分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2020-11-30 12:01:40 | 2020-11-30 12:03:41 | 121 秒 |
文件名 | Steam一键授权工具.exe |
---|---|
文件大小 | 901120 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | e07f5616dd0a367d7fa2a25213a50e38 |
SHA1 | f11296f15350587363d012343f139fa0d18b6688 |
SHA256 | 73a226d69404704c52ed802d5c1ad6f47639a3a1faf4143860d9ba1b0c5e91be |
SHA512 | 63c5107d63266469a3ffd202ee88a1a9862cda31bf9df58537d1cfc745554247cb7a0c627a8fa97ee0f72e334dbcedd794a9cf19527efdf4710e32fb56ed4bd7 |
CRC32 | A8FA06A0 |
Ssdeep | 12288:wc2zmx2sg8HpkFZpQQBZgqPsJ9Xl5ak5uGD1OUMdzmQK4Z/eMXRCHAk:wrzmBg8JkvpQKZgSsJB6dyQKI/eIW |
Yara | 登录查看Yara规则 |
样本下载 提交误报 |
无主机纪录.
域名 | 安全评级 | 响应 |
---|---|---|
acroipm.adobe.com |
CNAME acroipm.adobe.com.edgesuite.net A 23.218.94.163 CNAME a1983.dscd.akamai.net A 23.218.94.155 |
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x0047e05a |
声明校验值 | 0x00000000 |
实际校验值 | 0x000e5513 |
最低操作系统版本要求 | 4.0 |
编译时间 | 2020-04-19 00:07:27 |
载入哈希 | 7d26f94f3de14a5ee881a0308abfd577 |
图标 | |
图标精确哈希值 | 44000d15a4585e52424408bb9ea67707 |
图标相似性哈希值 | e87e8418a822cf16dc8ff3a66d1b06b6 |
LegalCopyright | |
---|---|
FileVersion | |
Comments | |
ProductName | |
ProductVersion | |
FileDescription | |
Translation |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x0009d4b6 | 0x0009e000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.58 |
.rdata | 0x0009f000 | 0x0001af8e | 0x0001b000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.73 |
.data | 0x000ba000 | 0x0005942a | 0x00018000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.98 |
.rsrc | 0x00114000 | 0x00009290 | 0x0000a000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.20 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
TEXTINCLUDE | 0x00114c18 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
TEXTINCLUDE | 0x00114c18 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
TEXTINCLUDE | 0x00114c18 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
RT_CURSOR | 0x00115108 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
RT_CURSOR | 0x00115108 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
RT_CURSOR | 0x00115108 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
RT_CURSOR | 0x00115108 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
RT_BITMAP | 0x0011697c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x0011697c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x0011697c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x0011697c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x0011697c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x0011697c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x0011697c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x0011697c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x0011697c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x0011697c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x0011697c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x0011697c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x0011697c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x0011697c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x0011697c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_ICON | 0x00116ed0 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.02 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 14745599, next used block 4294903552 |
RT_ICON | 0x00116ed0 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.02 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 14745599, next used block 4294903552 |
RT_ICON | 0x00116ed0 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.02 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 14745599, next used block 4294903552 |
RT_MENU | 0x0011b104 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
RT_MENU | 0x0011b104 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
RT_DIALOG | 0x0011c34c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x0011c34c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x0011c34c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x0011c34c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x0011c34c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x0011c34c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x0011c34c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x0011c34c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x0011c34c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x0011c34c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_STRING | 0x0011cd94 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x0011cd94 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x0011cd94 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x0011cd94 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x0011cd94 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x0011cd94 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x0011cd94 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x0011cd94 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x0011cd94 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x0011cd94 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x0011cd94 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_GROUP_CURSOR | 0x0011cde0 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x0011cde0 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x0011cde0 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_ICON | 0x0011ce2c | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_GROUP_ICON | 0x0011ce2c | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_GROUP_ICON | 0x0011ce2c | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_VERSION | 0x0011ce40 | 0x00000280 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.22 | 8086 relocatable (Microsoft) |
RT_MANIFEST | 0x0011d0c0 | 0x000001cd | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.08 | XML 1.0 document, ASCII text, with very long lines, with no line terminators |
防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
---|---|---|
Bkav | W32.AIDetectVM.malware | 20200425 |
MicroWorld-eScan | 未发现病毒 | 20200425 |
FireEye | Generic.mg.e07f5616dd0a367d | 20200316 |
CAT-QuickHeal | Risktool.Flystudio.16885 | 20200425 |
Qihoo-360 | Generic/HEUR/QVM07.1.AD05.Malware.Gen | 20200425 |
McAfee | 未发现病毒 | 20200425 |
Cylance | Unsafe | 20200425 |
VIPRE | 未发现病毒 | 20200425 |
Sangfor | 未发现病毒 | 20200423 |
K7AntiVirus | Trojan ( 005246d51 ) | 20200407 |
BitDefender | 未发现病毒 | 20200425 |
K7GW | Trojan ( 005246d51 ) | 20200425 |
Cybereason | malicious.153505 | 20190616 |
TrendMicro | 未发现病毒 | 20200425 |
Baidu | 未发现病毒 | 20190318 |
F-Prot | W32/Agent.EW.gen!Eldorado | 20200425 |
Symantec | ML.Attribute.HighConfidence | 20200424 |
TotalDefense | Win32/Oflwr.A!crypt | 20200425 |
APEX | Malicious | 20200425 |
Avast | 未发现病毒 | 20200425 |
ClamAV | Win.Malware.Zusy-6840460-0 | 20200425 |
Kaspersky | 未发现病毒 | 20200425 |
Alibaba | Ransom:Win32/Wannaren.a63749a2 | 20190527 |
NANO-Antivirus | 未发现病毒 | 20200425 |
ViRobot | 未发现病毒 | 20200425 |
AegisLab | 未发现病毒 | 20200425 |
Tencent | 未发现病毒 | 20200425 |
Ad-Aware | 未发现病毒 | 20200425 |
Emsisoft | 未发现病毒 | 20200425 |
Comodo | Worm.Win32.Dropper.RA@1qraug | 20200425 |
F-Secure | 未发现病毒 | 20200425 |
DrWeb | 未发现病毒 | 20200425 |
Zillya | 未发现病毒 | 20200424 |
Invincea | heuristic | 20200407 |
McAfee-GW-Edition | BehavesLike.Win32.Generic.ch | 20200425 |
Trapmine | malicious.high.ml.score | 20200123 |
CMC | 未发现病毒 | 20190321 |
Sophos | 未发现病毒 | 20200425 |
SentinelOne | DFI - Malicious PE | 20200406 |
Cyren | W32/Agent.EW.gen!Eldorado | 20200425 |
Jiangmin | 未发现病毒 | 20200425 |
Webroot | 未发现病毒 | 20200425 |
Avira | 未发现病毒 | 20200425 |
Antiy-AVL | GrayWare/Win32.FlyStudio.a | 20200425 |
Kingsoft | 未发现病毒 | 20200425 |
Microsoft | Trojan:Win32/Wacatac.D!ml | 20200425 |
Endgame | malicious (high confidence) | 20200226 |
Arcabit | 未发现病毒 | 20200425 |
SUPERAntiSpyware | Trojan.Agent/Gen-OnlineGames | 20200424 |
ZoneAlarm | 未发现病毒 | 20200425 |
Avast-Mobile | 未发现病毒 | 20200424 |
GData | Win32.Application.PUPStudio.A | 20200425 |
TACHYON | 未发现病毒 | 20200425 |
AhnLab-V3 | 未发现病毒 | 20200425 |
Acronis | suspicious | 20200422 |
BitDefenderTheta | Gen:NN.ZexaF.34106.3q0@aiNUNgdb | 20200408 |
ALYac | 未发现病毒 | 20200425 |
MAX | 未发现病毒 | 20200425 |
VBA32 | 未发现病毒 | 20200424 |
Malwarebytes | 未发现病毒 | 20200425 |
Panda | 未发现病毒 | 20200425 |
Zoner | 未发现病毒 | 20200424 |
ESET-NOD32 | a variant of Win32/Packed.FlyStudio.AA potentially unwanted | 20200425 |
TrendMicro-HouseCall | 未发现病毒 | 20200425 |
Rising | Malware.Heuristic!ET#98% (RDMK:cmRtazqiM759+vcVU04hUdbH+baS) | 20200425 |
Yandex | 未发现病毒 | 20200425 |
Ikarus | PUA.Virbox | 20200425 |
eGambit | Unsafe.AI_Score_99% | 20200425 |
Fortinet | W32/QQWare.A!tr | 20200425 |
AVG | 未发现病毒 | 20200425 |
Paloalto | 未发现病毒 | 20200425 |
CrowdStrike | win/malicious_confidence_100% (D) | 20190702 |
MaxSecure | Trojan.Malware.300983.susgen | 20200425 |
无主机纪录.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49159 | 23.218.94.163 acroipm.adobe.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
acroipm.adobe.com |
CNAME acroipm.adobe.com.edgesuite.net A 23.218.94.163 CNAME a1983.dscd.akamai.net A 23.218.94.155 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49159 | 23.218.94.163 acroipm.adobe.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
No TLS
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 592558 |
---|---|
Mongo ID | 5fc46f317e769a09e2a4d1fe |
Cuckoo release | 1.4-Maldun |