E6 | 0x00905514 | 0x0000278c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.86 | PNG image data, 200 x 208, 8-bit/color RGBA, non-interlaced |
F480F72D39A07D8E6 | 0x00905514 | 0x0000278c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.86 | PNG image data, 200 x 208, 8-bit/color RGBA, non-interlaced |
F480F72D39A07D8E6 | 0x00905514 | 0x0000278c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.86 | PNG image data, 200 x 208, 8-bit/color RGBA, non-interlaced |
UIDEF | 0x00907ca0 | 0x00000845 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.36 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
RT_ICON | 0x00967ef8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.58 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00967ef8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.58 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00967ef8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.58 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00967ef8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.58 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00967ef8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.58 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00967ef8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.58 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00967ef8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.58 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00967ef8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.58 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00967ef8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.58 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00967ef8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.58 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00967ef8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.58 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00967ef8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.58 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00967ef8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.58 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00967ef8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.58 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00967ef8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.58 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00967ef8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.58 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00967ef8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.58 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00967ef8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.58 | GLS_BINARY_LSB_FIRST |
RT_GROUP_ICON | 0x009683e4 | 0x00000084 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.03 | MS Windows icon resource - 9 icons, 256x256 |
RT_GROUP_ICON | 0x009683e4 | 0x00000084 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.03 | MS Windows icon resource - 9 icons, 256x256 |
RT_VERSION | 0x00968468 | 0x00000294 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.61 | data |
RT_MANIFEST | 0x009686fc | 0x000004ec | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.41 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
---|---|---|
Bkav | 未发现病毒 | 20201118 |
Elastic | malicious (high confidence) | 20201030 |
MicroWorld-eScan | Gen:Variant.Graftor.741529 | 20201119 |
FireEye | Generic.mg.39d4f3f68a4f288e | 20201119 |
CAT-QuickHeal | 未发现病毒 | 20201119 |
ALYac | 未发现病毒 | 20201119 |
Malwarebytes | PUP.Optional.ChinAd | 20201119 |
VIPRE | Trojan.Win32.Generic!BT | 20201119 |
SUPERAntiSpyware | 未发现病毒 | 20201113 |
K7AntiVirus | Unwanted-Program ( 00560ccc1 ) | 20201119 |
Alibaba | TrojanDownloader:Win32/Softcnapp.dd561666 | 20190527 |
K7GW | Unwanted-Program ( 00560ccc1 ) | 20201119 |
Cybereason | 未发现病毒 | 20190616 |
Invincea | Generic PUA GM (PUA) | 20201119 |
Baidu | 未发现病毒 | 20190318 |
Cyren | W32/Softcnapp.N.gen!Eldorado | 20201119 |
Symantec | ML.Attribute.HighConfidence | 20201118 |
TotalDefense | 未发现病毒 | 20201119 |
APEX | Malicious | 20201119 |
Avast | Win32:Adware-gen [Adw] | 20201119 |
ClamAV | 未发现病毒 | 20201118 |
Kaspersky | Trojan-Downloader.Win32.Agent.xxzmvz | 20201119 |
BitDefender | Gen:Variant.Graftor.741529 | 20201119 |
NANO-Antivirus | Riskware.Win32.Softcnapp.iayynn | 20201119 |
Paloalto | 未发现病毒 | 20201119 |
AegisLab | 未发现病毒 | 20201119 |
Tencent | Win32.Trojan-downloader.Agent.Lneq | 20201119 |
Ad-Aware | 未发现病毒 | 20201119 |
Emsisoft | Gen:Variant.Graftor.741529 (B) | 20201119 |
Comodo | 未发现病毒 | 20201119 |
F-Secure | Heuristic.HEUR/AGEN.1132089 | 20201119 |
DrWeb | Adware.Softcnapp.125 | 20201119 |
Zillya | Adware.Burden.Win32.1217 | 20201118 |
TrendMicro | TROJ_GEN.R01FC0PJU20 | 20201119 |
McAfee-GW-Edition | BehavesLike.Win32.Generic.tc | 20201118 |
CMC | 未发现病毒 | 20201118 |
Sophos | Generic PUA GM (PUA) | 20201119 |
Ikarus | PUA.Softcnapp | 20201118 |
Jiangmin | AdWare.Burden.jc | 20201118 |
Webroot | 未发现病毒 | 20201119 |
Avira | HEUR/AGEN.1132089 | 20201119 |
MAX | malware (ai score=84) | 20201119 |
Antiy-AVL | GrayWare[AdWare]/Win32.Burden | 20201119 |
Kingsoft | 未发现病毒 | 20201119 |
Microsoft | PUA:Win32/Softcnapp | 20201119 |
Gridinsoft | Adware.Softcnapp.vl!c | 20201119 |
Arcabit | 未发现病毒 | 20201119 |
ViRobot | 未发现病毒 | 20201119 |
ZoneAlarm | Trojan-Downloader.Win32.Agent.xxzmvz | 20201119 |
GData | Gen:Variant.Graftor.741529 | 20201119 |
Cynet | Malicious (score: 100) | 20201119 |
AhnLab-V3 | PUP/Win32.Softcnapp.C3863117 | 20201118 |
Acronis | 未发现病毒 | 20201023 |
McAfee | GenericRXLM-EC!39D4F3F68A4F | 20201119 |
TACHYON | 未发现病毒 | 20201119 |
VBA32 | BScope.Adware.Softcnapp | 20201118 |
Cylance | Unsafe | 20201119 |
Zoner | 未发现病毒 | 20201118 |
ESET-NOD32 | a variant of Win32/Softcnapp.BG potentially unwanted | 20201119 |
TrendMicro-HouseCall | TROJ_GEN.R01FC0PJU20 | 20201119 |
Rising | Adware.Agent!1.C6F0 (CLASSIC) | 20201119 |
Yandex | PUA.Burden!xacdSTCedUY | 20201117 |
SentinelOne | 未发现病毒 | 20201105 |
eGambit | Unsafe.AI_Score_99% | 20201119 |
Fortinet | Riskware/Agent | 20201119 |
BitDefenderTheta | 未发现病毒 | 20201113 |
AVG | Win32:Adware-gen [Adw] | 20201119 |
Panda | Trj/Genetic.gen | 20201118 |
CrowdStrike | 未发现病毒 | 20190702 |
Qihoo-360 | 未发现病毒 | 20201119 |
无主机纪录.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49164 | 104.75.169.10 acroipm.adobe.com | 80 |
192.168.122.201 | 49163 | 117.50.93.3 tj.wn51.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 56270 | 192.168.122.1 | 53 |
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
tj.wn51.com | A 117.50.93.3 | |
acroipm.adobe.com |
CNAME acroipm.adobe.com.edgesuite.net CNAME a1983.dscd.akamai.net A 104.75.169.10 A 104.75.169.8 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49164 | 104.75.169.10 acroipm.adobe.com | 80 |
192.168.122.201 | 49163 | 117.50.93.3 tj.wn51.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 56270 | 192.168.122.1 | 53 |
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://tj.wn51.com/?cd831=674200d4ccb6c2e61b36c5d30e768d3c | GET /?cd831=674200d4ccb6c2e61b36c5d30e768d3c HTTP/1.1 Host: tj.wn51.com Accept: */* |
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
No TLS
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 592510 |
---|---|
Mongo ID | 5fc45bc87e769a09e1a51d87 |
Cuckoo release | 1.4-Maldun |