恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-shaapp03-1	2021-04-09 02:28:45	2021-04-09 02:30:53	128 秒

魔盾分数

10.0

危险的

文件详细信息

文件名	fb.exe
文件大小	831888 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	139464919440e93e49c80cc890b90585
SHA1	0237408cdb74ad6b8d340cdf0d03c1b1f820ce17
SHA256	ce3a6224dae98fdaa712cfa6495cb72349f333133dbfb339c9e90699cbe4e8e4
SHA512	d6993d7568f6b39bf2ba0c0988eb30b9506dc05d50aef693d22a64c34e0d5cd5bdb32a828b666c9c37f116deba63b10ce662b9e42ad1025a7b05eb0b32251a1c
CRC32	27630D93
Ssdeep	12288:daWzgMg7v3qnCiIErQohh0F4nCJ8lnyhQaQDErWt5x:8aHMv6CErjDnyhQasMix
Yara	登录查看Yara规则
	样本下载提交误报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
acroipm.adobe.com	CNAME acroipm.adobe.com.edgesuite.net A 104.116.243.153 CNAME a1983.dscd.akamai.net A 104.116.243.72

摘要

登录查看详细行为信息

PE 信息

初始地址	0x00400000
入口地址	0x00416310
声明校验值	0x000d207c
实际校验值	0x000d207c
最低操作系统版本要求	5.0
编译时间	2010-04-16 15:47:33
载入哈希	aaaa8913c89c8aa4a5d93f06853894da
图标
图标精确哈希值	350fa755b590b2cbe7d9c0c579a63b8b
图标相似性哈希值	59f79ccac587ac39a2a24e069c93efa7

版本信息

LegalCopyright
Coder
FileVersion
CompanyName
Comments
ProductVersion
FileDescription
OriginalFilename
Translation

微软证书验证 (Sign Tool)

SHA1	时间戳	有效性	错误
60bbcd10d2f07086ce2fa5df782b7c4289f2126c	Mon Jan 25 17:31:32 2021	否	A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

证书链	Certificate Chain 1
发行给	Sordum Software
发行人	Sordum Software
有效期	Thu Jan 01 050000 2026
SHA1 哈希	f5e71628a478a248353bf0177395223d2c5a0e43

证书链	Timestamp Chain 1
发行给	GlobalSign Root CA
发行人	GlobalSign Root CA
有效期	Fri Jan 28 200000 2028
SHA1 哈希	b1bc968bd4f49d622aa89a81f2150152a41d829c

证书链	Timestamp Chain 2
发行给	GlobalSign Timestamping CA - G2
发行人	GlobalSign Root CA
有效期	Fri Jan 28 200000 2028
SHA1 哈希	c0e49d2d7d90a5cd427f02d9125694d5d6ec5b71

证书链	Timestamp Chain 3
发行给	GlobalSign TSA for MS Authenticode - G2
发行人	GlobalSign Timestamping CA - G2
有效期	Thu Jun 24 080000 2027
SHA1 哈希	63b82fab61f583909695050b00249c502933ec79

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x00080017	0x00080200	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.63
.rdata	0x00082000	0x0000d95c	0x0000da00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.87
.data	0x00090000	0x0001a518	0x00006800	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	2.20
.rsrc	0x000ab000	0x0001b61c	0x0001b800	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	7.54

覆盖

偏移量	0x000b0000
大小	0x0001b190

资源

名称	偏移量	大小	语言	子语言	熵(Entropy)	文件类型
RT_ICON	0x000c58b8	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_UK	3.78	GLS_BINARY_LSB_FIRST
RT_ICON	0x000c58b8	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_UK	3.78	GLS_BINARY_LSB_FIRST
RT_ICON	0x000c58b8	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_UK	3.78	GLS_BINARY_LSB_FIRST
RT_ICON	0x000c58b8	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_UK	3.78	GLS_BINARY_LSB_FIRST
RT_ICON	0x000c58b8	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_UK	3.78	GLS_BINARY_LSB_FIRST
RT_ICON	0x000c58b8	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_UK	3.78	GLS_BINARY_LSB_FIRST
RT_ICON	0x000c58b8	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_UK	3.78	GLS_BINARY_LSB_FIRST
RT_ICON	0x000c58b8	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_UK	3.78	GLS_BINARY_LSB_FIRST
RT_ICON	0x000c58b8	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_UK	3.78	GLS_BINARY_LSB_FIRST
RT_ICON	0x000c58b8	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_UK	3.78	GLS_BINARY_LSB_FIRST
RT_ICON	0x000c58b8	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_UK	3.78	GLS_BINARY_LSB_FIRST
RT_ICON	0x000c58b8	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_UK	3.78	GLS_BINARY_LSB_FIRST
RT_ICON	0x000c58b8	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_UK	3.78	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0x000c5df4	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_UK	2.08	MS Windows icon resource - 1 icon, 16x16
RT_GROUP_ICON	0x000c5df4	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_UK	2.08	MS Windows icon resource - 1 icon, 16x16
RT_GROUP_ICON	0x000c5df4	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_UK	2.08	MS Windows icon resource - 1 icon, 16x16
RT_GROUP_ICON	0x000c5df4	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_UK	2.08	MS Windows icon resource - 1 icon, 16x16
RT_GROUP_ICON	0x000c5df4	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_UK	2.08	MS Windows icon resource - 1 icon, 16x16
RT_GROUP_ICON	0x000c5df4	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_UK	2.08	MS Windows icon resource - 1 icon, 16x16
RT_GROUP_ICON	0x000c5df4	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_UK	2.08	MS Windows icon resource - 1 icon, 16x16
RT_GROUP_ICON	0x000c5df4	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_UK	2.08	MS Windows icon resource - 1 icon, 16x16
RT_VERSION	0x000c5e08	0x00000374	LANG_ENGLISH	SUBLANG_ENGLISH_UK	3.42	data
RT_MANIFEST	0x000c617c	0x0000049e	LANG_ENGLISH	SUBLANG_ENGLISH_UK	5.25	XML 1.0 document, ASCII text, with CRLF line terminators

导入

库: WSOCK32.dll:

• 0x482790 __WSAFDIsSet

• 0x482794 setsockopt

• 0x482798 ntohs

• 0x48279c recvfrom

• 0x4827a0 sendto

• 0x4827a4 htons

• 0x4827a8 select

• 0x4827ac listen

• 0x4827b0 WSAStartup

• 0x4827b4 bind

• 0x4827b8 closesocket

• 0x4827bc connect

• 0x4827c0 socket

• 0x4827c4 send

• 0x4827c8 WSACleanup

• 0x4827cc ioctlsocket

• 0x4827d0 accept

• 0x4827d4 WSAGetLastError

• 0x4827d8 inet_addr

• 0x4827dc gethostbyname

• 0x4827e0 gethostname

• 0x4827e4 recv

库: VERSION.dll:

• 0x482734 VerQueryValueW

• 0x482738 GetFileVersionInfoW

• 0x48273c GetFileVersionInfoSizeW

库: WINMM.dll:

• 0x482780 timeGetTime

• 0x482784 waveOutSetVolume

• 0x482788 mciSendStringW

库: COMCTL32.dll:

• 0x48208c ImageList_Remove

• 0x482090 ImageList_SetDragCursorImage

• 0x482094 ImageList_BeginDrag

• 0x482098 ImageList_DragEnter

• 0x48209c ImageList_DragLeave

• 0x4820a0 ImageList_EndDrag

• 0x4820a4 ImageList_DragMove

• 0x4820a8 ImageList_ReplaceIcon

• 0x4820ac ImageList_Create

• 0x4820b0 InitCommonControlsEx

• 0x4820b4 ImageList_Destroy

库: MPR.dll:

• 0x4823f4 WNetCancelConnection2W

• 0x4823f8 WNetGetConnectionW

• 0x4823fc WNetAddConnection2W

• 0x482400 WNetUseConnectionW

库: WININET.dll:

• 0x482744 InternetReadFile

• 0x482748 InternetCloseHandle

• 0x48274c InternetOpenW

• 0x482750 InternetSetOptionW

• 0x482754 InternetCrackUrlW

• 0x482758 HttpQueryInfoW

• 0x48275c InternetConnectW

• 0x482760 HttpOpenRequestW

• 0x482764 HttpSendRequestW

• 0x482768 FtpOpenFileW

• 0x48276c FtpGetFileSize

• 0x482770 InternetOpenUrlW

• 0x482774 InternetQueryOptionW

• 0x482778 InternetQueryDataAvailable

库: PSAPI.DLL:

• 0x48244c EnumProcesses

• 0x482450 GetModuleBaseNameW

• 0x482454 GetProcessMemoryInfo

• 0x482458 EnumProcessModules

库: USERENV.dll:

• 0x482720 CreateEnvironmentBlock

• 0x482724 DestroyEnvironmentBlock

• 0x482728 UnloadUserProfile

• 0x48272c LoadUserProfileW

库: KERNEL32.dll:

• 0x482158 HeapAlloc

• 0x48215c Sleep

• 0x482160 GetCurrentThreadId

• 0x482164 RaiseException

• 0x482168 MulDiv

• 0x48216c GetVersionExW

• 0x482170 GetSystemInfo

• 0x482174 MultiByteToWideChar

• 0x482178 WideCharToMultiByte

• 0x48217c GetModuleHandleW

• 0x482180 QueryPerformanceCounter

• 0x482184 VirtualFreeEx

• 0x482188 OpenProcess

• 0x48218c VirtualAllocEx

• 0x482190 WriteProcessMemory

• 0x482194 ReadProcessMemory

• 0x482198 CreateFileW

• 0x48219c SetFilePointerEx

• 0x4821a0 ReadFile

• 0x4821a4 WriteFile

• 0x4821a8 FlushFileBuffers

• 0x4821ac TerminateProcess

• 0x4821b0 CreateToolhelp32Snapshot

• 0x4821b4 Process32FirstW

• 0x4821b8 Process32NextW

• 0x4821bc SetFileTime

• 0x4821c0 GetFileAttributesW

• 0x4821c4 FindFirstFileW

• 0x4821c8 FindClose

• 0x4821cc DeleteFileW

• 0x4821d0 FindNextFileW

• 0x4821d4 lstrcmpiW

• 0x4821d8 MoveFileW

• 0x4821dc CopyFileW

• 0x4821e0 CreateDirectoryW

• 0x4821e4 RemoveDirectoryW

• 0x4821e8 SetSystemPowerState

• 0x4821ec QueryPerformanceFrequency

• 0x4821f0 FindResourceW

• 0x4821f4 LoadResource

• 0x4821f8 LockResource

• 0x4821fc SizeofResource

• 0x482200 GetProcessHeap

• 0x482204 OutputDebugStringW

• 0x482208 GetLocalTime

• 0x48220c CompareStringW

• 0x482210 CompareStringA

• 0x482214 InterlockedIncrement

• 0x482218 InterlockedDecrement

• 0x48221c DeleteCriticalSection

• 0x482220 EnterCriticalSection

• 0x482224 LeaveCriticalSection

• 0x482228 InitializeCriticalSectionAndSpinCount

• 0x48222c GetStdHandle

• 0x482230 CreatePipe

• 0x482234 InterlockedExchange

• 0x482238 TerminateThread

• 0x48223c GetTempPathW

• 0x482240 GetTempFileNameW

• 0x482244 VirtualFree

• 0x482248 FormatMessageW

• 0x48224c GetExitCodeProcess

• 0x482250 SetErrorMode

• 0x482254 GetPrivateProfileStringW

• 0x482258 WritePrivateProfileStringW

• 0x48225c GetPrivateProfileSectionW

• 0x482260 WritePrivateProfileSectionW

• 0x482264 GetPrivateProfileSectionNamesW

• 0x482268 FileTimeToLocalFileTime

• 0x48226c FileTimeToSystemTime

• 0x482270 SystemTimeToFileTime

• 0x482274 LocalFileTimeToFileTime

• 0x482278 GetDriveTypeW

• 0x48227c GetDiskFreeSpaceExW

• 0x482280 GetDiskFreeSpaceW

• 0x482284 GetVolumeInformationW

• 0x482288 SetVolumeLabelW

• 0x48228c CreateHardLinkW

• 0x482290 DeviceIoControl

• 0x482294 SetFileAttributesW

• 0x482298 GetShortPathNameW

• 0x48229c CreateEventW

• 0x4822a0 SetEvent

• 0x4822a4 GetEnvironmentVariableW

• 0x4822a8 SetEnvironmentVariableW

• 0x4822ac GlobalLock

• 0x4822b0 GlobalUnlock

• 0x4822b4 GlobalAlloc

• 0x4822b8 GetFileSize

• 0x4822bc GlobalFree

• 0x4822c0 GlobalMemoryStatusEx

• 0x4822c4 Beep

• 0x4822c8 GetComputerNameW

• 0x4822cc GetWindowsDirectoryW

• 0x4822d0 GetSystemDirectoryW

• 0x4822d4 GetCurrentProcessId

• 0x4822d8 GetCurrentThread

• 0x4822dc GetProcessIoCounters

• 0x4822e0 CreateProcessW

• 0x4822e4 SetPriorityClass

• 0x4822e8 LoadLibraryW

• 0x4822ec VirtualAlloc

• 0x4822f0 LoadLibraryExW

• 0x4822f4 HeapFree

• 0x4822f8 WaitForSingleObject

• 0x4822fc CreateThread

• 0x482300 DuplicateHandle

• 0x482304 GetLastError

• 0x482308 CloseHandle

• 0x48230c GetCurrentProcess

• 0x482310 GetProcAddress

• 0x482314 LoadLibraryA

• 0x482318 FreeLibrary

• 0x48231c GetModuleFileNameW

• 0x482320 GetFullPathNameW

• 0x482324 ExitProcess

• 0x482328 ExitThread

• 0x48232c GetSystemTimeAsFileTime

• 0x482330 SetCurrentDirectoryW

• 0x482334 IsDebuggerPresent

• 0x482338 GetCurrentDirectoryW

• 0x48233c ResumeThread

• 0x482340 GetStartupInfoW

• 0x482344 TlsGetValue

• 0x482348 TlsAlloc

• 0x48234c TlsSetValue

• 0x482350 TlsFree

• 0x482354 SetLastError

• 0x482358 HeapSize

• 0x48235c GetCPInfo

• 0x482360 GetACP

• 0x482364 GetOEMCP

• 0x482368 IsValidCodePage

• 0x48236c UnhandledExceptionFilter

• 0x482370 SetUnhandledExceptionFilter

• 0x482374 GetModuleFileNameA

• 0x482378 HeapReAlloc

• 0x48237c HeapCreate

• 0x482380 SetHandleCount

• 0x482384 GetFileType

• 0x482388 GetStartupInfoA

• 0x48238c SetStdHandle

• 0x482390 GetConsoleCP

• 0x482394 GetConsoleMode

• 0x482398 LCMapStringW

• 0x48239c LCMapStringA

• 0x4823a0 RtlUnwind

• 0x4823a4 SetFilePointer

• 0x4823a8 GetTimeZoneInformation

• 0x4823ac GetTimeFormatA

• 0x4823b0 GetDateFormatA

• 0x4823b4 FreeEnvironmentStringsW

• 0x4823b8 GetEnvironmentStringsW

• 0x4823bc GetCommandLineW

• 0x4823c0 GetTickCount

• 0x4823c4 GetStringTypeA

• 0x4823c8 GetStringTypeW

• 0x4823cc GetLocaleInfoA

• 0x4823d0 GetModuleHandleA

• 0x4823d4 WriteConsoleA

• 0x4823d8 GetConsoleOutputCP

• 0x4823dc WriteConsoleW

• 0x4823e0 CreateFileA

• 0x4823e4 SetEndOfFile

• 0x4823e8 EnumResourceNamesW

• 0x4823ec SetEnvironmentVariableA

库: USER32.dll:

• 0x48249c SetWindowPos

• 0x4824a0 GetCursorInfo

• 0x4824a4 RegisterHotKey

• 0x4824a8 ClientToScreen

• 0x4824ac GetKeyboardLayoutNameW

• 0x4824b0 IsCharAlphaW

• 0x4824b4 IsCharAlphaNumericW

• 0x4824b8 IsCharLowerW

• 0x4824bc IsCharUpperW

• 0x4824c0 GetMenuStringW

• 0x4824c4 GetSubMenu

• 0x4824c8 GetCaretPos

• 0x4824cc IsZoomed

• 0x4824d0 MonitorFromPoint

• 0x4824d4 GetMonitorInfoW

• 0x4824d8 SetWindowLongW

• 0x4824dc SetLayeredWindowAttributes

• 0x4824e0 FlashWindow

• 0x4824e4 GetClassLongW

• 0x4824e8 TranslateAcceleratorW

• 0x4824ec IsDialogMessageW

• 0x4824f0 GetSysColor

• 0x4824f4 InflateRect

• 0x4824f8 DrawFocusRect

• 0x4824fc DrawTextW

• 0x482500 FrameRect

• 0x482504 DrawFrameControl

• 0x482508 FillRect

• 0x48250c PtInRect

• 0x482510 DestroyAcceleratorTable

• 0x482514 CreateAcceleratorTableW

• 0x482518 SetCursor

• 0x48251c GetWindowDC

• 0x482520 GetSystemMetrics

• 0x482524 GetActiveWindow

• 0x482528 CharNextW

• 0x48252c wsprintfW

• 0x482530 RedrawWindow

• 0x482534 DrawMenuBar

• 0x482538 DestroyMenu

• 0x48253c SetMenu

• 0x482540 GetWindowTextLengthW

• 0x482544 CreateMenu

• 0x482548 IsDlgButtonChecked

• 0x48254c DefDlgProcW

• 0x482550 ReleaseCapture

• 0x482554 SetCapture

• 0x482558 WindowFromPoint

• 0x48255c CreateIconFromResourceEx

• 0x482560 mouse_event

• 0x482564 ExitWindowsEx

• 0x482568 SetActiveWindow

• 0x48256c FindWindowExW

• 0x482570 EnumThreadWindows

• 0x482574 SetMenuDefaultItem

• 0x482578 InsertMenuItemW

• 0x48257c IsMenu

• 0x482580 TrackPopupMenuEx

• 0x482584 GetCursorPos

• 0x482588 DeleteMenu

• 0x48258c CheckMenuRadioItem

• 0x482590 CopyImage

• 0x482594 GetMenuItemCount

• 0x482598 SetMenuItemInfoW

• 0x48259c GetMenuItemInfoW

• 0x4825a0 SetForegroundWindow

• 0x4825a4 IsIconic

• 0x4825a8 FindWindowW

• 0x4825ac SystemParametersInfoW

• 0x4825b0 PeekMessageW

• 0x4825b4 SendInput

• 0x4825b8 GetAsyncKeyState

• 0x4825bc SetKeyboardState

• 0x4825c0 GetKeyboardState

• 0x4825c4 GetKeyState

• 0x4825c8 VkKeyScanW

• 0x4825cc LoadStringW

• 0x4825d0 DialogBoxParamW

• 0x4825d4 MessageBeep

• 0x4825d8 EndDialog

• 0x4825dc SendDlgItemMessageW

• 0x4825e0 GetDlgItem

• 0x4825e4 SetWindowTextW

• 0x4825e8 CopyRect

• 0x4825ec ReleaseDC

• 0x4825f0 GetDC

• 0x4825f4 EndPaint

• 0x4825f8 BeginPaint

• 0x4825fc GetClientRect

• 0x482600 GetMenu

• 0x482604 DestroyWindow

• 0x482608 EnumWindows

• 0x48260c GetDesktopWindow

• 0x482610 IsWindow

• 0x482614 IsWindowEnabled

• 0x482618 IsWindowVisible

• 0x48261c EnableWindow

• 0x482620 InvalidateRect

• 0x482624 GetWindowThreadProcessId

• 0x482628 AttachThreadInput

• 0x48262c GetFocus

• 0x482630 GetWindowTextW

• 0x482634 ScreenToClient

• 0x482638 SendMessageTimeoutW

• 0x48263c EnumChildWindows

• 0x482640 CharUpperBuffW

• 0x482644 GetClassNameW

• 0x482648 GetParent

• 0x48264c GetDlgCtrlID

• 0x482650 SendMessageW

• 0x482654 MapVirtualKeyW

• 0x482658 PostMessageW

• 0x48265c GetWindowRect

• 0x482660 SetUserObjectSecurity

• 0x482664 GetUserObjectSecurity

• 0x482668 CloseDesktop

• 0x48266c CloseWindowStation

• 0x482670 OpenDesktopW

• 0x482674 SetProcessWindowStation

• 0x482678 GetProcessWindowStation

• 0x48267c OpenWindowStationW

• 0x482680 MessageBoxW

• 0x482684 DefWindowProcW

• 0x482688 MoveWindow

• 0x48268c AdjustWindowRectEx

• 0x482690 SetRect

• 0x482694 SetClipboardData

• 0x482698 EmptyClipboard

• 0x48269c CountClipboardFormats

• 0x4826a0 CloseClipboard

• 0x4826a4 GetClipboardData

• 0x4826a8 IsClipboardFormatAvailable

• 0x4826ac OpenClipboard

• 0x4826b0 BlockInput

• 0x4826b4 GetMessageW

• 0x4826b8 LockWindowUpdate

• 0x4826bc DispatchMessageW

• 0x4826c0 GetMenuItemID

• 0x4826c4 TranslateMessage

• 0x4826c8 SetFocus

• 0x4826cc PostQuitMessage

• 0x4826d0 KillTimer

• 0x4826d4 CreatePopupMenu

• 0x4826d8 RegisterWindowMessageW

• 0x4826dc SetTimer

• 0x4826e0 ShowWindow

• 0x4826e4 CreateWindowExW

• 0x4826e8 RegisterClassExW

• 0x4826ec LoadIconW

• 0x4826f0 LoadCursorW

• 0x4826f4 GetSysColorBrush

• 0x4826f8 GetForegroundWindow

• 0x4826fc MessageBoxA

• 0x482700 DestroyIcon

• 0x482704 UnregisterHotKey

• 0x482708 CharLowerBuffW

• 0x48270c MonitorFromRect

• 0x482710 keybd_event

• 0x482714 LoadImageW

• 0x482718 GetWindowLongW

库: GDI32.dll:

• 0x4820c8 DeleteObject

• 0x4820cc GetObjectW

• 0x4820d0 GetTextExtentPoint32W

• 0x4820d4 ExtCreatePen

• 0x4820d8 StrokeAndFillPath

• 0x4820dc StrokePath

• 0x4820e0 EndPath

• 0x4820e4 SetPixel

• 0x4820e8 CloseFigure

• 0x4820ec CreateCompatibleBitmap

• 0x4820f0 CreateCompatibleDC

• 0x4820f4 SelectObject

• 0x4820f8 StretchBlt

• 0x4820fc GetDIBits

• 0x482100 LineTo

• 0x482104 AngleArc

• 0x482108 MoveToEx

• 0x48210c Ellipse

• 0x482110 PolyDraw

• 0x482114 BeginPath

• 0x482118 Rectangle

• 0x48211c GetDeviceCaps

• 0x482120 SetBkMode

• 0x482124 RoundRect

• 0x482128 SetBkColor

• 0x48212c CreatePen

• 0x482130 CreateSolidBrush

• 0x482134 SetTextColor

• 0x482138 CreateFontW

• 0x48213c GetTextFaceW

• 0x482140 GetStockObject

• 0x482144 CreateDCW

• 0x482148 GetPixel

• 0x48214c DeleteDC

• 0x482150 SetViewportOrgEx

库: COMDLG32.dll:

• 0x4820bc GetSaveFileNameW

• 0x4820c0 GetOpenFileNameW

库: ADVAPI32.dll:

• 0x482000 RegEnumValueW

• 0x482004 RegDeleteValueW

• 0x482008 RegDeleteKeyW

• 0x48200c RegSetValueExW

• 0x482010 RegCreateKeyExW

• 0x482014 GetUserNameW

• 0x482018 RegConnectRegistryW

• 0x48201c RegEnumKeyExW

• 0x482020 CloseServiceHandle

• 0x482024 UnlockServiceDatabase

• 0x482028 LockServiceDatabase

• 0x48202c OpenSCManagerW

• 0x482030 InitiateSystemShutdownExW

• 0x482034 AdjustTokenPrivileges

• 0x482038 RegCloseKey

• 0x48203c RegQueryValueExW

• 0x482040 RegOpenKeyExW

• 0x482044 OpenThreadToken

• 0x482048 OpenProcessToken

• 0x48204c LookupPrivilegeValueW

• 0x482050 DuplicateTokenEx

• 0x482054 CreateProcessAsUserW

• 0x482058 CreateProcessWithLogonW

• 0x48205c InitializeSecurityDescriptor

• 0x482060 InitializeAcl

• 0x482064 GetLengthSid

• 0x482068 SetSecurityDescriptorDacl

• 0x48206c CopySid

• 0x482070 LogonUserW

• 0x482074 GetTokenInformation

• 0x482078 GetAclInformation

• 0x48207c GetAce

• 0x482080 AddAce

• 0x482084 GetSecurityDescriptorDacl

库: SHELL32.dll:

• 0x482460 DragQueryPoint

• 0x482464 ShellExecuteExW

• 0x482468 SHGetFolderPathW

• 0x48246c DragQueryFileW

• 0x482470 SHEmptyRecycleBinW

• 0x482474 SHBrowseForFolderW

• 0x482478 SHFileOperationW

• 0x48247c SHGetPathFromIDListW

• 0x482480 SHGetDesktopFolder

• 0x482484 SHGetMalloc

• 0x482488 ExtractIconExW

• 0x48248c Shell_NotifyIconW

• 0x482490 ShellExecuteW

• 0x482494 DragFinish

库: ole32.dll:

• 0x4827ec OleSetMenuDescriptor

• 0x4827f0 MkParseDisplayName

• 0x4827f4 OleSetContainedObject

• 0x4827f8 CoInitialize

• 0x4827fc CoUninitialize

• 0x482800 CoCreateInstance

• 0x482804 CreateStreamOnHGlobal

• 0x482808 CoTaskMemAlloc

• 0x48280c CoTaskMemFree

• 0x482810 CLSIDFromString

• 0x482814 StringFromCLSID

• 0x482818 IIDFromString

• 0x48281c StringFromIID

• 0x482820 OleInitialize

• 0x482824 CreateBindCtx

• 0x482828 CLSIDFromProgID

• 0x48282c CoInitializeSecurity

• 0x482830 CoCreateInstanceEx

• 0x482834 CoSetProxyBlanket

• 0x482838 OleUninitialize

库: OLEAUT32.dll:

• 0x482408 SafeArrayAllocData

• 0x48240c SafeArrayAllocDescriptorEx

• 0x482410 SysAllocString

• 0x482414 OleLoadPicture

• 0x482418 SafeArrayGetVartype

• 0x48241c SafeArrayDestroyData

• 0x482420 SafeArrayAccessData

• 0x482424 VarR8FromDec

• 0x482428 VariantTimeToSystemTime

• 0x48242c VariantClear

• 0x482430 VariantCopy

• 0x482434 VariantInit

• 0x482438 SafeArrayDestroyDescriptor

• 0x48243c LoadRegTypeLib

• 0x482440 GetActiveObject

• 0x482444 SafeArrayUnaccessData

.text
`.rdata
@.data
.rsrc
T$$PQj
Vh<HH
D$00vH
u htMH
u htMH
D$<PGH
W95HgI
W95HgI
YQPVh
95,gI
u&hx1H
Vhx3H
0Wh,lI
Pf95llI

没有防病毒引擎扫描信息!

进程树

fb.exe id: 2508

搜索
fb.exe (2508)

fb.exe, PID: 2508, 上一级进程 PID: 2184

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	104.116.243.72 acroipm.adobe.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	59906	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
acroipm.adobe.com	CNAME acroipm.adobe.com.edgesuite.net A 104.116.243.153 CNAME a1983.dscd.akamai.net A 104.116.243.72

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	104.116.243.72 acroipm.adobe.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	59906	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 18.142 seconds )

11.804 Suricata
2.195 NetworkAnalysis
1.836 VirusTotal
1.009 Static
0.542 TargetInfo
0.365 peid
0.352 BehaviorAnalysis
0.019 AnalysisInfo
0.011 Strings
0.007 Memory
0.002 config_decoder

Signatures ( 1.623 seconds )

1.386 md_url_bl
0.032 antiav_detectreg
0.019 api_spamming
0.017 md_domain_bl
0.014 stealth_decoy_document
0.014 stealth_timeout
0.013 infostealer_ftp
0.008 infostealer_im
0.007 antiav_detectfile
0.006 anomaly_persistence_autorun
0.006 antianalysis_detectreg
0.006 ransomware_extensions
0.005 mimics_filetime
0.005 reads_self
0.005 geodo_banking_trojan
0.004 infostealer_bitcoin
0.004 infostealer_mail
0.004 ransomware_files
0.003 bootkit
0.003 stealth_file
0.003 antivm_generic_scsi
0.003 antivm_generic_disk
0.003 infostealer_browser_password
0.003 antivm_vbox_files
0.003 network_http
0.002 tinba_behavior
0.002 antiemu_wine_func
0.002 infostealer_browser
0.002 injection_createremotethread
0.002 antivm_generic_services
0.002 betabot_behavior
0.002 antidbg_windows
0.002 virus
0.002 kovter_behavior
0.002 disables_browser_warn
0.002 network_torgateway
0.001 network_tor
0.001 antivm_vbox_libs
0.001 rat_nanocore
0.001 maldun_anomaly_massive_file_ops
0.001 process_interest
0.001 ipc_namedpipe
0.001 kibex_behavior
0.001 anormaly_invoke_kills
0.001 vawtrak_behavior
0.001 cerber_behavior
0.001 injection_runpe
0.001 hancitor_behavior
0.001 antivm_generic_diskreg
0.001 antivm_parallels_keys
0.001 antivm_xen_keys
0.001 bot_drive
0.001 bot_drive2
0.001 browser_security
0.001 modify_proxy
0.001 darkcomet_regkeys
0.001 maldun_malicious_drop_executable_file_to_temp_folder
0.001 md_bad_drop
0.001 network_cnc_http
0.001 recon_fingerprint
0.001 stealth_modify_uac_prompt

Reporting ( 0.646 seconds )

0.643 ReportHTMLSummary
0.003 Malheur


Task ID	628832
Mongo ID	606f4c007e769a06aceb2bd6
Cuckoo release	1.4-Maldun