分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2021-04-21 23:31:13 2021-04-21 23:31:58 45 秒

魔盾分数

2.95

可疑的

文件详细信息

文件名 Kay.exe
文件大小 13352960 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 33ae554c503afed5ee01e55261ee96dc
SHA1 611ca7d4da6b9214e31d16e4be3a9422d6153676
SHA256 2791fc769e1f8e423483b172ee1fc7774328f6f6b65e122b4ea7084ea6b3c13b
SHA512 034f8361585df4ad921820a37079b2756b74a90ec42d62cdcf8b54469cbe3728f6bb082b50ef5535c6e419a0151dd13ea5270cd9fb4befef2a3b1a688a983736
CRC32 63E261B2
Ssdeep 196608:kpRO6OHDIcmxXZz3Kzk+VZjRezWpRkK/BJfJDt63B0Z3+oe7ihvO3B8kOdok9qTO:kbhOjeZ2JrpyKtDeE5O3HTcqY2o
Yara 登录查看Yara规则
样本下载 提交漏报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com A 23.74.15.65
CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 23.74.15.56

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00405148
声明校验值 0x00000000
实际校验值 0x00cbc620
最低操作系统版本要求 4.0
编译时间 2021-04-08 12:40:54
载入哈希 d335f46f3af407f7f25e559cd6800c58

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000160ba 0x00017000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.50
.rdata 0x00018000 0x000041d8 0x00005000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.27
.data 0x0001d000 0x00cb31be 0x00c9e000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.99
.rsrc 0x00cd1000 0x00000268 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.39

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_VERSION 0x00cd1058 0x00000210 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.24 data

导入

库: SHLWAPI.dll:
0x41823c PathFileExistsA
库: KERNEL32.dll:
0x418080 GetVersion
0x418084 WideCharToMultiByte
0x418088 GetCurrentThreadId
0x41808c GetCurrentThread
0x418090 lstrcmpiA
0x418094 lstrcmpA
0x418098 GlobalDeleteAtom
0x4180a4 LocalFree
0x4180a8 FlushFileBuffers
0x4180ac lstrcpynA
0x4180b0 LocalAlloc
0x4180bc GlobalHandle
0x4180c0 TlsFree
0x4180c8 GlobalReAlloc
0x4180d0 TlsSetValue
0x4180d4 LocalReAlloc
0x4180d8 TlsGetValue
0x4180dc GlobalFlags
0x4180e0 GlobalFindAtomA
0x4180e4 GlobalAddAtomA
0x4180e8 GlobalGetAtomNameA
0x4180ec GetProcessVersion
0x4180f0 SetErrorMode
0x4180f4 GetCPInfo
0x4180f8 GetOEMCP
0x4180fc RtlUnwind
0x418100 RaiseException
0x418104 HeapSize
0x418108 GetACP
0x418120 SetHandleCount
0x418124 GetStdHandle
0x418128 GetFileType
0x418130 HeapDestroy
0x418134 HeapCreate
0x418138 VirtualFree
0x41813c VirtualAlloc
0x418140 IsBadWritePtr
0x418144 LCMapStringA
0x418148 LCMapStringW
0x418150 GetStringTypeA
0x418154 GetStringTypeW
0x418158 IsBadCodePtr
0x41815c SetStdHandle
0x418160 InterlockedExchange
0x418164 lstrcatA
0x418168 SetLastError
0x41816c GlobalAlloc
0x418170 MultiByteToWideChar
0x418174 lstrlenA
0x418178 LoadLibraryA
0x41817c GetSystemDirectoryA
0x418180 lstrcpyA
0x418188 FreeLibrary
0x41818c Sleep
0x418194 GetTempPathA
0x418198 GetProcAddress
0x41819c OpenProcess
0x4181a0 TerminateProcess
0x4181a4 GetVersionExA
0x4181a8 GetCurrentProcess
0x4181ac GetLastError
0x4181b0 SetFilePointer
0x4181b4 GlobalLock
0x4181b8 GlobalUnlock
0x4181bc GlobalFree
0x4181c0 Process32First
0x4181c4 CloseHandle
0x4181c8 Process32Next
0x4181cc CreateDirectoryA
0x4181d0 MoveFileA
0x4181d4 GetProcessHeap
0x4181d8 GetModuleHandleA
0x4181dc ExitProcess
0x4181e0 HeapAlloc
0x4181e4 HeapReAlloc
0x4181e8 HeapFree
0x4181ec IsBadReadPtr
0x4181f8 WriteFile
0x4181fc CreateFileA
0x418200 WaitForSingleObject
0x418204 CreateProcessA
0x418208 GetStartupInfoA
0x41820c GetTickCount
0x418210 FindClose
0x418214 GetModuleFileNameA
0x418218 GetCommandLineA
0x41821c FindFirstFileA
0x418220 RemoveDirectoryA
0x418224 DeleteFileA
0x418228 FindNextFileA
0x41822c TlsAlloc
库: USER32.dll:
0x418244 SetWindowPos
0x418248 SetFocus
0x41824c GetWindowPlacement
0x418250 IsIconic
0x418258 GetMessagePos
0x41825c GetMessageTime
0x418260 DefWindowProcA
0x418264 RemovePropA
0x418268 CallWindowProcA
0x41826c GetPropA
0x418270 SetPropA
0x418274 GetClassLongA
0x418278 CreateWindowExA
0x41827c GetMenuItemID
0x418280 GetSubMenu
0x418284 GetMenu
0x418288 RegisterClassA
0x41828c GetClassInfoA
0x418290 WinHelpA
0x418294 GetCapture
0x418298 GetTopWindow
0x41829c CopyRect
0x4182a0 GetClientRect
0x4182a4 AdjustWindowRectEx
0x4182a8 GetSysColor
0x4182ac MapWindowPoints
0x4182b0 LoadIconA
0x4182b4 LoadCursorA
0x4182b8 GetSysColorBrush
0x4182bc LoadStringA
0x4182c0 DestroyMenu
0x4182c4 GetMenuItemCount
0x4182c8 SetWindowTextA
0x4182cc GetDlgCtrlID
0x4182d0 DestroyWindow
0x4182d4 UnhookWindowsHookEx
0x4182d8 GrayStringA
0x4182dc DrawTextA
0x4182e0 TabbedTextOutA
0x4182e4 ClientToScreen
0x4182ec LoadBitmapA
0x4182f0 GetMenuState
0x4182f4 ModifyMenuA
0x4182f8 SetMenuItemBitmaps
0x4182fc CheckMenuItem
0x418300 EnableMenuItem
0x418304 GetFocus
0x418308 GetNextDlgTabItem
0x41830c GetKeyState
0x418310 CallNextHookEx
0x418314 ValidateRect
0x418318 SetWindowsHookExA
0x41831c GetLastActivePopup
0x418320 SetCursor
0x418324 PostMessageA
0x418328 PostQuitMessage
0x41832c SetForegroundWindow
0x418330 GetActiveWindow
0x418334 GetForegroundWindow
0x418338 IsWindowEnabled
0x41833c EnableWindow
0x418340 GetParent
0x418344 GetWindow
0x418348 PtInRect
0x41834c IsWindowVisible
0x418350 GetWindowLongA
0x418354 GetWindowTextA
0x418358 GetCursorPos
0x41835c SetWindowLongA
0x418360 GetDlgItem
0x418364 ShowWindow
0x41836c GetDC
0x418370 FindWindowA
0x418378 GetClassNameA
0x41837c SendMessageA
0x418380 GetWindowRect
0x418384 GetSystemMetrics
0x418388 PeekMessageA
0x41838c GetMessageA
0x418390 TranslateMessage
0x418394 DispatchMessageA
0x418398 wsprintfA
0x41839c MessageBoxA
0x4183a0 ReleaseDC
0x4183a4 UnregisterClassA
库: GDI32.dll:
0x41801c SetBkColor
0x418020 RestoreDC
0x418024 GetObjectA
0x418028 GetStockObject
0x41802c SaveDC
0x418030 SetTextColor
0x418034 SetMapMode
0x418038 SetViewportOrgEx
0x41803c OffsetViewportOrgEx
0x418040 SetViewportExtEx
0x418044 ScaleViewportExtEx
0x418048 SetWindowExtEx
0x41804c ScaleWindowExtEx
0x418050 GetClipBox
0x418054 CreateBitmap
0x418058 PtVisible
0x41805c RectVisible
0x418060 TextOutA
0x418064 ExtTextOutA
0x418068 Escape
0x41806c GetDeviceCaps
0x418070 SelectObject
0x418074 DeleteDC
0x418078 DeleteObject
库: WINSPOOL.DRV:
0x4183ac DocumentPropertiesA
0x4183b0 ClosePrinter
0x4183b4 OpenPrinterA
库: ADVAPI32.dll:
0x418000 RegSetValueExA
0x418004 RegCreateKeyExA
0x418008 RegCloseKey
0x41800c RegOpenKeyExA
库: SHELL32.dll:
库: COMCTL32.dll:
0x418014 None

.text
`.rdata
@.data
.rsrc
SUVWh
D$0Sh
QQSVWj
SVWUj
!hvVA
w]hvVA
VhvVA
VWhvVA
VhvVA
u@hvVA
CWinApp
PreviewPages
Settings
CWinThread
CCmdTarget
CTempGdiObject
CTempDC
CGdiObject
CUserException
CResourceException
CObject
CStringArray
CArchiveException
CNotSupportedException
CMemoryException
CException
combobox
software
CTempWnd
AfxOldWndProc423
AfxWnd42s
AfxControlBar42s
AfxMDIFrame42s
AfxFrameOrView42s
AfxOleControl42s
GetMonitorInfoA
EnumDisplayMonitors
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
GetSystemMetrics
USER32
DISPLAY
commctrl_DragListMsg
InitCommonControlsEx
COMCTL32.DLL
CMapPtrToPtr
CTempMenu
CMenu
H:mm:ss
dddd, MMMM dd, yyyy
M/d/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
__GLOBAL_HEAP_SELECTED
__MSVCRT_HEAP_SELECT
runtime error
Microsoft Visual C++ Runtime Library
Program:
<program name unknown>
`h````
(null)
GAIsProcessorFeaturePresent
KERNEL32
e+000
frexp
_hypot
_cabs
ldexp
floor
atan2
log10
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
1#QNAN
1#INF
1#IND
1#SNAN
PathFileExistsA
SHLWAPI.dll
CreateToolhelp32Snapshot
Process32First
CloseHandle
Process32Next
CreateDirectoryA
MoveFileA
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetPrivateProfileStringA
WritePrivateProfileStringA
WriteFile
CreateFileA
WaitForSingleObject
CreateProcessA
GetStartupInfoA
GetTickCount
FindClose
FindNextFileA
DeleteFileA
RemoveDirectoryA
FindFirstFileA
GetCommandLineA
GetModuleFileNameA
KERNEL32.dll
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
USER32.dll
GetObjectA
GetStockObject
GDI32.dll
iphlpapi.dll
MPR.dll
WINMM.dll
WS2_32.dll
VERSION.dll
GlobalFree
GlobalUnlock
GlobalLock
SetFilePointer
GetLastError
GetCurrentProcess
GetVersionExA
TerminateProcess
OpenProcess
GetProcAddress
GetTempPathA
GetWindowsDirectoryA
Sleep
FreeLibrary
lstrcpyA
GetSystemDirectoryA
LoadLibraryA
lstrlenA
MultiByteToWideChar
GlobalAlloc
SetLastError
lstrcatA
GetVersion
WideCharToMultiByte
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
LocalFree
FlushFileBuffers
lstrcpynA
LocalAlloc
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
SetErrorMode
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
InterlockedExchange
GetSystemMetrics
GetWindowRect
SendMessageA
GetClassNameA
GetWindowThreadProcessId
FindWindowA
ReleaseDC
GetDC
SystemParametersInfoA
ShowWindow
GetDlgItem
SetWindowLongA
GetCursorPos
GetWindowTextA
GetWindowLongA
IsWindowVisible
PtInRect
GetWindow
GetParent
EnableWindow
IsWindowEnabled
GetForegroundWindow
GetActiveWindow
SetForegroundWindow
PostQuitMessage
PostMessageA
SetCursor
GetLastActivePopup
SetWindowsHookExA
ValidateRect
CallNextHookEx
GetKeyState
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
ClientToScreen
TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
DestroyWindow
GetDlgCtrlID
SetWindowTextA
GetMenuItemCount
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
DeleteObject
DeleteDC
SelectObject
GetDeviceCaps
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
comdlg32.dll
ClosePrinter
OpenPrinterA
DocumentPropertiesA
WINSPOOL.DRV
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
ADVAPI32.dll
SHGetSpecialFolderPathA
SHELL32.dll
COMCTL32.dll
ole32.dll
WININET.dll
UnregisterClassA
C:\Windows\AWMMark.ini
.text
`.rdata
@.data
.vmp0
`.vmp1
`.rsrc
]"(@}
ShellExecuteA
]Co|x
(null)
没有防病毒引擎扫描信息!

进程树


Kay.exe, PID: 2556, 上一级进程 PID: 2176
PHHYGHFIRBZKFYC.dll, PID: 2656, 上一级进程 PID: 2556

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49161 23.74.15.65 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com A 23.74.15.65
CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 23.74.15.56

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49161 23.74.15.65 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 25.237 seconds )

  • 10.582 Suricata
  • 7.595 Static
  • 2.828 VirusTotal
  • 2.518 TargetInfo
  • 0.955 NetworkAnalysis
  • 0.624 peid
  • 0.077 BehaviorAnalysis
  • 0.033 config_decoder
  • 0.012 Strings
  • 0.011 AnalysisInfo
  • 0.002 Memory

Signatures ( 1.459 seconds )

  • 1.344 md_url_bl
  • 0.019 antiav_detectreg
  • 0.011 md_domain_bl
  • 0.008 infostealer_ftp
  • 0.005 anomaly_persistence_autorun
  • 0.005 antiav_detectfile
  • 0.005 infostealer_im
  • 0.004 api_spamming
  • 0.004 antianalysis_detectreg
  • 0.004 geodo_banking_trojan
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 stealth_decoy_document
  • 0.003 stealth_timeout
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_mail
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.002 network_torgateway
  • 0.001 rat_nanocore
  • 0.001 mimics_filetime
  • 0.001 stealth_file
  • 0.001 betabot_behavior
  • 0.001 reads_self
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_disk
  • 0.001 cerber_behavior
  • 0.001 virus
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http

Reporting ( 0.586 seconds )

  • 0.584 ReportHTMLSummary
  • 0.002 Malheur
Task ID 631875
Mongo ID 608045967e769a0f71493df3
Cuckoo release 1.4-Maldun