分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2020-11-30 08:47:46 2020-11-30 08:50:01 135 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 Louisa Bypass VIP.sp.exe
文件大小 23920640 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 40a7c8b3e686bbb4a2d1087745339f4b
SHA1 b1de478dba5d553303ebd2db1eaaad9edd7ed610
SHA256 b3f2aeef652dce7da02353373084bd2cee249b866092e795f30bdf508b532b51
SHA512 4463b7241ef5718855e9959cb9b136ccda2da2fa3ffb495e0ed269fadfe96d1ea7577c024dd9eec3c6d41fe446c717054d6a477902bff0ff4870fc6308b2d16a
CRC32 509DB0D8
Ssdeep 393216:q9XUKjn0uoErRp1xw2RMAUdETkSHqjEsu2zpLN7aa2a5/oAROiBEPFgBZkGWjKv:mX5YSrb1x/RMAUAkSHQEsuoGmaWoKv
Yara 登录查看Yara规则
样本下载 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
A 23.218.94.163
CNAME a1983.dscd.akamai.net
A 23.218.94.155

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0230f419
声明校验值 0x016d9298
实际校验值 0x016d9298
最低操作系统版本要求 4.0
编译时间 2020-11-29 23:40:57
载入哈希 0c599dcff3934042a71fe7e3b144f099
图标
图标精确哈希值 b3f9d91c0941b7b3185414551cf17cec
图标相似性哈希值 c060329b2871a54ebb8ab456effdd111

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000c208a 0x00000000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 0.00
.rdata 0x000c4000 0x00122078 0x00000000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 0.00
.data 0x001e7000 0x00051d0a 0x00000000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.rsrc 0x00239000 0x0000d918 0x0000e000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.63
.svmp1 0x00247000 0x0066caa5 0x00000000 IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.svmp2 0x008b4000 0x005e4403 0x005e5000 IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 8.00
.svmp3 0x00e99000 0x000cc87e 0x000cd000 IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.84
.svmp4 0x00f66000 0x00fa6e0f 0x00fa7000 IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.72
.svmp5 0x01f0d000 0x00002982 0x00003000 IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 6.32
.svmp6 0x01f10000 0x000646dc 0x00065000 IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.02

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TEXTINCLUDE 0x00239c80 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x00239c80 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x00239c80 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
RT_CURSOR 0x0023a170 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x0023a170 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x0023a170 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x0023a170 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_BITMAP 0x0023b878 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0023b878 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0023b878 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0023b878 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0023b878 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0023b878 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0023b878 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0023b878 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0023b878 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0023b878 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0023b878 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0023b878 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0023b878 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0023b878 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_ICON 0x002442cc 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.86 GLS_BINARY_LSB_FIRST
RT_ICON 0x002442cc 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.86 GLS_BINARY_LSB_FIRST
RT_ICON 0x002442cc 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.86 GLS_BINARY_LSB_FIRST
RT_ICON 0x002442cc 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.86 GLS_BINARY_LSB_FIRST
RT_ICON 0x002442cc 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.86 GLS_BINARY_LSB_FIRST
RT_ICON 0x002442cc 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.86 GLS_BINARY_LSB_FIRST
RT_ICON 0x002442cc 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.86 GLS_BINARY_LSB_FIRST
RT_MENU 0x00244740 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_MENU 0x00244740 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_DIALOG 0x00245988 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00245988 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00245988 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00245988 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00245988 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00245988 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00245988 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00245988 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00245988 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00245988 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_STRING 0x002463d0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002463d0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002463d0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002463d0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002463d0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002463d0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002463d0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002463d0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002463d0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002463d0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002463d0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_GROUP_CURSOR 0x0024641c 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x0024641c 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x0024641c 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON 0x002464a0 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x002464a0 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x002464a0 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION 0x002464b4 0x00000294 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.59 data
RT_MANIFEST 0x00246748 0x000001cd LANG_NEUTRAL SUBLANG_NEUTRAL 5.08 XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: WINMM.dll:
0x129823f midiStreamOut
库: WS2_32.dll:
0x1298247 WSACleanup
库: KERNEL32.dll:
0x129824f Process32Next
库: USER32.dll:
0x1298257 SetFocus
库: GDI32.dll:
0x129825f TextOutA
库: WINSPOOL.DRV:
0x1298267 OpenPrinterA
库: ADVAPI32.dll:
0x129826f RegQueryValueExA
库: SHELL32.dll:
0x1298277 Shell_NotifyIconA
库: ole32.dll:
0x129827f CLSIDFromProgID
库: OLEAUT32.dll:
0x1298287 UnRegisterTypeLib
库: COMCTL32.dll:
0x129828f None
库: comdlg32.dll:
0x1298297 ChooseColorA

.text
`.rdata
@.data
.rsrc
@.svmp1
.svmp2
.svmp3
.svmp4
.svmp5
.svmp6
resource.h
(nd V
oD_3_
SbpS:g:
USMO:
-NbkSbpS(
-NbkSbpS
OX[0R
N*N(W%
N*N(W%
N*N(W0
g~b0R
`MM^39
DEFAULT_ICON
Ctrl+PageUp
Ctrl+PageDown
PageUp
PageDown
Ctrl+G
Ctrl+Home
Ctrl+End
Shift+Tab
Tab/Enter
Ctrl+N
Ctrl+D
msctls_updown32
Spin1
msctls_updown32
Spin1
msctls_updown32
Spin1
msctls_updown32
Spin1
msctls_updown32
Spin1
msctls_updown32
Spin1
msctls_updown32
Spin1
msctls_updown32
Spin1
msctls_updown32
Spin1
msctls_updown32
Spin1
msctls_progress32
Progress1
MS Shell Dlg
......
VS_VERSION_INFO
StringFileInfo
080404B0
FileVersion
1.0.0.0
FileDescription
ProductName
Louisa Bypass
ProductVersion
1.0.0.0
CompanyName
Louisa Bypass
LegalCopyright
Comments
(http://www.eyuyan.com)
VarFileInfo
Translation
没有防病毒引擎扫描信息!

进程树


Louisa Bypass VIP.sp.exe, PID: 2412, 上一级进程 PID: 2268

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49158 23.218.94.163 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
A 23.218.94.163
CNAME a1983.dscd.akamai.net
A 23.218.94.155

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49158 23.218.94.163 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 33.663 seconds )

  • 13.465 Static
  • 10.91 Suricata
  • 4.108 TargetInfo
  • 3.829 VirusTotal
  • 0.764 NetworkAnalysis
  • 0.379 peid
  • 0.083 BehaviorAnalysis
  • 0.056 Strings
  • 0.054 config_decoder
  • 0.013 AnalysisInfo
  • 0.002 Memory

Signatures ( 1.531 seconds )

  • 1.418 md_url_bl
  • 0.017 antiav_detectreg
  • 0.011 md_domain_bl
  • 0.007 infostealer_ftp
  • 0.006 anomaly_persistence_autorun
  • 0.005 antiav_detectfile
  • 0.004 api_spamming
  • 0.004 geodo_banking_trojan
  • 0.004 infostealer_im
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 stealth_decoy_document
  • 0.003 stealth_timeout
  • 0.003 antianalysis_detectreg
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_mail
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 cerber_behavior
  • 0.002 antivm_vbox_files
  • 0.002 browser_security
  • 0.002 disables_browser_warn
  • 0.002 network_torgateway
  • 0.001 antiemu_wine_func
  • 0.001 rat_nanocore
  • 0.001 betabot_behavior
  • 0.001 kibex_behavior
  • 0.001 infostealer_browser_password
  • 0.001 antidbg_windows
  • 0.001 kovter_behavior
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_athenahttp
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http

Reporting ( 0.619 seconds )

  • 0.57 ReportHTMLSummary
  • 0.049 Malheur
Task ID 592393
Mongo ID 5fc441e67e769a09e4a4d0a8
Cuckoo release 1.4-Maldun