比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2020-11-30 12:59:53 2020-11-30 13:00:23 30 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 2.exe
文件大小 1032192 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 cd8f2d41c2e53af5d21d6f749877eb48
SHA1 056a4114593cfca49fd71936ad1764b7375d9a24
SHA256 ef26d2ac30ad2092683ad461159961c99e8fd6746f2c0eb59d4d99c43d06941d
SHA512 0f037994f513c23cfc078d123cdb6e23d666e79d9abf309169ecf65464968b7f4a10fbe54c003bb6172ac27b6dcf12a99eb2998d172f26acff8c058dda9362cf
CRC32 A964F61A
Ssdeep 24576:NAI0+MMleATy9YPbkCx/XT6AA3O8ZVjYIBpDds+oBq:NAIBko/OFJrBp++H
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 23.63.75.34
A 23.63.75.9

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004883c8
声明校验值 0x00000000
实际校验值 0x00105ff4
最低操作系统版本要求 4.0
编译时间 2020-07-05 23:54:11
载入哈希 8ba0f071fd62f26bb6319ad85c51a746
图标
图标精确哈希值 30aa988a4602603bb4b92b24d422bf3b
图标相似性哈希值 3a53e744bf59e0be645925b543465196

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000a9656 0x000aa000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.52
.rdata 0x000ab000 0x000360c4 0x00037000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.97
.data 0x000e2000 0x0004ecaa 0x00011000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.03
.rsrc 0x00131000 0x00008be4 0x00009000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.63

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TEXTINCLUDE 0x00131e08 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x00131e08 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x00131e08 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
RT_CURSOR 0x00132614 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 3.07 data
RT_CURSOR 0x00132614 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 3.07 data
RT_CURSOR 0x00132614 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 3.07 data
RT_CURSOR 0x00132614 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 3.07 data
RT_CURSOR 0x00132614 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 3.07 data
RT_CURSOR 0x00132614 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 3.07 data
RT_CURSOR 0x00132614 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 3.07 data
RT_BITMAP 0x00134f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00134f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00134f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00134f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00134f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00134f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00134f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00134f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00134f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00134f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00134f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00134f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00134f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00134f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00134f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00134f0c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_ICON 0x00135460 0x000025a8 LANG_NEUTRAL SUBLANG_NEUTRAL 5.40 dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0
RT_ICON 0x00135460 0x000025a8 LANG_NEUTRAL SUBLANG_NEUTRAL 5.40 dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0
RT_ICON 0x00135460 0x000025a8 LANG_NEUTRAL SUBLANG_NEUTRAL 5.40 dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0
RT_MENU 0x00137a14 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_MENU 0x00137a14 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_DIALOG 0x00138c5c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00138c5c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00138c5c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00138c5c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00138c5c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00138c5c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00138c5c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00138c5c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00138c5c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00138c5c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_STRING 0x001396a4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001396a4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001396a4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001396a4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001396a4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001396a4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001396a4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001396a4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001396a4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001396a4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x001396a4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_GROUP_CURSOR 0x0013972c 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x0013972c 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x0013972c 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x0013972c 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x0013972c 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x0013972c 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON 0x00139778 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x00139778 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x00139778 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION 0x0013978c 0x00000250 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.32 data
RT_MANIFEST 0x001399dc 0x00000206 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.05 XML 1.0 document, ASCII text, with CRLF line terminators

导入

库: WINMM.dll:
0x4ab6bc midiStreamOut
0x4ab6cc waveOutWrite
0x4ab6d0 waveOutPause
0x4ab6d4 waveOutReset
0x4ab6d8 waveOutClose
0x4ab6dc waveOutGetNumDevs
0x4ab6e0 waveOutOpen
0x4ab6e8 midiStreamOpen
0x4ab6ec midiStreamStop
0x4ab6f0 midiOutReset
0x4ab6f4 midiStreamClose
0x4ab6f8 midiStreamRestart
0x4ab6fc midiStreamProperty
库: WS2_32.dll:
0x4ab714 htonl
0x4ab718 bind
0x4ab71c htons
0x4ab720 WSAAsyncSelect
0x4ab724 closesocket
0x4ab728 send
0x4ab72c socket
0x4ab730 WSACleanup
0x4ab734 WSAStartup
0x4ab738 gethostbyname
0x4ab73c sendto
0x4ab740 recvfrom
0x4ab744 ioctlsocket
0x4ab748 connect
0x4ab74c recv
0x4ab750 listen
0x4ab754 getpeername
0x4ab758 inet_ntoa
0x4ab75c inet_addr
0x4ab760 accept
0x4ab764 getsockname
0x4ab768 select
0x4ab76c ntohs
0x4ab770 __WSAFDIsSet
0x4ab774 gethostname
库: KERNEL32.dll:
0x4ab1b4 GetVersion
0x4ab1b8 GetACP
0x4ab1bc HeapSize
0x4ab1c0 RaiseException
0x4ab1c4 GetLocalTime
0x4ab1c8 GetSystemTime
0x4ab1cc RtlUnwind
0x4ab1d0 GetOEMCP
0x4ab1d4 GetCPInfo
0x4ab1d8 GetProcessVersion
0x4ab1dc SetErrorMode
0x4ab1e0 GlobalFlags
0x4ab1e4 GetCurrentThread
0x4ab1e8 GetFileTime
0x4ab1ec TlsGetValue
0x4ab1f0 LocalReAlloc
0x4ab1f4 TlsSetValue
0x4ab1f8 TlsFree
0x4ab1fc GlobalHandle
0x4ab200 TlsAlloc
0x4ab204 LocalAlloc
0x4ab208 lstrcmpA
0x4ab20c GlobalGetAtomNameA
0x4ab210 GlobalAddAtomA
0x4ab214 GlobalFindAtomA
0x4ab218 GlobalDeleteAtom
0x4ab21c lstrcmpiA
0x4ab220 SetEndOfFile
0x4ab224 UnlockFile
0x4ab228 LockFile
0x4ab22c FlushFileBuffers
0x4ab230 DuplicateHandle
0x4ab234 lstrcpynA
0x4ab240 LocalFree
0x4ab24c SetLastError
0x4ab250 OpenProcess
0x4ab254 TerminateProcess
0x4ab258 GetFileSize
0x4ab25c SetFilePointer
0x4ab264 Process32First
0x4ab268 Process32Next
0x4ab26c WideCharToMultiByte
0x4ab270 MultiByteToWideChar
0x4ab274 GetCurrentProcess
0x4ab27c GetSystemDirectoryA
0x4ab280 CreateSemaphoreA
0x4ab284 ResumeThread
0x4ab288 ReleaseSemaphore
0x4ab294 GetProfileStringA
0x4ab298 WriteFile
0x4ab29c ReadFile
0x4ab2a0 GetLastError
0x4ab2a8 CreateFileA
0x4ab2ac SetEvent
0x4ab2b0 FindResourceA
0x4ab2b4 LoadResource
0x4ab2b8 LockResource
0x4ab2bc RemoveDirectoryA
0x4ab2c0 GetModuleFileNameA
0x4ab2c4 GetCurrentThreadId
0x4ab2c8 ExitProcess
0x4ab2cc GlobalSize
0x4ab2d0 GlobalFree
0x4ab2dc lstrcatA
0x4ab2e0 WinExec
0x4ab2e4 lstrcpyA
0x4ab2e8 FindNextFileA
0x4ab2ec GetDriveTypeA
0x4ab2f0 GlobalReAlloc
0x4ab2f4 HeapFree
0x4ab2f8 HeapReAlloc
0x4ab2fc GetProcessHeap
0x4ab300 HeapAlloc
0x4ab304 GetFullPathNameA
0x4ab308 FreeLibrary
0x4ab30c LoadLibraryA
0x4ab310 lstrlenA
0x4ab314 GetVersionExA
0x4ab324 InterlockedExchange
0x4ab328 CreateThread
0x4ab32c CreateEventA
0x4ab330 Sleep
0x4ab334 GlobalAlloc
0x4ab338 GlobalLock
0x4ab33c GlobalUnlock
0x4ab340 GetTempPathA
0x4ab344 FindFirstFileA
0x4ab348 FindClose
0x4ab34c SetFileAttributesA
0x4ab350 GetFileAttributesA
0x4ab354 MoveFileA
0x4ab358 DeleteFileA
0x4ab35c CopyFileA
0x4ab360 CreateDirectoryA
0x4ab36c GetModuleHandleA
0x4ab370 GetProcAddress
0x4ab374 MulDiv
0x4ab378 GetCommandLineA
0x4ab37c GetTickCount
0x4ab380 WaitForSingleObject
0x4ab384 CloseHandle
0x4ab39c SetHandleCount
0x4ab3a0 GetStdHandle
0x4ab3a4 GetFileType
0x4ab3ac HeapDestroy
0x4ab3b0 HeapCreate
0x4ab3b4 VirtualFree
0x4ab3bc LCMapStringA
0x4ab3c0 LCMapStringW
0x4ab3c4 VirtualAlloc
0x4ab3c8 IsBadWritePtr
0x4ab3d0 GetStringTypeA
0x4ab3d4 GetStringTypeW
0x4ab3d8 CompareStringA
0x4ab3dc CompareStringW
0x4ab3e0 IsBadReadPtr
0x4ab3e4 IsBadCodePtr
0x4ab3e8 SetStdHandle
0x4ab3ec GetStartupInfoA
库: USER32.dll:
0x4ab428 IsWindowEnabled
0x4ab430 GetKeyState
0x4ab438 PostQuitMessage
0x4ab43c IsZoomed
0x4ab440 GetSystemMenu
0x4ab444 DeleteMenu
0x4ab448 GetClassInfoA
0x4ab44c DefWindowProcA
0x4ab450 GetMenu
0x4ab454 SetMenu
0x4ab458 PeekMessageA
0x4ab45c IsIconic
0x4ab460 SetFocus
0x4ab464 GetActiveWindow
0x4ab468 ShowWindow
0x4ab46c LoadImageA
0x4ab474 ClientToScreen
0x4ab478 EnableMenuItem
0x4ab47c GetSubMenu
0x4ab480 GetDlgCtrlID
0x4ab488 CreateMenu
0x4ab48c ModifyMenuA
0x4ab490 AppendMenuA
0x4ab494 GetSysColorBrush
0x4ab498 LoadStringA
0x4ab49c DispatchMessageA
0x4ab4a0 GetMessageA
0x4ab4a4 WindowFromPoint
0x4ab4a8 DrawFocusRect
0x4ab4ac DrawEdge
0x4ab4b0 DrawFrameControl
0x4ab4b4 LoadIconA
0x4ab4b8 TranslateMessage
0x4ab4c0 GetForegroundWindow
0x4ab4c4 GetDesktopWindow
0x4ab4c8 GetClassNameA
0x4ab4cc UnregisterClassA
0x4ab4d4 FindWindowA
0x4ab4d8 GetDlgItem
0x4ab4dc GetWindow
0x4ab4e4 SetWindowRgn
0x4ab4e8 GetMessagePos
0x4ab4ec ScreenToClient
0x4ab4f4 CopyRect
0x4ab4f8 LoadBitmapA
0x4ab4fc WinHelpA
0x4ab500 KillTimer
0x4ab504 SetTimer
0x4ab508 ReleaseCapture
0x4ab50c GetCapture
0x4ab510 SetCapture
0x4ab514 GetScrollRange
0x4ab518 SetScrollRange
0x4ab51c CreatePopupMenu
0x4ab520 InflateRect
0x4ab524 SetRect
0x4ab528 IntersectRect
0x4ab530 SetMenuItemBitmaps
0x4ab534 CheckMenuItem
0x4ab538 IsDialogMessageA
0x4ab53c ScrollWindowEx
0x4ab540 DestroyIcon
0x4ab544 PtInRect
0x4ab548 OffsetRect
0x4ab54c IsWindowVisible
0x4ab550 EnableWindow
0x4ab554 RedrawWindow
0x4ab558 GetWindowLongA
0x4ab55c SetWindowLongA
0x4ab560 GetSysColor
0x4ab564 SetActiveWindow
0x4ab568 SetCursorPos
0x4ab56c LoadCursorA
0x4ab570 SetCursor
0x4ab574 GetDC
0x4ab578 FillRect
0x4ab57c IsRectEmpty
0x4ab580 ReleaseDC
0x4ab584 IsChild
0x4ab588 TrackPopupMenu
0x4ab58c DestroyMenu
0x4ab590 SetForegroundWindow
0x4ab594 GetWindowRect
0x4ab598 EqualRect
0x4ab59c UpdateWindow
0x4ab5a0 ValidateRect
0x4ab5a4 InvalidateRect
0x4ab5a8 GetClientRect
0x4ab5ac GetFocus
0x4ab5b0 GetParent
0x4ab5b4 GetTopWindow
0x4ab5b8 PostMessageA
0x4ab5bc IsWindow
0x4ab5c0 SetParent
0x4ab5c4 DestroyCursor
0x4ab5c8 SendMessageA
0x4ab5cc SetWindowPos
0x4ab5d0 MessageBoxA
0x4ab5d4 GetCursorPos
0x4ab5d8 GetSystemMetrics
0x4ab5dc EmptyClipboard
0x4ab5e0 SetClipboardData
0x4ab5e4 OpenClipboard
0x4ab5e8 GetClipboardData
0x4ab5ec CloseClipboard
0x4ab5f0 wsprintfA
0x4ab5f4 DrawIconEx
0x4ab5f8 GetWindowTextA
0x4ab5fc GetCursor
0x4ab600 DrawTextA
0x4ab604 SetPropA
0x4ab608 CallWindowProcA
0x4ab60c MoveWindow
0x4ab610 GetPropA
0x4ab614 FrameRect
0x4ab618 SetWindowsHookExA
0x4ab61c CallNextHookEx
0x4ab620 UnhookWindowsHookEx
0x4ab624 GetWindowDC
0x4ab628 EnumChildWindows
0x4ab62c WindowFromDC
0x4ab630 TabbedTextOutA
0x4ab634 GrayStringA
0x4ab638 DrawStateA
0x4ab640 GetMenuState
0x4ab644 GetMenuStringA
0x4ab648 GetMenuItemID
0x4ab64c GetMenuItemCount
0x4ab650 SetWindowTextA
0x4ab660 SetScrollPos
0x4ab664 SetRectEmpty
0x4ab66c CharUpperA
0x4ab670 BeginPaint
0x4ab674 EndPaint
0x4ab678 DestroyWindow
0x4ab680 EndDialog
0x4ab684 GetNextDlgTabItem
0x4ab688 GetWindowPlacement
0x4ab690 GetLastActivePopup
0x4ab694 GetMessageTime
0x4ab698 RemovePropA
0x4ab69c GetClassLongA
0x4ab6a0 CreateWindowExA
0x4ab6a4 RegisterClassA
0x4ab6a8 GetScrollPos
0x4ab6ac AdjustWindowRectEx
0x4ab6b0 MapWindowPoints
0x4ab6b4 SendDlgItemMessageA
库: GDI32.dll:
0x4ab050 ExtSelectClipRgn
0x4ab054 LineTo
0x4ab058 MoveToEx
0x4ab05c GetCurrentObject
0x4ab060 RoundRect
0x4ab068 GetDeviceCaps
0x4ab06c GetWindowOrgEx
0x4ab070 GetViewportOrgEx
0x4ab074 GetWindowExtEx
0x4ab078 GetDIBits
0x4ab07c RealizePalette
0x4ab080 SelectPalette
0x4ab084 StretchBlt
0x4ab088 CreatePalette
0x4ab090 CreateDIBitmap
0x4ab094 DeleteObject
0x4ab098 SelectClipRgn
0x4ab09c GetClipRgn
0x4ab0a0 SetStretchBltMode
0x4ab0a4 SetPixel
0x4ab0ac SetBkColor
0x4ab0b0 SetBkMode
0x4ab0b4 SetTextColor
0x4ab0b8 SetWindowOrgEx
0x4ab0bc SaveDC
0x4ab0c0 RestoreDC
0x4ab0c4 CreatePenIndirect
0x4ab0c8 PtVisible
0x4ab0cc RectVisible
0x4ab0d0 TextOutA
0x4ab0d4 ExtTextOutA
0x4ab0d8 Escape
0x4ab0dc ExcludeClipRect
0x4ab0e0 GetClipBox
0x4ab0e4 ScaleWindowExtEx
0x4ab0e8 SetWindowExtEx
0x4ab0ec ScaleViewportExtEx
0x4ab0f0 SetViewportExtEx
0x4ab0f4 OffsetViewportOrgEx
0x4ab0f8 SetViewportOrgEx
0x4ab0fc SetMapMode
0x4ab100 SetROP2
0x4ab104 SetPolyFillMode
0x4ab108 GetViewportExtEx
0x4ab10c GetTextMetricsA
0x4ab110 DPtoLP
0x4ab114 LPtoDP
0x4ab118 Rectangle
0x4ab11c Ellipse
0x4ab120 SetPixelV
0x4ab124 CreateCompatibleDC
0x4ab128 GetPixel
0x4ab12c BitBlt
0x4ab130 StartPage
0x4ab134 StartDocA
0x4ab138 DeleteDC
0x4ab13c EndDoc
0x4ab140 EndPage
0x4ab144 CreateFontIndirectA
0x4ab148 GetStockObject
0x4ab14c CreateSolidBrush
0x4ab150 CombineRgn
0x4ab154 CreateRectRgn
0x4ab158 FillRgn
0x4ab15c PatBlt
0x4ab160 CreatePen
0x4ab164 GetObjectA
0x4ab168 SelectObject
0x4ab16c CreateBitmap
0x4ab170 CreateBrushIndirect
0x4ab174 CreateDCA
0x4ab17c GetPolyFillMode
0x4ab180 GetStretchBltMode
0x4ab184 GetROP2
0x4ab188 GetBkColor
0x4ab18c GetBkMode
0x4ab190 GetTextColor
0x4ab194 CreateRoundRectRgn
0x4ab198 CreateEllipticRgn
0x4ab19c BeginPath
0x4ab1a0 CreatePolygonRgn
0x4ab1a4 PathToRegion
0x4ab1a8 EndPath
库: MSIMG32.dll:
0x4ab3f4 GradientFill
库: WINSPOOL.DRV:
0x4ab704 OpenPrinterA
0x4ab708 DocumentPropertiesA
0x4ab70c ClosePrinter
库: ADVAPI32.dll:
0x4ab000 RegOpenKeyExA
0x4ab004 RegSetValueExA
0x4ab008 RegQueryValueA
0x4ab00c RegCreateKeyExA
0x4ab010 RegCloseKey
库: SHELL32.dll:
0x4ab40c Shell_NotifyIconA
0x4ab410 SHGetMalloc
0x4ab418 ShellExecuteA
0x4ab420 SHBrowseForFolderA
库: ole32.dll:
0x4ab790 CLSIDFromString
0x4ab794 OleUninitialize
0x4ab798 CoCreateInstance
0x4ab79c OleInitialize
库: OLEAUT32.dll:
0x4ab3fc LoadTypeLib
0x4ab400 RegisterTypeLib
0x4ab404 UnRegisterTypeLib
库: COMCTL32.dll:
0x4ab018 ImageList_Draw
0x4ab020 _TrackMouseEvent
0x4ab028 ImageList_AddMasked
0x4ab02c ImageList_GetIcon
0x4ab034 None
0x4ab038 ImageList_Destroy
0x4ab03c ImageList_Create
0x4ab040 ImageList_Read
0x4ab048 ImageList_Duplicate
库: comdlg32.dll:
0x4ab77c ChooseColorA
0x4ab780 GetFileTitleA
0x4ab784 GetSaveFileNameA
0x4ab788 GetOpenFileNameA
.text
`.rdata
@.data
.rsrc
SEENDP
SEENDP
SEENDP
SEENDP
SEENDP
SEENDP
SEENDP
SEENDP
Phl.O
Phl.O
Phl.O
SEENDP
pPRQj
8`}<j
T$hVj
DRQPj
T$|Vj
D$|h
|$TVj
jjjjh
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav W32.AIDetectVM.malware1 20201128
Elastic malicious (high confidence) 20201030
MicroWorld-eScan 未发现病毒 20201130
CMC 未发现病毒 20201129
CAT-QuickHeal Risktool.Flystudio.16885 20201129
McAfee 未发现病毒 20201130
Cylance Unsafe 20201130
Zillya 未发现病毒 20201127
SUPERAntiSpyware 未发现病毒 20201127
Sangfor 未发现病毒 20201125
K7AntiVirus Trojan ( 005246d51 ) 20201130
Alibaba 未发现病毒 20190527
K7GW Trojan ( 005246d51 ) 20201130
Cybereason malicious.4593cf 20190616
Arcabit 未发现病毒 20201130
Baidu 未发现病毒 20190318
Cyren W32/Agent.EW.gen!Eldorado 20201130
Symantec ML.Attribute.HighConfidence 20201129
TotalDefense 未发现病毒 20201129
APEX Malicious 20201128
Avast 未发现病毒 20201130
ClamAV Win.Malware.Zusy-6840460-0 20201129
Kaspersky 未发现病毒 20201130
BitDefender 未发现病毒 20201130
NANO-Antivirus 未发现病毒 20201130
Paloalto 未发现病毒 20201130
ViRobot 未发现病毒 20201130
Rising Trojan.Generic@ML.90 (RDML:2EU7iMQZB01ZvJM6YJipnw) 20201128
Ad-Aware 未发现病毒 20201130
TACHYON 未发现病毒 20201130
Emsisoft 未发现病毒 20201130
Comodo Worm.Win32.Dropper.RA@1qraug 20201129
F-Secure Trojan:W32/DelfInject.R 20201130
DrWeb 未发现病毒 20201130
VIPRE 未发现病毒 20201130
TrendMicro 未发现病毒 20201130
McAfee-GW-Edition BehavesLike.Win32.Generic.fh 20201129
FireEye Generic.mg.cd8f2d41c2e53af5 20201130
Sophos Generic ML PUA (PUA) 20201129
Ikarus Trojan-Dropper.Agent 20201129
Jiangmin 未发现病毒 20201129
Webroot 未发现病毒 20201130
Avira 未发现病毒 20201130
Antiy-AVL GrayWare/Win32.FlyStudio.a 20201130
Kingsoft 未发现病毒 20201130
Gridinsoft 未发现病毒 20201130
Microsoft Program:Win32/Wacapew.C!ml 20201130
AegisLab 未发现病毒 20201130
ZoneAlarm 未发现病毒 20201130
GData 未发现病毒 20201130
Cynet Malicious (score: 100) 20201130
AhnLab-V3 未发现病毒 20201130
Acronis suspicious 20201023
VBA32 BScope.Trojan.Downloader 20201127
ALYac 未发现病毒 20201130
MAX 未发现病毒 20201130
Malwarebytes Trojan.MalPack.FlyStudio 20201130
Zoner 未发现病毒 20201129
ESET-NOD32 a variant of Win32/Packed.FlyStudio.AA potentially unwanted 20201130
TrendMicro-HouseCall 未发现病毒 20201130
Tencent 未发现病毒 20201130
Yandex 未发现病毒 20201129
SentinelOne Static AI - Malicious PE 20201129
eGambit Unsafe.AI_Score_99% 20201130
Fortinet 未发现病毒 20201130
BitDefenderTheta Gen:NN.ZexaF.34658.@q0@a0nvajhH 20201125
AVG 未发现病毒 20201130
Panda 未发现病毒 20201129
CrowdStrike win/malicious_confidence_100% (D) 20190702
Qihoo-360 未发现病毒 20201130

进程树

2.exe, PID: 2324, 上一级进程 PID: 2152
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.63.75.34 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 23.63.75.34
A 23.63.75.9

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.63.75.34 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 15.941 seconds )

  • 11.063 Suricata
  • 1.494 Static
  • 1.102 VirusTotal
  • 0.76 NetworkAnalysis
  • 0.758 peid
  • 0.426 TargetInfo
  • 0.225 AnalysisInfo
  • 0.096 BehaviorAnalysis
  • 0.012 Strings
  • 0.003 config_decoder
  • 0.002 Memory

Signatures ( 1.494 seconds )

  • 1.37 md_url_bl
  • 0.019 antiav_detectreg
  • 0.011 md_domain_bl
  • 0.008 infostealer_ftp
  • 0.006 antidbg_windows
  • 0.005 api_spamming
  • 0.005 anomaly_persistence_autorun
  • 0.005 antiav_detectfile
  • 0.005 infostealer_im
  • 0.004 stealth_decoy_document
  • 0.004 stealth_timeout
  • 0.004 antianalysis_detectreg
  • 0.004 geodo_banking_trojan
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_mail
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 network_torgateway
  • 0.001 rat_nanocore
  • 0.001 mimics_filetime
  • 0.001 antivm_vbox_window
  • 0.001 betabot_behavior
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 cerber_behavior
  • 0.001 antisandbox_script_timer
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 maldun_network_blacklist
  • 0.001 network_cnc_http

Reporting ( 0.556 seconds )

  • 0.529 ReportHTMLSummary
  • 0.027 Malheur
Task ID 592624
Mongo ID 5fc47c7d7e769a09e1a5205b
Cuckoo release 1.4-Maldun