分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2021-04-08 22:50:11 | 2021-04-08 22:52:19 | 128 秒 |
文件名 | 菠扫号PC v130.0.1.exe |
---|---|
文件大小 | 9277440 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 08136abe82e6c61991d11a1016ed9268 |
SHA1 | 017a337c1adbba179994eb60a4b939e042201088 |
SHA256 | faac12314500069ea5c7172f10d9cf5828e53be5be0c249e7805858e924e4b79 |
SHA512 | cd7acfdfaab97225e969651756d4513a01380a902424c63e893481e1fb572960a69acba80562b62ae9bd77129cb2f97b67610744368c4bb93b6551fd7060e9ec |
CRC32 | 7CAFB617 |
Ssdeep | 196608:sRh+/pjtwAcixzOi2O2wxvVoV0JVp07X8l/sWEIf:sRhwLVxzOn5wxvV9DmWEq |
Yara | 登录查看Yara规则 |
样本下载 提交误报 |
无主机纪录.
域名 | 安全评级 | 响应 |
---|---|---|
www.baidu.com |
CNAME www.a.shifen.com A 180.101.49.11 A 180.101.49.12 |
|
apipc.abc10010.cn |
CNAME apipc.abc10010.cn.cdn.dnsv1.com A 60.174.59.174 A 122.228.0.143 CNAME 8p3ancjo.slt.sched.tdnsv8.com A 122.246.6.14 A 117.68.66.28 A 60.167.222.35 A 180.96.32.88 A 60.174.156.19 A 180.96.32.89 A 117.68.66.27 A 58.216.107.24 A 122.228.0.170 |
|
acroipm.adobe.com |
CNAME acroipm.adobe.com.edgesuite.net CNAME a1983.dscd.akamai.net A 23.202.48.81 A 23.202.48.32 |
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x00551559 |
声明校验值 | 0x00000000 |
实际校验值 | 0x008e7987 |
最低操作系统版本要求 | 4.0 |
编译时间 | 2021-04-08 09:45:38 |
载入哈希 | 8f752e1a183ad17d1718a889e746af10 |
图标 | |
图标精确哈希值 | 6b5faf674d7981efe27193e4c51a83d9 |
图标相似性哈希值 | 0d02bfa406f7771c93143a765894c749 |
LegalCopyright | |
---|---|
FileVersion | |
CompanyName | |
Comments | |
ProductName | |
ProductVersion | |
FileDescription | |
Translation |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x001b54ea | 0x001b6000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.65 |
.rdata | 0x001b7000 | 0x0039ca72 | 0x0039d000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.76 |
.data | 0x00554000 | 0x00134c91 | 0x000ca000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 5.59 |
.vmp0 | 0x00689000 | 0x002a14d0 | 0x002a2000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 7.87 |
.rsrc | 0x0092b000 | 0x0001867d | 0x00019000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.57 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
TEXTINCLUDE | 0x0092bfac | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
TEXTINCLUDE | 0x0092bfac | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
TEXTINCLUDE | 0x0092bfac | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
WAVE | 0x0092c100 | 0x00001448 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.35 | RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 22050 Hz |
RT_CURSOR | 0x0092de68 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.43 | AmigaOS bitmap font |
RT_CURSOR | 0x0092de68 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.43 | AmigaOS bitmap font |
RT_CURSOR | 0x0092de68 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.43 | AmigaOS bitmap font |
RT_CURSOR | 0x0092de68 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.43 | AmigaOS bitmap font |
RT_CURSOR | 0x0092de68 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.43 | AmigaOS bitmap font |
RT_CURSOR | 0x0092de68 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.43 | AmigaOS bitmap font |
RT_CURSOR | 0x0092de68 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.43 | AmigaOS bitmap font |
RT_CURSOR | 0x0092de68 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.43 | AmigaOS bitmap font |
RT_CURSOR | 0x0092de68 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.43 | AmigaOS bitmap font |
RT_BITMAP | 0x00930760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x00930760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x00930760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x00930760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x00930760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x00930760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x00930760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x00930760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x00930760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x00930760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x00930760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x00930760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x00930760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x00930760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x00930760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x00930760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_ICON | 0x00930cb4 | 0x00010828 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.56 | data |
RT_ICON | 0x00930cb4 | 0x00010828 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.56 | data |
RT_ICON | 0x00930cb4 | 0x00010828 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.56 | data |
RT_MENU | 0x009414e8 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
RT_MENU | 0x009414e8 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
RT_DIALOG | 0x00942730 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00942730 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00942730 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00942730 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00942730 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00942730 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00942730 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00942730 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00942730 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00942730 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_STRING | 0x00943178 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00943178 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00943178 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00943178 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00943178 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00943178 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00943178 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00943178 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00943178 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00943178 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00943178 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_GROUP_CURSOR | 0x00943228 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x00943228 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x00943228 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x00943228 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x00943228 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x00943228 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x00943228 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x00943228 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_ICON | 0x00943274 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_GROUP_ICON | 0x00943274 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_GROUP_ICON | 0x00943274 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_VERSION | 0x00943288 | 0x00000228 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.16 | data |
RT_MANIFEST | 0x009434b0 | 0x000001cd | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.08 | XML 1.0 document, ASCII text, with very long lines, with no line terminators |
无主机纪录.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49160 | 180.101.49.12 www.baidu.com | 80 |
192.168.122.201 | 50584 | 192.168.122.1 | 53 |
192.168.122.201 | 50586 | 23.202.48.32 acroipm.adobe.com | 80 |
192.168.122.201 | 50585 | 60.174.156.19 apipc.abc10010.cn | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 56270 | 192.168.122.1 | 53 |
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
192.168.122.201 | 59906 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
www.baidu.com |
CNAME www.a.shifen.com A 180.101.49.11 A 180.101.49.12 |
|
apipc.abc10010.cn |
CNAME apipc.abc10010.cn.cdn.dnsv1.com A 60.174.59.174 A 122.228.0.143 CNAME 8p3ancjo.slt.sched.tdnsv8.com A 122.246.6.14 A 117.68.66.28 A 60.167.222.35 A 180.96.32.88 A 60.174.156.19 A 180.96.32.89 A 117.68.66.27 A 58.216.107.24 A 122.228.0.170 |
|
acroipm.adobe.com |
CNAME acroipm.adobe.com.edgesuite.net CNAME a1983.dscd.akamai.net A 23.202.48.81 A 23.202.48.32 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49160 | 180.101.49.12 www.baidu.com | 80 |
192.168.122.201 | 50584 | 192.168.122.1 | 53 |
192.168.122.201 | 50586 | 23.202.48.32 acroipm.adobe.com | 80 |
192.168.122.201 | 50585 | 60.174.156.19 apipc.abc10010.cn | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 56270 | 192.168.122.1 | 53 |
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
192.168.122.201 | 59906 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://www.baidu.com/ | HEAD / HTTP/1.1 Accept: */* Referer: http://www.baidu.com/ Accept-Language: zh-cn User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:14.0) Gecko/20100101 Firefox/18.0.1 Connection: Keep-Alive Host: www.baidu.com Content-Length: 0 Cache-Control: no-cache |
URL专业沙箱检测 -> http://apipc.abc10010.cn/api.php?ace=mcq&acek=1660 | POST /api.php?ace=mcq&acek=1660 HTTP/1.1 Accept: */* Referer: http://apipc.abc10010.cn/api.php?ace=mcq&acek=1660 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-gb) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27 Content-Type: application/x-www-form-urlencoded Accept-Language: zh-cn Cookie: uti=373C3E353564 Content-Length: 73 Host: apipc.abc10010.cn Cache-Control: no-cache cctv=333735&mscctv=333735&tuci=3035353C20272B051800127A645F40B6B89387&yz= |
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
No TLS
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 628805 |
---|---|
Mongo ID | 606f18f17e769a06abeb2bed |
Cuckoo release | 1.4-Maldun |