恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-shaapp03-1	2021-04-21 19:39:29	2021-04-21 19:41:33	124 秒

魔盾分数

10.0

Malicious病毒

文件详细信息

文件名	Steam一键上号V3.2.exe
文件大小	1519616 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	a517789a09f26f330e498f10508176dd
SHA1	8265172b269fec69e2a6fc52dd553219135862ba
SHA256	5b2225e438cc32515e060cdfb0cf7e09e4b3acf43ee4e73d92bf88e6763b4208
SHA512	bf628f009f41bae6fe792cae823266d327628e8e0c7bcf85a3fccc2db8e7fe1c9422a5e9f02fd8e30100a0389af530a84dca1c9cbeb82d4c272b699c381fcd6c
CRC32	C7B7624F
Ssdeep	24576:QMYmc/0puetykeaVLgVlXY9+G3U1fLJOOqTLnRyAjbDMO7QCC9+kXwjpXGks4VPv:QM9c/Su0ygLgTIJIfdEngo7QCCMpXGkr
Yara	登录查看Yara规则
	样本下载提交误报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
acroipm.adobe.com	CNAME a1983.dscd.akamai.net CNAME acroipm.adobe.com.edgesuite.net A 23.63.74.41 A 23.63.74.64
meun-1300764759.cos.ap-nanjing.myqcloud.com	CNAME cos.ap-nanjing.myqcloud.com A 58.217.250.93 A 58.217.246.14 A 58.217.250.92

摘要

登录查看详细行为信息

PE 信息

初始地址	0x00400000
入口地址	0x00621f61
声明校验值	0x00173cac
实际校验值	0x00173cac
最低操作系统版本要求	4.0
编译时间	2021-01-29 00:40:31
载入哈希	b59603bc2546704db6802e1f0558b2a4
图标
图标精确哈希值	9d1b3a7ede4c8ee146dd19f802a3e5f8
图标相似性哈希值	dc4ae2ec7c3a24a5627ca70e6bda914f

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x00129000	0x00072000	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	8.00
.sedata	0x0012a000	0x000fa000	0x000fa000	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_NOT_PAGED\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	7.50
.idata	0x00224000	0x00001000	0x00001000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_NOT_PAGED\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	1.50
.rsrc	0x00225000	0x00004000	0x00004000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	2.68
.sedata	0x00229000	0x00001000	0x00001000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	7.98

资源

名称	偏移量	大小	语言	子语言	熵(Entropy)	文件类型
RT_ICON	0x00226d30	0x000010a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	2.79	data
RT_ICON	0x00226d30	0x000010a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	2.79	data
RT_ICON	0x00226d30	0x000010a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	2.79	data
RT_ICON	0x00226d30	0x000010a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	2.79	data
RT_ICON	0x00226d30	0x000010a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	2.79	data
RT_ICON	0x00226d30	0x000010a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	2.79	data
RT_ICON	0x00226d30	0x000010a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	2.79	data
RT_ICON	0x00226d30	0x000010a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	2.79	data
RT_GROUP_ICON	0x00227e64	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.02	MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON	0x00227e64	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.02	MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON	0x00227e64	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.02	MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION	0x00227e78	0x00000244	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.87	data

导入

库: WINMM.dll:

• 0x624327 midiStreamOut

库: WS2_32.dll:

• 0x624333 WSAAsyncSelect

库: RASAPI32.dll:

• 0x62433f RasHangUpA

库: KERNEL32.dll:

• 0x62434b MultiByteToWideChar

库: USER32.dll:

• 0x624357 ScreenToClient

库: GDI32.dll:

• 0x624363 ExtTextOutA

库: WINSPOOL.DRV:

• 0x62436f OpenPrinterA

库: ADVAPI32.dll:

• 0x62437b RegQueryValueExA

库: SHELL32.dll:

• 0x624387 Shell_NotifyIconA

库: ole32.dll:

• 0x624393 CLSIDFromProgID

库: OLEAUT32.dll:

• 0x62439f VariantChangeType

库: COMCTL32.dll:

• 0x6243ab None

库: WININET.dll:

• 0x6243b7 InternetCanonicalizeUrlA

库: comdlg32.dll:

• 0x6243c3 ChooseColorA

库: MSVCRT.dll:

• 0x6243cf strncpy

库: IPHLPAPI.DLL:

• 0x6243db GetInterfaceInfo

库: PSAPI.DLL:

• 0x6243e7 GetMappedFileNameW

.text
.sedata
.idata
.rsrc
.sedata
ld7Tu
n,X_A
%xt!i
_ 2Za$;

防病毒引擎/厂商	病毒名/规则匹配	病毒库日期
Bkav	未发现病毒	20210208
Elastic	malicious (high confidence)	20210121
MicroWorld-eScan	Gen:Variant.Mikey.113531	20210216
FireEye	Generic.mg.a517789a09f26f33	20210216
CAT-QuickHeal	Trojan.Mikey	20210216
ALYac	Gen:Variant.Mikey.113531	20210216
Cylance	Unsafe	20210216
VIPRE	Trojan.Win32.Generic!BT	20210216
AegisLab	Hacktool.Win32.Generic.lvTx	20210216
Sangfor	Trojan.Win32.Save.a	20210204
K7AntiVirus	Trojan ( 005239691 )	20210216
BitDefender	Gen:Variant.Mikey.113531	20210216
K7GW	Trojan ( 004b8a501 )	20210216
Cybereason	malicious.a09f26	20210208
Arcabit	Trojan.Mikey.D1BB7B	20210216
BitDefenderTheta	Gen:NN.ZexaF.34574.Cv0@auMcwvmb	20210216
Cyren	W32/S-e743b39f!Eldorado	20210216
Symantec	ML.Attribute.HighConfidence	20210216
ESET-NOD32	a variant of Win32/Packed.NoobyProtect.G suspicious	20210216
Baidu	未发现病毒	20190318
APEX	Malicious	20210216
Avast	Win32:Malware-gen	20210216
ClamAV	未发现病毒	20210216
Kaspersky	未发现病毒	20210216
Alibaba	Packed:Win32/NoobyProtect.e003e00e	20190527
NANO-Antivirus	未发现病毒	20210216
ViRobot	未发现病毒	20210216
Rising	Malware.Heuristic!ET#99% (RDMK:cmRtazqMi9OVgs3A6BCKMvH/d4RY)	20210216
Ad-Aware	Gen:Variant.Mikey.113531	20210216
Sophos	Mal/Generic-S	20210216
Comodo	TrojWare.Win32.Amtar.KNB@4wlm66	20210216
F-Secure	未发现病毒	20210216
DrWeb	未发现病毒	20210216
Zillya	Trojan.Nimnul.Win32.4182	20210216
TrendMicro	未发现病毒	20210216
McAfee-GW-Edition	BehavesLike.Win32.Generic.tc	20210216
CMC	未发现病毒	20210208
Emsisoft	Gen:Variant.Mikey.113531 (B)	20210216
SentinelOne	Static AI - Malicious PE	20210215
Jiangmin	未发现病毒	20210216
MaxSecure	未发现病毒	20210216
Avira	未发现病毒	20210216
MAX	malware (ai score=87)	20210216
Antiy-AVL	未发现病毒	20210216
Kingsoft	Win32.Troj.Banker.(kcloud)	20210216
Gridinsoft	Trojan.Heur!.03010021	20210216
Microsoft	PUA:Win32/Puasson.A!ac	20210216
SUPERAntiSpyware	未发现病毒	20210212
AhnLab-V3	未发现病毒	20210216
ZoneAlarm	未发现病毒	20210216
GData	Win32.Application.PUPStudio.B	20210216
Cynet	Malicious (score: 100)	20210216
TotalDefense	未发现病毒	20210216
Acronis	suspicious	20210211
McAfee	Artemis!A517789A09F2	20210216
TACHYON	未发现病毒	20210216
VBA32	未发现病毒	20210216
Malwarebytes	Malware.Heuristic.1003	20210215
Panda	未发现病毒	20210216
Zoner	未发现病毒	20210215
TrendMicro-HouseCall	TROJ_GEN.R002H0CB521	20210216
Tencent	未发现病毒	20210216
Yandex	未发现病毒	20210216
Ikarus	PUA.NoobyProtect	20210216
eGambit	Unsafe.AI_Score_100%	20210216
Fortinet	Riskware/Application	20210216
Webroot	未发现病毒	20210216
AVG	Win32:Malware-gen	20210216
Paloalto	generic.ml	20210216
CrowdStrike	win/malicious_confidence_100% (W)	20210203
Qihoo-360	Win32/Trojan.Generic.HxIB6F8A	20210216

进程树

Steam____________V3.2.exe id: 2432

搜索
Steam____________V3.2.exe (2432)

Steam____________V3.2.exe, PID: 2432, 上一级进程 PID: 2172

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	23.63.74.41 acroipm.adobe.com	80
192.168.122.201	49161	58.217.250.93 meun-1300764759.cos.ap-nanjing.myqcloud.com	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	56270	192.168.122.1	53
192.168.122.201	59401	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
acroipm.adobe.com	CNAME a1983.dscd.akamai.net CNAME acroipm.adobe.com.edgesuite.net A 23.63.74.41 A 23.63.74.64
meun-1300764759.cos.ap-nanjing.myqcloud.com	CNAME cos.ap-nanjing.myqcloud.com A 58.217.250.93 A 58.217.246.14 A 58.217.250.92

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	23.63.74.41 acroipm.adobe.com	80
192.168.122.201	49161	58.217.250.93 meun-1300764759.cos.ap-nanjing.myqcloud.com	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	56270	192.168.122.1	53
192.168.122.201	59401	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Version	Issuer	Subject	Fingerprint
2021-04-21 19:39:53.763723+0800	192.168.122.201	49161	58.217.250.93	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=guangdong, L=shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=*.cos.ap-beijing.myqcloud.com	ec:9f:f6:85:4f:6f:fb:00:46:d1:59:9f:00:a2:d4:32:01:4b:68:75

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 15.735 seconds )

10.616 Suricata
2.366 NetworkAnalysis
1.156 Static
0.571 BehaviorAnalysis
0.501 TargetInfo
0.315 peid
0.184 VirusTotal
0.011 Strings
0.01 AnalysisInfo
0.003 config_decoder
0.002 Memory

Signatures ( 1.548 seconds )

1.298 md_url_bl
0.03 api_spamming
0.026 antiemu_wine_func
0.026 kovter_behavior
0.023 infostealer_browser_password
0.023 stealth_timeout
0.021 stealth_decoy_document
0.018 antiav_detectreg
0.013 md_domain_bl
0.007 infostealer_ftp
0.005 anomaly_persistence_autorun
0.005 antiav_detectfile
0.004 antianalysis_detectreg
0.004 geodo_banking_trojan
0.004 infostealer_im
0.004 ransomware_files
0.003 infostealer_bitcoin
0.003 infostealer_mail
0.003 network_http
0.003 ransomware_extensions
0.002 tinba_behavior
0.002 antivm_vbox_files
0.002 disables_browser_warn
0.002 network_torgateway
0.001 rat_nanocore
0.001 antiav_avast_libs
0.001 mimics_filetime
0.001 betabot_behavior
0.001 reads_self
0.001 antisandbox_sunbelt_libs
0.001 kibex_behavior
0.001 cerber_behavior
0.001 antivm_parallels_keys
0.001 antivm_xen_keys
0.001 bot_drive
0.001 bot_drive2
0.001 browser_security
0.001 modify_proxy
0.001 maldun_malicious_drop_executable_file_to_temp_folder
0.001 md_bad_drop
0.001 network_cnc_http

Reporting ( 0.707 seconds )

0.619 ReportHTMLSummary
0.088 Malheur


Task ID	631847
Mongo ID	60800f887e769a0f70494190
Cuckoo release	1.4-Maldun