比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2021-01-25 10:27:40 2021-01-25 10:28:14 34 秒

魔盾分数

1.4415

正常的

文件详细信息

文件名 lsass.exe
文件大小 4100096 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f2f14be2628bb14be0b72a22126ab472
SHA1 5382debdec4aab0b6120a2d1ac22593eb73a4a29
SHA256 746b879dd9d7434580c6ea9d12afb8f266ab502a47c2e38cce8e0fd49bc946e9
SHA512 ce6de380797f44ee6aeaf37676159b90670f8a2c3b2d591ee55e13d26d6ffe9ffdcf377eaba675eb7d9e152fdc7eee8308c40bcc678d7c8dad4e635dd3adf2d2
CRC32 AB02FDB7
Ssdeep 49152:u1xIHJ++GujwXwKlG4/W+1+Zx6BV47fFzmoZYM3QqFU1zQlSGv03lE:0pXwKlG4/W+1YxW47fFeq/4Gs3lE
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
yuhuan6.lanzoux.com A 221.228.218.144
CNAME 088af02c.lanzoux.com.cdn.dnsv1.com
CNAME 4036504.slego.tcloudscdn.com
www.lanzoux.com
vip.d0.baidupan.com A 47.98.88.99
acroipm.adobe.com A 23.74.15.65
CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 23.74.15.8

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004a4d19
声明校验值 0x00000000
实际校验值 0x003f83b7
最低操作系统版本要求 4.0
编译时间 2021-01-25 10:23:45
载入哈希 da478eca3d3dc31779881d941e6014e9
图标
图标精确哈希值 7e8d0dbe5de19f74f384ae459c5abecf
图标相似性哈希值 439e81c5165936c3ea55d4df339c6380

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000c37f6 0x000c4000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.63
.rdata 0x000c5000 0x002fc2be 0x002fd000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.79
.data 0x003c2000 0x000500c8 0x00021000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.06
.rsrc 0x00413000 0x00005758 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.26

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TEXTINCLUDE 0x00414a38 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x00414a38 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x00414a38 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
RT_CURSOR 0x004166c8 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x004166c8 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x004166c8 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x004166c8 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_BITMAP 0x004170a0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x004170a0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x004170a0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x004170a0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x004170a0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x004170a0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x004170a0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x004170a0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x004170a0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x004170a0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x004170a0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x004170a0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x004170a0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x004170a0 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_ICON 0x00417ef0 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_ICON 0x00417ef0 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_ICON 0x00417ef0 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_ICON 0x00417ef0 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_ICON 0x00417ef0 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_MENU 0x00416068 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_MENU 0x00416068 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_DIALOG 0x00415bb0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00415bb0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00415bb0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00415bb0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00415bb0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00415bb0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00415bb0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00415bb0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00415bb0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00415bb0 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_STRING 0x00417ab8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00417ab8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00417ab8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00417ab8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00417ab8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00417ab8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00417ab8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00417ab8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00417ab8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00417ab8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00417ab8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_GROUP_CURSOR 0x00416780 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x00416780 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x00416780 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON 0x00414fb8 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x00414fb8 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x00414fb8 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_MANIFEST 0x00418588 0x000001cd LANG_NEUTRAL SUBLANG_NEUTRAL 5.08 XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: KERNEL32.dll:
0x4c5178 GlobalFree
0x4c517c WaitForSingleObject
0x4c5180 CreateProcessA
0x4c5184 GetTickCount
0x4c5188 GetCommandLineA
0x4c518c MulDiv
0x4c5190 GetProcAddress
0x4c5194 GetModuleHandleA
0x4c51a4 CreateDirectoryA
0x4c51a8 SetStdHandle
0x4c51ac IsBadCodePtr
0x4c51b0 IsBadReadPtr
0x4c51b4 CompareStringW
0x4c51b8 CompareStringA
0x4c51c0 GetStringTypeW
0x4c51c4 GetStringTypeA
0x4c51c8 IsBadWritePtr
0x4c51cc VirtualAlloc
0x4c51d0 LCMapStringW
0x4c51d4 LCMapStringA
0x4c51dc VirtualFree
0x4c51e0 HeapCreate
0x4c51e4 HeapDestroy
0x4c51ec GetStdHandle
0x4c51f0 SetHandleCount
0x4c5208 GetACP
0x4c520c HeapSize
0x4c5210 RaiseException
0x4c5214 TerminateProcess
0x4c5218 GetSystemTime
0x4c5220 RtlUnwind
0x4c5224 GetStartupInfoA
0x4c5228 GetOEMCP
0x4c522c GetCPInfo
0x4c5230 GetProcessVersion
0x4c5234 SetErrorMode
0x4c5238 GlobalFlags
0x4c523c GetCurrentThread
0x4c5240 GetFileTime
0x4c5244 TlsGetValue
0x4c5248 LocalReAlloc
0x4c524c TlsSetValue
0x4c5250 TlsFree
0x4c5254 GlobalHandle
0x4c5258 TlsAlloc
0x4c525c LocalAlloc
0x4c5260 GetVersion
0x4c5264 GlobalGetAtomNameA
0x4c5268 GlobalAddAtomA
0x4c526c GlobalFindAtomA
0x4c5270 GlobalDeleteAtom
0x4c5274 SetEndOfFile
0x4c5278 UnlockFile
0x4c527c LockFile
0x4c5280 FlushFileBuffers
0x4c5284 SetLastError
0x4c5288 LocalFree
0x4c528c DeleteFileA
0x4c5290 GetFileAttributesA
0x4c5294 SetFileAttributesA
0x4c5298 FindClose
0x4c529c FindFirstFileA
0x4c52a0 GlobalUnlock
0x4c52a4 GlobalLock
0x4c52a8 GlobalAlloc
0x4c52ac Sleep
0x4c52b0 CreateEventA
0x4c52b4 CreateThread
0x4c52bc GetVersionExA
0x4c52c0 GetLastError
0x4c52c4 LoadLibraryA
0x4c52c8 FreeLibrary
0x4c52cc GetFullPathNameA
0x4c52d0 GetUserDefaultLCID
0x4c52d4 HeapAlloc
0x4c52d8 GetProcessHeap
0x4c52e0 GetSystemInfo
0x4c52ec SuspendThread
0x4c52f0 ReleaseMutex
0x4c52f4 CreateMutexA
0x4c52f8 TerminateThread
0x4c52fc SetFileTime
0x4c5304 GetLocalTime
0x4c530c DuplicateHandle
0x4c5310 GetFileType
0x4c5314 GetFileSize
0x4c5318 SetFilePointer
0x4c5324 lstrcpynA
0x4c5328 lstrcmpiA
0x4c532c lstrcmpA
0x4c5330 IsDBCSLeadByte
0x4c5334 WideCharToMultiByte
0x4c5338 MultiByteToWideChar
0x4c533c GetCurrentProcess
0x4c5340 GetSystemDirectoryA
0x4c5344 CreateSemaphoreA
0x4c5348 ResumeThread
0x4c534c ReleaseSemaphore
0x4c5358 GetProfileStringA
0x4c535c WriteFile
0x4c5360 HeapReAlloc
0x4c5364 HeapFree
0x4c5368 GlobalReAlloc
0x4c536c FindNextFileA
0x4c5370 lstrcpyA
0x4c5374 WinExec
0x4c5378 lstrlenA
0x4c537c lstrcatA
0x4c5388 CloseHandle
0x4c538c GlobalSize
0x4c5390 ExitProcess
0x4c5394 GetCurrentThreadId
0x4c5398 GetModuleFileNameA
0x4c539c lstrlenW
0x4c53a0 LockResource
0x4c53a4 ReadFile
0x4c53a8 LoadResource
0x4c53b0 CreateFileA
0x4c53b4 SetEvent
0x4c53b8 FindResourceA
库: USER32.dll:
0x4c541c UnregisterClassA
0x4c5420 WaitForInputIdle
0x4c5424 wsprintfA
0x4c5428 CloseClipboard
0x4c542c GetClipboardData
0x4c5430 OpenClipboard
0x4c5434 SetClipboardData
0x4c5438 EmptyClipboard
0x4c543c GetSystemMetrics
0x4c5440 GetCursorPos
0x4c5444 MessageBoxA
0x4c5448 SetWindowPos
0x4c544c SendMessageA
0x4c5450 DestroyCursor
0x4c5454 SetParent
0x4c5458 IsWindow
0x4c545c PostMessageA
0x4c5460 GetTopWindow
0x4c5464 GetParent
0x4c5468 GetFocus
0x4c546c CharUpperA
0x4c5470 GetForegroundWindow
0x4c5474 TranslateMessage
0x4c5478 LoadIconA
0x4c547c DrawFrameControl
0x4c5480 DrawEdge
0x4c5484 DrawFocusRect
0x4c5488 WindowFromPoint
0x4c548c GetMessageA
0x4c5490 DispatchMessageA
0x4c5494 SetRectEmpty
0x4c54a4 DrawIconEx
0x4c54a8 CreatePopupMenu
0x4c54ac AppendMenuA
0x4c54b0 ModifyMenuA
0x4c54b4 CreateMenu
0x4c54bc GetDlgCtrlID
0x4c54c0 GetSubMenu
0x4c54c4 EnableMenuItem
0x4c54c8 ClientToScreen
0x4c54d0 LoadImageA
0x4c54d8 ShowWindow
0x4c54dc IsWindowEnabled
0x4c54e4 GetKeyState
0x4c54ec PostQuitMessage
0x4c54f0 IsZoomed
0x4c54f4 GetClassInfoA
0x4c54f8 DefWindowProcA
0x4c54fc GetSystemMenu
0x4c5500 DeleteMenu
0x4c5504 GetMenu
0x4c5508 SetMenu
0x4c550c PeekMessageA
0x4c5510 IsIconic
0x4c5514 SetFocus
0x4c5518 GetActiveWindow
0x4c551c GetWindow
0x4c5524 SetWindowRgn
0x4c5528 GetMessagePos
0x4c552c ScreenToClient
0x4c5534 CopyRect
0x4c5538 LoadBitmapA
0x4c553c WinHelpA
0x4c5540 KillTimer
0x4c5544 SetTimer
0x4c5548 ReleaseCapture
0x4c554c GetCapture
0x4c5550 SetCapture
0x4c5554 GetScrollRange
0x4c5558 SetScrollRange
0x4c555c SetScrollPos
0x4c5560 SetRect
0x4c5564 InflateRect
0x4c5568 IntersectRect
0x4c556c DestroyIcon
0x4c5570 PtInRect
0x4c5574 OffsetRect
0x4c5578 IsWindowVisible
0x4c557c EnableWindow
0x4c5580 RedrawWindow
0x4c5584 GetWindowLongA
0x4c5588 SetWindowLongA
0x4c558c GetSysColor
0x4c5590 SetActiveWindow
0x4c5594 SetCursorPos
0x4c5598 LoadCursorA
0x4c559c SetCursor
0x4c55a0 GetDC
0x4c55a4 GetWindowTextA
0x4c55ac GetWindowDC
0x4c55b0 BeginPaint
0x4c55b4 EndPaint
0x4c55b8 TabbedTextOutA
0x4c55bc DrawTextA
0x4c55c0 GrayStringA
0x4c55c4 GetDlgItem
0x4c55c8 DestroyWindow
0x4c55d0 EndDialog
0x4c55d4 GetNextDlgTabItem
0x4c55d8 GetWindowPlacement
0x4c55e0 GetLastActivePopup
0x4c55e4 GetMessageTime
0x4c55e8 RemovePropA
0x4c55ec CallWindowProcA
0x4c55f0 GetPropA
0x4c55f4 UnhookWindowsHookEx
0x4c55f8 SetPropA
0x4c55fc GetClassLongA
0x4c5600 CallNextHookEx
0x4c5604 SetWindowsHookExA
0x4c5608 CreateWindowExA
0x4c560c GetMenuItemID
0x4c5610 GetMenuItemCount
0x4c5614 RegisterClassA
0x4c5618 GetScrollPos
0x4c561c AdjustWindowRectEx
0x4c5620 MapWindowPoints
0x4c5624 SendDlgItemMessageA
0x4c5628 ScrollWindowEx
0x4c562c IsDialogMessageA
0x4c5630 SetWindowTextA
0x4c5634 MoveWindow
0x4c5638 CheckMenuItem
0x4c563c SetMenuItemBitmaps
0x4c5640 GetMenuState
0x4c5648 GetClassNameA
0x4c564c GetDesktopWindow
0x4c5650 LoadStringA
0x4c5654 GetSysColorBrush
0x4c5658 FillRect
0x4c565c IsRectEmpty
0x4c5660 ReleaseDC
0x4c5664 IsChild
0x4c5668 DestroyMenu
0x4c566c SetForegroundWindow
0x4c5670 GetWindowRect
0x4c5674 EqualRect
0x4c5678 UpdateWindow
0x4c567c ValidateRect
0x4c5680 InvalidateRect
0x4c5684 GetClientRect
库: GDI32.dll:
0x4c502c ExtSelectClipRgn
0x4c5030 RestoreDC
0x4c5034 PtVisible
0x4c5038 SaveDC
0x4c503c LineTo
0x4c5040 MoveToEx
0x4c5044 ExcludeClipRect
0x4c5048 RectVisible
0x4c504c TextOutA
0x4c5050 ExtTextOutA
0x4c5054 Escape
0x4c5058 GetTextMetricsA
0x4c505c SetBkMode
0x4c5060 SetPolyFillMode
0x4c5064 SetROP2
0x4c5068 SetTextColor
0x4c506c SetMapMode
0x4c5070 SetViewportOrgEx
0x4c5074 OffsetViewportOrgEx
0x4c5078 SetViewportExtEx
0x4c507c ScaleViewportExtEx
0x4c5080 SetWindowOrgEx
0x4c5084 SetWindowExtEx
0x4c5088 ScaleWindowExtEx
0x4c508c GetViewportExtEx
0x4c5090 RealizePalette
0x4c5094 SetBkColor
0x4c509c SetStretchBltMode
0x4c50a0 GetClipRgn
0x4c50a4 CreatePolygonRgn
0x4c50a8 SelectClipRgn
0x4c50ac DeleteObject
0x4c50b0 CreateDIBitmap
0x4c50b8 CreatePalette
0x4c50bc StretchBlt
0x4c50c0 SelectPalette
0x4c50c4 GetClipBox
0x4c50c8 GetDIBits
0x4c50cc GetWindowExtEx
0x4c50d0 GetViewportOrgEx
0x4c50d4 GetWindowOrgEx
0x4c50d8 BeginPath
0x4c50dc EndPath
0x4c50e0 PathToRegion
0x4c50e4 CreateEllipticRgn
0x4c50e8 CreateRoundRectRgn
0x4c50ec GetTextColor
0x4c50f0 GetBkMode
0x4c50f4 GetBkColor
0x4c50f8 GetROP2
0x4c50fc GetStretchBltMode
0x4c5100 GetPolyFillMode
0x4c5108 CreateDCA
0x4c510c CreateBitmap
0x4c5110 SelectObject
0x4c5114 CreatePen
0x4c5118 PatBlt
0x4c511c CombineRgn
0x4c5120 CreateRectRgn
0x4c5124 FillRgn
0x4c5128 CreateSolidBrush
0x4c512c CreateFontIndirectA
0x4c5130 GetStockObject
0x4c5134 GetObjectA
0x4c5138 EndPage
0x4c513c EndDoc
0x4c5140 DeleteDC
0x4c5144 StartDocA
0x4c5148 StartPage
0x4c514c BitBlt
0x4c5150 CreateCompatibleDC
0x4c5154 Ellipse
0x4c5158 Rectangle
0x4c515c LPtoDP
0x4c5160 DPtoLP
0x4c5164 GetCurrentObject
0x4c5168 RoundRect
0x4c5170 GetDeviceCaps
库: WINMM.dll:
0x4c568c waveOutOpen
0x4c5690 midiStreamRestart
0x4c5694 midiStreamClose
0x4c5698 midiOutReset
0x4c569c midiStreamStop
0x4c56a0 midiStreamOut
0x4c56a8 midiStreamProperty
0x4c56ac midiStreamOpen
0x4c56b4 waveOutGetNumDevs
0x4c56b8 waveOutClose
0x4c56bc waveOutReset
0x4c56c0 waveOutPause
0x4c56c4 waveOutWrite
0x4c56d0 waveOutRestart
库: WINSPOOL.DRV:
0x4c56d8 ClosePrinter
0x4c56dc DocumentPropertiesA
0x4c56e0 OpenPrinterA
库: ADVAPI32.dll:
0x4c5000 RegCreateKeyExA
0x4c5004 RegCloseKey
0x4c5008 RegQueryValueExA
0x4c500c RegOpenKeyExA
0x4c5010 RegSetValueExA
0x4c5014 RegQueryValueA
0x4c5018 RegOpenKeyA
库: SHELL32.dll:
0x4c5410 Shell_NotifyIconA
0x4c5414 ShellExecuteA
库: ole32.dll:
0x4c5728 CLSIDFromProgID
0x4c572c OleInitialize
0x4c5730 OleUninitialize
0x4c5734 CLSIDFromString
0x4c5738 CoCreateInstance
0x4c573c OleRun
库: OLEAUT32.dll:
0x4c53c0 SafeArrayGetDim
0x4c53c4 UnRegisterTypeLib
0x4c53c8 VariantCopy
0x4c53cc VariantClear
0x4c53d0 VariantChangeType
0x4c53d4 SafeArrayGetUBound
0x4c53d8 SafeArrayGetLBound
0x4c53e0 SafeArrayAccessData
0x4c53e4 SafeArrayGetElement
0x4c53e8 VariantCopyInd
0x4c53ec VariantInit
0x4c53f0 SysAllocString
0x4c53f4 SafeArrayDestroy
0x4c53f8 SafeArrayCreate
0x4c53fc SafeArrayPutElement
0x4c5400 RegisterTypeLib
0x4c5404 LHashValOfNameSys
0x4c5408 LoadTypeLib
库: COMCTL32.dll:
0x4c5020 ImageList_Destroy
0x4c5024 None
库: WS2_32.dll:
0x4c56e8 accept
0x4c56ec getpeername
0x4c56f0 recv
0x4c56f4 ioctlsocket
0x4c56f8 recvfrom
0x4c56fc WSAAsyncSelect
0x4c5700 closesocket
0x4c5704 WSACleanup
0x4c5708 inet_ntoa
0x4c570c ntohl
库: comdlg32.dll:
0x4c5714 GetFileTitleA
0x4c5718 GetSaveFileNameA
0x4c571c GetOpenFileNameA
0x4c5720 ChooseColorA
.text
`.rdata
@.data
.rsrc
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
Qh8Z{
Qh8Z{
8`}<j
T$HhT]|
T$th
没有防病毒引擎扫描信息!

进程树

lsass.exe, PID: 2488, 上一级进程 PID: 2172
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 221.228.218.144 yuhuan6.lanzoux.com 443
192.168.122.201 49161 221.228.218.144 yuhuan6.lanzoux.com 443
192.168.122.201 49163 23.74.15.65 acroipm.adobe.com 80
192.168.122.201 49162 47.98.88.99 vip.d0.baidupan.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
yuhuan6.lanzoux.com A 221.228.218.144
CNAME 088af02c.lanzoux.com.cdn.dnsv1.com
CNAME 4036504.slego.tcloudscdn.com
www.lanzoux.com
vip.d0.baidupan.com A 47.98.88.99
acroipm.adobe.com A 23.74.15.65
CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 23.74.15.8

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 221.228.218.144 yuhuan6.lanzoux.com 443
192.168.122.201 49161 221.228.218.144 yuhuan6.lanzoux.com 443
192.168.122.201 49163 23.74.15.65 acroipm.adobe.com 80
192.168.122.201 49162 47.98.88.99 vip.d0.baidupan.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2021-01-25 10:27:59.790902+0800 192.168.122.201 49160 221.228.218.144 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2 CN=*.lanzoux.com ec:dc:62:08:9b:70:f8:ad:52:23:7c:f1:79:3f:d9:da:e7:6e:0d:15
2021-01-25 10:28:00.369304+0800 192.168.122.201 49162 47.98.88.99 443 TLSv1 C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA CN=vip.d0.baidupan.com 5f:8d:b4:87:c2:ac:9e:33:c3:31:8f:5e:c1:2c:fc:4d:1b:cf:23:86
2021-01-25 10:28:00.096437+0800 192.168.122.201 49161 221.228.218.144 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2 CN=*.lanzoux.com ec:dc:62:08:9b:70:f8:ad:52:23:7c:f1:79:3f:d9:da:e7:6e:0d:15

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 18.652 seconds )

  • 10.987 Suricata
  • 2.83 Static
  • 1.593 NetworkAnalysis
  • 1.184 VirusTotal
  • 1.061 TargetInfo
  • 0.664 BehaviorAnalysis
  • 0.297 peid
  • 0.013 AnalysisInfo
  • 0.012 Strings
  • 0.009 config_decoder
  • 0.002 Memory

Signatures ( 1.628 seconds )

  • 1.301 md_url_bl
  • 0.049 antiav_detectreg
  • 0.036 api_spamming
  • 0.029 stealth_decoy_document
  • 0.027 stealth_timeout
  • 0.019 infostealer_ftp
  • 0.015 md_domain_bl
  • 0.011 infostealer_im
  • 0.01 antianalysis_detectreg
  • 0.008 antivm_generic_scsi
  • 0.007 antivm_generic_services
  • 0.006 mimics_filetime
  • 0.006 reads_self
  • 0.006 antiav_detectfile
  • 0.006 infostealer_mail
  • 0.005 anomaly_persistence_autorun
  • 0.005 anormaly_invoke_kills
  • 0.005 geodo_banking_trojan
  • 0.004 stealth_file
  • 0.004 infostealer_bitcoin
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 bootkit
  • 0.003 infostealer_browser
  • 0.003 kibex_behavior
  • 0.003 antivm_generic_disk
  • 0.003 infostealer_browser_password
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 antiemu_wine_func
  • 0.002 betabot_behavior
  • 0.002 shifu_behavior
  • 0.002 virus
  • 0.002 kovter_behavior
  • 0.002 hancitor_behavior
  • 0.002 antivm_parallels_keys
  • 0.002 antivm_vbox_files
  • 0.002 antivm_xen_keys
  • 0.002 disables_browser_warn
  • 0.002 darkcomet_regkeys
  • 0.002 network_torgateway
  • 0.001 antivm_vbox_libs
  • 0.001 rat_nanocore
  • 0.001 stealth_network
  • 0.001 ipc_namedpipe
  • 0.001 exec_crash
  • 0.001 cerber_behavior
  • 0.001 bypass_firewall
  • 0.001 antivm_generic_diskreg
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 maldun_network_blacklist
  • 0.001 network_cnc_http
  • 0.001 recon_fingerprint

Reporting ( 0.5 seconds )

  • 0.49 ReportHTMLSummary
  • 0.01 Malheur
Task ID 615535
Mongo ID 600e2cd87e769a14c1868ecc
Cuckoo release 1.4-Maldun