分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2020-11-30 12:01:40 2020-11-30 12:03:41 121 秒

魔盾分数

10.0

Malicious病毒

文件详细信息

文件名 Steam一键授权工具.exe
文件大小 901120 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 e07f5616dd0a367d7fa2a25213a50e38
SHA1 f11296f15350587363d012343f139fa0d18b6688
SHA256 73a226d69404704c52ed802d5c1ad6f47639a3a1faf4143860d9ba1b0c5e91be
SHA512 63c5107d63266469a3ffd202ee88a1a9862cda31bf9df58537d1cfc745554247cb7a0c627a8fa97ee0f72e334dbcedd794a9cf19527efdf4710e32fb56ed4bd7
CRC32 A8FA06A0
Ssdeep 12288:wc2zmx2sg8HpkFZpQQBZgqPsJ9Xl5ak5uGD1OUMdzmQK4Z/eMXRCHAk:wrzmBg8JkvpQKZgSsJB6dyQKI/eIW
Yara 登录查看Yara规则
样本下载 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
A 23.218.94.163
CNAME a1983.dscd.akamai.net
A 23.218.94.155

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0047e05a
声明校验值 0x00000000
实际校验值 0x000e5513
最低操作系统版本要求 4.0
编译时间 2020-04-19 00:07:27
载入哈希 7d26f94f3de14a5ee881a0308abfd577
图标
图标精确哈希值 44000d15a4585e52424408bb9ea67707
图标相似性哈希值 e87e8418a822cf16dc8ff3a66d1b06b6

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0009d4b6 0x0009e000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.58
.rdata 0x0009f000 0x0001af8e 0x0001b000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.73
.data 0x000ba000 0x0005942a 0x00018000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.98
.rsrc 0x00114000 0x00009290 0x0000a000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.20

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TEXTINCLUDE 0x00114c18 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x00114c18 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x00114c18 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
RT_CURSOR 0x00115108 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x00115108 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x00115108 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x00115108 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_BITMAP 0x0011697c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0011697c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0011697c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0011697c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0011697c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0011697c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0011697c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0011697c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0011697c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0011697c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0011697c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0011697c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0011697c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0011697c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0011697c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_ICON 0x00116ed0 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL 5.02 dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 14745599, next used block 4294903552
RT_ICON 0x00116ed0 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL 5.02 dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 14745599, next used block 4294903552
RT_ICON 0x00116ed0 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL 5.02 dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 14745599, next used block 4294903552
RT_MENU 0x0011b104 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_MENU 0x0011b104 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_DIALOG 0x0011c34c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x0011c34c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x0011c34c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x0011c34c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x0011c34c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x0011c34c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x0011c34c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x0011c34c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x0011c34c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x0011c34c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_STRING 0x0011cd94 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0011cd94 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0011cd94 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0011cd94 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0011cd94 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0011cd94 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0011cd94 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0011cd94 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0011cd94 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0011cd94 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0011cd94 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_GROUP_CURSOR 0x0011cde0 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x0011cde0 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x0011cde0 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON 0x0011ce2c 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x0011ce2c 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x0011ce2c 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION 0x0011ce40 0x00000280 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.22 8086 relocatable (Microsoft)
RT_MANIFEST 0x0011d0c0 0x000001cd LANG_NEUTRAL SUBLANG_NEUTRAL 5.08 XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: WINMM.dll:
0x49f658 midiStreamOut
0x49f668 waveOutWrite
0x49f66c waveOutPause
0x49f670 waveOutReset
0x49f674 waveOutClose
0x49f678 waveOutGetNumDevs
0x49f67c waveOutOpen
0x49f684 midiStreamStop
0x49f688 midiOutReset
0x49f68c midiStreamClose
0x49f690 midiStreamRestart
0x49f694 waveOutRestart
0x49f698 midiStreamOpen
0x49f69c midiStreamProperty
库: WS2_32.dll:
0x49f6b4 WSAAsyncSelect
0x49f6b8 closesocket
0x49f6bc WSACleanup
0x49f6c0 inet_ntoa
0x49f6c4 ntohl
0x49f6c8 recvfrom
0x49f6cc ioctlsocket
0x49f6d0 recv
0x49f6d4 accept
0x49f6d8 getpeername
库: KERNEL32.dll:
0x49f174 SetLastError
0x49f17c GetVersion
0x49f180 TerminateThread
0x49f184 CreateMutexA
0x49f188 ReleaseMutex
0x49f18c SuspendThread
0x49f190 GetACP
0x49f194 HeapSize
0x49f198 RaiseException
0x49f19c GetLocalTime
0x49f1a0 GetSystemTime
0x49f1a4 RtlUnwind
0x49f1a8 GetStartupInfoA
0x49f1ac GetOEMCP
0x49f1b0 GetCPInfo
0x49f1b4 GetProcessVersion
0x49f1b8 SetErrorMode
0x49f1bc GlobalFlags
0x49f1c0 GetCurrentThread
0x49f1c4 GetFileTime
0x49f1c8 TlsGetValue
0x49f1cc LocalReAlloc
0x49f1d0 TlsSetValue
0x49f1d4 TlsFree
0x49f1d8 GlobalHandle
0x49f1dc TlsAlloc
0x49f1e0 LocalAlloc
0x49f1e4 lstrcmpA
0x49f1e8 GlobalGetAtomNameA
0x49f1ec GlobalAddAtomA
0x49f1f0 GlobalFindAtomA
0x49f1f4 GlobalDeleteAtom
0x49f1f8 lstrcmpiA
0x49f1fc SetEndOfFile
0x49f200 UnlockFile
0x49f204 LockFile
0x49f208 FlushFileBuffers
0x49f20c DuplicateHandle
0x49f210 lstrcpynA
0x49f21c LocalFree
0x49f228 OpenProcess
0x49f22c TerminateProcess
0x49f230 GetFileSize
0x49f234 SetFilePointer
0x49f23c Process32First
0x49f240 Process32Next
0x49f244 WideCharToMultiByte
0x49f248 MultiByteToWideChar
0x49f24c GetCurrentProcess
0x49f254 GetSystemDirectoryA
0x49f258 CreateSemaphoreA
0x49f25c ResumeThread
0x49f260 ReleaseSemaphore
0x49f26c GetProfileStringA
0x49f270 WriteFile
0x49f278 CreateFileA
0x49f27c SetEvent
0x49f280 FindResourceA
0x49f284 LoadResource
0x49f288 LockResource
0x49f28c ReadFile
0x49f290 GetModuleFileNameA
0x49f294 GetCurrentThreadId
0x49f298 ExitProcess
0x49f29c GlobalSize
0x49f2a0 GlobalFree
0x49f2ac lstrcatA
0x49f2b0 lstrlenA
0x49f2b4 WinExec
0x49f2b8 InterlockedExchange
0x49f2bc lstrcpyA
0x49f2c0 FindNextFileA
0x49f2c4 GlobalReAlloc
0x49f2c8 HeapFree
0x49f2cc HeapReAlloc
0x49f2d0 GetProcessHeap
0x49f2d4 HeapAlloc
0x49f2d8 GetFullPathNameA
0x49f2dc FreeLibrary
0x49f2e0 LoadLibraryA
0x49f2e4 GetLastError
0x49f2e8 GetVersionExA
0x49f2f0 CreateThread
0x49f2f4 CreateEventA
0x49f2f8 Sleep
0x49f300 GlobalAlloc
0x49f304 GlobalLock
0x49f308 GlobalUnlock
0x49f30c GetTempPathA
0x49f310 FindFirstFileA
0x49f314 FindClose
0x49f318 SetFileAttributesA
0x49f31c GetFileAttributesA
0x49f320 DeleteFileA
0x49f32c GetModuleHandleA
0x49f330 GetProcAddress
0x49f334 MulDiv
0x49f338 GetCommandLineA
0x49f33c GetTickCount
0x49f340 CreateProcessA
0x49f344 WaitForSingleObject
0x49f348 CloseHandle
0x49f360 SetHandleCount
0x49f364 GetStdHandle
0x49f368 GetFileType
0x49f370 HeapDestroy
0x49f374 HeapCreate
0x49f378 VirtualFree
0x49f380 LCMapStringA
0x49f384 LCMapStringW
0x49f388 VirtualAlloc
0x49f38c IsBadWritePtr
0x49f394 GetStringTypeA
0x49f398 GetStringTypeW
0x49f39c CompareStringA
0x49f3a0 CompareStringW
0x49f3a4 IsBadReadPtr
0x49f3a8 IsBadCodePtr
0x49f3ac SetStdHandle
库: USER32.dll:
0x49f3e0 GetMenu
0x49f3e4 SetMenu
0x49f3e8 PeekMessageA
0x49f3ec IsIconic
0x49f3f0 SetFocus
0x49f3f4 GetActiveWindow
0x49f3f8 GetWindow
0x49f400 SetWindowRgn
0x49f404 DeleteMenu
0x49f408 GetSystemMenu
0x49f40c DefWindowProcA
0x49f410 GetClassInfoA
0x49f414 IsZoomed
0x49f418 PostQuitMessage
0x49f420 GetKeyState
0x49f428 IsWindowEnabled
0x49f42c ShowWindow
0x49f434 LoadImageA
0x49f43c ClientToScreen
0x49f440 EnableMenuItem
0x49f444 GetSubMenu
0x49f448 GetDlgCtrlID
0x49f450 CreateMenu
0x49f454 ModifyMenuA
0x49f458 AppendMenuA
0x49f45c GetMessagePos
0x49f460 ScreenToClient
0x49f464 CreatePopupMenu
0x49f468 CopyRect
0x49f46c LoadBitmapA
0x49f470 WinHelpA
0x49f474 KillTimer
0x49f478 SetTimer
0x49f47c ReleaseCapture
0x49f480 GetCapture
0x49f484 SetCapture
0x49f488 GetScrollRange
0x49f48c SetScrollRange
0x49f490 SetScrollPos
0x49f494 SetRect
0x49f498 InflateRect
0x49f49c IntersectRect
0x49f4a0 DestroyIcon
0x49f4a4 PtInRect
0x49f4a8 OffsetRect
0x49f4ac GetSysColorBrush
0x49f4b0 IsWindowVisible
0x49f4b4 EnableWindow
0x49f4b8 RedrawWindow
0x49f4bc GetWindowLongA
0x49f4c0 SetWindowLongA
0x49f4c4 GetSysColor
0x49f4c8 SetActiveWindow
0x49f4cc SetCursorPos
0x49f4d0 LoadCursorA
0x49f4d4 SetCursor
0x49f4d8 GetDC
0x49f4dc FillRect
0x49f4e0 IsRectEmpty
0x49f4e4 ReleaseDC
0x49f4e8 IsChild
0x49f4ec DestroyMenu
0x49f4f0 SetForegroundWindow
0x49f4f4 GetWindowRect
0x49f4f8 EqualRect
0x49f4fc UpdateWindow
0x49f500 ValidateRect
0x49f504 InvalidateRect
0x49f508 GetClientRect
0x49f50c GetFocus
0x49f510 GetParent
0x49f514 GetTopWindow
0x49f518 PostMessageA
0x49f51c IsWindow
0x49f520 SetParent
0x49f524 DestroyCursor
0x49f528 SendMessageA
0x49f52c SetWindowPos
0x49f530 MessageBoxA
0x49f534 GetCursorPos
0x49f538 GetSystemMetrics
0x49f53c EmptyClipboard
0x49f540 SetClipboardData
0x49f544 OpenClipboard
0x49f548 GetClipboardData
0x49f54c CloseClipboard
0x49f550 wsprintfA
0x49f554 WaitForInputIdle
0x49f558 DrawIconEx
0x49f564 SetRectEmpty
0x49f568 DispatchMessageA
0x49f56c GetMessageA
0x49f570 WindowFromPoint
0x49f574 DrawFocusRect
0x49f578 DrawEdge
0x49f57c DrawFrameControl
0x49f580 TranslateMessage
0x49f584 LoadIconA
0x49f588 GetForegroundWindow
0x49f58c GetDesktopWindow
0x49f590 GetClassNameA
0x49f598 FindWindowA
0x49f59c GetDlgItem
0x49f5a0 GetWindowTextA
0x49f5a8 UnregisterClassA
0x49f5b4 CharUpperA
0x49f5b8 GetWindowDC
0x49f5bc BeginPaint
0x49f5c0 EndPaint
0x49f5c4 TabbedTextOutA
0x49f5c8 DrawTextA
0x49f5cc GrayStringA
0x49f5d0 DestroyWindow
0x49f5d8 EndDialog
0x49f5dc GetNextDlgTabItem
0x49f5e0 GetWindowPlacement
0x49f5e8 GetLastActivePopup
0x49f5ec GetMessageTime
0x49f5f0 RemovePropA
0x49f5f4 CallWindowProcA
0x49f5f8 GetPropA
0x49f5fc UnhookWindowsHookEx
0x49f600 SetPropA
0x49f604 GetClassLongA
0x49f608 CallNextHookEx
0x49f60c SetWindowsHookExA
0x49f610 CreateWindowExA
0x49f614 GetMenuItemID
0x49f618 GetMenuItemCount
0x49f61c RegisterClassA
0x49f620 GetScrollPos
0x49f624 AdjustWindowRectEx
0x49f628 MapWindowPoints
0x49f62c SendDlgItemMessageA
0x49f630 ScrollWindowEx
0x49f634 IsDialogMessageA
0x49f638 SetWindowTextA
0x49f63c MoveWindow
0x49f640 CheckMenuItem
0x49f644 SetMenuItemBitmaps
0x49f648 GetMenuState
0x49f650 LoadStringA
库: GDI32.dll:
0x49f028 PtVisible
0x49f02c GetViewportExtEx
0x49f030 ExtSelectClipRgn
0x49f034 CreateSolidBrush
0x49f038 GetStockObject
0x49f03c CreateFontIndirectA
0x49f040 EndPage
0x49f044 EndDoc
0x49f048 DeleteDC
0x49f04c StartDocA
0x49f050 StartPage
0x49f054 BitBlt
0x49f058 CreateCompatibleDC
0x49f05c Ellipse
0x49f060 Rectangle
0x49f064 LPtoDP
0x49f068 DPtoLP
0x49f06c GetCurrentObject
0x49f070 RectVisible
0x49f078 GetDeviceCaps
0x49f080 SetBkColor
0x49f084 LineTo
0x49f088 MoveToEx
0x49f08c ExcludeClipRect
0x49f090 GetClipBox
0x49f094 ScaleWindowExtEx
0x49f098 SetWindowExtEx
0x49f09c SetWindowOrgEx
0x49f0a0 TextOutA
0x49f0a4 ExtTextOutA
0x49f0a8 Escape
0x49f0ac GetTextMetricsA
0x49f0b0 FillRgn
0x49f0b4 CreateRectRgn
0x49f0b8 CombineRgn
0x49f0bc PatBlt
0x49f0c0 CreatePen
0x49f0c4 GetObjectA
0x49f0c8 SelectObject
0x49f0cc CreateBitmap
0x49f0d0 CreateDCA
0x49f0d8 GetPolyFillMode
0x49f0dc GetStretchBltMode
0x49f0e0 GetROP2
0x49f0e4 GetBkColor
0x49f0e8 GetBkMode
0x49f0ec GetTextColor
0x49f0f0 CreateRoundRectRgn
0x49f0f4 CreateEllipticRgn
0x49f0f8 PathToRegion
0x49f0fc EndPath
0x49f100 ScaleViewportExtEx
0x49f104 SetViewportExtEx
0x49f108 OffsetViewportOrgEx
0x49f10c SetViewportOrgEx
0x49f110 SetMapMode
0x49f114 SetTextColor
0x49f118 SetROP2
0x49f11c SetPolyFillMode
0x49f120 BeginPath
0x49f124 GetWindowOrgEx
0x49f128 GetViewportOrgEx
0x49f12c GetWindowExtEx
0x49f130 GetDIBits
0x49f134 RealizePalette
0x49f138 SelectPalette
0x49f13c StretchBlt
0x49f140 CreatePalette
0x49f148 DeleteObject
0x49f14c SelectClipRgn
0x49f150 CreatePolygonRgn
0x49f154 GetClipRgn
0x49f158 RoundRect
0x49f15c CreateDIBitmap
0x49f160 SetBkMode
0x49f164 RestoreDC
0x49f168 SaveDC
0x49f16c SetStretchBltMode
库: WINSPOOL.DRV:
0x49f6a4 OpenPrinterA
0x49f6a8 DocumentPropertiesA
0x49f6ac ClosePrinter
库: ADVAPI32.dll:
0x49f000 RegQueryValueExA
0x49f004 RegOpenKeyExA
0x49f008 RegSetValueExA
0x49f00c RegQueryValueA
0x49f010 RegCreateKeyExA
0x49f014 RegCloseKey
库: SHELL32.dll:
0x49f3c8 ShellExecuteA
0x49f3cc Shell_NotifyIconA
0x49f3d0 SHGetMalloc
0x49f3d8 SHBrowseForFolderA
库: ole32.dll:
0x49f6f4 CLSIDFromString
0x49f6f8 OleUninitialize
0x49f6fc OleInitialize
库: OLEAUT32.dll:
0x49f3b4 LoadTypeLib
0x49f3b8 RegisterTypeLib
0x49f3bc UnRegisterTypeLib
库: COMCTL32.dll:
0x49f01c None
0x49f020 ImageList_Destroy
库: comdlg32.dll:
0x49f6e0 ChooseColorA
0x49f6e4 GetFileTitleA
0x49f6e8 GetSaveFileNameA
0x49f6ec GetOpenFileNameA

.text
`.rdata
@.data
.rsrc
8`}<j
T$hVj
T$th
|$`Vj
F<D~J
D$$T}J
D$@Sj
L$8h
D$8Rj
l$<VWj
T$ Rj
L$4S+L$0Qj
jjjjh
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav W32.AIDetectVM.malware 20200425
MicroWorld-eScan 未发现病毒 20200425
FireEye Generic.mg.e07f5616dd0a367d 20200316
CAT-QuickHeal Risktool.Flystudio.16885 20200425
Qihoo-360 Generic/HEUR/QVM07.1.AD05.Malware.Gen 20200425
McAfee 未发现病毒 20200425
Cylance Unsafe 20200425
VIPRE 未发现病毒 20200425
Sangfor 未发现病毒 20200423
K7AntiVirus Trojan ( 005246d51 ) 20200407
BitDefender 未发现病毒 20200425
K7GW Trojan ( 005246d51 ) 20200425
Cybereason malicious.153505 20190616
TrendMicro 未发现病毒 20200425
Baidu 未发现病毒 20190318
F-Prot W32/Agent.EW.gen!Eldorado 20200425
Symantec ML.Attribute.HighConfidence 20200424
TotalDefense Win32/Oflwr.A!crypt 20200425
APEX Malicious 20200425
Avast 未发现病毒 20200425
ClamAV Win.Malware.Zusy-6840460-0 20200425
Kaspersky 未发现病毒 20200425
Alibaba Ransom:Win32/Wannaren.a63749a2 20190527
NANO-Antivirus 未发现病毒 20200425
ViRobot 未发现病毒 20200425
AegisLab 未发现病毒 20200425
Tencent 未发现病毒 20200425
Ad-Aware 未发现病毒 20200425
Emsisoft 未发现病毒 20200425
Comodo Worm.Win32.Dropper.RA@1qraug 20200425
F-Secure 未发现病毒 20200425
DrWeb 未发现病毒 20200425
Zillya 未发现病毒 20200424
Invincea heuristic 20200407
McAfee-GW-Edition BehavesLike.Win32.Generic.ch 20200425
Trapmine malicious.high.ml.score 20200123
CMC 未发现病毒 20190321
Sophos 未发现病毒 20200425
SentinelOne DFI - Malicious PE 20200406
Cyren W32/Agent.EW.gen!Eldorado 20200425
Jiangmin 未发现病毒 20200425
Webroot 未发现病毒 20200425
Avira 未发现病毒 20200425
Antiy-AVL GrayWare/Win32.FlyStudio.a 20200425
Kingsoft 未发现病毒 20200425
Microsoft Trojan:Win32/Wacatac.D!ml 20200425
Endgame malicious (high confidence) 20200226
Arcabit 未发现病毒 20200425
SUPERAntiSpyware Trojan.Agent/Gen-OnlineGames 20200424
ZoneAlarm 未发现病毒 20200425
Avast-Mobile 未发现病毒 20200424
GData Win32.Application.PUPStudio.A 20200425
TACHYON 未发现病毒 20200425
AhnLab-V3 未发现病毒 20200425
Acronis suspicious 20200422
BitDefenderTheta Gen:NN.ZexaF.34106.3q0@aiNUNgdb 20200408
ALYac 未发现病毒 20200425
MAX 未发现病毒 20200425
VBA32 未发现病毒 20200424
Malwarebytes 未发现病毒 20200425
Panda 未发现病毒 20200425
Zoner 未发现病毒 20200424
ESET-NOD32 a variant of Win32/Packed.FlyStudio.AA potentially unwanted 20200425
TrendMicro-HouseCall 未发现病毒 20200425
Rising Malware.Heuristic!ET#98% (RDMK:cmRtazqiM759+vcVU04hUdbH+baS) 20200425
Yandex 未发现病毒 20200425
Ikarus PUA.Virbox 20200425
eGambit Unsafe.AI_Score_99% 20200425
Fortinet W32/QQWare.A!tr 20200425
AVG 未发现病毒 20200425
Paloalto 未发现病毒 20200425
CrowdStrike win/malicious_confidence_100% (D) 20190702
MaxSecure Trojan.Malware.300983.susgen 20200425

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49159 23.218.94.163 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
A 23.218.94.163
CNAME a1983.dscd.akamai.net
A 23.218.94.155

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49159 23.218.94.163 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 13.332 seconds )

  • 10.723 Suricata
  • 0.997 Static
  • 0.763 NetworkAnalysis
  • 0.38 TargetInfo
  • 0.333 peid
  • 0.107 VirusTotal
  • 0.012 Strings
  • 0.011 AnalysisInfo
  • 0.002 BehaviorAnalysis
  • 0.002 Memory
  • 0.002 config_decoder

Signatures ( 1.46 seconds )

  • 1.379 md_url_bl
  • 0.011 antiav_detectreg
  • 0.011 md_domain_bl
  • 0.005 anomaly_persistence_autorun
  • 0.005 antiav_detectfile
  • 0.005 infostealer_ftp
  • 0.004 geodo_banking_trojan
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_im
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 rat_nanocore
  • 0.002 antianalysis_detectreg
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.002 network_torgateway
  • 0.001 betabot_behavior
  • 0.001 cerber_behavior
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http

Reporting ( 0.533 seconds )

  • 0.533 ReportHTMLSummary
Task ID 592558
Mongo ID 5fc46f317e769a09e2a4d1fe
Cuckoo release 1.4-Maldun